aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect: pass ipproto to rule grouping funcs

Browse Source
pull/1978/head
Victor Julien 10 years ago
parent c71c991669
commit e75a93b125
1 changed files with 21 additions and 15 deletions
Show Stats Download Patch File Download Diff File

36
src/detect.c
Unescape Escape View File

@ -3004,7 +3004,9 @@ error:
return -1; return -1;
} }
static int DetectEngineLookupBuildSourceAddressList(DetectEngineCtx *de_ctx, DetectEngineLookupFlow *flow_gh, Signature *s, int family) static int DetectEngineLookupBuildSourceAddressList(DetectEngineCtx *de_ctx,
DetectEngineLookupFlow *flow_gh,
Signature *s, int family)
{ {
DetectAddress *gr = NULL, *lookup_gr = NULL, *head = NULL; DetectAddress *gr = NULL, *lookup_gr = NULL, *head = NULL;
int proto; int proto;
@ -3641,7 +3643,9 @@ error:
/** /**
* \brief Build the destination address portion of the match tree * \brief Build the destination address portion of the match tree
*/ */
int BuildDestinationAddressHeads(DetectEngineCtx *de_ctx, DetectAddressHead *head, int family, int flow) int BuildDestinationAddressHeads(DetectEngineCtx *de_ctx,
DetectAddressHead *head,
int family, int flow, int ipproto)
{ {
Signature *tmp_s = NULL; Signature *tmp_s = NULL;
DetectAddress *gr = NULL, *sgr = NULL, *lookup_gr = NULL; DetectAddress *gr = NULL, *sgr = NULL, *lookup_gr = NULL;
@ -3753,7 +3757,9 @@ error:
} }
//static //static
int BuildDestinationAddressHeadsWithBothPorts(DetectEngineCtx *de_ctx, DetectAddressHead *head, int family, int flow) int BuildDestinationAddressHeadsWithBothPorts(DetectEngineCtx *de_ctx,
DetectAddressHead *head,
int family, int flow, int ipproto)
{ {
Signature *tmp_s = NULL; Signature *tmp_s = NULL;
DetectAddress *src_gr = NULL, *dst_gr = NULL, *sig_gr = NULL, *lookup_gr = NULL; DetectAddress *src_gr = NULL, *dst_gr = NULL, *sig_gr = NULL, *lookup_gr = NULL;
@ -4050,47 +4056,47 @@ int SigAddressPrepareStage3(DetectEngineCtx *de_ctx)
int f = 0; int f = 0;
int proto; int proto;
for (f = 0; f < FLOW_STATES; f++) { for (f = 0; f < FLOW_STATES; f++) {
r = BuildDestinationAddressHeadsWithBothPorts(de_ctx, de_ctx->flow_gh[f].src_gh[IPPROTO_TCP],AF_INET,f); r = BuildDestinationAddressHeadsWithBothPorts(de_ctx, de_ctx->flow_gh[f].src_gh[IPPROTO_TCP],AF_INET,f,IPPROTO_TCP);
if (r < 0) { if (r < 0) {
printf ("BuildDestinationAddressHeads(src_gh[6],AF_INET) failed\n"); printf ("BuildDestinationAddressHeads(src_gh[6],AF_INET) failed\n");
goto error; goto error;
} }
r = BuildDestinationAddressHeadsWithBothPorts(de_ctx, de_ctx->flow_gh[f].src_gh[IPPROTO_UDP],AF_INET,f); r = BuildDestinationAddressHeadsWithBothPorts(de_ctx, de_ctx->flow_gh[f].src_gh[IPPROTO_UDP],AF_INET,f,IPPROTO_UDP);
if (r < 0) { if (r < 0) {
printf ("BuildDestinationAddressHeads(src_gh[17],AF_INET) failed\n"); printf ("BuildDestinationAddressHeads(src_gh[17],AF_INET) failed\n");
goto error; goto error;
} }
r = BuildDestinationAddressHeadsWithBothPorts(de_ctx, de_ctx->flow_gh[f].src_gh[IPPROTO_SCTP],AF_INET,f); r = BuildDestinationAddressHeadsWithBothPorts(de_ctx, de_ctx->flow_gh[f].src_gh[IPPROTO_SCTP],AF_INET,f,IPPROTO_SCTP);
if (r < 0) { if (r < 0) {
printf ("BuildDestinationAddressHeads(src_gh[IPPROTO_SCTP],AF_INET) failed\n"); printf ("BuildDestinationAddressHeads(src_gh[IPPROTO_SCTP],AF_INET) failed\n");
goto error; goto error;
} }
r = BuildDestinationAddressHeadsWithBothPorts(de_ctx, de_ctx->flow_gh[f].src_gh[IPPROTO_TCP],AF_INET6,f); r = BuildDestinationAddressHeadsWithBothPorts(de_ctx, de_ctx->flow_gh[f].src_gh[IPPROTO_TCP],AF_INET6,f,IPPROTO_TCP);
if (r < 0) { if (r < 0) {
printf ("BuildDestinationAddressHeads(src_gh[6],AF_INET) failed\n"); printf ("BuildDestinationAddressHeads(src_gh[6],AF_INET) failed\n");
