From: Victor Julien Date: Thu, 27 Oct 2016 13:41:10 +0000 (+0200) Subject: pkt-var: use id instead of name pointer X-Git-Tag: suricata-4.0.0-beta1~326 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5e39486399457b494ea323b71b34ef8dcde47438;p=thirdparty%2Fsuricata.git pkt-var: use id instead of name pointer --- diff --git a/src/alert-debuglog.c b/src/alert-debuglog.c index f2854bf8b8..7d0ad0e261 100644 --- a/src/alert-debuglog.c +++ b/src/alert-debuglog.c @@ -125,8 +125,9 @@ static void AlertDebugLogPktVars(AlertDebugLogThread *aft, const Packet *p) { const PktVar *pv = p->pktvar; - while(pv != NULL) { - MemBufferWriteString(aft->buffer, "PKTVAR: %s\n", pv->name); + while (pv != NULL) { + const char *varname = VarNameStoreLookupById(pv->id, VAR_TYPE_PKT_VAR); + MemBufferWriteString(aft->buffer, "PKTVAR: %s\n", varname); PrintRawDataToBuffer(aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size, pv->value, pv->value_len); pv = pv->next; diff --git a/src/decode.h b/src/decode.h index d034df0c24..6d0ad53ee7 100644 --- a/src/decode.h +++ b/src/decode.h @@ -298,7 +298,7 @@ typedef struct PacketEngineEvents_ { } PacketEngineEvents; typedef struct PktVar_ { - const char *name; + uint32_t id; struct PktVar_ *next; /* right now just implement this as a list, * in the long run we have thing of something * faster. */ diff --git a/src/detect-pcre.c b/src/detect-pcre.c index b3f7281dcc..1fe8af2758 100644 --- a/src/detect-pcre.c +++ b/src/detect-pcre.c @@ -226,9 +226,7 @@ int DetectPcrePayloadMatch(DetectEngineThreadCtx *det_ctx, const Signature *s, continue; if (pe->captypes[x] == VAR_TYPE_PKT_VAR && p != NULL) { - const char *varname = VarNameStoreLookupById(pe->capids[x], - VAR_TYPE_PKT_VAR); - PktVarAdd(p, varname, (uint8_t *)str_ptr, ret); + PktVarAdd(p, pe->capids[x], (uint8_t *)str_ptr, ret); } else if (pe->captypes[x] == VAR_TYPE_FLOW_VAR && f != NULL) { /* store max 64k. Errors are ignored */ diff --git a/src/detect-pktvar.c b/src/detect-pktvar.c index 919ea2d878..7a720839d7 100644 --- a/src/detect-pktvar.c +++ b/src/detect-pktvar.c @@ -66,7 +66,7 @@ static int DetectPktvarMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Pac int ret = 0; const DetectPktvarData *pd = (const DetectPktvarData *)ctx; - PktVar *pv = PktVarGet(p, pd->name); + PktVar *pv = PktVarGet(p, pd->id); if (pv != NULL) { uint8_t *ptr = SpmSearch(pv->value, pv->value_len, pd->content, pd->content_len); if (ptr != NULL) @@ -92,7 +92,6 @@ static int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, char *rawst if (ret != 3) { SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for pktvar.", rawstr); return -1; - } const char *str_ptr; @@ -199,12 +198,7 @@ static int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, char *rawst return -1; } - cd->name = SCStrdup(varname); - if (cd->name == NULL) { - SCFree(cd); - if (dubbed) SCFree(str); - return -1; - } + cd->id = VarNameStoreSetupAdd(varname, VAR_TYPE_PKT_VAR); memcpy(cd->content, str, len); cd->content_len = len; @@ -228,8 +222,6 @@ error: if (dubbed) SCFree(str); if (cd) { - if (cd->name) - SCFree(cd->name); SCFree(cd); } if (sm) diff --git a/src/detect-pktvar.h b/src/detect-pktvar.h index e5d1d3a6a1..e6e5211dd6 100644 --- a/src/detect-pktvar.h +++ b/src/detect-pktvar.h @@ -25,10 +25,10 @@ #define __DETECT_PKTVAR_H__ typedef struct DetectPktvarData_ { - char *name; - uint8_t *content; + uint32_t id; uint8_t content_len; uint8_t flags; + uint8_t *content; } DetectPktvarData; /* prototypes */ diff --git a/src/detect.c b/src/detect.c index a3441cefcf..3797a2272c 100644 --- a/src/detect.c +++ b/src/detect.c @@ -5133,59 +5133,42 @@ static int SigTest17 (void) Packet *p = NULL; ThreadVars th_v; DetectEngineThreadCtx *det_ctx = NULL; - int result = 0; - memset(&th_v, 0, sizeof(th_v)); p = UTHBuildPacketSrcDstPorts((uint8_t *)buf, buflen, IPPROTO_TCP, 12345, 80); + FAIL_IF_NULL(p); ConfCreateContextBackup(); ConfInit(); ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string)); DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) { - goto end; - } - + FAIL_IF_NULL(de_ctx); de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any $HTTP_PORTS (msg:\"HTTP host cap\"; content:\"Host:\"; pcre:\"/^Host: (?P.*)\\r\\n/m\"; noalert; sid:1;)"); - if (de_ctx->sig_list == NULL) { - result = 0; - goto end; - } + Signature *s = DetectEngineAppendSig(de_ctx,"alert tcp any any -> any $HTTP_PORTS (msg:\"HTTP host cap\"; content:\"Host:\"; pcre:\"/^Host: (?P.