aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect: move init only Signature members to init_data

Browse Source
pull/2559/head
Victor Julien 9 years ago
parent 0a5ae415b8
commit f370e88135
36 changed files with 378 additions and 386 deletions
Show Stats Download Patch File Download Diff File

2
src/detect-base64-data.c
Unescape Escape View File

@ -66,7 +66,7 @@ static int DetectBase64DataSetup(DetectEngineCtx *de_ctx, Signature *s,
return -1; return -1;
} }
s->list = DETECT_SM_LIST_BASE64_DATA; s->init_data->list = DETECT_SM_LIST_BASE64_DATA;
return 0; return 0;
} }

4
src/detect-base64-decode.c
Unescape Escape View File

@ -192,8 +192,8 @@ static int DetectBase64DecodeSetup(DetectEngineCtx *de_ctx, Signature *s,
data->offset = offset; data->offset = offset;
data->relative = relative; data->relative = relative;
if (s->list != DETECT_SM_LIST_NOTSET) { if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
sm_list = s->list; sm_list = s->init_data->list;
#if 0 #if 0
if (data->relative) { if (data->relative) {
pm = SigMatchGetLastSMFromLists(s, 4, pm = SigMatchGetLastSMFromLists(s, 4,

6
src/detect-byte-extract.c
Unescape Escape View File

@ -519,8 +519,8 @@ static int DetectByteExtractSetup(DetectEngineCtx *de_ctx, Signature *s, char *a
goto error; goto error;
int sm_list; int sm_list;
if (s->list != DETECT_SM_LIST_NOTSET) { if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
if (s->list == DETECT_SM_LIST_FILEDATA) { if (s->init_data->list == DETECT_SM_LIST_FILEDATA) {
if (data->endian == DETECT_BYTE_EXTRACT_ENDIAN_DCE) { if (data->endian == DETECT_BYTE_EXTRACT_ENDIAN_DCE) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "dce byte_extract specified " SCLogError(SC_ERR_INVALID_SIGNATURE, "dce byte_extract specified "
"with file_data option set."); "with file_data option set.");
@ -528,7 +528,7 @@ static int DetectByteExtractSetup(DetectEngineCtx *de_ctx, Signature *s, char *a
} }
AppLayerHtpEnableResponseBodyCallback(); AppLayerHtpEnableResponseBodyCallback();
} }
sm_list = s->list; sm_list = s->init_data->list;
s->flags |= SIG_FLAG_APPLAYER; s->flags |= SIG_FLAG_APPLAYER;
if (data->flags & DETECT_BYTE_EXTRACT_FLAG_RELATIVE) { if (data->flags & DETECT_BYTE_EXTRACT_FLAG_RELATIVE) {
prev_pm = SigMatchGetLastSMFromLists(s, 4, prev_pm = SigMatchGetLastSMFromLists(s, 4,

6
src/detect-bytejump.c
Unescape Escape View File

@ -518,8 +518,8 @@ static int DetectBytejumpSetup(DetectEngineCtx *de_ctx, Signature *s, char *opts
goto error; goto error;
int sm_list; int sm_list;
if (s->list != DETECT_SM_LIST_NOTSET) { if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
if (s->list == DETECT_SM_LIST_FILEDATA) { if (s->init_data->list == DETECT_SM_LIST_FILEDATA) {
if (data->flags & DETECT_BYTEJUMP_DCE) { if (data->flags & DETECT_BYTEJUMP_DCE) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "dce bytejump specified " SCLogError(SC_ERR_INVALID_SIGNATURE, "dce bytejump specified "
"with file_data option set."); "with file_data option set.");
@ -527,7 +527,7 @@ static int DetectBytejumpSetup(DetectEngineCtx *de_ctx, Signature *s, char *opts
} }
AppLayerHtpEnableResponseBodyCallback(); AppLayerHtpEnableResponseBodyCallback();
} }
sm_list = s->list; sm_list = s->init_data->list;
s->flags |= SIG_FLAG_APPLAYER; s->flags |= SIG_FLAG_APPLAYER;
if (data->flags & DETECT_BYTEJUMP_RELATIVE) { if (data->flags & DETECT_BYTEJUMP_RELATIVE) {
prev_pm = SigMatchGetLastSMFromLists(s, 4, prev_pm = SigMatchGetLastSMFromLists(s, 4,

6
src/detect-bytetest.c
Unescape Escape View File

@ -445,8 +445,8 @@ static int DetectBytetestSetup(DetectEngineCtx *de_ctx, Signature *s, char *opts
goto error; goto error;
int sm_list; int sm_list;
if (s->list != DETECT_SM_LIST_NOTSET) { if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
if (s->list == DETECT_SM_LIST_FILEDATA) { if (s->init_data->list == DETECT_SM_LIST_FILEDATA) {
if (data->flags & DETECT_BYTETEST_DCE) { if (data->flags & DETECT_BYTETEST_DCE) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "dce bytetest specified " SCLogError(SC_ERR_INVALID_SIGNATURE, "dce bytetest specified "
"with file_data option set."); "with file_data option set.");
@ -454,7 +454,7 @@ static int DetectBytetestSetup(DetectEngineCtx *de_ctx, Signature *s, char *opts
} }
AppLayerHtpEnableResponseBodyCallback(); AppLayerHtpEnableResponseBodyCallback();
} }
sm_list = s->list; sm_list = s->init_data->list;
s->flags |= SIG_FLAG_APPLAYER; s->flags |= SIG_FLAG_APPLAYER;
if (data->flags & DETECT_BYTETEST_RELATIVE) { if (data->flags & DETECT_BYTETEST_RELATIVE) {
prev_pm = SigMatchGetLastSMFromLists(s, 4, prev_pm = SigMatchGetLastSMFromLists(s, 4,

6
src/detect-content.c
Unescape Escape View File

@ -386,14 +386,14 @@ int DetectContentSetup(DetectEngineCtx *de_ctx, Signature *s, char *contentstr)
DetectContentPrint(cd); DetectContentPrint(cd);
int sm_list; int sm_list;
if (s->list != DETECT_SM_LIST_NOTSET) { if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
if (s->list == DETECT_SM_LIST_FILEDATA && s->alproto == ALPROTO_HTTP) { if (s->init_data->list == DETECT_SM_LIST_FILEDATA && s->alproto == ALPROTO_HTTP) {
AppLayerHtpEnableResponseBodyCallback(); AppLayerHtpEnableResponseBodyCallback();
s->alproto = ALPROTO_HTTP; s->alproto = ALPROTO_HTTP;
} }
s->flags |= SIG_FLAG_APPLAYER; s->flags |= SIG_FLAG_APPLAYER;
sm_list = s->list; sm_list = s->init_data->list;
} else { } else {
sm_list = DETECT_SM_LIST_PMATCH; sm_list = DETECT_SM_LIST_PMATCH;
} }

2
src/detect-dce-stub-data.c
Unescape Escape View File

@ -90,7 +90,7 @@ static int DetectDceStubDataSetup(DetectEngineCtx *de_ctx, Signature *s, char *a
goto error; goto error;
} }
s->list = DETECT_SM_LIST_DMATCH; s->init_data->list = DETECT_SM_LIST_DMATCH;
s->alproto = ALPROTO_DCERPC; s->alproto = ALPROTO_DCERPC;
s->flags |= SIG_FLAG_APPLAYER; s->flags |= SIG_FLAG_APPLAYER;
return 0; return 0;

4
src/detect-depth.c
Unescape Escape View File

@ -74,8 +74,8 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, char *depths
} }
/* retrive the sm to apply the depth against */ /* retrive the sm to apply the depth against */
if (s->list != DETECT_SM_LIST_NOTSET) { if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->init_data->smlists_tail[s->list]); pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->init_data->smlists_tail[s->init_data->list]);
} else { } else {
pm = SigMatchGetLastSMFromLists(s, 28, pm = SigMatchGetLastSMFromLists(s, 28,
DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],

4
src/detect-distance.c
Unescape Escape View File

@ -81,8 +81,8 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s,
} }
/* retrive the sm to apply the depth against */ /* retrive the sm to apply the depth against */
if (s->list != DETECT_SM_LIST_NOTSET) { if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->init_data->smlists_tail[s->list]); pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->init_data->smlists_tail[s->init_data->list]);
} else { } else {
pm = SigMatchGetLastSMFromLists(s, 28, pm = SigMatchGetLastSMFromLists(s, 28,
DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],

2
src/detect-dnp3.c
Unescape Escape View File

@ -526,7 +526,7 @@ static void DetectDNP3ObjRegister(void)
static int DetectDNP3DataSetup(DetectEngineCtx *de_ctx, Signature *s, char *str) static int DetectDNP3DataSetup(DetectEngineCtx *de_ctx, Signature *s, char *str)
{ {
SCEnter(); SCEnter();
s->list = DETECT_SM_LIST_DNP3_DATA_MATCH; s->init_data->list = DETECT_SM_LIST_DNP3_DATA_MATCH;
s->alproto = ALPROTO_DNP3; s->alproto = ALPROTO_DNP3;
SCReturnInt(0); SCReturnInt(0);
} }

