aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect: move init only Signature members to init_data

Browse Source
pull/2559/head
Victor Julien 9 years ago
parent 0a5ae415b8
commit f370e88135
36 changed files with 378 additions and 386 deletions
Show Stats Download Patch File Download Diff File

2
src/detect-base64-data.c
Unescape Escape View File

@ -66,7 +66,7 @@ static int DetectBase64DataSetup(DetectEngineCtx *de_ctx, Signature *s,
return -1;
}
s->list = DETECT_SM_LIST_BASE64_DATA;
s->init_data->list = DETECT_SM_LIST_BASE64_DATA;
return 0;
}

4
src/detect-base64-decode.c
Unescape Escape View File

@ -192,8 +192,8 @@ static int DetectBase64DecodeSetup(DetectEngineCtx *de_ctx, Signature *s,
data->offset = offset;
data->relative = relative;
if (s->list != DETECT_SM_LIST_NOTSET) {
sm_list = s->list;
if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
sm_list = s->init_data->list;
#if 0
if (data->relative) {
pm = SigMatchGetLastSMFromLists(s, 4,

6
src/detect-byte-extract.c
Unescape Escape View File

@ -519,8 +519,8 @@ static int DetectByteExtractSetup(DetectEngineCtx *de_ctx, Signature *s, char *a
goto error;
int sm_list;
if (s->list != DETECT_SM_LIST_NOTSET) {
if (s->list == DETECT_SM_LIST_FILEDATA) {
if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
if (s->init_data->list == DETECT_SM_LIST_FILEDATA) {
if (data->endian == DETECT_BYTE_EXTRACT_ENDIAN_DCE) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "dce byte_extract specified "
"with file_data option set.");
@ -528,7 +528,7 @@ static int DetectByteExtractSetup(DetectEngineCtx *de_ctx, Signature *s, char *a
}
AppLayerHtpEnableResponseBodyCallback();
}
sm_list = s->list;
sm_list = s->init_data->list;
s->flags |= SIG_FLAG_APPLAYER;
if (data->flags & DETECT_BYTE_EXTRACT_FLAG_RELATIVE) {
prev_pm = SigMatchGetLastSMFromLists(s, 4,

6
src/detect-bytejump.c
Unescape Escape View File

@ -518,8 +518,8 @@ static int DetectBytejumpSetup(DetectEngineCtx *de_ctx, Signature *s, char *opts
goto error;
int sm_list;
if (s->list != DETECT_SM_LIST_NOTSET) {
if (s->list == DETECT_SM_LIST_FILEDATA) {
if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
if (s->init_data->list == DETECT_SM_LIST_FILEDATA) {
if (data->flags & DETECT_BYTEJUMP_DCE) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "dce bytejump specified "
"with file_data option set.");
@ -527,7 +527,7 @@ static int DetectBytejumpSetup(DetectEngineCtx *de_ctx, Signature *s, char *opts
}
AppLayerHtpEnableResponseBodyCallback();
}
sm_list = s->list;
sm_list = s->init_data->list;
s->flags |= SIG_FLAG_APPLAYER;
if (data->flags & DETECT_BYTEJUMP_RELATIVE) {
prev_pm = SigMatchGetLastSMFromLists(s, 4,

6
src/detect-bytetest.c
Unescape Escape View File

@ -445,8 +445,8 @@ static int DetectBytetestSetup(DetectEngineCtx *de_ctx, Signature *s, char *opts
goto error;
int sm_list;
if (s->list != DETECT_SM_LIST_NOTSET) {
if (s->list == DETECT_SM_LIST_FILEDATA) {
if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
if (s->init_data->list == DETECT_SM_LIST_FILEDATA) {
if (data->flags & DETECT_BYTETEST_DCE) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "dce bytetest specified "
"with file_data option set.");
@ -454,7 +454,7 @@ static int DetectBytetestSetup(DetectEngineCtx *de_ctx, Signature *s, char *opts
}
AppLayerHtpEnableResponseBodyCallback();
}
sm_list = s->list;
sm_list = s->init_data->list;
s->flags |= SIG_FLAG_APPLAYER;
if (data->flags & DETECT_BYTETEST_RELATIVE) {
prev_pm = SigMatchGetLastSMFromLists(s, 4,

6
src/detect-content.c
Unescape Escape View File

@ -386,14 +386,14 @@ int DetectContentSetup(DetectEngineCtx *de_ctx, Signature *s, char *contentstr)
DetectContentPrint(cd);
int sm_list;
if (s->list != DETECT_SM_LIST_NOTSET) {
if (s->list == DETECT_SM_LIST_FILEDATA && s->alproto == ALPROTO_HTTP) {
if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
if (s->init_data->list == DETECT_SM_LIST_FILEDATA && s->alproto == ALPROTO_HTTP) {
AppLayerHtpEnableResponseBodyCallback();
s->alproto = ALPROTO_HTTP;
}
s->flags |= SIG_FLAG_APPLAYER;
sm_list = s->list;
sm_list = s->init_data->list;
} else {
sm_list = DETECT_SM_LIST_PMATCH;
}

2
src/detect-dce-stub-data.c
Unescape Escape View File

@ -90,7 +90,7 @@ static int DetectDceStubDataSetup(DetectEngineCtx *de_ctx, Signature *s, char *a
goto error;
}
s->list = DETECT_SM_LIST_DMATCH;
s->init_data->list = DETECT_SM_LIST_DMATCH;
s->alproto = ALPROTO_DCERPC;
s->flags |= SIG_FLAG_APPLAYER;
return 0;

4
src/detect-depth.c
Unescape Escape View File

@ -74,8 +74,8 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, char *depths
}
/* retrive the sm to apply the depth against */
if (s->list != DETECT_SM_LIST_NOTSET) {
pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->init_data->smlists_tail[s->list]);
if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->init_data->smlists_tail[s->init_data->list]);
} else {
pm = SigMatchGetLastSMFromLists(s, 28,
DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],

4
src/detect-distance.c
Unescape Escape View File

@ -81,8 +81,8 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s,
}
/* retrive the sm to apply the depth against */
if (s->list != DETECT_SM_LIST_NOTSET) {
pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->init_data->smlists_tail[s->list]);
if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->init_data->smlists_tail[s->init_data->list]);
} else {
pm = SigMatchGetLastSMFromLists(s, 28,
DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],

2
src/detect-dnp3.c
Unescape Escape View File

@ -526,7 +526,7 @@ static void DetectDNP3ObjRegister(void)
static int DetectDNP3DataSetup(DetectEngineCtx *de_ctx, Signature *s, char *str)
{
SCEnter();
s->list = DETECT_SM_LIST_DNP3_DATA_MATCH;
s->init_data->list = DETECT_SM_LIST_DNP3_DATA_MATCH;
s->alproto = ALPROTO_DNP3;
SCReturnInt(0);
}

