#endif
static int g_dce_generic_list_id = 0;
-static uint8_t InspectDceGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
- uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
-
/**
* \brief Registers the keyword handlers for the "dce_iface" keyword.
*/
g_dce_generic_list_id = DetectBufferTypeRegister("dce_generic");
+ DetectAppLayerInspectEngineRegister2("dce_generic", ALPROTO_DCERPC, SIG_FLAG_TOSERVER, 0,
+ DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2(
- "dce_generic", ALPROTO_DCERPC, SIG_FLAG_TOSERVER, 0, InspectDceGeneric, NULL);
- DetectAppLayerInspectEngineRegister2(
- "dce_generic", ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, InspectDceGeneric, NULL);
+ "dce_generic", ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL);
+ DetectAppLayerInspectEngineRegister2("dce_generic", ALPROTO_DCERPC, SIG_FLAG_TOCLIENT, 0,
+ DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2(
- "dce_generic", ALPROTO_DCERPC, SIG_FLAG_TOCLIENT, 0, InspectDceGeneric, NULL);
- DetectAppLayerInspectEngineRegister2(
- "dce_generic", ALPROTO_SMB, SIG_FLAG_TOCLIENT, 0, InspectDceGeneric, NULL);
-}
-
-static uint8_t InspectDceGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
- uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
+ "dce_generic", ALPROTO_SMB, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL);
}
/**
return buffer;
}
-static uint8_t DetectEngineInspectDNP3(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
- uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
-}
-
/**
* \brief Parse the provided function name or code to its integer
* value.
/* Register the list of func, ind and obj. */
DetectAppLayerInspectEngineRegister2(
- "dnp3", ALPROTO_DNP3, SIG_FLAG_TOSERVER, 0, DetectEngineInspectDNP3, NULL);
+ "dnp3", ALPROTO_DNP3, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2(
- "dnp3", ALPROTO_DNP3, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectDNP3, NULL);
+ "dnp3", ALPROTO_DNP3, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL);
g_dnp3_match_buffer_id = DetectBufferTypeRegister("dnp3");
return rs_dns_opcode_match(txv, (void *)ctx, flags);
}
-static uint8_t DetectEngineInspectRequestGenericDnsOpcode(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
-}
-
void DetectDnsOpcodeRegister(void)
{
sigmatch_table[DETECT_AL_DNS_OPCODE].name = "dns.opcode";
sigmatch_table[DETECT_AL_DNS_OPCODE].AppLayerTxMatch =
DetectDnsOpcodeMatch;
- DetectAppLayerInspectEngineRegister2("dns.opcode", ALPROTO_DNS, SIG_FLAG_TOSERVER, 0,
- DetectEngineInspectRequestGenericDnsOpcode, NULL);
+ DetectAppLayerInspectEngineRegister2(
+ "dns.opcode", ALPROTO_DNS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL);
- DetectAppLayerInspectEngineRegister2("dns.opcode", ALPROTO_DNS, SIG_FLAG_TOCLIENT, 0,
- DetectEngineInspectRequestGenericDnsOpcode, NULL);
+ DetectAppLayerInspectEngineRegister2(
+ "dns.opcode", ALPROTO_DNS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL);
dns_opcode_list_id = DetectBufferTypeGetByName("dns.opcode");
}
pectx, PrefilterMpmDnsQueryFree, mpm_reg->pname);
}
-#ifdef HAVE_LUA
-static uint8_t DetectEngineInspectDnsRequest(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
-}
-
-static uint8_t DetectEngineInspectDnsResponse(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
-}
-#endif
-
/**
* \brief Registration function for keyword: dns_query
*/
#ifdef HAVE_LUA
/* register these generic engines from here for now */
DetectAppLayerInspectEngineRegister2(
- "dns_request", ALPROTO_DNS, SIG_FLAG_TOSERVER, 1, DetectEngineInspectDnsRequest, NULL);
+ "dns_request", ALPROTO_DNS, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2("dns_response", ALPROTO_DNS, SIG_FLAG_TOCLIENT, 1,
- DetectEngineInspectDnsResponse, NULL);
+ DetectEngineInspectGenericList, NULL);
