void DetectBase64DecodeRegister(void)
{
- const char *pcre_errptr;
- int pcre_erroffset;
-
sigmatch_table[DETECT_BASE64_DECODE].name = "base64_decode";
sigmatch_table[DETECT_BASE64_DECODE].desc =
"Decodes base64 encoded data.";
sigmatch_table[DETECT_BASE64_DECODE].flags |= SIGMATCH_PAYLOAD;
sigmatch_table[DETECT_BASE64_DECODE].flags |= SIGMATCH_OPTIONAL_OPT;
- decode_pcre = pcre_compile(decode_pattern, 0, &pcre_errptr, &pcre_erroffset,
- NULL);
- if (decode_pcre == NULL) {
- SCLogError(SC_ERR_PCRE_COMPILE, "Failed to compile pattern \"%s\" at"
- " offset %d: %s", decode_pattern, pcre_erroffset, pcre_errptr);
- exit(EXIT_FAILURE);
- }
-
- decode_pcre_study = pcre_study(decode_pcre, 0, &pcre_errptr);
- if (pcre_errptr != NULL) {
- SCLogError(SC_ERR_PCRE_STUDY, "Failed to study pattern \"%s\": %s",
- decode_pattern, pcre_errptr);
- exit(EXIT_FAILURE);
- }
+ DetectSetupParseRegexes(decode_pattern, &decode_pcre, &decode_pcre_study);
}
int DetectBase64DecodeDoMatch(DetectEngineThreadCtx *det_ctx, Signature *s,
*/
void DetectByteExtractRegister(void)
{
- const char *eb;
- int eo;
- int opts = 0;
-
sigmatch_table[DETECT_BYTE_EXTRACT].name = "byte_extract";
sigmatch_table[DETECT_BYTE_EXTRACT].Match = NULL;
sigmatch_table[DETECT_BYTE_EXTRACT].AppLayerMatch = NULL;
sigmatch_table[DETECT_BYTE_EXTRACT].flags |= SIGMATCH_PAYLOAD;
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if (parse_regex == NULL) {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed "
- "at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if (eb != NULL) {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
-
- return;
- error:
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
int DetectByteExtractDoMatch(DetectEngineThreadCtx *det_ctx, SigMatch *sm,
void DetectBytejumpRegister (void)
{
- const char *eb;
- int eo;
- int opts = 0;
-
sigmatch_table[DETECT_BYTEJUMP].name = "byte_jump";
sigmatch_table[DETECT_BYTEJUMP].Match = DetectBytejumpMatch;
sigmatch_table[DETECT_BYTEJUMP].Setup = DetectBytejumpSetup;
sigmatch_table[DETECT_BYTEJUMP].flags |= SIGMATCH_PAYLOAD;
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if(parse_regex == NULL)
- {
- SCLogError(SC_ERR_PCRE_COMPILE,"pcre compile of \"%s\" failed "
- "at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if(eb != NULL)
- {
- SCLogError(SC_ERR_PCRE_STUDY,"pcre study failed: %s", eb);
- goto error;
- }
- return;
-
-error:
- /* XXX */
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/** \brief Byte jump match function
void DetectBytetestRegister (void)
{
- const char *eb;
- int eo;
- int opts = 0;
-
sigmatch_table[DETECT_BYTETEST].name = "byte_test";
sigmatch_table[DETECT_BYTETEST].Match = DetectBytetestMatch;
sigmatch_table[DETECT_BYTETEST].Setup = DetectBytetestSetup;
sigmatch_table[DETECT_BYTETEST].flags |= SIGMATCH_PAYLOAD;
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if(parse_regex == NULL)
- {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at "
- "offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if(eb != NULL)
- {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
- return;
-
-error:
- /* XXX */
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/** \brief Bytetest detection code
#include "util-debug.h"
#include "util-unittest.h"
-#define DETECT_CLASSTYPE_REGEX "^\\s*([a-zA-Z][a-zA-Z0-9-_]*)\\s*$"
+#define PARSE_REGEX "^\\s*([a-zA-Z][a-zA-Z0-9-_]*)\\s*$"
static pcre *regex = NULL;
static pcre_extra *regex_study = NULL;
*/
void DetectClasstypeRegister(void)
{
- const char *eb = NULL;
- int eo;
- int opts = 0;
-
- SCLogDebug("Registering the Classtype keyword handler");
-
sigmatch_table[DETECT_CLASSTYPE].name = "classtype";
sigmatch_table[DETECT_CLASSTYPE].desc = "information about the classification of rules and alerts";
sigmatch_table[DETECT_CLASSTYPE].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Meta-settings#Classtype";
sigmatch_table[DETECT_CLASSTYPE].Free = NULL;
sigmatch_table[DETECT_CLASSTYPE].RegisterTests = DetectClasstypeRegisterTests;
- regex = pcre_compile(DETECT_CLASSTYPE_REGEX, opts, &eb, &eo, NULL);
- if (regex == NULL) {
- SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s",
- DETECT_CLASSTYPE_REGEX, eo, eb);
- goto end;
- }
-
- regex_study = pcre_study(regex, 0, &eb);
- if (eb != NULL) {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto end;
- }
-
- end:
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, ®ex, ®ex_study);
}
/**
#include "util-unittest-helper.h"
#include "stream-tcp.h"
-#define DETECT_DCE_IFACE_PCRE_PARSE_ARGS "^\\s*([0-9a-zA-Z]{8}-[0-9a-zA-Z]{4}-[0-9a-zA-Z]{4}-[0-9a-zA-Z]{4}-[0-9a-zA-Z]{12})(?:\\s*,(<|>|=|!)([0-9]{1,5}))?(?:\\s*,(any_frag))?\\s*$"
+#define PARSE_REGEX "^\\s*([0-9a-zA-Z]{8}-[0-9a-zA-Z]{4}-[0-9a-zA-Z]{4}-[0-9a-zA-Z]{4}-[0-9a-zA-Z]{12})(?:\\s*,(<|>|=|!)([0-9]{1,5}))?(?:\\s*,(any_frag))?\\s*$"
static pcre *parse_regex = NULL;
static pcre_extra *parse_regex_study = NULL;
*/
void DetectDceIfaceRegister(void)
{
- const char *eb;
- int eo;
- int opts = 0;
-
sigmatch_table[DETECT_DCE_IFACE].name = "dce_iface";
sigmatch_table[DETECT_DCE_IFACE].alproto = ALPROTO_DCERPC;
sigmatch_table[DETECT_DCE_IFACE].Match = NULL;
sigmatch_table[DETECT_DCE_IFACE].flags |= SIGMATCH_PAYLOAD;
- parse_regex = pcre_compile(DETECT_DCE_IFACE_PCRE_PARSE_ARGS, opts, &eb,
- &eo, NULL);
- if (parse_regex == NULL) {
- SCLogDebug("pcre compile of \"%s\" failed at offset %" PRId32 ": %s",
- DETECT_DCE_IFACE_PCRE_PARSE_ARGS, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if (eb != NULL) {
- SCLogDebug("pcre study failed: %s", eb);
- goto error;
- }
-
- return;
-
- error:
- /* we need to handle error?! */
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/**
#include "util-unittest-helper.h"
#include "stream-tcp.h"
-#define DETECT_DCE_OPNUM_PCRE_PARSE_ARGS "^\\s*([0-9]{1,5}(\\s*-\\s*[0-9]{1,5}\\s*)?)(,\\s*[0-9]{1,5}(\\s*-\\s*[0-9]{1,5})?\\s*)*$"
+#define PARSE_REGEX "^\\s*([0-9]{1,5}(\\s*-\\s*[0-9]{1,5}\\s*)?)(,\\s*[0-9]{1,5}(\\s*-\\s*[0-9]{1,5})?\\s*)*$"
static pcre *parse_regex = NULL;
static pcre_extra *parse_regex_study = NULL;
*/
void DetectDceOpnumRegister(void)
{
- const char *eb;
- int eo;
- int opts = 0;
-
sigmatch_table[DETECT_DCE_OPNUM].name = "dce_opnum";
sigmatch_table[DETECT_DCE_OPNUM].alproto = ALPROTO_DCERPC;
sigmatch_table[DETECT_DCE_OPNUM].Match = NULL;
sigmatch_table[DETECT_DCE_OPNUM].flags |= SIGMATCH_PAYLOAD;
- parse_regex = pcre_compile(DETECT_DCE_OPNUM_PCRE_PARSE_ARGS, opts, &eb,
- &eo, NULL);
- if (parse_regex == NULL) {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s",
- DETECT_DCE_OPNUM_PCRE_PARSE_ARGS, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if (eb != NULL) {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
-
- return;
-
- error:
- /* we need to handle error?! */
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/**
/* this is compatible to ip-only signatures */
sigmatch_table[DETECT_DETECTION_FILTER].flags |= SIGMATCH_IPONLY_COMPAT;
- const char *eb;
- int eo;
- int opts = 0;
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if(parse_regex == NULL)
- {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if(eb != NULL)
- {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
- return;
-
-error:
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
int DetectDetectionFilterMatch (ThreadVars *thv, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, const SigMatchCtx *ctx)
sigmatch_table[DETECT_DSIZE].Free = DetectDsizeFree;
sigmatch_table[DETECT_DSIZE].RegisterTests = DsizeRegisterTests;
- const char *eb;
- int eo;
- int opts = 0;
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if(parse_regex == NULL)
- {
- SCLogError(SC_ERR_PCRE_COMPILE,"pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if(eb != NULL)
- {
- SCLogError(SC_ERR_PCRE_STUDY,"pcre study failed: %s", eb);
- goto error;
- }
- return;
-
-error:
- /* XXX */
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/**
sigmatch_table[DETECT_STREAM_EVENT].Setup = DetectStreamEventSetup;
sigmatch_table[DETECT_STREAM_EVENT].Free = DetectEngineEventFree;
- const char *eb;
- int eo;
- int opts = 0;
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if(parse_regex == NULL)
- {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s\n", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if(eb != NULL)
- {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s\n", eb);
- goto error;
- }
- return;
-
-error:
- return;
-
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/**
#include "util-unittest.h"
#include "util-unittest-helper.h"
-#define DETECT_FAST_PATTERN_REGEX "^(\\s*only\\s*)|\\s*([0-9]+)\\s*,\\s*([0-9]+)\\s*$"
+#define PARSE_REGEX "^(\\s*only\\s*)|\\s*([0-9]+)\\s*,\\s*([0-9]+)\\s*$"
static pcre *parse_regex = NULL;
static pcre_extra *parse_regex_study = NULL;
sigmatch_table[DETECT_FAST_PATTERN].flags |= SIGMATCH_NOOPT;
sigmatch_table[DETECT_FAST_PATTERN].flags |= SIGMATCH_PAYLOAD;
