action handling: use macro for test.

Use test macro instead of direct access to action field.

This patch has been obtained by using the following
spatch file:

  @@
  Packet *p;
  expression E;
  @@

  - p->action & E
  + TEST_PACKET_ACTION(p, E)

diff --git a/src/alert-prelude.c b/src/alert-prelude.c
index 146dab44a8de6a703187f0c79601b31a567df6ab..c74f62eb2ee2ddfb4b7c61ad0340a708109c7b00 100644 (file)
--- a/src/alert-prelude.c
+++ b/src/alert-prelude.c
@@ -238,7 +238,7 @@ static int EventToImpact(PacketAlert *pa, Packet *p, idmef_alert_t *alert)
 
     idmef_impact_set_severity(impact, severity);
 
-    if (p->action & ACTION_DROP) {
+    if (TEST_PACKET_ACTION(p, ACTION_DROP)) {
         idmef_action_t *action;
 
         ret = idmef_action_new(&action);

diff --git a/src/alert-unified2-alert.c b/src/alert-unified2-alert.c
index eabb02af0dffeebea8c4de69ab05af76b84fbec5..3ef5bfb076f093d98f0f352a28291a5da28dd18a 100644 (file)
--- a/src/alert-unified2-alert.c
+++ b/src/alert-unified2-alert.c
@@ -648,7 +648,7 @@ int Unified2IPv6TypeAlert (ThreadVars *t, Packet *p, void *data, PacketQueue *pq
     gphdr.dst_ip = *(struct in6_addr*)GET_IPV6_DST_ADDR(p);
     gphdr.protocol = p->proto;
 
-    if(p->action & ACTION_DROP)
+    if(TEST_PACKET_ACTION(p, ACTION_DROP))
         gphdr.packet_action = UNIFIED2_BLOCKED_FLAG;
     else
         gphdr.packet_action = 0;
@@ -796,7 +796,7 @@ int Unified2IPv4TypeAlert (ThreadVars *tv, Packet *p, void *data, PacketQueue *p
     gphdr.dst_ip = p->ip4h->s_ip_dst.s_addr;
     gphdr.protocol = IPV4_GET_RAW_IPPROTO(p->ip4h);
 
-    if(p->action & ACTION_DROP)
+    if(TEST_PACKET_ACTION(p, ACTION_DROP))
         gphdr.packet_action = UNIFIED2_BLOCKED_FLAG;
     else
         gphdr.packet_action = 0;

diff --git a/src/detect-detection-filter.c b/src/detect-detection-filter.c
index 02a8e89d1ed18f774d6edff5382e866cfe1ef178..f2791021c0657f736deb178423f7188ea0f4eed6 100644 (file)
--- a/src/detect-detection-filter.c
+++ b/src/detect-detection-filter.c
@@ -579,17 +579,17 @@ static int DetectDetectionFilterTestSig3(void) {
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts = PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     TimeSetIncrementTime(200);
@@ -597,22 +597,22 @@ static int DetectDetectionFilterTestSig3(void) {
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     if (alerts == 3 && drops == 3)

diff --git a/src/detect-engine-alert.c b/src/detect-engine-alert.c
index 0b08efb638fb063f056d0aa3736942caf856285d..ac6725a0a15229b07622ed0f64e91045d2054e6b 100644 (file)
--- a/src/detect-engine-alert.c
+++ b/src/detect-engine-alert.c
@@ -250,14 +250,14 @@ void PacketAlertFinalize(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx
             /* set verdict on packet */
             UPDATE_PACKET_ACTION(p, p->alerts.alerts[i].action);
 
-            if (p->action & ACTION_PASS) {
+            if (TEST_PACKET_ACTION(p, ACTION_PASS)) {
                 /* Ok, reset the alert cnt to end in the previous of pass
                  * so we ignore the rest with less prio */
                 p->alerts.cnt = i;
                 break;
             /* if the signature wants to drop, check if the
              * PACKET_ALERT_FLAG_DROP_FLOW flag is set. */
-            } else if ((p->action & ACTION_DROP) &&
+            } else if ((TEST_PACKET_ACTION(p, ACTION_DROP)) &&
                     ((p->alerts.alerts[i].flags & PACKET_ALERT_FLAG_DROP_FLOW) ||
                          (s->flags & SIG_FLAG_APPLAYER))
                        && p->flow != NULL)

