detect: add comparison-mode LTE/GTE for Detect(U32/u8)Data

4 years ago · b80cdae1df
parent c3075cba42
commit b80cdae1df
2 changed files with 42 additions and 4 deletions
--- a/src/detect-engine-uint.c
+++ b/src/detect-engine-uint.c
@ -49,11 +49,21 @@ int DetectU32Match(const uint32_t parg, const DetectU32Data *du32)
                return 1;
            }
            return 0;
+        case DETECT_UINT_LTE:
+            if (parg <= du32->arg1) {
+                return 1;
+            }
+            return 0;
        case DETECT_UINT_GT:
            if (parg > du32->arg1) {
                return 1;
            }
            return 0;
+        case DETECT_UINT_GTE:
+            if (parg >= du32->arg1) {
+                return 1;
+            }
+            return 0;
        case DETECT_UINT_RA:
            if (parg > du32->arg1 && parg < du32->arg2) {
                return 1;
@ -137,9 +147,17 @@ DetectU32Data *DetectU32Parse (const char *u32str)
                    return NULL;

                if (arg2[0] == '<') {
-                    u32da.mode = DETECT_UINT_LT;
+                    if (arg2[1] == '=') {
+                        u32da.mode = DETECT_UINT_LTE;
+                    } else {
+                        u32da.mode = DETECT_UINT_LT;
+                    }
                } else { // arg2[0] == '>'
-                    u32da.mode = DETECT_UINT_GT;
+                    if (arg2[1] == '=') {
+                        u32da.mode = DETECT_UINT_GTE;
+                    } else {
+                        u32da.mode = DETECT_UINT_GT;
+                    }
                }
                break;
            case '-':
@ -244,11 +262,21 @@ int DetectU8Match(const uint8_t parg, const DetectU8Data *du8)
                return 1;
            }
            return 0;
+        case DETECT_UINT_LTE:
+            if (parg <= du8->arg1) {
+                return 1;
+            }
+            return 0;
        case DETECT_UINT_GT:
            if (parg > du8->arg1) {
                return 1;
            }
            return 0;
+        case DETECT_UINT_GTE:
+            if (parg >= du8->arg1) {
+                return 1;
+            }
+            return 0;
        case DETECT_UINT_RA:
            if (parg > du8->arg1 && parg < du8->arg2) {
                return 1;
@ -328,9 +356,17 @@ DetectU8Data *DetectU8Parse (const char *u8str)
                    return NULL;

                if (arg2[0] == '<') {
-                    u8da.mode = DETECT_UINT_LT;
+                    if (arg2[1] == '=') {
+                        u8da.mode = DETECT_UINT_LTE;
+                    } else {
+                        u8da.mode = DETECT_UINT_LT;
+                    }
                } else { // arg2[0] == '>'
-                    u8da.mode = DETECT_UINT_GT;
+                    if (arg2[1] == '=') {
+                        u8da.mode = DETECT_UINT_GTE;
+                    } else {
+                        u8da.mode = DETECT_UINT_GT;
+                    }
                }
                break;
            case '-':
--- a/src/detect-engine-uint.h
+++ b/src/detect-engine-uint.h
@ -31,6 +31,8 @@ typedef enum {
    DETECT_UINT_EQ,
    DETECT_UINT_GT,
    DETECT_UINT_RA,
+    DETECT_UINT_LTE,
+    DETECT_UINT_GTE,
 } DetectUintMode;

 typedef struct DetectU32Data_ {