Skip to content

Commit

Permalink
Code cleanup in flexbit.c / new --enable-offload in build-test.sh / a…
Browse files Browse the repository at this point in the history 
…dd "isnotset" to xbit documentation
  • Loading branch information
root committed Oct 22, 2024
1 parent 3f3b081 commit d3a6559
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 43 deletions.
2 changes: 1 addition & 1 deletion doc/source/rule-keywords.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -837,7 +837,7 @@ This function is identical to Snort's "within" rule option. For more information
xbits
-----

.. option:: xbits:{set|unset|isset},{name},track {ip_src|ip_dst|ip_pair} [,expire <seconds>];
.. option:: xbits:{set|unset|isset|isnotset},{name},track {ip_src|ip_dst|ip_pair} [,expire <seconds>];

The ``xbits`` rule keyword allows you to track and correlate events between multiple logs. This is done by detecting an event and using the ``set`` for Sagan to "remember" an event. Later, if another event is detected, xbit can be tested via ``isset`` or ``isnotset`` to determine if an event happened earlier. For example, lets say you would like to detect when anti-virus is being shutdown but **not** if it is related to a system reboot or shutdown.

Expand Down
7 changes: 4 additions & 3 deletions extra/build-test/build-test.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,10 +29,11 @@
# --disable-libfastjson Enable libfastjson
# --enable-tcmalloc Enable Google's TCMalloc
# --enable-jemalloc Enable JEMalloc
# --enable-

STANDARD="--disable-bluedot --disable-esmtp --disable-geoip --disable-system-strstr --enable-syslog --enable-lognorm --enable-libpcap --enable-libfastjson --disable-tcmalloc --disable-gzip --enable-jemalloc"
ALLFLAGS="--enable-bluedot --enable-esmtp --enable-geoip --enable-system-strstr --enable-syslog --enable-lognorm --enable-libpcap --enable-libfastjson --enable-redis --enable-gzip --enable-tcmalloc --enable-jemalloc"
NOFLAG="--disable-syslog --disable-lognorm --disable-esmtp --disable-libpcap --disable-bluedot --disable-geoip --disable-system-strstr --disable-system-strstr --disable-libfastjson --disable-redis --disable-tcmalloc --disable-gzip --disable-jemalloc"
STANDARD="--disable-bluedot --disable-esmtp --disable-geoip --disable-system-strstr --enable-syslog --enable-lognorm --enable-libpcap --enable-libfastjson --disable-tcmalloc --disable-gzip --enable-jemalloc --enable-offload"
ALLFLAGS="--enable-bluedot --enable-esmtp --enable-geoip --enable-system-strstr --enable-syslog --enable-lognorm --enable-libpcap --enable-libfastjson --enable-redis --enable-gzip --enable-tcmalloc --enable-jemalloc --enable-offload"
NOFLAG="--disable-syslog --disable-lognorm --disable-esmtp --disable-libpcap --disable-bluedot --disable-geoip --disable-system-strstr --disable-system-strstr --disable-libfastjson --disable-redis --disable-tcmalloc --disable-gzip --disable-jemalloc --disable-offload"

LOG="output.log"

Expand Down
39 changes: 0 additions & 39 deletions src/flexbit-mmap.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -992,11 +992,9 @@ void Flexbit_Set_MMAP(uint_fast32_t rule_position, const char *ip_src, const cha


File_Lock(config->shm_flexbit);
// pthread_mutex_lock(&Flexbit_Mutex);

flexbit_ipc[a].flexbit_state = false;

// pthread_mutex_unlock(&Flexbit_Mutex);
File_Unlock(config->shm_flexbit);

flexbit_unset_match = 1;
Expand All @@ -1017,11 +1015,9 @@ void Flexbit_Set_MMAP(uint_fast32_t rule_position, const char *ip_src, const cha
}

File_Lock(config->shm_flexbit);
// pthread_mutex_lock(&Flexbit_Mutex);

flexbit_ipc[a].flexbit_state = false;

// pthread_mutex_unlock(&Flexbit_Mutex);
File_Unlock(config->shm_flexbit);

flexbit_unset_match = 1;
Expand All @@ -1041,11 +1037,9 @@ void Flexbit_Set_MMAP(uint_fast32_t rule_position, const char *ip_src, const cha
}

File_Lock(config->shm_flexbit);
// pthread_mutex_lock(&Flexbit_Mutex);

flexbit_ipc[a].flexbit_state = false;

// pthread_mutex_unlock(&Flexbit_Mutex);
File_Unlock(config->shm_flexbit);

flexbit_unset_match = 1;
Expand All @@ -1065,11 +1059,9 @@ void Flexbit_Set_MMAP(uint_fast32_t rule_position, const char *ip_src, const cha
}

