aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Consolidate several signature flags into one.

Browse Source
remotes/origin/master-1.1.x
Victor Julien 15 years ago
parent 2102a54c26
commit d7b92d9bfe
3 changed files with 21 additions and 19 deletions
Show Stats Download Patch File Download Diff File

16
src/detect-parse.c
Unescape Escape View File

@ -1385,13 +1385,17 @@ Signature *SigInit(DetectEngineCtx *de_ctx, char *sigstr) {
} }
if (sig->sm_lists[DETECT_SM_LIST_UMATCH]) if (sig->sm_lists[DETECT_SM_LIST_UMATCH])
sig->flags |= SIG_FLAG_UMATCH; sig->flags |= SIG_FLAG_AMATCH;
if (sig->sm_lists[DETECT_SM_LIST_DMATCH]) if (sig->sm_lists[DETECT_SM_LIST_DMATCH])
sig->flags |= SIG_FLAG_AMATCH; sig->flags |= SIG_FLAG_AMATCH;
if (sig->sm_lists[DETECT_SM_LIST_AMATCH]) if (sig->sm_lists[DETECT_SM_LIST_AMATCH])
sig->flags |= SIG_FLAG_AMATCH; sig->flags |= SIG_FLAG_AMATCH;
if (sig->sm_lists[DETECT_SM_LIST_HCBDMATCH]) if (sig->sm_lists[DETECT_SM_LIST_HCBDMATCH])
sig->flags |= SIG_FLAG_HCBDMATCH; sig->flags |= SIG_FLAG_AMATCH;
if (sig->sm_lists[DETECT_SM_LIST_HHDMATCH])
sig->flags |= SIG_FLAG_AMATCH;
if (sig->sm_lists[DETECT_SM_LIST_HRHDMATCH])
sig->flags |= SIG_FLAG_AMATCH;
SCLogDebug("sig %"PRIu32" SIG_FLAG_APPLAYER: %s, SIG_FLAG_PACKET: %s", SCLogDebug("sig %"PRIu32" SIG_FLAG_APPLAYER: %s, SIG_FLAG_PACKET: %s",
sig->id, sig->flags & SIG_FLAG_APPLAYER ? "set" : "not set", sig->id, sig->flags & SIG_FLAG_APPLAYER ? "set" : "not set",
@ -1579,11 +1583,17 @@ Signature *SigInitReal(DetectEngineCtx *de_ctx, char *sigstr) {
} }
if (sig->sm_lists[DETECT_SM_LIST_UMATCH]) if (sig->sm_lists[DETECT_SM_LIST_UMATCH])
sig->flags |= SIG_FLAG_UMATCH; sig->flags |= SIG_FLAG_AMATCH;
if (sig->sm_lists[DETECT_SM_LIST_DMATCH]) if (sig->sm_lists[DETECT_SM_LIST_DMATCH])
sig->flags |= SIG_FLAG_AMATCH; sig->flags |= SIG_FLAG_AMATCH;
if (sig->sm_lists[DETECT_SM_LIST_AMATCH]) if (sig->sm_lists[DETECT_SM_LIST_AMATCH])
sig->flags |= SIG_FLAG_AMATCH; sig->flags |= SIG_FLAG_AMATCH;
if (sig->sm_lists[DETECT_SM_LIST_HCBDMATCH])
sig->flags |= SIG_FLAG_AMATCH;
if (sig->sm_lists[DETECT_SM_LIST_HHDMATCH])
sig->flags |= SIG_FLAG_AMATCH;
if (sig->sm_lists[DETECT_SM_LIST_HRHDMATCH])
sig->flags |= SIG_FLAG_AMATCH;
SigBuildAddressMatchArray(sig); SigBuildAddressMatchArray(sig);

