Go to the source code of this file.
Data Structures | |
| struct | DetectProto_ |
Macros | |
| #define | DETECT_PROTO_ANY BIT_U8(0) |
| #define | DETECT_PROTO_ONLY_PKT BIT_U8(1) |
| #define | DETECT_PROTO_ONLY_STREAM BIT_U8(2) |
| #define | DETECT_PROTO_IPV4 BIT_U8(3) |
| #define | DETECT_PROTO_IPV6 BIT_U8(4) |
| #define | DETECT_PROTO_ETHERNET BIT_U8(5) |
| #define | DETECT_PROTO_ARP BIT_U8(6) |
| #define | DETECT_PROTO_L2_ANY BIT_U8(7) |
Typedefs | |
| typedef struct DetectProto_ | DetectProto |
Functions | |
| int | DetectProtoParse (DetectProto *dp, const char *str) |
| Parses a protocol sent as a string. More... | |
| int | DetectProtoContainsProto (const DetectProto *, int) |
| see if a DetectProto contains a certain proto More... | |
| bool | DetectProtoHasExplicitProto (const DetectProto *dp, const uint8_t proto) |
| see if a DetectProto explicitly a certain proto Explicit means the protocol was explicitly set, so "any" doesn't qualify. More... | |
| void | DetectEngineProtoList (void) |
| int | DetectProtoFinalizeSignature (struct Signature_ *s) |
| void | DetectProtoTests (void) |
| this function registers unit tests for DetectProto More... | |
Detailed Description
Definition in file detect-engine-proto.h.
Macro Definition Documentation
◆ DETECT_PROTO_ANY
| #define DETECT_PROTO_ANY BIT_U8(0) |
Indicate that given protocol is considered as IP
Definition at line 29 of file detect-engine-proto.h.
◆ DETECT_PROTO_ARP
| #define DETECT_PROTO_ARP BIT_U8(6) |
ARP packets over for Ethernet, can have VLAN(s) in between
Definition at line 35 of file detect-engine-proto.h.
◆ DETECT_PROTO_ETHERNET
| #define DETECT_PROTO_ETHERNET BIT_U8(5) |
Like ANY, but for Ethernet
Definition at line 34 of file detect-engine-proto.h.
◆ DETECT_PROTO_IPV4
| #define DETECT_PROTO_IPV4 BIT_U8(3) |
IPv4 only
Definition at line 32 of file detect-engine-proto.h.
◆ DETECT_PROTO_IPV6
| #define DETECT_PROTO_IPV6 BIT_U8(4) |
IPv6 only
Definition at line 33 of file detect-engine-proto.h.
◆ DETECT_PROTO_L2_ANY
| #define DETECT_PROTO_L2_ANY BIT_U8(7) |
Like ANY, but for any L2 proto.
Definition at line 36 of file detect-engine-proto.h.
◆ DETECT_PROTO_ONLY_PKT
| #define DETECT_PROTO_ONLY_PKT BIT_U8(1) |
Indicate that we only care about packet payloads.
Definition at line 30 of file detect-engine-proto.h.
◆ DETECT_PROTO_ONLY_STREAM
| #define DETECT_PROTO_ONLY_STREAM BIT_U8(2) |
Indicate that we only care about stream payloads.
Definition at line 31 of file detect-engine-proto.h.
Typedef Documentation
◆ DetectProto
| typedef struct DetectProto_ DetectProto |
Function Documentation
◆ DetectEngineProtoList()
| void DetectEngineProtoList | ( | void | ) |
Definition at line 74 of file detect-engine-proto.c.
References ARRAY_SIZE, name, and proto_table.
Referenced by DetectListSupportedProtocols().
◆ DetectProtoContainsProto()
| int DetectProtoContainsProto | ( | const DetectProto * | dp, |
| int | proto | ||
| ) |
see if a DetectProto contains a certain proto
- Parameters
-
dp detect proto to inspect proto protocol (such as IPPROTO_TCP) to look for
- Return values
-
0 protocol not in the set 1 protocol is in the set
Definition at line 115 of file detect-engine-proto.c.
References DETECT_PROTO_ANY, DETECT_PROTO_L2_ANY, DetectProto_::flags, DetectProto_::proto, and proto.
Referenced by SignatureHasPacketContent(), and SignatureHasStreamContent().
◆ DetectProtoFinalizeSignature()
| int DetectProtoFinalizeSignature | ( | struct Signature_ * | s | ) |
Definition at line 157 of file detect-engine-proto.c.
References BUG_ON, DETECT_PROTO_ANY, DETECT_PROTO_IPV4, DETECT_PROTO_IPV6, DetectProto_::flags, Signature_::id, Signature_::init_data, SignatureInitData_::init_flags, SignatureInitData_::proto, Signature_::proto, SCLogDebug, SIG_FLAG_INIT_FRAME, SIG_TYPE_IPONLY, and Signature_::type.
◆ DetectProtoHasExplicitProto()
| bool DetectProtoHasExplicitProto | ( | const DetectProto * | dp, |
| const uint8_t | proto | ||
| ) |
see if a DetectProto explicitly a certain proto Explicit means the protocol was explicitly set, so "any" doesn't qualify.
- Parameters
-
dp detect proto to inspect proto protocol (such as IPPROTO_TCP) to look for
- Return values
-
false protocol not in the set true protocol is in the set
Definition at line 133 of file detect-engine-proto.c.
References DETECT_PROTO_ANY, DETECT_PROTO_L2_ANY, DetectProto_::flags, DetectProto_::proto, and proto.
◆ DetectProtoParse()
| int DetectProtoParse | ( | DetectProto * | dp, |
| const char * | str | ||
| ) |
Parses a protocol sent as a string.
- Parameters
-
dp Pointer to the DetectProto instance which will be updated with the incoming protocol information. str Pointer to the string containing the protocol name.
- Return values
-
>=0 If proto is detected, -1 otherwise.
Definition at line 90 of file detect-engine-proto.c.
References ARRAY_SIZE, DETECT_PROTO_ANY, DetectProto_::flags, flags, name, DetectProto_::proto, proto, proto2, proto_table, SCLogDebug, and str.
◆ DetectProtoTests()
| void DetectProtoTests | ( | void | ) |
this function registers unit tests for DetectProto
Definition at line 443 of file detect-engine-proto.c.
References UtRegisterTest().
