aboutsummaryrefslogtreecommitdiffstats
path: root/framework/src/suricata/src/pkt-var.c
diff options
context:
space:
mode:
Diffstat (limited to 'framework/src/suricata/src/pkt-var.c')
-rw-r--r--framework/src/suricata/src/pkt-var.c124
1 files changed, 124 insertions, 0 deletions
diff --git a/framework/src/suricata/src/pkt-var.c b/framework/src/suricata/src/pkt-var.c
new file mode 100644
index 00000000..b3878bde
--- /dev/null
+++ b/framework/src/suricata/src/pkt-var.c
@@ -0,0 +1,124 @@
+/* Copyright (C) 2007-2010 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * \author Victor Julien <victor@inliniac.net>
+ *
+ * Implements per packet vars
+ *
+ * \todo move away from a linked list implementation
+ * \todo use different datatypes, such as string, int, etc.
+ * \todo have more than one instance of the same var, and be able to match on a
+ * specific one, or one all at a time. So if a certain capture matches
+ * multiple times, we can operate on all of them.
+ */
+
+#include "suricata-common.h"
+#include "decode.h"
+#include "pkt-var.h"
+#include "util-debug.h"
+
+/* puts a new value into a pktvar */
+void PktVarUpdate(PktVar *pv, uint8_t *value, uint16_t size)
+{
+ if (pv->value) SCFree(pv->value);
+ pv->value = value;
+ pv->value_len = size;
+}
+
+/* get the pktvar with name 'name' from the pkt
+ *
+ * name is a normal string*/
+PktVar *PktVarGet(Packet *p, char *name)
+{
+ PktVar *pv = p->pktvar;
+
+ for (;pv != NULL; pv = pv->next) {
+ if (pv->name && strcmp(pv->name, name) == 0)
+ return pv;
+ }
+
+ return NULL;
+}
+
+/* add a pktvar to the pkt, or update it */
+void PktVarAdd(Packet *p, char *name, uint8_t *value, uint16_t size)
+{
+ //printf("Adding packet var \"%s\" with value(%" PRId32 ") \"%s\"\n", name, size, value);
+
+ PktVar *pv = PktVarGet(p, name);
+ if (pv == NULL) {
+ pv = SCMalloc(sizeof(PktVar));
+ if (unlikely(pv == NULL))
+ return;
+
+ pv->name = name;
+ pv->value = value;
+ pv->value_len = size;
+ pv->next = NULL;
+
+ PktVar *tpv = p->pktvar;
+ if (p->pktvar == NULL) p->pktvar = pv;
+ else {
+ while(tpv) {
+ if (tpv->next == NULL) {
+ tpv->next = pv;
+ return;
+ }
+ tpv = tpv->next;
+ }
+ }
+ } else {
+ PktVarUpdate(pv, value, size);
+ }
+}
+
+void PktVarFree(PktVar *pv)
+{
+ if (pv == NULL)
+ return;
+
+ pv->name = NULL;
+ if (pv->value != NULL)
+ SCFree(pv->value);
+ PktVar *pv_next = pv->next;
+
+ SCFree(pv);
+
+ if (pv_next != NULL)
+ PktVarFree(pv_next);
+}
+
+void PktVarPrint(PktVar *pv)
+{
+ uint16_t i;
+
+ if (pv == NULL)
+ return;
+
+ printf("Name \"%s\", Value \"", pv->name);
+ for (i = 0; i < pv->value_len; i++) {
+ if (isprint(pv->value[i])) printf("%c", pv->value[i]);
+ else printf("\\%02X", pv->value[i]);
+ }
+ printf("\", Len \"%" PRIu32 "\"\n", pv->value_len);
+
+ PktVarPrint(pv->next);
+}
+