{
const PktVar *pv = p->pktvar;
- while(pv != NULL) {
- MemBufferWriteString(aft->buffer, "PKTVAR: %s\n", pv->name);
+ while (pv != NULL) {
+ const char *varname = VarNameStoreLookupById(pv->id, VAR_TYPE_PKT_VAR);
+ MemBufferWriteString(aft->buffer, "PKTVAR: %s\n", varname);
PrintRawDataToBuffer(aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size,
pv->value, pv->value_len);
pv = pv->next;
} PacketEngineEvents;
typedef struct PktVar_ {
- const char *name;
+ uint32_t id;
struct PktVar_ *next; /* right now just implement this as a list,
* in the long run we have thing of something
* faster. */
continue;
if (pe->captypes[x] == VAR_TYPE_PKT_VAR && p != NULL) {
- const char *varname = VarNameStoreLookupById(pe->capids[x],
- VAR_TYPE_PKT_VAR);
- PktVarAdd(p, varname, (uint8_t *)str_ptr, ret);
+ PktVarAdd(p, pe->capids[x], (uint8_t *)str_ptr, ret);
} else if (pe->captypes[x] == VAR_TYPE_FLOW_VAR && f != NULL) {
/* store max 64k. Errors are ignored */
int ret = 0;
const DetectPktvarData *pd = (const DetectPktvarData *)ctx;
- PktVar *pv = PktVarGet(p, pd->name);
+ PktVar *pv = PktVarGet(p, pd->id);
if (pv != NULL) {
uint8_t *ptr = SpmSearch(pv->value, pv->value_len, pd->content, pd->content_len);
if (ptr != NULL)
if (ret != 3) {
SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for pktvar.", rawstr);
return -1;
-
}
const char *str_ptr;
return -1;
}
- cd->name = SCStrdup(varname);
- if (cd->name == NULL) {
- SCFree(cd);
- if (dubbed) SCFree(str);
- return -1;
- }
+ cd->id = VarNameStoreSetupAdd(varname, VAR_TYPE_PKT_VAR);
memcpy(cd->content, str, len);
cd->content_len = len;
if (dubbed)
SCFree(str);
if (cd) {
- if (cd->name)
- SCFree(cd->name);
SCFree(cd);
}
if (sm)
#define __DETECT_PKTVAR_H__
typedef struct DetectPktvarData_ {
- char *name;
- uint8_t *content;
+ uint32_t id;
uint8_t content_len;
uint8_t flags;
+ uint8_t *content;
} DetectPktvarData;
/* prototypes */
Packet *p = NULL;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
- int result = 0;
-
memset(&th_v, 0, sizeof(th_v));
p = UTHBuildPacketSrcDstPorts((uint8_t *)buf, buflen, IPPROTO_TCP, 12345, 80);
+ FAIL_IF_NULL(p);
ConfCreateContextBackup();
ConfInit();
ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
- if (de_ctx == NULL) {
- goto end;
- }
-
+ FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
- de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any $HTTP_PORTS (msg:\"HTTP host cap\"; content:\"Host:\"; pcre:\"/^Host: (?P<pkt_http_host>.*)\\r\\n/m\"; noalert; sid:1;)");
- if (de_ctx->sig_list == NULL) {
- result = 0;
- goto end;
- }
+ Signature *s = DetectEngineAppendSig(de_ctx,"alert tcp any any -> any $HTTP_PORTS (msg:\"HTTP host cap\"; content:\"Host:\"; pcre:\"/^Host: (?P<pkt_http_host>.*)\\r\\n/m\"; noalert; sid:1;)");
+ FAIL_IF_NULL(s);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx);
-
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
- PktVar *pv_hn = PktVarGet(p, "http_host");
- if (pv_hn != NULL) {
- if (memcmp(pv_hn->value, "one.example.org", pv_hn->value_len < 15 ? pv_hn->value_len : 15) == 0)
- result = 1;
- else {
- printf("\"");
- PrintRawUriFp(stdout, pv_hn->value, pv_hn->value_len);
- printf("\" != \"one.example.org\": ");
- }
- PktVarFree(pv_hn);
- } else {
