diff --git a/src/detect-engine-address-ipv4.c b/src/detect-engine-address-ipv4.c index 20e9e57e5d..ca3b76b1b3 100644 --- a/src/detect-engine-address-ipv4.c +++ b/src/detect-engine-address-ipv4.c @@ -117,7 +117,6 @@ int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a, uint32_t a_ip2 = ntohl(a->ip2.addr_data32[0]); uint32_t b_ip1 = ntohl(b->ip.addr_data32[0]); uint32_t b_ip2 = ntohl(b->ip2.addr_data32[0]); - DetectPort *port = NULL; DetectAddress *tmp = NULL; DetectAddress *tmp_c = NULL; int r = 0; @@ -162,14 +161,6 @@ int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a, if (de_ctx != NULL) { SigGroupHeadCopySigs(de_ctx, b->sh, &tmp_c->sh); SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh); - - for (port = b->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx, &tmp_c->port, port); - for (port = a->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx, &b->port, port); - - tmp_c->cnt += b->cnt; - b->cnt += a->cnt; } /* we have 3 parts: [bbb[baba]aaa] @@ -211,22 +202,6 @@ int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a, SigGroupHeadCopySigs(de_ctx, tmp->sh, &b->sh); /* clean tmp list */ SigGroupHeadClearSigs(tmp->sh); - - for (port = a->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx, &tmp->port, port); - for (port = b->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx, &a->port, port); - for (port = tmp->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx, &b->port, port); - for (port = tmp->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx, &tmp_c->port, port); - - tmp->cnt += a->cnt; - a->cnt = 0; - tmp_c->cnt += tmp->cnt; - a->cnt += b->cnt; - b->cnt += tmp->cnt; - tmp->cnt = 0; } /* we have 2 or three parts: @@ -260,10 +235,6 @@ int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a, if (de_ctx != NULL) { /* 'b' overlaps 'a' so 'a' needs the 'b' sigs */ SigGroupHeadCopySigs(de_ctx, b->sh, &a->sh); - - for (port = b->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx, &a->port, port); - a->cnt += b->cnt; } } else if (a_ip2 == b_ip2) { SCLogDebug("DetectAddressCutIPv4: 2"); @@ -280,19 +251,6 @@ int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a, SigGroupHeadClearSigs(a->sh); SigGroupHeadCopySigs(de_ctx, tmp->sh, &a->sh); SigGroupHeadClearSigs(tmp->sh); - - for (port = a->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx, &tmp->port, a->port); - for (port = b->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx, &a->port, port); - for (port = tmp->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx, &b->port, port); - - tmp->cnt += a->cnt; - a->cnt = 0; - a->cnt += b->cnt; - b->cnt += tmp->cnt; - tmp->cnt = 0; } } else { SCLogDebug("3"); @@ -328,22 +286,6 @@ int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a, SigGroupHeadCopySigs(de_ctx, tmp->sh, &b->sh); /* clean tmp list */ SigGroupHeadClearSigs(tmp->sh); - - for (port = a->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx, &tmp->port, port); - for (port = b->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx, &tmp_c->port, port); - for (port = b->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx, &a->port, port); - for (port = tmp->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx, &b->port, port); - - tmp->cnt += a->cnt; - a->cnt = 0; - tmp_c->cnt += b->cnt; - a->cnt += b->cnt; - b->cnt += tmp->cnt; - tmp->cnt = 0; } } /* we have 2 or three parts: @@ -381,19 +323,6 @@ int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a, SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh); SigGroupHeadCopySigs(de_ctx, tmp->sh, &a->sh); SigGroupHeadClearSigs(tmp->sh); - - for (port = b->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx, &tmp->port, b->port); - for (port = a->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx, &b->port, port); - for (port = tmp->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx, &a->port, port); - - tmp->cnt += b->cnt; - b->cnt = 0; - b->cnt += a->cnt; - a->cnt += tmp->cnt; - tmp->cnt = 0; } } else if (a_ip2 == b_ip2) { SCLogDebug("DetectAddressCutIPv4: 2"); @@ -407,11 +336,6 @@ int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a, if (de_ctx != NULL) { /* 'a' overlaps 'b' so a needs the 'a' sigs */ SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh); - - for (port = a->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx, &b->port, port); - - b->cnt += a->cnt; } } else { SCLogDebug("DetectAddressCutIPv4: 3"); @@ -437,14 +361,6 @@ int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a, * 'c' gets 'a' sigs */ SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh); SigGroupHeadCopySigs(de_ctx, a->sh, &tmp_c->sh); - - for (port = a->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx, &b->port, port); - for (port = a->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx, &tmp_c->port, port); - - b->cnt += a->cnt; - tmp_c->cnt += a->cnt; } } } diff --git a/src/detect-engine-address-ipv6.c b/src/detect-engine-address-ipv6.c index 84a04d5933..fa692b1a0c 100644 --- a/src/detect-engine-address-ipv6.c +++ b/src/detect-engine-address-ipv6.c @@ -367,7 +367,6 @@ int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a, uint32_t b_ip2[4] = { ntohl(b->ip2.addr_data32[0]), ntohl(b->ip2.addr_data32[1]), ntohl(b->ip2.addr_data32[2]), ntohl(b->ip2.addr_data32[3]) }; - DetectPort *port = NULL; DetectAddress *tmp = NULL; /* default to NULL */ @@ -412,14 +411,6 @@ int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a, /* copy old b to a */ SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh); - for (port = b->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx, &tmp_c->port, port); - for (port = a->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx, &b->port, port); - - tmp_c->cnt += b->cnt; - b->cnt += a->cnt; - /* we have 3 parts: [bbb[baba]aaa] * part a: b_ip1 <-> a_ip1 - 1 * part b: a_ip1 <-> b_ip2 @@ -459,23 +450,6 @@ int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a, /* clean tmp list */ SigGroupHeadClearSigs(tmp->sh); - for (port = a->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx,&tmp->port, port); - for (port = b->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx,&a->port, port); - - for (port = tmp->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx,&b->port, port); - for (port = tmp->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx,&tmp_c->port, port); - - tmp->cnt += a->cnt; - a->cnt = 0; - tmp_c->cnt += tmp->cnt; - a->cnt += b->cnt; - b->cnt += tmp->cnt; - tmp->cnt = 0; - /* we have 2 or three parts: * * 2 part: [[abab]bbb] or [bbb[baba]] @@ -501,11 +475,6 @@ int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a, /* 'b' overlaps 'a' so 'a' needs the 'b' sigs */ SigGroupHeadCopySigs(de_ctx, b->sh, &a->sh); - for (port = b->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx,&a->port, port); - - a->cnt += b->cnt; - } else if (AddressIPv6EqU32(a_ip2, b_ip2) == 1) { AddressCutIPv6Copy(b_ip1, a->ip.addr_data32); AddressCutIPv6CopySubOne(a_ip1, a->ip2.addr_data32); @@ -519,18 +488,6 @@ int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a, SigGroupHeadCopySigs(de_ctx, tmp->sh, &a->sh); SigGroupHeadClearSigs(tmp->sh); - for (port = a->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx,&tmp->port, a->port); - for (port = b->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx,&a->port, port); - for (port = tmp->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx,&b->port, port); - - tmp->cnt += a->cnt; - a->cnt = 0; - a->cnt += b->cnt; - b->cnt += tmp->cnt; - tmp->cnt = 0; } else { AddressCutIPv6Copy(b_ip1, a->ip.addr_data32); AddressCutIPv6CopySubOne(a_ip1, a->ip2.addr_data32); @@ -565,22 +522,6 @@ int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a, /* clean tmp list */ SigGroupHeadClearSigs(tmp->sh); - for (port = a->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx,&tmp->port, port); - for (port = b->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx,&tmp_c->port, port); - for (port = b->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx,&a->port, port); - - for (port = tmp->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx,&b->port, port); - - tmp->cnt += a->cnt; - a->cnt = 0; - tmp_c->cnt += b->cnt; - a->cnt += b->cnt; - b->cnt += tmp->cnt; - tmp->cnt = 0; } /* we have 2 or three parts: * @@ -611,18 +552,6 @@ int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a, SigGroupHeadCopySigs(de_ctx, tmp->sh, &a->sh); SigGroupHeadClearSigs(tmp->sh); - for (port = b->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx,&tmp->port, b->port); - for (port = a->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx,&b->port, port); - for (port = tmp->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx,&a->port, port); - - tmp->cnt += b->cnt; - b->cnt = 0; - b->cnt += a->cnt; - a->cnt += tmp->cnt; - tmp->cnt = 0; } else if (AddressIPv6EqU32(a_ip2, b_ip2) == 1) { AddressCutIPv6Copy(a_ip1, a->ip.addr_data32); AddressCutIPv6CopySubOne(b_ip1, a->ip2.addr_data32); @@ -633,10 +562,6 @@ int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a, /* 'a' overlaps 'b' so a needs the 'a' sigs */ SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh); - for (port = a->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx,&b->port, port); - - b->cnt += a->cnt; } else { AddressCutIPv6Copy(a_ip1, a->ip.addr_data32); AddressCutIPv6CopySubOne(b_ip1, a->ip2.addr_data32); @@ -660,13 +585,6 @@ int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a, SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh); SigGroupHeadCopySigs(de_ctx, a->sh, &tmp_c->sh); - for (port = a->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx,&b->port, port); - for (port = a->port; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx,&tmp_c->port, port); - - b->cnt += a->cnt; - tmp_c->cnt += a->cnt; } } diff --git a/src/detect-engine-address.c b/src/detect-engine-address.c index 764af6a85f..c3ce599d3f 100644 --- a/src/detect-engine-address.c +++ b/src/detect-engine-address.c @@ -107,22 +107,6 @@ void DetectAddressFree(DetectAddress *ag) } ag->sh = NULL; - if (!(ag->flags & ADDRESS_HAVEPORT)) { - SCLogDebug("- ag %p dst_gh %p", ag, ag->dst_gh); - - if (ag->dst_gh != NULL) - DetectAddressHeadFree(ag->dst_gh); - ag->dst_gh = NULL; - } else { - SCLogDebug("- ag %p port %p", ag, ag->port); - - if (ag->port != NULL && !(ag->flags & ADDRESS_PORTS_COPY)) { - SCLogDebug("- ag %p port %p, not a copy so call DetectPortCleanupList", - ag, ag->port); - DetectPortCleanupList(ag->port); - } - ag->port = NULL; - } #ifdef DEBUG detect_address_group_memory -= sizeof(DetectAddress); detect_address_group_free_cnt++; @@ -153,8 +137,6 @@ DetectAddress *DetectAddressCopy(DetectAddress *orig) COPY_ADDRESS(&orig->ip, &ag->ip); COPY_ADDRESS(&orig->ip2, &ag->ip2); - ag->cnt = 1; - return ag; } @@ -407,11 +389,7 @@ int DetectAddressInsert(DetectEngineCtx *de_ctx, DetectAddressHead *gh, if (r == ADDRESS_EQ) { /* exact overlap/match */ if (cur != new) { - DetectPort *port = new->port; - for ( ; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx, &cur->port, port); SigGroupHeadCopySigs(de_ctx, new->sh, &cur->sh); - cur->cnt += new->cnt; DetectAddressFree(new); return 0; @@ -523,21 +501,14 @@ error: int DetectAddressJoin(DetectEngineCtx *de_ctx, DetectAddress *target, DetectAddress *source) { - DetectPort *port = NULL; - if (target == NULL || source == NULL) return -1; if (target->ip.family != source->ip.family) return -1; - target->cnt += source->cnt; SigGroupHeadCopySigs(de_ctx, source->sh, &target->sh); - port = source->port; - for ( ; port != NULL; port = port->next) - DetectPortInsertCopy(de_ctx, &target->port, port); - if (target->ip.family == AF_INET) return DetectAddressJoinIPv4(de_ctx, target, source); else if (target->ip.family == AF_INET6) diff --git a/src/detect.h b/src/detect.h index b5cba45460..d701a0d529 100644 --- a/src/detect.h +++ b/src/detect.h @@ -165,9 +165,6 @@ enum { #define ADDRESS_FLAG_NOT 0x02 /**< address is negated */ #define ADDRESS_SIGGROUPHEAD_COPY 0x04 /**< sgh is a ptr to another sgh */ -#define ADDRESS_PORTS_COPY 0x08 /**< ports are a ptr to other ports */ -#define ADDRESS_PORTS_NOTUNIQ 0x10 -#define ADDRESS_HAVEPORT 0x20 /**< address has a ports ptr */ /** \brief address structure for use in the detection engine. * @@ -178,12 +175,6 @@ typedef struct DetectAddress_ { Address ip; Address ip2; - /** ptr to the next address (dst addr in that case) or to the src port */ - union { - struct DetectAddressHead_ *dst_gh; /**< destination address */ - struct DetectPort_ *port; /**< source port */ - }; - /** signatures that belong in this group */ struct SigGroupHead_ *sh; @@ -194,8 +185,6 @@ typedef struct DetectAddress_ { struct DetectAddress_ *prev; /** ptr to the next address in the list */ struct DetectAddress_ *next; - - uint32_t cnt; } DetectAddress; /** Signature grouping head. Here 'any', ipv4 and ipv6 are split out */