aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect: remove old unused code

Browse Source
pull/1978/head
Victor Julien 10 years ago
parent 10b049304f
commit f0ba00e51d
9 changed files with 0 additions and 1110 deletions
Show Stats Download Patch File Download Diff File

6
src/detect-content.c
Unescape Escape View File

@ -65,12 +65,6 @@ void DetectContentRegister (void)
sigmatch_table[DETECT_CONTENT].flags |= SIGMATCH_PAYLOAD;
}
/* pass on the content_max_id */
uint32_t DetectContentMaxId(DetectEngineCtx *de_ctx)
{
return MpmPatternIdStoreGetMaxId(de_ctx->mpm_pattern_id_store);
}
/**
* \brief Parse a content string, ie "abc|DE|fgh"
*

159
src/detect-engine-mpm.c
Unescape Escape View File

@ -2459,165 +2459,6 @@ int PatternMatchPrepareGroup(const DetectEngineCtx *de_ctx, SigGroupHead *sh)
return 0;
}
/** \brief Pattern ID Hash for sharing pattern id's
*
* A per detection engine hash to make sure each pattern has a unique
* global id but patterns that are the same share id's.
*/
typedef struct MpmPatternIdTableElmt_ {
uint8_t *pattern; /**< ptr to the pattern */
uint16_t pattern_len; /**< pattern len */
PatIntId id; /**< pattern id */
uint32_t dup_count; /**< duplicate count */
int sm_list; /**< SigMatch list */
} MpmPatternIdTableElmt;
/** \brief Hash compare func for MpmPatternId api
* \retval 1 patterns are the same
* \retval 0 patterns are not the same
**/
static char MpmPatternIdCompare(void *p1, uint16_t len1, void *p2, uint16_t len2)
{
SCEnter();
BUG_ON(len1 < sizeof(MpmPatternIdTableElmt));
BUG_ON(len2 < sizeof(MpmPatternIdTableElmt));
MpmPatternIdTableElmt *e1 = (MpmPatternIdTableElmt *)p1;
MpmPatternIdTableElmt *e2 = (MpmPatternIdTableElmt *)p2;
if (e1->pattern_len != e2->pattern_len ||
e1->sm_list != e2->sm_list) {
SCReturnInt(0);
}
if (SCMemcmp(e1->pattern, e2->pattern, e1->pattern_len) != 0) {
SCReturnInt(0);
}
SCReturnInt(1);
}
/** \brief Hash func for MpmPatternId api
* \retval hash hash value
*/
static uint32_t MpmPatternIdHashFunc(HashTable *ht, void *p, uint16_t len)
{
SCEnter();
BUG_ON(len < sizeof(MpmPatternIdTableElmt));
MpmPatternIdTableElmt *e = (MpmPatternIdTableElmt *)p;
uint32_t hash = e->pattern_len;
uint16_t u = 0;
for (u = 0; u < e->pattern_len; u++) {
hash += e->pattern[u];
}
SCReturnUInt(hash % ht->array_size);
}
/** \brief free a MpmPatternIdTableElmt */
static void MpmPatternIdTableElmtFree(void *e)
{
SCEnter();
MpmPatternIdTableElmt *c = (MpmPatternIdTableElmt *)e;
SCFree(c->pattern);
SCFree(c);
SCReturn;
}
/** \brief alloc initialize the MpmPatternIdHash */
MpmPatternIdStore *MpmPatternIdTableInitHash(void)
{
SCEnter();
MpmPatternIdStore *ht = SCMalloc(sizeof(MpmPatternIdStore));
BUG_ON(ht == NULL);
memset(ht, 0x00, sizeof(MpmPatternIdStore));
ht->hash = HashTableInit(65536, MpmPatternIdHashFunc, MpmPatternIdCompare, MpmPatternIdTableElmtFree);
BUG_ON(ht->hash == NULL);
SCReturnPtr(ht, "MpmPatternIdStore");
}
void MpmPatternIdTableFreeHash(MpmPatternIdStore *ht)
{
SCEnter();
if (ht == NULL) {
SCReturn;
}
if (ht->hash != NULL) {
HashTableFree(ht->hash);
}
SCFree(ht);
SCReturn;
}
uint32_t MpmPatternIdStoreGetMaxId(MpmPatternIdStore *ht)
{
if (ht == NULL) {
return 0;
}
return ht->max_id;
}
/**
* \brief Get the pattern id for a content pattern
*
* \param ht mpm pattern id hash table store
* \param co content pattern data
*
* \retval id pattern id
* \initonly
*/
uint32_t DetectContentGetId(MpmPatternIdStore *ht, DetectContentData *co)
{
SCEnter();
BUG_ON(ht == NULL || ht->hash == NULL);
MpmPatternIdTableElmt *e = NULL;
MpmPatternIdTableElmt *r = NULL;
uint32_t id = 0;
e = SCMalloc(sizeof(MpmPatternIdTableElmt));
BUG_ON(e == NULL);
memset(e, 0, sizeof(MpmPatternIdTableElmt));
e->pattern = SCMalloc(co->content_len);
BUG_ON(e->pattern == NULL);
memcpy(e->pattern, co->content, co->content_len);
e->pattern_len = co->content_len;
e->id = 0;
r = HashTableLookup(ht->hash, (void *)e, sizeof(MpmPatternIdTableElmt));
if (r == NULL) {
e->id = ht->max_id;
ht->max_id++;
id = e->id;
int ret = HashTableAdd(ht->hash, e, sizeof(MpmPatternIdTableElmt));
BUG_ON(ret != 0);
e = NULL;
ht->unique_patterns++;
} else {
id = r->id;
ht->shared_patterns++;
}
if (e != NULL)
MpmPatternIdTableElmtFree(e);
SCReturnUInt(id);
}
typedef struct DetectFPAndItsId_ {
PatIntId id;
uint16_t content_len;

