suricata
|
#include "suricata-common.h"
#include "decode.h"
#include "detect.h"
#include "detect-parse.h"
#include "detect-csum.h"
#include "util-unittest.h"
#include "util-debug.h"
#include "pkt-var.h"
#include "host.h"
#include "util-profiling.h"
#include "detect-engine-build.h"
#include "util-unittest-helper.h"
#include "detect-engine.h"
#include "detect-engine-alert.h"
#include "packet.h"
#include "stream-tcp.h"
Go to the source code of this file.
Data Structures | |
struct | DetectCsumData_ |
Macros | |
#define | DETECT_CSUM_VALID "valid" |
#define | DETECT_CSUM_INVALID "invalid" |
#define | mystr(s) #s |
#define | TEST1(kwstr) |
#define | TEST2(kwstr) |
#define | TEST3(kwstr, kwtype) |
Typedefs | |
typedef struct DetectCsumData_ | DetectCsumData |
Functions | |
void | DetectCsumRegister (void) |
Registers handlers for all the checksum keywords. The checksum keywords that are registered are ipv4-sum, tcpv4-csum, tcpv6-csum, udpv4-csum, udpv6-csum, icmpv4-csum and icmpv6-csum. More... | |
Implements checksum keyword.
Definition in file detect-csum.c.
#define DETECT_CSUM_INVALID "invalid" |
Definition at line 44 of file detect-csum.c.
#define DETECT_CSUM_VALID "valid" |
Definition at line 43 of file detect-csum.c.
#define mystr | ( | s | ) | #s |
Definition at line 801 of file detect-csum.c.
#define TEST1 | ( | kwstr | ) |
Definition at line 802 of file detect-csum.c.
#define TEST2 | ( | kwstr | ) |
Definition at line 834 of file detect-csum.c.
#define TEST3 | ( | kwstr, | |
kwtype | |||
) |
Definition at line 869 of file detect-csum.c.
typedef struct DetectCsumData_ DetectCsumData |
void DetectCsumRegister | ( | void | ) |
Registers handlers for all the checksum keywords. The checksum keywords that are registered are ipv4-sum, tcpv4-csum, tcpv6-csum, udpv4-csum, udpv6-csum, icmpv4-csum and icmpv6-csum.
Each of the checksum keywords implemented here takes 2 arguments - "valid" or "invalid". If the rule keyword in the signature is specified as "valid", the Match function would return TRUE if the checksum for that particular packet and protocol is valid. Similarly for "invalid".
The Setup functions takes 4 arguments -
DetectEngineCtx * (de_ctx) - A pointer to the detection engine context Signature *(s) - Pointer to signature for the current Signature being parsed from the rules SigMatchCtx * (m) - Pointer to the head of the SigMatchs added to the current Signature being parsed char * (csum_str) - Pointer to a string holding the keyword value
The Setup function returns 0 if it successfully parses the keyword value, and -1 otherwise.
The Match function takes 5 arguments -
ThreadVars * (t) - Pointer to the tv for the detection module instance DetectEngineThreadCtx * (det_ctx) - Pointer to the detection engine thread context Packet * (p) - Pointer to the Packet currently being handled Signature * (s) - Pointer to the Signature, the packet is being currently matched with SigMatchCtx * (m) - Pointer to the keyword structure from the above Signature, the Packet is being currently matched with
The Match function returns 1 if the Packet contents match the keyword, and 0 otherwise
The Free function takes a single argument -
void * (ptr) - Pointer to the DetectCsumData for a keyword
Definition at line 139 of file detect-csum.c.
References DETECT_IPV4_CSUM, SigTableElmt_::Match, SigTableElmt_::name, and sigmatch_table.
Referenced by SigTableSetup().