aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect: split register time and detect load time buffer funcs

Browse Source
pull/6680/head
Victor Julien 4 years ago committed by Victor Julien
parent 5bcaae0a01
commit 707b75ccda
10 changed files with 112 additions and 72 deletions
Show Stats Download Patch File Download Diff File

4
src/detect-content.c
Unescape Escape View File

@ -343,8 +343,8 @@ int DetectContentSetup(DetectEngineCtx *de_ctx, Signature *s, const char *conten
0 == (cd->flags & DETECT_CONTENT_NEGATED)) { 0 == (cd->flags & DETECT_CONTENT_NEGATED)) {
/* Check transform compatibility */ /* Check transform compatibility */
const char *tstr; const char *tstr;
if (!DetectBufferTypeValidateTransform(de_ctx, sm_list, cd->content, if (!DetectEngineBufferTypeValidateTransform(
cd->content_len, &tstr)) { de_ctx, sm_list, cd->content, cd->content_len, &tstr)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, SCLogError(SC_ERR_INVALID_SIGNATURE,
"content string \"%s\" incompatible with %s transform", "content string \"%s\" incompatible with %s transform",
contentstr, tstr); contentstr, tstr);

20
src/detect-engine-analyzer.c
Unescape Escape View File

@ -190,8 +190,8 @@ void EngineAnalysisFP(const DetectEngineCtx *de_ctx, const Signature *s, char *l
if (list_type == DETECT_SM_LIST_PMATCH) if (list_type == DETECT_SM_LIST_PMATCH)
fprintf(fp_engine_analysis_FD, "content\n"); fprintf(fp_engine_analysis_FD, "content\n");
else { else {
const char *desc = DetectBufferTypeGetDescriptionById(de_ctx, list_type); const char *desc = DetectEngineBufferTypeGetDescriptionById(de_ctx, list_type);
const char *name = DetectBufferTypeGetNameById(de_ctx, list_type); const char *name = DetectEngineBufferTypeGetNameById(de_ctx, list_type);
if (desc && name) { if (desc && name) {
fprintf(fp_engine_analysis_FD, "%s (%s)\n", desc, name); fprintf(fp_engine_analysis_FD, "%s (%s)\n", desc, name);
} }
@ -523,8 +523,8 @@ static void EngineAnalysisRulesPrintFP(const DetectEngineCtx *de_ctx, const Sign
payload ? (stream ? "payload and reassembled stream" : "payload") : "reassembled stream"); payload ? (stream ? "payload and reassembled stream" : "payload") : "reassembled stream");
} }
else { else {
const char *desc = DetectBufferTypeGetDescriptionById(de_ctx, list_type); const char *desc = DetectEngineBufferTypeGetDescriptionById(de_ctx, list_type);
const char *name = DetectBufferTypeGetNameById(de_ctx, list_type); const char *name = DetectEngineBufferTypeGetNameById(de_ctx, list_type);
if (desc && name) { if (desc && name) {
fprintf(rule_engine_analysis_FD, "%s (%s)", desc, name); fprintf(rule_engine_analysis_FD, "%s (%s)", desc, name);
} else if (desc || name) { } else if (desc || name) {
@ -534,7 +534,7 @@ static void EngineAnalysisRulesPrintFP(const DetectEngineCtx *de_ctx, const Sign
} }
fprintf(rule_engine_analysis_FD, "\" "); fprintf(rule_engine_analysis_FD, "\" ");
const DetectBufferType *bt = DetectBufferTypeGetById(de_ctx, list_type); const DetectBufferType *bt = DetectEngineBufferTypeGetById(de_ctx, list_type);
if (bt && bt->transforms.cnt) { if (bt && bt->transforms.cnt) {
fprintf(rule_engine_analysis_FD, "(with %d transform(s)) ", bt->transforms.cnt); fprintf(rule_engine_analysis_FD, "(with %d transform(s)) ", bt->transforms.cnt);
