detect-tls-validity: use flags for modes

Use flags for modes to support using multiple modes at the same time.
9 years ago · 07d2312d96
parent e6cf7ae8fa
commit 07d2312d96
2 changed files with 17 additions and 15 deletions
--- a/src/detect-tls-cert-validity.c
+++ b/src/detect-tls-cert-validity.c
@ -148,13 +148,13 @@ static int DetectTlsValidityMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx
    if (cert_epoch == 0)
        SCReturnInt(0);

-    if (dd->mode == DETECT_TLS_VALIDITY_EQ && cert_epoch == dd->epoch)
+    if ((dd->mode & DETECT_TLS_VALIDITY_EQ) && cert_epoch == dd->epoch)
        ret = 1;
-    else if (dd->mode == DETECT_TLS_VALIDITY_LT && cert_epoch <= dd->epoch)
+    else if ((dd->mode & DETECT_TLS_VALIDITY_LT) && cert_epoch <= dd->epoch)
        ret = 1;
-    else if (dd->mode == DETECT_TLS_VALIDITY_GT && cert_epoch >= dd->epoch)
+    else if ((dd->mode & DETECT_TLS_VALIDITY_GT) && cert_epoch >= dd->epoch)
        ret = 1;
-    else if (dd->mode == DETECT_TLS_VALIDITY_RA &&
+    else if ((dd->mode & DETECT_TLS_VALIDITY_RA) &&
            cert_epoch >= dd->epoch && cert_epoch <= dd->epoch2)
        ret = 1;

@ -315,20 +315,18 @@ static DetectTlsValidityData *DetectTlsValidityParse (char *rawstr)

    dd->epoch = 0;
    dd->epoch2 = 0;
-    dd->mode = DETECT_TLS_VALIDITY_EQ;
+    dd->mode = 0;

    if (strlen(mode) > 0) {
        if (mode[0] == '<')
-            dd->mode = DETECT_TLS_VALIDITY_LT;
+            dd->mode |= DETECT_TLS_VALIDITY_LT;
        else if (mode[0] == '>')
-            dd->mode = DETECT_TLS_VALIDITY_GT;
-        else
-            dd->mode = DETECT_TLS_VALIDITY_EQ;
+            dd->mode |= DETECT_TLS_VALIDITY_GT;
    }

    if (strlen(range) > 0) {
        if (strcmp("<>", range) == 0)
-            dd->mode = DETECT_TLS_VALIDITY_RA;
+            dd->mode |= DETECT_TLS_VALIDITY_RA;
    }

    if (strlen(range) != 0 && strlen(mode) != 0) {
@ -337,6 +335,10 @@ static DetectTlsValidityData *DetectTlsValidityParse (char *rawstr)
        goto error;
    }

+    if (dd->mode == 0) {
+        dd->mode |= DETECT_TLS_VALIDITY_EQ;
+    }
+
    /* set the first value */
    dd->epoch = DateStringToEpoch(value1);
    if (dd->epoch == -1)
@ -344,7 +346,7 @@ static DetectTlsValidityData *DetectTlsValidityParse (char *rawstr)

    /* set the second value if specified */
    if (strlen(value2) > 0) {
-        if (dd->mode != DETECT_TLS_VALIDITY_RA) {
+        if (!(dd->mode & DETECT_TLS_VALIDITY_RA)) {
            SCLogError(SC_ERR_INVALID_ARGUMENT,
                "Multiple tls validity values specified but mode is not range");
            goto error;
--- a/src/detect-tls-cert-validity.h
+++ b/src/detect-tls-cert-validity.h
@ -24,10 +24,10 @@
 #ifndef __DETECT_TLS_VALIDITY_H__
 #define __DETECT_TLS_VALIDITY_H__

-#define DETECT_TLS_VALIDITY_LT 0
-#define DETECT_TLS_VALIDITY_EQ 1
-#define DETECT_TLS_VALIDITY_GT 2
-#define DETECT_TLS_VALIDITY_RA 3
+#define DETECT_TLS_VALIDITY_EQ (1)    /* equal */
+#define DETECT_TLS_VALIDITY_LT (1<<1) /* less than */
+#define DETECT_TLS_VALIDITY_GT (1<<2) /* greater than */
+#define DETECT_TLS_VALIDITY_RA (1<<3) /* range */

 #define DETECT_TLS_TYPE_NOTBEFORE 0
 #define DETECT_TLS_TYPE_NOTAFTER  1