diff --git a/src/app-layer-dcerpc-common.h b/src/app-layer-dcerpc-common.h index 05fe4447a9..9f5428615e 100644 --- a/src/app-layer-dcerpc-common.h +++ b/src/app-layer-dcerpc-common.h @@ -137,10 +137,8 @@ typedef struct DCERPCRequest_ { uint8_t *stub_data_buffer; /* length of the above buffer */ uint32_t stub_data_buffer_len; - /* used by the dce preproc to indicate fresh entry in the stub data buffer. - * The dce_stub_data keyword would reset it, once it has processed the - * above buffer */ - uint8_t stub_data_processed; + /* used by the dce preproc to indicate fresh entry in the stub data buffer */ + uint8_t stub_data_fresh; } DCERPCRequest; typedef struct DCERPCResponse_ { @@ -148,10 +146,8 @@ typedef struct DCERPCResponse_ { uint8_t *stub_data_buffer; /* length of the above buffer */ uint32_t stub_data_buffer_len; - /* used by the dce preproc to indicate fresh entry in the stub data buffer. - * The dce_stub_data keyword would reset it, once it has processed the - * above buffer */ - uint8_t stub_data_processed; + /* used by the dce preproc to indicate fresh entry in the stub data buffer */ + uint8_t stub_data_fresh; } DCERPCResponse; typedef struct DCERPC_ { diff --git a/src/app-layer-dcerpc.c b/src/app-layer-dcerpc.c index 57b80b6913..9a670cbd3f 100644 --- a/src/app-layer-dcerpc.c +++ b/src/app-layer-dcerpc.c @@ -897,20 +897,20 @@ static uint32_t StubDataParser(DCERPC *dcerpc, uint8_t *input, uint32_t input_le SCEnter(); uint8_t **stub_data_buffer = NULL; uint32_t *stub_data_buffer_len = NULL; - uint8_t *stub_data_processed = NULL; + uint8_t *stub_data_fresh = NULL; uint16_t stub_len = 0; /* request PDU. Retrieve the request stub buffer */ if (dcerpc->dcerpchdr.type == REQUEST) { stub_data_buffer = &dcerpc->dcerpcrequest.stub_data_buffer; stub_data_buffer_len = &dcerpc->dcerpcrequest.stub_data_buffer_len; - stub_data_processed = &dcerpc->dcerpcrequest.stub_data_processed; + stub_data_fresh = &dcerpc->dcerpcrequest.stub_data_fresh; /* response PDU. Retrieve the response stub buffer */ } else { stub_data_buffer = &dcerpc->dcerpcresponse.stub_data_buffer; stub_data_buffer_len = &dcerpc->dcerpcresponse.stub_data_buffer_len; - stub_data_processed = &dcerpc->dcerpcresponse.stub_data_processed; + stub_data_fresh = &dcerpc->dcerpcresponse.stub_data_fresh; } stub_len = (dcerpc->padleft < input_len) ? dcerpc->padleft : input_len; @@ -929,7 +929,7 @@ static uint32_t StubDataParser(DCERPC *dcerpc, uint8_t *input, uint32_t input_le } memcpy(*stub_data_buffer + *stub_data_buffer_len, input, stub_len); - *stub_data_processed = 0; + *stub_data_fresh = 1; /* length of the buffered stub */ *stub_data_buffer_len += stub_len; @@ -1097,6 +1097,9 @@ int32_t DCERPCParser(DCERPC *dcerpc, uint8_t *input, uint32_t input_len) { uint32_t parsed = 0; int hdrretval = 0; + dcerpc->dcerpcrequest.stub_data_fresh = 0; + dcerpc->dcerpcresponse.stub_data_fresh = 0; + while (dcerpc->bytesprocessed < DCERPC_HDR_LEN && input_len) { hdrretval = DCERPCParseHeader(dcerpc, input, input_len); if (hdrretval == -1) { @@ -3409,9 +3412,9 @@ int DCERPCParserTest04(void) { } result &= ( (dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer == NULL && - dcerpc_state->dcerpc.dcerpcrequest.stub_data_processed == 0) && + dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh == 0) && (dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer == NULL && - dcerpc_state->dcerpc.dcerpcresponse.stub_data_processed == 0) ); + dcerpc_state->dcerpc.dcerpcresponse.stub_data_fresh == 0) ); if (result == 0) goto end; @@ -3425,9 +3428,9 @@ int DCERPCParserTest04(void) { } result &= ( (dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer == NULL && - dcerpc_state->dcerpc.dcerpcrequest.stub_data_processed == 0) && + dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh == 0) && (dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer == NULL && - dcerpc_state->dcerpc.dcerpcresponse.stub_data_processed == 0) ); + dcerpc_state->dcerpc.dcerpcresponse.stub_data_fresh == 0) ); if (result == 0) goto end; @@ -3442,11 +3445,12 @@ int DCERPCParserTest04(void) { result &= ( (dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer != NULL && dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer_len == 1024 && - dcerpc_state->dcerpc.dcerpcrequest.stub_data_processed == 0) && + dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh == 1) && (dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer == NULL && - dcerpc_state->dcerpc.dcerpcresponse.stub_data_processed == 0) ); + dcerpc_state->dcerpc.dcerpcresponse.stub_data_fresh == 0) ); if (result == 0) goto end; + dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh = 0; /* request2 */ r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, @@ -3459,11 +3463,12 @@ int DCERPCParserTest04(void) { result &= ( (dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer != NULL && dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer_len == 2048 && - dcerpc_state->dcerpc.dcerpcrequest.stub_data_processed == 0) && + dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh == 1) && (dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer == NULL && - dcerpc_state->dcerpc.dcerpcresponse.stub_data_processed == 0) ); + dcerpc_state->dcerpc.dcerpcresponse.stub_data_fresh == 0) ); if (result == 0) goto end; + dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh = 0; /* request3 */ r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, @@ -3476,11 +3481,12 @@ int DCERPCParserTest04(void) { result &= ( (dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer != NULL && dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer_len == 3072 && - dcerpc_state->dcerpc.dcerpcrequest.stub_data_processed == 0) && + dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh == 1) && (dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer == NULL && - dcerpc_state->dcerpc.dcerpcresponse.stub_data_processed == 0) ); + dcerpc_state->dcerpc.dcerpcresponse.stub_data_fresh == 0) ); if (result == 0) goto end; + dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh = 0; /* request4 */ r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, @@ -3493,11 +3499,12 @@ int DCERPCParserTest04(void) { result &= ( (dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer != NULL && dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer_len == 4096 && - dcerpc_state->dcerpc.dcerpcrequest.stub_data_processed == 0) && + dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh == 1) && (dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer == NULL && - dcerpc_state->dcerpc.dcerpcresponse.stub_data_processed == 0) ); + dcerpc_state->dcerpc.dcerpcresponse.stub_data_fresh == 0) ); if (result == 0) goto end; + dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh = 0; /* request5 */ r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, @@ -3525,11 +3532,12 @@ int DCERPCParserTest04(void) { result &= ( (dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer != NULL && dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer_len == 6144 && - dcerpc_state->dcerpc.dcerpcrequest.stub_data_processed == 0) && + dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh == 1) && (dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer == NULL && - dcerpc_state->dcerpc.dcerpcresponse.stub_data_processed == 0) ); + dcerpc_state->dcerpc.dcerpcresponse.stub_data_fresh == 0) ); if (result == 0) goto end; + dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh = 0; /* request7 */ r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, @@ -3542,11 +3550,12 @@ int DCERPCParserTest04(void) { result &= ( (dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer != NULL && dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer_len == 7168 && - dcerpc_state->dcerpc.dcerpcrequest.stub_data_processed == 0) && + dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh == 1) && (dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer == NULL && - dcerpc_state->dcerpc.dcerpcresponse.stub_data_processed == 0) ); + dcerpc_state->dcerpc.dcerpcresponse.stub_data_fresh == 0) ); if (result == 0) goto end; + dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh = 0; /* request8 */ r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, @@ -3559,11 +3568,12 @@ int DCERPCParserTest04(void) { result &= ( (dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer != NULL && dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer_len == 8192 && - dcerpc_state->dcerpc.dcerpcrequest.stub_data_processed == 0) && + dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh == 1) && (dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer == NULL && - dcerpc_state->dcerpc.dcerpcresponse.stub_data_processed == 0) ); + dcerpc_state->dcerpc.dcerpcresponse.stub_data_fresh == 0) ); if (result == 0) goto end; + dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh = 0; /* request9 */ r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, @@ -3576,11 +3586,12 @@ int DCERPCParserTest04(void) { result &= ( (dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer != NULL && dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer_len == 8204 && - dcerpc_state->dcerpc.dcerpcrequest.stub_data_processed == 0) && + dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh == 1) && (dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer == NULL && - dcerpc_state->dcerpc.dcerpcrequest.stub_data_processed == 0) ); + dcerpc_state->dcerpc.dcerpcresponse.stub_data_fresh == 0) ); if (result == 0) goto end; + dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh = 0; /* request1 again */ r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER, @@ -3593,9 +3604,9 @@ int DCERPCParserTest04(void) { result &= ( (dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer != NULL && dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer_len == 1024 && - dcerpc_state->dcerpc.dcerpcrequest.stub_data_processed == 0) && + dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh == 1) && (dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer == NULL && - dcerpc_state->dcerpc.dcerpcresponse.stub_data_processed == 0) ); + dcerpc_state->dcerpc.dcerpcresponse.stub_data_fresh == 0) ); if (result == 0) goto end; diff --git a/src/detect-bytejump.c b/src/detect-bytejump.c index c91ab2d732..fb705ba68c 100644 --- a/src/detect-bytejump.c +++ b/src/detect-bytejump.c @@ -819,6 +819,9 @@ int DetectBytejumpTestParse09(void) { return result; } +/** + * \test Test dce option. + */ int DetectBytejumpTestParse10(void) { DetectEngineCtx *de_ctx = NULL; @@ -914,6 +917,9 @@ int DetectBytejumpTestParse10(void) return result; } +/** + * \test Test dce option. + */ int DetectBytejumpTestParse11(void) { DetectEngineCtx *de_ctx = NULL; diff --git a/src/detect-bytetest.c b/src/detect-bytetest.c index 9f815befbd..134b8a0e29 100644 --- a/src/detect-bytetest.c +++ b/src/detect-bytetest.c @@ -1046,6 +1046,9 @@ int DetectBytetestTestParse19(void) { return result; } +/** + * \test Test dce option. + */ int DetectBytetestTestParse20(void) { DetectEngineCtx *de_ctx = NULL; @@ -1141,6 +1144,9 @@ int DetectBytetestTestParse20(void) return result; } +/** + * \test Test dce option. + */ int DetectBytetestTestParse21(void) { DetectEngineCtx *de_ctx = NULL; diff --git a/src/detect-content.c b/src/detect-content.c index bb1299e291..249b3617bb 100644 --- a/src/detect-content.c +++ b/src/detect-content.c @@ -1073,6 +1073,9 @@ end: return result; } +/** + * \test Test content for dce sig. + */ int DetectContentParseTest18(void) { Signature *s = SigAlloc(); @@ -1103,6 +1106,9 @@ int DetectContentParseTest18(void) return result; } +/** + * \test Test content for dce sig. + */ int DetectContentParseTest19(void) { DetectEngineCtx *de_ctx = NULL; diff --git a/src/detect-dce-stub-data.c b/src/detect-dce-stub-data.c index 699c7cb22a..f4cabba26c 100644 --- a/src/detect-dce-stub-data.c +++ b/src/detect-dce-stub-data.c @@ -95,18 +95,16 @@ int DetectDceStubDataMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow * if (flags & STREAM_TOSERVER) { if (dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer == NULL || - dcerpc_state->dcerpc.dcerpcrequest.stub_data_processed == 1) { + dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh == 0) { return 0; } - //dcerpc_state->dcerpc.dcerpcrequest.stub_data_processed = 1; det_ctx->dce_stub_data = dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer; det_ctx->dce_stub_data_len = dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer_len; } else { if (dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer == NULL || - dcerpc_state->dcerpc.dcerpcresponse.stub_data_processed == 1) { + dcerpc_state->dcerpc.dcerpcresponse.stub_data_fresh == 0) { return 0; } - //dcerpc_state->dcerpc.dcerpcresponse.stub_data_processed = 1; det_ctx->dce_stub_data = dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer; det_ctx->dce_stub_data_len = dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer_len; } diff --git a/src/detect-distance.c b/src/detect-distance.c index 17c92d370f..9b1a294888 100644 --- a/src/detect-distance.c +++ b/src/detect-distance.c @@ -175,7 +175,7 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s, } cd->flags |= DETECT_CONTENT_RELATIVE_NEXT; - } else if ( (pm = SigMatchGetLastSM(match_tail->prev, DETECT_BYTEJUMP)) != NULL) { + } else if ( (pm = SigMatchGetLastSM(match_tail, DETECT_BYTEJUMP)) != NULL) { DetectBytejumpData *data = NULL; data = (DetectBytejumpData *) pm->ctx; if (data == NULL) { diff --git a/src/detect-engine-dcepayload.c b/src/detect-engine-dcepayload.c index da095c778e..aca518145b 100644 --- a/src/detect-engine-dcepayload.c +++ b/src/detect-engine-dcepayload.c @@ -44,6 +44,7 @@ #include "app-layer.h" #include "app-layer-dcerpc.h" #include "decode-tcp.h" +#include "flow-util.h" #include "util-debug.h" #include "util-unittest.h" #include "util-unittest-helper.h" @@ -357,14 +358,14 @@ int DetectEngineInspectDcePayload(DetectEngineCtx *de_ctx, * match function. Instead we will retrieve it directly from the app layer. */ if (flags & STREAM_TOSERVER) { if (dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer == NULL || - dcerpc_state->dcerpc.dcerpcrequest.stub_data_processed == 1) { + dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh == 0) { SCReturnInt(0); } dce_stub_data = dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer; dce_stub_data_len = dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer_len; } else { if (dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer == NULL || - dcerpc_state->dcerpc.dcerpcresponse.stub_data_processed == 1) { + dcerpc_state->dcerpc.dcerpcresponse.stub_data_fresh == 0) { SCReturnInt(0); } dce_stub_data = dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer; @@ -1551,6 +1552,7 @@ int DcePayloadTest01(void) } p[1].flowflags |= FLOW_PKT_TOCLIENT; + FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; f.src.family = AF_INET; f.dst.family = AF_INET; @@ -2401,6 +2403,7 @@ int DcePayloadTest02(void) } p[1].flowflags |= FLOW_PKT_TOCLIENT; + FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; f.src.family = AF_INET; f.dst.family = AF_INET; @@ -2837,6 +2840,7 @@ int DcePayloadTest03(void) } p[1].flowflags |= FLOW_PKT_TOCLIENT; + FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; f.src.family = AF_INET; f.dst.family = AF_INET; @@ -3273,6 +3277,7 @@ int DcePayloadTest04(void) } p[1].flowflags |= FLOW_PKT_TOCLIENT; + FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; f.src.family = AF_INET; f.dst.family = AF_INET; @@ -3708,6 +3713,7 @@ int DcePayloadTest05(void) } p[1].flowflags |= FLOW_PKT_TOCLIENT; + FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; f.src.family = AF_INET; f.dst.family = AF_INET; @@ -4144,6 +4150,7 @@ int DcePayloadTest06(void) } p[1].flowflags |= FLOW_PKT_TOCLIENT; + FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; f.src.family = AF_INET; f.dst.family = AF_INET; @@ -4579,6 +4586,7 @@ int DcePayloadTest07(void) } p[1].flowflags |= FLOW_PKT_TOCLIENT; + FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; f.src.family = AF_INET; f.dst.family = AF_INET; @@ -4851,6 +4859,7 @@ int DcePayloadTest08(void) p[i].flowflags |= FLOW_PKT_TOSERVER; } + FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; f.src.family = AF_INET; f.dst.family = AF_INET; @@ -5063,6 +5072,7 @@ int DcePayloadTest09(void) p[i].flowflags |= FLOW_PKT_TOSERVER; } + FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; f.src.family = AF_INET; f.dst.family = AF_INET; @@ -5275,6 +5285,7 @@ int DcePayloadTest10(void) p[i].flowflags |= FLOW_PKT_TOSERVER; } + FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; f.src.family = AF_INET; f.dst.family = AF_INET; @@ -5622,6 +5633,7 @@ int DcePayloadTest11(void) p[i].flowflags |= FLOW_PKT_TOSERVER; } + FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; f.src.family = AF_INET; f.dst.family = AF_INET; @@ -5983,6 +5995,7 @@ int DcePayloadTest12(void) p[i].flowflags |= FLOW_PKT_TOSERVER; } + FLOW_INITIALIZE(&f); f.protoctx = (void *)&ssn; f.src.family = AF_INET; f.dst.family = AF_INET; diff --git a/src/detect-isdataat.c b/src/detect-isdataat.c index 6bcfe77f38..788688daf6 100644 --- a/src/detect-isdataat.c +++ b/src/detect-isdataat.c @@ -390,6 +390,9 @@ int DetectIsdataatTestParse03 (void) { return result; } +/** + * \test Test isdataat option for dce sig. + */ int DetectIsdataatTestParse04(void) { Signature *s = SigAlloc(); @@ -407,6 +410,9 @@ int DetectIsdataatTestParse04(void) return result; } +/** + * \test Test isdataat option for dce sig. + */ int DetectIsdataatTestParse05(void) { DetectEngineCtx *de_ctx = NULL; diff --git a/src/detect-pcre.c b/src/detect-pcre.c index 178e5164f8..aee7e9c9bc 100644 --- a/src/detect-pcre.c +++ b/src/detect-pcre.c @@ -1035,6 +1035,9 @@ static int DetectPcreParseTest09 (void) { return result; } +/** + * \test Test pcre option for dce sig(yeah I'm bored of writing test titles). + */ int DetectPcreParseTest10(void) { Signature *s = SigAlloc(); @@ -1065,6 +1068,9 @@ int DetectPcreParseTest10(void) return result; } +/** + * \test Test pcre option for dce sig. + */ int