helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, DetectHelperGetData,
DetectSignatureSetAppProto, SigTableElmtStickyBuffer,
};
+use suricata::core::{STREAM_TOCLIENT, STREAM_TOSERVER};
use suricata::direction::Direction;
use suricata_sys::sys::{DetectEngineCtx, SCDetectBufferSetActiveList, Signature};
b"altemplate.buffer\0".as_ptr() as *const libc::c_char,
b"template.buffer intern description\0".as_ptr() as *const libc::c_char,
ALPROTO_TEMPLATE,
- true, //toclient
- true, //toserver
+ STREAM_TOSERVER | STREAM_TOCLIENT,
template_buffer_get,
);
}
/* TEMPLATE_START_REMOVE */
use crate::conf::conf_get_node;
/* TEMPLATE_END_REMOVE */
+use crate::core::{STREAM_TOCLIENT, STREAM_TOSERVER};
use crate::detect::{
helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, DetectHelperGetData,
DetectSignatureSetAppProto, SigTableElmtStickyBuffer,
b"template.buffer\0".as_ptr() as *const libc::c_char,
b"template.buffer intern description\0".as_ptr() as *const libc::c_char,
ALPROTO_TEMPLATE,
- true, //toclient
- true, //toserver
+ STREAM_TOSERVER | STREAM_TOCLIENT,
template_buffer_get,
);
}
get_buf: unsafe extern "C" fn(*const c_void, u8, *mut *const u8, *mut u32) -> bool,
) -> *mut c_void;
pub fn DetectHelperBufferMpmRegister(
- name: *const libc::c_char, desc: *const libc::c_char, alproto: AppProto, toclient: bool,
- toserver: bool,
+ name: *const libc::c_char, desc: *const libc::c_char, alproto: AppProto, dir: u8,
get_data: unsafe extern "C" fn(
*mut c_void,
*const c_void,
pub fn DetectHelperKeywordRegister(kw: *const SCSigTableAppLiteElmt) -> c_int;
pub fn DetectHelperKeywordAliasRegister(kwid: c_int, alias: *const c_char);
pub fn DetectHelperBufferRegister(
- name: *const libc::c_char, alproto: AppProto, toclient: bool, toserver: bool,
+ name: *const libc::c_char, alproto: AppProto, dir: u8,
) -> c_int;
pub fn DetectSignatureSetAppProto(s: *mut Signature, alproto: AppProto) -> c_int;
pub fn SigMatchAppendSMToList(
DHCP_OPT_RENEWAL_TIME,
};
use super::parser::DHCPOptionWrapper;
-use crate::detect::uint::{
- SCDetectU64Free, SCDetectU64Match, SCDetectU64Parse, DetectUintData,
-};
+use crate::core::{STREAM_TOCLIENT, STREAM_TOSERVER};
+use crate::detect::uint::{DetectUintData, SCDetectU64Free, SCDetectU64Match, SCDetectU64Parse};
use crate::detect::{
DetectHelperBufferRegister, DetectHelperKeywordRegister, DetectSignatureSetAppProto,
SCSigTableAppLiteElmt, SigMatchAppendSMToList,
G_DHCP_LEASE_TIME_BUFFER_ID = DetectHelperBufferRegister(
b"dhcp.leasetime\0".as_ptr() as *const libc::c_char,
ALPROTO_DHCP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
);
let kw = SCSigTableAppLiteElmt {
name: b"dhcp.rebinding_time\0".as_ptr() as *const libc::c_char,
G_DHCP_REBINDING_TIME_BUFFER_ID = DetectHelperBufferRegister(
b"dhcp.rebinding-time\0".as_ptr() as *const libc::c_char,
ALPROTO_DHCP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
);
let kw = SCSigTableAppLiteElmt {
name: b"dhcp.renewal_time\0".as_ptr() as *const libc::c_char,
G_DHCP_RENEWAL_TIME_BUFFER_ID = DetectHelperBufferRegister(
b"dhcp.renewal-time\0".as_ptr() as *const libc::c_char,
ALPROTO_DHCP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
);
}
G_DNS_OPCODE_BUFFER_ID = DetectHelperBufferRegister(
b"dns.opcode\0".as_ptr() as *const libc::c_char,
ALPROTO_DNS,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
);
let kw = SigTableElmtStickyBuffer {