191
src/detect-engine-port.c
Unescape Escape View File

@ -1534,197 +1534,6 @@ int DetectPortIsValidRange(char *port)
}
/********************** End parsing routines ********************/
/********************* Hash function routines *******************/
#define PORT_HASH_SIZE 1024
/**
* \brief Generate a hash for a DetectPort group
*
* \param ht HashListTable
* \param data Pointer to the DetectPort
* \param datalen sizeof data (not used here atm)
*
* \retval uint32_t the value of the generated hash
*/
uint32_t DetectPortHashFunc(HashListTable *ht, void *data, uint16_t datalen)
{
DetectPort *p = (DetectPort *)data;
uint32_t hash = p->port * p->port2;
return hash % ht->array_size;
}
/**
* \brief Function that return if the two DetectPort groups are equal or not
*
* \param data1 Pointer to the DetectPort 1
* \param len1 sizeof data 1 (not used here atm)
* \param data2 Pointer to the DetectPort 2
* \param len2 sizeof data 2 (not used here atm)
*
* \retval 1 if the DetectPort groups are equal
* \retval 0 if not equal
*/
char DetectPortCompareFunc(void *data1, uint16_t len1, void *data2,
uint16_t len2)
{
DetectPort *p1 = (DetectPort *)data1;
DetectPort *p2 = (DetectPort *)data2;
if (p1->port2 == p2->port2 && p1->port == p2->port &&
p1->flags == p2->flags)
return 1;
return 0;
}
void DetectPortFreeFunc(void *p)
{
DetectPort *dp = (DetectPort *)p;
DetectPortFree(dp);
}
/**
* \brief Function that initialize the HashListTable of destination DetectPort
*
* \param de_ctx Pointer to the current DetectionEngineContext
*
* \retval 0 HashListTable initialization succes
* \retval -1 Error
*/
int DetectPortDpHashInit(DetectEngineCtx *de_ctx)
{
de_ctx->dport_hash_table = HashListTableInit(PORT_HASH_SIZE,
DetectPortHashFunc, DetectPortCompareFunc, DetectPortFreeFunc);
if (de_ctx->dport_hash_table == NULL)
goto error;
return 0;
error:
return -1;
}
/**
* \brief Function that free the HashListTable of destination DetectPort
*
* \param de_ctx Pointer to the current DetectionEngineCtx
*/
void DetectPortDpHashFree(DetectEngineCtx *de_ctx)
{
if (de_ctx->dport_hash_table == NULL)
return;
HashListTableFree(de_ctx->dport_hash_table);
de_ctx->dport_hash_table = NULL;
}
/**
* \brief Function that reset the HashListTable of destination DetectPort
* (Free and Initialize it)
*
* \param de_ctx Pointer to the current DetectionEngineCtx
*/
void DetectPortDpHashReset(DetectEngineCtx *de_ctx)
{
DetectPortDpHashFree(de_ctx);
DetectPortDpHashInit(de_ctx);
}
/**
* \brief Function that add a destination DetectPort into the hashtable
*
* \param de_ctx Pointer to the current DetectionEngineCtx
* \param p Pointer to the DetectPort to add
*/
int DetectPortDpHashAdd(DetectEngineCtx *de_ctx, DetectPort *p)
{
return HashListTableAdd(de_ctx->dport_hash_table, (void *)p, 0);
}
/**
* \brief Function that search a destination DetectPort in the hashtable
*
* \param de_ctx Pointer to the current DetectionEngineCtx
* \param p Pointer to the DetectPort to search
*/
DetectPort *DetectPortDpHashLookup(DetectEngineCtx *de_ctx, DetectPort *p)
{
DetectPort *rp = HashListTableLookup(de_ctx->dport_hash_table,
(void *)p, 0);
return rp;
}
/**
* \brief Function that initialize the HashListTable of source DetectPort
*
* \param de_ctx Pointer to the current DetectionEngineContext
*
* \retval 0 HashListTable initialization succes
* \retval -1 Error
*/
int DetectPortSpHashInit(DetectEngineCtx *de_ctx)
{
de_ctx->sport_hash_table = HashListTableInit(PORT_HASH_SIZE,
DetectPortHashFunc, DetectPortCompareFunc, DetectPortFreeFunc);
if (de_ctx->sport_hash_table == NULL)
goto error;
return 0;
error:
return -1;
}
/**
* \brief Function that free the HashListTable of source DetectPort
*
* \param de_ctx Pointer to the current DetectionEngineCtx
*/
void DetectPortSpHashFree(DetectEngineCtx *de_ctx)
{
if (de_ctx->sport_hash_table == NULL)
return;
HashListTableFree(de_ctx->sport_hash_table);
de_ctx->sport_hash_table = NULL;
}
/**
* \brief Function that reset the HashListTable of source DetectPort
* (Free and Initialize it)
*
* \param de_ctx Pointer to the current DetectionEngineCtx
*/
void DetectPortSpHashReset(DetectEngineCtx *de_ctx)
{
DetectPortSpHashFree(de_ctx);
DetectPortSpHashInit(de_ctx);
}
/**
* \brief Function that add a source DetectPort into the hashtable
*
* \param de_ctx Pointer to the current DetectionEngineCtx
* \param p Pointer to the DetectPort to add
*/
int DetectPortSpHashAdd(DetectEngineCtx *de_ctx, DetectPort *p)
{
return HashListTableAdd(de_ctx->sport_hash_table, (void *)p, 0);
}
/**
* \brief Function that search a source DetectPort in the hashtable
*
* \param de_ctx Pointer to the current DetectionEngineCtx
* \param p Pointer to the DetectPort to search
*/
DetectPort *DetectPortSpHashLookup(DetectEngineCtx *de_ctx, DetectPort *p)
{
DetectPort *rp = HashListTableLookup(de_ctx->sport_hash_table,
(void *)p, 0);
return rp;
}
/*---------------------- Unittests -------------------------*/
#ifdef UNITTESTS

