suricata
Functions
detect-engine-proto.c File Reference
#include "suricata-common.h"
#include "decode.h"
#include "detect.h"
#include "app-layer-parser.h"
#include "flow-util.h"
#include "flow-var.h"
#include "detect-engine-siggroup.h"
#include "detect-engine-state.h"
#include "util-cidr.h"
#include "util-byte.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "util-debug.h"
#include "detect-engine.h"
#include "detect-parse.h"
#include "detect-engine-mpm.h"
Include dependency graph for detect-engine-proto.c:

Go to the source code of this file.

Functions

int DetectProtoParse (DetectProto *dp, const char *str)
 Parses a protocol sent as a string. More...
 
int DetectProtoContainsProto (const DetectProto *dp, int proto)
 see if a DetectProto contains a certain proto More...
 
void DetectProtoTests (void)
 this function registers unit tests for DetectProto More...
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Proto part of the detection engine.

Todo:
move this out of the detection plugin structure

Definition in file detect-engine-proto.c.

Function Documentation

int DetectProtoContainsProto ( const DetectProto dp,
int  proto 
)

see if a DetectProto contains a certain proto

Parameters
dpdetect proto to inspect
protoprotocol (such as IPPROTO_TCP) to look for
Return values
0protocol not in the set
1protocol is in the set

Definition at line 135 of file detect-engine-proto.c.

References DE_QUIET, DETECT_PROTO_ANY, DETECT_PROTO_ONLY_PKT, DETECT_PROTO_ONLY_STREAM, DetectEngineCtxFree(), DetectEngineCtxInit(), DetectEngineThreadCtxDeinit(), DetectEngineThreadCtxInit(), DetectProtoParse(), DetectProto_::flags, Packet_::flags, DetectEngineCtx_::flags, Packet_::flow, FLOW_DESTROY, FLOW_INITIALIZE, FLOW_PKT_TOSERVER, Packet_::flowflags, Signature_::next, PacketAlertCheck(), PKT_HAS_FLOW, DetectProto_::proto, Signature_::proto, SCLogDebug, DetectEngineCtx_::sig_list, SigCleanSignatures(), SigGroupBuild(), SigGroupCleanup(), SigInit(), SigMatchSignatures(), str, UTHBuildPacket(), and UTHFreePackets().

Referenced by DetectTcphdrRegister(), DetectUdphdrRegister(), EngineAnalysisRules(), IPOnlyMatchPacket(), and SigMatchSignaturesGetSgh().

Here is the call graph for this function:

Here is the caller graph for this function:

int DetectProtoParse ( DetectProto dp,
const char *  str 
)

Parses a protocol sent as a string.

Parameters
dpPointer to the DetectProto instance which will be updated with the incoming protocol information.
strPointer to the string containing the protocol name.
Return values
>=0If proto is detected, -1 otherwise.
Todo:
are numeric protocols even valid?

Definition at line 56 of file detect-engine-proto.c.

References ByteExtractStringUint8(), DETECT_PROTO_ANY, DETECT_PROTO_IPV4, DETECT_PROTO_IPV6, DETECT_PROTO_ONLY_PKT, DETECT_PROTO_ONLY_STREAM, DetectProto_::flags, DetectProto_::proto, proto, and SCLogDebug.

Referenced by DetectProtoContainsProto(), and SigMatchListSMBelongsTo().

Here is the call graph for this function:

Here is the caller graph for this function:

void DetectProtoTests ( void  )

this function registers unit tests for DetectProto

Definition at line 579 of file detect-engine-proto.c.

References UtRegisterTest().

Here is the call graph for this function: