"Fossies" - the Fresh Open Source Software Archive

Member "snort3_extra-3.1.51.0/src/so_rules/sid_18758/sid_18758.cc" (20 Dec 2022, 2245 Bytes) of package /linux/misc/snort3_extra-3.1.51.0.tar.gz:

As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "sid_18758.cc" see the Fossies "Dox" file reference documentation. 
    1 //--------------------------------------------------------------------------
    2 // Copyright (C) 2014-2022 Cisco and/or its affiliates. All rights reserved.
    3 //
    4 // This program is free software; you can redistribute it and/or modify it
    5 // under the terms of the GNU General Public License Version 2 as published
    6 // by the Free Software Foundation.  You may not use, modify or distribute
    7 // this program under any other version of the GNU General Public License.
    8 //
    9 // This program is distributed in the hope that it will be useful, but
   10 // WITHOUT ANY WARRANTY; without even the implied warranty of
   11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   12 // General Public License for more details.
   13 //
   14 // You should have received a copy of the GNU General Public License along
   15 // with this program; if not, write to the Free Software Foundation, Inc.,
   16 // 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
   17 //--------------------------------------------------------------------------
   18 // sid_18758.cc author Russ Combs <rucombs@cisco.com>
   19 
   20 #include "sid_18758.h"
   21 
   22 #include "framework/so_rule.h"
   23 
   24 using namespace snort;
   25 
   26 static IpsOption::EvalStatus eval(void*, Cursor&, Packet*)
   27 {
   28     return IpsOption::MATCH;
   29 }
   30 
   31 static SoEvalFunc ctor(const char* /*so*/, void** pv)
   32 {
   33     // so == "eval" here because that's our only so: option
   34     // but we could use multiple so: options and bind to
   35     // different functions based on the value of so
   36     // *pv can point to any data we need to use with so
   37     *pv = nullptr;
   38     return eval;
   39 }
   40 
   41 static void dtor(void* /*pv*/)
   42 {
   43     // cast pv to your type here
   44     // and then delete it
   45 }
   46 
   47 static const SoApi so_api =
   48 {
   49     {
   50         PT_SO_RULE,
   51         sizeof(SoApi),
   52         SOAPI_VERSION,
   53         8,
   54         API_RESERVED,
   55         API_OPTIONS,
   56         "3|18758",
   57         "SO rule example",
   58         nullptr,
   59         nullptr
   60     },
   61     (const uint8_t*)rule_18758,
   62     rule_18758_len,
   63     nullptr, // pinit
   64     nullptr, // pterm
   65     nullptr, // tinit
   66     nullptr, // tterm
   67     ctor,
   68     dtor,
   69 };
   70 
   71 // other snort plugins can be put in this list as needed
   72 // eg multiple rules in one so, custom rule options, etc.
   73 SO_PUBLIC const BaseApi* snort_plugins[] =
   74 {
   75     &so_api.base,
   76     nullptr
   77 };
   78