From: Victor Julien <victor@inliniac.net>
Date: Fri, 3 May 2019 08:16:38 +0000 (+0200)
Subject: detect/inspect: add flags to inspect buffer
X-Git-Tag: suricata-5.0.0-rc1~519
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d270a7603a879fdd4154cc26887ead0be3a6115e;p=thirdparty%2Fsuricata.git

detect/inspect: add flags to inspect buffer
---

diff --git a/src/detect-engine.c b/src/detect-engine.c
index 416a2fc68e..73cc890228 100644
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@@ -1272,6 +1272,7 @@ int DetectEngineInspectBufferGeneric(
 
     uint8_t ci_flags = eof ? DETECT_CI_FLAGS_END : 0;
     ci_flags |= (offset == 0 ? DETECT_CI_FLAGS_START : 0);
+    ci_flags |= buffer->flags;
 
     det_ctx->discontinue_matching = 0;
     det_ctx->buffer_offset = 0;
diff --git a/src/detect.h b/src/detect.h
index 3d41697fb5..b6a317f4b3 100644
--- a/src/detect.h
+++ b/src/detect.h
@@ -344,16 +344,17 @@ struct DetectEngineThreadCtx_;// DetectEngineThreadCtx;
  * Prefilter and inspection will only deal with 'inspect'. */
 
 typedef struct InspectionBuffer {
-    const uint8_t *inspect;     /**< active pointer, points either to ::buf or ::orig */
-    uint32_t inspect_len; /**< size of active data. See to ::len or ::orig_len */
+    const uint8_t *inspect; /**< active pointer, points either to ::buf or ::orig */
     uint64_t inspect_offset;
+    uint32_t inspect_len;   /**< size of active data. See to ::len or ::orig_len */
+    uint8_t flags;          /**< DETECT_CI_FLAGS_* for use with DetectEngineContentInspection */
 
+    uint32_t len;           /**< how much is in use */
     uint8_t *buf;
-    uint32_t len;   /**< how much is in use */
-    uint32_t size;  /**< size of the memory allocation */
+    uint32_t size;          /**< size of the memory allocation */
 
-    const uint8_t *orig;
     uint32_t orig_len;
+    const uint8_t *orig;
 } InspectionBuffer;
 
 /* inspection buffers are kept per tx (in det_ctx), but some protocols