void DetectDceIfaceRegister(void)
{
sigmatch_table[DETECT_DCE_IFACE].name = "dce_iface";
- sigmatch_table[DETECT_DCE_IFACE].alproto = ALPROTO_DCERPC;
sigmatch_table[DETECT_DCE_IFACE].Match = NULL;
sigmatch_table[DETECT_DCE_IFACE].AppLayerMatch = DetectDceIfaceMatch;
sigmatch_table[DETECT_DCE_IFACE].Setup = DetectDceIfaceSetup;
void DetectDceOpnumRegister(void)
{
sigmatch_table[DETECT_DCE_OPNUM].name = "dce_opnum";
- sigmatch_table[DETECT_DCE_OPNUM].alproto = ALPROTO_DCERPC;
sigmatch_table[DETECT_DCE_OPNUM].Match = NULL;
sigmatch_table[DETECT_DCE_OPNUM].AppLayerMatch = DetectDceOpnumMatch;
sigmatch_table[DETECT_DCE_OPNUM].Setup = DetectDceOpnumSetup;
void DetectDceStubDataRegister(void)
{
sigmatch_table[DETECT_DCE_STUB_DATA].name = "dce_stub_data";
- sigmatch_table[DETECT_DCE_STUB_DATA].alproto = ALPROTO_DCERPC;
sigmatch_table[DETECT_DCE_STUB_DATA].Match = NULL;
sigmatch_table[DETECT_DCE_STUB_DATA].AppLayerMatch = NULL;
sigmatch_table[DETECT_DCE_STUB_DATA].Setup = DetectDceStubDataSetup;
sigmatch_table[DETECT_AL_DNS_QUERY].desc = "content modifier to match specifically and only on the DNS query-buffer";
sigmatch_table[DETECT_AL_DNS_QUERY].Match = NULL;
sigmatch_table[DETECT_AL_DNS_QUERY].AppLayerMatch = NULL;
- sigmatch_table[DETECT_AL_DNS_QUERY].alproto = ALPROTO_DNS;
sigmatch_table[DETECT_AL_DNS_QUERY].Setup = DetectDnsQuerySetup;
sigmatch_table[DETECT_AL_DNS_QUERY].Free = NULL;
sigmatch_table[DETECT_AL_DNS_QUERY].RegisterTests = DetectDnsQueryRegisterTests;
sigmatch_table[DETECT_FILE_DATA].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/HTTP-keywords#file_data";
sigmatch_table[DETECT_FILE_DATA].Match = NULL;
sigmatch_table[DETECT_FILE_DATA].AppLayerMatch = NULL;
- sigmatch_table[DETECT_FILE_DATA].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_FILE_DATA].Setup = DetectFiledataSetup;
sigmatch_table[DETECT_FILE_DATA].Free = NULL;
sigmatch_table[DETECT_FILE_DATA].RegisterTests = DetectFiledataRegisterTests;
sigmatch_table[DETECT_FILEEXT].desc = "match on the extension of a file name";
sigmatch_table[DETECT_FILEEXT].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/File-keywords#fileext";
sigmatch_table[DETECT_FILEEXT].FileMatch = DetectFileextMatch;
- sigmatch_table[DETECT_FILEEXT].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_FILEEXT].Setup = DetectFileextSetup;
sigmatch_table[DETECT_FILEEXT].Free = DetectFileextFree;
sigmatch_table[DETECT_FILEEXT].RegisterTests = DetectFileextRegisterTests;
sigmatch_table[DETECT_FILEMAGIC].desc = "match on the information libmagic returns about a file";
sigmatch_table[DETECT_FILEMAGIC].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/File-keywords#filemagic";
sigmatch_table[DETECT_FILEMAGIC].FileMatch = DetectFilemagicMatch;
- sigmatch_table[DETECT_FILEMAGIC].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_FILEMAGIC].Setup = DetectFilemagicSetup;
sigmatch_table[DETECT_FILEMAGIC].Free = DetectFilemagicFree;
sigmatch_table[DETECT_FILEMAGIC].RegisterTests = DetectFilemagicRegisterTests;
{
sigmatch_table[DETECT_FILEMD5].name = "filemd5";
sigmatch_table[DETECT_FILEMD5].FileMatch = NULL;
- sigmatch_table[DETECT_FILEMD5].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_FILEMD5].Setup = DetectFileMd5SetupNoSupport;
sigmatch_table[DETECT_FILEMD5].Free = NULL;
