From: Victor Julien Date: Tue, 30 Apr 2024 05:38:42 +0000 (+0200) Subject: detect/prefilter: use sig mask to exclude pkt engines X-Git-Tag: suricata-8.0.0-beta1~1145 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=956c8bebd1b404ff05b267cc9594b05867294f7d;p=thirdparty%2Fsuricata.git detect/prefilter: use sig mask to exclude pkt engines Add an argument to the packet prefilter registration function to include `SignatureMask` flags. This will be used at runtime to only call these prefilter engines when the mask check passes. --- diff --git a/src/detect-app-layer-protocol.c b/src/detect-app-layer-protocol.c index cdef7db532..938b96a5b4 100644 --- a/src/detect-app-layer-protocol.c +++ b/src/detect-app-layer-protocol.c @@ -316,9 +316,8 @@ PrefilterPacketAppProtoCompare(PrefilterPacketHeaderValue v, void *smctx) static int PrefilterSetupAppProto(DetectEngineCtx *de_ctx, SigGroupHead *sgh) { return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_AL_APP_LAYER_PROTOCOL, - PrefilterPacketAppProtoSet, - PrefilterPacketAppProtoCompare, - PrefilterPacketAppProtoMatch); + SIG_MASK_REQUIRE_FLOW, PrefilterPacketAppProtoSet, PrefilterPacketAppProtoCompare, + PrefilterPacketAppProtoMatch); } static bool PrefilterAppProtoIsPrefilterable(const Signature *s) diff --git a/src/detect-dsize.c b/src/detect-dsize.c index e518a59696..e1b5bfeb23 100644 --- a/src/detect-dsize.c +++ b/src/detect-dsize.c @@ -195,8 +195,8 @@ PrefilterPacketDsizeMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void static int PrefilterSetupDsize(DetectEngineCtx *de_ctx, SigGroupHead *sgh) { - return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_DSIZE, PrefilterPacketU16Set, - PrefilterPacketU16Compare, PrefilterPacketDsizeMatch); + return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_DSIZE, SIG_MASK_REQUIRE_REAL_PKT, + PrefilterPacketU16Set, PrefilterPacketU16Compare, PrefilterPacketDsizeMatch); } static bool PrefilterDsizeIsPrefilterable(const Signature *s) diff --git a/src/detect-engine-prefilter-common.c b/src/detect-engine-prefilter-common.c index 15df839b0c..3c3321b8f5 100644 --- a/src/detect-engine-prefilter-common.c +++ b/src/detect-engine-prefilter-common.c @@ -93,9 +93,8 @@ static void GetExtraMatch(const Signature *s, uint16_t *type, uint16_t *value) /** \internal */ -static int -SetupEngineForPacketHeader(DetectEngineCtx *de_ctx, SigGroupHead *sgh, - int sm_type, PrefilterPacketHeaderHashCtx *hctx, +static int SetupEngineForPacketHeader(DetectEngineCtx *de_ctx, SigGroupHead *sgh, int sm_type, + SignatureMask mask, PrefilterPacketHeaderHashCtx *hctx, bool (*Compare)(PrefilterPacketHeaderValue v, void *), void (*Match)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)) { @@ -143,8 +142,8 @@ SetupEngineForPacketHeader(DetectEngineCtx *de_ctx, SigGroupHead *sgh, SCLogDebug("%s: ctx %p extra type %u extra value %u, sig cnt %u", sigmatch_table[sm_type].name, ctx, ctx->type, ctx->value, ctx->sigs_cnt); - PrefilterAppendEngine(de_ctx, sgh, Match, ctx, - PrefilterPacketHeaderFree, sigmatch_table[sm_type].name); + PrefilterAppendEngine( + de_ctx, sgh, Match, mask, ctx, PrefilterPacketHeaderFree, sigmatch_table[sm_type].name); return 0; } @@ -197,9 +196,8 @@ static void ApplyToU8Hash(PrefilterPacketU8HashCtx *ctx, PrefilterPacketHeaderVa * \todo improve error handling * \todo deduplicate sigs arrays */ -static int -SetupEngineForPacketHeaderPrefilterPacketU8HashCtx(DetectEngineCtx *de_ctx, - SigGroupHead *sgh, int sm_type, uint32_t *counts, +static int SetupEngineForPacketHeaderPrefilterPacketU8HashCtx(DetectEngineCtx *de_ctx, + SigGroupHead *sgh, int sm_type, SignatureMask mask, uint32_t *counts, void (*Set)(PrefilterPacketHeaderValue *v, void *), bool (*Compare)(PrefilterPacketHeaderValue v, void *), void (*Match)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)) @@ -247,8 +245,7 @@ SetupEngineForPacketHeaderPrefilterPacketU8HashCtx(DetectEngineCtx *de_ctx, } if (cnt) { - PrefilterAppendEngine(de_ctx, sgh, Match, ctx, - PrefilterPacketU8HashCtxFree, + PrefilterAppendEngine(de_ctx, sgh, Match, mask, ctx, PrefilterPacketU8HashCtxFree, sigmatch_table[sm_type].name); } else { PrefilterPacketU8HashCtxFree(ctx); @@ -259,30 +256,25 @@ SetupEngineForPacketHeaderPrefilterPacketU8HashCtx(DetectEngineCtx *de_ctx, /** \internal * \brief setup a engine for each unique value */ -static void SetupSingle(DetectEngineCtx *de_ctx, HashListTable *hash_table, - SigGroupHead *sgh, int sm_type, - bool (*Compare)(PrefilterPacketHeaderValue v, void *), - void (*Match)(DetectEngineThreadCtx *det_ctx, - Packet *p, const void *pectx)) +static void SetupSingle(DetectEngineCtx *de_ctx, HashListTable *hash_table, SigGroupHead *sgh, + int sm_type, SignatureMask mask, bool (*Compare)(PrefilterPacketHeaderValue v, void *), + void (*Match)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)) { HashListTableBucket *hb = HashListTableGetListHead(hash_table); for ( ; hb != NULL; hb = HashListTableGetListNext(hb)) { PrefilterPacketHeaderHashCtx *ctx = HashListTableGetListData(hb); - SetupEngineForPacketHeader(de_ctx, sgh, sm_type, - ctx, Compare, Match); + SetupEngineForPacketHeader(de_ctx, sgh, sm_type, mask, ctx, Compare, Match); } } /** \internal * \brief setup a single engine with a hash map for u8 values */ -static void SetupU8Hash(DetectEngineCtx *de_ctx, HashListTable *hash_table, - SigGroupHead *sgh, int sm_type, - void (*Set)(PrefilterPacketHeaderValue *v, void *), +static void SetupU8Hash(DetectEngineCtx *de_ctx, HashListTable *hash_table, SigGroupHead *sgh, + int sm_type, SignatureMask mask, void (*Set)(PrefilterPacketHeaderValue *v, void *), bool (*Compare)(PrefilterPacketHeaderValue v, void *), - void (*Match)(DetectEngineThreadCtx *det_ctx, - Packet *p, const void *pectx)) + void (*Match)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)) { uint32_t counts[256]; memset(&counts, 0, sizeof(counts)); @@ -330,17 +322,14 @@ static void SetupU8Hash(DetectEngineCtx *de_ctx, HashListTable *hash_table, } } - SetupEngineForPacketHeaderPrefilterPacketU8HashCtx(de_ctx, sgh, sm_type, - counts, Set, Compare, Match); + SetupEngineForPacketHeaderPrefilterPacketU8HashCtx( + de_ctx, sgh, sm_type, mask, counts, Set, Compare, Match); } -static int PrefilterSetupPacketHeaderCommon(DetectEngineCtx *de_ctx, - SigGroupHead *sgh, int sm_type, - void (*Set)(PrefilterPacketHeaderValue *v, void *), +static int PrefilterSetupPacketHeaderCommon(DetectEngineCtx *de_ctx, SigGroupHead *sgh, int sm_type, + SignatureMask mask, void (*Set)(PrefilterPacketHeaderValue *v, void *), bool (*Compare)(PrefilterPacketHeaderValue v, void *), - void (*Match)(DetectEngineThreadCtx *det_ctx, - Packet *p, const void *pectx), - bool u8hash) + void (*Match)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx), bool u8hash) { Signature *s = NULL; uint32_t sig = 0; @@ -392,9 +381,9 @@ static int PrefilterSetupPacketHeaderCommon(DetectEngineCtx *de_ctx, } if (!u8hash) { - SetupSingle(de_ctx, hash_table, sgh, sm_type, Compare, Match); + SetupSingle(de_ctx, hash_table, sgh, sm_type, mask, Compare, Match); } else { - SetupU8Hash(de_ctx, hash_table, sgh, sm_type, Set, Compare, Match); + SetupU8Hash(de_ctx, hash_table, sgh, sm_type, mask, Set, Compare, Match); } HashListTableFree(hash_table); @@ -404,22 +393,18 @@ error: return -1; } -int PrefilterSetupPacketHeaderU8Hash(DetectEngineCtx *de_ctx, - SigGroupHead *sgh, int sm_type, - void (*Set)(PrefilterPacketHeaderValue *v, void *), +int PrefilterSetupPacketHeaderU8Hash(DetectEngineCtx *de_ctx, SigGroupHead *sgh, int sm_type, + SignatureMask mask, void (*Set)(PrefilterPacketHeaderValue *v, void *), bool (*Compare)(PrefilterPacketHeaderValue v, void *), - void (*Match)(DetectEngineThreadCtx *det_ctx, - Packet *p, const void *pectx)) + void (*Match)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)) { - return PrefilterSetupPacketHeaderCommon(de_ctx, sgh, sm_type, Set, Compare, Match, true); + return PrefilterSetupPacketHeaderCommon(de_ctx, sgh, sm_type, mask, Set, Compare, Match, true); } -int PrefilterSetupPacketHeader(DetectEngineCtx *de_ctx, - SigGroupHead *sgh, int sm_type, - void (*Set)(PrefilterPacketHeaderValue *v, void *), +int PrefilterSetupPacketHeader(DetectEngineCtx *de_ctx, SigGroupHead *sgh, int sm_type, + SignatureMask mask, void (*Set)(PrefilterPacketHeaderValue *v, void *), bool (*Compare)(PrefilterPacketHeaderValue v, void *), - void (*Match)(DetectEngineThreadCtx *det_ctx, - Packet *p, const void *pectx)) + void (*Match)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)) { - return PrefilterSetupPacketHeaderCommon(de_ctx, sgh, sm_type, Set, Compare, Match, false); + return PrefilterSetupPacketHeaderCommon(de_ctx, sgh, sm_type, mask, Set, Compare, Match, false); } diff --git a/src/detect-engine-prefilter-common.h b/src/detect-engine-prefilter-common.h index 8ef3bb5b15..e24f22fc7b 100644 --- a/src/detect-engine-prefilter-common.h +++ b/src/detect-engine-prefilter-common.h @@ -58,19 +58,15 @@ typedef struct PrefilterPacketU8HashCtx_ { #define PREFILTER_U8HASH_MODE_GT DetectUintModeGt #define PREFILTER_U8HASH_MODE_RA DetectUintModeRange -int PrefilterSetupPacketHeader(DetectEngineCtx *de_ctx, - SigGroupHead *sgh, int sm_type, - void (*Set)(PrefilterPacketHeaderValue *v, void *), +int PrefilterSetupPacketHeader(DetectEngineCtx *de_ctx, SigGroupHead *sgh, int sm_type, + SignatureMask mask, void (*Set)(PrefilterPacketHeaderValue *v, void *), bool (*Compare)(PrefilterPacketHeaderValue v, void *), - void (*Match)(DetectEngineThreadCtx *det_ctx, - Packet *p, const void *pectx)); + void (*Match)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)); -int PrefilterSetupPacketHeaderU8Hash(DetectEngineCtx *de_ctx, - SigGroupHead *sgh, int sm_type, - void (*Set)(PrefilterPacketHeaderValue *v, void *), +int PrefilterSetupPacketHeaderU8Hash(DetectEngineCtx *de_ctx, SigGroupHead *sgh, int sm_type, + SignatureMask mask, void (*Set)(PrefilterPacketHeaderValue *v, void *), bool (*Compare)(PrefilterPacketHeaderValue v, void *), - void (*Match)(DetectEngineThreadCtx *det_ctx, - Packet *p, const void *pectx)); + void (*Match)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)); static inline bool PrefilterPacketHeaderExtraMatch(const PrefilterPacketHeaderCtx *ctx, diff --git a/src/detect-engine-prefilter.c b/src/detect-engine-prefilter.c index 7d593bcfe8..83ccb2afb2 100644 --- a/src/detect-engine-prefilter.c +++ b/src/detect-engine-prefilter.c @@ -140,8 +140,8 @@ void DetectRunPrefilterTx(DetectEngineThreadCtx *det_ctx, } } -void Prefilter(DetectEngineThreadCtx *det_ctx, const SigGroupHead *sgh, - Packet *p, const uint8_t flags) +void Prefilter(DetectEngineThreadCtx *det_ctx, const SigGroupHead *sgh, Packet *p, + const uint8_t flags, const SignatureMask mask) { SCEnter(); #if 0 @@ -159,9 +159,11 @@ void Prefilter(DetectEngineThreadCtx *det_ctx, const SigGroupHead *sgh, /* run packet engines */ PrefilterEngine *engine = sgh->pkt_engines; do { - PREFILTER_PROFILING_START(det_ctx); - engine->cb.Prefilter(det_ctx, p, engine->pectx); - PREFILTER_PROFILING_END(det_ctx, engine->gid); + if ((engine->ctx.pkt_mask & mask) == engine->ctx.pkt_mask) { + PREFILTER_PROFILING_START(det_ctx); + engine->cb.Prefilter(det_ctx, p, engine->pectx); + PREFILTER_PROFILING_END(det_ctx, engine->gid); + } if (engine->is_last) break; @@ -200,7 +202,7 @@ void Prefilter(DetectEngineThreadCtx *det_ctx, const SigGroupHead *sgh, } int PrefilterAppendEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh, PrefilterPktFn PrefilterFunc, - void *pectx, void (*FreeFunc)(void *pectx), const char *name) + SignatureMask mask, void *pectx, void (*FreeFunc)(void *pectx), const char *name) { if (sgh == NULL || PrefilterFunc == NULL || pectx == NULL) return -1; @@ -213,6 +215,7 @@ int PrefilterAppendEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh, PrefilterP e->Prefilter = PrefilterFunc; e->pectx = pectx; e->Free = FreeFunc; + e->pkt_mask = mask; if (sgh->init->pkt_engines == NULL) { sgh->init->pkt_engines = e; @@ -445,6 +448,7 @@ void PrefilterSetupRuleGroup(DetectEngineCtx *de_ctx, SigGroupHead *sgh) for (el = sgh->init->pkt_engines ; el != NULL; el = el->next) { e->local_id = el->id; e->cb.Prefilter = el->Prefilter; + e->ctx.pkt_mask = el->pkt_mask; e->pectx = el->pectx; el->pectx = NULL; // e now owns the ctx e->gid = el->gid; @@ -469,6 +473,7 @@ void PrefilterSetupRuleGroup(DetectEngineCtx *de_ctx, SigGroupHead *sgh) for (el = sgh->init->payload_engines ; el != NULL; el = el->next) { e->local_id = el->id; e->cb.Prefilter = el->Prefilter; + e->ctx.pkt_mask = el->pkt_mask; e->pectx = el->pectx; el->pectx = NULL; // e now owns the ctx e->gid = el->gid; @@ -873,8 +878,8 @@ int PrefilterGenericMpmPktRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, M pectx->mpm_ctx = mpm_ctx; pectx->transforms = &mpm_reg->transforms; - int r = PrefilterAppendEngine(de_ctx, sgh, PrefilterMpmPkt, - pectx, PrefilterMpmPktFree, mpm_reg->pname); + int r = PrefilterAppendEngine( + de_ctx, sgh, PrefilterMpmPkt, 0, pectx, PrefilterMpmPktFree, mpm_reg->pname); if (r != 0) { SCFree(pectx); } diff --git a/src/detect-engine-prefilter.h b/src/detect-engine-prefilter.h index 2a8bdf765e..ec58594b9b 100644 --- a/src/detect-engine-prefilter.h +++ b/src/detect-engine-prefilter.h @@ -47,11 +47,11 @@ typedef struct PrefilterStore_ { uint32_t id; } PrefilterStore; -void Prefilter(DetectEngineThreadCtx *, const SigGroupHead *, Packet *p, - const uint8_t flags); +void Prefilter(DetectEngineThreadCtx *, const SigGroupHead *, Packet *p, const uint8_t flags, + const SignatureMask mask); int PrefilterAppendEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh, PrefilterPktFn PrefilterFunc, - void *pectx, void (*FreeFunc)(void *pectx), const char *name); + SignatureMask mask, void *pectx, void (*FreeFunc)(void *pectx), const char *name); int PrefilterAppendPayloadEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh, PrefilterPktFn PrefilterFunc, void *pectx, void (*FreeFunc)(void *pectx), const char *name); int PrefilterAppendTxEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh, diff --git a/src/detect-flow-age.c b/src/detect-flow-age.c index 06ea3d9f93..a9ec15b3ff 100644 --- a/src/detect-flow-age.c +++ b/src/detect-flow-age.c @@ -74,8 +74,8 @@ static void PrefilterPacketFlowAgeMatch( static