0 == (cd->flags & DETECT_CONTENT_NEGATED)) {
/* Check transform compatibility */
const char *tstr;
- if (!DetectBufferTypeValidateTransform(de_ctx, sm_list, cd->content,
- cd->content_len, &tstr)) {
+ if (!DetectEngineBufferTypeValidateTransform(
+ de_ctx, sm_list, cd->content, cd->content_len, &tstr)) {
SCLogError(SC_ERR_INVALID_SIGNATURE,
"content string \"%s\" incompatible with %s transform",
contentstr, tstr);
if (list_type == DETECT_SM_LIST_PMATCH)
fprintf(fp_engine_analysis_FD, "content\n");
else {
- const char *desc = DetectBufferTypeGetDescriptionById(de_ctx, list_type);
- const char *name = DetectBufferTypeGetNameById(de_ctx, list_type);
+ const char *desc = DetectEngineBufferTypeGetDescriptionById(de_ctx, list_type);
+ const char *name = DetectEngineBufferTypeGetNameById(de_ctx, list_type);
if (desc && name) {
fprintf(fp_engine_analysis_FD, "%s (%s)\n", desc, name);
}
payload ? (stream ? "payload and reassembled stream" : "payload") : "reassembled stream");
}
else {
- const char *desc = DetectBufferTypeGetDescriptionById(de_ctx, list_type);
- const char *name = DetectBufferTypeGetNameById(de_ctx, list_type);
+ const char *desc = DetectEngineBufferTypeGetDescriptionById(de_ctx, list_type);
+ const char *name = DetectEngineBufferTypeGetNameById(de_ctx, list_type);
if (desc && name) {
fprintf(rule_engine_analysis_FD, "%s (%s)", desc, name);
} else if (desc || name) {
}
fprintf(rule_engine_analysis_FD, "\" ");
- const DetectBufferType *bt = DetectBufferTypeGetById(de_ctx, list_type);
+ const DetectBufferType *bt = DetectEngineBufferTypeGetById(de_ctx, list_type);
if (bt && bt->transforms.cnt) {
fprintf(rule_engine_analysis_FD, "(with %d transform(s)) ", bt->transforms.cnt);
}
jb_open_array(ctx.js, "pkt_engines");
const DetectEnginePktInspectionEngine *pkt = s->pkt_inspect;
for ( ; pkt != NULL; pkt = pkt->next) {
- const char *name = DetectBufferTypeGetNameById(de_ctx, pkt->sm_list);
+ const char *name = DetectEngineBufferTypeGetNameById(de_ctx, pkt->sm_list);
if (name == NULL) {
switch (pkt->sm_list) {
case DETECT_SM_LIST_PMATCH:
jb_open_array(ctx.js, "engines");
const DetectEngineAppInspectionEngine *app = s->app_inspect;
for ( ; app != NULL; app = app->next) {
- const char *name = DetectBufferTypeGetNameById(de_ctx, app->sm_list);
+ const char *name = DetectEngineBufferTypeGetNameById(de_ctx, app->sm_list);
if (name == NULL) {
switch (app->sm_list) {
case DETECT_SM_LIST_PMATCH:
if (mpm_list < DETECT_SM_LIST_DYNAMIC_START)
name = DetectListToHumanString(mpm_list);
else
- name = DetectBufferTypeGetNameById(de_ctx, mpm_list);
+ name = DetectEngineBufferTypeGetNameById(de_ctx, mpm_list);
jb_set_string(ctx.js, "buffer", name);
SigMatchData *smd = pkt_mpm ? pkt_mpm->smd : app_mpm->smd;
if (prefilter_list < DETECT_SM_LIST_DYNAMIC_START)
name = DetectListToHumanString(prefilter_list);
else
- name = DetectBufferTypeGetNameById(de_ctx, prefilter_list);
+ name = DetectEngineBufferTypeGetNameById(de_ctx, prefilter_list);
jb_set_string(ctx.js, "buffer", name);
const char *mname = sigmatch_table[s->init_data->prefilter_sm->type].name;
