aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

flowbits, flowvars, pktvars, flow flags and app layer info added to alert-debug.log

Browse Source
remotes/origin/master-1.0.x
Gurvinder Singh 15 years ago committed by Victor Julien
parent 95fef55507
commit 8852b83fa7
11 changed files with 240 additions and 48 deletions
Show Stats Download Patch File Download Diff File

148
src/alert-debuglog.c
Unescape Escape View File

@ -46,6 +46,9 @@
#include "output.h"
#include "alert-debuglog.h"
#include "util-privs.h"
#include "flow-var.h"
#include "flow-bit.h"
#include "util-var-name.h"
#define DEFAULT_LOG_FILENAME "alert-debug.log"
@ -88,6 +91,80 @@ static void CreateTimeString (const struct timeval *ts, char *str, size_t size)
(uint32_t) ts->tv_usec);
}
/**
* \brief Function to log the FlowVars in to alert-debug.log
*
* \param aft Pointer to AltertDebugLog Thread
* \param p Pointer to the packet
*
*/
static void AlertDebugLogFlowVars(AlertDebugLogThread *aft, Packet *p)
{
GenericVar *gv = p->flow->flowvar;
uint16_t i;
while (gv != NULL) {
if (gv->type == DETECT_FLOWVAR || gv->type == DETECT_FLOWINT) {
FlowVar *fv = (FlowVar *) gv;
if (fv->datatype == FLOWVAR_TYPE_STR) {
fprintf(aft->file_ctx->fp, "FLOWVAR idx(%"PRIu32"): "
,fv->idx);
for (i = 0; i < fv->data.fv_str.value_len; i++) {
if (isprint(fv->data.fv_str.value[i]))
fprintf(aft->file_ctx->fp, "%c", fv->data.fv_str.value[i]);
else
fprintf(aft->file_ctx->fp, "\\%02X", fv->data.fv_str.value[i]);
}
} else if (fv->datatype == FLOWVAR_TYPE_INT) {
fprintf(aft->file_ctx->fp, "FLOWVAR idx(%"PRIu32"): "
" %" PRIu32 "\"", fv->idx, fv->data.fv_int.value);
}
}
gv = gv->next;
}
}
/**
* \brief Function to log the FlowBits in to alert-debug.log
*
* \param aft Pointer to AltertDebugLog Thread
* \param p Pointer to the packet
*
*/
static void AlertDebugLogFlowBits(AlertDebugLogThread *aft, Packet *p)
{
GenericVar *gv = p->flow->flowvar;
while (gv != NULL) {
if (gv->type == DETECT_FLOWBITS) {
FlowBit *fb = (FlowBit *) gv;
char *name = VariableIdxGetName(fb->idx, fb->type);
if (name != NULL) {
fprintf(aft->file_ctx->fp, "FLOWBIT: %s\n",name);
SCFree(name);
}
}
gv = gv->next;
}
}
/**
* \brief Function to log the PktVars in to alert-debug.log
*
* \param aft Pointer to AltertDebugLog Thread
* \param p Pointer to the packet
*
*/
static void AlertDebugLogPktVars(AlertDebugLogThread *aft, Packet *p)
{
PktVar *pv = p->pktvar;
while(pv != NULL) {
fprintf(aft->file_ctx->fp, "PKTVAR: %s\n", pv->name);
PrintRawDataFp(aft->file_ctx->fp, pv->value, pv->value_len);
pv = pv->next;
}
}
TmEcode AlertDebugLogIPv4(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq)
{
AlertDebugLogThread *aft = (AlertDebugLogThread *)data;
@ -136,26 +213,38 @@ TmEcode AlertDebugLogIPv4(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq
}
/* flow stuff */
fprintf(aft->file_ctx->fp, "FLOW: to_server: %s, to_client %s\n",
fprintf(aft->file_ctx->fp, "FLOW: to_server: %s, to_client: %s\n",
p->flowflags & FLOW_PKT_TOSERVER ? "TRUE" : "FALSE",
p->flowflags & FLOW_PKT_TOCLIENT ? "TRUE" : "FALSE");
PktVar *pv = PktVarGet(p,"http_host");
if (pv) {
fprintf(aft->file_ctx->fp, "PKTVAR: %s\n", pv->name);
PrintRawDataFp(aft->file_ctx->fp, pv->value, pv->value_len);
if (p->flow != NULL) {
SCMutexLock(&p->flow->m);
CreateTimeString(&p->flow->startts, timebuf, sizeof(timebuf));
fprintf(aft->file_ctx->fp, "FLOW Start TS: %s\n",timebuf);
fprintf(aft->file_ctx->fp, "FLOW PKTS TODST: %"PRIu32"\n",p->flow->todstpktcnt);
