/* Content match - should probably be put into its own file. */
if (flags & STREAM_TOSERVER && tx->request_buffer != NULL) {
r = DetectEngineContentInspection(de_ctx, det_ctx, s,
- s->sm_arrays[DETECT_SM_LIST_DNP3_DATA_MATCH], f, tx->request_buffer,
+ smd, f, tx->request_buffer,
tx->request_buffer_len, 0, 0, NULL);
}
else if (flags & STREAM_TOCLIENT && tx->response_buffer != NULL) {
r = DetectEngineContentInspection(de_ctx, det_ctx, s,
- s->sm_arrays[DETECT_SM_LIST_DNP3_DATA_MATCH], f, tx->response_buffer,
+ smd, f, tx->response_buffer,
tx->response_buffer_len, 0, 0, NULL);
}
int DetectEngineAppInspectionEngine2Signature(Signature *s)
{
- int lists_used[DETECT_SM_LIST_MAX] = { 0 };
+ SigMatchData *ptrs[DETECT_SM_LIST_MAX] = { NULL };
+
+ /* convert lists to SigMatchData arrays */
+ int i = 0;
+ for (i = DETECT_SM_LIST_BUILTIN_MAX; i < DETECT_SM_LIST_MAX; i++) {
+ if (s->init_data->smlists[i] == NULL)
+ continue;
+
+ ptrs[i] = SigMatchList2DataArray(s->init_data->smlists[i]);
+ }
DetectEngineAppInspectionEngine *t = g_app_inspect_engines;
while (t != NULL) {
- if (s->sm_arrays[t->sm_list] == NULL)
+ if (ptrs[t->sm_list] == NULL)
goto next;
if (t->alproto == ALPROTO_UNKNOWN) {
/* special case, inspect engine applies to all protocols */
case DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH:
- new_engine->smd = s->sm_arrays[new_engine->sm_list];
- lists_used[t->sm_list] = 1;
+ new_engine->smd = ptrs[new_engine->sm_list];
break;
default:
break;
t = t->next;
}
- /* clear s->sm_arrays for those lists that we put
- * in the inspect engines. They own it now. */
- int i;
- for (i = 0; i < DETECT_SM_LIST_MAX; i++) {
- if (lists_used[i]) {
- s->sm_arrays[i] = NULL;
- }
- }
-
return 0;
}
{
if (s != NULL) {
int type;
- for (type = 0; type < DETECT_SM_LIST_MAX; type++) {
+ for (type = 0; type < DETECT_SM_LIST_BUILTIN_MAX; type++) {
if (s->sm_arrays[type] != NULL) {
if (ctxs) {
SigMatchData *smd = s->sm_arrays[type];
}
}
+static int SigMatchListLen(SigMatch *sm)
+{
+ int len = 0;
+ for (; sm != NULL; sm = sm->next)
+ len++;
+
+ return len;
+}
+
+/** \brief convert SigMatch list to SigMatchData array
+ * \note ownership of sm->ctx is transfered to smd->ctx
+ */
+SigMatchData* SigMatchList2DataArray(SigMatch *head)
+{
+ int len = SigMatchListLen(head);
+ if (len == 0)
+ return NULL;
+
+ SigMatchData *smd = (SigMatchData *)SCCalloc(len, sizeof(SigMatchData));
+ if (smd == NULL) {
+ SCLogError(SC_ERR_DETECT_PREPARE, "initializing the detection engine failed");
+ exit(EXIT_FAILURE);
+ }
+ SigMatchData *out = smd;
+
+ /* Copy sm type and Context into array */
+ SigMatch *sm = head;
+ for (; sm != NULL; sm = sm->next, smd++) {
+ smd->type = sm->type;
+ smd->ctx = sm->ctx;
+ sm->ctx = NULL; // SigMatch no longer owns the ctx
+ smd->is_last = (sm->next == NULL);
+ }
+ return out;
+}
+
/**
* \internal
* \brief validate a just parsed signature for internal inconsistencies
void SigMatchTransferSigMatchAcrossLists(SigMatch *sm,
SigMatch **, SigMatch **s,
SigMatch **, SigMatch **);
+SigMatchData* SigMatchList2DataArray(SigMatch *head);
void SigParsePrepare(void);
void SigParseRegisterTests(void);
Signature *DetectEngineAppendSig(DetectEngineCtx *, char *);
SCReturnInt(0);
}
-static int SigMatchListLen(SigMatch *sm)
-{
- int len = 0;
- for (; sm != NULL; sm = sm->next)
- len++;
-
- return len;
-}
-
/** \internal
* \brief perform final per signature setup tasks
*
Signature *s = de_ctx->sig_list;
for (; s != NULL; s = s->next) {
+ /* set up inspect engines */
+ DetectEngineAppInspectionEngine2Signature(s);
+
int type;
- for (type = 0; type < DETECT_SM_LIST_MAX; type++) {
+ for (type = 0; type < DETECT_SM_LIST_BUILTIN_MAX; type++) {
SigMatch *sm = s->init_data->smlists[type];
- int len = SigMatchListLen(sm);
- if (len == 0)
- s->sm_arrays[type] = NULL;
- else {
- SigMatchData *smd = (SigMatchData*)SCMalloc(len * sizeof(SigMatchData));
- if (smd == NULL) {
- SCLogError(SC_ERR_DETECT_PREPARE, "initializing the detection engine failed");
- exit(EXIT_FAILURE);
- }
- /* Copy sm type and Context into array */
- s->sm_arrays[type] = smd;
- for (; sm != NULL; sm = sm->next, smd++) {
- smd->type = sm->type;
- smd->ctx = sm->ctx;
- sm->ctx = NULL; // SigMatch no longer owns the ctx
- smd->is_last = (sm->next == NULL);
- }
- }
+ s->sm_arrays[type] = SigMatchList2DataArray(sm);
}
- /* set up inspect engines */
- DetectEngineAppInspectionEngine2Signature(s);
-
/* free lists. Ctx' are xferred to sm_arrays so won't get freed */
int i;
for (i = 0; i < DETECT_SM_LIST_MAX; i++) {
DetectEngineAppInspectionEngine *app_inspect;
- /* Hold copies of the sm lists for Match() */
- SigMatchData *sm_arrays[DETECT_SM_LIST_MAX];
+ /* Matching structures for the built-ins. The others are in
+ * their inspect engines. */
+ SigMatchData *sm_arrays[DETECT_SM_LIST_BUILTIN_MAX];
/* memory is still owned by the sm_lists/sm_arrays entry */
const struct DetectFilestoreData_ *filestore_ctx;
projects / thirdparty / suricata.git / commitdiff
