aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Rename DetectAddressGroup* to DetectAddress*

Browse Source
remotes/origin/master-1.0.x
Victor Julien 15 years ago
parent 13dca5e8ce
commit de8caa7964
11 changed files with 735 additions and 736 deletions
Show Stats Download Patch File Download Diff File

56
src/detect-engine-address-ipv4.c
Unescape Escape View File

@ -18,7 +18,7 @@
#include "detect-engine-siggroup.h"
#include "detect-engine-port.h"
int DetectAddressGroupCmpIPv4(DetectAddressGroup *a, DetectAddressGroup *b) {
int DetectAddressCmpIPv4(DetectAddress *a, DetectAddress *b) {
uint32_t a_ip1 = ntohl(a->ip[0]);
uint32_t a_ip2 = ntohl(a->ip2[0]);
uint32_t b_ip1 = ntohl(b->ip[0]);
@ -71,25 +71,25 @@ int DetectAddressGroupCmpIPv4(DetectAddressGroup *a, DetectAddressGroup *b) {
* a = 1.2.3.4, b = 1.2.3.0/24
* must result in: a == 1.2.3.0-1.2.3.3, b == 1.2.3.4, c == 1.2.3.5-1.2.3.255
*/
int DetectAddressGroupCutIPv4(DetectEngineCtx *de_ctx, DetectAddressGroup *a, DetectAddressGroup *b, DetectAddressGroup **c) {
int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c) {
uint32_t a_ip1 = ntohl(a->ip[0]);
uint32_t a_ip2 = ntohl(a->ip2[0]);
uint32_t b_ip1 = ntohl(b->ip[0]);
uint32_t b_ip2 = ntohl(b->ip2[0]);
DetectPort *port = NULL;
DetectAddressGroup *tmp = NULL;
DetectAddress *tmp = NULL;
/* default to NULL */
*c = NULL;
int r = DetectAddressGroupCmpIPv4(a,b);
int r = DetectAddressCmpIPv4(a,b);
if (r != ADDRESS_ES && r != ADDRESS_EB && r != ADDRESS_LE && r != ADDRESS_GE) {
printf("we shouldn't be here\n");
goto error;
}
/* get a place to temporary put sigs lists */
tmp = DetectAddressGroupInit();
tmp = DetectAddressInit();
if (tmp == NULL) {
goto error;
}
@ -101,7 +101,7 @@ int DetectAddressGroupCutIPv4(DetectEngineCtx *de_ctx, DetectAddressGroup *a, De
*/
if (r == ADDRESS_LE) {
#ifdef DBG
printf("DetectAddressGroupCutIPv4: r == ADDRESS_LE\n");
printf("DetectAddressCutIPv4: r == ADDRESS_LE\n");
#endif
a->ip[0] = htonl(a_ip1);
a->ip2[0] = htonl(b_ip1 - 1);
@ -109,8 +109,8 @@ int DetectAddressGroupCutIPv4(DetectEngineCtx *de_ctx, DetectAddressGroup *a, De
b->ip[0] = htonl(b_ip1);
b->ip2[0] = htonl(a_ip2);
DetectAddressGroup *tmp_c;
tmp_c = DetectAddressGroupInit();
DetectAddress *tmp_c;
tmp_c = DetectAddressInit();
if (tmp_c == NULL) {
goto error;
}
@ -142,7 +142,7 @@ int DetectAddressGroupCutIPv4(DetectEngineCtx *de_ctx, DetectAddressGroup *a, De
*/
} else if (r == ADDRESS_GE) {
#ifdef DBG
printf("DetectAddressGroupCutIPv4: r == ADDRESS_GE\n");
printf("DetectAddressCutIPv4: r == ADDRESS_GE\n");
#endif
a->ip[0] = htonl(b_ip1);
a->ip2[0] = htonl(a_ip1 - 1);
@ -150,8 +150,8 @@ int DetectAddressGroupCutIPv4(DetectEngineCtx *de_ctx, DetectAddressGroup *a, De
b->ip[0] = htonl(a_ip1);
b->ip2[0] = htonl(b_ip2);
DetectAddressGroup *tmp_c;
tmp_c = DetectAddressGroupInit();
DetectAddress *tmp_c;
tmp_c = DetectAddressInit();
if (tmp_c == NULL) {
goto error;
}
@ -211,11 +211,11 @@ int DetectAddressGroupCutIPv4(DetectEngineCtx *de_ctx, DetectAddressGroup *a, De
*/
} else if (r == ADDRESS_ES) {
#ifdef DBG
printf("DetectAddressGroupCutIPv4: r == ADDRESS_ES\n");
printf("DetectAddressCutIPv4: r == ADDRESS_ES\n");
#endif
if (a_ip1 == b_ip1) {
#ifdef DBG
printf("DetectAddressGroupCutIPv4: 1\n");
printf("DetectAddressCutIPv4: 1\n");
#endif
a->ip[0] = htonl(a_ip1);
a->ip2[0] = htonl(a_ip2);
@ -234,7 +234,7 @@ int DetectAddressGroupCutIPv4(DetectEngineCtx *de_ctx, DetectAddressGroup *a, De
}
} else if (a_ip2 == b_ip2) {
#ifdef DBG
printf("DetectAddressGroupCutIPv4: 2\n");
printf("DetectAddressCutIPv4: 2\n");
#endif
a->ip[0] = htonl(b_ip1);
a->ip2[0] = htonl(a_ip1 - 1);
@ -275,8 +275,8 @@ int DetectAddressGroupCutIPv4(DetectEngineCtx *de_ctx, DetectAddressGroup *a, De
b->ip[0] = htonl(a_ip1);
b->ip2[0] = htonl(a_ip2);
DetectAddressGroup *tmp_c;
tmp_c = DetectAddressGroupInit();
DetectAddress *tmp_c;
tmp_c = DetectAddressInit();
if (tmp_c == NULL) {
goto error;
}
@ -335,11 +335,11 @@ int DetectAddressGroupCutIPv4(DetectEngineCtx *de_ctx, DetectAddressGroup *a, De
*/
} else if (r == ADDRESS_EB) {
#ifdef DBG
printf("DetectAddressGroupCutIPv4: r == ADDRESS_EB\n");
printf("DetectAddressCutIPv4: r == ADDRESS_EB\n");
#endif
if (a_ip1 == b_ip1) {
#ifdef DBG
printf("DetectAddressGroupCutIPv4: 1\n");
printf("DetectAddressCutIPv4: 1\n");
#endif
a->ip[0] = htonl(b_ip1);
a->ip2[0] = htonl(b_ip2);
@ -372,7 +372,7 @@ int DetectAddressGroupCutIPv4(DetectEngineCtx *de_ctx, DetectAddressGroup *a, De
}
} else if (a_ip2 == b_ip2) {
#ifdef DBG
printf("DetectAddressGroupCutIPv4: 2\n");
printf("DetectAddressCutIPv4: 2\n");
#endif
a->ip[0] = htonl(a_ip1);
a->ip2[0] = htonl(b_ip1 - 1);
@ -392,7 +392,7 @@ int DetectAddressGroupCutIPv4(DetectEngineCtx *de_ctx, DetectAddressGroup *a, De
}
} else {
#ifdef DBG
printf("DetectAddressGroupCutIPv4: 3\n");
printf("DetectAddressCutIPv4: 3\n");
#endif
a->ip[0] = htonl(a_ip1);
a->ip2[0] = htonl(b_ip1 - 1);
@ -400,8 +400,8 @@ int DetectAddressGroupCutIPv4(DetectEngineCtx *de_ctx, DetectAddressGroup *a, De
b->ip[0] = htonl(b_ip1);
b->ip2[0] = htonl(b_ip2);
DetectAddressGroup *tmp_c;
tmp_c = DetectAddressGroupInit();
DetectAddress *tmp_c;
tmp_c = DetectAddressInit();
if (tmp_c == NULL) {
goto error;
}
@ -432,12 +432,12 @@ int DetectAddressGroupCutIPv4(DetectEngineCtx *de_ctx, DetectAddressGroup *a, De
}
if (tmp != NULL)
DetectAddressGroupFree(tmp);
DetectAddressFree(tmp);
return 0;
error:
if (tmp != NULL)
DetectAddressGroupFree(tmp);
DetectAddressFree(tmp);
return -1;
}
@ -446,7 +446,7 @@ error:
* \retval 0 no
* \retval 1 yes
*/
int DetectAddressGroupIsCompleteIPSpaceIPv4(DetectAddressGroup *ag) {
int DetectAddressIsCompleteIPSpaceIPv4(DetectAddress *ag) {
uint32_t next_ip = 0;
if (ag == NULL)
@ -490,7 +490,7 @@ int DetectAddressGroupIsCompleteIPSpaceIPv4(DetectAddressGroup *ag) {
* must result in: a == 0.0.0.0-255.255.255.254, b == NULL
*
*/
int DetectAddressGroupCutNotIPv4(DetectAddressGroup *a, DetectAddressGroup **b) {
int DetectAddressCutNotIPv4(DetectAddress *a, DetectAddress **b) {
uint32_t a_ip1 = ntohl(a->ip[0]);
uint32_t a_ip2 = ntohl(a->ip2[0]);
@ -501,7 +501,7 @@ int DetectAddressGroupCutNotIPv4(DetectAddressGroup *a, DetectAddressGroup **b)
a->ip[0] = htonl(0x00000000);
a->ip2[0] = htonl(a_ip1 - 1);
DetectAddressGroup *tmp_b = DetectAddressGroupInit();
DetectAddress *tmp_b = DetectAddressInit();
if (tmp_b == NULL) {
goto error;
}
@ -527,7 +527,7 @@ error:
return -1;
}
int DetectAddressGroupJoinIPv4(DetectEngineCtx *de_ctx, DetectAddressGroup *target, DetectAddressGroup *source) {
int DetectAddressJoinIPv4(DetectEngineCtx *de_ctx, DetectAddress *target, DetectAddress *source) {
if (ntohl(source->ip[0]) < ntohl(target->ip[0]))
target->ip[0] = source->ip[0];

