GH-779: Add "udp-state" signature condition

It accepts "originator" or "responder" states as a way to enforce that the signature only matches packets in the associated direction. The "established" state is rejected as an error since it doesn't have a useful meaning like it does for the "tcp-state" condition.
2025-10-09 18:18:19 +00:00 · 2020-10-09 13:43:17 -07:00 · 2020-10-09 13:43:17 -07:00 · 5904d0708f
commit 5904d0708f
parent 7556beac20
7 changed files with 97 additions and 0 deletions
--- a/src/RuleCondition.h
+++ b/src/RuleCondition.h
@ -46,6 +46,20 @@ private:
 	int tcpstates;
 };

+// Implements the "udp-state" keyword.
+class RuleConditionUDPState : public RuleCondition {
+public:
+	explicit RuleConditionUDPState(int arg_states)
+		{ states = arg_states; }
+
+	bool DoMatch(Rule* rule, RuleEndpointState* state, const u_char* data,
+	             int len) override;
+
+	void PrintDebug() override;
+
+private:
+	int states;
+};

 // Implements "ip-options".
 class RuleConditionIPOptions : public RuleCondition {