static _Bool PrefilterTcpAckIsPrefilterable(const Signature *s)
{
const SigMatch *sm;
- for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
+ for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
switch (sm->type) {
case DETECT_ACK:
return TRUE;
static int DetectAppLayerEventPktMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
Packet *p, const Signature *s, const SigMatchCtx *ctx);
static int DetectAppLayerEventAppMatch(ThreadVars *, DetectEngineThreadCtx *, Flow *,
- uint8_t, void *, const Signature *, const SigMatch *);
+ uint8_t, void *, const Signature *, const SigMatchData *);
static int DetectAppLayerEventSetupP1(DetectEngineCtx *, Signature *, char *);
static void DetectAppLayerEventRegisterTests(void);
static void DetectAppLayerEventFree(void *);
}
static int DetectAppLayerEventAppMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
- Flow *f, uint8_t flags, void *state, const Signature *s,
- const SigMatch *m)
+ Flow *f, uint8_t flags, void *state,
+ const Signature *s, const SigMatchData *m)
{
SCEnter();
AppLayerDecoderEvents *decoder_events = NULL;
int DetectAppLayerEventPrepare(Signature *s)
{
- SigMatch *sm = s->sm_lists[DETECT_SM_LIST_APP_EVENT];
- s->sm_lists[DETECT_SM_LIST_APP_EVENT] = NULL;
- s->sm_lists_tail[DETECT_SM_LIST_APP_EVENT] = NULL;
+ SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_APP_EVENT];
+ s->init_data->smlists[DETECT_SM_LIST_APP_EVENT] = NULL;
+ s->init_data->smlists_tail[DETECT_SM_LIST_APP_EVENT] = NULL;
while (sm != NULL) {
sm->next = sm->prev = NULL;
/* Check for a preceding base64_decode. */
pm = SigMatchGetLastSMFromLists(s, 28,
- DETECT_BASE64_DECODE, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_BASE64_DECODE, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_BASE64_DECODE, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_BASE64_DECODE, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_BASE64_DECODE, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_BASE64_DECODE, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_BASE64_DECODE, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_BASE64_DECODE, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_BASE64_DECODE, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_BASE64_DECODE, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_BASE64_DECODE, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_BASE64_DECODE, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_BASE64_DECODE, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_BASE64_DECODE, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH]);
+ DETECT_BASE64_DECODE, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_BASE64_DECODE, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_BASE64_DECODE, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_BASE64_DECODE, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_BASE64_DECODE, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_BASE64_DECODE, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_BASE64_DECODE, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_BASE64_DECODE, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_BASE64_DECODE, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_BASE64_DECODE, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_BASE64_DECODE, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_BASE64_DECODE, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_BASE64_DECODE, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_BASE64_DECODE, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH]);
if (pm == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE,
"\"base64_data\" keyword seen without preceding base64_decode.");
else {
/* Copied from detect-isdataat.c. */
pm = SigMatchGetLastSMFromLists(s, 168,
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH]);
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH]);
if (pm == NULL) {
sm_list = DETECT_SM_LIST_PMATCH;
}
s->flags |= SIG_FLAG_APPLAYER;
if (data->flags & DETECT_BYTE_EXTRACT_FLAG_RELATIVE) {
prev_pm = SigMatchGetLastSMFromLists(s, 4,
- DETECT_CONTENT, s->sm_lists_tail[sm_list],
- DETECT_PCRE, s->sm_lists_tail[sm_list]);
+ DETECT_CONTENT, s->init_data->smlists_tail[sm_list],
+ DETECT_PCRE, s->init_data->smlists_tail[sm_list]);
}
} else if (data->endian == DETECT_BYTE_EXTRACT_ENDIAN_DCE) {
if (data->flags & DETECT_BYTE_EXTRACT_FLAG_RELATIVE) {
prev_pm = SigMatchGetLastSMFromLists(s, 12,
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH]);
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH]);
if (prev_pm == NULL) {
sm_list = DETECT_SM_LIST_PMATCH;
} else {
} else if (data->flags & DETECT_BYTE_EXTRACT_FLAG_RELATIVE) {
prev_pm = SigMatchGetLastSMFromLists(s, 168,
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH],
-
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH],
-
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH],
-
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH],
-
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH],
-
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH]);
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH],
+
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH],
+
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH],
+
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH],
+
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH],
+
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH]);
if (prev_pm == NULL) {
sm_list = DETECT_SM_LIST_PMATCH;
} else {
}
SigMatch *prev_bed_sm = SigMatchGetLastSMFromLists(s, 2,
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[sm_list]);
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[sm_list]);
if (prev_bed_sm == NULL)
data->local_id = 0;
else
int list;
for (list = 0; list < DETECT_SM_LIST_MAX; list++) {
- SigMatch *sm = s->sm_lists[list];
+ SigMatch *sm = s->init_data->smlists[list];
while (sm != NULL) {
if (sm->type == DETECT_BYTE_EXTRACT) {
bed = (DetectByteExtractData *)sm->ctx;
s->flags |= SIG_FLAG_APPLAYER;
if (data->flags & DETECT_BYTEJUMP_RELATIVE) {
prev_pm = SigMatchGetLastSMFromLists(s, 4,
- DETECT_CONTENT, s->sm_lists_tail[sm_list],
- DETECT_PCRE, s->sm_lists_tail[sm_list]);
+ DETECT_CONTENT, s->init_data->smlists_tail[sm_list],
+ DETECT_PCRE, s->init_data->smlists_tail[sm_list]);
}
} else if (data->flags & DETECT_BYTEJUMP_DCE) {
if (data->flags & DETECT_BYTEJUMP_RELATIVE) {
prev_pm = SigMatchGetLastSMFromLists(s, 12,
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH]);
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH]);
if (prev_pm == NULL) {
sm_list = DETECT_SM_LIST_PMATCH;
} else {
} else if (data->flags & DETECT_BYTEJUMP_RELATIVE) {
prev_pm = SigMatchGetLastSMFromLists(s, 168,
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH],
-
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH],
-
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH],
-
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH],
-
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH],
-
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH]);
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH],
+
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH],
+
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH],
+
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH],
+
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH],
+
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH]);
if (prev_pm == NULL) {
sm_list = DETECT_SM_LIST_PMATCH;
} else {
s->flags |= SIG_FLAG_APPLAYER;
if (data->flags & DETECT_BYTETEST_RELATIVE) {
prev_pm = SigMatchGetLastSMFromLists(s, 4,
- DETECT_CONTENT, s->sm_lists_tail[sm_list],
- DETECT_PCRE, s->sm_lists_tail[sm_list]);
+ DETECT_CONTENT, s->init_data->smlists_tail[sm_list],
+ DETECT_PCRE, s->init_data->smlists_tail[sm_list]);
}
} else if (data->flags & DETECT_BYTETEST_DCE) {
if (data->flags & DETECT_BYTETEST_RELATIVE) {
prev_pm = SigMatchGetLastSMFromLists(s, 12,
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH]);
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH]);
if (prev_pm == NULL) {
sm_list = DETECT_SM_LIST_PMATCH;
} else {
} else if (data->flags & DETECT_BYTETEST_RELATIVE) {
prev_pm = SigMatchGetLastSMFromLists(s, 168,
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH],
-
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH],
-
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH],
-
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH],
-
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH],
-
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH]);
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH],
+
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH],
+
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH],
+
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH],
+
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH],
+
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH]);
if (prev_pm == NULL) {
sm_list = DETECT_SM_LIST_PMATCH;
} else {
static pcre *parse_regex = NULL;
static pcre_extra *parse_regex_study = NULL;
-static int DetectDceIfaceMatch(ThreadVars *, DetectEngineThreadCtx *, Flow *,
- uint8_t, void *, const Signature *, const SigMatch *);
+static int DetectDceIfaceMatch(ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t,
+ void *, const Signature *, const SigMatchData *);
static int DetectDceIfaceSetup(DetectEngineCtx *, Signature *, char *);
static void DetectDceIfaceFree(void *);
static void DetectDceIfaceRegisterTests(void);
*/
static int DetectDceIfaceMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
Flow *f, uint8_t flags, void *state,
- const Signature *s, const SigMatch *m)
+ const Signature *s, const SigMatchData *m)
{
SCEnter();
static pcre_extra *parse_regex_study = NULL;
static int DetectDceOpnumMatch(ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t,
- void *, const Signature *, const SigMatch *);
+ void *, const Signature *, const SigMatchData *);
static int DetectDceOpnumSetup(DetectEngineCtx *, Signature *, char *);
static void DetectDceOpnumFree(void *);
static void DetectDceOpnumRegisterTests(void);
*/
static int DetectDceOpnumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
Flow *f, uint8_t flags, void *state,
- const Signature *s, const SigMatch *m)
+ const Signature *s, const SigMatchData *m)
{
SCEnter();
/* retrive the sm to apply the depth against */
if (s->list != DETECT_SM_LIST_NOTSET) {
- pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->sm_lists_tail[s->list]);
+ pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->init_data->smlists_tail[s->list]);
} else {
pm = SigMatchGetLastSMFromLists(s, 28,
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH]);
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH]);
}
if (pm == NULL) {
SCLogError(SC_ERR_DEPTH_MISSING_CONTENT, "depth needs "
/* checks if there's a previous instance of threshold */
tmpm = SigMatchGetLastSMFromLists(s, 2,
- DETECT_THRESHOLD, s->sm_lists_tail[DETECT_SM_LIST_MATCH]);
+ DETECT_THRESHOLD, s->init_data->smlists_tail[DETECT_SM_LIST_MATCH]);
if (tmpm != NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "\"detection_filter\" and \"threshold\" are not allowed in the same rule");
SCReturnInt(-1);
}
/* checks there's no previous instance of detection_filter */
tmpm = SigMatchGetLastSMFromLists(s, 2,
- DETECT_DETECTION_FILTER, s->sm_lists_tail[DETECT_SM_LIST_MATCH]);
+ DETECT_DETECTION_FILTER, s->init_data->smlists_tail[DETECT_SM_LIST_MATCH]);
if (tmpm != NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "At most one \"detection_filter\" is allowed per rule");
SCReturnInt(-1);
/* retrive the sm to apply the depth against */
if (s->list != DETECT_SM_LIST_NOTSET) {
- pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->sm_lists_tail[s->list]);
+ pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->init_data->smlists_tail[s->list]);
} else {
pm = SigMatchGetLastSMFromLists(s, 28,
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH]);
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH]);
}
if (pm == NULL) {
SCLogError(SC_ERR_OFFSET_MISSING_CONTENT, "distance needs "
if (SigMatchGetLastSMFromLists(s, 2,
DETECT_DSIZE,
- s->sm_lists_tail[DETECT_SM_LIST_MATCH]) != NULL) {
+ s->init_data->smlists_tail[DETECT_SM_LIST_MATCH]) != NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Can't use 2 or more dsizes in "
"the same sig. Invalidating signature.");
goto error;
static _Bool PrefilterDsizeIsPrefilterable(const Signature *s)
{
const SigMatch *sm;
- for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
+ for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
switch (sm->type) {
case DETECT_DSIZE:
return TRUE;
for (list_id = 0; list_id < DETECT_SM_LIST_MAX; list_id++) {
SigMatch *sm = NULL;
- for (sm = s->sm_lists[list_id]; sm != NULL; sm = sm->next) {
+ for (sm = s->init_data->smlists[list_id]; sm != NULL; sm = sm->next) {
if (sm->type == DETECT_PCRE) {
if (list_id == DETECT_SM_LIST_HCBDMATCH) {
rule_pcre_http += 1;
uint16_t dce_stub_data_len;
int r = 0;
- if (s->sm_lists[DETECT_SM_LIST_DMATCH] == NULL || dcerpc_state == NULL) {
+ if (s->sm_arrays[DETECT_SM_LIST_DMATCH] == NULL || dcerpc_state == NULL) {
SCReturnInt(0);
}
dce_stub_data_len,
0,
0, dcerpc_state);
- //r = DoInspectDcePayload(de_ctx, det_ctx, s, s->sm_lists[DETECT_SM_LIST_DMATCH], f,
+ //r = DoInspectDcePayload(de_ctx, det_ctx, s, s->init_data->smlists[DETECT_SM_LIST_DMATCH], f,
//dce_stub_data, dce_stub_data_len, dcerpc_state);
if (r == 1) {
SCReturnInt(1);
dce_stub_data_len,
0,
0, dcerpc_state);
- //r = DoInspectDcePayload(de_ctx, det_ctx, s, s->sm_lists[DETECT_SM_LIST_DMATCH], f,
+ //r = DoInspectDcePayload(de_ctx, det_ctx, s, s->init_data->smlists[DETECT_SM_LIST_DMATCH], f,
//dce_stub_data, dce_stub_data_len, dcerpc_state);
if (r == 1) {
SCReturnInt(1);
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] != NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] != NULL) {
result = 0;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
result = 0;
goto end;
}
- sm = s->sm_lists[DETECT_SM_LIST_PMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH];
if (sm->type != DETECT_CONTENT) {
result = 0;
goto end;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] != NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] != NULL) {
result = 0;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
result = 0;
goto end;
}
- sm = s->sm_lists[DETECT_SM_LIST_PMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH];
if (sm->type != DETECT_CONTENT) {
result = 0;
goto end;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) {
result = 0;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] != NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] != NULL) {
result = 0;
goto end;
}
- sm = s->sm_lists[DETECT_SM_LIST_DMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH];
if (sm->type != DETECT_CONTENT) {
result = 0;
goto end;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) {
result = 0;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
result = 0;
goto end;
}
- sm = s->sm_lists[DETECT_SM_LIST_DMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH];
if (sm->type != DETECT_CONTENT) {
result = 0;
goto end;
