From: Victor Julien Date: Fri, 6 Oct 2017 10:24:15 +0000 (+0200) Subject: detect-state: minor cleanups X-Git-Tag: suricata-4.1.0-beta1~543 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=03274051cfd1d7cba1605558ccb6872dea7b40c1;p=thirdparty%2Fsuricata.git detect-state: minor cleanups --- diff --git a/src/detect-engine-state.c b/src/detect-engine-state.c index b9a79e9347..51ace58772 100644 --- a/src/detect-engine-state.c +++ b/src/detect-engine-state.c @@ -353,10 +353,12 @@ static void StoreStateTx(DetectEngineThreadCtx *det_ctx, SCLogDebug("Stored for TX %"PRIu64, tx_id); } -int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, +int DeStateDetectStartDetection(ThreadVars *tv, + DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, Packet *p, Flow *f, uint8_t flags, - AppProto alproto) + const Signature *s, Packet *p, Flow *f, + const uint8_t flags, // direction + const AppProto alproto) { SCLogDebug("rule %u/%u", s->id, s->num); @@ -404,13 +406,13 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, /* see if we need to consider the next tx in our decision to add * a sig to the 'no inspect array'. */ - int next_tx_no_progress = 0; + bool next_tx_no_progress = false; if (!TxIsLast(tx_id, total_txs)) { void *next_tx = AppLayerParserGetTx(f->proto, alproto, alstate, tx_id+1); if (next_tx != NULL) { int c = AppLayerParserGetStateProgress(f->proto, alproto, next_tx, flags); if (c == 0) { - next_tx_no_progress = 1; + next_tx_no_progress = true; } } } @@ -483,9 +485,11 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, int tx_is_done = (tx_progress >= AppLayerParserGetStateProgressCompletionStatus(alproto, flags)); - SCLogDebug("tx %"PRIu64", packet %"PRIu64", rule %u, alert_cnt %u, last tx %d, tx_is_done %d, next_tx_no_progress %d", + SCLogDebug("tx %"PRIu64", packet %"PRIu64", rule %u, alert_cnt %u, " + "last tx %d, tx_is_done %d, next_tx_no_progress %s", tx_id, p->pcap_cnt, s->num, alert_cnt, - TxIsLast(tx_id, total_txs), tx_is_done, next_tx_no_progress); + TxIsLast(tx_id, total_txs), tx_is_done, + next_tx_no_progress ? "true" : "false"); /* store our state */ if (!(TxIsLast(tx_id, total_txs)) || !tx_is_done) { @@ -515,9 +519,9 @@ static int DoInspectItem(ThreadVars *tv, DeStateStoreItem *item, const uint8_t dir_state_flags, Packet *p, Flow *f, AppProto alproto, uint8_t flags, const uint64_t inspect_tx_id, const uint64_t total_txs, - - uint16_t *file_no_match, int inprogress, // is current tx in progress? - const int next_tx_no_progress) // tx after current is still dormant + uint16_t *file_no_match, + const bool inprogress, // is current tx in progress? + const bool next_tx_no_progress) // tx after current is still dormant { Signature *s = de_ctx->sig_array[item->sid]; det_ctx->stream_already_inspected = false; @@ -726,35 +730,30 @@ static int DoInspectItem(ThreadVars *tv, void DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - Packet *p, Flow *f, uint8_t flags, + Packet *p, Flow *f, const uint8_t flags, AppProto alproto) { - uint16_t file_no_match = 0; - SigIntId store_cnt = 0; - SigIntId state_cnt = 0; - uint64_t inspect_tx_id = 0; - uint64_t total_txs = 0; - uint8_t direction = (flags & STREAM_TOSERVER) ? 0 : 1; - SCLogDebug("starting continue detection for packet %"PRIu64, p->pcap_cnt); void *alstate = FlowGetAppState(f); - if (!StateIsValid(alproto, alstate)) { + if (unlikely(!StateIsValid(alproto, alstate))) { return; } - inspect_tx_id = AppLayerParserGetTransactionInspectId(f->alparser, flags); - total_txs = AppLayerParserGetTxCnt(f, alstate); + const uint8_t direction = (flags & STREAM_TOSERVER) ? 0 : 1; + uint64_t inspect_tx_id = AppLayerParserGetTransactionInspectId(f->alparser, flags); + const uint64_t total_txs = AppLayerParserGetTxCnt(f, alstate); + const int end_progress = AppLayerParserGetStateProgressCompletionStatus(alproto, flags); for ( ; inspect_tx_id < total_txs; inspect_tx_id++) { - int inspect_tx_inprogress = 0; - int next_tx_no_progress = 0; + bool inspect_tx_inprogress = false; void *inspect_tx = AppLayerParserGetTx(f->proto, alproto, alstate, inspect_tx_id); if (inspect_tx != NULL) { - int a = AppLayerParserGetStateProgress(f->proto, alproto, inspect_tx, flags); - int b = AppLayerParserGetStateProgressCompletionStatus(alproto, flags); - if (a < b) { - inspect_tx_inprogress = 1; + bool next_tx_no_progress = false; + + const int tx_progress = AppLayerParserGetStateProgress(f->proto, alproto, inspect_tx, flags); + if (end_progress < tx_progress) { + inspect_tx_inprogress = true; } SCLogDebug("tx %"PRIu64" (%"PRIu64") => %s", inspect_tx_id, total_txs, inspect_tx_inprogress ? "in progress" : "done"); @@ -776,19 +775,22 @@ void DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, if (next_inspect_tx != NULL) { int c = AppLayerParserGetStateProgress(f->proto, alproto, next_inspect_tx, flags); if (c == 0) { - next_tx_no_progress = 1; + next_tx_no_progress = true; } } } /* Loop through stored 'items' (stateful rules) and inspect them */ - state_cnt = 0; + SigIntId state_cnt = 0; for (; tx_store != NULL; tx_store = tx_store->next) { SCLogDebug("tx_store %p", tx_store); + + SigIntId store_cnt = 0; for (store_cnt = 0; store_cnt < DE_STATE_CHUNK_SIZE && state_cnt < tx_dir_state->cnt; store_cnt++, state_cnt++) { + uint16_t file_no_match = 0; // TODO looks like we're just ignoring this DeStateStoreItem *item = &tx_store->store[store_cnt]; int r = DoInspectItem(tv, de_ctx, det_ctx, item, tx_dir_state->flags, diff --git a/src/detect-engine-state.h b/src/detect-engine-state.h index 224160caf9..9497c80e91 100644 --- a/src/detect-engine-state.h +++ b/src/detect-engine-state.h @@ -101,6 +101,7 @@ typedef struct DetectEngineStateDirection_ { SigIntId cnt; uint16_t filestore_cnt; uint8_t flags; + /* coccinelle: DetectEngineStateDirection:flags:DETECT_ENGINE_STATE_FLAG_ */ } DetectEngineStateDirection; typedef struct DetectEngineState_ { @@ -149,7 +150,7 @@ int DeStateFlowHasInspectableState(const Flow *f, const uint8_t flags); int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, Packet *p, Flow *f, - uint8_t flags, AppProto alproto); + const uint8_t flags, const AppProto alproto); /** * \brief Continue DeState detection of the signatures stored in the state.