From: Victor Julien Date: Mon, 29 Feb 2016 11:49:19 +0000 (+0100) Subject: detect keywords: use parse regex util func X-Git-Tag: suricata-3.1RC1~272 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e67ae0f174f81bc85b49b9ea106c4a4b798e1925;p=thirdparty%2Fsuricata.git detect keywords: use parse regex util func --- diff --git a/src/detect-base64-decode.c b/src/detect-base64-decode.c index a693de1513..781f3d3ef0 100644 --- a/src/detect-base64-decode.c +++ b/src/detect-base64-decode.c @@ -38,9 +38,6 @@ static void DetectBase64DecodeRegisterTests(void); void DetectBase64DecodeRegister(void) { - const char *pcre_errptr; - int pcre_erroffset; - sigmatch_table[DETECT_BASE64_DECODE].name = "base64_decode"; sigmatch_table[DETECT_BASE64_DECODE].desc = "Decodes base64 encoded data."; @@ -54,20 +51,7 @@ void DetectBase64DecodeRegister(void) sigmatch_table[DETECT_BASE64_DECODE].flags |= SIGMATCH_PAYLOAD; sigmatch_table[DETECT_BASE64_DECODE].flags |= SIGMATCH_OPTIONAL_OPT; - decode_pcre = pcre_compile(decode_pattern, 0, &pcre_errptr, &pcre_erroffset, - NULL); - if (decode_pcre == NULL) { - SCLogError(SC_ERR_PCRE_COMPILE, "Failed to compile pattern \"%s\" at" - " offset %d: %s", decode_pattern, pcre_erroffset, pcre_errptr); - exit(EXIT_FAILURE); - } - - decode_pcre_study = pcre_study(decode_pcre, 0, &pcre_errptr); - if (pcre_errptr != NULL) { - SCLogError(SC_ERR_PCRE_STUDY, "Failed to study pattern \"%s\": %s", - decode_pattern, pcre_errptr); - exit(EXIT_FAILURE); - } + DetectSetupParseRegexes(decode_pattern, &decode_pcre, &decode_pcre_study); } int DetectBase64DecodeDoMatch(DetectEngineThreadCtx *det_ctx, Signature *s, diff --git a/src/detect-byte-extract.c b/src/detect-byte-extract.c index 8b71c7970d..a4549a1d6d 100644 --- a/src/detect-byte-extract.c +++ b/src/detect-byte-extract.c @@ -100,10 +100,6 @@ void DetectByteExtractFree(void *); */ void DetectByteExtractRegister(void) { - const char *eb; - int eo; - int opts = 0; - sigmatch_table[DETECT_BYTE_EXTRACT].name = "byte_extract"; sigmatch_table[DETECT_BYTE_EXTRACT].Match = NULL; sigmatch_table[DETECT_BYTE_EXTRACT].AppLayerMatch = NULL; @@ -113,22 +109,7 @@ void DetectByteExtractRegister(void) sigmatch_table[DETECT_BYTE_EXTRACT].flags |= SIGMATCH_PAYLOAD; - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if (parse_regex == NULL) { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed " - "at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if (eb != NULL) { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - - return; - error: - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } int DetectByteExtractDoMatch(DetectEngineThreadCtx *det_ctx, SigMatch *sm, diff --git a/src/detect-bytejump.c b/src/detect-bytejump.c index 7111bd67f3..cf89e9fca9 100644 --- a/src/detect-bytejump.c +++ b/src/detect-bytejump.c @@ -64,10 +64,6 @@ void DetectBytejumpRegisterTests(void); void DetectBytejumpRegister (void) { - const char *eb; - int eo; - int opts = 0; - sigmatch_table[DETECT_BYTEJUMP].name = "byte_jump"; sigmatch_table[DETECT_BYTEJUMP].Match = DetectBytejumpMatch; sigmatch_table[DETECT_BYTEJUMP].Setup = DetectBytejumpSetup; @@ -76,25 +72,7 @@ void DetectBytejumpRegister (void) sigmatch_table[DETECT_BYTEJUMP].flags |= SIGMATCH_PAYLOAD; - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if(parse_regex == NULL) - { - SCLogError(SC_ERR_PCRE_COMPILE,"pcre compile of \"%s\" failed " - "at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if(eb != NULL) - { - SCLogError(SC_ERR_PCRE_STUDY,"pcre study failed: %s", eb); - goto error; - } - return; - -error: - /* XXX */ - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /** \brief Byte jump match function diff --git a/src/detect-bytetest.c b/src/detect-bytetest.c index 1802303ed8..2eaddadb0f 100644 --- a/src/detect-bytetest.c +++ b/src/detect-bytetest.c @@ -66,10 +66,6 @@ void DetectBytetestRegisterTests(void); void DetectBytetestRegister (void) { - const char *eb; - int eo; - int opts = 0; - sigmatch_table[DETECT_BYTETEST].name = "byte_test"; sigmatch_table[DETECT_BYTETEST].Match = DetectBytetestMatch; sigmatch_table[DETECT_BYTETEST].Setup = DetectBytetestSetup; @@ -78,25 +74,7 @@ void DetectBytetestRegister (void) sigmatch_table[DETECT_BYTETEST].flags |= SIGMATCH_PAYLOAD; - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if(parse_regex == NULL) - { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at " - "offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if(eb != NULL) - { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - return; - -error: - /* XXX */ - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /** \brief Bytetest detection code diff --git a/src/detect-classtype.c b/src/detect-classtype.c index f81d8378db..c1ce607744 100644 --- a/src/detect-classtype.c +++ b/src/detect-classtype.c @@ -37,7 +37,7 @@ #include "util-debug.h" #include "util-unittest.h" -#define DETECT_CLASSTYPE_REGEX "^\\s*([a-zA-Z][a-zA-Z0-9-_]*)\\s*$" +#define PARSE_REGEX "^\\s*([a-zA-Z][a-zA-Z0-9-_]*)\\s*$" static pcre *regex = NULL; static pcre_extra *regex_study = NULL; @@ -50,12 +50,6 @@ void DetectClasstypeRegisterTests(void); */ void DetectClasstypeRegister(void) { - const char *eb = NULL; - int eo; - int opts = 0; - - SCLogDebug("Registering the Classtype keyword handler"); - sigmatch_table[DETECT_CLASSTYPE].name = "classtype"; sigmatch_table[DETECT_CLASSTYPE].desc = "information about the classification of rules and alerts"; sigmatch_table[DETECT_CLASSTYPE].