static const char decode_pattern[] = "\\s*(bytes\\s+(\\d+),?)?"
"\\s*(offset\\s+(\\d+),?)?"
"\\s*(\\w+)?";
-static pcre *decode_pcre = NULL;
-static pcre_extra *decode_pcre_study = NULL;
+
+static DetectParseRegex decode_pcre;
static int DetectBase64DecodeSetup(DetectEngineCtx *, Signature *, const char *);
static void DetectBase64DecodeFree(void *);
sigmatch_table[DETECT_BASE64_DECODE].flags |= SIGMATCH_OPTIONAL_OPT;
- DetectSetupParseRegexes(decode_pattern, &decode_pcre, &decode_pcre_study);
+ DetectSetupParseRegexes(decode_pattern, &decode_pcre);
}
int DetectBase64DecodeDoMatch(DetectEngineThreadCtx *det_ctx, const Signature *s,
*offset = 0;
*relative = 0;
- pcre_rc = pcre_exec(decode_pcre, decode_pcre_study, str, strlen(str), 0, 0,
- ov, max);
+ pcre_rc = DetectParsePcreExec(&decode_pcre, str, 0, 0, ov, max);
if (pcre_rc < 3) {
goto error;
}
"(?:(?:,\\s*([^\\s,]+)\\s*)|(?:,\\s*([^\\s,]+)\\s+([^\\s,]+)\\s*))?" \
"$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
static int DetectByteExtractSetup(DetectEngineCtx *, Signature *, const char *);
static void DetectByteExtractRegisterTests(void);
sigmatch_table[DETECT_BYTE_EXTRACT].Free = DetectByteExtractFree;
sigmatch_table[DETECT_BYTE_EXTRACT].RegisterTests = DetectByteExtractRegisterTests;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
int DetectByteExtractDoMatch(DetectEngineThreadCtx *det_ctx, const SigMatchData *smd,
static inline DetectByteExtractData *DetectByteExtractParse(const char *arg)
{
DetectByteExtractData *bed = NULL;
+#undef MAX_SUBSTRINGS
#define MAX_SUBSTRINGS 100
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
int i = 0;
- ret = pcre_exec(parse_regex, parse_regex_study, arg,
- strlen(arg), 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, arg, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 3 || ret > 19) {
SCLogError(SC_ERR_PCRE_PARSE, "parse error, ret %" PRId32
", string \"%s\"", ret, arg);
"(?:\\s*,\\s*((?:multiplier|post_offset)\\s+[^\\s,]+|[^\\s,]+))?" \
"\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
static int DetectBytejumpMatch(DetectEngineThreadCtx *det_ctx,
Packet *p, const Signature *s, const SigMatchCtx *ctx);
sigmatch_table[DETECT_BYTEJUMP].Free = DetectBytejumpFree;
sigmatch_table[DETECT_BYTEJUMP].RegisterTests = DetectBytejumpRegisterTests;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
/** \brief Byte jump match function
{
DetectBytejumpData *data = NULL;
char args[10][64];
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
int numargs = 0;
memset(args, 0x00, sizeof(args));
/* Execute the regex and populate args with captures. */
- ret = pcre_exec(parse_regex, parse_regex_study, optstr,
- strlen(optstr), 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 2 || ret > 10) {
SCLogError(SC_ERR_PCRE_PARSE,"parse error, ret %" PRId32
", string \"%s\"", ret, optstr);
"(?:\\s*,\\s*([^\\s,]+))?" \
"\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
static int DetectBytetestMatch(DetectEngineThreadCtx *det_ctx,
Packet *p, const Signature *s, const SigMatchCtx *ctx);
sigmatch_table[DETECT_BYTETEST].Free = DetectBytetestFree;
sigmatch_table[DETECT_BYTETEST].RegisterTests = DetectBytetestRegisterTests;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
/** \brief Bytetest detection code
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL
};
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
int i;
const char *str_ptr = NULL;
/* Execute the regex and populate args with captures. */
- ret = pcre_exec(parse_regex, parse_regex_study, optstr,
- strlen(optstr), 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 6 || ret > 10) {
SCLogError(SC_ERR_PCRE_PARSE, "parse error, ret %" PRId32
", string %s", ret, optstr);
#define PARSE_REGEX "^\\s*([a-zA-Z][a-zA-Z0-9-_]*)\\s*$"
-static pcre *regex = NULL;
-static pcre_extra *regex_study = NULL;
+static DetectParseRegex parse_regex;
static int DetectClasstypeSetup(DetectEngineCtx *, Signature *, const char *);
static void DetectClasstypeRegisterTests(void);
sigmatch_table[DETECT_CLASSTYPE].Setup = DetectClasstypeSetup;
sigmatch_table[DETECT_CLASSTYPE].RegisterTests = DetectClasstypeRegisterTests;
- DetectSetupParseRegexes(PARSE_REGEX, ®ex, ®ex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
/**
*/
static int DetectClasstypeParseRawString(const char *rawstr, char *out, size_t outsize)
{
-#define MAX_SUBSTRINGS 30
int ov[MAX_SUBSTRINGS];
- size_t len = strlen(rawstr);
const size_t esize = CLASSTYPE_NAME_MAX_LEN + 8;
char e[esize];
- int ret = pcre_exec(regex, regex_study, rawstr, len, 0, 0, ov, 30);
+ int ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 0) {
SCLogError(SC_ERR_PCRE_MATCH, "Invalid Classtype in Signature");
return -1;
#include "util-print.h"
#define PARSE_REGEX "([a-z]+)(?:,\\s*([\\-_A-z0-9\\s\\.]+)){1,4}"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
int DetectDatarepMatch (ThreadVars *, DetectEngineThreadCtx *, Packet *,
const Signature *, const SigMatchCtx *);
sigmatch_table[DETECT_DATAREP].Setup = DetectDatarepSetup;
sigmatch_table[DETECT_DATAREP].Free = DetectDatarepFree;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
/*
#include "util-print.h"
#define PARSE_REGEX "([a-z]+)(?:,\\s*([\\-_A-z0-9\\s\\.]+)){1,4}"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
int DetectDatasetMatch (ThreadVars *, DetectEngineThreadCtx *, Packet *,
const Signature *, const SigMatchCtx *);
sigmatch_table[DETECT_DATASET].Setup = DetectDatasetSetup;
sigmatch_table[DETECT_DATASET].Free = DetectDatasetFree;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
/*
#define PARSE_REGEX "^\\s*([0-9a-zA-Z]{8}-[0-9a-zA-Z]{4}-[0-9a-zA-Z]{4}-[0-9a-zA-Z]{4}-[0-9a-zA-Z]{12})(?:\\s*,\\s*(<|>|=|!)([0-9]{1,5}))?(?:\\s*,\\s*(any_frag))?\\s*$"
-static pcre *parse_regex = NULL;
