suricata
detect-flowint.h
Go to the documentation of this file.
1 /* Copyright (C) 2007-2014 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Pablo Rincon <pablo.rincon.crespo@gmail.com>
22  */
23 
24 #ifndef __DETECT_FLOWINT_H__
25 #define __DETECT_FLOWINT_H__
26 
27 /** Flowint operations allowed */
28 enum {
29  /** Changing integer values */
30  FLOWINT_MODIFIER_SET,
31  FLOWINT_MODIFIER_ADD,
32  FLOWINT_MODIFIER_SUB,
33 
34  /** Comparing integer values */
35  FLOWINT_MODIFIER_LT,
36  FLOWINT_MODIFIER_LE,
37  FLOWINT_MODIFIER_EQ,
38  FLOWINT_MODIFIER_NE,
39  FLOWINT_MODIFIER_GE,
40  FLOWINT_MODIFIER_GT,
41  /** Checking if a var is set (keyword isset/notset)*/
42  FLOWINT_MODIFIER_ISSET,
43  FLOWINT_MODIFIER_NOTSET,
44 
45  FLOWINT_MODIFIER_UNKNOWN
46 };
47 
48 /** The target can be a value, or another variable arleady declared */
49 enum {
50  FLOWINT_TARGET_VAL,
51  FLOWINT_TARGET_VAR,
52  FLOWINT_TARGET_SELF,
53  FLOWINT_TARGET_UNKNOWN
54 };
55 
56 /** If the target is another var, get the name and the idx */
57 typedef struct TargetVar_ {
58  char *name;
59 } TargetVar;
60 
61 /** Context data for flowint vars */
62 typedef struct DetectFlowintData_ {
63  /* This is the main var we are going to use
64  * against the target */
65  char *name;
66  /* Internal id of the var */
67  uint32_t idx;
68 
69  /* The modifier/operation/condition we are
70  * going to execute */
71  uint8_t modifier;
72  uint8_t targettype;
73 
74  union {
75  /* the target value */
76  uint32_t value;
77  /* or the target var */
78  TargetVar tvar;
79  } target;
80 } DetectFlowintData;
81 
82 /* prototypes */
83 void DetectFlowintRegister (void);
84 
85 #endif /* __DETECT_FLOWINT_H__ */
86 
DetectFlowintData_::name
char * name
Definition: detect-flowint.h:65
DetectFlowintData
struct DetectFlowintData_ DetectFlowintData
DetectFlowintData_::modifier
uint8_t modifier
Definition: detect-flowint.h:71
TargetVar_::name
char * name
Definition: detect-flowint.h:58
TargetVar_
Definition: detect-flowint.h:57
DetectFlowintRegister
void DetectFlowintRegister(void)
Definition: detect-flowint.c:62
DetectFlowintData_
Definition: detect-flowint.h:62
DetectFlowintData_::tvar
TargetVar tvar
Definition: detect-flowint.h:78
DetectFlowintData_::targettype
uint8_t targettype
Definition: detect-flowint.h:72
DetectFlowintData_::idx
uint32_t idx
Definition: detect-flowint.h:67
TargetVar
struct TargetVar_ TargetVar
DetectFlowintData_::value
uint32_t value
Definition: detect-flowint.h:76