}
am->id = de_ctx->app_mpms_list_cnt++;
- SupportFastPatternForSigMatchList(am->sm_list, am->priority);
+ DetectEngineRegisterFastPatternForId(de_ctx, am->sm_list, am->priority);
t->next = am;
SCLogDebug("copied mpm registration for %s id %u "
"with parent %u and GetData %p",
}
am->id = de_ctx->pkt_mpms_list_cnt++;
- SupportFastPatternForSigMatchList(am->sm_list, am->priority);
+ DetectEngineRegisterFastPatternForId(de_ctx, am->sm_list, am->priority);
t->next = am;
SCLogDebug("copied mpm registration for %s id %u "
"with parent %u and GetData %p",
int count_final_sm_list = 0;
int priority;
- const SCFPSupportSMList *tmp = sm_fp_support_smlist_list;
+ const SCFPSupportSMList *tmp = de_ctx->fp_support_smlist_list;
while (tmp != NULL) {
for (priority = tmp->priority;
tmp != NULL && priority == tmp->priority;
tmp = tmp->next)
{
+ SCLogDebug("tmp->list_id %d tmp->priority %d", tmp->list_id, tmp->priority);
if (tmp->list_id >= nlists)
continue;
if (curr_sm_list[tmp->list_id] == 0)
#include "detect-engine.h"
#include "detect-engine-state.h"
#include "detect-engine-payload.h"
+#include "detect-fast-pattern.h"
#include "detect-byte-extract.h"
#include "detect-content.h"
#include "detect-uricontent.h"
DetectAddressMapInit(de_ctx);
DetectMetadataHashInit(de_ctx);
DetectBufferTypeSetupDetectEngine(de_ctx);
+ DetectEngineInitializeFastPatternList(de_ctx);
/* init iprep... ignore errors for now */
(void)SRepInit(de_ctx);
if (de_ctx->sig_array)
SCFree(de_ctx->sig_array);
+ DetectEngineFreeFastPatternList(de_ctx);
SCClassConfDeInitContext(de_ctx);
SCRConfDeInitContext(de_ctx);
/* holds the list of sm match lists that need to be searched for a keyword
* that has fp support */
-SCFPSupportSMList *sm_fp_support_smlist_list = NULL;
+static SCFPSupportSMList *g_fp_support_smlist_list = NULL;
/**
* \brief Checks if a particular list(Signature->sm_lists[]) is in the list
int FastPatternSupportEnabledForSigMatchList(const DetectEngineCtx *de_ctx,
const int list_id)
{
- if (sm_fp_support_smlist_list == NULL)
+ if (de_ctx->fp_support_smlist_list == NULL) {
return 0;
+ }
if (list_id == DETECT_SM_LIST_PMATCH)
return 1;
return DetectEngineBufferTypeSupportsMpmGetById(de_ctx, list_id);
}
-/**
- * \brief Lets one add a sm list id to be searched for potential fp supported
- * keywords later.
- *
- * \param list_id SM list id.
- * \param priority Priority for this list.
- */
-void SupportFastPatternForSigMatchList(int list_id, int priority)
+static void Add(SCFPSupportSMList **list, const int list_id, const int priority)
{
SCFPSupportSMList *ip = NULL;
/* insertion point - ip */
- for (SCFPSupportSMList *tmp = sm_fp_support_smlist_list; tmp != NULL; tmp = tmp->next) {
+ for (SCFPSupportSMList *tmp = *list; tmp != NULL; tmp = tmp->next) {
if (list_id == tmp->list_id) {
SCLogDebug("SM list already registered.");
return;
ip = tmp;
}
- if (sm_fp_support_smlist_list == NULL) {
+ if (*list == NULL) {
SCFPSupportSMList *new = SCMalloc(sizeof(SCFPSupportSMList));
if (unlikely(new == NULL))
exit(EXIT_FAILURE);
new->list_id = list_id;
new->priority = priority;
- sm_fp_support_smlist_list = new;
-
+ *list = new;
return;
}
new->list_id = list_id;
new->priority = priority;
if (ip == NULL) {
- new->next = sm_fp_support_smlist_list;
- sm_fp_support_smlist_list = new;
+ new->next = *list;
+ *list = new;
} else {
new->next = ip->next;
ip->next = new;
}
-
return;
}
+/**
+ * \brief Lets one add a sm list id to be searched for potential fp supported
+ * keywords later.