name: String::from("dns.query.name"),
G_DNS_RCODE_BUFFER_ID = DetectHelperBufferRegister(
b"dns.rcode\0".as_ptr() as *const libc::c_char,
ALPROTO_DNS,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
);
let kw = SCSigTableAppLiteElmt {
name: b"dns.rrtype\0".as_ptr() as *const libc::c_char,
G_DNS_RRTYPE_BUFFER_ID = DetectHelperBufferRegister(
b"dns.rrtype\0".as_ptr() as *const libc::c_char,
ALPROTO_DNS,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
);
let kw = SigTableElmtStickyBuffer {
name: String::from("dns.query"),
CIP_MULTIPLE_SERVICE,
};
+use crate::core::{STREAM_TOCLIENT, STREAM_TOSERVER};
use crate::detect::uint::{
detect_match_uint, detect_parse_uint_enum, DetectUintData, SCDetectU16Free, SCDetectU16Match,
SCDetectU16Parse, SCDetectU32Free, SCDetectU32Match, SCDetectU32Parse, SCDetectU8Free,
G_ENIP_CIPSERVICE_BUFFER_ID = DetectHelperBufferRegister(
b"cip\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
);
let kw = SCSigTableAppLiteElmt {
name: b"enip.capabilities\0".as_ptr() as *const libc::c_char,
G_ENIP_CAPABILITIES_BUFFER_ID = DetectHelperBufferRegister(
b"enip.capabilities\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
);
let kw = SCSigTableAppLiteElmt {
name: b"enip.cip_attribute\0".as_ptr() as *const libc::c_char,
G_ENIP_CIP_ATTRIBUTE_BUFFER_ID = DetectHelperBufferRegister(
b"enip.cip_attribute\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
);
let kw = SCSigTableAppLiteElmt {
name: b"enip.cip_class\0".as_ptr() as *const libc::c_char,
G_ENIP_CIP_CLASS_BUFFER_ID = DetectHelperBufferRegister(
b"enip.cip_class\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
);
let kw = SCSigTableAppLiteElmt {
name: b"enip.vendor_id\0".as_ptr() as *const libc::c_char,
G_ENIP_VENDOR_ID_BUFFER_ID = DetectHelperBufferRegister(
b"enip.vendor_id\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
);
let kw = SCSigTableAppLiteElmt {
name: b"enip.status\0".as_ptr() as *const libc::c_char,
G_ENIP_STATUS_BUFFER_ID = DetectHelperBufferRegister(
b"enip.status\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
);
let kw = SCSigTableAppLiteElmt {
name: b"enip.state\0".as_ptr() as *const libc::c_char,
G_ENIP_STATE_BUFFER_ID = DetectHelperBufferRegister(
b"enip.state\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
);
let kw = SCSigTableAppLiteElmt {
name: b"enip.serial\0".as_ptr() as *const libc::c_char,
G_ENIP_SERIAL_BUFFER_ID = DetectHelperBufferRegister(
b"enip.serial\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
);
let kw = SCSigTableAppLiteElmt {
name: b"enip.revision\0".as_ptr() as *const libc::c_char,
G_ENIP_REVISION_BUFFER_ID = DetectHelperBufferRegister(
b"enip.revision\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
);
let kw = SCSigTableAppLiteElmt {
name: b"enip.protocol_version\0".as_ptr() as *const libc::c_char,
G_ENIP_PROTOCOL_VERSION_BUFFER_ID = DetectHelperBufferRegister(
b"enip.protocol_version\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
);
let kw = SCSigTableAppLiteElmt {
name: b"enip.product_code\0".as_ptr() as *const libc::c_char,
G_ENIP_PRODUCT_CODE_BUFFER_ID = DetectHelperBufferRegister(
b"enip.product_code\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
);
let kw = SCSigTableAppLiteElmt {
name: b"enip_command\0".as_ptr() as *const libc::c_char,
G_ENIP_COMMAND_BUFFER_ID = DetectHelperBufferRegister(
b"enip.command\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
);
