From: Victor Julien Date: Tue, 8 Mar 2016 19:29:09 +0000 (+0100) Subject: detect: allow for more than 64k mpm rules X-Git-Tag: suricata-3.0.1RC1~46 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c0b16fa2bb624291274a8f05cc2b56cc2d44df9e;p=thirdparty%2Fsuricata.git detect: allow for more than 64k mpm rules --- diff --git a/src/detect-content.h b/src/detect-content.h index b2e0f9694f..00c1ea3920 100644 --- a/src/detect-content.h +++ b/src/detect-content.h @@ -69,6 +69,8 @@ typedef struct DetectContentData_ { uint16_t replace_len; /* for chopped fast pattern, the length */ uint16_t fp_chop_len; + /* for chopped fast pattern, the offset */ + uint16_t fp_chop_offset; /* would want to move PatIntId here and flags down to remove the padding * gap, but I think the first four members was used as a template for * casting. \todo check this and fix it if posssible */ @@ -76,8 +78,6 @@ typedef struct DetectContentData_ { PatIntId id; uint16_t depth; uint16_t offset; - /* for chopped fast pattern, the offset */ - uint16_t fp_chop_offset; int32_t distance; int32_t within; /* Boyer Moore context (for spm search) */ diff --git a/src/detect-engine-mpm.c b/src/detect-engine-mpm.c index 7fd532e5cc..5a21823ce8 100644 --- a/src/detect-engine-mpm.c +++ b/src/detect-engine-mpm.c @@ -1064,14 +1064,14 @@ void PatternMatchDestroyGroup(SigGroupHead *sh) * always used, etc. */ typedef struct ContentHash_ { DetectContentData *ptr; - uint16_t cnt; - uint8_t use; /* use no matter what */ + uint32_t cnt; + int use; /* use no matter what */ } ContentHash; typedef struct UricontentHash_ { DetectContentData *ptr; - uint16_t cnt; - uint8_t use; /* use no matter what */ + uint32_t cnt; + int use; /* use no matter what */ } UricontentHash; uint32_t ContentHashFunc(HashTable *ht, void *data, uint16_t datalen) @@ -2714,8 +2714,8 @@ typedef struct MpmPatternIdTableElmt_ { uint8_t *pattern; /**< ptr to the pattern */ uint16_t pattern_len; /**< pattern len */ PatIntId id; /**< pattern id */ - uint16_t dup_count; /**< duplicate count */ - uint8_t sm_list; /**< SigMatch list */ + uint32_t dup_count; /**< duplicate count */ + int sm_list; /**< SigMatch list */ } MpmPatternIdTableElmt; /** \brief Hash compare func for MpmPatternId api diff --git a/src/detect.h b/src/detect.h index 89ce35ab1c..c36b9ce1e9 100644 --- a/src/detect.h +++ b/src/detect.h @@ -640,7 +640,7 @@ typedef struct DetectEngineCtx_ { /** hash table for looking up patterns for * id sharing and id tracking. */ MpmPatternIdStore *mpm_pattern_id_store; - uint16_t max_fp_id; + uint32_t max_fp_id; MpmCtxFactoryContainer *mpm_ctx_factory_container; diff --git a/src/suricata-common.h b/src/suricata-common.h index 05bfcdf9ec..660a0bfecc 100644 --- a/src/suricata-common.h +++ b/src/suricata-common.h @@ -241,7 +241,7 @@ #define SigIntId uint32_t /** same for pattern id's */ -#define PatIntId uint16_t +#define PatIntId uint32_t /** FreeBSD does not define __WORDSIZE, but it uses __LONG_BIT */ #ifndef __WORDSIZE diff --git a/src/util-mpm-ac-bs.c b/src/util-mpm-ac-bs.c index d6c4e78502..f19acbcd4a 100644 --- a/src/util-mpm-ac-bs.c +++ b/src/util-mpm-ac-bs.c @@ -1382,7 +1382,7 @@ void SCACBSDestroyCtx(MpmCtx *mpm_ctx) } if (ctx->pid_pat_list != NULL) { - int i; + uint32_t i; for (i = 0; i < (ctx->max_pat_id + 1); i++) { if (ctx->pid_pat_list[i].cs != NULL) SCFree(ctx->pid_pat_list[i].cs); diff --git a/src/util-mpm-ac-bs.h b/src/util-mpm-ac-bs.h index a66757e72a..ce9c59fc5c 100644 --- a/src/util-mpm-ac-bs.h +++ b/src/util-mpm-ac-bs.h @@ -88,7 +88,7 @@ typedef struct SCACBSCtx_ { /* the size of each state */ uint16_t single_state_size; - uint16_t max_pat_id; + uint32_t max_pat_id; } SCACBSCtx; typedef struct SCACBSThreadCtx_ { diff --git a/src/util-mpm-ac-gfbs.c b/src/util-mpm-ac-gfbs.c index e0ace7f3e7..bfff688908 100644 --- a/src/util-mpm-ac-gfbs.c +++ b/src/util-mpm-ac-gfbs.c @@ -1259,7 +1259,7 @@ void SCACGfbsDestroyCtx(MpmCtx *mpm_ctx) } if (ctx->pid_pat_list != NULL) { - int i; + uint32_t i; for (i = 0; i < (ctx->max_pat_id + 1); i++) { if (ctx->pid_pat_list[i].cs != NULL) SCFree(ctx->pid_pat_list[i].cs); diff --git a/src/util-mpm-ac-gfbs.h b/src/util-mpm-ac-gfbs.h index 4003a5b560..521c8db035 100644 --- a/src/util-mpm-ac-gfbs.h +++ b/src/util-mpm-ac-gfbs.h @@ -97,7 +97,7 @@ typedef struct SCACGfbsCtx_ { /* the size of each state */ uint16_t single_state_size; - uint16_t max_pat_id; + uint32_t max_pat_id; } SCACGfbsCtx; typedef struct SCACGfbsThreadCtx_ { diff --git a/src/util-mpm-ac.c b/src/util-mpm-ac.c index c8f6be77a2..49df0d6ea9 100644 --- a/src/util-mpm-ac.c +++ b/src/util-mpm-ac.c @@ -1273,7 +1273,7 @@ void SCACDestroyCtx(MpmCtx *mpm_ctx) } if (ctx->pid_pat_list != NULL) { - int i; + uint32_t i; for (i = 0; i < (ctx->max_pat_id + 1); i++) { if (ctx->pid_pat_list[i].cs != NULL) SCFree(ctx->pid_pat_list[i].cs); diff --git a/src/util-mpm-ac.h b/src/util-mpm-ac.h index a837f5f015..13bd16fbdc 100644 --- a/src/util-mpm-ac.h +++ b/src/util-mpm-ac.h @@ -97,8 +97,8 @@ typedef struct SCACCtx_ { SCACPatternList *pid_pat_list; /* the size of each state */ - uint16_t single_state_size; - uint16_t max_pat_id; + uint32_t single_state_size; + uint32_t max_pat_id; uint32_t allocated_state_count;