From 055b422c28c753d067b06862149d6d0225318c8c Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Sat, 20 Jul 2013 12:24:17 +0200 Subject: [PATCH] Remove obsolete code: flow alert sid storage --- src/Makefile.am | 1 - src/detect-pcre.c | 1 - src/detect-uricontent.c | 1 - src/detect.c | 4 +- src/detect.h | 1 - src/flow-alert-sid.c | 464 ---------------------------------------- src/flow-alert-sid.h | 48 ----- src/suricata.c | 2 - src/util-var.c | 8 - 9 files changed, 1 insertion(+), 529 deletions(-) delete mode 100644 src/flow-alert-sid.c delete mode 100644 src/flow-alert-sid.h diff --git a/src/Makefile.am b/src/Makefile.am index 39cd78f562..d879f4a560 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -187,7 +187,6 @@ detect-uricontent.c detect-uricontent.h \ detect-urilen.c detect-urilen.h \ detect-window.c detect-window.h \ detect-within.c detect-within.h \ -flow-alert-sid.c flow-alert-sid.h \ flow-bit.c flow-bit.h \ flow.c flow.h \ flow-hash.c flow-hash.h \ diff --git a/src/detect-pcre.c b/src/detect-pcre.c index e496d8f046..b2df240ee3 100644 --- a/src/detect-pcre.c +++ b/src/detect-pcre.c @@ -30,7 +30,6 @@ #include "pkt-var.h" #include "flow-var.h" -#include "flow-alert-sid.h" #include "flow-util.h" #include "detect-pcre.h" diff --git a/src/detect-uricontent.c b/src/detect-uricontent.c index 2de13509ac..bf0a9104f8 100644 --- a/src/detect-uricontent.c +++ b/src/detect-uricontent.c @@ -39,7 +39,6 @@ #include "flow-var.h" #include "flow-util.h" #include "threads.h" -#include "flow-alert-sid.h" #include "stream-tcp.h" #include "stream.h" diff --git a/src/detect.c b/src/detect.c index 8c80eb6238..0a2515b4f1 100644 --- a/src/detect.c +++ b/src/detect.c @@ -170,8 +170,6 @@ #include "pkt-var.h" -#include "flow-alert-sid.h" - #include "conf.h" #include "conf-yaml-loader.h" @@ -5505,7 +5503,7 @@ static int SigTest08Real (int mpm_type) { } SigMatchSignatures(&th_v, de_ctx, det_ctx, p); - if ( (PacketAlertCheck(p, 1) || FlowAlertSidIsset(&f, 1)) && PacketAlertCheck(p, 2)) + if (PacketAlertCheck(p, 1) && PacketAlertCheck(p, 2)) result = 1; else printf("sid:1 %s, sid:2 %s: ", diff --git a/src/detect.h b/src/detect.h index 3fd89ee693..f4afcecc6d 100644 --- a/src/detect.h +++ b/src/detect.h @@ -1052,7 +1052,6 @@ enum { DETECT_PKTVAR, DETECT_NOALERT, DETECT_FLOWBITS, - DETECT_FLOWALERTSID, DETECT_IPV4_CSUM, DETECT_TCPV4_CSUM, DETECT_TCPV6_CSUM, diff --git a/src/flow-alert-sid.c b/src/flow-alert-sid.c deleted file mode 100644 index 4dfc0a0c01..0000000000 --- a/src/flow-alert-sid.c +++ /dev/null @@ -1,464 +0,0 @@ -/* Copyright (C) 2007-2010 Open Information Security Foundation - * - * You can copy, redistribute or modify this Program under the terms of - * the GNU General Public License version 2 as published by the Free - * Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * version 2 along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -/** - * \file - * - * \author Victor Julien - * - * Implements per flow bits. Actually, not a bit, - * but called that way because of Snort's flowbits. - * It's a binary storage. - * - * \todo move away from a linked list implementation - * \todo use different datatypes, such as string, int, etc. - * \todo have more than one instance of the same var, and be able to match on a - * specific one, or one all at a time. So if a certain capture matches - * multiple times, we can operate on all of them. - */ - -#include "suricata-common.h" -#include "threads.h" -#include "flow-alert-sid.h" -#include "flow.h" -#include "flow-util.h" -#include "flow-private.h" -#include "detect.h" -#include "util-var.h" -#include "util-unittest.h" -#include "util-debug.h" - -/* get the flowbit with idx from the flow */ -static FlowAlertSid *FlowAlertSidGet(Flow *f, uint32_t sid) { - GenericVar *gv = f->flowvar; - for ( ; gv != NULL; gv = gv->next) { - if (gv->type == DETECT_FLOWALERTSID) { - FlowAlertSid *fas = (FlowAlertSid *)gv; - - SCLogDebug("fas->type %"PRIu32", fas->sid %"PRIu32"", fas->type, fas->sid); - if (fas->sid == sid) { - return (FlowAlertSid *)gv; - } - } - } - - return NULL; -} - -/* add a flowbit to the flow */ -static void FlowAlertSidAdd(Flow *f, uint32_t sid) { - FlowAlertSid *fb = FlowAlertSidGet(f, sid); - if (fb == NULL) { - fb = SCMalloc(sizeof(FlowAlertSid)); - if (unlikely(fb == NULL)) - return; - - fb->type = DETECT_FLOWALERTSID; - fb->sid = sid; - fb->next = NULL; - - SCLogDebug("fb->type %u, sid %"PRIu32"", fb->type, fb->sid); - GenericVarAppend(&f->flowvar, (GenericVar *)fb); - SCLogDebug("fb->type %u, sid %"PRIu32"", fb->type, fb->sid); - - SCLogDebug("adding flowalertsid with sid %" PRIu32 " (%"PRIu32")", sid, fb->sid); -#ifdef FLOWALERTSID_STATS - SCMutexLock(&flowbits_mutex); - flowbits_added++; - flowbits_memuse += sizeof(FlowAlertSid); - if (flowbits_memuse > flowbits_memuse_max) - flowbits_memuse_max = flowbits_memuse; - SCMutexUnlock(&flowbits_mutex); -#endif /* FLOWALERTSID_STATS */ - } -} - -static void FlowAlertSidRemove(Flow *f, uint32_t sid) { - FlowAlertSid *fb = FlowAlertSidGet(f, sid); - if (fb == NULL) - return; - - GenericVarRemove(&f->flowvar, (GenericVar *)fb); - - //printf("FlowAlertSidRemove: remove flowbit with idx %" PRIu32 "\n", idx); -#ifdef FLOWALERTSID_STATS - SCMutexLock(&flowbits_mutex); - flowbits_removed++; - if (flowbits_memuse >= sizeof(FlowAlertSid)) - flowbits_memuse -= sizeof(FlowAlertSid); - else { - printf("ERROR: flowbits memory usage going below 0!