本文整理汇总了C++中SCMalloc函数的典型用法代码示例。如果您正苦于以下问题:C++ SCMalloc函数的具体用法?C++ SCMalloc怎么用?C++ SCMalloc使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了SCMalloc函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: DecodeEthernetTest01
/** DecodeEthernettest01
* \brief Valid Ethernet packet
* \retval 0 Expected test value
*/
static int DecodeEthernetTest01 (void)
{
/* ICMP packet wrapped in PPPOE */
uint8_t raw_eth[] = {
0x00, 0x10, 0x94, 0x55, 0x00, 0x01, 0x00, 0x10,
0x94, 0x56, 0x00, 0x01, 0x88, 0x64, 0x11, 0x00,
0x00, 0x01, 0x00, 0x68, 0x00, 0x21, 0x45, 0xc0,
0x00, 0x64, 0x00, 0x1e, 0x00, 0x00, 0xff, 0x01,
0xa7, 0x78, 0x0a, 0x00, 0x00, 0x02, 0x0a, 0x00,
0x00, 0x01, 0x08, 0x00, 0x4a, 0x61, 0x00, 0x06,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0f,
0x3b, 0xd4, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
0xab, 0xcd };
Packet *p = SCMalloc(SIZE_OF_PACKET);
if (unlikely(p == NULL))
return 0;
ThreadVars tv;
DecodeThreadVars dtv;
memset(&dtv, 0, sizeof(DecodeThreadVars));
memset(&tv, 0, sizeof(ThreadVars));
memset(p, 0, SIZE_OF_PACKET);
DecodeEthernet(&tv, &dtv, p, raw_eth, sizeof(raw_eth), NULL);
SCFree(p);
return 1;
}示例2: DecodeGREtest01
static int DecodeGREtest01 (void) {
uint8_t raw_gre[] = { 0x00 ,0x6e ,0x62 };
Packet *p = SCMalloc(SIZE_OF_PACKET);
if (p == NULL)
return 0;
ThreadVars tv;
DecodeThreadVars dtv;
memset(&tv, 0, sizeof(ThreadVars));
memset(p, 0, SIZE_OF_PACKET);
p->pkt = (uint8_t *)(p + 1);
memset(&dtv, 0, sizeof(DecodeThreadVars));
DecodeGRE(&tv, &dtv, p, raw_gre, sizeof(raw_gre), NULL);
if(ENGINE_ISSET_EVENT(p,GRE_PKT_TOO_SMALL)) {
SCFree(p);
return 1;
}
SCFree(p);
return 0;
}示例3: DecodePPPOEtest01
/** DecodePPPOEtest01
* \brief Decode malformed PPPOE packet (too short)
* \retval 1 Expected test value
*/
static int DecodePPPOEtest01 (void) {
uint8_t raw_pppoe[] = { 0x11, 0x00, 0x00, 0x00, 0x00 };
Packet *p = SCMalloc(SIZE_OF_PACKET);
if (p == NULL)
return 0;
ThreadVars tv;
DecodeThreadVars dtv;
memset(&tv, 0, sizeof(ThreadVars));
memset(p, 0, SIZE_OF_PACKET);
p->pkt = (uint8_t *)(p + 1);
memset(&dtv, 0, sizeof(DecodeThreadVars));
DecodePPPOESession(&tv, &dtv, p, raw_pppoe, sizeof(raw_pppoe), NULL);
if (DECODER_ISSET_EVENT(p,PPPOE_PKT_TOO_SMALL)) {
SCFree(p);
return 1;
}
SCFree(p);
return 0;
}示例4: AppLayerGetProtoByName
static DetectAppLayerProtocolData *DetectAppLayerProtocolParse(const char *arg, bool negate)
{
DetectAppLayerProtocolData *data;
AppProto alproto = ALPROTO_UNKNOWN;
if (strcmp(arg, "failed") == 0) {
alproto = ALPROTO_FAILED;
} else {
alproto = AppLayerGetProtoByName((char *)arg);
if (alproto == ALPROTO_UNKNOWN) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "app-layer-protocol "
"keyword supplied with unknown protocol \"%s\"", arg);
return NULL;
}
}
data = SCMalloc(sizeof(DetectAppLayerProtocolData));
if (unlikely(data == NULL))
return NULL;
data->alproto = alproto;
data->negated = negate;
return data;
}示例5: ReceiveNFQThreadInit
TmEcode ReceiveNFQThreadInit(ThreadVars *tv, void *initdata, void **data) {
SCMutexLock(&nfq_init_lock);
#ifndef OS_WIN32
sigset_t sigs;
sigfillset(&sigs);
pthread_sigmask(SIG_BLOCK, &sigs, NULL);
#endif /* OS_WIN32 */
NFQThreadVars *ntv = (NFQThreadVars *) initdata;
/* store the ThreadVars pointer in our NFQ thread context
* as we will need it in our callback function */
ntv->tv = tv;
int r = NFQInitThread(ntv, (max_pending_packets * NFQ_BURST_FACTOR));
if (r < 0) {
SCLogError(SC_ERR_NFQ_THREAD_INIT, "nfq thread failed to initialize");
SCMutexUnlock(&nfq_init_lock);
exit(EXIT_FAILURE);
}
#define T_DATA_SIZE 70000
ntv->data = SCMalloc(T_DATA_SIZE);
if (ntv->data == NULL) {
SCMutexUnlock(&nfq_init_lock);
return TM_ECODE_FAILED;
}
ntv->datalen = T_DATA_SIZE;
#undef T_DATA_SIZE
*data = (void *)ntv;
SCMutexUnlock(&nfq_init_lock);
return TM_ECODE_OK;
}示例6: SetBpfString
static void SetBpfString(int optind, char *argv[]) {
char *bpf_filter = NULL;
uint32_t bpf_len = 0;
int tmpindex = 0;
/* attempt to parse remaining args as bpf filter */
tmpindex = optind;
while(argv[tmpindex] != NULL) {
bpf_len+=strlen(argv[tmpindex]) + 1;
tmpindex++;
}
if (bpf_len == 0)
return;
bpf_filter = SCMalloc(bpf_len);
if (bpf_filter == NULL)
return;
memset(bpf_filter, 0x00, bpf_len);
tmpindex = optind;
while(argv[tmpindex] != NULL) {
strlcat(bpf_filter, argv[tmpindex],bpf_len);
if(argv[tmpindex + 1] != NULL) {
strlcat(bpf_filter," ", bpf_len);
}
tmpindex++;
}
if(strlen(bpf_filter) > 0) {
if (ConfSet("bpf-filter", bpf_filter, 0) != 1) {
fprintf(stderr, "ERROR: Failed to set bpf filter.\n");
exit(EXIT_FAILURE);
}
}
}示例7: SCMalloc
void *ParseMpipeConfig(const char *iface)
{
ConfNode *if_root;
ConfNode *mpipe_node;
MpipeIfaceConfig *aconf = SCMalloc(sizeof(*aconf));
char *copymodestr;
char *out_iface = NULL;
if (unlikely(aconf == NULL)) {
return NULL;
}
if (iface == NULL) {
SCFree(aconf);
return NULL;
}
strlcpy(aconf->iface, iface, sizeof(aconf->iface));
/* Find initial node */
mpipe_node = ConfGetNode("mpipe.inputs");
if (mpipe_node == NULL) {
SCLogInfo("Unable to find mpipe config using default value");
return aconf;
}
if_root = ConfNodeLookupKeyValue(mpipe_node, "interface", iface);
if (if_root == NULL) {
SCLogInfo("Unable to find mpipe config for "
"interface %s, using default value",
iface);
return aconf;
}
if (ConfGetChildValue(if_root, "copy-iface", &out_iface) == 1) {
if (strlen(out_iface) > 0) {
aconf->out_iface = out_iface;
}
}
aconf->copy_mode = MPIPE_COPY_MODE_NONE;
if (ConfGetChildValue(if_root, "copy-mode", ©modestr) == 1) {
if (aconf->out_iface == NULL) {
SCLogInfo("Copy mode activated but no destination"
" iface. Disabling feature");
} else if (strlen(copymodestr) <= 0) {
aconf->out_iface = NULL;
} else if (strcmp(copymodestr, "ips") == 0) {
SCLogInfo("MPIPE IPS mode activated %s->%s",
iface,
aconf->out_iface);
aconf->copy_mode = MPIPE_COPY_MODE_IPS;
} else if (strcmp(copymodestr, "tap") == 0) {
SCLogInfo("MPIPE TAP mode activated %s->%s",
iface,
aconf->out_iface);
aconf->copy_mode = MPIPE_COPY_MODE_TAP;
} else {
SCLogInfo("Invalid mode (no in tap, ips)");
}
}
return aconf;
}示例8: SCMalloc
/**
* \brief Parse the filemd5 keyword
*
* \param idstr Pointer to the user provided option
