return;
}
+#define SGH_PROTO(sgh, p) ((sgh)->init->protos[(p)] == 1)
+#define SGH_DIRECTION_TS(sgh) ((sgh)->init->direction & SIG_FLAG_TOSERVER)
+#define SGH_DIRECTION_TC(sgh) ((sgh)->init->direction & SIG_FLAG_TOCLIENT)
+
+/* TODO the sig updates don't belong here */
+static void PopulateMpmAddPatternToMpmPMATCH(const DetectEngineCtx *de_ctx,
+ SigGroupHead *sgh, Signature *s,
+ SigMatch *mpm_sm)
+{
+ DetectContentData *cd = (DetectContentData *)mpm_sm->ctx;
+
+ if (cd->flags & DETECT_CONTENT_FAST_PATTERN_CHOP) {
+ if (DETECT_CONTENT_IS_SINGLE(cd) &&
+ !(cd->flags & DETECT_CONTENT_NEGATED) &&
+ !(cd->flags & DETECT_CONTENT_REPLACE) &&
+ cd->content_len == cd->fp_chop_len)
+ {
+ cd->flags |= DETECT_CONTENT_NO_DOUBLE_INSPECTION_REQUIRED;
+ }
+ } else {
+ if (DETECT_CONTENT_IS_SINGLE(cd) &&
+ !(cd->flags & DETECT_CONTENT_NEGATED) &&
+ !(cd->flags & DETECT_CONTENT_REPLACE))
+ {
+ cd->flags |= DETECT_CONTENT_NO_DOUBLE_INSPECTION_REQUIRED;
+ }
+ }
+
+ /* add the content to the "packet" mpm:
+ * chop is handled in PopulateMpmHelperAddPatternToPktCtx
+ */
+ if (SignatureHasPacketContent(s)) {
+ /* per TCP packet mpm */
+ if (SGH_PROTO(sgh, IPPROTO_TCP) && (s->proto.proto[IPPROTO_TCP / 8] & 1 << (IPPROTO_TCP % 8))) {
+ if (SGH_DIRECTION_TS(sgh) && s->flags & SIG_FLAG_TOSERVER) {
+ PopulateMpmHelperAddPatternToPktCtx(sgh->mpm_proto_tcp_ctx_ts,
+ cd, s, 0, (cd->flags & DETECT_CONTENT_FAST_PATTERN_CHOP));
+ }
+ if (SGH_DIRECTION_TC(sgh) && s->flags & SIG_FLAG_TOCLIENT) {
+ PopulateMpmHelperAddPatternToPktCtx(sgh->mpm_proto_tcp_ctx_tc,
+ cd, s, 0, (cd->flags & DETECT_CONTENT_FAST_PATTERN_CHOP));
+ }
+ }
+ }
+ /* per UDP packet mpm */
+ if (SGH_PROTO(sgh, IPPROTO_UDP) && (s->proto.proto[IPPROTO_UDP / 8] & 1 << (IPPROTO_UDP % 8))) {
+ if (SGH_DIRECTION_TS(sgh) && s->flags & SIG_FLAG_TOSERVER) {
+ PopulateMpmHelperAddPatternToPktCtx(sgh->mpm_proto_udp_ctx_ts,
+ cd, s, 0, (cd->flags & DETECT_CONTENT_FAST_PATTERN_CHOP));
+ }
+ if (SGH_DIRECTION_TC(sgh) && s->flags & SIG_FLAG_TOCLIENT) {
+ PopulateMpmHelperAddPatternToPktCtx(sgh->mpm_proto_udp_ctx_tc,
+ cd, s, 0, (cd->flags & DETECT_CONTENT_FAST_PATTERN_CHOP));
+ }
+ }
+
+ /* other IP protocols */
+ if (!(SGH_PROTO(sgh, IPPROTO_TCP) || SGH_PROTO(sgh, IPPROTO_UDP))) {
+ PopulateMpmHelperAddPatternToPktCtx(sgh->mpm_proto_other_ctx,
+ cd, s, 0, (cd->flags & DETECT_CONTENT_FAST_PATTERN_CHOP));
+ }
+
+ /* tell matcher we are inspecting packet */
+ s->flags |= SIG_FLAG_MPM_PACKET;
+ s->mpm_pattern_id_div_8 = cd->id / 8;
+ s->mpm_pattern_id_mod_8 = 1 << (cd->id % 8);
+ if (cd->flags & DETECT_CONTENT_NEGATED) {
