From: Victor Julien <victor@inliniac.net>
Date: Mon, 17 Oct 2016 14:08:02 +0000 (+0200)
Subject: detect: shrink Signature::sm_arrays
X-Git-Tag: suricata-4.0.0-beta1~403
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0a5ae415b89d322cf8d7cf71e45bd97c2166bece;p=thirdparty%2Fsuricata.git

detect: shrink Signature::sm_arrays

Signature::sm_arrays now only contains 'built-in' lists, and so is
sized appropriately.
---

diff --git a/src/detect-dnp3.c b/src/detect-dnp3.c
index 7cc965905d..02e63f7d3b 100644
--- a/src/detect-dnp3.c
+++ b/src/detect-dnp3.c
@@ -150,12 +150,12 @@ static int DetectEngineInspectDNP3Data(ThreadVars *tv, DetectEngineCtx *de_ctx,
     /* Content match - should probably be put into its own file. */
     if (flags & STREAM_TOSERVER && tx->request_buffer != NULL) {
         r = DetectEngineContentInspection(de_ctx, det_ctx, s,
-            s->sm_arrays[DETECT_SM_LIST_DNP3_DATA_MATCH], f, tx->request_buffer,
+            smd, f, tx->request_buffer,
             tx->request_buffer_len, 0, 0, NULL);
     }
     else if (flags & STREAM_TOCLIENT && tx->response_buffer != NULL) {
         r = DetectEngineContentInspection(de_ctx, det_ctx, s,
-            s->sm_arrays[DETECT_SM_LIST_DNP3_DATA_MATCH], f, tx->response_buffer,
+            smd, f, tx->response_buffer,
             tx->response_buffer_len, 0, 0, NULL);
     }
 
diff --git a/src/detect-engine.c b/src/detect-engine.c
index bb96379f46..5fa3d4fbe1 100644
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@@ -144,11 +144,20 @@ void DetectAppLayerInspectEngineRegister(AppProto alproto,
 
 int DetectEngineAppInspectionEngine2Signature(Signature *s)
 {
-    int lists_used[DETECT_SM_LIST_MAX] = { 0 };
+    SigMatchData *ptrs[DETECT_SM_LIST_MAX] = { NULL };
+
+    /* convert lists to SigMatchData arrays */
+    int i = 0;
+    for (i = DETECT_SM_LIST_BUILTIN_MAX; i < DETECT_SM_LIST_MAX; i++) {
+        if (s->init_data->smlists[i] == NULL)
+            continue;
+
+        ptrs[i] = SigMatchList2DataArray(s->init_data->smlists[i]);
+    }
 
     DetectEngineAppInspectionEngine *t = g_app_inspect_engines;
     while (t != NULL) {
-        if (s->sm_arrays[t->sm_list] == NULL)
+        if (ptrs[t->sm_list] == NULL)
             goto next;
         if (t->alproto == ALPROTO_UNKNOWN) {
             /* special case, inspect engine applies to all protocols */
@@ -208,8 +217,7 @@ int DetectEngineAppInspectionEngine2Signature(Signature *s)
 
             case DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH:
 
-                new_engine->smd = s->sm_arrays[new_engine->sm_list];
-                lists_used[t->sm_list] = 1;
+                new_engine->smd = ptrs[new_engine->sm_list];
                 break;
             default:
                 break;
@@ -234,15 +242,6 @@ next:
         t = t->next;
     }
 
-    /* clear s->sm_arrays for those lists that we put
-     * in the inspect engines. They own it now. */
-    int i;
-    for (i = 0; i < DETECT_SM_LIST_MAX; i++) {
-        if (lists_used[i]) {
-            s->sm_arrays[i] = NULL;
-        }
-    }
-
     return 0;
 }
 
diff --git a/src/detect-parse.c b/src/detect-parse.c
index b68cbf924d..1575823b42 100644
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@@ -1045,7 +1045,7 @@ static void SigMatchFreeArrays(Signature *s, int ctxs)
 {
     if (s != NULL) {
         int type;
-        for (type = 0; type < DETECT_SM_LIST_MAX; type++) {
+        for (type = 0; type < DETECT_SM_LIST_BUILTIN_MAX; type++) {
             if (s->sm_arrays[type] != NULL) {
                 if (ctxs) {
                     SigMatchData *smd = s->sm_arrays[type];
@@ -1228,6 +1228,42 @@ static void SigBuildAddressMatchArray(Signature *s)
     }
 }
 
