From: Victor Julien Date: Mon, 13 Apr 2020 14:31:50 +0000 (+0200) Subject: datasets: add 'remove' support X-Git-Tag: suricata-6.0.0-beta1~494 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=af06883f65ff50d2b118ffd772d1bd93bb3b00f0;p=thirdparty%2Fsuricata.git datasets: add 'remove' support --- diff --git a/src/datasets.c b/src/datasets.c index b2681f0296..f68ed2e441 100644 --- a/src/datasets.c +++ b/src/datasets.c @@ -1044,3 +1044,84 @@ int DatasetAddSerialized(Dataset *set, const char *string) } return -1; } + +/** + * \retval 1 data was removed from the hash + * \retval 0 data not removed (busy) + * \retval -1 data not found + */ +static int DatasetRemoveString(Dataset *set, const uint8_t *data, const uint32_t data_len) +{ + if (set == NULL) + return -1; + + StringType lookup = { .ptr = (uint8_t *)data, .len = data_len, + .rep.value = 0 }; + return THashRemoveFromHash(set->hash, &lookup); +} + +static int DatasetRemoveMd5(Dataset *set, const uint8_t *data, const uint32_t data_len) +{ + if (set == NULL) + return -1; + + if (data_len != 16) + return -2; + + Md5Type lookup = { .rep.value = 0 }; + memcpy(lookup.md5, data, 16); + return THashRemoveFromHash(set->hash, &lookup); +} + +static int DatasetRemoveSha256(Dataset *set, const uint8_t *data, const uint32_t data_len) +{ + if (set == NULL) + return -1; + + if (data_len != 32) + return -2; + + Sha256Type lookup = { .rep.value = 0 }; + memcpy(lookup.sha256, data, 32); + return THashRemoveFromHash(set->hash, &lookup); +} + +/** \brief remove serialized data from set + * \retval int 1 removed + * \retval int 0 found but busy (not removed) + * \retval int -1 API error (not removed) + * \retval int -2 DATA error */ +int DatasetRemoveSerialized(Dataset *set, const char *string) +{ + if (set == NULL) + return -1; + + switch (set->type) { + case DATASET_TYPE_STRING: { + uint8_t decoded[strlen(string)]; + uint32_t len = DecodeBase64(decoded, (const uint8_t *)string, strlen(string), 1); + if (len == 0) { + return -2; + } + + return DatasetRemoveString(set, decoded, len); + } + case DATASET_TYPE_MD5: { + if (strlen(string) != 32) + return -2; + uint8_t hash[16]; + if (HexToRaw((const uint8_t *)string, 32, hash, sizeof(hash)) < 0) + return -2; + return DatasetRemoveMd5(set, hash, 16); + } + case DATASET_TYPE_SHA256: { + if (strlen(string) != 64) + return -2; + uint8_t hash[32]; + if (HexToRaw((const uint8_t *)string, 64, hash, sizeof(hash)) < 0) + return -2; + return DatasetRemoveSha256(set, hash, 32); + } + } + return -1; +} diff --git a/src/datasets.h b/src/datasets.h index 0b20d34088..16ae562684 100644 --- a/src/datasets.h +++ b/src/datasets.h @@ -54,6 +54,8 @@ int DatasetAdd(Dataset *set, const uint8_t *data, const uint32_t data_len); int DatasetLookup(Dataset *set, const uint8_t *data, const uint32_t data_len); DataRepResultType DatasetLookupwRep(Dataset *set, const uint8_t *data, const uint32_t data_len, const DataRepType *rep); + int DatasetAddSerialized(Dataset *set, const char *string); +int DatasetRemoveSerialized(Dataset *set, const char *string); #endif /* __DATASETS_H__ */ diff --git a/src/util-thash.c b/src/util-thash.c index b9caee68cf..29966689bc 100644 --- a/src/util-thash.c +++ b/src/util-thash.c @@ -750,15 +750,8 @@ int THashRemoveFromHash (THashTableContext *ctx, void *data) THashHashRow *hb = &ctx->array[key]; HRLOCK_LOCK(hb); - if (hb->head == NULL) { - HRLOCK_UNLOCK(hb); - SCLogDebug("empty hash row"); - return -1; - } - - /* ok, we have data in the bucket. Let's find out if it is our data */ THashData *h = hb->head; - do { + while (h != NULL) { /* see if this is the data we are looking for */ if (THashCompare(&ctx->config, h->data, data) == 0) { h = h->next; @@ -789,8 +782,7 @@ int THashRemoveFromHash (THashTableContext *ctx, void *data) THashDataFree(ctx, h); SCLogDebug("found and removed"); return 1; - - } while (h != NULL); + } HRLOCK_UNLOCK(hb); SCLogDebug("data not found");