-/* Copyright (C) 2007-2013 Open Information Security Foundation
+/* Copyright (C) 2007-2014 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
uint32_t content_total_size = 0;
Signature *s = NULL;
+ /* Count the amount of memory needed to store all the structures
+ * and the content of those structures. This will over estimate the
+ * true size, since duplicates are removed below, but counted here.
+ */
for (s = de_ctx->sig_list; s != NULL; s = s->next) {
s->mpm_sm = RetrieveFPForSigV2(s);
if (s->mpm_sm != NULL) {
content = cd->content;
content_len = cd->content_len;
}
+ uint32_t flags = cd->flags & DETECT_CONTENT_NOCASE;
+ /* Check for content already found on the same list */
for (; dup != struct_offset; dup++) {
- if (dup->content_len != content_len ||
- dup->sm_list != sm_list ||
- SCMemcmp(dup->content, content, dup->content_len) != 0) {
+ if (dup->content_len != content_len)
continue;
+ if (dup->sm_list != sm_list)
+ continue;
+ if (dup->flags != flags)
+ continue;
+ /* Check for pattern matching a duplicate. Use case insensitive matching
+ * for case insensitive patterns. */
+ if (flags & DETECT_CONTENT_NOCASE) {
+ if (SCMemcmpLowercase(dup->content, content, content_len) != 0)
+ continue;
+ } else {
+ // Case sensitive matching
+ if (SCMemcmp(dup->content, content, content_len) != 0)
+ continue;
}
-
+ /* Found a match with a previous pattern. */
break;
}
if (dup != struct_offset) {
+ /* Exited for-loop before the end, so found an existing match.
+ * Use its ID. */
cd->id = dup->id;
continue;
}
+ /* Not found, so new content. Give it a new ID and add it to the array.
+ * Copy the content at the end of the content array. */
struct_offset->id = max_id++;
cd->id = struct_offset->id;
struct_offset->content_len = content_len;
struct_offset->sm_list = sm_list;
struct_offset->content = content_offset;
+ struct_offset->flags = flags;
+
content_offset += content_len;
memcpy(struct_offset->content, content, content_len);
-/* Copyright (C) 2007-2010 Open Information Security Foundation
+/* Copyright (C) 2007-2014 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
return;
}
-/**
- * \internal
- * \brief Compares 2 patterns. We use it for the hashing process during the
- * the initial pattern insertion time, to cull duplicate sigs.
- *
- * \param p Pointer to the first pattern(SCACBSPattern).
- * \param pat Pointer to the second pattern(raw pattern array).
- * \param patlen Pattern length.
- * \param flags Flags. We don't need this.
- *
- * \retval hash A 32 bit unsigned hash.
- */
-static inline int SCACBSCmpPattern(SCACBSPattern *p, uint8_t *pat, uint16_t patlen,
- char flags)
-{
- if (p->len != patlen)
- return 0;
-
- if (p->flags != flags)
- return 0;
-
- if (memcmp(p->cs, pat, patlen) != 0)
- return 0;
-
- return 1;
-}
-
/**
* \internal
* \brief Creates a hash of the pattern. We use it for the hashing process
{
uint32_t hash = SCACBSInitHashRaw(pat, patlen);
- if (ctx->init_hash == NULL || ctx->init_hash[hash] == NULL) {
+ if (ctx->init_hash == NULL) {
return NULL;
}
SCACBSPattern *t = ctx->init_hash[hash];
for ( ; t != NULL; t = t->next) {
- //if (SCACBSCmpPattern(t, pat, patlen, flags) == 1)
- if (t->flags == flags && t->id == pid)
+ if (t->id == pid)
return t;
}
-/* Copyright (C) 2007-2010 Open Information Security Foundation
+/* Copyright (C) 2007-2014 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
return;
}
-/**
- * \internal
- * \brief Compares 2 patterns. We use it for the hashing process during the
- * the initial pattern insertion time, to cull duplicate sigs.
- *
- * \param p Pointer to the first pattern(SCACGfbsPattern).