diff --git a/src/detect-threshold.c b/src/detect-threshold.c
index 0ac37688030685c8a63616a92149f354b5b823c9..e8d5569619efbf5035e59536441c1d5bd94e4efd 100644 (file)
--- a/src/detect-threshold.c
+++ b/src/detect-threshold.c
@@ -959,17 +959,17 @@ static int DetectThresholdTestSig7(void) {
     TimeGet(&p->ts);
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts = PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     TimeSetIncrementTime(200);
@@ -977,17 +977,17 @@ static int DetectThresholdTestSig7(void) {
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     if (alerts == 1 && drops == 6)
@@ -1052,17 +1052,17 @@ static int DetectThresholdTestSig8(void) {
     TimeGet(&p->ts);
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts = PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     TimeSetIncrementTime(200);
@@ -1070,17 +1070,17 @@ static int DetectThresholdTestSig8(void) {
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     if (alerts == 2 && drops == 6)
@@ -1145,17 +1145,17 @@ static int DetectThresholdTestSig9(void) {
     TimeGet(&p->ts);
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts = PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     TimeSetIncrementTime(200);
@@ -1163,17 +1163,17 @@ static int DetectThresholdTestSig9(void) {
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     if (alerts == 2 && drops == 2)
@@ -1238,17 +1238,17 @@ static int DetectThresholdTestSig10(void) {
     TimeGet(&p->ts);
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts = PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     TimeSetIncrementTime(200);
@@ -1256,17 +1256,17 @@ static int DetectThresholdTestSig10(void) {
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     if (alerts == 1 && drops == 1)
@@ -1331,17 +1331,17 @@ static int DetectThresholdTestSig11(void) {
     TimeGet(&p->ts);
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts = PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     TimeSetIncrementTime(200);
@@ -1349,17 +1349,17 @@ static int DetectThresholdTestSig11(void) {
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     if (alerts == 1 && drops == 4)
@@ -1424,17 +1424,17 @@ static int DetectThresholdTestSig12(void) {
     TimeGet(&p->ts);
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts = PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     TimeSetIncrementTime(200);
@@ -1442,17 +1442,17 @@ static int DetectThresholdTestSig12(void) {
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
     alerts += PacketAlertCheck(p, 10);
-    drops += ((p->action & ACTION_DROP)?1:0);
+    drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
     p->action = 0;
 
     if (alerts == 1 && drops == 2)

diff --git a/src/detect.c b/src/detect.c
index a06743e11b78817b8217f5ee85fbd20f0e54bb56..22f095304028ea28a77719451ff0478448543849 100644 (file)
--- a/src/detect.c
+++ b/src/detect.c
@@ -1775,7 +1775,8 @@ TmEcode Detect(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQue
     DEBUG_VALIDATE_PACKET(p);
 
     /* No need to perform any detection on this packet, if the the given flag is set.*/
-    if ((p->flags & PKT_NOPACKET_INSPECTION) || (p->action & ACTION_DROP))
+    if ((p->flags & PKT_NOPACKET_INSPECTION) || (TEST_PACKET_ACTION(p,
+                                                                    ACTION_DROP)))
         return 0;
 
     DetectEngineThreadCtx *det_ctx = (DetectEngineThreadCtx *)data;
@@ -10942,7 +10943,7 @@ static int SigTestDropFlow03(void)
         goto end;
     }
 
-    if ( !(p2->action & ACTION_DROP)) {
+    if ( !(TEST_PACKET_ACTION(p2, ACTION_DROP))) {
         printf("A \"drop\" action should be set from the flow to the packet: ");
         goto end;
     }
@@ -11073,7 +11074,7 @@ static int SigTestDropFlow04(void)
         goto end;
     }
 
-    if (!(p1->action & ACTION_DROP)) {
+    if (!(TEST_PACKET_ACTION(p1, ACTION_DROP))) {
         printf("A \"drop\" action was set from the flow to the packet "
                "which is right, but setting the flag shouldn't disable "
                "inspection on the packet in IDS mode");
@@ -11114,7 +11115,7 @@ static int SigTestDropFlow04(void)
         goto end;
     }
 
-    if (!(p2->action & ACTION_DROP)) {
+    if (!(TEST_PACKET_ACTION(p2, ACTION_DROP))) {
         printf("A \"drop\" action was set from the flow to the packet "
                "which is right, but setting the flag shouldn't disable "
                "inspection on the packet in IDS mode");

diff --git a/src/log-droplog.c b/src/log-droplog.c
index 6f3edbaca117931c24cee9d756314ef5c7f28c65..0b05ae086747568c00eed52b7b398f7d0cebc264 100644 (file)
--- a/src/log-droplog.c
+++ b/src/log-droplog.c
@@ -214,7 +214,7 @@ TmEcode LogDropLogNetFilter (ThreadVars *tv, Packet *p, void *data, PacketQueue
     uint16_t proto = 0;
     char timebuf[64];
 
-    if (!(p->action & ACTION_DROP) || PKT_IS_PSEUDOPKT(p)) {
+    if (!(TEST_PACKET_ACTION(p, ACTION_DROP)) || PKT_IS_PSEUDOPKT(p)) {
         return TM_ECODE_OK;
     }
 
