detect: put inspect code for MATCH-list into func

Introduce DetectRunInspectRulePacketMatches to inspect the signatures match list.
8 years ago · 40986b1f61
parent 70597066e0
commit 40986b1f61
1 changed files with 36 additions and 23 deletions
--- a/src/detect.c
+++ b/src/detect.c
@ -495,6 +495,40 @@ static inline int DetectRunInspectRuleHeader(
    return 1;
 }

+/* returns 0 if no match, 1 if match */
+static inline int DetectRunInspectRulePacketMatches(
+    ThreadVars *tv,
+    DetectEngineThreadCtx *det_ctx,
+    Packet *p,
+    const Flow *f,
+    const Signature *s)
+{
+    /* run the packet match functions */
+    if (s->sm_arrays[DETECT_SM_LIST_MATCH] != NULL) {
+        KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_MATCH);
+        SigMatchData *smd = s->sm_arrays[DETECT_SM_LIST_MATCH];
+
+        SCLogDebug("running match functions, sm %p", smd);
+        if (smd != NULL) {
+            while (1) {
+                KEYWORD_PROFILING_START;
+                if (sigmatch_table[smd->type].Match(tv, det_ctx, p, s, smd->ctx) <= 0) {
+                    KEYWORD_PROFILING_END(det_ctx, smd->type, 0);
+                    SCLogDebug("no match");
+                    return 0;
+                }
+                KEYWORD_PROFILING_END(det_ctx, smd->type, 1);
+                if (smd->is_last) {
+                    SCLogDebug("match and is_last");
+                    break;
+                }
+                smd++;
+            }
+        }
+    }
+    return 1;
+}
+
 /**
 *  \brief Signature match function
 */
@ -844,29 +878,8 @@ void SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineT
            }
        }

-        /* run the packet match functions */
-        if (s->sm_arrays[DETECT_SM_LIST_MATCH] != NULL) {
-            KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_MATCH);
-            SigMatchData *smd = s->sm_arrays[DETECT_SM_LIST_MATCH];
-
-            SCLogDebug("running match functions, sm %p", smd);
-            if (smd != NULL) {
-                while (1) {
-                    KEYWORD_PROFILING_START;
-                    if (sigmatch_table[smd->type].Match(th_v, det_ctx, p, s, smd->ctx) <= 0) {
-                        KEYWORD_PROFILING_END(det_ctx, smd->type, 0);
-                        SCLogDebug("no match");
-                        goto next;
-                    }
-                    KEYWORD_PROFILING_END(det_ctx, smd->type, 1);
-                    if (smd->is_last) {
-                        SCLogDebug("match and is_last");
-                        break;
-                    }
-                    smd++;
-                }
-            }
-        }
+        if (DetectRunInspectRulePacketMatches(th_v, det_ctx, p, pflow, s) == 0)
+            goto next;

        /* consider stateful sig matches */
        if (sflags & SIG_FLAG_STATE_MATCH) {