#include "util-debug.h"
#include "util-print.h"
-void DetectAddressTests(void);
-
-void DetectAddressRegister(void)
-{
- sigmatch_table[DETECT_ADDRESS].name = "__address__";
- sigmatch_table[DETECT_ADDRESS].Match = NULL;
- sigmatch_table[DETECT_ADDRESS].Setup = NULL;
- sigmatch_table[DETECT_ADDRESS].Free = NULL;
- sigmatch_table[DETECT_ADDRESS].RegisterTests = DetectAddressTests;
-}
-
/* prototypes */
void DetectAddressPrint(DetectAddress *);
static int DetectAddressCutNot(DetectAddress *, DetectAddress **);
int DetectAddressMatchIPv4(DetectMatchAddressIPv4 *, uint16_t, Address *);
int DetectAddressMatchIPv6(DetectMatchAddressIPv6 *, uint16_t, Address *);
+
+void DetectAddressTests(void);
+
#endif /* __DETECT_ADDRESS_H__ */
#include "util-debug.h"
#include "util-error.h"
-void DetectPortTests(void);
static int DetectPortCutNot(DetectPort *, DetectPort **);
static int DetectPortCut(DetectEngineCtx *, DetectPort *, DetectPort *,
DetectPort **);
static uint32_t detect_port_init_cnt = 0;
static uint32_t detect_port_free_cnt = 0;
-/** DetectPort module registration */
-void DetectPortRegister(void) {
- sigmatch_table[DETECT_PORT].name = "__port__";
- sigmatch_table[DETECT_PORT].Match = NULL;
- sigmatch_table[DETECT_PORT].Setup = NULL;
- sigmatch_table[DETECT_PORT].Free = NULL;
- sigmatch_table[DETECT_PORT].RegisterTests = DetectPortTests;
-}
-
-
/**
* \brief Alloc a DetectPort structure and update counters
*
#define __DETECT_PORT_H__
/* prototypes */
-void DetectPortRegister (void);
-
int DetectPortParse(DetectPort **head, char *str);
DetectPort *DetectPortCopy(DetectEngineCtx *, DetectPort *);
int DetectPortCmp(DetectPort *, DetectPort *);
void DetectPortFree(DetectPort *);
+void DetectPortTests(void);
+
#endif /* __DETECT_PORT_H__ */
#include "util-unittest-helper.h"
#include "util-debug.h"
-/*Prototypes*/
-void DetectProtoTests (void);
-
-/**
- * \brief To register the protocol detection function
- */
-void DetectProtoRegister (void)
-{
- sigmatch_table[DETECT_PROTO].name = "__proto__";
- sigmatch_table[DETECT_PROTO].Match = NULL;
- sigmatch_table[DETECT_PROTO].Setup = NULL;
- sigmatch_table[DETECT_PROTO].Free = NULL;
- sigmatch_table[DETECT_PROTO].RegisterTests = DetectProtoTests;
-}
-
/**
* \brief Function to initialize the protocol detection and
* allocate memory to the DetectProto structure.
