From: Victor Julien Date: Mon, 26 Oct 2015 13:18:37 +0000 (+0100) Subject: detect/mpm: unify packet/stream mpm_ctx pointers X-Git-Tag: suricata-3.1RC1~318 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=87f3adbe4c25a3047acf40670eba151af49cbd78;p=thirdparty%2Fsuricata.git detect/mpm: unify packet/stream mpm_ctx pointers SGH's for tcp and udp are now always only per proto and per direction. This means we can simply reuse the packet and stream mpm pointers. The SGH's for the other protocols already used a directionless catch all mpm pointer. --- diff --git a/src/detect-engine-mpm.c b/src/detect-engine-mpm.c index 04f455e38b..0e1c7839c3 100644 --- a/src/detect-engine-mpm.c +++ b/src/detect-engine-mpm.c @@ -259,27 +259,9 @@ void PacketPatternCleanup(ThreadVars *t, DetectEngineThreadCtx *det_ctx) return; /* content */ - if (det_ctx->sgh->mpm_proto_tcp_ctx_ts != NULL && - mpm_table[det_ctx->sgh->mpm_proto_tcp_ctx_ts->mpm_type].Cleanup != NULL) { - mpm_table[det_ctx->sgh->mpm_proto_tcp_ctx_ts->mpm_type].Cleanup(&det_ctx->mtc); - } - if (det_ctx->sgh->mpm_proto_tcp_ctx_tc != NULL && - mpm_table[det_ctx->sgh->mpm_proto_tcp_ctx_tc->mpm_type].Cleanup != NULL) { - mpm_table[det_ctx->sgh->mpm_proto_tcp_ctx_tc->mpm_type].Cleanup(&det_ctx->mtc); - } - - if (det_ctx->sgh->mpm_proto_udp_ctx_ts != NULL && - mpm_table[det_ctx->sgh->mpm_proto_udp_ctx_ts->mpm_type].Cleanup != NULL) { - mpm_table[det_ctx->sgh->mpm_proto_udp_ctx_ts->mpm_type].Cleanup(&det_ctx->mtc); - } - if (det_ctx->sgh->mpm_proto_udp_ctx_tc != NULL && - mpm_table[det_ctx->sgh->mpm_proto_udp_ctx_tc->mpm_type].Cleanup != NULL) { - mpm_table[det_ctx->sgh->mpm_proto_udp_ctx_tc->mpm_type].Cleanup(&det_ctx->mtc); - } - - if (det_ctx->sgh->mpm_proto_other_ctx != NULL && - mpm_table[det_ctx->sgh->mpm_proto_other_ctx->mpm_type].Cleanup != NULL) { - mpm_table[det_ctx->sgh->mpm_proto_other_ctx->mpm_type].Cleanup(&det_ctx->mtc); + if (det_ctx->sgh->mpm_packet_ctx != NULL && + mpm_table[det_ctx->sgh->mpm_packet_ctx->mpm_type].Cleanup != NULL) { + mpm_table[det_ctx->sgh->mpm_packet_ctx->mpm_type].Cleanup(&det_ctx->mtc); } /* uricontent */ @@ -288,11 +270,9 @@ void PacketPatternCleanup(ThreadVars *t, DetectEngineThreadCtx *det_ctx) } /* stream content */ - if (det_ctx->sgh->mpm_stream_ctx_ts != NULL && mpm_table[det_ctx->sgh->mpm_stream_ctx_ts->mpm_type].Cleanup != NULL) { - mpm_table[det_ctx->sgh->mpm_stream_ctx_ts->mpm_type].Cleanup(&det_ctx->mtcs); - } - if (det_ctx->sgh->mpm_stream_ctx_tc != NULL && mpm_table[det_ctx->sgh->mpm_stream_ctx_tc->mpm_type].Cleanup != NULL) { - mpm_table[det_ctx->sgh->mpm_stream_ctx_tc->mpm_type].Cleanup(&det_ctx->mtcs); + if (det_ctx->sgh->mpm_stream_ctx != NULL && + mpm_table[det_ctx->sgh->mpm_stream_ctx->mpm_type].Cleanup != NULL) { + mpm_table[det_ctx->sgh->mpm_stream_ctx->mpm_type].Cleanup(&det_ctx->mtcs); } return; @@ -1136,31 +1116,35 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh) if (SGH_DIRECTION_TS(sh)) { mpm_store = MpmStorePrepareBuffer(de_ctx, sh, MPMB_TCP_PKT_TS); if (mpm_store != NULL) { - sh->mpm_proto_tcp_ctx_ts = mpm_store->mpm_ctx; - if (sh->mpm_proto_tcp_ctx_ts) + BUG_ON(sh->mpm_packet_ctx); + sh->mpm_packet_ctx = mpm_store->mpm_ctx; + if (sh->mpm_packet_ctx) sh->flags |= SIG_GROUP_HEAD_MPM_PACKET; } mpm_store = MpmStorePrepareBuffer(de_ctx, sh, MPMB_TCP_STREAM_TS); if (mpm_store != NULL) { BUG_ON(mpm_store == NULL); - sh->mpm_stream_ctx_ts = mpm_store->mpm_ctx; - if (sh->mpm_stream_ctx_ts) + BUG_ON(sh->mpm_stream_ctx); + sh->mpm_stream_ctx = mpm_store->mpm_ctx; + if (sh->mpm_stream_ctx) sh->flags |= SIG_GROUP_HEAD_MPM_STREAM; } } if (SGH_DIRECTION_TC(sh)) { mpm_store = MpmStorePrepareBuffer(de_ctx, sh, MPMB_TCP_PKT_TC); if (mpm_store != NULL) { - sh->mpm_proto_tcp_ctx_tc = mpm_store->mpm_ctx; - if (sh->mpm_proto_tcp_ctx_tc) + BUG_ON(sh->mpm_packet_ctx); + sh->mpm_packet_ctx = mpm_store->mpm_ctx; + if (sh->mpm_packet_ctx) sh->flags |= SIG_GROUP_HEAD_MPM_PACKET; } mpm_store = MpmStorePrepareBuffer(de_ctx, sh, MPMB_TCP_STREAM_TC); if (mpm_store != NULL) { - sh->mpm_stream_ctx_tc = mpm_store->mpm_ctx; - if (sh->mpm_stream_ctx_tc) + BUG_ON(sh->mpm_stream_ctx); + sh->mpm_stream_ctx = mpm_store->mpm_ctx; + if (sh->mpm_stream_ctx) sh->flags |= SIG_GROUP_HEAD_MPM_STREAM; } } @@ -1169,27 +1153,30 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh) mpm_store = MpmStorePrepareBuffer(de_ctx, sh, MPMB_UDP_TS); if (mpm_store != NULL) { BUG_ON(mpm_store == NULL); - sh->mpm_proto_udp_ctx_ts = mpm_store->mpm_ctx; + BUG_ON(sh->mpm_packet_ctx); + sh->mpm_packet_ctx = mpm_store->mpm_ctx; - if (sh->mpm_proto_udp_ctx_ts != NULL) + if (sh->mpm_packet_ctx != NULL) sh->flags |= SIG_GROUP_HEAD_MPM_PACKET; } } if (SGH_DIRECTION_TC(sh)) { mpm_store = MpmStorePrepareBuffer(de_ctx, sh, MPMB_UDP_TC); if (mpm_store != NULL) { - sh->mpm_proto_udp_ctx_tc = mpm_store->mpm_ctx; + BUG_ON(sh->mpm_packet_ctx); + sh->mpm_packet_ctx = mpm_store->mpm_ctx; - if (sh->mpm_proto_udp_ctx_tc != NULL) + if (sh->mpm_packet_ctx != NULL) sh->flags |= SIG_GROUP_HEAD_MPM_PACKET; } } } else { mpm_store = MpmStorePrepareBuffer(de_ctx, sh, MPMB_OTHERIP); if (mpm_store != NULL) { - sh->mpm_proto_other_ctx = mpm_store->mpm_ctx; + BUG_ON(sh->mpm_packet_ctx); + sh->mpm_packet_ctx = mpm_store->mpm_ctx; - if (sh->mpm_proto_other_ctx != NULL) + if (sh->mpm_packet_ctx != NULL) sh->flags |= SIG_GROUP_HEAD_MPM_PACKET; } } diff --git a/src/detect-engine-payload.c b/src/detect-engine-payload.c index ab63d16f86..f5cd077c61 100644 --- a/src/detect-engine-payload.c +++ b/src/detect-engine-payload.c @@ -50,25 +50,14 @@ uint32_t PacketPatternSearchWithStreamCtx(DetectEngineThreadCtx *det_ctx, SCEnter(); uint32_t ret = 0; - const MpmCtx *mpm_ctx = NULL; - - if (p->flowflags & FLOW_PKT_TOSERVER) { - DEBUG_VALIDATE_BUG_ON(det_ctx->sgh->mpm_stream_ctx_ts == NULL); - mpm_ctx = det_ctx->sgh->mpm_stream_ctx_ts; - - } else { - DEBUG_VALIDATE_BUG_ON(det_ctx->sgh->mpm_stream_ctx_tc == NULL); - - mpm_ctx = det_ctx->sgh->mpm_stream_ctx_tc; - } - if (unlikely(mpm_ctx == NULL)) { + DEBUG_VALIDATE_BUG_ON(det_ctx->sgh->mpm_stream_ctx == NULL); + if (det_ctx->sgh->mpm_stream_ctx == NULL) SCReturnInt(0); - } - if (p->payload_len >= mpm_ctx->minlen) { - ret = mpm_table[mpm_ctx->mpm_type]. - Search(mpm_ctx, &det_ctx->mtc, &det_ctx->pmq, + if (p->payload_len >= det_ctx->sgh->mpm_stream_ctx->minlen) { + ret = mpm_table[det_ctx->sgh->mpm_stream_ctx->mpm_type]. + Search(det_ctx->sgh->mpm_stream_ctx, &det_ctx->mtc, &det_ctx->pmq, p->payload, p->payload_len); } @@ -94,26 +83,13 @@ uint32_t StreamPatternSearch(DetectEngineThreadCtx *det_ctx, Packet *p, //PrintRawDataFp(stdout, smsg->data.data, smsg->data.data_len); uint32_t r; - if (flags & STREAM_TOSERVER) { - for ( ; smsg != NULL; smsg = smsg->next) { - if (smsg->data_len >= det_ctx->sgh->mpm_stream_ctx_ts->minlen) { - r = mpm_table[det_ctx->sgh->mpm_stream_ctx_ts->mpm_type]. - Search(det_ctx->sgh->mpm_stream_ctx_ts, &det_ctx->mtcs, - &det_ctx->pmq, smsg->data, smsg->data_len); - if (r > 0) { - ret += r; - } - } - } - } else if (flags & STREAM_TOCLIENT) { - for ( ; smsg != NULL; smsg = smsg->next) { - if (smsg->data_len >= det_ctx->sgh->mpm_stream_ctx_tc->minlen) { - r = mpm_table[det_ctx->sgh->mpm_stream_ctx_tc->mpm_type]. - Search(det_ctx->sgh->mpm_stream_ctx_tc, &det_ctx->mtcs, - &det_ctx->pmq, smsg->data, smsg->data_len); - if (r > 0) { - ret += r; - } + for ( ; smsg != NULL; smsg = smsg->next) { + if (smsg->data_len >= det_ctx->sgh->mpm_stream_ctx->minlen) { + r = mpm_table[det_ctx->sgh->mpm_stream_ctx->mpm_type]. + Search(det_ctx->sgh->mpm_stream_ctx, &det_ctx->mtcs, + &det_ctx->pmq, smsg->data, smsg->data_len); + if (r > 0) { + ret += r; } } } @@ -135,21 +111,7 @@ uint32_t PacketPatternSearch(DetectEngineThreadCtx *det_ctx, Packet *p) uint32_t ret = 0; const MpmCtx *mpm_ctx = NULL; - if (p->proto == IPPROTO_TCP) { - if (p->flowflags & FLOW_PKT_TOSERVER) { - mpm_ctx = det_ctx->sgh->mpm_proto_tcp_ctx_ts; - } else if (p->flowflags & FLOW_PKT_TOCLIENT) { - mpm_ctx = det_ctx->sgh->mpm_proto_tcp_ctx_tc; - } - } else if (p->proto == IPPROTO_UDP) { - if (p->flowflags & FLOW_PKT_TOSERVER) { - mpm_ctx = det_ctx->sgh->mpm_proto_udp_ctx_ts; - } else if (p->flowflags & FLOW_PKT_TOCLIENT) { - mpm_ctx = det_ctx->sgh->mpm_proto_udp_ctx_tc; - } - } else { - mpm_ctx = det_ctx->sgh->mpm_proto_other_ctx; - } + mpm_ctx = det_ctx->sgh->mpm_packet_ctx; if (unlikely(mpm_ctx == NULL)) SCReturnInt(0); if (p->payload_len < mpm_ctx->minlen) diff --git a/src/detect.h b/src/detect.h index 808fd69820..7f54d13fff 100644 --- a/src/detect.h +++ b/src/detect.h @@ -979,13 +979,11 @@ typedef struct SigGroupHead_ { uint32_t id; /**< unique id used to index sgh_array for stats */ /* pattern matcher instances */ - const MpmCtx *mpm_proto_other_ctx; + const MpmCtx *mpm_packet_ctx; + const MpmCtx *mpm_stream_ctx; union { struct { - const MpmCtx *mpm_proto_tcp_ctx_ts; - const MpmCtx *mpm_proto_udp_ctx_ts; - const MpmCtx *mpm_stream_ctx_ts; const MpmCtx *mpm_uri_ctx_ts; const MpmCtx *mpm_hcbd_ctx_ts; const MpmCtx *mpm_hhd_ctx_ts; @@ -1000,9 +998,6 @@ typedef struct SigGroupHead_ { const MpmCtx *mpm_smtp_filedata_ctx_ts; }; struct { - const MpmCtx *mpm_proto_tcp_ctx_tc; - const MpmCtx *mpm_proto_udp_ctx_tc; - const MpmCtx *mpm_stream_ctx_tc; const MpmCtx *mpm_hsbd_ctx_tc; const MpmCtx *mpm_hhd_ctx_tc; const MpmCtx *mpm_hrhd_ctx_tc;