From ad16925bc90eba121791d6be2d796a6aa71348a1 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Mon, 30 Oct 2017 19:42:35 +0100
Subject: [PATCH] detect/inspect engines: copy to detect engine ctx

Register rule-time engines in the detect engine. This is necessary
now that rule parsing can create new buffers.
---
 src/detect-engine.c | 66 +++++++++++++++++++++++++++++++++++++--------
 src/detect.h        |  4 +++
 2 files changed, 59 insertions(+), 11 deletions(-)

diff --git a/src/detect-engine.c b/src/detect-engine.c
index de3b0f15cc..2a9a0d3fe6 100644
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@@ -237,11 +237,13 @@ void DetectAppLayerInspectEngineRegister2(const char *name,
     }
 }
 
-/* copy an inspect engine to a new list id. */
-static void DetectAppLayerInspectEngineCopy(int sm_list, int new_list,
+/* copy an inspect engine with transforms to a new list id. */
+static void DetectAppLayerInspectEngineCopy(
+        DetectEngineCtx *de_ctx,
+        int sm_list, int new_list,
         const DetectEngineTransforms *transforms)
 {
-    DetectEngineAppInspectionEngine *t = g_app_inspect_engines;
+    const DetectEngineAppInspectionEngine *t = g_app_inspect_engines;
     while (t) {
         if (t->sm_list == sm_list) {
             DetectEngineAppInspectionEngine *new_engine = SCCalloc(1, sizeof(DetectEngineAppInspectionEngine));
@@ -250,15 +252,54 @@ static void DetectAppLayerInspectEngineCopy(int sm_list, int new_list,
             }
             new_engine->alproto = t->alproto;
             new_engine->dir = t->dir;
-            new_engine->sm_list = new_list;
+            new_engine->sm_list = new_list;         /* use new list id */
             new_engine->progress = t->progress;
             new_engine->Callback = t->Callback;
             new_engine->v2 = t->v2;
-            new_engine->v2.transforms = transforms;
-            new_engine->next = t->next;
-            t->next = new_engine;
-            t = new_engine;
+            new_engine->v2.transforms = transforms; /* assign transforms */
+
+            if (de_ctx->app_inspect_engines == NULL) {
+                de_ctx->app_inspect_engines = new_engine;
+            } else {
+                DetectEngineAppInspectionEngine *list = de_ctx->app_inspect_engines;
+                while (list->next != NULL) {
+                    list = list->next;
+                }
+
+                list->next = new_engine;
+            }
+        }
+        t = t->next;
+    }
+}
+
+/* copy inspect engines from global registrations to de_ctx list */
+static void DetectAppLayerInspectEngineCopyListToDetectCtx(DetectEngineCtx *de_ctx)
+{
+    const DetectEngineAppInspectionEngine *t = g_app_inspect_engines;
+    while (t) {
+        DetectEngineAppInspectionEngine *new_engine = SCCalloc(1, sizeof(DetectEngineAppInspectionEngine));
+        if (unlikely(new_engine == NULL)) {
+            exit(EXIT_FAILURE);
+        }
+        new_engine->alproto = t->alproto;
+        new_engine->dir = t->dir;
+        new_engine->sm_list = t->sm_list;
+        new_engine->progress = t->progress;
+        new_engine->Callback = t->Callback;
+        new_engine->v2 = t->v2;
+
+        if (de_ctx->app_inspect_engines == NULL) {
+            de_ctx->app_inspect_engines = new_engine;
+        } else {
+            DetectEngineAppInspectionEngine *list = de_ctx->app_inspect_engines;
+            while (list->next != NULL) {
+                list = list->next;
+            }
+
+            list->next = new_engine;
         }
+
         t = t->next;
     }
 }
@@ -338,7 +379,7 @@ int DetectEngineAppInspectionEngine2Signature(DetectEngineCtx *de_ctx, Signature
 
     bool head_is_mpm = false;
     uint32_t last_id = DE_STATE_FLAG_BASE;
-    DetectEngineAppInspectionEngine *t = g_app_inspect_engines;
+    const DetectEngineAppInspectionEngine *t = de_ctx->app_inspect_engines;
     while (t != NULL) {
         bool prepend = false;
 
@@ -446,7 +487,7 @@ next:
     }
 
 #ifdef DEBUG
-    DetectEngineAppInspectionEngine *iter = s->app_inspect;
+    const DetectEngineAppInspectionEngine *iter = s->app_inspect;
     while (iter) {
         SCLogDebug("%u: engine %s id %u progress %d %s", s->id,
                 DetectBufferTypeGetNameById(de_ctx, iter->sm_list), iter->id,
@@ -898,6 +939,8 @@ static void DetectBufferTypeSetupDetectEngine(DetectEngineCtx *de_ctx)
         BUG_ON(1);
     }
     de_ctx->buffer_type_id = g_buffer_type_id;
+
+    DetectAppLayerInspectEngineCopyListToDetectCtx(de_ctx);
 }
 
 static void DetectBufferTypeFreeDetectEngine(DetectEngineCtx *de_ctx)
@@ -969,7 +1012,8 @@ int DetectBufferTypeGetByIdTransforms(DetectEngineCtx *de_ctx, const int id,
         de_ctx->buffer_type_map[map->id] = map;
         de_ctx->buffer_type_map_elements = map->id + 1;
 
-        DetectAppLayerInspectEngineCopy(map->parent_id, map->id, &map->transforms);
+        DetectAppLayerInspectEngineCopy(de_ctx, map->parent_id, map->id,
+                &map->transforms);
     }
     return map->id;
 }
diff --git a/src/detect.h b/src/detect.h
index b6548955fd..457d710985 100644
--- a/src/detect.h
+++ b/src/detect.h
@@ -858,6 +858,10 @@ typedef struct DetectEngineCtx_ {
     HashListTable *buffer_type_hash;
     int buffer_type_id;
 
+    /* list with app inspect engines. Both the start-time registered ones and
+     * the rule-time registered ones. */
+    DetectEngineAppInspectionEngine *app_inspect_engines;
+
     /** table with mpms and their registration function
      *  \todo we only need this at init, so perhaps this
      *        can move to a DetectEngineCtx 'init' struct */