}
}
-void DetectBufferTypeRegisterValidateCallback(const char *name,
- bool (*ValidateCallback)(const Signature *, const char **sigerror))
+void DetectBufferTypeRegisterValidateCallback(
+ const char *name, bool (*ValidateCallback)(const Signature *, const char **sigerror,
+ const DetectBufferType *))
{
BUG_ON(g_buffer_type_reg_closed);
DetectBufferTypeRegister(name);
const DetectEngineCtx *de_ctx, const int id, const Signature *s, const char **sigerror)
{
const DetectBufferType *map = DetectEngineBufferTypeGetById(de_ctx, id);
- if (map && map->ValidateCallback) {
- return map->ValidateCallback(s, sigerror);
+ // only run validation if the buffer is not transformed
+ if (map && map->ValidateCallback && map->transforms.cnt == 0) {
+ return map->ValidateCallback(s, sigerror, map);
}
return true;
}
const char *DetectBufferTypeGetDescriptionByName(const char *name);
void DetectBufferTypeRegisterSetupCallback(const char *name,
void (*Callback)(const DetectEngineCtx *, Signature *));
-void DetectBufferTypeRegisterValidateCallback(const char *name,
- bool (*ValidateCallback)(const Signature *, const char **sigerror));
+void DetectBufferTypeRegisterValidateCallback(
+ const char *name, bool (*ValidateCallback)(const Signature *, const char **sigerror,
+ const DetectBufferType *));
/* detect engine related buffer funcs */
#ifdef UNITTESTS
static void DetectHttpHHRegisterTests(void);
#endif
-static bool DetectHttpHostValidateCallback(const Signature *s, const char **sigerror);
+static bool DetectHttpHostValidateCallback(
+ const Signature *s, const char **sigerror, const DetectBufferType *dbt);
static int DetectHttpHostSetup(DetectEngineCtx *, Signature *, const char *);
static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx,
const DetectEngineTransforms *transforms,
de_ctx, s, arg, DETECT_HTTP_HOST_CM, g_http_host_buffer_id, ALPROTO_HTTP1);
}
-static bool DetectHttpHostValidateCallback(const Signature *s, const char **sigerror)
+static bool DetectHttpHostValidateCallback(
+ const Signature *s, const char **sigerror, const DetectBufferType *dbt)
{
for (uint32_t x = 0; x < s->init_data->buffer_index; x++) {
- if (s->init_data->buffers[x].id != (uint32_t)g_http_host_buffer_id)
+ if (s->init_data->buffers[x].id != (uint32_t)dbt->id)
continue;
const SigMatch *sm = s->init_data->buffers[x].head;
for (; sm != NULL; sm = sm->next) {
void DetectHttpMethodRegisterTests(void);
#endif
void DetectHttpMethodFree(void *);
-static bool DetectHttpMethodValidateCallback(const Signature *s, const char **sigerror);
+static bool DetectHttpMethodValidateCallback(
+ const Signature *s, const char **sigerror, const DetectBufferType *dbt);
static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx,
const DetectEngineTransforms *transforms, Flow *_f,
const uint8_t _flow_flags, void *txv, const int list_id);
* \retval 1 valid
* \retval 0 invalid
*/
-static bool DetectHttpMethodValidateCallback(const Signature *s, const char **sigerror)
+static bool DetectHttpMethodValidateCallback(
+ const Signature *s, const char **sigerror, const DetectBufferType *dbt)
{
for (uint32_t x = 0; x < s->init_data->buffer_index; x++) {
- if (s->init_data->buffers[x].id != (uint32_t)g_http_method_buffer_id)
+ if (s->init_data->buffers[x].id != (uint32_t)dbt->id)
continue;
const SigMatch *sm = s->init_data->buffers[x].head;
for (; sm != NULL; sm = sm->next) {
return buffer;
}
-static bool DetectHttpProtocolValidateCallback(const Signature *s, const char **sigerror)
+static bool DetectHttpProtocolValidateCallback(
+ const Signature *s, const char **sigerror, const DetectBufferType *dbt)
{
#ifdef HAVE_HTP_CONFIG_SET_ALLOW_SPACE_URI
for (uint32_t x = 0; x < s->init_data->buffer_index; x++) {
