#include "util-unittest-helper.h"
#include "util-spm.h"
-/* the default value of endianess to be used, if none's specified */
+/* the default value of endianness to be used, if none's specified */
#define DETECT_BYTE_EXTRACT_ENDIAN_DEFAULT DETECT_BYTE_EXTRACT_ENDIAN_BIG
/* the base to be used if string mode is specified. These options would be
#define STRING_MAX_BYTES_TO_EXTRACT_FOR_OCT 23
#define STRING_MAX_BYTES_TO_EXTRACT_FOR_DEC 20
#define STRING_MAX_BYTES_TO_EXTRACT_FOR_HEX 14
-/* the max no of bytes that can be extraced in non-string mode */
+/* the max no of bytes that can be extracted in non-string mode */
#define NO_STRING_MAX_BYTES_TO_EXTRACT 8
#define PARSE_REGEX "^" \
*
* \param det_ctx thread de ctx
* \param s signature
- * \param m sigmatch for this bytettest
+ * \param m sigmatch for this bytetest
* \param payload ptr to the start of the buffer to inspect
* \param payload_len length of the payload
* \retval 1 match
*
* \author Kevin Wong <kwong@solananetworks.com>
*
- * Set up ENIP Commnad and CIP Service rule parsing and entry point for matching
+ * Set up ENIP Command and CIP Service rule parsing and entry point for matching
*/
#include "suricata-common.h"
*/
/**
- * \brief ENIP Commond Detect Prototypes
+ * \brief ENIP Command Detect Prototypes
*/
static int DetectEnipCommandSetup(DetectEngineCtx *, Signature *, const char *);
static void DetectEnipCommandFree(DetectEngineCtx *, void *);
* \brief This function is used to parse cip_service options passed via enip_command: keyword
*
* \param rulestr Pointer to the user provided rulestr options
- * Takes single single numeric value
+ * Takes single numeric value
*
* \retval enipcmdd pointer to DetectCipServiceData on success
* \retval NULL on failure
static int g_dce_stub_data_buffer_id = 0;
/**
- * \test DetectCotentParseTest01 this is a test to make sure we can deal with escaped colons
+ * \test DetectContentParseTest01 this is a test to make sure we can deal with escaped colons
*/
static int DetectContentParseTest01 (void)
{
}
/**
- * \test DetectCotentParseTest02 this is a test to make sure we can deal with escaped semi-colons
+ * \test DetectContentParseTest02 this is a test to make sure we can deal with escaped semi-colons
*/
static int DetectContentParseTest02 (void)
{
}
/**
- * \test DetectCotentParseTest03 this is a test to make sure we can deal with escaped double-quotes
+ * \test DetectContentParseTest03 this is a test to make sure we can deal with escaped double-quotes
*/
static int DetectContentParseTest03 (void)
{
}
/**
- * \test DetectCotentParseTest04 this is a test to make sure we can deal with escaped backslashes
+ * \test DetectContentParseTest04 this is a test to make sure we can deal with escaped backslashes
*/
static int DetectContentParseTest04 (void)
{
}
/**
- * \test DetectCotentParseTest05 test illegal escape
+ * \test DetectContentParseTest05 test illegal escape
*/
static int DetectContentParseTest05 (void)
{
}
/**
- * \test DetectCotentParseTest06 test a binary content
+ * \test DetectContentParseTest06 test a binary content
*/
static int DetectContentParseTest06 (void)
{
}
/**
- * \test DetectCotentParseTest07 test an empty content
+ * \test DetectContentParseTest07 test an empty content
*/
static int DetectContentParseTest07 (void)
{
}
/**
- * \test DetectCotentParseTest08 test an empty content
+ * \test DetectContentParseTest08 test an empty content
*/
static int DetectContentParseTest08 (void)
{
SigMatch *pm = NULL;
int ret = -1;
- /* retrive the sm to apply the depth against */
+ /* retrieve the sm to apply the depth against */
pm = DetectGetLastSMFromLists(s, DETECT_CONTENT, -1);
if (pm == NULL) {
SCLogError("depth needs "
* within the range of valid function codes. If function name is
* passed it will be resolved to its function code.
*
- * \retval The function code as an integer if successul, -1 on
+ * \retval The function code as an integer if successful, -1 on
* failure.
