diff --git a/src/detect-engine-payload.c b/src/detect-engine-payload.c index 4ce0be416f..a16e8a0e3e 100644 --- a/src/detect-engine-payload.c +++ b/src/detect-engine-payload.c @@ -83,7 +83,7 @@ static void PrefilterPktStream(DetectEngineThreadCtx *det_ctx, int PrefilterPktStreamRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx) { - return PrefilterAppendEngine(sgh, PrefilterPktStream, mpm_ctx, NULL, "stream"); + return PrefilterAppendPayloadEngine(sgh, PrefilterPktStream, mpm_ctx, NULL, "stream"); } static void PrefilterPktPayload(DetectEngineThreadCtx *det_ctx, @@ -112,7 +112,7 @@ static void PrefilterPktPayload(DetectEngineThreadCtx *det_ctx, int PrefilterPktPayloadRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx) { - return PrefilterAppendEngine(sgh, PrefilterPktPayload, mpm_ctx, NULL, "payload"); + return PrefilterAppendPayloadEngine(sgh, PrefilterPktPayload, mpm_ctx, NULL, "payload"); } diff --git a/src/detect-engine-prefilter.c b/src/detect-engine-prefilter.c index e0a39d1f02..b7dac35bd0 100644 --- a/src/detect-engine-prefilter.c +++ b/src/detect-engine-prefilter.c @@ -116,7 +116,7 @@ void Prefilter(DetectEngineThreadCtx *det_ctx, const SigGroupHead *sgh, PROFILING_PREFILTER_RESET(p, det_ctx->de_ctx->profile_prefilter_maxid); /* run packet engines */ - PrefilterEngine *engine = sgh->engines; + PrefilterEngine *engine = sgh->pkt_engines; while (engine) { PROFILING_PREFILTER_START(p); engine->Prefilter(det_ctx, p, engine->pectx); @@ -125,6 +125,18 @@ void Prefilter(DetectEngineThreadCtx *det_ctx, const SigGroupHead *sgh, engine = engine->next; } + /* run payload inspecting engines */ + if ((p->payload_len > 0 || det_ctx->smsg != NULL) && !(p->flags & PKT_NOPAYLOAD_INSPECTION)) { + engine = sgh->payload_engines; + while (engine) { + PROFILING_PREFILTER_START(p); + engine->Prefilter(det_ctx, p, engine->pectx); + PROFILING_PREFILTER_END(p, engine->profile_id); + + engine = engine->next; + } + } + /* run tx engines */ if (((p->proto == IPPROTO_TCP && p->flowflags & FLOW_PKT_ESTABLISHED) || p->proto != IPPROTO_TCP) && has_state) { if (sgh->tx_engines != NULL && p->flow != NULL && @@ -151,10 +163,46 @@ int PrefilterAppendEngine(SigGroupHead *sgh, e->pectx = pectx; e->Free = FreeFunc; - if (sgh->engines == NULL) { - sgh->engines = e; + if (sgh->pkt_engines == NULL) { + sgh->pkt_engines = e; + } else { + PrefilterEngine *t = sgh->pkt_engines; + while (t->next != NULL) { + t = t->next; + } + + t->next = e; + e->id = t->id + 1; + } + +#ifdef PROFILING + sgh->engines_cnt = e->id; + e->name = name; + e->profile_id = PrefilterStoreGetId(e->name); +#endif + return 0; +} + +int PrefilterAppendPayloadEngine(SigGroupHead *sgh, + void (*Prefilter)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx), + void *pectx, void (*FreeFunc)(void *pectx), + const char *name) +{ + if (sgh == NULL || Prefilter == NULL || pectx == NULL) + return -1; + + PrefilterEngine *e = SCCalloc(1, sizeof(*e)); + if (e == NULL) + return -1; + + e->Prefilter = Prefilter; + e->pectx = pectx; + e->Free = FreeFunc; + + if (sgh->payload_engines == NULL) { + sgh->payload_engines = e; } else { - PrefilterEngine *t = sgh->engines; + PrefilterEngine *t = sgh->payload_engines; while (t->next != NULL) { t = t->next; } diff --git a/src/detect-engine-prefilter.h b/src/detect-engine-prefilter.h index d98bee7b59..5ce32fea0a 100644 --- a/src/detect-engine-prefilter.h +++ b/src/detect-engine-prefilter.h @@ -31,6 +31,10 @@ int PrefilterAppendEngine(SigGroupHead *sgh, void (*Prefilter)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx), void *pectx, void (*FreeFunc)(void *pectx), const char *name); +int PrefilterAppendPayloadEngine(SigGroupHead *sgh, + void (*Prefilter)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx), + void *pectx, void (*FreeFunc)(void *pectx), + const char *name); int PrefilterAppendTxEngine(SigGroupHead *sgh, void (*PrefilterTx)(DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p, Flow *f, void *tx, diff --git a/src/detect-engine-siggroup.c b/src/detect-engine-siggroup.c index 60bf5abecb..aab2fd4616 100644 --- a/src/detect-engine-siggroup.c +++ b/src/detect-engine-siggroup.c @@ -172,7 +172,8 @@ void SigGroupHeadFree(SigGroupHead *sgh) } PrefilterFreeEngines(sgh->tx_engines); - PrefilterFreeEngines(sgh->engines); + PrefilterFreeEngines(sgh->pkt_engines); + PrefilterFreeEngines(sgh->payload_engines); SCFree(sgh); diff --git a/src/detect.c b/src/detect.c index cbc1d56bcf..497f9026db 100644 --- a/src/detect.c +++ b/src/detect.c @@ -3825,7 +3825,11 @@ int SigAddressPrepareStage4(DetectEngineCtx *de_ctx) uint32_t engines = 0; uint32_t tx_engines = 0; - for (e = sgh->engines ; e != NULL; e = e->next) { + for (e = sgh->pkt_engines ; e != NULL; e = e->next) { + engines++; + de_ctx->profile_prefilter_maxid = MAX(de_ctx->profile_prefilter_maxid, e->profile_id); + } + for (e = sgh->payload_engines ; e != NULL; e = e->next) { engines++; de_ctx->profile_prefilter_maxid = MAX(de_ctx->profile_prefilter_maxid, e->profile_id); } diff --git a/src/detect.h b/src/detect.h index 6bfb75df01..9b70c7c7b7 100644 --- a/src/detect.h +++ b/src/detect.h @@ -1027,7 +1027,8 @@ typedef struct SigGroupHead_ { uint32_t id; /**< unique id used to index sgh_array for stats */ - PrefilterEngine *engines; + PrefilterEngine *pkt_engines; + PrefilterEngine *payload_engines; PrefilterEngine *tx_engines; #ifdef PROFILING