aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Rename all pmt->det_ctx.

Browse Source
remotes/origin/master-1.0.x
Victor Julien 16 years ago
parent 3e4d503e9f
commit 1132ab635a
12 changed files with 285 additions and 285 deletions
Show Stats Download Patch File Download Diff File

44
src/detect-content.c
Unescape Escape View File

@ -109,14 +109,14 @@ TestOffsetDepth(MpmMatch *m, DetectContentData *co, uint16_t pktoff) {
* that turn out to fail being followed by full matches later in the
* packet. This adds some runtime complexity however. */
static inline int
TestWithinDistanceOffsetDepth(ThreadVars *t, DetectEngineThreadCtx *pmt, MpmMatch *m, SigMatch *nsm, uint16_t pktoff)
TestWithinDistanceOffsetDepth(ThreadVars *t, DetectEngineThreadCtx *det_ctx, MpmMatch *m, SigMatch *nsm, uint16_t pktoff)
{
//printf("test_nextsigmatch m:%p, nsm:%p\n", m,nsm);
if (nsm == NULL)
return 1;
DetectContentData *co = (DetectContentData *)nsm->ctx;
MpmMatch *nm = pmt->mtc.match[co->id].top;
MpmMatch *nm = det_ctx->mtc.match[co->id].top;
for (; nm; nm = nm->next) {
//printf("TestWithinDistanceOffsetDepth: nm->offset %" PRIu32 ", m->offset %" PRIu32 ", pktoff %" PRIu32 "\n", nm->offset, m->offset, pktoff);
@ -137,7 +137,7 @@ TestWithinDistanceOffsetDepth(ThreadVars *t, DetectEngineThreadCtx *pmt, MpmMatc
// "nm->offset %" PRIu32 ", m->offset %" PRIu32 "\n", nm->offset - m->offset,
// co->distance, nm->offset, m->offset);
if (TestOffsetDepth(nm, co, pktoff) == 1) {
return TestWithinDistanceOffsetDepth(t, pmt, nm, nsm->next, pktoff);
return TestWithinDistanceOffsetDepth(t, det_ctx, nm, nsm->next, pktoff);
}
} else {
//printf("TestWithinDistanceOffsetDepth: NO MATCH: %" PRIu32 " >= DISTANCE(%" PRIu32 "), "
@ -155,37 +155,37 @@ TestWithinDistanceOffsetDepth(ThreadVars *t, DetectEngineThreadCtx *pmt, MpmMatc
}
static inline int
DoDetectContent(ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signature *s, SigMatch *sm, DetectContentData *co)
DoDetectContent(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, SigMatch *sm, DetectContentData *co)
{
int ret = 0;
char match = 0;
/* Get the top match, we already know we have one. */
MpmMatch *m = pmt->mtc.match[co->id].top;
MpmMatch *m = det_ctx->mtc.match[co->id].top;
/* if we have within or distance coming up next, check this match
* for distance and/or within and check the rest of this match
* chain as well. */
if ((co->flags & DETECT_CONTENT_WITHIN_NEXT ||
co->flags & DETECT_CONTENT_DISTANCE_NEXT) &&
pmt->de_checking_distancewithin == 0)
det_ctx->de_checking_distancewithin == 0)
{
//printf("DoDetectContent: Content \""); PrintRawUriFp(stdout, co->content, co->content_len);
//printf("\" DETECT_CONTENT_WITHIN_NEXT or DETECT_CONTENT_DISTANCE_NEXT is true\n");
/* indicate to the detection engine the next sigmatch(es)
* are part of this match chain */
pmt->de_checking_distancewithin = 1;
det_ctx->de_checking_distancewithin = 1;
for (; m != NULL; m = m->next) {
/* first check our match for offset and depth */
if (TestOffsetDepth(m, co, pmt->pkt_off) == 1) {
if (TestOffsetDepth(m, co, det_ctx->pkt_off) == 1) {
//printf("DoDetectContent: TestOffsetDepth returned 1\n");
ret = TestWithinDistanceOffsetDepth(t, pmt, m, sm->next, pmt->pkt_off);
ret = TestWithinDistanceOffsetDepth(t, det_ctx, m, sm->next, det_ctx->pkt_off);
if (ret == 1) {
//printf("DoDetectContent: TestWithinDistanceOffsetDepth returned 1\n");
pmt->pkt_ptr = p->payload + m->offset;
pmt->pkt_off = m->offset;
det_ctx->pkt_ptr = p->payload + m->offset;
det_ctx->pkt_off = m->offset;
match = 1;
break;
}
@ -203,7 +203,7 @@ DoDetectContent(ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signature
} else if (co->flags & DETECT_CONTENT_WITHIN ||
co->flags & DETECT_CONTENT_DISTANCE)
{
pmt->de_checking_distancewithin = 0;
det_ctx->de_checking_distancewithin = 0;
match = 1;
/* Getting here means we are not in checking an within/distance chain.
@ -214,13 +214,13 @@ DoDetectContent(ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signature
} else {
/* when in recursive capture mode don't check depth and offset
* after the first match */
if (s->flags & SIG_FLAG_RECURSIVE && pmt->pkt_cnt) {
if (s->flags & SIG_FLAG_RECURSIVE && det_ctx->pkt_cnt) {
for (; m != NULL; m = m->next) {
if (m->offset >= pmt->pkt_off) {
if (m->offset >= det_ctx->pkt_off) {
/* update pkt ptrs, content doesn't use this,
* but pcre does */
pmt->pkt_ptr = p->payload + m->offset;
pmt->pkt_off = m->offset;
det_ctx->pkt_ptr = p->payload + m->offset;
det_ctx->pkt_off = m->offset;
match = 1;
break;
}
@ -232,8 +232,8 @@ DoDetectContent(ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signature
if (ret == 1) {
/* update pkt ptrs, this content run doesn't
* use this, but pcre does */
pmt->pkt_ptr = p->payload + m->offset;
pmt->pkt_off = m->offset;
det_ctx->pkt_ptr = p->payload + m->offset;
det_ctx->pkt_off = m->offset;
match = 1;
break;
}
@ -250,7 +250,7 @@ DoDetectContent(ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signature
* -1: error
*/
int DetectContentMatch (ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signature *s, SigMatch *m)
int DetectContentMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, SigMatch *m)
{
uint32_t len = 0;
@ -260,7 +260,7 @@ int DetectContentMatch (ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Si
DetectContentData *co = (DetectContentData *)m->ctx;
/* see if we had a match */
len = pmt->mtc.match[co->id].len;
len = det_ctx->mtc.match[co->id].len;
if (len == 0)
return 0;
@ -269,13 +269,13 @@ int DetectContentMatch (ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Si
printf("\" matched %" PRIu32 " time(s) at offsets: ", len);
MpmMatch *tmpm = NULL;
for (tmpm = pmt->mtc.match[co->id].top; tmpm != NULL; tmpm = tmpm->next) {
for (tmpm = det_ctx->mtc.match[co->id].top; tmpm != NULL; tmpm = tmpm->next) {
printf("%" PRIu32 " ", tmpm->offset);
}
printf("\n");
#endif
return DoDetectContent(t, pmt, p, s, m, co);
return DoDetectContent(t, det_ctx, p, s, m, co);
}
DetectContentData *DetectContentParse (char *contentstr)

4
src/detect-decode-event.c
Unescape Escape View File

@ -69,7 +69,7 @@ error:
* \brief This function is used to match decoder event flags set on a packet with those passed via decode-event:
*
* \param t pointer to thread vars
* \param pmt pointer to the pattern matcher thread
* \param det_ctx pointer to the pattern matcher thread
* \param p pointer to the current packet
* \param s pointer to the Signature
* \param m pointer to the sigmatch
@ -77,7 +77,7 @@ error:
* \retval 0 no match
* \retval 1 match
*/
int DetectDecodeEventMatch (ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signature *s, SigMatch *m)
int DetectDecodeEventMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, SigMatch *m)
{
int ret = 0;
DetectDecodeEventData *de = (DetectDecodeEventData *)m->ctx;

2
src/detect-dsize.c
Unescape Escape View File

@ -56,7 +56,7 @@ error:
* -1: error
*/
int DetectDsizeMatch (ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signature *s, SigMatch *m)
int DetectDsizeMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, SigMatch *m)
{
int ret = 0;

