aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Optimizations to reduce branch misses

Browse Source
pull/607/head
Victor Julien 12 years ago
parent 64f5129f12
commit 49087f21e4
11 changed files with 97 additions and 94 deletions
Show Stats Download Patch File Download Diff File

18
src/alert-unified2-alert.c
Unescape Escape View File

@ -406,7 +406,7 @@ TmEcode Unified2Alert (ThreadVars *t, Packet *p, void *data, PacketQueue *pq, Pa
Unified2AlertThread *aun = (Unified2AlertThread *)data; Unified2AlertThread *aun = (Unified2AlertThread *)data;
aun->xff_flags = UNIFIED2_ALERT_XFF_DISABLED; aun->xff_flags = UNIFIED2_ALERT_XFF_DISABLED;
if (p->alerts.cnt == 0 && !(p->flags & PKT_HAS_TAG)) if (likely(p->alerts.cnt == 0 && !(p->flags & PKT_HAS_TAG)))
return TM_ECODE_OK; return TM_ECODE_OK;
/* overwrite mode can only work per u2 block, not per individual /* overwrite mode can only work per u2 block, not per individual
@ -878,17 +878,19 @@ int Unified2IPv6TypeAlert (ThreadVars *t, Packet *p, void *data, PacketQueue *pq
{ {
Unified2AlertThread *aun = (Unified2AlertThread *)data; Unified2AlertThread *aun = (Unified2AlertThread *)data;
Unified2AlertFileHeader hdr; Unified2AlertFileHeader hdr;
AlertIPv6Unified2 *phdr = (AlertIPv6Unified2 *)(aun->data + AlertIPv6Unified2 *phdr;
sizeof(Unified2AlertFileHeader));
AlertIPv6Unified2 gphdr; AlertIPv6Unified2 gphdr;
PacketAlert *pa; PacketAlert *pa;
int offset, length; int offset, length;
int ret; int ret;
unsigned int event_id; unsigned int event_id;
if (p->alerts.cnt == 0 && !(p->flags & PKT_HAS_TAG)) if (likely(p->alerts.cnt == 0 && !(p->flags & PKT_HAS_TAG)))
return 0; return 0;
phdr = (AlertIPv6Unified2 *)(aun->data +
sizeof(Unified2AlertFileHeader));
length = (sizeof(Unified2AlertFileHeader) + sizeof(AlertIPv6Unified2)); length = (sizeof(Unified2AlertFileHeader) + sizeof(AlertIPv6Unified2));
offset = length; offset = length;
@ -1062,17 +1064,19 @@ int Unified2IPv4TypeAlert (ThreadVars *tv, Packet *p, void *data, PacketQueue *p
{ {
Unified2AlertThread *aun = (Unified2AlertThread *)data; Unified2AlertThread *aun = (Unified2AlertThread *)data;
Unified2AlertFileHeader hdr; Unified2AlertFileHeader hdr;
AlertIPv4Unified2 *phdr = (AlertIPv4Unified2 *)(aun->data + AlertIPv4Unified2 *phdr;
sizeof(Unified2AlertFileHeader));
AlertIPv4Unified2 gphdr; AlertIPv4Unified2 gphdr;
PacketAlert *pa; PacketAlert *pa;
int offset, length; int offset, length;
int ret; int ret;
unsigned int event_id; unsigned int event_id;
if (p->alerts.cnt == 0 && !(p->flags & PKT_HAS_TAG)) if (likely(p->alerts.cnt == 0 && !(p->flags & PKT_HAS_TAG)))
return 0; return 0;
phdr = (AlertIPv4Unified2 *)(aun->data +
sizeof(Unified2AlertFileHeader));
length = (sizeof(Unified2AlertFileHeader) + sizeof(AlertIPv4Unified2)); length = (sizeof(Unified2AlertFileHeader) + sizeof(AlertIPv4Unified2));
offset = length; offset = length;