*
* \retval filemd5 pointer to DetectFileMd5Data on success
* \retval NULL on failure
*/
static DetectFileMd5Data *DetectFileMd5Parse (const DetectEngineCtx *de_ctx, char *str)
{
DetectFileMd5Data *filemd5 = NULL;
FILE *fp = NULL;
char *filename = NULL;
/* We have a correct filemd5 option */
filemd5 = SCMalloc(sizeof(DetectFileMd5Data));
if (unlikely(filemd5 == NULL))
goto error;
memset(filemd5, 0x00, sizeof(DetectFileMd5Data));
if (strlen(str) && str[0] == '!') {
filemd5->negated = 1;
str++;
}
filemd5->hash = ROHashInit(18, 16);
if (filemd5->hash == NULL) {
goto error;
}
/* get full filename */
filename = DetectLoadCompleteSigPath(de_ctx, str);
if (filename == NULL) {
goto error;
}
char line[8192] = "";
fp = fopen(filename, "r");
if (fp == NULL) {
SCLogError(SC_ERR_OPENING_RULE_FILE, "opening md5 file %s: %s", filename, strerror(errno));
goto error;
}
int line_no = 0;
while(fgets(line, (int)sizeof(line), fp) != NULL) {
size_t len = strlen(line);
line_no++;
/* ignore comments and empty lines */
if (line[0] == '\n' || line [0] == '\r' || line[0] == ' ' || line[0] == '#' || line[0] == '\t')
continue;
while (isspace(line[--len]));
/* Check if we have a trailing newline, and remove it */
len = strlen(line);
if (len > 0 && (line[len - 1] == '\n' || line[len - 1] == '\r')) {
line[len - 1] = '\0';
}
/* cut off longer lines */
if (strlen(line) > 32)
line[32] = 0x00;
if (MD5LoadHash(filemd5->hash, line, filename, line_no) != 1) {
goto error;
}
}
fclose(fp);
fp = NULL;
if (ROHashInitFinalize(filemd5->hash) != 1) {
goto error;
}
SCLogInfo("MD5 hash size %u bytes%s", ROHashMemorySize(filemd5->hash), filemd5->negated ? ", negated match" : "");
SCFree(filename);
return filemd5;
error:
if (filemd5 != NULL)
DetectFileMd5Free(filemd5);
if (fp != NULL)
fclose(fp);
if (filename != NULL)
SCFree(filename);
return NULL;
}示例9: ReceivePcapThreadInit
/**
* \brief Init function for ReceivePcap.
*
* This is a setup function for recieving packets
* via libpcap. There are two versions of this function
* depending on the major version of libpcap used.
* For versions prior to 1.x we use open_pcap_live,
* for versions 1.x and greater we use pcap_create + pcap_activate.
*
* \param tv pointer to ThreadVars
* \param initdata pointer to the interface passed from the user
* \param data pointer gets populated with PcapThreadVars
*
* \todo Create a general pcap setup function.
*/
TmEcode ReceivePcapThreadInit(ThreadVars *tv, const void *initdata, void **data)
{
SCEnter();
PcapIfaceConfig *pcapconfig = (PcapIfaceConfig *)initdata;
if (initdata == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "initdata == NULL");
SCReturnInt(TM_ECODE_FAILED);
}
PcapThreadVars *ptv = SCMalloc(sizeof(PcapThreadVars));
if (unlikely(ptv == NULL)) {
pcapconfig->DerefFunc(pcapconfig);
SCReturnInt(TM_ECODE_FAILED);
}
memset(ptv, 0, sizeof(PcapThreadVars));
ptv->tv = tv;
ptv->livedev = LiveGetDevice(pcapconfig->iface);
if (ptv->livedev == NULL) {
SCLogError(SC_ERR_INVALID_VALUE, "Unable to find Live device");
SCFree(ptv);
SCReturnInt(TM_ECODE_FAILED);
}
