#include "detect-flowbits.h"
#include "util-profiling.h"
+#include "util-validate.h"
void SigCleanSignatures(DetectEngineCtx *de_ctx)
{
uint32_t alproto_mpm_bufs[ALPROTO_MAX][max_buffer_type_id];
memset(alproto_mpm_bufs, 0, sizeof(alproto_mpm_bufs));
+ DEBUG_VALIDATE_BUG_ON(sgh->init == NULL);
+ if (sgh->init == NULL)
+ return NULL;
+
json_t *js = json_object();
if (unlikely(js == NULL))
return NULL;
const Signature *s;
uint32_t x;
- for (x = 0; x < sgh->sig_cnt; x++) {
- s = sgh->match_array[x];
+ for (x = 0; x < sgh->init->sig_cnt; x++) {
+ s = sgh->init->match_array[x];
if (s == NULL)
continue;
json_object_set_new(js, "rules", js_array);
json_t *stats = json_object();
- json_object_set_new(stats, "total", json_integer(sgh->sig_cnt));
+ json_object_set_new(stats, "total", json_integer(sgh->init->sig_cnt));
json_t *types = json_object();
json_object_set_new(types, "mpm", json_integer(mpm_cnt));
}
json_object_set_new(js, "stats", stats);
- if (sgh->init)
- json_object_set_new(js, "whitelist", json_integer(sgh->init->whitelist));
+ json_object_set_new(js, "whitelist", json_integer(sgh->init->whitelist));
return js;
}
} else if (p == IPPROTO_ICMP || p == IPPROTO_ICMPV6) {
const char *name = (p == IPPROTO_ICMP) ? "icmpv4" : "icmpv6";
json_t *o = json_object();
- json_t *ts = json_object();
- json_t *tc = json_object();
-
if (de_ctx->flow_gh[1].sgh[p]) {
+ json_t *ts = json_object();
json_t *group_ts = RulesGroupPrintSghStats(
de_ctx, de_ctx->flow_gh[1].sgh[p], add_rules, add_mpm_stats);
json_object_set_new(ts, "rulegroup", group_ts);
json_object_set_new(o, "toserver", ts);
}
if (de_ctx->flow_gh[0].sgh[p]) {
+ json_t *tc = json_object();
json_t *group_tc = RulesGroupPrintSghStats(
de_ctx, de_ctx->flow_gh[0].sgh[p], add_rules, add_mpm_stats);
json_object_set_new(tc, "rulegroup", group_tc);
int CreateGroupedPortListCmpCnt(DetectPort *a, DetectPort *b)
{
if (PortGroupWhitelist(a) && !PortGroupWhitelist(b)) {
- SCLogDebug("%u:%u (cnt %u, wl %d) wins against %u:%u (cnt %u, wl %d)",
- a->port, a->port2, a->sh->sig_cnt, PortGroupWhitelist(a),
- b->port, b->port2, b->sh->sig_cnt, PortGroupWhitelist(b));
+ SCLogDebug("%u:%u (cnt %u, wl %d) wins against %u:%u (cnt %u, wl %d)", a->port, a->port2,
+ a->sh->init->sig_cnt, PortGroupWhitelist(a), b->port, b->port2,
+ b->sh->init->sig_cnt, PortGroupWhitelist(b));
return 1;
} else if (!PortGroupWhitelist(a) && PortGroupWhitelist(b)) {
- SCLogDebug("%u:%u (cnt %u, wl %d) loses against %u:%u (cnt %u, wl %d)",
- a->port, a->port2, a->sh->sig_cnt, PortGroupWhitelist(a),
- b->port, b->port2, b->sh->sig_cnt, PortGroupWhitelist(b));
+ SCLogDebug("%u:%u (cnt %u, wl %d) loses against %u:%u (cnt %u, wl %d)", a->port, a->port2,
+ a->sh->init->sig_cnt, PortGroupWhitelist(a), b->port, b->port2,
+ b->sh->init->sig_cnt, PortGroupWhitelist(b));
return 0;
} else if (PortGroupWhitelist(a) > PortGroupWhitelist(b)) {
- SCLogDebug("%u:%u (cnt %u, wl %d) wins against %u:%u (cnt %u, wl %d)",
- a->port, a->port2, a->sh->sig_cnt, PortGroupWhitelist(a),
- b->port, b->port2, b->sh->sig_cnt, PortGroupWhitelist(b));
+ SCLogDebug("%u:%u (cnt %u, wl %d) wins against %u:%u (cnt %u, wl %d)", a->port, a->port2,
