aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix rule tree update. Fix bloomfilter error in b2g.

Browse Source
remotes/origin/master-1.0.x
Victor Julien 16 years ago
parent 1c0ad1d415
commit ec39f5446c
5 changed files with 77 additions and 33 deletions
Show Stats Download Patch File Download Diff File

34
src/detect-engine-address-ipv4.c
Unescape Escape View File

@ -72,6 +72,7 @@ int DetectAddressGroupCutIPv4(DetectAddressGroup *a, DetectAddressGroup *b, Dete
u_int32_t b_ip1 = ntohl(b->ad->ip[0]);
u_int32_t b_ip2 = ntohl(b->ad->ip2[0]);
DetectPort *port = NULL;
DetectAddressGroup *tmp = NULL;
/* default to NULL */
*c = NULL;
@ -83,7 +84,7 @@ int DetectAddressGroupCutIPv4(DetectAddressGroup *a, DetectAddressGroup *b, Dete
}
/* get a place to temporary put sigs lists */
DetectAddressGroup *tmp = DetectAddressGroupInit();
tmp = DetectAddressGroupInit();
if (tmp == NULL) {
goto error;
}
@ -225,6 +226,9 @@ int DetectAddressGroupCutIPv4(DetectAddressGroup *a, DetectAddressGroup *b, Dete
/* 'b' overlaps 'a' so 'a' needs the 'b' sigs */
SigGroupHeadCopySigs(b->sh,&a->sh);
//printf("a: "); DetectAddressDataPrint(a->ad); printf(": "); DbgPrintSigs2(a->sh);
//printf("b: "); DetectAddressDataPrint(b->ad); printf(": "); DbgPrintSigs2(b->sh);
for (port = b->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&a->port, port);
}
@ -234,19 +238,35 @@ int DetectAddressGroupCutIPv4(DetectAddressGroup *a, DetectAddressGroup *b, Dete
#ifdef DBG
printf("DetectAddressGroupCutIPv4: 2\n");
#endif
//printf("1a: "); DetectAddressDataPrint(a->ad); printf(": "); DbgPrintSigs2(a->sh);
//printf("1b: "); DetectAddressDataPrint(b->ad); printf(": "); DbgPrintSigs2(b->sh);
a->ad->ip[0] = htonl(b_ip1);
a->ad->ip2[0] = htonl(a_ip1 - 1);
b->ad->ip[0] = htonl(a_ip1);
b->ad->ip2[0] = htonl(a_ip2);
/* 'a' overlaps 'b' so a needs the 'a' sigs */
SigGroupHeadCopySigs(a->sh,&b->sh);
/* 'a' overlaps 'b' so 'b' needs the 'a' sigs */
SigGroupHeadCopySigs(a->sh,&tmp->sh);
SigGroupHeadClearSigs(a->sh);
SigGroupHeadCopySigs(b->sh,&a->sh);
SigGroupHeadCopySigs(tmp->sh,&b->sh);
SigGroupHeadClearSigs(tmp->sh);
for (port = a->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&tmp->port, a->port);
}
for (port = b->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&a->port, port);
}
for (port = tmp->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&b->port, port);
}
b->cnt += a->cnt;
tmp->cnt += a->cnt;
a->cnt = 0;
a->cnt += b->cnt;
b->cnt += tmp->cnt;
tmp->cnt = 0;
} else {
#ifdef DBG
printf("3\n");
@ -413,11 +433,13 @@ int DetectAddressGroupCutIPv4(DetectAddressGroup *a, DetectAddressGroup *b, Dete
}
}
DetectAddressGroupFree(tmp);
if (tmp != NULL)
DetectAddressGroupFree(tmp);
return 0;
error:
DetectAddressGroupFree(tmp);
if (tmp != NULL)
DetectAddressGroupFree(tmp);
return -1;
}

