From: Victor Julien Date: Tue, 18 Oct 2022 14:18:06 +0000 (+0200) Subject: packet: move action functions to packet files X-Git-Tag: suricata-7.0.0-beta1~62 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cd2a5ec84f4523222ec8afe4f0674251d6de57cf;p=thirdparty%2Fsuricata.git packet: move action functions to packet files --- diff --git a/src/decode.h b/src/decode.h index b340a6024f..4abbd9904b 100644 --- a/src/decode.h +++ b/src/decode.h @@ -769,46 +769,6 @@ void CaptureStatsSetup(ThreadVars *tv, CaptureStats *s); } \ } while(0) -/** \brief issue drop action - * - * Set drop (+reject) flags in both current and root packet. - * - * \param action action bit flags. Must be limited to ACTION_DROP_REJECT - */ -static inline void PacketDrop(Packet *p, const uint8_t action, enum PacketDropReason r) -{ - BUG_ON((action & ~ACTION_DROP_REJECT) != 0); - - if (p->drop_reason == PKT_DROP_REASON_NOT_SET) - p->drop_reason = (uint8_t)r; - - if (p->root) { - p->root->action |= action; - if (p->root->drop_reason == PKT_DROP_REASON_NOT_SET) { - p->root->drop_reason = PKT_DROP_REASON_INNER_PACKET; - } - } - p->action |= action; -} - -static inline uint8_t PacketCheckAction(const Packet *p, const uint8_t a) -{ - if (likely(p->root == NULL)) { - return (p->action & a) != 0; - } else { - /* check against both */ - const uint8_t actions = p->action | p->root->action; - return (actions & a) != 0; - } -} - -#ifdef UNITTESTS -static inline uint8_t PacketTestAction(const Packet *p, const uint8_t a) -{ - return PacketCheckAction(p, a); -} -#endif - #define TUNNEL_INCR_PKT_RTV_NOLOCK(p) do { \ ((p)->root ? (p)->root->tunnel_rtv_cnt++ : (p)->tunnel_rtv_cnt++); \ } while (0) diff --git a/src/detect-engine-alert.c b/src/detect-engine-alert.c index 45db57b957..cc917a5a84 100644 --- a/src/detect-engine-alert.c +++ b/src/detect-engine-alert.c @@ -23,6 +23,7 @@ #include "detect-engine-tag.h" #include "decode.h" +#include "packet.h" #include "flow.h" #include "flow-private.h" diff --git a/src/detect.c b/src/detect.c index 4741eeba7d..298fb22df2 100644 --- a/src/detect.c +++ b/src/detect.c @@ -28,6 +28,7 @@ #include "conf.h" #include "decode.h" +#include "packet.h" #include "flow.h" #include "stream-tcp.h" #include "app-layer.h" diff --git a/src/output-json-alert.c b/src/output-json-alert.c index ed7e07e41e..ab5d993659 100644 --- a/src/output-json-alert.c +++ b/src/output-json-alert.c @@ -25,6 +25,7 @@ */ #include "suricata-common.h" +#include "packet.h" #include "detect.h" #include "flow.h" #include "conf.h" diff --git a/src/output-json-drop.c b/src/output-json-drop.c index 84e465c024..19a692e73b 100644 --- a/src/output-json-drop.c +++ b/src/output-json-drop.c @@ -25,6 +25,7 @@ */ #include "suricata-common.h" +#include "packet.h" #include "detect.h" #include "flow.h" #include "conf.h" diff --git a/src/packet.c b/src/packet.c index 6a4af426b2..436d367931 100644 --- a/src/packet.c +++ b/src/packet.c @@ -20,6 +20,40 @@ #include "flow.h" #include "host.h" #include "util-profiling.h" +#include "util-validate.h" + +/** \brief issue drop action + * + * Set drop (+reject) flags in both current and root packet. + * + * \param action action bit flags. Must be limited to ACTION_DROP_REJECT + */ +void PacketDrop(Packet *p, const uint8_t action, enum PacketDropReason r) +{ + DEBUG_VALIDATE_BUG_ON((action & ~ACTION_DROP_REJECT) != 0); + + if (p->drop_reason == PKT_DROP_REASON_NOT_SET) + p->drop_reason = (uint8_t)r; + + if (p->root) { + p->root->action |= action; + if (p->root->drop_reason == PKT_DROP_REASON_NOT_SET) { + p->root->drop_reason = PKT_DROP_REASON_INNER_PACKET; + } + } + p->action |= action; +} + +bool PacketCheckAction(const Packet *p, const uint8_t a) +{ + if (likely(p->root == NULL)) { + return (p->action & a) != 0; + } else { + /* check against both */ + const