From: Victor Julien Date: Fri, 9 Oct 2015 08:12:11 +0000 (+0200) Subject: detect: add list id to string funcs X-Git-Tag: suricata-3.1RC1~349 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=810d2d3ec692053d860009271a9cb2d3827c7fc0;p=thirdparty%2Fsuricata.git detect: add list id to string funcs --- diff --git a/src/detect.c b/src/detect.c index 7682f28aa5..0d7fb84b11 100644 --- a/src/detect.c +++ b/src/detect.c @@ -2808,6 +2808,85 @@ static void SigParseApplyDsizeToContent(Signature *s) } } +const char *DetectListToHumanString(int list) +{ +#define CASE_CODE_STRING(E, S) case E: return S; break + switch (list) { + CASE_CODE_STRING(DETECT_SM_LIST_MATCH, "packet"); + CASE_CODE_STRING(DETECT_SM_LIST_PMATCH, "payload"); + CASE_CODE_STRING(DETECT_SM_LIST_UMATCH, "http_uri"); + CASE_CODE_STRING(DETECT_SM_LIST_HRUDMATCH, "http_raw_uri"); + CASE_CODE_STRING(DETECT_SM_LIST_HCBDMATCH, "http_client_body"); + CASE_CODE_STRING(DETECT_SM_LIST_FILEDATA, "file_data"); + CASE_CODE_STRING(DETECT_SM_LIST_HHDMATCH, "http_header"); + CASE_CODE_STRING(DETECT_SM_LIST_HRHDMATCH, "http_raw_header"); + CASE_CODE_STRING(DETECT_SM_LIST_HSMDMATCH, "http_stat_msg"); + CASE_CODE_STRING(DETECT_SM_LIST_HSCDMATCH, "http_stat_code"); + CASE_CODE_STRING(DETECT_SM_LIST_HHHDMATCH, "http_host"); + CASE_CODE_STRING(DETECT_SM_LIST_HRHHDMATCH, "http_raw_host"); + CASE_CODE_STRING(DETECT_SM_LIST_HMDMATCH, "http_method"); + CASE_CODE_STRING(DETECT_SM_LIST_HCDMATCH, "http_cookie"); + CASE_CODE_STRING(DETECT_SM_LIST_HUADMATCH, "http_user_agent"); + CASE_CODE_STRING(DETECT_SM_LIST_HRLMATCH, "http_request_line"); + CASE_CODE_STRING(DETECT_SM_LIST_APP_EVENT, "app-layer-event"); + CASE_CODE_STRING(DETECT_SM_LIST_AMATCH, "app-layer"); + CASE_CODE_STRING(DETECT_SM_LIST_DMATCH, "dcerpc"); + CASE_CODE_STRING(DETECT_SM_LIST_TMATCH, "tag"); + CASE_CODE_STRING(DETECT_SM_LIST_FILEMATCH, "file"); + CASE_CODE_STRING(DETECT_SM_LIST_DNSREQUEST_MATCH, "dns_request"); + CASE_CODE_STRING(DETECT_SM_LIST_DNSRESPONSE_MATCH, "dns_response"); + CASE_CODE_STRING(DETECT_SM_LIST_DNSQUERYNAME_MATCH, "dns_query"); + CASE_CODE_STRING(DETECT_SM_LIST_MODBUS_MATCH, "modbus"); + CASE_CODE_STRING(DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH, "template"); + CASE_CODE_STRING(DETECT_SM_LIST_POSTMATCH, "postmatch"); + CASE_CODE_STRING(DETECT_SM_LIST_SUPPRESS, "suppress"); + CASE_CODE_STRING(DETECT_SM_LIST_THRESHOLD, "threshold"); + CASE_CODE_STRING(DETECT_SM_LIST_MAX, "max (internal)"); + CASE_CODE_STRING(DETECT_SM_LIST_NOTSET, "not set (internal)"); + } +#undef CASE_CODE_STRING + return "unknown"; +} + +#define CASE_CODE(E) case E: return #E +const char *DetectListToString(int list) +{ + switch (list) { + CASE_CODE(DETECT_SM_LIST_MATCH); + CASE_CODE(DETECT_SM_LIST_PMATCH); + CASE_CODE(DETECT_SM_LIST_UMATCH); + CASE_CODE(DETECT_SM_LIST_HRUDMATCH); + CASE_CODE(DETECT_SM_LIST_HCBDMATCH); + CASE_CODE(DETECT_SM_LIST_FILEDATA); + CASE_CODE(DETECT_SM_LIST_HHDMATCH); + CASE_CODE(DETECT_SM_LIST_HRHDMATCH); + CASE_CODE(DETECT_SM_LIST_HSMDMATCH); + CASE_CODE(DETECT_SM_LIST_HSCDMATCH); + CASE_CODE(DETECT_SM_LIST_HHHDMATCH); + CASE_CODE(DETECT_SM_LIST_HRHHDMATCH); + CASE_CODE(DETECT_SM_LIST_HMDMATCH); + CASE_CODE(DETECT_SM_LIST_HCDMATCH); + CASE_CODE(DETECT_SM_LIST_HUADMATCH); + CASE_CODE(DETECT_SM_LIST_HRLMATCH); + CASE_CODE(DETECT_SM_LIST_APP_EVENT); + CASE_CODE(DETECT_SM_LIST_AMATCH); + CASE_CODE(DETECT_SM_LIST_DMATCH); + CASE_CODE(DETECT_SM_LIST_TMATCH); + CASE_CODE(DETECT_SM_LIST_FILEMATCH); + CASE_CODE(DETECT_SM_LIST_DNSREQUEST_MATCH); + CASE_CODE(DETECT_SM_LIST_DNSRESPONSE_MATCH); + CASE_CODE(DETECT_SM_LIST_DNSQUERYNAME_MATCH); + CASE_CODE(DETECT_SM_LIST_MODBUS_MATCH); + CASE_CODE(DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH); + CASE_CODE(DETECT_SM_LIST_POSTMATCH); + CASE_CODE(DETECT_SM_LIST_SUPPRESS); + CASE_CODE(DETECT_SM_LIST_THRESHOLD); + CASE_CODE(DETECT_SM_LIST_MAX); + CASE_CODE(DETECT_SM_LIST_NOTSET); + } + return "unknown"; +} + /** \brief Pure-PCRE or bytetest rule */ int RuleInspectsPayloadHasNoMpm(const Signature *s) {