aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

content inspection: introduce no_match label

Browse Source
pull/613/head
Victor Julien 12 years ago
parent e416b2cdfb
commit 210eede033
1 changed files with 19 additions and 18 deletions
Show Stats Download Patch File Download Diff File

37
src/detect-engine-content-inspection.c
Unescape Escape View File

@ -176,7 +176,7 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
if (stream_start_offset != 0 && prev_buffer_offset == 0) {
if (depth <= stream_start_offset) {
SCReturnInt(0);
goto no_match;
} else if (depth >= (stream_start_offset + buffer_len)) {
;
} else {
@ -220,7 +220,7 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
if (stream_start_offset != 0 && cd->flags & DETECT_CONTENT_DEPTH) {
if (depth <= stream_start_offset) {
SCReturnInt(0);
goto no_match;
} else if (depth >= (stream_start_offset + buffer_len)) {
;
} else {
@ -253,7 +253,7 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
if (cd->flags & DETECT_CONTENT_NEGATED) {
goto match;
} else {
SCReturnInt(0);
goto no_match;
}
}
@ -279,7 +279,7 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
SCLogDebug("found %p cd negated %s", found, cd->flags & DETECT_CONTENT_NEGATED ? "true" : "false");
if (found == NULL && !(cd->flags & DETECT_CONTENT_NEGATED)) {
SCReturnInt(0);
goto no_match;
} else if (found == NULL && (cd->flags & DETECT_CONTENT_NEGATED)) {
goto match;
} else if (found != NULL && (cd->flags & DETECT_CONTENT_NEGATED)) {
@ -288,7 +288,7 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
* relative keywords */
if (DETECT_CONTENT_IS_SINGLE(cd))
det_ctx->discontinue_matching = 1;
SCReturnInt(0);
goto no_match;
} else {
match_offset = (uint32_t)((found - buffer) + cd->content_len);
SCLogDebug("content %"PRIu32" matched at offset %"PRIu32"", cd->id, match_offset);
@ -312,7 +312,7 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
* error, as the current cd has the DETECT_CONTENT_RELATIVE_NEXT
* flag set. */
if (sm->next == NULL) {
SCReturnInt(0);
goto no_match;
}
SCLogDebug("content %"PRIu32, cd->id);
@ -326,7 +326,7 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
}
if (det_ctx->discontinue_matching)
SCReturnInt(0);
goto no_match;
/* set the previous match offset to the start of this match + 1 */
prev_offset = (match_offset - (cd->content_len - 1));
@ -344,24 +344,24 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
SCLogDebug("det_ctx->buffer_offset + id->dataat %"PRIu32" > %"PRIu32, det_ctx->buffer_offset + id->dataat, buffer_len);
if (id->flags & ISDATAAT_NEGATED)
goto match;
SCReturnInt(0);
goto no_match;
} else {
SCLogDebug("relative isdataat match");
if (id->flags & ISDATAAT_NEGATED)
SCReturnInt(0);
goto no_match;
goto match;
}
} else {
if (id->dataat < buffer_len) {
SCLogDebug("absolute isdataat match");
if (id->flags & ISDATAAT_NEGATED)
SCReturnInt(0);
goto no_match;
goto match;
} else {
SCLogDebug("absolute isdataat mismatch, id->isdataat %"PRIu32", buffer_len %"PRIu32"", id->dataat, buffer_len);
if (id->flags & ISDATAAT_NEGATED)
goto match;
SCReturnInt(0);
goto no_match;
}
}
@ -380,7 +380,7 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
r = DetectPcrePayloadMatch(det_ctx, s, sm, p, f,
buffer, buffer_len);
if (r == 0) {
SCReturnInt(0);
goto no_match;
}
if (!(pe->flags & DETECT_PCRE_RELATIVE_NEXT)) {
@ -401,7 +401,7 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
}
if (det_ctx->discontinue_matching)
SCReturnInt(0);
goto no_match;
det_ctx->buffer_offset = prev_buffer_offset;
det_ctx->pcre_match_start_offset = prev_offset;
@ -431,7 +431,7 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
if (DetectBytetestDoMatch(det_ctx, s, sm, buffer, buffer_len, flags,
offset, value) != 1) {
SCReturnInt(0);
goto no_match;
}
goto match;
@ -457,7 +457,7 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
if (DetectBytejumpDoMatch(det_ctx, s, sm, buffer, buffer_len,
flags, offset) != 1) {
SCReturnInt(0);
goto no_match;
}
goto match;
@ -483,7 +483,7 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
buffer_len,
&det_ctx->bj_values[bed->local_id],
endian) != 1) {
SCReturnInt(0);
goto no_match;
}
goto match;
@ -522,7 +522,7 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
det_ctx->discontinue_matching = 0;
SCReturnInt(0);
goto no_match;
#ifdef HAVE_LUAJIT
}
else if (sm->type == DETECT_LUAJIT) {
@ -534,7 +534,7 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
if (DetectLuajitMatchBuffer(det_ctx, s, sm, buffer, buffer_len,
det_ctx->buffer_offset, f, need_flow_lock) != 1)
{
SCReturnInt(0);
goto no_match;
}
goto match;
#endif
@ -545,6 +545,7 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
#endif
}
no_match:
SCReturnInt(0);
match:

Write Preview
Loading…
Cancel
Save