10
src/detect-engine-address-ipv4.h
Unescape Escape View File

@ -8,12 +8,12 @@
//int DetectAddressCmpIPv4(DetectAddressData *, DetectAddressData *);
//int DetectAddressCutIPv4(DetectAddressData *, DetectAddressData *, DetectAddressData **);
int DetectAddressGroupCutNotIPv4(DetectAddressGroup *, DetectAddressGroup **);
int DetectAddressGroupCmpIPv4(DetectAddressGroup *a, DetectAddressGroup *b);
int DetectAddressCutNotIPv4(DetectAddress *, DetectAddress **);
int DetectAddressCmpIPv4(DetectAddress *a, DetectAddress *b);
int DetectAddressGroupCutIPv4(DetectEngineCtx *, DetectAddressGroup *, DetectAddressGroup *, DetectAddressGroup **);
int DetectAddressGroupJoinIPv4(DetectEngineCtx *, DetectAddressGroup *target, DetectAddressGroup *source);
int DetectAddressGroupIsCompleteIPSpaceIPv4(DetectAddressGroup *);
int DetectAddressCutIPv4(DetectEngineCtx *, DetectAddress *, DetectAddress *, DetectAddress **);
int DetectAddressJoinIPv4(DetectEngineCtx *, DetectAddress *target, DetectAddress *source);
int DetectAddressIsCompleteIPSpaceIPv4(DetectAddress *);
#endif /* __DETECT_ENGINE_ADDRESS_IPV4_H__ */

38
src/detect-engine-address-ipv6.c
Unescape Escape View File

@ -81,7 +81,7 @@ int AddressIPv6Ge(uint32_t *a, uint32_t *b) {
return 0;
}
int DetectAddressGroupCmpIPv6(DetectAddressGroup *a, DetectAddressGroup *b) {
int DetectAddressCmpIPv6(DetectAddress *a, DetectAddress *b) {
/* ADDRESS_EQ */
if (AddressIPv6Eq(a->ip, b->ip) == 1 &&
AddressIPv6Eq(a->ip2, b->ip2) == 1) {
@ -192,7 +192,7 @@ static void AddressCutIPv6Copy(uint32_t *a, uint32_t *b) {
b[3] = htonl(a[3]);
}
int DetectAddressGroupCutIPv6(DetectEngineCtx *de_ctx, DetectAddressGroup *a, DetectAddressGroup *b, DetectAddressGroup **c) {
int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a, DetectAddress *b, DetectAddress **c) {
uint32_t a_ip1[4] = { ntohl(a->ip[0]), ntohl(a->ip[1]),
ntohl(a->ip[2]), ntohl(a->ip[3]) };
uint32_t a_ip2[4] = { ntohl(a->ip2[0]), ntohl(a->ip2[1]),
@ -202,22 +202,22 @@ int DetectAddressGroupCutIPv6(DetectEngineCtx *de_ctx, DetectAddressGroup *a, De
uint32_t b_ip2[4] = { ntohl(b->ip2[0]), ntohl(b->ip2[1]),
ntohl(b->ip2[2]), ntohl(b->ip2[3]) };
DetectPort *port = NULL;
DetectAddressGroup *tmp = NULL;
DetectAddress *tmp = NULL;
/* default to NULL */
*c = NULL;
int r = DetectAddressGroupCmpIPv6(a,b);
int r = DetectAddressCmpIPv6(a,b);
if (r != ADDRESS_ES && r != ADDRESS_EB && r != ADDRESS_LE && r != ADDRESS_GE) {
goto error;
}
/* get a place to temporary put sigs lists */
tmp = DetectAddressGroupInit();
tmp = DetectAddressInit();
if (tmp == NULL) {
goto error;
}
memset(tmp,0,sizeof(DetectAddressGroup));
memset(tmp,0,sizeof(DetectAddress));
/* we have 3 parts: [aaa[abab]bbb]
* part a: a_ip1 <-> b_ip1 - 1
@ -231,8 +231,8 @@ int DetectAddressGroupCutIPv6(DetectEngineCtx *de_ctx, DetectAddressGroup *a, De
AddressCutIPv6Copy(b_ip1, b->ip);
AddressCutIPv6Copy(a_ip2, b->ip2);
DetectAddressGroup *tmp_c;
tmp_c = DetectAddressGroupInit();
DetectAddress *tmp_c;
tmp_c = DetectAddressInit();
if (tmp_c == NULL) {
goto error;
}
@ -266,8 +266,8 @@ int DetectAddressGroupCutIPv6(DetectEngineCtx *de_ctx, DetectAddressGroup *a, De
AddressCutIPv6Copy(a_ip1, b->ip);
AddressCutIPv6Copy(b_ip2, b->ip2);
DetectAddressGroup *tmp_c;
tmp_c = DetectAddressGroupInit();
DetectAddress *tmp_c;
tmp_c = DetectAddressInit();
if (tmp_c == NULL) {
goto error;
}
@ -372,8 +372,8 @@ int DetectAddressGroupCutIPv6(DetectEngineCtx *de_ctx, DetectAddressGroup *a, De
AddressCutIPv6Copy(a_ip1, b->ip);
AddressCutIPv6Copy(a_ip2, b->ip2);
DetectAddressGroup *tmp_c;
tmp_c = DetectAddressGroupInit();
DetectAddress *tmp_c;
tmp_c = DetectAddressInit();
if (tmp_c == NULL) {
goto error;
}
@ -477,8 +477,8 @@ int DetectAddressGroupCutIPv6(DetectEngineCtx *de_ctx, DetectAddressGroup *a, De
AddressCutIPv6Copy(b_ip1, b->ip);
AddressCutIPv6Copy(b_ip2, b->ip2);
DetectAddressGroup *tmp_c;
tmp_c = DetectAddressGroupInit();
DetectAddress *tmp_c;
tmp_c = DetectAddressInit();
if (tmp_c == NULL) {
goto error;
}
@ -506,12 +506,12 @@ int DetectAddressGroupCutIPv6(DetectEngineCtx *de_ctx, DetectAddressGroup *a, De
}
if (tmp != NULL)
DetectAddressGroupFree(tmp);
DetectAddressFree(tmp);
return 0;
error:
if (tmp != NULL)
DetectAddressGroupFree(tmp);
DetectAddressFree(tmp);
return -1;
}
#if 0
@ -679,7 +679,7 @@ error:
* must result in: a == 0.0.0.0-255.255.255.254, b == NULL
*
*/
int DetectAddressGroupCutNotIPv6(DetectAddressGroup *a, DetectAddressGroup **b) {
int DetectAddressCutNotIPv6(DetectAddress *a, DetectAddress **b) {
uint32_t a_ip1[4] = { ntohl(a->ip[0]), ntohl(a->ip[1]), ntohl(a->ip[2]), ntohl(a->ip[3]) };
uint32_t a_ip2[4] = { ntohl(a->ip2[0]), ntohl(a->ip2[1]), ntohl(a->ip2[2]), ntohl(a->ip2[3]) };
uint32_t ip_nul[4] = { 0x00000000, 0x00000000, 0x00000000, 0x00000000 };
@ -696,7 +696,7 @@ int DetectAddressGroupCutNotIPv6(DetectAddressGroup *a, DetectAddressGroup **b)
AddressCutIPv6Copy(ip_nul, a->ip);
AddressCutIPv6CopySubOne(a_ip1, a->ip2);
DetectAddressGroup *tmp_b = DetectAddressGroupInit();
DetectAddress *tmp_b = DetectAddressInit();
if (tmp_b == NULL) {
goto error;
}
@ -731,7 +731,7 @@ error:
return -1;
}
int DetectAddressGroupJoinIPv6(DetectEngineCtx *de_ctx, DetectAddressGroup *target, DetectAddressGroup *source) {
int DetectAddressJoinIPv6(DetectEngineCtx *de_ctx, DetectAddress *target, DetectAddress *source) {
if (AddressIPv6Lt(source->ip,target->ip)) {
target->ip[0] = source->ip[0];
target->ip[1] = source->ip[1];

