return NULL;
SCLogDebug("have data!");
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
return buffer;
} else {
buffer->flags |= DETECT_CI_FLAGS_DCE_BE;
}
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
return buffer;
return NULL;
SCLogDebug("tx %p data %p data_len %u", tx, data, data_len);
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
return buffer;
{
SCEnter();
- InspectionBufferMultipleForList *fb = InspectionBufferGetMulti(det_ctx, list_id);
- InspectionBuffer *buffer = InspectionBufferMultipleForListGet(fb, cbdata->local_id);
+ InspectionBuffer *buffer =
+ InspectionBufferMultipleForListGet(det_ctx, list_id, cbdata->local_id);
if (buffer == NULL)
return NULL;
if (!first && buffer->inspect != NULL)
&data, &data_len) == 0) {
return NULL;
}
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
SCReturnPtr(buffer, "InspectionBuffer");
#include "detect-engine-loader.h"
+#include "util-action.h"
+#include "util-byte.h"
#include "util-classification-config.h"
-#include "util-reference-config.h"
-#include "util-threshold-config.h"
+#include "util-debug.h"
+#include "util-device.h"
#include "util-error.h"
#include "util-hash.h"
-#include "util-byte.h"
-#include "util-debug.h"
-#include "util-unittest.h"
-#include "util-action.h"
#include "util-magic.h"
+#include "util-profiling.h"
+#include "util-reference-config.h"
#include "util-signal.h"
#include "util-spm.h"
-#include "util-device.h"
+#include "util-threshold-config.h"
+#include "util-unittest.h"
+#include "util-validate.h"
#include "util-var-name.h"
-#include "util-profiling.h"
#include "tm-threads.h"
#include "runmodes.h"
return buffer;
}
+static InspectionBufferMultipleForList *
+InspectionBufferGetMulti(DetectEngineThreadCtx *det_ctx, const int list_id) {
+ InspectionBufferMultipleForList *buffer =
+ &det_ctx->multi_inspect.buffers[list_id];
+ if (!buffer->init) {
+ det_ctx->multi_inspect
+ .to_clear_queue[det_ctx->multi_inspect.to_clear_idx++] = list_id;
+ buffer->init = 1;
+ }
+ return buffer;
+}
+
/** \brief for a InspectionBufferMultipleForList get a InspectionBuffer
* \param fb the multiple buffer array
* \param local_id the index to get a buffer
* \param buffer the inspect buffer or NULL in case of error */
-InspectionBuffer *InspectionBufferMultipleForListGet(InspectionBufferMultipleForList *fb, uint32_t local_id)
-{
+InspectionBuffer *
+InspectionBufferMultipleForListGet(DetectEngineThreadCtx *det_ctx,
+ const int list_id, const uint32_t local_id) {
if (unlikely(local_id >= 1024)) {
DetectEngineSetEvent(det_ctx, DETECT_EVENT_TOO_MANY_BUFFERS);
return NULL;
fb->max = MAX(fb->max, local_id);
InspectionBuffer *buffer = &fb->inspection_buffers[local_id];
SCLogDebug("using file_data buffer %p", buffer);
- return buffer;
-}
-
-InspectionBufferMultipleForList *InspectionBufferGetMulti(DetectEngineThreadCtx *det_ctx, const int list_id)
-{
- InspectionBufferMultipleForList *buffer = &det_ctx->multi_inspect.buffers[list_id];
- if (!buffer->init) {
- det_ctx->multi_inspect.to_clear_queue[det_ctx->multi_inspect.to_clear_idx++] = list_id;
- buffer->init = 1;
- }
+#ifdef DEBUG_VALIDATION
+ buffer->multi = true;
+#endif
return buffer;
}
}
/** \brief setup the buffer with our initial data */
-void InspectionBufferSetup(InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len)
-{
- buffer->inspect = buffer->orig = data;
- buffer->inspect_len = buffer->orig_len = data_len;
- buffer->len = 0;
+void InspectionBufferSetupMulti(InspectionBuffer *buffer,
+ const DetectEngineTransforms *transforms,
+ const uint8_t *data, const uint32_t data_len) {
+ DEBUG_VALIDATE_BUG_ON(!buffer->multi);
+ buffer->inspect = buffer->orig = data;
+ buffer->inspect_len = buffer->orig_len = data_len;
+ buffer->len = 0;
+
+ InspectionBufferApplyTransforms(buffer, transforms);
+}
+
+/** \brief setup the buffer with our initial data */
+void InspectionBufferSetup(DetectEngineThreadCtx *det_ctx, const int list_id,
