diff --git a/src/alert-debuglog.c b/src/alert-debuglog.c index 4e243ef9bc..bd31517ecd 100644 --- a/src/alert-debuglog.c +++ b/src/alert-debuglog.c @@ -46,6 +46,9 @@ #include "output.h" #include "alert-debuglog.h" #include "util-privs.h" +#include "flow-var.h" +#include "flow-bit.h" +#include "util-var-name.h" #define DEFAULT_LOG_FILENAME "alert-debug.log" @@ -88,6 +91,80 @@ static void CreateTimeString (const struct timeval *ts, char *str, size_t size) (uint32_t) ts->tv_usec); } +/** + * \brief Function to log the FlowVars in to alert-debug.log + * + * \param aft Pointer to AltertDebugLog Thread + * \param p Pointer to the packet + * + */ +static void AlertDebugLogFlowVars(AlertDebugLogThread *aft, Packet *p) +{ + GenericVar *gv = p->flow->flowvar; + uint16_t i; + while (gv != NULL) { + if (gv->type == DETECT_FLOWVAR || gv->type == DETECT_FLOWINT) { + FlowVar *fv = (FlowVar *) gv; + + if (fv->datatype == FLOWVAR_TYPE_STR) { + fprintf(aft->file_ctx->fp, "FLOWVAR idx(%"PRIu32"): " + ,fv->idx); + for (i = 0; i < fv->data.fv_str.value_len; i++) { + if (isprint(fv->data.fv_str.value[i])) + fprintf(aft->file_ctx->fp, "%c", fv->data.fv_str.value[i]); + else + fprintf(aft->file_ctx->fp, "\\%02X", fv->data.fv_str.value[i]); + } + } else if (fv->datatype == FLOWVAR_TYPE_INT) { + fprintf(aft->file_ctx->fp, "FLOWVAR idx(%"PRIu32"): " + " %" PRIu32 "\"", fv->idx, fv->data.fv_int.value); + } + } + gv = gv->next; + } +} + +/** + * \brief Function to log the FlowBits in to alert-debug.log + * + * \param aft Pointer to AltertDebugLog Thread + * \param p Pointer to the packet + * + */ +static void AlertDebugLogFlowBits(AlertDebugLogThread *aft, Packet *p) +{ + GenericVar *gv = p->flow->flowvar; + while (gv != NULL) { + if (gv->type == DETECT_FLOWBITS) { + FlowBit *fb = (FlowBit *) gv; + char *name = VariableIdxGetName(fb->idx, fb->type); + if (name != NULL) { + fprintf(aft->file_ctx->fp, "FLOWBIT: %s\n",name); + SCFree(name); + } + } + gv = gv->next; + } +} + +/** + * \brief Function to log the PktVars in to alert-debug.log + * + * \param aft Pointer to AltertDebugLog Thread + * \param p Pointer to the packet + * + */ +static void AlertDebugLogPktVars(AlertDebugLogThread *aft, Packet *p) +{ + PktVar *pv = p->pktvar; + + while(pv != NULL) { + fprintf(aft->file_ctx->fp, "PKTVAR: %s\n", pv->name); + PrintRawDataFp(aft->file_ctx->fp, pv->value, pv->value_len); + pv = pv->next; + } +} + TmEcode AlertDebugLogIPv4(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq) { AlertDebugLogThread *aft = (AlertDebugLogThread *)data; @@ -136,26 +213,38 @@ TmEcode AlertDebugLogIPv4(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq } /* flow stuff */ - fprintf(aft->file_ctx->fp, "FLOW: to_server: %s, to_client %s\n", + fprintf(aft->file_ctx->fp, "FLOW: to_server: %s, to_client: %s\n", p->flowflags & FLOW_PKT_TOSERVER ? "TRUE" : "FALSE", p->flowflags & FLOW_PKT_TOCLIENT ? "TRUE" : "FALSE"); - PktVar *pv = PktVarGet(p,"http_host"); - if (pv) { - fprintf(aft->file_ctx->fp, "PKTVAR: %s\n", pv->name); - PrintRawDataFp(aft->file_ctx->fp, pv->value, pv->value_len); + if (p->flow != NULL) { + SCMutexLock(&p->flow->m); + CreateTimeString(&p->flow->startts, timebuf, sizeof(timebuf)); + fprintf(aft->file_ctx->fp, "FLOW