jb_set_string(ctx.js, "name", mname);
if (p->sm_list < DETECT_SM_LIST_DYNAMIC_START)
name = DetectListToHumanString(p->sm_list);
else
- name = DetectBufferTypeGetNameById(de_ctx, p->sm_list);
+ name = DetectEngineBufferTypeGetNameById(de_ctx, p->sm_list);
jb_set_string(jb, "name", name);
jb_set_uint(jb, "list_id", p->sm_list);
for (int i = 0; i < nlists; i++) {
if (s->init_data->smlists[i] == NULL)
continue;
- if (!(DetectBufferTypeGetNameById(de_ctx, i)))
+ if (!(DetectEngineBufferTypeGetNameById(de_ctx, i)))
continue;
SCReturnInt(0);
for (int i = 0; i < nlists; i++) {
if (s->init_data->smlists[i] == NULL)
continue;
- if (!(DetectBufferTypeGetNameById(de_ctx, i)))
+ if (!(DetectEngineBufferTypeGetNameById(de_ctx, i)))
continue;
SCReturnInt(0);
for (int i = 0; i < nlists; i++) {
if (s->init_data->smlists[i] == NULL)
continue;
- if (!(DetectBufferTypeGetNameById(de_ctx, i)))
+ if (!(DetectEngineBufferTypeGetNameById(de_ctx, i)))
continue;
SCReturnInt(0);
if (y < DETECT_SM_LIST_DYNAMIC_START)
name = DetectListToHumanString(y);
else
- name = DetectBufferTypeGetNameById(de_ctx, y);
+ name = DetectEngineBufferTypeGetNameById(de_ctx, y);
json_object_set_new(app, name, json_integer(alproto_mpm_bufs[i][y]));
}
if (i < DETECT_SM_LIST_DYNAMIC_START)
name = DetectListToHumanString(i);
else
- name = DetectBufferTypeGetNameById(de_ctx, i);
+ name = DetectEngineBufferTypeGetNameById(de_ctx, i);
json_object_set_new(mpm_js, name, buf);
}
/* run buffer type callbacks if any */
for (int x = 0; x < (int)s->init_data->smlists_array_size; x++) {
if (s->init_data->smlists[x])
- DetectBufferRunSetupCallback(de_ctx, x, s);
+ DetectEngineBufferRunSetupCallback(de_ctx, x, s);
}
de_ctx->sig_cnt++;
exit(EXIT_FAILURE);
}
if (mpm_list == e->sm_list) {
- SCLogDebug("%s is mpm", DetectBufferTypeGetNameById(de_ctx, e->sm_list));
+ SCLogDebug("%s is mpm", DetectEngineBufferTypeGetNameById(de_ctx, e->sm_list));
prepend = true;
new_engine->mpm = true;
}
exit(EXIT_FAILURE);
}
if (mpm_list == t->sm_list) {
- SCLogDebug("%s is mpm", DetectBufferTypeGetNameById(de_ctx, t->sm_list));
+ SCLogDebug("%s is mpm", DetectEngineBufferTypeGetNameById(de_ctx, t->sm_list));
prepend = true;
head_is_mpm = true;
new_engine->mpm = true;
const DetectEngineAppInspectionEngine *iter = s->app_inspect;
while (iter) {
SCLogDebug("%u: engine %s id %u progress %d %s", s->id,
- DetectBufferTypeGetNameById(de_ctx, iter->sm_list), iter->id,
- iter->progress,
- iter->sm_list == mpm_list ? "MPM":"");
+ DetectEngineBufferTypeGetNameById(de_ctx, iter->sm_list), iter->id, iter->progress,
+ iter->sm_list == mpm_list ? "MPM" : "");
iter = iter->next;
}
#endif
return exists->id;
}
-const DetectBufferType *DetectBufferTypeGetById(const DetectEngineCtx *de_ctx, const int id)
+static DetectBufferType *DetectEngineBufferTypeLookupByName(
+ const DetectEngineCtx *de_ctx, const char *string)
+{
+ DetectBufferType map = { (char *)string, NULL, 0, 0, 0, 0, false, NULL, NULL, no_transforms };
+
+ DetectBufferType *res = HashListTableLookup(de_ctx->buffer_type_hash_name, &map, 0);
+ return res;
+}
+
