aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Change locking of http_header, http_raw_header and http_client_body so that flow isn't accessed without lock anywhere.

Browse Source
remotes/origin/master-1.1.x
Victor Julien 15 years ago
parent 435d0fb327
commit 55ca988222
7 changed files with 48 additions and 52 deletions
Show Stats Download Patch File Download Diff File

28
src/detect-engine-hcbd.c
Unescape Escape View File

@ -259,17 +259,13 @@ match:
*
* \warning Make sure flow is locked.
*/
void DetectEngineBufferHttpClientBodies(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx,
Flow *f, HtpState *htp_state)
static void DetectEngineBufferHttpClientBodies(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, Flow *f, HtpState *htp_state)
{
size_t idx = 0;
htp_tx_t *tx = NULL;
int i = 0;
/* locking the flow, we will inspect the htp state */
SCMutexLock(&f->m);
if (htp_state->connp == NULL || htp_state->connp->conn == NULL) {
SCLogDebug("HTP state has no conn(p)");
goto end;
@ -368,16 +364,20 @@ void DetectEngineBufferHttpClientBodies(DetectEngineCtx *de_ctx,
} /* else - if (htud->body.nchunks == 0) */
} /* for (idx = AppLayerTransactionGetInspectId(f); .. */
end:
SCMutexUnlock(&f->m);
end:
return;
}
int DetectEngineRunHttpClientBodyMpm(DetectEngineThreadCtx *det_ctx)
int DetectEngineRunHttpClientBodyMpm(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, Flow *f, HtpState *htp_state)
{
int i;
uint32_t cnt = 0;
SCMutexLock(&f->m);
DetectEngineBufferHttpClientBodies(de_ctx, det_ctx, f, htp_state);
SCMutexUnlock(&f->m);
for (i = 0; i < det_ctx->hcbd_buffers_list_len; i++) {
cnt += HttpClientBodyPatternSearch(det_ctx,
det_ctx->hcbd_buffers[i],
@ -402,19 +402,20 @@ int DetectEngineRunHttpClientBodyMpm(DetectEngineThreadCtx *det_ctx)
* \retval 1 Match.
*/
int DetectEngineInspectHttpClientBody(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx,
Signature *s, Flow *f, uint8_t flags,
void *alstate)
DetectEngineThreadCtx *det_ctx, Signature *s, Flow *f, uint8_t flags,
void *alstate)
{
SCEnter();
int r = 0;
HtpState *htp_state = NULL;
int i = 0;
SCMutexLock(&f->m);
htp_state = (HtpState *)alstate;
if (htp_state == NULL) {
SCLogDebug("no HTTP state");
SCReturnInt(0);
goto end;
}
if (htp_state->connp == NULL || htp_state->connp->conn == NULL) {
@ -439,6 +440,7 @@ int DetectEngineInspectHttpClientBody(DetectEngineCtx *de_ctx,
}
end:
SCMutexUnlock(&f->m);
SCReturnInt(r);
}

10
src/detect-engine-hcbd.h
Unescape Escape View File

@ -27,14 +27,10 @@
#include "app-layer-htp.h"
int DetectEngineRunHttpClientBodyMpm(DetectEngineThreadCtx *);
void DetectEngineBufferHttpClientBodies(DetectEngineCtx *,
DetectEngineThreadCtx *,
Flow *, HtpState *);
int DetectEngineRunHttpClientBodyMpm(DetectEngineCtx *,
DetectEngineThreadCtx *, Flow *f, HtpState *);
int DetectEngineInspectHttpClientBody(DetectEngineCtx *,
DetectEngineThreadCtx *,
Signature *, Flow *, uint8_t,
void *);
DetectEngineThreadCtx *, Signature *, Flow *, uint8_t, void *);
void DetectEngineCleanHCBDBuffers(DetectEngineThreadCtx *);
void DetectEngineHttpClientBodyRegisterTests(void);

