aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ee7e689b54'
${ noResults }
suricata/src/detect-pktvar.c

233 lines
6.4 KiB
C
Raw Normal View History Unescape Escape

GPL and Copyright header updates.
15 years ago
/* Copyright (C) 2007-2010 Open Information Security Foundation
Implement per packet variables and switch the http stuff to it.
17 years ago
*
Import of GPLv2 Header 050410
15 years ago
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/**
* \file
*
* \author Victor Julien <victor@inliniac.net>
*
* Implements the pktvar keyword
*/
Implement per packet variables and switch the http stuff to it.
17 years ago
Rename to Suricata.
15 years ago
#include "suricata-common.h"
Implement per packet variables and switch the http stuff to it.
17 years ago
#include "decode.h"
Convert uricontent to use new scanning methods as well. Move http_method and http_cookie keywords out of pmatch list for now.
15 years ago
Implement per packet variables and switch the http stuff to it.
17 years ago
#include "detect.h"
Convert uricontent to use new scanning methods as well. Move http_method and http_cookie keywords out of pmatch list for now.
15 years ago
#include "detect-parse.h"
Implement per packet variables and switch the http stuff to it.
17 years ago
#include "threads.h"
#include "pkt-var.h"
#include "detect-pktvar.h"
Adding single pattern matcher algorithms. If you cannot store a context for the patterns, use SpmSearch() macro. Adding unittests and stats
15 years ago
#include "util-spm.h"
More logging API usage. Changed logging macro's slightly so the vars inside them won't conflict with vars used by the calling function.
16 years ago
#include "util-debug.h"
Implement per packet variables and switch the http stuff to it.
17 years ago
#define PARSE_REGEX "(.*),(.*)"
static pcre *parse_regex;
static pcre_extra *parse_regex_study;
detect: constify Signature/SigMatch use at runtime
9 years ago
static int DetectPktvarMatch (ThreadVars *, DetectEngineThreadCtx *, Packet *,
const Signature *, const SigMatchCtx *);
Detection keyword cleanup
15 years ago
static int DetectPktvarSetup (DetectEngineCtx *, Signature *, char *);
Implement per packet variables and switch the http stuff to it.
17 years ago
Enforce function coding standard Functions should be defined as: int foo(void) { } Rather than: int food(void) { } All functions where changed by a script to match this standard.
11 years ago
void DetectPktvarRegister (void)
{
Implement per packet variables and switch the http stuff to it.
17 years ago
sigmatch_table[DETECT_PKTVAR].name = "pktvar";
sigmatch_table[DETECT_PKTVAR].Match = DetectPktvarMatch;
sigmatch_table[DETECT_PKTVAR].Setup = DetectPktvarSetup;
sigmatch_table[DETECT_PKTVAR].Free = NULL;
sigmatch_table[DETECT_PKTVAR].RegisterTests = NULL;
detect keywords: use parse regex util func
9 years ago
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
Implement per packet variables and switch the http stuff to it.
17 years ago
}
/*
* returns 0: no match
* 1: match
* -1: error
*/
detect: constify Signature/SigMatch use at runtime
9 years ago
static int DetectPktvarMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p,
const Signature *s, const SigMatchCtx *ctx)
Implement per packet variables and switch the http stuff to it.
17 years ago
{
int ret = 0;
Change Match() function to take const SigMatchCtx* The Match functions don't need a pointer to the SigMatch object, just the context pointer contained inside, so pass the Context to the Match function rather than the SigMatch object. This allows for further optimization. Change SigMatch->ctx to have type SigMatchCtx* rather than void* for better type checking. This requires adding type casts when using or assigning it. The SigMatch contex should not be changed by the Match() funciton, so pass it as a const SigMatchCtx*.
11 years ago
const DetectPktvarData *pd = (const DetectPktvarData *)ctx;
Implement per packet variables and switch the http stuff to it.
17 years ago
pkt-var: use id instead of name pointer
8 years ago
PktVar *pv = PktVarGet(p, pd->id);
Implement per packet variables and switch the http stuff to it.
