From: Victor Julien <victor@inliniac.net>
Date: Mon, 26 Oct 2020 20:14:43 +0000 (+0100)
Subject: detect/mpm: improve transforms handling
X-Git-Tag: suricata-6.0.1~83
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=82d7f6463053e2180883decaef9987b6caea277d;p=thirdparty%2Fsuricata.git

detect/mpm: improve transforms handling

Make sure keywords with transforms get their own mpm ctx, instead of
sharing it with the 'pure' version of the keyword.
---

diff --git a/src/detect-engine-mpm.c b/src/detect-engine-mpm.c
index 027063a6cb..c764b06024 100644
--- a/src/detect-engine-mpm.c
+++ b/src/detect-engine-mpm.c
@@ -162,6 +162,7 @@ void DetectAppLayerMpmRegisterByParentId(DetectEngineCtx *de_ctx,
             am->app_v2.tx_min_progress = t->app_v2.tx_min_progress;
             am->priority = t->priority;
             am->sgh_mpm_context = t->sgh_mpm_context;
+            am->sgh_mpm_context = MpmFactoryRegisterMpmCtxProfile(de_ctx, am->name, am->sm_list);
             am->next = t->next;
             if (transforms) {
                 memcpy(&am->transforms, transforms, sizeof(*transforms));
@@ -245,7 +246,7 @@ void DetectMpmInitializeAppMpms(DetectEngineCtx *de_ctx)
             if (!(de_ctx->flags & DE_QUIET)) {
                 SCLogPerf("using shared mpm ctx' for %s", n->name);
             }
-            n->sgh_mpm_context = MpmFactoryRegisterMpmCtxProfile(de_ctx, n->name);
+            n->sgh_mpm_context = MpmFactoryRegisterMpmCtxProfile(de_ctx, n->name, n->sm_list);
         }
 
         list = list->next;
@@ -412,7 +413,7 @@ void DetectMpmInitializePktMpms(DetectEngineCtx *de_ctx)
             if (!(de_ctx->flags & DE_QUIET)) {
                 SCLogPerf("using shared mpm ctx' for %s", n->name);
             }
-            n->sgh_mpm_context = MpmFactoryRegisterMpmCtxProfile(de_ctx, n->name);
+            n->sgh_mpm_context = MpmFactoryRegisterMpmCtxProfile(de_ctx, n->name, n->sm_list);
         }
 
         list = list->next;
@@ -466,7 +467,7 @@ static int32_t SetupBuiltinMpm(DetectEngineCtx *de_ctx, const char *name)
         ctx = MPM_CTX_FACTORY_UNIQUE_CONTEXT;
         SCLogPerf("using unique mpm ctx' for %s", name);
     } else {
-        ctx = MpmFactoryRegisterMpmCtxProfile(de_ctx, name);
+        ctx = MpmFactoryRegisterMpmCtxProfile(de_ctx, name, DETECT_SM_LIST_PMATCH);
         SCLogPerf("using shared mpm ctx' for %s", name);
     }
     return ctx;
diff --git a/src/util-mpm.c b/src/util-mpm.c
index fb7a3818f5..61f3c1899f 100644
--- a/src/util-mpm.c
+++ b/src/util-mpm.c
@@ -52,10 +52,12 @@ int mpm_default_matcher;
  * \brief Register a new Mpm Context.
  *
  * \param name A new profile to be registered to store this MpmCtx.
+ * \param sm_list sm_list for this name (might be variable with xforms)
  *
  * \retval id Return the id created for the new MpmCtx profile.
  */
-int32_t MpmFactoryRegisterMpmCtxProfile(DetectEngineCtx *de_ctx, const char *name)
+int32_t MpmFactoryRegisterMpmCtxProfile(
+        DetectEngineCtx *de_ctx, const char *name, const int sm_list)
 {
     void *ptmp;
     /* the very first entry */
@@ -72,6 +74,7 @@ int32_t MpmFactoryRegisterMpmCtxProfile(DetectEngineCtx *de_ctx, const char *nam
         }
 
         item[0].name = name;
+        item[0].sm_list = sm_list;
 
         /* toserver */
         item[0].mpm_ctx_ts = SCMalloc(sizeof(MpmCtx));
@@ -103,7 +106,8 @@ int32_t MpmFactoryRegisterMpmCtxProfile(DetectEngineCtx *de_ctx, const char *nam
         int i;
         MpmCtxFactoryItem *items = de_ctx->mpm_ctx_factory_container->items;
         for (i = 0; i < de_ctx->mpm_ctx_factory_container->no_of_items; i++) {
-            if (items[i].name != NULL && strcmp(items[i].name, name) == 0) {
+            if (items[i].sm_list == sm_list && items[i].name != NULL &&
+                    strcmp(items[i].name, name) == 0) {
                 /* looks like we have this mpm_ctx freed */
                 if (items[i].mpm_ctx_ts == NULL) {
                     items[i].mpm_ctx_ts = SCMalloc(sizeof(MpmCtx));
@@ -139,6 +143,7 @@ int32_t MpmFactoryRegisterMpmCtxProfile(DetectEngineCtx *de_ctx, const char *nam
 
         MpmCtxFactoryItem *new_item = &items[de_ctx->mpm_ctx_factory_container->no_of_items];
         new_item[0].name = name;
+        new_item[0].sm_list = sm_list;
 
         /* toserver */
         new_item[0].mpm_ctx_ts = SCMalloc(sizeof(MpmCtx));
diff --git a/src/util-mpm.h b/src/util-mpm.h
index 8f52fa68fc..0e5311293a 100644
--- a/src/util-mpm.h
+++ b/src/util-mpm.h
@@ -117,6 +117,7 @@ typedef struct MpmCtxFactoryItem_ {
     MpmCtx *mpm_ctx_ts;
     MpmCtx *mpm_ctx_tc;
     int32_t id;
+    int32_t sm_list;
 } MpmCtxFactoryItem;
 
 typedef struct MpmCtxFactoryContainer_ {
@@ -171,7 +172,7 @@ extern int mpm_default_matcher;
 
 struct DetectEngineCtx_;
 
-int32_t MpmFactoryRegisterMpmCtxProfile(struct DetectEngineCtx_ *, const char *);
+int32_t MpmFactoryRegisterMpmCtxProfile(struct DetectEngineCtx_ *, const char *, const int);
 void MpmFactoryReClaimMpmCtx(const struct DetectEngineCtx_ *, MpmCtx *);
 MpmCtx *MpmFactoryGetMpmCtxForProfile(const struct DetectEngineCtx_ *, int32_t, int);
 void MpmFactoryDeRegisterAllMpmCtxProfiles(struct DetectEngineCtx_ *);