#include "suricata-common.h"
#include "detect.h"
#include "detect-engine.h"
#include "util-hash.h"
#include "conf.h"
#include "util-classification-config.h"
#include "util-unittest.h"
#include "util-error.h"
#include "util-debug.h"
#include "util-fmemopen.h"
#include "util-byte.h"

Include dependency graph for util-classification-config.c:

Macros
#define	DETECT_CLASSCONFIG_REGEX "^\\sconfig\\sclassification\\s:\\s([a-zA-Z][a-zA-Z0-9-_])\\s,\\s(.+)\\s,\\s(\\d+)\\s$"

#define	SC_CLASS_CONF_DEF_CONF_FILEPATH CONFIG_DIR "/classification.config"

Functions
uint32_t	SCClassConfClasstypeHashFunc (HashTable ht, void data, uint16_t datalen)
	Hashing function to be used to hash the Classtype name. Would be supplied as an argument to the HashTableInit function for DetectEngineCtx->class_conf_ht. More...

char	SCClassConfClasstypeHashCompareFunc (void data1, uint16_t datalen1, void data2, uint16_t datalen2)
	Used to compare two Classtypes that have been stored in the HashTable. This function is supplied as an argument to the HashTableInit function for DetectionEngineCtx->class_conf_ct. More...

void	SCClassConfClasstypeHashFree (void *ch)
	Used to free the Classification Config Hash Data that was stored in DetectEngineCtx->class_conf_ht Hashtable. More...

void	SCClassConfInit (DetectEngineCtx *de_ctx)

void	SCClassConfDeinit (DetectEngineCtx *de_ctx)

void	SCClassConfDeInitContext (DetectEngineCtx *de_ctx)
	Releases resources used by the Classification Config API. More...

int	SCClassConfAddClasstype (DetectEngineCtx de_ctx, char rawstr, uint16_t index)
	Parses a line from the classification file and adds it to Classtype hash table in DetectEngineCtx, i.e. DetectEngineCtx->class_conf_ht. More...

bool	SCClassConfLoadClassificationConfigFile (DetectEngineCtx de_ctx, FILE fd)
	Loads the Classtype info from the classification.config file. More...

SCClassConfClasstype *	SCClassConfGetClasstype (const char ct_name, DetectEngineCtx de_ctx)
	Gets the classtype from the corresponding hash table stored in the Detection Engine Context's class conf ht, given the classtype name. More...

FILE *	SCClassConfGenerateValidDummyClassConfigFD01 (void)
	Creates a dummy classification file, with all valid Classtypes, for testing purposes. More...

FILE *	SCClassConfGenerateInvalidDummyClassConfigFD02 (void)
	Creates a dummy classification file, with some valid Classtypes and a couple of invalid Classtypes, for testing purposes. More...

FILE *	SCClassConfGenerateInvalidDummyClassConfigFD03 (void)
	Creates a dummy classification file, with all invalid Classtypes, for testing purposes. More...

void	SCClassConfRegisterTests (void)
	This function registers unit tests for Classification Config API. More...

Detailed Description

Author: Anoop Saldanha anoop.nosp@m.sald.nosp@m.anha@.nosp@m.gmai.nosp@m.l.com

Used for parsing a classification.config file

Definition in file util-classification-config.c.

Macro Definition Documentation

◆ DETECT_CLASSCONFIG_REGEX

#define DETECT_CLASSCONFIG_REGEX "^\\s*config\\s*classification\\s*:\\s*([a-zA-Z][a-zA-Z0-9-_]*)\\s*,\\s*(.+)\\s*,\\s*(\\d+)\\s*$"

Definition at line 43 of file util-classification-config.c.

◆ SC_CLASS_CONF_DEF_CONF_FILEPATH

#define SC_CLASS_CONF_DEF_CONF_FILEPATH CONFIG_DIR "/classification.config"

Definition at line 49 of file util-classification-config.c.

Function Documentation

◆ SCClassConfAddClasstype()

int SCClassConfAddClasstype	(	DetectEngineCtx *	de_ctx,
		char *	rawstr,
		uint16_t	index
	)

Parses a line from the classification file and adds it to Classtype hash table in DetectEngineCtx, i.e. DetectEngineCtx->class_conf_ht.

Parameters

rawstr	Pointer to the string to be parsed.
index	Relative index of the string to be parsed.
de_ctx	Pointer to the Detection Engine Context.

Return values

0	On success.
-1	On failure.

Definition at line 236 of file util-classification-config.c.

References DetectEngineCtx_::class_conf_regex, DetectEngineCtx_::class_conf_regex_match, CLASSTYPE_DESC_MAX_LEN, CLASSTYPE_NAME_MAX_LEN, de_ctx, and SCLogError.

◆ SCClassConfClasstypeHashCompareFunc()

char SCClassConfClasstypeHashCompareFunc	(	void *	data1,
		uint16_t	datalen1,
		void *	data2,
		uint16_t	datalen2
	)

Used to compare two Classtypes that have been stored in the HashTable. This function is supplied as an argument to the HashTableInit function for DetectionEngineCtx->class_conf_ct.

Parameters

data1	Pointer to the first SCClassConfClasstype to be compared.
len1	Not used by this function.
data2	Pointer to the second SCClassConfClasstype to be compared.
len2	Not used by this function.

Return values

1	On data1 and data2 being equal.
0	On data1 and data2 not being equal.

Definition at line 481 of file util-classification-config.c.

References SCClassConfClasstype_::classtype, and SCLogDebug.