- const char *eb;
- int eo;
- int opts = 0;
-
- parse_regex = pcre_compile(DETECT_FAST_PATTERN_REGEX, opts, &eb, &eo, NULL);
- if(parse_regex == NULL)
- {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at "
- "offset %" PRId32 ": %s", DETECT_FAST_PATTERN_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if(eb != NULL)
- {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
-
- return;
-
- error:
- /* get some way to return an error code! */
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
//static int DetectFastPatternParseArg(
sigmatch_table[DETECT_FILESIZE].RegisterTests = DetectFilesizeRegisterTests;
sigmatch_table[DETECT_FILESIZE].flags |= SIGMATCH_PAYLOAD; /** XXX necessary? */
- const char *eb;
- int eo;
- int opts = 0;
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if (parse_regex == NULL) {
- SCLogDebug("pcre compile of \"%s\" failed at offset %" PRId32 ": %s",
- PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if (eb != NULL) {
- SCLogDebug("pcre study failed: %s", eb);
- goto error;
- }
- return;
-
-error:
- if (parse_regex != NULL)
- SCFree(parse_regex);
- if (parse_regex_study != NULL)
- SCFree(parse_regex_study);
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/**
sigmatch_table[DETECT_FILESTORE].RegisterTests = NULL;
sigmatch_table[DETECT_FILESTORE].flags = SIGMATCH_OPTIONAL_OPT;
- const char *eb;
- int eo;
- int opts = 0;
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if(parse_regex == NULL)
- {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if(eb != NULL)
- {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
- SCLogDebug("registering filestore rule option");
- return;
-error:
- /* XXX */
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/**
sigmatch_table[DETECT_FLAGS].Free = DetectFlagsFree;
sigmatch_table[DETECT_FLAGS].RegisterTests = FlagsRegisterTests;
- const char *eb;
- int opts = 0;
- int eo;
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if(parse_regex == NULL)
- {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if(eb != NULL)
- {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
-
-error:
- return;
-
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/**
sigmatch_table[DETECT_FLOW].Free = DetectFlowFree;
sigmatch_table[DETECT_FLOW].RegisterTests = DetectFlowRegisterTests;
- const char *eb;
- int eo;
- int opts = 0;
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if(parse_regex == NULL)
- {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if(eb != NULL)
- {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
- return;
-
-error:
- /* XXX */
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/*
/* this is compatible to ip-only signatures */
sigmatch_table[DETECT_FLOWBITS].flags |= SIGMATCH_IPONLY_COMPAT;
- const char *eb;
- int eo;
- int opts = 0;
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if(parse_regex == NULL)
- {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if(eb != NULL)
- {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
-
- return;
-
-error:
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
sigmatch_table[DETECT_FLOWINT].Free = DetectFlowintFree;
sigmatch_table[DETECT_FLOWINT].RegisterTests = DetectFlowintRegisterTests;
- const char *eb;
- int eo;
- int opts = 0;
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if (parse_regex == NULL) {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s",
- PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if (eb != NULL) {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
-
- return;
-error:
- SCLogInfo("Error registering flowint detection plugin");
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/**
sigmatch_table[DETECT_FLOWVAR_POSTMATCH].Free = DetectFlowvarDataFree;
sigmatch_table[DETECT_FLOWVAR_POSTMATCH].RegisterTests = NULL;
- const char *eb;
- int eo;
- int opts = 0;
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if(parse_regex == NULL)
- {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if(eb != NULL)
- {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
-
- return;
-
-error:
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/**
sigmatch_table[DETECT_FRAGBITS].Free = DetectFragBitsFree;
sigmatch_table[DETECT_FRAGBITS].RegisterTests = FragBitsRegisterTests;
- const char *eb;
- int opts = 0;
- int eo;
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if(parse_regex == NULL)
- {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if(eb != NULL)
