From: Victor Julien Date: Sun, 16 Oct 2016 13:30:22 +0000 (+0200) Subject: detect: get rid of Signature::sm_lists X-Git-Tag: suricata-4.0.0-beta1~407 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8edc954e828a4a4ed89a6debba86c0225712151a;p=thirdparty%2Fsuricata.git detect: get rid of Signature::sm_lists Instead use the lists in init_data during setup and the SigMatchData arrays during runtime. --- diff --git a/src/detect-ack.c b/src/detect-ack.c index 79c33390db..0d36096a4d 100644 --- a/src/detect-ack.c +++ b/src/detect-ack.c @@ -194,7 +194,7 @@ static int PrefilterSetupTcpAck(SigGroupHead *sgh) static _Bool PrefilterTcpAckIsPrefilterable(const Signature *s) { const SigMatch *sm; - for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { + for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { switch (sm->type) { case DETECT_ACK: return TRUE; diff --git a/src/detect-app-layer-event.c b/src/detect-app-layer-event.c index 3e95fb57e0..24eb609402 100644 --- a/src/detect-app-layer-event.c +++ b/src/detect-app-layer-event.c @@ -51,7 +51,7 @@ static int DetectAppLayerEventPktMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, const Signature *s, const SigMatchCtx *ctx); static int DetectAppLayerEventAppMatch(ThreadVars *, DetectEngineThreadCtx *, Flow *, - uint8_t, void *, const Signature *, const SigMatch *); + uint8_t, void *, const Signature *, const SigMatchData *); static int DetectAppLayerEventSetupP1(DetectEngineCtx *, Signature *, char *); static void DetectAppLayerEventRegisterTests(void); static void DetectAppLayerEventFree(void *); @@ -146,8 +146,8 @@ static int DetectAppLayerEventPktMatch(ThreadVars *t, DetectEngineThreadCtx *det } static int DetectAppLayerEventAppMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, - Flow *f, uint8_t flags, void *state, const Signature *s, - const SigMatch *m) + Flow *f, uint8_t flags, void *state, + const Signature *s, const SigMatchData *m) { SCEnter(); AppLayerDecoderEvents *decoder_events = NULL; @@ -370,9 +370,9 @@ static void DetectAppLayerEventFree(void *ptr) int DetectAppLayerEventPrepare(Signature *s) { - SigMatch *sm = s->sm_lists[DETECT_SM_LIST_APP_EVENT]; - s->sm_lists[DETECT_SM_LIST_APP_EVENT] = NULL; - s->sm_lists_tail[DETECT_SM_LIST_APP_EVENT] = NULL; + SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_APP_EVENT]; + s->init_data->smlists[DETECT_SM_LIST_APP_EVENT] = NULL; + s->init_data->smlists_tail[DETECT_SM_LIST_APP_EVENT] = NULL; while (sm != NULL) { sm->next = sm->prev = NULL; diff --git a/src/detect-base64-data.c b/src/detect-base64-data.c index d90d092513..16d36315a7 100644 --- a/src/detect-base64-data.c +++ b/src/detect-base64-data.c @@ -46,20 +46,20 @@ static int DetectBase64DataSetup(DetectEngineCtx *de_ctx, Signature *s, /* Check for a preceding base64_decode. */ pm = SigMatchGetLastSMFromLists(s, 28, - DETECT_BASE64_DECODE, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_BASE64_DECODE, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_BASE64_DECODE, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_BASE64_DECODE, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_BASE64_DECODE, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_BASE64_DECODE, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_BASE64_DECODE, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_BASE64_DECODE, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_BASE64_DECODE, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_BASE64_DECODE, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_BASE64_DECODE, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_BASE64_DECODE, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_BASE64_DECODE, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_BASE64_DECODE, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH]); + DETECT_BASE64_DECODE, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_BASE64_DECODE, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_BASE64_DECODE, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_BASE64_DECODE, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_BASE64_DECODE, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_BASE64_DECODE, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_BASE64_DECODE, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_BASE64_DECODE, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_BASE64_DECODE, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_BASE64_DECODE, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_BASE64_DECODE, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_BASE64_DECODE, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_BASE64_DECODE, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_BASE64_DECODE, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH]); if (pm == NULL) { SCLogError(SC_ERR_INVALID_SIGNATURE, "\"base64_data\" keyword seen without preceding base64_decode."); diff --git a/src/detect-base64-decode.c b/src/detect-base64-decode.c index 638e76203e..d560c99ae9 100644 --- a/src/detect-base64-decode.c +++ b/src/detect-base64-decode.c @@ -205,90 +205,90 @@ static int DetectBase64DecodeSetup(DetectEngineCtx *de_ctx, Signature *s, else { /* Copied from detect-isdataat.c. */ pm = SigMatchGetLastSMFromLists(s, 168, - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH]); + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH]); if (pm == NULL) { sm_list = DETECT_SM_LIST_PMATCH; } diff --git a/src/detect-byte-extract.c b/src/detect-byte-extract.c index db379031b3..81940c66b2 100644 --- a/src/detect-byte-extract.c +++ b/src/detect-byte-extract.c @@ -532,18 +532,18 @@ static int DetectByteExtractSetup(DetectEngineCtx *de_ctx, Signature *s, char *a s->flags |= SIG_FLAG_APPLAYER; if (data->flags & DETECT_BYTE_EXTRACT_FLAG_RELATIVE) { prev_pm = SigMatchGetLastSMFromLists(s, 4, - DETECT_CONTENT, s->sm_lists_tail[sm_list], - DETECT_PCRE, s->sm_lists_tail[sm_list]); + DETECT_CONTENT, s->init_data->smlists_tail[sm_list], + DETECT_PCRE, s->init_data->smlists_tail[sm_list]); } } else if (data->endian == DETECT_BYTE_EXTRACT_ENDIAN_DCE) { if (data->flags & DETECT_BYTE_EXTRACT_FLAG_RELATIVE) { prev_pm = SigMatchGetLastSMFromLists(s, 12, - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH]); + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH]); if (prev_pm == NULL) { sm_list = DETECT_SM_LIST_PMATCH; } else { @@ -560,95 +560,95 @@ static int DetectByteExtractSetup(DetectEngineCtx *de_ctx, Signature *s, char *a } else if (data->flags & DETECT_BYTE_EXTRACT_FLAG_RELATIVE) { prev_pm = SigMatchGetLastSMFromLists(s, 168, - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH], - - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH], - - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH], - - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH], - - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH], - - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH]); + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH], + + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH], + + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH], + + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH], + + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH], + + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH]); if (prev_pm == NULL) { sm_list = DETECT_SM_LIST_PMATCH; } else { @@ -681,7 +681,7 @@ static int DetectByteExtractSetup(DetectEngineCtx *de_ctx, Signature *s, char *a } SigMatch *prev_bed_sm = SigMatchGetLastSMFromLists(s, 2, - DETECT_BYTE_EXTRACT, s->sm_lists_tail[sm_list]); + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[sm_list]); if (prev_bed_sm == NULL) data->local_id = 0; else @@ -751,7 +751,7 @@ SigMatch *DetectByteExtractRetrieveSMVar(const char *arg, const Signature *s) int list; for (list = 0; list < DETECT_SM_LIST_MAX; list++) { - SigMatch *sm = s->sm_lists[list]; + SigMatch *sm = s->init_data->smlists[list]; while (sm != NULL) { if (sm->type == DETECT_BYTE_EXTRACT) { bed = (DetectByteExtractData *)sm->ctx; diff --git a/src/detect-bytejump.c b/src/detect-bytejump.c index 7864715901..6bb66caa87 100644 --- a/src/detect-bytejump.c +++ b/src/detect-bytejump.c @@ -531,19 +531,19 @@ static int DetectBytejumpSetup(DetectEngineCtx *de_ctx, Signature *s, char *opts s->flags |= SIG_FLAG_APPLAYER; if (data->flags & DETECT_BYTEJUMP_RELATIVE) { prev_pm = SigMatchGetLastSMFromLists(s, 4, - DETECT_CONTENT, s->sm_lists_tail[sm_list], - DETECT_PCRE, s->sm_lists_tail[sm_list]); + DETECT_CONTENT, s->init_data->smlists_tail[sm_list], + DETECT_PCRE, s->init_data->smlists_tail[sm_list]); } } else if (data->flags & DETECT_BYTEJUMP_DCE) { if (data->flags & DETECT_BYTEJUMP_RELATIVE) { prev_pm = SigMatchGetLastSMFromLists(s, 12, - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH]); + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH]); if (prev_pm == NULL) { sm_list = DETECT_SM_LIST_PMATCH; } else { @@ -560,95 +560,95 @@ static int DetectBytejumpSetup(DetectEngineCtx *de_ctx, Signature *s, char *opts } else if (data->flags & DETECT_BYTEJUMP_RELATIVE) { prev_pm = SigMatchGetLastSMFromLists(s, 168, - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH], - - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH], - - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH], - - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH], - - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH], - - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH]); + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH], + + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH], + + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH], + + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH], + + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH], + + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH]); if (prev_pm == NULL) { sm_list = DETECT_SM_LIST_PMATCH; } else { diff --git a/src/detect-bytetest.c b/src/detect-bytetest.c index ae14b3430e..22fcf9e78a 100644 --- a/src/detect-bytetest.c +++ b/src/detect-bytetest.c @@ -458,19 +458,19 @@ static int DetectBytetestSetup(DetectEngineCtx *de_ctx, Signature *s, char *opts s->flags |= SIG_FLAG_APPLAYER; if (data->flags & DETECT_BYTETEST_RELATIVE) { prev_pm = SigMatchGetLastSMFromLists(s, 4, - DETECT_CONTENT, s->sm_lists_tail[sm_list], - DETECT_PCRE, s->sm_lists_tail[sm_list]); + DETECT_CONTENT, s->init_data->smlists_tail[sm_list], + DETECT_PCRE, s->init_data->smlists_tail[sm_list]); } } else if (data->flags & DETECT_BYTETEST_DCE) { if (data->flags & DETECT_BYTETEST_RELATIVE) { prev_pm = SigMatchGetLastSMFromLists(s, 12, - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH]); + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH]); if (prev_pm == NULL) { sm_list = DETECT_SM_LIST_PMATCH; } else { @@ -487,95 +487,95 @@ static int DetectBytetestSetup(DetectEngineCtx *de_ctx, Signature *s, char *opts } else if (data->flags & DETECT_BYTETEST_RELATIVE) { prev_pm = SigMatchGetLastSMFromLists(s, 168, - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH], - - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH], - - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH], - - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH], - - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH], - - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH]); + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH], + + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH], + + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH], + + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH], + + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH], + + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH]); if (prev_pm == NULL) { sm_list = DETECT_SM_LIST_PMATCH; } else { diff --git a/src/detect-dce-iface.c b/src/detect-dce-iface.c index 8513c9f0ce..8bdf278f6a 100644 --- a/src/detect-dce-iface.c +++ b/src/detect-dce-iface.c @@ -52,8 +52,8 @@ static pcre *parse_regex = NULL; static pcre_extra *parse_regex_study = NULL; -static int DetectDceIfaceMatch(ThreadVars *, DetectEngineThreadCtx *, Flow *, - uint8_t, void *, const Signature *, const SigMatch *); +static int DetectDceIfaceMatch(ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t, + void *, const Signature *, const SigMatchData *); static int DetectDceIfaceSetup(DetectEngineCtx *, Signature *, char *); static void DetectDceIfaceFree(void *); static void DetectDceIfaceRegisterTests(void); @@ -245,7 +245,7 @@ static inline int DetectDceIfaceMatchIfaceVersion(uint16_t version, */ static int DetectDceIfaceMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f, uint8_t flags, void *state, - const Signature *s, const SigMatch *m) + const Signature *s, const SigMatchData *m) { SCEnter(); diff --git a/src/detect-dce-opnum.c b/src/detect-dce-opnum.c index d33579aff2..064cc95639 100644 --- a/src/detect-dce-opnum.c +++ b/src/detect-dce-opnum.c @@ -53,7 +53,7 @@ static pcre *parse_regex = NULL; static pcre_extra *parse_regex_study = NULL; static int DetectDceOpnumMatch(ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t, - void *, const Signature *, const SigMatch *); + void *, const Signature *, const SigMatchData *); static int DetectDceOpnumSetup(DetectEngineCtx *, Signature *, char *); static void DetectDceOpnumFree(void *); static void DetectDceOpnumRegisterTests(void); @@ -240,7 +240,7 @@ static DetectDceOpnumData *DetectDceOpnumArgParse(const char *arg) */ static int DetectDceOpnumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f, uint8_t flags, void *state, - const Signature *s, const SigMatch *m) + const Signature *s, const SigMatchData *m) { SCEnter(); diff --git a/src/detect-depth.c b/src/detect-depth.c index 03d7d5bfa2..f249640238 100644 --- a/src/detect-depth.c +++ b/src/detect-depth.c @@ -75,23 +75,23 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, char *depths /* retrive the sm to apply the depth against */ if (s->list != DETECT_SM_LIST_NOTSET) { - pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->sm_lists_tail[s->list]); + pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->init_data->smlists_tail[s->list]); } else { pm = SigMatchGetLastSMFromLists(s, 28, - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH]); + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH]); } if (pm == NULL) { SCLogError(SC_ERR_DEPTH_MISSING_CONTENT, "depth needs " diff --git a/src/detect-detection-filter.c b/src/detect-detection-filter.c index 7960f4526f..9048f458e4 100644 --- a/src/detect-detection-filter.c +++ b/src/detect-detection-filter.c @@ -216,14 +216,14 @@ static int DetectDetectionFilterSetup (DetectEngineCtx *de_ctx, Signature *s, ch /* checks if there's a previous instance of threshold */ tmpm = SigMatchGetLastSMFromLists(s, 2, - DETECT_THRESHOLD, s->sm_lists_tail[DETECT_SM_LIST_MATCH]); + DETECT_THRESHOLD, s->init_data->smlists_tail[DETECT_SM_LIST_MATCH]); if (tmpm != NULL) { SCLogError(SC_ERR_INVALID_SIGNATURE, "\"detection_filter\" and \"threshold\" are not allowed in the same rule"); SCReturnInt(-1); } /* checks there's no previous instance of detection_filter */ tmpm = SigMatchGetLastSMFromLists(s, 2, - DETECT_DETECTION_FILTER, s->sm_lists_tail[DETECT_SM_LIST_MATCH]); + DETECT_DETECTION_FILTER, s->init_data->smlists_tail[DETECT_SM_LIST_MATCH]); if (tmpm != NULL) { SCLogError(SC_ERR_INVALID_SIGNATURE, "At most one \"detection_filter\" is allowed per rule"); SCReturnInt(-1); diff --git a/src/detect-distance.c b/src/detect-distance.c index 9c91c94473..e522ef5ae4 100644 --- a/src/detect-distance.c +++ b/src/detect-distance.c @@ -82,23 +82,23 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s, /* retrive the sm to apply the depth against */ if (s->list != DETECT_SM_LIST_NOTSET) { - pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->sm_lists_tail[s->list]); + pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->init_data->smlists_tail[s->list]); } else { pm = SigMatchGetLastSMFromLists(s, 28, - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH]); + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH]); } if (pm == NULL) { SCLogError(SC_ERR_OFFSET_MISSING_CONTENT, "distance needs " diff --git a/src/detect-dsize.c b/src/detect-dsize.c index 21f85a20a1..cb415f5151 100644 --- a/src/detect-dsize.c +++ b/src/detect-dsize.c @@ -258,7 +258,7 @@ static int DetectDsizeSetup (DetectEngineCtx *de_ctx, Signature *s, char *rawstr if (SigMatchGetLastSMFromLists(s, 2, DETECT_DSIZE, - s->sm_lists_tail[DETECT_SM_LIST_MATCH]) != NULL) { + s->init_data->smlists_tail[DETECT_SM_LIST_MATCH]) != NULL) { SCLogError(SC_ERR_INVALID_SIGNATURE, "Can't use 2 or more dsizes in " "the same sig. Invalidating signature."); goto error; @@ -366,7 +366,7 @@ static int PrefilterSetupDsize(SigGroupHead *sgh) static _Bool PrefilterDsizeIsPrefilterable(const Signature *s) { const SigMatch *sm; - for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { + for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { switch (sm->type) { case DETECT_DSIZE: return TRUE; diff --git a/src/detect-engine-analyzer.c b/src/detect-engine-analyzer.c index 6f4a15adc8..a74b9bae9d 100644 --- a/src/detect-engine-analyzer.c +++ b/src/detect-engine-analyzer.c @@ -595,7 +595,7 @@ void EngineAnalysisRules(const Signature *s, const char *line) for (list_id = 0; list_id < DETECT_SM_LIST_MAX; list_id++) { SigMatch *sm = NULL; - for (sm = s->sm_lists[list_id]; sm != NULL; sm = sm->next) { + for (sm = s->init_data->smlists[list_id]; sm != NULL; sm = sm->next) { if (sm->type == DETECT_PCRE) { if (list_id == DETECT_SM_LIST_HCBDMATCH) { rule_pcre_http += 1; diff --git a/src/detect-engine-dcepayload.c b/src/detect-engine-dcepayload.c index 780b85aada..874e30f346 100644 --- a/src/detect-engine-dcepayload.c +++ b/src/detect-engine-dcepayload.c @@ -71,7 +71,7 @@ int DetectEngineInspectDcePayload(DetectEngineCtx *de_ctx, uint16_t dce_stub_data_len; int r = 0; - if (s->sm_lists[DETECT_SM_LIST_DMATCH] == NULL || dcerpc_state == NULL) { + if (s->sm_arrays[DETECT_SM_LIST_DMATCH] == NULL || dcerpc_state == NULL) { SCReturnInt(0); } @@ -91,7 +91,7 @@ int DetectEngineInspectDcePayload(DetectEngineCtx *de_ctx, dce_stub_data_len, 0, 0, dcerpc_state); - //r = DoInspectDcePayload(de_ctx, det_ctx, s, s->sm_lists[DETECT_SM_LIST_DMATCH], f, + //r = DoInspectDcePayload(de_ctx, det_ctx, s, s->init_data->smlists[DETECT_SM_LIST_DMATCH], f, //dce_stub_data, dce_stub_data_len, dcerpc_state); if (r == 1) { SCReturnInt(1); @@ -114,7 +114,7 @@ int DetectEngineInspectDcePayload(DetectEngineCtx *de_ctx, dce_stub_data_len, 0, 0, dcerpc_state); - //r = DoInspectDcePayload(de_ctx, det_ctx, s, s->sm_lists[DETECT_SM_LIST_DMATCH], f, + //r = DoInspectDcePayload(de_ctx, det_ctx, s, s->init_data->smlists[DETECT_SM_LIST_DMATCH], f, //dce_stub_data, dce_stub_data_len, dcerpc_state); if (r == 1) { SCReturnInt(1); @@ -7498,16 +7498,16 @@ static int DcePayloadParseTest25(void) goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] != NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] != NULL) { result = 0; goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { result = 0; goto end; } - sm = s->sm_lists[DETECT_SM_LIST_PMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; if (sm->type != DETECT_CONTENT) { result = 0; goto end; @@ -7621,16 +7621,16 @@ static int DcePayloadParseTest26(void) goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] != NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] != NULL) { result = 0; goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { result = 0; goto end; } - sm = s->sm_lists[DETECT_SM_LIST_PMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; if (sm->type != DETECT_CONTENT) { result = 0; goto end; @@ -7747,16 +7747,16 @@ static int DcePayloadParseTest27(void) goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) { result = 0; goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] != NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] != NULL) { result = 0; goto end; } - sm = s->sm_lists[DETECT_SM_LIST_DMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH]; if (sm->type != DETECT_CONTENT) { result = 0; goto end; @@ -7874,16 +7874,16 @@ static int DcePayloadParseTest28(void) goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) { result = 0; goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { result = 0; goto end; } - sm = s->sm_lists[DETECT_SM_LIST_DMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH]; if (sm->type != DETECT_CONTENT) { result = 0; goto end; @@ -7923,7 +7923,7 @@ static int DcePayloadParseTest28(void) if (result == 0) goto end; - sm = s->sm_lists[DETECT_SM_LIST_PMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; if (sm->type != DETECT_CONTENT) { result = 0; goto end; @@ -8003,16 +8003,16 @@ static int DcePayloadParseTest29(void) goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] != NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] != NULL) { result = 0; goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { result = 0; goto end; } - sm = s->sm_lists[DETECT_SM_LIST_PMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; if (sm->type != DETECT_PCRE) { result = 0; goto end; @@ -8145,16 +8145,16 @@ static int DcePayloadParseTest30(void) goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] != NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] != NULL) { result = 0; goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { result = 0; goto end; } - sm = s->sm_lists[DETECT_SM_LIST_PMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; if (sm->type != DETECT_BYTEJUMP) { result = 0; goto end; @@ -8292,16 +8292,16 @@ static int DcePayloadParseTest31(void) goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) { result = 0; goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { result = 0; goto end; } - sm = s->sm_lists[DETECT_SM_LIST_DMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH]; if (sm->type != DETECT_BYTEJUMP) { result = 0; goto end; @@ -8359,7 +8359,7 @@ static int DcePayloadParseTest31(void) if (result == 0) goto end; - sm = s->sm_lists[DETECT_SM_LIST_PMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; if (sm->type != DETECT_CONTENT) { result = 0; goto end; @@ -8439,16 +8439,16 @@ static int DcePayloadParseTest32(void) goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) { result = 0; goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { result = 0; goto end; } - sm = s->sm_lists[DETECT_SM_LIST_DMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH]; if (sm->type != DETECT_BYTEJUMP) { result = 0; goto end; @@ -8506,7 +8506,7 @@ static int DcePayloadParseTest32(void) if (result == 0) goto end; - sm = s->sm_lists[DETECT_SM_LIST_PMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; if (sm->type != DETECT_CONTENT) { result = 0; goto end; @@ -8586,16 +8586,16 @@ static int DcePayloadParseTest33(void) goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) { result = 0; goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { result = 0; goto end; } - sm = s->sm_lists[DETECT_SM_LIST_DMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH]; if (sm->type != DETECT_PCRE) { result = 0; goto end; @@ -8648,7 +8648,7 @@ static int DcePayloadParseTest33(void) if (result == 0) goto end; - sm = s->sm_lists[DETECT_SM_LIST_PMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; if (sm->type != DETECT_CONTENT) { result = 0; goto end; @@ -8729,16 +8729,16 @@ static int DcePayloadParseTest34(void) goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) { result = 0; goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { result = 0; goto end; } - sm = s->sm_lists[DETECT_SM_LIST_DMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH]; if (sm->type != DETECT_PCRE) { result = 0; goto end; @@ -8790,7 +8790,7 @@ static int DcePayloadParseTest34(void) result &= (sm->next == NULL); - sm = s->sm_lists[DETECT_SM_LIST_PMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; if (sm->type != DETECT_CONTENT) { result = 0; goto end; @@ -8850,16 +8850,16 @@ static int DcePayloadParseTest35(void) goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) { result = 0; goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { result = 0; goto end; } - sm = s->sm_lists[DETECT_SM_LIST_DMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH]; if (sm->type != DETECT_BYTETEST) { result = 0; goto end; @@ -8877,7 +8877,7 @@ static int DcePayloadParseTest35(void) result &= (sm->next == NULL); - sm = s->sm_lists[DETECT_SM_LIST_PMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; if (sm->type != DETECT_CONTENT) { result = 0; goto end; @@ -8938,16 +8938,16 @@ static int DcePayloadParseTest36(void) goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) { result = 0; goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { result = 0; goto end; } - sm = s->sm_lists[DETECT_SM_LIST_DMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH]; if (sm->type != DETECT_ISDATAAT) { result = 0; goto end; @@ -8981,7 +8981,7 @@ static int DcePayloadParseTest36(void) result &= (sm->next == NULL); - sm = s->sm_lists[DETECT_SM_LIST_PMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; if (sm->type != DETECT_CONTENT) { result = 0; goto end; @@ -9043,16 +9043,16 @@ static int DcePayloadParseTest37(void) goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) { result = 0; goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { result = 0; goto end; } - sm = s->sm_lists[DETECT_SM_LIST_DMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH]; if (sm->type != DETECT_BYTEJUMP) { result = 0; goto end; @@ -9088,7 +9088,7 @@ static int DcePayloadParseTest37(void) result &= (sm->next == NULL); - sm = s->sm_lists[DETECT_SM_LIST_PMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; if (sm->type != DETECT_CONTENT) { result = 0; goto end; @@ -9152,16 +9152,16 @@ static int DcePayloadParseTest38(void) goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) { result = 0; goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { result = 0; goto end; } - sm = s->sm_lists[DETECT_SM_LIST_DMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH]; if (sm->type != DETECT_PCRE) { result = 0; goto end; @@ -9210,7 +9210,7 @@ static int DcePayloadParseTest38(void) result &= (sm->next == NULL); - sm = s->sm_lists[DETECT_SM_LIST_PMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; if (sm->type != DETECT_CONTENT) { result = 0; goto end; @@ -9268,16 +9268,16 @@ static int DcePayloadParseTest39(void) goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) { result = 0; goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { result = 0; goto end; } - sm = s->sm_lists[DETECT_SM_LIST_PMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; if (sm->type != DETECT_CONTENT) { result = 0; goto end; @@ -9299,7 +9299,7 @@ static int DcePayloadParseTest39(void) result &= (sm->next == NULL); - sm = s->sm_lists[DETECT_SM_LIST_DMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH]; data = (DetectContentData *)sm->ctx; if (data->flags & DETECT_CONTENT_RAWBYTES || data->flags & DETECT_CONTENT_NOCASE || @@ -9357,16 +9357,16 @@ static int DcePayloadParseTest40(void) goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) { result = 0; goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { result = 0; goto end; } - sm = s->sm_lists[DETECT_SM_LIST_DMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH]; if (sm->type != DETECT_CONTENT) { result = 0; goto end; @@ -9425,7 +9425,7 @@ static int DcePayloadParseTest40(void) result &= (sm->next == NULL); - sm = s->sm_lists[DETECT_SM_LIST_PMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; if (sm->type != DETECT_CONTENT) { result = 0; goto end; @@ -9487,16 +9487,16 @@ static int DcePayloadParseTest41(void) goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) { result = 0; goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { result = 0; goto end; } - sm = s->sm_lists[DETECT_SM_LIST_DMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH]; if (sm->type != DETECT_CONTENT) { result = 0; goto end; @@ -9518,7 +9518,7 @@ static int DcePayloadParseTest41(void) result &= (sm->next == NULL); - sm = s->sm_lists[DETECT_SM_LIST_PMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; if (sm->type != DETECT_CONTENT) { result = 0; goto end; @@ -9822,16 +9822,16 @@ static int DcePayloadParseTest44(void) goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) { result = 0; goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { result = 0; goto end; } - sm = s->sm_lists[DETECT_SM_LIST_DMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH]; if (sm->type != DETECT_ISDATAAT) { result = 0; goto end; @@ -9866,7 +9866,7 @@ static int DcePayloadParseTest44(void) result &= (sm->next == NULL); - sm = s->sm_lists[DETECT_SM_LIST_PMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; if (sm->type != DETECT_CONTENT) { result = 0; goto end; @@ -9948,16 +9948,16 @@ static int DcePayloadParseTest45(void) goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) { result = 0; goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { result = 0; goto end; } - sm = s->sm_lists[DETECT_SM_LIST_DMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH]; if (sm->type != DETECT_BYTEJUMP) { result = 0; goto end; @@ -9977,7 +9977,7 @@ static int DcePayloadParseTest45(void) result &= (sm->next == NULL); - sm = s->sm_lists[DETECT_SM_LIST_PMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; if (sm->type != DETECT_CONTENT) { result = 0; goto end; @@ -10060,16 +10060,16 @@ static int DcePayloadParseTest46(void) goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_DMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) { result = 0; goto end; } - if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { result = 0; goto end; } - sm = s->sm_lists[DETECT_SM_LIST_DMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH]; if (sm->type != DETECT_BYTETEST) { result = 0; goto end; @@ -10087,7 +10087,7 @@ static int DcePayloadParseTest46(void) result &= (sm->next == NULL); - sm = s->sm_lists[DETECT_SM_LIST_PMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; if (sm->type != DETECT_CONTENT) { result = 0; goto end; diff --git a/src/detect-engine-iponly.c b/src/detect-engine-iponly.c index 191a153636..bd47567781 100644 --- a/src/detect-engine-iponly.c +++ b/src/detect-engine-iponly.c @@ -941,20 +941,22 @@ int IPOnlyMatchCompatSMs(ThreadVars *tv, Signature *s, Packet *p) { KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_MATCH); - SigMatch *sm = s->sm_lists[DETECT_SM_LIST_MATCH]; - - while (sm != NULL) { - BUG_ON(!