goto error; goto error;
} }
r = BuildDestinationAddressHeadsWithBothPorts(de_ctx, de_ctx->flow_gh[f].src_gh[IPPROTO_UDP],AF_INET6,f); r = BuildDestinationAddressHeadsWithBothPorts(de_ctx, de_ctx->flow_gh[f].src_gh[IPPROTO_UDP],AF_INET6,f,IPPROTO_UDP);
if (r < 0) { if (r < 0) {
printf ("BuildDestinationAddressHeads(src_gh[17],AF_INET) failed\n"); printf ("BuildDestinationAddressHeads(src_gh[17],AF_INET) failed\n");
goto error; goto error;
} }
r = BuildDestinationAddressHeadsWithBothPorts(de_ctx, de_ctx->flow_gh[f].src_gh[IPPROTO_SCTP],AF_INET6,f); r = BuildDestinationAddressHeadsWithBothPorts(de_ctx, de_ctx->flow_gh[f].src_gh[IPPROTO_SCTP],AF_INET6,f,IPPROTO_SCTP);
if (r < 0) { if (r < 0) {
printf ("BuildDestinationAddressHeads(src_gh[IPPROTO_SCTP],AF_INET) failed\n"); printf ("BuildDestinationAddressHeads(src_gh[IPPROTO_SCTP],AF_INET) failed\n");
goto error; goto error;
} }
r = BuildDestinationAddressHeadsWithBothPorts(de_ctx, de_ctx->flow_gh[f].src_gh[IPPROTO_TCP],AF_UNSPEC,f); r = BuildDestinationAddressHeadsWithBothPorts(de_ctx, de_ctx->flow_gh[f].src_gh[IPPROTO_TCP],AF_UNSPEC,f,IPPROTO_TCP);
if (r < 0) { if (r < 0) {
printf ("BuildDestinationAddressHeads(src_gh[6],AF_INET) failed\n"); printf ("BuildDestinationAddressHeads(src_gh[6],AF_INET) failed\n");
goto error; goto error;
} }
r = BuildDestinationAddressHeadsWithBothPorts(de_ctx, de_ctx->flow_gh[f].src_gh[IPPROTO_UDP],AF_UNSPEC,f); r = BuildDestinationAddressHeadsWithBothPorts(de_ctx, de_ctx->flow_gh[f].src_gh[IPPROTO_UDP],AF_UNSPEC,f,IPPROTO_UDP);
if (r < 0) { if (r < 0) {
printf ("BuildDestinationAddressHeads(src_gh[17],AF_INET) failed\n"); printf ("BuildDestinationAddressHeads(src_gh[17],AF_INET) failed\n");
goto error; goto error;
} }
r = BuildDestinationAddressHeadsWithBothPorts(de_ctx, de_ctx->flow_gh[f].src_gh[IPPROTO_SCTP],AF_UNSPEC,f); r = BuildDestinationAddressHeadsWithBothPorts(de_ctx, de_ctx->flow_gh[f].src_gh[IPPROTO_SCTP],AF_UNSPEC,f,IPPROTO_SCTP);
if (r < 0) { if (r < 0) {
printf ("BuildDestinationAddressHeads(src_gh[IPPROTO_SCTP],AF_INET) failed\n"); printf ("BuildDestinationAddressHeads(src_gh[IPPROTO_SCTP],AF_INET) failed\n");
goto error; goto error;
@ -4099,17 +4105,17 @@ int SigAddressPrepareStage3(DetectEngineCtx *de_ctx)
if (proto == IPPROTO_TCP || proto == IPPROTO_UDP || proto == IPPROTO_SCTP) if (proto == IPPROTO_TCP || proto == IPPROTO_UDP || proto == IPPROTO_SCTP)
continue; continue;
r = BuildDestinationAddressHeads(de_ctx, de_ctx->flow_gh[f].src_gh[proto],AF_INET,f); r = BuildDestinationAddressHeads(de_ctx, de_ctx->flow_gh[f].src_gh[proto],AF_INET,f,proto);
if (r < 0) { if (r < 0) {
printf ("BuildDestinationAddressHeads(src_gh[%" PRId32 "],AF_INET) failed\n", proto); printf ("BuildDestinationAddressHeads(src_gh[%" PRId32 "],AF_INET) failed\n", proto);
goto error; goto error;
} }
r = BuildDestinationAddressHeads(de_ctx, de_ctx->flow_gh[f].src_gh[proto],AF_INET6,f); r = BuildDestinationAddressHeads(de_ctx, de_ctx->flow_gh[f].src_gh[proto],AF_INET6,f,proto);
if (r < 0) { if (r < 0) {
printf ("BuildDestinationAddressHeads(src_gh[%" PRId32 "],AF_INET6) failed\n", proto); printf ("BuildDestinationAddressHeads(src_gh[%" PRId32 "],AF_INET6) failed\n", proto);
goto error; goto error;
} }
r = BuildDestinationAddressHeads(de_ctx, de_ctx->flow_gh[f].src_gh[proto],AF_UNSPEC,f); /* for any */ r = BuildDestinationAddressHeads(de_ctx, de_ctx->flow_gh[f].src_gh[proto],AF_UNSPEC,f,proto); /* for any */
if (r < 0) { if (r < 0) {
printf ("BuildDestinationAddressHeads(src_gh[%" PRId32 "],AF_UNSPEC) failed\n", proto); printf ("BuildDestinationAddressHeads(src_gh[%" PRId32 "],AF_UNSPEC) failed\n", proto);
goto error; goto error;

Write Preview
Loading…
Cancel
Save