detect/inspect engines: copy to detect engine ctx

author Victor Julien <victor@inliniac.net>

Mon, 30 Oct 2017 18:42:35 +0000 (19:42 +0100)

committer Victor Julien <victor@inliniac.net>

Wed, 14 Feb 2018 13:25:46 +0000 (14:25 +0100)
author Victor Julien <victor@inliniac.net>
Mon, 30 Oct 2017 18:42:35 +0000 (19:42 +0100)
committer Victor Julien <victor@inliniac.net>
Wed, 14 Feb 2018 13:25:46 +0000 (14:25 +0100)
diff --git a/src/detect-engine.c b/src/detect-engine.c

index de3b0f15cc5f062420e2a2d020776c03295e1a61..2a9a0d3fe697afbf380c0239d17c2ffccc4945d4 100644 (file)
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@@ -237,11 +237,13 @@ void DetectAppLayerInspectEngineRegister2(const char *name,
      }
  }
  
-/* copy an inspect engine to a new list id. */
-static void DetectAppLayerInspectEngineCopy(int sm_list, int new_list,
+/* copy an inspect engine with transforms to a new list id. */
+static void DetectAppLayerInspectEngineCopy(
+        DetectEngineCtx *de_ctx,
+        int sm_list, int new_list,
          const DetectEngineTransforms *transforms)
  {
-    DetectEngineAppInspectionEngine *t = g_app_inspect_engines;
+    const DetectEngineAppInspectionEngine *t = g_app_inspect_engines;
      while (t) {
          if (t->sm_list == sm_list) {
              DetectEngineAppInspectionEngine *new_engine = SCCalloc(1, sizeof(DetectEngineAppInspectionEngine));
@@ -250,15 +252,54 @@ static void DetectAppLayerInspectEngineCopy(int sm_list, int new_list,
              }
              new_engine->alproto = t->alproto;
              new_engine->dir = t->dir;
-            new_engine->sm_list = new_list;
+            new_engine->sm_list = new_list;         /* use new list id */
              new_engine->progress = t->progress;
              new_engine->Callback = t->Callback;
              new_engine->v2 = t->v2;
-            new_engine->v2.transforms = transforms;
-            new_engine->next = t->next;
-            t->next = new_engine;
-            t = new_engine;
+            new_engine->v2.transforms = transforms; /* assign transforms */
+
+            if (de_ctx->app_inspect_engines == NULL) {
+                de_ctx->app_inspect_engines = new_engine;
+            } else {
+                DetectEngineAppInspectionEngine *list = de_ctx->app_inspect_engines;
+                while (list->next != NULL) {
+                    list = list->next;
+                }
+
+                list->next = new_engine;
+            }
+        }
+        t = t->next;
+    }
+}
+
+/* copy inspect engines from global registrations to de_ctx list */
+static void DetectAppLayerInspectEngineCopyListToDetectCtx(DetectEngineCtx *de_ctx)
+{
+    const DetectEngineAppInspectionEngine *t = g_app_inspect_engines;
+    while (t) {
+        DetectEngineAppInspectionEngine *new_engine = SCCalloc(1, sizeof(DetectEngineAppInspectionEngine));
+        if (unlikely(new_engine == NULL)) {
+            exit(EXIT_FAILURE);
+        }
+        new_engine->alproto = t->alproto;
+        new_engine->dir = t->dir;
+        new_engine->sm_list = t->sm_list;
+        new_engine->progress = t->progress;
+        new_engine->Callback = t->Callback;
+        new_engine->v2 = t->v2;
+
+        if (de_ctx->app_inspect_engines == NULL) {
+            de_ctx->app_inspect_engines = new_engine;
+        } else {
+            DetectEngineAppInspectionEngine *list = de_ctx->app_inspect_engines;
+            while (list->next != NULL) {
+                list = list->next;
+            }
+
+            list->next = new_engine;
          }
+
          t = t->next;
      }
  }
@@ -338,7 +379,7 @@ int DetectEngineAppInspectionEngine2Signature(DetectEngineCtx *de_ctx, Signature
  
      bool head_is_mpm = false;
      uint32_t last_id = DE_STATE_FLAG_BASE;
-    DetectEngineAppInspectionEngine *t = g_app_inspect_engines;
+    const DetectEngineAppInspectionEngine *t = de_ctx->app_inspect_engines;
      while (t != NULL) {
          bool prepend = false;
  
@@ -446,7 +487,7 @@ next:
      }
  
  #ifdef DEBUG
-    DetectEngineAppInspectionEngine *iter = s->app_inspect;
+    const DetectEngineAppInspectionEngine *iter = s->app_inspect;
      while (iter) {
          SCLogDebug("%u: engine %s id %u progress %d %s", s->id,
                  DetectBufferTypeGetNameById(de_ctx, iter->sm_list), iter->id,
@@ -898,6 +939,8 @@ static void DetectBufferTypeSetupDetectEngine(DetectEngineCtx *de_ctx)
          BUG_ON(1);
      }
      de_ctx->buffer_type_id = g_buffer_type_id;
+
+    DetectAppLayerInspectEngineCopyListToDetectCtx(de_ctx);
  }
  
  static void DetectBufferTypeFreeDetectEngine(DetectEngineCtx *de_ctx)
@@ -969,7 +1012,8 @@ int DetectBufferTypeGetByIdTransforms(DetectEngineCtx *de_ctx, const int id,
          de_ctx->buffer_type_map[map->id] = map;
          de_ctx->buffer_type_map_elements = map->id + 1;
  
-        DetectAppLayerInspectEngineCopy(map->parent_id, map->id, &map->transforms);
+        DetectAppLayerInspectEngineCopy(de_ctx, map->parent_id, map->id,
+                &map->transforms);
      }
      return map->id;
  }
diff --git a/src/detect.h b/src/detect.h

index b6548955fd42e78583945def634d7a8b73da78c9..457d7109853d787a242ec40406f7bb7241c33b3b 100644 (file)
--- a/src/detect.h
+++ b/src/detect.h
@@ -858,6 +858,10 @@ typedef struct DetectEngineCtx_ {
      HashListTable *buffer_type_hash;
      int buffer_type_id;
  
+    /* list with app inspect engines. Both the start-time registered ones and
+     * the rule-time registered ones. */
+    DetectEngineAppInspectionEngine *app_inspect_engines;
+
      /** table with mpms and their registration function
       *  \todo we only need this at init, so perhaps this
       *        can move to a DetectEngineCtx 'init' struct */
author	Victor Julien <victor@inliniac.net>
	Mon, 30 Oct 2017 18:42:35 +0000 (19:42 +0100)
committer	Victor Julien <victor@inliniac.net>
	Wed, 14 Feb 2018 13:25:46 +0000 (14:25 +0100)
src/detect-engine.c		patch \| blob \| blame \| history
src/detect.h		patch \| blob \| blame \| history