From: Victor Julien <victor@inliniac.net>
Date: Mon, 30 Oct 2017 21:37:42 +0000 (+0100)
Subject: detect: move mpm engines into detect engine ctx
X-Git-Tag: suricata-4.1.0-beta1~147
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=efbd901385202825a8cb327fda513ac82cf1fbc8;p=thirdparty%2Fsuricata.git

detect: move mpm engines into detect engine ctx

This allows safe registration at runtime.
---

diff --git a/src/detect-engine-build.c b/src/detect-engine-build.c
index e68aba7c8d..39f78f27f5 100644
--- a/src/detect-engine-build.c
+++ b/src/detect-engine-build.c
@@ -554,7 +554,7 @@ static int SignatureCreateMask(Signature *s)
 static void SigInitStandardMpmFactoryContexts(DetectEngineCtx *de_ctx)
 {
     DetectMpmInitializeBuiltinMpms(de_ctx);
-    DetectMpmInitializeAppMpms(de_ctx);
+    DetectMpmSetupAppMpms(de_ctx);
 
     return;
 }
diff --git a/src/detect-engine-mpm.c b/src/detect-engine-mpm.c
index 47b0c1c104..ffad501ba2 100644
--- a/src/detect-engine-mpm.c
+++ b/src/detect-engine-mpm.c
@@ -183,12 +183,14 @@ void DetectAppLayerMpmRegister(const char *name,
     SupportFastPatternForSigMatchList(sm_list, priority);
 }
 
-void DetectAppLayerMpmRegisterByParentId(const int id, const int parent_id,
+/** \brief copy a mpm engine from parent_id, add in transforms */
+void DetectAppLayerMpmRegisterByParentId(DetectEngineCtx *de_ctx,
+        const int id, const int parent_id,
         DetectEngineTransforms *transforms)
 {
     SCLogDebug("registering %d/%d", id, parent_id);
 
-    DetectMpmAppLayerRegistery *t = g_app_mpms_list;
+    DetectMpmAppLayerRegistery *t = de_ctx->app_mpms_list;
     while (t) {
         if (t->sm_list == parent_id) {
             DetectMpmAppLayerRegistery *am = SCCalloc(1, sizeof(*am));
@@ -196,7 +198,7 @@ void DetectAppLayerMpmRegisterByParentId(const int id, const int parent_id,
             am->name = t->name;
             snprintf(am->pname, sizeof(am->pname), "%s#%d", am->name, id);
             am->direction = t->direction;
-            am->sm_list = id;           // use new id
+            am->sm_list = id; // use new id
             am->PrefilterRegister = t->PrefilterRegister;
             am->v2.PrefilterRegisterWithListId = t->v2.PrefilterRegisterWithListId;
             am->v2.GetData = t->v2.GetData;
@@ -207,11 +209,12 @@ void DetectAppLayerMpmRegisterByParentId(const int id, const int parent_id,
             if (transforms) {
                 memcpy(&am->v2.transforms, transforms, sizeof(*transforms));
             }
-            am->id = g_app_mpms_list_cnt++;
+            am->id = de_ctx->app_mpms_list_cnt++;
 
             SupportFastPatternForSigMatchList(am->sm_list, am->priority);
             t->next = am;
-            SCLogDebug("copied mpm registration for %s id %u with parent %u and GetData %p",
+            SCLogDebug("copied mpm registration for %s id %u "
+                    "with parent %u and GetData %p",
                     t->name, id, parent_id, am->v2.GetData);
             t = am;
         }
@@ -221,12 +224,40 @@ void DetectAppLayerMpmRegisterByParentId(const int id, const int parent_id,
 
 void DetectMpmInitializeAppMpms(DetectEngineCtx *de_ctx)
 {
-    BUG_ON(g_app_mpms_list_cnt == 0);
+    const DetectMpmAppLayerRegistery *list = g_app_mpms_list;
+    while (list != NULL) {
+        DetectMpmAppLayerRegistery *n = SCCalloc(1, sizeof(*n));
+        BUG_ON(n == NULL);
+
+        *n = *list;
+        n->next = NULL;
+
+        if (de_ctx->app_mpms_list == NULL) {
+            de_ctx->app_mpms_list = n;
+        } else {
+            DetectMpmAppLayerRegistery *t = de_ctx->app_mpms_list;
+            while (t->next != NULL) {
+                t = t->next;
+            }
+
+            t->next = n;
+        }
+
+        list = list->next;
+    }
+    de_ctx->app_mpms_list_cnt = g_app_mpms_list_cnt;
+    SCLogDebug("mpm: de_ctx app_mpms_list %p %u",
+            de_ctx->app_mpms_list, de_ctx->app_mpms_list_cnt);
+}
+
+void DetectMpmSetupAppMpms(DetectEngineCtx *de_ctx)
+{
+    BUG_ON(de_ctx->app_mpms_list_cnt == 0);
 
