#include "suricata-common.h"#include "suricata.h"#include "decode.h"#include "detect.h"#include "detect-parse.h"#include "detect-engine-prefilter.h"#include "detect-engine-prefilter-common.h"#include "flow-var.h"#include "decode-events.h"#include "detect-tcp-flags.h"#include "util-unittest.h"#include "util-unittest-helper.h"#include "util-debug.h"
Go to the source code of this file.
Macros | |
| #define | PARSE_REGEX "^\\s*(?:([\\+\\*!]))?\\s*([SAPRFU120CE\\+\\*!]+)(?:\\s*,\\s*([SAPRFU12CE]+))?\\s*$" |
| #define | MODIFIER_NOT 1 |
| #define | MODIFIER_PLUS 2 |
| #define | MODIFIER_ANY 3 |
Functions | |
| void | DetectFlagsRegister (void) |
| Registration function for flags: keyword. More... | |
| int | DetectFlagsSignatureNeedsSynPackets (const Signature *s) |
| int | DetectFlagsSignatureNeedsSynOnlyPackets (const Signature *s) |
Detailed Description
Implements the flags keyword
Definition in file detect-tcp-flags.c.
Macro Definition Documentation
◆ MODIFIER_ANY
| #define MODIFIER_ANY 3 |
Definition at line 58 of file detect-tcp-flags.c.
◆ MODIFIER_NOT
| #define MODIFIER_NOT 1 |
Flags args[0] *(3) +(2) !(1)
Definition at line 56 of file detect-tcp-flags.c.
◆ MODIFIER_PLUS
| #define MODIFIER_PLUS 2 |
Definition at line 57 of file detect-tcp-flags.c.
◆ PARSE_REGEX
| #define PARSE_REGEX "^\\s*(?:([\\+\\*!]))?\\s*([SAPRFU120CE\\+\\*!]+)(?:\\s*,\\s*([SAPRFU12CE]+))?\\s*$" |
Regex (by Brian Rectanus) flags: [!+*](SAPRFU120)[,SAPRFU12]
Definition at line 49 of file detect-tcp-flags.c.
Function Documentation
◆ DetectFlagsRegister()
| void DetectFlagsRegister | ( | void | ) |
Registration function for flags: keyword.
Registration function for flags: keyword
Definition at line 76 of file detect-tcp-flags.c.
References SigTableElmt_::alias, SigTableElmt_::desc, DETECT_FLAGS, SigTableElmt_::Match, SigTableElmt_::name, sigmatch_table, and SigTableElmt_::url.
Referenced by SigTableSetup().
◆ DetectFlagsSignatureNeedsSynOnlyPackets()
| int DetectFlagsSignatureNeedsSynOnlyPackets | ( | const Signature * | s | ) |
Definition at line 535 of file detect-tcp-flags.c.
References SigMatch_::ctx, DETECT_FLAGS, DETECT_SM_LIST_MATCH, DetectFlagsData_::flags, Signature_::init_data, DetectFlagsData_::modifier, MODIFIER_NOT, SigMatch_::next, SignatureInitData_::smlists, TH_SYN, and SigMatch_::type.
◆ DetectFlagsSignatureNeedsSynPackets()
| int DetectFlagsSignatureNeedsSynPackets | ( | const Signature * | s | ) |
Definition at line 516 of file detect-tcp-flags.c.
References SigMatch_::ctx, DETECT_FLAGS, DETECT_SM_LIST_MATCH, DetectFlagsData_::flags, Signature_::init_data, DetectFlagsData_::modifier, MODIFIER_NOT, SigMatch_::next, SignatureInitData_::smlists, TH_SYN, and SigMatch_::type.
Referenced by SigGroupHeadBuildNonPrefilterArray().