4
src/decode-ethernet.c
Unescape Escape View File

@ -42,13 +42,13 @@ void DecodeEthernet(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *p
{ {
SCPerfCounterIncr(dtv->counter_eth, tv->sc_perf_pca); SCPerfCounterIncr(dtv->counter_eth, tv->sc_perf_pca);
if (len < ETHERNET_HEADER_LEN) { if (unlikely(len < ETHERNET_HEADER_LEN)) {
ENGINE_SET_EVENT(p,ETHERNET_PKT_TOO_SMALL); ENGINE_SET_EVENT(p,ETHERNET_PKT_TOO_SMALL);
return; return;
} }
p->ethh = (EthernetHdr *)pkt; p->ethh = (EthernetHdr *)pkt;
if (p->ethh == NULL) if (unlikely(p->ethh == NULL))
return; return;
SCLogDebug("p %p pkt %p ether type %04x", p, pkt, ntohs(p->ethh->eth_type)); SCLogDebug("p %p pkt %p ether type %04x", p, pkt, ntohs(p->ethh->eth_type));

48
src/decode-ipv4.c
Unescape Escape View File

@ -102,13 +102,13 @@ static int IPV4OptValidateRoute(Packet *p, const IPV4Opt *o) {
uint8_t ptr; uint8_t ptr;
/* Check length */ /* Check length */
if (o->len < IPV4_OPT_ROUTE_MIN) { if (unlikely(o->len < IPV4_OPT_ROUTE_MIN)) {
ENGINE_SET_EVENT(p,IPV4_OPT_INVALID_LEN); ENGINE_SET_EVENT(p,IPV4_OPT_INVALID_LEN);
return -1; return -1;
} }
/* Data is required */ /* Data is required */
if (o->data == NULL) { if (unlikely(o->data == NULL)) {
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED); ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED);
return -1; return -1;
} }
@ -118,7 +118,7 @@ static int IPV4OptValidateRoute(Packet *p, const IPV4Opt *o) {
* must be a incremented by 4 bytes (address size) and cannot extend * must be a incremented by 4 bytes (address size) and cannot extend
* past option length. * past option length.
*/ */
if ((ptr < 4) || (ptr % 4) || (ptr > o->len + 1)) { if (unlikely((ptr < 4) || (ptr % 4) || (ptr > o->len + 1))) {
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED); ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED);
return -1; return -1;
} }
@ -139,20 +139,20 @@ static int IPV4OptValidateTimestamp(Packet *p, const IPV4Opt *o) {
uint8_t rec_size; uint8_t rec_size;
/* Check length */ /* Check length */
if (o->len < IPV4_OPT_TS_MIN) { if (unlikely(o->len < IPV4_OPT_TS_MIN)) {
ENGINE_SET_EVENT(p,IPV4_OPT_INVALID_LEN); ENGINE_SET_EVENT(p,IPV4_OPT_INVALID_LEN);
return -1; return -1;
} }
/* Data is required */ /* Data is required */
if (o->data == NULL) { if (unlikely(o->data == NULL)) {
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED); ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED);
return -1; return -1;
} }
ptr = *o->data; ptr = *o->data;
/* We need the flag to determine what is in the option payload */ /* We need the flag to determine what is in the option payload */
if (ptr < 5) { if (unlikely(ptr < 5)) {
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED); ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED);
return -1; return -1;
} }
@ -165,7 +165,7 @@ static int IPV4OptValidateTimestamp(Packet *p, const IPV4Opt *o) {
* type+len+ptr+ovfl+flag, must be incremented by by the rec_size * type+len+ptr+ovfl+flag, must be incremented by by the rec_size
* and cannot extend past option length. * and cannot extend past option length.
*/ */
if (((ptr - 5) % rec_size) || (ptr > o->len + 1)) { if (unlikely(((ptr - 5) % rec_size) || (ptr > o->len + 1))) {
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED); ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED);
return -1; return -1;
} }
@ -186,13 +186,13 @@ static int IPV4OptValidateCIPSO(Packet *p, const IPV4Opt *o) {
uint16_t len; uint16_t len;
/* Check length */ /* Check length */
if (o->len < IPV4_OPT_CIPSO_MIN) { if (unlikely(o->len < IPV4_OPT_CIPSO_MIN)) {
ENGINE_SET_EVENT(p,IPV4_OPT_INVALID_LEN); ENGINE_SET_EVENT(p,IPV4_OPT_INVALID_LEN);
return -1; return -1;
} }
/* Data is required */ /* Data is required */
if (o->data == NULL) { if (unlikely(o->data == NULL)) {
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED); ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED);
return -1; return -1;
} }
@ -201,14 +201,14 @@ static int IPV4OptValidateCIPSO(Packet *p, const IPV4Opt *o) {
len = o->len - 1 - 1 - 4; /* Length of tags after header */ len = o->len - 1 - 1 - 4; /* Length of tags after header */
#if 0
/* Domain of Interest (DOI) of 0 is reserved and thus invalid */ /* Domain of Interest (DOI) of 0 is reserved and thus invalid */
/** \todo Aparently a DOI of zero is fine in practice - verify. */ /** \todo Aparently a DOI of zero is fine in practice - verify. */
if (doi == 0) { if (doi == 0) {
#if 0
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED); ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED);
return -1; return -1;
#endif
} }
#endif
/* NOTE: We know len has passed min tests prior to this call */ /* NOTE: We know len has passed min tests prior to this call */
