f->tot += patlen;
}
-void EngineAnalysisFP(Signature *s, char *line)
+void EngineAnalysisFP(const DetectEngineCtx *de_ctx, const Signature *s, char *line)
{
int fast_pattern_set = 0;
int fast_pattern_only_set = 0;
if (list_type == DETECT_SM_LIST_PMATCH)
fprintf(fp_engine_analysis_FD, "content\n");
else {
- const char *desc = DetectBufferTypeGetDescriptionById(list_type);
- const char *name = DetectBufferTypeGetNameById(list_type);
+ const char *desc = DetectBufferTypeGetDescriptionById(de_ctx, list_type);
+ const char *name = DetectBufferTypeGetNameById(de_ctx, list_type);
if (desc && name) {
fprintf(fp_engine_analysis_FD, "%s (%s)\n", desc, name);
}
return ret;
}
-static void EngineAnalysisRulesPrintFP(const Signature *s)
+static void EngineAnalysisRulesPrintFP(const DetectEngineCtx *de_ctx, const Signature *s)
{
DetectContentData *fp_cd = NULL;
SigMatch *mpm_sm = s->init_data->mpm_sm;
payload ? (stream ? "payload and reassembled stream" : "payload") : "reassembled stream");
}
else {
- const char *desc = DetectBufferTypeGetDescriptionById(list_type);
- const char *name = DetectBufferTypeGetNameById(list_type);
+ const char *desc = DetectBufferTypeGetDescriptionById(de_ctx, list_type);
+ const char *name = DetectBufferTypeGetNameById(de_ctx, list_type);
if (desc && name) {
fprintf(rule_engine_analysis_FD, "%s (%s)", desc, name);
}
*
* \param s Pointer to the signature.
*/
-void EngineAnalysisRules(const Signature *s, const char *line)
+void EngineAnalysisRules(const DetectEngineCtx *de_ctx,
+ const Signature *s, const char *line)
{
uint32_t rule_bidirectional = 0;
uint32_t rule_pcre = 0;
fprintf(rule_engine_analysis_FD, " Prefilter on: %s.\n",
sigmatch_table[s->init_data->prefilter_sm->type].name);
} else {
- EngineAnalysisRulesPrintFP(s);
+ EngineAnalysisRulesPrintFP(de_ctx, s);
}
/* this is where the warnings start */
int PerCentEncodingSetup (void);
int PerCentEncodingMatch (uint8_t *content, uint8_t content_len);
-void EngineAnalysisFP(Signature *s, char *line);
-void EngineAnalysisRules(const Signature *s, const char *line);
+void EngineAnalysisFP(const DetectEngineCtx *de_ctx,
+ const Signature *s, char *line);
+void EngineAnalysisRules(const DetectEngineCtx *de_ctx,
+ const Signature *s, const char *line);
void EngineAnalysisRulesFailure(char *line, char *file, int lineno);
#endif /* __DETECT_ENGINE_ANALYZER_H__ */
for (int i = 0; i < nlists; i++) {
if (s->init_data->smlists[i] == NULL)
continue;
- if (!(DetectBufferTypeGetNameById(i)))
+ if (!(DetectBufferTypeGetNameById(de_ctx, i)))
continue;
SCReturnInt(0);
* \retval 1 sig is dp only
* \retval 0 sig is not dp only
*/
-static int SignatureIsPDOnly(const Signature *s)
+static int SignatureIsPDOnly(const DetectEngineCtx *de_ctx, const Signature *s)
{
if (s->alproto != ALPROTO_UNKNOWN)
return 0;
for (int i = 0; i < nlists; i++) {
if (s->init_data->smlists[i] == NULL)
continue;
- if (!(DetectBufferTypeGetNameById(i)))
