From 9a08d6c11c2c13606ff04e367ff39bffeba5e82c Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Wed, 9 Jun 2010 16:12:08 +0200
Subject: [PATCH] Fixes to stream pattern matching.

---
 src/app-layer.c             |  6 ++++++
 src/detect-engine-mpm.c     |  5 +++++
 src/detect.c                | 10 ++++++++--
 src/stream-tcp-reassemble.c |  4 +++-
 src/util-mpm.c              |  1 +
 5 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/src/app-layer.c b/src/app-layer.c
index 91604825a1..cd46c66696 100644
--- a/src/app-layer.c
+++ b/src/app-layer.c
@@ -182,8 +182,12 @@ int AppLayerHandleMsg(AlpProtoDetectThreadCtx *dp_ctx, StreamMsg *smsg)
             }
         }
 
+        SCLogDebug("storing smsg in the tcp session");
+
         /* store the smsg in the tcp stream */
         if (smsg->flags & STREAM_TOSERVER) {
+            SCLogDebug("storing smsg in the to_server");
+
             /* put the smsg in the stream list */
             if (ssn->toserver_smsg_head == NULL) {
                 ssn->toserver_smsg_head = smsg;
@@ -198,6 +202,8 @@ int AppLayerHandleMsg(AlpProtoDetectThreadCtx *dp_ctx, StreamMsg *smsg)
                 ssn->toserver_smsg_tail = smsg;
             }
         } else {
+            SCLogDebug("storing smsg in the to_client");
+
             /* put the smsg in the stream list */
             if (ssn->toclient_smsg_head == NULL) {
                 ssn->toclient_smsg_head = smsg;
diff --git a/src/detect-engine-mpm.c b/src/detect-engine-mpm.c
index 499e46ac13..dab246d359 100644
--- a/src/detect-engine-mpm.c
+++ b/src/detect-engine-mpm.c
@@ -49,6 +49,7 @@
 
 #include "util-enum.h"
 #include "util-debug.h"
+#include "util-print.h"
 
 /** \todo make it possible to use multiple pattern matcher algorithms next to
           eachother. */
@@ -188,11 +189,15 @@ uint32_t StreamPatternSearch(ThreadVars *tv, DetectEngineThreadCtx *det_ctx,
     uint8_t cnt = 0;
 
     for ( ; smsg != NULL; smsg = smsg->next) {
+        //PrintRawDataFp(stdout, smsg->data.data, smsg->data.data_len);
+
         uint32_t r = mpm_table[det_ctx->sgh->mpm_ctx->mpm_type].Search(det_ctx->sgh->mpm_ctx,
                 &det_ctx->mtc, &det_ctx->smsg_pmq[cnt], smsg->data.data, smsg->data.data_len);
         if (r > 0) {
             ret += r;
 
+            SCLogDebug("smsg match stored in det_ctx->smsg_pmq[%u]", cnt);
+
             /* merge results with overall pmq */
             PmqMerge(&det_ctx->smsg_pmq[cnt], &det_ctx->pmq);
         }
diff --git a/src/detect.c b/src/detect.c
index 7f8889ff2b..fb672751c0 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -538,6 +538,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
                     ssn->toserver_smsg_tail = NULL;
 
                     //BUG_ON(ssn->toclient_smsg_head != NULL);
+                    SCLogDebug("to_server smsg %p", smsg);
                 } else {
                     smsg = ssn->toclient_smsg_head;
                     /* deref from the ssn */
@@ -545,9 +546,10 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
                     ssn->toclient_smsg_tail = NULL;
 
                     //BUG_ON(ssn->toserver_smsg_head != NULL);
+
+                    SCLogDebug("to_client smsg %p", smsg);
                 }
 
-                SCLogDebug("smsg %p", smsg);
             }
         }
         SCMutexUnlock(&p->flow->m);
@@ -763,8 +765,10 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
                 int i = 0;
                 StreamMsg *smsg_inspect = smsg;
                 for ( ; smsg_inspect != NULL; smsg_inspect = smsg_inspect->next, i++) {
-                    if (det_ctx->smsg_pmq[i].pattern_id_array_size != 0)
+                    if (det_ctx->smsg_pmq[i].pattern_id_array_cnt == 0) {
+                        SCLogDebug("no match in smsg_inspect %p (%u), idx %d", smsg_inspect, smsg_inspect->data.data_len, i);
                         continue;
+                    }
 
                     if (det_ctx->smsg_pmq[i].pattern_id_bitarray != NULL) {
                         /* filter out sigs that want pattern matches, but
@@ -785,6 +789,8 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
 
                 /* no match? then inspect packet payload */
                 if (pmatch == 0) {
+                    SCLogDebug("no match in smsg, fall back to packet payload");
+
                     if (DetectEngineInspectPacketPayload(de_ctx, det_ctx, s, p->flow, flags, alstate, p) != 1)
                         goto next;
                 }
diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c
index 6b4761120b..156785e8e5 100644
--- a/src/stream-tcp-reassemble.c
+++ b/src/stream-tcp-reassemble.c
@@ -1949,8 +1949,10 @@ int StreamTcpReassembleHandleSegment(TcpReassemblyThreadCtx *ra_ctx,
        simple return */
     if (p->payload_len > 0 &&
         (((stream == &ssn->client) && !(ssn->flags & STREAMTCP_FLAG_NOCLIENT_REASSEMBLY)) ||
-        ((stream == &ssn->server) && !(ssn->flags & STREAMTCP_FLAG_NOSERVER_REASSEMBLY))))
+         ((stream == &ssn->server) && !(ssn->flags & STREAMTCP_FLAG_NOSERVER_REASSEMBLY))))
     {
+        SCLogDebug("calling StreamTcpReassembleHandleSegmentHandleData");
+
         if (StreamTcpReassembleHandleSegmentHandleData(ssn, stream, p) != 0) {
             SCLogDebug("StreamTcpReassembleHandleSegmentHandleData error");
             SCReturnInt(-1);
diff --git a/src/util-mpm.c b/src/util-mpm.c
index 96f0327adc..34781da2d1 100644
--- a/src/util-mpm.c
+++ b/src/util-mpm.c
@@ -108,6 +108,7 @@ MpmVerifyMatch(MpmThreadCtx *thread_ctx, PatternMatcherQueue *pmq, uint32_t pati
             /* append the pattern_id to the array with matches */
             pmq->pattern_id_array[pmq->pattern_id_array_cnt] = patid;
             pmq->pattern_id_array_cnt++;
+            SCLogDebug("pattern_id_array_cnt %u", pmq->pattern_id_array_cnt);
         }
     }