aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

rule-vars: take detect engine as arg

Browse Source
pull/1389/head
Victor Julien 11 years ago
parent 3083f51cc6
commit 0bc27c7dc7
7 changed files with 56 additions and 52 deletions
Show Stats Download Patch File Download Diff File

4
src/detect-engine-address.c
Unescape Escape View File

@ -1029,7 +1029,7 @@ static int DetectAddressParse2(const DetectEngineCtx *de_ctx,
} else if (d_set == 1) {
address[x - 1] = '\0';
rule_var_address = SCRuleVarsGetConfVar(address,
rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
SC_RULE_VARS_ADDRESS_GROUPS);
if (rule_var_address == NULL)
goto error;
@ -1081,7 +1081,7 @@ static int DetectAddressParse2(const DetectEngineCtx *de_ctx,
x = 0;
if (d_set == 1) {
rule_var_address = SCRuleVarsGetConfVar(address,
rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
SC_RULE_VARS_ADDRESS_GROUPS);
if (rule_var_address == NULL)
goto error;

33
src/detect-engine-iponly.c
Unescape Escape View File

@ -581,7 +581,8 @@ static void SigNumArrayFree(void *tmp)
* \retval 0 if success
* \retval -1 if fails
*/
static IPOnlyCIDRItem *IPOnlyCIDRListParse2(char *s, int negate)
static IPOnlyCIDRItem *IPOnlyCIDRListParse2(const DetectEngineCtx *de_ctx,
char *s, int negate)
{
size_t x = 0;
size_t u = 0;
@ -615,7 +616,7 @@ static IPOnlyCIDRItem *IPOnlyCIDRListParse2(char *s, int negate)
address[x - 1] = '\0';
x = 0;
if ( (subhead = IPOnlyCIDRListParse2(address,
if ( (subhead = IPOnlyCIDRListParse2(de_ctx, address,
(negate + n_set) % 2)) == NULL)
goto error;
@ -629,7 +630,7 @@ static IPOnlyCIDRItem *IPOnlyCIDRListParse2(char *s, int negate)
} else if (d_set == 1) {
address[x - 1] = '\0';
rule_var_address = SCRuleVarsGetConfVar(address,
rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
SC_RULE_VARS_ADDRESS_GROUPS);
if (rule_var_address == NULL)
goto error;
@ -646,7 +647,7 @@ static IPOnlyCIDRItem *IPOnlyCIDRListParse2(char *s, int negate)
"[%s]", rule_var_address);
}
subhead = IPOnlyCIDRListParse2(temp_rule_var_address,
subhead = IPOnlyCIDRListParse2(de_ctx, temp_rule_var_address,
(negate + n_set) % 2);
head = IPOnlyCIDRItemInsert(head, subhead);
@ -689,7 +690,7 @@ static IPOnlyCIDRItem *IPOnlyCIDRListParse2(char *s, int negate)
x = 0;
if (d_set == 1) {
rule_var_address = SCRuleVarsGetConfVar(address,
rule_var_address = SCRuleVarsGetConfVar(de_ctx, address,
SC_RULE_VARS_ADDRESS_GROUPS);
if (rule_var_address == NULL)
goto error;
@ -703,7 +704,7 @@ static IPOnlyCIDRItem *IPOnlyCIDRListParse2(char *s, int negate)
snprintf(temp_rule_var_address, strlen(rule_var_address) + 3,
"[%s]", rule_var_address);
}
subhead = IPOnlyCIDRListParse2(temp_rule_var_address,
subhead = IPOnlyCIDRListParse2(de_ctx, temp_rule_var_address,
(negate + n_set) % 2);
head = IPOnlyCIDRItemInsert(head, subhead);
@ -751,14 +752,15 @@ error:
* \retval 0 On success.
* \retval -1 On failure.
*/
static int IPOnlyCIDRListParse(IPOnlyCIDRItem **gh, char *str)
static int IPOnlyCIDRListParse(const DetectEngineCtx *de_ctx,
IPOnlyCIDRItem **gh, char *str)
{
SCLogDebug("gh %p, str %s", gh, str);
if (gh == NULL)
goto error;
*gh = IPOnlyCIDRListParse2(str, 0);
*gh = IPOnlyCIDRListParse2(de_ctx, str, 0);
if (*gh == NULL) {
SCLogDebug("DetectAddressParse2 returned null");
goto error;
@ -782,7 +784,8 @@ error:
* \retval 0 On success.
* \retval -1 On failure.
*/
int IPOnlySigParseAddress(Signature *s, const char *addrstr, char flag)
int IPOnlySigParseAddress(const DetectEngineCtx *de_ctx,
Signature *s, const char *addrstr, char flag)
{
SCLogDebug("Address Group \"%s\" to be parsed now", addrstr);
IPOnlyCIDRItem *tmp = NULL;
@ -792,15 +795,15 @@ int IPOnlySigParseAddress(Signature *s, const char *addrstr, char flag)
if (strcasecmp(addrstr, "any") == 0) {
s->flags |= SIG_FLAG_SRC_ANY;
if (IPOnlyCIDRListParse(&s->CidrSrc, (char *)"0.0.0.0/0") < 0)
if (IPOnlyCIDRListParse(de_ctx, &s->CidrSrc, (char *)"0.0.0.0/0") < 0)
goto error;
if (IPOnlyCIDRListParse(&tmp, (char *)"::/0") < 0)
if (IPOnlyCIDRListParse(de_ctx, &tmp, (char *)"::/0") < 0)
goto error;
s->CidrSrc = IPOnlyCIDRItemInsert(s->CidrSrc, tmp);
} else if (IPOnlyCIDRListParse(&s->CidrSrc, (char *)addrstr) < 0) {
} else if (IPOnlyCIDRListParse(de_ctx, &s->CidrSrc, (char *)addrstr) < 0) {
goto error;
}
@ -809,15 +812,15 @@ int IPOnlySigParseAddress(Signature *s, const char *addrstr, char flag)
if (strcasecmp(addrstr, "any") == 0) {
s->flags |= SIG_FLAG_DST_ANY;
if (IPOnlyCIDRListParse(&tmp, (char *)"0.0.0.0/0") < 0)
if (IPOnlyCIDRListParse(de_ctx, &tmp, (char *)"0.0.0.0/0") < 0)
goto error;
if (IPOnlyCIDRListParse(&s->CidrDst, (char *)"::/0") < 0)
if (IPOnlyCIDRListParse(de_ctx, &s->CidrDst, (char *)"::/0") < 0)
goto error;
s->CidrDst = IPOnlyCIDRItemInsert(s->CidrDst, tmp);
} else if (IPOnlyCIDRListParse(&s->CidrDst, (char *)addrstr) < 0) {
} else if (IPOnlyCIDRListParse(de_ctx, &s->CidrDst, (char *)addrstr) < 0) {
goto error;
}

