From e5c3e2cdb12be7552bb5c491eab9b53e656e169c Mon Sep 17 00:00:00 2001
From: Anoop Saldanha <poonaatsoc@gmail.com>
Date: Sat, 31 Dec 2011 13:31:17 +0530
Subject: [PATCH] carry out hhd mpm on both request/response headers

---
 src/detect-engine-hhd.c | 54 +++++++++++++++++++++++++++++++++++++----
 1 file changed, 49 insertions(+), 5 deletions(-)

diff --git a/src/detect-engine-hhd.c b/src/detect-engine-hhd.c
index e527197767..65b8e7ecd6 100644
--- a/src/detect-engine-hhd.c
+++ b/src/detect-engine-hhd.c
@@ -430,15 +430,59 @@ int DetectEngineRunHttpHeaderMpm(DetectEngineThreadCtx *det_ctx, Flow *f,
     uint32_t cnt = 0;
 
     if (det_ctx->hhd_buffers_list_len == 0) {
+        SCMutexLock(&f->m);
+        DetectEngineBufferHttpHeaders(det_ctx, f, htp_state,
+                                      (flags & STREAM_TOSERVER) ? STREAM_TOCLIENT : STREAM_TOSERVER);
+        SCMutexUnlock(&f->m);
+
+        for (i = 0; i < det_ctx->hhd_buffers_list_len; i++) {
+            cnt += HttpHeaderPatternSearch(det_ctx,
+                                           det_ctx->hhd_buffers[i],
+                                           det_ctx->hhd_buffers_len[i]);
+        }
+
+        DetectEngineCleanHHDBuffers(det_ctx);
+
         SCMutexLock(&f->m);
         DetectEngineBufferHttpHeaders(det_ctx, f, htp_state, flags);
         SCMutexUnlock(&f->m);
-    }
 
-    for (i = 0; i < det_ctx->hhd_buffers_list_len; i++) {
-        cnt += HttpHeaderPatternSearch(det_ctx,
-                                       det_ctx->hhd_buffers[i],
-                                       det_ctx->hhd_buffers_len[i]);
+        for (i = 0; i < det_ctx->hhd_buffers_list_len; i++) {
+            cnt += HttpHeaderPatternSearch(det_ctx,
+                                           det_ctx->hhd_buffers[i],
+                                           det_ctx->hhd_buffers_len[i]);
+        }
+    } else {
+        for (i = 0; i < det_ctx->hhd_buffers_list_len; i++) {
+            cnt += HttpHeaderPatternSearch(det_ctx,
+                                           det_ctx->hhd_buffers[i],
+                                           det_ctx->hhd_buffers_len[i]);
+        }
+
+        uint16_t hhd_buffers_list_len = det_ctx->hhd_buffers_list_len;
+        uint8_t **hhd_buffers = det_ctx->hhd_buffers;
+        uint32_t *hhd_buffers_len = det_ctx->hhd_buffers_len;
+
+        det_ctx->hhd_buffers_list_len = 0;
+        det_ctx->hhd_buffers = NULL;
+        det_ctx->hhd_buffers_len = NULL;
+
+        SCMutexLock(&f->m);
+        DetectEngineBufferHttpHeaders(det_ctx, f, htp_state,
+                                      (flags & STREAM_TOSERVER) ? STREAM_TOCLIENT : STREAM_TOSERVER);
+        SCMutexUnlock(&f->m);
+
+        for (i = 0; i < det_ctx->hhd_buffers_list_len; i++) {
+            cnt += HttpHeaderPatternSearch(det_ctx,
+                                           det_ctx->hhd_buffers[i],
+                                           det_ctx->hhd_buffers_len[i]);
+        }
+
+        DetectEngineCleanHHDBuffers(det_ctx);
+
+        det_ctx->hhd_buffers_list_len = hhd_buffers_list_len;
+        det_ctx->hhd_buffers = hhd_buffers;
+        det_ctx->hhd_buffers_len = hhd_buffers_len;
     }
 
     return cnt;