let kw = SCSigTableAppLiteElmt {
name: b"enip.identity_status\0".as_ptr() as *const libc::c_char,
G_ENIP_IDENTITY_STATUS_BUFFER_ID = DetectHelperBufferRegister(
b"enip.identity_status\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
);
let kw = SCSigTableAppLiteElmt {
name: b"enip.device_type\0".as_ptr() as *const libc::c_char,
G_ENIP_DEVICE_TYPE_BUFFER_ID = DetectHelperBufferRegister(
b"enip.device_type\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
);
let kw = SCSigTableAppLiteElmt {
name: b"enip.cip_status\0".as_ptr() as *const libc::c_char,
G_ENIP_CIP_STATUS_BUFFER_ID = DetectHelperBufferRegister(
b"enip.cip_status\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
);
let kw = SCSigTableAppLiteElmt {
name: b"enip.cip_instance\0".as_ptr() as *const libc::c_char,
G_ENIP_CIP_INSTANCE_BUFFER_ID = DetectHelperBufferRegister(
b"enip.cip_instance\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
);
let kw = SCSigTableAppLiteElmt {
name: b"enip.cip_extendedstatus\0".as_ptr() as *const libc::c_char,
G_ENIP_CIP_EXTENDEDSTATUS_BUFFER_ID = DetectHelperBufferRegister(
b"enip.cip_extendedstatus\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
);
let kw = SigTableElmtStickyBuffer {
name: String::from("enip.product_name"),
b"enip.product_name\0".as_ptr() as *const libc::c_char,
b"ENIP product name\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
product_name_get_data,
);
let kw = SigTableElmtStickyBuffer {
b"enip.service_name\0".as_ptr() as *const libc::c_char,
b"ENIP service name\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
service_name_get_data,
);
}
G_LDAP_REQUEST_OPERATION_BUFFER_ID = DetectHelperBufferRegister(
b"ldap.request.operation\0".as_ptr() as *const libc::c_char,
ALPROTO_LDAP,
- false, //to client
- true, //to server
+ STREAM_TOSERVER,
);
let kw = SCSigTableAppLiteElmt {
name: b"ldap.responses.operation\0".as_ptr() as *const libc::c_char,
G_LDAP_RESPONSES_OPERATION_BUFFER_ID = DetectHelperBufferRegister(
b"ldap.responses.operation\0".as_ptr() as *const libc::c_char,
ALPROTO_LDAP,
- true, //to client
- false, //to server
+ STREAM_TOCLIENT,
);
let kw = SCSigTableAppLiteElmt {
name: b"ldap.responses.count\0".as_ptr() as *const libc::c_char,
G_LDAP_RESPONSES_COUNT_BUFFER_ID = DetectHelperBufferRegister(
b"ldap.responses.count\0".as_ptr() as *const libc::c_char,
ALPROTO_LDAP,
- true, //to client
- false, //to server
+ STREAM_TOCLIENT,
);
let kw = SigTableElmtStickyBuffer {
name: String::from("ldap.request.dn"),
b"ldap.request.dn\0".as_ptr() as *const libc::c_char,
b"LDAP REQUEST DISTINGUISHED_NAME\0".as_ptr() as *const libc::c_char,
ALPROTO_LDAP,
- false, //to client
- true, //to server
+ STREAM_TOSERVER,
ldap_detect_request_dn_get_data,
);
let kw = SigTableElmtStickyBuffer {
G_LDAP_RESPONSES_RESULT_CODE_BUFFER_ID = DetectHelperBufferRegister(
b"ldap.responses.result_code\0".as_ptr() as *const libc::c_char,
ALPROTO_LDAP,
- true, //to client
- false, //to server
+ STREAM_TOCLIENT,
);
let kw = SigTableElmtStickyBuffer {
name: String::from("ldap.responses.message"),
// written by Sascha Steinbiss <sascha@steinbiss.name>
-use crate::core::{DetectEngineThreadCtx, STREAM_TOSERVER};
+use crate::core::{DetectEngineThreadCtx, STREAM_TOCLIENT, STREAM_TOSERVER};
use crate::detect::uint::{
detect_match_uint, detect_parse_uint, detect_parse_uint_enum, DetectUintData, DetectUintMode,
SCDetectU8Free, SCDetectU8Parse,