8
src/detect-engine-address-ipv6.h
Unescape Escape View File

@ -13,11 +13,11 @@ int AddressIPv6Le(uint32_t *, uint32_t *);
int AddressIPv6Ge(uint32_t *, uint32_t *);
//int DetectAddressCutIPv6(DetectAddressData *, DetectAddressData *, DetectAddressData **);
int DetectAddressGroupCutNotIPv6(DetectAddressGroup *, DetectAddressGroup **);
int DetectAddressGroupCmpIPv6(DetectAddressGroup *a, DetectAddressGroup *b);
int DetectAddressCutNotIPv6(DetectAddress *, DetectAddress **);
int DetectAddressCmpIPv6(DetectAddress *a, DetectAddress *b);
int DetectAddressGroupCutIPv6(DetectEngineCtx *, DetectAddressGroup *, DetectAddressGroup *, DetectAddressGroup **);
int DetectAddressGroupJoinIPv6(DetectEngineCtx *, DetectAddressGroup *, DetectAddressGroup *);
int DetectAddressCutIPv6(DetectEngineCtx *, DetectAddress *, DetectAddress *, DetectAddress **);
int DetectAddressJoinIPv6(DetectEngineCtx *, DetectAddress *, DetectAddress *);
void DetectAddressIPv6Tests(void);

1101
src/detect-engine-address.c
View File

File diff suppressed because it is too large Load Diff

34
src/detect-engine-address.h
Unescape Escape View File

@ -3,33 +3,33 @@
/* prototypes */
void DetectAddressRegister (void);
void DetectAddressGroupPrintMemory(void);
void DetectAddressPrintMemory(void);
DetectAddressGroupsHead *DetectAddressGroupsHeadInit(void);
void DetectAddressGroupsHeadFree(DetectAddressGroupsHead *);
void DetectAddressGroupsHeadCleanup(DetectAddressGroupsHead *);
DetectAddresssHead *DetectAddresssHeadInit(void);
void DetectAddresssHeadFree(DetectAddresssHead *);
void DetectAddresssHeadCleanup(DetectAddresssHead *);
int DetectAddressGroupParse(DetectAddressGroupsHead *, char *);
int DetectAddressParse(DetectAddresssHead *, char *);
DetectAddressGroup *DetectAddressGroupInit(void);
void DetectAddressGroupFree(DetectAddressGroup *);
DetectAddress *DetectAddressInit(void);
void DetectAddressFree(DetectAddress *);
void DetectAddressGroupCleanupList (DetectAddressGroup *);
int DetectAddressGroupAdd(DetectAddressGroup **, DetectAddressGroup *);
void DetectAddressGroupPrintList(DetectAddressGroup *);
void DetectAddressCleanupList (DetectAddress *);
int DetectAddressAdd(DetectAddress **, DetectAddress *);
void DetectAddressPrintList(DetectAddress *);
int DetectAddressGroupInsert(DetectEngineCtx *, DetectAddressGroupsHead *, DetectAddressGroup *);
int DetectAddressGroupJoin(DetectEngineCtx *, DetectAddressGroup *, DetectAddressGroup *);
int DetectAddressInsert(DetectEngineCtx *, DetectAddresssHead *, DetectAddress *);
int DetectAddressJoin(DetectEngineCtx *, DetectAddress *, DetectAddress *);
DetectAddressGroup *DetectAddressLookupInHead(DetectAddressGroupsHead *, Address *);
DetectAddressGroup *DetectAddressLookupInList(DetectAddressGroup *, DetectAddressGroup *);
DetectAddress *DetectAddressLookupInHead(DetectAddresssHead *, Address *);
DetectAddress *DetectAddressLookupInList(DetectAddress *, DetectAddress *);
/** \brief address only copy of ag */
DetectAddressGroup *DetectAddressGroupCopy(DetectAddressGroup *);
DetectAddress *DetectAddressCopy(DetectAddress *);
/** \brief debugging: print a detect address */
void DetectAddressPrint(DetectAddressGroup *);
void DetectAddressPrint(DetectAddress *);
/** \brief compare the address part of two DetectAddress objects */
int DetectAddressCmp(DetectAddressGroup *, DetectAddressGroup *);
int DetectAddressCmp(DetectAddress *, DetectAddress *);
#endif /* __DETECT_ADDRESS_H__ */

