Put all globals in the detection engine ctx. Add HashList type, a hash that also stores the items ina list to it can be traversed. Many cleanups.

remotes/origin/master-1.0.x
Victor Julien 17 years ago
parent b2eb954099
commit 5df5b35e90

@ -61,6 +61,7 @@ util-mpm-b3g.c util-mpm-b3g.h \
util-cidr.c util-cidr.h \
util-unittest.c util-unittest.h \
util-hash.c util-hash.h \
util-hashlist.c util-hashlist.h \
util-bloomfilter.c util-bloomfilter.h \
util-bloomfilter-counting.c util-bloomfilter-counting.h \
tm-modules.c tm-modules.h \

@ -36,7 +36,7 @@
int AlertDebuglog (ThreadVars *, Packet *, void *, PacketQueue *);
int AlertDebuglogIPv4(ThreadVars *, Packet *, void *, PacketQueue *);
int AlertDebuglogIPv6(ThreadVars *, Packet *, void *, PacketQueue *);
int AlertDebuglogThreadInit(ThreadVars *, void **);
int AlertDebuglogThreadInit(ThreadVars *, void*, void **);
int AlertDebuglogThreadDeinit(ThreadVars *, void *);
void AlertDebuglogExitPrintStats(ThreadVars *, void *);
@ -196,7 +196,7 @@ int AlertDebuglog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq)
return 0;
}
int AlertDebuglogThreadInit(ThreadVars *t, void **data)
int AlertDebuglogThreadInit(ThreadVars *t, void *initdata, void **data)
{
AlertDebuglogThread *aft = malloc(sizeof(AlertDebuglogThread));
if (aft == NULL) {

@ -36,7 +36,7 @@
int AlertFastlog (ThreadVars *, Packet *, void *, PacketQueue *);
int AlertFastlogIPv4(ThreadVars *, Packet *, void *, PacketQueue *);
int AlertFastlogIPv6(ThreadVars *, Packet *, void *, PacketQueue *);
int AlertFastlogThreadInit(ThreadVars *, void **);
int AlertFastlogThreadInit(ThreadVars *, void *, void **);
int AlertFastlogThreadDeinit(ThreadVars *, void *);
void AlertFastlogExitPrintStats(ThreadVars *, void *);
@ -147,7 +147,7 @@ int AlertFastlog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq)
return 0;
}
int AlertFastlogThreadInit(ThreadVars *t, void **data)
int AlertFastlogThreadInit(ThreadVars *t, void *initdata, void **data)
{
AlertFastlogThread *aft = malloc(sizeof(AlertFastlogThread));
if (aft == NULL) {

@ -34,7 +34,7 @@
#include "util-unittest.h"
int AlertUnifiedAlert (ThreadVars *, Packet *, void *, PacketQueue *);
int AlertUnifiedAlertThreadInit(ThreadVars *, void **);
int AlertUnifiedAlertThreadInit(ThreadVars *, void *, void **);
int AlertUnifiedAlertThreadDeinit(ThreadVars *, void *);
void TmModuleAlertUnifiedAlertRegister (void) {
@ -203,7 +203,7 @@ int AlertUnifiedAlert (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq)
return 0;
}
int AlertUnifiedAlertThreadInit(ThreadVars *t, void **data)
int AlertUnifiedAlertThreadInit(ThreadVars *t, void *initdata, void **data)
{
AlertUnifiedAlertThread *aun = malloc(sizeof(AlertUnifiedAlertThread));
if (aun == NULL) {

@ -34,7 +34,7 @@
#include "util-unittest.h"
int AlertUnifiedLog (ThreadVars *, Packet *, void *, PacketQueue *);
int AlertUnifiedLogThreadInit(ThreadVars *, void **);
int AlertUnifiedLogThreadInit(ThreadVars *, void *, void **);
int AlertUnifiedLogThreadDeinit(ThreadVars *, void *);
void TmModuleAlertUnifiedLogRegister (void) {
@ -218,7 +218,7 @@ int AlertUnifiedLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq)
return 0;
}
int AlertUnifiedLogThreadInit(ThreadVars *t, void **data)
int AlertUnifiedLogThreadInit(ThreadVars *t, void *initdata, void **data)
{
AlertUnifiedLogThread *aun = malloc(sizeof(AlertUnifiedLogThread));
if (aun == NULL) {

@ -4,7 +4,7 @@
#include "detect.h"
#include "flow-var.h"
int DetectClasstypeSetup (Signature *s, SigMatch *m, char *str);
int DetectClasstypeSetup (DetectEngineCtx *, Signature *s, SigMatch *m, char *str);
void DetectClasstypeRegister (void) {
sigmatch_table[DETECT_CLASSTYPE].name = "classtype";
@ -14,7 +14,7 @@ void DetectClasstypeRegister (void) {
sigmatch_table[DETECT_CLASSTYPE].RegisterTests = NULL;
}
int DetectClasstypeSetup (Signature *s, SigMatch *m, char *rawstr)
int DetectClasstypeSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *rawstr)
{
char *str = rawstr;
char dubbed = 0;

@ -42,15 +42,11 @@
#include "threads.h"
int DetectContentMatch (ThreadVars *, PatternMatcherThread *, Packet *, Signature *, SigMatch *);
int DetectContentSetup (Signature *, SigMatch *, char *);
int DetectContentSetup (DetectEngineCtx *, Signature *, SigMatch *, char *);
u_int8_t nocasetable[256];
#define _nc(c) nocasetable[(c)]
/* we use a global id for content matches to be able to use
* just one pattern matcher thread context per thread. */
static u_int32_t content_max_id = 0;
void DetectContentRegister (void) {
sigmatch_table[DETECT_CONTENT].name = "content";
sigmatch_table[DETECT_CONTENT].Match = DetectContentMatch;
@ -77,9 +73,9 @@ void DetectContentRegister (void) {
}
/* pass on the content_max_id */
u_int32_t DetectContentMaxId(void) {
//printf("DetectContentMaxId: %u\n", content_max_id);
return content_max_id;
u_int32_t DetectContentMaxId(DetectEngineCtx *de_ctx) {
//printf("DetectContentMaxId: %u\n", de_ctx->content_max_id);
return de_ctx->content_max_id;
}
static inline int
@ -277,7 +273,7 @@ int DetectContentMatch (ThreadVars *t, PatternMatcherThread *pmt, Packet *p, Sig
return DoDetectContent(t, pmt, p, s, m, co);
}
int DetectContentSetup (Signature *s, SigMatch *m, char *contentstr)
int DetectContentSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *contentstr)
{
DetectContentData *cd = NULL;
SigMatch *sm = NULL;
@ -385,8 +381,8 @@ int DetectContentSetup (Signature *s, SigMatch *m, char *contentstr)
SigMatchAppend(s,m,sm);
cd->id = content_max_id;
content_max_id++;
cd->id = de_ctx->content_max_id;
de_ctx->content_max_id++;
if (dubbed) free(str);
return 0;

@ -10,7 +10,6 @@
#define DETECT_CONTENT_RAWBYTES 0x20
typedef struct _DetectContentData {
u_int8_t *content;
u_int8_t content_len;
@ -25,7 +24,7 @@ typedef struct _DetectContentData {
/* prototypes */
void DetectContentRegister (void);
u_int32_t DetectContentMaxId(void);
u_int32_t DetectContentMaxId(DetectEngineCtx *);
#endif /* __DETECT_CONTENT_H__ */

@ -8,7 +8,7 @@
#include "detect-content.h"
#include "detect-pcre.h"
int DetectDepthSetup (Signature *s, SigMatch *m, char *depthstr);
int DetectDepthSetup (DetectEngineCtx *, Signature *s, SigMatch *m, char *depthstr);
void DetectDepthRegister (void) {
sigmatch_table[DETECT_DEPTH].name = "depth";
@ -18,7 +18,7 @@ void DetectDepthRegister (void) {
sigmatch_table[DETECT_DEPTH].RegisterTests = NULL;
}
int DetectDepthSetup (Signature *s, SigMatch *m, char *depthstr)
int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *depthstr)
{
char *str = depthstr;
char dubbed = 0;

@ -9,7 +9,7 @@
#include "detect-uricontent.h"
#include "detect-pcre.h"
int DetectDistanceSetup (Signature *s, SigMatch *m, char *distancestr);
int DetectDistanceSetup (DetectEngineCtx *, Signature *s, SigMatch *m, char *distancestr);
void DetectDistanceRegister (void) {
sigmatch_table[DETECT_DISTANCE].name = "distance";
@ -19,7 +19,7 @@ void DetectDistanceRegister (void) {
sigmatch_table[DETECT_DISTANCE].RegisterTests = NULL;
}
int DetectDistanceSetup (Signature *s, SigMatch *m, char *distancestr)
int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *distancestr)
{
char *str = distancestr;
char dubbed = 0;

@ -24,7 +24,7 @@ typedef struct _DetectDsizeData {
} DetectDsizeData;
int DetectDsizeMatch (ThreadVars *, PatternMatcherThread *, Packet *, Signature *, SigMatch *);
int DetectDsizeSetup (Signature *s, SigMatch *m, char *str);
int DetectDsizeSetup (DetectEngineCtx *, Signature *s, SigMatch *m, char *str);
void DsizeRegisterTests(void);
void DetectDsizeRegister (void) {
@ -177,7 +177,7 @@ error:
return NULL;
}
int DetectDsizeSetup (Signature *s, SigMatch *m, char *rawstr)
int DetectDsizeSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *rawstr)
{
DetectDsizeData *dd = NULL;
SigMatch *sm = NULL;

@ -12,6 +12,7 @@
#include "detect-engine-address.h"
#include "detect-engine-siggroup.h"
#include "detect-engine-port.h"
int DetectAddressCmpIPv4(DetectAddressData *a, DetectAddressData *b) {
u_int32_t a_ip1 = ntohl(a->ip[0]);
@ -66,7 +67,7 @@ int DetectAddressCmpIPv4(DetectAddressData *a, DetectAddressData *b) {
* a = 1.2.3.4, b = 1.2.3.0/24
* must result in: a == 1.2.3.0-1.2.3.3, b == 1.2.3.4, c == 1.2.3.5-1.2.3.255
*/
int DetectAddressGroupCutIPv4(DetectAddressGroup *a, DetectAddressGroup *b, DetectAddressGroup **c) {
int DetectAddressGroupCutIPv4(DetectEngineCtx *de_ctx, DetectAddressGroup *a, DetectAddressGroup *b, DetectAddressGroup **c) {
u_int32_t a_ip1 = ntohl(a->ad->ip[0]);
u_int32_t a_ip2 = ntohl(a->ad->ip2[0]);
u_int32_t b_ip1 = ntohl(b->ad->ip[0]);
@ -120,14 +121,14 @@ int DetectAddressGroupCutIPv4(DetectAddressGroup *a, DetectAddressGroup *b, Dete
tmp_c->ad->ip2[0] = htonl(b_ip2);
*c = tmp_c;
SigGroupHeadCopySigs(b->sh,&tmp_c->sh);
SigGroupHeadCopySigs(a->sh,&b->sh);
SigGroupHeadCopySigs(de_ctx, b->sh,&tmp_c->sh);
SigGroupHeadCopySigs(de_ctx, a->sh,&b->sh);
for (port = b->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&tmp_c->port, port);
DetectPortInsertCopy(de_ctx, &tmp_c->port, port);
}
for (port = a->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&b->port, port);
DetectPortInsertCopy(de_ctx, &b->port, port);
}
tmp_c->cnt += b->cnt;
@ -166,24 +167,24 @@ int DetectAddressGroupCutIPv4(DetectAddressGroup *a, DetectAddressGroup *b, Dete
/* 'a' gets clean and then 'b' sigs
* 'b' gets clean, then 'a' then 'b' sigs
* 'c' gets 'a' sigs */
SigGroupHeadCopySigs(a->sh,&tmp->sh); /* store old a list */
SigGroupHeadCopySigs(de_ctx, a->sh, &tmp->sh); /* store old a list */
SigGroupHeadClearSigs(a->sh); /* clean a list */
SigGroupHeadCopySigs(tmp->sh,&tmp_c->sh); /* copy old b to c */
SigGroupHeadCopySigs(b->sh,&a->sh); /* copy old b to a */
SigGroupHeadCopySigs(tmp->sh,&b->sh); /* prepend old a before b */
SigGroupHeadCopySigs(de_ctx, tmp->sh, &tmp_c->sh); /* copy old b to c */
SigGroupHeadCopySigs(de_ctx, b->sh, &a->sh); /* copy old b to a */
SigGroupHeadCopySigs(de_ctx, tmp->sh, &b->sh); /* prepend old a before b */
SigGroupHeadClearSigs(tmp->sh); /* clean tmp list */
for (port = a->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&tmp->port, port);
DetectPortInsertCopy(de_ctx, &tmp->port, port);
}
for (port = b->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&a->port, port);
DetectPortInsertCopy(de_ctx, &a->port, port);
}
for (port = tmp->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&b->port, port);
DetectPortInsertCopy(de_ctx, &b->port, port);
}
for (port = tmp->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&tmp_c->port, port);
DetectPortInsertCopy(de_ctx, &tmp_c->port, port);
}
tmp->cnt += a->cnt;
@ -224,13 +225,13 @@ int DetectAddressGroupCutIPv4(DetectAddressGroup *a, DetectAddressGroup *b, Dete
b->ad->ip2[0] = htonl(b_ip2);
/* 'b' overlaps 'a' so 'a' needs the 'b' sigs */
SigGroupHeadCopySigs(b->sh,&a->sh);
SigGroupHeadCopySigs(de_ctx, b->sh, &a->sh);
//printf("a: "); DetectAddressDataPrint(a->ad); printf(": "); DbgPrintSigs2(a->sh);
//printf("b: "); DetectAddressDataPrint(b->ad); printf(": "); DbgPrintSigs2(b->sh);
for (port = b->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&a->port, port);
DetectPortInsertCopy(de_ctx, &a->port, port);
}
a->cnt += b->cnt;
@ -247,20 +248,20 @@ int DetectAddressGroupCutIPv4(DetectAddressGroup *a, DetectAddressGroup *b, Dete
b->ad->ip2[0] = htonl(a_ip2);
/* 'a' overlaps 'b' so 'b' needs the 'a' sigs */
SigGroupHeadCopySigs(a->sh,&tmp->sh);
SigGroupHeadCopySigs(de_ctx, a->sh, &tmp->sh);
SigGroupHeadClearSigs(a->sh);
SigGroupHeadCopySigs(b->sh,&a->sh);
SigGroupHeadCopySigs(tmp->sh,&b->sh);
SigGroupHeadCopySigs(de_ctx, b->sh, &a->sh);
SigGroupHeadCopySigs(de_ctx, tmp->sh, &b->sh);
SigGroupHeadClearSigs(tmp->sh);
for (port = a->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&tmp->port, a->port);
DetectPortInsertCopy(de_ctx, &tmp->port, a->port);
}
for (port = b->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&a->port, port);
DetectPortInsertCopy(de_ctx, &a->port, port);
}
for (port = tmp->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&b->port, port);
DetectPortInsertCopy(de_ctx, &b->port, port);
}
tmp->cnt += a->cnt;
a->cnt = 0;
@ -295,24 +296,24 @@ int DetectAddressGroupCutIPv4(DetectAddressGroup *a, DetectAddressGroup *b, Dete
/* 'a' gets clean and then 'b' sigs
* 'b' gets clean, then 'a' then 'b' sigs
* 'c' gets 'b' sigs */
SigGroupHeadCopySigs(a->sh,&tmp->sh); /* store old a list */
SigGroupHeadCopySigs(de_ctx, a->sh, &tmp->sh); /* store old a list */
SigGroupHeadClearSigs(a->sh); /* clean a list */
SigGroupHeadCopySigs(b->sh,&tmp_c->sh); /* copy old b to c */
SigGroupHeadCopySigs(b->sh,&a->sh); /* copy old b to a */
SigGroupHeadCopySigs(tmp->sh,&b->sh); /* prepend old a before b */
SigGroupHeadCopySigs(de_ctx, b->sh, &tmp_c->sh); /* copy old b to c */
SigGroupHeadCopySigs(de_ctx, b->sh, &a->sh); /* copy old b to a */
SigGroupHeadCopySigs(de_ctx, tmp->sh, &b->sh); /* prepend old a before b */
SigGroupHeadClearSigs(tmp->sh); /* clean tmp list */
for (port = a->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&tmp->port, port);
DetectPortInsertCopy(de_ctx, &tmp->port, port);
}
for (port = b->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&tmp_c->port, port);
DetectPortInsertCopy(de_ctx, &tmp_c->port, port);
}
for (port = b->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&a->port, port);
DetectPortInsertCopy(de_ctx, &a->port, port);
}
for (port = tmp->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&b->port, port);
DetectPortInsertCopy(de_ctx, &b->port, port);
}
tmp->cnt += a->cnt;
a->cnt = 0;
@ -352,20 +353,20 @@ int DetectAddressGroupCutIPv4(DetectAddressGroup *a, DetectAddressGroup *b, Dete
b->ad->ip2[0] = htonl(a_ip2);
/* 'b' overlaps 'a' so a needs the 'b' sigs */
SigGroupHeadCopySigs(b->sh,&tmp->sh);
SigGroupHeadCopySigs(de_ctx, b->sh, &tmp->sh);
SigGroupHeadClearSigs(b->sh);
SigGroupHeadCopySigs(a->sh,&b->sh);
SigGroupHeadCopySigs(tmp->sh,&a->sh);
SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
SigGroupHeadCopySigs(de_ctx, tmp->sh, &a->sh);
SigGroupHeadClearSigs(tmp->sh);
for (port = b->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&tmp->port, b->port);
DetectPortInsertCopy(de_ctx, &tmp->port, b->port);
}
for (port = a->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&b->port, port);
DetectPortInsertCopy(de_ctx, &b->port, port);
}
for (port = tmp->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&a->port, port);
DetectPortInsertCopy(de_ctx, &a->port, port);
}
tmp->cnt += b->cnt;
b->cnt = 0;
@ -383,10 +384,10 @@ int DetectAddressGroupCutIPv4(DetectAddressGroup *a, DetectAddressGroup *b, Dete
b->ad->ip2[0] = htonl(b_ip2);
/* 'a' overlaps 'b' so a needs the 'a' sigs */
SigGroupHeadCopySigs(a->sh,&b->sh);
SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
for (port = a->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&b->port, port);
DetectPortInsertCopy(de_ctx, &b->port, port);
}
b->cnt += a->cnt;
@ -418,14 +419,14 @@ int DetectAddressGroupCutIPv4(DetectAddressGroup *a, DetectAddressGroup *b, Dete
/* 'a' stays the same wrt sigs
* 'b' keeps it's own sigs and gets a's sigs prepended
* 'c' gets 'a' sigs */
SigGroupHeadCopySigs(a->sh,&b->sh);
SigGroupHeadCopySigs(a->sh,&tmp_c->sh);
SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
SigGroupHeadCopySigs(de_ctx, a->sh, &tmp_c->sh);
for (port = a->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&b->port, port);
DetectPortInsertCopy(de_ctx, &b->port, port);
}
for (port = a->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&tmp_c->port, port);
DetectPortInsertCopy(de_ctx, &tmp_c->port, port);
}
b->cnt += a->cnt;
@ -658,7 +659,7 @@ error:
return -1;
}
int DetectAddressGroupJoinIPv4(DetectAddressGroup *target, DetectAddressGroup *source) {
int DetectAddressGroupJoinIPv4(DetectEngineCtx *de_ctx, DetectAddressGroup *target, DetectAddressGroup *source) {
if (ntohl(source->ad->ip[0]) < ntohl(target->ad->ip[0]))
target->ad->ip[0] = source->ad->ip[0];

@ -10,9 +10,8 @@ int DetectAddressCmpIPv4(DetectAddressData *, DetectAddressData *);
int DetectAddressCutIPv4(DetectAddressData *, DetectAddressData *, DetectAddressData **);
int DetectAddressCutNotIPv4(DetectAddressData *, DetectAddressData **);
int DetectAddressGroupCutIPv4(DetectAddressGroup *, DetectAddressGroup *, DetectAddressGroup **);
int DetectAddressGroupJoinIPv4(DetectAddressGroup *target, DetectAddressGroup *source);
int DetectAddressGroupCutIPv4(DetectEngineCtx *, DetectAddressGroup *, DetectAddressGroup *, DetectAddressGroup **);
int DetectAddressGroupJoinIPv4(DetectEngineCtx *, DetectAddressGroup *target, DetectAddressGroup *source);
#endif /* __DETECT_ADDRESS_IPV4_H__ */

@ -12,6 +12,7 @@
#include "detect-engine-address.h"
#include "detect-engine-siggroup.h"
#include "detect-engine-port.h"
/* return: 1 lt, 0 not lt */
@ -187,7 +188,7 @@ static void AddressCutIPv6Copy(u_int32_t *a, u_int32_t *b) {
b[3] = htonl(a[3]);
}
int DetectAddressGroupCutIPv6(DetectAddressGroup *a, DetectAddressGroup *b, DetectAddressGroup **c) {
int DetectAddressGroupCutIPv6(DetectEngineCtx *de_ctx, DetectAddressGroup *a, DetectAddressGroup *b, DetectAddressGroup **c) {
u_int32_t a_ip1[4] = { ntohl(a->ad->ip[0]), ntohl(a->ad->ip[1]),
ntohl(a->ad->ip[2]), ntohl(a->ad->ip[3]) };
u_int32_t a_ip2[4] = { ntohl(a->ad->ip2[0]), ntohl(a->ad->ip2[1]),
@ -240,14 +241,14 @@ int DetectAddressGroupCutIPv6(DetectAddressGroup *a, DetectAddressGroup *b, Dete
AddressCutIPv6Copy(b_ip2, tmp_c->ad->ip2);
*c = tmp_c;
SigGroupHeadCopySigs(b->sh,&tmp_c->sh); /* copy old b to c */
SigGroupHeadCopySigs(a->sh,&b->sh); /* copy old b to a */
SigGroupHeadCopySigs(de_ctx, b->sh, &tmp_c->sh); /* copy old b to c */
SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh); /* copy old b to a */
for (port = b->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&tmp_c->port, port);
DetectPortInsertCopy(de_ctx, &tmp_c->port, port);
}
for (port = a->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&b->port, port);
DetectPortInsertCopy(de_ctx, &b->port, port);
}
tmp_c->cnt += b->cnt;
@ -282,25 +283,25 @@ int DetectAddressGroupCutIPv6(DetectAddressGroup *a, DetectAddressGroup *b, Dete
/* 'a' gets clean and then 'b' sigs
* 'b' gets clean, then 'a' then 'b' sigs
* 'c' gets 'a' sigs */
SigGroupHeadCopySigs(a->sh,&tmp->sh); /* store old a list */
SigGroupHeadCopySigs(de_ctx, a->sh, &tmp->sh); /* store old a list */
SigGroupHeadClearSigs(a->sh); /* clean a list */
SigGroupHeadCopySigs(tmp->sh,&tmp_c->sh); /* copy old b to c */
SigGroupHeadCopySigs(b->sh,&a->sh); /* copy old b to a */
SigGroupHeadCopySigs(tmp->sh,&b->sh); /* prepend old a before b */
SigGroupHeadCopySigs(de_ctx, tmp->sh, &tmp_c->sh); /* copy old b to c */
SigGroupHeadCopySigs(de_ctx, b->sh,&a->sh); /* copy old b to a */
SigGroupHeadCopySigs(de_ctx, tmp->sh, &b->sh); /* prepend old a before b */
SigGroupHeadClearSigs(tmp->sh); /* clean tmp list */
for (port = a->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&tmp->port, port);
DetectPortInsertCopy(de_ctx,&tmp->port, port);
}
for (port = b->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&a->port, port);
DetectPortInsertCopy(de_ctx,&a->port, port);
}
for (port = tmp->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&b->port, port);
DetectPortInsertCopy(de_ctx,&b->port, port);
}
for (port = tmp->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&tmp_c->port, port);
DetectPortInsertCopy(de_ctx,&tmp_c->port, port);
}
tmp->cnt += a->cnt;
@ -333,10 +334,10 @@ int DetectAddressGroupCutIPv6(DetectAddressGroup *a, DetectAddressGroup *b, Dete
AddressCutIPv6Copy(b_ip2, b->ad->ip2);
/* 'b' overlaps 'a' so 'a' needs the 'b' sigs */
SigGroupHeadCopySigs(b->sh,&a->sh);
SigGroupHeadCopySigs(de_ctx, b->sh,&a->sh);
for (port = b->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&a->port, port);
DetectPortInsertCopy(de_ctx,&a->port, port);
}
a->cnt += b->cnt;
@ -348,20 +349,20 @@ int DetectAddressGroupCutIPv6(DetectAddressGroup *a, DetectAddressGroup *b, Dete
AddressCutIPv6Copy(a_ip2, b->ad->ip2);
/* 'a' overlaps 'b' so 'b' needs the 'a' sigs */
SigGroupHeadCopySigs(a->sh,&tmp->sh);
SigGroupHeadCopySigs(de_ctx, a->sh, &tmp->sh);
SigGroupHeadClearSigs(a->sh);
SigGroupHeadCopySigs(b->sh,&a->sh);
SigGroupHeadCopySigs(tmp->sh,&b->sh);
SigGroupHeadCopySigs(de_ctx, b->sh, &a->sh);
SigGroupHeadCopySigs(de_ctx, tmp->sh, &b->sh);
SigGroupHeadClearSigs(tmp->sh);
for (port = a->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&tmp->port, a->port);
DetectPortInsertCopy(de_ctx,&tmp->port, a->port);
}
for (port = b->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&a->port, port);
DetectPortInsertCopy(de_ctx,&a->port, port);
}
for (port = tmp->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&b->port, port);
DetectPortInsertCopy(de_ctx,&b->port, port);
}
tmp->cnt += a->cnt;
a->cnt = 0;
@ -392,25 +393,25 @@ int DetectAddressGroupCutIPv6(DetectAddressGroup *a, DetectAddressGroup *b, Dete
/* 'a' gets clean and then 'b' sigs
* 'b' gets clean, then 'a' then 'b' sigs
* 'c' gets 'b' sigs */
SigGroupHeadCopySigs(a->sh,&tmp->sh); /* store old a list */
SigGroupHeadCopySigs(de_ctx, a->sh, &tmp->sh); /* store old a list */
SigGroupHeadClearSigs(a->sh); /* clean a list */
SigGroupHeadCopySigs(b->sh,&tmp_c->sh); /* copy old b to c */
SigGroupHeadCopySigs(b->sh,&a->sh); /* copy old b to a */
SigGroupHeadCopySigs(tmp->sh,&b->sh); /* prepend old a before b */
SigGroupHeadCopySigs(de_ctx, b->sh, &tmp_c->sh); /* copy old b to c */
SigGroupHeadCopySigs(de_ctx, b->sh, &a->sh); /* copy old b to a */
SigGroupHeadCopySigs(de_ctx, tmp->sh, &b->sh); /* prepend old a before b */
SigGroupHeadClearSigs(tmp->sh); /* clean tmp list */
for (port = a->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&tmp->port, port);
DetectPortInsertCopy(de_ctx,&tmp->port, port);
}
for (port = b->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&tmp_c->port, port);
DetectPortInsertCopy(de_ctx,&tmp_c->port, port);
}
for (port = b->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&a->port, port);
DetectPortInsertCopy(de_ctx,&a->port, port);
}
for (port = tmp->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&b->port, port);
DetectPortInsertCopy(de_ctx,&b->port, port);
}
tmp->cnt += a->cnt;
a->cnt = 0;
@ -442,20 +443,20 @@ int DetectAddressGroupCutIPv6(DetectAddressGroup *a, DetectAddressGroup *b, Dete
AddressCutIPv6Copy(a_ip2, b->ad->ip2);
/* 'b' overlaps 'a' so a needs the 'b' sigs */
SigGroupHeadCopySigs(b->sh,&tmp->sh);
SigGroupHeadCopySigs(de_ctx, b->sh, &tmp->sh);
SigGroupHeadClearSigs(b->sh);
SigGroupHeadCopySigs(a->sh,&b->sh);
SigGroupHeadCopySigs(tmp->sh,&a->sh);
SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
SigGroupHeadCopySigs(de_ctx, tmp->sh, &a->sh);
SigGroupHeadClearSigs(tmp->sh);
for (port = b->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&tmp->port, b->port);
DetectPortInsertCopy(de_ctx,&tmp->port, b->port);
}
for (port = a->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&b->port, port);
DetectPortInsertCopy(de_ctx,&b->port, port);
}
for (port = tmp->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&a->port, port);
DetectPortInsertCopy(de_ctx,&a->port, port);
}
tmp->cnt += b->cnt;
b->cnt = 0;
@ -470,10 +471,10 @@ int DetectAddressGroupCutIPv6(DetectAddressGroup *a, DetectAddressGroup *b, Dete
AddressCutIPv6Copy(b_ip2, b->ad->ip2);
/* 'a' overlaps 'b' so a needs the 'a' sigs */
SigGroupHeadCopySigs(a->sh,&b->sh);
SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
for (port = a->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&b->port, port);
DetectPortInsertCopy(de_ctx,&b->port, port);
}
b->cnt += a->cnt;
@ -501,14 +502,14 @@ int DetectAddressGroupCutIPv6(DetectAddressGroup *a, DetectAddressGroup *b, Dete
/* 'a' stays the same wrt sigs
* 'b' keeps it's own sigs and gets a's sigs prepended
* 'c' gets 'a' sigs */
SigGroupHeadCopySigs(a->sh,&b->sh);
SigGroupHeadCopySigs(a->sh,&tmp_c->sh);
SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
SigGroupHeadCopySigs(de_ctx, a->sh, &tmp_c->sh);
for (port = a->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&b->port, port);
DetectPortInsertCopy(de_ctx,&b->port, port);
}
for (port = a->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&tmp_c->port, port);
DetectPortInsertCopy(de_ctx,&tmp_c->port, port);
}
b->cnt += a->cnt;
@ -743,7 +744,7 @@ error:
return -1;
}
int DetectAddressGroupJoinIPv6(DetectAddressGroup *target, DetectAddressGroup *source) {
int DetectAddressGroupJoinIPv6(DetectEngineCtx *de_ctx, DetectAddressGroup *target, DetectAddressGroup *source) {
if (AddressIPv6Lt(source->ad->ip,target->ad->ip)) {
target->ad->ip[0] = source->ad->ip[0];
target->ad->ip[1] = source->ad->ip[1];

@ -16,9 +16,8 @@ int DetectAddressCutIPv6(DetectAddressData *, DetectAddressData *, DetectAddress
int DetectAddressCutNotIPv6(DetectAddressData *, DetectAddressData **);
int DetectAddressCmpIPv6(DetectAddressData *, DetectAddressData *);
int DetectAddressGroupCutIPv6(DetectAddressGroup *, DetectAddressGroup *, DetectAddressGroup **);
int DetectAddressGroupJoinIPv6(DetectAddressGroup *, DetectAddressGroup *);
int DetectAddressGroupCutIPv6(DetectEngineCtx *, DetectAddressGroup *, DetectAddressGroup *, DetectAddressGroup **);
int DetectAddressGroupJoinIPv6(DetectEngineCtx *, DetectAddressGroup *, DetectAddressGroup *);
void DetectAddressIPv6Tests(void);

@ -19,8 +19,9 @@
#include "detect-engine-address.h"
#include "detect-engine-address-ipv4.h"
#include "detect-engine-address-ipv6.h"
#include "detect-engine-port.h"
int DetectAddressSetup (Signature *s, SigMatch *m, char *sidstr);
int DetectAddressSetup (DetectEngineCtx *, Signature *s, SigMatch *m, char *sidstr);
void DetectAddressTests (void);
void DetectAddressRegister (void) {
@ -35,7 +36,7 @@ void DetectAddressRegister (void) {
void DetectAddressDataPrint(DetectAddressData *);
int DetectAddressCut(DetectAddressData *, DetectAddressData *, DetectAddressData **);
int DetectAddressCutNot(DetectAddressData *, DetectAddressData **);
int DetectAddressGroupCut(DetectAddressGroup *, DetectAddressGroup *, DetectAddressGroup **);
int DetectAddressGroupCut(DetectEngineCtx *, DetectAddressGroup *, DetectAddressGroup *, DetectAddressGroup **);
/* memory usage counters */
static u_int32_t detect_address_group_memory = 0;
@ -238,7 +239,7 @@ static DetectAddressGroup *GetHeadPtr(DetectAddressGroupsHead *gh, DetectAddress
* 0: not inserted, memory of new is freed
* 1: inserted
* */
int DetectAddressGroupInsert(DetectAddressGroupsHead *gh, DetectAddressGroup *new) {
int DetectAddressGroupInsert(DetectEngineCtx *de_ctx, DetectAddressGroupsHead *gh, DetectAddressGroup *new) {
DetectAddressGroup *head = NULL;
if (new == NULL)
@ -273,9 +274,9 @@ int DetectAddressGroupInsert(DetectAddressGroupsHead *gh, DetectAddressGroup *ne
if (cur != new) {
DetectPort *port = new->port;
for ( ; port != NULL; port = port->next) {
DetectPortInsertCopy(&cur->port,port);
DetectPortInsertCopy(de_ctx,&cur->port,port);
}
SigGroupHeadCopySigs(new->sh,&cur->sh);
SigGroupHeadCopySigs(de_ctx,new->sh,&cur->sh);
cur->cnt += new->cnt;
DetectAddressGroupFree(new);
return 0;
@ -325,13 +326,13 @@ int DetectAddressGroupInsert(DetectAddressGroupsHead *gh, DetectAddressGroup *ne
printf("DetectAddressGroupInsert: ADDRESS_ES\n");
#endif
DetectAddressGroup *c = NULL;
r = DetectAddressGroupCut(cur,new,&c);
DetectAddressGroupInsert(gh, new);
r = DetectAddressGroupCut(de_ctx, cur,new,&c);
DetectAddressGroupInsert(de_ctx, gh, new);
if (c) {
#ifdef DBG
printf("DetectAddressGroupInsert: inserting C "); DetectAddressDataPrint(c->ad); printf("\n");
#endif
DetectAddressGroupInsert(gh, c);
DetectAddressGroupInsert(de_ctx, gh, c);
}
return 1;
} else if (r == ADDRESS_EB) {
@ -339,14 +340,14 @@ int DetectAddressGroupInsert(DetectAddressGroupsHead *gh, DetectAddressGroup *ne
printf("ADDRESS_EB\n");
#endif
DetectAddressGroup *c = NULL;
r = DetectAddressGroupCut(cur,new,&c);
r = DetectAddressGroupCut(de_ctx, cur,new,&c);
//printf("DetectAddressGroupCut returned %d\n", r);
DetectAddressGroupInsert(gh, new);
DetectAddressGroupInsert(de_ctx, gh, new);
if (c) {
#ifdef DBG
printf("DetectAddressGroupInsert: inserting C "); DetectAddressDataPrint(c->ad); printf("\n");
#endif
DetectAddressGroupInsert(gh, c);
DetectAddressGroupInsert(de_ctx, gh, c);
}
return 1;
} else if (r == ADDRESS_LE) {
@ -354,13 +355,13 @@ int DetectAddressGroupInsert(DetectAddressGroupsHead *gh, DetectAddressGroup *ne
printf("ADDRESS_LE\n");
#endif
DetectAddressGroup *c = NULL;
r = DetectAddressGroupCut(cur,new,&c);
DetectAddressGroupInsert(gh, new);
r = DetectAddressGroupCut(de_ctx, cur,new,&c);
DetectAddressGroupInsert(de_ctx, gh, new);
if (c) {
#ifdef DBG
printf("DetectAddressGroupInsert: inserting C "); DetectAddressDataPrint(c->ad); printf("\n");
#endif
DetectAddressGroupInsert(gh, c);
DetectAddressGroupInsert(de_ctx, gh, c);
}
return 1;
} else if (r == ADDRESS_GE) {
@ -368,13 +369,13 @@ int DetectAddressGroupInsert(DetectAddressGroupsHead *gh, DetectAddressGroup *ne
printf("DetectAddressGroupInsert: ADDRESS_GE\n");
#endif
DetectAddressGroup *c = NULL;
r = DetectAddressGroupCut(cur,new,&c);
DetectAddressGroupInsert(gh, new);
r = DetectAddressGroupCut(de_ctx, cur,new,&c);
DetectAddressGroupInsert(de_ctx, gh, new);
if (c) {
#ifdef DBG
printf("DetectAddressGroupInsert: inserting C "); DetectAddressDataPrint(c->ad); printf("\n");
#endif
DetectAddressGroupInsert(gh, c);
DetectAddressGroupInsert(de_ctx, gh, c);
}
return 1;
}
@ -396,7 +397,7 @@ error:
return -1;
}
int DetectAddressGroupJoin(DetectAddressGroup *target, DetectAddressGroup *source) {
int DetectAddressGroupJoin(DetectEngineCtx *de_ctx, DetectAddressGroup *target, DetectAddressGroup *source) {
if (target == NULL || source == NULL)
return -1;
@ -404,17 +405,17 @@ int DetectAddressGroupJoin(DetectAddressGroup *target, DetectAddressGroup *sourc
return -1;
target->cnt += source->cnt;
SigGroupHeadCopySigs(source->sh,&target->sh);
SigGroupHeadCopySigs(de_ctx, source->sh,&target->sh);
DetectPort *port = source->port;
for ( ; port != NULL; port = port->next) {
DetectPortInsertCopy(&target->port, port);
DetectPortInsertCopy(de_ctx,&target->port, port);
}
if (target->ad->family == AF_INET) {
return DetectAddressGroupJoinIPv4(target,source);
return DetectAddressGroupJoinIPv4(de_ctx, target,source);
} else if (target->ad->family == AF_INET6) {
return DetectAddressGroupJoinIPv6(target,source);
return DetectAddressGroupJoinIPv6(de_ctx, target,source);
}
return -1;
@ -822,11 +823,11 @@ void DetectAddressGroupsHeadFree(DetectAddressGroupsHead *gh) {
}
}
int DetectAddressGroupCut(DetectAddressGroup *a, DetectAddressGroup *b, DetectAddressGroup **c) {
int DetectAddressGroupCut(DetectEngineCtx *de_ctx, DetectAddressGroup *a, DetectAddressGroup *b, DetectAddressGroup **c) {
if (a->ad->family == AF_INET) {
return DetectAddressGroupCutIPv4(a,b,c);
return DetectAddressGroupCutIPv4(de_ctx, a,b,c);
} else if (a->ad->family == AF_INET6) {
return DetectAddressGroupCutIPv6(a,b,c);
return DetectAddressGroupCutIPv6(de_ctx, a,b,c);
}
return -1;
@ -1108,7 +1109,7 @@ error:
return NULL;
}
int DetectAddressSetup (Signature *s, SigMatch *m, char *addressstr)
int DetectAddressSetup (DetectEngineCtx * de_ctx, Signature *s, SigMatch *m, char *addressstr)
{
char *str = addressstr;
char dubbed = 0;

@ -1,58 +1,6 @@
#ifndef __DETECT_ADDRESS_H__
#define __DETECT_ADDRESS_H__
/* a is ... than b */
enum {
ADDRESS_ER = -1, /* error e.g. compare ipv4 and ipv6 */
ADDRESS_LT, /* smaller [aaa] [bbb] */
ADDRESS_LE, /* smaller with overlap [aa[bab]bb] */
ADDRESS_EQ, /* exactly equal [abababab] */
ADDRESS_ES, /* within [bb[aaa]bb] and [[abab]bbb] and [bbb[abab]] */
ADDRESS_EB, /* completely overlaps [aa[bbb]aa] and [[baba]aaa] and [aaa[baba]] */
ADDRESS_GE, /* bigger with overlap [bb[aba]aa] */
ADDRESS_GT, /* bigger [bbb] [aaa] */
};
#define ADDRESS_FLAG_ANY 0x1
#define ADDRESS_FLAG_NOT 0x2
#define ADDRESS_GROUP_SIGGROUPHEAD_COPY 0x01
#define ADDRESS_GROUP_PORTS_COPY 0x02
#define ADDRESS_GROUP_PORTS_NOTUNIQ 0x04
typedef struct DetectAddressData_ {
/* XXX convert to use a Address datatype to replace family, ip,ip2*/
u_int8_t family;
u_int32_t ip[4];
u_int32_t ip2[4];
u_int8_t flags;
} DetectAddressData;
typedef struct DetectAddressGroup_ {
/* address data for this group */
DetectAddressData *ad;
/* XXX ptr to rules, or PortGroup or whatever */
struct DetectAddressGroupsHead_ *dst_gh;
struct DetectPort_ *port;
/* signatures that belong in this group */
struct _SigGroupHead *sh;
u_int8_t flags;
/* double linked list */
struct DetectAddressGroup_ *prev;
struct DetectAddressGroup_ *next;
u_int32_t cnt;
} DetectAddressGroup;
typedef struct DetectAddressGroupsHead_ {
DetectAddressGroup *any_head;
DetectAddressGroup *ipv4_head;
DetectAddressGroup *ipv6_head;
} DetectAddressGroupsHead;
/* prototypes */
void DetectAddressRegister (void);
DetectAddressGroupsHead *DetectAddressGroupsHeadInit();
@ -72,10 +20,10 @@ int DetectAddressGroupAdd(DetectAddressGroup **, DetectAddressGroup *);
DetectAddressGroup *DetectAddressGroupLookup(DetectAddressGroup *, DetectAddressData *);
void DetectAddressGroupPrintList(DetectAddressGroup *);
void DetectAddressGroupFree(DetectAddressGroup *);
int DetectAddressGroupInsert(DetectAddressGroupsHead *, DetectAddressGroup *);
int DetectAddressGroupInsert(DetectEngineCtx *, DetectAddressGroupsHead *, DetectAddressGroup *);
void DetectAddressGroupPrintMemory(void);
void DetectAddressGroupCleanupList (DetectAddressGroup *);
int DetectAddressGroupJoin(DetectAddressGroup *target, DetectAddressGroup *source);
int DetectAddressGroupJoin(DetectEngineCtx *, DetectAddressGroup *target, DetectAddressGroup *source);
#endif /* __DETECT_ADDRESS_H__ */

