suricata
reputation.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2019 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Pablo Rincon Crespo <pablo.rincon.crespo@gmail.com>
22  * \author Victor Julien <victor@inliniac.net>
23  * Original Idea by Matt Jonkman
24  *
25  * IP Reputation Module, initial API for IPV4 and IPV6 feed
26  */
27 
28 #include "suricata-common.h"
29 #include "detect.h"
30 #include "reputation.h"
31 #include "threads.h"
32 #include "conf.h"
33 
34 #include "util-byte.h"
35 #include "util-debug.h"
36 #include "util-error.h"
37 #include "util-ip.h"
38 #include "util-path.h"
39 #include "util-print.h"
40 #include "util-unittest.h"
41 #include "util-validate.h"
42 
43 /** effective reputation version, atomic as the host
44  * time out code will use it to check if a host's
45  * reputation info is outdated. */
46 SC_ATOMIC_DECLARE(uint32_t, srep_eversion);
47 /** reputation version set to the host's reputation,
48  * this will be set to 1 before rep files are loaded,
49  * so hosts will always have a minimal value of 1 */
50 static uint32_t srep_version = 0;
51 
52 static uint32_t SRepIncrVersion(void)
53 {
54  return ++srep_version;
55 }
56 
57 static uint32_t SRepGetVersion(void)
58 {
59  return srep_version;
60 }
61 
62 void SRepResetVersion(void)
63 {
64  srep_version = 0;
65 }
66 
67 static uint32_t SRepGetEffectiveVersion(void)
68 {
69  return SC_ATOMIC_GET(srep_eversion);
70 }
71 
72 static void SRepCIDRFreeUserData(void *data)
73 {
74  if (data != NULL)
75  SCFree(data);
76 
77  return;
78 }
79 
80 static void SRepCIDRAddNetblock(SRepCIDRTree *cidr_ctx, char *ip, int cat, uint8_t value)
81 {
82  SReputation *user_data = NULL;
83  if ((user_data = SCMalloc(sizeof(SReputation))) == NULL) {
84  FatalError("Error allocating memory. Exiting");
85  }
86  memset(user_data, 0x00, sizeof(SReputation));
87 
88  user_data->version = SRepGetVersion();
89  user_data->rep[cat] = value;
90 
91  if (strchr(ip, ':') != NULL) {
92  if (cidr_ctx->srepIPV6_tree[cat] == NULL) {
93  cidr_ctx->srepIPV6_tree[cat] = SCRadixCreateRadixTree(SRepCIDRFreeUserData, NULL);
94  if (cidr_ctx->srepIPV6_tree[cat] == NULL) {
95  SCLogDebug("Error initializing Reputation IPV6 with CIDR module for cat %d", cat);
96  exit(EXIT_FAILURE);
97  }
98  SCLogDebug("Reputation IPV6 with CIDR module for cat %d initialized", cat);
99  }
100 
101  SCLogDebug("adding ipv6 host %s", ip);
102  if (!SCRadixAddKeyIPV6String(ip, cidr_ctx->srepIPV6_tree[cat], (void *)user_data)) {
103  SCFree(user_data);
104  if (sc_errno != SC_EEXIST)
105  SCLogWarning("failed to add ipv6 host %s", ip);
106  }
107 
108  } else {
109  if (cidr_ctx->srepIPV4_tree[cat] == NULL) {
110  cidr_ctx->srepIPV4_tree[cat] = SCRadixCreateRadixTree(SRepCIDRFreeUserData, NULL);
111  if (cidr_ctx->srepIPV4_tree[cat] == NULL) {
