aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix reputation parser so that it accepts ipv6 addresses in configuration file.

Browse Source
pull/1454/head
Tom DeCanio 11 years ago committed by Victor Julien
parent 11d6770ae4
commit 97a2d1ac26
1 changed files with 48 additions and 21 deletions
Show Stats Download Patch File Download Diff File

69
src/reputation.c
Unescape Escape View File

@ -267,7 +267,7 @@ static int SRepCatSplitLine(char *line, uint8_t *cat, char *shortname, size_t sh
* \retval 1 header * \retval 1 header
* \retval -1 boo * \retval -1 boo
*/ */
static int SRepSplitLine(SRepCIDRTree *cidr_ctx, char *line, uint32_t *ip, uint8_t *cat, uint8_t *value) static int SRepSplitLine(SRepCIDRTree *cidr_ctx, char *line, Address *ip, uint8_t *cat, uint8_t *value)
{ {
size_t line_len = strlen(line); size_t line_len = strlen(line);
char *ptrs[3] = {NULL,NULL,NULL}; char *ptrs[3] = {NULL,NULL,NULL};
@ -319,12 +319,14 @@ static int SRepSplitLine(SRepCIDRTree *cidr_ctx, char *line, uint32_t *ip, uint8
SRepCIDRAddNetblock(cidr_ctx, ptrs[0], c, v); SRepCIDRAddNetblock(cidr_ctx, ptrs[0], c, v);
return 1; return 1;
} else { } else {
uint32_t addr; if (inet_pton(AF_INET, ptrs[0], &ip->address) == 1) {
if (inet_pton(AF_INET, ptrs[0], &addr) <= 0) { ip->family = AF_INET;
} else if (inet_pton(AF_INET6, ptrs[0], &ip->address) == 1) {
ip->family = AF_INET6;
} else {
return -1; return -1;
} }
*ip = addr;
*cat = c; *cat = c;
*value = v; *value = v;
} }
@ -468,17 +470,21 @@ int SRepLoadFileFromFD(SRepCIDRTree *cidr_ctx, FILE *fp)
line[len - 1] = '\0'; line[len - 1] = '\0';
} }
uint32_t ip = 0;
uint8_t cat = 0, value = 0; uint8_t cat = 0, value = 0;
int r = SRepSplitLine(cidr_ctx, line, &ip, &cat, &value); int r = SRepSplitLine(cidr_ctx, line, &a, &cat, &value);
if (r < 0) { if (r < 0) {
SCLogError(SC_ERR_NO_REPUTATION, "bad line \"%s\"", line); SCLogError(SC_ERR_NO_REPUTATION, "bad line \"%s\"", line);
} else if (r == 0) { } else if (r == 0) {
char ipstr[16]; if (a.family == AF_INET) {
PrintInet(AF_INET, (const void *)&ip, ipstr, sizeof(ipstr)); char ipstr[16];
SCLogDebug("%s %u %u", ipstr, cat, value); PrintInet(AF_INET, (const void *)&a.address, ipstr, sizeof(ipstr));
SCLogDebug("%s %u %u", ipstr, cat, value);
} else {
char ipstr[128];
PrintInet(AF_INET6, (const void *)&a.address, ipstr, sizeof(ipstr));
SCLogDebug("%s %u %u", ipstr, cat, value);
}
a.addr_data32[0] = ip;
Host *h = HostGetHostFromHash(&a); Host *h = HostGetHostFromHash(&a);
if (h == NULL) { if (h == NULL) {
SCLogError(SC_ERR_NO_REPUTATION, "failed to get a host, increase host.memcap"); SCLogError(SC_ERR_NO_REPUTATION, "failed to get a host, increase host.memcap");
@ -704,14 +710,14 @@ static int SRepTest01(void)
} }
SRepInit(de_ctx); SRepInit(de_ctx);
uint32_t ip = 0; Address a;
uint8_t cat = 0, value = 0; uint8_t cat = 0, value = 0;
if (SRepSplitLine(de_ctx->srepCIDR_ctx, str, &ip, &cat, &value) != 0) { if (SRepSplitLine(de_ctx->srepCIDR_ctx, str, &a, &cat, &value) != 0) {
