From: Victor Julien Date: Wed, 19 Sep 2012 10:58:56 +0000 (+0200) Subject: engine events: prefilter sigs that need a event X-Git-Tag: suricata-1.4beta2~61 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=575c87aebad15e01e145834bc5ba0cf22abd5105;p=thirdparty%2Fsuricata.git engine events: prefilter sigs that need a event --- diff --git a/src/detect.c b/src/detect.c index 09492086a2..c4686da41e 100644 --- a/src/detect.c +++ b/src/detect.c @@ -2339,6 +2339,11 @@ PacketCreateMask(Packet *p, SignatureMask *mask, uint16_t alproto, void *alstate (*mask) |= SIG_MASK_REQUIRE_NO_PAYLOAD; } + if (p->events.cnt > 0) { + SCLogDebug("packet has events set"); + (*mask) |= SIG_MASK_REQUIRE_ENGINE_EVENT; + } + if (PKT_IS_TCP(p)) { if ((p->tcph->th_flags & MASK_TCP_INITDEINIT_FLAGS) != 0) { (*mask) |= SIG_MASK_REQUIRE_FLAGS_INITDEINIT; @@ -2529,6 +2534,9 @@ static int SignatureCreateMask(Signature *s) { } break; } + case DETECT_ENGINE_EVENT: + s->mask |= SIG_MASK_REQUIRE_ENGINE_EVENT; + break; } } diff --git a/src/detect.h b/src/detect.h index f24161df83..88e4b4d671 100644 --- a/src/detect.h +++ b/src/detect.h @@ -273,14 +273,14 @@ typedef struct DetectPort_ { #define SIG_FLAG_INIT_FILE_DATA (1<<5) /**< file_data set */ /* signature mask flags */ -#define SIG_MASK_REQUIRE_PAYLOAD 1 +#define SIG_MASK_REQUIRE_PAYLOAD (1<<0) #define SIG_MASK_REQUIRE_FLOW (1<<1) #define SIG_MASK_REQUIRE_FLAGS_INITDEINIT (1<<2) /* SYN, FIN, RST */ #define SIG_MASK_REQUIRE_FLAGS_UNUSUAL (1<<3) /* URG, ECN, CWR */ #define SIG_MASK_REQUIRE_NO_PAYLOAD (1<<4) -// #define SIG_MASK_REQUIRE_HTTP_STATE (1<<5) #define SIG_MASK_REQUIRE_DCE_STATE (1<<6) +#define SIG_MASK_REQUIRE_ENGINE_EVENT (1<<7) /* for now a uint8_t is enough */ #define SignatureMask uint8_t