} }
@ -804,7 +804,7 @@ void EngineAnalysisRules2(const DetectEngineCtx *de_ctx, const Signature *s)
jb_open_array(ctx.js, "pkt_engines"); jb_open_array(ctx.js, "pkt_engines");
const DetectEnginePktInspectionEngine *pkt = s->pkt_inspect; const DetectEnginePktInspectionEngine *pkt = s->pkt_inspect;
for ( ; pkt != NULL; pkt = pkt->next) { for ( ; pkt != NULL; pkt = pkt->next) {
const char *name = DetectBufferTypeGetNameById(de_ctx, pkt->sm_list); const char *name = DetectEngineBufferTypeGetNameById(de_ctx, pkt->sm_list);
if (name == NULL) { if (name == NULL) {
switch (pkt->sm_list) { switch (pkt->sm_list) {
case DETECT_SM_LIST_PMATCH: case DETECT_SM_LIST_PMATCH:
@ -837,7 +837,7 @@ void EngineAnalysisRules2(const DetectEngineCtx *de_ctx, const Signature *s)
jb_open_array(ctx.js, "engines"); jb_open_array(ctx.js, "engines");
const DetectEngineAppInspectionEngine *app = s->app_inspect; const DetectEngineAppInspectionEngine *app = s->app_inspect;
for ( ; app != NULL; app = app->next) { for ( ; app != NULL; app = app->next) {
const char *name = DetectBufferTypeGetNameById(de_ctx, app->sm_list); const char *name = DetectEngineBufferTypeGetNameById(de_ctx, app->sm_list);
if (name == NULL) { if (name == NULL) {
switch (app->sm_list) { switch (app->sm_list) {
case DETECT_SM_LIST_PMATCH: case DETECT_SM_LIST_PMATCH:
@ -896,7 +896,7 @@ void EngineAnalysisRules2(const DetectEngineCtx *de_ctx, const Signature *s)
if (mpm_list < DETECT_SM_LIST_DYNAMIC_START) if (mpm_list < DETECT_SM_LIST_DYNAMIC_START)
name = DetectListToHumanString(mpm_list); name = DetectListToHumanString(mpm_list);
else else
name = DetectBufferTypeGetNameById(de_ctx, mpm_list); name = DetectEngineBufferTypeGetNameById(de_ctx, mpm_list);
jb_set_string(ctx.js, "buffer", name); jb_set_string(ctx.js, "buffer", name);
SigMatchData *smd = pkt_mpm ? pkt_mpm->smd : app_mpm->smd; SigMatchData *smd = pkt_mpm ? pkt_mpm->smd : app_mpm->smd;
@ -926,7 +926,7 @@ void EngineAnalysisRules2(const DetectEngineCtx *de_ctx, const Signature *s)
if (prefilter_list < DETECT_SM_LIST_DYNAMIC_START) if (prefilter_list < DETECT_SM_LIST_DYNAMIC_START)
name = DetectListToHumanString(prefilter_list); name = DetectListToHumanString(prefilter_list);
else else
name = DetectBufferTypeGetNameById(de_ctx, prefilter_list); name = DetectEngineBufferTypeGetNameById(de_ctx, prefilter_list);
jb_set_string(ctx.js, "buffer", name); jb_set_string(ctx.js, "buffer", name);
const char *mname = sigmatch_table[s->init_data->prefilter_sm->type].name; const char *mname = sigmatch_table[s->init_data->prefilter_sm->type].name;
jb_set_string(ctx.js, "name", mname); jb_set_string(ctx.js, "name", mname);
@ -1080,7 +1080,7 @@ void DumpPatterns(DetectEngineCtx *de_ctx)
if (p->sm_list < DETECT_SM_LIST_DYNAMIC_START) if (p->sm_list < DETECT_SM_LIST_DYNAMIC_START)
name = DetectListToHumanString(p->sm_list); name = DetectListToHumanString(p->sm_list);
else else
name = DetectBufferTypeGetNameById(de_ctx, p->sm_list); name = DetectEngineBufferTypeGetNameById(de_ctx, p->sm_list);
jb_set_string(jb, "name", name); jb_set_string(jb, "name", name);
jb_set_uint(jb, "list_id", p->sm_list); jb_set_uint(jb, "list_id", p->sm_list);

