suricata
util-prefilter.h
Go to the documentation of this file.
1 /* Copyright (C) 2016 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #ifndef __UTIL_PREFILTER_H__
25 #define __UTIL_PREFILTER_H__
26 
27 /** \brief structure for storing potential rule matches
28  *
29  * Helper structure for the prefilter engine. The Pattern Matchers
30  * and other prefilter engines will add rule id's for potential
31  * rule matches */
32 typedef struct PrefilterRuleStore_ {
33  /* used for storing rule id's */
34 
35  /* Array of rule IDs found. */
36  SigIntId *rule_id_array;
37  /* Number of rule IDs in the array. */
38  uint32_t rule_id_array_cnt;
39  /* The number of slots allocated for storing rule IDs */
40  uint32_t rule_id_array_size;
41 
42 } PrefilterRuleStore;
43 
44 /* Resize Signature ID array. Only called from MpmAddSids(). */
45 int PrefilterAddSidsResize(PrefilterRuleStore *pmq, uint32_t new_size);
46 
47 /** \brief Add array of Signature IDs to rule ID array.
48  *
49  * Checks size of the array first. Calls PrefilterAddSidsResize to increase
50  * The size of the array, since that is the slow path.
51  *
52  * \param pmq storage for match results
53  * \param sids pointer to array of Signature IDs
54  * \param sids_size number of Signature IDs in sids array.
55  *
56  */
57 static inline void
58 PrefilterAddSids(PrefilterRuleStore *pmq, SigIntId *sids, uint32_t sids_size)
59 {
60  if (sids_size == 0)
61  return;
62 
63  uint32_t new_size = pmq->rule_id_array_cnt + sids_size;
64  if (new_size > pmq->rule_id_array_size) {
65  if (PrefilterAddSidsResize(pmq, new_size) == 0) {
66  // Failed to allocate larger memory for all the SIDS, but
67  // keep as many as we can.
68  sids_size = pmq->rule_id_array_size - pmq->rule_id_array_cnt;
69  }
70  }
71  SCLogDebug("Adding %u sids", sids_size);
72  // Add SIDs for this pattern to the end of the array
73  SigIntId *ptr = pmq->rule_id_array + pmq->rule_id_array_cnt;
74  SigIntId *end = ptr + sids_size;
75  do {
76  *ptr++ = *sids++;
77  } while (ptr != end);
78  pmq->rule_id_array_cnt += sids_size;
79 }
80 #endif /* __UTIL_PREFILTER_H__ */
PrefilterAddSidsResize
int PrefilterAddSidsResize(PrefilterRuleStore *pmq, uint32_t new_size)
Add array of Signature IDs to rule ID array.
Definition: util-prefilter.c:69
PrefilterRuleStore_::rule_id_array_cnt
uint32_t rule_id_array_cnt
Definition: util-prefilter.h:38
PrefilterRuleStore_
structure for storing potential rule matches
Definition: util-prefilter.h:32
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:298
PrefilterRuleStore
struct PrefilterRuleStore_ PrefilterRuleStore
structure for storing potential rule matches
PrefilterRuleStore_::rule_id_array_size
uint32_t rule_id_array_size
Definition: util-prefilter.h:40
SigIntId
#define SigIntId
Definition: suricata-common.h:297
PrefilterRuleStore_::rule_id_array
SigIntId * rule_id_array
Definition: util-prefilter.h:36