1 /* Copyright (C) 2007-2010 Open Information Security Foundation
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
21 * \author Victor Julien <victor@inliniac.net>
23 * Implements the rev keyword
26 #include "suricata-common.h"
28 #include "detect-rev.h"
29 #include "util-debug.h"
30 #include "util-error.h"
32 static int DetectRevSetup (DetectEngineCtx
*, Signature
*, const char *);
34 void DetectRevRegister (void)
36 sigmatch_table
[DETECT_REV
].name
= "rev";
37 sigmatch_table
[DETECT_REV
].desc
= "set version of the rule";
38 sigmatch_table
[DETECT_REV
].url
= "/rules/meta.html#rev-revision";
39 sigmatch_table
[DETECT_REV
].Setup
= DetectRevSetup
;
42 static int DetectRevSetup (DetectEngineCtx
*de_ctx
, Signature
*s
, const char *rawstr
)
44 unsigned long rev
= 0;
46 rev
= strtoul(rawstr
, &endptr
, 10);
47 if (endptr
== NULL
|| *endptr
!= '\0') {
48 SCLogError(SC_ERR_INVALID_SIGNATURE
, "invalid character as arg "
52 if (rev
>= UINT_MAX
) {
53 SCLogError(SC_ERR_INVALID_NUMERIC_VALUE
, "rev value to high, max %u", UINT_MAX
);
57 SCLogError(SC_ERR_INVALID_NUMERIC_VALUE
, "rev value 0 is invalid");
61 SCLogError(SC_ERR_INVALID_RULE_ARGUMENT
, "duplicated 'rev' keyword detected");
65 s
->rev
= (uint32_t)rev
;