29
src/detect-engine-address-ipv6.c
Unescape Escape View File

@ -197,6 +197,7 @@ int DetectAddressGroupCutIPv6(DetectAddressGroup *a, DetectAddressGroup *b, Dete
u_int32_t b_ip2[4] = { ntohl(b->ad->ip2[0]), ntohl(b->ad->ip2[1]),
ntohl(b->ad->ip2[2]), ntohl(b->ad->ip2[3]) };
DetectPort *port = NULL;
DetectAddressGroup *tmp = NULL;
/* default to NULL */
*c = NULL;
@ -207,7 +208,7 @@ int DetectAddressGroupCutIPv6(DetectAddressGroup *a, DetectAddressGroup *b, Dete
}
/* get a place to temporary put sigs lists */
DetectAddressGroup *tmp = DetectAddressGroupInit();
tmp = DetectAddressGroupInit();
if (tmp == NULL) {
goto error;
}
@ -346,13 +347,27 @@ int DetectAddressGroupCutIPv6(DetectAddressGroup *a, DetectAddressGroup *b, Dete
AddressCutIPv6Copy(a_ip1, b->ad->ip);
AddressCutIPv6Copy(a_ip2, b->ad->ip2);
/* 'a' overlaps 'b' so a needs the 'a' sigs */
SigGroupHeadCopySigs(a->sh,&b->sh);
/* 'a' overlaps 'b' so 'b' needs the 'a' sigs */
SigGroupHeadCopySigs(a->sh,&tmp->sh);
SigGroupHeadClearSigs(a->sh);
SigGroupHeadCopySigs(b->sh,&a->sh);
SigGroupHeadCopySigs(tmp->sh,&b->sh);
SigGroupHeadClearSigs(tmp->sh);
for (port = a->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&tmp->port, a->port);
}
for (port = b->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&a->port, port);
}
for (port = tmp->port; port != NULL; port = port->next) {
DetectPortInsertCopy(&b->port, port);
}
b->cnt += a->cnt;
tmp->cnt += a->cnt;
a->cnt = 0;
a->cnt += b->cnt;
b->cnt += tmp->cnt;
tmp->cnt = 0;
} else {
AddressCutIPv6Copy(b_ip1, a->ad->ip);
AddressCutIPv6CopySubOne(a_ip1, a->ad->ip2);
@ -501,11 +516,13 @@ int DetectAddressGroupCutIPv6(DetectAddressGroup *a, DetectAddressGroup *b, Dete
}
}
DetectAddressGroupFree(tmp);
if (tmp != NULL)
DetectAddressGroupFree(tmp);
return 0;
error:
DetectAddressGroupFree(tmp);
if (tmp != NULL)
DetectAddressGroupFree(tmp);
return -1;
}

21
src/detect-engine-port.c
Unescape Escape View File

@ -214,11 +214,10 @@ int DetectPortInsert(DetectPort **head, DetectPort *new) {
if (new == NULL)
return 0;
#ifdef DBG
printf("DetectPortInsert: head %p, new %p, new->dp %p\n", head, new, new->dp);
printf("DetectPortInsert: head %p, new %p\n", head, new);
printf("DetectPortInsert: inserting (sig %u) ", new->sh ? new->sh->sig_cnt : 0); DetectPortPrint(new); printf("\n");
//DetectPortPrintList(*head);
DetectPortPrintList(*head);
#endif
/* see if it already exists or overlaps with existing ag's */
@ -570,6 +569,7 @@ int DetectPortCut(DetectPort *a, DetectPort *b, DetectPort **c) {
u_int32_t a_port2 = a->port2;
u_int32_t b_port1 = b->port;
u_int32_t b_port2 = b->port2;
DetectPort *tmp = NULL;
/* default to NULL */
*c = NULL;
@ -584,7 +584,6 @@ int DetectPortCut(DetectPort *a, DetectPort *b, DetectPort **c) {
}
/* get a place to temporary put sigs lists */
DetectPort *tmp = NULL;
tmp = DetectPortInit();
if (tmp == NULL) {
goto error;
@ -709,7 +708,7 @@ int DetectPortCut(DetectPort *a, DetectPort *b, DetectPort **c) {
b->port = a_port1;
b->port2 = a_port2;
/* 'a' overlaps 'b' so a needs the 'a' sigs */
/* 'a' overlaps 'b' so 'b' needs the 'a' sigs */
SigGroupHeadCopySigs(a->sh,&b->sh);
b->cnt += a->cnt;
@ -740,7 +739,7 @@ int DetectPortCut(DetectPort *a, DetectPort *b, DetectPort **c) {
SigGroupHeadClearSigs(a->sh); /* clean a list */
SigGroupHeadCopySigs(b->sh,&tmp_c->sh); /* copy old b to c */
SigGroupHeadCopySigs(b->sh,&a->sh); /* copy old b to a */
SigGroupHeadCopySigs(tmp->sh,&b->sh); /* prepend old a before b */
SigGroupHeadCopySigs(tmp->sh,&b->sh); /* merge old a with b */
SigGroupHeadClearSigs(tmp->sh); /* clean tmp list */
@ -781,7 +780,7 @@ int DetectPortCut(DetectPort *a, DetectPort *b, DetectPort **c) {
b->port = b_port2 + 1;
b->port2 = a_port2;
/* 'b' overlaps 'a' so a needs the 'b' sigs */
/* 'b' overlaps 'a' so 'a' needs the 'b' sigs */
SigGroupHeadCopySigs(b->sh,&tmp->sh);
SigGroupHeadClearSigs(b->sh);
SigGroupHeadCopySigs(a->sh,&b->sh);
@ -807,7 +806,7 @@ int DetectPortCut(DetectPort *a, DetectPort *b, DetectPort **c) {
b->port = b_port1;
b->port2 = b_port2;
/* 'a' overlaps 'b' so a needs the 'a' sigs */
/* 'a' overlaps 'b' so 'b' needs the 'a' sigs */
SigGroupHeadCopySigs(a->sh,&b->sh);
b->cnt += a->cnt;
@ -841,12 +840,14 @@ int DetectPortCut(DetectPort *a, DetectPort *b, DetectPort **c) {
}
/* XXX free tmp */
DetectPortFree(tmp);
if (tmp != NULL)
DetectPortFree(tmp);
return 0;
error:
/* XXX free tmp */
DetectPortFree(tmp);
if (tmp != NULL)
DetectPortFree(tmp);
return -1;
return -1;

