/* Install it */
if (id == 0 && gid == 0) {
for (s = de_ctx->sig_list; s != NULL;) {
-
ns = s->next;
+ if (parsed_type != TYPE_SUPPRESS) {
+ m = SigMatchGetLastSMFromLists(s, 2,
+ DETECT_THRESHOLD, s->sm_lists[DETECT_SM_LIST_THRESHOLD]);
- m = SigMatchGetLastSMFromLists(s, 2,
- DETECT_THRESHOLD, s->sm_lists[DETECT_SM_LIST_THRESHOLD]);
-
- if (m != NULL) {
- SCLogWarning(SC_ERR_EVENT_ENGINE, "signature sid:%"PRIu32 " has "
- "an event var set. The signature event var is "
- "given precedence over the threshold.conf one. "
- "We'll change this in the future though.", id);
- goto end;
- }
+ if (m != NULL) {
+ SCLogWarning(SC_ERR_EVENT_ENGINE, "signature sid:%"PRIu32 " has "
+ "an event var set. The signature event var is "
+ "given precedence over the threshold.conf one. "
+ "We'll change this in the future though.", s->id);
+ goto end;
+ }
- m = SigMatchGetLastSMFromLists(s, 2,
- DETECT_DETECTION_FILTER, s->sm_lists[DETECT_SM_LIST_THRESHOLD]);
+ m = SigMatchGetLastSMFromLists(s, 2,
+ DETECT_DETECTION_FILTER, s->sm_lists[DETECT_SM_LIST_THRESHOLD]);
- if (m != NULL) {
- SCLogWarning(SC_ERR_EVENT_ENGINE, "signature sid:%"PRIu32 " has "
- "an event var set. The signature event var is "
- "given precedence over the threshold.conf one. "
- "We'll change this in the future though.", id);
- goto end;
+ if (m != NULL) {
+ SCLogWarning(SC_ERR_EVENT_ENGINE, "signature sid:%"PRIu32 " has "
+ "an event var set. The signature event var is "
+ "given precedence over the threshold.conf one. "
+ "We'll change this in the future though.", s->id);
+ goto end;
+ }
}
de = SCMalloc(sizeof(DetectThresholdData));
} else if (id == 0 && gid > 0) {
for (s = de_ctx->sig_list; s != NULL;) {
-
ns = s->next;
if(s->gid == gid) {
+ if (parsed_type != TYPE_SUPPRESS) {
+ m = SigMatchGetLastSMFromLists(s, 2,
+ DETECT_THRESHOLD, s->sm_lists[DETECT_SM_LIST_THRESHOLD]);
+
+ if (m != NULL) {
+ SCLogWarning(SC_ERR_EVENT_ENGINE, "signature sid:%"PRIu32 " has "
+ "an event var set. The signature event var is "
+ "given precedence over the threshold.conf one. "
+ "We'll change this in the future though.", id);
+ goto end;
+ }
- m = SigMatchGetLastSMFromLists(s, 2,
- DETECT_THRESHOLD, s->sm_lists[DETECT_SM_LIST_THRESHOLD]);
-
- if (m != NULL) {
- SCLogWarning(SC_ERR_EVENT_ENGINE, "signature sid:%"PRIu32 " has "
- "an event var set. The signature event var is "
- "given precedence over the threshold.conf one. "
- "We'll change this in the future though.", id);
- goto end;
- }
-
- m = SigMatchGetLastSMFromLists(s, 2,
- DETECT_DETECTION_FILTER, s->sm_lists[DETECT_SM_LIST_THRESHOLD]);
+ m = SigMatchGetLastSMFromLists(s, 2,
+ DETECT_DETECTION_FILTER, s->sm_lists[DETECT_SM_LIST_THRESHOLD]);
- if (m != NULL) {
- SCLogWarning(SC_ERR_EVENT_ENGINE, "signature sid:%"PRIu32 " has "
- "an event var set. The signature event var is "
- "given precedence over the threshold.conf one. "
- "We'll change this in the future though.", id);
- goto end;
+ if (m != NULL) {
+ SCLogWarning(SC_ERR_EVENT_ENGINE, "signature sid:%"PRIu32 " has "
+ "an event var set. The signature event var is "
+ "given precedence over the threshold.conf one. "
+ "We'll change this in the future though.", id);
+ goto end;
+ }
}
de = SCMalloc(sizeof(DetectThresholdData));
}
} else if (id > 0 && gid == 0) {
SCLogError(SC_ERR_INVALID_VALUE, "Can't use a event config that has "
- "sid > 0 and gid == 0. Killing engine. Please fix this "
+ "sid > 0 and gid == 0. Please fix this "
"in your threshold.conf file");
- exit(EXIT_FAILURE);
} else {
sig = SigFindSignatureBySidGid(de_ctx,id,gid);
sig->flags |= SIG_FLAG_NOALERT;
goto end;
}
+ if (parsed_type != TYPE_SUPPRESS) {
+ m = SigMatchGetLastSMFromLists(sig, 2,
+ DETECT_THRESHOLD, sig->sm_lists[DETECT_SM_LIST_THRESHOLD]);
- m = SigMatchGetLastSMFromLists(sig, 2,
- DETECT_THRESHOLD, sig->sm_lists[DETECT_SM_LIST_THRESHOLD]);
-
- if (m != NULL) {
- SCLogWarning(SC_ERR_EVENT_ENGINE, "signature sid:%"PRIu32 " has "
- "an event var set. The signature event var is "
- "given precedence over the threshold.conf one. "
- "We'll change this in the future though.", id);
- goto end;
- }
+ if (m != NULL) {
+ SCLogWarning(SC_ERR_EVENT_ENGINE, "signature sid:%"PRIu32 " has "
+ "an event var set. The signature event var is "
+ "given precedence over the threshold.conf one. "
+ "We'll change this in the future though.", id);
+ goto end;
+ }
- m = SigMatchGetLastSMFromLists(sig, 2,
- DETECT_DETECTION_FILTER, sig->sm_lists[DETECT_SM_LIST_THRESHOLD]);
+ m = SigMatchGetLastSMFromLists(sig, 2,
+ DETECT_DETECTION_FILTER, sig->sm_lists[DETECT_SM_LIST_THRESHOLD]);
- if (m != NULL) {
- SCLogWarning(SC_ERR_EVENT_ENGINE, "signature sid:%"PRIu32 " has "
- "an event var set. The signature event var is "
- "given precedence over the threshold.conf one. "
- "We'll change this in the future though.", id);
- goto end;
+ if (m != NULL) {
+ SCLogWarning(SC_ERR_EVENT_ENGINE, "signature sid:%"PRIu32 " has "
+ "an event var set. The signature event var is "
+ "given precedence over the threshold.conf one. "
+ "We'll change this in the future though.", id);
+ goto end;
+ }
}
de = SCMalloc(sizeof(DetectThresholdData));
projects / thirdparty / suricata.git / commitdiff
