io_ctx->sig_mapping = NULL;
}
-static inline
-int IPOnlyMatchCompatSMs(ThreadVars *tv,
- DetectEngineThreadCtx *det_ctx,
- Signature *s, Packet *p)
+static inline int IPOnlyMatchCompatSMs(
+ ThreadVars *tv, DetectEngineThreadCtx *det_ctx, const Signature *s, Packet *p)
{
KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_MATCH);
- SigMatchData *smd = s->sm_arrays[DETECT_SM_LIST_MATCH];
- if (smd) {
- while (1) {
- DEBUG_VALIDATE_BUG_ON(!(sigmatch_table[smd->type].flags & SIGMATCH_IPONLY_COMPAT));
- KEYWORD_PROFILING_START;
- if (sigmatch_table[smd->type].Match(det_ctx, p, s, smd->ctx) > 0) {
- KEYWORD_PROFILING_END(det_ctx, smd->type, 1);
- if (smd->is_last)
- break;
- smd++;
- continue;
- }
- KEYWORD_PROFILING_END(det_ctx, smd->type, 0);
- return 0;
+ const SigMatchData *smd = s->sm_arrays[DETECT_SM_LIST_MATCH];
+ while (smd) {
+ DEBUG_VALIDATE_BUG_ON(!(sigmatch_table[smd->type].flags & SIGMATCH_IPONLY_COMPAT));
+ KEYWORD_PROFILING_START;
+ if (sigmatch_table[smd->type].Match(det_ctx, p, s, smd->ctx) > 0) {
+ KEYWORD_PROFILING_END(det_ctx, smd->type, 1);
+ if (smd->is_last)
+ break;
+ smd++;
+ continue;
}
+ KEYWORD_PROFILING_END(det_ctx, smd->type, 0);
+ return 0;
}
return 1;
}
if (src == NULL || dst == NULL)
SCReturn;
- uint32_t u;
- for (u = 0; u < src->size; u++) {
+ for (uint32_t u = 0; u < src->size; u++) {
SCLogDebug("And %"PRIu8" & %"PRIu8, src->array[u], dst->array[u]);
uint8_t bitarray = dst->array[u] & src->array[u];
/* We have to move the logic of the signature checking
* to the main detect loop, in order to apply the
* priority of actions (pass, drop, reject, alert) */
- if (bitarray) {
- /* We have a match :) Let's see from which signum's */
- uint8_t i = 0;
+ if (!bitarray)
+ continue;
- for (; i < 8; i++, bitarray = bitarray >> 1) {
- if (bitarray & 0x01) {
- Signature *s = de_ctx->sig_array[io_ctx->sig_mapping[u * 8 + i]];
+ /* We have a match :) Let's see from which signum's */
- if ((s->proto.flags & DETECT_PROTO_IPV4) && !PKT_IS_IPV4(p)) {
- SCLogDebug("ip version didn't match");
- continue;
- }
- if ((s->proto.flags & DETECT_PROTO_IPV6) && !PKT_IS_IPV6(p)) {
- SCLogDebug("ip version didn't match");
- continue;
- }
+ for (uint8_t i = 0; i < 8; i++, bitarray = bitarray >> 1) {
+ if (bitarray & 0x01) {
+ const Signature *s = de_ctx->sig_array[io_ctx->sig_mapping[u * 8 + i]];
- if (DetectProtoContainsProto(&s->proto, IP_GET_IPPROTO(p)) == 0) {
- SCLogDebug("proto didn't match");
- continue;
- }
+ if ((s->proto.flags & DETECT_PROTO_IPV4) && !PKT_IS_IPV4(p)) {
+ SCLogDebug("ip version didn't match");
+ continue;
+ }
+ if ((s->proto.flags & DETECT_PROTO_IPV6) && !PKT_IS_IPV6(p)) {
+ SCLogDebug("ip version didn't match");
+ continue;
+ }
+ if (DetectProtoContainsProto(&s->proto, IP_GET_IPPROTO(p)) == 0) {
+ SCLogDebug("proto didn't match");
+ continue;
+ }
- /* check the source & dst port in the sig */
