}
}
+const char *DetectListToHumanString(int list)
+{
+#define CASE_CODE_STRING(E, S) case E: return S; break
+ switch (list) {
+ CASE_CODE_STRING(DETECT_SM_LIST_MATCH, "packet");
+ CASE_CODE_STRING(DETECT_SM_LIST_PMATCH, "payload");
+ CASE_CODE_STRING(DETECT_SM_LIST_UMATCH, "http_uri");
+ CASE_CODE_STRING(DETECT_SM_LIST_HRUDMATCH, "http_raw_uri");
+ CASE_CODE_STRING(DETECT_SM_LIST_HCBDMATCH, "http_client_body");
+ CASE_CODE_STRING(DETECT_SM_LIST_FILEDATA, "file_data");
+ CASE_CODE_STRING(DETECT_SM_LIST_HHDMATCH, "http_header");
+ CASE_CODE_STRING(DETECT_SM_LIST_HRHDMATCH, "http_raw_header");
+ CASE_CODE_STRING(DETECT_SM_LIST_HSMDMATCH, "http_stat_msg");
+ CASE_CODE_STRING(DETECT_SM_LIST_HSCDMATCH, "http_stat_code");
+ CASE_CODE_STRING(DETECT_SM_LIST_HHHDMATCH, "http_host");
+ CASE_CODE_STRING(DETECT_SM_LIST_HRHHDMATCH, "http_raw_host");
+ CASE_CODE_STRING(DETECT_SM_LIST_HMDMATCH, "http_method");
+ CASE_CODE_STRING(DETECT_SM_LIST_HCDMATCH, "http_cookie");
+ CASE_CODE_STRING(DETECT_SM_LIST_HUADMATCH, "http_user_agent");
+ CASE_CODE_STRING(DETECT_SM_LIST_HRLMATCH, "http_request_line");
+ CASE_CODE_STRING(DETECT_SM_LIST_APP_EVENT, "app-layer-event");
+ CASE_CODE_STRING(DETECT_SM_LIST_AMATCH, "app-layer");
+ CASE_CODE_STRING(DETECT_SM_LIST_DMATCH, "dcerpc");
+ CASE_CODE_STRING(DETECT_SM_LIST_TMATCH, "tag");
+ CASE_CODE_STRING(DETECT_SM_LIST_FILEMATCH, "file");
+ CASE_CODE_STRING(DETECT_SM_LIST_DNSREQUEST_MATCH, "dns_request");
+ CASE_CODE_STRING(DETECT_SM_LIST_DNSRESPONSE_MATCH, "dns_response");
+ CASE_CODE_STRING(DETECT_SM_LIST_DNSQUERYNAME_MATCH, "dns_query");
+ CASE_CODE_STRING(DETECT_SM_LIST_MODBUS_MATCH, "modbus");
+ CASE_CODE_STRING(DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH, "template");
+ CASE_CODE_STRING(DETECT_SM_LIST_POSTMATCH, "postmatch");
+ CASE_CODE_STRING(DETECT_SM_LIST_SUPPRESS, "suppress");
+ CASE_CODE_STRING(DETECT_SM_LIST_THRESHOLD, "threshold");
+ CASE_CODE_STRING(DETECT_SM_LIST_MAX, "max (internal)");
+ CASE_CODE_STRING(DETECT_SM_LIST_NOTSET, "not set (internal)");
+ }
+#undef CASE_CODE_STRING
+ return "unknown";
+}
+
+#define CASE_CODE(E) case E: return #E
+const char *DetectListToString(int list)
+{
+ switch (list) {
+ CASE_CODE(DETECT_SM_LIST_MATCH);
+ CASE_CODE(DETECT_SM_LIST_PMATCH);
+ CASE_CODE(DETECT_SM_LIST_UMATCH);
+ CASE_CODE(DETECT_SM_LIST_HRUDMATCH);
+ CASE_CODE(DETECT_SM_LIST_HCBDMATCH);
+ CASE_CODE(DETECT_SM_LIST_FILEDATA);
+ CASE_CODE(DETECT_SM_LIST_HHDMATCH);
+ CASE_CODE(DETECT_SM_LIST_HRHDMATCH);
+ CASE_CODE(DETECT_SM_LIST_HSMDMATCH);
+ CASE_CODE(DETECT_SM_LIST_HSCDMATCH);
+ CASE_CODE(DETECT_SM_LIST_HHHDMATCH);
+ CASE_CODE(DETECT_SM_LIST_HRHHDMATCH);
+ CASE_CODE(DETECT_SM_LIST_HMDMATCH);
+ CASE_CODE(DETECT_SM_LIST_HCDMATCH);
+ CASE_CODE(DETECT_SM_LIST_HUADMATCH);
+ CASE_CODE(DETECT_SM_LIST_HRLMATCH);
+ CASE_CODE(DETECT_SM_LIST_APP_EVENT);
+ CASE_CODE(DETECT_SM_LIST_AMATCH);
+ CASE_CODE(DETECT_SM_LIST_DMATCH);
+ CASE_CODE(DETECT_SM_LIST_TMATCH);
+ CASE_CODE(DETECT_SM_LIST_FILEMATCH);
+ CASE_CODE(DETECT_SM_LIST_DNSREQUEST_MATCH);
+ CASE_CODE(DETECT_SM_LIST_DNSRESPONSE_MATCH);
+ CASE_CODE(DETECT_SM_LIST_DNSQUERYNAME_MATCH);
+ CASE_CODE(DETECT_SM_LIST_MODBUS_MATCH);
+ CASE_CODE(DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH);
+ CASE_CODE(DETECT_SM_LIST_POSTMATCH);
+ CASE_CODE(DETECT_SM_LIST_SUPPRESS);
+ CASE_CODE(DETECT_SM_LIST_THRESHOLD);
+ CASE_CODE(DETECT_SM_LIST_MAX);
+ CASE_CODE(DETECT_SM_LIST_NOTSET);
+ }
+ return "unknown";
+}
+
/** \brief Pure-PCRE or bytetest rule */
int RuleInspectsPayloadHasNoMpm(const Signature *s)
{
projects / thirdparty / suricata.git / commitdiff