+const DetectBufferType *DetectEngineBufferTypeGetById(const DetectEngineCtx *de_ctx, const int id)
{
DetectBufferType lookup;
memset(&lookup, 0, sizeof(lookup));
return res;
}
-const char *DetectBufferTypeGetNameById(const DetectEngineCtx *de_ctx, const int id)
+const char *DetectEngineBufferTypeGetNameById(const DetectEngineCtx *de_ctx, const int id)
{
- const DetectBufferType *res = DetectBufferTypeGetById(de_ctx, id);
+ const DetectBufferType *res = DetectEngineBufferTypeGetById(de_ctx, id);
return res ? res->string : NULL;
}
+static int DetectEngineBufferTypeAdd(DetectEngineCtx *de_ctx, const char *string)
+{
+ DetectBufferType *map = SCCalloc(1, sizeof(*map));
+ if (map == NULL)
+ return -1;
+
+ map->string = string;
+ map->id = de_ctx->buffer_type_id++;
+
+ BUG_ON(HashListTableAdd(de_ctx->buffer_type_hash_name, (void *)map, 0) != 0);
+ BUG_ON(HashListTableAdd(de_ctx->buffer_type_hash_id, (void *)map, 0) != 0);
+ SCLogDebug("buffer %s registered with id %d", map->string, map->id);
+ return map->id;
+}
+
+int DetectEngineBufferTypeRegister(DetectEngineCtx *de_ctx, const char *name)
+{
+ DetectBufferType *exists = DetectEngineBufferTypeLookupByName(de_ctx, name);
+ if (!exists) {
+ return DetectEngineBufferTypeAdd(de_ctx, name);
+ } else {
+ return exists->id;
+ }
+}
+
void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc)
{
DetectBufferType *exists = DetectBufferTypeLookupByName(name);
exists->description = desc;
}
-const char *DetectBufferTypeGetDescriptionById(const DetectEngineCtx *de_ctx, const int id)
+const char *DetectEngineBufferTypeGetDescriptionById(const DetectEngineCtx *de_ctx, const int id)
{
- const DetectBufferType *exists = DetectBufferTypeGetById(de_ctx, id);
+ const DetectBufferType *exists = DetectEngineBufferTypeGetById(de_ctx, id);
if (!exists) {
return NULL;
}
return exists->description;
}
-bool DetectBufferTypeSupportsPacketGetById(const DetectEngineCtx *de_ctx, const int id)
+bool DetectEngineBufferTypeSupportsPacketGetById(const DetectEngineCtx *de_ctx, const int id)
{
- const DetectBufferType *map = DetectBufferTypeGetById(de_ctx, id);
+ const DetectBufferType *map = DetectEngineBufferTypeGetById(de_ctx, id);
if (map == NULL)
return false;
SCLogDebug("map %p id %d packet? %d", map, id, map->packet);
return map->packet;
}
-bool DetectBufferTypeSupportsMpmGetById(const DetectEngineCtx *de_ctx, const int id)
+bool DetectEngineBufferTypeSupportsMpmGetById(const DetectEngineCtx *de_ctx, const int id)
{
- const DetectBufferType *map = DetectBufferTypeGetById(de_ctx, id);
+ const DetectBufferType *map = DetectEngineBufferTypeGetById(de_ctx, id);
if (map == NULL)
return false;
SCLogDebug("map %p id %d mpm? %d", map, id, map->mpm);
exists->SetupCallback = SetupCallback;
}
-void DetectBufferRunSetupCallback(const DetectEngineCtx *de_ctx,
- const int id, Signature *s)
+void DetectEngineBufferRunSetupCallback(const DetectEngineCtx *de_ctx, const int id, Signature *s)
{
- const DetectBufferType *map = DetectBufferTypeGetById(de_ctx, id);
+ const DetectBufferType *map = DetectEngineBufferTypeGetById(de_ctx, id);
if (map && map->SetupCallback) {