@@ -394,7 +394,7 @@ int LogDropLogTest01()
     DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
 
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
-    if (p->alerts.cnt == 1 && (p->action & ACTION_DROP))
+    if (p->alerts.cnt == 1 && (TEST_PACKET_ACTION(p, ACTION_DROP)))
         result = (strcmp(p->alerts.alerts[0].s->class_msg, "Unknown are we") == 0);
     else
         result = 0;

diff --git a/src/respond-reject.c b/src/respond-reject.c
index 76fab8516c8cecdf91d5baa8d479cca305998c65..235aff347e95435254937b5b7816e03bf3b48aea 100644 (file)
--- a/src/respond-reject.c
+++ b/src/respond-reject.c
@@ -60,9 +60,9 @@ TmEcode RespondRejectFunc(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq
     int ret = 0;
 
     /* ACTION_REJECT defaults to rejecting the SRC */
-    if (!(p->action & ACTION_REJECT) &&
-        !(p->action & ACTION_REJECT_DST) &&
-        !(p->action & ACTION_REJECT_BOTH)) {
+    if (!(TEST_PACKET_ACTION(p, ACTION_REJECT)) &&
+        !(TEST_PACKET_ACTION(p, ACTION_REJECT_DST)) &&
+        !(TEST_PACKET_ACTION(p, ACTION_REJECT_BOTH))) {
         return TM_ECODE_OK;
     }
 
@@ -94,11 +94,11 @@ TmEcode RespondRejectFunc(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq
 }
 
 int RejectSendIPv4TCP(ThreadVars *tv, Packet *p, void *data) {
-    if (p->action & ACTION_REJECT) {
+    if (TEST_PACKET_ACTION(p, ACTION_REJECT)) {
         return RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_SRC);
-    } else if (p->action & ACTION_REJECT_DST) {
+    } else if (TEST_PACKET_ACTION(p, ACTION_REJECT_DST)) {
         return RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_DST);
-    } else if(p->action & ACTION_REJECT_BOTH) {
+    } else if(TEST_PACKET_ACTION(p, ACTION_REJECT_BOTH)) {
         if (RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_SRC) == 0 &&
             RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_DST) == 0) {
             return 0;
@@ -110,11 +110,11 @@ int RejectSendIPv4TCP(ThreadVars *tv, Packet *p, void *data) {
 }
 
 int RejectSendIPv4ICMP(ThreadVars *tv, Packet *p, void *data) {
-    if (p->action & ACTION_REJECT) {
+    if (TEST_PACKET_ACTION(p, ACTION_REJECT)) {
         return RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_SRC);
-    } else if (p->action & ACTION_REJECT_DST) {
+    } else if (TEST_PACKET_ACTION(p, ACTION_REJECT_DST)) {
         return RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_DST);
-    } else if(p->action & ACTION_REJECT_BOTH) {
+    } else if(TEST_PACKET_ACTION(p, ACTION_REJECT_BOTH)) {
         if (RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_SRC) == 0 &&
             RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_DST) == 0) {
             return 0;

diff --git a/src/source-af-packet.c b/src/source-af-packet.c
index 302e4a7125ebf766280dcb4e2b1086f6f7b7d708..0db26abcec148b7a7e27214d1e2951d47cad219f 100644 (file)
--- a/src/source-af-packet.c
+++ b/src/source-af-packet.c
@@ -614,7 +614,7 @@ TmEcode AFPWritePacket(Packet *p)
     int socket;
 
     if (p->afp_v.copy_mode == AFP_COPY_MODE_IPS) {
-        if (p->action & ACTION_DROP) {
+        if (TEST_PACKET_ACTION(p, ACTION_DROP)) {
             return TM_ECODE_OK;
         }
     }

diff --git a/src/source-ipfw.c b/src/source-ipfw.c
index 3b450ad9caa1a597f59791bcc8ef1b6daac40cea..00f094ee16e8e4cdec21aa9903a0fe53e043cdd0 100644 (file)
--- a/src/source-ipfw.c
+++ b/src/source-ipfw.c
@@ -518,7 +518,7 @@ TmEcode IPFWSetVerdict(ThreadVars *tv, IPFWThreadVars *ptv, Packet *p)
     IPFWpoll.fd = nq->fd;
     IPFWpoll.events = POLLWRNORM;
 
-    if (p->action & ACTION_DROP) {
+    if (TEST_PACKET_ACTION(p, ACTION_DROP)) {
         verdict = IPFW_DROP;
     } else {
         verdict = IPFW_ACCEPT;

diff --git a/src/source-nfq.c b/src/source-nfq.c
index cd87cdc9e44546beedf4857cca7090ab8b21e9df..7dc5d2f7015538ed48d8fa6484d78a52b169940f 100644 (file)
--- a/src/source-nfq.c
+++ b/src/source-nfq.c
@@ -1005,7 +1005,7 @@ TmEcode NFQSetVerdict(Packet *p) {
         return TM_ECODE_OK;
     }
 
-    if (p->action & ACTION_DROP) {
+    if (TEST_PACKET_ACTION(p, ACTION_DROP)) {
         verdict = NF_DROP;
 #ifdef COUNTERS
         t->dropped++;

diff --git a/src/util-threshold-config.c b/src/util-threshold-config.c
index 0a67d286ace0270d94fae6813120eef684775260..ed991a34b8364d41ce0b56f27a056d1492f5671d 100644 (file)
--- a/src/util-threshold-config.c
+++ b/src/util-threshold-config.c
@@ -1642,7 +1642,7 @@ int SCThresholdConfTest09(void)
     p->alerts.cnt = 0;
     p->action = 0;
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
-    if (p->alerts.cnt != 1 || p->action & ACTION_DROP) {
+    if (p->alerts.cnt != 1 || TEST_PACKET_ACTION(p, ACTION_DROP)) {
         result = 0;
         goto end;
     }
@@ -1650,7 +1650,7 @@ int SCThresholdConfTest09(void)
     p->alerts.cnt = 0;
     p->action = 0;
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
-    if (p->alerts.cnt != 1 || p->action & ACTION_DROP) {
+    if (p->alerts.cnt != 1 || TEST_PACKET_ACTION(p, ACTION_DROP)) {
         result = 0;
         goto end;
     }
@@ -1658,7 +1658,7 @@ int SCThresholdConfTest09(void)
     p->alerts.cnt = 0;
     p->action = 0;
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
-    if (p->alerts.cnt != 1 || p->action & ACTION_DROP) {
+    if (p->alerts.cnt != 1 || TEST_PACKET_ACTION(p, ACTION_DROP)) {
         result = 0;
         goto end;
     }
@@ -1669,7 +1669,7 @@ int SCThresholdConfTest09(void)
     p->alerts.cnt = 0;
     p->action = 0;
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
-    if (p->alerts.cnt != 1 || !(p->action & ACTION_DROP)) {
+    if (p->alerts.cnt != 1 || !(TEST_PACKET_ACTION(p, ACTION_DROP))) {
         result = 0;
         goto end;
     }
@@ -1680,7 +1680,7 @@ int SCThresholdConfTest09(void)
     p->alerts.cnt = 0;
     p->action = 0;
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
-    if (p->alerts.cnt != 1 || !(p->action & ACTION_DROP)) {
+    if (p->alerts.cnt != 1 || !(TEST_PACKET_ACTION(p, ACTION_DROP))) {
         result = 0;
         goto end;
     }
@@ -1691,7 +1691,7 @@ int SCThresholdConfTest09(void)
     p->alerts.cnt = 0;
     p->action = 0;
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
-    if (p->alerts.cnt != 1 || p->action & ACTION_DROP) {
+    if (p->alerts.cnt != 1 || TEST_PACKET_ACTION(p, ACTION_DROP)) {
         result = 0;
         goto end;
     }
@@ -1699,7 +1699,7 @@ int SCThresholdConfTest09(void)
     p->alerts.cnt = 0;
     p->action = 0;
     SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
-    if (p->alerts.cnt != 1 || p->action & ACTION_DROP) {
+    if (p->alerts.cnt != 1 || TEST_PACKET_ACTION(p, ACTION_DROP)) {
         result = 0;
         goto end;
     }
@@ -2221,7 +2221,7 @@ static int SCThresholdConfTest15(void)
         goto end;
     }
     /* however, it should have set the drop flag */
-    if (!(p->action & ACTION_DROP)) {
+    if (!(TEST_PACKET_ACTION(p, ACTION_DROP))) {
         printf("sid 10000 should have set DROP flag even if suppressed: ");
         goto end;
     }
@@ -2290,7 +2290,7 @@ static int SCThresholdConfTest16(void)
         goto end;
     }
     /* however, it should have set the drop flag */
-    if (!(p->action & ACTION_DROP)) {
+    if (!(TEST_PACKET_ACTION(p, ACTION_DROP))) {
         printf("sid 1000 should have set DROP flag even if suppressed: ");
         goto end;
     }
@@ -2359,7 +2359,7 @@ static int SCThresholdConfTest17(void)
         goto end;
     }
     /* however, it should have set the drop flag */
-    if (!(p->action & ACTION_DROP)) {
+    if (!(TEST_PACKET_ACTION(p, ACTION_DROP))) {
         printf("sid 10000 should have set DROP flag even if suppressed: ");
         goto end;
     }