DetectAppLayerEventRegisterTests;
DetectAppLayerInspectEngineRegister("app-layer-events",
- ALPROTO_UNKNOWN, SIG_FLAG_TOSERVER,
+ ALPROTO_UNKNOWN, SIG_FLAG_TOSERVER, 0,
DetectEngineAptEventInspect);
DetectAppLayerInspectEngineRegister("app-layer-events",
- ALPROTO_UNKNOWN, SIG_FLAG_TOCLIENT,
+ ALPROTO_UNKNOWN, SIG_FLAG_TOCLIENT, 0,
DetectEngineAptEventInspect);
DetectBufferTypeRegisterSetupCallback("app-layer-events",
= DetectCipServiceRegisterTests;
DetectAppLayerInspectEngineRegister("cip",
- ALPROTO_ENIP, SIG_FLAG_TOSERVER,
+ ALPROTO_ENIP, SIG_FLAG_TOSERVER, 0,
DetectEngineInspectCIP);
DetectAppLayerInspectEngineRegister("cip",
- ALPROTO_ENIP, SIG_FLAG_TOCLIENT,
+ ALPROTO_ENIP, SIG_FLAG_TOCLIENT, 0,
DetectEngineInspectCIP);
g_cip_buffer_id = DetectBufferTypeGetByName("cip");
= DetectEnipCommandRegisterTests;
DetectAppLayerInspectEngineRegister("enip",
- ALPROTO_ENIP, SIG_FLAG_TOSERVER,
+ ALPROTO_ENIP, SIG_FLAG_TOSERVER, 0,
DetectEngineInspectENIP);
DetectAppLayerInspectEngineRegister("enip",
- ALPROTO_ENIP, SIG_FLAG_TOCLIENT,
+ ALPROTO_ENIP, SIG_FLAG_TOCLIENT, 0,
DetectEngineInspectENIP);
g_enip_buffer_id = DetectBufferTypeGetByName("enip");
g_dce_generic_list_id = DetectBufferTypeRegister("dce_generic");
DetectAppLayerInspectEngineRegister("dce_generic",
- ALPROTO_DCERPC, SIG_FLAG_TOSERVER, InspectDceGeneric);
+ ALPROTO_DCERPC, SIG_FLAG_TOSERVER, 0, InspectDceGeneric);
DetectAppLayerInspectEngineRegister("dce_generic",
- ALPROTO_SMB, SIG_FLAG_TOSERVER, InspectDceGeneric);
+ ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, InspectDceGeneric);
DetectAppLayerInspectEngineRegister("dce_generic",
- ALPROTO_DCERPC, SIG_FLAG_TOCLIENT, InspectDceGeneric);
+ ALPROTO_DCERPC, SIG_FLAG_TOCLIENT, 0, InspectDceGeneric);
DetectAppLayerInspectEngineRegister("dce_generic",
- ALPROTO_SMB, SIG_FLAG_TOCLIENT, InspectDceGeneric);
+ ALPROTO_SMB, SIG_FLAG_TOCLIENT, 0, InspectDceGeneric);
}
static int InspectDceGeneric(ThreadVars *tv,
PrefilterTxDceStubDataResponseRegister);
DetectAppLayerInspectEngineRegister(BUFFER_NAME,
- ALPROTO_DCERPC, SIG_FLAG_TOSERVER,
+ ALPROTO_DCERPC, SIG_FLAG_TOSERVER, 0,
InspectEngineDceStubData);
DetectAppLayerInspectEngineRegister(BUFFER_NAME,
- ALPROTO_DCERPC, SIG_FLAG_TOCLIENT,
+ ALPROTO_DCERPC, SIG_FLAG_TOCLIENT, 0,
InspectEngineDceStubData);
DetectAppLayerInspectEngineRegister(BUFFER_NAME,
- ALPROTO_SMB, SIG_FLAG_TOSERVER,
+ ALPROTO_SMB, SIG_FLAG_TOSERVER, 0,
InspectEngineDceStubData);
DetectAppLayerInspectEngineRegister(BUFFER_NAME,
- ALPROTO_SMB, SIG_FLAG_TOCLIENT,
