From: Jeff Lucovsky Date: Tue, 19 Nov 2019 00:30:53 +0000 (-0500) Subject: detect: Update to take advantage of PCRE refactor X-Git-Tag: suricata-6.0.0-beta1~621 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4b0085b03ce85f9b0f09d7e44a96774388d0b09b;p=thirdparty%2Fsuricata.git detect: Update to take advantage of PCRE refactor This commit changes the keyword detectors to use the refactored PCRE modifications from detect-parse.[ch] --- diff --git a/src/detect-base64-decode.c b/src/detect-base64-decode.c index 32538884f4..d914f77942 100644 --- a/src/detect-base64-decode.c +++ b/src/detect-base64-decode.c @@ -29,8 +29,8 @@ static const char decode_pattern[] = "\\s*(bytes\\s+(\\d+),?)?" "\\s*(offset\\s+(\\d+),?)?" "\\s*(\\w+)?"; -static pcre *decode_pcre = NULL; -static pcre_extra *decode_pcre_study = NULL; + +static DetectParseRegex decode_pcre; static int DetectBase64DecodeSetup(DetectEngineCtx *, Signature *, const char *); static void DetectBase64DecodeFree(void *); @@ -50,7 +50,7 @@ void DetectBase64DecodeRegister(void) sigmatch_table[DETECT_BASE64_DECODE].flags |= SIGMATCH_OPTIONAL_OPT; - DetectSetupParseRegexes(decode_pattern, &decode_pcre, &decode_pcre_study); + DetectSetupParseRegexes(decode_pattern, &decode_pcre); } int DetectBase64DecodeDoMatch(DetectEngineThreadCtx *det_ctx, const Signature *s, @@ -114,8 +114,7 @@ static int DetectBase64DecodeParse(const char *str, uint32_t *bytes, *offset = 0; *relative = 0; - pcre_rc = pcre_exec(decode_pcre, decode_pcre_study, str, strlen(str), 0, 0, - ov, max); + pcre_rc = DetectParsePcreExec(&decode_pcre, str, 0, 0, ov, max); if (pcre_rc < 3) { goto error; } diff --git a/src/detect-byte-extract.c b/src/detect-byte-extract.c index cc09826c67..2836848fbd 100644 --- a/src/detect-byte-extract.c +++ b/src/detect-byte-extract.c @@ -86,8 +86,7 @@ "(?:(?:,\\s*([^\\s,]+)\\s*)|(?:,\\s*([^\\s,]+)\\s+([^\\s,]+)\\s*))?" \ "$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; static int DetectByteExtractSetup(DetectEngineCtx *, Signature *, const char *); static void DetectByteExtractRegisterTests(void); @@ -106,7 +105,7 @@ void DetectByteExtractRegister(void) sigmatch_table[DETECT_BYTE_EXTRACT].Free = DetectByteExtractFree; sigmatch_table[DETECT_BYTE_EXTRACT].RegisterTests = DetectByteExtractRegisterTests; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } int DetectByteExtractDoMatch(DetectEngineThreadCtx *det_ctx, const SigMatchData *smd, @@ -211,13 +210,13 @@ int DetectByteExtractDoMatch(DetectEngineThreadCtx *det_ctx, const SigMatchData static inline DetectByteExtractData *DetectByteExtractParse(const char *arg) { DetectByteExtractData *bed = NULL; +#undef MAX_SUBSTRINGS #define MAX_SUBSTRINGS 100 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; int i = 0; - ret = pcre_exec(parse_regex, parse_regex_study, arg, - strlen(arg), 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, arg, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 3 || ret > 19) { SCLogError(SC_ERR_PCRE_PARSE, "parse error, ret %" PRId32 ", string \"%s\"", ret, arg); diff --git a/src/detect-bytejump.c b/src/detect-bytejump.c index d271f69009..afb5486b07 100644 --- a/src/detect-bytejump.c +++ b/src/detect-bytejump.c @@ -57,8 +57,7 @@ "(?:\\s*,\\s*((?:multiplier|post_offset)\\s+[^\\s,]+|[^\\s,]+))?" \ "\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; static int DetectBytejumpMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const Signature *s, const SigMatchCtx *ctx); @@ -77,7 +76,7 @@ void DetectBytejumpRegister (void) sigmatch_table[DETECT_BYTEJUMP].Free = DetectBytejumpFree; sigmatch_table[DETECT_BYTEJUMP].RegisterTests = DetectBytejumpRegisterTests; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } /** \brief Byte jump match function @@ -315,7 +314,6 @@ static DetectBytejumpData *DetectBytejumpParse(const char *optstr, char **offset { DetectBytejumpData *data = NULL; char args[10][64]; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; int numargs = 0; @@ -327,8 +325,7 @@ static DetectBytejumpData *DetectBytejumpParse(const char *optstr, char **offset memset(args, 0x00, sizeof(args)); /* Execute the regex and populate args with captures. */ - ret = pcre_exec(parse_regex, parse_regex_study, optstr, - strlen(optstr), 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 2 || ret > 10) { SCLogError(SC_ERR_PCRE_PARSE,"parse error, ret %" PRId32 ", string \"%s\"", ret, optstr); diff --git a/src/detect-bytetest.c b/src/detect-bytetest.c index c96cb01b7a..14cb5754ac 100644 --- a/src/detect-bytetest.c +++ b/src/detect-bytetest.c @@ -59,8 +59,7 @@ "(?:\\s*,\\s*([^\\s,]+))?" \ "\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; static int DetectBytetestMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const Signature *s, const SigMatchCtx *ctx); @@ -78,7 +77,7 @@ void DetectBytetestRegister (void) sigmatch_table[DETECT_BYTETEST].Free = DetectBytetestFree; sigmatch_table[DETECT_BYTETEST].RegisterTests = DetectBytetestRegisterTests; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } /** \brief Bytetest detection code @@ -250,7 +249,6 @@ static DetectBytetestData *DetectBytetestParse(const char *optstr, char **value, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; int i; @@ -258,8 +256,7 @@ static DetectBytetestData *DetectBytetestParse(const char *optstr, char **value, const char *str_ptr = NULL; /* Execute the regex and populate args with captures. */ - ret = pcre_exec(parse_regex, parse_regex_study, optstr, - strlen(optstr), 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 6 || ret > 10) { SCLogError(SC_ERR_PCRE_PARSE, "parse error, ret %" PRId32 ", string %s", ret, optstr); diff --git a/src/detect-classtype.c b/src/detect-classtype.c index d377a0b867..3e13d1f787 100644 --- a/src/detect-classtype.c +++ b/src/detect-classtype.c @@ -38,8 +38,7 @@ #define PARSE_REGEX "^\\s*([a-zA-Z][a-zA-Z0-9-_]*)\\s*$" -static pcre *regex = NULL; -static pcre_extra *regex_study = NULL; +static DetectParseRegex parse_regex; static int DetectClasstypeSetup(DetectEngineCtx *, Signature *, const char *); static void DetectClasstypeRegisterTests(void); @@ -55,7 +54,7 @@ void DetectClasstypeRegister(void) sigmatch_table[DETECT_CLASSTYPE].Setup = DetectClasstypeSetup; sigmatch_table[DETECT_CLASSTYPE].RegisterTests = DetectClasstypeRegisterTests; - DetectSetupParseRegexes(PARSE_REGEX, ®ex, ®ex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } /** @@ -67,14 +66,12 @@ void DetectClasstypeRegister(void) */ static int DetectClasstypeParseRawString(const char *rawstr, char *out, size_t outsize) { -#define MAX_SUBSTRINGS 30 int ov[MAX_SUBSTRINGS]; - size_t len = strlen(rawstr); const size_t esize = CLASSTYPE_NAME_MAX_LEN + 8; char e[esize]; - int ret = pcre_exec(regex, regex_study, rawstr, len, 0, 0, ov, 30); + int ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 0) { SCLogError(SC_ERR_PCRE_MATCH, "Invalid Classtype in Signature"); return -1; diff --git a/src/detect-datarep.c b/src/detect-datarep.c index e0dbcc1752..3e80dca2b3 100644 --- a/src/detect-datarep.c +++ b/src/detect-datarep.c @@ -40,8 +40,7 @@ #include "util-print.h" #define PARSE_REGEX "([a-z]+)(?:,\\s*([\\-_A-z0-9\\s\\.]+)){1,4}" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; int DetectDatarepMatch (ThreadVars *, DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *); @@ -56,7 +55,7 @@ void DetectDatarepRegister (void) sigmatch_table[DETECT_DATAREP].Setup = DetectDatarepSetup; sigmatch_table[DETECT_DATAREP].Free = DetectDatarepFree; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } /* diff --git a/src/detect-dataset.c b/src/detect-dataset.c index 656a355db9..200403c66f 100644 --- a/src/detect-dataset.c +++ b/src/detect-dataset.c @@ -39,8 +39,7 @@ #include "util-print.h" #define PARSE_REGEX "([a-z]+)(?:,\\s*([\\-_A-z0-9\\s\\.]+)){1,4}" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; int DetectDatasetMatch (ThreadVars *, DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *); @@ -55,7 +54,7 @@ void DetectDatasetRegister (void) sigmatch_table[DETECT_DATASET].Setup = DetectDatasetSetup; sigmatch_table[DETECT_DATASET].Free = DetectDatasetFree; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } /* diff --git a/src/detect-dce-iface.c b/src/detect-dce-iface.c index 0c39f99aae..b765217671 100644 --- a/src/detect-dce-iface.c +++ b/src/detect-dce-iface.c @@ -51,8 +51,7 @@ #define PARSE_REGEX "^\\s*([0-9a-zA-Z]{8}-[0-9a-zA-Z]{4}-[0-9a-zA-Z]{4}-[0-9a-zA-Z]{4}-[0-9a-zA-Z]{12})(?:\\s*,\\s*(<|>|=|!)([0-9]{1,5}))?(?:\\s*,\\s*(any_frag))?\\s*$" -static pcre *parse_regex = NULL; -static pcre_extra *parse_regex_study = NULL; +static DetectParseRegex parse_regex; static int DetectDceIfaceMatchRust(DetectEngineThreadCtx *det_ctx, Flow *f, uint8_t flags, void *state, void *txv, @@ -80,7 +79,7 @@ void DetectDceIfaceRegister(void) sigmatch_table[DETECT_DCE_IFACE].Free = DetectDceIfaceFree; sigmatch_table[DETECT_DCE_IFACE].RegisterTests = DetectDceIfaceRegisterTests; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); g_dce_generic_list_id = DetectBufferTypeRegister("dce_generic"); @@ -118,7 +117,6 @@ static int InspectDceGeneric(ThreadVars *tv, static DetectDceIfaceData *DetectDceIfaceArgParse(const char *arg) { DetectDceIfaceData *did = NULL; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; uint8_t hex_value; @@ -128,8 +126,7 @@ static DetectDceIfaceData *DetectDceIfaceArgParse(const char *arg) char temp_str[3] = ""; int version; - ret = pcre_exec(parse_regex, parse_regex_study, arg, strlen(arg), 0, 0, ov, - MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, arg, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 2) { SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, arg); goto error; diff --git a/src/detect-dce-opnum.c b/src/detect-dce-opnum.c index 1edb9897fb..a106461e34 100644 --- a/src/detect-dce-opnum.c +++ b/src/detect-dce-opnum.c @@ -52,8 +52,7 @@ #define PARSE_REGEX "^\\s*([0-9]{1,5}(\\s*-\\s*[0-9]{1,5}\\s*)?)(,\\s*[0-9]{1,5}(\\s*-\\s*[0-9]{1,5})?\\s*)*$" -static pcre *parse_regex = NULL; -static pcre_extra *parse_regex_study = NULL; +static DetectParseRegex parse_regex; static int DetectDceOpnumMatchRust(DetectEngineThreadCtx *det_ctx, Flow *f, uint8_t flags, void *state, void *txv, @@ -75,7 +74,7 @@ void DetectDceOpnumRegister(void) sigmatch_table[DETECT_DCE_OPNUM].Free = DetectDceOpnumFree; sigmatch_table[DETECT_DCE_OPNUM].RegisterTests = DetectDceOpnumRegisterTests; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); g_dce_generic_list_id = DetectBufferTypeRegister("dce_generic"); } @@ -112,7 +111,6 @@ static DetectDceOpnumData *DetectDceOpnumArgParse(const char *arg) DetectDceOpnumRange *dor = NULL; DetectDceOpnumRange *prev_dor = NULL; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; const char *pcre_sub_str = NULL; @@ -127,8 +125,7 @@ static DetectDceOpnumData *DetectDceOpnumArgParse(const char *arg) goto error; } - ret = pcre_exec(parse_regex, parse_regex_study, arg, strlen(arg), 0, 0, ov, - MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, arg, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 2) { SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, arg); goto error; diff --git a/src/detect-detection-filter.c b/src/detect-detection-filter.c index 60676fc3b2..a0f0796610 100644 --- a/src/detect-detection-filter.c +++ b/src/detect-detection-filter.c @@ -48,8 +48,7 @@ */ #define PARSE_REGEX "^\\s*(track|count|seconds)\\s+(by_src|by_dst|\\d+)\\s*,\\s*(track|count|seconds)\\s+(by_src|by_dst|\\d+)\\s*,\\s*(track|count|seconds)\\s+(by_src|by_dst|\\d+)\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; static int DetectDetectionFilterMatch(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *); @@ -72,7 +71,7 @@ void DetectDetectionFilterRegister (void) /* this is compatible to ip-only signatures */ sigmatch_table[DETECT_DETECTION_FILTER].flags |= SIGMATCH_IPONLY_COMPAT; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } static int DetectDetectionFilterMatch (DetectEngineThreadCtx *det_ctx, @@ -93,7 +92,6 @@ static int DetectDetectionFilterMatch (DetectEngineThreadCtx *det_ctx, static DetectThresholdData *DetectDetectionFilterParse (const char *rawstr) { DetectThresholdData *df = NULL; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; const char *str_ptr = NULL; @@ -127,7 +125,7 @@ static DetectThresholdData *DetectDetectionFilterParse (const char *rawstr) if (count_found != 1 || seconds_found != 1 || track_found != 1) goto error; - ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 5) { SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr); goto error; diff --git a/src/detect-dsize.c b/src/detect-dsize.c index e0bf943f9d..cced17d820 100644 --- a/src/detect-dsize.c +++ b/src/detect-dsize.c @@ -47,8 +47,7 @@ * dsize:[<>]<0-65535>[<><0-65535>]; */ #define PARSE_REGEX "^\\s*(<|>)?\\s*([0-9]{1,5})\\s*(?:(<>)\\s*([0-9]{1,5}))?\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; static int DetectDsizeMatch (DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *); @@ -75,7 +74,7 @@ void DetectDsizeRegister (void) sigmatch_table[DETECT_DSIZE].SupportsPrefilter = PrefilterDsizeIsPrefilterable; sigmatch_table[DETECT_DSIZE].SetupPrefilter = PrefilterSetupDsize; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } static inline int @@ -138,7 +137,6 @@ static int DetectDsizeMatch (DetectEngineThreadCtx *det_ctx, Packet *p, static DetectDsizeData *DetectDsizeParse (const char *rawstr) { DetectDsizeData *dd = NULL; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; char mode[2] = ""; @@ -146,7 +144,7 @@ static DetectDsizeData *DetectDsizeParse (const char *rawstr) char value2[6] = ""; char range[3] = ""; - ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 3 || ret > 5) { SCLogError(SC_ERR_PCRE_MATCH,"Parse error %s", rawstr); goto error; diff --git a/src/detect-engine-event.c b/src/detect-engine-event.c index 486d4968e6..4cd4c46b05 100644 --- a/src/detect-engine-event.c +++ b/src/detect-engine-event.c @@ -44,8 +44,7 @@ #define PARSE_REGEX "\\S[0-9A-z_]+[.][A-z0-9_+.]+$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; static int DetectEngineEventMatch (DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *); @@ -78,7 +77,7 @@ void DetectEngineEventRegister (void) sigmatch_table[DETECT_STREAM_EVENT].Setup = DetectStreamEventSetup; sigmatch_table[DETECT_STREAM_EVENT].Free = DetectEngineEventFree; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } /** @@ -120,11 +119,10 @@ static DetectEngineEventData *DetectEngineEventParse (const char *rawstr) { int i; DetectEngineEventData *de = NULL; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0, found = 0; int ov[MAX_SUBSTRINGS]; - ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1) { SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr); diff --git a/src/detect-engine-uint.c b/src/detect-engine-uint.c index f377211e2e..927cb35b38 100644 --- a/src/detect-engine-uint.c +++ b/src/detect-engine-uint.c @@ -33,8 +33,7 @@ */ #define PARSE_REGEX "^\\s*([0-9]*)?\\s*([<>=-]+)?\\s*([0-9]+)?\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex uint_pcre; int DetectU32Match(const uint32_t parg, const DetectU32Data *du32) @@ -88,7 +87,7 @@ DetectU32Data *DetectU32Parse (const char *u32str) int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; - ret = pcre_exec(parse_regex, parse_regex_study, u32str, strlen(u32str), 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&uint_pcre, u32str, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 2 || ret > 4) { SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret); return NULL; @@ -225,7 +224,7 @@ void DetectU32Register(void) { if (g_detect_u32_registered == false) { // register only once - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &uint_pcre); g_detect_u32_registered = true; } } diff --git a/src/detect-fast-pattern.c b/src/detect-fast-pattern.c index 564178b6fe..036aba7cc9 100644 --- a/src/detect-fast-pattern.c +++ b/src/detect-fast-pattern.c @@ -39,8 +39,7 @@ #define PARSE_REGEX "^(\\s*only\\s*)|\\s*([0-9]+)\\s*,\\s*([0-9]+)\\s*$" -static pcre *parse_regex = NULL; -static pcre_extra *parse_regex_study = NULL; +static DetectParseRegex parse_regex; static int DetectFastPatternSetup(DetectEngineCtx *, Signature *, const char *); void DetectFastPatternRegisterTests(void); @@ -170,7 +169,7 @@ void DetectFastPatternRegister(void) sigmatch_table[DETECT_FAST_PATTERN].flags |= SIGMATCH_NOOPT; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } //static int DetectFastPatternParseArg( @@ -188,7 +187,6 @@ void DetectFastPatternRegister(void) */ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg) { -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; char arg_substr[128] = ""; @@ -255,8 +253,7 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const c } /* Execute the regex and populate args with captures. */ - ret = pcre_exec(parse_regex, parse_regex_study, arg, - strlen(arg), 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, arg, 0, 0, ov, MAX_SUBSTRINGS); /* fast pattern only */ if (ret == 2) { if ((cd->flags & DETECT_CONTENT_NEGATED) || diff --git a/src/detect-filesize.c b/src/detect-filesize.c index a62de03e6c..da4f9f227d 100644 --- a/src/detect-filesize.c +++ b/src/detect-filesize.c @@ -46,8 +46,7 @@ */ #define PARSE_REGEX "^(?:\\s*)(<|>)?(?:\\s*)([0-9]{1,23}[a-zA-Z]{0,2})(?:\\s*)(?:(<>)(?:\\s*)([0-9]{1,23}[a-zA-Z]{0,2}))?\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; /*prototypes*/ static int DetectFilesizeMatch (DetectEngineThreadCtx *det_ctx, Flow *f, @@ -71,7 +70,7 @@ void DetectFilesizeRegister(void) sigmatch_table[DETECT_FILESIZE].Free = DetectFilesizeFree; sigmatch_table[DETECT_FILESIZE].RegisterTests = DetectFilesizeRegisterTests; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); g_file_match_list_id = DetectBufferTypeRegister("files"); } @@ -144,12 +143,10 @@ static DetectFilesizeData *DetectFilesizeParse (const char *str) char *arg2 = NULL; char *arg3 = NULL; char *arg4 = NULL; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; - ret = pcre_exec(parse_regex, parse_regex_study, str, strlen(str), - 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 3 || ret > 5) { SCLogError(SC_ERR_PCRE_PARSE, "filesize option pcre parse error: \"%s\"", str); goto error; diff --git a/src/detect-filestore.c b/src/detect-filestore.c index eab1d70b71..455d4c681c 100644 --- a/src/detect-filestore.c +++ b/src/detect-filestore.c @@ -59,8 +59,7 @@ */ #define PARSE_REGEX "^\\s*([A-z_]+)\\s*(?:,\\s*([A-z_]+))?\\s*(?:,\\s*([A-z_]+))?\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; static int DetectFilestoreMatch (DetectEngineThreadCtx *, Flow *, uint8_t, File *, const Signature *, const SigMatchCtx *); @@ -89,7 +88,7 @@ void DetectFilestoreRegister(void) sigmatch_table[DETECT_FILESTORE_POSTMATCH].Match = DetectFilestorePostMatch; sigmatch_table[DETECT_FILESTORE_POSTMATCH].Free = DetectFilestoreFree; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); g_file_match_list_id = DetectBufferTypeRegister("files"); } @@ -345,7 +344,6 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch DetectFilestoreData *fd = NULL; SigMatch *sm = NULL; char *args[3] = {NULL,NULL,NULL}; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; @@ -368,7 +366,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch char str_2[32]; SCLogDebug("str %s", str); - ret = pcre_exec(parse_regex, parse_regex_study, str, strlen(str), 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1 || ret > 4) { SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 ", string %s", ret, str); goto error; diff --git a/src/detect-flow.c b/src/detect-flow.c index 67c58cedcf..16cd3798d7 100644 --- a/src/detect-flow.c +++ b/src/detect-flow.c @@ -46,8 +46,7 @@ */ #define PARSE_REGEX "^\\s*([A-z_]+)\\s*(?:,\\s*([A-z_]+))?\\s*(?:,\\s*([A-z_]+))?\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; int DetectFlowMatch (DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *); @@ -74,7 +73,7 @@ void DetectFlowRegister (void) sigmatch_table[DETECT_FLOW].SupportsPrefilter = PrefilterFlowIsPrefilterable; sigmatch_table[DETECT_FLOW].SetupPrefilter = PrefilterSetupFlow; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } /** @@ -170,12 +169,11 @@ static DetectFlowData *DetectFlowParse (const char *flowstr) { DetectFlowData *fd = NULL; char *args[3] = {NULL,NULL,NULL}; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; char str1[16] = "", str2[16] = "", str3[16] = ""; - ret = pcre_exec(parse_regex, parse_regex_study, flowstr, strlen(flowstr), 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, flowstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1 || ret > 4) { SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 ", string %s", ret, flowstr); goto error; diff --git a/src/detect-flowbits.c b/src/detect-flowbits.c index 921beeba27..fe254fa74f 100644 --- a/src/detect-flowbits.c +++ b/src/detect-flowbits.c @@ -46,8 +46,7 @@ #include "util-debug.h" #define PARSE_REGEX "^([a-z]+)(?:,\\s*(.*))?" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; int DetectFlowbitMatch (DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *); @@ -67,7 +66,7 @@ void DetectFlowbitsRegister (void) /* this is compatible to ip-only signatures */ sigmatch_table[DETECT_FLOWBITS].flags |= SIGMATCH_IPONLY_COMPAT; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } @@ -156,8 +155,7 @@ static int DetectFlowbitParse(const char *str, char *cmd, int cmd_len, char *nam int count, rc; int ov[max_substrings]; - count = pcre_exec(parse_regex, parse_regex_study, str, strlen(str), 0, 0, - ov, max_substrings); + count = DetectParsePcreExec(&parse_regex, str, 0, 0, ov, max_substrings); if (count != 2 && count != 3) { SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for flowbits.", str); diff --git a/src/detect-flowint.c b/src/detect-flowint.c index e2cf15731b..78115ae77c 100644 --- a/src/detect-flowint.c +++ b/src/detect-flowint.c @@ -50,8 +50,7 @@ #define PARSE_REGEX "^\\s*([a-zA-Z][\\w\\d_./]+)\\s*,\\s*([+=-]{1}|==|!=|<|<=|>|>=|isset|notset)\\s*,?\\s*([a-zA-Z][\\w\\d]+|[\\d]{1,10})?\\s*$" /* Varnames must begin with a letter */ -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; int DetectFlowintMatch(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *); @@ -69,7 +68,7 @@ void DetectFlowintRegister(void) sigmatch_table[DETECT_FLOWINT].Free = DetectFlowintFree; sigmatch_table[DETECT_FLOWINT].RegisterTests = DetectFlowintRegisterTests; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } /** @@ -227,15 +226,13 @@ static DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx, const char char *varname = NULL; char *varval = NULL; char *modstr = NULL; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; uint8_t modifier = FLOWINT_MODIFIER_UNKNOWN; unsigned long long value_long = 0; const char *str_ptr; - ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), - 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 3 || ret > 4) { SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for flowint(ret = %d).", rawstr, ret); return NULL; diff --git a/src/detect-flowvar.c b/src/detect-flowvar.c index 532e8f8200..bd86794d29 100644 --- a/src/detect-flowvar.c +++ b/src/detect-flowvar.c @@ -42,8 +42,7 @@ #include "util-print.h" #define PARSE_REGEX "(.*),(.*)" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; int DetectFlowvarMatch (DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *); @@ -67,7 +66,7 @@ void DetectFlowvarRegister (void) sigmatch_table[DETECT_FLOWVAR_POSTMATCH].Free = DetectFlowvarDataFree; sigmatch_table[DETECT_FLOWVAR_POSTMATCH].RegisterTests = NULL; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } /** @@ -126,7 +125,7 @@ static int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char uint16_t contentlen = 0; uint32_t contentflags = s->init_data->negated ? DETECT_CONTENT_NEGATED : 0; - ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret != 3) { SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for flowvar.", rawstr); return -1; diff --git a/src/detect-fragbits.c b/src/detect-fragbits.c index 86bfed2493..61e65fe3ae 100644 --- a/src/detect-fragbits.c +++ b/src/detect-fragbits.c @@ -65,8 +65,7 @@ #define FRAGBITS_HAVE_DF 0x02 #define FRAGBITS_HAVE_RF 0x04 -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; static int DetectFragBitsMatch (DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *); @@ -93,7 +92,7 @@ void DetectFragBitsRegister (void) sigmatch_table[DETECT_FRAGBITS].SetupPrefilter = PrefilterSetupFragBits; sigmatch_table[DETECT_FRAGBITS].SupportsPrefilter = PrefilterFragBitsIsPrefilterable; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } static inline int @@ -166,7 +165,6 @@ static int DetectFragBitsMatch (DetectEngineThreadCtx *det_ctx, static DetectFragBitsData *DetectFragBitsParse (const char *rawstr) { DetectFragBitsData *de = NULL; -#define MAX_SUBSTRINGS 30 int ret = 0, found = 0, res = 0; int ov[MAX_SUBSTRINGS]; const char *str_ptr = NULL; @@ -174,7 +172,7 @@ static DetectFragBitsData *DetectFragBitsParse (const char *rawstr) char *ptr; int i; - ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1) { SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr); goto error; diff --git a/src/detect-fragoffset.c b/src/detect-fragoffset.c index 671250bb0b..2fc7df76f1 100644 --- a/src/detect-fragoffset.c +++ b/src/detect-fragoffset.c @@ -41,8 +41,7 @@ #define PARSE_REGEX "^\\s*(?:(<|>))?\\s*([0-9]+)" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; static int DetectFragOffsetMatch(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *); @@ -69,7 +68,7 @@ void DetectFragOffsetRegister (void) sigmatch_table[DETECT_FRAGOFFSET].SupportsPrefilter = PrefilterFragOffsetIsPrefilterable; sigmatch_table[DETECT_FRAGOFFSET].SetupPrefilter = PrefilterSetupFragOffset; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } static inline int FragOffsetMatch(const uint16_t poffset, const uint8_t mode, @@ -140,14 +139,13 @@ static DetectFragOffsetData *DetectFragOffsetParse (const char *fragoffsetstr) { DetectFragOffsetData *fragoff = NULL; char *substr[3] = {NULL, NULL, NULL}; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; int i; const char *str_ptr; char *mode = NULL; - ret = pcre_exec(parse_regex, parse_regex_study, fragoffsetstr, strlen(fragoffsetstr), 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, fragoffsetstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1 || ret > 4) { SCLogError(SC_ERR_PCRE_MATCH,"Parse error %s", fragoffsetstr); goto error; diff --git a/src/detect-ftpdata.c b/src/detect-ftpdata.c index b5c19b275f..ca05ba950e 100644 --- a/src/detect-ftpdata.c +++ b/src/detect-ftpdata.c @@ -38,8 +38,7 @@ * \brief Regex for parsing our keyword options */ #define PARSE_REGEX "^\\s*(stor|retr)\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; /* Prototypes of functions registered in DetectFtpdataRegister below */ static int DetectFtpdataMatch(DetectEngineThreadCtx *, @@ -86,7 +85,7 @@ void DetectFtpdataRegister(void) { g_ftpdata_buffer_id = DetectBufferTypeGetByName("ftpdata_command"); /* set up the PCRE for keyword parsing */ - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } static int DetectEngineInspectFtpdataGeneric(ThreadVars *tv, @@ -145,12 +144,9 @@ static DetectFtpdataData *DetectFtpdataParse(const char *ftpcommandstr) { DetectFtpdataData *ftpcommandd = NULL; char arg1[5] = ""; -#define MAX_SUBSTRINGS 30 int ov[MAX_SUBSTRINGS]; - int ret = pcre_exec(parse_regex, parse_regex_study, - ftpcommandstr, strlen(ftpcommandstr), - 0, 0, ov, MAX_SUBSTRINGS); + int ret = DetectParsePcreExec(&parse_regex, ftpcommandstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret != 2) { SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret); goto error; diff --git a/src/detect-hostbits.c b/src/detect-hostbits.c index abc840188b..e0a192e112 100644 --- a/src/detect-hostbits.c +++ b/src/detect-hostbits.c @@ -65,8 +65,7 @@ TODO: "(?:\\s*,\\s*([^\\s,]+))?(?:\\s*)?" /* Name. */ \ "(?:\\s*,\\s*([^,\\s]+))?(?:\\s*)?" /* Direction. */ \ "(.+)?" /* Any remainding data. */ -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; static int DetectHostbitMatch (DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *); @@ -86,7 +85,7 @@ void DetectHostbitsRegister (void) /* this is compatible to ip-only signatures */ sigmatch_table[DETECT_HOSTBITS].flags |= SIGMATCH_IPONLY_COMPAT; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } static int DetectHostbitMatchToggle (Packet *p, const DetectXbitsData *fd) @@ -283,8 +282,7 @@ static int DetectHostbitParse(const char *str, char *cmd, int cmd_len, int count, rc; int ov[max_substrings]; - count = pcre_exec(parse_regex, parse_regex_study, str, strlen(str), 0, 0, - ov, max_substrings); + count = DetectParsePcreExec(&parse_regex, str, 0, 0, ov, max_substrings); if (count != 2 && count != 3 && count != 4) { SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for hostbits.", str); diff --git a/src/detect-icmp-id.c b/src/detect-icmp-id.c index cb0058e399..91d591495a 100644 --- a/src/detect-icmp-id.c +++ b/src/detect-icmp-id.c @@ -40,8 +40,7 @@ #define PARSE_REGEX "^\\s*(\"\\s*)?([0-9]+)(\\s*\")?\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; static int DetectIcmpIdMatch(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *); @@ -67,7 +66,7 @@ void DetectIcmpIdRegister (void) sigmatch_table[DETECT_ICMP_ID].SupportsPrefilter = PrefilterIcmpIdIsPrefilterable; sigmatch_table[DETECT_ICMP_ID].SetupPrefilter = PrefilterSetupIcmpId; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } static inline bool GetIcmpId(Packet *p, uint16_t *id) @@ -157,11 +156,10 @@ static DetectIcmpIdData *DetectIcmpIdParse (const char *icmpidstr) { DetectIcmpIdData *iid = NULL; char *substr[3] = {NULL, NULL, NULL}; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; - ret = pcre_exec(parse_regex, parse_regex_study, icmpidstr, strlen(icmpidstr), 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, icmpidstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1 || ret > 4) { SCLogError(SC_ERR_PCRE_MATCH, "Parse error %s", icmpidstr); goto error; diff --git a/src/detect-icmp-seq.c b/src/detect-icmp-seq.c index 3874112140..8f1c7bd73a 100644 --- a/src/detect-icmp-seq.c +++ b/src/detect-icmp-seq.c @@ -40,8 +40,7 @@ #define PARSE_REGEX "^\\s*(\"\\s*)?([0-9]+)(\\s*\")?\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; static int DetectIcmpSeqMatch(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *); @@ -67,7 +66,7 @@ void DetectIcmpSeqRegister (void) sigmatch_table[DETECT_ICMP_SEQ].SupportsPrefilter = PrefilterIcmpSeqIsPrefilterable; sigmatch_table[DETECT_ICMP_SEQ].SetupPrefilter = PrefilterSetupIcmpSeq; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } static inline bool GetIcmpSeq(Packet *p, uint16_t *seq) @@ -159,13 +158,12 @@ static DetectIcmpSeqData *DetectIcmpSeqParse (const char *icmpseqstr) { DetectIcmpSeqData *iseq = NULL; char *substr[3] = {NULL, NULL, NULL}; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; int i; const char *str_ptr; - ret = pcre_exec(parse_regex, parse_regex_study, icmpseqstr, strlen(icmpseqstr), 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, icmpseqstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1 || ret > 4) { SCLogError(SC_ERR_PCRE_MATCH,"Parse error %s", icmpseqstr); goto error; diff --git a/src/detect-icode.c b/src/detect-icode.c index 4bab717542..7d1a578daa 100644 --- a/src/detect-icode.c +++ b/src/detect-icode.c @@ -43,8 +43,7 @@ */ #define PARSE_REGEX "^\\s*(<|>)?\\s*([0-9]+)\\s*(?:<>\\s*([0-9]+))?