12
src/detect-engine-build.c
Unescape Escape View File

@ -205,7 +205,7 @@ int SignatureIsIPOnly(DetectEngineCtx *de_ctx, const Signature *s)
for (int i = 0; i < nlists; i++) { for (int i = 0; i < nlists; i++) {
if (s->init_data->smlists[i] == NULL) if (s->init_data->smlists[i] == NULL)
continue; continue;
if (!(DetectBufferTypeGetNameById(de_ctx, i))) if (!(DetectEngineBufferTypeGetNameById(de_ctx, i)))
continue; continue;
SCReturnInt(0); SCReturnInt(0);
@ -265,7 +265,7 @@ static int SignatureIsPDOnly(const DetectEngineCtx *de_ctx, const Signature *s)
for (int i = 0; i < nlists; i++) { for (int i = 0; i < nlists; i++) {
if (s->init_data->smlists[i] == NULL) if (s->init_data->smlists[i] == NULL)
continue; continue;
if (!(DetectBufferTypeGetNameById(de_ctx, i))) if (!(DetectEngineBufferTypeGetNameById(de_ctx, i)))
continue; continue;
SCReturnInt(0); SCReturnInt(0);
@ -352,7 +352,7 @@ static int SignatureIsDEOnly(DetectEngineCtx *de_ctx, const Signature *s)
for (int i = 0; i < nlists; i++) { for (int i = 0; i < nlists; i++) {
if (s->init_data->smlists[i] == NULL) if (s->init_data->smlists[i] == NULL)
continue; continue;
if (!(DetectBufferTypeGetNameById(de_ctx, i))) if (!(DetectEngineBufferTypeGetNameById(de_ctx, i)))
continue; continue;
SCReturnInt(0); SCReturnInt(0);
@ -821,7 +821,7 @@ static json_t *RulesGroupPrintSghStats(const DetectEngineCtx *de_ctx, const SigG
if (y < DETECT_SM_LIST_DYNAMIC_START) if (y < DETECT_SM_LIST_DYNAMIC_START)
name = DetectListToHumanString(y); name = DetectListToHumanString(y);
else else
name = DetectBufferTypeGetNameById(de_ctx, y); name = DetectEngineBufferTypeGetNameById(de_ctx, y);
json_object_set_new(app, name, json_integer(alproto_mpm_bufs[i][y])); json_object_set_new(app, name, json_integer(alproto_mpm_bufs[i][y]));
} }
@ -860,7 +860,7 @@ static json_t *RulesGroupPrintSghStats(const DetectEngineCtx *de_ctx, const SigG
if (i < DETECT_SM_LIST_DYNAMIC_START) if (i < DETECT_SM_LIST_DYNAMIC_START)
name = DetectListToHumanString(i); name = DetectListToHumanString(i);
else else
name = DetectBufferTypeGetNameById(de_ctx, i); name = DetectEngineBufferTypeGetNameById(de_ctx, i);
json_object_set_new(mpm_js, name, buf); json_object_set_new(mpm_js, name, buf);
} }
@ -1444,7 +1444,7 @@ int SigAddressPrepareStage1(DetectEngineCtx *de_ctx)
/* run buffer type callbacks if any */ /* run buffer type callbacks if any */
for (int x = 0; x < (int)s->init_data->smlists_array_size; x++) { for (int x = 0; x < (int)s->init_data->smlists_array_size; x++) {
if (s->init_data->smlists[x]) if (s->init_data->smlists[x])
DetectBufferRunSetupCallback(de_ctx, x, s); DetectEngineBufferRunSetupCallback(de_ctx, x, s);
} }
de_ctx->sig_cnt++; de_ctx->sig_cnt++;

