#include "util-time.h"
#include "util-validate.h"
#include "util-conf.h"
+#include "detect-flowbits.h"
+#include "util-var-name.h"
static int rule_warnings_only = 0;
jb_close(js);
break;
}
+ case DETECT_FLOWBITS: {
+ const DetectFlowbitsData *cd = (const DetectFlowbitsData *)smd->ctx;
+
+ jb_open_object(js, "flowbits");
+ switch (cd->cmd) {
+ case DETECT_FLOWBITS_CMD_ISSET:
+ jb_set_string(js, "cmd", "isset");
+ break;
+ case DETECT_FLOWBITS_CMD_ISNOTSET:
+ jb_set_string(js, "cmd", "isnotset");
+ break;
+ case DETECT_FLOWBITS_CMD_SET:
+ jb_set_string(js, "cmd", "set");
+ break;
+ case DETECT_FLOWBITS_CMD_UNSET:
+ jb_set_string(js, "cmd", "unset");
+ break;
+ case DETECT_FLOWBITS_CMD_TOGGLE:
+ jb_set_string(js, "cmd", "toggle");
+ break;
+ }
+ bool is_or = false;
+ jb_open_array(js, "names");
+ if (cd->or_list_size == 0) {
+ jb_append_string(js, VarNameStoreSetupLookup(cd->idx, VAR_TYPE_FLOW_BIT));
+ } else if (cd->or_list_size > 0) {
+ is_or = true;
+ for (uint8_t i = 0; i < cd->or_list_size; i++) {
+ const char *varname =
+ VarNameStoreSetupLookup(cd->or_list[i], VAR_TYPE_FLOW_BIT);
+ jb_append_string(js, varname);
+ }
+ }
+ jb_close(js); // array
+ if (is_or) {
+ jb_set_string(js, "operator", "or");
+ }
+ jb_close(js); // object
+ break;
+ }
}
jb_close(js);
projects / thirdparty / suricata.git / commitdiff
