suricata
reputation.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Pablo Rincon Crespo <pablo.rincon.crespo@gmail.com>
22  * \author Victor Julien <victor@inliniac.net>
23  * Original Idea by Matt Jonkman
24  *
25  * IP Reputation Module, initial API for IPV4 and IPV6 feed
26  */
27 
28 #include "suricata-common.h"
29 #include "detect.h"
30 #include "reputation.h"
31 #include "threads.h"
32 #include "conf.h"
33 
34 #include "util-byte.h"
35 #include "util-debug.h"
36 #include "util-error.h"
37 #include "util-ip.h"
38 #include "util-path.h"
39 #include "util-print.h"
40 #include "util-unittest.h"
41 #include "util-validate.h"
42 #include "util-radix4-tree.h"
43 #include "util-radix6-tree.h"
44 
45 /** effective reputation version, atomic as the host
46  * time out code will use it to check if a host's
47  * reputation info is outdated. */
48 SC_ATOMIC_DECLARE(uint32_t, srep_eversion);
49 /** reputation version set to the host's reputation,
50  * this will be set to 1 before rep files are loaded,
51  * so hosts will always have a minimal value of 1 */
52 static uint32_t srep_version = 0;
53 
54 static uint32_t SRepIncrVersion(void)
55 {
56  return ++srep_version;
57 }
58 
59 static uint32_t SRepGetVersion(void)
60 {
61  return srep_version;
62 }
63 
64 void SRepResetVersion(void)
65 {
66  srep_version = 0;
67 }
68 
69 static uint32_t SRepGetEffectiveVersion(void)
70 {
71  return SC_ATOMIC_GET(srep_eversion);
72 }
73 
74 static void SRepCIDRFreeUserData(void *data)
75 {
76  if (data != NULL)
77  SCFree(data);
78 }
79 
80 static SCRadix4Config iprep_radix4_config = { SRepCIDRFreeUserData, NULL };
81 static SCRadix6Config iprep_radix6_config = { SRepCIDRFreeUserData, NULL };
82 
83 static void SRepCIDRAddNetblock(SRepCIDRTree *cidr_ctx, char *ip, int cat, uint8_t value)
84 {
85  SReputation *user_data = NULL;
86  if ((user_data = SCCalloc(1, sizeof(SReputation))) == NULL) {
87  FatalError("Error allocating memory. Exiting");
88  }
89 
90  user_data->version = SRepGetVersion();
91  user_data->rep[cat] = value;
92 
93  if (strchr(ip, ':') != NULL) {
94  SCLogDebug("adding ipv6 host %s", ip);
96  &cidr_ctx->srep_ipv6_tree[cat], &iprep_radix6_config, ip, (void *)user_data)) {
97  SCFree(user_data);
98  if (sc_errno != SC_EEXIST)
99  SCLogWarning("failed to add ipv6 host %s", ip);
100  }
101 
102  } else {
103  SCLogDebug("adding ipv4 host %s", ip);
105  &cidr_ctx->srep_ipv4_tree[cat], &iprep_radix4_config, ip, (void *)user_data)) {
106  SCFree(user_data);
107  if (sc_errno != SC_EEXIST)
108  SCLogWarning("failed to add ipv4 host %s", ip);
109  }
110  }
111 }
112 
113 static int8_t SRepCIDRGetIPv4IPRep(SRepCIDRTree *cidr_ctx, uint8_t *ipv4_addr, uint8_t cat)
114 {
115  void *user_data = NULL;
116  (void)SCRadix4TreeFindBestMatch(&cidr_ctx->srep_ipv4_tree[cat], ipv4_addr, &user_data);
117  if (user_data == NULL)
118  return -1;
119 
120  SReputation *r = (SReputation *)user_data;
121  return r->rep[cat];
122 }
123 
124 static int8_t SRepCIDRGetIPv6IPRep(SRepCIDRTree *cidr_ctx, uint8_t *ipv6_addr, uint8_t cat)
125 {
126  void *user_data = NULL;
127  (void)SCRadix6TreeFindBestMatch(&cidr_ctx->srep_ipv6_tree[cat], ipv6_addr, &user_data);
