static void DetectAppLayerEventFree(void *);
static int DetectEngineAptEventInspect(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate,
void *tx, uint64_t tx_id);
static int DetectEngineAptEventInspect(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate,
void *tx, uint64_t tx_id)
{
if (decoder_events == NULL)
goto end;
- for ( ; sm != NULL; sm = sm->next) {
- aled = (DetectAppLayerEventData *)sm->ctx;
+ while (1) {
+ aled = (DetectAppLayerEventData *)smd->ctx;
KEYWORD_PROFILING_START;
+
if (AppLayerDecoderEventsIsEventSet(decoder_events, aled->event_id)) {
- KEYWORD_PROFILING_END(det_ctx, sm->type, 1);
+ KEYWORD_PROFILING_END(det_ctx, smd->type, 1);
+
+ if (smd->is_last)
+ break;
+ smd++;
continue;
}
- KEYWORD_PROFILING_END(det_ctx, sm->type, 0);
+ KEYWORD_PROFILING_END(det_ctx, smd->type, 0);
goto end;
}
{
if (det_ctx->base64_decoded_len) {
return DetectEngineContentInspection(de_ctx, det_ctx, s,
- s->sm_lists[DETECT_SM_LIST_BASE64_DATA], f, det_ctx->base64_decoded,
+ s->sm_arrays[DETECT_SM_LIST_BASE64_DATA], f, det_ctx->base64_decoded,
det_ctx->base64_decoded_len, 0,
DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL);
}
}
int DetectBase64DecodeDoMatch(DetectEngineThreadCtx *det_ctx, const Signature *s,
- const SigMatch *sm, uint8_t *payload, uint32_t payload_len)
+ const SigMatchData *smd, uint8_t *payload, uint32_t payload_len)
{
- DetectBase64Decode *data = (DetectBase64Decode *)sm->ctx;
+ DetectBase64Decode *data = (DetectBase64Decode *)smd->ctx;
int decode_len;
#if 0
} DetectBase64Decode;
void DetectBase64DecodeRegister(void);
-int DetectBase64DecodeDoMatch(DetectEngineThreadCtx *,
- const Signature *, const SigMatch *, uint8_t *, uint32_t);
+int DetectBase64DecodeDoMatch(DetectEngineThreadCtx *, const Signature *,
+ const SigMatchData *, uint8_t *, uint32_t);
#endif /* __DETECT_BASE64_DECODE_H__ */
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
-int DetectByteExtractDoMatch(DetectEngineThreadCtx *det_ctx, const SigMatch *sm,
+int DetectByteExtractDoMatch(DetectEngineThreadCtx *det_ctx, const SigMatchData *smd,
const Signature *s, uint8_t *payload,
uint16_t payload_len, uint64_t *value,
uint8_t endian)
{
- DetectByteExtractData *data = (DetectByteExtractData *)sm->ctx;
+ DetectByteExtractData *data = (DetectByteExtractData *)smd->ctx;
uint8_t *ptr = NULL;
int32_t len = 0;
uint64_t val = 0;
void DetectByteExtractRegister(void);
SigMatch *DetectByteExtractRetrieveSMVar(const char *, const Signature *);
-int DetectByteExtractDoMatch(DetectEngineThreadCtx *, const SigMatch *, const Signature *,
+int DetectByteExtractDoMatch(DetectEngineThreadCtx *, const SigMatchData *, const Signature *,
uint8_t *, uint16_t, uint64_t *, uint8_t);
#endif /* __DETECT_BYTEEXTRACT_H__ */
}
static int DetectEngineInspectDNP3Data(ThreadVars *tv, DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatch *sm,
+ DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
SCEnter();
/* Content match - should probably be put into its own file. */
if (flags & STREAM_TOSERVER && tx->request_buffer != NULL) {
r = DetectEngineContentInspection(de_ctx, det_ctx, s,
- s->sm_lists[DETECT_SM_LIST_DNP3_DATA_MATCH], f, tx->request_buffer,
+ s->sm_arrays[DETECT_SM_LIST_DNP3_DATA_MATCH], f, tx->request_buffer,
tx->request_buffer_len, 0, 0, NULL);
}
else if (flags & STREAM_TOCLIENT && tx->response_buffer != NULL) {
r = DetectEngineContentInspection(de_ctx, det_ctx, s,
- s->sm_lists[DETECT_SM_LIST_DNP3_DATA_MATCH], f, tx->response_buffer,
+ s->sm_arrays[DETECT_SM_LIST_DNP3_DATA_MATCH], f, tx->response_buffer,
tx->response_buffer_len, 0, 0, NULL);
}
}
static int DetectEngineInspectDNP3(ThreadVars *tv, DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatch *sm,
+ DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(tv, de_ctx, det_ctx, s, f, flags,
* \retval 1 match
*/
int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f,
uint8_t *buffer, uint32_t buffer_len,
uint32_t stream_start_offset,
if (det_ctx->inspection_recursion_counter == de_ctx->inspection_recursion_limit) {
det_ctx->discontinue_matching = 1;
- KEYWORD_PROFILING_END(det_ctx, sm->type, 0);
+ KEYWORD_PROFILING_END(det_ctx, smd->type, 0);
SCReturnInt(0);
}
- if (sm == NULL || buffer_len == 0) {
- KEYWORD_PROFILING_END(det_ctx, sm->type, 0);
+ if (smd == NULL || buffer_len == 0) {
+ KEYWORD_PROFILING_END(det_ctx, smd->type, 0);
SCReturnInt(0);
}
/* \todo unify this which is phase 2 of payload inspection unification */
- if (sm->type == DETECT_CONTENT) {
+ if (smd->type == DETECT_CONTENT) {
- DetectContentData *cd = (DetectContentData *)sm->ctx;
+ DetectContentData *cd = (DetectContentData *)smd->ctx;
SCLogDebug("inspecting content %"PRIu32" buffer_len %"PRIu32, cd->id, buffer_len);
/* we might have already have this content matched by the mpm.
