aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Cleanups.

Browse Source
remotes/origin/master-1.0.x
Victor Julien 16 years ago
parent 153d1425fe
commit 7a8cd61fdf
13 changed files with 199 additions and 149 deletions
Show Stats Download Patch File Download Diff File

22
src/app-layer-htp.c
Unescape Escape View File

@ -303,14 +303,17 @@ static int HTPHandleResponseData(Flow *f, void *htp_state,
void HtpBodyAppendChunk(HtpBody *body, uint8_t *data, uint32_t len)
{
SCEnter();
BodyChunk *bd = NULL;
HtpBodyChunk *bd = NULL;
if (body->nchunks == 0) {
/* New chunk */
bd = (BodyChunk *)SCMalloc(sizeof(BodyChunk));
bd = (HtpBodyChunk *)SCMalloc(sizeof(HtpBodyChunk));
if (bd == NULL) {
SCLogError(SC_ERR_MEM_ALLOC, "Fatal error, error allocationg memory");
exit(EXIT_FAILURE);
}
bd->len = len;
bd->data = data;
body->first = body->last = bd;
@ -326,7 +329,12 @@ void HtpBodyAppendChunk(HtpBody *body, uint8_t *data, uint32_t len)
body->last->len = len;
bd = body->last;
} else {
bd = (BodyChunk *)SCMalloc(sizeof(BodyChunk));
bd = (HtpBodyChunk *)SCMalloc(sizeof(HtpBodyChunk));
if (bd == NULL) {
SCLogError(SC_ERR_MEM_ALLOC, "Fatal error, error allocationg memory");
exit(EXIT_FAILURE);
}
bd->len = len;
bd->data = data;
body->last->next = bd;
@ -353,7 +361,7 @@ void HtpBodyPrint(HtpBody *body)
if (body->nchunks == 0)
return;
BodyChunk *cur = NULL;
HtpBodyChunk *cur = NULL;
SCLogDebug("--- Start body chunks at %p ---", body);
for (cur = body->first; cur != NULL; cur = cur->next) {
SCLogDebug("Body %p; Chunk id: %"PRIu32", data %p, len %"PRIu32"\n",
@ -372,6 +380,7 @@ void HtpBodyPrint(HtpBody *body)
void HtpBodyFree(HtpBody *body)
{
SCEnter();
if (body->nchunks == 0)
return;
@ -380,8 +389,9 @@ void HtpBodyFree(HtpBody *body)
(uint32_t)body->last->len);
body->nchunks = 0;
BodyChunk *cur = NULL;
BodyChunk *prev = NULL;
HtpBodyChunk *cur = NULL;
HtpBodyChunk *prev = NULL;
prev = body->first;
while (prev != NULL) {
cur = prev->next;

23
src/app-layer-htp.h
Unescape Escape View File

@ -48,17 +48,17 @@ enum {
matched on some rule */
/** Struct used to hold chunks of a body on a request */
typedef struct BodyChunk_ {
typedef struct HtpBodyChunk_ {
uint8_t *data; /**< Pointer to the data of the chunk */
uint32_t len; /**< Length of the chunk */
struct BodyChunk_ *next; /**< Pointer to the next chunk */
struct HtpBodyChunk_ *next; /**< Pointer to the next chunk */
uint32_t id; /**< number of chunk of the current body */
} BodyChunk;
} HtpBodyChunk;
/** Struct used to hold all the chunks of a body on a request */
typedef struct Body_ {
BodyChunk *first; /**< Pointer to the first chunk */
BodyChunk *last; /**< Pointer to the last chunk */
typedef struct HtpBody_ {
HtpBodyChunk *first; /**< Pointer to the first chunk */
HtpBodyChunk *last; /**< Pointer to the last chunk */
uint32_t nchunks; /**< Number of chunks in the current operation */
uint8_t operation; /**< This flag indicate if it's a request
or a response */
@ -68,13 +68,12 @@ typedef struct Body_ {
typedef struct HtpState_ {
htp_connp_t *connp; /**< Connection parser structure for
each connection */
htp_connp_t *connp; /**< Connection parser structure for
each connection */
HtpBody body; /**< Body of the request (if any) */
size_t new_in_tx_index; /**< Index to indicate that after this we have
new requests to log */
uint8_t flags;
HtpBody body; /**< Body of the request (if any) */
uint8_t new_in_tx_index; /**< Index to indicate that after this we have
new requests to log */
} HtpState;
htp_cfg_t *cfg; /**< Config structure for HTP library */