if (result == 0)
goto end;
- sm = s->sm_lists[DETECT_SM_LIST_PMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH];
if (sm->type != DETECT_CONTENT) {
result = 0;
goto end;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] != NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] != NULL) {
result = 0;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
result = 0;
goto end;
}
- sm = s->sm_lists[DETECT_SM_LIST_PMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH];
if (sm->type != DETECT_PCRE) {
result = 0;
goto end;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] != NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] != NULL) {
result = 0;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
result = 0;
goto end;
}
- sm = s->sm_lists[DETECT_SM_LIST_PMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH];
if (sm->type != DETECT_BYTEJUMP) {
result = 0;
goto end;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) {
result = 0;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
result = 0;
goto end;
}
- sm = s->sm_lists[DETECT_SM_LIST_DMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH];
if (sm->type != DETECT_BYTEJUMP) {
result = 0;
goto end;
if (result == 0)
goto end;
- sm = s->sm_lists[DETECT_SM_LIST_PMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH];
if (sm->type != DETECT_CONTENT) {
result = 0;
goto end;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) {
result = 0;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
result = 0;
goto end;
}
- sm = s->sm_lists[DETECT_SM_LIST_DMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH];
if (sm->type != DETECT_BYTEJUMP) {
result = 0;
goto end;
if (result == 0)
goto end;
- sm = s->sm_lists[DETECT_SM_LIST_PMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH];
if (sm->type != DETECT_CONTENT) {
result = 0;
goto end;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) {
result = 0;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
result = 0;
goto end;
}
- sm = s->sm_lists[DETECT_SM_LIST_DMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH];
if (sm->type != DETECT_PCRE) {
result = 0;
goto end;
if (result == 0)
goto end;
- sm = s->sm_lists[DETECT_SM_LIST_PMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH];
if (sm->type != DETECT_CONTENT) {
result = 0;
goto end;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) {
result = 0;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
result = 0;
goto end;
}
- sm = s->sm_lists[DETECT_SM_LIST_DMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH];
if (sm->type != DETECT_PCRE) {
result = 0;
goto end;
result &= (sm->next == NULL);
- sm = s->sm_lists[DETECT_SM_LIST_PMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH];
if (sm->type != DETECT_CONTENT) {
result = 0;
goto end;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) {
result = 0;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
result = 0;
goto end;
}
- sm = s->sm_lists[DETECT_SM_LIST_DMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH];
if (sm->type != DETECT_BYTETEST) {
result = 0;
goto end;
result &= (sm->next == NULL);
- sm = s->sm_lists[DETECT_SM_LIST_PMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH];
if (sm->type != DETECT_CONTENT) {
result = 0;
goto end;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) {
result = 0;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
result = 0;
goto end;
}
- sm = s->sm_lists[DETECT_SM_LIST_DMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH];
if (sm->type != DETECT_ISDATAAT) {
result = 0;
goto end;
result &= (sm->next == NULL);
- sm = s->sm_lists[DETECT_SM_LIST_PMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH];
if (sm->type != DETECT_CONTENT) {
result = 0;
goto end;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) {
result = 0;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
result = 0;
goto end;
}
- sm = s->sm_lists[DETECT_SM_LIST_DMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH];
if (sm->type != DETECT_BYTEJUMP) {
result = 0;
goto end;
result &= (sm->next == NULL);
- sm = s->sm_lists[DETECT_SM_LIST_PMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH];
if (sm->type != DETECT_CONTENT) {
result = 0;
goto end;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) {
result = 0;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
result = 0;
goto end;
}
- sm = s->sm_lists[DETECT_SM_LIST_DMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH];
if (sm->type != DETECT_PCRE) {
result = 0;
goto end;
result &= (sm->next == NULL);
- sm = s->sm_lists[DETECT_SM_LIST_PMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH];
if (sm->type != DETECT_CONTENT) {
result = 0;
goto end;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) {
result = 0;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
result = 0;
goto end;
}
- sm = s->sm_lists[DETECT_SM_LIST_PMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH];
if (sm->type != DETECT_CONTENT) {
result = 0;
goto end;
result &= (sm->next == NULL);
- sm = s->sm_lists[DETECT_SM_LIST_DMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH];
data = (DetectContentData *)sm->ctx;
if (data->flags & DETECT_CONTENT_RAWBYTES ||
data->flags & DETECT_CONTENT_NOCASE ||
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) {
result = 0;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
result = 0;
goto end;
}
- sm = s->sm_lists[DETECT_SM_LIST_DMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH];
if (sm->type != DETECT_CONTENT) {
result = 0;
goto end;
result &= (sm->next == NULL);
- sm = s->sm_lists[DETECT_SM_LIST_PMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH];
if (sm->type != DETECT_CONTENT) {
result = 0;
goto end;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) {
result = 0;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
result = 0;
goto end;
}
- sm = s->sm_lists[DETECT_SM_LIST_DMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH];
if (sm->type != DETECT_CONTENT) {
result = 0;
goto end;
result &= (sm->next == NULL);
- sm = s->sm_lists[DETECT_SM_LIST_PMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH];
if (sm->type != DETECT_CONTENT) {
result = 0;
goto end;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) {
result = 0;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
result = 0;
goto end;
}
- sm = s->sm_lists[DETECT_SM_LIST_DMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH];
if (sm->type != DETECT_ISDATAAT) {
result = 0;
goto end;
result &= (sm->next == NULL);
- sm = s->sm_lists[DETECT_SM_LIST_PMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH];
if (sm->type != DETECT_CONTENT) {
result = 0;
goto end;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) {
result = 0;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
result = 0;
goto end;
}
- sm = s->sm_lists[DETECT_SM_LIST_DMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH];
if (sm->type != DETECT_BYTEJUMP) {
result = 0;
goto end;
result &= (sm->next == NULL);
- sm = s->sm_lists[DETECT_SM_LIST_PMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH];
if (sm->type != DETECT_CONTENT) {
result = 0;
goto end;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) {
result = 0;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
result = 0;
goto end;
}
- sm = s->sm_lists[DETECT_SM_LIST_DMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH];
if (sm->type != DETECT_BYTETEST) {
result = 0;
goto end;
result &= (sm->next == NULL);
- sm = s->sm_lists[DETECT_SM_LIST_PMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH];
if (sm->type != DETECT_CONTENT) {
result = 0;
goto end;
Signature *s, Packet *p)
{
KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_MATCH);
- SigMatch *sm = s->sm_lists[DETECT_SM_LIST_MATCH];
-
- while (sm != NULL) {
- BUG_ON(!(sigmatch_table[sm->type].flags & SIGMATCH_IPONLY_COMPAT));
- KEYWORD_PROFILING_START;
- if (sigmatch_table[sm->type].Match(tv, det_ctx, p, s, sm->ctx) > 0) {
- KEYWORD_PROFILING_END(det_ctx, sm->type, 1);
- sm = sm->next;
- continue;
+ SigMatchData *smd = s->sm_arrays[DETECT_SM_LIST_MATCH];
+ if (smd) {
+ while (1) {
+ BUG_ON(!(sigmatch_table[smd->type].flags & SIGMATCH_IPONLY_COMPAT));
+ KEYWORD_PROFILING_START;
+ if (sigmatch_table[smd->type].Match(tv, det_ctx, p, s, smd->ctx) > 0) {
+ KEYWORD_PROFILING_END(det_ctx, smd->type, 1);
+ if (smd->is_last)
+ break;
+ smd++;
+ continue;
+ }
+ KEYWORD_PROFILING_END(det_ctx, smd->type, 0);
+ return 0;
}
- KEYWORD_PROFILING_END(det_ctx, sm->type, 0);
- return 0;
}
-
return 1;
}
SCReturnInt(1);
}
- if (s->sm_lists[DETECT_SM_LIST_PMATCH] == NULL) {
+ if ((s->init_data != NULL && s->init_data->smlists[DETECT_SM_LIST_PMATCH] == NULL) ||
+ (s->init_data == NULL && s->sm_arrays[DETECT_SM_LIST_PMATCH] == NULL))
+ {
SCLogDebug("no mpm");
SCReturnInt(0);
}
SCReturnInt(0);
}
- if (s->sm_lists[DETECT_SM_LIST_PMATCH] == NULL) {
+ if ((s->init_data != NULL && s->init_data->smlists[DETECT_SM_LIST_PMATCH] == NULL) ||
+ (s->init_data == NULL && s->sm_arrays[DETECT_SM_LIST_PMATCH] == NULL))
+ {
SCLogDebug("no mpm");
SCReturnInt(0);
}
/* inspect rule to see if we have the fast_pattern reg to
* force using a sig, otherwise keep stats about the patterns */
for (list_id = 0; list_id < DETECT_SM_LIST_DETECT_MAX; list_id++) {
- if (s->sm_lists[list_id] == NULL)
+ if (s->init_data->smlists[list_id] == NULL)
continue;
if (!FastPatternSupportEnabledForSigMatchList(list_id))
continue;
- for (sm = s->sm_lists[list_id]; sm != NULL; sm = sm->next) {
+ for (sm = s->init_data->smlists[list_id]; sm != NULL; sm = sm->next) {
if (sm->type != DETECT_CONTENT)
continue;
int max_len = 0;
int i;
for (i = 0; i < count_final_sm_list; i++) {
- for (sm = s->sm_lists[final_sm_list[i]]; sm != NULL; sm = sm->next) {
+ for (sm = s->init_data->smlists[final_sm_list[i]]; sm != NULL; sm = sm->next) {
if (sm->type != DETECT_CONTENT)
continue;
}
for (i = 0; i < count_final_sm_list; i++) {
- for (sm = s->sm_lists[final_sm_list[i]]; sm != NULL; sm = sm->next) {
+ for (sm = s->init_data->smlists[final_sm_list[i]]; sm != NULL; sm = sm->next) {
if (sm->type != DETECT_CONTENT)
continue;
SCEnter();
int r = 0;
- if (s->sm_lists[DETECT_SM_LIST_PMATCH] == NULL) {
+ if (s->sm_arrays[DETECT_SM_LIST_PMATCH] == NULL) {
SCReturnInt(0);
}
SCEnter();
int r = 0;
- if (s->sm_lists[DETECT_SM_LIST_PMATCH] == NULL) {
+ if (s->sm_arrays[DETECT_SM_LIST_PMATCH] == NULL) {
SCReturnInt(0);
}
int flowbits_user_type = DETECT_FLOWBITS_NOT_USED;
int read = 0;
int write = 0;
- SigMatch *sm = sig->sm_lists[DETECT_SM_LIST_MATCH];
+ SigMatch *sm = sig->init_data->smlists[DETECT_SM_LIST_MATCH];
while (sm != NULL) {
if (sm->type == DETECT_FLOWBITS) {
sm = sm->next;
}
- sm = sig->sm_lists[DETECT_SM_LIST_POSTMATCH];
+ sm = sig->init_data->smlists[DETECT_SM_LIST_POSTMATCH];
while (sm != NULL) {
if (sm->type == DETECT_FLOWBITS) {
fb = (DetectFlowbitsData *)sm->ctx;
int flowint_user_type = DETECT_FLOWINT_NOT_USED;
int read = 0;
int write = 0;
- SigMatch *sm = sig->sm_lists[DETECT_SM_LIST_MATCH];
+ SigMatch *sm = sig->init_data->smlists[DETECT_SM_LIST_MATCH];
while (sm != NULL) {
if (sm->type == DETECT_FLOWINT) {
sm = sm->next;
}
- sm = sig->sm_lists[DETECT_SM_LIST_POSTMATCH];
+ sm = sig->init_data->smlists[DETECT_SM_LIST_POSTMATCH];
while (sm != NULL) {
if (sm->type == DETECT_FLOWINT) {
fi = (DetectFlowintData *)sm->ctx;
int type = DETECT_FLOWVAR_NOT_USED;
int read = 0;
int write = 0;
- SigMatch *sm = sig->sm_lists[DETECT_SM_LIST_PMATCH];
+ SigMatch *sm = sig->init_data->smlists[DETECT_SM_LIST_PMATCH];
while (sm != NULL) {
pd = (DetectPcreData *)sm->ctx;
sm = sm->next;
}
- sm = sig->sm_lists[DETECT_SM_LIST_MATCH];
+ sm = sig->init_data->smlists[DETECT_SM_LIST_MATCH];
pd = NULL;
while (sm != NULL) {
if (sm->type == DETECT_FLOWVAR) {
int type = DETECT_PKTVAR_NOT_USED;
int read = 0;
int write = 0;
- SigMatch *sm = sig->sm_lists[DETECT_SM_LIST_PMATCH];
+ SigMatch *sm = sig->init_data->smlists[DETECT_SM_LIST_PMATCH];
while (sm != NULL) {
pd = (DetectPcreData *)sm->ctx;
sm = sm->next;
}
- sm = sig->sm_lists[DETECT_SM_LIST_MATCH];
+ sm = sig->init_data->smlists[DETECT_SM_LIST_MATCH];
pd = NULL;
while (sm != NULL) {
if (sm->type == DETECT_PKTVAR) {
int xbits_user_type = DETECT_XBITS_NOT_USED;
int read = 0;
int write = 0;
- SigMatch *sm = sig->sm_lists[DETECT_SM_LIST_MATCH];
+ SigMatch *sm = sig->init_data->smlists[DETECT_SM_LIST_MATCH];
while (sm != NULL) {
if (sm->type == DETECT_XBITS) {
sm = sm->next;
}
- sm = sig->sm_lists[DETECT_SM_LIST_POSTMATCH];
+ sm = sig->init_data->smlists[DETECT_SM_LIST_POSTMATCH];
while (sm != NULL) {
if (sm->type == DETECT_HOSTBITS) {
fb = (DetectXbitsData *)sm->ctx;
}
static void DeStateFlowRuleAppend(DetectEngineStateFlow *state, const Signature *s,
- const SigMatch *sm, uint32_t inspect_flags,
+ const SigMatchData *smd, uint32_t inspect_flags,
uint8_t direction)
{
int jump = 0;
SigIntId idx = dir_state->cnt++ % DE_STATE_CHUNK_SIZE;
store->store[idx].sid = s->num;
store->store[idx].flags = inspect_flags;
- store->store[idx].nm = sm;
+ store->store[idx].nm = smd;
return;
}
static int StoreState(DetectEngineThreadCtx *det_ctx,
Flow *f, const uint8_t flags, const uint8_t alversion,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
const uint32_t inspect_flags,
const uint16_t file_no_match)
{
}
}
- DeStateFlowRuleAppend(f->de_state, s, sm, inspect_flags, flags);
+ DeStateFlowRuleAppend(f->de_state, s, smd, inspect_flags, flags);
DeStateStoreStateVersion(f, alversion, flags);
return 1;
}
static void StoreStateTx(DetectEngineThreadCtx *det_ctx,
Flow *f, const uint8_t flags, const uint8_t alversion,
const uint64_t tx_id, void *tx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
const uint32_t inspect_flags, const uint16_t file_no_match, int check_before_add)
{
if (AppLayerParserSupportsTxDetectState(f->proto, f->alproto)) {
const Signature *s, Packet *p, Flow *f, uint8_t flags,
AppProto alproto, const uint8_t alversion)
{
- SigMatch *sm = NULL;
+ SigMatchData *smd = NULL;
uint16_t file_no_match = 0;
uint32_t inspect_flags = 0;
int alert_cnt = 0;
/* store */
StoreStateTx(det_ctx, f, flags, alversion, tx_id, tx,
- s, sm, inspect_flags, file_no_match, check_before_add);
+ s, smd, inspect_flags, file_no_match, check_before_add);
} else {
StoreStateTxFileOnly(det_ctx, f, flags, tx_id, tx, file_no_match);
}
} /* for */
/* DCERPC matches */
- } else if (s->sm_lists[DETECT_SM_LIST_DMATCH] != NULL &&
+ } else if (s->sm_arrays[DETECT_SM_LIST_DMATCH] != NULL &&
(alproto == ALPROTO_DCERPC || alproto == ALPROTO_SMB ||
alproto == ALPROTO_SMB2))
{
int amatch = 0;
/* flow based matches */
KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_AMATCH);
- sm = s->sm_lists[DETECT_SM_LIST_AMATCH];
- if (sm != NULL) {
+ smd = s->sm_arrays[DETECT_SM_LIST_AMATCH];
+ if (smd != NULL) {
void *alstate = FlowGetAppState(f);
if (alstate == NULL) {
goto end;
}
- for ( ; sm != NULL; sm = sm->next) {
- if (sigmatch_table[sm->type].AppLayerMatch != NULL) {
+ while (1) {
+ if (sigmatch_table[smd->type].AppLayerMatch != NULL) {
int match = 0;
if (alproto == ALPROTO_SMB || alproto == ALPROTO_SMB2) {
SMBState *smb_state = (SMBState *)alstate;
if (smb_state->dcerpc_present) {
KEYWORD_PROFILING_START;
- match = sigmatch_table[sm->type].