@ -220,7 +220,7 @@ static int IPV4OptValidateCIPSO(Packet *p, const IPV4Opt *o) {
uint8_t tlen; uint8_t tlen;
/* Tag header must fit within option length */ /* Tag header must fit within option length */
if (len < 2) { if (unlikely(len < 2)) {
//printf("CIPSO tag header too large %" PRIu16 " < 2\n", len); //printf("CIPSO tag header too large %" PRIu16 " < 2\n", len);
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED); ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED);
return -1; return -1;
@ -231,25 +231,20 @@ static int IPV4OptValidateCIPSO(Packet *p, const IPV4Opt *o) {
tlen = *(tag++); tlen = *(tag++);
/* Tag length must fit within the option length */ /* Tag length must fit within the option length */
if (tlen > len) { if (unlikely(tlen > len)) {
//printf("CIPSO tag len too large %" PRIu8 " > %" PRIu16 "\n", tlen, len); //printf("CIPSO tag len too large %" PRIu8 " > %" PRIu16 "\n", tlen, len);
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED); ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED);
return -1; return -1;
} }
switch(ttype) { switch(ttype) {
case 0:
/* Tag type 0 is reserved and thus invalid */
/** \todo Wireshark marks this a padding, but spec says reserved. */
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED);
return -1;
case 1: case 1:
case 2: case 2:
case 5: case 5:
case 6: case 6:
case 7: case 7:
/* Tag is at least 4 and at most the remainder of option len */ /* Tag is at least 4 and at most the remainder of option len */
if ((tlen < 4) || (tlen > len)) { if (unlikely((tlen < 4) || (tlen > len))) {
//printf("CIPSO tag %" PRIu8 " bad tlen=%" PRIu8 " len=%" PRIu8 "\n", ttype, tlen, len); //printf("CIPSO tag %" PRIu8 " bad tlen=%" PRIu8 " len=%" PRIu8 "\n", ttype, tlen, len);
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED); ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED);
return -1; return -1;
@ -258,7 +253,7 @@ static int IPV4OptValidateCIPSO(Packet *p, const IPV4Opt *o) {
/* The alignment octet is always 0 except tag /* The alignment octet is always 0 except tag
* type 7, which has no such field. * type 7, which has no such field.
*/ */
if ((ttype != 7) && (*tag != 0)) { if (unlikely((ttype != 7) && (*tag != 0))) {
//printf("CIPSO tag %" PRIu8 " ao=%" PRIu8 "\n", ttype, tlen); //printf("CIPSO tag %" PRIu8 " ao=%" PRIu8 "\n", ttype, tlen);
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED); ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED);
return -1; return -1;
@ -269,6 +264,11 @@ static int IPV4OptValidateCIPSO(Packet *p, const IPV4Opt *o) {
len -= tlen; len -= tlen;
continue; continue;
case 0:
/* Tag type 0 is reserved and thus invalid */
/** \todo Wireshark marks this a padding, but spec says reserved. */
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED);
return -1;
default: default:
//printf("CIPSO tag %" PRIu8 " unknown tag\n", ttype); //printf("CIPSO tag %" PRIu8 " unknown tag\n", ttype);
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED); ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED);
@ -324,7 +324,7 @@ static int DecodeIPV4Options(Packet *p, uint8_t *pkt, uint16_t len)
/* multibyte options */ /* multibyte options */
} else { } else {
if (plen < 2) { if (unlikely(plen < 2)) {
/** \todo What if padding is non-zero (possible covert channel or data leakage)? */ /** \todo What if padding is non-zero (possible covert channel or data leakage)? */
/** \todo Spec seems to indicate EOL required if there is padding */ /** \todo Spec seems to indicate EOL required if there is padding */
ENGINE_SET_EVENT(p,IPV4_OPT_EOL_REQUIRED); ENGINE_SET_EVENT(p,IPV4_OPT_EOL_REQUIRED);
@ -332,7 +332,7 @@ static int DecodeIPV4Options(Packet *p, uint8_t *pkt, uint16_t len)
} }
/* Option length is too big for packet */ /* Option length is too big for packet */
if (*(pkt+1) > plen) { if (unlikely(*(pkt+1) > plen)) {
ENGINE_SET_EVENT(p,IPV4_OPT_INVALID_LEN); ENGINE_SET_EVENT(p,IPV4_OPT_INVALID_LEN);
return -1; return -1;
} }
@ -351,8 +351,8 @@ static int DecodeIPV4Options(Packet *p, uint8_t *pkt, uint16_t len)
/* we already know that the total options len is valid, /* we already know that the total options len is valid,
* so here the len of the specific option must be bad. * so here the len of the specific option must be bad.
* Also check for invalid lengths 0 and 1. */ * Also check for invalid lengths 0 and 1. */
if (p->IPV4_OPTS[p->IPV4_OPTS_CNT].len > plen || if (unlikely(p->IPV4_OPTS[p->IPV4_OPTS_CNT].len > plen ||
p->IPV4_OPTS[p->IPV4_OPTS_CNT].len < 2) { p->IPV4_OPTS[p->IPV4_OPTS_CNT].len < 2)) {
ENGINE_SET_EVENT(p,IPV4_OPT_INVALID_LEN); ENGINE_SET_EVENT(p,IPV4_OPT_INVALID_LEN);
return -1; return -1;
} }