8
src/detect-depth.c
Unescape Escape View File

@ -1,11 +1,15 @@
/* DEPTH part of the detection engine. */
#include "suricata-common.h"
#include "decode.h"
#include "detect.h"
#include "flow-var.h"
#include "detect-content.h"
#include "detect-pcre.h"
#include "detect-uricontent.h"
#include "flow-var.h"
#include "util-debug.h"
static int DetectDepthSetup (DetectEngineCtx *, Signature *, char *);

7
src/detect-distance.c
Unescape Escape View File

@ -1,12 +1,15 @@
/* DISTANCE part of the detection engine. */
#include "suricata-common.h"
#include "decode.h"
#include "detect.h"
#include "flow-var.h"
#include "detect-content.h"
#include "detect-uricontent.h"
#include "detect-pcre.h"
#include "flow-var.h"
#include "util-debug.h"
static int DetectDistanceSetup(DetectEngineCtx *, Signature *, char *);

76
src/detect-engine-payload.c
Unescape Escape View File

@ -1,18 +1,20 @@
/* Copyright (c) 2010 Victor Julien <victor@inliniac.net> */
/** \file
* \author Victor Julien <victor@inliniac.net>
*/
#include "suricata-common.h"
#include "suricata.h"
#include "decode.h"
#include "detect.h"
#include "detect-content.h"
#include "detect-uricontent.h"
#include "detect-pcre.h"
#include "detect-isdataat.h"
#include "detect-bytetest.h"
#include "detect-bytejump.h"
#include "detect-http-method.h"
#include "detect-http-cookie.h"
#include "util-spm.h"
#include "util-debug.h"
@ -22,14 +24,23 @@
#include "util-unittest-helper.h"
/** \brief Run the actual payload match functions
*
* The follwing keywords are inspected:
* - content
* - isdaatat
* - pcre
* - bytejump
* - bytetest
*
* All keywords are evaluated against the payload with payload_len.
*
* For accounting the last match in relative matching the
* det_ctx->payload_offset int is used.
*
* \param de_ctx Detection engine context
* \param det_ctx Detection engine thread context
* \param s Signature to inspect
* \param sm SigMatch to inspect
* \param f Flow
* \param flags app layer flags
* \param state App layer state
* \param p Packet
* \param payload ptr to the payload to inspect
* \param payload_len length of the payload
@ -38,9 +49,8 @@
* \retval 1 match
*/
static inline int DoInspectPacketPayload(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, Signature *s, SigMatch *sm, Flow *f,
uint8_t flags, void *alstate, Packet *p, uint8_t *payload,
uint32_t payload_len)
DetectEngineThreadCtx *det_ctx, Signature *s, SigMatch *sm,
Packet *p, uint8_t *payload, uint32_t payload_len)
{
SCEnter();
@ -78,9 +88,10 @@ static inline int DoInspectPacketPayload(DetectEngineCtx *de_ctx,
depth = payload_len;
if (cd->flags & DETECT_CONTENT_DISTANCE) {
/** \todo distance can be negative */
offset += cd->distance;
if (cd->distance < 0 && (uint32_t)(abs(cd->distance)) > offset)
offset = 0;
else
offset += cd->distance;
SCLogDebug("cd->distance %"PRIi32", offset %"PRIu32", depth %"PRIu32,
