detect-engine-prefilter-common.c detect-engine-prefilter-common.h \
detect-engine-proto.c detect-engine-proto.h \
detect-engine-profile.c detect-engine-profile.h \
+detect-engine-register.c detect-engine-register.h \
detect-engine-siggroup.c detect-engine-siggroup.h \
detect-engine-sigorder.c detect-engine-sigorder.h \
detect-engine-state.c detect-engine-state.h \
--- /dev/null
+/* Copyright (C) 2007-2017 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * \author Victor Julien <victor@inliniac.net>
+ */
+
+#include "suricata-common.h"
+#include "suricata.h"
+#include "debug.h"
+#include "detect.h"
+#include "flow.h"
+#include "flow-private.h"
+#include "flow-bit.h"
+
+#include "detect-parse.h"
+#include "detect-engine.h"
+#include "detect-engine-profile.h"
+
+#include "detect-engine-alert.h"
+#include "detect-engine-siggroup.h"
+#include "detect-engine-address.h"
+#include "detect-engine-proto.h"
+#include "detect-engine-port.h"
+#include "detect-engine-mpm.h"
+#include "detect-engine-iponly.h"
+#include "detect-engine-threshold.h"
+#include "detect-engine-prefilter.h"
+
+#include "detect-engine-payload.h"
+#include "detect-engine-dcepayload.h"
+#include "detect-engine-uri.h"
+#include "detect-dns-query.h"
+#include "detect-tls-sni.h"
+#include "detect-tls-cert-fingerprint.h"
+#include "detect-tls-cert-issuer.h"
+#include "detect-tls-cert-subject.h"
+#include "detect-tls-cert-serial.h"
+#include "detect-engine-state.h"
+#include "detect-engine-analyzer.h"
+#include "detect-engine-filedata-smtp.h"
+
+#include "detect-http-cookie.h"
+#include "detect-http-method.h"
+#include "detect-http-ua.h"
+#include "detect-http-hh.h"
+#include "detect-http-hrh.h"
+
+#include "detect-nfs-procedure.h"
+#include "detect-nfs-version.h"
+
+#include "detect-engine-event.h"
+#include "decode.h"
+
+#include "detect-base64-decode.h"
+#include "detect-base64-data.h"
+#include "detect-ipopts.h"
+#include "detect-flags.h"
+#include "detect-fragbits.h"
+#include "detect-fragoffset.h"
+#include "detect-gid.h"
+#include "detect-ack.h"
+#include "detect-seq.h"
+#include "detect-content.h"
+#include "detect-uricontent.h"
+#include "detect-pcre.h"
+#include "detect-depth.h"
+#include "detect-nocase.h"
+#include "detect-rawbytes.h"
+#include "detect-bytetest.h"
+#include "detect-bytejump.h"
+#include "detect-sameip.h"
+#include "detect-l3proto.h"
+#include "detect-ipproto.h"
+#include "detect-within.h"
+#include "detect-distance.h"
+#include "detect-offset.h"
+#include "detect-sid.h"
+#include "detect-prefilter.h"
+#include "detect-priority.h"
+#include "detect-classtype.h"
+#include "detect-reference.h"
+#include "detect-tag.h"
+#include "detect-threshold.h"
+#include "detect-metadata.h"
+#include "detect-msg.h"
+#include "detect-rev.h"
+#include "detect-flow.h"
+#include "detect-window.h"
+#include "detect-ftpbounce.h"
+#include "detect-isdataat.h"
+#include "detect-id.h"
+#include "detect-rpc.h"
+#include "detect-asn1.h"
+#include "detect-filename.h"
+#include "detect-fileext.h"
+#include "detect-filestore.h"
+#include "detect-filemagic.h"
+#include "detect-filemd5.h"
+#include "detect-filesha1.h"
+#include "detect-filesha256.h"
+#include "detect-filesize.h"
+#include "detect-dsize.h"
+#include "detect-flowvar.h"
+#include "detect-flowint.h"
+#include "detect-pktvar.h"
+#include "detect-noalert.h"
+#include "detect-flowbits.h"
+#include "detect-hostbits.h"
+#include "detect-xbits.h"
+#include "detect-csum.h"
+#include "detect-stream_size.h"
+#include "detect-engine-sigorder.h"
+#include "detect-ttl.h"
+#include "detect-fast-pattern.h"
+#include "detect-itype.h"
+#include "detect-icode.h"
+#include "detect-icmp-id.h"
+#include "detect-icmp-seq.h"
+#include "detect-dce-iface.h"
+#include "detect-dce-opnum.h"
+#include "detect-dce-stub-data.h"
+#include "detect-urilen.h"
+#include "detect-detection-filter.h"
+#include "detect-http-client-body.h"
+#include "detect-http-server-body.h"
+#include "detect-http-header.h"
+#include "detect-http-header-names.h"
+#include "detect-http-headers.h"
+#include "detect-http-raw-header.h"
+#include "detect-http-uri.h"
+#include "detect-http-protocol.h"
+#include "detect-http-start.h"
+#include "detect-http-raw-uri.h"
+#include "detect-http-stat-msg.h"
+#include "detect-http-request-line.h"
+#include "detect-http-response-line.h"
+#include "detect-engine-hcbd.h"
+#include "detect-engine-hsbd.h"
+#include "detect-engine-hrhd.h"
