mirror of https://github.com/OISF/suricata
				
				
				
			
			You cannot select more than 25 topics
			Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
		
		
		
		
		
			
		
			
				
	
	
		
			390 lines
		
	
	
		
			11 KiB
		
	
	
	
		
			C
		
	
			
		
		
	
	
			390 lines
		
	
	
		
			11 KiB
		
	
	
	
		
			C
		
	
| /* Copyright (C) 2007-2016 Open Information Security Foundation
 | |
|  *
 | |
|  * You can copy, redistribute or modify this Program under the terms of
 | |
|  * the GNU General Public License version 2 as published by the Free
 | |
|  * Software Foundation.
 | |
|  *
 | |
|  * This program is distributed in the hope that it will be useful,
 | |
|  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 | |
|  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 | |
|  * GNU General Public License for more details.
 | |
|  *
 | |
|  * You should have received a copy of the GNU General Public License
 | |
|  * version 2 along with this program; if not, write to the Free Software
 | |
|  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 | |
|  * 02110-1301, USA.
 | |
|  */
 | |
| 
 | |
| /**
 | |
|  * \file
 | |
|  *
 | |
|  * \author Victor Julien <victor@inliniac.net>
 | |
|  *
 | |
|  * Generic variable name utility functions
 | |
|  */
 | |
| 
 | |
| #include "suricata-common.h"
 | |
| #include "detect.h"
 | |
| #include "util-hashlist.h"
 | |
| #include "util-var-name.h"
 | |
| 
 | |
| /* the way this can be used w/o locking lookups:
 | |
|  * - Lookups use only g_varnamestore_current which is read only
 | |
|  * - Detection setups a new ctx in staging, which will include the 'current'
 | |
|  *   entries keeping ID's stable
 | |
|  * - Detection hot swaps staging into current after a new detect engine was
 | |
|  *   created. Current remains available through 'old'.
 | |
|  * - When detect reload is complete (threads are all moved over), 'old' can
 | |
|  *   be freed.
 | |
|  */
 | |
| 
 | |
| typedef struct VarNameStore_ {
 | |
|     HashListTable *names;
 | |
|     HashListTable *ids;
 | |
|     uint32_t max_id;
 | |
|     uint32_t de_ctx_version;    /**< de_ctx version 'owning' this */
 | |
| } VarNameStore;
 | |
| 
 | |
| static int initialized = 0;
 | |
| /* currently VarNameStore that is READ ONLY. This way lookups can
 | |
|  * be done w/o locking or synchronization */
 | |
| SC_ATOMIC_DECLARE(VarNameStore *, g_varnamestore_current);
 | |
| 
 | |
| /* old VarNameStore on the way out */
 | |
| static VarNameStore *g_varnamestore_old = NULL;
 | |
| 
 | |
| /* new VarNameStore that is being prepared. Multiple DetectLoader threads
 | |
|  * may be updating it so a lock is used for synchronization. */
 | |
| static VarNameStore *g_varnamestore_staging = NULL;
 | |
| static SCMutex g_varnamestore_staging_m = SCMUTEX_INITIALIZER;
 | |
| 
 | |
| /** \brief Name2idx mapping structure for flowbits, flowvars and pktvars. */
 | |
| typedef struct VariableName_ {
 | |
|     char *name;
 | |
|     uint8_t type; /* flowbit, pktvar, etc */
 | |
|     uint32_t idx;
 | |
| } VariableName;
 | |
| 
 | |
| #define VARNAME_HASHSIZE 0x1000
 | |
| #define VARID_HASHSIZE 0x1000
 | |
| 
 | |
| static uint32_t VariableNameHash(HashListTable *ht, void *buf, uint16_t buflen)
 | |
| {
 | |
|      VariableName *fn = (VariableName *)buf;
 | |
|      uint32_t hash = strlen(fn->name) + fn->type;
 | |
|      uint16_t u;
 | |
| 
 | |
|      for (u = 0; u < buflen; u++) {
 | |
|          hash += fn->name[u];
 | |
|      }
 | |
| 
 | |
|      return (hash % VARNAME_HASHSIZE);
 | |
| }
 | |
| 
 | |
| static char VariableNameCompare(void *buf1, uint16_t len1, void *buf2, uint16_t len2)
 | |
