fakehdr->ip4h.ip_verhl = p->ip4h->ip_verhl;
fakehdr->ip4h.ip_proto = p->ip4h->ip_proto;
if (! invert) {
- fakehdr->ip4h.ip_src.s_addr = p->ip4h->ip_src.s_addr;
- fakehdr->ip4h.ip_dst.s_addr = p->ip4h->ip_dst.s_addr;
+ fakehdr->ip4h.s_ip_src.s_addr = p->ip4h->s_ip_src.s_addr;
+ fakehdr->ip4h.s_ip_dst.s_addr = p->ip4h->s_ip_dst.s_addr;
} else {
- fakehdr->ip4h.ip_dst.s_addr = p->ip4h->ip_src.s_addr;
- fakehdr->ip4h.ip_src.s_addr = p->ip4h->ip_dst.s_addr;
+ fakehdr->ip4h.s_ip_dst.s_addr = p->ip4h->s_ip_src.s_addr;
+ fakehdr->ip4h.s_ip_src.s_addr = p->ip4h->s_ip_dst.s_addr;
}
fakehdr->ip4h.ip_len = htons((uint16_t)pkt_len);
fakehdr->ip6h.s_ip6_nxt = IPPROTO_TCP;
fakehdr->ip6h.s_ip6_plen = htons(sizeof(TCPHdr));
if (!invert) {
- memcpy(fakehdr->ip6h.ip6_src, p->ip6h->ip6_src, 32);
+ memcpy(fakehdr->ip6h.s_ip6_addrs, p->ip6h->s_ip6_addrs, 32);
} else {
- memcpy(fakehdr->ip6h.ip6_src, p->ip6h->ip6_dst, 16);
- memcpy(fakehdr->ip6h.ip6_dst, p->ip6h->ip6_src, 16);
+ memcpy(fakehdr->ip6h.s_ip6_src, p->ip6h->s_ip6_dst, 16);
+ memcpy(fakehdr->ip6h.s_ip6_dst, p->ip6h->s_ip6_src, 16);
}
if (! invert) {
fakehdr->tcph.th_sport = p->tcph->th_sport;
fakehdr.ip4h.ip_verhl = p->ip4h->ip_verhl;
fakehdr.ip4h.ip_proto = p->ip4h->ip_proto;
- fakehdr.ip4h.ip_src.s_addr = p->ip4h->ip_src.s_addr;
- fakehdr.ip4h.ip_dst.s_addr = p->ip4h->ip_dst.s_addr;
+ fakehdr.ip4h.s_ip_src.s_addr = p->ip4h->s_ip_src.s_addr;
+ fakehdr.ip4h.s_ip_dst.s_addr = p->ip4h->s_ip_dst.s_addr;
fakehdr.ip4h.ip_len = htons((uint16_t)pkt_len);
fakehdr.tcph.th_sport = p->tcph->th_sport;
fakehdr.ethh.eth_type = htons(ETHERNET_TYPE_IPV6);
if (p->ethh != NULL) {
- memcpy(&fakehdr.ethh.eth_dst, p->ethh->eth_dst, 12);
+ memcpy(&fakehdr.ethh.eth_src, p->ethh->eth_src, 6);
+ memcpy(&fakehdr.ethh.eth_dst, p->ethh->eth_dst, 6);
}
fakehdr.ip6h.s_ip6_vfc = p->ip6h->s_ip6_vfc;
fakehdr.ip6h.s_ip6_nxt = IPPROTO_TCP;
fakehdr.ip6h.s_ip6_plen = htons(sizeof(TCPHdr) + stream_msg->data.data_len);
- memcpy(&fakehdr.ip6h.ip6_src, p->ip6h->ip6_src, 32);
+ memcpy(&fakehdr.ip6h.s_ip6_addrs, p->ip6h->s_ip6_addrs, 32);
fakehdr.tcph.th_sport = p->tcph->th_sport;
fakehdr.tcph.th_dport = p->tcph->th_dport;
fakehdr.tcph.th_offx2 = 0x50; /* just the TCP header, no options */
if (PKT_IS_IPV6(p)) {
FakeIPv6Hdr *fakehdr = (FakeIPv6Hdr *)aun->iphdr;
fakehdr->tcph.th_sum = TCPV6CalculateChecksum(
- (uint16_t *)&(fakehdr->ip6h.ip6_src),
+ fakehdr->ip6h.s_ip6_addrs,
(uint16_t *)&fakehdr->tcph, buflen + sizeof(TCPHdr));
} else {
FakeIPv4Hdr *fakehdr = (FakeIPv4Hdr *)aun->iphdr;
fakehdr->tcph.th_sum = TCPCalculateChecksum(
- (uint16_t *)&(fakehdr->ip4h.ip_src),
+ fakehdr->ip4h.s_ip_addrs,
(uint16_t *)&fakehdr->tcph, buflen + sizeof(TCPHdr));
fakehdr->ip4h.ip_csum = IPV4CalculateChecksum(
(uint16_t *)&fakehdr->ip4h,
SCMutexLock(&aun->file_ctx->fp_mutex);
if ((aun->file_ctx->size_current +(sizeof(hdr) + sizeof(*phdr))) > aun->file_ctx->size_limit) {
if (Unified2AlertRotateFile(t,aun) < 0) {
- SCMutexUnlock(&aun->file_ctx->fp_mutex);
aun->file_ctx->alerts += i;
+ SCMutexUnlock(&aun->file_ctx->fp_mutex);
return -1;
}
}
ret = Unified2PacketTypeAlert(aun, p, pa->alert_msg, phdr->event_id, pa->flags & PACKET_ALERT_FLAG_STATE_MATCH ? 1 : 0);
if (ret != 1) {
SCLogError(SC_ERR_FWRITE, "Error: fwrite failed: %s", strerror(errno));
- SCMutexUnlock(&aun->file_ctx->fp_mutex);
aun->file_ctx->alerts += i;
+ SCMutexUnlock(&aun->file_ctx->fp_mutex);
return -1;
}
fflush(aun->file_ctx->fp);
SCMutexUnlock(&aun->file_ctx->fp_mutex);
}
- aun->file_ctx->alerts += p->alerts.cnt;
+ SCMutexLock(&aun->file_ctx->fp_mutex);
+ aun->file_ctx->alerts += p->alerts.cnt;
+ SCMutexUnlock(&aun->file_ctx->fp_mutex);
return 0;
}
gphdr.event_id = 0;
gphdr.event_second = htonl(p->ts.tv_sec);
gphdr.event_microsecond = htonl(p->ts.tv_usec);
- gphdr.src_ip = p->ip4h->ip_src.s_addr;
- gphdr.dst_ip = p->ip4h->ip_dst.s_addr;
+ gphdr.src_ip = p->ip4h->s_ip_src.s_addr;
+ gphdr.dst_ip = p->ip4h->s_ip_dst.s_addr;
gphdr.protocol = IPV4_GET_RAW_IPPROTO(p->ip4h);
if ((aun->file_ctx->size_current +(sizeof(hdr) + sizeof(*phdr))) > aun->file_ctx->size_limit) {
if (Unified2AlertRotateFile(tv,aun) < 0) {
- SCMutexUnlock(&aun->file_ctx->fp_mutex);
aun->file_ctx->alerts += i;
+ SCMutexUnlock(&aun->file_ctx->fp_mutex);
return -1;
}
}
ret = Unified2PacketTypeAlert(aun, p, pa->alert_msg, event_id, pa->flags & PACKET_ALERT_FLAG_STATE_MATCH ? 1 : 0);
if (ret != 1) {
SCLogError(SC_ERR_FWRITE, "Error: PacketTypeAlert writing failed");
- SCMutexUnlock(&aun->file_ctx->fp_mutex);
aun->file_ctx->alerts += i;
+ SCMutexUnlock(&aun->file_ctx->fp_mutex);
return -1;
}
fflush(aun->file_ctx->fp);
SCMutexUnlock(&aun->file_ctx->fp_mutex);
}
- aun->file_ctx->alerts += p->alerts.cnt;
+ SCMutexLock(&aun->file_ctx->fp_mutex);
+ aun->file_ctx->alerts += p->alerts.cnt;
+ SCMutexUnlock(&aun->file_ctx->fp_mutex);
return 0;
}
table_iterator_reset(tx->request_headers);
table_iterator_next(tx->request_headers, (void **) & h);
- if (htp_state->connp == NULL || strcmp(bstr_tocstr(h->value), "Victor/1.0")
+ if (strcmp(bstr_tocstr(h->value), "Victor/1.0")
|| tx->request_method_number != M_POST ||
tx->request_protocol_number != HTTP_1_0)
{
table_iterator_reset(tx->request_headers);
table_iterator_next(tx->request_headers, (void **) & h);
- if (htp_state->connp == NULL || tx->request_method_number != M_UNKNOWN ||
+ if (tx->request_method_number != M_UNKNOWN ||
h != NULL || tx->request_protocol_number != HTTP_1_0)
{
printf("expected method M_UNKNOWN and got %s: , expected protocol "
table_iterator_reset(tx->request_headers);
table_iterator_next(tx->request_headers, (void **) & h);
- if (htp_state->connp == NULL || tx->request_method_number != M_UNKNOWN ||
+ if (tx->request_method_number != M_UNKNOWN ||
h != NULL || tx->request_protocol_number != PROTOCOL_UNKNOWN)
{
printf("expected method M_UNKNOWN and got %s: , expected protocol "
table_iterator_reset(tx->request_headers);
table_iterator_next(tx->request_headers, (void **) & h);
- if (http_state->connp == NULL || tx->request_method_number != M_POST ||
+ if (tx->request_method_number != M_POST ||
h == NULL || tx->request_protocol_number != HTTP_1_0)
{
printf("expected method M_POST and got %s: , expected protocol "
table_iterator_reset(tx->request_headers);
table_iterator_next(tx->request_headers, (void **) & h);
- if (http_state->connp == NULL || tx->request_method_number != M_GET ||
+ if (tx->request_method_number != M_GET ||
h == NULL || tx->request_protocol_number != HTTP_1_1)
{
printf("expected method M_GET and got %s: , expected protocol "
AppLayerDuplicateAppLayerProbingParserElement(AppLayerProbingParserElement *pe)
{
AppLayerProbingParserElement *new_pe = SCMalloc(sizeof(AppLayerProbingParserElement));
- if (pe == NULL) {
+ if (new_pe == NULL) {
return NULL;
}
ConfNode *child;
TAILQ_FOREACH(child, &base->head, next) {
- if (!strncmp(child->val, key, sizeof(child->val))) {
+ if (!strncmp(child->val, key, strlen(child->val))) {
ConfNode *subchild;
TAILQ_FOREACH(subchild, &child->head, next) {
if ((!strcmp(subchild->name, key)) && (!strcmp(subchild->val, value))) {
return 0;
if (ConfGetInt(name, &val) != 1)
return 0;
- return 1;
+
if (val != 0)
return 0;
ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
} else {
/* parse IP header plus 64 bytes */