128  if (user_data == NULL)
129  return -1;
130 
131  SReputation *r = (SReputation *)user_data;
132  return r->rep[cat];
133 }
134 
135 int8_t SRepCIDRGetIPRepSrc(SRepCIDRTree *cidr_ctx, Packet *p, uint8_t cat, uint32_t version)
136 {
137  int8_t rep = -3;
138 
139  if (PacketIsIPv4(p))
140  rep = SRepCIDRGetIPv4IPRep(cidr_ctx, (uint8_t *)GET_IPV4_SRC_ADDR_PTR(p), cat);
141  else if (PacketIsIPv6(p))
142  rep = SRepCIDRGetIPv6IPRep(cidr_ctx, (uint8_t *)GET_IPV6_SRC_ADDR(p), cat);
143 
144  return rep;
145 }
146 
147 int8_t SRepCIDRGetIPRepDst(SRepCIDRTree *cidr_ctx, Packet *p, uint8_t cat, uint32_t version)
148 {
149  int8_t rep = -3;
150 
151  if (PacketIsIPv4(p))
152  rep = SRepCIDRGetIPv4IPRep(cidr_ctx, (uint8_t *)GET_IPV4_DST_ADDR_PTR(p), cat);
153  else if (PacketIsIPv6(p))
154  rep = SRepCIDRGetIPv6IPRep(cidr_ctx, (uint8_t *)GET_IPV6_DST_ADDR(p), cat);
155 
156  return rep;
157 }
158 
159 /** \brief Increment effective reputation version after
160  * a rule/reputation reload is complete. */
162 {
163  (void) SC_ATOMIC_ADD(srep_eversion, 1);
164  SCLogDebug("effective Reputation version %u", SRepGetEffectiveVersion());
165 }
166 
168 {
169  SCFree(h->iprep);
170  h->iprep = NULL;
171  DEBUG_VALIDATE_BUG_ON(SC_ATOMIC_GET(h->use_cnt) != 1);
172  HostDecrUsecnt(h);
173 }
174 
175 /** \brief Set effective reputation version after
176  * reputation initialization is complete. */
177 static void SRepInitComplete(void)
178 {
179  (void) SC_ATOMIC_SET(srep_eversion, 1);
180  SCLogDebug("effective Reputation version %u", SRepGetEffectiveVersion());
181 }
182 
183 /** \brief Check if a Host is timed out wrt ip rep, meaning a new
184  * version is in place.
185  *
186  * We clean up the old version here.
187  *
188  * \param h host
189  *
190  * \retval 0 not timed out
191  * \retval 1 timed out
192  */
194 {
195  BUG_ON(h == NULL);
196 
197  if (h->iprep == NULL)
198  return 1;
199 
200  uint32_t eversion = SRepGetEffectiveVersion();
201  SReputation *r = h->iprep;
202  if (r->version < eversion) {
203  SCLogDebug("host %p has reputation version %u, "
204  "effective version is %u", h, r->version, eversion);
205  SRepFreeHostData(h);
206  return 1;
207  }
208 
209  return 0;
210 }
211 
212 static int SRepCatSplitLine(char *line, uint8_t *cat, char *shortname, size_t shortname_len)
213 {
214  size_t line_len = strlen(line);
215  char *ptrs[2] = {NULL,NULL};
216  int i = 0;
217  int idx = 0;
218  char *origline = line;
219 
220  while (i < (int)line_len) {
221  if (line[i] == ',' || line[i] == '\n' || line[i] == '\0' || i == (int)(line_len - 1)) {
222  line[i] = '\0';
223 
224  ptrs[idx] = line;
225  idx++;
226 
227  line += (i+1);
228  i = 0;
229 
230  if (line >= origline + line_len)
231  break;
232  if (strlen(line) == 0)
233  break;
234  if (idx == 2)
235  break;
236  } else {
237  i++;
238  }
239  }
240 
241  if (idx != 2) {
242  return -1;
243  }
244 
245  SCLogDebug("%s, %s", ptrs[0], ptrs[1]);
246 
247  int c;
248  if (StringParseI32RangeCheck(&c, 10, 0, (const char *)ptrs[0], 0, SREP_MAX_CATS - 1) < 0)
249  return -1;
250 
251  *cat = (uint8_t)c;
252  strlcpy(shortname, ptrs[1], shortname_len);
253  return 0;
254 }
255 
256 /**
257  * \retval 0 valid
258  * \retval 1 header
259  * \retval -1 bad line
260  */
261 static int SRepSplitLine(SRepCIDRTree *cidr_ctx, char *line, Address *ip, uint8_t *cat, uint8_t *value)
262 {
263  size_t line_len = strlen(line);
264  char *ptrs[3] = {NULL,NULL,NULL};
265  int i = 0;
266  int idx = 0;
267  char *origline = line;
268 
269  while (i < (int)line_len) {
270  if (line[i] == ',' || line[i] == '\n' || line[i] == '\r' || line[i] == '\0' ||
271  i == (int)(line_len - 1)) {
272  line[i] = '\0';
273 
274  ptrs[idx] = line;
275  idx++;
276 
277  line += (i+1);
278  i = 0;
279 
280  if (line >= origline + line_len)
281  break;
282  if (strlen(line) == 0)
283  break;
284  if (idx == 3)
285  break;
286  } else {
287  i++;
288  }
289  }
290 
291  if (idx != 3) {
292  return -1;
293  }
294 
295  //SCLogInfo("%s, %s, %s", ptrs[0], ptrs[1], ptrs[2]);
296 
297  if (strcmp(ptrs[0], "ip") == 0)
298  return 1;
299 
300  uint8_t c, v;
301  if (StringParseU8RangeCheck(&c, 10, 0, (const char *)ptrs[1], 0, SREP_MAX_CATS - 1) < 0)
302  return -1;
303 
304  if (StringParseU8RangeCheck(&v, 10, 0, (const char *)ptrs[2], 0, SREP_MAX_VAL) < 0)
305  return -1;
306 
307  if (strchr(ptrs[0], '/') != NULL) {
308  SRepCIDRAddNetblock(cidr_ctx, ptrs[0], c, v);
309  return 1;
310  } else {
311  if (inet_pton(AF_INET, ptrs[0], &ip->address) == 1) {
312  ip->family = AF_INET;
313  } else if (inet_pton(AF_INET6, ptrs[0], &ip->address) == 1) {
314  ip->family = AF_INET6;
315  } else {
316  return -1;
317  }
318 
319  *cat = c;
320  *value = v;
321  }
322 
323  return 0;
324 }
325 
326 #define SREP_SHORTNAME_LEN 32
327 static char srep_cat_table[SREP_MAX_CATS][SREP_SHORTNAME_LEN];
328 
329 uint8_t SRepCatGetByShortname(char *shortname)
330 {
331  uint8_t cat;
332  for (cat = 0; cat < SREP_MAX_CATS; cat++) {
333  if (strcmp(srep_cat_table[cat], shortname) == 0)
334  return cat;
335  }
336 
337  return 0;
338 }
339 
340 static int SRepLoadCatFile(const char *filename)
341 {
342  int r = 0;
343  FILE *fp = fopen(filename, "r");
344 
345  if (fp == NULL) {
346  SCLogError("opening ip rep file %s: %s", filename, strerror(errno));
347  return -1;
348  }
349 
350  r = SRepLoadCatFileFromFD(fp);
351 
352  fclose(fp);
353  fp = NULL;
354  return r;
355 }
356 
358 {
359  char line[8192] = "";
360  Address a;
361  memset(&a, 0x00, sizeof(a));
362  a.family = AF_INET;
363  memset(&srep_cat_table, 0x00, sizeof(srep_cat_table));
364 
365  BUG_ON(SRepGetVersion() > 0);
366 
367  while(fgets(line, (int)sizeof(line), fp) != NULL) {
368  size_t len = strlen(line);
369  if (len == 0)
370  continue;
371 
372  /* ignore comments and empty lines */
373  if (line[0] == '\n' || line [0] == '\r' || line[0] == ' ' || line[0] == '#' || line[0] == '\t')
374  continue;
375 
376  while (isspace((unsigned char)line[--len]));
377 
378  /* Check if we have a trailing newline, and remove it */
379  len = strlen(line);
380  if (len == 0)
381  continue;
382 
383  if (line[len - 1] == '\n' || line[len - 1] == '\r') {
384  line[len - 1] = '\0';
385  }
386 
387  uint8_t cat = 0;
388  char shortname[SREP_SHORTNAME_LEN];
389  if (SRepCatSplitLine(line, &cat, shortname, sizeof(shortname)) == 0) {
390  strlcpy(srep_cat_table[cat], shortname, SREP_SHORTNAME_LEN);
391  } else {
392  SCLogError("bad line \"%s\"", line);
393  }
394  }
395 
396  SCLogDebug("IP Rep categories:");
397  int i;
398  for (i = 0; i < SREP_MAX_CATS; i++) {
399  if (strlen(srep_cat_table[i]) == 0)
400  continue;
401  SCLogDebug("CAT %d, name %s", i, srep_cat_table[i]);
402  }
403  return 0;
404 }
405 
406 static int SRepLoadFile(SRepCIDRTree *cidr_ctx, char *filename)
407 {
408  int r = 0;
409  FILE *fp = fopen(filename, "r");
410 
411  if (fp == NULL) {
412  SCLogError("opening ip rep file %s: %s", filename, strerror(errno));
413  return -1;
414  }
415 
416  r = SRepLoadFileFromFD(cidr_ctx, fp);
417 
418  fclose(fp);
419  fp = NULL;
420  return r;
421 }
422 
423 int SRepLoadFileFromFD(SRepCIDRTree *cidr_ctx, FILE *fp)
424 {
425  char line[8192] = "";
426 
427  while(fgets(line, (int)sizeof(line), fp) != NULL) {
428  size_t len = strlen(line);
429  if (len == 0)
430  continue;
431 
432  /* ignore comments and empty lines */
433  if (line[0] == '\n' || line [0] == '\r' || line[0] == ' ' || line[0] == '#' || line[0] == '\t')
434  continue;
435 
436  while (isspace((unsigned char)line[--len]));
437 
438  /* Check if we have a trailing newline, and remove it */
439  len = strlen(line);
440  if (len == 0)
441  continue;
442 
443  if (line[len - 1] == '\n' || line[len - 1] == '\r') {
444  line[len - 1] = '\0';
445  }
446 
447  Address a;
448  memset(&a, 0x00, sizeof(a));
449  a.family = AF_INET;
450 
451  uint8_t cat = 0, value = 0;
452  int r = SRepSplitLine(cidr_ctx, line, &a, &cat, &value);
453  if (r < 0) {
454  SCLogError("bad line \"%s\"", line);
455  } else if (r == 0) {
456  if (a.family == AF_INET) {
457  char ipstr[16];
458  PrintInet(AF_INET, (const void *)&a.address, ipstr, sizeof(ipstr));
459  SCLogDebug("%s %u %u", ipstr, cat, value);
460  } else {
461  char ipstr[128];
462  PrintInet(AF_INET6, (const void *)&a.address, ipstr, sizeof(ipstr));
463  SCLogDebug("%s %u %u", ipstr, cat, value);
464  }
465 
466  Host *h = HostGetHostFromHash(&a);
467  if (h == NULL) {
468  SCLogError("failed to get a host, increase host.memcap");
469  break;
470  } else {
471  //SCLogInfo("host %p", h);
472 
473  if (h->iprep == NULL) {
474  h->iprep = SCCalloc(1, sizeof(SReputation));
475  if (h->iprep != NULL) {
476  HostIncrUsecnt(h);
477  }
478  }
479  if (h->iprep != NULL) {
480  SReputation *rep = h->iprep;
481 
482  /* if version is outdated, it's an older entry that we'll
483  * now replace. */
484  if (rep->version != SRepGetVersion()) {
485  memset(rep, 0x00, sizeof(SReputation));
486  }
487 
488  rep->version = SRepGetVersion();
489  rep->rep[cat] = value;
490 
491  SCLogDebug("host %p iprep %p setting cat %u to value %u",
492  h, h->iprep, cat, value);
493 #ifdef DEBUG
494  if (SCLogDebugEnabled()) {
495  int i;
496  for (i = 0; i < SREP_MAX_CATS; i++) {
497  if (rep->rep[i] == 0)
498  continue;
499 
500  SCLogDebug("--> host %p iprep %p cat %d to value %u",
501  h, h->iprep, i, rep->rep[i]);
502  }
503  }
504 #endif
505  }
506 
507  HostRelease(h);
508  }
509  }
510  }
511 
512  return 0;
513 }
514 
515 /**
516  * \brief Create the path if default-rule-path was specified
