suricata
detect-dsize.h
Go to the documentation of this file.
1
/* Copyright (C) 2007-2022 Open Information Security Foundation
2
*
3
* You can copy, redistribute or modify this Program under the terms of
4
* the GNU General Public License version 2 as published by the Free
5
* Software Foundation.
6
*
7
* This program is distributed in the hope that it will be useful,
8
* but WITHOUT ANY WARRANTY; without even the implied warranty of
9
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10
* GNU General Public License for more details.
11
*
12
* You should have received a copy of the GNU General Public License
13
* version 2 along with this program; if not, write to the Free Software
14
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15
* 02110-1301, USA.
16
*/
17
18
/**
19
* \file
20
*
21
* \author Victor Julien <victor@inliniac.net>
22
*/
23
24
#ifndef SURICATA_DETECT_DSIZE_H
25
#define SURICATA_DETECT_DSIZE_H
26
27
#include "
detect-engine-uint.h
"
28
29
/* prototypes */
30
void
DetectDsizeRegister
(
void
);
31
32
int
SigParseMaxRequiredDsize
(
const
Signature
*s);
33
int
SigParseGetMaxDsize
(
const
Signature
*s);
34
void
SigParseSetDsizePair
(
Signature
*s);
35
void
SigParseApplyDsizeToContent
(
Signature
*s);
36
37
/** Determine if a packet p should be kicked out during prefilter due
38
* to dsize outside the range specified in signature s */
39
static
inline
bool
SigDsizePrefilter(
const
Packet
*p,
const
Signature
*s, uint32_t sflags)
40
{
41
if
(
unlikely
(sflags &
SIG_FLAG_DSIZE
)) {
42
if
(
likely
(p->
payload_len
< s->
dsize_low
|| p->
payload_len
> s->
dsize_high
)) {
43
if
(!(s->
dsize_mode
==
DETECT_UINT_NE
)) {
44
SCLogDebug
(
"kicked out as p->payload_len %u, dsize low %u, hi %u"
, p->
payload_len
,
45
s->
dsize_low
, s->
dsize_high
);
46
return
true
;
47
}
48
}
49
}
50
return
false
;
51
}
52
53
#endif
/* SURICATA_DETECT_DSIZE_H */
detect-engine-uint.h
DetectDsizeRegister
void DetectDsizeRegister(void)
Registration function for dsize: keyword.
Definition:
detect-dsize.c:61
unlikely
#define unlikely(expr)
Definition:
util-optimize.h:35
SigParseApplyDsizeToContent
void SigParseApplyDsizeToContent(Signature *s)
Apply dsize as depth to content matches in the rule.
Definition:
detect-dsize.c:324
SCLogDebug
#define SCLogDebug(...)
Definition:
util-debug.h:269
DETECT_UINT_NE
#define DETECT_UINT_NE
Definition:
detect-engine-uint.h:36
Packet_::payload_len
uint16_t payload_len
Definition:
decode.h:575
Signature_::dsize_low
uint16_t dsize_low
Definition:
detect.h:610
SigParseMaxRequiredDsize
int SigParseMaxRequiredDsize(const Signature *s)
Determine the required dsize for the signature.
Definition:
detect-dsize.c:288
Packet_
Definition:
decode.h:476
SigParseGetMaxDsize
int SigParseGetMaxDsize(const Signature *s)
get max dsize "depth"
Definition:
detect-dsize.c:211
SigParseSetDsizePair
void SigParseSetDsizePair(Signature *s)
set prefilter dsize pair
Definition:
detect-dsize.c:234
Signature_::dsize_high
uint16_t dsize_high
Definition:
detect.h:611
Signature_
Signature container.
Definition:
detect.h:603
Signature_::dsize_mode
uint8_t dsize_mode
Definition:
detect.h:612
likely
#define likely(expr)
Definition:
util-optimize.h:32
SIG_FLAG_DSIZE
#define SIG_FLAG_DSIZE
Definition:
detect.h:245
src
detect-dsize.h
Generated on Tue Dec 24 2024 23:30:29 for suricata by
1.8.18