fprintf(aft->file_ctx->fp, "FLOW PKTS TOSRC: %"PRIu32"\n",p->flow->tosrcpktcnt);
fprintf(aft->file_ctx->fp, "FLOW Total Bytes: %"PRIu64"\n",p->flow->bytecnt);
fprintf(aft->file_ctx->fp, "FLOW IPONLY SET: TOSERVER: %s, TOCLIENT: %s\n",
p->flow->flags & FLOW_TOSERVER_IPONLY_SET ? "TRUE" : "FALSE",
p->flow->flags & FLOW_TOCLIENT_IPONLY_SET ? "TRUE" : "FALSE");
fprintf(aft->file_ctx->fp, "FLOW ACTION: DROP: %s, PASS %s\n",
p->flow->flags & FLOW_ACTION_DROP ? "TRUE" : "FALSE",
p->flow->flags & FLOW_ACTION_PASS ? "TRUE" : "FALSE");
fprintf(aft->file_ctx->fp, "FLOW NOINSPECTION: PACKET: %s, PAYLOAD: %s, APP_LAYER: %s\n",
p->flow->flags & FLOW_NOPACKET_INSPECTION ? "TRUE" : "FALSE",
p->flow->flags & FLOW_NOPAYLOAD_INSPECTION ? "TRUE" : "FALSE",
p->flow->alflags & FLOW_AL_NO_APPLAYER_INSPECTION ? "TRUE" : "FALSE");
fprintf(aft->file_ctx->fp, "FLOW APP_LAYER: DETECTED: %s, PROTO %"PRIu16"\n",
p->flow->alflags & FLOW_AL_PROTO_DETECT_DONE ? "TRUE" : "FALSE", p->flow->alproto);
AlertDebugLogFlowVars(aft, p);
AlertDebugLogFlowBits(aft, p);
SCMutexUnlock(&p->flow->m);
}
pv = PktVarGet(p,"http_ua");
if (pv) {
fprintf(aft->file_ctx->fp, "PKTVAR: %s\n", pv->name);
PrintRawDataFp(aft->file_ctx->fp, pv->value, pv->value_len);
}
AlertDebugLogPktVars(aft, p);
/* any stuff */
/* Sig details? */
/* pkt vars */
/* flowvars */
aft->file_ctx->alerts += p->alerts.cnt;
@ -193,6 +282,41 @@ TmEcode AlertDebugLogIPv6(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq
fprintf(aft->file_ctx->fp, "%s [**] [%" PRIu32 ":%" PRIu32 ":%" PRIu32 "] %s [**] [Classification: fixme] [Priority: %" PRIu32 "] {%" PRIu32 "} %s:%" PRIu32 " -> %s:%" PRIu32 "\n",
timebuf, pa->gid, pa->sid, pa->rev, pa->msg, pa->prio, IPV6_GET_L4PROTO(p), srcip, p->sp, dstip, p->dp);
}
fprintf(aft->file_ctx->fp, "FLOW: to_server: %s, to_client: %s\n",
p->flowflags & FLOW_PKT_TOSERVER ? "TRUE" : "FALSE",
p->flowflags & FLOW_PKT_TOCLIENT ? "TRUE" : "FALSE");
if (p->flow != NULL) {
SCMutexLock(&p->flow->m);
CreateTimeString(&p->flow->startts, timebuf, sizeof(timebuf));
fprintf(aft->file_ctx->fp, "FLOW Start TS: %s\n",timebuf);
fprintf(aft->file_ctx->fp, "FLOW PKTS TODST: %"PRIu32"\n",p->flow->todstpktcnt);
fprintf(aft->file_ctx->fp, "FLOW PKTS TOSRC: %"PRIu32"\n",p->flow->tosrcpktcnt);
fprintf(aft->file_ctx->fp, "FLOW Total Bytes: %"PRIu64"\n",p->flow->bytecnt);
fprintf(aft->file_ctx->fp, "FLOW IPONLY SET: TOSERVER: %s, TOCLIENT: %s\n",
p->flow->flags & FLOW_TOSERVER_IPONLY_SET ? "TRUE" : "FALSE",
p->flow->flags & FLOW_TOCLIENT_IPONLY_SET ? "TRUE" : "FALSE");
fprintf(aft->file_ctx->fp, "FLOW ACTION: DROP: %s, PASS %s\n",
p->flow->flags & FLOW_ACTION_DROP ? "TRUE" : "FALSE",
p->flow->flags & FLOW_ACTION_PASS ? "TRUE" : "FALSE");
fprintf(aft->file_ctx->fp, "FLOW NOINSPECTION: PACKET: %s, PAYLOAD: %s, APP_LAYER: %s\n",
p->flow->flags & FLOW_NOPACKET_INSPECTION ? "TRUE" : "FALSE",
p->flow->flags & FLOW_NOPAYLOAD_INSPECTION ? "TRUE" : "FALSE",
p->flow->alflags & FLOW_AL_NO_APPLAYER_INSPECTION ? "TRUE" : "FALSE");
fprintf(aft->file_ctx->fp, "FLOW APP_LAYER: DETECTED: %s, PROTO %"PRIu16"\n",
p->flow->alflags & FLOW_AL_PROTO_DETECT_DONE ? "TRUE" : "FALSE", p->flow->alproto);
AlertDebugLogFlowVars(aft, p);
AlertDebugLogFlowBits(aft, p);
SCMutexUnlock(&p->flow->m);
}
AlertDebugLogPktVars(aft, p);
fprintf(aft->file_ctx->fp, "PACKET LEN: %" PRIu32 "\n", p->pktlen);
fprintf(aft->file_ctx->fp, "PACKET:\n");
PrintRawDataFp(aft->file_ctx->fp, p->pkt, p->pktlen);
fflush(aft->file_ctx->fp);
SCMutexUnlock(&aft->file_ctx->fp_mutex);

