suricata
reputation.c
Go to the documentation of this file.
1/* Copyright (C) 2007-2022 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18/**
19 * \file
20 *
21 * \author Pablo Rincon Crespo <pablo.rincon.crespo@gmail.com>
22 * \author Victor Julien <victor@inliniac.net>
23 * Original Idea by Matt Jonkman
24 *
25 * IP Reputation Module, initial API for IPV4 and IPV6 feed
26 */
27
28#include "suricata-common.h"
29#include "detect.h"
30#include "reputation.h"
31#include "threads.h"
32#include "conf.h"
33
34#include "util-byte.h"
35#include "util-debug.h"
36#include "util-error.h"
37#include "util-ip.h"
38#include "util-path.h"
39#include "util-print.h"
40#include "util-unittest.h"
41#include "util-validate.h"
42#include "util-radix4-tree.h"
43#include "util-radix6-tree.h"
44
45/** effective reputation version, atomic as the host
46 * time out code will use it to check if a host's
47 * reputation info is outdated. */
48SC_ATOMIC_DECLARE(uint32_t, srep_eversion);
49/** reputation version set to the host's reputation,
50 * this will be set to 1 before rep files are loaded,
51 * so hosts will always have a minimal value of 1 */
52static uint32_t srep_version = 0;
53
54static uint32_t SRepIncrVersion(void)
55{
56 return ++srep_version;
57}
58
59static uint32_t SRepGetVersion(void)
60{
61 return srep_version;
62}
63
64void SRepResetVersion(void)
65{
66 srep_version = 0;
67}
68
69static uint32_t SRepGetEffectiveVersion(void)
70{
71 return SC_ATOMIC_GET(srep_eversion);
72}
73
74static void SRepCIDRFreeUserData(void *data)
75{
76 if (data != NULL)
77 SCFree(data);
78}
79
80static SCRadix4Config iprep_radix4_config = { SRepCIDRFreeUserData, NULL };
81static SCRadix6Config iprep_radix6_config = { SRepCIDRFreeUserData, NULL };
82
83static void SRepCIDRAddNetblock(SRepCIDRTree *cidr_ctx, char *ip, int cat, uint8_t value)
84{
85 SReputation *user_data = NULL;
86 if ((user_data = SCCalloc(1, sizeof(SReputation))) == NULL) {
87 FatalError("Error allocating memory. Exiting");
88 }
89
90 user_data->version = SRepGetVersion();
91 user_data->rep[cat] = value;
92
93 if (strchr(ip, ':') != NULL) {
94 SCLogDebug("adding ipv6 host %s", ip);
95 if (!SCRadix6AddKeyIPV6String(
96 &cidr_ctx->srep_ipv6_tree[cat], &iprep_radix6_config, ip, (void *)user_data)) {
97 SCFree(user_data);
98 if (sc_errno != SC_EEXIST)
99 SCLogWarning("failed to add ipv6 host %s", ip);
100 }
101
102 } else {
103 SCLogDebug("adding ipv4 host %s", ip);
104 if (!SCRadix4AddKeyIPV4String(