2
src/detect-dns-query.c
Unescape Escape View File

@ -108,7 +108,7 @@ void DetectDnsQueryRegister (void)
static int DetectDnsQuerySetup(DetectEngineCtx *de_ctx, Signature *s, char *str) static int DetectDnsQuerySetup(DetectEngineCtx *de_ctx, Signature *s, char *str)
{ {
s->list = DETECT_SM_LIST_DNSQUERYNAME_MATCH; s->init_data->list = DETECT_SM_LIST_DNSQUERYNAME_MATCH;
s->alproto = ALPROTO_DNS; s->alproto = ALPROTO_DNS;
return 0; return 0;
} }

4
src/detect-dsize.c
Unescape Escape View File

@ -292,8 +292,8 @@ static int DetectDsizeSetup (DetectEngineCtx *de_ctx, Signature *s, char *rawstr
s->flags |= SIG_FLAG_REQUIRE_PACKET; s->flags |= SIG_FLAG_REQUIRE_PACKET;
s->flags |= SIG_FLAG_DSIZE; s->flags |= SIG_FLAG_DSIZE;
if (s->dsize_sm == NULL) { if (s->init_data->dsize_sm == NULL) {
s->dsize_sm = sm; s->init_data->dsize_sm = sm;
} }
return 0; return 0;

18
src/detect-engine-analyzer.c
Unescape Escape View File

@ -77,7 +77,7 @@ void EngineAnalysisFP(Signature *s, char *line)
int fast_pattern_only_set = 0; int fast_pattern_only_set = 0;
int fast_pattern_chop_set = 0; int fast_pattern_chop_set = 0;
DetectContentData *fp_cd = NULL; DetectContentData *fp_cd = NULL;
SigMatch *mpm_sm = s->mpm_sm; SigMatch *mpm_sm = s->init_data->mpm_sm;
if (mpm_sm != NULL) { if (mpm_sm != NULL) {
fp_cd = (DetectContentData *)mpm_sm->ctx; fp_cd = (DetectContentData *)mpm_sm->ctx;
@ -95,9 +95,9 @@ void EngineAnalysisFP(Signature *s, char *line)
fprintf(fp_engine_analysis_FD, "%s\n", line); fprintf(fp_engine_analysis_FD, "%s\n", line);
fprintf(fp_engine_analysis_FD, " Fast Pattern analysis:\n"); fprintf(fp_engine_analysis_FD, " Fast Pattern analysis:\n");
if (s->prefilter_sm != NULL) { if (s->init_data->prefilter_sm != NULL) {
fprintf(fp_engine_analysis_FD, " Prefilter on: %s\n", fprintf(fp_engine_analysis_FD, " Prefilter on: %s\n",
sigmatch_table[s->prefilter_sm->type].name); sigmatch_table[s->init_data->prefilter_sm->type].name);
fprintf(fp_engine_analysis_FD, "\n"); fprintf(fp_engine_analysis_FD, "\n");
return; return;
} }
@ -412,7 +412,7 @@ int PerCentEncodingMatch (uint8_t *content, uint8_t content_len)
static void EngineAnalysisRulesPrintFP(const Signature *s) static void EngineAnalysisRulesPrintFP(const Signature *s)
{ {
DetectContentData *fp_cd = NULL; DetectContentData *fp_cd = NULL;
SigMatch *mpm_sm = s->mpm_sm; SigMatch *mpm_sm = s->init_data->mpm_sm;
if (mpm_sm != NULL) { if (mpm_sm != NULL) {
fp_cd = (DetectContentData *)mpm_sm->ctx; fp_cd = (DetectContentData *)mpm_sm->ctx;
@ -574,7 +574,7 @@ void EngineAnalysisRules(const Signature *s, const char *line)
uint32_t warn_no_direction = 0; uint32_t warn_no_direction = 0;
uint32_t warn_both_direction = 0; uint32_t warn_both_direction = 0;
if (s->init_flags & SIG_FLAG_INIT_BIDIREC) { if (s->init_data->init_flags & SIG_FLAG_INIT_BIDIREC) {
rule_bidirectional = 1; rule_bidirectional = 1;
} }
@ -822,8 +822,8 @@ void EngineAnalysisRules(const Signature *s, const char *line)
rule_warning += 1; rule_warning += 1;
warn_offset_depth_alproto = 1; warn_offset_depth_alproto = 1;
} }
if (s->mpm_sm != NULL && s->alproto == ALPROTO_HTTP && if (s->init_data->mpm_sm != NULL && s->alproto == ALPROTO_HTTP &&
SigMatchListSMBelongsTo(s, s->mpm_sm) == DETECT_SM_LIST_PMATCH) { SigMatchListSMBelongsTo(s, s->init_data->mpm_sm) == DETECT_SM_LIST_PMATCH) {
rule_warning += 1; rule_warning += 1;
warn_non_alproto_fp_for_alproto_sig = 1; warn_non_alproto_fp_for_alproto_sig = 1;
} }
@ -868,9 +868,9 @@ void EngineAnalysisRules(const Signature *s, const char *line)
} }
/* print fast pattern info */ /* print fast pattern info */
if (s->prefilter_sm) { if (s->init_data->prefilter_sm) {
fprintf(rule_engine_analysis_FD, " Prefilter on: %s.\n", fprintf(rule_engine_analysis_FD, " Prefilter on: %s.\n",
sigmatch_table[s->prefilter_sm->type].name); sigmatch_table[s->init_data->prefilter_sm->type].name);
} else { } else {
EngineAnalysisRulesPrintFP(s); EngineAnalysisRulesPrintFP(s);
} }

28
src/detect-engine-mpm.c
Unescape Escape View File

@ -534,13 +534,13 @@ static void SetMpm(Signature *s, SigMatch *mpm_sm)
cd->flags |= DETECT_CONTENT_NO_DOUBLE_INSPECTION_REQUIRED; cd->flags |= DETECT_CONTENT_NO_DOUBLE_INSPECTION_REQUIRED;
} }
} }
s->mpm_sm = mpm_sm; s->init_data->mpm_sm = mpm_sm;
return; return;
} }
void RetrieveFPForSig(Signature *s) void RetrieveFPForSig(Signature *s)
{ {
if (s->mpm_sm != NULL) if (s->init_data->mpm_sm != NULL)
return; return;
SigMatch *mpm_sm = NULL, *sm = NULL; SigMatch *mpm_sm = NULL, *sm = NULL;
@ -927,9 +927,9 @@ void MpmStoreSetup(const DetectEngineCtx *de_ctx, MpmStore *ms)
s = de_ctx->sig_array[sig]; s = de_ctx->sig_array[sig];
if (s == NULL) if (s == NULL)
continue; continue;
if (s->mpm_sm == NULL) if (s->init_data->mpm_sm == NULL)
continue; continue;
int list = SigMatchListSMBelongsTo(s, s->mpm_sm); int list = SigMatchListSMBelongsTo(s, s->init_data->mpm_sm);
if (list < 0) if (list < 0)
continue; continue;
if (list != ms->sm_list) if (list != ms->sm_list)
@ -939,7 +939,7 @@ void MpmStoreSetup(const DetectEngineCtx *de_ctx, MpmStore *ms)
SCLogDebug("adding %u", s->id); SCLogDebug("adding %u", s->id);
const DetectContentData *cd = (DetectContentData *)s->mpm_sm->ctx; const DetectContentData *cd = (DetectContentData *)s->init_data->mpm_sm->ctx;
int skip = 0; int skip = 0;
/* negated logic: if mpm match can't be used to be sure about this /* negated logic: if mpm match can't be used to be sure about this
@ -1036,10 +1036,10 @@ MpmStore *MpmStorePrepareBuffer(DetectEngineCtx *de_ctx, SigGroupHead *sgh,
if (s == NULL) if (s == NULL)
continue; continue;
if (s->mpm_sm == NULL) if (s->init_data->mpm_sm == NULL)
continue; continue;
int list = SigMatchListSMBelongsTo(s, s->mpm_sm); int list = SigMatchListSMBelongsTo(s, s->init_data->mpm_sm);
if (list < 0) if (list < 0)
continue; continue;
@ -1128,10 +1128,10 @@ static MpmStore *MpmStorePrepareBufferAppLayer(DetectEngineCtx *de_ctx,
if (s == NULL) if (s == NULL)
continue; continue;
if (s->mpm_sm == NULL) if (s->init_data->mpm_sm == NULL)
continue; continue;
int list = SigMatchListSMBelongsTo(s, s->mpm_sm); int list = SigMatchListSMBelongsTo(s, s->init_data->mpm_sm);
if (list < 0) if (list < 0)
continue; continue;
@ -1303,8 +1303,8 @@ int DetectSetFastPatternAndItsId(DetectEngineCtx *de_ctx)
continue; continue;
RetrieveFPForSig(s); RetrieveFPForSig(s);
if (s->mpm_sm != NULL) { if (s->init_data->mpm_sm != NULL) {
DetectContentData *cd = (DetectContentData *)s->mpm_sm->ctx; DetectContentData *cd = (DetectContentData *)s->init_data->mpm_sm->ctx;
struct_total_size += sizeof(DetectFPAndItsId); struct_total_size += sizeof(DetectFPAndItsId);
content_total_size += cd->content_len; content_total_size += cd->content_len;
@ -1327,11 +1327,11 @@ int DetectSetFastPatternAndItsId(DetectEngineCtx *de_ctx)
uint8_t *content_offset = ahb + struct_total_size; uint8_t *content_offset = ahb + struct_total_size;
for (s = de_ctx->sig_list; s != NULL; s = s->next) { for (s = de_ctx->sig_list; s != NULL; s = s->next) {
if (s->mpm_sm != NULL) { if (s->init_data->mpm_sm != NULL) {
int sm_list = SigMatchListSMBelongsTo(s, s->mpm_sm); int sm_list = SigMatchListSMBelongsTo(s, s->init_data->mpm_sm);
BUG_ON(sm_list == -1); BUG_ON(sm_list == -1);
DetectContentData *cd = (DetectContentData *)s->mpm_sm->ctx; DetectContentData *cd = (DetectContentData *)s->init_data->mpm_sm->ctx;
DetectFPAndItsId *dup = (DetectFPAndItsId *)ahb; DetectFPAndItsId *dup = (DetectFPAndItsId *)ahb;
if (cd->flags & DETECT_CONTENT_FAST_PATTERN_CHOP) { if (cd->flags & DETECT_CONTENT_FAST_PATTERN_CHOP) {
content = cd->content + cd->fp_chop_offset; content = cd->content + cd->fp_chop_offset;