23
src/detect-engine-hhd.c
Unescape Escape View File

@ -261,16 +261,13 @@ match:
*
* \warning Make sure flow is locked.
*/
void DetectEngineBufferHttpHeaders(DetectEngineThreadCtx *det_ctx, Flow *f,
static void DetectEngineBufferHttpHeaders(DetectEngineThreadCtx *det_ctx, Flow *f,
HtpState *htp_state)
{
size_t idx = 0;
htp_tx_t *tx = NULL;
int i = 0;
/* locking the flow, we will inspect the htp state */
SCMutexLock(&f->m);
if (htp_state->connp == NULL || htp_state->connp->conn == NULL) {
SCLogDebug("HTP state has no conn(p)");
goto end;
@ -349,16 +346,23 @@ void DetectEngineBufferHttpHeaders(DetectEngineThreadCtx *det_ctx, Flow *f,
} /* for (idx = AppLayerTransactionGetInspectId(f); .. */
end:
SCMutexUnlock(&f->m);
end:
return;
}
int DetectEngineRunHttpHeaderMpm(DetectEngineThreadCtx *det_ctx)
/**
* \brief run the mpm against the assembled http header buffer(s)
* \retval cnt Number of matches reported by the mpm algo.
*/
int DetectEngineRunHttpHeaderMpm(DetectEngineThreadCtx *det_ctx, Flow *f, HtpState *htp_state)
{
int i;
uint32_t cnt = 0;
SCMutexLock(&f->m);
DetectEngineBufferHttpHeaders(det_ctx, f, htp_state);
SCMutexUnlock(&f->m);
for (i = 0; i < det_ctx->hhd_buffers_list_len; i++) {
cnt += HttpHeaderPatternSearch(det_ctx,
det_ctx->hhd_buffers[i],
@ -391,10 +395,12 @@ int DetectEngineInspectHttpHeader(DetectEngineCtx *de_ctx,
HtpState *htp_state = NULL;
int i = 0;
SCMutexLock(&f->m);
htp_state = (HtpState *)alstate;
if (htp_state == NULL) {
SCLogDebug("no HTTP state");
SCReturnInt(0);
goto end;
}
if (htp_state->connp == NULL || htp_state->connp->conn == NULL) {
@ -419,6 +425,7 @@ int DetectEngineInspectHttpHeader(DetectEngineCtx *de_ctx,
}
end:
SCMutexUnlock(&f->m);
SCReturnInt(r);
}

4
src/detect-engine-hhd.h
Unescape Escape View File

@ -25,9 +25,7 @@
#include "app-layer-htp.h"
void DetectEngineBufferHttpHeaders(DetectEngineThreadCtx *, Flow *,
HtpState *);
int DetectEngineRunHttpHeaderMpm(DetectEngineThreadCtx *);
int DetectEngineRunHttpHeaderMpm(DetectEngineThreadCtx *, Flow *, HtpState *);
int DetectEngineInspectHttpHeader(DetectEngineCtx *, DetectEngineThreadCtx *,
Signature *, Flow *, uint8_t, void *);
void DetectEngineCleanHHDBuffers(DetectEngineThreadCtx *);

