aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Some refactoring of the code, error handling done

Browse Source
remotes/origin/master-1.0.x
Anoop Saldanha 16 years ago committed by Victor Julien
parent e2fc2545f2
commit 0815ed7c9e
6 changed files with 121 additions and 92 deletions
Show Stats Download Patch File Download Diff File

5
src/detect-engine-iponly.c
Unescape Escape View File

@ -216,7 +216,10 @@ void IPOnlyInit(DetectEngineCtx *de_ctx, DetectEngineIPOnlyCtx *io_ctx) {
io_ctx->ht24_dst = HashListTableInit(65536, IPOnlyHashFunc24, IPOnlyCompareFunc, NULL);
*/
io_ctx->sig_init_size = DetectEngineGetMaxSigId(de_ctx) / 8 + 1;
io_ctx->sig_init_array = malloc(io_ctx->sig_init_size);
if ( (io_ctx->sig_init_array = malloc(io_ctx->sig_init_size)) == NULL) {
SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory");
exit(EXIT_FAILURE);
}
memset(io_ctx->sig_init_array, 0, io_ctx->sig_init_size);
}

39
src/detect-engine-port.c
Unescape Escape View File

@ -842,8 +842,7 @@ static int DetectPortParseInsertString(DetectPort **head, char *s) {
goto error;
}
/* handle the not case, we apply the negation
* then insert the part(s) */
/* handle the not case, we apply the negation then insert the part(s) */
if (ad->flags & PORT_FLAG_NOT) {
DetectPort *ad2 = NULL;
@ -851,15 +850,15 @@ static int DetectPortParseInsertString(DetectPort **head, char *s) {
goto error;
}
/* normally a 'not' will result in two ad's
* unless the 'not' is on the start or end
* of the address space (e.g. 0.0.0.0 or
* 255.255.255.255). */
/* normally a 'not' will result in two ad's unless the 'not' is on the
* start or end of the address space(e.g. 0.0.0.0 or 255.255.255.255) */
if (ad2 != NULL) {
if (DetectPortParseInsert(head, ad2) < 0)
if (DetectPortParseInsert(head, ad2) < 0) {
if (ad2 != NULL) free(ad2);
goto error;
}
}
}
r = DetectPortParseInsert(head, ad);
if (r < 0)
@ -879,12 +878,13 @@ static int DetectPortParseInsertString(DetectPort **head, char *s) {
error:
printf("DetectPortParseInsertString error\n");
/* XXX cleanup */
if (ad != NULL) free(ad);
return -1;
}
/* XXX error handling */
static int DetectPortParseDo(DetectPort **head, DetectPort **nhead, char *s,int negate) {
static int DetectPortParseDo(DetectPort **head, DetectPort **nhead, char *s,
int negate) {
int i, x;
int o_set = 0, n_set = 0;
int range = 0;
@ -898,9 +898,8 @@ static int DetectPortParseDo(DetectPort **head, DetectPort **nhead, char *s,int
address[x] = s[i];
x++;
if (s[i] == ':') {
if (s[i] == ':')
range = 1;
}
if (range == 1 && s[i] == '!') {
printf("Can't have a negated value in a range.\n");
@ -917,7 +916,7 @@ static int DetectPortParseDo(DetectPort **head, DetectPort **nhead, char *s,int
} else if (s[i] == ']') {
if (depth == 1) {
address[x - 1] = '\0';
SCLogDebug("%s", address);
SCLogDebug("Parsed port from DetectPortParseDo - %s", address);
x = 0;
DetectPortParseDo(head, nhead, address, negate? negate: n_set);
@ -930,7 +929,7 @@ static int DetectPortParseDo(DetectPort **head, DetectPort **nhead, char *s,int
o_set = 0;
} else {
address[x - 1] = '\0';
SCLogDebug("%s", address);
SCLogDebug("Parsed port from DetectPortParseDo - %s", address);
if (negate == 0 && n_set == 0) {
DetectPortParseInsertString(head, address);
@ -1084,26 +1083,25 @@ error:
int DetectPortParse(DetectPort **head, char *str) {
int r;
SCLogDebug("str %s", str);
SCLogDebug("Port string to be parsed - str %s", str);
/* negate port list */
DetectPort *nhead = NULL;
r = DetectPortParseDo(head, &nhead, str,/* start with negate no */0);
if (r < 0) {
if (r < 0)
goto error;
}
SCLogDebug("head %p %p, nhead %p", head, *head, nhead);
/* merge the 'not' address groups */
if (DetectPortParseMergeNotPorts(head,&nhead) < 0) {
if (DetectPortParseMergeNotPorts(head, &nhead) < 0)
goto error;
}
/* free the temp negate head */
DetectPortFree(nhead);
return 0;
error:
DetectPortFree(nhead);
return -1;
@ -1131,7 +1129,7 @@ DetectPort *PortParse(char *str) {
/* see if the address is an ipv4 or ipv6 address */
if ((port2 = strchr(port, ':')) != NULL) {
/* 80:81 range format */
port[port2 - port] = '\0';
port2[0] = '\0';
port2++;
if(DetectPortIsValidRange(port))
@ -1148,10 +1146,9 @@ DetectPort *PortParse(char *str) {
dp->port2 = 65535;
}
/* a>b is illegal, a=b is ok */
/* a > b is illegal, a == b is ok */
if (dp->port > dp->port2)
goto error;
} else {
if (strcasecmp(port,"any") == 0) {
dp->port = 0;