/* bail out if we have no next match. Technically this is an
* error, as the current cd has the DETECT_CONTENT_RELATIVE_NEXT
* flag set. */
- if (sm->next == NULL) {
+ if (smd->is_last) {
goto no_match;
}
SCLogDebug("content %"PRIu32, cd->id);
- KEYWORD_PROFILING_END(det_ctx, sm->type, 1);
+ KEYWORD_PROFILING_END(det_ctx, smd->type, 1);
/* see if the next buffer keywords match. If not, we will
* search for another occurence of this content and see
* if the others match then until we run out of matches */
- int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm->next, f, buffer, buffer_len, stream_start_offset, inspection_mode, data);
+ int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd+1,
+ f, buffer, buffer_len, stream_start_offset, inspection_mode, data);
if (r == 1) {
SCReturnInt(1);
}
} while(1);
- } else if (sm->type == DETECT_ISDATAAT) {
+ } else if (smd->type == DETECT_ISDATAAT) {
SCLogDebug("inspecting isdataat");
- DetectIsdataatData *id = (DetectIsdataatData *)sm->ctx;
+ DetectIsdataatData *id = (DetectIsdataatData *)smd->ctx;
if (id->flags & ISDATAAT_RELATIVE) {
if (det_ctx->buffer_offset + id->dataat > buffer_len) {
SCLogDebug("det_ctx->buffer_offset + id->dataat %"PRIu32" > %"PRIu32, det_ctx->buffer_offset + id->dataat, buffer_len);
}
}
- } else if (sm->type == DETECT_PCRE) {
+ } else if (smd->type == DETECT_PCRE) {
SCLogDebug("inspecting pcre");
- DetectPcreData *pe = (DetectPcreData *)sm->ctx;
+ DetectPcreData *pe = (DetectPcreData *)smd->ctx;
uint32_t prev_buffer_offset = det_ctx->buffer_offset;
uint32_t prev_offset = 0;
int r = 0;
Packet *p = NULL;
if (inspection_mode == DETECT_ENGINE_CONTENT_INSPECTION_MODE_PAYLOAD)
p = (Packet *)data;
- r = DetectPcrePayloadMatch(det_ctx, s, sm, p, f,
+ r = DetectPcrePayloadMatch(det_ctx, s, smd, p, f,
buffer, buffer_len);
if (r == 0) {
goto no_match;
SCLogDebug("no relative match coming up, so this is a match");
goto match;
}
- KEYWORD_PROFILING_END(det_ctx, sm->type, 1);
+ KEYWORD_PROFILING_END(det_ctx, smd->type, 1);
/* save it, in case we need to do a pcre match once again */
prev_offset = det_ctx->pcre_match_start_offset;
/* see if the next payload keywords match. If not, we will
* search for another occurence of this pcre and see
* if the others match, until we run out of matches */
- r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm->next,
- f, buffer, buffer_len, stream_start_offset, inspection_mode, data);
+ r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd+1,
+ f, buffer, buffer_len, stream_start_offset, inspection_mode, data);
if (r == 1) {
SCReturnInt(1);
}
det_ctx->pcre_match_start_offset = prev_offset;
} while (1);
- } else if (sm->type == DETECT_BYTETEST) {
- DetectBytetestData *btd = (DetectBytetestData *)sm->ctx;
+ } else if (smd->type == DETECT_BYTETEST) {
+ DetectBytetestData *btd = (DetectBytetestData *)smd->ctx;
uint8_t flags = btd->flags;
int32_t offset = btd->offset;
uint64_t value = btd->value;
DETECT_BYTETEST_LITTLE: 0);
}
- if (DetectBytetestDoMatch(det_ctx, s, sm->ctx, buffer, buffer_len, flags,
+ if (DetectBytetestDoMatch(det_ctx, s, smd->ctx, buffer, buffer_len, flags,
offset, value) != 1) {
goto no_match;
}
goto match;
- } else if (sm->type == DETECT_BYTEJUMP) {
- DetectBytejumpData *bjd = (DetectBytejumpData *)sm->ctx;
+ } else if (smd->type == DETECT_BYTEJUMP) {
+ DetectBytejumpData *bjd = (DetectBytejumpData *)smd->ctx;
uint8_t flags = bjd->flags;
int32_t offset = bjd->offset;
DETECT_BYTEJUMP_LITTLE: 0);
}
- if (DetectBytejumpDoMatch(det_ctx, s, sm->ctx, buffer, buffer_len,
+ if (DetectBytejumpDoMatch(det_ctx, s, smd->ctx, buffer, buffer_len,
flags, offset) != 1) {
goto no_match;
}
goto match;
- } else if (sm->type == DETECT_BYTE_EXTRACT) {
+ } else if (smd->type == DETECT_BYTE_EXTRACT) {
- DetectByteExtractData *bed = (DetectByteExtractData *)sm->ctx;
+ DetectByteExtractData *bed = (DetectByteExtractData *)smd->ctx;
uint8_t endian = bed->endian;
/* if we have dce enabled we will have to use the endianness
DETECT_BYTE_EXTRACT_ENDIAN_LITTLE : DETECT_BYTE_EXTRACT_ENDIAN_BIG);
}
- if (DetectByteExtractDoMatch(det_ctx, sm, s, buffer,
+ if (DetectByteExtractDoMatch(det_ctx, smd, s, buffer,
buffer_len,
&det_ctx->bj_values[bed->local_id],
endian) != 1) {
goto match;
/* we should never get here, but bail out just in case */
- } else if (sm->type == DETECT_AL_URILEN) {
+ } else if (smd->type == DETECT_AL_URILEN) {
SCLogDebug("inspecting uri len");
int r = 0;
- DetectUrilenData *urilend = (DetectUrilenData *) sm->ctx;
+ DetectUrilenData *urilend = (DetectUrilenData *) smd->ctx;
switch (urilend->mode) {
case DETECT_URILEN_EQ:
goto no_match;
#ifdef HAVE_LUA
}
- else if (sm->type == DETECT_LUA) {
+ else if (smd->type == DETECT_LUA) {
SCLogDebug("lua starting");
- if (DetectLuaMatchBuffer(det_ctx, s, sm, buffer, buffer_len,
+ if (DetectLuaMatchBuffer(det_ctx, s, smd, buffer, buffer_len,
det_ctx->buffer_offset, f) != 1)
{
SCLogDebug("lua no_match");
SCLogDebug("lua match");
goto match;
#endif /* HAVE_LUA */
