Comment updates.

16 years ago · 8397413942
parent 9c7f5afa79
commit 8397413942
20 changed files with 44 additions and 42 deletions
--- a/src/alert-debuglog.c
+++ b/src/alert-debuglog.c
@ -3,7 +3,7 @@
 /* alert debuglog
 *
 * TODO
- * - figure out a way to safely print detection engine info
+ * - figure out a way to (thread) safely print detection engine info
 *   - maybe by having a log queue in the packet
 *   - maybe by accessing it just and hoping threading doesn't hurt
 */
--- a/src/decode-udp.h
+++ b/src/decode-udp.h
@ -25,7 +25,6 @@ typedef struct _UDPHdr
 typedef struct _UDPVars
 {
    u_int8_t hlen;
-}
-UDPVars;
+} UDPVars;

 #endif /* __DECODE_UDP_H__ */
--- a/src/detect-engine-iponly.c
+++ b/src/detect-engine-iponly.c
@ -2,6 +2,11 @@

 /* TODO: needs a lot of work
 *
+ * The dificulty with ip only matching is that we need to support (very large)
+ * netblocks as well. So we can't just add every single ip to a hash as that
+ * would be consuming to much memory. Thats why I've chosen to have a hash of
+ * /16's with a list inside them. If a netblock to add is bigger than a /16, 
+ * we split it into /16's.
 */

 #include "vips.h"
--- a/src/detect-engine-mpm.c
+++ b/src/detect-engine-mpm.c
@ -235,6 +235,11 @@ void ContentHashFree(void *ch) {

 /* Predict a strength value for patterns
 *
+ * Patterns with high character diversity score higher.
+ * Alpha chars score not so high
+ * Other printable + a few common codes a little higher
+ * Everything else highest.
+ * Longer patterns score better than short patters.
 */
 u_int32_t PatternStrength(u_int8_t *pat, u_int16_t patlen, u_int16_t len) {
    u_int8_t a[256];
--- a/src/detect-engine-proto.h
+++ b/src/detect-engine-proto.h
@ -4,7 +4,7 @@
 #define DETECT_PROTO_ANY 0x1

 typedef struct DetectProto_ {
-    u_int8_t proto[32]; /* bitarray 256/8 */
+    u_int8_t proto[256/8]; /* bitarray for 256 bits */
    u_int8_t flags;
 } DetectProto;

--- a/src/detect-flowbits.c
+++ b/src/detect-flowbits.c
@ -1,4 +1,4 @@
-/* Simple pktvar content match part of the detection engine.
+/* Simple Snort compatible flowbits implementation.
 *
 * Copyright (C) 2008 by Victor Julien <victor@inliniac.net>
 *
--- a/src/detect-uricontent.c
+++ b/src/detect-uricontent.c
@ -2,21 +2,6 @@
 *
 * Copyright (C) 2008 by Victor Julien <victor@inliniac.net> */

-/* This is a very important part of the detection engine, and certainly one
- * of the most complex parts. String searching is complex and expensive,
- * and thus worth optimizing. The way that is done here is by only running
- * the pattern matcher once for every packet. In this search, all search words,
- * the 'content' matches, are looked for. All results, of all the search words
- * are stored in a array of lists. The array is an array of MpmMatchBucket's,
- * that can be entered through the DetectContentData id field. There, it finds
- * the bucket containing a list of 0, 1, or more matches of that content match.
- * The list contains MpmMatch items, that contain an offset field. This field
- * is the possition of the last character in the match.
- *
- * XXX more later....
- *
- */
-
 #include <ctype.h>
 #include "decode.h"
 #include "detect.h"
--- a/src/detect.c
+++ b/src/detect.c
@ -1,4 +1,4 @@
-/* Basic detection engine datastructure */
+/* Basic detection engine */

 #include <pcre.h>

--- a/src/flow-bit.c
+++ b/src/flow-bit.c
@ -21,9 +21,7 @@
 #include "util-var.h"
 #include "util-unittest.h"

-/* get the flowbit with name 'name' from the flow
- *
- * name is a normal string*/
+/* get the flowbit with idx from the flow */
 static FlowBit *FlowBitGet(Flow *f, u_int16_t idx) {
    GenericVar *gv = f->flowvar;
    for ( ; gv != NULL; gv = gv->next) {
--- a/src/flow-hash.c
+++ b/src/flow-hash.c
@ -79,10 +79,10 @@ Flow *FlowGetFlowFromHash (Packet *p)

    /* see if the bucket already has a flow */
    if (fb->f == NULL) {
-        /* no, so get one */
+        /* no, so get a new one */
        f = fb->f = FlowDequeue(&flow_spare_q);
        if (f == NULL) {
-            flow_flags |= FLOW_EMERGENCY;
+            flow_flags |= FLOW_EMERGENCY; /* XXX mutex this */

            f = fb->f = FlowAlloc();
            if (f == NULL) {
@ -123,7 +123,7 @@ Flow *FlowGetFlowFromHash (Packet *p)
                /* get us a new one and put it and the list tail */
                f = pf->hnext = FlowDequeue(&flow_spare_q);
                if (f == NULL) {
-                    flow_flags |= FLOW_EMERGENCY;
+                    flow_flags |= FLOW_EMERGENCY; /* XXX mutex this */

                    f = fb->f = FlowAlloc();
                    if (f == NULL) {
--- a/src/flow-queue.h
+++ b/src/flow-queue.h
@ -5,7 +5,7 @@

 #include "flow.h"