map->SetupCallback(de_ctx, s);
}
exists->ValidateCallback = ValidateCallback;
}
-bool DetectBufferRunValidateCallback(const DetectEngineCtx *de_ctx,
- const int id, const Signature *s, const char **sigerror)
+bool DetectEngineBufferRunValidateCallback(
+ const DetectEngineCtx *de_ctx, const int id, const Signature *s, const char **sigerror)
{
- const DetectBufferType *map = DetectBufferTypeGetById(de_ctx, id);
+ const DetectBufferType *map = DetectEngineBufferTypeGetById(de_ctx, id);
if (map && map->ValidateCallback) {
return map->ValidateCallback(s, sigerror);
}
SCLogDebug("buffer %d has transform(s) registered: %d",
s->init_data->list, s->init_data->transforms.cnt);
- int new_list = DetectBufferTypeGetByIdTransforms(de_ctx, s->init_data->list,
+ int new_list = DetectEngineBufferTypeGetByIdTransforms(de_ctx, s->init_data->list,
s->init_data->transforms.transforms, s->init_data->transforms.cnt);
if (new_list == -1) {
SCReturnInt(-1);
* \retval true (false) If any of the transforms indicate the byte array is
* (is not) compatible.
**/
-bool DetectBufferTypeValidateTransform(DetectEngineCtx *de_ctx, int sm_list,
+bool DetectEngineBufferTypeValidateTransform(DetectEngineCtx *de_ctx, int sm_list,
const uint8_t *content, uint16_t content_len, const char **namestr)
{
- const DetectBufferType *dbt = DetectBufferTypeGetById(de_ctx, sm_list);
+ const DetectBufferType *dbt = DetectEngineBufferTypeGetById(de_ctx, sm_list);
BUG_ON(dbt == NULL);
for (int i = 0; i < dbt->transforms.cnt; i++) {
g_buffer_type_reg_closed = 1;
}
-int DetectBufferTypeGetByIdTransforms(DetectEngineCtx *de_ctx, const int id,
- TransformData *transforms, int transform_cnt)
+int DetectEngineBufferTypeGetByIdTransforms(
+ DetectEngineCtx *de_ctx, const int id, TransformData *transforms, int transform_cnt)
{
- const DetectBufferType *base_map = DetectBufferTypeGetById(de_ctx, id);
+ const DetectBufferType *base_map = DetectEngineBufferTypeGetById(de_ctx, id);
if (!base_map) {
return -1;
}
void InspectionBufferCopy(InspectionBuffer *buffer, uint8_t *buf, uint32_t buf_len);
void InspectionBufferApplyTransforms(InspectionBuffer *buffer,
const DetectEngineTransforms *transforms);
-bool DetectBufferTypeValidateTransform(DetectEngineCtx *de_ctx, int sm_list,
- const uint8_t *content, uint16_t content_len, const char **namestr);
void InspectionBufferClean(DetectEngineThreadCtx *det_ctx);
InspectionBuffer *InspectionBufferGet(DetectEngineThreadCtx *det_ctx, const int list_id);
void InspectionBufferSetupMulti(InspectionBuffer *buffer, const DetectEngineTransforms *transforms,
InspectionBuffer *InspectionBufferMultipleForListGet(
DetectEngineThreadCtx *det_ctx, const int list_id, uint32_t local_id);
+/* start up registery funcs */
+
int DetectBufferTypeRegister(const char *name);
int DetectBufferTypeGetByName(const char *name);
void DetectBufferTypeSupportsMpm(const char *name);
void (*Callback)(const DetectEngineCtx *, Signature *));
void DetectBufferTypeRegisterValidateCallback(const char *name,
bool (*ValidateCallback)(const Signature *, const char **sigerror));