2
src/detect-engine-iponly.h
Unescape Escape View File

@ -36,7 +36,7 @@ typedef struct SigNumArray_ {
} SigNumArray;
void IPOnlyCIDRListFree(IPOnlyCIDRItem *tmphead);
int IPOnlySigParseAddress(Signature *, const char *, char);
int IPOnlySigParseAddress(const DetectEngineCtx *, Signature *, const char *, char);
void IPOnlyMatchPacket(ThreadVars *tv, DetectEngineCtx *,
DetectEngineThreadCtx *, DetectEngineIPOnlyCtx *,
DetectEngineIPOnlyThreadCtx *, Packet *);

4
src/detect-engine-port.c
Unescape Escape View File

@ -1082,7 +1082,7 @@ static int DetectPortParseDo(const DetectEngineCtx *de_ctx,
address[x - 1] = '\0';
rule_var_port = SCRuleVarsGetConfVar(address,
rule_var_port = SCRuleVarsGetConfVar(de_ctx, address,
SC_RULE_VARS_PORT_GROUPS);
if (rule_var_port == NULL)
goto error;
@ -1142,7 +1142,7 @@ static int DetectPortParseDo(const DetectEngineCtx *de_ctx,
char *temp_rule_var_port = NULL,
*alloc_rule_var_port = NULL;
rule_var_port = SCRuleVarsGetConfVar(address,
rule_var_port = SCRuleVarsGetConfVar(de_ctx, address,
SC_RULE_VARS_PORT_GROUPS);
if (rule_var_port == NULL)
goto error;

4
src/detect-parse.c
Unescape Escape View File

@ -795,10 +795,10 @@ static int SigParseBasics(const DetectEngineCtx *de_ctx,
goto error;
/* For IPOnly */
if (IPOnlySigParseAddress(s, parser->src, SIG_DIREC_SRC ^ addrs_direction) < 0)
if (IPOnlySigParseAddress(de_ctx, s, parser->src, SIG_DIREC_SRC ^ addrs_direction) < 0)
goto error;
if (IPOnlySigParseAddress(s, parser->dst, SIG_DIREC_DST ^ addrs_direction) < 0)
if (IPOnlySigParseAddress(de_ctx, s, parser->dst, SIG_DIREC_DST ^ addrs_direction) < 0)
goto error;
/* By AWS - Traditionally we should be doing this only for tcp/udp/sctp,