*/
static int DetectDNP3FuncParseFunctionCode(const char *str, uint8_t *fc)
/**
* \brief Setup a single address string, parse it and add the resulting
- * Address-Range(s) to the AddessHead(DetectAddressHead instance).
+ * Address-Range(s) to the AddressHead(DetectAddressHead instance).
*
* \param gh Pointer to the Address-Head(DetectAddressHead) to which the
* resulting Address-Range(s) from the parsed ip string has to
#ifdef DEBUG
/**
* \brief Prints the address data held by the DetectAddress. If the address
- * data family is IPv4, we print the the ipv4 address and mask, and
+ * data family is IPv4, we print the ipv4 address and mask, and
* if the address data family is IPv6, we print the ipv6 address and
* mask.
*
uint32_t groups = 0;
DetectPort *list;
- /* insert the addresses into the tmplist, where it will
- * be sorted descending on 'cnt' and on wehther a group
+ /* insert the addresses into the tmplist, where it will
+ * be sorted descending on 'cnt' and on whether a group
* is whitelisted. */
DetectPort *oldhead = port_list;
*
* The following keywords are inspected:
* - content, including all the http and dce modified contents
- * - isdaatat
+ * - isdataat
* - pcre
* - bytejump
* - bytetest
/**
* \brief Matches the rule to the ENIP Transaction
- * @param enip_data - the ENIP transation
+ * @param enip_data - the ENIP transaction
* * @param cipserviced - the CIP service rule
*/
}
}
- /* If a Signature file is specified from commandline, parse it too */
+ /* If a Signature file is specified from command-line, parse it too */
if (sig_file != NULL) {
ret = ProcessSigFiles(de_ctx, sig_file, sig_stat, &good_sigs, &bad_sigs);
#ifdef UNITTESTS
#include "detect-engine-alert.h"
-/** \test Not the first but the second occurence of "abc" should be used
- * for the 2nd match */
+/** \test Not the first but the second occurrence of "abc" should be used
+ * for the 2nd match */
static int PayloadTestSig01 (void)
{
uint8_t *buf = (uint8_t *)
*
* Ports part of the detection engine.
*
- * \todo more unittesting
+ * \todo more unit testing
*
*/
}
/**
- * \test DetectrotoTestSetup02 is a test for a icmpv4 and icmpv6
+ * \test DetectProtoTestSetup02 is a test for a icmpv4 and icmpv6
* protocol setting up in signature.
*/
static int DetectProtoTestSetup02(void)
if ( !(sgh->init->sig_array[sig / 8] & (1 << (sig % 8))) )
continue;
- /* If we have reached here, we have an entry for sid in the SigGrouHead.
+ /* If we have reached here, we have an entry for sid in the SigGroupHead.
* Retrieve the Signature from the detection engine context */
s = de_ctx->sig_array[sig];
if (s == NULL)
* \defgroup sigstate State support
*
* State is stored in the ::DetectEngineState structure. This is
- * basically a containter for storage item of type ::DeStateStore.
+ * basically a container for storage item of type ::DeStateStore.
* They contains an array of ::DeStateStoreItem which store the
* state of match for an individual signature identified by
* DeStateStoreItem::sid.