- AppLayerMatch(tv, det_ctx, f, flags, &smb_state->dcerpc, s, sm);
- KEYWORD_PROFILING_END(det_ctx, sm->type, (match == 1));
+ match = sigmatch_table[smd->type].
+ AppLayerMatch(tv, det_ctx, f, flags, &smb_state->dcerpc, s, smd);
+ KEYWORD_PROFILING_END(det_ctx, smd->type, (match == 1));
}
} else {
KEYWORD_PROFILING_START;
- match = sigmatch_table[sm->type].
- AppLayerMatch(tv, det_ctx, f, flags, alstate, s, sm);
- KEYWORD_PROFILING_END(det_ctx, sm->type, (match == 1));
+ match = sigmatch_table[smd->type].
+ AppLayerMatch(tv, det_ctx, f, flags, alstate, s, smd);
+ KEYWORD_PROFILING_END(det_ctx, smd->type, (match == 1));
}
if (match == 0) {
} else if (match == 2) {
inspect_flags |= DE_STATE_FLAG_SIG_CANT_MATCH;
break;
- } else if (match == 1 && sm->next == NULL) {
+ } else if (match == 1 && smd->is_last) {
amatch = 1;
}
}
+ if (smd->is_last)
+ break;
+ smd++;
}
}
/* if AMATCH and/or DMATCH are in use, see if we need to
* alert and store the state */
- if ((s->sm_lists[DETECT_SM_LIST_AMATCH] != NULL ||
- s->sm_lists[DETECT_SM_LIST_DMATCH] != NULL))
+ if ((s->sm_arrays[DETECT_SM_LIST_AMATCH] != NULL ||
+ s->sm_arrays[DETECT_SM_LIST_DMATCH] != NULL))
{
/* if dmatch in use and match + amatch in use and match
or
if (inspect_flags & DE_STATE_FLAG_SIG_CANT_MATCH) {
inspect_flags |= DE_STATE_FLAG_FULL_INSPECT;
} else {
- if ((amatch || s->sm_lists[DETECT_SM_LIST_AMATCH] == NULL) &&
- (dmatch || s->sm_lists[DETECT_SM_LIST_DMATCH] == NULL))
+ if ((amatch || s->sm_arrays[DETECT_SM_LIST_AMATCH] == NULL) &&
+ (dmatch || s->sm_arrays[DETECT_SM_LIST_DMATCH] == NULL))
{
if (!(s->flags & SIG_FLAG_NOALERT)) {
PacketAlertAppend(det_ctx, s, p, 0,
}
StoreState(det_ctx, f, flags, alversion,
- s, sm, inspect_flags, file_no_match);
+ s, smd, inspect_flags, file_no_match);
}
end:
det_ctx->tx_id = 0;
uint32_t inspect_flags = item->flags;
int total_matches = 0;
int full_match = 0;
- const SigMatch *sm = NULL;
+ const SigMatchData *smd = NULL;
const Signature *s = de_ctx->sig_array[item->sid];
RULE_PROFILING_START(p);
return -1;
}
- for (sm = item->nm; sm != NULL; sm = sm->next) {
- if (sigmatch_table[sm->type].AppLayerMatch != NULL)
- {
+ smd = item->nm;
+ while(1) {
+ if (sigmatch_table[smd->type].AppLayerMatch != NULL) {
int match = 0;
if (alproto == ALPROTO_SMB || alproto == ALPROTO_SMB2) {
SMBState *smb_state = (SMBState *)alstate;
if (smb_state->dcerpc_present) {
KEYWORD_PROFILING_START;
- match = sigmatch_table[sm->type].
- AppLayerMatch(tv, det_ctx, f, flags, &smb_state->dcerpc, s, sm);
- KEYWORD_PROFILING_END(det_ctx, sm->type, (match == 1));
+ match = sigmatch_table[smd->type].
+ AppLayerMatch(tv, det_ctx, f, flags, &smb_state->dcerpc, s, smd);
+ KEYWORD_PROFILING_END(det_ctx, smd->type, (match == 1));
}
} else {
KEYWORD_PROFILING_START;
- match = sigmatch_table[sm->type].
- AppLayerMatch(tv, det_ctx, f, flags, alstate, s, sm);
- KEYWORD_PROFILING_END(det_ctx, sm->type, (match == 1));
+ match = sigmatch_table[smd->type].
+ AppLayerMatch(tv, det_ctx, f, flags, alstate, s, smd);
+ KEYWORD_PROFILING_END(det_ctx, smd->type, (match == 1));
}
if (match == 0)
break;
- else if (match == 2)
+ else if (match == 2) {
inspect_flags |= DE_STATE_FLAG_SIG_CANT_MATCH;
- else if (match == 1)
+ break;
+ }
+ else if (match == 1) {
total_matches++;
+
+ if (smd->is_last)
+ full_match = 1;
+ }
}
+ if (smd->is_last)
+ break;
+ smd++;
}
+ } else {
+ /* AMATCH isn't there */
+ full_match = 1;
}
- /* AMATCH part checked out, or isn't there at all */
- full_match = (sm == NULL);
/* DCERPC matches */
- if (s->sm_lists[DETECT_SM_LIST_DMATCH] != NULL &&
+ if (s->sm_arrays[DETECT_SM_LIST_DMATCH] != NULL &&
(alproto == ALPROTO_DCERPC || alproto == ALPROTO_SMB ||
alproto == ALPROTO_SMB2) &&
!(item->flags & DE_STATE_FLAG_DCE_PAYLOAD_INSPECT))
}
}
/* update full_match with DMATCH result */
- if (full_match && s->sm_lists[DETECT_SM_LIST_DMATCH] != NULL) {
+ if (full_match && s->sm_arrays[DETECT_SM_LIST_DMATCH] != NULL) {
full_match = ((inspect_flags & DE_STATE_FLAG_DCE_PAYLOAD_INSPECT) != 0);
}
/* store the progress in the state */
item->flags |= inspect_flags;
- item->nm = sm;
+ item->nm = smd;
if (alert) {
SigMatchSignaturesRunPostMatch(tv, de_ctx, det_ctx, p, s);
/* FLOW BASED (AMATCH) */
typedef struct DeStateStoreFlowRule_ {
- const SigMatch *nm;
+ const SigMatchData *nm;
uint32_t flags;
SigIntId sid;
} DeStateStoreFlowRule;
DetectEngineAppInspectionEngine *t = g_app_inspect_engines;
while (t != NULL) {
- if (s->sm_lists[t->sm_list] == NULL)
+ if (s->init_data->smlists[t->sm_list] == NULL)
goto next;
if (t->alproto == ALPROTO_UNKNOWN) {
/* special case, inspect engine applies to all protocols */
char arg_substr[128] = "";
DetectContentData *cd = NULL;
- if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL &&
- s->sm_lists_tail[DETECT_SM_LIST_UMATCH] == NULL &&
- s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH] == NULL &&
- s->sm_lists_tail[DETECT_SM_LIST_FILEDATA] == NULL &&
- s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH] == NULL &&
- s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH] == NULL &&
- s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH] == NULL &&
- s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH] == NULL &&
- s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH] == NULL &&
- s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH] == NULL &&
- s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH] == NULL &&
- s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH] == NULL &&
- s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH] == NULL &&
- s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH] == NULL &&
- s->sm_lists_tail[DETECT_SM_LIST_DNSQUERYNAME_MATCH] == NULL &&
- s->sm_lists_tail[DETECT_SM_LIST_TLSSNI_MATCH] == NULL &&
- s->sm_lists_tail[DETECT_SM_LIST_TLSISSUER_MATCH] == NULL &&
- s->sm_lists_tail[DETECT_SM_LIST_TLSSUBJECT_MATCH] == NULL &&
- s->sm_lists_tail[DETECT_SM_LIST_HTTP_REQLINEMATCH] == NULL) {
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL &&
+ s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH] == NULL &&
+ s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH] == NULL &&
+ s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA] == NULL &&
+ s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH] == NULL &&
+ s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH] == NULL &&
+ s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH] == NULL &&
+ s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH] == NULL &&
+ s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH] == NULL &&
+ s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH] == NULL &&
+ s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH] == NULL &&
+ s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH] == NULL &&
+ s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH] == NULL &&
+ s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH] == NULL &&
+ s->init_data->smlists_tail[DETECT_SM_LIST_DNSQUERYNAME_MATCH] == NULL &&
+ s->init_data->smlists_tail[DETECT_SM_LIST_TLSSNI_MATCH] == NULL &&
+ s->init_data->smlists_tail[DETECT_SM_LIST_TLSISSUER_MATCH] == NULL &&
+ s->init_data->smlists_tail[DETECT_SM_LIST_TLSSUBJECT_MATCH] == NULL &&
+ s->init_data->smlists_tail[DETECT_SM_LIST_HTTP_REQLINEMATCH] == NULL) {
SCLogWarning(SC_WARN_COMPATIBILITY, "fast_pattern found inside the "
"rule, without a preceding content based keyword. "
"Currently we provide fast_pattern support for content, "
}
SigMatch *pm = SigMatchGetLastSMFromLists(s, 38,
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HTTP_REQLINEMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_DNSQUERYNAME_MATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_TLSSNI_MATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_TLSISSUER_MATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_TLSSUBJECT_MATCH]);
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HTTP_REQLINEMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_DNSQUERYNAME_MATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_TLSSNI_MATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_TLSISSUER_MATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_TLSSUBJECT_MATCH]);
if (pm == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "fast_pattern found inside "
"the rule, without a content context. Please use a "
int list_id = 0;
for (list_id = 0; list_id < DETECT_SM_LIST_MAX; list_id++) {
SigMatch *sm = NULL;
- for (sm = s->sm_lists[list_id]; sm != NULL; sm = sm->next) {
+ for (sm = s->init_data->smlists[list_id]; sm != NULL; sm = sm->next) {
if (sm->type == DETECT_CONTENT) {
DetectContentData *tmp_cd = (DetectContentData *)sm->ctx;
if (tmp_cd->flags & DETECT_CONTENT_FAST_PATTERN) {
int DetectFastPatternTest671(void)
{
int no_of_sigs = 6;
- int result = 0;
char *sigs[no_of_sigs];
Signature *s[no_of_sigs];
- Signature *sig = NULL;
DetectEngineCtx *de_ctx = NULL;
DetectContentData *cd = NULL;
- SigMatch *sm = NULL;
+ SigMatchData *smd = NULL;
int i = 0;
sigs[0] = "alert tcp any any -> any any "
"(content:\"onetwothreefour\"; fast_pattern:0,15; sid:6;)";
de_ctx = DetectEngineCtxInit();
- if (de_ctx == NULL) {
- printf("DetectEngineCtxInit() failure\n");
- goto end;
- }
+ FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
- i = 0;
- s[i] = SigInit(de_ctx, sigs[i]);
- de_ctx->sig_list = sig = s[i];
- if (sig == NULL) {
- printf("SigInit(de_ctx, sig1) failure\n");
- goto end;
- }
- i++;
- for ( ; i < no_of_sigs; i++) {
- s[i] = SigInit(de_ctx, sigs[i]);
- sig->next = s[i];
- sig = sig->next;
- if (sig == NULL) {
- printf("SigInit(de_ctx, sig[%d]) failure\n", i);
- goto end;
- }
+ for (i = 0; i < no_of_sigs; i++) {
+ s[i] = DetectEngineAppendSig(de_ctx, sigs[i]);
+ FAIL_IF_NULL(s[i]);
}
SigGroupBuild(de_ctx);
- sm = s[0]->sm_lists[DETECT_SM_LIST_PMATCH];
- cd = (DetectContentData *)sm->ctx;
- if (cd->id != 0) {
- printf("sm = s[0]->sm_lists[DETECT_SM_LIST_PMATCH] failure\n");
- goto end;
- }
+ smd = s[0]->sm_arrays[DETECT_SM_LIST_PMATCH];
+ cd = (DetectContentData *)smd->ctx;
+ FAIL_IF(cd->id != 0);
- sm = s[1]->sm_lists[DETECT_SM_LIST_PMATCH];
- cd = (DetectContentData *)sm->ctx;
- if (cd->id != 0) {
- printf("sm = s[1]->sm_lists[DETECT_SM_LIST_PMATCH] failure\n");
- goto end;
- }
+ smd = s[1]->sm_arrays[DETECT_SM_LIST_PMATCH];
+ cd = (DetectContentData *)smd->ctx;
+ FAIL_IF(cd->id != 0);
- sm = s[2]->sm_lists[DETECT_SM_LIST_PMATCH];
- cd = (DetectContentData *)sm->ctx;
- if (cd->id != 1) {
- printf("sm = s[2]->sm_lists[DETECT_SM_LIST_PMATCH] failure\n");
- goto end;
- }
+ smd = s[2]->sm_arrays[DETECT_SM_LIST_PMATCH];
+ cd = (DetectContentData *)smd->ctx;
+ FAIL_IF(cd->id != 2);
- sm = s[3]->sm_lists[DETECT_SM_LIST_PMATCH];
- cd = (DetectContentData *)sm->ctx;
- if (cd->id != 2) {
- printf("sm = s[3]->sm_lists[DETECT_SM_LIST_PMATCH] failure\n");
- goto end;
- }
+ smd = s[3]->sm_arrays[DETECT_SM_LIST_PMATCH];
+ cd = (DetectContentData *)smd->ctx;
+ FAIL_IF(cd->id != 1);
- sm = s[4]->sm_lists[DETECT_SM_LIST_PMATCH];
- cd = (DetectContentData *)sm->ctx;
- if (cd->id != 2) {
- printf("sm = s[4]->sm_lists[DETECT_SM_LIST_PMATCH] failure\n");
- goto end;
- }
+ smd = s[4]->sm_arrays[DETECT_SM_LIST_PMATCH];
+ cd = (DetectContentData *)smd->ctx;
+ FAIL_IF(cd->id != 1);
- sm = s[5]->sm_lists[DETECT_SM_LIST_PMATCH];
- cd = (DetectContentData *)sm->ctx;
- if (cd->id != 0) {
- printf("sm = s[5]->sm_lists[DETECT_SM_LIST_PMATCH] failure\n");
- goto end;
- }
+ smd = s[5]->sm_arrays[DETECT_SM_LIST_PMATCH];
+ cd = (DetectContentData *)smd->ctx;
+ FAIL_IF(cd->id != 0);
- result = 1;
-end:
- if (de_ctx != NULL) {
- SigGroupCleanup(de_ctx);
- SigCleanSignatures(de_ctx);
- DetectEngineCtxFree(de_ctx);
- }
-
- return result;
+ DetectEngineCtxFree(de_ctx);
+ PASS;
}
#endif
/**
* \brief apply the post match filestore with options
*/
-static int FilestorePostMatchWithOptions(Packet *p, Flow *f, DetectFilestoreData *filestore, FileContainer *fc,
+static int FilestorePostMatchWithOptions(Packet *p, Flow *f, const DetectFilestoreData *filestore, FileContainer *fc,
uint16_t file_id, uint16_t tx_id)
{
if (filestore == NULL) {
SCReturnInt(0);
}
- if (s->filestore_sm == NULL || p->flow == NULL) {
+ if ((s->filestore_ctx == NULL && !(s->flags & SIG_FLAG_FILESTORE)) || p->flow == NULL) {
#ifndef DEBUG
SCReturnInt(0);
#else
p->flow->alstate, flags);
/* filestore for single files only */
- if (s->filestore_sm->ctx == NULL) {
+ if (s->filestore_ctx == NULL) {
uint16_t u;
for (u = 0; u < det_ctx->filestore_cnt; u++) {
FileStoreFileById(ffc, det_ctx->filestore[u].file_id);
}
} else {