+ InspectionBuffer *buffer, const uint8_t *data,
+ const uint32_t data_len) {
+ DEBUG_VALIDATE_BUG_ON(buffer->multi);
+ if (buffer->inspect == NULL) {
+#ifdef UNITTESTS
+ if (det_ctx && list_id != -1)
+#endif
+ det_ctx->inspect.to_clear_queue[det_ctx->inspect.to_clear_idx++] =
+ list_id;
+ }
+ buffer->inspect = buffer->orig = data;
+ buffer->inspect_len = buffer->orig_len = data_len;
+ buffer->len = 0;
}
void InspectionBufferFree(InspectionBuffer *buffer)
-/* Copyright (C) 2007-2010 Open Information Security Foundation
+/* Copyright (C) 2007-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#include "flow-private.h"
void InspectionBufferInit(InspectionBuffer *buffer, uint32_t initial_size);
-void InspectionBufferSetup(InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len);
+void InspectionBufferSetup(DetectEngineThreadCtx *det_ctx, const int list_id,
+ InspectionBuffer *buffer, const uint8_t *data,
+ const uint32_t data_len);
void InspectionBufferFree(InspectionBuffer *buffer);
void InspectionBufferCheckAndExpand(InspectionBuffer *buffer, uint32_t min_size);
void InspectionBufferCopy(InspectionBuffer *buffer, uint8_t *buf, uint32_t buf_len);
const uint8_t *content, uint16_t content_len, const char **namestr);
void InspectionBufferClean(DetectEngineThreadCtx *det_ctx);
InspectionBuffer *InspectionBufferGet(DetectEngineThreadCtx *det_ctx, const int list_id);
-InspectionBuffer *InspectionBufferMultipleForListGet(InspectionBufferMultipleForList *fb, uint32_t local_id);
-InspectionBufferMultipleForList *InspectionBufferGetMulti(DetectEngineThreadCtx *det_ctx, const int list_id);
+void InspectionBufferSetupMulti(InspectionBuffer *buffer,
+ const DetectEngineTransforms *transforms,
+ const uint8_t *data, const uint32_t data_len);
+InspectionBuffer *
+InspectionBufferMultipleForListGet(DetectEngineThreadCtx *det_ctx,
+ const int list_id, uint32_t local_id);
int DetectBufferTypeRegister(const char *name);
int DetectBufferTypeGetByName(const char *name);
StreamingBufferGetDataAtOffset(body->sb,
&data, &data_len, offset);
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
buffer->inspect_offset = offset;
/* built-in 'transformation' */
/* file API based inspection */
+static inline InspectionBuffer *FiledataWithXformsGetDataCallback(
+ DetectEngineThreadCtx *det_ctx, const DetectEngineTransforms *transforms,
+ const int list_id, int local_file_id, InspectionBuffer *base_buffer,
+ const bool first) {
+ InspectionBuffer *buffer =
+ InspectionBufferMultipleForListGet(det_ctx, list_id, local_file_id);
+ if (buffer == NULL) {
+ SCLogDebug("list_id: %d: no buffer", list_id);
+ return NULL;
+ }
+ if (!first && buffer->inspect != NULL) {
+ SCLogDebug("list_id: %d: returning %p", list_id, buffer);
+ return buffer;
+ }
+
+ InspectionBufferSetupMulti(buffer, transforms, base_buffer->inspect,
+ base_buffer->inspect_len);
+ buffer->inspect_offset = base_buffer->inspect_offset;
+ SCLogDebug("xformed buffer %p size %u", buffer, buffer->inspect_len);
+ SCReturnPtr(buffer, "InspectionBuffer");
+}
+
static InspectionBuffer *FiledataGetDataCallback(DetectEngineThreadCtx *det_ctx,
const DetectEngineTransforms *transforms,
Flow *f, uint8_t flow_flags, File *cur_file,
{
SCEnter();
- InspectionBufferMultipleForList *fb = InspectionBufferGetMulti(det_ctx, list_id);
- InspectionBuffer *buffer = InspectionBufferMultipleForListGet(fb, local_file_id);
+ InspectionBuffer *buffer =
+ InspectionBufferMultipleForListGet(det_ctx, list_id, local_file_id);
+ SCLogDebug("base: buffer %p", buffer);
if (buffer == NULL)
return NULL;
if (!first && buffer->inspect != NULL)
StreamingBufferGetDataAtOffset(cur_file->sb,
&data, &data_len,
cur_file->content_inspected);
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetupMulti(buffer, NULL, data, data_len);
+ SCLogDebug("[list %d] [before] buffer offset %" PRIu64
+ "; buffer len %" PRIu32 "; data_len %" PRIu32
+ "; file_size %" PRIu64,
+ list_id, buffer->inspect_offset, buffer->inspect_len, data_len,
