if (r)
return r;
- // Open database
+ // Open database
r = loc_database_new(data->ctx, &data->db, f);
fclose(f);
return commas;
}
-static struct DetectLocationData* DetectLocationParse(DetectEngineCtx* ctx,
+static struct DetectLocationData* DetectLocationParseGeoIP(DetectEngineCtx* ctx,
const char* string) {
// Check for valid input
if (!string || !*string)
return NULL;
}
+static int DetectLocationCreateMatch(Signature* signature, const enum DetectKeywordId type,
+ SigMatchCtx* ctx) {
+ // Allocate a new SigMatch structure
+ SigMatch* match = SigMatchAlloc();
+ if (!match)
+ return -1;
+
+ // Store type and context
+ match->type = type;
+ match->ctx = ctx;
+
+ SigMatchAppendSMToList(signature, match, DETECT_SM_LIST_MATCH);
+
+ // We require the packet in order to perform any checks
+ signature->flags |= SIG_FLAG_REQUIRE_PACKET;
+
+ return 0;
+}
+
/**
* \internal
* \brief this function is used to add the geoip option into the signature
* \retval 0 on Success
* \retval -1 on Failure
*/
-static int DetectLocationSetup(DetectEngineCtx* ctx, Signature* signature, const char* optstring) {
- struct DetectLocationData* data = NULL;
- SigMatch* match = NULL;
+static int DetectLocationSetupGeoIP(DetectEngineCtx* ctx, Signature* signature,
+ const char* optstring) {
+ int r;
// Parse the option string
- data = DetectLocationParse(ctx, optstring);
+ struct DetectLocationData* data = DetectLocationParseGeoIP(ctx, optstring);
if (!data)
- goto ERROR;
-
- // Allocate a new SigMatch structure
- match = SigMatchAlloc();
- if (!match)
- goto ERROR;
-
- match->type = DETECT_GEOIP;
- match->ctx = (SigMatchCtx*)data;
-
- SigMatchAppendSMToList(signature, match, DETECT_SM_LIST_MATCH);
-
- // We require the packet in order to perform any checks
- signature->flags |= SIG_FLAG_REQUIRE_PACKET;
-
- return 0;
+ return -1;
-ERROR:
- if (data)
+ // Create a match
+ r = DetectLocationCreateMatch(signature, DETECT_GEOIP, (SigMatchCtx*)data);
+ if (r) {
DetectLocationFree(ctx, data);
- if (match)
- SCFree(match);
+ return r;
+ }
- return -1;
+ return 0;
}
static int DetectLocationMatchCountryCode(const struct DetectLocationData* data, struct loc_network* network) {
#else /* HAVE_LIBLOC */
-static int DetectLocationSetup(DetectEngineCtx* ctx, Signature* signature, const char* optstring) {
+static int DetectLocationSetupGeoIP(DetectEngineCtx* ctx, Signature* signature, const char* optstring) {
SCLogError(SC_ERR_NO_LOCATION_SUPPORT,
"Support for IPFire Location is not built in (needed for geoip keyword)");
return -1;
sigmatch_table[DETECT_GEOIP].name = "geoip";
sigmatch_table[DETECT_GEOIP].desc = "match on the source, destination or source and destination IP addresses of network traffic, and to see to which country it belongs";
sigmatch_table[DETECT_GEOIP].url = "/rules/header-keywords.html#geoip";
- sigmatch_table[DETECT_GEOIP].Setup = DetectLocationSetup;
+ sigmatch_table[DETECT_GEOIP].Setup = DetectLocationSetupGeoIP;
#ifdef HAVE_LIBLOC
sigmatch_table[DETECT_GEOIP].Match = DetectLocationMatch;
sigmatch_table[DETECT_GEOIP].Free = DetectLocationFree;
projects / people / ms / suricata.git / commitdiff