14
src/detect-engine-prefilter-common.c
Unescape Escape View File

@ -121,14 +121,14 @@ SetupEngineForPacketHeader(SigGroupHead *sgh, int sm_type,
s = sgh->match_array[sig]; s = sgh->match_array[sig];
if (s == NULL) if (s == NULL)
continue; continue;
if (s->prefilter_sm == NULL || s->prefilter_sm->type != sm_type) if (s->init_data->prefilter_sm == NULL || s->init_data->prefilter_sm->type != sm_type)
continue; continue;
uint16_t type = 0; uint16_t type = 0;
uint16_t value = 0; uint16_t value = 0;
GetExtraMatch(s, &type, &value); GetExtraMatch(s, &type, &value);
if (Compare(ctx->v1, s->prefilter_sm->ctx) && if (Compare(ctx->v1, s->init_data->prefilter_sm->ctx) &&
ctx->type == type && ctx->value == value) ctx->type == type && ctx->value == value)
{ {
SCLogDebug("appending sid %u on %u", s->id, sig_offset); SCLogDebug("appending sid %u on %u", s->id, sig_offset);
@ -227,12 +227,12 @@ SetupEngineForPacketHeaderPrefilterPacketU8HashCtx(SigGroupHead *sgh, int sm_typ
s = sgh->match_array[sig]; s = sgh->match_array[sig];
if (s == NULL) if (s == NULL)
continue; continue;
if (s->prefilter_sm == NULL || s->prefilter_sm->type != sm_type) if (s->init_data->prefilter_sm == NULL || s->init_data->prefilter_sm->type != sm_type)
continue; continue;
PrefilterPacketHeaderValue v; PrefilterPacketHeaderValue v;
memset(&v, 0, sizeof(v)); memset(&v, 0, sizeof(v));
Set(&v, s->prefilter_sm->ctx); Set(&v, s->init_data->prefilter_sm->ctx);
ApplyToU8Hash(ctx, v, s); ApplyToU8Hash(ctx, v, s);
s->flags |= SIG_FLAG_PREFILTER; s->flags |= SIG_FLAG_PREFILTER;
@ -348,12 +348,12 @@ static int PrefilterSetupPacketHeaderCommon(SigGroupHead *sgh, int sm_type,
s = sgh->match_array[sig]; s = sgh->match_array[sig];
if (s == NULL) if (s == NULL)
continue; continue;
if (s->prefilter_sm == NULL || s->prefilter_sm->type != sm_type) if (s->init_data->prefilter_sm == NULL || s->init_data->prefilter_sm->type != sm_type)
continue; continue;
PrefilterPacketHeaderHashCtx ctx; PrefilterPacketHeaderHashCtx ctx;
memset(&ctx, 0, sizeof(ctx)); memset(&ctx, 0, sizeof(ctx));
Set(&ctx.v1, s->prefilter_sm->ctx); Set(&ctx.v1, s->init_data->prefilter_sm->ctx);
GetExtraMatch(s, &ctx.type, &ctx.value); GetExtraMatch(s, &ctx.type, &ctx.value);
@ -365,7 +365,7 @@ static int PrefilterSetupPacketHeaderCommon(SigGroupHead *sgh, int sm_type,
if (actx == NULL) if (actx == NULL)
goto error; goto error;
Set(&actx->v1, s->prefilter_sm->ctx); Set(&actx->v1, s->init_data->prefilter_sm->ctx);
actx->cnt = 1; actx->cnt = 1;
actx->type = ctx.type; actx->type = ctx.type;
actx->value = ctx.value; actx->value = ctx.value;

5
src/detect-engine-profile.c
Unescape Escape View File

@ -33,6 +33,7 @@
#ifdef PROFILING #ifdef PROFILING
#ifdef HAVE_LIBJANSSON #ifdef HAVE_LIBJANSSON
#if 0
static void DumpFp(const SigMatch *sm, char *pat_orig, uint32_t pat_orig_sz, char *pat_chop, uint32_t pat_chop_sz) static void DumpFp(const SigMatch *sm, char *pat_orig, uint32_t pat_orig_sz, char *pat_chop, uint32_t pat_chop_sz)
{ {
int fast_pattern_chop_set = 0; int fast_pattern_chop_set = 0;
@ -52,6 +53,7 @@ static void DumpFp(const SigMatch *sm, char *pat_orig, uint32_t pat_orig_sz, cha
PrintRawUriBuf(pat_chop, &off, pat_chop_sz, cd->content + cd->fp_chop_offset, cd->fp_chop_len); PrintRawUriBuf(pat_chop, &off, pat_chop_sz, cd->content + cd->fp_chop_offset, cd->fp_chop_len);
} }
} }
#endif
SCMutex g_rule_dump_write_m = SCMUTEX_INITIALIZER; SCMutex g_rule_dump_write_m = SCMUTEX_INITIALIZER;
void RulesDumpMatchArray(const DetectEngineThreadCtx *det_ctx, const Packet *p) void RulesDumpMatchArray(const DetectEngineThreadCtx *det_ctx, const Packet *p)
@ -78,7 +80,7 @@ void RulesDumpMatchArray(const DetectEngineThreadCtx *det_ctx, const Packet *p)
if (unlikely(js == NULL)) if (unlikely(js == NULL))
continue; continue;
json_object_set_new(js_sig, "sig_id", json_integer(s->id)); json_object_set_new(js_sig, "sig_id", json_integer(s->id));
#if 0
json_object_set_new(js_sig, "mpm", (s->mpm_sm != NULL) ? json_true() : json_false()); json_object_set_new(js_sig, "mpm", (s->mpm_sm != NULL) ? json_true() : json_false());
if (s->mpm_sm != NULL) { if (s->mpm_sm != NULL) {
@ -94,6 +96,7 @@ void RulesDumpMatchArray(const DetectEngineThreadCtx *det_ctx, const Packet *p)
json_object_set_new(js_sig, "mpm_pattern_chop", json_string(chop)); json_object_set_new(js_sig, "mpm_pattern_chop", json_string(chop));
} }
} }
#endif
json_array_append_new(js_array, js_sig); json_array_append_new(js_array, js_sig);
} }

6
src/detect-file-data.c
Unescape Escape View File

@ -100,21 +100,21 @@ static int DetectFiledataSetup (DetectEngineCtx *de_ctx, Signature *s, char *str
return -1; return -1;
} }
if (s->alproto == ALPROTO_HTTP && (s->init_flags & SIG_FLAG_INIT_FLOW) && if (s->alproto == ALPROTO_HTTP && (s->init_data->init_flags & SIG_FLAG_INIT_FLOW) &&
(s->flags & SIG_FLAG_TOSERVER) && !(s->flags & SIG_FLAG_TOCLIENT)) { (s->flags & SIG_FLAG_TOSERVER) && !(s->flags & SIG_FLAG_TOCLIENT)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Can't use file_data with " SCLogError(SC_ERR_INVALID_SIGNATURE, "Can't use file_data with "
"flow:to_server or flow:from_client with http."); "flow:to_server or flow:from_client with http.");
return -1; return -1;
} }
if (s->alproto == ALPROTO_SMTP && (s->init_flags & SIG_FLAG_INIT_FLOW) && if (s->alproto == ALPROTO_SMTP && (s->init_data->init_flags & SIG_FLAG_INIT_FLOW) &&
!(s->flags & SIG_FLAG_TOSERVER) && (s->flags & SIG_FLAG_TOCLIENT)) { !(s->flags & SIG_FLAG_TOSERVER) && (s->flags & SIG_FLAG_TOCLIENT)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Can't use file_data with " SCLogError(SC_ERR_INVALID_SIGNATURE, "Can't use file_data with "
"flow:to_client or flow:from_server with smtp."); "flow:to_client or flow:from_server with smtp.");
return -1; return -1;
} }
s->list = DETECT_SM_LIST_FILEDATA; s->init_data->list = DETECT_SM_LIST_FILEDATA;
return 0; return 0;
} }

