aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect-address: remove sgh pointer as it's unused

Browse Source
pull/1980/head
Victor Julien 9 years ago
parent d5c6d08bc8
commit ef6f347f84
4 changed files with 0 additions and 480 deletions
Show Stats Download Patch File Download Diff File

74
src/detect-engine-address-ipv4.c
Unescape Escape View File

@ -158,11 +158,6 @@ int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a,
tmp_c->ip2.addr_data32[0] = htonl(b_ip2);
*c = tmp_c;
if (de_ctx != NULL) {
SigGroupHeadCopySigs(de_ctx, b->sh, &tmp_c->sh);
SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
}
/* we have 3 parts: [bbb[baba]aaa]
* part a: b_ip1 <-> a_ip1 - 1
* part b: a_ip1 <-> b_ip2
@ -186,24 +181,6 @@ int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a,
tmp_c->ip2.addr_data32[0] = htonl(a_ip2);
*c = tmp_c;
if (de_ctx != NULL) {
/* 'a' gets clean and then 'b' sigs
* 'b' gets clean, then 'a' then 'b' sigs
* 'c' gets 'a' sigs */
/* store old a list */
SigGroupHeadCopySigs(de_ctx, a->sh, &tmp->sh);
/* clean a list */
SigGroupHeadClearSigs(a->sh);
/* copy old b to c */
SigGroupHeadCopySigs(de_ctx, tmp->sh, &tmp_c->sh);
/* copy old b to a */
SigGroupHeadCopySigs(de_ctx, b->sh, &a->sh);
/* prepend old a before b */
SigGroupHeadCopySigs(de_ctx, tmp->sh, &b->sh);
/* clean tmp list */
SigGroupHeadClearSigs(tmp->sh);
}
/* we have 2 or three parts:
*
* 2 part: [[abab]bbb] or [bbb[baba]]
@ -232,10 +209,6 @@ int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a,
b->ip.addr_data32[0] = htonl(a_ip2 + 1);
b->ip2.addr_data32[0] = htonl(b_ip2);
if (de_ctx != NULL) {
/* 'b' overlaps 'a' so 'a' needs the 'b' sigs */
SigGroupHeadCopySigs(de_ctx, b->sh, &a->sh);
}
} else if (a_ip2 == b_ip2) {
SCLogDebug("DetectAddressCutIPv4: 2");
@ -245,13 +218,6 @@ int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a,
b->ip.addr_data32[0] = htonl(a_ip1);
b->ip2.addr_data32[0] = htonl(a_ip2);
if (de_ctx != NULL) {
SigGroupHeadCopySigs(de_ctx, b->sh, &tmp->sh);
SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
SigGroupHeadClearSigs(a->sh);
SigGroupHeadCopySigs(de_ctx, tmp->sh, &a->sh);
SigGroupHeadClearSigs(tmp->sh);
}
} else {
SCLogDebug("3");
@ -269,24 +235,6 @@ int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a,
tmp_c->ip.addr_data32[0] = htonl(a_ip2 + 1);
tmp_c->ip2.addr_data32[0] = htonl(b_ip2);
*c = tmp_c;
if (de_ctx != NULL) {
/* 'a' gets clean and then 'b' sigs
* 'b' gets clean, then 'a' then 'b' sigs
* 'c' gets 'b' sigs */
/* store old a list */
SigGroupHeadCopySigs(de_ctx, a->sh, &tmp->sh);
/* clean a list */
SigGroupHeadClearSigs(a->sh);
/* copy old b to c */
SigGroupHeadCopySigs(de_ctx, b->sh, &tmp_c->sh);
/* copy old b to a */
SigGroupHeadCopySigs(de_ctx, b->sh, &a->sh);
/* prepend old a before b */
SigGroupHeadCopySigs(de_ctx, tmp->sh, &b->sh);
/* clean tmp list */
SigGroupHeadClearSigs(tmp->sh);
}
}
/* we have 2 or three parts:
*
@ -315,15 +263,6 @@ int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a,
b->ip.addr_data32[0] = htonl(b_ip2 + 1);
b->ip2.addr_data32[0] = htonl(a_ip2);
if (de_ctx != NULL) {
/* 'b' overlaps 'a' so a needs the 'b' sigs */
SigGroupHeadCopySigs(de_ctx, b->sh, &tmp->sh);
SigGroupHeadClearSigs(b->sh);
SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
SigGroupHeadCopySigs(de_ctx, tmp->sh, &a->sh);
SigGroupHeadClearSigs(tmp->sh);
}
} else if (a_ip2 == b_ip2) {
SCLogDebug("DetectAddressCutIPv4: 2");
@ -332,11 +271,6 @@ int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a,
b->ip.addr_data32[0] = htonl(b_ip1);
b->ip2.addr_data32[0] = htonl(b_ip2);
if (de_ctx != NULL) {
/* 'a' overlaps 'b' so a needs the 'a' sigs */
SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
}
} else {
SCLogDebug("DetectAddressCutIPv4: 3");
@ -354,14 +288,6 @@ int DetectAddressCutIPv4(DetectEngineCtx *de_ctx, DetectAddress *a,
tmp_c->ip.addr_data32[0] = htonl(b_ip2 + 1);
tmp_c->ip2.addr_data32[0] = htonl(a_ip2);
*c = tmp_c;
if (de_ctx != NULL) {
/* 'a' stays the same wrt sigs
* 'b' keeps it's own sigs and gets a's sigs prepended
* 'c' gets 'a' sigs */
SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
SigGroupHeadCopySigs(de_ctx, a->sh, &tmp_c->sh);
}
}
}

