int AppLayerParserHasDecoderEvents(uint8_t ipproto, AppProto alproto,
void *alstate, AppLayerParserState *pstate,
uint8_t flags)
{
SCEnter();
if (alstate == NULL || pstate == NULL)
goto not_present;
AppLayerDecoderEvents *decoder_events;
uint64_t tx_id;
uint64_t max_id;
if (AppLayerParserProtocolIsTxEventAware(ipproto, alproto)) {
/* fast path if supported by alproto */
if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].StateHasEvents != NULL) {
if (alp_ctx.ctxs[FlowGetProtoMapping(ipproto)][alproto].
StateHasEvents(alstate) == 1)
{
goto present;
}
} else {
/* check each tx */
tx_id = AppLayerParserGetTransactionInspectId(pstate, flags);
max_id = AppLayerParserGetTxCnt(ipproto, alproto, alstate);
for ( ; tx_id < max_id; tx_id++) {
decoder_events = AppLayerParserGetEventsByTx(ipproto, alproto, alstate, tx_id);
if (decoder_events && decoder_events->cnt)
goto present;
}
}
}
decoder_events = AppLayerParserGetDecoderEvents(pstate);
if (decoder_events && decoder_events->cnt)
goto present;
/* if we have reached here, we don't have events */
not_present:
SCReturnInt(0);
present:
SCReturnInt(1);
}
static int DetectAppLayerEventAppMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
Flow *f, uint8_t flags, void *state, Signature *s,
SigMatch *m)
{
SCEnter();
AppLayerDecoderEvents *decoder_events = NULL;
int r = 0;
DetectAppLayerEventData *aled = (DetectAppLayerEventData *)m->ctx;
if (r == 0) {
decoder_events = AppLayerParserGetDecoderEvents(f->alparser);
if (decoder_events != NULL &&
AppLayerDecoderEventsIsEventSet(decoder_events, aled->event_id)) {
r = 1;
}
}
SCReturnInt(r);
}
