suricata
util-prefilter.h
Go to the documentation of this file.
1/* Copyright (C) 2016 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18/**
19 * \file
20 *
21 * \author Victor Julien <victor@inliniac.net>
22 */
23
24#ifndef SURICATA_UTIL_PREFILTER_H
25#define SURICATA_UTIL_PREFILTER_H
26
27#include "util-debug.h"
28
29/** \brief structure for storing potential rule matches
30 *
31 * Helper structure for the prefilter engine. The Pattern Matchers
32 * and other prefilter engines will add rule id's for potential
33 * rule matches */
34typedef struct PrefilterRuleStore_ {
35 /* used for storing rule id's */
36
37 /* Array of rule IDs found. */
39 /* Number of rule IDs in the array. */
41 /* The number of slots allocated for storing rule IDs */
43
45
46#define PMQ_RESET(pmq) (pmq)->rule_id_array_cnt = 0
47
48/* Resize Signature ID array. Only called from MpmAddSids(). */
49int PrefilterAddSidsResize(PrefilterRuleStore *pmq, uint32_t new_size);
50
51/** \brief Add array of Signature IDs to rule ID array.
52 *
53 * Checks size of the array first. Calls PrefilterAddSidsResize to increase
54 * The size of the array, since that is the slow path.
55 *
56 * \param pmq storage for match results
57 * \param sids pointer to array of Signature IDs
58 * \param sids_size number of Signature IDs in sids array.
59 *
60 */
61static inline void PrefilterAddSids(
62 PrefilterRuleStore *pmq, const SigIntId *sids, uint32_t sids_size)
63{
64 if (sids_size > 0) {
65 uint32_t new_size = pmq->rule_id_array_cnt + sids_size;
66 if (new_size > pmq->rule_id_array_size) {
67 if (PrefilterAddSidsResize(pmq, new_size) == 0) {
68 // Failed to allocate larger memory for all the SIDS, but
69 // keep as many as we can.
70 sids_size = pmq->rule_id_array_size - pmq->rule_id_array_cnt;
71 }
72 }
73 SCLogDebug("Adding %u sids", sids_size);
74 // Add SIDs for this pattern to the end of the array
75 SigIntId *ptr = pmq->rule_id_array + pmq->rule_id_array_cnt;
76 SigIntId *end = ptr + sids_size;
77 do {
78 *ptr++ = *sids++;
79 } while (ptr != end);
80 pmq->rule_id_array_cnt += sids_size;
81 }
82}
83
88
89#endif /* SURICATA_UTIL_PREFILTER_H */
structure for storing potential rule matches
#define SigIntId
#define SCLogDebug(...)
Definition util-debug.h:275
int PrefilterAddSidsResize(PrefilterRuleStore *pmq, uint32_t new_size)
Add array of Signature IDs to rule ID array.
void PmqCleanup(PrefilterRuleStore *)
Cleanup a Pmq.
void PmqFree(PrefilterRuleStore *)
Cleanup and free a Pmq.
int PmqSetup(PrefilterRuleStore *)
Setup a pmq.
void PmqReset(PrefilterRuleStore *)
Reset a Pmq for reusage. Meant to be called after a single search.
struct PrefilterRuleStore_ PrefilterRuleStore
structure for storing potential rule matches