suricata
detect-rev.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2010 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Implements the rev keyword
24  */
25 
26 #include "suricata-common.h"
27 #include "detect.h"
28 #include "detect-rev.h"
29 #include "util-debug.h"
30 #include "util-error.h"
31 
32 static int DetectRevSetup (DetectEngineCtx *, Signature *, const char *);
33 
34 void DetectRevRegister (void)
35 {
37  sigmatch_table[DETECT_REV].desc = "set version of the rule";
38  sigmatch_table[DETECT_REV].url = "/rules/meta.html#rev-revision";
39  sigmatch_table[DETECT_REV].Setup = DetectRevSetup;
40 }
41 
42 static int DetectRevSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
43 {
44  unsigned long rev = 0;
45  char *endptr = NULL;
46  rev = strtoul(rawstr, &endptr, 10);
47  if (endptr == NULL || *endptr != '\0') {
48  SCLogError(SC_ERR_INVALID_SIGNATURE, "invalid character as arg "
49  "to rev keyword");
50  goto error;
51  }
52  if (rev >= UINT_MAX) {
53  SCLogError(SC_ERR_INVALID_NUMERIC_VALUE, "rev value to high, max %u", UINT_MAX);
54  goto error;
55  }
56  if (rev == 0) {
57  SCLogError(SC_ERR_INVALID_NUMERIC_VALUE, "rev value 0 is invalid");
58  goto error;
59  }
60  if (s->rev > 0) {
61  SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "duplicated 'rev' keyword detected");
62  goto error;
63  }
64 
65  s->rev = (uint32_t)rev;
66 
67  return 0;
68 
69  error:
70  return -1;
71 }
SigTableElmt_::url
const char * url
Definition: detect.h:1214
SigTableElmt_::desc
const char * desc
Definition: detect.h:1213
DetectRevRegister
void DetectRevRegister(void)
Definition: detect-rev.c:34
SigTableElmt_::name
const char * name
Definition: detect.h:1211
SC_ERR_INVALID_RULE_ARGUMENT
@ SC_ERR_INVALID_RULE_ARGUMENT
Definition: util-error.h:302
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:767
SC_ERR_INVALID_SIGNATURE
@ SC_ERR_INVALID_SIGNATURE
Definition: util-error.h:69
DETECT_REV
@ DETECT_REV
Definition: detect-engine-register.h:30
detect-rev.h
SigTableElmt_::Setup
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Definition: detect.h:1196
util-debug.h
util-error.h
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
detect.h
suricata-common.h
sigmatch_table
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
Definition: detect-parse.c:73
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:257
Signature_::rev
uint32_t rev
Definition: detect.h:563
Signature_
Signature container.
Definition: detect.h:528
SC_ERR_INVALID_NUMERIC_VALUE
@ SC_ERR_INVALID_NUMERIC_VALUE
Definition: util-error.h:90