517  * \param sig_file The name of the file
518  * \retval str Pointer to the string path + sig_file
519  */
520 static char *SRepCompleteFilePath(char *file)
521 {
522  const char *defaultpath = NULL;
523  char *path = NULL;
524 
525  /* Path not specified */
526  if (PathIsRelative(file)) {
527  if (ConfGet("default-reputation-path", &defaultpath) == 1) {
528  SCLogDebug("Default path: %s", defaultpath);
529  size_t path_len = sizeof(char) * (strlen(defaultpath) +
530  strlen(file) + 2);
531  path = SCMalloc(path_len);
532  if (unlikely(path == NULL))
533  return NULL;
534  strlcpy(path, defaultpath, path_len);
535 #if defined OS_WIN32 || defined __CYGWIN__
536  if (path[strlen(path) - 1] != '\\')
537  strlcat(path, "\\\\", path_len);
538 #else
539  if (path[strlen(path) - 1] != '/')
540  strlcat(path, "/", path_len);
541 #endif
542  strlcat(path, file, path_len);
543  } else {
544  path = SCStrdup(file);
545  if (unlikely(path == NULL))
546  return NULL;
547  }
548  } else {
549  path = SCStrdup(file);
550  if (unlikely(path == NULL))
551  return NULL;
552  }
553  return path;
554 }
555 
556 /** \brief init reputation
557  *
558  * \param de_ctx detection engine ctx for tracking iprep version
559  *
560  * \retval 0 ok
561  * \retval -1 error
562  *
563  * If this function is called more than once, the category file
564  * is not reloaded.
565  */
567 {
568  ConfNode *files;
569  ConfNode *file = NULL;
570  const char *filename = NULL;
571  int init = 0;
572 
574  if (de_ctx->srepCIDR_ctx == NULL)
575  exit(EXIT_FAILURE);
576 
577  for (int i = 0; i < SREP_MAX_CATS; i++) {
580  }
581 
582  SRepCIDRTree *cidr_ctx = de_ctx->srepCIDR_ctx;
583 
584  if (SRepGetVersion() == 0) {
585  SC_ATOMIC_INIT(srep_eversion);
586  init = 1;
587  }
588 
589  /* if both settings are missing, we assume the user doesn't want ip rep */
590  (void)ConfGet("reputation-categories-file", &filename);
591  files = ConfGetNode("reputation-files");
592  if (filename == NULL && files == NULL) {
593  SCLogConfig("IP reputation disabled");
594  return 0;
595  }
596 
597  if (files == NULL) {
598  SCLogError("\"reputation-files\" not set");
599  return -1;
600  }
601 
602  if (init) {
603  if (filename == NULL) {
604  SCLogError("\"reputation-categories-file\" not set");
605  return -1;
606  }
607 
608  /* init even if we have reputation files, so that when we
609  * have a live reload, we have inited the cats */
610  if (SRepLoadCatFile(filename) < 0) {
611  SCLogError("failed to load reputation "
612  "categories file %s",
613  filename);
614  return -1;
615  }
616  }
617 
618  de_ctx->srep_version = SRepIncrVersion();
619  SCLogDebug("Reputation version %u", de_ctx->srep_version);
620 
621  /* ok, let's load reputation files from the general config */
622  if (files != NULL) {
623  TAILQ_FOREACH(file, &files->head, next) {
624  char *sfile = SRepCompleteFilePath(file->val);
625  if (sfile) {
626  SCLogInfo("Loading reputation file: %s", sfile);
627 
628  int r = SRepLoadFile(cidr_ctx, sfile);
629  if (r < 0){
630  if (de_ctx->failure_fatal) {
631  exit(EXIT_FAILURE);
632  }
633  }
634  SCFree(sfile);
635  }
636  }
637  }
638 
639  /* Set effective rep version.
640  * On live reload we will handle this after de_ctx has been swapped */
641  if (init) {
642  SRepInitComplete();
643  }
644 
645  HostPrintStats();
646  return 0;
647 }
648 
650 {
651  if (de_ctx->srepCIDR_ctx != NULL) {
652  for (int i = 0; i < SREP_MAX_CATS; i++) {
653  SCRadix4TreeRelease(&de_ctx->srepCIDR_ctx->srep_ipv4_tree[i], &iprep_radix4_config);
654  SCRadix6TreeRelease(&de_ctx->srepCIDR_ctx->srep_ipv6_tree[i], &iprep_radix6_config);
655  }
657  de_ctx->srepCIDR_ctx = NULL;
658  }
659 }
660 
661 #ifdef UNITTESTS
662 #include "tests/reputation.c"
663 #endif
SREP_SHORTNAME_LEN
#define SREP_SHORTNAME_LEN
Definition: reputation.c:326
util-byte.h
SReputation_
Definition: reputation.h:41
len
uint8_t len
Definition: app-layer-dnp3.h:2
SREP_MAX_CATS
#define SREP_MAX_CATS
Definition: reputation.h:33
SReputation_::rep
uint8_t rep[SREP_MAX_CATS]
Definition: reputation.h:43
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
Definition: util-atomic.h:314
SRepFreeHostData
void SRepFreeHostData(Host *h)
Definition: reputation.c:167
SRepCatGetByShortname
uint8_t SRepCatGetByShortname(char *shortname)
Definition: reputation.c:329
ConfNode_::val
char * val
Definition: conf.h:34
SCRadix6TreeFindBestMatch
SCRadix6Node * SCRadix6TreeFindBestMatch(const SCRadix6Tree *tree, const uint8_t *key, void **user_data)
Definition: util-radix6-tree.c:173
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SC_ATOMIC_SET
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
Definition: util-atomic.h:386
SCRadix4AddKeyIPV4String
bool SCRadix4AddKeyIPV4String(SCRadix4Tree *tree, const SCRadix4Config *config, const char *str, void *user)
Adds a new IPV4/netblock to the Radix4 tree from a string.
Definition: util-radix4-tree.c:227
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
SCRadix4TreeInitialize
SCRadix4Tree SCRadix4TreeInitialize(void)
Definition: util-radix4-tree.c:166
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:181
threads.h
SRepCIDRTree_::srep_ipv6_tree
SCRadix6Tree srep_ipv6_tree[SREP_MAX_CATS]
Definition: reputation.h:38
Address_::address
union Address_::@26 address
HostRelease
void HostRelease(Host *h)
Definition: host.c:461
SC_ATOMIC_ADD
#define SC_ATOMIC_ADD(name, val)
add a value to our atomic variable
Definition: util-atomic.h:332
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:843
HostGetHostFromHash
Host * HostGetHostFromHash(Address *a)
Definition: host.c:486
SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(uint32_t, srep_eversion)
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:252
HostDecrUsecnt
#define HostDecrUsecnt(h)
Definition: host.h:114
DetectEngineCtx_::srep_version
uint32_t srep_version
Definition: detect.h:855
Address_
Definition: decode.h:108
HostIncrUsecnt
#define HostIncrUsecnt(h)
Definition: host.h:112
GET_IPV6_DST_ADDR
#define GET_IPV6_DST_ADDR(p)
Definition: decode.h:200
util-unittest.h
SCRadix4TreeRelease
void SCRadix4TreeRelease(SCRadix4Tree *tree, const SCRadix4Config *config)
Definition: util-radix4-tree.c:172
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
ConfGet
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:335
util-debug.h
SRepCIDRTree_
Definition: reputation.h:36
util-error.h
GET_IPV4_DST_ADDR_PTR
#define GET_IPV4_DST_ADDR_PTR(p)
Definition: decode.h:195
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
strlcat
size_t strlcat(char *, const char *src, size_t siz)
Definition: util-strlcatu.c:45
DetectEngineCtx_::srepCIDR_ctx
SRepCIDRTree * srepCIDR_ctx
Definition: detect.h:858
StringParseI32RangeCheck
int StringParseI32RangeCheck(int32_t *res, int base, size_t len, const char *str, int32_t min, int32_t max)
Definition: util-byte.c:716
SRepLoadCatFileFromFD
int SRepLoadCatFileFromFD(FILE *fp)
Definition: reputation.c:357
DetectEngineCtx_::failure_fatal
bool failure_fatal
Definition: detect.h:844
util-print.h
detect.h
util-ip.h
PrintInet
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
Definition: util-print.c:230
SCLogWarning
#define SCLogWarning(...)
Macro used to log WARNING messages.
