diff --git a/src/detect-engine-hcbd.c b/src/detect-engine-hcbd.c index c4cdc069b4..d685272f65 100644 --- a/src/detect-engine-hcbd.c +++ b/src/detect-engine-hcbd.c @@ -259,17 +259,13 @@ match: * * \warning Make sure flow is locked. */ -void DetectEngineBufferHttpClientBodies(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, - Flow *f, HtpState *htp_state) +static void DetectEngineBufferHttpClientBodies(DetectEngineCtx *de_ctx, + DetectEngineThreadCtx *det_ctx, Flow *f, HtpState *htp_state) { size_t idx = 0; htp_tx_t *tx = NULL; int i = 0; - /* locking the flow, we will inspect the htp state */ - SCMutexLock(&f->m); - if (htp_state->connp == NULL || htp_state->connp->conn == NULL) { SCLogDebug("HTP state has no conn(p)"); goto end; @@ -368,16 +364,20 @@ void DetectEngineBufferHttpClientBodies(DetectEngineCtx *de_ctx, } /* else - if (htud->body.nchunks == 0) */ } /* for (idx = AppLayerTransactionGetInspectId(f); .. */ - end: - SCMutexUnlock(&f->m); +end: return; } -int DetectEngineRunHttpClientBodyMpm(DetectEngineThreadCtx *det_ctx) +int DetectEngineRunHttpClientBodyMpm(DetectEngineCtx *de_ctx, + DetectEngineThreadCtx *det_ctx, Flow *f, HtpState *htp_state) { int i; uint32_t cnt = 0; + SCMutexLock(&f->m); + DetectEngineBufferHttpClientBodies(de_ctx, det_ctx, f, htp_state); + SCMutexUnlock(&f->m); + for (i = 0; i < det_ctx->hcbd_buffers_list_len; i++) { cnt += HttpClientBodyPatternSearch(det_ctx, det_ctx->hcbd_buffers[i], @@ -402,19 +402,20 @@ int DetectEngineRunHttpClientBodyMpm(DetectEngineThreadCtx *det_ctx) * \retval 1 Match. */ int DetectEngineInspectHttpClientBody(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, - Signature *s, Flow *f, uint8_t flags, - void *alstate) + DetectEngineThreadCtx *det_ctx, Signature *s, Flow *f, uint8_t flags, + void *alstate) { SCEnter(); int r = 0; HtpState *htp_state = NULL; int i = 0; + SCMutexLock(&f->m); + htp_state = (HtpState *)alstate; if (htp_state == NULL) { SCLogDebug("no HTTP state"); - SCReturnInt(0); + goto end; } if (htp_state->connp == NULL || htp_state->connp->conn == NULL) { @@ -439,6 +440,7 @@ int DetectEngineInspectHttpClientBody(DetectEngineCtx *de_ctx, } end: + SCMutexUnlock(&f->m); SCReturnInt(r); } diff --git a/src/detect-engine-hcbd.h b/src/detect-engine-hcbd.h index 66bd18a57c..a892a75243 100644 --- a/src/detect-engine-hcbd.h +++ b/src/detect-engine-hcbd.h @@ -27,14 +27,10 @@ #include "app-layer-htp.h" -int DetectEngineRunHttpClientBodyMpm(DetectEngineThreadCtx *); -void DetectEngineBufferHttpClientBodies(DetectEngineCtx *, - DetectEngineThreadCtx *, - Flow *, HtpState *); +int DetectEngineRunHttpClientBodyMpm(DetectEngineCtx *, + DetectEngineThreadCtx *, Flow *f, HtpState *); int DetectEngineInspectHttpClientBody(DetectEngineCtx *, - DetectEngineThreadCtx *, - Signature *, Flow *, uint8_t, - void *); + DetectEngineThreadCtx *, Signature *, Flow *, uint8_t, void *); void DetectEngineCleanHCBDBuffers(DetectEngineThreadCtx *); void DetectEngineHttpClientBodyRegisterTests(void); diff --git a/src/detect-engine-hhd.c b/src/detect-engine-hhd.c index 26796a1a57..ed2bc75fee 100644 --- a/src/detect-engine-hhd.c +++ b/src/detect-engine-hhd.c @@ -261,16 +261,13 @@ match: * * \warning Make sure flow is locked. */ -void DetectEngineBufferHttpHeaders(DetectEngineThreadCtx *det_ctx, Flow *f, +static void DetectEngineBufferHttpHeaders(DetectEngineThreadCtx *det_ctx, Flow *f, HtpState *htp_state) { size_t idx = 0; htp_tx_t *tx = NULL; int i = 0; - /* locking the flow, we will inspect the htp state */ - SCMutexLock(&f->m); - if (htp_state->connp == NULL || htp_state->connp->conn == NULL) { SCLogDebug("HTP state has no conn(p)"); goto end; @@ -349,16 +346,23 @@ void DetectEngineBufferHttpHeaders(DetectEngineThreadCtx *det_ctx, Flow *f, } /* for (idx = AppLayerTransactionGetInspectId(f); .. */ - end: - SCMutexUnlock(&f->m); +end: return; } -int DetectEngineRunHttpHeaderMpm(DetectEngineThreadCtx *det_ctx) +/** + * \brief run the mpm against the assembled http header buffer(s) + * \retval cnt Number of matches reported by the mpm algo. + */ +int DetectEngineRunHttpHeaderMpm(DetectEngineThreadCtx *det_ctx, Flow *f, HtpState *htp_state) { int i; uint32_t cnt = 0; + SCMutexLock(&f->m); + DetectEngineBufferHttpHeaders(det_ctx, f, htp_state); + SCMutexUnlock(&f->m); + for (i = 0; i < det_ctx->hhd_buffers_list_len; i++) { cnt += HttpHeaderPatternSearch(det_ctx, det_ctx->hhd_buffers[i], @@ -391,10 +395,12 @@ int DetectEngineInspectHttpHeader(DetectEngineCtx *de_ctx, HtpState *htp_state = NULL; int i = 0; + SCMutexLock(&f->m); + htp_state = (HtpState *)alstate; if (htp_state == NULL) { SCLogDebug("no HTTP state"); - SCReturnInt(0); + goto end; } if (htp_state->connp == NULL || htp_state->connp->conn == NULL) { @@ -419,6 +425,7 @@ int DetectEngineInspectHttpHeader(DetectEngineCtx *de_ctx, } end: + SCMutexUnlock(&f->m); SCReturnInt(r); } diff --git a/src/detect-engine-hhd.h b/src/detect-engine-hhd.h index 07b6a3ccc6..706f2353c6 100644 --- a/src/detect-engine-hhd.h +++ b/src/detect-engine-hhd.h @@ -25,9 +25,7 @@ #include "app-layer-htp.h" -void DetectEngineBufferHttpHeaders(DetectEngineThreadCtx *, Flow *, - HtpState *); -int DetectEngineRunHttpHeaderMpm(DetectEngineThreadCtx *); +int DetectEngineRunHttpHeaderMpm(DetectEngineThreadCtx *, Flow *, HtpState *); int DetectEngineInspectHttpHeader(DetectEngineCtx *, DetectEngineThreadCtx *, Signature *, Flow *, uint8_t, void *); void DetectEngineCleanHHDBuffers(DetectEngineThreadCtx *); diff --git a/src/detect-engine-hrhd.c b/src/detect-engine-hrhd.c index c670ae0a4b..fb66c21e88 100644 --- a/src/detect-engine-hrhd.c +++ b/src/detect-engine-hrhd.c @@ -261,16 +261,13 @@ match: * * \warning Make sure the flow is locked. */ -void DetectEngineBufferHttpRawHeaders(DetectEngineThreadCtx *det_ctx, +static void DetectEngineBufferHttpRawHeaders(DetectEngineThreadCtx *det_ctx, Flow *f, HtpState *htp_state) { size_t idx = 0; htp_tx_t *tx = NULL; int i = 0; - /* locking the flow, we will inspect the htp state */ - SCMutexLock(&f->m); - if (htp_state->connp == NULL || htp_state->connp->conn == NULL) { SCLogDebug("HTP state has no conn(p)"); goto end; @@ -326,12 +323,11 @@ void DetectEngineBufferHttpRawHeaders(DetectEngineThreadCtx *det_ctx, } /* for (idx = AppLayerTransactionGetInspectId(f); .. */ - end: - SCMutexUnlock(&f->m); +end: return; } -int DetectEngineRunHttpRawHeaderMpm(DetectEngineThreadCtx *det_ctx, Flow *f) +int DetectEngineRunHttpRawHeaderMpm(DetectEngineThreadCtx *det_ctx, Flow *f, HtpState *htp_state) { int i; uint32_t cnt = 0; @@ -340,6 +336,8 @@ int DetectEngineRunHttpRawHeaderMpm(DetectEngineThreadCtx *det_ctx, Flow *f) * but are ones that point to a buffer given by libhtp */ SCMutexLock(&f->m); + DetectEngineBufferHttpRawHeaders(det_ctx, f, htp_state); + for (i = 0; i < det_ctx->hrhd_buffers_list_len; i++) { cnt += HttpRawHeaderPatternSearch(det_ctx, det_ctx->hrhd_buffers[i], @@ -374,10 +372,12 @@ int DetectEngineInspectHttpRawHeader(DetectEngineCtx *de_ctx, HtpState *htp_state = NULL; int i = 0; + SCMutexLock(&f->m); + htp_state = (HtpState *)alstate; if (htp_state == NULL) { SCLogDebug("no HTTP state"); - SCReturnInt(0); + goto end; } if (htp_state->connp == NULL || htp_state->connp->conn == NULL) { @@ -402,6 +402,7 @@ int DetectEngineInspectHttpRawHeader(DetectEngineCtx *de_ctx, } end: + SCMutexUnlock(&f->m); SCReturnInt(r); } diff --git a/src/detect-engine-hrhd.h b/src/detect-engine-hrhd.h index 6d8089c84d..0dc98a53c0 100644 --- a/src/detect-engine-hrhd.h +++ b/src/detect-engine-hrhd.h @@ -25,13 +25,8 @@ #include "app-layer-htp.h" -int DetectEngineInspectHttpRawHeader(DetectEngineCtx *, - DetectEngineThreadCtx *, - Signature *, Flow *, uint8_t, - void *); -void DetectEngineBufferHttpRawHeaders(DetectEngineThreadCtx *det_ctx, - Flow *f, HtpState *); -int DetectEngineRunHttpRawHeaderMpm(DetectEngineThreadCtx *, Flow *); +int DetectEngineInspectHttpRawHeader(DetectEngineCtx *, DetectEngineThreadCtx *, Signature *, Flow *, uint8_t, void *); +int DetectEngineRunHttpRawHeaderMpm(DetectEngineThreadCtx *, Flow *, HtpState *); void DetectEngineCleanHRHDBuffers(DetectEngineThreadCtx *); void DetectEngineHttpRawHeaderRegisterTests(void); diff --git a/src/detect.c b/src/detect.c index f01f6d5100..e43cb5edcb 100644 --- a/src/detect.c +++ b/src/detect.c @@ -951,18 +951,15 @@ static inline void DetectMpmPrefilter(DetectEngineCtx *de_ctx, SCLogDebug("uri search: cnt %" PRIu32, cnt); } if (det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_HCBD) { - DetectEngineBufferHttpClientBodies(de_ctx, det_ctx, p->flow, alstate); - cnt = DetectEngineRunHttpClientBodyMpm(det_ctx); + cnt = DetectEngineRunHttpClientBodyMpm(de_ctx, det_ctx, p->flow, alstate); SCLogDebug("hcbd search: cnt %" PRIu32, cnt); } if (det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_HHD) { - DetectEngineBufferHttpHeaders(det_ctx, p->flow, alstate); - cnt = DetectEngineRunHttpHeaderMpm(det_ctx); + cnt = DetectEngineRunHttpHeaderMpm(det_ctx, p->flow, alstate); SCLogDebug("hhd search: cnt %" PRIu32, cnt); } if (det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_HRHD) { - DetectEngineBufferHttpRawHeaders(det_ctx, p->flow, alstate); - cnt = DetectEngineRunHttpRawHeaderMpm(det_ctx, p->flow); + cnt = DetectEngineRunHttpRawHeaderMpm(det_ctx, p->flow, alstate); SCLogDebug("hrhd search: cnt %" PRIu32, cnt); } }