static pcre_extra *parse_regex2_study;
static int DetectSslStateMatch(ThreadVars *, DetectEngineThreadCtx *,
- Flow *, uint8_t, void *,
- const Signature *, const SigMatchData *);
+ Flow *, uint8_t, void *, void *,
+ const Signature *, const SigMatchCtx *);
static int DetectSslStateSetup(DetectEngineCtx *, Signature *, char *);
static void DetectSslStateRegisterTests(void);
static void DetectSslStateFree(void *);
+static int InspectTlsGeneric(ThreadVars *tv,
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatchData *smd,
+ Flow *f, uint8_t flags, void *alstate,
+ void *txv, uint64_t tx_id);
+
+static int g_tls_generic_list_id = 0;
+
/**
* \brief Registers the keyword handlers for the "ssl_state" keyword.
*/
void DetectSslStateRegister(void)
{
sigmatch_table[DETECT_AL_SSL_STATE].name = "ssl_state";
- sigmatch_table[DETECT_AL_SSL_STATE].Match = NULL;
- sigmatch_table[DETECT_AL_SSL_STATE].AppLayerMatch = DetectSslStateMatch;
+ sigmatch_table[DETECT_AL_SSL_STATE].AppLayerTxMatch = DetectSslStateMatch;
sigmatch_table[DETECT_AL_SSL_STATE].Setup = DetectSslStateSetup;
sigmatch_table[DETECT_AL_SSL_STATE].Free = DetectSslStateFree;
sigmatch_table[DETECT_AL_SSL_STATE].RegisterTests = DetectSslStateRegisterTests;
DetectSetupParseRegexes(PARSE_REGEX1, &parse_regex1, &parse_regex1_study);
DetectSetupParseRegexes(PARSE_REGEX2, &parse_regex2, &parse_regex2_study);
+
+ g_tls_generic_list_id = DetectBufferTypeRegister("tls_generic");
+
+ DetectBufferTypeSetDescriptionByName("tls_generic",
+ "generic ssl/tls inspection");
+
+ DetectAppLayerInspectEngineRegister("tls_generic",
+ ALPROTO_TLS, SIG_FLAG_TOSERVER,
+ InspectTlsGeneric);
+ DetectAppLayerInspectEngineRegister("tls_generic",
+ ALPROTO_TLS, SIG_FLAG_TOCLIENT,
+ InspectTlsGeneric);
+}
+
+static int InspectTlsGeneric(ThreadVars *tv,
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatchData *smd,
+ Flow *f, uint8_t flags, void *alstate,
+ void *txv, uint64_t tx_id)
+{
+ return DetectEngineInspectGenericList(tv, de_ctx, det_ctx, s, smd,
+ f, flags, alstate, txv, tx_id);
}
/**
* \retval 0 No match.
*/
static int DetectSslStateMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
- Flow *f, uint8_t flags, void *alstate,
- const Signature *s, const SigMatchData *m)
+ Flow *f, uint8_t flags, void *alstate, void *txv,
+ const Signature *s, const SigMatchCtx *m)
{
- const DetectSslStateData *ssd = (const DetectSslStateData *)m->ctx;
+ const DetectSslStateData *ssd = (const DetectSslStateData *)m;
SSLState *ssl_state = (SSLState *)alstate;
if (ssl_state == NULL) {
SCLogDebug("no app state, no match");
s->alproto = ALPROTO_TLS;
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH);
+ SigMatchAppendSMToList(s, sm, g_tls_generic_list_id);
return 0;
static pcre_extra *parse_regex_study;
static int DetectSslVersionMatch(ThreadVars *, DetectEngineThreadCtx *,
- Flow *, uint8_t, void *,
- const Signature *, const SigMatchData *);
+ Flow *, uint8_t, void *, void *,
+ const Signature *, const SigMatchCtx *);
static int DetectSslVersionSetup(DetectEngineCtx *, Signature *, char *);
static void DetectSslVersionRegisterTests(void);
static void DetectSslVersionFree(void *);
+static int g_tls_generic_list_id = 0;
/**
* \brief Registration function for keyword: ssl_version
void DetectSslVersionRegister(void)
{
sigmatch_table[DETECT_AL_SSL_VERSION].name = "ssl_version";
- sigmatch_table[DETECT_AL_SSL_VERSION].Match = NULL;