12
src/decode-ipv6.c
Unescape Escape View File

@ -88,9 +88,9 @@ static void DecodeIP6inIP6(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uin
return; return;
} }
if (IP_GET_RAW_VER(pkt) == 6) { if (IP_GET_RAW_VER(pkt) == 6) {
if (pq != NULL) { if (unlikely(pq != NULL)) {
Packet *tp = PacketPseudoPktSetup(p, pkt, plen, IPPROTO_IPV6); Packet *tp = PacketPseudoPktSetup(p, pkt, plen, IPPROTO_IPV6);
if (tp != NULL) { if (unlikely(tp != NULL)) {
PKT_SET_SRC(tp, PKT_SRC_DECODER_IPV6); PKT_SET_SRC(tp, PKT_SRC_DECODER_IPV6);
DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp), DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp),
GET_PKT_LEN(tp), pq, IPPROTO_IPV6); GET_PKT_LEN(tp), pq, IPPROTO_IPV6);
@ -504,11 +504,11 @@ DecodeIPV6ExtHdrs(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
static int DecodeIPV6Packet (ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint16_t len) static int DecodeIPV6Packet (ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint16_t len)
{ {
if (len < IPV6_HEADER_LEN) { if (unlikely(len < IPV6_HEADER_LEN)) {
return -1; return -1;
} }
if (IP_GET_RAW_VER(pkt) != 6) { if (unlikely(IP_GET_RAW_VER(pkt) != 6)) {
SCLogDebug("wrong ip version %" PRIu8 "",IP_GET_RAW_VER(pkt)); SCLogDebug("wrong ip version %" PRIu8 "",IP_GET_RAW_VER(pkt));
ENGINE_SET_EVENT(p,IPV6_WRONG_IP_VER); ENGINE_SET_EVENT(p,IPV6_WRONG_IP_VER);
return -1; return -1;
@ -516,7 +516,7 @@ static int DecodeIPV6Packet (ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, u
p->ip6h = (IPV6Hdr *)pkt; p->ip6h = (IPV6Hdr *)pkt;
if (len < (IPV6_HEADER_LEN + IPV6_GET_PLEN(p))) if (unlikely(len < (IPV6_HEADER_LEN + IPV6_GET_PLEN(p))))
{ {
ENGINE_SET_EVENT(p,IPV6_TRUNC_PKT); ENGINE_SET_EVENT(p,IPV6_TRUNC_PKT);
return -1; return -1;
@ -536,7 +536,7 @@ void DecodeIPV6(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt,
/* do the actual decoding */ /* do the actual decoding */
ret = DecodeIPV6Packet (tv, dtv, p, pkt, len); ret = DecodeIPV6Packet (tv, dtv, p, pkt, len);
if (ret < 0) { if (unlikely(ret < 0)) {
p->ip6h = NULL; p->ip6h = NULL;
return; return;
} }