- {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
-
-error:
- return;
-
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/**
sigmatch_table[DETECT_FRAGOFFSET].Free = DetectFragOffsetFree;
sigmatch_table[DETECT_FRAGOFFSET].RegisterTests = DetectFragOffsetRegisterTests;
- const char *eb;
- int eo;
- int opts = 0;
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if (parse_regex == NULL) {
- SCLogError(SC_ERR_PCRE_COMPILE,"pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if (eb != NULL) {
- SCLogError(SC_ERR_PCRE_STUDY,"pcre study failed: %s", eb);
- goto error;
- }
- return;
-
-error:
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/**
#include "util-unittest.h"
#include "util-debug.h"
-#define PARSE_REGEX "[0-9]+"
-
static int DetectGidSetup (DetectEngineCtx *, Signature *, char *);
/**
/* this is compatible to ip-only signatures */
sigmatch_table[DETECT_HOSTBITS].flags |= SIGMATCH_IPONLY_COMPAT;
- const char *eb;
- int eo;
- int opts = 0;
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if(parse_regex == NULL)
- {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if(eb != NULL)
- {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
-
- return;
-
-error:
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
static int DetectHostbitMatchToggle (Packet *p, const DetectXbitsData *fd)
sigmatch_table[DETECT_ICMP_ID].Free = DetectIcmpIdFree;
sigmatch_table[DETECT_ICMP_ID].RegisterTests = DetectIcmpIdRegisterTests;
- const char *eb;
- int eo;
- int opts = 0;
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if (parse_regex == NULL) {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if (eb != NULL) {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
- return;
-
-error:
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/**
sigmatch_table[DETECT_ICMP_SEQ].Free = DetectIcmpSeqFree;
sigmatch_table[DETECT_ICMP_SEQ].RegisterTests = DetectIcmpSeqRegisterTests;
- const char *eb;
- int eo;
- int opts = 0;
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if (parse_regex == NULL) {
- SCLogError(SC_ERR_PCRE_COMPILE,"pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if (eb != NULL) {
- SCLogError(SC_ERR_PCRE_STUDY,"pcre study failed: %s", eb);
- goto error;
- }
- return;
-
-error:
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/**
sigmatch_table[DETECT_ICODE].Free = DetectICodeFree;
sigmatch_table[DETECT_ICODE].RegisterTests = DetectICodeRegisterTests;
- const char *eb;
- int eo;
- int opts = 0;
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if(parse_regex == NULL)
- {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if(eb != NULL)
- {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
- return;
-
-error:
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/**
sigmatch_table[DETECT_ID].Free = DetectIdFree;
sigmatch_table[DETECT_ID].RegisterTests = DetectIdRegisterTests;
- const char *eb;
- int eo;
- int opts = 0;
-
- SCLogDebug("registering id rule option");
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if (parse_regex == NULL) {
- SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s",
- PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if (eb != NULL) {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
- return;
-
-error:
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/**
sigmatch_table[DETECT_IPOPTS].Free = DetectIpOptsFree;
sigmatch_table[DETECT_IPOPTS].RegisterTests = IpOptsRegisterTests;
- const char *eb;
- int eo;
- int opts = 0;
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if(parse_regex == NULL)
- {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if(eb != NULL)
- {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
- return;
-
-error:
- return;
-
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/**
void DetectIPProtoRegister(void)
{
- const char *eb;
- int eo;
- int opts = 0;
-
sigmatch_table[DETECT_IPPROTO].name = "ip_proto";
sigmatch_table[DETECT_IPPROTO].desc = "match on the IP protocol in the packet-header";
sigmatch_table[DETECT_IPPROTO].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Header_keywords#ip_proto";
sigmatch_table[DETECT_IPPROTO].Free = DetectIPProtoFree;
sigmatch_table[DETECT_IPPROTO].RegisterTests = DetectIPProtoRegisterTests;
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if (parse_regex == NULL) {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at "
- "offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if (eb != NULL) {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
-
- return;
-
-error:
- if (parse_regex)
- pcre_free(parse_regex);
- if (parse_regex_study)
- pcre_free_study(parse_regex_study);
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/**
/* this is compatible to ip-only signatures */
sigmatch_table[DETECT_IPREP].flags |= SIGMATCH_IPONLY_COMPAT;
- const char *eb;
- int eo;
- int opts = 0;
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if(parse_regex == NULL)
- {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if(eb != NULL)
- {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
-
- return;
-
-error:
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
static uint8_t GetHostRepSrc(Packet *p, uint8_t cat, uint32_t version)
sigmatch_table[DETECT_ISDATAAT].flags |= SIGMATCH_PAYLOAD;
- const char *eb;
- int eo;
- int opts = 0;
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if(parse_regex == NULL) {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if(eb != NULL) {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
- return;
-
-error:
- /* XXX */
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/**
sigmatch_table[DETECT_ITYPE].Free = DetectITypeFree;
sigmatch_table[DETECT_ITYPE].RegisterTests = DetectITypeRegisterTests;
- const char *eb;
- int eo;
- int opts = 0;
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if(parse_regex == NULL)
- {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if(eb != NULL)
- {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
- return;
-
-error:
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/**
sigmatch_table[DETECT_MARK].Free = DetectMarkDataFree;
sigmatch_table[DETECT_MARK].RegisterTests = MarkRegisterTests;
- const char *eb;
- int opts = 0;
- int eo;
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if(parse_regex == NULL)
- {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if(eb != NULL)
- {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
-
-error:
- return;
-
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
#ifdef NFQ
sigmatch_table[DETECT_AL_MODBUS].Free = DetectModbusFree;
sigmatch_table[DETECT_AL_MODBUS].RegisterTests = DetectModbusRegisterTests;
- const char *eb;
- int eo, opts = 0;
-
- SCLogDebug("registering modbus rule option");
-
- /* Function PARSE_REGEX */
- function_parse_regex = pcre_compile(PARSE_REGEX_FUNCTION, opts, &eb, &eo, NULL);
- if (function_parse_regex == NULL) {
- SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s",
- PARSE_REGEX_FUNCTION, eo, eb);
- goto error;
- }
-
- function_parse_regex_study = pcre_study(function_parse_regex, 0, &eb);
- if (eb != NULL) {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
-
- /* Access PARSE_REGEX */
- access_parse_regex = pcre_compile(PARSE_REGEX_ACCESS, opts, &eb, &eo, NULL);
- if (access_parse_regex == NULL) {
- SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s",
- PARSE_REGEX_ACCESS, eo, eb);
- goto error;
- }
-
- access_parse_regex_study = pcre_study(access_parse_regex, 0, &eb);
- if (eb != NULL) {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
-
-error:
- SCReturn;
+ DetectSetupParseRegexes(PARSE_REGEX_FUNCTION,
+ &function_parse_regex, &function_parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX_ACCESS,
+ &access_parse_regex, &access_parse_regex_study);
}
#ifdef UNITTESTS /* UNITTESTS */
sigmatch_table[DETECT_PCRE].flags |= SIGMATCH_PAYLOAD;
- const char *eb;
- int eo;
- int opts = 0;
intmax_t val = 0;
if (!ConfGetInt("pcre.match-limit", &val)) {
}
}
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if(parse_regex == NULL)
- {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if(eb != NULL)
- {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
+ /* setup the capture regex, as it needs PCRE_UNGREEDY we do it manually */
+ const char *eb;
+ int eo;
+ int opts = PCRE_UNGREEDY; /* pkt_http_ua should be pkt, http_ua, for this reason the UNGREEDY */
- opts |= PCRE_UNGREEDY; /* pkt_http_ua should be pkt, http_ua, for this reason the UNGREEDY */
parse_capture_regex = pcre_compile(PARSE_CAPTURE_REGEX, opts, &eb, &eo, NULL);
- if(parse_capture_regex == NULL)
+ if (parse_capture_regex == NULL)
{
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_CAPTURE_REGEX, eo, eb);
- goto error;
+ FatalError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_CAPTURE_REGEX, eo, eb);
}
parse_capture_regex_study = pcre_study(parse_capture_regex, 0, &eb);
if(eb != NULL)
{
