|
|
|
|
@ -344,185 +344,6 @@ void SigGroupHeadHashFree(DetectEngineCtx *de_ctx)
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* \brief Initializes the dport based SigGroupHead hash table to hold the
|
|
|
|
|
* SigGroupHeads. The hash table that would be initialized is
|
|
|
|
|
* DetectEngineCtx->sgh_dport_hash_table.
|
|
|
|
|
*
|
|
|
|
|
* \param de_ctx Pointer to the detection engine context.
|
|
|
|
|
*
|
|
|
|
|
* \retval 0 On success.
|
|
|
|
|
* \retval -1 On failure.
|
|
|
|
|
*/
|
|
|
|
|
int SigGroupHeadDPortHashInit(DetectEngineCtx *de_ctx)
|
|
|
|
|
{
|
|
|
|
|
de_ctx->sgh_dport_hash_table = HashListTableInit(4096, SigGroupHeadHashFunc,
|
|
|
|
|
SigGroupHeadCompareFunc,
|
|
|
|
|
NULL);
|
|
|
|
|
if (de_ctx->sgh_dport_hash_table == NULL)
|
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
error:
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* \brief Adds a SigGroupHead to the detection engine context dport based
|
|
|
|
|
* SigGroupHead hash table(DetectEngineCtx->sgh_dport_hash_table).
|
|
|
|
|
*
|
|
|
|
|
* \param de_ctx Pointer to the detection engine context.
|
|
|
|
|
* \param sgh Pointer to the SigGroupHead.
|
|
|
|
|
*
|
|
|
|
|
* \retval ret 0 on Successfully adding the argument sgh and -1 on failure.
|
|
|
|
|
*/
|
|
|
|
|
int SigGroupHeadDPortHashAdd(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
|
|
|
|
|
{
|
|
|
|
|
int ret = HashListTableAdd(de_ctx->sgh_dport_hash_table, (void *)sgh, 0);
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* \brief Used to lookup a SigGroupHead hash from the detection engine ctx dport
|
|
|
|
|
* based SigGroupHead hash table(DetectEngineCtx->sgh_dport_hash_table).
|
|
|
|
|
*
|
|
|
|
|
* \param de_ctx Pointer to the detection engine context.
|
|
|
|
|
* \param sgh Pointer to the SigGroupHead.
|
|
|
|
|
*
|
|
|
|
|
* \retval rsgh On success a pointer to the SigGroupHead if the SigGroupHead is
|
|
|
|
|
* found in the hash table; NULL on failure.
|
|
|
|
|
*/
|
|
|
|
|
SigGroupHead *SigGroupHeadDPortHashLookup(DetectEngineCtx *de_ctx,
|
|
|
|
|
SigGroupHead *sgh)
|
|
|
|
|
{
|
|
|
|
|
SCEnter();
|
|
|
|
|
|
|
|
|
|
SigGroupHead *rsgh = HashListTableLookup(de_ctx->sgh_dport_hash_table,
|
|
|
|
|
(void *)sgh, 0);
|
|
|
|
|
|
|
|
|
|
SCReturnPtr(rsgh,"SigGroupHead");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* \brief Frees the hash table - DetectEngineCtx->sgh_dport_hash_table,
|
|
|
|
|
* allocated by the SigGroupHeadDPortHashInit() function.
|
|
|
|
|
*
|
|
|
|
|
* \param de_ctx Pointer to the detection engine context.
|
|
|
|
|
*/
|
|
|
|
|
void SigGroupHeadDPortHashFree(DetectEngineCtx *de_ctx)
|
|
|
|
|
{
|
|
|
|
|
if (de_ctx->sgh_dport_hash_table == NULL)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
HashListTableFree(de_ctx->sgh_dport_hash_table);
|
|
|
|
|
de_ctx->sgh_dport_hash_table = NULL;
|
|
|
|
|
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* \brief Used to free the signature array, content_array and uri_content_array
|
|
|
|
|
* members from the SigGroupHeads in the HashListTable.
|
|
|
|
|
*
|
|
|
|
|
* \param de_ctx Pointer to the detection engine context.
|
|
|
|
|
* \param ht Pointer to the HashListTable
|
|
|
|
|
*/
|
|
|
|
|
static void SigGroupHeadFreeSigArraysHash2(DetectEngineCtx *de_ctx,
|
|
|
|
|
HashListTable *ht)
|
|
|
|
|
{
|
|
|
|
|
HashListTableBucket *htb = NULL;
|
|
|
|
|
SigGroupHead *sgh = NULL;
|
|
|
|
|
|
|
|
|
|
for (htb = HashListTableGetListHead(ht);
|
|
|
|
|
htb != NULL;
|
|
|
|
|
htb = HashListTableGetListNext(htb))
|
|
|
|
|
{
|
|
|
|
|
sgh = (SigGroupHead *)HashListTableGetListData(htb);
|
|
|
|
|
if (sgh == NULL) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (sgh->init->sig_array != NULL) {
|
|
|
|
|
detect_siggroup_sigarray_free_cnt++;
|
|
|
|
|
detect_siggroup_sigarray_memory -= sgh->init->sig_size;
|
|
|
|
|
|
|
|
|
|
SCFree(sgh->init->sig_array);
|
|
|
|
|
sgh->init->sig_array = NULL;
|
|
|
|
|
sgh->init->sig_size = 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
SigGroupHeadInitDataFree(sgh->init);
|
|
|
|
|
sgh->init = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* \brief Used to free the sig_array member of the SigGroupHeads present
|
|
|
|
|
* in the HashListTable.