697
src/detect-engine-siggroup.c
Unescape Escape View File

@ -68,16 +68,6 @@ static uint32_t detect_siggroup_matcharray_free_cnt = 0;
void SigGroupHeadInitDataFree(SigGroupHeadInitData *sghid)
{
if (sghid->content_array != NULL) {
SCFree(sghid->content_array);
sghid->content_array = NULL;
sghid->content_size = 0;
}
if (sghid->uri_content_array != NULL) {
SCFree(sghid->uri_content_array);
sghid->uri_content_array = NULL;
sghid->uri_content_size = 0;
}
if (sghid->sig_array != NULL) {
SCFree(sghid->sig_array);
sghid->sig_array = NULL;
@ -340,258 +330,6 @@ void SigGroupHeadMpmHashFree(DetectEngineCtx *de_ctx)
return;
}
/**
* \brief The hash function to be the used by the mpm uri SigGroupHead hash
* table - DetectEngineCtx->sgh_mpm_uri_hash_table.
*
* \param ht Pointer to the hash table.
* \param data Pointer to the SigGroupHead.
* \param datalen Not used in our case.
*
* \retval hash The generated hash value.
*/
uint32_t SigGroupHeadMpmUriHashFunc(HashListTable *ht, void *data, uint16_t datalen)
{
SigGroupHead *sgh = (SigGroupHead *)data;
uint32_t hash = 0;
uint32_t b = 0;
for (b = 0; b < sgh->init->uri_content_size; b++)
hash += sgh->init->uri_content_array[b];
return hash % ht->array_size;
}
/**
* \brief The Compare function to be used by the mpm uri SigGroupHead hash
* table - DetectEngineCtx->sgh_mpm_uri_hash_table.
*
* \param data1 Pointer to the first SigGroupHead.
* \param len1 Not used.
* \param data2 Pointer to the second SigGroupHead.
* \param len2 Not used.
*
* \retval 1 If the 2 SigGroupHeads sent as args match.
* \retval 0 If the 2 SigGroupHeads sent as args do not match.
*/
char SigGroupHeadMpmUriCompareFunc(void *data1, uint16_t len1, void *data2,
uint16_t len2)
{
SigGroupHead *sgh1 = (SigGroupHead *)data1;
SigGroupHead *sgh2 = (SigGroupHead *)data2;
if (sgh1->init->uri_content_size != sgh2->init->uri_content_size)
return 0;
if (SCMemcmp(sgh1->init->uri_content_array, sgh2->init->uri_content_array,
sgh1->init->uri_content_size) != 0) {
return 0;
}
return 1;
}
/**
* \brief Initializes the mpm uri hash table to be used by the detection engine
* context.
*
* \param de_ctx Pointer to the detection engine context.
*
* \retval 0 On success.
* \retval -1 On failure.
*/
int SigGroupHeadMpmUriHashInit(DetectEngineCtx *de_ctx)
{
de_ctx->sgh_mpm_uri_hash_table = HashListTableInit(4096,
SigGroupHeadMpmUriHashFunc,
SigGroupHeadMpmUriCompareFunc,
NULL);
if (de_ctx->sgh_mpm_uri_hash_table == NULL)
goto error;
return 0;
error:
return -1;
}
/**
* \brief Adds a SigGroupHead to the detection engine context SigGroupHead
* mpm uri hash table.
*
* \param de_ctx Pointer to the detection engine context.
* \param sgh Pointer to the SigGroupHead.
*
* \retval ret 0 on Successfully adding the argument sgh and -1 on failure.
*/
int SigGroupHeadMpmUriHashAdd(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
{
int ret = HashListTableAdd(de_ctx->sgh_mpm_uri_hash_table, (void *)sgh, 0);
return ret;
}
/**
* \brief Used to lookup a SigGroupHead from the detection engine context
* SigGroupHead mpm uri hash table.
*
* \param de_ctx Pointer to the detection engine context.
* \param sgh Pointer to the SigGroupHead.
*
* \retval rsgh On success a pointer to the SigGroupHead if the SigGroupHead is
* found in the hash table; NULL on failure.
*/
SigGroupHead *SigGroupHeadMpmUriHashLookup(DetectEngineCtx *de_ctx,
SigGroupHead *sgh)
{
SigGroupHead *rsgh = HashListTableLookup(de_ctx->sgh_mpm_uri_hash_table,
(void *)sgh, 0);
return rsgh;
}
/**
* \brief Frees the hash table - DetectEngineCtx->sgh_mpm_uri_hash_table,
* allocated by SigGroupHeadMpmUriHashInit() function.
*
* \param de_ctx Pointer to the detection engine context.
*/
void SigGroupHeadMpmUriHashFree(DetectEngineCtx *de_ctx)
{
if (de_ctx->sgh_mpm_uri_hash_table == NULL)
return;
HashListTableFree(de_ctx->sgh_mpm_uri_hash_table);
de_ctx->sgh_mpm_uri_hash_table = NULL;
return;
}
/**
* \brief The hash function to be the used by the mpm uri SigGroupHead hash
* table - DetectEngineCtx->sgh_mpm_uri_hash_table.
*
* \param ht Pointer to the hash table.
* \param data Pointer to the SigGroupHead.
* \param datalen Not used in our case.
*
* \retval hash The generated hash value.
*/
uint32_t SigGroupHeadMpmStreamHashFunc(HashListTable *ht, void *data, uint16_t datalen)
{
SigGroupHead *sgh = (SigGroupHead *)data;
uint32_t hash = 0;
uint32_t b = 0;
for (b = 0; b < sgh->init->stream_content_size; b++)
hash += sgh->init->stream_content_array[b];
return hash % ht->array_size;
}
/**
* \brief The Compare function to be used by the mpm uri SigGroupHead hash
* table - DetectEngineCtx->sgh_mpm_uri_hash_table.
*
* \param data1 Pointer to the first SigGroupHead.
* \param len1 Not used.
* \param data2 Pointer to the second SigGroupHead.
* \param len2 Not used.
*
* \retval 1 If the 2 SigGroupHeads sent as args match.
* \retval 0 If the 2 SigGroupHeads sent as args do not match.
