From 84aa365a3be0c972e0bb498496af55e6e6bcedd9 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Thu, 5 Mar 2009 19:54:04 +0100
Subject: [PATCH] Fix iponly matching.

---
 src/detect-engine-iponly.c | 20 +++++++++++++++-----
 src/detect-engine-mpm.c    |  4 ++++
 src/detect.c               |  4 ++--
 3 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/src/detect-engine-iponly.c b/src/detect-engine-iponly.c
index 1c485b3f06..95f141d836 100644
--- a/src/detect-engine-iponly.c
+++ b/src/detect-engine-iponly.c
@@ -327,21 +327,22 @@ void IPOnlyMatchPacket(DetectEngineCtx *de_ctx, DetectEngineIPOnlyCtx *io_ctx,
 
     //printf("Let's inspect the sigs\n");
 
-    u_int32_t sig_cnt;
-    if (src->sh->sig_cnt > dst->sh->sig_cnt) sig_cnt = dst->sh->sig_cnt;
-    else                                     sig_cnt = src->sh->sig_cnt;
+    //u_int32_t sig_cnt;
+    //if (src->sh->sig_cnt > dst->sh->sig_cnt) sig_cnt = dst->sh->sig_cnt;
+    //else                                     sig_cnt = src->sh->sig_cnt;
 
     /* ...the result is that only the sigs with both
      * enable match */
     u_int32_t idx;
-    for (idx = 0; idx < sig_cnt; idx++) {
+    for (idx = 0; idx < io_ctx->sig_cnt; idx++) {
         u_int32_t sig = io_ctx->match_array[idx];
 
         //printf("sig internal id %u\n", sig);
 
         /* sig doesn't match */
-        if (!(io_tctx->sig_match_array[(sig / 8)] & (1<<(sig % 8))))
+        if (!(io_tctx->sig_match_array[(sig / 8)] & (1<<(sig % 8)))) {
             continue;
+        }
 
         Signature *s = de_ctx->sig_array[sig];
         if (s == NULL)
@@ -374,6 +375,7 @@ int IPOnlyBuildMatchArray(DetectEngineCtx *de_ctx, DetectEngineIPOnlyCtx *io_ctx
     u_int32_t idx = 0;
     u_int32_t sig = 0;
 
+    //printf("IPOnlyBuildMatchArray: max_idx %u\n", io_ctx->max_idx);
     for (sig = 0; sig < io_ctx->max_idx + 1; sig++) {
         if (!(io_ctx->sig_init_array[(sig/8)] & (1<<(sig%8))))
             continue;
@@ -384,6 +386,7 @@ int IPOnlyBuildMatchArray(DetectEngineCtx *de_ctx, DetectEngineIPOnlyCtx *io_ctx
 
         io_ctx->sig_cnt++;
     }
+    //printf("IPOnlyBuildMatchArray: sig_cnt %u\n", io_ctx->sig_cnt);
 
     io_ctx->match_array = malloc(io_ctx->sig_cnt * sizeof(u_int32_t));
     if (io_ctx->match_array == NULL)
@@ -402,6 +405,7 @@ int IPOnlyBuildMatchArray(DetectEngineCtx *de_ctx, DetectEngineIPOnlyCtx *io_ctx
         io_ctx->match_array[idx] = s->num;
         idx++;
     }
+    //printf("IPOnlyBuildMatchArray: idx %u\n", idx);
 
     return 0;
 }
@@ -414,26 +418,32 @@ void IPOnlyPrepare(DetectEngineCtx *de_ctx) {
     if (hb == NULL)
         return;
 
+    //printf("SRC: ");
     for ( ; hb != NULL; hb = HashListTableGetListNext(hb)) {
         DetectAddressGroup *gr = (DetectAddressGroup *)HashListTableGetListData(hb);
         if (gr == NULL)
             continue;
 
         SigGroupHeadSetSigCnt(gr->sh, de_ctx->io_ctx.max_idx);
+        //printf("%u ", gr->sh->sig_cnt);
     }
+    //printf("\n");
 
     /* destination: set sig_cnt */
     hb = HashListTableGetListHead(de_ctx->io_ctx.ht16_dst);
     if (hb == NULL)
         return;
 
+    //printf("DST: ");
     for ( ; hb != NULL; hb = HashListTableGetListNext(hb)) {
         DetectAddressGroup *gr = (DetectAddressGroup *)HashListTableGetListData(hb);
         if (gr == NULL)
             continue;
 
         SigGroupHeadSetSigCnt(gr->sh, de_ctx->io_ctx.max_idx);
+        //printf("%u ", gr->sh->sig_cnt);
     }
+    //printf("\n");
 }
 
 void IPOnlyAddSignature(DetectEngineCtx *de_ctx, DetectEngineIPOnlyCtx *io_ctx, Signature *s) {
diff --git a/src/detect-engine-mpm.c b/src/detect-engine-mpm.c
index 97158fe6f8..4e5f245265 100644
--- a/src/detect-engine-mpm.c
+++ b/src/detect-engine-mpm.c
@@ -10,6 +10,7 @@
 #include "detect-engine.h"
 #include "detect-engine-siggroup.h"
 #include "detect-engine-mpm.h"
+#include "detect-engine-iponly.h"
 #include "util-mpm.h"
 
 #include "flow.h"
@@ -830,6 +831,9 @@ int PatternMatcherThreadInit(ThreadVars *t, void *initdata, void **data) {
     }
     memset(pmt->pmq.sig_bitarray, 0, max_sig_id / 8 + 1);
 
+    /* IP-ONLY */
+    DetectEngineIPOnlyThreadInit(de_ctx,&pmt->io_ctx);
+
     *data = (void *)pmt;
     //printf("PatternMatcherThreadInit: data %p pmt %p\n", *data, pmt);
     return 0;
diff --git a/src/detect.c b/src/detect.c
index 86c52d1415..e5274aed36 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -3625,7 +3625,7 @@ int SigTest19 (void) {
     SigGroupBuild(g_de_ctx);
     PatternMatchPrepare(mpm_ctx);
     PatternMatcherThreadInit(&th_v, (void *)g_de_ctx,(void *)&pmt);
-    DetectEngineIPOnlyThreadInit(g_de_ctx,&pmt->io_ctx);
+    //DetectEngineIPOnlyThreadInit(g_de_ctx,&pmt->io_ctx);
 
     SigMatchSignatures(&th_v, pmt, &p);
     if (PacketAlertCheck(&p, 999))
@@ -3680,7 +3680,7 @@ int SigTest20 (void) {
     SigGroupBuild(g_de_ctx);
     PatternMatchPrepare(mpm_ctx);
     PatternMatcherThreadInit(&th_v, (void *)g_de_ctx,(void *)&pmt);
-    DetectEngineIPOnlyThreadInit(g_de_ctx,&pmt->io_ctx);
+    //DetectEngineIPOnlyThreadInit(g_de_ctx,&pmt->io_ctx);
 
     SigMatchSignatures(&th_v, pmt, &p);
     if (PacketAlertCheck(&p, 999))