detect/inspect: add flags to inspect buffer

diff --git a/src/detect-engine.c b/src/detect-engine.c
index 416a2fc68e5dc6d52199b2819676944aaff0827f..73cc890228934bc13b2988ad77adc548f8db9c96 100644 (file)
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@@ -1272,6 +1272,7 @@ int DetectEngineInspectBufferGeneric(
 
     uint8_t ci_flags = eof ? DETECT_CI_FLAGS_END : 0;
     ci_flags |= (offset == 0 ? DETECT_CI_FLAGS_START : 0);
+    ci_flags |= buffer->flags;
 
     det_ctx->discontinue_matching = 0;
     det_ctx->buffer_offset = 0;

diff --git a/src/detect.h b/src/detect.h
index 3d41697fb55824861eccefdfecdf11f82a04a4d3..b6a317f4b3fd22e45f188576fd88105583834a2b 100644 (file)
--- a/src/detect.h
+++ b/src/detect.h
@@ -344,16 +344,17 @@ struct DetectEngineThreadCtx_;// DetectEngineThreadCtx;
  * Prefilter and inspection will only deal with 'inspect'. */
 
 typedef struct InspectionBuffer {
-    const uint8_t *inspect;     /**< active pointer, points either to ::buf or ::orig */
-    uint32_t inspect_len; /**< size of active data. See to ::len or ::orig_len */
+    const uint8_t *inspect; /**< active pointer, points either to ::buf or ::orig */
     uint64_t inspect_offset;
+    uint32_t inspect_len;   /**< size of active data. See to ::len or ::orig_len */
+    uint8_t flags;          /**< DETECT_CI_FLAGS_* for use with DetectEngineContentInspection */
 
+    uint32_t len;           /**< how much is in use */
     uint8_t *buf;
-    uint32_t len;   /**< how much is in use */
-    uint32_t size;  /**< size of the memory allocation */
+    uint32_t size;          /**< size of the memory allocation */
 
-    const uint8_t *orig;
     uint32_t orig_len;
+    const uint8_t *orig;
 } InspectionBuffer;
 
 /* inspection buffers are kept per tx (in det_ctx), but some protocols