-static pcre_extra *parse_regex_study = NULL;
+static DetectParseRegex parse_regex;
static int DetectDceIfaceMatchRust(DetectEngineThreadCtx *det_ctx,
Flow *f, uint8_t flags, void *state, void *txv,
sigmatch_table[DETECT_DCE_IFACE].Free = DetectDceIfaceFree;
sigmatch_table[DETECT_DCE_IFACE].RegisterTests = DetectDceIfaceRegisterTests;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
g_dce_generic_list_id = DetectBufferTypeRegister("dce_generic");
static DetectDceIfaceData *DetectDceIfaceArgParse(const char *arg)
{
DetectDceIfaceData *did = NULL;
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
uint8_t hex_value;
char temp_str[3] = "";
int version;
- ret = pcre_exec(parse_regex, parse_regex_study, arg, strlen(arg), 0, 0, ov,
- MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, arg, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 2) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, arg);
goto error;
#define PARSE_REGEX "^\\s*([0-9]{1,5}(\\s*-\\s*[0-9]{1,5}\\s*)?)(,\\s*[0-9]{1,5}(\\s*-\\s*[0-9]{1,5})?\\s*)*$"
-static pcre *parse_regex = NULL;
-static pcre_extra *parse_regex_study = NULL;
+static DetectParseRegex parse_regex;
static int DetectDceOpnumMatchRust(DetectEngineThreadCtx *det_ctx,
Flow *f, uint8_t flags, void *state, void *txv,
sigmatch_table[DETECT_DCE_OPNUM].Free = DetectDceOpnumFree;
sigmatch_table[DETECT_DCE_OPNUM].RegisterTests = DetectDceOpnumRegisterTests;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
g_dce_generic_list_id = DetectBufferTypeRegister("dce_generic");
}
DetectDceOpnumRange *dor = NULL;
DetectDceOpnumRange *prev_dor = NULL;
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
const char *pcre_sub_str = NULL;
goto error;
}
- ret = pcre_exec(parse_regex, parse_regex_study, arg, strlen(arg), 0, 0, ov,
- MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, arg, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 2) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, arg);
goto error;
*/
#define PARSE_REGEX "^\\s*(track|count|seconds)\\s+(by_src|by_dst|\\d+)\\s*,\\s*(track|count|seconds)\\s+(by_src|by_dst|\\d+)\\s*,\\s*(track|count|seconds)\\s+(by_src|by_dst|\\d+)\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
static int DetectDetectionFilterMatch(DetectEngineThreadCtx *,
Packet *, const Signature *, const SigMatchCtx *);
/* this is compatible to ip-only signatures */
sigmatch_table[DETECT_DETECTION_FILTER].flags |= SIGMATCH_IPONLY_COMPAT;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
static int DetectDetectionFilterMatch (DetectEngineThreadCtx *det_ctx,
static DetectThresholdData *DetectDetectionFilterParse (const char *rawstr)
{
DetectThresholdData *df = NULL;
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
const char *str_ptr = NULL;
if (count_found != 1 || seconds_found != 1 || track_found != 1)
goto error;
- ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 5) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
goto error;
* dsize:[<>]<0-65535>[<><0-65535>];
*/
#define PARSE_REGEX "^\\s*(<|>)?\\s*([0-9]{1,5})\\s*(?:(<>)\\s*([0-9]{1,5}))?\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
static int DetectDsizeMatch (DetectEngineThreadCtx *, Packet *,
const Signature *, const SigMatchCtx *);
sigmatch_table[DETECT_DSIZE].SupportsPrefilter = PrefilterDsizeIsPrefilterable;
sigmatch_table[DETECT_DSIZE].SetupPrefilter = PrefilterSetupDsize;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
static inline int
static DetectDsizeData *DetectDsizeParse (const char *rawstr)
{
DetectDsizeData *dd = NULL;
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
char mode[2] = "";
char value2[6] = "";
char range[3] = "";
- ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 3 || ret > 5) {
SCLogError(SC_ERR_PCRE_MATCH,"Parse error %s", rawstr);
goto error;
#define PARSE_REGEX "\\S[0-9A-z_]+[.][A-z0-9_+.]+$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
static int DetectEngineEventMatch (DetectEngineThreadCtx *,
Packet *, const Signature *, const SigMatchCtx *);
sigmatch_table[DETECT_STREAM_EVENT].Setup = DetectStreamEventSetup;
sigmatch_table[DETECT_STREAM_EVENT].Free = DetectEngineEventFree;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
/**
{
int i;
DetectEngineEventData *de = NULL;
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0, found = 0;
int ov[MAX_SUBSTRINGS];
- ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32
", string %s", ret, rawstr);
*/
#define PARSE_REGEX "^\\s*([0-9]*)?\\s*([<>=-]+)?\\s*([0-9]+)?\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex uint_pcre;
int DetectU32Match(const uint32_t parg, const DetectU32Data *du32)
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
- ret = pcre_exec(parse_regex, parse_regex_study, u32str, strlen(u32str), 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&uint_pcre, u32str, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 2 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret);
return NULL;
{
if (g_detect_u32_registered == false) {
// register only once
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &uint_pcre);
g_detect_u32_registered = true;
}
}
#define PARSE_REGEX "^(\\s*only\\s*)|\\s*([0-9]+)\\s*,\\s*([0-9]+)\\s*$"
-static pcre *parse_regex = NULL;
-static pcre_extra *parse_regex_study = NULL;
+static DetectParseRegex parse_regex;
static int DetectFastPatternSetup(DetectEngineCtx *, Signature *, const char *);
void DetectFastPatternRegisterTests(void);
sigmatch_table[DETECT_FAST_PATTERN].flags |= SIGMATCH_NOOPT;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
//static int DetectFastPatternParseArg(
*/
static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
{
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
char arg_substr[128] = "";
}