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Meta-settings#Classtype"; @@ -64,21 +58,7 @@ void DetectClasstypeRegister(void) sigmatch_table[DETECT_CLASSTYPE].Free = NULL; sigmatch_table[DETECT_CLASSTYPE].RegisterTests = DetectClasstypeRegisterTests; - regex = pcre_compile(DETECT_CLASSTYPE_REGEX, opts, &eb, &eo, NULL); - if (regex == NULL) { - SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s", - DETECT_CLASSTYPE_REGEX, eo, eb); - goto end; - } - - regex_study = pcre_study(regex, 0, &eb); - if (eb != NULL) { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto end; - } - - end: - return; + DetectSetupParseRegexes(PARSE_REGEX, ®ex, ®ex_study); } /** diff --git a/src/detect-dce-iface.c b/src/detect-dce-iface.c index e66ca94d0a..3e89feb557 100644 --- a/src/detect-dce-iface.c +++ b/src/detect-dce-iface.c @@ -47,7 +47,7 @@ #include "util-unittest-helper.h" #include "stream-tcp.h" -#define DETECT_DCE_IFACE_PCRE_PARSE_ARGS "^\\s*([0-9a-zA-Z]{8}-[0-9a-zA-Z]{4}-[0-9a-zA-Z]{4}-[0-9a-zA-Z]{4}-[0-9a-zA-Z]{12})(?:\\s*,(<|>|=|!)([0-9]{1,5}))?(?:\\s*,(any_frag))?\\s*$" +#define PARSE_REGEX "^\\s*([0-9a-zA-Z]{8}-[0-9a-zA-Z]{4}-[0-9a-zA-Z]{4}-[0-9a-zA-Z]{4}-[0-9a-zA-Z]{12})(?:\\s*,(<|>|=|!)([0-9]{1,5}))?(?:\\s*,(any_frag))?\\s*$" static pcre *parse_regex = NULL; static pcre_extra *parse_regex_study = NULL; @@ -62,10 +62,6 @@ void DetectDceIfaceFree(void *); */ void DetectDceIfaceRegister(void) { - const char *eb; - int eo; - int opts = 0; - sigmatch_table[DETECT_DCE_IFACE].name = "dce_iface"; sigmatch_table[DETECT_DCE_IFACE].alproto = ALPROTO_DCERPC; sigmatch_table[DETECT_DCE_IFACE].Match = NULL; @@ -76,25 +72,7 @@ void DetectDceIfaceRegister(void) sigmatch_table[DETECT_DCE_IFACE].flags |= SIGMATCH_PAYLOAD; - parse_regex = pcre_compile(DETECT_DCE_IFACE_PCRE_PARSE_ARGS, opts, &eb, - &eo, NULL); - if (parse_regex == NULL) { - SCLogDebug("pcre compile of \"%s\" failed at offset %" PRId32 ": %s", - DETECT_DCE_IFACE_PCRE_PARSE_ARGS, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if (eb != NULL) { - SCLogDebug("pcre study failed: %s", eb); - goto error; - } - - return; - - error: - /* we need to handle error?! */ - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /** diff --git a/src/detect-dce-opnum.c b/src/detect-dce-opnum.c index 8e33c8b189..b650fe27ce 100644 --- a/src/detect-dce-opnum.c +++ b/src/detect-dce-opnum.c @@ -47,7 +47,7 @@ #include "util-unittest-helper.h" #include "stream-tcp.h" -#define DETECT_DCE_OPNUM_PCRE_PARSE_ARGS "^\\s*([0-9]{1,5}(\\s*-\\s*[0-9]{1,5}\\s*)?)(,\\s*[0-9]{1,5}(\\s*-\\s*[0-9]{1,5})?\\s*)*$" +#define PARSE_REGEX "^\\s*([0-9]{1,5}(\\s*-\\s*[0-9]{1,5}\\s*)?)(,\\s*[0-9]{1,5}(\\s*-\\s*[0-9]{1,5})?\\s*)*$" static pcre *parse_regex = NULL; static pcre_extra *parse_regex_study = NULL; @@ -62,10 +62,6 @@ void DetectDceOpnumFree(void *); */ void DetectDceOpnumRegister(void) { - const char *eb; - int eo; - int opts = 0; - sigmatch_table[DETECT_DCE_OPNUM].name = "dce_opnum"; sigmatch_table[DETECT_DCE_OPNUM].alproto = ALPROTO_DCERPC; sigmatch_table[DETECT_DCE_OPNUM].Match = NULL; @@ -76,25 +72,7 @@ void DetectDceOpnumRegister(void) sigmatch_table[DETECT_DCE_OPNUM].flags |= SIGMATCH_PAYLOAD; - parse_regex = pcre_compile(DETECT_DCE_OPNUM_PCRE_PARSE_ARGS, opts, &eb, - &eo, NULL); - if (parse_regex == NULL) { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", - DETECT_DCE_OPNUM_PCRE_PARSE_ARGS, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if (eb != NULL) { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - - return; - - error: - /* we need to handle error?! */ - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /** diff --git a/src/detect-detection-filter.c b/src/detect-detection-filter.c index 14df7c47de..6ffca0e315 100644 --- a/src/detect-detection-filter.c +++ b/src/detect-detection-filter.c @@ -71,27 +71,7 @@ void DetectDetectionFilterRegister (void) /* this is compatible to ip-only signatures */ sigmatch_table[DETECT_DETECTION_FILTER].flags |= SIGMATCH_IPONLY_COMPAT; - const char *eb; - int eo; - int opts = 0; - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if(parse_regex == NULL) - { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if(eb != NULL) - { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - return; - -error: - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } int DetectDetectionFilterMatch (ThreadVars *thv, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, const SigMatchCtx *ctx) diff --git a/src/detect-dsize.c b/src/detect-dsize.c index 6d4e598f8d..a331f6f4d2 100644 --- a/src/detect-dsize.c +++ b/src/detect-dsize.c @@ -66,28 +66,7 @@ void DetectDsizeRegister (void) sigmatch_table[DETECT_DSIZE].Free = DetectDsizeFree; sigmatch_table[DETECT_DSIZE].RegisterTests = DsizeRegisterTests; - const char *eb; - int eo; - int opts = 0; - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if(parse_regex == NULL) - { - SCLogError(SC_ERR_PCRE_COMPILE,"pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if(eb != NULL) - { - SCLogError(SC_ERR_PCRE_STUDY,"pcre study failed: %s", eb); - goto error; - } - return; - -error: - /* XXX */ - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /** diff --git a/src/detect-engine-event.c b/src/detect-engine-event.c index 6028e9895d..ebfe865acc 100644 --- a/src/detect-engine-event.c +++ b/src/detect-engine-event.c @@ -77,28 +77,7 @@ void DetectEngineEventRegister (void) sigmatch_table[DETECT_STREAM_EVENT].Setup = DetectStreamEventSetup; sigmatch_table[DETECT_STREAM_EVENT].Free = DetectEngineEventFree; - const char *eb; - int eo; - int opts = 0; - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if(parse_regex == NULL) - { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if(eb != NULL) - { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s\n", eb); - goto error; - } - return; - -error: - return; - + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /** diff --git a/src/detect-fast-pattern.c b/src/detect-fast-pattern.c index 99fb409c03..dff7a4cc4a 100644 --- a/src/detect-fast-pattern.c +++ b/src/detect-fast-pattern.c @@ -37,7 +37,7 @@ #include "util-unittest.h" #include "util-unittest-helper.h" -#define DETECT_FAST_PATTERN_REGEX "^(\\s*only\\s*)|\\s*([0-9]+)\\s*,\\s*([0-9]+)\\s*$" +#define PARSE_REGEX "^(\\s*only\\s*)|\\s*([0-9]+)\\s*,\\s*([0-9]+)\\s*$" static pcre *parse_regex = NULL; static pcre_extra *parse_regex_study = NULL; @@ -164,30 +164,7 @@ void DetectFastPatternRegister(void) sigmatch_table[DETECT_FAST_PATTERN].