(sigmatch_table[sm->type].flags & SIGMATCH_IPONLY_COMPAT)); - KEYWORD_PROFILING_START; - if (sigmatch_table[sm->type].Match(tv, det_ctx, p, s, sm->ctx) > 0) { - KEYWORD_PROFILING_END(det_ctx, sm->type, 1); - sm = sm->next; - continue; + SigMatchData *smd = s->sm_arrays[DETECT_SM_LIST_MATCH]; + if (smd) { + while (1) { + BUG_ON(!(sigmatch_table[smd->type].flags & SIGMATCH_IPONLY_COMPAT)); + KEYWORD_PROFILING_START; + if (sigmatch_table[smd->type].Match(tv, det_ctx, p, s, smd->ctx) > 0) { + KEYWORD_PROFILING_END(det_ctx, smd->type, 1); + if (smd->is_last) + break; + smd++; + continue; + } + KEYWORD_PROFILING_END(det_ctx, smd->type, 0); + return 0; } - KEYWORD_PROFILING_END(det_ctx, sm->type, 0); - return 0; } - return 1; } diff --git a/src/detect-engine-mpm.c b/src/detect-engine-mpm.c index 1faa66a2ac..2c2d3e4c84 100644 --- a/src/detect-engine-mpm.c +++ b/src/detect-engine-mpm.c @@ -286,7 +286,9 @@ int SignatureHasPacketContent(const Signature *s) SCReturnInt(1); } - if (s->sm_lists[DETECT_SM_LIST_PMATCH] == NULL) { + if ((s->init_data != NULL && s->init_data->smlists[DETECT_SM_LIST_PMATCH] == NULL) || + (s->init_data == NULL && s->sm_arrays[DETECT_SM_LIST_PMATCH] == NULL)) + { SCLogDebug("no mpm"); SCReturnInt(0); } @@ -320,7 +322,9 @@ int SignatureHasStreamContent(const Signature *s) SCReturnInt(0); } - if (s->sm_lists[DETECT_SM_LIST_PMATCH] == NULL) { + if ((s->init_data != NULL && s->init_data->smlists[DETECT_SM_LIST_PMATCH] == NULL) || + (s->init_data == NULL && s->sm_arrays[DETECT_SM_LIST_PMATCH] == NULL)) + { SCLogDebug("no mpm"); SCReturnInt(0); } @@ -551,13 +555,13 @@ void RetrieveFPForSig(Signature *s) /* inspect rule to see if we have the fast_pattern reg to * force using a sig, otherwise keep stats about the patterns */ for (list_id = 0; list_id < DETECT_SM_LIST_DETECT_MAX; list_id++) { - if (s->sm_lists[list_id] == NULL) + if (s->init_data->smlists[list_id] == NULL) continue; if (!FastPatternSupportEnabledForSigMatchList(list_id)) continue; - for (sm = s->sm_lists[list_id]; sm != NULL; sm = sm->next) { + for (sm = s->init_data->smlists[list_id]; sm != NULL; sm = sm->next) { if (sm->type != DETECT_CONTENT) continue; @@ -614,7 +618,7 @@ void RetrieveFPForSig(Signature *s) int max_len = 0; int i; for (i = 0; i < count_final_sm_list; i++) { - for (sm = s->sm_lists[final_sm_list[i]]; sm != NULL; sm = sm->next) { + for (sm = s->init_data->smlists[final_sm_list[i]]; sm != NULL; sm = sm->next) { if (sm->type != DETECT_CONTENT) continue; @@ -629,7 +633,7 @@ void RetrieveFPForSig(Signature *s) } for (i = 0; i < count_final_sm_list; i++) { - for (sm = s->sm_lists[final_sm_list[i]]; sm != NULL; sm = sm->next) { + for (sm = s->init_data->smlists[final_sm_list[i]]; sm != NULL; sm = sm->next) { if (sm->type != DETECT_CONTENT) continue; diff --git a/src/detect-engine-payload.c b/src/detect-engine-payload.c index 0699a85fed..ce65a08ba4 100644 --- a/src/detect-engine-payload.c +++ b/src/detect-engine-payload.c @@ -134,7 +134,7 @@ int DetectEngineInspectPacketPayload(DetectEngineCtx *de_ctx, SCEnter(); int r = 0; - if (s->sm_lists[DETECT_SM_LIST_PMATCH] == NULL) { + if (s->sm_arrays[DETECT_SM_LIST_PMATCH] == NULL) { SCReturnInt(0); } @@ -176,7 +176,7 @@ int DetectEngineInspectStreamPayload(DetectEngineCtx *de_ctx, SCEnter(); int r = 0; - if (s->sm_lists[DETECT_SM_LIST_PMATCH] == NULL) { + if (s->sm_arrays[DETECT_SM_LIST_PMATCH] == NULL) { SCReturnInt(0); } diff --git a/src/detect-engine-sigorder.c b/src/detect-engine-sigorder.c index 1186636f5e..56b87c9cc6 100644 --- a/src/detect-engine-sigorder.c +++ b/src/detect-engine-sigorder.c @@ -133,7 +133,7 @@ static inline int SCSigGetFlowbitsType(Signature *sig) int flowbits_user_type = DETECT_FLOWBITS_NOT_USED; int read = 0; int write = 0; - SigMatch *sm = sig->sm_lists[DETECT_SM_LIST_MATCH]; + SigMatch *sm = sig->init_data->smlists[DETECT_SM_LIST_MATCH]; while (sm != NULL) { if (sm->type == DETECT_FLOWBITS) { @@ -151,7 +151,7 @@ static inline int SCSigGetFlowbitsType(Signature *sig) sm = sm->next; } - sm = sig->sm_lists[DETECT_SM_LIST_POSTMATCH]; + sm = sig->init_data->smlists[DETECT_SM_LIST_POSTMATCH]; while (sm != NULL) { if (sm->type == DETECT_FLOWBITS) { fb = (DetectFlowbitsData *)sm->ctx; @@ -188,7 +188,7 @@ static inline int SCSigGetFlowintType(Signature *sig) int flowint_user_type = DETECT_FLOWINT_NOT_USED; int read = 0; int write = 0; - SigMatch *sm = sig->sm_lists[DETECT_SM_LIST_MATCH]; + SigMatch *sm = sig->init_data->smlists[DETECT_SM_LIST_MATCH]; while (sm != NULL) { if (sm->type == DETECT_FLOWINT) { @@ -212,7 +212,7 @@ static inline int SCSigGetFlowintType(Signature *sig) sm = sm->next; } - sm = sig->sm_lists[DETECT_SM_LIST_POSTMATCH]; + sm = sig->init_data->smlists[DETECT_SM_LIST_POSTMATCH]; while (sm != NULL) { if (sm->type == DETECT_FLOWINT) { fi = (DetectFlowintData *)sm->ctx; @@ -263,7 +263,7 @@ static inline int SCSigGetFlowvarType(Signature *sig) int type = DETECT_FLOWVAR_NOT_USED; int read = 0; int write = 0; - SigMatch *sm = sig->sm_lists[DETECT_SM_LIST_PMATCH]; + SigMatch *sm = sig->init_data->smlists[DETECT_SM_LIST_PMATCH]; while (sm != NULL) { pd = (DetectPcreData *)sm->ctx; @@ -274,7 +274,7 @@ static inline int SCSigGetFlowvarType(Signature *sig) sm = sm->next; } - sm = sig->sm_lists[DETECT_SM_LIST_MATCH]; + sm = sig->init_data->smlists[DETECT_SM_LIST_MATCH]; pd = NULL; while (sm != NULL) { if (sm->type == DETECT_FLOWVAR) { @@ -315,7 +315,7 @@ static inline int SCSigGetPktvarType(Signature *sig) int type = DETECT_PKTVAR_NOT_USED; int read = 0; int write = 0; - SigMatch *sm = sig->sm_lists[DETECT_SM_LIST_PMATCH]; + SigMatch *sm = sig->init_data->smlists[DETECT_SM_LIST_PMATCH]; while (sm != NULL) { pd = (DetectPcreData *)sm->ctx; @@ -326,7 +326,7 @@ static inline int SCSigGetPktvarType(Signature *sig) sm = sm->next; } - sm = sig->sm_lists[DETECT_SM_LIST_MATCH]; + sm = sig->init_data->smlists[DETECT_SM_LIST_MATCH]; pd = NULL; while (sm != NULL) { if (sm->type == DETECT_PKTVAR) { @@ -367,7 +367,7 @@ static inline int SCSigGetXbitsType(Signature *sig, enum VarTypes type) int xbits_user_type = DETECT_XBITS_NOT_USED; int read = 0; int write = 0; - SigMatch *sm = sig->sm_lists[DETECT_SM_LIST_MATCH]; + SigMatch *sm = sig->init_data->smlists[DETECT_SM_LIST_MATCH]; while (sm != NULL) { if (sm->type == DETECT_XBITS) { @@ -387,7 +387,7 @@ static inline int SCSigGetXbitsType(Signature *sig, enum VarTypes type) sm = sm->next; } - sm = sig->sm_lists[DETECT_SM_LIST_POSTMATCH]; + sm = sig->init_data->smlists[DETECT_SM_LIST_POSTMATCH]; while (sm != NULL) { if (sm->type == DETECT_HOSTBITS) { fb = (DetectXbitsData *)sm->ctx; diff --git a/src/detect-engine-state.c b/src/detect-engine-state.c index c9053602a0..b64aec418f 100644 --- a/src/detect-engine-state.c +++ b/src/detect-engine-state.c @@ -204,7 +204,7 @@ static void DeStateSignatureAppend(DetectEngineState *state, } static void DeStateFlowRuleAppend(DetectEngineStateFlow *state, const Signature *s, - const SigMatch *sm, uint32_t inspect_flags, + const SigMatchData *smd, uint32_t inspect_flags, uint8_t direction) { int jump = 0; @@ -238,7 +238,7 @@ static void DeStateFlowRuleAppend(DetectEngineStateFlow *state, const Signature SigIntId idx = dir_state->cnt++ % DE_STATE_CHUNK_SIZE; store->store[idx].sid = s->num; store->store[idx].flags = inspect_flags; - store->store[idx].nm = sm; + store->store[idx].nm = smd; return; } @@ -393,7 +393,7 @@ int DeStateFlowHasInspectableState(Flow *f, AppProto alproto, static int StoreState(DetectEngineThreadCtx *det_ctx, Flow *f, const uint8_t flags, const uint8_t alversion, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, const uint32_t inspect_flags, const uint16_t file_no_match) { @@ -404,7 +404,7 @@ static int StoreState(DetectEngineThreadCtx *det_ctx, } } - DeStateFlowRuleAppend(f->de_state, s, sm, inspect_flags, flags); + DeStateFlowRuleAppend(f->de_state, s, smd, inspect_flags, flags); DeStateStoreStateVersion(f, alversion, flags); return 1; } @@ -447,7 +447,7 @@ static void StoreStateTxFileOnly(DetectEngineThreadCtx *det_ctx, static void StoreStateTx(DetectEngineThreadCtx *det_ctx, Flow *f, const uint8_t flags, const uint8_t alversion, const uint64_t tx_id, void *tx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, const uint32_t inspect_flags, const uint16_t file_no_match, int check_before_add) { if (AppLayerParserSupportsTxDetectState(f->proto, f->alproto)) { @@ -479,7 +479,7 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, const Signature *s, Packet *p, Flow *f, uint8_t flags, AppProto alproto, const uint8_t alversion) { - SigMatch *sm = NULL; + SigMatchData *smd = NULL; uint16_t file_no_match = 0; uint32_t inspect_flags = 0; int alert_cnt = 0; @@ -606,7 +606,7 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, /* store */ StoreStateTx(det_ctx, f, flags, alversion, tx_id, tx, - s, sm, inspect_flags, file_no_match, check_before_add); + s, smd, inspect_flags, file_no_match, check_before_add); } else { StoreStateTxFileOnly(det_ctx, f, flags, tx_id, tx, file_no_match); } @@ -618,7 +618,7 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, } /* for */ /* DCERPC matches */ - } else if (s->sm_lists[DETECT_SM_LIST_DMATCH] != NULL && + } else if (s->sm_arrays[DETECT_SM_LIST_DMATCH] != NULL && (alproto == ALPROTO_DCERPC || alproto == ALPROTO_SMB || alproto == ALPROTO_SMB2)) { @@ -648,29 +648,29 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, int amatch = 0; /* flow based matches */ KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_AMATCH); - sm = s->sm_lists[DETECT_SM_LIST_AMATCH]; - if (sm != NULL) { + smd = s->sm_arrays[DETECT_SM_LIST_AMATCH]; + if (smd != NULL) { void *alstate = FlowGetAppState(f); if (alstate == NULL) { goto end; } - for ( ; sm != NULL; sm = sm->next) { - if (sigmatch_table[sm->type].AppLayerMatch != NULL) { + while (1) { + if (sigmatch_table[smd->type].AppLayerMatch != NULL) { int match = 0; if (alproto == ALPROTO_SMB || alproto == ALPROTO_SMB2) { SMBState *smb_state = (SMBState *)alstate; if (smb_state->dcerpc_present) { KEYWORD_PROFILING_START; - match = sigmatch_table[sm->type]. - AppLayerMatch(tv, det_ctx, f, flags, &smb_state->dcerpc, s, sm); - KEYWORD_PROFILING_END(det_ctx, sm->type, (match == 1)); + match = sigmatch_table[smd->type]. + AppLayerMatch(tv, det_ctx, f, flags, &smb_state->dcerpc, s, smd); + KEYWORD_PROFILING_END(det_ctx, smd->type, (match == 1)); } } else { KEYWORD_PROFILING_START; - match = sigmatch_table[sm->type]. - AppLayerMatch(tv, det_ctx, f, flags, alstate, s, sm); - KEYWORD_PROFILING_END(det_ctx, sm->type, (match == 1)); + match = sigmatch_table[smd->type]. + AppLayerMatch(tv, det_ctx, f, flags, alstate, s, smd); + KEYWORD_PROFILING_END(det_ctx, smd->type, (match == 1)); } if (match == 0) { @@ -678,17 +678,20 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, } else if (match == 2) { inspect_flags |= DE_STATE_FLAG_SIG_CANT_MATCH; break; - } else if (match == 1 && sm->next == NULL) { + } else if (match == 1 && smd->is_last) { amatch = 1; } } + if (smd->is_last) + break; + smd++; } } /* if AMATCH and/or DMATCH are in use, see if we need to * alert and store the state */ - if ((s->sm_lists[DETECT_SM_LIST_AMATCH] != NULL || - s->sm_lists[DETECT_SM_LIST_DMATCH] != NULL)) + if ((s->sm_arrays[DETECT_SM_LIST_AMATCH] != NULL || + s->sm_arrays[DETECT_SM_LIST_DMATCH] != NULL)) { /* if dmatch in use and match + amatch in use and match or @@ -701,8 +704,8 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, if (inspect_flags & DE_STATE_FLAG_SIG_CANT_MATCH) { inspect_flags |= DE_STATE_FLAG_FULL_INSPECT; } else { - if ((amatch || s->sm_lists[DETECT_SM_LIST_AMATCH] == NULL) && - (dmatch || s->sm_lists[DETECT_SM_LIST_DMATCH] == NULL)) + if ((amatch || s->sm_arrays[DETECT_SM_LIST_AMATCH] == NULL) && + (dmatch || s->sm_arrays[DETECT_SM_LIST_DMATCH] == NULL)) { if (!(s->flags & SIG_FLAG_NOALERT)) { PacketAlertAppend(det_ctx, s, p, 0, @@ -717,7 +720,7 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, } StoreState(det_ctx, f, flags, alversion, - s, sm, inspect_flags, file_no_match); + s, smd, inspect_flags, file_no_match); } end: det_ctx->tx_id = 0; @@ -948,7 +951,7 @@ static int DoInspectFlowRule(ThreadVars *tv, uint32_t inspect_flags = item->flags; int total_matches = 0; int full_match = 0; - const SigMatch *sm = NULL; + const SigMatchData *smd = NULL; const Signature *s = de_ctx->sig_array[item->sid]; RULE_PROFILING_START(p); @@ -961,39 +964,49 @@ static int DoInspectFlowRule(ThreadVars *tv, return -1; } - for (sm = item->nm; sm != NULL; sm = sm->next) { - if (sigmatch_table[sm->type].AppLayerMatch != NULL) - { + smd = item->nm; + while(1) { + if (sigmatch_table[smd->type].AppLayerMatch != NULL) { int match = 0; if (alproto == ALPROTO_SMB || alproto == ALPROTO_SMB2) { SMBState *smb_state = (SMBState *)alstate; if (smb_state->dcerpc_present) { KEYWORD_PROFILING_START; - match = sigmatch_table[sm->type]. - AppLayerMatch(tv, det_ctx, f, flags, &smb_state->dcerpc, s, sm); - KEYWORD_PROFILING_END(det_ctx, sm->type, (match == 1)); + match = sigmatch_table[smd->type]. + AppLayerMatch(tv, det_ctx, f, flags, &smb_state->dcerpc, s, smd); + KEYWORD_PROFILING_END(det_ctx, smd->type, (match == 1)); } } else { KEYWORD_PROFILING_START; - match = sigmatch_table[sm->type]. - AppLayerMatch(tv, det_ctx, f, flags, alstate, s, sm); - KEYWORD_PROFILING_END(det_ctx, sm->type, (match == 1)); + match = sigmatch_table[smd->type]. + AppLayerMatch(tv, det_ctx, f, flags, alstate, s, smd); + KEYWORD_PROFILING_END(det_ctx, smd->type, (match == 1)); } if (match == 0) break; - else if (match == 2) + else if (match == 2) { inspect_flags |= DE_STATE_FLAG_SIG_CANT_MATCH; - else if (match == 1) + break; + } + else if (match == 1) { total_matches++; + + if (smd->is_last) + full_match = 1; + } } + if (smd->is_last) + break; + smd++; } + } else { + /* AMATCH isn't there */ + full_match = 1; } - /* AMATCH part checked out, or isn't there at all */ - full_match = (sm == NULL); /* DCERPC matches */ - if (s->sm_lists[DETECT_SM_LIST_DMATCH] != NULL && + if (s->sm_arrays[DETECT_SM_LIST_DMATCH] != NULL && (alproto == ALPROTO_DCERPC || alproto == ALPROTO_SMB || alproto == ALPROTO_SMB2) && !