+#include "detect-engine-hmd.h"
+#include "detect-engine-hcd.h"
+#include "detect-engine-hrud.h"
+#include "detect-engine-hsmd.h"
+#include "detect-engine-hscd.h"
+#include "detect-engine-hua.h"
+#include "detect-engine-hhhd.h"
+#include "detect-engine-hrhhd.h"
+#include "detect-byte-extract.h"
+#include "detect-file-data.h"
+#include "detect-pkt-data.h"
+#include "detect-replace.h"
+#include "detect-tos.h"
+#include "detect-app-layer-event.h"
+#include "detect-lua.h"
+#include "detect-iprep.h"
+#include "detect-geoip.h"
+#include "detect-app-layer-protocol.h"
+#include "detect-template.h"
+#include "detect-target.h"
+#include "detect-template-buffer.h"
+#include "detect-bypass.h"
+#include "detect-engine-content-inspection.h"
+
+#include "util-rule-vars.h"
+
+#include "app-layer.h"
+#include "app-layer-protos.h"
+#include "app-layer-htp.h"
+#include "app-layer-smtp.h"
+#include "app-layer-template.h"
+#include "detect-tls.h"
+#include "detect-tls-cert-validity.h"
+#include "detect-tls-version.h"
+#include "detect-ssh-proto.h"
+#include "detect-ssh-proto-version.h"
+#include "detect-ssh-software.h"
+#include "detect-ssh-software-version.h"
+#include "detect-http-stat-code.h"
+#include "detect-ssl-version.h"
+#include "detect-ssl-state.h"
+#include "detect-modbus.h"
+#include "detect-cipservice.h"
+#include "detect-dnp3.h"
+
+#include "action-globals.h"
+#include "tm-threads.h"
+
+#include "pkt-var.h"
+
+#include "conf.h"
+#include "conf-yaml-loader.h"
+
+#include "stream-tcp.h"
+#include "stream-tcp-inline.h"
+
+#include "util-lua.h"
+#include "util-var-name.h"
+#include "util-classification-config.h"
+#include "util-threshold-config.h"
+#include "util-print.h"
+#include "util-unittest.h"
+#include "util-unittest-helper.h"
+#include "util-debug.h"
+#include "util-hashlist.h"
+#include "util-cuda.h"
+#include "util-privs.h"
+#include "util-profiling.h"
+#include "util-validate.h"
+#include "util-optimize.h"
+#include "util-path.h"
+#include "util-mpm-ac.h"
+#include "runmodes.h"
+
+static void PrintFeatureList(const SigTableElmt *e, char sep)
+{
+ const uint8_t flags = e->flags;
+
+ int prev = 0;
+ if (flags & SIGMATCH_NOOPT) {
+ printf("No option");
+ prev = 1;
+ }
+ if (flags & SIGMATCH_IPONLY_COMPAT) {
+ if (prev == 1)
+ printf("%c", sep);
+ printf("compatible with IP only rule");
+ prev = 1;
+ }
+ if (flags & SIGMATCH_DEONLY_COMPAT) {
+ if (prev == 1)
+ printf("%c", sep);
+ printf("compatible with decoder event only rule");
+ prev = 1;
+ }
+ if (e->SupportsPrefilter) {
+ if (prev == 1)
+ printf("%c", sep);
+ printf("prefilter");
+ prev = 1;
+ }
+ if (prev == 0) {
+ printf("none");
+ }
+}
+
+static void SigMultilinePrint(int i, const char *prefix)
+{
+ if (sigmatch_table[i].desc) {
+ printf("%sDescription: %s\n", prefix, sigmatch_table[i].desc);
+ }
+ printf("%sFeatures: ", prefix);
+ PrintFeatureList(&sigmatch_table[i], ',');
+ if (sigmatch_table[i].url) {
+ printf("\n%sDocumentation: %s", prefix, sigmatch_table[i].url);
+ }
+ printf("\n");
+}
+
+void SigTableList(const char *keyword)
+{
+ size_t size = sizeof(sigmatch_table) / sizeof(SigTableElmt);
+ size_t i;
+
+ if (keyword == NULL) {
+ printf("=====Supported keywords=====\n");
+ for (i = 0; i < size; i++) {
+ if (sigmatch_table[i].name != NULL) {
+ if (sigmatch_table[i].flags & SIGMATCH_NOT_BUILT) {
+ printf("- %s (not built-in)\n", sigmatch_table[i].name);
+ } else {
+ printf("- %s\n", sigmatch_table[i].name);
+ }
+ }
+ }
+ } else if (strcmp("csv", keyword) == 0) {
+ printf("name;description;app layer;features;documentation\n");
+ for (i = 0; i < size; i++) {
+ if (sigmatch_table[i].name != NULL) {
+ if (sigmatch_table[i].flags & SIGMATCH_NOT_BUILT) {
+ continue;
+ }
+ printf("%s;", sigmatch_table[i].name);
+ if (sigmatch_table[i].desc) {
+ printf("%s", sigmatch_table[i].desc);
+ }
+ /* Build feature */
+ printf(";Unset;"); // this used to be alproto
+ PrintFeatureList(&sigmatch_table[i], ':');
+ printf(";");
+ if (sigmatch_table[i].url) {
+ printf("%s", sigmatch_table[i].url);
+ }
+ printf(";");
+ printf("\n");
+ }
+ }
+ } else if (strcmp("all", keyword) == 0) {
+ for (i = 0; i < size; i++) {
+ if (sigmatch_table[i].name != NULL) {
+ printf("%s:\n", sigmatch_table[i].name);
+ SigMultilinePrint(i, "\t");
+ }
+ }
+ } else {
+ for (i = 0; i < size; i++) {
+ if ((sigmatch_table[i].name != NULL) &&
+ strcmp(sigmatch_table[i].name, keyword) == 0) {
+ printf("= %s =\n", sigmatch_table[i].name);