◆ SCClassConfClasstypeHashFree()

void SCClassConfClasstypeHashFree ( void * ch )

Used to free the Classification Config Hash Data that was stored in DetectEngineCtx->class_conf_ht Hashtable.

Parameters

ch	Pointer to the data that has to be freed.

Definition at line 512 of file util-classification-config.c.

◆ SCClassConfClasstypeHashFunc()

uint32_t SCClassConfClasstypeHashFunc	(	HashTable *	ht,
		void *	data,
		uint16_t	datalen
	)

Hashing function to be used to hash the Classtype name. Would be supplied as an argument to the HashTableInit function for DetectEngineCtx->class_conf_ht.

Parameters

ht	Pointer to the HashTable.
data	Pointer to the data to be hashed. In this case, the data would be a pointer to a SCClassConfClasstype instance.
datalen	Not used by this function.

Definition at line 452 of file util-classification-config.c.

References HashTable_::array_size, SCClassConfClasstype_::classtype, len, and u8_tolower.

◆ SCClassConfDeinit()

void SCClassConfDeinit ( DetectEngineCtx * de_ctx )

Definition at line 82 of file util-classification-config.c.

References DetectEngineCtx_::class_conf_regex, DetectEngineCtx_::class_conf_regex_match, and de_ctx.

◆ SCClassConfDeInitContext()

void SCClassConfDeInitContext ( DetectEngineCtx * de_ctx )

Releases resources used by the Classification Config API.

Definition at line 191 of file util-classification-config.c.

References DetectEngineCtx_::class_conf_ht, de_ctx, and HashTableFree().

Referenced by DetectEngineCtxFree().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ SCClassConfGenerateInvalidDummyClassConfigFD02()

FILE* SCClassConfGenerateInvalidDummyClassConfigFD02 ( void )

Creates a dummy classification file, with some valid Classtypes and a couple of invalid Classtypes, for testing purposes.

\file_path Pointer to the file_path for the dummy classification file.

Definition at line 614 of file util-classification-config.c.

References SCFmemopen, and SCLogDebug.

◆ SCClassConfGenerateInvalidDummyClassConfigFD03()

FILE* SCClassConfGenerateInvalidDummyClassConfigFD03 ( void )

Creates a dummy classification file, with all invalid Classtypes, for testing purposes.

\file_path Pointer to the file_path for the dummy classification file.

Definition at line 638 of file util-classification-config.c.

References SCFmemopen, and SCLogDebug.

◆ SCClassConfGenerateValidDummyClassConfigFD01()

FILE* SCClassConfGenerateValidDummyClassConfigFD01 ( void )

Creates a dummy classification file, with all valid Classtypes, for testing purposes.

\file_path Pointer to the file_path for the dummy classification file.

Definition at line 594 of file util-classification-config.c.

References SCFmemopen, and SCLogDebug.

◆ SCClassConfGetClasstype()

SCClassConfClasstype* SCClassConfGetClasstype	(	const char *	ct_name,
		DetectEngineCtx *	de_ctx
	)

Gets the classtype from the corresponding hash table stored in the Detection Engine Context's class conf ht, given the classtype name.

Parameters

ct_name	Pointer to the classtype name that has to be looked up.
de_ctx	Pointer to the Detection Engine Context.

Return values

lookup_ct_info Pointer to the SCClassConfClasstype instance from the hash table on success; NULL on failure.

Definition at line 568 of file util-classification-config.c.

References DetectEngineCtx_::class_conf_ht, de_ctx, HashTableLookup(), and u8_tolower.

Here is the call graph for this function:

◆ SCClassConfInit()

void SCClassConfInit ( DetectEngineCtx * de_ctx )

Definition at line 61 of file util-classification-config.c.

References DetectEngineCtx_::class_conf_regex, DetectEngineCtx_::class_conf_regex_match, de_ctx, DETECT_CLASSCONFIG_REGEX, and SCLogWarning.

◆ SCClassConfLoadClassificationConfigFile()

bool SCClassConfLoadClassificationConfigFile	(	DetectEngineCtx *	de_ctx,
		FILE *	fd
	)

Loads the Classtype info from the classification.config file.

   The classification.config file contains the different classtypes,
   that can be used to label Signatures.  Each line of the file should
   have the following format -
   classtype_name, classtype_description, priority
   None of the above parameters should hold a quote inside the file.

Parameters

de_ctx Pointer to the Detection Engine Context that should be updated with Classtype information.

Definition at line 531 of file util-classification-config.c.

◆ SCClassConfRegisterTests()

void SCClassConfRegisterTests ( void )

This function registers unit tests for Classification Config API.

Definition at line 790 of file util-classification-config.c.

References UtRegisterTest().

Here is the call graph for this function:

Macros

Functions

Detailed Description

Macro Definition Documentation

◆ DETECT_CLASSCONFIG_REGEX

◆ SC_CLASS_CONF_DEF_CONF_FILEPATH

Function Documentation

◆ SCClassConfAddClasstype()

◆ SCClassConfClasstypeHashCompareFunc()

◆ SCClassConfClasstypeHashFree()

◆ SCClassConfClasstypeHashFunc()

◆ SCClassConfDeinit()

◆ SCClassConfDeInitContext()

◆ SCClassConfGenerateInvalidDummyClassConfigFD02()

◆ SCClassConfGenerateInvalidDummyClassConfigFD03()

◆ SCClassConfGenerateValidDummyClassConfigFD01()

◆ SCClassConfGetClasstype()

◆ SCClassConfInit()

◆ SCClassConfLoadClassificationConfigFile()

◆ SCClassConfRegisterTests()