log error on duplicate sig and also for dup sig with newer revision

14 years ago · 27f67c97de
parent 8a390971e7
commit 27f67c97de
3 changed files with 17 additions and 4 deletions
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@ -1919,21 +1919,32 @@ end:
 * \param de_ctx Pointer to the Detection Engine Context.
 * \param sigstr Pointer to a character string containing the signature to be
 *               parsed.
+ * \param sig_file Pointer to a character string containing the filename from
+ *                 which signature is read
+ * \param lineno Line number from where signature is read
 *
 * \retval Pointer to the head Signature in the detection engine ctx sig_list
 *         on success; NULL on failure.
 */
-Signature *DetectEngineAppendSig(DetectEngineCtx *de_ctx, char *sigstr) {
+Signature *DetectEngineAppendSig(DetectEngineCtx *de_ctx, char *sigstr)
+{
    Signature *sig = SigInitReal(de_ctx, sigstr);
-    if (sig == NULL)
+    if (sig == NULL) {
        return NULL;
+    }

    /* checking for the status of duplicate signature */
    int dup_sig = DetectEngineSignatureIsDuplicate(de_ctx, sig);
    /* a duplicate signature that should be chucked out.  Check the previously
     * called function details to understand the different return values */
-    if (dup_sig == 1)
+    if (dup_sig == 1) {
+        SCLogError(SC_ERR_DUPLICATE_SIG, "Duplicate signature \"%s\"", sigstr);
        goto error;
+    } else if (dup_sig == 2) {
+        SCLogWarning(SC_ERR_DUPLICATE_SIG, "Signature with newer revision,"
+                " so the older sig replaced by this new signature \"%s\"",
+                sigstr);
+    }

    if (sig->init_flags & SIG_FLAG_BIDIREC) {
        if (sig->next != NULL) {
@ -1953,7 +1964,7 @@ Signature *DetectEngineAppendSig(DetectEngineCtx *de_ctx, char *sigstr) {
     * so if the signature is bidirectional, the returned sig will point through "next" ptr
     * to the cloned signatures with the switched addresses
     */
-    return (dup_sig == 0) ? sig : NULL;
+    return (dup_sig == 0 || dup_sig == 2) ? sig : NULL;

 error:
    if (sig != NULL)
--- a/src/util-error.c
+++ b/src/util-error.c
@ -192,6 +192,7 @@ const char * SCErrorToString(SCError err)
        CASE_CODE (SC_ERR_DCERPC);
        CASE_CODE (SC_ERR_AHO_CORASICK);
        CASE_CODE (SC_ERR_REFERENCE_CONFIG);
+        CASE_CODE (SC_ERR_DUPLICATE_SIG);
        CASE_CODE (SC_WARN_PCAP_MULTI_DEV_EXPERIMENTAL);
        CASE_CODE (SC_ERR_PCAP_MULTI_DEV_NO_SUPPORT);
        CASE_CODE (SC_ERR_HTTP_METHOD_NEEDS_PRECEEDING_CONTENT);
--- a/src/util-error.h
+++ b/src/util-error.h
@ -203,6 +203,7 @@ typedef enum {
    SC_ERR_DETECT_PREPARE,          /**< preparing the detection engine failed */
    SC_ERR_AHO_CORASICK,
    SC_ERR_REFERENCE_CONFIG,
+    SC_ERR_DUPLICATE_SIG,       /**< Error to indicate that signature is duplicate */
    SC_WARN_PCAP_MULTI_DEV_EXPERIMENTAL,
    SC_ERR_PCAP_MULTI_DEV_NO_SUPPORT,
    SC_ERR_HTTP_METHOD_NEEDS_PRECEEDING_CONTENT,