aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect: split register time and detect load time buffer funcs

Browse Source
pull/6680/head
Victor Julien 4 years ago committed by Victor Julien
parent 5bcaae0a01
commit 707b75ccda
10 changed files with 112 additions and 72 deletions
Show Stats Download Patch File Download Diff File

4
src/detect-content.c
Unescape Escape View File

@ -343,8 +343,8 @@ int DetectContentSetup(DetectEngineCtx *de_ctx, Signature *s, const char *conten
0 == (cd->flags & DETECT_CONTENT_NEGATED)) {
/* Check transform compatibility */
const char *tstr;
if (!DetectBufferTypeValidateTransform(de_ctx, sm_list, cd->content,
cd->content_len, &tstr)) {
if (!DetectEngineBufferTypeValidateTransform(
de_ctx, sm_list, cd->content, cd->content_len, &tstr)) {
SCLogError(SC_ERR_INVALID_SIGNATURE,
"content string \"%s\" incompatible with %s transform",
contentstr, tstr);

20
src/detect-engine-analyzer.c
Unescape Escape View File

@ -190,8 +190,8 @@ void EngineAnalysisFP(const DetectEngineCtx *de_ctx, const Signature *s, char *l
if (list_type == DETECT_SM_LIST_PMATCH)
fprintf(fp_engine_analysis_FD, "content\n");
else {
const char *desc = DetectBufferTypeGetDescriptionById(de_ctx, list_type);
const char *name = DetectBufferTypeGetNameById(de_ctx, list_type);
const char *desc = DetectEngineBufferTypeGetDescriptionById(de_ctx, list_type);
const char *name = DetectEngineBufferTypeGetNameById(de_ctx, list_type);
if (desc && name) {
fprintf(fp_engine_analysis_FD, "%s (%s)\n", desc, name);
}
@ -523,8 +523,8 @@ static void EngineAnalysisRulesPrintFP(const DetectEngineCtx *de_ctx, const Sign
payload ? (stream ? "payload and reassembled stream" : "payload") : "reassembled stream");
}
else {
const char *desc = DetectBufferTypeGetDescriptionById(de_ctx, list_type);
const char *name = DetectBufferTypeGetNameById(de_ctx, list_type);
const char *desc = DetectEngineBufferTypeGetDescriptionById(de_ctx, list_type);
const char *name = DetectEngineBufferTypeGetNameById(de_ctx, list_type);
if (desc && name) {
fprintf(rule_engine_analysis_FD, "%s (%s)", desc, name);
} else if (desc || name) {
@ -534,7 +534,7 @@ static void EngineAnalysisRulesPrintFP(const DetectEngineCtx *de_ctx, const Sign
}
fprintf(rule_engine_analysis_FD, "\" ");
const DetectBufferType *bt = DetectBufferTypeGetById(de_ctx, list_type);
const DetectBufferType *bt = DetectEngineBufferTypeGetById(de_ctx, list_type);
if (bt && bt->transforms.cnt) {
fprintf(rule_engine_analysis_FD, "(with %d transform(s)) ", bt->transforms.cnt);
}
@ -804,7 +804,7 @@ void EngineAnalysisRules2(const DetectEngineCtx *de_ctx, const Signature *s)
jb_open_array(ctx.js, "pkt_engines");
const DetectEnginePktInspectionEngine *pkt = s->pkt_inspect;
for ( ; pkt != NULL; pkt = pkt->next) {
const char *name = DetectBufferTypeGetNameById(de_ctx, pkt->sm_list);
const char *name = DetectEngineBufferTypeGetNameById(de_ctx, pkt->sm_list);
if (name == NULL) {
switch (pkt->sm_list) {
case DETECT_SM_LIST_PMATCH:
@ -837,7 +837,7 @@ void EngineAnalysisRules2(const DetectEngineCtx *de_ctx, const Signature *s)
jb_open_array(ctx.js, "engines");
const DetectEngineAppInspectionEngine *app = s->app_inspect;
for ( ; app != NULL; app = app->next) {
const char *name = DetectBufferTypeGetNameById(de_ctx, app->sm_list);
const char *name = DetectEngineBufferTypeGetNameById(de_ctx, app->sm_list);
if (name == NULL) {
switch (app->sm_list) {
case DETECT_SM_LIST_PMATCH:
@ -896,7 +896,7 @@ void EngineAnalysisRules2(const DetectEngineCtx *de_ctx, const Signature *s)
if (mpm_list < DETECT_SM_LIST_DYNAMIC_START)
name = DetectListToHumanString(mpm_list);
else
name = DetectBufferTypeGetNameById(de_ctx, mpm_list);
name = DetectEngineBufferTypeGetNameById(de_ctx, mpm_list);
jb_set_string(ctx.js, "buffer", name);
SigMatchData *smd = pkt_mpm ? pkt_mpm->smd : app_mpm->smd;
@ -926,7 +926,7 @@ void EngineAnalysisRules2(const DetectEngineCtx *de_ctx, const Signature *s)
if (prefilter_list < DETECT_SM_LIST_DYNAMIC_START)
name = DetectListToHumanString(prefilter_list);
else
name = DetectBufferTypeGetNameById(de_ctx, prefilter_list);
name = DetectEngineBufferTypeGetNameById(de_ctx, prefilter_list);
jb_set_string(ctx.js, "buffer", name);
const char *mname = sigmatch_table[s->init_data->prefilter_sm->type].name;
jb_set_string(ctx.js, "name", mname);
@ -1080,7 +1080,7 @@ void DumpPatterns(DetectEngineCtx *de_ctx)
if (p->sm_list < DETECT_SM_LIST_DYNAMIC_START)
name = DetectListToHumanString(p->sm_list);
else
name = DetectBufferTypeGetNameById(de_ctx, p->sm_list);
name = DetectEngineBufferTypeGetNameById(de_ctx, p->sm_list);
jb_set_string(jb, "name", name);
jb_set_uint(jb, "list_id", p->sm_list);