14
src/detect.c
Unescape Escape View File

@ -730,10 +730,7 @@ static void SigMatchSignaturesBuildMatchArray(DetectEngineCtx *de_ctx,
/* de_state check, filter out all signatures that already had a match before /* de_state check, filter out all signatures that already had a match before
* or just partially match */ * or just partially match */
if (s->flags & SIG_FLAG_AMATCH || s->flags & SIG_FLAG_UMATCH || if (s->flags & SIG_FLAG_AMATCH) {
s->flags & SIG_FLAG_DMATCH || s->flags & SIG_FLAG_HCBDMATCH ||
s->flags & SIG_FLAG_HHDMATCH || s->flags & SIG_FLAG_HRHDMATCH)
{
/* we run after DeStateDetectContinueDetection, so we might have /* we run after DeStateDetectContinueDetection, so we might have
* state NEW here. In that case we'd want to continue detection * state NEW here. In that case we'd want to continue detection
* for this sig. If we have NOSTATE, stateful detection didn't * for this sig. If we have NOSTATE, stateful detection didn't
@ -1261,13 +1258,8 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
SCLogDebug("s->sm_lists[DETECT_SM_LIST_AMATCH] %p, s->sm_lists[DETECT_SM_LIST_UMATCH] %p, s->sm_lists[DETECT_SM_LIST_DMATCH] %p", SCLogDebug("s->sm_lists[DETECT_SM_LIST_AMATCH] %p, s->sm_lists[DETECT_SM_LIST_UMATCH] %p, s->sm_lists[DETECT_SM_LIST_DMATCH] %p",
s->sm_lists[DETECT_SM_LIST_AMATCH], s->sm_lists[DETECT_SM_LIST_UMATCH], s->sm_lists[DETECT_SM_LIST_DMATCH]); s->sm_lists[DETECT_SM_LIST_AMATCH], s->sm_lists[DETECT_SM_LIST_UMATCH], s->sm_lists[DETECT_SM_LIST_DMATCH]);
if (s->sm_lists[DETECT_SM_LIST_AMATCH] != NULL || /* consider stateful sig matches */
s->sm_lists[DETECT_SM_LIST_UMATCH] != NULL || if (s->flags & SIG_FLAG_AMATCH) {
s->sm_lists[DETECT_SM_LIST_DMATCH] != NULL ||
s->sm_lists[DETECT_SM_LIST_HCBDMATCH] != NULL ||
s->sm_lists[DETECT_SM_LIST_HHDMATCH] != NULL ||
s->sm_lists[DETECT_SM_LIST_HRHDMATCH] != NULL) {
if (alstate == NULL) { if (alstate == NULL) {
SCLogDebug("state matches but no state, we can't match"); SCLogDebug("state matches but no state, we can't match");
goto next; goto next;

10
src/detect.h
Unescape Escape View File

@ -230,12 +230,12 @@ typedef struct DetectPort_ {
#define SIG_FLAG_BIDIREC 0x00010000 /**< signature has bidirectional operator */ #define SIG_FLAG_BIDIREC 0x00010000 /**< signature has bidirectional operator */
#define SIG_FLAG_PACKET 0x00020000 /**< signature has matches against a packet (as opposed to app layer) */ #define SIG_FLAG_PACKET 0x00020000 /**< signature has matches against a packet (as opposed to app layer) */
#define SIG_FLAG_UMATCH 0x00040000 // 0x00040000 unused
#define SIG_FLAG_AMATCH 0x00080000 #define SIG_FLAG_AMATCH 0x00080000
#define SIG_FLAG_DMATCH 0x00100000 // 0x00100000 unused
#define SIG_FLAG_HCBDMATCH 0x00200000 // 0x00200000 unused
#define SIG_FLAG_HHDMATCH 0x00400000 // 0x00400000 unused
#define SIG_FLAG_HRHDMATCH 0x00800000 // 0x00800000 unused
#define SIG_FLAG_MPM_PACKET 0x01000000 #define SIG_FLAG_MPM_PACKET 0x01000000
#define SIG_FLAG_MPM_PACKET_NEG 0x02000000 #define SIG_FLAG_MPM_PACKET_NEG 0x02000000

Write Preview
Loading…
Cancel
Save