105 &cidr_ctx->srep_ipv4_tree[cat], &iprep_radix4_config, ip, (void *)user_data)) {
106 SCFree(user_data);
107 if (sc_errno != SC_EEXIST)
108 SCLogWarning("failed to add ipv4 host %s", ip);
109 }
110 }
111}
112
113static int8_t SRepCIDRGetIPv4IPRep(SRepCIDRTree *cidr_ctx, uint8_t *ipv4_addr, uint8_t cat)
114{
115 void *user_data = NULL;
116 (void)SCRadix4TreeFindBestMatch(&cidr_ctx->srep_ipv4_tree[cat], ipv4_addr, &user_data);
117 if (user_data == NULL)
118 return -1;
119
120 SReputation *r = (SReputation *)user_data;
121 return r->rep[cat];
122}
123
124static int8_t SRepCIDRGetIPv6IPRep(SRepCIDRTree *cidr_ctx, uint8_t *ipv6_addr, uint8_t cat)
125{
126 void *user_data = NULL;
127 (void)SCRadix6TreeFindBestMatch(&cidr_ctx->srep_ipv6_tree[cat], ipv6_addr, &user_data);
128 if (user_data == NULL)
129 return -1;
130
131 SReputation *r = (SReputation *)user_data;
132 return r->rep[cat];
133}
134
135int8_t SRepCIDRGetIPRepSrc(SRepCIDRTree *cidr_ctx, Packet *p, uint8_t cat, uint32_t version)
136{
137 int8_t rep = -3;
138
139 if (PacketIsIPv4(p))
140 rep = SRepCIDRGetIPv4IPRep(cidr_ctx, (uint8_t *)GET_IPV4_SRC_ADDR_PTR(p), cat);
141 else if (PacketIsIPv6(p))
142 rep = SRepCIDRGetIPv6IPRep(cidr_ctx, (uint8_t *)GET_IPV6_SRC_ADDR(p), cat);
143
144 return rep;
145}
146
147int8_t SRepCIDRGetIPRepDst(SRepCIDRTree *cidr_ctx, Packet *p, uint8_t cat, uint32_t version)
148{
149 int8_t rep = -3;
150
151 if (PacketIsIPv4(p))
152 rep = SRepCIDRGetIPv4IPRep(cidr_ctx, (uint8_t *)GET_IPV4_DST_ADDR_PTR(p), cat);
153 else if (PacketIsIPv6(p))
154 rep = SRepCIDRGetIPv6IPRep(cidr_ctx, (uint8_t *)GET_IPV6_DST_ADDR(p), cat);
155
156 return rep;
157}
158
159/** \brief Increment effective reputation version after
160 * a rule/reputation reload is complete. */
161void SRepReloadComplete(void)
162{
163 (void) SC_ATOMIC_ADD(srep_eversion, 1);
164 SCLogDebug("effective Reputation version %u", SRepGetEffectiveVersion());
165}
166
167void SRepFreeHostData(Host *h)
168{
169 SCFree(h->iprep);
170 h->iprep = NULL;
171 DEBUG_VALIDATE_BUG_ON(SC_ATOMIC_GET(h->use_cnt) != 1);
172 HostDecrUsecnt(h);
173}
174
175/** \brief Set effective reputation version after
176 * reputation initialization is complete. */
177static void SRepInitComplete(void)
178{
179 (void) SC_ATOMIC_SET(srep_eversion, 1);
180 SCLogDebug("effective Reputation version %u", SRepGetEffectiveVersion());
181}
182
183/** \brief Check if a Host is timed out wrt ip rep, meaning a new
184 * version is in place.
185 *
186 * We clean up the old version here.
