detect: put inspect code for MATCH-list into func

Introduce DetectRunInspectRulePacketMatches to inspect the signatures
match list.
pull/3133/head
Victor Julien 8 years ago
parent 70597066e0
commit 40986b1f61

@ -495,6 +495,40 @@ static inline int DetectRunInspectRuleHeader(
return 1;
}
/* returns 0 if no match, 1 if match */
static inline int DetectRunInspectRulePacketMatches(
ThreadVars *tv,
DetectEngineThreadCtx *det_ctx,
Packet *p,
const Flow *f,
const Signature *s)
{
/* run the packet match functions */
if (s->sm_arrays[DETECT_SM_LIST_MATCH] != NULL) {
KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_MATCH);
SigMatchData *smd = s->sm_arrays[DETECT_SM_LIST_MATCH];
SCLogDebug("running match functions, sm %p", smd);
if (smd != NULL) {
while (1) {
KEYWORD_PROFILING_START;
if (sigmatch_table[smd->type].Match(tv, det_ctx, p, s, smd->ctx) <= 0) {
KEYWORD_PROFILING_END(det_ctx, smd->type, 0);
SCLogDebug("no match");
return 0;
}
KEYWORD_PROFILING_END(det_ctx, smd->type, 1);
if (smd->is_last) {
SCLogDebug("match and is_last");
break;
}
smd++;
}
}
}
return 1;
}
/**
* \brief Signature match function
*/
@ -844,29 +878,8 @@ void SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineT
}
}
/* run the packet match functions */
if (s->sm_arrays[DETECT_SM_LIST_MATCH] != NULL) {
KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_MATCH);
SigMatchData *smd = s->sm_arrays[DETECT_SM_LIST_MATCH];
SCLogDebug("running match functions, sm %p", smd);
if (smd != NULL) {
while (1) {
KEYWORD_PROFILING_START;
if (sigmatch_table[smd->type].Match(th_v, det_ctx, p, s, smd->ctx) <= 0) {
KEYWORD_PROFILING_END(det_ctx, smd->type, 0);
SCLogDebug("no match");
goto next;
}
KEYWORD_PROFILING_END(det_ctx, smd->type, 1);
if (smd->is_last) {
SCLogDebug("match and is_last");
break;
}
smd++;
}
}
}
if (DetectRunInspectRulePacketMatches(th_v, det_ctx, p, pflow, s) == 0)
goto next;
/* consider stateful sig matches */
if (sflags & SIG_FLAG_STATE_MATCH) {

Loading…
Cancel
Save