#include "suricata-common.h"
#include "decode.h"
#include "detect.h"
#include "app-layer-parser.h"
#include "flow-util.h"
#include "flow-var.h"
#include "detect-engine-siggroup.h"
#include "detect-engine-state.h"
#include "util-cidr.h"
#include "util-byte.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "util-debug.h"
#include "detect-engine.h"
#include "detect-parse.h"
#include "detect-engine-mpm.h"

Include dependency graph for detect-engine-proto.c:

Functions
void	DetectEngineProtoList (void)

int	DetectProtoParse (DetectProto dp, const char str)
	Parses a protocol sent as a string. More...

int	DetectProtoContainsProto (const DetectProto *dp, int proto)
	see if a DetectProto contains a certain proto More...

bool	DetectProtoHasExplicitProto (const DetectProto *dp, const uint8_t proto)
	see if a DetectProto explicitly a certain proto Explicit means the protocol was explicitly set, so "any" doesn't qualify. More...

int	DetectProtoFinalizeSignature (Signature *s)

void	DetectProtoTests (void)
	this function registers unit tests for DetectProto More...

Variables
struct {
const char * name

uint8_t proto

uint8_t proto2

uint8_t flags

}	proto_table []

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Proto part of the detection engine.

Todo:: move this out of the detection plugin structure

Definition in file detect-engine-proto.c.

Function Documentation

◆ DetectEngineProtoList()

void DetectEngineProtoList ( void )

Definition at line 74 of file detect-engine-proto.c.

References ARRAY_SIZE, name, and proto_table.

Referenced by DetectListSupportedProtocols().

Here is the caller graph for this function:

◆ DetectProtoContainsProto()

int DetectProtoContainsProto	(	const DetectProto *	dp,
		int	proto
	)

see if a DetectProto contains a certain proto

Parameters

dp	detect proto to inspect
proto	protocol (such as IPPROTO_TCP) to look for

Return values

0	protocol not in the set
1	protocol is in the set

Definition at line 115 of file detect-engine-proto.c.

References DETECT_PROTO_ANY, DETECT_PROTO_L2_ANY, DetectProto_::flags, DetectProto_::proto, and proto.

Referenced by SignatureHasPacketContent(), and SignatureHasStreamContent().

Here is the caller graph for this function:

◆ DetectProtoFinalizeSignature()

int DetectProtoFinalizeSignature ( Signature * s )

Definition at line 157 of file detect-engine-proto.c.

References BUG_ON, DETECT_PROTO_ANY, DETECT_PROTO_IPV4, DETECT_PROTO_IPV6, DetectProto_::flags, Signature_::id, Signature_::init_data, SignatureInitData_::init_flags, SignatureInitData_::proto, Signature_::proto, SCLogDebug, SIG_FLAG_INIT_FRAME, SIG_TYPE_IPONLY, and Signature_::type.

◆ DetectProtoHasExplicitProto()

bool DetectProtoHasExplicitProto	(	const DetectProto *	dp,
		const uint8_t	proto
	)

see if a DetectProto explicitly a certain proto Explicit means the protocol was explicitly set, so "any" doesn't qualify.

Parameters

dp	detect proto to inspect
proto	protocol (such as IPPROTO_TCP) to look for

Return values

false	protocol not in the set
true	protocol is in the set

Definition at line 133 of file detect-engine-proto.c.

References DETECT_PROTO_ANY, DETECT_PROTO_L2_ANY, DetectProto_::flags, DetectProto_::proto, and proto.

◆ DetectProtoParse()

int DetectProtoParse	(	DetectProto *	dp,
		const char *	str
	)

Parses a protocol sent as a string.

Parameters

dp	Pointer to the DetectProto instance which will be updated with the incoming protocol information.
str	Pointer to the string containing the protocol name.

Return values

>=0	If proto is detected, -1 otherwise.

Definition at line 90 of file detect-engine-proto.c.

References ARRAY_SIZE, DETECT_PROTO_ANY, DetectProto_::flags, flags, name, DetectProto_::proto, proto, proto2, proto_table, SCLogDebug, and str.

◆ DetectProtoTests()

void DetectProtoTests ( void )

this function registers unit tests for DetectProto

Definition at line 443 of file detect-engine-proto.c.

References UtRegisterTest().

Here is the call graph for this function:

Variable Documentation

◆ flags

uint8_t flags

Definition at line 51 of file detect-engine-proto.c.

Referenced by DetectProtoParse().

◆ name

const char* name

Definition at line 48 of file detect-engine-proto.c.