112  SCLogDebug("Error initializing Reputation IPV4 with CIDR module for cat %d", cat);
113  exit(EXIT_FAILURE);
114  }
115  SCLogDebug("Reputation IPV4 with CIDR module for cat %d initialized", cat);
116  }
117 
118  SCLogDebug("adding ipv4 host %s", ip);
119  if (!SCRadixAddKeyIPV4String(ip, cidr_ctx->srepIPV4_tree[cat], (void *)user_data)) {
120  SCFree(user_data);
121  if (sc_errno != SC_EEXIST)
122  SCLogWarning("failed to add ipv4 host %s", ip);
123  }
124  }
125 }
126 
127 static uint8_t SRepCIDRGetIPv4IPRep(SRepCIDRTree *cidr_ctx, uint8_t *ipv4_addr, uint8_t cat)
128 {
129  void *user_data = NULL;
130  (void)SCRadixFindKeyIPV4BestMatch(ipv4_addr, cidr_ctx->srepIPV4_tree[cat], &user_data);
131  if (user_data == NULL)
132  return 0;
133 
134  SReputation *r = (SReputation *)user_data;
135  return r->rep[cat];
136 }
137 
138 static uint8_t SRepCIDRGetIPv6IPRep(SRepCIDRTree *cidr_ctx, uint8_t *ipv6_addr, uint8_t cat)
139 {
140  void *user_data = NULL;
141  (void)SCRadixFindKeyIPV6BestMatch(ipv6_addr, cidr_ctx->srepIPV6_tree[cat], &user_data);
142  if (user_data == NULL)
143  return 0;
144 
145  SReputation *r = (SReputation *)user_data;
146  return r->rep[cat];
147 }
148 
149 uint8_t SRepCIDRGetIPRepSrc(SRepCIDRTree *cidr_ctx, Packet *p, uint8_t cat, uint32_t version)
150 {
151  uint8_t rep = 0;
152 
153  if (PKT_IS_IPV4(p))
154  rep = SRepCIDRGetIPv4IPRep(cidr_ctx, (uint8_t *)GET_IPV4_SRC_ADDR_PTR(p), cat);
155  else if (PKT_IS_IPV6(p))
156  rep = SRepCIDRGetIPv6IPRep(cidr_ctx, (uint8_t *)GET_IPV6_SRC_ADDR(p), cat);
157 
158  return rep;
159 }
160 
161 uint8_t SRepCIDRGetIPRepDst(SRepCIDRTree *cidr_ctx, Packet *p, uint8_t cat, uint32_t version)
162 {
163  uint8_t rep = 0;
164 
165  if (PKT_IS_IPV4(p))
166  rep = SRepCIDRGetIPv4IPRep(cidr_ctx, (uint8_t *)GET_IPV4_DST_ADDR_PTR(p), cat);
167  else if (PKT_IS_IPV6(p))
168  rep = SRepCIDRGetIPv6IPRep(cidr_ctx, (uint8_t *)GET_IPV6_DST_ADDR(p), cat);
169 
170  return rep;
171 }
172 
173 /** \brief Increment effective reputation version after
174  * a rule/reputation reload is complete. */
175 void SRepReloadComplete(void)
176 {
177  (void) SC_ATOMIC_ADD(srep_eversion, 1);
178  SCLogDebug("effective Reputation version %u", SRepGetEffectiveVersion());
179 }
180 
181 void SRepFreeHostData(Host *h)
182 {
183  SCFree(h->iprep);
184  h->iprep = NULL;
185  DEBUG_VALIDATE_BUG_ON(SC_ATOMIC_GET(h->use_cnt) != 1);
186  HostDecrUsecnt(h);
187 }
188 
189 /** \brief Set effective reputation version after
190  * reputation initialization is complete. */
191 static void SRepInitComplete(void)
192 {
193  (void) SC_ATOMIC_SET(srep_eversion, 1);
194  SCLogDebug("effective Reputation version %u", SRepGetEffectiveVersion());
195 }
196 
197 /** \brief Check if a Host is timed out wrt ip rep, meaning a new
198  * version is in place.
199  *
200  * We clean up the old version here.
201  *
202  * \param h host
203  *
204  * \retval 0 not timed out
205  * \retval 1 timed out
206  */
207 int SRepHostTimedOut(Host *h)
208 {
209  BUG_ON(h == NULL);
210 
211  if (h->iprep == NULL)
212  return 1;
213 
214  uint32_t eversion = SRepGetEffectiveVersion();
215  SReputation *r = h->iprep;
216  if (r->version < eversion) {
217  SCLogDebug("host %p has reputation version %u, "
218  "effective version is %u", h, r->version, eversion);
219  SRepFreeHostData(h);
220  return 1;
221  }
222 
223  return 0;
224 }
225 
226 static int SRepCatSplitLine(char *line, uint8_t *cat, char *shortname, size_t shortname_len)
227 {
228  size_t line_len = strlen(line);
229  char *ptrs[2] = {NULL,NULL};
230  int i = 0;
231  int idx = 0;
232  char *origline = line;
233 
234  while (i < (int)line_len) {
235  if (line[i] == ',' || line[i] == '\n' || line[i] == '\0' || i == (int)(line_len - 1)) {
236  line[i] = '\0';
237 
238  ptrs[idx] = line;
239  idx++;
240 
241  line += (i+1);
242  i = 0;
243 
244  if (line >= origline + line_len)
245  break;
246  if (strlen(line) == 0)
247  break;
248  if (idx == 2)
249  break;
250  } else {
251  i++;
252  }
253  }
254 
255  if (idx != 2) {
256  return -1;
257  }
258 
259  SCLogDebug("%s, %s", ptrs[0], ptrs[1]);
260 
261  int c;
262  if (StringParseI32RangeCheck(&c, 10, 0, (const char *)ptrs[0], 0, SREP_MAX_CATS - 1) < 0)
263  return -1;
264 
265  *cat = (uint8_t)c;
266  strlcpy(shortname, ptrs[1], shortname_len);
267  return 0;
268 
269 }
270 
271 /**
272  * \retval 0 valid
273  * \retval 1 header
274  * \retval -1 bad line
275  */
276 static int SRepSplitLine(SRepCIDRTree *cidr_ctx, char *line, Address *ip, uint8_t *cat, uint8_t *value)
277 {
278  size_t line_len = strlen(line);
279  char *ptrs[3] = {NULL,NULL,NULL};
280  int i = 0;
281  int idx = 0;
282  char *origline = line;
283 
284  while (i < (int)line_len) {
285  if (line[i] == ',' || line[i] == '\n' || line[i] == '\r' || line[i] == '\0' ||
286  i == (int)(line_len - 1)) {
287  line[i] = '\0';
288 
289  ptrs[idx] = line;
290  idx++;
291 
292  line += (i+1);
293  i = 0;
294 
295  if (line >= origline + line_len)
296  break;
297  if (strlen(line) == 0)
298  break;
299  if (idx == 3)
300  break;
301  } else {
302  i++;
303  }
304  }
305 
306  if (idx != 3) {
307  return -1;
308  }
309 
310  //SCLogInfo("%s, %s, %s", ptrs[0], ptrs[1], ptrs[2]);
311 
312  if (strcmp(ptrs[0], "ip") == 0)
313  return 1;
314 
315  uint8_t c, v;
316  if (StringParseU8RangeCheck(&c, 10, 0, (const char *)ptrs[1], 0, SREP_MAX_CATS - 1) < 0)
317  return -1;
318 
319  if (StringParseU8RangeCheck(&v, 10, 0, (const char *)ptrs[2], 0, SREP_MAX_VAL) < 0)
320  return -1;
321 
322  if (strchr(ptrs[0], '/') != NULL) {
323  SRepCIDRAddNetblock(cidr_ctx, ptrs[0], c, v);
324  return 1;
325  } else {
326  if (inet_pton(AF_INET, ptrs[0], &ip->address) == 1) {
327  ip->family = AF_INET;
328  } else if (inet_pton(AF_INET6, ptrs[0], &ip->address) == 1) {
329  ip->family = AF_INET6;
330  } else {
331  return -1;
332  }
333 
334  *cat = c;
335  *value = v;
336  }
337 
338  return 0;
339 }
340 
341 #define SREP_SHORTNAME_LEN 32
342 static char srep_cat_table[SREP_MAX_CATS][SREP_SHORTNAME_LEN];
343 
344 uint8_t SRepCatGetByShortname(char *shortname)
345 {
346  uint8_t cat;
347  for (cat = 0; cat < SREP_MAX_CATS; cat++) {
348  if (strcmp(srep_cat_table[cat], shortname) == 0)
349  return cat;
350  }
351 
352  return 0;
353 }
354 
355 static int SRepLoadCatFile(const char *filename)
356 {
357  int r = 0;
358  FILE *fp = fopen(filename, "r");
359 
360  if (fp == NULL) {
361  SCLogError("opening ip rep file %s: %s", filename, strerror(errno));
362  return -1;
363  }
364 
365  r = SRepLoadCatFileFromFD(fp);
366 
367  fclose(fp);
368  fp = NULL;
369  return r;
370 }
371 
372 int SRepLoadCatFileFromFD(FILE *fp)
373 {
374  char line[8192] = "";
375  Address a;
376  memset(&a, 0x00, sizeof(a));
377  a.family = AF_INET;
378  memset(&srep_cat_table, 0x00, sizeof(srep_cat_table));
379 
380  BUG_ON(SRepGetVersion() > 0);
381 
382  while(fgets(line, (int)sizeof(line), fp) != NULL) {
383  size_t len = strlen(line);
384  if (len == 0)
385  continue;
386 
387  /* ignore comments and empty lines */
388  if (line[0] == '\n' || line [0] == '\r' || line[0] == ' ' || line[0] == '#' || line[0] == '\t')
389  continue;
390 
391  while (isspace((unsigned char)line[--len]));
392 
393  /* Check if we have a trailing newline, and remove it */
394  len = strlen(line);
395  if (len == 0)
396  continue;
397 
398  if (line[len - 1] == '\n' || line[len - 1] == '\r') {
399  line[len - 1] = '\0';
400  }
401 
402  uint8_t cat = 0;
403  char shortname[SREP_SHORTNAME_LEN];
404  if (SRepCatSplitLine(line, &cat, shortname, sizeof(shortname)) == 0) {
405  strlcpy(srep_cat_table[cat], shortname, SREP_SHORTNAME_LEN);
406  } else {
407  SCLogError("bad line \"%s\"", line);
408  }
409  }
410 
411  SCLogDebug("IP Rep categories:");
412  int i;
413  for (i = 0; i < SREP_MAX_CATS; i++) {
414  if (strlen(srep_cat_table[i]) == 0)
415  continue;
416  SCLogDebug("CAT %d, name %s", i, srep_cat_table[i]);
417  }
418  return 0;
419 }
420 
421 static int SRepLoadFile(SRepCIDRTree *cidr_ctx, char *filename)
422 {
423  int r = 0;
424  FILE *fp = fopen(filename, "r");
425 
426  if (fp == NULL) {
427  SCLogError("opening ip rep file %s: %s", filename, strerror(errno));
428  return -1;
429  }
430 
431  r = SRepLoadFileFromFD(cidr_ctx, fp);
432 
433  fclose(fp);
434  fp = NULL;
435  return r;
436 
437 }
438 
439 int SRepLoadFileFromFD(SRepCIDRTree *cidr_ctx, FILE *fp)
440 {
441  char line[8192] = "";
442 
443  while(fgets(line, (int)sizeof(line), fp) != NULL) {
444  size_t len = strlen(line);
445  if (len == 0)
446  continue;
447 
448  /* ignore comments and empty lines */
449  if (line[0] == '\n' || line [0] == '\r' || line[0] == ' ' || line[0] == '#' || line[0] == '\t')
450  continue;
451 
452  while (isspace((unsigned char)line[--len]));
453 
454  /* Check if we have a trailing newline, and remove it */
455  len = strlen(line);
456  if (len == 0)
457  continue;
458 
459  if (line[len - 1] == '\n' || line[len - 1] == '\r') {
460  line[len - 1] = '\0';
461  }
462 
463  Address a;
464  memset(&a, 0x00, sizeof(a));
465  a.family = AF_INET;
466 
467  uint8_t cat = 0, value = 0;
468  int r = SRepSplitLine(cidr_ctx, line, &a, &cat, &value);
469  if (r < 0) {
470  SCLogError("bad line \"%s\"", line);
471  } else if (r == 0) {
472  if (a.family == AF_INET) {
473  char ipstr[16];
474  PrintInet(AF_INET, (const void *)&a.address, ipstr, sizeof(ipstr));
475  SCLogDebug("%s %u %u", ipstr, cat, value);
476  } else {
477  char ipstr[128];
478  PrintInet(AF_INET6, (const void *)&a.address, ipstr, sizeof(ipstr));
479  SCLogDebug("%s %u %u", ipstr, cat, value);
480  }
481 
482  Host *h = HostGetHostFromHash(&a);
483  if (h == NULL) {
484  SCLogError("failed to get a host, increase host.memcap");
485  break;
486  } else {
487  //SCLogInfo("host %p", h);
488 
489  if (h->iprep == NULL) {
490  h->iprep = SCMalloc(sizeof(SReputation));
491  if (h->iprep != NULL) {
492  memset(h->iprep, 0x00, sizeof(SReputation));
493 
494  HostIncrUsecnt(h);
495  }
496  }
497  if (h->iprep != NULL) {
498  SReputation *rep = h->iprep;
499 
500  /* if version is outdated, it's an older entry that we'll
501  * now replace. */
502  if (rep->version != SRepGetVersion()) {
503  memset(rep, 0x00, sizeof(SReputation));
504  }
505 
506  rep->version = SRepGetVersion();
507  rep->rep[cat] = value;
508 
509  SCLogDebug("host %p iprep %p setting cat %u to value %u",
510  h, h->iprep, cat, value);
511 #ifdef DEBUG
512  if (SCLogDebugEnabled()) {
513  int i;
514  for (i = 0; i < SREP_MAX_CATS; i++) {
515  if (rep->rep[i] == 0)
516  continue;
517 
518  SCLogDebug("--> host %p iprep %p cat %d to value %u",
519  h, h->iprep, i, rep->rep[i]);
520  }
521  }
522 #endif
523  }
524 
525  HostRelease(h);
526  }
527  }
528  }
529 
530  return 0;
531 }
532 
533 /**
534  * \brief Create the path if default-rule-path was specified
535  * \param sig_file The name of the file
536  * \retval str Pointer to the string path + sig_file
537  */
538 static char *SRepCompleteFilePath(char *file)
539 {
540  const char *defaultpath = NULL;
541  char *path = NULL;
542 
543  /* Path not specified */
544  if (PathIsRelative(file)) {
545  if (ConfGet("default-reputation-path", &defaultpath) == 1) {
546  SCLogDebug("Default path: %s", defaultpath);
547  size_t path_len = sizeof(char) * (strlen(defaultpath) +
548  strlen(file) + 2);
549  path = SCMalloc(path_len);
550  if (unlikely(path == NULL))
551  return NULL;
552  strlcpy(path, defaultpath, path_len);
553 #if defined OS_WIN32 || defined __CYGWIN__
554  if (path[strlen(path) - 1] != '\\')
555  strlcat(path, "\\\\", path_len);
556 #else
557  if (path[strlen(path) - 1] != '/')
558  strlcat(path, "/", path_len);
559 #endif
560  strlcat(path, file, path_len);
561  } else {
562  path = SCStrdup(file);
563  if (unlikely(path == NULL))
564  return NULL;
565  }
566  } else {
567  path = SCStrdup(file);
568  if (unlikely(path == NULL))
569  return NULL;
570  }
571  return path;
572 }
573 
574 /** \brief init reputation
575  *
576  * \param de_ctx detection engine ctx for tracking iprep version
577  *
578  * \retval 0 ok
579  * \retval -1 error
580  *
581  * If this function is called more than once, the category file
582  * is not reloaded.
583  */
584 int SRepInit(DetectEngineCtx *de_ctx)
585 {
586  ConfNode *files;
587  ConfNode *file = NULL;
588  const char *filename = NULL;
589  int init = 0;
590  int i = 0;
591 
592  de_ctx->srepCIDR_ctx = (SRepCIDRTree *)SCMalloc(sizeof(SRepCIDRTree));
593  if (de_ctx->srepCIDR_ctx == NULL)
594  exit(EXIT_FAILURE);
595  memset(de_ctx->srepCIDR_ctx, 0, sizeof(SRepCIDRTree));
596  SRepCIDRTree *cidr_ctx = de_ctx->srepCIDR_ctx;
597 
598  for (i = 0; i < SREP_MAX_CATS; i++) {
599  cidr_ctx->srepIPV4_tree[i] = NULL;
600  cidr_ctx->srepIPV6_tree[i] = NULL;
601  }
602 
603  if (SRepGetVersion() == 0) {
604  SC_ATOMIC_INIT(srep_eversion);
605  init = 1;
606  }
607 
608  /* if both settings are missing, we assume the user doesn't want ip rep */
609  (void)ConfGet("reputation-categories-file", &filename);
610  files = ConfGetNode("reputation-files");
611  if (filename == NULL && files == NULL) {
612  SCLogConfig("IP reputation disabled");
613  return 0;
614  }
615 
616  if (files == NULL) {
617  SCLogError("\"reputation-files\" not set");
618  return -1;
619  }
620 
621  if (init) {
622  if (filename == NULL) {
623  SCLogError("\"reputation-categories-file\" not set");
624  return -1;
625  }
626 
627  /* init even if we have reputation files, so that when we
628  * have a live reload, we have inited the cats */
629  if (SRepLoadCatFile(filename) < 0) {
630  SCLogError("failed to load reputation "
631  "categories file %s",
632  filename);
633  return -1;
634  }
635  }
636 
637  de_ctx->srep_version = SRepIncrVersion();
638  SCLogDebug("Reputation version %u", de_ctx->srep_version);
639 
640  /* ok, let's load reputation files from the general config */
641  if (files != NULL) {
642  TAILQ_FOREACH(file, &files->head, next) {
643  char *sfile = SRepCompleteFilePath(file->val);
644  if (sfile) {
645  SCLogInfo("Loading reputation file: %s", sfile);
646 
647  int r = SRepLoadFile(cidr_ctx, sfile);
648  if (r < 0){
649  if (de_ctx->failure_fatal) {
650  exit(EXIT_FAILURE);
651  }
652  }
653  SCFree(sfile);
654  }
655  }
656  }
657 
658  /* Set effective rep version.
659  * On live reload we will handle this after de_ctx has been swapped */
660  if (init) {
661  SRepInitComplete();
662  }
663 
664  HostPrintStats();
665  return 0;
666 }
667 
668 void SRepDestroy(DetectEngineCtx *de_ctx) {
669  if (de_ctx->srepCIDR_ctx != NULL) {
670  int i;
671  for (i = 0; i < SREP_MAX_CATS; i++) {
672  if (de_ctx->srepCIDR_ctx->srepIPV4_tree[i] != NULL) {
673  SCRadixReleaseRadixTree(de_ctx->srepCIDR_ctx->srepIPV4_tree[i]);
674  de_ctx->srepCIDR_ctx->srepIPV4_tree[i] = NULL;
675  }
676 
677  if (de_ctx->srepCIDR_ctx->srepIPV6_tree[i] != NULL) {
678  SCRadixReleaseRadixTree(de_ctx->srepCIDR_ctx->srepIPV6_tree[i]);
679  de_ctx->srepCIDR_ctx->srepIPV6_tree[i] = NULL;
680  }
681  }
682 
683  SCFree(de_ctx->srepCIDR_ctx);
684  de_ctx->srepCIDR_ctx = NULL;
685  }
686 }
687 
688 #ifdef UNITTESTS
689 #include "tests/reputation.c"
690 #endif
SREP_SHORTNAME_LEN
#define SREP_SHORTNAME_LEN
Definition: reputation.c:341
util-byte.h
SReputation_
Definition: reputation.h:40
len
uint8_t len
Definition: app-layer-dnp3.h:2
SREP_MAX_CATS
#define SREP_MAX_CATS
Definition: reputation.h:32
SCRadixAddKeyIPV6String
bool SCRadixAddKeyIPV6String(const char *str, SCRadixTree *tree, void *user)
Adds a new IPV6/netblock to the Radix tree from a string.
Definition: util-radix-tree.c:1072
SReputation_::rep
uint8_t rep[SREP_MAX_CATS]
Definition: reputation.h:42
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
Definition: util-atomic.h:315
SRepFreeHostData
void SRepFreeHostData(Host *h)
Definition: reputation.c:181
PKT_IS_IPV6
#define PKT_IS_IPV6(p)
Definition: decode.h:246
SRepCatGetByShortname
uint8_t SRepCatGetByShortname(char *shortname)
Definition: reputation.c:344
ConfNode_::val
char * val
Definition: conf.h:34
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SC_ATOMIC_SET
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
Definition: util-atomic.h:387
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:181
threads.h
HostRelease
void HostRelease(Host *h)
Definition: host.c:477
SC_ATOMIC_ADD
#define SC_ATOMIC_ADD(name, val)
add a value to our atomic variable
Definition: util-atomic.h:333
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:826
HostGetHostFromHash
Host * HostGetHostFromHash(Address *a)
Definition: host.c:502
SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(uint32_t, srep_eversion)
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:252
HostDecrUsecnt
#define HostDecrUsecnt(h)
Definition: host.h:114
DetectEngineCtx_::srep_version
uint32_t srep_version
Definition: detect.h:838
Address_
Definition: decode.h:115
SCRadixFindKeyIPV4BestMatch
SCRadixNode * SCRadixFindKeyIPV4BestMatch(uint8_t *key_stream, SCRadixTree *tree, void **user_data_result)
Checks if an IPV4 address is present in the tree under a netblock.
Definition: util-radix-tree.c:1599
SCRadixFindKeyIPV6BestMatch
SCRadixNode * SCRadixFindKeyIPV6BestMatch(uint8_t *key_stream, SCRadixTree *tree, void **user_data_result)
Checks if an IPV6 address is present in the tree under a netblock.
Definition: util-radix-tree.c:1657
HostIncrUsecnt
#define HostIncrUsecnt(h)
Definition: host.h:112
GET_IPV6_DST_ADDR
#define GET_IPV6_DST_ADDR(p)
Definition: decode.h:215
SCRadixAddKeyIPV4String
bool SCRadixAddKeyIPV4String(const char *str, SCRadixTree *tree, void *user)
Adds a new IPV4/netblock to the Radix tree from a string.
Definition: util-radix-tree.c:997
util-unittest.h
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
ConfGet
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:335
util-debug.h
SRepCIDRTree_
Definition: reputation.h:35
util-error.h
GET_IPV4_DST_ADDR_PTR
#define GET_IPV4_DST_ADDR_PTR(p)
Definition: decode.h:210
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
strlcat
size_t strlcat(char *, const char *src, size_t siz)
Definition: util-strlcatu.c:45
SCRadixReleaseRadixTree
void SCRadixReleaseRadixTree(SCRadixTree *tree)
Frees a Radix tree and all its nodes.
Definition: util-radix-tree.c:462
DetectEngineCtx_::srepCIDR_ctx
SRepCIDRTree * srepCIDR_ctx
Definition: detect.h:841
StringParseI32RangeCheck
int StringParseI32RangeCheck(int32_t *res, int base, size_t len, const char *str, int32_t min, int32_t max)
Definition: util-byte.c:716
SRepLoadCatFileFromFD
int SRepLoadCatFileFromFD(FILE *fp)
Definition: reputation.c:372
DetectEngineCtx_::failure_fatal
bool failure_fatal
Definition: detect.h:827
util-print.h
detect.h
util-ip.h
PrintInet
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
Definition: util-print.c:274
SCLogWarning
#define SCLogWarning(...)
