) -> *mut c_void;
// in detect-engine-helper.h
pub fn DetectHelperMultiBufferMpmRegister(
- name: *const libc::c_char, desc: *const libc::c_char, alproto: AppProto, toclient: bool,
- toserver: bool,
+ name: *const libc::c_char, desc: *const libc::c_char, alproto: AppProto, dir: u8,
get_multi_data: unsafe extern "C" fn(
*mut DetectEngineThreadCtx,
*const c_void,
) -> bool,
) -> c_int;
pub fn DetectHelperMultiBufferProgressMpmRegister(
- name: *const libc::c_char, desc: *const libc::c_char, alproto: AppProto, toclient: bool,
- toserver: bool,
+ name: *const libc::c_char, desc: *const libc::c_char, alproto: AppProto, dir: u8,
get_multi_data: unsafe extern "C" fn(
*mut DetectEngineThreadCtx,
*const c_void,
*/
use super::dns::{DNSRcode, DNSRecordType, DNSTransaction, ALPROTO_DNS};
-use crate::core::DetectEngineThreadCtx;
+use crate::core::{DetectEngineThreadCtx, STREAM_TOCLIENT, STREAM_TOSERVER};
use crate::detect::uint::{
detect_match_uint, detect_parse_uint_enum, DetectUintData, SCDetectU16Free, SCDetectU8Free,
SCDetectU8Parse,
b"dns.answer.name\0".as_ptr() as *const libc::c_char,
b"dns answer name\0".as_ptr() as *const libc::c_char,
ALPROTO_DNS,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
/* Register also in the TO_SERVER direction, even though this is not
normal, it could be provided as part of a request. */
- true,
dns_tx_get_answer_name,
1, // response complete
);
b"dns.query.name\0".as_ptr() as *const libc::c_char,
b"dns query name\0".as_ptr() as *const libc::c_char,
ALPROTO_DNS,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
/* Register in both directions as the query is usually echoed back
in the response. */
- true,
dns_tx_get_query_name,
1, // request or response complete
);
b"dns_query\0".as_ptr() as *const libc::c_char,
b"dns request query\0".as_ptr() as *const libc::c_char,
ALPROTO_DNS,
- false, // only toserver
- true,
+ STREAM_TOSERVER,
dns_tx_get_query, // reuse, will be called only toserver
1, // request complete
);
*/
use super::ldap::{LdapTransaction, ALPROTO_LDAP};
-use crate::core::DetectEngineThreadCtx;
+use crate::core::{DetectEngineThreadCtx, STREAM_TOCLIENT, STREAM_TOSERVER};
use crate::detect::uint::{
detect_match_uint, detect_parse_uint_enum, DetectUintData, SCDetectU32Free, SCDetectU32Parse,
SCDetectU8Free,
b"ldap.responses.dn\0".as_ptr() as *const libc::c_char,
b"LDAP RESPONSES DISTINGUISHED_NAME\0".as_ptr() as *const libc::c_char,
ALPROTO_LDAP,
- true, //to client
- false, //to server
+ STREAM_TOCLIENT,
ldap_tx_get_responses_dn,
);
let kw = SCSigTableAppLiteElmt {
b"ldap.responses.message\0".as_ptr() as *const libc::c_char,
b"LDAP RESPONSES DISTINGUISHED_NAME\0".as_ptr() as *const libc::c_char,
ALPROTO_LDAP,
- true, //to client
- false, //to server
+ STREAM_TOCLIENT,
ldap_tx_get_responses_msg,
);
let kw = SigTableElmtStickyBuffer {
b"ldap.request.attribute_type\0".as_ptr() as *const libc::c_char,
b"LDAP REQUEST ATTRIBUTE TYPE\0".as_ptr() as *const libc::c_char,
ALPROTO_LDAP,
- false, //to client
- true, //to server
+ STREAM_TOSERVER,
ldap_tx_get_req_attribute_type,
);
let kw = SigTableElmtStickyBuffer {
b"ldap.responses.attribute_type\0".as_ptr() as *const libc::c_char,
b"LDAP RESPONSES ATTRIBUTE TYPE\0".as_ptr() as *const libc::c_char,
ALPROTO_LDAP,
- true, //to client
- false, //to server
+ STREAM_TOCLIENT,
ldap_tx_get_resp_attribute_type,
);
}
// written by Sascha Steinbiss <sascha@steinbiss.name>
-use crate::core::DetectEngineThreadCtx;
+use crate::core::{DetectEngineThreadCtx, STREAM_TOSERVER};
use crate::detect::uint::{
detect_match_uint, detect_parse_uint, detect_parse_uint_enum, DetectUintData, DetectUintMode,
SCDetectU8Free, SCDetectU8Parse,
keyword_name,