SCLogInfo("using interface %s", (char *)pcapconfig->iface);
if (LiveGetOffload() == 0) {
(void)GetIfaceOffloading((char *)pcapconfig->iface, 1, 1);
} else {
DisableIfaceOffloading(ptv->livedev, 1, 1);
}
ptv->checksum_mode = pcapconfig->checksum_mode;
if (ptv->checksum_mode == CHECKSUM_VALIDATION_AUTO) {
SCLogInfo("Running in 'auto' checksum mode. Detection of interface state will require "
xstr(CHECKSUM_SAMPLE_COUNT) " packets.");
}
/* XXX create a general pcap setup function */
char errbuf[PCAP_ERRBUF_SIZE];
ptv->pcap_handle = pcap_create((char *)pcapconfig->iface, errbuf);
if (ptv->pcap_handle == NULL) {
if (strlen(errbuf)) {
SCLogError(SC_ERR_PCAP_CREATE, "Couldn't create a new pcap handler for %s, error %s",
(char *)pcapconfig->iface, errbuf);
} else {
SCLogError(SC_ERR_PCAP_CREATE, "Couldn't create a new pcap handler for %s",
(char *)pcapconfig->iface);
}
SCFree(ptv);
pcapconfig->DerefFunc(pcapconfig);
SCReturnInt(TM_ECODE_FAILED);
}
if (pcapconfig->snaplen == 0) {
/* We set snaplen if we can get the MTU */
ptv->pcap_snaplen = GetIfaceMaxPacketSize(pcapconfig->iface);
} else {
ptv->pcap_snaplen = pcapconfig->snaplen;
}
if (ptv->pcap_snaplen > 0) {
/* set Snaplen. Must be called before pcap_activate */
int pcap_set_snaplen_r = pcap_set_snaplen(ptv->pcap_handle, ptv->pcap_snaplen);
if (pcap_set_snaplen_r != 0) {
SCLogError(SC_ERR_PCAP_SET_SNAPLEN, "Couldn't set snaplen, error: %s", pcap_geterr(ptv->pcap_handle));
SCFree(ptv);
pcapconfig->DerefFunc(pcapconfig);
SCReturnInt(TM_ECODE_FAILED);
}
SCLogInfo("Set snaplen to %d for '%s'", ptv->pcap_snaplen,
pcapconfig->iface);
}
/* set Promisc, and Timeout. Must be called before pcap_activate */
int pcap_set_promisc_r = pcap_set_promisc(ptv->pcap_handle, pcapconfig->promisc);
//printf("ReceivePcapThreadInit: pcap_set_promisc(%p) returned %" PRId32 "\n", ptv->pcap_handle, pcap_set_promisc_r);
if (pcap_set_promisc_r != 0) {
SCLogError(SC_ERR_PCAP_SET_PROMISC, "Couldn't set promisc mode, error %s", pcap_geterr(ptv->pcap_handle));
SCFree(ptv);
pcapconfig->DerefFunc(pcapconfig);
SCReturnInt(TM_ECODE_FAILED);
}
//.........这里部分代码省略.........
示例10: ProfilingGenericTicksTest01
static int
ProfilingGenericTicksTest01(void)
{
#define TEST_RUNS 1024
uint64_t ticks_start = 0;
uint64_t ticks_end = 0;
void *ptr[TEST_RUNS];
int i;
ticks_start = UtilCpuGetTicks();
for (i = 0; i < TEST_RUNS; i++) {
ptr[i] = SCMalloc(1024);
}
ticks_end = UtilCpuGetTicks();
printf("malloc(1024) %"PRIu64"\n", (ticks_end - ticks_start)/TEST_RUNS);
ticks_start = UtilCpuGetTicks();
for (i = 0; i < TEST_RUNS; i++) {
SCFree(ptr[i]);
}
ticks_end = UtilCpuGetTicks();
printf("SCFree(1024) %"PRIu64"\n", (ticks_end - ticks_start)/TEST_RUNS);
SCMutex m[TEST_RUNS];
ticks_start = UtilCpuGetTicks();
for (i = 0; i < TEST_RUNS; i++) {
SCMutexInit(&m[i], NULL);
}
ticks_end = UtilCpuGetTicks();
printf("SCMutexInit() %"PRIu64"\n", (ticks_end - ticks_start)/TEST_RUNS);
ticks_start = UtilCpuGetTicks();
for (i = 0; i < TEST_RUNS; i++) {
SCMutexLock(&m[i]);
}
ticks_end = UtilCpuGetTicks();
printf("SCMutexLock() %"PRIu64"\n", (ticks_end - ticks_start)/TEST_RUNS);