cd->distance, offset, depth);
@ -179,8 +190,8 @@ static inline int DoInspectPacketPayload(DetectEngineCtx *de_ctx,
/* see if the next payload keywords match. If not, we will
* search for another occurence of this content and see
* if the others match then */
int r = DoInspectPacketPayload(de_ctx,det_ctx,s,sm->next, f, flags, alstate, p, payload, payload_len);
* if the others match then until we run out of matches */
int r = DoInspectPacketPayload(de_ctx,det_ctx,s,sm->next, p, payload, payload_len);
if (r == 1) {
SCReturnInt(1);
}
@ -219,8 +230,7 @@ static inline int DoInspectPacketPayload(DetectEngineCtx *de_ctx,
{
SCLogDebug("inspecting pcre");
/** \todo consider ptrs */
int r = DetectPcreDoMatch(det_ctx, p, s, sm);
int r = DetectPcrePayloadMatch(det_ctx, p, s, sm);
if (r == 1) {
goto match;
}
@ -243,6 +253,7 @@ static inline int DoInspectPacketPayload(DetectEngineCtx *de_ctx,
goto match;
}
/* we should never get here, but bail out just in case */
default:
{
BUG_ON(1);
@ -250,16 +261,19 @@ static inline int DoInspectPacketPayload(DetectEngineCtx *de_ctx,
}
SCReturnInt(0);
match:
/* this sigmatch matched, inspect the next one. If it was the last,
* the payload portion of the signature matched. */
if (sm->next != NULL) {
int r = DoInspectPacketPayload(de_ctx,det_ctx,s,sm->next, f, flags, alstate, p, payload, payload_len);
int r = DoInspectPacketPayload(de_ctx,det_ctx,s,sm->next, p, payload, payload_len);
SCReturnInt(r);
} else {
SCReturnInt(1);
}
}
/** \brief Do the content inspection for a signature
/** \brief Do the content inspection & validation for a signature
*
* \param de_ctx Detection engine context
* \param det_ctx Detection engine thread context
@ -286,7 +300,7 @@ int DetectEngineInspectPacketPayload(DetectEngineCtx *de_ctx,
det_ctx->payload_offset = 0;
r = DoInspectPacketPayload(de_ctx, det_ctx, s, s->pmatch, f, flags, alstate, p, p->payload, p->payload_len);
r = DoInspectPacketPayload(de_ctx, det_ctx, s, s->pmatch, p, p->payload, p->payload_len);
if (r == 1) {
SCReturnInt(1);
}
@ -339,12 +353,34 @@ end:
return result;
}
/** \test Negative distance matching */
static int PayloadTestSig03 (void) {
uint8_t *buf = (uint8_t *)
"abcaBcd";
uint16_t buflen = strlen((char *)buf);
Packet *p = UTHBuildPacket( buf, buflen, IPPROTO_TCP);
int result = 0;
char sig[] = "alert tcp any any -> any any (content:\"aBc\"; nocase; content:\"abca\"; distance:-10; within:1; sid:1;)";
if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
result = 0;
goto end;
}
result = 1;
end:
if (p != NULL)
UTHFreePacket(p);
return result;
}
#endif /* UNITTESTS */
void PayloadRegisterTests(void) {
#ifdef UNITTESTS
UtRegisterTest("PayloadTestSig01", PayloadTestSig01, 1);
UtRegisterTest("PayloadTestSig02", PayloadTestSig02, 1);
UtRegisterTest("PayloadTestSig03", PayloadTestSig03, 1);
#endif /* UNITTESTS */
}