Macro used to log WARNING messages.
Definition: util-debug.h:249
SCRadixCreateRadixTree
SCRadixTree * SCRadixCreateRadixTree(void(*Free)(void *), void(*PrintData)(void *))
Creates a new Radix tree.
Definition: util-radix-tree.c:424
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:295
Address_::address
union Address_::@30 address
Packet_
Definition: decode.h:430
conf.h
reputation.h
SRepLoadFileFromFD
int SRepLoadFileFromFD(SRepCIDRTree *cidr_ctx, FILE *fp)
Definition: reputation.c:439
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:224
StringParseU8RangeCheck
int StringParseU8RangeCheck(uint8_t *res, int base, size_t len, const char *str, uint8_t min, uint8_t max)
Definition: util-byte.c:462
SRepCIDRGetIPRepDst
uint8_t SRepCIDRGetIPRepDst(SRepCIDRTree *cidr_ctx, Packet *p, uint8_t cat, uint32_t version)
Definition: reputation.c:161
SRepReloadComplete
void SRepReloadComplete(void)
Increment effective reputation version after a rule/reputation reload is complete.
Definition: reputation.c:175
SRepHostTimedOut
int SRepHostTimedOut(Host *h)
Check if a Host is timed out wrt ip rep, meaning a new version is in place.
Definition: reputation.c:207
Host_::iprep
void * iprep
Definition: host.h:69
GET_IPV4_SRC_ADDR_PTR
#define GET_IPV4_SRC_ADDR_PTR(p)
Definition: decode.h:209
suricata-common.h
util-path.h
version
uint8_t version
Definition: decode-gre.h:1
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
FatalError
#define FatalError(...)
Definition: util-debug.h:502
SReputation_::version
uint32_t version
Definition: reputation.h:41
util-validate.h
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
SC_EEXIST
@ SC_EEXIST
Definition: util-error.h:32
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
GET_IPV6_SRC_ADDR
#define GET_IPV6_SRC_ADDR(p)
Definition: decode.h:214
SRepInit
int SRepInit(DetectEngineCtx *de_ctx)
init reputation
Definition: reputation.c:584
SCFree
#define SCFree(p)
Definition: util-mem.h:61
ConfNode_
Definition: conf.h:32
PathIsRelative
int PathIsRelative(const char *path)
Check if a path is relative.
Definition: util-path.c:69
HostPrintStats
void HostPrintStats(void)
print some host stats
Definition: host.c:293
sc_errno
thread_local SCError sc_errno
Definition: util-error.c:31
reputation.c
SREP_MAX_VAL
#define SREP_MAX_VAL
Definition: reputation.h:33
SRepResetVersion
void SRepResetVersion(void)
Definition: reputation.c:62
SRepCIDRTree_::srepIPV4_tree
SCRadixTree * srepIPV4_tree[SREP_MAX_CATS]
Definition: reputation.h:36
Address_::family
char family
Definition: decode.h:116
SRepDestroy
void SRepDestroy(DetectEngineCtx *de_ctx)
Definition: reputation.c:668
SC_ATOMIC_GET
#define SC_ATOMIC_GET(name)
Get the value from the atomic variable.
Definition: util-atomic.h:376
Host_
Definition: host.h:58
PKT_IS_IPV4
#define PKT_IS_IPV4(p)
Definition: decode.h:245
SCLogDebugEnabled
int SCLogDebugEnabled(void)
Returns whether debug messages are enabled to be logged or not.
Definition: util-debug.c:771
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition: util-validate.h:104
SRepCIDRGetIPRepSrc
uint8_t SRepCIDRGetIPRepSrc(SRepCIDRTree *cidr_ctx, Packet *p, uint8_t cat, uint32_t version)
Definition: reputation.c:149
SRepCIDRTree_::srepIPV6_tree
SCRadixTree * srepIPV6_tree[SREP_MAX_CATS]
Definition: reputation.h:37