+ ALPROTO_SMB, SIG_FLAG_TOCLIENT, 0,
InspectEngineDceStubData);
g_dce_stub_data_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME);
sigmatch_table[DETECT_AL_DNP3DATA].flags |= SIGMATCH_NOOPT;
DetectAppLayerInspectEngineRegister("dnp3_data",
- ALPROTO_DNP3, SIG_FLAG_TOSERVER,
+ ALPROTO_DNP3, SIG_FLAG_TOSERVER, 0,
DetectEngineInspectDNP3Data);
DetectAppLayerInspectEngineRegister("dnp3_data",
- ALPROTO_DNP3, SIG_FLAG_TOCLIENT,
+ ALPROTO_DNP3, SIG_FLAG_TOCLIENT, 0,
DetectEngineInspectDNP3Data);
g_dnp3_data_buffer_id = DetectBufferTypeGetByName("dnp3_data");
/* Register the list of func, ind and obj. */
DetectAppLayerInspectEngineRegister("dnp3",
- ALPROTO_DNP3, SIG_FLAG_TOSERVER,
+ ALPROTO_DNP3, SIG_FLAG_TOSERVER, 0,
DetectEngineInspectDNP3);
DetectAppLayerInspectEngineRegister("dnp3",
- ALPROTO_DNP3, SIG_FLAG_TOCLIENT,
+ ALPROTO_DNP3, SIG_FLAG_TOCLIENT, 0,
DetectEngineInspectDNP3);
g_dnp3_match_buffer_id = DetectBufferTypeRegister("dnp3");
PrefilterTxDnsQueryRegister);
DetectAppLayerInspectEngineRegister("dns_query",
- ALPROTO_DNS, SIG_FLAG_TOSERVER,
+ ALPROTO_DNS, SIG_FLAG_TOSERVER, 1,
DetectEngineInspectDnsQueryName);
DetectBufferTypeSetDescriptionByName("dns_query",
/* register these generic engines from here for now */
DetectAppLayerInspectEngineRegister("dns_request",
- ALPROTO_DNS, SIG_FLAG_TOSERVER,
+ ALPROTO_DNS, SIG_FLAG_TOSERVER, 1,
DetectEngineInspectDnsRequest);
DetectAppLayerInspectEngineRegister("dns_response",
- ALPROTO_DNS, SIG_FLAG_TOCLIENT,
+ ALPROTO_DNS, SIG_FLAG_TOCLIENT, 1,
DetectEngineInspectDnsResponse);
DetectBufferTypeSetDescriptionByName("dns_request",
static DetectEngineAppInspectionEngine *g_app_inspect_engines = NULL;
void DetectAppLayerInspectEngineRegister(const char *name,
- AppProto alproto, uint32_t dir, InspectEngineFuncPtr Callback)
+ AppProto alproto, uint32_t dir,
+ int progress, InspectEngineFuncPtr Callback)
{
DetectBufferTypeRegister(name);
int sm_list = DetectBufferTypeGetByName(name);
(Callback == NULL))
{
SCLogError(SC_ERR_INVALID_ARGUMENTS, "Invalid arguments");
- exit(EXIT_FAILURE);
+ BUG_ON(1);
}
int direction;
new_engine->alproto = alproto;
new_engine->dir = direction;
new_engine->sm_list = sm_list;
+ new_engine->progress = progress;
new_engine->Callback = Callback;
if (g_app_inspect_engines == NULL) {
* \param alproto App layer protocol for which we will register the engine.
* \param direction The direction for the engine: SIG_FLAG_TOSERVER or
* SIG_FLAG_TOCLIENT
+ * \param progress Minimal progress value for inspect engine to run
* \param Callback The engine callback.