DetectBufferTypeSetDescriptionByName("dns_request",
"dns requests");
* \retval 0 no match
* \retval 1 match
*/
-uint8_t DetectEngineInspectGenericList(const DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Flow *f,
- const uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
+uint8_t DetectEngineInspectGenericList(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
+ uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
+ SigMatchData *smd = engine->smd;
SCLogDebug("running match functions, sm %p", smd);
if (smd != NULL) {
while (1) {
int DetectEngineTentantRegisterPcapFile(uint32_t tenant_id);
int DetectEngineTentantUnregisterPcapFile(uint32_t tenant_id);
-uint8_t DetectEngineInspectGenericList(const DetectEngineCtx *, DetectEngineThreadCtx *,
- const Signature *, const SigMatchData *, Flow *, const uint8_t, void *, void *, uint64_t);
+uint8_t DetectEngineInspectGenericList(DetectEngineCtx *, DetectEngineThreadCtx *,
+ const struct DetectEngineAppInspectionEngine_ *, const Signature *, Flow *, uint8_t, void *,
+ void *, uint64_t);
uint8_t DetectEngineInspectBufferGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,
#endif
static int g_ftp_request_list_id = 0;
-static uint8_t InspectFtpRequest(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
- uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
-
/**
* \brief Registration function for ftpbounce: keyword
* \todo add support for no_stream and stream_only
g_ftp_request_list_id = DetectBufferTypeRegister("ftp_request");
DetectAppLayerInspectEngineRegister2(
- "ftp_request", ALPROTO_FTP, SIG_FLAG_TOSERVER, 0, InspectFtpRequest, NULL);
-}
-
-static uint8_t InspectFtpRequest(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
- uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
+ "ftp_request", ALPROTO_FTP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL);
}
/**
#ifdef UNITTESTS
static void DetectFtpdataRegisterTests (void);
#endif
-static uint8_t DetectEngineInspectFtpdataGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
static int g_ftpdata_buffer_id = 0;
/**
sigmatch_table[DETECT_FTPDATA].RegisterTests = DetectFtpdataRegisterTests;
#endif
DetectAppLayerInspectEngineRegister2("ftpdata_command", ALPROTO_FTPDATA, SIG_FLAG_TOSERVER, 0,
- DetectEngineInspectFtpdataGeneric, NULL);
+ DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2("ftpdata_command", ALPROTO_FTPDATA, SIG_FLAG_TOCLIENT, 0,
- DetectEngineInspectFtpdataGeneric, NULL);
+ DetectEngineInspectGenericList, NULL);
g_ftpdata_buffer_id = DetectBufferTypeGetByName("ftpdata_command");
/* set up the PCRE for keyword parsing */
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
-static uint8_t DetectEngineInspectFtpdataGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
-}
-
/**
* \brief This function is used to check matches from the FTP App Layer Parser
*
static int g_http2_header_name_buffer_id = 0;
static int g_http2_header_buffer_id = 0;
-static uint8_t DetectEngineInspectHTTP2(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
- uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
-}
/**
* \brief Registration function for HTTP2 keywords
g_http2_header_buffer_id = DetectBufferTypeGetByName("http2_header");
DetectAppLayerInspectEngineRegister2(
- "http2", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, 0, DetectEngineInspectHTTP2, NULL);
+ "http2", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2(
- "http2", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectHTTP2, NULL);
+ "http2", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL);
g_http2_match_buffer_id = DetectBufferTypeRegister("http2");
return;
static void DetectIkeChosenSaFree(DetectEngineCtx *, void *);
static int g_ike_chosen_sa_buffer_id = 0;
