detect: track current tx_id in det_ctx

When using the inspection engines, track the current tx_id in the
thread storage the detect thread uses. As 0 is a valid tx_id, add
a simple bool that indicates if the tx_id field is set.

diff --git a/src/detect-engine-file.c b/src/detect-engine-file.c
index 64286d2105917079105e28f17e4b0e6a8bdfd229..ca502c9b758c237c524a8f7b59a34de494d3e0f9 100644 (file)
--- a/src/detect-engine-file.c
+++ b/src/detect-engine-file.c
@@ -223,9 +223,6 @@ int DetectFileInspectHttp(ThreadVars *tv,
     else
         ffc = htp_state->files_ts;
 
-    /* inspect files for this transaction */
-    det_ctx->tx_id = (uint16_t)tx_id;
-
     int match = DetectFileInspect(tv, det_ctx, f, s, flags, ffc);
     if (match == 1) {
         r = DETECT_ENGINE_INSPECT_SIG_MATCH;

diff --git a/src/detect-engine-state.c b/src/detect-engine-state.c
index d6fe83450cb784ae6426be613d6fa9ede3c22a09..5b0f3d64bbbba2d5d924934d6d7942df4d03169b 100644 (file)
--- a/src/detect-engine-state.c
+++ b/src/detect-engine-state.c
@@ -295,6 +295,8 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
             tx = AppLayerParserGetTx(f->proto, alproto, alstate, tx_id);
             if (tx == NULL)
                 continue;
+            det_ctx->tx_id = tx_id;
+            det_ctx->tx_id_set = 1;
             engine = app_inspection_engine[FlowGetProtoMapping(f->proto)][alproto][direction];
             inspect_flags = 0;
             while (engine != NULL) {
@@ -474,6 +476,8 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
     SCMutexUnlock(&f->de_state_m);
 
  end:
+    det_ctx->tx_id = 0;
+    det_ctx->tx_id_set = 0;
     return alert_cnt ? 1:0;
 }
 
@@ -623,6 +627,8 @@ void DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
                     }
                 }
 
+                det_ctx->tx_id = inspect_tx_id;
+                det_ctx->tx_id_set = 1;
                 engine = app_inspection_engine[FlowGetProtoMapping(f->proto)][alproto][(flags & STREAM_TOSERVER) ? 0 : 1];
                 inspect_tx = AppLayerParserGetTx(f->proto, alproto, alstate, inspect_tx_id);
                 if (inspect_tx == NULL) {
@@ -765,6 +771,8 @@ end:
         DetectEngineStateReset(f->de_state, flags);
 
     SCMutexUnlock(&f->de_state_m);
+    det_ctx->tx_id = 0;
+    det_ctx->tx_id_set = 0;
     return;
 }
 

diff --git a/src/detect.h b/src/detect.h
index d6ff315c639ab8b73f059e02dd81dfdf6192d53d..432b70500db84de53596584e2cd54fb5dfe8effa 100644 (file)
--- a/src/detect.h
+++ b/src/detect.h
@@ -806,6 +806,8 @@ typedef struct DetectionEngineThreadCtx_ {
     uint16_t discontinue_matching;
     uint16_t flags;
 
+    /* bool: if tx_id is set, this is 1, otherwise 0 */
+    uint16_t tx_id_set;
     /** ID of the transaction currently being inspected. */
     uint64_t tx_id;