goto end; goto end;
} }
char ipstr[16]; char ipstr[16];
PrintInet(AF_INET, (const void *)&ip, ipstr, sizeof(ipstr)); PrintInet(AF_INET, (const void *)&a.address, ipstr, sizeof(ipstr));
if (strcmp(ipstr, "1.2.3.4") != 0) if (strcmp(ipstr, "1.2.3.4") != 0)
goto end; goto end;
@ -739,9 +745,9 @@ static int SRepTest02(void)
} }
SRepInit(de_ctx); SRepInit(de_ctx);
uint32_t ip = 0; Address a;
uint8_t cat = 0, value = 0; uint8_t cat = 0, value = 0;
if (SRepSplitLine(de_ctx->srepCIDR_ctx, str, &ip, &cat, &value) == 0) { if (SRepSplitLine(de_ctx->srepCIDR_ctx, str, &a, &cat, &value) == 0) {
goto end; goto end;
} }
result = 1; result = 1;
@ -789,9 +795,9 @@ static int SRepTest04(void)
char str[] = "10.0.0.0/16,1,2"; char str[] = "10.0.0.0/16,1,2";
uint32_t ip = 0; Address a;
uint8_t cat = 0, value = 0; uint8_t cat = 0, value = 0;
if (SRepSplitLine(de_ctx->srepCIDR_ctx, str, &ip, &cat, &value) != 1) { if (SRepSplitLine(de_ctx->srepCIDR_ctx, str, &a, &cat, &value) != 1) {
goto end; goto end;
} }
@ -825,9 +831,9 @@ static int SRepTest05(void)
char str[] = "10.0.0.0/16,1,20"; char str[] = "10.0.0.0/16,1,20";
uint32_t ip = 0; Address a;
uint8_t cat = 0, value = 0; uint8_t cat = 0, value = 0;
if (SRepSplitLine(de_ctx->srepCIDR_ctx, str, &ip, &cat, &value) != 1) { if (SRepSplitLine(de_ctx->srepCIDR_ctx, str, &a, &cat, &value) != 1) {
goto end; goto end;
} }
cat = 1; cat = 1;
@ -868,9 +874,9 @@ static int SRepTest06(void)
"0.0.0.0/0,1,10\n" "0.0.0.0/0,1,10\n"
"192.168.0.0/16,2,127"; "192.168.0.0/16,2,127";
uint32_t ip = 0; Address a;
uint8_t cat = 0, value = 0; uint8_t cat = 0, value = 0;
if (SRepSplitLine(de_ctx->srepCIDR_ctx, str, &ip, &cat, &value) != 1) { if (SRepSplitLine(de_ctx->srepCIDR_ctx, str, &a, &cat, &value) != 1) {
goto end; goto end;
} }
cat = 1; cat = 1;
@ -885,6 +891,26 @@ end:
DetectEngineCtxFree(de_ctx); DetectEngineCtxFree(de_ctx);
return result; return result;
} }
static int SRepTest07(void) {
char str[] = "2000:0000:0000:0000:0000:0000:0000:0001,";
int result = 0;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
return 0;
}
SRepInit(de_ctx);
Address a;
uint8_t cat = 0, value = 0;
if (SRepSplitLine(de_ctx->srepCIDR_ctx, str, &a, &cat, &value) == 0) {
goto end;
}
result = 1;
end:
DetectEngineCtxFree(de_ctx);
return result;
}
#endif #endif
/** Global trees that hold host reputation for IPV4 and IPV6 hosts */ /** Global trees that hold host reputation for IPV4 and IPV6 hosts */
@ -2322,6 +2348,7 @@ void SCReputationRegisterTests(void)
UtRegisterTest("SRepTest04", SRepTest04, 1); UtRegisterTest("SRepTest04", SRepTest04, 1);
UtRegisterTest("SRepTest05", SRepTest05, 1); UtRegisterTest("SRepTest05", SRepTest05, 1);
UtRegisterTest("SRepTest06", SRepTest06, 1); UtRegisterTest("SRepTest06", SRepTest06, 1);
UtRegisterTest("SRepTest07", SRepTest07, 1);
#endif /* UNITTESTS */ #endif /* UNITTESTS */
} }

Write Preview
Loading…
Cancel
Save