Go to the documentation of this file.
50 static uint32_t srep_version = 0;
52 static uint32_t SRepIncrVersion(
void)
54 return ++srep_version;
57 static uint32_t SRepGetVersion(
void)
67 static uint32_t SRepGetEffectiveVersion(
void)
72 static void SRepCIDRFreeUserData(
void *data)
80 static void SRepCIDRAddNetblock(
SRepCIDRTree *cidr_ctx,
char *ip,
int cat, uint8_t value)
84 FatalError(
"Error allocating memory. Exiting");
88 user_data->
version = SRepGetVersion();
89 user_data->
rep[cat] = value;
91 if (strchr(ip,
':') != NULL) {
95 SCLogDebug(
"Error initializing Reputation IPV6 with CIDR module for cat %d", cat);
98 SCLogDebug(
"Reputation IPV6 with CIDR module for cat %d initialized", cat);
112 SCLogDebug(
"Error initializing Reputation IPV4 with CIDR module for cat %d", cat);
115 SCLogDebug(
"Reputation IPV4 with CIDR module for cat %d initialized", cat);
127 static uint8_t SRepCIDRGetIPv4IPRep(
SRepCIDRTree *cidr_ctx, uint8_t *ipv4_addr, uint8_t cat)
129 void *user_data = NULL;
131 if (user_data == NULL)
138 static uint8_t SRepCIDRGetIPv6IPRep(
SRepCIDRTree *cidr_ctx, uint8_t *ipv6_addr, uint8_t cat)
140 void *user_data = NULL;
142 if (user_data == NULL)
178 SCLogDebug(
"effective Reputation version %u", SRepGetEffectiveVersion());
191 static void SRepInitComplete(
void)
194 SCLogDebug(
"effective Reputation version %u", SRepGetEffectiveVersion());
211 if (h->
iprep == NULL)
214 uint32_t eversion = SRepGetEffectiveVersion();
217 SCLogDebug(
"host %p has reputation version %u, "
218 "effective version is %u", h, r->
version, eversion);
226 static int SRepCatSplitLine(
char *line, uint8_t *cat,
char *shortname,
size_t shortname_len)
228 size_t line_len = strlen(line);
229 char *ptrs[2] = {NULL,NULL};
232 char *origline = line;
234 while (i < (
int)line_len) {
235 if (line[i] ==
',' || line[i] ==
'\n' || line[i] ==
'\0' || i == (
int)(line_len - 1)) {
244 if (line >= origline + line_len)
246 if (strlen(line) == 0)
266 strlcpy(shortname, ptrs[1], shortname_len);
276 static int SRepSplitLine(
SRepCIDRTree *cidr_ctx,
char *line,
Address *ip, uint8_t *cat, uint8_t *value)
278 size_t line_len = strlen(line);
279 char *ptrs[3] = {NULL,NULL,NULL};
282 char *origline = line;
284 while (i < (
int)line_len) {
285 if (line[i] ==
',' || line[i] ==
'\n' || line[i] ==
'\r' || line[i] ==
'\0' ||
286 i == (
int)(line_len - 1)) {
295 if (line >= origline + line_len)
297 if (strlen(line) == 0)
312 if (strcmp(ptrs[0],
"ip") == 0)
322 if (strchr(ptrs[0],
'/') != NULL) {
323 SRepCIDRAddNetblock(cidr_ctx, ptrs[0], c, v);
326 if (inet_pton(AF_INET, ptrs[0], &ip->
address) == 1) {
328 }
else if (inet_pton(AF_INET6, ptrs[0], &ip->
address) == 1) {
341 #define SREP_SHORTNAME_LEN 32
348 if (strcmp(srep_cat_table[cat], shortname) == 0)
355 static int SRepLoadCatFile(
const char *filename)
358 FILE *fp = fopen(filename,
"r");
361 SCLogError(
"opening ip rep file %s: %s", filename, strerror(errno));
374 char line[8192] =
"";
376 memset(&a, 0x00,
sizeof(a));
378 memset(&srep_cat_table, 0x00,
sizeof(srep_cat_table));
380 BUG_ON(SRepGetVersion() > 0);
382 while(fgets(line, (
int)
sizeof(line), fp) != NULL) {
383 size_t len = strlen(line);
388 if (line[0] ==
'\n' || line [0] ==
'\r' || line[0] ==
' ' || line[0] ==
'#' || line[0] ==
'\t')
391 while (isspace((
unsigned char)line[--
len]));
398 if (line[
len - 1] ==
'\n' || line[
len - 1] ==
'\r') {
399 line[
len - 1] =
'\0';
404 if (SRepCatSplitLine(line, &cat, shortname,
sizeof(shortname)) == 0) {
414 if (strlen(srep_cat_table[i]) == 0)
416 SCLogDebug(
"CAT %d, name %s", i, srep_cat_table[i]);
421 static int SRepLoadFile(
SRepCIDRTree *cidr_ctx,
char *filename)
424 FILE *fp = fopen(filename,
"r");
427 SCLogError(
"opening ip rep file %s: %s", filename, strerror(errno));
441 char line[8192] =
"";
443 while(fgets(line, (
int)
sizeof(line), fp) != NULL) {
444 size_t len = strlen(line);
449 if (line[0] ==
'\n' || line [0] ==
'\r' || line[0] ==
' ' || line[0] ==
'#' || line[0] ==
'\t')
452 while (isspace((
unsigned char)line[--
len]));
459 if (line[
len - 1] ==
'\n' || line[
len - 1] ==
'\r') {
460 line[
len - 1] =
'\0';
464 memset(&a, 0x00,
sizeof(a));
467 uint8_t cat = 0, value = 0;
468 int r = SRepSplitLine(cidr_ctx, line, &a, &cat, &value);
472 if (a.