- if (len >= ICMPV4_HEADER_PKT_OFFSET) {
+ if (len > ICMPV4_HEADER_PKT_OFFSET) {
DecodePartialIPV4( p, (uint8_t *)(pkt + ICMPV4_HEADER_PKT_OFFSET), len - ICMPV4_HEADER_PKT_OFFSET );
/* ICMP ICMP_DEST_UNREACH influence TCP/UDP flows */
ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
} else {
// parse IP header plus 64 bytes
- if (len >= ICMPV4_HEADER_PKT_OFFSET)
+ if (len > ICMPV4_HEADER_PKT_OFFSET)
DecodePartialIPV4( p, (uint8_t*) (pkt + ICMPV4_HEADER_PKT_OFFSET), len - ICMPV4_HEADER_PKT_OFFSET );
}
break;
ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
} else {
// parse IP header plus 64 bytes
- if (len >= ICMPV4_HEADER_PKT_OFFSET)
+ if (len > ICMPV4_HEADER_PKT_OFFSET)
DecodePartialIPV4( p, (uint8_t*) (pkt + ICMPV4_HEADER_PKT_OFFSET), len - ICMPV4_HEADER_PKT_OFFSET );
}
break;
ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
} else {
// parse IP header plus 64 bytes
- if (len >= ICMPV4_HEADER_PKT_OFFSET)
+ if (len > ICMPV4_HEADER_PKT_OFFSET)
DecodePartialIPV4( p, (uint8_t*) (pkt + ICMPV4_HEADER_PKT_OFFSET), len - ICMPV4_HEADER_PKT_OFFSET );
}
break;
p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");;
p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");;
- ip4h.ip_src.s_addr = p->src.addr_data32[0];
- ip4h.ip_dst.s_addr = p->dst.addr_data32[0];
+ ip4h.s_ip_src.s_addr = p->src.addr_data32[0];
+ ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0];
p->ip4h = &ip4h;
DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL);
p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");;
p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");;
- ip4h.ip_src.s_addr = p->src.addr_data32[0];
- ip4h.ip_dst.s_addr = p->dst.addr_data32[0];
+ ip4h.s_ip_src.s_addr = p->src.addr_data32[0];
+ ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0];
p->ip4h = &ip4h;
DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL);
p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");;
p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");;
- ip4h.ip_src.s_addr = p->src.addr_data32[0];
- ip4h.ip_dst.s_addr = p->dst.addr_data32[0];
+ ip4h.s_ip_src.s_addr = p->src.addr_data32[0];
+ ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0];
p->ip4h = &ip4h;
DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL);
p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");;
p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");;
- ip4h.ip_src.s_addr = p->src.addr_data32[0];
- ip4h.ip_dst.s_addr = p->dst.addr_data32[0];
+ ip4h.s_ip_src.s_addr = p->src.addr_data32[0];
+ ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0];
p->ip4h = &ip4h;
DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL);
p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");;
p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");;
- ip4h.ip_src.s_addr = p->src.addr_data32[0];
- ip4h.ip_dst.s_addr = p->dst.addr_data32[0];
+ ip4h.s_ip_src.s_addr = p->src.addr_data32[0];
+ ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0];
p->ip4h = &ip4h;
DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL);
p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");;
p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");;
- ip4h.ip_src.s_addr = p->src.addr_data32[0];
- ip4h.ip_dst.s_addr = p->dst.addr_data32[0];
+ ip4h.s_ip_src.s_addr = p->src.addr_data32[0];
+ ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0];
p->ip4h = &ip4h;
DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL);
p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");;
p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");;
- ip4h.ip_src.s_addr = p->src.addr_data32[0];
- ip4h.ip_dst.s_addr = p->dst.addr_data32[0];
+ ip4h.s_ip_src.s_addr = p->src.addr_data32[0];
+ ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0];
p->ip4h = &ip4h;
DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL);
p->icmpv6vars.emb_ipv6h = icmp6_ip6h;
/** Get the IP6 address */
- p->icmpv6vars.emb_ip6_src[0] = icmp6_ip6h->ip6_src[0];
- p->icmpv6vars.emb_ip6_src[1] = icmp6_ip6h->ip6_src[1];
- p->icmpv6vars.emb_ip6_src[2] = icmp6_ip6h->ip6_src[2];
- p->icmpv6vars.emb_ip6_src[3] = icmp6_ip6h->ip6_src[3];
-
- p->icmpv6vars.emb_ip6_dst[0] = icmp6_ip6h->ip6_dst[0];
- p->icmpv6vars.emb_ip6_dst[1] = icmp6_ip6h->ip6_dst[1];
- p->icmpv6vars.emb_ip6_dst[2] = icmp6_ip6h->ip6_dst[2];
- p->icmpv6vars.emb_ip6_dst[3] = icmp6_ip6h->ip6_dst[3];
+ p->icmpv6vars.emb_ip6_src[0] = icmp6_ip6h->s_ip6_src[0];
+ p->icmpv6vars.emb_ip6_src[1] = icmp6_ip6h->s_ip6_src[1];
+ p->icmpv6vars.emb_ip6_src[2] = icmp6_ip6h->s_ip6_src[2];
+ p->icmpv6vars.emb_ip6_src[3] = icmp6_ip6h->s_ip6_src[3];
+
+ p->icmpv6vars.emb_ip6_dst[0] = icmp6_ip6h->s_ip6_dst[0];
+ p->icmpv6vars.emb_ip6_dst[1] = icmp6_ip6h->s_ip6_dst[1];
+ p->icmpv6vars.emb_ip6_dst[2] = icmp6_ip6h->s_ip6_dst[2];
+ p->icmpv6vars.emb_ip6_dst[3] = icmp6_ip6h->s_ip6_dst[3];
/** Get protocol and ports inside the embedded ipv6 packet and set the pointers */
p->icmpv6vars.emb_ip6_proto_next = icmp6_ip6h->s_ip6_nxt;
uint8_t ip_ttl; /**< time to live */
uint8_t ip_proto; /**< protocol (tcp, udp, etc) */
uint16_t ip_csum; /**< checksum */
- struct in_addr ip_src;/**< source address */
- struct in_addr ip_dst;/**< destination address */
+ union {
+ struct {
+ struct in_addr ip_src;/**< source address */
+ struct in_addr ip_dst;/**< destination address */
+ } ip4_un1;
+ uint16_t ip_addrs[4];
+ } ip4_hdrun1;
} IPV4Hdr;
+
+#define s_ip_src ip4_hdrun1.ip4_un1.ip_src
+#define s_ip_dst ip4_hdrun1.ip4_un1.ip_dst
+#define s_ip_addrs ip4_hdrun1.ip_addrs
+
#define IPV4_GET_RAW_VER(ip4h) (((ip4h)->ip_verhl & 0xf0) >> 4)
#define IPV4_GET_RAW_HLEN(ip4h) ((ip4h)->ip_verhl & 0x0f)
#define IPV4_GET_RAW_IPTOS(ip4h) ((ip4h)->ip_tos)
#define IPV4_GET_RAW_IPOFFSET(ip4h) ((ip4h)->ip_off)
#define IPV4_GET_RAW_IPTTL(ip4h) ((ip4h)->ip_ttl)
#define IPV4_GET_RAW_IPPROTO(ip4h) ((ip4h)->ip_proto)
-#define IPV4_GET_RAW_IPSRC(ip4h) ((ip4h)->ip_src)
-#define IPV4_GET_RAW_IPDST(ip4h) ((ip4h)->ip_dst)
+#define IPV4_GET_RAW_IPSRC(ip4h) ((ip4h)->s_ip_src)
+#define IPV4_GET_RAW_IPDST(ip4h) ((ip4h)->s_ip_dst)
/** return the raw (directly from the header) src ip as uint32_t */
-#define IPV4_GET_RAW_IPSRC_U32(ip4h) (uint32_t)((ip4h)->ip_src.s_addr)
+#define IPV4_GET_RAW_IPSRC_U32(ip4h) (uint32_t)((ip4h)->s_ip_src.s_addr)
/** return the raw (directly from the header) dst ip as uint32_t */
-#define IPV4_GET_RAW_IPDST_U32(ip4h) (uint32_t)((ip4h)->ip_dst.s_addr)
+#define IPV4_GET_RAW_IPDST_U32(ip4h) (uint32_t)((ip4h)->s_ip_dst.s_addr)
/* we need to change them as well as get them */
#define IPV4_SET_RAW_VER(ip4h, value) ((ip4h)->ip_verhl = (((ip4h)->ip_verhl & 0x0f) | (value << 4)))
uint8_t ip6_un2_vfc; /* 4 bits version, top 4 bits class */
} ip6_hdrun;
- uint32_t ip6_src[4];
- uint32_t ip6_dst[4];
+ union {
+ struct {
+ uint32_t ip6_src[4];
+ uint32_t ip6_dst[4];
+ } ip6_un2;
+ uint16_t ip6_addrs[16];
+ } ip6_hdrun2;
} IPV6Hdr;
-#define s_ip6_vfc ip6_hdrun.ip6_un2_vfc
-#define s_ip6_flow ip6_hdrun.ip6_un1.ip6_un1_flow
-#define s_ip6_plen ip6_hdrun.ip6_un1.ip6_un1_plen
-#define s_ip6_nxt ip6_hdrun.ip6_un1.ip6_un1_nxt
-#define s_ip6_hlim ip6_hdrun.ip6_un1.ip6_un1_hlim
+#define s_ip6_src ip6_hdrun2.ip6_un2.ip6_src
+#define s_ip6_dst ip6_hdrun2.ip6_un2.ip6_dst
+#define s_ip6_addrs ip6_hdrun2.ip6_addrs