3
src/app-layer.c
Unescape Escape View File

@ -156,6 +156,7 @@ int AppLayerHandleMsg(AlpProtoDetectThreadCtx *dp_ctx, StreamMsg *smsg)
FlowL7DataPtrInit(smsg->flow);
smsg->flow->alproto = alproto;
ssn->flags |= STREAMTCP_FLAG_APPPROTO_DETECTION_COMPLETED;
smsg->flow->alflags |= FLOW_AL_PROTO_DETECT_DONE;
r = AppLayerParse(smsg->flow, alproto, smsg->flow->alflags,
smsg->data.data, smsg->data.data_len);
@ -163,12 +164,14 @@ int AppLayerHandleMsg(AlpProtoDetectThreadCtx *dp_ctx, StreamMsg *smsg)
if (smsg->flags & STREAM_TOSERVER) {
if (smsg->data.data_len >= alp_proto_ctx.toserver.max_len) {
ssn->flags |= STREAMTCP_FLAG_APPPROTO_DETECTION_COMPLETED;
smsg->flow->alflags |= FLOW_AL_PROTO_DETECT_DONE;
SCLogDebug("ALPROTO_UNKNOWN flow %p", smsg->flow);
StreamTcpSetSessionNoReassemblyFlag(ssn, 0);
}
} else if (smsg->flags & STREAM_TOCLIENT) {
if (smsg->data.data_len >= alp_proto_ctx.toclient.max_len) {
ssn->flags |= STREAMTCP_FLAG_APPPROTO_DETECTION_COMPLETED;
smsg->flow->alflags |= FLOW_AL_PROTO_DETECT_DONE;
SCLogDebug("ALPROTO_UNKNOWN flow %p", smsg->flow);
StreamTcpSetSessionNoReassemblyFlag(ssn, 1);
}

