From: Anoop Saldanha Date: Tue, 15 May 2012 13:12:24 +0000 (+0530) Subject: fix rate filters that reset the sig ctx data and handled action timeouts wrongly X-Git-Tag: suricata-1.3beta2~52 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7dec21be4ce48661f593d42ed23629d6a9892306;p=thirdparty%2Fsuricata.git fix rate filters that reset the sig ctx data and handled action timeouts wrongly --- diff --git a/src/detect-engine-threshold.c b/src/detect-engine-threshold.c index 73d808b071..a06338cd6f 100644 --- a/src/detect-engine-threshold.c +++ b/src/detect-engine-threshold.c @@ -365,39 +365,12 @@ int ThresholdHandlePacketHost(Host *h, Packet *p, DetectThresholdData *td, uint3 if (lookup_tsh != NULL) { /* Check if we have a timeout enabled, if so, * we still matching (and enabling the new_action) */ - if ( (p->ts.tv_sec - lookup_tsh->tv_timeout) > td->timeout) { - /* Ok, we are done, timeout reached */ - td->timeout = 0; - } else { - /* Already matching */ - /* Take the action to perform */ - switch (td->new_action) { - case TH_ACTION_ALERT: - ALERT_PACKET(p); - break; - case TH_ACTION_DROP: - DROP_PACKET(p); - break; - case TH_ACTION_REJECT: - REJECT_PACKET(p); - break; - case TH_ACTION_PASS: - PASS_PACKET(p); - break; - default: - /* Weird, leave the default action */ - break; - } - ret = 1; - } - - /* Update the matching state with the timeout interval */ - if ( (p->ts.tv_sec - lookup_tsh->tv_sec1) < td->seconds) { - lookup_tsh->current_count++; - if (lookup_tsh->current_count > td->count) { - /* Then we must enable the new action by setting a - * timeout */ - lookup_tsh->tv_timeout = p->ts.tv_sec; + if (lookup_tsh->tv_timeout != 0) { + if ((p->ts.tv_sec - lookup_tsh->tv_timeout) > td->timeout) { + /* Ok, we are done, timeout reached */ + lookup_tsh->tv_timeout = 0; + } else { + /* Already matching */ /* Take the action to perform */ switch (td->new_action) { case TH_ACTION_ALERT: @@ -417,11 +390,41 @@ int ThresholdHandlePacketHost(Host *h, Packet *p, DetectThresholdData *td, uint3 break; } ret = 1; - } + } /* else - if ((p->ts.tv_sec - lookup_tsh->tv_timeout) > td->timeout) */ + } else { - lookup_tsh->tv_sec1 = p->ts.tv_sec; - lookup_tsh->current_count = 1; - } + /* Update the matching state with the timeout interval */ + if ( (p->ts.tv_sec - lookup_tsh->tv_sec1) < td->seconds) { + lookup_tsh->current_count++; + if (lookup_tsh->current_count > td->count) { + /* Then we must enable the new action by setting a + * timeout */ + lookup_tsh->tv_timeout = p->ts.tv_sec; + /* Take the action to perform */ + switch (td->new_action) { + case TH_ACTION_ALERT: + ALERT_PACKET(p); + break; + case TH_ACTION_DROP: + DROP_PACKET(p); + break; + case TH_ACTION_REJECT: + REJECT_PACKET(p); + break; + case TH_ACTION_PASS: + PASS_PACKET(p); + break; + default: + /* Weird, leave the default action */ + break; + } + ret = 1; + } + } else { + lookup_tsh->tv_sec1 = p->ts.tv_sec; + lookup_tsh->current_count = 1; + } + } /* else - if (lookup_tsh->tv_timeout != 0) */ } else { if (td->count == 1) { ret = 1;