-static uint8_t DetectEngineInspectIkeChosenSaGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
-
static int DetectIkeChosenSaMatch(DetectEngineThreadCtx *, Flow *, uint8_t, void *, void *,
const Signature *, const SigMatchCtx *);
void IKEChosenSaRegisterTests(void);
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
DetectAppLayerInspectEngineRegister2("ike.chosen_sa_attribute", ALPROTO_IKE, SIG_FLAG_TOCLIENT,
- 1, DetectEngineInspectIkeChosenSaGeneric, NULL);
+ 1, DetectEngineInspectGenericList, NULL);
g_ike_chosen_sa_buffer_id = DetectBufferTypeGetByName("ike.chosen_sa_attribute");
}
-static uint8_t DetectEngineInspectIkeChosenSaGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
-}
-
/**
* \internal
* \brief Function to match SA attributes of a IKE state
static void DetectIkeExchTypeFree(DetectEngineCtx *, void *);
static int g_ike_exch_type_buffer_id = 0;
-static uint8_t DetectEngineInspectIkeExchTypeGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
-
static int DetectIkeExchTypeMatch(DetectEngineThreadCtx *, Flow *, uint8_t, void *, void *,
const Signature *, const SigMatchCtx *);
sigmatch_table[DETECT_AL_IKE_EXCH_TYPE].Free = DetectIkeExchTypeFree;
DetectAppLayerInspectEngineRegister2("ike.exchtype", ALPROTO_IKE, SIG_FLAG_TOSERVER, 1,
- DetectEngineInspectIkeExchTypeGeneric, NULL);
+ DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2("ike.exchtype", ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1,
- DetectEngineInspectIkeExchTypeGeneric, NULL);
+ DetectEngineInspectGenericList, NULL);
g_ike_exch_type_buffer_id = DetectBufferTypeGetByName("ike.exchtype");
}
-static uint8_t DetectEngineInspectIkeExchTypeGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
-}
-
/**
* \internal
* \brief Function to match exchange type of a IKE state
static void DetectIkeKeyExchangePayloadLengthFree(DetectEngineCtx *, void *);
static int g_ike_key_exch_payload_length_buffer_id = 0;
-static uint8_t DetectEngineInspectIkeKeyExchangePayloadLengthGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
-
static int DetectIkeKeyExchangePayloadLengthMatch(DetectEngineThreadCtx *, Flow *, uint8_t, void *,
void *, const Signature *, const SigMatchCtx *);
DetectIkeKeyExchangePayloadLengthFree;
DetectAppLayerInspectEngineRegister2("ike.key_exchange_payload_length", ALPROTO_IKE,
- SIG_FLAG_TOSERVER, 1, DetectEngineInspectIkeKeyExchangePayloadLengthGeneric, NULL);
+ SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2("ike.key_exchange_payload_length", ALPROTO_IKE,
- SIG_FLAG_TOCLIENT, 1, DetectEngineInspectIkeKeyExchangePayloadLengthGeneric, NULL);
+ SIG_FLAG_TOCLIENT, 1, DetectEngineInspectGenericList, NULL);
g_ike_key_exch_payload_length_buffer_id =
DetectBufferTypeGetByName("ike.key_exchange_payload_length");
}
-static uint8_t DetectEngineInspectIkeKeyExchangePayloadLengthGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
-}
-
/**
* \internal
* \brief Function to match key exchange payload length of a IKE state
static void DetectIkeNoncePayloadLengthFree(DetectEngineCtx *, void *);
static int g_ike_nonce_payload_length_buffer_id = 0;
-static uint8_t DetectEngineInspectIkeNoncePayloadLengthGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
-
static int DetectIkeNoncePayloadLengthMatch(DetectEngineThreadCtx *, Flow *, uint8_t, void *,
void *, const Signature *, const SigMatchCtx *);
sigmatch_table[DETECT_AL_IKE_NONCE_PAYLOAD_LENGTH].Free = DetectIkeNoncePayloadLengthFree;
DetectAppLayerInspectEngineRegister2("ike.nonce_payload_length", ALPROTO_IKE, SIG_FLAG_TOSERVER,
- 1, DetectEngineInspectIkeNoncePayloadLengthGeneric, NULL);
+ 1, DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2("ike.nonce_payload_length", ALPROTO_IKE, SIG_FLAG_TOCLIENT,
- 1, DetectEngineInspectIkeNoncePayloadLengthGeneric, NULL);