+ if (sigmatch_table[i].flags & SIGMATCH_NOT_BUILT) {
+ printf("Not built-in\n");
+ return;
+ }
+ SigMultilinePrint(i, "");
+ return;
+ }
+ }
+ }
+ return;
+}
+
+void SigTableSetup(void)
+{
+ memset(sigmatch_table, 0, sizeof(sigmatch_table));
+
+ DetectSidRegister();
+ DetectPriorityRegister();
+ DetectPrefilterRegister();
+ DetectRevRegister();
+ DetectClasstypeRegister();
+ DetectReferenceRegister();
+ DetectTagRegister();
+ DetectThresholdRegister();
+ DetectMetadataRegister();
+ DetectMsgRegister();
+ DetectAckRegister();
+ DetectSeqRegister();
+ DetectContentRegister();
+ DetectUricontentRegister();
+
+ /* NOTE: the order of these currently affects inspect
+ * engine registration order and ultimately the order
+ * of inspect engines in the rule. Which in turn affects
+ * state keeping */
+ DetectHttpUriRegister();
+ DetectHttpRequestLineRegister();
+ DetectHttpClientBodyRegister();
+ DetectHttpResponseLineRegister();
+ DetectHttpServerBodyRegister();
+ DetectHttpHeaderRegister();
+ DetectHttpHeaderNamesRegister();
+ DetectHttpHeadersRegister();
+ DetectHttpProtocolRegister();
+ DetectHttpStartRegister();
+ DetectHttpRawHeaderRegister();
+ DetectHttpMethodRegister();
+ DetectHttpCookieRegister();
+ DetectHttpRawUriRegister();
+
+ DetectFilenameRegister();
+ DetectFileextRegister();
+ DetectFilestoreRegister();
+ DetectFilemagicRegister();
+ DetectFileMd5Register();
+ DetectFileSha1Register();
+ DetectFileSha256Register();
+ DetectFilesizeRegister();
+
+ DetectHttpUARegister();
+ DetectHttpHHRegister();
+ DetectHttpHRHRegister();
+
+ DetectHttpStatMsgRegister();
+ DetectHttpStatCodeRegister();
+
+ DetectDnsQueryRegister();
+ DetectModbusRegister();
+ DetectCipServiceRegister();
+ DetectEnipCommandRegister();
+ DetectDNP3Register();
+
+ DetectTlsSniRegister();
+ DetectTlsIssuerRegister();
+ DetectTlsSubjectRegister();
+ DetectTlsSerialRegister();
+ DetectTlsFingerprintRegister();
+
+ DetectAppLayerEventRegister();
+ /* end of order dependent regs */
+
+ DetectPcreRegister();
+ DetectDepthRegister();
+ DetectNocaseRegister();
+ DetectRawbytesRegister();
+ DetectBytetestRegister();
+ DetectBytejumpRegister();
+ DetectSameipRegister();
+ DetectGeoipRegister();
+ DetectL3ProtoRegister();
+ DetectIPProtoRegister();
+ DetectWithinRegister();
+ DetectDistanceRegister();
+ DetectOffsetRegister();
+ DetectReplaceRegister();
+ DetectFlowRegister();
+ DetectWindowRegister();
+ DetectRpcRegister();
+ DetectFtpbounceRegister();
+ DetectIsdataatRegister();
+ DetectIdRegister();
+ DetectDsizeRegister();
+ DetectFlowvarRegister();
+ DetectFlowintRegister();
+ DetectPktvarRegister();
+ DetectNoalertRegister();
+ DetectFlowbitsRegister();
+ DetectHostbitsRegister();
+ DetectXbitsRegister();
+ DetectEngineEventRegister();
+ DetectIpOptsRegister();
+ DetectFlagsRegister();
+ DetectFragBitsRegister();
+ DetectFragOffsetRegister();
+ DetectGidRegister();
+ DetectMarkRegister();
+ DetectCsumRegister();
+ DetectStreamSizeRegister();
+ DetectTtlRegister();
+ DetectTosRegister();
+ DetectFastPatternRegister();
+ DetectITypeRegister();
+ DetectICodeRegister();
+ DetectIcmpIdRegister();
+ DetectIcmpSeqRegister();
+ DetectDceIfaceRegister();
+ DetectDceOpnumRegister();
+ DetectDceStubDataRegister();
+ DetectTlsRegister();
+ DetectTlsValidityRegister();
+ DetectTlsVersionRegister();
+ DetectNfsProcedureRegister();
+ DetectNfsVersionRegister();
+ DetectUrilenRegister();
+ DetectDetectionFilterRegister();
+ DetectAsn1Register();
+ DetectSshProtocolRegister();
+ DetectSshVersionRegister();
+ DetectSshSoftwareRegister();
+ DetectSshSoftwareVersionRegister();
+ DetectSslStateRegister();
+ DetectSslVersionRegister();
+ DetectByteExtractRegister();
+ DetectFiledataRegister();
+ DetectPktDataRegister();
+ DetectLuaRegister();
+ DetectIPRepRegister();
+ DetectAppLayerProtocolRegister();
+ DetectBase64DecodeRegister();
+ DetectBase64DataRegister();
+ DetectTemplateRegister();
+ DetectTargetRegister();
+ DetectTemplateBufferRegister();
+ DetectBypassRegister();
+
+ /* close keyword registration */
+ DetectBufferTypeFinalizeRegistration();
+}
+
+void SigTableRegisterTests(void)
+{
+ /* register the tests */
+ int i = 0;
+ for (i = 0; i < DETECT_TBLSIZE; i++) {
+ g_ut_modules++;
+ if (sigmatch_table[i].RegisterTests != NULL) {
+ sigmatch_table[i].RegisterTests();
+ g_ut_covered++;
+ } else {
+ SCLogDebug("detection plugin %s has no unittest "
+ "registration function.", sigmatch_table[i].name);