2
src/detect-dns-query.c
Unescape Escape View File

@ -108,7 +108,7 @@ void DetectDnsQueryRegister (void)
static int DetectDnsQuerySetup(DetectEngineCtx *de_ctx, Signature *s, char *str)
{
s->list = DETECT_SM_LIST_DNSQUERYNAME_MATCH;
s->init_data->list = DETECT_SM_LIST_DNSQUERYNAME_MATCH;
s->alproto = ALPROTO_DNS;
return 0;
}

4
src/detect-dsize.c
Unescape Escape View File

@ -292,8 +292,8 @@ static int DetectDsizeSetup (DetectEngineCtx *de_ctx, Signature *s, char *rawstr
s->flags |= SIG_FLAG_REQUIRE_PACKET;
s->flags |= SIG_FLAG_DSIZE;
if (s->dsize_sm == NULL) {
s->dsize_sm = sm;
if (s->init_data->dsize_sm == NULL) {
s->init_data->dsize_sm = sm;
}
return 0;

18
src/detect-engine-analyzer.c
Unescape Escape View File

@ -77,7 +77,7 @@ void EngineAnalysisFP(Signature *s, char *line)
int fast_pattern_only_set = 0;
int fast_pattern_chop_set = 0;
DetectContentData *fp_cd = NULL;
SigMatch *mpm_sm = s->mpm_sm;
SigMatch *mpm_sm = s->init_data->mpm_sm;
if (mpm_sm != NULL) {
fp_cd = (DetectContentData *)mpm_sm->ctx;
@ -95,9 +95,9 @@ void EngineAnalysisFP(Signature *s, char *line)
fprintf(fp_engine_analysis_FD, "%s\n", line);
fprintf(fp_engine_analysis_FD, " Fast Pattern analysis:\n");
if (s->prefilter_sm != NULL) {
if (s->init_data->prefilter_sm != NULL) {
fprintf(fp_engine_analysis_FD, " Prefilter on: %s\n",
sigmatch_table[s->prefilter_sm->type].name);
sigmatch_table[s->init_data->prefilter_sm->type].name);
fprintf(fp_engine_analysis_FD, "\n");
return;
}
@ -412,7 +412,7 @@ int PerCentEncodingMatch (uint8_t *content, uint8_t content_len)
static void EngineAnalysisRulesPrintFP(const Signature *s)
{
DetectContentData *fp_cd = NULL;
SigMatch *mpm_sm = s->mpm_sm;
SigMatch *mpm_sm = s->init_data->mpm_sm;
if (mpm_sm != NULL) {
fp_cd = (DetectContentData *)mpm_sm->ctx;
@ -574,7 +574,7 @@ void EngineAnalysisRules(const Signature *s, const char *line)
uint32_t warn_no_direction = 0;
uint32_t warn_both_direction = 0;
if (s->init_flags & SIG_FLAG_INIT_BIDIREC) {
if (s->init_data->init_flags & SIG_FLAG_INIT_BIDIREC) {
rule_bidirectional = 1;
}
@ -822,8 +822,8 @@ void EngineAnalysisRules(const Signature *s, const char *line)
rule_warning += 1;
warn_offset_depth_alproto = 1;
}
if (s->mpm_sm != NULL && s->alproto == ALPROTO_HTTP &&
SigMatchListSMBelongsTo(s, s->mpm_sm) == DETECT_SM_LIST_PMATCH) {
if (s->init_data->mpm_sm != NULL && s->alproto == ALPROTO_HTTP &&
SigMatchListSMBelongsTo(s, s->init_data->mpm_sm) == DETECT_SM_LIST_PMATCH) {
rule_warning += 1;
warn_non_alproto_fp_for_alproto_sig = 1;
}
@ -868,9 +868,9 @@ void EngineAnalysisRules(const Signature *s, const char *line)
}
/* print fast pattern info */
if (s->prefilter_sm) {
if (s->init_data->prefilter_sm) {
fprintf(rule_engine_analysis_FD, " Prefilter on: %s.\n",
sigmatch_table[s->prefilter_sm->type].name);
sigmatch_table[s->init_data->prefilter_sm->type].name);
} else {
EngineAnalysisRulesPrintFP(s);
}

28
src/detect-engine-mpm.c
Unescape Escape View File

@ -534,13 +534,13 @@ static void SetMpm(Signature *s, SigMatch *mpm_sm)
cd->flags |= DETECT_CONTENT_NO_DOUBLE_INSPECTION_REQUIRED;
}
}
s->mpm_sm = mpm_sm;
s->init_data->mpm_sm = mpm_sm;
return;
}
void RetrieveFPForSig(Signature *s)
{
if (s->mpm_sm != NULL)
if (s->init_data->mpm_sm != NULL)
return;
SigMatch *mpm_sm = NULL, *sm = NULL;
@ -927,9 +927,9 @@ void MpmStoreSetup(const DetectEngineCtx *de_ctx, MpmStore *ms)
s = de_ctx->sig_array[sig];
if (s == NULL)
continue;
if (s->mpm_sm == NULL)
if (s->init_data->mpm_sm == NULL)
continue;
int list = SigMatchListSMBelongsTo(s, s->mpm_sm);
int list = SigMatchListSMBelongsTo(s, s->init_data->mpm_sm);
if (list < 0)
continue;
if (list != ms->sm_list)
@ -939,7 +939,7 @@ void MpmStoreSetup(const DetectEngineCtx *de_ctx, MpmStore *ms)
SCLogDebug("adding %u", s->id);
const DetectContentData *cd = (DetectContentData *)s->mpm_sm->ctx;
const DetectContentData *cd = (DetectContentData *)s->init_data->mpm_sm->ctx;
int skip = 0;
/* negated logic: if mpm match can't be used to be sure about this
@ -1036,10 +1036,10 @@ MpmStore *MpmStorePrepareBuffer(DetectEngineCtx *de_ctx, SigGroupHead *sgh,
if (s == NULL)
continue;
if (s->mpm_sm == NULL)
if (s->init_data->mpm_sm == NULL)
continue;
int list = SigMatchListSMBelongsTo(s, s->mpm_sm);
int list = SigMatchListSMBelongsTo(s, s->init_data->mpm_sm);
if (list < 0)
continue;
@ -1128,10 +1128,10 @@ static MpmStore *MpmStorePrepareBufferAppLayer(DetectEngineCtx *de_ctx,
if (s == NULL)
continue;
if (s->mpm_sm == NULL)
if (s->init_data->mpm_sm == NULL)
continue;
int list = SigMatchListSMBelongsTo(s, s->mpm_sm);
int list = SigMatchListSMBelongsTo(s, s->init_data->mpm_sm);
if (list < 0)
continue;
@ -1303,8 +1303,8 @@ int DetectSetFastPatternAndItsId(DetectEngineCtx *de_ctx)
continue;
RetrieveFPForSig(s);
if (s->mpm_sm != NULL) {
DetectContentData *cd = (DetectContentData *)s->mpm_sm->ctx;
if (s->init_data->mpm_sm != NULL) {
DetectContentData *cd = (DetectContentData *)s->init_data->mpm_sm->ctx;
struct_total_size += sizeof(DetectFPAndItsId);
content_total_size += cd->content_len;
@ -1327,11 +1327,11 @@ int DetectSetFastPatternAndItsId(DetectEngineCtx *de_ctx)
uint8_t *content_offset = ahb + struct_total_size;
for (s = de_ctx->sig_list; s != NULL; s = s->next) {
if (s->mpm_sm != NULL) {
int sm_list = SigMatchListSMBelongsTo(s, s->mpm_sm);
if (s->init_data->mpm_sm != NULL) {
int sm_list = SigMatchListSMBelongsTo(s, s->init_data->mpm_sm);
BUG_ON(sm_list == -1);
DetectContentData *cd = (DetectContentData *)s->mpm_sm->ctx;
DetectContentData *cd = (DetectContentData *)s->init_data->mpm_sm->ctx;
DetectFPAndItsId *dup = (DetectFPAndItsId *)ahb;
if (cd->flags & DETECT_CONTENT_FAST_PATTERN_CHOP) {
content = cd->content + cd->fp_chop_offset;

