From: Victor Julien Date: Fri, 17 Jan 2014 13:58:14 +0000 (+0100) Subject: detect: use pflow pointer X-Git-Tag: suricata-2.0rc1~172 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=54d64a12376ed91cc6ed57ed39f97ebabe11c8e0;p=thirdparty%2Fsuricata.git detect: use pflow pointer Use pflow pointer in SigMatchSignatures consistently. Also, when needing access to the ipproto, use p->proto, not p->flow->proto. --- diff --git a/src/detect.c b/src/detect.c index 7ccc09b0bb..454807fd56 100644 --- a/src/detect.c +++ b/src/detect.c @@ -1182,18 +1182,18 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh (p->proto == IPPROTO_UDP) || (p->proto == IPPROTO_SCTP && (p->flowflags & FLOW_PKT_ESTABLISHED))) { - alstate = FlowGetAppState(p->flow); - alproto = FlowGetAppProtocol(p->flow); - alversion = AppLayerParserGetStateVersion(p->flow->alparser); + alstate = FlowGetAppState(pflow); + alproto = FlowGetAppProtocol(pflow); + alversion = AppLayerParserGetStateVersion(pflow->alparser); SCLogDebug("alstate %p, alproto %u", alstate, alproto); } else { SCLogDebug("packet doesn't have established flag set (proto %d)", p->proto); } - app_decoder_events = AppLayerParserHasDecoderEvents(p->flow->proto, - p->flow->alproto, - p->flow->alstate, - p->flow->alparser, + app_decoder_events = AppLayerParserHasDecoderEvents(pflow->proto, + pflow->alproto, + pflow->alstate, + pflow->alparser, flags); } FLOWLOCK_UNLOCK(pflow); @@ -1548,7 +1548,7 @@ next: end: /* see if we need to increment the inspect_id and reset the de_state */ - if (alstate != NULL && AppLayerParserProtocolSupportsTxs(p->flow->proto, alproto)) { + if (alstate != NULL && AppLayerParserProtocolSupportsTxs(p->proto, alproto)) { PACKET_PROFILING_DETECT_START(p, PROF_DETECT_STATEFUL); DeStateUpdateInspectTransactionId(pflow, flags); PACKET_PROFILING_DETECT_END(p, PROF_DETECT_STATEFUL);