Referenced by BuildCpusetWithCallback(), CaptureStatsSetup(), ConfigSetDataDirectory(), ConfigSetLogDirectory(), DatajsonGet(), DatasetFind(), DatasetGet(), DatasetGetOrCreate(), DetectEngineContentModifierBufferSetup(), DetectEngineFrameInspectEngineRegister(), DetectEngineFrameMpmRegister(), DetectEngineProtoList(), DetectFrameMpmRegister(), DetectPktInspectEngineRegister(), DetectProtoParse(), DetectRegisterAppLayerHookLists(), DetectUnregisterThreadCtxFuncs(), DumpPatterns(), EngineAnalysisFP(), EngineAnalysisRules2(), EveAddFlowTcpFlags(), EveAddFlowTcpStreamFlags(), FlowEndCountersRegister(), GetAffinityTypeForNameAndIface(), GetOrAllocAffinityTypeForIfaceOfName(), ListAppLayerFrames(), ListAppLayerHooks(), LiveGetDevice(), MpmFactoryRegisterMpmCtxProfile(), OutputRegisterPacketModule(), OutputRegisterPacketSubModule(), PatternMatchDefaultMatcher(), PrefilterAppendEngine(), PrefilterAppendFrameEngine(), PrefilterAppendPayloadEngine(), PrefilterAppendPostRuleEngine(), PrefilterAppendTxEngine(), SCClassConfGetClasstype(), SCConfGet(), SCConfGetBool(), SCConfGetDouble(), SCConfGetFloat(), SCConfGetInt(), SCConfGetTime(), SCConfNodeDump(), SCConfNodeGetNodeOrCreate(), SCConfNodeLookupChild(), SCConfNodeLookupChildValue(), SCConfRemove(), SCConfSetFromString(), SCDetectHelperBufferRegister(), SCDetectRegisterBufferLowerMd5Callbacks(), SCEveFindFileType(), SCFlowStorageRegister(), SCHostStorageRegister(), SCIPPairStorageRegister(), SCLiveDevStorageRegister(), SCParseCommandLine(), SCSigTableHasKeyword(), SCThreadStorageRegister(), SigTableList(), SigTableRegisterTests(), SinglePatternMatchDefaultMatcher(), TestHelperBufferToFile(), TmModuleBypassedFlowManagerRegister(), TmModuleGetByName(), TmqGetQueueByName(), TmqhGetQueueHandlerByName(), TmqhNameToID(), VarNameStoreLookupById(), VarNameStoreLookupByName(), VarNameStoreRegister(), and VarNameStoreSetupLookup().

◆ proto

uint8_t proto

Definition at line 49 of file detect-engine-proto.c.

Referenced by DetectProtoContainsProto(), DetectProtoHasExplicitProto(), and DetectProtoParse().

◆ proto2

uint8_t proto2

Definition at line 50 of file detect-engine-proto.c.

Referenced by DetectProtoParse().

◆ proto_table

struct { ... } proto_table[]

Initial value:

= {
    
    { "tcp", IPPROTO_TCP, 0, 0, },
    { "tcp-pkt", IPPROTO_TCP, 0, DETECT_PROTO_ONLY_PKT, },
    { "tcp-stream", IPPROTO_TCP, 0, DETECT_PROTO_ONLY_STREAM, },
    { "udp", IPPROTO_UDP, 0, 0, },
    { "icmpv4", IPPROTO_ICMP, 0, 0, },
    { "icmpv6", IPPROTO_ICMPV6, 0, 0, },
    { "icmp", IPPROTO_ICMP, IPPROTO_ICMPV6, 0, },
    { "igmp", IPPROTO_IGMP, 0, 0, },
    { "sctp", IPPROTO_SCTP, 0, 0, },
    { "ipv4", 0, 0, DETECT_PROTO_IPV4 | DETECT_PROTO_ANY, },
    { "ip4", 0, 0, DETECT_PROTO_IPV4 | DETECT_PROTO_ANY, },
    { "ipv6", 0, 0, DETECT_PROTO_IPV6 | DETECT_PROTO_ANY, },
    { "ip6", 0, 0, DETECT_PROTO_IPV6 | DETECT_PROTO_ANY, },
    { "ip", 0, 0, DETECT_PROTO_ANY, },
    { "pkthdr", 0, 0, DETECT_PROTO_L2_ANY, },
    { "ether", 0, 0, DETECT_PROTO_ETHERNET, },
    { "arp", 0, 0, DETECT_PROTO_ARP | DETECT_PROTO_ETHERNET, },
    
}

Referenced by DetectEngineProtoList(), and DetectProtoParse().

Functions

Variables

Detailed Description

Function Documentation

◆ DetectEngineProtoList()

◆ DetectProtoContainsProto()

◆ DetectProtoFinalizeSignature()

◆ DetectProtoHasExplicitProto()

◆ DetectProtoParse()

◆ DetectProtoTests()

Variable Documentation

◆ flags

◆ name

◆ proto

◆ proto2

◆ proto_table