66
src/detect-engine-iponly.c
Unescape Escape View File

@ -38,7 +38,7 @@
#define IPONLY_HTONL_65535 4294901760UL
static uint32_t IPOnlyHashFunc16(HashListTable *ht, void *data, uint16_t len) {
DetectAddressGroup *gr = (DetectAddressGroup *) data;
DetectAddress *gr = (DetectAddress *) data;
uint32_t hash = IPONLY_EXTRACT_16(gr) % ht->array_size;
return hash;
@ -46,14 +46,14 @@ static uint32_t IPOnlyHashFunc16(HashListTable *ht, void *data, uint16_t len) {
/*
static uint32_t IPOnlyHashFunc24(HashListTable *ht, void *data, uint16_t len) {
DetectAddressGroup *gr = (DetectAddressGroup *) data;
DetectAddress *gr = (DetectAddress *) data;
uint32_t hash = IPONLY_EXTRACT_24(gr->ad) % ht->array_size;
return hash;
}
*/
static void IPOnlyAddSlash16(DetectEngineCtx *de_ctx, DetectEngineIPOnlyCtx *io_ctx, HashListTable *ht, DetectAddressGroup *gr, char direction, Signature *s) {
static void IPOnlyAddSlash16(DetectEngineCtx *de_ctx, DetectEngineIPOnlyCtx *io_ctx, HashListTable *ht, DetectAddress *gr, char direction, Signature *s) {
uint32_t high = ntohl(gr->ip2[0]);
uint32_t low = ntohl(gr->ip[0]);
@ -65,7 +65,7 @@ static void IPOnlyAddSlash16(DetectEngineCtx *de_ctx, DetectEngineIPOnlyCtx *io_
while (high > low) {
s16_cnt++;
DetectAddressGroup *grtmp = DetectAddressGroupCopy(gr);
DetectAddress *grtmp = DetectAddressCopy(gr);
if (grtmp == NULL) {
goto error;
}
@ -74,7 +74,7 @@ static void IPOnlyAddSlash16(DetectEngineCtx *de_ctx, DetectEngineIPOnlyCtx *io_
SigGroupHeadAppendSig(de_ctx, &grtmp->sh, s);
DetectAddressGroup *rgr = HashListTableLookup(ht,grtmp,0);
DetectAddress *rgr = HashListTableLookup(ht,grtmp,0);
if (rgr == NULL) {
SigGroupHeadAppendSig(de_ctx, &grtmp->sh, s);
@ -83,7 +83,7 @@ static void IPOnlyAddSlash16(DetectEngineCtx *de_ctx, DetectEngineIPOnlyCtx *io_
} else {
SigGroupHeadAppendSig(de_ctx, &rgr->sh, s);
DetectAddressGroupFree(grtmp);
DetectAddressFree(grtmp);
direction ? io_ctx->a_dst_total16++ : io_ctx->a_src_total16++;
}
@ -93,14 +93,14 @@ static void IPOnlyAddSlash16(DetectEngineCtx *de_ctx, DetectEngineIPOnlyCtx *io_
high = 0;
}
} else {
DetectAddressGroup *grtmp = DetectAddressGroupCopy(gr);
DetectAddress *grtmp = DetectAddressCopy(gr);
if (grtmp == NULL) {
goto error;
}
grtmp->ip[0] = IPONLY_EXTRACT_16(gr);
grtmp->ip2[0] = IPONLY_EXTRACT_16(gr) | IPONLY_HTONL_65535;
DetectAddressGroup *rgr = HashListTableLookup(ht,grtmp,0);
DetectAddress *rgr = HashListTableLookup(ht,grtmp,0);
if (rgr == NULL) {
SigGroupHeadAppendSig(de_ctx, &grtmp->sh, s);
@ -109,7 +109,7 @@ static void IPOnlyAddSlash16(DetectEngineCtx *de_ctx, DetectEngineIPOnlyCtx *io_
} else {
SigGroupHeadAppendSig(de_ctx, &rgr->sh, s);
DetectAddressGroupFree(grtmp);
DetectAddressFree(grtmp);
direction ? io_ctx->a_dst_total16++ : io_ctx->a_src_total16++;
}
}
@ -118,7 +118,7 @@ error:
}
/*
static void IPOnlyAddSlash24(DetectEngineCtx *de_ctx, DetectEngineIPOnlyCtx *io_ctx, HashListTable *ht, DetectAddressGroup *gr, char direction, Signature *s) {
static void IPOnlyAddSlash24(DetectEngineCtx *de_ctx, DetectEngineIPOnlyCtx *io_ctx, HashListTable *ht, DetectAddress *gr, char direction, Signature *s) {
if ((ntohl(gr->ad->ip2[0]) - ntohl(gr->ad->ip[0])) > 256) {
//printf("Bigger than a class/24:\n"); DetectAddressDataPrint(a);
@ -129,7 +129,7 @@ static void IPOnlyAddSlash24(DetectEngineCtx *de_ctx, DetectEngineIPOnlyCtx *io_
while (high > low) {
s24_cnt++;
DetectAddressGroup *grtmp = DetectAddressGroupInit();
DetectAddress *grtmp = DetectAddressInit();
if (grtmp == NULL) {
goto error;
}
@ -144,13 +144,13 @@ static void IPOnlyAddSlash24(DetectEngineCtx *de_ctx, DetectEngineIPOnlyCtx *io_
//printf(" -=- "); DetectAddressDataPrint(na);
DetectAddressGroup *rgr = HashListTableLookup(ht,grtmp,0);
DetectAddress *rgr = HashListTableLookup(ht,grtmp,0);
if (rgr == NULL) {
HashListTableAdd(ht,grtmp,0);
direction ? io_ctx->a_dst_uniq24++ : io_ctx->a_src_uniq24++;
//printf(" uniq\n");
} else {
DetectAddressGroupFree(grtmp);
DetectAddressFree(grtmp);
direction ? io_ctx->a_dst_total24++ : io_ctx->a_src_total24++;
//printf(" dup\n");
}
@ -163,7 +163,7 @@ static void IPOnlyAddSlash24(DetectEngineCtx *de_ctx, DetectEngineIPOnlyCtx *io_
//printf(" contains %" PRIu32 " /24's\n", s24_cnt);
} else {
DetectAddressGroup *rgr = HashListTableLookup(ht,gr,0);
DetectAddress *rgr = HashListTableLookup(ht,gr,0);
if (rgr == NULL) {
HashListTableAdd(ht,gr,0);
direction ? io_ctx->a_dst_uniq24++ : io_ctx->a_src_uniq24++;
@ -177,8 +177,8 @@ error:
*/
static char IPOnlyCompareFunc(void *data1, uint16_t len1, void *data2, uint16_t len2) {
DetectAddressGroup *a1 = (DetectAddressGroup *)data1;
DetectAddressGroup *a2 = (DetectAddressGroup *)data2;
DetectAddress *a1 = (DetectAddress *)data1;
DetectAddress *a2 = (DetectAddress *)data2;
//printf("IPOnlyCompareFunc: "); DetectAddressDataPrint(a1->ad);
//printf(" "); DetectAddressDataPrint(a2->ad); printf("\n");
@ -194,8 +194,8 @@ static void IPOnlyFreeFunc(void *g) {
if (g == NULL)
return;
DetectAddressGroup *ag = (DetectAddressGroup *)g;
DetectAddressGroupFree(ag);
DetectAddress *ag = (DetectAddress *)g;
DetectAddressFree(ag);
}
/* XXX error checking */
@ -216,9 +216,9 @@ void IPOnlyInit(DetectEngineCtx *de_ctx, DetectEngineIPOnlyCtx *io_ctx) {
/* XXX error checking */
void DetectEngineIPOnlyThreadInit(DetectEngineCtx *de_ctx, DetectEngineIPOnlyThreadCtx *io_tctx) {
io_tctx->src = DetectAddressGroupInit();
io_tctx->src = DetectAddressInit();
io_tctx->src->family = AF_INET;
io_tctx->dst = DetectAddressGroupInit();
io_tctx->dst = DetectAddressInit();
io_tctx->dst->family = AF_INET;
/* initialize the signature bitarray */
@ -259,32 +259,32 @@ void IPOnlyDeinit(DetectEngineCtx *de_ctx, DetectEngineIPOnlyCtx *io_ctx) {
void DetectEngineIPOnlyThreadDeinit(DetectEngineIPOnlyThreadCtx *io_tctx) {
if (io_tctx->src != NULL) {
DetectAddressGroupFree(io_tctx->src);
DetectAddressFree(io_tctx->src);
}
if (io_tctx->dst != NULL) {
DetectAddressGroupFree(io_tctx->dst);
DetectAddressFree(io_tctx->dst);
}
free(io_tctx->sig_match_array);
}
DetectAddressGroup *IPOnlyLookupSrc16(DetectEngineCtx *de_ctx, DetectEngineIPOnlyThreadCtx *io_tctx, Packet *p) {
DetectAddress *IPOnlyLookupSrc16(DetectEngineCtx *de_ctx, DetectEngineIPOnlyThreadCtx *io_tctx, Packet *p) {
io_tctx->src->ip[0] = GET_IPV4_SRC_ADDR_U32(p) & 0x0000ffff;
io_tctx->src->ip2[0] = (GET_IPV4_SRC_ADDR_U32(p) & 0x0000ffff) | IPONLY_HTONL_65535;
//printf("IPOnlyLookupSrc16: "); DetectAddressDataPrint(io_tctx->src->ad); printf("\n");
DetectAddressGroup *rgr = HashListTableLookup(de_ctx->io_ctx.ht16_src, io_tctx->src, 0);
DetectAddress *rgr = HashListTableLookup(de_ctx->io_ctx.ht16_src, io_tctx->src, 0);
return rgr;
}
DetectAddressGroup *IPOnlyLookupDst16(DetectEngineCtx *de_ctx, DetectEngineIPOnlyThreadCtx *io_tctx, Packet *p) {
DetectAddress *IPOnlyLookupDst16(DetectEngineCtx *de_ctx, DetectEngineIPOnlyThreadCtx *io_tctx, Packet *p) {
io_tctx->dst->ip[0] = GET_IPV4_DST_ADDR_U32(p) & 0x0000ffff;
io_tctx->dst->ip2[0] = (GET_IPV4_DST_ADDR_U32(p) & 0x0000ffff) | IPONLY_HTONL_65535;
//printf("IPOnlyLookupDst16: "); DetectAddressDataPrint(io_tctx->dst->ad); printf("\n");
DetectAddressGroup *rgr = HashListTableLookup(de_ctx->io_ctx.ht16_dst, io_tctx->dst, 0);
DetectAddress *rgr = HashListTableLookup(de_ctx->io_ctx.ht16_dst, io_tctx->dst, 0);
return rgr;
}
@ -294,7 +294,7 @@ DetectAddressGroup *IPOnlyLookupDst16(DetectEngineCtx *de_ctx, DetectEngineIPOnl
* array. */
void IPOnlyMatchPacket(DetectEngineCtx *de_ctx, DetectEngineIPOnlyCtx *io_ctx,
DetectEngineIPOnlyThreadCtx *io_tctx, Packet *p) {
DetectAddressGroup *src = NULL, *dst = NULL;
DetectAddress *src = NULL, *dst = NULL;
#if 0
/* debug print */
char s[16], d[16];
@ -360,13 +360,13 @@ void IPOnlyMatchPacket(DetectEngineCtx *de_ctx, DetectEngineIPOnlyCtx *io_ctx,
/* check the source address */
if (!(s->flags & SIG_FLAG_SRC_ANY)) {
DetectAddressGroup *saddr = DetectAddressLookupInHead(&s->src,&p->src);
DetectAddress *saddr = DetectAddressLookupInHead(&s->src,&p->src);
if (saddr == NULL)
continue;
}
/* check the destination address */
if (!(s->flags & SIG_FLAG_DST_ANY)) {
DetectAddressGroup *daddr = DetectAddressLookupInHead(&s->dst,&p->dst);
DetectAddress *daddr = DetectAddressLookupInHead(&s->dst,&p->dst);
if (daddr == NULL)
continue;
}
@ -430,7 +430,7 @@ void IPOnlyPrepare(DetectEngineCtx *de_ctx) {
//printf("SRC: ");
for ( ; hb != NULL; hb = HashListTableGetListNext(hb)) {
DetectAddressGroup *gr = (DetectAddressGroup *)HashListTableGetListData(hb);
DetectAddress *gr = (DetectAddress *)HashListTableGetListData(hb);
if (gr == NULL)
continue;
@ -448,7 +448,7 @@ void IPOnlyPrepare(DetectEngineCtx *de_ctx) {
//printf("DST: ");
for ( ; hb != NULL; hb = HashListTableGetListNext(hb)) {
DetectAddressGroup *gr = (DetectAddressGroup *)HashListTableGetListData(hb);
DetectAddress *gr = (DetectAddress *)HashListTableGetListData(hb);
if (gr == NULL)
continue;
@ -464,8 +464,8 @@ void IPOnlyAddSignature(DetectEngineCtx *de_ctx, DetectEngineIPOnlyCtx *io_ctx,
if (!(s->flags & SIG_FLAG_IPONLY))
return;
DetectAddressGroup *src = s->src.ipv4_head;
DetectAddressGroup *dst = s->dst.ipv4_head;
DetectAddress *src = s->src.ipv4_head;
DetectAddress *dst = s->dst.ipv4_head;
for ( ; src != NULL; src = src->next) {
IPOnlyAddSlash16(de_ctx, io_ctx, io_ctx->ht16_src, src, 0, s);

