detect: SYN flags

Add funcs to see if a rule needs a SYN flag in the packet.
11 years ago · b7d81fc3b0
parent f720dfd21e
commit b7d81fc3b0
2 changed files with 41 additions and 0 deletions
--- a/src/detect-flags.c
+++ b/src/detect-flags.c
@ -522,6 +522,44 @@ static void DetectFlagsFree(void *de_ptr)
    if(de) SCFree(de);
 }

+int DetectFlagsSignatureNeedsSynPackets(const Signature *s)
+{
+    const SigMatch *sm;
+    for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
+        switch (sm->type) {
+            case DETECT_FLAGS:
+            {
+                const DetectFlagsData *fl = (const DetectFlagsData *)sm->ctx;
+
+                if (!(fl->modifier == MODIFIER_NOT) && (fl->flags & TH_SYN)) {
+                    return 1;
+                }
+                break;
+            }
+        }
+    }
+    return 0;
+}
+
+int DetectFlagsSignatureNeedsSynOnlyPackets(const Signature *s)
+{
+    const SigMatch *sm;
+    for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
+        switch (sm->type) {
+            case DETECT_FLAGS:
+            {
+                const DetectFlagsData *fl = (const DetectFlagsData *)sm->ctx;
+
+                if (!(fl->modifier == MODIFIER_NOT) && (fl->flags == TH_SYN)) {
+                    return 1;
+                }
+                break;
+            }
+        }
+    }
+    return 0;
+}
+
 /*
 * ONLY TESTS BELOW THIS COMMENT
 */
--- a/src/detect-flags.h
+++ b/src/detect-flags.h
@ -56,4 +56,7 @@ void DetectFlagsRegister (void);

 void FlagsRegisterTests(void);

+int DetectFlagsSignatureNeedsSynPackets(const Signature *s);
+int DetectFlagsSignatureNeedsSynOnlyPackets(const Signature *s);
+
 #endif /*__DETECT_FLAGS_H__ */