187 *
188 * \param h host
189 *
190 * \retval 0 not timed out
191 * \retval 1 timed out
192 */
193int SRepHostTimedOut(Host *h)
194{
195 BUG_ON(h == NULL);
196
197 if (h->iprep == NULL)
198 return 1;
199
200 uint32_t eversion = SRepGetEffectiveVersion();
201 SReputation *r = h->iprep;
202 if (r->version < eversion) {
203 SCLogDebug("host %p has reputation version %u, "
204 "effective version is %u", h, r->version, eversion);
205 SRepFreeHostData(h);
206 return 1;
207 }
208
209 return 0;
210}
211
212static int SRepCatSplitLine(char *line, uint8_t *cat, char *shortname, size_t shortname_len)
213{
214 size_t line_len = strlen(line);
215 char *ptrs[2] = {NULL,NULL};
216 int i = 0;
217 int idx = 0;
218 char *origline = line;
219
220 while (i < (int)line_len) {
221 if (line[i] == ',' || line[i] == '\n' || line[i] == '\0' || i == (int)(line_len - 1)) {
222 line[i] = '\0';
223
224 ptrs[idx] = line;
225 idx++;
226
227 line += (i+1);
228 i = 0;
229
230 if (line >= origline + line_len)
231 break;
232 if (strlen(line) == 0)
233 break;
234 if (idx == 2)
235 break;
236 } else {
237 i++;
238 }
239 }
240
241 if (idx != 2) {
242 return -1;
243 }
244
245 SCLogDebug("%s, %s", ptrs[0], ptrs[1]);
246
247 int c;
248 if (StringParseI32RangeCheck(&c, 10, 0, (const char *)ptrs[0], 0, SREP_MAX_CATS - 1) < 0)
249 return -1;
250
251 *cat = (uint8_t)c;
252 strlcpy(shortname, ptrs[1], shortname_len);
253 return 0;
254}
255
256/**
257 * \retval 0 valid
258 * \retval 1 header
259 * \retval -1 bad line
260 */
261static int SRepSplitLine(SRepCIDRTree *cidr_ctx, char *line, Address *ip, uint8_t *cat, uint8_t *value)
262{
263 size_t line_len = strlen(line);
264 char *ptrs[3] = {NULL,NULL,NULL};
265 int i = 0;
266 int idx = 0;
267 char *origline = line;
268
269 while (i < (int)line_len) {
270 if (line[i] == ',' || line[i] == '\n' || line[i] == '\r' || line[i] == '\0' ||
271 i == (int)(line_len - 1)) {
272 line[i] = '\0';
273
274 ptrs[idx] = line;
275 idx++;
276
277 line += (i+1);
278 i = 0;
279
280 if (line >= origline + line_len)
281 break;
282 if (strlen(line) == 0)
283 break;
284 if (idx == 3)
285 break;
286 } else {
287 i++;
288 }
289 }
290
291 if (idx != 3) {
292 return -1;
293 }
294
295 //SCLogInfo("%s, %s, %s", ptrs[0], ptrs[1], ptrs[2]);
296
297 if (strcmp(ptrs[0], "ip") == 0)
298 return 1;
299
300 uint8_t c, v;
301 if (StringParseU8RangeCheck(&c, 10, 0, (const char *)ptrs[1], 0, SREP_MAX_CATS - 1) < 0)
302 return -1;
303
304 if (StringParseU8RangeCheck(&v, 10, 0, (const char *)ptrs[2], 0, SREP_MAX_VAL) < 0)
305 return -1;
306
307 if (strchr(ptrs[0], '/') != NULL) {
308 SRepCIDRAddNetblock(cidr_ctx, ptrs[0], c, v);
309 return 1;
310 } else {
311 if (inet_pton(AF_INET, ptrs[0], &ip->address) == 1) {
312 ip->family = AF_INET;
313 } else if (inet_pton(AF_INET6, ptrs[0], &ip->address) == 1) {
314 ip->family = AF_INET6;
315 } else {
316 return -1;
317 }
318
319 *cat = c;
320 *value = v;
321 }
322
323 return 0;
324}
325
326#define SREP_SHORTNAME_LEN 32
