From: Victor Julien Date: Sat, 15 Oct 2016 20:37:07 +0000 (+0200) Subject: detect: pass SigMatchData to inspect functions X-Git-Tag: suricata-4.0.0-beta1~409 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bd456076a85edd28d997ac50db785e0aab746156;p=thirdparty%2Fsuricata.git detect: pass SigMatchData to inspect functions --- diff --git a/src/detect-app-layer-event.c b/src/detect-app-layer-event.c index 38504c14b6..3e95fb57e0 100644 --- a/src/detect-app-layer-event.c +++ b/src/detect-app-layer-event.c @@ -57,7 +57,7 @@ static void DetectAppLayerEventRegisterTests(void); static void DetectAppLayerEventFree(void *); static int DetectEngineAptEventInspect(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id); @@ -88,7 +88,7 @@ void DetectAppLayerEventRegister(void) static int DetectEngineAptEventInspect(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id) { @@ -102,15 +102,20 @@ static int DetectEngineAptEventInspect(ThreadVars *tv, if (decoder_events == NULL) goto end; - for ( ; sm != NULL; sm = sm->next) { - aled = (DetectAppLayerEventData *)sm->ctx; + while (1) { + aled = (DetectAppLayerEventData *)smd->ctx; KEYWORD_PROFILING_START; + if (AppLayerDecoderEventsIsEventSet(decoder_events, aled->event_id)) { - KEYWORD_PROFILING_END(det_ctx, sm->type, 1); + KEYWORD_PROFILING_END(det_ctx, smd->type, 1); + + if (smd->is_last) + break; + smd++; continue; } - KEYWORD_PROFILING_END(det_ctx, sm->type, 0); + KEYWORD_PROFILING_END(det_ctx, smd->type, 0); goto end; } diff --git a/src/detect-base64-data.c b/src/detect-base64-data.c index ce54f1d661..d90d092513 100644 --- a/src/detect-base64-data.c +++ b/src/detect-base64-data.c @@ -75,7 +75,7 @@ int DetectBase64DataDoMatch(DetectEngineCtx *de_ctx, { if (det_ctx->base64_decoded_len) { return DetectEngineContentInspection(de_ctx, det_ctx, s, - s->sm_lists[DETECT_SM_LIST_BASE64_DATA], f, det_ctx->base64_decoded, + s->sm_arrays[DETECT_SM_LIST_BASE64_DATA], f, det_ctx->base64_decoded, det_ctx->base64_decoded_len, 0, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL); } diff --git a/src/detect-base64-decode.c b/src/detect-base64-decode.c index 251a89f9cd..638e76203e 100644 --- a/src/detect-base64-decode.c +++ b/src/detect-base64-decode.c @@ -55,9 +55,9 @@ void DetectBase64DecodeRegister(void) } int DetectBase64DecodeDoMatch(DetectEngineThreadCtx *det_ctx, const Signature *s, - const SigMatch *sm, uint8_t *payload, uint32_t payload_len) + const SigMatchData *smd, uint8_t *payload, uint32_t payload_len) { - DetectBase64Decode *data = (DetectBase64Decode *)sm->ctx; + DetectBase64Decode *data = (DetectBase64Decode *)smd->ctx; int decode_len; #if 0 diff --git a/src/detect-base64-decode.h b/src/detect-base64-decode.h index e2f602313d..4ae19cd93d 100644 --- a/src/detect-base64-decode.h +++ b/src/detect-base64-decode.h @@ -27,7 +27,7 @@ typedef struct DetectBase64Decode_ { } DetectBase64Decode; void DetectBase64DecodeRegister(void); -int DetectBase64DecodeDoMatch(DetectEngineThreadCtx *, - const Signature *, const SigMatch *, uint8_t *, uint32_t); +int DetectBase64DecodeDoMatch(DetectEngineThreadCtx *, const Signature *, + const SigMatchData *, uint8_t *, uint32_t); #endif /* __DETECT_BASE64_DECODE_H__ */ diff --git a/src/detect-byte-extract.c b/src/detect-byte-extract.c index 24b577bc84..db379031b3 100644 --- a/src/detect-byte-extract.c +++ b/src/detect-byte-extract.c @@ -110,12 +110,12 @@ void DetectByteExtractRegister(void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } -int DetectByteExtractDoMatch(DetectEngineThreadCtx *det_ctx, const SigMatch *sm, +int DetectByteExtractDoMatch(DetectEngineThreadCtx *det_ctx, const SigMatchData *smd, const Signature *s, uint8_t *payload, uint16_t payload_len, uint64_t *value, uint8_t endian) { - DetectByteExtractData *data = (DetectByteExtractData *)sm->ctx; + DetectByteExtractData *data = (DetectByteExtractData *)smd->ctx; uint8_t *ptr = NULL; int32_t len = 0; uint64_t val = 0; diff --git a/src/detect-byte-extract.h b/src/detect-byte-extract.h index 799d35627b..be3641bf27 100644 --- a/src/detect-byte-extract.h +++ b/src/detect-byte-extract.h @@ -62,7 +62,7 @@ typedef struct DetectByteExtractData_ { void DetectByteExtractRegister(void); SigMatch *DetectByteExtractRetrieveSMVar(const char *, const Signature *); -int DetectByteExtractDoMatch(DetectEngineThreadCtx *, const SigMatch *, const Signature *, +int DetectByteExtractDoMatch(DetectEngineThreadCtx *, const SigMatchData *, const Signature *, uint8_t *, uint16_t, uint64_t *, uint8_t); #endif /* __DETECT_BYTEEXTRACT_H__ */ diff --git a/src/detect-dnp3.c b/src/detect-dnp3.c index 92922e8f05..b2b945d0bc 100644 --- a/src/detect-dnp3.c +++ b/src/detect-dnp3.c @@ -139,7 +139,7 @@ static char *TrimString(char *str) } static int DetectEngineInspectDNP3Data(ThreadVars *tv, DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatch *sm, + DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { SCEnter(); @@ -150,12 +150,12 @@ static int DetectEngineInspectDNP3Data(ThreadVars *tv, DetectEngineCtx *de_ctx, /* Content match - should probably be put into its own file. */ if (flags & STREAM_TOSERVER && tx->request_buffer != NULL) { r = DetectEngineContentInspection(de_ctx, det_ctx, s, - s->sm_lists[DETECT_SM_LIST_DNP3_DATA_MATCH], f, tx->request_buffer, + s->sm_arrays[DETECT_SM_LIST_DNP3_DATA_MATCH], f, tx->request_buffer, tx->request_buffer_len, 0, 0, NULL); } else if (flags & STREAM_TOCLIENT && tx->response_buffer != NULL) { r = DetectEngineContentInspection(de_ctx, det_ctx, s, - s->sm_lists[DETECT_SM_LIST_DNP3_DATA_MATCH], f, tx->response_buffer, + s->sm_arrays[DETECT_SM_LIST_DNP3_DATA_MATCH], f, tx->response_buffer, tx->response_buffer_len, 0, 0, NULL); } @@ -163,7 +163,7 @@ static int DetectEngineInspectDNP3Data(ThreadVars *tv, DetectEngineCtx *de_ctx, } static int DetectEngineInspectDNP3(ThreadVars *tv, DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatch *sm, + DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { return DetectEngineInspectGenericList(tv, de_ctx, det_ctx, s, f, flags, diff --git a/src/detect-engine-content-inspection.c b/src/detect-engine-content-inspection.c index 95f4fc7fdb..e7f83da7c1 100644 --- a/src/detect-engine-content-inspection.c +++ b/src/detect-engine-content-inspection.c @@ -99,7 +99,7 @@ * \retval 1 match */ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t *buffer, uint32_t buffer_len, uint32_t stream_start_offset, @@ -112,19 +112,19 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx if (det_ctx->inspection_recursion_counter == de_ctx->inspection_recursion_limit) { det_ctx->discontinue_matching = 1; - KEYWORD_PROFILING_END(det_ctx, sm->type, 0); + KEYWORD_PROFILING_END(det_ctx, smd->type, 0); SCReturnInt(0); } - if (sm == NULL || buffer_len == 0) { - KEYWORD_PROFILING_END(det_ctx, sm->type, 0); + if (smd == NULL || buffer_len == 0) { + KEYWORD_PROFILING_END(det_ctx, smd->type, 0); SCReturnInt(0); } /* \todo unify this which is phase 2 of payload inspection unification */ - if (sm->type == DETECT_CONTENT) { + if (smd->type == DETECT_CONTENT) { - DetectContentData *cd = (DetectContentData *)sm->ctx; + DetectContentData *cd = (DetectContentData *)smd->ctx; SCLogDebug("inspecting content %"PRIu32" buffer_len %"PRIu32, cd->id, buffer_len); /* we might have already have this content matched by the mpm. @@ -318,17 +318,18 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx /* bail out if we have no next match. Technically this is an * error, as the current cd has the DETECT_CONTENT_RELATIVE_NEXT * flag set. */ - if (sm->next == NULL) { + if (smd->is_last) { goto no_match; } SCLogDebug("content %"PRIu32, cd->id); - KEYWORD_PROFILING_END(det_ctx, sm->type, 1); + KEYWORD_PROFILING_END(det_ctx, smd->type, 1); /* see if the next buffer keywords match. If not, we will * search for another occurence of this content and see * if the others match then until we run out of matches */ - int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm->next, f, buffer, buffer_len, stream_start_offset, inspection_mode, data); + int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd+1, + f, buffer, buffer_len, stream_start_offset, inspection_mode, data); if (r == 1) { SCReturnInt(1); } @@ -343,10 +344,10 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx } while(1); - } else if (sm->type == DETECT_ISDATAAT) { + } else if (smd->type == DETECT_ISDATAAT) { SCLogDebug("inspecting isdataat"); - DetectIsdataatData *id = (DetectIsdataatData *)sm->ctx; + DetectIsdataatData *id = (DetectIsdataatData *)smd->ctx; if (id->flags & ISDATAAT_RELATIVE) { if (det_ctx->buffer_offset + id->dataat > buffer_len) { SCLogDebug("det_ctx->buffer_offset + id->dataat %"PRIu32" > %"PRIu32, det_ctx->buffer_offset + id->dataat, buffer_len); @@ -373,9 +374,9 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx } } - } else if (sm->type == DETECT_PCRE) { + } else if (smd->type == DETECT_PCRE) { SCLogDebug("inspecting pcre"); - DetectPcreData *pe = (DetectPcreData *)sm->ctx; + DetectPcreData *pe = (DetectPcreData *)smd->ctx; uint32_t prev_buffer_offset = det_ctx->buffer_offset; uint32_t prev_offset = 0; int r = 0; @@ -385,7 +386,7 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx Packet *p = NULL; if (inspection_mode == DETECT_ENGINE_CONTENT_INSPECTION_MODE_PAYLOAD) p = (Packet *)data; - r = DetectPcrePayloadMatch(det_ctx, s, sm, p, f, + r = DetectPcrePayloadMatch(det_ctx, s, smd, p, f, buffer, buffer_len); if (r == 0) { goto no_match; @@ -395,7 +396,7 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx SCLogDebug("no relative match coming up, so this is a match"); goto match; } - KEYWORD_PROFILING_END(det_ctx, sm->type, 1); + KEYWORD_PROFILING_END(det_ctx, smd->type, 1); /* save it, in case we need to do a pcre match once again */ prev_offset = det_ctx->pcre_match_start_offset; @@ -403,8 +404,8 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx /* see if the next payload keywords match. If not, we will * search for another occurence of this pcre and see * if the others match, until we run out of matches */ - r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm->next, - f, buffer, buffer_len, stream_start_offset, inspection_mode, data); + r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd+1, + f, buffer, buffer_len, stream_start_offset, inspection_mode, data); if (r == 1) { SCReturnInt(1); } @@ -416,8 +417,8 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx det_ctx->pcre_match_start_offset = prev_offset; } while (1); - } else if (sm->type == DETECT_BYTETEST) { - DetectBytetestData *btd = (DetectBytetestData *)sm->ctx; + } else if (smd->type == DETECT_BYTETEST) { + DetectBytetestData *btd = (DetectBytetestData *)smd->ctx; uint8_t flags = btd->flags; int32_t offset = btd->offset; uint64_t value = btd->value; @@ -438,15 +439,15 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx DETECT_BYTETEST_LITTLE: 0); } - if (DetectBytetestDoMatch(det_ctx, s, sm->ctx, buffer, buffer_len, flags, + if (DetectBytetestDoMatch(det_ctx, s, smd->ctx, buffer, buffer_len, flags, offset, value) != 1) { goto no_match; } goto match; - } else if (sm->type == DETECT_BYTEJUMP) { - DetectBytejumpData *bjd = (DetectBytejumpData *)sm->ctx; + } else if (smd->type == DETECT_BYTEJUMP) { + DetectBytejumpData *bjd = (DetectBytejumpData *)smd->ctx; uint8_t flags = bjd->flags; int32_t offset = bjd->offset; @@ -464,16 +465,16 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx DETECT_BYTEJUMP_LITTLE: 0); } - if (DetectBytejumpDoMatch(det_ctx, s, sm->ctx, buffer, buffer_len, + if (DetectBytejumpDoMatch(det_ctx, s, smd->ctx, buffer, buffer_len, flags, offset) != 1) { goto no_match; } goto match; - } else if (sm->type == DETECT_BYTE_EXTRACT) { + } else if (smd->type == DETECT_BYTE_EXTRACT) { - DetectByteExtractData *bed = (DetectByteExtractData *)sm->ctx; + DetectByteExtractData *bed = (DetectByteExtractData *)smd->ctx; uint8_t endian = bed->endian; /* if we have dce enabled we will have to use the endianness @@ -488,7 +489,7 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx DETECT_BYTE_EXTRACT_ENDIAN_LITTLE : DETECT_BYTE_EXTRACT_ENDIAN_BIG); } - if (DetectByteExtractDoMatch(det_ctx, sm, s, buffer, + if (DetectByteExtractDoMatch(det_ctx, smd, s, buffer, buffer_len, &det_ctx->bj_values[bed->local_id], endian) != 1) { @@ -498,11 +499,11 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx goto match; /* we should never get here, but bail out just in case */ - } else if (sm->type == DETECT_AL_URILEN) { + } else if (smd->type == DETECT_AL_URILEN) { SCLogDebug("inspecting uri len"); int r = 0; - DetectUrilenData *urilend = (DetectUrilenData *) sm->ctx; + DetectUrilenData *urilend = (DetectUrilenData *) smd->ctx; switch (urilend->mode) { case DETECT_URILEN_EQ: @@ -534,10 +535,10 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx goto no_match; #ifdef HAVE_LUA } - else if (sm->type == DETECT_LUA) { + else if (smd->type == DETECT_LUA) { SCLogDebug("lua starting"); - if (DetectLuaMatchBuffer(det_ctx, s, sm, buffer, buffer_len, + if (DetectLuaMatchBuffer(det_ctx, s, smd, buffer, buffer_len, det_ctx->buffer_offset, f) != 1) { SCLogDebug("lua no_match"); @@ -546,10 +547,10 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx SCLogDebug("lua match"); goto match; #endif /* HAVE_LUA */ - } else if (sm->type == DETECT_BASE64_DECODE) { - if (DetectBase64DecodeDoMatch(det_ctx, s, sm, buffer, buffer_len)) { + } else if (smd->type == DETECT_BASE64_DECODE) { + if (DetectBase64DecodeDoMatch(det_ctx, s, smd, buffer, buffer_len)) { if (s->sm_arrays[DETECT_SM_LIST_BASE64_DATA] != NULL) { - KEYWORD_PROFILING_END(det_ctx, sm->type, 1); + KEYWORD_PROFILING_END(det_ctx, smd->type, 1); if (DetectBase64DataDoMatch(de_ctx, det_ctx, s, f)) { /* Base64 is a terminal list. */ goto final_match; @@ -557,25 +558,26 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx } } } else { - SCLogDebug("sm->type %u", sm->type); + SCLogDebug("sm->type %u", smd->type); #ifdef DEBUG BUG_ON(1); #endif } no_match: - KEYWORD_PROFILING_END(det_ctx, sm->type, 0); + KEYWORD_PROFILING_END(det_ctx, smd->type, 0); SCReturnInt(0); match: /* this sigmatch matched, inspect the next one. If it was the last, * the buffer portion of the signature matched. */ - if (sm->next != NULL) { - KEYWORD_PROFILING_END(det_ctx, sm->type, 1); - int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm->next, f, buffer, buffer_len, stream_start_offset, inspection_mode, data); + if (!smd->is_last) { + KEYWORD_PROFILING_END(det_ctx, smd->type, 1); + int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd+1, + f, buffer, buffer_len, stream_start_offset, inspection_mode, data); SCReturnInt(r); } final_match: - KEYWORD_PROFILING_END(det_ctx, sm->type, 1); + KEYWORD_PROFILING_END(det_ctx, smd->type, 1); SCReturnInt(1); } diff --git a/src/detect-engine-content-inspection.h b/src/detect-engine-content-inspection.h index 8ae5d76a45..b3436f7366 100644 --- a/src/detect-engine-content-inspection.h +++ b/src/detect-engine-content-inspection.h @@ -34,7 +34,7 @@ enum { }; int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t *buffer, uint32_t