Bug #3354 » flowtx.patch
| src/detect.c | ||
|---|---|---|
|
DetectRunScratchpad *scratch);
|
||
|
static void DetectRunCleanup(DetectEngineThreadCtx *det_ctx,
|
||
|
Packet *p, Flow * const pflow);
|
||
|
static DetectTransaction GetDetectTx(const uint8_t ipproto, const AppProto alproto,
|
||
|
void *alstate, const uint64_t tx_id, void *tx_ptr, const int tx_end_state,
|
||
|
const uint8_t flow_flags);
|
||
|
/** \internal
|
||
|
*/
|
||
| ... | ... | |
|
smatch = true;
|
||
|
#endif
|
||
|
DetectRunPostMatch(tv, det_ctx, p, s);
|
||
|
if (!(sflags & SIG_FLAG_NOALERT)) {
|
||
|
/* stateful sigs call PacketAlertAppend from DeStateDetectStartDetection */
|
||
|
if (!state_alert)
|
||
|
PacketAlertAppend(det_ctx, s, p, 0, alert_flags);
|
||
|
if (!state_alert) {
|
||
|
const uint8_t flow_flags = scratch->flow_flags;
|
||
|
void * const alstate = pflow->alstate;
|
||
|
const uint8_t ipproto = pflow->proto;
|
||
|
const AppProto alproto = pflow->alproto;
|
||
|
const uint64_t total_txs = AppLayerParserGetTxCnt(pflow, alstate);
|
||
|
uint64_t tx_id_min = AppLayerParserGetTransactionInspectId(pflow->alparser, flow_flags);
|
||
|
const int tx_end_state = AppLayerParserGetStateProgressCompletionStatus(alproto, flow_flags);
|
||
|
AppLayerGetTxIteratorFunc IterFunc = AppLayerGetTxIterator(ipproto, alproto);
|
||
|
AppLayerGetTxIterState state;
|
||
|
memset(&state, 0, sizeof(state));
|
||
|
AppLayerGetTxIterTuple ires = IterFunc(ipproto, alproto, alstate, tx_id_min, total_txs, &state);
|
||
|
if (ires.tx_ptr == NULL) {
|
||
|
PacketAlertAppend(det_ctx, s, p, 0, alert_flags);
|
||
|
} else {
|
||
|
DetectTransaction tx = GetDetectTx(ipproto, alproto, alstate, ires.tx_id, ires.tx_ptr, tx_end_state, flow_flags);
|
||
|
PacketAlertAppend(det_ctx, s, p, tx.tx_id, alert_flags);
|
||
|
}
|
||
|
}
|
||
|
} else {
|
||
|
/* apply actions even if not alerting */
|
||
|
DetectSignatureApplyActions(p, s, alert_flags);
|
||