327static char srep_cat_table[SREP_MAX_CATS][SREP_SHORTNAME_LEN];
328
329uint8_t SRepCatGetByShortname(char *shortname)
330{
331 uint8_t cat;
332 for (cat = 0; cat < SREP_MAX_CATS; cat++) {
333 if (strcmp(srep_cat_table[cat], shortname) == 0)
334 return cat;
335 }
336
337 return 0;
338}
339
340static int SRepLoadCatFile(const char *filename)
341{
342 int r = 0;
343 FILE *fp = fopen(filename, "r");
344
345 if (fp == NULL) {
346 SCLogError("opening ip rep file %s: %s", filename, strerror(errno));
347 return -1;
348 }
349
350 r = SRepLoadCatFileFromFD(fp);
351
352 fclose(fp);
353 fp = NULL;
354 return r;
355}
356
357int SRepLoadCatFileFromFD(FILE *fp)
358{
359 char line[8192] = "";
360 Address a;
361 memset(&a, 0x00, sizeof(a));
362 a.family = AF_INET;
363 memset(&srep_cat_table, 0x00, sizeof(srep_cat_table));
364
365 BUG_ON(SRepGetVersion() > 0);
366
367 while(fgets(line, (int)sizeof(line), fp) != NULL) {
368 size_t len = strlen(line);
369 if (len == 0)
370 continue;
371
372 /* ignore comments and empty lines */
373 if (line[0] == '\n' || line [0] == '\r' || line[0] == ' ' || line[0] == '#' || line[0] == '\t')
374 continue;
375
376 while (isspace((unsigned char)line[--len]));
377
378 /* Check if we have a trailing newline, and remove it */
379 len = strlen(line);
380 if (len == 0)
381 continue;
382
383 if (line[len - 1] == '\n' || line[len - 1] == '\r') {
384 line[len - 1] = '\0';
385 }
386
387 uint8_t cat = 0;
388 char shortname[SREP_SHORTNAME_LEN];
389 if (SRepCatSplitLine(line, &cat, shortname, sizeof(shortname)) == 0) {
390 strlcpy(srep_cat_table[cat], shortname, SREP_SHORTNAME_LEN);
391 } else {
392 SCLogError("bad line \"%s\"", line);
393 }
394 }
395
396 SCLogDebug("IP Rep categories:");
397 int i;
398 for (i = 0; i < SREP_MAX_CATS; i++) {
399 if (strlen(srep_cat_table[i]) == 0)
400 continue;
401 SCLogDebug("CAT %d, name %s", i, srep_cat_table[i]);
402 }
403 return 0;
404}
405
406static int SRepLoadFile(SRepCIDRTree *cidr_ctx, char *filename)
407{
408 int r = 0;
409 FILE *fp = fopen(filename, "r");
410
411 if (fp == NULL) {
412 SCLogError("opening ip rep file %s: %s", filename, strerror(errno));
413 return -1;
414 }
415
416 r = SRepLoadFileFromFD(cidr_ctx, fp);
417
418 fclose(fp);
419 fp = NULL;
420 return r;
421}
422
423int SRepLoadFileFromFD(SRepCIDRTree *cidr_ctx, FILE *fp)
424{
425 char line[8192] = "";
426
427 while(fgets(line, (int)sizeof(line), fp) != NULL) {
428 size_t len = strlen(line);
429 if (len == 0)
430 continue;
431
432 /* ignore comments and empty lines */
433 if (line[0] == '\n' || line [0] == '\r' || line[0] == ' ' || line[0] == '#' || line[0] == '\t')
434 continue;
435
436 while (isspace((unsigned char)line[--len]));
437
438 /* Check if we have a trailing newline, and remove it */
439 len = strlen(line);
440 if (len == 0)
441 continue;
442
443 if (line[len - 1] == '\n' || line[len - 1] == '\r') {
444 line[len - 1] = '\0';
445 }
446
447 Address a;
448 memset(&a, 0x00, sizeof(a));
449 a.family = AF_INET;