ticks_start = UtilCpuGetTicks();
for (i = 0; i < TEST_RUNS; i++) {
SCMutexUnlock(&m[i]);
}
ticks_end = UtilCpuGetTicks();
printf("SCMutexUnlock() %"PRIu64"\n", (ticks_end - ticks_start)/TEST_RUNS);
ticks_start = UtilCpuGetTicks();
for (i = 0; i < TEST_RUNS; i++) {
SCMutexDestroy(&m[i]);
}
ticks_end = UtilCpuGetTicks();
printf("SCMutexDestroy() %"PRIu64"\n", (ticks_end - ticks_start)/TEST_RUNS);
SCSpinlock s[TEST_RUNS];
ticks_start = UtilCpuGetTicks();
for (i = 0; i < TEST_RUNS; i++) {
SCSpinInit(&s[i], 0);
}
ticks_end = UtilCpuGetTicks();
printf("SCSpinInit() %"PRIu64"\n", (ticks_end - ticks_start)/TEST_RUNS);
ticks_start = UtilCpuGetTicks();
for (i = 0; i < TEST_RUNS; i++) {
SCSpinLock(&s[i]);
}
ticks_end = UtilCpuGetTicks();
printf("SCSpinLock() %"PRIu64"\n", (ticks_end - ticks_start)/TEST_RUNS);
ticks_start = UtilCpuGetTicks();
for (i = 0; i < TEST_RUNS; i++) {
SCSpinUnlock(&s[i]);
}
ticks_end = UtilCpuGetTicks();
printf("SCSpinUnlock() %"PRIu64"\n", (ticks_end - ticks_start)/TEST_RUNS);
ticks_start = UtilCpuGetTicks();
for (i = 0; i < TEST_RUNS; i++) {
SCSpinDestroy(&s[i]);
}
ticks_end = UtilCpuGetTicks();
printf("SCSpinDestroy() %"PRIu64"\n", (ticks_end - ticks_start)/TEST_RUNS);
SC_ATOMIC_DECL_AND_INIT(unsigned int, test);
ticks_start = UtilCpuGetTicks();
for (i = 0; i < TEST_RUNS; i++) {
(void) SC_ATOMIC_ADD(test,1);
}
ticks_end = UtilCpuGetTicks();
printf("SC_ATOMIC_ADD %"PRIu64"\n", (ticks_end - ticks_start)/TEST_RUNS);
ticks_start = UtilCpuGetTicks();
for (i = 0; i < TEST_RUNS; i++) {
SC_ATOMIC_CAS(&test,i,i+1);
}
ticks_end = UtilCpuGetTicks();
printf("SC_ATOMIC_CAS %"PRIu64"\n", (ticks_end - ticks_start)/TEST_RUNS);
return 1;
}示例11: DetectXbitSetup
//.........这里部分代码省略.........
}
if (ret >= 5) {
char expire_str[16] = "";
res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 4, expire_str, sizeof(expire_str));
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
goto error;
}
SCLogDebug("expire_str %s", expire_str);
expire = atoi(expire_str);
SCLogDebug("expire %d", expire);
}
}
}
if (strcmp(fb_cmd_str,"noalert") == 0) {
fb_cmd = DETECT_XBITS_CMD_NOALERT;
} else if (strcmp(fb_cmd_str,"isset") == 0) {
fb_cmd = DETECT_XBITS_CMD_ISSET;
} else if (strcmp(fb_cmd_str,"isnotset") == 0) {
fb_cmd = DETECT_XBITS_CMD_ISNOTSET;
} else if (strcmp(fb_cmd_str,"set") == 0) {
fb_cmd = DETECT_XBITS_CMD_SET;
} else if (strcmp(fb_cmd_str,"unset") == 0) {
fb_cmd = DETECT_XBITS_CMD_UNSET;
} else if (strcmp(fb_cmd_str,"toggle") == 0) {
fb_cmd = DETECT_XBITS_CMD_TOGGLE;
} else {
SCLogError(SC_ERR_UNKNOWN_VALUE, "ERROR: flowbits action \"%s\" is not supported.", fb_cmd_str);
goto error;
}
switch (fb_cmd) {
case DETECT_XBITS_CMD_NOALERT:
if (strlen(fb_name) != 0)
goto error;
s->flags |= SIG_FLAG_NOALERT;
return 0;
case DETECT_XBITS_CMD_ISNOTSET:
case DETECT_XBITS_CMD_ISSET:
case DETECT_XBITS_CMD_SET:
case DETECT_XBITS_CMD_UNSET:
case DETECT_XBITS_CMD_TOGGLE:
default:
if (strlen(fb_name) == 0)
goto error;
break;
}
cd = SCMalloc(sizeof(DetectXbitsData));
if (unlikely(cd == NULL))
goto error;
cd->idx = VariableNameGetIdx(de_ctx, fb_name, var_type);