|
|
|
|
|
*
|
|
|
|
|
* \param de_ctx Pointer to the detection engine context.
|
|
|
|
|
* \param ht Pointer to the HashListTable
|
|
|
|
|
*/
|
|
|
|
|
static void SigGroupHeadFreeSigArraysHash(DetectEngineCtx *de_ctx,
|
|
|
|
|
HashListTable *ht)
|
|
|
|
|
{
|
|
|
|
|
HashListTableBucket *htb = NULL;
|
|
|
|
|
SigGroupHead *sgh = NULL;
|
|
|
|
|
|
|
|
|
|
for (htb = HashListTableGetListHead(ht);
|
|
|
|
|
htb != NULL;
|
|
|
|
|
htb = HashListTableGetListNext(htb)) {
|
|
|
|
|
sgh = (SigGroupHead *)HashListTableGetListData(htb);
|
|
|
|
|
|
|
|
|
|
if (sgh->init != NULL) {
|
|
|
|
|
SigGroupHeadInitDataFree(sgh->init);
|
|
|
|
|
sgh->init = NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* \brief Free the sigarrays in the sgh's. Those are only used during the init
|
|
|
|
|
* stage.
|
|
|
|
|
*
|
|
|
|
|
* \param de_ctx Pointer to the detection engine context whose sigarrays have to
|
|
|
|
|
* be freed.
|
|
|
|
|
*/
|
|
|
|
|
void SigGroupHeadFreeSigArrays(DetectEngineCtx *de_ctx)
|
|
|
|
|
{
|
|
|
|
|
SigGroupHeadFreeSigArraysHash2(de_ctx, de_ctx->sgh_hash_table);
|
|
|
|
|
SigGroupHeadFreeSigArraysHash(de_ctx, de_ctx->sgh_dport_hash_table);
|
|
|
|
|
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* \brief Free the mpm arrays that are only used during the init stage.
|
|
|
|
|
*
|
|
|
|
|
* \param de_ctx Pointer to the detection engine context.
|
|
|
|
|
*/
|
|
|
|
|
void SigGroupHeadFreeMpmArrays(DetectEngineCtx *de_ctx)
|
|
|
|
|
{
|
|
|
|
|
HashListTableBucket *htb = NULL;
|
|
|
|
|
SigGroupHead *sgh = NULL;
|
|
|
|
|
|
|
|
|
|
for (htb = HashListTableGetListHead(de_ctx->sgh_dport_hash_table); htb != NULL; htb = HashListTableGetListNext(htb)) {
|
|
|
|
|
sgh = (SigGroupHead *)HashListTableGetListData(htb);
|
|
|
|
|
if (sgh->init != NULL) {
|
|
|
|
|
SigGroupHeadInitDataFree(sgh->init);
|
|
|
|
|
sgh->init = NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static uint16_t SignatureGetMpmPatternLen(const Signature *s, const int list)
|
|
|
|
|
{
|
|
|
|
|
if (s->sm_lists[list] != NULL && s->mpm_sm != NULL &&
|
|
|
|
|
@ -1106,28 +927,6 @@ static int SigGroupHeadTest03(void)
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* \test Check if a SigGroupHead dport hash table is properly allocated and
|
|
|
|
|
* deallocated when calling SigGroupHeadDPortHashInit() and
|
|
|
|
|
* SigGroupHeadDportHashFree() respectively.
|
|
|
|
|
*/
|
|
|
|
|
static int SigGroupHeadTest04(void)
|
|
|
|
|
{
|
|
|
|
|
int result = 1;
|
|
|
|
|
|
|
|
|
|
DetectEngineCtx de_ctx;
|
|
|
|
|
|
|
|
|
|
SigGroupHeadDPortHashInit(&de_ctx);
|
|
|
|
|
|
|
|
|
|
result &= (de_ctx.sgh_dport_hash_table != NULL);
|
|
|
|
|
|
|
|
|
|
SigGroupHeadDPortHashFree(&de_ctx);
|
|
|
|
|
|
|
|
|
|
result &= (de_ctx.sgh_dport_hash_table == NULL);
|
|
|
|
|
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* \test Check if a SigGroupHeadAppendSig() correctly appends a sid to a
|
|
|
|
|
* SigGroupHead() and SigGroupHeadContainsSigId() correctly indicates
|
|
|
|
|
@ -1591,7 +1390,6 @@ void SigGroupHeadRegisterTests(void)
|
|
|
|
|
{
|
|
|
|
|
#ifdef UNITTESTS
|
|
|
|
|
UtRegisterTest("SigGroupHeadTest03", SigGroupHeadTest03, 1);
|
|
|
|
|
UtRegisterTest("SigGroupHeadTest04", SigGroupHeadTest04, 1);
|
|
|
|
|
UtRegisterTest("SigGroupHeadTest06", SigGroupHeadTest06, 1);
|
|
|
|
|
UtRegisterTest("SigGroupHeadTest07", SigGroupHeadTest07, 1);
|
|
|
|
|
UtRegisterTest("SigGroupHeadTest08", SigGroupHeadTest08, 1);
|
|
|
|
|
|
Victor Julien
10 years ago