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
+ FatalError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
}
- return;
-error:
- /* XXX */
+ DetectParseRegexAddToFreeList(parse_capture_regex, parse_capture_regex_study);
return;
}
sigmatch_table[DETECT_PKTVAR].flags |= SIGMATCH_PAYLOAD;
- const char *eb;
- int eo;
- int opts = 0;
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if(parse_regex == NULL)
- {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if(eb != NULL)
- {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
-
- return;
-
-error:
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/*
#include "util-debug.h"
#include "util-unittest.h"
-#define DETECT_PRIORITY_REGEX "^\\s*(\\d+|\"\\d+\")\\s*$"
+#define PARSE_REGEX "^\\s*(\\d+|\"\\d+\")\\s*$"
static pcre *regex = NULL;
static pcre_extra *regex_study = NULL;
*/
void DetectPriorityRegister (void)
{
- const char *eb = NULL;
- int eo;
- int opts = 0;
-
sigmatch_table[DETECT_PRIORITY].name = "priority";
sigmatch_table[DETECT_PRIORITY].desc = "rules with a higher priority will be examined first";
sigmatch_table[DETECT_PRIORITY].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Meta-settings#Priority";
sigmatch_table[DETECT_PRIORITY].Free = NULL;
sigmatch_table[DETECT_PRIORITY].RegisterTests = SCPriorityRegisterTests;
- regex = pcre_compile(DETECT_PRIORITY_REGEX, opts, &eb, &eo, NULL);
- if (regex == NULL) {
- SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s",
- DETECT_PRIORITY_REGEX, eo, eb);
- goto end;
- }
-
- regex_study = pcre_study(regex, 0, &eb);
- if (eb != NULL) {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto end;
- }
-
- end:
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, ®ex, ®ex_study);
}
static int DetectPrioritySetup (DetectEngineCtx *de_ctx, Signature *s, char *rawstr)
sigmatch_table[DETECT_REFERENCE].Free = NULL;
sigmatch_table[DETECT_REFERENCE].RegisterTests = ReferenceRegisterTests;
- const char *eb;
- int opts = 0;
- int eo;
-
- opts |= PCRE_CASELESS;
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if (parse_regex == NULL) {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at "
- "offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if (eb != NULL) {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
-
-error:
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/**
sigmatch_table[DETECT_RPC].Free = DetectRpcFree;
sigmatch_table[DETECT_RPC].RegisterTests = DetectRpcRegisterTests;
- const char *eb;
- int eo;
- int opts = 0;
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if(parse_regex == NULL)
- {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if(eb != NULL)
- {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
- return;
-
-error:
- /* XXX */
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/*
sigmatch_table[DETECT_AL_SSH_PROTOVERSION].Free = DetectSshVersionFree;
sigmatch_table[DETECT_AL_SSH_PROTOVERSION].RegisterTests = DetectSshVersionRegisterTests;
- const char *eb;
- int eo;
- int opts = 0;
-
- SCLogDebug("registering ssh.protoversion rule option");
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if (parse_regex == NULL) {
- SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s",
- PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if (eb != NULL) {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
- return;
-
-error:
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/**
sigmatch_table[DETECT_AL_SSH_SOFTWAREVERSION].Free = DetectSshSoftwareVersionFree;
sigmatch_table[DETECT_AL_SSH_SOFTWAREVERSION].RegisterTests = DetectSshSoftwareVersionRegisterTests;
- const char *eb;
- int eo;
- int opts = 0;
-
- SCLogDebug("registering ssh.softwareversion rule option");
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if (parse_regex == NULL) {
- SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s",
- PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if (eb != NULL) {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
- return;
-
-error:
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/**
sigmatch_table[DETECT_AL_SSL_STATE].Free = DetectSslStateFree;
sigmatch_table[DETECT_AL_SSL_STATE].RegisterTests = DetectSslStateRegisterTests;
- const char *eb;
- int eo;
- int opts = 0;
-
- SCLogDebug("registering ssl_state rule option");
-
- /* PARSE_REGEX1 */
- parse_regex1 = pcre_compile(PARSE_REGEX1, opts, &eb, &eo, NULL);
- if (parse_regex1 == NULL) {
- SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s",