12
src/detect-engine-build.c
Unescape Escape View File

@ -205,7 +205,7 @@ int SignatureIsIPOnly(DetectEngineCtx *de_ctx, const Signature *s)
for (int i = 0; i < nlists; i++) {
if (s->init_data->smlists[i] == NULL)
continue;
if (!(DetectBufferTypeGetNameById(de_ctx, i)))
if (!(DetectEngineBufferTypeGetNameById(de_ctx, i)))
continue;
SCReturnInt(0);
@ -265,7 +265,7 @@ static int SignatureIsPDOnly(const DetectEngineCtx *de_ctx, const Signature *s)
for (int i = 0; i < nlists; i++) {
if (s->init_data->smlists[i] == NULL)
continue;
if (!(DetectBufferTypeGetNameById(de_ctx, i)))
if (!(DetectEngineBufferTypeGetNameById(de_ctx, i)))
continue;
SCReturnInt(0);
@ -352,7 +352,7 @@ static int SignatureIsDEOnly(DetectEngineCtx *de_ctx, const Signature *s)
for (int i = 0; i < nlists; i++) {
if (s->init_data->smlists[i] == NULL)
continue;
if (!(DetectBufferTypeGetNameById(de_ctx, i)))
if (!(DetectEngineBufferTypeGetNameById(de_ctx, i)))
continue;
SCReturnInt(0);
@ -821,7 +821,7 @@ static json_t *RulesGroupPrintSghStats(const DetectEngineCtx *de_ctx, const SigG
if (y < DETECT_SM_LIST_DYNAMIC_START)
name = DetectListToHumanString(y);
else
name = DetectBufferTypeGetNameById(de_ctx, y);
name = DetectEngineBufferTypeGetNameById(de_ctx, y);
json_object_set_new(app, name, json_integer(alproto_mpm_bufs[i][y]));
}
@ -860,7 +860,7 @@ static json_t *RulesGroupPrintSghStats(const DetectEngineCtx *de_ctx, const SigG
if (i < DETECT_SM_LIST_DYNAMIC_START)
name = DetectListToHumanString(i);
else
name = DetectBufferTypeGetNameById(de_ctx, i);
name = DetectEngineBufferTypeGetNameById(de_ctx, i);
json_object_set_new(mpm_js, name, buf);
}
@ -1444,7 +1444,7 @@ int SigAddressPrepareStage1(DetectEngineCtx *de_ctx)
/* run buffer type callbacks if any */
for (int x = 0; x < (int)s->init_data->smlists_array_size; x++) {
if (s->init_data->smlists[x])
DetectBufferRunSetupCallback(de_ctx, x, s);
DetectEngineBufferRunSetupCallback(de_ctx, x, s);
}
de_ctx->sig_cnt++;