+ if (!(DetectBufferTypeGetNameById(de_ctx, i)))
continue;
SCReturnInt(0);
for (int i = 0; i < nlists; i++) {
if (s->init_data->smlists[i] == NULL)
continue;
- if (!(DetectBufferTypeGetNameById(i)))
+ if (!(DetectBufferTypeGetNameById(de_ctx, i)))
continue;
SCReturnInt(0);
SCLogDebug("Signature %" PRIu32 ", internal id %" PRIu32 ", ptrs %p %p ", tmp_s->id, tmp_s->num, tmp_s, de_ctx->sig_array[tmp_s->num]);
/* see if the sig is dp only */
- if (SignatureIsPDOnly(tmp_s) == 1) {
+ if (SignatureIsPDOnly(de_ctx, tmp_s) == 1) {
tmp_s->flags |= SIG_FLAG_PDONLY;
SCLogDebug("Signature %"PRIu32" is considered \"PD only\"", tmp_s->id);
int x;
for (x = 0; x < nlists; x++) {
if (tmp_s->init_data->smlists[x])
- DetectBufferRunSetupCallback(x, tmp_s);
+ DetectBufferRunSetupCallback(de_ctx, x, tmp_s);
}
de_ctx->sig_cnt++;
Signature *s = de_ctx->sig_list;
for (; s != NULL; s = s->next) {
/* set up inspect engines */
- DetectEngineAppInspectionEngine2Signature(s);
+ DetectEngineAppInspectionEngine2Signature(de_ctx, s);
/* built-ins */
int type;
sig = DetectEngineAppendSig(de_ctx, line);
if (sig != NULL) {
if (rule_engine_analysis_set || fp_engine_analysis_set) {
- RetrieveFPForSig(sig);
+ RetrieveFPForSig(de_ctx, sig);
if (fp_engine_analysis_set) {
- EngineAnalysisFP(sig, line);
+ EngineAnalysisFP(de_ctx, sig, line);
}
if (rule_engine_analysis_set) {
- EngineAnalysisRules(sig, line);
+ EngineAnalysisRules(de_ctx, sig, line);
}
}
SCLogDebug("signature %"PRIu32" loaded", sig->id);
return;
}
-void RetrieveFPForSig(Signature *s)
+void RetrieveFPForSig(const DetectEngineCtx *de_ctx, Signature *s)
{
if (s->init_data->mpm_sm != NULL)
return;
if (s->init_data->smlists[list_id] == NULL)
continue;
- if (!FastPatternSupportEnabledForSigMatchList(list_id))
+ if (!FastPatternSupportEnabledForSigMatchList(de_ctx, list_id))
continue;
for (sm = s->init_data->smlists[list_id]; sm != NULL; sm = sm->next) {
tmp != NULL && priority == tmp->priority;
tmp = tmp->next)
{
+ if (tmp->list_id >= nlists)
+ continue;
if (curr_sm_list[tmp->list_id] == 0)
continue;
final_sm_list[count_final_sm_list++] = tmp->list_id;
if (s->flags & SIG_FLAG_PREFILTER)
continue;
- RetrieveFPForSig(s);
+ RetrieveFPForSig(de_ctx, s);
if (s->init_data->mpm_sm != NULL) {
DetectContentData *cd = (DetectContentData *)s->init_data->mpm_sm->ctx;
struct_total_size += sizeof(DetectFPAndItsId);
int SignatureHasPacketContent(const Signature *);
int SignatureHasStreamContent(const Signature *);
-void RetrieveFPForSig(Signature *s);
+void RetrieveFPForSig(const DetectEngineCtx *de_ctx, Signature *s);
int MpmStoreInit(DetectEngineCtx *);
void MpmStoreFree(DetectEngineCtx *);
DetectBypassRegister();
/* close keyword registration */
- DetectBufferTypeFinalizeRegistration();
+ DetectBufferTypeCloseRegistration();
}
void SigTableRegisterTests(void)
* \note for the file inspect engine, the id DE_STATE_ID_FILE_INSPECT
* is assigned.