14
src/detect-engine-prefilter-common.c
Unescape Escape View File

@ -121,14 +121,14 @@ SetupEngineForPacketHeader(SigGroupHead *sgh, int sm_type,
s = sgh->match_array[sig];
if (s == NULL)
continue;
if (s->prefilter_sm == NULL || s->prefilter_sm->type != sm_type)
if (s->init_data->prefilter_sm == NULL || s->init_data->prefilter_sm->type != sm_type)
continue;
uint16_t type = 0;
uint16_t value = 0;
GetExtraMatch(s, &type, &value);
if (Compare(ctx->v1, s->prefilter_sm->ctx) &&
if (Compare(ctx->v1, s->init_data->prefilter_sm->ctx) &&
ctx->type == type && ctx->value == value)
{
SCLogDebug("appending sid %u on %u", s->id, sig_offset);
@ -227,12 +227,12 @@ SetupEngineForPacketHeaderPrefilterPacketU8HashCtx(SigGroupHead *sgh, int sm_typ
s = sgh->match_array[sig];
if (s == NULL)
continue;
if (s->prefilter_sm == NULL || s->prefilter_sm->type != sm_type)
if (s->init_data->prefilter_sm == NULL || s->init_data->prefilter_sm->type != sm_type)
continue;
PrefilterPacketHeaderValue v;
memset(&v, 0, sizeof(v));
Set(&v, s->prefilter_sm->ctx);
Set(&v, s->init_data->prefilter_sm->ctx);
ApplyToU8Hash(ctx, v, s);
s->flags |= SIG_FLAG_PREFILTER;
@ -348,12 +348,12 @@ static int PrefilterSetupPacketHeaderCommon(SigGroupHead *sgh, int sm_type,
s = sgh->match_array[sig];
if (s == NULL)
continue;
if (s->prefilter_sm == NULL || s->prefilter_sm->type != sm_type)
if (s->init_data->prefilter_sm == NULL || s->init_data->prefilter_sm->type != sm_type)
continue;
PrefilterPacketHeaderHashCtx ctx;
memset(&ctx, 0, sizeof(ctx));
Set(&ctx.v1, s->prefilter_sm->ctx);
Set(&ctx.v1, s->init_data->prefilter_sm->ctx);
GetExtraMatch(s, &ctx.type, &ctx.value);
@ -365,7 +365,7 @@ static int PrefilterSetupPacketHeaderCommon(SigGroupHead *sgh, int sm_type,
if (actx == NULL)
goto error;
Set(&actx->v1, s->prefilter_sm->ctx);
Set(&actx->v1, s->init_data->prefilter_sm->ctx);
actx->cnt = 1;
actx->type = ctx.type;
actx->value = ctx.value;

5
src/detect-engine-profile.c
Unescape Escape View File

@ -33,6 +33,7 @@
#ifdef PROFILING
#ifdef HAVE_LIBJANSSON
#if 0
static void DumpFp(const SigMatch *sm, char *pat_orig, uint32_t pat_orig_sz, char *pat_chop, uint32_t pat_chop_sz)
{
int fast_pattern_chop_set = 0;
@ -52,6 +53,7 @@ static void DumpFp(const SigMatch *sm, char *pat_orig, uint32_t pat_orig_sz, cha
PrintRawUriBuf(pat_chop, &off, pat_chop_sz, cd->content + cd->fp_chop_offset, cd->fp_chop_len);
}
}
#endif
SCMutex g_rule_dump_write_m = SCMUTEX_INITIALIZER;
void RulesDumpMatchArray(const DetectEngineThreadCtx *det_ctx, const Packet *p)
@ -78,7 +80,7 @@ void RulesDumpMatchArray(const DetectEngineThreadCtx *det_ctx, const Packet *p)
if (unlikely(js == NULL))
continue;
json_object_set_new(js_sig, "sig_id", json_integer(s->id));
#if 0
json_object_set_new(js_sig, "mpm", (s->mpm_sm != NULL) ? json_true() : json_false());
if (s->mpm_sm != NULL) {
@ -94,6 +96,7 @@ void RulesDumpMatchArray(const DetectEngineThreadCtx *det_ctx, const Packet *p)
json_object_set_new(js_sig, "mpm_pattern_chop", json_string(chop));
}
}
#endif
json_array_append_new(js_array, js_sig);
}

6
src/detect-file-data.c
Unescape Escape View File

@ -100,21 +100,21 @@ static int DetectFiledataSetup (DetectEngineCtx *de_ctx, Signature *s, char *str
return -1;
}
if (s->alproto == ALPROTO_HTTP && (s->init_flags & SIG_FLAG_INIT_FLOW) &&
if (s->alproto == ALPROTO_HTTP && (s->init_data->init_flags & SIG_FLAG_INIT_FLOW) &&
(s->flags & SIG_FLAG_TOSERVER) && !(s->flags & SIG_FLAG_TOCLIENT)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Can't use file_data with "
"flow:to_server or flow:from_client with http.");
return -1;
}
if (s->alproto == ALPROTO_SMTP && (s->init_flags & SIG_FLAG_INIT_FLOW) &&
if (s->alproto == ALPROTO_SMTP && (s->init_data->init_flags & SIG_FLAG_INIT_FLOW) &&
!(s->flags & SIG_FLAG_TOSERVER) && (s->flags & SIG_FLAG_TOCLIENT)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Can't use file_data with "
"flow:to_client or flow:from_server with smtp.");
return -1;
}
s->list = DETECT_SM_LIST_FILEDATA;
s->init_data->list = DETECT_SM_LIST_FILEDATA;
return 0;
}