4
src/detect-flow.c
Unescape Escape View File

@ -336,7 +336,7 @@ int DetectFlowSetup (DetectEngineCtx *de_ctx, Signature *s, char *flowstr)
goto error; goto error;
/*ensure only one flow option*/ /*ensure only one flow option*/
if (s->init_flags & SIG_FLAG_INIT_FLOW) { if (s->init_data->init_flags & SIG_FLAG_INIT_FLOW) {
SCLogError (SC_ERR_INVALID_SIGNATURE, "A signature may have only one flow option."); SCLogError (SC_ERR_INVALID_SIGNATURE, "A signature may have only one flow option.");
goto error; goto error;
} }
@ -367,7 +367,7 @@ int DetectFlowSetup (DetectEngineCtx *de_ctx, Signature *s, char *flowstr)
if (fd->flags & DETECT_FLOW_FLAG_NOSTREAM) { if (fd->flags & DETECT_FLOW_FLAG_NOSTREAM) {
s->flags |= SIG_FLAG_REQUIRE_PACKET; s->flags |= SIG_FLAG_REQUIRE_PACKET;
} else { } else {
s->init_flags |= SIG_FLAG_INIT_FLOW; s->init_data->init_flags |= SIG_FLAG_INIT_FLOW;
} }
return 0; return 0;

2
src/detect-http-request-line.c
Unescape Escape View File

@ -111,7 +111,7 @@ void DetectHttpRequestLineRegister(void)
*/ */
int DetectHttpRequestLineSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg) int DetectHttpRequestLineSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg)
{ {
s->list = DETECT_SM_LIST_HTTP_REQLINEMATCH; s->init_data->list = DETECT_SM_LIST_HTTP_REQLINEMATCH;
s->alproto = ALPROTO_HTTP; s->alproto = ALPROTO_HTTP;
return 0; return 0;
} }

2
src/detect-http-response-line.c
Unescape Escape View File

@ -111,7 +111,7 @@ void DetectHttpResponseLineRegister(void)
*/ */
int DetectHttpResponseLineSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg) int DetectHttpResponseLineSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg)
{ {
s->list = DETECT_SM_LIST_HTTP_RESLINEMATCH; s->init_data->list = DETECT_SM_LIST_HTTP_RESLINEMATCH;
s->alproto = ALPROTO_HTTP; s->alproto = ALPROTO_HTTP;
return 0; return 0;
} }

398
src/detect-ipproto.c
View File

File diff suppressed because it is too large Load Diff

6
src/detect-isdataat.c
Unescape Escape View File

@ -210,12 +210,12 @@ int DetectIsdataatSetup (DetectEngineCtx *de_ctx, Signature *s, char *isdataatst
return -1; return -1;
int sm_list; int sm_list;
if (s->list != DETECT_SM_LIST_NOTSET) { if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
if (s->list == DETECT_SM_LIST_FILEDATA) { if (s->init_data->list == DETECT_SM_LIST_FILEDATA) {
AppLayerHtpEnableResponseBodyCallback(); AppLayerHtpEnableResponseBodyCallback();
s->alproto = ALPROTO_HTTP; s->alproto = ALPROTO_HTTP;
} }
sm_list = s->list; sm_list = s->init_data->list;
s->flags |= SIG_FLAG_APPLAYER; s->flags |= SIG_FLAG_APPLAYER;
if (idad->flags & ISDATAAT_RELATIVE) { if (idad->flags & ISDATAAT_RELATIVE) {
prev_pm = SigMatchGetLastSMFromLists(s, 4, prev_pm = SigMatchGetLastSMFromLists(s, 4,

4
src/detect-nocase.c
Unescape Escape View File

@ -80,8 +80,8 @@ static int DetectNocaseSetup (DetectEngineCtx *de_ctx, Signature *s, char *nulls
} }
/* retrive the sm to apply the depth against */ /* retrive the sm to apply the depth against */
if (s->list != DETECT_SM_LIST_NOTSET) { if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->init_data->smlists_tail[s->list]); pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->init_data->smlists_tail[s->init_data->list]);
} else { } else {
pm = SigMatchGetLastSMFromLists(s, 28, pm = SigMatchGetLastSMFromLists(s, 28,
DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],

4
src/detect-offset.c
Unescape Escape View File

@ -73,8 +73,8 @@ int DetectOffsetSetup (DetectEngineCtx *de_ctx, Signature *s, char *offsetstr)
} }
/* retrive the sm to apply the depth against */ /* retrive the sm to apply the depth against */
if (s->list != DETECT_SM_LIST_NOTSET) { if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->init_data->smlists_tail[s->list]); pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->init_data->smlists_tail[s->init_data->list]);
} else { } else {
pm = SigMatchGetLastSMFromLists(s, 28, pm = SigMatchGetLastSMFromLists(s, 28,
DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],