14
src/detect-engine-mpm.c
Unescape Escape View File

@ -58,19 +58,19 @@ uint32_t PacketPatternMatch(ThreadVars *tv, DetectEngineThreadCtx *det_ctx, Pack
}
/** \brief cleans up the mpm instance after a match */
void PacketPatternCleanup(ThreadVars *t, DetectEngineThreadCtx *pmt) {
PmqReset(&pmt->pmq);
void PacketPatternCleanup(ThreadVars *t, DetectEngineThreadCtx *det_ctx) {
PmqReset(&det_ctx->pmq);
if (pmt->sgh == NULL)
if (det_ctx->sgh == NULL)
return;
/* content */
if (pmt->sgh->mpm_ctx != NULL && pmt->sgh->mpm_ctx->Cleanup != NULL) {
pmt->sgh->mpm_ctx->Cleanup(&pmt->mtc);
if (det_ctx->sgh->mpm_ctx != NULL && det_ctx->sgh->mpm_ctx->Cleanup != NULL) {
det_ctx->sgh->mpm_ctx->Cleanup(&det_ctx->mtc);
}
/* uricontent */
if (pmt->sgh->mpm_uri_ctx != NULL && pmt->sgh->mpm_uri_ctx->Cleanup != NULL) {
pmt->sgh->mpm_uri_ctx->Cleanup(&pmt->mtcu);
if (det_ctx->sgh->mpm_uri_ctx != NULL && det_ctx->sgh->mpm_uri_ctx->Cleanup != NULL) {
det_ctx->sgh->mpm_uri_ctx->Cleanup(&det_ctx->mtcu);
}
}

4
src/detect-flow.c
Unescape Escape View File

@ -78,14 +78,14 @@ error:
* \todo We need to add support for no_stream and stream_only flag checking
*
* \param t pointer to thread vars
* \param pmt pointer to the pattern matcher thread
* \param det_ctx pointer to the pattern matcher thread
* \param p pointer to the current packet
* \param m pointer to the sigmatch that we will cast into DetectFlowData
*
* \retval 0 no match
* \retval 1 match
*/
int DetectFlowMatch (ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signature *s, SigMatch *m)
int DetectFlowMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, SigMatch *m)
{
uint8_t cnt = 0;
DetectFlowData *fd = (DetectFlowData *)m->ctx;

2
src/detect-flowbits.c
Unescape Escape View File

@ -101,7 +101,7 @@ static int DetectFlowbitMatchIsnotset (Packet *p, DetectFlowbitsData *fd) {
* -1: error
*/
int DetectFlowbitMatch (ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signature *s, SigMatch *m)
int DetectFlowbitMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, SigMatch *m)
{
DetectFlowbitsData *fd = (DetectFlowbitsData *)m->ctx;
if (fd == NULL)

2
src/detect-flowvar.c
Unescape Escape View File

@ -59,7 +59,7 @@ error:
* -1: error
*/
int DetectFlowvarMatch (ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signature *s, SigMatch *m)
int DetectFlowvarMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, SigMatch *m)
{
int ret = 0;
DetectFlowvarData *fd = (DetectFlowvarData *)m->ctx;

64
src/detect-pcre.c
Unescape Escape View File

@ -79,7 +79,7 @@ error:
* -1: error
*/
int DetectPcreMatch (ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signature *s, SigMatch *m)
int DetectPcreMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, SigMatch *m)
{
#define MAX_SUBSTRINGS 30
int ret = 0;
@ -92,11 +92,11 @@ int DetectPcreMatch (ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signa
DetectPcreData *pe = (DetectPcreData *)m->ctx;
if (s->flags & SIG_FLAG_RECURSIVE) {
ptr = pmt->pkt_ptr ? pmt->pkt_ptr : p->payload;
len = p->payload_len - pmt->pkt_off;
ptr = det_ctx->pkt_ptr ? det_ctx->pkt_ptr : p->payload;
len = p->payload_len - det_ctx->pkt_off;
} else if (pe->flags & DETECT_PCRE_RELATIVE) {
ptr = pmt->pkt_ptr;
len = p->payload_len - pmt->pkt_off;
ptr = det_ctx->pkt_ptr;
len = p->payload_len - det_ctx->pkt_off;
if (ptr == NULL || len == 0)
return 0;
} else {
@ -113,42 +113,42 @@ int DetectPcreMatch (ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signa
ret = pcre_get_substring((char *)ptr, ov, MAX_SUBSTRINGS, 1, &str_ptr);
if (ret) {
if (strcmp(pe->capname,"http_uri") == 0) {
p->http_uri.raw[pmt->pkt_cnt] = (uint8_t *)str_ptr;
p->http_uri.raw_size[pmt->pkt_cnt] = ret;
p->http_uri.cnt = pmt->pkt_cnt + 1;
p->http_uri.raw[det_ctx->pkt_cnt] = (uint8_t *)str_ptr;
p->http_uri.raw_size[det_ctx->pkt_cnt] = ret;
p->http_uri.cnt = det_ctx->pkt_cnt + 1;
/* count how many uri's we handle for stats */
pmt->uris++;
det_ctx->uris++;
//printf("DetectPcre: URI pmt->sgh %p, pmt->mcu %p\n", pmt->sgh, pmt->mcu);
//PrintRawUriFp(stdout,p->http_uri.raw[pmt->pkt_cnt],p->http_uri.raw_size[pmt->pkt_cnt]);
//printf(" (pkt_cnt %" PRIu32 ", mcu %p)\n", pmt->pkt_cnt, pmt->mcu);
//printf("DetectPcre: URI det_ctx->sgh %p, det_ctx->mcu %p\n", det_ctx->sgh, det_ctx->mcu);
//PrintRawUriFp(stdout,p->http_uri.raw[det_ctx->pkt_cnt],p->http_uri.raw_size[det_ctx->pkt_cnt]);
//printf(" (pkt_cnt %" PRIu32 ", mcu %p)\n", det_ctx->pkt_cnt, det_ctx->mcu);
/* don't bother scanning if we don't have a pattern matcher ctx
* which means we don't have uricontent sigs */
if (pmt->sgh->mpm_uri_ctx != NULL) {
if (pmt->sgh->mpm_uricontent_maxlen <= p->http_uri.raw_size[pmt->pkt_cnt]) {
if (pmt->sgh->mpm_uricontent_maxlen == 1) pmt->pkts_uri_scanned1++;
else if (pmt->sgh->mpm_uricontent_maxlen == 2) pmt->pkts_uri_scanned2++;
else if (pmt->sgh->mpm_uricontent_maxlen == 3) pmt->pkts_uri_scanned3++;
else if (pmt->sgh->mpm_uricontent_maxlen == 4) pmt->pkts_uri_scanned4++;
else pmt->pkts_uri_scanned++;
pmt->pmq.mode = PMQ_MODE_SCAN;
ret = pmt->sgh->mpm_uri_ctx->Scan(pmt->sgh->mpm_uri_ctx, &pmt->mtcu, &pmt->pmq, p->http_uri.raw[pmt->pkt_cnt], p->http_uri.raw_size[pmt->pkt_cnt]);
if (det_ctx->sgh->mpm_uri_ctx != NULL) {
if (det_ctx->sgh->mpm_uricontent_maxlen <= p->http_uri.raw_size[det_ctx->pkt_cnt]) {
if (det_ctx->sgh->mpm_uricontent_maxlen == 1) det_ctx->pkts_uri_scanned1++;
else if (det_ctx->sgh->mpm_uricontent_maxlen == 2) det_ctx->pkts_uri_scanned2++;
else if (det_ctx->sgh->mpm_uricontent_maxlen == 3) det_ctx->pkts_uri_scanned3++;
else if (det_ctx->sgh->mpm_uricontent_maxlen == 4) det_ctx->pkts_uri_scanned4++;
else det_ctx->pkts_uri_scanned++;
det_ctx->pmq.mode = PMQ_MODE_SCAN;
ret = det_ctx->sgh->mpm_uri_ctx->Scan(det_ctx->sgh->mpm_uri_ctx, &det_ctx->mtcu, &det_ctx->pmq, p->http_uri.raw[det_ctx->pkt_cnt], p->http_uri.raw_size[det_ctx->pkt_cnt]);
if (ret > 0) {
if (pmt->sgh->mpm_uricontent_maxlen == 1) pmt->pkts_uri_searched1++;
else if (pmt->sgh->mpm_uricontent_maxlen == 2) pmt->pkts_uri_searched2++;
else if (pmt->sgh->mpm_uricontent_maxlen == 3) pmt->pkts_uri_searched3++;
else if (pmt->sgh->mpm_uricontent_maxlen == 4) pmt->pkts_uri_searched4++;
else pmt->pkts_uri_searched++;
if (det_ctx->sgh->mpm_uricontent_maxlen == 1) det_ctx->pkts_uri_searched1++;
else if (det_ctx->sgh->mpm_uricontent_maxlen == 2) det_ctx->pkts_uri_searched2++;
else if (det_ctx->sgh->mpm_uricontent_maxlen == 3) det_ctx->pkts_uri_searched3++;
else if (det_ctx->sgh->mpm_uricontent_maxlen == 4) det_ctx->pkts_uri_searched4++;
else det_ctx->pkts_uri_searched++;
pmt->pmq.mode = PMQ_MODE_SEARCH;
ret += pmt->sgh->mpm_uri_ctx->Search(pmt->sgh->mpm_uri_ctx, &pmt->mtcu, &pmt->pmq, p->http_uri.raw[pmt->pkt_cnt], p->http_uri.raw_size[pmt->pkt_cnt]);
det_ctx->pmq.mode = PMQ_MODE_SEARCH;
ret += det_ctx->sgh->mpm_uri_ctx->Search(det_ctx->sgh->mpm_uri_ctx, &det_ctx->mtcu, &det_ctx->pmq, p->http_uri.raw[det_ctx->pkt_cnt], p->http_uri.raw_size[det_ctx->pkt_cnt]);
/* indicate to uricontent that we have a uri,
* we scanned it _AND_ we found pattern matches. */
pmt->de_have_httpuri = 1;
det_ctx->de_have_httpuri = 1;
}
}
}
@ -163,8 +163,8 @@ int DetectPcreMatch (ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signa
}
/* update ptrs for pcre RELATIVE */
pmt->pkt_ptr = ptr+ov[1];
pmt->pkt_off = (ptr+ov[1]) - p->payload;
det_ctx->pkt_ptr = ptr+ov[1];
det_ctx->pkt_off = (ptr+ov[1]) - p->payload;
//printf("DetectPcre: post match: t->pkt_ptr %p t->pkt_off %" PRIu32 "\n", t->pkt_ptr, t->pkt_off);
ret = 1;

