aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix issue 131.

Browse Source 
Flow-timeouts likely don't need to be a sequence, but rather mappings.  We'd only need a sequence if you wanted to list something like "tcp" twice which I don't think makes sense for configuration section.

Also fixup flow.c to not attempt to use the sequence, and put the timeouts into their correct place.
remotes/origin/master-1.0.x
Jason Ish 15 years ago committed by Victor Julien
parent a152623e11
commit 00974d157b
2 changed files with 130 additions and 136 deletions
Show Stats Download Patch File Download Diff File

218
src/flow.c
Unescape Escape View File

@ -824,159 +824,153 @@ void FlowInitFlowProto(void) {
ConfNode *proto = NULL; ConfNode *proto = NULL;
uint32_t configval = 0; uint32_t configval = 0;
TAILQ_FOREACH(proto, &flow_timeouts->head, next) { /* Defaults. */
if (strncmp("default", proto->val, 7)) { proto = ConfNodeLookupChild(flow_timeouts, "default");
new = ConfNodeLookupChildValue(proto->head.tqh_first, "new"); if (proto != NULL) {
established = ConfNodeLookupChildValue(proto->head.tqh_first, new = ConfNodeLookupChildValue(proto, "new");
"established"); established = ConfNodeLookupChildValue(proto, "established");
closed = ConfNodeLookupChildValue(proto->head.tqh_first, closed = ConfNodeLookupChildValue(proto, "closed");
"closed"); emergency_new = ConfNodeLookupChildValue(proto, "emergency_new");
emergency_new = ConfNodeLookupChildValue(proto->head.tqh_first, emergency_established = ConfNodeLookupChildValue(proto,
"emergency_new"); "emergency_established");
emergency_established = ConfNodeLookupChildValue( emergency_closed = ConfNodeLookupChildValue(proto,
proto->head.tqh_first, "emergency_closed");
"emergency_established");
emergency_closed = ConfNodeLookupChildValue( if (new != NULL && ByteExtractStringUint32(&configval, 10,
proto->head.tqh_first, strlen(new), new) > 0) {
"emergency_closed");
if (new != NULL && ByteExtractStringUint32(&configval, 10,
strlen(new), new) > 0) {
flow_proto[FLOW_PROTO_DEFAULT].new_timeout = configval; flow_proto[FLOW_PROTO_DEFAULT].new_timeout = configval;
} }
if (established != NULL && ByteExtractStringUint32(&configval, if (established != NULL && ByteExtractStringUint32(&configval,
10, strlen(established), established) > 0) { 10, strlen(established), established) > 0) {
flow_proto[FLOW_PROTO_DEFAULT].est_timeout = configval; flow_proto[FLOW_PROTO_DEFAULT].est_timeout = configval;
} }
if (closed != NULL && ByteExtractStringUint32(&configval, 10, if (closed != NULL && ByteExtractStringUint32(&configval, 10,
strlen(closed), closed) > 0) { strlen(closed), closed) > 0) {
flow_proto[FLOW_PROTO_DEFAULT].closed_timeout = configval; flow_proto[FLOW_PROTO_DEFAULT].closed_timeout = configval;
} }
if (emergency_new != NULL && ByteExtractStringUint32(&configval, if (emergency_new != NULL && ByteExtractStringUint32(&configval,
10, strlen(emergency_new), emergency_new) > 0) { 10, strlen(emergency_new), emergency_new) > 0) {
flow_proto[FLOW_PROTO_DEFAULT].emerg_new_timeout = configval; flow_proto[FLOW_PROTO_DEFAULT].emerg_new_timeout = configval;
} }
if (emergency_established != NULL && if (emergency_established != NULL &&
ByteExtractStringUint32(&configval, 10, ByteExtractStringUint32(&configval, 10,
strlen(emergency_established), emergency_established) > 0) { strlen(emergency_established), emergency_established) > 0) {
flow_proto[FLOW_PROTO_DEFAULT].emerg_est_timeout= configval; flow_proto[FLOW_PROTO_DEFAULT].emerg_est_timeout= configval;
} }
if (emergency_closed != NULL && if (emergency_closed != NULL &&
ByteExtractStringUint32(&configval, 10, ByteExtractStringUint32(&configval, 10,
strlen(emergency_closed), emergency_closed) > 0) { strlen(emergency_closed), emergency_closed) > 0) {
flow_proto[FLOW_PROTO_DEFAULT].emerg_closed_timeout = configval; flow_proto[FLOW_PROTO_DEFAULT].emerg_closed_timeout = configval;
} }
} else if (strncmp("tcp", proto->val, 3)) { }
new = ConfNodeLookupChildValue(proto->head.tqh_first, "new"); /* TCP. */