17 years ago
if (pv != NULL) {
Adding single pattern matcher algorithms. If you cannot store a context for the patterns, use SpmSearch() macro. Adding unittests and stats
15 years ago
uint8_t *ptr = SpmSearch(pv->value, pv->value_len, pd->content, pd->content_len);
Implement per packet variables and switch the http stuff to it.
17 years ago
if (ptr != NULL)
ret = 1;
}
return ret;
}
Detection keyword cleanup
15 years ago
static int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, char *rawstr)
Implement per packet variables and switch the http stuff to it.
17 years ago
{
DetectPktvarData *cd = NULL;
SigMatch *sm = NULL;
char *str = rawstr;
char dubbed = 0;
64 bit cleanup part2
16 years ago
uint16_t len;
Implement per packet variables and switch the http stuff to it.
17 years ago
char *varname = NULL, *varcontent = NULL;
#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS);
2nd try of fixing some bugs reported by static code analysis tool.
16 years ago
if (ret != 3) {
Improve information about errors on signature failure
15 years ago
SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for pktvar.", rawstr);
2nd try of fixing some bugs reported by static code analysis tool.
16 years ago
return -1;
}
const char *str_ptr;
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, &str_ptr);
if (res < 0) {
Improve information about errors on signature failure
15 years ago
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
2nd try of fixing some bugs reported by static code analysis tool.
16 years ago
return -1;
}
varname = (char *)str_ptr;
if (ret > 2) {
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, &str_ptr);
Implement per packet variables and switch the http stuff to it.
17 years ago
if (res < 0) {
Improve information about errors on signature failure
15 years ago
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
Implement per packet variables and switch the http stuff to it.
17 years ago
return -1;
}
2nd try of fixing some bugs reported by static code analysis tool.
16 years ago
varcontent = (char *)str_ptr;
Implement per packet variables and switch the http stuff to it.
17 years ago
}
More logging API usage. Changed logging macro's slightly so the vars inside them won't conflict with vars used by the calling function.
16 years ago
SCLogDebug("varname %s, varcontent %s", varname, varcontent);
Implement per packet variables and switch the http stuff to it.
17 years ago
if (varcontent[0] == '\"' && varcontent[strlen(varcontent)-1] == '\"') {
Adding mem wrapper to debug runtime alloc()/free() functions. Fixing some memory leaks.
15 years ago
str = SCStrdup(varcontent+1);
Use unlikely for error treatment. When handling error case on SCMallog, SCCalloc or SCStrdup we are in an unlikely case. This patch adds the unlikely() expression to indicate this to gcc. This patch has been obtained via coccinelle. The transformation is the following: @istested@ identifier x; statement S1; identifier func =~ "(SCMalloc|SCStrdup|SCCalloc)"; @@ x = func(...) ... when != x - if (x == NULL) S1 + if (unlikely(x == NULL)) S1
13 years ago
if (unlikely(str == NULL)) {
Various fixes for issues reported by clang.
14 years ago
return -1;
}
Implement per packet variables and switch the http stuff to it.