2
src/detect-pktvar.c
Unescape Escape View File

@ -57,7 +57,7 @@ error:
* -1: error
*/
int DetectPktvarMatch (ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signature *s, SigMatch *m)
int DetectPktvarMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, SigMatch *m)
{
int ret = 0;
DetectPktvarData *pd = (DetectPktvarData *)m->ctx;

36
src/detect-uricontent.c
Unescape Escape View File

@ -114,14 +114,14 @@ TestOffsetDepth(MpmMatch *m, DetectUricontentData *co) {
* that turn out to fail being followed by full matches later in the
* packet. This adds some runtime complexity however. */
static inline int
TestWithinDistanceOffsetDepth(ThreadVars *t, DetectEngineThreadCtx *pmt, MpmMatch *m, SigMatch *nsm)
TestWithinDistanceOffsetDepth(ThreadVars *t, DetectEngineThreadCtx *det_ctx, MpmMatch *m, SigMatch *nsm)
{
//printf("test_nextsigmatch m:%p, nsm:%p\n", m,nsm);
if (nsm == NULL)
return 1;
DetectUricontentData *co = (DetectUricontentData *)nsm->ctx;
MpmMatch *nm = pmt->mtcu.match[co->id].top;
MpmMatch *nm = det_ctx->mtcu.match[co->id].top;
for (; nm; nm = nm->next) {
//printf("test_nextsigmatch: (nm->offset+1) %" PRIu32 ", (m->offset+1) %" PRIu32 "\n", (nm->offset+1), (m->offset+1));
@ -138,7 +138,7 @@ TestWithinDistanceOffsetDepth(ThreadVars *t, DetectEngineThreadCtx *pmt, MpmMatc
{
if (TestOffsetDepth(nm, co) == 1) {
//printf("test_nextsigmatch: DISTANCE (nm->offset+1) %" PRIu32 ", (m->offset+1) %" PRIu32 "\n", (nm->offset+1), (m->offset+1));
return TestWithinDistanceOffsetDepth(t, pmt, nm, nsm->next);
return TestWithinDistanceOffsetDepth(t, det_ctx, nm, nsm->next);
}
}
}
@ -147,34 +147,34 @@ TestWithinDistanceOffsetDepth(ThreadVars *t, DetectEngineThreadCtx *pmt, MpmMatc
}
static inline int
DoDetectUricontent(ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, SigMatch *sm, DetectUricontentData *co)
DoDetectUricontent(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, SigMatch *sm, DetectUricontentData *co)
{
int ret = 0;
char match = 0;
/* Get the top match, we already know we have one. */
MpmMatch *m = pmt->mtcu.match[co->id].top;
MpmMatch *m = det_ctx->mtcu.match[co->id].top;
/* if we have within or distance coming up next, check this match
* for distance and/or within and check the rest of this match
* chain as well. */
if ((co->flags & DETECT_URICONTENT_WITHIN_NEXT ||
co->flags & DETECT_URICONTENT_DISTANCE_NEXT) &&
pmt->de_checking_distancewithin == 0)
det_ctx->de_checking_distancewithin == 0)
{
/* indicate to the detection engine the next sigmatch(es)
* are part of this match chain */
pmt->de_checking_distancewithin = 1;
det_ctx->de_checking_distancewithin = 1;
for (; m != NULL; m = m->next) {
/* first check our match for offset and depth */
if (TestOffsetDepth(m, co) == 1) {
ret = TestWithinDistanceOffsetDepth(t, pmt, m, sm->next);
ret = TestWithinDistanceOffsetDepth(t, det_ctx, m, sm->next);
if (ret == 1) {
/* update pkt ptrs, content doesn't use this,
* but pcre does */
pmt->pkt_ptr = p->payload + m->offset;
pmt->pkt_off = m->offset;
det_ctx->pkt_ptr = p->payload + m->offset;
det_ctx->pkt_off = m->offset;
match = 1;
break;
}
@ -191,7 +191,7 @@ DoDetectUricontent(ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, SigMatc
} else if (co->flags & DETECT_URICONTENT_WITHIN ||
co->flags & DETECT_URICONTENT_DISTANCE)
{
pmt->de_checking_distancewithin = 0;
det_ctx->de_checking_distancewithin = 0;
match = 1;
/* Getting here means we are not in checking an within/distance chain.
* This means we can just inspect this content match on it's own. So
@ -204,8 +204,8 @@ DoDetectUricontent(ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, SigMatc
if (ret == 1) {
/* update pkt ptrs, content doesn't use this,
* but pcre does */
pmt->pkt_ptr = p->payload + m->offset;
pmt->pkt_off = m->offset;
det_ctx->pkt_ptr = p->payload + m->offset;
det_ctx->pkt_off = m->offset;
match = 1;
break;
}
@ -221,18 +221,18 @@ DoDetectUricontent(ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, SigMatc
* -1: error
*/
int DetectUricontentMatch (ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p, Signature *s, SigMatch *m)
int DetectUricontentMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, SigMatch *m)
{
uint32_t len = 0;
/* if we don't have a uri, don't bother scanning */
if (pmt->de_have_httpuri == 0)
if (det_ctx->de_have_httpuri == 0)
return 0;
DetectUricontentData *co = (DetectUricontentData *)m->ctx;
/* see if we had a match */
len = pmt->mtcu.match[co->id].len;
len = det_ctx->mtcu.match[co->id].len;
if (len == 0)
return 0;
@ -242,13 +242,13 @@ int DetectUricontentMatch (ThreadVars *t, DetectEngineThreadCtx *pmt, Packet *p,
printf("\' matched %" PRIu32 " time(s) at offsets: ", len);
MpmMatch *tmpm = NULL;
for (tmpm = pmt->mtcu.match[co->id].top; tmpm != NULL; tmpm = tmpm->next) {
for (tmpm = det_ctx->mtcu.match[co->id].top; tmpm != NULL; tmpm = tmpm->next) {
printf("%" PRIu32 " ", tmpm->offset);
}
printf("\n");
#endif
return DoDetectUricontent(t, pmt, p, m, co);
return DoDetectUricontent(t, det_ctx, p, m, co);
}
int DetectUricontentSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *contentstr)

