From: Juliana Fajardini Date: Wed, 20 Apr 2022 20:50:43 +0000 (-0300) Subject: detect/alert: remove unused functions X-Git-Tag: suricata-5.0.10~42 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3c21ec760f453c8be80cee36be28249865c531fc;p=thirdparty%2Fsuricata.git detect/alert: remove unused functions Since we now only copy the PacketAlerts to the Packet's queue after processing them, we no longer do packet alert appending from detect-engine-alert, nor do we remove PacketAlerts from the queue (if they're discarded by overflow or thresholding, they're not copied to the final alert queue). Task #4943 (cherry picked from commit e4e688a9b0add66aa0b97df0f7b1b9e60f68fb90) --- diff --git a/src/detect-engine-alert.c b/src/detect-engine-alert.c index 4b3cd01283..657891fe45 100644 --- a/src/detect-engine-alert.c +++ b/src/detect-engine-alert.c @@ -151,81 +151,6 @@ int PacketAlertCheck(Packet *p, uint32_t sid) return match; } -/** - * \brief Remove alert from the p->alerts.alerts array at pos - * \param p Pointer to the Packet - * \param pos Position in the array - * \retval 0 if the number of alerts is less than pos - * 1 if all goes well - */ -int PacketAlertRemove(Packet *p, uint16_t pos) -{ - uint16_t i = 0; - int match = 0; - - if (pos > p->alerts.cnt) { - SCLogDebug("removing %u failed, pos > cnt %u", pos, p->alerts.cnt); - return 0; - } - - for (i = pos; i <= p->alerts.cnt - 1; i++) { - memcpy(&p->alerts.alerts[i], &p->alerts.alerts[i + 1], sizeof(PacketAlert)); - } - - // Update it, since we removed 1 - p->alerts.cnt--; - - return match; -} - -/** \brief append a signature match to a packet - * - * \param det_ctx thread detection engine ctx - * \param s the signature that matched - * \param p packet - * \param flags alert flags - */ -int PacketAlertAppend(DetectEngineThreadCtx *det_ctx, const Signature *s, - Packet *p, uint64_t tx_id, uint8_t flags) -{ - int i = 0; - - if (p->alerts.cnt == PACKET_ALERT_MAX) - return 0; - - SCLogDebug("sid %"PRIu32"", s->id); - - /* It should be usually the last, so check it before iterating */ - if (p->alerts.cnt == 0 || (p->alerts.cnt > 0 && - p->alerts.alerts[p->alerts.cnt - 1].num < s->num)) { - /* We just add it */ - p->alerts.alerts[p->alerts.cnt].num = s->num; - p->alerts.alerts[p->alerts.cnt].action = s->action; - p->alerts.alerts[p->alerts.cnt].flags = flags; - p->alerts.alerts[p->alerts.cnt].s = s; - p->alerts.alerts[p->alerts.cnt].tx_id = tx_id; - } else { - /* We need to make room for this s->num - (a bit ugly with memcpy but we are planning changes here)*/ - for (i = p->alerts.cnt - 1; i >= 0 && p->alerts.alerts[i].num > s->num; i--) { - memcpy(&p->alerts.alerts[i + 1], &p->alerts.alerts[i], sizeof(PacketAlert)); - } - - i++; /* The right place to store the alert */ - - p->alerts.alerts[i].num = s->num; - p->alerts.alerts[i].action = s->action; - p->alerts.alerts[i].flags = flags; - p->alerts.alerts[i].s = s; - p->alerts.alerts[i].tx_id = tx_id; - } - - /* Update the count */ - p->alerts.cnt++; - - return 0; -} - static inline void RuleActionToFlow(const uint8_t action, Flow *f) { if (action & (ACTION_DROP | ACTION_REJECT_ANY | ACTION_PASS)) { diff --git a/src/detect-engine-alert.h b/src/detect-engine-alert.h index 81126b0691..9e895e7602 100644 --- a/src/detect-engine-alert.h +++ b/src/detect-engine-alert.h @@ -33,10 +33,7 @@ void AlertQueueFree(DetectEngineThreadCtx *det_ctx); void AlertQueueAppend(DetectEngineThreadCtx *det_ctx, const Signature *s, Packet *p, uint64_t tx_id, uint8_t alert_flags); void PacketAlertFinalize(DetectEngineCtx *, DetectEngineThreadCtx *, Packet *); -int PacketAlertAppend(DetectEngineThreadCtx *, const Signature *, - Packet *, uint64_t tx_id, uint8_t); int PacketAlertCheck(Packet *, uint32_t); -int PacketAlertRemove(Packet *, uint16_t); void PacketAlertTagInit(void); PacketAlert *PacketAlertGetTag(void);