G_MQTT_TYPE_BUFFER_ID = DetectHelperBufferRegister(
b"mqtt.type\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
);
let keyword_name = b"mqtt.subscribe.topic\0".as_ptr() as *const libc::c_char;
G_MQTT_REASON_CODE_BUFFER_ID = DetectHelperBufferRegister(
b"mqtt.reason_code\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
);
let kw = SCSigTableAppLiteElmt {
name: b"mqtt.connack.session_present\0".as_ptr() as *const libc::c_char,
G_MQTT_CONNACK_SESSIONPRESENT_BUFFER_ID = DetectHelperBufferRegister(
b"mqtt.connack.session_present\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
- true,
- false, // only to client
+ STREAM_TOCLIENT,
);
let kw = SCSigTableAppLiteElmt {
name: b"mqtt.qos\0".as_ptr() as *const libc::c_char,
G_MQTT_QOS_BUFFER_ID = DetectHelperBufferRegister(
b"mqtt.qos\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
- false, // only to server
- true,
+ STREAM_TOSERVER,
);
let kw = SigTableElmtStickyBuffer {
name: String::from("mqtt.publish.topic"),
b"mqtt.publish.topic\0".as_ptr() as *const libc::c_char,
b"MQTT PUBLISH topic\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
- true, // PUBLISH goes both ways
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
mqtt_pub_topic_get_data,
);
let kw = SigTableElmtStickyBuffer {
b"mqtt.publish.message\0".as_ptr() as *const libc::c_char,
b"MQTT PUBLISH message\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
- true, // PUBLISH goes both ways
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
mqtt_pub_msg_get_data,
);
let kw = SCSigTableAppLiteElmt {
G_MQTT_PROTOCOL_VERSION_BUFFER_ID = DetectHelperBufferRegister(
b"mqtt.protocol_version\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
- false, // only to server
- true,
+ STREAM_TOSERVER,
);
let kw = SCSigTableAppLiteElmt {
name: b"mqtt.flags\0".as_ptr() as *const libc::c_char,
G_MQTT_FLAGS_BUFFER_ID = DetectHelperBufferRegister(
b"mqtt.flags\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
- false, // only to server
- true,
+ STREAM_TOSERVER,
);
let kw = SCSigTableAppLiteElmt {
name: b"mqtt.connect.flags\0".as_ptr() as *const libc::c_char,
G_MQTT_CONN_FLAGS_BUFFER_ID = DetectHelperBufferRegister(
b"mqtt.connect.flags\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
- false, // only to server
- true,
+ STREAM_TOSERVER,
);
let kw = SigTableElmtStickyBuffer {
name: String::from("mqtt.connect.willtopic"),
b"mqtt.connect.willtopic\0".as_ptr() as *const libc::c_char,
b"MQTT CONNECT will topic\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
- false, // only to server
- true,
+ STREAM_TOSERVER,
mqtt_conn_willtopic_get_data,
);
let kw = SigTableElmtStickyBuffer {
b"mqtt.connect.willmessage\0".as_ptr() as *const libc::c_char,
b"MQTT CONNECT will message\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
- false, // only to server
- true,
+ STREAM_TOSERVER,
mqtt_conn_willmsg_get_data,
);
let kw = SigTableElmtStickyBuffer {
b"mqtt.connect.username\0".as_ptr() as *const libc::c_char,
b"MQTT CONNECT username\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
- false, // only to server
- true,
+ STREAM_TOSERVER,
mqtt_conn_username_get_data,
);
let kw = SigTableElmtStickyBuffer {
b"mqtt.connect.protocol_string\0".as_ptr() as *const libc::c_char,
b"MQTT CONNECT protocol string\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
- false, // only to server
- true,
+ STREAM_TOSERVER,