4
src/detect-engine.c
Unescape Escape View File

@ -77,7 +77,7 @@ DetectEngineCtx *DetectEngineCtxInit(void) {
DetectPortSpHashInit(de_ctx);
DetectPortDpHashInit(de_ctx);
ThresholdHashInit(de_ctx);
VariableNameInitHash(de_ctx);
VariableNameInitHash();
de_ctx->mpm_pattern_id_store = MpmPatternIdTableInitHash();
if (de_ctx->mpm_pattern_id_store == NULL) {
@ -111,7 +111,7 @@ void DetectEngineCtxFree(DetectEngineCtx *de_ctx) {
ThresholdContextDestroy(de_ctx);
SigCleanSignatures(de_ctx);
VariableNameFreeHash(de_ctx);
VariableNameFreeHash();
if (de_ctx->sig_array)
SCFree(de_ctx->sig_array);

10
src/detect-flowbits.c
Unescape Escape View File

@ -227,7 +227,7 @@ int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, char *rawstr)
goto error;
if (fb_name != NULL) {
cd->idx = VariableNameGetIdx(de_ctx,fb_name,DETECT_FLOWBITS);
cd->idx = VariableNameGetIdx(fb_name,DETECT_FLOWBITS);
} else {
cd->idx = 0;
}
@ -578,7 +578,7 @@ static int FlowBitsTestSig04(void) {
s = de_ctx->sig_list = SigInit(de_ctx,"alert ip any any -> any any (msg:\"isset option\"; flowbits:isset,fbt; content:\"GET \"; sid:1;)");
idx = VariableNameGetIdx(de_ctx,"fbt",DETECT_FLOWBITS);
idx = VariableNameGetIdx("fbt",DETECT_FLOWBITS);
if (s == NULL || idx != 1) {
goto end;
@ -747,7 +747,7 @@ static int FlowBitsTestSig06(void) {
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
idx = VariableNameGetIdx(de_ctx,"myflow",DETECT_FLOWBITS);
idx = VariableNameGetIdx("myflow",DETECT_FLOWBITS);
gv = p.flow->flowvar;
@ -848,7 +848,7 @@ static int FlowBitsTestSig07(void) {
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
idx = VariableNameGetIdx(de_ctx,"myflow",DETECT_FLOWBITS);
idx = VariableNameGetIdx("myflow",DETECT_FLOWBITS);
gv = p.flow->flowvar;
@ -952,7 +952,7 @@ static int FlowBitsTestSig08(void) {
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
idx = VariableNameGetIdx(de_ctx,"myflow",DETECT_FLOWBITS);
idx = VariableNameGetIdx("myflow",DETECT_FLOWBITS);
gv = p.flow->flowvar;

17
src/detect-flowint.c
Unescape Escape View File

@ -115,8 +115,7 @@ int DetectFlowintMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
* return zero(not match).
*/
if (sfd->targettype == FLOWINT_TARGET_VAR) {
sfd->target.tvar.idx = VariableNameGetIdx(det_ctx->de_ctx,
sfd->target.tvar.name, DETECT_FLOWINT);
sfd->target.tvar.idx = VariableNameGetIdx(sfd->target.tvar.name, DETECT_FLOWINT);
fvt = FlowVarGet(p->flow, sfd->target.tvar.idx);
/* We don't have that variable initialized yet */
@ -324,7 +323,7 @@ DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx,
/* Set the name of the origin var to modify/compared with the target */
sfd->name = SCStrdup(varname);
if (de_ctx != NULL)
sfd->idx = VariableNameGetIdx(de_ctx, varname, DETECT_FLOWINT);
sfd->idx = VariableNameGetIdx(varname, DETECT_FLOWINT);
sfd->target.value =(uint32_t) value_long;
sfd->modifier = modifier;
@ -1406,8 +1405,8 @@ int DetectFlowintTestPacket01Real()
/* Get the idx of the vars we are going to track */
uint16_t idx1, idx2;
idx1 = VariableNameGetIdx(det_ctx->de_ctx, "myvar", DETECT_FLOWINT);
idx2 = VariableNameGetIdx(det_ctx->de_ctx, "cntpackets", DETECT_FLOWINT);
idx1 = VariableNameGetIdx("myvar", DETECT_FLOWINT);
idx2 = VariableNameGetIdx("cntpackets", DETECT_FLOWINT);
int i;
@ -1743,8 +1742,8 @@ int DetectFlowintTestPacket02Real()
/* Get the idx of the vars we are going to track */
uint16_t idx1, idx2;
idx1 = VariableNameGetIdx(det_ctx->de_ctx, "myvar", DETECT_FLOWINT);
idx2 = VariableNameGetIdx(det_ctx->de_ctx, "cntpackets", DETECT_FLOWINT);
idx1 = VariableNameGetIdx("myvar", DETECT_FLOWINT);
idx2 = VariableNameGetIdx("cntpackets", DETECT_FLOWINT);
int i;
@ -2076,8 +2075,8 @@ int DetectFlowintTestPacket03Real()
/* Get the idx of the vars we are going to track */
uint16_t idx1, idx2;
idx1 = VariableNameGetIdx(det_ctx->de_ctx, "myvar", DETECT_FLOWINT);
idx2 = VariableNameGetIdx(det_ctx->de_ctx, "cntpackets", DETECT_FLOWINT);
idx1 = VariableNameGetIdx("myvar", DETECT_FLOWINT);
idx2 = VariableNameGetIdx("cntpackets", DETECT_FLOWINT);
int i;