- } else if (sm->type == DETECT_BASE64_DECODE) {
- if (DetectBase64DecodeDoMatch(det_ctx, s, sm, buffer, buffer_len)) {
+ } else if (smd->type == DETECT_BASE64_DECODE) {
+ if (DetectBase64DecodeDoMatch(det_ctx, s, smd, buffer, buffer_len)) {
if (s->sm_arrays[DETECT_SM_LIST_BASE64_DATA] != NULL) {
- KEYWORD_PROFILING_END(det_ctx, sm->type, 1);
+ KEYWORD_PROFILING_END(det_ctx, smd->type, 1);
if (DetectBase64DataDoMatch(de_ctx, det_ctx, s, f)) {
/* Base64 is a terminal list. */
goto final_match;
}
}
} else {
- SCLogDebug("sm->type %u", sm->type);
+ SCLogDebug("sm->type %u", smd->type);
#ifdef DEBUG
BUG_ON(1);
#endif
}
no_match:
- KEYWORD_PROFILING_END(det_ctx, sm->type, 0);
+ KEYWORD_PROFILING_END(det_ctx, smd->type, 0);
SCReturnInt(0);
match:
/* this sigmatch matched, inspect the next one. If it was the last,
* the buffer portion of the signature matched. */
- if (sm->next != NULL) {
- KEYWORD_PROFILING_END(det_ctx, sm->type, 1);
- int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm->next, f, buffer, buffer_len, stream_start_offset, inspection_mode, data);
+ if (!smd->is_last) {
+ KEYWORD_PROFILING_END(det_ctx, smd->type, 1);
+ int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd+1,
+ f, buffer, buffer_len, stream_start_offset, inspection_mode, data);
SCReturnInt(r);
}
final_match:
- KEYWORD_PROFILING_END(det_ctx, sm->type, 1);
+ KEYWORD_PROFILING_END(det_ctx, smd->type, 1);
SCReturnInt(1);
}
};
int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f,
uint8_t *buffer, uint32_t buffer_len,
uint32_t stream_start_offset,
det_ctx->discontinue_matching = 0;
det_ctx->inspection_recursion_counter = 0;
- r = DetectEngineContentInspection(de_ctx, det_ctx, s, s->sm_lists[DETECT_SM_LIST_DMATCH],
+ r = DetectEngineContentInspection(de_ctx, det_ctx, s, s->sm_arrays[DETECT_SM_LIST_DMATCH],
f,
dce_stub_data,
dce_stub_data_len,
det_ctx->discontinue_matching = 0;
det_ctx->inspection_recursion_counter = 0;
- r = DetectEngineContentInspection(de_ctx, det_ctx, s, s->sm_lists[DETECT_SM_LIST_DMATCH],
+ r = DetectEngineContentInspection(de_ctx, det_ctx, s, s->sm_arrays[DETECT_SM_LIST_DMATCH],
f,
dce_stub_data,
dce_stub_data_len,
*/
int DetectEngineInspectDnsQueryName(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate,
void *txv, uint64_t tx_id)
{
//PrintRawDataFp(stdout, buffer, buffer_len);
r = DetectEngineContentInspection(de_ctx, det_ctx,
- s, sm,
+ s, smd,
f, buffer, buffer_len, 0,
DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL);
if (r == 1)
int DetectEngineInspectDnsQueryName(ThreadVars *,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *,
- const Signature *, const SigMatch *sm,
+ const Signature *, const SigMatchData *smd,
Flow *, uint8_t, void *, void *, uint64_t);
int DetectEngineInspectDnsRequest(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
int DetectEngineInspectDnsResponse(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
#endif /* __DETECT_ENGINE_DNS_H__ */
*/
int DetectEngineInspectCIP(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm, Flow *f, uint8_t flags,
+ const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags,
void *alstate, void *txv, uint64_t tx_id)
{
SCEnter();
ENIPTransaction *tx = (ENIPTransaction *) txv;
- DetectCipServiceData *cipserviced = (DetectCipServiceData *) sm->ctx;
+ DetectCipServiceData *cipserviced = (DetectCipServiceData *) smd->ctx;
if (cipserviced == NULL)
{
int DetectEngineInspectENIP(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
SCEnter();
ENIPTransaction *tx = (ENIPTransaction *) txv;
- DetectEnipCommandData *enipcmdd = (DetectEnipCommandData *) sm->ctx;
+ DetectEnipCommandData *enipcmdd = (DetectEnipCommandData *) smd->ctx;
if (enipcmdd == NULL)
{
int DetectEngineInspectCIP(ThreadVars *,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *,
- const Signature *, const SigMatch *sm,
+ const Signature *, const SigMatchData *smd,
Flow *, uint8_t, void *, void *, uint64_t);
int DetectEngineInspectENIP(ThreadVars *,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *,
- const Signature *, const SigMatch *sm,
+ const Signature *, const SigMatchData *smd,
Flow *, uint8_t, void *, void *, uint64_t);
void DetectEngineInspectENIPRegisterTests(void);
* \note flow is not locked at this time
*/
static int DetectFileInspect(ThreadVars *tv, DetectEngineThreadCtx *det_ctx,
- Flow *f, Signature *s, const SigMatch *smi, uint8_t flags, FileContainer *ffc)
+ Flow *f, Signature *s, const SigMatchData *smd,
+ uint8_t flags, FileContainer *ffc)
{
- const SigMatch *sm = NULL;
int r = 0;
int match = 0;
int store_r = 0;
}
/* run the file match functions. */
- for (sm = smi; sm != NULL; sm = sm->next) {
- SCLogDebug("sm %p, sm->next %p", sm, sm->next);
+ while (1) {
+ SCLogDebug("smd %p", smd);
- if (sigmatch_table[sm->type].FileMatch != NULL) {
+ if (sigmatch_table[smd->type].FileMatch != NULL) {
KEYWORD_PROFILING_START;
- match = sigmatch_table[sm->type].
- FileMatch(tv, det_ctx, f, flags, file, s, sm);
