Patch for Time criteria handling in ACID

[Mark Vevers <mark () ifl net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

(This didn't get through to the list yesterday as I sent it from another 
unsubscribed address ....)

Roman et al,

A number of issues were bugging me about the time criteria handling in ACID,
and along the way I also picked up what I think is another bug ...

1. Even though a time criteria could be cleared to '/ * /'  it couldn't be
completely removed.
2. Having fixed that the search entry time criteria disappears and since PHP
doesn't run the for loop once whatever if expr2 doesn't evaluate to true, no
option to add it was appearing ... added code to give 'Add Time' button when
no time criteria have yet been entered.
2. Acid was displaying an error about multiple time criteria without and AND
or OR despite the fact that only one criteria had been entered.(with and
without the above fixes'
3.  During this I discovered ProcessCriteria was being called twice for a
normal search, once by acid_qry_main and once by acid_qry_sqlcalls.  The
second was unncessary for a normal query but was need when called by
acid_ag_main.php so I moved the ProcessCriteria line was moved inside the if
clause when called by acid_ag_main.

As far as I can tell the fixes work - I've tried normal searchs with and
without multiple time criteria, canned queries and alert graphing and they
all seem to work OK YMMV.  The change to the search UI may not be quite what
you wanted, but it's a consequnce of the fact that Init function gets called
to clear the criteria as well as to create it ......

Cheers
Mark
- --
- ----------------------------------------------------------------------------

Index: acid_state_citems.inc
===================================================================
RCS file: /cvsroot/acidlab/acid/acid/acid_state_citems.inc,v
retrieving revision 1.3
diff -r1.3 acid_state_citems.inc
589a590,596

>    function Init()
>    {
>      $this->criteria_cnt=0;
>      unset($this->criteria);
>    }

593a601,602

>      $this->criteria_cnt=0;
>      unset($this->criteria);

650a660,663

>       if ($this->criteria_cnt == 0)
>          echo '    <INPUT TYPE="submit" NAME="submit" VALUE="ADD Time">';

Index: acid_qry_sqlcalls.php
===================================================================
RCS file: /cvsroot/acidlab/acid/acid/acid_qry_sqlcalls.php,v
retrieving revision 1.9
diff -r1.9 acid_qry_sqlcalls.php
20,21d19
<   ProcessCriteria();
<
23a22

>      ProcessCriteria();

Index: acid_qry_common.php
===================================================================
RCS file: /cvsroot/acidlab/acid/acid/acid_qry_common.php,v
retrieving revision 1.16
diff -r1.16 acid_qry_common.php
124c124
<   for ( $i = 0; $i <= $cnt; $i++ )
- - ---

>   for ( $i = 0; $i < $cnt; $i++ )

- - --
Mark Vevers.    mark () ifl net / mvevers () rm com
Internet Backbone Engineering Team
Internet for Learning, Research Machines Plc
Tel: +44 1235 823380,   Fax: +44 1235 823424
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9Bh94WLU9HLCPPKMRAhbTAJ9bCB0GPnc0oVRZ7zpfe/N4V2LVAwCbBh01
60JsqaLYt0Yj2n7cZHPm4ow=
=z+9M
- -----END PGP SIGNATURE-----

- -------------------------------------------------------

- -- 
Mark Vevers.    mark () ifl net / mvevers () rm com
Internet Backbone Engineering Team
Internet for Learning, Research Machines Plc
Tel: +44 1235 823380,   Fax: +44 1235 823424
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9B1DgWLU9HLCPPKMRAqT4AJ9ddyU92wPigjvAOmVaXLFxft0afACdEac9
RT/ifuIym5mEstbeOiZ7rLU=
=JksE
-----END PGP SIGNATURE-----


_______________________________________________________________

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users