84
src/detect-engine.c
Unescape Escape View File

@ -446,7 +446,7 @@ int DetectEngineAppInspectionEngine2Signature(DetectEngineCtx *de_ctx, Signature
exit(EXIT_FAILURE);
}
if (mpm_list == e->sm_list) {
SCLogDebug("%s is mpm", DetectBufferTypeGetNameById(de_ctx, e->sm_list));
SCLogDebug("%s is mpm", DetectEngineBufferTypeGetNameById(de_ctx, e->sm_list));
prepend = true;
new_engine->mpm = true;
}
@ -507,7 +507,7 @@ int DetectEngineAppInspectionEngine2Signature(DetectEngineCtx *de_ctx, Signature
exit(EXIT_FAILURE);
}
if (mpm_list == t->sm_list) {
SCLogDebug("%s is mpm", DetectBufferTypeGetNameById(de_ctx, t->sm_list));
SCLogDebug("%s is mpm", DetectEngineBufferTypeGetNameById(de_ctx, t->sm_list));
prepend = true;
head_is_mpm = true;
new_engine->mpm = true;
@ -596,9 +596,8 @@ next:
const DetectEngineAppInspectionEngine *iter = s->app_inspect;
while (iter) {
SCLogDebug("%u: engine %s id %u progress %d %s", s->id,
DetectBufferTypeGetNameById(de_ctx, iter->sm_list), iter->id,
iter->progress,
iter->sm_list == mpm_list ? "MPM":"");
DetectEngineBufferTypeGetNameById(de_ctx, iter->sm_list), iter->id, iter->progress,
iter->sm_list == mpm_list ? "MPM" : "");
iter = iter->next;
}
#endif
@ -844,7 +843,16 @@ int DetectBufferTypeGetByName(const char *name)
return exists->id;
}
const DetectBufferType *DetectBufferTypeGetById(const DetectEngineCtx *de_ctx, const int id)
static DetectBufferType *DetectEngineBufferTypeLookupByName(
const DetectEngineCtx *de_ctx, const char *string)
{
DetectBufferType map = { (char *)string, NULL, 0, 0, 0, 0, false, NULL, NULL, no_transforms };
DetectBufferType *res = HashListTableLookup(de_ctx->buffer_type_hash_name, &map, 0);
return res;
}
const DetectBufferType *DetectEngineBufferTypeGetById(const DetectEngineCtx *de_ctx, const int id)
{
DetectBufferType lookup;
memset(&lookup, 0, sizeof(lookup));
@ -854,12 +862,37 @@ const DetectBufferType *DetectBufferTypeGetById(const DetectEngineCtx *de_ctx, c
return res;
}
const char *DetectBufferTypeGetNameById(const DetectEngineCtx *de_ctx, const int id)
const char *DetectEngineBufferTypeGetNameById(const DetectEngineCtx *de_ctx, const int id)
{
const DetectBufferType *res = DetectBufferTypeGetById(de_ctx, id);
const DetectBufferType *res = DetectEngineBufferTypeGetById(de_ctx, id);
return res ? res->string : NULL;
}
static int DetectEngineBufferTypeAdd(DetectEngineCtx *de_ctx, const char *string)
{
DetectBufferType *map = SCCalloc(1, sizeof(*map));
if (map == NULL)
return -1;
map->string = string;
map->id = de_ctx->buffer_type_id++;
BUG_ON(HashListTableAdd(de_ctx->buffer_type_hash_name, (void *)map, 0) != 0);
BUG_ON(HashListTableAdd(de_ctx->buffer_type_hash_id, (void *)map, 0) != 0);
SCLogDebug("buffer %s registered with id %d", map->string, map->id);
return map->id;
}
int DetectEngineBufferTypeRegister(DetectEngineCtx *de_ctx, const char *name)
{
DetectBufferType *exists = DetectEngineBufferTypeLookupByName(de_ctx, name);
if (!exists) {
return DetectEngineBufferTypeAdd(de_ctx, name);
} else {
return exists->id;
}
}
void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc)
{
DetectBufferType *exists = DetectBufferTypeLookupByName(name);
@ -869,9 +902,9 @@ void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc)
exists->description = desc;
}
const char *DetectBufferTypeGetDescriptionById(const DetectEngineCtx *de_ctx, const int id)
const char *DetectEngineBufferTypeGetDescriptionById(const DetectEngineCtx *de_ctx, const int id)
{
const DetectBufferType *exists = DetectBufferTypeGetById(de_ctx, id);
const DetectBufferType *exists = DetectEngineBufferTypeGetById(de_ctx, id);
if (!exists) {
return NULL;
}
@ -887,18 +920,18 @@ const char *DetectBufferTypeGetDescriptionByName(const char *name)
