suricata
detect-rev.c
Go to the documentation of this file.
1
/* Copyright (C) 2007-2010 Open Information Security Foundation
2
*
3
* You can copy, redistribute or modify this Program under the terms of
4
* the GNU General Public License version 2 as published by the Free
5
* Software Foundation.
6
*
7
* This program is distributed in the hope that it will be useful,
8
* but WITHOUT ANY WARRANTY; without even the implied warranty of
9
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10
* GNU General Public License for more details.
11
*
12
* You should have received a copy of the GNU General Public License
13
* version 2 along with this program; if not, write to the Free Software
14
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15
* 02110-1301, USA.
16
*/
17
18
/**
19
* \file
20
*
21
* \author Victor Julien <victor@inliniac.net>
22
*
23
* Implements the rev keyword
24
*/
25
26
#include "
suricata-common.h
"
27
#include "
detect.h
"
28
#include "
detect-rev.h
"
29
#include "
util-debug.h
"
30
#include "
util-error.h
"
31
32
static
int
DetectRevSetup (
DetectEngineCtx
*,
Signature
*,
const
char
*);
33
34
void
DetectRevRegister
(
void
)
35
{
36
sigmatch_table
[
DETECT_REV
].
name
=
"rev"
;
37
sigmatch_table
[
DETECT_REV
].
desc
=
"set version of the rule"
;
38
sigmatch_table
[
DETECT_REV
].
url
=
"/rules/meta.html#rev-revision"
;
39
sigmatch_table
[
DETECT_REV
].
Setup
= DetectRevSetup;
40
}
41
42
static
int
DetectRevSetup (
DetectEngineCtx
*
de_ctx
,
Signature
*s,
const
char
*rawstr)
43
{
44
unsigned
long
rev = 0;
45
char
*endptr = NULL;
46
rev = strtoul(rawstr, &endptr, 10);
47
if
(endptr == NULL || *endptr !=
'\0'
) {
48
SCLogError
(
SC_ERR_INVALID_SIGNATURE
,
"invalid character as arg "
49
"to rev keyword"
);
50
goto
error;
51
}
52
if
(rev >= UINT_MAX) {
53
SCLogError
(
SC_ERR_INVALID_NUMERIC_VALUE
,
"rev value to high, max %u"
, UINT_MAX);
54
goto
error;
55
}
56
if
(rev == 0) {
57
SCLogError
(
SC_ERR_INVALID_NUMERIC_VALUE
,
"rev value 0 is invalid"
);
58
goto
error;
59
}
60
if
(s->
rev
> 0) {
61
SCLogError
(
SC_ERR_INVALID_RULE_ARGUMENT
,
"duplicated 'rev' keyword detected"
);
62
goto
error;
63
}
64
65
s->
rev
= (uint32_t)rev;
66
67
return
0;
68
69
error:
70
return
-1;
71
}
SigTableElmt_::url
const char * url
Definition:
detect.h:1214
SigTableElmt_::desc
const char * desc
Definition:
detect.h:1213
DetectRevRegister
void DetectRevRegister(void)
Definition:
detect-rev.c:34
SigTableElmt_::name
const char * name
Definition:
detect.h:1211
SC_ERR_INVALID_RULE_ARGUMENT
@ SC_ERR_INVALID_RULE_ARGUMENT
Definition:
util-error.h:302
DetectEngineCtx_
main detection engine ctx
Definition:
detect.h:767
SC_ERR_INVALID_SIGNATURE
@ SC_ERR_INVALID_SIGNATURE
Definition:
util-error.h:69
DETECT_REV
@ DETECT_REV
Definition:
detect-engine-register.h:30
detect-rev.h
SigTableElmt_::Setup
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Definition:
detect.h:1196
util-debug.h
util-error.h
de_ctx
DetectEngineCtx * de_ctx
Definition:
fuzz_siginit.c:17
detect.h
suricata-common.h
sigmatch_table
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
Definition:
detect-parse.c:73
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition:
util-debug.h:257
Signature_::rev
uint32_t rev
Definition:
detect.h:563
Signature_
Signature container.
Definition:
detect.h:528
SC_ERR_INVALID_NUMERIC_VALUE
@ SC_ERR_INVALID_NUMERIC_VALUE
Definition:
util-error.h:90
src
detect-rev.c
Generated on Fri Oct 30 2020 23:30:37 for suricata by
1.8.18
1.8.18 1.8.18