From: Victor Julien <victor@inliniac.net>
Date: Thu, 10 Oct 2013 16:24:40 +0000 (+0200)
Subject: iprep: fix reputation loading and reloading
X-Git-Tag: suricata-2.0beta2~222
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F588%2Fhead;p=thirdparty%2Fsuricata.git

iprep: fix reputation loading and reloading

When an IP is listed in multiple categories, each new "load" would clear the
previous loads for that IP.

Bug #976
---

diff --git a/src/detect-iprep.c b/src/detect-iprep.c
index 9e537b5a31..0491f43eef 100644
--- a/src/detect-iprep.c
+++ b/src/detect-iprep.c
@@ -204,8 +204,8 @@ int DetectIPRepMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p,
             break;
 
         case DETECT_IPREP_CMD_SRC:
-            SCLogDebug("checking src");
             val = GetHostRepSrc(p, rd->cat, version);
+            SCLogDebug("checking src -- val %u (looking for cat %u, val %u)", val, rd->cat, rd->val);
             if (val > 0) {
                 return RepMatch(rd->op, val, rd->val);
             }
@@ -335,7 +335,7 @@ int DetectIPRepSetup (DetectEngineCtx *de_ctx, Signature *s, char *rawstr)
     cd->cat = cat;
     cd->op = op;
     cd->val = val;
-    //SCLogInfo("cmd %u, cat %u, op %u, val %u", cd->cmd, cd->cat, cd->op, cd->val);
+    SCLogDebug("cmd %u, cat %u, op %u, val %u", cd->cmd, cd->cat, cd->op, cd->val);
 
     pcre_free_substring(name);
     name = NULL;
diff --git a/src/reputation.c b/src/reputation.c
index 5832bb36f9..04945aa2e2 100644
--- a/src/reputation.c
+++ b/src/reputation.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2007-2010 Open Information Security Foundation
+/* Copyright (C) 2007-2013 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
@@ -42,7 +42,9 @@
  *  time out code will use it to check if a host's
  *  reputation info is outdated. */
 SC_ATOMIC_DECLARE(uint32_t, srep_eversion);
-/** reputation version set to the host's reputation */
+/** reputation version set to the host's reputation,
+ *  this will be set to 1 before rep files are loaded,
+ *  so hosts will always have a minial value of 1 */
 static uint32_t srep_version = 0;
 
 static uint32_t SRepIncrVersion(void) {
@@ -351,14 +353,29 @@ static int SRepLoadFile(char *filename) {
                 if (h->iprep != NULL) {
                     SReputation *rep = h->iprep;
 
-                    /* if version is 0, it has been used before, so
-                     * clear it */
-                    if (rep->version != 0) {
+                    /* if version is outdated, it's an older entry that we'll
+                     * now replace. */
+                    if (rep->version != SRepGetVersion()) {
                         memset(rep, 0x00, sizeof(SReputation));
                     }
 
                     rep->version = SRepGetVersion();
                     rep->rep[cat] = value;
+
+                    SCLogDebug("host %p iprep %p setting cat %u to value %u",
+                        h, h->iprep, cat, value);
+#ifdef DEBUG
+                    if (SCLogDebugEnabled()) {
+                        int i;
+                        for (i = 0; i < SREP_MAX_CATS; i++) {
+                            if (rep->rep[i] == 0)
+                                continue;
+
+                            SCLogDebug("--> host %p iprep %p cat %d to value %u",
+                                    h, h->iprep, i, rep->rep[i]);
+                        }
+                    }
+#endif
                 }
 
                 HostRelease(h);