]>
Commit | Line | Data |
---|---|---|
35f3eafa AS |
1 | /* Copyright (C) 2007-2010 Open Information Security Foundation |
2 | * | |
3 | * You can copy, redistribute or modify this Program under the terms of | |
4 | * the GNU General Public License version 2 as published by the Free | |
5 | * Software Foundation. | |
6 | * | |
7 | * This program is distributed in the hope that it will be useful, | |
8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | * GNU General Public License for more details. | |
11 | * | |
12 | * You should have received a copy of the GNU General Public License | |
13 | * version 2 along with this program; if not, write to the Free Software | |
14 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | |
15 | * 02110-1301, USA. | |
16 | */ | |
17 | ||
18 | /** | |
19 | * \file | |
20 | * | |
420befb1 | 21 | * \author Anoop Saldanha <anoopsaldanha@gmail.com> |
35f3eafa AS |
22 | */ |
23 | ||
24 | #ifndef __DETECT_BYTEEXTRACT_H__ | |
25 | #define __DETECT_BYTEEXTRACT_H__ | |
26 | ||
27 | /* flags */ | |
28 | #define DETECT_BYTE_EXTRACT_FLAG_RELATIVE 0x01 | |
29 | #define DETECT_BYTE_EXTRACT_FLAG_MULTIPLIER 0x02 | |
30 | #define DETECT_BYTE_EXTRACT_FLAG_STRING 0x04 | |
31 | #define DETECT_BYTE_EXTRACT_FLAG_ALIGN 0x08 | |
32 | #define DETECT_BYTE_EXTRACT_FLAG_ENDIAN 0x10 | |
33 | ||
34 | /* endian value to be used. Would be stored in DetectByteParseData->endian */ | |
35 | #define DETECT_BYTE_EXTRACT_ENDIAN_NONE 0 | |
36 | #define DETECT_BYTE_EXTRACT_ENDIAN_BIG 1 | |
37 | #define DETECT_BYTE_EXTRACT_ENDIAN_LITTLE 2 | |
38 | #define DETECT_BYTE_EXTRACT_ENDIAN_DCE 3 | |
39 | ||
40 | /** | |
41 | * \brief Holds data related to byte_extract keyword. | |
42 | */ | |
43 | typedef struct DetectByteExtractData_ { | |
44 | /* local id used by other keywords in the sig to reference this */ | |
45 | uint8_t local_id; | |
46 | ||
47 | uint8_t nbytes; | |
48 | int16_t pad; | |
49 | int32_t offset; | |
50 | const char *name; | |
51 | uint8_t flags; | |
52 | uint8_t endian; | |
53 | uint8_t base; | |
54 | uint8_t align_value; | |
55 | ||
56 | uint16_t multiplier_value; | |
57 | /* unique id used to reference this byte_extract keyword */ | |
58 | uint16_t id; | |
59 | ||
60 | } DetectByteExtractData; | |
61 | ||
35f3eafa | 62 | void DetectByteExtractRegister(void); |
39613778 | 63 | |
bfd4bc82 | 64 | SigMatch *DetectByteExtractRetrieveSMVar(const char *, const Signature *); |
bd456076 | 65 | int DetectByteExtractDoMatch(DetectEngineThreadCtx *, const SigMatchData *, const Signature *, |
579cc9f0 | 66 | const uint8_t *, uint16_t, uint64_t *, uint8_t); |
35f3eafa AS |
67 | |
68 | #endif /* __DETECT_BYTEEXTRACT_H__ */ |