TTL macros suppport

remotes/origin/master-1.0.x
Gurvinder Singh 17 years ago committed by Victor Julien
parent 90fea03af5
commit 34e526d853

@ -78,9 +78,9 @@ int DetectTtlMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Si
DetectTtlData *ttld = (DetectTtlData *) m->ctx;
if (PKT_IS_IPV4(p)) {
pttl = p->ip4c.ip_ttl;
pttl = IPV4_GET_IPTTL(p);
} else if (PKT_IS_IPV6(p)) {
pttl = p->ip6c.hlim;
pttl = IPV6_GET_HLIM(p);
} else {
SCLogDebug("Packet is of not IPv4 or IPv6");
return ret;
@ -482,19 +482,16 @@ static int DetectTtlTestSig1(void) {
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx;
int result = 0;
IPV4Cache ip4c;
IPV4Hdr ip4h;
memset(&th_v, 0, sizeof(th_v));
memset(&p, 0, sizeof(p));
memset(&ip4c, 0, sizeof(ip4c));
memset(&ip4h, 0, sizeof(ip4h));
p.src.family = AF_INET;
p.dst.family = AF_INET;
p.proto = IPPROTO_TCP;
ip4c.ip_ttl = 15;
p.ip4c =ip4c;
ip4h.ip_ttl = 15;
p.ip4h = &ip4h;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
@ -525,7 +522,6 @@ static int DetectTtlTestSig1(void) {
}
SigGroupBuild(de_ctx);
PatternMatchPrepare(mpm_ctx, MPM_B2G);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
@ -550,7 +546,6 @@ cleanup:
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
PatternMatchDestroy(mpm_ctx);
DetectEngineCtxFree(de_ctx);
end:

@ -7,15 +7,16 @@
#ifndef _DETECT_TTL_H
#define _DETECT_TTL_H
#define DETECT_TTL_LT 0
#define DETECT_TTL_EQ 1
#define DETECT_TTL_GT 2
#define DETECT_TTL_RA 3
#define DETECT_TTL_LT 0 /**< "less than" operator */
#define DETECT_TTL_EQ 1 /**< "equals" operator (default) */
#define DETECT_TTL_GT 2 /**< "greater than" operator */
#define DETECT_TTL_RA 3 /**< "range" operator */
typedef struct DetectTtlData_ {
uint8_t ttl1;
uint8_t ttl2;
uint8_t mode;
uint8_t ttl1; /**< first ttl value in the signature*/
uint8_t ttl2; /**< second ttl value in the signature, in case of range
operator*/
uint8_t mode; /**< operator used in the signature */
}DetectTtlData;
void DetectTtlRegister(void);

Loading…
Cancel
Save