filestore: fix logic flag in continued stateful detection

author Victor Julien <victor@inliniac.net>

Wed, 31 Oct 2012 14:51:41 +0000 (15:51 +0100)

committer Victor Julien <victor@inliniac.net>

Wed, 31 Oct 2012 14:51:41 +0000 (15:51 +0100)
author Victor Julien <victor@inliniac.net>
Wed, 31 Oct 2012 14:51:41 +0000 (15:51 +0100)
committer Victor Julien <victor@inliniac.net>
Wed, 31 Oct 2012 14:51:41 +0000 (15:51 +0100)
diff --git a/src/detect-filestore.c b/src/detect-filestore.c

index 535e22d44c6d739d8429207cfe1666f10d997a24..20157bb3d85777191d446cdc0a86e4dec006f8e3 100644 (file)
--- a/src/detect-filestore.c
+++ b/src/detect-filestore.c
@@ -196,7 +196,7 @@ static int FilestorePostMatchWithOptions(Packet *p, Flow *f, DetectFilestoreData
   *  When we are sure all parts of the signature matched, we run this function
   *  to finalize the filestore.
   */
-int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p) {
+int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s) {
      uint8_t flags = 0;
  
      SCEnter();
@@ -205,7 +205,7 @@ int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Pack
          SCReturnInt(0);
      }
  
-    if (det_ctx->filestore_sm == NULL || p->flow == NULL) {
+    if (s->filestore_sm == NULL || p->flow == NULL) {
  #ifndef DEBUG
          SCReturnInt(0);
  #else
@@ -223,13 +223,13 @@ int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Pack
      FileContainer *ffc = AppLayerGetFilesFromFlow(p->flow, flags);
  
      /* filestore for single files only */
-    if (det_ctx->filestore_sm->ctx == NULL) {
+    if (s->filestore_sm->ctx == NULL) {
          uint16_t u;
          for (u = 0; u < det_ctx->filestore_cnt; u++) {
              FileStoreFileById(ffc, det_ctx->filestore[u].file_id);
          }
      } else {
-        DetectFilestoreData *filestore = det_ctx->filestore_sm->ctx;
+        DetectFilestoreData *filestore = s->filestore_sm->ctx;
          uint16_t u;
  
          for (u = 0; u < det_ctx->filestore_cnt; u++) {
@@ -284,8 +284,6 @@ static int DetectFilestoreMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
          det_ctx->filestore[det_ctx->filestore_cnt].tx_id);
  
      det_ctx->filestore_cnt++;
-
-    det_ctx->filestore_sm = m;
      SCReturnInt(1);
  }
  
@@ -407,6 +405,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, char *st
      }
  
      SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH);
+    s->filestore_sm = sm;
  
      if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) {
          SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords.");
diff --git a/src/detect-filestore.h b/src/detect-filestore.h

index cd3f01440016ffcb955f5b02041e03621ab354a1..1879b87532e2ee473e9865b1d153ddbf5aadc916 100644 (file)
--- a/src/detect-filestore.h
+++ b/src/detect-filestore.h
@@ -41,5 +41,5 @@ typedef struct DetectFilestoreData_ {
  /* prototypes */
  void DetectFilestoreRegister (void);
  
-int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p);
+int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *);
  #endif /* __DETECT_FILESTORE_H__ */
diff --git a/src/detect.c b/src/detect.c

index dab006c030475308aed326638d7e9cd7f0b78536..3e274f23527651a30afd5673de438f906869bb93 100644 (file)
--- a/src/detect.c
+++ b/src/detect.c
@@ -771,7 +771,7 @@ static int SigMatchSignaturesRunPostMatch(ThreadVars *tv,
      det_ctx->replist = NULL;
  
      if (s->flags & SIG_FLAG_FILESTORE)
-        DetectFilestorePostMatch(tv, det_ctx, p);
+        DetectFilestorePostMatch(tv, det_ctx, p, s);
  
      return 1;
  }
@@ -1596,7 +1596,6 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
  next:
          DetectReplaceFree(det_ctx->replist);
          det_ctx->replist = NULL;
-        det_ctx->filestore_sm = NULL;
          RULE_PROFILING_END(det_ctx, s, smatch);
  
          det_ctx->flags = 0;
diff --git a/src/detect.h b/src/detect.h

index 4182d13fd16ecf4a11ea8e7d47b3007e5f9f4364..1a49106b40c57353e64dbc7616782bcffca59f14 100644 (file)
--- a/src/detect.h
+++ b/src/detect.h
@@ -446,6 +446,7 @@ typedef struct Signature_ {
      uint16_t sm_cnt;
  
      SigMatch *dsize_sm;
+    SigMatch *filestore_sm;
      /* the fast pattern added from this signature */
      SigMatch *mpm_sm;
      /* helper for init phase */
@@ -810,7 +811,6 @@ typedef struct DetectionEngineThreadCtx_ {
          uint16_t file_id;
          uint16_t tx_id;
      } filestore[DETECT_FILESTORE_MAX];
-    SigMatch *filestore_sm;
  
      DetectEngineCtx *de_ctx;
  #ifdef __SC_CUDA_SUPPORT__
author	Victor Julien <victor@inliniac.net>
	Wed, 31 Oct 2012 14:51:41 +0000 (15:51 +0100)
committer	Victor Julien <victor@inliniac.net>
	Wed, 31 Oct 2012 14:51:41 +0000 (15:51 +0100)
src/detect-filestore.c		patch \| blob \| blame \| history
src/detect-filestore.h		patch \| blob \| blame \| history
src/detect.c		patch \| blob \| blame \| history
src/detect.h		patch \| blob \| blame \| history