/* Execute the regex and populate args with captures. */
- ret = pcre_exec(parse_regex, parse_regex_study, arg,
- strlen(arg), 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, arg, 0, 0, ov, MAX_SUBSTRINGS);
/* fast pattern only */
if (ret == 2) {
if ((cd->flags & DETECT_CONTENT_NEGATED) ||
*/
#define PARSE_REGEX "^(?:\\s*)(<|>)?(?:\\s*)([0-9]{1,23}[a-zA-Z]{0,2})(?:\\s*)(?:(<>)(?:\\s*)([0-9]{1,23}[a-zA-Z]{0,2}))?\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
/*prototypes*/
static int DetectFilesizeMatch (DetectEngineThreadCtx *det_ctx, Flow *f,
sigmatch_table[DETECT_FILESIZE].Free = DetectFilesizeFree;
sigmatch_table[DETECT_FILESIZE].RegisterTests = DetectFilesizeRegisterTests;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
g_file_match_list_id = DetectBufferTypeRegister("files");
}
char *arg2 = NULL;
char *arg3 = NULL;
char *arg4 = NULL;
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
- ret = pcre_exec(parse_regex, parse_regex_study, str, strlen(str),
- 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 3 || ret > 5) {
SCLogError(SC_ERR_PCRE_PARSE, "filesize option pcre parse error: \"%s\"", str);
goto error;
*/
#define PARSE_REGEX "^\\s*([A-z_]+)\\s*(?:,\\s*([A-z_]+))?\\s*(?:,\\s*([A-z_]+))?\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
static int DetectFilestoreMatch (DetectEngineThreadCtx *,
Flow *, uint8_t, File *, const Signature *, const SigMatchCtx *);
sigmatch_table[DETECT_FILESTORE_POSTMATCH].Match = DetectFilestorePostMatch;
sigmatch_table[DETECT_FILESTORE_POSTMATCH].Free = DetectFilestoreFree;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
g_file_match_list_id = DetectBufferTypeRegister("files");
}
DetectFilestoreData *fd = NULL;
SigMatch *sm = NULL;
char *args[3] = {NULL,NULL,NULL};
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
char str_2[32];
SCLogDebug("str %s", str);
- ret = pcre_exec(parse_regex, parse_regex_study, str, strlen(str), 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 ", string %s", ret, str);
goto error;
*/
#define PARSE_REGEX "^\\s*([A-z_]+)\\s*(?:,\\s*([A-z_]+))?\\s*(?:,\\s*([A-z_]+))?\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
int DetectFlowMatch (DetectEngineThreadCtx *, Packet *,
const Signature *, const SigMatchCtx *);
sigmatch_table[DETECT_FLOW].SupportsPrefilter = PrefilterFlowIsPrefilterable;
sigmatch_table[DETECT_FLOW].SetupPrefilter = PrefilterSetupFlow;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
/**
{
DetectFlowData *fd = NULL;
char *args[3] = {NULL,NULL,NULL};
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
char str1[16] = "", str2[16] = "", str3[16] = "";
- ret = pcre_exec(parse_regex, parse_regex_study, flowstr, strlen(flowstr), 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, flowstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 ", string %s", ret, flowstr);
goto error;
#include "util-debug.h"
#define PARSE_REGEX "^([a-z]+)(?:,\\s*(.*))?"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
int DetectFlowbitMatch (DetectEngineThreadCtx *, Packet *,
const Signature *, const SigMatchCtx *);
/* this is compatible to ip-only signatures */
sigmatch_table[DETECT_FLOWBITS].flags |= SIGMATCH_IPONLY_COMPAT;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
int count, rc;
int ov[max_substrings];
- count = pcre_exec(parse_regex, parse_regex_study, str, strlen(str), 0, 0,
- ov, max_substrings);
+ count = DetectParsePcreExec(&parse_regex, str, 0, 0, ov, max_substrings);
if (count != 2 && count != 3) {
SCLogError(SC_ERR_PCRE_MATCH,
"\"%s\" is not a valid setting for flowbits.", str);
#define PARSE_REGEX "^\\s*([a-zA-Z][\\w\\d_./]+)\\s*,\\s*([+=-]{1}|==|!=|<|<=|>|>=|isset|notset)\\s*,?\\s*([a-zA-Z][\\w\\d]+|[\\d]{1,10})?\\s*$"
/* Varnames must begin with a letter */
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
int DetectFlowintMatch(DetectEngineThreadCtx *, Packet *,
const Signature *, const SigMatchCtx *);
sigmatch_table[DETECT_FLOWINT].Free = DetectFlowintFree;
sigmatch_table[DETECT_FLOWINT].RegisterTests = DetectFlowintRegisterTests;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
/**
char *varname = NULL;
char *varval = NULL;
char *modstr = NULL;
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
uint8_t modifier = FLOWINT_MODIFIER_UNKNOWN;
unsigned long long value_long = 0;
const char *str_ptr;
- ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr),
- 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 3 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for flowint(ret = %d).", rawstr, ret);
return NULL;
#include "util-print.h"
#define PARSE_REGEX "(.*),(.*)"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
int DetectFlowvarMatch (DetectEngineThreadCtx *, Packet *,
const Signature *, const SigMatchCtx *);
sigmatch_table[DETECT_FLOWVAR_POSTMATCH].Free = DetectFlowvarDataFree;
sigmatch_table[DETECT_FLOWVAR_POSTMATCH].RegisterTests = NULL;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
/**
uint16_t contentlen = 0;
uint32_t contentflags = s->init_data->negated ? DETECT_CONTENT_NEGATED : 0;
- ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret != 3) {
SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for flowvar.", rawstr);
return -1;
#define FRAGBITS_HAVE_DF 0x02
#define FRAGBITS_HAVE_RF 0x04
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
static int DetectFragBitsMatch (DetectEngineThreadCtx *, Packet *,
const Signature *, const SigMatchCtx *);
sigmatch_table[DETECT_FRAGBITS].SetupPrefilter = PrefilterSetupFragBits;
sigmatch_table[DETECT_FRAGBITS].SupportsPrefilter = PrefilterFragBitsIsPrefilterable;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
static inline int
static DetectFragBitsData *DetectFragBitsParse (const char *rawstr)
{
DetectFragBitsData *de = NULL;