return exists->description;
}
bool DetectBufferTypeSupportsPacketGetById(const DetectEngineCtx *de_ctx, const int id)
bool DetectEngineBufferTypeSupportsPacketGetById(const DetectEngineCtx *de_ctx, const int id)
{
const DetectBufferType *map = DetectBufferTypeGetById(de_ctx, id);
const DetectBufferType *map = DetectEngineBufferTypeGetById(de_ctx, id);
if (map == NULL)
return false;
SCLogDebug("map %p id %d packet? %d", map, id, map->packet);
return map->packet;
}
bool DetectBufferTypeSupportsMpmGetById(const DetectEngineCtx *de_ctx, const int id)
bool DetectEngineBufferTypeSupportsMpmGetById(const DetectEngineCtx *de_ctx, const int id)
{
const DetectBufferType *map = DetectBufferTypeGetById(de_ctx, id);
const DetectBufferType *map = DetectEngineBufferTypeGetById(de_ctx, id);
if (map == NULL)
return false;
SCLogDebug("map %p id %d mpm? %d", map, id, map->mpm);
@ -915,10 +948,9 @@ void DetectBufferTypeRegisterSetupCallback(const char *name,
exists->SetupCallback = SetupCallback;
}
void DetectBufferRunSetupCallback(const DetectEngineCtx *de_ctx,
const int id, Signature *s)
void DetectEngineBufferRunSetupCallback(const DetectEngineCtx *de_ctx, const int id, Signature *s)
{
const DetectBufferType *map = DetectBufferTypeGetById(de_ctx, id);
const DetectBufferType *map = DetectEngineBufferTypeGetById(de_ctx, id);
if (map && map->SetupCallback) {
map->SetupCallback(de_ctx, s);
}
@ -934,10 +966,10 @@ void DetectBufferTypeRegisterValidateCallback(const char *name,
exists->ValidateCallback = ValidateCallback;
}
bool DetectBufferRunValidateCallback(const DetectEngineCtx *de_ctx,
const int id, const Signature *s, const char **sigerror)
bool DetectEngineBufferRunValidateCallback(
const DetectEngineCtx *de_ctx, const int id, const Signature *s, const char **sigerror)
{
const DetectBufferType *map = DetectBufferTypeGetById(de_ctx, id);
const DetectBufferType *map = DetectEngineBufferTypeGetById(de_ctx, id);
if (map && map->ValidateCallback) {
return map->ValidateCallback(s, sigerror);
}
@ -972,7 +1004,7 @@ int DetectBufferGetActiveList(DetectEngineCtx *de_ctx, Signature *s)
SCLogDebug("buffer %d has transform(s) registered: %d",
s->init_data->list, s->init_data->transforms.cnt);
int new_list = DetectBufferTypeGetByIdTransforms(de_ctx, s->init_data->list,
int new_list = DetectEngineBufferTypeGetByIdTransforms(de_ctx, s->init_data->list,
s->init_data->transforms.transforms, s->init_data->transforms.cnt);
if (new_list == -1) {
SCReturnInt(-1);
@ -1171,10 +1203,10 @@ void InspectionBufferCopy(InspectionBuffer *buffer, uint8_t *buf, uint32_t buf_l
* \retval true (false) If any of the transforms indicate the byte array is
* (is not) compatible.
**/
bool DetectBufferTypeValidateTransform(DetectEngineCtx *de_ctx, int sm_list,
bool DetectEngineBufferTypeValidateTransform(DetectEngineCtx *de_ctx, int sm_list,
const uint8_t *content, uint16_t content_len, const char **namestr)
{
const DetectBufferType *dbt = DetectBufferTypeGetById(de_ctx, sm_list);
const DetectBufferType *dbt = DetectEngineBufferTypeGetById(de_ctx, sm_list);
BUG_ON(dbt == NULL);
for (int i = 0; i < dbt->transforms.cnt; i++) {
@ -1295,10 +1327,10 @@ void DetectBufferTypeCloseRegistration(void)
g_buffer_type_reg_closed = 1;
}
int DetectBufferTypeGetByIdTransforms(DetectEngineCtx *de_ctx, const int id,
TransformData *transforms, int transform_cnt)
int DetectEngineBufferTypeGetByIdTransforms(
DetectEngineCtx *de_ctx, const int id, TransformData *transforms, int transform_cnt)
{
const DetectBufferType *base_map = DetectBufferTypeGetById(de_ctx, id);
const DetectBufferType *base_map = DetectEngineBufferTypeGetById(de_ctx, id);
if (!base_map) {
return -1;
}