\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; static int DetectICodeMatch(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *); @@ -71,7 +70,7 @@ void DetectICodeRegister (void) sigmatch_table[DETECT_ICODE].SupportsPrefilter = PrefilterICodeIsPrefilterable; sigmatch_table[DETECT_ICODE].SetupPrefilter = PrefilterSetupICode; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } #define DETECT_ICODE_EQ PREFILTER_U8HASH_MODE_EQ /**< "equal" operator */ @@ -148,11 +147,10 @@ static DetectICodeData *DetectICodeParse(const char *icodestr) { DetectICodeData *icd = NULL; char *args[3] = {NULL, NULL, NULL}; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; - ret = pcre_exec(parse_regex, parse_regex_study, icodestr, strlen(icodestr), 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, icodestr, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1 || ret > 4) { SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, icodestr); goto error; diff --git a/src/detect-id.c b/src/detect-id.c index bd1026929d..82fe69bc32 100644 --- a/src/detect-id.c +++ b/src/detect-id.c @@ -46,8 +46,7 @@ */ #define PARSE_REGEX "^\\s*([0-9]{1,5}|\"[0-9]{1,5}\")\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; static int DetectIdMatch (DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *); @@ -74,7 +73,7 @@ void DetectIdRegister (void) sigmatch_table[DETECT_ID].SupportsPrefilter = PrefilterIdIsPrefilterable; sigmatch_table[DETECT_ID].SetupPrefilter = PrefilterSetupId; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } /** @@ -121,12 +120,10 @@ static DetectIdData *DetectIdParse (const char *idstr) { uint32_t temp; DetectIdData *id_d = NULL; - #define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; - ret = pcre_exec(parse_regex, parse_regex_study, idstr, strlen(idstr), 0, 0, - ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, idstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1 || ret > 3) { SCLogError(SC_ERR_INVALID_VALUE, "invalid id option '%s'. The id option " diff --git a/src/detect-ipopts.c b/src/detect-ipopts.c index 952ef2100a..5672aab89c 100644 --- a/src/detect-ipopts.c +++ b/src/detect-ipopts.c @@ -40,8 +40,7 @@ #define PARSE_REGEX "\\S[A-z]" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; static int DetectIpOptsMatch (DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *); @@ -62,7 +61,7 @@ void DetectIpOptsRegister (void) sigmatch_table[DETECT_IPOPTS].Free = DetectIpOptsFree; sigmatch_table[DETECT_IPOPTS].RegisterTests = IpOptsRegisterTests; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } /** @@ -127,11 +126,10 @@ static DetectIpOptsData *DetectIpOptsParse (const char *rawstr) { int i; DetectIpOptsData *de = NULL; -#define MAX_SUBSTRINGS 30 int ret = 0, found = 0; int ov[MAX_SUBSTRINGS]; - ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1) { SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr); goto error; diff --git a/src/detect-ipproto.c b/src/detect-ipproto.c index 4c23e6ec48..5ea0f71447 100644 --- a/src/detect-ipproto.c +++ b/src/detect-ipproto.c @@ -48,8 +48,7 @@ */ #define PARSE_REGEX "^([!<>]?)\\s*([^\\s]+)$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; static int DetectIPProtoSetup(DetectEngineCtx *, Signature *, const char *); static void DetectIPProtoRegisterTests(void); @@ -66,7 +65,7 @@ void DetectIPProtoRegister(void) sigmatch_table[DETECT_IPPROTO].RegisterTests = DetectIPProtoRegisterTests; sigmatch_table[DETECT_IPPROTO].flags = SIGMATCH_QUOTES_OPTIONAL; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } /** @@ -81,15 +80,13 @@ static DetectIPProtoData *DetectIPProtoParse(const char *optstr) { DetectIPProtoData *data = NULL; char *args[2] = { NULL, NULL }; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; int i; const char *str_ptr; /* Execute the regex and populate args with captures. */ - ret = pcre_exec(parse_regex, parse_regex_study, optstr, - strlen(optstr), 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret != 3) { SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret" "%" PRId32 ", string %s", ret, optstr); diff --git a/src/detect-iprep.c b/src/detect-iprep.c index a68ff0fe01..3e8500c57f 100644 --- a/src/detect-iprep.c +++ b/src/detect-iprep.c @@ -49,8 +49,7 @@ #include "host.h" #define PARSE_REGEX "\\s*(any|src|dst|both)\\s*,\\s*([A-Za-z0-9\\-\\_]+)\\s*,\\s*(\\<|\\>|\\=)\\s*,\\s*([0-9]+)\\s*" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; static int DetectIPRepMatch (DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *); @@ -70,7 +69,7 @@ void DetectIPRepRegister (void) /* this is compatible to ip-only signatures */ sigmatch_table[DETECT_IPREP].flags |= SIGMATCH_IPONLY_COMPAT; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } static uint8_t GetHostRepSrc(Packet *p, uint8_t cat, uint32_t version) @@ -241,11 +240,10 @@ int DetectIPRepSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr) SigMatch *sm = NULL; char *cmd_str = NULL, *name = NULL, *op_str = NULL, *value = NULL; uint8_t cmd = 0; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; - ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret != 5) { SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for iprep", rawstr); return -1; diff --git a/src/detect-isdataat.c b/src/detect-isdataat.c index 761949fc18..868d208640 100644 --- a/src/detect-isdataat.c +++ b/src/detect-isdataat.c @@ -52,8 +52,7 @@ */ #define PARSE_REGEX "^\\s*!?([^\\s,]+)\\s*(,\\s*relative)?\\s*(,\\s*rawbytes\\s*)?\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; int DetectIsdataatSetup (DetectEngineCtx *, Signature *, const char *); void DetectIsdataatRegisterTests(void); @@ -81,7 +80,7 @@ void DetectIsdataatRegister(void) sigmatch_table[DETECT_ENDS_WITH].Setup = DetectEndsWithSetup; sigmatch_table[DETECT_ENDS_WITH].flags = SIGMATCH_NOOPT; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } /** @@ -96,12 +95,11 @@ static DetectIsdataatData *DetectIsdataatParse (const char *isdataatstr, char ** { DetectIsdataatData *idad = NULL; char *args[3] = {NULL,NULL,NULL}; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; int i=0; - ret = pcre_exec(parse_regex, parse_regex_study, isdataatstr, strlen(isdataatstr), 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, isdataatstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1 || ret > 4) { SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, isdataatstr); goto error; diff --git a/src/detect-itype.c b/src/detect-itype.c index 39286dccbf..9c98967304 100644 --- a/src/detect-itype.c +++ b/src/detect-itype.c @@ -43,8 +43,7 @@ */ #define PARSE_REGEX "^\\s*(<|>)?\\s*([0-9]+)\\s*(?:<>\\s*([0-9]+))?\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; static int DetectITypeMatch(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *); @@ -71,7 +70,7 @@ void DetectITypeRegister (void) sigmatch_table[DETECT_ITYPE].SupportsPrefilter = PrefilterITypeIsPrefilterable; sigmatch_table[DETECT_ITYPE].SetupPrefilter = PrefilterSetupIType; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } #define DETECT_ITYPE_EQ PREFILTER_U8HASH_MODE_EQ /**< "equal" operator */ @@ -148,11 +147,10 @@ static DetectITypeData *DetectITypeParse(const char *itypestr) { DetectITypeData *itd = NULL; char *args[3] = {NULL, NULL, NULL}; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; - ret = pcre_exec(parse_regex, parse_regex_study, itypestr, strlen(itypestr), 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, itypestr, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1 || ret > 4) { SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, itypestr); goto error; diff --git a/src/detect-krb5-errcode.c b/src/detect-krb5-errcode.c index 3dd88fdcbd..60d792466e 100644 --- a/src/detect-krb5-errcode.c +++ b/src/detect-krb5-errcode.c @@ -36,8 +36,7 @@ * \brief Regex for parsing our keyword options */ #define PARSE_REGEX "^\\s*([A-z0-9\\.]+|\"[A-z0-9_\\.]+\")\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; /* Prototypes of functions registered in DetectKrb5ErrCodeRegister below */ static int DetectKrb5ErrCodeMatch (DetectEngineThreadCtx *, Flow *, @@ -79,7 +78,7 @@ void DetectKrb5ErrCodeRegister(void) { DetectEngineInspectKRB5Generic); /* set up the PCRE for keyword parsing */ - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); g_krb5_err_code_list_id = DetectBufferTypeRegister("krb5_err_code"); SCLogDebug("g_krb5_err_code_list_id %d", g_krb5_err_code_list_id); @@ -139,13 +138,10 @@ static DetectKrb5ErrCodeData *DetectKrb5ErrCodeParse (const char *krb5str) { DetectKrb5ErrCodeData *krb5d = NULL; char arg1[4] = ""; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; - ret = pcre_exec(parse_regex, parse_regex_study, - krb5str, strlen(krb5str), - 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, krb5str, 0, 0, ov, MAX_SUBSTRINGS); if (ret != 2) { SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret); goto error; diff --git a/src/detect-krb5-msgtype.c b/src/detect-krb5-msgtype.c index d08e104e1f..cfe4061b67 100644 --- a/src/detect-krb5-msgtype.c +++ b/src/detect-krb5-msgtype.c @@ -36,8 +36,7 @@ * \brief Regex for parsing our keyword options */ #define PARSE_REGEX "^\\s*([A-z0-9\\.]+|\"[A-z0-9_\\.]+\")\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; /* Prototypes of functions registered in DetectKrb5MsgTypeRegister below */ static int DetectKrb5MsgTypeMatch (DetectEngineThreadCtx *, Flow *, @@ -79,7 +78,7 @@ void DetectKrb5MsgTypeRegister(void) { DetectEngineInspectKRB5Generic); /* set up the PCRE for keyword parsing */ - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); g_krb5_msg_type_list_id = DetectBufferTypeRegister("krb5_msg_type"); SCLogDebug("g_krb5_msg_type_list_id %d", g_krb5_msg_type_list_id); @@ -136,13 +135,10 @@ static DetectKrb5MsgTypeData *DetectKrb5MsgTypeParse (const char *krb5str) { DetectKrb5MsgTypeData *krb5d = NULL; char arg1[4] = ""; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; - ret = pcre_exec(parse_regex, parse_regex_study, - krb5str, strlen(krb5str), - 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, krb5str, 0, 0, ov, MAX_SUBSTRINGS); if (ret != 2) { SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret); goto error; diff --git a/src/detect-mark.c b/src/detect-mark.c index 2ec6982b7e..48ff083ccd 100644 --- a/src/detect-mark.c +++ b/src/detect-mark.c @@ -39,8 +39,7 @@ #define PARSE_REGEX "([0x]*[0-9a-f]+)/([0x]*[0-9a-f]+)" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; static int DetectMarkSetup (DetectEngineCtx *, Signature *, const char *); static int DetectMarkPacket(DetectEngineThreadCtx *det_ctx, Packet *p, @@ -59,7 +58,7 @@ void DetectMarkRegister (void) sigmatch_table[DETECT_MARK].Free = DetectMarkDataFree; sigmatch_table[DETECT_MARK].RegisterTests = MarkRegisterTests; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } #ifdef NFQ @@ -75,7 +74,6 @@ void DetectMarkRegister (void) static void * DetectMarkParse (const char *rawstr) { int ret = 0, res = 0; -#define MAX_SUBSTRINGS 30 int ov[MAX_SUBSTRINGS]; const char *str_ptr = NULL; char *ptr = NULL; @@ -84,7 +82,7 @@ static void * DetectMarkParse (const char *rawstr) uint32_t mask; DetectMarkData *data; - ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1) { SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr); return NULL; diff --git a/src/detect-modbus.c b/src/detect-modbus.c index 00459fce48..f26e7f9025 100644 --- a/src/detect-modbus.c +++ b/src/detect-modbus.c @@ -60,26 +60,22 @@ * \brief Regex for parsing the Modbus unit id string */ #define PARSE_REGEX_UNIT_ID "^\\s*\"?