*/
char SigGroupHeadMpmStreamCompareFunc(void *data1, uint16_t len1, void *data2,
uint16_t len2)
{
SigGroupHead *sgh1 = (SigGroupHead *)data1;
SigGroupHead *sgh2 = (SigGroupHead *)data2;
if (sgh1->init->stream_content_size != sgh2->init->stream_content_size)
return 0;
if (SCMemcmp(sgh1->init->stream_content_array, sgh2->init->stream_content_array,
sgh1->init->stream_content_size) != 0) {
return 0;
}
return 1;
}
/**
* \brief Initializes the mpm uri hash table to be used by the detection engine
* context.
*
* \param de_ctx Pointer to the detection engine context.
*
* \retval 0 On success.
* \retval -1 On failure.
*/
int SigGroupHeadMpmStreamHashInit(DetectEngineCtx *de_ctx)
{
de_ctx->sgh_mpm_stream_hash_table = HashListTableInit(4096,
SigGroupHeadMpmStreamHashFunc, SigGroupHeadMpmStreamCompareFunc, NULL);
if (de_ctx->sgh_mpm_stream_hash_table == NULL)
goto error;
return 0;
error:
return -1;
}
/**
* \brief Adds a SigGroupHead to the detection engine context SigGroupHead
* mpm uri hash table.
*
* \param de_ctx Pointer to the detection engine context.
* \param sgh Pointer to the SigGroupHead.
*
* \retval ret 0 on Successfully adding the argument sgh and -1 on failure.
*/
int SigGroupHeadMpmStreamHashAdd(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
{
int ret = HashListTableAdd(de_ctx->sgh_mpm_stream_hash_table, (void *)sgh, 0);
return ret;
}
/**
* \brief Used to lookup a SigGroupHead from the detection engine context
* SigGroupHead mpm uri hash table.
*
* \param de_ctx Pointer to the detection engine context.
* \param sgh Pointer to the SigGroupHead.
*
* \retval rsgh On success a pointer to the SigGroupHead if the SigGroupHead is
* found in the hash table; NULL on failure.
*/
SigGroupHead *SigGroupHeadMpmStreamHashLookup(DetectEngineCtx *de_ctx,
SigGroupHead *sgh)
{
SigGroupHead *rsgh = HashListTableLookup(de_ctx->sgh_mpm_stream_hash_table,
(void *)sgh, 0);
return rsgh;
}
/**
* \brief Frees the hash table - DetectEngineCtx->sgh_mpm_uri_hash_table,
* allocated by SigGroupHeadMpmUriHashInit() function.
*
* \param de_ctx Pointer to the detection engine context.
*/
void SigGroupHeadMpmStreamHashFree(DetectEngineCtx *de_ctx)
{
if (de_ctx->sgh_mpm_stream_hash_table == NULL)
return;
HashListTableFree(de_ctx->sgh_mpm_stream_hash_table);
de_ctx->sgh_mpm_stream_hash_table = NULL;
return;
}
/**
* \brief The hash function to be the used by the hash table -
* DetectEngineCtx->sgh_hash_table.
@ -806,88 +544,6 @@ void SigGroupHeadDPortHashFree(DetectEngineCtx *de_ctx)
return;
}
/**
* \brief Initializes the sport based SigGroupHead hash table to hold the
* SigGroupHeads. The hash table that would be initialized is
* DetectEngineCtx->sgh_sport_hash_table.
*
* \param de_ctx Pointer to the detection engine context.
*
* \retval 0 On success.
* \retval -1 On failure.
*/
int SigGroupHeadSPortHashInit(DetectEngineCtx *de_ctx)
{
de_ctx->sgh_sport_hash_table = HashListTableInit(4096,
SigGroupHeadHashFunc,
SigGroupHeadCompareFunc,
NULL);
if (de_ctx->sgh_sport_hash_table == NULL)
goto error;
return 0;
error:
return -1;
}
/**
* \brief Adds a SigGroupHead to the detection engine context dport based
* SigGroupHead hash table(DetectEngineCtx->sgh_sport_hash_table).
*
* \param de_ctx Pointer to the detection engine context.
* \param sgh Pointer to the SigGroupHead.
*
* \retval ret 0 on Successfully adding the argument sgh and -1 on failure.
*/
int SigGroupHeadSPortHashAdd(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
{
int ret = HashListTableAdd(de_ctx->sgh_sport_hash_table, (void *)sgh, 0);
return ret;
}
int SigGroupHeadSPortHashRemove(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
{
return HashListTableRemove(de_ctx->sgh_sport_hash_table, (void *)sgh, 0);
}
/**
* \brief Used to lookup a SigGroupHead hash from the detection engine ctx sport
* based SigGroupHead hash table(DetectEngineCtx->sgh_dport_hash_table).
*
* \param de_ctx Pointer to the detection engine context.
* \param sgh Pointer to the SigGroupHead.
*
* \retval rsgh On success a pointer to the SigGroupHead if the SigGroupHead is
* found in the hash table; NULL on failure.
*/
SigGroupHead *SigGroupHeadSPortHashLookup(DetectEngineCtx *de_ctx,
SigGroupHead *sgh)
{
SigGroupHead *rsgh = HashListTableLookup(de_ctx->sgh_sport_hash_table,
(void *)sgh, 0);
return rsgh;
}
/**
* \brief Frees the hash table - DetectEngineCtx->sgh_sport_hash_table,
* allocated by the SigGroupHeadSPortHashInit() function.
*
* \param de_ctx Pointer to the detection engine context.
*/
void SigGroupHeadSPortHashFree(DetectEngineCtx *de_ctx)
{
if (de_ctx->sgh_sport_hash_table == NULL)
return;
HashListTableFree(de_ctx->sgh_sport_hash_table);
de_ctx->sgh_sport_hash_table = NULL;
return;
}
/**
* \brief Used to free the signature array, content_array and uri_content_array
* members from the SigGroupHeads in the HashListTable.
