From: Victor Julien <victor@inliniac.net>
Date: Wed, 21 Oct 2015 06:59:04 +0000 (+0200)
Subject: http_raw_header: improve mpm progress handling
X-Git-Tag: suricata-3.1RC1~319
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=30755265ee4bbb424ce221e06dcb586ece0f8846;p=thirdparty%2Fsuricata.git

http_raw_header: improve mpm progress handling
---

diff --git a/src/detect-engine-hrhd.c b/src/detect-engine-hrhd.c
index 2dd26f2f23..3756a104bd 100644
--- a/src/detect-engine-hrhd.c
+++ b/src/detect-engine-hrhd.c
@@ -112,9 +112,6 @@ int DetectEngineRunHttpRawHeaderMpm(DetectEngineThreadCtx *det_ctx, Flow *f,
     }
 
     if (flags & STREAM_TOSERVER) {
-        if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, txv, flags) <= HTP_REQUEST_HEADERS)
-            SCReturnInt(0);
-
         if (tx_ud->request_headers_raw != NULL) {
             cnt = HttpRawHeaderPatternSearch(det_ctx,
                                              tx_ud->request_headers_raw,
@@ -122,9 +119,6 @@ int DetectEngineRunHttpRawHeaderMpm(DetectEngineThreadCtx *det_ctx, Flow *f,
                                              flags);
         }
     } else {
-        if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, txv, flags) <= HTP_RESPONSE_HEADERS)
-            SCReturnInt(0);
-
         if (tx_ud->response_headers_raw != NULL) {
             cnt = HttpRawHeaderPatternSearch(det_ctx,
                                               tx_ud->response_headers_raw,
diff --git a/src/detect.c b/src/detect.c
index 223644708e..c9902f73f0 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -977,6 +977,9 @@ static inline void DetectMpmPrefilter(DetectEngineCtx *de_ctx,
                             DetectEngineRunHttpHeaderMpm(det_ctx, p->flow, alstate, flags, tx, idx);
                             PACKET_PROFILING_DETECT_END(p, PROF_DETECT_MPM_HHD);
                         }
+                    }
+
+                    if (tx_progress > HTP_REQUEST_HEADERS) {
                         if (det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_HRHD) {
                             PACKET_PROFILING_DETECT_START(p, PROF_DETECT_MPM_HRHD);
                             DetectEngineRunHttpRawHeaderMpm(det_ctx, p->flow, alstate, flags, tx, idx);
@@ -1013,11 +1016,6 @@ static inline void DetectMpmPrefilter(DetectEngineCtx *de_ctx,
                             DetectEngineRunHttpHeaderMpm(det_ctx, p->flow, alstate, flags, tx, idx);
                             PACKET_PROFILING_DETECT_END(p, PROF_DETECT_MPM_HHD);
                         }
-                        if (det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_HRHD) {
-                            PACKET_PROFILING_DETECT_START(p, PROF_DETECT_MPM_HRHD);
-                            DetectEngineRunHttpRawHeaderMpm(det_ctx, p->flow, alstate, flags, tx, idx);
-                            PACKET_PROFILING_DETECT_END(p, PROF_DETECT_MPM_HRHD);
-                        }
                         if (det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_HCD) {
                             PACKET_PROFILING_DETECT_START(p, PROF_DETECT_MPM_HCD);
                             DetectEngineRunHttpCookieMpm(det_ctx, p->flow, alstate, flags, tx, idx);
@@ -1025,6 +1023,14 @@ static inline void DetectMpmPrefilter(DetectEngineCtx *de_ctx,
                         }
                     }
 
+                    if (tx_progress > HTP_RESPONSE_HEADERS) {
+                        if (det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_HRHD) {
+                            PACKET_PROFILING_DETECT_START(p, PROF_DETECT_MPM_HRHD);
+                            DetectEngineRunHttpRawHeaderMpm(det_ctx, p->flow, alstate, flags, tx, idx);
+                            PACKET_PROFILING_DETECT_END(p, PROF_DETECT_MPM_HRHD);
+                        }
+                    }
+
                     if (tx_progress >= HTP_RESPONSE_BODY) {
                         if (det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_HSBD) {
                             PACKET_PROFILING_DETECT_START(p, PROF_DETECT_MPM_HSBD);