*/
-int DetectEngineAppInspectionEngine2Signature(Signature *s)
+int DetectEngineAppInspectionEngine2Signature(DetectEngineCtx *de_ctx, Signature *s)
{
const int nlists = DetectBufferTypeMaxId();
SigMatchData *ptrs[nlists];
exit(EXIT_FAILURE);
}
if (mpm_list == t->sm_list) {
- SCLogDebug("%s is mpm", DetectBufferTypeGetNameById(t->sm_list));
+ SCLogDebug("%s is mpm", DetectBufferTypeGetNameById(de_ctx, t->sm_list));
prepend = true;
head_is_mpm = true;
new_engine->mpm = true;
DetectEngineAppInspectionEngine *iter = s->app_inspect;
while (iter) {
SCLogDebug("%u: engine %s id %u progress %d %s", s->id,
- DetectBufferTypeGetNameById(iter->sm_list), iter->id,
+ DetectBufferTypeGetNameById(de_ctx, iter->sm_list), iter->id,
iter->progress,
iter->sm_list == mpm_list ? "MPM":"");
iter = iter->next;
static DetectEngineTransforms no_transforms = { .transforms = { 0 }, .cnt = 0, };
-typedef struct DetectBufferType_ {
- const char *string;
- const char *description;
- int id;
- int parent_id;
- _Bool mpm;
- _Bool packet; /**< compat to packet matches */
- bool supports_transforms;
- void (*SetupCallback)(Signature *);
- _Bool (*ValidateCallback)(const Signature *, const char **sigerror);
- DetectEngineTransforms transforms;
-} DetectBufferType;
-
-static DetectBufferType **g_buffer_type_map = NULL;
-static uint32_t g_buffer_type_map_elements = 0;
-
int DetectBufferTypeMaxId(void)
{
return g_buffer_type_id;
return exists->id;
}
-const char *DetectBufferTypeGetNameById(const int id)
+const char *DetectBufferTypeGetNameById(const DetectEngineCtx *de_ctx, const int id)
{
- BUG_ON(id < 0 || id >= g_buffer_type_id);
- BUG_ON(g_buffer_type_map == NULL);
+ BUG_ON(id < 0 || (uint32_t)id >= de_ctx->buffer_type_map_elements);
+ BUG_ON(de_ctx->buffer_type_map == NULL);
- if (g_buffer_type_map[id] == NULL)
+ if (de_ctx->buffer_type_map[id] == NULL)
return NULL;
- return g_buffer_type_map[id]->string;
+ return de_ctx->buffer_type_map[id]->string;
}
-static const DetectBufferType *DetectBufferTypeGetById(const int id)
+static const DetectBufferType *DetectBufferTypeGetById(const DetectEngineCtx *de_ctx, const int id)
{
- BUG_ON(id < 0 || id >= g_buffer_type_id);
- BUG_ON(g_buffer_type_map == NULL);
+ BUG_ON(id < 0 || (uint32_t)id >= de_ctx->buffer_type_map_elements);
+ BUG_ON(de_ctx->buffer_type_map == NULL);
- return g_buffer_type_map[id];
+ return de_ctx->buffer_type_map[id];
}
void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc)
exists->description = desc;
}
-const char *DetectBufferTypeGetDescriptionById(const int id)
+const char *DetectBufferTypeGetDescriptionById(const DetectEngineCtx *de_ctx, const int id)
{
- const DetectBufferType *exists = DetectBufferTypeGetById(id);
+ const DetectBufferType *exists = DetectBufferTypeGetById(de_ctx, id);
if (!exists) {
return NULL;
}
return exists->description;
}
-_Bool DetectBufferTypeSupportsPacketGetById(const int id)
+bool DetectBufferTypeSupportsPacketGetById(const DetectEngineCtx *de_ctx, const int id)
{
- const DetectBufferType *map = DetectBufferTypeGetById(id);
