pkt-var: use id instead of name pointer

9 years ago · 5e39486399
parent a0bd15a1c4
commit 5e39486399
8 changed files with 40 additions and 84 deletions
--- a/src/alert-debuglog.c
+++ b/src/alert-debuglog.c
@ -125,8 +125,9 @@ static void AlertDebugLogPktVars(AlertDebugLogThread *aft, const Packet *p)
 {
    const PktVar *pv = p->pktvar;

-    while(pv != NULL) {
-        MemBufferWriteString(aft->buffer, "PKTVAR:            %s\n", pv->name);
+    while (pv != NULL) {
+        const char *varname = VarNameStoreLookupById(pv->id, VAR_TYPE_PKT_VAR);
+        MemBufferWriteString(aft->buffer, "PKTVAR:            %s\n", varname);
        PrintRawDataToBuffer(aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size,
                             pv->value, pv->value_len);
        pv = pv->next;
--- a/src/decode.h
+++ b/src/decode.h
@ -298,7 +298,7 @@ typedef struct PacketEngineEvents_ {
 } PacketEngineEvents;

 typedef struct PktVar_ {
-    const char *name;
+    uint32_t id;
    struct PktVar_ *next; /* right now just implement this as a list,
                           * in the long run we have thing of something
                           * faster. */
--- a/src/detect-pcre.c
+++ b/src/detect-pcre.c
@ -226,9 +226,7 @@ int DetectPcrePayloadMatch(DetectEngineThreadCtx *det_ctx, const Signature *s,
                        continue;

                    if (pe->captypes[x] == VAR_TYPE_PKT_VAR && p != NULL) {
-                        const char *varname = VarNameStoreLookupById(pe->capids[x],
-                                VAR_TYPE_PKT_VAR);
-                        PktVarAdd(p, varname, (uint8_t *)str_ptr, ret);
+                        PktVarAdd(p, pe->capids[x], (uint8_t *)str_ptr, ret);

                    } else if (pe->captypes[x] == VAR_TYPE_FLOW_VAR && f != NULL) {
                        /* store max 64k. Errors are ignored */
--- a/src/detect-pktvar.c
+++ b/src/detect-pktvar.c
@ -66,7 +66,7 @@ static int DetectPktvarMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Pac
    int ret = 0;
    const DetectPktvarData *pd = (const DetectPktvarData *)ctx;

-    PktVar *pv = PktVarGet(p, pd->name);
+    PktVar *pv = PktVarGet(p, pd->id);
    if (pv != NULL) {
        uint8_t *ptr = SpmSearch(pv->value, pv->value_len, pd->content, pd->content_len);
        if (ptr != NULL)
@ -92,7 +92,6 @@ static int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, char *rawst
    if (ret != 3) {
        SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for pktvar.", rawstr);
        return -1;
-
    }

    const char *str_ptr;
@ -199,12 +198,7 @@ static int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, char *rawst
        return -1;
    }

-    cd->name = SCStrdup(varname);
-    if (cd->name == NULL) {
-        SCFree(cd);
-        if (dubbed) SCFree(str);
-        return -1;
-    }
+    cd->id = VarNameStoreSetupAdd(varname, VAR_TYPE_PKT_VAR);

    memcpy(cd->content, str, len);
    cd->content_len = len;
@ -228,8 +222,6 @@ error:
    if (dubbed)
        SCFree(str);
    if (cd) {
-        if (cd->name)
-            SCFree(cd->name);
        SCFree(cd);
    }
    if (sm)
--- a/src/detect-pktvar.h
+++ b/src/detect-pktvar.h
@ -25,10 +25,10 @@
 #define __DETECT_PKTVAR_H__

 typedef struct DetectPktvarData_ {
-    char *name;
-    uint8_t *content;
+    uint32_t id;
    uint8_t content_len;
    uint8_t flags;
+    uint8_t *content;
 } DetectPktvarData;

 /* prototypes */
--- a/src/detect.c
+++ b/src/detect.c
@ -5133,59 +5133,42 @@ static int SigTest17 (void)
    Packet *p = NULL;
    ThreadVars th_v;
    DetectEngineThreadCtx *det_ctx = NULL;
-    int result = 0;
-
    memset(&th_v, 0, sizeof(th_v));

    p = UTHBuildPacketSrcDstPorts((uint8_t *)buf, buflen, IPPROTO_TCP, 12345, 80);
+    FAIL_IF_NULL(p);

    ConfCreateContextBackup();
    ConfInit();
    ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));

    DetectEngineCtx *de_ctx = DetectEngineCtxInit();
-    if (de_ctx == NULL) {
-        goto end;
-    }
-
+    FAIL_IF_NULL(de_ctx);
    de_ctx->flags |= DE_QUIET;

-    de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any $HTTP_PORTS (msg:\"HTTP host cap\"; content:\"Host:\"; pcre:\"/^Host: (?P<pkt_http_host>.*)\\r\\n/m\"; noalert; sid:1;)");
-    if (de_ctx->sig_list == NULL) {
-        result = 0;
-        goto end;
-    }
+    Signature *s = DetectEngineAppendSig(de_ctx,"alert tcp any any -> any $HTTP_PORTS (msg:\"HTTP host cap\"; content:\"Host:\"; pcre:\"/^Host: (?P<pkt_http_host>.*)\\r\\n/m\"; noalert; sid:1;)");
+    FAIL_IF_NULL(s);