- KEYWORD_PROFILING_END(det_ctx, sm->type, (match > 0));
+ match = sigmatch_table[smd->type].
+ FileMatch(tv, det_ctx, f, flags, file, s, smd);
+ KEYWORD_PROFILING_END(det_ctx, smd->type, (match > 0));
if (match == 0) {
r = DETECT_ENGINE_INSPECT_SIG_CANT_MATCH;
break;
- } else if (sm->next == NULL) {
+ } else if (smd->is_last) {
r = DETECT_ENGINE_INSPECT_SIG_MATCH;
break;
}
}
+ if (smd->is_last)
+ break;
+ smd++;
}
/* continue inspection for other files as we may want to store
} else {
/* if we have a filestore sm with a scope > file (so tx, ssn) we
* run it here */
- sm = smi;
- if (sm != NULL && sm->next == NULL && sm->type == DETECT_FILESTORE &&
- sm->ctx != NULL)
+ if (smd != NULL && smd->is_last && smd->type == DETECT_FILESTORE &&
+ smd->ctx != NULL)
{
- DetectFilestoreData *fd = (DetectFilestoreData *)sm->ctx;
+ DetectFilestoreData *fd = (DetectFilestoreData *)smd->ctx;
if (fd->scope > FILESTORE_SCOPE_DEFAULT) {
KEYWORD_PROFILING_START;
- match = sigmatch_table[sm->type].
- FileMatch(tv, det_ctx, f, flags, /* no file */NULL, s, sm);
- KEYWORD_PROFILING_END(det_ctx, sm->type, (match > 0));
+ match = sigmatch_table[smd->type].
+ FileMatch(tv, det_ctx, f, flags, /* no file */NULL, s, smd);
+ KEYWORD_PROFILING_END(det_ctx, smd->type, (match > 0));
if (match == 1) {
r = DETECT_ENGINE_INSPECT_SIG_MATCH;
*/
int DetectFileInspectHttp(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- Signature *s, const SigMatch *sm,
+ Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id)
{
int r = DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
else
ffc = htp_state->files_ts;
- int match = DetectFileInspect(tv, det_ctx, f, s, sm, flags, ffc);
+ int match = DetectFileInspect(tv, det_ctx, f, s, smd, flags, ffc);
if (match == DETECT_ENGINE_INSPECT_SIG_MATCH) {
r = DETECT_ENGINE_INSPECT_SIG_MATCH;
} else if (match == DETECT_ENGINE_INSPECT_SIG_CANT_MATCH) {
*/
int DetectFileInspectSmtp(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- Signature *s, const SigMatch *sm,
+ Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id)
{
SCEnter();
else
goto end;
- int match = DetectFileInspect(tv, det_ctx, f, s, sm, flags, ffc);
+ int match = DetectFileInspect(tv, det_ctx, f, s, smd, flags, ffc);
if (match == DETECT_ENGINE_INSPECT_SIG_MATCH) {
r = DETECT_ENGINE_INSPECT_SIG_MATCH;
} else if (match == DETECT_ENGINE_INSPECT_SIG_CANT_MATCH) {
int DetectFileInspectHttp(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
int DetectFileInspectSmtp(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
#endif /* __DETECT_ENGINE_FILE_H__ */
int DetectEngineInspectSMTPFiledata(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- Signature *s, const SigMatch *sm,
+ Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id)
{
SMTPState *smtp_state = (SMTPState *)alstate;
det_ctx->buffer_offset = 0;
det_ctx->discontinue_matching = 0;
det_ctx->inspection_recursion_counter = 0;
- match = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
+ match = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f,
(uint8_t *)buffer,
buffer_len,
int DetectEngineInspectSMTPFiledata(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
void DetectEngineCleanSMTPBuffers(DetectEngineThreadCtx *det_ctx);
int DetectEngineInspectHttpClientBody(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- Signature *s, const SigMatch *sm,
+ Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id)
{
HtpState *htp_state = (HtpState *)alstate;
det_ctx->buffer_offset = 0;
det_ctx->discontinue_matching = 0;
det_ctx->inspection_recursion_counter = 0;
- int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
+ int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f,
(uint8_t *)buffer,
buffer_len,
int DetectEngineInspectHttpClientBody(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
void DetectEngineCleanHCBDBuffers(DetectEngineThreadCtx *);
*/
int DetectEngineInspectHttpCookie(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
htp_tx_t *tx = (htp_tx_t *)txv;
det_ctx->buffer_offset = 0;
det_ctx->discontinue_matching = 0;
det_ctx->inspection_recursion_counter = 0;
- int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
+ int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f,
(uint8_t *)bstr_ptr(h->value),
bstr_len(h->value),
int DetectEngineInspectHttpCookie(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
void DetectEngineHttpCookieRegisterTests(void);
int DetectEngineInspectHttpHeader(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id)
{
HtpState *htp_state = (HtpState *)alstate;
det_ctx->buffer_offset = 0;
det_ctx->discontinue_matching = 0;
det_ctx->inspection_recursion_counter = 0;
- int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
+ int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f,
buffer,
buffer_len,
int DetectEngineInspectHttpHeader(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
void DetectEngineCleanHHDBuffers(DetectEngineThreadCtx *det_ctx);
*/
int DetectEngineInspectHttpHH(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