-#define MAX_SUBSTRINGS 30
int ret = 0, found = 0, res = 0;
int ov[MAX_SUBSTRINGS];
const char *str_ptr = NULL;
char *ptr;
int i;
- ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
goto error;
#define PARSE_REGEX "^\\s*(?:(<|>))?\\s*([0-9]+)"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
static int DetectFragOffsetMatch(DetectEngineThreadCtx *,
Packet *, const Signature *, const SigMatchCtx *);
sigmatch_table[DETECT_FRAGOFFSET].SupportsPrefilter = PrefilterFragOffsetIsPrefilterable;
sigmatch_table[DETECT_FRAGOFFSET].SetupPrefilter = PrefilterSetupFragOffset;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
static inline int FragOffsetMatch(const uint16_t poffset, const uint8_t mode,
{
DetectFragOffsetData *fragoff = NULL;
char *substr[3] = {NULL, NULL, NULL};
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
int i;
const char *str_ptr;
char *mode = NULL;
- ret = pcre_exec(parse_regex, parse_regex_study, fragoffsetstr, strlen(fragoffsetstr), 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, fragoffsetstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH,"Parse error %s", fragoffsetstr);
goto error;
* \brief Regex for parsing our keyword options
*/
#define PARSE_REGEX "^\\s*(stor|retr)\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
/* Prototypes of functions registered in DetectFtpdataRegister below */
static int DetectFtpdataMatch(DetectEngineThreadCtx *,
g_ftpdata_buffer_id = DetectBufferTypeGetByName("ftpdata_command");
/* set up the PCRE for keyword parsing */
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
static int DetectEngineInspectFtpdataGeneric(ThreadVars *tv,
{
DetectFtpdataData *ftpcommandd = NULL;
char arg1[5] = "";
-#define MAX_SUBSTRINGS 30
int ov[MAX_SUBSTRINGS];
- int ret = pcre_exec(parse_regex, parse_regex_study,
- ftpcommandstr, strlen(ftpcommandstr),
- 0, 0, ov, MAX_SUBSTRINGS);
+ int ret = DetectParsePcreExec(&parse_regex, ftpcommandstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret != 2) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret);
goto error;
"(?:\\s*,\\s*([^\\s,]+))?(?:\\s*)?" /* Name. */ \
"(?:\\s*,\\s*([^,\\s]+))?(?:\\s*)?" /* Direction. */ \
"(.+)?" /* Any remainding data. */
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
static int DetectHostbitMatch (DetectEngineThreadCtx *, Packet *,
const Signature *, const SigMatchCtx *);
/* this is compatible to ip-only signatures */
sigmatch_table[DETECT_HOSTBITS].flags |= SIGMATCH_IPONLY_COMPAT;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
static int DetectHostbitMatchToggle (Packet *p, const DetectXbitsData *fd)
int count, rc;
int ov[max_substrings];
- count = pcre_exec(parse_regex, parse_regex_study, str, strlen(str), 0, 0,
- ov, max_substrings);
+ count = DetectParsePcreExec(&parse_regex, str, 0, 0, ov, max_substrings);
if (count != 2 && count != 3 && count != 4) {
SCLogError(SC_ERR_PCRE_MATCH,
"\"%s\" is not a valid setting for hostbits.", str);
#define PARSE_REGEX "^\\s*(\"\\s*)?([0-9]+)(\\s*\")?\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
static int DetectIcmpIdMatch(DetectEngineThreadCtx *, Packet *,
const Signature *, const SigMatchCtx *);
sigmatch_table[DETECT_ICMP_ID].SupportsPrefilter = PrefilterIcmpIdIsPrefilterable;
sigmatch_table[DETECT_ICMP_ID].SetupPrefilter = PrefilterSetupIcmpId;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
static inline bool GetIcmpId(Packet *p, uint16_t *id)
{
DetectIcmpIdData *iid = NULL;
char *substr[3] = {NULL, NULL, NULL};
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
- ret = pcre_exec(parse_regex, parse_regex_study, icmpidstr, strlen(icmpidstr), 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, icmpidstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "Parse error %s", icmpidstr);
goto error;
#define PARSE_REGEX "^\\s*(\"\\s*)?([0-9]+)(\\s*\")?\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
static int DetectIcmpSeqMatch(DetectEngineThreadCtx *, Packet *,
const Signature *, const SigMatchCtx *);
sigmatch_table[DETECT_ICMP_SEQ].SupportsPrefilter = PrefilterIcmpSeqIsPrefilterable;
sigmatch_table[DETECT_ICMP_SEQ].SetupPrefilter = PrefilterSetupIcmpSeq;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
static inline bool GetIcmpSeq(Packet *p, uint16_t *seq)
{
DetectIcmpSeqData *iseq = NULL;
char *substr[3] = {NULL, NULL, NULL};
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
int i;
const char *str_ptr;
- ret = pcre_exec(parse_regex, parse_regex_study, icmpseqstr, strlen(icmpseqstr), 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, icmpseqstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH,"Parse error %s", icmpseqstr);
goto error;
*/
#define PARSE_REGEX "^\\s*(<|>)?\\s*([0-9]+)\\s*(?:<>\\s*([0-9]+))?\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
static int DetectICodeMatch(DetectEngineThreadCtx *, Packet *,
const Signature *, const SigMatchCtx *);
sigmatch_table[DETECT_ICODE].SupportsPrefilter = PrefilterICodeIsPrefilterable;
sigmatch_table[DETECT_ICODE].SetupPrefilter = PrefilterSetupICode;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
#define DETECT_ICODE_EQ PREFILTER_U8HASH_MODE_EQ /**< "equal" operator */
{
DetectICodeData *icd = NULL;
char *args[3] = {NULL, NULL, NULL};
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
- ret = pcre_exec(parse_regex, parse_regex_study, icodestr, strlen(icodestr), 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, icodestr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, icodestr);
goto error;
*/
#define PARSE_REGEX "^\\s*([0-9]{1,5}|\"[0-9]{1,5}\")\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
static int DetectIdMatch (DetectEngineThreadCtx *, Packet *,
const Signature *, const SigMatchCtx *);
sigmatch_table[DETECT_ID].SupportsPrefilter = PrefilterIdIsPrefilterable;