mqtt_conn_protocolstring_get_data,
);
let kw = SigTableElmtStickyBuffer {
b"mqtt.connect.password\0".as_ptr() as *const libc::c_char,
b"MQTT CONNECT password\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
- false, // only to server
- true,
+ STREAM_TOSERVER,
mqtt_conn_password_get_data,
);
let kw = SigTableElmtStickyBuffer {
b"mqtt.connect.clientid\0".as_ptr() as *const libc::c_char,
b"MQTT CONNECT clientid\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
- false, // only to server
- true,
+ STREAM_TOSERVER,
mqtt_conn_clientid_get_data,
);
}
use super::parser::RFBSecurityResultStatus;
use super::rfb::{RFBTransaction, ALPROTO_RFB};
+use crate::core::{STREAM_TOCLIENT, STREAM_TOSERVER};
use crate::detect::uint::{
detect_match_uint, detect_parse_uint_enum, DetectUintData, SCDetectU32Free, SCDetectU32Parse,
};
b"rfb.name\0".as_ptr() as *const libc::c_char,
b"rfb name\0".as_ptr() as *const libc::c_char,
ALPROTO_RFB,
- true, //toclient
- false,
+ STREAM_TOCLIENT,
rfb_name_get,
);
let kw = SCSigTableAppLiteElmt {
G_RFB_SEC_TYPE_BUFFER_ID = DetectHelperBufferRegister(
b"rfb.sectype\0".as_ptr() as *const libc::c_char,
ALPROTO_RFB,
- false, // only to server
- true,
+ STREAM_TOSERVER,
);
let kw = SCSigTableAppLiteElmt {
name: b"rfb.secresult\0".as_ptr() as *const libc::c_char,
G_RFB_SEC_RESULT_BUFFER_ID = DetectHelperBufferRegister(
b"rfb.secresult\0".as_ptr() as *const libc::c_char,
ALPROTO_RFB,
- true, // only to client
- false,
+ STREAM_TOCLIENT,
);
}
b"sdp.session_name\0".as_ptr() as *const libc::c_char,
b"sdp.session_name\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
sdp_session_name_get,
);
let kw = SigTableElmtStickyBuffer {
b"sdp.session_info\0".as_ptr() as *const libc::c_char,
b"sdp.session_info\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
sdp_session_info_get,
);
let kw = SigTableElmtStickyBuffer {
b"sdp.origin\0".as_ptr() as *const libc::c_char,
b"sdp.origin\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
sdp_origin_get,
);
let kw = SigTableElmtStickyBuffer {
b"sdp.uri\0".as_ptr() as *const libc::c_char,
b"sdp.uri\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
sdp_uri_get,
);
let kw = SigTableElmtStickyBuffer {
b"sdp.email\0".as_ptr() as *const libc::c_char,
b"sdp.email\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
sdp_email_get,
);
let kw = SigTableElmtStickyBuffer {
b"sdp.phone_number\0".as_ptr() as *const libc::c_char,
b"sdp.phone_number\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
sdp_phone_number_get,
);
let kw = SigTableElmtStickyBuffer {
b"sdp.connection_data\0".as_ptr() as *const libc::c_char,
b"sdp.connection_data\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
sdp_conn_data_get,
);
let kw = SigTableElmtStickyBuffer {
b"sdp.timezone\0".as_ptr() as *const libc::c_char,
b"sdp.timezone\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
sdp_timezone_get,
);
let kw = SigTableElmtStickyBuffer {
b"sdp.encryption_key\0".as_ptr() as *const libc::c_char,
b"sdp.encription_key\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
sdp_encryption_key_get,
);
let kw = SigTableElmtStickyBuffer {
b"sip.protocol\0".as_ptr() as *const libc::c_char,
b"sip.protocol\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
sip_protocol_get,
);
let kw = SigTableElmtStickyBuffer {
b"sip.stat_code\0".as_ptr() as *const libc::c_char,
b"sip.stat_code\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