84
src/detect-engine.c
Unescape Escape View File

@ -446,7 +446,7 @@ int DetectEngineAppInspectionEngine2Signature(DetectEngineCtx *de_ctx, Signature
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
if (mpm_list == e->sm_list) { if (mpm_list == e->sm_list) {
SCLogDebug("%s is mpm", DetectBufferTypeGetNameById(de_ctx, e->sm_list)); SCLogDebug("%s is mpm", DetectEngineBufferTypeGetNameById(de_ctx, e->sm_list));
prepend = true; prepend = true;
new_engine->mpm = true; new_engine->mpm = true;
} }
@ -507,7 +507,7 @@ int DetectEngineAppInspectionEngine2Signature(DetectEngineCtx *de_ctx, Signature
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
if (mpm_list == t->sm_list) { if (mpm_list == t->sm_list) {
SCLogDebug("%s is mpm", DetectBufferTypeGetNameById(de_ctx, t->sm_list)); SCLogDebug("%s is mpm", DetectEngineBufferTypeGetNameById(de_ctx, t->sm_list));
prepend = true; prepend = true;
head_is_mpm = true; head_is_mpm = true;
new_engine->mpm = true; new_engine->mpm = true;
@ -596,9 +596,8 @@ next:
const DetectEngineAppInspectionEngine *iter = s->app_inspect; const DetectEngineAppInspectionEngine *iter = s->app_inspect;
while (iter) { while (iter) {
SCLogDebug("%u: engine %s id %u progress %d %s", s->id, SCLogDebug("%u: engine %s id %u progress %d %s", s->id,
DetectBufferTypeGetNameById(de_ctx, iter->sm_list), iter->id, DetectEngineBufferTypeGetNameById(de_ctx, iter->sm_list), iter->id, iter->progress,
iter->progress, iter->sm_list == mpm_list ? "MPM" : "");
iter->sm_list == mpm_list ? "MPM":"");
iter = iter->next; iter = iter->next;
} }
#endif #endif
@ -844,7 +843,16 @@ int DetectBufferTypeGetByName(const char *name)
return exists->id; return exists->id;
} }
const DetectBufferType *DetectBufferTypeGetById(const DetectEngineCtx *de_ctx, const int id) static DetectBufferType *DetectEngineBufferTypeLookupByName(
const DetectEngineCtx *de_ctx, const char *string)
{
DetectBufferType map = { (char *)string, NULL, 0, 0, 0, 0, false, NULL, NULL, no_transforms };
DetectBufferType *res = HashListTableLookup(de_ctx->buffer_type_hash_name, &map, 0);
return res;
}
const DetectBufferType *DetectEngineBufferTypeGetById(const DetectEngineCtx *de_ctx, const int id)
{ {
DetectBufferType lookup; DetectBufferType lookup;
memset(&lookup, 0, sizeof(lookup)); memset(&lookup, 0, sizeof(lookup));
@ -854,12 +862,37 @@ const DetectBufferType *DetectBufferTypeGetById(const DetectEngineCtx *de_ctx, c
return res; return res;
} }
const char *DetectBufferTypeGetNameById(const DetectEngineCtx *de_ctx, const int id) const char *DetectEngineBufferTypeGetNameById(const DetectEngineCtx *de_ctx, const int id)
{ {
const DetectBufferType *res = DetectBufferTypeGetById(de_ctx, id); const DetectBufferType *res = DetectEngineBufferTypeGetById(de_ctx, id);
return res ? res->string : NULL; return res ? res->string : NULL;
} }
static int DetectEngineBufferTypeAdd(DetectEngineCtx *de_ctx, const char *string)
{
DetectBufferType *map = SCCalloc(1, sizeof(*map));
if (map == NULL)
return -1;
map->string = string;
map->id = de_ctx->buffer_type_id++;
BUG_ON(HashListTableAdd(de_ctx->buffer_type_hash_name, (void *)map, 0) != 0);
BUG_ON(HashListTableAdd(de_ctx->buffer_type_hash_id, (void *)map, 0) != 0);
SCLogDebug("buffer %s registered with id %d", map->string, map->id);
return map->id;
}
int DetectEngineBufferTypeRegister(DetectEngineCtx *de_ctx, const char *name)
{
DetectBufferType *exists = DetectEngineBufferTypeLookupByName(de_ctx, name);
if (!exists) {
return DetectEngineBufferTypeAdd(de_ctx, name);
} else {
return exists->id;
}
}
void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc) void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc)
{ {
DetectBufferType *exists = DetectBufferTypeLookupByName(name); DetectBufferType *exists = DetectBufferTypeLookupByName(name);
@ -869,9 +902,9 @@ void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc)
exists->description = desc; exists->description = desc;
} }
const char *DetectBufferTypeGetDescriptionById(const DetectEngineCtx *de_ctx, const int id) const char *DetectEngineBufferTypeGetDescriptionById(const DetectEngineCtx *de_ctx, const int id)
{ {
const DetectBufferType *exists = DetectBufferTypeGetById(de_ctx, id); const DetectBufferType *exists = DetectEngineBufferTypeGetById(de_ctx, id);
if (!exists) { if (!exists) {
return NULL; return NULL;
} }
@ -887,18 +920,18 @@ const char *DetectBufferTypeGetDescriptionByName(const char *name)
return exists->description; return exists->description;
} }
