|
|
|
|
@ -152,7 +152,7 @@ int DetectFlowMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p,
|
|
|
|
|
|
|
|
|
|
const DetectFlowData *fd = (const DetectFlowData *)ctx;
|
|
|
|
|
|
|
|
|
|
int ret = FlowMatch(p->flags, p->flowflags, det_ctx->flags, fd->flags, fd->match_cnt);;
|
|
|
|
|
const int ret = FlowMatch(p->flags, p->flowflags, det_ctx->flags, fd->flags, fd->match_cnt);
|
|
|
|
|
SCLogDebug("returning %" PRId32 " fd->match_cnt %" PRId32 " fd->flags 0x%02X p->flowflags 0x%02X",
|
|
|
|
|
ret, fd->match_cnt, fd->flags, p->flowflags);
|
|
|
|
|
SCReturnInt(ret);
|
|
|
|
|
@ -359,22 +359,17 @@ int DetectFlowSetupImplicit(Signature *s, uint32_t flags)
|
|
|
|
|
*/
|
|
|
|
|
int DetectFlowSetup (DetectEngineCtx *de_ctx, Signature *s, const char *flowstr)
|
|
|
|
|
{
|
|
|
|
|
DetectFlowData *fd = NULL;
|
|
|
|
|
SigMatch *sm = NULL;
|
|
|
|
|
|
|
|
|
|
fd = DetectFlowParse(flowstr);
|
|
|
|
|
if (fd == NULL)
|
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
|
|
/*ensure only one flow option*/
|
|
|
|
|
/* ensure only one flow option */
|
|
|
|
|
if (s->init_data->init_flags & SIG_FLAG_INIT_FLOW) {
|
|
|
|
|
SCLogError (SC_ERR_INVALID_SIGNATURE, "A signature may have only one flow option.");
|
|
|
|
|
goto error;
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Okay so far so good, lets get this into a SigMatch
|
|
|
|
|
* and put it in the Signature. */
|
|
|
|
|
sm = SigMatchAlloc();
|
|
|
|
|
DetectFlowData *fd = DetectFlowParse(flowstr);
|
|
|
|
|
if (fd == NULL)
|
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
|
|
SigMatch *sm = SigMatchAlloc();
|
|
|
|
|
if (sm == NULL)
|
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
|
|
@ -406,8 +401,6 @@ int DetectFlowSetup (DetectEngineCtx *de_ctx, Signature *s, const char *flowstr)
|
|
|
|
|
error:
|
|
|
|
|
if (fd != NULL)
|
|
|
|
|
DetectFlowFree(fd);
|
|
|
|
|
if (sm != NULL)
|
|
|
|
|
SCFree(sm);
|
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
Victor Julien
7 years ago