Added support at Flowints for keywords isset and notset

16 years ago · c6c7742464
parent a8d7b71490
commit c6c7742464
5 changed files with 1081 additions and 406 deletions
--- a/src/detect-flowint.c
+++ b/src/detect-flowint.c
--- a/src/detect-flowint.h
+++ b/src/detect-flowint.h
@ -15,8 +15,9 @@ enum {
    FLOWINT_MODIFIER_NE,
    FLOWINT_MODIFIER_GE,
    FLOWINT_MODIFIER_GT,
-    /** Checking if a var isset (keyword isset)*/
+    /** Checking if a var is set (keyword isset/notset)*/
-    FLOWINT_MODIFIER_IS,
+    FLOWINT_MODIFIER_ISSET,
    FLOWINT_MODIFIER_NOTSET,
    FLOWINT_MODIFIER_UNKNOWN
 };
@ -37,17 +38,22 @@ typedef struct TargetVar_ {
 /** Context data for flowint vars */
 typedef struct DetectFlowintData_ {
-    char *name;                 /* This is the main var we are going to use
+    /* This is the main var we are going to use
-                                 * against the target */
+    * against the target */
    char *name;
    /* Internal id of the var */
    uint16_t idx;
-    uint8_t modifier;           /* The modifier/operation/condition we are
+    /* The modifier/operation/condition we are
-                                 * going to execute */
+    * going to execute */
-
+    uint8_t modifier;
    uint8_t targettype;
    union {
-        uint32_t value;         /* the target value */
+        /* the target value */
-        TargetVar tvar;         /* or the target var */
+        uint32_t value;
        /* or the target var */
        TargetVar tvar;
    } target;
 } DetectFlowintData;
--- a/src/flow-var.c
+++ b/src/flow-var.c
@ -124,10 +124,11 @@ void FlowVarPrint(GenericVar *gv) {
                    printf("\\%02X", fv->data.fv_str.value[i]);
            }
            printf("\", Len \"%" PRIu32 "\"\n", fv->data.fv_str.value_len);
-        }
+        } else if (fv->datatype == FLOWVAR_TYPE_INT) {
        if (fv->datatype == FLOWVAR_TYPE_INT) {
            printf("Name idx \"%" PRIu32 "\", Value \"%" PRIu32 "\"", fv->idx,
                    fv->data.fv_int.value);
        } else {
            printf("Unknown data type at flowvars\n");
        }
    }
    FlowVarPrint(gv->next);
--- a/src/flow-var.h
+++ b/src/flow-var.h
@ -1,5 +1,11 @@
-/* Copyright (c) 2008 Victor Julien <victor@inliniac.net> */
+/** Copyright(c) 2009 Open Information Security Foundation.
-/* Copyright (c) 2009 Pablo Rincon <pablo.rincon.crespo@gmail.com> */
+ *
 * \author Victor Julien <victor@inliniac.net>
 * \author Pablo Rincon <pablo.rincon.crespo@gmail.com>
 *
 * Flow level variable support for complex detection rules
 * Supported types atm are String and Integers
 */
 #ifndef __FLOW_VAR_H__
 #define __FLOW_VAR_H__
--- a/src/util-var-name.c
+++ b/src/util-var-name.c
@ -104,27 +104,3 @@ error:
    return 0;
 }
 /** We need to use this at flowints/flowvars
 *  Need to support options "isset" and "!isset"
 *  return 0 if not set, the idx if it's set */
 uint8_t VariableNameIsSet(DetectEngineCtx *de_ctx, char *name, uint8_t type) {
    VariableName *fn = malloc(sizeof(VariableName));
    uint8_t result = 0;
    if (fn == NULL)
        goto end;
    memset(fn, 0, sizeof(VariableName));
    fn->type = type;
    fn->name = strdup(name);
    if (fn->name == NULL)
        goto end;
    VariableName *lookup_fn = (VariableName *)HashListTableLookup(de_ctx->variable_names, (void *)fn, 0);
    if (lookup_fn != NULL)
        result = lookup_fn->idx;
 end:
    VariableNameFree(fn);
    return result;
 }