sigmatch_table[DETECT_ID].SetupPrefilter = PrefilterSetupId;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
/**
{
uint32_t temp;
DetectIdData *id_d = NULL;
- #define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
- ret = pcre_exec(parse_regex, parse_regex_study, idstr, strlen(idstr), 0, 0,
- ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, idstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1 || ret > 3) {
SCLogError(SC_ERR_INVALID_VALUE, "invalid id option '%s'. The id option "
#define PARSE_REGEX "\\S[A-z]"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
static int DetectIpOptsMatch (DetectEngineThreadCtx *, Packet *,
const Signature *, const SigMatchCtx *);
sigmatch_table[DETECT_IPOPTS].Free = DetectIpOptsFree;
sigmatch_table[DETECT_IPOPTS].RegisterTests = IpOptsRegisterTests;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
/**
{
int i;
DetectIpOptsData *de = NULL;
-#define MAX_SUBSTRINGS 30
int ret = 0, found = 0;
int ov[MAX_SUBSTRINGS];
- ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
goto error;
*/
#define PARSE_REGEX "^([!<>]?)\\s*([^\\s]+)$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
static int DetectIPProtoSetup(DetectEngineCtx *, Signature *, const char *);
static void DetectIPProtoRegisterTests(void);
sigmatch_table[DETECT_IPPROTO].RegisterTests = DetectIPProtoRegisterTests;
sigmatch_table[DETECT_IPPROTO].flags = SIGMATCH_QUOTES_OPTIONAL;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
/**
{
DetectIPProtoData *data = NULL;
char *args[2] = { NULL, NULL };
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
int i;
const char *str_ptr;
/* Execute the regex and populate args with captures. */
- ret = pcre_exec(parse_regex, parse_regex_study, optstr,
- strlen(optstr), 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, optstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret != 3) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret"
"%" PRId32 ", string %s", ret, optstr);
#include "host.h"
#define PARSE_REGEX "\\s*(any|src|dst|both)\\s*,\\s*([A-Za-z0-9\\-\\_]+)\\s*,\\s*(\\<|\\>|\\=)\\s*,\\s*([0-9]+)\\s*"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
static int DetectIPRepMatch (DetectEngineThreadCtx *, Packet *,
const Signature *, const SigMatchCtx *);
/* this is compatible to ip-only signatures */
sigmatch_table[DETECT_IPREP].flags |= SIGMATCH_IPONLY_COMPAT;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
static uint8_t GetHostRepSrc(Packet *p, uint8_t cat, uint32_t version)
SigMatch *sm = NULL;
char *cmd_str = NULL, *name = NULL, *op_str = NULL, *value = NULL;
uint8_t cmd = 0;
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
- ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret != 5) {
SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for iprep", rawstr);
return -1;
*/
#define PARSE_REGEX "^\\s*!?([^\\s,]+)\\s*(,\\s*relative)?\\s*(,\\s*rawbytes\\s*)?\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
int DetectIsdataatSetup (DetectEngineCtx *, Signature *, const char *);
void DetectIsdataatRegisterTests(void);
sigmatch_table[DETECT_ENDS_WITH].Setup = DetectEndsWithSetup;
sigmatch_table[DETECT_ENDS_WITH].flags = SIGMATCH_NOOPT;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
/**
{
DetectIsdataatData *idad = NULL;
char *args[3] = {NULL,NULL,NULL};
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
int i=0;
- ret = pcre_exec(parse_regex, parse_regex_study, isdataatstr, strlen(isdataatstr), 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, isdataatstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, isdataatstr);
goto error;
*/
#define PARSE_REGEX "^\\s*(<|>)?\\s*([0-9]+)\\s*(?:<>\\s*([0-9]+))?\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
static int DetectITypeMatch(DetectEngineThreadCtx *, Packet *,
const Signature *, const SigMatchCtx *);
sigmatch_table[DETECT_ITYPE].SupportsPrefilter = PrefilterITypeIsPrefilterable;
sigmatch_table[DETECT_ITYPE].SetupPrefilter = PrefilterSetupIType;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
#define DETECT_ITYPE_EQ PREFILTER_U8HASH_MODE_EQ /**< "equal" operator */
{
DetectITypeData *itd = NULL;
char *args[3] = {NULL, NULL, NULL};
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
- ret = pcre_exec(parse_regex, parse_regex_study, itypestr, strlen(itypestr), 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, itypestr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, itypestr);
goto error;
* \brief Regex for parsing our keyword options
*/
#define PARSE_REGEX "^\\s*([A-z0-9\\.]+|\"[A-z0-9_\\.]+\")\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
/* Prototypes of functions registered in DetectKrb5ErrCodeRegister below */
static int DetectKrb5ErrCodeMatch (DetectEngineThreadCtx *, Flow *,
DetectEngineInspectKRB5Generic);
/* set up the PCRE for keyword parsing */
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
g_krb5_err_code_list_id = DetectBufferTypeRegister("krb5_err_code");
SCLogDebug("g_krb5_err_code_list_id %d", g_krb5_err_code_list_id);
{
DetectKrb5ErrCodeData *krb5d = NULL;
char arg1[4] = "";
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
- ret = pcre_exec(parse_regex, parse_regex_study,
- krb5str, strlen(krb5str),
- 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, krb5str, 0, 0, ov, MAX_SUBSTRINGS);
if (ret != 2) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret);
goto error;
* \brief Regex for parsing our keyword options
*/
#define PARSE_REGEX "^\\s*([A-z0-9\\.]+|\"[A-z0-9_\\.]+\")\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
/* Prototypes of functions registered in DetectKrb5MsgTypeRegister below */
static int DetectKrb5MsgTypeMatch (DetectEngineThreadCtx *, Flow *,
DetectEngineInspectKRB5Generic);
