/src/suricata7/src/detect-noalert.c

Source
/* Copyright (C) 2007-2024 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
 * Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * version 2 along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 */

/**
 * \file
 *
 * \author Victor Julien <victor@inliniac.net>
 *
 * Implements the noalert and alert keywords.
 */

#include "suricata-common.h"
#include "action-globals.h"
#include "detect.h"
#include "detect-noalert.h"
#include "util-debug.h"
#include "util-validate.h"

static int DetectNoalertSetup(DetectEngineCtx *de_ctx, Signature *s, const char *nullstr)
{
    DEBUG_VALIDATE_BUG_ON(nullstr != NULL);

    s->action &= ~ACTION_ALERT;
    return 0;
}

static int DetectAlertSetup(DetectEngineCtx *de_ctx, Signature *s, const char *nullstr)
{
    DEBUG_VALIDATE_BUG_ON(nullstr != NULL);

    s->action |= ACTION_ALERT;
    return 0;
}

void DetectNoalertRegister(void)
{
    sigmatch_table[DETECT_NOALERT].name = "noalert";
    sigmatch_table[DETECT_NOALERT].desc = "no alert will be generated by the rule";
    sigmatch_table[DETECT_NOALERT].url = "/rules/noalert.html";
    sigmatch_table[DETECT_NOALERT].Setup = DetectNoalertSetup;
    sigmatch_table[DETECT_NOALERT].flags |= SIGMATCH_NOOPT;

    sigmatch_table[DETECT_ALERT].name = "alert";
    sigmatch_table[DETECT_ALERT].desc = "alert will be generated by the rule";
    sigmatch_table[DETECT_ALERT].url = "/rules/noalert.html";
    sigmatch_table[DETECT_ALERT].Setup = DetectAlertSetup;
    sigmatch_table[DETECT_ALERT].flags |= SIGMATCH_NOOPT;
}

Line	Count	Source
1		/* Copyright (C) 2007-2024 Open Information Security Foundation
2		*
3		* You can copy, redistribute or modify this Program under the terms of
4		* the GNU General Public License version 2 as published by the Free
5		* Software Foundation.
6		*
7		* This program is distributed in the hope that it will be useful,
8		* but WITHOUT ANY WARRANTY; without even the implied warranty of
9		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10		* GNU General Public License for more details.
11		*
12		* You should have received a copy of the GNU General Public License
13		* version 2 along with this program; if not, write to the Free Software
14		* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15		* 02110-1301, USA.
16		*/
17
18		/**
19		* \file
20		*
21		* \author Victor Julien <victor@inliniac.net>
22		*
23		* Implements the noalert and alert keywords.
24		*/
25
26		#include "suricata-common.h"
27		#include "action-globals.h"
28		#include "detect.h"
29		#include "detect-noalert.h"
30		#include "util-debug.h"
31		#include "util-validate.h"
32
33		static int DetectNoalertSetup(DetectEngineCtx de_ctx, Signature s, const char *nullstr)
34	5.09k	{
35	5.09k	DEBUG_VALIDATE_BUG_ON(nullstr != NULL);
36
37	5.09k	s->action &= ~ACTION_ALERT;
38	5.09k	return 0;
39	5.09k	}
40
41		static int DetectAlertSetup(DetectEngineCtx de_ctx, Signature s, const char *nullstr)
42	594	{
43	594	DEBUG_VALIDATE_BUG_ON(nullstr != NULL);
44
45	594	s->action \|= ACTION_ALERT;
46	594	return 0;
47	594	}
48
49		void DetectNoalertRegister(void)
50	73	{
51	73	sigmatch_table[DETECT_NOALERT].name = "noalert";
52	73	sigmatch_table[DETECT_NOALERT].desc = "no alert will be generated by the rule";
53	73	sigmatch_table[DETECT_NOALERT].url = "/rules/noalert.html";
54	73	sigmatch_table[DETECT_NOALERT].Setup = DetectNoalertSetup;
55	73	sigmatch_table[DETECT_NOALERT].flags \|= SIGMATCH_NOOPT;
56
57	73	sigmatch_table[DETECT_ALERT].name = "alert";
58	73	sigmatch_table[DETECT_ALERT].desc = "alert will be generated by the rule";
59	73	sigmatch_table[DETECT_ALERT].url = "/rules/noalert.html";
60	73	sigmatch_table[DETECT_ALERT].Setup = DetectAlertSetup;
61	73	sigmatch_table[DETECT_ALERT].flags \|= SIGMATCH_NOOPT;
62	73	}

Coverage Report

Created: 2025-11-16 07:09