From 1132ab635ac6c6b9b3fee1853e310ebfc564cc11 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Tue, 25 Aug 2009 09:04:14 +0200 Subject: [PATCH] Rename all pmt->det_ctx. --- src/detect-content.c | 44 ++-- src/detect-decode-event.c | 4 +- src/detect-dsize.c | 2 +- src/detect-engine-address.c | 2 +- src/detect-engine-mpm.c | 14 +- src/detect-flow.c | 4 +- src/detect-flowbits.c | 2 +- src/detect-flowvar.c | 2 +- src/detect-pcre.c | 64 +++--- src/detect-pktvar.c | 2 +- src/detect-uricontent.c | 36 ++-- src/detect.c | 394 ++++++++++++++++++------------------ 12 files changed, 285 insertions(+), 285 deletions(-) diff --git a/src/detect-content.c b/src/detect-content.c index a330b71ea3..dade4eb3a2 100644 --- a/src/detect-content.c +++ b/src/detect-content.c @@ -109,14 +109,14 @@ TestOffsetDepth(MpmMatch *m, DetectContentData *co, uint16_t pktoff) { * that turn out to fail being followed by full matches later in the * packet. This adds some runtime complexity however. */ static inline int -TestWithinDistanceOffsetDepth(ThreadVars *t, DetectEngineThreadCtx *pmt, MpmMatch *m, SigMatch *nsm, uint16_t pktoff) +TestWithinDistanceOffsetDepth(ThreadVars *t, DetectEngineThreadCtx *det_ctx, MpmMatch *m, SigMatch *nsm, uint16_t pktoff) { //printf("test_nextsigmatch m:%p, nsm:%p\n", m,nsm); if (nsm == NULL) return 1; DetectContentData *co = (DetectContentData *)nsm->ctx; - MpmMatch *nm = pmt->mtc.match[co->id].top; + MpmMatch *nm = det_ctx->mtc.match[co->id].top; for (; nm; nm = nm->next) { //printf("TestWithinDistanceOffsetDepth: nm->offset %" PRIu32 ", m->offset %" PRIu32 ", pktoff %" PRIu32 "\n", nm->offset, m->offset, pktoff); @@ -137,7 +137,7 @@ TestWithinDistanceOffsetDepth(ThreadVars *t, DetectEngineThreadCtx *pmt, MpmMatc // "nm->offset %" PRIu32 ", m->offset %" PRIu32 "\n", nm->offset - m->offset, // co->distance, nm->offset, m->offset); if (TestOffsetDepth(nm, co, pktoff) == 1) { - return TestWithinDistanceOffsetDepth(t, pmt, nm, nsm->next, pktoff); + return TestWithinDistanceOffsetDepth(t, det_ctx, nm, nsm->next, pktoff); } } else { //printf("TestWithinDistanceOffsetDepth: NO MATCH: %" PRIu32 " >= DISTANCE(%" PRIu32 "), " @@ -155,37 +155,37 @@ TestWithinDistanceOffsetDepth(ThreadVars *t, DetectEngineThreadCtx *pmt, MpmMatc } static inline int -DoDetectContent(ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signature *s, SigMatch *sm, DetectContentData *co) +DoDetectContent(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, SigMatch *sm, DetectContentData *co) { int ret = 0; char match = 0; /* Get the top match, we already know we have one. */ - MpmMatch *m = pmt->mtc.match[co->id].top; + MpmMatch *m = det_ctx->mtc.match[co->id].top; /* if we have within or distance coming up next, check this match * for distance and/or within and check the rest of this match * chain as well. */ if ((co->flags & DETECT_CONTENT_WITHIN_NEXT || co->flags & DETECT_CONTENT_DISTANCE_NEXT) && - pmt->de_checking_distancewithin == 0) + det_ctx->de_checking_distancewithin == 0) { //printf("DoDetectContent: Content \""); PrintRawUriFp(stdout, co->content, co->content_len); //printf("\" DETECT_CONTENT_WITHIN_NEXT or DETECT_CONTENT_DISTANCE_NEXT is true\n"); /* indicate to the detection engine the next sigmatch(es) * are part of this match chain */ - pmt->de_checking_distancewithin = 1; + det_ctx->de_checking_distancewithin = 1; for (; m != NULL; m = m->next) { /* first check our match for offset and depth */ - if (TestOffsetDepth(m, co, pmt->pkt_off) == 1) { + if (TestOffsetDepth(m, co, det_ctx->pkt_off) == 1) { //printf("DoDetectContent: TestOffsetDepth returned 1\n"); - ret = TestWithinDistanceOffsetDepth(t, pmt, m, sm->next, pmt->pkt_off); + ret = TestWithinDistanceOffsetDepth(t, det_ctx, m, sm->next, det_ctx->pkt_off); if (ret == 1) { //printf("DoDetectContent: TestWithinDistanceOffsetDepth returned 1\n"); - pmt->pkt_ptr = p->payload + m->offset; - pmt->pkt_off = m->offset; + det_ctx->pkt_ptr = p->payload + m->offset; + det_ctx->pkt_off = m->offset; match = 1; break; } @@ -203,7 +203,7 @@ DoDetectContent(ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signature } else if (co->flags & DETECT_CONTENT_WITHIN || co->flags & DETECT_CONTENT_DISTANCE) { - pmt->de_checking_distancewithin = 0; + det_ctx->de_checking_distancewithin = 0; match = 1; /* Getting here means we are not in checking an within/distance chain. @@ -214,13 +214,13 @@ DoDetectContent(ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signature } else { /* when in recursive capture mode don't check depth and offset * after the first match */ - if (s->flags & SIG_FLAG_RECURSIVE && pmt->pkt_cnt) { + if (s->flags & SIG_FLAG_RECURSIVE && det_ctx->pkt_cnt) { for (; m != NULL; m = m->next) { - if (m->offset >= pmt->pkt_off) { + if (m->offset >= det_ctx->pkt_off) { /* update pkt ptrs, content doesn't use this, * but pcre does */ - pmt->pkt_ptr = p->payload + m->offset; - pmt->pkt_off = m->offset; + det_ctx->pkt_ptr = p->payload + m->offset; + det_ctx->pkt_off = m->offset; match = 1; break; } @@ -232,8 +232,8 @@ DoDetectContent(ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signature if (ret == 1) { /* update pkt ptrs, this content run doesn't * use this, but pcre does */ - pmt->pkt_ptr = p->payload + m->offset; - pmt->pkt_off = m->offset; + det_ctx->pkt_ptr = p->payload + m->offset; + det_ctx->pkt_off = m->offset; match = 1; break; } @@ -250,7 +250,7 @@ DoDetectContent(ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signature * -1: error */ -int DetectContentMatch (ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signature *s, SigMatch *m) +int DetectContentMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, SigMatch *m) { uint32_t len = 0; @@ -260,7 +260,7 @@ int DetectContentMatch (ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Si DetectContentData *co = (DetectContentData *)m->ctx; /* see if we had a match */ - len = pmt->mtc.match[co->id].len; + len = det_ctx->mtc.match[co->id].len; if (len == 0) return 0; @@ -269,13 +269,13 @@ int DetectContentMatch (ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Si printf("\" matched %" PRIu32 " time(s) at offsets: ", len); MpmMatch *tmpm = NULL; - for (tmpm = pmt->mtc.match[co->id].top; tmpm != NULL; tmpm = tmpm->next) { + for (tmpm = det_ctx->mtc.match[co->id].top; tmpm != NULL; tmpm = tmpm->next) { printf("%" PRIu32 " ", tmpm->offset); } printf("\n"); #endif - return DoDetectContent(t, pmt, p, s, m, co); + return DoDetectContent(t, det_ctx, p, s, m, co); } DetectContentData *DetectContentParse (char *contentstr) diff --git a/src/detect-decode-event.c b/src/detect-decode-event.c index a01187ae63..7af99a7847 100644 --- a/src/detect-decode-event.c +++ b/src/detect-decode-event.c @@ -69,7 +69,7 @@ error: * \brief This function is used to match decoder event flags set on a packet with those passed via decode-event: * * \param t pointer to thread vars - * \param pmt pointer to the pattern matcher thread + * \param det_ctx pointer to the pattern matcher thread * \param p pointer to the current packet * \param s pointer to the Signature * \param m pointer to the sigmatch @@ -77,7 +77,7 @@ error: * \retval 0 no match * \retval 1 match */ -int DetectDecodeEventMatch (ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signature *s, SigMatch *m) +int DetectDecodeEventMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, SigMatch *m) { int ret = 0; DetectDecodeEventData *de = (DetectDecodeEventData *)m->ctx; diff --git a/src/detect-dsize.c b/src/detect-dsize.c index 240bade5da..4f6358d268 100644 --- a/src/detect-dsize.c +++ b/src/detect-dsize.c @@ -56,7 +56,7 @@ error: * -1: error */ -int DetectDsizeMatch (ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signature *s, SigMatch *m) +int DetectDsizeMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, SigMatch *m) { int ret = 0; diff --git a/src/detect-engine-address.c b/src/detect-engine-address.c index 62dbb93102..2de38687f8 100644 --- a/src/detect-engine-address.c +++ b/src/detect-engine-address.c @@ -5,7 +5,7 @@ * TODO move this out of the detection plugin structure * rename to detect-engine-address.c * - * + * */ #include "eidps-common.h" diff --git a/src/detect-engine-mpm.c b/src/detect-engine-mpm.c index 191a7636c1..b86c4f4c6a 100644 --- a/src/detect-engine-mpm.c +++ b/src/detect-engine-mpm.c @@ -58,19 +58,19 @@ uint32_t PacketPatternMatch(ThreadVars *tv, DetectEngineThreadCtx *det_ctx, Pack } /** \brief cleans up the mpm instance after a match */ -void PacketPatternCleanup(ThreadVars *t, DetectEngineThreadCtx *pmt) { - PmqReset(&pmt->pmq); +void PacketPatternCleanup(ThreadVars *t, DetectEngineThreadCtx *det_ctx) { + PmqReset(&det_ctx->pmq); - if (pmt->sgh == NULL) + if (det_ctx->sgh == NULL) return; /* content */ - if (pmt->sgh->mpm_ctx != NULL && pmt->sgh->mpm_ctx->Cleanup != NULL) { - pmt->sgh->mpm_ctx->Cleanup(&pmt->mtc); + if (det_ctx->sgh->mpm_ctx != NULL && det_ctx->sgh->mpm_ctx->Cleanup != NULL) { + det_ctx->sgh->mpm_ctx->Cleanup(&det_ctx->mtc); } /* uricontent */ - if (pmt->sgh->mpm_uri_ctx != NULL && pmt->sgh->mpm_uri_ctx->Cleanup != NULL) { - pmt->sgh->mpm_uri_ctx->Cleanup(&pmt->mtcu); + if (det_ctx->sgh->mpm_uri_ctx != NULL && det_ctx->sgh->mpm_uri_ctx->Cleanup != NULL) { + det_ctx->sgh->mpm_uri_ctx->Cleanup(&det_ctx->mtcu); } } diff --git a/src/detect-flow.c b/src/detect-flow.c index df3c09f927..bf2b5a9d76 100644 --- a/src/detect-flow.c +++ b/src/detect-flow.c @@ -78,14 +78,14 @@ error: * \todo We need to add support for no_stream and stream_only flag checking * * \param t pointer to thread vars - * \param pmt pointer to the pattern matcher thread + * \param det_ctx pointer to the pattern matcher thread * \param p pointer to the current packet * \param m pointer to the sigmatch that we will cast into DetectFlowData * * \retval 0 no match * \retval 1 match */ -int DetectFlowMatch (ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signature *s, SigMatch *m) +int DetectFlowMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, SigMatch *m) { uint8_t cnt = 0; DetectFlowData *fd = (DetectFlowData *)m->ctx; diff --git a/src/detect-flowbits.c b/src/detect-flowbits.c index 691e09afbe..4d033adca5 100644 --- a/src/detect-flowbits.c +++ b/src/detect-flowbits.c @@ -101,7 +101,7 @@ static int DetectFlowbitMatchIsnotset (Packet *p, DetectFlowbitsData *fd) { * -1: error */ -int DetectFlowbitMatch (ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signature *s, SigMatch *m) +int DetectFlowbitMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, SigMatch *m) { DetectFlowbitsData *fd = (DetectFlowbitsData *)m->ctx; if (fd == NULL) diff --git a/src/detect-flowvar.c b/src/detect-flowvar.c index 5d2144a7d6..9270d804c6 100644 --- a/src/detect-flowvar.c +++ b/src/detect-flowvar.c @@ -59,7 +59,7 @@ error: * -1: error */ -int DetectFlowvarMatch (ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signature *s, SigMatch *m) +int DetectFlowvarMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, SigMatch *m) { int ret = 0; DetectFlowvarData *fd = (DetectFlowvarData *)m->ctx; diff --git a/src/detect-pcre.c b/src/detect-pcre.c index edbf48895f..6cdfd4400a 100644 --- a/src/detect-pcre.c +++ b/src/detect-pcre.c @@ -79,7 +79,7 @@ error: * -1: error */ -int DetectPcreMatch (ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signature *s, SigMatch *m) +int DetectPcreMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, SigMatch *m) { #define MAX_SUBSTRINGS 30 int ret = 0; @@ -92,11 +92,11 @@ int DetectPcreMatch (ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signa DetectPcreData *pe = (DetectPcreData *)m->ctx; if (s->flags & SIG_FLAG_RECURSIVE) { - ptr = pmt->pkt_ptr ? pmt->pkt_ptr : p->payload; - len = p->payload_len - pmt->pkt_off; + ptr = det_ctx->pkt_ptr ? det_ctx->pkt_ptr : p->payload; + len = p->payload_len - det_ctx->pkt_off; } else if (pe->flags & DETECT_PCRE_RELATIVE) { - ptr = pmt->pkt_ptr; - len = p->payload_len - pmt->pkt_off; + ptr = det_ctx->pkt_ptr; + len = p->payload_len - det_ctx->pkt_off; if (ptr == NULL || len == 0) return 0; } else { @@ -113,42 +113,42 @@ int DetectPcreMatch (ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signa ret = pcre_get_substring((char *)ptr, ov, MAX_SUBSTRINGS, 1, &str_ptr); if (ret) { if (strcmp(pe->capname,"http_uri") == 0) { - p->http_uri.raw[pmt->pkt_cnt] = (uint8_t *)str_ptr; - p->http_uri.raw_size[pmt->pkt_cnt] = ret; - p->http_uri.cnt = pmt->pkt_cnt + 1; + p->http_uri.raw[det_ctx->pkt_cnt] = (uint8_t *)str_ptr; + p->http_uri.raw_size[det_ctx->pkt_cnt] = ret; + p->http_uri.cnt = det_ctx->pkt_cnt + 1; /* count how many uri's we handle for stats */ - pmt->uris++; + det_ctx->uris++; - //printf("DetectPcre: URI pmt->sgh %p, pmt->mcu %p\n", pmt->sgh, pmt->mcu); - //PrintRawUriFp(stdout,p->http_uri.raw[pmt->pkt_cnt],p->http_uri.raw_size[pmt->pkt_cnt]); - //printf(" (pkt_cnt %" PRIu32 ", mcu %p)\n", pmt->pkt_cnt, pmt->mcu); + //printf("DetectPcre: URI det_ctx->sgh %p, det_ctx->mcu %p\n", det_ctx->sgh, det_ctx->mcu); + //PrintRawUriFp(stdout,p->http_uri.raw[det_ctx->pkt_cnt],p->http_uri.raw_size[det_ctx->pkt_cnt]); + //printf(" (pkt_cnt %" PRIu32 ", mcu %p)\n", det_ctx->pkt_cnt, det_ctx->mcu); /* don't bother scanning if we don't have a pattern matcher ctx * which means we don't have uricontent sigs */ - if (pmt->sgh->mpm_uri_ctx != NULL) { - if (pmt->sgh->mpm_uricontent_maxlen <= p->http_uri.raw_size[pmt->pkt_cnt]) { - if (pmt->sgh->mpm_uricontent_maxlen == 1) pmt->pkts_uri_scanned1++; - else if (pmt->sgh->mpm_uricontent_maxlen == 2) pmt->pkts_uri_scanned2++; - else if (pmt->sgh->mpm_uricontent_maxlen == 3) pmt->pkts_uri_scanned3++; - else if (pmt->sgh->mpm_uricontent_maxlen == 4) pmt->pkts_uri_scanned4++; - else pmt->pkts_uri_scanned++; - - pmt->pmq.mode = PMQ_MODE_SCAN; - ret = pmt->sgh->mpm_uri_ctx->Scan(pmt->sgh->mpm_uri_ctx, &pmt->mtcu, &pmt->pmq, p->http_uri.raw[pmt->pkt_cnt], p->http_uri.raw_size[pmt->pkt_cnt]); + if (det_ctx->sgh->mpm_uri_ctx != NULL) { + if (det_ctx->sgh->mpm_uricontent_maxlen <= p->http_uri.raw_size[det_ctx->pkt_cnt]) { + if (det_ctx->sgh->mpm_uricontent_maxlen == 1) det_ctx->pkts_uri_scanned1++; + else if (det_ctx->sgh->mpm_uricontent_maxlen == 2) det_ctx->pkts_uri_scanned2++; + else if (det_ctx->sgh->mpm_uricontent_maxlen == 3) det_ctx->pkts_uri_scanned3++; + else if (det_ctx->sgh->mpm_uricontent_maxlen == 4) det_ctx->pkts_uri_scanned4++; + else det_ctx->pkts_uri_scanned++; + + det_ctx->pmq.mode = PMQ_MODE_SCAN; + ret = det_ctx->sgh->mpm_uri_ctx->Scan(det_ctx->sgh->mpm_uri_ctx, &det_ctx->mtcu, &det_ctx->pmq, p->http_uri.raw[det_ctx->pkt_cnt], p->http_uri.raw_size[det_ctx->pkt_cnt]); if (ret > 0) { - if (pmt->sgh->mpm_uricontent_maxlen == 1) pmt->pkts_uri_searched1++; - else if (pmt->sgh->mpm_uricontent_maxlen == 