const DetectEngineTransforms *transforms,
Flow *_f, const uint8_t _flow_flags,
void *txv, const int list_id);
+static void DetectTlsFingerprintSetupCallback(const DetectEngineCtx *de_ctx,
+ Signature *s);
static _Bool DetectTlsFingerprintValidateCallback(const Signature *s,
const char **sigerror);
static int g_tls_cert_fingerprint_buffer_id = 0;
DetectBufferTypeSetDescriptionByName("tls_cert_fingerprint",
"TLS certificate fingerprint");
+ DetectBufferTypeRegisterSetupCallback("tls_cert_fingerprint",
+ DetectTlsFingerprintSetupCallback);
+
DetectBufferTypeRegisterValidateCallback("tls_cert_fingerprint",
DetectTlsFingerprintValidateCallback);
return TRUE;
}
+static void DetectTlsFingerprintSetupCallback(const DetectEngineCtx *de_ctx,
+ Signature *s)
+{
+ SigMatch *sm = s->init_data->smlists[g_tls_cert_fingerprint_buffer_id];
+ for ( ; sm != NULL; sm = sm->next)
+ {
+ if (sm->type != DETECT_CONTENT)
+ continue;
+
+ DetectContentData *cd = (DetectContentData *)sm->ctx;
+
+ _Bool changed = FALSE;
+ uint32_t u;
+ for (u = 0; u < cd->content_len; u++)
+ {
+ if (isupper(cd->content[u])) {
+ cd->content[u] = tolower(cd->content[u]);
+ changed = TRUE;
+ }
+ }
+
+ /* recreate the context if changes were made */
+ if (changed) {
+ SpmDestroyCtx(cd->spm_ctx);
+ cd->spm_ctx = SpmInitCtx(cd->content, cd->content_len, 1,
+ de_ctx->spm_global_thread_ctx);
+ }
+ }
+}
+
#ifdef UNITTESTS
/**
projects / thirdparty / suricata.git / commitdiff