uint8_t actions = p->action | p->root->action; + return (actions & a) != 0; + } +} /** * \brief Initialize a packet structure for use. diff --git a/src/packet.h b/src/packet.h index fa7e8ce587..0ef2c5d3ab 100644 --- a/src/packet.h +++ b/src/packet.h @@ -20,6 +20,16 @@ #include "decode.h" +void PacketDrop(Packet *p, const uint8_t action, enum PacketDropReason r); +bool PacketCheckAction(const Packet *p, const uint8_t a); + +#ifdef UNITTESTS +static inline uint8_t PacketTestAction(const Packet *p, const uint8_t a) +{ + return PacketCheckAction(p, a); +} +#endif + void PacketInit(Packet *p); void PacketReleaseRefs(Packet *p); void PacketReinit(Packet *p); diff --git a/src/respond-reject.c b/src/respond-reject.c index da7b191126..b53fad9d3f 100644 --- a/src/respond-reject.c +++ b/src/respond-reject.c @@ -25,6 +25,7 @@ */ #include "suricata-common.h" +#include "packet.h" #include "decode.h" #include "packet-queue.h" #include "threads.h" diff --git a/src/source-af-packet.c b/src/source-af-packet.c index 029059ec9b..0340d505c6 100644 --- a/src/source-af-packet.c +++ b/src/source-af-packet.c @@ -34,6 +34,7 @@ #define SC_PCAP_DONT_INCLUDE_PCAP_H 1 #include "suricata-common.h" #include "suricata.h" +#include "packet.h" #include "decode.h" #include "packet-queue.h" #include "threads.h" diff --git a/src/source-dpdk.c b/src/source-dpdk.c index 43f26655dc..3dc9733c1e 100644 --- a/src/source-dpdk.c +++ b/src/source-dpdk.c @@ -33,6 +33,7 @@ #include "suricata-common.h" #include "runmodes.h" #include "decode.h" +#include "packet.h" #include "source-dpdk.h" #include "suricata.h" #include "threads.h" diff --git a/src/source-ipfw.c b/src/source-ipfw.c index 20c65b2c8b..f92d37fcba 100644 --- a/src/source-ipfw.c +++ b/src/source-ipfw.c @@ -27,6 +27,7 @@ #include "suricata-common.h" #include "suricata.h" #include "decode.h" +#include "packet.h" #include "packet-queue.h" #include "threads.h" #include "threadvars.h" diff --git a/src/source-napatech.c b/src/source-napatech.c index 9f4df9fa0a..3a9160ec01 100644 --- a/src/source-napatech.c +++ b/src/source-napatech.c @@ -27,6 +27,7 @@ */ #include "suricata-common.h" #include "decode.h" +#include "packet.h" #include "suricata.h" #include "threadvars.h" #include "util-datalink.h" diff --git a/src/source-netmap.c b/src/source-netmap.c index 0c5920feff..603c58b77f 100644 --- a/src/source-netmap.c +++ b/src/source-netmap.c @@ -37,6 +37,7 @@ #include "suricata.h" #include "suricata-common.h" #include "tm-threads.h" +#include "packet.h" #include "util-bpf.h" #include "util-privs.h" #include "util-validate.h" diff --git a/src/source-nfq.c b/src/source-nfq.c index a3d2566fcf..dc41a7927d 100644 --- a/src/source-nfq.c +++ b/src/source-nfq.c @@ -27,6 +27,7 @@ #include "suricata-common.h" #include "suricata.h" +#include "packet.h" #include "decode.h" #include "packet-queue.h" diff --git a/src/source-windivert.c b/src/source-windivert.c index 6f6253728e..4e7b7ac255 100644 --- a/src/source-windivert.c +++ b/src/source-windivert.c @@ -28,7 +28,7 @@ #include "suricata-common.h" #include "suricata.h" #include "tm-threads.h" - +#include "packet.h" #include "util-byte.h" #include "util-debug.h" #include "util-device.h" diff --git a/src/stream-tcp.c b/src/stream-tcp.c index 1430e2f9e4..36a5151119 100644 --- a/src/stream-tcp.c +++ b/src/stream-tcp.c @@ -28,7 +28,7 @@ #include "suricata-common.h" #include "suricata.h" - +#include "packet.h" #include "decode.h" #include "detect.h" diff --git a/src/util-exception-policy.c b/src/util-exception-policy.c index 68763faeb4..79f72013eb 100644 --- a/src/util-exception-policy.c +++ b/src/util-exception-policy.c @@ -21,6 +21,7 @@ #include "suricata-common.h" #include "suricata.h" +#include "packet.h" #include "util-exception-policy.h" #include "util-misc.h" #include "stream-tcp-reassemble.h"