+ *
+ * \param list_id SM list id.
+ * \param priority Priority for this list.
+ */
+void SupportFastPatternForSigMatchList(int list_id, int priority)
+{
+ Add(&g_fp_support_smlist_list, list_id, priority);
+}
+
+void DetectEngineRegisterFastPatternForId(DetectEngineCtx *de_ctx, int list_id, int priority)
+{
+ Add(&de_ctx->fp_support_smlist_list, list_id, priority);
+}
+
/**
* \brief Registers the keywords(SMs) that should be given fp support.
*/
/* other types are handled by DetectMpmAppLayerRegister() */
}
+void DetectEngineInitializeFastPatternList(DetectEngineCtx *de_ctx)
+{
+ SCFPSupportSMList *last = NULL;
+ for (SCFPSupportSMList *tmp = g_fp_support_smlist_list; tmp != NULL; tmp = tmp->next) {
+ SCFPSupportSMList *n = SCCalloc(1, sizeof(*n));
+ if (n == NULL) {
+ FatalError(SC_ERR_FATAL, "out of memory: %s", strerror(errno));
+ }
+ n->list_id = tmp->list_id;
+ n->priority = tmp->priority;
+
+ // append
+ if (de_ctx->fp_support_smlist_list == NULL) {
+ last = de_ctx->fp_support_smlist_list = n;
+ } else {
+ BUG_ON(last == NULL);
+ last->next = n;
+ last = n;
+ }
+ }
+}
+
+void DetectEngineFreeFastPatternList(DetectEngineCtx *de_ctx)
+{
+ for (SCFPSupportSMList *tmp = de_ctx->fp_support_smlist_list; tmp != NULL;) {
+ SCFPSupportSMList *next = tmp->next;
+ SCFree(tmp);
+ tmp = next;
+ }
+ de_ctx->fp_support_smlist_list = NULL;
+}
+
/**
* \brief Registration function for fast_pattern keyword
*/
-/* Copyright (C) 2007-2010 Open Information Security Foundation
+/* Copyright (C) 2007-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#ifndef __DETECT_FAST_PATTERN_H__
#define __DETECT_FAST_PATTERN_H__
-typedef struct SCFPSupportSMList_ {
- /* the list id. Have a look at Signature->sm_lists[] */
- int list_id;
- int priority;
-
- struct SCFPSupportSMList_ *next;
-} SCFPSupportSMList;
-
-extern SCFPSupportSMList *sm_fp_support_smlist_list;
-
void SupportFastPatternForSigMatchList(int list_id, int priority);
int FastPatternSupportEnabledForSigMatchList(const DetectEngineCtx *de_ctx,
const int list_id);
void SupportFastPatternForSigMatchTypes(void);
+void DetectEngineRegisterFastPatternForId(DetectEngineCtx *de_ctx, int list_id, int priority);
+
+void DetectEngineInitializeFastPatternList(DetectEngineCtx *de_ctx);
+void DetectEngineFreeFastPatternList(DetectEngineCtx *de_ctx);
void DetectFastPatternRegister(void);
struct DetectVarList_ *next;
} DetectVarList;
+typedef struct SCFPSupportSMList_ {
+ int list_id;
+ int priority;
+ struct SCFPSupportSMList_ *next;
+} SCFPSupportSMList;
+
typedef struct DetectEngineIPOnlyThreadCtx_ {
uint8_t *sig_match_array; /* bit array of sig nums */
uint32_t sig_match_size; /* size in bytes of the array */
bool sm_types_prefilter[DETECT_TBLSIZE];
bool sm_types_silent_error[DETECT_TBLSIZE];
+ /* list of Fast Pattern registrations. Initially filled using a copy of
+ * `g_fp_support_smlist_list`, then extended at rule loading time if needed */
+ SCFPSupportSMList *fp_support_smlist_list;
} DetectEngineCtx;
/* Engine groups profiles (low, medium, high, custom) */
projects / thirdparty / suricata.git / commitdiff
