From: Victor Julien Date: Sat, 10 Oct 2015 15:10:13 +0000 (+0200) Subject: proto detect: in mpm switch to rule id X-Git-Tag: suricata-3.1RC1~354 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b2fcb17859f02dcf6d69c4d2836d44b16a3c73dc;p=thirdparty%2Fsuricata.git proto detect: in mpm switch to rule id Use the rule id API instead of pattern id API. --- diff --git a/src/app-layer-detect-proto.c b/src/app-layer-detect-proto.c index 3ccc6d0c9b..b6b1f4f755 100644 --- a/src/app-layer-detect-proto.c +++ b/src/app-layer-detect-proto.c @@ -106,6 +106,7 @@ typedef struct AppLayerProtoDetectProbingParser_ { typedef struct AppLayerProtoDetectPMSignature_ { AppProto alproto; + SigIntId id; /* \todo Change this into a non-pointer */ DetectContentData *cd; struct AppLayerProtoDetectPMSignature_ *next; @@ -124,6 +125,7 @@ typedef struct AppLayerProtoDetectPMCtx_ { /* \todo we don't need this except at setup time. Get rid of it. */ PatIntId max_pat_id; + SigIntId max_sig_id; } AppLayerProtoDetectPMCtx; typedef struct AppLayerProtoDetectCtxIpproto_ { @@ -254,8 +256,8 @@ static AppProto AppLayerProtoDetectPMGetProto(AppLayerProtoDetectThreadCtx *tctx /* loop through unique pattern id's. Can't use search_cnt here, * as that contains all matches, tctx->pmq.pattern_id_array_cnt * contains only *unique* matches. */ - for (cnt = 0; cnt < tctx->pmq.pattern_id_array_cnt; cnt++) { - const AppLayerProtoDetectPMSignature *s = pm_ctx->map[tctx->pmq.pattern_id_array[cnt]]; + for (cnt = 0; cnt < tctx->pmq.rule_id_array_cnt; cnt++) { + const AppLayerProtoDetectPMSignature *s = pm_ctx->map[tctx->pmq.rule_id_array[cnt]]; while (s != NULL) { AppProto proto = AppLayerProtoDetectPMMatchSignature(s, buf, searchlen, ipproto); @@ -1027,8 +1029,6 @@ static void AppLayerProtoDetectPMGetIpprotos(AppProto alproto, SCEnter(); const AppLayerProtoDetectPMSignature *s = NULL; - int pat_id, max_pat_id; - int i, j; uint8_t ipproto; @@ -1036,15 +1036,12 @@ static void AppLayerProtoDetectPMGetIpprotos(AppProto alproto, ipproto = FlowGetReverseProtoMapping(i); for (j = 0; j < 2; j++) { AppLayerProtoDetectPMCtx *pm_ctx = &alpd_ctx.ctx_ipp[i].ctx_pm[j]; - max_pat_id = pm_ctx->max_pat_id; - - for (pat_id = 0; pat_id < max_pat_id; pat_id++) { - s = pm_ctx->map[pat_id]; - while (s != NULL) { - if (s->alproto == alproto) - ipprotos[ipproto / 8] |= 1 << (ipproto % 8); - s = s->next; - } + + SigIntId x; + for (x = 0; x < pm_ctx->max_sig_id;x++) { + s = pm_ctx->map[x]; + if (s->alproto == alproto) + ipprotos[ipproto / 8] |= 1 << (ipproto % 8); } } } @@ -1081,6 +1078,7 @@ static int AppLayerProtoDetectPMSetContentIDs(AppLayerProtoDetectPMCtx *ctx) for (s = ctx->head; s != NULL; s = s->next) { struct_total_size += sizeof(TempContainer); content_total_size += s->cd->content_len; + ctx->max_sig_id++; } ahb = SCMalloc(sizeof(uint8_t) * (struct_total_size + content_total_size)); @@ -1134,54 +1132,40 @@ static int AppLayerProtoDetectPMMapSignatures(AppLayerProtoDetectPMCtx *ctx) SCEnter(); int ret = 0; - PatIntId max_pat_id = 0, tmp_pat_id; AppLayerProtoDetectPMSignature *s, *next_s; int mpm_ret; + SigIntId id = 0; - max_pat_id = ctx->max_pat_id; - - ctx->map = SCMalloc((max_pat_id) * sizeof(AppLayerProtoDetectPMSignature *)); + ctx->map = SCMalloc(ctx->max_sig_id * sizeof(AppLayerProtoDetectPMSignature *)); if (ctx->map == NULL) goto error; - memset(ctx->map, 0, (max_pat_id) * sizeof(AppLayerProtoDetectPMSignature *)); + memset(ctx->map, 0, ctx->max_sig_id * sizeof(AppLayerProtoDetectPMSignature *)); - /* add an array indexed by pattern id to look up the sig */ - for (s = ctx->head; s != NULL;) { + /* add an array indexed by rule id to look up the sig */ + for (s = ctx->head; s != NULL; ) { next_s = s->next; - s->next = ctx->map[s->cd->id]; - ctx->map[s->cd->id] = s; - s = next_s; - } - ctx->head = NULL; + s->id = id++; + SCLogDebug("s->id %u", s->id); - - for (tmp_pat_id = 0; tmp_pat_id < max_pat_id; tmp_pat_id++) { - s = NULL; - for (s = ctx->map[tmp_pat_id]; s != NULL; s = s->next) { - if (s->cd->flags & DETECT_CONTENT_NOCASE) { - break; - } - } - /* if s != NULL now, it's CI. If NULL, CS */ - - if (s != NULL) { + if (s->cd->flags & DETECT_CONTENT_NOCASE) { mpm_ret = MpmAddPatternCI(&ctx->mpm_ctx, s->cd->content, s->cd->content_len, - 0, 0, tmp_pat_id, 0, 0); + 0, 0, s->cd->id, s->id, 0); if (mpm_ret < 0) goto error; } else { - s = ctx->map[tmp_pat_id]; - if (s == NULL) - goto error; - mpm_ret = MpmAddPatternCS(&ctx->mpm_ctx, s->cd->content, s->cd->content_len, - 0, 0, tmp_pat_id, 0, 0); + 0, 0, s->cd->id, s->id, 0); if (mpm_ret < 0) goto error; } + + ctx->map[s->id] = s; + s->next = NULL; + s = next_s; } + ctx->head = NULL; goto end; error: @@ -1356,7 +1340,7 @@ int AppLayerProtoDetectPrepareState(void) if (AppLayerProtoDetectPMSetContentIDs(ctx_pm) < 0) goto error; - if (ctx_pm->max_pat_id == 0) + if (ctx_pm->max_sig_id == 0) continue; if (AppLayerProtoDetectPMMapSignatures(ctx_pm) < 0) @@ -1553,19 +1537,15 @@ int AppLayerProtoDetectDeSetup(void) int dir = 0; PatIntId id = 0; AppLayerProtoDetectPMCtx *pm_ctx = NULL; - AppLayerProtoDetectPMSignature *sig = NULL, *next_sig = NULL; + AppLayerProtoDetectPMSignature *sig = NULL; for (ipproto_map = 0; ipproto_map < FLOW_PROTO_DEFAULT; ipproto_map++) { for (dir = 0; dir < 2; dir++) { pm_ctx = &alpd_ctx.ctx_ipp[ipproto_map].ctx_pm[dir]; mpm_table[pm_ctx->mpm_ctx.mpm_type].DestroyCtx(pm_ctx->mpm_ctx.ctx); - for (id = 0; id < pm_ctx->max_pat_id; id++) { + for (id = 0; id < pm_ctx->max_sig_id; id++) { sig = pm_ctx->map[id]; - while (sig != NULL) { - next_sig = sig->next; - AppLayerProtoDetectPMFreeSignature(sig); - sig = next_sig; - } + AppLayerProtoDetectPMFreeSignature(sig); } } }