int PrefilterSetupFlowAge(DetectEngineCtx *de_ctx, SigGroupHead *sgh) { - return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_FLOW_AGE, PrefilterPacketU32Set, - PrefilterPacketU32Compare, PrefilterPacketFlowAgeMatch); + return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_FLOW_AGE, SIG_MASK_REQUIRE_FLOW, + PrefilterPacketU32Set, PrefilterPacketU32Compare, PrefilterPacketFlowAgeMatch); } static bool PrefilterFlowAgeIsPrefilterable(const Signature *s) diff --git a/src/detect-flow-pkts.c b/src/detect-flow-pkts.c index ef5ab2d32a..ef8fed369c 100644 --- a/src/detect-flow-pkts.c +++ b/src/detect-flow-pkts.c @@ -75,7 +75,8 @@ static void PrefilterPacketFlowPktsToClientMatch( static int PrefilterSetupFlowPktsToClient(DetectEngineCtx *de_ctx, SigGroupHead *sgh) { return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_FLOW_PKTS_TO_CLIENT, - PrefilterPacketU32Set, PrefilterPacketU32Compare, PrefilterPacketFlowPktsToClientMatch); + SIG_MASK_REQUIRE_FLOW, PrefilterPacketU32Set, PrefilterPacketU32Compare, + PrefilterPacketFlowPktsToClientMatch); } static bool PrefilterFlowPktsToClientIsPrefilterable(const Signature *s) @@ -148,7 +149,8 @@ static void PrefilterPacketFlowPktsToServerMatch( static int PrefilterSetupFlowPktsToServer(DetectEngineCtx *de_ctx, SigGroupHead *sgh) { return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_FLOW_PKTS_TO_SERVER, - PrefilterPacketU32Set, PrefilterPacketU32Compare, PrefilterPacketFlowPktsToServerMatch); + SIG_MASK_REQUIRE_FLOW, PrefilterPacketU32Set, PrefilterPacketU32Compare, + PrefilterPacketFlowPktsToServerMatch); } static bool PrefilterFlowPktsToServerIsPrefilterable(const Signature *s) diff --git a/src/detect-flow.c b/src/detect-flow.c index 696e5013a0..0395b55f00 100644 --- a/src/detect-flow.c +++ b/src/detect-flow.c @@ -475,10 +475,8 @@ PrefilterPacketFlowCompare(PrefilterPacketHeaderValue v, void *smctx) static int PrefilterSetupFlow(DetectEngineCtx *de_ctx, SigGroupHead *sgh) { - return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_FLOW, - PrefilterPacketFlowSet, - PrefilterPacketFlowCompare, - PrefilterPacketFlowMatch); + return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_FLOW, 0, PrefilterPacketFlowSet, + PrefilterPacketFlowCompare, PrefilterPacketFlowMatch); } static bool PrefilterFlowIsPrefilterable(const Signature *s) diff --git a/src/detect-fragbits.c b/src/detect-fragbits.c index 1799eff05c..50112224c6 100644 --- a/src/detect-fragbits.c +++ b/src/detect-fragbits.c @@ -364,10 +364,9 @@ PrefilterPacketFragBitsCompare(PrefilterPacketHeaderValue v, void *smctx) static int PrefilterSetupFragBits(DetectEngineCtx *de_ctx, SigGroupHead *sgh) { - return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_FRAGBITS, - PrefilterPacketFragBitsSet, - PrefilterPacketFragBitsCompare, - PrefilterPacketFragBitsMatch); + return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_FRAGBITS, SIG_MASK_REQUIRE_REAL_PKT, + PrefilterPacketFragBitsSet, PrefilterPacketFragBitsCompare, + PrefilterPacketFragBitsMatch); } static bool PrefilterFragBitsIsPrefilterable(const Signature *s) diff --git a/src/detect-fragoffset.c b/src/detect-fragoffset.c index 93def9400c..ac2482cd75 100644 --- a/src/detect-fragoffset.c +++ b/src/detect-fragoffset.c @@ -310,10 +310,9 @@ PrefilterPacketFragOffsetCompare(PrefilterPacketHeaderValue v, void *smctx) static int PrefilterSetupFragOffset(DetectEngineCtx *de_ctx, SigGroupHead *sgh) { - return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_FRAGOFFSET, - PrefilterPacketFragOffsetSet, - PrefilterPacketFragOffsetCompare, - PrefilterPacketFragOffsetMatch); + return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_FRAGOFFSET, SIG_MASK_REQUIRE_REAL_PKT, + PrefilterPacketFragOffsetSet, PrefilterPacketFragOffsetCompare, + PrefilterPacketFragOffsetMatch); } static bool PrefilterFragOffsetIsPrefilterable(const Signature *s) diff --git a/src/detect-icmp-id.c b/src/detect-icmp-id.c index b35839a765..d8727c7aa4 100644 --- a/src/detect-icmp-id.c +++ b/src/detect-icmp-id.c @@ -307,10 +307,8 @@ PrefilterPacketIcmpIdCompare(PrefilterPacketHeaderValue v, void *smctx) static int PrefilterSetupIcmpId(DetectEngineCtx *de_ctx, SigGroupHead *sgh) { - return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_ICMP_ID, - PrefilterPacketIcmpIdSet, - PrefilterPacketIcmpIdCompare, - PrefilterPacketIcmpIdMatch); + return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_ICMP_ID, SIG_MASK_REQUIRE_REAL_PKT, + PrefilterPacketIcmpIdSet, PrefilterPacketIcmpIdCompare, PrefilterPacketIcmpIdMatch); } static bool PrefilterIcmpIdIsPrefilterable(const Signature *s) diff --git a/src/detect-icmp-seq.c b/src/detect-icmp-seq.c index acedba4b28..321517fbcb 100644 --- a/src/detect-icmp-seq.c +++ b/src/detect-icmp-seq.c @@ -308,10 +308,8 @@ PrefilterPacketIcmpSeqCompare(PrefilterPacketHeaderValue v, void *smctx) static int PrefilterSetupIcmpSeq(DetectEngineCtx *de_ctx, SigGroupHead *sgh) { - return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_ICMP_SEQ, - PrefilterPacketIcmpSeqSet, - PrefilterPacketIcmpSeqCompare, - PrefilterPacketIcmpSeqMatch); + return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_ICMP_SEQ, SIG_MASK_REQUIRE_REAL_PKT, + PrefilterPacketIcmpSeqSet, PrefilterPacketIcmpSeqCompare, PrefilterPacketIcmpSeqMatch); } static bool PrefilterIcmpSeqIsPrefilterable(const Signature *s) diff --git a/src/detect-icmpv6-mtu.c b/src/detect-icmpv6-mtu.c index 59b40fee48..0d6724b1a6 100644 --- a/src/detect-icmpv6-mtu.c +++ b/src/detect-icmpv6-mtu.c @@ -170,10 +170,8 @@ PrefilterPacketIcmpv6mtuMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const v static int PrefilterSetupIcmpv6mtu(DetectEngineCtx *de_ctx, SigGroupHead *sgh) { - return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_ICMPV6MTU, - PrefilterPacketU32Set, - PrefilterPacketU32Compare, - PrefilterPacketIcmpv6mtuMatch); + return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_ICMPV6MTU, SIG_MASK_REQUIRE_REAL_PKT, + PrefilterPacketU32Set, PrefilterPacketU32Compare, PrefilterPacketIcmpv6mtuMatch); } static bool PrefilterIcmpv6mtuIsPrefilterable(const Signature *s) diff --git a/src/detect-icode.c b/src/detect-icode.c index 2acfcda528..1634e4a976 100644 --- a/src/detect-icode.c +++ b/src/detect-icode.c @@ -173,8 +173,8 @@ static void PrefilterPacketICodeMatch(DetectEngineThreadCtx *det_ctx, static int PrefilterSetupICode(DetectEngineCtx *de_ctx, SigGroupHead *sgh) { - return PrefilterSetupPacketHeaderU8Hash(de_ctx, sgh, DETECT_ICODE, PrefilterPacketU8Set, - PrefilterPacketU8Compare, PrefilterPacketICodeMatch); + return PrefilterSetupPacketHeaderU8Hash(de_ctx, sgh, DETECT_ICODE, SIG_MASK_REQUIRE_REAL_PKT, + PrefilterPacketU8Set, PrefilterPacketU8Compare, PrefilterPacketICodeMatch); } static bool PrefilterICodeIsPrefilterable(const Signature *s) diff --git a/src/detect-id.c b/src/detect-id.c index 27703b4dbc..8a10195727 100644 --- a/src/detect-id.c +++ b/src/detect-id.c @@ -261,10 +261,8 @@ PrefilterPacketIdCompare(PrefilterPacketHeaderValue v, void *smctx) static int PrefilterSetupId(DetectEngineCtx *de_ctx, SigGroupHead *sgh) { - return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_ID, - PrefilterPacketIdSet, - PrefilterPacketIdCompare, - PrefilterPacketIdMatch); + return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_ID, SIG_MASK_REQUIRE_REAL_PKT, + PrefilterPacketIdSet, PrefilterPacketIdCompare, PrefilterPacketIdMatch); } static bool PrefilterIdIsPrefilterable(const Signature *s) diff --git a/src/detect-itype.c b/src/detect-itype.c index 5b432c6f57..42f9144f44 100644 --- a/src/detect-itype.c +++ b/src/detect-itype.c @@ -189,8 +189,8 @@ static void PrefilterPacketITypeMatch(DetectEngineThreadCtx *det_ctx, static int PrefilterSetupIType(DetectEngineCtx *de_ctx, SigGroupHead *sgh) { - return PrefilterSetupPacketHeaderU8Hash(de_ctx, sgh, DETECT_ITYPE, PrefilterPacketU8Set, - PrefilterPacketU8Compare, PrefilterPacketITypeMatch); + return PrefilterSetupPacketHeaderU8Hash(de_ctx, sgh, DETECT_ITYPE, SIG_MASK_REQUIRE_REAL_PKT, + PrefilterPacketU8Set, PrefilterPacketU8Compare, PrefilterPacketITypeMatch); } static bool PrefilterITypeIsPrefilterable(const Signature *s) diff --git a/src/detect-stream_size.c b/src/detect-stream_size.c index 79ee4b5fb4..7597b71b13 100644 --- a/src/detect-stream_size.c +++ b/src/detect-stream_size.c @@ -214,7 +214,8 @@ static bool PrefilterPacketStreamSizeCompare(PrefilterPacketHeaderValue v, void static int PrefilterSetupStreamSize(DetectEngineCtx *de_ctx, SigGroupHead *sgh) { - return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_STREAM_SIZE, PrefilterPacketStreamSizeSet, + return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_STREAM_SIZE, + SIG_MASK_REQUIRE_FLOW | SIG_MASK_REQUIRE_REAL_PKT, PrefilterPacketStreamSizeSet, PrefilterPacketStreamSizeCompare, PrefilterPacketStreamsizeMatch); } diff --git a/src/detect-tcp-ack.c b/src/detect-tcp-ack.c index 84a13f7f8e..d58ac4008a 100644 --- a/src/detect-tcp-ack.c +++ b/src/detect-tcp-ack.c @@ -183,10 +183,8 @@ PrefilterPacketAckCompare(PrefilterPacketHeaderValue v, void *smctx) static int PrefilterSetupTcpAck(DetectEngineCtx *de_ctx, SigGroupHead *sgh) { - return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_ACK, - PrefilterPacketAckSet, - PrefilterPacketAckCompare, - PrefilterPacketAckMatch); + return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_ACK, SIG_MASK_REQUIRE_REAL_PKT, + PrefilterPacketAckSet, PrefilterPacketAckCompare, PrefilterPacketAckMatch); } static bool PrefilterTcpAckIsPrefilterable(const Signature *s) diff --git a/src/detect-tcp-flags.c b/src/detect-tcp-flags.c index 57488e3860..472ebcad5d 100644 --- a/src/detect-tcp-flags.c +++ b/src/detect-tcp-flags.c @@ -595,11 +595,8 @@ PrefilterPacketFlagsCompare(PrefilterPacketHeaderValue v, void *smctx) static int PrefilterSetupTcpFlags(DetectEngineCtx *de_ctx, SigGroupHead *sgh) { - return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_FLAGS, - PrefilterPacketFlagsSet, - PrefilterPacketFlagsCompare, - PrefilterPacketFlagsMatch); - + return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_FLAGS, SIG_MASK_REQUIRE_REAL_PKT, + PrefilterPacketFlagsSet, PrefilterPacketFlagsCompare, PrefilterPacketFlagsMatch); } static bool PrefilterTcpFlagsIsPrefilterable(const Signature *s) diff --git a/src/detect-tcp-seq.c b/src/detect-tcp-seq.c index 91d6799c10..660e2717c8 100644 --- a/src/detect-tcp-seq.c +++ b/src/detect-tcp-seq.c @@ -178,10 +178,8 @@ PrefilterPacketSeqCompare(PrefilterPacketHeaderValue v, void *smctx) static int PrefilterSetupTcpSeq(DetectEngineCtx *de_ctx, SigGroupHead *sgh) { - return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_SEQ, - PrefilterPacketSeqSet, - PrefilterPacketSeqCompare, - PrefilterPacketSeqMatch); + return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_SEQ, SIG_MASK_REQUIRE_REAL_PKT, + PrefilterPacketSeqSet, PrefilterPacketSeqCompare, PrefilterPacketSeqMatch); } static bool PrefilterTcpSeqIsPrefilterable(const Signature *s) diff --git a/src/detect-tcpmss.c b/src/detect-tcpmss.c index 0ecdd8910f..e4bf4aac93 100644 --- a/src/detect-tcpmss.c +++ b/src/detect-tcpmss.c @@ -158,8 +158,8 @@ PrefilterPacketTcpmssMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void static int PrefilterSetupTcpmss(DetectEngineCtx *de_ctx, SigGroupHead *sgh) { - return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_TCPMSS, PrefilterPacketU16Set, - PrefilterPacketU16Compare, PrefilterPacketTcpmssMatch); + return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_TCPMSS, SIG_MASK_REQUIRE_REAL_PKT, + PrefilterPacketU16Set, PrefilterPacketU16Compare, PrefilterPacketTcpmssMatch); } static bool PrefilterTcpmssIsPrefilterable(const Signature *s) diff --git a/src/detect-template2.c b/src/detect-template2.c index 45efa7e6a6..da640064d4 100644 --- a/src/detect-template2.c +++ b/src/detect-template2.c @@ -170,8 +170,8 @@ PrefilterPacketTemplate2Match(DetectEngineThreadCtx *det_ctx, Packet *p, const v static int PrefilterSetupTemplate2(DetectEngineCtx *de_ctx, SigGroupHead *sgh) { - return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_TEMPLATE2, PrefilterPacketU8Set, - PrefilterPacketU8Compare, PrefilterPacketTemplate2Match); + return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_TEMPLATE2, SIG_MASK_REQUIRE_REAL_PKT, + PrefilterPacketU8Set, PrefilterPacketU8Compare, PrefilterPacketTemplate2Match); } static bool PrefilterTemplate2IsPrefilterable(const Signature *s) diff --git a/src/detect-ttl.c b/src/detect-ttl.c index efb86816d9..3c7f60eb0f 100644 --- a/src/detect-ttl.c +++ b/src/detect-ttl.c @@ -169,8 +169,8 @@ PrefilterPacketTtlMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *p static int PrefilterSetupTtl(DetectEngineCtx *de_ctx, SigGroupHead *sgh) { - return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_TTL, PrefilterPacketU8Set, - PrefilterPacketU8Compare, PrefilterPacketTtlMatch); + return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_TTL, SIG_MASK_REQUIRE_REAL_PKT, + PrefilterPacketU8Set, PrefilterPacketU8Compare, PrefilterPacketTtlMatch); } static bool PrefilterTtlIsPrefilterable(const Signature *s) diff --git a/src/detect.c b/src/detect.c index 7c7536a227..440ede9767 100644 --- a/src/detect.c +++ b/src/detect.c @@ -696,7 +696,7 @@ static inline void DetectRunPrefilterPkt( PACKET_PROFILING_DETECT_END(p, PROF_DETECT_NONMPMLIST); /* run the prefilter engines */ - Prefilter(det_ctx, scratch->sgh, p, scratch->flow_flags); + Prefilter(det_ctx, scratch->sgh, p, scratch->flow_flags, scratch->pkt_mask); /* create match list if we have non-pf and/or pf */ if (det_ctx->non_pf_store_cnt || det_ctx->pmq.rule_id_array_cnt) { #ifdef PROFILING diff --git a/src/detect.h b/src/detect.h index d0eb931fb5..6a2d9c2792 100644 --- a/src/detect.h +++ b/src/detect.h @@ -1394,6 +1394,8 @@ typedef struct PrefilterEngineList_ { uint8_t frame_type; + SignatureMask pkt_mask; /**< mask for pkt engines */ + /** Context for matching. Might be MpmCtx for MPM engines, other ctx' * for other engines. */ void *pectx; @@ -1419,6 +1421,7 @@ typedef struct PrefilterEngine_ { AppProto alproto; union { + SignatureMask pkt_mask; /**< mask for pkt engines */ /** Minimal Tx progress we need before running the engine. Only used * with Tx Engine */ uint8_t tx_min_progress;