43
src/detect-http-cookie.c
Unescape Escape View File

@ -52,8 +52,24 @@ void DetectHttpCookieRegister (void) {
sigmatch_table[DETECT_AL_HTTP_COOKIE].flags |= SIGMATCH_PAYLOAD;
}
int DetectHttpCookieDoMatch(DetectEngineThreadCtx *det_ctx, Signature *s,
SigMatch *sm, Flow *f, uint8_t flags, void *state)
/**
* \brief match the specified content in the signature with the received http
* cookie header in the http request.
*
* \param t pointer to thread vars
* \param det_ctx pointer to the pattern matcher thread
* \param f pointer to the current flow
* \param flags flags to indicate the direction of the received packet
* \param state pointer the app layer state, which will cast into HtpState
* \param s pointer to the current signature
* \param sm pointer to the sigmatch
*
* \retval 0 no match
* \retval 1 match
*/
int DetectHttpCookieMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
Flow *f, uint8_t flags, void *state, Signature *s,
SigMatch *sm)
{
SCEnter();
@ -117,29 +133,6 @@ end:
SCReturnInt(ret);
}
/**
* \brief match the specified content in the signature with the received http
* cookie header in the http request.
*
* \param t pointer to thread vars
* \param det_ctx pointer to the pattern matcher thread
* \param f pointer to the current flow
* \param flags flags to indicate the direction of the received packet
* \param state pointer the app layer state, which will cast into HtpState
* \param s pointer to the current signature
* \param m pointer to the sigmatch that we will cast into DetectContentData
*
* \retval 0 no match
* \retval 1 match
*/
int DetectHttpCookieMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
Flow *f, uint8_t flags, void *state, Signature *s,
SigMatch *m)
{
int r = DetectHttpCookieDoMatch(det_ctx, s, m, f, flags, state);
SCReturnInt(r);
}
/**
* \brief this function setups the http_cookie modifier keyword used in the rule
*

51
src/detect-http-method.c
Unescape Escape View File

@ -53,9 +53,25 @@ void DetectHttpMethodRegister(void) {
SCLogDebug("registering http_method rule option");
}
int DetectHttpMethodDoMatch(DetectEngineThreadCtx *det_ctx, Signature *s, SigMatch *sm, Flow *f, uint8_t flags, void *state) {
/**
* \brief match the specified version on a tls session
*
* \param t pointer to thread vars
* \param det_ctx pointer to the pattern matcher thread
* \param f pointer to the current flow
* \param flags flags to indicate the direction of the received packet
* \param state pointer the app layer state, which will cast into HtpState
* \param sm pointer to the sigmatch
*
* \retval 0 no match
* \retval 1 match
*/
int DetectHttpMethodMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
Flow *f, uint8_t flags, void *state,
Signature *s, SigMatch *sm)
{
SCEnter();
uint8_t i;
size_t idx;
DetectHttpMethodData *data = (DetectHttpMethodData *)sm->ctx;
HtpState *hs = (HtpState *)state;
htp_tx_t *tx = NULL;
@ -67,16 +83,15 @@ int DetectHttpMethodDoMatch(DetectEngineThreadCtx *det_ctx, Signature *s, SigMat
}
SCMutexLock(&f->m);
for (i = hs->new_in_tx_index; i < list_size(hs->connp->conn->transactions); i++)
for ( idx = hs->new_in_tx_index;
idx < list_size(hs->connp->conn->transactions); idx++)
{
tx = list_get(hs->connp->conn->transactions, i);
tx = list_get(hs->connp->conn->transactions, idx);
if (tx == NULL)
continue;
/* Compare the numeric methods if they are known, otherwise compare
* the raw values.
*/
* the raw values. */
if (data->method != M_UNKNOWN) {
if (data->method == tx->request_method_number) {
SCLogDebug("Matched numeric HTTP method values.");
@ -85,7 +100,6 @@ int DetectHttpMethodDoMatch(DetectEngineThreadCtx *det_ctx, Signature *s, SigMat
} else if (tx->request_method != NULL) {
const uint8_t *meth_str = (const uint8_t *)
bstr_ptr(tx->request_method);
if ((meth_str != NULL) &&
SpmSearch((uint8_t*) meth_str, bstr_size(tx->request_method),
data->content, data->content_len) != NULL)
@ -101,27 +115,6 @@ int DetectHttpMethodDoMatch(DetectEngineThreadCtx *det_ctx, Signature *s, SigMat
SCReturnInt(ret);
}
/**
* \brief match the specified version on a tls session
*
* \param t pointer to thread vars
* \param det_ctx pointer to the pattern matcher thread
* \param f pointer to the current flow
* \param flags flags to indicate the direction of the received packet
* \param state pointer the app layer state, which will cast into HtpState
* \param m pointer to the sigmatch cast into DetectHttpMethodData
*
* \retval 0 no match
* \retval 1 match
*/
int DetectHttpMethodMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
Flow *f, uint8_t flags, void *state,
Signature *s, SigMatch *sm)
{
int r = DetectHttpMethodDoMatch(det_ctx, s, sm, f, flags, state);
SCReturnInt(r);
}
/**
* \brief this function is used to add the parsed "http_method" option
* \brief into the current signature