bool DetectBufferTypeSupportsPacketGetById(const DetectEngineCtx *de_ctx, const int id) bool DetectEngineBufferTypeSupportsPacketGetById(const DetectEngineCtx *de_ctx, const int id)
{ {
const DetectBufferType *map = DetectBufferTypeGetById(de_ctx, id); const DetectBufferType *map = DetectEngineBufferTypeGetById(de_ctx, id);
if (map == NULL) if (map == NULL)
return false; return false;
SCLogDebug("map %p id %d packet? %d", map, id, map->packet); SCLogDebug("map %p id %d packet? %d", map, id, map->packet);
return map->packet; return map->packet;
} }
bool DetectBufferTypeSupportsMpmGetById(const DetectEngineCtx *de_ctx, const int id) bool DetectEngineBufferTypeSupportsMpmGetById(const DetectEngineCtx *de_ctx, const int id)
{ {
const DetectBufferType *map = DetectBufferTypeGetById(de_ctx, id); const DetectBufferType *map = DetectEngineBufferTypeGetById(de_ctx, id);
if (map == NULL) if (map == NULL)
return false; return false;
SCLogDebug("map %p id %d mpm? %d", map, id, map->mpm); SCLogDebug("map %p id %d mpm? %d", map, id, map->mpm);
@ -915,10 +948,9 @@ void DetectBufferTypeRegisterSetupCallback(const char *name,
exists->SetupCallback = SetupCallback; exists->SetupCallback = SetupCallback;
} }
void DetectBufferRunSetupCallback(const DetectEngineCtx *de_ctx, void DetectEngineBufferRunSetupCallback(const DetectEngineCtx *de_ctx, const int id, Signature *s)
const int id, Signature *s)
{ {
const DetectBufferType *map = DetectBufferTypeGetById(de_ctx, id); const DetectBufferType *map = DetectEngineBufferTypeGetById(de_ctx, id);
if (map && map->SetupCallback) { if (map && map->SetupCallback) {
map->SetupCallback(de_ctx, s); map->SetupCallback(de_ctx, s);
} }
@ -934,10 +966,10 @@ void DetectBufferTypeRegisterValidateCallback(const char *name,
exists->ValidateCallback = ValidateCallback; exists->ValidateCallback = ValidateCallback;
} }
bool DetectBufferRunValidateCallback(const DetectEngineCtx *de_ctx, bool DetectEngineBufferRunValidateCallback(
const int id, const Signature *s, const char **sigerror) const DetectEngineCtx *de_ctx, const int id, const Signature *s, const char **sigerror)
{ {
const DetectBufferType *map = DetectBufferTypeGetById(de_ctx, id); const DetectBufferType *map = DetectEngineBufferTypeGetById(de_ctx, id);
if (map && map->ValidateCallback) { if (map && map->ValidateCallback) {
return map->ValidateCallback(s, sigerror); return map->ValidateCallback(s, sigerror);
} }
@ -972,7 +1004,7 @@ int DetectBufferGetActiveList(DetectEngineCtx *de_ctx, Signature *s)
SCLogDebug("buffer %d has transform(s) registered: %d", SCLogDebug("buffer %d has transform(s) registered: %d",
s->init_data->list, s->init_data->transforms.cnt); s->init_data->list, s->init_data->transforms.cnt);
int new_list = DetectBufferTypeGetByIdTransforms(de_ctx, s->init_data->list, int new_list = DetectEngineBufferTypeGetByIdTransforms(de_ctx, s->init_data->list,
s->init_data->transforms.transforms, s->init_data->transforms.cnt); s->init_data->transforms.transforms, s->init_data->transforms.cnt);
if (new_list == -1) { if (new_list == -1) {
SCReturnInt(-1); SCReturnInt(-1);
@ -1171,10 +1203,10 @@ void InspectionBufferCopy(InspectionBuffer *buffer, uint8_t *buf, uint32_t buf_l
* \retval true (false) If any of the transforms indicate the byte array is * \retval true (false) If any of the transforms indicate the byte array is
* (is not) compatible. * (is not) compatible.
**/ **/
bool DetectBufferTypeValidateTransform(DetectEngineCtx *de_ctx, int sm_list, bool DetectEngineBufferTypeValidateTransform(DetectEngineCtx *de_ctx, int sm_list,
const uint8_t *content, uint16_t content_len, const char **namestr) const uint8_t *content, uint16_t content_len, const char **namestr)
{ {
const DetectBufferType *dbt = DetectBufferTypeGetById(de_ctx, sm_list); const DetectBufferType *dbt = DetectEngineBufferTypeGetById(de_ctx, sm_list);
BUG_ON(dbt == NULL); BUG_ON(dbt == NULL);
for (int i = 0; i < dbt->transforms.cnt; i++) { for (int i = 0; i < dbt->transforms.cnt; i++) {
@ -1295,10 +1327,10 @@ void DetectBufferTypeCloseRegistration(void)
g_buffer_type_reg_closed = 1; g_buffer_type_reg_closed = 1;
} }
int DetectBufferTypeGetByIdTransforms(DetectEngineCtx *de_ctx, const int id, int DetectEngineBufferTypeGetByIdTransforms(
TransformData *transforms, int transform_cnt) DetectEngineCtx *de_ctx, const int id, TransformData *transforms, int transform_cnt)
{ {
const DetectBufferType *base_map = DetectBufferTypeGetById(de_ctx, id); const DetectBufferType *base_map = DetectEngineBufferTypeGetById(de_ctx, id);
if (!base_map) { if (!base_map) {
return -1; return -1;
} }