- DetectFilestoreData *filestore = (DetectFilestoreData *)s->filestore_sm->ctx;
uint16_t u;
for (u = 0; u < det_ctx->filestore_cnt; u++) {
- FilestorePostMatchWithOptions(p, p->flow, filestore, ffc,
+ FilestorePostMatchWithOptions(p, p->flow, s->filestore_ctx, ffc,
det_ctx->filestore[u].file_id, det_ctx->filestore[u].tx_id);
}
}
}
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH);
- s->filestore_sm = sm;
+ s->filestore_ctx = (const DetectFilestoreData *)sm->ctx;
s->flags |= SIG_FLAG_FILESTORE;
return 0;
int DetectFlagsSignatureNeedsSynPackets(const Signature *s)
{
const SigMatch *sm;
- for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
+ for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
switch (sm->type) {
case DETECT_FLAGS:
{
int DetectFlagsSignatureNeedsSynOnlyPackets(const Signature *s)
{
const SigMatch *sm;
- for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
+ for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
switch (sm->type) {
case DETECT_FLAGS:
{
static _Bool PrefilterTcpFlagsIsPrefilterable(const Signature *s)
{
const SigMatch *sm;
- for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
+ for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
switch (sm->type) {
case DETECT_FLAGS:
return TRUE;
static _Bool PrefilterFlowIsPrefilterable(const Signature *s)
{
const SigMatch *sm;
- for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
+ for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
switch (sm->type) {
case DETECT_FLOW:
return TRUE;
static _Bool PrefilterFragBitsIsPrefilterable(const Signature *s)
{
const SigMatch *sm;
- for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
+ for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
switch (sm->type) {
case DETECT_FRAGBITS:
return TRUE;
static _Bool PrefilterFragOffsetIsPrefilterable(const Signature *s)
{
const SigMatch *sm;
- for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
+ for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
switch (sm->type) {
case DETECT_FRAGOFFSET:
return TRUE;
#include "util-byte.h"
static int DetectFtpbounceALMatch(ThreadVars *, DetectEngineThreadCtx *, Flow *,
- uint8_t, void *, const Signature *, const SigMatch *);
+ uint8_t, void *, const Signature *, const SigMatchData *);
static int DetectFtpbounceSetup(DetectEngineCtx *, Signature *, char *);
static int DetectFtpbounceMatchArgs(uint8_t *payload, uint16_t payload_len,
uint32_t ip_orig, uint16_t offset);
*/
static int DetectFtpbounceALMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
Flow *f, uint8_t flags, void *state, const Signature *s,
- const SigMatch *m)
+ const SigMatchData *m)
{
SCEnter();
FtpState *ftp_state =(FtpState *)state;
if (s->alproto != ALPROTO_HTTP)
return 1;
- if (s->sm_lists[DETECT_SM_LIST_HMDMATCH] != NULL) {
- const SigMatch *sm = s->sm_lists[DETECT_SM_LIST_HMDMATCH];
+ if (s->init_data->smlists[DETECT_SM_LIST_HMDMATCH] != NULL) {
+ const SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_HMDMATCH];
for ( ; sm != NULL; sm = sm->next) {
if (sm->type != DETECT_CONTENT)
continue;
static _Bool PrefilterIcmpIdIsPrefilterable(const Signature *s)
{
const SigMatch *sm;
- for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
+ for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
switch (sm->type) {
case DETECT_ICMP_ID:
return TRUE;
static _Bool PrefilterIcmpSeqIsPrefilterable(const Signature *s)
{
const SigMatch *sm;
- for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
+ for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
switch (sm->type) {
case DETECT_ICMP_SEQ:
return TRUE;
static _Bool PrefilterICodeIsPrefilterable(const Signature *s)
{
const SigMatch *sm;
- for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
+ for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
switch (sm->type) {
case DETECT_ICODE:
return TRUE;
static _Bool PrefilterIdIsPrefilterable(const Signature *s)
{
const SigMatch *sm;
- for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
+ for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
switch (sm->type) {
case DETECT_ID:
return TRUE;
static int DetectIPProtoTypePresentForOP(Signature *s, uint8_t op)
{
- SigMatch *sm = s->sm_lists[DETECT_SM_LIST_MATCH];
+ SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
DetectIPProtoData *data;
while (sm != NULL) {
s->proto.proto[i] = 0xff;
}
} else if (lt_set && !not_set) {
- SigMatch *temp_sm = s->sm_lists[DETECT_SM_LIST_MATCH];
+ SigMatch *temp_sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
while (temp_sm != NULL) {
if (temp_sm->type == DETECT_IPPROTO) {
break;
}
} else {
DetectIPProtoData *data_temp;
- SigMatch *temp_sm = s->sm_lists[DETECT_SM_LIST_MATCH];
+ SigMatch *temp_sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
while (temp_sm != NULL) {
if (temp_sm->type == DETECT_IPPROTO &&
((DetectIPProtoData *)temp_sm->ctx)->op == DETECT_IPPROTO_OP_LT) {
}
s->proto.proto[data->proto / 8] = ~(0xff << (data->proto % 8));
} else if (gt_set && !not_set) {
- SigMatch *temp_sm = s->sm_lists[DETECT_SM_LIST_MATCH];
+ SigMatch *temp_sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
while (temp_sm != NULL) {
if (temp_sm->type == DETECT_IPPROTO) {
break;
}
} else {
DetectIPProtoData *data_temp;
- SigMatch *temp_sm = s->sm_lists[DETECT_SM_LIST_MATCH];
+ SigMatch *temp_sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
while (temp_sm != NULL) {
if (temp_sm->type == DETECT_IPPROTO &&
((DetectIPProtoData *)temp_sm->ctx)->op == DETECT_IPPROTO_OP_GT) {
void DetectIPProtoRemoveAllSMs(Signature *s)
{
- SigMatch *sm = s->sm_lists[DETECT_SM_LIST_MATCH];
+ SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
while (sm != NULL) {
if (sm->type != DETECT_IPPROTO) {
s->flags |= SIG_FLAG_APPLAYER;
if (idad->flags & ISDATAAT_RELATIVE) {
prev_pm = SigMatchGetLastSMFromLists(s, 4,
- DETECT_CONTENT, s->sm_lists_tail[sm_list],
- DETECT_PCRE, s->sm_lists_tail[sm_list]);
+ DETECT_CONTENT, s->init_data->smlists_tail[sm_list],
+ DETECT_PCRE, s->init_data->smlists_tail[sm_list]);
}
} else if (idad->flags & ISDATAAT_RELATIVE) {
prev_pm = SigMatchGetLastSMFromLists(s, 168,
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH],
-
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH],
-
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH],
-
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH],
-
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH],
-
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH]);
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH],
+
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH],
+
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH],
+
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH],
+
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH],
+
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH]);
if (prev_pm == NULL)
sm_list = DETECT_SM_LIST_PMATCH;
else {
static _Bool PrefilterITypeIsPrefilterable(const Signature *s)
{
const SigMatch *sm;
- for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
+ for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
switch (sm->type) {
case DETECT_ITYPE:
return TRUE;
static int DetectLuaMatch (ThreadVars *, DetectEngineThreadCtx *,
Packet *, const Signature *, const SigMatchCtx *);
static int DetectLuaAppMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
- Flow *f, uint8_t flags, void *state, const Signature *s, const SigMatch *m);
+ Flow *f, uint8_t flags, void *state, const Signature *s, const SigMatchData *m);
static int DetectLuaAppTxMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
Flow *f, uint8_t flags,
void *state, void *txv, const Signature *s,
*/
static int DetectLuaAppMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
Flow *f, uint8_t flags, void *state,
- const Signature *s, const SigMatch *m)
+ const Signature *s, const SigMatchData *m)
{
return DetectLuaAppMatchCommon(t, det_ctx, f, flags, state, s, m->ctx);
}
SigMatch *sm;
for (i = 0; i < DETECT_SM_LIST_MAX; i++) {
- for (sm = s->sm_lists[i]; sm != NULL; sm = sm->next) {
+ for (sm = s->init_data->smlists[i]; sm != NULL; sm = sm->next) {
if (sm->type != DETECT_LUA)
continue;
/* retrive the sm to apply the depth against */
if (s->list != DETECT_SM_LIST_NOTSET) {
- pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->sm_lists_tail[s->list]);
+ pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->init_data->smlists_tail[s->list]);
} else {
pm = SigMatchGetLastSMFromLists(s, 28,
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH]);
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH]);
}
if (pm == NULL) {
SCLogError(SC_ERR_NOCASE_MISSING_PATTERN, "nocase needs "
/* retrive the sm to apply the depth against */
if (s->list != DETECT_SM_LIST_NOTSET) {
- pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->sm_lists_tail[s->list]);
+ pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->init_data->smlists_tail[s->list]);
} else {
pm = SigMatchGetLastSMFromLists(s, 28,
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH]);
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH]);
}
if (pm == NULL) {
SCLogError(SC_ERR_OFFSET_MISSING_CONTENT, "offset needs "
}
sm = SigMatchGetLastSMFromLists(s, 2,
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH]);
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH]);
if (sm == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "\"%s\" keyword "
"found inside the rule without a content context. "
}
pm = SigMatchGetLastSMFromLists(s, 4,
- DETECT_CONTENT, s->sm_lists_tail[sm_list],
- DETECT_PCRE, s->sm_lists_tail[sm_list]);
+ DETECT_CONTENT, s->init_data->smlists_tail[sm_list],
+ DETECT_PCRE, s->init_data->smlists_tail[sm_list]);
if (pm != NULL) {
if (pm->type == DETECT_CONTENT) {
DetectContentData *tmp_cd = (DetectContentData *)pm->ctx;
/* transfer the sm from the pmatch list to hcbdmatch list */
SigMatchTransferSigMatchAcrossLists(sm,
- &s->sm_lists[DETECT_SM_LIST_PMATCH],
- &s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- &s->sm_lists[sm_list],
- &s->sm_lists_tail[sm_list]);
+ &s->init_data->smlists[DETECT_SM_LIST_PMATCH],
+ &s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ &s->init_data->smlists[sm_list],
+ &s->init_data->smlists_tail[sm_list]);
ret = 0;
end:
*/
void SigMatchAppendSMToList(Signature *s, SigMatch *new, int list)
{
- if (s->sm_lists[list] == NULL) {
- s->sm_lists[list] = new;
- s->sm_lists_tail[list] = new;
+ if (s->init_data->smlists[list] == NULL) {
+ s->init_data->smlists[list] = new;
+ s->init_data->smlists_tail[list] = new;
new->next = NULL;
new->prev = NULL;
} else {
- SigMatch *cur = s->sm_lists_tail[list];
+ SigMatch *cur = s->init_data->smlists_tail[list];
cur->next = new;
new->prev = cur;
new->next = NULL;
- s->sm_lists_tail[list] = new;
+ s->init_data->smlists_tail[list] = new;
}
new->idx = s->sm_cnt;
void SigMatchRemoveSMFromList(Signature *s, SigMatch *sm, int sm_list)
{
- if (sm == s->sm_lists[sm_list]) {
- s->sm_lists[sm_list] = sm->next;
+ if (sm == s->init_data->smlists[sm_list]) {
+ s->init_data->smlists[sm_list] = sm->next;
}
- if (sm == s->sm_lists_tail[sm_list]) {
- s->sm_lists_tail[sm_list] = sm->prev;
+ if (sm == s->init_data->smlists_tail[sm_list]) {
+ s->init_data->smlists_tail[sm_list] = sm->prev;
}
if (sm->prev != NULL)
sm->prev->next = sm->next;
int i;
for (i = 0; i < DETECT_SM_LIST_MAX; i ++) {
- sm_new = s->sm_lists_tail[i];
+ sm_new = s->init_data->smlists_tail[i];
if (sm_new == NULL)
continue;
if (sm_last == NULL || sm_new->idx > sm_last->idx)
int list = 0;
for (list = 0; list < DETECT_SM_LIST_MAX; list++) {
- const SigMatch *sm = s->sm_lists[list];
+ const SigMatch *sm = s->init_data->smlists[list];
while (sm != NULL) {
if (sm == key_sm)
return list;
Signature *sig = SCMalloc(sizeof(Signature));
if (unlikely(sig == NULL))
return NULL;
-
memset(sig, 0, sizeof(Signature));
+ sig->init_data = SCCalloc(1, sizeof(SignatureInitData));
+ if (sig->init_data == NULL) {
+ SCFree(sig);
+ return NULL;
+ }
+
/* assign it to -1, so that we can later check if the value has been
* overwritten after the Signature has been parsed, and if it hasn't been
* overwritten, we can then assign the default value of 3 */
IPOnlyCIDRListFree(s->CidrSrc);
int i;
- for (i = 0; i < DETECT_SM_LIST_MAX; i++) {
- SigMatch *sm = s->sm_lists[i];
- while (sm != NULL) {
- SigMatch *nsm = sm->next;
- SigMatchFree(sm);
- sm = nsm;
+ if (s->init_data) {
+ for (i = 0; i < DETECT_SM_LIST_MAX; i++) {
+ SigMatch *sm = s->init_data->smlists[i];
+ while (sm != NULL) {
+ SigMatch *nsm = sm->next;
+ SigMatchFree(sm);
+ sm = nsm;
+ }
}
}
SigMatchFreeArrays(s);
SCReturnInt(0);
}
- for (sm = s->sm_lists[DETECT_SM_LIST_MATCH]; sm != NULL; sm = sm->next) {