- printf("Pkt var http_host not captured: ");
- }
-end:
- if (de_ctx != NULL) {
- SigGroupCleanup(de_ctx);
- SigCleanSignatures(de_ctx);
- if (det_ctx != NULL)
- DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
- DetectEngineCtxFree(de_ctx);
- }
+ uint32_t capid = VarNameStoreLookupByName("http_host", VAR_TYPE_PKT_VAR);
+
+ PktVar *pv_hn = PktVarGet(p, capid);
+ FAIL_IF_NULL(pv_hn);
+
+ FAIL_IF(pv_hn->value_len != 15);
+ FAIL_IF_NOT(memcmp(pv_hn->value, "one.example.org", pv_hn->value_len) == 0);
+
+ PktVarFree(pv_hn);
+ DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
+ DetectEngineCtxFree(de_ctx);
ConfDeInit();
ConfRestoreContextBackup();
UTHFreePackets(&p, 1);
- return result;
+
+ PASS;
}
static int SigTest18 (void)
-/* Copyright (C) 2007-2010 Open Information Security Foundation
+/* Copyright (C) 2007-2016 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#include "util-debug.h"
/* puts a new value into a pktvar */
-void PktVarUpdate(PktVar *pv, uint8_t *value, uint16_t size)
+static void PktVarUpdate(PktVar *pv, uint8_t *value, uint16_t size)
{
- if (pv->value) SCFree(pv->value);
+ if (pv->value)
+ SCFree(pv->value);
pv->value = value;
pv->value_len = size;
}
/* get the pktvar with name 'name' from the pkt
*
* name is a normal string*/
-PktVar *PktVarGet(Packet *p, const char *name)
+PktVar *PktVarGet(Packet *p, uint32_t id)
{
PktVar *pv = p->pktvar;
for (;pv != NULL; pv = pv->next) {
- if (pv->name && strcmp(pv->name, name) == 0)
+ if (pv->id == id)
return pv;
}
}
/* add a pktvar to the pkt, or update it */
-void PktVarAdd(Packet *p, const char *name, uint8_t *value, uint16_t size)
+void PktVarAdd(Packet *p, uint32_t id, uint8_t *value, uint16_t size)
{
//printf("Adding packet var \"%s\" with value(%" PRId32 ") \"%s\"\n", name, size, value);
- PktVar *pv = PktVarGet(p, name);
+ PktVar *pv = PktVarGet(p, id);
if (pv == NULL) {
pv = SCMalloc(sizeof(PktVar));
if (unlikely(pv == NULL))
return;
- pv->name = name;
+ pv->id = id;
pv->value = value;
pv->value_len = size;
pv->next = NULL;
PktVar *tpv = p->pktvar;
- if (p->pktvar == NULL) p->pktvar = pv;
+ if (p->pktvar == NULL)
+ p->pktvar = pv;
else {
while(tpv) {
if (tpv->next == NULL) {
if (pv == NULL)
return;
- pv->name = NULL;
if (pv->value != NULL)
SCFree(pv->value);
PktVar *pv_next = pv->next;
if (pv_next != NULL)
PktVarFree(pv_next);
}
-
-void PktVarPrint(PktVar *pv)
-{
- uint16_t i;
-
- if (pv == NULL)
- return;
-
- printf("Name \"%s\", Value \"", pv->name);
- for (i = 0; i < pv->value_len; i++) {
- if (isprint(pv->value[i])) printf("%c", pv->value[i]);
- else printf("\\%02X", pv->value[i]);
- }
- printf("\", Len \"%" PRIu32 "\"\n", pv->value_len);
-
- PktVarPrint(pv->next);
-}
-
-/* Copyright (C) 2007-2010 Open Information Security Foundation
+/* Copyright (C) 2007-2016 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#ifndef __PKT_VAR_H__
#define __PKT_VAR_H__
-void PktVarAdd(Packet *, const char *, uint8_t *, uint16_t);
-PktVar *PktVarGet(Packet *, const char *);
+void PktVarAdd(Packet *, uint32_t id, uint8_t *, uint16_t);
+PktVar *PktVarGet(Packet *, uint32_t id);
void PktVarFree(PktVar *);
-void PktVarPrint(PktVar *);
#endif /* __PKT_VAR_H__ */
projects / thirdparty / suricata.git / commitdiff