+ file_size);
buffer->inspect_offset = cur_file->content_inspected;
InspectionBufferApplyTransforms(buffer, transforms);
{
SCEnter();
- InspectionBufferMultipleForList *fb = InspectionBufferGetMulti(det_ctx, list_id);
- InspectionBuffer *buffer = InspectionBufferMultipleForListGet(fb, local_file_id);
+ InspectionBuffer *buffer =
+ InspectionBufferMultipleForListGet(det_ctx, list_id, local_file_id);
if (buffer == NULL)
return NULL;
if (!first && buffer->inspect != NULL)
const uint8_t *data = (const uint8_t *)cur_file->magic;
uint32_t data_len = (uint32_t)strlen(cur_file->magic);
- InspectionBufferSetup(buffer, data, data_len);
- InspectionBufferApplyTransforms(buffer, transforms);
+ InspectionBufferSetupMulti(buffer, transforms, data, data_len);
SCReturnPtr(buffer, "InspectionBuffer");
}
{
SCEnter();
- InspectionBufferMultipleForList *fb = InspectionBufferGetMulti(det_ctx, list_id);
- InspectionBuffer *buffer = InspectionBufferMultipleForListGet(fb, local_file_id);
+ InspectionBuffer *buffer =
+ InspectionBufferMultipleForListGet(det_ctx, list_id, local_file_id);
if (buffer == NULL)
return NULL;
if (!first && buffer->inspect != NULL)
const uint8_t *data = cur_file->name;
uint32_t data_len = cur_file->name_len;
- InspectionBufferSetup(buffer, data, data_len);
- InspectionBufferApplyTransforms(buffer, transforms);
+ InspectionBufferSetupMulti(buffer, transforms, data, data_len);
SCReturnPtr(buffer, "InspectionBuffer");
}
StreamingBufferGetDataAtOffset(body->sb,
&data, &data_len, offset);
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
buffer->inspect_offset = offset;
/* move inspected tracker to end of the data. HtpBodyPrune will consider
const uint32_t data_len = bstr_len(h->value);
const uint8_t *data = bstr_ptr(h->value);
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
const uint32_t data_len = bstr_len(h->value);
const uint8_t *data = bstr_ptr(h->value);
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
return;
/* setup buffer and apply transforms */
- InspectionBufferSetup(buffer, rawdata, rawdata_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, rawdata, rawdata_len);
InspectionBufferApplyTransforms(buffer, ctx->transforms);
}
return;
/* setup buffer and apply transforms */
- InspectionBufferSetup(buffer, rawdata, rawdata_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, rawdata, rawdata_len);
InspectionBufferApplyTransforms(buffer, ctx->transforms);
}
goto end;
}
/* setup buffer and apply transforms */
- InspectionBufferSetup(buffer, rawdata, rawdata_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, rawdata, rawdata_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
goto end;
}
/* setup buffer and apply transforms */
- InspectionBufferSetup(buffer, rawdata, rawdata_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, rawdata, rawdata_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
return;
/* setup buffer and apply transforms */
- InspectionBufferSetup(buffer, rawdata, rawdata_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, rawdata, rawdata_len);
InspectionBufferApplyTransforms(buffer, ctx->transforms);
}
const uint32_t data_len = bstr_len(h->value);
const uint8_t *data = bstr_ptr(h->value);
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
const uint32_t data_len = bstr_len(h->value);
const uint8_t *data = bstr_ptr(h->value);
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
const uint32_t data_len = bstr_len(tx->request_hostname);
const uint8_t *data = bstr_ptr(tx->request_hostname);
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
data_len = bstr_len(tx->parsed_uri->hostname);
}
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
const uint32_t data_len = bstr_len(tx->request_method);
const uint8_t *data = bstr_ptr(tx->request_method);
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
return NULL;
}
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
const uint32_t data_len = ts ?