+
+#define s_ip6_vfc ip6_hdrun.ip6_un2_vfc
+#define s_ip6_flow ip6_hdrun.ip6_un1.ip6_un1_flow
+#define s_ip6_plen ip6_hdrun.ip6_un1.ip6_un1_plen
+#define s_ip6_nxt ip6_hdrun.ip6_un1.ip6_un1_nxt
+#define s_ip6_hlim ip6_hdrun.ip6_un1.ip6_un1_hlim
-#define IPV6_GET_RAW_VER(ip6h) (((ip6h)->s_ip6_vfc & 0xf0) >> 4)
-#define IPV6_GET_RAW_CLASS(ip6h) ((ntohl((ip6h)->s_ip6_flow) & 0x0FF00000) >> 20)
-#define IPV6_GET_RAW_FLOW(ip6h) (ntohl((ip6h)->s_ip6_flow) & 0x000FFFFF)
-#define IPV6_GET_RAW_NH(ip6h) ((ip6h)->s_ip6_nxt)
-#define IPV6_GET_RAW_PLEN(ip6h) (ntohs((ip6h)->s_ip6_plen))
-#define IPV6_GET_RAW_HLIM(ip6h) ((ip6h)->s_ip6_hlim)
+#define IPV6_GET_RAW_VER(ip6h) (((ip6h)->s_ip6_vfc & 0xf0) >> 4)
+#define IPV6_GET_RAW_CLASS(ip6h) ((ntohl((ip6h)->s_ip6_flow) & 0x0FF00000) >> 20)
+#define IPV6_GET_RAW_FLOW(ip6h) (ntohl((ip6h)->s_ip6_flow) & 0x000FFFFF)
+#define IPV6_GET_RAW_NH(ip6h) ((ip6h)->s_ip6_nxt)
+#define IPV6_GET_RAW_PLEN(ip6h) (ntohs((ip6h)->s_ip6_plen))
+#define IPV6_GET_RAW_HLIM(ip6h) ((ip6h)->s_ip6_hlim)
-#define IPV6_SET_RAW_VER(ip6h, value) ((ip6h)->s_ip6_vfc = (((ip6h)->s_ip6_vfc & 0x0f) | (value << 4)))
-#define IPV6_SET_RAW_NH(ip6h, value) ((ip6h)->s_ip6_nxt = (value))
+#define IPV6_SET_RAW_VER(ip6h, value) ((ip6h)->s_ip6_vfc = (((ip6h)->s_ip6_vfc & 0x0f) | (value << 4)))
+#define IPV6_SET_RAW_NH(ip6h, value) ((ip6h)->s_ip6_nxt = (value))
-#define IPV6_SET_L4PROTO(p,proto) (p)->ip6vars.l4proto = proto
+#define IPV6_SET_L4PROTO(p,proto) (p)->ip6vars.l4proto = proto
/* ONLY call these functions after making sure that:
* 1. p->ip6h is set
* prevent using memset. */
#define SET_IPV4_SRC_ADDR(p, a) do { \
(a)->family = AF_INET; \
- (a)->addr_data32[0] = (uint32_t)(p)->ip4h->ip_src.s_addr; \
+ (a)->addr_data32[0] = (uint32_t)(p)->ip4h->s_ip_src.s_addr; \
(a)->addr_data32[1] = 0; \
(a)->addr_data32[2] = 0; \
(a)->addr_data32[3] = 0; \
#define SET_IPV4_DST_ADDR(p, a) do { \
(a)->family = AF_INET; \
- (a)->addr_data32[0] = (uint32_t)(p)->ip4h->ip_dst.s_addr; \
+ (a)->addr_data32[0] = (uint32_t)(p)->ip4h->s_ip_dst.s_addr; \
(a)->addr_data32[1] = 0; \
(a)->addr_data32[2] = 0; \
(a)->addr_data32[3] = 0; \
/* Set the IPv6 addressesinto the Addrs of the Packet.
* Make sure p->ip6h is initialized and validated. */
-#define SET_IPV6_SRC_ADDR(p, a) do { \
- (a)->family = AF_INET6; \
- (a)->addr_data32[0] = (p)->ip6h->ip6_src[0]; \
- (a)->addr_data32[1] = (p)->ip6h->ip6_src[1]; \
- (a)->addr_data32[2] = (p)->ip6h->ip6_src[2]; \
- (a)->addr_data32[3] = (p)->ip6h->ip6_src[3]; \
+#define SET_IPV6_SRC_ADDR(p, a) do { \
+ (a)->family = AF_INET6; \
+ (a)->addr_data32[0] = (p)->ip6h->s_ip6_src[0]; \
+ (a)->addr_data32[1] = (p)->ip6h->s_ip6_src[1]; \
+ (a)->addr_data32[2] = (p)->ip6h->s_ip6_src[2]; \
+ (a)->addr_data32[3] = (p)->ip6h->s_ip6_src[3]; \
} while (0)
-#define SET_IPV6_DST_ADDR(p, a) do { \
- (a)->family = AF_INET6; \
- (a)->addr_data32[0] = (p)->ip6h->ip6_dst[0]; \
- (a)->addr_data32[1] = (p)->ip6h->ip6_dst[1]; \
- (a)->addr_data32[2] = (p)->ip6h->ip6_dst[2]; \
- (a)->addr_data32[3] = (p)->ip6h->ip6_dst[3]; \
+#define SET_IPV6_DST_ADDR(p, a) do { \
+ (a)->family = AF_INET6; \
+ (a)->addr_data32[0] = (p)->ip6h->s_ip6_dst[0]; \
+ (a)->addr_data32[1] = (p)->ip6h->s_ip6_dst[1]; \
+ (a)->addr_data32[2] = (p)->ip6h->s_ip6_dst[2]; \
+ (a)->addr_data32[3] = (p)->ip6h->s_ip6_dst[3]; \
} while (0)
/* Set the TCP ports into the Ports of the Packet.
remove_tracker:
/* Remove the frag tracker. */
SCMutexLock(&dc->frag_table_lock);
- HashListTableRemove(dc->frag_table, tracker, sizeof(*tracker));
+ HashListTableRemove(dc->frag_table, tracker, HASHLIST_NO_SIZE);
SCMutexUnlock(&dc->frag_table_lock);
DefragTrackerReset(tracker);
SCMutexLock(&dc->tracker_pool_lock);
remove_tracker:
/* Remove the frag tracker. */
SCMutexLock(&dc->frag_table_lock);
- HashListTableRemove(dc->frag_table, tracker, sizeof(*tracker));
+ HashListTableRemove(dc->frag_table, tracker, HASHLIST_NO_SIZE);
SCMutexUnlock(&dc->frag_table_lock);
DefragTrackerReset(tracker);
SCMutexLock(&dc->tracker_pool_lock);
if (tracker->timeout < (unsigned int)p->ts.tv_sec) {
/* Tracker has timeout out. */
- HashListTableRemove(dc->frag_table, tracker, sizeof(tracker));
+ HashListTableRemove(dc->frag_table, tracker, HASHLIST_NO_SIZE);
DefragTrackerReset(tracker);
PoolReturn(dc->tracker_pool, tracker);
if (tv != NULL && dtv != NULL) {
tracker->dst_addr = lookup_key->dst_addr;
tracker->policy = DefragGetOsPolicy(p);
- if (HashListTableAdd(dc->frag_table, tracker, sizeof(*tracker)) != 0) {
+ if (HashListTableAdd(dc->frag_table, tracker, HASHLIST_NO_SIZE) != 0) {
/* Failed to add new tracker. */
SCLogError(SC_ERR_MEM_ALLOC,
"Defrag: Failed to add new tracker to hash table.");
ip4h.ip_ttl = ttl;
ip4h.ip_proto = IPPROTO_ICMP;
- ip4h.ip_src.s_addr = 0x01010101; /* 1.1.1.1 */
- ip4h.ip_dst.s_addr = 0x02020202; /* 2.2.2.2 */
+ ip4h.s_ip_src.s_addr = 0x01010101; /* 1.1.1.1 */
+ ip4h.s_ip_dst.s_addr = 0x02020202; /* 2.2.2.2 */
/* copy content_len crap, we need full length */
PacketCopyData(p, (uint8_t *)&ip4h, sizeof(ip4h) + content_len);
ip6h.s_ip6_hlim = 2;
/* Source and dest address - very bogus addresses. */
- ip6h.ip6_src[0] = 0x01010101;
- ip6h.ip6_src[1] = 0x01010101;
- ip6h.ip6_src[2] = 0x01010101;
- ip6h.ip6_src[3] = 0x01010101;
- ip6h.ip6_dst[0] = 0x02020202;
- ip6h.ip6_dst[1] = 0x02020202;
- ip6h.ip6_dst[2] = 0x02020202;
- ip6h.ip6_dst[3] = 0x02020202;
+ ip6h.s_ip6_src[0] = 0x01010101;
+ ip6h.s_ip6_src[1] = 0x01010101;
+ ip6h.s_ip6_src[2] = 0x01010101;
+ ip6h.s_ip6_src[3] = 0x01010101;
+ ip6h.s_ip6_dst[0] = 0x02020202;
+ ip6h.s_ip6_dst[1] = 0x02020202;
+ ip6h.s_ip6_dst[2] = 0x02020202;
+ ip6h.s_ip6_dst[3] = 0x02020202;
/* copy content_len crap, we need full length */
PacketCopyData(p, (uint8_t *)&ip6h, sizeof(IPV6Hdr) + sizeof(IPV6FragHdr) + content_len);
return MpmPatternIdStoreGetMaxId(de_ctx->mpm_pattern_id_store);
}
-int DetectContentDataParse(char *contentstr, char** pstr, uint16_t *plen, int *flags)
+int DetectContentDataParse(char *keyword, char *contentstr, char** pstr, uint16_t *plen, int *flags)
{
char *str = NULL;
- char *temp = NULL;
uint16_t len;
uint16_t pos = 0;
uint16_t slen = 0;
- if ((temp = SCStrdup(contentstr)) == NULL) {
- SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory. Exiting...");
- exit(EXIT_FAILURE);
- }
-
- if (strlen(temp) == 0) {
- SCFree(temp);
+ slen = strlen(contentstr);
+ if (slen == 0) {
return -1;
}
/* skip the first spaces */
- slen = strlen(temp);
- while (pos < slen && isspace(temp[pos])) {
+ while (pos < slen && isspace(contentstr[pos]))
pos++;
- };
- if (temp[pos] == '!') {
- SCFree(temp);
- if ((temp = SCStrdup(contentstr + pos + 1)) == NULL) {
- SCLogError(SC_ERR_MEM_ALLOC, "error allocating memory. exiting...");
- exit(EXIT_FAILURE);
- }
-
- pos = 0;
+ if (contentstr[pos] == '!') {
*flags = DETECT_CONTENT_NEGATED;
+ pos++;
} else
*flags = 0;
- if (temp[pos] == '\"' && strlen(temp + pos) == 1)
+ if (contentstr[pos] == '\"' && ((slen - pos) <= 1))
goto error;
- if (temp[pos] == '\"' && temp[pos + strlen(temp + pos) - 1] == '\"') {
- if ((str = SCStrdup(temp + pos + 1)) == NULL) {
- SCLogError(SC_ERR_MEM_ALLOC, "error allocating memory. exiting...");
- exit(EXIT_FAILURE);
- }
-
- str[strlen(temp) - pos - 2] = '\0';
