41 static void DetectBsizeFree (
void *);
43 static void DetectBsizeRegisterTests (
void);
63 #define DETECT_BSIZE_LT 0 64 #define DETECT_BSIZE_GT 1 65 #define DETECT_BSIZE_RA 2 66 #define DETECT_BSIZE_EQ 3 89 if (buffer_size < bsz->
lo) {
95 if (buffer_size > bsz->
lo) {
103 if (buffer_size == bsz->
lo) {
105 }
else if (buffer_size > bsz->
lo) {
114 if (buffer_size > bsz->
lo && buffer_size < bsz->
hi) {
116 }
else if (buffer_size <= bsz->lo && eof) {
118 }
else if (buffer_size <= bsz->lo) {
120 }
else if (buffer_size >= bsz->
hi) {
127 #define ERR(...) do { \ 129 snprintf(_buf, sizeof(_buf), __VA_ARGS__); \ 130 SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "bsize: bad input, %s", _buf); \ 150 size_t len = strlen(str);
155 while (isspace(*str))
174 while (isspace(*str))
177 char str1[11], *p = str1;
178 memset(str1, 0,
sizeof(str1));
179 while (*str && isdigit(*str)) {
180 if (p - str1 >= (
int)
sizeof(str1))
185 while (*str && isspace(*str)) {
198 }
else if (*str ==
'<') {
201 ERR(
"only '<>' allowed");
208 ERR(
"mode already set");
220 while (*str && isspace(*str))
225 memset(str2, 0,
sizeof(str2));
226 while (*str && isdigit(*str)) {
227 if (p - str2 >= (
int)
sizeof(str2))
232 while (*str && isspace(*str)) {
240 ERR(
"'%s' is not a valid u32", str2);
245 ERR(
"%u > %u", lo, hi);
250 ERR(
"trailing data");
263 bsz->
mode = (uint8_t)mode;
295 sm->
ctx = (
void *)bsz;
302 DetectBsizeFree(bsz);
311 void DetectBsizeFree(
void *ptr)
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
SignatureInitData * init_data
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
main detection engine ctx
int ParseSizeStringU64(const char *size, uint64_t *res)
#define DETECT_SM_LIST_NOTSET
void SigMatchAppendSMToList(Signature *s, SigMatch *new, int list)
Append a SigMatch to the list type.
void DetectBsizeRegister(void)
Registration function for bsize: keyword.
int(* Match)(ThreadVars *, DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
int DetectBsizeMatch(const SigMatchCtx *ctx, const uint64_t buffer_size, bool eof)
bsize match function
SigMatch * SigMatchAlloc(void)
struct DetectBsizeData DetectBsizeData
void(* RegisterTests)(void)
a single match condition for a signature