sigmatch_table[DETECT_FILEMD5].RegisterTests = NULL;
sigmatch_table[DETECT_FILEMD5].desc = "match file MD5 against list of MD5 checksums";
sigmatch_table[DETECT_FILEMD5].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/File-keywords#filemd5";
sigmatch_table[DETECT_FILEMD5].FileMatch = DetectFileMd5Match;
- sigmatch_table[DETECT_FILEMD5].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_FILEMD5].Setup = DetectFileMd5Setup;
sigmatch_table[DETECT_FILEMD5].Free = DetectFileMd5Free;
sigmatch_table[DETECT_FILEMD5].RegisterTests = DetectFileMd5RegisterTests;
sigmatch_table[DETECT_FILENAME].desc = "match on the file name";
sigmatch_table[DETECT_FILENAME].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/File-keywords#filename";
sigmatch_table[DETECT_FILENAME].FileMatch = DetectFilenameMatch;
- sigmatch_table[DETECT_FILENAME].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_FILENAME].Setup = DetectFilenameSetup;
sigmatch_table[DETECT_FILENAME].Free = DetectFilenameFree;
sigmatch_table[DETECT_FILENAME].RegisterTests = DetectFilenameRegisterTests;
sigmatch_table[DETECT_FILESIZE].name = "filesize";
sigmatch_table[DETECT_FILESIZE].desc = "match on the size of the file as it is being transferred";
sigmatch_table[DETECT_FILESIZE].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/File-keywords#filesize";
- sigmatch_table[DETECT_FILESIZE].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_FILESIZE].FileMatch = DetectFilesizeMatch;
sigmatch_table[DETECT_FILESIZE].Setup = DetectFilesizeSetup;
sigmatch_table[DETECT_FILESIZE].Free = DetectFilesizeFree;
sigmatch_table[DETECT_FILESTORE].desc = "stores files to disk if the rule matched";
sigmatch_table[DETECT_FILESTORE].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/File-keywords#filestore";
sigmatch_table[DETECT_FILESTORE].FileMatch = DetectFilestoreMatch;
- sigmatch_table[DETECT_FILESTORE].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_FILESTORE].Setup = DetectFilestoreSetup;
sigmatch_table[DETECT_FILESTORE].Free = DetectFilestoreFree;
sigmatch_table[DETECT_FILESTORE].RegisterTests = NULL;
sigmatch_table[DETECT_FTPBOUNCE].Setup = DetectFtpbounceSetup;
sigmatch_table[DETECT_FTPBOUNCE].Match = NULL;
sigmatch_table[DETECT_FTPBOUNCE].AppLayerMatch = DetectFtpbounceALMatch;
- sigmatch_table[DETECT_FTPBOUNCE].alproto = ALPROTO_FTP;
sigmatch_table[DETECT_FTPBOUNCE].Free = NULL;
sigmatch_table[DETECT_FTPBOUNCE].RegisterTests = DetectFtpbounceRegisterTests;
sigmatch_table[DETECT_FTPBOUNCE].flags = SIGMATCH_NOOPT;
sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].Setup = DetectHttpClientBodySetup;
sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].Free = DetectHttpClientBodyFree;
sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].RegisterTests = DetectHttpClientBodyRegisterTests;
- sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].flags |= SIGMATCH_NOOPT ;
sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].flags |= SIGMATCH_PAYLOAD ;
sigmatch_table[DETECT_AL_HTTP_COOKIE].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/HTTP-keywords#http_cookie";
sigmatch_table[DETECT_AL_HTTP_COOKIE].Match = NULL;
sigmatch_table[DETECT_AL_HTTP_COOKIE].AppLayerMatch = NULL;
