aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

changes to the dce parser stub data processed var. changed to stub data fresh var to indicate if the stub is fresh or not

Browse Source
remotes/origin/master-1.0.x
Anoop Saldanha 16 years ago committed by Victor Julien
parent 45ea0d914e
commit 015385c6bd
14 changed files with 105 additions and 58 deletions
Show Stats Download Patch File Download Diff File

12
src/app-layer-dcerpc-common.h
Unescape Escape View File

@ -137,10 +137,8 @@ typedef struct DCERPCRequest_ {
uint8_t *stub_data_buffer;
/* length of the above buffer */
uint32_t stub_data_buffer_len;
/* used by the dce preproc to indicate fresh entry in the stub data buffer.
* The dce_stub_data keyword would reset it, once it has processed the
* above buffer */
uint8_t stub_data_processed;
/* used by the dce preproc to indicate fresh entry in the stub data buffer */
uint8_t stub_data_fresh;
} DCERPCRequest;
typedef struct DCERPCResponse_ {
@ -148,10 +146,8 @@ typedef struct DCERPCResponse_ {
uint8_t *stub_data_buffer;
/* length of the above buffer */
uint32_t stub_data_buffer_len;
/* used by the dce preproc to indicate fresh entry in the stub data buffer.
* The dce_stub_data keyword would reset it, once it has processed the
* above buffer */
uint8_t stub_data_processed;
/* used by the dce preproc to indicate fresh entry in the stub data buffer */
uint8_t stub_data_fresh;
} DCERPCResponse;
typedef struct DCERPC_ {

