From: Victor Julien <vjulien@oisf.net>
Date: Mon, 31 Mar 2025 10:07:05 +0000 (+0200)
Subject: detect/tls.version: allow using rule hook
X-Git-Tag: suricata-8.0.0-beta1~26
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=95ed975cca06a93059d5583c4b9b17657f8ee605;p=thirdparty%2Fsuricata.git

detect/tls.version: allow using rule hook

tls.version isn't hooked to a specific state by default. Allow it
to register at the rule hook.
---

diff --git a/src/detect-tls-version.c b/src/detect-tls-version.c
index 3a526e9738..9df017cc82 100644
--- a/src/detect-tls-version.c
+++ b/src/detect-tls-version.c
@@ -240,11 +240,15 @@ static int DetectTlsVersionSetup (DetectEngineCtx *de_ctx, Signature *s, const c
     if (tls == NULL)
         goto error;
 
+    /* keyword supports multiple hooks, so attach to the hook specified in the rule. */
+    int list = g_tls_generic_list_id;
     /* Okay so far so good, lets get this into a SigMatch
      * and put it in the Signature. */
+    if (s->init_data->hook.type == SIGNATURE_HOOK_TYPE_APP) {
+        list = s->init_data->hook.sm_list;
+    }
 
-    if (SigMatchAppendSMToList(
-                de_ctx, s, DETECT_TLS_VERSION, (SigMatchCtx *)tls, g_tls_generic_list_id) == NULL) {
+    if (SigMatchAppendSMToList(de_ctx, s, DETECT_TLS_VERSION, (SigMatchCtx *)tls, list) == NULL) {
         goto error;
     }