htp_tx_t *tx = (htp_tx_t *)txv;
det_ctx->buffer_offset = 0;
det_ctx->discontinue_matching = 0;
det_ctx->inspection_recursion_counter = 0;
- int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
+ int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f,
hname, hname_len,
0,
int DetectEngineInspectHttpHH(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
void DetectEngineHttpHHRegisterTests(void);
*/
int DetectEngineInspectHttpMethod(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
htp_tx_t *tx = (htp_tx_t *)txv;
det_ctx->buffer_offset = 0;
det_ctx->discontinue_matching = 0;
det_ctx->inspection_recursion_counter = 0;
- int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
+ int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f,
(uint8_t *)bstr_ptr(tx->request_method),
bstr_len(tx->request_method),
int DetectEngineInspectHttpMethod(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
int PrefilterTxMethodRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
*/
int DetectEngineInspectHttpRawHeader(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
HtpTxUserData *tx_ud = NULL;
det_ctx->buffer_offset = 0;
det_ctx->discontinue_matching = 0;
det_ctx->inspection_recursion_counter = 0;
- int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
+ int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f,
headers_raw,
headers_raw_len,
int DetectEngineInspectHttpRawHeader(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
void DetectEngineHttpRawHeaderRegisterTests(void);
*/
int DetectEngineInspectHttpHRH(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
uint8_t *hname;
det_ctx->buffer_offset = 0;
det_ctx->discontinue_matching = 0;
det_ctx->inspection_recursion_counter = 0;
- int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
+ int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f,
hname, hname_len,
0,
int DetectEngineInspectHttpHRH(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
void DetectEngineHttpHRHRegisterTests(void);
*/
int DetectEngineInspectHttpRawUri(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
htp_tx_t *tx = (htp_tx_t *)txv;
det_ctx->inspection_recursion_counter = 0;
/* Inspect all the uricontents fetched on each
* transaction at the app layer */
- int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
+ int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f,
(uint8_t *)bstr_ptr(tx->request_uri),
bstr_len(tx->request_uri),
int DetectEngineInspectHttpRawUri(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
void DetectEngineHttpRawUriRegisterTests(void);
int DetectEngineInspectHttpServerBody(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- Signature *s, const SigMatch *sm,
+ Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id)
{
HtpState *htp_state = (HtpState *)alstate;
det_ctx->buffer_offset = 0;
det_ctx->discontinue_matching = 0;
det_ctx->inspection_recursion_counter = 0;
- int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
+ int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f,
(uint8_t *)buffer,
buffer_len,
int DetectEngineInspectHttpServerBody(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate,
void *tx, uint64_t tx_id);
*/
int DetectEngineInspectHttpStatCode(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
htp_tx_t *tx = (htp_tx_t *)txv;
det_ctx->discontinue_matching = 0;
det_ctx->buffer_offset = 0;
det_ctx->inspection_recursion_counter = 0;
- int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
+ int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f,
(uint8_t *)bstr_ptr(tx->response_status),
bstr_len(tx->response_status),
int DetectEngineInspectHttpStatCode(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
void DetectEngineHttpStatCodeRegisterTests(void);
*/
int DetectEngineInspectHttpStatMsg(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
htp_tx_t *tx = (htp_tx_t *)txv;
det_ctx->discontinue_matching = 0;
det_ctx->buffer_offset = 0;
det_ctx->inspection_recursion_counter = 0;
- int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
+ int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f,
(uint8_t *)bstr_ptr(tx->response_message),
bstr_len(tx->response_message),
int DetectEngineInspectHttpStatMsg(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
void DetectEngineHttpStatMsgRegisterTests(void);
*/
int DetectEngineInspectHttpUA(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
htp_tx_t *tx = (htp_tx_t *)txv;
det_ctx->buffer_offset = 0;
det_ctx->discontinue_matching = 0;
det_ctx->inspection_recursion_counter = 0;
- int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
+ int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f,
(uint8_t *)bstr_ptr(h->value),
bstr_len(h->value),
int DetectEngineInspectHttpUA(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
void DetectEngineHttpUARegisterTests(void);
DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx,
const Signature *s,
- const SigMatch *sm,
+ const SigMatchData *smd,
Flow *f,
uint8_t flags,
