#include "suricata-common.h"
#include "decode.h"
#include "detect.h"
#include "app-layer-parser.h"
#include "flow-util.h"
#include "flow-var.h"
#include "detect-engine-siggroup.h"
#include "detect-engine-state.h"
#include "util-cidr.h"
#include "util-byte.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "util-debug.h"
#include "detect-engine.h"
#include "detect-parse.h"
#include "detect-engine-mpm.h"

Include dependency graph for detect-engine-proto.c:

Functions
void	DetectEngineProtoList (void)

int	DetectProtoParse (DetectProto dp, const char str)
	Parses a protocol sent as a string. More...

int	DetectProtoContainsProto (const DetectProto *dp, int proto)
	see if a DetectProto contains a certain proto More...

void	DetectProtoTests (void)
	this function registers unit tests for DetectProto More...

Variables
struct {
const char * name

uint8_t proto

uint8_t proto2

uint8_t flags

}	proto_table []

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Proto part of the detection engine.

Todo:: move this out of the detection plugin structure

Definition in file detect-engine-proto.c.

Function Documentation

◆ DetectEngineProtoList()

void DetectEngineProtoList ( void )

Definition at line 69 of file detect-engine-proto.c.

References ARRAY_SIZE, name, and proto_table.

Referenced by DetectListSupportedProtocols().

Here is the caller graph for this function:

◆ DetectProtoContainsProto()

int DetectProtoContainsProto	(	const DetectProto *	dp,
		int	proto
	)

see if a DetectProto contains a certain proto

Parameters

dp	detect proto to inspect
proto	protocol (such as IPPROTO_TCP) to look for

Return values

0	protocol not in the set
1	protocol is in the set

Definition at line 109 of file detect-engine-proto.c.

References DETECT_PROTO_ANY, DetectProto_::flags, DetectProto_::proto, and proto.

◆ DetectProtoParse()

int DetectProtoParse	(	DetectProto *	dp,
		const char *	str
	)

Parses a protocol sent as a string.

Parameters

dp	Pointer to the DetectProto instance which will be updated with the incoming protocol information.
str	Pointer to the string containing the protocol name.

Return values

>=0	If proto is detected, -1 otherwise.

Definition at line 85 of file detect-engine-proto.c.

References ARRAY_SIZE, DETECT_PROTO_ANY, DetectProto_::flags, flags, name, DetectProto_::proto, proto, proto2, proto_table, and str.

◆ DetectProtoTests()

void DetectProtoTests ( void )

this function registers unit tests for DetectProto

Definition at line 368 of file detect-engine-proto.c.

References UtRegisterTest().

Here is the call graph for this function:

Variable Documentation

◆ flags

uint8_t flags

Definition at line 51 of file detect-engine-proto.c.

Referenced by DetectProtoParse().

◆ name

const char* name

Definition at line 48 of file detect-engine-proto.c.

Referenced by BuildCpusetWithCallback(), CaptureStatsSetup(), ConfigSetDataDirectory(), ConfigSetLogDirectory(), DatajsonGet(), DatasetFind(), DatasetGet(), DatasetGetOrCreate(), DetectEngineContentModifierBufferSetup(), DetectEngineFrameInspectEngineRegister(), DetectEngineFrameMpmRegister(), DetectEngineProtoList(), DetectFrameMpmRegister(), DetectPktInspectEngineRegister(), DetectProtoParse(), DetectRegisterAppLayerHookLists(), DetectUnregisterThreadCtxFuncs(), DumpPatterns(), EngineAnalysisFP(), EngineAnalysisRules2(), EveAddFlowTcpFlags(), EveAddFlowTcpStreamFlags(), FlowEndCountersRegister(), FlowStorageRegister(), GetAffinityTypeForNameAndIface(), GetOrAllocAffinityTypeForIfaceOfName(), HostStorageRegister(), InjectPacketsForFlush(), IPPairStorageRegister(), ListAppLayerHooks(), LiveDevStorageRegister(), LiveGetDevice(), MpmFactoryRegisterMpmCtxProfile(), OutputRegisterPacketModule(), OutputRegisterPacketSubModule(), PatternMatchDefaultMatcher(), PrefilterAppendEngine(), PrefilterAppendFrameEngine(), PrefilterAppendPayloadEngine(), PrefilterAppendPostRuleEngine(), PrefilterAppendTxEngine(), SCClassConfGetClasstype(), SCConfGet(), SCConfGetBool(), SCConfGetDouble(), SCConfGetFloat(), SCConfGetInt(), SCConfNodeDump(), SCConfNodeGetNodeOrCreate(), SCConfNodeLookupChild(), SCConfNodeLookupChildValue(), SCConfRemove(), SCConfSetFromString(), SCDetectHelperBufferRegister(), SCEveFindFileType(), SCParseCommandLine(), SCSigTableHasKeyword(), SigTableList(), SigTableRegisterTests(), SinglePatternMatchDefaultMatcher(), TestHelperBufferToFile(), ThreadStorageRegister(), TmModuleBypassedFlowManagerRegister(), TmModuleGetByName(), TmqGetQueueByName(), TmqhGetQueueHandlerByName(), TmqhNameToID(), VarNameStoreLookupById(), VarNameStoreLookupByName(), VarNameStoreRegister(), and VarNameStoreSetupLookup().

◆ proto

uint8_t proto

Definition at line 49 of file detect-engine-proto.c.

Referenced by DetectProtoContainsProto(), and DetectProtoParse().

◆ proto2

uint8_t proto2

Definition at line 50 of file detect-engine-proto.c.

Referenced by DetectProtoParse().

◆ proto_table

struct { ... } proto_table[]

Initial value:

= {
    { "tcp", IPPROTO_TCP, 0, 0 },
    { "tcp-pkt", IPPROTO_TCP, 0, DETECT_PROTO_ONLY_PKT },
    { "tcp-stream", IPPROTO_TCP, 0, DETECT_PROTO_ONLY_STREAM },
    { "udp", IPPROTO_UDP, 0, 0 },
    { "icmpv4", IPPROTO_ICMP, 0, 0 },
    { "icmpv6", IPPROTO_ICMPV6, 0, 0 },
    { "icmp", IPPROTO_ICMP, IPPROTO_ICMPV6, 0 },
    { "sctp", IPPROTO_SCTP, 0, 0 },
    { "ipv4", 0, 0, DETECT_PROTO_IPV4 | DETECT_PROTO_ANY },
    { "ip4", 0, 0, DETECT_PROTO_IPV4 | DETECT_PROTO_ANY },
    { "ipv6", 0, 0, DETECT_PROTO_IPV6 | DETECT_PROTO_ANY },
    { "ip6", 0, 0, DETECT_PROTO_IPV6 | DETECT_PROTO_ANY },
    { "ip", 0, 0, DETECT_PROTO_ANY },
    { "pkthdr", 0, 0, DETECT_PROTO_ANY },
}

Referenced by DetectEngineProtoList(), and DetectProtoParse().

Functions

Variables