- if (s->init_data->buffers[x].id != (uint32_t)g_buffer_id)
+ if (s->init_data->buffers[x].id != (uint32_t)dbt->id)
continue;
const SigMatch *sm = s->init_data->buffers[x].head;
for (; sm != NULL; sm = sm->next) {
#ifdef UNITTESTS
static void DetectHttpRawHeaderRegisterTests(void);
#endif
-static bool DetectHttpRawHeaderValidateCallback(const Signature *s, const char **sigerror);
+static bool DetectHttpRawHeaderValidateCallback(
+ const Signature *s, const char **sigerror, const DetectBufferType *dbt);
static int g_http_raw_header_buffer_id = 0;
static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx,
const DetectEngineTransforms *transforms, Flow *_f,
return 0;
}
-static bool DetectHttpRawHeaderValidateCallback(const Signature *s, const char **sigerror)
+static bool DetectHttpRawHeaderValidateCallback(
+ const Signature *s, const char **sigerror, const DetectBufferType *dbt)
{
if ((s->flags & (SIG_FLAG_TOCLIENT|SIG_FLAG_TOSERVER)) == (SIG_FLAG_TOCLIENT|SIG_FLAG_TOSERVER)) {
*sigerror = "http_raw_header signature "
#ifdef UNITTESTS
static void DetectHttpUriRegisterTests(void);
#endif
-static void DetectHttpUriSetupCallback(const DetectEngineCtx *de_ctx,
- Signature *s);
-static bool DetectHttpUriValidateCallback(const Signature *s, const char **sigerror);
+static void DetectHttpUriSetupCallback(const DetectEngineCtx *de_ctx, Signature *s);
static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx,
const DetectEngineTransforms *transforms,
Flow *_f, const uint8_t _flow_flags,
const int list_id);
static int DetectHttpUriSetupSticky(DetectEngineCtx *de_ctx, Signature *s, const char *str);
static int DetectHttpRawUriSetup(DetectEngineCtx *, Signature *, const char *);
-static void DetectHttpRawUriSetupCallback(const DetectEngineCtx *de_ctx,
- Signature *s);
-static bool DetectHttpRawUriValidateCallback(const Signature *s, const char **);
+static void DetectHttpRawUriSetupCallback(const DetectEngineCtx *de_ctx, Signature *s);
static InspectionBuffer *GetRawData(DetectEngineThreadCtx *det_ctx,
const DetectEngineTransforms *transforms,
Flow *_f, const uint8_t _flow_flags,
DetectBufferTypeRegisterSetupCallback("http_uri",
DetectHttpUriSetupCallback);
- DetectBufferTypeRegisterValidateCallback("http_uri",
- DetectHttpUriValidateCallback);
+ DetectBufferTypeRegisterValidateCallback("http_uri", DetectUrilenValidateContent);
g_http_uri_buffer_id = DetectBufferTypeGetByName("http_uri");
DetectBufferTypeRegisterSetupCallback("http_raw_uri",
DetectHttpRawUriSetupCallback);
- DetectBufferTypeRegisterValidateCallback("http_raw_uri",
- DetectHttpRawUriValidateCallback);
+ DetectBufferTypeRegisterValidateCallback("http_raw_uri", DetectUrilenValidateContent);
g_http_raw_uri_buffer_id = DetectBufferTypeGetByName("http_raw_uri");
}
de_ctx, s, str, DETECT_HTTP_URI_CM, g_http_uri_buffer_id, ALPROTO_HTTP1);
}
-static bool DetectHttpUriValidateCallback(const Signature *s, const char **sigerror)
-{
- return DetectUrilenValidateContent(s, g_http_uri_buffer_id, sigerror);
-}
-
static void DetectHttpUriSetupCallback(const DetectEngineCtx *de_ctx,
Signature *s)
{
de_ctx, s, arg, DETECT_HTTP_RAW_URI, g_http_raw_uri_buffer_id, ALPROTO_HTTP1);
}
-static bool DetectHttpRawUriValidateCallback(const Signature *s, const char **sigerror)
-{
- return DetectUrilenValidateContent(s, g_http_raw_uri_buffer_id, sigerror);
-}
-
static void DetectHttpRawUriSetupCallback(const DetectEngineCtx *de_ctx,
Signature *s)
{
SCReturnPtr(buffer, "InspectionBuffer");
}
-static bool DetectQuicHashValidateCallback(const Signature *s, const char **sigerror)
+static bool DetectQuicHashValidateCallback(
+ const Signature *s, const char **sigerror, const DetectBufferType *dbt)
