suricata
Data Structures | Macros | Typedefs | Functions
detect-engine-proto.h File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  DetectProto_
 

Macros

#define DETECT_PROTO_ANY   (1 << 0)
 
#define DETECT_PROTO_ONLY_PKT   (1 << 1)
 
#define DETECT_PROTO_ONLY_STREAM   (1 << 2)
 
#define DETECT_PROTO_IPV4   (1 << 3)
 
#define DETECT_PROTO_IPV6   (1 << 4)
 

Typedefs

typedef struct DetectProto_ DetectProto
 

Functions

int DetectProtoParse (DetectProto *dp, const char *str)
 Parses a protocol sent as a string. More...
 
int DetectProtoContainsProto (const DetectProto *, int)
 see if a DetectProto contains a certain proto More...
 
void DetectProtoTests (void)
 this function registers unit tests for DetectProto More...
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file detect-engine-proto.h.

Macro Definition Documentation

◆ DETECT_PROTO_ANY

#define DETECT_PROTO_ANY   (1 << 0)

Indicate that given protocol is considered as IP

Definition at line 29 of file detect-engine-proto.h.

◆ DETECT_PROTO_IPV4

#define DETECT_PROTO_IPV4   (1 << 3)

IPv4 only

Definition at line 34 of file detect-engine-proto.h.

◆ DETECT_PROTO_IPV6

#define DETECT_PROTO_IPV6   (1 << 4)

IPv6 only

Definition at line 35 of file detect-engine-proto.h.

◆ DETECT_PROTO_ONLY_PKT

#define DETECT_PROTO_ONLY_PKT   (1 << 1)

Indicate that we only care about packet payloads.

Definition at line 31 of file detect-engine-proto.h.

◆ DETECT_PROTO_ONLY_STREAM

#define DETECT_PROTO_ONLY_STREAM   (1 << 2)

Indicate that we only care about stream payloads.

Definition at line 33 of file detect-engine-proto.h.

Typedef Documentation

◆ DetectProto

typedef struct DetectProto_ DetectProto

Function Documentation

◆ DetectProtoContainsProto()

int DetectProtoContainsProto ( const DetectProto dp,
int  proto 
)

see if a DetectProto contains a certain proto

Parameters
dpdetect proto to inspect
protoprotocol (such as IPPROTO_TCP) to look for
Return values
0protocol not in the set
1protocol is in the set

Definition at line 135 of file detect-engine-proto.c.

References DETECT_PROTO_ANY, DetectProto_::flags, proto, and DetectProto_::proto.

Referenced by IPOnlyMatchPacket().

Here is the caller graph for this function:

◆ DetectProtoParse()

int DetectProtoParse ( DetectProto dp,
const char *  str 
)

Parses a protocol sent as a string.

Parameters
dpPointer to the DetectProto instance which will be updated with the incoming protocol information.
strPointer to the string containing the protocol name.
Return values
>=0If proto is detected, -1 otherwise.
Todo:
are numeric protocols even valid?

Definition at line 56 of file detect-engine-proto.c.

References ByteExtractStringUint8(), DETECT_PROTO_ANY, DETECT_PROTO_IPV4, DETECT_PROTO_IPV6, DETECT_PROTO_ONLY_PKT, DETECT_PROTO_ONLY_STREAM, DetectProto_::flags, IPPROTO_SCTP, proto, DetectProto_::proto, SCLogDebug, and str.

Here is the call graph for this function:

◆ DetectProtoTests()

void DetectProtoTests ( void  )

this function registers unit tests for DetectProto

Definition at line 394 of file detect-engine-proto.c.

References UtRegisterTest().

Here is the call graph for this function: