/** * \brief this function is used to parse filesize data into the current signature * * \param de_ctx pointer to the Detection Engine Context * \param s pointer to the Current Signature * \param str pointer to the user provided options * * \retval 0 on Success * \retval -1 on Failure */ static int DetectFilesizeSetup (DetectEngineCtx *de_ctx, Signature *s, char *str) { SCEnter(); DetectFilesizeData *fsd = NULL; SigMatch *sm = NULL; fsd = DetectFilesizeParse(str); if (fsd == NULL) goto error; sm = SigMatchAlloc(); if (sm == NULL) goto error; sm->type = DETECT_FILESIZE; sm->ctx = (SigMatchCtx *)fsd; SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH); s->file_flags |= (FILE_SIG_NEED_FILE|FILE_SIG_NEED_SIZE); SCReturnInt(0); error: if (fsd != NULL) DetectFilesizeFree(fsd); if (sm != NULL) SCFree(sm); SCReturnInt(-1); }
/** \test Test the Filesize keyword setup */ static int DetectFilesizeParseTest03(void) { int ret = 0; DetectFilesizeData *fsd = NULL; fsd = DetectFilesizeParse(" > 10 "); if (fsd != NULL) { if (fsd->size1 == 10 && fsd->mode == DETECT_FILESIZE_GT) ret = 1; DetectFilesizeFree(fsd); } return ret; }
/** * \brief this function is used to parse filesize data into the current signature * * \param de_ctx pointer to the Detection Engine Context * \param s pointer to the Current Signature * \param str pointer to the user provided options * * \retval 0 on Success * \retval -1 on Failure */ static int DetectFilesizeSetup (DetectEngineCtx *de_ctx, Signature *s, char *str) { SCEnter(); DetectFilesizeData *fsd = NULL; SigMatch *sm = NULL; fsd = DetectFilesizeParse(str); if (fsd == NULL) goto error; sm = SigMatchAlloc(); if (sm == NULL) goto error; sm->type = DETECT_FILESIZE; sm->ctx = (void *)fsd; SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH); if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) { SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords."); goto error; } AppLayerHtpNeedFileInspection(); /** \todo remove this once we support more than http */ s->alproto = ALPROTO_HTTP; s->file_flags |= (FILE_SIG_NEED_FILE|FILE_SIG_NEED_SIZE); SCReturnInt(0); error: if (fsd != NULL) DetectFilesizeFree(fsd); if (sm != NULL) SCFree(sm); SCReturnInt(-1); }