From: Jeff Lucovsky Date: Sun, 17 Nov 2019 21:07:56 +0000 (-0500) Subject: detect/parse: Refactor interfaces/definitions X-Git-Tag: suricata-6.0.0-beta1~624 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d19429f7e54f3d8e1d1c0c11470c1cabeca3f47a;p=thirdparty%2Fsuricata.git detect/parse: Refactor interfaces/definitions This commit refactors existing code patterns to reduce code duplication and to be a base for supporting additional PCRE jit-related actions. --- diff --git a/src/detect-parse.c b/src/detect-parse.c index e462070bb5..273037bb6d 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -2359,13 +2359,33 @@ error: return NULL; } -typedef struct DetectParseRegex_ { - pcre *regex; - pcre_extra *study; - struct DetectParseRegex_ *next; -} DetectParseRegex; - static DetectParseRegex *g_detect_parse_regex_list = NULL; +int DetectParsePcreExecLen(DetectParseRegex *parse_regex, const char *str, + int str_len, + int start_offset, int options, + int *ovector, int ovector_size) +{ + return pcre_exec(parse_regex->regex, parse_regex->study, str, str_len, + start_offset, options, ovector, ovector_size); +} + +int DetectParsePcreExec(DetectParseRegex *parse_regex, const char *str, + int start_offset, int options, + int *ovector, int ovector_size) +{ + return pcre_exec(parse_regex->regex, parse_regex->study, str, strlen(str), + start_offset, options, ovector, ovector_size); +} + +void DetectParseFreeRegex(DetectParseRegex *r) +{ + if (r->regex) { + pcre_free(r->regex); + } + if (r->study) { + pcre_free_study(r->study); + } +} void DetectParseFreeRegexes(void) { @@ -2373,12 +2393,8 @@ void DetectParseFreeRegexes(void) while (r) { DetectParseRegex *next = r->next; - if (r->regex) { - pcre_free(r->regex); - } - if (r->study) { - pcre_free_study(r->study); - } + DetectParseFreeRegex(r); + SCFree(r); r = next; } @@ -2387,38 +2403,43 @@ void DetectParseFreeRegexes(void) /** \brief add regex and/or study to at exit free list */ -void DetectParseRegexAddToFreeList(pcre *regex, pcre_extra *study) +void DetectParseRegexAddToFreeList(DetectParseRegex *detect_parse) { DetectParseRegex *r = SCCalloc(1, sizeof(*r)); if (r == NULL) { FatalError(SC_ERR_MEM_ALLOC, "failed to alloc memory for pcre free list"); } - r->regex = regex; - r->study = study; + r->regex = detect_parse->regex; + r->study = detect_parse->study; r->next = g_detect_parse_regex_list; g_detect_parse_regex_list = r; } -void DetectSetupParseRegexes(const char *parse_str, - pcre **parse_regex, - pcre_extra **parse_regex_study) +void DetectSetupParseRegexesOpts(const char *parse_str, DetectParseRegex *detect_parse, int opts) { const char *eb; int eo; - int opts = 0; - *parse_regex = pcre_compile(parse_str, opts, &eb, &eo, NULL); - if (*parse_regex == NULL) { + detect_parse->regex = pcre_compile(parse_str, opts, &eb, &eo, NULL); + if (detect_parse->regex == NULL) { FatalError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at " "offset %" PRId32 ": %s", parse_str, eo, eb); } - *parse_regex_study = pcre_study(*parse_regex, 0, &eb); + detect_parse->study = pcre_study(detect_parse->regex, 0 , &eb); if (eb != NULL) { FatalError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); } - DetectParseRegexAddToFreeList(*parse_regex, *parse_regex_study); + + DetectParseRegexAddToFreeList(detect_parse); + + return; +} + +void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *detect_parse) +{ + DetectSetupParseRegexesOpts(parse_str, detect_parse, 0); return; } diff --git a/src/detect-parse.h b/src/detect-parse.h index aa89e5e2e9..fc4a0c05fc 100644 --- a/src/detect-parse.h +++ b/src/detect-parse.h @@ -39,6 +39,15 @@ enum { SIG_DIREC_DST }; +typedef struct DetectParseRegex_ { + pcre *regex; + pcre_extra *study; +#ifdef PCRE_HAVE_JIT_EXEC + pcre_jit_stack *jit_stack; +#endif + struct DetectParseRegex_ *next; +} DetectParseRegex; + /* prototypes */ Signature *SigAlloc(void); void SigFree(Signature *s); @@ -79,15 +88,26 @@ int WARN_UNUSED DetectSignatureSetAppProto(Signature *s, AppProto alproto); /* parse regex setup and free util funcs */ -void DetectSetupParseRegexes(const char *parse_str, - pcre **parse_regex, - pcre_extra **parse_regex_study); -void DetectParseRegexAddToFreeList(pcre *regex, pcre_extra *study); +void DetectSetupParseRegexesOpts(const char *parse_str, DetectParseRegex *parse_regex, int opts); +void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *parse_regex); +void DetectParseRegexAddToFreeList(DetectParseRegex *parse_regex); void DetectParseFreeRegexes(void); +void DetectParseFreeRegex(DetectParseRegex *r); + +/* parse regex exec */ +int DetectParsePcreExec(DetectParseRegex *parse_regex, const char *str, + int start_offset, int options, + int *ovector, int ovector_size); +int DetectParsePcreExecLen(DetectParseRegex *parse_regex, const char *str, + int str_len, int start_offset, int options, + int *ovector, int ovector_size); #ifdef AFLFUZZ_RULES int RuleParseDataFromFile(char *filename); #endif +/* typical size of ovector */ +#define MAX_SUBSTRINGS 30 + #endif /* __DETECT_PARSE_H__ */ diff --git a/src/util-error.c b/src/util-error.c index 66f74c7de0..60c827e057 100644 --- a/src/util-error.c +++ b/src/util-error.c @@ -49,6 +49,7 @@ const char * SCErrorToString(SCError err) CASE_CODE (SC_ERR_PCRE_COMPILE); CASE_CODE (SC_ERR_PCRE_STUDY); CASE_CODE (SC_ERR_PCRE_PARSE); + CASE_CODE (SC_WARN_PCRE_JITSTACK); CASE_CODE (SC_ERR_LOG_MODULE_NOT_INIT); CASE_CODE (SC_ERR_LOG_FG_FILTER_MATCH); CASE_CODE (SC_ERR_PCAP_DISPATCH); diff --git a/src/util-error.h b/src/util-error.h index c8ef665e2a..07161d0c54 100644 --- a/src/util-error.h +++ b/src/util-error.h @@ -356,6 +356,7 @@ typedef enum { SC_WARN_ANOMALY_CONFIG, SC_WARN_ALERT_CONFIG, SC_ERR_PCRE_COPY_SUBSTRING, + SC_WARN_PCRE_JITSTACK, SC_ERR_MAX } SCError;