[Oisf-devel] [PATCH 6/9] detect: Add support for sctp option in rule
Eric Leblond
eric at regit.org
Mon Feb 28 16:44:32 UTC 2011
'sctp' can now be used as a keyword in signature. It is at the same
level as the 'tcp' or 'udp' keywords.
---
src/detect-engine-proto.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/src/detect-engine-proto.c b/src/detect-engine-proto.c
index 404468b..2f219c5 100644
--- a/src/detect-engine-proto.c
+++ b/src/detect-engine-proto.c
@@ -116,6 +116,10 @@ int DetectProtoParse(DetectProto *dp, char *str)
proto = IPPROTO_ICMPV6;
dp->proto[proto / 8] |= 1 << (proto % 8);
SCLogDebug("ICMP protocol detected, sig applies both to ICMPv4 and ICMPv6");
+ } else if (strcasecmp(str, "sctp") == 0) {
+ proto = IPPROTO_SCTP;
+ dp->proto[proto / 8] |= 1 << (proto % 8);
+ SCLogDebug("SCTP protocol detected");
} else if (strcasecmp(str,"ip") == 0) {
/* Proto "ip" is treated as an "any" */
dp->flags |= DETECT_PROTO_ANY;
--
1.7.1
More information about the Oisf-devel
mailing list