+ for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH]; sm != NULL; sm = sm->next) {
if (sm->type == DETECT_FLOW) {
DetectFlowData *fd = (DetectFlowData *)sm->ctx;
if (fd == NULL)
if (fd->flags & FLOW_PKT_TOCLIENT) {
/* check for uricontent + from_server/to_client */
- if (s->sm_lists[DETECT_SM_LIST_UMATCH] != NULL ||
- s->sm_lists[DETECT_SM_LIST_HRUDMATCH] != NULL ||
- s->sm_lists[DETECT_SM_LIST_HCBDMATCH] != NULL ||
- s->sm_lists[DETECT_SM_LIST_HMDMATCH] != NULL ||
- s->sm_lists[DETECT_SM_LIST_HUADMATCH] != NULL) {
+ if (s->init_data->smlists[DETECT_SM_LIST_UMATCH] != NULL ||
+ s->init_data->smlists[DETECT_SM_LIST_HRUDMATCH] != NULL ||
+ s->init_data->smlists[DETECT_SM_LIST_HCBDMATCH] != NULL ||
+ s->init_data->smlists[DETECT_SM_LIST_HMDMATCH] != NULL ||
+ s->init_data->smlists[DETECT_SM_LIST_HUADMATCH] != NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use uricontent "
"/http_uri , raw_uri, http_client_body, "
"http_method, http_user_agent keywords "
}
} else if (fd->flags & FLOW_PKT_TOSERVER) {
/* check for uricontent + from_server/to_client */
- if (/*s->sm_lists[DETECT_SM_LIST_FILEDATA] != NULL ||*/
- s->sm_lists[DETECT_SM_LIST_HSMDMATCH] != NULL ||
- s->sm_lists[DETECT_SM_LIST_HSCDMATCH] != NULL) {
+ if (s->init_data->smlists[DETECT_SM_LIST_HSMDMATCH] != NULL ||
+ s->init_data->smlists[DETECT_SM_LIST_HSCDMATCH] != NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use http_"
"server_body, http_stat_msg, http_stat_code "
"with flow:to_server or flow:from_client");
}
}
- if ((s->sm_lists[DETECT_SM_LIST_FILEDATA] != NULL && s->alproto == ALPROTO_SMTP) ||
- s->sm_lists[DETECT_SM_LIST_UMATCH] != NULL ||
- s->sm_lists[DETECT_SM_LIST_HRUDMATCH] != NULL ||
- s->sm_lists[DETECT_SM_LIST_HCBDMATCH] != NULL ||
- s->sm_lists[DETECT_SM_LIST_HMDMATCH] != NULL ||
- s->sm_lists[DETECT_SM_LIST_HUADMATCH] != NULL) {
+ if ((s->init_data->smlists[DETECT_SM_LIST_FILEDATA] != NULL && s->alproto == ALPROTO_SMTP) ||
+ s->init_data->smlists[DETECT_SM_LIST_UMATCH] != NULL ||
+ s->init_data->smlists[DETECT_SM_LIST_HRUDMATCH] != NULL ||
+ s->init_data->smlists[DETECT_SM_LIST_HCBDMATCH] != NULL ||
+ s->init_data->smlists[DETECT_SM_LIST_HMDMATCH] != NULL ||
+ s->init_data->smlists[DETECT_SM_LIST_HUADMATCH] != NULL) {
sig_flags |= SIG_FLAG_TOSERVER;
s->flags |= SIG_FLAG_TOSERVER;
s->flags &= ~SIG_FLAG_TOCLIENT;
}
- if ((s->sm_lists[DETECT_SM_LIST_FILEDATA] != NULL && s->alproto == ALPROTO_HTTP) ||
- s->sm_lists[DETECT_SM_LIST_HSMDMATCH] != NULL ||
- s->sm_lists[DETECT_SM_LIST_HSCDMATCH] != NULL) {
+ if ((s->init_data->smlists[DETECT_SM_LIST_FILEDATA] != NULL && s->alproto == ALPROTO_HTTP) ||
+ s->init_data->smlists[DETECT_SM_LIST_HSMDMATCH] != NULL ||
+ s->init_data->smlists[DETECT_SM_LIST_HSCDMATCH] != NULL) {
sig_flags |= SIG_FLAG_TOCLIENT;
s->flags |= SIG_FLAG_TOCLIENT;
s->flags &= ~SIG_FLAG_TOSERVER;
SCReturnInt(0);
}
- if (s->sm_lists[DETECT_SM_LIST_HRHDMATCH] != NULL) {
+ if (s->init_data->smlists[DETECT_SM_LIST_HRHDMATCH] != NULL) {
if ((s->flags & (SIG_FLAG_TOCLIENT|SIG_FLAG_TOSERVER)) == (SIG_FLAG_TOCLIENT|SIG_FLAG_TOSERVER)) {
SCLogError(SC_ERR_INVALID_SIGNATURE,"http_raw_header signature "
"without a flow direction. Use flow:to_server for "
}
}
- if (s->sm_lists[DETECT_SM_LIST_HHHDMATCH] != NULL) {
- for (sm = s->sm_lists[DETECT_SM_LIST_HHHDMATCH];
+ if (s->init_data->smlists[DETECT_SM_LIST_HHHDMATCH] != NULL) {
+ for (sm = s->init_data->smlists[DETECT_SM_LIST_HHHDMATCH];
sm != NULL; sm = sm->next) {
if (sm->type == DETECT_CONTENT) {
DetectContentData *cd = (DetectContentData *)sm->ctx;
if (s->flags & SIG_FLAG_REQUIRE_PACKET) {
pm = SigMatchGetLastSMFromLists(s, 24,
- DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH]);
+ DETECT_REPLACE, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_REPLACE, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_REPLACE, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_REPLACE, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_REPLACE, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_REPLACE, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_REPLACE, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_REPLACE, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_REPLACE, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_REPLACE, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_REPLACE, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_REPLACE, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_REPLACE, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH]);
if (pm != NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Signature has"
" replace keyword linked with a modified content"
SCReturnInt(0);
}
- if (s->sm_lists_tail[DETECT_SM_LIST_UMATCH] ||
- s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH] ||
- s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH] ||
- s->sm_lists_tail[DETECT_SM_LIST_FILEDATA] ||
- s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH] ||
- s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH] ||
- s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH] ||
- s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH] ||
- s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH] ||
- s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH] ||
- s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH] ||
- s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH] ||
- s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH])
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH] ||
+ s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH] ||
+ s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH] ||
+ s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA] ||
+ s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH] ||
+ s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH] ||
+ s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH] ||
+ s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH] ||
+ s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH] ||
+ s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH] ||
+ s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH] ||
+ s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH] ||
+ s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH])
{
SCLogError(SC_ERR_INVALID_SIGNATURE, "Signature combines packet "
"specific matches (like dsize, flags, ttl) with stream / "
}
}
- for (sm = s->sm_lists[DETECT_SM_LIST_AMATCH]; sm != NULL; sm = sm->next) {
+ for (sm = s->init_data->smlists[DETECT_SM_LIST_AMATCH]; sm != NULL; sm = sm->next) {
if (sm->type != DETECT_AL_APP_LAYER_PROTOCOL)
continue;
if (((DetectAppLayerProtocolData *)sm->ctx)->negated)
if (s->proto.proto[IPPROTO_TCP / 8] & (1 << (IPPROTO_TCP % 8))) {
if (!(s->flags & (SIG_FLAG_REQUIRE_PACKET | SIG_FLAG_REQUIRE_STREAM))) {
s->flags |= SIG_FLAG_REQUIRE_STREAM;
- sm = s->sm_lists[DETECT_SM_LIST_PMATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH];
while (sm != NULL) {
if (sm->type == DETECT_CONTENT &&
(((DetectContentData *)(sm->ctx))->flags &
}
}
- if (s->sm_lists[DETECT_SM_LIST_BASE64_DATA] != NULL) {
+ if (s->init_data->smlists[DETECT_SM_LIST_BASE64_DATA] != NULL) {
int list;
- uint16_t idx = s->sm_lists[DETECT_SM_LIST_BASE64_DATA]->idx;
+ uint16_t idx = s->init_data->smlists[DETECT_SM_LIST_BASE64_DATA]->idx;
for (list = 0; list < DETECT_SM_LIST_DETECT_MAX; list++) {
if (list != DETECT_SM_LIST_BASE64_DATA &&
- s->sm_lists[list] != NULL) {
- if (s->sm_lists[list]->idx > idx) {
+ s->init_data->smlists[list] != NULL) {
+ if (s->init_data->smlists[list]->idx > idx) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Rule buffer "
"cannot be reset after base64_data.");
SCReturnInt(0);
#ifdef DEBUG
int i;
for (i = 0; i < DETECT_SM_LIST_MAX; i++) {
- if (s->sm_lists[i] != NULL) {
- for (sm = s->sm_lists[i]; sm != NULL; sm = sm->next) {
+ if (s->init_data->smlists[i] != NULL) {
+ for (sm = s->init_data->smlists[i]; sm != NULL; sm = sm->next) {
BUG_ON(sm == sm->prev);
BUG_ON(sm == sm->next);
}
* app layer flag wasn't already set in which case we
* only consider the app layer */
if (!(sig->flags & SIG_FLAG_APPLAYER)) {
- if (sig->sm_lists[DETECT_SM_LIST_MATCH] != NULL) {
- SigMatch *sm = sig->sm_lists[DETECT_SM_LIST_MATCH];
+ if (sig->init_data->smlists[DETECT_SM_LIST_MATCH] != NULL) {
+ SigMatch *sm = sig->init_data->smlists[DETECT_SM_LIST_MATCH];
for ( ; sm != NULL; sm = sm->next) {
if (sigmatch_table[sm->type].Match != NULL)
sig->init_flags |= SIG_FLAG_INIT_PACKET;
}
}
- if (sig->sm_lists[DETECT_SM_LIST_AMATCH] != NULL)
+ if (sig->init_data->smlists[DETECT_SM_LIST_AMATCH] != NULL)
sig->flags |= SIG_FLAG_APPLAYER;
- if (sig->sm_lists[DETECT_SM_LIST_DMATCH])
+ if (sig->init_data->smlists[DETECT_SM_LIST_DMATCH])
sig->flags |= SIG_FLAG_STATE_MATCH;
- if (sig->sm_lists[DETECT_SM_LIST_AMATCH])
+ if (sig->init_data->smlists[DETECT_SM_LIST_AMATCH])
sig->flags |= SIG_FLAG_STATE_MATCH;
/* for other lists this flag is set when the inspect engines
* are registered */
goto end;
}
- if (sig->sm_lists[DETECT_SM_LIST_PMATCH] == NULL) {
+ if (sig->init_data->smlists[DETECT_SM_LIST_PMATCH] == NULL) {
printf("sig doesn't have content list: ");
goto end;
}
goto end;
}
- if (sig->sm_lists[DETECT_SM_LIST_PMATCH] == NULL) {
+ if (sig->init_data->smlists[DETECT_SM_LIST_PMATCH] == NULL) {
printf("sig doesn't have content list: ");
goto end;
}
}
SigMatch *pm = SigMatchGetLastSMFromLists(s, 2,
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH]);
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH]);
if (pm == NULL) {
SCLogError(SC_ERR_RAWBYTES_MISSING_CONTENT, "\"rawbytes\" needs a preceding content option");
SCReturnInt(-1);
/* add to the latest "content" keyword from either dmatch or pmatch */
pm = SigMatchGetLastSMFromLists(s, 2,
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH]);
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH]);
if (pm == NULL) {
SCLogError(SC_ERR_WITHIN_MISSING_CONTENT, "replace needs"
"preceding content option for raw sig");
static _Bool PrefilterTcpSeqIsPrefilterable(const Signature *s)
{
const SigMatch *sm;
- for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
+ for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
switch (sm->type) {
case DETECT_SEQ:
return TRUE;
static pcre *parse_regex;
static pcre_extra *parse_regex_study;
-static int DetectSshVersionMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *,
- uint8_t, void *, const Signature *, const SigMatch *);
+static int DetectSshVersionMatch (ThreadVars *, DetectEngineThreadCtx *,
+ Flow *, uint8_t, void *,
+ const Signature *, const SigMatchData *);
static int DetectSshVersionSetup (DetectEngineCtx *, Signature *, char *);
void DetectSshVersionRegisterTests(void);
void DetectSshVersionFree(void *);
* \retval 0 no match
* \retval 1 match
*/
-static int DetectSshVersionMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f,
- uint8_t flags, void *state, const Signature *s, const SigMatch *m)
+static int DetectSshVersionMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
+ Flow *f, uint8_t flags, void *state,
+ const Signature *s, const SigMatchData *m)
{
SCEnter();
static pcre *parse_regex;
static pcre_extra *parse_regex_study;
-static int DetectSshSoftwareVersionMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *,
- uint8_t, void *, const Signature *, const SigMatch *);
+static int DetectSshSoftwareVersionMatch (ThreadVars *, DetectEngineThreadCtx *,
+ Flow *, uint8_t, void *,
+ const Signature *, const SigMatchData *);
static int DetectSshSoftwareVersionSetup (DetectEngineCtx *, Signature *, char *);
void DetectSshSoftwareVersionRegisterTests(void);
void DetectSshSoftwareVersionFree(void *);
* \retval 0 no match
* \retval 1 match
*/
-static int DetectSshSoftwareVersionMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f,
- uint8_t flags, void *state, const Signature *s, const SigMatch *m)
+static int DetectSshSoftwareVersionMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
+ Flow *f, uint8_t flags, void *state,
+ const Signature *s, const SigMatchData *m)
{
SCEnter();
static pcre *parse_regex2;
static pcre_extra *parse_regex2_study;
-static int DetectSslStateMatch(ThreadVars *, DetectEngineThreadCtx *, Flow *,
- uint8_t, void *, const Signature *, const SigMatch *);
+static int DetectSslStateMatch(ThreadVars *, DetectEngineThreadCtx *,
+ Flow *, uint8_t, void *,
+ const Signature *, const SigMatchData *);
static int DetectSslStateSetup(DetectEngineCtx *, Signature *, char *);
void DetectSslStateRegisterTests(void);
void DetectSslStateFree(void *);
* \retval 0 No match.