@ -964,7 +620,6 @@ void SigGroupHeadFreeSigArrays(DetectEngineCtx *de_ctx)
{
SigGroupHeadFreeSigArraysHash2(de_ctx, de_ctx->sgh_hash_table);
SigGroupHeadFreeSigArraysHash(de_ctx, de_ctx->sgh_dport_hash_table);
SigGroupHeadFreeSigArraysHash(de_ctx, de_ctx->sgh_sport_hash_table);
return;
}
@ -987,14 +642,6 @@ void SigGroupHeadFreeMpmArrays(DetectEngineCtx *de_ctx)
}
}
for (htb = HashListTableGetListHead(de_ctx->sgh_sport_hash_table); htb != NULL; htb = HashListTableGetListNext(htb)) {
sgh = (SigGroupHead *)HashListTableGetListData(htb);
if (sgh->init != NULL) {
SigGroupHeadInitDataFree(sgh->init);
sgh->init = NULL;
}
}
return;
}
@ -1236,304 +883,6 @@ void SigGroupHeadPrintSigs(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
SCReturn;
}
/**
* \brief Helper function used to print the content ids of all the contents that
* have been added to the bitarray of this SigGroupHead.
*
* \param de_ctx Pointer to the detection engine context.
* \param sgh Pointer to the SigGroupHead.
*/
void SigGroupHeadPrintContent(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
{
SCEnter();
uint32_t i = 0;
SCLogDebug("Contents with the following content ids are present in this "
"SigGroupHead - ");
for (i = 0; i < DetectContentMaxId(de_ctx); i++) {
if (sgh->init->content_array[i / 8] & (1 << (i % 8)))
SCLogDebug("%" PRIu32, i);
}
SCReturn;
}
/**
* \brief Helper function used to print the total no of contents that have
* been added to the bitarray for this SigGroupHead.
*
* \param de_ctx Pointer to the detection engine context.
* \param sgh Pointer to the SigGroupHead.
*/
void SigGroupHeadPrintContentCnt(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
{
SCEnter();
uint32_t i = 0;
uint32_t cnt = 0;
for (i = 0; i < DetectContentMaxId(de_ctx); i++) {
if (sgh->init->content_array[i / 8] & (1 << (i % 8)))
cnt++;
}
SCLogDebug("Total contents added to the SigGroupHead content bitarray: "
"%" PRIu32, cnt);
SCReturn;
}
/**
* \brief Loads all the content ids from all the contents belonging to all the
* Signatures in this SigGroupHead, into a bitarray. A fast and an
* efficient way of comparing pattern sets.
*
* \param de_ctx Pointer to the detection engine context.
* \param sgh Pointer to the SigGroupHead.
*
* \retval 0 On success, i.e. on either the detection engine context being NULL
* or on successfully allocating memory and updating it with relevant
* data.
* \retval -1 On failure.
*/
int SigGroupHeadLoadContent(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
{
Signature *s = NULL;
SigMatch *sm = NULL;
uint32_t sig = 0;
DetectContentData *co = NULL;
if (sgh == NULL)
return 0;
if (DetectContentMaxId(de_ctx) == 0)
return 0;
BUG_ON(sgh->init == NULL);
sgh->init->content_size = (DetectContentMaxId(de_ctx) / 8) + 1;
sgh->init->content_array = SCMalloc(sgh->init->content_size);
if (sgh->init->content_array == NULL)
return -1;
memset(sgh->init->content_array,0, sgh->init->content_size);
for (sig = 0; sig < sgh->sig_cnt; sig++) {
s = sgh->match_array[sig];
if (s == NULL)
continue;
if (s->alproto != ALPROTO_UNKNOWN)
continue;
sm = s->sm_lists[DETECT_SM_LIST_PMATCH];
if (sm == NULL)
continue;
for ( ;sm != NULL; sm = sm->next) {
if (sm->type == DETECT_CONTENT) {
co = (DetectContentData *)sm->ctx;
sgh->init->content_array[co->id / 8] |= 1 << (co->id % 8);
}
}
}
return 0;
}
/**
* \brief Clears the memory allocated by SigGroupHeadLoadContent() for the
* bitarray to hold the content ids for a SigGroupHead.
*
* \param Pointer to the SigGroupHead whose content_array would to be cleared.
*
* \ret 0 Always.
*/
int SigGroupHeadClearContent(SigGroupHead *sh)
{
if (sh == NULL)
return 0;
if (sh->init->content_array != NULL) {
SCFree(sh->init->content_array);
sh->init->content_array = NULL;
sh->init->content_size = 0;
}
return 0;
}
/**
* \brief Loads all the uri content ids from all the uri contents belonging to
* all the Signatures in this SigGroupHead, into a bitarray. A fast and
* an efficient way of comparing pattern sets.
*
* \param de_ctx Pointer to the detection engine context.
* \param sgh Pointer to the SigGroupHead.
*
* \retval 0 On success, i.e. on either the detection engine context being NULL
* or on successfully allocating memory and updating it with relevant
* data.
* \retval -1 On failure.
*/
int SigGroupHeadLoadUricontent(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
{
Signature *s = NULL;
SigMatch *sm = NULL;
uint32_t sig = 0;
DetectContentData *co = NULL;
if (sgh == NULL)
return 0;
if (DetectUricontentMaxId(de_ctx) == 0)
return 0;
BUG_ON(sgh->init == NULL);
sgh->init->uri_content_size = (DetectUricontentMaxId(de_ctx) / 8) + 1;
sgh->init->uri_content_array = SCMalloc(sgh->init->uri_content_size);
if (sgh->init->uri_content_array == NULL)
return -1;
memset(sgh->init->uri_content_array, 0, sgh->init->uri_content_size);
for (sig = 0; sig < sgh->sig_cnt; sig++) {