59
src/util-rule-vars.c
Unescape Escape View File

@ -62,7 +62,8 @@ SCEnumCharMap sc_rule_vars_type_map[ ] = {
* \retval conf_var_name_value Pointer to the string containing the conf value
* on success; NULL on failure.
*/
char *SCRuleVarsGetConfVar(const char *conf_var_name,
char *SCRuleVarsGetConfVar(const DetectEngineCtx *de_ctx,
const char *conf_var_name,
SCRuleVarsType conf_vars_type)
{
SCEnter();
@ -180,44 +181,44 @@ int SCRuleVarsPositiveTest01(void)
ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
/* check for address-groups */
result &= (SCRuleVarsGetConfVar("$HOME_NET", SC_RULE_VARS_ADDRESS_GROUPS) != NULL &&
strcmp(SCRuleVarsGetConfVar("$HOME_NET", SC_RULE_VARS_ADDRESS_GROUPS),
result &= (SCRuleVarsGetConfVar(NULL,"$HOME_NET", SC_RULE_VARS_ADDRESS_GROUPS) != NULL &&
strcmp(SCRuleVarsGetConfVar(NULL,"$HOME_NET", SC_RULE_VARS_ADDRESS_GROUPS),
"[192.168.0.0/16,10.8.0.0/16,127.0.0.1,2001:888:13c5:"
"5AFE::/64,2001:888:13c5:CAFE::/64]") == 0);
result &= (SCRuleVarsGetConfVar("$EXTERNAL_NET", SC_RULE_VARS_ADDRESS_GROUPS) != NULL &&
strcmp(SCRuleVarsGetConfVar("$EXTERNAL_NET", SC_RULE_VARS_ADDRESS_GROUPS),
result &= (SCRuleVarsGetConfVar(NULL,"$EXTERNAL_NET", SC_RULE_VARS_ADDRESS_GROUPS) != NULL &&
strcmp(SCRuleVarsGetConfVar(NULL,"$EXTERNAL_NET", SC_RULE_VARS_ADDRESS_GROUPS),
"[!192.168.0.0/16,2000::/3]") == 0);
result &= (SCRuleVarsGetConfVar("$HTTP_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS) != NULL &&
strcmp(SCRuleVarsGetConfVar("$HTTP_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS),
result &= (SCRuleVarsGetConfVar(NULL,"$HTTP_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS) != NULL &&
strcmp(SCRuleVarsGetConfVar(NULL,"$HTTP_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS),
"!192.168.0.0/16") == 0);
result &= (SCRuleVarsGetConfVar("$SMTP_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS) != NULL &&
strcmp(SCRuleVarsGetConfVar("$SMTP_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS),
result &= (SCRuleVarsGetConfVar(NULL,"$SMTP_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS) != NULL &&
strcmp(SCRuleVarsGetConfVar(NULL,"$SMTP_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS),
"!192.168.0.0/16") == 0);
result &= (SCRuleVarsGetConfVar("$SQL_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS) != NULL &&
strcmp(SCRuleVarsGetConfVar("$SQL_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS),
result &= (SCRuleVarsGetConfVar(NULL,"$SQL_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS) != NULL &&
strcmp(SCRuleVarsGetConfVar(NULL,"$SQL_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS),
"!192.168.0.0/16") == 0);
result &= (SCRuleVarsGetConfVar("$DNS_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS) != NULL &&
strcmp(SCRuleVarsGetConfVar("$DNS_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS),
result &= (SCRuleVarsGetConfVar(NULL,"$DNS_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS) != NULL &&
strcmp(SCRuleVarsGetConfVar(NULL,"$DNS_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS),
"any") == 0);
result &= (SCRuleVarsGetConfVar("$TELNET_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS) != NULL &&
strcmp(SCRuleVarsGetConfVar("$TELNET_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS),
