aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect/datasets: implement unset command

Browse Source 
Ticket: 7195

Otherwise, Suricata aborted on such a rule
pull/11823/head
Philippe Antoine 12 months ago committed by Victor Julien
parent 1352ed68c7
commit e47598110a
4 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File

2
doc/userguide/rules/datasets.rst
Unescape Escape View File

@ -78,7 +78,7 @@ Syntax::
dataset:<cmd>,<name>,<options>;
dataset:<set|isset|isnotset>,<name> \
dataset:<set|unset|isset|isnotset>,<name> \
[, type <string|md5|sha256|ipv4|ip>, save <file name>, load <file name>, state <file name>, memcap <size>, hashsize <size>];
type <type>

20
src/datasets.c
Unescape Escape View File

@ -1751,3 +1751,23 @@ int DatasetRemoveSerialized(Dataset *set, const char *string)
return DatasetOpSerialized(set, string, DatasetRemoveString, DatasetRemoveMd5,
DatasetRemoveSha256, DatasetRemoveIPv4, DatasetRemoveIPv6);
}
int DatasetRemove(Dataset *set, const uint8_t *data, const uint32_t data_len)
{
if (set == NULL)
return -1;
switch (set->type) {
case DATASET_TYPE_STRING:
return DatasetRemoveString(set, data, data_len);
case DATASET_TYPE_MD5:
return DatasetRemoveMd5(set, data, data_len);
case DATASET_TYPE_SHA256:
return DatasetRemoveSha256(set, data, data_len);
case DATASET_TYPE_IPV4:
return DatasetRemoveIPv4(set, data, data_len);
case DATASET_TYPE_IPV6:
return DatasetRemoveIPv6(set, data, data_len);
}
return -1;
}

1
src/datasets.h
Unescape Escape View File

@ -56,6 +56,7 @@ Dataset *DatasetFind(const char *name, enum DatasetTypes type);
Dataset *DatasetGet(const char *name, enum DatasetTypes type, const char *save, const char *load,
uint64_t memcap, uint32_t hashsize);
int DatasetAdd(Dataset *set, const uint8_t *data, const uint32_t data_len);
int DatasetRemove(Dataset *set, const uint8_t *data, const uint32_t data_len);
int DatasetLookup(Dataset *set, const uint8_t *data, const uint32_t data_len);
DataRepResultType DatasetLookupwRep(Dataset *set, const uint8_t *data, const uint32_t data_len,
const DataRepType *rep);

6
src/detect-dataset.c
Unescape Escape View File

@ -96,6 +96,12 @@ int DetectDatasetBufferMatch(DetectEngineThreadCtx *det_ctx,
return 1;
break;
}
case DETECT_DATASET_CMD_UNSET: {
int r = DatasetRemove(sd->set, data, data_len);
if (r == 1)
return 1;
break;
}
default:
abort();
}

Write Preview
Loading…
Cancel
Save