aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect address: remove unused features

Browse Source
pull/1980/head
Victor Julien 10 years ago
parent cbf80de6fe
commit a7d126738a
4 changed files with 0 additions and 206 deletions
Show Stats Download Patch File Download Diff File

84
src/detect-engine-address-ipv4.c
Unescape Escape View File

@ -117,7 +117,6 @@ int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a,
uint32_t a_ip2 = ntohl(a->ip2.addr_data32[0]);
uint32_t b_ip1 = ntohl(b->ip.addr_data32[0]);
uint32_t b_ip2 = ntohl(b->ip2.addr_data32[0]);
DetectPort *port = NULL;
DetectAddress *tmp = NULL;
DetectAddress *tmp_c = NULL;
int r = 0;
@ -162,14 +161,6 @@ int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a,
if (de_ctx != NULL) {
SigGroupHeadCopySigs(de_ctx, b->sh, &tmp_c->sh);
SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
for (port = b->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx, &tmp_c->port, port);
for (port = a->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx, &b->port, port);
tmp_c->cnt += b->cnt;
b->cnt += a->cnt;
}
/* we have 3 parts: [bbb[baba]aaa]
@ -211,22 +202,6 @@ int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a,
SigGroupHeadCopySigs(de_ctx, tmp->sh, &b->sh);
/* clean tmp list */
SigGroupHeadClearSigs(tmp->sh);
for (port = a->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx, &tmp->port, port);
for (port = b->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx, &a->port, port);
for (port = tmp->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx, &b->port, port);
for (port = tmp->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx, &tmp_c->port, port);
tmp->cnt += a->cnt;
a->cnt = 0;
tmp_c->cnt += tmp->cnt;
a->cnt += b->cnt;
b->cnt += tmp->cnt;
tmp->cnt = 0;
}
/* we have 2 or three parts:
@ -260,10 +235,6 @@ int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a,
if (de_ctx != NULL) {
/* 'b' overlaps 'a' so 'a' needs the 'b' sigs */
SigGroupHeadCopySigs(de_ctx, b->sh, &a->sh);
for (port = b->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx, &a->port, port);
a->cnt += b->cnt;
}
} else if (a_ip2 == b_ip2) {
SCLogDebug("DetectAddressCutIPv4: 2");
@ -280,19 +251,6 @@ int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a,
SigGroupHeadClearSigs(a->sh);
SigGroupHeadCopySigs(de_ctx, tmp->sh, &a->sh);
SigGroupHeadClearSigs(tmp->sh);
for (port = a->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx, &tmp->port, a->port);
for (port = b->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx, &a->port, port);
for (port = tmp->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx, &b->port, port);
tmp->cnt += a->cnt;
a->cnt = 0;
a->cnt += b->cnt;
b->cnt += tmp->cnt;
tmp->cnt = 0;
}
} else {
SCLogDebug("3");
@ -328,22 +286,6 @@ int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a,
SigGroupHeadCopySigs(de_ctx, tmp->sh, &b->sh);
/* clean tmp list */
SigGroupHeadClearSigs(tmp->sh);
for (port = a->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx, &tmp->port, port);
for (port = b->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx, &tmp_c->port, port);
for (port = b->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx, &a->port, port);
for (port = tmp->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx, &b->port, port);
tmp->cnt += a->cnt;
a->cnt = 0;
tmp_c->cnt += b->cnt;
a->cnt += b->cnt;
b->cnt += tmp->cnt;
tmp->cnt = 0;
}
}
/* we have 2 or three parts:
@ -381,19 +323,6 @@ int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a,
SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
SigGroupHeadCopySigs(de_ctx, tmp->sh, &a->sh);
SigGroupHeadClearSigs(tmp->sh);
for (port = b->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx, &tmp->port, b->port);
for (port = a->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx, &b->port, port);
for (port = tmp->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx, &a->port, port);
tmp->cnt += b->cnt;
b->cnt = 0;
b->cnt += a->cnt;
a->cnt += tmp->cnt;
tmp->cnt = 0;
}
} else if (a_ip2 == b_ip2) {
SCLogDebug("DetectAddressCutIPv4: 2");
@ -407,11 +336,6 @@ int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a,
if (de_ctx != NULL) {
/* 'a' overlaps 'b' so a needs the 'a' sigs */
SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
for (port = a->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx, &b->port, port);
b->cnt += a->cnt;
}
} else {
SCLogDebug("DetectAddressCutIPv4: 3");
@ -437,14 +361,6 @@ int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a,
* 'c' gets 'a' sigs */
SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
SigGroupHeadCopySigs(de_ctx, a->sh, &tmp_c->sh);
for (port = a->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx, &b->port, port);
for (port = a->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx, &tmp_c->port, port);
b->cnt += a->cnt;
tmp_c->cnt += a->cnt;
}
}
}

