From 27e63a1e1134812b414e189caa90e53d8266ed86 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Mon, 28 Sep 2015 10:10:58 +0200
Subject: [PATCH] detect: track direction and ipproto of sgh

Each SGH has a unique ipproto and direction.
---
 src/detect-engine-siggroup.c | 9 +++++++++
 src/detect-engine-siggroup.h | 2 ++
 src/detect.c                 | 2 ++
 src/detect.h                 | 3 +++
 4 files changed, 16 insertions(+)

diff --git a/src/detect-engine-siggroup.c b/src/detect-engine-siggroup.c
index d25e8d257d..42f12f0ced 100644
--- a/src/detect-engine-siggroup.c
+++ b/src/detect-engine-siggroup.c
@@ -1142,6 +1142,15 @@ void SigGroupHeadSetSigCnt(SigGroupHead *sgh, uint32_t max_idx)
     return;
 }
 
+void SigGroupHeadSetProtoAndDirection(SigGroupHead *sgh,
+                                      uint8_t ipproto, uint8_t dir)
+{
+    if (sgh && sgh->init) {
+        sgh->init->protos[ipproto] = 1;
+        sgh->init->direction = dir;
+    }
+}
+
 /**
  * \brief Prints the memory statistics for the detect-engine-siggroup.[ch] module.
  */
diff --git a/src/detect-engine-siggroup.h b/src/detect-engine-siggroup.h
index 69b24fd473..c4470c09ff 100644
--- a/src/detect-engine-siggroup.h
+++ b/src/detect-engine-siggroup.h
@@ -73,6 +73,8 @@ int SigGroupHeadSPortHashRemove(DetectEngineCtx *, SigGroupHead *);
 
 void SigGroupHeadInitDataFree(SigGroupHeadInitData *sghid);
 void SigGroupHeadSetSigCnt(SigGroupHead *sgh, uint32_t max_idx);
+void SigGroupHeadSetProtoAndDirection(SigGroupHead *sgh,
+                                      uint8_t ipproto, uint8_t dir);
 int SigGroupHeadBuildMatchArray (DetectEngineCtx *de_ctx, SigGroupHead *sgh,
                                  uint32_t max_idx);
 void SigGroupHeadFreeSigArrays(DetectEngineCtx *de_ctx);
diff --git a/src/detect.c b/src/detect.c
index 0fb95edc73..4a12286611 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -3728,6 +3728,7 @@ int BuildDestinationAddressHeads(DetectEngineCtx *de_ctx,
             if (sgh == NULL) {
                 /* put the contents in our sig group head */
                 SigGroupHeadSetSigCnt(sgr->sh, max_idx);
+                SigGroupHeadSetProtoAndDirection(sgr->sh, ipproto, flow);
                 SigGroupHeadBuildMatchArray(de_ctx, sgr->sh, max_idx);
                 SigGroupHeadHashAdd(de_ctx, sgr->sh);
                 SigGroupHeadStore(de_ctx, sgr->sh);
@@ -3957,6 +3958,7 @@ int BuildDestinationAddressHeadsWithBothPorts(DetectEngineCtx *de_ctx,
                                 SCLogDebug("dp %p dp->sh %p is the original (sp %p, dst_gr %p, src_gr %p)", dp, dp->sh, sp, dst_gr, src_gr);
 
                                 SigGroupHeadSetSigCnt(dp->sh, max_idx);
+                                SigGroupHeadSetProtoAndDirection(dp->sh, ipproto, flow);
                                 SigGroupHeadBuildMatchArray(de_ctx,dp->sh, max_idx);
                                 SigGroupHeadDPortHashAdd(de_ctx, dp->sh);
                                 SigGroupHeadStore(de_ctx, dp->sh);
diff --git a/src/detect.h b/src/detect.h
index 3ca3108fd2..3afd5b3132 100644
--- a/src/detect.h
+++ b/src/detect.h
@@ -983,6 +983,9 @@ typedef struct SigGroupHeadInitData_ {
     uint8_t *sig_array; /**< bit array of sig nums (internal id's) */
     uint32_t sig_size; /**< size in bytes */
 
+    uint8_t protos[256];
+    uint8_t direction;
+
     /* port ptr */
     struct DetectPort_ *port;
 } SigGroupHeadInitData;