| {
 | |
|     VariableName *fn1 = (VariableName *)buf1;
 | |
|     VariableName *fn2 = (VariableName *)buf2;
 | |
| 
 | |
|     if (fn1->type != fn2->type)
 | |
|         return 0;
 | |
| 
 | |
|     if (strcmp(fn1->name,fn2->name) == 0)
 | |
|         return 1;
 | |
| 
 | |
|     return 0;
 | |
| }
 | |
| 
 | |
| static uint32_t VariableIdxHash(HashListTable *ht, void *buf, uint16_t buflen)
 | |
| {
 | |
|     VariableName *fn = (VariableName *)buf;
 | |
|     uint32_t hash = fn->idx + fn->type;
 | |
|     return (hash % VARID_HASHSIZE);
 | |
| }
 | |
| 
 | |
| static char VariableIdxCompare(void *buf1, uint16_t len1, void *buf2, uint16_t len2)
 | |
| {
 | |
|     VariableName *fn1 = (VariableName *)buf1;
 | |
|     VariableName *fn2 = (VariableName *)buf2;
 | |
| 
 | |
|     if (fn1->type != fn2->type)
 | |
|         return 0;
 | |
| 
 | |
|     if (fn1->idx == fn2->idx)
 | |
|         return 1;
 | |
| 
 | |
|     return 0;
 | |
| }
 | |
| 
 | |
| static void VariableNameFree(void *data)
 | |
| {
 | |
|     VariableName *fn = (VariableName *)data;
 | |
| 
 | |
|     if (fn == NULL)
 | |
|         return;
 | |
| 
 | |
|     if (fn->name != NULL) {
 | |
|         SCFree(fn->name);
 | |
|         fn->name = NULL;
 | |
|     }
 | |
| 
 | |
|     SCFree(fn);
 | |
| }
 | |
| 
 | |
| /** \brief Initialize the Name idx hash.
 | |
|  */
 | |
| static VarNameStore *VarNameStoreInit(void)
 | |
| {
 | |
|     VarNameStore *v = SCCalloc(1, sizeof(*v));
 | |
|     if (v == NULL)
 | |
|         return NULL;
 | |
| 
 | |
|     v->names = HashListTableInit(VARNAME_HASHSIZE, VariableNameHash, VariableNameCompare, VariableNameFree);
 | |
|     if (v->names == NULL) {
 | |
|         SCFree(v);
 | |
|         return NULL;
 | |
|     }
 | |
| 
 | |
|     v->ids = HashListTableInit(VARID_HASHSIZE, VariableIdxHash, VariableIdxCompare, NULL);
 | |
|     if (v->ids == NULL) {
 | |
|         HashListTableFree(v->names);
 | |
|         SCFree(v);
 | |
|         return NULL;
 | |
|     }
 | |
| 
 | |
|     v->max_id = 0;
 | |
|     return v;
 | |
| }
 | |
| 
 | |
| static void VarNameStoreDoFree(VarNameStore *v)
 | |
| {
 | |
|     if (v) {
 | |
|         HashListTableFree(v->names);
 | |
|         HashListTableFree(v->ids);
 | |
|         SCFree(v);
 | |
|     }
 | |
| }
 | |
| 
 | |
| 
 | |
| /** \brief Get a name idx for a name. If the name is already used reuse the idx.
 | |
|  *  \param name nul terminated string with the name
 | |
|  *  \param type variable type
 | |
|  *  \retval 0 in case of error
 | |
|  *  \retval idx the idx or 0
 | |
|  */
 | |
| static uint32_t VariableNameGetIdx(VarNameStore *v, const char *name, enum VarTypes type)
 | |
| {
 | |
|     uint32_t idx = 0;
 | |
| 
 | |
|     VariableName *fn = SCMalloc(sizeof(VariableName));
 | |
|     if (unlikely(fn == NULL))
 | |
|         goto error;
 | |
| 
 | |
|     memset(fn, 0, sizeof(VariableName));
 | |
| 
 | |
|     fn->type = type;
 | |
|     fn->name = SCStrdup(name);
 | |
|     if (fn->name == NULL)
 | |
|         goto error;
 | |
| 
 | |
|     VariableName *lookup_fn = (VariableName *)HashListTableLookup(v->names, (void *)fn, 0);
 | |
|     if (lookup_fn == NULL) {
 | |
|         v->max_id++;
 | |
| 
 | |
|         idx = fn->idx = v->max_id;
 | |
|         HashListTableAdd(v->names, (void *)fn, 0);
 | |
|         HashListTableAdd(v->ids, (void *)fn, 0);
 | |
|         SCLogDebug("new registration %s id %u type %u", fn->name, fn->idx, fn->type);
 | |
|     } else {
 | |
|         idx = lookup_fn->idx;
 | |
|         VariableNameFree(fn);
 | |
|     }
 | |
| 
 | |
|     return idx;
 | |
| error:
 | |
|     VariableNameFree(fn);
 | |