*/
void DetectAppLayerInspectEngineRegister(const char *name,
- AppProto alproto, uint32_t dir, InspectEngineFuncPtr Callback);
+ AppProto alproto, uint32_t dir,
+ int progress, InspectEngineFuncPtr Callback);
int DetectEngineAppInspectionEngine2Signature(Signature *s);
void DetectEngineAppInspectionEngineSignatureFree(Signature *s);
PrefilterTxHttpResponseBodyRegister);
DetectAppLayerInspectEngineRegister("file_data",
- ALPROTO_HTTP, SIG_FLAG_TOCLIENT,
+ ALPROTO_HTTP, SIG_FLAG_TOCLIENT, HTP_RESPONSE_BODY,
DetectEngineInspectHttpServerBody);
DetectAppLayerInspectEngineRegister("file_data",
- ALPROTO_SMTP, SIG_FLAG_TOSERVER,
+ ALPROTO_SMTP, SIG_FLAG_TOSERVER, 0,
DetectEngineInspectSMTPFiledata);
DetectBufferTypeRegisterSetupCallback("file_data",
sigmatch_table[DETECT_FILENAME].RegisterTests = DetectFilenameRegisterTests;
DetectAppLayerInspectEngineRegister("files",
- ALPROTO_HTTP, SIG_FLAG_TOSERVER,
+ ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_BODY,
DetectFileInspectHttp);
DetectAppLayerInspectEngineRegister("files",
- ALPROTO_HTTP, SIG_FLAG_TOCLIENT,
+ ALPROTO_HTTP, SIG_FLAG_TOCLIENT, HTP_RESPONSE_BODY,
DetectFileInspectHttp);
DetectAppLayerInspectEngineRegister("files",
- ALPROTO_SMTP, SIG_FLAG_TOSERVER,
+ ALPROTO_SMTP, SIG_FLAG_TOSERVER, 0,
DetectFileInspectSmtp);
g_file_match_list_id = DetectBufferTypeGetByName("files");
g_ftp_request_list_id = DetectBufferTypeRegister("ftp_request");
DetectAppLayerInspectEngineRegister("ftp_request",
- ALPROTO_FTP, SIG_FLAG_TOSERVER, InspectFtpRequest);
+ ALPROTO_FTP, SIG_FLAG_TOSERVER, 0,
+ InspectFtpRequest);
}
static int InspectFtpRequest(ThreadVars *tv,
PrefilterTxHttpRequestBodyRegister);
DetectAppLayerInspectEngineRegister("http_client_body",
- ALPROTO_HTTP, SIG_FLAG_TOSERVER,
+ ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_BODY,
DetectEngineInspectHttpClientBody);
DetectBufferTypeSetDescriptionByName("http_client_body",
PrefilterTxResponseCookieRegister);
DetectAppLayerInspectEngineRegister("http_cookie",
- ALPROTO_HTTP, SIG_FLAG_TOSERVER,
+ ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS,
DetectEngineInspectHttpCookie);
DetectAppLayerInspectEngineRegister("http_cookie",
- ALPROTO_HTTP, SIG_FLAG_TOCLIENT,
+ ALPROTO_HTTP, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS,
DetectEngineInspectHttpCookie);
DetectBufferTypeSetDescriptionByName("http_cookie",
PrefilterTxHttpResponseHeaderNamesRegister);
DetectAppLayerInspectEngineRegister(BUFFER_NAME,
- ALPROTO_HTTP, SIG_FLAG_TOSERVER,
+ ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS,
InspectEngineHttpHeaderNames);
DetectAppLayerInspectEngineRegister(BUFFER_NAME,
- ALPROTO_HTTP, SIG_FLAG_TOCLIENT,
+ ALPROTO_HTTP, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS,
InspectEngineHttpHeaderNames);
DetectBufferTypeSetDescriptionByName(BUFFER_NAME,
PrefilterTxHttpResponseHeadersRegister);
DetectAppLayerInspectEngineRegister("http_header",
- ALPROTO_HTTP, SIG_FLAG_TOSERVER,
+ ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS,
DetectEngineInspectHttpHeader);
DetectAppLayerInspectEngineRegister("http_header",
- ALPROTO_HTTP, SIG_FLAG_TOCLIENT,