+ SCLogDebug("flagging sig %"PRIu32" to be looking for negated mpm", s->id);
+ s->flags |= SIG_FLAG_MPM_PACKET_NEG;
+ }
+ sgh->flags |= SIG_GROUP_HEAD_MPM_PACKET;
+
+ /* for TCP, we have a special "stream" mpm as well */
+ if (SGH_PROTO(sgh, IPPROTO_TCP) && SignatureHasStreamContent(s)) {
+ if (cd->flags & DETECT_CONTENT_NOCASE) {
+ if (SGH_DIRECTION_TS(sgh) && s->flags & SIG_FLAG_TOSERVER) {
+ if (cd->flags & DETECT_CONTENT_FAST_PATTERN_CHOP) {
+ MpmAddPatternCI(sgh->mpm_stream_ctx_ts,
+ cd->content + cd->fp_chop_offset, cd->fp_chop_len,
+ 0, 0, cd->id, s->num, 0);
+ } else {
+ MpmAddPatternCI(sgh->mpm_stream_ctx_ts,
+ cd->content, cd->content_len,
+ 0, 0, cd->id, s->num, 0);
+ }
+ }
+ if (SGH_DIRECTION_TC(sgh) && s->flags & SIG_FLAG_TOCLIENT) {
+ if (cd->flags & DETECT_CONTENT_FAST_PATTERN_CHOP) {
+ MpmAddPatternCI(sgh->mpm_stream_ctx_tc,
+ cd->content + cd->fp_chop_offset, cd->fp_chop_len,
+ 0, 0, cd->id, s->num, 0);
+ } else {
+ MpmAddPatternCI(sgh->mpm_stream_ctx_tc,
+ cd->content, cd->content_len,
+ 0, 0, cd->id, s->num, 0);
+ }
+ }
+ } else {
+ if (SGH_DIRECTION_TS(sgh) && s->flags & SIG_FLAG_TOSERVER) {
+ if (cd->flags & DETECT_CONTENT_FAST_PATTERN_CHOP) {
+ MpmAddPatternCS(sgh->mpm_stream_ctx_ts,
+ cd->content + cd->fp_chop_offset, cd->fp_chop_len,
+ 0, 0, cd->id, s->num, 0);
+ } else {
+ MpmAddPatternCS(sgh->mpm_stream_ctx_ts,
+ cd->content, cd->content_len,
+ 0, 0, cd->id, s->num, 0);
+ }
+ }
+ if (SGH_DIRECTION_TC(sgh) && s->flags & SIG_FLAG_TOCLIENT) {
+ if (cd->flags & DETECT_CONTENT_FAST_PATTERN_CHOP) {
+ MpmAddPatternCS(sgh->mpm_stream_ctx_tc,
+ cd->content + cd->fp_chop_offset, cd->fp_chop_len,
+ 0, 0, cd->id, s->num, 0);
+ } else {
+ MpmAddPatternCS(sgh->mpm_stream_ctx_tc,
+ cd->content, cd->content_len,
+ 0, 0, cd->id, s->num, 0);
+ }
+ }
+ }
+ /* tell matcher we are inspecting stream */
+ s->flags |= SIG_FLAG_MPM_STREAM;
+ s->mpm_pattern_id_div_8 = cd->id / 8;
+ s->mpm_pattern_id_mod_8 = 1 << (cd->id % 8);
+ if (cd->flags & DETECT_CONTENT_NEGATED) {
+ SCLogDebug("flagging sig %"PRIu32" to be looking for negated mpm", s->id);
+ s->flags |= SIG_FLAG_MPM_STREAM_NEG;
+ }
+ sgh->flags |= SIG_GROUP_HEAD_MPM_STREAM;
+ }
+}
+
static void PopulateMpmAddPatternToMpm(const DetectEngineCtx *de_ctx,
SigGroupHead *sgh, Signature *s,
SigMatch *mpm_sm)
switch (sm_list) {
case DETECT_SM_LIST_PMATCH:
{
- cd = (DetectContentData *)mpm_sm->ctx;
- if (cd->flags & DETECT_CONTENT_FAST_PATTERN_CHOP) {
- if (DETECT_CONTENT_IS_SINGLE(cd) &&
- !(cd->flags & DETECT_CONTENT_NEGATED) &&
- !(cd->flags & DETECT_CONTENT_REPLACE) &&
- cd->content_len == cd->fp_chop_len) {
