output: optimize loop for finding alert http xff

Ticket: 8156

In case of non-tx alerts, we try to loop over all the txs to find
the xff header. Do not start from tx_id 0, but from min_id
as AppLayerParserTransactionsCleanup to skip txs that were freed

(cherry picked from commit 3b1a6c1711)
pull/14599/head
Philippe Antoine 4 months ago committed by Shivani Bhardwaj
parent d767dfadcd
commit 754c4e9bde

@ -177,7 +177,7 @@ int HttpXFFGetIPFromTx(const Flow *f, uint64_t tx_id, HttpXFFCfg *xff_cfg,
int HttpXFFGetIP(const Flow *f, HttpXFFCfg *xff_cfg, char *dstbuf, int dstbuflen)
{
HtpState *htp_state = NULL;
uint64_t tx_id = 0;
uint64_t tx_id = AppLayerParserGetMinId(f->alparser);
uint64_t total_txs = 0;
htp_state = (HtpState *)FlowGetAppState(f);

@ -705,6 +705,13 @@ uint64_t AppLayerParserGetTransactionLogId(AppLayerParserState *pstate)
SCReturnCT((pstate == NULL) ? 0 : pstate->log_id, "uint64_t");
}
uint64_t AppLayerParserGetMinId(AppLayerParserState *pstate)
{
SCEnter();
SCReturnCT((pstate == NULL) ? 0 : pstate->min_id, "uint64_t");
}
void AppLayerParserSetTransactionLogId(AppLayerParserState *pstate, uint64_t tx_id)
{
SCEnter();

@ -230,6 +230,7 @@ void AppLayerParserDestroyProtocolParserLocalStorage(uint8_t ipproto, AppProto a
uint64_t AppLayerParserGetTransactionLogId(AppLayerParserState *pstate);
uint64_t AppLayerParserGetMinId(AppLayerParserState *pstate);
void AppLayerParserSetTransactionLogId(AppLayerParserState *pstate, uint64_t tx_id);
uint64_t AppLayerParserGetTransactionInspectId(AppLayerParserState *pstate, uint8_t direction);

Loading…
Cancel
Save