2
src/detect-flowvar.c
Unescape Escape View File

@ -219,7 +219,7 @@ static int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, char *raws
}
cd->name = SCStrdup(varname);
cd->idx = VariableNameGetIdx(de_ctx,varname,DETECT_FLOWVAR);
cd->idx = VariableNameGetIdx(varname,DETECT_FLOWVAR);
memcpy(cd->content, str, len);
cd->content_len = len;
cd->flags = 0;

4
src/detect-pcre.c
Unescape Escape View File

@ -777,9 +777,9 @@ DetectPcreData *DetectPcreParseCapture(char *regexstr, DetectEngineCtx *de_ctx,
}
if (capture_str_ptr != NULL) {
if (pd->flags & DETECT_PCRE_CAPTURE_PKT)
pd->capidx = VariableNameGetIdx(de_ctx,(char *)capture_str_ptr,DETECT_PKTVAR);
pd->capidx = VariableNameGetIdx((char *)capture_str_ptr,DETECT_PKTVAR);
else if (pd->flags & DETECT_PCRE_CAPTURE_FLOW)
pd->capidx = VariableNameGetIdx(de_ctx,(char *)capture_str_ptr,DETECT_FLOWVAR);
pd->capidx = VariableNameGetIdx((char *)capture_str_ptr,DETECT_FLOWVAR);
}
}
//printf("DetectPcreParseCapture: pd->capname %s\n", pd->capname ? pd->capname : "NULL");

1
src/detect.c
Unescape Escape View File

@ -3200,6 +3200,7 @@ void SigTableRegisterTests(void) {
#ifdef UNITTESTS
#include "flow-util.h"
#include "stream-tcp-reassemble.h"
#include "util-var-name.h"
static const char *dummy_conf_string =
"%YAML 1.1\n"

3
src/detect.h
Unescape Escape View File

@ -439,9 +439,6 @@ typedef struct DetectEngineCtx_ {
HashListTable *sport_hash_table;
HashListTable *dport_hash_table;
HashListTable *variable_names;
uint16_t variable_names_idx;
/* memory counters */
uint32_t mpm_memory_size;