2) pmt->pkts_uri_searched2++; - else if (pmt->sgh->mpm_uricontent_maxlen == 3) pmt->pkts_uri_searched3++; - else if (pmt->sgh->mpm_uricontent_maxlen == 4) pmt->pkts_uri_searched4++; - else pmt->pkts_uri_searched++; + if (det_ctx->sgh->mpm_uricontent_maxlen == 1) det_ctx->pkts_uri_searched1++; + else if (det_ctx->sgh->mpm_uricontent_maxlen == 2) det_ctx->pkts_uri_searched2++; + else if (det_ctx->sgh->mpm_uricontent_maxlen == 3) det_ctx->pkts_uri_searched3++; + else if (det_ctx->sgh->mpm_uricontent_maxlen == 4) det_ctx->pkts_uri_searched4++; + else det_ctx->pkts_uri_searched++; - pmt->pmq.mode = PMQ_MODE_SEARCH; - ret += pmt->sgh->mpm_uri_ctx->Search(pmt->sgh->mpm_uri_ctx, &pmt->mtcu, &pmt->pmq, p->http_uri.raw[pmt->pkt_cnt], p->http_uri.raw_size[pmt->pkt_cnt]); + det_ctx->pmq.mode = PMQ_MODE_SEARCH; + ret += det_ctx->sgh->mpm_uri_ctx->Search(det_ctx->sgh->mpm_uri_ctx, &det_ctx->mtcu, &det_ctx->pmq, p->http_uri.raw[det_ctx->pkt_cnt], p->http_uri.raw_size[det_ctx->pkt_cnt]); /* indicate to uricontent that we have a uri, * we scanned it _AND_ we found pattern matches. */ - pmt->de_have_httpuri = 1; + det_ctx->de_have_httpuri = 1; } } } @@ -163,8 +163,8 @@ int DetectPcreMatch (ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signa } /* update ptrs for pcre RELATIVE */ - pmt->pkt_ptr = ptr+ov[1]; - pmt->pkt_off = (ptr+ov[1]) - p->payload; + det_ctx->pkt_ptr = ptr+ov[1]; + det_ctx->pkt_off = (ptr+ov[1]) - p->payload; //printf("DetectPcre: post match: t->pkt_ptr %p t->pkt_off %" PRIu32 "\n", t->pkt_ptr, t->pkt_off); ret = 1; diff --git a/src/detect-pktvar.c b/src/detect-pktvar.c index ded2758cd2..54ea187320 100644 --- a/src/detect-pktvar.c +++ b/src/detect-pktvar.c @@ -57,7 +57,7 @@ error: * -1: error */ -int DetectPktvarMatch (ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signature *s, SigMatch *m) +int DetectPktvarMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, SigMatch *m) { int ret = 0; DetectPktvarData *pd = (DetectPktvarData *)m->ctx; diff --git a/src/detect-uricontent.c b/src/detect-uricontent.c index f33c5dce81..2ab889d6e7 100644 --- a/src/detect-uricontent.c +++ b/src/detect-uricontent.c @@ -114,14 +114,14 @@ TestOffsetDepth(MpmMatch *m, DetectUricontentData *co) { * that turn out to fail being followed by full matches later in the * packet. This adds some runtime complexity however. */ static inline int -TestWithinDistanceOffsetDepth(ThreadVars *t, DetectEngineThreadCtx *pmt, MpmMatch *m, SigMatch *nsm) +TestWithinDistanceOffsetDepth(ThreadVars *t, DetectEngineThreadCtx *det_ctx, MpmMatch *m, SigMatch *nsm) { //printf("test_nextsigmatch m:%p, nsm:%p\n", m,nsm); if (nsm == NULL) return 1; DetectUricontentData *co = (DetectUricontentData *)nsm->ctx; - MpmMatch *nm = pmt->mtcu.match[co->id].top; + MpmMatch *nm = det_ctx->mtcu.match[co->id].top; for (; nm; nm = nm->next) { //printf("test_nextsigmatch: (nm->offset+1) %" PRIu32 ", (m->offset+1) %" PRIu32 "\n", (nm->offset+1), (m->offset+1)); @@ -138,7 +138,7 @@ TestWithinDistanceOffsetDepth(ThreadVars *t, DetectEngineThreadCtx *pmt, MpmMatc { if (TestOffsetDepth(nm, co) == 1) { //printf("test_nextsigmatch: DISTANCE (nm->offset+1) %" PRIu32 ", (m->offset+1) %" PRIu32 "\n", (nm->offset+1), (m->offset+1)); - return TestWithinDistanceOffsetDepth(t, pmt, nm, nsm->next); + return TestWithinDistanceOffsetDepth(t, det_ctx, nm, nsm->next); } } } @@ -147,34 +147,34 @@ TestWithinDistanceOffsetDepth(ThreadVars *t, DetectEngineThreadCtx *pmt, MpmMatc } static inline int -DoDetectUricontent(ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, SigMatch *sm, DetectUricontentData *co) +DoDetectUricontent(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, SigMatch *sm, DetectUricontentData *co) { int ret = 0; char match = 0; /* Get the top match, we already know we have one. */ - MpmMatch *m = pmt->mtcu.match[co->id].top; + MpmMatch *m = det_ctx->mtcu.match[co->id].top; /* if we have within or distance coming up next, check this match * for distance and/or within and check the rest of this match * chain as well. */ if ((co->flags & DETECT_URICONTENT_WITHIN_NEXT || co->flags & DETECT_URICONTENT_DISTANCE_NEXT) && - pmt->de_checking_distancewithin == 0) + det_ctx->de_checking_distancewithin == 0) { /* indicate to the detection engine the next sigmatch(es) * are part of this match chain */ - pmt->de_checking_distancewithin = 1; + det_ctx->de_checking_distancewithin = 1; for (; m != NULL; m = m->next) { /* first check our match for offset and depth */ if (TestOffsetDepth(m, co) == 1) { - ret = TestWithinDistanceOffsetDepth(t, pmt, m, sm->next); + ret = TestWithinDistanceOffsetDepth(t, det_ctx, m, sm->next); if (ret == 1) { /* update pkt ptrs, content doesn't use this, * but pcre does */ - pmt->pkt_ptr = p->payload + m->offset; - pmt->pkt_off = m->offset; + det_ctx->pkt_ptr = p->payload + m->offset; + det_ctx->pkt_off = m->offset; match = 1; break; } @@ -191,7 +191,7 @@ DoDetectUricontent(ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, SigMatc } else if (co->flags & DETECT_URICONTENT_WITHIN || co->flags & DETECT_URICONTENT_DISTANCE) { - pmt->de_checking_distancewithin = 0; + det_ctx->de_checking_distancewithin = 0; match = 1; /* Getting here means we are not in checking an within/distance chain. * This means we can just inspect this content match on it's own. So @@ -204,8 +204,8 @@ DoDetectUricontent(ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, SigMatc if (ret == 1) { /* update pkt ptrs, content doesn't use this, * but pcre does */ - pmt->pkt_ptr = p->payload + m->offset; - pmt->pkt_off = m->offset; + det_ctx->pkt_ptr = p->payload + m->offset; + det_ctx->pkt_off = m->offset; match = 1; break; } @@ -221,18 +221,18 @@ DoDetectUricontent(ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, SigMatc * -1: error */ -int DetectUricontentMatch (ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signature *s, SigMatch *m) +int DetectUricontentMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, SigMatch *m) { uint32_t len = 0; /* if we don't have a uri, don't bother scanning */ - if (pmt->de_have_httpuri == 0) + if (det_ctx->de_have_httpuri == 0) return 0; DetectUricontentData *co = (DetectUricontentData *)m->ctx; /* see if we had a match */ - len = pmt->mtcu.match[co->id].len; + len = det_ctx->mtcu.match[co->id].len; if (len == 0) return 0; @@ -242,13 +242,13 @@ int DetectUricontentMatch (ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, printf("\' matched %" PRIu32 " time(s) at offsets: ", len); MpmMatch *tmpm = NULL; - for (tmpm = pmt->mtcu.match[co->id].top; tmpm != NULL; tmpm = tmpm->next) { + for (tmpm = det_ctx->mtcu.match[co->id].top; tmpm != NULL; tmpm = tmpm->next) { printf("%" PRIu32 " ", tmpm->offset); } printf("\n"); #endif - return DoDetectUricontent(t, pmt, p, m, co); + return DoDetectUricontent(t, det_ctx, p, m, co); } int DetectUricontentSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *contentstr) diff --git a/src/detect.c b/src/detect.c index 2fe59eaa27..24e95f3535 100644 --- a/src/detect.c +++ b/src/detect.c @@ -73,71 +73,71 @@ void TmModuleDetectRegister (void) { } void DetectExitPrintStats(ThreadVars *tv, void *data) { - DetectEngineThreadCtx *pmt = (DetectEngineThreadCtx *)data; - if (pmt == NULL) + DetectEngineThreadCtx *det_ctx = (DetectEngineThreadCtx *)data; + if (det_ctx == NULL) return; printf(" - (%s) (1byte) Pkts %" PRIu32 ", Scanned %" PRIu32 " (%02.1f), Searched %" PRIu32 " (%02.1f): %02.1f%%.