void *alstate,
{
SCEnter();
ModbusTransaction *tx = (ModbusTransaction *)txv;
- DetectModbus *modbus = (DetectModbus *) sm->ctx;
+ DetectModbus *modbus = (DetectModbus *) smd->ctx;
int ret = 0;
int DetectEngineInspectModbus(ThreadVars *,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *,
- const Signature *, const SigMatch *,
+ const Signature *, const SigMatchData *,
Flow *, uint8_t, void *, void *, uint64_t);
void DetectEngineInspectModbusRegisterTests(void);
det_ctx->inspection_recursion_counter = 0;
det_ctx->replist = NULL;
- r = DetectEngineContentInspection(de_ctx, det_ctx, s, s->sm_lists[DETECT_SM_LIST_PMATCH],
+ r = DetectEngineContentInspection(de_ctx, det_ctx, s, s->sm_arrays[DETECT_SM_LIST_PMATCH],
f, p->payload, p->payload_len, 0,
DETECT_ENGINE_CONTENT_INSPECTION_MODE_PAYLOAD, p);
if (r == 1) {
det_ctx->discontinue_matching = 0;
det_ctx->inspection_recursion_counter = 0;
- r = DetectEngineContentInspection(de_ctx, det_ctx, s, s->sm_lists[DETECT_SM_LIST_PMATCH],
+ r = DetectEngineContentInspection(de_ctx, det_ctx, s, s->sm_arrays[DETECT_SM_LIST_PMATCH],
f, payload, payload_len, 0,
DETECT_ENGINE_CONTENT_INSPECTION_MODE_STREAM, NULL);
if (r == 1) {
if (direction == engine->dir) {
KEYWORD_PROFILING_SET_LIST(det_ctx, engine->sm_list);
int match = engine->Callback(tv, de_ctx, det_ctx,
- s, engine->sm, f, flags, alstate, tx, tx_id);
+ s, engine->smd, f, flags, alstate, tx, tx_id);
SCLogDebug("engine %p match %d", engine, match);
if (match == DETECT_ENGINE_INSPECT_SIG_MATCH) {
inspect_flags |= BIT_U32(engine->id);
SCLogDebug("inspect_flags %x", inspect_flags);
KEYWORD_PROFILING_SET_LIST(det_ctx, engine->sm_list);
int match = engine->Callback(tv, de_ctx, det_ctx,
- s, engine->sm,
+ s, engine->smd,
f, flags, alstate, inspect_tx, inspect_tx_id);
if (match == DETECT_ENGINE_INSPECT_SIG_MATCH) {
inspect_flags |= BIT_U32(engine->id);
int DetectEngineInspectTemplateBuffer(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- Signature *s, const SigMatch *sm,
+ Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
TemplateTransaction *tx = (TemplateTransaction *)txv;
int ret = 0;
if (flags & STREAM_TOSERVER && tx->request_buffer != NULL) {
- ret = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
+ ret = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f, tx->request_buffer, tx->request_buffer_len, 0,
DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL);
}
else if (flags & STREAM_TOCLIENT && tx->response_buffer != NULL) {
- ret = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
+ ret = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f, tx->response_buffer, tx->response_buffer_len, 0,
DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL);
}
int DetectEngineInspectTemplateBuffer(ThreadVars *,
DetectEngineCtx *, DetectEngineThreadCtx *,
- const Signature *, const SigMatch *,
+ const Signature *, const SigMatchData *,
Flow *, uint8_t, void *, void *tx, uint64_t tx_id);
#endif /* __DETECT_TEMPLATE_ENGINE_H__ */
*/
int DetectEngineInspectTlsSni(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
uint8_t *buffer;
buffer = (uint8_t *)ssl_state->client_connp.sni;
buffer_len = strlen(ssl_state->client_connp.sni);
- cnt = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
+ cnt = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f, buffer, buffer_len, 0,
DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL);
*/
int DetectEngineInspectTlsIssuer(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- Signature *s, const SigMatch *sm,
+ Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
uint8_t *buffer;
buffer = (uint8_t *)ssl_state->server_connp.cert0_issuerdn;
buffer_len = strlen(ssl_state->server_connp.cert0_issuerdn);
- cnt = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
+ cnt = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f, buffer, buffer_len, 0,
DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL);
*/
int DetectEngineInspectTlsSubject(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- Signature *s, const SigMatch *sm,
+ Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
uint8_t *buffer;
buffer = (uint8_t *)ssl_state->server_connp.cert0_subject;
buffer_len = strlen(ssl_state->server_connp.cert0_subject);
- cnt = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
+ cnt = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f, buffer, buffer_len, 0,
DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL);
int DetectEngineInspectTlsValidity(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- Signature *s, const SigMatch *sm,
+ Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate,
void *txv, uint64_t tx_id)
{
int DetectEngineInspectTlsSni(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
int DetectEngineInspectTlsIssuer(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
int DetectEngineInspectTlsSubject(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags,
void *alstate, void *txv, uint64_t tx_id);