17
src/detect-engine-hrhd.c
Unescape Escape View File

@ -261,16 +261,13 @@ match:
*
* \warning Make sure the flow is locked.
*/
void DetectEngineBufferHttpRawHeaders(DetectEngineThreadCtx *det_ctx,
static void DetectEngineBufferHttpRawHeaders(DetectEngineThreadCtx *det_ctx,
Flow *f, HtpState *htp_state)
{
size_t idx = 0;
htp_tx_t *tx = NULL;
int i = 0;
/* locking the flow, we will inspect the htp state */
SCMutexLock(&f->m);
if (htp_state->connp == NULL || htp_state->connp->conn == NULL) {
SCLogDebug("HTP state has no conn(p)");
goto end;
@ -326,12 +323,11 @@ void DetectEngineBufferHttpRawHeaders(DetectEngineThreadCtx *det_ctx,
} /* for (idx = AppLayerTransactionGetInspectId(f); .. */
end:
SCMutexUnlock(&f->m);
end:
return;
}
int DetectEngineRunHttpRawHeaderMpm(DetectEngineThreadCtx *det_ctx, Flow *f)
int DetectEngineRunHttpRawHeaderMpm(DetectEngineThreadCtx *det_ctx, Flow *f, HtpState *htp_state)
{
int i;
uint32_t cnt = 0;
@ -340,6 +336,8 @@ int DetectEngineRunHttpRawHeaderMpm(DetectEngineThreadCtx *det_ctx, Flow *f)
* but are ones that point to a buffer given by libhtp */
SCMutexLock(&f->m);
DetectEngineBufferHttpRawHeaders(det_ctx, f, htp_state);
for (i = 0; i < det_ctx->hrhd_buffers_list_len; i++) {
cnt += HttpRawHeaderPatternSearch(det_ctx,
det_ctx->hrhd_buffers[i],
@ -374,10 +372,12 @@ int DetectEngineInspectHttpRawHeader(DetectEngineCtx *de_ctx,
HtpState *htp_state = NULL;
int i = 0;
SCMutexLock(&f->m);
htp_state = (HtpState *)alstate;
if (htp_state == NULL) {
SCLogDebug("no HTTP state");
SCReturnInt(0);
goto end;
}
if (htp_state->connp == NULL || htp_state->connp->conn == NULL) {
@ -402,6 +402,7 @@ int DetectEngineInspectHttpRawHeader(DetectEngineCtx *de_ctx,
}
end:
SCMutexUnlock(&f->m);
SCReturnInt(r);
}

9
src/detect-engine-hrhd.h
Unescape Escape View File

@ -25,13 +25,8 @@
#include "app-layer-htp.h"
int DetectEngineInspectHttpRawHeader(DetectEngineCtx *,
DetectEngineThreadCtx *,
Signature *, Flow *, uint8_t,
void *);
void DetectEngineBufferHttpRawHeaders(DetectEngineThreadCtx *det_ctx,
Flow *f, HtpState *);
int DetectEngineRunHttpRawHeaderMpm(DetectEngineThreadCtx *, Flow *);
int DetectEngineInspectHttpRawHeader(DetectEngineCtx *, DetectEngineThreadCtx *, Signature *, Flow *, uint8_t, void *);
int DetectEngineRunHttpRawHeaderMpm(DetectEngineThreadCtx *, Flow *, HtpState *);
void DetectEngineCleanHRHDBuffers(DetectEngineThreadCtx *);
void DetectEngineHttpRawHeaderRegisterTests(void);

9
src/detect.c
Unescape Escape View File

@ -951,18 +951,15 @@ static inline void DetectMpmPrefilter(DetectEngineCtx *de_ctx,
SCLogDebug("uri search: cnt %" PRIu32, cnt);
}
if (det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_HCBD) {
DetectEngineBufferHttpClientBodies(de_ctx, det_ctx, p->flow, alstate);
cnt = DetectEngineRunHttpClientBodyMpm(det_ctx);
cnt = DetectEngineRunHttpClientBodyMpm(de_ctx, det_ctx, p->flow, alstate);
SCLogDebug("hcbd search: cnt %" PRIu32, cnt);
}
if (det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_HHD) {
DetectEngineBufferHttpHeaders(det_ctx, p->flow, alstate);
cnt = DetectEngineRunHttpHeaderMpm(det_ctx);
cnt = DetectEngineRunHttpHeaderMpm(det_ctx, p->flow, alstate);
SCLogDebug("hhd search: cnt %" PRIu32, cnt);
}
if (det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_HRHD) {
DetectEngineBufferHttpRawHeaders(det_ctx, p->flow, alstate);
cnt = DetectEngineRunHttpRawHeaderMpm(det_ctx, p->flow);
cnt = DetectEngineRunHttpRawHeaderMpm(det_ctx, p->flow, alstate);
SCLogDebug("hrhd search: cnt %" PRIu32, cnt);
}
}

Write Preview
Loading…
Cancel
Save