450
451 uint8_t cat = 0, value = 0;
452 int r = SRepSplitLine(cidr_ctx, line, &a, &cat, &value);
453 if (r < 0) {
454 SCLogError("bad line \"%s\"", line);
455 } else if (r == 0) {
456 if (a.family == AF_INET) {
457 char ipstr[16];
458 PrintInet(AF_INET, (const void *)&a.address, ipstr, sizeof(ipstr));
459 SCLogDebug("%s %u %u", ipstr, cat, value);
460 } else {
461 char ipstr[128];
462 PrintInet(AF_INET6, (const void *)&a.address, ipstr, sizeof(ipstr));
463 SCLogDebug("%s %u %u", ipstr, cat, value);
464 }
465
466 Host *h = HostGetHostFromHash(&a);
467 if (h == NULL) {
468 SCLogError("failed to get a host, increase host.memcap");
469 break;
470 } else {
471 //SCLogInfo("host %p", h);
472
473 if (h->iprep == NULL) {
474 h->iprep = SCCalloc(1, sizeof(SReputation));
475 if (h->iprep != NULL) {
476 HostIncrUsecnt(h);
477 }
478 }
479 if (h->iprep != NULL) {
480 SReputation *rep = h->iprep;
481
482 /* if version is outdated, it's an older entry that we'll
483 * now replace. */
484 if (rep->version != SRepGetVersion()) {
485 memset(rep, 0x00, sizeof(SReputation));
486 }
487
488 rep->version = SRepGetVersion();
489 rep->rep[cat] = value;
490
491 SCLogDebug("host %p iprep %p setting cat %u to value %u",
492 h, h->iprep, cat, value);
493#ifdef DEBUG
494 if (SCLogDebugEnabled()) {
495 int i;
496 for (i = 0; i < SREP_MAX_CATS; i++) {
497 if (rep->rep[i] == 0)
498 continue;
499
500 SCLogDebug("--> host %p iprep %p cat %d to value %u",
501 h, h->iprep, i, rep->rep[i]);
502 }
503 }
504#endif
505 }
506
507 HostRelease(h);
508 }
509 }
510 }
511
512 return 0;
513}
514
515/**
516 * \brief Create the path if default-rule-path was specified
517 * \param sig_file The name of the file
518 * \retval str Pointer to the string path + sig_file
519 */
520static char *SRepCompleteFilePath(char *file)
521{
522 const char *defaultpath = NULL;
523 char *path = NULL;
524
525 /* Path not specified */
526 if (PathIsRelative(file)) {
527 if (SCConfGet("default-reputation-path", &defaultpath) == 1) {
528 SCLogDebug("Default path: %s", defaultpath);
529 size_t path_len = sizeof(char) * (strlen(defaultpath) +
530 strlen(file) + 2);
531 path = SCMalloc(path_len);
532 if (unlikely(path == NULL))
533 return NULL;
534 strlcpy(path, defaultpath, path_len);
535#if defined OS_WIN32 || defined __CYGWIN__
536 if (path[strlen(path) - 1] != '\\')
537 strlcat(path, "\\\\", path_len);
538#else
539 if (path[strlen(path) - 1] != '/')
540 strlcat(path, "/", path_len);
541#endif
542 strlcat(path, file, path_len);
543 } else {
544 path = SCStrdup(file);
545 if (unlikely(path == NULL))
546 return NULL;
547 }
548 } else {
549 path = SCStrdup(file);
550 if (unlikely(path == NULL))
551 return NULL;
552 }
553 return path;
554}
555
556/** \brief init reputation
557 *
558 * \param de_ctx detection engine ctx for tracking iprep version
559 *
560 * \retval 0 ok
561 * \retval -1 error
562 *
563 * If this function is called more than once, the category file
564 * is not reloaded.
