void * detection_filter_create(DetectionFilterConfig *df_config, THDX_STRUCT *thdx)
{
if (df_config == NULL)
return NULL;
if (!df_config->enabled)
return NULL;
/* Auto init - memcap must be set 1st, which is not really a problem */
if (detection_filter_hash == NULL)
{
detection_filter_hash = sfthd_local_new(df_config->memcap);
if (detection_filter_hash == NULL)
return NULL;
}
df_config->count++;
return sfthd_create_rule_threshold(df_config->count, thdx->tracking,
thdx->type, thdx->count, thdx->seconds);
}
THD_STRUCT * sfthd_new(unsigned lbytes, unsigned gbytes)
{
THD_STRUCT * thd;
/* Create the THD struct */
thd = (THD_STRUCT *)SnortAlloc(sizeof(THD_STRUCT));
#ifndef CRIPPLE
/* Create hash table for all of the local IP Nodes */
thd->ip_nodes = sfthd_local_new(lbytes);
if( !thd->ip_nodes )
{
#ifdef THD_DEBUG
printf("Could not allocate the sfxhash table\n");
#endif
free(thd);
return NULL;
}
if ( gbytes == 0 )
return thd;
/* Create hash table for all of the global IP Nodes */
thd->ip_gnodes = sfthd_global_new(gbytes);
if( !thd->ip_gnodes )
{
#ifdef THD_DEBUG
printf("Could not allocate the sfxhash table\n");
#endif
sfxhash_delete(thd->ip_nodes);
free(thd);
return NULL;
}
#endif
return thd;
}
