fprintf(rule_engine_analysis_FD, "%s",
payload ? (stream ? "payload and reassembled stream" : "payload") : "reassembled stream");
}
- else if (list_type == DETECT_SM_LIST_TLSSNI_MATCH)
- fprintf(rule_engine_analysis_FD, "tls sni extension content");
- else if (list_type == DETECT_SM_LIST_TLSISSUER_MATCH)
- fprintf(rule_engine_analysis_FD, "tls issuer content");
- else if (list_type == DETECT_SM_LIST_TLSSUBJECT_MATCH)
- fprintf(rule_engine_analysis_FD, "tls subject content");
else if (list_type == DETECT_SM_LIST_DNP3_DATA_MATCH)
fprintf(rule_engine_analysis_FD, "dnp3 data content");
else {
case DETECT_SM_LIST_FILEMATCH:
return "file";
- case DETECT_SM_LIST_TLSSNI_MATCH:
- return "tls sni extension";
- case DETECT_SM_LIST_TLSISSUER_MATCH:
- return "tls issuer";
- case DETECT_SM_LIST_TLSSUBJECT_MATCH:
- return "tls subject";
- case DETECT_SM_LIST_TLSVALIDITY_MATCH:
- return "tls validity";
-
case DETECT_SM_LIST_MODBUS_MATCH:
return "modbus";
case DETECT_SM_LIST_DNP3_DATA_MATCH:
CASE_CODE_STRING(DETECT_SM_LIST_DMATCH, "dcerpc");
CASE_CODE_STRING(DETECT_SM_LIST_TMATCH, "tag");
CASE_CODE_STRING(DETECT_SM_LIST_FILEMATCH, "file");
- CASE_CODE_STRING(DETECT_SM_LIST_TLSSNI_MATCH, "tls_sni");
- CASE_CODE_STRING(DETECT_SM_LIST_TLSISSUER_MATCH, "tls_cert_issuer");
- CASE_CODE_STRING(DETECT_SM_LIST_TLSSUBJECT_MATCH, "tls_cert_subject");
- CASE_CODE_STRING(DETECT_SM_LIST_TLSVALIDITY_MATCH, "tls_cert_validity");
CASE_CODE_STRING(DETECT_SM_LIST_MODBUS_MATCH, "modbus");
CASE_CODE_STRING(DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH, "template");
CASE_CODE_STRING(DETECT_SM_LIST_POSTMATCH, "postmatch");
CASE_CODE(DETECT_SM_LIST_DMATCH);
CASE_CODE(DETECT_SM_LIST_TMATCH);
CASE_CODE(DETECT_SM_LIST_FILEMATCH);
- CASE_CODE(DETECT_SM_LIST_TLSSNI_MATCH);
- CASE_CODE(DETECT_SM_LIST_TLSISSUER_MATCH);
- CASE_CODE(DETECT_SM_LIST_TLSSUBJECT_MATCH);
- CASE_CODE(DETECT_SM_LIST_TLSVALIDITY_MATCH);
CASE_CODE(DETECT_SM_LIST_MODBUS_MATCH);
CASE_CODE(DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH);
CASE_CODE(DETECT_SM_LIST_POSTMATCH);
static int DetectTlsIssuerSetup(DetectEngineCtx *, Signature *, char *);
static void DetectTlsIssuerRegisterTests(void);
+static int g_tls_cert_issuer_buffer_id = 0;
/**
* \brief Registration function for keyword: tls_cert_issuer
sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].flags |= SIGMATCH_NOOPT;
sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].flags |= SIGMATCH_PAYLOAD;
- DetectMpmAppLayerRegister("tls_cert_issuer", SIG_FLAG_TOCLIENT,
- DETECT_SM_LIST_TLSISSUER_MATCH, 2,
+ DetectAppLayerMpmRegister("tls_cert_issuer", SIG_FLAG_TOCLIENT, 2,
PrefilterTxTlsIssuerRegister);
- DetectAppLayerInspectEngineRegister(ALPROTO_TLS, SIG_FLAG_TOCLIENT,
- DETECT_SM_LIST_TLSISSUER_MATCH,
+ DetectAppLayerInspectEngineRegister2("tls_cert_issuer",
+ ALPROTO_TLS, SIG_FLAG_TOCLIENT,
DetectEngineInspectTlsIssuer);
+
+ g_tls_cert_issuer_buffer_id = DetectBufferTypeGetByName("tls_cert_issuer");
}
*/
static int DetectTlsIssuerSetup(DetectEngineCtx *de_ctx, Signature *s, char *str)
{
- s->init_data->list = DETECT_SM_LIST_TLSISSUER_MATCH;
+ s->init_data->list = g_tls_cert_issuer_buffer_id;
s->alproto = ALPROTO_TLS;
return 0;
}
sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_MATCH];
FAIL_IF_NOT_NULL(sm);
- sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_TLSISSUER_MATCH];
+ sm = de_ctx->sig_list->sm_lists[g_tls_cert_issuer_buffer_id];
FAIL_IF_NULL(sm);
FAIL_IF(sm->type != DETECT_CONTENT);
static int DetectTlsSubjectSetup(DetectEngineCtx *, Signature *, char *);
static void DetectTlsSubjectRegisterTests(void);
+static int g_tls_cert_subject_buffer_id = 0;
/**
* \brief Registration function for keyword: tls_cert_issuer
sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].flags |= SIGMATCH_NOOPT;
sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].flags |= SIGMATCH_PAYLOAD;
- DetectMpmAppLayerRegister("tls_cert_subject", SIG_FLAG_TOCLIENT,
- DETECT_SM_LIST_TLSSUBJECT_MATCH, 2,
+ DetectAppLayerMpmRegister("tls_cert_subject", SIG_FLAG_TOCLIENT, 2,
PrefilterTxTlsSubjectRegister);
- DetectAppLayerInspectEngineRegister(ALPROTO_TLS, SIG_FLAG_TOCLIENT,
- DETECT_SM_LIST_TLSSUBJECT_MATCH,
+ DetectAppLayerInspectEngineRegister2("tls_cert_subject",
+ ALPROTO_TLS, SIG_FLAG_TOCLIENT,
DetectEngineInspectTlsSubject);
+ g_tls_cert_subject_buffer_id = DetectBufferTypeGetByName("tls_cert_subject");
}
/**
*/
static int DetectTlsSubjectSetup(DetectEngineCtx *de_ctx, Signature *s, char *str)
{
- s->init_data->list = DETECT_SM_LIST_TLSSUBJECT_MATCH;
+ s->init_data->list = g_tls_cert_subject_buffer_id;
s->alproto = ALPROTO_TLS;
return 0;
}
sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_MATCH];
FAIL_IF_NOT_NULL(sm);
- sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_TLSSUBJECT_MATCH];
+ sm = de_ctx->sig_list->sm_lists[g_tls_cert_subject_buffer_id];
FAIL_IF_NULL(sm);
FAIL_IF(sm->type != DETECT_CONTENT);
static int DetectTlsNotBeforeSetup (DetectEngineCtx *, Signature *s, char *str);
static int DetectTlsNotAfterSetup (DetectEngineCtx *, Signature *s, char *str);
static int DetectTlsValiditySetup (DetectEngineCtx *, Signature *s, char *str, uint8_t);
-void TlsNotBeforeRegisterTests(void);
-void TlsNotAfterRegisterTests(void);
-void TlsExpiredRegisterTests(void);
-void TlsValidRegisterTests(void);
+static void TlsNotBeforeRegisterTests(void);
+static void TlsNotAfterRegisterTests(void);
+static void TlsExpiredRegisterTests(void);
+static void TlsValidRegisterTests(void);
static void DetectTlsValidityFree(void *);
+static int g_tls_validity_buffer_id = 0;
/**
* \brief Registration function for tls validity keywords.
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
- DetectAppLayerInspectEngineRegister(ALPROTO_TLS, SIG_FLAG_TOCLIENT,
- DETECT_SM_LIST_TLSVALIDITY_MATCH,
+ DetectAppLayerInspectEngineRegister2("tls_validity",
+ ALPROTO_TLS, SIG_FLAG_TOCLIENT,
DetectEngineInspectTlsValidity);
+
+ g_tls_validity_buffer_id = DetectBufferTypeGetByName("tls_validity");
}
/**
s->flags |= SIG_FLAG_APPLAYER;
s->alproto = ALPROTO_TLS;
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_TLSVALIDITY_MATCH);
+ SigMatchAppendSMToList(s, sm, g_tls_validity_buffer_id);
return 0;
s->flags |= SIG_FLAG_APPLAYER;
s->alproto = ALPROTO_TLS;
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_TLSVALIDITY_MATCH);
+ SigMatchAppendSMToList(s, sm, g_tls_validity_buffer_id);
return 0;
s->flags |= SIG_FLAG_APPLAYER;
s->alproto = ALPROTO_TLS;
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_TLSVALIDITY_MATCH);
+ SigMatchAppendSMToList(s, sm, g_tls_validity_buffer_id);
return 0;
static int DetectTlsSniSetup(DetectEngineCtx *, Signature *, char *);
static void DetectTlsSniRegisterTests(void);
+static int g_tls_sni_buffer_id = 0;
/**
* \brief Registration function for keyword: tls_sni
sigmatch_table[DETECT_AL_TLS_SNI].flags |= SIGMATCH_NOOPT;
sigmatch_table[DETECT_AL_TLS_SNI].flags |= SIGMATCH_PAYLOAD;
- DetectMpmAppLayerRegister("tls_sni", SIG_FLAG_TOSERVER,
- DETECT_SM_LIST_TLSSNI_MATCH, 2,
+ DetectAppLayerMpmRegister("tls_sni", SIG_FLAG_TOSERVER, 2,
PrefilterTxTlsSniRegister);
- DetectAppLayerInspectEngineRegister(ALPROTO_TLS, SIG_FLAG_TOSERVER,
- DETECT_SM_LIST_TLSSNI_MATCH,
+ DetectAppLayerInspectEngineRegister2("tls_sni",
+ ALPROTO_TLS, SIG_FLAG_TOSERVER,
DetectEngineInspectTlsSni);
+
+ g_tls_sni_buffer_id = DetectBufferTypeGetByName("tls_sni");
}
*/
static int DetectTlsSniSetup(DetectEngineCtx *de_ctx, Signature *s, char *str)
{
- s->init_data->list = DETECT_SM_LIST_TLSSNI_MATCH;
+ s->init_data->list = g_tls_sni_buffer_id;
s->alproto = ALPROTO_TLS;
return 0;
}
DETECT_SM_LIST_FILEMATCH,
- DETECT_SM_LIST_TLSSNI_MATCH,
- DETECT_SM_LIST_TLSISSUER_MATCH,
- DETECT_SM_LIST_TLSSUBJECT_MATCH,
- DETECT_SM_LIST_TLSVALIDITY_MATCH,
-
DETECT_SM_LIST_MODBUS_MATCH,
DETECT_SM_LIST_CIP_MATCH,
projects / thirdparty / suricata.git / commitdiff