396
src/detect.c
Unescape Escape View File

@ -73,71 +73,71 @@ void TmModuleDetectRegister (void) {
}
void DetectExitPrintStats(ThreadVars *tv, void *data) {
DetectEngineThreadCtx *pmt = (DetectEngineThreadCtx *)data;
if (pmt == NULL)
DetectEngineThreadCtx *det_ctx = (DetectEngineThreadCtx *)data;
if (det_ctx == NULL)
return;
printf(" - (%s) (1byte) Pkts %" PRIu32 ", Scanned %" PRIu32 " (%02.1f), Searched %" PRIu32 " (%02.1f): %02.1f%%.\n", tv->name,
pmt->pkts, pmt->pkts_scanned1,
(float)(pmt->pkts_scanned1/(float)(pmt->pkts)*100),
pmt->pkts_searched1,
(float)(pmt->pkts_searched1/(float)(pmt->pkts)*100),
(float)(pmt->pkts_searched1/(float)(pmt->pkts_scanned1)*100));
det_ctx->pkts, det_ctx->pkts_scanned1,
(float)(det_ctx->pkts_scanned1/(float)(det_ctx->pkts)*100),
det_ctx->pkts_searched1,
(float)(det_ctx->pkts_searched1/(float)(det_ctx->pkts)*100),
(float)(det_ctx->pkts_searched1/(float)(det_ctx->pkts_scanned1)*100));
printf(" - (%s) (2byte) Pkts %" PRIu32 ", Scanned %" PRIu32 " (%02.1f), Searched %" PRIu32 " (%02.1f): %02.1f%%.\n", tv->name,
pmt->pkts, pmt->pkts_scanned2,
(float)(pmt->pkts_scanned2/(float)(pmt->pkts)*100),
pmt->pkts_searched2,
(float)(pmt->pkts_searched2/(float)(pmt->pkts)*100),
(float)(pmt->pkts_searched2/(float)(pmt->pkts_scanned2)*100));
det_ctx->pkts, det_ctx->pkts_scanned2,
(float)(det_ctx->pkts_scanned2/(float)(det_ctx->pkts)*100),
det_ctx->pkts_searched2,
(float)(det_ctx->pkts_searched2/(float)(det_ctx->pkts)*100),
(float)(det_ctx->pkts_searched2/(float)(det_ctx->pkts_scanned2)*100));
printf(" - (%s) (3byte) Pkts %" PRIu32 ", Scanned %" PRIu32 " (%02.1f), Searched %" PRIu32 " (%02.1f): %02.1f%%.\n", tv->name,
pmt->pkts, pmt->pkts_scanned3,
(float)(pmt->pkts_scanned3/(float)(pmt->pkts)*100),
pmt->pkts_searched3,
(float)(pmt->pkts_searched3/(float)(pmt->pkts)*100),
(float)(pmt->pkts_searched3/(float)(pmt->pkts_scanned3)*100));
det_ctx->pkts, det_ctx->pkts_scanned3,
(float)(det_ctx->pkts_scanned3/(float)(det_ctx->pkts)*100),
det_ctx->pkts_searched3,
(float)(det_ctx->pkts_searched3/(float)(det_ctx->pkts)*100),
(float)(det_ctx->pkts_searched3/(float)(det_ctx->pkts_scanned3)*100));
printf(" - (%s) (4byte) Pkts %" PRIu32 ", Scanned %" PRIu32 " (%02.1f), Searched %" PRIu32 " (%02.1f): %02.1f%%.\n", tv->name,
pmt->pkts, pmt->pkts_scanned4,
(float)(pmt->pkts_scanned4/(float)(pmt->pkts)*100),
pmt->pkts_searched4,
(float)(pmt->pkts_searched4/(float)(pmt->pkts)*100),
(float)(pmt->pkts_searched4/(float)(pmt->pkts_scanned4)*100));
det_ctx->pkts, det_ctx->pkts_scanned4,
(float)(det_ctx->pkts_scanned4/(float)(det_ctx->pkts)*100),
det_ctx->pkts_searched4,
(float)(det_ctx->pkts_searched4/(float)(det_ctx->pkts)*100),
(float)(det_ctx->pkts_searched4/(float)(det_ctx->pkts_scanned4)*100));
printf(" - (%s) (+byte) Pkts %" PRIu32 ", Scanned %" PRIu32 " (%02.1f), Searched %" PRIu32 " (%02.1f): %02.1f%%.\n", tv->name,
pmt->pkts, pmt->pkts_scanned,
(float)(pmt->pkts_scanned/(float)(pmt->pkts)*100),
pmt->pkts_searched,
(float)(pmt->pkts_searched/(float)(pmt->pkts)*100),
(float)(pmt->pkts_searched/(float)(pmt->pkts_scanned)*100));
det_ctx->pkts, det_ctx->pkts_scanned,
(float)(det_ctx->pkts_scanned/(float)(det_ctx->pkts)*100),
det_ctx->pkts_searched,
(float)(det_ctx->pkts_searched/(float)(det_ctx->pkts)*100),
(float)(det_ctx->pkts_searched/(float)(det_ctx->pkts_scanned)*100));
printf(" - (%s) URI (1byte) Uri's %" PRIu32 ", Scanned %" PRIu32 " (%02.1f), Searched %" PRIu32 " (%02.1f): %02.1f%%.\n", tv->name,
pmt->uris, pmt->pkts_uri_scanned1,
(float)(pmt->pkts_uri_scanned1/(float)(pmt->uris)*100),
pmt->pkts_uri_searched1,
(float)(pmt->pkts_uri_searched1/(float)(pmt->uris)*100),
(float)(pmt->pkts_uri_searched1/(float)(pmt->pkts_uri_scanned1)*100));
det_ctx->uris, det_ctx->pkts_uri_scanned1,
(float)(det_ctx->pkts_uri_scanned1/(float)(det_ctx->uris)*100),
det_ctx->pkts_uri_searched1,
(float)(det_ctx->pkts_uri_searched1/(float)(det_ctx->uris)*100),
(float)(det_ctx->pkts_uri_searched1/(float)(det_ctx->pkts_uri_scanned1)*100));
printf(" - (%s) URI (2byte) Uri's %" PRIu32 ", Scanned %" PRIu32 " (%02.1f), Searched %" PRIu32 " (%02.1f): %02.1f%%.\n", tv->name,
pmt->uris, pmt->pkts_uri_scanned2,
(float)(pmt->pkts_uri_scanned2/(float)(pmt->uris)*100),
pmt->pkts_uri_searched2,
(float)(pmt->pkts_uri_searched2/(float)(pmt->uris)*100),
(float)(pmt->pkts_uri_searched2/(float)(pmt->pkts_uri_scanned2)*100));
det_ctx->uris, det_ctx->pkts_uri_scanned2,
(float)(det_ctx->pkts_uri_scanned2/(float)(det_ctx->uris)*100),
det_ctx->pkts_uri_searched2,
(float)(det_ctx->pkts_uri_searched2/(float)(det_ctx->uris)*100),
(float)(det_ctx->pkts_uri_searched2/(float)(det_ctx->pkts_uri_scanned2)*100));
printf(" - (%s) URI (3byte) Uri's %" PRIu32 ", Scanned %" PRIu32 " (%02.1f), Searched %" PRIu32 " (%02.1f): %02.1f%%.\n", tv->name,
pmt->uris, pmt->pkts_uri_scanned3,
(float)(pmt->pkts_uri_scanned3/(float)(pmt->uris)*100),
pmt->pkts_uri_searched3,
(float)(pmt->pkts_uri_searched3/(float)(pmt->uris)*100),
(float)(pmt->pkts_uri_searched3/(float)(pmt->pkts_uri_scanned3)*100));
det_ctx->uris, det_ctx->pkts_uri_scanned3,
(float)(det_ctx->pkts_uri_scanned3/(float)(det_ctx->uris)*100),
det_ctx->pkts_uri_searched3,
(float)(det_ctx->pkts_uri_searched3/(float)(det_ctx->uris)*100),
(float)(det_ctx->pkts_uri_searched3/(float)(det_ctx->pkts_uri_scanned3)*100));
printf(" - (%s) URI (4byte) Uri's %" PRIu32 ", Scanned %" PRIu32 " (%02.1f), Searched %" PRIu32 " (%02.1f): %02.1f%%.\n", tv->name,
pmt->uris, pmt->pkts_uri_scanned4,
(float)(pmt->pkts_uri_scanned4/(float)(pmt->uris)*100),
pmt->pkts_uri_searched4,
(float)(pmt->pkts_uri_searched4/(float)(pmt->uris)*100),
(float)(pmt->pkts_uri_searched4/(float)(pmt->pkts_uri_scanned4)*100));
det_ctx->uris, det_ctx->pkts_uri_scanned4,
(float)(det_ctx->pkts_uri_scanned4/(float)(det_ctx->uris)*100),
det_ctx->pkts_uri_searched4,
(float)(det_ctx->pkts_uri_searched4/(float)(det_ctx->uris)*100),
(float)(det_ctx->pkts_uri_searched4/(float)(det_ctx->pkts_uri_scanned4)*100));
printf(" - (%s) URI (+byte) Uri's %" PRIu32 ", Scanned %" PRIu32 " (%02.1f), Searched %" PRIu32 " (%02.1f): %02.1f%%.\n", tv->name,
pmt->uris, pmt->pkts_uri_scanned,
(float)(pmt->pkts_uri_scanned/(float)(pmt->uris)*100),
pmt->pkts_uri_searched,
(float)(pmt->pkts_uri_searched/(float)(pmt->uris)*100),
(float)(pmt->pkts_uri_searched/(float)(pmt->pkts_uri_scanned)*100));
det_ctx->uris, det_ctx->pkts_uri_scanned,
(float)(det_ctx->pkts_uri_scanned/(float)(det_ctx->uris)*100),
det_ctx->pkts_uri_searched,
(float)(det_ctx->pkts_uri_searched/(float)(det_ctx->uris)*100),
(float)(det_ctx->pkts_uri_searched/(float)(det_ctx->pkts_uri_scanned)*100));
}
void SigLoadSignatures (char *sig_file)
@ -347,7 +347,7 @@ int PacketAlertAppend(Packet *p, uint8_t gid, uint32_t sid, uint8_t rev, uint8_t
return 0;
}
static inline SigGroupHead *SigMatchSignaturesGetSgh(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *pmt, Packet *p) {
