aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

unifying content structure - http_cookie now uses DetectContentData

Browse Source
remotes/origin/master-1.1.x
Anoop Saldanha 14 years ago committed by Victor Julien
parent f05b0f4e1e
commit 041f5b1a4f
3 changed files with 22 additions and 36 deletions
Show Stats Download Patch File Download Diff File

34
src/detect-http-cookie.c
Unescape Escape View File

@ -101,7 +101,7 @@ int DetectHttpCookieMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
SCMutexLock(&f->m);
SCLogDebug("got lock %p", &f->m);
DetectHttpCookieData *co = (DetectHttpCookieData *)sm->ctx;
DetectContentData *co = (DetectContentData *)sm->ctx;
HtpState *htp_state = (HtpState *)state;
if (htp_state == NULL) {
@ -142,7 +142,7 @@ int DetectHttpCookieMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
SCLogDebug("we have a cookie header");
/* call the case insensitive version if nocase has been specified in the sig */
if (co->flags & DETECT_AL_HTTP_COOKIE_NOCASE) {
if (co->flags & DETECT_CONTENT_NOCASE) {
if (SpmNocaseSearch((uint8_t *) bstr_ptr(h->value), bstr_size(h->value),
co->content, co->content_len) != NULL) {
SCLogDebug("match has been found in received request and given http_"
@ -160,7 +160,7 @@ int DetectHttpCookieMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
}
SCMutexUnlock(&f->m);
return ret ^ ((co->flags & DETECT_AL_HTTP_COOKIE_NEGATED) ? 1 : 0);
return ret ^ ((co->flags & DETECT_CONTENT_NEGATED) ? 1 : 0);
end:
SCMutexUnlock(&f->m);
@ -175,7 +175,7 @@ end:
*/
void DetectHttpCookieFree(void *ptr)
{
DetectHttpCookieData *hcd = (DetectHttpCookieData *)ptr;
DetectContentData *hcd = (DetectContentData *)ptr;
if (hcd == NULL)
return;
if (hcd->content != NULL)
@ -196,7 +196,7 @@ void DetectHttpCookieFree(void *ptr)
static int DetectHttpCookieSetup (DetectEngineCtx *de_ctx, Signature *s, char *str)
{
DetectHttpCookieData *hd = NULL;
DetectContentData *hd = NULL;
SigMatch *sm = NULL;
/** new sig match to replace previous content */
@ -243,17 +243,17 @@ static int DetectHttpCookieSetup (DetectEngineCtx *de_ctx, Signature *s, char *s
}
/* Setup the HttpCookie data from Content data structure */
hd = SCMalloc(sizeof(DetectHttpCookieData));
hd = SCMalloc(sizeof(DetectContentData));
if (hd == NULL)
goto error;
memset(hd, 0, sizeof(DetectHttpCookieData));
memset(hd, 0, sizeof(DetectContentData));
hd->content_len = ((DetectContentData *)pm->ctx)->content_len;
hd->content = ((DetectContentData *)pm->ctx)->content;
hd->flags |= (((DetectContentData *)pm->ctx)->flags & DETECT_CONTENT_NOCASE) ?
DETECT_AL_HTTP_COOKIE_NOCASE : 0;
DETECT_CONTENT_NOCASE : 0;
hd->flags |= (((DetectContentData *)pm->ctx)->flags & DETECT_CONTENT_NEGATED) ?
DETECT_AL_HTTP_COOKIE_NEGATED : 0;
DETECT_CONTENT_NEGATED : 0;
hd->id = DetectPatternGetId(de_ctx->mpm_pattern_id_store, hd, DETECT_AL_HTTP_COOKIE);
nm->type = DETECT_AL_HTTP_COOKIE;
//hd->id = ((DetectContentData *)pm->ctx)->id;
@ -506,7 +506,7 @@ int DetectHttpCookieTest07(void)
}
DetectContentData *cd = de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
DetectHttpCookieData *hcd = de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_AMATCH]->ctx;
DetectContentData *hcd = de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_AMATCH]->ctx;
if (cd->id == hcd->id)
goto end;
@ -545,7 +545,7 @@ int DetectHttpCookieTest08(void)
}
DetectContentData *cd = de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
DetectHttpCookieData *hcd = de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_AMATCH]->ctx;
DetectContentData *hcd = de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_AMATCH]->ctx;
if (cd->id == hcd->id)
goto end;
@ -584,7 +584,7 @@ int DetectHttpCookieTest09(void)
}
DetectContentData *cd = de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
DetectHttpCookieData *hcd = de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_AMATCH]->ctx;
DetectContentData *hcd = de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_AMATCH]->ctx;
if (cd->id != 0 || hcd->id != 1)
goto end;
@ -623,7 +623,7 @@ int DetectHttpCookieTest10(void)
}
DetectContentData *cd = de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
DetectHttpCookieData *hcd = de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_AMATCH]->ctx;
DetectContentData *hcd = de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_AMATCH]->ctx;
if (cd->id != 1 || hcd->id != 0)
goto end;
@ -663,8 +663,8 @@ int DetectHttpCookieTest11(void)
}
DetectContentData *cd = de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
DetectHttpCookieData *hcd1 = de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_AMATCH]->ctx;
DetectHttpCookieData *hcd2 = de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_AMATCH]->prev->ctx;
DetectContentData *hcd1 = de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_AMATCH]->ctx;
DetectContentData *hcd2 = de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_AMATCH]->prev->ctx;
if (cd->id != 1 || hcd1->id != 0 || hcd2->id != 0)
goto end;
@ -704,8 +704,8 @@ int DetectHttpCookieTest12(void)
}
DetectContentData *cd = de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
DetectHttpCookieData *hcd1 = de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_AMATCH]->ctx;
DetectHttpCookieData *hcd2 = de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_AMATCH]->prev->ctx;
DetectContentData *hcd1 = de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_AMATCH]->ctx;
DetectContentData *hcd2 = de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_AMATCH]->prev->ctx;
if (cd->id != 2 || hcd1->id != 0 || hcd2->id != 0)
goto end;