Start TS: %s\n",timebuf); + fprintf(aft->file_ctx->fp, "FLOW PKTS TODST: %"PRIu32"\n",p->flow->todstpktcnt); + fprintf(aft->file_ctx->fp, "FLOW PKTS TOSRC: %"PRIu32"\n",p->flow->tosrcpktcnt); + fprintf(aft->file_ctx->fp, "FLOW Total Bytes: %"PRIu64"\n",p->flow->bytecnt); + fprintf(aft->file_ctx->fp, "FLOW IPONLY SET: TOSERVER: %s, TOCLIENT: %s\n", + p->flow->flags & FLOW_TOSERVER_IPONLY_SET ? "TRUE" : "FALSE", + p->flow->flags & FLOW_TOCLIENT_IPONLY_SET ? "TRUE" : "FALSE"); + fprintf(aft->file_ctx->fp, "FLOW ACTION: DROP: %s, PASS %s\n", + p->flow->flags & FLOW_ACTION_DROP ? "TRUE" : "FALSE", + p->flow->flags & FLOW_ACTION_PASS ? "TRUE" : "FALSE"); + fprintf(aft->file_ctx->fp, "FLOW NOINSPECTION: PACKET: %s, PAYLOAD: %s, APP_LAYER: %s\n", + p->flow->flags & FLOW_NOPACKET_INSPECTION ? "TRUE" : "FALSE", + p->flow->flags & FLOW_NOPAYLOAD_INSPECTION ? "TRUE" : "FALSE", + p->flow->alflags & FLOW_AL_NO_APPLAYER_INSPECTION ? "TRUE" : "FALSE"); + fprintf(aft->file_ctx->fp, "FLOW APP_LAYER: DETECTED: %s, PROTO %"PRIu16"\n", + p->flow->alflags & FLOW_AL_PROTO_DETECT_DONE ? "TRUE" : "FALSE", p->flow->alproto); + AlertDebugLogFlowVars(aft, p); + AlertDebugLogFlowBits(aft, p); + SCMutexUnlock(&p->flow->m); } - pv = PktVarGet(p,"http_ua"); - if (pv) { - fprintf(aft->file_ctx->fp, "PKTVAR: %s\n", pv->name); - PrintRawDataFp(aft->file_ctx->fp, pv->value, pv->value_len); - } + AlertDebugLogPktVars(aft, p); /* any stuff */ /* Sig details? */ -/* pkt vars */ -/* flowvars */ aft->file_ctx->alerts += p->alerts.cnt; @@ -193,6 +282,41 @@ TmEcode AlertDebugLogIPv6(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq fprintf(aft->file_ctx->fp, "%s [**] [%" PRIu32 ":%" PRIu32 ":%" PRIu32 "] %s [**] [Classification: fixme] [Priority: %" PRIu32 "] {%" PRIu32 "} %s:%" PRIu32 " -> %s:%" PRIu32 "\n", timebuf, pa->gid, pa->sid, pa->rev, pa->msg, pa->prio, IPV6_GET_L4PROTO(p), srcip, p->sp, dstip, p->dp); } + + fprintf(aft->file_ctx->fp, "FLOW: to_server: %s, to_client: %s\n", + p->flowflags & FLOW_PKT_TOSERVER ? "TRUE" : "FALSE", + p->flowflags & FLOW_PKT_TOCLIENT ? "TRUE" : "FALSE"); + + if (p->flow != NULL) { + SCMutexLock(&p->flow->m); + CreateTimeString(&p->flow->startts, timebuf, sizeof(timebuf)); + fprintf(aft->file_ctx->fp, "FLOW Start TS: %s\n",timebuf); + fprintf(aft->file_ctx->fp, "FLOW PKTS TODST: %"PRIu32"\n",p->flow->todstpktcnt); + fprintf(aft->file_ctx->fp, "FLOW PKTS TOSRC: %"PRIu32"\n",p->flow->tosrcpktcnt); + fprintf(aft->file_ctx->fp, "FLOW Total Bytes: %"PRIu64"\n",p->flow->bytecnt); + fprintf(aft->file_ctx->fp, "FLOW IPONLY SET: TOSERVER: %s, TOCLIENT: %s\n", + p->flow->flags & FLOW_TOSERVER_IPONLY_SET ? "TRUE" : "FALSE", + p->flow->flags & FLOW_TOCLIENT_IPONLY_SET ? "TRUE" : "FALSE"); + fprintf(aft->file_ctx->fp, "FLOW ACTION: DROP: %s, PASS %s\n", + p->flow->flags & FLOW_ACTION_DROP ? "TRUE" : "FALSE", + p->flow->flags & FLOW_ACTION_PASS ? "TRUE" : "FALSE"); + fprintf(aft->file_ctx->fp, "FLOW NOINSPECTION: PACKET: %s, PAYLOAD: %s, APP_LAYER: %s\n", + p->flow->flags & FLOW_NOPACKET_INSPECTION ? "TRUE" : "FALSE", + p->flow->flags & FLOW_NOPAYLOAD_INSPECTION ? "TRUE" : "FALSE", + p->flow->alflags & FLOW_AL_NO_APPLAYER_INSPECTION ? "TRUE" : "FALSE"); + fprintf(aft->file_ctx->fp, "FLOW APP_LAYER: DETECTED: %s, PROTO %"PRIu16"\n", + p->flow->alflags & FLOW_AL_PROTO_DETECT_DONE ? "TRUE" : "FALSE", p->flow->alproto); + AlertDebugLogFlowVars(aft, p); + AlertDebugLogFlowBits(aft, p); + SCMutexUnlock(&p->flow->m); + } + + AlertDebugLogPktVars(aft, p); + + fprintf(aft->file_ctx->fp, "PACKET LEN: %" PRIu32 "\n", p->pktlen); + fprintf(aft->file_ctx->fp, "PACKET:\n"); + PrintRawDataFp(aft->file_ctx->fp, p->pkt, p->pktlen); + fflush(aft->file_ctx->fp); SCMutexUnlock(&aft->file_ctx->fp_mutex); diff --git a/src/app-layer.c b/src/app-layer.c index 3bf27f13e0..b9c34a8f37 100644 --- a/src/app-layer.c +++ b/src/app-layer.c @@ -156,6 +156,7 @@ int AppLayerHandleMsg(AlpProtoDetectThreadCtx *dp_ctx, StreamMsg *smsg) FlowL7DataPtrInit(smsg->flow); smsg->flow->alproto = alproto; ssn->flags |= STREAMTCP_FLAG_APPPROTO_DETECTION_COMPLETED; + smsg->flow->alflags |= FLOW_AL_PROTO_DETECT_DONE; r = AppLayerParse(smsg->flow, alproto, smsg->flow->alflags, smsg->data.data, smsg->data.data_len); @@ -163,12 +164,14 @@ int AppLayerHandleMsg(AlpProtoDetectThreadCtx *dp_ctx, StreamMsg *smsg) if (smsg->flags & STREAM_TOSERVER) { if (smsg->data.data_len >= alp_proto_ctx.toserver.max_len) { ssn->flags |= STREAMTCP_FLAG_APPPROTO_DETECTION_COMPLETED; + smsg->flow->alflags |= FLOW_AL_PROTO_DETECT_DONE; SCLogDebug("ALPROTO_UNKNOWN flow %p", smsg->flow); StreamTcpSetSessionNoReassemblyFlag(ssn, 0); } } else if (smsg->flags & STREAM_TOCLIENT) { if (smsg->data.data_len >= alp_proto_ctx.toclient.max_len) { ssn->flags |= STREAMTCP_FLAG_APPPROTO_DETECTION_COMPLETED; + smsg->flow->alflags |= FLOW_AL_PROTO_DETECT_DONE; SCLogDebug("ALPROTO_UNKNOWN flow %p", smsg->flow); StreamTcpSetSessionNoReassemblyFlag(ssn, 1); } diff --git a/src/detect-engine.c b/src/detect-engine.c index e6a7408434..893568385b 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -77,7 +77,7 @@ DetectEngineCtx *DetectEngineCtxInit(void) { DetectPortSpHashInit(de_ctx); DetectPortDpHashInit(de_ctx); ThresholdHashInit(de_ctx); - VariableNameInitHash(de_ctx); + VariableNameInitHash(); de_ctx->mpm_pattern_id_store = MpmPatternIdTableInitHash(); if (de_ctx->mpm_pattern_id_store == NULL) { @@ -111,7 +111,7 @@ void DetectEngineCtxFree(DetectEngineCtx *de_ctx) { ThresholdContextDestroy(de_ctx); SigCleanSignatures(de_ctx); - VariableNameFreeHash(de_ctx); + VariableNameFreeHash(); if (de_ctx->sig_array) SCFree(de_ctx->sig_array); diff --git a/src/detect-flowbits.c b/src/detect-flowbits.c index 258cee6bda..81d89aa3cf 100644 --- a/src/detect-flowbits.c +++ b/src/detect-flowbits.c @@ -227,7 +227,7 @@ int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, char *rawstr) goto error; if (fb_name != NULL) { - cd->idx = VariableNameGetIdx(de_ctx,fb_name,DETECT_FLOWBITS); + cd->idx = VariableNameGetIdx(fb_name,DETECT_FLOWBITS); } else { cd->idx = 0; } @@ -578,7 +578,7 @@ static int FlowBitsTestSig04(void) { s = de_ctx->sig_list = SigInit(de_ctx,"alert ip any any -> any any (msg:\"isset option\"; flowbits:isset,fbt; content:\"GET \"; sid:1;)"); - idx = VariableNameGetIdx(de_ctx,"fbt",DETECT_FLOWBITS); + idx = VariableNameGetIdx("fbt",DETECT_FLOWBITS); if (s == NULL || idx != 1) { goto end; @@ -747,7 +747,7 @@ static int FlowBitsTestSig06(void) { SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); - idx = VariableNameGetIdx(de_ctx,"myflow",DETECT_FLOWBITS); + idx = VariableNameGetIdx("myflow",DETECT_FLOWBITS); gv = p.flow->flowvar; @@ -848,7 +848,7 @@ static int FlowBitsTestSig07(void) { SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); - idx = VariableNameGetIdx(de_ctx,"myflow",DETECT_FLOWBITS); + idx = VariableNameGetIdx("myflow",DETECT_FLOWBITS); gv = p.flow->flowvar; @@ -952,7 +952,7 @@ static int FlowBitsTestSig08(void) { SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); - idx = VariableNameGetIdx(de_ctx,"myflow",DETECT_FLOWBITS); + idx = VariableNameGetIdx("myflow",DETECT_FLOWBITS); gv = p.flow->flowvar; diff --git a/src/detect-flowint.c b/src/detect-flowint.c index 51fb7412a1..e77b3e8410 100644 --- a/src/detect-flowint.c +++ b/src/detect-flowint.c @@ -115,8 +115,7 @@ int DetectFlowintMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, * return zero(not match). */ if (sfd->targettype == FLOWINT_TARGET_VAR) { - sfd->target.tvar.idx = VariableNameGetIdx(det_ctx->de_ctx, - sfd->target.tvar.name, DETECT_FLOWINT); + sfd->target.tvar.idx = VariableNameGetIdx(sfd->target.tvar.name, DETECT_FLOWINT); fvt = FlowVarGet(p->flow, sfd->target.tvar.idx); /* We don't have that variable initialized yet */ @@ -324,7 +323,7 @@ DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx, /* Set the name of the origin var to modify/compared with the target */ sfd->name = SCStrdup(varname); if (de_ctx != NULL) - sfd->idx = VariableNameGetIdx(de_ctx, varname, DETECT_FLOWINT); + sfd->idx = VariableNameGetIdx(varname, DETECT_FLOWINT); sfd->target.value =(uint32_t) value_long; sfd->modifier = modifier; @@ -1406,8 +1405,8 @@ int DetectFlowintTestPacket01Real() /* Get the idx of the vars we are going to track */ uint16_t idx1, idx2; - idx1 = VariableNameGetIdx(det_ctx->de_ctx, "myvar", DETECT_FLOWINT); - idx2 = VariableNameGetIdx(det_ctx->de_ctx, "cntpackets", DETECT_FLOWINT); + idx1 = VariableNameGetIdx("myvar", DETECT_FLOWINT); + idx2 = VariableNameGetIdx("cntpackets", DETECT_FLOWINT); int i; @@ -1743,8 +1742,8 @@ int DetectFlowintTestPacket02Real() /* Get the idx of the vars we are going to track */ uint16_t idx1, idx2; - idx1 = VariableNameGetIdx(det_ctx->de_ctx, "myvar", DETECT_FLOWINT); - idx2 = VariableNameGetIdx(det_ctx->de_ctx, "cntpackets", DETECT_FLOWINT); + idx1 = VariableNameGetIdx("myvar", DETECT_FLOWINT); + idx2 = VariableNameGetIdx("cntpackets", DETECT_FLOWINT); int i; @@ -2076,8 +2075,8 @@ int DetectFlowintTestPacket03Real() /* Get the idx of the vars we are going to track */ uint16_t idx1, idx2; - idx1 = VariableNameGetIdx(det_ctx->de_ctx, "myvar", DETECT_FLOWINT); - idx2 = VariableNameGetIdx(det_ctx->de_ctx, "cntpackets", DETECT_FLOWINT); + idx1 = VariableNameGetIdx("myvar", DETECT_FLOWINT); + idx2 = VariableNameGetIdx("cntpackets", DETECT_FLOWINT); int i; diff --git a/src/detect-flowvar.c b/src/detect-flowvar.c index cc6117e72c..5fe5aa6165 100644 --- a/src/detect-flowvar.c +++ b/src/detect-flowvar.c @@ -219,7 +219,7 @@ static int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, char *raws } cd->name = SCStrdup(varname); - cd->idx = VariableNameGetIdx(de_ctx,varname,DETECT_FLOWVAR); + cd->idx = VariableNameGetIdx(varname,DETECT_FLOWVAR); memcpy(cd->content, str, len); cd->content_len = len; cd->flags = 0; diff --git a/src/detect-pcre.c b/src/detect-pcre.c index a7863ee8aa..d53fe224b0 100644 --- a/src/detect-pcre.c +++ b/src/detect-pcre.c @@ -777,9 +777,9 @@ DetectPcreData *DetectPcreParseCapture(char *regexstr, DetectEngineCtx *de_ctx, } if (capture_str_ptr != NULL) { if (pd->flags & DETECT_PCRE_CAPTURE_PKT) - pd->capidx = VariableNameGetIdx(de_ctx,(char *)capture_str_ptr,DETECT_PKTVAR); + pd->capidx = VariableNameGetIdx((char *)capture_str_ptr,DETECT_PKTVAR); else if (pd->flags & DETECT_PCRE_CAPTURE_FLOW) - pd->capidx = VariableNameGetIdx(de_ctx,(char *)capture_str_ptr,DETECT_FLOWVAR); + pd->capidx = VariableNameGetIdx((char *)capture_str_ptr,DETECT_FLOWVAR); } } //printf("DetectPcreParseCapture: pd->capname %s\n", pd->capname ? pd->capname : "NULL"); diff --git a/src/detect.c b/src/detect.c index 28c042772d..21cb9ac658 100644 --- a/src/detect.c +++ b/src/detect.c @@ -3200,6 +3200,7 @@ void SigTableRegisterTests(void) { #ifdef UNITTESTS #include "flow-util.h" #include "stream-tcp-reassemble.h" +#include "util-var-name.h" static const char *dummy_conf_string = "%YAML 1.1\n" diff --git a/src/detect.h b/src/detect.h index cbcfd623b5..12e4382efb 100644 --- a/src/detect.h +++ b/src/detect.h @@ -439,9 +439,6 @@ typedef struct DetectEngineCtx_ { HashListTable *sport_hash_table; HashListTable *dport_hash_table; - HashListTable *variable_names; - uint16_t variable_names_idx; - /* memory counters */ uint32_t mpm_memory_size; diff --git a/src/util-var-name.c b/src/util-var-name.c index e9a0b9111d..f42675dd36 100644 --- a/src/util-var-name.c +++ b/src/util-var-name.c @@ -27,6 +27,10 @@ #include "detect.h" #include "util-hashlist.h" +HashListTable *variable_names; +HashListTable *variable_idxs; +uint16_t variable_names_idx; + /** \brief Name2idx mapping structure for flowbits, flowvars and pktvars. */ typedef struct VariableName_ { char *name; @@ -60,6 +64,27 @@ static char VariableNameCompare(void *buf1, uint16_t len1, void *buf2, uint16_t return 0; } +static uint32_t VariableIdxHash(HashListTable *ht, void *buf, uint16_t buflen) +{ + VariableName *fn = (VariableName *)buf; + uint32_t hash = fn->idx + fn->type; + return hash; +} + +static char VariableIdxCompare(void *buf1, uint16_t len1, void *buf2, uint16_t len2) +{ + VariableName *fn1 = (VariableName *)buf1; + VariableName *fn2 = (VariableName *)buf2; + + if (fn1->type != fn2->type) + return 0; + + if (fn1->idx == fn2->idx) + return 1; + + return 0; +} + static void VariableNameFree(void *data) { VariableName *fn = (VariableName *)data; @@ -79,26 +104,33 @@ static void VariableNameFree(void *data) { * \retval -1 in case of error * \retval 0 in case of success */ -int VariableNameInitHash(DetectEngineCtx *de_ctx) { - de_ctx->variable_names = HashListTableInit(4096, VariableNameHash, VariableNameCompare, VariableNameFree); - if (de_ctx->variable_names == NULL) +int VariableNameInitHash() { + variable_names = HashListTableInit(4096, VariableNameHash, VariableNameCompare, VariableNameFree); + if (variable_names == NULL) return -1; + variable_idxs = HashListTableInit(4096, VariableIdxHash, VariableIdxCompare, NULL); + if (variable_idxs == NULL) + return -1; + + variable_names_idx = 0; return 0; } -void VariableNameFreeHash(DetectEngineCtx *de_ctx) { - HashListTableFree(de_ctx->variable_names); +void VariableNameFreeHash() { + if (variable_names != NULL) { + HashListTableFree(variable_names); + HashListTableFree(variable_idxs); + } } /** \brief Get a name idx for a name. If the name is already used reuse the idx. - * \param de_ctx Ptr to the detection engine ctx. * \param name nul terminated string with the name * \param type variable type (DETECT_FLOWBITS, DETECT_PKTVAR, etc) * \retval 0 in case of error * \retval _ the idx. */ -uint16_t VariableNameGetIdx(DetectEngineCtx *de_ctx, char *name, uint8_t type) { +uint16_t VariableNameGetIdx(char *name, uint8_t type) { uint16_t idx = 0; VariableName *fn = SCMalloc(sizeof(VariableName)); @@ -112,12 +144,13 @@ uint16_t VariableNameGetIdx(DetectEngineCtx *de_ctx, char *name, uint8_t type) { if (fn->name == NULL) goto error; - VariableName *lookup_fn = (VariableName *)HashListTableLookup(de_ctx->variable_names, (void *)fn, 0); + VariableName *lookup_fn = (VariableName *)HashListTableLookup(variable_names, (void *)fn, 0); if (lookup_fn == NULL) { - de_ctx->variable_names_idx++; + variable_names_idx++; - idx = fn->idx = de_ctx->variable_names_idx; - HashListTableAdd(de_ctx->variable_names, (void *)fn, 0); + idx = fn->idx = variable_names_idx; + HashListTableAdd(variable_names, (void *)fn, 0); + HashListTableAdd(variable_idxs, (void *)fn, 0); } else { idx = lookup_fn->idx; VariableNameFree(fn); @@ -129,3 +162,37 @@ error: return 0; } +/** \brief Get a name from the idx. + * \param idx index of the variable whose name is to be fetched + * \param type variable type (DETECT_FLOWBITS, DETECT_PKTVAR, etc) + * \retval NULL in case of error + * \retval name of the variable if successful. + */ +char *VariableIdxGetName(uint16_t idx, uint8_t type) +{ + VariableName *fn = SCMalloc(sizeof(VariableName)); + if (fn == NULL) + goto error; + + char *name = NULL; + memset(fn, 0, sizeof(VariableName)); + + fn->type = type; + fn->idx = idx; + + VariableName *lookup_fn = (VariableName *)HashListTableLookup(variable_idxs, (void *)fn, 0); + if (lookup_fn != NULL) { + name = SCStrdup(lookup_fn->name); + if (name == NULL) + goto error; + + VariableNameFree(fn); + } else { + goto error; + } + + return name; +error: + VariableNameFree(fn); + return NULL; +} \ No newline at end of file diff --git a/src/util-var-name.h b/src/util-var-name.h index f84348e7c2..62b8984e7d 100644 --- a/src/util-var-name.h +++ b/src/util-var-name.h @@ -24,10 +24,11 @@ #ifndef __UTIL_VAR_NAME_H__ #define __UTIL_VAR_NAME_H__ -int VariableNameInitHash(DetectEngineCtx *de_ctx); -void VariableNameFreeHash(DetectEngineCtx *de_ctx); +int VariableNameInitHash(); +void VariableNameFreeHash(); -uint16_t VariableNameGetIdx(DetectEngineCtx *, char *, uint8_t); +uint16_t VariableNameGetIdx(char *, uint8_t); +char * VariableIdxGetName(uint16_t , uint8_t); #endif