+
+ if (coverage_unittests)
+ SCLogWarning(SC_WARN_NO_UNITTESTS, "detection plugin %s has no unittest "
+ "registration function.", sigmatch_table[i].name);
+ }
+ }
+}
--- /dev/null
+/* Copyright (C) 2007-2017 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * \author Victor Julien <victor@inliniac.net>
+ */
+
+#ifndef __DETECT_ENGINE_REGISTER_H__
+#define __DETECT_ENGINE_REGISTER_H__
+
+enum {
+ DETECT_SID,
+ DETECT_PRIORITY,
+ DETECT_REV,
+ DETECT_CLASSTYPE,
+
+ /* sorted by prefilter priority. Higher in this list means it will be
+ * picked over ones lower in the list */
+ DETECT_AL_APP_LAYER_PROTOCOL,
+ DETECT_ACK,
+ DETECT_SEQ,
+ DETECT_WINDOW,
+ DETECT_IPOPTS,
+ DETECT_FLAGS,
+ DETECT_FRAGBITS,
+ DETECT_FRAGOFFSET,
+ DETECT_TTL,
+ DETECT_TOS,
+ DETECT_ITYPE,
+ DETECT_ICODE,
+ DETECT_ICMP_ID,
+ DETECT_ICMP_SEQ,
+ DETECT_DSIZE,
+
+ DETECT_FLOW,
+ /* end prefilter sort */
+
+ DETECT_THRESHOLD,
+ DETECT_METADATA,
+ DETECT_REFERENCE,
+ DETECT_TAG,
+ DETECT_MSG,
+ DETECT_CONTENT,
+ DETECT_URICONTENT,
+ DETECT_PCRE,
+ DETECT_DEPTH,
+ DETECT_DISTANCE,
+ DETECT_WITHIN,
+ DETECT_OFFSET,
+ DETECT_REPLACE,
+ DETECT_NOCASE,
+ DETECT_FAST_PATTERN,
+ DETECT_RAWBYTES,
+ DETECT_BYTETEST,
+ DETECT_BYTEJUMP,
+ DETECT_SAMEIP,
+ DETECT_GEOIP,
+ DETECT_IPPROTO,
+ DETECT_FTPBOUNCE,
+ DETECT_ISDATAAT,
+ DETECT_ID,
+ DETECT_RPC,
+ DETECT_FLOWVAR,
+ DETECT_FLOWVAR_POSTMATCH,
+ DETECT_FLOWINT,
+ DETECT_PKTVAR,
+ DETECT_NOALERT,
+ DETECT_FLOWBITS,
+ DETECT_HOSTBITS,
+ DETECT_IPV4_CSUM,
+ DETECT_TCPV4_CSUM,
+ DETECT_TCPV6_CSUM,
+ DETECT_UDPV4_CSUM,
+ DETECT_UDPV6_CSUM,
+ DETECT_ICMPV4_CSUM,
+ DETECT_ICMPV6_CSUM,
+ DETECT_STREAM_SIZE,
+ DETECT_DETECTION_FILTER,
+
+ DETECT_DECODE_EVENT,
+ DETECT_GID,
+ DETECT_MARK,
+
+ DETECT_AL_TLS_VERSION,
+ DETECT_AL_TLS_SUBJECT,
+ DETECT_AL_TLS_ISSUERDN,
+ DETECT_AL_TLS_NOTBEFORE,
+ DETECT_AL_TLS_NOTAFTER,
+ DETECT_AL_TLS_EXPIRED,
+ DETECT_AL_TLS_VALID,
+ DETECT_AL_TLS_FINGERPRINT,
+ DETECT_AL_TLS_STORE,
+
+ DETECT_AL_HTTP_COOKIE,
+ DETECT_AL_HTTP_METHOD,
+ DETECT_AL_HTTP_PROTOCOL,
+ DETECT_AL_HTTP_START,
+ DETECT_AL_URILEN,
+ DETECT_AL_HTTP_CLIENT_BODY,
+ DETECT_AL_HTTP_SERVER_BODY,
+ DETECT_AL_HTTP_HEADER,
+ DETECT_AL_HTTP_HEADER_NAMES,
+ DETECT_AL_HTTP_HEADER_ACCEPT,
+ DETECT_AL_HTTP_HEADER_ACCEPT_LANG,
+ DETECT_AL_HTTP_HEADER_ACCEPT_ENC,
+ DETECT_AL_HTTP_HEADER_CONNECTION,
+ DETECT_AL_HTTP_HEADER_CONTENT_LEN,
+ DETECT_AL_HTTP_HEADER_CONTENT_TYPE,
+ DETECT_AL_HTTP_HEADER_REFERER,
+ DETECT_AL_HTTP_RAW_HEADER,
+ DETECT_AL_HTTP_URI,
+ DETECT_AL_HTTP_RAW_URI,
+ DETECT_AL_HTTP_STAT_MSG,
+ DETECT_AL_HTTP_STAT_CODE,
+ DETECT_AL_HTTP_USER_AGENT,
+ DETECT_AL_HTTP_HOST,
+ DETECT_AL_HTTP_RAW_HOST,
+ DETECT_AL_HTTP_REQUEST_LINE,
+ DETECT_AL_HTTP_RESPONSE_LINE,
+ DETECT_AL_NFS_PROCEDURE,
+ DETECT_AL_NFS_VERSION,
+ DETECT_AL_SSH_PROTOCOL,
+ DETECT_AL_SSH_PROTOVERSION,
+ DETECT_AL_SSH_SOFTWARE,
+ DETECT_AL_SSH_SOFTWAREVERSION,
+ DETECT_AL_SSL_VERSION,
+ DETECT_AL_SSL_STATE,
+ DETECT_BYTE_EXTRACT,
+ DETECT_FILE_DATA,
+ DETECT_PKT_DATA,
+ DETECT_AL_APP_LAYER_EVENT,
+
+ DETECT_DCE_IFACE,
+ DETECT_DCE_OPNUM,
+ DETECT_DCE_STUB_DATA,
+
+ DETECT_ASN1,
+
+ DETECT_ENGINE_EVENT,
+ DETECT_STREAM_EVENT,
+
+ DETECT_FILENAME,
+ DETECT_FILEEXT,
+ DETECT_FILESTORE,
+ DETECT_FILEMAGIC,
+ DETECT_FILEMD5,
+ DETECT_FILESHA1,
+ DETECT_FILESHA256,
+ DETECT_FILESIZE,
+
+ DETECT_L3PROTO,
+ DETECT_LUA,
+ DETECT_IPREP,
+
+ DETECT_AL_DNS_QUERY,
+ DETECT_AL_TLS_SNI,
+ DETECT_AL_TLS_CERT_ISSUER,
+ DETECT_AL_TLS_CERT_SUBJECT,
+ DETECT_AL_TLS_CERT_SERIAL,
+ DETECT_AL_TLS_CERT_FINGERPRINT,
+
+ DETECT_AL_MODBUS,
+ DETECT_CIPSERVICE,
+ DETECT_ENIPCOMMAND,
+
+ DETECT_AL_DNP3DATA,
+ DETECT_AL_DNP3FUNC,
+ DETECT_AL_DNP3IND,
+ DETECT_AL_DNP3OBJ,
+
+ DETECT_XBITS,
+ DETECT_BASE64_DECODE,
+ DETECT_BASE64_DATA,
+
+ DETECT_TEMPLATE,
+ DETECT_TARGET,
+ DETECT_AL_TEMPLATE_BUFFER,
+
+ DETECT_BYPASS,
+
+ DETECT_PREFILTER,
+
+ /* make sure this stays last */
+ DETECT_TBLSIZE,
+};
+
+/* Table with all SigMatch registrations */
+SigTableElmt sigmatch_table[DETECT_TBLSIZE];
+
+void SigTableList(const char *keyword);
+void SigTableSetup(void);
+void SigTableRegisterTests(void);
+
+#endif /* __DETECT_ENGINE_REGISTER_H__ */
-/* Copyright (C) 2007-2014 Open Information Security Foundation
+/* Copyright (C) 2007-2017 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#include "suricata-common.h"
#include "suricata.h"
+#include "tm-threads.h"
#include "debug.h"
-#include "detect.h"
