suricata
detect-flowint.h
Go to the documentation of this file.
1 /* Copyright (C) 2007-2014 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Pablo Rincon <pablo.rincon.crespo@gmail.com>
22  */
23 
24 #ifndef SURICATA_DETECT_FLOWINT_H
25 #define SURICATA_DETECT_FLOWINT_H
26 
27 /** Flowint operations allowed */
28 enum {
29  /** Changing integer values */
30  FLOWINT_MODIFIER_SET,
31  FLOWINT_MODIFIER_ADD,
32  FLOWINT_MODIFIER_SUB,
33 
34  /** Comparing integer values */
35  FLOWINT_MODIFIER_LT,
36  FLOWINT_MODIFIER_LE,
37  FLOWINT_MODIFIER_EQ,
38  FLOWINT_MODIFIER_NE,
39  FLOWINT_MODIFIER_GE,
40  FLOWINT_MODIFIER_GT,
41  /** Checking if a var is set (keyword isset/notset)*/
42  FLOWINT_MODIFIER_ISSET,
43  FLOWINT_MODIFIER_ISNOTSET,
44 
45  FLOWINT_MODIFIER_UNKNOWN
46 };
47 
48 /** The target can be a value, or another variable already declared */
49 enum {
50  FLOWINT_TARGET_VAL,
51  FLOWINT_TARGET_VAR,
52  FLOWINT_TARGET_SELF,
53 };
54 
55 /** If the target is another var, get the name and the idx */
56 typedef struct TargetVar_ {
57  char *name;
58 } TargetVar;
59 
60 /** Context data for flowint vars */
61 typedef struct DetectFlowintData_ {
62  /* This is the main var we are going to use
63  * against the target */
64  char *name;
65  /* Internal id of the var */
66  uint32_t idx;
67 
68  /* The modifier/operation/condition we are
69  * going to execute */
70  uint8_t modifier;
71  uint8_t targettype;
72 
73  union {
74  /* the target value */
75  uint32_t value;
76  /* or the target var */
77  TargetVar tvar;
78  } target;
79 } DetectFlowintData;
80 
81 /* prototypes */
82 void DetectFlowintRegister (void);
83 
84 #endif /* SURICATA_DETECT_FLOWINT_H */
FLOWINT_MODIFIER_LE
@ FLOWINT_MODIFIER_LE
Definition: detect-flowint.h:36
FLOWINT_MODIFIER_GT
@ FLOWINT_MODIFIER_GT
Definition: detect-flowint.h:40
FLOWINT_TARGET_VAL
@ FLOWINT_TARGET_VAL
Definition: detect-flowint.h:50
DetectFlowintData_::targettype
uint8_t targettype
Definition: detect-flowint.h:71
DetectFlowintData_
Definition: detect-flowint.h:61
FLOWINT_MODIFIER_ISSET
@ FLOWINT_MODIFIER_ISSET
Definition: detect-flowint.h:42
FLOWINT_MODIFIER_SUB
@ FLOWINT_MODIFIER_SUB
Definition: detect-flowint.h:32
DetectFlowintData_::idx
uint32_t idx
Definition: detect-flowint.h:66
FLOWINT_MODIFIER_GE
@ FLOWINT_MODIFIER_GE
Definition: detect-flowint.h:39
FLOWINT_MODIFIER_LT
@ FLOWINT_MODIFIER_LT
Definition: detect-flowint.h:35
FLOWINT_MODIFIER_EQ
@ FLOWINT_MODIFIER_EQ
Definition: detect-flowint.h:37
DetectFlowintData_::target
union DetectFlowintData_::@76 target
DetectFlowintData_::modifier
uint8_t modifier
Definition: detect-flowint.h:70
DetectFlowintData
struct DetectFlowintData_ DetectFlowintData
FLOWINT_TARGET_VAR
@ FLOWINT_TARGET_VAR
Definition: detect-flowint.h:51
FLOWINT_MODIFIER_SET
@ FLOWINT_MODIFIER_SET
Definition: detect-flowint.h:30
FLOWINT_MODIFIER_UNKNOWN
@ FLOWINT_MODIFIER_UNKNOWN
Definition: detect-flowint.h:45
FLOWINT_TARGET_SELF
@ FLOWINT_TARGET_SELF
Definition: detect-flowint.h:52
FLOWINT_MODIFIER_ADD
@ FLOWINT_MODIFIER_ADD
Definition: detect-flowint.h:31
FLOWINT_MODIFIER_NE
@ FLOWINT_MODIFIER_NE
Definition: detect-flowint.h:38
TargetVar
struct TargetVar_ TargetVar
FLOWINT_MODIFIER_ISNOTSET
@ FLOWINT_MODIFIER_ISNOTSET
Definition: detect-flowint.h:43
DetectFlowintData_::tvar
TargetVar tvar
Definition: detect-flowint.h:77
DetectFlowintRegister
void DetectFlowintRegister(void)
Definition: detect-flowint.c:67
TargetVar_::name
char * name
Definition: detect-flowint.h:57
DetectFlowintData_::name
char * name
Definition: detect-flowint.h:64
TargetVar_
Definition: detect-flowint.h:56
DetectFlowintData_::value
uint32_t value
Definition: detect-flowint.h:75