- cd->flags |= DETECT_CONTENT_NO_DOUBLE_INSPECTION_REQUIRED;
- }
-
- /* add the content to the "packet" mpm */
- if (SignatureHasPacketContent(s)) {
- if (s->proto.proto[6 / 8] & 1 << (6 % 8)) {
- if (s->flags & SIG_FLAG_TOSERVER) {
- PopulateMpmHelperAddPatternToPktCtx(sgh->mpm_proto_tcp_ctx_ts,
- cd, s, flags, 1);
- }
- if (s->flags & SIG_FLAG_TOCLIENT) {
- PopulateMpmHelperAddPatternToPktCtx(sgh->mpm_proto_tcp_ctx_tc,
- cd, s, flags, 1);
- }
- }
- if (s->proto.proto[17 / 8] & 1 << (17 % 8)) {
- if (s->flags & SIG_FLAG_TOSERVER) {
- PopulateMpmHelperAddPatternToPktCtx(sgh->mpm_proto_udp_ctx_ts,
- cd, s, flags, 1);
- }
- if (s->flags & SIG_FLAG_TOCLIENT) {
- PopulateMpmHelperAddPatternToPktCtx(sgh->mpm_proto_udp_ctx_tc,
- cd, s, flags, 1);
- }
- }
- int i;
- for (i = 0; i < 256; i++) {
- if (i == 6 || i == 17)
- continue;
- if (s->proto.proto[i / 8] & (1 << (i % 8))) {
- PopulateMpmHelperAddPatternToPktCtx(sgh->mpm_proto_other_ctx,
- cd, s, flags, 1);
- break;
- }
- }
- /* tell matcher we are inspecting packet */
- s->flags |= SIG_FLAG_MPM_PACKET;
- s->mpm_pattern_id_div_8 = cd->id / 8;
- s->mpm_pattern_id_mod_8 = 1 << (cd->id % 8);
- if (cd->flags & DETECT_CONTENT_NEGATED) {
- SCLogDebug("flagging sig %"PRIu32" to be looking for negated mpm", s->id);
- s->flags |= SIG_FLAG_MPM_PACKET_NEG;
- }
- }
- if (SignatureHasStreamContent(s)) {
- if (cd->flags & DETECT_CONTENT_NOCASE) {
- if (s->flags & SIG_FLAG_TOSERVER) {
- MpmAddPatternCI(sgh->mpm_stream_ctx_ts,
- cd->content + cd->fp_chop_offset, cd->fp_chop_len,
- 0, 0,
- cd->id, s->num, flags);
- }
- if (s->flags & SIG_FLAG_TOCLIENT) {
- MpmAddPatternCI(sgh->mpm_stream_ctx_tc,
- cd->content + cd->fp_chop_offset, cd->fp_chop_len,
- 0, 0,
- cd->id, s->num, flags);
- }
- } else {
- if (s->flags & SIG_FLAG_TOSERVER) {
- MpmAddPatternCS(sgh->mpm_stream_ctx_ts,
- cd->content + cd->fp_chop_offset, cd->fp_chop_len,
- 0, 0,
- cd->id, s->num, flags);
- }
- if (s->flags & SIG_FLAG_TOCLIENT) {
- MpmAddPatternCS(sgh->mpm_stream_ctx_tc,
- cd->content + cd->fp_chop_offset, cd->fp_chop_len,
- 0, 0,
- cd->id, s->num, flags);
- }
- }
- /* tell matcher we are inspecting stream */
- s->flags |= SIG_FLAG_MPM_STREAM;
- s->mpm_pattern_id_div_8 = cd->id / 8;
- s->mpm_pattern_id_mod_8 = 1 << (cd->id % 8);
- if (cd->flags & DETECT_CONTENT_NEGATED) {
- SCLogDebug("flagging sig %"PRIu32" to be looking for negated mpm", s->id);
- s->flags |= SIG_FLAG_MPM_STREAM_NEG;
- }
- }
- } else {
- if (DETECT_CONTENT_IS_SINGLE(cd) &&
- !(cd->flags & DETECT_CONTENT_NEGATED) &&
- !(cd->flags & DETECT_CONTENT_REPLACE)) {
- cd->flags |= DETECT_CONTENT_NO_DOUBLE_INSPECTION_REQUIRED;