static inline SigGroupHead *SigMatchSignaturesGetSgh(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p) {
int ds,f;
SigGroupHead *sgh = NULL;
@ -372,7 +372,7 @@ static inline SigGroupHead *SigMatchSignaturesGetSgh(ThreadVars *th_v, DetectEng
if (ag->port == NULL) {
sgh = ag->sh;
//printf("SigMatchSignatures: mc %p, mcu %p\n", pmt->mc, pmt->mcu);
//printf("SigMatchSignatures: mc %p, mcu %p\n", det_ctx->mc, det_ctx->mcu);
//printf("sigs %" PRIu32 "\n", ag->sh->sig_cnt);
} else {
//printf("SigMatchSignatures: we have ports\n");
@ -391,19 +391,19 @@ static inline SigGroupHead *SigMatchSignaturesGetSgh(ThreadVars *th_v, DetectEng
return sgh;
}
int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *pmt, Packet *p)
int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
{
int match = 0, fmatch = 0;
Signature *s = NULL;
SigMatch *sm = NULL;
uint32_t idx,sig;
pmt->pkts++;
det_ctx->pkts++;
/* match the ip only signatures */
if ((p->flowflags & FLOW_PKT_TOSERVER && !(p->flowflags & FLOW_PKT_TOSERVER_IPONLY_SET)) ||
(p->flowflags & FLOW_PKT_TOCLIENT && !(p->flowflags & FLOW_PKT_TOCLIENT_IPONLY_SET))) {
IPOnlyMatchPacket(de_ctx, &de_ctx->io_ctx, &pmt->io_ctx, p);
IPOnlyMatchPacket(de_ctx, &de_ctx->io_ctx, &det_ctx->io_ctx, p);
/* save in the flow that we scanned this direction... locking is
* done in the FlowSetIPOnlyFlag function. */
if (p->flow != NULL)
@ -411,65 +411,65 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
}
/* we assume we don't have an uri when we start inspection */
pmt->de_have_httpuri = 0;
det_ctx->de_have_httpuri = 0;
pmt->sgh = SigMatchSignaturesGetSgh(th_v, de_ctx, pmt, p);
det_ctx->sgh = SigMatchSignaturesGetSgh(th_v, de_ctx, det_ctx, p);
/* if we didn't get a sig group head, we
* have nothing to do.... */
if (pmt->sgh == NULL) {
if (det_ctx->sgh == NULL) {
//printf("SigMatchSignatures: no sgh\n");
return 0;
}
if (p->payload_len > 0 && pmt->sgh->mpm_ctx != NULL) {
if (p->payload_len > 0 && det_ctx->sgh->mpm_ctx != NULL) {
/* run the pattern matcher against the packet */
if (pmt->sgh->mpm_content_maxlen > p->payload_len) {
if (det_ctx->sgh->mpm_content_maxlen > p->payload_len) {
//printf("Not scanning as pkt payload is smaller than the largest content length we need to match");
} else {
uint32_t cnt = 0;
//printf("scan: (%p, maxlen %" PRIu32 ", cnt %" PRIu32 ")\n", pmt->sgh, pmt->sgh->mpm_content_maxlen, pmt->sgh->sig_cnt);
//printf("scan: (%p, maxlen %" PRIu32 ", cnt %" PRIu32 ")\n", det_ctx->sgh, det_ctx->sgh->mpm_content_maxlen, det_ctx->sgh->sig_cnt);
/* scan, but only if the noscan flag isn't set */
if (!(pmt->sgh->flags & SIG_GROUP_HEAD_MPM_NOSCAN)) {
if (pmt->sgh->mpm_content_maxlen == 1) pmt->pkts_scanned1++;
else if (pmt->sgh->mpm_content_maxlen == 2) pmt->pkts_scanned2++;
else if (pmt->sgh->mpm_content_maxlen == 3) pmt->pkts_scanned3++;
else if (pmt->sgh->mpm_content_maxlen == 4) pmt->pkts_scanned4++;
else pmt->pkts_scanned++;
cnt += PacketPatternScan(th_v, pmt, p);
}
//if (cnt != pmt->pmq.searchable)
//printf("post scan: cnt %" PRIu32 ", searchable %" PRIu32 "\n", cnt, pmt->pmq.searchable);
if (pmt->sgh->flags & SIG_GROUP_HEAD_MPM_NOSCAN || pmt->pmq.searchable > 0) {
if (!(det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_NOSCAN)) {
if (det_ctx->sgh->mpm_content_maxlen == 1) det_ctx->pkts_scanned1++;
else if (det_ctx->sgh->mpm_content_maxlen == 2) det_ctx->pkts_scanned2++;
else if (det_ctx->sgh->mpm_content_maxlen == 3) det_ctx->pkts_scanned3++;
else if (det_ctx->sgh->mpm_content_maxlen == 4) det_ctx->pkts_scanned4++;
else det_ctx->pkts_scanned++;
cnt += PacketPatternScan(th_v, det_ctx, p);
}
//if (cnt != det_ctx->pmq.searchable)
//printf("post scan: cnt %" PRIu32 ", searchable %" PRIu32 "\n", cnt, det_ctx->pmq.searchable);
if (det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_NOSCAN || det_ctx->pmq.searchable > 0) {
//printf("now search\n");
if (pmt->sgh->mpm_content_maxlen == 1) pmt->pkts_searched1++;
else if (pmt->sgh->mpm_content_maxlen == 2) pmt->pkts_searched2++;
else if (pmt->sgh->mpm_content_maxlen == 3) pmt->pkts_searched3++;
else if (pmt->sgh->mpm_content_maxlen == 4) pmt->pkts_searched4++;
else pmt->pkts_searched++;
if (det_ctx->sgh->mpm_content_maxlen == 1) det_ctx->pkts_searched1++;
else if (det_ctx->sgh->mpm_content_maxlen == 2) det_ctx->pkts_searched2++;
else if (det_ctx->sgh->mpm_content_maxlen == 3) det_ctx->pkts_searched3++;
else if (det_ctx->sgh->mpm_content_maxlen == 4) det_ctx->pkts_searched4++;
else det_ctx->pkts_searched++;
cnt += PacketPatternMatch(th_v, pmt, p);
cnt += PacketPatternMatch(th_v, det_ctx, p);
// printf("RAW: cnt %" PRIu32 ", pmt->pmq.sig_id_array_cnt %" PRIu32 "\n", cnt, pmt->pmq.sig_id_array_cnt);
// printf("RAW: cnt %" PRIu32 ", det_ctx->pmq.sig_id_array_cnt %" PRIu32 "\n", cnt, det_ctx->pmq.sig_id_array_cnt);
}
pmt->pmq.searchable = 0;
det_ctx->pmq.searchable = 0;
}
}
/* inspect the sigs against the packet */
for (idx = 0; idx < pmt->sgh->sig_cnt; idx++) {
//for (idx = 0; idx < pmt->pmq.sig_id_array_cnt; idx++) {
sig = pmt->sgh->match_array[idx];
//sig = pmt->pmq.sig_id_array[idx];
for (idx = 0; idx < det_ctx->sgh->sig_cnt; idx++) {
//for (idx = 0; idx < det_ctx->pmq.sig_id_array_cnt; idx++) {
sig = det_ctx->sgh->match_array[idx];
//sig = det_ctx->pmq.sig_id_array[idx];
s = de_ctx->sig_array[sig];
/* filter out sigs that want pattern matches, but
* have no matches */
if (!(pmt->pmq.sig_bitarray[(sig / 8)] & (1<<(sig % 8))) &&
if (!(det_ctx->pmq.sig_bitarray[(sig / 8)] & (1<<(sig % 8))) &&
(s->flags & SIG_FLAG_MPM))
continue;
//printf("idx %" PRIu32 ", pmt->pmq.sig_id_array_cnt %" PRIu32 ", s->id %" PRIu32 " (MPM? %s)\n", idx, pmt->pmq.sig_id_array_cnt, s->id, s->flags & SIG_FLAG_MPM ? "TRUE":"FALSE");
//printf("idx %" PRIu32 ", det_ctx->pmq.sig_id_array_cnt %" PRIu32 ", s->id %" PRIu32 " (MPM? %s)\n", idx, det_ctx->pmq.sig_id_array_cnt, s->id, s->flags & SIG_FLAG_MPM ? "TRUE":"FALSE");
//printf("Sig %" PRIu32 "\n", s->id);
/* check the source & dst port in the sig */
if (p->proto == IPPROTO_TCP || p->proto == IPPROTO_UDP) {
@ -500,17 +500,17 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
}
/* reset pkt ptr and offset */
pmt->pkt_ptr = NULL;
pmt->pkt_off = 0;
det_ctx->pkt_ptr = NULL;
det_ctx->pkt_off = 0;
if (s->flags & SIG_FLAG_RECURSIVE) {
uint8_t rmatch = 0;
pmt->pkt_cnt = 0;
det_ctx->pkt_cnt = 0;
do {
sm = s->match;
while (sm) {
match = sigmatch_table[sm->type].Match(th_v, pmt, p, s, sm);
match = sigmatch_table[sm->type].Match(th_v, det_ctx, p, s, sm);
if (match) {
/* okay, try the next match */
sm = sm->next;
@ -527,7 +527,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
}
}
rmatch = fmatch = 1;
pmt->pkt_cnt++;
det_ctx->pkt_cnt++;
}
} else {
/* done with this sig */
@ -537,13 +537,13 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
}
/* Limit the number of times we do this recursive thing.
* XXX is this a sane limit? Should it be configurable? */
if (pmt->pkt_cnt == 10)
if (det_ctx->pkt_cnt == 10)
