From 4f1d61169c50abcce85c4d6008f7ba6b0fe47ba8 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Tue, 25 Apr 2023 20:45:24 +0200 Subject: [PATCH] detect: make DetectEngineCtx more compact --- src/detect.h | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/src/detect.h b/src/detect.h index e07ca7fa39..27fa7c471b 100644 --- a/src/detect.h +++ b/src/detect.h @@ -785,7 +785,6 @@ enum DetectEngineType /** \brief main detection engine ctx */ typedef struct DetectEngineCtx_ { - uint8_t flags; int failure_fatal; int tenant_id; @@ -832,9 +831,13 @@ typedef struct DetectEngineCtx_ { DetectEngineIPOnlyCtx io_ctx; ThresholdCtx ths_ctx; + uint8_t flags; /**< only DE_QUIET */ uint8_t mpm_matcher; /**< mpm matcher this ctx uses */ uint16_t spm_matcher; /**< spm matcher this ctx uses */ + /* maximum recursion depth for content inspection */ + int inspection_recursion_limit; + /* spm thread context prototype, built as spm matchers are constructed and * later used to construct thread context for each thread. */ SpmGlobalThreadCtx *spm_global_thread_ctx; @@ -844,17 +847,11 @@ typedef struct DetectEngineCtx_ { uint16_t max_uniq_toclient_groups; uint16_t max_uniq_toserver_groups; - /* specify the configuration for mpm context factory */ - uint8_t sgh_mpm_ctx_cnf; - /* max flowbit id that is used */ uint32_t max_fb_id; MpmCtxFactoryContainer *mpm_ctx_factory_container; - /* maximum recursion depth for content inspection */ - int inspection_recursion_limit; - /* array containing all sgh's in use so we can loop * through it in Stage4. */ struct SigGroupHead_ **sgh_array; @@ -880,22 +877,26 @@ typedef struct DetectEngineCtx_ { uint32_t base64_decode_max_len; /** Store rule file and line so that parsers can use them in errors. */ - char *rule_file; int rule_line; + char *rule_file; + const char *sigerror; bool sigerror_silent; bool sigerror_ok; - const char *sigerror; + bool filedata_config_initialized; + + /* specify the configuration for mpm context factory */ + uint8_t sgh_mpm_ctx_cnf; + + int keyword_id; /** hash list of keywords that need thread local ctxs */ HashListTable *keyword_hash; - int keyword_id; struct { uint32_t content_limit; uint32_t content_inspect_min_size; uint32_t content_inspect_window; } filedata_config[ALPROTO_MAX]; - bool filedata_config_initialized; #ifdef PROFILING struct SCProfileDetectCtx_ *profile_ctx; @@ -937,11 +938,11 @@ typedef struct DetectEngineCtx_ { HashListTable *buffer_type_hash_id; uint32_t buffer_type_id; + uint32_t app_mpms_list_cnt; + DetectBufferMpmRegistery *app_mpms_list; /* list with app inspect engines. Both the start-time registered ones and * the rule-time registered ones. */ DetectEngineAppInspectionEngine *app_inspect_engines; - DetectBufferMpmRegistery *app_mpms_list; - uint32_t app_mpms_list_cnt; DetectEnginePktInspectionEngine *pkt_inspect_engines; DetectBufferMpmRegistery *pkt_mpms_list; uint32_t pkt_mpms_list_cnt; @@ -958,15 +959,15 @@ typedef struct DetectEngineCtx_ { /** signatures stats */ SigFileLoaderStat sig_stat; + /* list of Fast Pattern registrations. Initially filled using a copy of + * `g_fp_support_smlist_list`, then extended at rule loading time if needed */ + SCFPSupportSMList *fp_support_smlist_list; + /** per keyword flag indicating if a prefilter has been * set for it. If true, the setup function will have to * run. */ bool sm_types_prefilter[DETECT_TBLSIZE]; bool sm_types_silent_error[DETECT_TBLSIZE]; - - /* list of Fast Pattern registrations. Initially filled using a copy of - * `g_fp_support_smlist_list`, then extended at rule loading time if needed */ - SCFPSupportSMList *fp_support_smlist_list; } DetectEngineCtx; /* Engine groups profiles (low, medium, high, custom) */