} DetectProto;
/* prototypes */
-void DetectProtoRegister (void);
int DetectProtoParse(DetectProto *dp, char *str);
int DetectProtoContainsProto(DetectProto *, int);
+void DetectProtoTests(void);
+
#endif /* __DETECT_PROTO_H__ */
sigmatch_table[DETECT_PCRE].flags |= SIGMATCH_PAYLOAD;
- sigmatch_table[DETECT_PCRE_HTTPCOOKIE].name = "__pcre_http_cookie__"; /* not a real keyword */
- sigmatch_table[DETECT_PCRE_HTTPCOOKIE].Match = NULL;
- sigmatch_table[DETECT_PCRE_HTTPCOOKIE].AppLayerMatch = DetectPcreALMatchCookie;
- sigmatch_table[DETECT_PCRE_HTTPCOOKIE].alproto = ALPROTO_HTTP;
- sigmatch_table[DETECT_PCRE_HTTPCOOKIE].Setup = NULL;
- sigmatch_table[DETECT_PCRE_HTTPCOOKIE].Free = DetectPcreFree;
- sigmatch_table[DETECT_PCRE_HTTPCOOKIE].RegisterTests = NULL;
- sigmatch_table[DETECT_PCRE_HTTPCOOKIE].flags |= SIGMATCH_PAYLOAD;
-
- sigmatch_table[DETECT_PCRE_HTTPMETHOD].name = "__pcre_http_method__"; /* not a real keyword */
- sigmatch_table[DETECT_PCRE_HTTPMETHOD].Match = NULL;
- sigmatch_table[DETECT_PCRE_HTTPMETHOD].AppLayerMatch = DetectPcreALMatchMethod;
- sigmatch_table[DETECT_PCRE_HTTPMETHOD].alproto = ALPROTO_HTTP;
- sigmatch_table[DETECT_PCRE_HTTPMETHOD].Setup = NULL;
- sigmatch_table[DETECT_PCRE_HTTPMETHOD].Free = DetectPcreFree;
- sigmatch_table[DETECT_PCRE_HTTPMETHOD].RegisterTests = NULL;
- sigmatch_table[DETECT_PCRE_HTTPMETHOD].flags |= SIGMATCH_PAYLOAD;
-
const char *eb;
int eo;
int opts = 0;
//if (pe->flags & DETECT_PCRE_HTTP_BODY_AL)
// SCReturnInt(0);
- if (s->flags & SIG_FLAG_RECURSIVE) {
- ptr = payload + det_ctx->buffer_offset;
- len = payload_len - det_ctx->buffer_offset;
- } else if (pe->flags & DETECT_PCRE_RELATIVE) {
+ if (pe->flags & DETECT_PCRE_RELATIVE) {
ptr = payload + det_ctx->buffer_offset;
len = payload_len - det_ctx->buffer_offset;
} else {
if (pe->flags & DETECT_PCRE_HTTP_CLIENT_BODY)
SCReturnInt(0);
- if (s->flags & SIG_FLAG_RECURSIVE) {
- ptr = p->payload + det_ctx->buffer_offset;
- len = p->payload_len - det_ctx->buffer_offset;
- } else if (pe->flags & DETECT_PCRE_RELATIVE) {
+ if (pe->flags & DETECT_PCRE_RELATIVE) {
ptr = p->payload + det_ctx->buffer_offset;
len = p->payload_len - det_ctx->buffer_offset;
if (ptr == NULL || len == 0)
if (pe->flags & DETECT_PCRE_HTTP_CLIENT_BODY)
SCReturnInt(0);
- if (s->flags & SIG_FLAG_RECURSIVE) {
- ptr = data + det_ctx->buffer_offset;
- len = data_len - det_ctx->buffer_offset;
- } else if (pe->flags & DETECT_PCRE_RELATIVE) {
+ if (pe->flags & DETECT_PCRE_RELATIVE) {
ptr = data + det_ctx->buffer_offset;
len = data_len - det_ctx->buffer_offset;
if (ptr == NULL || len == 0)
-/* Copyright (C) 2007-2010 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * \author Victor Julien <victor@inliniac.net>
- *
- * Implements recursive keyword support
- *
- * Used to capture variables recursively in a payload,
- * used for example to extract http_uri for uricontent.
- *
- * Note: non Snort compatible.