- sigmatch_table[DETECT_AL_HTTP_COOKIE].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_AL_HTTP_COOKIE].Setup = DetectHttpCookieSetup;
sigmatch_table[DETECT_AL_HTTP_COOKIE].Free = DetectHttpCookieFree;
sigmatch_table[DETECT_AL_HTTP_COOKIE].RegisterTests = DetectHttpCookieRegisterTests;
sigmatch_table[DETECT_AL_HTTP_HEADER].Setup = DetectHttpHeaderSetup;
sigmatch_table[DETECT_AL_HTTP_HEADER].Free = DetectHttpHeaderFree;
sigmatch_table[DETECT_AL_HTTP_HEADER].RegisterTests = DetectHttpHeaderRegisterTests;
- sigmatch_table[DETECT_AL_HTTP_HEADER].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_AL_HTTP_HEADER].flags |= SIGMATCH_NOOPT ;
sigmatch_table[DETECT_AL_HTTP_HEADER].flags |= SIGMATCH_PAYLOAD ;
sigmatch_table[DETECT_AL_HTTP_HOST].Setup = DetectHttpHHSetup;
sigmatch_table[DETECT_AL_HTTP_HOST].Free = DetectHttpHHFree;
sigmatch_table[DETECT_AL_HTTP_HOST].RegisterTests = DetectHttpHHRegisterTests;
- sigmatch_table[DETECT_AL_HTTP_HOST].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_AL_HTTP_HOST].flags |= SIGMATCH_NOOPT ;
sigmatch_table[DETECT_AL_HTTP_HOST].flags |= SIGMATCH_PAYLOAD ;
sigmatch_table[DETECT_AL_HTTP_RAW_HOST].Setup = DetectHttpHRHSetup;
sigmatch_table[DETECT_AL_HTTP_RAW_HOST].Free = DetectHttpHRHFree;
sigmatch_table[DETECT_AL_HTTP_RAW_HOST].RegisterTests = DetectHttpHRHRegisterTests;
- sigmatch_table[DETECT_AL_HTTP_RAW_HOST].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_AL_HTTP_RAW_HOST].flags |= SIGMATCH_NOOPT ;
sigmatch_table[DETECT_AL_HTTP_RAW_HOST].flags |= SIGMATCH_PAYLOAD ;
sigmatch_table[DETECT_AL_HTTP_METHOD].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/HTTP-keywords#http_method";
sigmatch_table[DETECT_AL_HTTP_METHOD].Match = NULL;
sigmatch_table[DETECT_AL_HTTP_METHOD].AppLayerMatch = NULL;
- sigmatch_table[DETECT_AL_HTTP_METHOD].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_AL_HTTP_METHOD].Setup = DetectHttpMethodSetup;
sigmatch_table[DETECT_AL_HTTP_METHOD].Free = DetectHttpMethodFree;
sigmatch_table[DETECT_AL_HTTP_METHOD].RegisterTests = DetectHttpMethodRegisterTests;
sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].Setup = DetectHttpRawHeaderSetup;
sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].Free = DetectHttpRawHeaderFree;
sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].RegisterTests = DetectHttpRawHeaderRegisterTests;
- sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].flags |= SIGMATCH_NOOPT;
sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].flags |= SIGMATCH_PAYLOAD;
sigmatch_table[DETECT_AL_HTTP_RAW_URI].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/HTTP-keywords#http_uri-and-http_raw_uri";
sigmatch_table[DETECT_AL_HTTP_RAW_URI].Match = NULL;
sigmatch_table[DETECT_AL_HTTP_RAW_URI].AppLayerMatch = NULL;
- sigmatch_table[DETECT_AL_HTTP_RAW_URI].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_AL_HTTP_RAW_URI].Setup = DetectHttpRawUriSetup;
sigmatch_table[DETECT_AL_HTTP_RAW_URI].Free = NULL;
sigmatch_table[DETECT_AL_HTTP_RAW_URI].RegisterTests = DetectHttpRawUriRegisterTests;
sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].Setup = DetectHttpServerBodySetup;
sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].Free = DetectHttpServerBodyFree;
sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].RegisterTests = DetectHttpServerBodyRegisterTests;
- sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].flags |= SIGMATCH_NOOPT;
sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].flags |= SIGMATCH_PAYLOAD ;
sigmatch_table[DETECT_AL_HTTP_STAT_CODE].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/HTTP-keywords#http_stat_code";
sigmatch_table[DETECT_AL_HTTP_STAT_CODE].Match = NULL;
sigmatch_table[DETECT_AL_HTTP_STAT_CODE].AppLayerMatch = NULL;
- sigmatch_table[DETECT_AL_HTTP_STAT_CODE].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_AL_HTTP_STAT_CODE].Setup = DetectHttpStatCodeSetup;
sigmatch_table[DETECT_AL_HTTP_STAT_CODE].Free = NULL;
sigmatch_table[DETECT_AL_HTTP_STAT_CODE].RegisterTests = DetectHttpStatCodeRegisterTests;
sigmatch_table[DETECT_AL_HTTP_STAT_MSG].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/HTTP-keywords#http_stat_msg";
sigmatch_table[DETECT_AL_HTTP_STAT_MSG].Match = NULL;
sigmatch_table[DETECT_AL_HTTP_STAT_MSG].AppLayerMatch = NULL;
- sigmatch_table[DETECT_AL_HTTP_STAT_MSG].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_AL_HTTP_STAT_MSG].Setup = DetectHttpStatMsgSetup;
sigmatch_table[DETECT_AL_HTTP_STAT_MSG].Free = NULL;
sigmatch_table[DETECT_AL_HTTP_STAT_MSG].RegisterTests = DetectHttpStatMsgRegisterTests;
sigmatch_table[DETECT_AL_HTTP_USER_AGENT].Setup = DetectHttpUASetup;
sigmatch_table[DETECT_AL_HTTP_USER_AGENT].Free = DetectHttpUAFree;
sigmatch_table[DETECT_AL_HTTP_USER_AGENT].RegisterTests = DetectHttpUARegisterTests;
- sigmatch_table[DETECT_AL_HTTP_USER_AGENT].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_AL_HTTP_USER_AGENT].flags |= SIGMATCH_NOOPT;
sigmatch_table[DETECT_AL_HTTP_USER_AGENT].flags |= SIGMATCH_PAYLOAD ;
sigmatch_table[DETECT_AL_HTTP_URI].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/HTTP-keywords#http_uri-and-http_raw_uri";
sigmatch_table[DETECT_AL_HTTP_URI].Match = NULL;
sigmatch_table[DETECT_AL_HTTP_URI].AppLayerMatch = NULL;
- sigmatch_table[DETECT_AL_HTTP_URI].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_AL_HTTP_URI].Setup = DetectHttpUriSetup;
sigmatch_table[DETECT_AL_HTTP_URI].Free = NULL;
sigmatch_table[DETECT_AL_HTTP_URI].RegisterTests = DetectHttpUriRegisterTests;
sigmatch_table[DETECT_AL_MODBUS].name = "modbus";
sigmatch_table[DETECT_AL_MODBUS].Match = NULL;
sigmatch_table[DETECT_AL_MODBUS].AppLayerMatch = NULL;
- sigmatch_table[DETECT_AL_MODBUS].alproto = ALPROTO_MODBUS;
sigmatch_table[DETECT_AL_MODBUS].Setup = DetectModbusSetup;
sigmatch_table[DETECT_AL_MODBUS].Free = DetectModbusFree;
sigmatch_table[DETECT_AL_MODBUS].RegisterTests = DetectModbusRegisterTests;
sigmatch_table[DETECT_PCRE].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/HTTP-keywords#Pcre-Perl-Compatible-Regular-Expressions";
sigmatch_table[DETECT_PCRE].Match = NULL;
sigmatch_table[DETECT_PCRE].AppLayerMatch = NULL;
- sigmatch_table[DETECT_PCRE].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_PCRE].Setup = DetectPcreSetup;
sigmatch_table[DETECT_PCRE].Free = DetectPcreFree;
sigmatch_table[DETECT_PCRE].RegisterTests = DetectPcreRegisterTests;
sigmatch_table[DETECT_PKT_DATA].name = "pkt_data";
sigmatch_table[DETECT_PKT_DATA].Match = NULL;
sigmatch_table[DETECT_PKT_DATA].AppLayerMatch = NULL;
- sigmatch_table[DETECT_PKT_DATA].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_PKT_DATA].Setup = DetectPktDataSetup;