565 */
566int SRepInit(DetectEngineCtx *de_ctx)
567{
568 SCConfNode *files;
569 SCConfNode *file = NULL;
570 const char *filename = NULL;
571 int init = 0;
572
573 de_ctx->srepCIDR_ctx = (SRepCIDRTree *)SCCalloc(1, sizeof(SRepCIDRTree));
574 if (de_ctx->srepCIDR_ctx == NULL)
575 exit(EXIT_FAILURE);
576
577 for (int i = 0; i < SREP_MAX_CATS; i++) {
578 de_ctx->srepCIDR_ctx->srep_ipv4_tree[i] = SCRadix4TreeInitialize();
579 de_ctx->srepCIDR_ctx->srep_ipv6_tree[i] = SCRadix6TreeInitialize();
580 }
581
582 SRepCIDRTree *cidr_ctx = de_ctx->srepCIDR_ctx;
583
584 if (SRepGetVersion() == 0) {
585 SC_ATOMIC_INIT(srep_eversion);
586 init = 1;
587 }
588
589 /* if both settings are missing, we assume the user doesn't want ip rep */
590 (void)SCConfGet("reputation-categories-file", &filename);
591 files = SCConfGetNode("reputation-files");
592 if (filename == NULL && files == NULL) {
593 SCLogConfig("IP reputation disabled");
594 return 0;
595 }
596
597 if (files == NULL) {
598 SCLogError("\"reputation-files\" not set");
599 return -1;
600 }
601
602 if (init) {
603 if (filename == NULL) {
604 SCLogError("\"reputation-categories-file\" not set");
605 return -1;
606 }
607
608 /* init even if we have reputation files, so that when we
609 * have a live reload, we have inited the cats */
610 if (SRepLoadCatFile(filename) < 0) {
611 SCLogError("failed to load reputation "
612 "categories file %s",
613 filename);
614 return -1;
615 }
616 }
617
618 de_ctx->srep_version = SRepIncrVersion();
619 SCLogDebug("Reputation version %u", de_ctx->srep_version);
620
621 /* ok, let's load reputation files from the general config */
622 if (files != NULL) {
623 TAILQ_FOREACH(file, &files->head, next) {
624 char *sfile = SRepCompleteFilePath(file->val);
625 if (sfile) {
626 SCLogInfo("Loading reputation file: %s", sfile);
627
628 int r = SRepLoadFile(cidr_ctx, sfile);
629 if (r < 0){
630 if (de_ctx->failure_fatal) {
631 exit(EXIT_FAILURE);
632 }
633 }
634 SCFree(sfile);
635 }
636 }
637 }
638
639 /* Set effective rep version.
640 * On live reload we will handle this after de_ctx has been swapped */
641 if (init) {
642 SRepInitComplete();
643 }
644
645 HostPrintStats();
646 return 0;
647}
648
649void SRepDestroy(DetectEngineCtx *de_ctx)
650{
651 if (de_ctx->srepCIDR_ctx != NULL) {
652 for (int i = 0; i < SREP_MAX_CATS; i++) {
653 SCRadix4TreeRelease(&de_ctx->srepCIDR_ctx->srep_ipv4_tree[i], &iprep_radix4_config);
654 SCRadix6TreeRelease(&de_ctx->srepCIDR_ctx->srep_ipv6_tree[i], &iprep_radix6_config);
655 }
656 SCFree(de_ctx->srepCIDR_ctx);
657 de_ctx->srepCIDR_ctx = NULL;
658 }
659}
660
661#ifdef UNITTESTS
662#include "tests/reputation.c"
663#endif
len
uint8_t len
Definition app-layer-dnp3.h:2
next
struct HtpBodyChunk_ * next
Definition app-layer-htp.h:0
SCConfGetNode
SCConfNode * SCConfGetNode(const char *name)
Get a SCConfNode by name.
Definition conf.c:181
SCConfGet
int SCConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition conf.c:350
version
uint8_t version
Definition decode-gre.h:1
GET_IPV6_DST_ADDR
#define GET_IPV6_DST_ADDR(p)
Definition decode.h:204
GET_IPV4_SRC_ADDR_PTR
#define GET_IPV4_SRC_ADDR_PTR(p)
Definition decode.h:198
GET_IPV6_SRC_ADDR
#define GET_IPV6_SRC_ADDR(p)
Definition decode.h:203
GET_IPV4_DST_ADDR_PTR
#define GET_IPV4_DST_ADDR_PTR(p)
Definition decode.h:199
de_ctx
DetectEngineCtx * de_ctx
Definition fuzz_siginit.c:18
HostPrintStats
void HostPrintStats(void)
print some host stats
Definition host.c:284
HostGetHostFromHash
Host * HostGetHostFromHash(Address *a)
Definition host.c:486
HostRelease
void HostRelease(Host *h)
Definition host.c:461
HostDecrUsecnt
#define HostDecrUsecnt(h)
Definition host.h:114
HostIncrUsecnt
#define HostIncrUsecnt(h)
Definition host.h:112
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition queue.h:252
SRepReloadComplete
void SRepReloadComplete(void)
Increment effective reputation version after a rule/reputation reload is complete.