family == AF_INET) {
484 SCLogError(
"failed to get a host, increase host.memcap");
489 if (h->
iprep == NULL) {
491 if (h->
iprep != NULL) {
497 if (h->
iprep != NULL) {
502 if (rep->
version != SRepGetVersion()) {
506 rep->
version = SRepGetVersion();
507 rep->
rep[cat] = value;
509 SCLogDebug(
"host %p iprep %p setting cat %u to value %u",
510 h, h->
iprep, cat, value);
515 if (rep->
rep[i] == 0)
518 SCLogDebug(
"--> host %p iprep %p cat %d to value %u",
538 static char *SRepCompleteFilePath(
char *file)
540 const char *defaultpath = NULL;
545 if (
ConfGet(
"default-reputation-path", &defaultpath) == 1) {
547 size_t path_len =
sizeof(char) * (strlen(defaultpath) +
552 strlcpy(path, defaultpath, path_len);
553 #if defined OS_WIN32 || defined __CYGWIN__
554 if (path[strlen(path) - 1] !=
'\\')
555 strlcat(path,
"\\\\", path_len);
557 if (path[strlen(path) - 1] !=
'/')
588 const char *filename = NULL;
603 if (SRepGetVersion() == 0) {
609 (void)
ConfGet(
"reputation-categories-file", &filename);
611 if (filename == NULL && files == NULL) {
622 if (filename == NULL) {
623 SCLogError(
"\"reputation-categories-file\" not set");
629 if (SRepLoadCatFile(filename) < 0) {
631 "categories file %s",
643 char *sfile = SRepCompleteFilePath(file->
val);
645 SCLogInfo(
"Loading reputation file: %s", sfile);
647 int r = SRepLoadFile(cidr_ctx, sfile);
#define SREP_SHORTNAME_LEN
bool SCRadixAddKeyIPV6String(const char *str, SCRadixTree *tree, void *user)
Adds a new IPV6/netblock to the Radix tree from a string.
uint8_t rep[SREP_MAX_CATS]
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
void SRepFreeHostData(Host *h)
uint8_t SRepCatGetByShortname(char *shortname)
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
struct HtpBodyChunk_ * next
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
void HostRelease(Host *h)
#define SC_ATOMIC_ADD(name, val)
add a value to our atomic variable
main detection engine ctx
Host * HostGetHostFromHash(Address *a)
SC_ATOMIC_DECLARE(uint32_t, srep_eversion)
#define TAILQ_FOREACH(var, head, field)
#define HostDecrUsecnt(h)
SCRadixNode * SCRadixFindKeyIPV4BestMatch(uint8_t *key_stream, SCRadixTree *tree, void **user_data_result)
Checks if an IPV4 address is present in the tree under a netblock.
SCRadixNode * SCRadixFindKeyIPV6BestMatch(uint8_t *key_stream, SCRadixTree *tree, void **user_data_result)
Checks if an IPV6 address is present in the tree under a netblock.
#define HostIncrUsecnt(h)
#define GET_IPV6_DST_ADDR(p)
bool SCRadixAddKeyIPV4String(const char *str, SCRadixTree *tree, void *user)
Adds a new IPV4/netblock to the Radix tree from a string.
size_t strlcpy(char *dst, const char *src, size_t siz)
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
#define GET_IPV4_DST_ADDR_PTR(p)
size_t strlcat(char *, const char *src, size_t siz)
void SCRadixReleaseRadixTree(SCRadixTree *tree)
Frees a Radix tree and all its nodes.
SRepCIDRTree * srepCIDR_ctx
int StringParseI32RangeCheck(int32_t *res, int base, size_t len, const char *str, int32_t min, int32_t max)
int SRepLoadCatFileFromFD(FILE *fp)
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
#define SCLogWarning(...)
Macro used to log WARNING messages.
SCRadixTree * SCRadixCreateRadixTree(void(*Free)(void *), void(*PrintData)(void *))
Creates a new Radix tree.
union Address_::@30 address
int SRepLoadFileFromFD(SRepCIDRTree *cidr_ctx, FILE *fp)
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
int StringParseU8RangeCheck(uint8_t *res, int base, size_t len, const char *str, uint8_t min, uint8_t max)
uint8_t SRepCIDRGetIPRepDst(SRepCIDRTree *cidr_ctx, Packet *p, uint8_t cat, uint32_t version)
void SRepReloadComplete(void)
Increment effective reputation version after a rule/reputation reload is complete.
int SRepHostTimedOut(Host *h)
Check if a Host is timed out wrt ip rep, meaning a new version is in place.
#define GET_IPV4_SRC_ADDR_PTR(p)
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
#define SCLogError(...)
Macro used to log ERROR messages.
#define GET_IPV6_SRC_ADDR(p)
int SRepInit(DetectEngineCtx *de_ctx)
init reputation
int PathIsRelative(const char *path)
Check if a path is relative.
void HostPrintStats(void)
print some host stats
thread_local SCError sc_errno
void SRepResetVersion(void)
SCRadixTree * srepIPV4_tree[SREP_MAX_CATS]
void SRepDestroy(DetectEngineCtx *de_ctx)
#define SC_ATOMIC_GET(name)
Get the value from the atomic variable.
int SCLogDebugEnabled(void)
Returns whether debug messages are enabled to be logged or not.
#define DEBUG_VALIDATE_BUG_ON(exp)
uint8_t SRepCIDRGetIPRepSrc(SRepCIDRTree *cidr_ctx, Packet *p, uint8_t cat, uint32_t version)
SCRadixTree * srepIPV6_tree[SREP_MAX_CATS]