void * detection_filter_create(DetectionFilterConfig *df_config, THDX_STRUCT *thdx) { if (df_config == NULL) return NULL; if (!df_config->enabled) return NULL; /* Auto init - memcap must be set 1st, which is not really a problem */ if (detection_filter_hash == NULL) { detection_filter_hash = sfthd_local_new(df_config->memcap); if (detection_filter_hash == NULL) return NULL; } df_config->count++; return sfthd_create_rule_threshold(df_config->count, thdx->tracking, thdx->type, thdx->count, thdx->seconds); }
THD_STRUCT * sfthd_new(unsigned lbytes, unsigned gbytes) { THD_STRUCT * thd; /* Create the THD struct */ thd = (THD_STRUCT *)SnortAlloc(sizeof(THD_STRUCT)); #ifndef CRIPPLE /* Create hash table for all of the local IP Nodes */ thd->ip_nodes = sfthd_local_new(lbytes); if( !thd->ip_nodes ) { #ifdef THD_DEBUG printf("Could not allocate the sfxhash table\n"); #endif free(thd); return NULL; } if ( gbytes == 0 ) return thd; /* Create hash table for all of the global IP Nodes */ thd->ip_gnodes = sfthd_global_new(gbytes); if( !thd->ip_gnodes ) { #ifdef THD_DEBUG printf("Could not allocate the sfxhash table\n"); #endif sfxhash_delete(thd->ip_nodes); free(thd); return NULL; } #endif return thd; }