\n", tv->name, - pmt->pkts, pmt->pkts_scanned1, - (float)(pmt->pkts_scanned1/(float)(pmt->pkts)*100), - pmt->pkts_searched1, - (float)(pmt->pkts_searched1/(float)(pmt->pkts)*100), - (float)(pmt->pkts_searched1/(float)(pmt->pkts_scanned1)*100)); + det_ctx->pkts, det_ctx->pkts_scanned1, + (float)(det_ctx->pkts_scanned1/(float)(det_ctx->pkts)*100), + det_ctx->pkts_searched1, + (float)(det_ctx->pkts_searched1/(float)(det_ctx->pkts)*100), + (float)(det_ctx->pkts_searched1/(float)(det_ctx->pkts_scanned1)*100)); printf(" - (%s) (2byte) Pkts %" PRIu32 ", Scanned %" PRIu32 " (%02.1f), Searched %" PRIu32 " (%02.1f): %02.1f%%.\n", tv->name, - pmt->pkts, pmt->pkts_scanned2, - (float)(pmt->pkts_scanned2/(float)(pmt->pkts)*100), - pmt->pkts_searched2, - (float)(pmt->pkts_searched2/(float)(pmt->pkts)*100), - (float)(pmt->pkts_searched2/(float)(pmt->pkts_scanned2)*100)); + det_ctx->pkts, det_ctx->pkts_scanned2, + (float)(det_ctx->pkts_scanned2/(float)(det_ctx->pkts)*100), + det_ctx->pkts_searched2, + (float)(det_ctx->pkts_searched2/(float)(det_ctx->pkts)*100), + (float)(det_ctx->pkts_searched2/(float)(det_ctx->pkts_scanned2)*100)); printf(" - (%s) (3byte) Pkts %" PRIu32 ", Scanned %" PRIu32 " (%02.1f), Searched %" PRIu32 " (%02.1f): %02.1f%%.\n", tv->name, - pmt->pkts, pmt->pkts_scanned3, - (float)(pmt->pkts_scanned3/(float)(pmt->pkts)*100), - pmt->pkts_searched3, - (float)(pmt->pkts_searched3/(float)(pmt->pkts)*100), - (float)(pmt->pkts_searched3/(float)(pmt->pkts_scanned3)*100)); + det_ctx->pkts, det_ctx->pkts_scanned3, + (float)(det_ctx->pkts_scanned3/(float)(det_ctx->pkts)*100), + det_ctx->pkts_searched3, + (float)(det_ctx->pkts_searched3/(float)(det_ctx->pkts)*100), + (float)(det_ctx->pkts_searched3/(float)(det_ctx->pkts_scanned3)*100)); printf(" - (%s) (4byte) Pkts %" PRIu32 ", Scanned %" PRIu32 " (%02.1f), Searched %" PRIu32 " (%02.1f): %02.1f%%.\n", tv->name, - pmt->pkts, pmt->pkts_scanned4, - (float)(pmt->pkts_scanned4/(float)(pmt->pkts)*100), - pmt->pkts_searched4, - (float)(pmt->pkts_searched4/(float)(pmt->pkts)*100), - (float)(pmt->pkts_searched4/(float)(pmt->pkts_scanned4)*100)); + det_ctx->pkts, det_ctx->pkts_scanned4, + (float)(det_ctx->pkts_scanned4/(float)(det_ctx->pkts)*100), + det_ctx->pkts_searched4, + (float)(det_ctx->pkts_searched4/(float)(det_ctx->pkts)*100), + (float)(det_ctx->pkts_searched4/(float)(det_ctx->pkts_scanned4)*100)); printf(" - (%s) (+byte) Pkts %" PRIu32 ", Scanned %" PRIu32 " (%02.1f), Searched %" PRIu32 " (%02.1f): %02.1f%%.\n", tv->name, - pmt->pkts, pmt->pkts_scanned, - (float)(pmt->pkts_scanned/(float)(pmt->pkts)*100), - pmt->pkts_searched, - (float)(pmt->pkts_searched/(float)(pmt->pkts)*100), - (float)(pmt->pkts_searched/(float)(pmt->pkts_scanned)*100)); + det_ctx->pkts, det_ctx->pkts_scanned, + (float)(det_ctx->pkts_scanned/(float)(det_ctx->pkts)*100), + det_ctx->pkts_searched, + (float)(det_ctx->pkts_searched/(float)(det_ctx->pkts)*100), + (float)(det_ctx->pkts_searched/(float)(det_ctx->pkts_scanned)*100)); printf(" - (%s) URI (1byte) Uri's %" PRIu32 ", Scanned %" PRIu32 " (%02.1f), Searched %" PRIu32 " (%02.1f): %02.1f%%.\n", tv->name, - pmt->uris, pmt->pkts_uri_scanned1, - (float)(pmt->pkts_uri_scanned1/(float)(pmt->uris)*100), - pmt->pkts_uri_searched1, - (float)(pmt->pkts_uri_searched1/(float)(pmt->uris)*100), - (float)(pmt->pkts_uri_searched1/(float)(pmt->pkts_uri_scanned1)*100)); + det_ctx->uris, det_ctx->pkts_uri_scanned1, + (float)(det_ctx->pkts_uri_scanned1/(float)(det_ctx->uris)*100), + det_ctx->pkts_uri_searched1, + (float)(det_ctx->pkts_uri_searched1/(float)(det_ctx->uris)*100), + (float)(det_ctx->pkts_uri_searched1/(float)(det_ctx->pkts_uri_scanned1)*100)); printf(" - (%s) URI (2byte) Uri's %" PRIu32 ", Scanned %" PRIu32 " (%02.1f), Searched %" PRIu32 " (%02.1f): %02.1f%%.\n", tv->name, - pmt->uris, pmt->pkts_uri_scanned2, - (float)(pmt->pkts_uri_scanned2/(float)(pmt->uris)*100), - pmt->pkts_uri_searched2, - (float)(pmt->pkts_uri_searched2/(float)(pmt->uris)*100), - (float)(pmt->pkts_uri_searched2/(float)(pmt->pkts_uri_scanned2)*100)); + det_ctx->uris, det_ctx->pkts_uri_scanned2, + (float)(det_ctx->pkts_uri_scanned2/(float)(det_ctx->uris)*100), + det_ctx->pkts_uri_searched2, + (float)(det_ctx->pkts_uri_searched2/(float)(det_ctx->uris)*100), + (float)(det_ctx->pkts_uri_searched2/(float)(det_ctx->pkts_uri_scanned2)*100)); printf(" - (%s) URI (3byte) Uri's %" PRIu32 ", Scanned %" PRIu32 " (%02.1f), Searched %" PRIu32 " (%02.1f): %02.1f%%.\n", tv->name, - pmt->uris, pmt->pkts_uri_scanned3, - (float)(pmt->pkts_uri_scanned3/(float)(pmt->uris)*100), - pmt->pkts_uri_searched3, - (float)(pmt->pkts_uri_searched3/(float)(pmt->uris)*100), - (float)(pmt->pkts_uri_searched3/(float)(pmt->pkts_uri_scanned3)*100)); + det_ctx->uris, det_ctx->pkts_uri_scanned3, + (float)(det_ctx->pkts_uri_scanned3/(float)(det_ctx->uris)*100), + det_ctx->pkts_uri_searched3, + (float)(det_ctx->pkts_uri_searched3/(float)(det_ctx->uris)*100), + (float)(det_ctx->pkts_uri_searched3/(float)(det_ctx->pkts_uri_scanned3)*100)); printf(" - (%s) URI (4byte) Uri's %" PRIu32 ", Scanned %" PRIu32 " (%02.1f), Searched %" PRIu32 " (%02.1f): %02.1f%%.\n", tv->name, - pmt->uris, pmt->pkts_uri_scanned4, - (float)(pmt->pkts_uri_scanned4/(float)(pmt->uris)*100), - pmt->pkts_uri_searched4, - (float)(pmt->pkts_uri_searched4/(float)(pmt->uris)*100), - (float)(pmt->pkts_uri_searched4/(float)(pmt->pkts_uri_scanned4)*100)); + det_ctx->uris, det_ctx->pkts_uri_scanned4, + (float)(det_ctx->pkts_uri_scanned4/(float)(det_ctx->uris)*100), + det_ctx->pkts_uri_searched4, + (float)(det_ctx->pkts_uri_searched4/(float)(det_ctx->uris)*100), + (float)(det_ctx->pkts_uri_searched4/(float)(det_ctx->pkts_uri_scanned4)*100)); printf(" - (%s) URI (+byte) Uri's %" PRIu32 ", Scanned %" PRIu32 " (%02.1f), Searched %" PRIu32 " (%02.1f): %02.1f%%.\n", tv->name, - pmt->uris, pmt->pkts_uri_scanned, - (float)(pmt->pkts_uri_scanned/(float)(pmt->uris)*100), - pmt->pkts_uri_searched, - (float)(pmt->pkts_uri_searched/(float)(pmt->uris)*100), - (float)(pmt->pkts_uri_searched/(float)(pmt->pkts_uri_scanned)*100)); + det_ctx->uris, det_ctx->pkts_uri_scanned, + (float)(det_ctx->pkts_uri_scanned/(float)(det_ctx->uris)*100), + det_ctx->pkts_uri_searched, + (float)(det_ctx->pkts_uri_searched/(float)(det_ctx->uris)*100), + (float)(det_ctx->pkts_uri_searched/(float)(det_ctx->pkts_uri_scanned)*100)); } void SigLoadSignatures (char *sig_file) @@ -347,7 +347,7 @@ int PacketAlertAppend(Packet *p, uint8_t gid, uint32_t sid, uint8_t rev, uint8_t return 0; } -static inline SigGroupHead *SigMatchSignaturesGetSgh(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *pmt, Packet *p) { +static inline SigGroupHead *SigMatchSignaturesGetSgh(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p) { int ds,f; SigGroupHead *sgh = NULL; @@ -372,7 +372,7 @@ static inline SigGroupHead *SigMatchSignaturesGetSgh(ThreadVars *th_v, DetectEng if (ag->port == NULL) { sgh = ag->sh; - //printf("SigMatchSignatures: mc %p, mcu %p\n", pmt->mc, pmt->mcu); + //printf("SigMatchSignatures: mc %p, mcu %p\n", det_ctx->mc, det_ctx->mcu); //printf("sigs %" PRIu32 "\n", ag->sh->sig_cnt); } else { //printf("SigMatchSignatures: we have ports\n"); @@ -391,19 +391,19 @@ static inline SigGroupHead *SigMatchSignaturesGetSgh(ThreadVars *th_v, DetectEng return sgh; } -int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *pmt, Packet *p) +int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p) { int match = 0, fmatch = 0; Signature *s = NULL; SigMatch *sm = NULL; uint32_t idx,sig; - pmt->pkts++; + det_ctx->pkts++; /* match the ip only signatures */ if ((p->flowflags & FLOW_PKT_TOSERVER && !