82
src/detect-engine-address-ipv6.c
Unescape Escape View File

@ -367,7 +367,6 @@ int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a,
uint32_t b_ip2[4] = { ntohl(b->ip2.addr_data32[0]), ntohl(b->ip2.addr_data32[1]),
ntohl(b->ip2.addr_data32[2]), ntohl(b->ip2.addr_data32[3]) };
DetectPort *port = NULL;
DetectAddress *tmp = NULL;
/* default to NULL */
@ -412,14 +411,6 @@ int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a,
/* copy old b to a */
SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
for (port = b->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx, &tmp_c->port, port);
for (port = a->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx, &b->port, port);
tmp_c->cnt += b->cnt;
b->cnt += a->cnt;
/* we have 3 parts: [bbb[baba]aaa]
* part a: b_ip1 <-> a_ip1 - 1
* part b: a_ip1 <-> b_ip2
@ -459,23 +450,6 @@ int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a,
/* clean tmp list */
SigGroupHeadClearSigs(tmp->sh);
for (port = a->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx,&tmp->port, port);
for (port = b->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx,&a->port, port);
for (port = tmp->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx,&b->port, port);
for (port = tmp->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx,&tmp_c->port, port);
tmp->cnt += a->cnt;
a->cnt = 0;
tmp_c->cnt += tmp->cnt;
a->cnt += b->cnt;
b->cnt += tmp->cnt;
tmp->cnt = 0;
/* we have 2 or three parts:
*
* 2 part: [[abab]bbb] or [bbb[baba]]
@ -501,11 +475,6 @@ int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a,
/* 'b' overlaps 'a' so 'a' needs the 'b' sigs */
SigGroupHeadCopySigs(de_ctx, b->sh, &a->sh);
for (port = b->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx,&a->port, port);
a->cnt += b->cnt;
} else if (AddressIPv6EqU32(a_ip2, b_ip2) == 1) {
AddressCutIPv6Copy(b_ip1, a->ip.addr_data32);
AddressCutIPv6CopySubOne(a_ip1, a->ip2.addr_data32);
@ -519,18 +488,6 @@ int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a,
SigGroupHeadCopySigs(de_ctx, tmp->sh, &a->sh);
SigGroupHeadClearSigs(tmp->sh);
for (port = a->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx,&tmp->port, a->port);
for (port = b->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx,&a->port, port);
for (port = tmp->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx,&b->port, port);
tmp->cnt += a->cnt;
a->cnt = 0;
a->cnt += b->cnt;
b->cnt += tmp->cnt;
tmp->cnt = 0;
} else {
AddressCutIPv6Copy(b_ip1, a->ip.addr_data32);
AddressCutIPv6CopySubOne(a_ip1, a->ip2.addr_data32);
@ -565,22 +522,6 @@ int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a,
/* clean tmp list */
SigGroupHeadClearSigs(tmp->sh);
for (port = a->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx,&tmp->port, port);
for (port = b->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx,&tmp_c->port, port);
for (port = b->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx,&a->port, port);
for (port = tmp->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx,&b->port, port);
tmp->cnt += a->cnt;
a->cnt = 0;
tmp_c->cnt += b->cnt;
a->cnt += b->cnt;
b->cnt += tmp->cnt;
tmp->cnt = 0;
}
/* we have 2 or three parts:
*
@ -611,18 +552,6 @@ int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a,
SigGroupHeadCopySigs(de_ctx, tmp->sh, &a->sh);
SigGroupHeadClearSigs(tmp->sh);
for (port = b->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx,&tmp->port, b->port);
for (port = a->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx,&b->port, port);
for (port = tmp->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx,&a->port, port);
tmp->cnt += b->cnt;
b->cnt = 0;
b->cnt += a->cnt;
a->cnt += tmp->cnt;
tmp->cnt = 0;
} else if (AddressIPv6EqU32(a_ip2, b_ip2) == 1) {
AddressCutIPv6Copy(a_ip1, a->ip.addr_data32);
AddressCutIPv6CopySubOne(b_ip1, a->ip2.addr_data32);
@ -633,10 +562,6 @@ int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a,
/* 'a' overlaps 'b' so a needs the 'a' sigs */
SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
for (port = a->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx,&b->port, port);
b->cnt += a->cnt;
} else {
AddressCutIPv6Copy(a_ip1, a->ip.addr_data32);
AddressCutIPv6CopySubOne(b_ip1, a->ip2.addr_data32);
@ -660,13 +585,6 @@ int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a,
SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
SigGroupHeadCopySigs(de_ctx, a->sh, &tmp_c->sh);
for (port = a->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx,&b->port, port);
for (port = a->port; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx,&tmp_c->port, port);
b->cnt += a->cnt;
tmp_c->cnt += a->cnt;
}
}

29
src/detect-engine-address.c
Unescape Escape View File

@ -107,22 +107,6 @@ void DetectAddressFree(DetectAddress *ag)
}
ag->sh = NULL;
if (!(ag->flags & ADDRESS_HAVEPORT)) {
SCLogDebug("- ag %p dst_gh %p", ag, ag->dst_gh);
if (ag->dst_gh != NULL)
DetectAddressHeadFree(ag->dst_gh);
ag->dst_gh = NULL;
} else {
SCLogDebug("- ag %p port %p", ag, ag->port);
if (ag->port != NULL && !(ag->flags & ADDRESS_PORTS_COPY)) {
SCLogDebug("- ag %p port %p, not a copy so call DetectPortCleanupList",
ag, ag->port);
DetectPortCleanupList(ag->port);
}
ag->port = NULL;
}
#ifdef DEBUG
detect_address_group_memory -= sizeof(DetectAddress);
detect_address_group_free_cnt++;
@ -153,8 +137,6 @@ DetectAddress *DetectAddressCopy(DetectAddress *orig)
COPY_ADDRESS(&orig->ip, &ag->ip);
COPY_ADDRESS(&orig->ip2, &ag->ip2);
ag->cnt = 1;
return ag;
}
@ -407,11 +389,7 @@ int DetectAddressInsert(DetectEngineCtx *de_ctx, DetectAddressHead *gh,
if (r == ADDRESS_EQ) {
/* exact overlap/match */
if (cur != new) {
DetectPort *port = new->port;
for ( ; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx, &cur->port, port);
SigGroupHeadCopySigs(de_ctx, new->sh, &cur->sh);
cur->cnt += new->cnt;
DetectAddressFree(new);
return 0;
@ -523,21 +501,14 @@ error:
int DetectAddressJoin(DetectEngineCtx *de_ctx, DetectAddress *target,
DetectAddress *source)
{
DetectPort *port = NULL;
if (target == NULL || source == NULL)
return -1;
if (target->ip.family != source->ip.family)
return -1;
target->cnt += source->cnt;
SigGroupHeadCopySigs(de_ctx, source->sh, &target->sh);
port = source->port;
for ( ; port != NULL; port = port->next)
DetectPortInsertCopy(de_ctx, &target->port, port);
if (target->ip.family == AF_INET)
return DetectAddressJoinIPv4(de_ctx, target, source);
else if (target->ip.family == AF_INET6)

11
src/detect.h
Unescape Escape View File

@ -165,9 +165,6 @@ enum {
#define ADDRESS_FLAG_NOT 0x02 /**< address is negated */
#define ADDRESS_SIGGROUPHEAD_COPY 0x04 /**< sgh is a ptr to another sgh */
#define ADDRESS_PORTS_COPY 0x08 /**< ports are a ptr to other ports */
#define ADDRESS_PORTS_NOTUNIQ 0x10
#define ADDRESS_HAVEPORT 0x20 /**< address has a ports ptr */
/** \brief address structure for use in the detection engine.
*
@ -178,12 +175,6 @@ typedef struct DetectAddress_ {
Address ip;
Address ip2;
/** ptr to the next address (dst addr in that case) or to the src port */
union {
struct DetectAddressHead_ *dst_gh; /**< destination address */
struct DetectPort_ *port; /**< source port */
};
/** signatures that belong in this group */
struct SigGroupHead_ *sh;
@ -194,8 +185,6 @@ typedef struct DetectAddress_ {
struct DetectAddress_ *prev;
/** ptr to the next address in the list */
struct DetectAddress_ *next;
uint32_t cnt;
} DetectAddress;
/** Signature grouping head. Here 'any', ipv4 and ipv6 are split out */

Write Preview
Loading…
Cancel
Save