49 int ReadHashString(uint8_t *hash,
const char *
string,
const char *filename,
int line_no,
50 uint16_t expected_len)
52 if (strlen(
string) != expected_len) {
54 filename, line_no, expected_len);
59 for (x = 0, i = 0; i < expected_len; i+=2, x++) {
60 char buf[3] = { 0, 0, 0 };
64 long value = strtol(buf, NULL, 16);
65 if (value >= 0 && value <= 255)
66 hash[x] = (uint8_t)value;
69 filename, line_no, value);
90 int line_no, uint32_t
type)
105 uint16_t expected_len = (size * 2);
107 if (
ReadHashString(hash,
string, filename, line_no, expected_len) == 1) {
125 static int HashMatchHashTable(
ROHashTable *hash_table, uint8_t *hash,
128 void *ptr =
ROHashLookup(hash_table, hash, (uint16_t)hash_len);
162 match = HashMatchHashTable(filehash->
hash, file->md5,
sizeof(file->md5));
165 match = HashMatchHashTable(filehash->
hash, file->sha1,
sizeof(file->sha1));
168 match = HashMatchHashTable(filehash->
hash, file->sha256,
sizeof(file->sha256));
177 else if (match == 0) {
187 static const char *hexcodes =
"ABCDEFabcdef0123456789";
200 const char *
str, uint32_t type)
204 char *filename = NULL;
213 if (strlen(str) && str[0] ==
'!') {
228 if (filehash->
hash == NULL) {
234 if (filename == NULL) {
238 char line[8192] =
"";
239 fp = fopen(filename,
"r");
246 snprintf(path,
sizeof(path),
"%s/%s", dir, str);
247 fp = fopen(path,
"r");
250 "opening hash file %s: %s", path, strerror(errno));
265 while(fgets(line, (
int)
sizeof(line), fp) != NULL) {
266 size_t valid = 0,
len = strlen(line);
269 while (strchr(hexcodes, line[valid]) != NULL && valid++ <
len);
294 if (filehash != NULL)
298 if (filename != NULL)
316 uint32_t type,
int list)
321 filehash = DetectFileHashParse(de_ctx, str, type);
322 if (filehash == NULL)
332 sm->
ctx = (
void *)filehash;
351 if (filehash != NULL)
367 if (filehash->
hash != NULL)
int DetectFileHashMatch(DetectEngineThreadCtx *, Flow *, uint8_t, File *, const Signature *, const SigMatchCtx *)
uint32_t ROHashMemorySize(ROHashTable *table)
void DetectFileHashFree(void *)
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
main detection engine ctx
void * ROHashLookup(ROHashTable *table, void *data, uint16_t size)
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
ROHashTable * ROHashInit(uint8_t hash_bits, uint16_t item_size)
initialize a new rohash
int ReadHashString(uint8_t *, const char *, const char *, int, uint16_t)
#define FILE_SIG_NEED_MD5
#define FILE_SIG_NEED_FILE
void SigMatchAppendSMToList(Signature *s, SigMatch *new, int list)
Append a SigMatch to the list type.
char * DetectLoadCompleteSigPath(const DetectEngineCtx *de_ctx, const char *sig_file)
Create the path if default-rule-path was specified.
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
int ROHashInitFinalize(ROHashTable *table)
create final hash data structure
void ROHashFree(ROHashTable *table)
#define FILE_SIG_NEED_SHA1
int LoadHashTable(ROHashTable *, const char *, const char *, int, uint32_t)
#define FILE_SIG_NEED_SHA256
int DetectFileHashSetup(DetectEngineCtx *, Signature *, const char *, uint32_t, int)
SigMatch * SigMatchAlloc(void)
int ROHashInitQueueValue(ROHashTable *table, void *value, uint16_t size)
Add a new value to the hash.
a single match condition for a signature