b"unsubscribe topic query\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
- false, // only to server
- true,
+ STREAM_TOSERVER,
unsub_topic_get_data,
);
keyword_name,
b"subscribe topic query\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
- false, // only to server
- true,
+ STREAM_TOSERVER,
sub_topic_get_data,
);
// written by Giuseppe Longo <giuseppe@glongo.it>
-use crate::core::DetectEngineThreadCtx;
+use crate::core::{DetectEngineThreadCtx, STREAM_TOCLIENT, STREAM_TOSERVER};
use crate::detect::{
helper_keyword_register_sticky_buffer, DetectBufferSetActiveList,
DetectHelperBufferMpmRegister, DetectHelperGetData, DetectHelperMultiBufferMpmRegister,
b"sdp.bandwidth\0".as_ptr() as *const libc::c_char,
b"sdp.bandwidth\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
- true,
- true,
+STREAM_TOSERVER | STREAM_TOCLIENT,
sip_bandwidth_get_data,
);
let kw = SigTableElmtStickyBuffer {
b"sdp.time\0".as_ptr() as *const libc::c_char,
b"sdp.time\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
- true,
- true,
+STREAM_TOSERVER | STREAM_TOCLIENT,
sdp_time_get_data,
);
let kw = SigTableElmtStickyBuffer {
b"sdp.repeat_time\0".as_ptr() as *const libc::c_char,
b"sdp.repeat_time\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
- true,
- true,
+STREAM_TOSERVER | STREAM_TOCLIENT,
sdp_repeat_time_get_data,
);
let kw = SigTableElmtStickyBuffer {
b"sdp.attribute\0".as_ptr() as *const libc::c_char,
b"sdp.attribute\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
- true,
- true,
+STREAM_TOSERVER | STREAM_TOCLIENT,
sip_attribute_get_data,
);
let kw = SigTableElmtStickyBuffer {
b"sdp.media.media\0".as_ptr() as *const libc::c_char,
b"sdp.media.media\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
- true,
- true,
+STREAM_TOSERVER | STREAM_TOCLIENT,
sip_media_desc_media_get_data,
);
let kw = SigTableElmtStickyBuffer {
b"sdp.media.media_info\0".as_ptr() as *const libc::c_char,
b"sdp.media.media_info\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
- true,
- true,
+STREAM_TOSERVER | STREAM_TOCLIENT,
sip_media_desc_session_info_get_data,
);
let kw = SigTableElmtStickyBuffer {
b"sdp.media.connection_data\0".as_ptr() as *const libc::c_char,
b"sdp.media.connection_data\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
- true,
- true,
+STREAM_TOSERVER | STREAM_TOCLIENT,
sip_media_desc_connection_data_get_data,
);
let kw = SigTableElmtStickyBuffer {
b"sdp.media.encryption_key\0".as_ptr() as *const libc::c_char,
b"sdp.media.encryption_key\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
- true,
- true,
+STREAM_TOSERVER | STREAM_TOCLIENT,
sip_media_desc_encryption_key_get_data,
);
}
// written by Giuseppe Longo <giuseppe@glongo.it>
-use crate::core::DetectEngineThreadCtx;
+use crate::core::{DetectEngineThreadCtx, STREAM_TOCLIENT, STREAM_TOSERVER};
use crate::detect::{
helper_keyword_register_sticky_buffer, DetectBufferSetActiveList,
DetectHelperBufferMpmRegister, DetectHelperGetData, DetectHelperMultiBufferMpmRegister,
b"sip.from\0".as_ptr() as *const libc::c_char,
b"sip.from\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
sip_from_hdr_get_data,
);
let kw = SigTableElmtStickyBuffer {
b"sip.to\0".as_ptr() as *const libc::c_char,
b"sip.to\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
sip_to_hdr_get_data,
);
let kw = SigTableElmtStickyBuffer {
b"sip.via\0".as_ptr() as *const libc::c_char,
b"sip.via\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
sip_via_hdr_get_data,
);
let kw = SigTableElmtStickyBuffer {
b"sip.ua\0".as_ptr() as *const libc::c_char,
b"sip.ua\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
sip_ua_hdr_get_data,
);
let kw = SigTableElmtStickyBuffer {
