suricata
reputation.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2019 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Pablo Rincon Crespo <pablo.rincon.crespo@gmail.com>
22  * \author Victor Julien <victor@inliniac.net>
23  * Original Idea by Matt Jonkman
24  *
25  * IP Reputation Module, initial API for IPV4 and IPV6 feed
26  */
27 
28 #include "suricata-common.h"
29 #include "util-error.h"
30 #include "util-debug.h"
31 #include "util-byte.h"
32 #include "util-ip.h"
33 #include "util-radix-tree.h"
34 #include "util-unittest.h"
35 #include "threads.h"
36 #include "util-print.h"
37 #include "host.h"
38 #include "conf.h"
39 #include "detect.h"
40 #include "reputation.h"
41 
42 /** effective reputation version, atomic as the host
43  * time out code will use it to check if a host's
44  * reputation info is outdated. */
45 SC_ATOMIC_DECLARE(uint32_t, srep_eversion);
46 /** reputation version set to the host's reputation,
47  * this will be set to 1 before rep files are loaded,
48  * so hosts will always have a minial value of 1 */
49 static uint32_t srep_version = 0;
50 
51 static uint32_t SRepIncrVersion(void)
52 {
53  return ++srep_version;
54 }
55 
56 static uint32_t SRepGetVersion(void)
57 {
58  return srep_version;
59 }
60 
61 void SRepResetVersion(void)
62 {
63  srep_version = 0;
64 }
65 
66 static uint32_t SRepGetEffectiveVersion(void)
67 {
68  return SC_ATOMIC_GET(srep_eversion);
69 }
70 
71 static void SRepCIDRFreeUserData(void *data)
72 {
73  if (data != NULL)
74  SCFree(data);
75 
76  return;
77 }
78 
79 static void SRepCIDRAddNetblock(SRepCIDRTree *cidr_ctx, char *ip, int cat, int value)
80 {
81  SReputation *user_data = NULL;
82  if ((user_data = SCMalloc(sizeof(SReputation))) == NULL) {
83  FatalError(SC_ERR_FATAL, "Error allocating memory. Exiting");
84  }
85  memset(user_data, 0x00, sizeof(SReputation));
86 
87  user_data->version = SRepGetVersion();
88  user_data->rep[cat] = value;
89 
90  if (strchr(ip, ':') != NULL) {
91  if (cidr_ctx->srepIPV6_tree[cat] == NULL) {
92  cidr_ctx->srepIPV6_tree[cat] = SCRadixCreateRadixTree(SRepCIDRFreeUserData, NULL);
93  if (cidr_ctx->srepIPV6_tree[cat] == NULL) {
94  SCLogDebug("Error initializing Reputation IPV6 with CIDR module for cat %d", cat);
95  exit(EXIT_FAILURE);
96  }
97  SCLogDebug("Reputation IPV6 with CIDR module for cat %d initialized", cat);
98  }
99 
100  SCLogDebug("adding ipv6 host %s", ip);
101  if (SCRadixAddKeyIPV6String(ip, cidr_ctx->srepIPV6_tree[cat], (void *)user_data) == NULL) {
103  "failed to add ipv6 host %s", ip);
104  }
105 
106  } else {
107  if (cidr_ctx->srepIPV4_tree[cat] == NULL) {
108  cidr_ctx->srepIPV4_tree[cat] = SCRadixCreateRadixTree(SRepCIDRFreeUserData, NULL);
