aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Only set SIG_FLAG_REQUIRE_STREAM if signature inspects TCP.

Browse Source
pull/2/head
Victor Julien 13 years ago
parent bd6b865473
commit e0bfcb7dde
1 changed files with 13 additions and 10 deletions
Show Stats Download Patch File Download Diff File

23
src/detect-parse.c
Unescape Escape View File

@ -1121,17 +1121,20 @@ static int SigValidate(Signature *s) {
} }
} }
if (!(s->flags & (SIG_FLAG_REQUIRE_PACKET | SIG_FLAG_REQUIRE_STREAM))) { /* TCP: pkt vs stream vs depth/offset */
s->flags |= SIG_FLAG_REQUIRE_STREAM; if (s->proto.proto[IPPROTO_TCP / 8] & (1 << (IPPROTO_TCP % 8))) {
SigMatch *sm = s->sm_lists[DETECT_SM_LIST_PMATCH]; if (!(s->flags & (SIG_FLAG_REQUIRE_PACKET | SIG_FLAG_REQUIRE_STREAM))) {
while (sm != NULL) { s->flags |= SIG_FLAG_REQUIRE_STREAM;
if (sm->type == DETECT_CONTENT && SigMatch *sm = s->sm_lists[DETECT_SM_LIST_PMATCH];
(((DetectContentData *)(sm->ctx))->flags & while (sm != NULL) {
(DETECT_CONTENT_DEPTH | DETECT_CONTENT_OFFSET))) { if (sm->type == DETECT_CONTENT &&
s->flags |= SIG_FLAG_REQUIRE_PACKET; (((DetectContentData *)(sm->ctx))->flags &
break; (DETECT_CONTENT_DEPTH | DETECT_CONTENT_OFFSET))) {
s->flags |= SIG_FLAG_REQUIRE_PACKET;
break;
}
sm = sm->next;
} }
sm = sm->next;
} }
} }

Write Preview
Loading…
Cancel
Save