aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

suppress: use DetectAddress instead of DetectAddressHead

Browse Source
remotes/origin/master-1.1.x
Eric Leblond 14 years ago committed by Victor Julien
parent 8ff8ec4f82
commit 8787e6f6d0
4 changed files with 35 additions and 11 deletions
Show Stats Download Patch File Download Diff File

8
src/detect-engine-threshold.c
Unescape Escape View File

@ -534,13 +534,13 @@ int PacketAlertThreshold(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx
} }
case TYPE_SUPPRESS: case TYPE_SUPPRESS:
{ {
DetectAddress *res = NULL; int res = 0;
switch (td->track) { switch (td->track) {
case TRACK_DST: case TRACK_DST:
res = DetectAddressLookupInHead(&td->addr, &p->dst); res = DetectAddressMatch(td->addr, &p->dst);
break; break;
case TRACK_SRC: case TRACK_SRC:
res = DetectAddressLookupInHead(&td->addr, &p->src); res = DetectAddressMatch(td->addr, &p->src);
break; break;
case TRACK_RULE: case TRACK_RULE:
default: default:
@ -548,7 +548,7 @@ int PacketAlertThreshold(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx
"track mode %d is not supported", td->track); "track mode %d is not supported", td->track);
break; break;
} }
if (res == NULL) if (res == 0)
ret = 1; ret = 1;
break; break;
} }

6
src/detect-threshold.c
Unescape Escape View File

@ -44,6 +44,7 @@
#include "detect-threshold.h" #include "detect-threshold.h"
#include "detect-parse.h" #include "detect-parse.h"
#include "detect-engine-address.h"
#include "util-unittest.h" #include "util-unittest.h"
#include "util-unittest-helper.h" #include "util-unittest-helper.h"
@ -276,7 +277,10 @@ error:
*/ */
static void DetectThresholdFree(void *de_ptr) { static void DetectThresholdFree(void *de_ptr) {
DetectThresholdData *de = (DetectThresholdData *)de_ptr; DetectThresholdData *de = (DetectThresholdData *)de_ptr;
if (de) SCFree(de); if (de) {
DetectAddressFree(de->addr);
SCFree(de);
}
} }
/* /*

3
src/detect-threshold.h
Unescape Escape View File

@ -62,8 +62,7 @@ typedef struct DetectThresholdData_ {
uint8_t new_action; /**< new_action alert|drop|pass|log|sdrop|reject */ uint8_t new_action; /**< new_action alert|drop|pass|log|sdrop|reject */
uint32_t timeout; /**< timeout */ uint32_t timeout; /**< timeout */
uint32_t flags; /**< flags used to set option */ uint32_t flags; /**< flags used to set option */
/* TODO take care of free of allocated */ DetectAddress* addr; /**< address group used by suppress keyword */
DetectAddressHead addr; /**< address group used by suppress keyword */
} DetectThresholdData; } DetectThresholdData;
typedef struct DetectThresholdEntry_ { typedef struct DetectThresholdEntry_ {

29
src/util-threshold-config.c
Unescape Escape View File

@ -535,9 +535,15 @@ int SCThresholdConfAddThresholdtype(char *rawstr, DetectEngineCtx *de_ctx)
de->seconds = parsed_seconds; de->seconds = parsed_seconds;
de->new_action = parsed_new_action; de->new_action = parsed_new_action;
de->timeout = parsed_timeout; de->timeout = parsed_timeout;
de->addr = NULL;
if ((parsed_type == TYPE_SUPPRESS) && (parsed_track != TRACK_RULE)) { if ((parsed_type == TYPE_SUPPRESS) && (parsed_track != TRACK_RULE)) {
if (DetectAddressParse(&de->addr, (char *)th_ip) < 0) { de->addr = DetectAddressInit();
if (de->addr == NULL) {
SCLogError(SC_ERR_MEM_ALLOC, "Can't init DetectAddress");
goto error;
}
if (DetectAddressParseString(de->addr, (char *)th_ip) < 0) {
SCLogError(SC_ERR_INVALID_IP_NETBLOCK, "Can't add %s to address group", th_ip); SCLogError(SC_ERR_INVALID_IP_NETBLOCK, "Can't add %s to address group", th_ip);
goto error; goto error;
} }
@ -598,9 +604,15 @@ int SCThresholdConfAddThresholdtype(char *rawstr, DetectEngineCtx *de_ctx)
de->seconds = parsed_seconds; de->seconds = parsed_seconds;
de->new_action = parsed_new_action; de->new_action = parsed_new_action;
de->timeout = parsed_timeout; de->timeout = parsed_timeout;
de->addr = NULL;
if ((parsed_type == TYPE_SUPPRESS) && (parsed_track != TRACK_RULE)) { if ((parsed_type == TYPE_SUPPRESS) && (parsed_track != TRACK_RULE)) {
if (DetectAddressParse(&de->addr, (char *)th_ip) < 0) { de->addr = DetectAddressInit();
if (de->addr == NULL) {
SCLogError(SC_ERR_MEM_ALLOC, "Can't init DetectAddress");
goto error;
}
if (DetectAddressParseString(de->addr, (char *)th_ip) < 0) {
SCLogError(SC_ERR_INVALID_IP_NETBLOCK, "Can't add %s to address group", th_ip); SCLogError(SC_ERR_INVALID_IP_NETBLOCK, "Can't add %s to address group", th_ip);
goto error; goto error;
} }
@ -663,9 +675,15 @@ int SCThresholdConfAddThresholdtype(char *rawstr, DetectEngineCtx *de_ctx)
de->seconds = parsed_seconds; de->seconds = parsed_seconds;
de->new_action = parsed_new_action; de->new_action = parsed_new_action;
de->timeout = parsed_timeout; de->timeout = parsed_timeout;
de->addr = NULL;
if ((parsed_type == TYPE_SUPPRESS) && (parsed_track != TRACK_RULE)) { if ((parsed_type == TYPE_SUPPRESS) && (parsed_track != TRACK_RULE)) {
if (DetectAddressParse(&de->addr, (char *)th_ip) < 0) { de->addr = DetectAddressInit();
if (de->addr == NULL) {
SCLogError(SC_ERR_MEM_ALLOC, "Can't init DetectAddress");
goto error;
}
if (DetectAddressParseString(de->addr, (char *)th_ip) < 0) {
SCLogError(SC_ERR_INVALID_IP_NETBLOCK, "Can't add %s to address group", th_ip); SCLogError(SC_ERR_INVALID_IP_NETBLOCK, "Can't add %s to address group", th_ip);
goto error; goto error;
} }
@ -703,7 +721,10 @@ end:
fret = 0; fret = 0;
error: error:
if (fret == -1) { if (fret == -1) {
if(de != NULL) SCFree(de); if (de != NULL) {
if (de->addr != NULL) DetectAddressFree(de->addr);
SCFree(de);
}
} }
if(th_rule_type != NULL) SCFree((char *)th_rule_type); if(th_rule_type != NULL) SCFree((char *)th_rule_type);
if(th_sid != NULL) SCFree((char *)th_sid); if(th_sid != NULL) SCFree((char *)th_sid);

Write Preview
Loading…
Cancel
Save