}
/**
- * \brief Removes the entries exceding the max timeout value
+ * \brief Removes the entries exceeding the max timeout value
*
* \param tag_ctx Tag context
* \param ts the current time
/**
* \brief Make the threshold logic for signatures
*
- * \param de_ctx Dectection Context
+ * \param de_ctx Detection Context
* \param tsh_ptr Threshold element
* \param p Packet structure
* \param s Signature structure
/**
* \brief Init threshold context hash tables
*
- * \param de_ctx Dectection Context
+ * \param de_ctx Detection Context
*
*/
void ThresholdHashInit(DetectEngineCtx *de_ctx)
/**
* \brief Destroy threshold context hash tables
*
- * \param de_ctx Dectection Context
+ * \param de_ctx Detection Context
*
*/
void ThresholdContextDestroy(DetectEngineCtx *de_ctx)
InspectionBuffer *InspectionBufferMultipleForListGet(
DetectEngineThreadCtx *det_ctx, const int list_id, uint32_t local_id);
-/* start up registery funcs */
+/* start up registry funcs */
int DetectBufferTypeRegister(const char *name);
int DetectBufferTypeGetByName(const char *name);
}
/**
- * \brief This function is used to parse fileet
+ * \brief This function is used to parse fileext
*
* \param de_ctx Pointer to the detection engine context
* \param str Pointer to the fileext value string
}
/**
- * \test DetectFlowTestParse12 is a test for setting an invalid seperator :
+ * \test DetectFlowTestParse12 is a test for setting an invalid separator :
*/
static int DetectFlowTestParse12 (void)
{
/**
* \test FlowBitsTestSig01 is a test for a valid noalert flowbits option
*
- * \retval 1 on succces
+ * \retval 1 on success
* \retval 0 on failure
*/
/**
* \test FlowBitsTestSig02 is a test for a valid isset,set,isnotset,unset,toggle flowbits options
*
- * \retval 1 on succces
+ * \retval 1 on success
* \retval 0 on failure
*/
/**
* \test FlowBitsTestSig03 is a test for a invalid flowbits option
*
- * \retval 1 on succces
+ * \retval 1 on success
* \retval 0 on failure
*/
/**
* \test FlowBitsTestSig04 is a test check idx value
*
- * \retval 1 on succces
+ * \retval 1 on success
* \retval 0 on failure
*/
/**
* \test FlowBitsTestSig05 is a test check noalert flag
*
- * \retval 1 on succces
+ * \retval 1 on success
* \retval 0 on failure
*/
/**
* \test FlowBitsTestSig06 is a test set flowbits option
*
- * \retval 1 on succces
+ * \retval 1 on success
* \retval 0 on failure
*/
/**
* \test FlowBitsTestSig07 is a test unset flowbits option
*
- * \retval 1 on succces
+ * \retval 1 on success
* \retval 0 on failure
*/
}
/**
- * \test FlowBitsTestSig08 is a test toogle flowbits option
+ * \test FlowBitsTestSig08 is a test toggle flowbits option
*
- * \retval 1 on succces
+ * \retval 1 on success
* \retval 0 on failure
*/
* \param m pointer to the sigmatch that we will cast into DetectFlowintData
*
* \retval 0 no match, when a var doesn't exist
- * \retval 1 match, when a var is initialized well, add/substracted, or a true
+ * \retval 1 match, when a var is initialized well, add/subtracted, or a true
* condition
*/
int DetectFlowintMatch(DetectEngineThreadCtx *det_ctx,
}
if (sfd->modifier == FLOWINT_MODIFIER_SUB) {
- SCLogDebug("Substracting %u to %s", targetval, sfd->name);
+ SCLogDebug("Subtracting %u to %s", targetval, sfd->name);
FlowVarAddIntNoLock(p->flow, sfd->idx, fv->data.fv_int.value -
targetval);
ret = 1;
#ifdef UNITTESTS
#include "detect-engine-alert.h"
/**
- * \brief This is a helper funtion used for debugging purposes
+ * \brief This is a helper function used for debugging purposes
*/
static void DetectFlowintPrintData(DetectFlowintData *sfd)
{
/**
* \test DetectFlowintTestParseVal05 is a test to make sure that we set the
- * DetectFlowint correctly for cheking if not equal to a valid target value
+ * DetectFlowint correctly for checking if not equal to a valid target value
*/
static int DetectFlowintTestParseVal05(void)
{
/**
* \test DetectFlowintTestParseVal06 is a test to make sure that we set the
- * DetectFlowint correctly for cheking if greater than a valid target value
+ * DetectFlowint correctly for checking if greater than a valid target value
*/
static int DetectFlowintTestParseVal06(void)
{
/**
* \test DetectFlowintTestParseVal07 is a test to make sure that we set the
- * DetectFlowint correctly for cheking if greater or equal than a valid target value
+ * DetectFlowint correctly for checking if greater or equal than a valid target value
*/
static int DetectFlowintTestParseVal07(void)
{
/**
* \test DetectFlowintTestParseVal08 is a test to make sure that we set the
- * DetectFlowint correctly for cheking if lower or equal than a valid target value
+ * DetectFlowint correctly for checking if lower or equal than a valid target value
*/
static int DetectFlowintTestParseVal08(void)
{
/**
* \test DetectFlowintTestParseVal09 is a test to make sure that we set the
- * DetectFlowint correctly for cheking if lower than a valid target value
+ * DetectFlowint correctly for checking if lower than a valid target value
*/
static int DetectFlowintTestParseVal09(void)
{
* and when that counter reach 6 packets.
