suricata.8.0.0/ippair-bit_8c_source.html

/* Copyright (C) 2014-2021 Open Information Security Foundation

 *

 * You can copy, redistribute or modify this Program under the terms of

 * the GNU General Public License version 2 as published by the Free

 * Software Foundation.

 *

 * This program is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * version 2 along with this program; if not, write to the Free Software

 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA

 * 02110-1301, USA.

 */


/**

 * \file

 *

 * \author Victor Julien <victor@inliniac.net>

 *

 * Implements per ippair bits. Actually, not a bit,

 * but called that way because of Snort's flowbits.

 * It's a binary storage.

 *

 * \todo move away from a linked list implementation

 * \todo use different datatypes, such as string, int, etc.

 */


#include "suricata-common.h"

#include "threads.h"

#include "ippair-bit.h"

#include "ippair.h"

#include "detect.h"

#include "util-var.h"

#include "util-debug.h"

#include "util-unittest.h"

#include "ippair-storage.h"


static IPPairStorageId g_ippair_bit_storage_id = { .id = -1 }; /**< IPPair storage id for bits */


static void XBitFreeAll(void *store)

{

    GenericVar *gv = store;

    GenericVarFree(gv);

}


void IPPairBitInitCtx(void)

{

    g_ippair_bit_storage_id = IPPairStorageRegister("bit", sizeof(void *), NULL, XBitFreeAll);

    if (g_ippair_bit_storage_id.id == -1) {

        FatalError("Can't initiate ippair storage for bits");

    }

}


/* lock before using this */


int IPPairHasBits(IPPair *ippair)

{

    if (ippair == NULL)

        return 0;

    return IPPairGetStorageById(ippair, g_ippair_bit_storage_id) ? 1 : 0;

}


/** \retval 1 ippair timed out wrt xbits

  * \retval 0 ippair still has active (non-expired) xbits */


int IPPairBitsTimedoutCheck(IPPair *h, SCTime_t ts)

{

    GenericVar *gv = IPPairGetStorageById(h, g_ippair_bit_storage_id);

    for ( ; gv != NULL; gv = gv->next) {

        if (gv->type == DETECT_XBITS) {

            XBit *xb = (XBit *)gv;

            if (SCTIME_CMP_GT(xb->expire, ts))

                return 0;

        }

    }

    return 1;

}


/* get the bit with idx from the ippair */

static XBit *IPPairBitGet(IPPair *h, uint32_t idx)

{

    GenericVar *gv = IPPairGetStorageById(h, g_ippair_bit_storage_id);

    for ( ; gv != NULL; gv = gv->next) {

        if (gv->type == DETECT_XBITS && gv->idx == idx) {

            return (XBit *)gv;

        }

    }


    return NULL;

}


/* add a flowbit to the flow */

static void IPPairBitAdd(IPPair *h, uint32_t idx, SCTime_t expire)

{

    XBit *fb = IPPairBitGet(h, idx);

    if (fb == NULL) {

        fb = SCMalloc(sizeof(XBit));

        if (unlikely(fb == NULL))

            return;


        fb->type = DETECT_XBITS;

        fb->idx = idx;

        fb->next = NULL;

        fb->expire = expire;


        GenericVar *gv = IPPairGetStorageById(h, g_ippair_bit_storage_id);

        GenericVarAppend(&gv, (GenericVar *)fb);

        IPPairSetStorageById(h, g_ippair_bit_storage_id, gv);


        // bit already set, lets update it's timer

    } else {

        fb->expire = expire;

    }

}


static void IPPairBitRemove(IPPair *h, uint32_t idx)

{

    XBit *fb = IPPairBitGet(h, idx);

    if (fb == NULL)

        return;


    GenericVar *gv = IPPairGetStorageById(h, g_ippair_bit_storage_id);

    if (gv) {

        GenericVarRemove(&gv, (GenericVar *)fb);

        XBitFree(fb);

        IPPairSetStorageById(h, g_ippair_bit_storage_id, gv);

    }

}


void IPPairBitSet(IPPair *h, uint32_t idx, SCTime_t expire)

{

    XBit *fb = IPPairBitGet(h, idx);

    if (fb == NULL) {

        IPPairBitAdd(h, idx, expire);

    }

}


void IPPairBitUnset(IPPair *h, uint32_t idx)

{

    XBit *fb = IPPairBitGet(h, idx);

    if (fb != NULL) {

        IPPairBitRemove(h, idx);

    }

}


void IPPairBitToggle(IPPair *h, uint32_t idx, SCTime_t expire)

{

    XBit *fb = IPPairBitGet(h, idx);

    if (fb != NULL) {

        IPPairBitRemove(h, idx);

    } else {

        IPPairBitAdd(h, idx, expire);

    }

}


int IPPairBitIsset(IPPair *h, uint32_t idx, SCTime_t ts)

{

    XBit *fb = IPPairBitGet(h, idx);

    if (fb != NULL) {

        if (SCTIME_CMP_LT(fb->expire, ts)) {

            IPPairBitRemove(h, idx);

            return 0;

        }


        return 1;

    }

    return 0;

}


int IPPairBitIsnotset(IPPair *h, uint32_t idx, SCTime_t ts)

{

    XBit *fb = IPPairBitGet(h, idx);

    if (fb == NULL) {

        return 1;

    }


    if (SCTIME_CMP_LT(fb->expire, ts)) {

        IPPairBitRemove(h, idx);

        return 1;

    }


    return 0;

}


/* TESTS */

#ifdef UNITTESTS

static int IPPairBitTest01 (void)

{

    int ret = 0;


    IPPairInitConfig(true);

    IPPair *h = IPPairAlloc();

    if (h == NULL)

        goto end;


    IPPairBitAdd(h, 0, SCTIME_FROM_SECS(0));


    XBit *fb = IPPairBitGet(h,0);

    if (fb != NULL)

        ret = 1;


    IPPairFree(h);

end:

    IPPairCleanup();

    return ret;

}


static int IPPairBitTest02 (void)

{

    int ret = 0;


    IPPairInitConfig(true);

    IPPair *h = IPPairAlloc();

    if (h == NULL)

        goto end;


    XBit *fb = IPPairBitGet(h,0);

    if (fb == NULL)

        ret = 1;


    IPPairFree(h);

end:

    IPPairCleanup();

    return ret;

}


static int IPPairBitTest03 (void)

{

    int ret = 0;


    IPPairInitConfig(true);

    IPPair *h = IPPairAlloc();

    if (h == NULL)

        goto end;


    IPPairBitAdd(h, 0, SCTIME_FROM_SECS(30));


    XBit *fb = IPPairBitGet(h,0);

    if (fb == NULL) {

        printf("fb == NULL although it was just added: ");

        goto end;

    }


    IPPairBitRemove(h, 0);


    fb = IPPairBitGet(h,0);

    if (fb != NULL) {

        printf("fb != NULL although it was just removed: ");

        goto end;

    } else {

        ret = 1;

    }


    IPPairFree(h);

end:

    IPPairCleanup();

    return ret;

}


static int IPPairBitTest04 (void)

{

    int ret = 0;


    IPPairInitConfig(true);

    IPPair *h = IPPairAlloc();

    if (h == NULL)

        goto end;


    IPPairBitAdd(h, 0, SCTIME_FROM_SECS(30));

    IPPairBitAdd(h, 1, SCTIME_FROM_SECS(30));

    IPPairBitAdd(h, 2, SCTIME_FROM_SECS(30));

    IPPairBitAdd(h, 3, SCTIME_FROM_SECS(30));


    XBit *fb = IPPairBitGet(h,0);

    if (fb != NULL)

        ret = 1;


    IPPairFree(h);

end:

    IPPairCleanup();

    return ret;

}


static int IPPairBitTest05 (void)

{

    int ret = 0;


    IPPairInitConfig(true);

    IPPair *h = IPPairAlloc();

    if (h == NULL)

        goto end;


    IPPairBitAdd(h, 0, SCTIME_FROM_SECS(90));

    IPPairBitAdd(h, 1, SCTIME_FROM_SECS(90));

    IPPairBitAdd(h, 2, SCTIME_FROM_SECS(90));

    IPPairBitAdd(h, 3, SCTIME_FROM_SECS(90));


    XBit *fb = IPPairBitGet(h,1);

    if (fb != NULL)

        ret = 1;


    IPPairFree(h);

end:

    IPPairCleanup();

    return ret;

}


static int IPPairBitTest06 (void)

{

    int ret = 0;


    IPPairInitConfig(true);

    IPPair *h = IPPairAlloc();

    if (h == NULL)

        goto end;


    IPPairBitAdd(h, 0, SCTIME_FROM_SECS(90));

    IPPairBitAdd(h, 1, SCTIME_FROM_SECS(90));

    IPPairBitAdd(h, 2, SCTIME_FROM_SECS(90));

    IPPairBitAdd(h, 3, SCTIME_FROM_SECS(90));


    XBit *fb = IPPairBitGet(h,2);

    if (fb != NULL)

        ret = 1;


    IPPairFree(h);

end:

    IPPairCleanup();

    return ret;

}


static int IPPairBitTest07 (void)

{

    int ret = 0;


    IPPairInitConfig(true);

    IPPair *h = IPPairAlloc();

    if (h == NULL)

        goto end;