(item->flags & DE_STATE_FLAG_DCE_PAYLOAD_INSPECT)) @@ -1021,7 +1034,7 @@ static int DoInspectFlowRule(ThreadVars *tv, } } /* update full_match with DMATCH result */ - if (full_match && s->sm_lists[DETECT_SM_LIST_DMATCH] != NULL) { + if (full_match && s->sm_arrays[DETECT_SM_LIST_DMATCH] != NULL) { full_match = ((inspect_flags & DE_STATE_FLAG_DCE_PAYLOAD_INSPECT) != 0); } @@ -1038,7 +1051,7 @@ static int DoInspectFlowRule(ThreadVars *tv, /* store the progress in the state */ item->flags |= inspect_flags; - item->nm = sm; + item->nm = smd; if (alert) { SigMatchSignaturesRunPostMatch(tv, de_ctx, det_ctx, p, s); diff --git a/src/detect-engine-state.h b/src/detect-engine-state.h index d61faa5b2c..3fcd7b08e3 100644 --- a/src/detect-engine-state.h +++ b/src/detect-engine-state.h @@ -123,7 +123,7 @@ typedef struct DetectEngineState_ { /* FLOW BASED (AMATCH) */ typedef struct DeStateStoreFlowRule_ { - const SigMatch *nm; + const SigMatchData *nm; uint32_t flags; SigIntId sid; } DeStateStoreFlowRule; diff --git a/src/detect-engine.c b/src/detect-engine.c index 45061fda2b..002e69c1a3 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -148,7 +148,7 @@ int DetectEngineAppInspectionEngine2Signature(Signature *s) DetectEngineAppInspectionEngine *t = g_app_inspect_engines; while (t != NULL) { - if (s->sm_lists[t->sm_list] == NULL) + if (s->init_data->smlists[t->sm_list] == NULL) goto next; if (t->alproto == ALPROTO_UNKNOWN) { /* special case, inspect engine applies to all protocols */ diff --git a/src/detect-fast-pattern.c b/src/detect-fast-pattern.c index 8370d08af0..e844f39d11 100644 --- a/src/detect-fast-pattern.c +++ b/src/detect-fast-pattern.c @@ -163,25 +163,25 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, char *a char arg_substr[128] = ""; DetectContentData *cd = NULL; - if (s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL && - s->sm_lists_tail[DETECT_SM_LIST_UMATCH] == NULL && - s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH] == NULL && - s->sm_lists_tail[DETECT_SM_LIST_FILEDATA] == NULL && - s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH] == NULL && - s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH] == NULL && - s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH] == NULL && - s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH] == NULL && - s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH] == NULL && - s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH] == NULL && - s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH] == NULL && - s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH] == NULL && - s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH] == NULL && - s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH] == NULL && - s->sm_lists_tail[DETECT_SM_LIST_DNSQUERYNAME_MATCH] == NULL && - s->sm_lists_tail[DETECT_SM_LIST_TLSSNI_MATCH] == NULL && - s->sm_lists_tail[DETECT_SM_LIST_TLSISSUER_MATCH] == NULL && - s->sm_lists_tail[DETECT_SM_LIST_TLSSUBJECT_MATCH] == NULL && - s->sm_lists_tail[DETECT_SM_LIST_HTTP_REQLINEMATCH] == NULL) { + if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL && + s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH] == NULL && + s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH] == NULL && + s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA] == NULL && + s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH] == NULL && + s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH] == NULL && + s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH] == NULL && + s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH] == NULL && + s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH] == NULL && + s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH] == NULL && + s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH] == NULL && + s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH] == NULL && + s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH] == NULL && + s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH] == NULL && + s->init_data->smlists_tail[DETECT_SM_LIST_DNSQUERYNAME_MATCH] == NULL && + s->init_data->smlists_tail[DETECT_SM_LIST_TLSSNI_MATCH] == NULL && + s->init_data->smlists_tail[DETECT_SM_LIST_TLSISSUER_MATCH] == NULL && + s->init_data->smlists_tail[DETECT_SM_LIST_TLSSUBJECT_MATCH] == NULL && + s->init_data->smlists_tail[DETECT_SM_LIST_HTTP_REQLINEMATCH] == NULL) { SCLogWarning(SC_WARN_COMPATIBILITY, "fast_pattern found inside the " "rule, without a preceding content based keyword. " "Currently we provide fast_pattern support for content, " @@ -195,25 +195,25 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, char *a } SigMatch *pm = SigMatchGetLastSMFromLists(s, 38, - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HTTP_REQLINEMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_DNSQUERYNAME_MATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_TLSSNI_MATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_TLSISSUER_MATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_TLSSUBJECT_MATCH]); + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HTTP_REQLINEMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_DNSQUERYNAME_MATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_TLSSNI_MATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_TLSISSUER_MATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_TLSSUBJECT_MATCH]); if (pm == NULL) { SCLogError(SC_ERR_INVALID_SIGNATURE, "fast_pattern found inside " "the rule, without a content context. Please use a " @@ -244,7 +244,7 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, char *a int list_id = 0; for (list_id = 0; list_id < DETECT_SM_LIST_MAX; list_id++) { SigMatch *sm = NULL; - for (sm = s->sm_lists[list_id]; sm != NULL; sm = sm->next) { + for (sm = s->init_data->smlists[list_id]; sm != NULL; sm = sm->next) { if (sm->type == DETECT_CONTENT) { DetectContentData *tmp_cd = (DetectContentData *)sm->ctx; if (tmp_cd->flags & DETECT_CONTENT_FAST_PATTERN) { @@ -18793,13 +18793,11 @@ int DetectFastPatternTest670(void) int DetectFastPatternTest671(void) { int no_of_sigs = 6; - int result = 0; char *sigs[no_of_sigs]; Signature *s[no_of_sigs]; - Signature *sig = NULL; DetectEngineCtx *de_ctx = NULL; DetectContentData *cd = NULL; - SigMatch *sm = NULL; + SigMatchData *smd = NULL; int i = 0; sigs[0] = "alert tcp any any -> any any " @@ -18816,83 +18814,42 @@ int DetectFastPatternTest671(void) "(content:\"onetwothreefour\"; fast_pattern:0,15; sid:6;)"; de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) { - printf("DetectEngineCtxInit() failure\n"); - goto end; - } + FAIL_IF_NULL(de_ctx); de_ctx->flags |= DE_QUIET; - i = 0; - s[i] = SigInit(de_ctx, sigs[i]); - de_ctx->sig_list = sig = s[i]; - if (sig == NULL) { - printf("SigInit(de_ctx, sig1) failure\n"); - goto end; - } - i++; - for ( ; i < no_of_sigs; i++) { - s[i] = SigInit(de_ctx, sigs[i]); - sig->next = s[i]; - sig = sig->next; - if (sig == NULL) { - printf("SigInit(de_ctx, sig[%d]) failure\n", i); - goto end; - } + for (i = 0; i < no_of_sigs; i++) { + s[i] = DetectEngineAppendSig(de_ctx, sigs[i]); + FAIL_IF_NULL(s[i]); } SigGroupBuild(de_ctx); - sm = s[0]->sm_lists[DETECT_SM_LIST_PMATCH]; - cd = (DetectContentData *)sm->ctx; - if (cd->id != 0) { - printf("sm = s[0]->sm_lists[DETECT_SM_LIST_PMATCH] failure\n"); - goto end; - } + smd = s[0]->sm_arrays[DETECT_SM_LIST_PMATCH]; + cd = (DetectContentData *)smd->ctx; + FAIL_IF(cd->id != 0); - sm = s[1]->sm_lists[DETECT_SM_LIST_PMATCH]; - cd = (DetectContentData *)sm->ctx; - if (cd->id != 0) { - printf("sm = s[1]->sm_lists[DETECT_SM_LIST_PMATCH] failure\n"); - goto end; - } + smd = s[1]->sm_arrays[DETECT_SM_LIST_PMATCH]; + cd = (DetectContentData *)smd->ctx; + FAIL_IF(cd->id != 0); - sm = s[2]->sm_lists[DETECT_SM_LIST_PMATCH]; - cd = (DetectContentData *)sm->ctx; - if (cd->id != 1) { - printf("sm = s[2]->sm_lists[DETECT_SM_LIST_PMATCH] failure\n"); - goto end; - } + smd = s[2]->sm_arrays[DETECT_SM_LIST_PMATCH]; + cd = (DetectContentData *)smd->ctx; + FAIL_IF(cd->id != 2); - sm = s[3]->sm_lists[DETECT_SM_LIST_PMATCH]; - cd = (DetectContentData *)sm->ctx; - if (cd->id != 2) { - printf("sm = s[3]->sm_lists[DETECT_SM_LIST_PMATCH] failure\n"); - goto end; - } + smd = s[3]->sm_arrays[DETECT_SM_LIST_PMATCH]; + cd = (DetectContentData *)smd->ctx; + FAIL_IF(cd->id != 1); - sm = s[4]->sm_lists[DETECT_SM_LIST_PMATCH]; - cd = (DetectContentData *)sm->ctx; - if (cd->id != 2) { - printf("sm = s[4]->sm_lists[DETECT_SM_LIST_PMATCH] failure\n"); - goto end; - } + smd = s[4]->sm_arrays[DETECT_SM_LIST_PMATCH]; + cd = (DetectContentData *)smd->ctx; + FAIL_IF(cd->id != 1); - sm = s[5]->sm_lists[DETECT_SM_LIST_PMATCH]; - cd = (DetectContentData *)sm->ctx; - if (cd->id != 0) { - printf("sm = s[5]->sm_lists[DETECT_SM_LIST_PMATCH] failure\n"); - goto end; - } + smd = s[5]->sm_arrays[DETECT_SM_LIST_PMATCH]; + cd = (DetectContentData *)smd->ctx; + FAIL_IF(cd->id != 0); - result = 1; -end: - if (de_ctx != NULL) { - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - } - - return result; + DetectEngineCtxFree(de_ctx); + PASS; } #endif diff --git a/src/detect-filestore.c b/src/detect-filestore.c index de11089092..328b211803 100644 --- a/src/detect-filestore.c +++ b/src/detect-filestore.c @@ -85,7 +85,7 @@ void DetectFilestoreRegister(void) /** * \brief apply the post match filestore with options */ -static int FilestorePostMatchWithOptions(Packet *p, Flow *f, DetectFilestoreData *filestore, FileContainer *fc, +static int FilestorePostMatchWithOptions(Packet *p, Flow *f, const DetectFilestoreData *filestore, FileContainer *fc, uint16_t file_id, uint16_t tx_id) { if (filestore == NULL) { @@ -190,7 +190,7 @@ int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Pack SCReturnInt(0); } - if (s->filestore_sm == NULL || p->flow == NULL) { + if ((s->filestore_ctx == NULL && !(s->flags & SIG_FLAG_FILESTORE)) || p->flow == NULL) { #ifndef DEBUG SCReturnInt(0); #else @@ -211,17 +211,16 @@ int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Pack p->flow->alstate, flags); /* filestore for single files only */ - if (s->filestore_sm->ctx == NULL) { + if (s->filestore_ctx == NULL) { uint16_t u; for (u = 0; u < det_ctx->filestore_cnt; u++) { FileStoreFileById(ffc, det_ctx->filestore[u].file_id); } } else { - DetectFilestoreData *filestore = (DetectFilestoreData *)s->filestore_sm->ctx; uint16_t u; for (u = 0; u < det_ctx->filestore_cnt; u++) { - FilestorePostMatchWithOptions(p, p->flow, filestore, ffc, + FilestorePostMatchWithOptions(p, p->flow, s->filestore_ctx, ffc, det_ctx->filestore[u].file_id, det_ctx->filestore[u].tx_id); } } @@ -403,7 +402,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, char *st } SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH); - s->filestore_sm = sm; + s->filestore_ctx = (const DetectFilestoreData *)sm->ctx; s->flags |= SIG_FLAG_FILESTORE; return 0; diff --git a/src/detect-flags.c b/src/detect-flags.c index be4232856b..72ac60d729 100644 --- a/src/detect-flags.c +++ b/src/detect-flags.c @@ -519,7 +519,7 @@ static void DetectFlagsFree(void *de_ptr) int DetectFlagsSignatureNeedsSynPackets(const Signature *s) { const SigMatch *sm; - for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { + for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { switch (sm->type) { case DETECT_FLAGS: { @@ -538,7 +538,7 @@ int DetectFlagsSignatureNeedsSynPackets(const Signature *s) int DetectFlagsSignatureNeedsSynOnlyPackets(const Signature *s) { const SigMatch *sm; - for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { + for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { switch (sm->type) { case DETECT_FLAGS: { @@ -606,7 +606,7 @@ static int PrefilterSetupTcpFlags(SigGroupHead *sgh) static _Bool PrefilterTcpFlagsIsPrefilterable(const Signature *s) { const SigMatch *sm; - for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { + for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { switch (sm->type) { case DETECT_FLAGS: return TRUE; diff --git a/src/detect-flow.c b/src/detect-flow.c index a1d77ea17f..fa0a420c25 100644 --- a/src/detect-flow.c +++ b/src/detect-flow.c @@ -437,7 +437,7 @@ static int PrefilterSetupFlow(SigGroupHead *sgh) static _Bool PrefilterFlowIsPrefilterable(const Signature *s) { const SigMatch *sm; - for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { + for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { switch (sm->type) { case DETECT_FLOW: return TRUE; diff --git a/src/detect-fragbits.c b/src/detect-fragbits.c index 0677b5b7b4..fd1fbf18a3 100644 --- a/src/detect-fragbits.c +++ b/src/detect-fragbits.c @@ -378,7 +378,7 @@ static int PrefilterSetupFragBits(SigGroupHead *sgh) static _Bool PrefilterFragBitsIsPrefilterable(const Signature *s) { const SigMatch *sm; - for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { + for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { switch (sm->type) { case DETECT_FRAGBITS: return TRUE; diff --git a/src/detect-fragoffset.c b/src/detect-fragoffset.c index ea65f860c6..5f7a9ec2ed 100644 --- a/src/detect-fragoffset.c +++ b/src/detect-fragoffset.c @@ -313,7 +313,7 @@ static int PrefilterSetupFragOffset(SigGroupHead *sgh) static _Bool PrefilterFragOffsetIsPrefilterable(const Signature *s) { const SigMatch *sm; - for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { + for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { switch (sm->type) { case DETECT_FRAGOFFSET: return TRUE; diff --git a/src/detect-ftpbounce.c b/src/detect-ftpbounce.c index 4c067d7d63..7895c854fb 100644 --- a/src/detect-ftpbounce.c +++ b/src/detect-ftpbounce.c @@ -48,7 +48,7 @@ #include "util-byte.h" static int DetectFtpbounceALMatch(ThreadVars *, DetectEngineThreadCtx *, Flow *, - uint8_t, void *, const Signature *, const SigMatch *); + uint8_t, void *, const Signature *, const SigMatchData *); static int DetectFtpbounceSetup(DetectEngineCtx *, Signature *, char *); static int DetectFtpbounceMatchArgs(uint8_t *payload, uint16_t payload_len, uint32_t ip_orig, uint16_t offset); @@ -168,7 +168,7 @@ static int DetectFtpbounceMatchArgs(uint8_t *payload, uint16_t payload_len, */ static int DetectFtpbounceALMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f, uint8_t flags, void *state, const Signature *s, - const SigMatch *m) + const SigMatchData *m) { SCEnter(); FtpState *ftp_state =(FtpState *)state; diff --git a/src/detect-http-method.c b/src/detect-http-method.c index 0f12b35784..5371b97b2e 100644 --- a/src/detect-http-method.c +++ b/src/detect-http-method.c @@ -135,8 +135,8 @@ int DetectHttpMethodValidateRule(const Signature *s) if (s->alproto != ALPROTO_HTTP) return 1; - if (s->sm_lists[DETECT_SM_LIST_HMDMATCH] != NULL) { - const SigMatch *sm = s->sm_lists[DETECT_SM_LIST_HMDMATCH]; + if (s->init_data->smlists[DETECT_SM_LIST_HMDMATCH] != NULL) { + const SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_HMDMATCH]; for ( ; sm != NULL; sm = sm->next) { if (sm->type != DETECT_CONTENT) continue; diff --git a/src/detect-icmp-id.c b/src/detect-icmp-id.c index 147a86695e..4e9c1f9a41 100644 --- a/src/detect-icmp-id.c +++ b/src/detect-icmp-id.c @@ -310,7 +310,7 @@ static int PrefilterSetupIcmpId(SigGroupHead *sgh) static _Bool PrefilterIcmpIdIsPrefilterable(const Signature *s) { const SigMatch *sm; - for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { + for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { switch (sm->type) { case DETECT_ICMP_ID: return TRUE; diff --git a/src/detect-icmp-seq.c b/src/detect-icmp-seq.c index 1cd6971dee..8ef19c0512 100644 --- a/src/detect-icmp-seq.c +++ b/src/detect-icmp-seq.c @@ -313,7 +313,7 @@ static int PrefilterSetupIcmpSeq(SigGroupHead *sgh) static _Bool PrefilterIcmpSeqIsPrefilterable(const Signature *s) { const SigMatch *sm; - for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { + for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { switch (sm->type) { case DETECT_ICMP_SEQ: return TRUE; diff --git a/src/detect-icode.c b/src/detect-icode.c index f6a01ad9aa..e832f5bbfa 100644 --- a/src/detect-icode.c +++ b/src/detect-icode.c @@ -342,7 +342,7 @@ static int PrefilterSetupICode(SigGroupHead *sgh) static _Bool PrefilterICodeIsPrefilterable(const Signature *s) { const SigMatch *sm; - for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { + for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { switch (sm->type) { case DETECT_ICODE: return TRUE; diff --git a/src/detect-id.c b/src/detect-id.c index 8b6d4df75f..cdc32ebc1a 100644 --- a/src/detect-id.c +++ b/src/detect-id.c @@ -284,7 +284,7 @@ static int PrefilterSetupId(SigGroupHead *sgh) static _Bool PrefilterIdIsPrefilterable(const Signature *s) { const SigMatch *sm; - for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { + for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { switch (sm->type) { case DETECT_ID: return TRUE; diff --git a/src/detect-ipproto.c b/src/detect-ipproto.c index f1f5591431..16ee37c913 100644 --- a/src/detect-ipproto.c +++ b/src/detect-ipproto.c @@ -159,7 +159,7 @@ error: static int DetectIPProtoTypePresentForOP(Signature *s, uint8_t op) { - SigMatch *sm = s->sm_lists[DETECT_SM_LIST_MATCH]; + SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_MATCH]; DetectIPProtoData *data; while (sm != NULL) { @@ -262,7 +262,7 @@ static int DetectIPProtoSetup(DetectEngineCtx *de_ctx, Signature *s, char *optst s->proto.proto[i] = 0xff; } } else if (lt_set && !not_set) { - SigMatch *temp_sm = s->sm_lists[DETECT_SM_LIST_MATCH]; + SigMatch *temp_sm = s->init_data->smlists[DETECT_SM_LIST_MATCH]; while (temp_sm != NULL) { if (temp_sm->type == DETECT_IPPROTO) { break; @@ -304,7 +304,7 @@ static int DetectIPProtoSetup(DetectEngineCtx *de_ctx, Signature *s, char *optst } } else { DetectIPProtoData *data_temp; - SigMatch *temp_sm = s->sm_lists[DETECT_SM_LIST_MATCH]; + SigMatch *temp_sm = s->init_data->smlists[DETECT_SM_LIST_MATCH]; while (temp_sm != NULL) { if (temp_sm->type == DETECT_IPPROTO && ((DetectIPProtoData *)temp_sm->ctx)->op == DETECT_IPPROTO_OP_LT) { @@ -381,7 +381,7 @@ static int DetectIPProtoSetup(DetectEngineCtx *de_ctx, Signature *s, char *optst } s->proto.proto[data->proto / 8] = ~(0xff << (data->proto % 8)); } else if (gt_set && !not_set) { - SigMatch *temp_sm = s->sm_lists[DETECT_SM_LIST_MATCH]; + SigMatch *temp_sm = s->init_data->smlists[DETECT_SM_LIST_MATCH]; while (temp_sm != NULL) { if (temp_sm->type == DETECT_IPPROTO) { break; @@ -424,7 +424,7 @@ static int DetectIPProtoSetup(DetectEngineCtx *de_ctx, Signature *s, char *optst } } else { DetectIPProtoData *data_temp; - SigMatch *temp_sm = s->sm_lists[DETECT_SM_LIST_MATCH]; + SigMatch *temp_sm = s->init_data->smlists[DETECT_SM_LIST_MATCH]; while (temp_sm != NULL) { if (temp_sm->type == DETECT_IPPROTO && ((DetectIPProtoData *)temp_sm->ctx)->op == DETECT_IPPROTO_OP_GT) { @@ -533,7 +533,7 @@ static int DetectIPProtoSetup(DetectEngineCtx *de_ctx, Signature *s, char *optst void DetectIPProtoRemoveAllSMs(Signature *s) { - SigMatch *sm = s->sm_lists[DETECT_SM_LIST_MATCH]; + SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_MATCH]; while (sm != NULL) { if (sm->type != DETECT_IPPROTO) { diff --git a/src/detect-isdataat.c b/src/detect-isdataat.c index be09d5edcf..902e9dbcb7 100644 --- a/src/detect-isdataat.c +++ b/src/detect-isdataat.c @@ -219,100 +219,100 @@ int DetectIsdataatSetup (DetectEngineCtx *de_ctx, Signature *s, char *isdataatst s->flags |= SIG_FLAG_APPLAYER; if (idad->flags & ISDATAAT_RELATIVE) { prev_pm = SigMatchGetLastSMFromLists(s, 4, - DETECT_CONTENT, s->sm_lists_tail[sm_list], - DETECT_PCRE, s->sm_lists_tail[sm_list]); + DETECT_CONTENT, s->init_data->smlists_tail[sm_list], + DETECT_PCRE, s->init_data->smlists_tail[sm_list]); } } else if (idad->flags & ISDATAAT_RELATIVE) { prev_pm = SigMatchGetLastSMFromLists(s, 168, - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH], - - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH], - - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH], - - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH], - - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH], - - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_ISDATAAT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH]); + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH], + + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_PCRE, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH], + + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_BYTETEST, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH], + + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_BYTEJUMP, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH], + + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_BYTE_EXTRACT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH], + + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_ISDATAAT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH]); if (prev_pm == NULL) sm_list = DETECT_SM_LIST_PMATCH; else { diff --git a/src/detect-itype.c b/src/detect-itype.c index 3d3a0e3896..0931972b80 100644 --- a/src/detect-itype.c +++ b/src/detect-itype.c @@ -346,7 +346,7 @@ static int PrefilterSetupIType(SigGroupHead *sgh) static _Bool PrefilterITypeIsPrefilterable(const Signature *s) { const SigMatch *sm; - for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { + for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { switch (sm->type) { case DETECT_ITYPE: return TRUE; diff --git a/src/detect-lua.c b/src/detect-lua.c index d51746ceff..cda8f94647 100644 --- a/src/detect-lua.c +++ b/src/detect-lua.c @@ -90,7 +90,7 @@ void DetectLuaRegister(void) static int DetectLuaMatch (ThreadVars *, DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *); static int DetectLuaAppMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, - Flow *f, uint8_t flags, void *state, const Signature *s, const SigMatch *m); + Flow *f, uint8_t flags, void *state, const Signature *s, const SigMatchData *m); static int DetectLuaAppTxMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f, uint8_t flags, void *state, void *txv, const Signature *s, @@ -538,7 +538,7 @@ static int DetectLuaAppMatchCommon (ThreadVars *t, DetectEngineThreadCtx *det_ct */ static int DetectLuaAppMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f, uint8_t flags, void *state, - const Signature *s, const SigMatch *m) + const Signature *s, const SigMatchData *m) { return DetectLuaAppMatchCommon(t, det_ctx, f, flags, state, s, m->ctx); } @@ -1052,7 +1052,7 @@ void DetectLuaPostSetup(Signature *s) SigMatch *sm; for (i = 0; i < DETECT_SM_LIST_MAX; i++) { - for (sm = s->sm_lists[i]; sm != NULL; sm = sm->next) { + for (sm = s->init_data->smlists[i]; sm != NULL; sm = sm->next) { if (sm->type != DETECT_LUA) continue; diff --git a/src/detect-nocase.c b/src/detect-nocase.c index 91bf45cc84..930f577838 100644 --- a/src/detect-nocase.c +++ b/src/detect-nocase.c @@ -81,23 +81,23 @@ static int DetectNocaseSetup (DetectEngineCtx *de_ctx, Signature *s, char *nulls /* retrive the sm to apply the depth against */ if (s->list != DETECT_SM_LIST_NOTSET) { - pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->sm_lists_tail[s->list]); + pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->init_data->smlists_tail[s->list]); } else { pm = SigMatchGetLastSMFromLists(s, 28, - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH]); + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH]); } if (pm == NULL) { SCLogError(SC_ERR_NOCASE_MISSING_PATTERN, "nocase needs " diff --git a/src/detect-offset.c b/src/detect-offset.c index b448f1db25..a155a4fa3d 100644 --- a/src/detect-offset.c +++ b/src/detect-offset.c @@ -74,23 +74,23 @@ int DetectOffsetSetup (DetectEngineCtx *de_ctx, Signature *s, char *offsetstr) /* retrive the sm to apply the depth against */ if (s->list != DETECT_SM_LIST_NOTSET) { - pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->sm_lists_tail[s->list]); + pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->init_data->smlists_tail[s->list]); } else { pm = SigMatchGetLastSMFromLists(s, 28, - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH]); + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH]); } if (pm == NULL) { SCLogError(SC_ERR_OFFSET_MISSING_CONTENT, "offset needs " diff --git a/src/detect-parse.c b/src/detect-parse.c index 76dc039706..50fd5c6240 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -248,7 +248,7 @@ int DetectEngineContentModifierBufferSetup(DetectEngineCtx *de_ctx, Signature *s } sm = SigMatchGetLastSMFromLists(s, 2, - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH]); + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH]); if (sm == NULL) { SCLogError(SC_ERR_INVALID_SIGNATURE, "\"%s\" keyword " "found inside the rule without a content context. " @@ -279,8 +279,8 @@ int DetectEngineContentModifierBufferSetup(DetectEngineCtx *de_ctx, Signature *s } pm = SigMatchGetLastSMFromLists(s, 4, - DETECT_CONTENT, s->sm_lists_tail[sm_list], - DETECT_PCRE, s->sm_lists_tail[sm_list]); + DETECT_CONTENT, s->init_data->smlists_tail[sm_list], + DETECT_PCRE, s->init_data->smlists_tail[sm_list]); if (pm != NULL) { if (pm->type == DETECT_CONTENT) { DetectContentData *tmp_cd = (DetectContentData *)pm->ctx; @@ -298,10 +298,10 @@ int DetectEngineContentModifierBufferSetup(DetectEngineCtx *de_ctx, Signature *s /* transfer the sm from the pmatch list to hcbdmatch list */ SigMatchTransferSigMatchAcrossLists(sm, - &s->sm_lists[DETECT_SM_LIST_PMATCH], - &s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - &s->sm_lists[sm_list], - &s->sm_lists_tail[sm_list]); + &s->init_data->smlists[DETECT_SM_LIST_PMATCH], + &s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + &s->init_data->smlists[sm_list], + &s->init_data->smlists_tail[sm_list]); ret = 0; end: @@ -366,17 +366,17 @@ SigTableElmt *SigTableGet(char *name) */ void SigMatchAppendSMToList(Signature *s, SigMatch *new, int list) { - if (s->sm_lists[list] == NULL) { - s->sm_lists[list] = new; - s->sm_lists_tail[list] = new; + if (s->init_data->smlists[list] == NULL) { + s->init_data->smlists[list] = new; + s->init_data->smlists_tail[list] = new; new->next = NULL; new->prev = NULL; } else { - SigMatch *cur = s->sm_lists_tail[list]; + SigMatch *cur = s->init_data->smlists_tail[list]; cur->next = new; new->prev = cur; new->next = NULL; - s->sm_lists_tail[list] = new; + s->init_data->smlists_tail[list] = new; } new->idx = s->sm_cnt; @@ -385,11 +385,11 @@ void SigMatchAppendSMToList(Signature *s, SigMatch *new, int list) void SigMatchRemoveSMFromList(Signature *s, SigMatch *sm, int sm_list) { - if (sm == s->sm_lists[sm_list]) { - s->sm_lists[sm_list] = sm->next; + if (sm == s->init_data->smlists[sm_list]) { + s->init_data->smlists[sm_list] = sm->next; } - if (sm == s->sm_lists_tail[sm_list]) { - s->sm_lists_tail[sm_list] = sm->prev; + if (sm == s->init_data->smlists_tail[sm_list]) { + s->init_data->smlists_tail[sm_list] = sm->prev; } if (sm->prev != NULL) sm->prev->next = sm->next; @@ -471,7 +471,7 @@ SigMatch *SigMatchGetLastSM(const Signature *s) int i; for (i = 0; i < DETECT_SM_LIST_MAX; i ++) { - sm_new = s->sm_lists_tail[i]; + sm_new = s->init_data->smlists_tail[i]; if (sm_new == NULL) continue; if (sm_last == NULL || sm_new->idx > sm_last->idx) @@ -518,7 +518,7 @@ int SigMatchListSMBelongsTo(const Signature *s, const SigMatch *key_sm) int list = 0; for (list = 0; list < DETECT_SM_LIST_MAX; list++) { - const SigMatch *sm = s->sm_lists[list]; + const SigMatch *sm = s->init_data->smlists[list]; while (sm != NULL) { if (sm == key_sm) return list; @@ -994,9 +994,14 @@ Signature *SigAlloc (void) Signature *sig = SCMalloc(sizeof(Signature)); if (unlikely(sig == NULL)) return NULL; - memset(sig, 0, sizeof(Signature)); + sig->init_data = SCCalloc(1, sizeof(SignatureInitData)); + if (sig->init_data == NULL) { + SCFree(sig); + return NULL; + } + /* assign it to -1, so that we can later check if the value has been * overwritten after the Signature has been parsed, and if it hasn't been * overwritten, we can then assign the default value of 3 */ @@ -1059,12 +1064,14 @@ void SigFree(Signature *s) IPOnlyCIDRListFree(s->CidrSrc); int i; - for (i = 0; i < DETECT_SM_LIST_MAX; i++) { - SigMatch *sm = s->sm_lists[i]; - while (sm != NULL) { - SigMatch *nsm = sm->next; - SigMatchFree(sm); - sm = nsm; + if (s->init_data) { + for (i = 0; i < DETECT_SM_LIST_MAX; i++) { + SigMatch *sm = s->init_data->smlists[i]; + while (sm != NULL) { + SigMatch *nsm = sm->next; + SigMatchFree(sm); + sm = nsm; + } } } SigMatchFreeArrays(s); @@ -1228,7 +1235,7 @@ int SigValidate(DetectEngineCtx *de_ctx, Signature *s) SCReturnInt(0); } - for (sm = s->sm_lists[DETECT_SM_LIST_MATCH]; sm != NULL; sm = sm->next) { + for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH]; sm != NULL; sm = sm->next) { if (sm->type == DETECT_FLOW) { DetectFlowData *fd = (DetectFlowData *)sm->ctx; if (fd == NULL) @@ -1236,11 +1243,11 @@ int SigValidate(DetectEngineCtx *de_ctx, Signature *s) if (fd->flags & FLOW_PKT_TOCLIENT) { /* check for uricontent + from_server/to_client */ - if (s->sm_lists[DETECT_SM_LIST_UMATCH] != NULL || - s->sm_lists[DETECT_SM_LIST_HRUDMATCH] != NULL || - s->sm_lists[DETECT_SM_LIST_HCBDMATCH] != NULL || - s->sm_lists[DETECT_SM_LIST_HMDMATCH] != NULL || - s->sm_lists[DETECT_SM_LIST_HUADMATCH] != NULL) { + if (s->init_data->smlists[DETECT_SM_LIST_UMATCH] != NULL || + s->init_data->smlists[DETECT_SM_LIST_HRUDMATCH] != NULL || + s->init_data->smlists[DETECT_SM_LIST_HCBDMATCH] != NULL || + s->init_data->smlists[DETECT_SM_LIST_HMDMATCH] != NULL || + s->init_data->smlists[DETECT_SM_LIST_HUADMATCH] != NULL) { SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use uricontent " "/http_uri , raw_uri, http_client_body, " "http_method, http_user_agent keywords " @@ -1249,9 +1256,8 @@ int SigValidate(DetectEngineCtx *de_ctx, Signature *s) } } else if (fd->flags & FLOW_PKT_TOSERVER) { /* check for uricontent + from_server/to_client */ - if (/*s->sm_lists[DETECT_SM_LIST_FILEDATA] != NULL ||*/ - s->sm_lists[DETECT_SM_LIST_HSMDMATCH] != NULL || - s->sm_lists[DETECT_SM_LIST_HSCDMATCH] != NULL) { + if (s->init_data->smlists[DETECT_SM_LIST_HSMDMATCH] != NULL || + s->init_data->smlists[DETECT_SM_LIST_HSCDMATCH] != NULL) { SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use http_" "server_body, http_stat_msg, http_stat_code " "with flow:to_server or flow:from_client"); @@ -1261,19 +1267,19 @@ int SigValidate(DetectEngineCtx *de_ctx, Signature *s) } } - if ((s->sm_lists[DETECT_SM_LIST_FILEDATA] != NULL && s->alproto == ALPROTO_SMTP) || - s->sm_lists[DETECT_SM_LIST_UMATCH] != NULL || - s->sm_lists[DETECT_SM_LIST_HRUDMATCH] != NULL || - s->sm_lists[DETECT_SM_LIST_HCBDMATCH] != NULL || - s->sm_lists[DETECT_SM_LIST_HMDMATCH] != NULL || - s->sm_lists[DETECT_SM_LIST_HUADMATCH] != NULL) { + if ((s->init_data->smlists[DETECT_SM_LIST_FILEDATA] != NULL && s->alproto == ALPROTO_SMTP) || + s->init_data->smlists[DETECT_SM_LIST_UMATCH] != NULL || + s->init_data->smlists[DETECT_SM_LIST_HRUDMATCH] != NULL || + s->init_data->smlists[DETECT_SM_LIST_HCBDMATCH] != NULL || + s->init_data->smlists[DETECT_SM_LIST_HMDMATCH] != NULL || + s->init_data->smlists[DETECT_SM_LIST_HUADMATCH] != NULL) { sig_flags |= SIG_FLAG_TOSERVER; s->flags |= SIG_FLAG_TOSERVER; s->flags &= ~SIG_FLAG_TOCLIENT; } - if ((s->sm_lists[DETECT_SM_LIST_FILEDATA] != NULL && s->alproto == ALPROTO_HTTP) || - s->sm_lists[DETECT_SM_LIST_HSMDMATCH] != NULL || - s->sm_lists[DETECT_SM_LIST_HSCDMATCH] != NULL) { + if ((s->init_data->smlists[DETECT_SM_LIST_FILEDATA] != NULL && s->alproto == ALPROTO_HTTP) || + s->init_data->smlists[DETECT_SM_LIST_HSMDMATCH] != NULL || + s->init_data->smlists[DETECT_SM_LIST_HSCDMATCH] != NULL) { sig_flags |= SIG_FLAG_TOCLIENT; s->flags |= SIG_FLAG_TOCLIENT; s->flags &= ~SIG_FLAG_TOSERVER; @@ -1285,7 +1291,7 @@ int SigValidate(DetectEngineCtx *de_ctx, Signature *s) SCReturnInt(0); } - if (s->sm_lists[DETECT_SM_LIST_HRHDMATCH] != NULL) { + if (s->init_data->smlists[DETECT_SM_LIST_HRHDMATCH] != NULL) { if ((s->flags & (SIG_FLAG_TOCLIENT|SIG_FLAG_TOSERVER)) == (SIG_FLAG_TOCLIENT|SIG_FLAG_TOSERVER)) { SCLogError(SC_ERR_INVALID_SIGNATURE,"http_raw_header signature " "without a flow direction. Use flow:to_server for " @@ -1295,8 +1301,8 @@ int SigValidate(DetectEngineCtx *de_ctx, Signature *s) } } - if (s->sm_lists[DETECT_SM_LIST_HHHDMATCH] != NULL) { - for (sm = s->sm_lists[DETECT_SM_LIST_HHHDMATCH]; + if (s->init_data->smlists[DETECT_SM_LIST_HHHDMATCH] != NULL) { + for (sm = s->init_data->smlists[DETECT_SM_LIST_HHHDMATCH]; sm != NULL; sm = sm->next) { if (sm->type == DETECT_CONTENT) { DetectContentData *cd = (DetectContentData *)sm->ctx; @@ -1367,19 +1373,19 @@ int SigValidate(DetectEngineCtx *de_ctx, Signature *s) if (s->flags & SIG_FLAG_REQUIRE_PACKET) { pm = SigMatchGetLastSMFromLists(s, 24, - DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_REPLACE, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH]); + DETECT_REPLACE, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_REPLACE, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_REPLACE, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_REPLACE, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_REPLACE, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_REPLACE, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_REPLACE, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_REPLACE, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_REPLACE, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_REPLACE, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_REPLACE, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_REPLACE, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_REPLACE, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH]); if (pm != NULL) { SCLogError(SC_ERR_INVALID_SIGNATURE, "Signature has" " replace keyword linked with a modified content" @@ -1388,19 +1394,19 @@ int SigValidate(DetectEngineCtx *de_ctx, Signature *s) SCReturnInt(0); } - if (s->sm_lists_tail[DETECT_SM_LIST_UMATCH] || - s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH] || - s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH] || - s->sm_lists_tail[DETECT_SM_LIST_FILEDATA] || - s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH] || - s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH] || - s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH] || - s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH] || - s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH] || - s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH] || - s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH] || - s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH] || - s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH]) + if (s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH] || + s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH] || + s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH] || + s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA] || + s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH] || + s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH] || + s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH] || + s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH] || + s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH] || + s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH] || + s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH] || + s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH] || + s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH]) { SCLogError(SC_ERR_INVALID_SIGNATURE, "Signature combines packet " "specific matches (like dsize, flags, ttl) with stream / " @@ -1410,7 +1416,7 @@ int SigValidate(DetectEngineCtx *de_ctx, Signature *s) } } - for (sm = s->sm_lists[DETECT_SM_LIST_AMATCH]; sm != NULL; sm = sm->next) { + for (sm = s->init_data->smlists[DETECT_SM_LIST_AMATCH]; sm != NULL; sm = sm->next) { if (sm->type != DETECT_AL_APP_LAYER_PROTOCOL) continue; if (((DetectAppLayerProtocolData *)sm->ctx)->negated) @@ -1427,7 +1433,7 @@ int SigValidate(DetectEngineCtx *de_ctx, Signature *s) if (s->proto.proto[IPPROTO_TCP / 8] & (1 << (IPPROTO_TCP % 8))) { if (!(s->flags & (SIG_FLAG_REQUIRE_PACKET | SIG_FLAG_REQUIRE_STREAM))) { s->flags |= SIG_FLAG_REQUIRE_STREAM; - sm = s->sm_lists[DETECT_SM_LIST_PMATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; while (sm != NULL) { if (sm->type == DETECT_CONTENT && (((DetectContentData *)(sm->ctx))->flags & @@ -1440,13 +1446,13 @@ int SigValidate(DetectEngineCtx *de_ctx, Signature *s) } } - if (s->sm_lists[DETECT_SM_LIST_BASE64_DATA] != NULL) { + if (s->init_data->smlists[DETECT_SM_LIST_BASE64_DATA] != NULL) { int list; - uint16_t idx = s->sm_lists[DETECT_SM_LIST_BASE64_DATA]->idx; + uint16_t idx = s->init_data->smlists[DETECT_SM_LIST_BASE64_DATA]->idx; for (list = 0; list < DETECT_SM_LIST_DETECT_MAX; list++) { if (list != DETECT_SM_LIST_BASE64_DATA && - s->sm_lists[list] != NULL) { - if (s->sm_lists[list]->idx > idx) { + s->init_data->smlists[list] != NULL) { + if (s->init_data->smlists[list]->idx > idx) { SCLogError(SC_ERR_INVALID_SIGNATURE, "Rule buffer " "cannot be reset after base64_data."); SCReturnInt(0); @@ -1462,8 +1468,8 @@ int SigValidate(DetectEngineCtx *de_ctx, Signature *s) #ifdef DEBUG int i; for (i = 0; i < DETECT_SM_LIST_MAX; i++) { - if (s->sm_lists[i] != NULL) { - for (sm = s->sm_lists[i]; sm != NULL; sm = sm->next) { + if (s->init_data->smlists[i] != NULL) { + for (sm = s->init_data->smlists[i]; sm != NULL; sm = sm->next) { BUG_ON(sm == sm->prev); BUG_ON(sm == sm->next); } @@ -1543,8 +1549,8 @@ static Signature *SigInitHelper(DetectEngineCtx *de_ctx, char *sigstr, * app layer flag wasn't already set in which case we * only consider the app layer */ if (!(sig->flags & SIG_FLAG_APPLAYER)) { - if (sig->sm_lists[DETECT_SM_LIST_MATCH] != NULL) { - SigMatch *sm = sig->sm_lists[DETECT_SM_LIST_MATCH]; + if (sig->init_data->smlists[DETECT_SM_LIST_MATCH] != NULL) { + SigMatch *sm = sig->init_data->smlists[DETECT_SM_LIST_MATCH]; for ( ; sm != NULL; sm = sm->next) { if (sigmatch_table[sm->type].Match != NULL) sig->init_flags |= SIG_FLAG_INIT_PACKET; @@ -1554,12 +1560,12 @@ static Signature *SigInitHelper(DetectEngineCtx *de_ctx, char *sigstr, } } - if (sig->sm_lists[DETECT_SM_LIST_AMATCH] != NULL) + if (sig->init_data->smlists[DETECT_SM_LIST_AMATCH] != NULL) sig->flags |= SIG_FLAG_APPLAYER; - if (sig->sm_lists[DETECT_SM_LIST_DMATCH]) + if (sig->init_data->smlists[DETECT_SM_LIST_DMATCH]) sig->flags |= SIG_FLAG_STATE_MATCH; - if (sig->sm_lists[DETECT_SM_LIST_AMATCH]) + if (sig->init_data->smlists[DETECT_SM_LIST_AMATCH]) sig->flags |= SIG_FLAG_STATE_MATCH; /* for other lists this flag is set when the inspect engines * are registered */ @@ -3393,7 +3399,7 @@ int SigParseTestMpm01 (void) goto end; } - if (sig->sm_lists[DETECT_SM_LIST_PMATCH] == NULL) { + if (sig->init_data->smlists[DETECT_SM_LIST_PMATCH] == NULL) { printf("sig doesn't have content list: "); goto end; } @@ -3424,7 +3430,7 @@ int SigParseTestMpm02 (void) goto end; } - if (sig->sm_lists[DETECT_SM_LIST_PMATCH] == NULL) { + if (sig->init_data->smlists[DETECT_SM_LIST_PMATCH] == NULL) { printf("sig doesn't have content list: "); goto end; } diff --git a/src/detect-rawbytes.c b/src/detect-rawbytes.c index 872a71a072..85b5039267 100644 --- a/src/detect-rawbytes.c +++ b/src/detect-rawbytes.c @@ -66,7 +66,7 @@ static int DetectRawbytesSetup (DetectEngineCtx *de_ctx, Signature *s, char *nul } SigMatch *pm = SigMatchGetLastSMFromLists(s, 2, - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH]); + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH]); if (pm == NULL) { SCLogError(SC_ERR_RAWBYTES_MISSING_CONTENT, "\"rawbytes\" needs a preceding content option"); SCReturnInt(-1); diff --git a/src/detect-replace.c b/src/detect-replace.c index 9e9269172c..7f50bbd9b6 100644 --- a/src/detect-replace.c +++ b/src/detect-replace.c @@ -105,7 +105,7 @@ int DetectReplaceSetup(DetectEngineCtx *de_ctx, Signature *s, char *replacestr) /* add to the latest "content" keyword from either dmatch or pmatch */ pm = SigMatchGetLastSMFromLists(s, 2, - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH]); + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH]); if (pm == NULL) { SCLogError(SC_ERR_WITHIN_MISSING_CONTENT, "replace needs" "preceding content option for raw sig"); diff --git a/src/detect-seq.c b/src/detect-seq.c index f747d40a59..6c3bd90531 100644 --- a/src/detect-seq.c +++ b/src/detect-seq.c @@ -189,7 +189,7 @@ static int PrefilterSetupTcpSeq(SigGroupHead *sgh) static _Bool PrefilterTcpSeqIsPrefilterable(const Signature *s) { const SigMatch *sm; - for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { + for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { switch (sm->type) { case DETECT_SEQ: return TRUE; diff --git a/src/detect-ssh-proto-version.c b/src/detect-ssh-proto-version.c index f22cfe386f..322a9137fb 100644 --- a/src/detect-ssh-proto-version.c +++ b/src/detect-ssh-proto-version.c @@ -62,8 +62,9 @@ static pcre *parse_regex; static pcre_extra *parse_regex_study; -static int DetectSshVersionMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *, - uint8_t, void *, const Signature *, const SigMatch *); +static int DetectSshVersionMatch (ThreadVars *, DetectEngineThreadCtx *, + Flow *, uint8_t, void *, + const Signature *, const SigMatchData *); static int DetectSshVersionSetup (DetectEngineCtx *, Signature *, char *); void DetectSshVersionRegisterTests(void); void DetectSshVersionFree(void *); @@ -94,8 +95,9 @@ void DetectSshVersionRegister(void) * \retval 0 no match * \retval 1 match */ -static int DetectSshVersionMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f, - uint8_t flags, void *state, const Signature *s, const SigMatch *m) +static int DetectSshVersionMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, + Flow *f, uint8_t flags, void *state, + const Signature *s, const SigMatchData *m) { SCEnter(); diff --git a/src/detect-ssh-software-version.c b/src/detect-ssh-software-version.c index 7a24703b98..a9eb19267d 100644 --- a/src/detect-ssh-software-version.c +++ b/src/detect-ssh-software-version.c @@ -66,8 +66,9 @@ static pcre *parse_regex; static pcre_extra *parse_regex_study; -static int DetectSshSoftwareVersionMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *, - uint8_t, void *, const Signature *, const SigMatch *); +static int DetectSshSoftwareVersionMatch (ThreadVars *, DetectEngineThreadCtx *, + Flow *, uint8_t, void *, + const Signature *, const SigMatchData *); static int DetectSshSoftwareVersionSetup (DetectEngineCtx *, Signature *, char *); void DetectSshSoftwareVersionRegisterTests(void); void DetectSshSoftwareVersionFree(void *); @@ -99,8 +100,9 @@ void DetectSshSoftwareVersionRegister(void) * \retval 0 no match * \retval 1 match */ -static int DetectSshSoftwareVersionMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f, - uint8_t flags, void *state, const Signature *s, const SigMatch *m) +static int DetectSshSoftwareVersionMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, + Flow *f, uint8_t flags, void *state, + const Signature *s, const SigMatchData *m) { SCEnter(); diff --git a/src/detect-ssl-state.c b/src/detect-ssl-state.c index 6be0204ebc..64b5e7af3f 100644 --- a/src/detect-ssl-state.c +++ b/src/detect-ssl-state.c @@ -59,8 +59,9 @@ static pcre_extra *parse_regex1_study; static pcre *parse_regex2; static pcre_extra *parse_regex2_study; -static int DetectSslStateMatch(ThreadVars *, DetectEngineThreadCtx *, Flow *, - uint8_t, void *, const Signature *, const SigMatch *); +static int DetectSslStateMatch(ThreadVars *, DetectEngineThreadCtx *, + Flow *, uint8_t, void *, + const Signature *, const SigMatchData *); static int DetectSslStateSetup(DetectEngineCtx *, Signature *, char *); void DetectSslStateRegisterTests(void); void DetectSslStateFree(void *); @@ -96,10 +97,10 @@ void DetectSslStateRegister(void) * \retval 0 No match. */ static int DetectSslStateMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, - Flow *f, uint8_t flags, void *alstate, const Signature *s, - const SigMatch *m) + Flow *f, uint8_t flags, void *alstate, + const Signature *s, const SigMatchData *m) { - DetectSslStateData *ssd = (DetectSslStateData *)m->ctx; + const DetectSslStateData *ssd = (const DetectSslStateData *)m->ctx; SSLState *ssl_state = (SSLState *)alstate; if (ssl_state == NULL) { SCLogDebug("no app state, no match"); diff --git a/src/detect-ssl-version.c b/src/detect-ssl-version.c index a699b10926..53dc751316 100644 --- a/src/detect-ssl-version.c +++ b/src/detect-ssl-version.c @@ -60,8 +60,9 @@ static pcre *parse_regex; static pcre_extra *parse_regex_study; -static int DetectSslVersionMatch(ThreadVars *, DetectEngineThreadCtx *, Flow *, - uint8_t, void *, const Signature *, const SigMatch *); +static int DetectSslVersionMatch(ThreadVars *, DetectEngineThreadCtx *, + Flow *, uint8_t, void *, + const Signature *, const SigMatchData *); static int DetectSslVersionSetup(DetectEngineCtx *, Signature *, char *); void DetectSslVersionRegisterTests(void); void DetectSslVersionFree(void *); @@ -94,7 +95,7 @@ void DetectSslVersionRegister(void) */ static int DetectSslVersionMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f, uint8_t flags, void *state, - const Signature *s, const SigMatch *m) + const Signature *s, const SigMatchData *m) { SCEnter(); @@ -102,7 +103,7 @@ static int DetectSslVersionMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, uint16_t ver = 0; uint8_t sig_ver = TLS_UNKNOWN; - DetectSslVersionData *ssl = (DetectSslVersionData *)m->ctx; + const DetectSslVersionData *ssl = (const DetectSslVersionData *)m->ctx; SSLState *app_state = (SSLState *)state; if (app_state == NULL) { SCLogDebug("no app state, no match"); diff --git a/src/detect-threshold.c b/src/detect-threshold.c index 2cefc1896b..85849295fe 100644 --- a/src/detect-threshold.c +++ b/src/detect-threshold.c @@ -230,7 +230,7 @@ static int DetectThresholdSetup(DetectEngineCtx *de_ctx, Signature *s, char *raw /* checks if there is a previous instance of detection_filter */ tmpm = SigMatchGetLastSMFromLists(s, 2, - DETECT_DETECTION_FILTER, s->sm_lists[DETECT_SM_LIST_MATCH]); + DETECT_DETECTION_FILTER, s->init_data->smlists[DETECT_SM_LIST_MATCH]); if (tmpm != NULL) { SCLogError(SC_ERR_INVALID_SIGNATURE, "\"detection_filter\" and \"threshold\" are not allowed in the same rule"); SCReturnInt(-1); diff --git a/src/detect-tls-version.c b/src/detect-tls-version.c index 6482e91282..d7ee9c8513 100644 --- a/src/detect-tls-version.c +++ b/src/detect-tls-version.c @@ -59,8 +59,9 @@ static pcre *parse_regex; static pcre_extra *parse_regex_study; -static int DetectTlsVersionMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *, - uint8_t, void *, const Signature *, const SigMatch *); +static int DetectTlsVersionMatch (ThreadVars *, DetectEngineThreadCtx *, + Flow *, uint8_t, void *, + const Signature *, const SigMatchData *); static int DetectTlsVersionSetup (DetectEngineCtx *, Signature *, char *); void DetectTlsVersionRegisterTests(void); void DetectTlsVersionFree(void *); @@ -93,12 +94,13 @@ void DetectTlsVersionRegister (void) * \retval 0 no match * \retval 1 match */ -static int DetectTlsVersionMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f, - uint8_t flags, void *state, const Signature *s, const SigMatch *m) +static int DetectTlsVersionMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, + Flow *f, uint8_t flags, void *state, + const Signature *s, const SigMatchData *m) { SCEnter(); - DetectTlsVersionData *tls_data = (DetectTlsVersionData *)m->ctx; + const DetectTlsVersionData *tls_data = (const DetectTlsVersionData *)m->ctx; SSLState *ssl_state = (SSLState *)state; if (ssl_state == NULL) { SCLogDebug("no tls state, no match"); diff --git a/src/detect-tls.c b/src/detect-tls.c index c97b5fd9f7..4b5db38213 100644 --- a/src/detect-tls.c +++ b/src/detect-tls.c @@ -74,19 +74,30 @@ static pcre_extra *issuerdn_parse_regex_study; static pcre *fingerprint_parse_regex; static pcre_extra *fingerprint_parse_regex_study; -static int DetectTlsSubjectMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t, void *, const Signature *, const SigMatch *); +static int DetectTlsSubjectMatch (ThreadVars *, DetectEngineThreadCtx *, + Flow *, uint8_t, void *, + const Signature *, const SigMatchData *); static int DetectTlsSubjectSetup (DetectEngineCtx *, Signature *, char *); static void DetectTlsSubjectRegisterTests(void); static void DetectTlsSubjectFree(void *); -static int DetectTlsIssuerDNMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t, void *, const Signature *, const SigMatch *); + +static int DetectTlsIssuerDNMatch (ThreadVars *, DetectEngineThreadCtx *, + Flow *, uint8_t, void *, + const Signature *, const SigMatchData *); static int DetectTlsIssuerDNSetup (DetectEngineCtx *, Signature *, char *); static void DetectTlsIssuerDNRegisterTests(void); static void DetectTlsIssuerDNFree(void *); -static int DetectTlsFingerprintMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t, void *, const Signature *, const SigMatch *); + +static int DetectTlsFingerprintMatch (ThreadVars *, DetectEngineThreadCtx *, + Flow *, uint8_t, void *, + const Signature *, const SigMatchData *); static int DetectTlsFingerprintSetup (DetectEngineCtx *, Signature *, char *); static void DetectTlsFingerprintFree(void *); + static int DetectTlsStoreSetup (DetectEngineCtx *, Signature *, char *); -static int DetectTlsStoreMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t, void *, const Signature *, const SigMatch *); +static int DetectTlsStoreMatch (ThreadVars *, DetectEngineThreadCtx *, + Flow *, uint8_t, void *, + const Signature *, const SigMatchData *); /** * \brief Registration function for keyword: tls.version @@ -149,12 +160,13 @@ void DetectTlsRegister (void) * \retval 0 no match * \retval 1 match */ -static int DetectTlsSubjectMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f, - uint8_t flags, void *state, const Signature *s, const SigMatch *m) +static int DetectTlsSubjectMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, + Flow *f, uint8_t flags, void *state, + const Signature *s, const SigMatchData *m) { SCEnter(); - DetectTlsData *tls_data = (DetectTlsData *)m->ctx; + const DetectTlsData *tls_data = (const DetectTlsData *)m->ctx; SSLState *ssl_state = (SSLState *)state; if (ssl_state == NULL) { SCLogDebug("no tls state, no match"); @@ -360,12 +372,13 @@ static void DetectTlsSubjectRegisterTests(void) * \retval 0 no match * \retval 1 match */ -static int DetectTlsIssuerDNMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f, - uint8_t flags, void *state, const Signature *s, const SigMatch *m) +static int DetectTlsIssuerDNMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, + Flow *f, uint8_t flags, void *state, + const Signature *s, const SigMatchData *m) { SCEnter(); - DetectTlsData *tls_data = (DetectTlsData *)m->ctx; + const DetectTlsData *tls_data = (const DetectTlsData *)m->ctx; SSLState *ssl_state = (SSLState *)state; if (ssl_state == NULL) { SCLogDebug("no tls state, no match"); @@ -643,11 +656,12 @@ error: * \retval 0 no match * \retval 1 match */ -static int DetectTlsFingerprintMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f, - uint8_t flags, void *state, const Signature *s, const SigMatch *m) +static int DetectTlsFingerprintMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, + Flow *f, uint8_t flags, void *state, + const Signature *s, const SigMatchData *m) { SCEnter(); - DetectTlsData *tls_data = (DetectTlsData *)m->ctx; + const DetectTlsData *tls_data = (const DetectTlsData *)m->ctx; SSLState *ssl_state = (SSLState *)state; if (ssl_state == NULL) { SCLogDebug("no tls state, no match"); @@ -796,8 +810,9 @@ error: } /** \warning modifies state */ -static int DetectTlsStoreMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f, - uint8_t flags, void *state, const Signature *s, const SigMatch *m) +static int DetectTlsStoreMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, + Flow *f, uint8_t flags, void *state, + const Signature *s, const SigMatchData *m) { SCEnter(); diff --git a/src/detect-ttl.c b/src/detect-ttl.c index 9b71158645..b70312e47e 100644 --- a/src/detect-ttl.c +++ b/src/detect-ttl.c @@ -373,7 +373,7 @@ static int PrefilterSetupTtl(SigGroupHead *sgh) static _Bool PrefilterTtlIsPrefilterable(const Signature *s) { const SigMatch *sm; - for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { + for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { switch (sm->type) { case DETECT_TTL: return TRUE; diff --git a/src/detect-within.c b/src/detect-within.c index f10b0275c6..fb35bb5ecf 100644 --- a/src/detect-within.c +++ b/src/detect-within.c @@ -86,23 +86,23 @@ static int DetectWithinSetup(DetectEngineCtx *de_ctx, Signature *s, char *within /* retrive the sm to apply the depth against */ if (s->list != DETECT_SM_LIST_NOTSET) { - pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->sm_lists_tail[s->list]); + pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->init_data->smlists_tail[s->list]); } else { pm = SigMatchGetLastSMFromLists(s, 28, - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_FILEDATA], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HMDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH], - DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH]); + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HCDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSCDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HUADMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HHHDMATCH], + DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_HRHHDMATCH]); } if (pm == NULL) { SCLogError(SC_ERR_OFFSET_MISSING_CONTENT, "within needs " diff --git a/src/detect.c b/src/detect.c index 00b5dfece4..27bef2c56b 100644 --- a/src/detect.c +++ b/src/detect.c @@ -1492,15 +1492,6 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh } } - SCLogDebug("s->sm_lists[DETECT_SM_LIST_AMATCH] %p, " - "s->sm_lists[DETECT_SM_LIST_UMATCH] %p, " - "s->sm_lists[DETECT_SM_LIST_DMATCH] %p, " - "s->sm_lists[DETECT_SM_LIST_HCDMATCH] %p", - s->sm_lists[DETECT_SM_LIST_AMATCH], - s->sm_lists[DETECT_SM_LIST_UMATCH], - s->sm_lists[DETECT_SM_LIST_DMATCH], - s->sm_lists[DETECT_SM_LIST_HCDMATCH]); - /* consider stateful sig matches */ if (sflags & SIG_FLAG_STATE_MATCH) { if (has_state == 0) { @@ -1915,49 +1906,49 @@ int SignatureIsIPOnly(DetectEngineCtx *de_ctx, const Signature *s) if (s->alproto != ALPROTO_UNKNOWN) return 0; - if (s->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) + if (s->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL) return 0; - if (s->sm_lists[DETECT_SM_LIST_UMATCH] != NULL) + if (s->init_data->smlists[DETECT_SM_LIST_UMATCH] != NULL) return 0; - if (s->sm_lists[DETECT_SM_LIST_HCBDMATCH] != NULL) + if (s->init_data->smlists[DETECT_SM_LIST_HCBDMATCH] != NULL) return 0; - if (s->sm_lists[DETECT_SM_LIST_FILEDATA] != NULL) + if (s->init_data->smlists[DETECT_SM_LIST_FILEDATA] != NULL) return 0; - if (s->sm_lists[DETECT_SM_LIST_HHDMATCH] != NULL) + if (s->init_data->smlists[DETECT_SM_LIST_HHDMATCH] != NULL) return 0; - if (s->sm_lists[DETECT_SM_LIST_HRHDMATCH] != NULL) + if (s->init_data->smlists[DETECT_SM_LIST_HRHDMATCH] != NULL) return 0; - if (s->sm_lists[DETECT_SM_LIST_HMDMATCH] != NULL) + if (s->init_data->smlists[DETECT_SM_LIST_HMDMATCH] != NULL) return 0; - if (s->sm_lists[DETECT_SM_LIST_HCDMATCH] != NULL) + if (s->init_data->smlists[DETECT_SM_LIST_HCDMATCH] != NULL) return 0; - if (s->sm_lists[DETECT_SM_LIST_HRUDMATCH] != NULL) + if (s->init_data->smlists[DETECT_SM_LIST_HRUDMATCH] != NULL) return 0; - if (s->sm_lists[DETECT_SM_LIST_HSMDMATCH] != NULL) + if (s->init_data->smlists[DETECT_SM_LIST_HSMDMATCH] != NULL) return 0; - if (s->sm_lists[DETECT_SM_LIST_HSCDMATCH] != NULL) + if (s->init_data->smlists[DETECT_SM_LIST_HSCDMATCH] != NULL) return 0; - if (s->sm_lists[DETECT_SM_LIST_HUADMATCH] != NULL) + if (s->init_data->smlists[DETECT_SM_LIST_HUADMATCH] != NULL) return 0; - if (s->sm_lists[DETECT_SM_LIST_HHHDMATCH] != NULL) + if (s->init_data->smlists[DETECT_SM_LIST_HHHDMATCH] != NULL) return 0; - if (s->sm_lists[DETECT_SM_LIST_HRHHDMATCH] != NULL) + if (s->init_data->smlists[DETECT_SM_LIST_HRHHDMATCH] != NULL) return 0; - if (s->sm_lists[DETECT_SM_LIST_AMATCH] != NULL) + if (s->init_data->smlists[DETECT_SM_LIST_AMATCH] != NULL) return 0; /* TMATCH list can be ignored, it contains TAGs and @@ -1979,7 +1970,7 @@ int SignatureIsIPOnly(DetectEngineCtx *de_ctx, const Signature *s) cidr_item = cidr_item->next; } - SigMatch *sm = s->sm_lists[DETECT_SM_LIST_MATCH]; + SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_MATCH]; if (sm == NULL) goto iponly; @@ -2015,49 +2006,49 @@ static int SignatureIsPDOnly(const Signature *s) if (s->alproto != ALPROTO_UNKNOWN) return 0; - if (s->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) + if (s->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL) return 0; - if (s->sm_lists[DETECT_SM_LIST_UMATCH] != NULL) + if (s->init_data->smlists[DETECT_SM_LIST_UMATCH] != NULL) return 0; - if (s->sm_lists[DETECT_SM_LIST_HCBDMATCH] != NULL) + if (s->init_data->smlists[DETECT_SM_LIST_HCBDMATCH] != NULL) return 0; - if (s->sm_lists[DETECT_SM_LIST_FILEDATA] != NULL) + if (s->init_data->smlists[DETECT_SM_LIST_FILEDATA] != NULL) return 0; - if (s->sm_lists[DETECT_SM_LIST_HHDMATCH] != NULL) + if (s->init_data->smlists[DETECT_SM_LIST_HHDMATCH] != NULL) return 0; - if (s->sm_lists[DETECT_SM_LIST_HRHDMATCH] != NULL) + if (s->init_data->smlists[DETECT_SM_LIST_HRHDMATCH] != NULL) return 0; - if (s->sm_lists[DETECT_SM_LIST_HMDMATCH] != NULL) + if (s->init_data->smlists[DETECT_SM_LIST_HMDMATCH] != NULL) return 0; - if (s->sm_lists[DETECT_SM_LIST_HCDMATCH] != NULL) + if (s->init_data->smlists[DETECT_SM_LIST_HCDMATCH] != NULL) return 0; - if (s->sm_lists[DETECT_SM_LIST_HRUDMATCH] != NULL) + if (s->init_data->smlists[DETECT_SM_LIST_HRUDMATCH] != NULL) return 0; - if (s->sm_lists[DETECT_SM_LIST_HSMDMATCH] != NULL) + if (s->init_data->smlists[DETECT_SM_LIST_HSMDMATCH] != NULL) return 0; - if (s->sm_lists[DETECT_SM_LIST_HSCDMATCH] != NULL) + if (s->init_data->smlists[DETECT_SM_LIST_HSCDMATCH] != NULL) return 0; - if (s->sm_lists[DETECT_SM_LIST_HUADMATCH] != NULL) + if (s->init_data->smlists[DETECT_SM_LIST_HUADMATCH] != NULL) return 0; - if (s->sm_lists[DETECT_SM_LIST_HHHDMATCH] != NULL) + if (s->init_data->smlists[DETECT_SM_LIST_HHHDMATCH] != NULL) return 0; - if (s->sm_lists[DETECT_SM_LIST_HRHHDMATCH] != NULL) + if (s->init_data->smlists[DETECT_SM_LIST_HRHHDMATCH] != NULL) return 0; - if (s->sm_lists[DETECT_SM_LIST_AMATCH] != NULL) + if (s->init_data->smlists[DETECT_SM_LIST_AMATCH] != NULL) return 0; /* TMATCH list can be ignored, it contains TAGs and @@ -2066,7 +2057,7 @@ static int SignatureIsPDOnly(const Signature *s) /* match list matches may be compatible to DP only. We follow the same * logic as IP-only so we can use that flag */ - SigMatch *sm = s->sm_lists[DETECT_SM_LIST_MATCH]; + SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_MATCH]; if (sm == NULL) return 0; @@ -2111,7 +2102,7 @@ static int SignatureIsPDOnly(const Signature *s) static int SignatureIsInspectingPayload(DetectEngineCtx *de_ctx, const Signature *s) { - if (s->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) { + if (s->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL) { return 1; } #if 0 @@ -2144,34 +2135,34 @@ static int SignatureIsDEOnly(DetectEngineCtx *de_ctx, const Signature *s) SCReturnInt(0); } - if (s->sm_lists[DETECT_SM_LIST_PMATCH] != NULL || - s->sm_lists[DETECT_SM_LIST_UMATCH] != NULL || - s->sm_lists[DETECT_SM_LIST_AMATCH] != NULL || - s->sm_lists[DETECT_SM_LIST_HCBDMATCH] != NULL || - s->sm_lists[DETECT_SM_LIST_FILEDATA] != NULL || - s->sm_lists[DETECT_SM_LIST_HHDMATCH] != NULL || - s->sm_lists[DETECT_SM_LIST_HRHDMATCH] != NULL || - s->sm_lists[DETECT_SM_LIST_HMDMATCH] != NULL || - s->sm_lists[DETECT_SM_LIST_HCDMATCH] != NULL || - s->sm_lists[DETECT_SM_LIST_HSMDMATCH] != NULL || - s->sm_lists[DETECT_SM_LIST_HSCDMATCH] != NULL || - s->sm_lists[DETECT_SM_LIST_HRUDMATCH] != NULL || - s->sm_lists[DETECT_SM_LIST_HUADMATCH] != NULL || - s->sm_lists[DETECT_SM_LIST_HHHDMATCH] != NULL || - s->sm_lists[DETECT_SM_LIST_HRHHDMATCH] != NULL) + if (s->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL || + s->init_data->smlists[DETECT_SM_LIST_UMATCH] != NULL || + s->init_data->smlists[DETECT_SM_LIST_AMATCH] != NULL || + s->init_data->smlists[DETECT_SM_LIST_HCBDMATCH] != NULL || + s->init_data->smlists[DETECT_SM_LIST_FILEDATA] != NULL || + s->init_data->smlists[DETECT_SM_LIST_HHDMATCH] != NULL || + s->init_data->smlists[DETECT_SM_LIST_HRHDMATCH] != NULL || + s->init_data->smlists[DETECT_SM_LIST_HMDMATCH] != NULL || + s->init_data->smlists[DETECT_SM_LIST_HCDMATCH] != NULL || + s->init_data->smlists[DETECT_SM_LIST_HSMDMATCH] != NULL || + s->init_data->smlists[DETECT_SM_LIST_HSCDMATCH] != NULL || + s->init_data->smlists[DETECT_SM_LIST_HRUDMATCH] != NULL || + s->init_data->smlists[DETECT_SM_LIST_HUADMATCH] != NULL || + s->init_data->smlists[DETECT_SM_LIST_HHHDMATCH] != NULL || + s->init_data->smlists[DETECT_SM_LIST_HRHHDMATCH] != NULL) { SCReturnInt(0); } /* check for conflicting keywords */ - SigMatch *sm = s->sm_lists[DETECT_SM_LIST_MATCH]; + SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_MATCH]; for ( ;sm != NULL; sm = sm->next) { if ( !