17 years ago
str[strlen(varcontent)-2] = '\0';
dubbed = 1;
}
len = strlen(str);
Memory leak cleanup in detectors Hello, I ran the code through an analysis program and found several leaks that should be cleaned up. *In src/detect-engine-address-ipv4.c at line 472, the test for ag == NULL will never be true since that is the loop entry test. *In src/detect-engine-port.c at line 1133, the test for p == NULL will never be true since that is the loop entry test. *In src/detect-engine-mpm.c at line 263 is a return without freeing fast_pattern *In src/detect-ack.c at line 80 and 85, data catches the return from malloc. One of them should be deleted. *In src/detect-seq.c at line 81 and 86, data catches the return from malloc. One of them should be deleted. *In src/detect-content.c at line 749, many of the paths that lead to the error exit still has temp pointing to allocated memory. To clean this up, temp should be set to NULL if not immediately assigning and new value. *In src/detect-uricontent.c at line 319, both cd and str needto be freed. At lines 344, str needs to be freed. And at line 347 str and temp need to be freed. *In src/detect-flowbits.c at line 231 and 235, str was not being freed. cd was not being freed at line 235. *In src/detect-flowvar.c at line 127, str was not being freed. At line 194, cd and str were not being freed. *In src/detect-flowint.c at line 277, sfd was not being freed. At line 315, str was not being freed. *In src/detect-pktvar.c at line 121, str was not being freed. At line 188, str and cd was not being freed. *In src/detect-pcre.c at line 389, there is an extra free of "re" that should be deleted. *In src/detect-depth.c at line 42 & 48, str has not been freed. *In src/detect-distance.c at line 49 and 55, str has not been freed *In src/detect-offset.c at line 45, str has not been freed. The patch below fixes these issues. -Steve
15 years ago
if (len == 0) {
Adding mem wrapper to debug runtime alloc()/free() functions. Fixing some memory leaks.
15 years ago
if (dubbed) SCFree(str);
Implement per packet variables and switch the http stuff to it.
17 years ago
return -1;
Memory leak cleanup in detectors Hello, I ran the code through an analysis program and found several leaks that should be cleaned up. *In src/detect-engine-address-ipv4.c at line 472, the test for ag == NULL will never be true since that is the loop entry test. *In src/detect-engine-port.c at line 1133, the test for p == NULL will never be true since that is the loop entry test. *In src/detect-engine-mpm.c at line 263 is a return without freeing fast_pattern *In src/detect-ack.c at line 80 and 85, data catches the return from malloc. One of them should be deleted. *In src/detect-seq.c at line 81 and 86, data catches the return from malloc. One of them should be deleted. *In src/detect-content.c at line 749, many of the paths that lead to the error exit still has temp pointing to allocated memory. To clean this up, temp should be set to NULL if not immediately assigning and new value. *In src/detect-uricontent.c at line 319, both cd and str needto be freed. At lines 344, str needs to be freed. And at line 347 str and temp need to be freed. *In src/detect-flowbits.c at line 231 and 235, str was not being freed. cd was not being freed at line 235. *In src/detect-flowvar.c at line 127, str was not being freed. At line 194, cd and str were not being freed. *In src/detect-flowint.c at line 277, sfd was not being freed. At line 315, str was not being freed. *In src/detect-pktvar.c at line 121, str was not being freed. At line 188, str and cd was not being freed. *In src/detect-pcre.c at line 389, there is an extra free of "re" that should be deleted. *In src/detect-depth.c at line 42 & 48, str has not been freed. *In src/detect-distance.c at line 49 and 55, str has not been freed *In src/detect-offset.c at line 45, str has not been freed. The patch below fixes these issues. -Steve
15 years ago
}
Implement per packet variables and switch the http stuff to it.
17 years ago
Adding mem wrapper to debug runtime alloc()/free() functions. Fixing some memory leaks.
15 years ago
cd = SCMalloc(sizeof(DetectPktvarData));
Use unlikely for error treatment. When handling error case on SCMallog, SCCalloc or SCStrdup we are in an unlikely case. This patch adds the unlikely() expression to indicate this to gcc. This patch has been obtained via coccinelle. The transformation is the following: @istested@ identifier x; statement S1; identifier func =~ "(SCMalloc|SCStrdup|SCCalloc)"; @@ x = func(...) ... when != x - if (x == NULL) S1 + if (unlikely(x == NULL)) S1
13 years ago
if (unlikely(cd == NULL))
Implement per packet variables and switch the http stuff to it.
17 years ago
goto error;
char converted = 0;
{
64 bit cleanup part2
16 years ago
uint16_t i, x;
uint8_t bin = 0, binstr[3] = "", binpos = 0;
Implement per packet variables and switch the http stuff to it.
