|
|
|
|
@ -627,29 +627,29 @@ void DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
|
|
|
|
|
KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_AMATCH);
|
|
|
|
|
for (sm = item->nm; sm != NULL; sm = sm->next) {
|
|
|
|
|
if (sigmatch_table[sm->type].AppLayerMatch != NULL)
|
|
|
|
|
{
|
|
|
|
|
if (alproto == ALPROTO_SMB || alproto == ALPROTO_SMB2) {
|
|
|
|
|
smb_state = (SMBState *)alstate;
|
|
|
|
|
if (smb_state->dcerpc_present) {
|
|
|
|
|
KEYWORD_PROFILING_START;
|
|
|
|
|
match = sigmatch_table[sm->type].
|
|
|
|
|
AppLayerMatch(tv, det_ctx, f, flags, &smb_state->dcerpc, s, sm);
|
|
|
|
|
KEYWORD_PROFILING_END(det_ctx, sm->type, (match > 0));
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
{
|
|
|
|
|
if (alproto == ALPROTO_SMB || alproto == ALPROTO_SMB2) {
|
|
|
|
|
smb_state = (SMBState *)alstate;
|
|
|
|
|
if (smb_state->dcerpc_present) {
|
|
|
|
|
KEYWORD_PROFILING_START;
|
|
|
|
|
match = sigmatch_table[sm->type].
|
|
|
|
|
AppLayerMatch(tv, det_ctx, f, flags, alstate, s, sm);
|
|
|
|
|
AppLayerMatch(tv, det_ctx, f, flags, &smb_state->dcerpc, s, sm);
|
|
|
|
|
KEYWORD_PROFILING_END(det_ctx, sm->type, (match > 0));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (match == 0)
|
|
|
|
|
break;
|
|
|
|
|
else if (match == 2)
|
|
|
|
|
inspect_flags |= DE_STATE_FLAG_SIG_CANT_MATCH;
|
|
|
|
|
else if (match == 1)
|
|
|
|
|
total_matches++;
|
|
|
|
|
} else {
|
|
|
|
|
KEYWORD_PROFILING_START;
|
|
|
|
|
match = sigmatch_table[sm->type].
|
|
|
|
|
AppLayerMatch(tv, det_ctx, f, flags, alstate, s, sm);
|
|
|
|
|
KEYWORD_PROFILING_END(det_ctx, sm->type, (match > 0));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (match == 0)
|
|
|
|
|
break;
|
|
|
|
|
else if (match == 2)
|
|
|
|
|
inspect_flags |= DE_STATE_FLAG_SIG_CANT_MATCH;
|
|
|
|
|
else if (match == 1)
|
|
|
|
|
total_matches++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
RULE_PROFILING_END(det_ctx, s, match, p);
|
|
|
|
|
|
|
|
|
|
|
Victor Julien
12 years ago