+ ALPROTO_HTTP, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS,
DetectEngineInspectHttpHeader);
DetectBufferTypeSetDescriptionByName("http_header",
#endif
#ifdef KEYWORD_TOSERVER
DetectAppLayerInspectEngineRegister(BUFFER_NAME,
- ALPROTO_HTTP, SIG_FLAG_TOSERVER,
+ ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS,
InspectEngineHttpRequestHeader);
#endif
#ifdef KEYWORD_TOCLIENT
DetectAppLayerInspectEngineRegister(BUFFER_NAME,
- ALPROTO_HTTP, SIG_FLAG_TOCLIENT,
+ ALPROTO_HTTP, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS,
InspectEngineHttpResponseHeader);
#endif
PrefilterTxHostnameRegister);
DetectAppLayerInspectEngineRegister("http_host",
- ALPROTO_HTTP, SIG_FLAG_TOSERVER,
+ ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS,
DetectEngineInspectHttpHH);
DetectBufferTypeSetDescriptionByName("http_host",
PrefilterTxHostnameRawRegister);
DetectAppLayerInspectEngineRegister("http_raw_host",
- ALPROTO_HTTP, SIG_FLAG_TOSERVER,
+ ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS,
DetectEngineInspectHttpHRH);
DetectBufferTypeSetDescriptionByName("http_raw_host",
PrefilterTxMethodRegister);
DetectAppLayerInspectEngineRegister("http_method",
- ALPROTO_HTTP, SIG_FLAG_TOSERVER,
+ ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE,
DetectEngineInspectHttpMethod);
DetectBufferTypeSetDescriptionByName("http_method",
PrefilterTxHttpResponseProtocolRegister);
DetectAppLayerInspectEngineRegister(BUFFER_NAME,
- ALPROTO_HTTP, SIG_FLAG_TOSERVER,
+ ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE,
InspectEngineHttpProtocol);
DetectAppLayerInspectEngineRegister(BUFFER_NAME,
- ALPROTO_HTTP, SIG_FLAG_TOCLIENT,
+ ALPROTO_HTTP, SIG_FLAG_TOCLIENT, HTP_RESPONSE_LINE,
InspectEngineHttpProtocol);
DetectBufferTypeSetDescriptionByName(BUFFER_NAME,
PrefilterTxResponseHeadersRawRegister);
DetectAppLayerInspectEngineRegister("http_raw_header",
- ALPROTO_HTTP, SIG_FLAG_TOSERVER,
+ ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS,
DetectEngineInspectHttpRawHeader);
DetectAppLayerInspectEngineRegister("http_raw_header",
- ALPROTO_HTTP, SIG_FLAG_TOCLIENT,
+ ALPROTO_HTTP, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS,
DetectEngineInspectHttpRawHeader);
DetectBufferTypeSetDescriptionByName("http_raw_header",
PrefilterTxRawUriRegister);
DetectAppLayerInspectEngineRegister("http_raw_uri",
- ALPROTO_HTTP, SIG_FLAG_TOSERVER,
+ ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE,
DetectEngineInspectHttpRawUri);
DetectBufferTypeSetDescriptionByName("http_raw_uri",
PrefilterTxHttpRequestLineRegister);
DetectAppLayerInspectEngineRegister("http_request_line",
- ALPROTO_HTTP, SIG_FLAG_TOSERVER,
+ ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE,
DetectEngineInspectHttpRequestLine);
DetectBufferTypeSetDescriptionByName("http_request_line",
PrefilterTxHttpResponseLineRegister);
DetectAppLayerInspectEngineRegister("http_response_line",
- ALPROTO_HTTP, SIG_FLAG_TOCLIENT,
+ ALPROTO_HTTP, SIG_FLAG_TOCLIENT, HTP_RESPONSE_LINE,
DetectEngineInspectHttpResponseLine);
DetectBufferTypeSetDescriptionByName("http_response_line",
PrefilterTxHttpResponseStartRegister);
DetectAppLayerInspectEngineRegister(BUFFER_NAME,