*
* All the Signatures generate an alert(its for testing)
- * but the ignature that increment the second counter +1, that has
+ * but the signature that increment the second counter +1, that has
* a "noalert", so we can do all increments
* silently until we reach 6 next packets counted
*/
FLOWINT_MODIFIER_UNKNOWN
};
-/** The target can be a value, or another variable arleady declared */
+/** The target can be a value, or another variable already declared */
enum {
FLOWINT_TARGET_VAL,
FLOWINT_TARGET_VAR,
/**
* \brief this function will SCFree memory associated with DetectFlowvarData
*
- * \param cd pointer to DetectCotentData
+ * \param cd pointer to DetectContentData
*/
static void DetectFlowvarDataFree(DetectEngineCtx *de_ctx, void *ptr)
{
/**
* \test FragBitsTestParse01 is a test for a valid fragbits value
*
- * \retval 1 on succces
+ * \retval 1 on success
* \retval 0 on failure
*/
static int FragBitsTestParse01 (void)
/**
* \test FragBitsTestParse02 is a test for an invalid fragbits value
*
- * \retval 1 on succces
+ * \retval 1 on success
* \retval 0 on failure
*/
static int FragBitsTestParse02 (void)
/* PrintRawDataFp(stdout, payload, payload_len); */
if (payload_len < 7) {
- /* we need at least a differet ip address
+ /* we need at least a different ip address
* in the format 1,2,3,4,x,y where x,y is the port
* in two byte representation so let's look at
* least for the IP octets in comma separated */
sm->type = DETECT_FTPBOUNCE;
/* We don't need to allocate any data for ftpbounce here.
- *
- * TODO: As a suggestion, maybe we can add a flag in the flow
- * to set the stream as "bounce detected" for fast Match.
- * When you do a ftp bounce attack you usually use the same
- * communication control stream to "setup" various destinations
- * whithout breaking the connection, so I guess we can make it a bit faster
- * with a flow flag set lookup in the Match function.
- */
+ *
+ * TODO: As a suggestion, maybe we can add a flag in the flow
+ * to set the stream as "bounce detected" for fast Match.
+ * When you do a ftp bounce attack you usually use the same
+ * communication control stream to "setup" various destinations
+ * without breaking the connection, so I guess we can make it a bit faster
+ * with a flow flag set lookup in the Match function.
+ */
sm->ctx = NULL;
SigMatchAppendSMToList(s, sm, g_ftp_request_list_id);
#include "app-layer-ftp.h"
/** Per keyword data. This is set up by the DetectFtpcommandSetup() function.
- * Each signature will have an instance of DetectFtpcommandData per occurence
+ * Each signature will have an instance of DetectFtpcommandData per occurrence
* of the keyword.
* The structure should be considered static/readonly after initialization.
*/
}
if (geoipdata->nlocations >= GEOOPTION_MAXLOCATIONS) {
- SCLogError("too many arguements for geoip keyword");
+ SCLogError("too many arguments for geoip keyword");
goto error;
}
hostbits:set,bitname,both,120;
*/
-#define PARSE_REGEX "^([a-z]+)" /* Action */ \
- "(?:\\s*,\\s*([^\\s,]+))?(?:\\s*)?" /* Name. */ \
- "(?:\\s*,\\s*([^,\\s]+))?(?:\\s*)?" /* Direction. */ \
- "(.+)?" /* Any remainding data. */
+#define PARSE_REGEX \
+ "^([a-z]+)" /* Action */ \
+ "(?:\\s*,\\s*([^\\s,]+))?(?:\\s*)?" /* Name. */ \
+ "(?:\\s*,\\s*([^,\\s]+))?(?:\\s*)?" /* Direction. */ \
+ "(.+)?" /* Any remaining data. */
static DetectParseRegex parse_regex;
static int DetectHostbitMatch (DetectEngineThreadCtx *, Packet *,
/**
* \test HostBitsTestSig01 is a test for a valid noalert flowbits option
*
- * \retval 1 on succces
+ * \retval 1 on success
* \retval 0 on failure
*/
/**
* \test various options
*
- * \retval 1 on succces
+ * \retval 1 on success
* \retval 0 on failure
*/
/**
* \test HostBitsTestSig03 is a test check idx value
*
- * \retval 1 on succces
+ * \retval 1 on success
* \retval 0 on failure
*/
#include "stream-tcp-reassemble.h"
/**
- * \test Test that a signature containting a http_request_line is correctly parsed
+ * \test Test that a signature containing a http_request_line is correctly parsed
* and the keyword is registered.