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_FAST_PATTERN].flags |= SIGMATCH_PAYLOAD; - const char *eb; - int eo; - int opts = 0; - - parse_regex = pcre_compile(DETECT_FAST_PATTERN_REGEX, opts, &eb, &eo, NULL); - if(parse_regex == NULL) - { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at " - "offset %" PRId32 ": %s", DETECT_FAST_PATTERN_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if(eb != NULL) - { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - - return; - - error: - /* get some way to return an error code! */ - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } //static int DetectFastPatternParseArg( diff --git a/src/detect-filesize.c b/src/detect-filesize.c index d65b594f1d..709097f542 100644 --- a/src/detect-filesize.c +++ b/src/detect-filesize.c @@ -70,30 +70,7 @@ void DetectFilesizeRegister(void) sigmatch_table[DETECT_FILESIZE].RegisterTests = DetectFilesizeRegisterTests; sigmatch_table[DETECT_FILESIZE].flags |= SIGMATCH_PAYLOAD; /** XXX necessary? */ - const char *eb; - int eo; - int opts = 0; - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if (parse_regex == NULL) { - SCLogDebug("pcre compile of \"%s\" failed at offset %" PRId32 ": %s", - PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if (eb != NULL) { - SCLogDebug("pcre study failed: %s", eb); - goto error; - } - return; - -error: - if (parse_regex != NULL) - SCFree(parse_regex); - if (parse_regex_study != NULL) - SCFree(parse_regex_study); - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /** diff --git a/src/detect-filestore.c b/src/detect-filestore.c index 00e8aacc8f..0f96e86871 100644 --- a/src/detect-filestore.c +++ b/src/detect-filestore.c @@ -79,28 +79,7 @@ void DetectFilestoreRegister(void) sigmatch_table[DETECT_FILESTORE].RegisterTests = NULL; sigmatch_table[DETECT_FILESTORE].flags = SIGMATCH_OPTIONAL_OPT; - const char *eb; - int eo; - int opts = 0; - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if(parse_regex == NULL) - { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if(eb != NULL) - { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - SCLogDebug("registering filestore rule option"); - return; -error: - /* XXX */ - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /** diff --git a/src/detect-flags.c b/src/detect-flags.c index 860d38a86a..1d6c3d11aa 100644 --- a/src/detect-flags.c +++ b/src/detect-flags.c @@ -72,27 +72,7 @@ void DetectFlagsRegister (void) sigmatch_table[DETECT_FLAGS].Free = DetectFlagsFree; sigmatch_table[DETECT_FLAGS].RegisterTests = FlagsRegisterTests; - const char *eb; - int opts = 0; - int eo; - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if(parse_regex == NULL) - { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if(eb != NULL) - { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - -error: - return; - + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /** diff --git a/src/detect-flow.c b/src/detect-flow.c index 652dc654d6..304d97d9b9 100644 --- a/src/detect-flow.c +++ b/src/detect-flow.c @@ -66,28 +66,7 @@ void DetectFlowRegister (void) sigmatch_table[DETECT_FLOW].Free = DetectFlowFree; sigmatch_table[DETECT_FLOW].RegisterTests = DetectFlowRegisterTests; - const char *eb; - int eo; - int opts = 0; - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if(parse_regex == NULL) - { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if(eb != NULL) - { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - return; - -error: - /* XXX */ - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /* diff --git a/src/detect-flowbits.c b/src/detect-flowbits.c index 5cc727c3e7..70056f02dd 100644 --- a/src/detect-flowbits.c +++ b/src/detect-flowbits.c @@ -67,28 +67,7 @@ void DetectFlowbitsRegister (void) /* this is compatible to ip-only signatures */ sigmatch_table[DETECT_FLOWBITS].flags |= SIGMATCH_IPONLY_COMPAT; - const char *eb; - int eo; - int opts = 0; - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if(parse_regex == NULL) - { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if(eb != NULL) - { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - - return; - -error: - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } diff --git a/src/detect-flowint.c b/src/detect-flowint.c index 80ddfe9d35..dff26125cb 100644 --- a/src/detect-flowint.c +++ b/src/detect-flowint.c @@ -67,27 +67,7 @@ void DetectFlowintRegister(void) sigmatch_table[DETECT_FLOWINT].Free = DetectFlowintFree; sigmatch_table[DETECT_FLOWINT].RegisterTests = DetectFlowintRegisterTests; - const char *eb; - int eo; - int opts = 0; - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if (parse_regex == NULL) { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", - PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if (eb != NULL) { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - - return; -error: - SCLogInfo("Error registering flowint detection plugin"); - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /** diff --git a/src/detect-flowvar.c b/src/detect-flowvar.c index f6ff82d608..1fbc3eff63 100644 --- a/src/detect-flowvar.c +++ b/src/detect-flowvar.c @@ -64,28 +64,7 @@ void DetectFlowvarRegister (void) sigmatch_table[DETECT_FLOWVAR_POSTMATCH].Free = DetectFlowvarDataFree; sigmatch_table[DETECT_FLOWVAR_POSTMATCH].RegisterTests = NULL; - const char *eb; - int eo; - int opts = 0; - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if(parse_regex == NULL) - { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if(eb != NULL) - { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - - return; - -error: - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /** diff --git a/src/detect-fragbits.c b/src/detect-fragbits.c index a60f9e22a7..4150d3a6f5 100644 --- a/src/detect-fragbits.c +++ b/src/detect-fragbits.c @@ -83,27 +83,7 @@ void