+ 1, DetectEngineInspectGenericList, NULL);
g_ike_nonce_payload_length_buffer_id = DetectBufferTypeGetByName("ike.nonce_payload_length");
}
-static uint8_t DetectEngineInspectIkeNoncePayloadLengthGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
-}
-
/**
* \internal
* \brief Function to match nonce length of a IKE state
static void DetectKrb5ErrCodeRegisterTests (void);
#endif
-static uint8_t DetectEngineInspectKRB5Generic(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
-
static int g_krb5_err_code_list_id = 0;
/**
#endif
DetectAppLayerInspectEngineRegister2("krb5_err_code", ALPROTO_KRB5, SIG_FLAG_TOSERVER, 0,
- DetectEngineInspectKRB5Generic, NULL);
+ DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2("krb5_err_code", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0,
- DetectEngineInspectKRB5Generic, NULL);
+ DetectEngineInspectGenericList, NULL);
/* set up the PCRE for keyword parsing */
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
SCLogDebug("g_krb5_err_code_list_id %d", g_krb5_err_code_list_id);
}
-static uint8_t DetectEngineInspectKRB5Generic(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
-}
-
/**
* \brief This function is used to match KRB5 rule option on a packet
*
static void DetectKrb5MsgTypeRegisterTests (void);
#endif
-static uint8_t DetectEngineInspectKRB5Generic(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
-
static int g_krb5_msg_type_list_id = 0;
/**
#endif
DetectAppLayerInspectEngineRegister2("krb5_msg_type", ALPROTO_KRB5, SIG_FLAG_TOSERVER, 0,
- DetectEngineInspectKRB5Generic, NULL);
+ DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2("krb5_msg_type", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0,
- DetectEngineInspectKRB5Generic, NULL);
+ DetectEngineInspectGenericList, NULL);
/* set up the PCRE for keyword parsing */
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
SCLogDebug("g_krb5_msg_type_list_id %d", g_krb5_msg_type_list_id);
}
-static uint8_t DetectEngineInspectKRB5Generic(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
-}
-
/**
* \brief This function is used to match KRB5 rule option on a packet
*
static void DetectLuaFree(DetectEngineCtx *, void *);
static int g_smtp_generic_list_id = 0;
-static uint8_t InspectSmtpGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
- uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
-
/**
* \brief Registration function for keyword: lua
*/
#endif
g_smtp_generic_list_id = DetectBufferTypeRegister("smtp_generic");
- DetectAppLayerInspectEngineRegister2(
- "smtp_generic", ALPROTO_SMTP, SIG_FLAG_TOSERVER, 0, InspectSmtpGeneric, NULL);
- DetectAppLayerInspectEngineRegister2(
- "smtp_generic", ALPROTO_SMTP, SIG_FLAG_TOCLIENT, 0, InspectSmtpGeneric, NULL);
+ DetectAppLayerInspectEngineRegister2("smtp_generic", ALPROTO_SMTP, SIG_FLAG_TOSERVER, 0,
+ DetectEngineInspectGenericList, NULL);
+ DetectAppLayerInspectEngineRegister2("smtp_generic", ALPROTO_SMTP, SIG_FLAG_TOCLIENT, 0,
+ DetectEngineInspectGenericList, NULL);
SCLogDebug("registering lua rule option");
return;
}
-static uint8_t InspectSmtpGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
- uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
-}
-
#define DATATYPE_PACKET BIT_U32(0)
#define DATATYPE_PAYLOAD BIT_U32(1)
#define DATATYPE_STREAM BIT_U32(2)
return rs_modbus_inspect(txv, (void *)ctx);
}
-/** \brief Do the content inspection & validation for a signature
- *
- * \param de_ctx Detection engine context
- * \param det_ctx Detection engine thread context
- * \param s Signature to inspect ( and sm: SigMatch to inspect)
- * \param f Flow
- * \param flags App layer flags
- * \param alstate App layer state
- * \param txv Pointer to Modbus Transaction structure
- *
- * \retval 0 no match or 1 match