+#include "decode.h"
#include "flow.h"
-#include "flow-private.h"
-#include "flow-bit.h"
+#include "stream-tcp.h"
+#include "app-layer.h"
+#include "app-layer-parser.h"
+#include "app-layer-protos.h"
+
+#include "pkt-var.h"
+
+#include "conf.h"
+#include "conf-yaml-loader.h"
+#include "action-globals.h"
+#include "detect.h"
#include "detect-parse.h"
#include "detect-engine.h"
#include "detect-engine-profile.h"
#include "detect-engine-threshold.h"
#include "detect-engine-prefilter.h"
-#include "detect-engine-payload.h"
-#include "detect-engine-dcepayload.h"
-#include "detect-engine-uri.h"
-#include "detect-dns-query.h"
-#include "detect-tls-sni.h"
-#include "detect-tls-cert-issuer.h"
-#include "detect-tls-cert-subject.h"
-#include "detect-tls-cert-serial.h"
-#include "detect-tls-cert-fingerprint.h"
#include "detect-engine-state.h"
#include "detect-engine-analyzer.h"
+#include "detect-engine-payload.h"
#include "detect-engine-filedata-smtp.h"
-#include "detect-http-cookie.h"
-#include "detect-http-method.h"
-#include "detect-http-ua.h"
-#include "detect-http-hh.h"
-#include "detect-http-hrh.h"
-
-#include "detect-nfs-procedure.h"
-#include "detect-nfs-version.h"
-
#include "detect-engine-event.h"
-#include "decode.h"
-
-#include "detect-base64-decode.h"
-#include "detect-base64-data.h"
-#include "detect-ipopts.h"
-#include "detect-flags.h"
-#include "detect-fragbits.h"
-#include "detect-fragoffset.h"
-#include "detect-gid.h"
-#include "detect-ack.h"
-#include "detect-seq.h"
-#include "detect-content.h"
-#include "detect-uricontent.h"
-#include "detect-pcre.h"
-#include "detect-depth.h"
-#include "detect-nocase.h"
-#include "detect-rawbytes.h"
-#include "detect-bytetest.h"
-#include "detect-bytejump.h"
-#include "detect-sameip.h"
-#include "detect-l3proto.h"
-#include "detect-ipproto.h"
-#include "detect-within.h"
-#include "detect-distance.h"
-#include "detect-offset.h"
-#include "detect-sid.h"
-#include "detect-prefilter.h"
-#include "detect-priority.h"
-#include "detect-classtype.h"
-#include "detect-reference.h"
-#include "detect-tag.h"
-#include "detect-threshold.h"
-#include "detect-metadata.h"
-#include "detect-msg.h"
-#include "detect-rev.h"
-#include "detect-flow.h"
-#include "detect-window.h"
-#include "detect-ftpbounce.h"
-#include "detect-isdataat.h"
-#include "detect-id.h"
-#include "detect-rpc.h"
-#include "detect-asn1.h"
-#include "detect-filename.h"
-#include "detect-fileext.h"
-#include "detect-filestore.h"
-#include "detect-filemagic.h"
-#include "detect-filemd5.h"
-#include "detect-filesha1.h"
-#include "detect-filesha256.h"
-#include "detect-filesize.h"
-#include "detect-dsize.h"
-#include "detect-flowvar.h"
-#include "detect-flowint.h"
-#include "detect-pktvar.h"
-#include "detect-noalert.h"
-#include "detect-flowbits.h"
-#include "detect-hostbits.h"
-#include "detect-xbits.h"
-#include "detect-csum.h"
-#include "detect-stream_size.h"
#include "detect-engine-sigorder.h"
-#include "detect-ttl.h"
-#include "detect-fast-pattern.h"
-#include "detect-itype.h"
-#include "detect-icode.h"
-#include "detect-icmp-id.h"
-#include "detect-icmp-seq.h"
-#include "detect-dce-iface.h"
-#include "detect-dce-opnum.h"
-#include "detect-dce-stub-data.h"
-#include "detect-urilen.h"
-#include "detect-detection-filter.h"
-#include "detect-http-client-body.h"
-#include "detect-http-server-body.h"
-#include "detect-http-header.h"
-#include "detect-http-header-names.h"
-#include "detect-http-headers.h"
-#include "detect-http-raw-header.h"
-#include "detect-http-uri.h"
-#include "detect-http-protocol.h"
-#include "detect-http-start.h"
-#include "detect-http-raw-uri.h"
-#include "detect-http-stat-msg.h"
-#include "detect-http-request-line.h"
-#include "detect-http-response-line.h"
#include "detect-engine-hcbd.h"
#include "detect-engine-hsbd.h"
#include "detect-engine-hrhd.h"
#include "detect-engine-hua.h"
#include "detect-engine-hhhd.h"
#include "detect-engine-hrhhd.h"
-#include "detect-byte-extract.h"
-#include "detect-file-data.h"
-#include "detect-pkt-data.h"
-#include "detect-replace.h"
-#include "detect-tos.h"
-#include "detect-app-layer-event.h"
-#include "detect-lua.h"
-#include "detect-iprep.h"
-#include "detect-geoip.h"
-#include "detect-app-layer-protocol.h"
-#include "detect-template.h"
-#include "detect-target.h"
-#include "detect-template-buffer.h"
-#include "detect-bypass.h"
#include "detect-engine-content-inspection.h"
-#include "util-rule-vars.h"
