From: Victor Julien Date: Wed, 7 Oct 2015 13:38:58 +0000 (+0200) Subject: detect: SYN flags X-Git-Tag: suricata-3.1RC1~383 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b7d81fc3b024412ba0975e9bb691ea6f74924319;p=thirdparty%2Fsuricata.git detect: SYN flags Add funcs to see if a rule needs a SYN flag in the packet. --- diff --git a/src/detect-flags.c b/src/detect-flags.c index b5b1840a82..51768f1797 100644 --- a/src/detect-flags.c +++ b/src/detect-flags.c @@ -522,6 +522,44 @@ static void DetectFlagsFree(void *de_ptr) if(de) SCFree(de); } +int DetectFlagsSignatureNeedsSynPackets(const Signature *s) +{ + const SigMatch *sm; + for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { + switch (sm->type) { + case DETECT_FLAGS: + { + const DetectFlagsData *fl = (const DetectFlagsData *)sm->ctx; + + if (!(fl->modifier == MODIFIER_NOT) && (fl->flags & TH_SYN)) { + return 1; + } + break; + } + } + } + return 0; +} + +int DetectFlagsSignatureNeedsSynOnlyPackets(const Signature *s) +{ + const SigMatch *sm; + for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { + switch (sm->type) { + case DETECT_FLAGS: + { + const DetectFlagsData *fl = (const DetectFlagsData *)sm->ctx; + + if (!(fl->modifier == MODIFIER_NOT) && (fl->flags == TH_SYN)) { + return 1; + } + break; + } + } + } + return 0; +} + /* * ONLY TESTS BELOW THIS COMMENT */ diff --git a/src/detect-flags.h b/src/detect-flags.h index 0eaaa28214..333ed91021 100644 --- a/src/detect-flags.h +++ b/src/detect-flags.h @@ -56,4 +56,7 @@ void DetectFlagsRegister (void); void FlagsRegisterTests(void); +int DetectFlagsSignatureNeedsSynPackets(const Signature *s); +int DetectFlagsSignatureNeedsSynOnlyPackets(const Signature *s); + #endif /*__DETECT_FLAGS_H__ */