67
src/detect-engine-address-ipv6.c
Unescape Escape View File

@ -406,11 +406,6 @@ int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a,
*c = tmp_c;
/* copy old b to c */
SigGroupHeadCopySigs(de_ctx, b->sh, &tmp_c->sh);
/* copy old b to a */
SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
/* we have 3 parts: [bbb[baba]aaa]
* part a: b_ip1 <-> a_ip1 - 1
* part b: a_ip1 <-> b_ip2
@ -433,23 +428,6 @@ int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a,
AddressCutIPv6Copy(a_ip2, tmp_c->ip2.addr_data32);
*c = tmp_c;
/* 'a' gets clean and then 'b' sigs
* 'b' gets clean, then 'a' then 'b' sigs
* 'c' gets 'a' sigs */
/* store old a list */
SigGroupHeadCopySigs(de_ctx, a->sh, &tmp->sh);
/* clean a list */
SigGroupHeadClearSigs(a->sh);
/* copy old b to c */
SigGroupHeadCopySigs(de_ctx, tmp->sh, &tmp_c->sh);
/* copy old b to a */
SigGroupHeadCopySigs(de_ctx, b->sh, &a->sh);
/* prepend old a before b */
SigGroupHeadCopySigs(de_ctx, tmp->sh, &b->sh);
/* clean tmp list */
SigGroupHeadClearSigs(tmp->sh);
/* we have 2 or three parts:
*
* 2 part: [[abab]bbb] or [bbb[baba]]
@ -472,9 +450,6 @@ int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a,
AddressCutIPv6CopyAddOne(a_ip2, b->ip.addr_data32);
AddressCutIPv6Copy(b_ip2, b->ip2.addr_data32);
/* 'b' overlaps 'a' so 'a' needs the 'b' sigs */
SigGroupHeadCopySigs(de_ctx, b->sh, &a->sh);
} else if (AddressIPv6EqU32(a_ip2, b_ip2) == 1) {
AddressCutIPv6Copy(b_ip1, a->ip.addr_data32);
AddressCutIPv6CopySubOne(a_ip1, a->ip2.addr_data32);
@ -482,12 +457,6 @@ int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a,
AddressCutIPv6Copy(a_ip1, b->ip.addr_data32);
AddressCutIPv6Copy(a_ip2, b->ip2.addr_data32);
SigGroupHeadCopySigs(de_ctx, b->sh, &tmp->sh);
SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
SigGroupHeadClearSigs(a->sh);
SigGroupHeadCopySigs(de_ctx, tmp->sh, &a->sh);
SigGroupHeadClearSigs(tmp->sh);
} else {
AddressCutIPv6Copy(b_ip1, a->ip.addr_data32);
AddressCutIPv6CopySubOne(a_ip1, a->ip2.addr_data32);
@ -505,23 +474,6 @@ int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a,
AddressCutIPv6Copy(b_ip2, tmp_c->ip2.addr_data32);
*c = tmp_c;
/* 'a' gets clean and then 'b' sigs
* 'b' gets clean, then 'a' then 'b' sigs
* 'c' gets 'b' sigs */
/* store old a list */
SigGroupHeadCopySigs(de_ctx, a->sh, &tmp->sh);
/* clean a list */
SigGroupHeadClearSigs(a->sh);
/* copy old b to c */
SigGroupHeadCopySigs(de_ctx, b->sh, &tmp_c->sh);
/* copy old b to a */
SigGroupHeadCopySigs(de_ctx, b->sh, &a->sh);
/* prepend old a before b */
SigGroupHeadCopySigs(de_ctx, tmp->sh, &b->sh);
/* clean tmp list */
SigGroupHeadClearSigs(tmp->sh);
}
/* we have 2 or three parts:
*
@ -544,24 +496,12 @@ int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a,
AddressCutIPv6CopyAddOne(b_ip2, b->ip.addr_data32);
AddressCutIPv6Copy(a_ip2, b->ip2.addr_data32);
/* 'b' overlaps 'a' so a needs the 'b' sigs */
SigGroupHeadCopySigs(de_ctx, b->sh, &tmp->sh);
SigGroupHeadClearSigs(b->sh);
SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
SigGroupHeadCopySigs(de_ctx, tmp->sh, &a->sh);
SigGroupHeadClearSigs(tmp->sh);
} else if (AddressIPv6EqU32(a_ip2, b_ip2) == 1) {
AddressCutIPv6Copy(a_ip1, a->ip.addr_data32);
AddressCutIPv6CopySubOne(b_ip1, a->ip2.addr_data32);
AddressCutIPv6Copy(b_ip1, b->ip.addr_data32);
AddressCutIPv6Copy(b_ip2, b->ip2.addr_data32);
/* 'a' overlaps 'b' so a needs the 'a' sigs */
SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
} else {
AddressCutIPv6Copy(a_ip1, a->ip.addr_data32);
AddressCutIPv6CopySubOne(b_ip1, a->ip2.addr_data32);
@ -578,13 +518,6 @@ int DetectAddressCutIPv6(DetectEngineCtx *de_ctx, DetectAddress *a,
AddressCutIPv6CopyAddOne(b_ip2, tmp_c->ip.addr_data32);
AddressCutIPv6Copy(a_ip2, tmp_c->ip2.addr_data32);
*c = tmp_c;
/* 'a' stays the same wrt sigs
* 'b' keeps it's own sigs and gets a's sigs prepended
* 'c' gets 'a' sigs */
SigGroupHeadCopySigs(de_ctx, a->sh, &b->sh);
SigGroupHeadCopySigs(de_ctx, a->sh, &tmp_c->sh);
}
}

