suricata
util-prefilter.h
Go to the documentation of this file.
1 /* Copyright (C) 2016 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #ifndef __UTIL_PREFILTER_H__
25 #define __UTIL_PREFILTER_H__
26 
27 /** \brief structure for storing potential rule matches
28  *
29  * Helper structure for the prefilter engine. The Pattern Matchers
30  * and other prefilter engines will add rule id's for potential
31  * rule matches */
32 typedef struct PrefilterRuleStore_ {
33  /* used for storing rule id's */
34 
35  /* Array of rule IDs found. */
36  SigIntId *rule_id_array;
37  /* Number of rule IDs in the array. */
38  uint32_t rule_id_array_cnt;
39  /* The number of slots allocated for storing rule IDs */
40  uint32_t rule_id_array_size;
41 
42 } PrefilterRuleStore;
43 
44 #define PMQ_RESET(pmq) (pmq)->rule_id_array_cnt = 0
45 
46 /* Resize Signature ID array. Only called from MpmAddSids(). */
47 int PrefilterAddSidsResize(PrefilterRuleStore *pmq, uint32_t new_size);
48 
49 /** \brief Add array of Signature IDs to rule ID array.
50  *
51  * Checks size of the array first. Calls PrefilterAddSidsResize to increase
52  * The size of the array, since that is the slow path.
53  *
54  * \param pmq storage for match results
55  * \param sids pointer to array of Signature IDs
56  * \param sids_size number of Signature IDs in sids array.
57  *
58  */
59 static inline void
60 PrefilterAddSids(PrefilterRuleStore *pmq, SigIntId *sids, uint32_t sids_size)
61 {
62  if (sids_size == 0)
63  return;
64 
65  uint32_t new_size = pmq->rule_id_array_cnt + sids_size;
66  if (new_size > pmq->rule_id_array_size) {
67  if (PrefilterAddSidsResize(pmq, new_size) == 0) {
68  // Failed to allocate larger memory for all the SIDS, but
69  // keep as many as we can.
70  sids_size = pmq->rule_id_array_size - pmq->rule_id_array_cnt;
71  }
72  }
73  SCLogDebug("Adding %u sids", sids_size);
74  // Add SIDs for this pattern to the end of the array
75  SigIntId *ptr = pmq->rule_id_array + pmq->rule_id_array_cnt;
76  SigIntId *end = ptr + sids_size;
77  do {
78  *ptr++ = *sids++;
79  } while (ptr != end);
80  pmq->rule_id_array_cnt += sids_size;
81 }
82 #endif /* __UTIL_PREFILTER_H__ */
PrefilterAddSidsResize
int PrefilterAddSidsResize(PrefilterRuleStore *pmq, uint32_t new_size)
Add array of Signature IDs to rule ID array.
Definition: util-prefilter.c:69
PrefilterRuleStore_::rule_id_array_cnt
uint32_t rule_id_array_cnt
Definition: util-prefilter.h:38
PrefilterRuleStore_
structure for storing potential rule matches
Definition: util-prefilter.h:32
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:298
PrefilterRuleStore
struct PrefilterRuleStore_ PrefilterRuleStore
structure for storing potential rule matches
PrefilterRuleStore_::rule_id_array_size
uint32_t rule_id_array_size
Definition: util-prefilter.h:40
SigIntId
#define SigIntId
Definition: suricata-common.h:292
PrefilterRuleStore_::rule_id_array
SigIntId * rule_id_array
Definition: util-prefilter.h:36