break;
} while (rmatch);
} else {
sm = s->match;
while (sm) {
match = sigmatch_table[sm->type].Match(th_v, pmt, p, s, sm);
match = sigmatch_table[sm->type].Match(th_v, det_ctx, p, s, sm);
if (match) {
/* okay, try the next match */
sm = sm->next;
@ -568,21 +568,21 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
}
/* cleanup pkt specific part of the patternmatcher */
PacketPatternCleanup(th_v, pmt);
PacketPatternCleanup(th_v, det_ctx);
return fmatch;
}
/* tm module api functions */
int Detect(ThreadVars *t, Packet *p, void *data, PacketQueue *pq) {
DetectEngineThreadCtx *pmt = (DetectEngineThreadCtx *)data;
DetectEngineCtx *de_ctx = pmt->de_ctx;
DetectEngineThreadCtx *det_ctx = (DetectEngineThreadCtx *)data;
DetectEngineCtx *de_ctx = det_ctx->de_ctx;
int r = SigMatchSignatures(t,de_ctx,pmt,p);
int r = SigMatchSignatures(t,de_ctx,det_ctx,p);
if (r >= 0) {
return 0;
}
// PerfCounterIncr(pmt->counter_alerts, t->pca);
// PerfCounterIncr(det_ctx->counter_alerts, t->pca);
return 1;
}
@ -2627,7 +2627,7 @@ static int SigTest01Real (int mpm_type) {
uint16_t buflen = strlen((char *)buf);
Packet p;
ThreadVars th_v;
DetectEngineThreadCtx *pmt;
DetectEngineThreadCtx *det_ctx;
int result = 0;
memset(&th_v, 0, sizeof(th_v));
@ -2653,9 +2653,9 @@ static int SigTest01Real (int mpm_type) {
SigGroupBuild(de_ctx);
PatternMatchPrepare(mpm_ctx, mpm_type);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&pmt);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, pmt, &p);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
if (PacketAlertCheck(&p, 1) == 0) {
result = 0;
goto end;
@ -2675,7 +2675,7 @@ static int SigTest01Real (int mpm_type) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)pmt);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
PatternMatchDestroy(mpm_ctx);
DetectEngineCtxFree(de_ctx);
end:
@ -2703,7 +2703,7 @@ static int SigTest02Real (int mpm_type) {
uint16_t buflen = strlen((char *)buf);
Packet p;
ThreadVars th_v;
DetectEngineThreadCtx *pmt;
DetectEngineThreadCtx *det_ctx;
int result = 0;
memset(&th_v, 0, sizeof(th_v));
@ -2729,16 +2729,16 @@ static int SigTest02Real (int mpm_type) {
SigGroupBuild(de_ctx);
PatternMatchPrepare(mpm_ctx,mpm_type);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&pmt);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, pmt, &p);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
if (PacketAlertCheck(&p, 1))
result = 1;
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)pmt);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
PatternMatchDestroy(mpm_ctx);
DetectEngineCtxFree(de_ctx);
end:
@ -2766,7 +2766,7 @@ static int SigTest03Real (int mpm_type) {
uint16_t buflen = strlen((char *)buf);
Packet p;
ThreadVars th_v;
DetectEngineThreadCtx *pmt;
DetectEngineThreadCtx *det_ctx;
int result = 0;
memset(&th_v, 0, sizeof(th_v));
@ -2792,16 +2792,16 @@ static int SigTest03Real (int mpm_type) {
SigGroupBuild(de_ctx);
PatternMatchPrepare(mpm_ctx, mpm_type);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&pmt);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, pmt, &p);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
if (!PacketAlertCheck(&p, 1))
result = 1;
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)pmt);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
PatternMatchDestroy(mpm_ctx);
DetectEngineCtxFree(de_ctx);
end:
@ -2830,7 +2830,7 @@ static int SigTest04Real (int mpm_type) {
Packet p;
ThreadVars th_v;
DetectEngineThreadCtx *pmt;
DetectEngineThreadCtx *det_ctx;
int result = 0;
memset(&th_v, 0, sizeof(th_v));
@ -2856,16 +2856,16 @@ static int SigTest04Real (int mpm_type) {
SigGroupBuild(de_ctx);
PatternMatchPrepare(mpm_ctx, mpm_type);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&pmt);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, pmt, &p);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
if (PacketAlertCheck(&p, 1))
result = 1;
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)pmt);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
PatternMatchDestroy(mpm_ctx);
DetectEngineCtxFree(de_ctx);
end:
@ -2893,7 +2893,7 @@ static int SigTest05Real (int mpm_type) {
uint16_t buflen = strlen((char *)buf);
Packet p;
ThreadVars th_v;
DetectEngineThreadCtx *pmt;
DetectEngineThreadCtx *det_ctx;
int result = 0;
memset(&th_v, 0, sizeof(th_v));
@ -2919,16 +2919,16 @@ static int SigTest05Real (int mpm_type) {
SigGroupBuild(de_ctx);
PatternMatchPrepare(mpm_ctx, mpm_type);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&pmt);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, pmt, &p);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
if (!PacketAlertCheck(&p, 1))
result = 1;
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)pmt);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
PatternMatchDestroy(mpm_ctx);
DetectEngineCtxFree(de_ctx);
end:
@ -2956,7 +2956,7 @@ static int SigTest06Real (int mpm_type) {
uint16_t buflen = strlen((char *)buf);
Packet p;
ThreadVars th_v;
DetectEngineThreadCtx *pmt;
DetectEngineThreadCtx *det_ctx;
int result = 0;
memset(&th_v, 0, sizeof(th_v));
@ -2987,9 +2987,9 @@ static int SigTest06Real (int mpm_type) {
SigGroupBuild(de_ctx);
PatternMatchPrepare(mpm_ctx, mpm_type);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&pmt);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, pmt, &p);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
if (PacketAlertCheck(&p, 1) && PacketAlertCheck(&p, 2))
result = 1;
else
@ -3000,7 +3000,7 @@ static int SigTest06Real (int mpm_type) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)pmt);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
PatternMatchDestroy(mpm_ctx);
DetectEngineCtxFree(de_ctx);
end:
@ -3028,7 +3028,7 @@ static int SigTest07Real (int mpm_type) {
uint16_t buflen = strlen((char *)buf);
Packet p;
ThreadVars th_v;
DetectEngineThreadCtx *pmt;
DetectEngineThreadCtx *det_ctx;
int result = 0;
memset(&th_v, 0, sizeof(th_v));
@ -3059,9 +3059,9 @@ static int SigTest07Real (int mpm_type) {
SigGroupBuild(de_ctx);
PatternMatchPrepare(mpm_ctx, mpm_type);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&pmt);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, pmt, &p);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
if (PacketAlertCheck(&p, 1) && PacketAlertCheck(&p, 2))
result = 0;
else
@ -3070,7 +3070,7 @@ static int SigTest07Real (int mpm_type) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)pmt);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
PatternMatchDestroy(mpm_ctx);
DetectEngineCtxFree(de_ctx);
end:
@ -3098,7 +3098,7 @@ static int SigTest08Real (int mpm_type) {
uint16_t buflen = strlen((char *)buf);
Packet p;
ThreadVars th_v;
DetectEngineThreadCtx *pmt;
DetectEngineThreadCtx *det_ctx;
int result = 0;
memset(&th_v, 0, sizeof(th_v));
@ -3129,9 +3129,9 @@ static int SigTest08Real (int mpm_type) {
SigGroupBuild(de_ctx);
