From: Victor Julien <victor@inliniac.net>
Date: Tue, 9 Mar 2021 19:56:14 +0000 (+0100)
Subject: detect/alert: minor code refactor
X-Git-Tag: suricata-5.0.7~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9305d18589d06e855a1e56e28fc4868ca95a4339;p=thirdparty%2Fsuricata.git

detect/alert: minor code refactor

Use a simpler reject check and move logic into util func.

(cherry picked from commit 6c594d29db55bb0d6f28f0a5fa758c3e00a86ca1)
---

diff --git a/src/action-globals.h b/src/action-globals.h
index aa46bd293d..e3529892a2 100644
--- a/src/action-globals.h
+++ b/src/action-globals.h
@@ -30,6 +30,7 @@
 #define ACTION_DROP         0x02
 #define ACTION_REJECT       0x04
 #define ACTION_REJECT_DST   0x08
+#define ACTION_REJECT_ANY   (ACTION_REJECT|ACTION_REJECT_DST|ACTION_REJECT_BOTH)
 #define ACTION_REJECT_BOTH  0x10
 #define ACTION_PASS         0x20
 
diff --git a/src/detect-engine-alert.c b/src/detect-engine-alert.c
index d60e2b111d..7d6c7c8332 100644
--- a/src/detect-engine-alert.c
+++ b/src/detect-engine-alert.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2007-2011 Open Information Security Foundation
+/* Copyright (C) 2007-2021 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
@@ -226,6 +226,19 @@ int PacketAlertAppend(DetectEngineThreadCtx *det_ctx, const Signature *s,
     return 0;
 }
 
+static inline void RuleActionToFlow(const uint8_t action, Flow *f)
+{
+    if (action & ACTION_DROP)
+        f->flags |= FLOW_ACTION_DROP;
+
+    if (action & ACTION_REJECT_ANY)
+        f->flags |= FLOW_ACTION_DROP;
+
+    if (action & ACTION_PASS) {
+        FlowSetNoPacketInspectionFlag(f);
+    }
+}
+
 /**
  * \brief Check the threshold of the sigs that match, set actions, break on pass action
  *        This function iterate the packet alerts array, removing those that didn't match
@@ -264,17 +277,7 @@ void PacketAlertFinalize(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx
 
             if (s->flags & SIG_FLAG_IPONLY) {
                 if (p->flow != NULL) {
-                    if (s->action & ACTION_DROP)
-                        p->flow->flags |= FLOW_ACTION_DROP;
-                    if (s->action & ACTION_REJECT)
-                        p->flow->flags |= FLOW_ACTION_DROP;
-                    if (s->action & ACTION_REJECT_DST)
-                        p->flow->flags |= FLOW_ACTION_DROP;
-                    if (s->action & ACTION_REJECT_BOTH)
-                        p->flow->flags |= FLOW_ACTION_DROP;
-                    if (s->action & ACTION_PASS) {
-                        FlowSetNoPacketInspectionFlag(p->flow);
-                    }
+                    RuleActionToFlow(s->action, p->flow);
                 }
             }