suricata
Macros | Functions
reputation.c File Reference
#include "suricata-common.h"
#include "detect.h"
#include "reputation.h"
#include "threads.h"
#include "conf.h"
#include "util-byte.h"
#include "util-debug.h"
#include "util-error.h"
#include "util-ip.h"
#include "util-path.h"
#include "util-print.h"
#include "util-unittest.h"
#include "util-validate.h"
#include "util-radix4-tree.h"
#include "util-radix6-tree.h"
#include "tests/reputation.c"
Include dependency graph for reputation.c:

Go to the source code of this file.

Macros

#define SREP_SHORTNAME_LEN   32
 

Functions

 SC_ATOMIC_DECLARE (uint32_t, srep_eversion)
 
void SRepResetVersion (void)
 
int8_t SRepCIDRGetIPRepSrc (SRepCIDRTree *cidr_ctx, Packet *p, uint8_t cat, uint32_t version)
 
int8_t SRepCIDRGetIPRepDst (SRepCIDRTree *cidr_ctx, Packet *p, uint8_t cat, uint32_t version)
 
void SRepReloadComplete (void)
 Increment effective reputation version after a rule/reputation reload is complete. More...
 
void SRepFreeHostData (Host *h)
 
int SRepHostTimedOut (Host *h)
 Check if a Host is timed out wrt ip rep, meaning a new version is in place. More...
 
uint8_t SCSRepCatGetByShortname (const char *shortname)
 
int SRepLoadCatFileFromFD (FILE *fp)
 
int SRepLoadFileFromFD (SRepCIDRTree *cidr_ctx, FILE *fp)
 
int SRepInit (DetectEngineCtx *de_ctx)
 init reputation More...
 
void SRepDestroy (DetectEngineCtx *de_ctx)
 

Detailed Description

Author
Pablo Rincon Crespo pablo.nosp@m..rin.nosp@m.con.c.nosp@m.resp.nosp@m.o@gma.nosp@m.il.c.nosp@m.om
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t Original Idea by Matt Jonkman

IP Reputation Module, initial API for IPV4 and IPV6 feed

Definition in file reputation.c.

Macro Definition Documentation

◆ SREP_SHORTNAME_LEN

#define SREP_SHORTNAME_LEN   32

Definition at line 327 of file reputation.c.

Function Documentation

◆ SC_ATOMIC_DECLARE()

SC_ATOMIC_DECLARE ( uint32_t  ,
srep_eversion   
)

effective reputation version, atomic as the host time out code will use it to check if a host's reputation info is outdated.

◆ SCSRepCatGetByShortname()

uint8_t SCSRepCatGetByShortname ( const char *  shortname)

Definition at line 329 of file reputation.c.

References SREP_MAX_CATS.

◆ SRepCIDRGetIPRepDst()

int8_t SRepCIDRGetIPRepDst ( SRepCIDRTree cidr_ctx,
Packet p,
uint8_t  cat,
uint32_t  version 
)

Definition at line 147 of file reputation.c.

◆ SRepCIDRGetIPRepSrc()

int8_t SRepCIDRGetIPRepSrc ( SRepCIDRTree cidr_ctx,
Packet p,
uint8_t  cat,
uint32_t  version 
)

Definition at line 135 of file reputation.c.

◆ SRepDestroy()

void SRepDestroy ( DetectEngineCtx de_ctx)

Definition at line 649 of file reputation.c.

References de_ctx, SCRadix4TreeRelease(), SRepCIDRTree_::srep_ipv4_tree, SREP_MAX_CATS, and DetectEngineCtx_::srepCIDR_ctx.

Here is the call graph for this function:

◆ SRepFreeHostData()

void SRepFreeHostData ( Host h)

Definition at line 167 of file reputation.c.

References DEBUG_VALIDATE_BUG_ON, HostDecrUsecnt, Host_::iprep, SC_ATOMIC_GET, and SCFree.

Referenced by HostClearMemory().

Here is the caller graph for this function:

◆ SRepHostTimedOut()

int SRepHostTimedOut ( Host h)

Check if a Host is timed out wrt ip rep, meaning a new version is in place.

We clean up the old version here.

Parameters
hhost
Return values
0not timed out
1timed out

Definition at line 193 of file reputation.c.

References BUG_ON, and Host_::iprep.

◆ SRepInit()

int SRepInit ( DetectEngineCtx de_ctx)

init reputation

Parameters
de_ctxdetection engine ctx for tracking iprep version
Return values
0ok
-1error

If this function is called more than once, the category file is not reloaded.

Definition at line 566 of file reputation.c.

References de_ctx, SCCalloc, SCRadix4TreeInitialize(), SCRadix6TreeInitialize(), SRepCIDRTree_::srep_ipv4_tree, SRepCIDRTree_::srep_ipv6_tree, SREP_MAX_CATS, and DetectEngineCtx_::srepCIDR_ctx.

Here is the call graph for this function:

◆ SRepLoadCatFileFromFD()

int SRepLoadCatFileFromFD ( FILE *  fp)

Definition at line 357 of file reputation.c.

References Address_::family.

◆ SRepLoadFileFromFD()

int SRepLoadFileFromFD ( SRepCIDRTree cidr_ctx,
FILE *  fp 
)

Definition at line 423 of file reputation.c.

References Address_::family, and len.

◆ SRepReloadComplete()

void SRepReloadComplete ( void  )

Increment effective reputation version after a rule/reputation reload is complete.

Definition at line 161 of file reputation.c.

References SC_ATOMIC_ADD, and SCLogDebug.

◆ SRepResetVersion()

void SRepResetVersion ( void  )

Definition at line 64 of file reputation.c.