-const DetectBufferType *DetectBufferTypeGetById(const DetectEngineCtx *de_ctx, const int id);
-
-int DetectBufferTypeGetByIdTransforms(DetectEngineCtx *de_ctx, const int id,
- TransformData *transforms, int transform_cnt);
-const char *DetectBufferTypeGetNameById(const DetectEngineCtx *de_ctx, const int id);
-bool DetectBufferTypeSupportsMpmGetById(const DetectEngineCtx *de_ctx, const int id);
-bool DetectBufferTypeSupportsPacketGetById(const DetectEngineCtx *de_ctx, const int id);
-const char *DetectBufferTypeGetDescriptionById(const DetectEngineCtx *de_ctx, const int id);
-void DetectBufferRunSetupCallback(const DetectEngineCtx *de_ctx, const int id, Signature *s);
-bool DetectBufferRunValidateCallback(const DetectEngineCtx *de_ctx, const int id, const Signature *s, const char **sigerror);
+
+/* detect engine related buffer funcs */
+
+int DetectEngineBufferTypeRegister(DetectEngineCtx *de_ctx, const char *name);
+const char *DetectEngineBufferTypeGetNameById(const DetectEngineCtx *de_ctx, const int id);
+const DetectBufferType *DetectEngineBufferTypeGetById(const DetectEngineCtx *de_ctx, const int id);
+bool DetectEngineBufferTypeSupportsMpmGetById(const DetectEngineCtx *de_ctx, const int id);
+bool DetectEngineBufferTypeSupportsPacketGetById(const DetectEngineCtx *de_ctx, const int id);
+const char *DetectEngineBufferTypeGetDescriptionById(const DetectEngineCtx *de_ctx, const int id);
+const DetectBufferType *DetectEngineBufferTypeGetById(const DetectEngineCtx *de_ctx, const int id);
+int DetectEngineBufferTypeGetByIdTransforms(
+ DetectEngineCtx *de_ctx, const int id, TransformData *transforms, int transform_cnt);
+void DetectEngineBufferRunSetupCallback(const DetectEngineCtx *de_ctx, const int id, Signature *s);
+bool DetectEngineBufferRunValidateCallback(
+ const DetectEngineCtx *de_ctx, const int id, const Signature *s, const char **sigerror);
+bool DetectEngineBufferTypeValidateTransform(DetectEngineCtx *de_ctx, int sm_list,
+ const uint8_t *content, uint16_t content_len, const char **namestr);
/* prototypes */
DetectEngineCtx *DetectEngineCtxInitWithPrefix(const char *prefix);
if (list_id == DETECT_SM_LIST_PMATCH)
return 1;
- return DetectBufferTypeSupportsMpmGetById(de_ctx, list_id);
+ return DetectEngineBufferTypeSupportsMpmGetById(de_ctx, list_id);
}
/**
/* if we have a sticky buffer, use that */
if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
- if (!(DetectBufferTypeSupportsMpmGetById(de_ctx, s->init_data->list))) {
+ if (!(DetectEngineBufferTypeSupportsMpmGetById(de_ctx, s->init_data->list))) {
return NULL;
}
/* otherwise brute force it */
for (sm_type = 0; sm_type < s->init_data->smlists_array_size; sm_type++) {
- if (!DetectBufferTypeSupportsMpmGetById(de_ctx, sm_type))
+ if (!DetectEngineBufferTypeSupportsMpmGetById(de_ctx, sm_type))
continue;
SigMatch *sm_list = s->init_data->smlists_tail[sm_type];
sm_new = SigMatchGetLastSMByType(sm_list, DETECT_CONTENT);
* e.g. alert ... (file_data; sid:1;) */
if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
if (s->init_data->smlists[s->init_data->list] == NULL) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "rule %u setup buffer %s but didn't add matches to it",