63
src/app-layer-dcerpc.c
Unescape Escape View File

@ -897,20 +897,20 @@ static uint32_t StubDataParser(DCERPC *dcerpc, uint8_t *input, uint32_t input_le
SCEnter();
uint8_t **stub_data_buffer = NULL;
uint32_t *stub_data_buffer_len = NULL;
uint8_t *stub_data_processed = NULL;
uint8_t *stub_data_fresh = NULL;
uint16_t stub_len = 0;
/* request PDU. Retrieve the request stub buffer */
if (dcerpc->dcerpchdr.type == REQUEST) {
stub_data_buffer = &dcerpc->dcerpcrequest.stub_data_buffer;
stub_data_buffer_len = &dcerpc->dcerpcrequest.stub_data_buffer_len;
stub_data_processed = &dcerpc->dcerpcrequest.stub_data_processed;
stub_data_fresh = &dcerpc->dcerpcrequest.stub_data_fresh;
/* response PDU. Retrieve the response stub buffer */
} else {
stub_data_buffer = &dcerpc->dcerpcresponse.stub_data_buffer;
stub_data_buffer_len = &dcerpc->dcerpcresponse.stub_data_buffer_len;
stub_data_processed = &dcerpc->dcerpcresponse.stub_data_processed;
stub_data_fresh = &dcerpc->dcerpcresponse.stub_data_fresh;
}
stub_len = (dcerpc->padleft < input_len) ? dcerpc->padleft : input_len;
@ -929,7 +929,7 @@ static uint32_t StubDataParser(DCERPC *dcerpc, uint8_t *input, uint32_t input_le
}
memcpy(*stub_data_buffer + *stub_data_buffer_len, input, stub_len);
*stub_data_processed = 0;
*stub_data_fresh = 1;
/* length of the buffered stub */
*stub_data_buffer_len += stub_len;
@ -1097,6 +1097,9 @@ int32_t DCERPCParser(DCERPC *dcerpc, uint8_t *input, uint32_t input_len) {
uint32_t parsed = 0;
int hdrretval = 0;
dcerpc->dcerpcrequest.stub_data_fresh = 0;
dcerpc->dcerpcresponse.stub_data_fresh = 0;
while (dcerpc->bytesprocessed < DCERPC_HDR_LEN && input_len) {
hdrretval = DCERPCParseHeader(dcerpc, input, input_len);
if (hdrretval == -1) {
@ -3409,9 +3412,9 @@ int DCERPCParserTest04(void) {
}
result &= ( (dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer == NULL &&
dcerpc_state->dcerpc.dcerpcrequest.stub_data_processed == 0) &&
dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh == 0) &&
(dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer == NULL &&
dcerpc_state->dcerpc.dcerpcresponse.stub_data_processed == 0) );
dcerpc_state->dcerpc.dcerpcresponse.stub_data_fresh == 0) );
if (result == 0)
goto end;
@ -3425,9 +3428,9 @@ int DCERPCParserTest04(void) {
}
result &= ( (dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer == NULL &&
dcerpc_state->dcerpc.dcerpcrequest.stub_data_processed == 0) &&
dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh == 0) &&
(dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer == NULL &&
dcerpc_state->dcerpc.dcerpcresponse.stub_data_processed == 0) );
dcerpc_state->dcerpc.dcerpcresponse.stub_data_fresh == 0) );
if (result == 0)
goto end;
@ -3442,11 +3445,12 @@ int DCERPCParserTest04(void) {
result &= ( (dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer != NULL &&
dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer_len == 1024 &&
dcerpc_state->dcerpc.dcerpcrequest.stub_data_processed == 0) &&
dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh == 1) &&
(dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer == NULL &&
dcerpc_state->dcerpc.dcerpcresponse.stub_data_processed == 0) );
dcerpc_state->dcerpc.dcerpcresponse.stub_data_fresh == 0) );
if (result == 0)
goto end;
dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh = 0;
/* request2 */
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER,
@ -3459,11 +3463,12 @@ int DCERPCParserTest04(void) {
result &= ( (dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer != NULL &&
dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer_len == 2048 &&
dcerpc_state->dcerpc.dcerpcrequest.stub_data_processed == 0) &&
dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh == 1) &&
(dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer == NULL &&
dcerpc_state->dcerpc.dcerpcresponse.stub_data_processed == 0) );
dcerpc_state->dcerpc.dcerpcresponse.stub_data_fresh == 0) );
if (result == 0)
goto end;
dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh = 0;
/* request3 */
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER,
@ -3476,11 +3481,12 @@ int DCERPCParserTest04(void) {
result &= ( (dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer != NULL &&
dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer_len == 3072 &&
dcerpc_state->dcerpc.dcerpcrequest.stub_data_processed == 0) &&
dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh == 1) &&
(dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer == NULL &&
dcerpc_state->dcerpc.dcerpcresponse.stub_data_processed == 0) );
dcerpc_state->dcerpc.dcerpcresponse.stub_data_fresh == 0) );
if (result == 0)
goto end;
dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh = 0;
/* request4 */
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER,
@ -3493,11 +3499,12 @@ int DCERPCParserTest04(void) {
result &= ( (dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer != NULL &&
dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer_len == 4096 &&
dcerpc_state->dcerpc.dcerpcrequest.stub_data_processed == 0) &&
dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh == 1) &&
(dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer == NULL &&
dcerpc_state->dcerpc.dcerpcresponse.stub_data_processed == 0) );
dcerpc_state->dcerpc.dcerpcresponse.stub_data_fresh == 0) );
if (result == 0)
goto end;
dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh = 0;
/* request5 */
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER,
@ -3525,11 +3532,12 @@ int DCERPCParserTest04(void) {
result &= ( (dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer != NULL &&
dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer_len == 6144 &&
dcerpc_state->dcerpc.dcerpcrequest.stub_data_processed == 0) &&
dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh == 1) &&
(dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer == NULL &&
dcerpc_state->dcerpc.dcerpcresponse.stub_data_processed == 0) );
dcerpc_state->dcerpc.dcerpcresponse.stub_data_fresh == 0) );
if (result == 0)
goto end;
dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh = 0;
/* request7 */
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER,
@ -3542,11 +3550,12 @@ int DCERPCParserTest04(void) {
result &= ( (dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer != NULL &&
dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer_len == 7168 &&
dcerpc_state->dcerpc.dcerpcrequest.stub_data_processed == 0) &&
dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh == 1) &&
(dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer == NULL &&
dcerpc_state->dcerpc.dcerpcresponse.stub_data_processed == 0) );
dcerpc_state->dcerpc.dcerpcresponse.stub_data_fresh == 0) );
if (result == 0)
goto end;
dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh = 0;
/* request8 */
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER,
@ -3559,11 +3568,12 @@ int DCERPCParserTest04(void) {
result &= ( (dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer != NULL &&
dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer_len == 8192 &&
dcerpc_state->dcerpc.dcerpcrequest.stub_data_processed == 0) &&
dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh == 1) &&
(dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer == NULL &&
dcerpc_state->dcerpc.dcerpcresponse.stub_data_processed == 0) );
dcerpc_state->dcerpc.dcerpcresponse.stub_data_fresh == 0) );
if (result == 0)
goto end;
dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh = 0;
/* request9 */
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER,
@ -3576,11 +3586,12 @@ int DCERPCParserTest04(void) {
result &= ( (dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer != NULL &&
dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer_len == 8204 &&
dcerpc_state->dcerpc.dcerpcrequest.stub_data_processed == 0) &&
dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh == 1) &&
(dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer == NULL &&
dcerpc_state->dcerpc.dcerpcrequest.stub_data_processed == 0) );
dcerpc_state->dcerpc.dcerpcresponse.stub_data_fresh == 0) );
if (result == 0)
goto end;
dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh = 0;
/* request1 again */
r = AppLayerParse(&f, ALPROTO_DCERPC, STREAM_TOSERVER,
@ -3593,9 +3604,9 @@ int DCERPCParserTest04(void) {
result &= ( (dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer != NULL &&
dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer_len == 1024 &&
dcerpc_state->dcerpc.dcerpcrequest.stub_data_processed == 0) &&
dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh == 1) &&
(dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer == NULL &&
dcerpc_state->dcerpc.dcerpcresponse.stub_data_processed == 0) );
dcerpc_state->dcerpc.dcerpcresponse.stub_data_fresh == 0) );
if (result == 0)
goto end;

