-/* Copyright (C) 2007-2019 Open Information Security Foundation
+/* Copyright (C) 2007-2022 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
extern const char *stats_decoder_events_prefix;
extern bool stats_stream_events;
uint8_t decoder_max_layers = PKT_DEFAULT_MAX_DECODED_LAYERS;
+uint16_t packet_alert_max = PACKET_ALERT_MAX;
+
+/**
+ * \brief Initialize PacketAlerts with dynamic alerts array size
+ *
+ */
+PacketAlert *PacketAlertCreate(void)
+{
+ PacketAlert *pa_array = SCCalloc(packet_alert_max, sizeof(PacketAlert));
+ BUG_ON(pa_array == NULL);
+
+ return pa_array;
+}
+
+void PacketAlertFree(PacketAlert *pa)
+{
+ if (pa != NULL) {
+ SCFree(pa);
+ }
+}
static int DecodeTunnel(ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t,
PacketQueue *, enum DecodeTunnelProto) WARN_UNUSED;
decoder_max_layers = value;
}
}
+ PacketAlertGetMaxConfig();
+}
+
+void PacketAlertGetMaxConfig(void)
+{
+ intmax_t max = 0;
+ if (ConfGetInt("packet-alert-max", &max) == 1) {
+ if (max <= 0 || max > UINT8_MAX) {
+ SCLogWarning(SC_ERR_INVALID_VALUE,
+ "Invalid value for packet-alert-max, default value set instead");
+ } else {
+ packet_alert_max = max;
+ }
+ }
+ SCLogDebug("detect->packet_alert_max set to %d", packet_alert_max);
}
/**
-/* Copyright (C) 2007-2020 Open Information Security Foundation
+/* Copyright (C) 2007-2022 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
/** action was changed by rate_filter */
#define PACKET_ALERT_RATE_FILTER_MODIFIED 0x10
+extern uint16_t packet_alert_max;
#define PACKET_ALERT_MAX 15
typedef struct PacketAlerts_ {
uint16_t cnt;
- PacketAlert alerts[PACKET_ALERT_MAX];
+ PacketAlert *alerts;
/* single pa used when we're dropping,
* so we can log it out in the drop log. */
PacketAlert drop;
} PacketAlerts;
+PacketAlert *PacketAlertCreate(void);
+
+void PacketAlertFree(PacketAlert *pa);
+
/** number of decoder events we support per packet. Power of 2 minus 1
* for memory layout */
#define PACKET_ENGINE_EVENT_MAX 15
/**
* \brief Initialize a packet structure for use.
*/
-#define PACKET_INITIALIZE(p) { \
- SCMutexInit(&(p)->tunnel_mutex, NULL); \
- PACKET_RESET_CHECKSUMS((p)); \
- (p)->livedev = NULL; \
-}
+#define PACKET_INITIALIZE(p) \
+ { \
+ SCMutexInit(&(p)->tunnel_mutex, NULL); \
+ (p)->alerts.alerts = PacketAlertCreate(); \
+ PACKET_RESET_CHECKSUMS((p)); \
+ (p)->livedev = NULL; \
+ }
#define PACKET_RELEASE_REFS(p) do { \
FlowDeReference(&((p)->flow)); \
if ((p)->pktvar != NULL) { \
PktVarFree((p)->pktvar); \
} \
+ PacketAlertFree((p)->alerts.alerts); \
PACKET_FREE_EXTDATA((p)); \
SCMutexDestroy(&(p)->tunnel_mutex); \
AppLayerDecoderEventsFreeEvents(&(p)->app_layer_events); \
int DecoderParseDataFromFileSerie(char *fileprefix, DecoderFunc Decoder);
#endif
void DecodeGlobalConfig(void);
+void PacketAlertGetMaxConfig(void);
void DecodeUnregisterCounters(void);
/** \brief Set the No payload inspection Flag for the packet.
projects / thirdparty / suricata.git / commitdiff