- } else {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "content keywords's argument "
+ if (!(contentstr[pos] == '\"' && contentstr[slen - 1] == '\"')) {
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "%s keyword arguments "
"should be always enclosed in double quotes. Invalid "
"content keyword passed in this rule - \"%s\"",
- contentstr);
+ keyword, contentstr);
goto error;
}
- if ((str = SCStrdup(temp + pos + 1)) == NULL) {
- SCLogError(SC_ERR_MEM_ALLOC, "error allocating memory. exiting...");
- exit(EXIT_FAILURE);
- }
- str[strlen(temp) - pos - 2] = '\0';
+ if ((str = SCStrdup(contentstr + pos + 1)) == NULL)
+ goto error;
+ str[strlen(str) - 1] = '\0';
- SCFree(temp);
- temp = NULL;
+ len = strlen(str);
+ if (len == 0)
+ goto error;
+
+ SCLogDebug("\"%s\", len %" PRIu32 "", str, len);
len = strlen(str);
if (len == 0)
if (bin_count % 2 != 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid hex code assembly in "
- "content - %s. Invalidating signature", str);
+ "%s - %s. Invalidating signature", keyword, contentstr);
goto error;
}
-#if 0//def DEBUG
- if (SCLogDebugEnabled()) {
- for (i = 0; i < x; i++) {
- if (isprint(str[i])) SCLogDebug("%c", str[i]);
- else SCLogDebug("\\x%02u", str[i]);
- }
- SCLogDebug("");
- }
-#endif
-
if (converted) {
len = x;
}
return 0;
error:
- SCFree(str);
- SCFree(temp);
+ if (str != NULL)
+ SCFree(str);
return -1;
}
/**
int flags;
int ret;
- ret = DetectContentDataParse(contentstr, &str, &len, &flags);
-
+ ret = DetectContentDataParse("content", contentstr, &str, &len, &flags);
if (ret == -1) {
return NULL;
}
- cd = SCMalloc(sizeof(DetectContentData));
+ cd = SCMalloc(sizeof(DetectContentData) + len);
if (cd == NULL) {
SCFree(str);
exit(EXIT_FAILURE);
}
- memset(cd, 0, sizeof(DetectContentData));
+ memset(cd, 0, sizeof(DetectContentData) + len);
if (flags == DETECT_CONTENT_NEGATED)
cd->flags |= DETECT_CONTENT_NEGATED;
- cd->content = SCMalloc(len);
- if (cd->content == NULL) {
- SCFree(str);
- SCFree(cd);
- exit(EXIT_FAILURE);
- }
-
+ cd->content = (uint8_t *)cd + sizeof(DetectContentData);
memcpy(cd->content, str, len);
cd->content_len = len;
if (cd == NULL)
SCReturn;
- if (cd->content != NULL)
- SCFree(cd->content);
-
BoyerMooreCtxDeInit(cd->bm_ctx);
SCFree(cd);
void DetectContentRegister (void);
uint32_t DetectContentMaxId(DetectEngineCtx *);
DetectContentData *DetectContentParse (char *contentstr);
-int DetectContentDataParse(char *contentstr, char** pstr, uint16_t *plen, int *flags);
+int DetectContentDataParse(char *keyword, char *contentstr, char** pstr, uint16_t *plen, int *flags);
DetectContentData *DetectContentParseEncloseQuotes(char *);
void DetectContentPrint(DetectContentData *);
}
if (p->tcpvars.comp_csum == -1)
- p->tcpvars.comp_csum = TCPCalculateChecksum((uint16_t *)&(p->ip4h->ip_src),
+ p->tcpvars.comp_csum = TCPCalculateChecksum(p->ip4h->s_ip_addrs,
(uint16_t *)p->tcph,
(p->payload_len + TCP_GET_HLEN(p)));
}
if (p->tcpvars.comp_csum == -1)
- p->tcpvars.comp_csum = TCPV6CalculateChecksum((uint16_t *)&(p->ip6h->ip6_src),
+ p->tcpvars.comp_csum = TCPV6CalculateChecksum(p->ip6h->s_ip6_addrs,
(uint16_t *)p->tcph,
(p->payload_len + TCP_GET_HLEN(p)));
}
if (p->udpvars.comp_csum == -1)
- p->udpvars.comp_csum = UDPV4CalculateChecksum((uint16_t *)&(p->ip4h->ip_src),
+ p->udpvars.comp_csum = UDPV4CalculateChecksum(p->ip4h->s_ip_addrs,
(uint16_t *)p->udph,
(p->payload_len +
UDP_HEADER_LEN) );
}
if (p->udpvars.comp_csum == -1)
- p->udpvars.comp_csum = UDPV6CalculateChecksum((uint16_t *)&(p->ip6h->ip6_src),
+ p->udpvars.comp_csum = UDPV6CalculateChecksum(p->ip6h->s_ip6_addrs,
(uint16_t *)p->udph,
(p->payload_len +
UDP_HEADER_LEN) );
}
if (p->icmpv6vars.comp_csum == -1)
- p->icmpv6vars.comp_csum = ICMPV6CalculateChecksum((uint16_t *)&(p->ip6h->ip6_src),
+ p->icmpv6vars.comp_csum = ICMPV6CalculateChecksum(p->ip6h->s_ip6_addrs,
(uint16_t *)p->icmpv6h,
IPV6_GET_PLEN(p));
mode = (char *)str_ptr;
SCLogDebug("mode \"%s\"", mode);
- if (ret >= 3) {
- res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, &str_ptr);
+ res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, &str_ptr);
+ if (res < 0) {
+ SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_get_substring failed");
+ goto error;
+ }
+ value1 = (char *)str_ptr;
+ SCLogDebug("value1 \"%s\"", value1);
+
+ if (ret > 3) {
+ res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 3, &str_ptr);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_get_substring failed");
goto error;
}
- value1 = (char *)str_ptr;
- SCLogDebug("value1 \"%s\"", value1);
+ range = (char *)str_ptr;
+ SCLogDebug("range \"%s\"", range);
- if (ret >= 4) {
- res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 3, &str_ptr);
+ if (ret > 4) {
+ res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 4, &str_ptr);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_get_substring failed");
goto error;
}
- range = (char *)str_ptr;
- SCLogDebug("range \"%s\"", range);
-
- if (ret >= 5) {
- res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 4, &str_ptr);
- if (res < 0) {
- SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_get_substring failed");
- goto error;
- }
- value2 = (char *)str_ptr;
- SCLogDebug("value2 \"%s\"", value2);
- }
+ value2 = (char *)str_ptr;
+ SCLogDebug("value2 \"%s\"", value2);
}
}
SCLogDebug("dsize parsed succesfully dsize: %"PRIu16" dsize2: %"PRIu16"",dd->dsize,dd->dsize2);
- if (value1)
- SCFree(value1);
+ SCFree(value1);
+ SCFree(mode);
+
if (value2)
SCFree(value2);
- if (mode)
- SCFree(mode);
if (range)
SCFree(range);
return dd;
sgh->init->sig_size = 0;
}
- if (sgh->init != NULL) {
- SigGroupHeadInitDataFree(sgh->init);
- sgh->init = NULL;
- }
+ SigGroupHeadInitDataFree(sgh->init);
+ sgh->init = NULL;
}
return;
sw->sig = sig;
- if ( (sw->user = SCMalloc(SC_RADIX_USER_DATA_MAX * sizeof(int *))) == NULL)
+ if ( (sw->user = SCMalloc(SC_RADIX_USER_DATA_MAX * sizeof(int *))) == NULL) {
+ SCFree(sw);
return NULL;
+ }
memset(sw->user, 0, SC_RADIX_USER_DATA_MAX * sizeof(int *));
for (i = 0; i < SC_RADIX_USER_DATA_MAX; i++) {
- if ( (sw->user[i] = SCMalloc(sizeof(int))) == NULL)
+ if ( (sw->user[i] = SCMalloc(sizeof(int))) == NULL) {
+ SCFree(sw);
return NULL;
+ }
memset(sw->user[i], 0, sizeof(int));
}
}
end:
- if (flags & STREAM_TOCLIENT)
- f->de_state->flags &= ~DE_STATE_FILE_TC_NEW;
- else
- f->de_state->flags &= ~DE_STATE_FILE_TS_NEW;
+ if (f->de_state != NULL) {
+ if (flags & STREAM_TOCLIENT)
+ f->de_state->flags &= ~DE_STATE_FILE_TC_NEW;
+ else
+ f->de_state->flags &= ~DE_STATE_FILE_TS_NEW;
+ }
SCMutexUnlock(&f->de_state_m);
SCReturnInt(0);
SCFree(new);
} else {
new->header_entry = new_tde;
- }
- /* increment num_tags before adding to prevent a minor race,
- * on setting and checking the first tag */
- SC_ATOMIC_ADD(num_tags, 1);
- if (!(TagHashAdd(tag_ctx, new, p))) {
- SC_ATOMIC_SUB(num_tags, 1);
- SCFree(new_tde);
- SCFree(new);
+ /* increment num_tags before adding to prevent a minor race,
+ * on setting and checking the first tag */
+ SC_ATOMIC_ADD(num_tags, 1);
+ if (!(TagHashAdd(tag_ctx, new, p))) {
+ SC_ATOMIC_SUB(num_tags, 1);
+ SCFree(new_tde);
+ SCFree(new);
+ }
}
} else {
SCLogDebug("Failed to allocate a new session");
SCEnter();
- if (det_ctx->filestore_cnt > DETECT_FILESTORE_MAX) {
