Added support at Flowints for keywords isset and notset

16 years ago · c6c7742464
parent a8d7b71490
commit c6c7742464
5 changed files with 1081 additions and 406 deletions
--- a/src/detect-flowint.c
+++ b/src/detect-flowint.c
--- a/src/detect-flowint.h
+++ b/src/detect-flowint.h
@ -15,8 +15,9 @@ enum {
    FLOWINT_MODIFIER_NE,
    FLOWINT_MODIFIER_GE,
    FLOWINT_MODIFIER_GT,
-    /** Checking if a var isset (keyword isset)*/
-    FLOWINT_MODIFIER_IS,
+    /** Checking if a var is set (keyword isset/notset)*/
+    FLOWINT_MODIFIER_ISSET,
+    FLOWINT_MODIFIER_NOTSET,

    FLOWINT_MODIFIER_UNKNOWN
 };
@ -37,17 +38,22 @@ typedef struct TargetVar_ {

 /** Context data for flowint vars */
 typedef struct DetectFlowintData_ {
-    char *name;                 /* This is the main var we are going to use
-                                 * against the target */
+    /* This is the main var we are going to use
+    * against the target */
+    char *name;
+    /* Internal id of the var */
    uint16_t idx;

-    uint8_t modifier;           /* The modifier/operation/condition we are
-                                 * going to execute */
-
+    /* The modifier/operation/condition we are
+    * going to execute */
+    uint8_t modifier;
    uint8_t targettype;
+
    union {
-        uint32_t value;         /* the target value */
-        TargetVar tvar;         /* or the target var */
+        /* the target value */
+        uint32_t value;
+        /* or the target var */
+        TargetVar tvar;
    } target;
 } DetectFlowintData;

--- a/src/flow-var.c
+++ b/src/flow-var.c
@ -124,10 +124,11 @@ void FlowVarPrint(GenericVar *gv) {
                    printf("\\%02X", fv->data.fv_str.value[i]);
            }
            printf("\", Len \"%" PRIu32 "\"\n", fv->data.fv_str.value_len);
-        }
-        if (fv->datatype == FLOWVAR_TYPE_INT) {
+        } else if (fv->datatype == FLOWVAR_TYPE_INT) {
            printf("Name idx \"%" PRIu32 "\", Value \"%" PRIu32 "\"", fv->idx,
                    fv->data.fv_int.value);
+        } else {
+            printf("Unknown data type at flowvars\n");
        }
    }
    FlowVarPrint(gv->next);
--- a/src/flow-var.h
+++ b/src/flow-var.h
@ -1,5 +1,11 @@
-/* Copyright (c) 2008 Victor Julien <victor@inliniac.net> */
-/* Copyright (c) 2009 Pablo Rincon <pablo.rincon.crespo@gmail.com> */
+/** Copyright(c) 2009 Open Information Security Foundation.
+ *
+ * \author Victor Julien <victor@inliniac.net>
+ * \author Pablo Rincon <pablo.rincon.crespo@gmail.com>
+ *
+ * Flow level variable support for complex detection rules
+ * Supported types atm are String and Integers
+ */

 #ifndef __FLOW_VAR_H__
 #define __FLOW_VAR_H__
--- a/src/util-var-name.c
+++ b/src/util-var-name.c
@ -104,27 +104,3 @@ error:
    return 0;
 }

-/** We need to use this at flowints/flowvars
- *  Need to support options "isset" and "!isset"
- *  return 0 if not set, the idx if it's set */
-uint8_t VariableNameIsSet(DetectEngineCtx *de_ctx, char *name, uint8_t type) {
-    VariableName *fn = malloc(sizeof(VariableName));
-    uint8_t result = 0;
-    if (fn == NULL)
-        goto end;
-
-    memset(fn, 0, sizeof(VariableName));
-
-    fn->type = type;
-    fn->name = strdup(name);
-    if (fn->name == NULL)
-        goto end;
-
-    VariableName *lookup_fn = (VariableName *)HashListTableLookup(de_ctx->variable_names, (void *)fn, 0);
-    if (lookup_fn != NULL)
-        result = lookup_fn->idx;
-
-end:
-    VariableNameFree(fn);
-    return result;
-}