6
src/detect-bytejump.c
Unescape Escape View File

@ -819,6 +819,9 @@ int DetectBytejumpTestParse09(void) {
return result;
}
/**
* \test Test dce option.
*/
int DetectBytejumpTestParse10(void)
{
DetectEngineCtx *de_ctx = NULL;
@ -914,6 +917,9 @@ int DetectBytejumpTestParse10(void)
return result;
}
/**
* \test Test dce option.
*/
int DetectBytejumpTestParse11(void)
{
DetectEngineCtx *de_ctx = NULL;

6
src/detect-bytetest.c
Unescape Escape View File

@ -1046,6 +1046,9 @@ int DetectBytetestTestParse19(void) {
return result;
}
/**
* \test Test dce option.
*/
int DetectBytetestTestParse20(void)
{
DetectEngineCtx *de_ctx = NULL;
@ -1141,6 +1144,9 @@ int DetectBytetestTestParse20(void)
return result;
}
/**
* \test Test dce option.
*/
int DetectBytetestTestParse21(void)
{
DetectEngineCtx *de_ctx = NULL;

6
src/detect-content.c
Unescape Escape View File

@ -1073,6 +1073,9 @@ end:
return result;
}
/**
* \test Test content for dce sig.
*/
int DetectContentParseTest18(void)
{
Signature *s = SigAlloc();
@ -1103,6 +1106,9 @@ int DetectContentParseTest18(void)
return result;
}
/**
* \test Test content for dce sig.
*/
int DetectContentParseTest19(void)
{
DetectEngineCtx *de_ctx = NULL;

6
src/detect-dce-stub-data.c
Unescape Escape View File

@ -95,18 +95,16 @@ int DetectDceStubDataMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *
if (flags & STREAM_TOSERVER) {
if (dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer == NULL ||
dcerpc_state->dcerpc.dcerpcrequest.stub_data_processed == 1) {
dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh == 0) {
return 0;
}
//dcerpc_state->dcerpc.dcerpcrequest.stub_data_processed = 1;
det_ctx->dce_stub_data = dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer;
det_ctx->dce_stub_data_len = dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer_len;
} else {
if (dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer == NULL ||
dcerpc_state->dcerpc.dcerpcresponse.stub_data_processed == 1) {
dcerpc_state->dcerpc.dcerpcresponse.stub_data_fresh == 0) {
return 0;
}
//dcerpc_state->dcerpc.dcerpcresponse.stub_data_processed = 1;
det_ctx->dce_stub_data = dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer;
det_ctx->dce_stub_data_len = dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer_len;
}

2
src/detect-distance.c
Unescape Escape View File

@ -175,7 +175,7 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s,
}
cd->flags |= DETECT_CONTENT_RELATIVE_NEXT;
} else if ( (pm = SigMatchGetLastSM(match_tail->prev, DETECT_BYTEJUMP)) != NULL) {
} else if ( (pm = SigMatchGetLastSM(match_tail, DETECT_BYTEJUMP)) != NULL) {
DetectBytejumpData *data = NULL;
data = (DetectBytejumpData *) pm->ctx;
if (data == NULL) {