    IPPairBitAdd(h, 0, SCTIME_FROM_SECS(90));

    IPPairBitAdd(h, 1, SCTIME_FROM_SECS(90));

    IPPairBitAdd(h, 2, SCTIME_FROM_SECS(90));

    IPPairBitAdd(h, 3, SCTIME_FROM_SECS(90));


    XBit *fb = IPPairBitGet(h,3);

    if (fb != NULL)

        ret = 1;


    IPPairFree(h);

end:

    IPPairCleanup();

    return ret;

}


static int IPPairBitTest08 (void)

{

    int ret = 0;


    IPPairInitConfig(true);

    IPPair *h = IPPairAlloc();

    if (h == NULL)

        goto end;


    IPPairBitAdd(h, 0, SCTIME_FROM_SECS(90));

    IPPairBitAdd(h, 1, SCTIME_FROM_SECS(90));

    IPPairBitAdd(h, 2, SCTIME_FROM_SECS(90));

    IPPairBitAdd(h, 3, SCTIME_FROM_SECS(90));


    XBit *fb = IPPairBitGet(h,0);

    if (fb == NULL)

        goto end;


    IPPairBitRemove(h,0);


    fb = IPPairBitGet(h,0);

    if (fb != NULL) {

        printf("fb != NULL even though it was removed: ");

        goto end;

    }


    ret = 1;

    IPPairFree(h);

end:

    IPPairCleanup();

    return ret;

}


static int IPPairBitTest09 (void)

{

    int ret = 0;


    IPPairInitConfig(true);

    IPPair *h = IPPairAlloc();

    if (h == NULL)

        goto end;


    IPPairBitAdd(h, 0, SCTIME_FROM_SECS(90));

    IPPairBitAdd(h, 1, SCTIME_FROM_SECS(90));

    IPPairBitAdd(h, 2, SCTIME_FROM_SECS(90));

    IPPairBitAdd(h, 3, SCTIME_FROM_SECS(90));


    XBit *fb = IPPairBitGet(h,1);

    if (fb == NULL)

        goto end;


    IPPairBitRemove(h,1);


    fb = IPPairBitGet(h,1);

    if (fb != NULL) {

        printf("fb != NULL even though it was removed: ");

        goto end;

    }


    ret = 1;

    IPPairFree(h);

end:

    IPPairCleanup();

    return ret;

}


static int IPPairBitTest10 (void)

{

    int ret = 0;


    IPPairInitConfig(true);

    IPPair *h = IPPairAlloc();

    if (h == NULL)

        goto end;


    IPPairBitAdd(h, 0, SCTIME_FROM_SECS(90));

    IPPairBitAdd(h, 1, SCTIME_FROM_SECS(90));

    IPPairBitAdd(h, 2, SCTIME_FROM_SECS(90));

    IPPairBitAdd(h, 3, SCTIME_FROM_SECS(90));


    XBit *fb = IPPairBitGet(h,2);

    if (fb == NULL)

        goto end;


    IPPairBitRemove(h,2);


    fb = IPPairBitGet(h,2);

    if (fb != NULL) {

        printf("fb != NULL even though it was removed: ");

        goto end;

    }


    ret = 1;

    IPPairFree(h);

end:

    IPPairCleanup();

    return ret;

}


static int IPPairBitTest11 (void)

{

    int ret = 0;


    IPPairInitConfig(true);

    IPPair *h = IPPairAlloc();

    if (h == NULL)

        goto end;


    IPPairBitAdd(h, 0, SCTIME_FROM_SECS(90));

    IPPairBitAdd(h, 1, SCTIME_FROM_SECS(90));

    IPPairBitAdd(h, 2, SCTIME_FROM_SECS(90));

    IPPairBitAdd(h, 3, SCTIME_FROM_SECS(90));


    XBit *fb = IPPairBitGet(h,3);

    if (fb == NULL)

        goto end;


    IPPairBitRemove(h,3);


    fb = IPPairBitGet(h,3);

    if (fb != NULL) {

        printf("fb != NULL even though it was removed: ");

        goto end;

    }


    ret = 1;

    IPPairFree(h);

end:

    IPPairCleanup();

    return ret;

}


#endif /* UNITTESTS */


void IPPairBitRegisterTests(void)

{

#ifdef UNITTESTS

    UtRegisterTest("IPPairBitTest01", IPPairBitTest01);

    UtRegisterTest("IPPairBitTest02", IPPairBitTest02);

    UtRegisterTest("IPPairBitTest03", IPPairBitTest03);

    UtRegisterTest("IPPairBitTest04", IPPairBitTest04);

    UtRegisterTest("IPPairBitTest05", IPPairBitTest05);

    UtRegisterTest("IPPairBitTest06", IPPairBitTest06);