4
src/detect-flow.c
Unescape Escape View File

@ -336,7 +336,7 @@ int DetectFlowSetup (DetectEngineCtx *de_ctx, Signature *s, char *flowstr)
goto error;
/*ensure only one flow option*/
if (s->init_flags & SIG_FLAG_INIT_FLOW) {
if (s->init_data->init_flags & SIG_FLAG_INIT_FLOW) {
SCLogError (SC_ERR_INVALID_SIGNATURE, "A signature may have only one flow option.");
goto error;
}
@ -367,7 +367,7 @@ int DetectFlowSetup (DetectEngineCtx *de_ctx, Signature *s, char *flowstr)
if (fd->flags & DETECT_FLOW_FLAG_NOSTREAM) {
s->flags |= SIG_FLAG_REQUIRE_PACKET;
} else {
s->init_flags |= SIG_FLAG_INIT_FLOW;
s->init_data->init_flags |= SIG_FLAG_INIT_FLOW;
}
return 0;

2
src/detect-http-request-line.c
Unescape Escape View File

@ -111,7 +111,7 @@ void DetectHttpRequestLineRegister(void)
*/
int DetectHttpRequestLineSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg)
{
s->list = DETECT_SM_LIST_HTTP_REQLINEMATCH;
s->init_data->list = DETECT_SM_LIST_HTTP_REQLINEMATCH;
s->alproto = ALPROTO_HTTP;
return 0;
}

2
src/detect-http-response-line.c
Unescape Escape View File

@ -111,7 +111,7 @@ void DetectHttpResponseLineRegister(void)
*/
int DetectHttpResponseLineSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg)
{
s->list = DETECT_SM_LIST_HTTP_RESLINEMATCH;
s->init_data->list = DETECT_SM_LIST_HTTP_RESLINEMATCH;
s->alproto = ALPROTO_HTTP;
return 0;
}

398
src/detect-ipproto.c
View File

File diff suppressed because it is too large Load Diff

6
src/detect-isdataat.c
Unescape Escape View File

@ -210,12 +210,12 @@ int DetectIsdataatSetup (DetectEngineCtx *de_ctx, Signature *s, char *isdataatst
return -1;
int sm_list;
if (s->list != DETECT_SM_LIST_NOTSET) {
if (s->list == DETECT_SM_LIST_FILEDATA) {
if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
if (s->init_data->list == DETECT_SM_LIST_FILEDATA) {
AppLayerHtpEnableResponseBodyCallback();
s->alproto = ALPROTO_HTTP;
}
sm_list = s->list;
sm_list = s->init_data->list;
s->flags |= SIG_FLAG_APPLAYER;
if (idad->flags & ISDATAAT_RELATIVE) {
prev_pm = SigMatchGetLastSMFromLists(s, 4,

4
src/detect-nocase.c
Unescape Escape View File

@ -80,8 +80,8 @@ static int DetectNocaseSetup (DetectEngineCtx *de_ctx, Signature *s, char *nulls
}
/* retrive the sm to apply the depth against */
if (s->list != DETECT_SM_LIST_NOTSET) {
pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->init_data->smlists_tail[s->list]);
if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->init_data->smlists_tail[s->init_data->list]);
} else {
pm = SigMatchGetLastSMFromLists(s, 28,
DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],

4
src/detect-offset.c
Unescape Escape View File

@ -73,8 +73,8 @@ int DetectOffsetSetup (DetectEngineCtx *de_ctx, Signature *s, char *offsetstr)
}
/* retrive the sm to apply the depth against */
if (s->list != DETECT_SM_LIST_NOTSET) {
pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->init_data->smlists_tail[s->list]);
if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->init_data->smlists_tail[s->init_data->list]);
} else {
pm = SigMatchGetLastSMFromLists(s, 28,
DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],