@ -7,6 +7,7 @@
#include "decode.h"
#include "detect.h"
#include "detect-engine.h"
#include "detect-engine-siggroup.h"
#include "detect-engine-mpm.h"
#include "util-mpm.h"
@ -26,7 +27,7 @@ u_int32_t PacketPatternScan(ThreadVars *t, PatternMatcherThread *pmt, Packet *p)
u_int32_t ret;
pmt->pmq.mode = PMQ_MODE_SCAN;
ret = pmt->mc->Scan(pmt->mc, &pmt->mtc, &pmt->pmq, p->tcp_payload, p->tcp_payload_len);
ret = pmt->sgh->mpm_ctx->Scan(pmt->sgh->mpm_ctx, &pmt->mtc, &pmt->pmq, p->tcp_payload, p->tcp_payload_len);
//printf("PacketPatternScan: ret %u\n", ret);
return ret;
@ -36,7 +37,7 @@ u_int32_t PacketPatternMatch(ThreadVars *t, PatternMatcherThread *pmt, Packet *p
u_int32_t ret;
pmt->pmq.mode = PMQ_MODE_SEARCH;
ret = pmt->mc->Search(pmt->mc, &pmt->mtc, &pmt->pmq, p->tcp_payload, p->tcp_payload_len);
ret = pmt->sgh->mpm_ctx->Search(pmt->sgh->mpm_ctx, &pmt->mtc, &pmt->pmq, p->tcp_payload, p->tcp_payload_len);
//printf("PacketPatternMatch: ret %u\n", ret);
return ret;
@ -50,13 +51,16 @@ void PacketPatternCleanup(ThreadVars *t, PatternMatcherThread *pmt) {
}
pmt->pmq.sig_id_array_cnt = 0;
if (pmt->sgh == NULL)
return;
/* content */
if (pmt->mc != NULL && pmt->mc->Cleanup != NULL) {
pmt->mc->Cleanup(&pmt->mtc);
if (pmt->sgh->mpm_ctx != NULL && pmt->sgh->mpm_ctx->Cleanup != NULL) {
pmt->sgh->mpm_ctx->Cleanup(&pmt->mtc);
}
/* uricontent */
if (pmt->mcu != NULL && pmt->mcu->Cleanup != NULL) {
pmt->mcu->Cleanup(&pmt->mtcu);
if (pmt->sgh->mpm_uri_ctx != NULL && pmt->sgh->mpm_uri_ctx->Cleanup != NULL) {
pmt->sgh->mpm_uri_ctx->Cleanup(&pmt->mtcu);
}
}
@ -107,13 +111,11 @@ static int g_content_total = 0;
void DbgPrintScanSearchStats() {
#if 0
printf(": content scan %d, search %d (%02.1f%%) :\n", g_content_scan, g_content_search,
printf(" - MPM: scan %d, search %d (%02.1f%%) :\n", g_content_scan, g_content_search,
(float)(g_content_scan/(float)(g_content_scan+g_content_search))*100);
// printf(": uricontent scan %d, urisearch %d (%02f%%) :\n", g_uricontent_scan, g_uricontent_search,
// (float)(g_uricontent_scan/(float)(g_uricontent_scan+g_uricontent_search))*100);
printf(": content maxdepth %d, total %d (%02.1f%%) :\n", g_content_maxdepth, g_content_total,
printf(" - MPM: maxdepth %d, total %d (%02.1f%%) :\n", g_content_maxdepth, g_content_total,
(float)(g_content_maxdepth/(float)(g_content_total))*100);
printf(": content minoffset %d, total %d (%02.1f%%) :\n", g_content_minoffset, g_content_total,
printf(" - MPM: minoffset %d, total %d (%02.1f%%) :\n", g_content_minoffset, g_content_total,
(float)(g_content_minoffset/(float)(g_content_total))*100);
#endif
}
@ -181,7 +183,7 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh)
MpmInitCtx(sh->mpm_uri_ctx, PM);
}
u_int16_t mpm_content_scan_maxlen = 65535, mpm_uricontent_scan_maxlen = 65535;
//u_int16_t mpm_content_scan_maxlen = 65535, mpm_uricontent_scan_maxlen = 65535;
u_int32_t mpm_content_cnt = 0, mpm_uricontent_cnt = 0;
u_int16_t mpm_content_maxdepth = 65535, mpm_content_minoffset = 65535;
u_int16_t mpm_content_maxdepth_one = 65535, mpm_content_minoffset_one = 65535;
@ -417,7 +419,11 @@ error:
return -1;
}
int PatternMatcherThreadInit(ThreadVars *t, void **data) {
int PatternMatcherThreadInit(ThreadVars *t, void *initdata, void **data) {
DetectEngineCtx *de_ctx = (DetectEngineCtx *)initdata;
if (de_ctx == NULL)
return -1;
PatternMatcherThread *pmt = malloc(sizeof(PatternMatcherThread));
if (pmt == NULL) {
return -1;
@ -430,9 +436,9 @@ int PatternMatcherThreadInit(ThreadVars *t, void **data) {
* of the content and uricontent id's so our match lookup
* table is always big enough
*/
mpm_ctx[0].InitThreadCtx(&mpm_ctx[0], &pmt->mtc, DetectContentMaxId());
mpm_ctx[0].InitThreadCtx(&mpm_ctx[0], &pmt->mtcu, DetectUricontentMaxId());
u_int32_t max_sig_id = SigGetMaxId();
mpm_ctx[0].InitThreadCtx(&mpm_ctx[0], &pmt->mtc, DetectContentMaxId(de_ctx));
mpm_ctx[0].InitThreadCtx(&mpm_ctx[0], &pmt->mtcu, DetectUricontentMaxId(de_ctx));
u_int32_t max_sig_id = DetectEngineGetMaxSigId(de_ctx);
/* sig callback testing stuff below */
pmt->pmq.sig_id_array = malloc(max_sig_id * sizeof(u_int32_t));

@ -4,7 +4,9 @@
/* XXX remove once */
MpmCtx mpm_ctx[1];
u_int32_t PacketPatternScan(ThreadVars *, PatternMatcherThread *, Packet *);
u_int32_t PacketPatternMatch(ThreadVars *, PatternMatcherThread *, Packet *);
void PacketPatternCleanup(ThreadVars *, PatternMatcherThread *);
void PatternMatchPrepare(MpmCtx *);
int PatternMatchPrepareGroup(DetectEngineCtx *, SigGroupHead *);
@ -12,7 +14,7 @@ void PatternMatcherThreadInfo(ThreadVars *, PatternMatcherThread *);
void PatternMatchDestroy(MpmCtx *);
void PatternMatchDestroyGroup(SigGroupHead *);
int PatternMatcherThreadInit(ThreadVars *, void **);
int PatternMatcherThreadInit(ThreadVars *, void *, void **);
int PatternMatcherThreadDeinit(ThreadVars *, void *);
#endif /* __DETECT_MPM_H__ */

File diff suppressed because it is too large Load Diff

@ -1,54 +1,15 @@
#ifndef __DETECT_PORT_H__
#define __DETECT_PORT_H__
/* a is ... than b */
enum {
PORT_ER = -1, /* error e.g. compare ipv4 and ipv6 */
PORT_LT, /* smaller [aaa] [bbb] */
PORT_LE, /* smaller with overlap [aa[bab]bb] */
PORT_EQ, /* exactly equal [abababab] */
PORT_ES, /* within [bb[aaa]bb] and [[abab]bbb] and [bbb[abab]] */
PORT_EB, /* completely overlaps [aa[bbb]aa] and [[baba]aaa] and [aaa[baba]] */
PORT_GE, /* bigger with overlap [bb[aba]aa] */
PORT_GT, /* bigger [bbb] [aaa] */
};
#define PORT_FLAG_ANY 0x1
#define PORT_FLAG_NOT 0x2
#define PORT_SIGGROUPHEAD_COPY 0x04
#define PORT_GROUP_PORTS_COPY 0x08
typedef struct DetectPort_ {
u_int8_t flags;
u_int16_t port;
u_int16_t port2;
/* signatures that belong in this group */
struct _SigGroupHead *sh;
struct DetectPort_ *dst_ph;
/* double linked list */
union {
struct DetectPort_ *prev;
struct DetectPort_ *hnext; /* hash next */
};
struct DetectPort_ *next;
u_int32_t cnt;
} DetectPort;
/* prototypes */
void DetectPortRegister (void);
int DetectPortParse(DetectPort **head, char *str);
DetectPort *DetectPortCopy(DetectPort *);
DetectPort *DetectPortCopySingle(DetectPort *);
int DetectPortInsertCopy(DetectPort **, DetectPort *);
int DetectPortInsert(DetectPort **, DetectPort *);
DetectPort *DetectPortCopy(DetectEngineCtx *, DetectPort *);
DetectPort *DetectPortCopySingle(DetectEngineCtx *, DetectPort *);
int DetectPortInsertCopy(DetectEngineCtx *,DetectPort **, DetectPort *);
int DetectPortInsert(DetectEngineCtx *,DetectPort **, DetectPort *);
void DetectPortCleanupList (DetectPort *head);
DetectPort *DetectPortLookup(DetectPort *head, DetectPort *dp);
@ -58,25 +19,24 @@ DetectPort *DetectPortLookupGroup(DetectPort *dp, u_int16_t port);
void DetectPortPrintMemory(void);
DetectPort *DetectPortHashLookup(DetectPort *p);
DetectPort **DetectPortHashGetPtr(void);
DetectPort *DetectPortHashGetListPtr(void);
u_int32_t DetectPortHashGetSize(void);
int DetectPortHashInit(void);
void DetectPortHashFree(void);
int DetectPortHashAdd(DetectPort *p);
void DetectPortHashReset(void);
DetectPort *DetectPortDpHashLookup(DetectEngineCtx *, DetectPort *);
DetectPort *DetectPortDpHashGetListPtr(DetectEngineCtx *);
int DetectPortDpHashInit(DetectEngineCtx *);
void DetectPortDpHashFree(DetectEngineCtx *);
int DetectPortDpHashAdd(DetectEngineCtx *, DetectPort *);
void DetectPortDpHashReset(DetectEngineCtx *);
DetectPort *DetectPortSpHashLookup(DetectEngineCtx *, DetectPort *);
int DetectPortSpHashInit(DetectEngineCtx *);
void DetectPortSpHashFree(DetectEngineCtx *);
int DetectPortSpHashAdd(DetectEngineCtx *, DetectPort *);
void DetectPortSpHashReset(DetectEngineCtx *);
DetectPort *DetectPortSpHashLookup(DetectPort *p);
DetectPort **DetectPortSpHashGetPtr(void);
DetectPort *DetectPortSpHashGetListPtr(void);
u_int32_t DetectPortSpHashGetSize(void);
int DetectPortSpHashInit(void);
void DetectPortSpHashFree(void);
int DetectPortSpHashAdd(DetectPort *p);
void DetectPortSpHashReset(void);
int DetectPortJoin(DetectEngineCtx *,DetectPort *target, DetectPort *source);
int DetectPortJoin(DetectPort *target, DetectPort *source);
void DetectPortPrint(DetectPort *);
int DetectPortCmp(DetectPort *, DetectPort *);
void DetectPortFree(DetectPort *);
#endif /* __DETECT_PORT_H__ */

@ -13,7 +13,7 @@
#include "detect-engine-siggroup.h"
int DetectProtoSetup (Signature *s, SigMatch *m, char *sidstr);
int DetectProtoSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *sidstr);
void DetectProtoTests (void);
void DetectProtoRegister (void) {
@ -67,7 +67,7 @@ int DetectProtoParse(DetectProto *dp, char *str) {
}
/* XXX remove */
int DetectProtoSetup (Signature *s, SigMatch *m, char *str)
int DetectProtoSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *str)
{
return 0;
}

