fix FNs for flow- only_stream and no_stream options

author Anoop Saldanha <poonaatsoc@gmail.com>

Mon, 23 Apr 2012 06:35:49 +0000 (12:05 +0530)

committer Victor Julien <victor@inliniac.net>

Wed, 25 Apr 2012 10:07:47 +0000 (12:07 +0200)
author Anoop Saldanha <poonaatsoc@gmail.com>
Mon, 23 Apr 2012 06:35:49 +0000 (12:05 +0530)
committer Victor Julien <victor@inliniac.net>
Wed, 25 Apr 2012 10:07:47 +0000 (12:07 +0200)
diff --git a/src/detect-flow.c b/src/detect-flow.c

index 8147d9fecb7075637a9995e839b4e530dbd7f7ba..65fe1de59a0b8f94cb21eef83221cfee9a58b9bb 100644 (file)
--- a/src/detect-flow.c
+++ b/src/detect-flow.c
@@ -135,6 +135,14 @@ int DetectFlowMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, S
          cnt++;
      }
  
+    if (det_ctx->flags & DETECT_ENGINE_THREAD_CTX_STREAM_CONTENT_MATCH) {
+        if (fd->flags & FLOW_PKT_ONLYSTREAM)
+            cnt++;
+    } else {
+        if (fd->flags & FLOW_PKT_NOSTREAM)
+            cnt++;
+    }
+
      int ret = (fd->match_cnt == cnt) ? 1 : 0;
      SCLogDebug("returning %" PRId32 " cnt %" PRIu8 " fd->match_cnt %" PRId32 " fd->flags 0x%02X p->flowflags 0x%02X",
          ret, cnt, fd->match_cnt, fd->flags, p->flowflags);
diff --git a/src/detect.c b/src/detect.c

index 7e97984445c0217dc88aea521affff3eed21834d..098ec367fcc7930f9f3f04fd6983542433b64a68 100644 (file)
--- a/src/detect.c
+++ b/src/detect.c
@@ -1566,6 +1566,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
                          if (DetectEngineInspectStreamPayload(de_ctx, det_ctx, s, p->flow, smsg_inspect->data.data, smsg_inspect->data.data_len) == 1) {
                              SCLogDebug("match in smsg %p", smsg);
                              pmatch = 1;
+                            det_ctx->flags |= DETECT_ENGINE_THREAD_CTX_STREAM_CONTENT_MATCH;
                              /* Tell the engine that this reassembled stream can drop the
                               * rest of the pkts with no further inspection */
                              if (s->action & ACTION_DROP)
@@ -1635,6 +1636,8 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
                  }
              }
          }
+        if (det_ctx->flags & DETECT_ENGINE_THREAD_CTX_STREAM_CONTENT_MATCH)
+            det_ctx->flags &= ~DETECT_ENGINE_THREAD_CTX_STREAM_CONTENT_MATCH;
  
          SCLogDebug("s->sm_lists[DETECT_SM_LIST_AMATCH] %p, "
                  "s->sm_lists[DETECT_SM_LIST_UMATCH] %p, "
diff --git a/src/detect.h b/src/detect.h

index 4d1066914a28c78055bfae82e2d437d8a2dc9965..06fc7def1d92fd7759fe42d427bfbc455e626396 100644 (file)
--- a/src/detect.h
+++ b/src/detect.h
@@ -282,6 +282,7 @@ typedef struct DetectPort_ {
  
  #define DETECT_ENGINE_THREAD_CTX_INSPECTING_PACKET 0x0001
  #define DETECT_ENGINE_THREAD_CTX_INSPECTING_STREAM 0x0002
+#define DETECT_ENGINE_THREAD_CTX_STREAM_CONTENT_MATCH 0x0004
  
  #define FILE_SIG_NEED_FILE          0x01
  #define FILE_SIG_NEED_FILENAME      0x02
author	Anoop Saldanha <poonaatsoc@gmail.com>
	Mon, 23 Apr 2012 06:35:49 +0000 (12:05 +0530)
committer	Victor Julien <victor@inliniac.net>
	Wed, 25 Apr 2012 10:07:47 +0000 (12:07 +0200)
src/detect-flow.c		patch \| blob \| blame \| history
src/detect.c		patch \| blob \| blame \| history
src/detect.h		patch \| blob \| blame \| history