detect: track current tx_id in det_ctx

When using the inspection engines, track the current tx_id in the thread storage the detect thread uses. As 0 is a valid tx_id, add a simple bool that indicates if the tx_id field is set.
11 years ago · 3b98a1ce66
parent a114787150
commit 3b98a1ce66
3 changed files with 10 additions and 3 deletions
--- a/src/detect-engine-file.c
+++ b/src/detect-engine-file.c
@ -223,9 +223,6 @@ int DetectFileInspectHttp(ThreadVars *tv,
    else
        ffc = htp_state->files_ts;

-    /* inspect files for this transaction */
-    det_ctx->tx_id = (uint16_t)tx_id;
-
    int match = DetectFileInspect(tv, det_ctx, f, s, flags, ffc);
    if (match == 1) {
        r = DETECT_ENGINE_INSPECT_SIG_MATCH;
--- a/src/detect-engine-state.c
+++ b/src/detect-engine-state.c
@ -295,6 +295,8 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
            tx = AppLayerParserGetTx(f->proto, alproto, alstate, tx_id);
            if (tx == NULL)
                continue;
+            det_ctx->tx_id = tx_id;
+            det_ctx->tx_id_set = 1;
            engine = app_inspection_engine[FlowGetProtoMapping(f->proto)][alproto][direction];
            inspect_flags = 0;
            while (engine != NULL) {
@ -474,6 +476,8 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
    SCMutexUnlock(&f->de_state_m);

 end:
+    det_ctx->tx_id = 0;
+    det_ctx->tx_id_set = 0;
    return alert_cnt ? 1:0;
 }

@ -623,6 +627,8 @@ void DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
                    }
                }

+                det_ctx->tx_id = inspect_tx_id;
+                det_ctx->tx_id_set = 1;
                engine = app_inspection_engine[FlowGetProtoMapping(f->proto)][alproto][(flags & STREAM_TOSERVER) ? 0 : 1];
                inspect_tx = AppLayerParserGetTx(f->proto, alproto, alstate, inspect_tx_id);
                if (inspect_tx == NULL) {
@ -765,6 +771,8 @@ end:
        DetectEngineStateReset(f->de_state, flags);

    SCMutexUnlock(&f->de_state_m);
+    det_ctx->tx_id = 0;
+    det_ctx->tx_id_set = 0;
    return;
 }

--- a/src/detect.h
+++ b/src/detect.h
@ -806,6 +806,8 @@ typedef struct DetectionEngineThreadCtx_ {
    uint16_t discontinue_matching;
    uint16_t flags;

+    /* bool: if tx_id is set, this is 1, otherwise 0 */
+    uint16_t tx_id_set;
    /** ID of the transaction currently being inspected. */
    uint64_t tx_id;