return;
}
-static void DeStateStoreStateVersion(Flow *f,
- const uint8_t alversion, uint8_t direction)
-{
- f->detect_alversion[direction & STREAM_TOSERVER ? 0 : 1] = alversion;
-}
-
static void DeStateStoreFileNoMatchCnt(DetectEngineState *de_state, uint16_t file_no_match, uint8_t direction)
{
de_state->dir_state[direction & STREAM_TOSERVER ? 0 : 1].filestore_cnt += file_no_match;
* \param check_before_add check for duplicates before adding the sig
*/
static void StoreStateTx(DetectEngineThreadCtx *det_ctx,
- Flow *f, const uint8_t flags, const uint8_t alversion,
+ Flow *f, const uint8_t flags,
const uint64_t tx_id, void *tx,
const Signature *s, const SigMatchData *smd,
const uint32_t inspect_flags, const uint16_t file_no_match, int check_before_add)
if (check_before_add == 0 || DeStateSearchState(destate, flags, s->num) == 0)
DeStateSignatureAppend(destate, s, inspect_flags, flags);
- DeStateStoreStateVersion(f, alversion, flags);
StoreStateTxHandleFiles(det_ctx, f, destate, flags, tx_id, file_no_match);
}
int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx,
const Signature *s, Packet *p, Flow *f, uint8_t flags,
- AppProto alproto, const uint8_t alversion)
+ AppProto alproto)
{
SigMatchData *smd = NULL;
uint16_t file_no_match = 0;
}
/* store */
- StoreStateTx(det_ctx, f, flags, alversion, tx_id, tx,
+ StoreStateTx(det_ctx, f, flags, tx_id, tx,
s, smd, inspect_flags, file_no_match, check_before_add);
} else {
StoreStateTxFileOnly(det_ctx, f, flags, tx_id, tx, file_no_match);
void DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx,
Packet *p, Flow *f, uint8_t flags,
- AppProto alproto, const uint8_t alversion)
+ AppProto alproto)
{
uint16_t file_no_match = 0;
SigIntId store_cnt = 0;
* \param f Pointer to the flow.
* \param flags Flags.
* \param alproto App protocol.
- * \param alversion Current app layer version.
*
* \retval >= 0 An integer value indicating the no of matches.
*/
int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx,
const Signature *s, Packet *p, Flow *f,
- uint8_t flags,
- AppProto alproto, uint8_t alversion);
+ uint8_t flags, AppProto alproto);
/**
* \brief Continue DeState detection of the signatures stored in the state.
* \param f Pointer to the flow.
* \param flags Flags.
* \param alproto App protocol.
- * \param alversion Current app layer version.
*/
void DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx,
Packet *p, Flow *f, uint8_t flags,
- AppProto alproto, uint8_t alversion);
+ AppProto alproto);
/**
* \brief Update the inspect id.
uint8_t flow_flags = 0; /* flow/state flags */
const Signature *s = NULL;
const Signature *next_s = NULL;
- uint8_t alversion = 0;
int state_alert = 0;
int alerts = 0;
int app_decoder_events = 0;
flow_flags = FlowGetDisruptionFlags(pflow, flow_flags);
has_state = (FlowGetAppState(pflow) != NULL);
alproto = FlowGetAppProtocol(pflow);
- alversion = AppLayerParserGetStateVersion(pflow->alparser);
SCLogDebug("alstate %s, alproto %u", has_state ? "true" : "false", alproto);
} else {
SCLogDebug("packet doesn't have established flag set (proto %d)", p->proto);
if (has_inspectable_state == 1) {
/* initialize to 0(DE_STATE_MATCH_HAS_NEW_STATE) */
DeStateDetectContinueDetection(th_v, de_ctx, det_ctx, p, pflow,
- flow_flags, alproto, alversion);
+ flow_flags, alproto);
}
}
PACKET_PROFILING_DETECT_END(p, PROF_DETECT_STATEFUL);
* can store the tx_id with the alert */
PACKET_PROFILING_DETECT_START(p, PROF_DETECT_STATEFUL);
state_alert = DeStateDetectStartDetection(th_v, de_ctx, det_ctx, s,
- p, pflow, flow_flags, alproto, alversion);
+ p, pflow, flow_flags, alproto);
PACKET_PROFILING_DETECT_END(p, PROF_DETECT_STATEFUL);
if (state_alert == 0)
goto next;
projects / thirdparty / suricata.git / commitdiff