File_Lock(config->shm_flexbit);
// pthread_mutex_lock(&Flexbit_Mutex);

flexbit_ipc[a].flexbit_state = false;

// pthread_mutex_unlock(&Flexbit_Mutex);
File_Unlock(config->shm_flexbit);

flexbit_unset_match = 1;
Expand All @@ -1090,11 +1082,9 @@ void Flexbit_Set_MMAP(uint_fast32_t rule_position, const char *ip_src, const cha
}

File_Lock(config->shm_flexbit);
// pthread_mutex_lock(&Flexbit_Mutex);

flexbit_ipc[a].flexbit_state = false;

// pthread_mutex_unlock(&Flexbit_Mutex);
File_Unlock(config->shm_flexbit);

flexbit_unset_match = 1;
Expand All @@ -1113,11 +1103,9 @@ void Flexbit_Set_MMAP(uint_fast32_t rule_position, const char *ip_src, const cha
}

File_Lock(config->shm_flexbit);
// pthread_mutex_lock(&Flexbit_Mutex);

flexbit_ipc[a].flexbit_state = 0;

// pthread_mutex_unlock(&Flexbit_Mutex);
File_Unlock(config->shm_flexbit);

flexbit_unset_match = 1;
Expand All @@ -1136,11 +1124,9 @@ void Flexbit_Set_MMAP(uint_fast32_t rule_position, const char *ip_src, const cha
}

File_Lock(config->shm_flexbit);
// pthread_mutex_lock(&Flexbit_Mutex);

flexbit_ipc[a].flexbit_state = 0;

// pthread_mutex_unlock(&Flexbit_Mutex);
File_Unlock(config->shm_flexbit);

flexbit_unset_match = 1;
Expand All @@ -1162,11 +1148,9 @@ void Flexbit_Set_MMAP(uint_fast32_t rule_position, const char *ip_src, const cha
}

File_Lock(config->shm_flexbit);
// pthread_mutex_lock(&Flexbit_Mutex);

flexbit_ipc[a].flexbit_state = 0;

// pthread_mutex_unlock(&Flexbit_Mutex);
File_Unlock(config->shm_flexbit);

flexbit_unset_match = 1;
Expand All @@ -1187,11 +1171,9 @@ void Flexbit_Set_MMAP(uint_fast32_t rule_position, const char *ip_src, const cha
}

File_Lock(config->shm_flexbit);
// pthread_mutex_lock(&Flexbit_Mutex);

flexbit_ipc[a].flexbit_state = 0;

// pthread_mutex_unlock(&Flexbit_Mutex);
File_Unlock(config->shm_flexbit);

flexbit_unset_match = 1;
Expand All @@ -1212,11 +1194,9 @@ void Flexbit_Set_MMAP(uint_fast32_t rule_position, const char *ip_src, const cha
}

File_Lock(config->shm_flexbit);
// pthread_mutex_lock(&Flexbit_Mutex);

flexbit_ipc[a].flexbit_state = 0;

// pthread_mutex_unlock(&Flexbit_Mutex);
File_Unlock(config->shm_flexbit);

flexbit_unset_match = 1;
Expand All @@ -1239,11 +1219,9 @@ void Flexbit_Set_MMAP(uint_fast32_t rule_position, const char *ip_src, const cha
}

File_Lock(config->shm_flexbit);
// pthread_mutex_lock(&Flexbit_Mutex);

flexbit_ipc[a].flexbit_state = 0;

// pthread_mutex_unlock(&Flexbit_Mutex);
File_Unlock(config->shm_flexbit);

flexbit_unset_match = 1;
Expand All @@ -1263,11 +1241,9 @@ void Flexbit_Set_MMAP(uint_fast32_t rule_position, const char *ip_src, const cha
}

File_Lock(config->shm_flexbit);
// pthread_mutex_lock(&Flexbit_Mutex);

flexbit_ipc[a].flexbit_state = 0;

// pthread_mutex_unlock(&Flexbit_Mutex);
File_Unlock(config->shm_flexbit);

flexbit_unset_match = 1;
Expand All @@ -1287,11 +1263,9 @@ void Flexbit_Set_MMAP(uint_fast32_t rule_position, const char *ip_src, const cha
}

File_Lock(config->shm_flexbit);
// pthread_mutex_lock(&Flexbit_Mutex);

flexbit_ipc[a].flexbit_state = 0;

