From: Victor Julien Date: Fri, 17 Jan 2014 12:49:10 +0000 (+0100) Subject: app-layer proto detect: optimization X-Git-Tag: suricata-2.0rc1~173 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=634eb1d35cfaddd6449276f52ec6e44f5127eee9;p=thirdparty%2Fsuricata.git app-layer proto detect: optimization Don't use FlowGetProtoMapping at runtime, use f->protomap instead. Add safety check to make sure its value is within range, as it's used to index an array. Update unittests to initialized flows (somewhat). --- diff --git a/src/app-layer-detect-proto.c b/src/app-layer-detect-proto.c index 353297b266..f5b57193aa 100644 --- a/src/app-layer-detect-proto.c +++ b/src/app-layer-detect-proto.c @@ -220,12 +220,15 @@ static AppProto AppLayerProtoDetectPMGetProto(AppLayerProtoDetectThreadCtx *tctx uint8_t cnt; uint16_t searchlen; + if (f->protomap >= FLOW_PROTO_DEFAULT) + return ALPROTO_UNKNOWN; + if (direction & STREAM_TOSERVER) { - pm_ctx = &alpd_ctx.ctx_ipp[FlowGetProtoMapping(ipproto)].ctx_pm[0]; - mpm_tctx = &tctx->mpm_tctx[FlowGetProtoMapping(ipproto)][0]; + pm_ctx = &alpd_ctx.ctx_ipp[f->protomap].ctx_pm[0]; + mpm_tctx = &tctx->mpm_tctx[f->protomap][0]; } else { - pm_ctx = &alpd_ctx.ctx_ipp[FlowGetProtoMapping(ipproto)].ctx_pm[1]; - mpm_tctx = &tctx->mpm_tctx[FlowGetProtoMapping(ipproto)][1]; + pm_ctx = &alpd_ctx.ctx_ipp[f->protomap].ctx_pm[1]; + mpm_tctx = &tctx->mpm_tctx[f->protomap][1]; } if (pm_ctx->mpm_ctx.pattern_cnt == 0) goto end; @@ -1781,6 +1784,9 @@ int AppLayerProtoDetectTest03(void) AppProto pm_results[ALPROTO_MAX]; AppLayerProtoDetectThreadCtx *alpd_tctx; + memset(&f, 0x00, sizeof(f)); + f.protomap = FlowGetProtoMapping(IPPROTO_TCP); + memset(pm_results, 0, sizeof(pm_results)); buf = "HTTP"; @@ -1853,6 +1859,9 @@ int AppLayerProtoDetectTest04(void) AppProto pm_results[ALPROTO_MAX]; AppLayerProtoDetectThreadCtx *alpd_tctx; + memset(&f, 0x00, sizeof(f)); + f.protomap = FlowGetProtoMapping(IPPROTO_TCP); + memset(pm_results, 0, sizeof(pm_results)); buf = "200 "; @@ -1919,6 +1928,9 @@ int AppLayerProtoDetectTest05(void) AppProto pm_results[ALPROTO_MAX]; AppLayerProtoDetectThreadCtx *alpd_tctx; + memset(&f, 0x00, sizeof(f)); + f.protomap = FlowGetProtoMapping(IPPROTO_TCP); + memset(pm_results, 0, sizeof(pm_results)); buf = "HTTP"; @@ -1991,6 +2003,9 @@ int AppLayerProtoDetectTest06(void) AppProto pm_results[ALPROTO_MAX]; AppLayerProtoDetectThreadCtx *alpd_tctx; + memset(&f, 0x00, sizeof(f)); + f.protomap = FlowGetProtoMapping(IPPROTO_TCP); + buf = "HTTP"; AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT); buf = "220 "; @@ -2061,6 +2076,9 @@ int AppLayerProtoDetectTest07(void) AppProto pm_results[ALPROTO_MAX]; AppLayerProtoDetectThreadCtx *alpd_tctx; + memset(&f, 0x00, sizeof(f)); + f.protomap = FlowGetProtoMapping(IPPROTO_TCP); + memset(pm_results, 0, sizeof(pm_results)); buf = "HTTP"; @@ -2146,6 +2164,9 @@ int AppLayerProtoDetectTest08(void) AppProto pm_results[ALPROTO_MAX]; AppLayerProtoDetectThreadCtx *alpd_tctx; + memset(&f, 0x00, sizeof(f)); + f.protomap = FlowGetProtoMapping(IPPROTO_TCP); + memset(pm_results, 0, sizeof(pm_results)); buf = "|ff|SMB"; @@ -2227,6 +2248,9 @@ int AppLayerProtoDetectTest09(void) AppProto pm_results[ALPROTO_MAX]; AppLayerProtoDetectThreadCtx *alpd_tctx; + memset(&f, 0x00, sizeof(f)); + f.protomap = FlowGetProtoMapping(IPPROTO_TCP); + memset(pm_results, 0, sizeof(pm_results)); buf = "|fe|SMB"; @@ -2303,6 +2327,9 @@ int AppLayerProtoDetectTest10(void) AppProto pm_results[ALPROTO_MAX]; AppLayerProtoDetectThreadCtx *alpd_tctx; + memset(&f, 0x00, sizeof(f)); + f.protomap = FlowGetProtoMapping(IPPROTO_TCP); + memset(pm_results, 0, sizeof(pm_results)); buf = "|05 00|"; @@ -2373,6 +2400,9 @@ int AppLayerProtoDetectTest11(void) AppProto pm_results[ALPROTO_MAX]; AppLayerProtoDetectThreadCtx *alpd_tctx; + memset(&f, 0x00, sizeof(f)); + f.protomap = FlowGetProtoMapping(IPPROTO_TCP); + memset(pm_results, 0, sizeof(pm_results)); AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOSERVER); @@ -2521,6 +2551,9 @@ int AppLayerProtoDetectTest13(void) AppLayerProtoDetectThreadCtx *alpd_tctx; uint32_t cnt; + memset(&f, 0x00, sizeof(f)); + f.protomap = FlowGetProtoMapping(IPPROTO_TCP); + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOSERVER); AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "GET", 3, 0, STREAM_TOSERVER); AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "PUT", 3, 0, STREAM_TOSERVER); @@ -2609,6 +2642,9 @@ int AppLayerProtoDetectTest14(void) AppLayerProtoDetectThreadCtx *alpd_tctx; uint32_t cnt; + memset(&f, 0x00, sizeof(f)); + f.protomap = FlowGetProtoMapping(IPPROTO_UDP); + AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOSERVER); AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "GET", 3, 0, STREAM_TOSERVER); AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_UDP, ALPROTO_HTTP, "PUT", 3, 0, STREAM_TOSERVER);