DetectPcreParseTest11(void) { DetectEngineCtx *de_ctx = NULL; diff --git a/src/detect-uricontent.c b/src/detect-uricontent.c index 765ae51717..0915f83a0c 100644 --- a/src/detect-uricontent.c +++ b/src/detect-uricontent.c @@ -332,6 +332,7 @@ int DetectUricontentSetup (DetectEngineCtx *de_ctx, Signature *s, char *contents { SCEnter(); + DetectUricontentData *cd = NULL; SigMatch *sm = NULL; if (s->alproto == ALPROTO_DCERPC) { @@ -339,7 +340,7 @@ int DetectUricontentSetup (DetectEngineCtx *de_ctx, Signature *s, char *contents goto error; } - DetectUricontentData *cd = DoDetectUricontentSetup(contentstr); + cd = DoDetectUricontentSetup(contentstr); if (cd == NULL) goto error; diff --git a/src/detect-within.c b/src/detect-within.c index e804c05628..a8f2397a68 100644 --- a/src/detect-within.c +++ b/src/detect-within.c @@ -197,7 +197,7 @@ static int DetectWithinSetup (DetectEngineCtx *de_ctx, Signature *s, char *withi } cd->flags |= DETECT_CONTENT_RELATIVE_NEXT; - } else if ( (pm = SigMatchGetLastSM(match_tail->prev, DETECT_PCRE)) != NULL) { + } else if ( (pm = SigMatchGetLastSM(match_tail, DETECT_PCRE)) != NULL) { DetectPcreData *pe = NULL; pe = (DetectPcreData *) pm->ctx; if (pe == NULL) { @@ -206,7 +206,7 @@ static int DetectWithinSetup (DetectEngineCtx *de_ctx, Signature *s, char *withi } pe->flags |= DETECT_PCRE_RELATIVE; - } else if ( (pm = SigMatchGetLastSM(match_tail->prev, DETECT_BYTEJUMP)) != NULL) { + } else if ( (pm = SigMatchGetLastSM(match_tail, DETECT_BYTEJUMP)) != NULL) { DetectBytejumpData *data = NULL; data = (DetectBytejumpData *) pm->ctx; if (data == NULL) { @@ -303,4 +303,4 @@ void DetectWithinRegisterTests(void) { UtRegisterTest("DetectWithinTestPacket01", DetectWithinTestPacket01, 1); UtRegisterTest("DetectWithinTestPacket02", DetectWithinTestPacket02, 1); #endif /* UNITTESTS */ -} \ No newline at end of file +} diff --git a/src/stream-tcp.c b/src/stream-tcp.c index ce7bc71df8..2be2783ba7 100644 --- a/src/stream-tcp.c +++ b/src/stream-tcp.c @@ -55,6 +55,16 @@ //#define DEBUG +typedef struct StreamTcpThread_ { + uint64_t pkts; + + uint16_t counter_tcp_sessions; + /** sessions not picked up because memcap was reached */ + uint16_t counter_tcp_ssn_memcap; + + TcpReassemblyThreadCtx *ra_ctx; /**< tcp reassembly thread data */ +} StreamTcpThread; + TmEcode StreamTcp (ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *); TmEcode StreamTcpThreadInit(ThreadVars *, void *, void **); TmEcode StreamTcpThreadDeinit(ThreadVars *, void *); @@ -2510,7 +2520,7 @@ static int StreamTcpPacketStateTimeWait(ThreadVars *tv, Packet *p, } /* flow is and stays locked */ -int StreamTcpPacket (ThreadVars *tv, Packet *p, StreamTcpThread *stt) +static int StreamTcpPacket (ThreadVars *tv, Packet *p, StreamTcpThread *stt) { SCEnter(); TcpSession *ssn = (TcpSession *)p->flow->protoctx; diff --git a/src/stream-tcp.h b/src/stream-tcp.h index 87bdc94caf..3744b719c6 100644 --- a/src/stream-tcp.h +++ b/src/stream-tcp.h @@ -44,16 +44,6 @@ typedef struct TcpStreamCnf_ { int async_oneside; } TcpStreamCnf; -typedef struct StreamTcpThread_ { - uint64_t pkts; - - uint16_t counter_tcp_sessions; - /** sessions not picked up because memcap was reached */ - uint16_t counter_tcp_ssn_memcap; - - TcpReassemblyThreadCtx *ra_ctx; /**< tcp reassembly thread data */ -} StreamTcpThread; - TcpStreamCnf stream_config; void TmModuleStreamTcpRegister (void); void StreamTcpInitConfig (char); @@ -64,7 +54,5 @@ void StreamTcpIncrMemuse(uint32_t); void StreamTcpDecrMemuse(uint32_t); int StreamTcpCheckMemcap(uint32_t); -int StreamTcpPacket (ThreadVars *, Packet *, StreamTcpThread *); - #endif /* __STREAM_TCP_H__ */