@ -1,3 +1,7 @@
/* sig group
*
*
*/
#include "decode.h"
#include "detect.h"
@ -7,8 +11,16 @@
#include "util-unittest.h"
#include "detect.h"
#include "detect-engine.h"
#include "detect-engine-address.h"
#include "detect-engine-mpm.h"
#include "detect-engine-siggroup.h"
#include "detect-content.h"
#include "detect-uricontent.h"
#include "util-hash.h"
#include "util-hashlist.h"
/* prototypes */
int SigGroupHeadClearSigs(SigGroupHead *);
@ -33,490 +45,359 @@ void SigGroupHeadFree(SigGroupHead *sh) {
if (sh->sig_array != NULL) {
free(sh->sig_array);
sh->sig_array = NULL;
detect_siggroup_sigarray_free_cnt++;
detect_siggroup_sigarray_memory -= sh->sig_size;
}
if (sh->content_array != NULL) {
free(sh->content_array);
sh->content_array = NULL;
sh->content_size = 0;
}
if (sh->uri_content_array != NULL) {
free(sh->uri_content_array);
sh->uri_content_array = NULL;
sh->uri_content_size = 0;
}
if (sh->match_array) {
detect_siggroup_matcharray_init_cnt--;
detect_siggroup_matcharray_memory -= (sh->sig_cnt * sizeof(u_int32_t));
free(sh->match_array);
sh->match_array = NULL;
}
free(sh);
detect_siggroup_head_free_cnt++;
detect_siggroup_head_memory -= sizeof(SigGroupHead);
}
static int SigGroupHeadCmpSigArray(SigGroupHead *a, SigGroupHead *b) {
if (a->sig_size != b->sig_size)
return 0;
if (memcmp(a->sig_array,b->sig_array,a->sig_size) != 0)
return 0;
return 1;
}
/* hashes */
/* XXX eeewww global! move to DetectionEngineCtx once we have that! */
static SigGroupHead **sgh_port_hash = NULL;
static SigGroupHead **sgh_sport_hash = NULL;
static SigGroupHead **sgh_hash = NULL;
static SigGroupHead **sgh_mpm_hash = NULL;
static SigGroupHead **sgh_mpm_uri_hash = NULL;
#define HASH_SIZE 262144
/*
* initialization hashes
*/
/* mpm sgh hash */
/* XXX dynamic size based on number of sigs? */
int SigGroupHeadMpmHashInit(void) {
sgh_mpm_hash = (SigGroupHead **)malloc(sizeof(SigGroupHead *) * HASH_SIZE);
if (sgh_mpm_hash == NULL) {
goto error;
}
memset(sgh_mpm_hash,0,sizeof(SigGroupHead *) * HASH_SIZE);
return 0;
error:
return -1;
}
u_int32_t SigGroupHeadMpmHash(SigGroupHead *sgh) {
u_int32_t hash = sgh->content_size<<8;
u_int32_t SigGroupHeadMpmHashFunc(HashListTable *ht, void *data, u_int16_t datalen) {
SigGroupHead *sgh = (SigGroupHead *)data;
u_int32_t hash = 0;
u_int32_t b;
for (b = 0; b < sgh->content_size; b+=1) {
hash += sgh->content_array[b];
}
return (hash % HASH_SIZE);
return hash % ht->array_size;
}
int SigGroupHeadMpmHashAdd(SigGroupHead *sgh) {
u_int32_t hash = SigGroupHeadMpmHash(sgh);
char SigGroupHeadMpmCompareFunc(void *data1, u_int16_t len1, void *data2, u_int16_t len2) {
SigGroupHead *sgh1 = (SigGroupHead *)data1;
SigGroupHead *sgh2 = (SigGroupHead *)data2;
//printf("SigGroupHeadMpmHashAdd: hash %u\n", hash);
/* easy: no collision */
if (sgh_mpm_hash[hash] == NULL) {
sgh_mpm_hash[hash] = sgh;
if (sgh1->content_size != sgh2->content_size)
return 0;
}
/* harder: collision */
SigGroupHead *h = sgh_mpm_hash[hash], *ph = NULL;
for ( ; h != NULL; h = h->mpm_next) {
ph = h;
}
ph->mpm_next = sgh;
if (memcmp(sgh1->content_array,sgh2->content_array,sgh1->content_size) != 0)
return 0;
return 0;
return 1;
}
SigGroupHead *SigGroupHeadMpmHashLookup(SigGroupHead *sgh) {
u_int32_t hash = SigGroupHeadMpmHash(sgh);
//printf("SigGroupHeadMpmHashLookup: hash %u\n", hash);
/* easy: no sgh at our hash */
if (sgh_mpm_hash[hash] == NULL) {
return NULL;
}
/* see if we have the sgh we're looking for */
SigGroupHead *h = sgh_mpm_hash[hash];
for ( ; h != NULL; h = h->mpm_next) {
if (sgh->content_size == h->content_size &&
memcmp(sgh->content_array,h->content_array,sgh->content_size) == 0) {
return h;
}
}
int SigGroupHeadMpmHashInit(DetectEngineCtx *de_ctx) {
de_ctx->sgh_mpm_hash_table = HashListTableInit(4096, SigGroupHeadMpmHashFunc, SigGroupHeadMpmCompareFunc, NULL);
if (de_ctx->sgh_mpm_hash_table == NULL)
goto error;
return NULL;
return 0;
error:
return -1;
}
void SigGroupHeadMpmHashFree(void) {
free(sgh_mpm_hash);
sgh_mpm_hash = NULL;
int SigGroupHeadMpmHashAdd(DetectEngineCtx *de_ctx, SigGroupHead *sgh) {
return HashListTableAdd(de_ctx->sgh_mpm_hash_table, (void *)sgh, 0);
}
/* mpm uri sgh hash */
SigGroupHead *SigGroupHeadMpmHashLookup(DetectEngineCtx *de_ctx, SigGroupHead *sgh) {
SigGroupHead *rsgh = HashListTableLookup(de_ctx->sgh_mpm_hash_table, (void *)sgh, 0);
return rsgh;
}
/* XXX dynamic size based on number of sigs? */
int SigGroupHeadMpmUriHashInit(void) {
sgh_mpm_uri_hash = (SigGroupHead **)malloc(sizeof(SigGroupHead *) * HASH_SIZE);
if (sgh_mpm_uri_hash == NULL) {
goto error;
}
memset(sgh_mpm_uri_hash,0,sizeof(SigGroupHead *) * HASH_SIZE);
void SigGroupHeadMpmHashFree(DetectEngineCtx *de_ctx) {
if (de_ctx->sgh_mpm_hash_table == NULL)
return;
return 0;
error:
return -1;
HashListTableFree(de_ctx->sgh_mpm_hash_table);
de_ctx->sgh_mpm_hash_table = NULL;
}
u_int32_t SigGroupHeadMpmUriHash(SigGroupHead *sgh) {
u_int32_t hash = sgh->uri_content_size<<8;
/* mpm uri sgh hash */
u_int32_t SigGroupHeadMpmUriHashFunc(HashListTable *ht, void *data, u_int16_t datalen) {
SigGroupHead *sgh = (SigGroupHead *)data;
u_int32_t hash = 0;
u_int32_t b;
for (b = 0; b < sgh->uri_content_size; b+=1) {
hash += sgh->uri_content_array[b];
}
return (hash % HASH_SIZE);
return hash % ht->array_size;
}
int SigGroupHeadMpmUriHashAdd(SigGroupHead *sgh) {
u_int32_t hash = SigGroupHeadMpmUriHash(sgh);
//printf("SigGroupHeadHashAdd: hash %u\n", hash);
char SigGroupHeadMpmUriCompareFunc(void *data1, u_int16_t len1, void *data2, u_int16_t len2) {
SigGroupHead *sgh1 = (SigGroupHead *)data1;
SigGroupHead *sgh2 = (SigGroupHead *)data2;
/* easy: no collision */
if (sgh_mpm_uri_hash[hash] == NULL) {
sgh_mpm_uri_hash[hash] = sgh;
if (sgh1->uri_content_size != sgh2->uri_content_size)
return 0;
}
/* harder: collision */
SigGroupHead *h = sgh_mpm_uri_hash[hash], *ph = NULL;
for ( ; h != NULL; h = h->mpm_uri_next) {
ph = h;
}
ph->mpm_uri_next = sgh;
if (memcmp(sgh1->uri_content_array,sgh2->uri_content_array,sgh1->uri_content_size) != 0)
return 0;
return 0;
return 1;
}
SigGroupHead *SigGroupHeadMpmUriHashLookup(SigGroupHead *sgh) {
u_int32_t hash = SigGroupHeadMpmUriHash(sgh);
//printf("SigGroupHeadHashLookup: hash %u\n", hash);
/* easy: no sgh at our hash */
if (sgh_mpm_uri_hash[hash] == NULL) {
return NULL;
}
/* see if we have the sgh we're looking for */
SigGroupHead *h = sgh_mpm_uri_hash[hash];
for ( ; h != NULL; h = h->mpm_uri_next) {
if (sgh->uri_content_size == h->uri_content_size &&
memcmp(sgh->uri_content_array,h->uri_content_array,sgh->uri_content_size) == 0) {
return h;
}
}
int SigGroupHeadMpmUriHashInit(DetectEngineCtx *de_ctx) {
de_ctx->sgh_mpm_uri_hash_table = HashListTableInit(4096, SigGroupHeadMpmUriHashFunc, SigGroupHeadMpmUriCompareFunc, NULL);
if (de_ctx->sgh_mpm_uri_hash_table == NULL)
goto error;
return NULL;
return 0;
error:
return -1;
}
void SigGroupHeadMpmUriHashFree(void) {
free(sgh_mpm_uri_hash);
sgh_mpm_uri_hash = NULL;
int SigGroupHeadMpmUriHashAdd(DetectEngineCtx *de_ctx, SigGroupHead *sgh) {
return HashListTableAdd(de_ctx->sgh_mpm_uri_hash_table, (void *)sgh, 0);
}
/* non-port sgh hash */
SigGroupHead *SigGroupHeadMpmUriHashLookup(DetectEngineCtx *de_ctx, SigGroupHead *sgh) {
SigGroupHead *rsgh = HashListTableLookup(de_ctx->sgh_mpm_uri_hash_table, (void *)sgh, 0);
return rsgh;
}
/* XXX dynamic size based on number of sigs? */
int SigGroupHeadHashInit(void) {
sgh_hash = (SigGroupHead **)malloc(sizeof(SigGroupHead *) * HASH_SIZE);
if (sgh_hash == NULL) {
goto error;
}
memset(sgh_hash,0,sizeof(SigGroupHead *) * HASH_SIZE);
void SigGroupHeadMpmUriHashFree(DetectEngineCtx *de_ctx) {
if (de_ctx->sgh_mpm_uri_hash_table == NULL)
return;
return 0;
error:
return -1;
HashListTableFree(de_ctx->sgh_mpm_uri_hash_table);
de_ctx->sgh_mpm_uri_hash_table = NULL;
}
u_int32_t SigGroupHeadHash(SigGroupHead *sgh) {
/* non-port sgh hash */
u_int32_t SigGroupHeadHashFunc(HashListTable *ht, void *data, u_int16_t datalen) {
SigGroupHead *sgh = (SigGroupHead *)data;
u_int32_t hash = 0;
u_int32_t b;
for (b = 0; b < sgh->content_size; b+=1) {
hash += sgh->content_array[b];
for (b = 0; b < sgh->sig_size; b+=1) {
hash += sgh->sig_array[b];
}
return (hash % HASH_SIZE);
return hash % ht->array_size;
}
int SigGroupHeadHashAdd(SigGroupHead *sgh) {
u_int32_t hash = SigGroupHeadHash(sgh);
//printf("SigGroupHeadHashAdd: hash %u\n", hash);
char SigGroupHeadCompareFunc(void *data1, u_int16_t len1, void *data2, u_int16_t len2) {
SigGroupHead *sgh1 = (SigGroupHead *)data1;
SigGroupHead *sgh2 = (SigGroupHead *)data2;
/* easy: no collision */
if (sgh_hash[hash] == NULL) {
sgh_hash[hash] = sgh;
if (sgh1->sig_size != sgh2->sig_size)
return 0;
}
/* harder: collision */
SigGroupHead *h = sgh_hash[hash], *ph = NULL;
for ( ; h != NULL; h = h->next) {
ph = h;
}
ph->next = sgh;
if (memcmp(sgh1->sig_array,sgh2->sig_array,sgh1->sig_size) != 0)
return 0;
return 0;
return 1;
}
SigGroupHead *SigGroupHeadHashLookup(SigGroupHead *sgh) {
u_int32_t hash = SigGroupHeadHash(sgh);
//printf("SigGroupHeadHashLookup: hash %u\n", hash);
/* sgh */
/* easy: no sgh at our hash */
if (sgh_hash[hash] == NULL) {
return NULL;
}
int SigGroupHeadHashInit(DetectEngineCtx *de_ctx) {
de_ctx->sgh_hash_table = HashListTableInit(4096, SigGroupHeadHashFunc, SigGroupHeadCompareFunc, NULL);
if (de_ctx->sgh_hash_table == NULL)
goto error;
/* see if we have the sgh we're looking for */
SigGroupHead *h = sgh_hash[hash];
for ( ; h != NULL; h = h->next) {
if (SigGroupHeadCmpSigArray(sgh,h) == 1) {
return h;
}
}
return 0;
error:
return -1;
}
return NULL;
int SigGroupHeadHashAdd(DetectEngineCtx *de_ctx, SigGroupHead *sgh) {
return HashListTableAdd(de_ctx->sgh_hash_table, (void *)sgh, 0);
}
void SigGroupHeadHashFree(void) {
free(sgh_hash);
sgh_hash = NULL;
SigGroupHead *SigGroupHeadHashLookup(DetectEngineCtx *de_ctx, SigGroupHead *sgh) {
SigGroupHead *rsgh = HashListTableLookup(de_ctx->sgh_hash_table, (void *)sgh, 0);
return rsgh;
}
void SigGroupHeadHashFree(DetectEngineCtx *de_ctx) {
if (de_ctx->sgh_hash_table == NULL)
return;
HashListTableFree(de_ctx->sgh_hash_table);
de_ctx->sgh_hash_table = NULL;
}
/* port based sgh hash */
/* XXX dynamic size based on number of sigs? */
int SigGroupHeadPortHashInit(void) {
sgh_port_hash = (SigGroupHead **)malloc(sizeof(SigGroupHead *) * HASH_SIZE);
if (sgh_port_hash == NULL) {
/* dport */
int SigGroupHeadDPortHashInit(DetectEngineCtx *de_ctx) {
de_ctx->sgh_dport_hash_table = HashListTableInit(4096, SigGroupHeadHashFunc, SigGroupHeadCompareFunc, NULL);
if (de_ctx->sgh_dport_hash_table == NULL)
goto error;
}
memset(sgh_port_hash,0,sizeof(SigGroupHead *) * HASH_SIZE);
return 0;
error:
return -1;
}
int SigGroupHeadPortHashAdd(SigGroupHead *sgh) {
u_int32_t hash = SigGroupHeadHash(sgh);
//printf("SigGroupHeadHashAdd: hash %u\n", hash);
/* easy: no collision */
if (sgh_port_hash[hash] == NULL) {
sgh_port_hash[hash] = sgh;
return 0;
}
/* harder: collision */
SigGroupHead *h = sgh_port_hash[hash], *ph = NULL;
for ( ; h != NULL; h = h->next) {
ph = h;
}
ph->next = sgh;
return 0;
int SigGroupHeadDPortHashAdd(DetectEngineCtx *de_ctx, SigGroupHead *sgh) {
return HashListTableAdd(de_ctx->sgh_dport_hash_table, (void *)sgh, 0);
}
SigGroupHead *SigGroupHeadPortHashLookup(SigGroupHead *sgh) {
u_int32_t hash = SigGroupHeadHash(sgh);
//printf("SigGroupHeadHashLookup: hash %u\n", hash);
/* easy: no sgh at our hash */
if (sgh_port_hash[hash] == NULL) {
return NULL;
}
SigGroupHead *SigGroupHeadDPortHashLookup(DetectEngineCtx *de_ctx, SigGroupHead *sgh) {
SigGroupHead *rsgh = HashListTableLookup(de_ctx->sgh_dport_hash_table, (void *)sgh, 0);
return rsgh;
}
/* see if we have the sgh we're looking for */
SigGroupHead *h = sgh_port_hash[hash];
for ( ; h != NULL; h = h->next) {
if (SigGroupHeadCmpSigArray(sgh,h) == 1) {
return h;
}
}
void SigGroupHeadDPortHashFree(DetectEngineCtx *de_ctx) {
if (de_ctx->dport_hash_table == NULL)
return;
return NULL;
HashListTableFree(de_ctx->sgh_dport_hash_table);
de_ctx->sgh_dport_hash_table = NULL;
}
void SigGroupHeadPortHashFree(void) {
free(sgh_port_hash);
sgh_port_hash = NULL;
}
/* sport */
/* XXX dynamic size based on number of sigs? */
int SigGroupHeadSPortHashInit(void) {
sgh_sport_hash = (SigGroupHead **)malloc(sizeof(SigGroupHead *) * HASH_SIZE);
if (sgh_sport_hash == NULL) {
int SigGroupHeadSPortHashInit(DetectEngineCtx *de_ctx) {
de_ctx->sgh_sport_hash_table = HashListTableInit(4096, SigGroupHeadHashFunc, SigGroupHeadCompareFunc, NULL);
if (de_ctx->sgh_sport_hash_table == NULL)
goto error;
}
memset(sgh_sport_hash,0,sizeof(SigGroupHead *) * HASH_SIZE);
return 0;
error:
return -1;
}
int SigGroupHeadSPortHashAdd(SigGroupHead *sgh) {
u_int32_t hash = SigGroupHeadHash(sgh);
//printf("SigGroupHeadHashAdd: hash %u\n", hash);
/* easy: no collision */
if (sgh_sport_hash[hash] == NULL) {
sgh_sport_hash[hash] = sgh;
return 0;
}
/* harder: collision */
SigGroupHead *h = sgh_sport_hash[hash], *ph = NULL;
for ( ; h != NULL; h = h->next) {
ph = h;
}
ph->next = sgh;
return 0;
int SigGroupHeadSPortHashAdd(DetectEngineCtx *de_ctx, SigGroupHead *sgh) {
return HashListTableAdd(de_ctx->sgh_sport_hash_table, (void *)sgh, 0);
}
SigGroupHead *SigGroupHeadSPortHashLookup(SigGroupHead *sgh) {
u_int32_t hash = SigGroupHeadHash(sgh);
SigGroupHead *SigGroupHeadSPortHashLookup(DetectEngineCtx *de_ctx, SigGroupHead *sgh) {
SigGroupHead *rsgh = HashListTableLookup(de_ctx->sgh_sport_hash_table, (void *)sgh, 0);
return rsgh;
}
//printf("SigGroupHeadHashLookup: hash %u\n", hash);
void SigGroupHeadSPortHashFree(DetectEngineCtx *de_ctx) {
if (de_ctx->sport_hash_table == NULL)
return;
/* easy: no sgh at our hash */
if (sgh_sport_hash[hash] == NULL) {
return NULL;
}
HashListTableFree(de_ctx->sgh_sport_hash_table);
de_ctx->sgh_sport_hash_table = NULL;
}
/* see if we have the sgh we're looking for */
SigGroupHead *h = sgh_sport_hash[hash];
for ( ; h != NULL; h = h->next) {
if (SigGroupHeadCmpSigArray(sgh,h) == 1) {
return h;
}
}
/* end hashes */
return NULL;
}
static void SigGroupHeadFreeSigArraysHash2(DetectEngineCtx *de_ctx, HashListTable *ht) {
HashListTableBucket *htb = NULL;
void SigGroupHeadSPortHashFree(void) {
free(sgh_sport_hash);
sgh_sport_hash = NULL;
}
for (htb = HashListTableGetListHead(ht); htb != NULL; htb = HashListTableGetListNext(htb)) {
SigGroupHead *sgh = (SigGroupHead *)HashListTableGetListData(htb);
/* end hashes */
if (sgh->sig_array != NULL) {
detect_siggroup_sigarray_free_cnt++;
detect_siggroup_sigarray_memory -= sgh->sig_size;
void SigGroupHeadFreeHeads(void) {
SigGroupHead *b, *nb, *pb;
free(sgh->sig_array);
sgh->sig_array = NULL;
sgh->sig_size = 0;
}
u_int32_t hash = 0;
for ( ; hash < HASH_SIZE; hash++) {
b = sgh_hash[hash];
for ( ; b != NULL; ) {
nb = b->next;
if (b->flags & SIG_GROUP_HEAD_FREE) {
printf("SigGroupHeadFreeHeads: want to free %p\n", b);
//#if 0
SigGroupHeadFree(b);
/* remove from the hash as well */
if (b == sgh_hash[hash]) {
sgh_hash[hash] = nb;
} else {
pb->next = nb;
}
//#endif
}
if (sgh->content_array != NULL) {
free(sgh->content_array);
sgh->content_array = NULL;
sgh->content_size = 0;
}
pb = b;
b = nb;
if (sgh->uri_content_array != NULL) {
free(sgh->uri_content_array);
sgh->uri_content_array = NULL;
sgh->uri_content_size = 0;
}
}
}
static void SigGroupHeadFreeSigArraysHash(SigGroupHead **hashtbl) {
SigGroupHead *b;
static void SigGroupHeadFreeSigArraysHash(DetectEngineCtx *de_ctx, HashListTable *ht) {
HashListTableBucket *htb = NULL;
u_int32_t hash = 0;
for ( ; hash < HASH_SIZE; hash++) {
b = hashtbl[hash];
for ( ; b != NULL; b = b->next) {
if (b->sig_array != NULL) {
detect_siggroup_sigarray_free_cnt++;
detect_siggroup_sigarray_memory -= b->sig_size;
free(b->sig_array);
b->sig_array = NULL;
b->sig_size = 0;
}
for (htb = HashListTableGetListHead(ht); htb != NULL; htb = HashListTableGetListNext(htb)) {
SigGroupHead *sgh = (SigGroupHead *)HashListTableGetListData(htb);
if (sgh->sig_array != NULL) {
detect_siggroup_sigarray_free_cnt++;
detect_siggroup_sigarray_memory -= sgh->sig_size;
free(sgh->sig_array);
sgh->sig_array = NULL;
sgh->sig_size = 0;
}
}
}
/* Free the sigarrays in the sgh's. Those are only
* used during the init stage. */
void SigGroupHeadFreeSigArrays(void) {
SigGroupHeadFreeSigArraysHash(sgh_hash);
SigGroupHeadFreeSigArraysHash(sgh_port_hash);
SigGroupHeadFreeSigArraysHash(sgh_sport_hash);
void SigGroupHeadFreeSigArrays(DetectEngineCtx *de_ctx) {
SigGroupHeadFreeSigArraysHash2(de_ctx, de_ctx->sgh_hash_table);
SigGroupHeadFreeSigArraysHash(de_ctx, de_ctx->sgh_dport_hash_table);
SigGroupHeadFreeSigArraysHash(de_ctx, de_ctx->sgh_sport_hash_table);
}
/* Free the mpm arrays that are only used during the
* init stage */
void SigGroupHeadFreeMpmArrays(void) {
SigGroupHead *b;
void SigGroupHeadFreeMpmArrays(DetectEngineCtx *de_ctx) {
HashListTableBucket *htb = NULL;
u_int32_t hash = 0;
for ( ; hash < HASH_SIZE; hash++) {
b = sgh_hash[hash];
for ( ; b != NULL; b = b->next) {
if (b->content_array != NULL) {
free(b->content_array);
b->content_array = NULL;
b->content_size = 0;
}
if (b->uri_content_array != NULL) {
free(b->uri_content_array);
b->uri_content_array = NULL;
b->uri_content_size = 0;
}
for (htb = HashListTableGetListHead(de_ctx->sgh_dport_hash_table); htb != NULL; htb = HashListTableGetListNext(htb)) {
SigGroupHead *sgh = (SigGroupHead *)HashListTableGetListData(htb);
if (sgh->content_array != NULL) {
free(sgh->content_array);
sgh->content_array = NULL;
sgh->content_size = 0;
}
b = sgh_port_hash[hash];
for ( ; b != NULL; b = b->next) {
if (b->content_array != NULL) {
free(b->content_array);
b->content_array = NULL;
b->content_size = 0;
}
if (b->uri_content_array != NULL) {
free(b->uri_content_array);
b->uri_content_array = NULL;
b->uri_content_size = 0;
}
if (sgh->uri_content_array != NULL) {
free(sgh->uri_content_array);
sgh->uri_content_array = NULL;
sgh->uri_content_size = 0;
}
b = sgh_sport_hash[hash];
for ( ; b != NULL; b = b->next) {
if (b->content_array != NULL) {
free(b->content_array);
b->content_array = NULL;
b->content_size = 0;
}
if (b->uri_content_array != NULL) {
free(b->uri_content_array);
b->uri_content_array = NULL;
b->uri_content_size = 0;
}
}
for (htb = HashListTableGetListHead(de_ctx->sgh_sport_hash_table); htb != NULL; htb = HashListTableGetListNext(htb)) {
SigGroupHead *sgh = (SigGroupHead *)HashListTableGetListData(htb);
if (sgh->content_array != NULL) {
free(sgh->content_array);
sgh->content_array = NULL;
sgh->content_size = 0;
}
if (sgh->uri_content_array != NULL) {
free(sgh->uri_content_array);
sgh->uri_content_array = NULL;
sgh->uri_content_size = 0;
}
}
}
int SigGroupHeadAppendSig(SigGroupHead **sh, Signature *s) {
int SigGroupHeadAppendSig(DetectEngineCtx *de_ctx, SigGroupHead **sh, Signature *s) {
if (de_ctx == NULL)
return 0;
/* see if we have a head already */
if (*sh == NULL) {
*sh = malloc(sizeof(SigGroupHead));
@ -529,7 +410,7 @@ int SigGroupHeadAppendSig(SigGroupHead **sh, Signature *s) {
detect_siggroup_head_memory += sizeof(SigGroupHead);
/* initialize the signature bitarray */
(*sh)->sig_size = SigGetMaxId() / 8 + 1;
(*sh)->sig_size = DetectEngineGetMaxSigId(de_ctx) / 8 + 1;
(*sh)->sig_array = malloc((*sh)->sig_size);
if ((*sh)->sig_array == NULL)
goto error;
@ -558,8 +439,8 @@ int SigGroupHeadClearSigs(SigGroupHead *sh) {
return 0;
}
int SigGroupHeadCopySigs(SigGroupHead *src, SigGroupHead **dst) {
if (src == NULL)
int SigGroupHeadCopySigs(DetectEngineCtx *de_ctx, SigGroupHead *src, SigGroupHead **dst) {
if (src == NULL || de_ctx == NULL)
return 0;
if (*dst == NULL) {
@ -572,7 +453,7 @@ int SigGroupHeadCopySigs(SigGroupHead *src, SigGroupHead **dst) {
detect_siggroup_head_init_cnt++;
detect_siggroup_head_memory += sizeof(SigGroupHead);
(*dst)->sig_size = SigGetMaxId() / 8 + 1;
(*dst)->sig_size = DetectEngineGetMaxSigId(de_ctx) / 8 + 1;
(*dst)->sig_array = malloc((*dst)->sig_size);
if ((*dst)->sig_array == NULL)
goto error;
@ -626,11 +507,24 @@ void DetectSigGroupPrintMemory(void) {
printf(" X Total %u\n", detect_siggroup_head_memory + detect_siggroup_sigarray_memory + detect_siggroup_matcharray_memory);
}
void SigGroupHeadPrintSigs(DetectEngineCtx *de_ctx, SigGroupHead *sgh) {
printf("SigGroupHeadPrintSigs: ");
u_int32_t i;
for (i = 0; i < sgh->sig_size; i++) {
if (sgh->sig_array[(i/8)] & (1<<(i%8))) {
printf("%u ", i);
}
}
printf("\n");
}
void SigGroupHeadPrintContent(DetectEngineCtx *de_ctx, SigGroupHead *sgh) {
printf("SigGroupHeadPrintContent: ");
u_int32_t i;
for (i = 0; i < DetectContentMaxId(); i++) {
for (i = 0; i < DetectContentMaxId(de_ctx); i++) {
if (sgh->content_array[(i/8)] & (1<<(i%8))) {
printf("%u ", i);
}
@ -643,7 +537,7 @@ void SigGroupHeadPrintContentCnt(DetectEngineCtx *de_ctx, SigGroupHead *sgh) {
printf("SigGroupHeadPrintContent: ");
u_int32_t i, cnt = 0;
for (i = 0; i < DetectContentMaxId(); i++) {
for (i = 0; i < DetectContentMaxId(de_ctx); i++) {
if (sgh->content_array[(i/8)] & (1<<(i%8))) {
cnt++;
}
@ -662,10 +556,10 @@ int SigGroupHeadLoadContent(DetectEngineCtx *de_ctx, SigGroupHead *sgh) {
Signature *s;
SigMatch *sm;
if (DetectContentMaxId() == 0)
if (DetectContentMaxId(de_ctx) == 0)
return 0;
sgh->content_size = (DetectContentMaxId() / 8) + 1;
sgh->content_size = (DetectContentMaxId(de_ctx) / 8) + 1;
sgh->content_array = malloc(sgh->content_size * sizeof(u_int32_t));
if (sgh->content_array == NULL)
return -1;
@ -715,10 +609,10 @@ int SigGroupHeadLoadUricontent(DetectEngineCtx *de_ctx, SigGroupHead *sgh) {
Signature *s;
SigMatch *sm;
if (DetectUricontentMaxId() == 0)
if (DetectUricontentMaxId(de_ctx) == 0)
return 0;
sgh->uri_content_size = (DetectUricontentMaxId() / 8) + 1;
sgh->uri_content_size = (DetectUricontentMaxId(de_ctx) / 8) + 1;
sgh->uri_content_array = malloc(sgh->uri_content_size * sizeof(u_int32_t));
if (sgh->uri_content_array == NULL)
return -1;

