Skip to content

Commit

Permalink
pcre: use thread-storage for matches
Browse files Browse the repository at this point in the history
  • Loading branch information
@catenacyber @victorjulien
catenacyber authored and victorjulien committed Oct 1, 2021
1 parent 3b690e5 commit c64a1f6
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 2 deletions.
27 changes: 25 additions & 2 deletions src/detect-pcre.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -200,7 +200,9 @@ int DetectPcrePayloadMatch(DetectEngineThreadCtx *det_ctx, const Signature *s,
}

/* run the actual pcre detection */
pcre2_match_data *match = pcre2_match_data_create_from_pattern(pe->parse_regex.regex, NULL);
pcre2_match_data *match =
(pcre2_match_data *)DetectThreadCtxGetKeywordThreadCtx(det_ctx, pe->thread_ctx_id);

ret = DetectPcreExec(det_ctx, pe, (char *)ptr, len, start_offset, 0, match);
SCLogDebug("ret %d (negating %s)", ret, (pe->flags & DETECT_PCRE_NEGATE) ? "set" : "not set");

Expand Down Expand Up @@ -303,7 +305,6 @@ int DetectPcrePayloadMatch(DetectEngineThreadCtx *det_ctx, const Signature *s,
SCLogDebug("pcre had matching error");
ret = 0;
}
pcre2_match_data_free(match);
SCReturnInt(ret);
}

Expand Down Expand Up @@ -830,6 +831,21 @@ static int DetectPcreParseCapture(const char *regexstr, DetectEngineCtx *de_ctx,
return -1;
}

static void *DetectPcreThreadInit(void *data)
{
DetectPcreData *pd = (DetectPcreData *)data;
pcre2_match_data *match = pcre2_match_data_create_from_pattern(pd->parse_regex.regex, NULL);
return match;
}

static void DetectPcreThreadFree(void *ctx)
{
if (ctx != NULL) {
pcre2_match_data *match = (pcre2_match_data *)ctx;
pcre2_match_data_free(match);
}
}

static int DetectPcreSetup (DetectEngineCtx *de_ctx, Signature *s, const char *regexstr)
{
SCEnter();
Expand All @@ -847,6 +863,11 @@ static int DetectPcreSetup (DetectEngineCtx *de_ctx, Signature *s, const char *r
if (DetectPcreParseCapture(regexstr, de_ctx, pd, capture_names) < 0)
goto error;

pd->thread_ctx_id = DetectRegisterThreadCtxFuncs(
de_ctx, "pcre", DetectPcreThreadInit, (void *)pd, DetectPcreThreadFree, 0);
if (pd->thread_ctx_id == -1)
goto error;

int sm_list = -1;
if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
if (parsed_sm_list != DETECT_SM_LIST_NOTSET && parsed_sm_list != s->init_data->list) {
Expand Down Expand Up @@ -934,6 +955,8 @@ static void DetectPcreFree(DetectEngineCtx *de_ctx, void *ptr)

DetectPcreData *pd = (DetectPcreData *)ptr;
DetectParseFreeRegex(&pd->parse_regex);
DetectUnregisterThreadCtxFuncs(de_ctx, NULL, pd, "pcre");

SCFree(pd);

return;
Expand Down
1 change: 1 addition & 0 deletions src/detect-pcre.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ typedef struct DetectPcreData_ {
uint8_t idx;
uint8_t captypes[DETECT_PCRE_CAPTURE_MAX];
uint32_t capids[DETECT_PCRE_CAPTURE_MAX];
int thread_ctx_id;
} DetectPcreData;

/* prototypes */
Expand Down

0 comments on commit c64a1f6

Please sign in to comment.