]>
git.ipfire.org Git - people/ms/suricata.git/blob - src/detect-dsize.h
1 /* Copyright (C) 2007-2010 Open Information Security Foundation
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
21 * \author Victor Julien <victor@inliniac.net>
24 #ifndef __DETECT_DSIZE_H__
25 #define __DETECT_DSIZE_H__
27 #define DETECTDSIZE_LT 0
28 #define DETECTDSIZE_EQ 1
29 #define DETECTDSIZE_GT 2
30 #define DETECTDSIZE_RA 3
31 #define DETECTDSIZE_NE 4
33 typedef struct DetectDsizeData_
{
40 void DetectDsizeRegister (void);
42 int SigParseGetMaxDsize(const Signature
*s
);
43 void SigParseSetDsizePair(Signature
*s
);
44 void SigParseApplyDsizeToContent(Signature
*s
);
46 /** Determine if a packet p should be kicked out during prefilter due
47 * to dsize outside the range specified in signature s */
48 static inline bool SigDsizePrefilter(const Packet
*p
, const Signature
*s
, uint32_t sflags
)
50 if (unlikely(sflags
& SIG_FLAG_DSIZE
)) {
51 if (likely(p
->payload_len
< s
->dsize_low
|| p
->payload_len
> s
->dsize_high
)) {
52 if (!(s
->dsize_mode
== DETECTDSIZE_NE
)) {
53 SCLogDebug("kicked out as p->payload_len %u, dsize low %u, hi %u", p
->payload_len
,
54 s
->dsize_low
, s
->dsize_high
);
62 #endif /* __DETECT_DSIZE_H__ */