7
src/detect-offset.c
Unescape Escape View File

@ -3,11 +3,12 @@
#include "suricata-common.h"
#include "decode.h"
#include "detect.h"
#include "flow-var.h"
#include "detect.h"
#include "detect-content.h"
#include "detect-pcre.h"
#include "detect-uricontent.h"
#include "flow-var.h"
#include "util-debug.h"

41
src/detect-pcre.c
Unescape Escape View File

@ -167,7 +167,7 @@ int DetectPcreALDoMatch(DetectEngineThreadCtx *det_ctx, Signature *s, SigMatch *
int wspace[255];
int flags = PCRE_PARTIAL;
BodyChunk *cur = htp_state->body.first;
HtpBodyChunk *cur = htp_state->body.first;
if (cur == NULL) {
SCLogDebug("No body chunks to inspect");
goto unlock;
@ -239,7 +239,18 @@ int DetectPcreALMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f,
SCReturnInt(r);
}
int DetectPcreDoMatch(DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, SigMatch *sm) {
/**
* \brief match a regex on a single payload'
*
* \param det_ctx thread detection ctx
* \param p packet
* \param s signature
* \param sm sig match to match against
*
* \retval 1: match
* \retval 0: no match
*/
int DetectPcrePayloadMatch(DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, SigMatch *sm) {
SCEnter();
#define MAX_SUBSTRINGS 30
int ret = 0;
@ -269,24 +280,28 @@ int DetectPcreDoMatch(DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, S
len = p->payload_len;
}
//printf("DetectPcre: ptr %p, len %" PRIu32 "\n", ptr, len);
/* run the actual pcre detection */
ret = pcre_exec(pe->re, pe->sd, (char *)ptr, len, 0, 0, ov, MAX_SUBSTRINGS);
SCLogDebug("ret %d (negating %s)", ret, pe->negate ? "set" : "not set");
if (ret == PCRE_ERROR_NOMATCH) {
if (pe->negate == 1) {
/* regex didn't match with negate option means we consider it a match */
/* regex didn't match with negate option means we
* consider it a match */
ret = 1;
} else {
ret = 0;
}
} else if (ret >= 0) {
if (pe->negate == 1) {
/* regex matched but we're negated, so not considering it a match */
/* regex matched but we're negated, so not
* considering it a match */
ret = 0;
} else {
/* regex matched and we're not negated, considering it a match */
/* regex matched and we're not negated,
* considering it a match */
/* see if we need to do substring capturing. */
if (ret > 1 && pe->capidx != 0) {
const char *str_ptr;
ret = pcre_get_substring((char *)ptr, ov, MAX_SUBSTRINGS, 1, &str_ptr);
@ -298,6 +313,7 @@ int DetectPcreDoMatch(DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, S
}
}
}
/* update offset for pcre RELATIVE */
det_ctx->payload_offset = (ptr+ov[1]) - p->payload;
@ -316,15 +332,20 @@ int DetectPcreDoMatch(DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, S
* DetectPcreALMatch is used if we parse the option 'P'
*
* \param t pointer to the threadvars structure
* \param t pointer to the threadvars structure
* \param det_ctx thread detection ctx
* \param p packet
* \param s signature
* \param sm sig match to match against
*
* \retval 1: match ; 0 No Match; -1: error
* \retval 1: match
* \retval 0: no match
*/
int DetectPcreMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p,
Signature *s, SigMatch *sm)
{
SCEnter();
SCReturnInt(DetectPcreDoMatch(det_ctx,p,s,sm));
int r = DetectPcrePayloadMatch(det_ctx, p, s, sm);
SCReturnInt(r);
}
DetectPcreData *DetectPcreParse (char *regexstr)