+ a->sh->init->sig_cnt, PortGroupWhitelist(a), b->port, b->port2,
+ b->sh->init->sig_cnt, PortGroupWhitelist(b));
return 1;
} else if (PortGroupWhitelist(a) == PortGroupWhitelist(b)) {
- if (a->sh->sig_cnt > b->sh->sig_cnt) {
- SCLogDebug("%u:%u (cnt %u, wl %d) wins against %u:%u (cnt %u, wl %d)",
- a->port, a->port2, a->sh->sig_cnt, PortGroupWhitelist(a),
- b->port, b->port2, b->sh->sig_cnt, PortGroupWhitelist(b));
+ if (a->sh->init->sig_cnt > b->sh->init->sig_cnt) {
+ SCLogDebug("%u:%u (cnt %u, wl %d) wins against %u:%u (cnt %u, wl %d)", a->port,
+ a->port2, a->sh->init->sig_cnt, PortGroupWhitelist(a), b->port, b->port2,
+ b->sh->init->sig_cnt, PortGroupWhitelist(b));
return 1;
}
}
- SCLogDebug("%u:%u (cnt %u, wl %d) loses against %u:%u (cnt %u, wl %d)",
- a->port, a->port2, a->sh->sig_cnt, PortGroupWhitelist(a),
- b->port, b->port2, b->sh->sig_cnt, PortGroupWhitelist(b));
+ SCLogDebug("%u:%u (cnt %u, wl %d) loses against %u:%u (cnt %u, wl %d)", a->port, a->port2,
+ a->sh->init->sig_cnt, PortGroupWhitelist(a), b->port, b->port2, b->sh->init->sig_cnt,
+ PortGroupWhitelist(b));
return 0;
}
SigGroupHeadBuildNonPrefilterArray(de_ctx, sgh);
- SigGroupHeadInitDataFree(sgh->init);
- sgh->init = NULL;
-
sgh->id = idx;
cnt++;
}
* signature not decode event only. */
}
- /* cleanup the hashes now since we won't need them
- * after the initialization phase. */
- SigGroupHeadHashFree(de_ctx);
-
int dump_grouping = 0;
(void)ConfGetBool("detect.profiling.grouping.dump-to-disk", &dump_grouping);
RulesDumpGrouping(de_ctx, add_rules, add_mpm_stats);
}
+ for (uint32_t idx = 0; idx < de_ctx->sgh_array_cnt; idx++) {
+ SigGroupHead *sgh = de_ctx->sgh_array[idx];
+ if (sgh == NULL)
+ continue;
+ SigGroupHeadInitDataFree(sgh->init);
+ sgh->init = NULL;
+ }
+ /* cleanup the hashes now since we won't need them
+ * after the initialization phase. */
+ SigGroupHeadHashFree(de_ctx);
+
#ifdef PROFILING
SCProfilingSghInitCounters(de_ctx);
#endif
break;
}
- for (sig = 0; sig < sgh->sig_cnt; sig++) {
- s = sgh->match_array[sig];
+ for (sig = 0; sig < sgh->init->sig_cnt; sig++) {
+ s = sgh->init->match_array[sig];
if (s == NULL)
continue;
am->direction == SIG_FLAG_TOSERVER ? "toserver" : "toclient",
am->sm_list);
- for (sig = 0; sig < sgh->sig_cnt; sig++) {
- s = sgh->match_array[sig];
+ for (sig = 0; sig < sgh->init->sig_cnt; sig++) {
+ s = sgh->init->match_array[sig];
if (s == NULL)
continue;
SCLogDebug("handling %s for list %d", am->name,
am->sm_list);
- for (sig = 0; sig < sgh->sig_cnt; sig++) {
- s = sgh->match_array[sig];
+ for (sig = 0; sig < sgh->init->sig_cnt; sig++) {
+ s = sgh->init->match_array[sig];
if (s == NULL)
continue;
const Signature *s = NULL;
uint32_t sig;
- for (sig = 0; sig < sgh->sig_cnt; sig++) {
- s = sgh->match_array[sig];
+ for (sig = 0; sig < sgh->init->sig_cnt; sig++) {
+ s = sgh->init->match_array[sig];
if (s == NULL)
continue;
return -1;
}
- for (sig = 0; sig < sgh->sig_cnt; sig++) {
- s = sgh->match_array[sig];
+ for (sig = 0; sig < sgh->init->sig_cnt; sig++) {
+ s = sgh->init->match_array[sig];
if (s == NULL)
continue;
if (s->init_data->prefilter_sm == NULL || s->init_data->prefilter_sm->type != sm_type)
return 0;
}