-/* Define a queue for storing unused flows */
+/* Define a queue for storing flows */
 typedef struct _FlowQueue
 {
    Flow *top;
--- a/src/flow.h
+++ b/src/flow.h
@ -32,6 +32,7 @@ typedef struct _FlowCnf

 } FlowConfig;

+/* Hash key for the flow hash */
 typedef struct _FlowKey
 {
    Address src, dst;
--- a/src/packet-queue.h
+++ b/src/packet-queue.h
@ -5,6 +5,8 @@

 #include <pthread.h>
 #include "decode.h"
+
+/* XXX: moved to decode.h */
 #if 0
 typedef struct _PacketQueue {
    Packet *top;
--- a/src/source-nfq.c
+++ b/src/source-nfq.c
@ -1,7 +1,7 @@
 /* Copyright (c) 2008 Victor Julien <victor@inliniac.net> */

 /* TODO
- * - test in Receive and Verdict if both are present
+ * - test if Receive and Verdict if both are present
 *
 *
 *
@ -109,7 +109,7 @@ void NFQSetupPkt (Packet *p, void *data)
    return;
 }

-static int cb(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,
+static int NFQCallBack(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,
 	      struct nfq_data *nfa, void *data)
 {
    NFQThreadVars *ntv = (NFQThreadVars *)data;
@ -174,7 +174,7 @@ int NFQInitThread(NFQThreadVars *nfq_t, u_int16_t queue_num, u_int32_t queue_max

    /* pass the thread memory as a void ptr so the
     * callback function has access to it. */
-    nfq_t->qh = nfq_create_queue(nfq_t->h, nfq_t->queue_num, &cb, (void *)nfq_t);
+    nfq_t->qh = nfq_create_queue(nfq_t->h, nfq_t->queue_num, &NFQCallBack, (void *)nfq_t);
    if (nfq_t->qh == NULL)
    {
        printf("error during nfq_create_queue()\n");
@ -231,7 +231,7 @@ int ReceiveNFQThreadInit(ThreadVars *tv, void *initdata, void **data) {
    NFQThreadVars *ntv = &nfq_t[receive_queue_num];

    /* store the ThreadVars pointer in our NFQ thread context
-     * as we will need it in our cb function */
+     * as we will need it in our callback function */
    ntv->tv = tv;

    int r = NFQInitThread(ntv,receive_queue_num,MAX_PENDING);
--- a/src/util-mpm-trie.c
+++ b/src/util-mpm-trie.c
@ -13,6 +13,8 @@
 #include "util-mpm-trie.h"

 #include "util-unittest.h"
+
+/* XXX can be removed. */
 #if 0
 /*
 * TODO/IDEAS/XXX
--- a/src/util-time.c
+++ b/src/util-time.c
@ -1,4 +1,4 @@
-/* Time keeping for non-live packet handling (pcap files) */
+/* Time keeping for offline (non-live) packet handling (pcap files) */

 #include "vips.h"
 #include "detect.h"
@ -12,7 +12,7 @@ void TimeModeSetLive(void) {
    live = TRUE;
 }

-void TimeModeSetNonlive (void) {
+void TimeModeSetOffline (void) {
    live = FALSE;
 }

--- a/src/util-time.h
+++ b/src/util-time.h
@ -4,7 +4,7 @@
 void TimeSet(struct timeval *);
 void TimeGet(struct timeval *);
 void TimeModeSetLive(void);
-void TimeModeSetNonlive (void);
+void TimeModeSetOffline (void);

 #endif /* __UTIL_TIME_H__ */

--- a/src/util-unittest.c
+++ b/src/util-unittest.c
@ -4,7 +4,7 @@

 #include "util-unittest.h"

-UtTest *ut_list;
+static UtTest *ut_list;

 static UtTest *UtAllocTest(void) {
    UtTest *ut = malloc(sizeof(UtTest));
--- a/src/vips.c
+++ b/src/vips.c
@ -569,7 +569,7 @@ int RunModeIpsNFQ(void) {

 int RunModeFilePcap(char *file) {
    printf("RunModeFilePcap: file %s\n", file);
-    TimeModeSetNonlive();
+    TimeModeSetOffline();

    /* create the threads */
    ThreadVars *tv_receivepcap = TmThreadCreate("ReceivePcapFile","packetpool","packetpool","pickup-queue","simple","1slot_noinout");
--- a/src/vips.h
+++ b/src/vips.h
@ -11,8 +11,6 @@

 #include "packet-queue.h"

-/* maximum number of simultanious threads. */
-#define NUM_THREADS 256
 /* max packets processed simultaniously */
 #define MAX_PENDING 50

@ -21,7 +19,10 @@

 /* number of packets in processing right now
 * This is the diff between recv'd and verdicted
- * pkts */
+ * pkts
+ * XXX this should be turned into an api located
+ * in the packetpool code
+ */
 u_int32_t pending;
 #ifdef DBG_PERF
 u_int32_t dbg_maxpending;
@ -29,9 +30,13 @@ u_int32_t dbg_maxpending;
 pthread_mutex_t mutex_pending;
 pthread_cond_t cond_pending;

-/* preallocated packet structures here */
+/* preallocated packet structures here
+ * XXX move to the packetpool queue handler code
+ */
 PacketQueue packet_q;
-/* queue's between various other threads */
+/* queue's between various other threads
+ * XXX move to the TmQueue structure later
+ */
 PacketQueue trans_q[256];

 /* uppercase to lowercase conversion lookup table */