suricata
detect-rev.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2010 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Implements the rev keyword
24  */
25 
26 #include "suricata-common.h"
27 #include "detect.h"
28 #include "detect-rev.h"
29 #include "util-debug.h"
30 #include "util-error.h"
31 
32 static int DetectRevSetup (DetectEngineCtx *, Signature *, const char *);
33 
34 void DetectRevRegister (void)
35 {
36  sigmatch_table[DETECT_REV].name = "rev";
37  sigmatch_table[DETECT_REV].desc = "set version of the rule";
38  sigmatch_table[DETECT_REV].url = "/rules/meta.html#rev-revision";
39  sigmatch_table[DETECT_REV].Match = NULL;
40  sigmatch_table[DETECT_REV].Setup = DetectRevSetup;
41  sigmatch_table[DETECT_REV].Free = NULL;
42  sigmatch_table[DETECT_REV].RegisterTests = NULL;
43 }
44 
45 static int DetectRevSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
46 {
47  unsigned long rev = 0;
48  char *endptr = NULL;
49  rev = strtoul(rawstr, &endptr, 10);
50  if (endptr == NULL || *endptr != '\0') {
51  SCLogError(SC_ERR_INVALID_SIGNATURE, "invalid character as arg "
52  "to rev keyword");
53  goto error;
54  }
55  if (rev >= UINT_MAX) {
56  SCLogError(SC_ERR_INVALID_NUMERIC_VALUE, "rev value to high, max %u", UINT_MAX);
57  goto error;
58  }
59  if (rev == 0) {
60  SCLogError(SC_ERR_INVALID_NUMERIC_VALUE, "rev value 0 is invalid");
61  goto error;
62  }
63  if (s->rev > 0) {
64  SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "duplicated 'rev' keyword detected");
65  goto error;
66  }
67 
68  s->rev = (uint32_t)rev;
69 
70  return 0;
71 
72  error:
73  return -1;
74 }
75 
SigTableElmt_::url
const char * url
Definition: detect.h:1204
SigTableElmt_::desc
const char * desc
Definition: detect.h:1203
DetectRevRegister
void DetectRevRegister(void)
Definition: detect-rev.c:34
SigTableElmt_::Free
void(* Free)(DetectEngineCtx *, void *)
Definition: detect.h:1192
SigTableElmt_::name
const char * name
Definition: detect.h:1201
SC_ERR_INVALID_RULE_ARGUMENT
@ SC_ERR_INVALID_RULE_ARGUMENT
Definition: util-error.h:302
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:761
SC_ERR_INVALID_SIGNATURE
@ SC_ERR_INVALID_SIGNATURE
Definition: util-error.h:69
DETECT_REV
@ DETECT_REV
Definition: detect-engine-register.h:30
detect-rev.h
SigTableElmt_::Setup
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Definition: detect.h:1187
util-debug.h
util-error.h
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
detect.h
SigTableElmt_::Match
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
Definition: detect.h:1171
suricata-common.h
sigmatch_table
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
Definition: detect-parse.c:73
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:257
Signature_::rev
uint32_t rev
Definition: detect.h:557
Signature_
Signature container.
Definition: detect.h:522
SC_ERR_INVALID_NUMERIC_VALUE
@ SC_ERR_INVALID_NUMERIC_VALUE
Definition: util-error.h:90
SigTableElmt_::RegisterTests
void(* RegisterTests)(void)
Definition: detect.h:1193