31
src/detect-engine.h
Unescape Escape View File

@ -36,8 +36,6 @@ void InspectionBufferCheckAndExpand(InspectionBuffer *buffer, uint32_t min_size)
void InspectionBufferCopy(InspectionBuffer *buffer, uint8_t *buf, uint32_t buf_len);
void InspectionBufferApplyTransforms(InspectionBuffer *buffer,
const DetectEngineTransforms *transforms);
bool DetectBufferTypeValidateTransform(DetectEngineCtx *de_ctx, int sm_list,
const uint8_t *content, uint16_t content_len, const char **namestr);
void InspectionBufferClean(DetectEngineThreadCtx *det_ctx);
InspectionBuffer *InspectionBufferGet(DetectEngineThreadCtx *det_ctx, const int list_id);
void InspectionBufferSetupMulti(InspectionBuffer *buffer, const DetectEngineTransforms *transforms,
@ -45,6 +43,8 @@ void InspectionBufferSetupMulti(InspectionBuffer *buffer, const DetectEngineTran
InspectionBuffer *InspectionBufferMultipleForListGet(
DetectEngineThreadCtx *det_ctx, const int list_id, uint32_t local_id);
/* start up registery funcs */
int DetectBufferTypeRegister(const char *name);
int DetectBufferTypeGetByName(const char *name);
void DetectBufferTypeSupportsMpm(const char *name);
@ -58,16 +58,23 @@ void DetectBufferTypeRegisterSetupCallback(const char *name,
void (*Callback)(const DetectEngineCtx *, Signature *));
void DetectBufferTypeRegisterValidateCallback(const char *name,
bool (*ValidateCallback)(const Signature *, const char **sigerror));
const DetectBufferType *DetectBufferTypeGetById(const DetectEngineCtx *de_ctx, const int id);
int DetectBufferTypeGetByIdTransforms(DetectEngineCtx *de_ctx, const int id,
TransformData *transforms, int transform_cnt);
const char *DetectBufferTypeGetNameById(const DetectEngineCtx *de_ctx, const int id);
bool DetectBufferTypeSupportsMpmGetById(const DetectEngineCtx *de_ctx, const int id);
bool DetectBufferTypeSupportsPacketGetById(const DetectEngineCtx *de_ctx, const int id);
const char *DetectBufferTypeGetDescriptionById(const DetectEngineCtx *de_ctx, const int id);
void DetectBufferRunSetupCallback(const DetectEngineCtx *de_ctx, const int id, Signature *s);
bool DetectBufferRunValidateCallback(const DetectEngineCtx *de_ctx, const int id, const Signature *s, const char **sigerror);
/* detect engine related buffer funcs */
int DetectEngineBufferTypeRegister(DetectEngineCtx *de_ctx, const char *name);
const char *DetectEngineBufferTypeGetNameById(const DetectEngineCtx *de_ctx, const int id);
const DetectBufferType *DetectEngineBufferTypeGetById(const DetectEngineCtx *de_ctx, const int id);
bool DetectEngineBufferTypeSupportsMpmGetById(const DetectEngineCtx *de_ctx, const int id);
bool DetectEngineBufferTypeSupportsPacketGetById(const DetectEngineCtx *de_ctx, const int id);
const char *DetectEngineBufferTypeGetDescriptionById(const DetectEngineCtx *de_ctx, const int id);
const DetectBufferType *DetectEngineBufferTypeGetById(const DetectEngineCtx *de_ctx, const int id);
int DetectEngineBufferTypeGetByIdTransforms(
DetectEngineCtx *de_ctx, const int id, TransformData *transforms, int transform_cnt);
void DetectEngineBufferRunSetupCallback(const DetectEngineCtx *de_ctx, const int id, Signature *s);
bool DetectEngineBufferRunValidateCallback(
const DetectEngineCtx *de_ctx, const int id, const Signature *s, const char **sigerror);
bool DetectEngineBufferTypeValidateTransform(DetectEngineCtx *de_ctx, int sm_list,
const uint8_t *content, uint16_t content_len, const char **namestr);
/* prototypes */
DetectEngineCtx *DetectEngineCtxInitWithPrefix(const char *prefix);

2
src/detect-fast-pattern.c
Unescape Escape View File

@ -69,7 +69,7 @@ int FastPatternSupportEnabledForSigMatchList(const DetectEngineCtx *de_ctx,
if (list_id == DETECT_SM_LIST_PMATCH)
return 1;
return DetectBufferTypeSupportsMpmGetById(de_ctx, list_id);
return DetectEngineBufferTypeSupportsMpmGetById(de_ctx, list_id);
}
/**

25
src/detect-parse.c
Unescape Escape View File

@ -434,7 +434,7 @@ SigMatch *DetectGetLastSMFromMpmLists(const DetectEngineCtx *de_ctx, const Signa
/* if we have a sticky buffer, use that */
if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
if (!(DetectBufferTypeSupportsMpmGetById(de_ctx, s->init_data->list))) {
if (!(DetectEngineBufferTypeSupportsMpmGetById(de_ctx, s->init_data->list))) {
return NULL;
}
@ -446,7 +446,7 @@ SigMatch *DetectGetLastSMFromMpmLists(const DetectEngineCtx *de_ctx, const Signa
/* otherwise brute force it */
for (sm_type = 0; sm_type < s->init_data->smlists_array_size; sm_type++) {
if (!DetectBufferTypeSupportsMpmGetById(de_ctx, sm_type))
if (!DetectEngineBufferTypeSupportsMpmGetById(de_ctx, sm_type))
continue;
SigMatch *sm_list = s->init_data->smlists_tail[sm_type];
sm_new = SigMatchGetLastSMByType(sm_list, DETECT_CONTENT);
@ -1673,8 +1673,9 @@ static int SigValidate(DetectEngineCtx *de_ctx, Signature *s)
* e.g. alert ... (file_data; sid:1;) */
if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
if (s->init_data->smlists[s->init_data->list] == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "rule %u setup buffer %s but didn't add matches to it",
s->id, DetectBufferTypeGetNameById(de_ctx, s->init_data->list));
SCLogError(SC_ERR_INVALID_SIGNATURE,
"rule %u setup buffer %s but didn't add matches to it", s->id,
DetectEngineBufferTypeGetNameById(de_ctx, s->init_data->list));
SCReturnInt(0);
}
}
@ -1699,15 +1700,15 @@ static int SigValidate(DetectEngineCtx *de_ctx, Signature *s)
if (app->sm_list == x &&
(AppProtoEquals(s->alproto, app->alproto) || s->alproto == 0)) {
SCLogDebug("engine %s dir %d alproto %d",
DetectBufferTypeGetNameById(de_ctx, app->sm_list),
app->dir, app->alproto);
DetectEngineBufferTypeGetNameById(de_ctx, app->sm_list), app->dir,
app->alproto);
bufdir[x].ts += (app->dir == 0);
bufdir[x].tc += (app->dir == 1);
}
}
if (!DetectBufferRunValidateCallback(de_ctx, x, s, &de_ctx->sigerror)) {
if (!DetectEngineBufferRunValidateCallback(de_ctx, x, s, &de_ctx->sigerror)) {
SCReturnInt(0);
}
}
@ -1723,8 +1724,8 @@ static int SigValidate(DetectEngineCtx *de_ctx, Signature *s)
tc_excl += (bufdir[x].ts == 0 && bufdir[x].tc > 0);
dir_amb += (bufdir[x].ts > 0 && bufdir[x].tc > 0);
SCLogDebug("%s/%d: %d/%d", DetectBufferTypeGetNameById(de_ctx, x),