58
src/detect-parse.c
Unescape Escape View File

@ -233,7 +233,7 @@ int DetectEngineContentModifierBufferSetup(DetectEngineCtx *de_ctx, Signature *s
goto end; goto end;
} }
if (s->list != DETECT_SM_LIST_NOTSET) { if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "\"%s\" keyword seen " SCLogError(SC_ERR_INVALID_SIGNATURE, "\"%s\" keyword seen "
"with a sticky buffer still set. Reset sticky buffer " "with a sticky buffer still set. Reset sticky buffer "
"with pkt_data before using the modifier.", "with pkt_data before using the modifier.",
@ -379,8 +379,8 @@ void SigMatchAppendSMToList(Signature *s, SigMatch *new, int list)
s->init_data->smlists_tail[list] = new; s->init_data->smlists_tail[list] = new;
} }
new->idx = s->sm_cnt; new->idx = s->init_data->sm_cnt;
s->sm_cnt++; s->init_data->sm_cnt++;
} }
void SigMatchRemoveSMFromList(Signature *s, SigMatch *sm, int sm_list) void SigMatchRemoveSMFromList(Signature *s, SigMatch *sm, int sm_list)
@ -680,15 +680,15 @@ static int SigParseAddress(DetectEngineCtx *de_ctx,
if (strcasecmp(addrstr, "any") == 0) if (strcasecmp(addrstr, "any") == 0)
s->flags |= SIG_FLAG_SRC_ANY; s->flags |= SIG_FLAG_SRC_ANY;
s->src = DetectParseAddress(de_ctx, addrstr); s->init_data->src = DetectParseAddress(de_ctx, addrstr);
if (s->src == NULL) if (s->init_data->src == NULL)
goto error; goto error;
} else { } else {
if (strcasecmp(addrstr, "any") == 0) if (strcasecmp(addrstr, "any") == 0)
s->flags |= SIG_FLAG_DST_ANY; s->flags |= SIG_FLAG_DST_ANY;
s->dst = DetectParseAddress(de_ctx, addrstr); s->init_data->dst = DetectParseAddress(de_ctx, addrstr);
if (s->dst == NULL) if (s->init_data->dst == NULL)
goto error; goto error;
} }
@ -904,7 +904,7 @@ static int SigParseBasics(DetectEngineCtx *de_ctx,
} }
/* Check if it is bidirectional */ /* Check if it is bidirectional */
if (strcmp(parser->direction, "<>") == 0) if (strcmp(parser->direction, "<>") == 0)
s->init_flags |= SIG_FLAG_INIT_BIDIREC; s->init_data->init_flags |= SIG_FLAG_INIT_BIDIREC;
/* Parse Address & Ports */ /* Parse Address & Ports */
if (SigParseAddress(de_ctx, s, parser->src, SIG_DIREC_SRC ^ addrs_direction) < 0) if (SigParseAddress(de_ctx, s, parser->src, SIG_DIREC_SRC ^ addrs_direction) < 0)
@ -1007,7 +1007,7 @@ Signature *SigAlloc (void)
* overwritten, we can then assign the default value of 3 */ * overwritten, we can then assign the default value of 3 */
sig->prio = -1; sig->prio = -1;
sig->list = DETECT_SM_LIST_NOTSET; sig->init_data->list = DETECT_SM_LIST_NOTSET;
return sig; return sig;
} }
@ -1134,7 +1134,7 @@ static void SigBuildAddressMatchArray(Signature *s)
/* source addresses */ /* source addresses */
uint16_t cnt = 0; uint16_t cnt = 0;
uint16_t idx = 0; uint16_t idx = 0;
DetectAddress *da = s->src->ipv4_head; DetectAddress *da = s->init_data->src->ipv4_head;
for ( ; da != NULL; da = da->next) { for ( ; da != NULL; da = da->next) {
cnt++; cnt++;
} }
@ -1144,7 +1144,7 @@ static void SigBuildAddressMatchArray(Signature *s)
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
for (da = s->src->ipv4_head; da != NULL; da = da->next) { for (da = s->init_data->src->ipv4_head; da != NULL; da = da->next) {
s->addr_src_match4[idx].ip = ntohl(da->ip.addr_data32[0]); s->addr_src_match4[idx].ip = ntohl(da->ip.addr_data32[0]);
s->addr_src_match4[idx].ip2 = ntohl(da->ip2.addr_data32[0]); s->addr_src_match4[idx].ip2 = ntohl(da->ip2.addr_data32[0]);
idx++; idx++;
@ -1155,7 +1155,7 @@ static void SigBuildAddressMatchArray(Signature *s)
/* destination addresses */ /* destination addresses */
cnt = 0; cnt = 0;
idx = 0; idx = 0;
da = s->dst->ipv4_head; da = s->init_data->dst->ipv4_head;
for ( ; da != NULL; da = da->next) { for ( ; da != NULL; da = da->next) {
cnt++; cnt++;
} }
@ -1165,7 +1165,7 @@ static void SigBuildAddressMatchArray(Signature *s)
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
for (da = s->dst->ipv4_head; da != NULL; da = da->next) { for (da = s->init_data->dst->ipv4_head; da != NULL; da = da->next) {
s->addr_dst_match4[idx].ip = ntohl(da->ip.addr_data32[0]); s->addr_dst_match4[idx].ip = ntohl(da->ip.addr_data32[0]);
s->addr_dst_match4[idx].ip2 = ntohl(da->ip2.addr_data32[0]); s->addr_dst_match4[idx].ip2 = ntohl(da->ip2.addr_data32[0]);
idx++; idx++;
@ -1176,7 +1176,7 @@ static void SigBuildAddressMatchArray(Signature *s)
/* source addresses IPv6 */ /* source addresses IPv6 */
cnt = 0; cnt = 0;
idx = 0; idx = 0;
da = s->src->ipv6_head; da = s->init_data->src->ipv6_head;
for ( ; da != NULL; da = da->next) { for ( ; da != NULL; da = da->next) {
cnt++; cnt++;
} }
@ -1186,7 +1186,7 @@ static void SigBuildAddressMatchArray(Signature *s)
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
for (da = s->src->ipv6_head; da != NULL; da = da->next) { for (da = s->init_data->src->ipv6_head; da != NULL; da = da->next) {
s->addr_src_match6[idx].ip[0] = ntohl(da->ip.addr_data32[0]); s->addr_src_match6[idx].ip[0] = ntohl(da->ip.addr_data32[0]);
s->addr_src_match6[idx].ip[1] = ntohl(da->ip.addr_data32[1]); s->addr_src_match6[idx].ip[1] = ntohl(da->ip.addr_data32[1]);
s->addr_src_match6[idx].ip[2] = ntohl(da->ip.addr_data32[2]); s->addr_src_match6[idx].ip[2] = ntohl(da->ip.addr_data32[2]);
@ -1203,7 +1203,7 @@ static void SigBuildAddressMatchArray(Signature *s)
/* destination addresses IPv6 */ /* destination addresses IPv6 */
cnt = 0; cnt = 0;
idx = 0; idx = 0;
da = s->dst->ipv6_head; da = s->init_data->dst->ipv6_head;
for ( ; da != NULL; da = da->next) { for ( ; da != NULL; da = da->next) {
cnt++; cnt++;
} }
@ -1213,7 +1213,7 @@ static void SigBuildAddressMatchArray(Signature *s)
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
for (da = s->dst->ipv6_head; da != NULL; da = da->next) { for (da = s->init_data->dst->ipv6_head; da != NULL; da = da->next) {
s->addr_dst_match6[idx].ip[0] = ntohl(da->ip.addr_data32[0]); s->addr_dst_match6[idx].ip[0] = ntohl(da->ip.addr_data32[0]);
s->addr_dst_match6[idx].ip[1] = ntohl(da->ip.addr_data32[1]); s->addr_dst_match6[idx].ip[1] = ntohl(da->ip.addr_data32[1]);
s->addr_dst_match6[idx].ip[2] = ntohl(da->ip.addr_data32[2]); s->addr_dst_match6[idx].ip[2] = ntohl(da->ip.addr_data32[2]);
@ -1614,10 +1614,10 @@ static Signature *SigInitHelper(DetectEngineCtx *de_ctx, char *sigstr,
SigMatch *sm = sig->init_data->smlists[DETECT_SM_LIST_MATCH]; SigMatch *sm = sig->init_data->smlists[DETECT_SM_LIST_MATCH];
for ( ; sm != NULL; sm = sm->next) { for ( ; sm != NULL; sm = sm->next) {
if (sigmatch_table[sm->type].Match != NULL) if (sigmatch_table[sm->type].Match != NULL)
sig->init_flags |= SIG_FLAG_INIT_PACKET; sig->init_data->init_flags |= SIG_FLAG_INIT_PACKET;
} }
} else { } else {
sig->init_flags |= SIG_FLAG_INIT_PACKET; sig->init_data->init_flags |= SIG_FLAG_INIT_PACKET;
} }
} }
@ -1631,14 +1631,14 @@ static Signature *SigInitHelper(DetectEngineCtx *de_ctx, char *sigstr,
/* for other lists this flag is set when the inspect engines /* for other lists this flag is set when the inspect engines
* are registered */ * are registered */
if (!(sig->init_flags & SIG_FLAG_INIT_FLOW)) { if (!(sig->init_data->init_flags & SIG_FLAG_INIT_FLOW)) {
sig->flags |= SIG_FLAG_TOSERVER; sig->flags |= SIG_FLAG_TOSERVER;
sig->flags |= SIG_FLAG_TOCLIENT; sig->flags |= SIG_FLAG_TOCLIENT;
} }
SCLogDebug("sig %"PRIu32" SIG_FLAG_APPLAYER: %s, SIG_FLAG_PACKET: %s", SCLogDebug("sig %"PRIu32" SIG_FLAG_APPLAYER: %s, SIG_FLAG_PACKET: %s",
sig->id, sig->flags & SIG_FLAG_APPLAYER ? "set" : "not set", sig->id, sig->flags & SIG_FLAG_APPLAYER ? "set" : "not set",
sig->init_flags & SIG_FLAG_INIT_PACKET ? "set" : "not set"); sig->init_data->init_flags & SIG_FLAG_INIT_PACKET ? "set" : "not set");
SigBuildAddressMatchArray(sig); SigBuildAddressMatchArray(sig);
@ -1677,7 +1677,7 @@ Signature *SigInit(DetectEngineCtx *de_ctx, char *sigstr)
goto error; goto error;
} }
if (sig->init_flags & SIG_FLAG_INIT_BIDIREC) { if (sig->init_data->init_flags & SIG_FLAG_INIT_BIDIREC) {
sig->next = SigInitHelper(de_ctx, sigstr, SIG_DIREC_SWITCHED); sig->next = SigInitHelper(de_ctx, sigstr, SIG_DIREC_SWITCHED);
if (sig->next == NULL) { if (sig->next == NULL) {
goto error; goto error;
@ -1870,7 +1870,7 @@ static inline int DetectEngineSignatureIsDuplicate(DetectEngineCtx *de_ctx,
if (sw_dup->s_prev == NULL) { if (sw_dup->s_prev == NULL) {
SigDuplWrapper sw_temp; SigDuplWrapper sw_temp;
memset(&sw_temp, 0, sizeof(SigDuplWrapper)); memset(&sw_temp, 0, sizeof(SigDuplWrapper));
if (sw_dup->s->init_flags & SIG_FLAG_INIT_BIDIREC) { if (sw_dup->s->init_data->init_flags & SIG_FLAG_INIT_BIDIREC) {
sw_temp.s = sw_dup->s->next->next; sw_temp.s = sw_dup->s->next->next;
de_ctx->sig_list = sw_dup->s->next->next; de_ctx->sig_list = sw_dup->s->next->next;
SigFree(sw_dup->s->next); SigFree(sw_dup->s->next);
@ -1888,7 +1888,7 @@ static inline int DetectEngineSignatureIsDuplicate(DetectEngineCtx *de_ctx,
} else { } else {
SigDuplWrapper sw_temp; SigDuplWrapper sw_temp;
memset(&sw_temp, 0, sizeof(SigDuplWrapper)); memset(&sw_temp, 0, sizeof(SigDuplWrapper));
if (sw_dup->s->init_flags & SIG_FLAG_INIT_BIDIREC) { if (sw_dup->s->init_data->init_flags & SIG_FLAG_INIT_BIDIREC) {
sw_temp.s = sw_dup->s->next->next; sw_temp.s = sw_dup->s->next->next;
sw_dup->s_prev->next = sw_dup->s->next->next; sw_dup->s_prev->next = sw_dup->s->next->next;
SigFree(sw_dup->s->next); SigFree(sw_dup->s->next);
@ -1958,7 +1958,7 @@ Signature *DetectEngineAppendSig(DetectEngineCtx *de_ctx, char *sigstr)
sigstr); sigstr);
} }
if (sig->init_flags & SIG_FLAG_INIT_BIDIREC) { if (sig->init_data->init_flags & SIG_FLAG_INIT_BIDIREC) {
if (sig->next != NULL) { if (sig->next != NULL) {
sig->next->next = de_ctx->sig_list; sig->next->next = de_ctx->sig_list;
} else { } else {
@ -2904,7 +2904,7 @@ int SigTestBidirec01 (void)
goto end; goto end;
if (sig->next != NULL) if (sig->next != NULL)
goto end; goto end;
if (sig->init_flags & SIG_FLAG_INIT_BIDIREC) if (sig->init_data->init_flags & SIG_FLAG_INIT_BIDIREC)
goto end; goto end;
if (de_ctx->signum != 1) if (de_ctx->signum != 1)
goto end; goto end;
@ -2938,7 +2938,7 @@ int SigTestBidirec02 (void)
goto end; goto end;
if (de_ctx->sig_list != sig) if (de_ctx->sig_list != sig)
goto end; goto end;
if (!(sig->init_flags & SIG_FLAG_INIT_BIDIREC)) if (!(sig->init_data->init_flags & SIG_FLAG_INIT_BIDIREC))
goto end; goto end;
if (sig->next == NULL) if (sig->next == NULL)
goto end; goto end;
@ -2947,7 +2947,7 @@ int SigTestBidirec02 (void)
copy = sig->next; copy = sig->next;
if (copy->next != NULL) if (copy->next != NULL)
goto end; goto end;
if (!(copy->init_flags & SIG_FLAG_INIT_BIDIREC)) if (!(copy->init_data->init_flags & SIG_FLAG_INIT_BIDIREC))
goto end; goto end;
result = 1; result = 1;
@ -3105,7 +3105,7 @@ int SigTestBidirec04 (void)
sig = DetectEngineAppendSig(de_ctx, "alert tcp 192.168.1.1 any <> any any (msg:\"SigTestBidirec03 sid 2 bidirectional\"; sid:2;)"); sig = DetectEngineAppendSig(de_ctx, "alert tcp 192.168.1.1 any <> any any (msg:\"SigTestBidirec03 sid 2 bidirectional\"; sid:2;)");
if (sig == NULL) if (sig == NULL)
goto end; goto end;
if ( !(sig->init_flags & SIG_FLAG_INIT_BIDIREC)) if ( !(sig->init_data->init_flags & SIG_FLAG_INIT_BIDIREC))
goto end; goto end;
if (sig->next == NULL) if (sig->next == NULL)
goto end; goto end;