- s->id, DetectBufferTypeGetNameById(de_ctx, s->init_data->list));
+ SCLogError(SC_ERR_INVALID_SIGNATURE,
+ "rule %u setup buffer %s but didn't add matches to it", s->id,
+ DetectEngineBufferTypeGetNameById(de_ctx, s->init_data->list));
SCReturnInt(0);
}
}
if (app->sm_list == x &&
(AppProtoEquals(s->alproto, app->alproto) || s->alproto == 0)) {
SCLogDebug("engine %s dir %d alproto %d",
- DetectBufferTypeGetNameById(de_ctx, app->sm_list),
- app->dir, app->alproto);
+ DetectEngineBufferTypeGetNameById(de_ctx, app->sm_list), app->dir,
+ app->alproto);
bufdir[x].ts += (app->dir == 0);
bufdir[x].tc += (app->dir == 1);
}
}
- if (!DetectBufferRunValidateCallback(de_ctx, x, s, &de_ctx->sigerror)) {
+ if (!DetectEngineBufferRunValidateCallback(de_ctx, x, s, &de_ctx->sigerror)) {
SCReturnInt(0);
}
}
tc_excl += (bufdir[x].ts == 0 && bufdir[x].tc > 0);
dir_amb += (bufdir[x].ts > 0 && bufdir[x].tc > 0);
- SCLogDebug("%s/%d: %d/%d", DetectBufferTypeGetNameById(de_ctx, x),
- x, bufdir[x].ts, bufdir[x].tc);
+ SCLogDebug("%s/%d: %d/%d", DetectEngineBufferTypeGetNameById(de_ctx, x), x, bufdir[x].ts,
+ bufdir[x].tc);
}
if (ts_excl && tc_excl) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "rule %u mixes keywords with conflicting directions", s->id);
for (int i = 0; i < nlists; i++) {
if (s->init_data->smlists[i] == NULL)
continue;
- if (!(DetectBufferTypeGetNameById(de_ctx, i)))
+ if (!(DetectEngineBufferTypeGetNameById(de_ctx, i)))
continue;
- if (!(DetectBufferTypeSupportsPacketGetById(de_ctx, i))) {
+ if (!(DetectEngineBufferTypeSupportsPacketGetById(de_ctx, i))) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Signature combines packet "
"specific matches (like dsize, flags, ttl) with stream / "
"state matching by matching on app layer proto (like using "
/* run buffer type callbacks if any */
for (uint32_t x = 0; x < sig->init_data->smlists_array_size; x++) {
if (sig->init_data->smlists[x])
- DetectBufferRunSetupCallback(de_ctx, x, sig);
+ DetectEngineBufferRunSetupCallback(de_ctx, x, sig);
}
/* validate signature, SigValidate will report the error reason */
SCLogError(SC_ERR_INVALID_SIGNATURE,
"Expression seen with a sticky buffer still set; either (1) reset sticky "
"buffer with pkt_data or (2) use a sticky buffer providing \"%s\".",
- DetectBufferTypeGetDescriptionById(de_ctx, parsed_sm_list));
+ DetectEngineBufferTypeGetDescriptionById(de_ctx, parsed_sm_list));
goto error;
}
if (DetectBufferGetActiveList(de_ctx, s) == -1)
SCLogError(SC_ERR_RAWBYTES_BUFFER,
"\"rawbytes\" cannot be combined "
"with the \"%s\" sticky buffer",
- DetectBufferTypeGetNameById(de_ctx, s->init_data->list));
+ DetectEngineBufferTypeGetNameById(de_ctx, s->init_data->list));
SCReturnInt(-1);
}
if (i < DETECT_SM_LIST_DYNAMIC_START) {
name = DetectSigmatchListEnumToString(i);
} else {
- name = DetectBufferTypeGetNameById(de_ctx, i);
+ name = DetectEngineBufferTypeGetNameById(de_ctx, i);
}
DoDump(de_ctx->profile_keyword_ctx_per_list[i], fp, name);
projects / thirdparty / suricata.git / commitdiff