buffer_len, uint32_t stream_start_offset, diff --git a/src/detect-engine-dcepayload.c b/src/detect-engine-dcepayload.c index ad0d1929a5..780b85aada 100644 --- a/src/detect-engine-dcepayload.c +++ b/src/detect-engine-dcepayload.c @@ -85,7 +85,7 @@ int DetectEngineInspectDcePayload(DetectEngineCtx *de_ctx, det_ctx->discontinue_matching = 0; det_ctx->inspection_recursion_counter = 0; - r = DetectEngineContentInspection(de_ctx, det_ctx, s, s->sm_lists[DETECT_SM_LIST_DMATCH], + r = DetectEngineContentInspection(de_ctx, det_ctx, s, s->sm_arrays[DETECT_SM_LIST_DMATCH], f, dce_stub_data, dce_stub_data_len, @@ -108,7 +108,7 @@ int DetectEngineInspectDcePayload(DetectEngineCtx *de_ctx, det_ctx->discontinue_matching = 0; det_ctx->inspection_recursion_counter = 0; - r = DetectEngineContentInspection(de_ctx, det_ctx, s, s->sm_lists[DETECT_SM_LIST_DMATCH], + r = DetectEngineContentInspection(de_ctx, det_ctx, s, s->sm_arrays[DETECT_SM_LIST_DMATCH], f, dce_stub_data, dce_stub_data_len, diff --git a/src/detect-engine-dns.c b/src/detect-engine-dns.c index 7269b378ea..d243ba0255 100644 --- a/src/detect-engine-dns.c +++ b/src/detect-engine-dns.c @@ -62,7 +62,7 @@ */ int DetectEngineInspectDnsQueryName(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { @@ -86,7 +86,7 @@ int DetectEngineInspectDnsQueryName(ThreadVars *tv, //PrintRawDataFp(stdout, buffer, buffer_len); r = DetectEngineContentInspection(de_ctx, det_ctx, - s, sm, + s, smd, f, buffer, buffer_len, 0, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL); if (r == 1) diff --git a/src/detect-engine-dns.h b/src/detect-engine-dns.h index be25eb3ac1..ed7ef51df7 100644 --- a/src/detect-engine-dns.h +++ b/src/detect-engine-dns.h @@ -27,15 +27,15 @@ int PrefilterTxDnsQueryRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx); int DetectEngineInspectDnsQueryName(ThreadVars *, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *, - const Signature *, const SigMatch *sm, + const Signature *, const SigMatchData *smd, Flow *, uint8_t, void *, void *, uint64_t); int DetectEngineInspectDnsRequest(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); int DetectEngineInspectDnsResponse(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); #endif /* __DETECT_ENGINE_DNS_H__ */ diff --git a/src/detect-engine-enip.c b/src/detect-engine-enip.c index 720a318ac5..8d87319617 100644 --- a/src/detect-engine-enip.c +++ b/src/detect-engine-enip.c @@ -219,14 +219,14 @@ int CIPServiceMatch(ENIPTransaction *enip_data, */ int DetectEngineInspectCIP(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, Flow *f, uint8_t flags, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { SCEnter(); ENIPTransaction *tx = (ENIPTransaction *) txv; - DetectCipServiceData *cipserviced = (DetectCipServiceData *) sm->ctx; + DetectCipServiceData *cipserviced = (DetectCipServiceData *) smd->ctx; if (cipserviced == NULL) { @@ -259,13 +259,13 @@ int DetectEngineInspectCIP(ThreadVars *tv, int DetectEngineInspectENIP(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { SCEnter(); ENIPTransaction *tx = (ENIPTransaction *) txv; - DetectEnipCommandData *enipcmdd = (DetectEnipCommandData *) sm->ctx; + DetectEnipCommandData *enipcmdd = (DetectEnipCommandData *) smd->ctx; if (enipcmdd == NULL) { diff --git a/src/detect-engine-enip.h b/src/detect-engine-enip.h index eb55917d2c..23864201d2 100644 --- a/src/detect-engine-enip.h +++ b/src/detect-engine-enip.h @@ -25,12 +25,12 @@ int DetectEngineInspectCIP(ThreadVars *, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *, - const Signature *, const SigMatch *sm, + const Signature *, const SigMatchData *smd, Flow *, uint8_t, void *, void *, uint64_t); int DetectEngineInspectENIP(ThreadVars *, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *, - const Signature *, const SigMatch *sm, + const Signature *, const SigMatchData *smd, Flow *, uint8_t, void *, void *, uint64_t); void DetectEngineInspectENIPRegisterTests(void); diff --git a/src/detect-engine-file.c b/src/detect-engine-file.c index f2f847a65f..7ffb355740 100644 --- a/src/detect-engine-file.c +++ b/src/detect-engine-file.c @@ -74,9 +74,9 @@ * \note flow is not locked at this time */ static int DetectFileInspect(ThreadVars *tv, DetectEngineThreadCtx *det_ctx, - Flow *f, Signature *s, const SigMatch *smi, uint8_t flags, FileContainer *ffc) + Flow *f, Signature *s, const SigMatchData *smd, + uint8_t flags, FileContainer *ffc) { - const SigMatch *sm = NULL; int r = 0; int match = 0; int store_r = 0; @@ -148,22 +148,25 @@ static int DetectFileInspect(ThreadVars *tv, DetectEngineThreadCtx *det_ctx, } /* run the file match functions. */ - for (sm = smi; sm != NULL; sm = sm->next) { - SCLogDebug("sm %p, sm->next %p", sm, sm->next); + while (1) { + SCLogDebug("smd %p", smd); - if (sigmatch_table[sm->type].FileMatch != NULL) { + if (sigmatch_table[smd->type].FileMatch != NULL) { KEYWORD_PROFILING_START; - match = sigmatch_table[sm->type]. - FileMatch(tv, det_ctx, f, flags, file, s, sm); - KEYWORD_PROFILING_END(det_ctx, sm->type, (match > 0)); + match = sigmatch_table[smd->type]. + FileMatch(tv, det_ctx, f, flags, file, s, smd); + KEYWORD_PROFILING_END(det_ctx, smd->type, (match > 0)); if (match == 0) { r = DETECT_ENGINE_INSPECT_SIG_CANT_MATCH; break; - } else if (sm->next == NULL) { + } else if (smd->is_last) { r = DETECT_ENGINE_INSPECT_SIG_MATCH; break; } } + if (smd->is_last) + break; + smd++; } /* continue inspection for other files as we may want to store @@ -183,16 +186,15 @@ static int DetectFileInspect(ThreadVars *tv, DetectEngineThreadCtx *det_ctx, } else { /* if we have a filestore sm with a scope > file (so tx, ssn) we * run it here */ - sm = smi; - if (sm != NULL && sm->next == NULL && sm->type == DETECT_FILESTORE && - sm->ctx != NULL) + if (smd != NULL && smd->is_last && smd->type == DETECT_FILESTORE && + smd->ctx != NULL) { - DetectFilestoreData *fd = (DetectFilestoreData *)sm->ctx; + DetectFilestoreData *fd = (DetectFilestoreData *)smd->ctx; if (fd->scope > FILESTORE_SCOPE_DEFAULT) { KEYWORD_PROFILING_START; - match = sigmatch_table[sm->type]. - FileMatch(tv, det_ctx, f, flags, /* no file */NULL, s, sm); - KEYWORD_PROFILING_END(det_ctx, sm->type, (match > 0)); + match = sigmatch_table[smd->type]. + FileMatch(tv, det_ctx, f, flags, /* no file */NULL, s, smd); + KEYWORD_PROFILING_END(det_ctx, smd->type, (match > 0)); if (match == 1) { r = DETECT_ENGINE_INSPECT_SIG_MATCH; @@ -230,7 +232,7 @@ static int DetectFileInspect(ThreadVars *tv, DetectEngineThreadCtx *det_ctx, */ int DetectFileInspectHttp(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - Signature *s, const SigMatch *sm, + Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id) { int r = DETECT_ENGINE_INSPECT_SIG_NO_MATCH; @@ -242,7 +244,7 @@ int DetectFileInspectHttp(ThreadVars *tv, else ffc = htp_state->files_ts; - int match = DetectFileInspect(tv, det_ctx, f, s, sm, flags, ffc); + int match = DetectFileInspect(tv, det_ctx, f, s, smd, flags, ffc); if (match == DETECT_ENGINE_INSPECT_SIG_MATCH) { r = DETECT_ENGINE_INSPECT_SIG_MATCH; } else if (match == DETECT_ENGINE_INSPECT_SIG_CANT_MATCH) { @@ -275,7 +277,7 @@ int DetectFileInspectHttp(ThreadVars *tv, */ int DetectFileInspectSmtp(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - Signature *s, const SigMatch *sm, + Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id) { SCEnter(); @@ -294,7 +296,7 @@ int DetectFileInspectSmtp(ThreadVars *tv, else goto end; - int match = DetectFileInspect(tv, det_ctx, f, s, sm, flags, ffc); + int match = DetectFileInspect(tv, det_ctx, f, s, smd, flags, ffc); if (match == DETECT_ENGINE_INSPECT_SIG_MATCH) { r = DETECT_ENGINE_INSPECT_SIG_MATCH; } else if (match == DETECT_ENGINE_INSPECT_SIG_CANT_MATCH) { diff --git a/src/detect-engine-file.h b/src/detect-engine-file.h index f7ea8405f1..180b2edd29 100644 --- a/src/detect-engine-file.h +++ b/src/detect-engine-file.h @@ -26,12 +26,12 @@ int DetectFileInspectHttp(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id); int DetectFileInspectSmtp(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id); #endif /* __DETECT_ENGINE_FILE_H__ */ diff --git a/src/detect-engine-filedata-smtp.c b/src/detect-engine-filedata-smtp.c index 6b1049cdba..60f24d62e9 100644 --- a/src/detect-engine-filedata-smtp.c +++ b/src/detect-engine-filedata-smtp.c @@ -175,7 +175,7 @@ end: int DetectEngineInspectSMTPFiledata(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - Signature *s, const SigMatch *sm, + Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id) { SMTPState *smtp_state = (SMTPState *)alstate; @@ -201,7 +201,7 @@ int DetectEngineInspectSMTPFiledata(ThreadVars *tv, det_ctx->buffer_offset = 0; det_ctx->discontinue_matching = 0; det_ctx->inspection_recursion_counter = 0; - match = DetectEngineContentInspection(de_ctx, det_ctx, s, sm, + match = DetectEngineContentInspection(de_ctx, det_ctx, s, smd, f, (uint8_t *)buffer, buffer_len, diff --git a/src/detect-engine-filedata-smtp.h b/src/detect-engine-filedata-smtp.h index f9c55e3222..a6f3fc4fa8 100644 --- a/src/detect-engine-filedata-smtp.h +++ b/src/detect-engine-filedata-smtp.h @@ -29,7 +29,7 @@ int PrefilterTxSmtpFiledataRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx); int DetectEngineInspectSMTPFiledata(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id); void DetectEngineCleanSMTPBuffers(DetectEngineThreadCtx *det_ctx); diff --git a/src/detect-engine-hcbd.c b/src/detect-engine-hcbd.c index 34b0bd7d00..eb00951bfc 100644 --- a/src/detect-engine-hcbd.c +++ b/src/detect-engine-hcbd.c @@ -258,7 +258,7 @@ int PrefilterTxHttpRequestBodyRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx) int DetectEngineInspectHttpClientBody(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - Signature *s, const SigMatch *sm, + Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id) { HtpState *htp_state = (HtpState *)alstate; @@ -276,7 +276,7 @@ int DetectEngineInspectHttpClientBody(ThreadVars *tv, det_ctx->buffer_offset = 0; det_ctx->discontinue_matching = 0; det_ctx->inspection_recursion_counter = 0; - int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm, + int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd, f, (uint8_t *)buffer, buffer_len, diff --git a/src/detect-engine-hcbd.h b/src/detect-engine-hcbd.h index 2cdc3e77f9..c3c91a76a3 100644 --- a/src/detect-engine-hcbd.h +++ b/src/detect-engine-hcbd.h @@ -31,7 +31,7 @@ int PrefilterTxHttpRequestBodyRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx); int DetectEngineInspectHttpClientBody(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id); void DetectEngineCleanHCBDBuffers(DetectEngineThreadCtx *); diff --git a/src/detect-engine-hcd.c b/src/detect-engine-hcd.c index c6243f7adf..8f06cda192 100644 --- a/src/detect-engine-hcd.c +++ b/src/detect-engine-hcd.c @@ -167,7 +167,7 @@ int PrefilterTxResponseCookieRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx) */ int DetectEngineInspectHttpCookie(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { htp_tx_t *tx = (htp_tx_t *)txv; @@ -191,7 +191,7 @@ int DetectEngineInspectHttpCookie(ThreadVars *tv, det_ctx->buffer_offset = 0; det_ctx->discontinue_matching = 0; det_ctx->inspection_recursion_counter = 0; - int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm, + int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd, f, (uint8_t *)bstr_ptr(h->value), bstr_len(h->value), diff --git a/src/detect-engine-hcd.h b/src/detect-engine-hcd.h index 621d722801..bdf9c498d4 100644 --- a/src/detect-engine-hcd.h +++ b/src/detect-engine-hcd.h @@ -30,7 +30,7 @@ int PrefilterTxResponseCookieRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx); int DetectEngineInspectHttpCookie(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id); void DetectEngineHttpCookieRegisterTests(void); diff --git a/src/detect-engine-hhd.c b/src/detect-engine-hhd.c index 3554e2a476..d17ccafd77 100644 --- a/src/detect-engine-hhd.c +++ b/src/detect-engine-hhd.c @@ -383,7 +383,7 @@ int PrefilterTxHttpResponseHeadersRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx) int DetectEngineInspectHttpHeader(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id) { HtpState *htp_state = (HtpState *)alstate; @@ -399,7 +399,7 @@ int DetectEngineInspectHttpHeader(ThreadVars *tv, det_ctx->buffer_offset = 0; det_ctx->discontinue_matching = 0; det_ctx->inspection_recursion_counter = 0; - int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm, + int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd, f, buffer, buffer_len, diff --git a/src/detect-engine-hhd.h b/src/detect-engine-hhd.h index 41e6c5252f..f8e06e12a7 100644 --- a/src/detect-engine-hhd.h +++ b/src/detect-engine-hhd.h @@ -30,7 +30,7 @@ int PrefilterTxHttpResponseHeadersRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx); int DetectEngineInspectHttpHeader(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id); void DetectEngineCleanHHDBuffers(DetectEngineThreadCtx *det_ctx); diff --git a/src/detect-engine-hhhd.c b/src/detect-engine-hhhd.c index 198d975173..f884d7a85a 100644 --- a/src/detect-engine-hhhd.c +++ b/src/detect-engine-hhhd.c @@ -116,7 +116,7 @@ int PrefilterTxHostnameRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx) */ int DetectEngineInspectHttpHH(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { htp_tx_t *tx = (htp_tx_t *)txv; @@ -130,7 +130,7 @@ int DetectEngineInspectHttpHH(ThreadVars *tv, det_ctx->buffer_offset = 0; det_ctx->discontinue_matching = 0; det_ctx->inspection_recursion_counter = 0; - int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm, + int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd, f, hname, hname_len, 0, diff --git a/src/detect-engine-hhhd.h b/src/detect-engine-hhhd.h index 04c2cf0be8..39e16493a3 100644 --- a/src/detect-engine-hhhd.h +++ b/src/detect-engine-hhhd.h @@ -29,7 +29,7 @@ int PrefilterTxHostnameRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx); int DetectEngineInspectHttpHH(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id); void DetectEngineHttpHHRegisterTests(void); diff --git a/src/detect-engine-hmd.c b/src/detect-engine-hmd.c index 35cdc5969d..27dcb16567 100644 --- a/src/detect-engine-hmd.c +++ b/src/detect-engine-hmd.c @@ -113,7 +113,7 @@ int PrefilterTxMethodRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx) */ int DetectEngineInspectHttpMethod(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { htp_tx_t *tx = (htp_tx_t *)txv; @@ -127,7 +127,7 @@ int DetectEngineInspectHttpMethod(ThreadVars *tv, det_ctx->buffer_offset = 0; det_ctx->discontinue_matching = 0; det_ctx->inspection_recursion_counter = 0; - int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm, + int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd, f, (uint8_t *)bstr_ptr(tx->request_method), bstr_len(tx->request_method), diff --git a/src/detect-engine-hmd.h b/src/detect-engine-hmd.h index 71f2009b64..d3fe192f58 100644 --- a/src/detect-engine-hmd.h +++ b/src/detect-engine-hmd.h @@ -27,7 +27,7 @@ int DetectEngineInspectHttpMethod(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id); int PrefilterTxMethodRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx); diff --git a/src/detect-engine-hrhd.c b/src/detect-engine-hrhd.c index 50626399e4..9cdfbf2385 100644 --- a/src/detect-engine-hrhd.c +++ b/src/detect-engine-hrhd.c @@ -164,7 +164,7 @@ int PrefilterTxResponseHeadersRawRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx) */ int DetectEngineInspectHttpRawHeader(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { HtpTxUserData *tx_ud = NULL; @@ -195,7 +195,7 @@ int DetectEngineInspectHttpRawHeader(ThreadVars *tv, det_ctx->buffer_offset = 0; det_ctx->discontinue_matching = 0; det_ctx->inspection_recursion_counter = 0; - int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm, + int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd, f, headers_raw, headers_raw_len, diff --git a/src/detect-engine-hrhd.h b/src/detect-engine-hrhd.h index b6deda8627..132ca642ba 100644 --- a/src/detect-engine-hrhd.h +++ b/src/detect-engine-hrhd.h @@ -30,7 +30,7 @@ int PrefilterTxResponseHeadersRawRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx); int DetectEngineInspectHttpRawHeader(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id); void DetectEngineHttpRawHeaderRegisterTests(void); diff --git a/src/detect-engine-hrhhd.c b/src/detect-engine-hrhhd.c index 8b335cfcf9..455b98c767 100644 --- a/src/detect-engine-hrhhd.c +++ b/src/detect-engine-hrhhd.c @@ -128,7 +128,7 @@ int PrefilterTxHostnameRawRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx) */ int DetectEngineInspectHttpHRH(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { uint8_t *hname; @@ -153,7 +153,7 @@ int DetectEngineInspectHttpHRH(ThreadVars *tv, det_ctx->buffer_offset = 0; det_ctx->discontinue_matching = 0; det_ctx->inspection_recursion_counter = 0; - int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm, + int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd, f, hname, hname_len, 0, diff --git a/src/detect-engine-hrhhd.h b/src/detect-engine-hrhhd.h index e45b8b3bf5..4523cbc425 100644 --- a/src/detect-engine-hrhhd.h +++ b/src/detect-engine-hrhhd.h @@ -29,7 +29,7 @@ int PrefilterTxHostnameRawRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx); int DetectEngineInspectHttpHRH(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id); void DetectEngineHttpHRHRegisterTests(void); diff --git a/src/detect-engine-hrud.c b/src/detect-engine-hrud.c index e5a40b50b2..e41c4fdff3 100644 --- a/src/detect-engine-hrud.c +++ b/src/detect-engine-hrud.c @@ -113,7 +113,7 @@ int PrefilterTxRawUriRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx) */ int DetectEngineInspectHttpRawUri(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { htp_tx_t *tx = (htp_tx_t *)txv; @@ -129,7 +129,7 @@ int DetectEngineInspectHttpRawUri(ThreadVars *tv, det_ctx->inspection_recursion_counter = 0; /* Inspect all the uricontents fetched on each * transaction at the app layer */ - int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm, + int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd, f, (uint8_t *)bstr_ptr(tx->request_uri), bstr_len(tx->request_uri), diff --git a/src/detect-engine-hrud.h b/src/detect-engine-hrud.h index 10137d6d2b..2d41f69650 100644 --- a/src/detect-engine-hrud.h +++ b/src/detect-engine-hrud.h @@ -30,7 +30,7 @@ int PrefilterTxRawUriRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx); int DetectEngineInspectHttpRawUri(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id); void DetectEngineHttpRawUriRegisterTests(void); diff --git a/src/detect-engine-hsbd.c b/src/detect-engine-hsbd.c index 7f40e6ea28..58727dca01 100644 --- a/src/detect-engine-hsbd.c +++ b/src/detect-engine-hsbd.c @@ -263,7 +263,7 @@ int PrefilterTxHttpResponseBodyRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx) int DetectEngineInspectHttpServerBody(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - Signature *s, const SigMatch *sm, + Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id) { HtpState *htp_state = (HtpState *)alstate; @@ -281,7 +281,7 @@ int DetectEngineInspectHttpServerBody(ThreadVars *tv, det_ctx->buffer_offset = 0; det_ctx->discontinue_matching = 0; det_ctx->inspection_recursion_counter = 0; - int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm, + int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd, f, (uint8_t *)buffer, buffer_len, diff --git a/src/detect-engine-hsbd.h b/src/detect-engine-hsbd.h index 7126aabb2c..1187f936ef 100644 --- a/src/detect-engine-hsbd.h +++ b/src/detect-engine-hsbd.h @@ -31,7 +31,7 @@ int PrefilterTxHttpResponseBodyRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx); int DetectEngineInspectHttpServerBody(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id); diff --git a/src/detect-engine-hscd.c b/src/detect-engine-hscd.c index 0e73d73aa4..8a563235b1 100644 --- a/src/detect-engine-hscd.c +++ b/src/detect-engine-hscd.c @@ -112,7 +112,7 @@ int PrefilterTxHttpStatCodeRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx) */ int DetectEngineInspectHttpStatCode(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { htp_tx_t *tx = (htp_tx_t *)txv; @@ -126,7 +126,7 @@ int DetectEngineInspectHttpStatCode(ThreadVars *tv, det_ctx->discontinue_matching = 0; det_ctx->buffer_offset = 0; det_ctx->inspection_recursion_counter = 0; - int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm, + int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd, f, (uint8_t *)bstr_ptr(tx->response_status), bstr_len(tx->response_status), diff --git a/src/detect-engine-hscd.h b/src/detect-engine-hscd.h index bdcc0cfc0c..d2e4d2fff8 100644 --- a/src/detect-engine-hscd.h +++ b/src/detect-engine-hscd.h @@ -29,7 +29,7 @@ int PrefilterTxHttpStatCodeRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx); int DetectEngineInspectHttpStatCode(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id); void DetectEngineHttpStatCodeRegisterTests(void); diff --git a/src/detect-engine-hsmd.c b/src/detect-engine-hsmd.c index 22e38487d9..cb52c03535 100644 --- a/src/detect-engine-hsmd.c +++ b/src/detect-engine-hsmd.c @@ -112,7 +112,7 @@ int PrefilterTxHttpStatMsgRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx) */ int DetectEngineInspectHttpStatMsg(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { htp_tx_t *tx = (htp_tx_t *)txv; @@ -126,7 +126,7 @@ int DetectEngineInspectHttpStatMsg(ThreadVars *tv, det_ctx->discontinue_matching = 0; det_ctx->buffer_offset = 0; det_ctx->inspection_recursion_counter = 0; - int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm, + int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd, f, (uint8_t *)bstr_ptr(tx->response_message), bstr_len(tx->response_message), diff --git a/src/detect-engine-hsmd.h b/src/detect-engine-hsmd.h index fd48176ece..36eee9024f 100644 --- a/src/detect-engine-hsmd.h +++ b/src/detect-engine-hsmd.h @@ -29,7 +29,7 @@ int PrefilterTxHttpStatMsgRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx); int DetectEngineInspectHttpStatMsg(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id); void DetectEngineHttpStatMsgRegisterTests(void); diff --git a/src/detect-engine-hua.c b/src/detect-engine-hua.c index d2cbbcea7b..2511767c94 100644 --- a/src/detect-engine-hua.c +++ b/src/detect-engine-hua.c @@ -121,7 +121,7 @@ int PrefilterTxUARegister(SigGroupHead *sgh, MpmCtx *mpm_ctx) */ int DetectEngineInspectHttpUA(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { htp_tx_t *tx = (htp_tx_t *)txv; @@ -135,7 +135,7 @@ int DetectEngineInspectHttpUA(ThreadVars *tv, det_ctx->buffer_offset = 0; det_ctx->discontinue_matching = 0; det_ctx->inspection_recursion_counter = 