+ const DetectBufferType *map = DetectBufferTypeGetById(de_ctx, id);
if (map == NULL)
return FALSE;
SCLogDebug("map %p id %d packet? %d", map, id, map->packet);
return map->packet;
}
-_Bool DetectBufferTypeSupportsMpmGetById(const int id)
+bool DetectBufferTypeSupportsMpmGetById(const DetectEngineCtx *de_ctx, const int id)
{
- const DetectBufferType *map = DetectBufferTypeGetById(id);
+ const DetectBufferType *map = DetectBufferTypeGetById(de_ctx, id);
if (map == NULL)
return FALSE;
SCLogDebug("map %p id %d mpm? %d", map, id, map->mpm);
exists->SetupCallback = SetupCallback;
}
-void DetectBufferRunSetupCallback(const int id, Signature *s)
+void DetectBufferRunSetupCallback(const DetectEngineCtx *de_ctx,
+ const int id, Signature *s)
{
- const DetectBufferType *map = DetectBufferTypeGetById(id);
+ const DetectBufferType *map = DetectBufferTypeGetById(de_ctx, id);
if (map && map->SetupCallback) {
map->SetupCallback(s);
}
exists->ValidateCallback = ValidateCallback;
}
-_Bool DetectBufferRunValidateCallback(const int id, const Signature *s, const char **sigerror)
+bool DetectBufferRunValidateCallback(const DetectEngineCtx *de_ctx,
+ const int id, const Signature *s, const char **sigerror)
{
- const DetectBufferType *map = DetectBufferTypeGetById(id);
+ const DetectBufferType *map = DetectBufferTypeGetById(de_ctx, id);
if (map && map->ValidateCallback) {
return map->ValidateCallback(s, sigerror);
}
return 0;
}
-int DetectBufferGetActiveList(Signature *s)
+int DetectBufferGetActiveList(DetectEngineCtx *de_ctx, Signature *s)
{
BUG_ON(s->init_data == NULL);
if (s->init_data->list && s->init_data->transform_cnt) {
SCLogDebug("buffer %d has transform(s) registered: %d",
s->init_data->list, s->init_data->transforms[0]);
- int new_list = DetectBufferTypeGetByIdTransforms(s->init_data->list,
+ int new_list = DetectBufferTypeGetByIdTransforms(de_ctx, s->init_data->list,
s->init_data->transforms, s->init_data->transform_cnt);
if (new_list == -1) {
return -1;
}
}
-void DetectBufferTypeFinalizeRegistration(void)
+static void DetectBufferTypeSetupDetectEngine(DetectEngineCtx *de_ctx)
{
- BUG_ON(g_buffer_type_hash == NULL);
-
const int size = g_buffer_type_id;
BUG_ON(!(size > 0));
- g_buffer_type_map = SCCalloc(size, sizeof(DetectBufferType *));
- BUG_ON(!g_buffer_type_map);
- g_buffer_type_map_elements = size;
- SCLogDebug("g_buffer_type_map %p with %u members", g_buffer_type_map, size);
+ de_ctx->buffer_type_map = SCCalloc(size, sizeof(DetectBufferType *));
+ BUG_ON(!de_ctx->buffer_type_map);
+ de_ctx->buffer_type_map_elements = size;
+ SCLogDebug("de_ctx->buffer_type_map %p with %u members", de_ctx->buffer_type_map, size);
SCLogDebug("DETECT_SM_LIST_DYNAMIC_START %u", DETECT_SM_LIST_DYNAMIC_START);
HashListTableBucket *b = HashListTableGetListHead(g_buffer_type_hash);
while (b) {
DetectBufferType *map = HashListTableGetListData(b);
- g_buffer_type_map[map->id] = map;
+ de_ctx->buffer_type_map[map->id] = map;
SCLogDebug("name %s id %d mpm %s packet %s -- %s. "
"Callbacks: Setup %p Validate %p", map->string, map->id,