- for (sig = 0; sig < sgh->sig_cnt; sig++) {
- s = sgh->match_array[sig];
+ for (sig = 0; sig < sgh->init->sig_cnt; sig++) {
+ s = sgh->init->match_array[sig];
if (s == NULL)
continue;
if (s->init_data->prefilter_sm == NULL || s->init_data->prefilter_sm->type != sm_type)
if (hash_table == NULL)
return -1;
- for (sig = 0; sig < sgh->sig_cnt; sig++) {
- s = sgh->match_array[sig];
+ for (sig = 0; sig < sgh->init->sig_cnt; sig++) {
+ s = sgh->init->match_array[sig];
if (s == NULL)
continue;
if (s->init_data->prefilter_sm == NULL || s->init_data->prefilter_sm->type != sm_type)
void SigGroupHeadInitDataFree(SigGroupHeadInitData *sghid)
{
+ if (sghid->match_array != NULL) {
+ SCFree(sghid->match_array);
+ sghid->match_array = NULL;
+ }
if (sghid->sig_array != NULL) {
SCFree(sghid->sig_array);
sghid->sig_array = NULL;
SCLogDebug("sgh %p", sgh);
- if (sgh->match_array != NULL) {
- SCFree(sgh->match_array);
- sgh->match_array = NULL;
- }
-
if (sgh->non_pf_other_store_array != NULL) {
SCFree(sgh->non_pf_other_store_array);
sgh->non_pf_other_store_array = NULL;
sgh->non_pf_syn_store_cnt = 0;
}
- sgh->sig_cnt = 0;
-
if (sgh->init != NULL) {
SigGroupHeadInitDataFree(sgh->init);
sgh->init = NULL;
if (sgh->init->sig_array != NULL)
memset(sgh->init->sig_array, 0, sgh->init->sig_size);
- sgh->sig_cnt = 0;
+ sgh->init->sig_cnt = 0;
return 0;
}
{
uint32_t sig;
- sgh->sig_cnt = 0;
+ sgh->init->sig_cnt = 0;
for (sig = 0; sig < max_idx + 1; sig++) {
if (sgh->init->sig_array[sig / 8] & (1 << (sig % 8)))
- sgh->sig_cnt++;
+ sgh->init->sig_cnt++;
}
return;
if (sgh == NULL)
return 0;
- BUG_ON(sgh->match_array != NULL);
+ BUG_ON(sgh->init->match_array != NULL);
- sgh->match_array = SCMalloc(sgh->sig_cnt * sizeof(Signature *));
- if (sgh->match_array == NULL)
+ sgh->init->match_array = SCMalloc(sgh->init->sig_cnt * sizeof(Signature *));
+ if (sgh->init->match_array == NULL)
return -1;
- memset(sgh->match_array,0, sgh->sig_cnt * sizeof(Signature *));
+ memset(sgh->init->match_array, 0, sgh->init->sig_cnt * sizeof(Signature *));
for (sig = 0; sig < max_idx + 1; sig++) {
if (!(sgh->init->sig_array[(sig / 8)] & (1 << (sig % 8))) )
if (s == NULL)
continue;
- sgh->match_array[idx] = s;
+ sgh->init->match_array[idx] = s;
idx++;
}
if (sgh == NULL)
return;
- for (sig = 0; sig < sgh->sig_cnt; sig++) {
- s = sgh->match_array[sig];
+ for (sig = 0; sig < sgh->init->sig_cnt; sig++) {
+ s = sgh->init->match_array[sig];
if (s == NULL)
continue;
if (sgh == NULL)
return;
- for (sig = 0; sig < sgh->sig_cnt; sig++) {
- s = sgh->match_array[sig];
+ for (sig = 0; sig < sgh->init->sig_cnt; sig++) {
+ s = sgh->init->match_array[sig];
if (s == NULL)
continue;
if (sgh == NULL)
return;
- for (sig = 0; sig < sgh->sig_cnt; sig++) {
- s = sgh->match_array[sig];
+ for (sig = 0; sig < sgh->init->sig_cnt; sig++) {
+ s = sgh->init->match_array[sig];
if (s == NULL)
continue;
if (sgh == NULL)
return;
- for (sig = 0; sig < sgh->sig_cnt; sig++) {
- s = sgh->match_array[sig];
+ for (sig = 0; sig < sgh->init->sig_cnt; sig++) {
+ s = sgh->init->match_array[sig];
if (s == NULL)
continue;
BUG_ON(sgh->non_pf_other_store_array != NULL);
- for (sig = 0; sig < sgh->sig_cnt; sig++) {