- true,
- false,
+ STREAM_TOCLIENT,
sip_stat_code_get,
);
let kw = SigTableElmtStickyBuffer {
b"sip.stat_msg\0".as_ptr() as *const libc::c_char,
b"sip.stat_msg\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
- true,
- false,
+ STREAM_TOCLIENT,
sip_stat_msg_get,
);
let kw = SigTableElmtStickyBuffer {
b"sip.request_line\0".as_ptr() as *const libc::c_char,
b"sip.request_line\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
- false,
- true,
+ STREAM_TOSERVER,
sip_request_line_get,
);
let kw = SigTableElmtStickyBuffer {
b"sip.response_line\0".as_ptr() as *const libc::c_char,
b"sip.response_line\0".as_ptr() as *const libc::c_char,
ALPROTO_SIP,
- true,
- false,
+ STREAM_TOCLIENT,
sip_response_line_get,
);
let kw = SigTableElmtStickyBuffer {
// written by Pierre Chifflier <chifflier@wzdftpd.net>
use super::snmp::{SNMPTransaction, ALPROTO_SNMP};
+use crate::core::{STREAM_TOCLIENT, STREAM_TOSERVER};
use crate::detect::uint::{DetectUintData, SCDetectU32Free, SCDetectU32Match, SCDetectU32Parse};
use crate::detect::{
helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister,
G_SNMP_VERSION_BUFFER_ID = DetectHelperBufferRegister(
b"snmp.version\0".as_ptr() as *const libc::c_char,
ALPROTO_SNMP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
);
let kw = SCSigTableAppLiteElmt {
G_SNMP_PDUTYPE_BUFFER_ID = DetectHelperBufferRegister(
b"snmp.pdu_type\0".as_ptr() as *const libc::c_char,
ALPROTO_SNMP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
);
let kw = SigTableElmtStickyBuffer {
b"snmp.usm\0".as_ptr() as *const libc::c_char,
b"SNMP USM\0".as_ptr() as *const libc::c_char,
ALPROTO_SNMP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
snmp_detect_usm_get_data,
);
b"snmp.community\0".as_ptr() as *const libc::c_char,
b"SNMP Community identifier\0".as_ptr() as *const libc::c_char,
ALPROTO_SNMP,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
snmp_detect_community_get_data,
);
}
*/
use super::websocket::{WebSocketTransaction, ALPROTO_WEBSOCKET};
+use crate::core::{STREAM_TOCLIENT, STREAM_TOSERVER};
use crate::detect::uint::{
detect_parse_uint, detect_parse_uint_enum, DetectUintData, DetectUintMode, SCDetectU32Free,
SCDetectU32Match, SCDetectU32Parse, SCDetectU8Free, SCDetectU8Match,
G_WEBSOCKET_OPCODE_BUFFER_ID = DetectHelperBufferRegister(
b"websocket.opcode\0".as_ptr() as *const libc::c_char,
ALPROTO_WEBSOCKET,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
);
let kw = SCSigTableAppLiteElmt {
name: b"websocket.mask\0".as_ptr() as *const libc::c_char,
G_WEBSOCKET_MASK_BUFFER_ID = DetectHelperBufferRegister(
b"websocket.mask\0".as_ptr() as *const libc::c_char,
ALPROTO_WEBSOCKET,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
);
let kw = SCSigTableAppLiteElmt {
name: b"websocket.flags\0".as_ptr() as *const libc::c_char,
G_WEBSOCKET_FLAGS_BUFFER_ID = DetectHelperBufferRegister(
b"websocket.flags\0".as_ptr() as *const libc::c_char,
ALPROTO_WEBSOCKET,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
);
let kw = SigTableElmtStickyBuffer {
name: String::from("websocket.payload"),
b"websocket.payload\0".as_ptr() as *const libc::c_char,
b"WebSocket payload\0".as_ptr() as *const libc::c_char,
ALPROTO_WEBSOCKET,
- true,
- true,
+ STREAM_TOSERVER | STREAM_TOCLIENT,
websocket_detect_payload_get_data,
);
}
kw.Setup = DetectMimeEmailFromSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