2
src/detect-ipproto.c
Unescape Escape View File

@ -591,7 +591,7 @@ cleanup:
DetectEngineCtxFree(de_ctx);
DetectSigGroupPrintMemory();
DetectAddressGroupPrintMemory();
DetectAddressPrintMemory();
end:
return result;

8
src/detect-parse.c
Unescape Escape View File

@ -270,13 +270,13 @@ int SigParseAddress(Signature *s, const char *addrstr, char flag) {
if (strcasecmp(addrstr, "any") == 0)
s->flags |= SIG_FLAG_SRC_ANY;
if (DetectAddressGroupParse(&s->src, addr) < 0)
if (DetectAddressParse(&s->src, addr) < 0)
goto error;
} else {
if (strcasecmp(addrstr, "any") == 0)
s->flags |= SIG_FLAG_DST_ANY;
if (DetectAddressGroupParse(&s->dst, addr) < 0)
if (DetectAddressParse(&s->dst, addr) < 0)
goto error;
}
@ -521,8 +521,8 @@ void SigFree(Signature *s) {
sm = nsm;
}
DetectAddressGroupsHeadCleanup(&s->src);
DetectAddressGroupsHeadCleanup(&s->dst);
DetectAddresssHeadCleanup(&s->src);
DetectAddresssHeadCleanup(&s->dst);
if (s->sp != NULL) {
DetectPortCleanupList(s->sp);