(sigmatch_table[sm->type].flags & SIGMATCH_DEONLY_COMPAT)) SCReturnInt(0); } /* need at least one decode event keyword to be considered decode event. */ - sm = s->sm_lists[DETECT_SM_LIST_MATCH]; + sm = s->init_data->smlists[DETECT_SM_LIST_MATCH]; for ( ;sm != NULL; sm = sm->next) { if (sm->type == DETECT_DECODE_EVENT) goto deonly; @@ -2290,27 +2281,27 @@ static int SignatureCreateMask(Signature *s) { SCEnter(); - if (s->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) { + if (s->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL) { s->mask |= SIG_MASK_REQUIRE_PAYLOAD; SCLogDebug("sig requires payload"); } - if (s->sm_lists[DETECT_SM_LIST_DMATCH] != NULL) { + if (s->init_data->smlists[DETECT_SM_LIST_DMATCH] != NULL) { s->mask |= SIG_MASK_REQUIRE_DCE_STATE; SCLogDebug("sig requires dce state"); } - if (s->sm_lists[DETECT_SM_LIST_UMATCH] != NULL) { + if (s->init_data->smlists[DETECT_SM_LIST_UMATCH] != NULL) { s->mask |= SIG_MASK_REQUIRE_HTTP_STATE; SCLogDebug("sig requires http state"); } - if (s->sm_lists[DETECT_SM_LIST_HCBDMATCH] != NULL) { + if (s->init_data->smlists[DETECT_SM_LIST_HCBDMATCH] != NULL) { s->mask |= SIG_MASK_REQUIRE_HTTP_STATE; SCLogDebug("sig requires http app state"); } - if (s->sm_lists[DETECT_SM_LIST_FILEDATA] != NULL) { + if (s->init_data->smlists[DETECT_SM_LIST_FILEDATA] != NULL) { /* set the state depending from the protocol */ if (s->alproto == ALPROTO_HTTP) s->mask |= SIG_MASK_REQUIRE_HTTP_STATE; @@ -2320,58 +2311,58 @@ static int SignatureCreateMask(Signature *s) SCLogDebug("sig requires http or smtp app state"); } - if (s->sm_lists[DETECT_SM_LIST_HHDMATCH] != NULL) { + if (s->init_data->smlists[DETECT_SM_LIST_HHDMATCH] != NULL) { s->mask |= SIG_MASK_REQUIRE_HTTP_STATE; SCLogDebug("sig requires http app state"); } - if (s->sm_lists[DETECT_SM_LIST_HRHDMATCH] != NULL) { + if (s->init_data->smlists[DETECT_SM_LIST_HRHDMATCH] != NULL) { s->mask |= SIG_MASK_REQUIRE_HTTP_STATE; SCLogDebug("sig requires http app state"); } - if (s->sm_lists[DETECT_SM_LIST_HMDMATCH] != NULL) { + if (s->init_data->smlists[DETECT_SM_LIST_HMDMATCH] != NULL) { s->mask |= SIG_MASK_REQUIRE_HTTP_STATE; SCLogDebug("sig requires http app state"); } - if (s->sm_lists[DETECT_SM_LIST_HCDMATCH] != NULL) { + if (s->init_data->smlists[DETECT_SM_LIST_HCDMATCH] != NULL) { s->mask |= SIG_MASK_REQUIRE_HTTP_STATE; SCLogDebug("sig requires http app state"); } - if (s->sm_lists[DETECT_SM_LIST_HRUDMATCH] != NULL) { + if (s->init_data->smlists[DETECT_SM_LIST_HRUDMATCH] != NULL) { s->mask |= SIG_MASK_REQUIRE_HTTP_STATE; SCLogDebug("sig requires http app state"); } - if (s->sm_lists[DETECT_SM_LIST_HSMDMATCH] != NULL) { + if (s->init_data->smlists[DETECT_SM_LIST_HSMDMATCH] != NULL) { s->mask |= SIG_MASK_REQUIRE_HTTP_STATE; SCLogDebug("sig requires http app state"); } - if (s->sm_lists[DETECT_SM_LIST_HSCDMATCH] != NULL) { + if (s->init_data->smlists[DETECT_SM_LIST_HSCDMATCH] != NULL) { s->mask |= SIG_MASK_REQUIRE_HTTP_STATE; SCLogDebug("sig requires http app state"); } - if (s->sm_lists[DETECT_SM_LIST_HUADMATCH] != NULL) { + if (s->init_data->smlists[DETECT_SM_LIST_HUADMATCH] != NULL) { s->mask |= SIG_MASK_REQUIRE_HTTP_STATE; SCLogDebug("sig requires http app state"); } - if (s->sm_lists[DETECT_SM_LIST_HHHDMATCH] != NULL) { + if (s->init_data->smlists[DETECT_SM_LIST_HHHDMATCH] != NULL) { s->mask |= SIG_MASK_REQUIRE_HTTP_STATE; SCLogDebug("sig requires http app state"); } - if (s->sm_lists[DETECT_SM_LIST_HRHHDMATCH] != NULL) { + if (s->init_data->smlists[DETECT_SM_LIST_HRHHDMATCH] != NULL) { s->mask |= SIG_MASK_REQUIRE_HTTP_STATE; SCLogDebug("sig requires http app state"); } SigMatch *sm; - for (sm = s->sm_lists[DETECT_SM_LIST_AMATCH] ; sm != NULL; sm = sm->next) { + for (sm = s->init_data->smlists[DETECT_SM_LIST_AMATCH] ; sm != NULL; sm = sm->next) { switch(sm->type) { case DETECT_AL_URILEN: case DETECT_AL_HTTP_URI: @@ -2384,7 +2375,7 @@ static int SignatureCreateMask(Signature *s) } } - for (sm = s->sm_lists[DETECT_SM_LIST_APP_EVENT] ; sm != NULL; sm = sm->next) { + for (sm = s->init_data->smlists[DETECT_SM_LIST_APP_EVENT] ; sm != NULL; sm = sm->next) { switch (sm->type) { case DETECT_AL_APP_LAYER_EVENT: { @@ -2412,7 +2403,7 @@ static int SignatureCreateMask(Signature *s) } } - for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { + for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { switch(sm->type) { case DETECT_FLOWBITS: { @@ -2550,7 +2541,7 @@ static int SignatureCreateMask(Signature *s) SCLogDebug("sig requires flow"); } - if (s->sm_lists[DETECT_SM_LIST_AMATCH] != NULL) { + if (s->init_data->smlists[DETECT_SM_LIST_AMATCH] != NULL) { s->mask |= SIG_MASK_REQUIRE_FLOW; SCLogDebug("sig requires flow"); } @@ -2648,7 +2639,7 @@ static void SigParseApplyDsizeToContent(Signature *s) return; } - SigMatch *sm = s->sm_lists[DETECT_SM_LIST_PMATCH]; + SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; for ( ; sm != NULL; sm = sm->next) { if (sm->type != DETECT_CONTENT) { continue; @@ -2671,7 +2662,7 @@ static void SigParseApplyDsizeToContent(Signature *s) /** \brief Pure-PCRE or bytetest rule */ int RuleInspectsPayloadHasNoMpm(const Signature *s) { - if (s->mpm_sm == NULL && s->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) + if (s->mpm_sm == NULL && s->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL) return 1; return 0; } @@ -2769,7 +2760,7 @@ json_t *RulesGroupPrintSghStats(const SigGroupHead *sgh, if (s->mpm_sm == NULL) { nonmpm_cnt++; - if (s->sm_lists[DETECT_SM_LIST_MATCH] != NULL) { + if (s->sm_arrays[DETECT_SM_LIST_MATCH] != NULL) { SCLogDebug("SGH %p Non-MPM inspecting only packets. Rule %u", sgh, s->id); } @@ -3420,7 +3411,7 @@ int SigAddressPrepareStage1(DetectEngineCtx *de_ctx) char copresent = 0; SigMatch *sm; DetectContentData *co; - for (sm = tmp_s->sm_lists[DETECT_SM_LIST_MATCH]; sm != NULL; sm = sm->next) { + for (sm = tmp_s->init_data->smlists[DETECT_SM_LIST_MATCH]; sm != NULL; sm = sm->next) { if (sm->type != DETECT_CONTENT) continue; @@ -3459,7 +3450,7 @@ int SigAddressPrepareStage1(DetectEngineCtx *de_ctx) /* get the keyword supporting prefilter with the lowest type */ for (i = 0; i < DETECT_SM_LIST_DETECT_MAX; i++) { - SigMatch *sm = tmp_s->sm_lists[i]; + SigMatch *sm = tmp_s->init_data->smlists[i]; while (sm != NULL) { if (sigmatch_table[sm->type].SupportsPrefilter != NULL) { if (sigmatch_table[sm->type].SupportsPrefilter(tmp_s) == TRUE) { @@ -3473,7 +3464,7 @@ int SigAddressPrepareStage1(DetectEngineCtx *de_ctx) /* apply that keyword as prefilter */ if (prefilter_list != DETECT_TBLSIZE) { for (i = 0; i < DETECT_SM_LIST_DETECT_MAX; i++) { - SigMatch *sm = tmp_s->sm_lists[i]; + SigMatch *sm = tmp_s->init_data->smlists[i]; while (sm != NULL) { if (sm->type == prefilter_list) { tmp_s->prefilter_sm = sm; @@ -3934,7 +3925,7 @@ static int SigMatchPrepare(DetectEngineCtx *de_ctx) for (; s != NULL; s = s->next) { int type; for (type = 0; type < DETECT_SM_LIST_MAX; type++) { - SigMatch *sm = s->sm_lists[type]; + SigMatch *sm = s->init_data->smlists[type]; int len = SigMatchListLen(sm); if (len == 0) s->sm_arrays[type] = NULL; @@ -3954,6 +3945,10 @@ static int SigMatchPrepare(DetectEngineCtx *de_ctx) } } DetectEngineAppInspectionEngine2Signature(s); + + /* TODO free lists etc */ + SCFree(s->init_data); + s->init_data = NULL; } diff --git a/src/detect.h b/src/detect.h index f091a89451..74efc8f847 100644 --- a/src/detect.h +++ b/src/detect.h @@ -400,6 +400,17 @@ typedef struct DetectEngineAppInspectionEngine_ { struct DetectEngineAppInspectionEngine_ *next; } DetectEngineAppInspectionEngine; +#ifdef UNITTESTS +#define sm_lists init_data->smlists +#define sm_lists_tail init_data->smlists_tail +#endif + +typedef struct SignatureInitData_ { + /* holds all sm lists */ + struct SigMatch_ *smlists[DETECT_SM_LIST_MAX]; + /* holds all sm lists' tails */ + struct SigMatch_ *smlists_tail[DETECT_SM_LIST_MAX]; +} SignatureInitData; /** \brief Signature container */ typedef struct Signature_ { @@ -461,12 +472,8 @@ typedef struct Signature_ { /* Hold copies of the sm lists for Match() */ SigMatchData *sm_arrays[DETECT_SM_LIST_MAX]; - /* holds all sm lists */ - struct SigMatch_ *sm_lists[DETECT_SM_LIST_MAX]; - /* holds all sm lists' tails */ - struct SigMatch_ *sm_lists_tail[DETECT_SM_LIST_MAX]; - - SigMatch *filestore_sm; + /* memory is still owned by the sm_lists/sm_arrays entry */ + const struct DetectFilestoreData_ *filestore_ctx; char *msg; @@ -499,6 +506,8 @@ typedef struct Signature_ { int prefilter_list; + SignatureInitData *init_data; + /** ptr to the next sig in the list */ struct Signature_ *next; } Signature; @@ -961,7 +970,9 @@ typedef struct SigTableElmt_ { int (*Match)(ThreadVars *, DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *); /** AppLayer match function pointer */ - int (*AppLayerMatch)(ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, const Signature *, const SigMatch *); + int (*AppLayerMatch)(ThreadVars *, DetectEngineThreadCtx *, + Flow *, uint8_t flags, void *alstate, + const Signature *, const SigMatchData *); /** AppLayer TX match function pointer */ int (*AppLayerTxMatch)(ThreadVars *, DetectEngineThreadCtx *, Flow *, diff --git a/src/util-threshold-config.c b/src/util-threshold-config.c index d45f7b7030..46679d4bbe 100644 --- a/src/util-threshold-config.c +++ b/src/util-threshold-config.c @@ -449,7 +449,7 @@ static int SetupThresholdRule(DetectEngineCtx *de_ctx, uint32_t id, uint32_t gid if (id == 0 && gid == 0) { for (s = de_ctx->sig_list; s != NULL; s = s->next) { sm = SigMatchGetLastSMFromLists(s, 2, - DETECT_THRESHOLD, s->sm_lists[DETECT_SM_LIST_THRESHOLD]); + DETECT_THRESHOLD, s->init_data->smlists[DETECT_SM_LIST_THRESHOLD]); if (sm != NULL) { SCLogWarning(SC_ERR_EVENT_ENGINE, "signature sid:%"PRIu32 " has " "an event var set. The signature event var is " @@ -459,7 +459,7 @@ static int SetupThresholdRule(DetectEngineCtx *de_ctx, uint32_t id, uint32_t gid } sm = SigMatchGetLastSMFromLists(s, 2, - DETECT_DETECTION_FILTER, s->sm_lists[DETECT_SM_LIST_THRESHOLD]); + DETECT_DETECTION_FILTER, s->init_data->smlists[DETECT_SM_LIST_THRESHOLD]); if (sm != NULL) { SCLogWarning(SC_ERR_EVENT_ENGINE, "signature sid:%"PRIu32 " has " "an event var set. The signature event var is " @@ -512,7 +512,7 @@ static int SetupThresholdRule(DetectEngineCtx *de_ctx, uint32_t id, uint32_t gid for (s = de_ctx->sig_list; s != NULL; s = s->next) { if (s->gid == gid) { sm = SigMatchGetLastSMFromLists(s, 2, - DETECT_THRESHOLD, s->sm_lists[DETECT_SM_LIST_THRESHOLD]); + DETECT_THRESHOLD, s->init_data->smlists[DETECT_SM_LIST_THRESHOLD]); if (sm != NULL) { SCLogWarning(SC_ERR_EVENT_ENGINE, "signature sid:%"PRIu32 " has " "an event var set. The signature event var is " @@ -522,7 +522,7 @@ static int SetupThresholdRule(DetectEngineCtx *de_ctx, uint32_t id, uint32_t gid } sm = SigMatchGetLastSMFromLists(s, 2, - DETECT_DETECTION_FILTER, s->sm_lists[DETECT_SM_LIST_THRESHOLD]); + DETECT_DETECTION_FILTER, s->init_data->smlists[DETECT_SM_LIST_THRESHOLD]); if (sm != NULL) { SCLogWarning(SC_ERR_EVENT_ENGINE, "signature sid:%"PRIu32 " has " "an event var set. The signature event var is " @@ -585,7 +585,7 @@ static int SetupThresholdRule(DetectEngineCtx *de_ctx, uint32_t id, uint32_t gid parsed_type != TYPE_BOTH && parsed_type != TYPE_LIMIT) { sm = SigMatchGetLastSMFromLists(s, 2, - DETECT_THRESHOLD, s->sm_lists[DETECT_SM_LIST_THRESHOLD]); + DETECT_THRESHOLD, s->init_data->smlists[DETECT_SM_LIST_THRESHOLD]); if (sm != NULL) { SCLogWarning(SC_ERR_EVENT_ENGINE, "signature sid:%"PRIu32 " has " "a threshold set. The signature event var is " @@ -595,7 +595,7 @@ static int SetupThresholdRule(DetectEngineCtx *de_ctx, uint32_t id, uint32_t gid } sm = SigMatchGetLastSMFromLists(s, 2, - DETECT_DETECTION_FILTER, s->sm_lists[DETECT_SM_LIST_THRESHOLD]); + DETECT_DETECTION_FILTER, s->init_data->smlists[DETECT_SM_LIST_THRESHOLD]); if (sm != NULL) { SCLogWarning(SC_ERR_EVENT_ENGINE, "signature sid:%"PRIu32 " has " "a detection_filter set. The signature event var is " @@ -608,10 +608,10 @@ static int SetupThresholdRule(DetectEngineCtx *de_ctx, uint32_t id, uint32_t gid #if 1 } else if (parsed_type == TYPE_THRESHOLD || parsed_type == TYPE_BOTH || parsed_type == TYPE_LIMIT) { sm = SigMatchGetLastSMFromLists(s, 2, - DETECT_THRESHOLD, s->sm_lists[DETECT_SM_LIST_THRESHOLD]); + DETECT_THRESHOLD, s->init_data->smlists[DETECT_SM_LIST_THRESHOLD]); if (sm == NULL) { sm = SigMatchGetLastSMFromLists(s, 2, - DETECT_DETECTION_FILTER, s->sm_lists[DETECT_SM_LIST_THRESHOLD]); + DETECT_DETECTION_FILTER, s->init_data->smlists[DETECT_SM_LIST_THRESHOLD]); } if (sm != NULL) { SigMatchRemoveSMFromList(s, sm, DETECT_SM_LIST_THRESHOLD); @@ -2609,52 +2609,27 @@ static FILE *SCThresholdConfGenerateInvalidDummyFD12() */ static int SCThresholdConfTest18(void) { - Signature *s = NULL; - int result = 0; - FILE *fd = NULL; - SigMatch *sm = NULL; - DetectThresholdData *de = NULL; - HostInitConfig(HOST_QUIET); DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - return result; + FAIL_IF_NULL(de_ctx); de_ctx->flags |= DE_QUIET; - s = DetectEngineAppendSig(de_ctx, "alert tcp 192.168.0.10 any -> 192.168.0.100 any (msg:\"suppress test\"; gid:1; sid:2200029;)"); - if (s == NULL) { - goto end; - } - - fd = SCThresholdConfGenerateInvalidDummyFD12(); + Signature *s = DetectEngineAppendSig(de_ctx, "alert tcp 192.168.0.10 any -> 192.168.0.100 any (msg:\"suppress test\"; gid:1; sid:2200029;)"); + FAIL_IF_NULL(s); + FILE *fd = SCThresholdConfGenerateInvalidDummyFD12(); + FAIL_IF_NULL(fd); SCThresholdConfInitContext(de_ctx,fd); SigGroupBuild(de_ctx); - if (s->sm_lists[DETECT_SM_LIST_SUPPRESS] == NULL) { - printf("no thresholds: "); - goto end; - } - sm = s->sm_lists[DETECT_SM_LIST_SUPPRESS]; - if (sm == NULL) { - printf("no sm: "); - goto end; - } - - de = (DetectThresholdData *)sm->ctx; - if (de == NULL) { - printf("no de: "); - goto end; - } - if (!(de->type == TYPE_SUPPRESS && de->track == TRACK_DST)) { - printf("de state wrong: "); - goto end; - } + FAIL_IF_NULL(s->sm_arrays[DETECT_SM_LIST_SUPPRESS]); + SigMatchData *smd = s->sm_arrays[DETECT_SM_LIST_SUPPRESS]; + DetectThresholdData *de = (DetectThresholdData *)smd->ctx; + FAIL_IF_NULL(de); + FAIL_IF_NOT(de->type == TYPE_SUPPRESS && de->track == TRACK_DST); - result = 1; -end: DetectEngineCtxFree(de_ctx); HostShutdown(); - return result; + PASS; } /** @@ -2684,52 +2659,24 @@ static FILE *SCThresholdConfGenerateInvalidDummyFD13() */ static int SCThresholdConfTest19(void) { - Signature *s = NULL; - int result = 0; - FILE *fd = NULL; - SigMatch *sm = NULL; - DetectThresholdData *de = NULL; - HostInitConfig(HOST_QUIET); DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - return result; + FAIL_IF_NULL(de_ctx); de_ctx->flags |= DE_QUIET; - - s = DetectEngineAppendSig(de_ctx, "alert tcp 192.168.0.10 any -> 192.168.0.100 any (msg:\"suppress test\"; gid:1; sid:2200029;)"); - if (s == NULL) { - goto end; - } - - fd = SCThresholdConfGenerateInvalidDummyFD13(); + Signature *s = DetectEngineAppendSig(de_ctx, "alert tcp 192.168.0.10 any -> 192.168.0.100 any (msg:\"suppress test\"; gid:1; sid:2200029;)"); + FAIL_IF_NULL(s); + FILE *fd = SCThresholdConfGenerateInvalidDummyFD13(); + FAIL_IF_NULL(fd); SCThresholdConfInitContext(de_ctx,fd); SigGroupBuild(de_ctx); - - if (s->sm_lists[DETECT_SM_LIST_SUPPRESS] == NULL) { - printf("no thresholds: "); - goto end; - } - sm = s->sm_lists[DETECT_SM_LIST_SUPPRESS]; - if (sm == NULL) { - printf("no sm: "); - goto end; - } - - de = (DetectThresholdData *)sm->ctx; - if (de == NULL) { - printf("no de: "); - goto end; - } - if (!(de->type == TYPE_SUPPRESS && de->track == TRACK_DST)) { - printf("de state wrong: "); - goto end; - } - - result = 1; -end: + FAIL_IF_NULL(s->sm_arrays[DETECT_SM_LIST_SUPPRESS]); + SigMatchData *smd = s->sm_arrays[DETECT_SM_LIST_SUPPRESS]; + DetectThresholdData *de = (DetectThresholdData *)smd->ctx; + FAIL_IF_NULL(de); + FAIL_IF_NOT(de->type == TYPE_SUPPRESS && de->track == TRACK_DST); DetectEngineCtxFree(de_ctx); HostShutdown(); - return result; + PASS; } /**