map->mpm ? "true" : "false", map->packet ? "true" : "false",
map->description, map->SetupCallback, map->ValidateCallback);
b = HashListTableGetListNext(b);
}
+}
+static void DetectBufferTypeFreeDetectEngine(DetectEngineCtx *de_ctx)
+{
+ if (de_ctx && de_ctx->buffer_type_map)
+ SCFree(de_ctx->buffer_type_map);
+}
+
+void DetectBufferTypeCloseRegistration(void)
+{
+ BUG_ON(g_buffer_type_hash == NULL);
+
g_buffer_type_reg_closed = 1;
}
-int DetectBufferTypeGetByIdTransforms(const int id, int *transforms, int transform_cnt)
+int DetectBufferTypeGetByIdTransforms(DetectEngineCtx *de_ctx, const int id,
+ int *transforms, int transform_cnt)
{
- const DetectBufferType *base_map = DetectBufferTypeGetById(id);
+ const DetectBufferType *base_map = DetectBufferTypeGetById(de_ctx, id);
if (!base_map) {
return -1;
}
BUG_ON(HashListTableAdd(g_buffer_type_hash, (void *)map, 0) != 0);
SCLogDebug("buffer %s registered with id %d, parent %d", map->string, map->id, map->parent_id);
- if (map->id >= 0 && (uint32_t)map->id >= g_buffer_type_map_elements) {
- void *ptr = SCRealloc(g_buffer_type_map, (map->id + 1) * sizeof(DetectBufferType *));
+ if (map->id >= 0 && (uint32_t)map->id >= de_ctx->buffer_type_map_elements) {
+ void *ptr = SCRealloc(de_ctx->buffer_type_map, (map->id + 1) * sizeof(DetectBufferType *));
BUG_ON(ptr == NULL);
- SCLogDebug("g_buffer_type_map resized to %u (was %u)", (map->id + 1), g_buffer_type_map_elements);
- g_buffer_type_map = ptr;
- g_buffer_type_map[map->id] = map;
- g_buffer_type_map_elements = map->id + 1;
+ SCLogDebug("de_ctx->buffer_type_map resized to %u (was %u)", (map->id + 1), de_ctx->buffer_type_map_elements);
+ de_ctx->buffer_type_map = ptr;
+ de_ctx->buffer_type_map[map->id] = map;
+ de_ctx->buffer_type_map_elements = map->id + 1;
DetectAppLayerInspectEngineCopy(map->parent_id, map->id, &map->transforms);
}
DetectParseDupSigHashInit(de_ctx);
DetectAddressMapInit(de_ctx);
DetectMetadataHashInit(de_ctx);
+ DetectBufferTypeSetupDetectEngine(de_ctx);
/* init iprep... ignore errors for now */
(void)SRepInit(de_ctx);
SCClassConfDeInitContext(de_ctx);
SCRConfDeInitContext(de_ctx);
+ DetectBufferTypeFreeDetectEngine(de_ctx);
SigGroupCleanup(de_ctx);
int DetectBufferTypeRegister(const char *name);
int DetectBufferTypeGetByName(const char *name);
-int DetectBufferTypeGetByIdTransforms(const int id, int *transforms, int transform_cnt);
-const char *DetectBufferTypeGetNameById(const int id);
void DetectBufferTypeSupportsMpm(const char *name);
void DetectBufferTypeSupportsPacket(const char *name);
void DetectBufferTypeSupportsTransformations(const char *name);
-_Bool DetectBufferTypeSupportsMpmGetById(const int id);
-_Bool DetectBufferTypeSupportsPacketGetById(const int id);
int DetectBufferTypeMaxId(void);
-void DetectBufferTypeFinalizeRegistration(void);
+void DetectBufferTypeCloseRegistration(void);
void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc);
-const char *DetectBufferTypeGetDescriptionById(const int id);
const char *DetectBufferTypeGetDescriptionByName(const char *name);
