aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect: enforce flow drops earlier

Browse Source 
Enforcing flow drops is now done earlier in the detection engine and
moved out of the IP-only engine where it didn't belong.
pull/6383/head
Victor Julien 4 years ago
parent aa93984b7e
commit 802c1ffee3
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File

12
src/detect.c
Unescape Escape View File

@ -549,12 +549,6 @@ static void DetectRunInspectIPOnly(ThreadVars *tv, const DetectEngineCtx *de_ctx
/* save in the flow that we scanned this direction... */ /* save in the flow that we scanned this direction... */
FlowSetIPOnlyFlag(pflow, p->flowflags & FLOW_PKT_TOSERVER ? 1 : 0); FlowSetIPOnlyFlag(pflow, p->flowflags & FLOW_PKT_TOSERVER ? 1 : 0);
} }
/* If we have a drop from IP only module,
* we will drop the rest of the flow packets
* This will apply only to inline/IPS */
if (pflow->flags & FLOW_ACTION_DROP) {
PACKET_DROP(p);
}
} else { /* p->flags & PKT_HAS_FLOW */ } else { /* p->flags & PKT_HAS_FLOW */
/* no flow */ /* no flow */
@ -1544,6 +1538,12 @@ static void DetectFlow(ThreadVars *tv,
return; return;
} }
/* if flow is set to drop, we enforce that here */
if (p->flow->flags & FLOW_ACTION_DROP) {
PACKET_DROP(p);
SCReturn;
}
/* see if the packet matches one or more of the sigs */ /* see if the packet matches one or more of the sigs */
(void)DetectRun(tv, de_ctx, det_ctx, p); (void)DetectRun(tv, de_ctx, det_ctx, p);
} }

Write Preview
Loading…
Cancel
Save