sigmatch_table[DETECT_PKT_DATA].Free = NULL;
sigmatch_table[DETECT_PKT_DATA].RegisterTests = DetectPktDataTestRegister;
sigmatch_table[DETECT_AL_SSH_PROTOVERSION].name = "ssh.protoversion";
sigmatch_table[DETECT_AL_SSH_PROTOVERSION].Match = NULL;
sigmatch_table[DETECT_AL_SSH_PROTOVERSION].AppLayerMatch = DetectSshVersionMatch;
- sigmatch_table[DETECT_AL_SSH_PROTOVERSION].alproto = ALPROTO_SSH;
sigmatch_table[DETECT_AL_SSH_PROTOVERSION].Setup = DetectSshVersionSetup;
sigmatch_table[DETECT_AL_SSH_PROTOVERSION].Free = DetectSshVersionFree;
sigmatch_table[DETECT_AL_SSH_PROTOVERSION].RegisterTests = DetectSshVersionRegisterTests;
sigmatch_table[DETECT_AL_SSH_SOFTWAREVERSION].name = "ssh.softwareversion";
sigmatch_table[DETECT_AL_SSH_SOFTWAREVERSION].Match = NULL;
sigmatch_table[DETECT_AL_SSH_SOFTWAREVERSION].AppLayerMatch = DetectSshSoftwareVersionMatch;
- sigmatch_table[DETECT_AL_SSH_SOFTWAREVERSION].alproto = ALPROTO_SSH;
sigmatch_table[DETECT_AL_SSH_SOFTWAREVERSION].Setup = DetectSshSoftwareVersionSetup;
sigmatch_table[DETECT_AL_SSH_SOFTWAREVERSION].Free = DetectSshSoftwareVersionFree;
sigmatch_table[DETECT_AL_SSH_SOFTWAREVERSION].RegisterTests = DetectSshSoftwareVersionRegisterTests;
sigmatch_table[DETECT_AL_SSL_STATE].name = "ssl_state";
sigmatch_table[DETECT_AL_SSL_STATE].Match = NULL;
sigmatch_table[DETECT_AL_SSL_STATE].AppLayerMatch = DetectSslStateMatch;
- sigmatch_table[DETECT_AL_SSL_STATE].alproto = ALPROTO_TLS;
sigmatch_table[DETECT_AL_SSL_STATE].Setup = DetectSslStateSetup;
sigmatch_table[DETECT_AL_SSL_STATE].Free = DetectSslStateFree;
sigmatch_table[DETECT_AL_SSL_STATE].RegisterTests = DetectSslStateRegisterTests;
sigmatch_table[DETECT_AL_SSL_VERSION].name = "ssl_version";
sigmatch_table[DETECT_AL_SSL_VERSION].Match = NULL;
sigmatch_table[DETECT_AL_SSL_VERSION].AppLayerMatch = DetectSslVersionMatch;
- sigmatch_table[DETECT_AL_SSL_VERSION].alproto = ALPROTO_TLS;
sigmatch_table[DETECT_AL_SSL_VERSION].Setup = DetectSslVersionSetup;
sigmatch_table[DETECT_AL_SSL_VERSION].Free = DetectSslVersionFree;
sigmatch_table[DETECT_AL_SSL_VERSION].RegisterTests = DetectSslVersionRegisterTests;
sigmatch_table[DETECT_AL_TEMPLATE_BUFFER].name = "template_buffer";
sigmatch_table[DETECT_AL_TEMPLATE_BUFFER].desc =
"Template content modififier to match on the template buffers";
- sigmatch_table[DETECT_AL_TEMPLATE_BUFFER].alproto = ALPROTO_TEMPLATE;
sigmatch_table[DETECT_AL_TEMPLATE_BUFFER].Setup = DetectTemplateBufferSetup;
sigmatch_table[DETECT_AL_TEMPLATE_BUFFER].RegisterTests =
DetectTemplateBufferRegisterTests;
sigmatch_table[DETECT_AL_TLS_SNI].desc = "content modifier to match specifically and only on the TLS SNI buffer";
sigmatch_table[DETECT_AL_TLS_SNI].Match = NULL;
sigmatch_table[DETECT_AL_TLS_SNI].AppLayerMatch = NULL;
- sigmatch_table[DETECT_AL_TLS_SNI].alproto = ALPROTO_TLS;
sigmatch_table[DETECT_AL_TLS_SNI].Setup = DetectTlsSniSetup;
sigmatch_table[DETECT_AL_TLS_SNI].Free = NULL;
sigmatch_table[DETECT_AL_TLS_SNI].RegisterTests = DetectTlsSniRegisterTests;
sigmatch_table[DETECT_AL_TLS_VERSION].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/TLS-keywords#tlsversion";
sigmatch_table[DETECT_AL_TLS_VERSION].Match = NULL;
sigmatch_table[DETECT_AL_TLS_VERSION].AppLayerMatch = DetectTlsVersionMatch;