*/
static int DetectSslStateMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
- Flow *f, uint8_t flags, void *alstate, const Signature *s,
- const SigMatch *m)
+ Flow *f, uint8_t flags, void *alstate,
+ const Signature *s, const SigMatchData *m)
{
- DetectSslStateData *ssd = (DetectSslStateData *)m->ctx;
+ const DetectSslStateData *ssd = (const DetectSslStateData *)m->ctx;
SSLState *ssl_state = (SSLState *)alstate;
if (ssl_state == NULL) {
SCLogDebug("no app state, no match");
static pcre *parse_regex;
static pcre_extra *parse_regex_study;
-static int DetectSslVersionMatch(ThreadVars *, DetectEngineThreadCtx *, Flow *,
- uint8_t, void *, const Signature *, const SigMatch *);
+static int DetectSslVersionMatch(ThreadVars *, DetectEngineThreadCtx *,
+ Flow *, uint8_t, void *,
+ const Signature *, const SigMatchData *);
static int DetectSslVersionSetup(DetectEngineCtx *, Signature *, char *);
void DetectSslVersionRegisterTests(void);
void DetectSslVersionFree(void *);
*/
static int DetectSslVersionMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
Flow *f, uint8_t flags, void *state,
- const Signature *s, const SigMatch *m)
+ const Signature *s, const SigMatchData *m)
{
SCEnter();
uint16_t ver = 0;
uint8_t sig_ver = TLS_UNKNOWN;
- DetectSslVersionData *ssl = (DetectSslVersionData *)m->ctx;
+ const DetectSslVersionData *ssl = (const DetectSslVersionData *)m->ctx;
SSLState *app_state = (SSLState *)state;
if (app_state == NULL) {
SCLogDebug("no app state, no match");
/* checks if there is a previous instance of detection_filter */
tmpm = SigMatchGetLastSMFromLists(s, 2,
- DETECT_DETECTION_FILTER, s->sm_lists[DETECT_SM_LIST_MATCH]);
+ DETECT_DETECTION_FILTER, s->init_data->smlists[DETECT_SM_LIST_MATCH]);
if (tmpm != NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "\"detection_filter\" and \"threshold\" are not allowed in the same rule");
SCReturnInt(-1);
static pcre *parse_regex;
static pcre_extra *parse_regex_study;
-static int DetectTlsVersionMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *,
- uint8_t, void *, const Signature *, const SigMatch *);
+static int DetectTlsVersionMatch (ThreadVars *, DetectEngineThreadCtx *,
+ Flow *, uint8_t, void *,
+ const Signature *, const SigMatchData *);
static int DetectTlsVersionSetup (DetectEngineCtx *, Signature *, char *);
void DetectTlsVersionRegisterTests(void);
void DetectTlsVersionFree(void *);
* \retval 0 no match
* \retval 1 match
*/
-static int DetectTlsVersionMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f,
- uint8_t flags, void *state, const Signature *s, const SigMatch *m)
+static int DetectTlsVersionMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
+ Flow *f, uint8_t flags, void *state,
+ const Signature *s, const SigMatchData *m)
{
SCEnter();
- DetectTlsVersionData *tls_data = (DetectTlsVersionData *)m->ctx;
+ const DetectTlsVersionData *tls_data = (const DetectTlsVersionData *)m->ctx;
SSLState *ssl_state = (SSLState *)state;
if (ssl_state == NULL) {
SCLogDebug("no tls state, no match");
static pcre *fingerprint_parse_regex;
static pcre_extra *fingerprint_parse_regex_study;
-static int DetectTlsSubjectMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t, void *, const Signature *, const SigMatch *);
+static int DetectTlsSubjectMatch (ThreadVars *, DetectEngineThreadCtx *,
+ Flow *, uint8_t, void *,
+ const Signature *, const SigMatchData *);
static int DetectTlsSubjectSetup (DetectEngineCtx *, Signature *, char *);
static void DetectTlsSubjectRegisterTests(void);
static void DetectTlsSubjectFree(void *);
-static int DetectTlsIssuerDNMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t, void *, const Signature *, const SigMatch *);
+
+static int DetectTlsIssuerDNMatch (ThreadVars *, DetectEngineThreadCtx *,
+ Flow *, uint8_t, void *,
+ const Signature *, const SigMatchData *);
static int DetectTlsIssuerDNSetup (DetectEngineCtx *, Signature *, char *);
static void DetectTlsIssuerDNRegisterTests(void);
static void DetectTlsIssuerDNFree(void *);
-static int DetectTlsFingerprintMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t, void *, const Signature *, const SigMatch *);
+
+static int DetectTlsFingerprintMatch (ThreadVars *, DetectEngineThreadCtx *,
+ Flow *, uint8_t, void *,
+ const Signature *, const SigMatchData *);
static int DetectTlsFingerprintSetup (DetectEngineCtx *, Signature *, char *);
static void DetectTlsFingerprintFree(void *);
+
static int DetectTlsStoreSetup (DetectEngineCtx *, Signature *, char *);
-static int DetectTlsStoreMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t, void *, const Signature *, const SigMatch *);
+static int DetectTlsStoreMatch (ThreadVars *, DetectEngineThreadCtx *,
+ Flow *, uint8_t, void *,
+ const Signature *, const SigMatchData *);
/**
* \brief Registration function for keyword: tls.version
* \retval 0 no match
* \retval 1 match
*/
-static int DetectTlsSubjectMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f,
- uint8_t flags, void *state, const Signature *s, const SigMatch *m)
+static int DetectTlsSubjectMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
+ Flow *f, uint8_t flags, void *state,
+ const Signature *s, const SigMatchData *m)
{
SCEnter();
- DetectTlsData *tls_data = (DetectTlsData *)m->ctx;
+ const DetectTlsData *tls_data = (const DetectTlsData *)m->ctx;
SSLState *ssl_state = (SSLState *)state;
if (ssl_state == NULL) {
SCLogDebug("no tls state, no match");
* \retval 0 no match
* \retval 1 match
*/
-static int DetectTlsIssuerDNMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f,
- uint8_t flags, void *state, const Signature *s, const SigMatch *m)
+static int DetectTlsIssuerDNMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
+ Flow *f, uint8_t flags, void *state,
+ const Signature *s, const SigMatchData *m)
{
SCEnter();
- DetectTlsData *tls_data = (DetectTlsData *)m->ctx;
+ const DetectTlsData *tls_data = (const DetectTlsData *)m->ctx;
SSLState *ssl_state = (SSLState *)state;
if (ssl_state == NULL) {
SCLogDebug("no tls state, no match");
* \retval 0 no match
* \retval 1 match
*/
-static int DetectTlsFingerprintMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f,
- uint8_t flags, void *state, const Signature *s, const SigMatch *m)
+static int DetectTlsFingerprintMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
+ Flow *f, uint8_t flags, void *state,
+ const Signature *s, const SigMatchData *m)
{
SCEnter();
- DetectTlsData *tls_data = (DetectTlsData *)m->ctx;
+ const DetectTlsData *tls_data = (const DetectTlsData *)m->ctx;
SSLState *ssl_state = (SSLState *)state;
if (ssl_state == NULL) {
SCLogDebug("no tls state, no match");
}
/** \warning modifies state */
-static int DetectTlsStoreMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f,
- uint8_t flags, void *state, const Signature *s, const SigMatch *m)
+static int DetectTlsStoreMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
+ Flow *f, uint8_t flags, void *state,
+ const Signature *s, const SigMatchData *m)
{
SCEnter();
static _Bool PrefilterTtlIsPrefilterable(const Signature *s)
{
const SigMatch *sm;
- for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
+ for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
switch (sm->type) {
case DETECT_TTL:
return TRUE;
/* retrive the sm to apply the depth against */
if (s->list != DETECT_SM_LIST_NOTSET) {
- pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->sm_lists_tail[s->list]);
+ pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->init_data->smlists_tail[s->list]);
} else {
pm = SigMatchGetLastSMFromLists(s, 28,
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH]);
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH],
+ DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH]);
}
if (pm == NULL) {
SCLogError(SC_ERR_OFFSET_MISSING_CONTENT, "within needs "
}
}
- SCLogDebug("s->sm_lists[DETECT_SM_LIST_AMATCH] %p, "
- "s->sm_lists[DETECT_SM_LIST_UMATCH] %p, "
- "s->sm_lists[DETECT_SM_LIST_DMATCH] %p, "
- "s->sm_lists[DETECT_SM_LIST_HCDMATCH] %p",
- s->sm_lists[DETECT_SM_LIST_AMATCH],
- s->sm_lists[DETECT_SM_LIST_UMATCH],
- s->sm_lists[DETECT_SM_LIST_DMATCH],
- s->sm_lists[DETECT_SM_LIST_HCDMATCH]);
-
/* consider stateful sig matches */
if (sflags & SIG_FLAG_STATE_MATCH) {
if (has_state == 0) {
if (s->alproto != ALPROTO_UNKNOWN)
return 0;
- if (s->sm_lists[DETECT_SM_LIST_PMATCH] != NULL)
+ if (s->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL)
return 0;
- if (s->sm_lists[DETECT_SM_LIST_UMATCH] != NULL)
+ if (s->init_data->smlists[DETECT_SM_LIST_UMATCH] != NULL)
return 0;
- if (s->sm_lists[DETECT_SM_LIST_HCBDMATCH] != NULL)
+ if (s->init_data->smlists[DETECT_SM_LIST_HCBDMATCH] != NULL)
return 0;
- if (s->sm_lists[DETECT_SM_LIST_FILEDATA] != NULL)
+ if (s->init_data->smlists[DETECT_SM_LIST_FILEDATA] != NULL)
return 0;
- if (s->sm_lists[DETECT_SM_LIST_HHDMATCH] != NULL)
+ if (s->init_data->smlists[DETECT_SM_LIST_HHDMATCH] != NULL)
return 0;
- if (s->sm_lists[DETECT_SM_LIST_HRHDMATCH] != NULL)
+ if (s->init_data->smlists[DETECT_SM_LIST_HRHDMATCH] != NULL)
return 0;
- if (s->sm_lists[DETECT_SM_LIST_HMDMATCH] != NULL)
+ if (s->init_data->smlists[DETECT_SM_LIST_HMDMATCH] != NULL)
return 0;
- if (s->sm_lists[DETECT_SM_LIST_HCDMATCH] != NULL)
+ if (s->init_data->smlists[DETECT_SM_LIST_HCDMATCH] != NULL)
return 0;
- if (s->sm_lists[DETECT_SM_LIST_HRUDMATCH] != NULL)
+ if (s->init_data->smlists[DETECT_SM_LIST_HRUDMATCH] != NULL)
return 0;
- if (s->sm_lists[DETECT_SM_LIST_HSMDMATCH] != NULL)
+ if (s->init_data->smlists[DETECT_SM_LIST_HSMDMATCH] != NULL)