120
src/detect.c
Unescape Escape View File

@ -312,7 +312,7 @@ static inline SigGroupHead *SigMatchSignaturesGetSgh(ThreadVars *th_v, DetectEng
f = 1;
/* find the right mpm instance */
DetectAddressGroup *ag = DetectAddressLookupInHead(de_ctx->dsize_gh[ds].flow_gh[f].src_gh[p->proto],&p->src);
DetectAddress *ag = DetectAddressLookupInHead(de_ctx->dsize_gh[ds].flow_gh[f].src_gh[p->proto],&p->src);
if (ag != NULL) {
/* source group found, lets try a dst group */
ag = DetectAddressLookupInHead(ag->dst_gh,&p->dst);
@ -441,13 +441,13 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
/* check the source address */
if (!(s->flags & SIG_FLAG_SRC_ANY)) {
DetectAddressGroup *saddr = DetectAddressLookupInHead(&s->src,&p->src);
DetectAddress *saddr = DetectAddressLookupInHead(&s->src,&p->src);
if (saddr == NULL)
continue;
}
/* check the destination address */
if (!(s->flags & SIG_FLAG_DST_ANY)) {
DetectAddressGroup *daddr = DetectAddressLookupInHead(&s->dst,&p->dst);
DetectAddress *daddr = DetectAddressLookupInHead(&s->dst,&p->dst);
if (daddr == NULL)
continue;
}
@ -659,11 +659,11 @@ static int SignatureIsInspectingPayload(DetectEngineCtx *de_ctx, Signature *s) {
*/
int SigAddressPrepareStage1(DetectEngineCtx *de_ctx) {
Signature *tmp_s = NULL;
DetectAddressGroup *gr = NULL;
DetectAddress *gr = NULL;
uint32_t cnt = 0, cnt_iponly = 0;
uint32_t cnt_payload = 0;
//DetectAddressGroupPrintMemory();
//DetectAddressPrintMemory();
//DetectSigGroupPrintMemory();
//DetectPortPrintMemory();
@ -752,7 +752,7 @@ int SigAddressPrepareStage1(DetectEngineCtx *de_ctx) {
de_ctx->sig_cnt++;
}
//DetectAddressGroupPrintMemory();
//DetectAddressPrintMemory();
//DetectSigGroupPrintMemory();
//DetectPortPrintMemory();
@ -769,7 +769,7 @@ error:
}
static int DetectEngineLookupBuildSourceAddressList(DetectEngineCtx *de_ctx, DetectEngineLookupFlow *flow_gh, Signature *s, int family) {
DetectAddressGroup *gr = NULL, *lookup_gr = NULL, *head = NULL;
DetectAddress *gr = NULL, *lookup_gr = NULL, *head = NULL;
int proto;
if (family == AF_INET) {
@ -797,7 +797,7 @@ static int DetectEngineLookupBuildSourceAddressList(DetectEngineCtx *de_ctx, Det
}
if (lookup_gr == NULL) {
DetectAddressGroup *grtmp = DetectAddressGroupCopy(gr);
DetectAddress *grtmp = DetectAddressCopy(gr);
if (grtmp == NULL) {
goto error;
}
@ -805,11 +805,11 @@ static int DetectEngineLookupBuildSourceAddressList(DetectEngineCtx *de_ctx, Det
/* add to the lookup list */
if (family == AF_INET) {
DetectAddressGroupAdd(&flow_gh->tmp_gh[proto]->ipv4_head, grtmp);
DetectAddressAdd(&flow_gh->tmp_gh[proto]->ipv4_head, grtmp);
} else if (family == AF_INET6) {
DetectAddressGroupAdd(&flow_gh->tmp_gh[proto]->ipv6_head, grtmp);
DetectAddressAdd(&flow_gh->tmp_gh[proto]->ipv6_head, grtmp);
} else {
DetectAddressGroupAdd(&flow_gh->tmp_gh[proto]->any_head, grtmp);
DetectAddressAdd(&flow_gh->tmp_gh[proto]->any_head, grtmp);
}
} else {
/* our group will only have one sig, this one. So add that. */
@ -970,8 +970,8 @@ static int DetectEngineLookupDsizeAddSig(DetectEngineCtx *de_ctx, Signature *s,
return 0;
}
static DetectAddressGroup *GetHeadPtr(DetectAddressGroupsHead *head, int family) {
DetectAddressGroup *grhead;
static DetectAddress *GetHeadPtr(DetectAddresssHead *head, int family) {
DetectAddress *grhead;
if (head == NULL)
return NULL;
@ -1012,13 +1012,13 @@ static DetectAddressGroup *GetHeadPtr(DetectAddressGroupsHead *head, int family)
// || (c) == 2)
// || (c) == 3)
int CreateGroupedAddrListCmpCnt(DetectAddressGroup *a, DetectAddressGroup *b) {
int CreateGroupedAddrListCmpCnt(DetectAddress *a, DetectAddress *b) {
if (a->cnt > b->cnt)
return 1;
return 0;
}
int CreateGroupedAddrListCmpMpmMaxlen(DetectAddressGroup *a, DetectAddressGroup *b) {
int CreateGroupedAddrListCmpMpmMaxlen(DetectAddress *a, DetectAddress *b) {
if (a->sh == NULL || b->sh == NULL)
return 0;
@ -1035,10 +1035,10 @@ int CreateGroupedAddrListCmpMpmMaxlen(DetectAddressGroup *a, DetectAddressGroup
* srchead is a ordered "inserted" list w/o internal overlap
*
*/
int CreateGroupedAddrList(DetectEngineCtx *de_ctx, DetectAddressGroup *srchead, int family, DetectAddressGroupsHead *newhead, uint32_t unique_groups, int (*CompareFunc)(DetectAddressGroup *, DetectAddressGroup *), uint32_t max_idx) {
DetectAddressGroup *tmplist = NULL, *tmplist2 = NULL, *joingr = NULL;
int CreateGroupedAddrList(DetectEngineCtx *de_ctx, DetectAddress *srchead, int family, DetectAddresssHead *newhead, uint32_t unique_groups, int (*CompareFunc)(DetectAddress *, DetectAddress *), uint32_t max_idx) {
DetectAddress *tmplist = NULL, *tmplist2 = NULL, *joingr = NULL;
char insert = 0;
DetectAddressGroup *gr, *next_gr;
DetectAddress *gr, *next_gr;
uint32_t groups = 0;
/* insert the addresses into the tmplist, where it will
@ -1052,7 +1052,7 @@ int CreateGroupedAddrList(DetectEngineCtx *de_ctx, DetectAddressGroup *srchead,
groups++;
/* alloc a copy */
DetectAddressGroup *newtmp = DetectAddressGroupCopy(gr);
DetectAddress *newtmp = DetectAddressCopy(gr);
if (newtmp == NULL) {
goto error;
}
@ -1065,7 +1065,7 @@ int CreateGroupedAddrList(DetectEngineCtx *de_ctx, DetectAddressGroup *srchead,
}
/* insert it */
DetectAddressGroup *tmpgr = tmplist, *prevtmpgr = NULL;
DetectAddress *tmpgr = tmplist, *prevtmpgr = NULL;
if (tmplist == NULL) {
/* empty list, set head */
tmplist = newtmp;
@ -1100,7 +1100,7 @@ int CreateGroupedAddrList(DetectEngineCtx *de_ctx, DetectAddressGroup *srchead,
if (i == 0) {
if (joingr == NULL) {
joingr = DetectAddressGroupCopy(gr);
joingr = DetectAddressCopy(gr);
if (joingr == NULL) {
goto error;
}
@ -1113,10 +1113,10 @@ int CreateGroupedAddrList(DetectEngineCtx *de_ctx, DetectAddressGroup *srchead,
joingr->flags |= ADDRESS_HAVEPORT;
}
} else {
DetectAddressGroupJoin(de_ctx, joingr, gr);
DetectAddressJoin(de_ctx, joingr, gr);
}
} else {
DetectAddressGroup *newtmp = DetectAddressGroupCopy(gr);
DetectAddress *newtmp = DetectAddressCopy(gr);
if (newtmp == NULL) {
goto error;
}
@ -1139,7 +1139,7 @@ int CreateGroupedAddrList(DetectEngineCtx *de_ctx, DetectAddressGroup *srchead,
if (i)i--;
next_gr = gr->next;
DetectAddressGroupFree(gr);
DetectAddressFree(gr);
gr = next_gr;
}
@ -1151,7 +1151,7 @@ int CreateGroupedAddrList(DetectEngineCtx *de_ctx, DetectAddressGroup *srchead,
for (gr = tmplist2; gr != NULL; ) {
BUG_ON(gr->family == 0 && !(gr->flags & ADDRESS_FLAG_ANY));
DetectAddressGroup *newtmp = DetectAddressGroupCopy(gr);
DetectAddress *newtmp = DetectAddressCopy(gr);
if (newtmp == NULL) {
goto error;
}
@ -1163,16 +1163,16 @@ int CreateGroupedAddrList(DetectEngineCtx *de_ctx, DetectAddressGroup *srchead,
newtmp->flags |= ADDRESS_HAVEPORT;
}
DetectAddressGroupInsert(de_ctx, newhead, newtmp);
DetectAddressInsert(de_ctx, newhead, newtmp);
next_gr = gr->next;
DetectAddressGroupFree(gr);
DetectAddressFree(gr);
gr = next_gr;
}
/* if present, insert the joingr that covers the rest */
if (joingr != NULL) {
DetectAddressGroupInsert(de_ctx, newhead, joingr);
DetectAddressInsert(de_ctx, newhead, joingr);
}
return 0;
@ -1349,7 +1349,7 @@ error:
*/
int SigAddressPrepareStage2(DetectEngineCtx *de_ctx) {
Signature *tmp_s = NULL;
DetectAddressGroup *gr = NULL;
DetectAddress *gr = NULL;
uint32_t sigs = 0;
if (!(de_ctx->flags & DE_QUIET)) {
@ -1363,11 +1363,11 @@ int SigAddressPrepareStage2(DetectEngineCtx *de_ctx) {
for (ds = 0; ds < DSIZE_STATES; ds++) {
for (f = 0; f < FLOW_STATES; f++) {
for (proto = 0; proto < 256; proto++) {
de_ctx->dsize_gh[ds].flow_gh[f].src_gh[proto] = DetectAddressGroupsHeadInit();
de_ctx->dsize_gh[ds].flow_gh[f].src_gh[proto] = DetectAddresssHeadInit();
if (de_ctx->dsize_gh[ds].flow_gh[f].src_gh[proto] == NULL) {
goto error;
}
de_ctx->dsize_gh[ds].flow_gh[f].tmp_gh[proto] = DetectAddressGroupsHeadInit();
de_ctx->dsize_gh[ds].flow_gh[f].tmp_gh[proto] = DetectAddresssHeadInit();