    UtRegisterTest("IPPairBitTest07", IPPairBitTest07);

    UtRegisterTest("IPPairBitTest08", IPPairBitTest08);

    UtRegisterTest("IPPairBitTest09", IPPairBitTest09);

    UtRegisterTest("IPPairBitTest10", IPPairBitTest10);

    UtRegisterTest("IPPairBitTest11", IPPairBitTest11);

#endif /* UNITTESTS */

}


DETECT_XBITS
@ DETECT_XBITS
Definition detect-engine-register.h:64

detect.h

UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition util-unittest.c:103

IPPairBitRegisterTests
void IPPairBitRegisterTests(void)
Definition ippair-bit.c:492

IPPairBitUnset
void IPPairBitUnset(IPPair *h, uint32_t idx)
Definition ippair-bit.c:139

IPPairHasBits
int IPPairHasBits(IPPair *ippair)
Definition ippair-bit.c:58

IPPairBitsTimedoutCheck
int IPPairBitsTimedoutCheck(IPPair *h, SCTime_t ts)
Definition ippair-bit.c:67

IPPairBitInitCtx
void IPPairBitInitCtx(void)
Definition ippair-bit.c:49

IPPairBitIsset
int IPPairBitIsset(IPPair *h, uint32_t idx, SCTime_t ts)
Definition ippair-bit.c:157

IPPairBitSet
void IPPairBitSet(IPPair *h, uint32_t idx, SCTime_t expire)
Definition ippair-bit.c:131

IPPairBitToggle
void IPPairBitToggle(IPPair *h, uint32_t idx, SCTime_t expire)
Definition ippair-bit.c:147

IPPairBitIsnotset
int IPPairBitIsnotset(IPPair *h, uint32_t idx, SCTime_t ts)
Definition ippair-bit.c:171

ippair-bit.h

IPPairGetStorageById
void * IPPairGetStorageById(IPPair *h, IPPairStorageId id)
Definition ippair-storage.c:35

IPPairStorageRegister
IPPairStorageId IPPairStorageRegister(const char *name, const unsigned int size, void *(*Alloc)(unsigned int), void(*Free)(void *))
Definition ippair-storage.c:56

IPPairSetStorageById
int IPPairSetStorageById(IPPair *h, IPPairStorageId id, void *ptr)
Definition ippair-storage.c:40

ippair-storage.h

IPPairCleanup
void IPPairCleanup(void)
Cleanup the ippair engine.
Definition ippair.c:327

IPPairInitConfig
void IPPairInitConfig(bool quiet)
initialize the configuration
Definition ippair.c:162

IPPairFree
void IPPairFree(IPPair *h)
Definition ippair.c:124

IPPairAlloc
IPPair * IPPairAlloc(void)
Definition ippair.c:104

ippair.h

ts
uint64_t ts
Definition source-erf-file.c:55

GenericVar_
Definition util-var.h:53

GenericVar_::type
uint16_t type
Definition util-var.h:54

GenericVar_::idx
uint32_t idx
Definition util-var.h:56

GenericVar_::next
struct GenericVar_ * next
Definition util-var.h:57

IPPairStorageId
Definition ippair-storage.h:31

IPPairStorageId::id
int id
Definition ippair-storage.h:32

IPPair_
Definition ippair.h:58

SCTime_t
Definition util-time.h:40

XBit_
Definition util-var.h:60

XBit_::type
uint16_t type
Definition util-var.h:61

XBit_::next
GenericVar * next
Definition util-var.h:64

XBit_::expire
SCTime_t expire
Definition util-var.h:65

XBit_::idx
uint32_t idx
Definition util-var.h:63

suricata-common.h

threads.h

util-debug.h

FatalError
#define FatalError(...)
Definition util-debug.h:510

SCMalloc
#define SCMalloc(sz)
Definition util-mem.h:47

unlikely
#define unlikely(expr)
Definition util-optimize.h:35

SCTIME_FROM_SECS
#define SCTIME_FROM_SECS(s)
Definition util-time.h:69

SCTIME_CMP_GT
#define SCTIME_CMP_GT(a, b)
Definition util-time.h:104

SCTIME_CMP_LT
#define SCTIME_CMP_LT(a, b)
Definition util-time.h:105

util-unittest.h

GenericVarAppend
void GenericVarAppend(GenericVar **list, GenericVar *gv)
Definition util-var.c:98

GenericVarFree
void GenericVarFree(GenericVar *gv)
Definition util-var.c:48

XBitFree
void XBitFree(XBit *fb)
Definition util-var.c:40

GenericVarRemove
void GenericVarRemove(GenericVar **list, GenericVar *gv)
Definition util-var.c:117

util-var.h