From 95ed975cca06a93059d5583c4b9b17657f8ee605 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Mon, 31 Mar 2025 12:07:05 +0200 Subject: [PATCH] detect/tls.version: allow using rule hook tls.version isn't hooked to a specific state by default. Allow it to register at the rule hook. --- src/detect-tls-version.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/detect-tls-version.c b/src/detect-tls-version.c index 3a526e9738..9df017cc82 100644 --- a/src/detect-tls-version.c +++ b/src/detect-tls-version.c @@ -240,11 +240,15 @@ static int DetectTlsVersionSetup (DetectEngineCtx *de_ctx, Signature *s, const c if (tls == NULL) goto error; + /* keyword supports multiple hooks, so attach to the hook specified in the rule. */ + int list = g_tls_generic_list_id; /* Okay so far so good, lets get this into a SigMatch * and put it in the Signature. */ + if (s->init_data->hook.type == SIGNATURE_HOOK_TYPE_APP) { + list = s->init_data->hook.sm_list; + } - if (SigMatchAppendSMToList( - de_ctx, s, DETECT_TLS_VERSION, (SigMatchCtx *)tls, g_tls_generic_list_id) == NULL) { + if (SigMatchAppendSMToList(de_ctx, s, DETECT_TLS_VERSION, (SigMatchCtx *)tls, list) == NULL) { goto error; }