return 0;
- if (s->sm_lists[DETECT_SM_LIST_HSCDMATCH] != NULL)
+ if (s->init_data->smlists[DETECT_SM_LIST_HSCDMATCH] != NULL)
return 0;
- if (s->sm_lists[DETECT_SM_LIST_HUADMATCH] != NULL)
+ if (s->init_data->smlists[DETECT_SM_LIST_HUADMATCH] != NULL)
return 0;
- if (s->sm_lists[DETECT_SM_LIST_HHHDMATCH] != NULL)
+ if (s->init_data->smlists[DETECT_SM_LIST_HHHDMATCH] != NULL)
return 0;
- if (s->sm_lists[DETECT_SM_LIST_HRHHDMATCH] != NULL)
+ if (s->init_data->smlists[DETECT_SM_LIST_HRHHDMATCH] != NULL)
return 0;
- if (s->sm_lists[DETECT_SM_LIST_AMATCH] != NULL)
+ if (s->init_data->smlists[DETECT_SM_LIST_AMATCH] != NULL)
return 0;
/* TMATCH list can be ignored, it contains TAGs and
cidr_item = cidr_item->next;
}
- SigMatch *sm = s->sm_lists[DETECT_SM_LIST_MATCH];
+ SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
if (sm == NULL)
goto iponly;
if (s->alproto != ALPROTO_UNKNOWN)
return 0;
- if (s->sm_lists[DETECT_SM_LIST_PMATCH] != NULL)
+ if (s->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL)
return 0;
- if (s->sm_lists[DETECT_SM_LIST_UMATCH] != NULL)
+ if (s->init_data->smlists[DETECT_SM_LIST_UMATCH] != NULL)
return 0;
- if (s->sm_lists[DETECT_SM_LIST_HCBDMATCH] != NULL)
+ if (s->init_data->smlists[DETECT_SM_LIST_HCBDMATCH] != NULL)
return 0;
- if (s->sm_lists[DETECT_SM_LIST_FILEDATA] != NULL)
+ if (s->init_data->smlists[DETECT_SM_LIST_FILEDATA] != NULL)
return 0;
- if (s->sm_lists[DETECT_SM_LIST_HHDMATCH] != NULL)
+ if (s->init_data->smlists[DETECT_SM_LIST_HHDMATCH] != NULL)
return 0;
- if (s->sm_lists[DETECT_SM_LIST_HRHDMATCH] != NULL)
+ if (s->init_data->smlists[DETECT_SM_LIST_HRHDMATCH] != NULL)
return 0;
- if (s->sm_lists[DETECT_SM_LIST_HMDMATCH] != NULL)
+ if (s->init_data->smlists[DETECT_SM_LIST_HMDMATCH] != NULL)
return 0;
- if (s->sm_lists[DETECT_SM_LIST_HCDMATCH] != NULL)
+ if (s->init_data->smlists[DETECT_SM_LIST_HCDMATCH] != NULL)
return 0;
- if (s->sm_lists[DETECT_SM_LIST_HRUDMATCH] != NULL)
+ if (s->init_data->smlists[DETECT_SM_LIST_HRUDMATCH] != NULL)
return 0;
- if (s->sm_lists[DETECT_SM_LIST_HSMDMATCH] != NULL)
+ if (s->init_data->smlists[DETECT_SM_LIST_HSMDMATCH] != NULL)
return 0;
- if (s->sm_lists[DETECT_SM_LIST_HSCDMATCH] != NULL)
+ if (s->init_data->smlists[DETECT_SM_LIST_HSCDMATCH] != NULL)
return 0;
- if (s->sm_lists[DETECT_SM_LIST_HUADMATCH] != NULL)
+ if (s->init_data->smlists[DETECT_SM_LIST_HUADMATCH] != NULL)
return 0;
- if (s->sm_lists[DETECT_SM_LIST_HHHDMATCH] != NULL)
+ if (s->init_data->smlists[DETECT_SM_LIST_HHHDMATCH] != NULL)
return 0;
- if (s->sm_lists[DETECT_SM_LIST_HRHHDMATCH] != NULL)
+ if (s->init_data->smlists[DETECT_SM_LIST_HRHHDMATCH] != NULL)
return 0;
- if (s->sm_lists[DETECT_SM_LIST_AMATCH] != NULL)
+ if (s->init_data->smlists[DETECT_SM_LIST_AMATCH] != NULL)
return 0;
/* TMATCH list can be ignored, it contains TAGs and
/* match list matches may be compatible to DP only. We follow the same
* logic as IP-only so we can use that flag */
- SigMatch *sm = s->sm_lists[DETECT_SM_LIST_MATCH];
+ SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
if (sm == NULL)
return 0;
static int SignatureIsInspectingPayload(DetectEngineCtx *de_ctx, const Signature *s)
{
- if (s->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) {
+ if (s->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL) {
return 1;
}
#if 0
SCReturnInt(0);
}
- if (s->sm_lists[DETECT_SM_LIST_PMATCH] != NULL ||
- s->sm_lists[DETECT_SM_LIST_UMATCH] != NULL ||
- s->sm_lists[DETECT_SM_LIST_AMATCH] != NULL ||
- s->sm_lists[DETECT_SM_LIST_HCBDMATCH] != NULL ||
- s->sm_lists[DETECT_SM_LIST_FILEDATA] != NULL ||
- s->sm_lists[DETECT_SM_LIST_HHDMATCH] != NULL ||
- s->sm_lists[DETECT_SM_LIST_HRHDMATCH] != NULL ||
- s->sm_lists[DETECT_SM_LIST_HMDMATCH] != NULL ||
- s->sm_lists[DETECT_SM_LIST_HCDMATCH] != NULL ||
- s->sm_lists[DETECT_SM_LIST_HSMDMATCH] != NULL ||
- s->sm_lists[DETECT_SM_LIST_HSCDMATCH] != NULL ||
- s->sm_lists[DETECT_SM_LIST_HRUDMATCH] != NULL ||
- s->sm_lists[DETECT_SM_LIST_HUADMATCH] != NULL ||
- s->sm_lists[DETECT_SM_LIST_HHHDMATCH] != NULL ||
- s->sm_lists[DETECT_SM_LIST_HRHHDMATCH] != NULL)
+ if (s->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL ||
+ s->init_data->smlists[DETECT_SM_LIST_UMATCH] != NULL ||
+ s->init_data->smlists[DETECT_SM_LIST_AMATCH] != NULL ||
+ s->init_data->smlists[DETECT_SM_LIST_HCBDMATCH] != NULL ||
+ s->init_data->smlists[DETECT_SM_LIST_FILEDATA] != NULL ||
+ s->init_data->smlists[DETECT_SM_LIST_HHDMATCH] != NULL ||
+ s->init_data->smlists[DETECT_SM_LIST_HRHDMATCH] != NULL ||
+ s->init_data->smlists[DETECT_SM_LIST_HMDMATCH] != NULL ||
+ s->init_data->smlists[DETECT_SM_LIST_HCDMATCH] != NULL ||
+ s->init_data->smlists[DETECT_SM_LIST_HSMDMATCH] != NULL ||
+ s->init_data->smlists[DETECT_SM_LIST_HSCDMATCH] != NULL ||
+ s->init_data->smlists[DETECT_SM_LIST_HRUDMATCH] != NULL ||
+ s->init_data->smlists[DETECT_SM_LIST_HUADMATCH] != NULL ||
+ s->init_data->smlists[DETECT_SM_LIST_HHHDMATCH] != NULL ||
+ s->init_data->smlists[DETECT_SM_LIST_HRHHDMATCH] != NULL)
{
SCReturnInt(0);
}
/* check for conflicting keywords */
- SigMatch *sm = s->sm_lists[DETECT_SM_LIST_MATCH];
+ SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
for ( ;sm != NULL; sm = sm->next) {
if ( !(sigmatch_table[sm->type].flags & SIGMATCH_DEONLY_COMPAT))
SCReturnInt(0);
}
/* need at least one decode event keyword to be considered decode event. */
- sm = s->sm_lists[DETECT_SM_LIST_MATCH];
+ sm = s->init_data->smlists[DETECT_SM_LIST_MATCH];
for ( ;sm != NULL; sm = sm->next) {
if (sm->type == DETECT_DECODE_EVENT)
goto deonly;
{
SCEnter();
- if (s->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) {
+ if (s->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL) {
s->mask |= SIG_MASK_REQUIRE_PAYLOAD;
SCLogDebug("sig requires payload");
}
- if (s->sm_lists[DETECT_SM_LIST_DMATCH] != NULL) {
+ if (s->init_data->smlists[DETECT_SM_LIST_DMATCH] != NULL) {
s->mask |= SIG_MASK_REQUIRE_DCE_STATE;
SCLogDebug("sig requires dce state");
}
- if (s->sm_lists[DETECT_SM_LIST_UMATCH] != NULL) {
+ if (s->init_data->smlists[DETECT_SM_LIST_UMATCH] != NULL) {
s->mask |= SIG_MASK_REQUIRE_HTTP_STATE;
SCLogDebug("sig requires http state");
}
- if (s->sm_lists[DETECT_SM_LIST_HCBDMATCH] != NULL) {
+ if (s->init_data->smlists[DETECT_SM_LIST_HCBDMATCH] != NULL) {
s->mask |= SIG_MASK_REQUIRE_HTTP_STATE;
SCLogDebug("sig requires http app state");
}
- if (s->sm_lists[DETECT_SM_LIST_FILEDATA] != NULL) {
+ if (s->init_data->smlists[DETECT_SM_LIST_FILEDATA] != NULL) {
/* set the state depending from the protocol */
if (s->alproto == ALPROTO_HTTP)
s->mask |= SIG_MASK_REQUIRE_HTTP_STATE;
SCLogDebug("sig requires http or smtp app state");
}
- if (s->sm_lists[DETECT_SM_LIST_HHDMATCH] != NULL) {
+ if (s->init_data->smlists[DETECT_SM_LIST_HHDMATCH] != NULL) {
s->mask |= SIG_MASK_REQUIRE_HTTP_STATE;
SCLogDebug("sig requires http app state");
}
- if (s->sm_lists[DETECT_SM_LIST_HRHDMATCH] != NULL) {
+ if (s->init_data->smlists[DETECT_SM_LIST_HRHDMATCH] != NULL) {
s->mask |= SIG_MASK_REQUIRE_HTTP_STATE;
SCLogDebug("sig requires http app state");
}
- if (s->sm_lists[DETECT_SM_LIST_HMDMATCH] != NULL) {
+ if (s->init_data->smlists[DETECT_SM_LIST_HMDMATCH] != NULL) {
s->mask |= SIG_MASK_REQUIRE_HTTP_STATE;
SCLogDebug("sig requires http app state");
}
- if (s->sm_lists[DETECT_SM_LIST_HCDMATCH] != NULL) {
+ if (s->init_data->smlists[DETECT_SM_LIST_HCDMATCH] != NULL) {
s->mask |= SIG_MASK_REQUIRE_HTTP_STATE;
SCLogDebug("sig requires http app state");
}
- if (s->sm_lists[DETECT_SM_LIST_HRUDMATCH] != NULL) {
+ if (s->init_data->smlists[DETECT_SM_LIST_HRUDMATCH] != NULL) {
s->mask |= SIG_MASK_REQUIRE_HTTP_STATE;
SCLogDebug("sig requires http app state");
}
- if (s->sm_lists[DETECT_SM_LIST_HSMDMATCH] != NULL) {
+ if (s->init_data->smlists[DETECT_SM_LIST_HSMDMATCH] != NULL) {
s->mask |= SIG_MASK_REQUIRE_HTTP_STATE;
SCLogDebug("sig requires http app state");
}
- if (s->sm_lists[DETECT_SM_LIST_HSCDMATCH] != NULL) {
+ if (s->init_data->smlists[DETECT_SM_LIST_HSCDMATCH] != NULL) {
s->mask |= SIG_MASK_REQUIRE_HTTP_STATE;
SCLogDebug("sig requires http app state");
}
- if (s->sm_lists[DETECT_SM_LIST_HUADMATCH] != NULL) {
+ if (s->init_data->smlists[DETECT_SM_LIST_HUADMATCH] != NULL) {
s->mask |= SIG_MASK_REQUIRE_HTTP_STATE;
SCLogDebug("sig requires http app state");
}
- if (s->sm_lists[DETECT_SM_LIST_HHHDMATCH] != NULL) {
+ if (s->init_data->smlists[DETECT_SM_LIST_HHHDMATCH] != NULL) {
s->mask |= SIG_MASK_REQUIRE_HTTP_STATE;
SCLogDebug("sig requires http app state");
}
- if (s->sm_lists[DETECT_SM_LIST_HRHHDMATCH] != NULL) {
+ if (s->init_data->smlists[DETECT_SM_LIST_HRHHDMATCH] != NULL) {
s->mask |= SIG_MASK_REQUIRE_HTTP_STATE;
SCLogDebug("sig requires http app state");
}
SigMatch *sm;
- for (sm = s->sm_lists[DETECT_SM_LIST_AMATCH] ; sm != NULL; sm = sm->next) {
+ for (sm = s->init_data->smlists[DETECT_SM_LIST_AMATCH] ; sm != NULL; sm = sm->next) {
switch(sm->type) {
case DETECT_AL_URILEN:
case DETECT_AL_HTTP_URI:
}
}
- for (sm = s->sm_lists[DETECT_SM_LIST_APP_EVENT] ; sm != NULL; sm = sm->next) {
+ for (sm = s->init_data->smlists[DETECT_SM_LIST_APP_EVENT] ; sm != NULL; sm = sm->next) {
switch (sm->type) {
case DETECT_AL_APP_LAYER_EVENT:
{
}
}
- for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
+ for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
switch(sm->type) {
case DETECT_FLOWBITS:
{
SCLogDebug("sig requires flow");
}
- if (s->sm_lists[DETECT_SM_LIST_AMATCH] != NULL) {
+ if (s->init_data->smlists[DETECT_SM_LIST_AMATCH] != NULL) {