DetectFragBitsRegister (void) sigmatch_table[DETECT_FRAGBITS].Free = DetectFragBitsFree; sigmatch_table[DETECT_FRAGBITS].RegisterTests = FragBitsRegisterTests; - const char *eb; - int opts = 0; - int eo; - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if(parse_regex == NULL) - { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if(eb != NULL) - { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - -error: - return; - + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /** diff --git a/src/detect-fragoffset.c b/src/detect-fragoffset.c index fed8f5584c..6e6049fb44 100644 --- a/src/detect-fragoffset.c +++ b/src/detect-fragoffset.c @@ -61,25 +61,7 @@ void DetectFragOffsetRegister (void) sigmatch_table[DETECT_FRAGOFFSET].Free = DetectFragOffsetFree; sigmatch_table[DETECT_FRAGOFFSET].RegisterTests = DetectFragOffsetRegisterTests; - const char *eb; - int eo; - int opts = 0; - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if (parse_regex == NULL) { - SCLogError(SC_ERR_PCRE_COMPILE,"pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if (eb != NULL) { - SCLogError(SC_ERR_PCRE_STUDY,"pcre study failed: %s", eb); - goto error; - } - return; - -error: - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /** diff --git a/src/detect-gid.c b/src/detect-gid.c index 4cbbc8a9e1..3344fe3799 100644 --- a/src/detect-gid.c +++ b/src/detect-gid.c @@ -36,8 +36,6 @@ #include "util-unittest.h" #include "util-debug.h" -#define PARSE_REGEX "[0-9]+" - static int DetectGidSetup (DetectEngineCtx *, Signature *, char *); /** diff --git a/src/detect-hostbits.c b/src/detect-hostbits.c index 362dbf598b..2c325eb346 100644 --- a/src/detect-hostbits.c +++ b/src/detect-hostbits.c @@ -82,28 +82,7 @@ void DetectHostbitsRegister (void) /* this is compatible to ip-only signatures */ sigmatch_table[DETECT_HOSTBITS].flags |= SIGMATCH_IPONLY_COMPAT; - const char *eb; - int eo; - int opts = 0; - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if(parse_regex == NULL) - { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if(eb != NULL) - { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - - return; - -error: - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } static int DetectHostbitMatchToggle (Packet *p, const DetectXbitsData *fd) diff --git a/src/detect-icmp-id.c b/src/detect-icmp-id.c index 59d1e9ae67..675e03e410 100644 --- a/src/detect-icmp-id.c +++ b/src/detect-icmp-id.c @@ -60,25 +60,7 @@ void DetectIcmpIdRegister (void) sigmatch_table[DETECT_ICMP_ID].Free = DetectIcmpIdFree; sigmatch_table[DETECT_ICMP_ID].RegisterTests = DetectIcmpIdRegisterTests; - const char *eb; - int eo; - int opts = 0; - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if (parse_regex == NULL) { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if (eb != NULL) { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - return; - -error: - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /** diff --git a/src/detect-icmp-seq.c b/src/detect-icmp-seq.c index e48003a0a9..1fbefb7c29 100644 --- a/src/detect-icmp-seq.c +++ b/src/detect-icmp-seq.c @@ -60,25 +60,7 @@ void DetectIcmpSeqRegister (void) sigmatch_table[DETECT_ICMP_SEQ].Free = DetectIcmpSeqFree; sigmatch_table[DETECT_ICMP_SEQ].RegisterTests = DetectIcmpSeqRegisterTests; - const char *eb; - int eo; - int opts = 0; - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if (parse_regex == NULL) { - SCLogError(SC_ERR_PCRE_COMPILE,"pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if (eb != NULL) { - SCLogError(SC_ERR_PCRE_STUDY,"pcre study failed: %s", eb); - goto error; - } - return; - -error: - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /** diff --git a/src/detect-icode.c b/src/detect-icode.c index 33f3e0eff4..fc5c572d1a 100644 --- a/src/detect-icode.c +++ b/src/detect-icode.c @@ -64,27 +64,7 @@ void DetectICodeRegister (void) sigmatch_table[DETECT_ICODE].Free = DetectICodeFree; sigmatch_table[DETECT_ICODE].RegisterTests = DetectICodeRegisterTests; - const char *eb; - int eo; - int opts = 0; - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if(parse_regex == NULL) - { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if(eb != NULL) - { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - return; - -error: - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /** diff --git a/src/detect-id.c b/src/detect-id.c index a15e322840..9b2b7a849f 100644 --- a/src/detect-id.c +++ b/src/detect-id.c @@ -67,28 +67,7 @@ void DetectIdRegister (void) sigmatch_table[DETECT_ID].Free = DetectIdFree; sigmatch_table[DETECT_ID].RegisterTests = DetectIdRegisterTests; - const char *eb; - int eo; - int opts = 0; - - SCLogDebug("registering id rule option"); - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if (parse_regex == NULL) { - SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s", - PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if (eb != NULL) { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - return; - -error: - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /** diff --git a/src/detect-ipopts.c b/src/detect-ipopts.c index ef9b543027..4a3bb31873 100644 --- a/src/detect-ipopts.c +++ b/src/detect-ipopts.c @@ -64,28 +64,7 @@ void DetectIpOptsRegister (void) sigmatch_table[DETECT_IPOPTS].Free = DetectIpOptsFree; sigmatch_table[DETECT_IPOPTS].RegisterTests = IpOptsRegisterTests; - const char *eb; - int eo; - int opts = 0; - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if(parse_regex == NULL) - { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if(eb != NULL) - { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - return; - -error: - return; - + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /** diff --git a/src/detect-ipproto.c b/src/detect-ipproto.c index 0cade56914..e0c2635a0e 100644 --- a/src/detect-ipproto.c +++ b/src/detect-ipproto.c @@ -61,10 +61,6 @@ static void DetectIPProtoFree(void *); void DetectIPProtoRegister(void) { - const char *eb; - int eo; - int opts = 0; - sigmatch_table[DETECT_IPPROTO].name = "ip_proto"; sigmatch_table[DETECT_IPPROTO].desc = "match on the IP protocol in the packet-header"; sigmatch_table[DETECT_IPPROTO].