65
src/decode-ppp.c
Unescape Escape View File

@ -44,13 +44,13 @@ void DecodePPP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
{ {
SCPerfCounterIncr(dtv->counter_ppp, tv->sc_perf_pca); SCPerfCounterIncr(dtv->counter_ppp, tv->sc_perf_pca);
if(len < PPP_HEADER_LEN) { if (unlikely(len < PPP_HEADER_LEN)) {
ENGINE_SET_EVENT(p,PPP_PKT_TOO_SMALL); ENGINE_SET_EVENT(p,PPP_PKT_TOO_SMALL);
return; return;
} }
p->ppph = (PPPHdr *)pkt; p->ppph = (PPPHdr *)pkt;
if(p->ppph == NULL) if (unlikely(p->ppph == NULL))
return; return;
SCLogDebug("p %p pkt %p PPP protocol %04x Len: %" PRId32 "", SCLogDebug("p %p pkt %p PPP protocol %04x Len: %" PRId32 "",
@ -58,6 +58,36 @@ void DecodePPP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
switch (ntohs(p->ppph->protocol)) switch (ntohs(p->ppph->protocol))
{ {
case PPP_VJ_UCOMP:
if (unlikely(len < (PPP_HEADER_LEN + IPV4_HEADER_LEN))) {
ENGINE_SET_EVENT(p,PPPVJU_PKT_TOO_SMALL);
return;
}
if (likely(IPV4_GET_RAW_VER((IPV4Hdr *)(pkt + PPP_HEADER_LEN)) == 4)) {
DecodeIPV4(tv, dtv, p, pkt + PPP_HEADER_LEN, len - PPP_HEADER_LEN, pq);
}
break;
case PPP_IP:
if (unlikely(len < (PPP_HEADER_LEN + IPV4_HEADER_LEN))) {
ENGINE_SET_EVENT(p,PPPIPV4_PKT_TOO_SMALL);
return;
}
DecodeIPV4(tv, dtv, p, pkt + PPP_HEADER_LEN, len - PPP_HEADER_LEN, pq);
break;
/* PPP IPv6 was not tested */
case PPP_IPV6:
if (unlikely(len < (PPP_HEADER_LEN + IPV6_HEADER_LEN))) {
ENGINE_SET_EVENT(p,PPPIPV6_PKT_TOO_SMALL);
return;
}
DecodeIPV6(tv, dtv, p, pkt + PPP_HEADER_LEN, len - PPP_HEADER_LEN, pq);
break;
case PPP_VJ_COMP: case PPP_VJ_COMP:
case PPP_IPX: case PPP_IPX:
case PPP_OSI: case PPP_OSI:
@ -89,37 +119,6 @@ void DecodePPP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
ENGINE_SET_EVENT(p,PPP_UNSUP_PROTO); ENGINE_SET_EVENT(p,PPP_UNSUP_PROTO);
break; break;
case PPP_VJ_UCOMP:
if(len < (PPP_HEADER_LEN + IPV4_HEADER_LEN)) {
ENGINE_SET_EVENT(p,PPPVJU_PKT_TOO_SMALL);
return;
}
if(IPV4_GET_RAW_VER((IPV4Hdr *)(pkt + PPP_HEADER_LEN)) == 4) {
DecodeIPV4(tv, dtv, p, pkt + PPP_HEADER_LEN, len - PPP_HEADER_LEN, pq);
}
break;
case PPP_IP:
if(len < (PPP_HEADER_LEN + IPV4_HEADER_LEN)) {
ENGINE_SET_EVENT(p,PPPIPV4_PKT_TOO_SMALL);
return;
}
DecodeIPV4(tv, dtv, p, pkt + PPP_HEADER_LEN, len - PPP_HEADER_LEN, pq);
break;
/* PPP IPv6 was not tested */
case PPP_IPV6:
if(len < (PPP_HEADER_LEN + IPV6_HEADER_LEN)) {
ENGINE_SET_EVENT(p,PPPIPV6_PKT_TOO_SMALL);
return;
}
DecodeIPV6(tv, dtv, p, pkt + PPP_HEADER_LEN, len - PPP_HEADER_LEN, pq);
break;
default: default:
SCLogDebug("unknown PPP protocol: %" PRIx32 "",ntohs(p->ppph->protocol)); SCLogDebug("unknown PPP protocol: %" PRIx32 "",ntohs(p->ppph->protocol));
ENGINE_SET_EVENT(p,PPP_WRONG_TYPE); ENGINE_SET_EVENT(p,PPP_WRONG_TYPE);

