aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '12c350f77d'
${ noResults }
suricata/src/ippair-bit.c

509 lines
10 KiB
C
Raw Blame History

/* Copyright (C) 2014 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/**
* \file
*
* \author Victor Julien <victor@inliniac.net>
*
* Implements per ippair bits. Actually, not a bit,
* but called that way because of Snort's flowbits.
* It's a binary storage.
*
* \todo move away from a linked list implementation
* \todo use different datatypes, such as string, int, etc.
*/
#include "suricata-common.h"
#include "threads.h"
#include "ippair-bit.h"
#include "ippair.h"
#include "detect.h"
#include "util-var.h"
#include "util-debug.h"
#include "util-unittest.h"
#include "ippair-storage.h"
static int ippair_bit_id = -1; /**< IPPair storage id for bits */
static void XBitFreeAll(void *store)
{
GenericVar *gv = store;
GenericVarFree(gv);
}
void IPPairBitInitCtx(void)
{
ippair_bit_id = IPPairStorageRegister("bit", sizeof(void *), NULL, XBitFreeAll);
if (ippair_bit_id == -1) {
SCLogError(SC_ERR_IPPAIR_INIT, "Can't initiate ippair storage for bits");
exit(EXIT_FAILURE);
}
}
/* lock before using this */
int IPPairHasBits(IPPair *ippair)
{
if (ippair == NULL)
return 0;
return IPPairGetStorageById(ippair, ippair_bit_id) ? 1 : 0;
}
/** \retval 1 ippair timed out wrt xbits
* \retval 0 ippair still has active (non-expired) xbits */
int IPPairBitsTimedoutCheck(IPPair *h, struct timeval *ts)
{
GenericVar *gv = IPPairGetStorageById(h, ippair_bit_id);
for ( ; gv != NULL; gv = gv->next) {
if (gv->type == DETECT_XBITS) {
XBit *xb = (XBit *)gv;
if (xb->expire > (uint32_t)ts->tv_sec)
return 0;
}
}
return 1;
}
/* get the bit with idx from the ippair */
static XBit *IPPairBitGet(IPPair *h, uint32_t idx)
{
GenericVar *gv = IPPairGetStorageById(h, ippair_bit_id);
for ( ; gv != NULL; gv = gv->next) {
if (gv->type == DETECT_XBITS && gv->idx == idx) {
return (XBit *)gv;
}
}
return NULL;
}
/* add a flowbit to the flow */
static void IPPairBitAdd(IPPair *h, uint32_t idx, uint32_t expire)
{
XBit *fb = IPPairBitGet(h, idx);
if (fb == NULL) {
fb = SCMalloc(sizeof(XBit));
if (unlikely(fb == NULL))
return;
fb->type = DETECT_XBITS;
fb->idx = idx;
fb->next = NULL;
fb->expire = expire;
GenericVar *gv = IPPairGetStorageById(h, ippair_bit_id);
GenericVarAppend(&gv, (GenericVar *)fb);
IPPairSetStorageById(h, ippair_bit_id, gv);
// bit already set, lets update it's timer
} else {
fb->expire = expire;
}
}
static void IPPairBitRemove(IPPair *h, uint32_t idx)
{
XBit *fb = IPPairBitGet(h, idx);
if (fb == NULL)
return;
GenericVar *gv = IPPairGetStorageById(h, ippair_bit_id);
if (gv) {
GenericVarRemove(&gv, (GenericVar *)fb);
XBitFree(fb);
IPPairSetStorageById(h, ippair_bit_id, gv);
}
}
void IPPairBitSet(IPPair *h, uint32_t idx, uint32_t expire)
{