14
src/detect-pcre.c
Unescape Escape View File

@ -684,7 +684,7 @@ static int DetectPcreSetup (DetectEngineCtx *de_ctx, Signature *s, char *regexst
"for the rule."); "for the rule.");
goto error; goto error;
} }
if (s->list != DETECT_SM_LIST_NOTSET) { if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "pcre found with http " SCLogError(SC_ERR_INVALID_SIGNATURE, "pcre found with http "
"modifier set, with file_data/dce_stub_data sticky " "modifier set, with file_data/dce_stub_data sticky "
"option set."); "option set.");
@ -693,17 +693,17 @@ static int DetectPcreSetup (DetectEngineCtx *de_ctx, Signature *s, char *regexst
} }
int sm_list = -1; int sm_list = -1;
if (s->list != DETECT_SM_LIST_NOTSET) { if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
if (s->list == DETECT_SM_LIST_FILEDATA) { if (s->init_data->list == DETECT_SM_LIST_FILEDATA) {
SCLogDebug("adding to http server body list because of file data"); SCLogDebug("adding to http server body list because of file data");
AppLayerHtpEnableResponseBodyCallback(); AppLayerHtpEnableResponseBodyCallback();
} else if (s->list == DETECT_SM_LIST_DMATCH) { } else if (s->init_data->list == DETECT_SM_LIST_DMATCH) {
SCLogDebug("adding to dmatch list because of dce_stub_data"); SCLogDebug("adding to dmatch list because of dce_stub_data");
} else if (s->list == DETECT_SM_LIST_DNSQUERYNAME_MATCH) { } else if (s->init_data->list == DETECT_SM_LIST_DNSQUERYNAME_MATCH) {
SCLogDebug("adding to DETECT_SM_LIST_DNSQUERYNAME_MATCH list because of dns_query"); SCLogDebug("adding to DETECT_SM_LIST_DNSQUERYNAME_MATCH list because of dns_query");
} }
s->flags |= SIG_FLAG_APPLAYER; s->flags |= SIG_FLAG_APPLAYER;
sm_list = s->list; sm_list = s->init_data->list;
} else { } else {
switch(parsed_sm_list) { switch(parsed_sm_list) {
case DETECT_SM_LIST_HCBDMATCH: case DETECT_SM_LIST_HCBDMATCH:
@ -763,7 +763,7 @@ static int DetectPcreSetup (DetectEngineCtx *de_ctx, Signature *s, char *regexst
SigMatch *prev_pm = SigMatchGetLastSMFromLists(s, 4, SigMatch *prev_pm = SigMatchGetLastSMFromLists(s, 4,
DETECT_CONTENT, sm->prev, DETECT_CONTENT, sm->prev,
DETECT_PCRE, sm->prev); DETECT_PCRE, sm->prev);
if (s->list == DETECT_SM_LIST_NOTSET && prev_pm == NULL) { if (s->init_data->list == DETECT_SM_LIST_NOTSET && prev_pm == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "pcre with /R (relative) needs " SCLogError(SC_ERR_INVALID_SIGNATURE, "pcre with /R (relative) needs "
"preceeding match in the same buffer"); "preceeding match in the same buffer");
goto error_nofree; goto error_nofree;

4
src/detect-pkt-data.c
Unescape Escape View File

@ -74,7 +74,7 @@ void DetectPktDataRegister(void)
static int DetectPktDataSetup (DetectEngineCtx *de_ctx, Signature *s, char *str) static int DetectPktDataSetup (DetectEngineCtx *de_ctx, Signature *s, char *str)
{ {
SCEnter(); SCEnter();
s->list = DETECT_SM_LIST_NOTSET; s->init_data->list = DETECT_SM_LIST_NOTSET;
return 0; return 0;
} }
@ -127,7 +127,7 @@ static int DetectPktDataTest01(void)
} }
if (sig->list != DETECT_SM_LIST_NOTSET) { if (sig->init_data->list != DETECT_SM_LIST_NOTSET) {
printf("sticky buffer set: "); printf("sticky buffer set: ");
goto end; goto end;
} }

2
src/detect-prefilter.c
Unescape Escape View File

@ -78,7 +78,7 @@ static int DetectPrefilterSetup (DetectEngineCtx *de_ctx, Signature *s, char *nu
goto end; goto end;
} }
s->prefilter_sm = sm; s->init_data->prefilter_sm = sm;
s->flags |= SIG_FLAG_PREFILTER; s->flags |= SIG_FLAG_PREFILTER;
/* if the sig match is content, prefilter should act like /* if the sig match is content, prefilter should act like

2
src/detect-rawbytes.c
Unescape Escape View File

@ -60,7 +60,7 @@ static int DetectRawbytesSetup (DetectEngineCtx *de_ctx, Signature *s, char *nul
return -1; return -1;
} }
if (s->list != DETECT_SM_LIST_NOTSET) { if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
SCLogError(SC_ERR_RAWBYTES_FILE_DATA, "\"rawbytes\" cannot be combined with \"file_data\""); SCLogError(SC_ERR_RAWBYTES_FILE_DATA, "\"rawbytes\" cannot be combined with \"file_data\"");
SCReturnInt(-1); SCReturnInt(-1);
} }

2
src/detect-template-buffer.c
Unescape Escape View File

@ -71,7 +71,7 @@ void DetectTemplateBufferRegister(void)
static int DetectTemplateBufferSetup(DetectEngineCtx *de_ctx, Signature *s, static int DetectTemplateBufferSetup(DetectEngineCtx *de_ctx, Signature *s,
char *str) char *str)
{ {
s->list = DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH; s->init_data->list = DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH;
s->alproto = ALPROTO_TEMPLATE; s->alproto = ALPROTO_TEMPLATE;
return 0; return 0;
} }