@ -3,9 +3,9 @@
/* XXX cleanup */
int SigGroupHeadAppendSig(SigGroupHead **, Signature *);
int SigGroupHeadAppendSig(DetectEngineCtx *, SigGroupHead **, Signature *);
int SigGroupHeadClearSigs(SigGroupHead *);
int SigGroupHeadCopySigs(SigGroupHead *, SigGroupHead **);
int SigGroupHeadCopySigs(DetectEngineCtx *, SigGroupHead *, SigGroupHead **);
int SigGroupHeadLoadContent(DetectEngineCtx *, SigGroupHead *);
int SigGroupHeadLoadUricontent(DetectEngineCtx *, SigGroupHead *);
@ -14,35 +14,35 @@ int SigGroupHeadClearUricontent(SigGroupHead *);
void SigGroupHeadFree(SigGroupHead *);
void SigGroupHeadFreeMpmArrays(void);
void SigGroupHeadFreeMpmArrays(DetectEngineCtx *);
SigGroupHead *SigGroupHeadHashLookup(SigGroupHead *sgh);
SigGroupHead *SigGroupHeadPortHashLookup(SigGroupHead *sgh);
SigGroupHead *SigGroupHeadSPortHashLookup(SigGroupHead *sgh);
SigGroupHead *SigGroupHeadMpmHashLookup(SigGroupHead *sgh);
SigGroupHead *SigGroupHeadMpmUriHashLookup(SigGroupHead *sgh);
SigGroupHead *SigGroupHeadHashLookup(DetectEngineCtx *, SigGroupHead *);
SigGroupHead *SigGroupHeadMpmHashLookup(DetectEngineCtx *, SigGroupHead *);
SigGroupHead *SigGroupHeadMpmUriHashLookup(DetectEngineCtx *, SigGroupHead *);
SigGroupHead *SigGroupHeadDPortHashLookup(DetectEngineCtx *, SigGroupHead *);
SigGroupHead *SigGroupHeadSPortHashLookup(DetectEngineCtx *, SigGroupHead *);
int SigGroupHeadPortHashAdd(SigGroupHead *sgh);
int SigGroupHeadSPortHashAdd(SigGroupHead *sgh);
int SigGroupHeadMpmHashAdd(SigGroupHead *sgh);
int SigGroupHeadMpmUriHashAdd(SigGroupHead *sgh);
int SigGroupHeadHashAdd(SigGroupHead *sgh);
int SigGroupHeadMpmHashAdd(DetectEngineCtx *, SigGroupHead *);
int SigGroupHeadMpmUriHashAdd(DetectEngineCtx *, SigGroupHead *);
int SigGroupHeadHashAdd(DetectEngineCtx *, SigGroupHead *);
int SigGroupHeadDPortHashAdd(DetectEngineCtx *, SigGroupHead *);
int SigGroupHeadSPortHashAdd(DetectEngineCtx *, SigGroupHead *);
void SigGroupHeadHashFree(void);
void SigGroupHeadPortHashFree(void);
void SigGroupHeadSPortHashFree(void);
void SigGroupHeadMpmHashFree(void);
void SigGroupHeadMpmUriHashFree(void);
void SigGroupHeadHashFree(DetectEngineCtx *);
void SigGroupHeadMpmHashFree(DetectEngineCtx *);
void SigGroupHeadMpmUriHashFree(DetectEngineCtx *);
void SigGroupHeadDPortHashFree(DetectEngineCtx *);
void SigGroupHeadSPortHashFree(DetectEngineCtx *);
int SigGroupHeadMpmHashInit(void);
int SigGroupHeadMpmUriHashInit(void);
int SigGroupHeadPortHashInit(void);
int SigGroupHeadSPortHashInit(void);
int SigGroupHeadHashInit(void);
int SigGroupHeadHashInit(DetectEngineCtx *);
int SigGroupHeadMpmHashInit(DetectEngineCtx *);
int SigGroupHeadMpmUriHashInit(DetectEngineCtx *);
int SigGroupHeadDPortHashInit(DetectEngineCtx *);
int SigGroupHeadSPortHashInit(DetectEngineCtx *);
void SigGroupHeadSetSigCnt(SigGroupHead *sgh, u_int32_t max_idx);
int SigGroupHeadBuildMatchArray (DetectEngineCtx *de_ctx, SigGroupHead *sgh, u_int32_t max_idx);
void SigGroupHeadFreeSigArrays(void);
void SigGroupHeadFreeSigArrays(DetectEngineCtx *de_ctx);
#endif /* __DETECT_SIGGROUP_H__ */

@ -9,6 +9,9 @@
#include "detect-engine-siggroup.h"
#include "detect-engine-address.h"
#include "detect-engine-port.h"
#include "util-hash.h"
DetectEngineCtx *DetectEngineCtxInit(void) {
DetectEngineCtx *de_ctx;
@ -20,12 +23,43 @@ DetectEngineCtx *DetectEngineCtxInit(void) {
memset(de_ctx,0,sizeof(DetectEngineCtx));
SigGroupHeadHashInit(de_ctx);
SigGroupHeadMpmHashInit(de_ctx);
SigGroupHeadMpmUriHashInit(de_ctx);
SigGroupHeadSPortHashInit(de_ctx);
SigGroupHeadDPortHashInit(de_ctx);
DetectPortSpHashInit(de_ctx);
DetectPortDpHashInit(de_ctx);
return de_ctx;
error:
return NULL;
}
void DetectEngineCtxFree(DetectEngineCtx *de_ctx) {
/* Normally the hashes are freed elsewhere, but
* to be sure look at them again here.
*/
SigGroupHeadHashFree(de_ctx);
SigGroupHeadMpmHashFree(de_ctx);
SigGroupHeadMpmUriHashFree(de_ctx);
SigGroupHeadSPortHashFree(de_ctx);
SigGroupHeadDPortHashFree(de_ctx);
DetectPortSpHashFree(de_ctx);
DetectPortDpHashFree(de_ctx);
free(de_ctx);
}
/*
* getting & (re)setting the internal sig i
*/
u_int32_t DetectEngineGetMaxSigId(DetectEngineCtx *de_ctx) {
return de_ctx->signum;
}
void DetectEngineResetMaxSigId(DetectEngineCtx *de_ctx) {
de_ctx->signum = 0;
}

@ -5,5 +5,8 @@
DetectEngineCtx *DetectEngineCtxInit(void);
void DetectEngineCtxFree(DetectEngineCtx *);
u_int32_t DetectEngineGetMaxSigId(DetectEngineCtx *);
void DetectEngineResetMaxSigId(DetectEngineCtx *);
#endif /* __DETECT_ENGINE_H__ */

@ -16,7 +16,7 @@ static pcre *parse_regex;
static pcre_extra *parse_regex_study;
int DetectFlowMatch (ThreadVars *, PatternMatcherThread *, Packet *, Signature *, SigMatch *);
int DetectFlowSetup (Signature *, SigMatch *, char *);
int DetectFlowSetup (DetectEngineCtx *, Signature *, SigMatch *, char *);
void DetectFlowRegister (void) {
sigmatch_table[DETECT_FLOW].name = "flow";
@ -72,7 +72,7 @@ int DetectFlowMatch (ThreadVars *t, PatternMatcherThread *pmt, Packet *p, Signat
return ret;
}
int DetectFlowSetup (Signature *s, SigMatch *m, char *flowstr)
int DetectFlowSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *flowstr)
{
DetectFlowData *fd = NULL;
SigMatch *sm = NULL;

@ -17,7 +17,7 @@ static pcre *parse_regex;
static pcre_extra *parse_regex_study;
int DetectFlowvarMatch (ThreadVars *, PatternMatcherThread *, Packet *, Signature *, SigMatch *);
int DetectFlowvarSetup (Signature *, SigMatch *, char *);
int DetectFlowvarSetup (DetectEngineCtx *, Signature *, SigMatch *, char *);
void DetectFlowvarRegister (void) {
sigmatch_table[DETECT_FLOWVAR].name = "flowvar";
@ -75,7 +75,7 @@ int DetectFlowvarMatch (ThreadVars *t, PatternMatcherThread *pmt, Packet *p, Sig
return ret;
}
int DetectFlowvarSetup (Signature *s, SigMatch *m, char *rawstr)
int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *rawstr)
{
DetectFlowvarData *cd = NULL;
SigMatch *sm = NULL;

@ -4,7 +4,7 @@
#include "detect.h"
#include "flow-var.h"
int DetectMetadataSetup (Signature *s, SigMatch *m, char *str);
int DetectMetadataSetup (DetectEngineCtx *, Signature *s, SigMatch *m, char *str);
void DetectMetadataRegister (void) {
sigmatch_table[DETECT_METADATA].name = "metadata";
@ -14,7 +14,7 @@ void DetectMetadataRegister (void) {
sigmatch_table[DETECT_METADATA].RegisterTests = NULL;
}
int DetectMetadataSetup (Signature *s, SigMatch *m, char *rawstr)
int DetectMetadataSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *rawstr)
{
char *str = rawstr;
char dubbed = 0;

@ -4,7 +4,7 @@
#include "detect.h"
#include "flow-var.h"
int DetectMsgSetup (Signature *s, SigMatch *m, char *msgstr);
int DetectMsgSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *msgstr);
void DetectMsgRegister (void) {
sigmatch_table[DETECT_MSG].name = "msg";
@ -14,7 +14,7 @@ void DetectMsgRegister (void) {
sigmatch_table[DETECT_MSG].RegisterTests = NULL;
}
int DetectMsgSetup (Signature *s, SigMatch *m, char *msgstr)
int DetectMsgSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *msgstr)
{
char *str = msgstr;

@ -6,7 +6,7 @@
#include <pcre.h>
int DetectNoalertSetup (Signature *, SigMatch *, char *);
int DetectNoalertSetup (DetectEngineCtx *, Signature *, SigMatch *, char *);
void DetectNoalertRegister (void) {
sigmatch_table[DETECT_NOALERT].name = "noalert";
@ -18,7 +18,7 @@ void DetectNoalertRegister (void) {
sigmatch_table[DETECT_NOALERT].flags |= SIGMATCH_NOOPT;
}
int DetectNoalertSetup (Signature *s, SigMatch *m, char *nullstr)
int DetectNoalertSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *nullstr)
{
if (nullstr != NULL) {
printf("DetectNoalertSetup: nocase has no value\n");

@ -9,7 +9,7 @@
#include "detect-uricontent.h"
#include "detect-pcre.h"
int DetectNocaseSetup (Signature *s, SigMatch *m, char *depthstr);
int DetectNocaseSetup (DetectEngineCtx *, Signature *s, SigMatch *m, char *depthstr);
void DetectNocaseRegister (void) {
sigmatch_table[DETECT_NOCASE].name = "nocase";
@ -21,7 +21,7 @@ void DetectNocaseRegister (void) {
sigmatch_table[DETECT_NOCASE].flags |= SIGMATCH_NOOPT;
}
int DetectNocaseSetup (Signature *s, SigMatch *m, char *nullstr)
int DetectNocaseSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *nullstr)
{
//printf("DetectNocaseSetup: s->match:%p,m:%p\n", s->match, m);

@ -8,7 +8,7 @@
#include "detect-content.h"
#include "detect-pcre.h"
int DetectOffsetSetup (Signature *s, SigMatch *m, char *offsetstr);
int DetectOffsetSetup (DetectEngineCtx *, Signature *s, SigMatch *m, char *offsetstr);
void DetectOffsetRegister (void) {
sigmatch_table[DETECT_OFFSET].name = "offset";
@ -18,7 +18,7 @@ void DetectOffsetRegister (void) {
sigmatch_table[DETECT_OFFSET].RegisterTests = NULL;
}
int DetectOffsetSetup (Signature *s, SigMatch *m, char *offsetstr)
int DetectOffsetSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *offsetstr)
{
char *str = offsetstr;
char dubbed = 0;

@ -4,7 +4,12 @@
#include "vips.h"
#include "debug.h"
#include "detect.h"
#include "detect-engine.h"
#include "detect-engine-address.h"
#include "detect-engine-port.h"
#include "flow.h"
#include "util-unittest.h"
@ -15,7 +20,7 @@ static pcre_extra *config_pcre_extra = NULL;
static pcre_extra *option_pcre_extra = NULL;
/* XXX this should be part of the DE */
static u_int32_t signum = 0;
//static u_int32_t signum = 0;
static u_int32_t dbg_srcportany_cnt = 0;
static u_int32_t dbg_dstportany_cnt = 0;
@ -36,9 +41,6 @@ static u_int32_t dbg_dstportany_cnt = 0;
#define OPTION_PARTS 3
#define OPTION_PCRE "^\\s*([A-z_0-9]+)(?:\\s*\\:\\s*(.*)(?<!\\\\))?\\s*;\\s*(?:\\s*(.*))?\\s*$"
u_int32_t SigGetMaxId(void) {
return signum;
}
u_int32_t DbgGetSrcPortAnyCnt(void) {
return dbg_srcportany_cnt;
@ -48,10 +50,6 @@ u_int32_t DbgGetDstPortAnyCnt(void) {
return dbg_dstportany_cnt;
}
void SigResetMaxId(void) {
signum = 0;
}
SigMatch *SigMatchAlloc(void) {
SigMatch *sm = malloc(sizeof(SigMatch));
if (sm == NULL)
@ -144,7 +142,7 @@ void SigParsePrepare(void) {
}
}
int SigParseOptions(Signature *s, SigMatch *m, char *optstr) {
int SigParseOptions(DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *optstr) {
#define MAX_SUBSTRINGS 30
int ov[MAX_SUBSTRINGS];
int ret = 0, i = 0;
@ -194,7 +192,7 @@ int SigParseOptions(Signature *s, SigMatch *m, char *optstr) {
}
/* setup may or may not add a new SigMatch to the list */
if (st->Setup(s, m, optvalue) < 0)
if (st->Setup(de_ctx, s, m, optvalue) < 0)
goto error;
/* thats why we check for that here */
@ -211,7 +209,7 @@ int SigParseOptions(Signature *s, SigMatch *m, char *optstr) {
if (optstr) free(optstr);
//if (optmore) pcre_free_substring(optmore);
if (arr != NULL) free(arr);
return SigParseOptions(s, m, optmore);
return SigParseOptions(de_ctx, s, m, optmore);
}
if (optname) pcre_free_substring(optname);
@ -426,7 +424,7 @@ error:
return -1;
}
int SigParse(Signature *s, char *sigstr) {
int SigParse(DetectEngineCtx *de_ctx, Signature *s, char *sigstr) {
char **basics;
int ret = SigParseBasics(s, sigstr, &basics);
@ -443,7 +441,7 @@ int SigParse(Signature *s, char *sigstr) {
/* we can have no options, so make sure we have them */
if (basics[CONFIG_OPTS] != NULL) {
ret = SigParseOptions(s, NULL, strdup(basics[CONFIG_OPTS]));
ret = SigParseOptions(de_ctx, s, NULL, strdup(basics[CONFIG_OPTS]));
}
/* cleanup */
@ -486,7 +484,7 @@ void SigFree(Signature *s) {
free(s);
}
Signature *SigInit(char *sigstr) {
Signature *SigInit(DetectEngineCtx *de_ctx, char *sigstr) {
Signature *sig = SigAlloc();
if (sig == NULL)
goto error;
@ -495,11 +493,11 @@ Signature *SigInit(char *sigstr) {
* through classifications.config */
sig->prio = 3;
if (SigParse(sig, sigstr) < 0)
if (SigParse(de_ctx, sig, sigstr) < 0)
goto error;
sig->num = signum;
signum++;
sig->num = de_ctx->signum;
de_ctx->signum++;
return sig;
error:
@ -516,13 +514,18 @@ int SigParseTest01 (void) {
int result = 1;
Signature *sig = NULL;
sig = SigInit("alert tcp 1.2.3.4 any -> !1.2.3.4 any (msg:\"SigParseTest01\"; sid:1;)");
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
sig = SigInit(de_ctx, "alert tcp 1.2.3.4 any -> !1.2.3.4 any (msg:\"SigParseTest01\"; sid:1;)");
if (sig == NULL) {
result = 0;
goto end;
}
SigFree(sig);
DetectEngineCtxFree(de_ctx);
end:
return result;
}
@ -531,13 +534,19 @@ int SigParseTest02 (void) {
int result = 0;
Signature *sig = NULL;
sig = SigInit("alert tcp any !21:902 -> any any (msg:\"ET MALWARE Suspicious 220 Banner on Local Port\"; content:\"220\"; offset:0; depth:4; pcre:\"/220[- ]/\"; classtype:non-standard-protocol; sid:2003055; rev:4;)");
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
sig = SigInit(de_ctx, "alert tcp any !21:902 -> any any (msg:\"ET MALWARE Suspicious 220 Banner on Local Port\"; content:\"220\"; offset:0; depth:4; pcre:\"/220[- ]/\"; classtype:non-standard-protocol; sid:2003055; rev:4;)");
if (sig == NULL) {
goto end;
}
DetectPort *port = NULL;
int r = DetectPortParse(&port, "0:20");
if (r < 0)
goto end;
if (DetectPortCmp(sig->sp, port) == PORT_EQ) {
result = 1;
@ -546,6 +555,7 @@ int SigParseTest02 (void) {
}
SigFree(sig);
DetectEngineCtxFree(de_ctx);
end:
return result;
}

@ -5,7 +5,7 @@
int SigParse(Signature *s, char *sigstr);
Signature *SigAlloc (void);
void SigFree(Signature *s);
Signature *SigInit(char *sigstr);
Signature *SigInit(DetectEngineCtx *,char *sigstr);
void SigParsePrepare(void);
void SigParseRegisterTests(void);

@ -21,7 +21,7 @@ static pcre *parse_capture_regex;
static pcre_extra *parse_capture_regex_study;
int DetectPcreMatch (ThreadVars *, PatternMatcherThread *, Packet *, Signature *, SigMatch *);
int DetectPcreSetup (Signature *, SigMatch *, char *);
int DetectPcreSetup (DetectEngineCtx *, Signature *, SigMatch *, char *);
int DetectPcreFree(SigMatch *);
void DetectPcreRegister (void) {
@ -123,7 +123,7 @@ int DetectPcreMatch (ThreadVars *t, PatternMatcherThread *pmt, Packet *p, Signat
/* don't bother scanning if we don't have a pattern matcher ctx
* which means we don't have uricontent sigs */
if (pmt->mcu != NULL) {
if (pmt->sgh->mpm_uri_ctx != NULL) {
if (pmt->sgh->mpm_uricontent_maxlen <= p->http_uri.raw_size[pmt->pkt_cnt]) {
if (pmt->sgh->mpm_uricontent_maxlen == 1) pmt->pkts_uri_scanned1++;
else if (pmt->sgh->mpm_uricontent_maxlen == 2) pmt->pkts_uri_scanned2++;
@ -132,7 +132,7 @@ int DetectPcreMatch (ThreadVars *t, PatternMatcherThread *pmt, Packet *p, Signat
else pmt->pkts_uri_scanned++;
pmt->pmq.mode = PMQ_MODE_SCAN;
ret = pmt->mcu->Scan(pmt->mcu, &pmt->mtcu, &pmt->pmq, p->http_uri.raw[pmt->pkt_cnt], p->http_uri.raw_size[pmt->pkt_cnt]);
ret = pmt->sgh->mpm_uri_ctx->Scan(pmt->sgh->mpm_uri_ctx, &pmt->mtcu, &pmt->pmq, p->http_uri.raw[pmt->pkt_cnt], p->http_uri.raw_size[pmt->pkt_cnt]);
if (ret > 0) {
if (pmt->sgh->mpm_uricontent_maxlen == 1) pmt->pkts_uri_searched1++;
else if (pmt->sgh->mpm_uricontent_maxlen == 2) pmt->pkts_uri_searched2++;
@ -141,7 +141,7 @@ int DetectPcreMatch (ThreadVars *t, PatternMatcherThread *pmt, Packet *p, Signat
else pmt->pkts_uri_searched++;
pmt->pmq.mode = PMQ_MODE_SEARCH;
ret += pmt->mcu->Search(pmt->mcu, &pmt->mtcu, &pmt->pmq, p->http_uri.raw[pmt->pkt_cnt], p->http_uri.raw_size[pmt->pkt_cnt]);
ret += pmt->sgh->mpm_uri_ctx->Search(pmt->sgh->mpm_uri_ctx, &pmt->mtcu, &pmt->pmq, p->http_uri.raw[pmt->pkt_cnt], p->http_uri.raw_size[pmt->pkt_cnt]);
/* indicate to uricontent that we have a uri,
* we scanned it _AND_ we found pattern matches. */
@ -173,7 +173,7 @@ int DetectPcreMatch (ThreadVars *t, PatternMatcherThread *pmt, Packet *p, Signat
return ret;
}
int DetectPcreSetup (Signature *s, SigMatch *m, char *regexstr)
int DetectPcreSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *regexstr)
{
const char *eb;
int eo;

@ -16,7 +16,7 @@ static pcre *parse_regex;
static pcre_extra *parse_regex_study;
int DetectPktvarMatch (ThreadVars *, PatternMatcherThread *, Packet *, Signature *, SigMatch *);
int DetectPktvarSetup (Signature *, SigMatch *, char *);
int DetectPktvarSetup (DetectEngineCtx *, Signature *, SigMatch *, char *);
void DetectPktvarRegister (void) {
sigmatch_table[DETECT_PKTVAR].name = "pktvar";
@ -70,7 +70,7 @@ int DetectPktvarMatch (ThreadVars *t, PatternMatcherThread *pmt, Packet *p, Sign
return ret;
}
int DetectPktvarSetup (Signature *s, SigMatch *m, char *rawstr)
int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *rawstr)
{
DetectPktvarData *cd = NULL;
SigMatch *sm = NULL;

@ -4,7 +4,7 @@
#include "detect.h"
#include "flow-var.h"
int DetectPrioritySetup (Signature *s, SigMatch *m, char *sidstr);
int DetectPrioritySetup (DetectEngineCtx *, Signature *s, SigMatch *m, char *sidstr);
void DetectPriorityRegister (void) {
sigmatch_table[DETECT_PRIORITY].name = "priority";
@ -14,7 +14,7 @@ void DetectPriorityRegister (void) {
sigmatch_table[DETECT_PRIORITY].RegisterTests = NULL;
}
int DetectPrioritySetup (Signature *s, SigMatch *m, char *rawstr)
int DetectPrioritySetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *rawstr)
{
char *str = rawstr;
char dubbed = 0;