2
src/decode-raw.c
Unescape Escape View File

@ -48,7 +48,7 @@ void DecodeRaw(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
SCPerfCounterIncr(dtv->counter_raw, tv->sc_perf_pca); SCPerfCounterIncr(dtv->counter_raw, tv->sc_perf_pca);
/* If it is ipv4 or ipv6 it should at least be the size of ipv4 */ /* If it is ipv4 or ipv6 it should at least be the size of ipv4 */
if (len < IPV4_HEADER_LEN) { if (unlikely(len < IPV4_HEADER_LEN)) {
ENGINE_SET_EVENT(p,IPV4_PKT_TOO_SMALL); ENGINE_SET_EVENT(p,IPV4_PKT_TOO_SMALL);
return; return;
} }

4
src/decode-sll.c
Unescape Escape View File

@ -40,13 +40,13 @@ void DecodeSll(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
{ {
SCPerfCounterIncr(dtv->counter_sll, tv->sc_perf_pca); SCPerfCounterIncr(dtv->counter_sll, tv->sc_perf_pca);
if (len < SLL_HEADER_LEN) { if (unlikely(len < SLL_HEADER_LEN)) {
ENGINE_SET_EVENT(p,SLL_PKT_TOO_SMALL); ENGINE_SET_EVENT(p,SLL_PKT_TOO_SMALL);
return; return;
} }
SllHdr *sllh = (SllHdr *)pkt; SllHdr *sllh = (SllHdr *)pkt;
if (sllh == NULL) if (unlikely(sllh == NULL))
return; return;
SCLogDebug("p %p pkt %p sll_protocol %04x", p, pkt, ntohs(sllh->sll_protocol)); SCLogDebug("p %p pkt %p sll_protocol %04x", p, pkt, ntohs(sllh->sll_protocol));

2
src/decode-tcp.c
Unescape Escape View File

@ -63,7 +63,7 @@ static int DecodeTCPOptions(Packet *p, uint8_t *pkt, uint16_t len)
/* we already know that the total options len is valid, /* we already know that the total options len is valid,
* so here the len of the specific option must be bad. * so here the len of the specific option must be bad.
* Also check for invalid lengths 0 and 1. */ * Also check for invalid lengths 0 and 1. */
if (*(pkt+1) > plen || *(pkt+1) < 2) { if (unlikely(*(pkt+1) > plen || *(pkt+1) < 2)) {
ENGINE_SET_EVENT(p,TCP_OPT_INVALID_LEN); ENGINE_SET_EVENT(p,TCP_OPT_INVALID_LEN);
return -1; return -1;
} }