58
src/detect-parse.c
Unescape Escape View File

@ -233,7 +233,7 @@ int DetectEngineContentModifierBufferSetup(DetectEngineCtx *de_ctx, Signature *s
goto end;
}
if (s->list != DETECT_SM_LIST_NOTSET) {
if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "\"%s\" keyword seen "
"with a sticky buffer still set. Reset sticky buffer "
"with pkt_data before using the modifier.",
@ -379,8 +379,8 @@ void SigMatchAppendSMToList(Signature *s, SigMatch *new, int list)
s->init_data->smlists_tail[list] = new;
}
new->idx = s->sm_cnt;
s->sm_cnt++;
new->idx = s->init_data->sm_cnt;
s->init_data->sm_cnt++;
}
void SigMatchRemoveSMFromList(Signature *s, SigMatch *sm, int sm_list)
@ -680,15 +680,15 @@ static int SigParseAddress(DetectEngineCtx *de_ctx,
if (strcasecmp(addrstr, "any") == 0)
s->flags |= SIG_FLAG_SRC_ANY;
s->src = DetectParseAddress(de_ctx, addrstr);
if (s->src == NULL)
s->init_data->src = DetectParseAddress(de_ctx, addrstr);
if (s->init_data->src == NULL)
goto error;
} else {
if (strcasecmp(addrstr, "any") == 0)
s->flags |= SIG_FLAG_DST_ANY;
s->dst = DetectParseAddress(de_ctx, addrstr);
if (s->dst == NULL)
s->init_data->dst = DetectParseAddress(de_ctx, addrstr);
if (s->init_data->dst == NULL)
goto error;
}
@ -904,7 +904,7 @@ static int SigParseBasics(DetectEngineCtx *de_ctx,
}
/* Check if it is bidirectional */
if (strcmp(parser->direction, "<>") == 0)
s->init_flags |= SIG_FLAG_INIT_BIDIREC;
s->init_data->init_flags |= SIG_FLAG_INIT_BIDIREC;
/* Parse Address & Ports */
if (SigParseAddress(de_ctx, s, parser->src, SIG_DIREC_SRC ^ addrs_direction) < 0)
@ -1007,7 +1007,7 @@ Signature *SigAlloc (void)
* overwritten, we can then assign the default value of 3 */
sig->prio = -1;
sig->list = DETECT_SM_LIST_NOTSET;
sig->init_data->list = DETECT_SM_LIST_NOTSET;
return sig;
}
@ -1134,7 +1134,7 @@ static void SigBuildAddressMatchArray(Signature *s)
/* source addresses */
uint16_t cnt = 0;
uint16_t idx = 0;
DetectAddress *da = s->src->ipv4_head;
DetectAddress *da = s->init_data->src->ipv4_head;
for ( ; da != NULL; da = da->next) {
cnt++;
}
@ -1144,7 +1144,7 @@ static void SigBuildAddressMatchArray(Signature *s)
exit(EXIT_FAILURE);
}
for (da = s->src->ipv4_head; da != NULL; da = da->next) {
for (da = s->init_data->src->ipv4_head; da != NULL; da = da->next) {
s->addr_src_match4[idx].ip = ntohl(da->ip.addr_data32[0]);
s->addr_src_match4[idx].ip2 = ntohl(da->ip2.addr_data32[0]);
idx++;
@ -1155,7 +1155,7 @@ static void SigBuildAddressMatchArray(Signature *s)
/* destination addresses */
cnt = 0;
idx = 0;
da = s->dst->ipv4_head;
da = s->init_data->dst->ipv4_head;
for ( ; da != NULL; da = da->next) {
cnt++;
}
@ -1165,7 +1165,7 @@ static void SigBuildAddressMatchArray(Signature *s)
exit(EXIT_FAILURE);
}
for (da = s->dst->ipv4_head; da != NULL; da = da->next) {
for (da = s->init_data->dst->ipv4_head; da != NULL; da = da->next) {
s->addr_dst_match4[idx].ip = ntohl(da->ip.addr_data32[0]);
s->addr_dst_match4[idx].ip2 = ntohl(da->ip2.addr_data32[0]);
idx++;
@ -1176,7 +1176,7 @@ static void SigBuildAddressMatchArray(Signature *s)
/* source addresses IPv6 */
cnt = 0;
idx = 0;
da = s->src->ipv6_head;
da = s->init_data->src->ipv6_head;
for ( ; da != NULL; da = da->next) {
cnt++;
}
@ -1186,7 +1186,7 @@ static void SigBuildAddressMatchArray(Signature *s)
exit(EXIT_FAILURE);
}
for (da = s->src->ipv6_head; da != NULL; da = da->next) {
for (da = s->init_data->src->ipv6_head; da != NULL; da = da->next) {
s->addr_src_match6[idx].ip[0] = ntohl(da->ip.addr_data32[0]);
s->addr_src_match6[idx].ip[1] = ntohl(da->ip.addr_data32[1]);
s->addr_src_match6[idx].ip[2] = ntohl(da->ip.addr_data32[2]);
@ -1203,7 +1203,7 @@ static void SigBuildAddressMatchArray(Signature *s)
/* destination addresses IPv6 */
cnt = 0;
idx = 0;
da = s->dst->ipv6_head;
da = s->init_data->dst->ipv6_head;
for ( ; da != NULL; da = da->next) {
cnt++;
}
@ -1213,7 +1213,7 @@ static void SigBuildAddressMatchArray(Signature *s)
exit(EXIT_FAILURE);
}
for (da = s->dst->ipv6_head; da != NULL; da = da->next) {
for (da = s->init_data->dst->ipv6_head; da != NULL; da = da->next) {
s->addr_dst_match6[idx].ip[0] = ntohl(da->ip.addr_data32[0]);
s->addr_dst_match6[idx].ip[1] = ntohl(da->ip.addr_data32[1]);
s->addr_dst_match6[idx].ip[2] = ntohl(da->ip.addr_data32[2]);
@ -1614,10 +1614,10 @@ static Signature *SigInitHelper(DetectEngineCtx *de_ctx, char *sigstr,
SigMatch *sm = sig->init_data->smlists[DETECT_SM_LIST_MATCH];
for ( ; sm != NULL; sm = sm->next) {
if (sigmatch_table[sm->type].Match != NULL)
sig->init_flags |= SIG_FLAG_INIT_PACKET;
sig->init_data->init_flags |= SIG_FLAG_INIT_PACKET;
}
} else {
sig->init_flags |= SIG_FLAG_INIT_PACKET;
sig->init_data->init_flags |= SIG_FLAG_INIT_PACKET;
}
}
@ -1631,14 +1631,14 @@ static Signature *SigInitHelper(DetectEngineCtx *de_ctx, char *sigstr,
/* for other lists this flag is set when the inspect engines
* are registered */
if (!(sig->init_flags & SIG_FLAG_INIT_FLOW)) {
if (!(sig->init_data->init_flags & SIG_FLAG_INIT_FLOW)) {
sig->flags |= SIG_FLAG_TOSERVER;
sig->flags |= SIG_FLAG_TOCLIENT;
}
SCLogDebug("sig %"PRIu32" SIG_FLAG_APPLAYER: %s, SIG_FLAG_PACKET: %s",
sig->id, sig->flags & SIG_FLAG_APPLAYER ? "set" : "not set",
sig->init_flags & SIG_FLAG_INIT_PACKET ? "set" : "not set");
sig->init_data->init_flags & SIG_FLAG_INIT_PACKET ? "set" : "not set");
SigBuildAddressMatchArray(sig);
@ -1677,7 +1677,7 @@ Signature *SigInit(DetectEngineCtx *de_ctx, char *sigstr)
goto error;
}
if (sig->init_flags & SIG_FLAG_INIT_BIDIREC) {
if (sig->init_data->init_flags & SIG_FLAG_INIT_BIDIREC) {
sig->next = SigInitHelper(de_ctx, sigstr, SIG_DIREC_SWITCHED);
if (sig->next == NULL) {
goto error;
@ -1870,7 +1870,7 @@ static inline int DetectEngineSignatureIsDuplicate(DetectEngineCtx *de_ctx,
if (sw_dup->s_prev == NULL) {
SigDuplWrapper sw_temp;
memset(&sw_temp, 0, sizeof(SigDuplWrapper));
if (sw_dup->s->init_flags & SIG_FLAG_INIT_BIDIREC) {
if (sw_dup->s->init_data->init_flags & SIG_FLAG_INIT_BIDIREC) {
sw_temp.s = sw_dup->s->next->next;
de_ctx->sig_list = sw_dup->s->next->next;
SigFree(sw_dup->s->next);
@ -1888,7 +1888,7 @@ static inline int DetectEngineSignatureIsDuplicate(DetectEngineCtx *de_ctx,
} else {
SigDuplWrapper sw_temp;
memset(&sw_temp, 0, sizeof(SigDuplWrapper));
if (sw_dup->s->init_flags & SIG_FLAG_INIT_BIDIREC) {
if (sw_dup->s->init_data->init_flags & SIG_FLAG_INIT_BIDIREC) {
sw_temp.s = sw_dup->s->next->next;
sw_dup->s_prev->next = sw_dup->s->next->next;
SigFree(sw_dup->s->next);
@ -1958,7 +1958,7 @@ Signature *DetectEngineAppendSig(DetectEngineCtx *de_ctx, char *sigstr)
sigstr);
}
if (sig->init_flags & SIG_FLAG_INIT_BIDIREC) {
if (sig->init_data->init_flags & SIG_FLAG_INIT_BIDIREC) {
if (sig->next != NULL) {
sig->next->next = de_ctx->sig_list;
} else {
@ -2904,7 +2904,7 @@ int SigTestBidirec01 (void)
goto end;
if (sig->next != NULL)
goto end;
if (sig->init_flags & SIG_FLAG_INIT_BIDIREC)
if (sig->init_data->init_flags & SIG_FLAG_INIT_BIDIREC)
goto end;
if (de_ctx->signum != 1)
goto end;
@ -2938,7 +2938,7 @@ int SigTestBidirec02 (void)
goto end;
if (de_ctx->sig_list != sig)
goto end;
if (!(sig->init_flags & SIG_FLAG_INIT_BIDIREC))
if (!(sig->init_data->init_flags & SIG_FLAG_INIT_BIDIREC))
goto end;
if (sig->next == NULL)
goto end;
@ -2947,7 +2947,7 @@ int SigTestBidirec02 (void)
copy = sig->next;
if (copy->next != NULL)
goto end;
if (!(copy->init_flags & SIG_FLAG_INIT_BIDIREC))
if (!(copy->init_data->init_flags & SIG_FLAG_INIT_BIDIREC))
goto end;
result = 1;
@ -3105,7 +3105,7 @@ int SigTestBidirec04 (void)
sig = DetectEngineAppendSig(de_ctx, "alert tcp 192.168.1.1 any <> any any (msg:\"SigTestBidirec03 sid 2 bidirectional\"; sid:2;)");
if (sig == NULL)
goto end;
if ( !(sig->init_flags & SIG_FLAG_INIT_BIDIREC))
if ( !(sig->init_data->init_flags & SIG_FLAG_INIT_BIDIREC))
goto end;
if (sig->next == NULL)
goto end;