17
src/detect-engine-dcepayload.c
Unescape Escape View File

@ -44,6 +44,7 @@
#include "app-layer.h"
#include "app-layer-dcerpc.h"
#include "decode-tcp.h"
#include "flow-util.h"
#include "util-debug.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
@ -357,14 +358,14 @@ int DetectEngineInspectDcePayload(DetectEngineCtx *de_ctx,
* match function. Instead we will retrieve it directly from the app layer. */
if (flags & STREAM_TOSERVER) {
if (dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer == NULL ||
dcerpc_state->dcerpc.dcerpcrequest.stub_data_processed == 1) {
dcerpc_state->dcerpc.dcerpcrequest.stub_data_fresh == 0) {
SCReturnInt(0);
}
dce_stub_data = dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer;
dce_stub_data_len = dcerpc_state->dcerpc.dcerpcrequest.stub_data_buffer_len;
} else {
if (dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer == NULL ||
dcerpc_state->dcerpc.dcerpcresponse.stub_data_processed == 1) {
dcerpc_state->dcerpc.dcerpcresponse.stub_data_fresh == 0) {
SCReturnInt(0);
}
dce_stub_data = dcerpc_state->dcerpc.dcerpcresponse.stub_data_buffer;
@ -1551,6 +1552,7 @@ int DcePayloadTest01(void)
}
p[1].flowflags |= FLOW_PKT_TOCLIENT;
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
f.src.family = AF_INET;
f.dst.family = AF_INET;
@ -2401,6 +2403,7 @@ int DcePayloadTest02(void)
}
p[1].flowflags |= FLOW_PKT_TOCLIENT;
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
f.src.family = AF_INET;
f.dst.family = AF_INET;
@ -2837,6 +2840,7 @@ int DcePayloadTest03(void)
}
p[1].flowflags |= FLOW_PKT_TOCLIENT;
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
f.src.family = AF_INET;
f.dst.family = AF_INET;
@ -3273,6 +3277,7 @@ int DcePayloadTest04(void)
}
p[1].flowflags |= FLOW_PKT_TOCLIENT;
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
f.src.family = AF_INET;
f.dst.family = AF_INET;
@ -3708,6 +3713,7 @@ int DcePayloadTest05(void)
}
p[1].flowflags |= FLOW_PKT_TOCLIENT;
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
f.src.family = AF_INET;
f.dst.family = AF_INET;
@ -4144,6 +4150,7 @@ int DcePayloadTest06(void)
}
p[1].flowflags |= FLOW_PKT_TOCLIENT;
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
f.src.family = AF_INET;
f.dst.family = AF_INET;
@ -4579,6 +4586,7 @@ int DcePayloadTest07(void)
}
p[1].flowflags |= FLOW_PKT_TOCLIENT;
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
f.src.family = AF_INET;
f.dst.family = AF_INET;
@ -4851,6 +4859,7 @@ int DcePayloadTest08(void)
p[i].flowflags |= FLOW_PKT_TOSERVER;
}
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
f.src.family = AF_INET;
f.dst.family = AF_INET;
@ -5063,6 +5072,7 @@ int DcePayloadTest09(void)
p[i].flowflags |= FLOW_PKT_TOSERVER;
}
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
f.src.family = AF_INET;
f.dst.family = AF_INET;
@ -5275,6 +5285,7 @@ int DcePayloadTest10(void)
p[i].flowflags |= FLOW_PKT_TOSERVER;
}
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
f.src.family = AF_INET;
f.dst.family = AF_INET;
@ -5622,6 +5633,7 @@ int DcePayloadTest11(void)
p[i].flowflags |= FLOW_PKT_TOSERVER;
}
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
f.src.family = AF_INET;
f.dst.family = AF_INET;
@ -5983,6 +5995,7 @@ int DcePayloadTest12(void)
p[i].flowflags |= FLOW_PKT_TOSERVER;
}
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
f.src.family = AF_INET;
f.dst.family = AF_INET;

6
src/detect-isdataat.c
Unescape Escape View File

@ -390,6 +390,9 @@ int DetectIsdataatTestParse03 (void) {
return result;
}
/**
* \test Test isdataat option for dce sig.
*/
int DetectIsdataatTestParse04(void)
{
Signature *s = SigAlloc();
@ -407,6 +410,9 @@ int DetectIsdataatTestParse04(void)
return result;
}
/**
* \test Test isdataat option for dce sig.
*/
int DetectIsdataatTestParse05(void)
{
DetectEngineCtx *de_ctx = NULL;

6
src/detect-pcre.c
Unescape Escape View File

@ -1035,6 +1035,9 @@ static int DetectPcreParseTest09 (void) {
return result;
}
/**
* \test Test pcre option for dce sig(yeah I'm bored of writing test titles).
*/
int DetectPcreParseTest10(void)
{
Signature *s = SigAlloc();
@ -1065,6 +1068,9 @@ int DetectPcreParseTest10(void)
return result;
}
/**
* \test Test pcre option for dce sig.
*/
int DetectPcreParseTest11(void)
{
DetectEngineCtx *de_ctx = NULL;