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Header_keywords#ip_proto"; @@ -73,27 +69,7 @@ void DetectIPProtoRegister(void) sigmatch_table[DETECT_IPPROTO].Free = DetectIPProtoFree; sigmatch_table[DETECT_IPPROTO].RegisterTests = DetectIPProtoRegisterTests; - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if (parse_regex == NULL) { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at " - "offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if (eb != NULL) { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - - return; - -error: - if (parse_regex) - pcre_free(parse_regex); - if (parse_regex_study) - pcre_free_study(parse_regex_study); - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /** diff --git a/src/detect-iprep.c b/src/detect-iprep.c index 09457fdece..10da976a86 100644 --- a/src/detect-iprep.c +++ b/src/detect-iprep.c @@ -67,28 +67,7 @@ void DetectIPRepRegister (void) /* this is compatible to ip-only signatures */ sigmatch_table[DETECT_IPREP].flags |= SIGMATCH_IPONLY_COMPAT; - const char *eb; - int eo; - int opts = 0; - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if(parse_regex == NULL) - { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if(eb != NULL) - { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - - return; - -error: - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } static uint8_t GetHostRepSrc(Packet *p, uint8_t cat, uint32_t version) diff --git a/src/detect-isdataat.c b/src/detect-isdataat.c index f7dcfb9b05..1329839ab8 100644 --- a/src/detect-isdataat.c +++ b/src/detect-isdataat.c @@ -75,26 +75,7 @@ void DetectIsdataatRegister(void) sigmatch_table[DETECT_ISDATAAT].flags |= SIGMATCH_PAYLOAD; - const char *eb; - int eo; - int opts = 0; - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if(parse_regex == NULL) { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if(eb != NULL) { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - return; - -error: - /* XXX */ - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /** diff --git a/src/detect-itype.c b/src/detect-itype.c index fa8cfa6e8a..45e3a6ddf1 100644 --- a/src/detect-itype.c +++ b/src/detect-itype.c @@ -64,27 +64,7 @@ void DetectITypeRegister (void) sigmatch_table[DETECT_ITYPE].Free = DetectITypeFree; sigmatch_table[DETECT_ITYPE].RegisterTests = DetectITypeRegisterTests; - const char *eb; - int eo; - int opts = 0; - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if(parse_regex == NULL) - { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if(eb != NULL) - { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - return; - -error: - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /** diff --git a/src/detect-mark.c b/src/detect-mark.c index 247bf4898d..b298ccfe7f 100644 --- a/src/detect-mark.c +++ b/src/detect-mark.c @@ -58,27 +58,7 @@ void DetectMarkRegister (void) sigmatch_table[DETECT_MARK].Free = DetectMarkDataFree; sigmatch_table[DETECT_MARK].RegisterTests = MarkRegisterTests; - const char *eb; - int opts = 0; - int eo; - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if(parse_regex == NULL) - { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if(eb != NULL) - { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - -error: - return; - + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } #ifdef NFQ diff --git a/src/detect-modbus.c b/src/detect-modbus.c index 2fc5386cb3..f0cf9c6c85 100644 --- a/src/detect-modbus.c +++ b/src/detect-modbus.c @@ -409,41 +409,10 @@ void DetectModbusRegister(void) sigmatch_table[DETECT_AL_MODBUS].Free = DetectModbusFree; sigmatch_table[DETECT_AL_MODBUS].RegisterTests = DetectModbusRegisterTests; - const char *eb; - int eo, opts = 0; - - SCLogDebug("registering modbus rule option"); - - /* Function PARSE_REGEX */ - function_parse_regex = pcre_compile(PARSE_REGEX_FUNCTION, opts, &eb, &eo, NULL); - if (function_parse_regex == NULL) { - SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s", - PARSE_REGEX_FUNCTION, eo, eb); - goto error; - } - - function_parse_regex_study = pcre_study(function_parse_regex, 0, &eb); - if (eb != NULL) { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - - /* Access PARSE_REGEX */ - access_parse_regex = pcre_compile(PARSE_REGEX_ACCESS, opts, &eb, &eo, NULL); - if (access_parse_regex == NULL) { - SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s", - PARSE_REGEX_ACCESS, eo, eb); - goto error; - } - - access_parse_regex_study = pcre_study(access_parse_regex, 0, &eb); - if (eb != NULL) { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - -error: - SCReturn; + DetectSetupParseRegexes(PARSE_REGEX_FUNCTION, + &function_parse_regex, &function_parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX_ACCESS, + &access_parse_regex, &access_parse_regex_study); } #ifdef UNITTESTS /* UNITTESTS */ diff --git a/src/detect-pcre.c b/src/detect-pcre.c index c3274e4f51..0f19154955 100644 --- a/src/detect-pcre.c +++ b/src/detect-pcre.c @@ -97,9 +97,6 @@ void DetectPcreRegister (void) sigmatch_table[DETECT_PCRE].flags |= SIGMATCH_PAYLOAD; - const char *eb; - int eo; - int opts = 0; intmax_t val = 0; if (!ConfGetInt("pcre.match-limit", &val)) { @@ -130,38 +127,26 @@ void DetectPcreRegister (void) } } - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if(parse_regex == NULL) - { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if(eb != NULL) - { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } + /* setup the capture regex, as it needs PCRE_UNGREEDY we do it manually */ + const char *eb; + int eo; + int opts = PCRE_UNGREEDY; /* pkt_http_ua should be pkt, http_ua, for this reason the UNGREEDY */ - opts |= PCRE_UNGREEDY; /* pkt_http_ua should be pkt, http_ua, for this reason the