- */
-
-#include "suricata-common.h"
-#include "decode.h"
-#include "detect.h"
-#include "flow-var.h"
-
-static int DetectRecursiveSetup (DetectEngineCtx *, Signature *, char *);
-
-void DetectRecursiveRegister (void) {
- sigmatch_table[DETECT_RECURSIVE].name = "recursive";
- sigmatch_table[DETECT_RECURSIVE].Match = NULL;
- sigmatch_table[DETECT_RECURSIVE].Setup = DetectRecursiveSetup;
- sigmatch_table[DETECT_RECURSIVE].Free = NULL;
- sigmatch_table[DETECT_RECURSIVE].RegisterTests = NULL;
-
- sigmatch_table[DETECT_RECURSIVE].flags |= SIGMATCH_NOOPT;
-}
-
-static int DetectRecursiveSetup (DetectEngineCtx *de_ctx, Signature *s, char *nullstr)
-{
- if (nullstr != NULL) {
- printf("DetectRecursiveSetup: recursive has no value\n");
- return -1;
- }
-
- s->flags |= SIG_FLAG_RECURSIVE;
- return 0;
-}
-
-/* Copyright (C) 2007-2010 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * \author Victor Julien <victor@inliniac.net>
- */
-
-#ifndef __DETECT_RECURSIVE_H__
-#define __DETECT_RECURSIVE_H__
-
-/* prototypes */
-void DetectRecursiveRegister (void);
-
-#endif /* __DETECT_RECURSIVE_H__ */
-
#include "detect-pcre.h"
#include "detect-depth.h"
#include "detect-nocase.h"
-#include "detect-recursive.h"
#include "detect-rawbytes.h"
#include "detect-bytetest.h"
#include "detect-bytejump.h"
case DETECT_AL_HTTP_RAW_HEADER:
case DETECT_AL_HTTP_URI:
case DETECT_AL_HTTP_RAW_URI:
- case DETECT_PCRE_HTTPBODY:
- case DETECT_PCRE_HTTPHEADER:
s->mask |= SIG_MASK_REQUIRE_HTTP_STATE;
SCLogDebug("sig requires dce http state");
break;
return 0;
}
+void SigTableList(void)
+{
+ size_t size = sizeof(sigmatch_table) / sizeof(SigTableElmt);
+
+ size_t i;
+ printf("=====Supported keywords=====\n");
+ for (i = 0; i < size; i++) {
+ if (sigmatch_table[i].name != NULL)
+ printf("- %s\n", sigmatch_table[i].name);
+ }
+
+ return;
+}
+
void SigTableSetup(void) {
memset(sigmatch_table, 0, sizeof(sigmatch_table));
- DetectAddressRegister();
- DetectProtoRegister();
- DetectPortRegister();
-
DetectSidRegister();
DetectPriorityRegister();
DetectRevRegister();
DetectPcreRegister();
DetectDepthRegister();
DetectNocaseRegister();
- DetectRecursiveRegister();
DetectRawbytesRegister();
DetectBytetestRegister();
DetectBytejumpRegister();
Packet *p = UTHBuildPacket( buf, buflen, IPPROTO_TCP);
int result = 0;
- char sig[] = "alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:1;)";
+ char sig[] = "alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; sid:1;)";
if (UTHPacketMatchSigMpm(p, sig, mpm_type) == 0) {
result = 0;
goto end;
de_ctx->mpm_matcher = mpm_type;
de_ctx->flags |= DE_QUIET;
- de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:1;)");
+ de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; sid:1;)");
if (de_ctx->sig_list == NULL) {
result = 0;
goto end;
de_ctx->mpm_matcher = mpm_type;
de_ctx->flags |= DE_QUIET;
- de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:1;)");
+ de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; sid:1;)");
if (de_ctx->sig_list == NULL) {
result = 0;
goto end;
de_ctx->flags |= DE_QUIET;
- de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:1;)");
+ de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; sid:1;)");
if (de_ctx->sig_list == NULL) {
result = 0;
goto end;
}
de_ctx->flags |= DE_QUIET;
- de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any 456 (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:1;)");
+ de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any 456 (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; sid:1;)");
if (de_ctx->sig_list == NULL) {
result = 0;
goto end;
}
