static inline int sfthd_test_suppress (
THD_NODE* sfthd_node,
snort_ip_p sip, snort_ip_p dip)
{
if (sfthd_node->tracking == THD_TRK_SRCDST){
if( !sfthd_node->ip_address || !sfthd_node->dst_ip_address
|| (IpAddrSetContains(sfthd_node->ip_address,sip) && IpAddrSetContains(sfthd_node->dst_ip_address,dip)))
{
#ifdef THD_DEBUG
printf("THD_DEBUG: SUPPRESS NODE, do not log events with this sIP->dIP combination\n");
fflush(stdout);
#endif
/* Don't log, and stop looking( event's to this address
* for this gen_id+sig_id) */
sfthd_node->filtered++;
return -1;
}
}
else
{
if ( !sfthd_node->ip_address ||
IpAddrSetContains(sfthd_node->ip_address, sfthd_node->tracking == THD_TRK_SRC ? sip : dip) )
{
#ifdef THD_DEBUG
printf("THD_DEBUG: SUPPRESS NODE, do not log events with this IP\n");
fflush(stdout);
#endif
/* Don't log, and stop looking( event's to this address
* for this gen_id+sig_id) */
sfthd_node->filtered++;
return -1;
}
}
return 1; /* Keep looking for other suppressors */
}
static INLINE int SFRF_AppliesTo(tSFRFConfigNode* pCfg, snort_ip_p ip)
{
#ifndef SUP_IP6
struct in_addr addr;
addr.s_addr = ip;
return ( !pCfg->applyTo || IpAddrSetContains(pCfg->applyTo, addr) );
#else
return ( !pCfg->applyTo || IpAddrSetContains(pCfg->applyTo, ip) );
#endif
}
static inline int sfthd_test_suppress (
THD_NODE* sfthd_node,
snort_ip_p ip)
{
if ( !sfthd_node->ip_address ||
IpAddrSetContains(sfthd_node->ip_address, ip) )
{
#ifdef THD_DEBUG
printf("THD_DEBUG: SUPPRESS NODE, do not log events with this IP\n");
fflush(stdout);
#endif
/* Don't log, and stop looking( event's to this address
* for this gen_id+sig_id) */
sfthd_node->filtered++;
return -1;
}
return 1; /* Keep looking for other suppressors */
}
static inline int SFRF_AppliesTo(tSFRFConfigNode* pCfg, snort_ip_p ip)
{
return ( !pCfg->applyTo || IpAddrSetContains(pCfg->applyTo, ip) );
}