- }
-
- if (SignatureHasPacketContent(s)) {
- /* add the content to the "packet" mpm */
- if (s->proto.proto[6 / 8] & 1 << (6 % 8)) {
- if (s->flags & SIG_FLAG_TOSERVER) {
- PopulateMpmHelperAddPatternToPktCtx(sgh->mpm_proto_tcp_ctx_ts,
- cd, s, flags, 0);
- }
- if (s->flags & SIG_FLAG_TOCLIENT) {
- PopulateMpmHelperAddPatternToPktCtx(sgh->mpm_proto_tcp_ctx_tc,
- cd, s, flags, 0);
- }
- }
- if (s->proto.proto[17 / 8] & 1 << (17 % 8)) {
- if (s->flags & SIG_FLAG_TOSERVER) {
- PopulateMpmHelperAddPatternToPktCtx(sgh->mpm_proto_udp_ctx_ts,
- cd, s, flags, 0);
- }
- if (s->flags & SIG_FLAG_TOCLIENT) {
- PopulateMpmHelperAddPatternToPktCtx(sgh->mpm_proto_udp_ctx_tc,
- cd, s, flags, 0);
- }
- }
- int i;
- for (i = 0; i < 256; i++) {
- if (i == 6 || i == 17)
- continue;
- if (s->proto.proto[i / 8] & (1 << (i % 8))) {
- PopulateMpmHelperAddPatternToPktCtx(sgh->mpm_proto_other_ctx,
- cd, s, flags, 0);
- break;
- }
- }
- /* tell matcher we are inspecting packet */
- s->flags |= SIG_FLAG_MPM_PACKET;
- s->mpm_pattern_id_div_8 = cd->id / 8;
- s->mpm_pattern_id_mod_8 = 1 << (cd->id % 8);
- if (cd->flags & DETECT_CONTENT_NEGATED) {
- SCLogDebug("flagging sig %"PRIu32" to be looking for negated mpm", s->id);
- s->flags |= SIG_FLAG_MPM_PACKET_NEG;
- }
- }
- if (SignatureHasStreamContent(s)) {
- /* add the content to the "packet" mpm */
- if (cd->flags & DETECT_CONTENT_NOCASE) {
- if (s->flags & SIG_FLAG_TOSERVER) {
- MpmAddPatternCI(sgh->mpm_stream_ctx_ts,
- cd->content, cd->content_len,
- 0, 0,
- cd->id, s->num, flags);
- }
- if (s->flags & SIG_FLAG_TOCLIENT) {
- MpmAddPatternCI(sgh->mpm_stream_ctx_tc,
- cd->content, cd->content_len,
- 0, 0,
- cd->id, s->num, flags);
- }
- } else {
- if (s->flags & SIG_FLAG_TOSERVER) {
- MpmAddPatternCS(sgh->mpm_stream_ctx_ts,
- cd->content, cd->content_len,
- 0, 0,
- cd->id, s->num, flags);
- }
- if (s->flags & SIG_FLAG_TOCLIENT) {
- MpmAddPatternCS(sgh->mpm_stream_ctx_tc,
- cd->content, cd->content_len,
- 0, 0,
- cd->id, s->num, flags);
- }
- }
- /* tell matcher we are inspecting stream */
- s->flags |= SIG_FLAG_MPM_STREAM;
- s->mpm_pattern_id_div_8 = cd->id / 8;
- s->mpm_pattern_id_mod_8 = 1 << (cd->id % 8);
- if (cd->flags & DETECT_CONTENT_NEGATED) {
- SCLogDebug("flagging sig %"PRIu32" to be looking for negated mpm", s->id);
- s->flags |= SIG_FLAG_MPM_STREAM_NEG;
- }
- }
- }
- if (SignatureHasPacketContent(s)) {
- sgh->flags |= SIG_GROUP_HEAD_MPM_PACKET;
- }
- if (SignatureHasStreamContent(s)) {
- sgh->flags |= SIG_GROUP_HEAD_MPM_STREAM;
- }
-
+ PopulateMpmAddPatternToMpmPMATCH(de_ctx, sgh, s, mpm_sm);
break;
} /* case DETECT_CONTENT */