+ if (det_ctx->filestore_cnt >= DETECT_FILESTORE_MAX) {
SCReturnInt(1);
}
p->src.addr_data32[0] = 0x01020304;
p->dst.addr_data32[0] = 0x04030201;
- ip4h.ip_src.s_addr = p->src.addr_data32[0];
- ip4h.ip_dst.s_addr = p->dst.addr_data32[0];
+ ip4h.s_ip_src.s_addr = p->src.addr_data32[0];
+ ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0];
ip4h.ip_off = 0x2222;
p->ip4h = &ip4h;
p->src.addr_data32[0] = 0x01020304;
p->dst.addr_data32[0] = 0x04030201;
- ip4h.ip_src.s_addr = p->src.addr_data32[0];
- ip4h.ip_dst.s_addr = p->dst.addr_data32[0];
+ ip4h.s_ip_src.s_addr = p->src.addr_data32[0];
+ ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0];
p->ip4h = &ip4h;
DecodeICMPV4(&th_v, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL);
}
end:
- if (sig != NULL) SigFree(sig);
- if (de_ctx != NULL) DetectEngineCtxFree(de_ctx);
+ if (sig != NULL)
+ SigFree(sig);
+ if (de_ctx != NULL)
+ DetectEngineCtxFree(de_ctx);
return result;
}
int flags;
SigMatch *pm = NULL;
DetectContentData *ud = NULL;
- int ret = DetectContentDataParse(replacestr, &str, &len, &flags);
+ int ret = DetectContentDataParse("replace", replacestr, &str, &len, &flags);
if (ret == -1)
goto error;
{
SCEnter();
+ int ret = 0;
+ uint16_t ver = 0;
+ uint8_t sig_ver = TLS_UNKNOWN;
+
DetectSslVersionData *ssl = (DetectSslVersionData *)m->ctx;
SSLState *app_state = (SSLState *)state;
if (app_state == NULL) {
SCMutexLock(&f->m);
- int ret = 0;
- uint16_t ver = 0;
- uint8_t sig_ver = -1;
if (flags & STREAM_TOCLIENT) {
SCLogDebug("server (toclient) version is 0x%02X",
app_state->server_version);
app_state->client_version);
ver = app_state->client_version;
}
- switch(ver) {
+
+ SCMutexUnlock(&f->m);
+
+ switch (ver) {
case SSL_VERSION_2:
if (ver == ssl->data[SSLv2].ver)
ret = 1;
break;
}
- SCMutexUnlock(&f->m);
+ if (sig_ver == TLS_UNKNOWN)
+ SCReturnInt(0);
SCReturnInt(ret ^ ((ssl->data[sig_ver].flags & DETECT_SSL_VERSION_NEGATED) ? 1 : 0));
}
#define DETECT_SSL_VERSION_NEGATED 0x01
-#define SSLv2 0
-#define SSLv3 1
-#define TLS10 2
-#define TLS11 3
-#define TLS12 4
+enum {
+ SSLv2 = 0,
+ SSLv3 = 1,
+ TLS10 = 2,
+ TLS11 = 3,
+ TLS12 = 4,
+
+ TLS_SIZE = 5,
+ TLS_UNKNOWN = 6,
+};
typedef struct SSLVersionData_ {
uint16_t ver; /** ssl version to match */
uint8_t flags;
-}SSLVersionData;
+} SSLVersionData;
typedef struct DetectSslVersionData_ {
- SSLVersionData data[5];
+ SSLVersionData data[TLS_SIZE];
} DetectSslVersionData;
/* prototypes */
goto error;
}
- if (mode != NULL)
- SCFree(mode);
- if (arg != NULL)
- SCFree(arg);
- if (value != NULL)
- SCFree(value);
+ SCFree(mode);
+ SCFree(arg);
+ SCFree(value);
return sd;
error:
ste = SCMalloc(sizeof(DetectThresholdEntry));
if (ste == NULL)
goto end;
- memset(ste, 0x00, sizeof(ste));
+ memset(ste, 0x00, sizeof(*ste));
if (PKT_IS_IPV4(p))
ste->ipv = 4;
if (cd == NULL)
SCReturn;
- if (cd->content != NULL)
- SCFree(cd->content);
-
BoyerMooreCtxDeInit(cd->bm_ctx);
-
SCFree(cd);
+
SCReturn;
}
* the rule set.
* \param contentstr Pointer to the string which has been defined in the rule
*/
-DetectContentData *DoDetectUricontentSetup (char * contentstr)
+DetectContentData *DoDetectUricontentSetup (char *contentstr)
{
DetectContentData *cd = NULL;
- char *temp = NULL;
char *str = NULL;
- uint16_t len = 0;
- uint16_t pos = 0;
- uint16_t slen = 0;
+ uint16_t len;
+ int flags;
+ int ret;
- if ((temp = SCStrdup(contentstr)) == NULL)
- goto error;
-
- if (strlen(temp) == 0) {
- SCFree(temp);
+ ret = DetectContentDataParse("uricontent", contentstr, &str, &len, &flags);
+ if (ret == -1) {
return NULL;
}
- cd = SCMalloc(sizeof(DetectContentData));
- if (cd == NULL)
- goto error;
- memset(cd,0,sizeof(DetectContentData));
-
- /* skip the first spaces */
- slen = strlen(temp);
- while (pos < slen && isspace(temp[pos])) {
- pos++;
- };
-
- if (temp[pos] == '!') {
- cd->flags |= DETECT_CONTENT_NEGATED;
- pos++;
- }
-
- if (temp[pos] == '\"' && strlen(temp + pos) == 1)
- goto error;
-
- if (temp[pos] == '\"' && temp[pos + strlen(temp + pos) - 1] == '\"') {
- if ((str = SCStrdup(temp + pos + 1)) == NULL)
- goto error;
- str[strlen(temp) - pos - 2] = '\0';
- } else {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "uricontent keywords's argument "
- "should be always enclosed in double quotes. Invalid "
- "content keyword passed in this rule - \"%s\"",
- contentstr);
- goto error;
- }
- str[strlen(temp) - pos - 2] = '\0';
-
- SCFree(temp);
- temp = NULL;
-
- len = strlen(str);
- if (len == 0)
- goto error;
-
- SCLogDebug("\"%s\", len %" PRIu32 "", str, len);
- char converted = 0;
-
- {
- uint8_t escape = 0;
- uint16_t i, x;
- uint8_t bin = 0, binstr[3] = "", binpos = 0;
- uint16_t bin_count = 0;
-
- for (i = 0, x = 0; i < len; i++) {
- SCLogDebug("str[%02u]: %c", i, str[i]);
- if (str[i] == '|') {
- bin_count++;
- if (bin) {
- bin = 0;
- } else {
- bin = 1;
- }
- } else if(!escape && str[i] == '\\') {
- escape = 1;
- } else {
- if (bin) {
- if (isdigit(str[i]) ||
- str[i] == 'A' || str[i] == 'a' ||
- str[i] == 'B' || str[i] == 'b' ||
- str[i] == 'C' || str[i] == 'c' ||
- str[i] == 'D' || str[i] == 'd' ||
- str[i] == 'E' || str[i] == 'e' ||
- str[i] == 'F' || str[i] == 'f') {
- SCLogDebug("part of binary: %c", str[i]);
-
- binstr[binpos] = (char)str[i];
- binpos++;
-
- if (binpos == 2) {
- uint8_t c = strtol((char *)binstr, (char **) NULL,
- 16) & 0xFF;
- binpos = 0;
- str[x] = c;
- x++;
- converted = 1;
- }
- } else if (str[i] == ' ') {
- SCLogDebug("space as part of binary string");
- }
- } else if (escape) {
- if (str[i] == ':' ||
- str[i] == ';' ||
- str[i] == '\\' ||
- str[i] == '\"')
- {
- str[x] = str[i];
- x++;
- } else {
- //SCLogDebug("Can't escape %c", str[i]);
- goto error;
- }
- escape = 0;
- converted = 1;
- } else {
- str[x] = str[i];
- x++;
- }
- }
- }
-
- if (bin_count % 2 != 0) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid hex code assembly in "
- "content - %s. Invalidating signature", str);
- goto error;
- }
-
-#ifdef DEBUG
- if (SCLogDebugEnabled()) {
- char *prstr = SCMalloc(3 * x);
- char onechar[3];
- memset(prstr, 0, 3 * x);
- if (prstr != NULL) {
- for (i = 0; i < x; i++) {
- if (isprint(str[i]))
- snprintf(onechar, 3, "%c", str[i]);
- else
- snprintf(onechar, 3, "\\x%02u", str[i]);
- strlcat(prstr, onechar, 3 * x);
- }
- SCLogDebug("\"%s\"", prstr);
- SCFree(prstr);
- }
- }
-#endif
-
- if (converted)
- len = x;
+ cd = SCMalloc(sizeof(DetectContentData) + len);
+ if (cd == NULL) {
+ SCFree(str);
+ exit(EXIT_FAILURE);
}
- SCLogDebug("len %" PRIu32 "", len);
+ memset(cd, 0, sizeof(DetectContentData) + len);
- cd->content = SCMalloc(len);
- if (cd->content == NULL) {
- SCFree(cd);
- SCFree(str);
- return NULL;;
- }
+ if (flags == DETECT_CONTENT_NEGATED)
+ cd->flags |= DETECT_CONTENT_NEGATED;
+ cd->content = (uint8_t *)cd + sizeof(DetectContentData);
memcpy(cd->content, str, len);
cd->content_len = len;
+
+ /* Prepare Boyer Moore context for searching faster */
+ cd->bm_ctx = BoyerMooreCtxInit(cd->content, cd->content_len);
cd->depth = 0;
cd->offset = 0;
cd->within = 0;
cd->distance = 0;
- /* Prepare Boyer Moore context for searching faster */
- cd->bm_ctx = BoyerMooreCtxInit(cd->content, cd->content_len);
-
SCFree(str);
return cd;
-
-error:
- SCFree(str);
- if (cd) SCFree(cd);
