diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c index a719c3a5c8..b5ba37ac21 100644 --- a/src/app-layer-htp.c +++ b/src/app-layer-htp.c @@ -291,6 +291,8 @@ static int HTPHandleRequestData(Flow *f, void *htp_state, int r = -1; int ret = 1; + //PrintRawDataFp(stdout, input, input_len); + HtpState *hstate = (HtpState *)htp_state; /* if the previous run set the new request flag, we unset it here. As diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c index e9aae2678a..2622c806fb 100644 --- a/src/app-layer-parser.c +++ b/src/app-layer-parser.c @@ -1080,11 +1080,13 @@ error: /** * \param f LOCKED flow + * \param direction STREAM_TOSERVER or STREAM_TOCLIENT + * * \retval 2 current transaction done, new available * \retval 1 current transaction done, no new (yet) * \retval 0 current transaction is not done yet */ -int AppLayerTransactionUpdateInspectId(Flow *f) +int AppLayerTransactionUpdateInspectId(Flow *f, char direction) { SCEnter(); @@ -1102,7 +1104,18 @@ int AppLayerTransactionUpdateInspectId(Flow *f) SCLogDebug("avail_id %"PRIu16", inspect_id %"PRIu16, parser_state_store->avail_id, parser_state_store->inspect_id); - if ((parser_state_store->inspect_id+1) < parser_state_store->avail_id) { + if (direction == STREAM_TOSERVER) + parser_state_store->id_flags |= APP_LAYER_TRANSACTION_TOSERVER; + else + parser_state_store->id_flags |= APP_LAYER_TRANSACTION_TOCLIENT; + + if ((parser_state_store->inspect_id+1) < parser_state_store->avail_id && + (parser_state_store->id_flags & APP_LAYER_TRANSACTION_TOCLIENT) && + (parser_state_store->id_flags & APP_LAYER_TRANSACTION_TOSERVER)) + { + parser_state_store->id_flags &=~ APP_LAYER_TRANSACTION_TOCLIENT; + parser_state_store->id_flags &=~ APP_LAYER_TRANSACTION_TOSERVER; + parser_state_store->inspect_id++; if (parser_state_store->inspect_id < parser_state_store->avail_id) { /* done and more transactions available */ diff --git a/src/app-layer-parser.h b/src/app-layer-parser.h index 3edf5ed442..e01309ef20 100644 --- a/src/app-layer-parser.h +++ b/src/app-layer-parser.h @@ -85,6 +85,10 @@ typedef struct AppLayerParserResult_ { #define APP_LAYER_TRANSACTION_EOF 0x01 /**< Session done, last transaction as well */ +#define APP_LAYER_TRANSACTION_TOSERVER 0x02 /**< transaction has been inspected + in to server direction. */ +#define APP_LAYER_TRANSACTION_TOCLIENT 0x04 /**< transaction has been inspected + in to server direction. */ typedef struct AppLayerParserState_ { uint8_t flags; @@ -162,7 +166,7 @@ uint16_t AlpGetStateIdx(uint16_t); uint16_t AppLayerGetProtoByName(const char *); -int AppLayerTransactionUpdateInspectId(Flow *); +int AppLayerTransactionUpdateInspectId(Flow *, char); void AppLayerTransactionUpdateLoggedId(Flow *); int AppLayerTransactionGetLoggableId(Flow *f); diff --git a/src/app-layer.c b/src/app-layer.c index 0e3cc3ea0b..3bf27f13e0 100644 --- a/src/app-layer.c +++ b/src/app-layer.c @@ -194,7 +194,7 @@ int AppLayerHandleMsg(AlpProtoDetectThreadCtx *dp_ctx, StreamMsg *smsg) } } - SCLogDebug("storing smsg in the tcp session"); + SCLogDebug("storing smsg %p in the tcp session", smsg); /* store the smsg in the tcp stream */ if (smsg->flags & STREAM_TOSERVER) { diff --git a/src/detect-dce-iface.c b/src/detect-dce-iface.c index f68fb0a515..1710dcb004 100644 --- a/src/detect-dce-iface.c +++ b/src/detect-dce-iface.c @@ -1108,6 +1108,8 @@ static int DetectDceIfaceTestParse13(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOCLIENT; + p.flowflags |= FLOW_PKT_TOSERVER; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -1125,6 +1127,8 @@ static int DetectDceIfaceTestParse13(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOSERVER; + p.flowflags |= FLOW_PKT_TOCLIENT; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -1143,6 +1147,8 @@ static int DetectDceIfaceTestParse13(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOCLIENT; + p.flowflags |= FLOW_PKT_TOSERVER; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -1161,6 +1167,8 @@ static int DetectDceIfaceTestParse13(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOSERVER; + p.flowflags |= FLOW_PKT_TOCLIENT; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -1179,6 +1187,8 @@ static int DetectDceIfaceTestParse13(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOCLIENT; + p.flowflags |= FLOW_PKT_TOSERVER; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -1195,6 +1205,8 @@ static int DetectDceIfaceTestParse13(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOSERVER; + p.flowflags |= FLOW_PKT_TOCLIENT; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -1211,6 +1223,8 @@ static int DetectDceIfaceTestParse13(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOCLIENT; + p.flowflags |= FLOW_PKT_TOSERVER; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -1227,6 +1241,8 @@ static int DetectDceIfaceTestParse13(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOSERVER; + p.flowflags |= FLOW_PKT_TOCLIENT; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); diff --git a/src/detect-dce-opnum.c b/src/detect-dce-opnum.c index 303bd883c6..3188fa65f6 100644 --- a/src/detect-dce-opnum.c +++ b/src/detect-dce-opnum.c @@ -1903,6 +1903,8 @@ static int DetectDceOpnumTestParse10(void) SCLogDebug("no dcerpc state: "); goto end; } + p.flowflags &=~ FLOW_PKT_TOCLIENT; + p.flowflags |= FLOW_PKT_TOSERVER; SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); SCLogDebug("sending bind_ack"); @@ -1913,6 +1915,8 @@ static int DetectDceOpnumTestParse10(void) SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); goto end; } + p.flowflags &=~ FLOW_PKT_TOSERVER; + p.flowflags |= FLOW_PKT_TOCLIENT; SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); SCLogDebug("sending request1"); @@ -1925,6 +1929,8 @@ static int DetectDceOpnumTestParse10(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOCLIENT; + p.flowflags |= FLOW_PKT_TOSERVER; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -1943,6 +1949,8 @@ static int DetectDceOpnumTestParse10(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOSERVER; + p.flowflags |= FLOW_PKT_TOCLIENT; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -1959,6 +1967,8 @@ static int DetectDceOpnumTestParse10(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOCLIENT; + p.flowflags |= FLOW_PKT_TOSERVER; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -1975,6 +1985,8 @@ static int DetectDceOpnumTestParse10(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOSERVER; + p.flowflags |= FLOW_PKT_TOCLIENT; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -1991,6 +2003,8 @@ static int DetectDceOpnumTestParse10(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOCLIENT; + p.flowflags |= FLOW_PKT_TOSERVER; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -2007,6 +2021,8 @@ static int DetectDceOpnumTestParse10(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOSERVER; + p.flowflags |= FLOW_PKT_TOCLIENT; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -2185,6 +2201,8 @@ static int DetectDceOpnumTestParse11(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOCLIENT; + p.flowflags |= FLOW_PKT_TOSERVER; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -2200,6 +2218,8 @@ static int DetectDceOpnumTestParse11(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOSERVER; + p.flowflags |= FLOW_PKT_TOCLIENT; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -2215,6 +2235,8 @@ static int DetectDceOpnumTestParse11(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOCLIENT; + p.flowflags |= FLOW_PKT_TOSERVER; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -2230,6 +2252,8 @@ static int DetectDceOpnumTestParse11(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOSERVER; + p.flowflags |= FLOW_PKT_TOCLIENT; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -2245,6 +2269,8 @@ static int DetectDceOpnumTestParse11(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOCLIENT; + p.flowflags |= FLOW_PKT_TOSERVER; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -2260,6 +2286,8 @@ static int DetectDceOpnumTestParse11(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOSERVER; + p.flowflags |= FLOW_PKT_TOCLIENT; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -2438,6 +2466,8 @@ static int DetectDceOpnumTestParse12(void) printf("AppLayerParse for dcerpc failed. Returned %" PRId32, r); goto end; } + p.flowflags &=~ FLOW_PKT_TOCLIENT; + p.flowflags |= FLOW_PKT_TOSERVER; SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); dcerpc_state = f.aldata[AlpGetStateIdx(ALPROTO_DCERPC)]; @@ -2452,6 +2482,8 @@ static int DetectDceOpnumTestParse12(void) printf("AppLayerParse for dcerpc failed. Returned %" PRId32, r); goto end; } + p.flowflags &=~ FLOW_PKT_TOSERVER; + p.flowflags |= FLOW_PKT_TOCLIENT; SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); /* request1 */ @@ -2476,6 +2508,8 @@ static int DetectDceOpnumTestParse12(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOCLIENT; + p.flowflags |= FLOW_PKT_TOSERVER; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -2504,6 +2538,8 @@ static int DetectDceOpnumTestParse12(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOSERVER; + p.flowflags |= FLOW_PKT_TOCLIENT; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -2532,6 +2568,8 @@ static int DetectDceOpnumTestParse12(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOCLIENT; + p.flowflags |= FLOW_PKT_TOSERVER; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -2560,6 +2598,8 @@ static int DetectDceOpnumTestParse12(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOSERVER; + p.flowflags |= FLOW_PKT_TOCLIENT; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -2730,6 +2770,8 @@ static int DetectDceOpnumTestParse13(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOCLIENT; + p.flowflags |= FLOW_PKT_TOSERVER; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -2756,6 +2798,8 @@ static int DetectDceOpnumTestParse13(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOSERVER; + p.flowflags |= FLOW_PKT_TOCLIENT; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -2783,6 +2827,8 @@ static int DetectDceOpnumTestParse13(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOCLIENT; + p.flowflags |= FLOW_PKT_TOSERVER; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -2809,6 +2855,8 @@ static int DetectDceOpnumTestParse13(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOSERVER; + p.flowflags |= FLOW_PKT_TOCLIENT; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); diff --git a/src/detect-dce-stub-data.c b/src/detect-dce-stub-data.c index 53d255342e..7b4af698d1 100644 --- a/src/detect-dce-stub-data.c +++ b/src/detect-dce-stub-data.c @@ -686,6 +686,8 @@ static int DetectDceStubDataTestParse02(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOCLIENT; + p.flowflags |= FLOW_PKT_TOSERVER; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -701,6 +703,8 @@ static int DetectDceStubDataTestParse02(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOSERVER; + p.flowflags |= FLOW_PKT_TOCLIENT; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -715,6 +719,8 @@ static int DetectDceStubDataTestParse02(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOCLIENT; + p.flowflags |= FLOW_PKT_TOSERVER; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -1225,6 +1231,8 @@ static int DetectDceStubDataTestParse03(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOCLIENT; + p.flowflags |= FLOW_PKT_TOSERVER; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -1411,6 +1419,8 @@ static int DetectDceStubDataTestParse04(void) SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); goto end; } + p.flowflags &=~ FLOW_PKT_TOCLIENT; + p.flowflags |= FLOW_PKT_TOSERVER; SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); dcerpc_state = f.aldata[AlpGetStateIdx(ALPROTO_DCERPC)]; @@ -1425,6 +1435,8 @@ static int DetectDceStubDataTestParse04(void) SCLogDebug("AppLayerParse for dcerpc failed. Returned %" PRId32, r); goto end; } + p.flowflags &=~ FLOW_PKT_TOSERVER; + p.flowflags |= FLOW_PKT_TOCLIENT; SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); /* request1 */ @@ -1435,6 +1447,8 @@ static int DetectDceStubDataTestParse04(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOCLIENT; + p.flowflags |= FLOW_PKT_TOSERVER; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -1449,6 +1463,8 @@ static int DetectDceStubDataTestParse04(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOSERVER; + p.flowflags |= FLOW_PKT_TOCLIENT; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -1463,6 +1479,8 @@ static int DetectDceStubDataTestParse04(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOCLIENT; + p.flowflags |= FLOW_PKT_TOSERVER; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -1477,6 +1495,8 @@ static int DetectDceStubDataTestParse04(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOSERVER; + p.flowflags |= FLOW_PKT_TOCLIENT; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -1491,6 +1511,8 @@ static int DetectDceStubDataTestParse04(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOCLIENT; + p.flowflags |= FLOW_PKT_TOSERVER; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -1505,6 +1527,8 @@ static int DetectDceStubDataTestParse04(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOSERVER; + p.flowflags |= FLOW_PKT_TOCLIENT; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -1675,6 +1699,8 @@ static int DetectDceStubDataTestParse05(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOCLIENT; + p.flowflags |= FLOW_PKT_TOSERVER; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -1689,6 +1715,8 @@ static int DetectDceStubDataTestParse05(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOSERVER; + p.flowflags |= FLOW_PKT_TOCLIENT; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -1703,6 +1731,8 @@ static int DetectDceStubDataTestParse05(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOCLIENT; + p.flowflags |= FLOW_PKT_TOSERVER; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -1717,6 +1747,8 @@ static int DetectDceStubDataTestParse05(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOSERVER; + p.flowflags |= FLOW_PKT_TOCLIENT; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -1731,6 +1763,8 @@ static int DetectDceStubDataTestParse05(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOCLIENT; + p.flowflags |= FLOW_PKT_TOSERVER; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); @@ -1745,6 +1779,8 @@ static int DetectDceStubDataTestParse05(void) goto end; } + p.flowflags &=~ FLOW_PKT_TOSERVER; + p.flowflags |= FLOW_PKT_TOCLIENT; /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); diff --git