tx_ud->request_headers_raw_len : tx_ud->response_headers_raw_len;
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
const uint32_t data_len = bstr_len(tx->request_line);
const uint8_t *data = bstr_ptr(tx->request_line);
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
return buffer;
const uint32_t data_len = bstr_len(tx->response_line);
const uint8_t *data = bstr_ptr(tx->response_line);
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
return buffer;
return;
/* setup buffer and apply transforms */
- InspectionBufferSetup(buffer, rawdata, rawdata_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, rawdata, rawdata_len);
InspectionBufferApplyTransforms(buffer, ctx->transforms);
}
return;
/* setup buffer and apply transforms */
- InspectionBufferSetup(buffer, rawdata, rawdata_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, rawdata, rawdata_len);
InspectionBufferApplyTransforms(buffer, ctx->transforms);
}
goto end;
}
/* setup buffer and apply transforms */
- InspectionBufferSetup(buffer, rawdata, rawdata_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, rawdata, rawdata_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
const uint32_t data_len = bstr_len(tx->response_status);
const uint8_t *data = bstr_ptr(tx->response_status);
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
const uint32_t data_len = bstr_len(tx->response_message);
const uint8_t *data = bstr_ptr(tx->response_message);
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
const uint32_t data_len = bstr_len(h->value);
const uint8_t *data = bstr_ptr(h->value);
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
const uint32_t data_len = bstr_len(tx_ud->request_uri_normalized);
const uint8_t *data = bstr_ptr(tx_ud->request_uri_normalized);
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
const uint32_t data_len = bstr_len(tx->request_uri);
const uint8_t *data = bstr_ptr(tx->request_uri);
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
const uint32_t data_len = hlen;
const uint8_t *data = (const uint8_t *)p->ip4h;
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
const uint32_t data_len = hlen;
const uint8_t *data = (const uint8_t *)p->ip6h;
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
{
SCEnter();
- InspectionBufferMultipleForList *fb = InspectionBufferGetMulti(det_ctx, list_id);
- InspectionBuffer *buffer = InspectionBufferMultipleForListGet(fb, cbdata->local_id);
+ InspectionBuffer *buffer =
+ InspectionBufferMultipleForListGet(det_ctx, list_id, cbdata->local_id);
if (buffer == NULL)
return NULL;
if (!first && buffer->inspect != NULL)
if (b == NULL || b_len == 0)
return NULL;
- InspectionBufferSetup(buffer, b, b_len);
- InspectionBufferApplyTransforms(buffer, transforms);
+ InspectionBufferSetupMulti(buffer, transforms, b, b_len);
SCReturnPtr(buffer, "InspectionBuffer");
}
{
SCEnter();
- InspectionBufferMultipleForList *fb = InspectionBufferGetMulti(det_ctx, list_id);
- InspectionBuffer *buffer = InspectionBufferMultipleForListGet(fb, cbdata->local_id);
+ InspectionBuffer *buffer =
+ InspectionBufferMultipleForListGet(det_ctx, list_id, cbdata->local_id);
if (buffer == NULL)
return NULL;
if (!first && buffer->inspect != NULL)
if (b == NULL || b_len == 0)
return NULL;
- InspectionBufferSetup(buffer, b, b_len);
- InspectionBufferApplyTransforms(buffer, transforms);
+ InspectionBufferSetupMulti(buffer, transforms, b, b_len);
SCReturnPtr(buffer, "InspectionBuffer");
}
if (b == NULL || b_len == 0)
return NULL;
- InspectionBufferSetup(buffer, b, b_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
return NULL;
if (b == NULL || b_len == 0)
return NULL;
- InspectionBufferSetup(buffer, b, b_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
if (b == NULL || b_len == 0)
return NULL;