cd->cmd = fb_cmd;
cd->tracker = hb_dir;
cd->type = var_type;
cd->expire = expire;
SCLogDebug("idx %" PRIu32 ", cmd %s, name %s",
cd->idx, fb_cmd_str, strlen(fb_name) ? fb_name : "(none)");
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
sm = SigMatchAlloc();
if (sm == NULL)
goto error;
sm->type = DETECT_XBITS;
sm->ctx = (void *)cd;
switch (fb_cmd) {
case DETECT_XBITS_CMD_NOALERT:
/* nothing to do */
break;
case DETECT_XBITS_CMD_ISNOTSET:
case DETECT_XBITS_CMD_ISSET:
/* checks, so packet list */
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
break;
case DETECT_XBITS_CMD_SET:
case DETECT_XBITS_CMD_UNSET:
case DETECT_XBITS_CMD_TOGGLE:
/* modifiers, only run when entire sig has matched */
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_POSTMATCH);
break;
}
return 0;
error:
if (cd != NULL)
SCFree(cd);
if (sm != NULL)
SCFree(sm);
return -1;
}示例12: EngineAnalysisFP
void EngineAnalysisFP(Signature *s, char *line)
{
int fast_pattern_set = 0;
int fast_pattern_only_set = 0;
int fast_pattern_chop_set = 0;
DetectContentData *fp_cd = NULL;
SigMatch *mpm_sm = s->mpm_sm;
if (mpm_sm != NULL) {
fp_cd = (DetectContentData *)mpm_sm->ctx;
if (fp_cd->flags & DETECT_CONTENT_FAST_PATTERN) {
fast_pattern_set = 1;
if (fp_cd->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) {
fast_pattern_only_set = 1;
} else if (fp_cd->flags & DETECT_CONTENT_FAST_PATTERN_CHOP) {
fast_pattern_chop_set = 1;
}
}
}
fprintf(fp_engine_analysis_FD, "== Sid: %u ==\n", s->id);
fprintf(fp_engine_analysis_FD, "%s\n", line);
fprintf(fp_engine_analysis_FD, " Fast Pattern analysis:\n");
if (fp_cd == NULL) {
fprintf(fp_engine_analysis_FD, " No content present\n");
fprintf(fp_engine_analysis_FD, "\n");
return;
}
fprintf(fp_engine_analysis_FD, " Fast pattern matcher: ");
int list_type = SigMatchListSMBelongsTo(s, mpm_sm);
if (list_type == DETECT_SM_LIST_PMATCH)
fprintf(fp_engine_analysis_FD, "content\n");
else if (list_type == DETECT_SM_LIST_UMATCH)
fprintf(fp_engine_analysis_FD, "http uri content\n");
else if (list_type == DETECT_SM_LIST_HRUDMATCH)
fprintf(fp_engine_analysis_FD, "http raw uri content\n");
else if (list_type == DETECT_SM_LIST_HHDMATCH)
fprintf(fp_engine_analysis_FD, "http header content\n");
else if (list_type == DETECT_SM_LIST_HRHDMATCH)
fprintf(fp_engine_analysis_FD, "http raw header content\n");
else if (list_type == DETECT_SM_LIST_HMDMATCH)
fprintf(fp_engine_analysis_FD, "http method content\n");
else if (list_type == DETECT_SM_LIST_HCDMATCH)
fprintf(fp_engine_analysis_FD, "http cookie content\n");
else if (list_type == DETECT_SM_LIST_HCBDMATCH)
fprintf(fp_engine_analysis_FD, "http client body content\n");
else if (list_type == DETECT_SM_LIST_HSBDMATCH)
fprintf(fp_engine_analysis_FD, "http server body content\n");
else if (list_type == DETECT_SM_LIST_HSCDMATCH)
fprintf(fp_engine_analysis_FD, "http stat code content\n");
else if (list_type == DETECT_SM_LIST_HSMDMATCH)
fprintf(fp_engine_analysis_FD, "http stat msg content\n");
else if (list_type == DETECT_SM_LIST_HUADMATCH)
fprintf(fp_engine_analysis_FD, "http user agent content\n");