17 years ago
for (i = 0, x = 0; i < len; i++) {
// printf("str[%02u]: %c\n", i, str[i]);
if (str[i] == '|') {
if (bin) {
bin = 0;
} else {
bin = 1;
}
} else {
if (bin) {
Silence compiler warnings found by clang
12 years ago
if (isdigit((unsigned char)str[i]) ||
Implement per packet variables and switch the http stuff to it.
17 years ago
str[i] == 'A' || str[i] == 'a' ||
str[i] == 'B' || str[i] == 'b' ||
str[i] == 'C' || str[i] == 'c' ||
str[i] == 'D' || str[i] == 'd' ||
str[i] == 'E' || str[i] == 'e' ||
str[i] == 'F' || str[i] == 'f') {
// printf("part of binary: %c\n", str[i]);
binstr[binpos] = (char)str[i];
binpos++;
if (binpos == 2) {
64 bit cleanup part2
16 years ago
uint8_t c = strtol((char *)binstr, (char **) NULL, 16) & 0xFF;
Implement per packet variables and switch the http stuff to it.
17 years ago
binpos = 0;
str[x] = c;
x++;
converted = 1;
}
} else if (str[i] == ' ') {
// printf("space as part of binary string\n");
}
} else {
str[x] = str[i];
x++;
}
}
}
Add pktvar and flowvar tests to ip only unittest. Make output cleaner.
16 years ago
#ifdef DEBUG
More logging API usage. Changed logging macro's slightly so the vars inside them won't conflict with vars used by the calling function.
16 years ago
if (SCLogDebugEnabled()) {
Implement per packet variables and switch the http stuff to it.
17 years ago
for (i = 0; i < x; i++) {
clang: fix warnings when debug is enabled
12 years ago
if (isprint((unsigned char)str[i])) printf("%c", str[i]);
else printf("\\x%02u", str[i]);
Implement per packet variables and switch the http stuff to it.
17 years ago
}
printf("\n");
More logging API usage. Changed logging macro's slightly so the vars inside them won't conflict with vars used by the calling function.
16 years ago
}
Add pktvar and flowvar tests to ip only unittest. Make output cleaner.
16 years ago
#endif
Implement per packet variables and switch the http stuff to it.
17 years ago
if (converted)
len = x;
}
coverity: suppress CID 1038112
9 years ago
/* coverity[alloc_strlen : FALSE]
* not an actual string, but a byte array */
Adding mem wrapper to debug runtime alloc()/free() functions. Fixing some memory leaks.
15 years ago
cd->content = SCMalloc(len);
Memory leak cleanup in detectors Hello, I ran the code through an analysis program and found several leaks that should be cleaned up. *In src/detect-engine-address-ipv4.c at line 472, the test for ag == NULL will never be true since that is the loop entry test. *In src/detect-engine-port.c at line 1133, the test for p == NULL will never be true since that is the loop entry test. *In src/detect-engine-mpm.c at line 263 is a return without freeing fast_pattern *In src/detect-ack.c at line 80 and 85, data catches the return from malloc. One of them should be deleted. *In src/detect-seq.c at line 81 and 86, data catches the return from malloc. One of them should be deleted. *In src/detect-content.c at line 749, many of the paths that lead to the error exit still has temp pointing to allocated memory. To clean this up, temp should be set to NULL if not immediately assigning and new value. *In src/detect-uricontent.c at line 319, both cd and str needto be freed. At lines 344, str needs to be freed. And at line 347 str and temp need to be freed. *In src/detect-flowbits.c at line 231 and 235, str was not being freed. cd was not being freed at line 235. *In src/detect-flowvar.c at line 127, str was not being freed. At line 194, cd and str were not being freed. *In src/detect-flowint.c at line 277, sfd was not being freed. At line 315, str was not being freed. *In src/detect-pktvar.c at line 121, str was not being freed. At line 188, str and cd was not being freed. *In src/detect-pcre.c at line 389, there is an extra free of "re" that should be deleted. *In src/detect-depth.c at line 42 & 48, str has not been freed. *In src/detect-distance.c at line 49 and 55, str has not been freed *In src/detect-offset.c at line 45, str has not been freed. The patch below fixes these issues. -Steve
15 years ago
if (cd->content == NULL) {
Adding mem wrapper to debug runtime alloc()/free() functions. Fixing some memory leaks.