UNGREEDY */ parse_capture_regex = pcre_compile(PARSE_CAPTURE_REGEX, opts, &eb, &eo, NULL); - if(parse_capture_regex == NULL) + if (parse_capture_regex == NULL) { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_CAPTURE_REGEX, eo, eb); - goto error; + FatalError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_CAPTURE_REGEX, eo, eb); } parse_capture_regex_study = pcre_study(parse_capture_regex, 0, &eb); if(eb != NULL) { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; + FatalError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); } - return; -error: - /* XXX */ + DetectParseRegexAddToFreeList(parse_capture_regex, parse_capture_regex_study); return; } diff --git a/src/detect-pktvar.c b/src/detect-pktvar.c index 075744e410..d319bd8882 100644 --- a/src/detect-pktvar.c +++ b/src/detect-pktvar.c @@ -52,28 +52,7 @@ void DetectPktvarRegister (void) sigmatch_table[DETECT_PKTVAR].flags |= SIGMATCH_PAYLOAD; - const char *eb; - int eo; - int opts = 0; - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if(parse_regex == NULL) - { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if(eb != NULL) - { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - - return; - -error: - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /* diff --git a/src/detect-priority.c b/src/detect-priority.c index 66b736fb57..2a7a80b536 100644 --- a/src/detect-priority.c +++ b/src/detect-priority.c @@ -33,7 +33,7 @@ #include "util-debug.h" #include "util-unittest.h" -#define DETECT_PRIORITY_REGEX "^\\s*(\\d+|\"\\d+\")\\s*$" +#define PARSE_REGEX "^\\s*(\\d+|\"\\d+\")\\s*$" static pcre *regex = NULL; static pcre_extra *regex_study = NULL; @@ -46,10 +46,6 @@ void SCPriorityRegisterTests(void); */ void DetectPriorityRegister (void) { - const char *eb = NULL; - int eo; - int opts = 0; - sigmatch_table[DETECT_PRIORITY].name = "priority"; sigmatch_table[DETECT_PRIORITY].desc = "rules with a higher priority will be examined first"; sigmatch_table[DETECT_PRIORITY].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Meta-settings#Priority"; @@ -58,21 +54,7 @@ void DetectPriorityRegister (void) sigmatch_table[DETECT_PRIORITY].Free = NULL; sigmatch_table[DETECT_PRIORITY].RegisterTests = SCPriorityRegisterTests; - regex = pcre_compile(DETECT_PRIORITY_REGEX, opts, &eb, &eo, NULL); - if (regex == NULL) { - SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s", - DETECT_PRIORITY_REGEX, eo, eb); - goto end; - } - - regex_study = pcre_study(regex, 0, &eb); - if (eb != NULL) { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto end; - } - - end: - return; + DetectSetupParseRegexes(PARSE_REGEX, ®ex, ®ex_study); } static int DetectPrioritySetup (DetectEngineCtx *de_ctx, Signature *s, char *rawstr) diff --git a/src/detect-reference.c b/src/detect-reference.c index d1473cc1b8..6fe04a2b91 100644 --- a/src/detect-reference.c +++ b/src/detect-reference.c @@ -63,27 +63,7 @@ void DetectReferenceRegister(void) sigmatch_table[DETECT_REFERENCE].Free = NULL; sigmatch_table[DETECT_REFERENCE].RegisterTests = ReferenceRegisterTests; - const char *eb; - int opts = 0; - int eo; - - opts |= PCRE_CASELESS; - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if (parse_regex == NULL) { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at " - "offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if (eb != NULL) { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - -error: - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /** diff --git a/src/detect-rpc.c b/src/detect-rpc.c index 844eb34647..52f6d7469a 100644 --- a/src/detect-rpc.c +++ b/src/detect-rpc.c @@ -66,28 +66,7 @@ void DetectRpcRegister (void) sigmatch_table[DETECT_RPC].Free = DetectRpcFree; sigmatch_table[DETECT_RPC].RegisterTests = DetectRpcRegisterTests; - const char *eb; - int eo; - int opts = 0; - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if(parse_regex == NULL) - { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if(eb != NULL) - { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - return; - -error: - /* XXX */ - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /* diff --git a/src/detect-ssh-proto-version.c b/src/detect-ssh-proto-version.c index 9830648389..abf86fe6fa 100644 --- a/src/detect-ssh-proto-version.c +++ b/src/detect-ssh-proto-version.c @@ -80,28 +80,7 @@ void DetectSshVersionRegister(void) sigmatch_table[DETECT_AL_SSH_PROTOVERSION].Free = DetectSshVersionFree; sigmatch_table[DETECT_AL_SSH_PROTOVERSION].RegisterTests = DetectSshVersionRegisterTests; - const char *eb; - int eo; - int opts = 0; - - SCLogDebug("registering ssh.protoversion rule option"); - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if (parse_regex == NULL) { - SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s", - PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if (eb != NULL) { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - return; - -error: - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /** diff --git a/src/detect-ssh-software-version.c b/src/detect-ssh-software-version.c index 12ba869e44..ff45a7f6ab 100644 --- a/src/detect-ssh-software-version.c +++ b/src/detect-ssh-software-version.c @@ -85,28 +85,7 @@ void DetectSshSoftwareVersionRegister(void) sigmatch_table[DETECT_AL_SSH_SOFTWAREVERSION].Free = DetectSshSoftwareVersionFree; sigmatch_table[DETECT_AL_SSH_SOFTWAREVERSION].RegisterTests = DetectSshSoftwareVersionRegisterTests; - const char *eb; - int eo; - int opts = 0; - - SCLogDebug("registering ssh.softwareversion rule option"); - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if (parse_regex == NULL) { - SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s", - PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if (eb != NULL) { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - return; - -error: - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /** diff --git a/src/detect-ssl-state.c b/src/detect-ssl-state.c