31
src/detect-engine.h
Unescape Escape View File

@ -36,8 +36,6 @@ void InspectionBufferCheckAndExpand(InspectionBuffer *buffer, uint32_t min_size)
void InspectionBufferCopy(InspectionBuffer *buffer, uint8_t *buf, uint32_t buf_len); void InspectionBufferCopy(InspectionBuffer *buffer, uint8_t *buf, uint32_t buf_len);
void InspectionBufferApplyTransforms(InspectionBuffer *buffer, void InspectionBufferApplyTransforms(InspectionBuffer *buffer,
const DetectEngineTransforms *transforms); const DetectEngineTransforms *transforms);
bool DetectBufferTypeValidateTransform(DetectEngineCtx *de_ctx, int sm_list,
const uint8_t *content, uint16_t content_len, const char **namestr);
void InspectionBufferClean(DetectEngineThreadCtx *det_ctx); void InspectionBufferClean(DetectEngineThreadCtx *det_ctx);
InspectionBuffer *InspectionBufferGet(DetectEngineThreadCtx *det_ctx, const int list_id); InspectionBuffer *InspectionBufferGet(DetectEngineThreadCtx *det_ctx, const int list_id);
void InspectionBufferSetupMulti(InspectionBuffer *buffer, const DetectEngineTransforms *transforms, void InspectionBufferSetupMulti(InspectionBuffer *buffer, const DetectEngineTransforms *transforms,
@ -45,6 +43,8 @@ void InspectionBufferSetupMulti(InspectionBuffer *buffer, const DetectEngineTran
InspectionBuffer *InspectionBufferMultipleForListGet( InspectionBuffer *InspectionBufferMultipleForListGet(
DetectEngineThreadCtx *det_ctx, const int list_id, uint32_t local_id); DetectEngineThreadCtx *det_ctx, const int list_id, uint32_t local_id);
/* start up registery funcs */
int DetectBufferTypeRegister(const char *name); int DetectBufferTypeRegister(const char *name);
int DetectBufferTypeGetByName(const char *name); int DetectBufferTypeGetByName(const char *name);
void DetectBufferTypeSupportsMpm(const char *name); void DetectBufferTypeSupportsMpm(const char *name);
@ -58,16 +58,23 @@ void DetectBufferTypeRegisterSetupCallback(const char *name,
void (*Callback)(const DetectEngineCtx *, Signature *)); void (*Callback)(const DetectEngineCtx *, Signature *));
void DetectBufferTypeRegisterValidateCallback(const char *name, void DetectBufferTypeRegisterValidateCallback(const char *name,
bool (*ValidateCallback)(const Signature *, const char **sigerror)); bool (*ValidateCallback)(const Signature *, const char **sigerror));
const DetectBufferType *DetectBufferTypeGetById(const DetectEngineCtx *de_ctx, const int id);
/* detect engine related buffer funcs */
int DetectBufferTypeGetByIdTransforms(DetectEngineCtx *de_ctx, const int id,
TransformData *transforms, int transform_cnt); int DetectEngineBufferTypeRegister(DetectEngineCtx *de_ctx, const char *name);
const char *DetectBufferTypeGetNameById(const DetectEngineCtx *de_ctx, const int id); const char *DetectEngineBufferTypeGetNameById(const DetectEngineCtx *de_ctx, const int id);
bool DetectBufferTypeSupportsMpmGetById(const DetectEngineCtx *de_ctx, const int id); const DetectBufferType *DetectEngineBufferTypeGetById(const DetectEngineCtx *de_ctx, const int id);
bool DetectBufferTypeSupportsPacketGetById(const DetectEngineCtx *de_ctx, const int id); bool DetectEngineBufferTypeSupportsMpmGetById(const DetectEngineCtx *de_ctx, const int id);
const char *DetectBufferTypeGetDescriptionById(const DetectEngineCtx *de_ctx, const int id); bool DetectEngineBufferTypeSupportsPacketGetById(const DetectEngineCtx *de_ctx, const int id);
void DetectBufferRunSetupCallback(const DetectEngineCtx *de_ctx, const int id, Signature *s); const char *DetectEngineBufferTypeGetDescriptionById(const DetectEngineCtx *de_ctx, const int id);
bool DetectBufferRunValidateCallback(const DetectEngineCtx *de_ctx, const int id, const Signature *s, const char **sigerror); const DetectBufferType *DetectEngineBufferTypeGetById(const DetectEngineCtx *de_ctx, const int id);
int DetectEngineBufferTypeGetByIdTransforms(
DetectEngineCtx *de_ctx, const int id, TransformData *transforms, int transform_cnt);
void DetectEngineBufferRunSetupCallback(const DetectEngineCtx *de_ctx, const int id, Signature *s);
bool DetectEngineBufferRunValidateCallback(
const DetectEngineCtx *de_ctx, const int id, const Signature *s, const char **sigerror);
bool DetectEngineBufferTypeValidateTransform(DetectEngineCtx *de_ctx, int sm_list,
const uint8_t *content, uint16_t content_len, const char **namestr);
/* prototypes */ /* prototypes */
DetectEngineCtx *DetectEngineCtxInitWithPrefix(const char *prefix); DetectEngineCtx *DetectEngineCtxInitWithPrefix(const char *prefix);

