From: Victor Julien Date: Thu, 13 Mar 2025 08:20:57 +0000 (+0100) Subject: flow: remove FLOW_NOPACKET_INSPECTION flag X-Git-Tag: suricata-8.0.0-beta1~39 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=84a9673af612aeef98bca4781c011cbdb51687a5;p=thirdparty%2Fsuricata.git flow: remove FLOW_NOPACKET_INSPECTION flag It was not used separately from FLOW_ACTION_PASS. --- diff --git a/src/alert-debuglog.c b/src/alert-debuglog.c index f04aad78af..4ad9d2f8ce 100644 --- a/src/alert-debuglog.c +++ b/src/alert-debuglog.c @@ -217,10 +217,9 @@ static TmEcode AlertDebugLogger(ThreadVars *tv, const Packet *p, void *thread_da p->flow->todstbytecnt + p->flow->tosrcbytecnt); MemBufferWriteString(aft->buffer, "FLOW ACTION: DROP: %s\n" - "FLOW NOINSPECTION: PACKET: %s, PAYLOAD: %s, APP_LAYER: %s\n" + "FLOW PAYLOAD: %s, APP_LAYER: %s\n" "FLOW APP_LAYER: DETECTED: %s, PROTO %" PRIu16 "\n", p->flow->flags & FLOW_ACTION_DROP ? "TRUE" : "FALSE", - p->flow->flags & FLOW_NOPACKET_INSPECTION ? "TRUE" : "FALSE", p->flow->flags & FLOW_NOPAYLOAD_INSPECTION ? "TRUE" : "FALSE", applayer ? "TRUE" : "FALSE", (p->flow->alproto != ALPROTO_UNKNOWN) ? "TRUE" : "FALSE", p->flow->alproto); diff --git a/src/detect-engine-alert.c b/src/detect-engine-alert.c index cf893700ca..51f1896800 100644 --- a/src/detect-engine-alert.c +++ b/src/detect-engine-alert.c @@ -168,7 +168,6 @@ static inline void RuleActionToFlow(const uint8_t action, Flow *f) if (action & ACTION_PASS) { f->flags |= FLOW_ACTION_PASS; SCLogDebug("setting flow action pass"); - FlowSetNoPacketInspectionFlag(f); } } } diff --git a/src/detect.c b/src/detect.c index 800db969c8..0b43f32af2 100644 --- a/src/detect.c +++ b/src/detect.c @@ -1938,11 +1938,11 @@ static void DetectFlow(ThreadVars *tv, { Flow *const f = p->flow; - if (p->flags & PKT_NOPACKET_INSPECTION) { + if (p->flags & PKT_NOPACKET_INSPECTION || f->flags & (FLOW_ACTION_PASS)) { /* hack: if we are in pass the entire flow mode, we need to still * update the inspect_id forward. So test for the condition here, * and call the update code if necessary. */ - const int pass = ((f->flags & FLOW_NOPACKET_INSPECTION)); + const int pass = ((f->flags & (FLOW_ACTION_PASS))); if (pass) { uint8_t flags = STREAM_FLAGS_FOR_PACKET(p); flags = FlowGetDisruptionFlags(f, flags); diff --git a/src/flow-timeout.c b/src/flow-timeout.c index afec5d3d81..961a07bc40 100644 --- a/src/flow-timeout.c +++ b/src/flow-timeout.c @@ -94,9 +94,6 @@ static inline Packet *FlowPseudoPacketSetup( p->vlan_idx = f->vlan_idx; p->livedev = (struct LiveDevice_ *)f->livedev; - if (f->flags & FLOW_NOPACKET_INSPECTION) { - DecodeSetNoPacketInspectionFlag(p); - } if (f->flags & FLOW_NOPAYLOAD_INSPECTION) { DecodeSetNoPayloadInspectionFlag(p); } diff --git a/src/flow.c b/src/flow.c index 4374c95556..a07ea762a1 100644 --- a/src/flow.c +++ b/src/flow.c @@ -507,11 +507,7 @@ void FlowHandlePacketUpdate(Flow *f, Packet *p, ThreadVars *tv, DecodeThreadVars if (f->flags & FLOW_ACTION_DROP) { PacketDrop(p, ACTION_DROP, PKT_DROP_REASON_FLOW_DROP); } - /*set the detection bypass flags*/ - if (f->flags & FLOW_NOPACKET_INSPECTION) { - SCLogDebug("setting FLOW_NOPACKET_INSPECTION flag on flow %p", f); - DecodeSetNoPacketInspectionFlag(p); - } + if (f->flags & FLOW_NOPAYLOAD_INSPECTION) { SCLogDebug("setting FLOW_NOPAYLOAD_INSPECTION flag on flow %p", f); DecodeSetNoPayloadInspectionFlag(p); diff --git a/src/flow.h b/src/flow.h index 53d4c8bb51..3e07ee8e11 100644 --- a/src/flow.h +++ b/src/flow.h @@ -60,8 +60,8 @@ typedef struct AppLayerParserState_ AppLayerParserState; // vacancy bit 4 -/** Packet belonging to this flow should not be inspected at all */ -#define FLOW_NOPACKET_INSPECTION BIT_U32(5) +// vacancy bit 5 + /** Packet payloads belonging to this flow should not be inspected */ #define FLOW_NOPAYLOAD_INSPECTION BIT_U32(6) @@ -599,20 +599,6 @@ static inline void *FlowGetAppState(const Flow *f) return f->alstate; } -/** \brief Set the No Packet Inspection Flag without locking the flow. - * - * \param f Flow to set the flag in - */ -static inline void FlowSetNoPacketInspectionFlag(Flow *f) -{ - SCEnter(); - - SCLogDebug("flow %p", f); - f->flags |= FLOW_NOPACKET_INSPECTION; - - SCReturn; -} - /** \brief Set the No payload inspection Flag without locking the flow. * * \param f Flow to set the flag in diff --git a/src/tests/detect.c b/src/tests/detect.c index 0baf2fc822..59c8ba31a1 100644 --- a/src/tests/detect.c +++ b/src/tests/detect.c @@ -4597,7 +4597,6 @@ static int SigTestDropFlow03(void) /* Second part.. Let's feed with another packet */ if (StreamTcpCheckFlowDrops(p2) == 1) { SCLogDebug("This flow/stream triggered a drop rule"); - FlowSetNoPacketInspectionFlag(p2->flow); DecodeSetNoPacketInspectionFlag(p2); StreamTcpDisableAppLayer(p2->flow); p2->action |= ACTION_DROP; diff --git a/src/util-exception-policy.c b/src/util-exception-policy.c index f467f70f4b..f6d06add1a 100644 --- a/src/util-exception-policy.c +++ b/src/util-exception-policy.c @@ -156,7 +156,6 @@ void ExceptionPolicyApply(Packet *p, enum ExceptionPolicy policy, enum PacketDro if (p->flow) { p->flow->flags |= FLOW_ACTION_DROP; FlowSetNoPayloadInspectionFlag(p->flow); - FlowSetNoPacketInspectionFlag(p->flow); StreamTcpDisableAppLayer(p->flow); } /* fall through */ @@ -173,7 +172,6 @@ void ExceptionPolicyApply(Packet *p, enum ExceptionPolicy policy, enum PacketDro SCLogDebug("EXCEPTION_POLICY_PASS_FLOW"); if (p->flow) { p->flow->flags |= FLOW_ACTION_PASS; - FlowSetNoPacketInspectionFlag(p->flow); // TODO util func } /* fall through */ case EXCEPTION_POLICY_PASS_PACKET: