Go to the documentation of this file.
50 static uint32_t srep_version = 0;
52 static uint32_t SRepIncrVersion(
void)
54 return ++srep_version;
57 static uint32_t SRepGetVersion(
void)
67 static uint32_t SRepGetEffectiveVersion(
void)
72 static void SRepCIDRFreeUserData(
void *data)
80 static void SRepCIDRAddNetblock(
SRepCIDRTree *cidr_ctx,
char *ip,
int cat, uint8_t value)
84 FatalError(
"Error allocating memory. Exiting");
87 user_data->
version = SRepGetVersion();
88 user_data->
rep[cat] = value;
90 if (strchr(ip,
':') != NULL) {
94 SCLogDebug(
"Error initializing Reputation IPV6 with CIDR module for cat %d", cat);
97 SCLogDebug(
"Reputation IPV6 with CIDR module for cat %d initialized", cat);
111 SCLogDebug(
"Error initializing Reputation IPV4 with CIDR module for cat %d", cat);
114 SCLogDebug(
"Reputation IPV4 with CIDR module for cat %d initialized", cat);
126 static uint8_t SRepCIDRGetIPv4IPRep(
SRepCIDRTree *cidr_ctx, uint8_t *ipv4_addr, uint8_t cat)
128 void *user_data = NULL;
130 if (user_data == NULL)
137 static uint8_t SRepCIDRGetIPv6IPRep(
SRepCIDRTree *cidr_ctx, uint8_t *ipv6_addr, uint8_t cat)
139 void *user_data = NULL;
141 if (user_data == NULL)
177 SCLogDebug(
"effective Reputation version %u", SRepGetEffectiveVersion());
190 static void SRepInitComplete(
void)
193 SCLogDebug(
"effective Reputation version %u", SRepGetEffectiveVersion());
210 if (h->
iprep == NULL)
213 uint32_t eversion = SRepGetEffectiveVersion();
216 SCLogDebug(
"host %p has reputation version %u, "
217 "effective version is %u", h, r->
version, eversion);
225 static int SRepCatSplitLine(
char *line, uint8_t *cat,
char *shortname,
size_t shortname_len)
227 size_t line_len = strlen(line);
228 char *ptrs[2] = {NULL,NULL};
231 char *origline = line;
233 while (i < (
int)line_len) {
234 if (line[i] ==
',' || line[i] ==
'\n' || line[i] ==
'\0' || i == (
int)(line_len - 1)) {
243 if (line >= origline + line_len)
245 if (strlen(line) == 0)
265 strlcpy(shortname, ptrs[1], shortname_len);
275 static int SRepSplitLine(
SRepCIDRTree *cidr_ctx,
char *line,
Address *ip, uint8_t *cat, uint8_t *value)
277 size_t line_len = strlen(line);
278 char *ptrs[3] = {NULL,NULL,NULL};
281 char *origline = line;
283 while (i < (
int)line_len) {
284 if (line[i] ==
',' || line[i] ==
'\n' || line[i] ==
'\r' || line[i] ==
'\0' ||
285 i == (
int)(line_len - 1)) {
294 if (line >= origline + line_len)
296 if (strlen(line) == 0)
311 if (strcmp(ptrs[0],
"ip") == 0)
321 if (strchr(ptrs[0],
'/') != NULL) {
322 SRepCIDRAddNetblock(cidr_ctx, ptrs[0], c, v);
325 if (inet_pton(AF_INET, ptrs[0], &ip->
address) == 1) {
327 }
else if (inet_pton(AF_INET6, ptrs[0], &ip->
address) == 1) {
340 #define SREP_SHORTNAME_LEN 32
347 if (strcmp(srep_cat_table[cat], shortname) == 0)
354 static int SRepLoadCatFile(
const char *filename)
357 FILE *fp = fopen(filename,
"r");
360 SCLogError(
"opening ip rep file %s: %s", filename, strerror(errno));
373 char line[8192] =
"";
375 memset(&a, 0x00,
sizeof(a));
377 memset(&srep_cat_table, 0x00,
sizeof(srep_cat_table));
379 BUG_ON(SRepGetVersion() > 0);
381 while(fgets(line, (
int)
sizeof(line), fp) != NULL) {
382 size_t len = strlen(line);
387 if (line[0] ==
'\n' || line [0] ==
'\r' || line[0] ==
' ' || line[0] ==
'#' || line[0] ==
'\t')
390 while (isspace((
unsigned char)line[--
len]));
397 if (line[
len - 1] ==
'\n' || line[
len - 1] ==
'\r') {
398 line[
len - 1] =
'\0';
403 if (SRepCatSplitLine(line, &cat, shortname,
sizeof(shortname)) == 0) {
413 if (strlen(srep_cat_table[i]) == 0)
415 SCLogDebug(
"CAT %d, name %s", i, srep_cat_table[i]);
420 static int SRepLoadFile(
SRepCIDRTree *cidr_ctx,
char *filename)
423 FILE *fp = fopen(filename,
"r");
426 SCLogError(
"opening ip rep file %s: %s", filename, strerror(errno));
440 char line[8192] =
"";
442 while(fgets(line, (
int)
sizeof(line), fp) != NULL) {
443 size_t len = strlen(line);
448 if (line[0] ==
'\n' || line [0] ==
'\r' || line[0] ==
' ' || line[0] ==
'#' || line[0] ==
'\t')
451 while (isspace((
unsigned char)line[--
len]));
458 if (line[
len - 1] ==
'\n' || line[
len - 1] ==
'\r') {
459 line[
len - 1] =
'\0';
463 memset(&a, 0x00,
sizeof(a));
466 uint8_t cat = 0, value = 0;
467 int r = SRepSplitLine(cidr_ctx, line, &a, &cat, &value);
471 if (a.