109  if (cidr_ctx->srepIPV4_tree[cat] == NULL) {
110  SCLogDebug("Error initializing Reputation IPV4 with CIDR module for cat %d", cat);
111  exit(EXIT_FAILURE);
112  }
113  SCLogDebug("Reputation IPV4 with CIDR module for cat %d initialized", cat);
114  }
115 
116  SCLogDebug("adding ipv4 host %s", ip);
117  if (SCRadixAddKeyIPV4String(ip, cidr_ctx->srepIPV4_tree[cat], (void *)user_data) == NULL) {
119  "failed to add ipv4 host %s", ip);
120  }
121  }
122 }
123 
124 static uint8_t SRepCIDRGetIPv4IPRep(SRepCIDRTree *cidr_ctx, uint8_t *ipv4_addr, uint8_t cat)
125 {
126  void *user_data = NULL;
127  (void)SCRadixFindKeyIPV4BestMatch(ipv4_addr, cidr_ctx->srepIPV4_tree[cat], &user_data);
128  if (user_data == NULL)
129  return 0;
130 
131  SReputation *r = (SReputation *)user_data;
132  return r->rep[cat];
133 }
134 
135 static uint8_t SRepCIDRGetIPv6IPRep(SRepCIDRTree *cidr_ctx, uint8_t *ipv6_addr, uint8_t cat)
136 {
137  void *user_data = NULL;
138  (void)SCRadixFindKeyIPV6BestMatch(ipv6_addr, cidr_ctx->srepIPV6_tree[cat], &user_data);
139  if (user_data == NULL)
140  return 0;
141 
142  SReputation *r = (SReputation *)user_data;
143  return r->rep[cat];
144 }
145 
146 uint8_t SRepCIDRGetIPRepSrc(SRepCIDRTree *cidr_ctx, Packet *p, uint8_t cat, uint32_t version)
147 {
148  uint8_t rep = 0;
149 
150  if (PKT_IS_IPV4(p))
151  rep = SRepCIDRGetIPv4IPRep(cidr_ctx, (uint8_t *)GET_IPV4_SRC_ADDR_PTR(p), cat);
152  else if (PKT_IS_IPV6(p))
153  rep = SRepCIDRGetIPv6IPRep(cidr_ctx, (uint8_t *)GET_IPV6_SRC_ADDR(p), cat);
154 
155  return rep;
156 }
157 
158 uint8_t SRepCIDRGetIPRepDst(SRepCIDRTree *cidr_ctx, Packet *p, uint8_t cat, uint32_t version)
159 {
160  uint8_t rep = 0;
161 
162  if (PKT_IS_IPV4(p))
163  rep = SRepCIDRGetIPv4IPRep(cidr_ctx, (uint8_t *)GET_IPV4_DST_ADDR_PTR(p), cat);
164  else if (PKT_IS_IPV6(p))
165  rep = SRepCIDRGetIPv6IPRep(cidr_ctx, (uint8_t *)GET_IPV6_DST_ADDR(p), cat);
166 
167  return rep;
168 }
169 
170 /** \brief Increment effective reputation version after
171  * a rule/reputatio reload is complete. */
173 {
174  (void) SC_ATOMIC_ADD(srep_eversion, 1);
175  SCLogDebug("effective Reputation version %u", SRepGetEffectiveVersion());
176 }
177 
178 /** \brief Set effective reputation version after
179  * reputation initialization is complete. */
180 static void SRepInitComplete(void)
181 {
182  (void) SC_ATOMIC_SET(srep_eversion, 1);
183  SCLogDebug("effective Reputation version %u", SRepGetEffectiveVersion());
184 }
185 
186 /** \brief Check if a Host is timed out wrt ip rep, meaning a new
187  * version is in place.
188  *
189  * We clean up the old version here.
