detect: shrink Signature::sm_arrays

Signature::sm_arrays now only contains 'built-in' lists, and so is sized appropriately.
9 years ago · 0a5ae415b8
parent 4978a7a133
commit 0a5ae415b8
6 changed files with 60 additions and 49 deletions
--- a/src/detect-dnp3.c
+++ b/src/detect-dnp3.c
@ -150,12 +150,12 @@ static int DetectEngineInspectDNP3Data(ThreadVars *tv, DetectEngineCtx *de_ctx,
    /* Content match - should probably be put into its own file. */
    if (flags & STREAM_TOSERVER && tx->request_buffer != NULL) {
        r = DetectEngineContentInspection(de_ctx, det_ctx, s,
-            s->sm_arrays[DETECT_SM_LIST_DNP3_DATA_MATCH], f, tx->request_buffer,
+            smd, f, tx->request_buffer,
            tx->request_buffer_len, 0, 0, NULL);
    }
    else if (flags & STREAM_TOCLIENT && tx->response_buffer != NULL) {
        r = DetectEngineContentInspection(de_ctx, det_ctx, s,
-            s->sm_arrays[DETECT_SM_LIST_DNP3_DATA_MATCH], f, tx->response_buffer,
+            smd, f, tx->response_buffer,
            tx->response_buffer_len, 0, 0, NULL);
    }

--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@ -144,11 +144,20 @@ void DetectAppLayerInspectEngineRegister(AppProto alproto,

 int DetectEngineAppInspectionEngine2Signature(Signature *s)
 {
-    int lists_used[DETECT_SM_LIST_MAX] = { 0 };
+    SigMatchData *ptrs[DETECT_SM_LIST_MAX] = { NULL };
+
+    /* convert lists to SigMatchData arrays */
+    int i = 0;
+    for (i = DETECT_SM_LIST_BUILTIN_MAX; i < DETECT_SM_LIST_MAX; i++) {
+        if (s->init_data->smlists[i] == NULL)
+            continue;
+
+        ptrs[i] = SigMatchList2DataArray(s->init_data->smlists[i]);
+    }

    DetectEngineAppInspectionEngine *t = g_app_inspect_engines;
    while (t != NULL) {
-        if (s->sm_arrays[t->sm_list] == NULL)
+        if (ptrs[t->sm_list] == NULL)
            goto next;
        if (t->alproto == ALPROTO_UNKNOWN) {
            /* special case, inspect engine applies to all protocols */
@ -208,8 +217,7 @@ int DetectEngineAppInspectionEngine2Signature(Signature *s)

            case DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH:

-                new_engine->smd = s->sm_arrays[new_engine->sm_list];
-                lists_used[t->sm_list] = 1;
+                new_engine->smd = ptrs[new_engine->sm_list];
                break;
            default:
                break;
@ -234,15 +242,6 @@ next:
        t = t->next;
    }

-    /* clear s->sm_arrays for those lists that we put
-     * in the inspect engines. They own it now. */
-    int i;
-    for (i = 0; i < DETECT_SM_LIST_MAX; i++) {
-        if (lists_used[i]) {
-            s->sm_arrays[i] = NULL;
-        }
-    }
-
    return 0;
 }

--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@ -1045,7 +1045,7 @@ static void SigMatchFreeArrays(Signature *s, int ctxs)
 {
    if (s != NULL) {
        int type;
-        for (type = 0; type < DETECT_SM_LIST_MAX; type++) {
+        for (type = 0; type < DETECT_SM_LIST_BUILTIN_MAX; type++) {
            if (s->sm_arrays[type] != NULL) {
                if (ctxs) {
                    SigMatchData *smd = s->sm_arrays[type];
@ -1228,6 +1228,42 @@ static void SigBuildAddressMatchArray(Signature *s)
    }
 }

