From e0ed51d0493eba78c517fb718a141dbfe57baee4 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Fri, 21 Nov 2008 13:44:45 +0100
Subject: [PATCH] Small fixes and dbg additions.

---
 src/detect.c                    | 22 +++++++++++++++++-----
 src/host.h                      | 18 ++++++++++++++++++
 src/util-bloomfilter-counting.h |  2 ++
 src/util-bloomfilter.h          |  2 ++
 src/util-hash.h                 |  1 +
 src/vips.c                      |  2 +-
 6 files changed, 41 insertions(+), 6 deletions(-)

diff --git a/src/detect.c b/src/detect.c
index 480534a753..4f8b5cb521 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -193,13 +193,15 @@ void SigLoadSignatures (void)
     }
 */
 
-//#if 0
+#define LOADSIGS
+#ifdef LOADSIGS
     int good = 0, bad = 0;
     //FILE *fp = fopen("/etc/vips/rules/bleeding-all.rules", "r");
-    FILE *fp = fopen("/home/victor/rules/all.rules", "r");
+    //FILE *fp = fopen("/home/victor/rules/all.rules", "r");
     //FILE *fp = fopen("/home/victor/rules/vips-http.sigs", "r");
     //FILE *fp = fopen("/home/victor/rules/emerging-dshield.rules", "r");
     //FILE *fp = fopen("/home/victor/rules/emerging-web.rules", "r");
+    FILE *fp = fopen("/home/victor/rules/emerging-p2p.rules", "r");
     //FILE *fp = fopen("/home/victor/rules/emerging-web-small.rules", "r");
     //FILE *fp = fopen("/home/victor/rules/web-misc.rules", "r");
     //FILE *fp = fopen("/home/victor/rules/emerging-malware.rules", "r");
@@ -234,7 +236,7 @@ void SigLoadSignatures (void)
     printf("SigLoadSignatures: %d successfully loaded from file. %d sigs failed to load\n", good, bad);
     printf("SigLoadSignatures: %u sigs with dstportany\n", DbgGetDstPortAnyCnt());
 
-//#endif
+#endif
 
     /* Setup the signature group lookup structure and
      * pattern matchers */
@@ -453,7 +455,9 @@ int SigMatchSignatures(ThreadVars *th_v, PatternMatcherThread *pmt, Packet *p)
 
                     /* only if the last matched as well, we have a hit */
                     if (sm == NULL) {
-                        //printf("Signature %u matched: %s\n", s->id, s->msg ? s->msg : "");
+                        printf("Signature %u matched: %s, flow: toserver %s toclient %s\n", s->id, s->msg ? s->msg : "",
+                             p->flowflags & FLOW_PKT_TOSERVER ? "TRUE":"FALSE",
+                             p->flowflags & FLOW_PKT_TOCLIENT ? "TRUE":"FALSE");
                         fmatch = 1;
 
                         if (!(s->flags & SIG_FLAG_NOALERT)) {
@@ -915,6 +919,10 @@ int CreateGroupedAddrList(DetectAddressGroup *srchead, int family, DetectAddress
 
     }
 
+    //for (gr = newhead->ipv4_head; gr != NULL; gr = gr->next) {
+    //    printf(" -= Address "); DetectAddressDataPrint(gr->ad); printf("\n");
+    //}
+
     return 0;
 error:
     return -1;
@@ -1015,6 +1023,10 @@ int CreateGroupedPortList(DetectPort *srchead, DetectPort **newhead, u_int32_t u
         DetectPortInsert(newhead,joingr);
     }
 
+    //for (gr = *newhead; gr != NULL; gr = gr->next) {
+    //    printf("  -= Port "); DetectPortPrint(gr); printf("\n");
+    //}
+
     return 0;
 error:
     return -1;
@@ -1953,7 +1965,7 @@ void DbgPrintSigs2(SigGroupHead *sgh) {
 
 /* shortcut for debugging. If enabled Stage5 will
  * print sigid's for all groups */
-//#define PRINTSIGS
+#define PRINTSIGS
 
 /* just printing */
 int SigAddressPrepareStage5(void) {
diff --git a/src/host.h b/src/host.h
index 0a5fdca8ec..fe644d4028 100644
--- a/src/host.h
+++ b/src/host.h
@@ -3,10 +3,28 @@
 
 #include "decode.h"
 
+#include "util-hash.h"
+#include "util-bloomfilter-counting.h"
+
+typedef struct _HostTable {
+    pthread_mutex_t m;
+
+    /* storage & lookup */
+    HashTable *hash;
+    BloomFilterCounting *bf;
+
+    u_int32_t cnt;
+} HostTable;
+
 typedef struct _Host {
+    pthread_mutex_t m;
+
     Address addr;
     u_int8_t os;
     u_int8_t reputation;
+
+    u_int64_t bytes;
+    u_int32_t pkts;
 } Host;
 
 #define HOST_OS_UNKNOWN 0
diff --git a/src/util-bloomfilter-counting.h b/src/util-bloomfilter-counting.h
index 77f1e43ab8..9909b69ce6 100644
--- a/src/util-bloomfilter-counting.h
+++ b/src/util-bloomfilter-counting.h
@@ -20,5 +20,7 @@ int BloomFilterCountingAdd(BloomFilterCounting *, void *, u_int16_t);
 int BloomFilterCountingRemove(BloomFilterCounting *, void *, u_int16_t);
 int BloomFilterCountingTest(BloomFilterCounting *, void *, u_int16_t);
 
+void BloomFilterCountingRegisterTests(void);
+
 #endif /* __BLOOMFILTERCOUNTING_H__ */
 
diff --git a/src/util-bloomfilter.h b/src/util-bloomfilter.h
index b7f07d90cc..6aedaafa46 100644
--- a/src/util-bloomfilter.h
+++ b/src/util-bloomfilter.h
@@ -18,5 +18,7 @@ void BloomFilterPrint(BloomFilter *);
 int BloomFilterAdd(BloomFilter *, void *, u_int16_t);
 int BloomFilterTest(BloomFilter *, void *, u_int16_t);
 
+void BloomFilterRegisterTests(void);
+
 #endif /* __BLOOMFILTER_H__ */
 
diff --git a/src/util-hash.h b/src/util-hash.h
index 3516950d29..28d160eb5f 100644
--- a/src/util-hash.h
+++ b/src/util-hash.h
@@ -27,6 +27,7 @@ int HashTableRemove(HashTable *, void *, u_int16_t);
 void *HashTableLookup(HashTable *, void *, u_int16_t);
 u_int32_t HashTableGenericHash(HashTable *, void *, u_int16_t);
 
+void HashTableRegisterTests(void);
 
 #endif /* __HASH_H__ */
 
diff --git a/src/vips.c b/src/vips.c
index f98cbd9a7b..c3672e33bc 100644
--- a/src/vips.c
+++ b/src/vips.c
@@ -202,7 +202,7 @@ int main(int argc, char **argv)
     BloomFilterCountingRegisterTests();
     UtRunTests();
     UtCleanup();
-    exit(1);
+    //exit(1);
 
     //LoadConfig();
     //exit(1);