-
-#include "app-layer.h"
-#include "app-layer-protos.h"
-#include "app-layer-htp.h"
-#include "app-layer-smtp.h"
-#include "app-layer-template.h"
-#include "detect-tls.h"
-#include "detect-tls-cert-validity.h"
-#include "detect-tls-version.h"
-#include "detect-ssh-proto.h"
-#include "detect-ssh-proto-version.h"
-#include "detect-ssh-software.h"
-#include "detect-ssh-software-version.h"
-#include "detect-http-stat-code.h"
-#include "detect-ssl-version.h"
-#include "detect-ssl-state.h"
-#include "detect-modbus.h"
-#include "detect-cipservice.h"
-#include "detect-dnp3.h"
-
-#include "action-globals.h"
-#include "tm-threads.h"
-
-#include "pkt-var.h"
-
-#include "conf.h"
-#include "conf-yaml-loader.h"
-
-#include "stream-tcp.h"
-#include "stream-tcp-inline.h"
+#include "detect-filestore.h"
+#include "detect-flowvar.h"
+#include "detect-replace.h"
-#include "util-lua.h"
+#include "util-rule-vars.h"
#include "util-var-name.h"
#include "util-classification-config.h"
#include "util-threshold-config.h"
#include "util-print.h"
-#include "util-unittest.h"
-#include "util-unittest-helper.h"
#include "util-debug.h"
-#include "util-hashlist.h"
-#include "util-cuda.h"
-#include "util-privs.h"
-#include "util-profiling.h"
#include "util-validate.h"
-#include "util-optimize.h"
#include "util-path.h"
-#include "util-mpm-ac.h"
#include "util-detect.h"
-#include "runmodes.h"
#ifdef HAVE_GLOB_H
#include <glob.h>
DetectPostInspectFileFlagsUpdate(f, NULL /* no sgh */, STREAM_TOCLIENT);
}
-static void PrintFeatureList(const SigTableElmt *e, char sep)
-{
- const uint8_t flags = e->flags;
-
- int prev = 0;
- if (flags & SIGMATCH_NOOPT) {
- printf("No option");
- prev = 1;
- }
- if (flags & SIGMATCH_IPONLY_COMPAT) {
- if (prev == 1)
- printf("%c", sep);
- printf("compatible with IP only rule");
- prev = 1;
- }
- if (flags & SIGMATCH_DEONLY_COMPAT) {
- if (prev == 1)
- printf("%c", sep);
- printf("compatible with decoder event only rule");
- prev = 1;
- }
- if (e->SupportsPrefilter) {
- if (prev == 1)
- printf("%c", sep);
- printf("prefilter");
- prev = 1;
- }
- if (prev == 0) {
- printf("none");
- }
-}
-
-static void SigMultilinePrint(int i, const char *prefix)
-{
- if (sigmatch_table[i].desc) {
- printf("%sDescription: %s\n", prefix, sigmatch_table[i].desc);
- }
- printf("%sFeatures: ", prefix);
- PrintFeatureList(&sigmatch_table[i], ',');
- if (sigmatch_table[i].url) {
- printf("\n%sDocumentation: %s", prefix, sigmatch_table[i].url);
- }
- printf("\n");
-}
-
-void SigTableList(const char *keyword)
-{
- size_t size = sizeof(sigmatch_table) / sizeof(SigTableElmt);
- size_t i;
-
- if (keyword == NULL) {
- printf("=====Supported keywords=====\n");
- for (i = 0; i < size; i++) {
- if (sigmatch_table[i].name != NULL) {
- if (sigmatch_table[i].flags & SIGMATCH_NOT_BUILT) {
- printf("- %s (not built-in)\n", sigmatch_table[i].name);
- } else {
- printf("- %s\n", sigmatch_table[i].name);
- }
- }
- }
- } else if (strcmp("csv", keyword) == 0) {
- printf("name;description;app layer;features;documentation\n");
- for (i = 0; i < size; i++) {
- if (sigmatch_table[i].name != NULL) {
- if (sigmatch_table[i].flags & SIGMATCH_NOT_BUILT) {
- continue;
- }
- printf("%s;", sigmatch_table[i].name);
- if (sigmatch_table[i].desc) {
- printf("%s", sigmatch_table[i].desc);
- }
- /* Build feature */
- printf(";Unset;"); // this used to be alproto
- PrintFeatureList(&sigmatch_table[i], ':');
- printf(";");
- if (sigmatch_table[i].url) {
- printf("%s", sigmatch_table[i].url);
- }
- printf(";");
- printf("\n");
- }
- }
- } else if (strcmp("all", keyword) == 0) {
- for (i = 0; i < size; i++) {
- if (sigmatch_table[i].name != NULL) {
- printf("%s:\n", sigmatch_table[i].name);
- SigMultilinePrint(i, "\t");
- }
- }
- } else {
- for (i = 0; i < size; i++) {
- if ((sigmatch_table[i].name != NULL) &&
- strcmp(sigmatch_table[i].name, keyword) == 0) {
- printf("= %s =\n", sigmatch_table[i].name);
- if (sigmatch_table[i].flags & SIGMATCH_NOT_BUILT) {
- printf("Not built-in\n");
- return;
- }
- SigMultilinePrint(i, "");
- return;
- }
- }
- }
- return;
-}
-
-void SigTableSetup(void)
-{
- memset(sigmatch_table, 0, sizeof(sigmatch_table));
-
- DetectSidRegister();
- DetectPriorityRegister();
- DetectPrefilterRegister();
- DetectRevRegister();
- DetectClasstypeRegister();
- DetectReferenceRegister();
- DetectTagRegister();
- DetectThresholdRegister();
- DetectMetadataRegister();
- DetectMsgRegister();
- DetectAckRegister();