31
src/detect-pcre.h
Unescape Escape View File

@ -1,21 +1,15 @@
#ifndef __DETECT_PCRE_H__
#define __DETECT_PCRE_H__
#define DETECT_PCRE_DISTANCE 0x0001
#define DETECT_PCRE_WITHIN 0x0002
#define DETECT_PCRE_RELATIVE 0x0004
#define DETECT_PCRE_RELATIVE 0x01
#define DETECT_PCRE_RAWBYTES 0x02
#define DETECT_PCRE_URI 0x04
#define DETECT_PCRE_DISTANCE_NEXT 0x0008
#define DETECT_PCRE_WITHIN_NEXT 0x0010
#define DETECT_PCRE_CAPTURE_PKT 0x08
#define DETECT_PCRE_CAPTURE_FLOW 0x10
#define DETECT_PCRE_MATCH_LIMIT 0x20
#define DETECT_PCRE_RAWBYTES 0x0020
#define DETECT_PCRE_URI 0x0040
#define DETECT_PCRE_CAPTURE_PKT 0x0080
#define DETECT_PCRE_CAPTURE_FLOW 0x0100
#define DETECT_PCRE_MATCH_LIMIT 0x0200
#define DETECT_PCRE_HTTP_BODY_AL 0x0400
#define DETECT_PCRE_HTTP_BODY_AL 0x40
typedef struct DetectPcreData_ {
/* pcre options */
@ -23,13 +17,7 @@ typedef struct DetectPcreData_ {
pcre_extra *sd;
int opts;
/* match position vars */
uint16_t depth;
uint16_t offset;
int32_t within;
int32_t distance;
uint16_t flags;
uint8_t flags;
uint8_t negate;
char *capname;
@ -37,8 +25,7 @@ typedef struct DetectPcreData_ {
} DetectPcreData;
/* prototypes */
int DetectPcreDoMatch(DetectEngineThreadCtx *, Packet *, Signature *, SigMatch *);
int DetectPcreALDoMatch(DetectEngineThreadCtx *, Signature *, SigMatch *, Flow *, uint8_t, void *);
int DetectPcrePayloadMatch(DetectEngineThreadCtx *, Packet *, Signature *, SigMatch *);
void DetectPcreRegister (void);
#endif /* __DETECT_PCRE_H__ */

8
src/detect-urilen.c
Unescape Escape View File

@ -89,7 +89,7 @@ int DetectUrilenMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f,
{
SCEnter();
int ret = 0;
uint8_t i;
size_t idx = 0;
DetectUrilenData *urilend = (DetectUrilenData *) m->ctx;
HtpState *htp_state = (HtpState *)state;
@ -101,10 +101,10 @@ int DetectUrilenMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f,
SCMutexLock(&f->m);
htp_tx_t *tx = NULL;
for (i = htp_state->new_in_tx_index;
i < list_size(htp_state->connp->conn->transactions); i++)
for (idx = htp_state->new_in_tx_index;
idx < list_size(htp_state->connp->conn->transactions); idx++)
{
tx = list_get(htp_state->connp->conn->transactions, i);
tx = list_get(htp_state->connp->conn->transactions, idx);
if (tx == NULL || tx->request_uri_normalized == NULL)
goto end;

