http_raw_header: improve mpm progress handling

diff --git a/src/detect-engine-hrhd.c b/src/detect-engine-hrhd.c
index 2dd26f2f234b5a7f840bb4f9a03ed3212faf3d7b..3756a104bdc91db111e2b605893a8824cb9d87f4 100644 (file)
--- a/src/detect-engine-hrhd.c
+++ b/src/detect-engine-hrhd.c
@@ -112,9 +112,6 @@ int DetectEngineRunHttpRawHeaderMpm(DetectEngineThreadCtx *det_ctx, Flow *f,
     }
 
     if (flags & STREAM_TOSERVER) {
-        if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, txv, flags) <= HTP_REQUEST_HEADERS)
-            SCReturnInt(0);
-
         if (tx_ud->request_headers_raw != NULL) {
             cnt = HttpRawHeaderPatternSearch(det_ctx,
                                              tx_ud->request_headers_raw,
@@ -122,9 +119,6 @@ int DetectEngineRunHttpRawHeaderMpm(DetectEngineThreadCtx *det_ctx, Flow *f,
                                              flags);
         }
     } else {
-        if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, txv, flags) <= HTP_RESPONSE_HEADERS)
-            SCReturnInt(0);
-
         if (tx_ud->response_headers_raw != NULL) {
             cnt = HttpRawHeaderPatternSearch(det_ctx,
                                               tx_ud->response_headers_raw,

diff --git a/src/detect.c b/src/detect.c
index 223644708e2be8ce974a8ac9d6c7bbd7422fbdb9..c9902f73f06e7e2e283adee7ca4771e081c8fd6e 100644 (file)
--- a/src/detect.c
+++ b/src/detect.c
@@ -977,6 +977,9 @@ static inline void DetectMpmPrefilter(DetectEngineCtx *de_ctx,
                             DetectEngineRunHttpHeaderMpm(det_ctx, p->flow, alstate, flags, tx, idx);
                             PACKET_PROFILING_DETECT_END(p, PROF_DETECT_MPM_HHD);
                         }
+                    }
+
+                    if (tx_progress > HTP_REQUEST_HEADERS) {
                         if (det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_HRHD) {
                             PACKET_PROFILING_DETECT_START(p, PROF_DETECT_MPM_HRHD);
                             DetectEngineRunHttpRawHeaderMpm(det_ctx, p->flow, alstate, flags, tx, idx);
@@ -1013,11 +1016,6 @@ static inline void DetectMpmPrefilter(DetectEngineCtx *de_ctx,
                             DetectEngineRunHttpHeaderMpm(det_ctx, p->flow, alstate, flags, tx, idx);
                             PACKET_PROFILING_DETECT_END(p, PROF_DETECT_MPM_HHD);
                         }
-                        if (det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_HRHD) {
-                            PACKET_PROFILING_DETECT_START(p, PROF_DETECT_MPM_HRHD);
-                            DetectEngineRunHttpRawHeaderMpm(det_ctx, p->flow, alstate, flags, tx, idx);
-                            PACKET_PROFILING_DETECT_END(p, PROF_DETECT_MPM_HRHD);
-                        }
                         if (det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_HCD) {
                             PACKET_PROFILING_DETECT_START(p, PROF_DETECT_MPM_HCD);
                             DetectEngineRunHttpCookieMpm(det_ctx, p->flow, alstate, flags, tx, idx);
@@ -1025,6 +1023,14 @@ static inline void DetectMpmPrefilter(DetectEngineCtx *de_ctx,
                         }
                     }
 
+                    if (tx_progress > HTP_RESPONSE_HEADERS) {
+                        if (det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_HRHD) {
+                            PACKET_PROFILING_DETECT_START(p, PROF_DETECT_MPM_HRHD);
+                            DetectEngineRunHttpRawHeaderMpm(det_ctx, p->flow, alstate, flags, tx, idx);
+                            PACKET_PROFILING_DETECT_END(p, PROF_DETECT_MPM_HRHD);
+                        }
+                    }
+
                     if (tx_progress >= HTP_RESPONSE_BODY) {
                         if (det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_HSBD) {
                             PACKET_PROFILING_DETECT_START(p, PROF_DETECT_MPM_HSBD);