s = sgh->match_array[sig];
if (s == NULL)
continue;
sm = s->sm_lists[DETECT_SM_LIST_UMATCH];
if (sm == NULL)
continue;
for ( ;sm != NULL; sm = sm->next) {
if (sm->type == DETECT_CONTENT) {
co = (DetectContentData *)sm->ctx;
sgh->init->uri_content_array[co->id / 8] |= 1 << (co->id % 8);
}
}
}
return 0;
}
/**
* \brief Clears the memory allocated by SigGroupHeadLoadUriContent() for the
* bitarray to hold the uri content ids for a SigGroupHead.
*
* \param Pointer to the SigGroupHead whose uri_content_array would to be
* cleared.
*
* \retval 0 Always.
*/
int SigGroupHeadClearUricontent(SigGroupHead *sh)
{
if (sh == NULL)
return 0;
if (sh->init->uri_content_array != NULL) {
SCFree(sh->init->uri_content_array);
sh->init->uri_content_array = NULL;
sh->init->uri_content_size = 0;
}
return 0;
}
/**
* \brief Loads all the content ids from all the contents belonging to all the
* Signatures in this SigGroupHead, into a bitarray. A fast and an
* efficient way of comparing pattern sets.
*
* \param de_ctx Pointer to the detection engine context.
* \param sgh Pointer to the SigGroupHead.
*
* \retval 0 On success, i.e. on either the detection engine context being NULL
* or on successfully allocating memory and updating it with relevant
* data.
* \retval -1 On failure.
*/
int SigGroupHeadLoadStreamContent(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
{
SCEnter();
Signature *s = NULL;
SigMatch *sm = NULL;
uint32_t sig = 0;
DetectContentData *co = NULL;
if (sgh == NULL) {
SCReturnInt(0);
}
if (DetectContentMaxId(de_ctx) == 0) {
SCReturnInt(0);
}
BUG_ON(sgh->init == NULL);
sgh->init->stream_content_size = (DetectContentMaxId(de_ctx) / 8) + 1;
sgh->init->stream_content_array = SCMalloc(sgh->init->stream_content_size);
if (sgh->init->stream_content_array == NULL) {
SCReturnInt(-1);
}
memset(sgh->init->stream_content_array,0, sgh->init->stream_content_size);
for (sig = 0; sig < sgh->sig_cnt; sig++) {
s = sgh->match_array[sig];
SCLogDebug("s %"PRIu32, s->id);
if (s == NULL)
continue;
if (SignatureHasPacketContent(s)) {
SCLogDebug("Sig has packet content");
continue;
}
sm = s->sm_lists[DETECT_SM_LIST_PMATCH];
if (sm == NULL)
continue;
for ( ;sm != NULL; sm = sm->next) {
if (sm->type == DETECT_CONTENT) {
co = (DetectContentData *)sm->ctx;
sgh->init->stream_content_array[co->id / 8] |= 1 << (co->id % 8);
}
}
}
SCReturnInt(0);
}
/**
* \brief Clears the memory allocated by SigGroupHeadLoadContent() for the
* bitarray to hold the content ids for a SigGroupHead.
*
* \param Pointer to the SigGroupHead whose content_array would to be cleared.
*
* \ret 0 Always.
*/
int SigGroupHeadClearStreamContent(SigGroupHead *sh)
{
if (sh == NULL)
return 0;
if (sh->init->stream_content_array != NULL) {
SCFree(sh->init->stream_content_array);
sh->init->stream_content_array = NULL;
sh->init->stream_content_size = 0;
}
return 0;
}
/**
* \brief Create an array with all the internal ids of the sigs that this
* sig group head will check for.
@ -1865,28 +1214,6 @@ static int SigGroupHeadTest01(void)
return result;
}
/**
* \test Check if a SigGroupHead mpm uri hash table is properly allocated and
* deallocated when calling SigGroupHeadMpmUriHashInit() and
* SigGroupHeadMpmUriHashFree() respectively.
*/
static int SigGroupHeadTest02(void)
{
int result = 1;
DetectEngineCtx de_ctx;
SigGroupHeadMpmUriHashInit(&de_ctx);
result &= (de_ctx.sgh_mpm_uri_hash_table != NULL);
SigGroupHeadMpmUriHashFree(&de_ctx);
result &= (de_ctx.sgh_mpm_uri_hash_table == NULL);
return result;
}
/**
* \test Check if a SigGroupHead hash table is properly allocated and
* deallocated when calling SigGroupHeadHashInit() and
@ -1931,28 +1258,6 @@ static int SigGroupHeadTest04(void)
return result;
}
/**
* \test Check if a SigGroupHead dport hash table is properly allocated and
* deallocated when calling SigGroupHeadSPortHashInit() and
* SigGroupHeadSportHashFree() respectively.
*/
static int SigGroupHeadTest05(void)
{
int result = 1;
DetectEngineCtx de_ctx;
SigGroupHeadSPortHashInit(&de_ctx);
result &= (de_ctx.sgh_sport_hash_table != NULL);
SigGroupHeadSPortHashFree(&de_ctx);
result &= (de_ctx.sgh_sport_hash_table == NULL);
return result;
}
/**
* \test Check if a SigGroupHeadAppendSig() correctly appends a sid to a
* SigGroupHead() and SigGroupHeadContainsSigId() correctly indicates
@ -2416,10 +1721,8 @@ void SigGroupHeadRegisterTests(void)
{
#ifdef UNITTESTS
UtRegisterTest("SigGroupHeadTest01", SigGroupHeadTest01, 1);
UtRegisterTest("SigGroupHeadTest02", SigGroupHeadTest02, 1);
UtRegisterTest("SigGroupHeadTest03", SigGroupHeadTest03, 1);
UtRegisterTest("SigGroupHeadTest04", SigGroupHeadTest04, 1);
UtRegisterTest("SigGroupHeadTest05", SigGroupHeadTest05, 1);
UtRegisterTest("SigGroupHeadTest06", SigGroupHeadTest06, 1);
UtRegisterTest("SigGroupHeadTest07", SigGroupHeadTest07, 1);
UtRegisterTest("SigGroupHeadTest08", SigGroupHeadTest08, 1);