|     return 0;
 | |
| }
 | |
| 
 | |
| /** \brief Get a name from the idx.
 | |
|  *  \param idx index of the variable whose name is to be fetched
 | |
|  *  \param type variable type
 | |
|  *  \retval NULL in case of error
 | |
|  *  \retval name of the variable if successful.
 | |
|  *  \todo no alloc on lookup
 | |
|  */
 | |
| static char *VariableIdxGetName(VarNameStore *v, uint32_t idx, enum VarTypes type)
 | |
| {
 | |
|     VariableName *fn = SCMalloc(sizeof(VariableName));
 | |
|     if (unlikely(fn == NULL))
 | |
|         goto error;
 | |
| 
 | |
|     char *name = NULL;
 | |
|     memset(fn, 0, sizeof(VariableName));
 | |
| 
 | |
|     fn->type = type;
 | |
|     fn->idx = idx;
 | |
| 
 | |
|     VariableName *lookup_fn = (VariableName *)HashListTableLookup(v->ids, (void *)fn, 0);
 | |
|     if (lookup_fn != NULL) {
 | |
|         name = SCStrdup(lookup_fn->name);
 | |
|         if (unlikely(name == NULL))
 | |
|             goto error;
 | |
| 
 | |
|         VariableNameFree(fn);
 | |
|     } else {
 | |
|         goto error;
 | |
|     }
 | |
| 
 | |
|     return name;
 | |
| error:
 | |
|     VariableNameFree(fn);
 | |
|     return NULL;
 | |
| }
 | |
| 
 | |
| /** \brief setup staging store. Include current store if there is one.
 | |
|  */
 | |
| int VarNameStoreSetupStaging(uint32_t de_ctx_version)
 | |
| {
 | |
|     SCMutexLock(&g_varnamestore_staging_m);
 | |
| 
 | |
|     if (!initialized) {
 | |
|         SC_ATOMIC_INITPTR(g_varnamestore_current);
 | |
|         initialized = 1;
 | |
|     }
 | |
| 
 | |
|     if (g_varnamestore_staging != NULL &&
 | |
|         g_varnamestore_staging->de_ctx_version == de_ctx_version) {
 | |
|         SCMutexUnlock(&g_varnamestore_staging_m);
 | |
|         return 0;
 | |
|     }
 | |
| 
 | |
|     VarNameStore *nv = VarNameStoreInit();
 | |
|     if (nv == NULL) {
 | |
|         SCMutexUnlock(&g_varnamestore_staging_m);
 | |
|         return -1;
 | |
|     }
 | |
|     g_varnamestore_staging = nv;
 | |
|     nv->de_ctx_version = de_ctx_version;
 | |
| 
 | |
|     VarNameStore *current = SC_ATOMIC_GET(g_varnamestore_current);
 | |
|     if (current) {
 | |
|         /* add all entries from the current hash into this new one. */
 | |
|         HashListTableBucket *b = HashListTableGetListHead(current->names);
 | |
|         while (b) {
 | |
|             VariableName *var = HashListTableGetListData(b);
 | |
| 
 | |
|             VariableName *newvar = SCCalloc(1, sizeof(*newvar));
 | |
|             BUG_ON(newvar == NULL);
 | |
|             memcpy(newvar, var, sizeof(*newvar));
 | |
|             newvar->name = SCStrdup(var->name);
 | |
|             BUG_ON(newvar->name == NULL);
 | |
| 
 | |
|             HashListTableAdd(nv->names, (void *)newvar, 0);
 | |
|             HashListTableAdd(nv->ids, (void *)newvar, 0);
 | |
|             nv->max_id = MAX(nv->max_id, newvar->idx);
 | |
|             SCLogDebug("xfer %s id %u type %u", newvar->name, newvar->idx, newvar->type);
 | |
| 
 | |
|             b = HashListTableGetListNext(b);
 | |
|         }
 | |
|     }
 | |
| 
 | |
|     SCLogDebug("set up staging with detect engine ver %u", nv->de_ctx_version);
 | |
|     SCMutexUnlock(&g_varnamestore_staging_m);
 | |
|     return 0;
 | |
| }
 | |
| 
 | |
| const char *VarNameStoreLookupById(const uint32_t id, const enum VarTypes type)
 | |
| {
 | |
|     VarNameStore *current = SC_ATOMIC_GET(g_varnamestore_current);
 | |
|     BUG_ON(current == NULL);
 | |
|     VariableName lookup = { NULL, type, id };
 | |
|     VariableName *found = (VariableName *)HashListTableLookup(current->ids, (void *)&lookup, 0);
 | |
|     if (found == NULL) {
