aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect-dns: move DetectEngineInspectGenericList to detect-engine.c

Browse Source 
Move DetectEngineInspectGenericList from detect-engine-dns.c to
detect-engine.c to enable it to be used other places as well.
pull/2284/head
Mats Klepsland 9 years ago committed by Victor Julien
parent cad638697d
commit d91664d67a
3 changed files with 55 additions and 46 deletions
Show Stats Download Patch File Download Diff File

46
src/detect-engine-dns.c
Unescape Escape View File

@ -159,52 +159,6 @@ uint32_t DetectDnsQueryInspectMpm(DetectEngineThreadCtx *det_ctx, Flow *f,
SCReturnUInt(cnt);
}
/** \brief Do the content inspection & validation for a signature
*
* \param de_ctx Detection engine context
* \param det_ctx Detection engine thread context
* \param s Signature to inspect
* \param sm SigMatch to inspect
* \param f Flow
* \param flags app layer flags
* \param state App layer state
*
* \retval 0 no match
* \retval 1 match
*/
int DetectEngineInspectGenericList(ThreadVars *tv,
const DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx,
const Signature *s, Flow *f, const uint8_t flags,
void *alstate, void *txv, uint64_t tx_id, const int list)
{
KEYWORD_PROFILING_SET_LIST(det_ctx, list);
SigMatchData *smd = s->sm_arrays[list];
SCLogDebug("running match functions, sm %p", smd);
if (smd != NULL) {
while (1) {
int match = 0;
KEYWORD_PROFILING_START;
match = sigmatch_table[smd->type].
AppLayerTxMatch(tv, det_ctx, f, flags, alstate, txv, s, smd->ctx);
KEYWORD_PROFILING_END(det_ctx, smd->type, (match == 1));
if (match == 0)
return DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
if (match == 2) {
return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH;
}
if (smd->is_last)
break;
smd++;
}
}
return DETECT_ENGINE_INSPECT_SIG_MATCH;
}
int DetectEngineInspectDnsRequest(ThreadVars *tv,
DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx,

50
src/detect-engine.c
Unescape Escape View File

@ -563,6 +563,56 @@ int DetectEngineReloadIsDone(void)
return r;
}
/** \brief Do the content inspection & validation for a signature
*
* \param de_ctx Detection engine context
* \param det_ctx Detection engine thread context
* \param s Signature to inspect
* \param sm SigMatch to inspect
* \param f Flow
* \param flags app layer flags
* \param state App layer state
*
* \retval 0 no match
* \retval 1 match
*/
int DetectEngineInspectGenericList(ThreadVars *tv,
const DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx,
const Signature *s, Flow *f, const uint8_t flags,
void *alstate, void *txv, uint64_t tx_id, const int list)
{
#ifdef PROFILING
KEYWORD_PROFILING_SET_LIST(det_ctx, list);
#endif
SigMatchData *smd = s->sm_arrays[list];
SCLogDebug("running match functions, sm %p", smd);
if (smd != NULL) {
while (1) {
int match = 0;
#ifdef PROFILING
KEYWORD_PROFILING_START;
#endif
match = sigmatch_table[smd->type].
AppLayerTxMatch(tv, det_ctx, f, flags, alstate, txv, s, smd->ctx);
#ifdef PROFILING
KEYWORD_PROFILING_END(det_ctx, smd->type, (match == 1));
#endif
if (match == 0)
return DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
if (match == 2) {
return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH;
}
if (smd->is_last)
break;
smd++;
}
}
return DETECT_ENGINE_INSPECT_SIG_MATCH;
}
/* nudge capture loops to wake up */
static void BreakCapture(void)
{

5
src/detect-engine.h
Unescape Escape View File

@ -94,6 +94,11 @@ int DetectEngineTentantUnregisterVlanId(uint32_t tenant_id, uint16_t vlan_id);
int DetectEngineTentantRegisterPcapFile(uint32_t tenant_id);
int DetectEngineTentantUnregisterPcapFile(uint32_t tenant_id);
int DetectEngineInspectGenericList(ThreadVars *, const DetectEngineCtx *,
DetectEngineThreadCtx *, const Signature *,
Flow *, const uint8_t, void *, void *,
uint64_t, const int);
/**
* \brief Registers an app inspection engine.
*

Write Preview
Loading…
Cancel
Save