void DetectBufferTypeRegisterSetupCallback(const char *name,
void (*Callback)(Signature *));
-void DetectBufferRunSetupCallback(const int id, Signature *s);
void DetectBufferTypeRegisterValidateCallback(const char *name,
_Bool (*ValidateCallback)(const Signature *, const char **sigerror));
-_Bool DetectBufferRunValidateCallback(const int id, const Signature *s, const char **sigerror);
+
+int DetectBufferTypeGetByIdTransforms(DetectEngineCtx *de_ctx, const int id,
+ int *transforms, int transform_cnt);
+const char *DetectBufferTypeGetNameById(const DetectEngineCtx *de_ctx, const int id);
+bool DetectBufferTypeSupportsMpmGetById(const DetectEngineCtx *de_ctx, const int id);
+bool DetectBufferTypeSupportsPacketGetById(const DetectEngineCtx *de_ctx, const int id);
+const char *DetectBufferTypeGetDescriptionById(const DetectEngineCtx *de_ctx, const int id);
+void DetectBufferRunSetupCallback(const DetectEngineCtx *de_ctx, const int id, Signature *s);
+bool DetectBufferRunValidateCallback(const DetectEngineCtx *de_ctx, const int id, const Signature *s, const char **sigerror);
/* prototypes */
DetectEngineCtx *DetectEngineCtxInitWithPrefix(const char *prefix);
InspectEngineFuncPtr2 Callback2,
InspectionBufferGetDataPtr GetData);
-int DetectEngineAppInspectionEngine2Signature(Signature *s);
+int DetectEngineAppInspectionEngine2Signature(DetectEngineCtx *de_ctx, Signature *s);
void DetectEngineAppInspectionEngineSignatureFree(Signature *s);
void DetectEngineSetParseMetadata(void);
int DetectEngineMustParseMetadata(void);
int DetectBufferSetActiveList(Signature *s, const int list);
-int DetectBufferGetActiveList(Signature *s);
+int DetectBufferGetActiveList(DetectEngineCtx *de_ctx, Signature *s);
#endif /* __DETECT_ENGINE_H__ */
* \retval 1 If supported.
* \retval 0 If not.
*/
-int FastPatternSupportEnabledForSigMatchList(int list_id)
+int FastPatternSupportEnabledForSigMatchList(const DetectEngineCtx *de_ctx,
+ const int list_id)
{
if (sm_fp_support_smlist_list == NULL)
return 0;
if (list_id == DETECT_SM_LIST_PMATCH)
return 1;
- return DetectBufferTypeSupportsMpmGetById(list_id);
+ return DetectBufferTypeSupportsMpmGetById(de_ctx, list_id);
#if 0
SCFPSupportSMList *tmp_smlist_fp = sm_fp_support_smlist_list;
DetectContentData *cd = NULL;
const int nlists = DetectBufferTypeMaxId();
- SigMatch *pm1 = DetectGetLastSMFromMpmLists(s);
+ SigMatch *pm1 = DetectGetLastSMFromMpmLists(de_ctx, s);
SigMatch *pm2 = DetectGetLastSMFromLists(s, DETECT_CONTENT, -1);
if (pm1 == NULL && pm2 == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "fast_pattern found inside "
extern SCFPSupportSMList *sm_fp_support_smlist_list;
void SupportFastPatternForSigMatchList(int list_id, int priority);
-int FastPatternSupportEnabledForSigMatchList(int list_id);
+int FastPatternSupportEnabledForSigMatchList(const DetectEngineCtx *de_ctx,
+ const int list_id);
void SupportFastPatternForSigMatchTypes(void);
* \note only supports the lists that are registered through
* DetectBufferTypeSupportsMpm().