PatternMatchPrepare(mpm_ctx, mpm_type);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&pmt);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, pmt, &p);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
if (PacketAlertCheck(&p, 1) && PacketAlertCheck(&p, 2))
result = 1;
else
@ -3142,7 +3142,7 @@ static int SigTest08Real (int mpm_type) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)pmt);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
PatternMatchDestroy(mpm_ctx);
DetectEngineCtxFree(de_ctx);
end:
@ -3170,7 +3170,7 @@ static int SigTest09Real (int mpm_type) {
uint16_t buflen = strlen((char *)buf);
Packet p;
ThreadVars th_v;
DetectEngineThreadCtx *pmt;
DetectEngineThreadCtx *det_ctx;
int result = 0;
memset(&th_v, 0, sizeof(th_v));
@ -3201,9 +3201,9 @@ static int SigTest09Real (int mpm_type) {
SigGroupBuild(de_ctx);
PatternMatchPrepare(mpm_ctx, mpm_type);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&pmt);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, pmt, &p);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
if (PacketAlertCheck(&p, 1) && PacketAlertCheck(&p, 2))
result = 0;
else
@ -3211,7 +3211,7 @@ static int SigTest09Real (int mpm_type) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)pmt);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
PatternMatchDestroy(mpm_ctx);
DetectEngineCtxFree(de_ctx);
end:
@ -3234,7 +3234,7 @@ static int SigTest10Real (int mpm_type) {
uint16_t buflen = strlen((char *)buf);
Packet p;
ThreadVars th_v;
DetectEngineThreadCtx *pmt;
DetectEngineThreadCtx *det_ctx;
int result = 0;
memset(&th_v, 0, sizeof(th_v));
@ -3265,9 +3265,9 @@ static int SigTest10Real (int mpm_type) {
SigGroupBuild(de_ctx);
PatternMatchPrepare(mpm_ctx, mpm_type);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&pmt);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, pmt, &p);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
if (PacketAlertCheck(&p, 1) && PacketAlertCheck(&p, 2))
result = 0;
else
@ -3275,7 +3275,7 @@ static int SigTest10Real (int mpm_type) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)pmt);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
PatternMatchDestroy(mpm_ctx);
DetectEngineCtxFree(de_ctx);
end:
@ -3298,7 +3298,7 @@ static int SigTest11Real (int mpm_type) {
uint16_t buflen = strlen((char *)buf);
Packet p;
ThreadVars th_v;
DetectEngineThreadCtx *pmt;
DetectEngineThreadCtx *det_ctx;
int result = 0;
memset(&th_v, 0, sizeof(th_v));
@ -3329,9 +3329,9 @@ static int SigTest11Real (int mpm_type) {
SigGroupBuild(de_ctx);
PatternMatchPrepare(mpm_ctx, mpm_type);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&pmt);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, pmt, &p);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
if (PacketAlertCheck(&p, 1) && PacketAlertCheck(&p, 2))
result = 1;
else
@ -3339,7 +3339,7 @@ static int SigTest11Real (int mpm_type) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)pmt);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
PatternMatchDestroy(mpm_ctx);
DetectEngineCtxFree(de_ctx);
end:
@ -3362,7 +3362,7 @@ static int SigTest12Real (int mpm_type) {
uint16_t buflen = strlen((char *)buf);
Packet p;
ThreadVars th_v;
DetectEngineThreadCtx *pmt;
DetectEngineThreadCtx *det_ctx;
int result = 0;
memset(&th_v, 0, sizeof(th_v));
@ -3388,9 +3388,9 @@ static int SigTest12Real (int mpm_type) {
SigGroupBuild(de_ctx);
PatternMatchPrepare(mpm_ctx, mpm_type);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&pmt);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, pmt, &p);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
if (PacketAlertCheck(&p, 1))
result = 1;
else
@ -3398,7 +3398,7 @@ static int SigTest12Real (int mpm_type) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)pmt);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
PatternMatchDestroy(mpm_ctx);
DetectEngineCtxFree(de_ctx);
end:
@ -3421,7 +3421,7 @@ static int SigTest13Real (int mpm_type) {
uint16_t buflen = strlen((char *)buf);
Packet p;
ThreadVars th_v;
DetectEngineThreadCtx *pmt;
DetectEngineThreadCtx *det_ctx;
int result = 0;
memset(&th_v, 0, sizeof(th_v));
@ -3447,9 +3447,9 @@ static int SigTest13Real (int mpm_type) {
SigGroupBuild(de_ctx);
PatternMatchPrepare(mpm_ctx, mpm_type);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&pmt);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, pmt, &p);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
if (PacketAlertCheck(&p, 1))
result = 1;
else
@ -3457,7 +3457,7 @@ static int SigTest13Real (int mpm_type) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)pmt);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
PatternMatchDestroy(mpm_ctx);
DetectEngineCtxFree(de_ctx);
end:
@ -3480,7 +3480,7 @@ static int SigTest14Real (int mpm_type) {
uint16_t buflen = strlen((char *)buf);
Packet p;
ThreadVars th_v;
DetectEngineThreadCtx *pmt;
DetectEngineThreadCtx *det_ctx;
int result = 0;
memset(&th_v, 0, sizeof(th_v));
@ -3506,9 +3506,9 @@ static int SigTest14Real (int mpm_type) {
SigGroupBuild(de_ctx);
PatternMatchPrepare(mpm_ctx, mpm_type);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&pmt);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, pmt, &p);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
if (PacketAlertCheck(&p, 1))
result = 0;
else
@ -3516,7 +3516,7 @@ static int SigTest14Real (int mpm_type) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)pmt);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
PatternMatchDestroy(mpm_ctx);
DetectEngineCtxFree(de_ctx);
end:
@ -3539,7 +3539,7 @@ static int SigTest15Real (int mpm_type) {
uint16_t buflen = strlen((char *)buf);
Packet p;
ThreadVars th_v;
DetectEngineThreadCtx *pmt;
DetectEngineThreadCtx *det_ctx;
int result = 0;
memset(&th_v, 0, sizeof(th_v));
@ -3566,9 +3566,9 @@ static int SigTest15Real (int mpm_type) {
SigGroupBuild(de_ctx);
PatternMatchPrepare(mpm_ctx, mpm_type);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&pmt);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, pmt, &p);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
if (PacketAlertCheck(&p, 2008284))
result = 0;
else
@ -3576,7 +3576,7 @@ static int SigTest15Real (int mpm_type) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)pmt);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
PatternMatchDestroy(mpm_ctx);
DetectEngineCtxFree(de_ctx);
end:
@ -3599,7 +3599,7 @@ static int SigTest16Real (int mpm_type) {
uint16_t buflen = strlen((char *)buf);
Packet p;
ThreadVars th_v;
DetectEngineThreadCtx *pmt;
DetectEngineThreadCtx *det_ctx;
int result = 0;
memset(&th_v, 0, sizeof(th_v));
@ -3625,9 +3625,9 @@ static int SigTest16Real (int mpm_type) {
SigGroupBuild(de_ctx);
PatternMatchPrepare(mpm_ctx, mpm_type);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&pmt);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, pmt, &p);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
if (PacketAlertCheck(&p, 2008284))
result = 1;
else