Definition: util-debug.h:249
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:300
Packet_
Definition: decode.h:475
conf.h
SRepCIDRTree_::srep_ipv4_tree
SCRadix4Tree srep_ipv4_tree[SREP_MAX_CATS]
Definition: reputation.h:37
reputation.h
SRepLoadFileFromFD
int SRepLoadFileFromFD(SRepCIDRTree *cidr_ctx, FILE *fp)
Definition: reputation.c:423
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:224
StringParseU8RangeCheck
int StringParseU8RangeCheck(uint8_t *res, int base, size_t len, const char *str, uint8_t min, uint8_t max)
Definition: util-byte.c:462
SRepReloadComplete
void SRepReloadComplete(void)
Increment effective reputation version after a rule/reputation reload is complete.
Definition: reputation.c:161
SRepHostTimedOut
int SRepHostTimedOut(Host *h)
Check if a Host is timed out wrt ip rep, meaning a new version is in place.
Definition: reputation.c:193
Host_::iprep
void * iprep
Definition: host.h:69
SRepCIDRGetIPRepSrc
int8_t SRepCIDRGetIPRepSrc(SRepCIDRTree *cidr_ctx, Packet *p, uint8_t cat, uint32_t version)
Definition: reputation.c:135
SCRadix6Config_
Definition: util-radix6-tree.h:69
GET_IPV4_SRC_ADDR_PTR
#define GET_IPV4_SRC_ADDR_PTR(p)
Definition: decode.h:194
SCRadix4Config_
Definition: util-radix4-tree.h:71
suricata-common.h
util-path.h
version
uint8_t version
Definition: decode-gre.h:1
util-radix4-tree.h
util-radix6-tree.h
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
FatalError
#define FatalError(...)
Definition: util-debug.h:502
SReputation_::version
uint32_t version
Definition: reputation.h:42
SCRadix4TreeFindBestMatch
SCRadix4Node * SCRadix4TreeFindBestMatch(const SCRadix4Tree *tree, const uint8_t *key, void **user_data)
Definition: util-radix4-tree.c:154
util-validate.h
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
SC_EEXIST
@ SC_EEXIST
Definition: util-error.h:32
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
GET_IPV6_SRC_ADDR
#define GET_IPV6_SRC_ADDR(p)
Definition: decode.h:199
SRepInit
int SRepInit(DetectEngineCtx *de_ctx)
init reputation
Definition: reputation.c:566
SCFree
#define SCFree(p)
Definition: util-mem.h:61
ConfNode_
Definition: conf.h:32
SRepCIDRGetIPRepDst
int8_t SRepCIDRGetIPRepDst(SRepCIDRTree *cidr_ctx, Packet *p, uint8_t cat, uint32_t version)
Definition: reputation.c:147
PathIsRelative
int PathIsRelative(const char *path)
Check if a path is relative.
Definition: util-path.c:69
HostPrintStats
void HostPrintStats(void)
print some host stats
Definition: host.c:284
sc_errno
thread_local SCError sc_errno
Definition: util-error.c:31
reputation.c
SREP_MAX_VAL
#define SREP_MAX_VAL
Definition: reputation.h:34
SRepResetVersion
void SRepResetVersion(void)
Definition: reputation.c:64
SCRadix6AddKeyIPV6String
bool SCRadix6AddKeyIPV6String(SCRadix6Tree *tree, const SCRadix6Config *config, const char *str, void *user)
Adds a new IPV6/netblock to the Radix6 tree from a string.
Definition: util-radix6-tree.c:262
SCRadix6TreeInitialize
SCRadix6Tree SCRadix6TreeInitialize(void)
Definition: util-radix6-tree.c:360
Address_::family
char family
Definition: decode.h:109
SCRadix6TreeRelease
void SCRadix6TreeRelease(SCRadix6Tree *tree, const SCRadix6Config *config)
Definition: util-radix6-tree.c:366
SRepDestroy
void SRepDestroy(DetectEngineCtx *de_ctx)
Definition: reputation.c:649
SC_ATOMIC_GET
#define SC_ATOMIC_GET(name)
Get the value from the atomic variable.
Definition: util-atomic.h:375
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
Host_
Definition: host.h:58
SCLogDebugEnabled
int SCLogDebugEnabled(void)
Returns whether debug messages are enabled to be logged or not.
Definition: util-debug.c:767
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition: util-validate.h:102