15 years ago
SCFree(cd);
if (dubbed) SCFree(str);
Implement per packet variables and switch the http stuff to it.
17 years ago
return -1;
Memory leak cleanup in detectors Hello, I ran the code through an analysis program and found several leaks that should be cleaned up. *In src/detect-engine-address-ipv4.c at line 472, the test for ag == NULL will never be true since that is the loop entry test. *In src/detect-engine-port.c at line 1133, the test for p == NULL will never be true since that is the loop entry test. *In src/detect-engine-mpm.c at line 263 is a return without freeing fast_pattern *In src/detect-ack.c at line 80 and 85, data catches the return from malloc. One of them should be deleted. *In src/detect-seq.c at line 81 and 86, data catches the return from malloc. One of them should be deleted. *In src/detect-content.c at line 749, many of the paths that lead to the error exit still has temp pointing to allocated memory. To clean this up, temp should be set to NULL if not immediately assigning and new value. *In src/detect-uricontent.c at line 319, both cd and str needto be freed. At lines 344, str needs to be freed. And at line 347 str and temp need to be freed. *In src/detect-flowbits.c at line 231 and 235, str was not being freed. cd was not being freed at line 235. *In src/detect-flowvar.c at line 127, str was not being freed. At line 194, cd and str were not being freed. *In src/detect-flowint.c at line 277, sfd was not being freed. At line 315, str was not being freed. *In src/detect-pktvar.c at line 121, str was not being freed. At line 188, str and cd was not being freed. *In src/detect-pcre.c at line 389, there is an extra free of "re" that should be deleted. *In src/detect-depth.c at line 42 & 48, str has not been freed. *In src/detect-distance.c at line 49 and 55, str has not been freed *In src/detect-offset.c at line 45, str has not been freed. The patch below fixes these issues. -Steve
15 years ago
}
Implement per packet variables and switch the http stuff to it.
17 years ago
pkt-var: use id instead of name pointer
8 years ago
cd->id = VarNameStoreSetupAdd(varname, VAR_TYPE_PKT_VAR);
Improve pktvar keyword parsing and error handling.
13 years ago
Implement per packet variables and switch the http stuff to it.
17 years ago
memcpy(cd->content, str, len);
cd->content_len = len;
cd->flags = 0;
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
sm = SigMatchAlloc();
if (sm == NULL)
goto error;
Order the signatures based on certain rule parameters like actions, flowbits, flowvar, pktvar, priority etc
16 years ago
sm->type = DETECT_PKTVAR;
Change Match() function to take const SigMatchCtx* The Match functions don't need a pointer to the SigMatch object, just the context pointer contained inside, so pass the Context to the Match function rather than the SigMatch object. This allows for further optimization. Change SigMatch->ctx to have type SigMatchCtx* rather than void* for better type checking. This requires adding type casts when using or assigning it. The SigMatch contex should not be changed by the Match() funciton, so pass it as a const SigMatchCtx*.
11 years ago
sm->ctx = (SigMatchCtx *)cd;
Implement per packet variables and switch the http stuff to it.
17 years ago
code cleanup - replace SigMatchAppendPacket with SigMatchAppendSMToList
13 years ago
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
Implement per packet variables and switch the http stuff to it.
17 years ago
Adding mem wrapper to debug runtime alloc()/free() functions. Fixing some memory leaks.
15 years ago
if (dubbed) SCFree(str);
Implement per packet variables and switch the http stuff to it.
17 years ago
return 0;
error:
Improve pktvar keyword parsing and error handling.
13 years ago
if (dubbed)
SCFree(str);
if (cd) {
SCFree(cd);
}
if (sm)
SCFree(sm);
Implement per packet variables and switch the http stuff to it.
17 years ago
return -1;
}