s->mask |= SIG_MASK_REQUIRE_FLOW;
SCLogDebug("sig requires flow");
}
return;
}
- SigMatch *sm = s->sm_lists[DETECT_SM_LIST_PMATCH];
+ SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH];
for ( ; sm != NULL; sm = sm->next) {
if (sm->type != DETECT_CONTENT) {
continue;
/** \brief Pure-PCRE or bytetest rule */
int RuleInspectsPayloadHasNoMpm(const Signature *s)
{
- if (s->mpm_sm == NULL && s->sm_lists[DETECT_SM_LIST_PMATCH] != NULL)
+ if (s->mpm_sm == NULL && s->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL)
return 1;
return 0;
}
if (s->mpm_sm == NULL) {
nonmpm_cnt++;
- if (s->sm_lists[DETECT_SM_LIST_MATCH] != NULL) {
+ if (s->sm_arrays[DETECT_SM_LIST_MATCH] != NULL) {
SCLogDebug("SGH %p Non-MPM inspecting only packets. Rule %u", sgh, s->id);
}
char copresent = 0;
SigMatch *sm;
DetectContentData *co;
- for (sm = tmp_s->sm_lists[DETECT_SM_LIST_MATCH]; sm != NULL; sm = sm->next) {
+ for (sm = tmp_s->init_data->smlists[DETECT_SM_LIST_MATCH]; sm != NULL; sm = sm->next) {
if (sm->type != DETECT_CONTENT)
continue;
/* get the keyword supporting prefilter with the lowest type */
for (i = 0; i < DETECT_SM_LIST_DETECT_MAX; i++) {
- SigMatch *sm = tmp_s->sm_lists[i];
+ SigMatch *sm = tmp_s->init_data->smlists[i];
while (sm != NULL) {
if (sigmatch_table[sm->type].SupportsPrefilter != NULL) {
if (sigmatch_table[sm->type].SupportsPrefilter(tmp_s) == TRUE) {
/* apply that keyword as prefilter */
if (prefilter_list != DETECT_TBLSIZE) {
for (i = 0; i < DETECT_SM_LIST_DETECT_MAX; i++) {
- SigMatch *sm = tmp_s->sm_lists[i];
+ SigMatch *sm = tmp_s->init_data->smlists[i];
while (sm != NULL) {
if (sm->type == prefilter_list) {
tmp_s->prefilter_sm = sm;
for (; s != NULL; s = s->next) {
int type;
for (type = 0; type < DETECT_SM_LIST_MAX; type++) {
- SigMatch *sm = s->sm_lists[type];
+ SigMatch *sm = s->init_data->smlists[type];
int len = SigMatchListLen(sm);
if (len == 0)
s->sm_arrays[type] = NULL;
}
}
DetectEngineAppInspectionEngine2Signature(s);
+
+ /* TODO free lists etc */
+ SCFree(s->init_data);
+ s->init_data = NULL;
}
struct DetectEngineAppInspectionEngine_ *next;
} DetectEngineAppInspectionEngine;
+#ifdef UNITTESTS
+#define sm_lists init_data->smlists
+#define sm_lists_tail init_data->smlists_tail
+#endif
+
+typedef struct SignatureInitData_ {
+ /* holds all sm lists */
+ struct SigMatch_ *smlists[DETECT_SM_LIST_MAX];
+ /* holds all sm lists' tails */
+ struct SigMatch_ *smlists_tail[DETECT_SM_LIST_MAX];
+} SignatureInitData;
/** \brief Signature container */
typedef struct Signature_ {
/* Hold copies of the sm lists for Match() */
SigMatchData *sm_arrays[DETECT_SM_LIST_MAX];
- /* holds all sm lists */
- struct SigMatch_ *sm_lists[DETECT_SM_LIST_MAX];
- /* holds all sm lists' tails */
- struct SigMatch_ *sm_lists_tail[DETECT_SM_LIST_MAX];
-
- SigMatch *filestore_sm;
+ /* memory is still owned by the sm_lists/sm_arrays entry */
+ const struct DetectFilestoreData_ *filestore_ctx;
char *msg;
int prefilter_list;
+ SignatureInitData *init_data;
+
/** ptr to the next sig in the list */
struct Signature_ *next;
} Signature;
int (*Match)(ThreadVars *, DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *);
/** AppLayer match function pointer */
- int (*AppLayerMatch)(ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, const Signature *, const SigMatch *);
+ int (*AppLayerMatch)(ThreadVars *, DetectEngineThreadCtx *,
+ Flow *, uint8_t flags, void *alstate,
+ const Signature *, const SigMatchData *);
/** AppLayer TX match function pointer */
int (*AppLayerTxMatch)(ThreadVars *, DetectEngineThreadCtx *, Flow *,
if (id == 0 && gid == 0) {
for (s = de_ctx->sig_list; s != NULL; s = s->next) {
sm = SigMatchGetLastSMFromLists(s, 2,
- DETECT_THRESHOLD, s->sm_lists[DETECT_SM_LIST_THRESHOLD]);
+ DETECT_THRESHOLD, s->init_data->smlists[DETECT_SM_LIST_THRESHOLD]);
if (sm != NULL) {
SCLogWarning(SC_ERR_EVENT_ENGINE, "signature sid:%"PRIu32 " has "
"an event var set. The signature event var is "
}
sm = SigMatchGetLastSMFromLists(s, 2,
- DETECT_DETECTION_FILTER, s->sm_lists[DETECT_SM_LIST_THRESHOLD]);
+ DETECT_DETECTION_FILTER, s->init_data->smlists[DETECT_SM_LIST_THRESHOLD]);
if (sm != NULL) {
SCLogWarning(SC_ERR_EVENT_ENGINE, "signature sid:%"PRIu32 " has "
"an event var set. The signature event var is "
for (s = de_ctx->sig_list; s != NULL; s = s->next) {
if (s->gid == gid) {
sm = SigMatchGetLastSMFromLists(s, 2,
- DETECT_THRESHOLD, s->sm_lists[DETECT_SM_LIST_THRESHOLD]);
+ DETECT_THRESHOLD, s->init_data->smlists[DETECT_SM_LIST_THRESHOLD]);
if (sm != NULL) {
SCLogWarning(SC_ERR_EVENT_ENGINE, "signature sid:%"PRIu32 " has "
"an event var set. The signature event var is "
}
sm = SigMatchGetLastSMFromLists(s, 2,
- DETECT_DETECTION_FILTER, s->sm_lists[DETECT_SM_LIST_THRESHOLD]);
+ DETECT_DETECTION_FILTER, s->init_data->smlists[DETECT_SM_LIST_THRESHOLD]);
if (sm != NULL) {
SCLogWarning(SC_ERR_EVENT_ENGINE, "signature sid:%"PRIu32 " has "
"an event var set. The signature event var is "
parsed_type != TYPE_BOTH && parsed_type != TYPE_LIMIT)
{
sm = SigMatchGetLastSMFromLists(s, 2,
- DETECT_THRESHOLD, s->sm_lists[DETECT_SM_LIST_THRESHOLD]);
+ DETECT_THRESHOLD, s->init_data->smlists[DETECT_SM_LIST_THRESHOLD]);
if (sm != NULL) {
SCLogWarning(SC_ERR_EVENT_ENGINE, "signature sid:%"PRIu32 " has "
"a threshold set. The signature event var is "
}
sm = SigMatchGetLastSMFromLists(s, 2,
- DETECT_DETECTION_FILTER, s->sm_lists[DETECT_SM_LIST_THRESHOLD]);
+ DETECT_DETECTION_FILTER, s->init_data->smlists[DETECT_SM_LIST_THRESHOLD]);
if (sm != NULL) {
SCLogWarning(SC_ERR_EVENT_ENGINE, "signature sid:%"PRIu32 " has "
"a detection_filter set. The signature event var is "
#if 1
} else if (parsed_type == TYPE_THRESHOLD || parsed_type == TYPE_BOTH || parsed_type == TYPE_LIMIT) {
sm = SigMatchGetLastSMFromLists(s, 2,
- DETECT_THRESHOLD, s->sm_lists[DETECT_SM_LIST_THRESHOLD]);
+ DETECT_THRESHOLD, s->init_data->smlists[DETECT_SM_LIST_THRESHOLD]);
if (sm == NULL) {
sm = SigMatchGetLastSMFromLists(s, 2,
- DETECT_DETECTION_FILTER, s->sm_lists[DETECT_SM_LIST_THRESHOLD]);
+ DETECT_DETECTION_FILTER, s->init_data->smlists[DETECT_SM_LIST_THRESHOLD]);
}
if (sm != NULL) {
SigMatchRemoveSMFromList(s, sm, DETECT_SM_LIST_THRESHOLD);
*/
static int SCThresholdConfTest18(void)
{
- Signature *s = NULL;
- int result = 0;
- FILE *fd = NULL;
- SigMatch *sm = NULL;
- DetectThresholdData *de = NULL;
-
HostInitConfig(HOST_QUIET);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
- if (de_ctx == NULL)
- return result;
+ FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
- s = DetectEngineAppendSig(de_ctx, "alert tcp 192.168.0.10 any -> 192.168.0.100 any (msg:\"suppress test\"; gid:1; sid:2200029;)");
- if (s == NULL) {
- goto end;
- }
-
- fd = SCThresholdConfGenerateInvalidDummyFD12();
+ Signature *s = DetectEngineAppendSig(de_ctx, "alert tcp 192.168.0.10 any -> 192.168.0.100 any (msg:\"suppress test\"; gid:1; sid:2200029;)");
+ FAIL_IF_NULL(s);
+ FILE *fd = SCThresholdConfGenerateInvalidDummyFD12();
+ FAIL_IF_NULL(fd);
SCThresholdConfInitContext(de_ctx,fd);
SigGroupBuild(de_ctx);
- if (s->sm_lists[DETECT_SM_LIST_SUPPRESS] == NULL) {
- printf("no thresholds: ");
- goto end;
- }
- sm = s->sm_lists[DETECT_SM_LIST_SUPPRESS];
- if (sm == NULL) {
- printf("no sm: ");
- goto end;
- }
-
- de = (DetectThresholdData *)sm->ctx;
- if (de == NULL) {
- printf("no de: ");
- goto end;
- }
- if (!(de->type == TYPE_SUPPRESS && de->track == TRACK_DST)) {
- printf("de state wrong: ");
- goto end;
- }
+ FAIL_IF_NULL(s->sm_arrays[DETECT_SM_LIST_SUPPRESS]);
+ SigMatchData *smd = s->sm_arrays[DETECT_SM_LIST_SUPPRESS];
+ DetectThresholdData *de = (DetectThresholdData *)smd->ctx;
+ FAIL_IF_NULL(de);
+ FAIL_IF_NOT(de->type == TYPE_SUPPRESS && de->track == TRACK_DST);
- result = 1;
-end:
DetectEngineCtxFree(de_ctx);
HostShutdown();
- return result;
+ PASS;
}
/**
*/
static int SCThresholdConfTest19(void)
{
- Signature *s = NULL;
- int result = 0;
- FILE *fd = NULL;
- SigMatch *sm = NULL;
- DetectThresholdData *de = NULL;
-
HostInitConfig(HOST_QUIET);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
- if (de_ctx == NULL)
- return result;
+ FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
-
- s = DetectEngineAppendSig(de_ctx, "alert tcp 192.168.0.10 any -> 192.168.0.100 any (msg:\"suppress test\"; gid:1; sid:2200029;)");
- if (s == NULL) {
- goto end;
- }
-
- fd = SCThresholdConfGenerateInvalidDummyFD13();
+ Signature *s = DetectEngineAppendSig(de_ctx, "alert tcp 192.168.0.10 any -> 192.168.0.100 any (msg:\"suppress test\"; gid:1; sid:2200029;)");
+ FAIL_IF_NULL(s);
+ FILE *fd = SCThresholdConfGenerateInvalidDummyFD13();
+ FAIL_IF_NULL(fd);
SCThresholdConfInitContext(de_ctx,fd);
SigGroupBuild(de_ctx);
-
- if (s->sm_lists[DETECT_SM_LIST_SUPPRESS] == NULL) {
- printf("no thresholds: ");
- goto end;
- }
- sm = s->sm_lists[DETECT_SM_LIST_SUPPRESS];
- if (sm == NULL) {
- printf("no sm: ");
- goto end;
- }
-
- de = (DetectThresholdData *)sm->ctx;
- if (de == NULL) {
- printf("no de: ");
- goto end;
- }
- if (!(de->type == TYPE_SUPPRESS && de->track == TRACK_DST)) {
- printf("de state wrong: ");
- goto end;
- }
-
- result = 1;
-end:
+ FAIL_IF_NULL(s->sm_arrays[DETECT_SM_LIST_SUPPRESS]);
+ SigMatchData *smd = s->sm_arrays[DETECT_SM_LIST_SUPPRESS];
+ DetectThresholdData *de = (DetectThresholdData *)smd->ctx;
+ FAIL_IF_NULL(de);
+ FAIL_IF_NOT(de->type == TYPE_SUPPRESS && de->track == TRACK_DST);
DetectEngineCtxFree(de_ctx);
HostShutdown();
- return result;
+ PASS;
}
/**
projects / thirdparty / suricata.git / commitdiff
