suricata
datasets.c
Go to the documentation of this file.
1 /* Copyright (C) 2017-2020 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #include "suricata-common.h"
25 #include "conf.h"
26 #include "datasets.h"
27 #include "datasets-string.h"
28 #include "datasets-md5.h"
29 #include "datasets-sha256.h"
30 #include "datasets-reputation.h"
31 #include "util-thash.h"
32 #include "util-print.h"
33 #include "util-base64.h" // decode base64
34 #include "util-byte.h"
35 #include "util-misc.h"
36 
38 static Dataset *sets = NULL;
39 static uint32_t set_ids = 0;
40 
41 static int DatasetAddwRep(Dataset *set, const uint8_t *data, const uint32_t data_len,
42  DataRepType *rep);
43 
44 static inline void DatasetUnlockData(THashData *d)
45 {
46  (void) THashDecrUsecnt(d);
47  THashDataUnlock(d);
48 }
49 static bool DatasetIsStatic(const char *save, const char *load);
50 static void GetDefaultMemcap(uint64_t *memcap, uint32_t *hashsize);
51 
52 enum DatasetTypes DatasetGetTypeFromString(const char *s)
53 {
54  if (strcasecmp("md5", s) == 0)
55  return DATASET_TYPE_MD5;
56  if (strcasecmp("sha256", s) == 0)
57  return DATASET_TYPE_SHA256;
58  if (strcasecmp("string", s) == 0)
59  return DATASET_TYPE_STRING;
60  return DATASET_TYPE_NOTSET;
61 }
62 
63 static Dataset *DatasetAlloc(const char *name)
64 {
65  Dataset *set = SCCalloc(1, sizeof(*set));
66  if (set) {
67  set->id = set_ids++;
68  }
69  return set;
70 }
71 
72 static Dataset *DatasetSearchByName(const char *name)
73 {
74  Dataset *set = sets;
75  while (set) {
76  if (strcasecmp(name, set->name) == 0 && set->hidden == false) {
77  return set;
78  }
79  set = set->next;
80  }
81  return NULL;
82 }
83 
84 static int HexToRaw(const uint8_t *in, size_t ins, uint8_t *out, size_t outs)
85 {
86  if (ins < 2)
87  return -1;
88  if (ins % 2 != 0)
89  return -1;
90  if (outs != ins / 2)
91  return -1;
92 
93  uint8_t hash[outs];
94  memset(hash, 0, outs);
95  size_t i, x;
96  for (x = 0, i = 0; i < ins; i+=2, x++) {
97  char buf[3] = { 0, 0, 0 };
98  buf[0] = in[i];
99  buf[1] = in[i+1];
100 
101  long value = strtol(buf, NULL, 16);
102  if (value >= 0 && value <= 255)
103  hash[x] = (uint8_t)value;
104  else {
105  SCLogError(SC_ERR_INVALID_HASH, "hash byte out of range %ld", value);
106  return -1;
107  }
108  }
109 
110  memcpy(out, hash, outs);
111  return 0;
112 }
113 
114 static int ParseRepLine(const char *in, size_t ins, DataRepType *rep_out)
115 {
116  SCLogDebug("in '%s'", in);
117  char raw[ins + 1];
118  memcpy(raw, in, ins);
119  raw[ins] = '\0';
120  char *line = raw;
121 
122  char *ptrs[1] = {NULL};
123  int idx = 0;
124 
125  size_t i = 0;
126  while (i < ins + 1) {
127  if (line[i] == ',' || line[i] == '\n' || line[i] == '\0') {
128  line[i] = '\0';
129  SCLogDebug("line '%s'", line);
130 
131  ptrs[idx] = line;
132  idx++;
133 
134  if (idx == 1)
135  break;
136  } else {
137  i++;
138  }
139  }
140 
141  if (idx != 1) {
142  SCLogDebug("idx %d", idx);
143  return -1;
144  }
145 
146  uint16_t v = 0;
147  int r = StringParseU16RangeCheck(&v, 10, strlen(ptrs[0]), ptrs[0], 0, USHRT_MAX);
148  if (r != (int)strlen(ptrs[0])) {
150  "'%s' is not a valid reputation value (0-65535)", ptrs[0]);
151  return -1;
152  }
153  SCLogDebug("v %"PRIu16" raw %s", v, ptrs[0]);
154 
155  rep_out->value = v;
156  return 0;
157 }
158 
159 static int DatasetLoadMd5(Dataset *set)
160 {
161  if (strlen(set->load) == 0)
162  return 0;
163 
164  SCLogConfig("dataset: %s loading from '%s'", set->name, set->load);
165  const char *fopen_mode = "r";
166  if (strlen(set->save) > 0 && strcmp(set->save, set->load) == 0) {
167  fopen_mode = "a+";
168  }
169 
170  FILE *fp = fopen(set->load, fopen_mode);
171  if (fp == NULL) {
172  SCLogError(SC_ERR_DATASET, "fopen '%s' failed: %s",
173  set->load, strerror(errno));
174  return -1;
175  }
176 
177  uint32_t cnt = 0;
178  char line[1024];
179  while (fgets(line, (int)sizeof(line), fp) != NULL) {
180  /* straight black/white list */
181  if (strlen(line) == 33) {
182  line[strlen(line) - 1] = '\0';
183  SCLogDebug("line: '%s'", line);
184 
185  uint8_t hash[16];
186  if (HexToRaw((const uint8_t *)line, 32, hash, sizeof(hash)) < 0)
187  FatalError(SC_ERR_FATAL, "bad hash for dataset %s/%s",
188  set->name, set->load);
189 
190  if (DatasetAdd(set, (const uint8_t *)hash, 16) < 0)
191  FatalError(SC_ERR_FATAL, "dataset data add failed %s/%s",
192  set->name, set->load);
193  cnt++;
194 
195  /* list with rep data */
196  } else if (strlen(line) > 33 && line[32] == ',') {
197  line[strlen(line) - 1] = '\0';
198  SCLogDebug("MD5 with REP line: '%s'", line);
199 
200  uint8_t hash[16];
201  if (HexToRaw((const uint8_t *)line, 32, hash, sizeof(hash)) < 0)
202  FatalError(SC_ERR_FATAL, "bad hash for dataset %s/%s",
203  set->name, set->load);
204 
205  DataRepType rep = { .value = 0};
206  if (ParseRepLine(line+33, strlen(line)-33, &rep) < 0)
207  FatalError(SC_ERR_FATAL, "bad rep for dataset %s/%s",
208  set->name, set->load);
209 
210  SCLogDebug("rep v:%u", rep.value);
211  if (DatasetAddwRep(set, hash, 16, &rep) < 0)
212  FatalError(SC_ERR_FATAL, "dataset data add failed %s/%s",
213  set->name, set->load);
214 
215  cnt++;
216  }
217  else {
218  FatalError(SC_ERR_FATAL, "MD5 bad line len %u: '%s'",
219  (uint32_t)strlen(line), line);
220  }
221  }
223 
224  fclose(fp);
225  SCLogConfig("dataset: %s loaded %u records", set->name, cnt);
226  return 0;
227 }
228 
229 static int DatasetLoadSha256(Dataset *set)
230 {
231  if (strlen(set->load) == 0)
232  return 0;
233 
234  SCLogConfig("dataset: %s loading from '%s'", set->name, set->load);
235  const char *fopen_mode = "r";
236  if (strlen(set->save) > 0 && strcmp(set->save, set->load) == 0) {
237  fopen_mode = "a+";
238  }
239 
240  FILE *fp = fopen(set->load, fopen_mode);
241  if (fp == NULL) {
242  SCLogError(SC_ERR_DATASET, "fopen '%s' failed: %s",
243  set->load, strerror(errno));
244  return -1;
245  }
246 
247  uint32_t cnt = 0;
248  char line[1024];
249  while (fgets(line, (int)sizeof(line), fp) != NULL) {
250  /* straight black/white list */
251  if (strlen(line) == 65) {
252  line[strlen(line) - 1] = '\0';
253  SCLogDebug("line: '%s'", line);
254 
255  uint8_t hash[32];
256  if (HexToRaw((const uint8_t *)line, 64, hash, sizeof(hash)) < 0)
257  FatalError(SC_ERR_FATAL, "bad hash for dataset %s/%s",
258  set->name, set->load);
259 
260  if (DatasetAdd(set, (const uint8_t *)hash, (uint32_t)32) < 0)
261  FatalError(SC_ERR_FATAL, "dataset data add failed %s/%s",
262  set->name, set->load);
263  cnt++;
264 
265  /* list with rep data */
266  } else if (strlen(line) > 65 && line[64] == ',') {
267  line[strlen(line) - 1] = '\0';
268  SCLogDebug("SHA-256 with REP line: '%s'", line);
269 
270  uint8_t hash[32];
271  if (HexToRaw((const uint8_t *)line, 64, hash, sizeof(hash)) < 0)
272  FatalError(SC_ERR_FATAL, "bad hash for dataset %s/%s",
273  set->name, set->load);
274 
275  DataRepType rep = { .value = 0 };
276  if (ParseRepLine(line+65, strlen(line)-65, &rep) < 0)
277  FatalError(SC_ERR_FATAL, "bad rep for dataset %s/%s",
278  set->name, set->load);
279 
280  SCLogDebug("rep %u", rep.value);
281 
282  if (DatasetAddwRep(set, hash, 32, &rep) < 0)
283  FatalError(SC_ERR_FATAL, "dataset data add failed %s/%s",
284  set->name, set->load);
285  cnt++;
286  }
287  }
289 
290  fclose(fp);
291  SCLogConfig("dataset: %s loaded %u records", set->name, cnt);
292  return 0;
293 }
294 
295 static int DatasetLoadString(Dataset *set)
296 {
297  if (strlen(set->load) == 0)
298  return 0;
299 
300  SCLogConfig("dataset: %s loading from '%s'", set->name, set->load);
301  const char *fopen_mode = "r";
302  if (strlen(set->save) > 0 && strcmp(set->save, set->load) == 0) {
303  fopen_mode = "a+";
304  }
305 
306  FILE *fp = fopen(set->load, fopen_mode);
307  if (fp == NULL) {
308  SCLogError(SC_ERR_DATASET, "fopen '%s' failed: %s",
309  set->load, strerror(errno));
310  return -1;
311  }
312 
313  uint32_t cnt = 0;
314  char line[1024];
315  while (fgets(line, (int)sizeof(line), fp) != NULL) {
316  if (strlen(line) <= 1)
317  continue;
318 
319  char *r = strchr(line, ',');
320  if (r == NULL) {
321  line[strlen(line) - 1] = '\0';
322  SCLogDebug("line: '%s'", line);
323 
324  // coverity[alloc_strlen : FALSE]
325  uint8_t decoded[strlen(line)];
326  uint32_t len = DecodeBase64(decoded, (const uint8_t *)line, strlen(line), 1);
327  if (len == 0)
328  FatalError(SC_ERR_FATAL, "bad base64 encoding %s/%s",
329  set->name, set->load);
330 
331  if (DatasetAdd(set, (const uint8_t *)decoded, len) < 0)
332  FatalError(SC_ERR_FATAL, "dataset data add failed %s/%s",
333  set->name, set->load);
334  cnt++;
335  } else {
336  line[strlen(line) - 1] = '\0';
337  SCLogDebug("line: '%s'", line);
338 
339  *r = '\0';
340 
341  // coverity[alloc_strlen : FALSE]
342  uint8_t decoded[strlen(line)];
343  uint32_t len = DecodeBase64(decoded, (const uint8_t *)line, strlen(line), 1);
344  if (len == 0)
345  FatalError(SC_ERR_FATAL, "bad base64 encoding %s/%s",
346  set->name, set->load);
347 
348  r++;
349  SCLogDebug("r '%s'", r);
350 
351  DataRepType rep = { .value = 0 };
352  if (ParseRepLine(r, strlen(r), &rep) < 0)
353  FatalError(SC_ERR_FATAL, "die: bad rep");
354  SCLogDebug("rep %u", rep.value);
355 
356  if (DatasetAddwRep(set, (const uint8_t *)decoded, len, &rep) < 0)
357  FatalError(SC_ERR_FATAL, "dataset data add failed %s/%s",
358  set->name, set->load);
359  cnt++;
360 
361  SCLogDebug("line with rep %s, %s", line, r);
362  }
363  }
365 
366  fclose(fp);
367  SCLogConfig("dataset: %s loaded %u records", set->name, cnt);
368  return 0;
369 }
370 
371 extern bool g_system;
372 
376 };
377 
378 static void DatasetGetPath(const char *in_path,
379  char *out_path, size_t out_size, enum DatasetGetPathType type)
380 {
381  char path[PATH_MAX];
382  struct stat st;
383 
384  if (PathIsAbsolute(in_path)) {
385  strlcpy(path, in_path, sizeof(path));
386  strlcpy(out_path, path, out_size);
387  return;
388  }
389 
390  const char *data_dir = ConfigGetDataDirectory();
391  if (stat(data_dir, &st) != 0) {
392  SCLogDebug("data-dir '%s': %s", data_dir, strerror(errno));
393  return;
394  }
395 
396  snprintf(path, sizeof(path), "%s/%s", data_dir, in_path); // TODO WINDOWS
397 
398  if (type == TYPE_LOAD) {
399  if (stat(path, &st) != 0) {
400  SCLogDebug("path %s: %s", path, strerror(errno));
401  if (!g_system) {
402  snprintf(path, sizeof(path), "%s", in_path);
403  }
404  }
405  }
406  strlcpy(out_path, path, out_size);
407  SCLogDebug("in_path \'%s\' => \'%s\'", in_path, out_path);
408 }
409 
410 /** \brief look for set by name without creating it */
411 Dataset *DatasetFind(const char *name, enum DatasetTypes type)
412 {
414  Dataset *set = DatasetSearchByName(name);
415  if (set) {
416  if (set->type != type) {
418  return NULL;
419  }
420  }
422  return set;
423 }
424 
425 Dataset *DatasetGet(const char *name, enum DatasetTypes type, const char *save, const char *load,
426  uint64_t memcap, uint32_t hashsize)
427 {
428  uint64_t default_memcap = 0;
429  uint32_t default_hashsize = 0;
430  if (strlen(name) > DATASET_NAME_MAX_LEN) {
431  return NULL;
432  }
433 
435  Dataset *set = DatasetSearchByName(name);
436  if (set) {
437  if (type != DATASET_TYPE_NOTSET && set->type != type) {
438  SCLogError(SC_ERR_DATASET, "dataset %s already "
439  "exists and is of type %u",
440  set->name, set->type);
442  return NULL;
443  }
444 
445  if ((save == NULL || strlen(save) == 0) &&
446  (load == NULL || strlen(load) == 0)) {
447  // OK, rule keyword doesn't have to set state/load,
448  // even when yaml set has set it.
449  } else {
450  if ((save == NULL && strlen(set->save) > 0) ||
451  (save != NULL && strcmp(set->save, save) != 0)) {
452  SCLogError(SC_ERR_DATASET, "dataset %s save mismatch: %s != %s",
453  set->name, set->save, save);
455  return NULL;
456  }
457  if ((load == NULL && strlen(set->load) > 0) ||
458  (load != NULL && strcmp(set->load, load) != 0)) {
459  SCLogError(SC_ERR_DATASET, "dataset %s load mismatch: %s != %s",
460  set->name, set->load, load);
462  return NULL;
463  }
464  }
465 
467  return set;
468  } else {
469  if (type == DATASET_TYPE_NOTSET) {
470  SCLogError(SC_ERR_DATASET, "dataset %s not defined", name);
471  goto out_err;
472  }
473  }
474 
475  set = DatasetAlloc(name);
476  if (set == NULL) {
477  goto out_err;
478  }
479 
480  strlcpy(set->name, name, sizeof(set->name));
481  set->type = type;
482  if (save && strlen(save)) {
483  strlcpy(set->save, save, sizeof(set->save));
484  SCLogDebug("name %s save '%s'", name, set->save);
485  }
486  if (load && strlen(load)) {
487  strlcpy(set->load, load, sizeof(set->load));
488  SCLogDebug("set \'%s\' loading \'%s\' from \'%s\'", set->name, load, set->load);
489  }
490 
491  char cnf_name[128];
492  snprintf(cnf_name, sizeof(cnf_name), "datasets.%s.hash", name);
493 
494  GetDefaultMemcap(&default_memcap, &default_hashsize);
495  switch (type) {
496  case DATASET_TYPE_MD5:
497  set->hash = THashInit(cnf_name, sizeof(Md5Type), Md5StrSet, Md5StrFree, Md5StrHash,
498  Md5StrCompare, load != NULL ? 1 : 0, memcap > 0 ? memcap : default_memcap,
499  hashsize > 0 ? hashsize : default_hashsize);
500  if (set->hash == NULL)
501  goto out_err;
502  if (DatasetLoadMd5(set) < 0)
503  goto out_err;
504  break;
505  case DATASET_TYPE_STRING:
506  set->hash = THashInit(cnf_name, sizeof(StringType), StringSet, StringFree, StringHash,
507  StringCompare, load != NULL ? 1 : 0, memcap > 0 ? memcap : default_memcap,
508  hashsize > 0 ? hashsize : default_hashsize);
509  if (set->hash == NULL)
510  goto out_err;
511  if (DatasetLoadString(set) < 0)
512  goto out_err;
513  break;
514  case DATASET_TYPE_SHA256:
515  set->hash = THashInit(cnf_name, sizeof(Sha256Type), Sha256StrSet, Sha256StrFree,
516  Sha256StrHash, Sha256StrCompare, load != NULL ? 1 : 0,
517  memcap > 0 ? memcap : default_memcap,
518  hashsize > 0 ? hashsize : default_hashsize);
519  if (set->hash == NULL)
520  goto out_err;
521  if (DatasetLoadSha256(set) < 0)
522  goto out_err;
523  break;
524  }
525 
526  SCLogDebug("set %p/%s type %u save %s load %s",
527  set, set->name, set->type, set->save, set->load);
528 
529  set->next = sets;
530  sets = set;
531 
533  return set;
534 out_err:
535  if (set) {
536  if (set->hash) {
537  THashShutdown(set->hash);
538  }
539  SCFree(set);
540  }
542  return NULL;
543 }
544 
545 static bool DatasetIsStatic(const char *save, const char *load)
546 {
547  /* A set is static if it does not have any dynamic properties like
548  * save and/or state defined but has load defined.
549  * */
550  if ((load != NULL && strlen(load) > 0) &&
551  (save == NULL || strlen(save) == 0)) {
552  return true;
553  }
554  return false;
555 }
556 
557 void DatasetReload(void)
558 {
559  /* In order to reload the datasets, just mark the current sets as hidden
560  * and clean them up later.
561  * New datasets shall be created with the rule reload and do not require
562  * any intervention.
563  * */
565  Dataset *set = sets;
566  while (set) {
567  if (!DatasetIsStatic(set->save, set->load) || set->from_yaml == true) {
568  SCLogDebug("Not a static set, skipping %s", set->name);
569  set = set->next;
570  continue;
571  }
572  set->hidden = true;
573  SCLogDebug("Set %s at %p hidden successfully", set->name, set);
574  set = set->next;
575  }
577 }
578 
580 {
581  SCLogDebug("Post Reload Cleanup starting.. Hidden sets will be removed");
583  Dataset *cur = sets;
584  Dataset *prev = NULL;
585  while (cur) {
586  Dataset *next = cur->next;
587  if (cur->hidden == false) {
588  prev = cur;
589  cur = next;
590  continue;
591  }
592  // Delete the set in case it was hidden
593  if (prev != NULL) {
594  prev->next = next;
595  } else {
596  sets = next;
597  }
598  THashShutdown(cur->hash);
599  SCFree(cur);
600  cur = next;
601  }
603 }
604 
605 static void GetDefaultMemcap(uint64_t *memcap, uint32_t *hashsize)
606 {
607  const char *str = NULL;
608  if (ConfGetValue("datasets.defaults.memcap", &str) == 1) {
609  if (ParseSizeStringU64(str, memcap) < 0) {
611  "memcap value cannot be deduced: %s,"
612  " resetting to default",
613  str);
614  *memcap = 0;
615  }
616  }
617  if (ConfGetValue("datasets.defaults.hashsize", &str) == 1) {
618  if (ParseSizeStringU32(str, hashsize) < 0) {
620  "hashsize value cannot be deduced: %s,"
621  " resetting to default",
622  str);
623  *hashsize = 0;
624  }
625  }
626 }
627 
628 int DatasetsInit(void)
629 {
630  SCLogDebug("datasets start");
631  int n = 0;
632  ConfNode *datasets = ConfGetNode("datasets");
633  uint64_t default_memcap = 0;
634  uint32_t default_hashsize = 0;
635  GetDefaultMemcap(&default_memcap, &default_hashsize);
636  if (datasets != NULL) {
637  int list_pos = 0;
638  ConfNode *iter = NULL;
639  TAILQ_FOREACH(iter, &datasets->head, next) {
640  if (iter->name == NULL) {
641  list_pos++;
642  continue;
643  }
644 
645  char save[PATH_MAX] = "";
646  char load[PATH_MAX] = "";
647  uint64_t memcap = 0;
648  uint32_t hashsize = 0;
649 
650  const char *set_name = iter->name;
651  if (strlen(set_name) > DATASET_NAME_MAX_LEN) {
652  FatalError(SC_ERR_CONF_NAME_TOO_LONG, "set name '%s' too long, max %d chars",
653  set_name, DATASET_NAME_MAX_LEN);
654  }
655 
656  ConfNode *set_type =
657  ConfNodeLookupChild(iter, "type");
658  if (set_type == NULL) {
659  list_pos++;
660  continue;
661  }
662 
663  ConfNode *set_save =
664  ConfNodeLookupChild(iter, "state");
665  if (set_save) {
666  DatasetGetPath(set_save->val, save, sizeof(save), TYPE_STATE);
667  strlcpy(load, save, sizeof(load));
668  } else {
669  ConfNode *set_load =
670  ConfNodeLookupChild(iter, "load");
671  if (set_load) {
672  DatasetGetPath(set_load->val, load, sizeof(load), TYPE_LOAD);
673  }
674  }
675 
676  ConfNode *set_memcap = ConfNodeLookupChild(iter, "memcap");
677  if (set_memcap) {
678  if (ParseSizeStringU64(set_memcap->val, &memcap) < 0) {
680  "memcap value cannot be"
681  " deduced: %s, resetting to default",
682  set_memcap->val);
683  memcap = 0;
684  }
685  }
686  ConfNode *set_hashsize = ConfNodeLookupChild(iter, "hashsize");
687  if (set_hashsize) {
688  if (ParseSizeStringU32(set_hashsize->val, &hashsize) < 0) {
690  "hashsize value cannot be"
691  " deduced: %s, resetting to default",
692  set_hashsize->val);
693  hashsize = 0;
694  }
695  }
696  char conf_str[1024];
697  snprintf(conf_str, sizeof(conf_str), "datasets.%d.%s", list_pos, set_name);
698 
699  SCLogDebug("(%d) set %s type %s. Conf %s", n, set_name, set_type->val, conf_str);
700 
701  if (strcmp(set_type->val, "md5") == 0) {
702  Dataset *dset = DatasetGet(set_name, DATASET_TYPE_MD5, save, load,
703  memcap > 0 ? memcap : default_memcap,
704  hashsize > 0 ? hashsize : default_hashsize);
705  if (dset == NULL)
706  FatalError(SC_ERR_FATAL, "failed to setup dataset for %s", set_name);
707  SCLogDebug("dataset %s: id %d type %s", set_name, n, set_type->val);
708  dset->from_yaml = true;
709  n++;
710 
711  } else if (strcmp(set_type->val, "sha256") == 0) {
712  Dataset *dset = DatasetGet(set_name, DATASET_TYPE_SHA256, save, load,
713  memcap > 0 ? memcap : default_memcap,
714  hashsize > 0 ? hashsize : default_hashsize);
715  if (dset == NULL)
716  FatalError(SC_ERR_FATAL, "failed to setup dataset for %s", set_name);
717  SCLogDebug("dataset %s: id %d type %s", set_name, n, set_type->val);
718  dset->from_yaml = true;
719  n++;
720 
721  } else if (strcmp(set_type->val, "string") == 0) {
722  Dataset *dset = DatasetGet(set_name, DATASET_TYPE_STRING, save, load,
723  memcap > 0 ? memcap : default_memcap,
724  hashsize > 0 ? hashsize : default_hashsize);
725  if (dset == NULL)
726  FatalError(SC_ERR_FATAL, "failed to setup dataset for %s", set_name);
727  SCLogDebug("dataset %s: id %d type %s", set_name, n, set_type->val);
728  dset->from_yaml = true;
729  n++;
730  }
731 
732  list_pos++;
733  }
734  }
735  SCLogDebug("datasets done: %p", datasets);
736  return 0;
737 }
738 
739 void DatasetsDestroy(void)
740 {
741  SCLogDebug("destroying datasets: %p", sets);
743  Dataset *set = sets;
744  while (set) {
745  SCLogDebug("destroying set %s", set->name);
746  Dataset *next = set->next;
747  THashShutdown(set->hash);
748  SCFree(set);
749  set = next;
750  }
751  sets = NULL;
753  SCLogDebug("destroying datasets done: %p", sets);
754 }
755 
756 static int SaveCallback(void *ctx, const uint8_t *data, const uint32_t data_len)
757 {
758  FILE *fp = ctx;
759  //PrintRawDataFp(fp, data, data_len);
760  if (fp) {
761  return fwrite(data, data_len, 1, fp);
762  }
763  return 0;
764 }
765 
766 static int Md5AsAscii(const void *s, char *out, size_t out_size)
767 {
768  const Md5Type *md5 = s;
769  uint32_t x;
770  int i;
771  char str[256];
772  for (i = 0, x = 0; x < sizeof(md5->md5); x++) {
773  i += snprintf(&str[i], 255-i, "%02x", md5->md5[x]);
774  }
775  strlcat(out, str, out_size);
776  strlcat(out, "\n", out_size);
777  return strlen(out);
778 }
779 
780 static int Sha256AsAscii(const void *s, char *out, size_t out_size)
781 {
782  const Sha256Type *sha = s;
783  uint32_t x;
784  int i;
785  char str[256];
786  for (i = 0, x = 0; x < sizeof(sha->sha256); x++) {
787  i += snprintf(&str[i], 255-i, "%02x", sha->sha256[x]);
788  }
789  strlcat(out, str, out_size);
790  strlcat(out, "\n", out_size);
791  return strlen(out);
792 }
793 
794 void DatasetsSave(void)
795 {
796  SCLogDebug("saving datasets: %p", sets);
798  Dataset *set = sets;
799  while (set) {
800  if (strlen(set->save) == 0)
801  goto next;
802 
803  FILE *fp = fopen(set->save, "w");
804  if (fp == NULL)
805  goto next;
806 
807  SCLogDebug("dumping %s to %s", set->name, set->save);
808 
809  switch (set->type) {
810  case DATASET_TYPE_STRING:
811  THashWalk(set->hash, StringAsBase64, SaveCallback, fp);
812  break;
813  case DATASET_TYPE_MD5:
814  THashWalk(set->hash, Md5AsAscii, SaveCallback, fp);
815  break;
816  case DATASET_TYPE_SHA256:
817  THashWalk(set->hash, Sha256AsAscii, SaveCallback, fp);
818  break;
819  }
820 
821  fclose(fp);
822 
823  next:
824  set = set->next;
825  }
827 }
828 
829 static int DatasetLookupString(Dataset *set, const uint8_t *data, const uint32_t data_len)
830 {
831  if (set == NULL)
832  return -1;
833 
834  StringType lookup = { .ptr = (uint8_t *)data, .len = data_len, .rep.value = 0 };
835  THashData *rdata = THashLookupFromHash(set->hash, &lookup);
836  if (rdata) {
837  DatasetUnlockData(rdata);
838  return 1;
839  }
840  return 0;
841 }
842 
843 static DataRepResultType DatasetLookupStringwRep(Dataset *set,
844  const uint8_t *data, const uint32_t data_len, const DataRepType *rep)
845 {
846  DataRepResultType rrep = { .found = false, .rep = { .value = 0 }};
847 
848  if (set == NULL)
849  return rrep;
850 
851  StringType lookup = { .ptr = (uint8_t *)data, .len = data_len, .rep = *rep };
852  THashData *rdata = THashLookupFromHash(set->hash, &lookup);
853  if (rdata) {
854  StringType *found = rdata->data;
855  rrep.found = true;
856  rrep.rep = found->rep;
857  DatasetUnlockData(rdata);
858  return rrep;
859  }
860  return rrep;
861 }
862 
863 static int DatasetLookupMd5(Dataset *set, const uint8_t *data, const uint32_t data_len)
864 {
865  if (set == NULL)
866  return -1;
867 
868  if (data_len != 16)
869  return -1;
870 
871  Md5Type lookup = { .rep.value = 0 };
872  memcpy(lookup.md5, data, data_len);
873  THashData *rdata = THashLookupFromHash(set->hash, &lookup);
874  if (rdata) {
875  DatasetUnlockData(rdata);
876  return 1;
877  }
878  return 0;
879 }
880 
881 static DataRepResultType DatasetLookupMd5wRep(Dataset *set,
882  const uint8_t *data, const uint32_t data_len, const DataRepType *rep)
883 {
884  DataRepResultType rrep = { .found = false, .rep = { .value = 0 }};
885 
886  if (set == NULL)
887  return rrep;
888 
889  if (data_len != 16)
890  return rrep;
891 
892  Md5Type lookup = { .rep.value = 0};
893  memcpy(lookup.md5, data, data_len);
894  THashData *rdata = THashLookupFromHash(set->hash, &lookup);
895  if (rdata) {
896  Md5Type *found = rdata->data;
897  rrep.found = true;
898  rrep.rep = found->rep;
899  DatasetUnlockData(rdata);
900  return rrep;
901  }
902  return rrep;
903 }
904 
905 static int DatasetLookupSha256(Dataset *set, const uint8_t *data, const uint32_t data_len)
906 {
907  if (set == NULL)
908  return -1;
909 
910  if (data_len != 32)
911  return -1;
912 
913  Sha256Type lookup = { .rep.value = 0 };
914  memcpy(lookup.sha256, data, data_len);
915  THashData *rdata = THashLookupFromHash(set->hash, &lookup);
916  if (rdata) {
917  DatasetUnlockData(rdata);
918  return 1;
919  }
920  return 0;
921 }
922 
923 static DataRepResultType DatasetLookupSha256wRep(Dataset *set,
924  const uint8_t *data, const uint32_t data_len, const DataRepType *rep)
925 {
926  DataRepResultType rrep = { .found = false, .rep = { .value = 0 }};
927 
928  if (set == NULL)
929  return rrep;
930 
931  if (data_len != 32)
932  return rrep;
933 
934  Sha256Type lookup = { .rep.value = 0 };
935  memcpy(lookup.sha256, data, data_len);
936  THashData *rdata = THashLookupFromHash(set->hash, &lookup);
937  if (rdata) {
938  Sha256Type *found = rdata->data;
939  rrep.found = true;
940  rrep.rep = found->rep;
941  DatasetUnlockData(rdata);
942  return rrep;
943  }
944  return rrep;
945 }
946 
947 /**
948  * \brief see if \a data is part of the set
949  * \param set dataset
950  * \param data data to look up
951  * \param data_len length in bytes of \a data
952  * \retval -1 error
953  * \retval 0 not found
954  * \retval 1 found
955  */
956 int DatasetLookup(Dataset *set, const uint8_t *data, const uint32_t data_len)
957 {
958  if (set == NULL)
959  return -1;
960 
961  switch (set->type) {
962  case DATASET_TYPE_STRING:
963  return DatasetLookupString(set, data, data_len);
964  case DATASET_TYPE_MD5:
965  return DatasetLookupMd5(set, data, data_len);
966  case DATASET_TYPE_SHA256:
967  return DatasetLookupSha256(set, data, data_len);
968  }
969  return -1;
970 }
971 
972 DataRepResultType DatasetLookupwRep(Dataset *set, const uint8_t *data, const uint32_t data_len,
973  const DataRepType *rep)
974 {
975  DataRepResultType rrep = { .found = false, .rep = { .value = 0 }};
976  if (set == NULL)
977  return rrep;
978 
979  switch (set->type) {
980  case DATASET_TYPE_STRING:
981  return DatasetLookupStringwRep(set, data, data_len, rep);
982  case DATASET_TYPE_MD5:
983  return DatasetLookupMd5wRep(set, data, data_len, rep);
984  case DATASET_TYPE_SHA256:
985  return DatasetLookupSha256wRep(set, data, data_len, rep);
986  }
987  return rrep;
988 }
989 
990 /**
991  * \retval 1 data was added to the hash
992  * \retval 0 data was not added to the hash as it is already there
993  * \retval -1 failed to add data to the hash
994  */
995 static int DatasetAddString(Dataset *set, const uint8_t *data, const uint32_t data_len)
996 {
997  if (set == NULL)
998  return -1;
999 
1000  StringType lookup = { .ptr = (uint8_t *)data, .len = data_len,
1001  .rep.value = 0 };
1002  struct THashDataGetResult res = THashGetFromHash(set->hash, &lookup);
1003  if (res.data) {
1004  DatasetUnlockData(res.data);
1005  return res.is_new ? 1 : 0;
1006  }
1007  return -1;
1008 }
1009 
1010 /**
1011  * \retval 1 data was added to the hash
1012  * \retval 0 data was not added to the hash as it is already there
1013  * \retval -1 failed to add data to the hash
1014  */
1015 static int DatasetAddStringwRep(
1016  Dataset *set, const uint8_t *data, const uint32_t data_len, const DataRepType *rep)
1017 {
1018  if (set == NULL)
1019  return -1;
1020 
1021  StringType lookup = { .ptr = (uint8_t *)data, .len = data_len,
1022  .rep = *rep };
1023  struct THashDataGetResult res = THashGetFromHash(set->hash, &lookup);
1024  if (res.data) {
1025  DatasetUnlockData(res.data);
1026  return res.is_new ? 1 : 0;
1027  }
1028  return -1;
1029 }
1030 
1031 static int DatasetAddMd5(Dataset *set, const uint8_t *data, const uint32_t data_len)
1032 {
1033  if (set == NULL)
1034  return -1;
1035 
1036  if (data_len != 16)
1037  return -2;
1038 
1039  Md5Type lookup = { .rep.value = 0 };
1040  memcpy(lookup.md5, data, 16);
1041  struct THashDataGetResult res = THashGetFromHash(set->hash, &lookup);
1042  if (res.data) {
1043  DatasetUnlockData(res.data);
1044  return res.is_new ? 1 : 0;
1045  }
1046  return -1;
1047 }
1048 
1049 static int DatasetAddMd5wRep(
1050  Dataset *set, const uint8_t *data, const uint32_t data_len, const DataRepType *rep)
1051 {
1052  if (set == NULL)
1053  return -1;
1054 
1055  if (data_len != 16)
1056  return -2;
1057 
1058  Md5Type lookup = { .rep = *rep };
1059  memcpy(lookup.md5, data, 16);
1060  struct THashDataGetResult res = THashGetFromHash(set->hash, &lookup);
1061  if (res.data) {
1062  DatasetUnlockData(res.data);
1063  return res.is_new ? 1 : 0;
1064  }
1065  return -1;
1066 }
1067 
1068 static int DatasetAddSha256wRep(
1069  Dataset *set, const uint8_t *data, const uint32_t data_len, const DataRepType *rep)
1070 {
1071  if (set == NULL)
1072  return -1;
1073 
1074  if (data_len != 32)
1075  return -2;
1076 
1077  Sha256Type lookup = { .rep = *rep };
1078  memcpy(lookup.sha256, data, 32);
1079  struct THashDataGetResult res = THashGetFromHash(set->hash, &lookup);
1080  if (res.data) {
1081  DatasetUnlockData(res.data);
1082  return res.is_new ? 1 : 0;
1083  }
1084  return -1;
1085 }
1086 
1087 static int DatasetAddSha256(Dataset *set, const uint8_t *data, const uint32_t data_len)
1088 {
1089  if (set == NULL)
1090  return -1;
1091 
1092  if (data_len != 32)
1093  return -2;
1094 
1095  Sha256Type lookup = { .rep.value = 0 };
1096  memcpy(lookup.sha256, data, 32);
1097  struct THashDataGetResult res = THashGetFromHash(set->hash, &lookup);
1098  if (res.data) {
1099  DatasetUnlockData(res.data);
1100  return res.is_new ? 1 : 0;
1101  }
1102  return -1;
1103 }
1104 
1105 int DatasetAdd(Dataset *set, const uint8_t *data, const uint32_t data_len)
1106 {
1107  if (set == NULL)
1108  return -1;
1109 
1110  switch (set->type) {
1111  case DATASET_TYPE_STRING:
1112  return DatasetAddString(set, data, data_len);
1113  case DATASET_TYPE_MD5:
1114  return DatasetAddMd5(set, data, data_len);
1115  case DATASET_TYPE_SHA256:
1116  return DatasetAddSha256(set, data, data_len);
1117  }
1118  return -1;
1119 }
1120 
1121 static int DatasetAddwRep(Dataset *set, const uint8_t *data, const uint32_t data_len,
1122  DataRepType *rep)
1123 {
1124  if (set == NULL)
1125  return -1;
1126 
1127  switch (set->type) {
1128  case DATASET_TYPE_STRING:
1129  return DatasetAddStringwRep(set, data, data_len, rep);
1130  case DATASET_TYPE_MD5:
1131  return DatasetAddMd5wRep(set, data, data_len, rep);
1132  case DATASET_TYPE_SHA256:
1133  return DatasetAddSha256wRep(set, data, data_len, rep);
1134  }
1135  return -1;
1136 }
1137 
1138 /** \brief add serialized data to set
1139  * \retval int 1 added
1140  * \retval int 0 already in hash
1141  * \retval int -1 API error (not added)
1142  * \retval int -2 DATA error
1143  */
1144 int DatasetAddSerialized(Dataset *set, const char *string)
1145 {
1146  if (set == NULL)
1147  return -1;
1148 
1149  switch (set->type) {
1150  case DATASET_TYPE_STRING: {
1151  // coverity[alloc_strlen : FALSE]
1152  uint8_t decoded[strlen(string)];
1153  uint32_t len = DecodeBase64(decoded, (const uint8_t *)string, strlen(string), 1);
1154  if (len == 0) {
1155  return -2;
1156  }
1157 
1158  return DatasetAddString(set, decoded, len);
1159  }
1160  case DATASET_TYPE_MD5: {
1161  if (strlen(string) != 32)
1162  return -2;
1163  uint8_t hash[16];
1164  if (HexToRaw((const uint8_t *)string, 32, hash, sizeof(hash)) < 0)
1165  return -2;
1166  return DatasetAddMd5(set, hash, 16);
1167  }
1168  case DATASET_TYPE_SHA256: {
1169  if (strlen(string) != 64)
1170  return -2;
1171  uint8_t hash[32];
1172  if (HexToRaw((const uint8_t *)string, 64, hash, sizeof(hash)) < 0)
1173  return -2;
1174  return DatasetAddSha256(set, hash, 32);
1175  }
1176  }
1177  return -1;
1178 }
1179 
1180 /**
1181  * \retval 1 data was removed from the hash
1182  * \retval 0 data not removed (busy)
1183  * \retval -1 data not found
1184  */
1185 static int DatasetRemoveString(Dataset *set, const uint8_t *data, const uint32_t data_len)
1186 {
1187  if (set == NULL)
1188  return -1;
1189 
1190  StringType lookup = { .ptr = (uint8_t *)data, .len = data_len,
1191  .rep.value = 0 };
1192  return THashRemoveFromHash(set->hash, &lookup);
1193 }
1194 
1195 static int DatasetRemoveMd5(Dataset *set, const uint8_t *data, const uint32_t data_len)
1196 {
1197  if (set == NULL)
1198  return -1;
1199 
1200  if (data_len != 16)
1201  return -2;
1202 
1203  Md5Type lookup = { .rep.value = 0 };
1204  memcpy(lookup.md5, data, 16);
1205  return THashRemoveFromHash(set->hash, &lookup);
1206 }
1207 
1208 static int DatasetRemoveSha256(Dataset *set, const uint8_t *data, const uint32_t data_len)
1209 {
1210  if (set == NULL)
1211  return -1;
1212 
1213  if (data_len != 32)
1214  return -2;
1215 
1216  Sha256Type lookup = { .rep.value = 0 };
1217  memcpy(lookup.sha256, data, 32);
1218  return THashRemoveFromHash(set->hash, &lookup);
1219 }
1220 
1221 /** \brief remove serialized data from set
1222  * \retval int 1 removed
1223  * \retval int 0 found but busy (not removed)
1224  * \retval int -1 API error (not removed)
1225  * \retval int -2 DATA error */
1226 int DatasetRemoveSerialized(Dataset *set, const char *string)
1227 {
1228  if (set == NULL)
1229  return -1;
1230 
1231  switch (set->type) {
1232  case DATASET_TYPE_STRING: {
1233  // coverity[alloc_strlen : FALSE]
1234  uint8_t decoded[strlen(string)];
1235  uint32_t len = DecodeBase64(decoded, (const uint8_t *)string, strlen(string), 1);
1236  if (len == 0) {
1237  return -2;
1238  }
1239 
1240  return DatasetRemoveString(set, decoded, len);
1241  }
1242  case DATASET_TYPE_MD5: {
1243  if (strlen(string) != 32)
1244  return -2;
1245  uint8_t hash[16];
1246  if (HexToRaw((const uint8_t *)string, 32, hash, sizeof(hash)) < 0)
1247  return -2;
1248  return DatasetRemoveMd5(set, hash, 16);
1249  }
1250  case DATASET_TYPE_SHA256: {
1251  if (strlen(string) != 64)
1252  return -2;
1253  uint8_t hash[32];
1254  if (HexToRaw((const uint8_t *)string, 64, hash, sizeof(hash)) < 0)
1255  return -2;
1256  return DatasetRemoveSha256(set, hash, 32);
1257  }
1258  }
1259  return -1;
1260 }
util-byte.h
SC_ERR_DATASET
@ SC_ERR_DATASET
Definition: util-error.h:355
sets_lock
SCMutex sets_lock
Definition: datasets.c:37
StringType::rep
DataRepType rep
Definition: datasets-string.h:31
len
uint8_t len
Definition: app-layer-dnp3.h:2
datasets-string.h
DataRepResultType::rep
DataRepType rep
Definition: datasets-reputation.h:33
THashDataGetResult::data
THashData * data
Definition: util-thash.h:206
datasets-md5.h
SC_ERR_INVALID_VALUE
@ SC_ERR_INVALID_VALUE
Definition: util-error.h:160
Dataset::name
char name[DATASET_NAME_MAX_LEN+1]
Definition: datasets.h:39
ConfNode_::val
char * val
Definition: conf.h:34
Dataset::id
uint32_t id
Definition: datasets.h:41
Dataset::save
char save[PATH_MAX]
Definition: datasets.h:47
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:298
ParseSizeStringU64
int ParseSizeStringU64(const char *size, uint64_t *res)
Definition: util-misc.c:200
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
datasets-sha256.h
THashRemoveFromHash
int THashRemoveFromHash(THashTableContext *ctx, void *data)
Definition: util-thash.c:774
TYPE_STATE
@ TYPE_STATE
Definition: datasets.c:374
Md5Type
Definition: datasets-md5.h:29
Dataset::hash
THashTableContext * hash
Definition: datasets.h:44
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:175
Sha256Type::sha256
uint8_t sha256[32]
Definition: datasets-sha256.h:30
Md5Type::rep
DataRepType rep
Definition: datasets-md5.h:31
DataRepResultType::found
bool found
Definition: datasets-reputation.h:32
Dataset::type
enum DatasetTypes type
Definition: datasets.h:40
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:253
THashConsolidateMemcap
void THashConsolidateMemcap(THashTableContext *ctx)
Definition: util-thash.c:338
SCMutexLock
#define SCMutexLock(mut)
Definition: threads-debug.h:117
util-base64.h
DATASET_TYPE_SHA256
@ DATASET_TYPE_SHA256
Definition: datasets.h:34
Sha256Type::rep
DataRepType rep
Definition: datasets-sha256.h:31
SCMUTEX_INITIALIZER
#define SCMUTEX_INITIALIZER
Definition: threads-debug.h:121
datasets-reputation.h
DecodeBase64
uint32_t DecodeBase64(uint8_t *dest, const uint8_t *src, uint32_t len, int strict)
Decodes a base64-encoded string buffer into an ascii-encoded byte buffer.
Definition: util-base64.c:91
Md5Type::md5
uint8_t md5[16]
Definition: datasets-md5.h:30
SC_ERR_CONF_NAME_TOO_LONG
@ SC_ERR_CONF_NAME_TOO_LONG
Definition: util-error.h:275
hashsize
#define hashsize(n)
Definition: util-hash-lookup3.c:67
Md5StrCompare
bool Md5StrCompare(void *a, void *b)
Definition: datasets-md5.c:41
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
DataRepResultType
Definition: datasets-reputation.h:31
Md5StrHash
uint32_t Md5StrHash(void *s)
Definition: datasets-md5.c:49
DatasetGet
Dataset * DatasetGet(const char *name, enum DatasetTypes type, const char *save, const char *load, uint64_t memcap, uint32_t hashsize)
Definition: datasets.c:425
StringSet
int StringSet(void *dst, void *src)
Definition: datasets-string.c:61
datasets.h
TYPE_LOAD
@ TYPE_LOAD
Definition: datasets.c:375
type
uint8_t type
Definition: decode-icmpv4.h:0
DatasetAdd
int DatasetAdd(Dataset *set, const uint8_t *data, const uint32_t data_len)
Definition: datasets.c:1105
strlcat
size_t strlcat(char *, const char *src, size_t siz)
Definition: util-strlcatu.c:45
StringAsBase64
int StringAsBase64(const void *s, char *out, size_t out_size)
Definition: datasets-string.c:46
SCMutexUnlock
#define SCMutexUnlock(mut)
Definition: threads-debug.h:119
res
PoolThreadReserved res
Definition: stream-tcp-private.h:0
DATASET_TYPE_NOTSET
#define DATASET_TYPE_NOTSET
Definition: datasets.h:31
util-print.h
DatasetPostReloadCleanup
void DatasetPostReloadCleanup(void)
Definition: datasets.c:579
StringParseU16RangeCheck
int StringParseU16RangeCheck(uint16_t *res, int base, size_t len, const char *str, uint16_t min, uint16_t max)
Definition: util-byte.c:429
THashInit
THashTableContext * THashInit(const char *cnf_prefix, size_t data_size, int(*DataSet)(void *, void *), void(*DataFree)(void *), uint32_t(*DataHash)(void *), bool(*DataCompare)(void *, void *), bool reset_memcap, uint64_t memcap, uint32_t hashsize)
Definition: util-thash.c:294
Sha256StrSet
int Sha256StrSet(void *dst, void *src)
Definition: datasets-sha256.c:32
DatasetsDestroy
void DatasetsDestroy(void)
Definition: datasets.c:739
THashDataGetResult
Definition: util-thash.h:205
StringType
Definition: datasets-string.h:29
DatasetsSave
void DatasetsSave(void)
Definition: datasets.c:794
conf.h
DatasetLookup
int DatasetLookup(Dataset *set, const uint8_t *data, const uint32_t data_len)
see if data is part of the set
Definition: datasets.c:956
StringType::ptr
uint8_t * ptr
Definition: datasets-string.h:32
DatasetRemoveSerialized
int DatasetRemoveSerialized(Dataset *set, const char *string)
remove serialized data from set
Definition: datasets.c:1226
Sha256StrHash
uint32_t Sha256StrHash(void *s)
Definition: datasets-sha256.c:49
g_system
bool g_system
Definition: suricata.c:225
ConfNodeLookupChild
ConfNode * ConfNodeLookupChild(const ConfNode *node, const char *name)
Lookup a child configuration node by name.
Definition: conf.c:814
THashShutdown
void THashShutdown(THashTableContext *ctx)
shutdown the flow engine
Definition: util-thash.c:346
DatasetTypes
DatasetTypes
Definition: datasets.h:30
Dataset::next
struct Dataset * next
Definition: datasets.h:49
THashData_::data
void * data
Definition: util-thash.h:93
Sha256Type
Definition: datasets-sha256.h:29
Sha256StrFree
void Sha256StrFree(void *s)
Definition: datasets-sha256.c:61
THashData_
Definition: util-thash.h:86
suricata-common.h
StringHash
uint32_t StringHash(void *s)
Definition: datasets-string.c:88
DATASET_NAME_MAX_LEN
#define DATASET_NAME_MAX_LEN
Definition: datasets.h:37
ConfNode_::name
char * name
Definition: conf.h:33
PathIsAbsolute
int PathIsAbsolute(const char *path)
Check if a path is absolute.
Definition: util-path.c:45
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:257
Md5StrSet
int Md5StrSet(void *dst, void *src)
Definition: datasets-md5.c:32
StringCompare
bool StringCompare(void *a, void *b)
Definition: datasets-string.c:77
THashGetFromHash
struct THashDataGetResult THashGetFromHash(THashTableContext *ctx, void *data)
Definition: util-thash.c:529
FatalError
#define FatalError(x,...)
Definition: util-debug.h:532
THashLookupFromHash
THashData * THashLookupFromHash(THashTableContext *ctx, void *data)
look up data in the hash
Definition: util-thash.c:639
DataRepType::value
uint16_t value
Definition: datasets-reputation.h:28
ParseSizeStringU32
int ParseSizeStringU32(const char *size, uint32_t *res)
Definition: util-misc.c:183
THashDecrUsecnt
#define THashDecrUsecnt(h)
Definition: util-thash.h:171
DatasetFind
Dataset * DatasetFind(const char *name, enum DatasetTypes type)
look for set by name without creating it
Definition: datasets.c:411
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
DatasetsInit
int DatasetsInit(void)
Definition: datasets.c:628
str
#define str(s)
Definition: suricata-common.h:272
DatasetGetTypeFromString
enum DatasetTypes DatasetGetTypeFromString(const char *s)
Definition: datasets.c:52
THashWalk
int THashWalk(THashTableContext *ctx, THashFormatFunc FormatterFunc, THashOutputFunc OutputterFunc, void *output_ctx)
Walk the hash.
Definition: util-thash.c:380
SCLogWarning
#define SCLogWarning(err_code,...)
Macro used to log WARNING messages.
Definition: util-debug.h:244
SCFree
#define SCFree(p)
Definition: util-mem.h:61
ConfNode_
Definition: conf.h:32
SC_ERR_FATAL
@ SC_ERR_FATAL
Definition: util-error.h:203
Dataset::hidden
bool hidden
Definition: datasets.h:43
DatasetReload
void DatasetReload(void)
Definition: datasets.c:557
DatasetGetPathType
DatasetGetPathType
Definition: datasets.c:373
Sha256StrCompare
bool Sha256StrCompare(void *a, void *b)
Definition: datasets-sha256.c:41
DATASET_TYPE_MD5
@ DATASET_TYPE_MD5
Definition: datasets.h:33
DATASET_TYPE_STRING
@ DATASET_TYPE_STRING
Definition: datasets.h:32
ConfGetValue
int ConfGetValue(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:359
DatasetAddSerialized
int DatasetAddSerialized(Dataset *set, const char *string)
add serialized data to set
Definition: datasets.c:1144
Dataset
Definition: datasets.h:38
Dataset::from_yaml
bool from_yaml
Definition: datasets.h:42
util-misc.h
util-thash.h
Dataset::load
char load[PATH_MAX]
Definition: datasets.h:46
SC_ERR_INVALID_NUMERIC_VALUE
@ SC_ERR_INVALID_NUMERIC_VALUE
Definition: util-error.h:90
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
DataRepType
Definition: datasets-reputation.h:27
Md5StrFree
void Md5StrFree(void *s)
Definition: datasets-md5.c:61
SC_ERR_INVALID_HASH
@ SC_ERR_INVALID_HASH
Definition: util-error.h:319
SCMutex
#define SCMutex
Definition: threads-debug.h:114
StringFree
void StringFree(void *s)
Definition: datasets-string.c:102
ConfigGetDataDirectory
const char * ConfigGetDataDirectory()
Definition: util-conf.c:82
DatasetLookupwRep
DataRepResultType DatasetLookupwRep(Dataset *set, const uint8_t *data, const uint32_t data_len, const DataRepType *rep)
Definition: datasets.c:972