- DetectSeqRegister();
- DetectContentRegister();
- DetectUricontentRegister();
-
- /* NOTE: the order of these currently affects inspect
- * engine registration order and ultimately the order
- * of inspect engines in the rule. Which in turn affects
- * state keeping */
- DetectHttpUriRegister();
- DetectHttpRequestLineRegister();
- DetectHttpClientBodyRegister();
- DetectHttpResponseLineRegister();
- DetectHttpServerBodyRegister();
- DetectHttpHeaderRegister();
- DetectHttpHeaderNamesRegister();
- DetectHttpHeadersRegister();
- DetectHttpProtocolRegister();
- DetectHttpStartRegister();
- DetectHttpRawHeaderRegister();
- DetectHttpMethodRegister();
- DetectHttpCookieRegister();
- DetectHttpRawUriRegister();
-
- DetectFilenameRegister();
- DetectFileextRegister();
- DetectFilestoreRegister();
- DetectFilemagicRegister();
- DetectFileMd5Register();
- DetectFileSha1Register();
- DetectFileSha256Register();
- DetectFilesizeRegister();
-
- DetectHttpUARegister();
- DetectHttpHHRegister();
- DetectHttpHRHRegister();
-
- DetectHttpStatMsgRegister();
- DetectHttpStatCodeRegister();
-
- DetectDnsQueryRegister();
- DetectModbusRegister();
- DetectCipServiceRegister();
- DetectEnipCommandRegister();
- DetectDNP3Register();
-
- DetectTlsSniRegister();
- DetectTlsIssuerRegister();
- DetectTlsSubjectRegister();
- DetectTlsSerialRegister();
- DetectTlsFingerprintRegister();
-
- DetectAppLayerEventRegister();
- /* end of order dependent regs */
-
- DetectPcreRegister();
- DetectDepthRegister();
- DetectNocaseRegister();
- DetectRawbytesRegister();
- DetectBytetestRegister();
- DetectBytejumpRegister();
- DetectSameipRegister();
- DetectGeoipRegister();
- DetectL3ProtoRegister();
- DetectIPProtoRegister();
- DetectWithinRegister();
- DetectDistanceRegister();
- DetectOffsetRegister();
- DetectReplaceRegister();
- DetectFlowRegister();
- DetectWindowRegister();
- DetectRpcRegister();
- DetectFtpbounceRegister();
- DetectIsdataatRegister();
- DetectIdRegister();
- DetectDsizeRegister();
- DetectFlowvarRegister();
- DetectFlowintRegister();
- DetectPktvarRegister();
- DetectNoalertRegister();
- DetectFlowbitsRegister();
- DetectHostbitsRegister();
- DetectXbitsRegister();
- DetectEngineEventRegister();
- DetectIpOptsRegister();
- DetectFlagsRegister();
- DetectFragBitsRegister();
- DetectFragOffsetRegister();
- DetectGidRegister();
- DetectMarkRegister();
- DetectCsumRegister();
- DetectStreamSizeRegister();
- DetectTtlRegister();
- DetectTosRegister();
- DetectFastPatternRegister();
- DetectITypeRegister();
- DetectICodeRegister();
- DetectIcmpIdRegister();
- DetectIcmpSeqRegister();
- DetectDceIfaceRegister();
- DetectDceOpnumRegister();
- DetectDceStubDataRegister();
- DetectTlsRegister();
- DetectTlsValidityRegister();
- DetectTlsVersionRegister();
- DetectNfsProcedureRegister();
- DetectNfsVersionRegister();
- DetectUrilenRegister();
- DetectDetectionFilterRegister();
- DetectAsn1Register();
- DetectSshProtocolRegister();
- DetectSshVersionRegister();
- DetectSshSoftwareRegister();
- DetectSshSoftwareVersionRegister();
- DetectSslStateRegister();
- DetectSslVersionRegister();
- DetectByteExtractRegister();
- DetectFiledataRegister();
- DetectPktDataRegister();
- DetectLuaRegister();
- DetectIPRepRegister();
- DetectAppLayerProtocolRegister();
- DetectBase64DecodeRegister();
- DetectBase64DataRegister();
- DetectTemplateRegister();
- DetectTargetRegister();
- DetectTemplateBufferRegister();
- DetectBypassRegister();
-
- /* close keyword registration */
- DetectBufferTypeFinalizeRegistration();
-}
-
-void SigTableRegisterTests(void)
-{
- /* register the tests */
- int i = 0;
- for (i = 0; i < DETECT_TBLSIZE; i++) {
- g_ut_modules++;
- if (sigmatch_table[i].RegisterTests != NULL) {
- sigmatch_table[i].RegisterTests();
- g_ut_covered++;
- } else {
- SCLogDebug("detection plugin %s has no unittest "
- "registration function.", sigmatch_table[i].name);
-
- if (coverage_unittests)
- SCLogWarning(SC_WARN_NO_UNITTESTS, "detection plugin %s has no unittest "
- "registration function.", sigmatch_table[i].name);
- }
- }
-}
-
/*
* TESTS
*/
/** Remember to add the options in SignatureIsIPOnly() at detect.c otherwise it wont be part of a signature group */
-enum {
- DETECT_SID,
- DETECT_PRIORITY,
- DETECT_REV,
- DETECT_CLASSTYPE,
-
- /* sorted by prefilter priority. Higher in this list means it will be
- * picked over ones lower in the list */
- DETECT_AL_APP_LAYER_PROTOCOL,
