aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

output: remove error codes from output

Browse Source
pull/8304/head
Victor Julien 3 years ago
parent 39f5c7f56a
commit b31ffde6f4
326 changed files with 3896 additions and 4495 deletions
Show Stats Download Patch File Download Diff File

1
rust/src/core.rs
Unescape Escape View File

@ -129,7 +129,6 @@ pub type SCLogMessageFunc =
filename: *const std::os::raw::c_char,
line: std::os::raw::c_uint,
function: *const std::os::raw::c_char,
code: std::os::raw::c_int,
message: *const std::os::raw::c_char) -> std::os::raw::c_int;
pub type DetectEngineStateFreeFunc =

21
rust/src/log.rs
Unescape Escape View File

@ -68,14 +68,13 @@ fn basename(filename: &str) -> &str {
}
pub fn sclog(level: Level, file: &str, line: u32, function: &str,
code: i32, message: &str)
message: &str)
{
let filename = basename(file);
sc_log_message(level,
filename,
line,
function,
code,
message);
}
@ -99,9 +98,9 @@ macro_rules!function {
#[macro_export]
macro_rules!do_log {
($level:expr, $code:expr, $($arg:tt)*) => {
($level:expr, $($arg:tt)*) => {
if $crate::log::get_log_level() >= $level as i32 {
$crate::log::sclog($level, file!(), line!(), $crate::function!(), $code,
$crate::log::sclog($level, file!(), line!(), $crate::function!(),
&(format!($($arg)*)));
}
}
@ -110,35 +109,35 @@ macro_rules!do_log {
#[macro_export]
macro_rules!SCLogError {
($($arg:tt)*) => {
$crate::do_log!($crate::log::Level::Error, 0, $($arg)*);
$crate::do_log!($crate::log::Level::Error, $($arg)*);
};
}
#[macro_export]
macro_rules!SCLogNotice {
($($arg:tt)*) => {
$crate::do_log!($crate::log::Level::Notice, 0, $($arg)*);
$crate::do_log!($crate::log::Level::Notice, $($arg)*);
}
}
#[macro_export]
macro_rules!SCLogInfo {
($($arg:tt)*) => {
$crate::do_log!($crate::log::Level::Info, 0, $($arg)*);
$crate::do_log!($crate::log::Level::Info, $($arg)*);
}
}
#[macro_export]
macro_rules!SCLogPerf {
($($arg:tt)*) => {
$crate::do_log!($crate::log::Level::Perf, 0, $($arg)*);
$crate::do_log!($crate::log::Level::Perf, $($arg)*);
}
}
#[macro_export]
macro_rules!SCLogConfig {
($($arg:tt)*) => {
$crate::do_log!($crate::log::Level::Config, 0, $($arg)*);
$crate::do_log!($crate::log::Level::Config, $($arg)*);
}
}
@ -147,7 +146,7 @@ macro_rules!SCLogConfig {
#[macro_export]
macro_rules!SCLogDebug {
($($arg:tt)*) => {
do_log!($crate::log::Level::Debug, 0, $($arg)*);
do_log!($crate::log::Level::Debug, $($arg)*);
}
}
@ -168,7 +167,6 @@ pub fn sc_log_message(level: Level,
filename: &str,
line: std::os::raw::c_uint,
function: &str,
code: std::os::raw::c_int,
message: &str) -> std::os::raw::c_int
{
unsafe {
@ -178,7 +176,6 @@ pub fn sc_log_message(level: Level,
to_safe_cstring(filename).as_ptr(),
line,
to_safe_cstring(function).as_ptr(),
code,
to_safe_cstring(message).as_ptr());
}
}

6
src/alert-syslog.c
Unescape Escape View File

@ -101,9 +101,9 @@ static OutputInitResult AlertSyslogInitCtx(ConfNode *conf)
int facility = SCMapEnumNameToValue(facility_s, SCSyslogGetFacilityMap());
if (facility == -1) {
SCLogWarning(SC_ERR_INVALID_ARGUMENT, "Invalid syslog facility: \"%s\","
" now using \"%s\" as syslog facility", facility_s,
DEFAULT_ALERT_SYSLOG_FACILITY_STR);
SCLogWarning("Invalid syslog facility: \"%s\","
" now using \"%s\" as syslog facility",
facility_s, DEFAULT_ALERT_SYSLOG_FACILITY_STR);
facility = DEFAULT_ALERT_SYSLOG_FACILITY;
}

43
src/app-layer-detect-proto.c
Unescape Escape View File

@ -683,7 +683,7 @@ static uint32_t AppLayerProtoDetectProbingParserGetMask(AppProto alproto)
SCEnter();
if (!(alproto > ALPROTO_UNKNOWN && alproto < ALPROTO_FAILED)) {
FatalError(SC_ERR_ALPARSER, "Unknown protocol detected - %u", alproto);
FatalError("Unknown protocol detected - %u", alproto);
}
SCReturnUInt(1UL << (uint32_t)alproto);
@ -793,13 +793,14 @@ AppLayerProtoDetectProbingParserElementCreate(AppProto alproto,
pe->next = NULL;
if (max_depth != 0 && min_depth >= max_depth) {
SCLogError(SC_ERR_ALPARSER, "Invalid arguments sent to "
SCLogError("Invalid arguments sent to "
"register the probing parser. min_depth >= max_depth");
goto error;
}
if (alproto <= ALPROTO_UNKNOWN || alproto >= ALPROTO_MAX) {
SCLogError(SC_ERR_ALPARSER, "Invalid arguments sent to register "
"the probing parser. Invalid alproto - %d", alproto);
SCLogError("Invalid arguments sent to register "
"the probing parser. Invalid alproto - %d",
alproto);
goto error;
}
@ -1199,13 +1200,12 @@ static void AppLayerProtoDetectInsertNewProbingParser(AppLayerProtoDetectProbing
curr_pe = curr_port->sp;
while (curr_pe != NULL) {
if (curr_pe->alproto == alproto) {
SCLogError(SC_ERR_ALPARSER, "Duplicate pp registered - "
"ipproto - %"PRIu8" Port - %"PRIu16" "
SCLogError("Duplicate pp registered - "
"ipproto - %" PRIu8 " Port - %" PRIu16 " "
"App Protocol - NULL, App Protocol(ID) - "
"%"PRIu16" min_depth - %"PRIu16" "
"max_dept - %"PRIu16".",
ipproto, port, alproto,
min_depth, max_depth);
"%" PRIu16 " min_depth - %" PRIu16 " "
"max_dept - %" PRIu16 ".",
ipproto, port, alproto, min_depth, max_depth);
goto error;
}
curr_pe = curr_pe->next;
@ -1747,9 +1747,9 @@ int AppLayerProtoDetectPPParseConfPorts(const char *ipproto_name,
r = snprintf(param, sizeof(param), "%s%s%s", "app-layer.protocols.",
alproto_name, ".detection-ports");
if (r < 0) {
FatalError(SC_ERR_FATAL, "snprintf failure.");
FatalError("snprintf failure.");
} else if (r > (int)sizeof(param)) {
FatalError(SC_ERR_FATAL, "buffer not big enough to write param.");
FatalError("buffer not big enough to write param.");
}
node = ConfGetNode(param);
if (node == NULL) {
@ -1757,9 +1757,9 @@ int AppLayerProtoDetectPPParseConfPorts(const char *ipproto_name,
r = snprintf(param, sizeof(param), "%s%s%s%s%s", "app-layer.protocols.",
alproto_name, ".", ipproto_name, ".detection-ports");
if (r < 0) {
FatalError(SC_ERR_FATAL, "snprintf failure.");
FatalError("snprintf failure.");
} else if (r > (int)sizeof(param)) {
FatalError(SC_ERR_FATAL, "buffer not big enough to write param.");
FatalError("buffer not big enough to write param.");
}
node = ConfGetNode(param);
if (node == NULL)
@ -1857,7 +1857,7 @@ int AppLayerProtoDetectSetup(void)
alpd_ctx.spm_global_thread_ctx = SpmInitGlobalThreadCtx(spm_matcher);
if (alpd_ctx.spm_global_thread_ctx == NULL) {
FatalError(SC_ERR_FATAL, "Unable to alloc SpmGlobalThreadCtx.");
FatalError("Unable to alloc SpmGlobalThreadCtx.");
}
for (i = 0; i < FLOW_PROTO_DEFAULT; i++) {
@ -2029,9 +2029,9 @@ int AppLayerProtoDetectConfProtoDetectionEnabledDefault(
r = snprintf(param, sizeof(param), "%s%s%s", "app-layer.protocols.",
alproto, ".enabled");
if (r < 0) {
FatalError(SC_ERR_FATAL, "snprintf failure.");
FatalError("snprintf failure.");
} else if (r > (int)sizeof(param)) {
FatalError(SC_ERR_FATAL, "buffer not big enough to write param.");
FatalError("buffer not big enough to write param.");
}
node = ConfGetNode(param);
@ -2040,9 +2040,9 @@ int AppLayerProtoDetectConfProtoDetectionEnabledDefault(
r = snprintf(param, sizeof(param), "%s%s%s%s%s", "app-layer.protocols.",
alproto, ".", ipproto, ".enabled");
if (r < 0) {
FatalError(SC_ERR_FATAL, "snprintf failure.");
FatalError("snprintf failure.");
} else if (r > (int)sizeof(param)) {
FatalError(SC_ERR_FATAL, "buffer not big enough to write param.");
FatalError("buffer not big enough to write param.");
}
node = ConfGetNode(param);
@ -2067,7 +2067,7 @@ int AppLayerProtoDetectConfProtoDetectionEnabledDefault(
}
/* Invalid or null value. */
SCLogError(SC_ERR_FATAL, "Invalid value found for %s.", param);
SCLogError("Invalid value found for %s.", param);
exit(EXIT_FAILURE);
disabled:
@ -2253,8 +2253,7 @@ void AppLayerRegisterExpectationProto(uint8_t proto, AppProto alproto)
{
if (expectation_proto[alproto]) {
if (proto != expectation_proto[alproto]) {
SCLogError(SC_ERR_NOT_SUPPORTED,
"Expectation on 2 IP protocols are not supported");
SCLogError("Expectation on 2 IP protocols are not supported");
}
}
expectation_proto[alproto] = proto;

12
src/app-layer-dnp3.c
Unescape Escape View File

@ -471,7 +471,7 @@ static void DNP3SetEvent(DNP3State *dnp3, uint8_t event)
dnp3->events++;
}
else {
SCLogWarning(SC_ERR_ALPARSER, "Failed to set event, state or tx pointer was NULL.");
SCLogWarning("Failed to set event, state or tx pointer was NULL.");
}
}
@ -1460,8 +1460,9 @@ static int DNP3StateGetEventInfo(const char *event_name, int *event_id,
{
*event_id = SCMapEnumNameToValue(event_name, dnp3_decoder_event_table);
if (*event_id == -1) {
SCLogError(SC_ERR_INVALID_ENUM_MAP, "Event \"%s\" not present in "
"the DNP3 enum event map table.", event_name);
SCLogError("Event \"%s\" not present in "
"the DNP3 enum event map table.",
event_name);
return -1;
}
@ -1478,8 +1479,9 @@ static int DNP3StateGetEventInfoById(int event_id, const char **event_name,
{
*event_name = SCMapEnumValueToName(event_id, dnp3_decoder_event_table);
if (*event_name == NULL) {
SCLogError(SC_ERR_INVALID_ENUM_MAP, "Event \"%d\" not present in "
"the DNP3 enum event map table.", event_id);
SCLogError("Event \"%d\" not present in "
"the DNP3 enum event map table.",
event_id);
return -1;
}

10
src/app-layer-enip.c
Unescape Escape View File

@ -108,8 +108,9 @@ static int ENIPStateGetEventInfo(const char *event_name, int *event_id, AppLayer
*event_id = SCMapEnumNameToValue(event_name, enip_decoder_event_table);
if (*event_id == -1) {
SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%s\" not present in "
"enip's enum map table.", event_name);
SCLogError("event \"%s\" not present in "
"enip's enum map table.",
event_name);
/* yes this is fatal */
return -1;
}
@ -124,8 +125,9 @@ static int ENIPStateGetEventInfoById(int event_id, const char **event_name,
{
*event_name = SCMapEnumValueToName(event_id, enip_decoder_event_table);
if (*event_name == NULL) {
SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%d\" not present in "
"enip's enum map table.", event_id);
SCLogError("event \"%d\" not present in "
"enip's enum map table.",
event_id);
/* yes this is fatal */
return -1;
}

10
src/app-layer-events.c
Unescape Escape View File

@ -53,8 +53,9 @@ int AppLayerGetEventInfoById(int event_id, const char **event_name,
{
*event_name = SCMapEnumValueToName(event_id, app_layer_event_pkt_table);
if (*event_name == NULL) {
SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%d\" not present in "
"app-layer-event's enum map table.", event_id);
SCLogError("event \"%d\" not present in "
"app-layer-event's enum map table.",
event_id);
/* yes this is fatal */
return -1;
}
@ -68,8 +69,9 @@ int AppLayerGetPktEventInfo(const char *event_name, int *event_id)
{
*event_id = SCMapEnumNameToValue(event_name, app_layer_event_pkt_table);
if (*event_id == -1) {
SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%s\" not present in "
"app-layer-event's packet event table.", event_name);
SCLogError("event \"%s\" not present in "
"app-layer-event's packet event table.",
event_name);
/* this should be treated as fatal */
return -1;
}

12
src/app-layer-ftp.c
Unescape Escape View File

@ -118,9 +118,9 @@ static void FTPParseMemcap(void)
if ((ConfGet("app-layer.protocols.ftp.memcap", &conf_val)) == 1)
{
if (ParseSizeStringU64(conf_val, &ftp_config_memcap) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, "Error parsing ftp.memcap "
SCLogError("Error parsing ftp.memcap "
"from conf file - %s. Killing engine",
conf_val);
conf_val);
exit(EXIT_FAILURE);
}
SCLogInfo("FTP memcap: %"PRIu64, ftp_config_memcap);
@ -134,9 +134,8 @@ static void FTPParseMemcap(void)
if ((ConfGet("app-layer.protocols.ftp.max-tx", &conf_val)) == 1) {
if (ParseSizeStringU32(conf_val, &ftp_config_maxtx) < 0) {
SCLogError(SC_ERR_SIZE_PARSE,
"Error parsing ftp.max-tx "
"from conf file - %s.",
SCLogError("Error parsing ftp.max-tx "
"from conf file - %s.",
conf_val);
}
SCLogInfo("FTP max tx: %" PRIu32, ftp_config_maxtx);
@ -144,8 +143,7 @@ static void FTPParseMemcap(void)
if ((ConfGet("app-layer.protocols.ftp.max-line-length", &conf_val)) == 1) {
if (ParseSizeStringU32(conf_val, &ftp_max_line_len) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, "Error parsing ftp.max-line-length from conf file - %s.",
conf_val);
SCLogError("Error parsing ftp.max-line-length from conf file - %s.", conf_val);
}
SCLogConfig("FTP max line length: %" PRIu32, ftp_max_line_len);
}

4
src/app-layer-htp-mem.c
Unescape Escape View File

@ -51,9 +51,9 @@ void HTPParseMemcap()
if ((ConfGet("app-layer.protocols.http.memcap", &conf_val)) == 1)
{
if (ParseSizeStringU64(conf_val, &memcap) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, "Error parsing http.memcap "
SCLogError("Error parsing http.memcap "
"from conf file - %s. Killing engine",
conf_val);
conf_val);
exit(EXIT_FAILURE);
} else {
SC_ATOMIC_SET(htp_config_memcap, memcap);

10
src/app-layer-htp-range.c
Unescape Escape View File

@ -155,9 +155,8 @@ void HttpRangeContainersInit(void)
uint32_t timeout = HTTP_RANGE_DEFAULT_TIMEOUT;
if (ConfGet("app-layer.protocols.http.byterange.memcap", &str) == 1) {
if (ParseSizeStringU64(str, &memcap) < 0) {
SCLogWarning(SC_EINVAL,
"memcap value cannot be deduced: %s,"
" resetting to default",
SCLogWarning("memcap value cannot be deduced: %s,"
" resetting to default",
str);
memcap = 0;
}
@ -165,9 +164,8 @@ void HttpRangeContainersInit(void)
if (ConfGet("app-layer.protocols.http.byterange.timeout", &str) == 1) {
size_t slen = strlen(str);
if (slen > UINT16_MAX || StringParseUint32(&timeout, 10, (uint16_t)slen, str) <= 0) {
SCLogWarning(SC_EINVAL,
"timeout value cannot be deduced: %s,"
" resetting to default",
SCLogWarning("timeout value cannot be deduced: %s,"
" resetting to default",
str);
timeout = 0;
}

14
src/app-layer-htp-xff.c
Unescape Escape View File

@ -218,11 +218,11 @@ void HttpXFFGetCfg(ConfNode *conf, HttpXFFCfg *result)
result->flags |= XFF_OVERWRITE;
} else {
if (xff_mode == NULL) {
SCLogWarning(SC_WARN_XFF_INVALID_MODE, "The XFF mode hasn't been defined, falling back to extra-data mode");
SCLogWarning("The XFF mode hasn't been defined, falling back to extra-data mode");
}
else if (strcasecmp(xff_mode, "extra-data") != 0) {
SCLogWarning(SC_WARN_XFF_INVALID_MODE, "The XFF mode %s is invalid, falling back to extra-data mode",
xff_mode);
SCLogWarning(
"The XFF mode %s is invalid, falling back to extra-data mode", xff_mode);
}
result->flags |= XFF_EXTRADATA;
}
@ -233,10 +233,11 @@ void HttpXFFGetCfg(ConfNode *conf, HttpXFFCfg *result)
result->flags |= XFF_FORWARD;
} else {
if (xff_deployment == NULL) {
SCLogWarning(SC_WARN_XFF_INVALID_DEPLOYMENT, "The XFF deployment hasn't been defined, falling back to reverse proxy deployment");
SCLogWarning("The XFF deployment hasn't been defined, falling back to reverse "
"proxy deployment");
}
else if (strcasecmp(xff_deployment, "reverse") != 0) {
SCLogWarning(SC_WARN_XFF_INVALID_DEPLOYMENT, "The XFF mode %s is invalid, falling back to reverse proxy deployment",
SCLogWarning("The XFF mode %s is invalid, falling back to reverse proxy deployment",
xff_deployment);
}
result->flags |= XFF_REVERSE;
@ -247,8 +248,7 @@ void HttpXFFGetCfg(ConfNode *conf, HttpXFFCfg *result)
if (xff_header != NULL) {
result->header = (char *) xff_header;
} else {
SCLogWarning(SC_WARN_XFF_INVALID_HEADER, "The XFF header hasn't been defined, using the default %s",
XFF_DEFAULT);
SCLogWarning("The XFF header hasn't been defined, using the default %s", XFF_DEFAULT);
result->header = XFF_DEFAULT;
}
}

157
src/app-layer-htp.c
Unescape Escape View File

@ -282,15 +282,17 @@ static int HTPLookupPersonality(const char *str)
IF_HTP_PERSONALITY_NUM(IIS_7_5);
IF_HTP_PERSONALITY_NUM(APACHE_2);
if (strcasecmp("TOMCAT_6_0", str) == 0) {
SCLogError(SC_WARN_OPTION_OBSOLETE, "Personality %s no "
"longer supported by libhtp.", str);
SCLogError("Personality %s no "
"longer supported by libhtp.",
str);
return -1;
} else if ((strcasecmp("APACHE", str) == 0) ||
(strcasecmp("APACHE_2_2", str) == 0))
{
SCLogWarning(SC_WARN_OPTION_OBSOLETE, "Personality %s no "
"longer supported by libhtp, failing back to "
"Apache2 personality.", str);
SCLogWarning("Personality %s no "
"longer supported by libhtp, failing back to "
"Apache2 personality.",
str);
return HTP_SERVER_APACHE_2;
}
@ -803,7 +805,7 @@ static int Setup(Flow *f, HtpState *hstate)
(void)SCRadixFindKeyIPV6BestMatch((uint8_t *)GET_IPV6_DST_ADDR(f), cfgtree, &user_data);
}
else {
SCLogError(SC_ERR_INVALID_ARGUMENT, "unknown address family, bug!");
SCLogError("unknown address family, bug!");
goto error;
}
@ -2587,18 +2589,16 @@ static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s,
SCLogDebug("LIBHTP adding ipv6 server %s at %s: %p",
s->name, pval->val, cfg_prec->cfg);
if (SCRadixAddKeyIPV6String(pval->val, tree, cfg_prec) == NULL) {
SCLogWarning(SC_EINVAL,
"LIBHTP failed to "
"add ipv6 server %s, ignoring",
SCLogWarning("LIBHTP failed to "
"add ipv6 server %s, ignoring",
pval->val);
}
} else {
SCLogDebug("LIBHTP adding ipv4 server %s at %s: %p",
s->name, pval->val, cfg_prec->cfg);
if (SCRadixAddKeyIPV4String(pval->val, tree, cfg_prec) == NULL) {
SCLogWarning(SC_EINVAL,
"LIBHTP failed "
"to add ipv4 server %s, ignoring",
SCLogWarning("LIBHTP failed "
"to add ipv4 server %s, ignoring",
pval->val);
}
} /* else - if (strchr(pval->val, ':') != NULL) */
@ -2614,9 +2614,8 @@ static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s,
SCLogDebug("LIBHTP default: %s=%s (%d)", p->name, p->val,
personality);
if (htp_config_set_server_personality(cfg_prec->cfg, personality) == HTP_ERROR){
SCLogWarning(SC_EINVAL,
"LIBHTP Failed adding "
"personality \"%s\", ignoring",
SCLogWarning("LIBHTP Failed adding "
"personality \"%s\", ignoring",
p->val);
} else {
SCLogDebug("LIBHTP personality set to %s",
@ -2628,37 +2627,42 @@ static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s,
* Signatures do not expect this, so override it. */
htp_config_set_convert_lowercase(cfg_prec->cfg, HTP_DECODER_URL_PATH, 0);
} else {
SCLogWarning(SC_ERR_UNKNOWN_VALUE, "LIBHTP Unknown personality "
"\"%s\", ignoring", p->val);
SCLogWarning("LIBHTP Unknown personality "
"\"%s\", ignoring",
p->val);
continue;
}
} else if (strcasecmp("request-body-limit", p->name) == 0 ||
strcasecmp("request_body_limit", p->name) == 0) {
if (ParseSizeStringU32(p->val, &cfg_prec->request.body_limit) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, "Error parsing request-body-limit "
"from conf file - %s. Killing engine", p->val);
SCLogError("Error parsing request-body-limit "
"from conf file - %s. Killing engine",
p->val);
exit(EXIT_FAILURE);
}
} else if (strcasecmp("response-body-limit", p->name) == 0) {
if (ParseSizeStringU32(p->val, &cfg_prec->response.body_limit) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, "Error parsing response-body-limit "
"from conf file - %s. Killing engine", p->val);
SCLogError("Error parsing response-body-limit "
"from conf file - %s. Killing engine",
p->val);
exit(EXIT_FAILURE);
}
} else if (strcasecmp("request-body-minimal-inspect-size", p->name) == 0) {
if (ParseSizeStringU32(p->val, &cfg_prec->request.inspect_min_size) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, "Error parsing request-body-minimal-inspect-size "
"from conf file - %s. Killing engine", p->val);
SCLogError("Error parsing request-body-minimal-inspect-size "
"from conf file - %s. Killing engine",
p->val);
exit(EXIT_FAILURE);
}
} else if (strcasecmp("request-body-inspect-window", p->name) == 0) {
if (ParseSizeStringU32(p->val, &cfg_prec->request.inspect_window) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, "Error parsing request-body-inspect-window "
"from conf file - %s. Killing engine", p->val);
SCLogError("Error parsing request-body-inspect-window "
"from conf file - %s. Killing engine",
p->val);
exit(EXIT_FAILURE);
}
@ -2676,30 +2680,34 @@ static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s,
} else if (strcasecmp("response-body-minimal-inspect-size", p->name) == 0) {
if (ParseSizeStringU32(p->val, &cfg_prec->response.inspect_min_size) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, "Error parsing response-body-minimal-inspect-size "
"from conf file - %s. Killing engine", p->val);
SCLogError("Error parsing response-body-minimal-inspect-size "
"from conf file - %s. Killing engine",
p->val);
exit(EXIT_FAILURE);
}
} else if (strcasecmp("response-body-inspect-window", p->name) == 0) {
if (ParseSizeStringU32(p->val, &cfg_prec->response.inspect_window) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, "Error parsing response-body-inspect-window "
"from conf file - %s. Killing engine", p->val);
SCLogError("Error parsing response-body-inspect-window "
"from conf file - %s. Killing engine",
p->val);
exit(EXIT_FAILURE);
}
} else if (strcasecmp("response-body-decompress-layer-limit", p->name) == 0) {
uint32_t value = 2;
if (ParseSizeStringU32(p->val, &value) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, "Error parsing response-body-inspect-window "
"from conf file - %s. Killing engine", p->val);
SCLogError("Error parsing response-body-inspect-window "
"from conf file - %s. Killing engine",
p->val);
exit(EXIT_FAILURE);
}
#ifdef HAVE_HTP_CONFIG_SET_RESPONSE_DECOMPRESSION_LAYER_LIMIT
htp_config_set_response_decompression_layer_limit(cfg_prec->cfg, value);
#else
SCLogWarning(SC_WARN_OUTDATED_LIBHTP, "can't set response-body-decompress-layer-limit "
"to %u, libhtp version too old", value);
SCLogWarning("can't set response-body-decompress-layer-limit "
"to %u, libhtp version too old",
value);
#endif
} else if (strcasecmp("path-convert-backslash-separators", p->name) == 0) {
htp_config_set_backslash_convert_slashes(cfg_prec->cfg,
@ -2711,7 +2719,7 @@ static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s,
HTP_DECODER_URL_PATH,
p->val[0]);
} else {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid entry "
SCLogError("Invalid entry "
"for libhtp param path-bestfit-replacement-char");
}
} else if (strcasecmp("path-convert-lowercase", p->name) == 0) {
@ -2747,7 +2755,7 @@ static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s,
} else if (strcasecmp(p->val, "decode_invalid") == 0) {
handling = HTP_URL_DECODE_PROCESS_INVALID;
} else {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid entry "
SCLogError("Invalid entry "
"for libhtp param path-url-encoding-invalid-handling");
return;
}
@ -2769,12 +2777,13 @@ static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s,
} else if (strcasecmp("meta-field-limit", p->name) == 0) {
uint32_t limit = 0;
if (ParseSizeStringU32(p->val, &limit) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, "Error meta-field-limit "
"from conf file - %s. Killing engine", p->val);
SCLogError("Error meta-field-limit "
"from conf file - %s. Killing engine",
p->val);
exit(EXIT_FAILURE);
}
if (limit == 0) {
FatalError(SC_ERR_FATAL, "Error meta-field-limit "
FatalError("Error meta-field-limit "
"from conf file cannot be 0. Killing engine");
}
/* set default soft-limit with our new hard limit */
@ -2785,11 +2794,12 @@ static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s,
} else if (strcasecmp("lzma-memlimit", p->name) == 0) {
uint32_t limit = 0;
if (ParseSizeStringU32(p->val, &limit) < 0) {
FatalError(SC_ERR_SIZE_PARSE, "failed to parse 'lzma-memlimit' "
"from conf file - %s.", p->val);
FatalError("failed to parse 'lzma-memlimit' "
"from conf file - %s.",
p->val);
}
if (limit == 0) {
FatalError(SC_ERR_SIZE_PARSE, "'lzma-memlimit' "
FatalError("'lzma-memlimit' "
"from conf file cannot be 0.");
}
/* set default soft-limit with our new hard limit */
@ -2803,9 +2813,8 @@ static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s,
} else if (!ConfValIsFalse(p->val)) {
int8_t limit;
if (StringParseInt8(&limit, 10, 0, (const char *)p->val) < 0) {
FatalError(SC_ERR_SIZE_PARSE,
"failed to parse 'lzma-enabled' "
"from conf file - %s.",
FatalError("failed to parse 'lzma-enabled' "
"from conf file - %s.",
p->val);
}
SCLogConfig("Setting HTTP LZMA decompression layers to %" PRIu32 "", (int)limit);
@ -2816,11 +2825,12 @@ static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s,
} else if (strcasecmp("compression-bomb-limit", p->name) == 0) {
uint32_t limit = 0;
if (ParseSizeStringU32(p->val, &limit) < 0) {
FatalError(SC_ERR_SIZE_PARSE, "failed to parse 'compression-bomb-limit' "
"from conf file - %s.", p->val);
FatalError("failed to parse 'compression-bomb-limit' "
"from conf file - %s.",
p->val);
}
if (limit == 0) {
FatalError(SC_ERR_SIZE_PARSE, "'compression-bomb-limit' "
FatalError("'compression-bomb-limit' "
"from conf file cannot be 0.");
}
/* set default soft-limit with our new hard limit */
@ -2832,9 +2842,8 @@ static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s,
uint32_t limit = 0;
// between 1 usec and 1 second
if (StringParseU32RangeCheck(&limit, 10, 0, p->val, 1, 1000000) < 0) {
FatalError(SC_ERR_SIZE_PARSE,
"failed to parse 'decompression-time-limit' "
"from conf file - %s.",
FatalError("failed to parse 'decompression-time-limit' "
"from conf file - %s.",
p->val);
}
SCLogConfig("Setting HTTP decompression time limit to %" PRIu32 " usec", limit);
@ -2848,11 +2857,10 @@ static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s,
uint32_t range;
if (StringParseU32RangeCheck(&range, 10, 0,
(const char *)p->val, 0, 100) < 0) {
SCLogError(SC_EINVAL,
"Invalid value for randomize"
"-inspection-range setting from conf file - \"%s\"."
" It should be a valid integer less than or equal to 100."
" Killing engine",
SCLogError("Invalid value for randomize"
"-inspection-range setting from conf file - \"%s\"."
" It should be a valid integer less than or equal to 100."
" Killing engine",
p->val);
exit(EXIT_FAILURE);
}
@ -2894,33 +2902,34 @@ static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s,
} else if (strcasecmp("both", pval->val) == 0) {
cfg_prec->swf_compression_type = HTTP_SWF_COMPRESSION_BOTH;
} else {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
"Invalid entry for "
SCLogError("Invalid entry for "
"swf-decompression.type: %s - "
"Killing engine", pval->val);
"Killing engine",
pval->val);
exit(EXIT_FAILURE);
}
} else if (strcasecmp("compress-depth", pval->name) == 0) {
if (ParseSizeStringU32(pval->val, &cfg_prec->swf_compress_depth) < 0) {
SCLogError(SC_ERR_SIZE_PARSE,
"Error parsing swf-decompression.compression-depth "
"from conf file - %s. Killing engine", p->val);
SCLogError("Error parsing swf-decompression.compression-depth "
"from conf file - %s. Killing engine",
p->val);
exit(EXIT_FAILURE);
}
} else if (strcasecmp("decompress-depth", pval->name) == 0) {
if (ParseSizeStringU32(pval->val, &cfg_prec->swf_decompress_depth) < 0) {
SCLogError(SC_ERR_SIZE_PARSE,
"Error parsing swf-decompression.decompression-depth "
"from conf file - %s. Killing engine", p->val);
SCLogError("Error parsing swf-decompression.decompression-depth "
"from conf file - %s. Killing engine",
p->val);
exit(EXIT_FAILURE);
}
} else {
SCLogWarning(SC_ERR_UNKNOWN_VALUE, "Ignoring unknown param %s", pval->name);
SCLogWarning("Ignoring unknown param %s", pval->name);
}
}
} else {
SCLogWarning(SC_ERR_UNKNOWN_VALUE, "LIBHTP Ignoring unknown "
"default config: %s", p->name);
SCLogWarning("LIBHTP Ignoring unknown "
"default config: %s",
p->name);
}
} /* TAILQ_FOREACH(p, &default_config->head, next) */
@ -2940,7 +2949,7 @@ void HTPConfigure(void)
/* Default Config */
cfglist.cfg = htp_config_create();
if (NULL == cfglist.cfg) {
FatalError(SC_ERR_FATAL, "Failed to create HTP default config");
FatalError("Failed to create HTP default config");
}
SCLogDebug("LIBHTP default config: %p", cfglist.cfg);
HTPConfigSetDefaultsPhase1(&cfglist);
@ -2988,7 +2997,7 @@ void HTPConfigure(void)
cfglist.next->next = nextrec;
cfglist.next->cfg = htp_config_create();
if (NULL == cfglist.next->cfg) {
FatalError(SC_ERR_FATAL, "Failed to create HTP server config");
FatalError("Failed to create HTP server config");
}
HTPConfigSetDefaultsPhase1(htprec);
@ -3079,8 +3088,9 @@ static int HTPStateGetEventInfo(const char *event_name,
{
*event_id = SCMapEnumNameToValue(event_name, http_decoder_event_table);
if (*event_id == -1) {
SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%s\" not present in "
"http's enum map table.", event_name);
SCLogError("event \"%s\" not present in "
"http's enum map table.",
event_name);
/* this should be treated as fatal */
return -1;
}
@ -3095,8 +3105,9 @@ static int HTPStateGetEventInfoById(int event_id, const char **event_name,
{
*event_name = SCMapEnumValueToName(event_id, http_decoder_event_table);
if (*event_name == NULL) {
SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%d\" not present in "
"http's enum map table.", event_id);
SCLogError("event \"%d\" not present in "
"http's enum map table.",
event_id);
/* this should be treated as fatal */
return -1;
}

2
src/app-layer-mqtt.c
Unescape Escape View File

@ -44,7 +44,7 @@ void RegisterMQTTParsers(void)
if (p != NULL) {
uint32_t value;
if (ParseSizeStringU32(p->val, &value) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, "invalid value for max-msg-length: %s", p->val);
SCLogError("invalid value for max-msg-length: %s", p->val);
} else {
max_msg_len = value;
}