- return NULL;
}
/**
DetectContentData *cd = NULL;
SigMatch *sm = NULL;
- if (s->alproto == ALPROTO_DCERPC) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "uri content specified in a dcerpc sig");
+ if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) {
+ SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting"
+ " keywords.");
goto error;
}
/* Flagged the signature as to inspect the app layer data */
s->flags |= SIG_FLAG_APPLAYER;
- if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) {
- SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting"
- " keywords.");
- goto error;
- }
-
s->alproto = ALPROTO_HTTP;
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_UMATCH);
SCReturnInt(0);
error:
- if (cd) SCFree(cd);
- if (sm != NULL) SCFree(sm);
+ if (cd != NULL)
+ SCFree(cd);
+ if (sm != NULL)
+ SCFree(sm);
SCReturnInt(-1);
}
htp_tx_t *tx = list_get(htp_state->connp->conn->transactions, 0);
- if (htp_state->connp == NULL || tx->request_method_number != M_GET ||
+ if (tx->request_method_number != M_GET ||
tx->request_protocol_number != HTTP_1_1)
{
printf("expected method GET and got %s: , expected protocol "
htp_tx_t *tx = list_get(htp_state->connp->conn->transactions, 0);
- if (htp_state->connp == NULL || tx->request_method_number != M_GET ||
+ if (tx->request_method_number != M_GET ||
tx->request_protocol_number != HTTP_1_1)
{
printf("expected method GET and got %s: , expected protocol "
htp_tx_t *tx = list_get(htp_state->connp->conn->transactions, 0);
- if (htp_state->connp == NULL || tx->request_method_number != M_UNKNOWN ||
+ if (tx->request_method_number != M_UNKNOWN ||
tx->request_protocol_number != HTTP_1_1)
{
printf("expected method GET and got %s: , expected protocol "
htp_tx_t *tx = list_get(htp_state->connp->conn->transactions, 0);
- if (htp_state->connp == NULL || tx->request_method_number != M_GET ||
+ if (tx->request_method_number != M_GET ||
tx->request_protocol_number != HTTP_1_1)
{
printf("expected method GET and got %s: , expected protocol "
*/
static int DetectUriSigTest04(void) {
int result = 0;
- DetectEngineCtx *de_ctx = DetectEngineCtxInit();
Signature *s = NULL;
+ DetectEngineCtx *de_ctx = DetectEngineCtxInit();
+ if (de_ctx == NULL) {
+ goto end;
+ }
+
s = SigInit(de_ctx,"alert tcp any any -> any any (msg:"
"\" Test uricontent\"; "
"uricontent:\"foo\"; sid:1;)");
result = 1;
end:
- if (de_ctx != NULL) SigCleanSignatures(de_ctx);
- if (de_ctx != NULL) SigGroupCleanup(de_ctx);
+ if (de_ctx != NULL)
+ DetectEngineCtxFree(de_ctx);
return result;
}
if (de_ctx != NULL) SigGroupCleanup(de_ctx);
if (de_ctx != NULL) SigCleanSignatures(de_ctx);
if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&th_v, det_ctx);
- if (de_ctx != NULL) DetectEngineCtxFree(de_ctx);
+ if (de_ctx != NULL)
+ DetectEngineCtxFree(de_ctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
return result;
}
+/**
+ * \test Parsing test
+ */
+int DetectUriContentParseTest24(void)
+{
+ DetectEngineCtx *de_ctx = NULL;
+ int result = 1;
+
+ de_ctx = DetectEngineCtxInit();
+ if (de_ctx == NULL)
+ goto end;
+
+ de_ctx->flags |= DE_QUIET;
+ de_ctx->sig_list = SigInit(de_ctx,
+ "alert tcp any any -> any any "
+ "(msg:\"test\"; uricontent:\"\"; sid:1;)");
+ if (de_ctx->sig_list != NULL) {
+ result = 0;
+ goto end;
+ }
+
+ end:
+ SigGroupCleanup(de_ctx);
+ SigCleanSignatures(de_ctx);
+ DetectEngineCtxFree(de_ctx);
+
+ return result;
+}
+
int DetectUricontentSigTest08(void)
{
DetectEngineCtx *de_ctx = NULL;
UtRegisterTest("DetectUriContentParseTest21", DetectUriContentParseTest21, 1);
UtRegisterTest("DetectUriContentParseTest22", DetectUriContentParseTest22, 1);
UtRegisterTest("DetectUriContentParseTest23", DetectUriContentParseTest23, 1);
+ UtRegisterTest("DetectUriContentParseTest24", DetectUriContentParseTest24, 1);
+
UtRegisterTest("DetectUricontentSigTest08", DetectUricontentSigTest08, 1);
UtRegisterTest("DetectUricontentSigTest09", DetectUricontentSigTest09, 1);
UtRegisterTest("DetectUricontentSigTest10", DetectUricontentSigTest10, 1);
p->ip4h->ip_proto = IPPROTO_TCP;
//p->ip4h->ip_csum =
if (direction == 0) {
- p->ip4h->ip_src.s_addr = f->src.addr_data32[0];
- p->ip4h->ip_dst.s_addr = f->dst.addr_data32[0];
+ p->ip4h->s_ip_src.s_addr = f->src.addr_data32[0];
+ p->ip4h->s_ip_dst.s_addr = f->dst.addr_data32[0];
} else {
- p->ip4h->ip_src.s_addr = f->dst.addr_data32[0];
- p->ip4h->ip_dst.s_addr = f->src.addr_data32[0];
+ p->ip4h->s_ip_src.s_addr = f->dst.addr_data32[0];
+ p->ip4h->s_ip_dst.s_addr = f->src.addr_data32[0];
}
/* set the tcp header */
p->ip6h->s_ip6_plen = htons(20);
p->ip6h->s_ip6_hlim = 64;
if (direction == 0) {
- p->ip6h->ip6_src[0] = f->src.addr_data32[0];
- p->ip6h->ip6_src[1] = f->src.addr_data32[1];
- p->ip6h->ip6_src[2] = f->src.addr_data32[2];
- p->ip6h->ip6_src[3] = f->src.addr_data32[3];
- p->ip6h->ip6_dst[0] = f->dst.addr_data32[0];
- p->ip6h->ip6_dst[1] = f->dst.addr_data32[1];
- p->ip6h->ip6_dst[2] = f->dst.addr_data32[2];
- p->ip6h->ip6_dst[3] = f->dst.addr_data32[3];
+ p->ip6h->s_ip6_src[0] = f->src.addr_data32[0];
+ p->ip6h->s_ip6_src[1] = f->src.addr_data32[1];
+ p->ip6h->s_ip6_src[2] = f->src.addr_data32[2];
+ p->ip6h->s_ip6_src[3] = f->src.addr_data32[3];
+ p->ip6h->s_ip6_dst[0] = f->dst.addr_data32[0];
+ p->ip6h->s_ip6_dst[1] = f->dst.addr_data32[1];
+ p->ip6h->s_ip6_dst[2] = f->dst.addr_data32[2];
+ p->ip6h->s_ip6_dst[3] = f->dst.addr_data32[3];
} else {
- p->ip6h->ip6_src[0] = f->dst.addr_data32[0];
- p->ip6h->ip6_src[1] = f->dst.addr_data32[1];
- p->ip6h->ip6_src[2] = f->dst.addr_data32[2];
- p->ip6h->ip6_src[3] = f->dst.addr_data32[3];
- p->ip6h->ip6_dst[0] = f->src.addr_data32[0];
- p->ip6h->ip6_dst[1] = f->src.addr_data32[1];
- p->ip6h->ip6_dst[2] = f->src.addr_data32[2];
- p->ip6h->ip6_dst[3] = f->src.addr_data32[3];
+ p->ip6h->s_ip6_src[0] = f->dst.addr_data32[0];
+ p->ip6h->s_ip6_src[1] = f->dst.addr_data32[1];
+ p->ip6h->s_ip6_src[2] = f->dst.addr_data32[2];
+ p->ip6h->s_ip6_src[3] = f->dst.addr_data32[3];
+ p->ip6h->s_ip6_dst[0] = f->src.addr_data32[0];
+ p->ip6h->s_ip6_dst[1] = f->src.addr_data32[1];
+ p->ip6h->s_ip6_dst[2] = f->src.addr_data32[2];
+ p->ip6h->s_ip6_dst[3] = f->src.addr_data32[3];
}
/* set the tcp header */
}
if (FLOW_IS_IPV4(f)) {
- p->tcph->th_sum = TCPCalculateChecksum((uint16_t *)&(p->ip4h->ip_src),
+ p->tcph->th_sum = TCPCalculateChecksum(p->ip4h->s_ip_addrs,
(uint16_t *)p->tcph, 20);
} else if (FLOW_IS_IPV6(f)) {
- p->tcph->th_sum = TCPCalculateChecksum((uint16_t *)&(p->ip6h->ip6_src),
+ p->tcph->th_sum = TCPCalculateChecksum(p->ip6h->s_ip6_addrs,
(uint16_t *)p->tcph, 20);
}
* We set the rest of the struct to 0 so we can
* prevent using memset. */
#define FLOW_SET_IPV4_SRC_ADDR_FROM_PACKET(p, a) do { \
- (a)->addr_data32[0] = (uint32_t)(p)->ip4h->ip_src.s_addr; \
+ (a)->addr_data32[0] = (uint32_t)(p)->ip4h->s_ip_src.s_addr; \
(a)->addr_data32[1] = 0; \
(a)->addr_data32[2] = 0; \
(a)->addr_data32[3] = 0; \
} while (0)
#define FLOW_SET_IPV4_DST_ADDR_FROM_PACKET(p, a) do { \
- (a)->addr_data32[0] = (uint32_t)(p)->ip4h->ip_dst.s_addr; \
+ (a)->addr_data32[0] = (uint32_t)(p)->ip4h->s_ip_dst.s_addr; \
(a)->addr_data32[1] = 0; \
(a)->addr_data32[2] = 0; \
(a)->addr_data32[3] = 0; \
/* Set the IPv6 addressesinto the Addrs of the Packet.