12
src/decode-udp.c
Unescape Escape View File

@ -42,19 +42,19 @@
static int DecodeUDPPacket(ThreadVars *t, Packet *p, uint8_t *pkt, uint16_t len) static int DecodeUDPPacket(ThreadVars *t, Packet *p, uint8_t *pkt, uint16_t len)
{ {
if (len < UDP_HEADER_LEN) { if (unlikely(len < UDP_HEADER_LEN)) {
ENGINE_SET_EVENT(p, UDP_HLEN_TOO_SMALL); ENGINE_SET_EVENT(p, UDP_HLEN_TOO_SMALL);
return -1; return -1;
} }
p->udph = (UDPHdr *)pkt; p->udph = (UDPHdr *)pkt;
if (len < UDP_GET_LEN(p)) { if (unlikely(len < UDP_GET_LEN(p))) {
ENGINE_SET_EVENT(p, UDP_PKT_TOO_SMALL); ENGINE_SET_EVENT(p, UDP_PKT_TOO_SMALL);
return -1; return -1;
} }
if (len != UDP_GET_LEN(p)) { if (unlikely(len != UDP_GET_LEN(p))) {
ENGINE_SET_EVENT(p, UDP_HLEN_INVALID); ENGINE_SET_EVENT(p, UDP_HLEN_INVALID);
return -1; return -1;
} }
@ -74,7 +74,7 @@ void DecodeUDP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
{ {
SCPerfCounterIncr(dtv->counter_udp, tv->sc_perf_pca); SCPerfCounterIncr(dtv->counter_udp, tv->sc_perf_pca);
if (DecodeUDPPacket(tv, p,pkt,len) < 0) { if (unlikely(DecodeUDPPacket(tv, p,pkt,len) < 0)) {
p->udph = NULL; p->udph = NULL;
return; return;
} }
@ -82,7 +82,7 @@ void DecodeUDP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
SCLogDebug("UDP sp: %" PRIu32 " -> dp: %" PRIu32 " - HLEN: %" PRIu32 " LEN: %" PRIu32 "", SCLogDebug("UDP sp: %" PRIu32 " -> dp: %" PRIu32 " - HLEN: %" PRIu32 " LEN: %" PRIu32 "",
UDP_GET_SRC_PORT(p), UDP_GET_DST_PORT(p), UDP_HEADER_LEN, p->payload_len); UDP_GET_SRC_PORT(p), UDP_GET_DST_PORT(p), UDP_HEADER_LEN, p->payload_len);
if (DecodeTeredo(tv, dtv, p, p->payload, p->payload_len, pq) == 1) { if (unlikely(DecodeTeredo(tv, dtv, p, p->payload, p->payload_len, pq) == 1)) {
/* Here we have a Teredo packet and don't need to handle app /* Here we have a Teredo packet and don't need to handle app
* layer */ * layer */
FlowHandlePacket(tv, p); FlowHandlePacket(tv, p);
@ -93,7 +93,7 @@ void DecodeUDP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
FlowHandlePacket(tv, p); FlowHandlePacket(tv, p);
/* handle the app layer part of the UDP packet payload */ /* handle the app layer part of the UDP packet payload */
if (p->flow != NULL) { if (unlikely(p->flow != NULL)) {
AppLayerHandleUdp(&dtv->udp_dp_ctx, p->flow, p); AppLayerHandleUdp(&dtv->udp_dp_ctx, p->flow, p);
} }