190  *
191  * \param h host
192  *
193  * \retval 0 not timed out
194  * \retval 1 timed out
195  */
197 {
198  BUG_ON(h == NULL);
199 
200  if (h->iprep == NULL)
201  return 1;
202 
203  uint32_t eversion = SRepGetEffectiveVersion();
204  SReputation *r = h->iprep;
205  if (r->version < eversion) {
206  SCLogDebug("host %p has reputation version %u, "
207  "effective version is %u", h, r->version, eversion);
208 
209  SCFree(h->iprep);
210  h->iprep = NULL;
211 
212  HostDecrUsecnt(h);
213  return 1;
214  }
215 
216  return 0;
217 }
218 
219 static int SRepCatSplitLine(char *line, uint8_t *cat, char *shortname, size_t shortname_len)
220 {
221  size_t line_len = strlen(line);
222  char *ptrs[2] = {NULL,NULL};
223  int i = 0;
224  int idx = 0;
225  char *origline = line;
226 
227  while (i < (int)line_len) {
228  if (line[i] == ',' || line[i] == '\n' || line[i] == '\0' || i == (int)(line_len - 1)) {
229  line[i] = '\0';
230 
231  ptrs[idx] = line;
232  idx++;
233 
234  line += (i+1);
235  i = 0;
236 
237  if (line >= origline + line_len)
238  break;
239  if (strlen(line) == 0)
240  break;
241  if (idx == 2)
242  break;
243  } else {
244  i++;
245  }
246  }
247 
248  if (idx != 2) {
249  return -1;
250  }
251 
252  SCLogDebug("%s, %s", ptrs[0], ptrs[1]);
253 
254  int c;
255  if (StringParseI32RangeCheck(&c, 10, 0, (const char *)ptrs[0], 0, SREP_MAX_CATS - 1) < 0)
256  return -1;
257 
258  *cat = (uint8_t)c;
259  strlcpy(shortname, ptrs[1], shortname_len);
260  return 0;
261 
262 }
263 
264 /**
265  * \retval 0 valid
266  * \retval 1 header
267  * \retval -1 bad line
268  */
269 static int SRepSplitLine(SRepCIDRTree *cidr_ctx, char *line, Address *ip, uint8_t *cat, uint8_t *value)
270 {
271  size_t line_len = strlen(line);
272  char *ptrs[3] = {NULL,NULL,NULL};
273  int i = 0;
274  int idx = 0;
275  char *origline = line;
276 
277  while (i < (int)line_len) {
278  if (line[i] == ',' || line[i] == '\n' || line[i] == '\0' || i == (int)(line_len - 1)) {
279  line[i] = '\0';
280 
281  ptrs[idx] = line;
282  idx++;
283 
284  line += (i+1);
285  i = 0;
286 
287  if (line >= origline + line_len)
288  break;
289  if (strlen(line) == 0)
290  break;
291  if (idx == 3)
292  break;
293  } else {
294  i++;
295  }
296  }
297 
298  if (idx != 3) {
299  return -1;
300  }
301 
302  //SCLogInfo("%s, %s, %s", ptrs[0], ptrs[1], ptrs[2]);
303 
304  if (strcmp(ptrs[0], "ip") == 0)
305  return 1;
306 
307  int c, v;
308  if (StringParseI32RangeCheck(&c, 10, 0, (const char *)ptrs[1], 0, SREP_MAX_CATS - 1) < 0)
309  return -1;
310 
311  if (StringParseI32RangeCheck(&v, 10, 0, (const char *)ptrs[2], 0, SREP_MAX_VAL) < 0)
312  return -1;
313 
314  if (strchr(ptrs[0], '/') != NULL) {
315  SRepCIDRAddNetblock(cidr_ctx, ptrs[0], c, v);
316  return 1;
317  } else {
318  if (inet_pton(AF_INET, ptrs[0], &ip->address) == 1) {
319  ip->family = AF_INET;
320  } else if (inet_pton(AF_INET6, ptrs[0], &ip->address) == 1) {
321  ip->family = AF_INET6;
322  } else {
323  return -1;
324  }
325 
326  *cat = c;
327  *value = v;
328  }
329 
330  return 0;
331 }
332 
333 #define SREP_SHORTNAME_LEN 32