- sigmatch_table[DETECT_AL_TLS_VERSION].alproto = ALPROTO_TLS;
sigmatch_table[DETECT_AL_TLS_VERSION].Setup = DetectTlsVersionSetup;
sigmatch_table[DETECT_AL_TLS_VERSION].Free = DetectTlsVersionFree;
sigmatch_table[DETECT_AL_TLS_VERSION].RegisterTests = DetectTlsVersionRegisterTests;
sigmatch_table[DETECT_AL_TLS_SUBJECT].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/TLS-keywords#tlssubject";
sigmatch_table[DETECT_AL_TLS_SUBJECT].Match = NULL;
sigmatch_table[DETECT_AL_TLS_SUBJECT].AppLayerMatch = DetectTlsSubjectMatch;
- sigmatch_table[DETECT_AL_TLS_SUBJECT].alproto = ALPROTO_TLS;
sigmatch_table[DETECT_AL_TLS_SUBJECT].Setup = DetectTlsSubjectSetup;
sigmatch_table[DETECT_AL_TLS_SUBJECT].Free = DetectTlsSubjectFree;
sigmatch_table[DETECT_AL_TLS_SUBJECT].RegisterTests = DetectTlsSubjectRegisterTests;
sigmatch_table[DETECT_AL_TLS_ISSUERDN].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/TLS-keywords#tlsissuerdn";
sigmatch_table[DETECT_AL_TLS_ISSUERDN].Match = NULL;
sigmatch_table[DETECT_AL_TLS_ISSUERDN].AppLayerMatch = DetectTlsIssuerDNMatch;
- sigmatch_table[DETECT_AL_TLS_ISSUERDN].alproto = ALPROTO_TLS;
sigmatch_table[DETECT_AL_TLS_ISSUERDN].Setup = DetectTlsIssuerDNSetup;
sigmatch_table[DETECT_AL_TLS_ISSUERDN].Free = DetectTlsIssuerDNFree;
sigmatch_table[DETECT_AL_TLS_ISSUERDN].RegisterTests = DetectTlsIssuerDNRegisterTests;
sigmatch_table[DETECT_AL_TLS_FINGERPRINT].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/TLS-keywords#tlsfingerprint";
sigmatch_table[DETECT_AL_TLS_FINGERPRINT].Match = NULL;
sigmatch_table[DETECT_AL_TLS_FINGERPRINT].AppLayerMatch = DetectTlsFingerprintMatch;
- sigmatch_table[DETECT_AL_TLS_FINGERPRINT].alproto = ALPROTO_TLS;
sigmatch_table[DETECT_AL_TLS_FINGERPRINT].Setup = DetectTlsFingerprintSetup;
sigmatch_table[DETECT_AL_TLS_FINGERPRINT].Free = DetectTlsFingerprintFree;
sigmatch_table[DETECT_AL_TLS_FINGERPRINT].RegisterTests = NULL;
sigmatch_table[DETECT_AL_TLS_STORE].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/TLS-keywords#tlsstore";
sigmatch_table[DETECT_AL_TLS_STORE].Match = NULL;
sigmatch_table[DETECT_AL_TLS_STORE].AppLayerMatch = DetectTlsStoreMatch;
- sigmatch_table[DETECT_AL_TLS_STORE].alproto = ALPROTO_TLS;
sigmatch_table[DETECT_AL_TLS_STORE].Setup = DetectTlsStoreSetup;
sigmatch_table[DETECT_AL_TLS_STORE].Free = NULL;
sigmatch_table[DETECT_AL_TLS_STORE].RegisterTests = NULL;
sigmatch_table[DETECT_URICONTENT].Setup = DetectUricontentSetup;
sigmatch_table[DETECT_URICONTENT].Free = DetectUricontentFree;
sigmatch_table[DETECT_URICONTENT].RegisterTests = HttpUriRegisterTests;
- sigmatch_table[DETECT_URICONTENT].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_URICONTENT].flags |= SIGMATCH_PAYLOAD;
}
sigmatch_table[DETECT_AL_URILEN].desc = "match on the length of the HTTP uri";
sigmatch_table[DETECT_AL_URILEN].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/HTTP-keywords#Urilen";
sigmatch_table[DETECT_AL_URILEN].Match = NULL;
- sigmatch_table[DETECT_AL_URILEN].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_AL_URILEN].AppLayerMatch = NULL /**< We handle this at detect-engine-uri.c now */;
sigmatch_table[DETECT_AL_URILEN].Setup = DetectUrilenSetup;
sigmatch_table[DETECT_AL_URILEN].Free = DetectUrilenFree;
projects / thirdparty / suricata.git / commitdiff