/* set up the PCRE for keyword parsing */
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
g_krb5_msg_type_list_id = DetectBufferTypeRegister("krb5_msg_type");
SCLogDebug("g_krb5_msg_type_list_id %d", g_krb5_msg_type_list_id);
{
DetectKrb5MsgTypeData *krb5d = NULL;
char arg1[4] = "";
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
- ret = pcre_exec(parse_regex, parse_regex_study,
- krb5str, strlen(krb5str),
- 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, krb5str, 0, 0, ov, MAX_SUBSTRINGS);
if (ret != 2) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret);
goto error;
#define PARSE_REGEX "([0x]*[0-9a-f]+)/([0x]*[0-9a-f]+)"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
static int DetectMarkSetup (DetectEngineCtx *, Signature *, const char *);
static int DetectMarkPacket(DetectEngineThreadCtx *det_ctx, Packet *p,
sigmatch_table[DETECT_MARK].Free = DetectMarkDataFree;
sigmatch_table[DETECT_MARK].RegisterTests = MarkRegisterTests;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
#ifdef NFQ
static void * DetectMarkParse (const char *rawstr)
{
int ret = 0, res = 0;
-#define MAX_SUBSTRINGS 30
int ov[MAX_SUBSTRINGS];
const char *str_ptr = NULL;
char *ptr = NULL;
uint32_t mask;
DetectMarkData *data;
- ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
return NULL;
* \brief Regex for parsing the Modbus unit id string
*/
#define PARSE_REGEX_UNIT_ID "^\\s*\"?\\s*unit\\s+([<>]?\\d+)(<>\\d+)?(,\\s*(.*))?\\s*\"?\\s*$"
-static pcre *unit_id_parse_regex;
-static pcre_extra *unit_id_parse_regex_study;
+static DetectParseRegex unit_id_parse_regex;
/**
* \brief Regex for parsing the Modbus function string
*/
#define PARSE_REGEX_FUNCTION "^\\s*\"?\\s*function\\s*(!?[A-z0-9]+)(,\\s*subfunction\\s+(\\d+))?\\s*\"?\\s*$"
-static pcre *function_parse_regex;
-static pcre_extra *function_parse_regex_study;
+static DetectParseRegex function_parse_regex;
/**
* \brief Regex for parsing the Modbus access string
*/
#define PARSE_REGEX_ACCESS "^\\s*\"?\\s*access\\s*(read|write)\\s*(discretes|coils|input|holding)?(,\\s*address\\s+([<>]?\\d+)(<>\\d+)?(,\\s*value\\s+([<>]?\\d+)(<>\\d+)?)?)?\\s*\"?\\s*$"
-static pcre *access_parse_regex;
-static pcre_extra *access_parse_regex_study;
+static DetectParseRegex access_parse_regex;
static int g_modbus_buffer_id = 0;
-#define MAX_SUBSTRINGS 30
void DetectModbusRegisterTests(void);
char arg[MAX_SUBSTRINGS];
int ov[MAX_SUBSTRINGS], ret, res;
- ret = pcre_exec(access_parse_regex, access_parse_regex_study, str, strlen(str), 0, 0, ov, MAX_SUBSTRINGS);
-
+ ret = DetectParsePcreExec(&access_parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1)
goto error;
char arg[MAX_SUBSTRINGS], *ptr = arg;
int ov[MAX_SUBSTRINGS], res, ret;
- ret = pcre_exec(function_parse_regex, function_parse_regex_study, str, strlen(str), 0, 0, ov, MAX_SUBSTRINGS);
-
+ ret = DetectParsePcreExec(&function_parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1)
goto error;
char arg[MAX_SUBSTRINGS];
int ov[MAX_SUBSTRINGS], ret, res;
- ret = pcre_exec(unit_id_parse_regex, unit_id_parse_regex_study, str, strlen(str), 0, 0, ov, MAX_SUBSTRINGS);
-
+ ret = DetectParsePcreExec(&unit_id_parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1)
goto error;
sigmatch_table[DETECT_AL_MODBUS].Free = DetectModbusFree;
sigmatch_table[DETECT_AL_MODBUS].RegisterTests = DetectModbusRegisterTests;
- DetectSetupParseRegexes(PARSE_REGEX_UNIT_ID,
- &unit_id_parse_regex, &unit_id_parse_regex_study);
- DetectSetupParseRegexes(PARSE_REGEX_FUNCTION,
- &function_parse_regex, &function_parse_regex_study);
- DetectSetupParseRegexes(PARSE_REGEX_ACCESS,
- &access_parse_regex, &access_parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX_UNIT_ID, &unit_id_parse_regex);
+ DetectSetupParseRegexes(PARSE_REGEX_FUNCTION, &function_parse_regex);
+ DetectSetupParseRegexes(PARSE_REGEX_ACCESS, &access_parse_regex);
DetectAppLayerInspectEngineRegister("modbus",
ALPROTO_MODBUS, SIG_FLAG_TOSERVER, 0,
* [nfs_procedure]:[<|>]<proc>[<><proc>];
*/
#define PARSE_REGEX "^\\s*(<=|>=|<|>)?\\s*([0-9]+)\\s*(?:(<>)\\s*([0-9]+))?\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
enum DetectNfsProcedureMode {
PROCEDURE_EQ = 1, /* equal */
sigmatch_table[DETECT_AL_NFS_PROCEDURE].RegisterTests = DetectNfsProcedureRegisterTests;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
DetectAppLayerInspectEngineRegister("nfs_request",
ALPROTO_NFS, SIG_FLAG_TOSERVER, 0,
static DetectNfsProcedureData *DetectNfsProcedureParse (const char *rawstr)
{
DetectNfsProcedureData *dd = NULL;
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
char mode[2] = "";
char value2[20] = "";
char range[3] = "";
- ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0,
- 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 3 || ret > 5) {
SCLogError(SC_ERR_PCRE_MATCH, "Parse error %s", rawstr);
goto error;
* [nfs_procedure]:[<|>]<proc>[<><proc>];
*/
#define PARSE_REGEX "^\\s*(<=|>=|<|>)?\\s*([0-9]+)\\s*(?:(<>)\\s*([0-9]+))?\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
enum DetectNfsVersionMode {
PROCEDURE_EQ = 1, /* equal */
sigmatch_table[DETECT_AL_NFS_VERSION].Free = DetectNfsVersionFree;
sigmatch_table[DETECT_AL_NFS_VERSION].RegisterTests = DetectNfsVersionRegisterTests;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
DetectAppLayerInspectEngineRegister("nfs_request",
ALPROTO_NFS, SIG_FLAG_TOSERVER, 0,
static DetectNfsVersionData *DetectNfsVersionParse (const char *rawstr)
{
DetectNfsVersionData *dd = NULL;
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
char mode[2] = "";
char value2[20] = "";
char range[3] = "";
- ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0,
- 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 3 || ret > 5) {
SCLogError(SC_ERR_PCRE_MATCH, "Parse error %s", rawstr);
goto error;
#ifndef __DETECT_PCRE_H__
#define __DETECT_PCRE_H__
+#include "detect-parse.h"
+
#define DETECT_PCRE_RELATIVE 0x00001
#define DETECT_PCRE_RAWBYTES 0x00002
#define DETECT_PCRE_CASELESS 0x00004
typedef struct DetectPcreData_ {
/* pcre options */
- pcre *re;
- pcre_extra *sd;
+ DetectParseRegex parse_regex;
int opts;
uint16_t flags;
uint8_t idx;
#include "util-debug.h"
#define PARSE_REGEX "(.*),(.*)"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
static int DetectPktvarMatch (DetectEngineThreadCtx *, Packet *,
const Signature *, const SigMatchCtx *);
sigmatch_table[DETECT_PKTVAR].Free = NULL;
sigmatch_table[DETECT_PKTVAR].RegisterTests = NULL;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
/*
static int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
{
char *varname = NULL, *varcontent = NULL;
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
uint8_t *content = NULL;
uint16_t len = 0;
- ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret != 3) {
SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for pktvar.", rawstr);
return -1;
#define PARSE_REGEX "^\\s*(\\d+|\"\\d+\")\\s*$"
-static pcre *regex = NULL;
-static pcre_extra *regex_study = NULL;
+static DetectParseRegex parse_regex;
static int DetectPrioritySetup (DetectEngineCtx *, Signature *, const char *);
void SCPriorityRegisterTests(void);
sigmatch_table[DETECT_PRIORITY].Setup = DetectPrioritySetup;
sigmatch_table[DETECT_PRIORITY].RegisterTests = SCPriorityRegisterTests;
- DetectSetupParseRegexes(PARSE_REGEX, ®ex, ®ex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
static int DetectPrioritySetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
{
char copy_str[128] = "";
-#define MAX_SUBSTRINGS 30
int ret = 0;
int ov[MAX_SUBSTRINGS];
- ret = pcre_exec(regex, regex_study, rawstr, strlen(rawstr), 0, 0, ov, 30);
+ ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, 30);
if (ret < 0) {
SCLogError(SC_ERR_PCRE_MATCH, "Invalid Priority in Signature "
"- %s", rawstr);
#define PARSE_REGEX "^\\s*([A-Za-z0-9]+)\\s*,\"?\\s*\"?\\s*([a-zA-Z0-9\\-_\\.\\/\\?\\=]+)\"?\\s*\"?"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
#ifdef UNITTESTS
static void ReferenceRegisterTests(void);
#ifdef UNITTESTS
sigmatch_table[DETECT_REFERENCE].RegisterTests = ReferenceRegisterTests;
#endif
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
/**
{
SCEnter();
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
char key[REFERENCE_SYSTEM_NAME_MAX] = "";
char content[REFERENCE_CONTENT_NAME_MAX] = "";
- ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr),
- 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 2) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Unable to parse \"reference\" "
"keyword argument - \"%s\". Invalid argument.", rawstr);
*/
#define PARSE_REGEX "^\\s*([0-9]{0,10})\\s*(?:,\\s*([0-9]{0,10}|[*])\\s*(?:,\\s*([0-9]{0,10}|[*]))?)?\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
static int DetectRpcMatch (DetectEngineThreadCtx *, Packet *,
const Signature *, const SigMatchCtx *);
sigmatch_table[DETECT_RPC].Free = DetectRpcFree;
sigmatch_table[DETECT_RPC].RegisterTests = DetectRpcRegisterTests;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
/*
{
DetectRpcData *rd = NULL;
char *args[3] = {NULL,NULL,NULL};
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
- ret = pcre_exec(parse_regex, parse_regex_study, rpcstr, strlen(rpcstr), 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, rpcstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 ", string %s", ret, rpcstr);
goto error;
* [snmp.pdu_type]:<type>;
*/
#define PARSE_REGEX "^\\s*([0-9]+)\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
typedef struct DetectSNMPPduTypeData_ {
uint32_t pdu_type;
sigmatch_table[DETECT_AL_SNMP_PDU_TYPE].RegisterTests = DetectSNMPPduTypeRegisterTests;
#endif
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
DetectAppLayerInspectEngineRegister("snmp.pdu_type",
ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0,
static DetectSNMPPduTypeData *DetectSNMPPduTypeParse (const char *rawstr)
{
DetectSNMPPduTypeData *dd = NULL;
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
char value1[20] = "";
char *endptr = NULL;
- ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0,
- 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret != 2) {
SCLogError(SC_ERR_PCRE_MATCH, "Parse error %s", rawstr);
goto error;
* [snmp.version]:[<|>|<=|>=]<version>;
*/
#define PARSE_REGEX "^\\s*(<=|>=|<|>)?\\s*([0-9]+)\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
enum DetectSNMPVersionMode {
PROCEDURE_EQ = 1, /* equal */
sigmatch_table[DETECT_AL_SNMP_VERSION].RegisterTests = DetectSNMPVersionRegisterTests;
#endif
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
DetectAppLayerInspectEngineRegister("snmp.version",
ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0,
static DetectSNMPVersionData *DetectSNMPVersionParse (const char *rawstr)
{
DetectSNMPVersionData *dd = NULL;
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
char mode[2] = "";
char value1[20] = "";
char *endptr = NULL;
- ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0,
- 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 3 || ret > 5) {
SCLogError(SC_ERR_PCRE_MATCH, "Parse error %s", rawstr);
goto error;
*/
#define PARSE_REGEX "^\\s*\"?\\s*([0-9]+([\\.\\-0-9]+)?|2_compat)\\s*\"?\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
static int DetectSshVersionMatch (DetectEngineThreadCtx *,
Flow *, uint8_t, void *, void *,
sigmatch_table[DETECT_AL_SSH_PROTOVERSION].flags = SIGMATCH_QUOTES_OPTIONAL|SIGMATCH_INFO_DEPRECATED;
sigmatch_table[DETECT_AL_SSH_PROTOVERSION].alternative = DETECT_AL_SSH_PROTOCOL;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