- */
-static uint8_t DetectEngineInspectModbus(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
- uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
-}
-
/**
* \brief Registration function for Modbus keyword
*/
sigmatch_table[DETECT_AL_MODBUS].AppLayerTxMatch = DetectModbusMatch;
DetectAppLayerInspectEngineRegister2(
- "modbus", ALPROTO_MODBUS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectModbus, NULL);
+ "modbus", ALPROTO_MODBUS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL);
g_modbus_buffer_id = DetectBufferTypeGetByName("modbus");
}
void MQTTConnackSessionPresentRegisterTests(void);
void DetectMQTTConnackSessionPresentFree(DetectEngineCtx *de_ctx, void *);
-static uint8_t DetectEngineInspectMQTTConnackSessionPresentGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
-
/**
* \brief Registration function for mqtt.connack.session_present: keyword
*/
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
DetectAppLayerInspectEngineRegister2("mqtt.connack.session_present", ALPROTO_MQTT,
- SIG_FLAG_TOSERVER, 1, DetectEngineInspectMQTTConnackSessionPresentGeneric, NULL);
+ SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL);
mqtt_connack_session_present_id = DetectBufferTypeGetByName("mqtt.connack.session_present");
}
-static uint8_t DetectEngineInspectMQTTConnackSessionPresentGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
-}
-
/**
* \internal
* \brief Function to match session_present flag of an MQTT CONNACK message
void MQTTConnectFlagsRegisterTests(void);
void DetectMQTTConnectFlagsFree(DetectEngineCtx *de_ctx, void *);
-static uint8_t DetectEngineInspectMQTTConnectFlagsGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
-
typedef struct DetectMQTTConnectFlagsData_ {
MQTTFlagState username,
password,
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
DetectAppLayerInspectEngineRegister2("mqtt.connect.flags", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1,
- DetectEngineInspectMQTTConnectFlagsGeneric, NULL);
+ DetectEngineInspectGenericList, NULL);
mqtt_connect_flags_id = DetectBufferTypeGetByName("mqtt.connect.flags");
}
-static uint8_t DetectEngineInspectMQTTConnectFlagsGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
-}
-
/**
* \internal
* \brief Function to match variable header flags of an MQTT CONNECT Tx
void MQTTFlagsRegisterTests(void);
void DetectMQTTFlagsFree(DetectEngineCtx *de_ctx, void *);
-static uint8_t DetectEngineInspectMQTTFlagsGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
-
typedef struct DetectMQTTFlagsData_ {
MQTTFlagState retain, dup;
} DetectMQTTFlagsData;
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
- DetectAppLayerInspectEngineRegister2("mqtt.flags", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1,
- DetectEngineInspectMQTTFlagsGeneric, NULL);
+ DetectAppLayerInspectEngineRegister2(
+ "mqtt.flags", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL);
mqtt_flags_id = DetectBufferTypeGetByName("mqtt.flags");
}
-static uint8_t DetectEngineInspectMQTTFlagsGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
-}
-
/**
* \internal
* \brief Function to match fixed header flags of an MQTT Tx
void MQTTProtocolVersionRegisterTests(void);
void DetectMQTTProtocolVersionFree(DetectEngineCtx *de_ctx, void *);
-static uint8_t DetectEngineInspectMQTTProtocolVersionGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
-
/**
* \brief Registration function for mqtt.protocol_version: keyword
*/
#endif
DetectAppLayerInspectEngineRegister2("mqtt.protocol_version", ALPROTO_MQTT, SIG_FLAG_TOSERVER,
- 1, DetectEngineInspectMQTTProtocolVersionGeneric, NULL);
+ 1, DetectEngineInspectGenericList, NULL);
mqtt_protocol_version_id = DetectBufferTypeGetByName("mqtt.protocol_version");
}