XBit *fb = IPPairBitGet(h, idx);
if (fb == NULL) {
IPPairBitAdd(h, idx, expire);
}
}
void IPPairBitUnset(IPPair *h, uint32_t idx)
{
XBit *fb = IPPairBitGet(h, idx);
if (fb != NULL) {
IPPairBitRemove(h, idx);
}
}
void IPPairBitToggle(IPPair *h, uint32_t idx, uint32_t expire)
{
XBit *fb = IPPairBitGet(h, idx);
if (fb != NULL) {
IPPairBitRemove(h, idx);
} else {
IPPairBitAdd(h, idx, expire);
}
}
int IPPairBitIsset(IPPair *h, uint32_t idx, uint32_t ts)
{
XBit *fb = IPPairBitGet(h, idx);
if (fb != NULL) {
if (fb->expire < ts) {
IPPairBitRemove(h, idx);
return 0;
}
return 1;
}
return 0;
}
int IPPairBitIsnotset(IPPair *h, uint32_t idx, uint32_t ts)
{
XBit *fb = IPPairBitGet(h, idx);
if (fb == NULL) {
return 1;
}
if (fb->expire < ts) {
IPPairBitRemove(h, idx);
return 1;
}
return 0;
}
/* TESTS */
#ifdef UNITTESTS
static int IPPairBitTest01 (void)
{
int ret = 0;
IPPairInitConfig(TRUE);
IPPair *h = IPPairAlloc();
if (h == NULL)
goto end;
IPPairBitAdd(h, 0, 0);
XBit *fb = IPPairBitGet(h,0);
if (fb != NULL)
ret = 1;
IPPairFree(h);
end:
IPPairCleanup();
return ret;
}
static int IPPairBitTest02 (void)
{
int ret = 0;
IPPairInitConfig(TRUE);
IPPair *h = IPPairAlloc();
if (h == NULL)
goto end;
XBit *fb = IPPairBitGet(h,0);
if (fb == NULL)
ret = 1;
IPPairFree(h);
end:
IPPairCleanup();
return ret;
}
static int IPPairBitTest03 (void)
{
int ret = 0;
IPPairInitConfig(TRUE);
IPPair *h = IPPairAlloc();
if (h == NULL)
goto end;
IPPairBitAdd(h, 0, 30);
XBit *fb = IPPairBitGet(h,0);
if (fb == NULL) {
printf("fb == NULL although it was just added: ");
goto end;
}
IPPairBitRemove(h, 0);
fb = IPPairBitGet(h,0);
if (fb != NULL) {
printf("fb != NULL although it was just removed: ");
goto end;
} else {
ret = 1;
}
IPPairFree(h);
end:
IPPairCleanup();
return ret;
}
static int IPPairBitTest04 (void)
{
int ret = 0;
IPPairInitConfig(TRUE);
IPPair *h = IPPairAlloc();
if (h == NULL)
goto end;
IPPairBitAdd(h, 0,30);
IPPairBitAdd(h, 1,30);
IPPairBitAdd(h, 2,30);
IPPairBitAdd(h, 3,30);
XBit *fb = IPPairBitGet(h,0);
if (fb != NULL)
ret = 1;
IPPairFree(h);
end:
IPPairCleanup();
return ret;
}
static int IPPairBitTest05 (void)
{
int ret = 0;
IPPairInitConfig(TRUE);
IPPair *h = IPPairAlloc();
if (h == NULL)
goto end;
IPPairBitAdd(h, 0,90);
IPPairBitAdd(h, 1,90);
IPPairBitAdd(h, 2,90);
IPPairBitAdd(h, 3,90);
XBit *fb = IPPairBitGet(h,1);
if (fb != NULL)
ret = 1;
IPPairFree(h);
end:
IPPairCleanup();
return ret;
}
static int IPPairBitTest06 (void)
{
int ret = 0;
IPPairInitConfig(TRUE);
IPPair *h = IPPairAlloc();
if (h == NULL)
goto end;
IPPairBitAdd(h, 0,90);
IPPairBitAdd(h, 1,90);
IPPairBitAdd(h, 2,90);
IPPairBitAdd(h, 3,90);
XBit *fb = IPPairBitGet(h,2);
if (fb != NULL)
ret = 1;
IPPairFree(h);
end:
IPPairCleanup();
return ret;
}
static int IPPairBitTest07 (void)
{
int ret = 0;
IPPairInitConfig(TRUE);