DetectHelperKeywordRegister(&kw);
- g_mime_email_from_buffer_id =
- DetectHelperBufferMpmRegister("email.from", "MIME EMAIL FROM", ALPROTO_SMTP, false,
- true, // to server
- GetMimeEmailFromData);
+ g_mime_email_from_buffer_id = DetectHelperBufferMpmRegister(
+ "email.from", "MIME EMAIL FROM", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailFromData);
kw.name = "email.subject";
kw.desc = "'Subject' field from an email";
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
DetectHelperKeywordRegister(&kw);
g_mime_email_subject_buffer_id = DetectHelperBufferMpmRegister("email.subject",
- "MIME EMAIL SUBJECT", ALPROTO_SMTP, false,
- true, // to server
- GetMimeEmailSubjectData);
+ "MIME EMAIL SUBJECT", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailSubjectData);
kw.name = "email.to";
kw.desc = "'To' field from an email";
kw.Setup = DetectMimeEmailToSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
DetectHelperKeywordRegister(&kw);
- g_mime_email_to_buffer_id =
- DetectHelperBufferMpmRegister("email.to", "MIME EMAIL TO", ALPROTO_SMTP, false,
- true, // to server
- GetMimeEmailToData);
+ g_mime_email_to_buffer_id = DetectHelperBufferMpmRegister(
+ "email.to", "MIME EMAIL TO", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailToData);
kw.name = "email.cc";
kw.desc = "'Cc' field from an email";
kw.Setup = DetectMimeEmailCcSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
DetectHelperKeywordRegister(&kw);
- g_mime_email_cc_buffer_id =
- DetectHelperBufferMpmRegister("email.cc", "MIME EMAIL CC", ALPROTO_SMTP, false,
- true, // to server
- GetMimeEmailCcData);
+ g_mime_email_cc_buffer_id = DetectHelperBufferMpmRegister(
+ "email.cc", "MIME EMAIL CC", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailCcData);
kw.name = "email.date";
kw.desc = "'Date' field from an email";
kw.Setup = DetectMimeEmailDateSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
DetectHelperKeywordRegister(&kw);
- g_mime_email_date_buffer_id =
- DetectHelperBufferMpmRegister("email.date", "MIME EMAIL DATE", ALPROTO_SMTP, false,
- true, // to server
- GetMimeEmailDateData);
+ g_mime_email_date_buffer_id = DetectHelperBufferMpmRegister(
+ "email.date", "MIME EMAIL DATE", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailDateData);
kw.name = "email.message_id";
kw.desc = "'Message-Id' field from an email";
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
DetectHelperKeywordRegister(&kw);
g_mime_email_message_id_buffer_id = DetectHelperBufferMpmRegister("email.message_id",
- "MIME EMAIL Message-Id", ALPROTO_SMTP, false,
- true, // to server
- GetMimeEmailMessageIdData);
+ "MIME EMAIL Message-Id", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailMessageIdData);
kw.name = "email.x_mailer";
kw.desc = "'X-Mailer' field from an email";
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
DetectHelperKeywordRegister(&kw);
g_mime_email_x_mailer_buffer_id = DetectHelperBufferMpmRegister("email.x_mailer",
- "MIME EMAIL X-Mailer", ALPROTO_SMTP, false,
- true, // to server
- GetMimeEmailXMailerData);
+ "MIME EMAIL X-Mailer", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailXMailerData);
kw.name = "email.url";
kw.desc = "'Url' extracted from an email";
#include "detect-parse.h"
#include "detect-engine-content-inspection.h"
-int DetectHelperBufferRegister(const char *name, AppProto alproto, bool toclient, bool toserver)