result &= (SCRuleVarsGetConfVar(NULL,"$TELNET_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS) != NULL &&
strcmp(SCRuleVarsGetConfVar(NULL,"$TELNET_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS),
"any") == 0);
result &= (SCRuleVarsGetConfVar("$AIM_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS) != NULL &&
strcmp(SCRuleVarsGetConfVar("$AIM_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS),
result &= (SCRuleVarsGetConfVar(NULL,"$AIM_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS) != NULL &&
strcmp(SCRuleVarsGetConfVar(NULL,"$AIM_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS),
"any") == 0);
/* check for port-groups */
result &= (SCRuleVarsGetConfVar("$HTTP_PORTS", SC_RULE_VARS_PORT_GROUPS) != NULL &&
strcmp(SCRuleVarsGetConfVar("$HTTP_PORTS", SC_RULE_VARS_PORT_GROUPS),
result &= (SCRuleVarsGetConfVar(NULL,"$HTTP_PORTS", SC_RULE_VARS_PORT_GROUPS) != NULL &&
strcmp(SCRuleVarsGetConfVar(NULL,"$HTTP_PORTS", SC_RULE_VARS_PORT_GROUPS),
"80:81,88") == 0);
result &= (SCRuleVarsGetConfVar("$SHELLCODE_PORTS", SC_RULE_VARS_PORT_GROUPS) != NULL &&
strcmp(SCRuleVarsGetConfVar("$SHELLCODE_PORTS", SC_RULE_VARS_PORT_GROUPS),
result &= (SCRuleVarsGetConfVar(NULL,"$SHELLCODE_PORTS", SC_RULE_VARS_PORT_GROUPS) != NULL &&
strcmp(SCRuleVarsGetConfVar(NULL,"$SHELLCODE_PORTS", SC_RULE_VARS_PORT_GROUPS),
"80") == 0);
result &= (SCRuleVarsGetConfVar("$ORACLE_PORTS", SC_RULE_VARS_PORT_GROUPS) != NULL &&
strcmp(SCRuleVarsGetConfVar("$ORACLE_PORTS", SC_RULE_VARS_PORT_GROUPS),
result &= (SCRuleVarsGetConfVar(NULL,"$ORACLE_PORTS", SC_RULE_VARS_PORT_GROUPS) != NULL &&
strcmp(SCRuleVarsGetConfVar(NULL,"$ORACLE_PORTS", SC_RULE_VARS_PORT_GROUPS),
"1521") == 0);
result &= (SCRuleVarsGetConfVar("$SSH_PORTS", SC_RULE_VARS_PORT_GROUPS) != NULL &&
strcmp(SCRuleVarsGetConfVar("$SSH_PORTS", SC_RULE_VARS_PORT_GROUPS),
result &= (SCRuleVarsGetConfVar(NULL,"$SSH_PORTS", SC_RULE_VARS_PORT_GROUPS) != NULL &&
strcmp(SCRuleVarsGetConfVar(NULL,"$SSH_PORTS", SC_RULE_VARS_PORT_GROUPS),
"22") == 0);
ConfDeInit();
@ -238,11 +239,11 @@ int SCRuleVarsNegativeTest02(void)
ConfInit();
ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
result &= (SCRuleVarsGetConfVar("$HOME_NETW", SC_RULE_VARS_ADDRESS_GROUPS) == NULL);
result &= (SCRuleVarsGetConfVar("$home_net", SC_RULE_VARS_ADDRESS_GROUPS) == NULL);
result &= (SCRuleVarsGetConfVar(NULL,"$HOME_NETW", SC_RULE_VARS_ADDRESS_GROUPS) == NULL);
result &= (SCRuleVarsGetConfVar(NULL,"$home_net", SC_RULE_VARS_ADDRESS_GROUPS) == NULL);
result &= (SCRuleVarsGetConfVar("$TOMCAT_PORTSW", SC_RULE_VARS_PORT_GROUPS) == NULL);
result &= (SCRuleVarsGetConfVar("$tomcat_ports", SC_RULE_VARS_PORT_GROUPS) == NULL);
result &= (SCRuleVarsGetConfVar(NULL,"$TOMCAT_PORTSW", SC_RULE_VARS_PORT_GROUPS) == NULL);
result &= (SCRuleVarsGetConfVar(NULL,"$tomcat_ports", SC_RULE_VARS_PORT_GROUPS) == NULL);
ConfDeInit();
ConfRestoreContextBackup();

2
src/util-rule-vars.h
Unescape Escape View File

@ -30,7 +30,7 @@ typedef enum {
SC_RULE_VARS_PORT_GROUPS,
} SCRuleVarsType;
char *SCRuleVarsGetConfVar(const char *, SCRuleVarsType);
char *SCRuleVarsGetConfVar(const DetectEngineCtx *, const char *, SCRuleVarsType);
void SCRuleVarsRegisterTests(void);
#endif /* __UTIL_RULE_VARS_H__ */

Write Preview
Loading…
Cancel
Save