\\s*unit\\s+([<>]?\\d+)(<>\\d+)?(,\\s*(.*))?\\s*\"?\\s*$" -static pcre *unit_id_parse_regex; -static pcre_extra *unit_id_parse_regex_study; +static DetectParseRegex unit_id_parse_regex; /** * \brief Regex for parsing the Modbus function string */ #define PARSE_REGEX_FUNCTION "^\\s*\"?\\s*function\\s*(!?[A-z0-9]+)(,\\s*subfunction\\s+(\\d+))?\\s*\"?\\s*$" -static pcre *function_parse_regex; -static pcre_extra *function_parse_regex_study; +static DetectParseRegex function_parse_regex; /** * \brief Regex for parsing the Modbus access string */ #define PARSE_REGEX_ACCESS "^\\s*\"?\\s*access\\s*(read|write)\\s*(discretes|coils|input|holding)?(,\\s*address\\s+([<>]?\\d+)(<>\\d+)?(,\\s*value\\s+([<>]?\\d+)(<>\\d+)?)?)?\\s*\"?\\s*$" -static pcre *access_parse_regex; -static pcre_extra *access_parse_regex_study; +static DetectParseRegex access_parse_regex; static int g_modbus_buffer_id = 0; -#define MAX_SUBSTRINGS 30 void DetectModbusRegisterTests(void); @@ -126,8 +122,7 @@ static DetectModbus *DetectModbusAccessParse(const char *str) char arg[MAX_SUBSTRINGS]; int ov[MAX_SUBSTRINGS], ret, res; - ret = pcre_exec(access_parse_regex, access_parse_regex_study, str, strlen(str), 0, 0, ov, MAX_SUBSTRINGS); - + ret = DetectParsePcreExec(&access_parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1) goto error; @@ -294,8 +289,7 @@ static DetectModbus *DetectModbusFunctionParse(const char *str) char arg[MAX_SUBSTRINGS], *ptr = arg; int ov[MAX_SUBSTRINGS], res, ret; - ret = pcre_exec(function_parse_regex, function_parse_regex_study, str, strlen(str), 0, 0, ov, MAX_SUBSTRINGS); - + ret = DetectParsePcreExec(&function_parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1) goto error; @@ -388,8 +382,7 @@ static DetectModbus *DetectModbusUnitIdParse(const char *str) char arg[MAX_SUBSTRINGS]; int ov[MAX_SUBSTRINGS], ret, res; - ret = pcre_exec(unit_id_parse_regex, unit_id_parse_regex_study, str, strlen(str), 0, 0, ov, MAX_SUBSTRINGS); - + ret = DetectParsePcreExec(&unit_id_parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1) goto error; @@ -524,12 +517,9 @@ void DetectModbusRegister(void) sigmatch_table[DETECT_AL_MODBUS].Free = DetectModbusFree; sigmatch_table[DETECT_AL_MODBUS].RegisterTests = DetectModbusRegisterTests; - DetectSetupParseRegexes(PARSE_REGEX_UNIT_ID, - &unit_id_parse_regex, &unit_id_parse_regex_study); - DetectSetupParseRegexes(PARSE_REGEX_FUNCTION, - &function_parse_regex, &function_parse_regex_study); - DetectSetupParseRegexes(PARSE_REGEX_ACCESS, - &access_parse_regex, &access_parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX_UNIT_ID, &unit_id_parse_regex); + DetectSetupParseRegexes(PARSE_REGEX_FUNCTION, &function_parse_regex); + DetectSetupParseRegexes(PARSE_REGEX_ACCESS, &access_parse_regex); DetectAppLayerInspectEngineRegister("modbus", ALPROTO_MODBUS, SIG_FLAG_TOSERVER, 0, diff --git a/src/detect-nfs-procedure.c b/src/detect-nfs-procedure.c index fcdc822239..833ab916cc 100644 --- a/src/detect-nfs-procedure.c +++ b/src/detect-nfs-procedure.c @@ -50,8 +50,7 @@ * [nfs_procedure]:[<|>][<>]; */ #define PARSE_REGEX "^\\s*(<=|>=|<|>)?\\s*([0-9]+)\\s*(?:(<>)\\s*([0-9]+))?\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; enum DetectNfsProcedureMode { PROCEDURE_EQ = 1, /* equal */ @@ -99,7 +98,7 @@ void DetectNfsProcedureRegister (void) sigmatch_table[DETECT_AL_NFS_PROCEDURE].RegisterTests = DetectNfsProcedureRegisterTests; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); DetectAppLayerInspectEngineRegister("nfs_request", ALPROTO_NFS, SIG_FLAG_TOSERVER, 0, @@ -206,7 +205,6 @@ static int DetectNfsProcedureMatch (DetectEngineThreadCtx *det_ctx, static DetectNfsProcedureData *DetectNfsProcedureParse (const char *rawstr) { DetectNfsProcedureData *dd = NULL; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; char mode[2] = ""; @@ -214,8 +212,7 @@ static DetectNfsProcedureData *DetectNfsProcedureParse (const char *rawstr) char value2[20] = ""; char range[3] = ""; - ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, - 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 3 || ret > 5) { SCLogError(SC_ERR_PCRE_MATCH, "Parse error %s", rawstr); goto error; diff --git a/src/detect-nfs-version.c b/src/detect-nfs-version.c index 17aac2f28d..8937a8ab5e 100644 --- a/src/detect-nfs-version.c +++ b/src/detect-nfs-version.c @@ -50,8 +50,7 @@ * [nfs_procedure]:[<|>][<>]; */ #define PARSE_REGEX "^\\s*(<=|>=|<|>)?\\s*([0-9]+)\\s*(?:(<>)\\s*([0-9]+))?\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; enum DetectNfsVersionMode { PROCEDURE_EQ = 1, /* equal */ @@ -98,7 +97,7 @@ void DetectNfsVersionRegister (void) sigmatch_table[DETECT_AL_NFS_VERSION].Free = DetectNfsVersionFree; sigmatch_table[DETECT_AL_NFS_VERSION].RegisterTests = DetectNfsVersionRegisterTests; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); DetectAppLayerInspectEngineRegister("nfs_request", ALPROTO_NFS, SIG_FLAG_TOSERVER, 0, @@ -197,7 +196,6 @@ static int DetectNfsVersionMatch (DetectEngineThreadCtx *det_ctx, static DetectNfsVersionData *DetectNfsVersionParse (const char *rawstr) { DetectNfsVersionData *dd = NULL; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; char mode[2] = ""; @@ -205,8 +203,7 @@ static DetectNfsVersionData *DetectNfsVersionParse (const char *rawstr) char value2[20] = ""; char range[3] = ""; - ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, - 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 3 || ret > 5) { SCLogError(SC_ERR_PCRE_MATCH, "Parse error %s", rawstr); goto error; diff --git a/src/detect-pcre.h b/src/detect-pcre.h index 3c7ef7765e..be00c69d5d 100644 --- a/src/detect-pcre.h +++ b/src/detect-pcre.h @@ -24,6 +24,8 @@ #ifndef __DETECT_PCRE_H__ #define __DETECT_PCRE_H__ +#include "detect-parse.h" + #define DETECT_PCRE_RELATIVE 0x00001 #define DETECT_PCRE_RAWBYTES 0x00002 #define DETECT_PCRE_CASELESS 0x00004 @@ -36,8 +38,7 @@ typedef struct DetectPcreData_ { /* pcre options */ - pcre *re; - pcre_extra *sd; + DetectParseRegex parse_regex; int opts; uint16_t flags; uint8_t idx; diff --git a/src/detect-pktvar.c b/src/detect-pktvar.c index e2b4bd789a..badb91ed21 100644 --- a/src/detect-pktvar.c +++ b/src/detect-pktvar.c @@ -37,8 +37,7 @@ #include "util-debug.h" #define PARSE_REGEX "(.*),(.*)" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; static int DetectPktvarMatch (DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *); @@ -52,7 +51,7 @@ void DetectPktvarRegister (void) sigmatch_table[DETECT_PKTVAR].Free = NULL; sigmatch_table[DETECT_PKTVAR].RegisterTests = NULL; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } /* @@ -80,13 +79,12 @@ static int DetectPktvarMatch (DetectEngineThreadCtx *det_ctx, Packet *p, static int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr) { char *varname = NULL, *varcontent = NULL; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; uint8_t *content = NULL; uint16_t len = 0; - ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret != 3) { SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for pktvar.", rawstr); return -1; diff --git a/src/detect-priority.c b/src/detect-priority.c index 748ae884e3..693f2b2ec1 100644 --- a/src/detect-priority.c +++ b/src/detect-priority.c @@ -36,8 +36,7 @@ #define PARSE_REGEX "^\\s*(\\d+|\"\\d+\")\\s*$" -static pcre *regex = NULL; -static pcre_extra *regex_study = NULL; +static DetectParseRegex parse_regex; static int DetectPrioritySetup (DetectEngineCtx *, Signature *, const char *); void SCPriorityRegisterTests(void); @@ -53,18 +52,17 @@ void DetectPriorityRegister (void) sigmatch_table[DETECT_PRIORITY].Setup = DetectPrioritySetup; sigmatch_table[DETECT_PRIORITY].RegisterTests = SCPriorityRegisterTests; - DetectSetupParseRegexes(PARSE_REGEX, ®ex, ®ex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } static int DetectPrioritySetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr) { char copy_str[128] = ""; -#define MAX_SUBSTRINGS 30 int ret = 0; int ov[MAX_SUBSTRINGS]; - ret = pcre_exec(regex, regex_study, rawstr, strlen(rawstr), 0, 0, ov, 30); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, 30); if (ret < 0) { SCLogError(SC_ERR_PCRE_MATCH, "Invalid Priority in Signature " "- %s", rawstr); diff --git a/src/detect-reference.c b/src/detect-reference.c index 68e3003f6d..fb8c24bfd3 100644 --- a/src/detect-reference.c +++ b/src/detect-reference.c @@ -45,8 +45,7 @@ #define PARSE_REGEX "^\\s*([A-Za-z0-9]+)\\s*,\"?\\s*\"?\\s*([a-zA-Z0-9\\-_\\.\\/\\?\\=]+)\"?\\s*\"?" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; #ifdef UNITTESTS static void ReferenceRegisterTests(void); @@ -65,7 +64,7 @@ void DetectReferenceRegister(void) #ifdef UNITTESTS sigmatch_table[DETECT_REFERENCE].RegisterTests = ReferenceRegisterTests; #endif - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } /** @@ -96,14 +95,12 @@ static DetectReference *DetectReferenceParse(const char *rawstr, DetectEngineCtx { SCEnter(); -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; char key[REFERENCE_SYSTEM_NAME_MAX] = ""; char content[REFERENCE_CONTENT_NAME_MAX] = ""; - ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), - 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 2) { SCLogError(SC_ERR_INVALID_SIGNATURE, "Unable to parse \"reference\" " "keyword argument - \"%s\". Invalid argument.", rawstr); diff --git a/src/detect-rpc.c b/src/detect-rpc.c index abd28dc25c..2b01d15aac 100644 --- a/src/detect-rpc.c +++ b/src/detect-rpc.c @@ -45,8 +45,7 @@ */ #define PARSE_REGEX "^\\s*([0-9]{0,10})\\s*(?:,\\s*([0-9]{0,10}|[*])\\s*(?:,\\s*([0-9]{0,10}|[*]))?)?