\n"); - flowbits_memuse = 0; - } - SCMutexUnlock(&flowbits_mutex); -#endif /* FLOWALERTSID_STATS */ -} - -void FlowAlertSidSet(Flow *f, uint32_t sid) { - FLOWLOCK_WRLOCK(f); - - FlowAlertSid *fb = FlowAlertSidGet(f, sid); - if (fb == NULL) { - FlowAlertSidAdd(f, sid); - } - - FLOWLOCK_UNLOCK(f); -} - -void FlowAlertSidUnset(Flow *f, uint32_t sid) { - FLOWLOCK_WRLOCK(f); - - FlowAlertSid *fb = FlowAlertSidGet(f, sid); - if (fb != NULL) { - FlowAlertSidRemove(f, sid); - } - - FLOWLOCK_UNLOCK(f); -} - -void FlowAlertSidToggle(Flow *f, uint32_t sid) { - FLOWLOCK_WRLOCK(f); - - FlowAlertSid *fb = FlowAlertSidGet(f, sid); - if (fb != NULL) { - FlowAlertSidRemove(f, sid); - } else { - FlowAlertSidAdd(f, sid); - } - - FLOWLOCK_UNLOCK(f); -} - -int FlowAlertSidIsset(Flow *f, uint32_t sid) { - int r = 0; - FLOWLOCK_RDLOCK(f); - - FlowAlertSid *fb = FlowAlertSidGet(f, sid); - if (fb != NULL) { - r = 1; - } - - FLOWLOCK_UNLOCK(f); - return r; -} - -int FlowAlertSidIsnotset(Flow *f, uint32_t sid) { - int r = 0; - FLOWLOCK_RDLOCK(f); - - FlowAlertSid *fb = FlowAlertSidGet(f, sid); - if (fb == NULL) { - r = 1; - } - - FLOWLOCK_UNLOCK(f); - return r; -} - -void FlowAlertSidFree(FlowAlertSid *fb) { - if (fb == NULL) - return; - - SCFree(fb); - -#ifdef FLOWALERTSID_STATS - SCMutexLock(&flowbits_mutex); - flowbits_removed++; - if (flowbits_memuse >= sizeof(FlowAlertSid)) - flowbits_memuse -= sizeof(FlowAlertSid); - else { - printf("ERROR: flowbits memory usage going below 0!\n"); - flowbits_memuse = 0; - } - SCMutexUnlock(&flowbits_mutex); -#endif /* FLOWALERTSID_STATS */ -} - - -/* TESTS */ -#ifdef UNITTESTS -static int FlowAlertSidTest01 (void) { - int ret = 0; - - Flow f; - memset(&f, 0, sizeof(Flow)); - - FlowAlertSidAdd(&f, 0); - - FlowAlertSid *fb = FlowAlertSidGet(&f,0); - if (fb != NULL) - ret = 1; - - GenericVarFree(f.flowvar); - return ret; -} - -static int FlowAlertSidTest02 (void) { - int ret = 0; - - Flow f; - memset(&f, 0, sizeof(Flow)); - - FlowAlertSid *fb = FlowAlertSidGet(&f,0); - if (fb == NULL) - ret = 1; - - GenericVarFree(f.flowvar); - return ret; -} - -static int FlowAlertSidTest03 (void) { - int ret = 0; - - Flow f; - memset(&f, 0, sizeof(Flow)); - - FlowAlertSidAdd(&f, 0); - - FlowAlertSid *fb = FlowAlertSidGet(&f,0); - if (fb == NULL) { - printf("fb == NULL although it was just added: "); - goto end; - } - - FlowAlertSidRemove(&f, 0); - - fb = FlowAlertSidGet(&f,0); - if (fb != NULL) { - printf("fb != NULL although it was just removed: "); - goto end; - } else { - ret = 1; - } -end: - GenericVarFree(f.flowvar); - return ret; -} - -static int FlowAlertSidTest04 (void) { - int ret = 0; - - Flow f; - memset(&f, 0, sizeof(Flow)); - - FlowAlertSidAdd(&f, 0); - FlowAlertSidAdd(&f, 1); - FlowAlertSidAdd(&f, 2); - FlowAlertSidAdd(&f, 3); - - FlowAlertSid *fb = FlowAlertSidGet(&f,0); - if (fb != NULL) - ret = 1; - - GenericVarFree(f.flowvar); - return ret; -} - -static int FlowAlertSidTest05 (void) { - int ret = 0; - - Flow f; - memset(&f, 0, sizeof(Flow)); - - FlowAlertSidAdd(&f, 0); - FlowAlertSidAdd(&f, 1); - FlowAlertSidAdd(&f, 2); - FlowAlertSidAdd(&f, 3); - - FlowAlertSid *fb = FlowAlertSidGet(&f,1); - if (fb == NULL) { - printf("fb == NULL: "); - goto end; - } - - ret = 1; -end: - GenericVarFree(f.flowvar); - return ret; -} - -static int FlowAlertSidTest06 (void) { - int ret = 0; - - Flow f; - memset(&f, 0, sizeof(Flow)); - - FlowAlertSidAdd(&f, 0); - FlowAlertSidAdd(&f, 1); - FlowAlertSidAdd(&f, 2); - FlowAlertSidAdd(&f, 3); - - FlowAlertSid *fb = FlowAlertSidGet(&f,2); - if (fb != NULL) - ret = 1; - - GenericVarFree(f.flowvar); - return ret; -} - -static int FlowAlertSidTest07 (void) { - int ret = 0; - - Flow f; - memset(&f, 0, sizeof(Flow)); - - FlowAlertSidAdd(&f, 0); - FlowAlertSidAdd(&f, 1); - FlowAlertSidAdd(&f, 2); - FlowAlertSidAdd(&f, 3); - - FlowAlertSid *fb = FlowAlertSidGet(&f,3); - if (fb != NULL) - ret = 1; - - GenericVarFree(f.flowvar); - return ret; -} - -static int FlowAlertSidTest08 (void) { - int ret = 0; - - Flow f; - memset(&f, 0, sizeof(Flow)); - - FlowAlertSidAdd(&f, 0); - FlowAlertSidAdd(&f, 1); - FlowAlertSidAdd(&f, 2); - FlowAlertSidAdd(&f, 3); - - FlowAlertSid *fb = FlowAlertSidGet(&f,0); - if (fb == NULL) - goto end; - - FlowAlertSidRemove(&f,0); - - fb = FlowAlertSidGet(&f,0); - if (fb != NULL) { - printf("fb != NULL even though it was removed: "); - goto end; - } - - ret = 1; -end: - GenericVarFree(f.flowvar); - return ret; -} - -static int FlowAlertSidTest09 (void) { - int ret = 0; - - Flow f; - memset(&f, 0, sizeof(Flow)); - - FlowAlertSidAdd(&f, 0); - FlowAlertSidAdd(&f, 1); - FlowAlertSidAdd(&f, 2); - FlowAlertSidAdd(&f, 3); - - FlowAlertSid *fb = FlowAlertSidGet(&f,1); - if (fb == NULL) - goto end; - - FlowAlertSidRemove(&f,1); - - fb = FlowAlertSidGet(&f,1); - if (fb != NULL) { - printf("fb != NULL even though it was removed: "); - goto end; - } - - ret = 1; -end: - GenericVarFree(f.flowvar); - return ret; -} - -static int FlowAlertSidTest10 (void) { - int ret = 0; - - Flow f; - memset(&f, 0, sizeof(Flow)); - - FlowAlertSidAdd(&f, 0); - FlowAlertSidAdd(&f, 1); - FlowAlertSidAdd(&f, 2); - FlowAlertSidAdd(&f, 3); - - FlowAlertSid *fb = FlowAlertSidGet(&f,2); - if (fb == NULL) - goto end; - - FlowAlertSidRemove(&f,2); - - fb = FlowAlertSidGet(&f,2); - if (fb != NULL) { - printf("fb != NULL even though it was removed: "); - goto end; - } - - ret = 1; -end: - GenericVarFree(f.flowvar); - return ret; -} - -static int FlowAlertSidTest11 (void) { - int ret = 0; - - Flow f; - memset(&f, 0, sizeof(Flow)); - - FlowAlertSidAdd(&f, 0); - FlowAlertSidAdd(&f, 1); - FlowAlertSidAdd(&f, 2); - FlowAlertSidAdd(&f, 3); - - FlowAlertSid *fb = FlowAlertSidGet(&f,3); - if (fb == NULL) - goto end; - - FlowAlertSidRemove(&f,3); - - fb = FlowAlertSidGet(&f,3); - if (fb != NULL) { - printf("fb != NULL even though it was removed: "); - goto end; - } - - ret = 1; -end: - GenericVarFree(f.flowvar); - return ret; -} -#endif /* UNITTESTS */ - -void FlowAlertSidRegisterTests(void) { -#ifdef UNITTESTS - UtRegisterTest("FlowAlertSidTest01", FlowAlertSidTest01, 1); - UtRegisterTest("FlowAlertSidTest02", FlowAlertSidTest02, 