Definition reputation.c:161
SRepCatGetByShortname
uint8_t SRepCatGetByShortname(char *shortname)
Definition reputation.c:329
SRepLoadCatFileFromFD
int SRepLoadCatFileFromFD(FILE *fp)
Definition reputation.c:357
SRepCIDRGetIPRepDst
int8_t SRepCIDRGetIPRepDst(SRepCIDRTree *cidr_ctx, Packet *p, uint8_t cat, uint32_t version)
Definition reputation.c:147
SRepDestroy
void SRepDestroy(DetectEngineCtx *de_ctx)
Definition reputation.c:649
SRepCIDRGetIPRepSrc
int8_t SRepCIDRGetIPRepSrc(SRepCIDRTree *cidr_ctx, Packet *p, uint8_t cat, uint32_t version)
Definition reputation.c:135
SRepInit
int SRepInit(DetectEngineCtx *de_ctx)
init reputation
Definition reputation.c:566
SRepResetVersion
void SRepResetVersion(void)
Definition reputation.c:64
SREP_SHORTNAME_LEN
#define SREP_SHORTNAME_LEN
Definition reputation.c:326
SRepLoadFileFromFD
int SRepLoadFileFromFD(SRepCIDRTree *cidr_ctx, FILE *fp)
Definition reputation.c:423
SRepFreeHostData
void SRepFreeHostData(Host *h)
Definition reputation.c:167
SRepHostTimedOut
int SRepHostTimedOut(Host *h)
Check if a Host is timed out wrt ip rep, meaning a new version is in place.
Definition reputation.c:193
SREP_MAX_VAL
#define SREP_MAX_VAL
Definition reputation.h:34
SREP_MAX_CATS
#define SREP_MAX_CATS
Definition reputation.h:33
Address_
Definition decode.h:112
Address_::address
union Address_::@30 address
Address_::family
char family
Definition decode.h:113
DetectEngineCtx_
main detection engine ctx
Definition detect.h:932
DetectEngineCtx_::srep_version
uint32_t srep_version
Definition detect.h:945
DetectEngineCtx_::srepCIDR_ctx
SRepCIDRTree * srepCIDR_ctx
Definition detect.h:948
DetectEngineCtx_::failure_fatal
bool failure_fatal
Definition detect.h:933
Host_
Definition host.h:58
Host_::iprep
void * iprep
Definition host.h:69
Packet_
Definition decode.h:501
SCConfNode_
Definition conf.h:37
SCConfNode_::val
char * val
Definition conf.h:39
SCRadix4Config_
Definition util-radix4-tree.h:71
SCRadix6Config_
Definition util-radix6-tree.h:69
SRepCIDRTree_
Definition reputation.h:36
SRepCIDRTree_::srep_ipv6_tree
SCRadix6Tree srep_ipv6_tree[SREP_MAX_CATS]
Definition reputation.h:38
SRepCIDRTree_::srep_ipv4_tree
SCRadix4Tree srep_ipv4_tree[SREP_MAX_CATS]
Definition reputation.h:37
SReputation_
Definition reputation.h:41
SReputation_::version
uint32_t version
Definition reputation.h:42
SReputation_::rep
uint8_t rep[SREP_MAX_CATS]
Definition reputation.h:43
BUG_ON
#define BUG_ON(x)
Definition suricata-common.h:317
strlcat
size_t strlcat(char *, const char *src, size_t siz)
Definition util-strlcatu.c:45
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition util-strlcpyu.c:43
SC_ATOMIC_ADD
#define SC_ATOMIC_ADD(name, val)
add a value to our atomic variable
Definition util-atomic.h:332
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
Definition util-atomic.h:314
SC_ATOMIC_DECLARE
#define SC_ATOMIC_DECLARE(type, name)
wrapper for declaring atomic variables.