- InspectionBufferSetup(buffer, b, b_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
return buffer;
if (b == NULL || b_len == 0)
return NULL;
- InspectionBufferSetup(buffer, b, b_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
return buffer;
if (b == NULL || b_len == 0)
return NULL;
- InspectionBufferSetup(buffer, b, b_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
if (b == NULL || b_len == 0)
return NULL;
- InspectionBufferSetup(buffer, b, b_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
if (b == NULL || b_len == 0)
return NULL;
- InspectionBufferSetup(buffer, b, b_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
if (b == NULL || b_len == 0)
return NULL;
- InspectionBufferSetup(buffer, b, b_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
return buffer;
if (b == NULL || b_len == 0)
return NULL;
- InspectionBufferSetup(buffer, b, b_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
return buffer;
return NULL;
}
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
return NULL;
}
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
return NULL;
}
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
const uint32_t data_len = hlen;
const uint8_t *data = (const uint8_t *)p->tcph;
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
return NULL; /* no buffer */
}
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
const uint32_t data_len = strlen(ssl_state->server_connp.cert0_fingerprint);
const uint8_t *data = (uint8_t *)ssl_state->server_connp.cert0_fingerprint;
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
const uint32_t data_len = strlen(ssl_state->server_connp.cert0_issuerdn);
const uint8_t *data = (uint8_t *)ssl_state->server_connp.cert0_issuerdn;
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
const uint32_t data_len = strlen(ssl_state->server_connp.cert0_serial);
const uint8_t *data = (uint8_t *)ssl_state->server_connp.cert0_serial;
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
const uint32_t data_len = strlen(ssl_state->server_connp.cert0_subject);
const uint8_t *data = (uint8_t *)ssl_state->server_connp.cert0_subject;
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
{
SCEnter();
- InspectionBufferMultipleForList *fb = InspectionBufferGetMulti(det_ctx, list_id);
- InspectionBuffer *buffer = InspectionBufferMultipleForListGet(fb, cbdata->local_id);
+ InspectionBuffer *buffer =
+ InspectionBufferMultipleForListGet(det_ctx, list_id, cbdata->local_id);
if (buffer == NULL)
return NULL;
if (cbdata->cert == NULL) {
cbdata->cert = TAILQ_FIRST(&ssl_state->server_connp.certs);
} else {
- cbdata->cert = TAILQ_NEXT(cbdata->cert, next);
+ cbdata->cert = TAILQ_NEXT(cbdata->cert, next);
}
-
if (cbdata->cert == NULL) {
return NULL;
}
- InspectionBufferSetup(buffer, cbdata->cert->cert_data,
- cbdata->cert->cert_len);
- InspectionBufferApplyTransforms(buffer, transforms);
+ InspectionBufferSetupMulti(buffer, transforms, cbdata->cert->cert_data,
+ cbdata->cert->cert_len);
SCReturnPtr(buffer, "InspectionBuffer");
}
const uint32_t data_len = strlen(ssl_state->client_connp.ja3_hash);
const uint8_t *data = (uint8_t *)ssl_state->client_connp.ja3_hash;
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
const uint32_t data_len = strlen(ssl_state->client_connp.ja3_str->data);
const uint8_t *data = (uint8_t *)ssl_state->client_connp.ja3_str->data;
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
const uint32_t data_len = strlen(ssl_state->server_connp.ja3_hash);
const uint8_t *data = (uint8_t *)ssl_state->server_connp.ja3_hash;
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
const uint32_t data_len = strlen(ssl_state->server_connp.ja3_str->data);
const uint8_t *data = (uint8_t *)ssl_state->server_connp.ja3_str->data;
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