334
src/detect-engine-address.c
Unescape Escape View File

@ -80,16 +80,6 @@ void DetectAddressFree(DetectAddress *ag)
if (ag == NULL)
return;
SCLogDebug("ag %p, sh %p", ag, ag->sh);
/* only free the head if we have the original */
if (ag->sh != NULL && !(ag->flags & ADDRESS_SIGGROUPHEAD_COPY)) {
SCLogDebug("- ag %p, sh %p not a copy, so call SigGroupHeadFree", ag,
ag->sh);
SigGroupHeadFree(ag->sh);
}
ag->sh = NULL;
SCFree(ag);
return;
@ -159,7 +149,6 @@ void DetectAddressPrintList(DetectAddress *head)
SCLogInfo("list:");
if (head != NULL) {
for (cur = head; cur != NULL; cur = cur->next) {
SCLogInfo("SIGS %6u ", cur->sh ? cur->sh->sig_cnt : 0);
DetectAddressPrint(cur);
}
}
@ -332,9 +321,7 @@ int DetectAddressInsert(DetectEngineCtx *de_ctx, DetectAddressHead *gh,
if (r == ADDRESS_EQ) {
/* exact overlap/match */
if (cur != new) {
SigGroupHeadCopySigs(de_ctx, new->sh, &cur->sh);
DetectAddressFree(new);
return 0;
}
@ -450,8 +437,6 @@ int DetectAddressJoin(DetectEngineCtx *de_ctx, DetectAddress *target,
if (target->ip.family != source->ip.family)
return -1;
SigGroupHeadCopySigs(de_ctx, source->sh, &target->sh);
if (target->ip.family == AF_INET)
return DetectAddressJoinIPv4(de_ctx, target, source);
else if (target->ip.family == AF_INET6)
@ -4823,320 +4808,6 @@ int AddressConfVarsTest05(void)
return result;
}
#include "detect-engine.h"
/**
* \test Test sig distribution over address groups
*/
static int AddressTestFunctions01(void)
{
DetectAddress *a1 = NULL;
DetectAddress *a2 = NULL;
DetectAddressHead *h = NULL;
int result = 0;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
Signature s[2];
memset(s,0x00,sizeof(s));
s[0].num = 0;
s[1].num = 1;
a1 = DetectAddressParseSingle("255.0.0.0/8");
if (a1 == NULL) {
printf("a1 == NULL: ");
goto end;
}
SigGroupHeadAppendSig(de_ctx, &a1->sh, &s[0]);
a2 = DetectAddressParseSingle("0.0.0.0/0");
if (a2 == NULL) {
printf("a2 == NULL: ");
goto end;
}
SigGroupHeadAppendSig(de_ctx, &a2->sh, &s[1]);
SCLogDebug("a1");
DetectAddressPrint(a1);
SCLogDebug("a2");
DetectAddressPrint(a2);
h = DetectAddressHeadInit();
if (h == NULL)
goto end;
DetectAddressInsert(de_ctx, h, a1);
DetectAddressInsert(de_ctx, h, a2);
if (h == NULL)
goto end;
DetectAddress *x = h->ipv4_head;
for ( ; x != NULL; x = x->next) {
SCLogDebug("x %p next %p", x, x->next);
DetectAddressPrint(x);
//SigGroupHeadPrintSigs(de_ctx, x->sh);
}
DetectAddress *one = h->ipv4_head;
DetectAddress *two = one->next;
int sig = 0;
if ((one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
printf("sig %d part of 'one', but it shouldn't: ", sig);
goto end;
}
sig = 1;
if (!(one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
printf("sig %d part of 'one', but it shouldn't: ", sig);
goto end;
}
sig = 1;
if (!(two->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
printf("sig %d part of 'two', but it shouldn't: ", sig);
goto end;
}
result = 1;
end:
if (h != NULL)
DetectAddressHeadFree(h);
return result;
}
/**
