detect: SYN flags

Add funcs to see if a rule needs a SYN flag in the packet.

diff --git a/src/detect-flags.c b/src/detect-flags.c
index b5b1840a82b9ef7f79a3a83a2028273ac2a9bab7..51768f1797cc3c34708ffdb767d566e84c60e75a 100644 (file)
--- a/src/detect-flags.c
+++ b/src/detect-flags.c
@@ -522,6 +522,44 @@ static void DetectFlagsFree(void *de_ptr)
     if(de) SCFree(de);
 }
 
+int DetectFlagsSignatureNeedsSynPackets(const Signature *s)
+{
+    const SigMatch *sm;
+    for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
+        switch (sm->type) {
+            case DETECT_FLAGS:
+            {
+                const DetectFlagsData *fl = (const DetectFlagsData *)sm->ctx;
+
+                if (!(fl->modifier == MODIFIER_NOT) && (fl->flags & TH_SYN)) {
+                    return 1;
+                }
+                break;
+            }
+        }
+    }
+    return 0;
+}
+
+int DetectFlagsSignatureNeedsSynOnlyPackets(const Signature *s)
+{
+    const SigMatch *sm;
+    for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
+        switch (sm->type) {
+            case DETECT_FLAGS:
+            {
+                const DetectFlagsData *fl = (const DetectFlagsData *)sm->ctx;
+
+                if (!(fl->modifier == MODIFIER_NOT) && (fl->flags == TH_SYN)) {
+                    return 1;
+                }
+                break;
+            }
+        }
+    }
+    return 0;
+}
+
 /*
  * ONLY TESTS BELOW THIS COMMENT
  */

diff --git a/src/detect-flags.h b/src/detect-flags.h
index 0eaaa28214c684270271f06d9fc6aa87be6313a9..333ed910215c5e1a3498a33ef52d64016970c353 100644 (file)
--- a/src/detect-flags.h
+++ b/src/detect-flags.h
@@ -56,4 +56,7 @@ void DetectFlagsRegister (void);
 
 void FlagsRegisterTests(void);
 
+int DetectFlagsSignatureNeedsSynPackets(const Signature *s);
+int DetectFlagsSignatureNeedsSynOnlyPackets(const Signature *s);
+
 #endif /*__DETECT_FLAGS_H__ */