3
src/detect-uricontent.c
Unescape Escape View File

@ -332,6 +332,7 @@ int DetectUricontentSetup (DetectEngineCtx *de_ctx, Signature *s, char *contents
{
SCEnter();
DetectUricontentData *cd = NULL;
SigMatch *sm = NULL;
if (s->alproto == ALPROTO_DCERPC) {
@ -339,7 +340,7 @@ int DetectUricontentSetup (DetectEngineCtx *de_ctx, Signature *s, char *contents
goto error;
}
DetectUricontentData *cd = DoDetectUricontentSetup(contentstr);
cd = DoDetectUricontentSetup(contentstr);
if (cd == NULL)
goto error;

6
src/detect-within.c
Unescape Escape View File

@ -197,7 +197,7 @@ static int DetectWithinSetup (DetectEngineCtx *de_ctx, Signature *s, char *withi
}
cd->flags |= DETECT_CONTENT_RELATIVE_NEXT;
} else if ( (pm = SigMatchGetLastSM(match_tail->prev, DETECT_PCRE)) != NULL) {
} else if ( (pm = SigMatchGetLastSM(match_tail, DETECT_PCRE)) != NULL) {
DetectPcreData *pe = NULL;
pe = (DetectPcreData *) pm->ctx;
if (pe == NULL) {
@ -206,7 +206,7 @@ static int DetectWithinSetup (DetectEngineCtx *de_ctx, Signature *s, char *withi
}
pe->flags |= DETECT_PCRE_RELATIVE;
} else if ( (pm = SigMatchGetLastSM(match_tail->prev, DETECT_BYTEJUMP)) != NULL) {
} else if ( (pm = SigMatchGetLastSM(match_tail, DETECT_BYTEJUMP)) != NULL) {
DetectBytejumpData *data = NULL;
data = (DetectBytejumpData *) pm->ctx;
if (data == NULL) {
@ -303,4 +303,4 @@ void DetectWithinRegisterTests(void) {
UtRegisterTest("DetectWithinTestPacket01", DetectWithinTestPacket01, 1);
UtRegisterTest("DetectWithinTestPacket02", DetectWithinTestPacket02, 1);
#endif /* UNITTESTS */
}
}

12
src/stream-tcp.c
Unescape Escape View File

@ -55,6 +55,16 @@
//#define DEBUG
typedef struct StreamTcpThread_ {
uint64_t pkts;
uint16_t counter_tcp_sessions;
/** sessions not picked up because memcap was reached */
uint16_t counter_tcp_ssn_memcap;
TcpReassemblyThreadCtx *ra_ctx; /**< tcp reassembly thread data */
} StreamTcpThread;
TmEcode StreamTcp (ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *);
TmEcode StreamTcpThreadInit(ThreadVars *, void *, void **);
TmEcode StreamTcpThreadDeinit(ThreadVars *, void *);
@ -2510,7 +2520,7 @@ static int StreamTcpPacketStateTimeWait(ThreadVars *tv, Packet *p,
}
/* flow is and stays locked */
int StreamTcpPacket (ThreadVars *tv, Packet *p, StreamTcpThread *stt)
static int StreamTcpPacket (ThreadVars *tv, Packet *p, StreamTcpThread *stt)
{
SCEnter();
TcpSession *ssn = (TcpSession *)p->flow->protoctx;

12
src/stream-tcp.h
Unescape Escape View File

@ -44,16 +44,6 @@ typedef struct TcpStreamCnf_ {
int async_oneside;
} TcpStreamCnf;
typedef struct StreamTcpThread_ {
uint64_t pkts;
uint16_t counter_tcp_sessions;
/** sessions not picked up because memcap was reached */
uint16_t counter_tcp_ssn_memcap;
TcpReassemblyThreadCtx *ra_ctx; /**< tcp reassembly thread data */
} StreamTcpThread;
TcpStreamCnf stream_config;
void TmModuleStreamTcpRegister (void);
void StreamTcpInitConfig (char);
@ -64,7 +54,5 @@ void StreamTcpIncrMemuse(uint32_t);
void StreamTcpDecrMemuse(uint32_t);
int StreamTcpCheckMemcap(uint32_t);
int StreamTcpPacket (ThreadVars *, Packet *, StreamTcpThread *);
#endif /* __STREAM_TCP_H__ */

Write Preview
Loading…
Cancel
Save