int flags_set = 0;
fprintf(fp_engine_analysis_FD, " Flags:");
if (fp_cd->flags & DETECT_CONTENT_OFFSET) {
fprintf(fp_engine_analysis_FD, " Offset");
flags_set = 1;
} if (fp_cd->flags & DETECT_CONTENT_DEPTH) {
fprintf(fp_engine_analysis_FD, " Depth");
flags_set = 1;
}
if (fp_cd->flags & DETECT_CONTENT_WITHIN) {
fprintf(fp_engine_analysis_FD, " Within");
flags_set = 1;
}
if (fp_cd->flags & DETECT_CONTENT_DISTANCE) {
fprintf(fp_engine_analysis_FD, " Distance");
flags_set = 1;
}
if (fp_cd->flags & DETECT_CONTENT_NOCASE) {
fprintf(fp_engine_analysis_FD, " Nocase");
flags_set = 1;
}
if (fp_cd->flags & DETECT_CONTENT_NEGATED) {
fprintf(fp_engine_analysis_FD, " Negated");
flags_set = 1;
}
if (flags_set == 0)
fprintf(fp_engine_analysis_FD, " None");
fprintf(fp_engine_analysis_FD, "\n");
fprintf(fp_engine_analysis_FD, " Fast pattern set: %s\n", fast_pattern_set ? "yes" : "no");
fprintf(fp_engine_analysis_FD, " Fast pattern only set: %s\n",
fast_pattern_only_set ? "yes" : "no");
fprintf(fp_engine_analysis_FD, " Fast pattern chop set: %s\n",
fast_pattern_chop_set ? "yes" : "no");
if (fast_pattern_chop_set) {
fprintf(fp_engine_analysis_FD, " Fast pattern offset, length: %u, %u\n",
fp_cd->fp_chop_offset, fp_cd->fp_chop_len);
}
uint16_t patlen = fp_cd->content_len;
uint8_t *pat = SCMalloc(fp_cd->content_len + 1);
if (unlikely(pat == NULL)) {
SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory");
//.........这里部分代码省略.........
示例13: pcre_exec
/**
* \internal
* \brief This function is used to parse fragbits options passed via fragbits: keyword
*
* \param rawstr Pointer to the user provided fragbits options
*
* \retval de pointer to DetectFragBitsData on success
* \retval NULL on failure
*/
static DetectFragBitsData *DetectFragBitsParse (char *rawstr)
{
DetectFragBitsData *de = NULL;
#define MAX_SUBSTRINGS 30
int ret = 0, found = 0, res = 0;
int ov[MAX_SUBSTRINGS];
const char *str_ptr = NULL;
char *args[2] = { NULL, NULL};
char *ptr;
int i;
ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
goto error;
}
for (i = 0; i < (ret - 1); i++) {
res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS,i + 1, &str_ptr);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
args[i] = (char *)str_ptr;
}
if(args[1] == NULL) {
SCLogError(SC_ERR_INVALID_VALUE, "invalid value");
goto error;
}
de = SCMalloc(sizeof(DetectFragBitsData));
if (unlikely(de == NULL))
goto error;
memset(de,0,sizeof(DetectFragBitsData));
/** First parse args[0] */
if(args[0]) {
ptr = args[0];
while (*ptr != '\0') {
switch (*ptr) {
case '!':
de->modifier = MODIFIER_NOT;
break;
case '+':
de->modifier = MODIFIER_PLUS;
break;
case '*':
de->modifier = MODIFIER_ANY;
break;
}
ptr++;
}
}
/** Second parse first set of fragbits */
ptr = args[1];
while (*ptr != '\0') {
switch (*ptr) {
case 'M':
case 'm':
de->fragbits |= FRAGBITS_HAVE_MF;
found++;
break;
case 'D':
case 'd':
de->fragbits |= FRAGBITS_HAVE_DF;
found++;
break;
case 'R':
case 'r':
de->fragbits |= FRAGBITS_HAVE_RF;
found++;
break;
default:
found = 0;
break;
}
ptr++;
}
//.........这里部分代码省略.........
