aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improve threshold hash table handling.

Browse Source
remotes/origin/master-1.0.x
Victor Julien 16 years ago
parent 8c8b8596c8
commit 6ab64706b0
5 changed files with 28 additions and 18 deletions
Show Stats Download Patch File Download Diff File

22
src/detect-engine-threshold.c
Unescape Escape View File

@ -148,14 +148,22 @@ void ThresholdTimeoutRemove(DetectEngineCtx *de_ctx)
next = HashListTableGetListHead(de_ctx->ths_ctx.threshold_hash_table_src); next = HashListTableGetListHead(de_ctx->ths_ctx.threshold_hash_table_src);
while (next != NULL) { while (next != NULL) {
tsh = HashListTableGetListData(next); tsh = HashListTableGetListData(next);
if (tsh && ((tv.tv_sec - tsh->tv_sec1) > tsh->seconds)) { if (tsh && ((tv.tv_sec - tsh->tv_sec1) > tsh->seconds)) {
HashListTableRemove(de_ctx->ths_ctx.threshold_hash_table_src, tsh, sizeof(DetectThresholdData)); if (tsh->ipv == 4) {
HashListTableRemove(de_ctx->ths_ctx.threshold_hash_table_dst, tsh, sizeof(DetectThresholdData)); if (tsh->type == TRACK_SRC) {
HashListTableRemove(de_ctx->ths_ctx.threshold_hash_table_src_ipv6, tsh, sizeof(DetectThresholdData)); HashListTableRemove(de_ctx->ths_ctx.threshold_hash_table_src, tsh, sizeof(DetectThresholdData));
HashListTableRemove(de_ctx->ths_ctx.threshold_hash_table_dst_ipv6, tsh, sizeof(DetectThresholdData)); } else if (tsh->type == TRACK_DST) {
HashListTableRemove(de_ctx->ths_ctx.threshold_hash_table_dst, tsh, sizeof(DetectThresholdData));
}
} else if (tsh->ipv == 6) {
if (tsh->type == TRACK_SRC) {
HashListTableRemove(de_ctx->ths_ctx.threshold_hash_table_src_ipv6, tsh, sizeof(DetectThresholdData));
} else if (tsh->type == TRACK_DST) {
HashListTableRemove(de_ctx->ths_ctx.threshold_hash_table_dst_ipv6, tsh, sizeof(DetectThresholdData));
}
}
} }
next = HashListTableGetListNext(next); next = HashListTableGetListNext(next);
@ -191,8 +199,8 @@ void ThresholdHashAdd(DetectEngineCtx *de_ctx, DetectThresholdData *tsh_ptr, Pac
} }
if(ret == -1) { if(ret == -1) {
SCLogError(SC_ERR_MEM_ALLOC, SCLogError(SC_ERR_THRESHOLD_HASH_ADD,
"Threshold: Failed to Add element into the hash table."); "failed to add element into the hash table");
} }
return; return;

14
src/detect-threshold.h
Unescape Escape View File

@ -24,15 +24,15 @@
*/ */
typedef struct DetectThresholdData_ { typedef struct DetectThresholdData_ {
uint8_t type; /**< Threshold type : limit , threshold, both */ uint8_t type; /**< Threshold type : limit , threshold, both */
uint8_t track; /**< Track type: by_src, by_src */ uint8_t track; /**< Track type: by_src, by_src */
uint32_t count; /**< Event count */ uint32_t count; /**< Event count */
uint32_t seconds; /**< Event seconds */ uint32_t seconds; /**< Event seconds */
uint32_t sid; /**< Signature id */ uint32_t sid; /**< Signature id */
uint8_t gid; /**< Signature group id */ uint8_t gid; /**< Signature group id */
uint8_t ipv; /**< Packet ip version */ uint8_t ipv; /**< Packet ip version */
Address addr; /**< Var used to store dst or src addr */ Address addr; /**< Var used to store dst or src addr */
uint32_t tv_sec1; /**< Var for time control */ uint32_t tv_sec1; /**< Var for time control */
uint32_t current_count; /**< Var for count control */ uint32_t current_count; /**< Var for count control */

8
src/detect.h
Unescape Escape View File

@ -225,12 +225,12 @@ typedef struct DetectEngineLookupDsize_ {
/** \brief threshold ctx */ /** \brief threshold ctx */
typedef struct ThresholdCtx_ { typedef struct ThresholdCtx_ {
HashListTable *threshold_hash_table_dst; /**< Ipv4 dst hash table */ HashListTable *threshold_hash_table_dst; /**< Ipv4 dst hash table */
HashListTable *threshold_hash_table_src; /**< Ipv4 src hash table */ HashListTable *threshold_hash_table_src; /**< Ipv4 src hash table */
HashListTable *threshold_hash_table_dst_ipv6; /**< Ipv6 dst hash table */ HashListTable *threshold_hash_table_dst_ipv6; /**< Ipv6 dst hash table */
HashListTable *threshold_hash_table_src_ipv6; /**< Ipv6 src hash table */ HashListTable *threshold_hash_table_src_ipv6; /**< Ipv6 src hash table */
pthread_mutex_t threshold_table_lock; /**< Mutex for hash table */ SCMutex threshold_table_lock; /**< Mutex for hash table */
}ThresholdCtx; } ThresholdCtx;
/** \brief main detection engine ctx */ /** \brief main detection engine ctx */
typedef struct DetectEngineCtx_ { typedef struct DetectEngineCtx_ {

1
src/util-error.c
Unescape Escape View File

@ -61,6 +61,7 @@ const char * SCErrorToString(SCError err)
CASE_CODE (SC_ERR_UNIFIED2_ALERT_GENERIC_ERROR); CASE_CODE (SC_ERR_UNIFIED2_ALERT_GENERIC_ERROR);
CASE_CODE (SC_ERR_FWRITE); CASE_CODE (SC_ERR_FWRITE);
CASE_CODE (SC_ERR_FOPEN); CASE_CODE (SC_ERR_FOPEN);
CASE_CODE (SC_ERR_THRESHOLD_HASH_ADD);
default: default:
return "UNKNOWN_ERROR"; return "UNKNOWN_ERROR";
} }

1
src/util-error.h
Unescape Escape View File

@ -73,6 +73,7 @@ typedef enum {
SC_ERR_UNIFIED_ALERT_GENERIC_ERROR, SC_ERR_UNIFIED_ALERT_GENERIC_ERROR,
SC_ERR_UNIFIED2_ALERT_GENERIC_ERROR, SC_ERR_UNIFIED2_ALERT_GENERIC_ERROR,
SC_ERR_FWRITE, SC_ERR_FWRITE,
SC_ERR_THRESHOLD_HASH_ADD,
} SCError; } SCError;
const char *SCErrorToString(SCError); const char *SCErrorToString(SCError);

Write Preview
Loading…
Cancel
Save