Bug #453 » 0001-fix-FNs-for-flow-only_stream-and-no_stream-options.patch
| src/detect-flow.c | ||
|---|---|---|
|
cnt++;
|
||
|
}
|
||
|
if (det_ctx->flags & DETECT_ENGINE_THREAD_CTX_STREAM_CONTENT_MATCH) {
|
||
|
if (fd->flags & FLOW_PKT_ONLYSTREAM)
|
||
|
cnt++;
|
||
|
} else {
|
||
|
if (fd->flags & FLOW_PKT_NOSTREAM)
|
||
|
cnt++;
|
||
|
}
|
||
|
int ret = (fd->match_cnt == cnt) ? 1 : 0;
|
||
|
SCLogDebug("returning %" PRId32 " cnt %" PRIu8 " fd->match_cnt %" PRId32 " fd->flags 0x%02X p->flowflags 0x%02X",
|
||
|
ret, cnt, fd->match_cnt, fd->flags, p->flowflags);
|
||
| src/detect.c | ||
|---|---|---|
|
if (DetectEngineInspectStreamPayload(de_ctx, det_ctx, s, p->flow, smsg_inspect->data.data, smsg_inspect->data.data_len) == 1) {
|
||
|
SCLogDebug("match in smsg %p", smsg);
|
||
|
pmatch = 1;
|
||
|
det_ctx->flags |= DETECT_ENGINE_THREAD_CTX_STREAM_CONTENT_MATCH;
|
||
|
/* Tell the engine that this reassembled stream can drop the
|
||
|
* rest of the pkts with no further inspection */
|
||
|
if (s->action & ACTION_DROP)
|
||
| ... | ... | |
|
}
|
||
|
}
|
||
|
}
|
||
|
if (det_ctx->flags & DETECT_ENGINE_THREAD_CTX_STREAM_CONTENT_MATCH)
|
||
|
det_ctx->flags &= ~DETECT_ENGINE_THREAD_CTX_STREAM_CONTENT_MATCH;
|
||
|
SCLogDebug("s->sm_lists[DETECT_SM_LIST_AMATCH] %p, "
|
||
|
"s->sm_lists[DETECT_SM_LIST_UMATCH] %p, "
|
||
| src/detect.h | ||
|---|---|---|
|
#define DETECT_ENGINE_THREAD_CTX_INSPECTING_PACKET 0x0001
|
||
|
#define DETECT_ENGINE_THREAD_CTX_INSPECTING_STREAM 0x0002
|
||
|
#define DETECT_ENGINE_THREAD_CTX_STREAM_CONTENT_MATCH 0x0004
|
||
|
#define FILE_SIG_NEED_FILE 0x01
|
||
|
#define FILE_SIG_NEED_FILENAME 0x02
|
||