} PacketAlert;
/* flag to indicate the rule action (drop/pass) needs to be applied to the flow */
-#define PACKET_ALERT_FLAG_APPLY_ACTION_TO_FLOW 0x1
+#define PACKET_ALERT_FLAG_APPLY_ACTION_TO_FLOW BIT_U8(0)
/** alert was generated based on state */
-#define PACKET_ALERT_FLAG_STATE_MATCH 0x02
+#define PACKET_ALERT_FLAG_STATE_MATCH BIT_U8(1)
/** alert was generated based on stream */
-#define PACKET_ALERT_FLAG_STREAM_MATCH 0x04
+#define PACKET_ALERT_FLAG_STREAM_MATCH BIT_U8(2)
/** alert is in a tx, tx_id set */
-#define PACKET_ALERT_FLAG_TX 0x08
+#define PACKET_ALERT_FLAG_TX BIT_U8(3)
/** action was changed by rate_filter */
-#define PACKET_ALERT_RATE_FILTER_MODIFIED 0x10
+#define PACKET_ALERT_FLAG_RATE_FILTER_MODIFIED BIT_U8(4)
/** alert is in a frame, frame_id set */
-#define PACKET_ALERT_FLAG_FRAME 0x20
+#define PACKET_ALERT_FLAG_FRAME BIT_U8(5)
/** alert in a tx was forced */
-#define PACKET_ALERT_FLAG_TX_GUESSED 0x40
+#define PACKET_ALERT_FLAG_TX_GUESSED BIT_U8(6)
/** accept should be applied to packet */
-#define PACKET_ALERT_FLAG_APPLY_ACTION_TO_PACKET 0x80
+#define PACKET_ALERT_FLAG_APPLY_ACTION_TO_PACKET BIT_U8(7)
extern uint16_t packet_alert_max;
#define PACKET_ALERT_MAX 15
if (pa->action & ACTION_DROP_REJECT) {
/* PacketDrop will update the packet action, too */
PacketDrop(p, pa->action,
- (pa->flags & PACKET_ALERT_RATE_FILTER_MODIFIED) ? PKT_DROP_REASON_RULES_THRESHOLD
- : PKT_DROP_REASON_RULES);
+ (pa->flags & PACKET_ALERT_FLAG_RATE_FILTER_MODIFIED)
+ ? PKT_DROP_REASON_RULES_THRESHOLD
+ : PKT_DROP_REASON_RULES);
SCLogDebug("[packet %p][DROP sid %u]", p, s->id);
if (p->alerts.drop.action == 0) {
{
switch (new_action) {
case TH_ACTION_ALERT:
- pa->flags |= PACKET_ALERT_RATE_FILTER_MODIFIED;
+ pa->flags |= PACKET_ALERT_FLAG_RATE_FILTER_MODIFIED;
pa->action = ACTION_ALERT;
break;
case TH_ACTION_DROP:
- pa->flags |= PACKET_ALERT_RATE_FILTER_MODIFIED;
+ pa->flags |= PACKET_ALERT_FLAG_RATE_FILTER_MODIFIED;
pa->action = ACTION_DROP;
break;
case TH_ACTION_REJECT:
- pa->flags |= PACKET_ALERT_RATE_FILTER_MODIFIED;
+ pa->flags |= PACKET_ALERT_FLAG_RATE_FILTER_MODIFIED;
pa->action = (ACTION_REJECT | ACTION_DROP);
break;
case TH_ACTION_PASS:
- pa->flags |= PACKET_ALERT_RATE_FILTER_MODIFIED;
+ pa->flags |= PACKET_ALERT_FLAG_RATE_FILTER_MODIFIED;
pa->action = ACTION_PASS;
break;
default:
{
const char *action = "allowed";
/* use packet action if rate_filter modified the action */
- if (unlikely(pa->flags & PACKET_ALERT_RATE_FILTER_MODIFIED)) {
+ if (unlikely(pa->flags & PACKET_ALERT_FLAG_RATE_FILTER_MODIFIED)) {
if (PacketCheckAction(p, ACTION_DROP_REJECT)) {
action = "blocked";
}
projects / thirdparty / suricata.git / commitdiff