const uint32_t data_len = strlen(ssl_state->client_connp.sni);
const uint8_t *data = (uint8_t *)ssl_state->client_connp.sni;
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
InspectionBuffer buffer;
InspectionBufferInit(&buffer, 8);
- InspectionBufferSetup(&buffer, input, input_len);
+ InspectionBufferSetup(NULL, -1, &buffer, input, input_len);
PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len);
TransformCompressWhitespace(&buffer);
PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len);
InspectionBuffer buffer;
InspectionBufferInit(&buffer, 8);
- InspectionBufferSetup(&buffer, input, input_len);
+ InspectionBufferSetup(NULL, -1, &buffer, input, input_len);
PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len);
TransformDoubleWhitespace(&buffer);
PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len);
InspectionBuffer buffer;
InspectionBufferInit(&buffer, input_len);
- InspectionBufferSetup(&buffer, input, input_len);
+ InspectionBufferSetup(NULL, -1, &buffer, input, input_len);
PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len);
TransformDotPrefix(&buffer);
PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len);
InspectionBuffer buffer;
InspectionBufferInit(&buffer, input_len);
- InspectionBufferSetup(&buffer, input, input_len);
+ InspectionBufferSetup(NULL, -1, &buffer, input, input_len);
PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len);
TransformDotPrefix(&buffer);
PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len);
InspectionBuffer buffer;
InspectionBufferInit(&buffer, 8);
- InspectionBufferSetup(&buffer, input, input_len);
+ InspectionBufferSetup(NULL, -1, &buffer, input, input_len);
PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len);
TransformToMd5(&buffer);
PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len);
InspectionBuffer buffer;
InspectionBufferInit(&buffer, 8);
- InspectionBufferSetup(&buffer, input, input_len);
+ InspectionBufferSetup(NULL, -1, &buffer, input, input_len);
PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len);
TransformToSha1(&buffer);
PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len);
InspectionBuffer buffer;
InspectionBufferInit(&buffer, 8);
- InspectionBufferSetup(&buffer, input, input_len);
+ InspectionBufferSetup(NULL, -1, &buffer, input, input_len);
PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len);
TransformToSha256(&buffer);
PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len);
InspectionBuffer buffer;
InspectionBufferInit(&buffer, 8);
- InspectionBufferSetup(&buffer, input, input_len);
+ InspectionBufferSetup(NULL, -1, &buffer, input, input_len);
PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len);
TransformStripWhitespace(&buffer);
PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len);
InspectionBuffer buffer;
InspectionBufferInit(&buffer, 8);
- InspectionBufferSetup(&buffer, input, input_len);
+ InspectionBufferSetup(NULL, -1, &buffer, input, input_len);
PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len);
TransformDoubleWhitespace(&buffer);
PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len);
const uint32_t data_len = UDP_HEADER_LEN;
const uint8_t *data = (const uint8_t *)p->udph;
- InspectionBufferSetup(buffer, data, data_len);
+ InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len);
InspectionBufferApplyTransforms(buffer, transforms);
}
uint64_t inspect_offset;
uint32_t inspect_len; /**< size of active data. See to ::len or ::orig_len */
uint8_t flags; /**< DETECT_CI_FLAGS_* for use with DetectEngineContentInspection */
-
+#ifdef DEBUG_VALIDATION
+ bool multi;
+#endif
uint32_t len; /**< how much is in use */
uint8_t *buf;
uint32_t size; /**< size of the memory allocation */
projects / thirdparty / suricata.git / commitdiff