1); - UtRegisterTest("FlowAlertSidTest03", FlowAlertSidTest03, 1); - UtRegisterTest("FlowAlertSidTest04", FlowAlertSidTest04, 1); - UtRegisterTest("FlowAlertSidTest05", FlowAlertSidTest05, 1); - UtRegisterTest("FlowAlertSidTest06", FlowAlertSidTest06, 1); - UtRegisterTest("FlowAlertSidTest07", FlowAlertSidTest07, 1); - UtRegisterTest("FlowAlertSidTest08", FlowAlertSidTest08, 1); - UtRegisterTest("FlowAlertSidTest09", FlowAlertSidTest09, 1); - UtRegisterTest("FlowAlertSidTest10", FlowAlertSidTest10, 1); - UtRegisterTest("FlowAlertSidTest11", FlowAlertSidTest11, 1); -#endif /* UNITTESTS */ -} - diff --git a/src/flow-alert-sid.h b/src/flow-alert-sid.h deleted file mode 100644 index 0d2136a4b8..0000000000 --- a/src/flow-alert-sid.h +++ /dev/null @@ -1,48 +0,0 @@ -/* Copyright (C) 2007-2010 Open Information Security Foundation - * - * You can copy, redistribute or modify this Program under the terms of - * the GNU General Public License version 2 as published by the Free - * Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * version 2 along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -/** - * \file - * - * \author Victor Julien - */ - -#ifndef __FLOW_ALERT_SID_H__ -#define __FLOW_ALERT_SID_H__ - -#include "flow.h" -#include "util-var.h" - -typedef struct FlowAlertSid_ { - uint8_t type; /* type, DETECT_FLOWALERTSID in this case */ - GenericVar *next; /* right now just implement this as a list, - * in the long run we have think of something - * faster. */ - uint32_t sid; /* sid */ -} FlowAlertSid; - -void FlowAlertSidFree(FlowAlertSid *); -void FlowAlertSidRegisterTests(void); - -void FlowAlertSidSet(Flow *, uint32_t); -void FlowAlertSidUnset(Flow *, uint32_t); -void FlowAlertSidToggle(Flow *, uint32_t); -int FlowAlertSidIsset(Flow *, uint32_t); -int FlowAlertSidIsnotset(Flow *, uint32_t); - -#endif /* __FLOW_ALERT_SID_H__ */ - diff --git a/src/suricata.c b/src/suricata.c index 15d6a595f6..a0a769fbb2 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -134,7 +134,6 @@ #include "flow-manager.h" #include "flow-var.h" #include "flow-bit.h" -#include "flow-alert-sid.h" #include "pkt-var.h" #include "host.h" @@ -1648,7 +1647,6 @@ int main(int argc, char **argv) ByteRegisterTests(); MpmRegisterTests(); FlowBitRegisterTests(); - FlowAlertSidRegisterTests(); SCPerfRegisterTests(); DecodePPPRegisterTests(); diff --git a/src/util-var.c b/src/util-var.c index e5a775eda6..9e2a696d37 100644 --- a/src/util-var.c +++ b/src/util-var.c @@ -30,7 +30,6 @@ #include "flow-var.h" #include "flow-bit.h" -#include "flow-alert-sid.h" #include "pkt-var.h" #include "util-debug.h" @@ -50,13 +49,6 @@ void GenericVarFree(GenericVar *gv) { FlowBitFree(fb); break; } - case DETECT_FLOWALERTSID: - { - FlowAlertSid *fb = (FlowAlertSid *)gv; - SCLogDebug("fb %p, removing", fb); - FlowAlertSidFree(fb); - break; - } case DETECT_FLOWVAR: { FlowVar *fv = (FlowVar *)gv;