[Oisf-devel] [PATCH 1/2] Add transaction id to alert.
Victor Julien
victor at inliniac.net
Tue Oct 4 11:28:44 UTC 2011
On 10/04/2011 09:35 AM, Eric Leblond wrote:
> @@ -182,6 +184,15 @@ int PacketAlertAppend(DetectEngineThreadCtx *det_ctx, Signature *s, Packet *p, u
> p->alerts.alerts[i].s = s;
> }
>
> + if (p->flow) {
> + int ret = AppLayerTransactionGetInspectId(p->flow);
> + if (ret == -1) {
> + p->alerts.alerts[i].tx_id = 0;
> + } else {
> + p->alerts.alerts[i].tx_id = ret;
> + }
> + }
This function accesses the flow so it will need some form of locking.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list