suricata
detect-rev.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2010 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Implements the rev keyword
24  */
25 
26 #include "suricata-common.h"
27 #include "detect.h"
28 #include "detect-rev.h"
29 #include "util-debug.h"
30 #include "util-error.h"
31 
32 static int DetectRevSetup (DetectEngineCtx *, Signature *, const char *);
33 
34 void DetectRevRegister (void)
35 {
36  sigmatch_table[DETECT_REV].name = "rev";
37  sigmatch_table[DETECT_REV].desc = "set version of the rule";
38  sigmatch_table[DETECT_REV].url = "/rules/meta.html#rev-revision";
39  sigmatch_table[DETECT_REV].Setup = DetectRevSetup;
40 }
41 
42 static int DetectRevSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
43 {
44  unsigned long rev = 0;
45  char *endptr = NULL;
46  errno = 0;
47  rev = strtoul(rawstr, &endptr, 10);
48  if (errno == ERANGE || endptr == NULL || *endptr != '\0') {
49  SCLogError("invalid character as arg "
50  "to rev keyword");
51  goto error;
52  }
53  if (rev >= UINT_MAX) {
54  SCLogError("rev value to high, max %u", UINT_MAX);
55  goto error;
56  }
57  if (rev == 0) {
58  SCLogError("rev value 0 is invalid");
59  goto error;
60  }
61  if (s->rev > 0) {
62  SCLogError("duplicated 'rev' keyword detected");
63  goto error;
64  }
65 
66  s->rev = (uint32_t)rev;
67 
68  return 0;
69 
70  error:
71  return -1;
72  }
SigTableElmt_::url
const char * url
Definition: detect.h:1307
SigTableElmt_::desc
const char * desc
Definition: detect.h:1306
DetectRevRegister
void DetectRevRegister(void)
Definition: detect-rev.c:34
sigmatch_table
SigTableElmt * sigmatch_table
Definition: detect-parse.c:127
SigTableElmt_::name
const char * name
Definition: detect.h:1304
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:841
DETECT_REV
@ DETECT_REV
Definition: detect-engine-register.h:30
detect-rev.h
SigTableElmt_::Setup
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Definition: detect.h:1289
util-debug.h
util-error.h
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
detect.h
suricata-common.h
Signature_::rev
uint32_t rev
Definition: detect.h:638
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
Signature_
Signature container.
Definition: detect.h:601