10
src/app-layer-parser.c
Unescape Escape View File

@ -347,9 +347,9 @@ int AppLayerParserConfParserEnabled(const char *ipproto,
r = snprintf(param, sizeof(param), "%s%s%s", "app-layer.protocols.",
alproto_name, ".enabled");
if (r < 0) {
FatalError(SC_ERR_FATAL, "snprintf failure.");
FatalError("snprintf failure.");
} else if (r > (int)sizeof(param)) {
FatalError(SC_ERR_FATAL, "buffer not big enough to write param.");
FatalError("buffer not big enough to write param.");
}
node = ConfGetNode(param);
@ -358,9 +358,9 @@ int AppLayerParserConfParserEnabled(const char *ipproto,
r = snprintf(param, sizeof(param), "%s%s%s%s%s", "app-layer.protocols.",
alproto_name, ".", ipproto, ".enabled");
if (r < 0) {
FatalError(SC_ERR_FATAL, "snprintf failure.");
FatalError("snprintf failure.");
} else if (r > (int)sizeof(param)) {
FatalError(SC_ERR_FATAL, "buffer not big enough to write param.");
FatalError("buffer not big enough to write param.");
}
node = ConfGetNode(param);
@ -377,7 +377,7 @@ int AppLayerParserConfParserEnabled(const char *ipproto,
} else if (strcasecmp(node->val, "detection-only") == 0) {
goto disabled;
} else {
SCLogError(SC_ERR_FATAL, "Invalid value found for %s.", param);
SCLogError("Invalid value found for %s.", param);
exit(EXIT_FAILURE);
}

12
src/app-layer-register.c
Unescape Escape View File

@ -41,15 +41,15 @@ AppProto AppLayerRegisterProtocolDetection(const struct AppLayerParser *p, int e
const char *ip_proto_str = NULL;
if (p == NULL)
FatalError(SC_ERR_FATAL, "Call to %s with NULL pointer.", __FUNCTION__);
FatalError("Call to %s with NULL pointer.", __FUNCTION__);
alproto = StringToAppProto(p->name);
if (alproto == ALPROTO_UNKNOWN || alproto == ALPROTO_FAILED)
FatalError(SC_ERR_FATAL, "Unknown or invalid AppProto '%s'.", p->name);
FatalError("Unknown or invalid AppProto '%s'.", p->name);
ip_proto_str = IpProtoToString(p->ip_proto);
if (ip_proto_str == NULL)
FatalError(SC_ERR_FATAL, "Unknown or unsupported ip_proto field in parser '%s'", p->name);
FatalError("Unknown or unsupported ip_proto field in parser '%s'", p->name);
SCLogDebug("%s %s protocol detection enabled.", ip_proto_str, p->name);
@ -97,14 +97,14 @@ int AppLayerRegisterParser(const struct AppLayerParser *p, AppProto alproto)
const char *ip_proto_str = NULL;
if (p == NULL)
FatalError(SC_ERR_FATAL, "Call to %s with NULL pointer.", __FUNCTION__);
FatalError("Call to %s with NULL pointer.", __FUNCTION__);
if (alproto == ALPROTO_UNKNOWN || alproto >= ALPROTO_FAILED)
FatalError(SC_ERR_FATAL, "Unknown or invalid AppProto '%s'.", p->name);
FatalError("Unknown or invalid AppProto '%s'.", p->name);
ip_proto_str = IpProtoToString(p->ip_proto);
if (ip_proto_str == NULL)
FatalError(SC_ERR_FATAL, "Unknown or unsupported ip_proto field in parser '%s'", p->name);
FatalError("Unknown or unsupported ip_proto field in parser '%s'", p->name);
SCLogDebug("Registering %s protocol parser.", p->name);

40
src/app-layer-smtp.c
Unescape Escape View File

@ -302,16 +302,16 @@ static void SMTPConfigure(void) {
/* new_val_len: scheme value from config e.g. 'http' + '://' + null terminator */
size_t new_val_len = strlen(scheme->val) + 3 + 1;
if (new_val_len > UINT16_MAX) {
FatalError(SC_ERR_FATAL, "Too long value for extract-urls-schemes");
FatalError("Too long value for extract-urls-schemes");
}
char *new_val = SCMalloc(new_val_len);
if (unlikely(new_val == NULL)) {
FatalError(SC_ERR_FATAL, "SCMalloc failure.");
FatalError("SCMalloc failure.");
}
int r = snprintf(new_val, new_val_len, "%s://", scheme->val);
if (r < 0 || r >= (int)new_val_len) {
FatalError(SC_ERR_FATAL, "snprintf failure.");
FatalError("snprintf failure.");
}
/* replace existing scheme value stored on the linked list with new value including
@ -326,20 +326,20 @@ static void SMTPConfigure(void) {
* extract-urls-schemes wasn't found in the config */
ConfNode *seq_node = ConfNodeNew();
if (unlikely(seq_node == NULL)) {
FatalError(SC_ERR_FATAL, "ConfNodeNew failure.");
FatalError("ConfNodeNew failure.");
}
ConfNode *scheme = ConfNodeNew();
if (unlikely(scheme == NULL)) {
FatalError(SC_ERR_FATAL, "ConfNodeNew failure.");
FatalError("ConfNodeNew failure.");
}
seq_node->name = SCStrdup("extract-urls-schemes");
if (unlikely(seq_node->name == NULL)) {
FatalError(SC_ERR_FATAL, "SCStrdup failure.");
FatalError("SCStrdup failure.");
}
scheme->val = SCStrdup("http://");
if (unlikely(scheme->val == NULL)) {
FatalError(SC_ERR_FATAL, "SCStrdup failure.");
FatalError("SCStrdup failure.");
}
seq_node->is_seq = 1;
@ -374,8 +374,7 @@ static void SMTPConfigure(void) {
TAILQ_FOREACH(p, &t->head, next) {
if (strcasecmp("content-limit", p->name) == 0) {
if (ParseSizeStringU32(p->val, &content_limit) < 0) {
SCLogWarning(SC_ERR_SIZE_PARSE,
"parsing content-limit %s failed", p->val);
SCLogWarning("parsing content-limit %s failed", p->val);
content_limit = FILEDATA_CONTENT_LIMIT;
}
smtp_config.content_limit = content_limit;
@ -383,8 +382,7 @@ static void SMTPConfigure(void) {
if (strcasecmp("content-inspect-min-size", p->name) == 0) {
if (ParseSizeStringU32(p->val, &content_inspect_min_size) < 0) {
SCLogWarning(SC_ERR_SIZE_PARSE,
"parsing content-inspect-min-size %s failed", p->val);
SCLogWarning("parsing content-inspect-min-size %s failed", p->val);
content_inspect_min_size = FILEDATA_CONTENT_INSPECT_MIN_SIZE;
}
smtp_config.content_inspect_min_size = content_inspect_min_size;
@ -392,8 +390,7 @@ static void SMTPConfigure(void) {
if (strcasecmp("content-inspect-window", p->name) == 0) {
if (ParseSizeStringU32(p->val, &content_inspect_window) < 0) {
SCLogWarning(SC_ERR_SIZE_PARSE,
"parsing content-inspect-window %s failed", p->val);
SCLogWarning("parsing content-inspect-window %s failed", p->val);
content_inspect_window = FILEDATA_CONTENT_INSPECT_WINDOW;
}
smtp_config.content_inspect_window = content_inspect_window;
@ -408,10 +405,9 @@ static void SMTPConfigure(void) {
smtp_config.raw_extraction = SMTP_RAW_EXTRACTION_DEFAULT_VALUE;
}
if (smtp_config.raw_extraction && smtp_config.decode_mime) {
SCLogError(SC_ERR_CONF_YAML_ERROR,
"\"decode-mime\" and \"raw-extraction\" "
"options can't be enabled at the same time, "
"disabling raw extraction");
SCLogError("\"decode-mime\" and \"raw-extraction\" "
"options can't be enabled at the same time, "
"disabling raw extraction");
smtp_config.raw_extraction = 0;
}
@ -1587,8 +1583,9 @@ static int SMTPStateGetEventInfo(const char *event_name,
{
*event_id = SCMapEnumNameToValue(event_name, smtp_decoder_event_table);
if (*event_id == -1) {
SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%s\" not present in "
"smtp's enum map table.", event_name);
SCLogError("event \"%s\" not present in "
"smtp's enum map table.",
event_name);
/* yes this is fatal */
return -1;
}
@ -1603,8 +1600,9 @@ static int SMTPStateGetEventInfoById(int event_id, const char **event_name,
{
*event_name = SCMapEnumValueToName(event_id, smtp_decoder_event_table);
if (*event_name == NULL) {
SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%d\" not present in "
"smtp's enum map table.", event_id);
SCLogError("event \"%d\" not present in "
"smtp's enum map table.",
event_id);
/* yes this is fatal */
return -1;
}

13
src/app-layer-ssl.c
Unescape Escape View File

@ -2781,8 +2781,9 @@ static int SSLStateGetEventInfo(const char *event_name,
{
*event_id = SCMapEnumNameToValue(event_name, tls_decoder_event_table);
if (*event_id == -1) {
SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%s\" not present in "
"ssl's enum map table.", event_name);
SCLogError("event \"%s\" not present in "
"ssl's enum map table.",
event_name);
/* yes this is fatal */
return -1;
}
@ -2797,8 +2798,9 @@ static int SSLStateGetEventInfoById(int event_id, const char **event_name,
{
*event_name = SCMapEnumValueToName(event_id, tls_decoder_event_table);
if (*event_name == NULL) {
SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%d\" not present in "
"ssl's enum map table.", event_id);
SCLogError("event \"%d\" not present in "
"ssl's enum map table.",
event_id);
/* yes this is fatal */
return -1;
}
@ -3068,8 +3070,7 @@ void RegisterSSLParsers(void)
if (g_disable_hashing) {
if (SC_ATOMIC_GET(ssl_config.enable_ja3)) {
SCLogWarning(
SC_WARN_NO_JA3_SUPPORT, "MD5 calculation has been disabled, disabling JA3");
SCLogWarning("MD5 calculation has been disabled, disabling JA3");
SC_ATOMIC_SET(ssl_config.enable_ja3, 0);
}
} else {

63
src/conf-yaml-loader.c
Unescape Escape View File

@ -92,15 +92,13 @@ ConfYamlSetConfDirname(const char *filename)
if (ep == NULL) {
conf_dirname = SCStrdup(".");
if (conf_dirname == NULL) {
FatalError(SC_ERR_FATAL,
"ERROR: Failed to allocate memory while loading configuration.");
FatalError("ERROR: Failed to allocate memory while loading configuration.");
}
}
else {
conf_dirname = SCStrdup(filename);
if (conf_dirname == NULL) {
FatalError(SC_ERR_FATAL,
"ERROR: Failed to allocate memory while loading configuration.");
FatalError("ERROR: Failed to allocate memory while loading configuration.");
}
conf_dirname[ep - filename] = '\0';
}
@ -124,7 +122,7 @@ ConfYamlHandleInclude(ConfNode *parent, const char *filename)
int ret = -1;
if (yaml_parser_initialize(&parser) != 1) {
SCLogError(SC_ERR_CONF_YAML_ERROR, "Failed to initialize YAML parser");
SCLogError("Failed to initialize YAML parser");
return -1;
}
@ -138,17 +136,15 @@ ConfYamlHandleInclude(ConfNode *parent, const char *filename)
file = fopen(include_filename, "r");
if (file == NULL) {
SCLogError(SC_ERR_FOPEN,
"Failed to open configuration include file %s: %s",
include_filename, strerror(errno));
SCLogError("Failed to open configuration include file %s: %s", include_filename,
strerror(errno));
goto done;
}
yaml_parser_set_input_file(&parser, file);
if (ConfYamlParse(&parser, parent, 0, 0) != 0) {
SCLogError(SC_ERR_CONF_YAML_ERROR,
"Failed to include configuration file %s", filename);
SCLogError("Failed to include configuration file %s", filename);
goto done;
}
@ -184,16 +180,15 @@ ConfYamlParse(yaml_parser_t *parser, ConfNode *parent, int inseq, int rlevel)
int was_empty = -1;
if (rlevel++ > RECURSION_LIMIT) {
SCLogError(SC_ERR_CONF_YAML_ERROR, "Recursion limit reached while parsing "
"configuration file, aborting.");
SCLogError("Recursion limit reached while parsing "
"configuration file, aborting.");
return -1;
}
while (!done) {
if (!yaml_parser_parse(parser, &event)) {
SCLogError(SC_ERR_CONF_YAML_ERROR,
"Failed to parse configuration file at line %" PRIuMAX ": %s\n",
(uintmax_t)parser->problem_mark.line, parser->problem);
SCLogError("Failed to parse configuration file at line %" PRIuMAX ": %s\n",
(uintmax_t)parser->problem_mark.line, parser->problem);
retval = -1;
break;
}
@ -206,15 +201,15 @@ ConfYamlParse(yaml_parser_t *parser, ConfNode *parent, int inseq, int rlevel)
yaml_version_directive_t *ver =
event.data.document_start.version_directive;
if (ver == NULL) {
SCLogError(SC_ERR_CONF_YAML_ERROR, "ERROR: Invalid configuration file.");
SCLogError(SC_ERR_CONF_YAML_ERROR,
"The configuration file must begin with the following two lines: %%YAML 1.1 and ---");
SCLogError("ERROR: Invalid configuration file.");
SCLogError("The configuration file must begin with the following two lines: %%YAML "
"1.1 and ---");
goto fail;
}
int major = ver->major;
int minor = ver->minor;
if (!(major == YAML_VERSION_MAJOR && minor == YAML_VERSION_MINOR)) {
SCLogError(SC_ERR_CONF_YAML_ERROR, "ERROR: Invalid YAML version. Must be 1.1");
SCLogError("ERROR: Invalid YAML version. Must be 1.1");
goto fail;
}
}
@ -325,13 +320,13 @@ ConfYamlParse(yaml_parser_t *parser, ConfNode *parent, int inseq, int rlevel)
(strcmp(parent->name, "port-groups") == 0)))) {
Mangle(node->name);
if (mangle_errors < MANGLE_ERRORS_MAX) {
SCLogWarning(SC_WARN_DEPRECATED,
"%s is deprecated. Please use %s on line %"PRIuMAX".",
value, node->name, (uintmax_t)parser->mark.line+1);
SCLogWarning("%s is deprecated. Please use %s on line %" PRIuMAX
".",
value, node->name, (uintmax_t)parser->mark.line + 1);
mangle_errors++;
if (mangle_errors >= MANGLE_ERRORS_MAX)
SCLogWarning(SC_WARN_DEPRECATED, "not showing more "
"parameter name warnings.");
SCLogWarning("not showing more "
"parameter name warnings.");
}
}
}
@ -445,15 +440,16 @@ ConfYamlLoadFile(const char *filename)
ConfNode *root = ConfGetRootNode();
if (yaml_parser_initialize(&parser) != 1) {
SCLogError(SC_ERR_FATAL, "failed to initialize yaml parser.");
SCLogError("failed to initialize yaml parser.");
return -1;
}
struct stat stat_buf;
if (stat(filename, &stat_buf) == 0) {
if (stat_buf.st_mode & S_IFDIR) {
SCLogError(SC_ERR_FATAL, "yaml argument is not a file but a directory: %s. "
"Please specify the yaml file in your -c option.", filename);
SCLogError("yaml argument is not a file but a directory: %s. "
"Please specify the yaml file in your -c option.",
filename);
yaml_parser_delete(&parser);
return -1;
}
@ -462,8 +458,7 @@ ConfYamlLoadFile(const char *filename)
// coverity[toctou : FALSE]
infile = fopen(filename, "r");
if (infile == NULL) {
SCLogError(SC_ERR_FATAL, "failed to open file: %s: %s", filename,
strerror(errno));
SCLogError("failed to open file: %s: %s", filename, strerror(errno));
yaml_parser_delete(&parser);
return -1;
}
@ -523,7 +518,7 @@ ConfYamlLoadFileWithPrefix(const char *filename, const char *prefix)
ConfNode *root = ConfGetNode(prefix);
if (yaml_parser_initialize(&parser) != 1) {
SCLogError(SC_ERR_FATAL, "failed to initialize yaml parser.");
SCLogError("failed to initialize yaml parser.");
return -1;
}
@ -531,8 +526,9 @@ ConfYamlLoadFileWithPrefix(const char *filename, const char *prefix)
/* coverity[toctou] */
if (stat(filename, &stat_buf) == 0) {
if (stat_buf.st_mode & S_IFDIR) {
SCLogError(SC_ERR_FATAL, "yaml argument is not a file but a directory: %s. "
"Please specify the yaml file in your -c option.", filename);
SCLogError("yaml argument is not a file but a directory: %s. "
"Please specify the yaml file in your -c option.",
filename);
return -1;
}
}
@ -540,8 +536,7 @@ ConfYamlLoadFileWithPrefix(const char *filename, const char *prefix)
/* coverity[toctou] */
infile = fopen(filename, "r");
if (infile == NULL) {
SCLogError(SC_ERR_FATAL, "failed to open file: %s: %s", filename,
strerror(errno));
SCLogError("failed to open file: %s: %s", filename, strerror(errno));
yaml_parser_delete(&parser);
return -1;
}

47
src/conf.c
Unescape Escape View File

@ -71,8 +71,7 @@ static ConfNode *ConfGetNodeOrCreate(const char *name, int final)
char *next;
if (strlcpy(node_name, name, sizeof(node_name)) >= sizeof(node_name)) {
SCLogError(SC_ERR_CONF_NAME_TOO_LONG,
"Configuration name too long: %s", name);
SCLogError("Configuration name too long: %s", name);
return NULL;
}
@ -84,14 +83,14 @@ static ConfNode *ConfGetNodeOrCreate(const char *name, int final)
if ((node = ConfNodeLookupChild(parent, key)) == NULL) {
node = ConfNodeNew();
if (unlikely(node == NULL)) {
SCLogWarning(SC_ENOMEM, "Failed to allocate memory for configuration.");
SCLogWarning("Failed to allocate memory for configuration.");
goto end;
}
node->name = SCStrdup(key);
if (unlikely(node->name == NULL)) {
ConfNodeFree(node);
node = NULL;
SCLogWarning(SC_ENOMEM, "Failed to allocate memory for configuration.");
SCLogWarning("Failed to allocate memory for configuration.");
goto end;
}
node->parent = parent;
@ -117,9 +116,8 @@ void ConfInit(void)
}
root = ConfNodeNew();
if (root == NULL) {
FatalError(SC_ERR_FATAL,
"ERROR: Failed to allocate memory for root configuration node, "
"aborting.");
FatalError("ERROR: Failed to allocate memory for root configuration node, "
"aborting.");
}
SCLogDebug("configuration module initialized");
}
@ -179,8 +177,7 @@ ConfNode *ConfGetNode(const char *name)
char *next;
if (strlcpy(node_name, name, sizeof(node_name)) >= sizeof(node_name)) {
SCLogError(SC_ERR_CONF_NAME_TOO_LONG,
"Configuration name too long: %s", name);
SCLogError("Configuration name too long: %s", name);
return NULL;
}
@ -398,21 +395,24 @@ int ConfGetInt(const char *name, intmax_t *val)
return 0;
if (strval == NULL) {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "malformed integer value "
"for %s: NULL", name);
SCLogError("malformed integer value "
"for %s: NULL",
name);
return 0;
}
errno = 0;
tmpint = strtoimax(strval, &endptr, 0);
if (strval[0] == '\0' || *endptr != '\0') {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "malformed integer value "
"for %s: '%s'", name, strval);
SCLogError("malformed integer value "
"for %s: '%s'",
name, strval);
return 0;
}
if (errno == ERANGE && (tmpint == INTMAX_MAX || tmpint == INTMAX_MIN)) {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "integer value for %s out "
"of range: '%s'", name, strval);
SCLogError("integer value for %s out "
"of range: '%s'",
name, strval);
return 0;
}
@ -431,13 +431,15 @@ int ConfGetChildValueInt(const ConfNode *base, const char *name, intmax_t *val)
errno = 0;
tmpint = strtoimax(strval, &endptr, 0);
if (strval[0] == '\0' || *endptr != '\0') {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "malformed integer value "
"for %s with base %s: '%s'", name, base->name, strval);
SCLogError("malformed integer value "
"for %s with base %s: '%s'",
name, base->name, strval);
return 0;
}
if (errno == ERANGE && (tmpint == INTMAX_MAX || tmpint == INTMAX_MIN)) {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "integer value for %s with "
" base %s out of range: '%s'", name, base->name, strval);
SCLogError("integer value for %s with "
" base %s out of range: '%s'",
name, base->name, strval);
return 0;
}
@ -944,7 +946,7 @@ ConfNode *ConfSetIfaceNode(const char *ifaces_node_name, const char *iface)
/* Find initial node which holds all interfaces */
ifaces_list_node = ConfGetNode(ifaces_node_name);
if (ifaces_list_node == NULL) {
SCLogError(SC_ERR_CONF_YAML_ERROR, "unable to find %s config", ifaces_node_name);
SCLogError("unable to find %s config", ifaces_node_name);
return NULL;
}
@ -971,9 +973,8 @@ int ConfSetRootAndDefaultNodes(
*if_default = ConfSetIfaceNode(ifaces_node_name, default_iface);
if (*if_root == NULL && *if_default == NULL) {
SCLogError(SC_ERR_CONF_YAML_ERROR,
"unable to find configuration for the interface \"%s\" or the default "
"configuration (\"%s\")",
SCLogError("unable to find configuration for the interface \"%s\" or the default "
"configuration (\"%s\")",
iface, default_iface);
return (-ENODEV);
}

39
src/counters.c
Unescape Escape View File

@ -263,17 +263,17 @@ static void StatsInitCtxPreOutput(void)
/* warn if we are using legacy config to enable stats */
ConfNode *gstats = ConfGetNode("stats");
if (gstats == NULL) {
SCLogWarning(SC_ERR_STATS_LOG_GENERIC, "global stats config is missing. "
"Stats enabled through legacy stats.log. "
"See %s/configuration/suricata-yaml.html#stats", GetDocURL());
SCLogWarning("global stats config is missing. "
"Stats enabled through legacy stats.log. "
"See %s/configuration/suricata-yaml.html#stats",
GetDocURL());
}
const char *interval = ConfNodeLookupChildValue(stats, "interval");
if (interval != NULL)
if (StringParseUint32(&stats_tts, 10, 0, interval) < 0) {
SCLogWarning(SC_EINVAL,
"Invalid value for "
"interval: \"%s\". Resetting to %d.",
SCLogWarning("Invalid value for "
"interval: \"%s\". Resetting to %d.",
interval, STATS_MGMTT_TTS);
stats_tts = STATS_MGMTT_TTS;
}
@ -305,7 +305,7 @@ static void StatsInitCtxPostOutput(void)
/* init the lock used by StatsThreadStore */
if (SCMutexInit(&stats_ctx->sts_lock, NULL) != 0) {
FatalError(SC_ERR_FATAL, "error initializing sts mutex");
FatalError("error initializing sts mutex");
}
if (stats_enabled && !OutputStatsLoggersRegistered()) {
@ -314,7 +314,7 @@ static void StatsInitCtxPostOutput(void)
/* if the unix command socket is enabled we do the background
* stats sync just in case someone runs 'dump-counters' */
if (!ConfUnixSocketIsEnable()) {
SCLogWarning(SC_WARN_NO_STATS_LOGGERS, "stats are enabled but no loggers are active");
SCLogWarning("stats are enabled but no loggers are active");
stats_enabled = false;
SCReturn;
}
@ -395,7 +395,7 @@ static void *StatsMgmtThread(void *arg)
SCDropCaps(tv_local);
if (stats_ctx == NULL) {
SCLogError(SC_ERR_STATS_NOT_INIT, "Stats API not init"
SCLogError("Stats API not init"
"StatsInitCounterApi() has to be called first");
TmThreadsSetFlag(tv_local, THV_CLOSED | THV_RUNNING_DONE);
return NULL;
@ -405,7 +405,7 @@ static void *StatsMgmtThread(void *arg)
BUG_ON(tm->ThreadInit == NULL);
int r = tm->ThreadInit(tv_local, NULL, &stats_thread_data);
if (r != 0 || stats_thread_data == NULL) {
SCLogError(SC_ERR_THREAD_INIT, "Stats API "
SCLogError("Stats API "
"ThreadInit failed");
TmThreadsSetFlag(tv_local, THV_CLOSED | THV_RUNNING_DONE);
return NULL;
@ -445,7 +445,7 @@ static void *StatsMgmtThread(void *arg)
r = tm->ThreadDeinit(tv_local, stats_thread_data);
if (r != TM_ECODE_OK) {
SCLogError(SC_ERR_THREAD_DEINIT, "Stats Counter API "
SCLogError("Stats Counter API "
"ThreadDeinit failed");
}
@ -475,7 +475,7 @@ static void *StatsWakeupThread(void *arg)
SCDropCaps(tv_local);
if (stats_ctx == NULL) {
SCLogError(SC_ERR_STATS_NOT_INIT, "Stats API not init"
SCLogError("Stats API not init"
"StatsInitCounterApi() has to be called first");
TmThreadsSetFlag(tv_local, THV_CLOSED | THV_RUNNING_DONE);
return NULL;
@ -662,7 +662,7 @@ static int StatsOutput(ThreadVars *tv)
stats_table.stats = SCCalloc(stats_table.nstats, sizeof(StatsRecord));
if (stats_table.stats == NULL) {
stats_table.nstats = 0;
SCLogError(SC_ENOMEM, "could not alloc memory for stats");
SCLogError("could not alloc memory for stats");
return -1;
}
@ -671,7 +671,7 @@ static int StatsOutput(ThreadVars *tv)
stats_table.tstats = SCCalloc(stats_table.ntstats, array_size);
if (stats_table.tstats == NULL) {
stats_table.ntstats = 0;
SCLogError(SC_ENOMEM, "could not alloc memory for stats");
SCLogError("could not alloc memory for stats");
return -1;
}
@ -879,8 +879,7 @@ void StatsInit(void)
{
BUG_ON(stats_ctx != NULL);
if ( (stats_ctx = SCMalloc(sizeof(StatsGlobalContext))) == NULL) {
FatalError(SC_ERR_FATAL,
"Fatal error encountered in StatsInitCtx. Exiting...");
FatalError("Fatal error encountered in StatsInitCtx. Exiting...");
}
memset(stats_ctx, 0, sizeof(StatsGlobalContext));
@ -919,12 +918,12 @@ void StatsSpawnThreads(void)
tv_wakeup = TmThreadCreateMgmtThread(thread_name_counter_wakeup,
StatsWakeupThread, 1);
if (tv_wakeup == NULL) {
FatalError(SC_ERR_FATAL, "TmThreadCreateMgmtThread "
FatalError("TmThreadCreateMgmtThread "
"failed");
}
if (TmThreadSpawn(tv_wakeup) != 0) {
FatalError(SC_ERR_FATAL, "TmThreadSpawn failed for "
FatalError("TmThreadSpawn failed for "
"StatsWakeupThread");
}
@ -932,11 +931,11 @@ void StatsSpawnThreads(void)
tv_mgmt = TmThreadCreateMgmtThread(thread_name_counter_stats,
StatsMgmtThread, 1);
if (tv_mgmt == NULL) {
FatalError(SC_ERR_FATAL, "TmThreadCreateMgmtThread failed");
FatalError("TmThreadCreateMgmtThread failed");
}
if (TmThreadSpawn(tv_mgmt) != 0) {
FatalError(SC_ERR_FATAL, "TmThreadSpawn failed for "
FatalError("TmThreadSpawn failed for "
"StatsWakeupThread");
}

137
src/datasets.c
Unescape Escape View File

@ -112,7 +112,7 @@ static int HexToRaw(const uint8_t *in, size_t ins, uint8_t *out, size_t outs)
if (value >= 0 && value <= 255)
hash[x] = (uint8_t)value;
else {
SCLogError(SC_ERR_INVALID_HASH, "hash byte out of range %ld", value);
SCLogError("hash byte out of range %ld", value);
return -1;
}
}
@ -156,8 +156,7 @@ static int ParseRepLine(const char *in, size_t ins, DataRepType *rep_out)
uint16_t v = 0;
int r = StringParseU16RangeCheck(&v, 10, strlen(ptrs[0]), ptrs[0], 0, USHRT_MAX);
if (r != (int)strlen(ptrs[0])) {
SCLogError(SC_ERR_INVALID_NUMERIC_VALUE,
"'%s' is not a valid reputation value (0-65535)", ptrs[0]);
SCLogError("'%s' is not a valid reputation value (0-65535)", ptrs[0]);
return -1;
}
SCLogDebug("v %"PRIu16" raw %s", v, ptrs[0]);
@ -179,7 +178,7 @@ static int DatasetLoadIPv4(Dataset *set)
FILE *fp = fopen(set->load, fopen_mode);
if (fp == NULL) {
SCLogError(SC_ERR_DATASET, "fopen '%s' failed: %s", set->load, strerror(errno));
SCLogError("fopen '%s' failed: %s", set->load, strerror(errno));
return -1;
}
@ -193,14 +192,12 @@ static int DatasetLoadIPv4(Dataset *set)
struct in_addr in;
if (inet_pton(AF_INET, line, &in) != 1) {
FatalErrorOnInit(SC_ERR_DATASET, "dataset data parse failed %s/%s: %s", set->name,
set->load, line);
FatalErrorOnInit("dataset data parse failed %s/%s: %s", set->name, set->load, line);
continue;
}
if (DatasetAdd(set, (const uint8_t *)&in.s_addr, 4) < 0) {
FatalErrorOnInit(
SC_ERR_DATASET, "dataset data add failed %s/%s", set->name, set->load);
FatalErrorOnInit("dataset data add failed %s/%s", set->name, set->load);
continue;
}
cnt++;
@ -214,8 +211,7 @@ static int DatasetLoadIPv4(Dataset *set)
struct in_addr in;
if (inet_pton(AF_INET, line, &in) != 1) {
FatalErrorOnInit(SC_ERR_DATASET, "dataset data parse failed %s/%s: %s", set->name,
set->load, line);
FatalErrorOnInit("dataset data parse failed %s/%s: %s", set->name, set->load, line);
continue;
}
@ -223,14 +219,13 @@ static int DatasetLoadIPv4(Dataset *set)
DataRepType rep = { .value = 0 };
if (ParseRepLine(r, strlen(r), &rep) < 0) {
FatalErrorOnInit(SC_ERR_DATASET, "bad rep for dataset %s/%s", set->name, set->load);
FatalErrorOnInit("bad rep for dataset %s/%s", set->name, set->load);
continue;
}
SCLogDebug("rep v:%u", rep.value);
if (DatasetAddwRep(set, (const uint8_t *)&in.s_addr, 4, &rep) < 0) {
FatalErrorOnInit(
SC_ERR_DATASET, "dataset data add failed %s/%s", set->name, set->load);
FatalErrorOnInit("dataset data add failed %s/%s", set->name, set->load);
continue;
}
@ -251,8 +246,7 @@ static int ParseIpv6String(Dataset *set, char *line, struct in6_addr *in6)
if (got_colon) {
uint32_t ip6addr[4];
if (inet_pton(AF_INET6, line, in6) != 1) {
FatalErrorOnInit(SC_ERR_DATASET, "dataset data parse failed %s/%s: %s", set->name,
set->load, line);
FatalErrorOnInit("dataset data parse failed %s/%s: %s", set->name, set->load, line);
return -1;
}
memcpy(&ip6addr, in6->s6_addr, sizeof(ip6addr));
@ -267,8 +261,7 @@ static int ParseIpv6String(Dataset *set, char *line, struct in6_addr *in6)
/* IPv4 case */
struct in_addr in;
if (inet_pton(AF_INET, line, &in) != 1) {
FatalErrorOnInit(SC_ERR_DATASET, "dataset data parse failed %s/%s: %s", set->name,
set->load, line);
FatalErrorOnInit("dataset data parse failed %s/%s: %s", set->name, set->load, line);
return -1;
}
memset(in6, 0, sizeof(struct in6_addr));
@ -290,7 +283,7 @@ static int DatasetLoadIPv6(Dataset *set)
FILE *fp = fopen(set->load, fopen_mode);
if (fp == NULL) {
SCLogError(SC_ERR_DATASET, "fopen '%s' failed: %s", set->load, strerror(errno));
SCLogError("fopen '%s' failed: %s", set->load, strerror(errno));
return -1;
}
@ -305,13 +298,12 @@ static int DatasetLoadIPv6(Dataset *set)
struct in6_addr in6;
int ret = ParseIpv6String(set, line, &in6);
if (ret < 0) {
FatalErrorOnInit(SC_ERR_DATASET, "unable to parse IP address");
FatalErrorOnInit("unable to parse IP address");
continue;
}
if (DatasetAdd(set, (const uint8_t *)&in6.s6_addr, 16) < 0) {
FatalErrorOnInit(
SC_ERR_DATASET, "dataset data add failed %s/%s", set->name, set->load);
FatalErrorOnInit("dataset data add failed %s/%s", set->name, set->load);
continue;
}
cnt++;
@ -326,7 +318,7 @@ static int DatasetLoadIPv6(Dataset *set)
struct in6_addr in6;
int ret = ParseIpv6String(set, line, &in6);
if (ret < 0) {
FatalErrorOnInit(SC_ERR_DATASET, "unable to parse IP address");
FatalErrorOnInit("unable to parse IP address");
continue;
}
@ -334,14 +326,13 @@ static int DatasetLoadIPv6(Dataset *set)
DataRepType rep = { .value = 0 };
if (ParseRepLine(r, strlen(r), &rep) < 0) {
FatalErrorOnInit(SC_ERR_DATASET, "bad rep for dataset %s/%s", set->name, set->load);
FatalErrorOnInit("bad rep for dataset %s/%s", set->name, set->load);
continue;
}
SCLogDebug("rep v:%u", rep.value);
if (DatasetAddwRep(set, (const uint8_t *)&in6.s6_addr, 16, &rep) < 0) {
FatalErrorOnInit(
SC_ERR_DATASET, "dataset data add failed %s/%s", set->name, set->load);
FatalErrorOnInit("dataset data add failed %s/%s", set->name, set->load);
continue;
}
@ -368,8 +359,7 @@ static int DatasetLoadMd5(Dataset *set)
FILE *fp = fopen(set->load, fopen_mode);
if (fp == NULL) {
SCLogError(SC_ERR_DATASET, "fopen '%s' failed: %s",
set->load, strerror(errno));
SCLogError("fopen '%s' failed: %s", set->load, strerror(errno));
return -1;
}
@ -383,14 +373,12 @@ static int DatasetLoadMd5(Dataset *set)
uint8_t hash[16];
if (HexToRaw((const uint8_t *)line, 32, hash, sizeof(hash)) < 0) {
FatalErrorOnInit(
SC_ERR_DATASET, "bad hash for dataset %s/%s", set->name, set->load);
FatalErrorOnInit("bad hash for dataset %s/%s", set->name, set->load);
continue;
}
if (DatasetAdd(set, (const uint8_t *)hash, 16) < 0) {
FatalErrorOnInit(
SC_ERR_DATASET, "dataset data add failed %s/%s", set->name, set->load);
FatalErrorOnInit("dataset data add failed %s/%s", set->name, set->load);
continue;
}
cnt++;
@ -402,29 +390,26 @@ static int DatasetLoadMd5(Dataset *set)
uint8_t hash[16];
if (HexToRaw((const uint8_t *)line, 32, hash, sizeof(hash)) < 0) {
FatalErrorOnInit(
SC_ERR_DATASET, "bad hash for dataset %s/%s", set->name, set->load);
FatalErrorOnInit("bad hash for dataset %s/%s", set->name, set->load);
continue;
}
DataRepType rep = { .value = 0};
if (ParseRepLine(line + 33, strlen(line) - 33, &rep) < 0) {
FatalErrorOnInit(SC_ERR_DATASET, "bad rep for dataset %s/%s", set->name, set->load);
FatalErrorOnInit("bad rep for dataset %s/%s", set->name, set->load);
continue;
}
SCLogDebug("rep v:%u", rep.value);
if (DatasetAddwRep(set, hash, 16, &rep) < 0) {
FatalErrorOnInit(
SC_ERR_DATASET, "dataset data add failed %s/%s", set->name, set->load);
FatalErrorOnInit("dataset data add failed %s/%s", set->name, set->load);
continue;
}
cnt++;
}
else {
FatalErrorOnInit(
SC_ERR_DATASET, "MD5 bad line len %u: '%s'", (uint32_t)strlen(line), line);
FatalErrorOnInit("MD5 bad line len %u: '%s'", (uint32_t)strlen(line), line);
continue;
}
}
@ -448,8 +433,7 @@ static int DatasetLoadSha256(Dataset *set)
FILE *fp = fopen(set->load, fopen_mode);
if (fp == NULL) {
SCLogError(SC_ERR_DATASET, "fopen '%s' failed: %s",
set->load, strerror(errno));
SCLogError("fopen '%s' failed: %s", set->load, strerror(errno));
return -1;
}
@ -463,14 +447,12 @@ static int DatasetLoadSha256(Dataset *set)
uint8_t hash[32];
if (HexToRaw((const uint8_t *)line, 64, hash, sizeof(hash)) < 0) {
FatalErrorOnInit(
SC_ERR_DATASET, "bad hash for dataset %s/%s", set->name, set->load);
FatalErrorOnInit("bad hash for dataset %s/%s", set->name, set->load);
continue;
}
if (DatasetAdd(set, (const uint8_t *)hash, (uint32_t)32) < 0) {
FatalErrorOnInit(
SC_ERR_DATASET, "dataset data add failed %s/%s", set->name, set->load);
FatalErrorOnInit("dataset data add failed %s/%s", set->name, set->load);
continue;
}
cnt++;
@ -482,22 +464,20 @@ static int DatasetLoadSha256(Dataset *set)
uint8_t hash[32];
if (HexToRaw((const uint8_t *)line, 64, hash, sizeof(hash)) < 0) {
FatalErrorOnInit(
SC_ERR_DATASET, "bad hash for dataset %s/%s", set->name, set->load);
FatalErrorOnInit("bad hash for dataset %s/%s", set->name, set->load);
continue;
}
DataRepType rep = { .value = 0 };
if (ParseRepLine(line + 65, strlen(line) - 65, &rep) < 0) {
FatalErrorOnInit(SC_ERR_DATASET, "bad rep for dataset %s/%s", set->name, set->load);
FatalErrorOnInit("bad rep for dataset %s/%s", set->name, set->load);
continue;
}
SCLogDebug("rep %u", rep.value);
if (DatasetAddwRep(set, hash, 32, &rep) < 0) {
FatalErrorOnInit(
SC_ERR_DATASET, "dataset data add failed %s/%s", set->name, set->load);
FatalErrorOnInit("dataset data add failed %s/%s", set->name, set->load);
continue;
}
cnt++;
@ -523,8 +503,7 @@ static int DatasetLoadString(Dataset *set)
FILE *fp = fopen(set->load, fopen_mode);
if (fp == NULL) {
SCLogError(SC_ERR_DATASET, "fopen '%s' failed: %s",
set->load, strerror(errno));
SCLogError("fopen '%s' failed: %s", set->load, strerror(errno));
return -1;
}
@ -545,13 +524,12 @@ static int DatasetLoadString(Dataset *set)
Base64Ecode code = DecodeBase64(decoded, strlen(line), (const uint8_t *)line,
strlen(line), &consumed, &num_decoded, BASE64_MODE_STRICT);
if (code == BASE64_ECODE_ERR) {
FatalErrorOnInit(SC_ERR_DATASET, "bad base64 encoding %s/%s", set->name, set->load);
FatalErrorOnInit("bad base64 encoding %s/%s", set->name, set->load);
continue;
}
if (DatasetAdd(set, (const uint8_t *)decoded, num_decoded) < 0) {
FatalErrorOnInit(
SC_ERR_DATASET, "dataset data add failed %s/%s", set->name, set->load);
FatalErrorOnInit("dataset data add failed %s/%s", set->name, set->load);
continue;
}
cnt++;
@ -567,7 +545,7 @@ static int DatasetLoadString(Dataset *set)
Base64Ecode code = DecodeBase64(decoded, strlen(line), (const uint8_t *)line,
strlen(line), &consumed, &num_decoded, BASE64_MODE_STRICT);
if (code == BASE64_ECODE_ERR) {
FatalErrorOnInit(SC_ERR_DATASET, "bad base64 encoding %s/%s", set->name, set->load);
FatalErrorOnInit("bad base64 encoding %s/%s", set->name, set->load);
continue;
}
@ -576,14 +554,13 @@ static int DatasetLoadString(Dataset *set)
DataRepType rep = { .value = 0 };
if (ParseRepLine(r, strlen(r), &rep) < 0) {
FatalErrorOnInit(SC_ERR_DATASET, "die: bad rep");
FatalErrorOnInit("die: bad rep");
continue;
}
SCLogDebug("rep %u", rep.value);
if (DatasetAddwRep(set, (const uint8_t *)decoded, num_decoded, &rep) < 0) {
FatalErrorOnInit(
SC_ERR_DATASET, "dataset data add failed %s/%s", set->name, set->load);
FatalErrorOnInit("dataset data add failed %s/%s", set->name, set->load);
continue;
}
cnt++;
@ -665,9 +642,9 @@ Dataset *DatasetGet(const char *name, enum DatasetTypes type, const char *save,
Dataset *set = DatasetSearchByName(name);
if (set) {
if (type != DATASET_TYPE_NOTSET && set->type != type) {
SCLogError(SC_ERR_DATASET, "dataset %s already "
"exists and is of type %u",
set->name, set->type);
SCLogError("dataset %s already "
"exists and is of type %u",
set->name, set->type);
SCMutexUnlock(&sets_lock);
return NULL;
}
@ -679,15 +656,13 @@ Dataset *DatasetGet(const char *name, enum DatasetTypes type, const char *save,
} else {
if ((save == NULL && strlen(set->save) > 0) ||
(save != NULL && strcmp(set->save, save) != 0)) {
SCLogError(SC_ERR_DATASET, "dataset %s save mismatch: %s != %s",
set->name, set->save, save);
SCLogError("dataset %s save mismatch: %s != %s", set->name, set->save, save);
SCMutexUnlock(&sets_lock);
return NULL;
}
if ((load == NULL && strlen(set->load) > 0) ||
(load != NULL && strcmp(set->load, load) != 0)) {
SCLogError(SC_ERR_DATASET, "dataset %s load mismatch: %s != %s",
set->name, set->load, load);
SCLogError("dataset %s load mismatch: %s != %s", set->name, set->load, load);
SCMutexUnlock(&sets_lock);
return NULL;
}
@ -697,7 +672,7 @@ Dataset *DatasetGet(const char *name, enum DatasetTypes type, const char *save,
return set;
} else {
if (type == DATASET_TYPE_NOTSET) {
SCLogError(SC_ERR_DATASET, "dataset %s not defined", name);
SCLogError("dataset %s not defined", name);
goto out_err;
}
}
@ -855,18 +830,16 @@ static void GetDefaultMemcap(uint64_t *memcap, uint32_t *hashsize)
const char *str = NULL;
if (ConfGet("datasets.defaults.memcap", &str) == 1) {
if (ParseSizeStringU64(str, memcap) < 0) {
SCLogWarning(SC_EINVAL,
"memcap value cannot be deduced: %s,"
" resetting to default",
SCLogWarning("memcap value cannot be deduced: %s,"
" resetting to default",
str);
*memcap = 0;
}
}
if (ConfGet("datasets.defaults.hashsize", &str) == 1) {
if (ParseSizeStringU32(str, hashsize) < 0) {
SCLogWarning(SC_EINVAL,
"hashsize value cannot be deduced: %s,"
" resetting to default",
SCLogWarning("hashsize value cannot be deduced: %s,"
" resetting to default",
str);
*hashsize = 0;
}
@ -897,8 +870,8 @@ int DatasetsInit(void)
const char *set_name = iter->name;
if (strlen(set_name) > DATASET_NAME_MAX_LEN) {
FatalErrorOnInit(SC_ERR_CONF_NAME_TOO_LONG, "set name '%s' too long, max %d chars",
set_name, DATASET_NAME_MAX_LEN);
FatalErrorOnInit(
"set name '%s' too long, max %d chars", set_name, DATASET_NAME_MAX_LEN);
continue;
}
@ -925,9 +898,8 @@ int DatasetsInit(void)
ConfNode *set_memcap = ConfNodeLookupChild(iter, "memcap");
if (set_memcap) {
if (ParseSizeStringU64(set_memcap->val, &memcap) < 0) {
SCLogWarning(SC_EINVAL,
"memcap value cannot be"
" deduced: %s, resetting to default",
SCLogWarning("memcap value cannot be"
" deduced: %s, resetting to default",
set_memcap->val);
memcap = 0;
}
@ -935,9 +907,8 @@ int DatasetsInit(void)
ConfNode *set_hashsize = ConfNodeLookupChild(iter, "hashsize");
if (set_hashsize) {
if (ParseSizeStringU32(set_hashsize->val, &hashsize) < 0) {
SCLogWarning(SC_EINVAL,
"hashsize value cannot be"
" deduced: %s, resetting to default",
SCLogWarning("hashsize value cannot be"
" deduced: %s, resetting to default",
set_hashsize->val);
hashsize = 0;
}
@ -952,7 +923,7 @@ int DatasetsInit(void)
memcap > 0 ? memcap : default_memcap,
hashsize > 0 ? hashsize : default_hashsize);
if (dset == NULL) {
FatalErrorOnInit(SC_ERR_DATASET, "failed to setup dataset for %s", set_name);
FatalErrorOnInit("failed to setup dataset for %s", set_name);
continue;
}
SCLogDebug("dataset %s: id %d type %s", set_name, n, set_type->val);
@ -964,7 +935,7 @@ int DatasetsInit(void)
memcap > 0 ? memcap : default_memcap,
hashsize > 0 ? hashsize : default_hashsize);
if (dset == NULL) {
FatalErrorOnInit(SC_ERR_DATASET, "failed to setup dataset for %s", set_name);
FatalErrorOnInit("failed to setup dataset for %s", set_name);
continue;
}
SCLogDebug("dataset %s: id %d type %s", set_name, n, set_type->val);
@ -976,7 +947,7 @@ int DatasetsInit(void)
memcap > 0 ? memcap : default_memcap,
hashsize > 0 ? hashsize : default_hashsize);
if (dset == NULL) {
FatalErrorOnInit(SC_ERR_DATASET, "failed to setup dataset for %s", set_name);
FatalErrorOnInit("failed to setup dataset for %s", set_name);
continue;
}
SCLogDebug("dataset %s: id %d type %s", set_name, n, set_type->val);

3
src/decode-erspan.c
Unescape Escape View File

@ -53,8 +53,7 @@ void DecodeERSPANConfig(void)
{
int enabled = 0;
if (ConfGetBool("decoder.erspan.typeI.enabled", &enabled) == 1) {
SCLogWarning(SC_WARN_ERSPAN_CONFIG,
"ERSPAN Type I is no longer configurable and it is always"
SCLogWarning("ERSPAN Type I is no longer configurable and it is always"
" enabled; ignoring configuration setting.");
}
}

3
src/decode-geneve.c
Unescape Escape View File

@ -116,8 +116,7 @@ static void DecodeGeneveConfigPorts(const char *pstr)
g_geneve_ports_idx = 0;
for (DetectPort *p = head; p != NULL; p = p->next) {
if (g_geneve_ports_idx >= GENEVE_MAX_PORTS) {
SCLogWarning(SC_ERR_INVALID_YAML_CONF_ENTRY, "more than %d Geneve ports defined",
GENEVE_MAX_PORTS);
SCLogWarning("more than %d Geneve ports defined", GENEVE_MAX_PORTS);
break;
}
g_geneve_ports[g_geneve_ports_idx++] = (int)p->port;

3
src/decode-teredo.c
Unescape Escape View File

@ -92,8 +92,7 @@ static void DecodeTeredoConfigPorts(const char *pstr)
g_teredo_ports_cnt = 0;
for (DetectPort *p = head; p != NULL; p = p->next) {
if (g_teredo_ports_cnt >= TEREDO_MAX_PORTS) {
SCLogWarning(SC_ERR_INVALID_YAML_CONF_ENTRY, "only %d Teredo ports can be defined",
TEREDO_MAX_PORTS);
SCLogWarning("only %d Teredo ports can be defined", TEREDO_MAX_PORTS);
break;
}
g_teredo_ports[g_teredo_ports_cnt++] = (int)p->port;

3
src/decode-vxlan.c
Unescape Escape View File

@ -86,8 +86,7 @@ static void DecodeVXLANConfigPorts(const char *pstr)
g_vxlan_ports_idx = 0;
for (DetectPort *p = head; p != NULL; p = p->next) {
if (g_vxlan_ports_idx >= VXLAN_MAX_PORTS) {
SCLogWarning(SC_ERR_INVALID_YAML_CONF_ENTRY, "more than %d VXLAN ports defined",
VXLAN_MAX_PORTS);
SCLogWarning("more than %d VXLAN ports defined", VXLAN_MAX_PORTS);
break;
}
g_vxlan_ports[g_vxlan_ports_idx++] = (int)p->port;

19
src/decode.c
Unescape Escape View File

@ -616,8 +616,8 @@ void DecodeRegisterPerfCounters(DecodeThreadVars *dtv, ThreadVars *tv)
StringHashCompareFunc,
StringHashFreeFunc);
if (g_counter_table == NULL) {
FatalError(SC_ERR_INITIALIZATION, "decoder counter hash "
"table init failed");
FatalError("decoder counter hash "
"table init failed");
}
}
@ -631,12 +631,12 @@ void DecodeRegisterPerfCounters(DecodeThreadVars *dtv, ThreadVars *tv)
if (!found) {
char *add = SCStrdup(name);
if (add == NULL)
FatalError(SC_ERR_INITIALIZATION, "decoder counter hash "
"table name init failed");
FatalError("decoder counter hash "
"table name init failed");
int r = HashTableAdd(g_counter_table, add, 0);
if (r != 0)
FatalError(SC_ERR_INITIALIZATION, "decoder counter hash "
"table name add failed");
FatalError("decoder counter hash "
"table name add failed");
found = add;
}
dtv->counter_engine_events[i] = StatsRegisterCounter(
@ -697,7 +697,7 @@ DecodeThreadVars *DecodeThreadVarsAlloc(ThreadVars *tv)
dtv->app_tctx = AppLayerGetCtxThread(tv);
if (OutputFlowLogThreadInit(tv, NULL, &dtv->output_flow_thread_data) != TM_ECODE_OK) {
SCLogError(SC_ERR_THREAD_INIT, "initializing flow log API for thread failed");
SCLogError("initializing flow log API for thread failed");
DecodeThreadVarsFree(tv, dtv);
return NULL;
}
@ -850,7 +850,7 @@ void DecodeGlobalConfig(void)
intmax_t value = 0;
if (ConfGetInt("decoder.max-layers", &value) == 1) {
if (value < 0 || value > UINT8_MAX) {
SCLogWarning(SC_EINVAL, "Invalid value for decoder.max-layers");
SCLogWarning("Invalid value for decoder.max-layers");
} else {
decoder_max_layers = (uint8_t)value;
}
@ -863,8 +863,7 @@ void PacketAlertGetMaxConfig(void)
intmax_t max = 0;
if (ConfGetInt("packet-alert-max", &max) == 1) {
if (max <= 0 || max > UINT8_MAX) {
SCLogWarning(
SC_EINVAL, "Invalid value for packet-alert-max, default value set instead");
SCLogWarning("Invalid value for packet-alert-max, default value set instead");
} else {
packet_alert_max = (uint16_t)max;
}

5
src/decode.h
Unescape Escape View File

@ -1147,8 +1147,9 @@ static inline void DecodeLinkLayer(ThreadVars *tv, DecodeThreadVars *dtv,
DecodeCHDLC(tv, dtv, p, data, len);
break;
default:
SCLogError(SC_ERR_DATALINK_UNIMPLEMENTED, "datalink type "
"%"PRId32" not yet supported", datalink);
SCLogError("datalink type "
"%" PRId32 " not yet supported",
datalink);
break;
}
}

13
src/defrag-config.c
Unescape Escape View File

@ -44,7 +44,7 @@ static void DefragPolicyAddHostInfo(char *host_ip_range, uint64_t timeout)
uint64_t *user_data = NULL;
if ( (user_data = SCMalloc(sizeof(uint64_t))) == NULL) {
FatalError(SC_ERR_FATAL, "Error allocating memory. Exiting");
FatalError("Error allocating memory. Exiting");
}
*user_data = timeout;
@ -52,12 +52,12 @@ static void DefragPolicyAddHostInfo(char *host_ip_range, uint64_t timeout)
if (strchr(host_ip_range, ':') != NULL) {
SCLogDebug("adding ipv6 host %s", host_ip_range);
if (SCRadixAddKeyIPV6String(host_ip_range, defrag_tree, (void *)user_data) == NULL) {
SCLogWarning(SC_EINVAL, "failed to add ipv6 host %s", host_ip_range);
SCLogWarning("failed to add ipv6 host %s", host_ip_range);
}
} else {
SCLogDebug("adding ipv4 host %s", host_ip_range);
if (SCRadixAddKeyIPV4String(host_ip_range, defrag_tree, (void *)user_data) == NULL) {
SCLogWarning(SC_EINVAL, "failed to add ipv4 host %s", host_ip_range);
SCLogWarning("failed to add ipv4 host %s", host_ip_range);
}
}
}
@ -106,8 +106,8 @@ static void DefragParseParameters(ConfNode *n)
if (strcasecmp("timeout", si->name) == 0) {
SCLogDebug("timeout value %s", si->val);
if (ParseSizeStringU64(si->val, &timeout) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, "Error parsing timeout "
"from conf file");
SCLogError("Error parsing timeout "
"from conf file");
}
}
if (strcasecmp("address", si->name) == 0) {
@ -131,8 +131,7 @@ void DefragPolicyLoadFromConfig(void)
defrag_tree = SCRadixCreateRadixTree(DefragPolicyFreeUserData, NULL);
if (defrag_tree == NULL) {
FatalError(SC_ERR_FATAL,
"Can't alloc memory for the defrag config tree.");
FatalError("Can't alloc memory for the defrag config tree.");
}
ConfNode *server_config = ConfGetNode("defrag.host-config");

30
src/defrag-hash.c
Unescape Escape View File

@ -192,9 +192,9 @@ void DefragInitConfig(bool quiet)
if ((ConfGet("defrag.memcap", &conf_val)) == 1)
{
if (ParseSizeStringU64(conf_val, &defrag_memcap) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, "Error parsing defrag.memcap "
SCLogError("Error parsing defrag.memcap "
"from conf file - %s. Killing engine",
conf_val);
conf_val);
exit(EXIT_FAILURE);
} else {
SC_ATOMIC_SET(defrag_config.memcap, defrag_memcap);
@ -227,18 +227,18 @@ void DefragInitConfig(bool quiet)
/* alloc hash memory */
uint64_t hash_size = defrag_config.hash_size * sizeof(DefragTrackerHashRow);
if (!(DEFRAG_CHECK_MEMCAP(hash_size))) {
SCLogError(SC_ERR_DEFRAG_INIT, "allocating defrag hash failed: "
"max defrag memcap is smaller than projected hash size. "
"Memcap: %"PRIu64", Hash table size %"PRIu64". Calculate "
"total hash size by multiplying \"defrag.hash-size\" with %"PRIuMAX", "
"which is the hash bucket size.", SC_ATOMIC_GET(defrag_config.memcap), hash_size,
SCLogError("allocating defrag hash failed: "
"max defrag memcap is smaller than projected hash size. "
"Memcap: %" PRIu64 ", Hash table size %" PRIu64 ". Calculate "
"total hash size by multiplying \"defrag.hash-size\" with %" PRIuMAX ", "
"which is the hash bucket size.",
SC_ATOMIC_GET(defrag_config.memcap), hash_size,
(uintmax_t)sizeof(DefragTrackerHashRow));
exit(EXIT_FAILURE);
}
defragtracker_hash = SCCalloc(defrag_config.hash_size, sizeof(DefragTrackerHashRow));
if (unlikely(defragtracker_hash == NULL)) {
FatalError(SC_ERR_FATAL,
"Fatal error encountered in DefragTrackerInitConfig. Exiting...");
FatalError("Fatal error encountered in DefragTrackerInitConfig. Exiting...");
}
memset(defragtracker_hash, 0, defrag_config.hash_size * sizeof(DefragTrackerHashRow));
@ -261,16 +261,18 @@ void DefragInitConfig(bool quiet)
/* pre allocate defrag trackers */
for (i = 0; i < defrag_config.prealloc; i++) {
if (!(DEFRAG_CHECK_MEMCAP(sizeof(DefragTracker)))) {
SCLogError(SC_ERR_DEFRAG_INIT, "preallocating defrag trackers failed: "
"max defrag memcap reached. Memcap %"PRIu64", "
"Memuse %"PRIu64".", SC_ATOMIC_GET(defrag_config.memcap),
((uint64_t)SC_ATOMIC_GET(defrag_memuse) + (uint64_t)sizeof(DefragTracker)));
SCLogError("preallocating defrag trackers failed: "
"max defrag memcap reached. Memcap %" PRIu64 ", "
"Memuse %" PRIu64 ".",
SC_ATOMIC_GET(defrag_config.memcap),
((uint64_t)SC_ATOMIC_GET(defrag_memuse) +
(uint64_t)sizeof(DefragTracker)));
exit(EXIT_FAILURE);
}
DefragTracker *h = DefragTrackerAlloc();
if (h == NULL) {
SCLogError(SC_ERR_DEFRAG_INIT, "preallocating defrag failed: %s", strerror(errno));
SCLogError("preallocating defrag failed: %s", strerror(errno));
exit(EXIT_FAILURE);
}
DefragTrackerEnqueue(&defragtracker_spare_q,h);

2
src/defrag-queue.c
Unescape Escape View File

@ -42,7 +42,7 @@ DefragTrackerQueue *DefragTrackerQueueNew()
{
DefragTrackerQueue *q = (DefragTrackerQueue *)SCMalloc(sizeof(DefragTrackerQueue));
if (q == NULL) {
SCLogError(SC_ERR_FATAL, "Fatal error encountered in DefragTrackerQueueNew. Exiting...");
SCLogError("Fatal error encountered in DefragTrackerQueueNew. Exiting...");
exit(EXIT_SUCCESS);
}
q = DefragTrackerQueueInit(q);

15
src/defrag.c
Unescape Escape View File

@ -197,12 +197,10 @@ DefragContextNew(void)
sizeof(Frag),
NULL, DefragFragInit, dc, NULL, NULL);
if (dc->frag_pool == NULL) {
FatalError(SC_ERR_FATAL,
"Defrag: Failed to initialize fragment pool.");
FatalError("Defrag: Failed to initialize fragment pool.");
}
if (SCMutexInit(&dc->frag_pool_lock, NULL) != 0) {
FatalError(SC_ERR_FATAL,
"Defrag: Failed to initialize frag pool mutex.");
FatalError("Defrag: Failed to initialize frag pool mutex.");
}
/* Set the default timeout. */
@ -212,12 +210,10 @@ DefragContextNew(void)
}
else {
if (timeout < TIMEOUT_MIN) {
FatalError(SC_ERR_FATAL,
"defrag: Timeout less than minimum allowed value.");
FatalError("defrag: Timeout less than minimum allowed value.");
}
else if (timeout > TIMEOUT_MAX) {
FatalError(SC_ERR_FATAL,
"defrag: Tiemout greater than maximum allowed value.");
FatalError("defrag: Tiemout greater than maximum allowed value.");
}
dc->timeout = timeout;
}
@ -1068,8 +1064,7 @@ DefragInit(void)
/* Allocate the DefragContext. */
defrag_context = DefragContextNew();
if (defrag_context == NULL) {
FatalError(SC_ERR_FATAL,
"Failed to allocate memory for the Defrag module.");
FatalError("Failed to allocate memory for the Defrag module.");
}
DefragSetDefaultTimeout(defrag_context->timeout);

38
src/detect-app-layer-event.c
Unescape Escape View File

@ -159,9 +159,10 @@ static DetectAppLayerEventData *DetectAppLayerEventParsePkt(const char *arg,
int event_id = 0;
int r = AppLayerGetPktEventInfo(arg, &event_id);
if (r < 0 || r > UINT8_MAX) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-event keyword "
SCLogError("app-layer-event keyword "
"supplied with packet based event - \"%s\" that isn't "
"supported yet.", arg);
"supported yet.",
arg);
return NULL;
}
@ -199,19 +200,17 @@ static int DetectAppLayerEventParseAppP2(DetectAppLayerEventData *data,
if (OutdatedEvent(data->arg)) {
if (SigMatchStrictEnabled(DETECT_AL_APP_LAYER_EVENT)) {
SCLogError(SC_ERR_INVALID_SIGNATURE,
"app-layer-event keyword no longer supports event \"%s\"", data->arg);
SCLogError("app-layer-event keyword no longer supports event \"%s\"", data->arg);
return -1;
} else {
SCLogWarning(SC_ERR_INVALID_SIGNATURE,
"app-layer-event keyword no longer supports event \"%s\"", data->arg);
SCLogWarning("app-layer-event keyword no longer supports event \"%s\"", data->arg);
return -3;
}
}
const char *p_idx = strchr(data->arg, '.');
if (strlen(data->arg) > MAX_ALPROTO_NAME) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-event keyword is too long or malformed");
SCLogError("app-layer-event keyword is too long or malformed");
return -1;
}
strlcpy(alproto_name, data->arg, p_idx - data->arg + 1);
@ -221,7 +220,7 @@ static int DetectAppLayerEventParseAppP2(DetectAppLayerEventData *data,
} else if (ipproto_bitarray[IPPROTO_UDP / 8] & 1 << (IPPROTO_UDP % 8)) {
ipproto = IPPROTO_UDP;
} else {
SCLogError(SC_ERR_INVALID_SIGNATURE, "protocol %s is disabled", alproto_name);
SCLogError("protocol %s is disabled", alproto_name);
return -1;
}
@ -233,19 +232,19 @@ static int DetectAppLayerEventParseAppP2(DetectAppLayerEventData *data,
}
if (r < 0) {
if (SigMatchStrictEnabled(DETECT_AL_APP_LAYER_EVENT)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-event keyword's "
"protocol \"%s\" doesn't have event \"%s\" registered",
SCLogError("app-layer-event keyword's "
"protocol \"%s\" doesn't have event \"%s\" registered",
alproto_name, p_idx + 1);
return -1;
} else {
SCLogWarning(SC_ERR_INVALID_SIGNATURE, "app-layer-event keyword's "
"protocol \"%s\" doesn't have event \"%s\" registered",
SCLogWarning("app-layer-event keyword's "
"protocol \"%s\" doesn't have event \"%s\" registered",
alproto_name, p_idx + 1);
return -3;
}
}
if (event_id > UINT8_MAX) {
SCLogWarning(SC_ERR_INVALID_SIGNATURE, "app-layer-event keyword's id has invalid value");
SCLogWarning("app-layer-event keyword's id has invalid value");
return -4;
}
data->event_id = (uint8_t)event_id;
@ -271,7 +270,7 @@ static DetectAppLayerEventData *DetectAppLayerEventParseAppP1(const char *arg)
const char *p_idx = strchr(arg, '.');
if (strlen(arg) > MAX_ALPROTO_NAME) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-event keyword is too long or malformed");
SCLogError("app-layer-event keyword is too long or malformed");
return NULL;
}
/* + 1 for trailing \0 */
@ -282,9 +281,9 @@ static DetectAppLayerEventData *DetectAppLayerEventParseAppP1(const char *arg)
if (!strcmp(alproto_name, "file")) {
needs_detctx = true;
} else {
SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-event keyword "
SCLogError("app-layer-event keyword "
"supplied with unknown protocol \"%s\"",
alproto_name);
alproto_name);
return NULL;
}
}
@ -309,7 +308,7 @@ static DetectAppLayerEventData *DetectAppLayerEventParse(const char *arg,
*event_type = 0;
if (arg == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-event keyword supplied "
SCLogError("app-layer-event keyword supplied "
"with no arguments. This keyword needs an argument.");
return NULL;
}
@ -455,8 +454,9 @@ static int DetectAppLayerEventTestGetEventInfo(const char *event_name,
{
*event_id = SCMapEnumNameToValue(event_name, app_layer_event_test_map);
if (*event_id == -1) {
SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%s\" not present in "
"app-layer-event's test enum map table.", event_name);
SCLogError("event \"%s\" not present in "
"app-layer-event's test enum map table.",
event_name);
/* this should be treated as fatal */
return -1;
}

13
src/detect-app-layer-protocol.c
Unescape Escape View File

@ -105,8 +105,9 @@ static DetectAppLayerProtocolData *DetectAppLayerProtocolParse(const char *arg,
} else {
alproto = AppLayerGetProtoByName((char *)arg);
if (alproto == ALPROTO_UNKNOWN) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-protocol "
"keyword supplied with unknown protocol \"%s\"", arg);
SCLogError("app-layer-protocol "
"keyword supplied with unknown protocol \"%s\"",
arg);
return NULL;
}
}
@ -144,7 +145,7 @@ static int DetectAppLayerProtocolSetup(DetectEngineCtx *de_ctx,
SigMatch *sm = NULL;
if (s->alproto != ALPROTO_UNKNOWN) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "Either we already "
SCLogError("Either we already "
"have the rule match on an app layer protocol set through "
"other keywords that match on this protocol, or have "
"already seen a non-negated app-layer-protocol.");
@ -161,9 +162,9 @@ static int DetectAppLayerProtocolSetup(DetectEngineCtx *de_ctx,
const DetectAppLayerProtocolData *them = (const DetectAppLayerProtocolData *)tsm->ctx;
if (HasConflicts(data, them)) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "can't mix "
"positive app-layer-protocol match with negated "
"match or match for 'failed'.");
SCLogError("can't mix "
"positive app-layer-protocol match with negated "
"match or match for 'failed'.");
goto error;
}
}

2
src/detect-asn1.c
Unescape Escape View File

@ -104,7 +104,7 @@ static DetectAsn1Data *DetectAsn1Parse(const char *asn1str)
DetectAsn1Data *ad = rs_detect_asn1_parse(asn1str);
if (ad == NULL) {
SCLogError(SC_EINVAL, "Malformed asn1 argument: %s", asn1str);
SCLogError("Malformed asn1 argument: %s", asn1str);
}
return ad;

3
src/detect-base64-data.c
Unescape Escape View File

@ -53,8 +53,7 @@ static int DetectBase64DataSetup(DetectEngineCtx *de_ctx, Signature *s,
/* Check for a preceding base64_decode. */
pm = DetectGetLastSMFromLists(s, DETECT_BASE64_DECODE, -1);
if (pm == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE,
"\"base64_data\" keyword seen without preceding base64_decode.");
SCLogError("\"base64_data\" keyword seen without preceding base64_decode.");
return -1;
}

9
src/detect-base64-decode.c
Unescape Escape View File

@ -134,8 +134,7 @@ static int DetectBase64DecodeParse(const char *str, uint32_t *bytes,
if (pcre2_substring_get_bynumber(
decode_pcre.match, 2, (PCRE2_UCHAR8 **)&bytes_str, &pcre2_len) == 0) {
if (StringParseUint32(bytes, 10, 0, bytes_str) <= 0) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT,
"Bad value for bytes: \"%s\"", bytes_str);
SCLogError("Bad value for bytes: \"%s\"", bytes_str);
goto error;
}
}
@ -145,8 +144,7 @@ static int DetectBase64DecodeParse(const char *str, uint32_t *bytes,
if (pcre2_substring_get_bynumber(
decode_pcre.match, 4, (PCRE2_UCHAR8 **)&offset_str, &pcre2_len) == 0) {
if (StringParseUint32(offset, 10, 0, offset_str) <= 0) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT,
"Bad value for offset: \"%s\"", offset_str);
SCLogError("Bad value for offset: \"%s\"", offset_str);
goto error;
}
}
@ -159,8 +157,7 @@ static int DetectBase64DecodeParse(const char *str, uint32_t *bytes,
*relative = 1;
}
else {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT,
"Invalid argument: \"%s\"", relative_str);
SCLogError("Invalid argument: \"%s\"", relative_str);
goto error;
}
}

11
src/detect-bsize.c
Unescape Escape View File

@ -79,14 +79,13 @@ bool DetectBsizeValidateContentCallback(Signature *s, int list)
return true;
value_error:
if (bsz->mode == DETECT_UINT_RA) {
SCLogError(SC_ERR_INVALID_SIGNATURE,
"signature can't match as required content length %" PRIu64
" exceeds bsize range: %" PRIu64 "-%" PRIu64,
SCLogError("signature can't match as required content length %" PRIu64
" exceeds bsize range: %" PRIu64 "-%" PRIu64,
needed, bsz->arg1, bsz->arg2);
} else {
SCLogError(SC_ERR_INVALID_SIGNATURE,
"signature can't match as required content length %" PRIu64 " exceeds bsize value: "
"%" PRIu64,
SCLogError("signature can't match as required content length %" PRIu64
" exceeds bsize value: "
"%" PRIu64,
needed, bsz->arg1);
}
return false;

3
src/detect-bypass.c
Unescape Escape View File

@ -72,8 +72,7 @@ static int DetectBypassSetup(DetectEngineCtx *de_ctx, Signature *s, const char *
SigMatch *sm = NULL;
if (s->flags & SIG_FLAG_FILESTORE) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS,
"bypass can't work with filestore keyword");
SCLogError("bypass can't work with filestore keyword");
return -1;
}
s->flags |= SIG_FLAG_BYPASS;

110
src/detect-byte-extract.c
Unescape Escape View File

@ -220,10 +220,10 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
ret = DetectParsePcreExec(&parse_regex, arg, 0, 0);
if (ret < 3 || ret > 19) {
SCLogError(SC_ERR_PCRE_PARSE, "parse error, ret %" PRId32
", string \"%s\"", ret, arg);
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid arg to byte_extract : %s "
"for byte_extract", arg);
SCLogError("parse error, ret %" PRId32 ", string \"%s\"", ret, arg);
SCLogError("Invalid arg to byte_extract : %s "
"for byte_extract",
arg);
goto error;
}
@ -238,14 +238,15 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
res = pcre2_substring_copy_bynumber(
parse_regex.match, 1, (PCRE2_UCHAR8 *)nbytes_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed "
"for arg 1 for byte_extract");
SCLogError("pcre2_substring_copy_bynumber failed "
"for arg 1 for byte_extract");
goto error;
}
if (StringParseUint8(&bed->nbytes, 10, 0,
(const char *)nbytes_str) < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid value for number of bytes"
" to be extracted: \"%s\".", nbytes_str);
SCLogError("Invalid value for number of bytes"
" to be extracted: \"%s\".",
nbytes_str);
goto error;
}
@ -255,13 +256,13 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
res = pcre2_substring_copy_bynumber(
parse_regex.match, 2, (PCRE2_UCHAR8 *)offset_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed "
"for arg 2 for byte_extract");
SCLogError("pcre2_substring_copy_bynumber failed "
"for arg 2 for byte_extract");
goto error;
}
int32_t offset;
if (StringParseI32RangeCheck(&offset, 10, 0, (const char *)offset_str, -65535, 65535) < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid value for offset: \"%s\".", offset_str);
SCLogError("Invalid value for offset: \"%s\".", offset_str);
goto error;
}
bed->offset = offset;
@ -272,8 +273,8 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
res = pcre2_substring_copy_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 *)varname_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed "
"for arg 3 for byte_extract");
SCLogError("pcre2_substring_copy_bynumber failed "
"for arg 3 for byte_extract");
goto error;
}
bed->name = SCStrdup(varname_str);
@ -286,23 +287,22 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
pcre2len = sizeof(opt_str);
res = SC_Pcre2SubstringCopy(parse_regex.match, i, (PCRE2_UCHAR8 *)opt_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,
"pcre2_substring_copy_bynumber failed "
"for arg %d for byte_extract with %d",
SCLogError("pcre2_substring_copy_bynumber failed "
"for arg %d for byte_extract with %d",
i, res);
goto error;
}
if (strcmp("relative", opt_str) == 0) {
if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_RELATIVE) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "relative specified more "
SCLogError("relative specified more "
"than once for byte_extract");
goto error;
}
bed->flags |= DETECT_BYTE_EXTRACT_FLAG_RELATIVE;
} else if (strcmp("multiplier", opt_str) == 0) {
if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_MULTIPLIER) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "multiplier specified more "
SCLogError("multiplier specified more "
"than once for byte_extract");
goto error;
}
@ -314,9 +314,8 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
res = pcre2_substring_copy_bynumber(
parse_regex.match, i, (PCRE2_UCHAR8 *)multiplier_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,
"pcre2_substring_copy_bynumber failed "
"for arg %d for byte_extract",
SCLogError("pcre2_substring_copy_bynumber failed "
"for arg %d for byte_extract",
i);
goto error;
}
@ -324,14 +323,15 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
if (StringParseU16RangeCheck(&multiplier, 10, 0, (const char *)multiplier_str,
DETECT_BYTE_EXTRACT_MULTIPLIER_MIN_LIMIT,
DETECT_BYTE_EXTRACT_MULTIPLIER_MAX_LIMIT) < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid value for"
"multiplier: \"%s\".", multiplier_str);
SCLogError("Invalid value for"
"multiplier: \"%s\".",
multiplier_str);
goto error;
}
bed->multiplier_value = multiplier;
} else if (strcmp("big", opt_str) == 0) {
if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_ENDIAN) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "endian option specified "
SCLogError("endian option specified "
"more than once for byte_extract");
goto error;
}
@ -339,7 +339,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
bed->endian = DETECT_BYTE_EXTRACT_ENDIAN_BIG;
} else if (strcmp("little", opt_str) == 0) {
if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_ENDIAN) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "endian option specified "
SCLogError("endian option specified "
"more than once for byte_extract");
goto error;
}
@ -347,7 +347,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
bed->endian = DETECT_BYTE_EXTRACT_ENDIAN_LITTLE;
} else if (strcmp("dce", opt_str) == 0) {
if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_ENDIAN) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "endian option specified "
SCLogError("endian option specified "
"more than once for byte_extract");
goto error;
}
@ -355,12 +355,12 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
bed->endian = DETECT_BYTE_EXTRACT_ENDIAN_DCE;
} else if (strcmp("string", opt_str) == 0) {
if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_STRING) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "string specified more "
SCLogError("string specified more "
"than once for byte_extract");
goto error;
}
if (bed->base != DETECT_BYTE_EXTRACT_BASE_NONE) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "The right way to specify "
SCLogError("The right way to specify "
"base is (string, base) and not (base, string) "
"for byte_extract");
goto error;
@ -368,46 +368,46 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
bed->flags |= DETECT_BYTE_EXTRACT_FLAG_STRING;
} else if (strcmp("hex", opt_str) == 0) {
if (!(bed->flags & DETECT_BYTE_EXTRACT_FLAG_STRING)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Base(hex) specified "
SCLogError("Base(hex) specified "
"without specifying string. The right way is "
"(string, base) and not (base, string)");
goto error;
}
if (bed->base != DETECT_BYTE_EXTRACT_BASE_NONE) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "More than one base "
SCLogError("More than one base "
"specified for byte_extract");
goto error;
}
bed->base = DETECT_BYTE_EXTRACT_BASE_HEX;
} else if (strcmp("oct", opt_str) == 0) {
if (!(bed->flags & DETECT_BYTE_EXTRACT_FLAG_STRING)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Base(oct) specified "
SCLogError("Base(oct) specified "
"without specifying string. The right way is "
"(string, base) and not (base, string)");
goto error;
}
if (bed->base != DETECT_BYTE_EXTRACT_BASE_NONE) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "More than one base "
SCLogError("More than one base "
"specified for byte_extract");
goto error;
}
bed->base = DETECT_BYTE_EXTRACT_BASE_OCT;
} else if (strcmp("dec", opt_str) == 0) {
if (!(bed->flags & DETECT_BYTE_EXTRACT_FLAG_STRING)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Base(dec) specified "
SCLogError("Base(dec) specified "
"without specifying string. The right way is "
"(string, base) and not (base, string)");
goto error;
}
if (bed->base != DETECT_BYTE_EXTRACT_BASE_NONE) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "More than one base "
SCLogError("More than one base "
"specified for byte_extract");
goto error;
}
bed->base = DETECT_BYTE_EXTRACT_BASE_DEC;
} else if (strcmp("align", opt_str) == 0) {
if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_ALIGN) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Align specified more "
SCLogError("Align specified more "
"than once for byte_extract");
goto error;
}
@ -419,28 +419,30 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
res = pcre2_substring_copy_bynumber(
parse_regex.match, i, (PCRE2_UCHAR8 *)align_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,
"pcre2_substring_copy_bynumber failed "
"for arg %d in byte_extract",
SCLogError("pcre2_substring_copy_bynumber failed "
"for arg %d in byte_extract",
i);
goto error;
}
if (StringParseUint8(&bed->align_value, 10, 0,
(const char *)align_str) < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid align_value: "
"\"%s\".", align_str);
SCLogError("Invalid align_value: "
"\"%s\".",
align_str);
goto error;
}
if (!(bed->align_value == 2 || bed->align_value == 4)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid align_value for "
"byte_extract - \"%d\"", bed->align_value);
SCLogError("Invalid align_value for "
"byte_extract - \"%d\"",
bed->align_value);
goto error;
}
} else if (strcmp("", opt_str) == 0) {
;
} else {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid option - \"%s\" "
"specified in byte_extract", opt_str);
SCLogError("Invalid option - \"%s\" "
"specified in byte_extract",
opt_str);
goto error;
}
} /* for (i = 4; i < ret; i++) */
@ -457,7 +459,7 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
bed->base = DETECT_BYTE_EXTRACT_BASE_DEC;
}
if (bed->endian != DETECT_BYTE_EXTRACT_ENDIAN_NONE) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "byte_extract can't have "
SCLogError("byte_extract can't have "
"endian \"big\" or \"little\" specified along with "
"\"string\"");
goto error;
@ -466,27 +468,27 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
/* if are dealing with octal nos, the max no that can fit in a 8
* byte value is 01777777777777777777777 */
if (bed->nbytes > STRING_MAX_BYTES_TO_EXTRACT_FOR_OCT) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "byte_extract can't process "
SCLogError("byte_extract can't process "
"more than %d bytes in \"string\" extraction",
STRING_MAX_BYTES_TO_EXTRACT_FOR_OCT);
STRING_MAX_BYTES_TO_EXTRACT_FOR_OCT);
goto error;
}
} else if (bed->base == DETECT_BYTE_EXTRACT_BASE_DEC) {
/* if are dealing with decimal nos, the max no that can fit in a 8
* byte value is 18446744073709551615 */
if (bed->nbytes > STRING_MAX_BYTES_TO_EXTRACT_FOR_DEC) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "byte_extract can't process "
SCLogError("byte_extract can't process "
"more than %d bytes in \"string\" extraction",
STRING_MAX_BYTES_TO_EXTRACT_FOR_DEC);
STRING_MAX_BYTES_TO_EXTRACT_FOR_DEC);
goto error;
}
} else if (bed->base == DETECT_BYTE_EXTRACT_BASE_HEX) {
/* if are dealing with hex nos, the max no that can fit in a 8
* byte value is 0xFFFFFFFFFFFFFFFF */
if (bed->nbytes > STRING_MAX_BYTES_TO_EXTRACT_FOR_HEX) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "byte_extract can't process "
SCLogError("byte_extract can't process "
"more than %d bytes in \"string\" extraction",
STRING_MAX_BYTES_TO_EXTRACT_FOR_HEX);
STRING_MAX_BYTES_TO_EXTRACT_FOR_HEX);
goto error;
}
} else {
@ -494,9 +496,9 @@ static inline DetectByteExtractData *DetectByteExtractParse(DetectEngineCtx *de_
}
} else {
if (bed->nbytes > NO_STRING_MAX_BYTES_TO_EXTRACT) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "byte_extract can't process "
SCLogError("byte_extract can't process "
"more than %d bytes in \"non-string\" extraction",
NO_STRING_MAX_BYTES_TO_EXTRACT);
NO_STRING_MAX_BYTES_TO_EXTRACT);
goto error;
}
/* if string has not been specified and no endian option has been
@ -590,7 +592,7 @@ static int DetectByteExtractSetup(DetectEngineCtx *de_ctx, Signature *s, const c
(data->base == DETECT_BYTE_EXTRACT_BASE_DEC) ||
(data->base == DETECT_BYTE_EXTRACT_BASE_HEX) ||
(data->base == DETECT_BYTE_EXTRACT_BASE_OCT) ) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "Invalid option. "
SCLogError("Invalid option. "
"A byte_jump keyword with dce holds other invalid modifiers.");
goto error;
}

48
src/detect-bytejump.c
Unescape Escape View File

@ -332,8 +332,7 @@ static DetectBytejumpData *DetectBytejumpParse(DetectEngineCtx *de_ctx, const ch
/* Execute the regex and populate args with captures. */
ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0);
if (ret < 2 || ret > 10) {
SCLogError(SC_ERR_PCRE_PARSE,"parse error, ret %" PRId32
", string \"%s\"", ret, optstr);
SCLogError("parse error, ret %" PRId32 ", string \"%s\"", ret, optstr);
goto error;
}
@ -345,8 +344,8 @@ static DetectBytejumpData *DetectBytejumpParse(DetectEngineCtx *de_ctx, const ch
pcre2len = sizeof(str);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed "
"for arg 1");
SCLogError("pcre2_substring_copy_bynumber failed "
"for arg 1");
goto error;
}
@ -376,8 +375,7 @@ static DetectBytejumpData *DetectBytejumpParse(DetectEngineCtx *de_ctx, const ch
res = pcre2_substring_copy_bynumber(
parse_regex.match, i + 1, (PCRE2_UCHAR8 *)args[i + 1], &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed for arg %d",
i + 1);
SCLogError("pcre2_substring_copy_bynumber failed for arg %d", i + 1);
goto error;
}
numargs++;
@ -399,14 +397,14 @@ static DetectBytejumpData *DetectBytejumpParse(DetectEngineCtx *de_ctx, const ch
/* Number of bytes */
if (StringParseUint32(&nbytes, 10, (uint16_t)strlen(args[0]), args[0]) <= 0) {
SCLogError(SC_EINVAL, "Malformed number of bytes: %s", optstr);
SCLogError("Malformed number of bytes: %s", optstr);
goto error;
}
/* Offset */
if (args[1][0] != '-' && isalpha((unsigned char)args[1][0])) {
if (offset == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "byte_jump supplied with "
SCLogError("byte_jump supplied with "
"var name for offset. \"value\" argument supplied to "
"this function has to be non-NULL");
goto error;
@ -416,7 +414,7 @@ static DetectBytejumpData *DetectBytejumpParse(DetectEngineCtx *de_ctx, const ch
goto error;
} else {
if (StringParseInt32(&data->offset, 0, (uint16_t)strlen(args[1]), args[1]) <= 0) {
SCLogError(SC_EINVAL, "Malformed offset: %s", optstr);
SCLogError("Malformed offset: %s", optstr);
goto error;
}
}
@ -450,26 +448,26 @@ static DetectBytejumpData *DetectBytejumpParse(DetectEngineCtx *de_ctx, const ch
} else if (strncasecmp("multiplier ", args[i], 11) == 0) {
if (StringParseUint32(
&data->multiplier, 10, (uint16_t)strlen(args[i]) - 11, args[i] + 11) <= 0) {
SCLogError(SC_EINVAL, "Malformed multiplier: %s", optstr);
SCLogError("Malformed multiplier: %s", optstr);
goto error;
}
} else if (strncasecmp("post_offset ", args[i], 12) == 0) {
if (StringParseInt32(&data->post_offset, 10, (uint16_t)strlen(args[i]) - 12,
args[i] + 12) <= 0) {
SCLogError(SC_EINVAL, "Malformed post_offset: %s", optstr);
SCLogError("Malformed post_offset: %s", optstr);
goto error;
}
} else if (strcasecmp("dce", args[i]) == 0) {
data->flags |= DETECT_BYTEJUMP_DCE;
} else {
SCLogError(SC_EINVAL, "Unknown option: \"%s\"", args[i]);
SCLogError("Unknown option: \"%s\"", args[i]);
goto error;
}
}
if ((data->flags & DETECT_BYTEJUMP_END) && (data->flags & DETECT_BYTEJUMP_BEGIN)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "'from_end' and 'from_beginning' "
"cannot be used in the same byte_jump statement");
SCLogError("'from_end' and 'from_beginning' "
"cannot be used in the same byte_jump statement");
goto error;
}
@ -482,24 +480,21 @@ static DetectBytejumpData *DetectBytejumpParse(DetectEngineCtx *de_ctx, const ch
* "01777777777777777777777" = 0xffffffffffffffff
*/
if (nbytes > 23) {
SCLogError(SC_EINVAL,
"Cannot test more than 23 bytes "
"with \"string\": %s",
SCLogError("Cannot test more than 23 bytes "
"with \"string\": %s",
optstr);
goto error;
}
} else {
if (nbytes > 8) {
SCLogError(SC_EINVAL,
"Cannot test more than 8 bytes "
"without \"string\": %s\n",
SCLogError("Cannot test more than 8 bytes "
"without \"string\": %s\n",
optstr);
goto error;
}
if (data->base != DETECT_BYTEJUMP_BASE_UNSET) {
SCLogError(SC_EINVAL,
"Cannot use a base "
"without \"string\": %s",
SCLogError("Cannot use a base "
"without \"string\": %s",
optstr);
goto error;
}
@ -588,7 +583,7 @@ static int DetectBytejumpSetup(DetectEngineCtx *de_ctx, Signature *s, const char
(data->base == DETECT_BYTEJUMP_BASE_DEC) ||
(data->base == DETECT_BYTEJUMP_BASE_HEX) ||
(data->base == DETECT_BYTEJUMP_BASE_OCT) ) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "Invalid option. "
SCLogError("Invalid option. "
"A byte_jump keyword with dce holds other invalid modifiers.");
goto error;
}
@ -597,8 +592,9 @@ static int DetectBytejumpSetup(DetectEngineCtx *de_ctx, Signature *s, const char
if (offset != NULL) {
DetectByteIndexType index;
if (!DetectByteRetrieveSMVar(offset, s, &index)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown byte_extract var "
"seen in byte_jump - %s", offset);
SCLogError("Unknown byte_extract var "
"seen in byte_jump - %s",
offset);
goto error;
}
data->offset = index;

13
src/detect-bytemath.c
Unescape Escape View File

@ -201,13 +201,13 @@ static DetectByteMathData *DetectByteMathParse(DetectEngineCtx *de_ctx, const ch
{
DetectByteMathData *bmd;
if ((bmd = ScByteMathParse(arg)) == NULL) {
SCLogError(SC_ERR_PCRE_PARSE, "invalid bytemath values");
SCLogError("invalid bytemath values");
return NULL;
}
if (bmd->rvalue_str) {
if (rvalue == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "byte_math supplied with "
SCLogError("byte_math supplied with "
"var name for rvalue. \"rvalue\" argument supplied to "
"this function must be non-NULL");
goto error;
@ -269,7 +269,7 @@ static int DetectByteMathSetup(DetectEngineCtx *de_ctx, Signature *s, const char
if (data->flags & DETECT_BYTEMATH_FLAG_RELATIVE) {
prev_pm = DetectGetLastSMFromLists(s, DETECT_CONTENT, DETECT_PCRE, -1);
if (!prev_pm) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "relative specified without "
SCLogError("relative specified without "
"previous pattern match");
goto error;
}
@ -321,7 +321,7 @@ static int DetectByteMathSetup(DetectEngineCtx *de_ctx, Signature *s, const char
if ((data->flags & DETECT_BYTEMATH_FLAG_STRING) || (data->base == BaseDec) ||
(data->base == BaseHex) || (data->base == BaseOct)) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "Invalid option. "
SCLogError("Invalid option. "
"A bytemath keyword with dce holds other invalid modifiers.");
goto error;
}
@ -330,8 +330,9 @@ static int DetectByteMathSetup(DetectEngineCtx *de_ctx, Signature *s, const char
if (rvalue != NULL) {
DetectByteIndexType index;
if (!DetectByteRetrieveSMVar(rvalue, s, &index)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "unknown byte_ keyword var "
"seen in byte_math - %s\n", rvalue);
SCLogError("unknown byte_ keyword var "
"seen in byte_math - %s\n",
rvalue);
goto error;
}
data->rvalue = index;

44
src/detect-bytetest.c
Unescape Escape View File

@ -279,8 +279,7 @@ static DetectBytetestData *DetectBytetestParse(const char *optstr, char **value,
/* Execute the regex and populate args with captures. */
ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0);
if (ret < 4 || ret > 9) {
SCLogError(SC_ERR_PCRE_PARSE, "parse error, ret %" PRId32
", string %s", ret, optstr);
SCLogError("parse error, ret %" PRId32 ", string %s", ret, optstr);
goto error;
}
@ -289,9 +288,8 @@ static DetectBytetestData *DetectBytetestParse(const char *optstr, char **value,
res = pcre2_substring_get_bynumber(
parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,
"pcre2_substring_get_bynumber failed "
"for arg %d",
SCLogError("pcre2_substring_get_bynumber failed "
"for arg %d",
i + 1);
goto error;
}
@ -327,7 +325,7 @@ static DetectBytetestData *DetectBytetestParse(const char *optstr, char **value,
/* Number of bytes */
if (StringParseUint32(&nbytes, 10, 0, args[0]) <= 0) {
SCLogError(SC_EINVAL, "Malformed number of bytes: %s", str_ptr);
SCLogError("Malformed number of bytes: %s", str_ptr);
goto error;
}
@ -361,7 +359,7 @@ static DetectBytetestData *DetectBytetestParse(const char *optstr, char **value,
} else if (strcmp("<=", op_ptr) == 0) {
data->op |= DETECT_BYTETEST_OP_LE;
} else {
SCLogError(SC_ERR_INVALID_OPERATOR, "Invalid operator");
SCLogError("Invalid operator");
goto error;
}
}
@ -378,7 +376,7 @@ static DetectBytetestData *DetectBytetestParse(const char *optstr, char **value,
if (test_value[0] != '-' && isalpha((unsigned char)test_value[0])) {
if (value == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "byte_test supplied with "
SCLogError("byte_test supplied with "
"var name for value. \"value\" argument supplied to "
"this function has to be non-NULL");
goto error;
@ -388,7 +386,7 @@ static DetectBytetestData *DetectBytetestParse(const char *optstr, char **value,
goto error;
} else {
if (ByteExtractStringUint64(&data->value, 0, 0, test_value) <= 0) {
SCLogError(SC_EINVAL, "Malformed value: %s", test_value);
SCLogError("Malformed value: %s", test_value);
goto error;
}
}
@ -407,7 +405,7 @@ static DetectBytetestData *DetectBytetestParse(const char *optstr, char **value,
data_offset[end_ptr-str_ptr] = '\0';
if (data_offset[0] != '-' && isalpha((unsigned char)data_offset[0])) {
if (data_offset == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "byte_test supplied with "
SCLogError("byte_test supplied with "
"var name for offset. \"offset\" argument supplied to "
"this function has to be non-NULL");
goto error;
@ -417,7 +415,7 @@ static DetectBytetestData *DetectBytetestParse(const char *optstr, char **value,
goto error;
} else {
if (StringParseInt32(&data->offset, 0, 0, data_offset) <= 0) {
SCLogError(SC_EINVAL, "Malformed offset: %s", data_offset);
SCLogError("Malformed offset: %s", data_offset);
goto error;
}
}
@ -451,8 +449,7 @@ static DetectBytetestData *DetectBytetestParse(const char *optstr, char **value,
data->flags |= DETECT_BYTETEST_BITMASK;
bitmask_index = i;
} else {
SCLogError(SC_ERR_UNKNOWN_VALUE, "Unknown value: \"%s\"",
args[i]);
SCLogError("Unknown value: \"%s\"", args[i]);
goto error;
}
}
@ -467,16 +464,16 @@ static DetectBytetestData *DetectBytetestParse(const char *optstr, char **value,
* "01777777777777777777777" = 0xffffffffffffffff
*/
if (nbytes > 23) {
SCLogError(SC_EINVAL, "Cannot test more than 23 bytes with \"string\": %s", optstr);
SCLogError("Cannot test more than 23 bytes with \"string\": %s", optstr);
goto error;
}
} else {
if (nbytes > 8) {
SCLogError(SC_EINVAL, "Cannot test more than 8 bytes without \"string\": %s", optstr);
SCLogError("Cannot test more than 8 bytes without \"string\": %s", optstr);
goto error;
}
if (data->base != DETECT_BYTETEST_BASE_UNSET) {
SCLogError(SC_EINVAL, "Cannot use a base without \"string\": %s", optstr);
SCLogError("Cannot use a base without \"string\": %s", optstr);
goto error;
}
}
@ -486,8 +483,7 @@ static DetectBytetestData *DetectBytetestParse(const char *optstr, char **value,
if (bitmask_index != -1 && data->flags & DETECT_BYTETEST_BITMASK) {
if (ByteExtractStringUint32(&data->bitmask, 0, 0, args[bitmask_index]+strlen("bitmask")) <= 0) {
SCLogError(SC_EINVAL, "Malformed bitmask value: %s",
args[bitmask_index] + strlen("bitmask"));
SCLogError("Malformed bitmask value: %s", args[bitmask_index] + strlen("bitmask"));
goto error;
}
/* determine how many trailing 0's are in the bitmask. This will be used
@ -591,7 +587,7 @@ static int DetectBytetestSetup(DetectEngineCtx *de_ctx, Signature *s, const char
(data->base == DETECT_BYTETEST_BASE_DEC) ||
(data->base == DETECT_BYTETEST_BASE_HEX) ||
(data->base == DETECT_BYTETEST_BASE_OCT) ) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "Invalid option. "
SCLogError("Invalid option. "
"A byte_test keyword with dce holds other invalid modifiers.");
goto error;
}
@ -600,8 +596,9 @@ static int DetectBytetestSetup(DetectEngineCtx *de_ctx, Signature *s, const char
if (value != NULL) {
DetectByteIndexType index;
if (!DetectByteRetrieveSMVar(value, s, &index)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown byte_extract var "
"seen in byte_test - %s\n", value);
SCLogError("Unknown byte_extract var "
"seen in byte_test - %s\n",
value);
goto error;
}
data->value = index;
@ -613,8 +610,9 @@ static int DetectBytetestSetup(DetectEngineCtx *de_ctx, Signature *s, const char
if (offset != NULL) {
DetectByteIndexType index;
if (!DetectByteRetrieveSMVar(offset, s, &index)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown byte_extract var "
"seen in byte_test - %s\n", offset);
SCLogError("Unknown byte_extract var "
"seen in byte_test - %s\n",
offset);
goto error;
}
data->offset = index;

21
src/detect-cipservice.c
Unescape Escape View File

@ -114,7 +114,7 @@ static DetectCipServiceData *DetectCipServiceParse(const char *rulestrc)
{
if (i > 2) //for now only need 3 parameters
{
SCLogError(SC_ERR_INVALID_SIGNATURE, "too many parameters");
SCLogError("too many parameters");
goto error;
}
@ -122,7 +122,7 @@ static DetectCipServiceData *DetectCipServiceParse(const char *rulestrc)
{
if (!isdigit((int) *token))
{
SCLogError(SC_ERR_INVALID_SIGNATURE, "parameter error %s", token);
SCLogError("parameter error %s", token);
goto error;
}
} else //if on attribute
@ -136,7 +136,7 @@ static DetectCipServiceData *DetectCipServiceParse(const char *rulestrc)
if (!isdigit((int) *token))
{
SCLogError(SC_ERR_INVALID_SIGNATURE, "attribute error %s", token);
SCLogError("attribute error %s", token);
goto error;
}
@ -145,15 +145,15 @@ static DetectCipServiceData *DetectCipServiceParse(const char *rulestrc)
unsigned long num = atol(token);
if ((num > MAX_CIP_SERVICE) && (i == 0))//if service greater than 7 bit
{
SCLogError(SC_ERR_INVALID_SIGNATURE, "invalid CIP service %lu", num);
SCLogError("invalid CIP service %lu", num);
goto error;
} else if ((num > MAX_CIP_CLASS) && (i == 1))//if service greater than 16 bit
{
SCLogError(SC_ERR_INVALID_SIGNATURE, "invalid CIP class %lu", num);
SCLogError("invalid CIP class %lu", num);
goto error;
} else if ((num > MAX_CIP_ATTRIBUTE) && (i == 2))//if service greater than 16 bit
{
SCLogError(SC_ERR_INVALID_SIGNATURE, "invalid CIP attribute %lu", num);
SCLogError("invalid CIP attribute %lu", num);
goto error;
}
@ -164,7 +164,7 @@ static DetectCipServiceData *DetectCipServiceParse(const char *rulestrc)
}
if (i == 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "no tokens found");
SCLogError("no tokens found");
goto error;
}
@ -342,14 +342,15 @@ static DetectEnipCommandData *DetectEnipCommandParse(const char *rulestr)
goto error;
if (!(isdigit((int) *rulestr))) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "invalid ENIP command %s", rulestr);
SCLogError("invalid ENIP command %s", rulestr);
goto error;
}
uint16_t cmd;
if (StringParseUint16(&cmd, 10, 0, rulestr) < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "invalid ENIP command"
": \"%s\"", rulestr);
SCLogError("invalid ENIP command"
": \"%s\"",
rulestr);
goto error;
}

44
src/detect-classtype.c
Unescape Escape View File

@ -76,20 +76,19 @@ static int DetectClasstypeParseRawString(const char *rawstr, char *out, size_t o
int ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 0) {
SCLogError(SC_ERR_PCRE_MATCH, "Invalid Classtype in Signature");
SCLogError("Invalid Classtype in Signature");
return -1;
}
pcre2len = esize;
ret = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)e, &pcre2len);
if (ret < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
SCLogError("pcre2_substring_copy_bynumber failed");
return -1;
}
if (strlen(e) >= CLASSTYPE_NAME_MAX_LEN) {
SCLogError(
SC_EINVAL, "classtype '%s' is too big: max %d", rawstr, CLASSTYPE_NAME_MAX_LEN - 1);
SCLogError("classtype '%s' is too big: max %d", rawstr, CLASSTYPE_NAME_MAX_LEN - 1);
return -1;
}
(void)strlcpy(out, e, outsize);
@ -114,18 +113,19 @@ static int DetectClasstypeSetup(DetectEngineCtx *de_ctx, Signature *s, const cha
if ((s->class_id > 0) || (s->class_msg != NULL)) {
if (SigMatchStrictEnabled(DETECT_CLASSTYPE)) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "duplicated 'classtype' "
"keyword detected.");
SCLogError("duplicated 'classtype' "
"keyword detected.");
return -1;
} else {
SCLogWarning(SC_ERR_CONFLICTING_RULE_KEYWORDS, "duplicated 'classtype' "
"keyword detected. Using instance with highest priority");
SCLogWarning("duplicated 'classtype' "
"keyword detected. Using instance with highest priority");
}
}
if (DetectClasstypeParseRawString(rawstr, parsed_ct_name, sizeof(parsed_ct_name)) < 0) {
SCLogError(SC_ERR_PCRE_PARSE, "invalid value for classtype keyword: "
"\"%s\"", rawstr);
SCLogError("invalid value for classtype keyword: "
"\"%s\"",
rawstr);
return -1;
}
@ -133,26 +133,24 @@ static int DetectClasstypeSetup(DetectEngineCtx *de_ctx, Signature *s, const cha
SCClassConfClasstype *ct = SCClassConfGetClasstype(parsed_ct_name, de_ctx);
if (ct == NULL) {
if (SigMatchStrictEnabled(DETECT_CLASSTYPE)) {
SCLogError(SC_ERR_UNKNOWN_VALUE, "unknown classtype '%s'",
parsed_ct_name);
SCLogError("unknown classtype '%s'", parsed_ct_name);
return -1;
}
if (s->id > 0) {
SCLogWarning(SC_ERR_UNKNOWN_VALUE, "signature sid:%u uses "
"unknown classtype: \"%s\", using default priority %d. "
"This message won't be shown again for this classtype",
SCLogWarning("signature sid:%u uses "
"unknown classtype: \"%s\", using default priority %d. "
"This message won't be shown again for this classtype",
s->id, parsed_ct_name, DETECT_DEFAULT_PRIO);
} else if (de_ctx->rule_file != NULL) {
SCLogWarning(SC_ERR_UNKNOWN_VALUE, "signature at %s:%u uses "
"unknown classtype: \"%s\", using default priority %d. "
"This message won't be shown again for this classtype",
de_ctx->rule_file, de_ctx->rule_line,
parsed_ct_name, DETECT_DEFAULT_PRIO);
SCLogWarning("signature at %s:%u uses "
"unknown classtype: \"%s\", using default priority %d. "
"This message won't be shown again for this classtype",
de_ctx->rule_file, de_ctx->rule_line, parsed_ct_name, DETECT_DEFAULT_PRIO);
} else {
SCLogWarning(SC_ERR_UNKNOWN_VALUE, "unknown classtype: \"%s\", "
"using default priority %d. "
"This message won't be shown again for this classtype",
SCLogWarning("unknown classtype: \"%s\", "
"using default priority %d. "
"This message won't be shown again for this classtype",
parsed_ct_name, DETECT_DEFAULT_PRIO);
}