- PARSE_REGEX1, eo, eb);
- goto error;
- }
-
- parse_regex1_study = pcre_study(parse_regex1, 0, &eb);
- if (eb != NULL) {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
-
- /* PARSE_REGEX2 */
- parse_regex2 = pcre_compile(PARSE_REGEX2, opts, &eb, &eo, NULL);
- if (parse_regex2 == NULL) {
- SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s",
- PARSE_REGEX2, eo, eb);
- goto error;
- }
-
- parse_regex2_study = pcre_study(parse_regex2, 0, &eb);
- if (eb != NULL) {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
-
-error:
- return;
+ DetectSetupParseRegexes(PARSE_REGEX1, &parse_regex1, &parse_regex1_study);
+ DetectSetupParseRegexes(PARSE_REGEX2, &parse_regex2, &parse_regex2_study);
}
/**
sigmatch_table[DETECT_AL_SSL_VERSION].Free = DetectSslVersionFree;
sigmatch_table[DETECT_AL_SSL_VERSION].RegisterTests = DetectSslVersionRegisterTests;
- const char *eb;
- int eo;
- int opts = 0;
-
- SCLogDebug("registering ssl_version rule option");
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if (parse_regex == NULL) {
- SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s",
- PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if (eb != NULL) {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
-
- return;
-
-error:
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/**
sigmatch_table[DETECT_STREAM_SIZE].Free = DetectStreamSizeFree;
sigmatch_table[DETECT_STREAM_SIZE].RegisterTests = DetectStreamSizeRegisterTests;
- const char *eb;
- int eo;
- int opts = 0;
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if (parse_regex == NULL) {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if (eb != NULL) {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
- return;
-
-error:
- if (parse_regex != NULL) SCFree(parse_regex);
- if (parse_regex_study != NULL) SCFree(parse_regex_study);
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/**
sigmatch_table[DETECT_TAG].RegisterTests = DetectTagRegisterTests;
sigmatch_table[DETECT_TAG].flags |= SIGMATCH_IPONLY_COMPAT;
- const char *eb;
- int eo;
- int opts = 0;
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if(parse_regex == NULL)
- {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if(eb != NULL)
- {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
- return;
-
-error:
- /* XXX */
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/**
sigmatch_table[DETECT_TEMPLATE].RegisterTests = DetectTemplateRegisterTests;
/* set up the PCRE for keyword parsing */
- const char *eb;
- int eo;
- int opts = 0;
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if (parse_regex == NULL) {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at "
- "offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if (eb != NULL) {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
- return;
-
-error:
- if (parse_regex != NULL)
- SCFree(parse_regex);
- if (parse_regex_study != NULL)
- SCFree(parse_regex_study);
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/**
/* this is compatible to ip-only signatures */
sigmatch_table[DETECT_THRESHOLD].flags |= SIGMATCH_IPONLY_COMPAT;
- const char *eb;
- int opts = 0;
- int eo;
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if (parse_regex == NULL)
- {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if (eb != NULL)
- {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
-
-error:
- return;
-
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
static int DetectThresholdMatch(ThreadVars *thv, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, const SigMatchCtx *ctx)
sigmatch_table[DETECT_AL_TLS_VERSION].Free = DetectTlsVersionFree;
sigmatch_table[DETECT_AL_TLS_VERSION].RegisterTests = DetectTlsVersionRegisterTests;
- const char *eb;
- int eo;
- int opts = 0;
-
- SCLogDebug("registering tls.version rule option");
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if (parse_regex == NULL) {
- SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s",
- PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if (eb != NULL) {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
- return;
-
-error:
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/**
sigmatch_table[DETECT_AL_TLS_STORE].RegisterTests = NULL;
sigmatch_table[DETECT_AL_TLS_STORE].flags |= SIGMATCH_NOOPT;
- const char *eb;
- int eo;
- int opts = 0;
-
- SCLogDebug("registering tls.subject rule option");
-
- subject_parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if (subject_parse_regex == NULL) {
- SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s",
- PARSE_REGEX, eo, eb);
- goto error;
- }
-
- subject_parse_regex_study = pcre_study(subject_parse_regex, 0, &eb);
- if (eb != NULL) {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
-
- SCLogDebug("registering tls.issuerdn rule option");
-
- issuerdn_parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if (issuerdn_parse_regex == NULL) {
- SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s",
- PARSE_REGEX, eo, eb);
- goto error;
- }
-
- issuerdn_parse_regex_study = pcre_study(issuerdn_parse_regex, 0, &eb);
- if (eb != NULL) {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
-
- SCLogDebug("registering tls.fingerprint rule option");
-
- fingerprint_parse_regex = pcre_compile(PARSE_REGEX_FINGERPRINT, opts, &eb, &eo, NULL);
- if (fingerprint_parse_regex == NULL) {
- SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX_FINGERPRINT, eo, eb);
- goto error;
- }
-
- fingerprint_parse_regex_study = pcre_study(fingerprint_parse_regex, 0, &eb);
- if (eb != NULL) {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
-
- return;
-
-error:
- return;
+ DetectSetupParseRegexes(PARSE_REGEX,
+ &subject_parse_regex, &subject_parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX,
+ &issuerdn_parse_regex, &issuerdn_parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX_FINGERPRINT,
+ &fingerprint_parse_regex, &fingerprint_parse_regex_study);
}
/**
sigmatch_table[DETECT_TOS].Free = DetectTosFree;
sigmatch_table[DETECT_TOS].RegisterTests = DetectTosRegisterTests;
- const char *eb;
- int eo;
- int opts = 0;
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if (parse_regex == NULL) {
- SCLogError(SC_ERR_PCRE_COMPILE, "Compile of \"%s\" failed at "
- "offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if (eb != NULL) {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
-
- return;
-
-error:
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/**
sigmatch_table[DETECT_TTL].Free = DetectTtlFree;
sigmatch_table[DETECT_TTL].RegisterTests = DetectTtlRegisterTests;
- const char *eb;
- int eo;
- int opts = 0;
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if (parse_regex == NULL) {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if (eb != NULL) {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
- return;
-
-error:
- if (parse_regex != NULL) SCFree(parse_regex);
- if (parse_regex_study != NULL) SCFree(parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
return;
}
sigmatch_table[DETECT_AL_URILEN].RegisterTests = DetectUrilenRegisterTests;
sigmatch_table[DETECT_AL_URILEN].flags |= SIGMATCH_PAYLOAD;
- const char *eb;
- int eo;
- int opts = 0;
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if (parse_regex == NULL) {
- SCLogDebug("pcre compile of \"%s\" failed at offset %" PRId32 ": %s",
- PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if (eb != NULL) {
- SCLogDebug("pcre study failed: %s", eb);
- goto error;
- }
- return;
-
-error:
- if (parse_regex != NULL)
- pcre_free(parse_regex);
- if (parse_regex_study != NULL)
- pcre_free_study(parse_regex_study);
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/**
sigmatch_table[DETECT_WINDOW].Free = DetectWindowFree;
sigmatch_table[DETECT_WINDOW].RegisterTests = DetectWindowRegisterTests;
- const char *eb;
- int eo;
- int opts = 0;
-
- #ifdef WINDOW_DEBUG
- printf("detect-window: Registering window rule option\n");
- #endif
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if(parse_regex == NULL)
- {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if(eb != NULL)
- {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
- return;
-
-error:
- /* XXX */
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
/**
/* this is compatible to ip-only signatures */
sigmatch_table[DETECT_XBITS].flags |= SIGMATCH_IPONLY_COMPAT;
- const char *eb;
- int eo;
- int opts = 0;
-
- parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
- if(parse_regex == NULL)
- {
- SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
- goto error;
- }
-
- parse_regex_study = pcre_study(parse_regex, 0, &eb);
- if(eb != NULL)
- {
- SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
- goto error;
- }
-
- return;
-
-error:
- return;
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
static int DetectIPPairbitMatchToggle (Packet *p, const DetectXbitsData *fd)
projects / thirdparty / suricata.git / commitdiff