2
src/detect-tls-cert-issuer.c
Unescape Escape View File

@ -94,7 +94,7 @@ void DetectTlsIssuerRegister(void)
*/ */
static int DetectTlsIssuerSetup(DetectEngineCtx *de_ctx, Signature *s, char *str) static int DetectTlsIssuerSetup(DetectEngineCtx *de_ctx, Signature *s, char *str)
{ {
s->list = DETECT_SM_LIST_TLSISSUER_MATCH; s->init_data->list = DETECT_SM_LIST_TLSISSUER_MATCH;
s->alproto = ALPROTO_TLS; s->alproto = ALPROTO_TLS;
return 0; return 0;
} }

2
src/detect-tls-cert-subject.c
Unescape Escape View File

@ -94,7 +94,7 @@ void DetectTlsSubjectRegister(void)
*/ */
static int DetectTlsSubjectSetup(DetectEngineCtx *de_ctx, Signature *s, char *str) static int DetectTlsSubjectSetup(DetectEngineCtx *de_ctx, Signature *s, char *str)
{ {
s->list = DETECT_SM_LIST_TLSSUBJECT_MATCH; s->init_data->list = DETECT_SM_LIST_TLSSUBJECT_MATCH;
s->alproto = ALPROTO_TLS; s->alproto = ALPROTO_TLS;
return 0; return 0;
} }

2
src/detect-tls-sni.c
Unescape Escape View File

@ -94,7 +94,7 @@ void DetectTlsSniRegister(void)
*/ */
static int DetectTlsSniSetup(DetectEngineCtx *de_ctx, Signature *s, char *str) static int DetectTlsSniSetup(DetectEngineCtx *de_ctx, Signature *s, char *str)
{ {
s->list = DETECT_SM_LIST_TLSSNI_MATCH; s->init_data->list = DETECT_SM_LIST_TLSSNI_MATCH;
s->alproto = ALPROTO_TLS; s->alproto = ALPROTO_TLS;
return 0; return 0;
} }

4
src/detect-within.c
Unescape Escape View File

@ -85,8 +85,8 @@ static int DetectWithinSetup(DetectEngineCtx *de_ctx, Signature *s, char *within
} }
/* retrive the sm to apply the depth against */ /* retrive the sm to apply the depth against */
if (s->list != DETECT_SM_LIST_NOTSET) { if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->init_data->smlists_tail[s->list]); pm = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->init_data->smlists_tail[s->init_data->list]);
} else { } else {
pm = SigMatchGetLastSMFromLists(s, 28, pm = SigMatchGetLastSMFromLists(s, 28,
DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH], DETECT_CONTENT, s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH],

79
src/detect.c
Unescape Escape View File

@ -2539,7 +2539,7 @@ static int SignatureCreateMask(Signature *s)
SCLogDebug("sig requires flow"); SCLogDebug("sig requires flow");
} }
if (s->init_flags & SIG_FLAG_INIT_FLOW) { if (s->init_data->init_flags & SIG_FLAG_INIT_FLOW) {
s->mask |= SIG_MASK_REQUIRE_FLOW; s->mask |= SIG_MASK_REQUIRE_FLOW;
SCLogDebug("sig requires flow"); SCLogDebug("sig requires flow");
} }
@ -2572,8 +2572,8 @@ static void SigInitStandardMpmFactoryContexts(DetectEngineCtx *de_ctx)
*/ */
static int SigParseGetMaxDsize(Signature *s) static int SigParseGetMaxDsize(Signature *s)
{ {
if (s->flags & SIG_FLAG_DSIZE && s->dsize_sm != NULL) { if (s->flags & SIG_FLAG_DSIZE && s->init_data->dsize_sm != NULL) {
DetectDsizeData *dd = (DetectDsizeData *)s->dsize_sm->ctx; DetectDsizeData *dd = (DetectDsizeData *)s->init_data->dsize_sm->ctx;
switch (dd->mode) { switch (dd->mode) {
case DETECTDSIZE_LT: case DETECTDSIZE_LT:
@ -2594,8 +2594,8 @@ static int SigParseGetMaxDsize(Signature *s)
*/ */
static void SigParseSetDsizePair(Signature *s) static void SigParseSetDsizePair(Signature *s)
{ {
if (s->flags & SIG_FLAG_DSIZE && s->dsize_sm != NULL) { if (s->flags & SIG_FLAG_DSIZE && s->init_data->dsize_sm != NULL) {
DetectDsizeData *dd = (DetectDsizeData *)s->dsize_sm->ctx; DetectDsizeData *dd = (DetectDsizeData *)s->init_data->dsize_sm->ctx;
uint16_t low = 0; uint16_t low = 0;
uint16_t high = 65535; uint16_t high = 65535;
@ -2665,19 +2665,19 @@ static void SigParseApplyDsizeToContent(Signature *s)
/** \brief Pure-PCRE or bytetest rule */ /** \brief Pure-PCRE or bytetest rule */
int RuleInspectsPayloadHasNoMpm(const Signature *s) int RuleInspectsPayloadHasNoMpm(const Signature *s)
{ {
if (s->mpm_sm == NULL && s->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL) if (s->init_data->mpm_sm == NULL && s->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL)
return 1; return 1;
return 0; return 0;
} }
int RuleGetMpmPatternSize(const Signature *s) int RuleGetMpmPatternSize(const Signature *s)
{ {
if (s->mpm_sm == NULL) if (s->init_data->mpm_sm == NULL)
return -1; return -1;
int mpm_list = SigMatchListSMBelongsTo(s, s->mpm_sm); int mpm_list = SigMatchListSMBelongsTo(s, s->init_data->mpm_sm);
if (mpm_list < 0) if (mpm_list < 0)
return -1; return -1;
const DetectContentData *cd = (const DetectContentData *)s->mpm_sm->ctx; const DetectContentData *cd = (const DetectContentData *)s->init_data->mpm_sm->ctx;
if (cd == NULL) if (cd == NULL)
return -1; return -1;
return (int)cd->content_len; return (int)cd->content_len;
@ -2685,12 +2685,12 @@ int RuleGetMpmPatternSize(const Signature *s)
int RuleMpmIsNegated(const Signature *s) int RuleMpmIsNegated(const Signature *s)
{ {
if (s->mpm_sm == NULL) if (s->init_data->mpm_sm == NULL)
return 0; return 0;
int mpm_list = SigMatchListSMBelongsTo(s, s->mpm_sm); int mpm_list = SigMatchListSMBelongsTo(s, s->init_data->mpm_sm);
if (mpm_list < 0) if (mpm_list < 0)
return 0; return 0;
const DetectContentData *cd = (const DetectContentData *)s->mpm_sm->ctx; const DetectContentData *cd = (const DetectContentData *)s->init_data->mpm_sm->ctx;
if (cd == NULL) if (cd == NULL)
return 0; return 0;
return (cd->flags & DETECT_CONTENT_NEGATED); return (cd->flags & DETECT_CONTENT_NEGATED);
@ -2760,7 +2760,7 @@ json_t *RulesGroupPrintSghStats(const SigGroupHead *sgh,
any5_cnt++; any5_cnt++;
} }
if (s->mpm_sm == NULL) { if (s->init_data->mpm_sm == NULL) {
nonmpm_cnt++; nonmpm_cnt++;
if (s->sm_arrays[DETECT_SM_LIST_MATCH] != NULL) { if (s->sm_arrays[DETECT_SM_LIST_MATCH] != NULL) {
@ -2782,9 +2782,9 @@ json_t *RulesGroupPrintSghStats(const SigGroupHead *sgh,
} }
} else { } else {
int mpm_list = SigMatchListSMBelongsTo(s, s->mpm_sm); int mpm_list = SigMatchListSMBelongsTo(s, s->init_data->mpm_sm);
BUG_ON(mpm_list < 0); BUG_ON(mpm_list < 0);
const DetectContentData *cd = (const DetectContentData *)s->mpm_sm->ctx; const DetectContentData *cd = (const DetectContentData *)s->init_data->mpm_sm->ctx;
uint32_t size = cd->content_len < 256 ? cd->content_len : 255; uint32_t size = cd->content_len < 256 ? cd->content_len : 255;
mpm_sizes[mpm_list][size]++; mpm_sizes[mpm_list][size]++;
@ -3177,8 +3177,8 @@ static int RuleSetWhitelist(Signature *s)
wl = 77; wl = 77;
/* one byte pattern in packet/stream payloads */ /* one byte pattern in packet/stream payloads */
} else if (s->mpm_sm != NULL && } else if (s->init_data->mpm_sm != NULL &&
SigMatchListSMBelongsTo(s, s->mpm_sm) == DETECT_SM_LIST_PMATCH && SigMatchListSMBelongsTo(s, s->init_data->mpm_sm) == DETECT_SM_LIST_PMATCH &&
RuleGetMpmPatternSize(s) == 1) RuleGetMpmPatternSize(s) == 1)
{ {
SCLogDebug("Rule %u No MPM. Payload inspecting. Whitelisting SGH's.", s->id); SCLogDebug("Rule %u No MPM. Payload inspecting. Whitelisting SGH's.", s->id);
@ -3192,7 +3192,7 @@ static int RuleSetWhitelist(Signature *s)
} }
} }
s->whitelist = wl; s->init_data->whitelist = wl;
return wl; return wl;
} }
@ -3244,7 +3244,7 @@ static DetectPort *RulesGroupByPorts(DetectEngineCtx *de_ctx, int ipproto, uint3
goto next; goto next;
} }
int wl = s->whitelist; int wl = s->init_data->whitelist;
while (p) { while (p) {
int pwl = PortIsWhitelisted(de_ctx, p, ipproto) ? 111 : 0; int pwl = PortIsWhitelisted(de_ctx, p, ipproto) ? 111 : 0;
pwl = MAX(wl,pwl); pwl = MAX(wl,pwl);
@ -3398,7 +3398,7 @@ int SigAddressPrepareStage1(DetectEngineCtx *de_ctx)
SCLogDebug("Signature %"PRIu32" is considered \"Payload inspecting\"", tmp_s->id); SCLogDebug("Signature %"PRIu32" is considered \"Payload inspecting\"", tmp_s->id);
} else if (SignatureIsDEOnly(de_ctx, tmp_s) == 1) { } else if (SignatureIsDEOnly(de_ctx, tmp_s) == 1) {
tmp_s->init_flags |= SIG_FLAG_INIT_DEONLY; tmp_s->init_data->init_flags |= SIG_FLAG_INIT_DEONLY;
SCLogDebug("Signature %"PRIu32" is considered \"Decoder Event only\"", tmp_s->id); SCLogDebug("Signature %"PRIu32" is considered \"Decoder Event only\"", tmp_s->id);
cnt_deonly++; cnt_deonly++;
} }
@ -3470,7 +3470,7 @@ int SigAddressPrepareStage1(DetectEngineCtx *de_ctx)
SigMatch *sm = tmp_s->init_data->smlists[i]; SigMatch *sm = tmp_s->init_data->smlists[i];
while (sm != NULL) { while (sm != NULL) {
if (sm->type == prefilter_list) { if (sm->type == prefilter_list) {
tmp_s->prefilter_sm = sm; tmp_s->init_data->prefilter_sm = sm;
tmp_s->flags |= SIG_FLAG_PREFILTER; tmp_s->flags |= SIG_FLAG_PREFILTER;
SCLogConfig("sid %u: prefilter is on \"%s\"", tmp_s->id, sigmatch_table[sm->type].name); SCLogConfig("sid %u: prefilter is on \"%s\"", tmp_s->id, sigmatch_table[sm->type].name);
break; break;
@ -3721,7 +3721,7 @@ int SigAddressPrepareStage2(DetectEngineCtx *de_ctx)
IPOnlyAddSignature(de_ctx, &de_ctx->io_ctx, tmp_s); IPOnlyAddSignature(de_ctx, &de_ctx->io_ctx, tmp_s);
} }
if (tmp_s->init_flags & SIG_FLAG_INIT_DEONLY) { if (tmp_s->init_data->init_flags & SIG_FLAG_INIT_DEONLY) {
DetectEngineAddDecoderEventSig(de_ctx, tmp_s); DetectEngineAddDecoderEventSig(de_ctx, tmp_s);
} }
@ -8341,15 +8341,13 @@ int SigTest40NoPayloadInspection02(void)
uint8_t *buf = (uint8_t *) uint8_t *buf = (uint8_t *)
"220 (vsFTPd 2.0.5)\r\n"; "220 (vsFTPd 2.0.5)\r\n";
uint16_t buflen = strlen((char *)buf); uint16_t buflen = strlen((char *)buf);
Packet *p = SCMalloc(SIZE_OF_PACKET);
if (unlikely(p == NULL))
return 0;
ThreadVars th_v; ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
int result = 1;
memset(&th_v, 0, sizeof(th_v)); memset(&th_v, 0, sizeof(th_v));
Packet *p = SCMalloc(SIZE_OF_PACKET);
FAIL_IF_NULL(p);
memset(p, 0, SIZE_OF_PACKET); memset(p, 0, SIZE_OF_PACKET);
p->src.family = AF_INET; p->src.family = AF_INET;
p->dst.family = AF_INET; p->dst.family = AF_INET;
p->payload = buf; p->payload = buf;
@ -8357,37 +8355,26 @@ int SigTest40NoPayloadInspection02(void)
p->proto = IPPROTO_TCP; p->proto = IPPROTO_TCP;
p->flags |= PKT_NOPAYLOAD_INSPECTION; p->flags |= PKT_NOPAYLOAD_INSPECTION;
DetectEngineThreadCtx *det_ctx = NULL;
DetectEngineCtx *de_ctx = DetectEngineCtxInit(); DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) { FAIL_IF_NULL(de_ctx);
result = 0;
goto end;
}
de_ctx->flags |= DE_QUIET; de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"No Payload TEST\"; content:\"220 (vsFTPd 2.0.5)\"; sid:1;)"); Signature *s = DetectEngineAppendSig(de_ctx,
if (de_ctx->sig_list == NULL) { "alert tcp any any -> any any (msg:\"No Payload TEST\"; content:\"220 (vsFTPd 2.0.5)\"; sid:1;)");
result = 0; FAIL_IF_NULL(s);
goto end;
}
SigGroupBuild(de_ctx); SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p); SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
if (PacketAlertCheck(p, 1)) FAIL_IF(PacketAlertCheck(p, 1));
result &= 0;
else
result &= 1;
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx); DetectEngineCtxFree(de_ctx);
end:
SCFree(p); SCFree(p);
return result; PASS;
} }
static int SigTestMemory01 (void) static int SigTestMemory01 (void)