* Make sure p->ip6h is initialized and validated. */
#define FLOW_SET_IPV6_SRC_ADDR_FROM_PACKET(p, a) do { \
- (a)->addr_data32[0] = (p)->ip6h->ip6_src[0]; \
- (a)->addr_data32[1] = (p)->ip6h->ip6_src[1]; \
- (a)->addr_data32[2] = (p)->ip6h->ip6_src[2]; \
- (a)->addr_data32[3] = (p)->ip6h->ip6_src[3]; \
+ (a)->addr_data32[0] = (p)->ip6h->s_ip6_src[0]; \
+ (a)->addr_data32[1] = (p)->ip6h->s_ip6_src[1]; \
+ (a)->addr_data32[2] = (p)->ip6h->s_ip6_src[2]; \
+ (a)->addr_data32[3] = (p)->ip6h->s_ip6_src[3]; \
} while (0)
#define FLOW_SET_IPV6_DST_ADDR_FROM_PACKET(p, a) do { \
- (a)->addr_data32[0] = (p)->ip6h->ip6_dst[0]; \
- (a)->addr_data32[1] = (p)->ip6h->ip6_dst[1]; \
- (a)->addr_data32[2] = (p)->ip6h->ip6_dst[2]; \
- (a)->addr_data32[3] = (p)->ip6h->ip6_dst[3]; \
+ (a)->addr_data32[0] = (p)->ip6h->s_ip6_dst[0]; \
+ (a)->addr_data32[1] = (p)->ip6h->s_ip6_dst[1]; \
+ (a)->addr_data32[2] = (p)->ip6h->s_ip6_dst[2]; \
+ (a)->addr_data32[3] = (p)->ip6h->s_ip6_dst[3]; \
} while (0)
/* pkt flow flags */
#include "util-logopenfile.h"
#include "app-layer-htp.h"
+#include "util-memcmp.h"
#define MODULE_NAME "LogFileLog"
table_iterator_reset(headers);
while (table_iterator_next(headers, (void **)&h) != NULL) {
- if (strcasecmp("Host", bstr_tocstr(h->name)) == 0) {
+ if (bstr_len(h->name) >= 4 &&
+ SCMemcmpLowercase((uint8_t *)"host", (uint8_t *)bstr_ptr(h->name), bstr_len(h->name)) == 0) {
PrintRawJsonFp(fp, (uint8_t *)bstr_ptr(h->value),
bstr_len(h->value));
return;
table_iterator_reset(headers);
while (table_iterator_next(headers, (void **)&h) != NULL) {
- if (strcasecmp("Referer", bstr_tocstr(h->name)) == 0) {
+ if (bstr_len(h->name) >= 7 &&
+ SCMemcmpLowercase((uint8_t *)"referer", (uint8_t *)bstr_ptr(h->name), bstr_len(h->name)) == 0) {
PrintRawJsonFp(fp, (uint8_t *)bstr_ptr(h->value),
bstr_len(h->value));
return;
#include "util-logopenfile.h"
#include "app-layer-htp.h"
+#include "util-memcmp.h"
#define MODULE_NAME "LogFilestoreLog"
table_iterator_reset(headers);
while (table_iterator_next(headers, (void **)&h) != NULL) {
- if (strcasecmp("Host", bstr_tocstr(h->name)) == 0) {
+ if (bstr_len(h->name) >= 4 &&
+ SCMemcmpLowercase((uint8_t *)"host", (uint8_t *)bstr_ptr(h->name), bstr_len(h->name)) == 0) {
PrintRawUriFp(fp, (uint8_t *)bstr_ptr(h->value),
bstr_len(h->value));
return;
table_iterator_reset(headers);
while (table_iterator_next(headers, (void **)&h) != NULL) {
- if (strcasecmp("Referer", bstr_tocstr(h->name)) == 0) {
+ if (bstr_len(h->name) >= 7 &&
+ SCMemcmpLowercase((uint8_t *)"referer", (uint8_t *)bstr_ptr(h->name), bstr_len(h->name)) == 0) {
PrintRawUriFp(fp, (uint8_t *)bstr_ptr(h->value),
bstr_len(h->value));
return;
LogFileFreeCtx(logfile_ctx);
free(output_ctx);
- if (g_waldo != NULL) {
+ if (strlen(g_waldo) > 0) {
LogFilestoreLogStoreWaldo(g_waldo);
}
}
SCFree(ptv);
pcapconfig->DerefFunc(pcapconfig);
SCReturnInt(TM_ECODE_FAILED);
- ptv->pcap_state = PCAP_STATE_DOWN;
} else {
ptv->pcap_state = PCAP_STATE_UP;
}
rec->re = re;
goto end;
}
-
- le = rec->re;
- //int r = StreamTcpSackInsertRange(stream, rec->re+1, re);
- //SCReturnInt(r);
- continue;
}
SCLogDebug("new range fully overlapped");
if (p->tcpvars.comp_csum == -1) {
if (PKT_IS_IPV4(p)) {
- p->tcpvars.comp_csum = TCPCalculateChecksum((uint16_t *)&(p->ip4h->ip_src),
+ p->tcpvars.comp_csum = TCPCalculateChecksum(p->ip4h->s_ip_addrs,
(uint16_t *)p->tcph,
(p->payload_len +
TCP_GET_HLEN(p)));
} else if (PKT_IS_IPV6(p)) {
- p->tcpvars.comp_csum = TCPV6CalculateChecksum((uint16_t *)&(p->ip6h->ip6_src),
+ p->tcpvars.comp_csum = TCPV6CalculateChecksum(p->ip6h->s_ip6_addrs,
(uint16_t *)p->tcph,
(p->payload_len +
TCP_GET_HLEN(p)));
IPV4_SET_RAW_IPLEN(nipv4h, IPV4_GET_RAW_IPLEN(ipv4h)); \
IPV4_SET_RAW_IPTOS(nipv4h, IPV4_GET_RAW_IPTOS(ipv4h)); \
IPV4_SET_RAW_IPPROTO(nipv4h, IPV4_GET_RAW_IPPROTO(ipv4h)); \
- (nipv4h)->ip_src = IPV4_GET_RAW_IPDST(ipv4h); \
- (nipv4h)->ip_dst = IPV4_GET_RAW_IPSRC(ipv4h); \
+ (nipv4h)->s_ip_src = IPV4_GET_RAW_IPDST(ipv4h); \
+ (nipv4h)->s_ip_dst = IPV4_GET_RAW_IPSRC(ipv4h); \
} while (0)
#define PSEUDO_PKT_SET_IPV6HDR(nipv6h,ipv6h) do { \
- (nipv6h)->ip6_src[0] = (ipv6h)->ip6_dst[0]; \
- (nipv6h)->ip6_src[1] = (ipv6h)->ip6_dst[1]; \
- (nipv6h)->ip6_src[2] = (ipv6h)->ip6_dst[2]; \
- (nipv6h)->ip6_src[3] = (ipv6h)->ip6_dst[3]; \
- (nipv6h)->ip6_dst[0] = (ipv6h)->ip6_src[0]; \
- (nipv6h)->ip6_dst[1] = (ipv6h)->ip6_src[1]; \
- (nipv6h)->ip6_dst[2] = (ipv6h)->ip6_src[2]; \
- (nipv6h)->ip6_dst[3] = (ipv6h)->ip6_src[3]; \
+ (nipv6h)->s_ip6_src[0] = (ipv6h)->s_ip6_dst[0]; \
+ (nipv6h)->s_ip6_src[1] = (ipv6h)->s_ip6_dst[1]; \
+ (nipv6h)->s_ip6_src[2] = (ipv6h)->s_ip6_dst[2]; \
+ (nipv6h)->s_ip6_src[3] = (ipv6h)->s_ip6_dst[3]; \
+ (nipv6h)->s_ip6_dst[0] = (ipv6h)->s_ip6_src[0]; \
+ (nipv6h)->s_ip6_dst[1] = (ipv6h)->s_ip6_src[1]; \
+ (nipv6h)->s_ip6_dst[2] = (ipv6h)->s_ip6_src[2]; \
+ (nipv6h)->s_ip6_dst[3] = (ipv6h)->s_ip6_src[3]; \
IPV6_SET_RAW_NH(nipv6h, IPV6_GET_RAW_NH(ipv6h)); \
} while (0)
signal(sig, handler);
#else
struct sigaction action;
+ memset(&action, 0x00, sizeof(struct sigaction));
action.sa_handler = handler;
sigemptyset(&(action.sa_mask));
SCLogError(SC_ERR_FOPEN, "Failed to stat file %s", filename);
exit(EXIT_FAILURE);
}
- bpf_len=st.st_size + 1;
+ bpf_len = st.st_size + 1;
- bpf_filter = SCMalloc(bpf_len*sizeof(char));
- if(bpf_filter == NULL) {
+ fp = fopen(filename,"r");
+ if (fp == NULL) {
+ SCLogError(SC_ERR_FOPEN, "Failed to open file %s", filename);
+ exit(EXIT_FAILURE);
+ }
+
+ bpf_filter = SCMalloc(bpf_len * sizeof(char));
+ if (bpf_filter == NULL) {
SCLogError(SC_ERR_MEM_ALLOC,
- "Failed to allocate buffer for bpf filter in file %s", filename);
+ "Failed to allocate buffer for bpf filter in file %s", filename);
exit(EXIT_FAILURE);
}