30
src/detect-config.c
Unescape Escape View File

@ -174,7 +174,7 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
#if 0
/* filestore and bypass keywords can't work together */
if (s->flags & SIG_FLAG_BYPASS) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS,
SCLogError(
"filestore can't work with bypass keyword");
return -1;
}
@ -185,7 +185,7 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
sm->type = DETECT_CONFIG;
if (str == NULL || strlen(str) == 0) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "config keywords need arguments");
SCLogError("config keywords need arguments");
goto error;
}
char subsys[32];
@ -198,18 +198,18 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
ret = DetectParsePcreExec(&parse_regex, str, 0, 0);
if (ret != 7) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "config is rather picky at this time");
SCLogError("config is rather picky at this time");
goto error;
}
pcre2len = sizeof(subsys);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)subsys, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
}
if (strcmp(subsys, "logging") != 0) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "only 'logging' supported at this time");
SCLogError("only 'logging' supported at this time");
goto error;
}
SCLogDebug("subsys %s", subsys);
@ -217,12 +217,12 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
pcre2len = sizeof(state);
res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)state, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
}
if (strcmp(state, "disable") != 0) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "only 'disable' supported at this time");
SCLogError("only 'disable' supported at this time");
goto error;
}
SCLogDebug("state %s", state);
@ -230,12 +230,12 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
pcre2len = sizeof(type);
res = pcre2_substring_copy_bynumber(parse_regex.match, 3, (PCRE2_UCHAR8 *)type, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
}
if (strcmp(type, "type") != 0) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "only 'type' supported at this time");
SCLogError("only 'type' supported at this time");
goto error;
}
SCLogDebug("type %s", type);
@ -243,12 +243,12 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
pcre2len = sizeof(typeval);
res = pcre2_substring_copy_bynumber(parse_regex.match, 4, (PCRE2_UCHAR8 *)typeval, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
}
if (!(strcmp(typeval, "tx") == 0 ||strcmp(typeval, "flow") == 0)) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "only 'tx' and 'flow' supported at this time");
SCLogError("only 'tx' and 'flow' supported at this time");
goto error;
}
SCLogDebug("typeval %s", typeval);
@ -256,12 +256,12 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
pcre2len = sizeof(scope);
res = pcre2_substring_copy_bynumber(parse_regex.match, 5, (PCRE2_UCHAR8 *)scope, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
}
if (strcmp(scope, "scope") != 0) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "only 'scope' supported at this time");
SCLogError("only 'scope' supported at this time");
goto error;
}
SCLogDebug("scope %s", scope);
@ -269,12 +269,12 @@ static int DetectConfigSetup (DetectEngineCtx *de_ctx, Signature *s, const char
pcre2len = sizeof(scopeval);
res = pcre2_substring_copy_bynumber(parse_regex.match, 6, (PCRE2_UCHAR8 *)scopeval, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
}
if (!(strcmp(scopeval, "tx") == 0 ||strcmp(scopeval, "flow") == 0)) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "only 'tx' and 'flow' supported at this time");
SCLogError("only 'tx' and 'flow' supported at this time");
goto error;
}
SCLogDebug("scopeval %s", scopeval);

24
src/detect-content.c
Unescape Escape View File

@ -113,8 +113,7 @@ int DetectContentDataParse(const char *keyword, const char *contentstr,
bin_count++;
if (bin) {
if (binpos > 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE,
"Incomplete hex code in content - %s. Invalidating signature.",
SCLogError("Incomplete hex code in content - %s. Invalidating signature.",
contentstr);
goto error;
}
@ -150,8 +149,9 @@ int DetectContentDataParse(const char *keyword, const char *contentstr,
// SCLogDebug("space as part of binary string");
}
else if (str[i] != ',') {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid hex code in "
"content - %s, hex %c. Invalidating signature.", str, str[i]);
SCLogError("Invalid hex code in "
"content - %s, hex %c. Invalidating signature.",
str, str[i]);
goto error;
}
} else if (escape) {
@ -163,13 +163,13 @@ int DetectContentDataParse(const char *keyword, const char *contentstr,
str[x] = str[i];
x++;
} else {
SCLogError(SC_ERR_INVALID_SIGNATURE, "'%c' has to be escaped", str[i-1]);
SCLogError("'%c' has to be escaped", str[i - 1]);
goto error;
}
escape = 0;
converted = 1;
} else if (str[i] == '"') {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid unescaped double quote within content section.");
SCLogError("Invalid unescaped double quote within content section.");
goto error;
} else {
str[x] = str[i];
@ -179,8 +179,9 @@ int DetectContentDataParse(const char *keyword, const char *contentstr,
}
if (bin_count % 2 != 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid hex code assembly in "
"%s - %s. Invalidating signature.", keyword, contentstr);
SCLogError("Invalid hex code assembly in "
"%s - %s. Invalidating signature.",
keyword, contentstr);
goto error;
}
@ -350,9 +351,7 @@ int DetectContentSetup(DetectEngineCtx *de_ctx, Signature *s, const char *conten
const char *tstr;
if (!DetectEngineBufferTypeValidateTransform(
de_ctx, sm_list, cd->content, cd->content_len, &tstr)) {
SCLogError(SC_ERR_INVALID_SIGNATURE,
"content string \"%s\" incompatible with %s transform",
contentstr, tstr);
SCLogError("content string \"%s\" incompatible with %s transform", contentstr, tstr);
goto error;
}
}
@ -480,8 +479,7 @@ bool DetectContentPMATCHValidateCallback(const Signature *s)
if (min_dsize_required >= 0) {
SCLogDebug("min_dsize %d; max_right_edge %d", min_dsize_required, max_right_edge);
if ((uint32_t)min_dsize_required > max_right_edge) {
SCLogError(SC_ERR_INVALID_SIGNATURE,
"signature can't match as required content length %d exceeds dsize value %d",
SCLogError("signature can't match as required content length %d exceeds dsize value %d",
min_dsize_required, max_right_edge);
return false;
}

31
src/detect-datarep.c
Unescape Escape View File

@ -176,18 +176,16 @@ static int DetectDatarepParse(const char *str, char *cmd, int cmd_len, char *nam
}
if (strcmp(key, "memcap") == 0) {
if (ParseSizeStringU64(val, memcap) < 0) {
SCLogWarning(SC_EINVAL,
"invalid value for memcap: %s,"
" resetting to default",
SCLogWarning("invalid value for memcap: %s,"
" resetting to default",
val);
*memcap = 0;
}
}
if (strcmp(key, "hashsize") == 0) {
if (ParseSizeStringU32(val, hashsize) < 0) {
SCLogWarning(SC_EINVAL,
"invalid value for hashsize: %s,"
" resetting to default",
SCLogWarning("invalid value for hashsize: %s,"
" resetting to default",
val);
*hashsize = 0;
}
@ -201,14 +199,12 @@ static int DetectDatarepParse(const char *str, char *cmd, int cmd_len, char *nam
}
if (strlen(load) > 0 && *type == DATASET_TYPE_NOTSET) {
SCLogError(SC_ERR_INVALID_SIGNATURE,
"if load is used type must be set as well");
SCLogError("if load is used type must be set as well");
return 0;
}
if (!name_set || !cmd_set || !value_set) {
SCLogError(SC_ERR_INVALID_SIGNATURE,
"missing values");
SCLogError("missing values");
return 0;
}
@ -220,8 +216,7 @@ static int DetectDatarepParse(const char *str, char *cmd, int cmd_len, char *nam
/* Validate name, spaces are not allowed. */
for (size_t i = 0; i < strlen(name); i++) {
if (isblank(name[i])) {
SCLogError(SC_ERR_INVALID_SIGNATURE,
"spaces not allowed in dataset names");
SCLogError("spaces not allowed in dataset names");
return 0;
}
}
@ -306,15 +301,13 @@ static int DetectDatarepSetup (DetectEngineCtx *de_ctx, Signature *s, const char
uint32_t hashsize = 0;
if (DetectBufferGetActiveList(de_ctx, s) == -1) {
SCLogError(SC_ERR_INVALID_SIGNATURE,
"datarep is only supported for sticky buffers");
SCLogError("datarep is only supported for sticky buffers");
SCReturnInt(-1);
}
int list = s->init_data->list;
if (list == DETECT_SM_LIST_NOTSET) {
SCLogError(SC_ERR_INVALID_SIGNATURE,
"datarep is only supported for sticky buffers");
SCLogError("datarep is only supported for sticky buffers");
SCReturnInt(-1);
}
@ -336,15 +329,13 @@ static int DetectDatarepSetup (DetectEngineCtx *de_ctx, Signature *s, const char
} else if (strcmp(cmd_str,"==") == 0) {
op = DATAREP_OP_EQ;
} else {
SCLogError(SC_ERR_UNKNOWN_VALUE,
"datarep operation \"%s\" is not supported.", cmd_str);
SCLogError("datarep operation \"%s\" is not supported.", cmd_str);
return -1;
}
Dataset *set = DatasetGet(name, type, /* no save */ NULL, load, memcap, hashsize);
if (set == NULL) {
SCLogError(SC_ERR_UNKNOWN_VALUE,
"failed to set up datarep set '%s'.", name);
SCLogError("failed to set up datarep set '%s'.", name);
return -1;
}

41
src/detect-dataset.c
Unescape Escape View File

@ -163,14 +163,13 @@ static int DetectDatasetParse(const char *str, char *cmd, int cmd_len, char *nam
} else if (strcmp(val, "ip") == 0) {
*type = DATASET_TYPE_IPV6;
} else {
SCLogError(SC_ERR_INVALID_SIGNATURE, "bad type %s", val);
SCLogError("bad type %s", val);
return -1;
}
} else if (strcmp(key, "save") == 0) {
if (save_set) {
SCLogWarning(SC_ERR_INVALID_SIGNATURE,
"'save' can only appear once");
SCLogWarning("'save' can only appear once");
return -1;
}
SCLogDebug("save %s", val);
@ -178,8 +177,7 @@ static int DetectDatasetParse(const char *str, char *cmd, int cmd_len, char *nam
save_set = true;
} else if (strcmp(key, "load") == 0) {
if (load_set) {
SCLogWarning(SC_ERR_INVALID_SIGNATURE,
"'load' can only appear once");
SCLogWarning("'load' can only appear once");
return -1;
}
SCLogDebug("load %s", val);
@ -187,8 +185,7 @@ static int DetectDatasetParse(const char *str, char *cmd, int cmd_len, char *nam
load_set = true;
} else if (strcmp(key, "state") == 0) {
if (state_set) {
SCLogWarning(SC_ERR_INVALID_SIGNATURE,
"'state' can only appear once");
SCLogWarning("'state' can only appear once");
return -1;
}
SCLogDebug("state %s", val);
@ -198,18 +195,16 @@ static int DetectDatasetParse(const char *str, char *cmd, int cmd_len, char *nam
}
if (strcmp(key, "memcap") == 0) {
if (ParseSizeStringU64(val, memcap) < 0) {
SCLogWarning(SC_EINVAL,
"invalid value for memcap: %s,"
" resetting to default",
SCLogWarning("invalid value for memcap: %s,"
" resetting to default",
val);
*memcap = 0;
}
}
if (strcmp(key, "hashsize") == 0) {
if (ParseSizeStringU32(val, hashsize) < 0) {
SCLogWarning(SC_EINVAL,
"invalid value for hashsize: %s,"
" resetting to default",
SCLogWarning("invalid value for hashsize: %s,"
" resetting to default",
val);
*hashsize = 0;
}
@ -223,8 +218,7 @@ static int DetectDatasetParse(const char *str, char *cmd, int cmd_len, char *nam
}
if ((load_set || save_set) && state_set) {
SCLogWarning(SC_ERR_INVALID_SIGNATURE,
"'state' can not be mixed with 'load' and 'save'");
SCLogWarning("'state' can not be mixed with 'load' and 'save'");
return -1;
}
@ -236,8 +230,7 @@ static int DetectDatasetParse(const char *str, char *cmd, int cmd_len, char *nam
/* Validate name, spaces are not allowed. */
for (size_t i = 0; i < strlen(name); i++) {
if (isblank(name[i])) {
SCLogError(SC_ERR_INVALID_SIGNATURE,
"spaces not allowed in dataset names");
SCLogError("spaces not allowed in dataset names");
return 0;
}
}
@ -341,15 +334,13 @@ int DetectDatasetSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawst
char save[PATH_MAX] = "";
if (DetectBufferGetActiveList(de_ctx, s) == -1) {
SCLogError(SC_ERR_INVALID_SIGNATURE,
"datasets are only supported for sticky buffers");
SCLogError("datasets are only supported for sticky buffers");
SCReturnInt(-1);
}
int list = s->init_data->list;
if (list == DETECT_SM_LIST_NOTSET) {
SCLogError(SC_ERR_INVALID_SIGNATURE,
"datasets are only supported for sticky buffers");
SCLogError("datasets are only supported for sticky buffers");
SCReturnInt(-1);
}
@ -367,8 +358,7 @@ int DetectDatasetSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawst
} else if (strcmp(cmd_str,"unset") == 0) {
cmd = DETECT_DATASET_CMD_UNSET;
} else {
SCLogError(SC_ERR_UNKNOWN_VALUE,
"dataset action \"%s\" is not supported.", cmd_str);
SCLogError("dataset action \"%s\" is not supported.", cmd_str);
return -1;
}
@ -394,12 +384,11 @@ int DetectDatasetSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawst
SCLogDebug("name '%s' load '%s' save '%s'", name, load, save);
Dataset *set = DatasetGet(name, type, save, load, memcap, hashsize);
if (set == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE,
"failed to set up dataset '%s'.", name);
SCLogError("failed to set up dataset '%s'.", name);
return -1;
}
if (set->hash && SC_ATOMIC_GET(set->hash->memcap_reached)) {
SCLogError(SC_ERR_THASH_INIT, "dataset too large for set memcap");
SCLogError("dataset too large for set memcap");
return -1;
}

2
src/detect-dce-iface.c
Unescape Escape View File

@ -149,7 +149,7 @@ static int DetectDceIfaceSetup(DetectEngineCtx *de_ctx, Signature *s, const char
void *did = rs_dcerpc_iface_parse(arg);
if (did == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Error parsing dce_iface option in "
SCLogError("Error parsing dce_iface option in "
"signature");
return -1;
}

4
src/detect-dce-opnum.c
Unescape Escape View File

@ -127,7 +127,7 @@ static int DetectDceOpnumMatchRust(DetectEngineThreadCtx *det_ctx,
static int DetectDceOpnumSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
{
if (arg == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Error parsing dce_opnum option in "
SCLogError("Error parsing dce_opnum option in "
"signature, option needs a value");
return -1;
}
@ -137,7 +137,7 @@ static int DetectDceOpnumSetup(DetectEngineCtx *de_ctx, Signature *s, const char
void *dod = rs_dcerpc_opnum_parse(arg);
if (dod == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Error parsing dce_opnum option in "
SCLogError("Error parsing dce_opnum option in "
"signature");
return -1;
}

39
src/detect-depth.c
Unescape Escape View File

@ -70,7 +70,7 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, const char *
/* retrive the sm to apply the depth against */
pm = DetectGetLastSMFromLists(s, DETECT_CONTENT, -1);
if (pm == NULL) {
SCLogError(SC_ERR_DEPTH_MISSING_CONTENT, "depth needs "
SCLogError("depth needs "
"preceding content, uricontent option, http_client_body, "
"http_server_body, http_header option, http_raw_header option, "
"http_method option, http_cookie, http_raw_uri, "
@ -84,31 +84,32 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, const char *
DetectContentData *cd = (DetectContentData *)pm->ctx;
if (cd->flags & DETECT_CONTENT_DEPTH) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use multiple depths for the same content.");
SCLogError("can't use multiple depths for the same content.");
goto end;
}
if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use a relative "
SCLogError("can't use a relative "
"keyword like within/distance with a absolute "
"relative keyword like depth/offset for the same "
"content." );
"content.");
goto end;
}
if (cd->flags & DETECT_CONTENT_NEGATED && cd->flags & DETECT_CONTENT_FAST_PATTERN) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative "
SCLogError("can't have a relative "
"negated keyword set along with 'fast_pattern'.");
goto end;
}
if (cd->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative "
SCLogError("can't have a relative "
"keyword set along with 'fast_pattern:only;'.");
goto end;
}
if (str[0] != '-' && isalpha((unsigned char)str[0])) {
DetectByteIndexType index;
if (!DetectByteRetrieveSMVar(str, s, &index)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "unknown byte_ keyword var "
"seen in depth - %s.", str);
SCLogError("unknown byte_ keyword var "
"seen in depth - %s.",
str);
goto end;
}
cd->depth = index;
@ -116,14 +117,14 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, const char *
} else {
if (StringParseUint16(&cd->depth, 0, 0, str) < 0)
{
SCLogError(SC_ERR_INVALID_SIGNATURE,
"invalid value for depth: %s.", str);
SCLogError("invalid value for depth: %s.", str);
goto end;
}
if (cd->depth < cd->content_len) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "depth:%u smaller than "
"content of len %u.", cd->depth, cd->content_len);
SCLogError("depth:%u smaller than "
"content of len %u.",
cd->depth, cd->content_len);
return -1;
}
/* Now update the real limit, as depth is relative to the offset */
@ -144,7 +145,7 @@ static int DetectStartsWithSetup (DetectEngineCtx *de_ctx, Signature *s, const c
/* retrieve the sm to apply the depth against */
pm = DetectGetLastSMFromLists(s, DETECT_CONTENT, -1);
if (pm == NULL) {
SCLogError(SC_ERR_DEPTH_MISSING_CONTENT, "startswith needs a "
SCLogError("startswith needs a "
"preceding content option.");
goto end;
}
@ -153,29 +154,29 @@ static int DetectStartsWithSetup (DetectEngineCtx *de_ctx, Signature *s, const c
DetectContentData *cd = (DetectContentData *)pm->ctx;
if (cd->flags & DETECT_CONTENT_DEPTH) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use multiple "
"depth/startswith settings for the same content.");
SCLogError("can't use multiple "
"depth/startswith settings for the same content.");
goto end;
}
if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use a relative "
SCLogError("can't use a relative "
"keyword like within/distance with a absolute "
"relative keyword like depth/offset for the same "
"content.");
goto end;
}
if (cd->flags & DETECT_CONTENT_NEGATED && cd->flags & DETECT_CONTENT_FAST_PATTERN) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative "
SCLogError("can't have a relative "
"negated keyword set along with a 'fast_pattern'.");
goto end;
}
if (cd->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative "
SCLogError("can't have a relative "
"keyword set along with 'fast_pattern:only;'.");
goto end;
}
if (cd->flags & DETECT_CONTENT_OFFSET) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't mix offset "
SCLogError("can't mix offset "
"with startswith.");
goto end;
}

15
src/detect-detection-filter.c
Unescape Escape View File

@ -134,8 +134,7 @@ static DetectThresholdData *DetectDetectionFilterParse(const char *rawstr)
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 5) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret,
rawstr);
SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
goto error;
}
@ -151,7 +150,7 @@ static DetectThresholdData *DetectDetectionFilterParse(const char *rawstr)
res = pcre2_substring_get_bynumber(
parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
}
@ -180,7 +179,7 @@ static DetectThresholdData *DetectDetectionFilterParse(const char *rawstr)
}
if (df->count == 0 || df->seconds == 0) {
SCLogError(SC_EINVAL, "found an invalid value");
SCLogError("found an invalid value");
goto error;
}
@ -222,15 +221,13 @@ static int DetectDetectionFilterSetup(DetectEngineCtx *de_ctx, Signature *s, con
/* checks if there's a previous instance of threshold */
tmpm = DetectGetLastSMFromLists(s, DETECT_THRESHOLD, -1);
if (tmpm != NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE,
"\"detection_filter\" and \"threshold\" are not allowed in the same rule");
SCLogError("\"detection_filter\" and \"threshold\" are not allowed in the same rule");
SCReturnInt(-1);
}
/* checks there's no previous instance of detection_filter */
tmpm = DetectGetLastSMFromLists(s, DETECT_DETECTION_FILTER, -1);
if (tmpm != NULL) {
SCLogError(
SC_ERR_INVALID_SIGNATURE, "At most one \"detection_filter\" is allowed per rule");
SCLogError("At most one \"detection_filter\" is allowed per rule");
SCReturnInt(-1);
}
@ -585,4 +582,4 @@ static void DetectDetectionFilterRegisterTests(void)
UtRegisterTest("DetectDetectionFilterTestSig2", DetectDetectionFilterTestSig2);
UtRegisterTest("DetectDetectionFilterTestSig3", DetectDetectionFilterTestSig3);
}
#endif /* UNITTESTS */
#endif /* UNITTESTS */

2
src/detect-dhcp-leasetime.c
Unescape Escape View File

@ -86,7 +86,7 @@ static int DetectDHCPLeaseTimeSetup(DetectEngineCtx *de_ctx, Signature *s, const
DetectU64Data *dd = DetectU64Parse(rawstr);
if (dd == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "Parsing \'%s\' failed for %s", rawstr,
SCLogError("Parsing \'%s\' failed for %s", rawstr,
sigmatch_table[DETECT_AL_DHCP_LEASETIME].name);
return -1;
}

2
src/detect-dhcp-rebinding-time.c
Unescape Escape View File

@ -86,7 +86,7 @@ static int DetectDHCPRebindingTimeSetup(DetectEngineCtx *de_ctx, Signature *s, c
DetectU64Data *dd = DetectU64Parse(rawstr);
if (dd == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "Parsing \'%s\' failed for %s", rawstr,
SCLogError("Parsing \'%s\' failed for %s", rawstr,
sigmatch_table[DETECT_AL_DHCP_REBINDING_TIME].name);
return -1;
}

2
src/detect-dhcp-renewal-time.c
Unescape Escape View File

@ -86,7 +86,7 @@ static int DetectDHCPRenewalTimeSetup(DetectEngineCtx *de_ctx, Signature *s, con
DetectU64Data *dd = DetectU64Parse(rawstr);
if (dd == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "Parsing \'%s\' failed for %s", rawstr,
SCLogError("Parsing \'%s\' failed for %s", rawstr,
sigmatch_table[DETECT_AL_DHCP_RENEWAL_TIME].name);
return -1;
}

22
src/detect-distance.c
Unescape Escape View File

@ -76,7 +76,7 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s,
/* retrieve the sm to apply the distance against */
pm = DetectGetLastSMFromLists(s, DETECT_CONTENT, -1);
if (pm == NULL) {
SCLogError(SC_ERR_OFFSET_MISSING_CONTENT, "distance needs "
SCLogError("distance needs "
"preceding content, uricontent option, http_client_body, "
"http_server_body, http_header option, http_raw_header option, "
"http_method option, http_cookie, http_raw_uri, "
@ -88,39 +88,39 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s,
/* verify other conditions */
DetectContentData *cd = (DetectContentData *)pm->ctx;
if (cd->flags & DETECT_CONTENT_DISTANCE) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use multiple distances for the same content.");
SCLogError("can't use multiple distances for the same content.");
goto end;
}
if ((cd->flags & DETECT_CONTENT_DEPTH) || (cd->flags & DETECT_CONTENT_OFFSET)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use a relative "
SCLogError("can't use a relative "
"keyword like within/distance with a absolute "
"relative keyword like depth/offset for the same "
"content." );
"content.");
goto end;
}
if (cd->flags & DETECT_CONTENT_NEGATED && cd->flags & DETECT_CONTENT_FAST_PATTERN) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative "
SCLogError("can't have a relative "
"negated keyword set along with a fast_pattern");
goto end;
}
if (cd->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative "
SCLogError("can't have a relative "
"keyword set along with a fast_pattern:only;");
goto end;
}
if (str[0] != '-' && isalpha((unsigned char)str[0])) {
DetectByteIndexType index;
if (!DetectByteRetrieveSMVar(str, s, &index)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "unknown byte_ keyword var "
"seen in distance - %s\n", str);
SCLogError("unknown byte_ keyword var "
"seen in distance - %s\n",
str);
goto end;
}
cd->distance = index;
cd->flags |= DETECT_CONTENT_DISTANCE_VAR;
} else {
if (StringParseInt32(&cd->distance, 0, 0, str) < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE,
"invalid value for distance: %s", str);
SCLogError("invalid value for distance: %s", str);
goto end;
}
}
@ -135,7 +135,7 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s,
if (prev_pm->type == DETECT_CONTENT) {
DetectContentData *prev_cd = (DetectContentData *)prev_pm->ctx;
if (prev_cd->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "previous keyword "
SCLogError("previous keyword "
"has a fast_pattern:only; set. Can't "
"have relative keywords around a fast_pattern "
"only content");

9
src/detect-dnp3.c
Unescape Escape View File

@ -212,8 +212,7 @@ static int DetectDNP3FuncSetup(DetectEngineCtx *de_ctx, Signature *s, const char
return -1;
if (!DetectDNP3FuncParseFunctionCode(str, &function_code)) {
SCLogError(SC_ERR_INVALID_SIGNATURE,
"Invalid argument \"%s\" supplied to dnp3_func keyword.", str);
SCLogError("Invalid argument \"%s\" supplied to dnp3_func keyword.", str);
return -1;
}
@ -264,8 +263,7 @@ static int DetectDNP3IndParseByName(const char *str, uint16_t *flags)
}
if (!found) {
SCLogError(SC_ERR_INVALID_SIGNATURE,
"Bad argument \"%s\" supplied to dnp3.ind keyword.", p);
SCLogError("Bad argument \"%s\" supplied to dnp3.ind keyword.", p);
return 0;
}
}
@ -300,8 +298,7 @@ static int DetectDNP3IndSetup(DetectEngineCtx *de_ctx, Signature *s, const char
return -1;
if (!DetectDNP3IndParse(str, &flags)) {
SCLogError(SC_ERR_INVALID_SIGNATURE,
"Invalid argument \"%s\" supplied to dnp3.ind keyword.", str);
SCLogError("Invalid argument \"%s\" supplied to dnp3.ind keyword.", str);
return -1;
}

3
src/detect-dns-opcode.c
Unescape Escape View File

@ -37,8 +37,7 @@ static int DetectDnsOpcodeSetup(DetectEngineCtx *de_ctx, Signature *s,
void *detect = rs_detect_dns_opcode_parse(str);
if (detect == NULL) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT,
"failed to parse dns.opcode: %s", str);
SCLogError("failed to parse dns.opcode: %s", str);
return -1;
}

6
src/detect-dsize.c
Unescape Escape View File

@ -122,7 +122,7 @@ static int DetectDsizeSetup (DetectEngineCtx *de_ctx, Signature *s, const char *
SigMatch *sm = NULL;
if (DetectGetLastSMFromLists(s, DETECT_DSIZE, -1)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Can't use 2 or more dsizes in "
SCLogError("Can't use 2 or more dsizes in "
"the same sig. Invalidating signature.");
goto error;
}
@ -131,7 +131,7 @@ static int DetectDsizeSetup (DetectEngineCtx *de_ctx, Signature *s, const char *
dd = DetectU16Parse(rawstr);
if (dd == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT,"Parsing \'%s\' failed", rawstr);
SCLogError("Parsing \'%s\' failed", rawstr);
goto error;
}
@ -139,7 +139,7 @@ static int DetectDsizeSetup (DetectEngineCtx *de_ctx, Signature *s, const char *
* and put it in the Signature. */
sm = SigMatchAlloc();
if (sm == NULL){
SCLogError(SC_ENOMEM, "Failed to allocate memory for SigMatch");
SCLogError("Failed to allocate memory for SigMatch");
rs_detect_u16_free(dd);
goto error;
}

92
src/detect-engine-address.c
Unescape Escape View File

@ -460,7 +460,7 @@ static int DetectAddressParseString(DetectAddress *dd, const char *str)
/* validate netmask */
int cidr = CIDRFromMask(netmask);
if (cidr < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE,
SCLogError(
"netmask \"%s\" is not usable. Only netmasks that are compatible with "
"CIDR notation are supported. See ticket #5168.",
mask);
@ -650,8 +650,7 @@ static int DetectAddressSetup(DetectAddressHead *gh, const char *s)
/* parse the address */
DetectAddress *ad = DetectAddressParseSingle(s);
if (ad == NULL) {
SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC,
"failed to parse address \"%s\"", s);
SCLogError("failed to parse address \"%s\"", s);
return -1;
}
@ -725,8 +724,8 @@ static int DetectAddressParseInternal(const DetectEngineCtx *de_ctx, DetectAddre
char *temp_rule_var_address = NULL;
if (++recur > 64) {
SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC, "address block recursion "
"limit reached (max 64)");
SCLogError("address block recursion "
"limit reached (max 64)");
goto error;
}
@ -735,10 +734,9 @@ static int DetectAddressParseInternal(const DetectEngineCtx *de_ctx, DetectAddre
size_t size = strlen(s);
for (u = 0, x = 0; u < size && x < address_length; u++) {
if (x == (address_length - 1)) {
SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC,
"Hit the address buffer"
" limit for the supplied address. Invalidating sig. "
"Please file a bug report on this.");
SCLogError("Hit the address buffer"
" limit for the supplied address. Invalidating sig. "
"Please file a bug report on this.");
goto error;
}
address[x] = s[u];
@ -853,10 +851,11 @@ static int DetectAddressParseInternal(const DetectEngineCtx *de_ctx, DetectAddre
goto error;
if (strlen(rule_var_address) == 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
"to nothing. This is likely a misconfiguration. "
"Note that a negated address needs to be quoted, "
"\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.", s);
SCLogError("variable %s resolved "
"to nothing. This is likely a misconfiguration. "
"Note that a negated address needs to be quoted, "
"\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.",
s);
goto error;
}
@ -908,8 +907,8 @@ static int DetectAddressParseInternal(const DetectEngineCtx *de_ctx, DetectAddre
x = 0;
if (AddVariableToResolveList(var_list, address) == -1) {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Found a loop in a address "
"groups declaration. This is likely a misconfiguration.");
SCLogError("Found a loop in a address "
"groups declaration. This is likely a misconfiguration.");
goto error;
}
@ -920,10 +919,11 @@ static int DetectAddressParseInternal(const DetectEngineCtx *de_ctx, DetectAddre
goto error;
if (strlen(rule_var_address) == 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
"to nothing. This is likely a misconfiguration. "
"Note that a negated address needs to be quoted, "
"\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.", s);
SCLogError("variable %s resolved "
"to nothing. This is likely a misconfiguration. "
"Note that a negated address needs to be quoted, "
"\"!$HOME_NET\" instead of !$HOME_NET. See issue #295.",
s);
goto error;
}
@ -968,14 +968,16 @@ static int DetectAddressParseInternal(const DetectEngineCtx *de_ctx, DetectAddre
}
}
if (depth > 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "not every address block was "
"properly closed in \"%s\", %d missing closing brackets (]). "
"Note: problem might be in a variable.", s, depth);
SCLogError("not every address block was "
"properly closed in \"%s\", %d missing closing brackets (]). "
"Note: problem might be in a variable.",
s, depth);
goto error;
} else if (depth < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "not every address block was "
"properly opened in \"%s\", %d missing opening brackets ([). "
"Note: problem might be in a variable.", s, depth*-1);
SCLogError("not every address block was "
"properly opened in \"%s\", %d missing opening brackets ([). "
"Note: problem might be in a variable.",
s, depth * -1);
goto error;
}
@ -1003,8 +1005,8 @@ static int DetectAddressParse2(const DetectEngineCtx *de_ctx, DetectAddressHead
if (address_length > (MAX_ADDRESS_LENGTH - 1)) {
char *address = SCCalloc(1, address_length);
if (address == NULL) {
SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC, "Unable to allocate"
" memory for address parsing.");
SCLogError("Unable to allocate"
" memory for address parsing.");
return -1;
}
rc = DetectAddressParseInternal(
@ -1060,7 +1062,7 @@ int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
/* check if the negated list covers the entire ip space. If so
* the user screwed up the rules/vars. */
if (DetectAddressIsCompleteIPSpace(ghn) == 1) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Complete IP space negated. "
SCLogError("Complete IP space negated. "
"Rule address range is NIL. Probably have a !any or "
"an address range that supplies a NULL address range");
goto error;
@ -1203,8 +1205,9 @@ int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
cnt++;
if (ipv4_applied != cnt) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "not all IPv4 negations "
"could be applied: %d != %d", cnt, ipv4_applied);
SCLogError("not all IPv4 negations "
"could be applied: %d != %d",
cnt, ipv4_applied);
goto error;
}
@ -1213,16 +1216,17 @@ int DetectAddressMergeNot(DetectAddressHead *gh, DetectAddressHead *ghn)
cnt++;
if (ipv6_applied != cnt) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "not all IPv6 negations "
"could be applied: %d != %d", cnt, ipv6_applied);
SCLogError("not all IPv6 negations "
"could be applied: %d != %d",
cnt, ipv6_applied);
goto error;
}
}
/* if the result is that we have no addresses we return error */
if (gh->ipv4_head == NULL && gh->ipv6_head == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "no addresses left after "
"merging addresses and negated addresses");
SCLogError("no addresses left after "
"merging addresses and negated addresses");
goto error;
}
@ -1260,10 +1264,10 @@ int DetectAddressTestConfVars(void)
}
if (seq_node->val == NULL) {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
"Address var \"%s\" probably has a sequence(something "
SCLogError("Address var \"%s\" probably has a sequence(something "
"in brackets) value set without any quotes. Please "
"quote it using \"..\".", seq_node->name);
"quote it using \"..\".",
seq_node->name);
goto error;
}
@ -1273,19 +1277,17 @@ int DetectAddressTestConfVars(void)
CleanVariableResolveList(&var_list);
if (r < 0) {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
"failed to parse address var \"%s\" with value \"%s\". "
"Please check its syntax",
SCLogError("failed to parse address var \"%s\" with value \"%s\". "
"Please check its syntax",
seq_node->name, seq_node->val);
goto error;
}
if (DetectAddressIsCompleteIPSpace(ghn)) {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
"address var - \"%s\" has the complete IP space negated "
"with its value \"%s\". Rule address range is NIL. "
"Probably have a !any or an address range that supplies "
"a NULL address range",
SCLogError("address var - \"%s\" has the complete IP space negated "
"with its value \"%s\". Rule address range is NIL. "
"Probably have a !any or an address range that supplies "
"a NULL address range",
seq_node->name, seq_node->val);
goto error;
}