*)\\r\\n/m\"; noalert; sid:1;)"); + FAIL_IF_NULL(s); SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&th_v, (void *)de_ctx,(void *)&det_ctx); - SigMatchSignatures(&th_v, de_ctx, det_ctx, p); - PktVar *pv_hn = PktVarGet(p, "http_host"); - if (pv_hn != NULL) { - if (memcmp(pv_hn->value, "one.example.org", pv_hn->value_len < 15 ? pv_hn->value_len : 15) == 0) - result = 1; - else { - printf("\""); - PrintRawUriFp(stdout, pv_hn->value, pv_hn->value_len); - printf("\" != \"one.example.org\": "); - } - PktVarFree(pv_hn); - } else { - printf("Pkt var http_host not captured: "); - } -end: - if (de_ctx != NULL) { - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - if (det_ctx != NULL) - DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); - DetectEngineCtxFree(de_ctx); - } + uint32_t capid = VarNameStoreLookupByName("http_host", VAR_TYPE_PKT_VAR); + + PktVar *pv_hn = PktVarGet(p, capid); + FAIL_IF_NULL(pv_hn); + + FAIL_IF(pv_hn->value_len != 15); + FAIL_IF_NOT(memcmp(pv_hn->value, "one.example.org", pv_hn->value_len) == 0); + + PktVarFree(pv_hn); + DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); + DetectEngineCtxFree(de_ctx); ConfDeInit(); ConfRestoreContextBackup(); UTHFreePackets(&p, 1); - return result; + + PASS; } static int SigTest18 (void) diff --git a/src/pkt-var.c b/src/pkt-var.c index dcc706959b..333f2977bd 100644 --- a/src/pkt-var.c +++ b/src/pkt-var.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2010 Open Information Security Foundation +/* Copyright (C) 2007-2016 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -35,9 +35,10 @@ #include "util-debug.h" /* puts a new value into a pktvar */ -void PktVarUpdate(PktVar *pv, uint8_t *value, uint16_t size) +static void PktVarUpdate(PktVar *pv, uint8_t *value, uint16_t size) { - if (pv->value) SCFree(pv->value); + if (pv->value) + SCFree(pv->value); pv->value = value; pv->value_len = size; } @@ -45,12 +46,12 @@ void PktVarUpdate(PktVar *pv, uint8_t *value, uint16_t size) /* get the pktvar with name 'name' from the pkt * * name is a normal string*/ -PktVar *PktVarGet(Packet *p, const char *name) +PktVar *PktVarGet(Packet *p, uint32_t id) { PktVar *pv = p->pktvar; for (;pv != NULL; pv = pv->next) { - if (pv->name && strcmp(pv->name, name) == 0) + if (pv->id == id) return pv; } @@ -58,23 +59,24 @@ PktVar *PktVarGet(Packet *p, const char *name) } /* add a pktvar to the pkt, or update it */ -void PktVarAdd(Packet *p, const char *name, uint8_t *value, uint16_t size) +void PktVarAdd(Packet *p, uint32_t id, uint8_t *value, uint16_t size) { //printf("Adding packet var \"%s\" with value(%" PRId32 ") \"%s\"\n", name, size, value); - PktVar *pv = PktVarGet(p, name); + PktVar *pv = PktVarGet(p, id); if (pv == NULL) { pv = SCMalloc(sizeof(PktVar)); if (unlikely(pv == NULL)) return; - pv->name = name; + pv->id = id; pv->value = value; pv->value_len = size; pv->next = NULL; PktVar *tpv = p->pktvar; - if (p->pktvar == NULL) p->pktvar = pv; + if (p->pktvar == NULL) + p->pktvar = pv; else { while(tpv) { if (tpv->next == NULL) { @@ -94,7 +96,6 @@ void PktVarFree(PktVar *pv) if (pv == NULL) return; - pv->name = NULL; if (pv->value != NULL) SCFree(pv->value); PktVar *pv_next = pv->next; @@ -104,21 +105,3 @@ void PktVarFree(PktVar *pv) if (pv_next != NULL) PktVarFree(pv_next); } - -void PktVarPrint(PktVar *pv) -{ - uint16_t i; - - if (pv == NULL) - return; - - printf("Name \"%s\", Value \"", pv->name); - for (i = 0; i < pv->value_len; i++) { - if (isprint(pv->value[i])) printf("%c", pv->value[i]); - else printf("\\%02X", pv->value[i]); - } - printf("\", Len \"%" PRIu32 "\"\n", pv->value_len); - - PktVarPrint(pv->next); -} - diff --git a/src/pkt-var.h b/src/pkt-var.h index 613bd1d7e7..cfdd6f5aee 100644 --- a/src/pkt-var.h +++ b/src/pkt-var.h @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2010 Open Information Security Foundation +/* Copyright (C) 2007-2016 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -24,10 +24,9 @@ #ifndef __PKT_VAR_H__ #define __PKT_VAR_H__ -void PktVarAdd(Packet *, const char *, uint8_t *, uint16_t); -PktVar *PktVarGet(Packet *, const char *); +void PktVarAdd(Packet *, uint32_t id, uint8_t *, uint16_t); +PktVar *PktVarGet(Packet *, uint32_t id); void PktVarFree(PktVar *); -void PktVarPrint(PktVar *); #endif /* __PKT_VAR_H__ */