diff --git a/src/detect.c b/src/detect.c index 7595d6888f..e5e96d0e22 100644 --- a/src/detect.c +++ b/src/detect.c @@ -887,11 +887,8 @@ DetectPostInspectFirstSGH(const Packet *p, Flow *pflow, const SigGroupHead *sgh) /** * \brief Signature match function - * - * \retval 1 one or more signatures matched - * \retval 0 no matches were found */ -int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p) +void SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p) { bool use_flow_sgh = false; uint8_t alert_flags = 0; @@ -903,23 +900,23 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh const Signature *s = NULL; const Signature *next_s = NULL; int state_alert = 0; - int alerts = 0; int app_decoder_events = 0; bool has_state = false; /* do we have an alstate to work with? */ SCEnter(); SCLogDebug("pcap_cnt %"PRIu64, p->pcap_cnt); - - det_ctx->ticker++; +#ifdef UNITTESTS p->alerts.cnt = 0; +#endif + det_ctx->ticker++; det_ctx->filestore_cnt = 0; det_ctx->base64_decoded_len = 0; det_ctx->raw_stream_progress = 0; /* No need to perform any detection on this packet, if the the given flag is set.*/ if (p->flags & PKT_NOPACKET_INSPECTION) { - SCReturnInt(0); + SCReturn; } /* Load the Packet's flow early, even though it might not be needed. @@ -1117,7 +1114,6 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh } #endif - PACKET_PROFILING_DETECT_START(p, PROF_DETECT_RULES); /* inspect the sigs against the packet */ /* Prefetch the next signature. */ @@ -1131,7 +1127,6 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh Signature **match_array = det_ctx->match_array; SGH_PROFILING_RECORD(det_ctx, det_ctx->sgh); - #ifdef PROFILING #ifdef HAVE_LIBJANSSON if (match_cnt >= de_ctx->profile_match_logging_threshold) @@ -1144,21 +1139,19 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh next_s = *match_array++; next_sflags = next_s->flags; } - while (match_cnt--) { RULE_PROFILING_START(p); state_alert = 0; #ifdef PROFILING smatch = 0; #endif - s = next_s; sflags = next_sflags; if (match_cnt) { next_s = *match_array++; next_sflags = next_s->flags; } - uint8_t s_proto_flags = s->proto.flags; + const uint8_t s_proto_flags = s->proto.flags; SCLogDebug("inspecting signature id %"PRIu32"", s->id); @@ -1373,7 +1366,6 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh /* apply actions even if not alerting */ DetectSignatureApplyActions(p, s); } - alerts++; next: DetectVarProcessList(det_ctx, pflow, p); DetectReplaceFree(det_ctx); @@ -1436,8 +1428,7 @@ end: } } PACKET_PROFILING_DETECT_END(p, PROF_DETECT_CLEANUP); - - SCReturnInt((int)(alerts > 0)); + SCReturn; } /** \brief Apply action(s) and Set 'drop' sig info, diff --git a/src/detect.h b/src/detect.h index d9bf453b4d..7bb68a55bc 100644 --- a/src/detect.h +++ b/src/detect.h @@ -1347,7 +1347,7 @@ char *DetectLoadCompleteSigPath(const DetectEngineCtx *, char *sig_file); int SigLoadSignatures (DetectEngineCtx *, char *, int); void SigTableList(const char *keyword); void SigTableSetup(void); -int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, +void SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p); int SignatureIsIPOnly(DetectEngineCtx *de_ctx, const Signature *s);