334 static char srep_cat_table[SREP_MAX_CATS][SREP_SHORTNAME_LEN];
335 
336 uint8_t SRepCatGetByShortname(char *shortname)
337 {
338  uint8_t cat;
339  for (cat = 0; cat < SREP_MAX_CATS; cat++) {
340  if (strcmp(srep_cat_table[cat], shortname) == 0)
341  return cat;
342  }
343 
344  return 0;
345 }
346 
347 static int SRepLoadCatFile(const char *filename)
348 {
349  int r = 0;
350  FILE *fp = fopen(filename, "r");
351 
352  if (fp == NULL) {
353  SCLogError(SC_ERR_OPENING_RULE_FILE, "opening ip rep file %s: %s", filename, strerror(errno));
354  return -1;
355  }
356 
357  r = SRepLoadCatFileFromFD(fp);
358 
359  fclose(fp);
360  fp = NULL;
361  return r;
362 }
363 
365 {
366  char line[8192] = "";
367  Address a;
368  memset(&a, 0x00, sizeof(a));
369  a.family = AF_INET;
370  memset(&srep_cat_table, 0x00, sizeof(srep_cat_table));
371 
372  BUG_ON(SRepGetVersion() > 0);
373 
374  while(fgets(line, (int)sizeof(line), fp) != NULL) {
375  size_t len = strlen(line);
376  if (len == 0)
377  continue;
378 
379  /* ignore comments and empty lines */
380  if (line[0] == '\n' || line [0] == '\r' || line[0] == ' ' || line[0] == '#' || line[0] == '\t')
381  continue;
382 
383  while (isspace((unsigned char)line[--len]));
384 
385  /* Check if we have a trailing newline, and remove it */
386  len = strlen(line);
387  if (len == 0)
388  continue;
389 
390  if (line[len - 1] == '\n' || line[len - 1] == '\r') {
391  line[len - 1] = '\0';
392  }
393 
394  uint8_t cat = 0;
395  char shortname[SREP_SHORTNAME_LEN];
396  if (SRepCatSplitLine(line, &cat, shortname, sizeof(shortname)) == 0) {
397  strlcpy(srep_cat_table[cat], shortname, SREP_SHORTNAME_LEN);
398  } else {
399  SCLogError(SC_ERR_NO_REPUTATION, "bad line \"%s\"", line);
400  }
401  }
402 
403  SCLogDebug("IP Rep categories:");
404  int i;
405  for (i = 0; i < SREP_MAX_CATS; i++) {
406  if (strlen(srep_cat_table[i]) == 0)
407  continue;
408  SCLogDebug("CAT %d, name %s", i, srep_cat_table[i]);
409  }
410  return 0;
411 }
412 
413 static int SRepLoadFile(SRepCIDRTree *cidr_ctx, char *filename)
414 {
415  int r = 0;
416  FILE *fp = fopen(filename, "r");
417 
418  if (fp == NULL) {
419  SCLogError(SC_ERR_OPENING_RULE_FILE, "opening ip rep file %s: %s", filename, strerror(errno));
420  return -1;
421  }
422 
423  r = SRepLoadFileFromFD(cidr_ctx, fp);
424 
425  fclose(fp);
426  fp = NULL;
427  return r;
428 
429 }
430 
431 int SRepLoadFileFromFD(SRepCIDRTree *cidr_ctx, FILE *fp)
432 {
433  char line[8192] = "";
434  Address a;
435  memset(&a, 0x00, sizeof(a));
436  a.family = AF_INET;
437 
438  while(fgets(line, (int)sizeof(line), fp) != NULL) {
439  size_t len = strlen(line);
440  if (len == 0)
441  continue;
442 
443  /* ignore comments and empty lines */
444  if (line[0] == '\n' || line [0] == '\r' || line[0] == ' ' || line[0] == '#' || line[0] == '\t')
445  continue;
446 
447  while (isspace((unsigned char)line[--len]));
448 
449  /* Check if we have a trailing newline, and remove it */
450  len = strlen(line);
451  if (len == 0)
452  continue;
453 
454  if (line[len - 1] == '\n' || line[len - 1] == '\r') {
455  line[len - 1] = '\0';
456  }
457 
458  uint8_t cat = 0, value = 0;
