suricata
detect-requires.c
Go to the documentation of this file.
1/* Copyright (C) 2023 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18#include "detect-requires.h"
19#include "suricata-common.h"
20#include "detect-engine.h"
21#include "rust.h"
22
23static int DetectRequiresSetup(DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
24{
25 if (de_ctx->requirements == NULL) {
26 de_ctx->requirements = (void *)SCDetectRequiresStatusNew();
27 BUG_ON(de_ctx->requirements == NULL);
28 }
29
30 const char *errmsg = NULL;
31 int res = SCDetectCheckRequires(rawstr, PROG_VER, &errmsg, de_ctx->requirements);
32 if (res == -1) {
33 // The requires expression is bad, log an error.
34 SCLogError("%s: %s", errmsg, rawstr);
35 de_ctx->sigerror = errmsg;
36 } else if (res < -1) {
37 // This Suricata instance didn't meet the requirements.
38 SCLogInfo("Suricata did not meet the rule requirements: %s: %s", errmsg, rawstr);
39 return -4;
40 }
41 return res;
42}
43
45{
47 sigmatch_table[DETECT_REQUIRES].desc = "require Suricata version or features";
48 sigmatch_table[DETECT_REQUIRES].url = "/rules/meta-keywords.html#requires";
49 sigmatch_table[DETECT_REQUIRES].Setup = DetectRequiresSetup;
50}
SigTableElmt * sigmatch_table
void DetectRequiresRegister(void)
DetectEngineCtx * de_ctx
main detection engine ctx
Definition detect.h:932
const char * sigerror
Definition detect.h:1025
SCDetectRequiresStatus * requirements
Definition detect.h:1135
const char * url
Definition detect.h:1462
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Definition detect.h:1441
const char * desc
Definition detect.h:1461
const char * name
Definition detect.h:1459
Signature container.
Definition detect.h:668
#define BUG_ON(x)
#define PROG_VER
Definition suricata.h:76
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition util-debug.h:225
#define SCLogError(...)
Macro used to log ERROR messages.
Definition util-debug.h:267