14
src/detect-pcre.c
Unescape Escape View File

@ -684,7 +684,7 @@ static int DetectPcreSetup (DetectEngineCtx *de_ctx, Signature *s, char *regexst
"for the rule.");
goto error;
}
if (s->list != DETECT_SM_LIST_NOTSET) {
if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "pcre found with http "
"modifier set, with file_data/dce_stub_data sticky "
"option set.");
@ -693,17 +693,17 @@ static int DetectPcreSetup (DetectEngineCtx *de_ctx, Signature *s, char *regexst
}
int sm_list = -1;
if (s->list != DETECT_SM_LIST_NOTSET) {
if (s->list == DETECT_SM_LIST_FILEDATA) {
if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
if (s->init_data->list == DETECT_SM_LIST_FILEDATA) {
SCLogDebug("adding to http server body list because of file data");
AppLayerHtpEnableResponseBodyCallback();
} else if (s->list == DETECT_SM_LIST_DMATCH) {
} else if (s->init_data->list == DETECT_SM_LIST_DMATCH) {
SCLogDebug("adding to dmatch list because of dce_stub_data");
} else if (s->list == DETECT_SM_LIST_DNSQUERYNAME_MATCH) {
} else if (s->init_data->list == DETECT_SM_LIST_DNSQUERYNAME_MATCH) {
SCLogDebug("adding to DETECT_SM_LIST_DNSQUERYNAME_MATCH list because of dns_query");
}
s->flags |= SIG_FLAG_APPLAYER;
sm_list = s->list;
sm_list = s->init_data->list;
} else {
switch(parsed_sm_list) {
case DETECT_SM_LIST_HCBDMATCH:
@ -763,7 +763,7 @@ static int DetectPcreSetup (DetectEngineCtx *de_ctx, Signature *s, char *regexst
SigMatch *prev_pm = SigMatchGetLastSMFromLists(s, 4,
DETECT_CONTENT, sm->prev,
DETECT_PCRE, sm->prev);
if (s->list == DETECT_SM_LIST_NOTSET && prev_pm == NULL) {
if (s->init_data->list == DETECT_SM_LIST_NOTSET && prev_pm == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "pcre with /R (relative) needs "
"preceeding match in the same buffer");
goto error_nofree;

4
src/detect-pkt-data.c
Unescape Escape View File

@ -74,7 +74,7 @@ void DetectPktDataRegister(void)
static int DetectPktDataSetup (DetectEngineCtx *de_ctx, Signature *s, char *str)
{
SCEnter();
s->list = DETECT_SM_LIST_NOTSET;
s->init_data->list = DETECT_SM_LIST_NOTSET;
return 0;
}
@ -127,7 +127,7 @@ static int DetectPktDataTest01(void)
}
if (sig->list != DETECT_SM_LIST_NOTSET) {
if (sig->init_data->list != DETECT_SM_LIST_NOTSET) {
printf("sticky buffer set: ");
goto end;
}

2
src/detect-prefilter.c
Unescape Escape View File

@ -78,7 +78,7 @@ static int DetectPrefilterSetup (DetectEngineCtx *de_ctx, Signature *s, char *nu
goto end;
}
s->prefilter_sm = sm;
s->init_data->prefilter_sm = sm;
s->flags |= SIG_FLAG_PREFILTER;
/* if the sig match is content, prefilter should act like

2
src/detect-rawbytes.c
Unescape Escape View File

@ -60,7 +60,7 @@ static int DetectRawbytesSetup (DetectEngineCtx *de_ctx, Signature *s, char *nul
return -1;
}
if (s->list != DETECT_SM_LIST_NOTSET) {
if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
SCLogError(SC_ERR_RAWBYTES_FILE_DATA, "\"rawbytes\" cannot be combined with \"file_data\"");
SCReturnInt(-1);
}

2
src/detect-template-buffer.c
Unescape Escape View File

@ -71,7 +71,7 @@ void DetectTemplateBufferRegister(void)
static int DetectTemplateBufferSetup(DetectEngineCtx *de_ctx, Signature *s,
char *str)
{
s->list = DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH;
s->init_data->list = DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH;
s->alproto = ALPROTO_TEMPLATE;
return 0;
}

