detect alert/threshold/tag: sm_list -> sm_array

9 years ago · 859cb89c7e
parent 99580487e5
commit 859cb89c7e
3 changed files with 41 additions and 29 deletions
--- a/src/detect-engine-alert.c
+++ b/src/detect-engine-alert.c
@ -72,18 +72,18 @@ static int PacketAlertHandle(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det
    SCEnter();
    int ret = 1;
    const DetectThresholdData *td = NULL;
-    const SigMatch *sm;
+    const SigMatchData *smd;

    if (!(PKT_IS_IPV4(p) || PKT_IS_IPV6(p))) {
        SCReturnInt(1);
    }

    /* handle suppressions first */
-    if (s->sm_lists[DETECT_SM_LIST_SUPPRESS] != NULL) {
+    if (s->sm_arrays[DETECT_SM_LIST_SUPPRESS] != NULL) {
        KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_SUPPRESS);
-        sm = NULL;
+        smd = NULL;
        do {
-            td = SigGetThresholdTypeIter(s, p, &sm, DETECT_SM_LIST_SUPPRESS);
+            td = SigGetThresholdTypeIter(s, p, &smd, DETECT_SM_LIST_SUPPRESS);
            if (td != NULL) {
                SCLogDebug("td %p", td);

@ -98,15 +98,15 @@ static int PacketAlertHandle(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det
                }
                KEYWORD_PROFILING_END(det_ctx, DETECT_THRESHOLD, 1);
            }
-        } while (sm != NULL);
+        } while (smd != NULL);
    }

    /* if we're still here, consider thresholding */
-    if (s->sm_lists[DETECT_SM_LIST_THRESHOLD] != NULL) {
+    if (s->sm_arrays[DETECT_SM_LIST_THRESHOLD] != NULL) {
        KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_THRESHOLD);
-        sm = NULL;
+        smd = NULL;
        do {
-            td = SigGetThresholdTypeIter(s, p, &sm, DETECT_SM_LIST_THRESHOLD);
+            td = SigGetThresholdTypeIter(s, p, &smd, DETECT_SM_LIST_THRESHOLD);
            if (td != NULL) {
                SCLogDebug("td %p", td);

@ -121,7 +121,7 @@ static int PacketAlertHandle(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det
                }
                KEYWORD_PROFILING_END(det_ctx, DETECT_THRESHOLD, 1);
            }
-        } while (sm != NULL);
+        } while (smd != NULL);
    }
    SCReturnInt(1);
 }
@ -240,7 +240,6 @@ void PacketAlertFinalize(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx
 {
    SCEnter();
    int i = 0;
-    SigMatch *sm = NULL;

    while (i < p->alerts.cnt) {
        SCLogDebug("Sig->num: %"PRIu16, p->alerts.alerts[i].num);
@ -250,14 +249,18 @@ void PacketAlertFinalize(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx
        if (res > 0) {
            /* Now, if we have an alert, we have to check if we want
             * to tag this session or src/dst host */
+            if (s->sm_arrays[DETECT_SM_LIST_TMATCH] != NULL) {
                KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_TMATCH);
-            sm = s->sm_lists[DETECT_SM_LIST_TMATCH];
-            while (sm) {
+                SigMatchData *smd = s->sm_arrays[DETECT_SM_LIST_TMATCH];
+                while (1) {
                    /* tags are set only for alerts */
                    KEYWORD_PROFILING_START;
-                sigmatch_table[sm->type].Match(NULL, det_ctx, p, (Signature *)s, sm->ctx);
-                KEYWORD_PROFILING_END(det_ctx, sm->type, 1);
-                sm = sm->next;
+                    sigmatch_table[smd->type].Match(NULL, det_ctx, p, (Signature *)s, smd->ctx);
+                    KEYWORD_PROFILING_END(det_ctx, smd->type, 1);
+                    if (smd->is_last)
+                        break;
+                    smd++;
+                }
            }

            if (s->flags & SIG_FLAG_IPONLY) {
--- a/src/detect-engine-threshold.c
+++ b/src/detect-engine-threshold.c
@ -99,35 +99,44 @@ int ThresholdHostHasThreshold(Host *host)
 *
 */
 const DetectThresholdData *SigGetThresholdTypeIter(const Signature *sig,
-        Packet *p, const SigMatch **psm, int list)
+        Packet *p, const SigMatchData **psm, int list)
 {
-    const SigMatch *sm = NULL;
+    const SigMatchData *smd = NULL;
    const DetectThresholdData *tsh = NULL;

    if (sig == NULL)
        return NULL;

    if (*psm == NULL) {
-        sm = sig->sm_lists_tail[list];
+        smd = sig->sm_arrays[list];
    } else {
        /* Iteration in progress, using provided value */
-        sm = *psm;
+        smd = *psm;
    }

    if (p == NULL)
        return NULL;

-    while (sm != NULL) {
-        if (sm->type == DETECT_THRESHOLD || sm->type == DETECT_DETECTION_FILTER) {
-            tsh = (DetectThresholdData *)sm->ctx;
-            *psm = sm->prev;
+    while (1) {
+        if (smd->type == DETECT_THRESHOLD ||
+            smd->type == DETECT_DETECTION_FILTER)
+        {
+            tsh = (DetectThresholdData *)smd->ctx;
+
+            if (smd->is_last) {
+                *psm = NULL;
+            } else {
+                *psm = smd + 1;
+            }
            return tsh;
        }

-        sm = sm->prev;
+        if (smd->is_last) {
+            break;
+        }
+        smd++;
    }
    *psm = NULL;
-
    return NULL;
 }

--- a/src/detect-engine-threshold.h
+++ b/src/detect-engine-threshold.h
@ -34,7 +34,7 @@ int ThresholdHostStorageId(void);
 int ThresholdHostHasThreshold(Host *);

 const DetectThresholdData *SigGetThresholdTypeIter(const Signature *,
-        Packet *, const SigMatch **, int list);
+        Packet *, const SigMatchData **, int list);
 int PacketAlertThreshold(DetectEngineCtx *, DetectEngineThreadCtx *,
        const DetectThresholdData *, Packet *,
        const Signature *, PacketAlert *);