diff --git a/src/action-globals.h b/src/action-globals.h index 16a5461f80..aa46bd293d 100644 --- a/src/action-globals.h +++ b/src/action-globals.h @@ -23,6 +23,7 @@ #ifndef __ACTION_GLOBALS_H__ #define __ACTION_GLOBALS_H__ + /* Changing them as flags, so later we can have alerts * and drop simultaneously */ #define ACTION_ALERT 0x01 @@ -31,4 +32,5 @@ #define ACTION_REJECT_DST 0x08 #define ACTION_REJECT_BOTH 0x10 #define ACTION_PASS 0x20 + #endif /* __ACTION_GLOBALS_H__ */ diff --git a/src/alert-prelude.c b/src/alert-prelude.c index 2c888a4170..def9ce3a53 100644 --- a/src/alert-prelude.c +++ b/src/alert-prelude.c @@ -234,8 +234,7 @@ static int EventToImpact(PacketAlert *pa, Packet *p, idmef_alert_t *alert) idmef_impact_set_severity(impact, severity); - if (p->action & ACTION_REJECT || p->action & ACTION_REJECT_BOTH || - p->action & ACTION_REJECT_DST || p->action & ACTION_DROP) { + if (p->action & ACTION_DROP) { idmef_action_t *action; ret = idmef_action_new(&action); diff --git a/src/decode.h b/src/decode.h index e278295b73..bde9426ad9 100644 --- a/src/decode.h +++ b/src/decode.h @@ -608,11 +608,47 @@ typedef struct DecodeThreadVars_ /* macro's for setting the action * handle the case of a root packet * for tunnels */ -#define ACCEPT_PACKET(p) ((p)->root ? ((p)->root->action = ACTION_ACCEPT) : ((p)->action = ACTION_ACCEPT)) -#define DROP_PACKET(p) ((p)->root ? ((p)->root->action = ACTION_DROP) : ((p)->action = ACTION_DROP)) -#define REJECT_PACKET(p) ((p)->root ? ((p)->root->action = ACTION_REJECT) : ((p)->action = ACTION_REJECT)) -#define REJECT_PACKET_DST(p) ((p)->root ? ((p)->root->action = ACTION_REJECT_DST) : ((p)->action = ACTION_REJECT_DST)) -#define REJECT_PACKET_BOTH(p) ((p)->root ? ((p)->root->action = ACTION_REJECT_BOTH) : ((p)->action = ACTION_REJECT_BOTH)) +#define ALERT_PACKET(p) do { \ + ((p)->root ? \ + ((p)->root->action = ACTION_ALERT) : \ + ((p)->action = ACTION_ALERT)); \ +} while (0) + +#define ACCEPT_PACKET(p) do { \ + ((p)->root ? \ + ((p)->root->action = ACTION_ACCEPT) : \ + ((p)->action = ACTION_ACCEPT)); \ +} while (0) + +#define DROP_PACKET(p) do { \ + ((p)->root ? \ + ((p)->root->action = ACTION_DROP) : \ + ((p)->action = ACTION_DROP)); \ +} while (0) + +#define REJECT_PACKET(p) do { \ + ((p)->root ? \ + ((p)->root->action = (ACTION_REJECT|ACTION_DROP)) : \ + ((p)->action = (ACTION_REJECT|ACTION_DROP))); \ +} while (0) + +#define REJECT_PACKET_DST(p) do { \ + ((p)->root ? \ + ((p)->root->action = (ACTION_REJECT_DST|ACTION_DROP)) : \ + ((p)->action = (ACTION_REJECT_DST|ACTION_DROP))); \ +} while (0) + +#define REJECT_PACKET_BOTH(p) do { \ + ((p)->root ? \ + ((p)->root->action = (ACTION_REJECT_BOTH|ACTION_DROP)) : \ + ((p)->action = (ACTION_REJECT_BOTH|ACTION_DROP))); \ +} while (0) + +#define PASS_PACKET(p) do { \ + ((p)->root ? \ + ((p)->root->action = ACTION_PASS) : \ + ((p)->action = ACTION_PASS)); \ +} while (0) #define TUNNEL_INCR_PKT_RTV(p) do { \ SCMutexLock((p)->root ? &(p)->root->mutex_rtv_cnt : &(p)->mutex_rtv_cnt); \ diff --git a/src/detect-engine-threshold.c b/src/detect-engine-threshold.c index 4caff2459e..ac6c72f615 100644 --- a/src/detect-engine-threshold.c +++ b/src/detect-engine-threshold.c @@ -449,20 +449,20 @@ int PacketAlertThreshold(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx /* Take the action to perform */ switch (td->new_action) { case TH_ACTION_ALERT: - p->action |= ACTION_ALERT; - break; + ALERT_PACKET(p); + break; case TH_ACTION_DROP: - p->action |= ACTION_DROP; - break; + DROP_PACKET(p); + break; case TH_ACTION_REJECT: - p->action |= ACTION_REJECT; - break; + REJECT_PACKET(p); + break; case TH_ACTION_PASS: - p->action |= ACTION_PASS; - break; + PASS_PACKET(p); + break; default: /* Weird, leave the default action */ - break; + break; } ret = 1; } @@ -477,20 +477,20 @@ int PacketAlertThreshold(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx /* Take the action to perform */ switch (td->new_action) { case TH_ACTION_ALERT: - p->action |= ACTION_ALERT; - break; + ALERT_PACKET(p); + break; case TH_ACTION_DROP: - p->action |= ACTION_DROP; - break; + DROP_PACKET(p); + break; case TH_ACTION_REJECT: - p->action |= ACTION_REJECT; - break; + REJECT_PACKET(p); + break; case TH_ACTION_PASS: - p->action |= ACTION_PASS; - break; + PASS_PACKET(p); + break; default: /* Weird, leave the default action */ - break; + break; } ret = 1; } diff --git a/src/source-ipfw.c b/src/source-ipfw.c index d48791e352..31f6ca1063 100644 --- a/src/source-ipfw.c +++ b/src/source-ipfw.c @@ -469,8 +469,7 @@ TmEcode IPFWSetVerdict(ThreadVars *tv, IPFWThreadVars *ptv, Packet *p) { IPFWpoll.fd=ipfw_sock; IPFWpoll.events= POLLWRNORM; - if (p->action & ACTION_REJECT || p->action & ACTION_REJECT_BOTH || - p->action & ACTION_REJECT_DST || p->action & ACTION_DROP) { + if (p->action & ACTION_DROP) { verdict = IPFW_DROP; } else { verdict = IPFW_ACCEPT; diff --git a/src/source-nfq.c b/src/source-nfq.c index 98678f8f22..691cd99834 100644 --- a/src/source-nfq.c +++ b/src/source-nfq.c @@ -758,14 +758,14 @@ void NFQSetVerdict(Packet *p) { //printf("%p verdicting on queue %" PRIu32 "\n", t, t->queue_num); SCMutexLock(&t->mutex_qh); - if (p->action & ACTION_REJECT || p->action & ACTION_REJECT_BOTH || - p->action & ACTION_REJECT_DST || p->action & ACTION_DROP) { + if (p->action & ACTION_DROP) { verdict = NF_DROP; #ifdef COUNTERS t->dropped++; #endif /* COUNTERS */ } else { switch (nfq_config.mode) { + default: case NFQ_ACCEPT_MODE: verdict = NF_ACCEPT; break;