*/
-SigMatch *DetectGetLastSMFromMpmLists(const Signature *s)
+SigMatch *DetectGetLastSMFromMpmLists(const DetectEngineCtx *de_ctx, const Signature *s)
{
SigMatch *sm_last = NULL;
SigMatch *sm_new;
/* if we have a sticky buffer, use that */
if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
- if (!(DetectBufferTypeSupportsMpmGetById(s->init_data->list))) {
+ if (!(DetectBufferTypeSupportsMpmGetById(de_ctx, s->init_data->list))) {
return NULL;
}
/* otherwise brute force it */
const int nlists = DetectBufferTypeMaxId();
for (sm_type = 0; sm_type < nlists; sm_type++) {
- if (!DetectBufferTypeSupportsMpmGetById(sm_type))
+ if (!DetectBufferTypeSupportsMpmGetById(de_ctx, sm_type))
continue;
SigMatch *sm_list = s->init_data->smlists_tail[sm_type];
sm_new = SigMatchGetLastSMByType(sm_list, DETECT_CONTENT);
int x;
for (x = 0; x < nlists; x++) {
if (s->init_data->smlists[x]) {
- if (DetectBufferRunValidateCallback(x, s, &de_ctx->sigerror) == FALSE) {
+ if (DetectBufferRunValidateCallback(de_ctx, x, s, &de_ctx->sigerror) == FALSE) {
SCReturnInt(0);
}
}
for (int i = 0; i < nlists; i++) {
if (s->init_data->smlists[i] == NULL)
continue;
- if (!(DetectBufferTypeGetNameById(i)))
+ if (!(DetectBufferTypeGetNameById(de_ctx, i)))
continue;
- if (!(DetectBufferTypeSupportsPacketGetById(i))) {
+ if (!(DetectBufferTypeSupportsPacketGetById(de_ctx, i))) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Signature combines packet "
"specific matches (like dsize, flags, ttl) with stream / "
"state matching by matching on app layer proto (like using "
int x;
for (x = 0; x < nlists; x++) {
if (sig->init_data->smlists[x])
- DetectBufferRunSetupCallback(x, sig);
+ DetectBufferRunSetupCallback(de_ctx, x, sig);
}
/* validate signature, SigValidate will report the error reason */
const char *DetectListToString(int list);
SigMatch *DetectGetLastSM(const Signature *);
-SigMatch *DetectGetLastSMFromMpmLists(const Signature *s);
+SigMatch *DetectGetLastSMFromMpmLists(const DetectEngineCtx *de_ctx, const Signature *s);
SigMatch *DetectGetLastSMFromLists(const Signature *s, ...);
SigMatch *DetectGetLastSMByListPtr(const Signature *s, SigMatch *sm_list, ...);
SigMatch *DetectGetLastSMByListId(const Signature *s, int list_id, ...);
struct DetectEngineAppInspectionEngine_ *next;
} DetectEngineAppInspectionEngine;
+typedef struct DetectBufferType_ {
+ const char *string;
+ const char *description;
+ int id;
+ int parent_id;
+ _Bool mpm;
+ _Bool packet; /**< compat to packet matches */
+ bool supports_transforms;
+ void (*SetupCallback)(struct Signature_ *);
+ bool (*ValidateCallback)(const struct Signature_ *, const char **sigerror);
+ DetectEngineTransforms transforms;
+} DetectBufferType;
+
#ifdef UNITTESTS
#define sm_lists init_data->smlists
#define sm_lists_tail init_data->smlists_tail
/** table to store metadata keys and values */
HashTable *metadata_table;
+ DetectBufferType **buffer_type_map;
+ uint32_t buffer_type_map_elements;
+
/** table with mpms and their registration function
* \todo we only need this at init, so perhaps this
* can move to a DetectEngineCtx 'init' struct */
if (i < DETECT_SM_LIST_DYNAMIC_START) {
name = DetectSigmatchListEnumToString(i);
} else {
- name = DetectBufferTypeGetNameById(i);
+ name = DetectBufferTypeGetNameById(de_ctx, i);
}
DoDump(de_ctx->profile_keyword_ctx_per_list[i], fp, name);
projects / thirdparty / suricata.git / commitdiff
