From: Victor Julien Date: Sat, 15 Oct 2016 16:54:02 +0000 (+0200) Subject: detect: app-event list in engine X-Git-Tag: suricata-4.0.0-beta1~414 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f5adccba1d8afb40e0f8cbbece6dcd805f47b9aa;p=thirdparty%2Fsuricata.git detect: app-event list in engine --- diff --git a/src/detect-app-layer-event.c b/src/detect-app-layer-event.c index 3447ab3813..38504c14b6 100644 --- a/src/detect-app-layer-event.c +++ b/src/detect-app-layer-event.c @@ -88,14 +88,13 @@ void DetectAppLayerEventRegister(void) static int DetectEngineAptEventInspect(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *smi, + const Signature *s, const SigMatch *sm, Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id) { AppLayerDecoderEvents *decoder_events = NULL; int r = 0; AppProto alproto; - SigMatch *sm; DetectAppLayerEventData *aled = NULL; alproto = f->alproto; @@ -103,7 +102,7 @@ static int DetectEngineAptEventInspect(ThreadVars *tv, if (decoder_events == NULL) goto end; - for (sm = s->sm_lists[DETECT_SM_LIST_APP_EVENT]; sm != NULL; sm = sm->next) { + for ( ; sm != NULL; sm = sm->next) { aled = (DetectAppLayerEventData *)sm->ctx; KEYWORD_PROFILING_START; if (AppLayerDecoderEventsIsEventSet(decoder_events, aled->event_id)) { diff --git a/src/detect-engine.c b/src/detect-engine.c index 40d32d3ad3..476e6c26f1 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -198,6 +198,8 @@ int DetectEngineAppInspectionEngine2Signature(Signature *s) case DETECT_SM_LIST_TLSSUBJECT_MATCH: //case DETECT_SM_LIST_TLSVALIDITY_MATCH: + case DETECT_SM_LIST_APP_EVENT: + new_engine->sm = s->sm_lists[new_engine->sm_list]; s->sm_lists[new_engine->sm_list] = NULL; s->sm_lists_tail[new_engine->sm_list] = NULL;