@ -8,7 +8,7 @@
#include "detect-content.h"
#include "detect-pcre.h"
int DetectRawbytesSetup (Signature *s, SigMatch *m, char *depthstr);
int DetectRawbytesSetup (DetectEngineCtx *, Signature *, SigMatch *, char *);
void DetectRawbytesRegister (void) {
sigmatch_table[DETECT_RAWBYTES].name = "rawbytes";
@ -20,7 +20,7 @@ void DetectRawbytesRegister (void) {
sigmatch_table[DETECT_RAWBYTES].flags |= SIGMATCH_NOOPT;
}
int DetectRawbytesSetup (Signature *s, SigMatch *m, char *nullstr)
int DetectRawbytesSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *nullstr)
{
//printf("DetectRawbytesSetup: s->match:%p,m:%p\n", s->match, m);

@ -11,7 +11,7 @@
#include <pcre.h>
int DetectRecursiveSetup (Signature *s, SigMatch *m, char *depthstr);
int DetectRecursiveSetup (DetectEngineCtx *, Signature *, SigMatch *, char *);
void DetectRecursiveRegister (void) {
sigmatch_table[DETECT_RECURSIVE].name = "recursive";
@ -23,7 +23,7 @@ void DetectRecursiveRegister (void) {
sigmatch_table[DETECT_RECURSIVE].flags |= SIGMATCH_NOOPT;
}
int DetectRecursiveSetup (Signature *s, SigMatch *m, char *nullstr)
int DetectRecursiveSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *nullstr)
{
//printf("DetectRecursiveSetup: s->match:%p,m:%p\n", s->match, m);

@ -4,7 +4,7 @@
#include "detect.h"
#include "flow-var.h"
int DetectReferenceSetup (Signature *s, SigMatch *m, char *str);
int DetectReferenceSetup (DetectEngineCtx *, Signature *s, SigMatch *m, char *str);
void DetectReferenceRegister (void) {
sigmatch_table[DETECT_REFERENCE].name = "reference";
@ -14,7 +14,7 @@ void DetectReferenceRegister (void) {
sigmatch_table[DETECT_REFERENCE].RegisterTests = NULL;
}
int DetectReferenceSetup (Signature *s, SigMatch *m, char *rawstr)
int DetectReferenceSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *rawstr)
{
char *str = rawstr;
char dubbed = 0;

@ -4,7 +4,7 @@
#include "detect.h"
#include "flow-var.h"
int DetectRevSetup (Signature *s, SigMatch *m, char *str);
int DetectRevSetup (DetectEngineCtx *, Signature *s, SigMatch *m, char *str);
void DetectRevRegister (void) {
sigmatch_table[DETECT_REV].name = "rev";
@ -14,7 +14,7 @@ void DetectRevRegister (void) {
sigmatch_table[DETECT_REV].RegisterTests = NULL;
}
int DetectRevSetup (Signature *s, SigMatch *m, char *rawstr)
int DetectRevSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *rawstr)
{
char *str = rawstr;
char dubbed = 0;

@ -4,7 +4,7 @@
#include "detect.h"
#include "flow-var.h"
int DetectSidSetup (Signature *s, SigMatch *m, char *sidstr);
int DetectSidSetup (DetectEngineCtx *, Signature *s, SigMatch *m, char *sidstr);
void DetectSidRegister (void) {
sigmatch_table[DETECT_SID].name = "sid";
@ -14,7 +14,7 @@ void DetectSidRegister (void) {
sigmatch_table[DETECT_SID].RegisterTests = NULL;
}
int DetectSidSetup (Signature *s, SigMatch *m, char *sidstr)
int DetectSidSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *sidstr)
{
char *str = sidstr;
char dubbed = 0;

@ -4,7 +4,7 @@
#include "detect.h"
#include "flow-var.h"
int DetectThresholdSetup (Signature *s, SigMatch *m, char *str);
int DetectThresholdSetup (DetectEngineCtx *, Signature *s, SigMatch *m, char *str);
void DetectThresholdRegister (void) {
sigmatch_table[DETECT_THRESHOLD].name = "threshold";
@ -14,7 +14,7 @@ void DetectThresholdRegister (void) {
sigmatch_table[DETECT_THRESHOLD].RegisterTests = NULL;
}
int DetectThresholdSetup (Signature *s, SigMatch *m, char *rawstr)
int DetectThresholdSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *rawstr)
{
char *str = rawstr;
char dubbed = 0;

@ -31,16 +31,12 @@
#include "util-unittest.h"
int DetectUricontentMatch (ThreadVars *, PatternMatcherThread *, Packet *, Signature *, SigMatch *);
int DetectUricontentSetup (Signature *, SigMatch *, char *);
int DetectUricontentSetup (DetectEngineCtx *, Signature *, SigMatch *, char *);
void HttpUriRegisterTests(void);
u_int8_t nocasetable[256];
#define _nc(c) nocasetable[(c)]
/* we use a global id for uricontent matches to be able to
* use just one pattern matcher thread context per thread. */
static u_int32_t uricontent_max_id = 0;
void DetectUricontentRegister (void) {
sigmatch_table[DETECT_URICONTENT].name = "uricontent";
sigmatch_table[DETECT_URICONTENT].Match = DetectUricontentMatch;
@ -67,9 +63,8 @@ void DetectUricontentRegister (void) {
}
/* pass on the uricontent_max_id */
u_int32_t DetectUricontentMaxId(void) {
//printf("DetectUricontentMaxId: %u\n", uricontent_max_id);
return uricontent_max_id;
u_int32_t DetectUricontentMaxId(DetectEngineCtx *de_ctx) {
return de_ctx->uricontent_max_id;
}
/* Normalize http buffer
@ -258,7 +253,7 @@ int DetectUricontentMatch (ThreadVars *t, PatternMatcherThread *pmt, Packet *p,
return DoDetectUricontent(t, pmt, p, m, co);
}
int DetectUricontentSetup (Signature *s, SigMatch *m, char *contentstr)
int DetectUricontentSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *contentstr)
{
DetectUricontentData *cd = NULL;
SigMatch *sm = NULL;
@ -369,8 +364,8 @@ int DetectUricontentSetup (Signature *s, SigMatch *m, char *contentstr)
SigMatchAppend(s,m,sm);
cd->id = uricontent_max_id;
uricontent_max_id++;
cd->id = de_ctx->uricontent_max_id;
de_ctx->uricontent_max_id++;
if (dubbed) free(str);
return 0;

@ -24,7 +24,7 @@ typedef struct _DetectUricontentData {
/* prototypes */
void DetectUricontentRegister (void);
u_int32_t DetectUricontentMaxId(void);
u_int32_t DetectUricontentMaxId(DetectEngineCtx *);
#endif /* __DETECT_URICONTENT_H__ */

@ -9,7 +9,7 @@
#include "detect-uricontent.h"
#include "detect-pcre.h"
int DetectWithinSetup (Signature *s, SigMatch *m, char *withinstr);
int DetectWithinSetup (DetectEngineCtx *, Signature *s, SigMatch *m, char *withinstr);
void DetectWithinRegister (void) {
sigmatch_table[DETECT_WITHIN].name = "within";
@ -19,7 +19,7 @@ void DetectWithinRegister (void) {
sigmatch_table[DETECT_WITHIN].RegisterTests = NULL;
}
int DetectWithinSetup (Signature *s, SigMatch *m, char *withinstr)
int DetectWithinSetup (DetectEngineCtx *de_ctx, Signature *s, SigMatch *m, char *withinstr)
{
char *str = withinstr;
char dubbed = 0;

File diff suppressed because it is too large Load Diff

@ -2,11 +2,110 @@
#define __DETECT_H__
#include "detect-engine-proto.h"
#include "detect-engine-port.h"
#include "detect-engine-address.h"
#include "detect-content.h"
#include "detect-uricontent.h"
#include "util-hash.h"
#include "util-hashlist.h"
/*
* DETECT ADDRESS
*/
/* a is ... than b */
enum {
ADDRESS_ER = -1, /* error e.g. compare ipv4 and ipv6 */
ADDRESS_LT, /* smaller [aaa] [bbb] */
ADDRESS_LE, /* smaller with overlap [aa[bab]bb] */
ADDRESS_EQ, /* exactly equal [abababab] */
ADDRESS_ES, /* within [bb[aaa]bb] and [[abab]bbb] and [bbb[abab]] */
ADDRESS_EB, /* completely overlaps [aa[bbb]aa] and [[baba]aaa] and [aaa[baba]] */
ADDRESS_GE, /* bigger with overlap [bb[aba]aa] */
ADDRESS_GT, /* bigger [bbb] [aaa] */
};
#define ADDRESS_FLAG_ANY 0x1
#define ADDRESS_FLAG_NOT 0x2
#define ADDRESS_GROUP_SIGGROUPHEAD_COPY 0x01
#define ADDRESS_GROUP_PORTS_COPY 0x02
#define ADDRESS_GROUP_PORTS_NOTUNIQ 0x04
typedef struct DetectAddressData_ {
/* XXX convert to use a Address datatype to replace family, ip,ip2*/
u_int8_t family;
u_int32_t ip[4];
u_int32_t ip2[4];
u_int8_t flags;
} DetectAddressData;
typedef struct DetectAddressGroup_ {
/* address data for this group */
DetectAddressData *ad;
/* XXX ptr to rules, or PortGroup or whatever */
struct DetectAddressGroupsHead_ *dst_gh;
struct DetectPort_ *port;
/* signatures that belong in this group */
struct _SigGroupHead *sh;
u_int8_t flags;
/* double linked list */
struct DetectAddressGroup_ *prev;
struct DetectAddressGroup_ *next;
u_int32_t cnt;
} DetectAddressGroup;
typedef struct DetectAddressGroupsHead_ {
DetectAddressGroup *any_head;
DetectAddressGroup *ipv4_head;
DetectAddressGroup *ipv6_head;
} DetectAddressGroupsHead;
/*
* DETECT PORT
*/
/* a is ... than b */
enum {
PORT_ER = -1, /* error e.g. compare ipv4 and ipv6 */
PORT_LT, /* smaller [aaa] [bbb] */
PORT_LE, /* smaller with overlap [aa[bab]bb] */
PORT_EQ, /* exactly equal [abababab] */
PORT_ES, /* within [bb[aaa]bb] and [[abab]bbb] and [bbb[abab]] */
PORT_EB, /* completely overlaps [aa[bbb]aa] and [[baba]aaa] and [aaa[baba]] */
PORT_GE, /* bigger with overlap [bb[aba]aa] */
PORT_GT, /* bigger [bbb] [aaa] */
};
#define PORT_FLAG_ANY 0x1
#define PORT_FLAG_NOT 0x2
#define PORT_SIGGROUPHEAD_COPY 0x04
#define PORT_GROUP_PORTS_COPY 0x08
typedef struct DetectPort_ {
u_int8_t flags;
u_int16_t port;
u_int16_t port2;
/* signatures that belong in this group */
struct _SigGroupHead *sh;
struct DetectPort_ *dst_ph;
/* double linked list */
union {
struct DetectPort_ *prev;
struct DetectPort_ *hnext; /* hash next */
};
struct DetectPort_ *next;
u_int32_t cnt;
} DetectPort;
/* Signature flags */
#define SIG_FLAG_RECURSIVE 0x0001 /* recurive capturing enabled */
@ -35,9 +134,7 @@ typedef struct _PatternMatcherThread {
/* pointer to the current mpm ctx that is stored
* in a rule group head -- can be either a content
* or uricontent ctx. */
MpmCtx *mc; /* content */
MpmCtx *mcu; /* uricontent */
MpmThreadCtx mtc;
MpmThreadCtx mtc; /* thread ctx for the mpm */
MpmThreadCtx mtcu;
struct _SigGroupHead *sgh;
PatternMatcherQueue pmq;
@ -83,28 +180,10 @@ typedef struct _Signature {
DetectProto proto;
DetectPort *sp, *dp;
//u_int32_t rulegroup_refcnt;
struct _SigMatch *match;
struct _Signature *next;
} Signature;
typedef struct _SigMatch {
u_int8_t type;
void *ctx;
struct _SigMatch *prev;
struct _SigMatch *next;
} SigMatch;
typedef struct SigTableElmt {
char *name;
u_int8_t cost; /* 0 hardly any, 255 very expensive */
int (*Match)(ThreadVars *, PatternMatcherThread *, Packet *, Signature *, SigMatch *);
int (*Setup)(Signature *, SigMatch *, char *);
int (*Free)(SigMatch *);
void (*RegisterTests)(void);
u_int8_t flags;
} SigTableElmt;
typedef struct DetectEngineCtx_ {
u_int8_t flags;
@ -115,6 +194,8 @@ typedef struct DetectEngineCtx_ {
u_int32_t sig_array_size; /* size in bytes */
u_int32_t sig_array_len; /* size in array members */
u_int32_t signum;
/* ip only sigs: we only add 'alert ip' without
* an ip_proto setting here, so no need to look
* at the proto */
@ -122,60 +203,55 @@ typedef struct DetectEngineCtx_ {
DetectAddressGroupsHead *io_tmp_gh;
/* main sigs */
DetectAddressGroupsHead *src_gh[256];
DetectAddressGroupsHead *src_gh[256]; /* a head for each protocol */
DetectAddressGroupsHead *tmp_gh[256];
u_int32_t mpm_unique, mpm_reuse, mpm_none,
mpm_uri_unique, mpm_uri_reuse, mpm_uri_none;
u_int32_t gh_unique, gh_reuse;
u_int32_t mpm_max_patcnt,
mpm_min_patcnt,
mpm_tot_patcnt,
mpm_uri_max_patcnt,
mpm_uri_min_patcnt,
mpm_uri_tot_patcnt;
u_int32_t mpm_max_patcnt, mpm_min_patcnt, mpm_tot_patcnt,
mpm_uri_max_patcnt, mpm_uri_min_patcnt, mpm_uri_tot_patcnt;
} DetectEngineCtx;
/*
typedef struct SignatureTuple_ {
DetectAddressGroup *src;
DetectAddressGroup *dst;
DetectPort *sp;
DetectPort *dp;
u_int8_t proto;
/* content and uricontent vars */
u_int32_t content_max_id;
u_int32_t uricontent_max_id;
struct _SigGroupHead *sgh;
/* init phase vars */
HashListTable *sgh_hash_table;
struct SignatureTuple_ *hnext;
struct SignatureTuple_ *next;
HashListTable *sgh_mpm_hash_table;
HashListTable *sgh_mpm_uri_hash_table;
u_int32_t cnt;
} SignatureTuple;
*/
/* container for content matches... we use this to compare
* group heads for contents
* XXX name */
typedef struct _SigGroupContent {
DetectContentData *content;
struct _SigGroupContent *next;
} SigGroupContent;
/* container for content matches... we use this to compare
* group heads for contents
* XXX name */
typedef struct _SigGroupUricontent {
DetectUricontentData *content;
struct _SigGroupUricontent *next;
} SigGroupUricontent;
HashListTable *sgh_sport_hash_table;
HashListTable *sgh_dport_hash_table;
#define SIG_GROUP_HAVECONTENT 0x1
#define SIG_GROUP_HAVEURICONTENT 0x2
HashListTable *sport_hash_table;
HashListTable *dport_hash_table;
/* memory counters */
u_int32_t mpm_memory_size;
} DetectEngineCtx;
/* XXX rename */
//#define SIG_GROUP_INITIALIZED 0x4
//#define SIG_GROUP_COPY 0x8
typedef struct _SigMatch {
u_int8_t type;
void *ctx;
struct _SigMatch *prev;
struct _SigMatch *next;
} SigMatch;
typedef struct SigTableElmt {
char *name;
u_int8_t cost; /* 0 hardly any, 255 very expensive */
int (*Match)(ThreadVars *, PatternMatcherThread *, Packet *, Signature *, SigMatch *);
int (*Setup)(DetectEngineCtx *, Signature *, SigMatch *, char *);
int (*Free)(SigMatch *);
void (*RegisterTests)(void);
u_int8_t flags;
} SigTableElmt;
#define SIG_GROUP_HAVECONTENT 0x1
#define SIG_GROUP_HAVEURICONTENT 0x2
#define SIG_GROUP_HEAD_MPM_COPY 0x4
#define SIG_GROUP_HEAD_MPM_URI_COPY 0x8
#define SIG_GROUP_HEAD_FREE 0x10
@ -270,5 +346,11 @@ void TmModuleDetectRegister (void);
int SigGroupBuild(DetectEngineCtx *);
int SigGroupCleanup();
/*
* XXX globals, remove
*/
DetectEngineCtx *g_de_ctx;
#endif /* __DETECT_H__ */

@ -31,7 +31,7 @@
int LogHttplog (ThreadVars *, Packet *, void *, PacketQueue *);
int LogHttplogIPv4(ThreadVars *, Packet *, void *, PacketQueue *);
int LogHttplogIPv6(ThreadVars *, Packet *, void *, PacketQueue *);
int LogHttplogThreadInit(ThreadVars *, void **);
int LogHttplogThreadInit(ThreadVars *, void *, void **);
int LogHttplogThreadDeinit(ThreadVars *, void *);
void LogHttplogExitPrintStats(ThreadVars *, void *);
@ -172,7 +172,7 @@ int LogHttplog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq)
return 0;
}
int LogHttplogThreadInit(ThreadVars *t, void **data)
int LogHttplogThreadInit(ThreadVars *t, void *initdata, void **data)
{
LogHttplogThread *aft = malloc(sizeof(LogHttplogThread));
if (aft == NULL) {

@ -30,11 +30,11 @@ static pthread_mutex_t nfq_init_lock;
int ReceiveNFQ(ThreadVars *, Packet *, void *, PacketQueue *);
int ReceiveNFQThreadInit(ThreadVars *, void **);
int ReceiveNFQThreadInit(ThreadVars *, void *, void **);
void ReceiveNFQThreadExitStats(ThreadVars *, void *);
int VerdictNFQ(ThreadVars *, Packet *, void *, PacketQueue *);
int VerdictNFQThreadInit(ThreadVars *, void **);
int VerdictNFQThreadInit(ThreadVars *, void *, void **);
void VerdictNFQThreadExitStats(ThreadVars *, void *);
int VerdictNFQThreadDeinit(ThreadVars *, void *);
@ -231,7 +231,7 @@ int NFQInitThread(NFQThreadVars *nfq_t, u_int16_t queue_num, u_int32_t queue_max
return 0;
}
int ReceiveNFQThreadInit(ThreadVars *tv, void **data) {
int ReceiveNFQThreadInit(ThreadVars *tv, void *initdata, void **data) {
mutex_lock(&nfq_init_lock);
printf("ReceiveNFQThreadInit: starting... will bind to queuenum %u\n", receive_queue_num);
@ -255,7 +255,7 @@ int ReceiveNFQThreadInit(ThreadVars *tv, void **data) {
return 0;
}
int VerdictNFQThreadInit(ThreadVars *tv, void **data) {
int VerdictNFQThreadInit(ThreadVars *tv, void *initdata, void **data) {
mutex_lock(&nfq_init_lock);
printf("VerdictNFQThreadInit: starting... will bind to queuenum %u\n", verdict_queue_num);

@ -3,7 +3,7 @@
typedef struct _TmModule {
char *name;
int (*Init)(ThreadVars *, void **);
int (*Init)(ThreadVars *, void *, void **);
int (*Func)(ThreadVars *, Packet *, void *, PacketQueue *);
void (*ExitPrintStats)(ThreadVars *, void *);
int (*Deinit)(ThreadVars *, void *);