2
src/detect-engine-alert.c
Unescape Escape View File

@ -224,7 +224,7 @@ void AlertQueueInit(DetectEngineThreadCtx *det_ctx)
det_ctx->alert_queue_size = 0;
det_ctx->alert_queue = SCCalloc(packet_alert_max, sizeof(PacketAlert));
if (det_ctx->alert_queue == NULL) {
FatalError(SC_ENOMEM, "failed to allocate %" PRIu64 " bytes for the alert queue",
FatalError("failed to allocate %" PRIu64 " bytes for the alert queue",
(uint64_t)(packet_alert_max * sizeof(PacketAlert)));
}
det_ctx->alert_queue_capacity = packet_alert_max;

21
src/detect-engine-analyzer.c
Unescape Escape View File

@ -243,7 +243,7 @@ void EngineAnalysisFP(const DetectEngineCtx *de_ctx, const Signature *s, char *l
uint16_t patlen = fp_cd->content_len;
uint8_t *pat = SCMalloc(fp_cd->content_len + 1);
if (unlikely(pat == NULL)) {
FatalError(SC_ERR_FATAL, "Error allocating memory");
FatalError("Error allocating memory");
}
memcpy(pat, fp_cd->content, fp_cd->content_len);
pat[fp_cd->content_len] = '\0';
@ -303,8 +303,7 @@ int SetupFPAnalyzer(void)
fp_engine_analysis_FD = fopen(log_path, "w");
if (fp_engine_analysis_FD == NULL) {
SCLogError(SC_ERR_FOPEN, "failed to open %s: %s", log_path,
strerror(errno));
SCLogError("failed to open %s: %s", log_path, strerror(errno));
return 0;
}
@ -352,7 +351,7 @@ int SetupRuleAnalyzer(void)
snprintf(log_path, sizeof(log_path), "%s/%s", log_dir, "rules_analysis.txt");
rule_engine_analysis_FD = fopen(log_path, "w");
if (rule_engine_analysis_FD == NULL) {
SCLogError(SC_ERR_FOPEN, "failed to open %s: %s", log_path, strerror(errno));
SCLogError("failed to open %s: %s", log_path, strerror(errno));
return 0;
}
@ -444,8 +443,8 @@ int PerCentEncodingSetup ()
if (percent_re == NULL) {
PCRE2_UCHAR errbuffer[256];
pcre2_get_error_message(en, errbuffer, sizeof(errbuffer));
SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %d: %s",
DETECT_PERCENT_ENCODING_REGEX, (int)eo, errbuffer);
SCLogError("Compile of \"%s\" failed at offset %d: %s", DETECT_PERCENT_ENCODING_REGEX,
(int)eo, errbuffer);
return 0;
}
@ -469,7 +468,7 @@ static int PerCentEncodingMatch(uint8_t *content, uint16_t content_len)
return 0;
}
else if (ret < -1) {
SCLogError(SC_ERR_PCRE_MATCH, "Error parsing content - %s; error code is %d", content, ret);
SCLogError("Error parsing content - %s; error code is %d", content, ret);
return -1;
}
return ret;
@ -492,7 +491,7 @@ static void EngineAnalysisRulesPrintFP(const DetectEngineCtx *de_ctx, const Sign
uint16_t patlen = fp_cd->content_len;
uint8_t *pat = SCMalloc(fp_cd->content_len + 1);
if (unlikely(pat == NULL)) {
FatalError(SC_ERR_FATAL, "Error allocating memory");
FatalError("Error allocating memory");
}
memcpy(pat, fp_cd->content, fp_cd->content_len);
pat[fp_cd->content_len] = '\0';
@ -1081,9 +1080,9 @@ static void EngineAnalysisItemsInit(void)
analyzer_item->item_id = (uint16_t)item_id;
if (analyzer_item->item_id == -1) {
/* Mismatch between the analyzer_items array and what's supported */
FatalError(SC_ERR_INITIALIZATION,
"unable to initialize engine-analysis table: detect buffer \"%s\" not recognized.",
analyzer_item->item_name);
FatalError("unable to initialize engine-analysis table: detect buffer \"%s\" not "
"recognized.",
analyzer_item->item_name);
}
analyzer_item->item_seen = false;

16
src/detect-engine-build.c
Unescape Escape View File

@ -1222,8 +1222,8 @@ static DetectPort *RulesGroupByPorts(DetectEngineCtx *de_ctx, uint8_t ipproto, u
((s->flags & (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) == (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)) &&
(!(s->dp->port == 0 && s->dp->port2 == 65535)))
{
SCLogWarning(SC_WARN_POOR_RULE, "rule %u: SYN-only to port(s) %u:%u "
"w/o direction specified, disabling for toclient direction",
SCLogWarning("rule %u: SYN-only to port(s) %u:%u "
"w/o direction specified, disabling for toclient direction",
s->id, s->dp->port, s->dp->port2);
goto next;
}
@ -1970,18 +1970,18 @@ int SigGroupBuild(DetectEngineCtx *de_ctx)
SigInitStandardMpmFactoryContexts(de_ctx);
if (SigAddressPrepareStage1(de_ctx) != 0) {
FatalError(SC_ERR_FATAL, "initializing the detection engine failed");
FatalError("initializing the detection engine failed");
}
if (SigAddressPrepareStage2(de_ctx) != 0) {
FatalError(SC_ERR_FATAL, "initializing the detection engine failed");
FatalError("initializing the detection engine failed");
}
if (SigAddressPrepareStage3(de_ctx) != 0) {
FatalError(SC_ERR_FATAL, "initializing the detection engine failed");
FatalError("initializing the detection engine failed");
}
if (SigAddressPrepareStage4(de_ctx) != 0) {
FatalError(SC_ERR_FATAL, "initializing the detection engine failed");
FatalError("initializing the detection engine failed");
}
int r = DetectMpmPrepareBuiltinMpms(de_ctx);
@ -1989,11 +1989,11 @@ int SigGroupBuild(DetectEngineCtx *de_ctx)
r |= DetectMpmPreparePktMpms(de_ctx);
r |= DetectMpmPrepareFrameMpms(de_ctx);
if (r != 0) {
FatalError(SC_ERR_FATAL, "initializing the detection engine failed");
FatalError("initializing the detection engine failed");
}
if (SigMatchPrepare(de_ctx) != 0) {
FatalError(SC_ERR_FATAL, "initializing the detection engine failed");
FatalError("initializing the detection engine failed");
}
#ifdef PROFILING

2
src/detect-engine-content-inspection.c
Unescape Escape View File

@ -328,7 +328,7 @@ uint8_t DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThrea
* cast to non-const as replace writes to it. */
det_ctx->replist = DetectReplaceAddToList(det_ctx->replist, (uint8_t *)found, cd);
} else {
SCLogWarning(SC_EINVAL, "Can't modify payload without packet");
SCLogWarning("Can't modify payload without packet");
}
}

8
src/detect-engine-event.c
Unescape Escape View File

@ -127,8 +127,7 @@ static DetectEngineEventData *DetectEngineEventParse (const char *rawstr)
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 1) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32
", string %s", ret, rawstr);
SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
goto error;
}
@ -137,7 +136,7 @@ static DetectEngineEventData *DetectEngineEventParse (const char *rawstr)
res = pcre2_substring_copy_bynumber(parse_regex.match, 0, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
}
@ -149,8 +148,7 @@ static DetectEngineEventData *DetectEngineEventParse (const char *rawstr)
}
if (found == 0) {
SCLogError(SC_ERR_UNKNOWN_DECODE_EVENT, "unknown decode event \"%s\"",
copy_str);
SCLogError("unknown decode event \"%s\"", copy_str);
goto error;
}

34
src/detect-engine-iponly.c
Unescape Escape View File

@ -339,8 +339,7 @@ static int IPOnlyCIDRItemSetup(IPOnlyCIDRItem **gh, char *s)
/* parse the address */
if (IPOnlyCIDRItemParseSingle(gh, s) == -1) {
SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC,
"address parsing error \"%s\"", s);
SCLogError("address parsing error \"%s\"", s);
goto error;
}
@ -549,8 +548,7 @@ static SigNumArray *SigNumArrayNew(DetectEngineCtx *de_ctx,
SigNumArray *new = SCMalloc(sizeof(SigNumArray));
if (unlikely(new == NULL)) {
FatalError(SC_ERR_FATAL,
"Fatal error encountered in SigNumArrayNew. Exiting...");
FatalError("Fatal error encountered in SigNumArrayNew. Exiting...");
}
memset(new, 0, sizeof(SigNumArray));
@ -580,8 +578,7 @@ static SigNumArray *SigNumArrayCopy(SigNumArray *orig)
SigNumArray *new = SCMalloc(sizeof(SigNumArray));
if (unlikely(new == NULL)) {
FatalError(SC_ERR_FATAL,
"Fatal error encountered in SigNumArrayCopy. Exiting...");
FatalError("Fatal error encountered in SigNumArrayCopy. Exiting...");
}
memset(new, 0, sizeof(SigNumArray));
@ -783,7 +780,7 @@ static IPOnlyCIDRItem *IPOnlyCIDRListParse2(
return head;
error:
SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC,"Error parsing addresses");
SCLogError("Error parsing addresses");
return head;
}
@ -863,7 +860,7 @@ int IPOnlySigParseAddress(const DetectEngineCtx *de_ctx,
return 0;
error:
SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC, "failed to parse addresses");
SCLogError("failed to parse addresses");
return -1;
}
@ -1188,8 +1185,8 @@ void IPOnlyPrepare(DetectEngineCtx *de_ctx)
sna, src->netmask);
if (node == NULL)
SCLogError(SC_ERR_IPONLY_RADIX, "Error inserting in the "
"src ipv4 radix tree");
SCLogError("Error inserting in the "
"src ipv4 radix tree");
} else {
SCLogDebug("Best match found");
@ -1218,8 +1215,9 @@ void IPOnlyPrepare(DetectEngineCtx *de_ctx)
if (node == NULL) {
char tmpstr[64];
PrintInet(src->family, &src->ip[0], tmpstr, sizeof(tmpstr));
SCLogError(SC_ERR_IPONLY_RADIX, "Error inserting in the"
" src ipv4 radix tree ip %s netmask %"PRIu8, tmpstr, src->netmask);
SCLogError("Error inserting in the"
" src ipv4 radix tree ip %s netmask %" PRIu8,
tmpstr, src->netmask);
//SCRadixPrintTree((de_ctx->io_ctx).tree_ipv4src);
exit(-1);
}
@ -1281,7 +1279,7 @@ void IPOnlyPrepare(DetectEngineCtx *de_ctx)
(de_ctx->io_ctx).tree_ipv6src,
sna, src->netmask);
if (node == NULL)
SCLogError(SC_ERR_IPONLY_RADIX, "Error inserting in the src "
SCLogError("Error inserting in the src "
"ipv6 radix tree");
} else {
/* Found, copy the sig num table, add this signum and insert */
@ -1305,7 +1303,7 @@ void IPOnlyPrepare(DetectEngineCtx *de_ctx)
(de_ctx->io_ctx).tree_ipv6src,
sna, src->netmask);
if (node == NULL)
SCLogError(SC_ERR_IPONLY_RADIX, "Error inserting in the src "
SCLogError("Error inserting in the src "
"ipv6 radix tree");
}
} else {
@ -1383,7 +1381,7 @@ void IPOnlyPrepare(DetectEngineCtx *de_ctx)
sna, dst->netmask);
if (node == NULL)
SCLogError(SC_ERR_IPONLY_RADIX, "Error inserting in the dst "
SCLogError("Error inserting in the dst "
"ipv4 radix tree");
} else {
SCLogDebug("Best match found");
@ -1410,7 +1408,7 @@ void IPOnlyPrepare(DetectEngineCtx *de_ctx)
sna, dst->netmask);
if (node == NULL)
SCLogError(SC_ERR_IPONLY_RADIX, "Error inserting in the dst "
SCLogError("Error inserting in the dst "
"ipv4 radix tree");
}
} else {
@ -1471,7 +1469,7 @@ void IPOnlyPrepare(DetectEngineCtx *de_ctx)
sna, dst->netmask);
if (node == NULL)
SCLogError(SC_ERR_IPONLY_RADIX, "Error inserting in the dst "
SCLogError("Error inserting in the dst "
"ipv6 radix tree");
} else {
/* Found, copy the sig num table, add this signum and insert */
@ -1496,7 +1494,7 @@ void IPOnlyPrepare(DetectEngineCtx *de_ctx)
sna, dst->netmask);
if (node == NULL)
SCLogError(SC_ERR_IPONLY_RADIX, "Error inserting in the dst "
SCLogError("Error inserting in the dst "
"ipv6 radix tree");
}
} else {

37
src/detect-engine-loader.c
Unescape Escape View File

@ -65,7 +65,7 @@ char *DetectLoadCompleteSigPath(const DetectEngineCtx *de_ctx, const char *sig_f
char varname[128];
if (sig_file == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENTS,"invalid sig_file argument - NULL");
SCLogError("invalid sig_file argument - NULL");
return NULL;
}
@ -135,8 +135,9 @@ static int DetectLoadSigFile(DetectEngineCtx *de_ctx, char *sig_file,
FILE *fp = fopen(sig_file, "r");
if (fp == NULL) {
SCLogError(SC_ERR_OPENING_RULE_FILE, "opening rule file %s:"
" %s.", sig_file, strerror(errno));
SCLogError("opening rule file %s:"
" %s.",
sig_file, strerror(errno));
return -1;
}
@ -188,13 +189,13 @@ static int DetectLoadSigFile(DetectEngineCtx *de_ctx, char *sig_file,
good++;
} else {
if (!de_ctx->sigerror_silent) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "error parsing signature \"%s\" from "
"file %s at line %"PRId32"", line, sig_file, lineno - multiline);
SCLogError("error parsing signature \"%s\" from "
"file %s at line %" PRId32 "",
line, sig_file, lineno - multiline);
if (!SigStringAppend(&de_ctx->sig_stat, sig_file, line, de_ctx->sigerror, (lineno - multiline))) {
SCLogError(SC_ENOMEM,
"Error adding sig \"%s\" from "
"file %s at line %" PRId32 "",
SCLogError("Error adding sig \"%s\" from "
"file %s at line %" PRId32 "",
line, sig_file, lineno - multiline);
}
if (de_ctx->sigerror) {
@ -229,7 +230,7 @@ static int ProcessSigFiles(DetectEngineCtx *de_ctx, char *pattern,
int r = 0;
if (pattern == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "opening rule file null");
SCLogError("opening rule file null");
return -1;
}
@ -238,13 +239,12 @@ static int ProcessSigFiles(DetectEngineCtx *de_ctx, char *pattern,
r = glob(pattern, 0, NULL, &files);
if (r == GLOB_NOMATCH) {
SCLogWarning(SC_ERR_NO_RULES, "No rule files match the pattern %s", pattern);
SCLogWarning("No rule files match the pattern %s", pattern);
++(st->bad_files);
++(st->total_files);
return -1;
} else if (r != 0) {
SCLogError(SC_ERR_OPENING_RULE_FILE, "error expanding template %s: %s",
pattern, strerror(errno));
SCLogError("error expanding template %s: %s", pattern, strerror(errno));
return -1;
}
@ -310,9 +310,8 @@ int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_excl
rule_files = ConfGetNode(varname);
if (rule_files != NULL) {
if (!ConfNodeIsSequence(rule_files)) {
SCLogWarning(SC_ERR_INVALID_ARGUMENT,
"Invalid rule-files configuration section: "
"expected a list of filenames.");
SCLogWarning("Invalid rule-files configuration section: "
"expected a list of filenames.");
}
else {
TAILQ_FOREACH(file, &rule_files->head, next) {
@ -353,7 +352,8 @@ int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_excl
/* now we should have signatures to work with */
if (sig_stat->good_sigs_total <= 0) {
if (sig_stat->total_files > 0) {
SCLogWarning(SC_ERR_NO_RULES_LOADED, "%d rule files specified, but no rules were loaded!", sig_stat->total_files);
SCLogWarning(
"%d rule files specified, but no rules were loaded!", sig_stat->total_files);
} else {
SCLogInfo("No signatures supplied.");
goto end;
@ -464,7 +464,7 @@ int DetectLoadersSync(void)
}
if (errors) {
SCLogError(SC_ERR_INITIALIZATION, "%d loaders reported errors", errors);
SCLogError("%d loaders reported errors", errors);
return -1;
}
SCLogDebug("done");
@ -484,8 +484,7 @@ void DetectLoadersInit(void)
(void)ConfGetInt("multi-detect.loaders", &setting);
if (setting < 1 || setting > 1024) {
SCLogError(SC_ERR_INVALID_ARGUMENTS,
"invalid multi-detect.loaders setting %"PRIdMAX, setting);
SCLogError("invalid multi-detect.loaders setting %" PRIdMAX, setting);
exit(EXIT_FAILURE);
}
num_loaders = (int32_t)setting;

21
src/detect-engine-mpm.c
Unescape Escape View File

@ -108,8 +108,7 @@ void DetectAppLayerMpmRegister2(const char *name,
DetectBufferTypeSupportsTransformations(name);
int sm_list = DetectBufferTypeGetByName(name);
if (sm_list == -1) {
FatalError(SC_ERR_INITIALIZATION,
"MPM engine registration for %s failed", name);
FatalError("MPM engine registration for %s failed", name);
}
DetectBufferMpmRegistery *am = SCCalloc(1, sizeof(*am));
@ -299,7 +298,7 @@ void DetectFrameMpmRegister(const char *name, int direction, int priority,
DetectBufferTypeSupportsTransformations(name);
int sm_list = DetectBufferTypeGetByName(name);
if (sm_list < 0 || sm_list > UINT16_MAX) {
FatalError(SC_ERR_INITIALIZATION, "MPM engine registration for %s failed", name);
FatalError("MPM engine registration for %s failed", name);
}
DetectBufferMpmRegistery *am = SCCalloc(1, sizeof(*am));
@ -384,7 +383,7 @@ void DetectEngineFrameMpmRegister(DetectEngineCtx *de_ctx, const char *name, int
const int sm_list = DetectEngineBufferTypeRegister(de_ctx, name);
if (sm_list < 0 || sm_list > UINT16_MAX) {
FatalError(SC_ERR_INITIALIZATION, "MPM engine registration for %s failed", name);
FatalError("MPM engine registration for %s failed", name);
}
DetectEngineBufferTypeSupportsMpm(de_ctx, name);
@ -533,8 +532,7 @@ void DetectPktMpmRegister(const char *name,
DetectBufferTypeSupportsTransformations(name);
int sm_list = DetectBufferTypeGetByName(name);
if (sm_list == -1) {
FatalError(SC_ERR_INITIALIZATION,
"MPM engine registration for %s failed", name);
FatalError("MPM engine registration for %s failed", name);
}
DetectBufferMpmRegistery *am = SCCalloc(1, sizeof(*am));
@ -851,7 +849,7 @@ uint8_t PatternMatchDefaultMatcher(void)
if (mpm_algo != NULL) {
#if __BYTE_ORDER == __BIG_ENDIAN
if (strcmp(mpm_algo, "ac-ks") == 0) {
FatalError(SC_ERR_FATAL, "ac-ks does "
FatalError("ac-ks does "
"not work on big endian systems at this time.");
}
#endif
@ -870,13 +868,14 @@ uint8_t PatternMatchDefaultMatcher(void)
#ifndef BUILD_HYPERSCAN
if ((strcmp(mpm_algo, "hs") == 0)) {
FatalError(SC_EINVAL, "Hyperscan (hs) support for mpm-algo is "
"not compiled into Suricata.");
FatalError("Hyperscan (hs) support for mpm-algo is "
"not compiled into Suricata.");
}
#endif
}
FatalError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid mpm algo supplied "
"in the yaml conf file: \"%s\"", mpm_algo);
FatalError("Invalid mpm algo supplied "
"in the yaml conf file: \"%s\"",
mpm_algo);
}
done:

70
src/detect-engine-port.c
Unescape Escape View File

@ -757,7 +757,7 @@ static int DetectPortParseInsertString(const DetectEngineCtx *de_ctx,
/** parse the address */
ad = PortParse(s);
if (ad == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT," failed to parse port \"%s\"",s);
SCLogError(" failed to parse port \"%s\"", s);
return -1;
}
@ -803,7 +803,7 @@ static int DetectPortParseInsertString(const DetectEngineCtx *de_ctx,
return 0;
error:
SCLogError(SC_ERR_PORT_PARSE_INSERT_STRING,"DetectPortParseInsertString error");
SCLogError("DetectPortParseInsertString error");
if (ad != NULL)
DetectPortCleanupList(de_ctx, ad);
if (ad_any != NULL)
@ -849,8 +849,8 @@ static int DetectPortParseDo(const DetectEngineCtx *de_ctx,
int r = 0;
if (recur++ > 64) {
SCLogError(SC_ERR_PORT_ENGINE_GENERIC, "port block recursion "
"limit reached (max 64)");
SCLogError("port block recursion "
"limit reached (max 64)");
goto error;
}
@ -864,7 +864,7 @@ static int DetectPortParseDo(const DetectEngineCtx *de_ctx,
range = 1;
if (range == 1 && s[u] == '!') {
SCLogError(SC_ERR_NEGATED_VALUE_IN_PORT_RANGE,"Can't have a negated value in a range.");
SCLogError("Can't have a negated value in a range.");
return -1;
} else if (!o_set && s[u] == '!') {
SCLogDebug("negation encountered");
@ -905,10 +905,11 @@ static int DetectPortParseDo(const DetectEngineCtx *de_ctx,
if (rule_var_port == NULL)
goto error;
if (strlen(rule_var_port) == 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
"to nothing. This is likely a misconfiguration. "
"Note that a negated port needs to be quoted, "
"\"!$HTTP_PORTS\" instead of !$HTTP_PORTS. See issue #295.", s);
SCLogError("variable %s resolved "
"to nothing. This is likely a misconfiguration. "
"Note that a negated port needs to be quoted, "
"\"!$HTTP_PORTS\" instead of !$HTTP_PORTS. See issue #295.",
s);
goto error;
}
if (negate == 1 || n_set == 1) {
@ -960,8 +961,8 @@ static int DetectPortParseDo(const DetectEngineCtx *de_ctx,
SCLogDebug("%s", address);
if (AddVariableToResolveList(var_list, address) == -1) {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Found a loop in a port "
"groups declaration. This is likely a misconfiguration.");
SCLogError("Found a loop in a port "
"groups declaration. This is likely a misconfiguration.");
goto error;
}
@ -975,10 +976,11 @@ static int DetectPortParseDo(const DetectEngineCtx *de_ctx,
if (rule_var_port == NULL)
goto error;
if (strlen(rule_var_port) == 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "variable %s resolved "
"to nothing. This is likely a misconfiguration. "
"Note that a negated port needs to be quoted, "
"\"!$HTTP_PORTS\" instead of !$HTTP_PORTS. See issue #295.", s);
SCLogError("variable %s resolved "
"to nothing. This is likely a misconfiguration. "
"Note that a negated port needs to be quoted, "
"\"!$HTTP_PORTS\" instead of !$HTTP_PORTS. See issue #295.",
s);
goto error;
}
if ((negate + n_set) % 2) {
@ -1016,14 +1018,16 @@ static int DetectPortParseDo(const DetectEngineCtx *de_ctx,
}
if (depth > 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "not every port block was "
"properly closed in \"%s\", %d missing closing brackets (]). "
"Note: problem might be in a variable.", s, depth);
SCLogError("not every port block was "
"properly closed in \"%s\", %d missing closing brackets (]). "
"Note: problem might be in a variable.",
s, depth);
goto error;
} else if (depth < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "not every port block was "
"properly opened in \"%s\", %d missing opening brackets ([). "
"Note: problem might be in a variable.", s, depth*-1);
SCLogError("not every port block was "
"properly opened in \"%s\", %d missing opening brackets ([). "
"Note: problem might be in a variable.",
s, depth * -1);
goto error;
}
@ -1086,7 +1090,7 @@ static int DetectPortParseMergeNotPorts(const DetectEngineCtx *de_ctx,
/** check if the full port space is negated */
if (DetectPortIsCompletePortSpace(*nhead) == 1) {
SCLogError(SC_ERR_COMPLETE_PORT_SPACE_NEGATED,"Complete port space is negated");
SCLogError("Complete port space is negated");
goto error;
}
@ -1155,7 +1159,7 @@ static int DetectPortParseMergeNotPorts(const DetectEngineCtx *de_ctx,
}
if (*head == NULL) {
SCLogError(SC_ERR_NO_PORTS_LEFT_AFTER_MERGE,"no ports left after merging ports with negated ports");
SCLogError("no ports left after merging ports with negated ports");
goto error;
}
@ -1188,10 +1192,10 @@ int DetectPortTestConfVars(void)
DetectPort *ghn = NULL;
if (seq_node->val == NULL) {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
"Port var \"%s\" probably has a sequence(something "
SCLogError("Port var \"%s\" probably has a sequence(something "
"in brackets) value set without any quotes. Please "
"quote it using \"..\".", seq_node->name);
"quote it using \"..\".",
seq_node->name);
DetectPortCleanupList(NULL, gh);
goto error;
}
@ -1203,19 +1207,17 @@ int DetectPortTestConfVars(void)
if (r < 0) {
DetectPortCleanupList(NULL, gh);
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
"failed to parse port var \"%s\" with value \"%s\". "
"Please check its syntax",
SCLogError("failed to parse port var \"%s\" with value \"%s\". "
"Please check its syntax",
seq_node->name, seq_node->val);
goto error;
}
if (DetectPortIsCompletePortSpace(ghn)) {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
"Port var - \"%s\" has the complete Port range negated "
"with its value \"%s\". Port space range is NIL. "
"Probably have a !any or a port range that supplies "
"a NULL address range",
SCLogError("Port var - \"%s\" has the complete Port range negated "
"with its value \"%s\". Port space range is NIL. "
"Probably have a !any or a port range that supplies "
"a NULL address range",
seq_node->name, seq_node->val);
DetectPortCleanupList(NULL, gh);
DetectPortCleanupList(NULL, ghn);

2
src/detect-engine-prefilter.c
Unescape Escape View File

@ -414,7 +414,7 @@ void PrefilterSetupRuleGroup(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
{
int r = PatternMatchPrepareGroup(de_ctx, sgh);
if (r != 0) {
FatalError(SC_ERR_INITIALIZATION, "failed to set up pattern matching");
FatalError("failed to set up pattern matching");
}
/* set up engines if needed - when prefilter is set to auto we run

5
src/detect-engine-register.c
Unescape Escape View File

@ -707,8 +707,9 @@ void SigTableRegisterTests(void)
"registration function.", sigmatch_table[i].name);
if (coverage_unittests)
SCLogWarning(SC_WARN_NO_UNITTESTS, "detection plugin %s has no unittest "
"registration function.", sigmatch_table[i].name);
SCLogWarning("detection plugin %s has no unittest "
"registration function.",
sigmatch_table[i].name);
}
}
}

3
src/detect-engine-sigorder.c
Unescape Escape View File

@ -98,8 +98,7 @@ static void SCSigRegisterSignatureOrderingFunc(DetectEngineCtx *de_ctx,
}
if ( (temp = SCMalloc(sizeof(SCSigOrderFunc))) == NULL) {
FatalError(SC_ERR_FATAL,
"Fatal error encountered in SCSigRegisterSignatureOrderingFunc. Exiting...");
FatalError("Fatal error encountered in SCSigRegisterSignatureOrderingFunc. Exiting...");
}
memset(temp, 0, sizeof(SCSigOrderFunc));

4
src/detect-engine-tag.c
Unescape Escape View File

@ -55,11 +55,11 @@ void TagInitCtx(void)
host_tag_id = HostStorageRegister("tag", sizeof(void *), NULL, DetectTagDataListFree);
if (host_tag_id.id == -1) {
FatalError(SC_ERR_FATAL, "Can't initiate host storage for tag");
FatalError("Can't initiate host storage for tag");
}
flow_tag_id = FlowStorageRegister("tag", sizeof(void *), NULL, DetectTagDataListFree);
if (flow_tag_id.id == -1) {
FatalError(SC_ERR_FATAL, "Can't initiate flow storage for tag");
FatalError("Can't initiate flow storage for tag");
}
}

20
src/detect-engine-threshold.c
Unescape Escape View File

@ -82,13 +82,11 @@ void ThresholdInit(void)
{
host_threshold_id = HostStorageRegister("threshold", sizeof(void *), NULL, ThresholdListFree);
if (host_threshold_id.id == -1) {
FatalError(SC_ERR_FATAL,
"Can't initiate host storage for thresholding");
FatalError("Can't initiate host storage for thresholding");
}
ippair_threshold_id = IPPairStorageRegister("threshold", sizeof(void *), NULL, ThresholdListFree);
if (ippair_threshold_id.id == -1) {
FatalError(SC_ERR_FATAL,
"Can't initiate IP pair storage for thresholding");
FatalError("Can't initiate IP pair storage for thresholding");
}
}
@ -281,7 +279,7 @@ static int ThresholdHandlePacketSuppress(Packet *p,
break;
case TRACK_RULE:
default:
SCLogError(SC_EINVAL, "track mode %d is not supported", td->track);
SCLogError("track mode %d is not supported", td->track);
break;
}
if (m == NULL)
@ -528,7 +526,7 @@ static int ThresholdHandlePacket(Packet *p, DetectThresholdEntry *lookup_tsh,
}
/* case TYPE_SUPPRESS: is not handled here */
default:
SCLogError(SC_EINVAL, "type %d is not supported", td->type);
SCLogError("type %d is not supported", td->type);
}
return ret;
}
@ -650,8 +648,7 @@ int PacketAlertThreshold(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx
void ThresholdHashInit(DetectEngineCtx *de_ctx)
{
if (SCMutexInit(&de_ctx->ths_ctx.threshold_table_lock, NULL) != 0) {
FatalError(SC_ERR_FATAL,
"Threshold: Failed to initialize hash table mutex.");
FatalError("Threshold: Failed to initialize hash table mutex.");
}
}
@ -716,10 +713,9 @@ void ThresholdHashAllocate(DetectEngineCtx *de_ctx)
de_ctx->ths_ctx.th_size = highest_signum + 1;
de_ctx->ths_ctx.th_entry = SCCalloc(de_ctx->ths_ctx.th_size, sizeof(DetectThresholdEntry *));
if (de_ctx->ths_ctx.th_entry == NULL) {
FatalError(SC_ENOMEM,
"Error allocating memory for rule "
"thresholds (tried to allocate %" PRIu32 " th_entrys for "
"rule tracking)",
FatalError("Error allocating memory for rule "
"thresholds (tried to allocate %" PRIu32 " th_entrys for "
"rule tracking)",
de_ctx->ths_ctx.th_size);
}
}

218
src/detect-engine.c
Unescape Escape View File

@ -140,21 +140,19 @@ void DetectPktInspectEngineRegister(const char *name,
DetectBufferTypeRegister(name);
const int sm_list = DetectBufferTypeGetByName(name);
if (sm_list == -1) {
FatalError(SC_ERR_INITIALIZATION,
"failed to register inspect engine %s", name);
FatalError("failed to register inspect engine %s", name);
}
if ((sm_list < DETECT_SM_LIST_MATCH) || (sm_list >= SHRT_MAX) ||
(Callback == NULL))
{
SCLogError(SC_ERR_INVALID_ARGUMENTS, "Invalid arguments");
SCLogError("Invalid arguments");
BUG_ON(1);
}
DetectEnginePktInspectionEngine *new_engine = SCCalloc(1, sizeof(*new_engine));
if (unlikely(new_engine == NULL)) {
FatalError(SC_ERR_INITIALIZATION,
"failed to register inspect engine %s: %s", name, strerror(errno));
FatalError("failed to register inspect engine %s: %s", name, strerror(errno));
}
new_engine->sm_list = (uint16_t)sm_list;
new_engine->sm_list_base = (uint16_t)sm_list;
@ -182,11 +180,11 @@ void DetectFrameInspectEngineRegister(const char *name, int dir,
DetectBufferTypeRegister(name);
const int sm_list = DetectBufferTypeGetByName(name);
if (sm_list == -1) {
FatalError(SC_ERR_INITIALIZATION, "failed to register inspect engine %s", name);
FatalError("failed to register inspect engine %s", name);
}
if ((sm_list < DETECT_SM_LIST_MATCH) || (sm_list >= SHRT_MAX) || (Callback == NULL)) {
SCLogError(SC_ERR_INVALID_ARGUMENTS, "Invalid arguments");
SCLogError("Invalid arguments");
BUG_ON(1);
}
@ -199,8 +197,7 @@ void DetectFrameInspectEngineRegister(const char *name, int dir,
DetectEngineFrameInspectionEngine *new_engine = SCCalloc(1, sizeof(*new_engine));
if (unlikely(new_engine == NULL)) {
FatalError(SC_ERR_INITIALIZATION, "failed to register inspect engine %s: %s", name,
strerror(errno));
FatalError("failed to register inspect engine %s: %s", name, strerror(errno));
}
new_engine->sm_list = (uint16_t)sm_list;
new_engine->sm_list_base = (uint16_t)sm_list;
@ -234,8 +231,7 @@ void DetectAppLayerInspectEngineRegister2(const char *name,
DetectBufferTypeRegister(name);
const int sm_list = DetectBufferTypeGetByName(name);
if (sm_list == -1) {
FatalError(SC_ERR_INITIALIZATION,
"failed to register inspect engine %s", name);
FatalError("failed to register inspect engine %s", name);
}
if ((alproto >= ALPROTO_FAILED) ||
@ -244,11 +240,11 @@ void DetectAppLayerInspectEngineRegister2(const char *name,
(progress < 0 || progress >= SHRT_MAX) ||
(Callback2 == NULL))
{
SCLogError(SC_ERR_INVALID_ARGUMENTS, "Invalid arguments");
SCLogError("Invalid arguments");
BUG_ON(1);
} else if (Callback2 == DetectEngineInspectBufferGeneric && GetData == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENTS, "Invalid arguments: must register "
"GetData with DetectEngineInspectBufferGeneric");
SCLogError("Invalid arguments: must register "
"GetData with DetectEngineInspectBufferGeneric");
BUG_ON(1);
}
@ -422,11 +418,11 @@ void DetectEngineFrameInspectEngineRegister(DetectEngineCtx *de_ctx, const char
{
const int sm_list = DetectEngineBufferTypeRegister(de_ctx, name);
if (sm_list < 0) {
FatalError(SC_ERR_INITIALIZATION, "failed to register inspect engine %s", name);
FatalError("failed to register inspect engine %s", name);
}
if ((sm_list < DETECT_SM_LIST_MATCH) || (sm_list >= SHRT_MAX) || (Callback == NULL)) {
SCLogError(SC_ERR_INVALID_ARGUMENTS, "Invalid arguments");
SCLogError("Invalid arguments");
BUG_ON(1);
}
@ -439,8 +435,7 @@ void DetectEngineFrameInspectEngineRegister(DetectEngineCtx *de_ctx, const char
DetectEngineFrameInspectionEngine *new_engine = SCCalloc(1, sizeof(*new_engine));
if (unlikely(new_engine == NULL)) {
FatalError(SC_ERR_INITIALIZATION, "failed to register inspect engine %s: %s", name,
strerror(errno));
FatalError("failed to register inspect engine %s: %s", name, strerror(errno));
}
new_engine->sm_list = (uint16_t)sm_list;
new_engine->sm_list_base = (uint16_t)sm_list;
@ -970,9 +965,8 @@ static void DetectBufferTypeFreeFunc(void *data)
if (map->transforms.transforms[i].options == NULL)
continue;
if (sigmatch_table[map->transforms.transforms[i].transform].Free == NULL) {
SCLogError(SC_ERR_UNIMPLEMENTED,
"%s allocates transform option memory but has no free routine",
sigmatch_table[map->transforms.transforms[i].transform].name);
SCLogError("%s allocates transform option memory but has no free routine",
sigmatch_table[map->transforms.transforms[i].transform].name);
continue;
}
sigmatch_table[map->transforms.transforms[i].transform].Free(NULL, map->transforms.transforms[i].options);
@ -1316,9 +1310,9 @@ int DetectBufferGetActiveList(DetectEngineCtx *de_ctx, Signature *s)
if (s->init_data->list && s->init_data->transforms.cnt) {
if (s->init_data->list == DETECT_SM_LIST_NOTSET ||
s->init_data->list < DETECT_SM_LIST_DYNAMIC_START) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "previous transforms not consumed "
"(list: %u, transform_cnt %u)", s->init_data->list,
s->init_data->transforms.cnt);
SCLogError("previous transforms not consumed "
"(list: %u, transform_cnt %u)",
s->init_data->list, s->init_data->transforms.cnt);
SCReturnInt(-1);
}
@ -1669,8 +1663,7 @@ int DetectEngineBufferTypeGetByIdTransforms(
return -1;
}
if (!base_map->supports_transforms) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "buffer '%s' does not support transformations",
base_map->name);
SCLogError("buffer '%s' does not support transformations", base_map->name);
return -1;
}
@ -2220,7 +2213,7 @@ static int DetectEngineReloadThreads(DetectEngineCtx *new_de_ctx)
new_det_ctx[i] = DetectEngineThreadCtxInitForReload(tv, new_de_ctx, 1);
if (new_det_ctx[i] == NULL) {
SCLogError(SC_ERR_LIVE_RULE_SWAP, "Detect engine thread init "
SCLogError("Detect engine thread init "
"failure in live rule swap. Let's get out of here");
SCMutexUnlock(&tv_root_lock);
goto error;
@ -2563,9 +2556,8 @@ static int DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx)
} else if (strcmp(de_ctx_profile, "custom") == 0) {
profile = ENGINE_PROFILE_CUSTOM;
} else {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
"invalid value for detect.profile: '%s'. "
"Valid options: low, medium, high and custom.",
SCLogError("invalid value for detect.profile: '%s'. "
"Valid options: low, medium, high and custom.",
de_ctx_profile);
return -1;
}
@ -2595,10 +2587,11 @@ static int DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx)
} else if (strcmp(sgh_mpm_context, "full") == 0) {
de_ctx->sgh_mpm_ctx_cnf = ENGINE_SGH_MPM_FACTORY_CONTEXT_FULL;
} else {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "You have supplied an "
"invalid conf value for detect-engine.sgh-mpm-context-"
"%s", sgh_mpm_context);
exit(EXIT_FAILURE);
SCLogError("You have supplied an "
"invalid conf value for detect-engine.sgh-mpm-context-"
"%s",
sgh_mpm_context);
exit(EXIT_FAILURE);
}
}
@ -2653,10 +2646,9 @@ static int DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx)
(const char *)max_uniq_toclient_groups_str) <= 0) {
de_ctx->max_uniq_toclient_groups = 20;
SCLogWarning(SC_ERR_SIZE_PARSE, "parsing '%s' for "
"toclient-groups failed, using %u",
max_uniq_toclient_groups_str,
de_ctx->max_uniq_toclient_groups);
SCLogWarning("parsing '%s' for "
"toclient-groups failed, using %u",
max_uniq_toclient_groups_str, de_ctx->max_uniq_toclient_groups);
}
} else {
de_ctx->max_uniq_toclient_groups = 20;
@ -2669,10 +2661,9 @@ static int DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx)
(const char *)max_uniq_toserver_groups_str) <= 0) {
de_ctx->max_uniq_toserver_groups = 40;
SCLogWarning(SC_ERR_SIZE_PARSE, "parsing '%s' for "
"toserver-groups failed, using %u",
max_uniq_toserver_groups_str,
de_ctx->max_uniq_toserver_groups);
SCLogWarning("parsing '%s' for "
"toserver-groups failed, using %u",
max_uniq_toserver_groups_str, de_ctx->max_uniq_toserver_groups);
}
} else {
de_ctx->max_uniq_toserver_groups = 40;
@ -2709,8 +2700,8 @@ static int DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx)
insp_recursion_limit_node = ConfNodeLookupChild(opt, opt->val);
if (insp_recursion_limit_node == NULL) {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Error retrieving conf "
"entry for detect-engine:inspection-recursion-limit");
SCLogError("Error retrieving conf "
"entry for detect-engine:inspection-recursion-limit");
break;
}
insp_recursion_limit = insp_recursion_limit_node->val;
@ -2722,10 +2713,9 @@ static int DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx)
if (insp_recursion_limit != NULL) {
if (StringParseInt32(&de_ctx->inspection_recursion_limit, 10,
0, (const char *)insp_recursion_limit) < 0) {
SCLogWarning(SC_EINVAL,
"Invalid value for "
"detect-engine.inspection-recursion-limit: %s "
"resetting to %d",
SCLogWarning("Invalid value for "
"detect-engine.inspection-recursion-limit: %s "
"resetting to %d",
insp_recursion_limit, DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT);
de_ctx->inspection_recursion_limit =
DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT;
@ -2755,14 +2745,16 @@ static int DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx)
}
if (DetectPortParse(de_ctx, &de_ctx->tcp_whitelist, ports) != 0) {
SCLogWarning(SC_ERR_INVALID_YAML_CONF_ENTRY, "'%s' is not a valid value "
"for detect.grouping.tcp-whitelist", ports);
SCLogWarning("'%s' is not a valid value "
"for detect.grouping.tcp-whitelist",
ports);
}
DetectPort *x = de_ctx->tcp_whitelist;
for ( ; x != NULL; x = x->next) {
if (x->port != x->port2) {
SCLogWarning(SC_ERR_INVALID_YAML_CONF_ENTRY, "'%s' is not a valid value "
"for detect.grouping.tcp-whitelist: only single ports allowed", ports);
SCLogWarning("'%s' is not a valid value "
"for detect.grouping.tcp-whitelist: only single ports allowed",
ports);
DetectPortCleanupList(de_ctx, de_ctx->tcp_whitelist);
de_ctx->tcp_whitelist = NULL;
break;
@ -2779,15 +2771,15 @@ static int DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx)
}
if (DetectPortParse(de_ctx, &de_ctx->udp_whitelist, ports) != 0) {
SCLogWarning(SC_ERR_INVALID_YAML_CONF_ENTRY,
"'%s' is not a valid value "
"for detect.grouping.udp-whitelist",
SCLogWarning("'%s' is not a valid value "
"for detect.grouping.udp-whitelist",
ports);
}
for (x = de_ctx->udp_whitelist; x != NULL; x = x->next) {
if (x->port != x->port2) {
SCLogWarning(SC_ERR_INVALID_YAML_CONF_ENTRY, "'%s' is not a valid value "
"for detect.grouping.udp-whitelist: only single ports allowed", ports);
SCLogWarning("'%s' is not a valid value "
"for detect.grouping.udp-whitelist: only single ports allowed",
ports);
DetectPortCleanupList(de_ctx, de_ctx->udp_whitelist);
de_ctx->udp_whitelist = NULL;
break;
@ -2837,7 +2829,7 @@ static int DetectEngineThreadCtxInitGlobalKeywords(DetectEngineThreadCtx *det_ct
// coverity[suspicious_sizeof : FALSE]
det_ctx->global_keyword_ctxs_array = (void **)SCCalloc(master->keyword_id, sizeof(void *));
if (det_ctx->global_keyword_ctxs_array == NULL) {
SCLogError(SC_ERR_DETECT_PREPARE, "setting up thread local detect ctx");
SCLogError("setting up thread local detect ctx");
return TM_ECODE_FAILED;
}
det_ctx->global_keyword_ctxs_size = master->keyword_id;
@ -2846,8 +2838,9 @@ static int DetectEngineThreadCtxInitGlobalKeywords(DetectEngineThreadCtx *det_ct
while (item) {
det_ctx->global_keyword_ctxs_array[item->id] = item->InitFunc(item->data);
if (det_ctx->global_keyword_ctxs_array[item->id] == NULL) {
SCLogError(SC_ERR_DETECT_PREPARE, "setting up thread local detect ctx "
"for keyword \"%s\" failed", item->name);
SCLogError("setting up thread local detect ctx "
"for keyword \"%s\" failed",
item->name);
return TM_ECODE_FAILED;
}
item = item->next;
@ -2884,7 +2877,7 @@ static int DetectEngineThreadCtxInitKeywords(DetectEngineCtx *de_ctx, DetectEngi
// coverity[suspicious_sizeof : FALSE]
det_ctx->keyword_ctxs_array = SCMalloc(de_ctx->keyword_id * sizeof(void *));
if (det_ctx->keyword_ctxs_array == NULL) {
SCLogError(SC_ERR_DETECT_PREPARE, "setting up thread local detect ctx");
SCLogError("setting up thread local detect ctx");
return TM_ECODE_FAILED;
}
@ -2898,8 +2891,9 @@ static int DetectEngineThreadCtxInitKeywords(DetectEngineCtx *de_ctx, DetectEngi
det_ctx->keyword_ctxs_array[item->id] = item->InitFunc(item->data);
if (det_ctx->keyword_ctxs_array[item->id] == NULL) {
SCLogError(SC_ERR_DETECT_PREPARE, "setting up thread local detect ctx "
"for keyword \"%s\" failed", item->name);
SCLogError("setting up thread local detect ctx "
"for keyword \"%s\" failed",
item->name);
return TM_ECODE_FAILED;
}
}
@ -2935,8 +2929,8 @@ static TmEcode DetectEngineThreadCtxInitForMT(ThreadVars *tv, DetectEngineThread
HashTable *mt_det_ctxs_hash = NULL;
if (master->tenant_selector == TENANT_SELECTOR_UNKNOWN) {
SCLogError(SC_ERR_MT_NO_SELECTOR, "no tenant selector set: "
"set using multi-detect.selector");
SCLogError("no tenant selector set: "
"set using multi-detect.selector");
return TM_ECODE_FAILED;
}
@ -3370,7 +3364,7 @@ TmEcode DetectEngineThreadCtxDeinit(ThreadVars *tv, void *data)
DetectEngineThreadCtx *det_ctx = (DetectEngineThreadCtx *)data;
if (det_ctx == NULL) {
SCLogWarning(SC_ERR_INVALID_ARGUMENTS, "argument \"data\" NULL");
SCLogWarning("argument \"data\" NULL");
return TM_ECODE_OK;
}
@ -3670,28 +3664,27 @@ static int DetectEngineMultiTenantLoadTenant(uint32_t tenant_id, const char *fil
struct stat st;
if(stat(filename, &st) != 0) {
#endif /* OS_WIN32 */
SCLogError(SC_ERR_FOPEN, "failed to stat file %s", filename);
SCLogError("failed to stat file %s", filename);
goto error;
}
de_ctx = DetectEngineGetByTenantId(tenant_id);
if (de_ctx != NULL) {
SCLogError(SC_ERR_MT_DUPLICATE_TENANT, "tenant %u already registered",
tenant_id);
SCLogError("tenant %u already registered", tenant_id);
DetectEngineDeReference(&de_ctx);
goto error;
}
ConfNode *node = ConfGetNode(prefix);
if (node == NULL) {
SCLogError(SC_ERR_CONF_YAML_ERROR, "failed to properly setup yaml %s", filename);
SCLogError("failed to properly setup yaml %s", filename);
goto error;
}
de_ctx = DetectEngineCtxInitWithPrefix(prefix);
if (de_ctx == NULL) {
SCLogError(SC_ERR_INITIALIZATION, "initializing detection engine "
"context failed.");
SCLogError("initializing detection engine "
"context failed.");
goto error;
}
SCLogDebug("de_ctx %p with prefix %s", de_ctx, de_ctx->config_prefix);
@ -3701,7 +3694,7 @@ static int DetectEngineMultiTenantLoadTenant(uint32_t tenant_id, const char *fil
de_ctx->loader_id = loader_id;
if (SigLoadSignatures(de_ctx, NULL, 0) < 0) {
SCLogError(SC_ERR_NO_RULES_LOADED, "Loading signatures failed.");
SCLogError("Loading signatures failed.");
goto error;
}
@ -3720,7 +3713,7 @@ static int DetectEngineMultiTenantReloadTenant(uint32_t tenant_id, const char *f
{
DetectEngineCtx *old_de_ctx = DetectEngineGetByTenantId(tenant_id);
if (old_de_ctx == NULL) {
SCLogError(SC_ERR_INITIALIZATION, "tenant detect engine not found");
SCLogError("tenant detect engine not found");
return -1;
}
@ -3730,20 +3723,20 @@ static int DetectEngineMultiTenantReloadTenant(uint32_t tenant_id, const char *f
SCLogDebug("prefix %s", prefix);
if (ConfYamlLoadFileWithPrefix(filename, prefix) != 0) {
SCLogError(SC_ERR_INITIALIZATION,"failed to load yaml");
SCLogError("failed to load yaml");
goto error;
}
ConfNode *node = ConfGetNode(prefix);
if (node == NULL) {
SCLogError(SC_ERR_CONF_YAML_ERROR, "failed to properly setup yaml %s", filename);
SCLogError("failed to properly setup yaml %s", filename);
goto error;
}
DetectEngineCtx *new_de_ctx = DetectEngineCtxInitWithPrefix(prefix);
if (new_de_ctx == NULL) {
SCLogError(SC_ERR_INITIALIZATION, "initializing detection engine "
"context failed.");
SCLogError("initializing detection engine "
"context failed.");
goto error;
}
SCLogDebug("de_ctx %p with prefix %s", new_de_ctx, new_de_ctx->config_prefix);
@ -3753,7 +3746,7 @@ static int DetectEngineMultiTenantReloadTenant(uint32_t tenant_id, const char *f
new_de_ctx->loader_id = old_de_ctx->loader_id;
if (SigLoadSignatures(new_de_ctx, NULL, 0) < 0) {
SCLogError(SC_ERR_NO_RULES_LOADED, "Loading signatures failed.");
SCLogError("Loading signatures failed.");
goto error;
}
@ -3878,21 +3871,21 @@ static int DetectEngineMultiTenantSetupLoadLivedevMappings(const ConfNode *mappi
uint32_t tenant_id = 0;
if (StringParseUint32(&tenant_id, 10, (uint16_t)strlen(tenant_id_node->val),
tenant_id_node->val) < 0) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "tenant-id "
"of %s is invalid", tenant_id_node->val);
SCLogError("tenant-id "
"of %s is invalid",
tenant_id_node->val);
goto bad_mapping;
}
const char *dev = device_node->val;
LiveDevice *ld = LiveGetDevice(dev);
if (ld == NULL) {
SCLogWarning(SC_ERR_MT_NO_MAPPING, "device %s not found", dev);
SCLogWarning("device %s not found", dev);
goto bad_mapping;
}
if (ld->tenant_id_set) {
SCLogWarning(SC_ERR_MT_NO_MAPPING, "device %s already mapped to tenant-id %u",
dev, ld->tenant_id);
SCLogWarning("device %s already mapped to tenant-id %u", dev, ld->tenant_id);
goto bad_mapping;
}
@ -3937,21 +3930,24 @@ static int DetectEngineMultiTenantSetupLoadVlanMappings(const ConfNode *mappings
uint32_t tenant_id = 0;
if (StringParseUint32(&tenant_id, 10, (uint16_t)strlen(tenant_id_node->val),
tenant_id_node->val) < 0) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "tenant-id "
"of %s is invalid", tenant_id_node->val);
SCLogError("tenant-id "
"of %s is invalid",
tenant_id_node->val);
goto bad_mapping;
}
uint16_t vlan_id = 0;
if (StringParseUint16(
&vlan_id, 10, (uint16_t)strlen(vlan_id_node->val), vlan_id_node->val) < 0) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "vlan-id "
"of %s is invalid", vlan_id_node->val);
SCLogError("vlan-id "
"of %s is invalid",
vlan_id_node->val);
goto bad_mapping;
}
if (vlan_id == 0 || vlan_id >= 4095) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "vlan-id "
"of %s is invalid. Valid range 1-4094.", vlan_id_node->val);
SCLogError("vlan-id "
"of %s is invalid. Valid range 1-4094.",
vlan_id_node->val);
goto bad_mapping;
}
@ -4007,8 +4003,8 @@ int DetectEngineMultiTenantSetup(const bool unix_socket)
int vlanbool = 0;
if ((ConfGetBool("vlan.use-for-tracking", &vlanbool)) == 1 && vlanbool == 0) {
SCLogError(SC_EINVAL, "vlan tracking is disabled, "
"can't use multi-detect selector 'vlan'");
SCLogError("vlan tracking is disabled, "
"can't use multi-detect selector 'vlan'");
SCMutexUnlock(&master->lock);
goto error;
}
@ -4018,16 +4014,14 @@ int DetectEngineMultiTenantSetup(const bool unix_socket)
} else if (strcmp(handler, "device") == 0) {
tenant_selector = master->tenant_selector = TENANT_SELECTOR_LIVEDEV;
if (EngineModeIsIPS()) {
SCLogWarning(SC_ERR_MT_NO_MAPPING,
"multi-tenant 'device' mode not supported for IPS");
SCLogWarning("multi-tenant 'device' mode not supported for IPS");
SCMutexUnlock(&master->lock);
goto error;
}
} else {
SCLogError(SC_EINVAL,
"unknown value %s "
"multi-detect.selector",
SCLogError("unknown value %s "
"multi-detect.selector",
handler);
SCMutexUnlock(&master->lock);
goto error;
@ -4052,10 +4046,10 @@ int DetectEngineMultiTenantSetup(const bool unix_socket)
"tenants won't be used until mappings are added");
} else {
if (failure_fatal) {
SCLogError(SC_ERR_MT_NO_MAPPING, "no multi-detect mappings defined");
SCLogError("no multi-detect mappings defined");
goto error;
} else {
SCLogWarning(SC_ERR_MT_NO_MAPPING, "no multi-detect mappings defined");
SCLogWarning("no multi-detect mappings defined");
}
}
}
@ -4064,10 +4058,10 @@ int DetectEngineMultiTenantSetup(const bool unix_socket)
failure_fatal);
if (mapping_cnt == 0) {
if (failure_fatal) {
SCLogError(SC_ERR_MT_NO_MAPPING, "no multi-detect mappings defined");
SCLogError("no multi-detect mappings defined");
goto error;
} else {
SCLogWarning(SC_ERR_MT_NO_MAPPING, "no multi-detect mappings defined");
SCLogWarning("no multi-detect mappings defined");
}
}
}
@ -4090,8 +4084,9 @@ int DetectEngineMultiTenantSetup(const bool unix_socket)
uint32_t tenant_id = 0;
if (StringParseUint32(
&tenant_id, 10, (uint16_t)strlen(id_node->val), id_node->val) < 0) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "tenant_id "
"of %s is invalid", id_node->val);
SCLogError("tenant_id "
"of %s is invalid",
id_node->val);
goto bad_tenant;
}
SCLogDebug("tenant id: %u, %s", tenant_id, yaml_node->val);
@ -4101,7 +4096,7 @@ int DetectEngineMultiTenantSetup(const bool unix_socket)
char prefix[64];
snprintf(prefix, sizeof(prefix), "multi-detect.%u", tenant_id);
if (ConfYamlLoadFileWithPrefix(yaml_node->val, prefix) != 0) {
SCLogError(SC_ERR_CONF_YAML_ERROR, "failed to load yaml %s", yaml_node->val);
SCLogError("failed to load yaml %s", yaml_node->val);
goto bad_tenant;
}
@ -4447,15 +4442,13 @@ int DetectEngineReload(const SCInstance *suri)
if (suri->conf_filename != NULL) {
snprintf(prefix, sizeof(prefix), "detect-engine-reloads.%d", reloads++);
if (ConfYamlLoadFileWithPrefix(suri->conf_filename, prefix) != 0) {
SCLogError(SC_ERR_CONF_YAML_ERROR, "failed to load yaml %s",
suri->conf_filename);
SCLogError("failed to load yaml %s", suri->conf_filename);
return -1;
}
ConfNode *node = ConfGetNode(prefix);
if (node == NULL) {
SCLogError(SC_ERR_CONF_YAML_ERROR, "failed to properly setup yaml %s",
suri->conf_filename);
SCLogError("failed to properly setup yaml %s", suri->conf_filename);
return -1;
}
#if 0
@ -4482,8 +4475,8 @@ int DetectEngineReload(const SCInstance *suri)
/* get new detection engine */
new_de_ctx = DetectEngineCtxInitWithPrefix(prefix);
if (new_de_ctx == NULL) {
SCLogError(SC_ERR_INITIALIZATION, "initializing detection engine "
"context failed.");
SCLogError("initializing detection engine "
"context failed.");
DetectEngineDeReference(&old_de_ctx);
return -1;
}
@ -4653,8 +4646,9 @@ int DetectEngineGetEventInfo(const char *event_name, int *event_id,
{
*event_id = SCMapEnumNameToValue(event_name, det_ctx_event_table);
if (*event_id == -1) {
SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%s\" not present in "
"det_ctx's enum map table.", event_name);
SCLogError("event \"%s\" not present in "
"det_ctx's enum map table.",
event_name);
/* this should be treated as fatal */
return -1;
}

47
src/detect-fast-pattern.c
Unescape Escape View File

@ -155,7 +155,7 @@ void DetectEngineInitializeFastPatternList(DetectEngineCtx *de_ctx)
for (SCFPSupportSMList *tmp = g_fp_support_smlist_list; tmp != NULL; tmp = tmp->next) {
SCFPSupportSMList *n = SCCalloc(1, sizeof(*n));
if (n == NULL) {
FatalError(SC_ERR_FATAL, "out of memory: %s", strerror(errno));
FatalError("out of memory: %s", strerror(errno));
}
n->list_id = tmp->list_id;
n->priority = tmp->priority;
@ -221,9 +221,9 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const c
SigMatch *pm1 = DetectGetLastSMFromMpmLists(de_ctx, s);
SigMatch *pm2 = DetectGetLastSMFromLists(s, DETECT_CONTENT, -1);
if (pm1 == NULL && pm2 == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "fast_pattern found inside "
"the rule, without a content context. Please use a "
"content based keyword before using fast_pattern");
SCLogError("fast_pattern found inside "
"the rule, without a content context. Please use a "
"content based keyword before using fast_pattern");
return -1;
}
@ -247,15 +247,15 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const c
(cd->flags & DETECT_CONTENT_DEPTH))) {
/* we can't have any of these if we are having "only" */
SCLogError(SC_ERR_INVALID_SIGNATURE, "fast_pattern; cannot be "
SCLogError("fast_pattern; cannot be "
"used with negated content, along with relative modifiers");
goto error;
}
if (arg == NULL|| strcmp(arg, "") == 0) {
if (cd->flags & DETECT_CONTENT_FAST_PATTERN) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use multiple fast_pattern "
"options for the same content");
SCLogError("can't use multiple fast_pattern "
"options for the same content");
goto error;
}
else { /*allow only one content to have fast_pattern modifier*/
@ -266,8 +266,8 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const c
if (sm->type == DETECT_CONTENT) {
DetectContentData *tmp_cd = (DetectContentData *)sm->ctx;
if (tmp_cd->flags & DETECT_CONTENT_FAST_PATTERN) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "fast_pattern "
"can be used on only one content in a rule");
SCLogError("fast_pattern "
"can be used on only one content in a rule");
goto error;
}
}
@ -289,7 +289,7 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const c
(cd->flags & DETECT_CONTENT_DEPTH)) {
/* we can't have any of these if we are having "only" */
SCLogError(SC_ERR_INVALID_SIGNATURE, "fast_pattern: only; cannot be "
SCLogError("fast_pattern: only; cannot be "
"used with negated content or with any of the relative "
"modifiers like distance, within, offset, depth");
goto error;
@ -302,15 +302,16 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const c
res = pcre2_substring_copy_bynumber(
parse_regex.match, 2, (PCRE2_UCHAR8 *)arg_substr, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed "
"for fast_pattern offset");
SCLogError("pcre2_substring_copy_bynumber failed "
"for fast_pattern offset");
goto error;
}
uint16_t offset;
if (StringParseUint16(&offset, 10, 0,
(const char *)arg_substr) < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid fast pattern offset:"
" \"%s\"", arg_substr);
SCLogError("Invalid fast pattern offset:"
" \"%s\"",
arg_substr);
goto error;
}
@ -318,29 +319,30 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const c
res = pcre2_substring_copy_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 *)arg_substr, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed "
"for fast_pattern offset");
SCLogError("pcre2_substring_copy_bynumber failed "
"for fast_pattern offset");
goto error;
}
uint16_t length;
if (StringParseUint16(&length, 10, 0,
(const char *)arg_substr) < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid value for fast "
"pattern: \"%s\"", arg_substr);
SCLogError("Invalid value for fast "
"pattern: \"%s\"",
arg_substr);
goto error;
}
// Avoiding integer overflow
if (offset > (65535 - length)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Fast pattern (length + offset) "
SCLogError("Fast pattern (length + offset) "
"exceeds limit pattern length limit");
goto error;
}
if (offset + length > cd->content_len) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Fast pattern (length + "
SCLogError("Fast pattern (length + "
"offset (%u)) exceeds pattern length (%u)",
offset + length, cd->content_len);
offset + length, cd->content_len);
goto error;
}
@ -349,8 +351,7 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const c
cd->flags |= DETECT_CONTENT_FAST_PATTERN_CHOP;
} else {
SCLogError(SC_ERR_PCRE_PARSE, "parse error, ret %" PRId32
", string %s", ret, arg);
SCLogError("parse error, ret %" PRId32 ", string %s", ret, arg);
goto error;
}

6
src/detect-file-data.c
Unescape Escape View File

@ -205,14 +205,14 @@ static int DetectFiledataSetup (DetectEngineCtx *de_ctx, Signature *s, const cha
s->alproto != ALPROTO_HTTP2 && s->alproto != ALPROTO_FTP &&
s->alproto != ALPROTO_FTPDATA && s->alproto != ALPROTO_HTTP &&
s->alproto != ALPROTO_NFS)) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords.");
SCLogError("rule contains conflicting keywords.");
return -1;
}
if (s->alproto == ALPROTO_SMTP && (s->init_data->init_flags & SIG_FLAG_INIT_FLOW) &&
!(s->flags & SIG_FLAG_TOSERVER) && (s->flags & SIG_FLAG_TOCLIENT)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Can't use file_data with "
"flow:to_client or flow:from_server with smtp.");
SCLogError("Can't use file_data with "
"flow:to_client or flow:from_server with smtp.");
return -1;
}

11
src/detect-file-hash-common.c
Unescape Escape View File

@ -48,8 +48,7 @@ int ReadHashString(uint8_t *hash, const char *string, const char *filename, int
uint16_t expected_len)
{
if (strlen(string) != expected_len) {
SCLogError(SC_ERR_INVALID_HASH, "%s:%d hash string not %d characters",
filename, line_no, expected_len);
SCLogError("%s:%d hash string not %d characters", filename, line_no, expected_len);
return -1;
}
@ -63,8 +62,7 @@ int ReadHashString(uint8_t *hash, const char *string, const char *filename, int
if (value >= 0 && value <= 255)
hash[x] = (uint8_t)value;
else {
SCLogError(SC_ERR_INVALID_HASH, "%s:%d hash byte out of range %ld",
filename, line_no, value);
SCLogError("%s:%d hash byte out of range %ld", filename, line_no, value);
return -1;
}
}
@ -250,15 +248,14 @@ static DetectFileHashData *DetectFileHashParse (const DetectEngineCtx *de_ctx,
snprintf(path, sizeof(path), "%s/%s", dir, str);
fp = fopen(path, "r");
if (fp == NULL) {
SCLogError(SC_ERR_OPENING_RULE_FILE,
"opening hash file %s: %s", path, strerror(errno));
SCLogError("opening hash file %s: %s", path, strerror(errno));
goto error;
}
}
}
if (fp == NULL) {
#endif
SCLogError(SC_ERR_OPENING_RULE_FILE, "opening hash file %s: %s", filename, strerror(errno));
SCLogError("opening hash file %s: %s", filename, strerror(errno));
goto error;
#ifdef HAVE_LIBGEN_H
}

4
src/detect-filemagic.c
Unescape Escape View File

@ -61,7 +61,7 @@
static int DetectFilemagicSetupNoSupport (DetectEngineCtx *de_ctx, Signature *s, const char *str)
{
SCLogError(SC_ERR_NO_MAGIC_SUPPORT, "no libmagic support built in, needed for filemagic keyword");
SCLogError("no libmagic support built in, needed for filemagic keyword");
return -1;
}
@ -325,7 +325,7 @@ static void *DetectFilemagicThreadInit(void *data /*@unused@*/)
{
DetectFilemagicThreadData *t = SCCalloc(1, sizeof(DetectFilemagicThreadData));
if (unlikely(t == NULL)) {
SCLogError(SC_ENOMEM, "couldn't alloc ctx memory");
SCLogError("couldn't alloc ctx memory");
return NULL;
}

13
src/detect-filestore.c
Unescape Escape View File

@ -338,7 +338,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch
de_ctx->version);
}
if (!RequiresFeature(FEATURE_OUTPUT_FILESTORE)) {
SCLogWarning(SC_WARN_ALERT_CONFIG, "One or more rule(s) depends on the "
SCLogWarning("One or more rule(s) depends on the "
"file-store output log which is not enabled. "
"Enable the output \"file-store\".");
}
@ -354,8 +354,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch
/* filestore and bypass keywords can't work together */
if (s->flags & SIG_FLAG_BYPASS) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS,
"filestore can't work with bypass keyword");
SCLogError("filestore can't work with bypass keyword");
return -1;
}
@ -373,7 +372,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch
ret = DetectParsePcreExec(&parse_regex, str, 0, 0);
if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 ", string %s", ret, str);
SCLogError("parse error, ret %" PRId32 ", string %s", ret, str);
goto error;
}
@ -382,7 +381,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch
res = pcre2_substring_copy_bynumber(
parse_regex.match, 1, (PCRE2_UCHAR8 *)str_0, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
}
args[0] = (char *)str_0;
@ -392,7 +391,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch
res = pcre2_substring_copy_bynumber(
parse_regex.match, 2, (PCRE2_UCHAR8 *)str_1, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
}
args[1] = (char *)str_1;
@ -402,7 +401,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch
res = pcre2_substring_copy_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 *)str_2, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
}
args[2] = (char *)str_2;