2
src/detect-tls-cert-issuer.c
Unescape Escape View File

@ -94,7 +94,7 @@ void DetectTlsIssuerRegister(void)
*/
static int DetectTlsIssuerSetup(DetectEngineCtx *de_ctx, Signature *s, char *str)
{
s->list = DETECT_SM_LIST_TLSISSUER_MATCH;
s->init_data->list = DETECT_SM_LIST_TLSISSUER_MATCH;
s->alproto = ALPROTO_TLS;
return 0;
}

2
src/detect-tls-cert-subject.c
Unescape Escape View File

@ -94,7 +94,7 @@ void DetectTlsSubjectRegister(void)
*/
static int DetectTlsSubjectSetup(DetectEngineCtx *de_ctx, Signature *s, char *str)
{
s->list = DETECT_SM_LIST_TLSSUBJECT_MATCH;
s->init_data->list = DETECT_SM_LIST_TLSSUBJECT_MATCH;
s->alproto = ALPROTO_TLS;
return 0;
}

2
src/detect-tls-sni.c
Unescape Escape View File

@ -94,7 +94,7 @@ void DetectTlsSniRegister(void)
*/
static int DetectTlsSniSetup(DetectEngineCtx *de_ctx, Signature *s, char *str)
{
s->list = DETECT_SM_LIST_TLSSNI_MATCH;
s->init_data->list = DETECT_SM_LIST_TLSSNI_MATCH;
s->alproto = ALPROTO_TLS;
return 0;
}

4
src/detect-within.c
Unescape Escape View File

@ -85,8 +85,8 @@ static int DetectWithinSetup(DetectEngineCtx *de_ctx, Signature *s, char *within
}
/* retrive the sm to apply the depth against */
if (s->list != DETECT_SM_LIST_NOTSET) {
pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->init_data->smlists_tail[s->list]);
if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->init_data->smlists_tail[s->init_data->list]);
} else {
pm = SigMatchGetLastSMFromLists(s, 28,
DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],

79
src/detect.c
Unescape Escape View File

@ -2539,7 +2539,7 @@ static int SignatureCreateMask(Signature *s)
SCLogDebug("sig requires flow");
}
if (s->init_flags & SIG_FLAG_INIT_FLOW) {
if (s->init_data->init_flags & SIG_FLAG_INIT_FLOW) {
s->mask |= SIG_MASK_REQUIRE_FLOW;
SCLogDebug("sig requires flow");
}
@ -2572,8 +2572,8 @@ static void SigInitStandardMpmFactoryContexts(DetectEngineCtx *de_ctx)
*/
static int SigParseGetMaxDsize(Signature *s)
{
if (s->flags & SIG_FLAG_DSIZE && s->dsize_sm != NULL) {
DetectDsizeData *dd = (DetectDsizeData *)s->dsize_sm->ctx;
if (s->flags & SIG_FLAG_DSIZE && s->init_data->dsize_sm != NULL) {
DetectDsizeData *dd = (DetectDsizeData *)s->init_data->dsize_sm->ctx;
switch (dd->mode) {
case DETECTDSIZE_LT:
@ -2594,8 +2594,8 @@ static int SigParseGetMaxDsize(Signature *s)
*/
static void SigParseSetDsizePair(Signature *s)
{
if (s->flags & SIG_FLAG_DSIZE && s->dsize_sm != NULL) {
DetectDsizeData *dd = (DetectDsizeData *)s->dsize_sm->ctx;
if (s->flags & SIG_FLAG_DSIZE && s->init_data->dsize_sm != NULL) {
DetectDsizeData *dd = (DetectDsizeData *)s->init_data->dsize_sm->ctx;
uint16_t low = 0;
uint16_t high = 65535;
@ -2665,19 +2665,19 @@ static void SigParseApplyDsizeToContent(Signature *s)
/** \brief Pure-PCRE or bytetest rule */
int RuleInspectsPayloadHasNoMpm(const Signature *s)
{
if (s->mpm_sm == NULL && s->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL)
if (s->init_data->mpm_sm == NULL && s->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL)
return 1;
return 0;
}
int RuleGetMpmPatternSize(const Signature *s)
{
if (s->mpm_sm == NULL)
if (s->init_data->mpm_sm == NULL)
return -1;
int mpm_list = SigMatchListSMBelongsTo(s, s->mpm_sm);
int mpm_list = SigMatchListSMBelongsTo(s, s->init_data->mpm_sm);
if (mpm_list < 0)
return -1;
const DetectContentData *cd = (const DetectContentData *)s->mpm_sm->ctx;
const DetectContentData *cd = (const DetectContentData *)s->init_data->mpm_sm->ctx;
if (cd == NULL)
return -1;
return (int)cd->content_len;
@ -2685,12 +2685,12 @@ int RuleGetMpmPatternSize(const Signature *s)
int RuleMpmIsNegated(const Signature *s)
{
if (s->mpm_sm == NULL)
if (s->init_data->mpm_sm == NULL)
return 0;
int mpm_list = SigMatchListSMBelongsTo(s, s->mpm_sm);
int mpm_list = SigMatchListSMBelongsTo(s, s->init_data->mpm_sm);
if (mpm_list < 0)
return 0;
const DetectContentData *cd = (const DetectContentData *)s->mpm_sm->ctx;
const DetectContentData *cd = (const DetectContentData *)s->init_data->mpm_sm->ctx;
if (cd == NULL)
return 0;
return (cd->flags & DETECT_CONTENT_NEGATED);
@ -2760,7 +2760,7 @@ json_t *RulesGroupPrintSghStats(const SigGroupHead *sgh,
any5_cnt++;
}
if (s->mpm_sm == NULL) {
if (s->init_data->mpm_sm == NULL) {
nonmpm_cnt++;
if (s->sm_arrays[DETECT_SM_LIST_MATCH] != NULL) {
@ -2782,9 +2782,9 @@ json_t *RulesGroupPrintSghStats(const SigGroupHead *sgh,
}
} else {
int mpm_list = SigMatchListSMBelongsTo(s, s->mpm_sm);
int mpm_list = SigMatchListSMBelongsTo(s, s->init_data->mpm_sm);
BUG_ON(mpm_list < 0);
const DetectContentData *cd = (const DetectContentData *)s->mpm_sm->ctx;
const DetectContentData *cd = (const DetectContentData *)s->init_data->mpm_sm->ctx;
uint32_t size = cd->content_len < 256 ? cd->content_len : 255;
mpm_sizes[mpm_list][size]++;
@ -3177,8 +3177,8 @@ static int RuleSetWhitelist(Signature *s)
wl = 77;
/* one byte pattern in packet/stream payloads */
} else if (s->mpm_sm != NULL &&
SigMatchListSMBelongsTo(s, s->mpm_sm) == DETECT_SM_LIST_PMATCH &&
} else if (s->init_data->mpm_sm != NULL &&
SigMatchListSMBelongsTo(s, s->init_data->mpm_sm) == DETECT_SM_LIST_PMATCH &&
RuleGetMpmPatternSize(s) == 1)
{
SCLogDebug("Rule %u No MPM. Payload inspecting. Whitelisting SGH's.", s->id);
@ -3192,7 +3192,7 @@ static int RuleSetWhitelist(Signature *s)
}
}
s->whitelist = wl;
s->init_data->whitelist = wl;
return wl;
}
@ -3244,7 +3244,7 @@ static DetectPort *RulesGroupByPorts(DetectEngineCtx *de_ctx, int ipproto, uint3
goto next;
}
int wl = s->whitelist;
int wl = s->init_data->whitelist;
while (p) {
int pwl = PortIsWhitelisted(de_ctx, p, ipproto) ? 111 : 0;
pwl = MAX(wl,pwl);
@ -3398,7 +3398,7 @@ int SigAddressPrepareStage1(DetectEngineCtx *de_ctx)
SCLogDebug("Signature %"PRIu32" is considered \"Payload inspecting\"", tmp_s->id);
} else if (SignatureIsDEOnly(de_ctx, tmp_s) == 1) {
tmp_s->init_flags |= SIG_FLAG_INIT_DEONLY;
tmp_s->init_data->init_flags |= SIG_FLAG_INIT_DEONLY;
SCLogDebug("Signature %"PRIu32" is considered \"Decoder Event only\"", tmp_s->id);
cnt_deonly++;
}
@ -3470,7 +3470,7 @@ int SigAddressPrepareStage1(DetectEngineCtx *de_ctx)
SigMatch *sm = tmp_s->init_data->smlists[i];
while (sm != NULL) {
if (sm->type == prefilter_list) {
tmp_s->prefilter_sm = sm;
tmp_s->init_data->prefilter_sm = sm;
tmp_s->flags |= SIG_FLAG_PREFILTER;
SCLogConfig("sid %u: prefilter is on \"%s\"", tmp_s->id, sigmatch_table[sm->type].name);
break;
@ -3721,7 +3721,7 @@ int SigAddressPrepareStage2(DetectEngineCtx *de_ctx)
IPOnlyAddSignature(de_ctx, &de_ctx->io_ctx, tmp_s);
}
if (tmp_s->init_flags & SIG_FLAG_INIT_DEONLY) {
if (tmp_s->init_data->init_flags & SIG_FLAG_INIT_DEONLY) {
DetectEngineAddDecoderEventSig(de_ctx, tmp_s);
}
@ -8341,15 +8341,13 @@ int SigTest40NoPayloadInspection02(void)
uint8_t *buf = (uint8_t *)
"220 (vsFTPd 2.0.5)\r\n";
uint16_t buflen = strlen((char *)buf);
Packet *p = SCMalloc(SIZE_OF_PACKET);
if (unlikely(p == NULL))
return 0;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
int result = 1;
memset(&th_v, 0, sizeof(th_v));
Packet *p = SCMalloc(SIZE_OF_PACKET);
FAIL_IF_NULL(p);
memset(p, 0, SIZE_OF_PACKET);
p->src.family = AF_INET;
p->dst.family = AF_INET;
p->payload = buf;
@ -8357,37 +8355,26 @@ int SigTest40NoPayloadInspection02(void)
p->proto = IPPROTO_TCP;
p->flags |= PKT_NOPAYLOAD_INSPECTION;
DetectEngineThreadCtx *det_ctx = NULL;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
result = 0;
goto end;
}
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"No Payload TEST\"; content:\"220 (vsFTPd 2.0.5)\"; sid:1;)");
if (de_ctx->sig_list == NULL) {
result = 0;
goto end;
}
Signature *s = DetectEngineAppendSig(de_ctx,
"alert tcp any any -> any any (msg:\"No Payload TEST\"; content:\"220 (vsFTPd 2.0.5)\"; sid:1;)");
FAIL_IF_NULL(s);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
if (PacketAlertCheck(p, 1))
result &= 0;
else
result &= 1;
FAIL_IF(PacketAlertCheck(p, 1));
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
end:
SCFree(p);
return result;
PASS;
}
static int SigTestMemory01 (void)