family == AF_INET) {
483 SCLogError(
"failed to get a host, increase host.memcap");
488 if (h->
iprep == NULL) {
490 if (h->
iprep != NULL) {
494 if (h->
iprep != NULL) {
499 if (rep->
version != SRepGetVersion()) {
503 rep->
version = SRepGetVersion();
504 rep->
rep[cat] = value;
506 SCLogDebug(
"host %p iprep %p setting cat %u to value %u",
507 h, h->
iprep, cat, value);
512 if (rep->
rep[i] == 0)
515 SCLogDebug(
"--> host %p iprep %p cat %d to value %u",
535 static char *SRepCompleteFilePath(
char *file)
537 const char *defaultpath = NULL;
542 if (
ConfGet(
"default-reputation-path", &defaultpath) == 1) {
544 size_t path_len =
sizeof(char) * (strlen(defaultpath) +
549 strlcpy(path, defaultpath, path_len);
550 #if defined OS_WIN32 || defined __CYGWIN__
551 if (path[strlen(path) - 1] !=
'\\')
552 strlcat(path,
"\\\\", path_len);
554 if (path[strlen(path) - 1] !=
'/')
585 const char *filename = NULL;
599 if (SRepGetVersion() == 0) {
605 (void)
ConfGet(
"reputation-categories-file", &filename);
607 if (filename == NULL && files == NULL) {
618 if (filename == NULL) {
619 SCLogError(
"\"reputation-categories-file\" not set");
625 if (SRepLoadCatFile(filename) < 0) {
627 "categories file %s",
639 char *sfile = SRepCompleteFilePath(file->
val);
641 SCLogInfo(
"Loading reputation file: %s", sfile);
643 int r = SRepLoadFile(cidr_ctx, sfile);
#define SREP_SHORTNAME_LEN
bool SCRadixAddKeyIPV6String(const char *str, SCRadixTree *tree, void *user)
Adds a new IPV6/netblock to the Radix tree from a string.
uint8_t rep[SREP_MAX_CATS]
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
void SRepFreeHostData(Host *h)
uint8_t SRepCatGetByShortname(char *shortname)
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
struct HtpBodyChunk_ * next
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
void HostRelease(Host *h)
#define SC_ATOMIC_ADD(name, val)
add a value to our atomic variable
main detection engine ctx
Host * HostGetHostFromHash(Address *a)
SC_ATOMIC_DECLARE(uint32_t, srep_eversion)
#define TAILQ_FOREACH(var, head, field)
#define HostDecrUsecnt(h)
SCRadixNode * SCRadixFindKeyIPV4BestMatch(uint8_t *key_stream, SCRadixTree *tree, void **user_data_result)
Checks if an IPV4 address is present in the tree under a netblock.
SCRadixNode * SCRadixFindKeyIPV6BestMatch(uint8_t *key_stream, SCRadixTree *tree, void **user_data_result)
Checks if an IPV6 address is present in the tree under a netblock.
#define HostIncrUsecnt(h)
#define GET_IPV6_DST_ADDR(p)
bool SCRadixAddKeyIPV4String(const char *str, SCRadixTree *tree, void *user)
Adds a new IPV4/netblock to the Radix tree from a string.
size_t strlcpy(char *dst, const char *src, size_t siz)
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
#define GET_IPV4_DST_ADDR_PTR(p)
size_t strlcat(char *, const char *src, size_t siz)
void SCRadixReleaseRadixTree(SCRadixTree *tree)
Frees a Radix tree and all its nodes.
SRepCIDRTree * srepCIDR_ctx
int StringParseI32RangeCheck(int32_t *res, int base, size_t len, const char *str, int32_t min, int32_t max)
int SRepLoadCatFileFromFD(FILE *fp)
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
#define SCLogWarning(...)
Macro used to log WARNING messages.
SCRadixTree * SCRadixCreateRadixTree(void(*Free)(void *), void(*PrintData)(void *))
Creates a new Radix tree.
union Address_::@30 address
int SRepLoadFileFromFD(SRepCIDRTree *cidr_ctx, FILE *fp)
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
int StringParseU8RangeCheck(uint8_t *res, int base, size_t len, const char *str, uint8_t min, uint8_t max)
uint8_t SRepCIDRGetIPRepDst(SRepCIDRTree *cidr_ctx, Packet *p, uint8_t cat, uint32_t version)
void SRepReloadComplete(void)
Increment effective reputation version after a rule/reputation reload is complete.
int SRepHostTimedOut(Host *h)
Check if a Host is timed out wrt ip rep, meaning a new version is in place.
#define GET_IPV4_SRC_ADDR_PTR(p)
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
#define SCLogError(...)
Macro used to log ERROR messages.
#define GET_IPV6_SRC_ADDR(p)
int SRepInit(DetectEngineCtx *de_ctx)
init reputation
int PathIsRelative(const char *path)
Check if a path is relative.
void HostPrintStats(void)
print some host stats
thread_local SCError sc_errno
void SRepResetVersion(void)
SCRadixTree * srepIPV4_tree[SREP_MAX_CATS]
void SRepDestroy(DetectEngineCtx *de_ctx)
#define SC_ATOMIC_GET(name)
Get the value from the atomic variable.
int SCLogDebugEnabled(void)
Returns whether debug messages are enabled to be logged or not.
#define DEBUG_VALIDATE_BUG_ON(exp)
uint8_t SRepCIDRGetIPRepSrc(SRepCIDRTree *cidr_ctx, Packet *p, uint8_t cat, uint32_t version)
SCRadixTree * srepIPV6_tree[SREP_MAX_CATS]