- s = sgh->match_array[sig];
+ for (sig = 0; sig < sgh->init->sig_cnt; sig++) {
+ s = sgh->init->match_array[sig];
if (s == NULL)
continue;
memset(sgh->non_pf_syn_store_array, 0, non_pf_syn * sizeof(SignatureNonPrefilterStore));
}
- for (sig = 0; sig < sgh->sig_cnt; sig++) {
- s = sgh->match_array[sig];
+ for (sig = 0; sig < sgh->init->sig_cnt; sig++) {
+ s = sgh->init->match_array[sig];
if (s == NULL)
continue;
SigGroupHeadSetSigCnt(sh, 4);
- result &= (sh->sig_cnt == 3);
+ result &= (sh->init->sig_cnt == 3);
result &= (SigGroupHeadContainsSigId(de_ctx, sh, 1) == 1);
result &= (SigGroupHeadContainsSigId(de_ctx, sh, 2) == 0);
result &= (SigGroupHeadContainsSigId(de_ctx, sh, 3) == 1);
SigGroupHeadSetSigCnt(sh, 4);
- result &= (sh->sig_cnt == 3);
+ result &= (sh->init->sig_cnt == 3);
result &= (SigGroupHeadContainsSigId(de_ctx, sh, 1) == 1);
result &= (SigGroupHeadContainsSigId(de_ctx, sh, 2) == 0);
result &= (SigGroupHeadContainsSigId(de_ctx, sh, 3) == 1);
SigGroupHeadClearSigs(sh);
- result &= (sh->sig_cnt == 0);
+ result &= (sh->init->sig_cnt == 0);
result &= (SigGroupHeadContainsSigId(de_ctx, sh, 1) == 0);
result &= (SigGroupHeadContainsSigId(de_ctx, sh, 2) == 0);
result &= (SigGroupHeadContainsSigId(de_ctx, sh, 3) == 0);
SigGroupHeadSetSigCnt(src_sh, 4);
- result &= (src_sh->sig_cnt == 3);
+ result &= (src_sh->init->sig_cnt == 3);
result &= (SigGroupHeadContainsSigId(de_ctx, src_sh, 1) == 1);
result &= (SigGroupHeadContainsSigId(de_ctx, src_sh, 2) == 0);
result &= (SigGroupHeadContainsSigId(de_ctx, src_sh, 3) == 1);
SigGroupHeadSetSigCnt(dst_sh, 4);
- result &= (dst_sh->sig_cnt == 3);
+ result &= (dst_sh->init->sig_cnt == 3);
result &= (SigGroupHeadContainsSigId(de_ctx, dst_sh, 1) == 1);
result &= (SigGroupHeadContainsSigId(de_ctx, dst_sh, 2) == 0);
result &= (SigGroupHeadContainsSigId(de_ctx, dst_sh, 3) == 1);
SigGroupHeadSetSigCnt(sh, 4);
SigGroupHeadBuildMatchArray(de_ctx, sh, 4);
- result &= (sh->match_array[0] == de_ctx->sig_list);
- result &= (sh->match_array[1] == de_ctx->sig_list->next->next);
- result &= (sh->match_array[2] == de_ctx->sig_list->next->next->next->next);
+ result &= (sh->init->match_array[0] == de_ctx->sig_list);
+ result &= (sh->init->match_array[1] == de_ctx->sig_list->next->next);
+ result &= (sh->init->match_array[2] == de_ctx->sig_list->next->next->next->next);
SigGroupHeadFree(de_ctx, sh);
PrefilterEngineList *payload_engines;
PrefilterEngineList *tx_engines;
+ /** number of sigs in this group */
+ SigIntId sig_cnt;
+
+ /** Array with sig ptrs... size is sig_cnt * sizeof(Signature *) */
+ Signature **match_array;
+
/* port ptr */
struct DetectPort_ *port;
} SigGroupHeadInitData;
uint32_t flags;
/* coccinelle: SigGroupHead:flags:SIG_GROUP_HEAD_ */
- /* number of sigs in this head */
- SigIntId sig_cnt;
-
/* non prefilter list excluding SYN rules */
uint32_t non_pf_other_store_cnt;
uint32_t non_pf_syn_store_cnt;
PrefilterEngine *payload_engines;
PrefilterEngine *tx_engines;
- /** Array with sig ptrs... size is sig_cnt * sizeof(Signature *) */
- Signature **match_array;
-
/* ptr to our init data we only use at... init :) */
SigGroupHeadInitData *init;
projects / thirdparty / suricata.git / commitdiff