int DetectEngineInspectTlsValidity(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
#endif /* __DETECT_ENGINE_TLS_H__ */
*/
int DetectEngineInspectHttpUri(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- Signature *s, const SigMatch *sm,
+ Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
HtpTxUserData *tx_ud = htp_tx_get_user_data(txv);
/* Inspect all the uricontents fetched on each
* transaction at the app layer */
- int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
+ int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f,
bstr_ptr(tx_ud->request_uri_normalized),
bstr_len(tx_ud->request_uri_normalized),
int DetectEngineInspectHttpUri(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
void UriRegisterTests(void);
case DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH:
- new_engine->sm = s->sm_lists[new_engine->sm_list];
- s->sm_lists[new_engine->sm_list] = NULL;
- s->sm_lists_tail[new_engine->sm_list] = NULL;
+ new_engine->smd = s->sm_arrays[new_engine->sm_list];
lists_used[t->sm_list] = 1;
break;
default:
int i;
for (i = 0; i < DETECT_SM_LIST_MAX; i++) {
if (lists_used[i]) {
- s->sm_lists[i] = NULL;
- s->sm_lists_tail[i] = NULL;
+ s->sm_arrays[i] = NULL;
}
}
*/
void DetectEngineAppInspectionEngineSignatureFree(Signature *s)
{
- SigMatch *ptrs[DETECT_SM_LIST_MAX] = { NULL };
+ SigMatchData *ptrs[DETECT_SM_LIST_MAX] = { NULL };
DetectEngineAppInspectionEngine *ie = s->app_inspect;
while (ie) {
DetectEngineAppInspectionEngine *next = ie->next;
- BUG_ON(ptrs[ie->sm_list] != NULL && ptrs[ie->sm_list] != ie->sm);
- ptrs[ie->sm_list] = ie->sm;
+ BUG_ON(ptrs[ie->sm_list] != NULL && ptrs[ie->sm_list] != ie->smd);
+ ptrs[ie->sm_list] = ie->smd;
SCFree(ie);
ie = next;
}
int i;
for (i = 0; i < DETECT_SM_LIST_MAX; i++)
{
- SigMatch *sm = ptrs[i];
- while (sm != NULL) {
- SigMatch *nsm = sm->next;
- SigMatchFree(sm);
- sm = nsm;
- }
+ SCFree(ptrs[i]);
}
}
#include "detect-fileext.h"
static int DetectFileextMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *,
- uint8_t, File *, const Signature *, const SigMatch *);
+ uint8_t, File *, const Signature *, const SigMatchData *);
static int DetectFileextSetup (DetectEngineCtx *, Signature *, char *);
static void DetectFileextRegisterTests(void);
static void DetectFileextFree(void *);
* \retval 1 match
*/
static int DetectFileextMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
- Flow *f, uint8_t flags, File *file, const Signature *s, const SigMatch *m)
+ Flow *f, uint8_t flags, File *file, const Signature *s, const SigMatchData *m)
{
SCEnter();
int ret = 0;
#else /* HAVE_MAGIC */
static int DetectFilemagicMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *,
- uint8_t, File *, const Signature *, const SigMatch *);
+ uint8_t, File *, const Signature *, const SigMatchData *);
static int DetectFilemagicSetup (DetectEngineCtx *, Signature *, char *);
static void DetectFilemagicRegisterTests(void);
static void DetectFilemagicFree(void *);
* \retval 1 match
*/
static int DetectFilemagicMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
- Flow *f, uint8_t flags, File *file, const Signature *s, const SigMatch *m)
+ Flow *f, uint8_t flags, File *file, const Signature *s, const SigMatchData *m)
{
SCEnter();
int ret = 0;
#include "app-layer-parser.h"
static int DetectFilenameMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *,
- uint8_t, File *, const Signature *, const SigMatch *);
+ uint8_t, File *, const Signature *, const SigMatchData *);
static int DetectFilenameSetup (DetectEngineCtx *, Signature *, char *);
static void DetectFilenameRegisterTests(void);
static void DetectFilenameFree(void *);
* \retval 1 match
*/
static int DetectFilenameMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
- Flow *f, uint8_t flags, File *file, const Signature *s, const SigMatch *m)
+ Flow *f, uint8_t flags, File *file, const Signature *s, const SigMatchData *m)
{
SCEnter();
int ret = 0;
/*prototypes*/
static int DetectFilesizeMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f,
- uint8_t flags, File *file, const Signature *s, const SigMatch *m);
+ uint8_t flags, File *file, const Signature *s, const SigMatchData *m);
static int DetectFilesizeSetup (DetectEngineCtx *, Signature *, char *);
static void DetectFilesizeFree (void *);
static void DetectFilesizeRegisterTests (void);
* \retval 1 match
*/
static int DetectFilesizeMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f,
- uint8_t flags, File *file, const Signature *s, const SigMatch *m)
+ uint8_t flags, File *file, const Signature *s, const SigMatchData *m)
{
SCEnter();
static pcre_extra *parse_regex_study;
static int DetectFilestoreMatch (ThreadVars *, DetectEngineThreadCtx *,
- Flow *, uint8_t, File *, const Signature *, const SigMatch *);
+ Flow *, uint8_t, File *, const Signature *, const SigMatchData *);
static int DetectFilestoreSetup (DetectEngineCtx *, Signature *, char *);
static void DetectFilestoreFree(void *);
static void DetectFilestoreRegisterTests(void);
* needs to be put behind a api.