{
for (uint32_t x = 0; x < s->init_data->buffer_index; x++) {
- if (s->init_data->buffers[x].id != (uint32_t)g_buffer_id)
+ if (s->init_data->buffers[x].id != (uint32_t)dbt->id)
continue;
const SigMatch *sm = s->init_data->buffers[x].head;
for (; sm != NULL; sm = sm->next) {
return 0;
}
-static bool DetectSipMethodValidateCallback(const Signature *s, const char **sigerror)
+static bool DetectSipMethodValidateCallback(
+ const Signature *s, const char **sigerror, const DetectBufferType *dbt)
{
for (uint32_t x = 0; x < s->init_data->buffer_index; x++) {
- if (s->init_data->buffers[x].id != (uint32_t)g_buffer_id)
+ if (s->init_data->buffers[x].id != (uint32_t)dbt->id)
continue;
const SigMatch *sm = s->init_data->buffers[x].head;
for (; sm != NULL; sm = sm->next) {
#define BUFFER_DESC "sip request uri"
static int g_buffer_id = 0;
-static bool DetectSipUriValidateCallback(const Signature *s, const char **sigerror)
-{
- return DetectUrilenValidateContent(s, g_buffer_id, sigerror);
-}
-
static void DetectSipUriSetupCallback(const DetectEngineCtx *de_ctx,
Signature *s)
{
DetectBufferTypeRegisterSetupCallback(BUFFER_NAME,
DetectSipUriSetupCallback);
- DetectBufferTypeRegisterValidateCallback(BUFFER_NAME,
- DetectSipUriValidateCallback);
+ DetectBufferTypeRegisterValidateCallback(BUFFER_NAME, DetectUrilenValidateContent);
g_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME);
}
-static bool DetectSshHasshServerHashValidateCallback(const Signature *s, const char **sigerror)
+static bool DetectSshHasshServerHashValidateCallback(
+ const Signature *s, const char **sigerror, const DetectBufferType *dbt)
{
for (uint32_t x = 0; x < s->init_data->buffer_index; x++) {
- if (s->init_data->buffers[x].id != (uint32_t)g_ssh_hassh_buffer_id)
+ if (s->init_data->buffers[x].id != (uint32_t)dbt->id)
continue;
const SigMatch *sm = s->init_data->buffers[x].head;
for (; sm != NULL; sm = sm->next) {
}
-
-static bool DetectSshHasshHashValidateCallback(const Signature *s,
- const char **sigerror)
+static bool DetectSshHasshHashValidateCallback(
+ const Signature *s, const char **sigerror, const DetectBufferType *dbt)
{
for (uint32_t x = 0; x < s->init_data->buffer_index; x++) {
- if (s->init_data->buffers[x].id != (uint32_t)g_ssh_hassh_buffer_id)
+ if (s->init_data->buffers[x].id != (uint32_t)dbt->id)
continue;
const SigMatch *sm = s->init_data->buffers[x].head;
for (; sm != NULL; sm = sm->next) {
void *txv, const int list_id);
static void DetectTlsFingerprintSetupCallback(const DetectEngineCtx *de_ctx,
Signature *s);
-static bool DetectTlsFingerprintValidateCallback(const Signature *s,
- const char **sigerror);
+static bool DetectTlsFingerprintValidateCallback(
+ const Signature *s, const char **sigerror, const DetectBufferType *dbt);
static int g_tls_cert_fingerprint_buffer_id = 0;
/**
return buffer;
}
-static bool DetectTlsFingerprintValidateCallback(const Signature *s,
- const char **sigerror)
+static bool DetectTlsFingerprintValidateCallback(
+ const Signature *s, const char **sigerror, const DetectBufferType *dbt)
{
for (uint32_t x = 0; x < s->init_data->buffer_index; x++) {
- if (s->init_data->buffers[x].id != (uint32_t)g_tls_cert_fingerprint_buffer_id)
+ if (s->init_data->buffers[x].id != (uint32_t)dbt->id)
continue;
const SigMatch *sm = s->init_data->buffers[x].head;
for (; sm != NULL; sm = sm->next) {
void *txv, const int list_id);
static void DetectTlsSerialSetupCallback(const DetectEngineCtx *de_ctx,
Signature *s);
-static bool DetectTlsSerialValidateCallback(const Signature *s,
- const char **sigerror);
+static bool DetectTlsSerialValidateCallback(
+ const Signature *s, const char **sigerror, const DetectBufferType *dbt);