- de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any 1:1000 (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:2;)");
+ de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any 1:1000 (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; sid:2;)");
if (de_ctx->sig_list->next == NULL) {
result = 0;
goto end;
}
de_ctx->flags |= DE_QUIET;
- de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> 1.2.3.4 456 (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:1;)");
+ de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> 1.2.3.4 456 (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; sid:1;)");
if (de_ctx->sig_list == NULL) {
result = 0;
goto end;
}
- de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> 1.2.3.3-1.2.3.6 1:1000 (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:2;)");
+ de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> 1.2.3.3-1.2.3.6 1:1000 (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; sid:2;)");
if (de_ctx->sig_list->next == NULL) {
result = 0;
goto end;
}
- de_ctx->sig_list->next->next = SigInit(de_ctx,"alert tcp any any -> !1.2.3.5 1:990 (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:3;)");
+ de_ctx->sig_list->next->next = SigInit(de_ctx,"alert tcp any any -> !1.2.3.5 1:990 (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; sid:3;)");
if (de_ctx->sig_list->next->next == NULL) {
result = 0;
goto end;
} DetectPort;
/* Signature flags */
-#define SIG_FLAG_RECURSIVE (1) /**< recursive capturing enabled */
+#define SIG_FLAG_SRC_ANY (1) /**< source is any */
+#define SIG_FLAG_DST_ANY (1<<1) /**< destination is any */
+#define SIG_FLAG_SP_ANY (1<<2) /**< source port is any */
+#define SIG_FLAG_DP_ANY (1<<3) /**< destination port is any */
-#define SIG_FLAG_SRC_ANY (1<<1) /**< source is any */
-#define SIG_FLAG_DST_ANY (1<<2) /**< destination is any */
-#define SIG_FLAG_SP_ANY (1<<3) /**< source port is any */
-#define SIG_FLAG_DP_ANY (1<<4) /**< destination port is any */
+#define SIG_FLAG_NOALERT (1<<4) /**< no alert flag is set */
+#define SIG_FLAG_DSIZE (1<<5) /**< signature has a dsize setting */
+#define SIG_FLAG_APPLAYER (1<<6) /**< signature applies to app layer instead of packets */
+#define SIG_FLAG_IPONLY (1<<7) /**< ip only signature */
-#define SIG_FLAG_NOALERT (1<<5) /**< no alert flag is set */
-#define SIG_FLAG_DSIZE (1<<6) /**< signature has a dsize setting */
-#define SIG_FLAG_APPLAYER (1<<7) /**< signature applies to app layer instead of packets */
-#define SIG_FLAG_IPONLY (1<<8) /**< ip only signature */
+#define SIG_FLAG_STATE_MATCH (1<<8) /**< signature has matches that require stateful inspection */
-#define SIG_FLAG_STATE_MATCH (1<<9) /**< signature has matches that require stateful inspection */
+#define SIG_FLAG_REQUIRE_PACKET (1<<9) /**< signature is requiring packet match */
+#define SIG_FLAG_REQUIRE_STREAM (1<<10) /**< signature is requiring stream match */
-#define SIG_FLAG_REQUIRE_PACKET (1<<10) /**< signature is requiring packet match */
-#define SIG_FLAG_REQUIRE_STREAM (1<<11) /**< signature is requiring stream match */
+#define SIG_FLAG_MPM_PACKET (1<<11)
+#define SIG_FLAG_MPM_PACKET_NEG (1<<12)
+#define SIG_FLAG_MPM_STREAM (1<<13)
+#define SIG_FLAG_MPM_STREAM_NEG (1<<14)
+#define SIG_FLAG_MPM_HTTP (1<<15)
+#define SIG_FLAG_MPM_HTTP_NEG (1<<16)
-#define SIG_FLAG_MPM_PACKET (1<<12)
-#define SIG_FLAG_MPM_PACKET_NEG (1<<13)
-#define SIG_FLAG_MPM_STREAM (1<<14)
-#define SIG_FLAG_MPM_STREAM_NEG (1<<15)
-#define SIG_FLAG_MPM_HTTP (1<<16)
-#define SIG_FLAG_MPM_HTTP_NEG (1<<17)
+#define SIG_FLAG_REQUIRE_FLOWVAR (1<<17) /**< signature can only match if a flowbit, flowvar or flowint is available. */