*/
static int DetectFilestoreMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f,
- uint8_t flags, File *file, const Signature *s, const SigMatch *m)
+ uint8_t flags, File *file, const Signature *s, const SigMatchData *m)
{
uint16_t file_id = 0;
static int PrefilterTxHttpRequestLineRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
static int DetectEngineInspectHttpRequestLine(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
/**
*/
static int DetectEngineInspectHttpRequestLine(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
htp_tx_t *tx = (htp_tx_t *)txv;
/* Inspect all the uricontents fetched on each
* transaction at the app layer */
int r = DetectEngineContentInspection(de_ctx, det_ctx,
- s, sm,
+ s, smd,
f,
bstr_ptr(tx->request_line),
bstr_len(tx->request_line),
static int PrefilterTxHttpResponseLineRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
static int DetectEngineInspectHttpResponseLine(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
/**
*/
int DetectEngineInspectHttpResponseLine(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
htp_tx_t *tx = (htp_tx_t *)txv;
#endif
/* run the inspection against the buffer */
- int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
+ int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f,
bstr_ptr(tx->response_line),
bstr_len(tx->response_line),
}
int DetectLuaMatchBuffer(DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
uint8_t *buffer, uint32_t buffer_len, uint32_t offset,
Flow *f)
{
if (buffer == NULL || buffer_len == 0)
SCReturnInt(0);
- DetectLuaData *lua = (DetectLuaData *)sm->ctx;
+ DetectLuaData *lua = (DetectLuaData *)smd->ctx;
if (lua == NULL)
SCReturnInt(0);
/* prototypes */
void DetectLuaRegister (void);
int DetectLuaMatchBuffer(DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatch *sm,
+ const Signature *s, const SigMatchData *smd,
uint8_t *buffer, uint32_t buffer_len, uint32_t offset,
Flow *f);
* \retval 0 No match.
*/
int DetectPcrePayloadMatch(DetectEngineThreadCtx *det_ctx, const Signature *s,
- const SigMatch *sm, Packet *p, Flow *f, uint8_t *payload,
- uint32_t payload_len)
+ const SigMatchData *smd, Packet *p, Flow *f,
+ uint8_t *payload, uint32_t payload_len)
{
SCEnter();
#define MAX_SUBSTRINGS 30
uint16_t len = 0;
uint16_t capture_len = 0;
- DetectPcreData *pe = (DetectPcreData *)sm->ctx;
+ DetectPcreData *pe = (DetectPcreData *)smd->ctx;
if (pe->flags & DETECT_PCRE_RELATIVE) {
ptr = payload + det_ctx->buffer_offset;
} DetectPcreData;
/* prototypes */
-int DetectPcrePayloadMatch(DetectEngineThreadCtx *, const Signature *,
- const SigMatch *, Packet *, Flow *, uint8_t *, uint32_t);
+
+int DetectPcrePayloadMatch(DetectEngineThreadCtx *,
+ const Signature *, const SigMatchData *,
+ Packet *, Flow *, uint8_t *, uint32_t);
+
int DetectPcrePacketPayloadMatch(DetectEngineThreadCtx *, Packet *, Signature *, SigMatch *);
int DetectPcrePayloadDoMatch(DetectEngineThreadCtx *, Signature *, SigMatch *,
Packet *, uint8_t *, uint16_t);
typedef int (*InspectEngineFuncPtr)(ThreadVars *tv,
struct DetectEngineCtx_ *de_ctx, struct DetectEngineThreadCtx_ *det_ctx,
- const struct Signature_ *sig, const SigMatch *sm_list,
+ const struct Signature_ *sig, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate,
void *tx, uint64_t tx_id);
*/
InspectEngineFuncPtr Callback;
- SigMatch *sm;
+ SigMatchData *smd;
struct DetectEngineAppInspectionEngine_ *next;
} DetectEngineAppInspectionEngine;
} DetectEngineThreadCtx;
/** \brief element in sigmatch type table.
- * \note FileMatch pointer below takes a locked flow, AppLayerMatch an unlocked flow
*/
typedef struct SigTableElmt_ {
/** Packet match function pointer */
int (*FileMatch)(ThreadVars *, /**< thread local vars */
DetectEngineThreadCtx *,
Flow *, /**< *LOCKED* flow */
- uint8_t flags, File *, const Signature *, const SigMatch *);
+ uint8_t flags, File *, const Signature *, const SigMatchData *);
/** keyword setup function pointer */
int (*Setup)(DetectEngineCtx *, Signature *, char *);
* \retval 1 match
*/
int DetectFileHashMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
- Flow *f, uint8_t flags, File *file, const Signature *s, const SigMatch *m)
+ Flow *f, uint8_t flags, File *file, const Signature *s, const SigMatchData *m)
{
SCEnter();
int ret = 0;
int LoadHashTable(ROHashTable *, char *, char *, int, uint32_t);
int DetectFileHashMatch(ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t,
- File *, const Signature *, const SigMatch *);
+ File *, const Signature *, const SigMatchData *);
int DetectFileHashSetup(DetectEngineCtx *, Signature *, char *, uint32_t);
void DetectFileHashFree(void *);
projects / thirdparty / suricata.git / commitdiff