20
src/detect.c
Unescape Escape View File

@ -170,6 +170,7 @@ void SigLoadSignatures (void)
return;
prevsig->next = sig;
prevsig = sig;
/*
sig = SigInit("alert udp any any -> any any (msg:\"ViCtOr nocase test\"; sid:4; rev:13; content:\"ViCtOr!!\"; offset:100; depth:150; nocase; content:\"ViCtOr!!\"; nocase; offset:99; depth:150;)");
if (sig == NULL)
@ -852,7 +853,7 @@ static DetectAddressGroup *GetHeadPtr(DetectAddressGroupsHead *head, int family)
return grhead;
}
#define MAX_UNIQ_GROUPS 3
#define MAX_UNIQ_GROUPS 2
/* set unique_groups to 0 for no grouping.
*
@ -868,6 +869,7 @@ int CreateGroupedAddrList(DetectAddressGroup *srchead, int family, DetectAddress
/* insert the addresses into the tmplist, where it will
* be sorted descending on 'cnt'. */
for (gr = srchead; gr != NULL; gr = gr->next) {
// printf(" 1 -= Address "); DetectAddressDataPrint(gr->ad); printf(" : "); DbgPrintSigs2(gr->sh);
groups++;
/* alloc a copy */
@ -981,6 +983,7 @@ int CreateGroupedAddrList(DetectAddressGroup *srchead, int family, DetectAddress
*
* Start with inserting the unique groups */
for (gr = tmplist2; gr != NULL; ) {
// printf(" 2 -= U Address "); DetectAddressDataPrint(gr->ad); printf(" : "); DbgPrintSigs2(gr->sh);
DetectAddressGroup *newtmp = DetectAddressGroupInit();
if (newtmp == NULL) {
goto error;
@ -1007,6 +1010,7 @@ int CreateGroupedAddrList(DetectAddressGroup *srchead, int family, DetectAddress
}
/* if present, insert the joingr that covers the rest */
if (joingr != NULL) {
// printf(" 3 -= J Address "); DetectAddressDataPrint(joingr->ad); printf(" : "); DbgPrintSigs2(joingr->sh);
DetectAddressGroupInsert(newhead,joingr);
/* mark the groups that are not unique */
@ -1026,9 +1030,9 @@ int CreateGroupedAddrList(DetectAddressGroup *srchead, int family, DetectAddress
}
//for (gr = newhead->ipv4_head; gr != NULL; gr = gr->next) {
// printf(" -= Address "); DetectAddressDataPrint(gr->ad); printf("\n");
//}
for (gr = newhead->ipv4_head; gr != NULL; gr = gr->next) {
// printf(" 4 -= R Address "); DetectAddressDataPrint(gr->ad); printf(" : "); DbgPrintSigs2(gr->sh);
}
return 0;
error:
@ -1130,9 +1134,9 @@ int CreateGroupedPortList(DetectPort *srchead, DetectPort **newhead, u_int32_t u
DetectPortInsert(newhead,joingr);
}
//for (gr = *newhead; gr != NULL; gr = gr->next) {
// printf(" -= Port "); DetectPortPrint(gr); printf("\n");
//}
for (gr = *newhead; gr != NULL; gr = gr->next) {
//printf(" -= Port "); DetectPortPrint(gr); printf(" : "); DbgPrintSigs2(gr->sh);
}
return 0;
error:
@ -2352,7 +2356,7 @@ int SigGroupBuild (DetectEngineCtx *de_ctx) {
SigAddressPrepareStage1(de_ctx);
SigAddressPrepareStage2(de_ctx);
SigAddressPrepareStage3(de_ctx);
// SigAddressPrepareStage5();
//SigAddressPrepareStage5();
DbgPrintScanSearchStats();
// DetectAddressGroupPrintMemory();
// DetectSigGroupPrintMemory();

6
src/util-mpm-b2g.c
Unescape Escape View File

@ -463,11 +463,11 @@ static void B2gPrepareScanHash(MpmCtx *mpm_ctx) {
hi->idx = i;
hi->flags |= 0x01;
if (ctx->parray[i]->len < hi->p_min_len)
hi->p_min_len = ctx->parray[i]->len;
/* Append this HashItem to the list */
B2gHashItem *thi = ctx->scan_hash[idx];
if (ctx->parray[i]->len < thi->p_min_len)
thi->p_min_len = ctx->parray[i]->len;
while (thi->nxt) thi = thi->nxt;
thi->nxt = hi;
}

Write Preview
Loading…
Cancel
Save