* \test Test sig distribution over address groups
*/
static int AddressTestFunctions02(void)
{
DetectAddress *a1 = NULL;
DetectAddress *a2 = NULL;
DetectAddressHead *h = NULL;
int result = 0;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
Signature s[2];
memset(s,0x00,sizeof(s));
s[0].num = 0;
s[1].num = 1;
a1 = DetectAddressParseSingle("255.0.0.0/8");
if (a1 == NULL) {
printf("a1 == NULL: ");
goto end;
}
SigGroupHeadAppendSig(de_ctx, &a1->sh, &s[0]);
a2 = DetectAddressParseSingle("0.0.0.0/0");
if (a2 == NULL) {
printf("a2 == NULL: ");
goto end;
}
SigGroupHeadAppendSig(de_ctx, &a2->sh, &s[1]);
SCLogDebug("a1");
DetectAddressPrint(a1);
SCLogDebug("a2");
DetectAddressPrint(a2);
h = DetectAddressHeadInit();
if (h == NULL)
goto end;
DetectAddressInsert(de_ctx, h, a2);
DetectAddressInsert(de_ctx, h, a1);
BUG_ON(h == NULL);
SCLogDebug("dp3");
DetectAddress *x = h->ipv4_head;
for ( ; x != NULL; x = x->next) {
DetectAddressPrint(x);
//SigGroupHeadPrintSigs(de_ctx, x->sh);
}
DetectAddress *one = h->ipv4_head;
DetectAddress *two = one->next;
int sig = 0;
if ((one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
printf("sig %d part of 'one', but it shouldn't: ", sig);
goto end;
}
sig = 1;
if (!(one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
printf("sig %d part of 'one', but it shouldn't: ", sig);
goto end;
}
sig = 1;
if (!(two->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
printf("sig %d part of 'two', but it shouldn't: ", sig);
goto end;
}
result = 1;
end:
if (h != NULL)
DetectAddressHeadFree(h);
return result;
}
/**
* \test Test sig distribution over address groups
*/
static int AddressTestFunctions03(void)
{
DetectAddress *a1 = NULL;
DetectAddress *a2 = NULL;
DetectAddressHead *h = NULL;
int result = 0;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
Signature s[2];
memset(s,0x00,sizeof(s));
s[0].num = 0;
s[1].num = 1;
a1 = DetectAddressParseSingle("ffff::/16");
if (a1 == NULL) {
printf("a1 == NULL: ");
goto end;
}
SigGroupHeadAppendSig(de_ctx, &a1->sh, &s[0]);
a2 = DetectAddressParseSingle("::/0");
if (a2 == NULL) {
printf("a2 == NULL: ");
goto end;
}
SigGroupHeadAppendSig(de_ctx, &a2->sh, &s[1]);
SCLogDebug("a1");
DetectAddressPrint(a1);
SCLogDebug("a2");
DetectAddressPrint(a2);
h = DetectAddressHeadInit();
if (h == NULL)
goto end;
DetectAddressInsert(de_ctx, h, a1);
DetectAddressInsert(de_ctx, h, a2);
if (h == NULL)
goto end;
DetectAddress *x = h->ipv6_head;
for ( ; x != NULL; x = x->next) {
SCLogDebug("x %p next %p", x, x->next);
DetectAddressPrint(x);
//SigGroupHeadPrintSigs(de_ctx, x->sh);
}
DetectAddress *one = h->ipv6_head;
DetectAddress *two = one->next;
int sig = 0;
if ((one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
printf("sig %d part of 'one', but it shouldn't: ", sig);
goto end;
}
sig = 1;
if (!(one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
printf("sig %d part of 'one', but it shouldn't: ", sig);
goto end;
}
sig = 1;
if (!(two->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
