Main Page | Modules | Class List | Directories | File List | Class Members | File Members | Related Pages
src / detection-plugins

sp_flowbits.c File Reference

#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <sys/types.h>
#include "rules.h"
#include "decode.h"
#include "plugbase.h"
#include "parser.h"
#include "debug.h"
#include "util.h"
#include "plugin_enum.h"
#include "snort.h"
#include "flow.h"
#include "bitop.h"
#include "sfghash.h"
#include "spp_flow.h"

Go to the source code of this file.

Defines

#define FLOWBITS_SET   0x01
#define FLOWBITS_UNSET   0x02
#define FLOWBITS_TOGGLE   0x04
#define FLOWBITS_ISSET   0x08
#define FLOWBITS_ISNOTSET   0x10
#define FLOWBITS_RESET   0x20
#define FLOWBITS_NOALERT   0x40

Typedefs

typedef _FLOWBITS_OBJECT FLOWBITS_OBJECT
typedef _FLOWBITS_OP FLOWBITS_OP

Functions

static void FlowBitsInit (char *, OptTreeNode *, int)
static void FlowBitsParse (char *, FLOWBITS_OP *, OptTreeNode *)
static int FlowBitsCheck (Packet *, struct _OptTreeNode *, OptFpList *)
void SetupFlowBits ()
static int ResetFlowbits (Packet *p)
static FLOWDATAGetFlowbitsData (Packet *p)
void FlowBitsVerify (void)

Variables

unsigned int giFlowbitSize
static u_int32_t flowbits_count = 0
static SFGHASHflowbits_hash

Define Documentation

#define FLOWBITS_ISNOTSET   0x10
 

Definition at line 84 of file sp_flowbits.c.

Referenced by FlowBitsCheck(), FlowBitsParse(), and FlowBitsVerify().

#define FLOWBITS_ISSET   0x08
 

Definition at line 83 of file sp_flowbits.c.

Referenced by FlowBitsCheck(), FlowBitsParse(), and FlowBitsVerify().

#define FLOWBITS_NOALERT   0x40
 

Definition at line 86 of file sp_flowbits.c.

Referenced by FlowBitsCheck(), and FlowBitsParse().

#define FLOWBITS_RESET   0x20
 

Definition at line 85 of file sp_flowbits.c.

Referenced by FlowBitsCheck(), and FlowBitsParse().

#define FLOWBITS_SET   0x01
 

Definition at line 80 of file sp_flowbits.c.

Referenced by FlowBitsCheck(), FlowBitsParse(), and FlowBitsVerify().

#define FLOWBITS_TOGGLE   0x04
 

Definition at line 82 of file sp_flowbits.c.

Referenced by FlowBitsCheck(), and FlowBitsParse().

#define FLOWBITS_UNSET   0x02
 

Definition at line 81 of file sp_flowbits.c.

Referenced by FlowBitsCheck(), and FlowBitsParse().

Typedef Documentation

typedef struct _FLOWBITS_OBJECT FLOWBITS_OBJECT
 

The FLOWBITS_OBJECT is used to track the different flowbit names that set/unset/etc. bits. We use these so that we can verify that the rules that use flowbits make sense.

The types element tracks all the different operations that may occur for a given object. This is different from how the type element is used from the FLOWBITS_ITEM structure.

typedef struct _FLOWBITS_OP FLOWBITS_OP
 

This structure is the context ptr for each detection option on a rule. The id is associated with a FLOWBITS_OBJECT id.

The type element track only one operation.

Function Documentation

static int FlowBitsCheck Packet ,
struct _OptTreeNode ,
OptFpList
[static]
 

Definition at line 418 of file sp_flowbits.c.

References boClearBit(), _FLOWDATA::boFlowbits, boIsBitSet(), boResetBITOP(), boSetBit(), _OptFpList::context, DEBUG_PLUGIN, DEBUG_WRAP, FLOWBITS_ISNOTSET, FLOWBITS_ISSET, FLOWBITS_NOALERT, FLOWBITS_RESET, FLOWBITS_SET, FLOWBITS_TOGGLE, FLOWBITS_UNSET, GetFlowbitsData(), _FLOWBITS_OP::id, _OptFpList::next, _OptFpList::OptTestFunc, and _FLOWBITS_OP::type.

Referenced by FlowBitsInit().

static void FlowBitsInit char *  ,
OptTreeNode ,
int 
[static]
 

Definition at line 139 of file sp_flowbits.c.

References AddOptFuncToList(), _OptFpList::context, FatalError(), file_line, file_name, FlowBitsCheck(), FlowBitsParse(), LogMessage(), SnortAlloc(), and SppFlowIsRunning().

Referenced by SetupFlowBits().

static void FlowBitsParse char *  ,
FLOWBITS_OP ,
OptTreeNode
[static]
 

Definition at line 180 of file sp_flowbits.c.

References DEBUG_PLUGIN, DEBUG_WRAP, FatalError(), file_line, file_name, flowbits_count, FLOWBITS_ISNOTSET, FLOWBITS_ISSET, FLOWBITS_NOALERT, FLOWBITS_RESET, FLOWBITS_SET, FLOWBITS_TOGGLE, FLOWBITS_UNSET, giFlowbitSize, _FLOWBITS_OBJECT::id, _FLOWBITS_OP::id, NULL, sfghash_add(), sfghash_find(), SnortAlloc(), strncasecmp, _FLOWBITS_OP::type, and _FLOWBITS_OBJECT::types.

Referenced by FlowBitsInit().

void FlowBitsVerify void   ) 
 

Definition at line 533 of file sp_flowbits.c.

References _sfghash_node::data, FLOWBITS_ISNOTSET, FLOWBITS_ISSET, FLOWBITS_SET, _sfghash_node::key, LogMessage(), sfghash_findfirst(), sfghash_findnext(), and _FLOWBITS_OBJECT::types.

Referenced by SnortMain().

static FLOWDATA* GetFlowbitsData Packet p  )  [static]
 

This function initializes/retrieves flowbits data that is associated with a given flow.

Definition at line 373 of file sp_flowbits.c.

References _FLOWDATA::boFlowbits, boResetBITOP(), _FLOW::data, _Packet::flow, NULL, and ResetFlowbits().

Referenced by FlowBitsCheck().

static int ResetFlowbits Packet p  )  [static]
 

Definition at line 335 of file sp_flowbits.c.

References _Packet::packet_flags, PKT_STREAM_EST, _Session::session_flags, SSNFLAG_SEEN_CLIENT, SSNFLAG_SEEN_SERVER, and _Packet::ssnptr.

Referenced by GetFlowbitsData().

void SetupFlowBits  ) 
 

Definition at line 112 of file sp_flowbits.c.

References DEBUG_PLUGIN, DEBUG_WRAP, FatalError(), FlowBitsInit(), RegisterPlugin(), and sfghash_new().

Referenced by InitPlugIns().

Variable Documentation

u_int32_t flowbits_count = 0 [static]
 

Definition at line 90 of file sp_flowbits.c.

Referenced by FlowBitsParse().

SFGHASH* flowbits_hash [static]
 

Definition at line 91 of file sp_flowbits.c.

unsigned int giFlowbitSize
 

Definition at line 78 of file spp_flow.c.

Referenced by FlowBitsParse(), FlowInit(), and ProcessFlowbitsSize().

Generated on Sun May 14 14:51:22 2006 by  doxygen 1.4.2