0; - int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm, + int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd, f, (uint8_t *)bstr_ptr(h->value), bstr_len(h->value), diff --git a/src/detect-engine-hua.h b/src/detect-engine-hua.h index fba2d88458..40c85887c7 100644 --- a/src/detect-engine-hua.h +++ b/src/detect-engine-hua.h @@ -29,7 +29,7 @@ int PrefilterTxUARegister(SigGroupHead *sgh, MpmCtx *mpm_ctx); int DetectEngineInspectHttpUA(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id); void DetectEngineHttpUARegisterTests(void); diff --git a/src/detect-engine-modbus.c b/src/detect-engine-modbus.c index 38a0b6876f..9e1f8537c4 100644 --- a/src/detect-engine-modbus.c +++ b/src/detect-engine-modbus.c @@ -200,7 +200,7 @@ int DetectEngineInspectModbus(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, - const SigMatch *sm, + const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, @@ -209,7 +209,7 @@ int DetectEngineInspectModbus(ThreadVars *tv, { SCEnter(); ModbusTransaction *tx = (ModbusTransaction *)txv; - DetectModbus *modbus = (DetectModbus *) sm->ctx; + DetectModbus *modbus = (DetectModbus *) smd->ctx; int ret = 0; diff --git a/src/detect-engine-modbus.h b/src/detect-engine-modbus.h index 66a174c760..4ffe45ca68 100644 --- a/src/detect-engine-modbus.h +++ b/src/detect-engine-modbus.h @@ -35,7 +35,7 @@ int DetectEngineInspectModbus(ThreadVars *, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *, - const Signature *, const SigMatch *, + const Signature *, const SigMatchData *, Flow *, uint8_t, void *, void *, uint64_t); void DetectEngineInspectModbusRegisterTests(void); diff --git a/src/detect-engine-payload.c b/src/detect-engine-payload.c index c7f4bba8af..0699a85fed 100644 --- a/src/detect-engine-payload.c +++ b/src/detect-engine-payload.c @@ -143,7 +143,7 @@ int DetectEngineInspectPacketPayload(DetectEngineCtx *de_ctx, det_ctx->inspection_recursion_counter = 0; det_ctx->replist = NULL; - r = DetectEngineContentInspection(de_ctx, det_ctx, s, s->sm_lists[DETECT_SM_LIST_PMATCH], + r = DetectEngineContentInspection(de_ctx, det_ctx, s, s->sm_arrays[DETECT_SM_LIST_PMATCH], f, p->payload, p->payload_len, 0, DETECT_ENGINE_CONTENT_INSPECTION_MODE_PAYLOAD, p); if (r == 1) { @@ -184,7 +184,7 @@ int DetectEngineInspectStreamPayload(DetectEngineCtx *de_ctx, det_ctx->discontinue_matching = 0; det_ctx->inspection_recursion_counter = 0; - r = DetectEngineContentInspection(de_ctx, det_ctx, s, s->sm_lists[DETECT_SM_LIST_PMATCH], + r = DetectEngineContentInspection(de_ctx, det_ctx, s, s->sm_arrays[DETECT_SM_LIST_PMATCH], f, payload, payload_len, 0, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STREAM, NULL); if (r == 1) { diff --git a/src/detect-engine-state.c b/src/detect-engine-state.c index 82a40228e1..c9053602a0 100644 --- a/src/detect-engine-state.c +++ b/src/detect-engine-state.c @@ -534,7 +534,7 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, if (direction == engine->dir) { KEYWORD_PROFILING_SET_LIST(det_ctx, engine->sm_list); int match = engine->Callback(tv, de_ctx, det_ctx, - s, engine->sm, f, flags, alstate, tx, tx_id); + s, engine->smd, f, flags, alstate, tx, tx_id); SCLogDebug("engine %p match %d", engine, match); if (match == DETECT_ENGINE_INSPECT_SIG_MATCH) { inspect_flags |= BIT_U32(engine->id); @@ -859,7 +859,7 @@ static int DoInspectItem(ThreadVars *tv, SCLogDebug("inspect_flags %x", inspect_flags); KEYWORD_PROFILING_SET_LIST(det_ctx, engine->sm_list); int match = engine->Callback(tv, de_ctx, det_ctx, - s, engine->sm, + s, engine->smd, f, flags, alstate, inspect_tx, inspect_tx_id); if (match == DETECT_ENGINE_INSPECT_SIG_MATCH) { inspect_flags |= BIT_U32(engine->id); diff --git a/src/detect-engine-template.c b/src/detect-engine-template.c index 422a8a3d1e..c7d751a151 100644 --- a/src/detect-engine-template.c +++ b/src/detect-engine-template.c @@ -38,19 +38,19 @@ int DetectEngineInspectTemplateBuffer(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - Signature *s, const SigMatch *sm, + Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { TemplateTransaction *tx = (TemplateTransaction *)txv; int ret = 0; if (flags & STREAM_TOSERVER && tx->request_buffer != NULL) { - ret = DetectEngineContentInspection(de_ctx, det_ctx, s, sm, + ret = DetectEngineContentInspection(de_ctx, det_ctx, s, smd, f, tx->request_buffer, tx->request_buffer_len, 0, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL); } else if (flags & STREAM_TOCLIENT && tx->response_buffer != NULL) { - ret = DetectEngineContentInspection(de_ctx, det_ctx, s, sm, + ret = DetectEngineContentInspection(de_ctx, det_ctx, s, smd, f, tx->response_buffer, tx->response_buffer_len, 0, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL); } diff --git a/src/detect-engine-template.h b/src/detect-engine-template.h index 60bf5d4786..fb836f0702 100644 --- a/src/detect-engine-template.h +++ b/src/detect-engine-template.h @@ -26,7 +26,7 @@ int DetectEngineInspectTemplateBuffer(ThreadVars *, DetectEngineCtx *, DetectEngineThreadCtx *, - const Signature *, const SigMatch *, + const Signature *, const SigMatchData *, Flow *, uint8_t, void *, void *tx, uint64_t tx_id); #endif /* __DETECT_TEMPLATE_ENGINE_H__ */ diff --git a/src/detect-engine-tls.c b/src/detect-engine-tls.c index 3e5b458d2e..43db1f42ad 100644 --- a/src/detect-engine-tls.c +++ b/src/detect-engine-tls.c @@ -99,7 +99,7 @@ int PrefilterTxTlsSniRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx) */ int DetectEngineInspectTlsSni(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { uint8_t *buffer; @@ -114,7 +114,7 @@ int DetectEngineInspectTlsSni(ThreadVars *tv, buffer = (uint8_t *)ssl_state->client_connp.sni; buffer_len = strlen(ssl_state->client_connp.sni); - cnt = DetectEngineContentInspection(de_ctx, det_ctx, s, sm, + cnt = DetectEngineContentInspection(de_ctx, det_ctx, s, smd, f, buffer, buffer_len, 0, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL); @@ -174,7 +174,7 @@ int PrefilterTxTlsIssuerRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx) */ int DetectEngineInspectTlsIssuer(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - Signature *s, const SigMatch *sm, + Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { uint8_t *buffer; @@ -189,7 +189,7 @@ int DetectEngineInspectTlsIssuer(ThreadVars *tv, buffer = (uint8_t *)ssl_state->server_connp.cert0_issuerdn; buffer_len = strlen(ssl_state->server_connp.cert0_issuerdn); - cnt = DetectEngineContentInspection(de_ctx, det_ctx, s, sm, + cnt = DetectEngineContentInspection(de_ctx, det_ctx, s, smd, f, buffer, buffer_len, 0, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL); @@ -249,7 +249,7 @@ int PrefilterTxTlsSubjectRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx) */ int DetectEngineInspectTlsSubject(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - Signature *s, const SigMatch *sm, + Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { uint8_t *buffer; @@ -264,7 +264,7 @@ int DetectEngineInspectTlsSubject(ThreadVars *tv, buffer = (uint8_t *)ssl_state->server_connp.cert0_subject; buffer_len = strlen(ssl_state->server_connp.cert0_subject); - cnt = DetectEngineContentInspection(de_ctx, det_ctx, s, sm, + cnt = DetectEngineContentInspection(de_ctx, det_ctx, s, smd, f, buffer, buffer_len, 0, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL); @@ -273,7 +273,7 @@ int DetectEngineInspectTlsSubject(ThreadVars *tv, int DetectEngineInspectTlsValidity(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - Signature *s, const SigMatch *sm, + Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { diff --git a/src/detect-engine-tls.h b/src/detect-engine-tls.h index 4172b4a043..573e62d174 100644 --- a/src/detect-engine-tls.h +++ b/src/detect-engine-tls.h @@ -29,23 +29,23 @@ int PrefilterTxTlsSubjectRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx); int DetectEngineInspectTlsSni(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); int DetectEngineInspectTlsIssuer(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); int DetectEngineInspectTlsSubject(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); int DetectEngineInspectTlsValidity(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); #endif /* __DETECT_ENGINE_TLS_H__ */ diff --git a/src/detect-engine-uri.c b/src/detect-engine-uri.c index 6bc28adfeb..e6684cff73 100644 --- a/src/detect-engine-uri.c +++ b/src/detect-engine-uri.c @@ -106,7 +106,7 @@ int PrefilterTxUriRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx) */ int DetectEngineInspectHttpUri(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - Signature *s, const SigMatch *sm, + Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { HtpTxUserData *tx_ud = htp_tx_get_user_data(txv); @@ -129,7 +129,7 @@ int DetectEngineInspectHttpUri(ThreadVars *tv, /* Inspect all the uricontents fetched on each * transaction at the app layer */ - int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm, + int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd, f, bstr_ptr(tx_ud->request_uri_normalized), bstr_len(tx_ud->request_uri_normalized), diff --git a/src/detect-engine-uri.h b/src/detect-engine-uri.h index 4760dd184d..fa18960bdb 100644 --- a/src/detect-engine-uri.h +++ b/src/detect-engine-uri.h @@ -28,7 +28,7 @@ int PrefilterTxUriRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx); int DetectEngineInspectHttpUri(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id); void UriRegisterTests(void); diff --git a/src/detect-engine.c b/src/detect-engine.c index b1d4a24cfb..a5ccbf79f9 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -208,9 +208,7 @@ int DetectEngineAppInspectionEngine2Signature(Signature *s) case DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH: - new_engine->sm = s->sm_lists[new_engine->sm_list]; - s->sm_lists[new_engine->sm_list] = NULL; - s->sm_lists_tail[new_engine->sm_list] = NULL; + new_engine->smd = s->sm_arrays[new_engine->sm_list]; lists_used[t->sm_list] = 1; break; default: @@ -239,8 +237,7 @@ next: int i; for (i = 0; i < DETECT_SM_LIST_MAX; i++) { if (lists_used[i]) { - s->sm_lists[i] = NULL; - s->sm_lists_tail[i] = NULL; + s->sm_arrays[i] = NULL; } } @@ -258,13 +255,13 @@ next: */ void DetectEngineAppInspectionEngineSignatureFree(Signature *s) { - SigMatch *ptrs[DETECT_SM_LIST_MAX] = { NULL }; + SigMatchData *ptrs[DETECT_SM_LIST_MAX] = { NULL }; DetectEngineAppInspectionEngine *ie = s->app_inspect; while (ie) { DetectEngineAppInspectionEngine *next = ie->next; - BUG_ON(ptrs[ie->sm_list] != NULL && ptrs[ie->sm_list] != ie->sm); - ptrs[ie->sm_list] = ie->sm; + BUG_ON(ptrs[ie->sm_list] != NULL && ptrs[ie->sm_list] != ie->smd); + ptrs[ie->sm_list] = ie->smd; SCFree(ie); ie = next; } @@ -272,12 +269,7 @@ void DetectEngineAppInspectionEngineSignatureFree(Signature *s) int i; for (i = 0; i < DETECT_SM_LIST_MAX; i++) { - SigMatch *sm = ptrs[i]; - while (sm != NULL) { - SigMatch *nsm = sm->next; - SigMatchFree(sm); - sm = nsm; - } + SCFree(ptrs[i]); } } diff --git a/src/detect-fileext.c b/src/detect-fileext.c index fc052e0769..f9a08dacf3 100644 --- a/src/detect-fileext.c +++ b/src/detect-fileext.c @@ -52,7 +52,7 @@ #include "detect-fileext.h" static int DetectFileextMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *, - uint8_t, File *, const Signature *, const SigMatch *); + uint8_t, File *, const Signature *, const SigMatchData *); static int DetectFileextSetup (DetectEngineCtx *, Signature *, char *); static void DetectFileextRegisterTests(void); static void DetectFileextFree(void *); @@ -89,7 +89,7 @@ void DetectFileextRegister(void) * \retval 1 match */ static int DetectFileextMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, - Flow *f, uint8_t flags, File *file, const Signature *s, const SigMatch *m) + Flow *f, uint8_t flags, File *file, const Signature *s, const SigMatchData *m) { SCEnter(); int ret = 0; diff --git a/src/detect-filemagic.c b/src/detect-filemagic.c index a64e1d180b..b70e4c820d 100644 --- a/src/detect-filemagic.c +++ b/src/detect-filemagic.c @@ -76,7 +76,7 @@ void DetectFilemagicRegister(void) #else /* HAVE_MAGIC */ static int DetectFilemagicMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *, - uint8_t, File *, const Signature *, const SigMatch *); + uint8_t, File *, const Signature *, const SigMatchData *); static int DetectFilemagicSetup (DetectEngineCtx *, Signature *, char *); static void DetectFilemagicRegisterTests(void); static void DetectFilemagicFree(void *); @@ -176,7 +176,7 @@ int FilemagicThreadLookup(magic_t *ctx, File *file) * \retval 1 match */ static int DetectFilemagicMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, - Flow *f, uint8_t flags, File *file, const Signature *s, const SigMatch *m) + Flow *f, uint8_t flags, File *file, const Signature *s, const SigMatchData *m) { SCEnter(); int ret = 0; diff --git a/src/detect-filename.c b/src/detect-filename.c index 34722fb77f..e751d2b4fa 100644 --- a/src/detect-filename.c +++ b/src/detect-filename.c @@ -53,7 +53,7 @@ #include "app-layer-parser.h" static int DetectFilenameMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *, - uint8_t, File *, const Signature *, const SigMatch *); + uint8_t, File *, const Signature *, const SigMatchData *); static int DetectFilenameSetup (DetectEngineCtx *, Signature *, char *); static void DetectFilenameRegisterTests(void); static void DetectFilenameFree(void *); @@ -101,7 +101,7 @@ void DetectFilenameRegister(void) * \retval 1 match */ static int DetectFilenameMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, - Flow *f, uint8_t flags, File *file, const Signature *s, const SigMatch *m) + Flow *f, uint8_t flags, File *file, const Signature *s, const SigMatchData *m) { SCEnter(); int ret = 0; diff --git a/src/detect-filesize.c b/src/detect-filesize.c index b26c7a8fc6..1b12221b84 100644 --- a/src/detect-filesize.c +++ b/src/detect-filesize.c @@ -49,7 +49,7 @@ static pcre_extra *parse_regex_study; /*prototypes*/ static int DetectFilesizeMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f, - uint8_t flags, File *file, const Signature *s, const SigMatch *m); + uint8_t flags, File *file, const Signature *s, const SigMatchData *m); static int DetectFilesizeSetup (DetectEngineCtx *, Signature *, char *); static void DetectFilesizeFree (void *); static void DetectFilesizeRegisterTests (void); @@ -87,7 +87,7 @@ void DetectFilesizeRegister(void) * \retval 1 match */ static int DetectFilesizeMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f, - uint8_t flags, File *file, const Signature *s, const SigMatch *m) + uint8_t flags, File *file, const Signature *s, const SigMatchData *m) { SCEnter(); diff --git a/src/detect-filestore.c b/src/detect-filestore.c index 4104fc694d..de11089092 100644 --- a/src/detect-filestore.c +++ b/src/detect-filestore.c @@ -60,7 +60,7 @@ static pcre *parse_regex; static pcre_extra *parse_regex_study; static int DetectFilestoreMatch (ThreadVars *, DetectEngineThreadCtx *, - Flow *, uint8_t, File *, const Signature *, const SigMatch *); + Flow *, uint8_t, File *, const Signature *, const SigMatchData *); static int DetectFilestoreSetup (DetectEngineCtx *, Signature *, char *); static void DetectFilestoreFree(void *); static void DetectFilestoreRegisterTests(void); @@ -247,7 +247,7 @@ int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Pack * needs to be put behind a api. */ static int DetectFilestoreMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f, - uint8_t flags, File *file, const Signature *s, const SigMatch *m) + uint8_t flags, File *file, const Signature *s, const SigMatchData *m) { uint16_t file_id = 0; diff --git a/src/detect-http-request-line.c b/src/detect-http-request-line.c index 8561f3fb5d..8fabe28ff0 100644 --- a/src/detect-http-request-line.c +++ b/src/detect-http-request-line.c @@ -66,7 +66,7 @@ void DetectHttpRequestLineFree(void *); static int PrefilterTxHttpRequestLineRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx); static int DetectEngineInspectHttpRequestLine(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); /** @@ -172,7 +172,7 @@ static int PrefilterTxHttpRequestLineRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx */ static int DetectEngineInspectHttpRequestLine(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { htp_tx_t *tx = (htp_tx_t *)txv; @@ -191,7 +191,7 @@ static int DetectEngineInspectHttpRequestLine(ThreadVars *tv, /* Inspect all the uricontents fetched on each * transaction at the app layer */ int r = DetectEngineContentInspection(de_ctx, det_ctx, - s, sm, + s, smd, f, bstr_ptr(tx->request_line), bstr_len(tx->request_line), diff --git a/src/detect-http-response-line.c b/src/detect-http-response-line.c index 5dff95ec19..125771a8e6 100644 --- a/src/detect-http-response-line.c +++ b/src/detect-http-response-line.c @@ -66,7 +66,7 @@ void DetectHttpResponseLineFree(void *); static int PrefilterTxHttpResponseLineRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx); static int DetectEngineInspectHttpResponseLine(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); /** @@ -172,7 +172,7 @@ static int PrefilterTxHttpResponseLineRegister(SigGroupHead *sgh, MpmCtx *mpm_ct */ int DetectEngineInspectHttpResponseLine(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { htp_tx_t *tx = (htp_tx_t *)txv; @@ -194,7 +194,7 @@ int DetectEngineInspectHttpResponseLine(ThreadVars *tv, #endif /* run the inspection against the buffer */ - int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm, + int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd, f, bstr_ptr(tx->response_line), bstr_len(tx->response_line), diff --git a/src/detect-lua.c b/src/detect-lua.c index 27351bfe4a..d51746ceff 100644 --- a/src/detect-lua.c +++ b/src/detect-lua.c @@ -186,7 +186,7 @@ void LuaDumpStack(lua_State *state) } int DetectLuaMatchBuffer(DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, uint8_t *buffer, uint32_t buffer_len, uint32_t offset, Flow *f) { @@ -196,7 +196,7 @@ int DetectLuaMatchBuffer(DetectEngineThreadCtx *det_ctx, if (buffer == NULL || buffer_len == 0) SCReturnInt(0); - DetectLuaData *lua = (DetectLuaData *)sm->ctx; + DetectLuaData *lua = (DetectLuaData *)smd->ctx; if (lua == NULL) SCReturnInt(0); diff --git a/src/detect-lua.h b/src/detect-lua.h index 18298aa203..16e451e910 100644 --- a/src/detect-lua.h +++ b/src/detect-lua.h @@ -56,7 +56,7 @@ typedef struct DetectLuaData { /* prototypes */ void DetectLuaRegister (void); int DetectLuaMatchBuffer(DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatch *sm, + const Signature *s, const SigMatchData *smd, uint8_t *buffer, uint32_t buffer_len, uint32_t offset, Flow *f); diff --git a/src/detect-pcre.c b/src/detect-pcre.c index b843014915..a1177a5928 100644 --- a/src/detect-pcre.c +++ b/src/detect-pcre.c @@ -172,8 +172,8 @@ void DetectPcreRegister (void) * \retval 0 No match. */ int DetectPcrePayloadMatch(DetectEngineThreadCtx *det_ctx, const Signature *s, - const SigMatch *sm, Packet *p, Flow *f, uint8_t *payload, - uint32_t payload_len) + const SigMatchData *smd, Packet *p, Flow *f, + uint8_t *payload, uint32_t payload_len) { SCEnter(); #define MAX_SUBSTRINGS 30 @@ -183,7 +183,7 @@ int DetectPcrePayloadMatch(DetectEngineThreadCtx *det_ctx, const Signature *s, uint16_t len = 0; uint16_t capture_len = 0; - DetectPcreData *pe = (DetectPcreData *)sm->ctx; + DetectPcreData *pe = (DetectPcreData *)smd->ctx; if (pe->flags & DETECT_PCRE_RELATIVE) { ptr = payload + det_ctx->buffer_offset; diff --git a/src/detect-pcre.h b/src/detect-pcre.h index 52e6394b59..50b93b0528 100644 --- a/src/detect-pcre.h +++ b/src/detect-pcre.h @@ -44,8 +44,11 @@ typedef struct DetectPcreData_ { } DetectPcreData; /* prototypes */ -int DetectPcrePayloadMatch(DetectEngineThreadCtx *, const Signature *, - const SigMatch *, Packet *, Flow *, uint8_t *, uint32_t); + +int DetectPcrePayloadMatch(DetectEngineThreadCtx *, + const Signature *, const SigMatchData *, + Packet *, Flow *, uint8_t *, uint32_t); + int DetectPcrePacketPayloadMatch(DetectEngineThreadCtx *, Packet *, Signature *, SigMatch *); int DetectPcrePayloadDoMatch(DetectEngineThreadCtx *, Signature *, SigMatch *, Packet *, uint8_t *, uint16_t); diff --git a/src/detect.h b/src/detect.h index a9617a6b03..f091a89451 100644 --- a/src/detect.h +++ b/src/detect.h @@ -377,7 +377,7 @@ struct DetectEngineThreadCtx_;// DetectEngineThreadCtx; typedef int (*InspectEngineFuncPtr)(ThreadVars *tv, struct DetectEngineCtx_ *de_ctx, struct DetectEngineThreadCtx_ *det_ctx, - const struct Signature_ *sig, const SigMatch *sm_list, + const struct Signature_ *sig, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id); @@ -395,7 +395,7 @@ typedef struct DetectEngineAppInspectionEngine_ { */ InspectEngineFuncPtr Callback; - SigMatch *sm; + SigMatchData *smd; struct DetectEngineAppInspectionEngine_ *next; } DetectEngineAppInspectionEngine; @@ -955,7 +955,6 @@ typedef struct DetectEngineThreadCtx_ { } DetectEngineThreadCtx; /** \brief element in sigmatch type table. - * \note FileMatch pointer below takes a locked flow, AppLayerMatch an unlocked flow */ typedef struct SigTableElmt_ { /** Packet match function pointer */ @@ -973,7 +972,7 @@ typedef struct SigTableElmt_ { int (*FileMatch)(ThreadVars *, /**< thread local vars */ DetectEngineThreadCtx *, Flow *, /**< *LOCKED* flow */ - uint8_t flags, File *, const Signature *, const SigMatch *); + uint8_t flags, File *, const Signature *, const SigMatchData *); /** keyword setup function pointer */ int (*Setup)(DetectEngineCtx *, Signature *, char *); diff --git a/src/util-detect-file-hash.c b/src/util-detect-file-hash.c index 8bee60c423..aff4302f41 100644 --- a/src/util-detect-file-hash.c +++ b/src/util-detect-file-hash.c @@ -147,7 +147,7 @@ static int HashMatchHashTable(ROHashTable *hash_table, uint8_t *hash, * \retval 1 match */ int DetectFileHashMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, - Flow *f, uint8_t flags, File *file, const Signature *s, const SigMatch *m) + Flow *f, uint8_t flags, File *file, const Signature *s, const SigMatchData *m) { SCEnter(); int ret = 0; diff --git a/src/util-detect-file-hash.h b/src/util-detect-file-hash.h index c247fb5aa3..ee0b37de61 100644 --- a/src/util-detect-file-hash.h +++ b/src/util-detect-file-hash.h @@ -38,7 +38,7 @@ int ReadHashString(uint8_t *, char *, char *, int, uint16_t); int LoadHashTable(ROHashTable *, char *, char *, int, uint32_t); int DetectFileHashMatch(ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t, - File *, const Signature *, const SigMatch *); + File *, const Signature *, const SigMatchData *); int DetectFileHashSetup(DetectEngineCtx *, Signature *, char *, uint32_t); void DetectFileHashFree(void *);