-#define SIG_FLAG_REQUIRE_FLOWVAR (1<<18) /**< signature can only match if a flowbit, flowvar or flowint is available. */
+#define SIG_FLAG_FILESTORE (1<<18) /**< signature has filestore keyword */
-#define SIG_FLAG_FILESTORE (1<<19) /**< signature has filestore keyword */
-
-#define SIG_FLAG_TOSERVER (1<<20)
-#define SIG_FLAG_TOCLIENT (1<<21)
+#define SIG_FLAG_TOSERVER (1<<19)
+#define SIG_FLAG_TOCLIENT (1<<20)
/* signature init flags */
#define SIG_FLAG_INIT_DEONLY 1 /**< decode event only signature */
DETECT_CONTENT,
DETECT_URICONTENT,
DETECT_PCRE,
- DETECT_PCRE_HTTPBODY,
- DETECT_PCRE_HTTPCOOKIE,
- DETECT_PCRE_HTTPHEADER,
- DETECT_PCRE_HTTPMETHOD,
DETECT_ACK,
DETECT_SEQ,
DETECT_DEPTH,
DETECT_REPLACE,
DETECT_NOCASE,
DETECT_FAST_PATTERN,
- DETECT_RECURSIVE,
DETECT_RAWBYTES,
DETECT_BYTETEST,
DETECT_BYTEJUMP,
DETECT_ICMP_SEQ,
DETECT_DETECTION_FILTER,
- DETECT_ADDRESS,
- DETECT_PROTO,
- DETECT_PORT,
DETECT_DECODE_EVENT,
DETECT_IPOPTS,
DETECT_FLAGS,
void SigAddressPrepareBidirectionals (DetectEngineCtx *);
int SigLoadSignatures (DetectEngineCtx *, char *, int);
+void SigTableList(void);
void SigTableSetup(void);
int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, Packet *p);
#include "detect-parse.h"
#include "detect-engine.h"
+#include "detect-engine-address.h"
+#include "detect-engine-proto.h"
+#include "detect-engine-port.h"
#include "detect-engine-mpm.h"
#include "detect-engine-sigorder.h"
#include "detect-engine-payload.h"
printf("\t-u : run the unittests and exit\n");
printf("\t-U, --unittest-filter=REGEX : filter unittests with a regex\n");
printf("\t--list-unittests : list unit tests\n");
+ printf("\t--list-keywords : list all keywords implemented by the engine\n");
printf("\t--fatal-unittests : enable fatal failure on unittest error\n");
#endif /* UNITTESTS */
#ifdef __SC_CUDA_SUPPORT__
int list_unittests = 0;
int list_cuda_cards = 0;
int list_runmodes = 0;
+ int list_keywords = 0;
const char *runmode_custom_mode = NULL;
int daemon = 0;
#ifndef OS_WIN32
{"list-unittests", 0, &list_unittests, 1},
{"list-cuda-cards", 0, &list_cuda_cards, 1},
{"list-runmodes", 0, &list_runmodes, 1},
+ {"list-keywords", 0, &list_keywords, 1},
{"runmode", required_argument, NULL, 0},
{"engine-analysis", 0, &engine_analysis, 1},
#ifdef OS_WIN32
} else if (strcmp((long_opts[option_index]).name, "list-runmodes") == 0) {
RunModeListRunmodes();
exit(EXIT_SUCCESS);
+ } else if (strcmp((long_opts[option_index]).name, "list-keywords") == 0) {
+ // do nothing
} else if (strcmp((long_opts[option_index]).name, "runmode") == 0) {
runmode_custom_mode = optarg;
} else if(strcmp((long_opts[option_index]).name, "engine-analysis") == 0) {
}
}
- } else if (run_mode != RUNMODE_UNITTEST){
+ } else if (run_mode != RUNMODE_UNITTEST &&
+ !list_keywords){
SCLogError(SC_ERR_OPENING_FILE, "Configuration file has not been provided");
usage(argv[0]);
exit(EXIT_FAILURE);
DefragInit();
if (run_mode == RUNMODE_UNKNOWN) {
- if (!engine_analysis) {
+ if (!engine_analysis && !list_keywords) {
usage(argv[0]);
exit(EXIT_FAILURE);
}
/* hardcoded initialization code */
MpmTableSetup(); /* load the pattern matchers */
SigTableSetup(); /* load the rule keywords */
+ if (list_keywords) {
+ SigTableList();
+ exit(EXIT_FAILURE);
+ }
TmqhSetup();
+
CIDRInit();
SigParsePrepare();
//PatternMatchPrepare(mpm_ctx, MPM_B2G);
SMTPParserRegisterTests();
MagicRegisterTests();
UtilMiscRegisterTests();
+ DetectAddressTests();
+ DetectProtoTests();
+ DetectPortTests();
if (list_unittests) {
UtListTests(regex_arg);
}
projects / thirdparty / suricata.git / commitdiff