示例14: pcre_exec
/**
* \brief This function is used to parse IPV4 ip_id passed via keyword: "id"
*
* \param idstr Pointer to the user provided id option
*
* \retval id_d pointer to DetectIdData on success
* \retval NULL on failure
*/
DetectIdData *DetectIdParse (char *idstr)
{
uint32_t temp;
DetectIdData *id_d = NULL;
#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
ret = pcre_exec(parse_regex, parse_regex_study, idstr, strlen(idstr), 0, 0,
ov, MAX_SUBSTRINGS);
if (ret < 1 || ret > 3) {
SCLogError(SC_ERR_PCRE_MATCH, "invalid id option. The id option value must be"
" in the range %u - %u",
DETECT_IPID_MIN, DETECT_IPID_MAX);
goto error;
}
if (ret > 1) {
const char *str_ptr;
char *orig;
char *tmp_str;
res = pcre_get_substring((char *)idstr, ov, MAX_SUBSTRINGS, 1,
&str_ptr);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
/* We have a correct id option */
id_d = SCMalloc(sizeof(DetectIdData));
if (unlikely(id_d == NULL))
goto error;
orig = SCStrdup((char*)str_ptr);
if (unlikely(orig == NULL)) {
goto error;
}
tmp_str=orig;
/* Let's see if we need to scape "'s */
if (tmp_str[0] == '"')
{
tmp_str[strlen(tmp_str) - 1] = '\0';
tmp_str += 1;
}
/* ok, fill the id data */
temp = atoi((char *)tmp_str);
if (temp > DETECT_IPID_MAX) {
SCLogError(SC_ERR_INVALID_VALUE, "\"id\" option must be in "
"the range %u - %u",
DETECT_IPID_MIN, DETECT_IPID_MAX);
SCFree(orig);
goto error;
}
id_d->id = temp;
SCFree(orig);
SCLogDebug("detect-id: will look for ip_id: %u\n", id_d->id);
}
return id_d;
error:
if (id_d != NULL) DetectIdFree(id_d);
return NULL;
}示例15: XffSetup
static void XffSetup(AlertJsonOutputCtx *json_output_ctx, ConfNode *conf)
{
HttpXFFCfg *xff_cfg = NULL;
xff_cfg = SCMalloc(sizeof(HttpXFFCfg));
if (unlikely(xff_cfg == NULL)) {
return;
}
memset(xff_cfg, 0, sizeof(HttpXFFCfg));
json_output_ctx->xff_cfg = xff_cfg;
uint32_t payload_buffer_size = JSON_STREAM_BUFFER_SIZE;
if (conf != NULL) {
const char *payload = ConfNodeLookupChildValue(conf, "payload");
const char *payload_buffer_value = ConfNodeLookupChildValue(conf, "payload-buffer-size");
const char *packet = ConfNodeLookupChildValue(conf, "packet");
const char *payload_printable = ConfNodeLookupChildValue(conf, "payload-printable");
const char *http = ConfNodeLookupChildValue(conf, "http");
const char *tls = ConfNodeLookupChildValue(conf, "tls");
const char *ssh = ConfNodeLookupChildValue(conf, "ssh");
const char *smtp = ConfNodeLookupChildValue(conf, "smtp");
const char *tagged_packets = ConfNodeLookupChildValue(conf, "tagged-packets");
if (ssh != NULL) {
if (ConfValIsTrue(ssh)) {
json_output_ctx->flags |= LOG_JSON_SSH;
}
}
if (tls != NULL) {
if (ConfValIsTrue(tls)) {
json_output_ctx->flags |= LOG_JSON_TLS;
}
}
if (http != NULL) {
if (ConfValIsTrue(http)) {
json_output_ctx->flags |= LOG_JSON_HTTP;
}
}
if (smtp != NULL) {
if (ConfValIsTrue(smtp)) {
json_output_ctx->flags |= LOG_JSON_SMTP;
}
}
if (payload_printable != NULL) {
if (ConfValIsTrue(payload_printable)) {
json_output_ctx->flags |= LOG_JSON_PAYLOAD;
}
}
if (payload != NULL) {
if (ConfValIsTrue(payload)) {
json_output_ctx->flags |= LOG_JSON_PAYLOAD_BASE64;
}
}
if (payload_buffer_value != NULL) {
uint32_t value;
if (ParseSizeStringU32(payload_buffer_value, &value) < 0) {
SCLogError(SC_ERR_ALERT_PAYLOAD_BUFFER, "Error parsing "
"payload-buffer-size - %s. Killing engine",
payload_buffer_value);
exit(EXIT_FAILURE);
} else {
payload_buffer_size = value;
}
}
if (packet != NULL) {
if (ConfValIsTrue(packet)) {
json_output_ctx->flags |= LOG_JSON_PACKET;
}
}
if (tagged_packets != NULL) {
if (ConfValIsTrue(tagged_packets)) {
json_output_ctx->flags |= LOG_JSON_TAGGED_PACKETS;
}
}
json_output_ctx->payload_buffer_size = payload_buffer_size;
HttpXFFGetCfg(conf, xff_cfg);
}
}