detect/entropy: Ensure entropy matcher has flow

author Jeff Lucovsky <jlucovsky@oisf.net>

Tue, 12 Aug 2025 12:13:56 +0000 (08:13 -0400)

committer Victor Julien <vjulien@oisf.net>

Sun, 14 Sep 2025 14:12:59 +0000 (16:12 +0200)
author Jeff Lucovsky <jlucovsky@oisf.net>
Tue, 12 Aug 2025 12:13:56 +0000 (08:13 -0400)
committer Victor Julien <vjulien@oisf.net>
Sun, 14 Sep 2025 14:12:59 +0000 (16:12 +0200)
diff --git a/src/detect-engine-content-inspection.c b/src/detect-engine-content-inspection.c

index d885bef5be76c1b80e785f6f1af0186206c47438..cfeef11b0cbced921d2344d2865aa0e0e0b5ab02 100644 (file)
--- a/src/detect-engine-content-inspection.c
+++ b/src/detect-engine-content-inspection.c
@@ -497,7 +497,7 @@ static int DetectEngineContentInspectionInternal(DetectEngineThreadCtx *det_ctx,
          } while (1);
  
      } else if (smd->type == DETECT_ENTROPY) {
-        if (!DetectEntropyDoMatch(det_ctx, s, smd->ctx, buffer, buffer_len)) {
+        if (!DetectEntropyDoMatch(det_ctx, s, smd->ctx, f, buffer, buffer_len)) {
              goto no_match;
          }
          goto match;
diff --git a/src/detect-entropy.c b/src/detect-entropy.c

index a79f629108b978db717c9341aede22303deea120..13dcd725d5081f8a2ac0d6533bf04d50f7440afd 100644 (file)
--- a/src/detect-entropy.c
+++ b/src/detect-entropy.c
@@ -37,12 +37,15 @@ static int DetectEntropySetup(DetectEngineCtx *de_ctx, Signature *s, const char
  
      int sm_list = DETECT_SM_LIST_PMATCH;
      if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
+        /* sticky buffer */
          if (DetectBufferGetActiveList(de_ctx, s) == -1)
              goto error;
  
          sm_list = s->init_data->list;
          ded->fv_idx = VarNameStoreRegister(
                  DetectEngineBufferTypeGetNameById(de_ctx, sm_list), VAR_TYPE_FLOW_FLOAT);
+    } else {
+        ded->fv_idx = VarNameStoreRegister("content", VAR_TYPE_FLOW_FLOAT);
      }
  
      if (SCSigMatchAppendSMToList(de_ctx, s, DETECT_ENTROPY, (SigMatchCtx *)ded, sm_list) != NULL) {
@@ -69,14 +72,14 @@ static void DetectEntropyFree(DetectEngineCtx *de_ctx, void *ptr)
  }
  
  bool DetectEntropyDoMatch(DetectEngineThreadCtx *det_ctx, const Signature *s,
-        const SigMatchCtx *ctx, const uint8_t *buffer, const uint32_t buffer_len)
+        const SigMatchCtx *ctx, Flow *flow, const uint8_t *buffer, const uint32_t buffer_len)
  {
      double entropy = -1.0;
      bool rc = SCDetectEntropyMatch(buffer, buffer_len, (const DetectEntropyData *)ctx, &entropy);
  
-    if (entropy != -1.0) {
+    if (flow && entropy != -1.0) {
          DetectEntropyData *ded = (DetectEntropyData *)ctx;
-        FlowVarAddFloat(det_ctx->p->flow, ded->fv_idx, entropy);
+        FlowVarAddFloat(flow, ded->fv_idx, entropy);
      }
  
      return rc;
diff --git a/src/detect-entropy.h b/src/detect-entropy.h

index ea6958ee9057fbf0fa5cd250c81d3bd07c115446..dc0928194e7cd7dc095a0dbdd7234ed1fb4e96bc 100644 (file)
--- a/src/detect-entropy.h
+++ b/src/detect-entropy.h
@@ -20,6 +20,6 @@
  
  void DetectEntropyRegister(void);
  bool DetectEntropyDoMatch(DetectEngineThreadCtx *det_ctx, const Signature *s,
-        const SigMatchCtx *ctx, const uint8_t *buffer, const uint32_t buffer_len);
+        const SigMatchCtx *ctx, Flow *flow, const uint8_t *buffer, const uint32_t buffer_len);
  
  #endif
author	Jeff Lucovsky <jlucovsky@oisf.net>
	Tue, 12 Aug 2025 12:13:56 +0000 (08:13 -0400)
committer	Victor Julien <vjulien@oisf.net>
	Sun, 14 Sep 2025 14:12:59 +0000 (16:12 +0200)
src/detect-engine-content-inspection.c		patch \| blob \| blame \| history
src/detect-entropy.c		patch \| blob \| blame \| history
src/detect-entropy.h		patch \| blob \| blame \| history