\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; static int DetectRpcMatch (DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *); @@ -67,7 +66,7 @@ void DetectRpcRegister (void) sigmatch_table[DETECT_RPC].Free = DetectRpcFree; sigmatch_table[DETECT_RPC].RegisterTests = DetectRpcRegisterTests; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } /* @@ -146,11 +145,10 @@ static DetectRpcData *DetectRpcParse (const char *rpcstr) { DetectRpcData *rd = NULL; char *args[3] = {NULL,NULL,NULL}; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; - ret = pcre_exec(parse_regex, parse_regex_study, rpcstr, strlen(rpcstr), 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rpcstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1 || ret > 4) { SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 ", string %s", ret, rpcstr); goto error; diff --git a/src/detect-snmp-pdu_type.c b/src/detect-snmp-pdu_type.c index 83028cec77..bee080c5ab 100644 --- a/src/detect-snmp-pdu_type.c +++ b/src/detect-snmp-pdu_type.c @@ -35,8 +35,7 @@ * [snmp.pdu_type]:; */ #define PARSE_REGEX "^\\s*([0-9]+)\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; typedef struct DetectSNMPPduTypeData_ { uint32_t pdu_type; @@ -73,7 +72,7 @@ void DetectSNMPPduTypeRegister(void) sigmatch_table[DETECT_AL_SNMP_PDU_TYPE].RegisterTests = DetectSNMPPduTypeRegisterTests; #endif - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); DetectAppLayerInspectEngineRegister("snmp.pdu_type", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, @@ -141,14 +140,12 @@ static int DetectSNMPPduTypeMatch (DetectEngineThreadCtx *det_ctx, static DetectSNMPPduTypeData *DetectSNMPPduTypeParse (const char *rawstr) { DetectSNMPPduTypeData *dd = NULL; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; char value1[20] = ""; char *endptr = NULL; - ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, - 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret != 2) { SCLogError(SC_ERR_PCRE_MATCH, "Parse error %s", rawstr); goto error; diff --git a/src/detect-snmp-version.c b/src/detect-snmp-version.c index 91007ea886..bb043aa47d 100644 --- a/src/detect-snmp-version.c +++ b/src/detect-snmp-version.c @@ -35,8 +35,7 @@ * [snmp.version]:[<|>|<=|>=]; */ #define PARSE_REGEX "^\\s*(<=|>=|<|>)?\\s*([0-9]+)\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; enum DetectSNMPVersionMode { PROCEDURE_EQ = 1, /* equal */ @@ -85,7 +84,7 @@ void DetectSNMPVersionRegister (void) sigmatch_table[DETECT_AL_SNMP_VERSION].RegisterTests = DetectSNMPVersionRegisterTests; #endif - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); DetectAppLayerInspectEngineRegister("snmp.version", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, @@ -182,15 +181,13 @@ static int DetectSNMPVersionMatch (DetectEngineThreadCtx *det_ctx, static DetectSNMPVersionData *DetectSNMPVersionParse (const char *rawstr) { DetectSNMPVersionData *dd = NULL; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; char mode[2] = ""; char value1[20] = ""; char *endptr = NULL; - ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, - 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 3 || ret > 5) { SCLogError(SC_ERR_PCRE_MATCH, "Parse error %s", rawstr); goto error; diff --git a/src/detect-ssh-proto-version.c b/src/detect-ssh-proto-version.c index 3a76501c5a..7d468d27f9 100644 --- a/src/detect-ssh-proto-version.c +++ b/src/detect-ssh-proto-version.c @@ -59,8 +59,7 @@ */ #define PARSE_REGEX "^\\s*\"?\\s*([0-9]+([\\.\\-0-9]+)?|2_compat)\\s*\"?\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; static int DetectSshVersionMatch (DetectEngineThreadCtx *, Flow *, uint8_t, void *, void *, @@ -85,7 +84,7 @@ void DetectSshVersionRegister(void) sigmatch_table[DETECT_AL_SSH_PROTOVERSION].flags = SIGMATCH_QUOTES_OPTIONAL|SIGMATCH_INFO_DEPRECATED; sigmatch_table[DETECT_AL_SSH_PROTOVERSION].alternative = DETECT_AL_SSH_PROTOCOL; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); g_ssh_banner_list_id = DetectBufferTypeRegister("ssh_banner"); } @@ -154,13 +153,10 @@ static int DetectSshVersionMatch (DetectEngineThreadCtx *det_ctx, static DetectSshVersionData *DetectSshVersionParse (const char *str) { DetectSshVersionData *ssh = NULL; - #define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; - ret = pcre_exec(parse_regex, parse_regex_study, str, strlen(str), 0, 0, - ov, MAX_SUBSTRINGS); - + ret = DetectParsePcreExec(&parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1 || ret > 3) { SCLogError(SC_ERR_PCRE_MATCH, "invalid ssh.protoversion option"); goto error; diff --git a/src/detect-ssh-software-version.c b/src/detect-ssh-software-version.c index 50d0f3fafa..69b9f2619c 100644 --- a/src/detect-ssh-software-version.c +++ b/src/detect-ssh-software-version.c @@ -63,8 +63,7 @@ */ #define PARSE_REGEX "^\\s*\"?\\s*?([0-9a-zA-Z\\:\\.\\-\\_\\+\\s+]+)\\s*\"?\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; static int DetectSshSoftwareVersionMatch (DetectEngineThreadCtx *, Flow *, uint8_t, void *, void *, @@ -99,7 +98,7 @@ void DetectSshSoftwareVersionRegister(void) sigmatch_table[DETECT_AL_SSH_SOFTWAREVERSION].flags = SIGMATCH_QUOTES_OPTIONAL|SIGMATCH_INFO_DEPRECATED; sigmatch_table[DETECT_AL_SSH_SOFTWAREVERSION].alternative = DETECT_AL_SSH_SOFTWARE; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); g_ssh_banner_list_id = DetectBufferTypeRegister("ssh_banner"); @@ -157,12 +156,10 @@ static int DetectSshSoftwareVersionMatch (DetectEngineThreadCtx *det_ctx, static DetectSshSoftwareVersionData *DetectSshSoftwareVersionParse (const char *str) { DetectSshSoftwareVersionData *ssh = NULL; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; - ret = pcre_exec(parse_regex, parse_regex_study, str, strlen(str), 0, 0, - ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1 || ret > 3) { SCLogError(SC_ERR_PCRE_MATCH, "invalid ssh.softwareversion option"); diff --git a/src/detect-ssl-state.c b/src/detect-ssl-state.c index 0c5979bc14..1f3b5f61ec 100644 --- a/src/detect-ssl-state.c +++ b/src/detect-ssl-state.c @@ -52,12 +52,10 @@ #include "app-layer-ssl.h" #define PARSE_REGEX1 "^(!?)([_a-zA-Z0-9]+)(.*)$" -static pcre *parse_regex1; -static pcre_extra *parse_regex1_study; +static DetectParseRegex parse_regex1; #define PARSE_REGEX2 "^(?:\\s*[|,]\\s*(!?)([_a-zA-Z0-9]+))(.*)$" -static pcre *parse_regex2; -static pcre_extra *parse_regex2_study; +static DetectParseRegex parse_regex2; static int DetectSslStateMatch(DetectEngineThreadCtx *, Flow *, uint8_t, void *, void *, @@ -90,8 +88,8 @@ void DetectSslStateRegister(void) #ifdef UNITTESTS sigmatch_table[DETECT_AL_SSL_STATE].RegisterTests = DetectSslStateRegisterTests; #endif - DetectSetupParseRegexes(PARSE_REGEX1, &parse_regex1, &parse_regex1_study); - DetectSetupParseRegexes(PARSE_REGEX2, &parse_regex2, &parse_regex2_study); + DetectSetupParseRegexes(PARSE_REGEX1, &parse_regex1); + DetectSetupParseRegexes(PARSE_REGEX2, &parse_regex2); g_tls_generic_list_id = DetectBufferTypeRegister("tls_generic"); @@ -161,7 +159,6 @@ static int DetectSslStateMatch(DetectEngineThreadCtx *det_ctx, */ static DetectSslStateData *DetectSslStateParse(const char *arg) { -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov1[MAX_SUBSTRINGS]; int ov2[MAX_SUBSTRINGS]; @@ -171,8 +168,7 @@ static DetectSslStateData *DetectSslStateParse(const char *arg) uint32_t flags = 0, mask = 0; DetectSslStateData *ssd = NULL; - ret = pcre_exec(parse_regex1, parse_regex1_study, arg, strlen(arg), 0, 0, - ov1, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex1, arg, 0, 0, ov1, MAX_SUBSTRINGS); if (ret < 1) { SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid arg \"%s\" supplied to " "ssl_state keyword.", arg); @@ -224,8 +220,7 @@ static DetectSslStateData *DetectSslStateParse(const char *arg) goto error; } while (res > 0) { - ret = pcre_exec(parse_regex2, parse_regex2_study, str1, strlen(str1), 0, 0, - ov2, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex2, str1, 0, 0, ov2, MAX_SUBSTRINGS); if (ret < 1) { SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid arg \"%s\" supplied to " "ssl_state keyword.", arg); diff --git a/src/detect-ssl-version.c b/src/detect-ssl-version.c index 6cc02f66e4..6dbbc8cc4f 100644 --- a/src/detect-ssl-version.c +++ b/src/detect-ssl-version.c @@ -57,8 +57,7 @@ #define PARSE_REGEX "^\\s*(!?[A-z0-9.]+)\\s*,?\\s*(!?[A-z0-9.]+)?\\s*\\,?\\s*" \ "(!?[A-z0-9.]+)?\\s*,?\\s*(!?[A-z0-9.]+)?\\s*,?\\s*(!?[A-z0-9.]+)?\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; static int DetectSslVersionMatch(DetectEngineThreadCtx *, Flow *, uint8_t, void *, void *, @@ -84,7 +83,7 @@ void DetectSslVersionRegister(void) #ifdef UNITTESTS sigmatch_table[DETECT_AL_SSL_VERSION].RegisterTests = DetectSslVersionRegisterTests; #endif - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); g_tls_generic_list_id = DetectBufferTypeRegister("tls_generic"); } @@ -195,13 +194,10 @@ static int DetectSslVersionMatch(DetectEngineThreadCtx *det_ctx, static DetectSslVersionData *DetectSslVersionParse(const char *str) { DetectSslVersionData *ssl = NULL; - #define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; - ret = pcre_exec(parse_regex, parse_regex_study, str, strlen(str), 0, 0, - ov, MAX_SUBSTRINGS); - + ret = DetectParsePcreExec(&parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1 || ret > 5) { SCLogError(SC_ERR_PCRE_MATCH, "invalid ssl_version option"); goto error; diff --git a/src/detect-stream_size.c b/src/detect-stream_size.c index b6c72c24f3..ab6774d1c7 100644 --- a/src/detect-stream_size.c +++ b/src/detect-stream_size.c @@ -40,8 +40,7 @@ */ #define PARSE_REGEX "^\\s*([A-z_]+)\\s*,\\s*([<=>!]+)\\s*,\\s*([0-9]+)\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; /*prototypes*/ static int DetectStreamSizeMatch (DetectEngineThreadCtx *, Packet *, @@ -64,7 +63,7 @@ void DetectStreamSizeRegister(void) sigmatch_table[DETECT_STREAM_SIZE].Free = DetectStreamSizeFree; sigmatch_table[DETECT_STREAM_SIZE].RegisterTests = DetectStreamSizeRegisterTests; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } /** @@ -185,11 +184,10 @@ static DetectStreamSizeData *DetectStreamSizeParse (const char *streamstr) char *arg = NULL; char *value = NULL; char *mode = NULL; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; - ret = pcre_exec(parse_regex, parse_regex_study, streamstr, strlen(streamstr), 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, streamstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret != 4) { SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, streamstr); goto error; diff --git a/src/detect-tag.c b/src/detect-tag.c index cd735d43ae..51c8f55844 100644 --- a/src/detect-tag.c +++ b/src/detect-tag.c @@ -54,8 +54,7 @@ SC_ATOMIC_EXTERN(unsigned int, num_tags); /* format: tag: , , , [direction]; */ #define PARSE_REGEX "^\\s*(host|session)\\s*(,\\s*(\\d+)\\s*,\\s*(packets|bytes|seconds)\\s*(,\\s*(src|dst))?