/*
* Jump extracted value from data
*
* Return 1 if cursor in bounds
* Return 0 if cursor out of bounds
* Return < 0 if error
*/
ENGINE_LINKAGE int byteJump(void *p, ByteData *byteData, u_int8_t **cursor)
{
int ret;
u_int32_t readValue;
u_int32_t jumpValue;
SFSnortPacket *sp = (SFSnortPacket *) p;
ret = extractValueInternal(sp, byteData, &readValue, *cursor);
if ( ret < 0 )
return ret;
if (byteData->multiplier)
jumpValue = readValue * byteData->multiplier;
else
jumpValue = readValue;
if (byteData->flags & JUMP_ALIGN)
{
if ((jumpValue % 4) != 0)
{
jumpValue += (4 - (jumpValue % 4));
}
}
if (!(byteData->flags & JUMP_FROM_BEGINNING))
{
jumpValue += byteData->bytes + byteData->offset;
}
ret = setCursorInternal(sp, byteData->flags, jumpValue, cursor);
return ret;
}
/*
* Extract value, store in byteExtract->memoryLocation
*
* Return 1 if success
* Return 0 if can't extract.
*/
ENGINE_LINKAGE int extractValue(void *p, ByteExtract *byteExtract, const uint8_t *cursor)
{
ByteData byteData;
int ret;
uint32_t extracted = 0;
uint32_t *location = (uint32_t *)byteExtract->memoryLocation;
byteData.bytes = byteExtract->bytes;
byteData.flags = byteExtract->flags;
byteData.multiplier = byteExtract->multiplier;
byteData.offset = byteExtract->offset;
/* The following fields are not used, but must be zeroed out. */
byteData.op = 0;
byteData.value = 0;
byteData.offset_refId = 0;
byteData.value_refId = 0;
byteData.offset_location = 0;
byteData.value_location = 0;
ret = extractValueInternal(p, &byteData, &extracted, cursor);
if (byteExtract->flags & NOT_FLAG)
ret = invertMatchResult(ret);
if (ret > 0)
{
if ((byteExtract->align == 2) || (byteExtract->align == 4))
{
extracted = extracted + byteExtract->align - (extracted % byteExtract->align);
}
*location = extracted;
}
return ret;
}
/*
* Check byteData->value against extracted value from data
*
* Return 1 if check is true (e.g. value > byteData.value)
* Return 0 if check is not true.
*/
ENGINE_LINKAGE int byteTest(void *p, ByteData *byteData, u_int8_t *cursor)
{
int ret;
u_int32_t value;
SFSnortPacket *sp = (SFSnortPacket *) p;
ret = extractValueInternal(sp, byteData, &value, cursor);
if ( ret < 0 )
return 0;
ret = checkValue(sp, byteData, value, cursor);
return ret;
}
/*
* Check byteData->value against extracted value from data
*
* Return 1 if check is true (e.g. value > byteData.value)
* Return 0 if check is not true.
*/
static int byteTestInternal(void *p, ByteData *byteData, const uint8_t *cursor)
{
int ret;
uint32_t value;
SFSnortPacket *sp = (SFSnortPacket *) p;
ret = extractValueInternal(sp, byteData, &value, cursor);
if ( ret < 0 )
return 0;
ret = checkValue(sp, byteData, value, cursor);
return ret;
}
/*
* Extract value, store in byteExtract->memoryLocation
*
* Return 1 if success
* Return 0 if can't extract.
*/
ENGINE_LINKAGE int extractValue(void *p, ByteExtract *byteExtract, u_int8_t *cursor)
{
ByteData byteData;
int ret;
u_int32_t extracted = 0;
u_int32_t *location = (u_int32_t *)byteExtract->memoryLocation;
byteData.bytes = byteExtract->bytes;
byteData.flags = byteExtract->flags;
byteData.multiplier = byteExtract->multiplier;
byteData.offset = byteExtract->offset;
byteData.op = 0; /* Not used */
byteData.value = 0; /* Not used */
ret = extractValueInternal(p, &byteData, &extracted, cursor);
if (ret > 0)
{
*location = extracted;
}
return ret;
}