459  int r = SRepSplitLine(cidr_ctx, line, &a, &cat, &value);
460  if (r < 0) {
461  SCLogError(SC_ERR_NO_REPUTATION, "bad line \"%s\"", line);
462  } else if (r == 0) {
463  if (a.family == AF_INET) {
464  char ipstr[16];
465  PrintInet(AF_INET, (const void *)&a.address, ipstr, sizeof(ipstr));
466  SCLogDebug("%s %u %u", ipstr, cat, value);
467  } else {
468  char ipstr[128];
469  PrintInet(AF_INET6, (const void *)&a.address, ipstr, sizeof(ipstr));
470  SCLogDebug("%s %u %u", ipstr, cat, value);
471  }
472 
473  Host *h = HostGetHostFromHash(&a);
474  if (h == NULL) {
475  SCLogError(SC_ERR_NO_REPUTATION, "failed to get a host, increase host.memcap");
476  break;
477  } else {
478  //SCLogInfo("host %p", h);
479 
480  if (h->iprep == NULL) {
481  h->iprep = SCMalloc(sizeof(SReputation));
482  if (h->iprep != NULL) {
483  memset(h->iprep, 0x00, sizeof(SReputation));
484 
485  HostIncrUsecnt(h);
486  }
487  }
488  if (h->iprep != NULL) {
489  SReputation *rep = h->iprep;
490 
491  /* if version is outdated, it's an older entry that we'll
492  * now replace. */
493  if (rep->version != SRepGetVersion()) {
494  memset(rep, 0x00, sizeof(SReputation));
495  }
496 
497  rep->version = SRepGetVersion();
498  rep->rep[cat] = value;
499 
500  SCLogDebug("host %p iprep %p setting cat %u to value %u",
501  h, h->iprep, cat, value);
502 #ifdef DEBUG
503  if (SCLogDebugEnabled()) {
504  int i;
505  for (i = 0; i < SREP_MAX_CATS; i++) {
506  if (rep->rep[i] == 0)
507  continue;
508 
509  SCLogDebug("--> host %p iprep %p cat %d to value %u",
510  h, h->iprep, i, rep->rep[i]);
511  }
512  }
513 #endif
514  }
515 
516  HostRelease(h);
517  }
518  }
519  }
520 
521  return 0;
522 }
523 
524 /**
525  * \brief Create the path if default-rule-path was specified
526  * \param sig_file The name of the file
527  * \retval str Pointer to the string path + sig_file
528  */
529 static char *SRepCompleteFilePath(char *file)
530 {
531  const char *defaultpath = NULL;
532  char *path = NULL;
533 
534  /* Path not specified */
535  if (PathIsRelative(file)) {
536  if (ConfGet("default-reputation-path", &defaultpath) == 1) {
537  SCLogDebug("Default path: %s", defaultpath);
538  size_t path_len = sizeof(char) * (strlen(defaultpath) +
539  strlen(file) + 2);
540  path = SCMalloc(path_len);
541  if (unlikely(path == NULL))
542  return NULL;
543  strlcpy(path, defaultpath, path_len);
544 #if defined OS_WIN32 || defined __CYGWIN__
545  if (path[strlen(path) - 1] != '\\')
546  strlcat(path, "\\\\", path_len);
547 #else
548  if (path[strlen(path) - 1] != '/')
549  strlcat(path, "/", path_len);
550 #endif
551  strlcat(path, file, path_len);
552  } else {
553  path = SCStrdup(file);
554  if (unlikely(path == NULL))
555  return NULL;
556  }
557  } else {
558  path = SCStrdup(file);
559  if (unlikely(path == NULL))
560  return NULL;
561  }
562  return path;
563 }
564 
565 /** \brief init reputation
566  *
567  * \param de_ctx detection engine ctx for tracking iprep version
568  *
569  * \retval 0 ok
570  * \retval -1 error
571  *
572  * If this function is called more than once, the category file
573  * is not reloaded.