-    de_ctx->app_mpms = SCCalloc(g_app_mpms_list_cnt + 1, sizeof(DetectMpmAppLayerKeyword));
+    de_ctx->app_mpms = SCCalloc(de_ctx->app_mpms_list_cnt + 1, sizeof(DetectMpmAppLayerKeyword));
     BUG_ON(de_ctx->app_mpms == NULL);
 
-    DetectMpmAppLayerRegistery *list = g_app_mpms_list;
+    DetectMpmAppLayerRegistery *list = de_ctx->app_mpms_list;
     while (list != NULL) {
         DetectMpmAppLayerKeyword *am = &de_ctx->app_mpms[list->id];
         am->reg = list;
diff --git a/src/detect-engine-mpm.h b/src/detect-engine-mpm.h
index 3574db758d..316b8938e4 100644
--- a/src/detect-engine-mpm.h
+++ b/src/detect-engine-mpm.h
@@ -33,6 +33,7 @@
 #include "stream.h"
 
 void DetectMpmInitializeAppMpms(DetectEngineCtx *de_ctx);
+void DetectMpmSetupAppMpms(DetectEngineCtx *de_ctx);
 int DetectMpmPrepareAppMpms(DetectEngineCtx *de_ctx);
 void DetectMpmInitializeBuiltinMpms(DetectEngineCtx *de_ctx);
 int DetectMpmPrepareBuiltinMpms(DetectEngineCtx *de_ctx);
@@ -95,7 +96,9 @@ void DetectAppLayerMpmRegister2(const char *name,
             const DetectMpmAppLayerRegistery *mpm_reg, int list_id),
         InspectionBufferGetDataPtr GetData,
         AppProto alproto, int tx_min_progress);
-void DetectAppLayerMpmRegisterByParentId(const int id, const int parent_id,
+void DetectAppLayerMpmRegisterByParentId(
+        DetectEngineCtx *de_ctx,
+        const int id, const int parent_id,
         DetectEngineTransforms *transforms);
 
 #endif /* __DETECT_ENGINE_MPM_H__ */
diff --git a/src/detect-engine.c b/src/detect-engine.c
index 2a9a0d3fe6..62978dfc35 100644
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@@ -940,6 +940,7 @@ static void DetectBufferTypeSetupDetectEngine(DetectEngineCtx *de_ctx)
     }
     de_ctx->buffer_type_id = g_buffer_type_id;
 
+    DetectMpmInitializeAppMpms(de_ctx);
     DetectAppLayerInspectEngineCopyListToDetectCtx(de_ctx);
 }
 
@@ -950,6 +951,19 @@ static void DetectBufferTypeFreeDetectEngine(DetectEngineCtx *de_ctx)
             SCFree(de_ctx->buffer_type_map);
         if (de_ctx->buffer_type_hash)
             HashListTableFree(de_ctx->buffer_type_hash);
+
+        DetectEngineAppInspectionEngine *ilist = de_ctx->app_inspect_engines;
+        while (ilist) {
+            DetectEngineAppInspectionEngine *next = ilist->next;
+            SCFree(ilist);
+            ilist = next;
+        }
+        DetectMpmAppLayerRegistery *mlist = de_ctx->app_mpms_list;
+        while (mlist) {
+            DetectMpmAppLayerRegistery *next = mlist->next;
+            SCFree(mlist);
+            mlist = next;
+        }
     }
 }
 
@@ -999,7 +1013,8 @@ int DetectBufferTypeGetByIdTransforms(DetectEngineCtx *de_ctx, const int id,
     map->mpm = base_map->mpm;
     map->SetupCallback = base_map->SetupCallback;
     map->ValidateCallback = base_map->ValidateCallback;
-    DetectAppLayerMpmRegisterByParentId(map->id, map->parent_id, &map->transforms);
+    DetectAppLayerMpmRegisterByParentId(de_ctx,
+            map->id, map->parent_id, &map->transforms);
 
     BUG_ON(HashListTableAdd(de_ctx->buffer_type_hash, (void *)map, 0) != 0);
     SCLogDebug("buffer %s registered with id %d, parent %d", map->string, map->id, map->parent_id);
diff --git a/src/detect.h b/src/detect.h
index 457d710985..4bd680123b 100644
--- a/src/detect.h
+++ b/src/detect.h
@@ -861,6 +861,8 @@ typedef struct DetectEngineCtx_ {
     /* list with app inspect engines. Both the start-time registered ones and
      * the rule-time registered ones. */
     DetectEngineAppInspectionEngine *app_inspect_engines;
+    DetectMpmAppLayerRegistery *app_mpms_list;
+    uint32_t app_mpms_list_cnt;
 
     /** table with mpms and their registration function
      *  \todo we only need this at init, so perhaps this