IPPair *h = IPPairAlloc();
if (h == NULL)
goto end;
IPPairBitAdd(h, 0,90);
IPPairBitAdd(h, 1,90);
IPPairBitAdd(h, 2,90);
IPPairBitAdd(h, 3,90);
XBit *fb = IPPairBitGet(h,3);
if (fb != NULL)
ret = 1;
IPPairFree(h);
end:
IPPairCleanup();
return ret;
}
static int IPPairBitTest08 (void)
{
int ret = 0;
IPPairInitConfig(TRUE);
IPPair *h = IPPairAlloc();
if (h == NULL)
goto end;
IPPairBitAdd(h, 0,90);
IPPairBitAdd(h, 1,90);
IPPairBitAdd(h, 2,90);
IPPairBitAdd(h, 3,90);
XBit *fb = IPPairBitGet(h,0);
if (fb == NULL)
goto end;
IPPairBitRemove(h,0);
fb = IPPairBitGet(h,0);
if (fb != NULL) {
printf("fb != NULL even though it was removed: ");
goto end;
}
ret = 1;
IPPairFree(h);
end:
IPPairCleanup();
return ret;
}
static int IPPairBitTest09 (void)
{
int ret = 0;
IPPairInitConfig(TRUE);
IPPair *h = IPPairAlloc();
if (h == NULL)
goto end;
IPPairBitAdd(h, 0,90);
IPPairBitAdd(h, 1,90);
IPPairBitAdd(h, 2,90);
IPPairBitAdd(h, 3,90);
XBit *fb = IPPairBitGet(h,1);
if (fb == NULL)
goto end;
IPPairBitRemove(h,1);
fb = IPPairBitGet(h,1);
if (fb != NULL) {
printf("fb != NULL even though it was removed: ");
goto end;
}
ret = 1;
IPPairFree(h);
end:
IPPairCleanup();
return ret;
}
static int IPPairBitTest10 (void)
{
int ret = 0;
IPPairInitConfig(TRUE);
IPPair *h = IPPairAlloc();
if (h == NULL)
goto end;
IPPairBitAdd(h, 0,90);
IPPairBitAdd(h, 1,90);
IPPairBitAdd(h, 2,90);
IPPairBitAdd(h, 3,90);
XBit *fb = IPPairBitGet(h,2);
if (fb == NULL)
goto end;
IPPairBitRemove(h,2);
fb = IPPairBitGet(h,2);
if (fb != NULL) {
printf("fb != NULL even though it was removed: ");
goto end;
}
ret = 1;
IPPairFree(h);
end:
IPPairCleanup();
return ret;
}
static int IPPairBitTest11 (void)
{
int ret = 0;
IPPairInitConfig(TRUE);
IPPair *h = IPPairAlloc();
if (h == NULL)
goto end;
IPPairBitAdd(h, 0,90);
IPPairBitAdd(h, 1,90);
IPPairBitAdd(h, 2,90);
IPPairBitAdd(h, 3,90);
XBit *fb = IPPairBitGet(h,3);
if (fb == NULL)
goto end;
IPPairBitRemove(h,3);
fb = IPPairBitGet(h,3);
if (fb != NULL) {
printf("fb != NULL even though it was removed: ");
goto end;
}
ret = 1;
IPPairFree(h);
end:
IPPairCleanup();
return ret;
}
#endif /* UNITTESTS */
void IPPairBitRegisterTests(void)
{
#ifdef UNITTESTS
UtRegisterTest("IPPairBitTest01", IPPairBitTest01);
UtRegisterTest("IPPairBitTest02", IPPairBitTest02);
UtRegisterTest("IPPairBitTest03", IPPairBitTest03);
UtRegisterTest("IPPairBitTest04", IPPairBitTest04);
UtRegisterTest("IPPairBitTest05", IPPairBitTest05);
UtRegisterTest("IPPairBitTest06", IPPairBitTest06);
UtRegisterTest("IPPairBitTest07", IPPairBitTest07);
UtRegisterTest("IPPairBitTest08", IPPairBitTest08);
UtRegisterTest("IPPairBitTest09", IPPairBitTest09);
UtRegisterTest("IPPairBitTest10", IPPairBitTest10);
UtRegisterTest("IPPairBitTest11", IPPairBitTest11);
#endif /* UNITTESTS */
}
Reference in New Issue View Git Blame Copy Permalink