s = sh->match_array[sig];
if (s == NULL)
continue;
-
- if (SignatureHasPacketContent(s) == 1) {
+ if (!(SGH_PROTO(sh, IPPROTO_TCP)) ||
+ (SGH_PROTO(sh, IPPROTO_TCP) && SignatureHasPacketContent(s) == 1))
+ {
has_co_packet = 1;
}
- if (SignatureHasStreamContent(s) == 1) {
- has_co_stream = 1;
- }
- if (s->sm_lists[DETECT_SM_LIST_UMATCH] != NULL) {
- has_co_uri = 1;
- }
+ if (SGH_PROTO(sh, IPPROTO_TCP)) {
+ if (SignatureHasStreamContent(s) == 1) {
+ has_co_stream = 1;
+ }
- if (s->sm_lists[DETECT_SM_LIST_HCBDMATCH] != NULL) {
- has_co_hcbd = 1;
- }
+ if (s->sm_lists[DETECT_SM_LIST_UMATCH] != NULL) {
+ has_co_uri = 1;
+ }
- if (s->sm_lists[DETECT_SM_LIST_FILEDATA] != NULL) {
- if (s->alproto == ALPROTO_SMTP)
- has_co_smtp = 1;
- else if (s->alproto == ALPROTO_HTTP)
- has_co_hsbd = 1;
- else if (s->alproto == ALPROTO_UNKNOWN) {
- has_co_smtp = 1;
- has_co_hsbd = 1;
+ if (s->sm_lists[DETECT_SM_LIST_HCBDMATCH] != NULL) {
+ has_co_hcbd = 1;
}
- }
- if (s->sm_lists[DETECT_SM_LIST_HHDMATCH] != NULL) {
- has_co_hhd = 1;
- }
+ if (s->sm_lists[DETECT_SM_LIST_FILEDATA] != NULL) {
+ if (s->alproto == ALPROTO_SMTP)
+ has_co_smtp = 1;
+ else if (s->alproto == ALPROTO_HTTP)
+ has_co_hsbd = 1;
+ else if (s->alproto == ALPROTO_UNKNOWN) {
+ has_co_smtp = 1;
+ has_co_hsbd = 1;
+ }
+ }
- if (s->sm_lists[DETECT_SM_LIST_HRHDMATCH] != NULL) {
- has_co_hrhd = 1;
- }
+ if (s->sm_lists[DETECT_SM_LIST_HHDMATCH] != NULL) {
+ has_co_hhd = 1;
+ }
- if (s->sm_lists[DETECT_SM_LIST_HMDMATCH] != NULL) {
- has_co_hmd = 1;
- }
+ if (s->sm_lists[DETECT_SM_LIST_HRHDMATCH] != NULL) {
+ has_co_hrhd = 1;
+ }
- if (s->sm_lists[DETECT_SM_LIST_HCDMATCH] != NULL) {
- has_co_hcd = 1;
- }
+ if (s->sm_lists[DETECT_SM_LIST_HMDMATCH] != NULL) {
+ has_co_hmd = 1;
+ }
- if (s->sm_lists[DETECT_SM_LIST_HRUDMATCH] != NULL) {
- has_co_hrud = 1;
- }
+ if (s->sm_lists[DETECT_SM_LIST_HCDMATCH] != NULL) {
+ has_co_hcd = 1;
+ }
- if (s->sm_lists[DETECT_SM_LIST_HSMDMATCH] != NULL) {
- has_co_hsmd = 1;
- }
+ if (s->sm_lists[DETECT_SM_LIST_HRUDMATCH] != NULL) {
+ has_co_hrud = 1;
+ }
- if (s->sm_lists[DETECT_SM_LIST_HSCDMATCH] != NULL) {
- has_co_hscd = 1;
- }
+ if (s->sm_lists[DETECT_SM_LIST_HSMDMATCH] != NULL) {
+ has_co_hsmd = 1;
+ }
- if (s->sm_lists[DETECT_SM_LIST_HUADMATCH] != NULL) {
- has_co_huad = 1;
- }
+ if (s->sm_lists[DETECT_SM_LIST_HSCDMATCH] != NULL) {
+ has_co_hscd = 1;
+ }
- if (s->sm_lists[DETECT_SM_LIST_HHHDMATCH] != NULL) {
- has_co_hhhd = 1;
- }
+ if (s->sm_lists[DETECT_SM_LIST_HUADMATCH] != NULL) {
+ has_co_huad = 1;
+ }
+
+ if (s->sm_lists[DETECT_SM_LIST_HHHDMATCH] != NULL) {
+ has_co_hhhd = 1;