+int DetectHelperBufferRegister(const char *name, AppProto alproto, uint8_t direction)
{
- if (toserver) {
+ if (direction & STREAM_TOSERVER) {
DetectAppLayerInspectEngineRegister(
name, alproto, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL);
}
- if (toclient) {
+ if (direction & STREAM_TOCLIENT) {
DetectAppLayerInspectEngineRegister(
name, alproto, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL);
}
}
int DetectHelperBufferMpmRegister(const char *name, const char *desc, AppProto alproto,
- bool toclient, bool toserver, InspectionBufferGetDataPtr GetData)
+ uint8_t direction, InspectionBufferGetDataPtr GetData)
{
- if (toserver) {
+ if (direction & STREAM_TOSERVER) {
DetectAppLayerInspectEngineRegister(
name, alproto, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData);
DetectAppLayerMpmRegister(
name, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, alproto, 0);
}
- if (toclient) {
+ if (direction & STREAM_TOCLIENT) {
DetectAppLayerInspectEngineRegister(
name, alproto, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetData);
DetectAppLayerMpmRegister(
int DetectHelperKeywordRegister(const SCSigTableAppLiteElmt *kw);
void DetectHelperKeywordAliasRegister(int kwid, const char *alias);
-int DetectHelperBufferRegister(const char *name, AppProto alproto, bool toclient, bool toserver);
+int DetectHelperBufferRegister(const char *name, AppProto alproto, uint8_t direction);
typedef bool (*SimpleGetTxBuffer)(void *, uint8_t, const uint8_t **, uint32_t *);
const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv,
const int list_id, SimpleGetTxBuffer GetBuf);
int DetectHelperBufferMpmRegister(const char *name, const char *desc, AppProto alproto,
- bool toclient, bool toserver, InspectionBufferGetDataPtr GetData);
+ uint8_t direction, InspectionBufferGetDataPtr GetData);
int DetectHelperMultiBufferMpmRegister(const char *name, const char *desc, AppProto alproto,
uint8_t direction, InspectionMultiBufferGetDataPtr GetData);
int DetectHelperMultiBufferProgressMpmRegister(const char *name, const char *desc, AppProto alproto,
sigmatch_table[DETECT_FTP_COMMAND_DATA].flags |= SIGMATCH_NOOPT;
DetectHelperBufferMpmRegister(
- BUFFER_NAME, BUFFER_NAME, ALPROTO_FTP, false, true, GetDataWrapper);
+ BUFFER_NAME, BUFFER_NAME, ALPROTO_FTP, STREAM_TOSERVER, GetDataWrapper);
DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC);
kw.Setup = DetectSmtpHeloSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
DetectHelperKeywordRegister(&kw);
- g_smtp_helo_buffer_id =
- DetectHelperBufferMpmRegister("smtp.helo", "SMTP helo", ALPROTO_SMTP, false,
- true, // to server
- GetSmtpHeloData);
+ g_smtp_helo_buffer_id = DetectHelperBufferMpmRegister(
+ "smtp.helo", "SMTP helo", ALPROTO_SMTP, STREAM_TOSERVER, GetSmtpHeloData);
kw.name = "smtp.mail_from";
kw.desc = "SMTP mail from buffer";
kw.Setup = DetectSmtpMailFromSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
DetectHelperKeywordRegister(&kw);
- g_smtp_mail_from_buffer_id =
- DetectHelperBufferMpmRegister("smtp.mail_from", "SMTP MAIL FROM", ALPROTO_SMTP, false,
- true, // to server
- GetSmtpMailFromData);
+ g_smtp_mail_from_buffer_id = DetectHelperBufferMpmRegister(
+ "smtp.mail_from", "SMTP MAIL FROM", ALPROTO_SMTP, STREAM_TOSERVER, GetSmtpMailFromData);
kw.name = "smtp.rcpt_to";
kw.desc = "SMTP rcpt to buffer";
projects / thirdparty / suricata.git / commitdiff