- ALPROTO_HTTP, SIG_FLAG_TOSERVER,
+ ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS,
InspectEngineHttpStart);
DetectAppLayerInspectEngineRegister(BUFFER_NAME,
- ALPROTO_HTTP, SIG_FLAG_TOCLIENT,
+ ALPROTO_HTTP, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS,
InspectEngineHttpStart);
DetectBufferTypeSetDescriptionByName(BUFFER_NAME,
PrefilterTxHttpStatCodeRegister);
DetectAppLayerInspectEngineRegister("http_stat_code",
- ALPROTO_HTTP, SIG_FLAG_TOCLIENT,
+ ALPROTO_HTTP, SIG_FLAG_TOCLIENT, HTP_RESPONSE_LINE,
DetectEngineInspectHttpStatCode);
DetectBufferTypeSetDescriptionByName("http_stat_code",
PrefilterTxHttpStatMsgRegister);
DetectAppLayerInspectEngineRegister("http_stat_msg",
- ALPROTO_HTTP, SIG_FLAG_TOCLIENT,
+ ALPROTO_HTTP, SIG_FLAG_TOCLIENT, HTP_RESPONSE_LINE,
DetectEngineInspectHttpStatMsg);
DetectBufferTypeSetDescriptionByName("http_stat_msg",
PrefilterTxUARegister);
DetectAppLayerInspectEngineRegister("http_user_agent",
- ALPROTO_HTTP, SIG_FLAG_TOSERVER,
+ ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS,
DetectEngineInspectHttpUA);
DetectBufferTypeSetDescriptionByName("http_user_agent",
DetectAppLayerMpmRegister("http_uri", SIG_FLAG_TOSERVER, 2,
PrefilterTxUriRegister);
- DetectAppLayerInspectEngineRegister("http_uri", ALPROTO_HTTP, SIG_FLAG_TOSERVER,
+ DetectAppLayerInspectEngineRegister("http_uri",
+ ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE,
DetectEngineInspectHttpUri);
DetectBufferTypeSetDescriptionByName("http_uri",
g_smtp_generic_list_id = DetectBufferTypeRegister("smtp_generic");
DetectAppLayerInspectEngineRegister("smtp_generic",
- ALPROTO_SMTP, SIG_FLAG_TOSERVER,
+ ALPROTO_SMTP, SIG_FLAG_TOSERVER, 0,
InspectSmtpGeneric);
DetectAppLayerInspectEngineRegister("smtp_generic",
- ALPROTO_SMTP, SIG_FLAG_TOCLIENT,
+ ALPROTO_SMTP, SIG_FLAG_TOCLIENT, 0,
InspectSmtpGeneric);
SCLogDebug("registering lua rule option");
&access_parse_regex, &access_parse_regex_study);
DetectAppLayerInspectEngineRegister("modbus",
- ALPROTO_MODBUS, SIG_FLAG_TOSERVER,
+ ALPROTO_MODBUS, SIG_FLAG_TOSERVER, 0,
DetectEngineInspectModbus);
DetectAppLayerInspectEngineRegister("modbus",
- ALPROTO_MODBUS, SIG_FLAG_TOCLIENT,
+ ALPROTO_MODBUS, SIG_FLAG_TOCLIENT, 0,
DetectEngineInspectModbus);
g_modbus_buffer_id = DetectBufferTypeGetByName("modbus");
PrefilterTxSshResponseProtocolRegister);
DetectAppLayerInspectEngineRegister(BUFFER_NAME,
- ALPROTO_SSH, SIG_FLAG_TOSERVER,
+ ALPROTO_SSH, SIG_FLAG_TOSERVER, SSH_STATE_BANNER_DONE,
InspectEngineSshProtocol);
DetectAppLayerInspectEngineRegister(BUFFER_NAME,
- ALPROTO_SSH, SIG_FLAG_TOCLIENT,
+ ALPROTO_SSH, SIG_FLAG_TOCLIENT, SSH_STATE_BANNER_DONE,
InspectEngineSshProtocol);
DetectBufferTypeSetDescriptionByName(BUFFER_NAME,
g_ssh_banner_list_id = DetectBufferTypeRegister("ssh_banner");
DetectAppLayerInspectEngineRegister("ssh_banner",
- ALPROTO_SSH, SIG_FLAG_TOSERVER, InspectSshBanner);
+ ALPROTO_SSH, SIG_FLAG_TOSERVER, SSH_STATE_BANNER_DONE,
+ InspectSshBanner);
DetectAppLayerInspectEngineRegister("ssh_banner",
- ALPROTO_SSH, SIG_FLAG_TOCLIENT, InspectSshBanner);
+ ALPROTO_SSH, SIG_FLAG_TOCLIENT, SSH_STATE_BANNER_DONE,
+ InspectSshBanner);