@ -21,12 +21,13 @@ static ThreadVars *tv_root;
typedef struct _TmSlot {
/* function pointers */
int (*SlotInit)(ThreadVars *, void **);
int (*SlotInit)(ThreadVars *, void *, void **);
int (*SlotFunc)(ThreadVars *, Packet *, void *, PacketQueue *);
void (*SlotExitPrintStats)(ThreadVars *, void *);
int (*SlotDeinit)(ThreadVars *, void *);
/* data storage */
void *slot_initdata;
void *slot_data;
PacketQueue slot_pq;
@ -67,7 +68,7 @@ void *TmThreadsSlot1NoIn(void *td) {
SetCPUAffinity(tv->cpu_affinity);
if (s->s.SlotInit != NULL) {
r = s->s.SlotInit(tv, &s->s.slot_data);
r = s->s.SlotInit(tv, s->s.slot_initdata, &s->s.slot_data);
if (r != 0) {
pthread_exit((void *) -1);
}
@ -114,7 +115,7 @@ void *TmThreadsSlot1NoOut(void *td) {
SetCPUAffinity(tv->cpu_affinity);
if (s->s.SlotInit != NULL) {
r = s->s.SlotInit(tv, &s->s.slot_data);
r = s->s.SlotInit(tv, s->s.slot_initdata, &s->s.slot_data);
if (r != 0) {
pthread_exit((void *) -1);
}
@ -157,7 +158,7 @@ void *TmThreadsSlot1NoInOut(void *td) {
//printf("TmThreadsSlot1NoInOut: %s starting\n", tv->name);
if (s->s.SlotInit != NULL) {
r = s->s.SlotInit(tv, &s->s.slot_data);
r = s->s.SlotInit(tv, s->s.slot_initdata, &s->s.slot_data);
if (r != 0) {
pthread_exit((void *) -1);
}
@ -203,7 +204,7 @@ void *TmThreadsSlot1(void *td) {
//printf("TmThreadsSlot1: %s starting\n", tv->name);
if (s->s.SlotInit != NULL) {
r = s->s.SlotInit(tv, &s->s.slot_data);
r = s->s.SlotInit(tv, s->s.slot_initdata, &s->s.slot_data);
if (r != 0) {
pthread_exit((void *) -1);
}
@ -265,13 +266,13 @@ void *TmThreadsSlot2(void *td) {
//printf("TmThreadsSlot2: %s starting\n", tv->name);
if (s->s1.SlotInit != NULL) {
r = s->s1.SlotInit(tv, &s->s1.slot_data);
r = s->s1.SlotInit(tv, s->s1.slot_initdata, &s->s1.slot_data);
if (r != 0) {
pthread_exit((void *) -1);
}
}
if (s->s2.SlotInit != NULL) {
r = s->s2.SlotInit(tv, &s->s2.slot_data);
r = s->s2.SlotInit(tv, s->s2.slot_initdata, &s->s2.slot_data);
if (r != 0) {
pthread_exit((void *) -1);
}
@ -356,19 +357,19 @@ void *TmThreadsSlot3(void *td) {
//printf("TmThreadsSlot3: %s starting\n", tv->name);
if (s->s1.SlotInit != NULL) {
r = s->s1.SlotInit(tv, &s->s1.slot_data);
r = s->s1.SlotInit(tv, s->s1.slot_initdata, &s->s1.slot_data);
if (r != 0) {
pthread_exit((void *) -1);
}
}
if (s->s2.SlotInit != NULL) {
r = s->s2.SlotInit(tv, &s->s2.slot_data);
r = s->s2.SlotInit(tv, s->s2.slot_initdata, &s->s2.slot_data);
if (r != 0) {
pthread_exit((void *) -1);
}
}
if (s->s3.SlotInit != NULL) {
r = s->s3.SlotInit(tv, &s->s3.slot_data);
r = s->s3.SlotInit(tv, s->s3.slot_initdata, &s->s3.slot_data);
if (r != 0) {
pthread_exit((void *) -1);
}
@ -516,7 +517,7 @@ void *TmThreadsSlotVar(void *td) {
for (slot = s->s; slot != NULL; slot = slot->slot_next) {
if (slot->SlotInit != NULL) {
r = slot->SlotInit(tv, &slot->slot_data);
r = slot->SlotInit(tv, slot->slot_initdata, &slot->slot_data);
if (r != 0) {
pthread_exit((void *) -1);
}
@ -596,7 +597,7 @@ error:
return -1;
}
void Tm1SlotSetFunc(ThreadVars *tv, TmModule *tm) {
void Tm1SlotSetFunc(ThreadVars *tv, TmModule *tm, void *data) {
Tm1Slot *s1 = (Tm1Slot *)tv->tm_slots;
if (s1->s.SlotFunc != NULL)
@ -604,12 +605,13 @@ void Tm1SlotSetFunc(ThreadVars *tv, TmModule *tm) {
"overwriting with %p\n", s1->s.SlotFunc, tm->Func);
s1->s.SlotInit = tm->Init;
s1->s.slot_initdata = data;
s1->s.SlotFunc = tm->Func;
s1->s.SlotExitPrintStats = tm->ExitPrintStats;
s1->s.SlotDeinit = tm->Deinit;
}
void Tm2SlotSetFunc1(ThreadVars *tv, TmModule *tm) {
void Tm2SlotSetFunc1(ThreadVars *tv, TmModule *tm, void *data) {
Tm2Slot *s = (Tm2Slot *)tv->tm_slots;
if (s->s1.SlotFunc != NULL)
@ -617,12 +619,13 @@ void Tm2SlotSetFunc1(ThreadVars *tv, TmModule *tm) {
"overwriting with %p\n", s->s1.SlotFunc, tm->Func);
s->s1.SlotInit = tm->Init;
s->s1.slot_initdata = data;
s->s1.SlotFunc = tm->Func;
s->s1.SlotExitPrintStats = tm->ExitPrintStats;
s->s1.SlotDeinit = tm->Deinit;
}
void Tm2SlotSetFunc2(ThreadVars *tv, TmModule *tm) {
void Tm2SlotSetFunc2(ThreadVars *tv, TmModule *tm, void *data) {
Tm2Slot *s = (Tm2Slot *)tv->tm_slots;
if (s->s2.SlotFunc != NULL)
@ -630,12 +633,13 @@ void Tm2SlotSetFunc2(ThreadVars *tv, TmModule *tm) {
"overwriting with %p\n", s->s2.SlotFunc, tm->Func);
s->s2.SlotInit = tm->Init;
s->s2.slot_initdata = data;
s->s2.SlotFunc = tm->Func;
s->s2.SlotExitPrintStats = tm->ExitPrintStats;
s->s2.SlotDeinit = tm->Deinit;
}
void Tm3SlotSetFunc1(ThreadVars *tv, TmModule *tm) {
void Tm3SlotSetFunc1(ThreadVars *tv, TmModule *tm, void *data) {
Tm3Slot *s = (Tm3Slot *)tv->tm_slots;
if (s->s1.SlotFunc != NULL)
@ -643,12 +647,13 @@ void Tm3SlotSetFunc1(ThreadVars *tv, TmModule *tm) {
"overwriting with %p\n", s->s1.SlotFunc, tm->Func);
s->s1.SlotInit = tm->Init;
s->s1.slot_initdata = data;
s->s1.SlotFunc = tm->Func;
s->s1.SlotExitPrintStats = tm->ExitPrintStats;
s->s1.SlotDeinit = tm->Deinit;
}
void Tm3SlotSetFunc2(ThreadVars *tv, TmModule *tm) {
void Tm3SlotSetFunc2(ThreadVars *tv, TmModule *tm, void *data) {
Tm3Slot *s = (Tm3Slot *)tv->tm_slots;
if (s->s2.SlotFunc != NULL)
@ -656,12 +661,13 @@ void Tm3SlotSetFunc2(ThreadVars *tv, TmModule *tm) {
"overwriting with %p\n", s->s2.SlotFunc, tm->Func);
s->s2.SlotInit = tm->Init;
s->s2.slot_initdata = data;
s->s2.SlotFunc = tm->Func;
s->s2.SlotExitPrintStats = tm->ExitPrintStats;
s->s2.SlotDeinit = tm->Deinit;
}
void Tm3SlotSetFunc3(ThreadVars *tv, TmModule *tm) {
void Tm3SlotSetFunc3(ThreadVars *tv, TmModule *tm, void *data) {
Tm3Slot *s = (Tm3Slot *)tv->tm_slots;
if (s->s3.SlotFunc != NULL)
@ -669,12 +675,13 @@ void Tm3SlotSetFunc3(ThreadVars *tv, TmModule *tm) {
"overwriting with %p\n", s->s3.SlotFunc, tm->Func);
s->s3.SlotInit = tm->Init;
s->s3.slot_initdata = data;
s->s3.SlotFunc = tm->Func;
s->s3.SlotExitPrintStats = tm->ExitPrintStats;
s->s3.SlotDeinit = tm->Deinit;
}
void TmVarSlotSetFuncAppend(ThreadVars *tv, TmModule *tm) {
void TmVarSlotSetFuncAppend(ThreadVars *tv, TmModule *tm, void *data) {
TmVarSlot *s = (TmVarSlot *)tv->tm_slots;
TmSlot *slot = malloc(sizeof(TmSlot));
if (slot == NULL)
@ -683,6 +690,7 @@ void TmVarSlotSetFuncAppend(ThreadVars *tv, TmModule *tm) {
memset(slot, 0, sizeof(TmSlot));
slot->SlotInit = tm->Init;
slot->slot_initdata = data;
slot->SlotFunc = tm->Func;
slot->SlotExitPrintStats = tm->ExitPrintStats;
slot->SlotDeinit = tm->Deinit;

@ -1,13 +1,13 @@
#ifndef __TM_THREADS_H__
#define __TM_THREADS_H__
void Tm1SlotSetFunc(ThreadVars *, TmModule *);
void Tm2SlotSetFunc1(ThreadVars *, TmModule *);
void Tm2SlotSetFunc2(ThreadVars *, TmModule *);
void Tm3SlotSetFunc1(ThreadVars *, TmModule *);
void Tm3SlotSetFunc2(ThreadVars *, TmModule *);
void Tm3SlotSetFunc3(ThreadVars *, TmModule *);
void TmVarSlotSetFuncAppend(ThreadVars *, TmModule *);
void Tm1SlotSetFunc(ThreadVars *, TmModule *, void *);
void Tm2SlotSetFunc1(ThreadVars *, TmModule *, void *);
void Tm2SlotSetFunc2(ThreadVars *, TmModule *, void *);
void Tm3SlotSetFunc1(ThreadVars *, TmModule *, void *);
void Tm3SlotSetFunc2(ThreadVars *, TmModule *, void *);
void Tm3SlotSetFunc3(ThreadVars *, TmModule *, void *);
void TmVarSlotSetFuncAppend(ThreadVars *, TmModule *, void *);
ThreadVars *TmThreadCreate(char *name, char *inq_name, char *inqh_name, char *outq_name, char *outqh_name, char *slots);
int TmThreadSpawn(ThreadVars *);
void TmThreadKillThreads(void);

@ -98,6 +98,13 @@ int BloomFilterTest(BloomFilter *bf, void *data, u_int16_t datalen) {
return hit;
}
u_int32_t BloomFilterMemoryCnt(BloomFilter *bf) {
if (bf == NULL)
return 0;
return 2;
}
u_int32_t BloomFilterMemorySize(BloomFilter *bf) {
if (bf == NULL)
return 0;

@ -17,6 +17,7 @@ void BloomFilterFree(BloomFilter *);
void BloomFilterPrint(BloomFilter *);
int BloomFilterAdd(BloomFilter *, void *, u_int16_t);
int BloomFilterTest(BloomFilter *, void *, u_int16_t);
u_int32_t BloomFilterMemoryCnt(BloomFilter *);
u_int32_t BloomFilterMemorySize(BloomFilter *);
void BloomFilterRegisterTests(void);

@ -0,0 +1,382 @@
/* Copyright (c) 2008 by Victor Julien <victor@inliniac.net> */
/* Chained hash table implementation
*
* The 'Free' pointer can be used to have the API free your
* hashed data. If it's NULL it's the callers responsebility */
#include <stdlib.h>
#include <stdio.h>
#include <time.h>
#include <string.h>
#include "util-hashlist.h"
#include "util-unittest.h"
HashListTable* HashListTableInit(u_int32_t size, u_int32_t (*Hash)(struct _HashListTable *, void *, u_int16_t), char (*Compare)(void *, u_int16_t, void *, u_int16_t), void (*Free)(void *)) {
HashListTable *ht = NULL;
if (size == 0) {
goto error;
}
if (Hash == NULL) {
//printf("ERROR: HashListTableInit no Hash function\n");
goto error;
}
/* setup the filter */
ht = malloc(sizeof(HashListTable));
if (ht == NULL)
goto error;
memset(ht,0,sizeof(HashListTable));
ht->array_size = size;
ht->Hash = Hash;
ht->Free = Free;
if (Compare != NULL)
ht->Compare = Compare;
else
ht->Compare = HashListTableDefaultCompare;
/* setup the bitarray */
ht->array = malloc(ht->array_size * sizeof(HashListTableBucket *));
if (ht->array == NULL)
goto error;
memset(ht->array,0,ht->array_size * sizeof(HashListTableBucket *));
ht->listhead = NULL;
ht->listtail = NULL;
return ht;
error:
if (ht != NULL) {
if (ht->array != NULL)
free(ht->array);
free(ht);
}
return NULL;
}
void HashListTableFree(HashListTable *ht) {
u_int32_t i = 0;
if (ht == NULL)
return;
/* free the buckets */
for (i = 0; i < ht->array_size; i++) {
HashListTableBucket *hashbucket = ht->array[i];
while (hashbucket != NULL) {
HashListTableBucket *next_hashbucket = hashbucket->bucknext;
if (ht->Free != NULL)
ht->Free(hashbucket->data);
free(hashbucket);
hashbucket = next_hashbucket;
}
}
/* free the arrray */
if (ht->array != NULL)
free(ht->array);
free(ht);
}
void HashListTablePrint(HashListTable *ht) {
printf("\n----------- Hash Table Stats ------------\n");
printf("Buckets: %u\n", ht->array_size);
printf("Hash function pointer: %p\n", ht->Hash);
printf("-----------------------------------------\n");
}
int HashListTableAdd(HashListTable *ht, void *data, u_int16_t datalen) {
if (ht == NULL || data == NULL)
return -1;
u_int32_t hash = ht->Hash(ht, data, datalen);
HashListTableBucket *hb = malloc(sizeof(HashListTableBucket));
if (hb == NULL) {
goto error;
}
memset(hb, 0, sizeof(HashListTableBucket));
hb->data = data;
hb->size = datalen;
hb->bucknext = NULL;
hb->listnext = NULL;
hb->listprev = NULL;
if (ht->array[hash] == NULL) {
ht->array[hash] = hb;
} else {
hb->bucknext = ht->array[hash];
ht->array[hash] = hb;
}
if (ht->listtail == NULL) {
ht->listhead = hb;
ht->listtail = hb;
} else {
ht->listtail->listnext = hb;
hb->listprev = ht->listtail->listnext;
ht->listtail = hb;
}
return 0;
error:
return -1;
}
int HashListTableRemove(HashListTable *ht, void *data, u_int16_t datalen) {
u_int32_t hash = ht->Hash(ht, data, datalen);
if (ht->array[hash] == NULL) {
return -1;
}
if (ht->array[hash]->bucknext == NULL) {
if (ht->Free != NULL)
ht->Free(ht->array[hash]->data);
free(ht->array[hash]);
ht->array[hash] = NULL;
return 0;
}
HashListTableBucket *hashbucket = ht->array[hash], *prev_hashbucket = NULL;
do {
if (hashbucket->size != datalen) {
prev_hashbucket = hashbucket;
hashbucket = hashbucket->bucknext;
continue;
}
if (memcmp(hashbucket->data,data,datalen) == 0) {
/* remove from the list */
if (hashbucket->listprev == NULL) {
ht->listhead = hashbucket->listnext;
} else {
hashbucket->listprev->listnext = hashbucket->listnext;
}
if (hashbucket->listnext == NULL) {
ht->listtail = hashbucket->listprev;
} else {
hashbucket->listnext->listprev = hashbucket->listprev;
}
if (prev_hashbucket == NULL) {
/* root bucket */
ht->array[hash] = hashbucket->bucknext;
} else {
/* child bucket */
prev_hashbucket->bucknext = hashbucket->bucknext;
}
/* remove this */
if (ht->Free != NULL)
ht->Free(hashbucket->data);
free(hashbucket);
return 0;
}
prev_hashbucket = hashbucket;
hashbucket = hashbucket->bucknext;
} while (hashbucket != NULL);
return -1;
}
char HashListTableDefaultCompare(void *data1, u_int16_t len1, void *data2, u_int16_t len2) {
if (len1 != len2)
return 0;
if (memcmp(data1,data2,len1) != 0)
return 0;
return 1;
}
void *HashListTableLookup(HashListTable *ht, void *data, u_int16_t datalen) {
u_int32_t hash = ht->Hash(ht, data, datalen);
if (ht->array[hash] == NULL) {
return NULL;
}
HashListTableBucket *hashbucket = ht->array[hash];
do {
if (ht->Compare(hashbucket->data,hashbucket->size,data,datalen) == 1)
return hashbucket->data;
hashbucket = hashbucket->bucknext;
} while (hashbucket != NULL);
return NULL;
}
u_int32_t HashListTableGenericHash(HashListTable *ht, void *data, u_int16_t datalen) {
u_int8_t *d = (u_int8_t *)data;
u_int32_t i;
u_int32_t hash = 0;
for (i = 0; i < datalen; i++) {
if (i == 0) hash += (((u_int32_t)*d++));
else if (i == 1) hash += (((u_int32_t)*d++) * datalen);
else hash *= (((u_int32_t)*d++) * i) + datalen + i;
}
hash *= datalen;
hash %= ht->array_size;
return hash;
}
HashListTableBucket *HashListTableGetListHead(HashListTable *ht) {
return ht->listhead;
}
/*
* ONLY TESTS BELOW THIS COMMENT
*/
static int HashListTableTestInit01 (void) {
HashListTable *ht = HashListTableInit(1024, HashListTableGenericHash, NULL, NULL);
if (ht == NULL)
return 0;
HashListTableFree(ht);
return 1;
}
/* no hash function, so it should fail */
static int HashListTableTestInit02 (void) {
HashListTable *ht = HashListTableInit(1024, NULL, NULL, NULL);
if (ht == NULL)
return 1;
HashListTableFree(ht);
return 0;
}
static int HashListTableTestInit03 (void) {
int result = 0;
HashListTable *ht = HashListTableInit(1024, HashListTableGenericHash, NULL, NULL);
if (ht == NULL)
return 0;
if (ht->Hash == HashListTableGenericHash)
result = 1;
HashListTableFree(ht);
return result;
}
static int HashListTableTestInit04 (void) {
HashListTable *ht = HashListTableInit(0, HashListTableGenericHash, NULL, NULL);
if (ht == NULL)
return 1;
HashListTableFree(ht);
return 0;
}
static int HashListTableTestAdd01 (void) {
int result = 0;
HashListTable *ht = HashListTableInit(32, HashListTableGenericHash, NULL, NULL);
if (ht == NULL)
goto end;
int r = HashListTableAdd(ht, "test", 0);
if (r == 0)
goto end;
/* all is good! */
result = 1;
end:
if (ht != NULL) HashListTableFree(ht);
return result;
}
static int HashListTableTestAdd02 (void) {
int result = 0;
HashListTable *ht = HashListTableInit(32, HashListTableGenericHash, NULL, NULL);
if (ht == NULL)
goto end;
int r = HashListTableAdd(ht, NULL, 4);
if (r == 0)
goto end;
/* all is good! */
result = 1;
end:
if (ht != NULL) HashListTableFree(ht);
return result;
}
static int HashListTableTestFull01 (void) {
int result = 0;
HashListTable *ht = HashListTableInit(32, HashListTableGenericHash, NULL, NULL);
if (ht == NULL)
goto end;
int r = HashListTableAdd(ht, "test", 4);
if (r != 0)
goto end;
char *rp = HashListTableLookup(ht, "test", 4);
if (rp == NULL)
goto end;
r = HashListTableRemove(ht, "test", 4);
if (r != 0)
goto end;
/* all is good! */
result = 1;
end:
if (ht != NULL) HashListTableFree(ht);
return result;
}
static int HashListTableTestFull02 (void) {
int result = 0;
HashListTable *ht = HashListTableInit(32, HashListTableGenericHash, NULL, NULL);
if (ht == NULL)
goto end;
int r = HashListTableAdd(ht, "test", 4);
if (r != 0)
goto end;
char *rp = HashListTableLookup(ht, "test", 4);
if (rp == NULL)
goto end;
r = HashListTableRemove(ht, "test2", 5);
if (r == 0)
goto end;
/* all is good! */
result = 1;
end:
if (ht != NULL) HashListTableFree(ht);
return result;
}
void HashListTableRegisterTests(void) {
UtRegisterTest("HashListTableTestInit01", HashListTableTestInit01, 1);
UtRegisterTest("HashListTableTestInit02", HashListTableTestInit02, 1);
UtRegisterTest("HashListTableTestInit03", HashListTableTestInit03, 1);
UtRegisterTest("HashListTableTestInit04", HashListTableTestInit04, 1);
UtRegisterTest("HashListTableTestAdd01", HashListTableTestAdd01, 1);
UtRegisterTest("HashListTableTestAdd02", HashListTableTestAdd02, 1);
UtRegisterTest("HashListTableTestFull01", HashListTableTestFull01, 1);
UtRegisterTest("HashListTableTestFull02", HashListTableTestFull02, 1);
}

@ -0,0 +1,42 @@
/* Copyright (c) 2008 by Victor Julien <victor@inliniac.net> */
#ifndef __HASHLIST_H__
#define __HASHLIST_H__
/* hash bucket structure */
typedef struct _HashListTableBucket {
void *data;
u_int16_t size;
struct _HashListTableBucket *bucknext;
struct _HashListTableBucket *listnext;
struct _HashListTableBucket *listprev;
} HashListTableBucket;
/* hash table structure */
typedef struct _HashListTable {
HashListTableBucket **array;
HashListTableBucket *listhead;
HashListTableBucket *listtail;
u_int32_t array_size;
u_int32_t (*Hash)(struct _HashListTable *, void *, u_int16_t);
char (*Compare)(void *, u_int16_t, void *, u_int16_t);
void (*Free)(void *);
} HashListTable;
/* prototypes */
HashListTable* HashListTableInit(u_int32_t, u_int32_t (*Hash)(struct _HashListTable *, void *, u_int16_t), char (*Compare)(void *, u_int16_t, void *, u_int16_t), void (*Free)(void *));
void HashListTableFree(HashListTable *);
void HashListTablePrint(HashListTable *);
int HashListTableAdd(HashListTable *, void *, u_int16_t);
int HashListTableRemove(HashListTable *, void *, u_int16_t);
void *HashListTableLookup(HashListTable *, void *, u_int16_t);
u_int32_t HashListTableGenericHash(HashListTable *, void *, u_int16_t);
HashListTableBucket *HashListTableGetListHead(HashListTable *);
#define HashListTableGetListNext(hb) (hb)->listnext
#define HashListTableGetListData(hb) (hb)->data
char HashListTableDefaultCompare(void *, u_int16_t, void *, u_int16_t);
void HashListTableRegisterTests(void);
#endif /* __HASHLIST_H__ */