    SigGroupBuild(de_ctx);
    DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx);
-
    SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
-    PktVar *pv_hn = PktVarGet(p, "http_host");
-    if (pv_hn != NULL) {
-        if (memcmp(pv_hn->value, "one.example.org", pv_hn->value_len < 15 ? pv_hn->value_len : 15) == 0)
-            result = 1;
-        else {
-            printf("\"");
-            PrintRawUriFp(stdout, pv_hn->value, pv_hn->value_len);
-            printf("\" != \"one.example.org\": ");
-        }
-        PktVarFree(pv_hn);
-    } else {
-        printf("Pkt var http_host not captured: ");
-    }

-end:
-    if (de_ctx != NULL) {
-        SigGroupCleanup(de_ctx);
-        SigCleanSignatures(de_ctx);
-        if (det_ctx != NULL)
-            DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
-        DetectEngineCtxFree(de_ctx);
-    }
+    uint32_t capid = VarNameStoreLookupByName("http_host", VAR_TYPE_PKT_VAR);
+
+    PktVar *pv_hn = PktVarGet(p, capid);
+    FAIL_IF_NULL(pv_hn);
+
+    FAIL_IF(pv_hn->value_len != 15);
+    FAIL_IF_NOT(memcmp(pv_hn->value, "one.example.org", pv_hn->value_len) == 0);
+
+    PktVarFree(pv_hn);
+    DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
+    DetectEngineCtxFree(de_ctx);
    ConfDeInit();
    ConfRestoreContextBackup();
    UTHFreePackets(&p, 1);
-    return result;
+
+    PASS;
 }

 static int SigTest18 (void)
--- a/src/pkt-var.c
+++ b/src/pkt-var.c
@ -1,4 +1,4 @@
-/* Copyright (C) 2007-2010 Open Information Security Foundation
+/* Copyright (C) 2007-2016 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
@ -35,9 +35,10 @@
 #include "util-debug.h"

 /* puts a new value into a pktvar */
-void PktVarUpdate(PktVar *pv, uint8_t *value, uint16_t size)
+static void PktVarUpdate(PktVar *pv, uint8_t *value, uint16_t size)
 {
-    if (pv->value) SCFree(pv->value);
+    if (pv->value)
+        SCFree(pv->value);
    pv->value = value;
    pv->value_len = size;
 }
@ -45,12 +46,12 @@ void PktVarUpdate(PktVar *pv, uint8_t *value, uint16_t size)
 /* get the pktvar with name 'name' from the pkt
 *
 * name is a normal string*/
-PktVar *PktVarGet(Packet *p, const char *name)
+PktVar *PktVarGet(Packet *p, uint32_t id)
 {
    PktVar *pv = p->pktvar;

    for (;pv != NULL; pv = pv->next) {
-        if (pv->name && strcmp(pv->name, name) == 0)
+        if (pv->id == id)
            return pv;
    }

@ -58,23 +59,24 @@ PktVar *PktVarGet(Packet *p, const char *name)
 }

 /* add a pktvar to the pkt, or update it */
-void PktVarAdd(Packet *p, const char *name, uint8_t *value, uint16_t size)
+void PktVarAdd(Packet *p, uint32_t id, uint8_t *value, uint16_t size)
 {
    //printf("Adding packet var \"%s\" with value(%" PRId32 ") \"%s\"\n", name, size, value);

-    PktVar *pv = PktVarGet(p, name);
+    PktVar *pv = PktVarGet(p, id);
    if (pv == NULL) {
        pv = SCMalloc(sizeof(PktVar));
        if (unlikely(pv == NULL))
            return;

-        pv->name = name;
+        pv->id = id;
        pv->value = value;
        pv->value_len = size;
        pv->next = NULL;

        PktVar *tpv = p->pktvar;
-        if (p->pktvar == NULL) p->pktvar = pv;
+        if (p->pktvar == NULL)
+            p->pktvar = pv;
        else {
            while(tpv) {
                if (tpv->next == NULL) {
@ -94,7 +96,6 @@ void PktVarFree(PktVar *pv)
    if (pv == NULL)
        return;

-    pv->name = NULL;
    if (pv->value != NULL)
        SCFree(pv->value);
    PktVar *pv_next = pv->next;
@ -104,21 +105,3 @@ void PktVarFree(PktVar *pv)
    if (pv_next != NULL)
        PktVarFree(pv_next);
 }
-
-void PktVarPrint(PktVar *pv)
-{
-    uint16_t i;
-
-    if (pv == NULL)
-        return;
-
-    printf("Name \"%s\", Value \"", pv->name);
-    for (i = 0; i < pv->value_len; i++) {
-        if (isprint(pv->value[i])) printf("%c", pv->value[i]);
-        else                       printf("\\%02X", pv->value[i]);
-    }
-    printf("\", Len \"%" PRIu32 "\"\n", pv->value_len);
-
-    PktVarPrint(pv->next);
-}
-
--- a/src/pkt-var.h
+++ b/src/pkt-var.h
@ -1,4 +1,4 @@
-/* Copyright (C) 2007-2010 Open Information Security Foundation
+/* Copyright (C) 2007-2016 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
@ -24,10 +24,9 @@
 #ifndef __PKT_VAR_H__
 #define __PKT_VAR_H__

-void PktVarAdd(Packet *, const char *, uint8_t *, uint16_t);
-PktVar *PktVarGet(Packet *, const char *);
+void PktVarAdd(Packet *, uint32_t id, uint8_t *, uint16_t);
+PktVar *PktVarGet(Packet *, uint32_t id);
 void PktVarFree(PktVar *);
-void PktVarPrint(PktVar *);

 #endif /* __PKT_VAR_H__ */