/**
* \brief Handle a packet and check if needs a threshold logic
* Also apply rule action if necessary.
*
* \param de_ctx Detection Context
* \param sig Signature pointer
* \param p Packet structure
*
* \retval 1 alert is not suppressed
* \retval 0 alert is suppressed
*/
static int PacketAlertHandle(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
Signature *s, Packet *p, uint16_t pos)
{
SCEnter();
int ret = 1;
DetectThresholdData *td = NULL;
SigMatch *sm = NULL;
if (!(PKT_IS_IPV4(p) || PKT_IS_IPV6(p))) {
SCReturnInt(1);
}
do {
td = SigGetThresholdTypeIter(s, p, &sm);
if (td != NULL) {
SCLogDebug("td %p", td);
/* PacketAlertThreshold returns 2 if the alert is suppressed but
* we do need to apply rule actions to the packet. */
ret = PacketAlertThreshold(de_ctx, det_ctx, td, p, s);
if (ret == 0 || ret == 2) {
/* It doesn't match threshold, remove it */
SCReturnInt(ret);
}
}
} while (sm != NULL);
SCReturnInt(1);
}
/**
* \brief Handle a packet and check if needs a threshold logic
*
* \param de_ctx Detection Context
* \param sig Signature pointer
* \param p Packet structure
*
* \retval 1 alert is not suppressed
* \retval 0 alert is suppressed
*/
static int PacketAlertHandle(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
Signature *s, Packet *p, uint16_t pos)
{
SCEnter();
int ret = 1;
DetectThresholdData *td = NULL;
SigMatch *sm = NULL;
if (!(PKT_IS_IPV4(p) || PKT_IS_IPV6(p))) {
SCReturnInt(1);
}
do {
td = SigGetThresholdTypeIter(s, p, &sm);
if (td != NULL) {
SCLogDebug("td %p", td);
ret = PacketAlertThreshold(de_ctx, det_ctx, td, p, s);
if (ret == 0) {
/* It doesn't match threshold, remove it */
PacketAlertRemove(p, pos);
break;
}
}
} while (sm != NULL);
SCReturnInt(ret);
}