19
src/detect-engine-siggroup.h
Unescape Escape View File

@ -30,46 +30,27 @@ int SigGroupHeadAppendSig(const DetectEngineCtx *, SigGroupHead **, const Signat
int SigGroupHeadClearSigs(SigGroupHead *);
int SigGroupHeadCopySigs(DetectEngineCtx *, SigGroupHead *, SigGroupHead **);
int SigGroupHeadLoadContent(DetectEngineCtx *, SigGroupHead *);
int SigGroupHeadLoadUricontent(DetectEngineCtx *, SigGroupHead *);
int SigGroupHeadLoadStreamContent(DetectEngineCtx *, SigGroupHead *);
int SigGroupHeadClearContent(SigGroupHead *);
int SigGroupHeadClearUricontent(SigGroupHead *);
int SigGroupHeadClearStreamContent(SigGroupHead *);
void SigGroupHeadFree(SigGroupHead *);
void SigGroupHeadFreeMpmArrays(DetectEngineCtx *);
SigGroupHead *SigGroupHeadHashLookup(DetectEngineCtx *, SigGroupHead *);
SigGroupHead *SigGroupHeadMpmHashLookup(DetectEngineCtx *, SigGroupHead *);
SigGroupHead *SigGroupHeadMpmUriHashLookup(DetectEngineCtx *, SigGroupHead *);
SigGroupHead *SigGroupHeadMpmStreamHashLookup(DetectEngineCtx *, SigGroupHead *);
SigGroupHead *SigGroupHeadDPortHashLookup(DetectEngineCtx *, SigGroupHead *);
SigGroupHead *SigGroupHeadSPortHashLookup(DetectEngineCtx *, SigGroupHead *);
int SigGroupHeadMpmHashAdd(DetectEngineCtx *, SigGroupHead *);
int SigGroupHeadMpmUriHashAdd(DetectEngineCtx *, SigGroupHead *);
int SigGroupHeadMpmStreamHashAdd(DetectEngineCtx *, SigGroupHead *);
int SigGroupHeadHashAdd(DetectEngineCtx *, SigGroupHead *);
int SigGroupHeadDPortHashAdd(DetectEngineCtx *, SigGroupHead *);
int SigGroupHeadSPortHashAdd(DetectEngineCtx *, SigGroupHead *);
void SigGroupHeadHashFree(DetectEngineCtx *);
void SigGroupHeadMpmHashFree(DetectEngineCtx *);
void SigGroupHeadMpmUriHashFree(DetectEngineCtx *);
void SigGroupHeadMpmStreamHashFree(DetectEngineCtx *);
void SigGroupHeadDPortHashFree(DetectEngineCtx *);
void SigGroupHeadSPortHashFree(DetectEngineCtx *);
int SigGroupHeadHashInit(DetectEngineCtx *);
int SigGroupHeadMpmHashInit(DetectEngineCtx *);
int SigGroupHeadMpmUriHashInit(DetectEngineCtx *);
int SigGroupHeadDPortHashInit(DetectEngineCtx *);
int SigGroupHeadSPortHashInit(DetectEngineCtx *);
int SigGroupHeadHashRemove(DetectEngineCtx *, SigGroupHead *);
int SigGroupHeadSPortHashRemove(DetectEngineCtx *, SigGroupHead *);
void SigGroupHeadInitDataFree(SigGroupHeadInitData *sghid);
void SigGroupHeadSetSigCnt(SigGroupHead *sgh, uint32_t max_idx);

