aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix iponly matching.

Browse Source
remotes/origin/master-1.0.x
Victor Julien 16 years ago
parent 766ebed4d4
commit 84aa365a3b
3 changed files with 21 additions and 7 deletions
Show Stats Download Patch File Download Diff File

20
src/detect-engine-iponly.c
Unescape Escape View File

@ -327,21 +327,22 @@ void IPOnlyMatchPacket(DetectEngineCtx *de_ctx, DetectEngineIPOnlyCtx *io_ctx,
//printf("Let's inspect the sigs\n"); //printf("Let's inspect the sigs\n");
u_int32_t sig_cnt; //u_int32_t sig_cnt;
if (src->sh->sig_cnt > dst->sh->sig_cnt) sig_cnt = dst->sh->sig_cnt; //if (src->sh->sig_cnt > dst->sh->sig_cnt) sig_cnt = dst->sh->sig_cnt;
else sig_cnt = src->sh->sig_cnt; //else sig_cnt = src->sh->sig_cnt;
/* ...the result is that only the sigs with both /* ...the result is that only the sigs with both
* enable match */ * enable match */
u_int32_t idx; u_int32_t idx;
for (idx = 0; idx < sig_cnt; idx++) { for (idx = 0; idx < io_ctx->sig_cnt; idx++) {
u_int32_t sig = io_ctx->match_array[idx]; u_int32_t sig = io_ctx->match_array[idx];
//printf("sig internal id %u\n", sig); //printf("sig internal id %u\n", sig);
/* sig doesn't match */ /* sig doesn't match */
if (!(io_tctx->sig_match_array[(sig / 8)] & (1<<(sig % 8)))) if (!(io_tctx->sig_match_array[(sig / 8)] & (1<<(sig % 8)))) {
continue; continue;
}
Signature *s = de_ctx->sig_array[sig]; Signature *s = de_ctx->sig_array[sig];
if (s == NULL) if (s == NULL)
@ -374,6 +375,7 @@ int IPOnlyBuildMatchArray(DetectEngineCtx *de_ctx, DetectEngineIPOnlyCtx *io_ctx
u_int32_t idx = 0; u_int32_t idx = 0;
u_int32_t sig = 0; u_int32_t sig = 0;
//printf("IPOnlyBuildMatchArray: max_idx %u\n", io_ctx->max_idx);
for (sig = 0; sig < io_ctx->max_idx + 1; sig++) { for (sig = 0; sig < io_ctx->max_idx + 1; sig++) {
if (!(io_ctx->sig_init_array[(sig/8)] & (1<<(sig%8)))) if (!(io_ctx->sig_init_array[(sig/8)] & (1<<(sig%8))))
continue; continue;
@ -384,6 +386,7 @@ int IPOnlyBuildMatchArray(DetectEngineCtx *de_ctx, DetectEngineIPOnlyCtx *io_ctx
io_ctx->sig_cnt++; io_ctx->sig_cnt++;
} }
//printf("IPOnlyBuildMatchArray: sig_cnt %u\n", io_ctx->sig_cnt);
io_ctx->match_array = malloc(io_ctx->sig_cnt * sizeof(u_int32_t)); io_ctx->match_array = malloc(io_ctx->sig_cnt * sizeof(u_int32_t));
if (io_ctx->match_array == NULL) if (io_ctx->match_array == NULL)
@ -402,6 +405,7 @@ int IPOnlyBuildMatchArray(DetectEngineCtx *de_ctx, DetectEngineIPOnlyCtx *io_ctx
io_ctx->match_array[idx] = s->num; io_ctx->match_array[idx] = s->num;
idx++; idx++;
} }
//printf("IPOnlyBuildMatchArray: idx %u\n", idx);
return 0; return 0;
} }
@ -414,26 +418,32 @@ void IPOnlyPrepare(DetectEngineCtx *de_ctx) {
if (hb == NULL) if (hb == NULL)
return; return;
//printf("SRC: ");
for ( ; hb != NULL; hb = HashListTableGetListNext(hb)) { for ( ; hb != NULL; hb = HashListTableGetListNext(hb)) {
DetectAddressGroup *gr = (DetectAddressGroup *)HashListTableGetListData(hb); DetectAddressGroup *gr = (DetectAddressGroup *)HashListTableGetListData(hb);
if (gr == NULL) if (gr == NULL)
continue; continue;
SigGroupHeadSetSigCnt(gr->sh, de_ctx->io_ctx.max_idx); SigGroupHeadSetSigCnt(gr->sh, de_ctx->io_ctx.max_idx);
//printf("%u ", gr->sh->sig_cnt);
} }
//printf("\n");
/* destination: set sig_cnt */ /* destination: set sig_cnt */
hb = HashListTableGetListHead(de_ctx->io_ctx.ht16_dst); hb = HashListTableGetListHead(de_ctx->io_ctx.ht16_dst);
if (hb == NULL) if (hb == NULL)
return; return;
//printf("DST: ");
for ( ; hb != NULL; hb = HashListTableGetListNext(hb)) { for ( ; hb != NULL; hb = HashListTableGetListNext(hb)) {
DetectAddressGroup *gr = (DetectAddressGroup *)HashListTableGetListData(hb); DetectAddressGroup *gr = (DetectAddressGroup *)HashListTableGetListData(hb);
if (gr == NULL) if (gr == NULL)
continue; continue;
SigGroupHeadSetSigCnt(gr->sh, de_ctx->io_ctx.max_idx); SigGroupHeadSetSigCnt(gr->sh, de_ctx->io_ctx.max_idx);
//printf("%u ", gr->sh->sig_cnt);
} }
//printf("\n");
} }
void IPOnlyAddSignature(DetectEngineCtx *de_ctx, DetectEngineIPOnlyCtx *io_ctx, Signature *s) { void IPOnlyAddSignature(DetectEngineCtx *de_ctx, DetectEngineIPOnlyCtx *io_ctx, Signature *s) {

