|
|
|
|
@ -240,7 +240,6 @@ void DetectEngineStateFree(DetectEngineState *state)
|
|
|
|
|
|
|
|
|
|
static int HasStoredSigs(const Flow *f, const uint8_t flags)
|
|
|
|
|
{
|
|
|
|
|
if (AppLayerParserProtocolSupportsTxs(f->proto, f->alproto)) {
|
|
|
|
|
AppProto alproto = f->alproto;
|
|
|
|
|
void *alstate = FlowGetAppState(f);
|
|
|
|
|
if (!StateIsValid(f->alproto, alstate)) {
|
|
|
|
|
@ -271,7 +270,6 @@ static int HasStoredSigs(const Flow *f, const uint8_t flags)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@ -311,7 +309,6 @@ static void StoreStateTxFileOnly(DetectEngineThreadCtx *det_ctx,
|
|
|
|
|
Flow *f, const uint8_t flags, const uint64_t tx_id, void *tx,
|
|
|
|
|
const uint16_t file_no_match)
|
|
|
|
|
{
|
|
|
|
|
if (AppLayerParserSupportsTxDetectState(f->proto, f->alproto)) {
|
|
|
|
|
DetectEngineState *destate = AppLayerParserGetTxDetectState(f->proto, f->alproto, tx);
|
|
|
|
|
if (destate == NULL) {
|
|
|
|
|
destate = DetectEngineStateAlloc();
|
|
|
|
|
@ -325,7 +322,6 @@ static void StoreStateTxFileOnly(DetectEngineThreadCtx *det_ctx,
|
|
|
|
|
}
|
|
|
|
|
StoreStateTxHandleFiles(det_ctx, f, destate, flags, tx_id, file_no_match);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* \param check_before_add check for duplicates before adding the sig
|
|
|
|
|
@ -336,7 +332,6 @@ static void StoreStateTx(DetectEngineThreadCtx *det_ctx,
|
|
|
|
|
const Signature *s, const SigMatchData *smd,
|
|
|
|
|
const uint32_t inspect_flags, const uint16_t file_no_match, int check_before_add)
|
|
|
|
|
{
|
|
|
|
|
if (AppLayerParserSupportsTxDetectState(f->proto, f->alproto)) {
|
|
|
|
|
DetectEngineState *destate = AppLayerParserGetTxDetectState(f->proto, f->alproto, tx);
|
|
|
|
|
if (destate == NULL) {
|
|
|
|
|
destate = DetectEngineStateAlloc();
|
|
|
|
|
@ -355,7 +350,6 @@ static void StoreStateTx(DetectEngineThreadCtx *det_ctx,
|
|
|
|
|
DeStateSignatureAppend(destate, s, inspect_flags, flags);
|
|
|
|
|
|
|
|
|
|
StoreStateTxHandleFiles(det_ctx, f, destate, flags, tx_id, file_no_match);
|
|
|
|
|
}
|
|
|
|
|
SCLogDebug("Stored for TX %"PRIu64, tx_id);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@ -367,9 +361,6 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
|
|
|
|
|
SCLogDebug("rule %u/%u", s->id, s->num);
|
|
|
|
|
|
|
|
|
|
/* TX based matches (inspect engines) */
|
|
|
|
|
if (unlikely(!AppLayerParserProtocolSupportsTxs(f->proto, alproto))) {
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
void *alstate = FlowGetAppState(f);
|
|
|
|
|
if (unlikely(!StateIsValid(alproto, alstate))) {
|
|
|
|
|
return 0;
|
|
|
|
|
@ -746,7 +737,6 @@ void DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
|
|
|
|
|
|
|
|
|
|
SCLogDebug("starting continue detection for packet %"PRIu64, p->pcap_cnt);
|
|
|
|
|
|
|
|
|
|
if (AppLayerParserProtocolSupportsTxs(f->proto, alproto)) {
|
|
|
|
|
void *alstate = FlowGetAppState(f);
|
|
|
|
|
if (!StateIsValid(alproto, alstate)) {
|
|
|
|
|
return;
|
|
|
|
|
@ -821,7 +811,6 @@ void DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
end:
|
|
|
|
|
det_ctx->p = NULL;
|
|
|
|
|
@ -850,7 +839,6 @@ void DeStateUpdateInspectTransactionId(Flow *f, const uint8_t flags)
|
|
|
|
|
*/
|
|
|
|
|
void DetectEngineStateResetTxs(Flow *f)
|
|
|
|
|
{
|
|
|
|
|
if (AppLayerParserProtocolSupportsTxs(f->proto, f->alproto)) {
|
|
|
|
|
void *alstate = FlowGetAppState(f);
|
|
|
|
|
if (!StateIsValid(f->alproto, alstate)) {
|
|
|
|
|
return;
|
|
|
|
|
@ -881,7 +869,6 @@ void DetectEngineStateResetTxs(Flow *f)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*********Unittests*********/
|
|
|
|
|
|
|
|
|
|
|
Victor Julien
8 years ago