+static int SigMatchListLen(SigMatch *sm)
+{
+    int len = 0;
+    for (; sm != NULL; sm = sm->next)
+        len++;
+
+    return len;
+}
+
+/** \brief convert SigMatch list to SigMatchData array
+ *  \note ownership of sm->ctx is transfered to smd->ctx
+ */
+SigMatchData* SigMatchList2DataArray(SigMatch *head)
+{
+    int len = SigMatchListLen(head);
+    if (len == 0)
+        return NULL;
+
+    SigMatchData *smd = (SigMatchData *)SCCalloc(len, sizeof(SigMatchData));
+    if (smd == NULL) {
+        SCLogError(SC_ERR_DETECT_PREPARE, "initializing the detection engine failed");
+        exit(EXIT_FAILURE);
+    }
+    SigMatchData *out = smd;
+
+    /* Copy sm type and Context into array */
+    SigMatch *sm = head;
+    for (; sm != NULL; sm = sm->next, smd++) {
+        smd->type = sm->type;
+        smd->ctx = sm->ctx;
+        sm->ctx = NULL; // SigMatch no longer owns the ctx
+        smd->is_last = (sm->next == NULL);
+    }
+    return out;
+}
+
 /**
 *  \internal
 *  \brief validate a just parsed signature for internal inconsistencies
--- a/src/detect-parse.h
+++ b/src/detect-parse.h
@ -50,6 +50,7 @@ SigMatch *SigMatchGetLastSM(const Signature *);
 void SigMatchTransferSigMatchAcrossLists(SigMatch *sm,
                                         SigMatch **, SigMatch **s,
                                         SigMatch **, SigMatch **);
+SigMatchData* SigMatchList2DataArray(SigMatch *head);
 void SigParsePrepare(void);
 void SigParseRegisterTests(void);
 Signature *DetectEngineAppendSig(DetectEngineCtx *, char *);
--- a/src/detect.c
+++ b/src/detect.c
@ -3911,15 +3911,6 @@ int SigAddressPrepareStage4(DetectEngineCtx *de_ctx)
    SCReturnInt(0);
 }

-static int SigMatchListLen(SigMatch *sm)
-{
-    int len = 0;
-    for (; sm != NULL; sm = sm->next)
-        len++;
-
-    return len;
-}
-
 /** \internal
 *  \brief perform final per signature setup tasks
 *
@ -3933,32 +3924,15 @@ static int SigMatchPrepare(DetectEngineCtx *de_ctx)

    Signature *s = de_ctx->sig_list;
    for (; s != NULL; s = s->next) {
+        /* set up inspect engines */
+        DetectEngineAppInspectionEngine2Signature(s);
+
        int type;
-        for (type = 0; type < DETECT_SM_LIST_MAX; type++) {
+        for (type = 0; type < DETECT_SM_LIST_BUILTIN_MAX; type++) {
            SigMatch *sm = s->init_data->smlists[type];
-            int len = SigMatchListLen(sm);
-            if (len == 0)
-                s->sm_arrays[type] = NULL;
-            else {
-                SigMatchData *smd = (SigMatchData*)SCMalloc(len * sizeof(SigMatchData));
-                if (smd == NULL) {
-                    SCLogError(SC_ERR_DETECT_PREPARE, "initializing the detection engine failed");
-                    exit(EXIT_FAILURE);
-                }
-                /* Copy sm type and Context into array */
-                s->sm_arrays[type] = smd;
-                for (; sm != NULL; sm = sm->next, smd++) {
-                    smd->type = sm->type;
-                    smd->ctx = sm->ctx;
-                    sm->ctx = NULL; // SigMatch no longer owns the ctx
-                    smd->is_last = (sm->next == NULL);
-                }
-            }
+            s->sm_arrays[type] = SigMatchList2DataArray(sm);
        }

-        /* set up inspect engines */
-        DetectEngineAppInspectionEngine2Signature(s);
-
        /* free lists. Ctx' are xferred to sm_arrays so won't get freed */
        int i;
        for (i = 0; i < DETECT_SM_LIST_MAX; i++) {
--- a/src/detect.h
+++ b/src/detect.h
@ -475,8 +475,9 @@ typedef struct Signature_ {

    DetectEngineAppInspectionEngine *app_inspect;

-    /* Hold copies of the sm lists for Match() */
-    SigMatchData *sm_arrays[DETECT_SM_LIST_MAX];
+    /* Matching structures for the built-ins. The others are in
+     * their inspect engines. */
+    SigMatchData *sm_arrays[DETECT_SM_LIST_BUILTIN_MAX];

    /* memory is still owned by the sm_lists/sm_arrays entry */
    const struct DetectFilestoreData_ *filestore_ctx;