The break if a CPU_ALL rule does not match breaks only the inner loop, but does not leave the if, so that an ALL rule will always end up just after the inner loop and thus always return MATCH.
There are basically two possible solutions; either replace the break by a goto or have the loop counter checked afterwards. I chose the latter for this patch, as many people avoid goto.
My patch also fixes a minor issue where negative numbers are printed in some log messages for CPU_ALL and CPU_ANY.
Log in to post a comment.