proto = ConfNodeLookupChild(flow_timeouts, "tcp");
established = ConfNodeLookupChildValue(proto->head.tqh_first, if (proto != NULL) {
"established"); new = ConfNodeLookupChildValue(proto, "new");
closed = ConfNodeLookupChildValue(proto->head.tqh_first, established = ConfNodeLookupChildValue(proto, "established");
"closed"); closed = ConfNodeLookupChildValue(proto, "closed");
emergency_new = ConfNodeLookupChildValue(proto->head.tqh_first, emergency_new = ConfNodeLookupChildValue(proto, "emergency_new");
"emergency_new"); emergency_established = ConfNodeLookupChildValue(proto,
emergency_established = ConfNodeLookupChildValue( "emergency_established");
proto->head.tqh_first, "emergency_established"); emergency_closed = ConfNodeLookupChildValue(proto,
emergency_closed = ConfNodeLookupChildValue( "emergency_closed");
proto->head.tqh_first, "emergency_closed");
if (new != NULL && ByteExtractStringUint32(&configval, 10,
if (new != NULL && ByteExtractStringUint32(&configval, 10,
strlen(new), new) > 0) { strlen(new), new) > 0) {
flow_proto[FLOW_PROTO_TCP].new_timeout = configval; flow_proto[FLOW_PROTO_TCP].new_timeout = configval;
} }
if (established != NULL && ByteExtractStringUint32(&configval, if (established != NULL && ByteExtractStringUint32(&configval,
10, strlen(established), established) > 0) { 10, strlen(established), established) > 0) {
flow_proto[FLOW_PROTO_TCP].est_timeout = configval; flow_proto[FLOW_PROTO_TCP].est_timeout = configval;
} }
if (closed != NULL && ByteExtractStringUint32(&configval, 10, if (closed != NULL && ByteExtractStringUint32(&configval, 10,
strlen(closed), closed) > 0) { strlen(closed), closed) > 0) {
flow_proto[FLOW_PROTO_TCP].closed_timeout = configval; flow_proto[FLOW_PROTO_TCP].closed_timeout = configval;
} }
if (emergency_new != NULL && ByteExtractStringUint32(&configval, if (emergency_new != NULL && ByteExtractStringUint32(&configval,
10, strlen(emergency_new), emergency_new) > 0) { 10, strlen(emergency_new), emergency_new) > 0) {
flow_proto[FLOW_PROTO_TCP].emerg_new_timeout = configval; flow_proto[FLOW_PROTO_TCP].emerg_new_timeout = configval;
} }
if (emergency_established != NULL && if (emergency_established != NULL &&
ByteExtractStringUint32(&configval, 10, ByteExtractStringUint32(&configval, 10,
strlen(emergency_established), emergency_established) > 0) { strlen(emergency_established), emergency_established) > 0) {
flow_proto[FLOW_PROTO_TCP].emerg_est_timeout = configval; flow_proto[FLOW_PROTO_TCP].emerg_est_timeout = configval;
} }
if (emergency_closed != NULL && if (emergency_closed != NULL &&
ByteExtractStringUint32(&configval, 10, ByteExtractStringUint32(&configval, 10,
strlen(emergency_closed), emergency_closed) > 0) { strlen(emergency_closed), emergency_closed) > 0) {
flow_proto[FLOW_PROTO_TCP].emerg_closed_timeout = configval; flow_proto[FLOW_PROTO_TCP].emerg_closed_timeout = configval;
} }
} else if (strncmp("udp", proto->val, 3)) { }
new = ConfNodeLookupChildValue(proto->head.tqh_first, "new"); /* UDP. */
established = ConfNodeLookupChildValue(proto->head.tqh_first, proto = ConfNodeLookupChild(flow_timeouts, "udp");
"established"); if (proto != NULL) {
emergency_new = ConfNodeLookupChildValue(proto->head.tqh_first, new = ConfNodeLookupChildValue(proto, "new");
"emergency_new"); established = ConfNodeLookupChildValue(proto, "established");
emergency_established = ConfNodeLookupChildValue( emergency_new = ConfNodeLookupChildValue(proto, "emergency_new");
proto->head.tqh_first, "emergency_established"); emergency_established = ConfNodeLookupChildValue(proto,
if (new != NULL && ByteExtractStringUint32(&configval, 10, "emergency_established");
if (new != NULL && ByteExtractStringUint32(&configval, 10,
strlen(new), new) > 0) { strlen(new), new) > 0) {
flow_proto[FLOW_PROTO_TCP].new_timeout = configval; flow_proto[FLOW_PROTO_UDP].new_timeout = configval;
} }
if (established != NULL && ByteExtractStringUint32(&configval, if (established != NULL && ByteExtractStringUint32(&configval,
10, strlen(established), established) > 0) { 10, strlen(established), established) > 0) {
