iprep: fix reputation loading and reloading

When an IP is listed in multiple categories, each new "load" would clear the previous loads for that IP. Bug #976
13 years ago · 64203be3ba
parent c583c9e205
commit 64203be3ba
2 changed files with 24 additions and 7 deletions
--- a/src/detect-iprep.c
+++ b/src/detect-iprep.c
@ -204,8 +204,8 @@ int DetectIPRepMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p,
            break;

        case DETECT_IPREP_CMD_SRC:
-            SCLogDebug("checking src");
            val = GetHostRepSrc(p, rd->cat, version);
+            SCLogDebug("checking src -- val %u (looking for cat %u, val %u)", val, rd->cat, rd->val);
            if (val > 0) {
                return RepMatch(rd->op, val, rd->val);
            }
@ -335,7 +335,7 @@ int DetectIPRepSetup (DetectEngineCtx *de_ctx, Signature *s, char *rawstr)
    cd->cat = cat;
    cd->op = op;
    cd->val = val;
-    //SCLogInfo("cmd %u, cat %u, op %u, val %u", cd->cmd, cd->cat, cd->op, cd->val);
+    SCLogDebug("cmd %u, cat %u, op %u, val %u", cd->cmd, cd->cat, cd->op, cd->val);

    pcre_free_substring(name);
    name = NULL;
--- a/src/reputation.c
+++ b/src/reputation.c
@ -1,4 +1,4 @@
-/* Copyright (C) 2007-2010 Open Information Security Foundation
+/* Copyright (C) 2007-2013 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
@ -42,7 +42,9 @@
 *  time out code will use it to check if a host's
 *  reputation info is outdated. */
 SC_ATOMIC_DECLARE(uint32_t, srep_eversion);
-/** reputation version set to the host's reputation */
+/** reputation version set to the host's reputation,
+ *  this will be set to 1 before rep files are loaded,
+ *  so hosts will always have a minial value of 1 */
 static uint32_t srep_version = 0;

 static uint32_t SRepIncrVersion(void) {
@ -351,14 +353,29 @@ static int SRepLoadFile(char *filename) {
                if (h->iprep != NULL) {
                    SReputation *rep = h->iprep;

-                    /* if version is 0, it has been used before, so
-                     * clear it */
-                    if (rep->version != 0) {
+                    /* if version is outdated, it's an older entry that we'll
+                     * now replace. */
+                    if (rep->version != SRepGetVersion()) {
                        memset(rep, 0x00, sizeof(SReputation));
                    }

                    rep->version = SRepGetVersion();
                    rep->rep[cat] = value;
+
+                    SCLogDebug("host %p iprep %p setting cat %u to value %u",
+                        h, h->iprep, cat, value);
+#ifdef DEBUG
+                    if (SCLogDebugEnabled()) {
+                        int i;
+                        for (i = 0; i < SREP_MAX_CATS; i++) {
+                            if (rep->rep[i] == 0)
+                                continue;
+
+                            SCLogDebug("--> host %p iprep %p cat %d to value %u",
+                                    h, h->iprep, i, rep->rep[i]);
+                        }
+                    }
+#endif
                }

                HostRelease(h);