54
src/detect.h
Unescape Escape View File

@ -412,6 +412,34 @@ typedef struct DetectEngineAppInspectionEngine_ {
#endif #endif
typedef struct SignatureInitData_ { typedef struct SignatureInitData_ {
/** Number of sigmatches. Used for assigning SigMatch::idx */
uint16_t sm_cnt;
/* used to hold flags that are used during init */
uint32_t init_flags;
/* coccinelle: SignatureInitData:init_flags:SIG_FLAG_INIT_ */
/* used at init to determine max dsize */
SigMatch *dsize_sm;
/* the fast pattern added from this signature */
SigMatch *mpm_sm;
/* used to speed up init of prefilter */
SigMatch *prefilter_sm;
/* SigMatch list used for adding content and friends. E.g. file_data; */
int list;
/** score to influence rule grouping. A higher value leads to a higher
* likelyhood of a rulegroup with this sig ending up as a contained
* group. */
int whitelist;
/** address settings for this signature */
const DetectAddressHead *src, *dst;
int prefilter_list;
/* holds all sm lists */ /* holds all sm lists */
struct SigMatch_ *smlists[DETECT_SM_LIST_MAX]; struct SigMatch_ *smlists[DETECT_SM_LIST_MAX];
/* holds all sm lists' tails */ /* holds all sm lists' tails */
@ -463,12 +491,6 @@ typedef struct Signature_ {
#ifdef PROFILING #ifdef PROFILING
uint16_t profiling_id; uint16_t profiling_id;
#endif #endif
/** number of sigmatches in the match and pmatch list */
uint16_t sm_cnt;
/* used to hold flags that are predominantly used during init */
uint32_t init_flags;
/* coccinelle: Signature:init_flags:SIG_FLAG_INIT_ */
/** netblocks and hosts specified at the sid, in CIDR format */ /** netblocks and hosts specified at the sid, in CIDR format */
IPOnlyCIDRItem *CidrSrc, *CidrDst; IPOnlyCIDRItem *CidrSrc, *CidrDst;
@ -489,30 +511,10 @@ typedef struct Signature_ {
/** Reference */ /** Reference */
DetectReference *references; DetectReference *references;
/** address settings for this signature */
const DetectAddressHead *src, *dst;
/* used at init to determine max dsize */
SigMatch *dsize_sm;
/* the fast pattern added from this signature */
SigMatch *mpm_sm;
/* used to speed up init of prefilter */
SigMatch *prefilter_sm;
/* SigMatch list used for adding content and friends. E.g. file_data; */
int list;
/** score to influence rule grouping. A higher value leads to a higher
* likelyhood of a rulegroup with this sig ending up as a contained
* group. */
int whitelist;
/* Be careful, this pointer is only valid while parsing the sig, /* Be careful, this pointer is only valid while parsing the sig,
* to warn the user about any possible problem */ * to warn the user about any possible problem */
char *sig_str; char *sig_str;
int prefilter_list;
SignatureInitData *init_data; SignatureInitData *init_data;
/** ptr to the next sig in the list */ /** ptr to the next sig in the list */

Write Preview
Loading…
Cancel
Save