static int g_tls_cert_serial_buffer_id = 0;
/**
return buffer;
}
-static bool DetectTlsSerialValidateCallback(const Signature *s,
- const char **sigerror)
+static bool DetectTlsSerialValidateCallback(
+ const Signature *s, const char **sigerror, const DetectBufferType *dbt)
{
for (uint32_t x = 0; x < s->init_data->buffer_index; x++) {
- if (s->init_data->buffers[x].id != (uint32_t)g_tls_cert_serial_buffer_id)
+ if (s->init_data->buffers[x].id != (uint32_t)dbt->id)
continue;
const SigMatch *sm = s->init_data->buffers[x].head;
for (; sm != NULL; sm = sm->next) {
void *txv, const int list_id);
static void DetectTlsJa3HashSetupCallback(const DetectEngineCtx *de_ctx,
Signature *s);
-static bool DetectTlsJa3HashValidateCallback(const Signature *s,
- const char **sigerror);
+static bool DetectTlsJa3HashValidateCallback(
+ const Signature *s, const char **sigerror, const DetectBufferType *dbt);
static int g_tls_ja3_hash_buffer_id = 0;
#endif
return buffer;
}
-static bool DetectTlsJa3HashValidateCallback(const Signature *s,
- const char **sigerror)
+static bool DetectTlsJa3HashValidateCallback(
+ const Signature *s, const char **sigerror, const DetectBufferType *dbt)
{
for (uint32_t x = 0; x < s->init_data->buffer_index; x++) {
- if (s->init_data->buffers[x].id != (uint32_t)g_tls_ja3_hash_buffer_id)
+ if (s->init_data->buffers[x].id != (uint32_t)dbt->id)
continue;
const SigMatch *sm = s->init_data->buffers[x].head;
for (; sm != NULL; sm = sm->next) {
void *txv, const int list_id);
static void DetectTlsJa3SHashSetupCallback(const DetectEngineCtx *de_ctx,
Signature *s);
-static bool DetectTlsJa3SHashValidateCallback(const Signature *s,
- const char **sigerror);
+static bool DetectTlsJa3SHashValidateCallback(
+ const Signature *s, const char **sigerror, const DetectBufferType *dbt);
static int g_tls_ja3s_hash_buffer_id = 0;
#endif
return buffer;
}
-static bool DetectTlsJa3SHashValidateCallback(const Signature *s,
- const char **sigerror)
+static bool DetectTlsJa3SHashValidateCallback(
+ const Signature *s, const char **sigerror, const DetectBufferType *dbt)
{
for (uint32_t x = 0; x < s->init_data->buffer_index; x++) {
- if (s->init_data->buffers[x].id != (uint32_t)g_tls_ja3s_hash_buffer_id)
+ if (s->init_data->buffers[x].id != (uint32_t)dbt->id)
continue;
const SigMatch *sm = s->init_data->buffers[x].head;
for (; sm != NULL; sm = sm->next) {
}
}
-bool DetectUrilenValidateContent(const Signature *s, int list, const char **sigerror)
+bool DetectUrilenValidateContent(
+ const Signature *s, const char **sigerror, const DetectBufferType *dbt)
{
for (uint32_t x = 0; x < s->init_data->buffer_index; x++) {
- if (s->init_data->buffers[x].id != (uint32_t)list)
+ if (s->init_data->buffers[x].id != (uint32_t)dbt->id)
continue;
for (const SigMatch *sm = s->init_data->buffers[x].head; sm != NULL; sm = sm->next) {
if (sm->type != DETECT_CONTENT) {
#ifndef _DETECT_URILEN_H
#define _DETECT_URILEN_H
-bool DetectUrilenValidateContent(const Signature *s, int list, const char **);
+bool DetectUrilenValidateContent(const Signature *s, const char **, const DetectBufferType *dbt);
void DetectUrilenApplyToContent(Signature *s, int list);
void DetectUrilenRegister(void);
bool supports_transforms;
bool multi_instance; /**< buffer supports multiple buffer instances per tx */
void (*SetupCallback)(const struct DetectEngineCtx_ *, struct Signature_ *);
- bool (*ValidateCallback)(const struct Signature_ *, const char **sigerror);
+ bool (*ValidateCallback)(
+ const struct Signature_ *, const char **sigerror, const struct DetectBufferType_ *);
DetectEngineTransforms transforms;
} DetectBufferType;
projects / thirdparty / suricata.git / commitdiff