54
src/detect.h
Unescape Escape View File

@ -412,6 +412,34 @@ typedef struct DetectEngineAppInspectionEngine_ {
#endif
typedef struct SignatureInitData_ {
/** Number of sigmatches. Used for assigning SigMatch::idx */
uint16_t sm_cnt;
/* used to hold flags that are used during init */
uint32_t init_flags;
/* coccinelle: SignatureInitData:init_flags:SIG_FLAG_INIT_ */
/* used at init to determine max dsize */
SigMatch *dsize_sm;
/* the fast pattern added from this signature */
SigMatch *mpm_sm;
/* used to speed up init of prefilter */
SigMatch *prefilter_sm;
/* SigMatch list used for adding content and friends. E.g. file_data; */
int list;
/** score to influence rule grouping. A higher value leads to a higher
* likelyhood of a rulegroup with this sig ending up as a contained
* group. */
int whitelist;
/** address settings for this signature */
const DetectAddressHead *src, *dst;
int prefilter_list;
/* holds all sm lists */
struct SigMatch_ *smlists[DETECT_SM_LIST_MAX];
/* holds all sm lists' tails */
@ -463,12 +491,6 @@ typedef struct Signature_ {
#ifdef PROFILING
uint16_t profiling_id;
#endif
/** number of sigmatches in the match and pmatch list */
uint16_t sm_cnt;
/* used to hold flags that are predominantly used during init */
uint32_t init_flags;
/* coccinelle: Signature:init_flags:SIG_FLAG_INIT_ */
/** netblocks and hosts specified at the sid, in CIDR format */
IPOnlyCIDRItem *CidrSrc, *CidrDst;
@ -489,30 +511,10 @@ typedef struct Signature_ {
/** Reference */
DetectReference *references;
/** address settings for this signature */
const DetectAddressHead *src, *dst;
/* used at init to determine max dsize */
SigMatch *dsize_sm;
/* the fast pattern added from this signature */
SigMatch *mpm_sm;
/* used to speed up init of prefilter */
SigMatch *prefilter_sm;
/* SigMatch list used for adding content and friends. E.g. file_data; */
int list;
/** score to influence rule grouping. A higher value leads to a higher
* likelyhood of a rulegroup with this sig ending up as a contained
* group. */
int whitelist;
/* Be careful, this pointer is only valid while parsing the sig,
* to warn the user about any possible problem */
char *sig_str;
int prefilter_list;
SignatureInitData *init_data;
/** ptr to the next sig in the list */

Write Preview
Loading…
Cancel
Save