52
src/detect-flow.c
Unescape Escape View File

@ -179,7 +179,7 @@ static DetectFlowData *DetectFlowParse (DetectEngineCtx *de_ctx, const char *flo
ret = DetectParsePcreExec(&parse_regex, flowstr, 0, 0);
if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 ", string %s", ret, flowstr);
SCLogError("parse error, ret %" PRId32 ", string %s", ret, flowstr);
goto error;
}
@ -187,7 +187,7 @@ static DetectFlowData *DetectFlowParse (DetectEngineCtx *de_ctx, const char *flo
pcre2len = sizeof(str1);
res = SC_Pcre2SubstringCopy(parse_regex.match, 1, (PCRE2_UCHAR8 *)str1, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
}
args[0] = (char *)str1;
@ -197,7 +197,7 @@ static DetectFlowData *DetectFlowParse (DetectEngineCtx *de_ctx, const char *flo
res = pcre2_substring_copy_bynumber(
parse_regex.match, 2, (PCRE2_UCHAR8 *)str2, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
}
args[1] = (char *)str2;
@ -207,7 +207,7 @@ static DetectFlowData *DetectFlowParse (DetectEngineCtx *de_ctx, const char *flo
res = pcre2_substring_copy_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 *)str3, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
}
args[2] = (char *)str3;
@ -226,87 +226,91 @@ static DetectFlowData *DetectFlowParse (DetectEngineCtx *de_ctx, const char *flo
/* inspect our options and set the flags */
if (strcasecmp(args[i], "established") == 0) {
if (fd->flags & DETECT_FLOW_FLAG_ESTABLISHED) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "DETECT_FLOW_FLAG_ESTABLISHED flag is already set");
SCLogError("DETECT_FLOW_FLAG_ESTABLISHED flag is already set");
goto error;
} else if (fd->flags & DETECT_FLOW_FLAG_STATELESS) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "DETECT_FLOW_FLAG_STATELESS already set");
SCLogError("DETECT_FLOW_FLAG_STATELESS already set");
goto error;
}
fd->flags |= DETECT_FLOW_FLAG_ESTABLISHED;
} else if (strcasecmp(args[i], "not_established") == 0) {
if (fd->flags & DETECT_FLOW_FLAG_NOT_ESTABLISHED) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "DETECT_FLOW_FLAG_NOT_ESTABLISHED flag is already set");
SCLogError("DETECT_FLOW_FLAG_NOT_ESTABLISHED flag is already set");
goto error;
} else if (fd->flags & DETECT_FLOW_FLAG_NOT_ESTABLISHED) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set DETECT_FLOW_FLAG_NOT_ESTABLISHED, DETECT_FLOW_FLAG_ESTABLISHED already set");
SCLogError("cannot set DETECT_FLOW_FLAG_NOT_ESTABLISHED, "
"DETECT_FLOW_FLAG_ESTABLISHED already set");
goto error;
}
fd->flags |= DETECT_FLOW_FLAG_NOT_ESTABLISHED;
} else if (strcasecmp(args[i], "stateless") == 0) {
if (fd->flags & DETECT_FLOW_FLAG_STATELESS) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "DETECT_FLOW_FLAG_STATELESS flag is already set");
SCLogError("DETECT_FLOW_FLAG_STATELESS flag is already set");
goto error;
} else if (fd->flags & DETECT_FLOW_FLAG_ESTABLISHED) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set DETECT_FLOW_FLAG_STATELESS, DETECT_FLOW_FLAG_ESTABLISHED already set");
SCLogError("cannot set DETECT_FLOW_FLAG_STATELESS, "
"DETECT_FLOW_FLAG_ESTABLISHED already set");
goto error;
}
fd->flags |= DETECT_FLOW_FLAG_STATELESS;
} else if (strcasecmp(args[i], "to_client") == 0 || strcasecmp(args[i], "from_server") == 0) {
if (fd->flags & DETECT_FLOW_FLAG_TOCLIENT) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set DETECT_FLOW_FLAG_TOCLIENT flag is already set");
SCLogError("cannot set DETECT_FLOW_FLAG_TOCLIENT flag is already set");
goto error;
} else if (fd->flags & DETECT_FLOW_FLAG_TOSERVER) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set to_client, DETECT_FLOW_FLAG_TOSERVER already set");
SCLogError("cannot set to_client, DETECT_FLOW_FLAG_TOSERVER already set");
goto error;
}
fd->flags |= DETECT_FLOW_FLAG_TOCLIENT;
} else if (strcasecmp(args[i], "to_server") == 0 || strcasecmp(args[i], "from_client") == 0){
if (fd->flags & DETECT_FLOW_FLAG_TOSERVER) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set DETECT_FLOW_FLAG_TOSERVER flag is already set");
SCLogError("cannot set DETECT_FLOW_FLAG_TOSERVER flag is already set");
goto error;
} else if (fd->flags & DETECT_FLOW_FLAG_TOCLIENT) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set to_server, DETECT_FLOW_FLAG_TO_CLIENT flag already set");
SCLogError("cannot set to_server, DETECT_FLOW_FLAG_TO_CLIENT flag already set");
goto error;
}
fd->flags |= DETECT_FLOW_FLAG_TOSERVER;
} else if (strcasecmp(args[i], "only_stream") == 0) {
if (fd->flags & DETECT_FLOW_FLAG_ONLYSTREAM) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set only_stream flag is already set");
SCLogError("cannot set only_stream flag is already set");
goto error;
} else if (fd->flags & DETECT_FLOW_FLAG_NOSTREAM) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set only_stream flag, DETECT_FLOW_FLAG_NOSTREAM already set");
SCLogError(
"cannot set only_stream flag, DETECT_FLOW_FLAG_NOSTREAM already set");
goto error;
}
fd->flags |= DETECT_FLOW_FLAG_ONLYSTREAM;
} else if (strcasecmp(args[i], "no_stream") == 0) {
if (fd->flags & DETECT_FLOW_FLAG_NOSTREAM) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set no_stream flag is already set");
SCLogError("cannot set no_stream flag is already set");
goto error;
} else if (fd->flags & DETECT_FLOW_FLAG_ONLYSTREAM) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set no_stream flag, DETECT_FLOW_FLAG_ONLYSTREAM already set");
SCLogError(
"cannot set no_stream flag, DETECT_FLOW_FLAG_ONLYSTREAM already set");
goto error;
}
fd->flags |= DETECT_FLOW_FLAG_NOSTREAM;
} else if (strcasecmp(args[i], "no_frag") == 0) {
if (fd->flags & DETECT_FLOW_FLAG_NO_FRAG) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set no_frag flag is already set");
SCLogError("cannot set no_frag flag is already set");
goto error;
} else if (fd->flags & DETECT_FLOW_FLAG_ONLY_FRAG) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set no_frag flag, only_frag already set");
SCLogError("cannot set no_frag flag, only_frag already set");
goto error;
}
fd->flags |= DETECT_FLOW_FLAG_NO_FRAG;
} else if (strcasecmp(args[i], "only_frag") == 0) {
if (fd->flags & DETECT_FLOW_FLAG_ONLY_FRAG) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set only_frag flag is already set");
SCLogError("cannot set only_frag flag is already set");
goto error;
} else if (fd->flags & DETECT_FLOW_FLAG_NO_FRAG) {
SCLogError(SC_ERR_FLAGS_MODIFIER, "cannot set only_frag flag, no_frag already set");
SCLogError("cannot set only_frag flag, no_frag already set");
goto error;
}
fd->flags |= DETECT_FLOW_FLAG_ONLY_FRAG;
} else {
SCLogError(SC_EINVAL, "invalid flow option \"%s\"", args[i]);
SCLogError("invalid flow option \"%s\"", args[i]);
goto error;
}
@ -368,7 +372,7 @@ int DetectFlowSetup (DetectEngineCtx *de_ctx, Signature *s, const char *flowstr)
{
/* ensure only one flow option */
if (s->init_data->init_flags & SIG_FLAG_INIT_FLOW) {
SCLogError (SC_ERR_INVALID_SIGNATURE, "A signature may have only one flow option.");
SCLogError("A signature may have only one flow option.");
return -1;
}

27
src/detect-flowbits.c
Unescape Escape View File

@ -97,13 +97,14 @@ static int FlowbitOrAddData(DetectEngineCtx *de_ctx, DetectFlowbitsData *cd, cha
// Check for spaces in between the flowbit names
if (strchr(token, ' ') != NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Spaces are not allowed in flowbit names.");
SCLogError("Spaces are not allowed in flowbit names.");
return -1;
}
if (i == MAX_TOKENS) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Number of flowbits exceeds "
"maximum allowed: %d.", MAX_TOKENS);
SCLogError("Number of flowbits exceeds "
"maximum allowed: %d.",
MAX_TOKENS);
return -1;
}
strarr[i++] = token;
@ -207,7 +208,7 @@ int DetectFlowbitMatch (DetectEngineThreadCtx *det_ctx, Packet *p,
case DETECT_FLOWBITS_CMD_TOGGLE:
return DetectFlowbitMatchToggle(p,fd);
default:
SCLogError(SC_ERR_UNKNOWN_VALUE, "unknown cmd %" PRIu32 "", fd->cmd);
SCLogError("unknown cmd %" PRIu32 "", fd->cmd);
return 0;
}
@ -222,15 +223,14 @@ static int DetectFlowbitParse(const char *str, char *cmd, int cmd_len, char *nam
count = DetectParsePcreExec(&parse_regex, str, 0, 0);
if (count != 2 && count != 3) {
SCLogError(SC_ERR_PCRE_MATCH,
"\"%s\" is not a valid setting for flowbits.", str);
SCLogError("\"%s\" is not a valid setting for flowbits.", str);
return 0;
}
pcre2len = cmd_len;
rc = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)cmd, &pcre2len);
if (rc < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
SCLogError("pcre2_substring_copy_bynumber failed");
return 0;
}
@ -238,7 +238,7 @@ static int DetectFlowbitParse(const char *str, char *cmd, int cmd_len, char *nam
pcre2len = name_len;
rc = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)name, &pcre2len);
if (rc < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
SCLogError("pcre2_substring_copy_bynumber failed");
return 0;
}
@ -251,8 +251,7 @@ static int DetectFlowbitParse(const char *str, char *cmd, int cmd_len, char *nam
/* Validate name, spaces are not allowed. */
for (size_t i = 0; i < strlen(name); i++) {
if (isblank(name[i])) {
SCLogError(SC_ERR_INVALID_SIGNATURE,
"spaces not allowed in flowbit names");
SCLogError("spaces not allowed in flowbit names");
return 0;
}
}
@ -287,7 +286,7 @@ int DetectFlowbitSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawst
} else if (strcmp(fb_cmd_str,"toggle") == 0) {
fb_cmd = DETECT_FLOWBITS_CMD_TOGGLE;
} else {
SCLogError(SC_ERR_UNKNOWN_VALUE, "ERROR: flowbits action \"%s\" is not supported.", fb_cmd_str);
SCLogError("ERROR: flowbits action \"%s\" is not supported.", fb_cmd_str);
goto error;
}
@ -417,7 +416,7 @@ int DetectFlowbitsAnalyze(DetectEngineCtx *de_ctx)
struct FBAnalyze *array = SCCalloc(array_size, sizeof(struct FBAnalyze));
if (array == NULL) {
SCLogError(SC_ENOMEM, "Unable to allocate flowbit analyze array");
SCLogError("Unable to allocate flowbit analyze array");
return -1;
}
@ -587,8 +586,8 @@ int DetectFlowbitsAnalyze(DetectEngineCtx *de_ctx)
array[i].cnts[DETECT_FLOWBITS_CMD_SET] == 0) {
const Signature *s = de_ctx->sig_array[array[i].isset_sids[0]];
SCLogWarning(SC_WARN_FLOWBIT, "flowbit '%s' is checked but not "
"set. Checked in %u and %u other sigs",
SCLogWarning("flowbit '%s' is checked but not "
"set. Checked in %u and %u other sigs",
varname, s->id, array[i].isset_sids_idx - 1);
}
if (array[i].state_cnts[DETECT_FLOWBITS_CMD_ISSET] &&

14
src/detect-flowint.c
Unescape Escape View File

@ -238,21 +238,21 @@ static DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx, const char
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 3 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for flowint(ret = %d).", rawstr, ret);
SCLogError("\"%s\" is not a valid setting for flowint(ret = %d).", rawstr, ret);
return NULL;
}
/* Get our flowint varname */
res = pcre2_substring_get_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0 || str_ptr == NULL) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
}
varname = (char *)str_ptr;
res = pcre2_substring_get_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0 || str_ptr == NULL) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
}
modstr = (char *)str_ptr;
@ -283,7 +283,7 @@ static DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx, const char
modifier = FLOWINT_MODIFIER_NOTSET;
if (modifier == FLOWINT_MODIFIER_UNKNOWN) {
SCLogError(SC_ERR_UNKNOWN_VALUE, "Unknown modifier");
SCLogError("Unknown modifier");
goto error;
}
@ -300,7 +300,7 @@ static DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx, const char
parse_regex.match, 3, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
varval = (char *)str_ptr;
if (res < 0 || varval == NULL || strcmp(varval, "") == 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
}
@ -317,7 +317,7 @@ static DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx, const char
sfd->targettype = FLOWINT_TARGET_VAR;
sfd->target.tvar.name = SCStrdup(varval);
if (unlikely(sfd->target.tvar.name == NULL)) {
SCLogError(SC_ENOMEM, "malloc from strdup failed");
SCLogError("malloc from strdup failed");
goto error;
}
}
@ -328,7 +328,7 @@ static DetectFlowintData *DetectFlowintParse(DetectEngineCtx *de_ctx, const char
/* Set the name of the origin var to modify/compared with the target */
sfd->name = SCStrdup(varname);
if (unlikely(sfd->name == NULL)) {
SCLogError(SC_ENOMEM, "malloc from strdup failed");
SCLogError("malloc from strdup failed");
goto error;
}
sfd->idx = VarNameStoreSetupAdd(varname, VAR_TYPE_FLOW_INT);

6
src/detect-flowvar.c
Unescape Escape View File

@ -124,14 +124,14 @@ static int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret != 3) {
SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for flowvar.", rawstr);
SCLogError("\"%s\" is not a valid setting for flowvar.", rawstr);
return -1;
}
pcre2len = sizeof(varname);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)varname, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
SCLogError("pcre2_substring_copy_bynumber failed");
return -1;
}
@ -139,7 +139,7 @@ static int DetectFlowvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char
res = pcre2_substring_copy_bynumber(
parse_regex.match, 2, (PCRE2_UCHAR8 *)varcontent, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
SCLogError("pcre2_substring_copy_bynumber failed");
return -1;
}

6
src/detect-fragbits.c
Unescape Escape View File

@ -178,14 +178,14 @@ static DetectFragBitsData *DetectFragBitsParse (const char *rawstr)
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 1) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
goto error;
}
for (i = 0; i < (ret - 1); i++) {
res = SC_Pcre2SubstringGet(parse_regex.match, i + 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed %d", res);
SCLogError("pcre2_substring_get_bynumber failed %d", res);
goto error;
}
@ -193,7 +193,7 @@ static DetectFragBitsData *DetectFragBitsParse (const char *rawstr)
}
if (args[1] == NULL) {
SCLogError(SC_EINVAL, "invalid value");
SCLogError("invalid value");
goto error;
}

9
src/detect-fragoffset.c
Unescape Escape View File

@ -151,14 +151,14 @@ static DetectFragOffsetData *DetectFragOffsetParse (DetectEngineCtx *de_ctx, con
ret = DetectParsePcreExec(&parse_regex, fragoffsetstr, 0, 0);
if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH,"Parse error %s", fragoffsetstr);
SCLogError("Parse error %s", fragoffsetstr);
goto error;
}
for (i = 1; i < ret; i++) {
res = SC_Pcre2SubstringGet(parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
}
substr[i-1] = (char *)str_ptr;
@ -189,8 +189,9 @@ static DetectFragOffsetData *DetectFragOffsetParse (DetectEngineCtx *de_ctx, con
}
if (StringParseUint16(&fragoff->frag_off, 10, 0, substr[1]) < 0) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "specified frag offset %s is not "
"valid", substr[1]);
SCLogError("specified frag offset %s is not "
"valid",
substr[1]);
goto error;
}

11
src/detect-frame.c
Unescape Escape View File

@ -67,7 +67,7 @@ static int DetectFrameSetup(DetectEngineCtx *de_ctx, Signature *s, const char *s
const bool is_tcp = DetectProtoContainsProto(&s->proto, IPPROTO_TCP);
const bool is_udp = DetectProtoContainsProto(&s->proto, IPPROTO_UDP);
if (!(is_tcp || is_udp)) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "'frame' keyword only supported for TCP and UDP");
SCLogError("'frame' keyword only supported for TCP and UDP");
return -1;
}
@ -93,15 +93,13 @@ static int DetectFrameSetup(DetectEngineCtx *de_ctx, Signature *s, const char *s
}
if (is_short && rule_alproto == ALPROTO_UNKNOWN) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT,
"rule protocol unknown, can't use shorthand notation for frame '%s'", str);
SCLogError("rule protocol unknown, can't use shorthand notation for frame '%s'", str);
return -1;
} else if (rule_alproto == ALPROTO_UNKNOWN) {
if (DetectSignatureSetAppProto(s, keyword_alproto) < 0)
return -1;
} else if (!AppProtoEquals(rule_alproto, keyword_alproto)) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT,
"frame '%s' protocol '%s' mismatch with rule protocol '%s'", str,
SCLogError("frame '%s' protocol '%s' mismatch with rule protocol '%s'", str,
AppProtoToString(keyword_alproto), AppProtoToString(s->alproto));
return -1;
}
@ -113,8 +111,7 @@ static int DetectFrameSetup(DetectEngineCtx *de_ctx, Signature *s, const char *s
if (is_udp && raw_frame_type < 0)
raw_frame_type = AppLayerParserGetFrameIdByName(IPPROTO_UDP, keyword_alproto, frame_str);
if (raw_frame_type < 0) {
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "unknown frame '%s' for protocol '%s'", frame_str,
proto);
SCLogError("unknown frame '%s' for protocol '%s'", frame_str, proto);
return -1;
}
BUG_ON(raw_frame_type >= UINT8_MAX);

6
src/detect-ftpdata.c
Unescape Escape View File

@ -134,14 +134,14 @@ static DetectFtpdataData *DetectFtpdataParse(const char *ftpcommandstr)
int ret = DetectParsePcreExec(&parse_regex, ftpcommandstr, 0, 0);
if (ret != 2) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret);
SCLogError("parse error, ret %" PRId32 "", ret);
goto error;
}
pcre2len = sizeof(arg1);
int res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
}
SCLogDebug("Arg1 \"%s\"", arg1);
@ -154,7 +154,7 @@ static DetectFtpdataData *DetectFtpdataParse(const char *ftpcommandstr)
} else if (!strcmp(arg1, "retr")) {
ftpcommandd->command = FTP_COMMAND_RETR;
} else {
SCLogError(SC_ERR_NOT_SUPPORTED, "Invalid command value");
SCLogError("Invalid command value");
goto error;
}

12
src/detect-geoip.c
Unescape Escape View File

@ -43,7 +43,7 @@
static int DetectGeoipSetupNoSupport (DetectEngineCtx *a, Signature *b, const char *c)
{
SCLogError(SC_ERR_NO_GEOIP_SUPPORT, "no GeoIP support built in, needed for geoip keyword");
SCLogError("no GeoIP support built in, needed for geoip keyword");
return -1;
}
@ -103,7 +103,7 @@ static bool InitGeolocationEngine(DetectGeoipData *geoipdata)
(void)ConfGet("geoip-database", &filename);
if (filename == NULL) {
SCLogWarning(SC_ERR_INVALID_ARGUMENT, "Unable to locate a GeoIP2"
SCLogWarning("Unable to locate a GeoIP2"
"database filename in YAML conf. GeoIP rule matching "
"is disabled.");
geoipdata->mmdb_status = MMDB_FILE_OPEN_ERROR;
@ -118,9 +118,9 @@ static bool InitGeolocationEngine(DetectGeoipData *geoipdata)
return true;
}
SCLogWarning(SC_ERR_INVALID_ARGUMENT, "Failed to open GeoIP2 database: %s. "
"Error was: %s. GeoIP rule matching is disabled.", filename,
MMDB_strerror(status));
SCLogWarning("Failed to open GeoIP2 database: %s. "
"Error was: %s. GeoIP rule matching is disabled.",
filename, MMDB_strerror(status));
geoipdata->mmdb_status = status;
return false;
}
@ -351,7 +351,7 @@ static DetectGeoipData *DetectGeoipDataParse (DetectEngineCtx *de_ctx, const cha
}
if (geoipdata->nlocations >= GEOOPTION_MAXLOCATIONS) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "too many arguements for geoip keyword");
SCLogError("too many arguements for geoip keyword");
goto error;
}

4
src/detect-gid.c
Unescape Escape View File

@ -75,12 +75,12 @@ static int DetectGidSetup (DetectEngineCtx *de_ctx, Signature *s, const char *ra
char *endptr = NULL;
gid = strtoul(rawstr, &endptr, 10);
if (endptr == NULL || *endptr != '\0') {
SCLogError(SC_ERR_INVALID_SIGNATURE, "invalid character as arg "
SCLogError("invalid character as arg "
"to gid keyword");
goto error;
}
if (gid >= UINT_MAX) {
SCLogError(SC_ERR_INVALID_NUMERIC_VALUE, "gid value to high, max %u", UINT_MAX);
SCLogError("gid value to high, max %u", UINT_MAX);
goto error;
}

15
src/detect-hostbits.c
Unescape Escape View File

@ -257,7 +257,7 @@ int DetectXbitMatchHost(Packet *p, const DetectXbitsData *xd)
case DETECT_XBITS_CMD_TOGGLE:
return DetectHostbitMatchToggle(p,xd);
default:
SCLogError(SC_ERR_UNKNOWN_VALUE, "unknown cmd %" PRIu32 "", xd->cmd);
SCLogError("unknown cmd %" PRIu32 "", xd->cmd);
return 0;
}
@ -288,15 +288,14 @@ static int DetectHostbitParse(const char *str, char *cmd, int cmd_len,
count = DetectParsePcreExec(&parse_regex, str, 0, 0);
if (count != 2 && count != 3 && count != 4) {
SCLogError(SC_ERR_PCRE_MATCH,
"\"%s\" is not a valid setting for hostbits.", str);
SCLogError("\"%s\" is not a valid setting for hostbits.", str);
return 0;
}
pcre2len = cmd_len;
rc = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)cmd, &pcre2len);
if (rc < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
SCLogError("pcre2_substring_copy_bynumber failed");
return 0;
}
@ -304,7 +303,7 @@ static int DetectHostbitParse(const char *str, char *cmd, int cmd_len,
pcre2len = name_len;
rc = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)name, &pcre2len);
if (rc < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
SCLogError("pcre2_substring_copy_bynumber failed");
return 0;
}
if (count >= 4) {
@ -312,7 +311,7 @@ static int DetectHostbitParse(const char *str, char *cmd, int cmd_len,
rc = pcre2_substring_copy_bynumber(
parse_regex.match, 3, (PCRE2_UCHAR8 *)dir, &pcre2len);
if (rc < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
SCLogError("pcre2_substring_copy_bynumber failed");
return 0;
}
}
@ -342,7 +341,7 @@ int DetectHostbitSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawst
hb_dir = DETECT_XBITS_TRACK_IPDST;
else if (strcmp(hb_dir_str, "both") == 0) {
//hb_dir = DETECT_XBITS_TRACK_IPBOTH;
SCLogError(SC_ERR_UNIMPLEMENTED, "'both' not implemented");
SCLogError("'both' not implemented");
goto error;
} else {
// TODO
@ -363,7 +362,7 @@ int DetectHostbitSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawst
} else if (strcmp(fb_cmd_str,"toggle") == 0) {
fb_cmd = DETECT_XBITS_CMD_TOGGLE;
} else {
SCLogError(SC_ERR_UNKNOWN_VALUE, "ERROR: flowbits action \"%s\" is not supported.", fb_cmd_str);
SCLogError("ERROR: flowbits action \"%s\" is not supported.", fb_cmd_str);
goto error;
}

4
src/detect-http-host.c
Unescape Escape View File

@ -189,7 +189,7 @@ static bool DetectHttpHostValidateCallback(const Signature *s, const char **sige
"The hostname buffer is normalized "
"to lowercase, specifying "
"nocase is redundant.";
SCLogWarning(SC_WARN_POOR_RULE, "rule %u: %s", s->id, *sigerror);
SCLogWarning("rule %u: %s", s->id, *sigerror);
return false;
} else {
uint32_t u;
@ -202,7 +202,7 @@ static bool DetectHttpHostValidateCallback(const Signature *s, const char **sige
"uppercase characters detected for http.host. "
"The hostname buffer is normalized to lowercase, "
"please specify a lowercase pattern.";
SCLogWarning(SC_WARN_POOR_RULE, "rule %u: %s", s->id, *sigerror);
SCLogWarning("rule %u: %s", s->id, *sigerror);
return false;
}
}

8
src/detect-http-method.c
Unescape Escape View File

@ -171,19 +171,19 @@ static bool DetectHttpMethodValidateCallback(const Signature *s, const char **si
if (cd->content && cd->content_len) {
if (cd->content[cd->content_len-1] == 0x20) {
*sigerror = "http_method pattern with trailing space";
SCLogError(SC_ERR_INVALID_SIGNATURE, "%s", *sigerror);
SCLogError("%s", *sigerror);
return false;
} else if (cd->content[0] == 0x20) {
*sigerror = "http_method pattern with leading space";
SCLogError(SC_ERR_INVALID_SIGNATURE, "%s", *sigerror);
SCLogError("%s", *sigerror);
return false;
} else if (cd->content[cd->content_len-1] == 0x09) {
*sigerror = "http_method pattern with trailing tab";
SCLogError(SC_ERR_INVALID_SIGNATURE, "%s", *sigerror);
SCLogError("%s", *sigerror);
return false;
} else if (cd->content[0] == 0x09) {
*sigerror = "http_method pattern with leading tab";
SCLogError(SC_ERR_INVALID_SIGNATURE, "%s", *sigerror);
SCLogError("%s", *sigerror);
return false;
}
}

2
src/detect-http-raw-header.c
Unescape Escape View File

@ -173,7 +173,7 @@ static bool DetectHttpRawHeaderValidateCallback(const Signature *s, const char *
"inspecting request headers or flow:to_client for "
"inspecting response headers.";
SCLogError(SC_ERR_INVALID_SIGNATURE, "%s", *sigerror);
SCLogError("%s", *sigerror);
SCReturnInt(false);
}
return true;

12
src/detect-http2.c
Unescape Escape View File

@ -290,8 +290,7 @@ static int DetectHTTP2frametypeSetup (DetectEngineCtx *de_ctx, Signature *s, con
return -1;
if (!DetectHTTP2FuncParseFrameType(str, &frame_type)) {
SCLogError(SC_ERR_INVALID_SIGNATURE,
"Invalid argument \"%s\" supplied to http2.frametype keyword.", str);
SCLogError("Invalid argument \"%s\" supplied to http2.frametype keyword.", str);
return -1;
}
@ -376,8 +375,7 @@ static int DetectHTTP2errorcodeSetup (DetectEngineCtx *de_ctx, Signature *s, con
return -1;
if (!DetectHTTP2FuncParseErrorCode(str, &error_code)) {
SCLogError(SC_ERR_INVALID_SIGNATURE,
"Invalid argument \"%s\" supplied to http2.errorcode keyword.", str);
SCLogError("Invalid argument \"%s\" supplied to http2.errorcode keyword.", str);
return -1;
}
@ -933,7 +931,7 @@ static bool DetectHttp2HeaderValidateCallback(const Signature *s, const char **s
*sigerror = "Invalid http2.header string : "
"': ' is a special sequence for separation between name and value "
" and thus can only be present once";
SCLogWarning(SC_WARN_POOR_RULE, "rule %u: %s", s->id, *sigerror);
SCLogWarning("rule %u: %s", s->id, *sigerror);
return false;
}
namevaluesep = true;
@ -941,7 +939,7 @@ static bool DetectHttp2HeaderValidateCallback(const Signature *s, const char **s
*sigerror = "Invalid http2.header string : "
"':' is an escaping character for itself, "
"or space for the separation between name and value";
SCLogWarning(SC_WARN_POOR_RULE, "rule %u: %s", s->id, *sigerror);
SCLogWarning("rule %u: %s", s->id, *sigerror);
return false;
}
escaped = false;
@ -953,7 +951,7 @@ static bool DetectHttp2HeaderValidateCallback(const Signature *s, const char **s
*sigerror = "Invalid http2.header string : "
"':' is an escaping character for itself, "
"or space for the separation between name and value";
SCLogWarning(SC_WARN_POOR_RULE, "rule %u: %s", s->id, *sigerror);
SCLogWarning("rule %u: %s", s->id, *sigerror);
return false;
}
}

13
src/detect-icmp-id.c
Unescape Escape View File

@ -166,7 +166,7 @@ static DetectIcmpIdData *DetectIcmpIdParse (DetectEngineCtx *de_ctx, const char
ret = DetectParsePcreExec(&parse_regex, icmpidstr, 0, 0);
if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "Parse error %s", icmpidstr);
SCLogError("Parse error %s", icmpidstr);
goto error;
}
@ -175,7 +175,7 @@ static DetectIcmpIdData *DetectIcmpIdParse (DetectEngineCtx *de_ctx, const char
for (i = 1; i < ret; i++) {
res = SC_Pcre2SubstringGet(parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
}
substr[i-1] = (char *)str_ptr;
@ -188,20 +188,21 @@ static DetectIcmpIdData *DetectIcmpIdParse (DetectEngineCtx *de_ctx, const char
if (substr[0]!= NULL && strlen(substr[0]) != 0) {
if (substr[2] == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "Missing close quote in input");
SCLogError("Missing close quote in input");
goto error;
}
} else {
if (substr[2] != NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "Missing open quote in input");
SCLogError("Missing open quote in input");
goto error;
}
}
uint16_t id = 0;
if (StringParseUint16(&id, 10, 0, substr[1]) < 0) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "specified icmp id %s is not "
"valid", substr[1]);
SCLogError("specified icmp id %s is not "
"valid",
substr[1]);
goto error;
}
iid->id = htons(id);

13
src/detect-icmp-seq.c
Unescape Escape View File

@ -169,14 +169,14 @@ static DetectIcmpSeqData *DetectIcmpSeqParse (DetectEngineCtx *de_ctx, const cha
ret = DetectParsePcreExec(&parse_regex, icmpseqstr, 0, 0);
if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH,"Parse error %s", icmpseqstr);
SCLogError("Parse error %s", icmpseqstr);
goto error;
}
for (i = 1; i < ret; i++) {
res = SC_Pcre2SubstringGet(parse_regex.match, i, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_get_bynumber failed");
SCLogError("pcre2_substring_get_bynumber failed");
goto error;
}
substr[i-1] = (char *)str_ptr;
@ -190,20 +190,21 @@ static DetectIcmpSeqData *DetectIcmpSeqParse (DetectEngineCtx *de_ctx, const cha
if (substr[0] != NULL && strlen(substr[0]) != 0) {
if (substr[2] == NULL) {
SCLogError(SC_ERR_MISSING_QUOTE,"Missing quote in input");
SCLogError("Missing quote in input");
goto error;
}
} else {
if (substr[2] != NULL) {
SCLogError(SC_ERR_MISSING_QUOTE,"Missing quote in input");
SCLogError("Missing quote in input");
goto error;
}
}
uint16_t seq = 0;
if (StringParseUint16(&seq, 10, 0, substr[1]) < 0) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "specified icmp seq %s is not "
"valid", substr[1]);
SCLogError("specified icmp seq %s is not "
"valid",
substr[1]);
goto error;
}
iseq->seq = htons(seq);

9
src/detect-id.c
Unescape Escape View File

@ -129,9 +129,8 @@ static DetectIdData *DetectIdParse (const char *idstr)
ret = DetectParsePcreExec(&parse_regex, idstr, 0, 0);
if (ret < 1 || ret > 3) {
SCLogError(SC_EINVAL,
"invalid id option '%s'. The id option "
"value must be in the range %u - %u",
SCLogError("invalid id option '%s'. The id option "
"value must be in the range %u - %u",
idstr, DETECT_IPID_MIN, DETECT_IPID_MAX);
return NULL;
}
@ -141,7 +140,7 @@ static DetectIdData *DetectIdParse (const char *idstr)
pcre2len = sizeof(copy_str);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre2_substring_copy_bynumber failed");
SCLogError("pcre2_substring_copy_bynumber failed");
return NULL;
}
tmp_str = copy_str;
@ -155,7 +154,7 @@ static DetectIdData *DetectIdParse (const char *idstr)
/* ok, fill the id data */
if (StringParseUint16(&temp, 10, 0, (const char *)tmp_str) < 0) {
SCLogError(SC_EINVAL, "invalid id option '%s'", tmp_str);
SCLogError("invalid id option '%s'", tmp_str);
return NULL;
}

12
src/detect-ike-chosen-sa.c
Unescape Escape View File

@ -137,7 +137,7 @@ static DetectIkeChosenSaData *DetectIkeChosenSaParse(const char *rawstr)
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 3 || ret > 5) {
SCLogError(SC_ERR_PCRE_MATCH,
SCLogError(
"pcre match for ike.chosen_sa_attribute failed, should be: <sa_attribute>=<type>, "
"but was: %s; error code %d",
rawstr, ret);
@ -147,14 +147,14 @@ static DetectIkeChosenSaData *DetectIkeChosenSaParse(const char *rawstr)
pcre2len = sizeof(attribute);
res = pcre2_substring_copy_bynumber(parse_regex.match, 1, (PCRE2_UCHAR8 *)attribute, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
}
pcre2len = sizeof(value);
res = pcre2_substring_copy_bynumber(parse_regex.match, 2, (PCRE2_UCHAR8 *)value, &pcre2len);
if (res < 0) {
SCLogError(SC_ERR_PCRE_COPY_SUBSTRING, "pcre2_substring_copy_bynumber failed");
SCLogError("pcre2_substring_copy_bynumber failed");
goto error;
}
@ -167,8 +167,8 @@ static DetectIkeChosenSaData *DetectIkeChosenSaParse(const char *rawstr)
goto error;
if (ByteExtractStringUint32(&dd->sa_value, 10, strlen(value), value) <= 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "invalid input as arg "
"to ike.chosen_sa_attribute keyword");
SCLogError("invalid input as arg "
"to ike.chosen_sa_attribute keyword");
goto error;
}
@ -200,7 +200,7 @@ static int DetectIkeChosenSaSetup(DetectEngineCtx *de_ctx, Signature *s, const c
DetectIkeChosenSaData *dd = DetectIkeChosenSaParse(rawstr);
if (dd == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "Parsing \'%s\' failed", rawstr);
SCLogError("Parsing \'%s\' failed", rawstr);
goto error;
}

2
src/detect-ipopts.c
Unescape Escape View File

@ -164,7 +164,7 @@ static DetectIpOptsData *DetectIpOptsParse (const char *rawstr)
ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0);
if (ret < 1) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
SCLogError("pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
goto error;
}

Some files were not shown because too many files have changed in this diff Show More

Write Preview
Loading…
Cancel
Save