- if (p->proto == IPPROTO_TCP || p->proto == IPPROTO_UDP || p->proto == IPPROTO_SCTP) {
- if (!(s->flags & SIG_FLAG_DP_ANY)) {
- if (p->flags & PKT_IS_FRAGMENT)
- continue;
-
- DetectPort *dport = DetectPortLookupGroup(s->dp,p->dp);
- if (dport == NULL) {
- SCLogDebug("dport didn't match.");
- continue;
- }
+ /* check the source & dst port in the sig */
+ if (p->proto == IPPROTO_TCP || p->proto == IPPROTO_UDP ||
+ p->proto == IPPROTO_SCTP) {
+ if (!(s->flags & SIG_FLAG_DP_ANY)) {
+ if (p->flags & PKT_IS_FRAGMENT)
+ continue;
+
+ const DetectPort *dport = DetectPortLookupGroup(s->dp, p->dp);
+ if (dport == NULL) {
+ SCLogDebug("dport didn't match.");
+ continue;
}
- if (!(s->flags & SIG_FLAG_SP_ANY)) {
- if (p->flags & PKT_IS_FRAGMENT)
- continue;
-
- DetectPort *sport = DetectPortLookupGroup(s->sp,p->sp);
- if (sport == NULL) {
- SCLogDebug("sport didn't match.");
- continue;
- }
+ }
+ if (!(s->flags & SIG_FLAG_SP_ANY)) {
+ if (p->flags & PKT_IS_FRAGMENT)
+ continue;
+
+ const DetectPort *sport = DetectPortLookupGroup(s->sp, p->sp);
+ if (sport == NULL) {
+ SCLogDebug("sport didn't match.");
+ continue;
}
- } else if ((s->flags & (SIG_FLAG_DP_ANY|SIG_FLAG_SP_ANY)) != (SIG_FLAG_DP_ANY|SIG_FLAG_SP_ANY)) {
- SCLogDebug("port-less protocol and sig needs ports");
- continue;
}
+ } else if ((s->flags & (SIG_FLAG_DP_ANY | SIG_FLAG_SP_ANY)) !=
+ (SIG_FLAG_DP_ANY | SIG_FLAG_SP_ANY)) {
+ SCLogDebug("port-less protocol and sig needs ports");
+ continue;
+ }
- if (!IPOnlyMatchCompatSMs(tv, det_ctx, s, p)) {
- continue;
- }
+ if (!IPOnlyMatchCompatSMs(tv, det_ctx, s, p)) {
+ continue;
+ }
- SCLogDebug("Signum %"PRIu32" match (sid: %"PRIu32", msg: %s)",
- u * 8 + i, s->id, s->msg);
+ SCLogDebug("Signum %" PRIu32 " match (sid: %" PRIu32 ", msg: %s)", u * 8 + i, s->id,
+ s->msg);
- if (s->sm_arrays[DETECT_SM_LIST_POSTMATCH] != NULL) {
- KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_POSTMATCH);
- SigMatchData *smd = s->sm_arrays[DETECT_SM_LIST_POSTMATCH];
+ if (s->sm_arrays[DETECT_SM_LIST_POSTMATCH] != NULL) {
+ KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_POSTMATCH);
+ const SigMatchData *smd = s->sm_arrays[DETECT_SM_LIST_POSTMATCH];
- SCLogDebug("running match functions, sm %p", smd);
+ SCLogDebug("running match functions, sm %p", smd);
- if (smd != NULL) {
- while (1) {
- KEYWORD_PROFILING_START;
- (void)sigmatch_table[smd->type].Match(det_ctx, p, s, smd->ctx);
- KEYWORD_PROFILING_END(det_ctx, smd->type, 1);
- if (smd->is_last)
- break;
- smd++;
- }
+ if (smd != NULL) {
+ while (1) {
+ KEYWORD_PROFILING_START;
+ (void)sigmatch_table[smd->type].Match(det_ctx, p, s, smd->ctx);
+ KEYWORD_PROFILING_END(det_ctx, smd->type, 1);
+ if (smd->is_last)
+ break;
+ smd++;
}
}
- AlertQueueAppend(det_ctx, s, p, 0, 0);
}
+ AlertQueueAppend(det_ctx, s, p, 0, 0);
}
}
}
projects / thirdparty / suricata.git / commitdiff