7
src/detect-within.c
Unescape Escape View File

@ -5,12 +5,15 @@
*/
#include "suricata-common.h"
#include "decode.h"
#include "detect.h"
#include "flow-var.h"
#include "detect-content.h"
#include "detect-uricontent.h"
#include "detect-pcre.h"
#include "flow-var.h"
#include "util-debug.h"
static int DetectWithinSetup (DetectEngineCtx *, Signature *, char *);

24
src/log-httplog.c
Unescape Escape View File

@ -89,7 +89,7 @@ TmEcode LogHttpLogIPv4(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq)
SCEnter();
LogHttpLogThread *aft = (LogHttpLogThread *)data;
char timebuf[64];
uint8_t i = 0;
size_t idx = 0;
/* no flow, no htp state */
if (p->flow == NULL) {
@ -135,10 +135,10 @@ TmEcode LogHttpLogIPv4(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq)
}
SCMutexLock(&aft->file_ctx->fp_mutex);
for (i = htp_state->new_in_tx_index;
i < list_size(htp_state->connp->conn->transactions); i++)
for (idx = htp_state->new_in_tx_index;
idx < list_size(htp_state->connp->conn->transactions); idx++)
{
tx = list_get(htp_state->connp->conn->transactions, i);
tx = list_get(htp_state->connp->conn->transactions, idx);
if (tx == NULL) {
SCLogDebug("tx is NULL not logging !!");
continue;
@ -181,12 +181,12 @@ TmEcode LogHttpLogIPv4(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq)
/* ip/tcp header info */
fprintf(aft->file_ctx->fp, " [**] %s:%" PRIu32 " -> %s:%" PRIu32 "\n",
srcip, sp, dstip, dp);
aft->uri_cnt ++;
}
fflush(aft->file_ctx->fp);
SCMutexUnlock(&aft->file_ctx->fp_mutex);
aft->uri_cnt += list_size(htp_state->connp->conn->transactions) -
htp_state->new_in_tx_index;
htp_state->flags &= ~HTP_FLAG_NEW_REQUEST;
end:
SCMutexUnlock(&p->flow->m);
@ -198,7 +198,7 @@ TmEcode LogHttpLogIPv6(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq)
SCEnter();
LogHttpLogThread *aft = (LogHttpLogThread *)data;
char timebuf[64];
uint8_t i = 0;
size_t idx = 0;
/* no flow, no htp state */
if (p->flow == NULL) {
@ -244,10 +244,10 @@ TmEcode LogHttpLogIPv6(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq)
dp = p->sp;
}
SCMutexLock(&aft->file_ctx->fp_mutex);
for (i = htp_state->new_in_tx_index;
i < list_size(htp_state->connp->conn->transactions); i++)
for (idx = htp_state->new_in_tx_index;
idx < list_size(htp_state->connp->conn->transactions); idx++)
{
tx = list_get(htp_state->connp->conn->transactions, i);
tx = list_get(htp_state->connp->conn->transactions, idx);
if (tx == NULL) {
SCLogDebug("tx is NULL not logging !!");
continue;
@ -290,12 +290,12 @@ TmEcode LogHttpLogIPv6(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq)
/* ip/tcp header info */
fprintf(aft->file_ctx->fp, " [**] %s:%" PRIu32 " -> %s:%" PRIu32 "\n",
srcip, sp, dstip, dp);
aft->uri_cnt++;
}
fflush(aft->file_ctx->fp);
SCMutexUnlock(&aft->file_ctx->fp_mutex);
aft->uri_cnt += list_size(htp_state->connp->conn->transactions) -
htp_state->new_in_tx_index;
htp_state->flags &= ~HTP_FLAG_NEW_REQUEST;
end:
SCMutexUnlock(&p->flow->m);

Write Preview
Loading…
Cancel
Save