suricata
detect-rev.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2010 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Implements the rev keyword
24  */
25 
26 #include "suricata-common.h"
27 #include "detect.h"
28 #include "detect-rev.h"
29 #include "util-debug.h"
30 #include "util-error.h"
31 
32 static int DetectRevSetup (DetectEngineCtx *, Signature *, const char *);
33 
34 void DetectRevRegister (void)
35 {
37  sigmatch_table[DETECT_REV].desc = "set version of the rule";
38  sigmatch_table[DETECT_REV].url = DOC_URL DOC_VERSION "/rules/meta.html#rev-revision";
40  sigmatch_table[DETECT_REV].Setup = DetectRevSetup;
43 }
44 
45 static int DetectRevSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
46 {
47  unsigned long rev = 0;
48  char *endptr = NULL;
49  rev = strtoul(rawstr, &endptr, 10);
50  if (endptr == NULL || *endptr != '\0') {
51  SCLogError(SC_ERR_INVALID_SIGNATURE, "invalid character as arg "
52  "to rev keyword");
53  goto error;
54  }
55  if (rev >= UINT_MAX) {
56  SCLogError(SC_ERR_INVALID_NUMERIC_VALUE, "rev value to high, max %u", UINT_MAX);
57  goto error;
58  }
59  if (rev == 0) {
60  SCLogError(SC_ERR_INVALID_NUMERIC_VALUE, "rev value 0 is invalid");
61  goto error;
62  }
63  if (s->rev > 0) {
64  SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "duplicated 'rev' keyword detected");
65  goto error;
66  }
67 
68  s->rev = (uint32_t)rev;
69 
70  return 0;
71 
72  error:
73  return -1;
74 }
75 
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
Definition: detect.h:1448
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Definition: detect.h:1186
void DetectRevRegister(void)
Definition: detect-rev.c:34
const char * name
Definition: detect.h:1200
Signature container.
Definition: detect.h:522
main detection engine ctx
Definition: detect.h:761
void(* Free)(void *)
Definition: detect.h:1191
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:294
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
Definition: detect.h:1170
const char * desc
Definition: detect.h:1202
const char * url
Definition: detect.h:1203
uint32_t rev
Definition: detect.h:557
#define DOC_URL
Definition: suricata.h:86
#define DOC_VERSION
Definition: suricata.h:91
void(* RegisterTests)(void)
Definition: detect.h:1192