2
src/detect-fast-pattern.c
Unescape Escape View File

@ -69,7 +69,7 @@ int FastPatternSupportEnabledForSigMatchList(const DetectEngineCtx *de_ctx,
if (list_id == DETECT_SM_LIST_PMATCH) if (list_id == DETECT_SM_LIST_PMATCH)
return 1; return 1;
return DetectBufferTypeSupportsMpmGetById(de_ctx, list_id); return DetectEngineBufferTypeSupportsMpmGetById(de_ctx, list_id);
} }
/** /**

25
src/detect-parse.c
Unescape Escape View File

@ -434,7 +434,7 @@ SigMatch *DetectGetLastSMFromMpmLists(const DetectEngineCtx *de_ctx, const Signa
/* if we have a sticky buffer, use that */ /* if we have a sticky buffer, use that */
if (s->init_data->list != DETECT_SM_LIST_NOTSET) { if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
if (!(DetectBufferTypeSupportsMpmGetById(de_ctx, s->init_data->list))) { if (!(DetectEngineBufferTypeSupportsMpmGetById(de_ctx, s->init_data->list))) {
return NULL; return NULL;
} }
@ -446,7 +446,7 @@ SigMatch *DetectGetLastSMFromMpmLists(const DetectEngineCtx *de_ctx, const Signa
/* otherwise brute force it */ /* otherwise brute force it */
for (sm_type = 0; sm_type < s->init_data->smlists_array_size; sm_type++) { for (sm_type = 0; sm_type < s->init_data->smlists_array_size; sm_type++) {
if (!DetectBufferTypeSupportsMpmGetById(de_ctx, sm_type)) if (!DetectEngineBufferTypeSupportsMpmGetById(de_ctx, sm_type))
continue; continue;
SigMatch *sm_list = s->init_data->smlists_tail[sm_type]; SigMatch *sm_list = s->init_data->smlists_tail[sm_type];
sm_new = SigMatchGetLastSMByType(sm_list, DETECT_CONTENT); sm_new = SigMatchGetLastSMByType(sm_list, DETECT_CONTENT);
@ -1673,8 +1673,9 @@ static int SigValidate(DetectEngineCtx *de_ctx, Signature *s)
* e.g. alert ... (file_data; sid:1;) */ * e.g. alert ... (file_data; sid:1;) */
if (s->init_data->list != DETECT_SM_LIST_NOTSET) { if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
if (s->init_data->smlists[s->init_data->list] == NULL) { if (s->init_data->smlists[s->init_data->list] == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "rule %u setup buffer %s but didn't add matches to it", SCLogError(SC_ERR_INVALID_SIGNATURE,
s->id, DetectBufferTypeGetNameById(de_ctx, s->init_data->list)); "rule %u setup buffer %s but didn't add matches to it", s->id,
DetectEngineBufferTypeGetNameById(de_ctx, s->init_data->list));
SCReturnInt(0); SCReturnInt(0);
} }
} }
@ -1699,15 +1700,15 @@ static int SigValidate(DetectEngineCtx *de_ctx, Signature *s)
if (app->sm_list == x && if (app->sm_list == x &&
(AppProtoEquals(s->alproto, app->alproto) || s->alproto == 0)) { (AppProtoEquals(s->alproto, app->alproto) || s->alproto == 0)) {
SCLogDebug("engine %s dir %d alproto %d", SCLogDebug("engine %s dir %d alproto %d",
DetectBufferTypeGetNameById(de_ctx, app->sm_list), DetectEngineBufferTypeGetNameById(de_ctx, app->sm_list), app->dir,
app->dir, app->alproto); app->alproto);
bufdir[x].ts += (app->dir == 0); bufdir[x].ts += (app->dir == 0);
bufdir[x].tc += (app->dir == 1); bufdir[x].tc += (app->dir == 1);
} }
} }
if (!DetectBufferRunValidateCallback(de_ctx, x, s, &de_ctx->sigerror)) { if (!DetectEngineBufferRunValidateCallback(de_ctx, x, s, &de_ctx->sigerror)) {
SCReturnInt(0); SCReturnInt(0);
} }
} }
@ -1723,8 +1724,8 @@ static int SigValidate(DetectEngineCtx *de_ctx, Signature *s)
tc_excl += (bufdir[x].ts == 0 && bufdir[x].tc > 0); tc_excl += (bufdir[x].ts == 0 && bufdir[x].tc > 0);
dir_amb += (bufdir[x].ts > 0 && bufdir[x].tc > 0); dir_amb += (bufdir[x].ts > 0 && bufdir[x].tc > 0);
SCLogDebug("%s/%d: %d/%d", DetectBufferTypeGetNameById(de_ctx, x), SCLogDebug("%s/%d: %d/%d", DetectEngineBufferTypeGetNameById(de_ctx, x), x, bufdir[x].ts,
x, bufdir[x].ts, bufdir[x].tc); bufdir[x].tc);
} }
if (ts_excl && tc_excl) { if (ts_excl && tc_excl) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "rule %u mixes keywords with conflicting directions", s->id); SCLogError(SC_ERR_INVALID_SIGNATURE, "rule %u mixes keywords with conflicting directions", s->id);
@ -1781,10 +1782,10 @@ static int SigValidate(DetectEngineCtx *de_ctx, Signature *s)
for (int i = 0; i < nlists; i++) { for (int i = 0; i < nlists; i++) {
if (s->init_data->smlists[i] == NULL) if (s->init_data->smlists[i] == NULL)
continue; continue;
if (!(DetectBufferTypeGetNameById(de_ctx, i))) if (!(DetectEngineBufferTypeGetNameById(de_ctx, i)))
continue; continue;
if (!(DetectBufferTypeSupportsPacketGetById(de_ctx, i))) { if (!(DetectEngineBufferTypeSupportsPacketGetById(de_ctx, i))) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Signature combines packet " SCLogError(SC_ERR_INVALID_SIGNATURE, "Signature combines packet "
"specific matches (like dsize, flags, ttl) with stream / " "specific matches (like dsize, flags, ttl) with stream / "
"state matching by matching on app layer proto (like using " "state matching by matching on app layer proto (like using "
@ -2003,7 +2004,7 @@ static Signature *SigInitHelper(DetectEngineCtx *de_ctx, const char *sigstr,
/* run buffer type callbacks if any */ /* run buffer type callbacks if any */
for (uint32_t x = 0; x < sig->init_data->smlists_array_size; x++) { for (uint32_t x = 0; x < sig->init_data->smlists_array_size; x++) {
if (sig->init_data->smlists[x]) if (sig->init_data->smlists[x])
DetectBufferRunSetupCallback(de_ctx, x, sig); DetectEngineBufferRunSetupCallback(de_ctx, x, sig);
} }
/* validate signature, SigValidate will report the error reason */ /* validate signature, SigValidate will report the error reason */