-static uint8_t DetectEngineInspectMQTTProtocolVersionGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
-}
-
/**
* \internal
* \brief Function to match protocol version of an MQTT Tx
void MQTTQosRegisterTests(void);
void DetectMQTTQosFree(DetectEngineCtx *de_ctx, void *);
-static uint8_t DetectEngineInspectMQTTQosGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
-
/**
* \brief Registration function for mqtt.qos: keyword
*/
sigmatch_table[DETECT_AL_MQTT_QOS].RegisterTests = MQTTQosRegisterTests;
#endif
- DetectAppLayerInspectEngineRegister2("mqtt.qos", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1,
- DetectEngineInspectMQTTQosGeneric, NULL);
+ DetectAppLayerInspectEngineRegister2(
+ "mqtt.qos", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL);
mqtt_qos_id = DetectBufferTypeGetByName("mqtt.qos");
}
-static uint8_t DetectEngineInspectMQTTQosGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
-}
-
/**
* \internal
* \brief Function to match fixed header QOS field of an MQTT Tx
void MQTTReasonCodeRegisterTests(void);
void DetectMQTTReasonCodeFree(DetectEngineCtx *de_ctx, void *);
-static uint8_t DetectEngineInspectMQTTReasonCodeGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
-
/**
* \brief Registration function for mqtt.reason_code: keyword
*/
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
DetectAppLayerInspectEngineRegister2("mqtt.reason_code", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1,
- DetectEngineInspectMQTTReasonCodeGeneric, NULL);
+ DetectEngineInspectGenericList, NULL);
mqtt_reason_code_id = DetectBufferTypeGetByName("mqtt.reason_code");
}
-static uint8_t DetectEngineInspectMQTTReasonCodeGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
-}
-
/**
* \internal
* \brief Function to match reason code of an MQTT 5.0 Tx
void MQTTTypeRegisterTests(void);
void DetectMQTTTypeFree(DetectEngineCtx *de_ctx, void *);
-static uint8_t DetectEngineInspectMQTTTypeGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
-
/**
* \brief Registration function for ipopts: keyword
*/
sigmatch_table[DETECT_AL_MQTT_TYPE].RegisterTests = MQTTTypeRegisterTests;
#endif
- DetectAppLayerInspectEngineRegister2("mqtt.type", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1,
- DetectEngineInspectMQTTTypeGeneric, NULL);
+ DetectAppLayerInspectEngineRegister2(
+ "mqtt.type", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL);
mqtt_type_id = DetectBufferTypeGetByName("mqtt.type");
}
-static uint8_t DetectEngineInspectMQTTTypeGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
-}
-
/**
* \internal
* \brief Function to match control packet type of an MQTT Tx
#endif
static int g_nfs_request_buffer_id = 0;
-static uint8_t DetectEngineInspectNfsRequestGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
-
static int DetectNfsProcedureMatch (DetectEngineThreadCtx *, Flow *,
uint8_t, void *, void *, const Signature *,
const SigMatchCtx *);
sigmatch_table[DETECT_AL_NFS_PROCEDURE].RegisterTests = DetectNfsProcedureRegisterTests;
#endif
- DetectAppLayerInspectEngineRegister2("nfs_request", ALPROTO_NFS, SIG_FLAG_TOSERVER, 0,
- DetectEngineInspectNfsRequestGeneric, NULL);
+ DetectAppLayerInspectEngineRegister2(
+ "nfs_request", ALPROTO_NFS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL);
g_nfs_request_buffer_id = DetectBufferTypeGetByName("nfs_request");
SCLogDebug("g_nfs_request_buffer_id %d", g_nfs_request_buffer_id);
}
-static uint8_t DetectEngineInspectNfsRequestGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
-}
-
/**
* \internal
* \brief Function to match procedure of a TX
static void DetectNfsVersionFree(DetectEngineCtx *de_ctx, void *);
static int g_nfs_request_buffer_id = 0;
-static uint8_t DetectEngineInspectNfsRequestGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
-