- * \param pat Pointer to the second pattern(raw pattern array).
- * \param patlen Pattern length.
- * \param flags Flags. We don't need this.
- *
- * \retval hash A 32 bit unsigned hash.
- */
-static inline int SCACGfbsCmpPattern(SCACGfbsPattern *p, uint8_t *pat, uint16_t patlen,
- char flags)
-{
- if (p->len != patlen)
- return 0;
-
- if (p->flags != flags)
- return 0;
-
- if (memcmp(p->cs, pat, patlen) != 0)
- return 0;
-
- return 1;
-}
-
/**
* \internal
* \brief Creates a hash of the pattern. We use it for the hashing process
{
uint32_t hash = SCACGfbsInitHashRaw(pat, patlen);
- if (ctx->init_hash == NULL || ctx->init_hash[hash] == NULL) {
+ if (ctx->init_hash == NULL)
return NULL;
- }
SCACGfbsPattern *t = ctx->init_hash[hash];
for ( ; t != NULL; t = t->next) {
- //if (SCACGfbsCmpPattern(t, pat, patlen, flags) == 1)
- if (t->flags == flags && t->id == pid)
+ if (t->id == pid)
return t;
}
if (p->flags != flags)
return 0;
- if (memcmp(p->cs, pat, patlen) != 0)
- return 0;
+ if (flags & MPM_PATTERN_FLAG_NOCASE) {
+ // Case insensitive
+ if (SCMemcmpLowercase(p->cs, pat, patlen) != 0)
+ return 0;
+
+ } else {
+ // Case sensitive
+ if (SCMemcmp(p->cs, pat, patlen) != 0)
+ return 0;
+ }
return 1;
}
{
uint32_t hash = SCACTileInitHashRaw(pat, patlen);
- if (ctx->init_hash == NULL || ctx->init_hash[hash] == NULL) {
+ if (ctx->init_hash == NULL) {
return NULL;
}
SCACTilePattern *t = ctx->init_hash[hash];
for ( ; t != NULL; t = t->next) {
- //if (SCACTileCmpPattern(t, pat, patlen, flags) == 1)
- if (t->flags == flags && t->id == pid)
+ if (t->id == pid) {
return t;
+ }
}
return NULL;
return;
}
-/**
- * \internal
- * \brief Compares 2 patterns. We use it for the hashing process during the
- * the initial pattern insertion time, to cull duplicate sigs.
- *
- * \param p Pointer to the first pattern(SCACPattern).
- * \param pat Pointer to the second pattern(raw pattern array).
- * \param patlen Pattern length.
- * \param flags Flags. We don't need this.
- *
- * \retval hash A 32 bit unsigned hash.
- */
-static inline int SCACCmpPattern(SCACPattern *p, uint8_t *pat, uint16_t patlen,
- char flags)
-{
- if (p->len != patlen)
- return 0;
-
- if (p->flags != flags)
- return 0;
-
- if (memcmp(p->cs, pat, patlen) != 0)
- return 0;
-
- return 1;
-}
-
/**
* \internal
* \brief Creates a hash of the pattern. We use it for the hashing process
{
uint32_t hash = SCACInitHashRaw(pat, patlen);
- if (ctx->init_hash == NULL || ctx->init_hash[hash] == NULL) {
+ if (ctx->init_hash == NULL) {
return NULL;
}
SCACPattern *t = ctx->init_hash[hash];
for ( ; t != NULL; t = t->next) {
- //if (SCACCmpPattern(t, pat, patlen, flags) == 1)
- if (t->flags == flags && t->id == pid)
+ if (t->id == pid)
return t;
}
-/* Copyright (C) 2007-2010 Open Information Security Foundation
+/* Copyright (C) 2007-2014 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
B2gPattern *t = ctx->init_hash[hash];
for ( ; t != NULL; t = t->next) {
//if (B2gCmpPattern(t,pat,patlen,flags) == 1)
- if (t->flags == flags && t->id == pid)
+ if (t->id == pid)
return t;
}
projects / thirdparty / suricata.git / commitdiff