- DETECT_ACK,
- DETECT_SEQ,
- DETECT_WINDOW,
- DETECT_IPOPTS,
- DETECT_FLAGS,
- DETECT_FRAGBITS,
- DETECT_FRAGOFFSET,
- DETECT_TTL,
- DETECT_TOS,
- DETECT_ITYPE,
- DETECT_ICODE,
- DETECT_ICMP_ID,
- DETECT_ICMP_SEQ,
- DETECT_DSIZE,
-
- DETECT_FLOW,
- /* end prefilter sort */
-
- DETECT_THRESHOLD,
- DETECT_METADATA,
- DETECT_REFERENCE,
- DETECT_TAG,
- DETECT_MSG,
- DETECT_CONTENT,
- DETECT_URICONTENT,
- DETECT_PCRE,
- DETECT_DEPTH,
- DETECT_DISTANCE,
- DETECT_WITHIN,
- DETECT_OFFSET,
- DETECT_REPLACE,
- DETECT_NOCASE,
- DETECT_FAST_PATTERN,
- DETECT_RAWBYTES,
- DETECT_BYTETEST,
- DETECT_BYTEJUMP,
- DETECT_SAMEIP,
- DETECT_GEOIP,
- DETECT_IPPROTO,
- DETECT_FTPBOUNCE,
- DETECT_ISDATAAT,
- DETECT_ID,
- DETECT_RPC,
- DETECT_FLOWVAR,
- DETECT_FLOWVAR_POSTMATCH,
- DETECT_FLOWINT,
- DETECT_PKTVAR,
- DETECT_NOALERT,
- DETECT_FLOWBITS,
- DETECT_HOSTBITS,
- DETECT_IPV4_CSUM,
- DETECT_TCPV4_CSUM,
- DETECT_TCPV6_CSUM,
- DETECT_UDPV4_CSUM,
- DETECT_UDPV6_CSUM,
- DETECT_ICMPV4_CSUM,
- DETECT_ICMPV6_CSUM,
- DETECT_STREAM_SIZE,
- DETECT_DETECTION_FILTER,
-
- DETECT_DECODE_EVENT,
- DETECT_GID,
- DETECT_MARK,
-
- DETECT_AL_TLS_VERSION,
- DETECT_AL_TLS_SUBJECT,
- DETECT_AL_TLS_ISSUERDN,
- DETECT_AL_TLS_NOTBEFORE,
- DETECT_AL_TLS_NOTAFTER,
- DETECT_AL_TLS_EXPIRED,
- DETECT_AL_TLS_VALID,
- DETECT_AL_TLS_FINGERPRINT,
- DETECT_AL_TLS_STORE,
-
- DETECT_AL_HTTP_COOKIE,
- DETECT_AL_HTTP_METHOD,
- DETECT_AL_HTTP_PROTOCOL,
- DETECT_AL_HTTP_START,
- DETECT_AL_URILEN,
- DETECT_AL_HTTP_CLIENT_BODY,
- DETECT_AL_HTTP_SERVER_BODY,
- DETECT_AL_HTTP_HEADER,
- DETECT_AL_HTTP_HEADER_NAMES,
- DETECT_AL_HTTP_HEADER_ACCEPT,
- DETECT_AL_HTTP_HEADER_ACCEPT_LANG,
- DETECT_AL_HTTP_HEADER_ACCEPT_ENC,
- DETECT_AL_HTTP_HEADER_CONNECTION,
- DETECT_AL_HTTP_HEADER_CONTENT_LEN,
- DETECT_AL_HTTP_HEADER_CONTENT_TYPE,
- DETECT_AL_HTTP_HEADER_REFERER,
- DETECT_AL_HTTP_RAW_HEADER,
- DETECT_AL_HTTP_URI,
- DETECT_AL_HTTP_RAW_URI,
- DETECT_AL_HTTP_STAT_MSG,
- DETECT_AL_HTTP_STAT_CODE,
- DETECT_AL_HTTP_USER_AGENT,
- DETECT_AL_HTTP_HOST,
- DETECT_AL_HTTP_RAW_HOST,
- DETECT_AL_HTTP_REQUEST_LINE,
- DETECT_AL_HTTP_RESPONSE_LINE,
- DETECT_AL_NFS_PROCEDURE,
- DETECT_AL_NFS_VERSION,
- DETECT_AL_SSH_PROTOCOL,
- DETECT_AL_SSH_PROTOVERSION,
- DETECT_AL_SSH_SOFTWARE,
- DETECT_AL_SSH_SOFTWAREVERSION,
- DETECT_AL_SSL_VERSION,
- DETECT_AL_SSL_STATE,
- DETECT_BYTE_EXTRACT,
- DETECT_FILE_DATA,
- DETECT_PKT_DATA,
- DETECT_AL_APP_LAYER_EVENT,
-
- DETECT_DCE_IFACE,
- DETECT_DCE_OPNUM,
- DETECT_DCE_STUB_DATA,
-
- DETECT_ASN1,
-
- DETECT_ENGINE_EVENT,
- DETECT_STREAM_EVENT,
-
- DETECT_FILENAME,
- DETECT_FILEEXT,
- DETECT_FILESTORE,
- DETECT_FILEMAGIC,
- DETECT_FILEMD5,
- DETECT_FILESHA1,
- DETECT_FILESHA256,
- DETECT_FILESIZE,
-
- DETECT_L3PROTO,
- DETECT_LUA,
- DETECT_IPREP,
-
- DETECT_AL_DNS_QUERY,
- DETECT_AL_TLS_SNI,
- DETECT_AL_TLS_CERT_ISSUER,
- DETECT_AL_TLS_CERT_SUBJECT,
- DETECT_AL_TLS_CERT_SERIAL,
- DETECT_AL_TLS_CERT_FINGERPRINT,
- DETECT_AL_MODBUS,
- DETECT_CIPSERVICE,
- DETECT_ENIPCOMMAND,
-
- DETECT_AL_DNP3DATA,
- DETECT_AL_DNP3FUNC,
- DETECT_AL_DNP3IND,
- DETECT_AL_DNP3OBJ,
-
- DETECT_XBITS,
- DETECT_BASE64_DECODE,
- DETECT_BASE64_DATA,
-
- DETECT_TEMPLATE,
- DETECT_TARGET,
- DETECT_AL_TEMPLATE_BUFFER,
-
- DETECT_BYPASS,
-
- DETECT_PREFILTER,
-
- /* make sure this stays last */
- DETECT_TBLSIZE,
-};
-
-/* Table with all SigMatch registrations */
-SigTableElmt sigmatch_table[DETECT_TBLSIZE];
-
/* detection api */
TmEcode Detect(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq);
uint16_t);
void SigMatchFree(SigMatch *sm);
-void SigTableRegisterTests(void);
void SigRegisterTests(void);
void DetectSimdRegisterTests(void);
void TmModuleDetectRegister (void);
void DisableDetectFlowFileFlags(Flow *f);
char *DetectLoadCompleteSigPath(const DetectEngineCtx *, const char *sig_file);
int SigLoadSignatures (DetectEngineCtx *, char *, int);
-void SigTableList(const char *keyword);
-void SigTableSetup(void);
void SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, Packet *p);
void DetectSignatureApplyActions(Packet *p, const Signature *s, const uint8_t);
#include "detect-engine-build.h"
+#include "detect-engine-register.h"
#endif /* __DETECT_H__ */
#include "../pkt-var.h"
#include "../flow-util.h"
#include "../stream-tcp-reassemble.h"
+#include "../util-unittest.h"
+#include "../util-unittest-helper.h"
static const char *dummy_conf_string =
"%YAML 1.1\n"
projects / thirdparty / suricata.git / commitdiff