- sigmatch_table[DETECT_AL_SSL_VERSION].AppLayerMatch = DetectSslVersionMatch;
+ sigmatch_table[DETECT_AL_SSL_VERSION].AppLayerTxMatch = DetectSslVersionMatch;
sigmatch_table[DETECT_AL_SSL_VERSION].Setup = DetectSslVersionSetup;
sigmatch_table[DETECT_AL_SSL_VERSION].Free = DetectSslVersionFree;
sigmatch_table[DETECT_AL_SSL_VERSION].RegisterTests = DetectSslVersionRegisterTests;
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+
+ g_tls_generic_list_id = DetectBufferTypeRegister("tls_generic");
}
/**
* \retval 1 match
*/
static int DetectSslVersionMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
- Flow *f, uint8_t flags, void *state,
- const Signature *s, const SigMatchData *m)
+ Flow *f, uint8_t flags, void *state, void *txv,
+ const Signature *s, const SigMatchCtx *m)
{
SCEnter();
uint16_t ver = 0;
uint8_t sig_ver = TLS_UNKNOWN;
- const DetectSslVersionData *ssl = (const DetectSslVersionData *)m->ctx;
+ const DetectSslVersionData *ssl = (const DetectSslVersionData *)m;
SSLState *app_state = (SSLState *)state;
if (app_state == NULL) {
SCLogDebug("no app state, no match");
sm->type = DETECT_AL_SSL_VERSION;
sm->ctx = (void *)ssl;
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH);
+ SigMatchAppendSMToList(s, sm, g_tls_generic_list_id);
s->alproto = ALPROTO_TLS;
return 0;
static pcre_extra *parse_regex_study;
static int DetectTlsVersionMatch (ThreadVars *, DetectEngineThreadCtx *,
- Flow *, uint8_t, void *,
- const Signature *, const SigMatchData *);
+ Flow *, uint8_t, void *, void *,
+ const Signature *, const SigMatchCtx *);
static int DetectTlsVersionSetup (DetectEngineCtx *, Signature *, char *);
static void DetectTlsVersionRegisterTests(void);
static void DetectTlsVersionFree(void *);
+static int g_tls_generic_list_id = 0;
/**
* \brief Registration function for keyword: tls.version
sigmatch_table[DETECT_AL_TLS_VERSION].name = "tls.version";
sigmatch_table[DETECT_AL_TLS_VERSION].desc = "match on TLS/SSL version";
sigmatch_table[DETECT_AL_TLS_VERSION].url = DOC_URL DOC_VERSION "/rules/tls-keywords.html#tlsversion";
- sigmatch_table[DETECT_AL_TLS_VERSION].Match = NULL;
- sigmatch_table[DETECT_AL_TLS_VERSION].AppLayerMatch = DetectTlsVersionMatch;
+ sigmatch_table[DETECT_AL_TLS_VERSION].AppLayerTxMatch = DetectTlsVersionMatch;
sigmatch_table[DETECT_AL_TLS_VERSION].Setup = DetectTlsVersionSetup;
sigmatch_table[DETECT_AL_TLS_VERSION].Free = DetectTlsVersionFree;
sigmatch_table[DETECT_AL_TLS_VERSION].RegisterTests = DetectTlsVersionRegisterTests;
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+
+ g_tls_generic_list_id = DetectBufferTypeRegister("tls_generic");
}
/**
* \retval 1 match
*/
static int DetectTlsVersionMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
- Flow *f, uint8_t flags, void *state,
- const Signature *s, const SigMatchData *m)
+ Flow *f, uint8_t flags, void *state, void *txv,
+ const Signature *s, const SigMatchCtx *m)
{
SCEnter();
- const DetectTlsVersionData *tls_data = (const DetectTlsVersionData *)m->ctx;
+ const DetectTlsVersionData *tls_data = (const DetectTlsVersionData *)m;
SSLState *ssl_state = (SSLState *)state;
if (ssl_state == NULL) {
SCLogDebug("no tls state, no match");
sm->type = DETECT_AL_TLS_VERSION;
sm->ctx = (void *)tls;
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH);
+ SigMatchAppendSMToList(s, sm, g_tls_generic_list_id);
s->alproto = ALPROTO_TLS;
return 0;