From: Victor Julien Date: Sat, 20 Dec 2014 19:02:19 +0000 (+0100) Subject: host: implement hostbits/xbits expire X-Git-Tag: suricata-2.1beta4~67 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=67dd5c0430dda97c8ba15b9fada525b5eee0acb1;p=thirdparty%2Fsuricata.git host: implement hostbits/xbits expire --- diff --git a/src/detect-hostbits.c b/src/detect-hostbits.c index ff280e2a88..3da30a79c7 100644 --- a/src/detect-hostbits.c +++ b/src/detect-hostbits.c @@ -118,7 +118,7 @@ static int DetectHostbitMatchToggle (Packet *p, const DetectXbitsData *fd) else HostLock(p->host_src); - HostBitToggle(p->host_src,fd->idx); + HostBitToggle(p->host_src,fd->idx,p->ts.tv_sec + fd->expire); HostUnlock(p->host_src); break; case DETECT_XBITS_TRACK_IPDST: @@ -130,7 +130,7 @@ static int DetectHostbitMatchToggle (Packet *p, const DetectXbitsData *fd) else HostLock(p->host_dst); - HostBitToggle(p->host_dst,fd->idx); + HostBitToggle(p->host_dst,fd->idx,p->ts.tv_sec + fd->expire); HostUnlock(p->host_dst); break; } @@ -178,7 +178,7 @@ static int DetectHostbitMatchSet (Packet *p, const DetectXbitsData *fd) } else HostLock(p->host_src); - HostBitSet(p->host_src,fd->idx); + HostBitSet(p->host_src,fd->idx,p->ts.tv_sec + fd->expire); HostUnlock(p->host_src); break; case DETECT_XBITS_TRACK_IPDST: @@ -189,7 +189,7 @@ static int DetectHostbitMatchSet (Packet *p, const DetectXbitsData *fd) } else HostLock(p->host_dst); - HostBitSet(p->host_dst,fd->idx); + HostBitSet(p->host_dst,fd->idx, p->ts.tv_sec + fd->expire); HostUnlock(p->host_dst); break; } @@ -208,7 +208,7 @@ static int DetectHostbitMatchIsset (Packet *p, const DetectXbitsData *fd) } else HostLock(p->host_src); - r = HostBitIsset(p->host_src,fd->idx); + r = HostBitIsset(p->host_src,fd->idx, p->ts.tv_sec); HostUnlock(p->host_src); return r; case DETECT_XBITS_TRACK_IPDST: @@ -219,7 +219,7 @@ static int DetectHostbitMatchIsset (Packet *p, const DetectXbitsData *fd) } else HostLock(p->host_dst); - r = HostBitIsset(p->host_dst,fd->idx); + r = HostBitIsset(p->host_dst,fd->idx, p->ts.tv_sec); HostUnlock(p->host_dst); return r; } @@ -238,7 +238,7 @@ static int DetectHostbitMatchIsnotset (Packet *p, const DetectXbitsData *fd) } else HostLock(p->host_src); - r = HostBitIsnotset(p->host_src,fd->idx); + r = HostBitIsnotset(p->host_src,fd->idx, p->ts.tv_sec); HostUnlock(p->host_src); return r; case DETECT_XBITS_TRACK_IPDST: @@ -249,7 +249,7 @@ static int DetectHostbitMatchIsnotset (Packet *p, const DetectXbitsData *fd) } else HostLock(p->host_dst); - r = HostBitIsnotset(p->host_dst,fd->idx); + r = HostBitIsnotset(p->host_dst,fd->idx, p->ts.tv_sec); HostUnlock(p->host_dst); return r; } diff --git a/src/host-bit.c b/src/host-bit.c index ed07e2ffa8..4210c0ca02 100644 --- a/src/host-bit.c +++ b/src/host-bit.c @@ -76,7 +76,7 @@ static XBit *HostBitGet(Host *h, uint16_t idx) } /* add a flowbit to the flow */ -static void HostBitAdd(Host *h, uint16_t idx) +static void HostBitAdd(Host *h, uint16_t idx, uint32_t expire) { XBit *fb = HostBitGet(h, idx); if (fb == NULL) { @@ -87,10 +87,15 @@ static void HostBitAdd(Host *h, uint16_t idx) fb->type = DETECT_XBITS; fb->idx = idx; fb->next = NULL; + fb->expire = expire; GenericVar *gv = HostGetStorageById(h, host_bit_id); GenericVarAppend(&gv, (GenericVar *)fb); HostSetStorageById(h, host_bit_id, gv); + + // bit already set, lets update it's time + } else { + fb->expire = expire; } } @@ -107,11 +112,11 @@ static void HostBitRemove(Host *h, uint16_t idx) } } -void HostBitSet(Host *h, uint16_t idx) +void HostBitSet(Host *h, uint16_t idx, uint32_t expire) { XBit *fb = HostBitGet(h, idx); if (fb == NULL) { - HostBitAdd(h, idx); + HostBitAdd(h, idx, expire); } } @@ -123,37 +128,41 @@ void HostBitUnset(Host *h, uint16_t idx) } } -void HostBitToggle(Host *h, uint16_t idx) +void HostBitToggle(Host *h, uint16_t idx, uint32_t expire) { XBit *fb = HostBitGet(h, idx); if (fb != NULL) { HostBitRemove(h, idx); } else { - HostBitAdd(h, idx); + HostBitAdd(h, idx, expire); } } -int