Definition util-atomic.h:280
SC_ATOMIC_GET
#define SC_ATOMIC_GET(name)
Get the value from the atomic variable.
Definition util-atomic.h:375
SC_ATOMIC_SET
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
Definition util-atomic.h:386
StringParseU8RangeCheck
int StringParseU8RangeCheck(uint8_t *res, int base, size_t len, const char *str, uint8_t min, uint8_t max)
Definition util-byte.c:462
StringParseI32RangeCheck
int StringParseI32RangeCheck(int32_t *res, int base, size_t len, const char *str, int32_t min, int32_t max)
Definition util-byte.c:716
SCLogDebugEnabled
int SCLogDebugEnabled(void)
Returns whether debug messages are enabled to be logged or not.
Definition util-debug.c:767
FatalError
#define FatalError(...)
Definition util-debug.h:510
SCLogDebug
#define SCLogDebug(...)
Definition util-debug.h:275
SCLogWarning
#define SCLogWarning(...)
Macro used to log WARNING messages.
Definition util-debug.h:255
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition util-debug.h:225
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition util-debug.h:267
SCLogConfig
#define SCLogConfig(...)
Definition util-debug.h:229
sc_errno
thread_local SCError sc_errno
Definition util-error.c:31
SC_EEXIST
@ SC_EEXIST
Definition util-error.h:32
SCMalloc
#define SCMalloc(sz)
Definition util-mem.h:47
SCFree
#define SCFree(p)
Definition util-mem.h:61
SCCalloc
#define SCCalloc(nm, sz)
Definition util-mem.h:53
SCStrdup
#define SCStrdup(s)
Definition util-mem.h:56
unlikely
#define unlikely(expr)
Definition util-optimize.h:35
PathIsRelative
int PathIsRelative(const char *path)
Check if a path is relative.
Definition util-path.c:69
PrintInet
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
Definition util-print.c:231
SCRadix4TreeFindBestMatch
SCRadix4Node * SCRadix4TreeFindBestMatch(const SCRadix4Tree *tree, const uint8_t *key, void **user_data)
Definition util-radix4-tree.c:154
SCRadix4TreeInitialize
SCRadix4Tree SCRadix4TreeInitialize(void)
Definition util-radix4-tree.c:166
SCRadix4AddKeyIPV4String
bool SCRadix4AddKeyIPV4String(SCRadix4Tree *tree, const SCRadix4Config *config, const char *str, void *user)
Adds a new IPV4/netblock to the Radix4 tree from a string.
Definition util-radix4-tree.c:227
SCRadix4TreeRelease
void SCRadix4TreeRelease(SCRadix4Tree *tree, const SCRadix4Config *config)
Definition util-radix4-tree.c:172
SCRadix6TreeFindBestMatch
SCRadix6Node * SCRadix6TreeFindBestMatch(const SCRadix6Tree *tree, const uint8_t *key, void **user_data)
Definition util-radix6-tree.c:173
SCRadix6TreeInitialize
SCRadix6Tree SCRadix6TreeInitialize(void)
Definition util-radix6-tree.c:360
SCRadix6TreeRelease
void SCRadix6TreeRelease(SCRadix6Tree *tree, const SCRadix6Config *config)
Definition util-radix6-tree.c:366
SCRadix6AddKeyIPV6String
bool SCRadix6AddKeyIPV6String(SCRadix6Tree *tree, const SCRadix6Config *config, const char *str, void *user)
Adds a new IPV6/netblock to the Radix6 tree from a string.
Definition util-radix6-tree.c:262
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition util-validate.h:102