@ -170,6 +170,18 @@ B2gAllocHashItem(MpmCtx *mpm_ctx) {
return hi;
}
static void B2gHashFree(MpmCtx *mpm_ctx, B2gHashItem *hi) {
if (hi == NULL)
return;
B2gHashItem *t = hi->nxt;
B2gHashFree(mpm_ctx, t);
mpm_ctx->memory_cnt--;
mpm_ctx->memory_size -= sizeof(B2gHashItem);
free(hi);
}
static inline void memcpy_tolower(u_int8_t *d, u_int8_t *s, u_int16_t len) {
u_int16_t i;
for (i = 0; i < len; i++) {
@ -518,7 +530,7 @@ static void B2gPrepareScanHash(MpmCtx *mpm_ctx) {
if (ctx->scan_bloom[h] == NULL)
continue;
mpm_ctx->memory_cnt+=2; /* hackish: bloomfilter itself and the bitarray */
mpm_ctx->memory_cnt += BloomFilterMemoryCnt(ctx->scan_bloom[h]);
mpm_ctx->memory_size += BloomFilterMemorySize(ctx->scan_bloom[h]);
if (ctx->scan_pminlen[h] > 8)
@ -623,7 +635,7 @@ static void B2gPrepareSearchHash(MpmCtx *mpm_ctx) {
if (ctx->search_bloom[h] == NULL)
continue;
mpm_ctx->memory_cnt+=2; /* hackish: bloomfilter itself and the bitarray */
mpm_ctx->memory_cnt += BloomFilterMemoryCnt(ctx->search_bloom[h]);
mpm_ctx->memory_size += BloomFilterMemorySize(ctx->search_bloom[h]);
if (ctx->search_pminlen[h] > 8)
@ -908,18 +920,94 @@ void B2gDestroyCtx(MpmCtx *mpm_ctx) {
mpm_ctx->memory_size -= (mpm_ctx->pattern_cnt * sizeof(B2gPattern));
}
if (ctx->scan_B2G) {
free(ctx->scan_B2G);
mpm_ctx->memory_cnt--;
mpm_ctx->memory_size -= (sizeof(B2G_TYPE) * ctx->scan_hash_size);
}
if (ctx->search_B2G) {
free(ctx->search_B2G);
mpm_ctx->memory_cnt--;
mpm_ctx->memory_size -= (sizeof(B2G_TYPE) * ctx->search_hash_size);
}
if (ctx->scan_bloom) {
int h;
for (h = 0; h < ctx->scan_hash_size; h++) {
if (ctx->scan_bloom[h] == NULL)
continue;
mpm_ctx->memory_cnt -= BloomFilterMemoryCnt(ctx->scan_bloom[h]);
mpm_ctx->memory_size -= BloomFilterMemorySize(ctx->scan_bloom[h]);
BloomFilterFree(ctx->scan_bloom[h]);
}
free(ctx->scan_bloom);
mpm_ctx->memory_cnt--;
mpm_ctx->memory_size -= (sizeof(BloomFilter *) * ctx->scan_hash_size);
}
if (ctx->scan_hash) {
int h;
for (h = 0; h < ctx->scan_hash_size; h++) {
if (ctx->scan_hash[h] == NULL)
continue;
B2gHashFree(mpm_ctx, ctx->scan_hash[h]);
}
free(ctx->scan_hash);
mpm_ctx->memory_cnt--;
mpm_ctx->memory_size -= (sizeof(B2gHashItem) * ctx->scan_hash_size);
}
if (ctx->search_bloom) {
int h;
for (h = 0; h < ctx->search_hash_size; h++) {
if (ctx->search_bloom[h] == NULL)
continue;
mpm_ctx->memory_cnt -= BloomFilterMemoryCnt(ctx->search_bloom[h]);
mpm_ctx->memory_size -= BloomFilterMemorySize(ctx->search_bloom[h]);
BloomFilterFree(ctx->search_bloom[h]);
}
free(ctx->search_bloom);
mpm_ctx->memory_cnt--;
mpm_ctx->memory_size -= (sizeof(BloomFilter *) * ctx->search_hash_size);
}
if (ctx->search_hash) {
int h;
for (h = 0; h < ctx->search_hash_size; h++) {
if (ctx->search_hash[h] == NULL)
continue;
B2gHashFree(mpm_ctx, ctx->search_hash[h]);
}
free(ctx->search_hash);
mpm_ctx->memory_cnt--;
mpm_ctx->memory_size -= (sizeof(B2gHashItem) * ctx->search_hash_size);
}
if (ctx->scan_pminlen) {
free(ctx->scan_pminlen);
mpm_ctx->memory_cnt--;
mpm_ctx->memory_size -= (sizeof(u_int8_t) * ctx->scan_hash_size);
}
if (ctx->search_pminlen) {
free(ctx->search_pminlen);
mpm_ctx->memory_cnt--;
mpm_ctx->memory_size -= (sizeof(u_int8_t) * ctx->search_hash_size);
}
free(mpm_ctx->ctx);
mpm_ctx->memory_cnt--;
mpm_ctx->memory_size -= sizeof(B2gCtx);
@ -1499,6 +1587,7 @@ static int B2gTestInit01 (void) {
return result;
}
#if 0
static int B2gTestS0Init01 (void) {
int result = 0;
MpmCtx mpm_ctx;
@ -1595,6 +1684,7 @@ static int B2gTestS0Init05 (void) {
B2gDestroyCtx(&mpm_ctx);
return result;
}
#endif
static int B2gTestScan01 (void) {
int result = 0;

@ -1,4 +1,4 @@
/* Implementation of the SBNDMq pattern matching algorithm.
/* 3 gram implementation of the (S)BNDMq pattern matching algorithm.
*
* Copyright (c) 2009 Victor Julien <victor@inliniac.net>
*
@ -169,6 +169,18 @@ B3gAllocHashItem(MpmCtx *mpm_ctx) {
return hi;
}
static void B3gHashFree(MpmCtx *mpm_ctx, B3gHashItem *hi) {
if (hi == NULL)
return;
B3gHashItem *t = hi->nxt;
B3gHashFree(mpm_ctx, t);
mpm_ctx->memory_cnt--;
mpm_ctx->memory_size -= sizeof(B3gHashItem);
free(hi);
}
static inline void memcpy_tolower(u_int8_t *d, u_int8_t *s, u_int16_t len) {
u_int16_t i;
for (i = 0; i < len; i++) {
@ -515,7 +527,7 @@ static void B3gPrepareScanHash(MpmCtx *mpm_ctx) {
if (ctx->scan_bloom[h] == NULL)
continue;
mpm_ctx->memory_cnt+=2; /* hackish: bloomfilter itself and the bitarray */
mpm_ctx->memory_cnt += BloomFilterMemoryCnt(ctx->scan_bloom[h]);
mpm_ctx->memory_size += BloomFilterMemorySize(ctx->scan_bloom[h]);
if (ctx->scan_pminlen[h] > 8)
@ -884,18 +896,94 @@ void B3gDestroyCtx(MpmCtx *mpm_ctx) {
mpm_ctx->memory_size -= (mpm_ctx->pattern_cnt * sizeof(B3gPattern));
}
if (ctx->scan_B3G) {
free(ctx->scan_B3G);
mpm_ctx->memory_cnt--;
mpm_ctx->memory_size -= (sizeof(B3G_TYPE) * ctx->scan_hash_size);
}
if (ctx->search_B3G) {
free(ctx->search_B3G);
mpm_ctx->memory_cnt--;
mpm_ctx->memory_size -= (sizeof(B3G_TYPE) * ctx->search_hash_size);
}
if (ctx->scan_bloom) {
int h;
for (h = 0; h < ctx->scan_hash_size; h++) {
if (ctx->scan_bloom[h] == NULL)
continue;
mpm_ctx->memory_cnt -= BloomFilterMemoryCnt(ctx->scan_bloom[h]);
mpm_ctx->memory_size -= BloomFilterMemorySize(ctx->scan_bloom[h]);
BloomFilterFree(ctx->scan_bloom[h]);
}
free(ctx->scan_bloom);
mpm_ctx->memory_cnt--;
mpm_ctx->memory_size -= (sizeof(BloomFilter *) * ctx->scan_hash_size);
}
if (ctx->scan_hash) {
int h;
for (h = 0; h < ctx->scan_hash_size; h++) {
if (ctx->scan_hash[h] == NULL)
continue;
B3gHashFree(mpm_ctx, ctx->scan_hash[h]);
}
free(ctx->scan_hash);
mpm_ctx->memory_cnt--;
mpm_ctx->memory_size -= (sizeof(B3gHashItem) * ctx->scan_hash_size);
}
#if 0
if (ctx->search_bloom) {
int h;
for (h = 0; h < ctx->search_hash_size; h++) {
if (ctx->search_bloom[h] == NULL)
continue;
mpm_ctx->memory_cnt -= BloomFilterMemoryCnt(ctx->search_bloom[h]);
mpm_ctx->memory_size -= BloomFilterMemorySize(ctx->search_bloom[h]);
BloomFilterFree(ctx->search_bloom[h]);
}
free(ctx->search_bloom);
mpm_ctx->memory_cnt--;
mpm_ctx->memory_size -= (sizeof(BloomFilter *) * ctx->search_hash_size);
}
#endif
if (ctx->search_hash) {
int h;
for (h = 0; h < ctx->search_hash_size; h++) {
if (ctx->search_hash[h] == NULL)
continue;
B3gHashFree(mpm_ctx, ctx->search_hash[h]);
}
free(ctx->search_hash);
mpm_ctx->memory_cnt--;
mpm_ctx->memory_size -= (sizeof(B3gHashItem) * ctx->search_hash_size);
}
if (ctx->scan_pminlen) {
free(ctx->scan_pminlen);
mpm_ctx->memory_cnt--;
mpm_ctx->memory_size -= (sizeof(u_int8_t) * ctx->scan_hash_size);
}
#if 0
if (ctx->search_pminlen) {
free(ctx->search_pminlen);
mpm_ctx->memory_cnt--;
mpm_ctx->memory_size -= (sizeof(u_int8_t) * ctx->search_hash_size);
}
#endif
free(mpm_ctx->ctx);
mpm_ctx->memory_cnt--;
mpm_ctx->memory_size -= sizeof(B3gCtx);
@ -1510,6 +1598,7 @@ static int B3gTestInit01 (void) {
return result;
}
#if 0
static int B3gTestS0Init01 (void) {
int result = 0;
MpmCtx mpm_ctx;
@ -1606,6 +1695,7 @@ static int B3gTestS0Init05 (void) {
B3gDestroyCtx(&mpm_ctx);
return result;
}
#endif
static int B3gTestScan01 (void) {
int result = 0;

@ -225,6 +225,18 @@ WmAllocHashItem(MpmCtx *mpm_ctx) {
return hi;
}
static void WmHashFree(MpmCtx *mpm_ctx, WmHashItem *hi) {
if (hi == NULL)
return;
WmHashItem *t = hi->nxt;
WmHashFree(mpm_ctx, t);
mpm_ctx->memory_cnt--;
mpm_ctx->memory_size -= sizeof(WmHashItem);
free(hi);
}
static inline void memcpy_tolower(u_int8_t *d, u_int8_t *s, u_int16_t len) {
u_int16_t i;
for (i = 0; i < len; i++) {
@ -580,7 +592,7 @@ static void WmScanPrepareHash(MpmCtx *mpm_ctx) {
if (ctx->scan_bloom[h] == NULL)
continue;
mpm_ctx->memory_cnt+=2; /* hackish: bloomfilter itself and the bitarray */
mpm_ctx->memory_cnt += BloomFilterMemoryCnt(ctx->scan_bloom[h]);
mpm_ctx->memory_size += BloomFilterMemorySize(ctx->scan_bloom[h]);
if (ctx->scan_pminlen[h] > 8)
@ -2196,7 +2208,33 @@ void WmDestroyCtx(MpmCtx *mpm_ctx) {
mpm_ctx->memory_size -= (mpm_ctx->pattern_cnt * sizeof(WmPattern));
}
if (ctx->scan_bloom) {
int h;
for (h = 0; h < ctx->scan_hash_size; h++) {
if (ctx->scan_bloom[h] == NULL)
continue;
mpm_ctx->memory_cnt -= BloomFilterMemoryCnt(ctx->scan_bloom[h]);
mpm_ctx->memory_size -= BloomFilterMemorySize(ctx->scan_bloom[h]);
BloomFilterFree(ctx->scan_bloom[h]);
}
free(ctx->scan_bloom);
mpm_ctx->memory_cnt--;
mpm_ctx->memory_size -= (sizeof(BloomFilter *) * ctx->scan_hash_size);
}
if (ctx->scan_hash) {
int h;
for (h = 0; h < ctx->scan_hash_size; h++) {
if (ctx->scan_hash[h] == NULL)
continue;
WmHashFree(mpm_ctx, ctx->scan_hash[h]);
}
free(ctx->scan_hash);
mpm_ctx->memory_cnt--;
mpm_ctx->memory_size -= (sizeof(WmHashItem) * ctx->scan_hash_size);
@ -2207,8 +2245,34 @@ void WmDestroyCtx(MpmCtx *mpm_ctx) {
mpm_ctx->memory_cnt--;
mpm_ctx->memory_size -= (sizeof(u_int16_t) * ctx->scan_hash_size);
}
#if 0
if (ctx->search_bloom) {
int h;
for (h = 0; h < ctx->search_hash_size; h++) {
if (ctx->search_bloom[h] == NULL)
continue;
mpm_ctx->memory_cnt -= BloomFilterMemoryCnt(ctx->scan_bloom[h]);
mpm_ctx->memory_size -= BloomFilterMemorySize(ctx->search_bloom[h]);
BloomFilterFree(ctx->search_bloom[h]);
}
free(ctx->search_bloom);
mpm_ctx->memory_cnt--;
mpm_ctx->memory_size -= (sizeof(BloomFilter *) * ctx->search_hash_size);
}
#endif
if (ctx->search_hash) {
int h;
for (h = 0; h < ctx->search_hash_size; h++) {
if (ctx->search_hash[h] == NULL)
continue;
WmHashFree(mpm_ctx, ctx->search_hash[h]);
}
free(ctx->search_hash);
mpm_ctx->memory_cnt--;
mpm_ctx->memory_size -= (sizeof(WmHashItem) * ctx->search_hash_size);
@ -2220,6 +2284,18 @@ void WmDestroyCtx(MpmCtx *mpm_ctx) {
mpm_ctx->memory_size -= (sizeof(u_int16_t) * ctx->search_hash_size);
}
if (ctx->scan_pminlen) {
free(ctx->scan_pminlen);
mpm_ctx->memory_cnt--;
mpm_ctx->memory_size -= (sizeof(u_int8_t) * ctx->scan_hash_size);
}
#if 0
if (ctx->search_pminlen) {
free(ctx->search_pminlen);
mpm_ctx->memory_cnt--;
mpm_ctx->memory_size -= (sizeof(u_int8_t) * ctx->search_hash_size);
}
#endif
free(mpm_ctx->ctx);
mpm_ctx->memory_cnt--;
mpm_ctx->memory_size -= sizeof(WmCtx);

@ -23,6 +23,7 @@
#include "util-binsearch.h"
#include "util-hash.h"
#include "util-hashlist.h"
#include "util-bloomfilter.h"
#include "util-bloomfilter-counting.h"
@ -210,11 +211,12 @@ int main(int argc, char **argv)
TmModuleRegisterTests();
SigTableRegisterTests();
HashTableRegisterTests();
HashListTableRegisterTests();
BloomFilterRegisterTests();
BloomFilterCountingRegisterTests();
MpmRegisterTests();
SigRegisterTests();
UtRunTests();
//UtRunTests();
UtCleanup();
//exit(1);
@ -266,7 +268,7 @@ int main(int argc, char **argv)
printf("ERROR: TmModuleGetByName failed for ReceiveNFQ\n");
exit(1);
}
Tm1SlotSetFunc(tv_receivenfq,tm_module);
Tm1SlotSetFunc(tv_receivenfq,tm_module,NULL);
if (TmThreadSpawn(tv_receivenfq) != 0) {
printf("ERROR: TmThreadSpawn failed\n");
@ -284,7 +286,7 @@ int main(int argc, char **argv)
printf("ERROR: TmModuleGetByName DecodeNFQ failed\n");
exit(1);
}
Tm1SlotSetFunc(tv_decode1,tm_module);
Tm1SlotSetFunc(tv_decode1,tm_module,NULL);
if (TmThreadSpawn(tv_decode1) != 0) {
printf("ERROR: TmThreadSpawn failed\n");
@ -301,7 +303,7 @@ int main(int argc, char **argv)
printf("ERROR: TmModuleGetByName DecodeNFQ failed\n");
exit(1);
}
Tm1SlotSetFunc(tv_decode2,tm_module);
Tm1SlotSetFunc(tv_decode2,tm_module,NULL);
if (TmThreadSpawn(tv_decode2) != 0) {
printf("ERROR: TmThreadSpawn failed\n");
@ -318,7 +320,7 @@ int main(int argc, char **argv)
printf("ERROR: TmModuleGetByName Detect failed\n");
exit(1);
}
Tm1SlotSetFunc(tv_detect1,tm_module);
Tm1SlotSetFunc(tv_detect1,tm_module,(void *)g_de_ctx);
if (TmThreadSpawn(tv_detect1) != 0) {
printf("ERROR: TmThreadSpawn failed\n");
@ -335,7 +337,7 @@ int main(int argc, char **argv)
printf("ERROR: TmModuleGetByName Detect failed\n");
exit(1);
}
Tm1SlotSetFunc(tv_detect2,tm_module);
Tm1SlotSetFunc(tv_detect2,tm_module,(void *)g_de_ctx);
if (TmThreadSpawn(tv_detect2) != 0) {
printf("ERROR: TmThreadSpawn failed\n");
@ -352,7 +354,7 @@ int main(int argc, char **argv)
printf("ERROR: TmModuleGetByName VerdictNFQ failed\n");
exit(1);
}
Tm1SlotSetFunc(tv_verdict,tm_module);
Tm1SlotSetFunc(tv_verdict,tm_module,NULL);
if (TmThreadSpawn(tv_verdict) != 0) {
printf("ERROR: TmThreadSpawn failed\n");
@ -369,7 +371,7 @@ int main(int argc, char **argv)
printf("ERROR: TmModuleGetByName for RespondReject failed\n");
exit(1);
}
Tm1SlotSetFunc(tv_rreject,tm_module);
Tm1SlotSetFunc(tv_rreject,tm_module,NULL);
if (TmThreadSpawn(tv_rreject) != 0) {
printf("ERROR: TmThreadSpawn failed\n");
@ -386,14 +388,14 @@ int main(int argc, char **argv)
printf("ERROR: TmModuleGetByName for AlertFastlog failed\n");
exit(1);
}
Tm2SlotSetFunc1(tv_alert,tm_module);
Tm2SlotSetFunc1(tv_alert,tm_module,NULL);
tm_module = TmModuleGetByName("LogHttplog");
if (tm_module == NULL) {
printf("ERROR: TmModuleGetByName failed\n");
exit(1);
}
Tm2SlotSetFunc2(tv_alert,tm_module);
Tm2SlotSetFunc2(tv_alert,tm_module,NULL);
if (TmThreadSpawn(tv_alert) != 0) {
printf("ERROR: TmThreadSpawn failed\n");
@ -412,14 +414,14 @@ int main(int argc, char **argv)
printf("ERROR: TmModuleGetByName for AlertUnifiedLog failed\n");
exit(1);
}
Tm2SlotSetFunc1(tv_unified,tm_module);
Tm2SlotSetFunc1(tv_unified,tm_module,NULL);
tm_module = TmModuleGetByName("AlertUnifiedAlert");
if (tm_module == NULL) {
printf("ERROR: TmModuleGetByName for AlertUnifiedAlert failed\n");
exit(1);
}
Tm2SlotSetFunc2(tv_unified,tm_module);
Tm2SlotSetFunc2(tv_unified,tm_module,NULL);
if (TmThreadSpawn(tv_unified) != 0) {
printf("ERROR: TmThreadSpawn failed\n");
@ -437,7 +439,7 @@ int main(int argc, char **argv)
printf("ERROR: TmModuleGetByName failed\n");
exit(1);
}
Tm1SlotSetFunc(tv_debugalert,tm_module);
Tm1SlotSetFunc(tv_debugalert,tm_module,NULL);
if (TmThreadSpawn(tv_debugalert) != 0) {
printf("ERROR: TmThreadSpawn failed\n");

Loading…
Cancel
Save