static int DetectNfsVersionMatch (DetectEngineThreadCtx *, Flow *,
uint8_t, void *, void *, const Signature *,
const SigMatchCtx *);
sigmatch_table[DETECT_AL_NFS_VERSION].Setup = DetectNfsVersionSetup;
sigmatch_table[DETECT_AL_NFS_VERSION].Free = DetectNfsVersionFree;
// unit tests were the same as DetectNfsProcedureRegisterTests
- DetectAppLayerInspectEngineRegister2("nfs_request", ALPROTO_NFS, SIG_FLAG_TOSERVER, 0,
- DetectEngineInspectNfsRequestGeneric, NULL);
+ DetectAppLayerInspectEngineRegister2(
+ "nfs_request", ALPROTO_NFS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL);
g_nfs_request_buffer_id = DetectBufferTypeGetByName("nfs_request");
SCLogDebug("g_nfs_request_buffer_id %d", g_nfs_request_buffer_id);
}
-static uint8_t DetectEngineInspectNfsRequestGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
-}
-
/**
* \internal
* \brief Function to match version of a TX
#endif
void DetectRfbSecresultFree(DetectEngineCtx *, void *);
-static uint8_t DetectEngineInspectRfbSecresultGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
-
typedef struct DetectRfbSecresultData_ {
uint32_t result; /** result code */
} DetectRfbSecresultData;
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
DetectAppLayerInspectEngineRegister2("rfb.secresult", ALPROTO_RFB, SIG_FLAG_TOCLIENT, 1,
- DetectEngineInspectRfbSecresultGeneric, NULL);
+ DetectEngineInspectGenericList, NULL);
rfb_secresult_id = DetectBufferTypeGetByName("rfb.secresult");
}
-static uint8_t DetectEngineInspectRfbSecresultGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
-}
-
enum {
RFB_SECRESULT_OK = 0,
RFB_SECRESULT_FAIL,
static void DetectRfbSectypeFree(DetectEngineCtx *, void *);
static int g_rfb_sectype_buffer_id = 0;
-static uint8_t DetectEngineInspectRfbSectypeGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
-
static int DetectRfbSectypeMatch (DetectEngineThreadCtx *, Flow *,
uint8_t, void *, void *, const Signature *,
const SigMatchCtx *);
sigmatch_table[DETECT_AL_RFB_SECTYPE].Setup = DetectRfbSectypeSetup;
sigmatch_table[DETECT_AL_RFB_SECTYPE].Free = DetectRfbSectypeFree;
- DetectAppLayerInspectEngineRegister2("rfb.sectype", ALPROTO_RFB, SIG_FLAG_TOSERVER, 1,
- DetectEngineInspectRfbSectypeGeneric, NULL);
+ DetectAppLayerInspectEngineRegister2(
+ "rfb.sectype", ALPROTO_RFB, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL);
g_rfb_sectype_buffer_id = DetectBufferTypeGetByName("rfb.sectype");
}
-static uint8_t DetectEngineInspectRfbSectypeGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
-}
-
/**
* \internal
* \brief Function to match security type of a RFB TX
#endif
static int g_snmp_pdu_type_buffer_id = 0;
-static uint8_t DetectEngineInspectSNMPRequestGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
-
static int DetectSNMPPduTypeMatch (DetectEngineThreadCtx *, Flow *,
uint8_t, void *, void *, const Signature *,
const SigMatchCtx *);
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
DetectAppLayerInspectEngineRegister2("snmp.pdu_type", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0,
- DetectEngineInspectSNMPRequestGeneric, NULL);
+ DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2("snmp.pdu_type", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0,
- DetectEngineInspectSNMPRequestGeneric, NULL);
+ DetectEngineInspectGenericList, NULL);
g_snmp_pdu_type_buffer_id = DetectBufferTypeGetByName("snmp.pdu_type");
}
-static uint8_t DetectEngineInspectSNMPRequestGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
-}
-
/**
* \internal
* \brief Function to match pdu_type of a TX
#endif
static int g_snmp_version_buffer_id = 0;
-static uint8_t DetectEngineInspectSNMPRequestGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
-
static int DetectSNMPVersionMatch (DetectEngineThreadCtx *, Flow *,