18
src/detect-http-cookie.h
Unescape Escape View File

@ -24,24 +24,10 @@
#ifndef _DETECT_HTTP_COOKIE_H
#define _DETECT_HTTP_COOKIE_H
#define DETECT_AL_HTTP_COOKIE_NOCASE 0x01
#define DETECT_AL_HTTP_COOKIE_NEGATED 0x02
typedef struct DetectHttpCookieData_ {
/* please keep the order of the first 2 members intact, since we use the
* same template obtained from DetectContentData to access these members
* for pattern id retrieval from DetectPatternGetId() */
uint8_t *content;
uint8_t content_len;
PatIntId id;
uint8_t flags;
} DetectHttpCookieData;
/* prototypes */
void DetectHttpCookieRegister (void);
int DetectHttpCookieDoMatch(DetectEngineThreadCtx *det_ctx, Signature *s,
SigMatch *sm, Flow *f, uint8_t flags, void *state);
int DetectHttpCookieDoMatch(DetectEngineThreadCtx *, Signature *, SigMatch *,
Flow *, uint8_t, void *);
#endif /* _DETECT_HTTP_COOKIE_H */

6
src/detect-nocase.c
Unescape Escape View File

@ -190,7 +190,7 @@ static int DetectNocaseSetup (DetectEngineCtx *de_ctx, Signature *s, char *nulls
DetectContentData *ud = NULL;
DetectContentData *cd = NULL;
DetectContentData *dhcb = NULL;
DetectHttpCookieData *dhcd = NULL;
DetectContentData *dhcd = NULL;
DetectHttpHeaderData *dhhd = NULL;
DetectHttpMethodData *dhmd = NULL;
@ -231,8 +231,8 @@ static int DetectNocaseSetup (DetectEngineCtx *de_ctx, Signature *s, char *nulls
dhmd->flags |= DETECT_AL_HTTP_METHOD_NOCASE;
break;
case DETECT_AL_HTTP_COOKIE:
dhcd = (DetectHttpCookieData *) pm->ctx;
dhcd->flags |= DETECT_AL_HTTP_COOKIE_NOCASE;
dhcd = (DetectContentData *) pm->ctx;
dhcd->flags |= DETECT_CONTENT_NOCASE;
break;
/* should never happen */
default:

Write Preview
Loading…
Cancel
Save