HostBitIsset(Host *h, uint16_t idx) +int HostBitIsset(Host *h, uint16_t idx, uint32_t ts) { - int r = 0; - XBit *fb = HostBitGet(h, idx); if (fb != NULL) { - r = 1; + if (fb->expire < ts) { + HostBitRemove(h,idx); + return 0; + } + return 1; } - return r; + return 0; } -int HostBitIsnotset(Host *h, uint16_t idx) +int HostBitIsnotset(Host *h, uint16_t idx, uint32_t ts) { - int r = 0; - XBit *fb = HostBitGet(h, idx); if (fb == NULL) { - r = 1; + return 1; } - return r; + if (fb->expire < ts) { + HostBitRemove(h,idx); + return 1; + } + return 0; } /* TESTS */ @@ -167,7 +176,7 @@ static int HostBitTest01 (void) if (h == NULL) goto end; - HostBitAdd(h, 0); + HostBitAdd(h, 0, 0); XBit *fb = HostBitGet(h,0); if (fb != NULL) @@ -207,7 +216,7 @@ static int HostBitTest03 (void) if (h == NULL) goto end; - HostBitAdd(h, 0); + HostBitAdd(h, 0, 30); XBit *fb = HostBitGet(h,0); if (fb == NULL) { @@ -240,10 +249,10 @@ static int HostBitTest04 (void) if (h == NULL) goto end; - HostBitAdd(h, 0); - HostBitAdd(h, 1); - HostBitAdd(h, 2); - HostBitAdd(h, 3); + HostBitAdd(h, 0, 30); + HostBitAdd(h, 1, 30); + HostBitAdd(h, 2, 30); + HostBitAdd(h, 3, 30); XBit *fb = HostBitGet(h,0); if (fb != NULL) @@ -264,10 +273,10 @@ static int HostBitTest05 (void) if (h == NULL) goto end; - HostBitAdd(h, 0); - HostBitAdd(h, 1); - HostBitAdd(h, 2); - HostBitAdd(h, 3); + HostBitAdd(h, 0, 30); + HostBitAdd(h, 1, 30); + HostBitAdd(h, 2, 30); + HostBitAdd(h, 3, 30); XBit *fb = HostBitGet(h,1); if (fb != NULL) @@ -288,10 +297,10 @@ static int HostBitTest06 (void) if (h == NULL) goto end; - HostBitAdd(h, 0); - HostBitAdd(h, 1); - HostBitAdd(h, 2); - HostBitAdd(h, 3); + HostBitAdd(h, 0, 90); + HostBitAdd(h, 1, 90); + HostBitAdd(h, 2, 90); + HostBitAdd(h, 3, 90); XBit *fb = HostBitGet(h,2); if (fb != NULL) @@ -312,10 +321,10 @@ static int HostBitTest07 (void) if (h == NULL) goto end; - HostBitAdd(h, 0); - HostBitAdd(h, 1); - HostBitAdd(h, 2); - HostBitAdd(h, 3); + HostBitAdd(h, 0, 90); + HostBitAdd(h, 1, 90); + HostBitAdd(h, 2, 90); + HostBitAdd(h, 3, 90); XBit *fb = HostBitGet(h,3); if (fb != NULL) @@ -336,10 +345,10 @@ static int HostBitTest08 (void) if (h == NULL) goto end; - HostBitAdd(h, 0); - HostBitAdd(h, 1); - HostBitAdd(h, 2); - HostBitAdd(h, 3); + HostBitAdd(h, 0, 90); + HostBitAdd(h, 1, 90); + HostBitAdd(h, 2, 90); + HostBitAdd(h, 3, 90); XBit *fb = HostBitGet(h,0); if (fb == NULL) @@ -369,10 +378,10 @@ static int HostBitTest09 (void) if (h == NULL) goto end; - HostBitAdd(h, 0); - HostBitAdd(h, 1); - HostBitAdd(h, 2); - HostBitAdd(h, 3); + HostBitAdd(h, 0, 90); + HostBitAdd(h, 1, 90); + HostBitAdd(h, 2, 90); + HostBitAdd(h, 3, 90); XBit *fb = HostBitGet(h,1); if (fb == NULL) @@ -402,10 +411,10 @@ static int HostBitTest10 (void) if (h == NULL) goto end; - HostBitAdd(h, 0); - HostBitAdd(h, 1); - HostBitAdd(h, 2); - HostBitAdd(h, 3); + HostBitAdd(h, 0, 90); + HostBitAdd(h, 1, 90); + HostBitAdd(h, 2, 90); + HostBitAdd(h, 3, 90); XBit *fb = HostBitGet(h,2); if (fb == NULL) @@ -435,10 +444,10 @@ static int HostBitTest11 (void) if (h == NULL) goto end; - HostBitAdd(h, 0); - HostBitAdd(h, 1); - HostBitAdd(h, 2); - HostBitAdd(h, 3); + HostBitAdd(h, 0, 90); + HostBitAdd(h, 1, 90); + HostBitAdd(h, 2, 90); + HostBitAdd(h, 3, 90); XBit *fb = HostBitGet(h,3); if (fb == NULL) diff --git a/src/host-bit.h b/src/host-bit.h index 884ae3b1a5..574ae9b269 100644 --- a/src/host-bit.h +++ b/src/host-bit.h @@ -32,9 +32,9 @@ void HostBitRegisterTests(void); int HostHasHostBits(Host *host); -void HostBitSet(Host *, uint16_t); +void HostBitSet(Host *, uint16_t, uint32_t); void HostBitUnset(Host *, uint16_t); -void HostBitToggle(Host *, uint16_t); -int HostBitIsset(Host *, uint16_t); -int HostBitIsnotset(Host *, uint16_t); -#endif /* __FLOW_BIT_H__ */ +void HostBitToggle(Host *, uint16_t, uint32_t); +int HostBitIsset(Host *, uint16_t, uint32_t); +int HostBitIsnotset(Host *, uint16_t, uint32_t); +#endif /* __HOST_BIT_H__ */