Feature #494 » 0001-sig-Add-ipv6-and-ipv4-to-list-of-protocols.patch
| src/detect-engine-iponly.c | ||
|---|---|---|
|
if (bitarray & 0x01) {
|
||
|
Signature *s = de_ctx->sig_array[u * 8 + i];
|
||
|
if ((s->proto.flags & DETECT_PROTO_IPV4) && !PKT_IS_IPV4(p)) {
|
||
|
SCLogDebug("ip version didn't match");
|
||
|
continue;
|
||
|
}
|
||
|
if ((s->proto.flags & DETECT_PROTO_IPV6) && !PKT_IS_IPV6(p)) {
|
||
|
SCLogDebug("ip version didn't match");
|
||
|
continue;
|
||
|
}
|
||
|
if (DetectProtoContainsProto(&s->proto, p->proto) == 0) {
|
||
|
SCLogDebug("proto didn't match");
|
||
|
continue;
|
||
| src/detect-engine-proto.c | ||
|---|---|---|
|
proto = IPPROTO_SCTP;
|
||
|
dp->proto[proto / 8] |= 1 << (proto % 8);
|
||
|
SCLogDebug("SCTP protocol detected");
|
||
|
} else if (strcasecmp(str,"ipv4") == 0 ||
|
||
|
strcasecmp(str,"ip4") == 0 ) {
|
||
|
dp->flags |= DETECT_PROTO_IPV4;
|
||
|
memset(dp->proto, 0xff, sizeof(dp->proto));
|
||
|
SCLogDebug("IPv4 protocol detected");
|
||
|
} else if (strcasecmp(str,"ipv6") == 0 ||
|
||
|
strcasecmp(str,"ip6") == 0 ) {
|
||
|
dp->flags |= DETECT_PROTO_IPV6;
|
||
|
memset(dp->proto, 0xff, sizeof(dp->proto));
|
||
|
SCLogDebug("IPv6 protocol detected");
|
||
|
} else if (strcasecmp(str,"ip") == 0 ||
|
||
|
strcasecmp(str,"pkthdr") == 0) {
|
||
|
/* Proto "ip" is treated as an "any" */
|
||
| src/detect-engine-proto.h | ||
|---|---|---|
|
#ifndef __DETECT_PROTO_H__
|
||
|
#define __DETECT_PROTO_H__
|
||
|
#define DETECT_PROTO_ANY 0x01 /**< Indicate that given protocol
|
||
|
#define DETECT_PROTO_ANY 1 << 0 /**< Indicate that given protocol
|
||
|
is considered as IP */
|
||
|
#define DETECT_PROTO_ONLY_PKT 0x02 /**< Indicate that we only care
|
||
|
#define DETECT_PROTO_ONLY_PKT 1 << 1 /**< Indicate that we only care
|
||
|
about packet payloads. */
|
||
|
#define DETECT_PROTO_ONLY_STREAM 0x04 /**< Indicate that we only care
|
||
|
#define DETECT_PROTO_ONLY_STREAM 1 << 2 /**< Indicate that we only care
|
||
|
about stream payloads. */
|
||
|
#define DETECT_PROTO_IPV4 1 << 3 /**< IPv4 only */
|
||
|
#define DETECT_PROTO_IPV6 1 << 4 /**< IPv6 only */
|
||
|
typedef struct DetectProto_ {
|
||
|
uint8_t proto[256/8]; /**< bit array for 256 protocol bits */
|
||
| src/detect.c | ||
|---|---|---|
|
}
|
||
|
}
|
||
|
if ((s->proto.flags & DETECT_PROTO_IPV4) && !PKT_IS_IPV4(p)) {
|
||
|
SCLogDebug("ip version didn't match");
|
||
|
goto next;
|
||
|
}
|
||
|
if ((s->proto.flags & DETECT_PROTO_IPV6) && !PKT_IS_IPV6(p)) {
|
||
|
SCLogDebug("ip version didn't match");
|
||
|
goto next;
|
||
|
}
|
||
|
if (DetectProtoContainsProto(&s->proto, IP_GET_IPPROTO(p)) == 0) {
|
||
|
SCLogDebug("proto didn't match");
|
||
|
goto next;
|
||