printf("sig %d part of 'two', but it shouldn't: ", sig);
goto end;
}
result = 1;
end:
if (h != NULL)
DetectAddressHeadFree(h);
return result;
}
/**
* \test Test sig distribution over address groups
*/
static int AddressTestFunctions04(void)
{
DetectAddress *a1 = NULL;
DetectAddress *a2 = NULL;
DetectAddressHead *h = NULL;
int result = 0;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
Signature s[2];
memset(s,0x00,sizeof(s));
s[0].num = 0;
s[1].num = 1;
a1 = DetectAddressParseSingle("ffff::/16");
if (a1 == NULL) {
printf("a1 == NULL: ");
goto end;
}
SigGroupHeadAppendSig(de_ctx, &a1->sh, &s[0]);
a2 = DetectAddressParseSingle("::/0");
if (a2 == NULL) {
printf("a2 == NULL: ");
goto end;
}
SigGroupHeadAppendSig(de_ctx, &a2->sh, &s[1]);
SCLogDebug("a1");
DetectAddressPrint(a1);
SCLogDebug("a2");
DetectAddressPrint(a2);
h = DetectAddressHeadInit();
if (h == NULL)
goto end;
DetectAddressInsert(de_ctx, h, a2);
DetectAddressInsert(de_ctx, h, a1);
BUG_ON(h == NULL);
SCLogDebug("dp3");
DetectAddress *x = h->ipv6_head;
for ( ; x != NULL; x = x->next) {
DetectAddressPrint(x);
//SigGroupHeadPrintSigs(de_ctx, x->sh);
}
DetectAddress *one = h->ipv6_head;
DetectAddress *two = one->next;
int sig = 0;
if ((one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
printf("sig %d part of 'one', but it shouldn't: ", sig);
goto end;
}
sig = 1;
if (!(one->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
printf("sig %d part of 'one', but it shouldn't: ", sig);
goto end;
}
sig = 1;
if (!(two->sh->init->sig_array[sig / 8] & (1 << (sig % 8)))) {
printf("sig %d part of 'two', but it shouldn't: ", sig);
goto end;
}
result = 1;
end:
if (h != NULL)
DetectAddressHeadFree(h);
return result;
}
#endif /* UNITTESTS */
void DetectAddressTests(void)
@ -5339,10 +5010,5 @@ void DetectAddressTests(void)
UtRegisterTest("AddressConfVarsTest03 ", AddressConfVarsTest03, 1);
UtRegisterTest("AddressConfVarsTest04 ", AddressConfVarsTest04, 1);
UtRegisterTest("AddressConfVarsTest05 ", AddressConfVarsTest05, 1);
UtRegisterTest("AddressTestFunctions01", AddressTestFunctions01, 1);
UtRegisterTest("AddressTestFunctions02", AddressTestFunctions02, 1);
UtRegisterTest("AddressTestFunctions03", AddressTestFunctions03, 1);
UtRegisterTest("AddressTestFunctions04", AddressTestFunctions04, 1);
#endif /* UNITTESTS */
}

5
src/detect.h
Unescape Escape View File

@ -164,8 +164,6 @@ enum {
#define ADDRESS_FLAG_ANY 0x01 /**< address is "any" */
#define ADDRESS_FLAG_NOT 0x02 /**< address is negated */
#define ADDRESS_SIGGROUPHEAD_COPY 0x04 /**< sgh is a ptr to another sgh */
/** \brief address structure for use in the detection engine.
*
* Contains the address information and matching information.
@ -175,9 +173,6 @@ typedef struct DetectAddress_ {
Address ip;
Address ip2;
/** signatures that belong in this group */
struct SigGroupHead_ *sh;
/** flags affecting this address */
uint8_t flags;

Write Preview
Loading…
Cancel
Save