memset(bpf_filter, 0x00, bpf_len);
- fp = fopen(filename,"r");
- if(fp == NULL) {
- SCLogError(SC_ERR_FOPEN, "Failed to open file %s", filename);
- SCFree(bpf_filter);
- exit(EXIT_FAILURE);
- }else {
- nm = fread(bpf_filter, bpf_len - 1, 1, fp);
- if((ferror(fp) != 0)||( nm != 1)) {
- *bpf_filter='\0';
- }
- fclose(fp);
+ nm = fread(bpf_filter, bpf_len - 1, 1, fp);
+ if((ferror(fp) != 0)||( nm != 1)) {
+ *bpf_filter='\0';
}
+ fclose(fp);
if(strlen(bpf_filter) > 0) {
/*replace comments with space*/
int TmThreadGetNbThreads(uint8_t type)
{
- if (type > MAX_CPU_SET) {
+ if (type >= MAX_CPU_SET) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "invalid cpu type family");
return 0;
}
if (PKT_IS_TCP(p)) {
/* TCP */
p->tcph->th_sum = 0;
- p->tcph->th_sum = TCPCalculateChecksum((uint16_t *)&(p->ip4h->ip_src),
+ p->tcph->th_sum = TCPCalculateChecksum(p->ip4h->s_ip_addrs,
(uint16_t *)p->tcph, (p->payload_len + TCP_GET_HLEN(p)));
} else if (PKT_IS_UDP(p)) {
p->udph->uh_sum = 0;
- p->udph->uh_sum = UDPV4CalculateChecksum((uint16_t *)&(p->ip4h->ip_src),
+ p->udph->uh_sum = UDPV4CalculateChecksum(p->ip4h->s_ip_addrs,
(uint16_t *)p->udph, (p->payload_len + UDP_HEADER_LEN));
}
/* IPV4 */
/* just TCP for IPV6 */
if (PKT_IS_TCP(p)) {
p->tcph->th_sum = 0;
- p->tcph->th_sum = TCPV6CalculateChecksum((uint16_t *)&(p->ip6h->ip6_src),
+ p->tcph->th_sum = TCPV6CalculateChecksum(p->ip6h->s_ip6_addrs,
(uint16_t *)p->tcph, (p->payload_len + TCP_GET_HLEN(p)));
} else if (PKT_IS_UDP(p)) {
p->udph->uh_sum = 0;
- p->udph->uh_sum = UDPV6CalculateChecksum((uint16_t *)&(p->ip6h->ip6_src),
+ p->udph->uh_sum = UDPV6CalculateChecksum(p->ip6h->s_ip6_addrs,
(uint16_t *)p->udph, (p->payload_len + UDP_HEADER_LEN));
}
}
return 0;
TAILQ_FOREACH(child, &base->head, next) {
- if (!strncmp(child->val, "interface", sizeof(child->val))) {
+ if (!strcmp(child->val, "interface")) {
ConfNode *subchild;
TAILQ_FOREACH(subchild, &child->head, next) {
if ((!strcmp(subchild->name, "interface"))) {
void (*Free)(void *);
} HashTable;
+#define HASH_NO_SIZE 0
+
/* prototypes */
HashTable* HashTableInit(uint32_t, uint32_t (*Hash)(struct HashTable_ *, void *, uint16_t), char (*Compare)(void *, uint16_t, void *, uint16_t), void (*Free)(void *));
void HashTableFree(HashTable *);
void (*Free)(void *);
} HashListTable;
+#define HASHLIST_NO_SIZE 0
+
/* prototypes */
HashListTable* HashListTableInit(uint32_t, uint32_t (*Hash)(struct HashListTable_ *, void *, uint16_t), char (*Compare)(void *, uint16_t, void *, uint16_t), void (*Free)(void *));
void HashListTableFree(HashListTable *);
}
void MagicDeinit(void) {
+ SCMutexLock(&g_magic_lock);
if (g_magic_ctx != NULL) {
magic_close(g_magic_ctx);
g_magic_ctx = NULL;
}
+ SCMutexUnlock(&g_magic_lock);
+ SCMutexDestroy(&g_magic_lock);
}
#ifdef UNITTESTS
ptrmem = malloc((a)); \
if (ptrmem == NULL) { \
if (SC_ATOMIC_GET(engine_stage) == SURICATA_INIT) {\
+ uintmax_t size = (uintmax_t)(a); \
SCLogError(SC_ERR_MEM_ALLOC, "SCMalloc failed: %s, while trying " \
- "to allocate %"PRIuMAX" bytes", strerror(errno), (uintmax_t)(a)); \
+ "to allocate %"PRIuMAX" bytes", strerror(errno), size); \
SCLogError(SC_ERR_FATAL, "Out of memory. The engine cannot be initialized. Exiting..."); \
exit(EXIT_FAILURE); \
} \
for (u = 0; u < buflen; u++) {
written += (uint32_t)snprintf(temp, sizeof(temp), "%02X ", buf[u]);
if (written < retbuflen) {
- strlcat(retbuf, temp, sizeof(retbuf));
+ strlcat(retbuf, temp, retbuflen);
}
}
}
for (int i = 0; i < nqueue; i++) {
memset(tname, 0, sizeof(tname));
snprintf(tname, sizeof(tname), "Verdict%"PRIu16, i);
- if (tname == NULL) {
- printf("ERROR: Unable to build thread name\n");
- exit(EXIT_FAILURE);
- }
char *thread_name = SCStrdup(tname);
ThreadVars *tv_verdict =
for (int i = 0; i < nqueue; i++) {
memset(tname, 0, sizeof(tname));
snprintf(tname, sizeof(tname), "Verdict%"PRIu16, i);
- if (tname == NULL) {
- printf("ERROR: Unable to build thread name\n");
- exit(EXIT_FAILURE);
- }
char *thread_name = SCStrdup(tname);
ThreadVars *tv_verdict =
}
memset(tname, 0, sizeof(tname));
snprintf(tname, sizeof(tname), "Worker-Q%s", cur_queue);
- if (tname == NULL) {
- printf("ERROR: Unable to build thread name\n");
- exit(EXIT_FAILURE);
- }
char *thread_name = SCStrdup(tname);
tv = TmThreadCreatePacketHandler(thread_name,
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
if (alerts > 0) {
- goto end;
result = 0;
+ goto end;
}
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p2);
alerts += PacketAlertCheck(p2, 10);
if (alerts > 0) {
- goto end;
result = 0;
+ goto end;
}
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
p->src.addr_data32[2] = in[2];
p->src.addr_data32[3] = in[3];
p->sp = sport;
- p->ip6h->ip6_src[0] = in[0];
- p->ip6h->ip6_src[1] = in[1];
- p->ip6h->ip6_src[2] = in[2];
- p->ip6h->ip6_src[3] = in[3];
+ p->ip6h->s_ip6_src[0] = in[0];
+ p->ip6h->s_ip6_src[1] = in[1];
+ p->ip6h->s_ip6_src[2] = in[2];
+ p->ip6h->s_ip6_src[3] = in[3];
if (inet_pton(AF_INET6, dst, &in) <= 0)
goto error;
p->dst.addr_data32[2] = in[2];
p->dst.addr_data32[3] = in[3];
p->dp = dport;
- p->ip6h->ip6_dst[0] = in[0];
- p->ip6h->ip6_dst[1] = in[1];
- p->ip6h->ip6_dst[2] = in[2];
- p->ip6h->ip6_dst[3] = in[3];
+ p->ip6h->s_ip6_dst[0] = in[0];
+ p->ip6h->s_ip6_dst[1] = in[1];
+ p->ip6h->s_ip6_dst[2] = in[2];
+ p->ip6h->s_ip6_dst[3] = in[3];
p->tcph = SCMalloc(sizeof(TCPHdr));
if (p->tcph == NULL)
if (p->ip4h == NULL)
goto error;
- p->ip4h->ip_src.s_addr = p->src.addr_data32[0];
- p->ip4h->ip_dst.s_addr = p->dst.addr_data32[0];
+ p->ip4h->s_ip_src.s_addr = p->src.addr_data32[0];
+ p->ip4h->s_ip_dst.s_addr = p->dst.addr_data32[0];
p->ip4h->ip_proto = ipproto;
p->ip4h->ip_verhl = sizeof(IPV4Hdr);
p->proto = ipproto;
projects / thirdparty / suricata.git / commitdiff
