1 /* 2 ** Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved. 3 ** Copyright (C) 2010-2013 Sourcefire, Inc. 4 ** Author: Ryan Jordan <ryan.jordan@sourcefire.com> 5 ** 6 ** This program is free software; you can redistribute it and/or modify 7 ** it under the terms of the GNU General Public License Version 2 as 8 ** published by the Free Software Foundation. You may not use, modify or 9 ** distribute this program under any other version of the GNU General 10 ** Public License. 11 ** 12 ** This program is distributed in the hope that it will be useful, 13 ** but WITHOUT ANY WARRANTY; without even the implied warranty of 14 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 ** GNU General Public License for more details. 16 ** 17 ** You should have received a copy of the GNU General Public License 18 ** along with this program; if not, write to the Free Software 19 ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 */ 21 22 #ifndef __SP_BYTE_EXTRACT_H__ 23 #define __SP_BYTE_EXTRACT_H__ 24 25 #include "decode.h" 26 #include "plugbase.h" 27 28 #define BYTE_EXTRACT_SUCCESS 1 29 #define BYTE_EXTRACT_FAILURE -1 30 31 #define NUM_BYTE_EXTRACT_VARS 2 32 #define BYTE_EXTRACT_NO_VAR -1 33 #define BYTE_EXTRACT_INVALID_ERR_FMT "Rule option %s uses an undefined byte_extract variable name (%s)." //format: rule name, variable name 34 #define MAX_BYTES_TO_GRAB 4 35 #define MAX_BYTES_TO_EXTRACT 10 36 37 #define MIN_BYTE_EXTRACT_OFFSET -65535 38 #define MAX_BYTE_EXTRACT_OFFSET 65535 39 #define MIN_BYTE_EXTRACT_MULTIPLIER 1 40 #define MAX_BYTE_EXTRACT_MULTIPLIER 65535 41 42 typedef struct _ByteExtractData 43 { 44 uint32_t bytes_to_grab; 45 int32_t offset; 46 uint8_t relative_flag; 47 uint8_t data_string_convert_flag; 48 uint8_t align; 49 int8_t endianess; 50 uint32_t base; 51 uint32_t multiplier; 52 int8_t var_number; 53 char *name; 54 RuleOptByteOrderFunc byte_order_func; 55 uint32_t bitmask_val; 56 } ByteExtractData; 57 58 void SetupByteExtract(void); 59 uint32_t ByteExtractHash(void *d); 60 int ByteExtractCompare(void *l, void *r); 61 int DetectByteExtract(void *, Packet *); 62 void ByteExtractFree(void *d); 63 64 void isvalidstr(char *str,char *feature); 65 int8_t GetVarByName(char *name); 66 void ClearVarNames(OptFpList *fpl); 67 int8_t AddVarNameToList(ByteExtractData *data); 68 69 int GetByteExtractValue(uint32_t *dst, int8_t var_number); 70 int SetByteExtractValue(uint32_t value, int8_t var_number); 71 72 uint32_t getNumberTailingZerosInBitmask(uint32_t); 73 int numBytesInBitmask(uint32_t ); 74 void RuleOptionBitmaskParse(uint32_t* , char *, uint32_t ,char* ); 75 76 #endif /* __SP_BYTE_EXTRACT_H__ */ 77