x, bufdir[x].ts, bufdir[x].tc);
SCLogDebug("%s/%d: %d/%d", DetectEngineBufferTypeGetNameById(de_ctx, x), x, bufdir[x].ts,
bufdir[x].tc);
}
if (ts_excl && tc_excl) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "rule %u mixes keywords with conflicting directions", s->id);
@ -1781,10 +1782,10 @@ static int SigValidate(DetectEngineCtx *de_ctx, Signature *s)
for (int i = 0; i < nlists; i++) {
if (s->init_data->smlists[i] == NULL)
continue;
if (!(DetectBufferTypeGetNameById(de_ctx, i)))
if (!(DetectEngineBufferTypeGetNameById(de_ctx, i)))
continue;
if (!(DetectBufferTypeSupportsPacketGetById(de_ctx, i))) {
if (!(DetectEngineBufferTypeSupportsPacketGetById(de_ctx, i))) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Signature combines packet "
"specific matches (like dsize, flags, ttl) with stream / "
"state matching by matching on app layer proto (like using "
@ -2003,7 +2004,7 @@ static Signature *SigInitHelper(DetectEngineCtx *de_ctx, const char *sigstr,
/* run buffer type callbacks if any */
for (uint32_t x = 0; x < sig->init_data->smlists_array_size; x++) {
if (sig->init_data->smlists[x])
DetectBufferRunSetupCallback(de_ctx, x, sig);
DetectEngineBufferRunSetupCallback(de_ctx, x, sig);
}
/* validate signature, SigValidate will report the error reason */

2
src/detect-pcre.c
Unescape Escape View File

@ -875,7 +875,7 @@ static int DetectPcreSetup (DetectEngineCtx *de_ctx, Signature *s, const char *r
SCLogError(SC_ERR_INVALID_SIGNATURE,
"Expression seen with a sticky buffer still set; either (1) reset sticky "
"buffer with pkt_data or (2) use a sticky buffer providing \"%s\".",
DetectBufferTypeGetDescriptionById(de_ctx, parsed_sm_list));
DetectEngineBufferTypeGetDescriptionById(de_ctx, parsed_sm_list));
goto error;
}
if (DetectBufferGetActiveList(de_ctx, s) == -1)

2
src/detect-rawbytes.c
Unescape Escape View File

@ -63,7 +63,7 @@ static int DetectRawbytesSetup(DetectEngineCtx *de_ctx, Signature *s, const char
SCLogError(SC_ERR_RAWBYTES_BUFFER,
"\"rawbytes\" cannot be combined "
"with the \"%s\" sticky buffer",
DetectBufferTypeGetNameById(de_ctx, s->init_data->list));
DetectEngineBufferTypeGetNameById(de_ctx, s->init_data->list));
SCReturnInt(-1);
}

2
src/util-profiling-keywords.c
Unescape Escape View File

@ -198,7 +198,7 @@ SCProfilingKeywordDump(DetectEngineCtx *de_ctx)
if (i < DETECT_SM_LIST_DYNAMIC_START) {
name = DetectSigmatchListEnumToString(i);
} else {
name = DetectBufferTypeGetNameById(de_ctx, i);
name = DetectEngineBufferTypeGetNameById(de_ctx, i);
}
DoDump(de_ctx->profile_keyword_ctx_per_list[i], fp, name);

Write Preview
Loading…
Cancel
Save