 | |
|         return NULL;
 | |
|     }
 | |
|     return found->name;
 | |
| }
 | |
| 
 | |
| uint32_t VarNameStoreLookupByName(const char *name, const enum VarTypes type)
 | |
| {
 | |
|     VarNameStore *current = SC_ATOMIC_GET(g_varnamestore_current);
 | |
|     BUG_ON(current == NULL);
 | |
|     VariableName lookup = { (char *)name, type, 0 };
 | |
|     VariableName *found = (VariableName *)HashListTableLookup(current->names, (void *)&lookup, 0);
 | |
|     if (found == NULL) {
 | |
|         return 0;
 | |
|     }
 | |
|     SCLogDebug("found %u for %s type %u", found->idx, name, type);
 | |
|     return found->idx;
 | |
| }
 | |
| 
 | |
| /** \brief add to staging or return existing id if already in there */
 | |
| uint32_t VarNameStoreSetupAdd(const char *name, const enum VarTypes type)
 | |
| {
 | |
|     uint32_t id;
 | |
|     SCMutexLock(&g_varnamestore_staging_m);
 | |
|     id = VariableNameGetIdx(g_varnamestore_staging, name, type);
 | |
|     SCMutexUnlock(&g_varnamestore_staging_m);
 | |
|     return id;
 | |
| }
 | |
| 
 | |
| char *VarNameStoreSetupLookup(uint32_t idx, const enum VarTypes type)
 | |
| {
 | |
|     SCMutexLock(&g_varnamestore_staging_m);
 | |
|     char *name = VariableIdxGetName(g_varnamestore_staging, idx, type);
 | |
|     SCMutexUnlock(&g_varnamestore_staging_m);
 | |
|     return name;
 | |
| }
 | |
| 
 | |
| void VarNameStoreActivateStaging(void)
 | |
| {
 | |
|     SCMutexLock(&g_varnamestore_staging_m);
 | |
|     if (g_varnamestore_old) {
 | |
|         VarNameStoreDoFree(g_varnamestore_old);
 | |
|         g_varnamestore_old = NULL;
 | |
|     }
 | |
|     g_varnamestore_old = SC_ATOMIC_GET(g_varnamestore_current);
 | |
|     SC_ATOMIC_SET(g_varnamestore_current, g_varnamestore_staging);
 | |
|     g_varnamestore_staging = NULL;
 | |
|     SCMutexUnlock(&g_varnamestore_staging_m);
 | |
| }
 | |
| 
 | |
| void VarNameStoreFreeOld(void)
 | |
| {
 | |
|     SCMutexLock(&g_varnamestore_staging_m);
 | |
|     SCLogDebug("freeing g_varnamestore_old %p", g_varnamestore_old);
 | |
|     if (g_varnamestore_old) {
 | |
|         VarNameStoreDoFree(g_varnamestore_old);
 | |
|         g_varnamestore_old = NULL;
 | |
|     }
 | |
|     SCMutexUnlock(&g_varnamestore_staging_m);
 | |
| }
 | |
| 
 | |
| void VarNameStoreFree(uint32_t de_ctx_version)
 | |
| {
 | |
|     SCLogDebug("freeing detect engine version %u", de_ctx_version);
 | |
|     SCMutexLock(&g_varnamestore_staging_m);
 | |
|     if (g_varnamestore_old && g_varnamestore_old->de_ctx_version == de_ctx_version) {
 | |
|         VarNameStoreDoFree(g_varnamestore_old);
 | |
|         g_varnamestore_old = NULL;
 | |
|         SCLogDebug("freeing detect engine version %u: old done", de_ctx_version);
 | |
|     }
 | |
| 
 | |
|     /* if at this point we have a staging area which matches our version
 | |
|      * we didn't complete the setup and are cleaning up the mess. */
 | |
|     if (g_varnamestore_staging && g_varnamestore_staging->de_ctx_version == de_ctx_version) {
 | |
|         VarNameStoreDoFree(g_varnamestore_staging);
 | |
|         g_varnamestore_staging = NULL;
 | |
|         SCLogDebug("freeing detect engine version %u: staging done", de_ctx_version);
 | |
|     }
 | |
| 
 | |
|     VarNameStore *current = SC_ATOMIC_GET(g_varnamestore_current);
 | |
|     if (current && current->de_ctx_version == de_ctx_version) {
 | |
|         VarNameStoreDoFree(current);
 | |
|         SC_ATOMIC_SET(g_varnamestore_current, NULL);
 | |
|         SCLogDebug("freeing detect engine version %u: current done", de_ctx_version);
 | |
|     }
 | |
|     SCMutexUnlock(&g_varnamestore_staging_m);
 | |
| }
 |