15
src/detect-engine.c
Unescape Escape View File

@ -872,20 +872,11 @@ static DetectEngineCtx *DetectEngineCtxInitReal(int minimal, const char *prefix)
SigGroupHeadHashInit(de_ctx);
SigGroupHeadMpmHashInit(de_ctx);
SigGroupHeadMpmUriHashInit(de_ctx);
SigGroupHeadSPortHashInit(de_ctx);
SigGroupHeadDPortHashInit(de_ctx);
DetectPortSpHashInit(de_ctx);
DetectPortDpHashInit(de_ctx);
ThresholdHashInit(de_ctx);
VariableNameInitHash(de_ctx);
DetectParseDupSigHashInit(de_ctx);
de_ctx->mpm_pattern_id_store = MpmPatternIdTableInitHash();
if (de_ctx->mpm_pattern_id_store == NULL) {
goto error;
}
/* init iprep... ignore errors for now */
(void)SRepInit(de_ctx);
@ -964,17 +955,11 @@ void DetectEngineCtxFree(DetectEngineCtx *de_ctx)
/* Normally the hashes are freed elsewhere, but
* to be sure look at them again here.
*/
MpmPatternIdTableFreeHash(de_ctx->mpm_pattern_id_store); /* normally cleaned up in SigGroupBuild */
SigGroupHeadHashFree(de_ctx);
SigGroupHeadMpmHashFree(de_ctx);
SigGroupHeadMpmUriHashFree(de_ctx);
SigGroupHeadSPortHashFree(de_ctx);
SigGroupHeadDPortHashFree(de_ctx);
DetectParseDupSigHashFree(de_ctx);
SCSigSignatureOrderingModuleCleanup(de_ctx);
DetectPortSpHashFree(de_ctx);
DetectPortDpHashFree(de_ctx);
ThresholdContextDestroy(de_ctx);
SigCleanSignatures(de_ctx);

9
src/detect-uricontent.c
Unescape Escape View File

@ -82,15 +82,6 @@ void DetectUricontentRegister (void)
sigmatch_table[DETECT_URICONTENT].flags |= SIGMATCH_PAYLOAD;
}
/**
* \brief pass on the uricontent_max_id
* \param de_ctx pointer to the detect egine context whose max id is asked
*/
uint32_t DetectUricontentMaxId(DetectEngineCtx *de_ctx)
{
return MpmPatternIdStoreGetMaxId(de_ctx->mpm_pattern_id_store);
}
/**
* \brief this function will Free memory associated with DetectContentData
*

4
src/detect.c
Unescape Escape View File

@ -3563,11 +3563,7 @@ int SigAddressPrepareStage4(DetectEngineCtx *de_ctx)
* after the initialization phase. */
SigGroupHeadHashFree(de_ctx);
SigGroupHeadDPortHashFree(de_ctx);
SigGroupHeadSPortHashFree(de_ctx);
SigGroupHeadMpmHashFree(de_ctx);
SigGroupHeadMpmUriHashFree(de_ctx);
DetectPortDpHashFree(de_ctx);
DetectPortSpHashFree(de_ctx);
SCFree(de_ctx->sgh_array);
de_ctx->sgh_array_cnt = 0;

10
src/detect.h
Unescape Escape View File

@ -607,15 +607,9 @@ typedef struct DetectEngineCtx_ {
HashListTable *sgh_hash_table;
HashListTable *sgh_mpm_hash_table;
HashListTable *sgh_mpm_uri_hash_table;
HashListTable *sgh_mpm_stream_hash_table;
HashListTable *sgh_sport_hash_table;
HashListTable *sgh_dport_hash_table;
HashListTable *sport_hash_table;
HashListTable *dport_hash_table;
HashListTable *variable_names;
HashListTable *variable_idxs;
uint16_t variable_names_idx;
@ -969,10 +963,6 @@ typedef struct SigGroupHeadInitData_ {
/* list of content containers */
uint8_t *content_array;
uint32_t content_size;
uint8_t *uri_content_array;
uint32_t uri_content_size;
uint8_t *stream_content_array;
uint32_t stream_content_size;
uint8_t *sig_array; /**< bit array of sig nums (internal id's) */
uint32_t sig_size; /**< size in bytes */

Write Preview
Loading…
Cancel
Save