Navigation

← Previous Changeset
Next Changeset →

Changeset 1581

Timestamp:

02/29/08 15:13:06 (6 months ago)

Author:

till

Message:

nebula
- verbosity level for logging revised
- off-by-one error in signature generator input offset fixed
- signature generation triggers when cluster threshold is met instead of exceeded

Files:

nebula/trunk/ChangeLog (modified) (1 diff)
nebula/trunk/configure.in (modified) (1 diff)
nebula/trunk/src/classify.c (modified) (1 diff)
nebula/trunk/src/sig.c (modified) (6 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

nebula/trunk/ChangeLog

r1562	r1581
	1	0.2.1
	2	- verbosity level and logging revised
	3	- off-by-one error in signature generator input offset fixed
	4	- signature generation triggers when cluster threshold is met instead of exceeded
1	5	0.2.0
2	6	- daemon version

nebula/trunk/configure.in

r1571	r1581
1	1	# $Id$
2	2	AC_PREREQ(02.50)
3		AC_INIT([nebula], [0.2.0], [tillmann.werner@gmx.de])
	3	AC_INIT([nebula], [0.2.1], [tillmann.werner@gmx.de])
4	4	AM_CONFIG_HEADER(config.h)
5		AM_INIT_AUTOMAKE(nebula,0.2.0)
	5	AM_INIT_AUTOMAKE(nebula,0.2.1)
6	6
7	7	AC_PROG_CC

nebula/trunk/src/classify.c

r1566	r1581
221	221
222	222	// check for signature generation criteria here
223		if ((((hash)t->data)->cl) && ((hash)t->data)->cl->cnt > ((hash*)t->data)->cl->threshold) {
	223	if ((((hash)t->data)->cl) && ((hash)t->data)->cl->cnt >= ((hash*)t->data)->cl->threshold) {
224	224	printf("[=] cluster size (%u) hit threshold (%lu), generating signature.\n",
225	225	((hash)t->data)->cl->cnt, ((hash)t->data)->cl->threshold);

nebula/trunk/src/sig.c

r1570	r1581
99	99	continue;
100	100
101		// find leaves covered by the ~~actual~~ substring
	101	// find leaves covered by the current substring
102	102	l = list.elem[i].l;
103	103	r = list.elem[i].r;
…	…
110	110	start = leaves[leaf]->path_position;
111	111
112		if (id == 0) seg.org_off = start - t->string_offset[id]-1;
	112	if (id == 0) {
	113	seg.org_off = start - t->string_offset[id]-1;
	114	}
113	115	if (start - t->string_offset[id]-1 < seg.min_off) seg.min_off = start - t->string_offset[id]-1;
114	116	if (start - t->string_offset[id]-1 > seg.max_off) seg.max_off = start - t->string_offset[id]-1;
…	…
345	347
346	348	// concatenate attack strings
347		if ((strlist = realloc(strlist, sizeof(lchar) * (strllen + attack->attack_len + 2))) == NULL) {
	349	// byte strlist[0] must not be used, it simplifies the GST algorithm which uses offset 0 for the root node
	350	if ((strlist = realloc(strlist, sizeof(lchar) * (strllen + attack->attack_len + 3))) == NULL) {
348	351	fprintf(stderr, "Error - Unable to allocate memory: %m.\n");
349	352	exit(EXIT_FAILURE);
350	353	}
351		memset(&strlist[strllen], 0, sizeof(lchar) * (attack->attack_len + 2));
	354	memset(&strlist[strllen], 0, sizeof(lchar) * (attack->attack_len + 3));
352	355
353	356	// extend string offset array
…	…
359	362
360	363	for (i = 0; i < attack->attack_len; i++) {
361		strlist[strllen+i] = attack->attack[i];
	364	strlist[strllen+i+1] = attack->attack[i];
362	365	}
363	366	strllen += attack->attack_len;
…	…
421	424	}
422	425	if (verbose) printf("Generalized suffix tree contains a common subtree with %lu leaves.\n", (long unsigned int) cstr_list.len);
	426	if (verbose > 3) ST_PrintTree(gst, 0);
423	427
424	428
…	…
428	432
429	433	if (verbose) printf("Extracting common substrings with length >= %lu.\n", (long unsigned int) min_sstr_len);
430		// for (i = 0; i < cstr_list.len && cstr_list.elem[i].len >= min_sstr_len; i++)
431		// list_substrings(gst, cstr_list.elem[i].n, cstr_list.elem[i].len);
	434	if (verbose > 2) for (i = 0; i < cstr_list.len && cstr_list.elem[i].len >= min_sstr_len; i++)
	435	list_substrings(gst, cstr_list.elem[i].n, cstr_list.elem[i].len);
432	436
433	437	build_sig(cl, gst, lca_table, cstr_list, leaves, num_leaves, min_sstr_len, min_sstr_ent, SIG_SNORT);