detect/tls.version: allow using rule hook

author Victor Julien <vjulien@oisf.net>

Mon, 31 Mar 2025 10:07:05 +0000 (12:07 +0200)

committer Victor Julien <victor@inliniac.net>

Mon, 7 Apr 2025 20:04:13 +0000 (22:04 +0200)
author Victor Julien <vjulien@oisf.net>
Mon, 31 Mar 2025 10:07:05 +0000 (12:07 +0200)
committer Victor Julien <victor@inliniac.net>
Mon, 7 Apr 2025 20:04:13 +0000 (22:04 +0200)
diff --git a/src/detect-tls-version.c b/src/detect-tls-version.c

index 3a526e9738ae3dd896967098ad6989c1d0cb3714..9df017cc820431fc25b7f5b7e185ae6a17b0d96b 100644 (file)
--- a/src/detect-tls-version.c
+++ b/src/detect-tls-version.c
@@ -240,11 +240,15 @@ static int DetectTlsVersionSetup (DetectEngineCtx *de_ctx, Signature *s, const c
      if (tls == NULL)
          goto error;
  
+    /* keyword supports multiple hooks, so attach to the hook specified in the rule. */
+    int list = g_tls_generic_list_id;
      /* Okay so far so good, lets get this into a SigMatch
       * and put it in the Signature. */
+    if (s->init_data->hook.type == SIGNATURE_HOOK_TYPE_APP) {
+        list = s->init_data->hook.sm_list;
+    }
  
-    if (SigMatchAppendSMToList(
-                de_ctx, s, DETECT_TLS_VERSION, (SigMatchCtx *)tls, g_tls_generic_list_id) == NULL) {
+    if (SigMatchAppendSMToList(de_ctx, s, DETECT_TLS_VERSION, (SigMatchCtx *)tls, list) == NULL) {
          goto error;
      }
author	Victor Julien <vjulien@oisf.net>
	Mon, 31 Mar 2025 10:07:05 +0000 (12:07 +0200)
committer	Victor Julien <victor@inliniac.net>
	Mon, 7 Apr 2025 20:04:13 +0000 (22:04 +0200)