89
src/util-var-name.c
Unescape Escape View File

@ -27,6 +27,10 @@
#include "detect.h"
#include "util-hashlist.h"
HashListTable *variable_names;
HashListTable *variable_idxs;
uint16_t variable_names_idx;
/** \brief Name2idx mapping structure for flowbits, flowvars and pktvars. */
typedef struct VariableName_ {
char *name;
@ -60,6 +64,27 @@ static char VariableNameCompare(void *buf1, uint16_t len1, void *buf2, uint16_t
return 0;
}
static uint32_t VariableIdxHash(HashListTable *ht, void *buf, uint16_t buflen)
{
VariableName *fn = (VariableName *)buf;
uint32_t hash = fn->idx + fn->type;
return hash;
}
static char VariableIdxCompare(void *buf1, uint16_t len1, void *buf2, uint16_t len2)
{
VariableName *fn1 = (VariableName *)buf1;
VariableName *fn2 = (VariableName *)buf2;
if (fn1->type != fn2->type)
return 0;
if (fn1->idx == fn2->idx)
return 1;
return 0;
}
static void VariableNameFree(void *data) {
VariableName *fn = (VariableName *)data;
@ -79,26 +104,33 @@ static void VariableNameFree(void *data) {
* \retval -1 in case of error
* \retval 0 in case of success
*/
int VariableNameInitHash(DetectEngineCtx *de_ctx) {
de_ctx->variable_names = HashListTableInit(4096, VariableNameHash, VariableNameCompare, VariableNameFree);
if (de_ctx->variable_names == NULL)
int VariableNameInitHash() {
variable_names = HashListTableInit(4096, VariableNameHash, VariableNameCompare, VariableNameFree);
if (variable_names == NULL)
return -1;
variable_idxs = HashListTableInit(4096, VariableIdxHash, VariableIdxCompare, NULL);
if (variable_idxs == NULL)
return -1;
variable_names_idx = 0;
return 0;
}
void VariableNameFreeHash(DetectEngineCtx *de_ctx) {
HashListTableFree(de_ctx->variable_names);
void VariableNameFreeHash() {
if (variable_names != NULL) {
HashListTableFree(variable_names);
HashListTableFree(variable_idxs);
}
}
/** \brief Get a name idx for a name. If the name is already used reuse the idx.
* \param de_ctx Ptr to the detection engine ctx.
* \param name nul terminated string with the name
* \param type variable type (DETECT_FLOWBITS, DETECT_PKTVAR, etc)
* \retval 0 in case of error
* \retval _ the idx.
*/
uint16_t VariableNameGetIdx(DetectEngineCtx *de_ctx, char *name, uint8_t type) {
uint16_t VariableNameGetIdx(char *name, uint8_t type) {
uint16_t idx = 0;
VariableName *fn = SCMalloc(sizeof(VariableName));
@ -112,12 +144,13 @@ uint16_t VariableNameGetIdx(DetectEngineCtx *de_ctx, char *name, uint8_t type) {
if (fn->name == NULL)
goto error;
VariableName *lookup_fn = (VariableName *)HashListTableLookup(de_ctx->variable_names, (void *)fn, 0);
VariableName *lookup_fn = (VariableName *)HashListTableLookup(variable_names, (void *)fn, 0);
if (lookup_fn == NULL) {
de_ctx->variable_names_idx++;
variable_names_idx++;
idx = fn->idx = de_ctx->variable_names_idx;
HashListTableAdd(de_ctx->variable_names, (void *)fn, 0);
idx = fn->idx = variable_names_idx;
HashListTableAdd(variable_names, (void *)fn, 0);
HashListTableAdd(variable_idxs, (void *)fn, 0);
} else {
idx = lookup_fn->idx;
VariableNameFree(fn);
@ -129,3 +162,37 @@ error:
return 0;
}
/** \brief Get a name from the idx.
* \param idx index of the variable whose name is to be fetched
* \param type variable type (DETECT_FLOWBITS, DETECT_PKTVAR, etc)
* \retval NULL in case of error
* \retval name of the variable if successful.
*/
char *VariableIdxGetName(uint16_t idx, uint8_t type)
{
VariableName *fn = SCMalloc(sizeof(VariableName));
if (fn == NULL)
goto error;
char *name = NULL;
memset(fn, 0, sizeof(VariableName));
fn->type = type;
fn->idx = idx;
VariableName *lookup_fn = (VariableName *)HashListTableLookup(variable_idxs, (void *)fn, 0);
if (lookup_fn != NULL) {
name = SCStrdup(lookup_fn->name);
if (name == NULL)
goto error;
VariableNameFree(fn);
} else {
goto error;
}
return name;
error:
VariableNameFree(fn);
return NULL;
}

7
src/util-var-name.h
Unescape Escape View File

@ -24,10 +24,11 @@
#ifndef __UTIL_VAR_NAME_H__
#define __UTIL_VAR_NAME_H__
int VariableNameInitHash(DetectEngineCtx *de_ctx);
void VariableNameFreeHash(DetectEngineCtx *de_ctx);
int VariableNameInitHash();
void VariableNameFreeHash();
uint16_t VariableNameGetIdx(DetectEngineCtx *, char *, uint8_t);
uint16_t VariableNameGetIdx(char *, uint8_t);
char * VariableIdxGetName(uint16_t , uint8_t);
#endif

Write Preview
Loading…
Cancel
Save