void DecodeThreadVarsFree(DecodeThreadVars *dtv)
{
if (dtv != NULL) {
if (dtv->app_tctx != NULL)
AppLayerDestroyCtxThread(dtv->app_tctx);
SCFree(dtv);
}
}
void DecodeThreadVarsFree(ThreadVars *tv, DecodeThreadVars *dtv)
{
if (dtv != NULL) {
if (dtv->app_tctx != NULL)
AppLayerDestroyCtxThread(dtv->app_tctx);
if (dtv->output_flow_thread_data != NULL)
OutputFlowLogThreadDeinit(tv, dtv->output_flow_thread_data);
SCFree(dtv);
}
}
/**
* \test Test packet Matches
* \param raw_eth_pkt pointer to the ethernet packet
* \param pktsize size of the packet
* \param sig pointer to the signature to test
* \param sid sid number of the signature
* \retval return 1 if match
* \retval return 0 if not
*/
static
int DetectReplaceLongPatternMatchTest(uint8_t *raw_eth_pkt, uint16_t pktsize,
char *sig, uint32_t sid, uint8_t *pp,
uint16_t *len)
{
int result = 0;
Packet *p = NULL;
p = PacketGetFromAlloc();
if (unlikely(p == NULL))
return 0;
DecodeThreadVars dtv;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
if (pp == NULL) {
SCLogDebug("replace: looks like a second run");
}
PacketCopyData(p, raw_eth_pkt, pktsize);
memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&th_v, 0, sizeof(th_v));
dtv.app_tctx = AppLayerGetCtxThread(&th_v);
FlowInitConfig(FLOW_QUIET);
DecodeEthernet(&th_v, &dtv, p, GET_PKT_DATA(p), pktsize, NULL);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
goto end;
}
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, sig);
if (de_ctx->sig_list == NULL) {
goto end;
}
de_ctx->sig_list->next = NULL;
if (de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->type == DETECT_CONTENT) {
DetectContentData *co = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
if (co->flags & DETECT_CONTENT_RELATIVE_NEXT) {
printf("relative next flag set on final match which is content: ");
goto end;
}
}
SigGroupBuild(de_ctx);
DetectEngineAddToMaster(de_ctx);
DetectEngineThreadCtxInit(&th_v, NULL, (void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
DetectEngineMoveToFreeList(de_ctx);
if (PacketAlertCheck(p, sid) != 1) {
SCLogDebug("replace: no alert on sig %d", sid);
goto end;
}
if (pp) {
memcpy(pp, GET_PKT_DATA(p), GET_PKT_LEN(p));
*len = pktsize;
SCLogDebug("replace: copying %d on %p", *len, pp);
}
result = 1;
end:
if (dtv.app_tctx != NULL)
AppLayerDestroyCtxThread(dtv.app_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEnginePruneFreeList();
PACKET_RECYCLE(p);
FlowShutdown();
SCFree(p);
return result;
}