(p->flowflags & FLOW_PKT_TOSERVER_IPONLY_SET)) || (p->flowflags & FLOW_PKT_TOCLIENT && !(p->flowflags & FLOW_PKT_TOCLIENT_IPONLY_SET))) { - IPOnlyMatchPacket(de_ctx, &de_ctx->io_ctx, &pmt->io_ctx, p); + IPOnlyMatchPacket(de_ctx, &de_ctx->io_ctx, &det_ctx->io_ctx, p); /* save in the flow that we scanned this direction... locking is * done in the FlowSetIPOnlyFlag function. */ if (p->flow != NULL) @@ -411,65 +411,65 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh } /* we assume we don't have an uri when we start inspection */ - pmt->de_have_httpuri = 0; + det_ctx->de_have_httpuri = 0; - pmt->sgh = SigMatchSignaturesGetSgh(th_v, de_ctx, pmt, p); + det_ctx->sgh = SigMatchSignaturesGetSgh(th_v, de_ctx, det_ctx, p); /* if we didn't get a sig group head, we * have nothing to do.... */ - if (pmt->sgh == NULL) { + if (det_ctx->sgh == NULL) { //printf("SigMatchSignatures: no sgh\n"); return 0; } - if (p->payload_len > 0 && pmt->sgh->mpm_ctx != NULL) { + if (p->payload_len > 0 && det_ctx->sgh->mpm_ctx != NULL) { /* run the pattern matcher against the packet */ - if (pmt->sgh->mpm_content_maxlen > p->payload_len) { + if (det_ctx->sgh->mpm_content_maxlen > p->payload_len) { //printf("Not scanning as pkt payload is smaller than the largest content length we need to match"); } else { uint32_t cnt = 0; -//printf("scan: (%p, maxlen %" PRIu32 ", cnt %" PRIu32 ")\n", pmt->sgh, pmt->sgh->mpm_content_maxlen, pmt->sgh->sig_cnt); +//printf("scan: (%p, maxlen %" PRIu32 ", cnt %" PRIu32 ")\n", det_ctx->sgh, det_ctx->sgh->mpm_content_maxlen, det_ctx->sgh->sig_cnt); /* scan, but only if the noscan flag isn't set */ - if (!(pmt->sgh->flags & SIG_GROUP_HEAD_MPM_NOSCAN)) { - if (pmt->sgh->mpm_content_maxlen == 1) pmt->pkts_scanned1++; - else if (pmt->sgh->mpm_content_maxlen == 2) pmt->pkts_scanned2++; - else if (pmt->sgh->mpm_content_maxlen == 3) pmt->pkts_scanned3++; - else if (pmt->sgh->mpm_content_maxlen == 4) pmt->pkts_scanned4++; - else pmt->pkts_scanned++; - - cnt += PacketPatternScan(th_v, pmt, p); + if (!(det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_NOSCAN)) { + if (det_ctx->sgh->mpm_content_maxlen == 1) det_ctx->pkts_scanned1++; + else if (det_ctx->sgh->mpm_content_maxlen == 2) det_ctx->pkts_scanned2++; + else if (det_ctx->sgh->mpm_content_maxlen == 3) det_ctx->pkts_scanned3++; + else if (det_ctx->sgh->mpm_content_maxlen == 4) det_ctx->pkts_scanned4++; + else det_ctx->pkts_scanned++; + + cnt += PacketPatternScan(th_v, det_ctx, p); } -//if (cnt != pmt->pmq.searchable) -//printf("post scan: cnt %" PRIu32 ", searchable %" PRIu32 "\n", cnt, pmt->pmq.searchable); - if (pmt->sgh->flags & SIG_GROUP_HEAD_MPM_NOSCAN || pmt->pmq.searchable > 0) { +//if (cnt != det_ctx->pmq.searchable) +//printf("post scan: cnt %" PRIu32 ", searchable %" PRIu32 "\n", cnt, det_ctx->pmq.searchable); + if (det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_NOSCAN || det_ctx->pmq.searchable > 0) { //printf("now search\n"); - if (pmt->sgh->mpm_content_maxlen == 1) pmt->pkts_searched1++; - else if (pmt->sgh->mpm_content_maxlen == 2) pmt->pkts_searched2++; - else if (pmt->sgh->mpm_content_maxlen == 3) pmt->pkts_searched3++; - else if (pmt->sgh->mpm_content_maxlen == 4) pmt->pkts_searched4++; - else pmt->pkts_searched++; + if (det_ctx->sgh->mpm_content_maxlen == 1) det_ctx->pkts_searched1++; + else if (det_ctx->sgh->mpm_content_maxlen == 2) det_ctx->pkts_searched2++; + else if (det_ctx->sgh->mpm_content_maxlen == 3) det_ctx->pkts_searched3++; + else if (det_ctx->sgh->mpm_content_maxlen == 4) det_ctx->pkts_searched4++; + else det_ctx->pkts_searched++; - cnt += PacketPatternMatch(th_v, pmt, p); + cnt += PacketPatternMatch(th_v, det_ctx, p); -// printf("RAW: cnt %" PRIu32 ", pmt->pmq.sig_id_array_cnt %" PRIu32 "\n", cnt, pmt->pmq.sig_id_array_cnt); +// printf("RAW: cnt %" PRIu32 ", det_ctx->pmq.sig_id_array_cnt %" PRIu32 "\n", cnt, det_ctx->pmq.sig_id_array_cnt); } - pmt->pmq.searchable = 0; + det_ctx->pmq.searchable = 0; } } /* inspect the sigs against the packet */ - for (idx = 0; idx < pmt->sgh->sig_cnt; idx++) { - //for (idx = 0; idx < pmt->pmq.sig_id_array_cnt; idx++) { - sig = pmt->sgh->match_array[idx]; - //sig = pmt->pmq.sig_id_array[idx]; + for (idx = 0; idx < det_ctx->sgh->sig_cnt; idx++) { + //for (idx = 0; idx < det_ctx->pmq.sig_id_array_cnt; idx++) { + sig = det_ctx->sgh->match_array[idx]; + //sig = det_ctx->pmq.sig_id_array[idx]; s = de_ctx->sig_array[sig]; /* filter out sigs that want pattern matches, but * have no matches */ - if (!(pmt->pmq.sig_bitarray[(sig / 8)] & (1<<(sig % 8))) && + if (!(det_ctx->pmq.sig_bitarray[(sig / 8)] & (1<<(sig % 8))) && (s->flags & SIG_FLAG_MPM)) continue; - //printf("idx %" PRIu32 ", pmt->pmq.sig_id_array_cnt %" PRIu32 ", s->id %" PRIu32 " (MPM? %s)\n", idx, pmt->pmq.sig_id_array_cnt, s->id, s->flags & SIG_FLAG_MPM ? "TRUE":"FALSE"); + //printf("idx %" PRIu32 ", det_ctx->pmq.sig_id_array_cnt %" PRIu32 ", s->id %" PRIu32 " (MPM? %s)\n", idx, det_ctx->pmq.sig_id_array_cnt, s->id, s->flags & SIG_FLAG_MPM ? "TRUE":"FALSE"); //printf("Sig %" PRIu32 "\n", s->id); /* check the source & dst port in the sig */ if (p->proto == IPPROTO_TCP || p->proto == IPPROTO_UDP) { @@ -500,17 +500,17 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh } /* reset pkt ptr and offset */ - pmt->pkt_ptr = NULL; - pmt->pkt_off = 0; + det_ctx->pkt_ptr = NULL; + det_ctx->pkt_off = 0; if (s->flags & SIG_FLAG_RECURSIVE) { uint8_t rmatch = 0; - pmt->pkt_cnt = 0; + det_ctx->pkt_cnt = 0; do { sm = s->match; while (sm) { - match = sigmatch_table[sm->type].Match(th_v, pmt, p, s, sm); + match = sigmatch_table[sm->type].Match(th_v, det_ctx, p, s, sm); if (match) { /* okay, try the next match */ sm = sm->next; @@ -527,7 +527,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh } } rmatch = fmatch = 1; - pmt->pkt_cnt++; + det_ctx->pkt_cnt++; } } else { /* done with this sig */ @@ -537,13 +537,13 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh } /* Limit the number of times we do this recursive thing. * XXX is this a sane limit? Should it be configurable? */ - if (pmt->pkt_cnt == 10) + if (det_ctx->pkt_cnt == 10) break; } while (rmatch); } else { sm = s->match; while (sm) { - match = sigmatch_table[sm->type].Match(th_v, pmt, p, s, sm); + match = sigmatch_table[sm->type].Match(th_v, det_ctx, p, s, sm); if (match) { /* okay, try the next match */ sm = sm->next; @@ -568,21 +568,21 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh } /* cleanup pkt specific part of the patternmatcher */ - PacketPatternCleanup(th_v, pmt); + PacketPatternCleanup(th_v, det_ctx); return fmatch; } /* tm module api functions */ int Detect(ThreadVars *t, Packet *p, void *data, PacketQueue *pq) { - DetectEngineThreadCtx *pmt = (DetectEngineThreadCtx *)data; - DetectEngineCtx *de_ctx = pmt->de_ctx; + DetectEngineThreadCtx *det_ctx = (DetectEngineThreadCtx *)data; + DetectEngineCtx *de_ctx = det_ctx->de_ctx; - int r = SigMatchSignatures(t,de_ctx,pmt,p); + int r = SigMatchSignatures(t,de_ctx,det_ctx,p); if (r >= 0) { return 0; } - // PerfCounterIncr(pmt->counter_alerts, t->pca); + // PerfCounterIncr(det_ctx->counter_alerts, t->pca); return 1; } @@ -2627,7 +2627,7 @@ static int SigTest01Real (int mpm_type) { uint16_t buflen = strlen((char *)buf); Packet p; ThreadVars th_v; - DetectEngineThreadCtx *pmt; + DetectEngineThreadCtx *det_ctx; int result = 0; memset(&th_v, 0, sizeof(th_v)); @@ -2653,9 +2653,9 @@ static int SigTest01Real (int mpm_type) { SigGroupBuild(de_ctx); PatternMatchPrepare(mpm_ctx, mpm_type); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&pmt); + DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); - SigMatchSignatures(&th_v, de_ctx, pmt, &p); + SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); if (PacketAlertCheck(&p, 1) == 0) { result = 0; goto end; @@ -2675,7 +2675,7 @@ static int SigTest01Real (int mpm_type) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); - DetectEngineThreadCtxDeinit(&th_v, (void *)pmt); + DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); PatternMatchDestroy(mpm_ctx); DetectEngineCtxFree(de_ctx); end: @@ -2703,7 +2703,7 @@ static int SigTest02Real (int mpm_type) { uint16_t buflen = strlen((char *)buf); Packet p; ThreadVars th_v; - DetectEngineThreadCtx *pmt; + DetectEngineThreadCtx *det_ctx; int result = 0; memset(&th_v, 0, sizeof(th_v)); @@ -2729,16 +2729,16 @@ static int SigTest02Real (int mpm_type) { SigGroupBuild(de_ctx); PatternMatchPrepare(mpm_ctx,mpm_type); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&pmt); + DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); - SigMatchSignatures(&th_v, de_ctx, pmt, &p); + SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); if (PacketAlertCheck(&p, 1)) result = 1; SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); - DetectEngineThreadCtxDeinit(&th_v, (void *)pmt); + DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); PatternMatchDestroy(mpm_ctx); DetectEngineCtxFree(de_ctx); end: @@ -2766,7 +2766,7 @@ static int SigTest03Real (int mpm_type) { uint16_t buflen = strlen((char *)buf); Packet p; ThreadVars th_v; - DetectEngineThreadCtx *pmt; + DetectEngineThreadCtx *det_ctx; int result = 0; memset(&th_v, 0, sizeof(th_v)); @@ -2792,16 +2792,16 @@ static int SigTest03Real (int mpm_type) { SigGroupBuild(de_ctx); PatternMatchPrepare(mpm_ctx, mpm_type); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&pmt); + DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); - SigMatchSignatures(&th_v, de_ctx, pmt, &p); + SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); if (!PacketAlertCheck(&p, 1)) result = 1; SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); - DetectEngineThreadCtxDeinit(&th_v, (void *)pmt); + DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); PatternMatchDestroy(mpm_ctx); DetectEngineCtxFree(de_ctx); end: @@ -2830,7 +2830,7 @@ static int SigTest04Real (int mpm_type) { Packet p; ThreadVars th_v; - DetectEngineThreadCtx *pmt; + DetectEngineThreadCtx *det_ctx; int result = 0; memset(&th_v, 0, sizeof(th_v)); @@ -2856,16 +2856,16 @@ static int SigTest04Real (int mpm_type) { SigGroupBuild(de_ctx); PatternMatchPrepare(mpm_ctx, mpm_type); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&pmt); + DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); - SigMatchSignatures(&th_v, de_ctx, pmt, &p); + SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); if (PacketAlertCheck(&p, 1)) result = 1; SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); - DetectEngineThreadCtxDeinit(&th_v, (void *)pmt); + DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); PatternMatchDestroy(mpm_ctx); DetectEngineCtxFree(de_ctx); end: @@ -2893,7 +2893,7 @@ static int SigTest05Real (int mpm_type) { uint16_t buflen = strlen((char *)buf); Packet p; ThreadVars th_v; - DetectEngineThreadCtx *pmt; + DetectEngineThreadCtx *det_ctx; int result = 0; memset(&th_v, 0, sizeof(th_v)); @@ -2919,16 +2919,16 @@ static int SigTest05Real (int mpm_type) { SigGroupBuild(de_ctx); PatternMatchPrepare(mpm_ctx, mpm_type); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&pmt); + DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); - SigMatchSignatures(&th_v, de_ctx, pmt, &p); + SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); if (!PacketAlertCheck(&p, 1)) result = 1; SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); - DetectEngineThreadCtxDeinit(&th_v, (void *)pmt); + DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); PatternMatchDestroy(mpm_ctx); DetectEngineCtxFree(de_ctx); end: @@ -2956,7 +2956,7 @@ static int SigTest06Real (int mpm_type) { uint16_t buflen = strlen((char *)buf); Packet p; ThreadVars th_v; - DetectEngineThreadCtx *pmt; + DetectEngineThreadCtx *det_ctx; int result = 0; memset(&th_v, 0, sizeof(th_v)); @@ -2987,9 +2987,9 @@ static int SigTest06Real (int mpm_type) { SigGroupBuild(de_ctx); PatternMatchPrepare(mpm_ctx, mpm_type); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&pmt); + DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); - SigMatchSignatures(&th_v, de_ctx, pmt, &p); + SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); if (PacketAlertCheck(&p, 1) && PacketAlertCheck(&p, 2)) result = 1; else @@ -3000,7 +3000,7 @@ static int SigTest06Real (int mpm_type) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); - DetectEngineThreadCtxDeinit(&th_v, (void *)pmt); + DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); PatternMatchDestroy(mpm_ctx); DetectEngineCtxFree(de_ctx); end: @@ -3028,7 +3028,7 @@ static int SigTest07Real (int mpm_type) { uint16_t buflen = strlen((char *)buf); Packet p; ThreadVars th_v; - DetectEngineThreadCtx *pmt; + DetectEngineThreadCtx *det_ctx; int result = 0; memset(&th_v, 0, sizeof(th_v)); @@ -3059,9 +3059,9 @@ static int SigTest07Real (int mpm_type) { SigGroupBuild(de_ctx); PatternMatchPrepare(mpm_ctx, mpm_type); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&pmt); + DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx); - SigMatchSignatures(&th_v, de_ctx, pmt, &p); + SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); if (PacketAlertCheck(&p, 1) && PacketAlertCheck(&p, 2)) result = 0; else @@ -3070,7 +3070,7 @@ static int SigTest07Real (int mpm_type) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); - DetectEngineThreadCtxDeinit(&th_v, (void *)pmt); + DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); PatternMatchDestroy(mpm_ctx); DetectEngineCtxFree(de_ctx); end: @@ -3098,7 +3098,7 @@ static int SigTest08Real (int mpm_type) { uint16_t buflen = strlen((char *)buf); Packet p; ThreadVars th_v; - DetectEngineThreadCtx *pmt; + DetectEngineThreadCtx *det_ctx; int result = 0; memset(&th_v, 0, sizeof(th_v)); @@ -3129,9 +3129,9 @@ static int SigTest08Real (int mpm_type) { SigGroupBuild(de_ctx); PatternMatchPrepare(mpm_ctx, mpm_type); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&pmt); + DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx); - SigMatchSignatures(&th_v, de_ctx, pmt, &p); + SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); if (PacketAlertCheck(&p, 1) && PacketAlertCheck(&p, 2)) result = 1; else @@ -3142,7 +3142,7 @@ static int SigTest08Real (int mpm_type) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); - DetectEngineThreadCtxDeinit(&th_v, (void *)pmt); + DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); PatternMatchDestroy(mpm_ctx); DetectEngineCtxFree(de_ctx); end: @@ -3170,7 +3170,7 @@ static int SigTest09Real (int mpm_type) { uint16_t buflen = strlen((char *)buf); Packet p; ThreadVars th_v; - DetectEngineThreadCtx *pmt; + DetectEngineThreadCtx *det_ctx; int result = 0; memset(&th_v, 0, sizeof(th_v)); @@ -3201,9 +3201,9 @@ static int SigTest09Real (int mpm_type) { SigGroupBuild(de_ctx); PatternMatchPrepare(mpm_ctx, mpm_type); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&pmt); + DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx); - SigMatchSignatures(&th_v, de_ctx, pmt, &p); + SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); if (PacketAlertCheck(&p, 1) && PacketAlertCheck(&p, 2)) result = 0; else @@ -3211,7 +3211,7 @@ static int SigTest09Real (int mpm_type) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); - DetectEngineThreadCtxDeinit(&th_v, (void *)pmt); + DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); PatternMatchDestroy(mpm_ctx); DetectEngineCtxFree(de_ctx); end: @@ -3234,7 +3234,7 @@ static int SigTest10Real (int mpm_type) { uint16_t buflen = strlen((char *)buf); Packet p; ThreadVars th_v; - DetectEngineThreadCtx *pmt; + DetectEngineThreadCtx *det_ctx; int result = 0; memset(&th_v, 0, sizeof(th_v)); @@ -3265,9 +3265,9 @@ static int SigTest10Real (int mpm_type) { SigGroupBuild(de_ctx); PatternMatchPrepare(mpm_ctx, mpm_type); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&pmt); + DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx); - SigMatchSignatures(&th_v, de_ctx, pmt, &p); + SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); if (PacketAlertCheck(&p, 1) && PacketAlertCheck(&p, 2)) result = 0; else @@ -3275,7 +3275,7 @@ static int SigTest10Real (int mpm_type) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); - DetectEngineThreadCtxDeinit(&th_v, (void *)pmt); + DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); PatternMatchDestroy(mpm_ctx); DetectEngineCtxFree(de_ctx); end: @@ -3298,7 +3298,7 @@ static int SigTest11Real (int mpm_type) { uint16_t buflen = strlen((char *)buf); Packet p; ThreadVars th_v; - DetectEngineThreadCtx *pmt; + DetectEngineThreadCtx *det_ctx; int result = 0; memset(&th_v, 0, sizeof(th_v)); @@ -3329,9 +3329,9 @@ static int SigTest11Real (int mpm_type) { SigGroupBuild(de_ctx); PatternMatchPrepare(mpm_ctx, mpm_type); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&pmt); + DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx); - SigMatchSignatures(&th_v, de_ctx, pmt, &p); + SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); if (PacketAlertCheck(&p, 1) && PacketAlertCheck(&p, 2)) result = 1; else @@ -3339,7 +3339,7 @@ static int SigTest11Real (int mpm_type) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); - DetectEngineThreadCtxDeinit(&th_v, (void *)pmt); + DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); PatternMatchDestroy(mpm_ctx); DetectEngineCtxFree(de_ctx); end: @@ -3362,7 +3362,7 @@ static int SigTest12Real (int mpm_type) { uint16_t buflen = strlen((char *)buf); Packet p; ThreadVars th_v; - DetectEngineThreadCtx *pmt; + DetectEngineThreadCtx *det_ctx; int result = 0; memset(&th_v, 0, sizeof(th_v)); @@ -3388,9 +3388,9 @@ static int SigTest12Real (int mpm_type) { SigGroupBuild(de_ctx); PatternMatchPrepare(mpm_ctx, mpm_type); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&pmt); + DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx); - SigMatchSignatures(&th_v, de_ctx, pmt, &p); + SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); if (PacketAlertCheck(&p, 1)) result = 1; else @@ -3398,7 +3398,7 @@ static int SigTest12Real (int mpm_type) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); - DetectEngineThreadCtxDeinit(&th_v, (void *)pmt); + DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); PatternMatchDestroy(mpm_ctx); DetectEngineCtxFree(de_ctx); end: @@ -3421,7 +3421,7 @@ static int SigTest13Real (int mpm_type) { uint16_t buflen = strlen((char *)buf); Packet p; ThreadVars th_v; - DetectEngineThreadCtx *pmt; + DetectEngineThreadCtx *det_ctx; int result = 0; memset(&th_v, 0, sizeof(th_v)); @@ -3447,9 +3447,9 @@ static int SigTest13Real (int mpm_type) { SigGroupBuild(de_ctx); PatternMatchPrepare(mpm_ctx, mpm_type); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&pmt); + DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx); - SigMatchSignatures(&th_v, de_ctx, pmt, &p); + SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); if (PacketAlertCheck(&p, 1)) result = 1; else @@ -3457,7 +3457,7 @@ static int SigTest13Real (int mpm_type) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); - DetectEngineThreadCtxDeinit(&th_v, (void *)pmt); + DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); PatternMatchDestroy(mpm_ctx); DetectEngineCtxFree(de_ctx); end: @@ -3480,7 +3480,7 @@ static int SigTest14Real (int mpm_type) { uint16_t buflen = strlen((char *)buf); Packet p; ThreadVars th_v; - DetectEngineThreadCtx *pmt; + DetectEngineThreadCtx *det_ctx; int result = 0; memset(&th_v, 0, sizeof(th_v)); @@ -3506,9 +3506,9 @@ static int SigTest14Real (int mpm_type) { SigGroupBuild(de_ctx); PatternMatchPrepare(mpm_ctx, mpm_type); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&pmt); + DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx); - SigMatchSignatures(&th_v, de_ctx, pmt, &p); + SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); if (PacketAlertCheck(&p, 1)) result = 0; else @@ -3516,7 +3516,7 @@ static int SigTest14Real (int mpm_type) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); - DetectEngineThreadCtxDeinit(&th_v, (void *)pmt); + DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); PatternMatchDestroy(mpm_ctx); DetectEngineCtxFree(de_ctx); end: @@ -3539,7 +3539,7 @@ static int SigTest15Real (int mpm_type) { uint16_t buflen = strlen((char *)buf); Packet p; ThreadVars th_v; - DetectEngineThreadCtx *pmt; + DetectEngineThreadCtx *det_ctx; int result = 0; memset(&th_v, 0, sizeof(th_v)); @@ -3566,9 +3566,9 @@ static int SigTest15Real (int mpm_type) { SigGroupBuild(de_ctx); PatternMatchPrepare(mpm_ctx, mpm_type); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&pmt); + DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx); - SigMatchSignatures(&th_v, de_ctx, pmt, &p); + SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); if (PacketAlertCheck(&p, 2008284)) result = 0; else @@ -3576,7 +3576,7 @@ static int SigTest15Real (int mpm_type) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); - DetectEngineThreadCtxDeinit(&th_v, (void *)pmt); + DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); PatternMatchDestroy(mpm_ctx); DetectEngineCtxFree(de_ctx); end: @@ -3599,7 +3599,7 @@ static int SigTest16Real (int mpm_type) { uint16_t buflen = strlen((char *)buf); Packet p; ThreadVars th_v; - DetectEngineThreadCtx *pmt; + DetectEngineThreadCtx *det_ctx; int result = 0; memset(&th_v, 0, sizeof(th_v)); @@ -3625,9 +3625,9 @@ static int SigTest16Real (int mpm_type) { SigGroupBuild(de_ctx); PatternMatchPrepare(mpm_ctx, mpm_type); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&pmt); + DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx); - SigMatchSignatures(&th_v, de_ctx, pmt, &p); + SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); if (PacketAlertCheck(&p, 2008284)) result = 1; else @@ -3635,7 +3635,7 @@ static int SigTest16Real (int mpm_type) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); - DetectEngineThreadCtxDeinit(&th_v, (void *)pmt); + DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); PatternMatchDestroy(mpm_ctx); DetectEngineCtxFree(de_ctx); end: @@ -3663,7 +3663,7 @@ static int SigTest17Real (int mpm_type) { uint16_t buflen = strlen((char *)buf); Packet p; ThreadVars th_v; - DetectEngineThreadCtx *pmt; + DetectEngineThreadCtx *det_ctx; int result = 0; memset(&th_v, 0, sizeof(th_v)); @@ -3690,9 +3690,9 @@ static int SigTest17Real (int mpm_type) { SigGroupBuild(de_ctx); PatternMatchPrepare(mpm_ctx, mpm_type); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&pmt); + DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx); - SigMatchSignatures(&th_v, de_ctx, pmt, &p); + SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); PktVar *pv_hn = PktVarGet(&p, "http_host"); if (pv_hn != NULL) { if (memcmp(pv_hn->value, "one.example.org", pv_hn->value_len < 15 ? pv_hn->value_len : 15) == 0) @@ -3709,7 +3709,7 @@ static int SigTest17Real (int mpm_type) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); - DetectEngineThreadCtxDeinit(&th_v, (void *)pmt); + DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); PatternMatchDestroy(mpm_ctx); DetectEngineCtxFree(de_ctx); end: @@ -3732,7 +3732,7 @@ static int SigTest18Real (int mpm_type) { uint16_t buflen = strlen((char *)buf); Packet p; ThreadVars th_v; - DetectEngineThreadCtx *pmt; + DetectEngineThreadCtx *det_ctx; int result = 0; memset(&th_v, 0, sizeof(th_v)); @@ -3760,9 +3760,9 @@ static int SigTest18Real (int mpm_type) { SigGroupBuild(de_ctx); PatternMatchPrepare(mpm_ctx, mpm_type); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&pmt); + DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx); - SigMatchSignatures(&th_v, de_ctx, pmt, &p); + SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); if (!PacketAlertCheck(&p, 2003055)) result = 1; else @@ -3770,7 +3770,7 @@ static int SigTest18Real (int mpm_type) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); - DetectEngineThreadCtxDeinit(&th_v, (void *)pmt); + DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); PatternMatchDestroy(mpm_ctx); DetectEngineCtxFree(de_ctx); end: @@ -3793,7 +3793,7 @@ int SigTest19Real (int mpm_type) { uint16_t buflen = strlen((char *)buf); Packet p; ThreadVars th_v; - DetectEngineThreadCtx *pmt; + DetectEngineThreadCtx *det_ctx; int result = 0; memset(&th_v, 0, sizeof(th_v)); @@ -3824,10 +3824,10 @@ int SigTest19Real (int mpm_type) { SigGroupBuild(de_ctx); PatternMatchPrepare(mpm_ctx, mpm_type); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&pmt); - //DetectEngineIPOnlyThreadInit(de_ctx,&pmt->io_ctx); + DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx); + //DetectEngineIPOnlyThreadInit(de_ctx,&det_ctx->io_ctx); - SigMatchSignatures(&th_v, de_ctx, pmt, &p); + SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); if (PacketAlertCheck(&p, 999)) result = 1; else @@ -3835,7 +3835,7 @@ int SigTest19Real (int mpm_type) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); - DetectEngineThreadCtxDeinit(&th_v, (void *)pmt); + DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); PatternMatchDestroy(mpm_ctx); DetectEngineCtxFree(de_ctx); end: @@ -3857,7 +3857,7 @@ static int SigTest20Real (int mpm_type) { uint16_t buflen = strlen((char *)buf); Packet p; ThreadVars th_v; - DetectEngineThreadCtx *pmt; + DetectEngineThreadCtx *det_ctx; int result = 0; memset(&th_v, 0, sizeof(th_v)); @@ -3888,10 +3888,10 @@ static int SigTest20Real (int mpm_type) { SigGroupBuild(de_ctx); PatternMatchPrepare(mpm_ctx, mpm_type); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&pmt); - //DetectEngineIPOnlyThreadInit(de_ctx,&pmt->io_ctx); + DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx); + //DetectEngineIPOnlyThreadInit(de_ctx,&det_ctx->io_ctx); - SigMatchSignatures(&th_v, de_ctx, pmt, &p); + SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); if (PacketAlertCheck(&p, 999)) result = 1; else @@ -3899,7 +3899,7 @@ static int SigTest20Real (int mpm_type) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); - DetectEngineThreadCtxDeinit(&th_v, (void *)pmt); + DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); PatternMatchDestroy(mpm_ctx); DetectEngineCtxFree(de_ctx); end: @@ -3919,7 +3919,7 @@ static int SigTest20Wm (void) { static int SigTest21Real (int mpm_type) { ThreadVars th_v; memset(&th_v, 0, sizeof(th_v)); - DetectEngineThreadCtx *pmt; + DetectEngineThreadCtx *det_ctx; int result = 0; Flow f; @@ -3973,21 +3973,21 @@ static int SigTest21Real (int mpm_type) { SigGroupBuild(de_ctx); PatternMatchPrepare(mpm_ctx, mpm_type); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&pmt); + DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); - SigMatchSignatures(&th_v, de_ctx, pmt, &p1); + SigMatchSignatures(&th_v, de_ctx, det_ctx, &p1); if (PacketAlertCheck(&p1, 1)) { printf("sid 1 alerted, but shouldn't: "); goto end; } - SigMatchSignatures(&th_v, de_ctx, pmt, &p2); + SigMatchSignatures(&th_v, de_ctx, det_ctx, &p2); if (PacketAlertCheck(&p2, 2)) result = 1; SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); - DetectEngineThreadCtxDeinit(&th_v, (void *)pmt); + DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); PatternMatchDestroy(mpm_ctx); DetectEngineCtxFree(de_ctx); end: @@ -4007,7 +4007,7 @@ static int SigTest21Wm (void) { static int SigTest22Real (int mpm_type) { ThreadVars th_v; memset(&th_v, 0, sizeof(th_v)); - DetectEngineThreadCtx *pmt; + DetectEngineThreadCtx *det_ctx; int result = 0; Flow f; @@ -4061,14 +4061,14 @@ static int SigTest22Real (int mpm_type) { SigGroupBuild(de_ctx); PatternMatchPrepare(mpm_ctx, mpm_type); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&pmt); + DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); - SigMatchSignatures(&th_v, de_ctx, pmt, &p1); + SigMatchSignatures(&th_v, de_ctx, det_ctx, &p1); if (PacketAlertCheck(&p1, 1)) { printf("sid 1 alerted, but shouldn't: "); goto end; } - SigMatchSignatures(&th_v, de_ctx, pmt, &p2); + SigMatchSignatures(&th_v, de_ctx, det_ctx, &p2); if (!(PacketAlertCheck(&p2, 2))) result = 1; else @@ -4077,7 +4077,7 @@ static int SigTest22Real (int mpm_type) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); - DetectEngineThreadCtxDeinit(&th_v, (void *)pmt); + DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); PatternMatchDestroy(mpm_ctx); DetectEngineCtxFree(de_ctx); end: @@ -4096,7 +4096,7 @@ static int SigTest22Wm (void) { static int SigTest23Real (int mpm_type) { ThreadVars th_v; memset(&th_v, 0, sizeof(th_v)); - DetectEngineThreadCtx *pmt; + DetectEngineThreadCtx *det_ctx; int result = 0; Flow f; @@ -4150,14 +4150,14 @@ static int SigTest23Real (int mpm_type) { SigGroupBuild(de_ctx); PatternMatchPrepare(mpm_ctx, mpm_type); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&pmt); + DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); - SigMatchSignatures(&th_v, de_ctx, pmt, &p1); + SigMatchSignatures(&th_v, de_ctx, det_ctx, &p1); if (PacketAlertCheck(&p1, 1)) { printf("sid 1 alerted, but shouldn't: "); goto end; } - SigMatchSignatures(&th_v, de_ctx, pmt, &p2); + SigMatchSignatures(&th_v, de_ctx, det_ctx, &p2); if (PacketAlertCheck(&p2, 2)) result = 1; else @@ -4166,7 +4166,7 @@ static int SigTest23Real (int mpm_type) { SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); - DetectEngineThreadCtxDeinit(&th_v, (void *)pmt); + DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); PatternMatchDestroy(mpm_ctx); DetectEngineCtxFree(de_ctx); end: