Go to the documentation of this file.
47 int ReadHashString(uint8_t *hash,
const char *
string,
const char *filename,
int line_no,
48 uint16_t expected_len)
50 if (strlen(
string) != expected_len) {
52 filename, line_no, expected_len);
57 for (x = 0, i = 0; i < expected_len; i+=2, x++) {
58 char buf[3] = { 0, 0, 0 };
62 long value = strtol(buf, NULL, 16);
63 if (value >= 0 && value <= 255)
64 hash[x] = (uint8_t)value;
67 filename, line_no, value);
88 int line_no, uint32_t
type)
103 uint16_t expected_len = (size * 2);
105 if (
ReadHashString(hash,
string, filename, line_no, expected_len) == 1) {
123 static int HashMatchHashTable(
ROHashTable *hash_table, uint8_t *hash,
126 void *ptr =
ROHashLookup(hash_table, hash, (uint16_t)hash_len);
160 match = HashMatchHashTable(filehash->
hash, file->
md5,
sizeof(file->
md5));
163 match = HashMatchHashTable(filehash->
hash, file->
sha1,
sizeof(file->
sha1));
166 match = HashMatchHashTable(filehash->
hash, file->
sha256,
sizeof(file->
sha256));
175 else if (match == 0) {
185 static const char *hexcodes =
"ABCDEFabcdef0123456789";
198 const char *
str, uint32_t
type)
202 char *filename = NULL;
203 char *rule_filename = NULL;
212 if (strlen(
str) &&
str[0] ==
'!') {
227 if (filehash->
hash == NULL) {
233 if (filename == NULL) {
238 if (rule_filename == NULL) {
242 char line[8192] =
"";
243 fp = fopen(filename,
"r");
247 char *dir = dirname(rule_filename);
250 snprintf(path,
sizeof(path),
"%s/%s", dir,
str);
251 fp = fopen(path,
"r");
254 "opening hash file %s: %s", path, strerror(errno));
269 while(fgets(line, (
int)
sizeof(line), fp) != NULL) {
270 size_t valid = 0,
len = strlen(line);
273 while (strchr(hexcodes, line[valid]) != NULL && valid++ <
len);
299 if (filehash != NULL)
303 if (filename != NULL)
305 if (rule_filename != NULL) {
324 uint32_t
type,
int list)
330 if (filehash == NULL)
340 sm->
ctx = (
void *)filehash;
359 if (filehash != NULL)
375 if (filehash->
hash != NULL)
#define FILE_SIG_NEED_SHA1
main detection engine ctx
int DetectFileHashSetup(DetectEngineCtx *de_ctx, Signature *s, const char *str, uint32_t type, int list)
this function is used to parse filemd5, filesha1 and filesha256 options
uint8_t sha1[SC_SHA1_LEN]
#define FILE_SIG_NEED_MD5
int ROHashInitFinalize(ROHashTable *table)
create final hash data structure
void DetectFileHashFree(DetectEngineCtx *de_ctx, void *ptr)
this function will free memory associated with DetectFileHashData
void * ROHashLookup(ROHashTable *table, void *data, uint16_t size)
int DetectFileHashMatch(DetectEngineThreadCtx *det_ctx, Flow *f, uint8_t flags, File *file, const Signature *s, const SigMatchCtx *m)
Match the specified file hash.
#define FILE_SIG_NEED_SHA256
uint32_t ROHashMemorySize(ROHashTable *table)
@ SC_ERR_OPENING_RULE_FILE
SigMatch * SigMatchAlloc(void)
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
ROHashTable * ROHashInit(uint8_t hash_bits, uint16_t item_size)
initialize a new rohash
int ROHashInitQueueValue(ROHashTable *table, void *value, uint16_t size)
Add a new value to the hash.
uint8_t sha256[SC_SHA256_LEN]
void ROHashFree(ROHashTable *table)
int LoadHashTable(ROHashTable *hash_table, const char *string, const char *filename, int line_no, uint32_t type)
Store a hash into the hash table.
a single match condition for a signature
#define FILE_SIG_NEED_FILE
char * DetectLoadCompleteSigPath(const DetectEngineCtx *de_ctx, const char *sig_file)
Create the path if default-rule-path was specified.
int ReadHashString(uint8_t *hash, const char *string, const char *filename, int line_no, uint16_t expected_len)
Read the bytes of a hash from an hexadecimal string.
void SigMatchAppendSMToList(Signature *s, SigMatch *new, int list)
Append a SigMatch to the list type.