16
src/detect-engine-siggroup.c
Unescape Escape View File

@ -36,9 +36,14 @@ static uint32_t detect_siggroup_matcharray_memory = 0;
static uint32_t detect_siggroup_matcharray_init_cnt = 0;
static uint32_t detect_siggroup_matcharray_free_cnt = 0;
/** \brief alloc a sig group head and it's sig_array
* \param size size of the sig array
* \retval sgh or NULL in case of error */
/**
* \brief Alloc a sig group head and it's sig_array
*
* \param size Size of the sig array
* \retval sgh Pointer to newly init SigGroupHead on succuess; or NULL in case
* of error
*/
static SigGroupHead *SigGroupHeadAlloc(uint32_t size) {
SigGroupHead *sgh = malloc(sizeof(SigGroupHead));
if (sgh == NULL) {
@ -441,13 +446,12 @@ int SigGroupHeadAppendSig(DetectEngineCtx *de_ctx, SigGroupHead **sgh, Signature
/* see if we have a head already */
if (*sgh == NULL) {
*sgh = SigGroupHeadAlloc(DetectEngineGetMaxSigId(de_ctx) / 8 + 1);
if (*sgh == NULL) {
if (*sgh == NULL)
goto error;
}
}
/* enable the sig in the bitarray */
(*sgh)->sig_array[(s->num/8)] |= 1<<(s->num%8);
(*sgh)->sig_array[s->num / 8] |= 1 << (s->num % 8);
return 0;
error:

23
src/detect-parse.c
Unescape Escape View File

@ -297,15 +297,23 @@ error:
*/
int SigParseProto(Signature *s, const char *protostr) {
int r = DetectProtoParse(&s->proto, (char *)protostr);
if (r < 0) {
if (r < 0)
return -1;
}
return 0;
}
/* src: flag = 0, dst: flag = 1
/**
* \brief Parses the port(source or destination) field, from a Signature
*
* \param s Pointer to the signature which has to be updated with the
* port information
* \param portstr Pointer to the character string containing the port info
* \param Flag which indicates if the portstr received is sort or dst
* port. For src port: flag = 0, dst port: flag = 1
*
* \retval 0 On success
* \retval -1 On failure
*/
int SigParsePort(Signature *s, const char *portstr, char flag) {
int r = 0;
@ -336,9 +344,8 @@ int SigParsePort(Signature *s, const char *portstr, char flag) {
}
if (flag == 0) {
if (strcasecmp(port,"any") == 0) {
if (strcasecmp(port, "any") == 0)
s->flags |= SIG_FLAG_SP_ANY;
}
r = DetectPortParse(&s->sp, (char *)port);
} else if (flag == 1) {
@ -346,12 +353,10 @@ int SigParsePort(Signature *s, const char *portstr, char flag) {
s->flags |= SIG_FLAG_DP_ANY;
r = DetectPortParse(&s->dp, (char *)port);
//DetectPortPrint(s->dp);
}
if (r < 0) {
if (r < 0)
return -1;
}
return 0;
}

40
src/detect.c
Unescape Escape View File

@ -244,13 +244,20 @@ int SigLoadSignatures (DetectEngineCtx *de_ctx, char *sig_file)
SCSigOrderSignatures(de_ctx);
SCSigSignatureOrderingModuleCleanup(de_ctx);
/* Setup the signature group lookup structure and
* pattern matchers */
/* Setup the signature group lookup structure and pattern matchers */
SigGroupBuild(de_ctx);
return 0;
}
/* check if a certain sid alerted, this is used in the test functions */
/**
* \brief Check if a certain sid alerted, this is used in the test functions
*
* \param p Packet on which we want to check if the signature alerted or not
* \param sid Signature id of the signature that thas to be checked for a match
*
* \retval match A value > 0 on a match; 0 on no match
*/
int PacketAlertCheck(Packet *p, uint32_t sid)
{
uint16_t i = 0;
@ -578,11 +585,10 @@ void SigCleanSignatures(DetectEngineCtx *de_ctx)
* \retval 0 sig is not ip only
*/
static int SignatureIsIPOnly(DetectEngineCtx *de_ctx, Signature *s) {
/* in the case of tcp/udp, only consider sigs that
* don't have ports set ip-only. */
/* for tcp/udp, only consider sigs that don't have ports set, as ip-only */
if (!(s->proto.flags & DETECT_PROTO_ANY)) {
if (s->proto.proto[(IPPROTO_TCP/8)] & (1<<(IPPROTO_TCP%8)) ||
s->proto.proto[(IPPROTO_UDP/8)] & (1<<(IPPROTO_UDP%8))) {
if (s->proto.proto[IPPROTO_TCP / 8] & (1 << (IPPROTO_TCP % 8)) ||
s->proto.proto[IPPROTO_UDP / 8] & (1 << (IPPROTO_UDP % 8))) {
if (!(s->flags & SIG_FLAG_SP_ANY))
return 0;
@ -1367,7 +1373,15 @@ error:
return -1;
}
/* fill the global src group head, with the sigs included */
/**
* \brief Fill the global src group head, with the sigs included
*
* \param de_ctx Pointer to the Detection Engine Context whose Signatures have
* to be processed
*
* \retval 0 On success
* \retval -1 On failure
*/
int SigAddressPrepareStage2(DetectEngineCtx *de_ctx) {
Signature *tmp_s = NULL;
DetectAddressGroup *gr = NULL;
@ -2508,8 +2522,14 @@ int SigAddressPrepareStage5(DetectEngineCtx *de_ctx) {
return 0;
}
/** \brief Convert the signature list into the runtime
* match structure. */
/**
* \brief Convert the signature list into the runtime match structure.
*
* \param de_ctx Pointer to the Detection Engine Context whose Signatures have
* to be processed
*
* \retval 0 Always
*/
int SigGroupBuild (DetectEngineCtx *de_ctx) {
SigAddressPrepareStage1(de_ctx);
SigAddressPrepareStage2(de_ctx);

Write Preview
Loading…
Cancel
Save