574  */
576 {
577  ConfNode *files;
578  ConfNode *file = NULL;
579  const char *filename = NULL;
580  int init = 0;
581  int i = 0;
582 
584  if (de_ctx->srepCIDR_ctx == NULL)
585  exit(EXIT_FAILURE);
586  memset(de_ctx->srepCIDR_ctx, 0, sizeof(SRepCIDRTree));
587  SRepCIDRTree *cidr_ctx = de_ctx->srepCIDR_ctx;
588 
589  for (i = 0; i < SREP_MAX_CATS; i++) {
590  cidr_ctx->srepIPV4_tree[i] = NULL;
591  cidr_ctx->srepIPV6_tree[i] = NULL;
592  }
593 
594  if (SRepGetVersion() == 0) {
595  SC_ATOMIC_INIT(srep_eversion);
596  init = 1;
597  }
598 
599  /* if both settings are missing, we assume the user doesn't want ip rep */
600  (void)ConfGet("reputation-categories-file", &filename);
601  files = ConfGetNode("reputation-files");
602  if (filename == NULL && files == NULL) {
603  SCLogConfig("IP reputation disabled");
604  return 0;
605  }
606 
607  if (files == NULL) {
608  SCLogError(SC_ERR_NO_REPUTATION, "\"reputation-files\" not set");
609  return -1;
610  }
611 
612  if (init) {
613  if (filename == NULL) {
614  SCLogError(SC_ERR_NO_REPUTATION, "\"reputation-categories-file\" not set");
615  return -1;
616  }
617 
618  /* init even if we have reputation files, so that when we
619  * have a live reload, we have inited the cats */
620  if (SRepLoadCatFile(filename) < 0) {
621  SCLogError(SC_ERR_NO_REPUTATION, "failed to load reputation "
622  "categories file %s", filename);
623  return -1;
624  }
625  }
626 
627  de_ctx->srep_version = SRepIncrVersion();
628  SCLogDebug("Reputation version %u", de_ctx->srep_version);
629 
630  /* ok, let's load reputation files from the general config */
631  if (files != NULL) {
632  TAILQ_FOREACH(file, &files->head, next) {
633  char *sfile = SRepCompleteFilePath(file->val);
634  if (sfile) {
635  SCLogInfo("Loading reputation file: %s", sfile);
636 
637  int r = SRepLoadFile(cidr_ctx, sfile);
638  if (r < 0){
639  if (de_ctx->failure_fatal == 1) {
640  exit(EXIT_FAILURE);
641  }
642  }
643  SCFree(sfile);
644  }
645  }
646  }
647 
648  /* Set effective rep version.
649  * On live reload we will handle this after de_ctx has been swapped */
650  if (init) {
651  SRepInitComplete();
652  }
653 
654  HostPrintStats();
655  return 0;
656 }
657 
659  if (de_ctx->srepCIDR_ctx != NULL) {
660  int i;
661  for (i = 0; i < SREP_MAX_CATS; i++) {
662  if (de_ctx->srepCIDR_ctx->srepIPV4_tree[i] != NULL) {
664  de_ctx->srepCIDR_ctx->srepIPV4_tree[i] = NULL;
665  }
666 
667  if (de_ctx->srepCIDR_ctx->srepIPV6_tree[i] != NULL) {
669  de_ctx->srepCIDR_ctx->srepIPV6_tree[i] = NULL;
670  }
671  }
672 
674  de_ctx->srepCIDR_ctx = NULL;
675  }
676 }
677 
678 #ifdef UNITTESTS
679 #include "tests/reputation.c"
680 #endif
SREP_SHORTNAME_LEN
#define SREP_SHORTNAME_LEN
Definition: reputation.c:333
util-byte.h
host.h
SReputation_
Definition: reputation.h:39
len
uint8_t len
Definition: app-layer-dnp3.h:2
SREP_MAX_CATS
#define SREP_MAX_CATS
Definition: reputation.h:31
SC_ERR_INVALID_VALUE
@ SC_ERR_INVALID_VALUE
Definition: util-error.h:160
SReputation_::rep
uint8_t rep[SREP_MAX_CATS]
Definition: reputation.h:41
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
Definition: util-atomic.h:303
PKT_IS_IPV6
#define PKT_IS_IPV6(p)
Definition: decode.h:256
SRepCatGetByShortname
uint8_t SRepCatGetByShortname(char *shortname)
Definition: reputation.c:336
ConfNode_::val
char * val
Definition: conf.h:34
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SC_ATOMIC_SET
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
Definition: util-atomic.h:375
SCRadixAddKeyIPV4String
SCRadixNode * SCRadixAddKeyIPV4String(const char *str, SCRadixTree *tree, void *user)
Adds a new IPV4/netblock to the Radix tree from a string.
