From: Jeff Lucovsky Date: Sun, 3 May 2020 12:55:04 +0000 (-0400) Subject: detect: Add utility module for byte var handling X-Git-Tag: suricata-6.0.0-beta1~210 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ac01adc2607f4404afe6a7ced63630c16ff303e3;p=thirdparty%2Fsuricata.git detect: Add utility module for byte var handling --- diff --git a/src/Makefile.am b/src/Makefile.am index 8d08296451..c40274eef7 100755 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -96,6 +96,7 @@ detect-asn1.c detect-asn1.h \ detect-base64-data.c detect-base64-data.h \ detect-base64-decode.c detect-base64-decode.h \ detect-bsize.c detect-bsize.h \ +detect-byte.c detect-byte.h \ detect-byte-extract.c detect-byte-extract.h \ detect-bytejump.c detect-bytejump.h \ detect-bytetest.c detect-bytetest.h \ diff --git a/src/detect-byte.c b/src/detect-byte.c new file mode 100644 index 0000000000..1fb2170b6e --- /dev/null +++ b/src/detect-byte.c @@ -0,0 +1,47 @@ +/* Copyright (C) 2020 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * \author Jeff Lucovsky + */ + +#include "suricata-common.h" +#include "detect-byte.h" +#include "detect-byte-extract.h" + +/** + * \brief Used to retrieve args from BM. + * + * \param arg The name of the variable being sought + * \param s The signature to check for the variable + * \param index When found, the value of the slot within the byte vars + * + * \retval true A match for the variable was found. + * \retval false + */ +bool DetectByteRetrieveSMVar(const char *arg, const Signature *s, DetectByteIndexType *index) +{ + SigMatch *bed_sm = DetectByteExtractRetrieveSMVar(arg, s); + if (bed_sm != NULL) { + *index = ((DetectByteExtractData *)bed_sm->ctx)->local_id; + return true; + } + + return false; +} diff --git a/src/detect-byte.h b/src/detect-byte.h new file mode 100644 index 0000000000..a43ccf0b8b --- /dev/null +++ b/src/detect-byte.h @@ -0,0 +1,30 @@ +/* Copyright (C) 2020 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * \author Jeff Lucovsky + */ + +#ifndef __DETECT_BYTE_H__ +#define __DETECT_BYTE_H__ +typedef uint8_t DetectByteIndexType; + +bool DetectByteRetrieveSMVar(const char *, const Signature *, DetectByteIndexType *); + +#endif /* __DETECT_BYTE_H__ */