\\s*)?$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; static int DetectTagMatch(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *); @@ -75,7 +74,7 @@ void DetectTagRegister(void) sigmatch_table[DETECT_TAG].RegisterTests = DetectTagRegisterTests; sigmatch_table[DETECT_TAG].flags |= SIGMATCH_IPONLY_COMPAT; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } /** @@ -154,12 +153,11 @@ static int DetectTagMatch(DetectEngineThreadCtx *det_ctx, Packet *p, static DetectTagData *DetectTagParse(const char *tagstr) { DetectTagData td; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; const char *str_ptr = NULL; - ret = pcre_exec(parse_regex, parse_regex_study, tagstr, strlen(tagstr), 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, tagstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1) { SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 ", string %s", ret, tagstr); goto error; diff --git a/src/detect-target.c b/src/detect-target.c index 6a10671b7e..c79588a901 100644 --- a/src/detect-target.c +++ b/src/detect-target.c @@ -36,8 +36,7 @@ */ #define PARSE_REGEX "^\\s*(src_ip|dest_ip)\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; /* Prototypes of functions registered in DetectTargetRegister below */ static int DetectTargetSetup (DetectEngineCtx *, Signature *, const char *); @@ -66,7 +65,7 @@ void DetectTargetRegister(void) { sigmatch_table[DETECT_TARGET].RegisterTests = DetectTargetRegisterTests; /* set up the PCRE for keyword parsing */ - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } /** @@ -79,13 +78,11 @@ void DetectTargetRegister(void) { */ static int DetectTargetParse(Signature *s, const char *targetstr) { -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; char value[10]; - ret = pcre_exec(parse_regex, parse_regex_study, - targetstr, strlen(targetstr), 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, targetstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1) { SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, targetstr); return -1; diff --git a/src/detect-tcp-flags.c b/src/detect-tcp-flags.c index 6e4bb7e411..8694d3eb26 100644 --- a/src/detect-tcp-flags.c +++ b/src/detect-tcp-flags.c @@ -55,8 +55,7 @@ #define MODIFIER_PLUS 2 #define MODIFIER_ANY 3 -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; static int DetectFlagsMatch (DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *); @@ -84,7 +83,7 @@ void DetectFlagsRegister (void) sigmatch_table[DETECT_FLAGS].SupportsPrefilter = PrefilterTcpFlagsIsPrefilterable; sigmatch_table[DETECT_FLAGS].SetupPrefilter = PrefilterSetupTcpFlags; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } static inline int FlagsMatch(const uint8_t pflags, const uint8_t modifier, @@ -170,7 +169,6 @@ static DetectFlagsData *DetectFlagsParse (const char *rawstr) { SCEnter(); -#define MAX_SUBSTRINGS 30 int ret = 0, found = 0, ignore = 0, res = 0; int ov[MAX_SUBSTRINGS]; char *ptr; @@ -179,8 +177,7 @@ static DetectFlagsData *DetectFlagsParse (const char *rawstr) char arg2[16] = ""; char arg3[16] = ""; - ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), - 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); SCLogDebug("input '%s', pcre said %d", rawstr, ret); if (ret < 3) { SCLogError(SC_ERR_PCRE_MATCH, "pcre match failed"); diff --git a/src/detect-tcp-window.c b/src/detect-tcp-window.c index 92665c880f..0d932caec4 100644 --- a/src/detect-tcp-window.c +++ b/src/detect-tcp-window.c @@ -44,8 +44,7 @@ */ #define PARSE_REGEX "^\\s*([!])?\\s*([0-9]{1,9}+)\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; static int DetectWindowMatch(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *); @@ -67,7 +66,7 @@ void DetectWindowRegister (void) sigmatch_table[DETECT_WINDOW].Free = DetectWindowFree; sigmatch_table[DETECT_WINDOW].RegisterTests = DetectWindowRegisterTests; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } /** @@ -108,11 +107,10 @@ static int DetectWindowMatch(DetectEngineThreadCtx *det_ctx, Packet *p, static DetectWindowData *DetectWindowParse(const char *windowstr) { DetectWindowData *wd = NULL; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; - ret = pcre_exec(parse_regex, parse_regex_study, windowstr, strlen(windowstr), 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, windowstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1 || ret > 3) { SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, windowstr); goto error; diff --git a/src/detect-tcpmss.c b/src/detect-tcpmss.c index e644a15257..3faf967fbe 100644 --- a/src/detect-tcpmss.c +++ b/src/detect-tcpmss.c @@ -35,8 +35,7 @@ */ #define PARSE_REGEX "^\\s*([0-9]*)?\\s*([<>=-]+)?\\s*([0-9]+)?\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; /* prototypes */ static int DetectTcpmssMatch (DetectEngineThreadCtx *, Packet *, @@ -67,7 +66,7 @@ void DetectTcpmssRegister(void) sigmatch_table[DETECT_TCPMSS].SupportsPrefilter = PrefilterTcpmssIsPrefilterable; sigmatch_table[DETECT_TCPMSS].SetupPrefilter = PrefilterSetupTcpmss; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); return; } @@ -127,11 +126,10 @@ static DetectTcpmssData *DetectTcpmssParse (const char *tcpmssstr) char *arg1 = NULL; char *arg2 = NULL; char *arg3 = NULL; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; - ret = pcre_exec(parse_regex, parse_regex_study, tcpmssstr, strlen(tcpmssstr), 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, tcpmssstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 2 || ret > 4) { SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret); goto error; diff --git a/src/detect-template.c b/src/detect-template.c index 5c410915dc..99f0f74fe3 100644 --- a/src/detect-template.c +++ b/src/detect-template.c @@ -35,8 +35,7 @@ * \brief Regex for parsing our keyword options */ #define PARSE_REGEX "^\\s*([0-9]+)?\\s*,s*([0-9]+)?\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; /* Prototypes of functions registered in DetectTemplateRegister below */ static int DetectTemplateMatch (DetectEngineThreadCtx *, @@ -72,7 +71,7 @@ void DetectTemplateRegister(void) { sigmatch_table[DETECT_TEMPLATE].RegisterTests = DetectTemplateRegisterTests; #endif /* set up the PCRE for keyword parsing */ - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } /** @@ -129,12 +128,9 @@ static DetectTemplateData *DetectTemplateParse (const char *templatestr) { char arg1[4] = ""; char arg2[4] = ""; -#define MAX_SUBSTRINGS 30 int ov[MAX_SUBSTRINGS]; - int ret = pcre_exec(parse_regex, parse_regex_study, - templatestr, strlen(templatestr), - 0, 0, ov, MAX_SUBSTRINGS); + int ret = DetectParsePcreExec(&parse_regex, templatestr, 0, 0, ov, MAX_SUBSTRINGS); if (ret != 3) { SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret); return NULL; diff --git a/src/detect-template2.c b/src/detect-template2.c index d612631104..1f8cd24225 100644 --- a/src/detect-template2.c +++ b/src/detect-template2.c @@ -35,8 +35,7 @@ */ #define PARSE_REGEX "^\\s*([0-9]*)?\\s*([<>=-]+)?\\s*([0-9]+)?\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; /* prototypes */ static int DetectTemplate2Match (DetectEngineThreadCtx *, Packet *, @@ -67,7 +66,7 @@ void DetectTemplate2Register(void) sigmatch_table[DETECT_TEMPLATE2].SupportsPrefilter = PrefilterTemplate2IsPrefilterable; sigmatch_table[DETECT_TEMPLATE2].SetupPrefilter = PrefilterSetupTemplate2; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); return; } @@ -134,11 +133,10 @@ static DetectTemplate2Data *DetectTemplate2Parse (const char *template2str) char *arg1 = NULL; char *arg2 = NULL; char *arg3 = NULL; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; - ret = pcre_exec(parse_regex, parse_regex_study, template2str, strlen(template2str), 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, template2str, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 2 || ret > 4) { SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret); goto error; diff --git a/src/detect-threshold.c b/src/detect-threshold.c index a1f300e0f7..ba81ac842a 100644 --- a/src/detect-threshold.c +++ b/src/detect-threshold.c @@ -61,8 +61,7 @@ #define PARSE_REGEX "^\\s*(track|type|count|seconds)\\s+(limit|both|threshold|by_dst|by_src|\\d+)\\s*,\\s*(track|type|count|seconds)\\s+(limit|both|threshold|by_dst|by_src|\\d+)\\s*,\\s*(track|type|count|seconds)\\s+(limit|both|threshold|by_dst|by_src|\\d+)\\s*,\\s*(track|type|count|seconds)\\s+(limit|both|threshold|by_dst|by_src|\\d+)\\s*" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; static int DetectThresholdMatch(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *); @@ -85,7 +84,7 @@ void DetectThresholdRegister(void) /* this is compatible to ip-only signatures */ sigmatch_table[DETECT_THRESHOLD].flags |= SIGMATCH_IPONLY_COMPAT; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } static int DetectThresholdMatch(DetectEngineThreadCtx *det_ctx, Packet *p, @@ -106,7 +105,6 @@ static int DetectThresholdMatch(DetectEngineThreadCtx *det_ctx, Packet *p, static DetectThresholdData *DetectThresholdParse(const char *rawstr) { DetectThresholdData *de = NULL; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; const char *str_ptr = NULL; @@ -143,8 +141,7 @@ static DetectThresholdData *DetectThresholdParse(const char *rawstr) if(count_found != 1 || second_found != 1 || type_found != 1 || track_found != 1) goto error; - ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS); - + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 5) { SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr); goto error; diff --git a/src/detect-tls-cert-validity.c b/src/detect-tls-cert-validity.c index 47a242d1e6..a8792f0dc4 100644 --- a/src/detect-tls-cert-validity.c +++ b/src/detect-tls-cert-validity.c @@ -53,8 +53,7 @@ * [tls_notbefore|tls_notafter]:[<|>][<>]; */ #define PARSE_REGEX "^\\s*(<|>)?\\s*([ -:TW0-9]+)\\s*(?:(<>)\\s*([ -:TW0-9]+))?\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; static int DetectTlsValidityMatch (DetectEngineThreadCtx *, Flow *, uint8_t, void *, void *, const Signature *, @@ -129,7 +128,7 @@ void DetectTlsValidityRegister (void) sigmatch_table[DETECT_AL_TLS_VALID].RegisterTests = TlsValidRegisterTests; #endif - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); DetectAppLayerInspectEngineRegister("tls_validity", ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, @@ -310,7 +309,6 @@ static time_t DateStringToEpoch (char *string) static DetectTlsValidityData *DetectTlsValidityParse (const char *rawstr) { DetectTlsValidityData *dd = NULL; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; char mode[2] = ""; @@ -318,8 +316,7 @@ static DetectTlsValidityData *DetectTlsValidityParse (const char *rawstr) char value2[20] = ""; char range[3] = ""; - ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, - 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 3 || ret > 5) { SCLogError(SC_ERR_PCRE_MATCH, "Parse error %s", rawstr); goto error; diff --git a/src/detect-tls-version.c b/src/detect-tls-version.c index dfd2a517a1..f59b5eb49f 100644 --- a/src/detect-tls-version.c +++ b/src/detect-tls-version.c @@ -56,8 +56,7 @@ */ #define PARSE_REGEX "^\\s*([A-z0-9\\.]+|\"[A-z0-9\\.]+\")\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; static int DetectTlsVersionMatch (DetectEngineThreadCtx *, Flow *, uint8_t, void *, void *, @@ -84,7 +83,7 @@ void DetectTlsVersionRegister (void) sigmatch_table[DETECT_AL_TLS_VERSION].RegisterTests = DetectTlsVersionRegisterTests; #endif - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); g_tls_generic_list_id = DetectBufferTypeRegister("tls_generic"); } @@ -151,13 +150,10 @@ static DetectTlsVersionData *DetectTlsVersionParse (const char *str) { uint16_t temp; DetectTlsVersionData *tls = NULL; - #define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; - ret = pcre_exec(parse_regex, parse_regex_study, str, strlen(str), 0, 0, - ov, MAX_SUBSTRINGS); - + ret = DetectParsePcreExec(&parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1 || ret > 3) { SCLogError(SC_ERR_PCRE_MATCH, "invalid tls.version option"); goto error; diff --git a/src/detect-tls.c b/src/detect-tls.c index 5a6945c2a6..a0bbda54e2 100644 --- a/src/detect-tls.c +++ b/src/detect-tls.c @@ -67,12 +67,9 @@ #define PARSE_REGEX "^([A-z0-9\\s\\-\\.=,\\*@]+|\"[A-z0-9\\s\\-\\.=,\\*@]+\")\\s*$" #define PARSE_REGEX_FINGERPRINT "^([A-z0-9\\:\\*]+|\"[A-z0-9\\:\\* ]+\")\\s*$" -static pcre *subject_parse_regex; -static pcre_extra *subject_parse_regex_study; -static pcre *issuerdn_parse_regex; -static pcre_extra *issuerdn_parse_regex_study; -static pcre *fingerprint_parse_regex; -static pcre_extra *fingerprint_parse_regex_study; +static DetectParseRegex subject_parse_regex; +static DetectParseRegex issuerdn_parse_regex; +static DetectParseRegex fingerprint_parse_regex; static int DetectTlsSubjectMatch (DetectEngineThreadCtx *, Flow *, uint8_t, void *, void *, @@ -155,12 +152,9 @@ void DetectTlsRegister (void) sigmatch_table[DETECT_AL_TLS_STORE].RegisterTests = NULL; sigmatch_table[DETECT_AL_TLS_STORE].flags |= SIGMATCH_NOOPT; - DetectSetupParseRegexes(PARSE_REGEX, - &subject_parse_regex, &subject_parse_regex_study); - DetectSetupParseRegexes(PARSE_REGEX, - &issuerdn_parse_regex, &issuerdn_parse_regex_study); - DetectSetupParseRegexes(PARSE_REGEX_FINGERPRINT, - &fingerprint_parse_regex, &fingerprint_parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &subject_parse_regex); + DetectSetupParseRegexes(PARSE_REGEX, &issuerdn_parse_regex); + DetectSetupParseRegexes(PARSE_REGEX_FINGERPRINT, &fingerprint_parse_regex); g_tls_cert_list_id = DetectBufferTypeRegister("tls_cert"); @@ -237,7 +231,6 @@ static int DetectTlsSubjectMatch (DetectEngineThreadCtx *det_ctx, static DetectTlsData *DetectTlsSubjectParse (const char *str, bool negate) { DetectTlsData *tls = NULL; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; const char *str_ptr; @@ -245,9 +238,7 @@ static DetectTlsData *DetectTlsSubjectParse (const char *str, bool negate) char *tmp_str; uint32_t flag = 0; - ret = pcre_exec(subject_parse_regex, subject_parse_regex_study, str, strlen(str), 0, 0, - ov, MAX_SUBSTRINGS); - + ret = DetectParsePcreExec(&subject_parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS); if (ret != 2) { SCLogError(SC_ERR_PCRE_MATCH, "invalid tls.subject option"); goto error; @@ -437,7 +428,6 @@ static int DetectTlsIssuerDNMatch (DetectEngineThreadCtx *det_ctx, static DetectTlsData *DetectTlsIssuerDNParse(const char *str, bool negate) { DetectTlsData *tls = NULL; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; const char *str_ptr; @@ -445,8 +435,7 @@ static DetectTlsData *DetectTlsIssuerDNParse(const char *str, bool negate) char *tmp_str; uint32_t flag = 0; - ret = pcre_exec(issuerdn_parse_regex, issuerdn_parse_regex_study, str, strlen(str), 0, 0, - ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&issuerdn_parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS); if (ret != 2) { SCLogError(SC_ERR_PCRE_MATCH, "invalid tls.issuerdn option"); goto error; @@ -570,7 +559,6 @@ static void DetectTlsIssuerDNFree(void *ptr) static DetectTlsData *DetectTlsFingerprintParse (const char *str, bool negate) { DetectTlsData *tls = NULL; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; const char *str_ptr; @@ -578,8 +566,7 @@ static DetectTlsData *DetectTlsFingerprintParse (const char *str, bool negate) char *tmp_str; uint32_t flag = 0; - ret = pcre_exec(fingerprint_parse_regex, fingerprint_parse_regex_study, str, strlen(str), 0, 0, - ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&fingerprint_parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS); if (ret != 2) { SCLogError(SC_ERR_PCRE_MATCH, "invalid tls.fingerprint option"); goto error; diff --git a/src/detect-tos.c b/src/detect-tos.c index f6cf58f532..c43319a4a1 100644 --- a/src/detect-tos.c +++ b/src/detect-tos.c @@ -45,8 +45,7 @@ #define PARSE_REGEX "^\\s*(!?\\s*[0-9]{1,3}|!?\\s*[xX][0-9a-fA-F]{1,2})\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; static int DetectTosSetup(DetectEngineCtx *, Signature *, const char *); static int DetectTosMatch(DetectEngineThreadCtx *, Packet *, @@ -73,7 +72,7 @@ void DetectTosRegister(void) sigmatch_table[DETECT_TOS].url = DOC_URL DOC_VERSION "/rules/header-keywords.html#tos"; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } /** @@ -108,13 +107,10 @@ static int DetectTosMatch(DetectEngineThreadCtx *det_ctx, Packet *p, static DetectTosData *DetectTosParse(const char *arg, bool negate) { DetectTosData *tosd = NULL; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; - ret = pcre_exec(parse_regex, parse_regex_study, arg, strlen(arg), 0, 0, - ov, MAX_SUBSTRINGS); - + ret = DetectParsePcreExec(&parse_regex, arg, 0, 0, ov, MAX_SUBSTRINGS); if (ret != 2) { SCLogError(SC_ERR_PCRE_MATCH, "invalid tos option - %s. " "The tos option value must be in the range " diff --git a/src/detect-ttl.c b/src/detect-ttl.c index cabc158b22..cda9f161ec 100644 --- a/src/detect-ttl.c +++ b/src/detect-ttl.c @@ -39,8 +39,7 @@ */ #define PARSE_REGEX "^\\s*([0-9]*)?\\s*([<>=-]+)?\\s*([0-9]+)?\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; /* prototypes */ static int DetectTtlMatch (DetectEngineThreadCtx *, Packet *, @@ -71,7 +70,7 @@ void DetectTtlRegister(void) sigmatch_table[DETECT_TTL].SupportsPrefilter = PrefilterTtlIsPrefilterable; sigmatch_table[DETECT_TTL].SetupPrefilter = PrefilterSetupTtl; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); return; } @@ -133,13 +132,12 @@ static int DetectTtlMatch (DetectEngineThreadCtx *det_ctx, Packet *p, static DetectTtlData *DetectTtlParse (const char *ttlstr) { -#define MAX_SUBSTRINGS 30 int ov[MAX_SUBSTRINGS]; char arg1[6] = ""; char arg2[6] = ""; char arg3[6] = ""; - int ret = pcre_exec(parse_regex, parse_regex_study, ttlstr, strlen(ttlstr), 0, 0, ov, MAX_SUBSTRINGS); + int ret = DetectParsePcreExec(&parse_regex, ttlstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 2 || ret > 4) { SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret); return NULL; diff --git a/src/detect-urilen.c b/src/detect-urilen.c index ab4d6b6242..c9489fb044 100644 --- a/src/detect-urilen.c +++ b/src/detect-urilen.c @@ -47,8 +47,7 @@ */ #define PARSE_REGEX "^(?:\\s*)(<|>)?(?:\\s*)([0-9]{1,5})(?:\\s*)(?:(<>)(?:\\s*)([0-9]{1,5}))?\\s*(?:,\\s*(norm|raw))?\\s*$" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; /*prototypes*/ static int DetectUrilenSetup (DetectEngineCtx *, Signature *, const char *); @@ -72,7 +71,7 @@ void DetectUrilenRegister(void) sigmatch_table[DETECT_AL_URILEN].Free = DetectUrilenFree; sigmatch_table[DETECT_AL_URILEN].RegisterTests = DetectUrilenRegisterTests; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); g_http_uri_buffer_id = DetectBufferTypeRegister("http_uri"); g_http_raw_uri_buffer_id = DetectBufferTypeRegister("http_raw_uri"); @@ -96,12 +95,10 @@ static DetectUrilenData *DetectUrilenParse (const char *urilenstr) char *arg3 = NULL; char *arg4 = NULL; char *arg5 = NULL; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; - ret = pcre_exec(parse_regex, parse_regex_study, urilenstr, strlen(urilenstr), - 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, urilenstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret < 3 || ret > 6) { SCLogError(SC_ERR_PCRE_PARSE, "urilen option pcre parse error: \"%s\"", urilenstr); goto error; diff --git a/src/detect-xbits.c b/src/detect-xbits.c index 4e40636e34..41cfa860a9 100644 --- a/src/detect-xbits.c +++ b/src/detect-xbits.c @@ -54,8 +54,7 @@ */ #define PARSE_REGEX "^([a-z]+)" "(?:,\\s*([^,]+))?" "(?:,\\s*(?:track\\s+([^,]+)))" "(?:,\\s*(?:expire\\s+([^,]+)))?" -static pcre *parse_regex; -static pcre_extra *parse_regex_study; +static DetectParseRegex parse_regex; static int DetectXbitMatch (DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *); static int DetectXbitSetup (DetectEngineCtx *, Signature *, const char *); @@ -74,7 +73,7 @@ void DetectXbitsRegister (void) /* this is compatible to ip-only signatures */ sigmatch_table[DETECT_XBITS].flags |= SIGMATCH_IPONLY_COMPAT; - DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } static int DetectIPPairbitMatchToggle (Packet *p, const DetectXbitsData *fd) @@ -192,7 +191,6 @@ static int DetectXbitParse(DetectEngineCtx *de_ctx, DetectXbitsData *cd = NULL; uint8_t fb_cmd = 0; uint8_t hb_dir = 0; -#define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; char fb_cmd_str[16] = "", fb_name[256] = ""; @@ -200,7 +198,7 @@ static int DetectXbitParse(DetectEngineCtx *de_ctx, enum VarTypes var_type = VAR_TYPE_NOT_SET; int expire = DETECT_XBITS_EXPIRE_DEFAULT; - ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS); + ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret != 2 && ret != 3 && ret != 4 && ret != 5) { SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for xbits.", rawstr); return -1;