4
src/detect-engine-mpm.c
Unescape Escape View File

@ -10,6 +10,7 @@
#include "detect-engine.h" #include "detect-engine.h"
#include "detect-engine-siggroup.h" #include "detect-engine-siggroup.h"
#include "detect-engine-mpm.h" #include "detect-engine-mpm.h"
#include "detect-engine-iponly.h"
#include "util-mpm.h" #include "util-mpm.h"
#include "flow.h" #include "flow.h"
@ -830,6 +831,9 @@ int PatternMatcherThreadInit(ThreadVars *t, void *initdata, void **data) {
} }
memset(pmt->pmq.sig_bitarray, 0, max_sig_id / 8 + 1); memset(pmt->pmq.sig_bitarray, 0, max_sig_id / 8 + 1);
/* IP-ONLY */
DetectEngineIPOnlyThreadInit(de_ctx,&pmt->io_ctx);
*data = (void *)pmt; *data = (void *)pmt;
//printf("PatternMatcherThreadInit: data %p pmt %p\n", *data, pmt); //printf("PatternMatcherThreadInit: data %p pmt %p\n", *data, pmt);
return 0; return 0;

4
src/detect.c
Unescape Escape View File

@ -3625,7 +3625,7 @@ int SigTest19 (void) {
SigGroupBuild(g_de_ctx); SigGroupBuild(g_de_ctx);
PatternMatchPrepare(mpm_ctx); PatternMatchPrepare(mpm_ctx);
PatternMatcherThreadInit(&th_v, (void *)g_de_ctx,(void *)&pmt); PatternMatcherThreadInit(&th_v, (void *)g_de_ctx,(void *)&pmt);
DetectEngineIPOnlyThreadInit(g_de_ctx,&pmt->io_ctx); //DetectEngineIPOnlyThreadInit(g_de_ctx,&pmt->io_ctx);
SigMatchSignatures(&th_v, pmt, &p); SigMatchSignatures(&th_v, pmt, &p);
if (PacketAlertCheck(&p, 999)) if (PacketAlertCheck(&p, 999))
@ -3680,7 +3680,7 @@ int SigTest20 (void) {
SigGroupBuild(g_de_ctx); SigGroupBuild(g_de_ctx);
PatternMatchPrepare(mpm_ctx); PatternMatchPrepare(mpm_ctx);
PatternMatcherThreadInit(&th_v, (void *)g_de_ctx,(void *)&pmt); PatternMatcherThreadInit(&th_v, (void *)g_de_ctx,(void *)&pmt);
DetectEngineIPOnlyThreadInit(g_de_ctx,&pmt->io_ctx); //DetectEngineIPOnlyThreadInit(g_de_ctx,&pmt->io_ctx);
SigMatchSignatures(&th_v, pmt, &p); SigMatchSignatures(&th_v, pmt, &p);
if (PacketAlertCheck(&p, 999)) if (PacketAlertCheck(&p, 999))

Write Preview
Loading…
Cancel
Save