Definition: util-radix-tree.c:934
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:298
SCRadixAddKeyIPV6String
SCRadixNode * SCRadixAddKeyIPV6String(const char *str, SCRadixTree *tree, void *user)
Adds a new IPV6/netblock to the Radix tree from a string.
Definition: util-radix-tree.c:983
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:175
threads.h
HostRelease
void HostRelease(Host *h)
Definition: host.c:474
SC_ATOMIC_ADD
#define SC_ATOMIC_ADD(name, val)
add a value to our atomic variable
Definition: util-atomic.h:321
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:766
HostGetHostFromHash
Host * HostGetHostFromHash(Address *a)
Definition: host.c:499
SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(uint32_t, srep_eversion)
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:350
HostDecrUsecnt
#define HostDecrUsecnt(h)
Definition: host.h:114
DetectEngineCtx_::srep_version
uint32_t srep_version
Definition: detect.h:776
Address_
Definition: decode.h:114
SCRadixFindKeyIPV4BestMatch
SCRadixNode * SCRadixFindKeyIPV4BestMatch(uint8_t *key_stream, SCRadixTree *tree, void **user_data_result)
Checks if an IPV4 address is present in the tree under a netblock.
Definition: util-radix-tree.c:1488
SCRadixFindKeyIPV6BestMatch
SCRadixNode * SCRadixFindKeyIPV6BestMatch(uint8_t *key_stream, SCRadixTree *tree, void **user_data_result)
Checks if an IPV6 address is present in the tree under a netblock.
Definition: util-radix-tree.c:1554
HostIncrUsecnt
#define HostIncrUsecnt(h)
Definition: host.h:112
GET_IPV6_DST_ADDR
#define GET_IPV6_DST_ADDR(p)
Definition: decode.h:224
util-unittest.h
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
ConfGet
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:330
util-debug.h
SRepCIDRTree_
Definition: reputation.h:34
util-error.h
GET_IPV4_DST_ADDR_PTR
#define GET_IPV4_DST_ADDR_PTR(p)
Definition: decode.h:219
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
strlcat
size_t strlcat(char *, const char *src, size_t siz)
Definition: util-strlcatu.c:45
SCRadixReleaseRadixTree
void SCRadixReleaseRadixTree(SCRadixTree *tree)
Frees a Radix tree and all its nodes.
Definition: util-radix-tree.c:463
DetectEngineCtx_::srepCIDR_ctx
SRepCIDRTree * srepCIDR_ctx
Definition: detect.h:779
SRepLoadCatFileFromFD
int SRepLoadCatFileFromFD(FILE *fp)
Definition: reputation.c:364
util-print.h
detect.h
util-ip.h
PrintInet
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
Definition: util-print.c:271
SCRadixCreateRadixTree
SCRadixTree * SCRadixCreateRadixTree(void(*Free)(void *), void(*PrintData)(void *))
Creates a new Radix tree.
