diff --git a/src/detect-engine-mpm.c b/src/detect-engine-mpm.c index 2a1902972f..77f52dd0f5 100644 --- a/src/detect-engine-mpm.c +++ b/src/detect-engine-mpm.c @@ -313,7 +313,7 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh) if (sh->mpm_content_maxlen > content_maxlen) sh->mpm_content_maxlen = content_maxlen; } - if (uricontent_maxlen) { + if (uricontent_cnt) { if (sh->mpm_uricontent_maxlen == 0) sh->mpm_uricontent_maxlen = uricontent_maxlen; if (sh->mpm_uricontent_maxlen > uricontent_maxlen) sh->mpm_uricontent_maxlen = uricontent_maxlen; @@ -341,9 +341,9 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh) if (sh->mpm_uricontent_maxlen >= ud->uricontent_len) { if (ud->flags & DETECT_URICONTENT_NOCASE) { - sh->mpm_uri_ctx->AddPatternNocase(sh->mpm_uri_scan_ctx, ud->uricontent, ud->uricontent_len, ud->id); + sh->mpm_uri_scan_ctx->AddPatternNocase(sh->mpm_uri_scan_ctx, ud->uricontent, ud->uricontent_len, ud->id); } else { - sh->mpm_uri_ctx->AddPattern(sh->mpm_uri_scan_ctx, ud->uricontent, ud->uricontent_len, ud->id); + sh->mpm_uri_scan_ctx->AddPattern(sh->mpm_uri_scan_ctx, ud->uricontent, ud->uricontent_len, ud->id); } break; } @@ -424,11 +424,6 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh) //sh->mpm_uri_ctx->PrintCtx(sh->mpm_uri_ctx); } - //printf("Printing info...\n"); - //sh->mpm_ctx.PrintCtx(&sh->mpm_ctx); - //sh->mpm_uri_ctx.PrintCtx(&sh->mpm_uri_ctx); - //printf("mpm_ctx %p\n", &sh->mpm_uri_ctx); - return 0; error: /* XXX */ diff --git a/src/detect-uricontent.c b/src/detect-uricontent.c index d9c1ff97f7..bdefdb795c 100644 --- a/src/detect-uricontent.c +++ b/src/detect-uricontent.c @@ -240,9 +240,13 @@ int DetectUricontentMatch (ThreadVars *t, PatternMatcherThread *pmt, Packet *p, return 0; if (pmt->de_have_httpuri == 1 && pmt->de_scanned_httpuri == 0) { + pmt->de_scanned_httpuri = 1; + + //printf("DetectUricontentMatch: pmt->sgh %p, pmt->mcu %p, pmt->mcu_scan %p\n", pmt->sgh, pmt->mcu, pmt->mcu_scan); + /* don't bother scanning if we don't have a pattern matcher ctx * which means we don't have uricontent sigs */ - if (pmt->mcu == NULL) + if (pmt->mcu == NULL || pmt->mcu_scan == NULL) return 0; //printf("DetectUricontentMatch: going to scan uri buffer(s)\n"); @@ -251,7 +255,6 @@ int DetectUricontentMatch (ThreadVars *t, PatternMatcherThread *pmt, Packet *p, u_int8_t i; for (i = 0; i < p->http_uri.cnt; i++) { //printf("p->http_uri.raw_size[%u] %u, %p, %s\n", i, p->http_uri.raw_size[i], p->http_uri.raw[i], p->http_uri.raw[i]); - //printf("pmt->mcu %p, pmt->mcu_scan %p\n", pmt->mcu, pmt->mcu_scan); if (pmt->sgh->mpm_uricontent_maxlen <= p->http_uri.raw_size[i]) { if (pmt->sgh->mpm_uricontent_maxlen == 1) pmt->pkts_uri_scanned1++; @@ -273,7 +276,6 @@ int DetectUricontentMatch (ThreadVars *t, PatternMatcherThread *pmt, Packet *p, //printf("DetectUricontentMatch: ret %u\n", ret); } } - pmt->de_scanned_httpuri = 1; //printf("DetectUricontentMatch: final ret %u\n", ret); if (ret == 0) diff --git a/src/detect.c b/src/detect.c index 5bb005de62..ea713ec8ca 100644 --- a/src/detect.c +++ b/src/detect.c @@ -1410,6 +1410,7 @@ static int BuildDestinationAddressHeads(DetectEngineCtx *de_ctx, DetectAddressGr de_ctx->mpm_uri_unique++; } else { sgr->sh->mpm_uri_ctx = mpmsh->mpm_uri_ctx; + sgr->sh->mpm_uri_scan_ctx = mpmsh->mpm_uri_scan_ctx; sgr->sh->flags |= SIG_GROUP_HEAD_MPM_URI_COPY; SigGroupHeadClearUricontent(sgr->sh); @@ -1809,6 +1810,7 @@ static int BuildDestinationAddressHeadsWithBothPorts(DetectEngineCtx *de_ctx, De de_ctx->mpm_uri_unique++; } else { dp->sh->mpm_uri_ctx = mpmsh->mpm_uri_ctx; + dp->sh->mpm_uri_scan_ctx = mpmsh->mpm_uri_scan_ctx; dp->sh->flags |= SIG_GROUP_HEAD_MPM_URI_COPY; SigGroupHeadClearUricontent(dp->sh);