+static int SigMatchListLen(SigMatch *sm)
+{
+    int len = 0;
+    for (; sm != NULL; sm = sm->next)
+        len++;
+
+    return len;
+}
+
+/** \brief convert SigMatch list to SigMatchData array
+ *  \note ownership of sm->ctx is transfered to smd->ctx
+ */
+SigMatchData* SigMatchList2DataArray(SigMatch *head)
+{
+    int len = SigMatchListLen(head);
+    if (len == 0)
+        return NULL;
+
+    SigMatchData *smd = (SigMatchData *)SCCalloc(len, sizeof(SigMatchData));
+    if (smd == NULL) {
+        SCLogError(SC_ERR_DETECT_PREPARE, "initializing the detection engine failed");
+        exit(EXIT_FAILURE);
+    }
+    SigMatchData *out = smd;
+
+    /* Copy sm type and Context into array */
+    SigMatch *sm = head;
+    for (; sm != NULL; sm = sm->next, smd++) {
+        smd->type = sm->type;
+        smd->ctx = sm->ctx;
+        sm->ctx = NULL; // SigMatch no longer owns the ctx
+        smd->is_last = (sm->next == NULL);
+    }
+    return out;
+}
+
 /**
  *  \internal
  *  \brief validate a just parsed signature for internal inconsistencies
diff --git a/src/detect-parse.h b/src/detect-parse.h
index 6d1d454adf..044fcdfd67 100644
--- a/src/detect-parse.h
+++ b/src/detect-parse.h
@@ -50,6 +50,7 @@ SigMatch *SigMatchGetLastSM(const Signature *);
 void SigMatchTransferSigMatchAcrossLists(SigMatch *sm,
                                          SigMatch **, SigMatch **s,
                                          SigMatch **, SigMatch **);
+SigMatchData* SigMatchList2DataArray(SigMatch *head);
 void SigParsePrepare(void);
 void SigParseRegisterTests(void);
 Signature *DetectEngineAppendSig(DetectEngineCtx *, char *);
diff --git a/src/detect.c b/src/detect.c
index 97e286e134..f8736b81e4 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -3911,15 +3911,6 @@ int SigAddressPrepareStage4(DetectEngineCtx *de_ctx)
     SCReturnInt(0);
 }
 
-static int SigMatchListLen(SigMatch *sm)
-{
-    int len = 0;
-    for (; sm != NULL; sm = sm->next)
-        len++;
-
-    return len;
-}
-
 /** \internal
  *  \brief perform final per signature setup tasks
  *
@@ -3933,32 +3924,15 @@ static int SigMatchPrepare(DetectEngineCtx *de_ctx)
 
     Signature *s = de_ctx->sig_list;
     for (; s != NULL; s = s->next) {
+        /* set up inspect engines */
+        DetectEngineAppInspectionEngine2Signature(s);
+
         int type;
-        for (type = 0; type < DETECT_SM_LIST_MAX; type++) {
+        for (type = 0; type < DETECT_SM_LIST_BUILTIN_MAX; type++) {
             SigMatch *sm = s->init_data->smlists[type];
-            int len = SigMatchListLen(sm);
-            if (len == 0)
-                s->sm_arrays[type] = NULL;
-            else {
-                SigMatchData *smd = (SigMatchData*)SCMalloc(len * sizeof(SigMatchData));
-                if (smd == NULL) {
-                    SCLogError(SC_ERR_DETECT_PREPARE, "initializing the detection engine failed");
-                    exit(EXIT_FAILURE);
-                }
-                /* Copy sm type and Context into array */
-                s->sm_arrays[type] = smd;
-                for (; sm != NULL; sm = sm->next, smd++) {
-                    smd->type = sm->type;
-                    smd->ctx = sm->ctx;
-                    sm->ctx = NULL; // SigMatch no longer owns the ctx
-                    smd->is_last = (sm->next == NULL);
-                }
-            }
+            s->sm_arrays[type] = SigMatchList2DataArray(sm);
         }
 
-        /* set up inspect engines */
-        DetectEngineAppInspectionEngine2Signature(s);
-
         /* free lists. Ctx' are xferred to sm_arrays so won't get freed */
         int i;
         for (i = 0; i < DETECT_SM_LIST_MAX; i++) {
diff --git a/src/detect.h b/src/detect.h
index c7ab2abf07..1fb1c3f13e 100644
--- a/src/detect.h
+++ b/src/detect.h
@@ -475,8 +475,9 @@ typedef struct Signature_ {
 
     DetectEngineAppInspectionEngine *app_inspect;
 
-    /* Hold copies of the sm lists for Match() */
-    SigMatchData *sm_arrays[DETECT_SM_LIST_MAX];
+    /* Matching structures for the built-ins. The others are in
+     * their inspect engines. */
+    SigMatchData *sm_arrays[DETECT_SM_LIST_BUILTIN_MAX];
 
     /* memory is still owned by the sm_lists/sm_arrays entry */
     const struct DetectFilestoreData_ *filestore_ctx;