index 770ed659b4..2e837f208d 100644 --- a/src/detect-ssl-state.c +++ b/src/detect-ssl-state.c @@ -78,42 +78,8 @@ void DetectSslStateRegister(void) sigmatch_table[DETECT_AL_SSL_STATE].Free = DetectSslStateFree; sigmatch_table[DETECT_AL_SSL_STATE].RegisterTests = DetectSslStateRegisterTests; - const char *eb; - int eo; - int opts = 0; - - SCLogDebug("registering ssl_state rule option"); - - /* PARSE_REGEX1 */ - parse_regex1 = pcre_compile(PARSE_REGEX1, opts, &eb, &eo, NULL); - if (parse_regex1 == NULL) { - SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s", - PARSE_REGEX1, eo, eb); - goto error; - } - - parse_regex1_study = pcre_study(parse_regex1, 0, &eb); - if (eb != NULL) { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - - /* PARSE_REGEX2 */ - parse_regex2 = pcre_compile(PARSE_REGEX2, opts, &eb, &eo, NULL); - if (parse_regex2 == NULL) { - SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s", - PARSE_REGEX2, eo, eb); - goto error; - } - - parse_regex2_study = pcre_study(parse_regex2, 0, &eb); - if (eb != NULL) { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - -error: - return; + DetectSetupParseRegexes(PARSE_REGEX1, &parse_regex1, &parse_regex1_study); + DetectSetupParseRegexes(PARSE_REGEX2, &parse_regex2, &parse_regex2_study); } /** diff --git a/src/detect-ssl-version.c b/src/detect-ssl-version.c index 03a1f39eb2..5259187eb6 100644 --- a/src/detect-ssl-version.c +++ b/src/detect-ssl-version.c @@ -79,29 +79,7 @@ void DetectSslVersionRegister(void) sigmatch_table[DETECT_AL_SSL_VERSION].Free = DetectSslVersionFree; sigmatch_table[DETECT_AL_SSL_VERSION].RegisterTests = DetectSslVersionRegisterTests; - const char *eb; - int eo; - int opts = 0; - - SCLogDebug("registering ssl_version rule option"); - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if (parse_regex == NULL) { - SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s", - PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if (eb != NULL) { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - - return; - -error: - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /** diff --git a/src/detect-stream_size.c b/src/detect-stream_size.c index c58ecf5a22..159d4d6f7c 100644 --- a/src/detect-stream_size.c +++ b/src/detect-stream_size.c @@ -63,27 +63,7 @@ void DetectStreamSizeRegister(void) sigmatch_table[DETECT_STREAM_SIZE].Free = DetectStreamSizeFree; sigmatch_table[DETECT_STREAM_SIZE].RegisterTests = DetectStreamSizeRegisterTests; - const char *eb; - int eo; - int opts = 0; - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if (parse_regex == NULL) { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if (eb != NULL) { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - return; - -error: - if (parse_regex != NULL) SCFree(parse_regex); - if (parse_regex_study != NULL) SCFree(parse_regex_study); - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /** diff --git a/src/detect-tag.c b/src/detect-tag.c index 6a3f8ad8c0..dfa762d190 100644 --- a/src/detect-tag.c +++ b/src/detect-tag.c @@ -74,28 +74,7 @@ void DetectTagRegister(void) sigmatch_table[DETECT_TAG].RegisterTests = DetectTagRegisterTests; sigmatch_table[DETECT_TAG].flags |= SIGMATCH_IPONLY_COMPAT; - const char *eb; - int eo; - int opts = 0; - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if(parse_regex == NULL) - { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if(eb != NULL) - { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - return; - -error: - /* XXX */ - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /** diff --git a/src/detect-template.c b/src/detect-template.c index b2fb26d6c3..b415783a60 100644 --- a/src/detect-template.c +++ b/src/detect-template.c @@ -69,30 +69,7 @@ void DetectTemplateRegister(void) { sigmatch_table[DETECT_TEMPLATE].RegisterTests = DetectTemplateRegisterTests; /* set up the PCRE for keyword parsing */ - const char *eb; - int eo; - int opts = 0; - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if (parse_regex == NULL) { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at " - "offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if (eb != NULL) { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - return; - -error: - if (parse_regex != NULL) - SCFree(parse_regex); - if (parse_regex_study != NULL) - SCFree(parse_regex_study); - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /** diff --git a/src/detect-threshold.c b/src/detect-threshold.c index 7410b2c282..28edd6e5c2 100644 --- a/src/detect-threshold.c +++ b/src/detect-threshold.c @@ -85,27 +85,7 @@ void DetectThresholdRegister(void) /* this is compatible to ip-only signatures */ sigmatch_table[DETECT_THRESHOLD].flags |= SIGMATCH_IPONLY_COMPAT; - const char *eb; - int opts = 0; - int eo; - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if (parse_regex == NULL) - { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if (eb != NULL) - { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - -error: - return; - + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } static int DetectThresholdMatch(ThreadVars *thv, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, const SigMatchCtx *ctx) diff --git a/src/detect-tls-version.c b/src/detect-tls-version.c index 144b5031e8..200ba959f8 100644 --- a/src/detect-tls-version.c +++ b/src/detect-tls-version.c @@ -79,28 +79,7 @@ void DetectTlsVersionRegister (void) sigmatch_table[DETECT_AL_TLS_VERSION].Free = DetectTlsVersionFree; sigmatch_table[DETECT_AL_TLS_VERSION].RegisterTests = DetectTlsVersionRegisterTests; - const char *eb; - int eo; - int opts = 0; - - SCLogDebug("registering tls.version rule option"); - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if (parse_regex == NULL) { - SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s", - PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if (eb != NULL) { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - return; - -error: - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /** diff --git a/src/detect-tls.c b/src/detect-tls.c index ba37aee0e6..b2ff99b613 100644 --- a/src/detect-tls.c +++ b/src/detect-tls.c @@ -134,58 +134,12 @@ void DetectTlsRegister (void) sigmatch_table[DETECT_AL_TLS_STORE].RegisterTests = NULL; sigmatch_table[DETECT_AL_TLS_STORE].flags |= SIGMATCH_NOOPT; - const char *eb; - int eo; - int opts = 0; - - SCLogDebug("registering tls.subject rule option"); - - subject_parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if (subject_parse_regex == NULL) { - SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s", - PARSE_REGEX, eo, eb); - goto error; - } - - subject_parse_regex_study = pcre_study(subject_parse_regex, 0, &eb); - if (eb != NULL) { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - - SCLogDebug("registering tls.issuerdn rule option"); - - issuerdn_parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if (issuerdn_parse_regex == NULL) { - SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s", - PARSE_REGEX, eo, eb); - goto error; - } - - issuerdn_parse_regex_study = pcre_study(issuerdn_parse_regex, 0, &eb); - if (eb != NULL) { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - - SCLogDebug("registering tls.fingerprint rule option"); - - fingerprint_parse_regex = pcre_compile(PARSE_REGEX_FINGERPRINT, opts, &eb, &eo, NULL); - if (fingerprint_parse_regex == NULL) { - SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX_FINGERPRINT, eo, eb); - goto error; - } - - fingerprint_parse_regex_study = pcre_study(fingerprint_parse_regex, 0, &eb); - if (eb != NULL) { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - - return; - -error: - return; + DetectSetupParseRegexes(PARSE_REGEX, + &subject_parse_regex, &subject_parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, + &issuerdn_parse_regex, &issuerdn_parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX_FINGERPRINT, + &fingerprint_parse_regex, &fingerprint_parse_regex_study); } /** diff --git a/src/detect-tos.c b/src/detect-tos.c index f82dc453a9..8beeb329eb 100644 --- a/src/detect-tos.c +++ b/src/detect-tos.c @@ -68,27 +68,7 @@ void DetectTosRegister(void) sigmatch_table[DETECT_TOS].Free = DetectTosFree; sigmatch_table[DETECT_TOS].RegisterTests = DetectTosRegisterTests; - const char *eb; - int eo; - int opts = 0; - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if (parse_regex == NULL) { - SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at " - "offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if (eb != NULL) { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - - return; - -error: - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /** diff --git a/src/detect-ttl.c b/src/detect-ttl.c index 316af96967..dbd8e21cc9 100644 --- a/src/detect-ttl.c +++ b/src/detect-ttl.c @@ -61,26 +61,7 @@ void DetectTtlRegister(void) sigmatch_table[DETECT_TTL].Free = DetectTtlFree; sigmatch_table[DETECT_TTL].RegisterTests = DetectTtlRegisterTests; - const char *eb; - int eo; - int opts = 0; - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if (parse_regex == NULL) { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if (eb != NULL) { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - return; - -error: - if (parse_regex != NULL) SCFree(parse_regex); - if (parse_regex_study != NULL) SCFree(parse_regex_study); + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); return; } diff --git a/src/detect-urilen.c b/src/detect-urilen.c index d7e5bdd8c8..44de1f5143 100644 --- a/src/detect-urilen.c +++ b/src/detect-urilen.c @@ -70,30 +70,7 @@ void DetectUrilenRegister(void) sigmatch_table[DETECT_AL_URILEN].RegisterTests = DetectUrilenRegisterTests; sigmatch_table[DETECT_AL_URILEN].flags |= SIGMATCH_PAYLOAD; - const char *eb; - int eo; - int opts = 0; - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if (parse_regex == NULL) { - SCLogDebug("pcre compile of \"%s\" failed at offset %" PRId32 ": %s", - PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if (eb != NULL) { - SCLogDebug("pcre study failed: %s", eb); - goto error; - } - return; - -error: - if (parse_regex != NULL) - pcre_free(parse_regex); - if (parse_regex_study != NULL) - pcre_free_study(parse_regex_study); - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /** diff --git a/src/detect-window.c b/src/detect-window.c index d3704f4f81..39f879aa93 100644 --- a/src/detect-window.c +++ b/src/detect-window.c @@ -65,32 +65,7 @@ void DetectWindowRegister (void) sigmatch_table[DETECT_WINDOW].Free = DetectWindowFree; sigmatch_table[DETECT_WINDOW].RegisterTests = DetectWindowRegisterTests; - const char *eb; - int eo; - int opts = 0; - - #ifdef WINDOW_DEBUG - printf("detect-window: Registering window rule option\n"); - #endif - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if(parse_regex == NULL) - { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if(eb != NULL) - { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - return; - -error: - /* XXX */ - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } /** diff --git a/src/detect-xbits.c b/src/detect-xbits.c index f6f3ba74da..af9384fb48 100644 --- a/src/detect-xbits.c +++ b/src/detect-xbits.c @@ -74,28 +74,7 @@ void DetectXbitsRegister (void) /* this is compatible to ip-only signatures */ sigmatch_table[DETECT_XBITS].flags |= SIGMATCH_IPONLY_COMPAT; - const char *eb; - int eo; - int opts = 0; - - parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); - if(parse_regex == NULL) - { - SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); - goto error; - } - - parse_regex_study = pcre_study(parse_regex, 0, &eb); - if(eb != NULL) - { - SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); - goto error; - } - - return; - -error: - return; + DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); } static int DetectIPPairbitMatchToggle (Packet *p, const DetectXbitsData *fd)