suricata
detect-noalert.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2024 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Implements the noalert and alert keywords.
24  */
25 
26 #include "suricata-common.h"
27 #include "action-globals.h"
28 #include "detect.h"
29 #include "detect-noalert.h"
30 #include "util-debug.h"
31 #include "util-validate.h"
32 
33 static int DetectNoalertSetup(DetectEngineCtx *de_ctx, Signature *s, const char *nullstr)
34 {
35  DEBUG_VALIDATE_BUG_ON(nullstr != NULL);
36 
37  s->action &= ~ACTION_ALERT;
38  return 0;
39 }
40 
41 static int DetectAlertSetup(DetectEngineCtx *de_ctx, Signature *s, const char *nullstr)
42 {
43  DEBUG_VALIDATE_BUG_ON(nullstr != NULL);
44 
45  s->action |= ACTION_ALERT;
46  return 0;
47 }
48 
49 void DetectNoalertRegister(void)
50 {
51  sigmatch_table[DETECT_NOALERT].name = "noalert";
52  sigmatch_table[DETECT_NOALERT].desc = "no alert will be generated by the rule";
53  sigmatch_table[DETECT_NOALERT].url = "/rules/noalert.html";
54  sigmatch_table[DETECT_NOALERT].Setup = DetectNoalertSetup;
55  sigmatch_table[DETECT_NOALERT].flags |= SIGMATCH_NOOPT;
56 
57  sigmatch_table[DETECT_ALERT].name = "alert";
58  sigmatch_table[DETECT_ALERT].desc = "alert will be generated by the rule";
59  sigmatch_table[DETECT_ALERT].url = "/rules/noalert.html";
60  sigmatch_table[DETECT_ALERT].Setup = DetectAlertSetup;
61  sigmatch_table[DETECT_ALERT].flags |= SIGMATCH_NOOPT;
62 }
SigTableElmt_::url
const char * url
Definition: detect.h:1304
SigTableElmt_::desc
const char * desc
Definition: detect.h:1303
detect-noalert.h
sigmatch_table
SigTableElmt * sigmatch_table
Definition: detect-parse.c:127
SigTableElmt_::name
const char * name
Definition: detect.h:1301
DETECT_ALERT
@ DETECT_ALERT
Definition: detect-engine-register.h:109
action-globals.h
SigTableElmt_::flags
uint16_t flags
Definition: detect.h:1295
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:841
SigTableElmt_::Setup
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Definition: detect.h:1286
util-debug.h
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
detect.h
Signature_::action
uint8_t action
Definition: detect.h:616
ACTION_ALERT
#define ACTION_ALERT
Definition: action-globals.h:29
DETECT_NOALERT
@ DETECT_NOALERT
Definition: detect-engine-register.h:108
suricata-common.h
util-validate.h
DetectNoalertRegister
void DetectNoalertRegister(void)
Definition: detect-noalert.c:49
Signature_
Signature container.
Definition: detect.h:601
SIGMATCH_NOOPT
#define SIGMATCH_NOOPT
Definition: detect.h:1485
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition: util-validate.h:102