@ -3635,7 +3635,7 @@ static int SigTest16Real (int mpm_type) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)pmt);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
PatternMatchDestroy(mpm_ctx);
DetectEngineCtxFree(de_ctx);
end:
@ -3663,7 +3663,7 @@ static int SigTest17Real (int mpm_type) {
uint16_t buflen = strlen((char *)buf);
Packet p;
ThreadVars th_v;
DetectEngineThreadCtx *pmt;
DetectEngineThreadCtx *det_ctx;
int result = 0;
memset(&th_v, 0, sizeof(th_v));
@ -3690,9 +3690,9 @@ static int SigTest17Real (int mpm_type) {
SigGroupBuild(de_ctx);
PatternMatchPrepare(mpm_ctx, mpm_type);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&pmt);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, pmt, &p);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
PktVar *pv_hn = PktVarGet(&p, "http_host");
if (pv_hn != NULL) {
if (memcmp(pv_hn->value, "one.example.org", pv_hn->value_len < 15 ? pv_hn->value_len : 15) == 0)
@ -3709,7 +3709,7 @@ static int SigTest17Real (int mpm_type) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)pmt);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
PatternMatchDestroy(mpm_ctx);
DetectEngineCtxFree(de_ctx);
end:
@ -3732,7 +3732,7 @@ static int SigTest18Real (int mpm_type) {
uint16_t buflen = strlen((char *)buf);
Packet p;
ThreadVars th_v;
DetectEngineThreadCtx *pmt;
DetectEngineThreadCtx *det_ctx;
int result = 0;
memset(&th_v, 0, sizeof(th_v));
@ -3760,9 +3760,9 @@ static int SigTest18Real (int mpm_type) {
SigGroupBuild(de_ctx);
PatternMatchPrepare(mpm_ctx, mpm_type);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&pmt);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, pmt, &p);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
if (!PacketAlertCheck(&p, 2003055))
result = 1;
else
@ -3770,7 +3770,7 @@ static int SigTest18Real (int mpm_type) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)pmt);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
PatternMatchDestroy(mpm_ctx);
DetectEngineCtxFree(de_ctx);
end:
@ -3793,7 +3793,7 @@ int SigTest19Real (int mpm_type) {
uint16_t buflen = strlen((char *)buf);
Packet p;
ThreadVars th_v;
DetectEngineThreadCtx *pmt;
DetectEngineThreadCtx *det_ctx;
int result = 0;
memset(&th_v, 0, sizeof(th_v));
@ -3824,10 +3824,10 @@ int SigTest19Real (int mpm_type) {
SigGroupBuild(de_ctx);
PatternMatchPrepare(mpm_ctx, mpm_type);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&pmt);
//DetectEngineIPOnlyThreadInit(de_ctx,&pmt->io_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx);
//DetectEngineIPOnlyThreadInit(de_ctx,&det_ctx->io_ctx);
SigMatchSignatures(&th_v, de_ctx, pmt, &p);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
if (PacketAlertCheck(&p, 999))
result = 1;
else
@ -3835,7 +3835,7 @@ int SigTest19Real (int mpm_type) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)pmt);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
PatternMatchDestroy(mpm_ctx);
DetectEngineCtxFree(de_ctx);
end:
@ -3857,7 +3857,7 @@ static int SigTest20Real (int mpm_type) {
uint16_t buflen = strlen((char *)buf);
Packet p;
ThreadVars th_v;
DetectEngineThreadCtx *pmt;
DetectEngineThreadCtx *det_ctx;
int result = 0;
memset(&th_v, 0, sizeof(th_v));
@ -3888,10 +3888,10 @@ static int SigTest20Real (int mpm_type) {
SigGroupBuild(de_ctx);
PatternMatchPrepare(mpm_ctx, mpm_type);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&pmt);
//DetectEngineIPOnlyThreadInit(de_ctx,&pmt->io_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx);
//DetectEngineIPOnlyThreadInit(de_ctx,&det_ctx->io_ctx);
SigMatchSignatures(&th_v, de_ctx, pmt, &p);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
if (PacketAlertCheck(&p, 999))
result = 1;
else
@ -3899,7 +3899,7 @@ static int SigTest20Real (int mpm_type) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)pmt);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
PatternMatchDestroy(mpm_ctx);
DetectEngineCtxFree(de_ctx);
end:
@ -3919,7 +3919,7 @@ static int SigTest20Wm (void) {
static int SigTest21Real (int mpm_type) {
ThreadVars th_v;
memset(&th_v, 0, sizeof(th_v));
DetectEngineThreadCtx *pmt;
DetectEngineThreadCtx *det_ctx;
int result = 0;
Flow f;
@ -3973,21 +3973,21 @@ static int SigTest21Real (int mpm_type) {
SigGroupBuild(de_ctx);
PatternMatchPrepare(mpm_ctx, mpm_type);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&pmt);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, pmt, &p1);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p1);
if (PacketAlertCheck(&p1, 1)) {
printf("sid 1 alerted, but shouldn't: ");
goto end;
}
SigMatchSignatures(&th_v, de_ctx, pmt, &p2);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p2);
if (PacketAlertCheck(&p2, 2))
result = 1;
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)pmt);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
PatternMatchDestroy(mpm_ctx);
DetectEngineCtxFree(de_ctx);
end:
@ -4007,7 +4007,7 @@ static int SigTest21Wm (void) {
static int SigTest22Real (int mpm_type) {
ThreadVars th_v;
memset(&th_v, 0, sizeof(th_v));
DetectEngineThreadCtx *pmt;
DetectEngineThreadCtx *det_ctx;
int result = 0;
Flow f;
@ -4061,14 +4061,14 @@ static int SigTest22Real (int mpm_type) {
SigGroupBuild(de_ctx);
PatternMatchPrepare(mpm_ctx, mpm_type);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&pmt);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, pmt, &p1);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p1);
if (PacketAlertCheck(&p1, 1)) {
printf("sid 1 alerted, but shouldn't: ");
goto end;
}
SigMatchSignatures(&th_v, de_ctx, pmt, &p2);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p2);
if (!(PacketAlertCheck(&p2, 2)))
result = 1;
else
@ -4077,7 +4077,7 @@ static int SigTest22Real (int mpm_type) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)pmt);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
PatternMatchDestroy(mpm_ctx);
DetectEngineCtxFree(de_ctx);
end:
@ -4096,7 +4096,7 @@ static int SigTest22Wm (void) {
static int SigTest23Real (int mpm_type) {
ThreadVars th_v;
memset(&th_v, 0, sizeof(th_v));
DetectEngineThreadCtx *pmt;
DetectEngineThreadCtx *det_ctx;
int result = 0;
Flow f;
@ -4150,14 +4150,14 @@ static int SigTest23Real (int mpm_type) {
SigGroupBuild(de_ctx);
PatternMatchPrepare(mpm_ctx, mpm_type);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&pmt);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, pmt, &p1);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p1);
if (PacketAlertCheck(&p1, 1)) {
printf("sid 1 alerted, but shouldn't: ");
goto end;
}
SigMatchSignatures(&th_v, de_ctx, pmt, &p2);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p2);
if (PacketAlertCheck(&p2, 2))
result = 1;
else
@ -4166,7 +4166,7 @@ static int SigTest23Real (int mpm_type) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)pmt);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
PatternMatchDestroy(mpm_ctx);
DetectEngineCtxFree(de_ctx);
end:

Write Preview
Loading…
Cancel
Save