b"sip.content_type\0".as_ptr() as *const libc::c_char,
b"sip.content_type\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
sip_content_type_hdr_get_data,
);
let kw = SigTableElmtStickyBuffer {
b"sip.content_length\0".as_ptr() as *const libc::c_char,
b"sip.content_length\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
sip_content_length_hdr_get_data,
);
}
kw.Setup = (int (*)(void *, void *, const char *))DetectMimeEmailUrlSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
DetectHelperKeywordRegister(&kw);
- g_mime_email_url_buffer_id =
- DetectHelperMultiBufferMpmRegister("email.url", "MIME EMAIL URL", ALPROTO_SMTP, false,
- true, // to server
- GetMimeEmailUrlData);
+ g_mime_email_url_buffer_id = DetectHelperMultiBufferMpmRegister(
+ "email.url", "MIME EMAIL URL", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailUrlData);
kw.name = "email.received";
kw.desc = "'Received' field from an email";
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
DetectHelperKeywordRegister(&kw);
g_mime_email_received_buffer_id = DetectHelperMultiBufferMpmRegister("email.received",
- "MIME EMAIL RECEIVED", ALPROTO_SMTP, false,
- true, // to server
- GetMimeEmailReceivedData);
+ "MIME EMAIL RECEIVED", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailReceivedData);
}
}
int DetectHelperMultiBufferProgressMpmRegister(const char *name, const char *desc, AppProto alproto,
- bool toclient, bool toserver, InspectionMultiBufferGetDataPtr GetData, int progress)
+ uint8_t direction, InspectionMultiBufferGetDataPtr GetData, int progress)
{
- if (toserver) {
+ if (direction & STREAM_TOSERVER) {
DetectAppLayerMultiRegister(name, alproto, SIG_FLAG_TOSERVER, progress, GetData, 2);
}
- if (toclient) {
+ if (direction & STREAM_TOCLIENT) {
DetectAppLayerMultiRegister(name, alproto, SIG_FLAG_TOCLIENT, progress, GetData, 2);
}
DetectBufferTypeSupportsMultiInstance(name);
}
int DetectHelperMultiBufferMpmRegister(const char *name, const char *desc, AppProto alproto,
- bool toclient, bool toserver, InspectionMultiBufferGetDataPtr GetData)
+ uint8_t direction, InspectionMultiBufferGetDataPtr GetData)
{
- return DetectHelperMultiBufferProgressMpmRegister(
- name, desc, alproto, toclient, toserver, GetData, 0);
+ return DetectHelperMultiBufferProgressMpmRegister(name, desc, alproto, direction, GetData, 0);
}
int SCDetectHelperNewKeywordId(void)
int DetectHelperBufferMpmRegister(const char *name, const char *desc, AppProto alproto,
bool toclient, bool toserver, InspectionBufferGetDataPtr GetData);
int DetectHelperMultiBufferMpmRegister(const char *name, const char *desc, AppProto alproto,
- bool toclient, bool toserver, InspectionMultiBufferGetDataPtr GetData);
+ uint8_t direction, InspectionMultiBufferGetDataPtr GetData);
int DetectHelperMultiBufferProgressMpmRegister(const char *name, const char *desc, AppProto alproto,
- bool toclient, bool toserver, InspectionMultiBufferGetDataPtr GetData, int progress);
+ uint8_t direction, InspectionMultiBufferGetDataPtr GetData, int progress);
int DetectHelperTransformRegister(const SCTransformTableElmt *kw);
const uint8_t *InspectionBufferPtr(InspectionBuffer *buf);
kw.Setup = (int (*)(void *, void *, const char *))DetectSmtpRcptToSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
DetectHelperKeywordRegister(&kw);
- g_smtp_rcpt_to_buffer_id =
- DetectHelperMultiBufferMpmRegister("smtp.rcpt_to", "SMTP RCPT TO", ALPROTO_SMTP, false,
- true, // to server
- GetSmtpRcptToData);
+ g_smtp_rcpt_to_buffer_id = DetectHelperMultiBufferMpmRegister(
+ "smtp.rcpt_to", "SMTP RCPT TO", ALPROTO_SMTP, STREAM_TOSERVER, GetSmtpRcptToData);
}
projects / thirdparty / suricata.git / commitdiff