// pthread_mutex_unlock(&Flexbit_Mutex);
File_Unlock(config->shm_flexbit);

flexbit_unset_match = 1;
Expand All @@ -1310,11 +1284,9 @@ void Flexbit_Set_MMAP(uint_fast32_t rule_position, const char *ip_src, const cha
}

File_Lock(config->shm_flexbit);
// pthread_mutex_lock(&Flexbit_Mutex);

flexbit_ipc[a].flexbit_state = false;

// pthread_mutex_unlock(&Flexbit_Mutex);
File_Unlock(config->shm_flexbit);

flexbit_unset_match = 1;
Expand Down Expand Up @@ -1353,7 +1325,6 @@ void Flexbit_Set_MMAP(uint_fast32_t rule_position, const char *ip_src, const cha


File_Lock(config->shm_flexbit);
// pthread_mutex_lock(&Flexbit_Mutex);

flexbit_ipc[a].flexbit_date = atol(timet);
flexbit_ipc[a].flexbit_expire = atol(timet) + rulestruct[rule_position].flexbit_timeout[i];
Expand All @@ -1371,7 +1342,6 @@ void Flexbit_Set_MMAP(uint_fast32_t rule_position, const char *ip_src, const cha

}

// pthread_mutex_unlock(&Flexbit_Mutex);
File_Unlock(config->shm_flexbit);

flexbit_match = true;
Expand Down Expand Up @@ -1428,7 +1398,6 @@ void Flexbit_Set_MMAP(uint_fast32_t rule_position, const char *ip_src, const cha
{

File_Lock(config->shm_flexbit);
// pthread_mutex_lock(&Flexbit_Mutex);

flexbit_ipc[a].flexbit_date = atol(timet);
flexbit_ipc[a].flexbit_expire = atol(timet) + rulestruct[rule_position].flexbit_timeout[i];
Expand All @@ -1442,7 +1411,6 @@ void Flexbit_Set_MMAP(uint_fast32_t rule_position, const char *ip_src, const cha

}

// pthread_mutex_unlock(&Flexbit_Mutex);
File_Unlock(config->shm_flexbit);

flexbit_match = true;
Expand Down Expand Up @@ -1496,7 +1464,6 @@ void Flexbit_Set_MMAP(uint_fast32_t rule_position, const char *ip_src, const cha
{

File_Lock(config->shm_flexbit);
// pthread_mutex_lock(&Flexbit_Mutex);

flexbit_ipc[a].flexbit_date = atol(timet);
flexbit_ipc[a].flexbit_expire = atol(timet) + rulestruct[rule_position].flexbit_timeout[i];
Expand All @@ -1510,7 +1477,6 @@ void Flexbit_Set_MMAP(uint_fast32_t rule_position, const char *ip_src, const cha

}

// pthread_mutex_unlock(&Flexbit_Mutex);
File_Unlock(config->shm_flexbit);

flexbit_match = true;
Expand Down Expand Up @@ -1564,7 +1530,6 @@ void Flexbit_Set_MMAP(uint_fast32_t rule_position, const char *ip_src, const cha
{

File_Lock(config->shm_flexbit);
// pthread_mutex_lock(&Flexbit_Mutex);

flexbit_ipc[a].flexbit_date = atol(timet);
flexbit_ipc[a].flexbit_expire = atol(timet) + rulestruct[rule_position].flexbit_timeout[i];
Expand All @@ -1578,7 +1543,6 @@ void Flexbit_Set_MMAP(uint_fast32_t rule_position, const char *ip_src, const cha

}

// pthread_mutex_unlock(&Flexbit_Mutex);
File_Unlock(config->shm_flexbit);

flexbit_match = true;
Expand Down Expand Up @@ -1633,7 +1597,6 @@ void Flexbit_Set_MMAP(uint_fast32_t rule_position, const char *ip_src, const cha
}

File_Lock(config->shm_flexbit);
// pthread_mutex_lock(&Flexbit_Mutex);

memcpy(flexbit_ipc[counters_ipc->flexbit_count].ip_src, ip_src, sizeof(flexbit_ipc[counters_ipc->flexbit_count].ip_src));
memcpy(flexbit_ipc[counters_ipc->flexbit_count].ip_dst, ip_dst, sizeof(flexbit_ipc[counters_ipc->flexbit_count].ip_dst));
Expand Down Expand Up @@ -1664,8 +1627,6 @@ void Flexbit_Set_MMAP(uint_fast32_t rule_position, const char *ip_src, const cha
File_Unlock(config->shm_counters);
File_Unlock(config->shm_flexbit);

// pthread_mutex_unlock(&Flexbit_Mutex);

}
}
}
Expand Down

0 comments on commit d3a6559

Please sign in to comment.