Definition: util-radix-tree.c:424
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:282
Packet_
Definition: decode.h:412
conf.h
util-radix-tree.h
reputation.h
SC_ERR_NO_REPUTATION
@ SC_ERR_NO_REPUTATION
Definition: util-error.h:256
SRepLoadFileFromFD
int SRepLoadFileFromFD(SRepCIDRTree *cidr_ctx, FILE *fp)
Definition: reputation.c:431
SC_ERR_OPENING_RULE_FILE
@ SC_ERR_OPENING_RULE_FILE
Definition: util-error.h:71
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:217
SRepCIDRGetIPRepDst
uint8_t SRepCIDRGetIPRepDst(SRepCIDRTree *cidr_ctx, Packet *p, uint8_t cat, uint32_t version)
Definition: reputation.c:158
SRepReloadComplete
void SRepReloadComplete(void)
Increment effective reputation version after a rule/reputatio reload is complete.
Definition: reputation.c:172
SRepHostTimedOut
int SRepHostTimedOut(Host *h)
Check if a Host is timed out wrt ip rep, meaning a new version is in place.
Definition: reputation.c:196
Host_::iprep
void * iprep
Definition: host.h:69
GET_IPV4_SRC_ADDR_PTR
#define GET_IPV4_SRC_ADDR_PTR(p)
Definition: decode.h:218
suricata-common.h
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:257
version
uint8_t version
Definition: decode-gre.h:1
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
FatalError
#define FatalError(x,...)
Definition: util-debug.h:532
SReputation_::version
uint32_t version
Definition: reputation.h:40
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
GET_IPV6_SRC_ADDR
#define GET_IPV6_SRC_ADDR(p)
Definition: decode.h:223
SRepInit
int SRepInit(DetectEngineCtx *de_ctx)
init reputation
Definition: reputation.c:575
SCLogWarning
#define SCLogWarning(err_code,...)
Macro used to log WARNING messages.
Definition: util-debug.h:244
SCFree
#define SCFree(p)
Definition: util-mem.h:61
ConfNode_
Definition: conf.h:32
SC_ERR_FATAL
@ SC_ERR_FATAL
Definition: util-error.h:203
PathIsRelative
int PathIsRelative(const char *path)
Check if a path is relative.
Definition: util-path.c:64
HostPrintStats
void HostPrintStats(void)
print some host stats
Definition: host.c:292
reputation.c
SREP_MAX_VAL
#define SREP_MAX_VAL
Definition: reputation.h:32
SRepResetVersion
void SRepResetVersion(void)
Definition: reputation.c:61
SRepCIDRTree_::srepIPV4_tree
SCRadixTree * srepIPV4_tree[SREP_MAX_CATS]
Definition: reputation.h:35
Address_::address
union Address_::@39 address
Address_::family
char family
Definition: decode.h:115
SRepDestroy
void SRepDestroy(DetectEngineCtx *de_ctx)
Definition: reputation.c:658
SC_ATOMIC_GET
#define SC_ATOMIC_GET(name)
Get the value from the atomic variable.
Definition: util-atomic.h:364
Host_
Definition: host.h:58
PKT_IS_IPV4
#define PKT_IS_IPV4(p)
Definition: decode.h:255
SCLogDebugEnabled
int SCLogDebugEnabled(void)
Returns whether debug messages are enabled to be logged or not.
Definition: util-debug.c:662
SRepCIDRGetIPRepSrc
uint8_t SRepCIDRGetIPRepSrc(SRepCIDRTree *cidr_ctx, Packet *p, uint8_t cat, uint32_t version)
Definition: reputation.c:146
StringParseI32RangeCheck
int StringParseI32RangeCheck(int32_t *res, int base, uint16_t len, const char *str, int32_t min, int32_t max)
Definition: util-byte.c:704
DetectEngineCtx_::failure_fatal
int failure_fatal
Definition: detect.h:768
SRepCIDRTree_::srepIPV6_tree
SCRadixTree * srepIPV6_tree[SREP_MAX_CATS]
Definition: reputation.h:36