10
src/decode.c
Unescape Escape View File

@ -168,7 +168,7 @@ Packet *PacketGetFromQueueOrAlloc(void)
*/ */
inline int PacketCopyDataOffset(Packet *p, int offset, uint8_t *data, int datalen) inline int PacketCopyDataOffset(Packet *p, int offset, uint8_t *data, int datalen)
{ {
if (offset + datalen > MAX_PAYLOAD_SIZE) { if (unlikely(offset + datalen > MAX_PAYLOAD_SIZE)) {
/* too big */ /* too big */
return -1; return -1;
} }
@ -181,7 +181,7 @@ inline int PacketCopyDataOffset(Packet *p, int offset, uint8_t *data, int datale
} else { } else {
/* here we need a dynamic allocation */ /* here we need a dynamic allocation */
p->ext_pkt = SCMalloc(MAX_PAYLOAD_SIZE); p->ext_pkt = SCMalloc(MAX_PAYLOAD_SIZE);
if (p->ext_pkt == NULL) { if (unlikely(p->ext_pkt == NULL)) {
SET_PKT_LEN(p, 0); SET_PKT_LEN(p, 0);
return -1; return -1;
} }
@ -225,7 +225,7 @@ Packet *PacketPseudoPktSetup(Packet *parent, uint8_t *pkt, uint16_t len, uint8_t
/* get us a packet */ /* get us a packet */
Packet *p = PacketGetFromQueueOrAlloc(); Packet *p = PacketGetFromQueueOrAlloc();
if (p == NULL) { if (unlikely(p == NULL)) {
SCReturnPtr(NULL, "Packet"); SCReturnPtr(NULL, "Packet");
} }
@ -279,7 +279,7 @@ Packet *PacketDefragPktSetup(Packet *parent, uint8_t *pkt, uint16_t len, uint8_t
/* get us a packet */ /* get us a packet */
Packet *p = PacketGetFromQueueOrAlloc(); Packet *p = PacketGetFromQueueOrAlloc();
if (p == NULL) { if (unlikely(p == NULL)) {
SCReturnPtr(NULL, "Packet"); SCReturnPtr(NULL, "Packet");
} }
@ -454,7 +454,7 @@ DecodeThreadVars *DecodeThreadVarsAlloc()
inline int PacketSetData(Packet *p, uint8_t *pktdata, int pktlen) inline int PacketSetData(Packet *p, uint8_t *pktdata, int pktlen)
{ {
SET_PKT_LEN(p, (size_t)pktlen); SET_PKT_LEN(p, (size_t)pktlen);
if (!pktdata) { if (unlikely(!pktdata)) {
return -1; return -1;
} }
p->ext_pkt = pktdata; p->ext_pkt = pktdata;

14
src/stream-tcp.c
Unescape Escape View File

@ -4763,23 +4763,23 @@ int StreamTcpGetFlowState(void *s)
SCEnter(); SCEnter();
TcpSession *ssn = (TcpSession *)s; TcpSession *ssn = (TcpSession *)s;
if (ssn == NULL) { if (unlikely(ssn == NULL)) {
SCReturnInt(FLOW_STATE_CLOSED); SCReturnInt(FLOW_STATE_CLOSED);
} }
/* sorted most likely to least likely */
switch(ssn->state) { switch(ssn->state) {
case TCP_NONE:
case TCP_SYN_SENT:
case TCP_SYN_RECV:
case TCP_LISTEN:
SCReturnInt(FLOW_STATE_NEW);
case TCP_ESTABLISHED: case TCP_ESTABLISHED:
case TCP_FIN_WAIT1: case TCP_FIN_WAIT1:
case TCP_FIN_WAIT2: case TCP_FIN_WAIT2:
case TCP_CLOSING: case TCP_CLOSING:
case TCP_CLOSE_WAIT: case TCP_CLOSE_WAIT:
SCReturnInt(FLOW_STATE_ESTABLISHED); SCReturnInt(FLOW_STATE_ESTABLISHED);
case TCP_NONE:
case TCP_SYN_SENT:
case TCP_SYN_RECV:
case TCP_LISTEN:
SCReturnInt(FLOW_STATE_NEW);
case TCP_LAST_ACK: case TCP_LAST_ACK:
case TCP_TIME_WAIT: case TCP_TIME_WAIT:
case TCP_CLOSED: case TCP_CLOSED:

Write Preview
Loading…
Cancel
Save