uint8_t, void *, void *, const Signature *,
const SigMatchCtx *);
#endif
DetectAppLayerInspectEngineRegister2("snmp.version", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0,
- DetectEngineInspectSNMPRequestGeneric, NULL);
+ DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2("snmp.version", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0,
- DetectEngineInspectSNMPRequestGeneric, NULL);
+ DetectEngineInspectGenericList, NULL);
g_snmp_version_buffer_id = DetectBufferTypeGetByName("snmp.version");
}
-static uint8_t DetectEngineInspectSNMPRequestGeneric(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
-}
-
/**
* \internal
* \brief Function to match version of a TX
static void DetectSshSoftwareVersionFree(DetectEngineCtx *de_ctx, void *);
static int g_ssh_banner_list_id = 0;
-static uint8_t InspectSshBanner(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
- uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
-}
/**
* \brief Registration function for keyword: ssh.softwareversion
g_ssh_banner_list_id = DetectBufferTypeRegister("ssh_banner");
DetectAppLayerInspectEngineRegister2("ssh_banner", ALPROTO_SSH, SIG_FLAG_TOSERVER,
- SshStateBannerDone, InspectSshBanner, NULL);
+ SshStateBannerDone, DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2("ssh_banner", ALPROTO_SSH, SIG_FLAG_TOCLIENT,
- SshStateBannerDone, InspectSshBanner, NULL);
+ SshStateBannerDone, DetectEngineInspectGenericList, NULL);
}
/**
#endif
static void DetectSslStateFree(DetectEngineCtx *, void *);
-static uint8_t InspectTlsGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
- uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
-
static int g_tls_generic_list_id = 0;
/**
"generic ssl/tls inspection");
DetectAppLayerInspectEngineRegister2(
- "tls_generic", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, InspectTlsGeneric, NULL);
+ "tls_generic", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2(
- "tls_generic", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, InspectTlsGeneric, NULL);
-}
-
-static uint8_t InspectTlsGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
- uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
+ "tls_generic", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL);
}
/**
static void DetectTlsValidityFree(DetectEngineCtx *, void *);
static int g_tls_validity_buffer_id = 0;
-static uint8_t DetectEngineInspectTlsValidity(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
-
/**
* \brief Registration function for tls validity keywords.
*/
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
DetectAppLayerInspectEngineRegister2("tls_validity", ALPROTO_TLS, SIG_FLAG_TOCLIENT,
- TLS_STATE_CERT_READY, DetectEngineInspectTlsValidity, NULL);
+ TLS_STATE_CERT_READY, DetectEngineInspectGenericList, NULL);
g_tls_validity_buffer_id = DetectBufferTypeGetByName("tls_validity");
}
-static uint8_t DetectEngineInspectTlsValidity(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
-}
-
/**
* \internal
* \brief Function to match validity field in a tls certificate.
static int g_tls_cert_list_id = 0;
-static uint8_t InspectTlsCert(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
- uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- return DetectEngineInspectGenericList(
- de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
-}
/**
* \brief Registration function for keyword: tls.version
g_tls_cert_list_id = DetectBufferTypeRegister("tls_cert");
- DetectAppLayerInspectEngineRegister2(
- "tls_cert", ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, InspectTlsCert, NULL);
+ DetectAppLayerInspectEngineRegister2("tls_cert", ALPROTO_TLS, SIG_FLAG_TOCLIENT,
+ TLS_STATE_CERT_READY, DetectEngineInspectGenericList, NULL);
}
/**
projects / thirdparty / suricata.git / commitdiff