+ }
- if (s->sm_lists[DETECT_SM_LIST_HRHHDMATCH] != NULL) {
- has_co_hrhhd = 1;
+ if (s->sm_lists[DETECT_SM_LIST_HRHHDMATCH] != NULL) {
+ has_co_hrhhd = 1;
+ }
}
- if (s->sm_lists[DETECT_SM_LIST_DNSQUERYNAME_MATCH] != NULL) {
- has_co_dnsquery = 1;
+ if (SGH_PROTO(sh, IPPROTO_TCP) || SGH_PROTO(sh, IPPROTO_UDP)) {
+ if (s->sm_lists[DETECT_SM_LIST_DNSQUERYNAME_MATCH] != NULL) {
+ has_co_dnsquery = 1;
+ }
}
}
/* intialize contexes */
if (has_co_packet) {
- if (de_ctx->sgh_mpm_context == ENGINE_SGH_MPM_FACTORY_CONTEXT_SINGLE) {
- sh->mpm_proto_tcp_ctx_ts = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_proto_tcp_packet, 0);
- sh->mpm_proto_tcp_ctx_tc = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_proto_tcp_packet, 1);
- } else {
- sh->mpm_proto_tcp_ctx_ts = MpmFactoryGetMpmCtxForProfile(de_ctx, MPM_CTX_FACTORY_UNIQUE_CONTEXT, 0);
- sh->mpm_proto_tcp_ctx_tc = MpmFactoryGetMpmCtxForProfile(de_ctx, MPM_CTX_FACTORY_UNIQUE_CONTEXT, 1);
- }
- if (sh->mpm_proto_tcp_ctx_ts == NULL || sh->mpm_proto_tcp_ctx_tc == NULL) {
- SCLogDebug("sh->mpm_proto_tcp_ctx == NULL. This should never happen");
- exit(EXIT_FAILURE);
+ if (SGH_PROTO(sh, IPPROTO_TCP)) {
+ if (de_ctx->sgh_mpm_context == ENGINE_SGH_MPM_FACTORY_CONTEXT_SINGLE) {
+ sh->mpm_proto_tcp_ctx_ts = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_proto_tcp_packet, 0);
+ sh->mpm_proto_tcp_ctx_tc = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_proto_tcp_packet, 1);
+ } else {
+ sh->mpm_proto_tcp_ctx_ts = MpmFactoryGetMpmCtxForProfile(de_ctx, MPM_CTX_FACTORY_UNIQUE_CONTEXT, 0);
+ sh->mpm_proto_tcp_ctx_tc = MpmFactoryGetMpmCtxForProfile(de_ctx, MPM_CTX_FACTORY_UNIQUE_CONTEXT, 1);
+ }
+ if (sh->mpm_proto_tcp_ctx_ts == NULL || sh->mpm_proto_tcp_ctx_tc == NULL) {
+ SCLogDebug("sh->mpm_proto_tcp_ctx == NULL. This should never happen");
+ exit(EXIT_FAILURE);
+ }
+ MpmInitCtx(sh->mpm_proto_tcp_ctx_ts, de_ctx->mpm_matcher);
+ MpmInitCtx(sh->mpm_proto_tcp_ctx_tc, de_ctx->mpm_matcher);
}
- MpmInitCtx(sh->mpm_proto_tcp_ctx_ts, de_ctx->mpm_matcher);
- MpmInitCtx(sh->mpm_proto_tcp_ctx_tc, de_ctx->mpm_matcher);
-
if (de_ctx->sgh_mpm_context == ENGINE_SGH_MPM_FACTORY_CONTEXT_SINGLE) {
sh->mpm_proto_udp_ctx_ts = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_proto_udp_packet, 0);
sh->mpm_proto_udp_ctx_tc = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_proto_udp_packet, 1);
has_co_hrhhd ||
has_co_dnsquery)
{
+ /* add the patterns of all the rules to the mpms of this sgh */
PatternMatchPreparePopulateMpm(de_ctx, sh);
if (sh->mpm_proto_tcp_ctx_ts != NULL) {
projects / thirdparty / suricata.git / commitdiff