a/src/detect-engine-dcepayload.c b/src/detect-engine-dcepayload.c index b1fa168801..7d895f02fa 100644 --- a/src/detect-engine-dcepayload.c +++ b/src/detect-engine-dcepayload.c @@ -2417,6 +2417,7 @@ int DcePayloadTest02(void) p[i].flowflags |= FLOW_PKT_ESTABLISHED; } p[1].flowflags |= FLOW_PKT_TOCLIENT; + p[1].flowflags &=~ FLOW_PKT_TOSERVER; FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; @@ -6313,8 +6314,11 @@ int DcePayloadTest13(void) p[i].flowflags |= FLOW_PKT_ESTABLISHED; } p[1].flowflags |= FLOW_PKT_TOCLIENT; + p[1].flowflags &=~ FLOW_PKT_TOSERVER; p[3].flowflags |= FLOW_PKT_TOCLIENT; + p[3].flowflags &=~ FLOW_PKT_TOSERVER; p[5].flowflags |= FLOW_PKT_TOCLIENT; + p[5].flowflags &=~ FLOW_PKT_TOSERVER; FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; @@ -6555,7 +6559,9 @@ int DcePayloadTest14(void) p[i].flowflags |= FLOW_PKT_ESTABLISHED; } p[3].flowflags |= FLOW_PKT_TOCLIENT; + p[3].flowflags &=~ FLOW_PKT_TOSERVER; p[5].flowflags |= FLOW_PKT_TOCLIENT; + p[5].flowflags &=~ FLOW_PKT_TOSERVER; FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; diff --git a/src/detect-engine-mpm.c b/src/detect-engine-mpm.c index 6bfd51355d..3655f75671 100644 --- a/src/detect-engine-mpm.c +++ b/src/detect-engine-mpm.c @@ -151,6 +151,8 @@ uint32_t UriPatternSearch(DetectEngineThreadCtx *det_ctx, if (det_ctx->sgh->mpm_uri_ctx == NULL) SCReturnUInt(0U); + //PrintRawDataFp(stdout, uri, uri_len); + uint32_t ret; #ifndef __SC_CUDA_SUPPORT__ ret = mpm_table[det_ctx->sgh->mpm_uri_ctx->mpm_type].Search diff --git a/src/detect-engine-state.c b/src/detect-engine-state.c index 45fba3de32..7fd0dc67f2 100644 --- a/src/detect-engine-state.c +++ b/src/detect-engine-state.c @@ -154,17 +154,21 @@ void DetectEngineStateReset(DetectEngineState *state) { /** * \brief update the transaction id + * + * \param f unlocked flow + * \param direction STREAM_TOCLIENT / STREAM_TOSERVER + * * \retval 2 current transaction done, new available * \retval 1 current transaction done, no new (yet) * \retval 0 current transaction is not done yet */ -int DeStateUpdateInspectTransactionId(Flow *f) { +int DeStateUpdateInspectTransactionId(Flow *f, char direction) { SCEnter(); int r = 0; SCMutexLock(&f->m); - r = AppLayerTransactionUpdateInspectId(f); + r = AppLayerTransactionUpdateInspectId(f, direction); SCMutexUnlock(&f->m); SCReturnInt(r); diff --git a/src/detect-engine-state.h b/src/detect-engine-state.h index 01e2680089..0e388b252e 100644 --- a/src/detect-engine-state.h +++ b/src/detect-engine-state.h @@ -97,7 +97,7 @@ int DeStateDetectContinueDetection(ThreadVars *, DetectEngineCtx *, DetectEngineThreadCtx *, Flow *, uint8_t, void *, uint16_t); const char *DeStateMatchResultToString(DeStateMatchResult); -int DeStateUpdateInspectTransactionId(Flow *f); +int DeStateUpdateInspectTransactionId(Flow *, char); #endif /* __DETECT_ENGINE_STATE_H__ */ diff --git a/src/detect.c b/src/detect.c index 017ba6f15e..056a1480f4 100644 --- a/src/detect.c +++ b/src/detect.c @@ -574,13 +574,6 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh FlowIncrUsecnt(p->flow); SCMutexLock(&p->flow->m); - if (p->flowflags & FLOW_PKT_ESTABLISHED) { - alstate = AppLayerGetProtoStateFromPacket(p); - alproto = AppLayerGetProtoFromPacket(p); - SCLogDebug("alstate %p, alproto %u", alstate, alproto); - } else { - SCLogDebug("packet doesn't have established flag set"); - } if (p->flowflags & FLOW_PKT_TOSERVER && p->flow->flags & FLOW_SGH_TOSERVER) { sgh = p->flow->sgh_toserver; @@ -590,26 +583,35 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh use_flow_sgh = TRUE; } - if (p->proto == IPPROTO_TCP) { - TcpSession *ssn = (TcpSession *)p->flow->protoctx; - if (ssn != NULL) { - if (p->flowflags & FLOW_PKT_TOSERVER) { - smsg = ssn->toserver_smsg_head; - /* deref from the ssn */ - ssn->toserver_smsg_head = NULL; - ssn->toserver_smsg_tail = NULL; + if (p->flowflags & FLOW_PKT_ESTABLISHED) { + alstate = AppLayerGetProtoStateFromPacket(p); + alproto = AppLayerGetProtoFromPacket(p); + SCLogDebug("alstate %p, alproto %u", alstate, alproto); + + if (p->proto == IPPROTO_TCP) { + TcpSession *ssn = (TcpSession *)p->flow->protoctx; + if (ssn != NULL) { + if (p->flowflags & FLOW_PKT_TOSERVER) { + smsg = ssn->toserver_smsg_head; + /* deref from the ssn */ + ssn->toserver_smsg_head = NULL; + ssn->toserver_smsg_tail = NULL; - SCLogDebug("to_server smsg %p", smsg); - } else { - smsg = ssn->toclient_smsg_head; - /* deref from the ssn */ - ssn->toclient_smsg_head = NULL; - ssn->toclient_smsg_tail = NULL; + SCLogDebug("to_server smsg %p", smsg); + } else { + smsg = ssn->toclient_smsg_head; + /* deref from the ssn */ + ssn->toclient_smsg_head = NULL; + ssn->toclient_smsg_tail = NULL; - SCLogDebug("to_client smsg %p", smsg); + SCLogDebug("to_client smsg %p", smsg); + } } } + } else { + SCLogDebug("packet doesn't have established flag set"); } + SCMutexUnlock(&p->flow->m); if (p->flowflags & FLOW_PKT_TOSERVER) { @@ -909,7 +911,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh if (alstate != NULL) { SCLogDebug("getting de_state_status"); - int de_state_status = DeStateUpdateInspectTransactionId(p->flow); + int de_state_status = DeStateUpdateInspectTransactionId(p->flow, (flags & STREAM_TOSERVER) ? STREAM_TOSERVER : STREAM_TOCLIENT); SCLogDebug("de_state_status %d", de_state_status); if (de_state_status == 2) { DetectEngineStateReset(p->flow->de_state); diff --git a/src/stream-tcp.c b/src/stream-tcp.c index 2be2783ba7..4b99bc0757 100644 --- a/src/stream-tcp.c +++ b/src/stream-tcp.c @@ -221,8 +221,7 @@ void StreamTcpSessionClear(void *ssnptr) SCReturn; } -/** \brief Function to return the stream back to the pool. It returns the - * segments in the stream to the segment pool. +/** \brief Function to return the stream segments back to the pool. * * We don't clear out the app layer storage here as that is under protection * of the "use_cnt" reference counter in the flow. This function is called @@ -235,7 +234,7 @@ static void StreamTcpSessionPktFree (Packet *p) { SCEnter(); - StreamMsg *smsg = NULL; +// StreamMsg *smsg = NULL; TcpSession *ssn = (TcpSession *)p->flow->protoctx; if (ssn == NULL) @@ -245,6 +244,7 @@ static void StreamTcpSessionPktFree (Packet *p) StreamTcpReturnStreamSegments(&ssn->server); /* if we have (a) smsg(s), return to the pool */ +#if 0 smsg = ssn->toserver_smsg_head; while(smsg != NULL) { StreamMsg *smsg_next = smsg->next; @@ -268,7 +268,7 @@ static void StreamTcpSessionPktFree (Packet *p) smsg = smsg_next; } ssn->toclient_smsg_head = NULL; - +#endif SCReturn; } @@ -1673,7 +1673,7 @@ static int StreamTcpPacketStateEstablished(ThreadVars *tv, Packet *p, "%" PRIu32 "", ssn, ssn->server.next_seq, ssn->client.last_ack); - StreamTcpSessionPktFree(p); + StreamTcpSessionPktFree(p); } } else return -1; diff --git a/src/util-mpm-b2g.c b/src/util-mpm-b2g.c index 468fa73fed..42274ce4e6 100644 --- a/src/util-mpm-b2g.c +++ b/src/util-mpm-b2g.c @@ -1173,10 +1173,8 @@ uint32_t B2gSearch1(MpmCtx *mpm_ctx, MpmThreadCtx *mpm_thread_ctx, PatternMatche uint8_t h = u8_tolower(*buf); hi = &ctx->hash1[h]; - if (hi->flags & MPM_PATTERN_ONE_BYTE) { - for (thi = hi; thi != NULL; thi = thi->next) { - //p = ctx->parray[thi->idx]; - + for (thi = hi; thi != NULL; thi = thi->next) { + if (hi->flags & MPM_PATTERN_ONE_BYTE) { if (thi->len != 1) continue;