*/
static int DetectHttpRequestLineTest01(void)
#include "stream-tcp-reassemble.h"
/**
- * \test Test that a signature containting a http_response_line is correctly parsed
+ * \test Test that a signature containing a http_response_line is correctly parsed
* and the keyword is registered.
*/
static int DetectHttpResponseLineTest01(void)
/**
* \test DetectL3protoTestSig03 is a test for checking the working of l3proto keyword
- * in conjonction with ip_proto keyword.
+ * in conjunction with ip_proto keyword.
*/
static int DetectL3protoTestSig3(void)
* Implements metadata keyword support
*
* \todo Do we need to do anything more this is used in snort host attribute table
- * It is also used for rule managment.
+ * It is also used for rule management.
*/
#include "suricata-common.h"
HashTableFree(de_ctx->metadata_table);
}
-static const char *DetectMedatataHashAdd(DetectEngineCtx *de_ctx, const char *string)
+static const char *DetectMetadataHashAdd(DetectEngineCtx *de_ctx, const char *string)
{
const char *hstring = (char *)HashTableLookup(
de_ctx->metadata_table, (void *)string, (uint16_t)strlen(string));
goto next;
}
- const char *hkey = DetectMedatataHashAdd(de_ctx, key);
+ const char *hkey = DetectMetadataHashAdd(de_ctx, key);
if (hkey == NULL) {
SCLogError("can't create metadata key");
continue;
}
- const char *hval = DetectMedatataHashAdd(de_ctx, val);
+ const char *hval = DetectMetadataHashAdd(de_ctx, val);
if (hval == NULL) {
SCLogError("can't create metadata value");
goto next;
goto end;
}
- /* retrive the sm to apply the nocase against */
+ /* retrieve the sm to apply the nocase against */
pm = DetectGetLastSMFromLists(s, DETECT_CONTENT, -1);
if (pm == NULL) {
SCLogError("nocase needs "
{
const char *str = offsetstr;
- /* retrive the sm to apply the offset against */
+ /* retrieve the sm to apply the offset against */
SigMatch *pm = DetectGetLastSMFromLists(s, DETECT_CONTENT, -1);
if (pm == NULL) {
SCLogError("offset needs preceding content option.");
* protocol has to be added.
* \param protostr Pointer to the character string containing the protocol name.
*
- * \retval 0 On successfully parsing the protocl sent as the argument.
+ * \retval 0 On successfully parsing the protocol sent as the argument.
* \retval -1 On failure
*/
static int SigParseProto(Signature *s, const char *protostr)
return result;
}
-static int SigParseTestUnblanacedQuotes01(void)
+static int SigParseTestUnbalancedQuotes01(void)
{
DetectEngineCtx *de_ctx;
Signature *s;
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
- s = SigInit(de_ctx, "alert http any any -> any any (msg:\"SigParseTestUnblanacedQuotes01\"; pcre:\"/\\/[a-z]+\\.php\\?[a-z]+?=\\d{7}&[a-z]+?=\\d{7,8}$/U\" flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2017078; rev:5;)");
+ s = SigInit(de_ctx,
+ "alert http any any -> any any (msg:\"SigParseTestUnbalancedQuotes01\"; "
+ "pcre:\"/\\/[a-z]+\\.php\\?[a-z]+?=\\d{7}&[a-z]+?=\\d{7,8}$/U\" "
+ "flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2017078; rev:5;)");
FAIL_IF_NOT_NULL(s);
PASS;
UtRegisterTest("SigParseTestAppLayerTLS01", SigParseTestAppLayerTLS01);
UtRegisterTest("SigParseTestAppLayerTLS02", SigParseTestAppLayerTLS02);
UtRegisterTest("SigParseTestAppLayerTLS03", SigParseTestAppLayerTLS03);
- UtRegisterTest("SigParseTestUnblanacedQuotes01",
- SigParseTestUnblanacedQuotes01);
+ UtRegisterTest("SigParseTestUnbalancedQuotes01", SigParseTestUnbalancedQuotes01);
UtRegisterTest("SigParseTestContentGtDsize01",
SigParseTestContentGtDsize01);
pd->parse_regex.regex =
pcre2_compile((PCRE2_SPTR8)re, PCRE2_ZERO_TERMINATED, opts, &en, &eo2, NULL);
- if (pd->parse_regex.regex == NULL && en == 115) { // reference to non-existent subpattern
+ if (pd->parse_regex.regex == NULL && en == 115) { // reference to nonexistent subpattern
opts &= ~PCRE2_NO_AUTO_CAPTURE;
pd->parse_regex.regex =
pcre2_compile((PCRE2_SPTR8)re, PCRE2_ZERO_TERMINATED, opts, &en, &eo2, NULL);
/**
* \test one valid reference.
*
- * \retval 1 on succces.
+ * \retval 1 on success.
* \retval 0 on failure.
*/
static int DetectReferenceParseTest01(void)
/**
* \test for two valid references.
*
- * \retval 1 on succces.
+ * \retval 1 on success.
* \retval 0 on failure.
*/
static int DetectReferenceParseTest02(void)
/**
* \test parsing: invalid reference.
*
- * \retval 1 on succces.
+ * \retval 1 on success.
* \retval 0 on failure.
*/
static int DetectReferenceParseTest03(void)
/* Add to the head of the replace-list.
*
* The first to add to the replace-list has the highest priority. So,
- * adding the the head of the list results in the newest modifications
+ * adding the head of the list results in the newest modifications
* of content being applied first, so later changes can over ride
* earlier changes. Thus the highest priority modifications should be
* applied last.
}
for (size_t i = 0; i < cd->content_len; ++i) {
if (!isxdigit(cd->content[i])) {
- *sigerror = "Invalid ssh.hassh.server string (should be string of hexademical "
+ *sigerror = "Invalid ssh.hassh.server string (should be string of hexadecimal "
"characters)."
"This rule will therefore never match.";
SCLogWarning("rule %u: %s", s->id, *sigerror);
for (size_t i = 0; i < cd->content_len; ++i) {
if (!isxdigit(cd->content[i])) {
*sigerror =
- "Invalid ssh.hassh string (should be string of hexademical characters)."
+ "Invalid ssh.hassh string (should be string of hexadecimal characters)."
"This rule will therefore never match.";
SCLogWarning("rule %u: %s", s->id, *sigerror);
return false;
* also specify the version, something like
* ssh.softwareversion:"PuTTY-Release-0.55"
* I find this useful to match over a known vulnerable server/client
- * software version incombination to other checks, so you can know
+ * software version in combination to other checks, so you can know
* that the risk is higher
*/
#ifndef DETECT_SSL_STATE_H
#define DETECT_SSL_STATE_H
-
-/* we pick these flags flags from the parser */
+/* we pick these flags from the parser */
#define DETECT_SSL_STATE_CLIENT_HELLO SSL_AL_FLAG_STATE_CLIENT_HELLO
#define DETECT_SSL_STATE_SERVER_HELLO SSL_AL_FLAG_STATE_SERVER_HELLO
#define DETECT_SSL_STATE_CLIENT_KEYX SSL_AL_FLAG_STATE_CLIENT_KEYX
/**
* \test FlagsTestParse01 is a test for a valid flags value
*
- * \retval 1 on succces
+ * \retval 1 on success
* \retval 0 on failure
*/
static int FlagsTestParse01 (void)
/**
* \test FlagsTestParse02 is a test for an invalid flags value
*
- * \retval 1 on succces
+ * \retval 1 on success
* \retval 0 on failure
*/
static int FlagsTestParse02 (void)
/**
* \test FlagsTestParse04 check if ACK bit is set. Must fails.
*
- * \retval 1 on succces
+ * \retval 1 on success
* \retval 0 on failure
*/
static int FlagsTestParse04 (void)
/**
* \test FlagsTestParse12 check if no flags are set. Must fails.
*
- * \retval 1 on succces
+ * \retval 1 on success
* \retval 0 on failure
*/
static int FlagsTestParse12 (void)
/**
* \test test for a valid flags value
*
- * \retval 1 on succces
+ * \retval 1 on success
* \retval 0 on failure
*/
static int FlagsTestParse13 (void)
typedef struct DetectFlagsData_ {
uint8_t flags; /**< TCP flags */
uint8_t modifier; /**< !(1) +(2) *(3) modifiers */
- uint8_t ignored_flags; /**< Ignored TCP flags defined by modifer , */
+ uint8_t ignored_flags; /**< Ignored TCP flags defined by modifier , */
} DetectFlagsData;
/**
}
/* Get the window size if it's a valid value (in packets, we
- * should alert if this doesn't happend from decode) */
+ * should alert if this doesn't happen from decode) */
if (StringParseUint16(&wd->size, 10, 0, copy_str) < 0) {
goto error;
}
sigmatch_table[DETECT_AL_TLS_CERT_FINGERPRINT].name = "tls.cert_fingerprint";
sigmatch_table[DETECT_AL_TLS_CERT_FINGERPRINT].alias = "tls_cert_fingerprint";
sigmatch_table[DETECT_AL_TLS_CERT_FINGERPRINT].desc =
- "sticky byffer to match the TLS cert fingerprint buffer";
+ "sticky buffer to match the TLS cert fingerprint buffer";
sigmatch_table[DETECT_AL_TLS_CERT_FINGERPRINT].url = "/rules/tls-keywords.html#tls-cert-fingerprint";
sigmatch_table[DETECT_AL_TLS_CERT_FINGERPRINT].Setup = DetectTlsFingerprintSetup;
#ifdef UNITTESTS
/**
* \brief this function will Free memory associated with DetectContentData
*
- * \param cd pointer to DetectUricotentData
+ * \param cd pointer to DetectUricontentData
*/
void DetectUricontentFree(DetectEngineCtx *de_ctx, void *ptr)
{
const char *legacy = NULL;
if (ConfGet("legacy.uricontent", &legacy) == 1) {
if (strcasecmp("disabled", legacy) == 0) {
- SCLogError("uriconent deprecated. To "
+ SCLogError("uricontent deprecated. To "
"use a rule with \"uricontent\", either set the "
"option - \"legacy.uricontent\" in the conf to "
"\"enabled\" OR replace uricontent with "
;
} else {
SCLogError("Invalid value found "
- "for legacy.uriconent - \"%s\". Valid values are "
+ "for legacy.uricontent - \"%s\". Valid values are "
"\"enabled\" OR \"disabled\".",
legacy);
goto error;
return res;
}
-/** \test Check a signature with gievn urilen */
+/** \test Check a signature with given urilen */
static int DetectUrilenSigTest01(void)
{
int result = 0;
/**
* \test various options
*
- * \retval 1 on succces
+ * \retval 1 on success
* \retval 0 on failure
*/
goto final;
}
/* otherwise, if nonmpm is done jump to final for mpm
- * mpm ptrs alrady updated */
+ * mpm ptrs already updated */
if (unlikely(--n_cnt == 0)) {
final_ptr = mpm_ptr;
final_cnt = m_cnt;
* detection.
*
* \param stored_flags pointer to stored flags or NULL.
- * If stored_flags is set it means we're continueing
+ * If stored_flags is set it means we're continuing
* inspection from an earlier run.
*
* \retval bool true sig matched, false didn't match
if (inspect_flags) {
/* continue previous inspection */
- SCLogDebug("%p/%"PRIu64" Continueing sid %u", tx.tx_ptr, tx.tx_id, s->id);
+ SCLogDebug("%p/%" PRIu64 " Continuing sid %u", tx.tx_ptr, tx.tx_id, s->id);
} else {
/* start new inspection */
SCLogDebug("%p/%"PRIu64" Start sid %u", tx.tx_ptr, tx.tx_id, s->id);
static DetectEngineThreadCtx *GetTenantById(HashTable *h, uint32_t id)
{
/* technically we need to pass a DetectEngineThreadCtx struct with the
- * tentant_id member. But as that member is the first in the struct, we
+ * tenant_id member. But as that member is the first in the struct, we
* can use the id directly. */
return HashTableLookup(h, &id, 0);
}
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
Packet *p)
{
- /* No need to perform any detection on this packet, if the the given flag is set.*/
+ /* No need to perform any detection on this packet, if the given flag is set.*/
if ((p->flags & PKT_NOPACKET_INSPECTION) || (PacketCheckAction(p, ACTION_DROP))) {
return;
}
projects / thirdparty / suricata.git / commitdiff