if (de_ctx->dsize_gh[ds].flow_gh[f].tmp_gh[proto] == NULL) {
goto error;
}
@ -1409,16 +1409,16 @@ int SigAddressPrepareStage2(DetectEngineCtx *de_ctx) {
de_ctx->dsize_gh[ds].flow_gh[f].src_gh[proto], groups,
CreateGroupedAddrListCmpMpmMaxlen, DetectEngineGetMaxSigId(de_ctx));
DetectAddressGroupsHeadFree(de_ctx->dsize_gh[ds].flow_gh[f].tmp_gh[proto]);
DetectAddresssHeadFree(de_ctx->dsize_gh[ds].flow_gh[f].tmp_gh[proto]);
de_ctx->dsize_gh[ds].flow_gh[f].tmp_gh[proto] = NULL;
}
}
}
//DetectAddressGroupPrintMemory();
//DetectAddressPrintMemory();
//DetectSigGroupPrintMemory();
//printf("g_src_gh strt\n");
//DetectAddressGroupPrintList(g_src_gh->ipv4_head);
//DetectAddressPrintList(g_src_gh->ipv4_head);
//printf("g_src_gh end\n");
IPOnlyPrepare(de_ctx);
@ -1532,12 +1532,12 @@ error:
return -1;
}
int BuildDestinationAddressHeads(DetectEngineCtx *de_ctx, DetectAddressGroupsHead *head, int family, int dsize, int flow) {
int BuildDestinationAddressHeads(DetectEngineCtx *de_ctx, DetectAddresssHead *head, int family, int dsize, int flow) {
Signature *tmp_s = NULL;
DetectAddressGroup *gr = NULL, *sgr = NULL, *lookup_gr = NULL;
DetectAddress *gr = NULL, *sgr = NULL, *lookup_gr = NULL;
uint32_t max_idx = 0;
DetectAddressGroup *grhead = NULL, *grdsthead = NULL, *grsighead = NULL;
DetectAddress *grhead = NULL, *grdsthead = NULL, *grsighead = NULL;
/* based on the family, select the list we are using in the head */
grhead = GetHeadPtr(head,family);
@ -1547,13 +1547,13 @@ int BuildDestinationAddressHeads(DetectEngineCtx *de_ctx, DetectAddressGroupsHea
//printf(" * Source group: "); DetectAddressPrint(gr); printf("\n");
/* initialize the destination group head */
gr->dst_gh = DetectAddressGroupsHeadInit();
gr->dst_gh = DetectAddresssHeadInit();
if (gr->dst_gh == NULL) {
goto error;
}
/* use a tmp list for speeding up insertions */
DetectAddressGroup *tmp_gr_list = NULL;
DetectAddress *tmp_gr_list = NULL;
/* loop through all signatures in this source address group
* and build the temporary destination address list for it */
@ -1572,13 +1572,13 @@ int BuildDestinationAddressHeads(DetectEngineCtx *de_ctx, DetectAddressGroupsHea
grsighead = GetHeadPtr(&tmp_s->dst, family);
for (sgr = grsighead; sgr != NULL; sgr = sgr->next) {
if ((lookup_gr = DetectAddressLookupInList(tmp_gr_list, sgr)) == NULL) {
DetectAddressGroup *grtmp = DetectAddressGroupCopy(gr);
DetectAddress *grtmp = DetectAddressCopy(gr);
if (grtmp == NULL) {
goto error;
}
SigGroupHeadAppendSig(de_ctx,&grtmp->sh,tmp_s);
DetectAddressGroupAdd(&tmp_gr_list,grtmp);
DetectAddressAdd(&tmp_gr_list,grtmp);
} else {
/* our group will only have one sig, this one. So add that. */
SigGroupHeadAppendSig(de_ctx,&lookup_gr->sh,tmp_s);
@ -1690,7 +1690,7 @@ int BuildDestinationAddressHeads(DetectEngineCtx *de_ctx, DetectAddressGroupsHea
}
/* free the temp list */
DetectAddressGroupCleanupList(tmp_gr_list);
DetectAddressCleanupList(tmp_gr_list);
/* clear now unneeded sig group head */
SCLogDebug("calling SigGroupHeadFree gr %p, gr->sh %p", gr, gr->sh);
SigGroupHeadFree(gr->sh);
@ -1702,10 +1702,10 @@ error:
return -1;
}
static int BuildDestinationAddressHeadsWithBothPorts(DetectEngineCtx *de_ctx, DetectAddressGroupsHead *head, int family, int dsize, int flow) {
static int BuildDestinationAddressHeadsWithBothPorts(DetectEngineCtx *de_ctx, DetectAddresssHead *head, int family, int dsize, int flow) {
Signature *tmp_s = NULL;
DetectAddressGroup *src_gr = NULL, *dst_gr = NULL, *sig_gr = NULL, *lookup_gr = NULL;
DetectAddressGroup *src_gr_head = NULL, *dst_gr_head = NULL, *sig_gr_head = NULL;
DetectAddress *src_gr = NULL, *dst_gr = NULL, *sig_gr = NULL, *lookup_gr = NULL;
DetectAddress *src_gr_head = NULL, *dst_gr_head = NULL, *sig_gr_head = NULL;
uint32_t max_idx = 0;
/* loop through the global source address list */
@ -1714,13 +1714,13 @@ static int BuildDestinationAddressHeadsWithBothPorts(DetectEngineCtx *de_ctx, De
//printf(" * Source group: "); DetectAddressPrint(src_gr); printf("\n");
/* initialize the destination group head */
src_gr->dst_gh = DetectAddressGroupsHeadInit();
src_gr->dst_gh = DetectAddresssHeadInit();
if (src_gr->dst_gh == NULL) {
goto error;
}
/* use a tmp list for speeding up insertions */
DetectAddressGroup *tmp_gr_list = NULL;
DetectAddress *tmp_gr_list = NULL;
/* loop through all signatures in this source address group
* and build the temporary destination address list for it */
@ -1743,13 +1743,13 @@ static int BuildDestinationAddressHeadsWithBothPorts(DetectEngineCtx *de_ctx, De
//printf(" * Sig dst addr: "); DetectAddressPrint(sig_gr); printf("\n");
if ((lookup_gr = DetectAddressLookupInList(tmp_gr_list, sig_gr)) == NULL) {
DetectAddressGroup *grtmp = DetectAddressGroupCopy(sig_gr);
DetectAddress *grtmp = DetectAddressCopy(sig_gr);
if (grtmp == NULL) {
goto error;
}
SigGroupHeadAppendSig(de_ctx, &grtmp->sh, tmp_s);
DetectAddressGroupAdd(&tmp_gr_list,grtmp);
DetectAddressAdd(&tmp_gr_list,grtmp);
} else {
/* our group will only have one sig, this one. So add that. */
SigGroupHeadAppendSig(de_ctx, &lookup_gr->sh, tmp_s);
@ -2008,7 +2008,7 @@ static int BuildDestinationAddressHeadsWithBothPorts(DetectEngineCtx *de_ctx, De
}
}
/* free the temp list */
DetectAddressGroupCleanupList(tmp_gr_list);
DetectAddressCleanupList(tmp_gr_list);
/* clear now unneeded sig group head */
SigGroupHeadFree(src_gr->sh);
src_gr->sh = NULL;
@ -2044,7 +2044,7 @@ int SigAddressPrepareStage3(DetectEngineCtx *de_ctx) {
SCLogInfo("building signature grouping structure, stage 3: "
"building destination address lists...");
}
//DetectAddressGroupPrintMemory();
//DetectAddressPrintMemory();
//DetectSigGroupPrintMemory();
//DetectPortPrintMemory();
@ -2157,7 +2157,7 @@ int SigAddressCleanupStage1(DetectEngineCtx *de_ctx) {
for (f = 0; f < FLOW_STATES; f++) {
for (proto = 0; proto < 256; proto++) {
/* XXX fix this */
DetectAddressGroupsHeadFree(de_ctx->dsize_gh[ds].flow_gh[f].src_gh[proto]);
DetectAddresssHeadFree(de_ctx->dsize_gh[ds].flow_gh[f].src_gh[proto]);
de_ctx->dsize_gh[ds].flow_gh[f].src_gh[proto] = NULL;
}
}
@ -2227,8 +2227,8 @@ void DbgSghContainsSig(DetectEngineCtx *de_ctx, SigGroupHead *sgh, uint32_t sid)
/* just printing */
int SigAddressPrepareStage5(DetectEngineCtx *de_ctx) {
DetectAddressGroupsHead *global_dst_gh = NULL;
DetectAddressGroup *global_src_gr = NULL, *global_dst_gr = NULL;
DetectAddresssHead *global_dst_gh = NULL;
DetectAddress *global_src_gr = NULL, *global_dst_gr = NULL;
int i;
printf("* Building signature grouping structure, stage 5: print...\n");
@ -2517,7 +2517,7 @@ int SigGroupBuild (DetectEngineCtx *de_ctx) {
SigAddressPrepareStage3(de_ctx);
// SigAddressPrepareStage5(de_ctx);
DbgPrintScanSearchStats();
// DetectAddressGroupPrintMemory();
// DetectAddressPrintMemory();
// DetectSigGroupPrintMemory();
// DetectPortPrintMemory();
return 0;
@ -6415,7 +6415,7 @@ static int SigTestMemory01 (void) {
printf("@pre cleanup\n\n");
DetectSigGroupPrintMemory();
DetectAddressGroupPrintMemory();
DetectAddressPrintMemory();
DetectPortPrintMemory();
SigGroupCleanup(de_ctx);
@ -6424,7 +6424,7 @@ printf("@pre cleanup\n\n");
printf("@exit\n\n");
DetectSigGroupPrintMemory();
DetectAddressGroupPrintMemory();
DetectAddressPrintMemory();
DetectPortPrintMemory();
result = 1;
@ -6463,11 +6463,11 @@ printf("@cleanup\n\n");
printf("@exit\n\n");
DetectSigGroupPrintMemory();
DetectAddressGroupPrintMemory();
DetectAddressPrintMemory();
DetectPortPrintMemory();
printf("@exit\n\n");
DetectSigGroupPrintMemory();
DetectAddressGroupPrintMemory();
DetectAddressPrintMemory();
DetectPortPrintMemory();
result = 1;
@ -6511,7 +6511,7 @@ printf("@cleanup\n\n");
printf("@exit\n\n");
DetectSigGroupPrintMemory();
DetectAddressGroupPrintMemory();
DetectAddressPrintMemory();
DetectPortPrintMemory();
result = 1;

