diff --git a/src/detect-engine-state.c b/src/detect-engine-state.c index aef8133639..0a1a3b30f1 100644 --- a/src/detect-engine-state.c +++ b/src/detect-engine-state.c @@ -246,25 +246,6 @@ void DetectRunStoreStateTx( SCLogDebug("Stored for TX %"PRIu64, tx_id); } -/** \brief update flow's inspection id's - * - * \param f unlocked flow - * \param flags direction and disruption flags - * \param tag_txs_as_inspected if true all 'complete' txs will be marked - * 'inspected' - * - * \note it is possible that f->alstate, f->alparser are NULL */ -void DeStateUpdateInspectTransactionId(Flow *f, const uint8_t flags, - const bool tag_txs_as_inspected) -{ - if (f->alparser && f->alstate) { - AppLayerParserSetTransactionInspectId(f, f->alparser, - f->alstate, flags, - tag_txs_as_inspected); - } - return; -} - static inline void ResetTxState(DetectEngineState *s) { if (s) { diff --git a/src/detect-engine-state.h b/src/detect-engine-state.h index 3dc86847aa..d6265b3a9b 100644 --- a/src/detect-engine-state.h +++ b/src/detect-engine-state.h @@ -108,15 +108,6 @@ DetectEngineState *DetectEngineStateAlloc(void); */ void DetectEngineStateFree(DetectEngineState *state); -/** - * \brief Update the inspect id. - * - * \param f unlocked flow - * \param flags direction and disruption flags - */ -void DeStateUpdateInspectTransactionId(Flow *f, const uint8_t flags, - const bool tag_txs_as_inspected); - void DetectEngineStateResetTxs(Flow *f); void DeStateRegisterTests(void); diff --git a/src/detect.c b/src/detect.c index 7b469ed05e..6b6699ca6a 100644 --- a/src/detect.c +++ b/src/detect.c @@ -921,7 +921,8 @@ static inline void DetectRunPostRules( /* see if we need to increment the inspect_id and reset the de_state */ if (pflow && pflow->alstate) { PACKET_PROFILING_DETECT_START(p, PROF_DETECT_TX_UPDATE); - DeStateUpdateInspectTransactionId(pflow, scratch->flow_flags, (scratch->sgh == NULL)); + AppLayerParserSetTransactionInspectId(pflow, pflow->alparser, pflow->alstate, + scratch->flow_flags, (scratch->sgh == NULL)); PACKET_PROFILING_DETECT_END(p, PROF_DETECT_TX_UPDATE); } @@ -1661,20 +1662,19 @@ static void DetectFlow(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p) { + Flow *const f = p->flow; + if (p->flags & PKT_NOPACKET_INSPECTION) { /* hack: if we are in pass the entire flow mode, we need to still * update the inspect_id forward. So test for the condition here, * and call the update code if necessary. */ - const int pass = ((p->flow->flags & FLOW_NOPACKET_INSPECTION)); + const int pass = ((f->flags & FLOW_NOPACKET_INSPECTION)); if (pass) { - uint8_t flags; - if (p->flowflags & FLOW_PKT_TOSERVER) { - flags = STREAM_TOSERVER; - } else { - flags = STREAM_TOCLIENT; + uint8_t flags = STREAM_FLAGS_FOR_PACKET(p); + flags = FlowGetDisruptionFlags(f, flags); + if (f->alstate) { + AppLayerParserSetTransactionInspectId(f, f->alparser, f->alstate, flags, true); } - flags = FlowGetDisruptionFlags(p->flow, flags); - DeStateUpdateInspectTransactionId(p->flow, flags, true); } SCLogDebug("p->pcap %"PRIu64": no detection on packet, " "PKT_NOPACKET_INSPECTION is set", p->pcap_cnt); @@ -1682,7 +1682,7 @@ static void DetectFlow(ThreadVars *tv, } /* if flow is set to drop, we enforce that here */ - if (p->flow->flags & FLOW_ACTION_DROP) { + if (f->flags & FLOW_ACTION_DROP) { PacketDrop(p, ACTION_DROP, PKT_DROP_REASON_FLOW_DROP); SCReturn; }