detect/tcp: add tcp.<field> notation variants

6 years ago · 47919fd0e4
parent 0cecb1c3b2
commit 47919fd0e4
4 changed files with 8 additions and 4 deletions
--- a/src/detect-ack.c
+++ b/src/detect-ack.c
@ -53,7 +53,8 @@ static _Bool PrefilterTcpAckIsPrefilterable(const Signature *s);

 void DetectAckRegister(void)
 {
-    sigmatch_table[DETECT_ACK].name = "ack";
+    sigmatch_table[DETECT_ACK].name = "tcp.ack";
+    sigmatch_table[DETECT_ACK].alias = "ack";
    sigmatch_table[DETECT_ACK].desc = "check for a specific TCP acknowledgement number";
    sigmatch_table[DETECT_ACK].url = DOC_URL DOC_VERSION "/rules/header-keywords.html#ack";
    sigmatch_table[DETECT_ACK].Match = DetectAckMatch;
--- a/src/detect-flags.c
+++ b/src/detect-flags.c
@ -72,7 +72,8 @@ static int PrefilterSetupTcpFlags(DetectEngineCtx *de_ctx, SigGroupHead *sgh);

 void DetectFlagsRegister (void)
 {
-    sigmatch_table[DETECT_FLAGS].name = "flags";
+    sigmatch_table[DETECT_FLAGS].name = "tcp.flags";
+    sigmatch_table[DETECT_FLAGS].alias = "flags";
    sigmatch_table[DETECT_FLAGS].Match = DetectFlagsMatch;
    sigmatch_table[DETECT_FLAGS].Setup = DetectFlagsSetup;
    sigmatch_table[DETECT_FLAGS].Free  = DetectFlagsFree;
--- a/src/detect-seq.c
+++ b/src/detect-seq.c
@ -50,7 +50,8 @@ static _Bool PrefilterTcpSeqIsPrefilterable(const Signature *s);

 void DetectSeqRegister(void)
 {
-    sigmatch_table[DETECT_SEQ].name = "seq";
+    sigmatch_table[DETECT_SEQ].name = "tcp.seq";
+    sigmatch_table[DETECT_SEQ].alias = "seq";
    sigmatch_table[DETECT_SEQ].desc = "check for a specific TCP sequence number";
    sigmatch_table[DETECT_SEQ].url = DOC_URL DOC_VERSION "/rules/header-keywords.html#seq";
    sigmatch_table[DETECT_SEQ].Match = DetectSeqMatch;
--- a/src/detect-window.c
+++ b/src/detect-window.c
@ -58,7 +58,8 @@ void DetectWindowFree(void *);
 */
 void DetectWindowRegister (void)
 {
-    sigmatch_table[DETECT_WINDOW].name = "window";
+    sigmatch_table[DETECT_WINDOW].name = "tcp.window";
+    sigmatch_table[DETECT_WINDOW].alias = "window";
    sigmatch_table[DETECT_WINDOW].desc = "check for a specific TCP window size";
    sigmatch_table[DETECT_WINDOW].url = DOC_URL DOC_VERSION "/rules/header-keywords.html#window";
    sigmatch_table[DETECT_WINDOW].Match = DetectWindowMatch;