28
src/detect.h
Unescape Escape View File

@ -40,7 +40,7 @@ enum {
#define ADDRESS_PORTS_NOTUNIQ 0x10
#define ADDRESS_HAVEPORT 0x20
typedef struct DetectAddressGroup_ {
typedef struct DetectAddress_ {
/* address data for this group */
uint8_t family;
uint32_t ip[4];
@ -48,7 +48,7 @@ typedef struct DetectAddressGroup_ {
/* XXX ptr to rules, or PortGroup or whatever */
union {
struct DetectAddressGroupsHead_ *dst_gh;
struct DetectAddresssHead_ *dst_gh;
struct DetectPort_ *port;
};
/* signatures that belong in this group */
@ -56,18 +56,18 @@ typedef struct DetectAddressGroup_ {
uint8_t flags;
/* double linked list */
struct DetectAddressGroup_ *prev;
struct DetectAddressGroup_ *next;
struct DetectAddress_ *prev;
struct DetectAddress_ *next;
uint32_t cnt;
} DetectAddressGroup;
} DetectAddress;
/** Signature grouping head. Here 'any', ipv4 and ipv6 are split out */
typedef struct DetectAddressGroupsHead_ {
DetectAddressGroup *any_head;
DetectAddressGroup *ipv4_head;
DetectAddressGroup *ipv6_head;
} DetectAddressGroupsHead;
typedef struct DetectAddresssHead_ {
DetectAddress *any_head;
DetectAddress *ipv4_head;
DetectAddress *ipv6_head;
} DetectAddresssHead;
/*
* DETECT PORT
@ -131,7 +131,7 @@ typedef struct DetectPort_ {
#define DE_QUIET 0x01 /**< DE is quiet (esp for unittests) */
typedef struct DetectEngineIPOnlyThreadCtx_ {
DetectAddressGroup *src, *dst;
DetectAddress *src, *dst;
uint8_t *sig_match_array; /* bit array of sig nums */
uint32_t sig_match_size; /* size in bytes of the array */
} DetectEngineIPOnlyThreadCtx;
@ -149,7 +149,7 @@ typedef struct Signature_ {
char *msg;
/** addresses, ports and proto this sig matches on */
DetectAddressGroupsHead src, dst;
DetectAddresssHead src, dst;
DetectProto proto;
DetectPort *sp, *dp;
@ -190,8 +190,8 @@ typedef struct DetectEngineIPOnlyCtx_ {
} DetectEngineIPOnlyCtx;
typedef struct DetectEngineLookupFlow_ {
DetectAddressGroupsHead *src_gh[256]; /* a head for each protocol */
DetectAddressGroupsHead *tmp_gh[256];
DetectAddresssHead *src_gh[256]; /* a head for each protocol */
DetectAddresssHead *tmp_gh[256];
} DetectEngineLookupFlow;
/* Flow status

Write Preview
Loading…
Cancel
Save