flow_proto[FLOW_PROTO_TCP].est_timeout = configval; flow_proto[FLOW_PROTO_UDP].est_timeout = configval;
} }
if (emergency_new != NULL && ByteExtractStringUint32(&configval, if (emergency_new != NULL && ByteExtractStringUint32(&configval,
10, strlen(emergency_new), emergency_new) > 0) { 10, strlen(emergency_new), emergency_new) > 0) {
flow_proto[FLOW_PROTO_TCP].emerg_new_timeout = configval; flow_proto[FLOW_PROTO_UDP].emerg_new_timeout = configval;
} }
if (emergency_established != NULL && if (emergency_established != NULL &&
ByteExtractStringUint32(&configval, 10, ByteExtractStringUint32(&configval, 10,
strlen(emergency_established), emergency_established) > 0) { strlen(emergency_established), emergency_established) > 0) {
flow_proto[FLOW_PROTO_TCP].emerg_est_timeout = configval; flow_proto[FLOW_PROTO_UDP].emerg_est_timeout = configval;
} }
} else if (strncmp("icmp", proto->val, 4)) { }
new = ConfNodeLookupChildValue(proto->head.tqh_first, "new");
established = ConfNodeLookupChildValue(proto->head.tqh_first, /* ICMP. */
"established"); proto = ConfNodeLookupChild(flow_timeouts, "icmp");
emergency_new = ConfNodeLookupChildValue(proto->head.tqh_first, if (proto != NULL) {
"emergency_new"); new = ConfNodeLookupChildValue(proto, "new");
emergency_established = ConfNodeLookupChildValue( established = ConfNodeLookupChildValue(proto, "established");
proto->head.tqh_first, "emergency_established"); emergency_new = ConfNodeLookupChildValue(proto, "emergency_new");
emergency_established = ConfNodeLookupChildValue(proto,
if (new != NULL && ByteExtractStringUint32(&configval, 10, "emergency_established");
if (new != NULL && ByteExtractStringUint32(&configval, 10,
strlen(new), new) > 0) { strlen(new), new) > 0) {
flow_proto[FLOW_PROTO_TCP].new_timeout = configval; flow_proto[FLOW_PROTO_ICMP].new_timeout = configval;
} }
if (established != NULL && ByteExtractStringUint32(&configval, if (established != NULL && ByteExtractStringUint32(&configval,
10, strlen(established), established) > 0) { 10, strlen(established), established) > 0) {
flow_proto[FLOW_PROTO_TCP].est_timeout = configval; flow_proto[FLOW_PROTO_ICMP].est_timeout = configval;
} }
if (emergency_new != NULL && ByteExtractStringUint32(&configval, if (emergency_new != NULL && ByteExtractStringUint32(&configval,
10, strlen(emergency_new), emergency_new) > 0) { 10, strlen(emergency_new), emergency_new) > 0) {
flow_proto[FLOW_PROTO_TCP].emerg_new_timeout = configval; flow_proto[FLOW_PROTO_ICMP].emerg_new_timeout = configval;
} }
if (emergency_established != NULL && if (emergency_established != NULL &&
ByteExtractStringUint32(&configval, 10, ByteExtractStringUint32(&configval, 10,
strlen(emergency_established), emergency_established) > 0) { strlen(emergency_established), emergency_established) > 0) {
flow_proto[FLOW_PROTO_TCP].emerg_est_timeout = configval; flow_proto[FLOW_PROTO_ICMP].emerg_est_timeout = configval;
}
} else {
SCLogError(SC_ERR_UNKNOWN_PROTOCOL, "Unknown protocol for flow"
"timeouts. Please, review your config");
} }
} }
} }

48
suricata.yaml
Unescape Escape View File

@ -150,30 +150,30 @@ flow:
flow-timeouts: flow-timeouts:
- default: default:
new: 30 new: 30
established: 300 established: 300
closed: 0 closed: 0
emergency_new: 10 emergency_new: 10
emergency_established: 100 emergency_established: 100
emergency_closed: 0 emergency_closed: 0
- tcp: tcp:
new: 60 new: 60
established: 3600 established: 3600
closed: 120 closed: 120
emergency_new: 10 emergency_new: 10
emergency_established: 300 emergency_established: 300
emergency_closed: 20 emergency_closed: 20
- udp: udp:
new: 30 new: 30
established: 300 established: 300
emergency_new: 10 emergency_new: 10
emergency_established: 100 emergency_established: 100
- icmp: icmp:
new: 30 new: 30
established: 300 established: 300
emergency_new: 10 emergency_new: 10
emergency_established: 100 emergency_established: 100
# Stream engine settings. # Stream engine settings.
# stream: # stream:

Write Preview
Loading…
Cancel
Save