}
/**
PrefilterTxSshResponseSoftwareRegister);
DetectAppLayerInspectEngineRegister(BUFFER_NAME,
- ALPROTO_SSH, SIG_FLAG_TOSERVER,
+ ALPROTO_SSH, SIG_FLAG_TOSERVER, SSH_STATE_BANNER_DONE,
InspectEngineSshSoftware);
DetectAppLayerInspectEngineRegister(BUFFER_NAME,
- ALPROTO_SSH, SIG_FLAG_TOCLIENT,
+ ALPROTO_SSH, SIG_FLAG_TOCLIENT, SSH_STATE_BANNER_DONE,
InspectEngineSshSoftware);
DetectBufferTypeSetDescriptionByName(BUFFER_NAME,
"generic ssl/tls inspection");
DetectAppLayerInspectEngineRegister("tls_generic",
- ALPROTO_TLS, SIG_FLAG_TOSERVER,
+ ALPROTO_TLS, SIG_FLAG_TOSERVER, 0,
InspectTlsGeneric);
DetectAppLayerInspectEngineRegister("tls_generic",
- ALPROTO_TLS, SIG_FLAG_TOCLIENT,
+ ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0,
InspectTlsGeneric);
}
/* register inspect engines */
DetectAppLayerInspectEngineRegister("template_buffer",
- ALPROTO_TEMPLATE, SIG_FLAG_TOSERVER,
+ ALPROTO_TEMPLATE, SIG_FLAG_TOSERVER, 0,
DetectEngineInspectTemplateBuffer);
DetectAppLayerInspectEngineRegister("template_buffer",
- ALPROTO_TEMPLATE, SIG_FLAG_TOCLIENT,
+ ALPROTO_TEMPLATE, SIG_FLAG_TOCLIENT, 0,
DetectEngineInspectTemplateBuffer);
g_template_buffer_id = DetectBufferTypeGetByName("template_buffer");
PrefilterTxTlsIssuerRegister);
DetectAppLayerInspectEngineRegister("tls_cert_issuer",
- ALPROTO_TLS, SIG_FLAG_TOCLIENT,
+ ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY,
DetectEngineInspectTlsIssuer);
g_tls_cert_issuer_buffer_id = DetectBufferTypeGetByName("tls_cert_issuer");
PrefilterTxTlsSerialRegister);
DetectAppLayerInspectEngineRegister("tls_cert_serial", ALPROTO_TLS,
- SIG_FLAG_TOCLIENT, DetectEngineInspectTlsSerial);
+ SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY,
+ DetectEngineInspectTlsSerial);
g_tls_cert_serial_buffer_id = DetectBufferTypeGetByName("tls_cert_serial");
}
PrefilterTxTlsSubjectRegister);
DetectAppLayerInspectEngineRegister("tls_cert_subject",
- ALPROTO_TLS, SIG_FLAG_TOCLIENT,
+ ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY,
DetectEngineInspectTlsSubject);
g_tls_cert_subject_buffer_id = DetectBufferTypeGetByName("tls_cert_subject");
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
DetectAppLayerInspectEngineRegister("tls_validity",
- ALPROTO_TLS, SIG_FLAG_TOCLIENT,
+ ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY,
DetectEngineInspectTlsValidity);
g_tls_validity_buffer_id = DetectBufferTypeGetByName("tls_validity");
PrefilterTxTlsSniRegister);
DetectAppLayerInspectEngineRegister("tls_sni",
- ALPROTO_TLS, SIG_FLAG_TOSERVER,
+ ALPROTO_TLS, SIG_FLAG_TOSERVER, 0,
DetectEngineInspectTlsSni);
g_tls_sni_buffer_id = DetectBufferTypeGetByName("tls_sni");
g_tls_cert_list_id = DetectBufferTypeRegister("tls_cert");
DetectAppLayerInspectEngineRegister("tls_cert",
- ALPROTO_TLS, SIG_FLAG_TOCLIENT,
+ ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY,
InspectTlsCert);
}
AppProto alproto;
uint8_t dir;
uint8_t id; /**< per sig id used in state keeping */
- int sm_list;
+ int16_t sm_list;
+ int16_t progress;
/* \retval 0 No match. Don't discontinue matching yet. We need more data.
* 1 Match.
projects / thirdparty / suricata.git / commitdiff