2
src/detect-pcre.c
Unescape Escape View File

@ -875,7 +875,7 @@ static int DetectPcreSetup (DetectEngineCtx *de_ctx, Signature *s, const char *r
SCLogError(SC_ERR_INVALID_SIGNATURE, SCLogError(SC_ERR_INVALID_SIGNATURE,
"Expression seen with a sticky buffer still set; either (1) reset sticky " "Expression seen with a sticky buffer still set; either (1) reset sticky "
"buffer with pkt_data or (2) use a sticky buffer providing \"%s\".", "buffer with pkt_data or (2) use a sticky buffer providing \"%s\".",
DetectBufferTypeGetDescriptionById(de_ctx, parsed_sm_list)); DetectEngineBufferTypeGetDescriptionById(de_ctx, parsed_sm_list));
goto error; goto error;
} }
if (DetectBufferGetActiveList(de_ctx, s) == -1) if (DetectBufferGetActiveList(de_ctx, s) == -1)

2
src/detect-rawbytes.c
Unescape Escape View File

@ -63,7 +63,7 @@ static int DetectRawbytesSetup(DetectEngineCtx *de_ctx, Signature *s, const char
SCLogError(SC_ERR_RAWBYTES_BUFFER, SCLogError(SC_ERR_RAWBYTES_BUFFER,
"\"rawbytes\" cannot be combined " "\"rawbytes\" cannot be combined "
"with the \"%s\" sticky buffer", "with the \"%s\" sticky buffer",
DetectBufferTypeGetNameById(de_ctx, s->init_data->list)); DetectEngineBufferTypeGetNameById(de_ctx, s->init_data->list));
SCReturnInt(-1); SCReturnInt(-1);
} }

2
src/util-profiling-keywords.c
Unescape Escape View File

@ -198,7 +198,7 @@ SCProfilingKeywordDump(DetectEngineCtx *de_ctx)
if (i < DETECT_SM_LIST_DYNAMIC_START) { if (i < DETECT_SM_LIST_DYNAMIC_START) {
name = DetectSigmatchListEnumToString(i); name = DetectSigmatchListEnumToString(i);
} else { } else {
name = DetectBufferTypeGetNameById(de_ctx, i); name = DetectEngineBufferTypeGetNameById(de_ctx, i);
} }
DoDump(de_ctx->profile_keyword_ctx_per_list[i], fp, name); DoDump(de_ctx->profile_keyword_ctx_per_list[i], fp, name);

Write Preview
Loading…
Cancel
Save