From: Shivani Bhardwaj <shivani@oisf.net>
Date: Fri, 16 Feb 2024 09:18:46 +0000 (+0530)
Subject: detect/port: create a tree of given ports
X-Git-Tag: suricata-8.0.0-beta1~1679
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a02c44a3a439964c0dd47d602487776bbacd8ef1;p=thirdparty%2Fsuricata.git

detect/port: create a tree of given ports

After all the SGHs have been appropriately copied to the designated
ports, create an interval tree out of it for a faster lookup when later
a search for overlaps is made.

Ticket 6792
Bug 6414
---

diff --git a/src/detect-engine-build.c b/src/detect-engine-build.c
index 50c429c3eb..a983e72e68 100644
--- a/src/detect-engine-build.c
+++ b/src/detect-engine-build.c
@@ -38,6 +38,7 @@
 #include "detect-config.h"
 #include "detect-flowbits.h"
 
+#include "util-port-interval-tree.h"
 #include "util-profiling.h"
 #include "util-validate.h"
 #include "util-var-name.h"
@@ -1244,8 +1245,23 @@ static DetectPort *RulesGroupByPorts(DetectEngineCtx *de_ctx, uint8_t ipproto, u
         s = s->next;
     }
 
-    /* step 2: create a list of DetectPort objects */
+    /* Create an interval tree of all the given ports to make the search
+     * for overlaps later on easier */
+    SCPortIntervalTree *it = SCPortIntervalTreeInit();
+    if (it == NULL)
+        goto error;
+
     HashListTableBucket *htb = NULL;
+    for (htb = HashListTableGetListHead(de_ctx->dport_hash_table); htb != NULL;
+            htb = HashListTableGetListNext(htb)) {
+        DetectPort *p = HashListTableGetListData(htb);
+        if (SCPortIntervalInsert(de_ctx, it, p) != SC_OK) {
+            SCLogDebug("Port was not inserted in the tree");
+            goto error;
+        }
+    }
+
+    /* step 2: create a list of DetectPort objects */
     for (htb = HashListTableGetListHead(de_ctx->dport_hash_table);
             htb != NULL;
             htb = HashListTableGetListNext(htb))
@@ -1313,11 +1329,16 @@ static DetectPort *RulesGroupByPorts(DetectEngineCtx *de_ctx, uint8_t ipproto, u
             ipproto == 6 ? "TCP" : "UDP",
             direction == SIG_FLAG_TOSERVER ? "toserver" : "toclient",
             cnt, own, ref);
+    SCPortIntervalTreeFree(de_ctx, it);
     return list;
 
 error:
     if (unique_port_points != NULL)
         SCFree(unique_port_points);
+    if (it != NULL)
+        SCPortIntervalTreeFree(de_ctx, it);
+
+    return NULL;
 }
 
 void SignatureSetType(DetectEngineCtx *de_ctx, Signature *s)