g_ssh_banner_list_id = DetectBufferTypeRegister("ssh_banner");
}
static DetectSshVersionData *DetectSshVersionParse (const char *str)
{
DetectSshVersionData *ssh = NULL;
- #define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
- ret = pcre_exec(parse_regex, parse_regex_study, str, strlen(str), 0, 0,
- ov, MAX_SUBSTRINGS);
-
+ ret = DetectParsePcreExec(&parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1 || ret > 3) {
SCLogError(SC_ERR_PCRE_MATCH, "invalid ssh.protoversion option");
goto error;
*/
#define PARSE_REGEX "^\\s*\"?\\s*?([0-9a-zA-Z\\:\\.\\-\\_\\+\\s+]+)\\s*\"?\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
static int DetectSshSoftwareVersionMatch (DetectEngineThreadCtx *,
Flow *, uint8_t, void *, void *,
sigmatch_table[DETECT_AL_SSH_SOFTWAREVERSION].flags = SIGMATCH_QUOTES_OPTIONAL|SIGMATCH_INFO_DEPRECATED;
sigmatch_table[DETECT_AL_SSH_SOFTWAREVERSION].alternative = DETECT_AL_SSH_SOFTWARE;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
g_ssh_banner_list_id = DetectBufferTypeRegister("ssh_banner");
static DetectSshSoftwareVersionData *DetectSshSoftwareVersionParse (const char *str)
{
DetectSshSoftwareVersionData *ssh = NULL;
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
- ret = pcre_exec(parse_regex, parse_regex_study, str, strlen(str), 0, 0,
- ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1 || ret > 3) {
SCLogError(SC_ERR_PCRE_MATCH, "invalid ssh.softwareversion option");
#include "app-layer-ssl.h"
#define PARSE_REGEX1 "^(!?)([_a-zA-Z0-9]+)(.*)$"
-static pcre *parse_regex1;
-static pcre_extra *parse_regex1_study;
+static DetectParseRegex parse_regex1;
#define PARSE_REGEX2 "^(?:\\s*[|,]\\s*(!?)([_a-zA-Z0-9]+))(.*)$"
-static pcre *parse_regex2;
-static pcre_extra *parse_regex2_study;
+static DetectParseRegex parse_regex2;
static int DetectSslStateMatch(DetectEngineThreadCtx *,
Flow *, uint8_t, void *, void *,
#ifdef UNITTESTS
sigmatch_table[DETECT_AL_SSL_STATE].RegisterTests = DetectSslStateRegisterTests;
#endif
- DetectSetupParseRegexes(PARSE_REGEX1, &parse_regex1, &parse_regex1_study);
- DetectSetupParseRegexes(PARSE_REGEX2, &parse_regex2, &parse_regex2_study);
+ DetectSetupParseRegexes(PARSE_REGEX1, &parse_regex1);
+ DetectSetupParseRegexes(PARSE_REGEX2, &parse_regex2);
g_tls_generic_list_id = DetectBufferTypeRegister("tls_generic");
*/
static DetectSslStateData *DetectSslStateParse(const char *arg)
{
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov1[MAX_SUBSTRINGS];
int ov2[MAX_SUBSTRINGS];
uint32_t flags = 0, mask = 0;
DetectSslStateData *ssd = NULL;
- ret = pcre_exec(parse_regex1, parse_regex1_study, arg, strlen(arg), 0, 0,
- ov1, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex1, arg, 0, 0, ov1, MAX_SUBSTRINGS);
if (ret < 1) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid arg \"%s\" supplied to "
"ssl_state keyword.", arg);
goto error;
}
while (res > 0) {
- ret = pcre_exec(parse_regex2, parse_regex2_study, str1, strlen(str1), 0, 0,
- ov2, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex2, str1, 0, 0, ov2, MAX_SUBSTRINGS);
if (ret < 1) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid arg \"%s\" supplied to "
"ssl_state keyword.", arg);
#define PARSE_REGEX "^\\s*(!?[A-z0-9.]+)\\s*,?\\s*(!?[A-z0-9.]+)?\\s*\\,?\\s*" \
"(!?[A-z0-9.]+)?\\s*,?\\s*(!?[A-z0-9.]+)?\\s*,?\\s*(!?[A-z0-9.]+)?\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
static int DetectSslVersionMatch(DetectEngineThreadCtx *,
Flow *, uint8_t, void *, void *,
#ifdef UNITTESTS
sigmatch_table[DETECT_AL_SSL_VERSION].RegisterTests = DetectSslVersionRegisterTests;
#endif
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
g_tls_generic_list_id = DetectBufferTypeRegister("tls_generic");
}
static DetectSslVersionData *DetectSslVersionParse(const char *str)
{
DetectSslVersionData *ssl = NULL;
- #define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
- ret = pcre_exec(parse_regex, parse_regex_study, str, strlen(str), 0, 0,
- ov, MAX_SUBSTRINGS);
-
+ ret = DetectParsePcreExec(&parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1 || ret > 5) {
SCLogError(SC_ERR_PCRE_MATCH, "invalid ssl_version option");
goto error;
*/
#define PARSE_REGEX "^\\s*([A-z_]+)\\s*,\\s*([<=>!]+)\\s*,\\s*([0-9]+)\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
/*prototypes*/
static int DetectStreamSizeMatch (DetectEngineThreadCtx *, Packet *,
sigmatch_table[DETECT_STREAM_SIZE].Free = DetectStreamSizeFree;
sigmatch_table[DETECT_STREAM_SIZE].RegisterTests = DetectStreamSizeRegisterTests;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
/**
char *arg = NULL;
char *value = NULL;
char *mode = NULL;
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
- ret = pcre_exec(parse_regex, parse_regex_study, streamstr, strlen(streamstr), 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, streamstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret != 4) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, streamstr);
goto error;
/* format: tag: <type>, <count>, <metric>, [direction]; */
#define PARSE_REGEX "^\\s*(host|session)\\s*(,\\s*(\\d+)\\s*,\\s*(packets|bytes|seconds)\\s*(,\\s*(src|dst))?\\s*)?$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
static int DetectTagMatch(DetectEngineThreadCtx *, Packet *,
const Signature *, const SigMatchCtx *);
sigmatch_table[DETECT_TAG].RegisterTests = DetectTagRegisterTests;
sigmatch_table[DETECT_TAG].flags |= SIGMATCH_IPONLY_COMPAT;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
/**
static DetectTagData *DetectTagParse(const char *tagstr)
{
DetectTagData td;
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
const char *str_ptr = NULL;
- ret = pcre_exec(parse_regex, parse_regex_study, tagstr, strlen(tagstr), 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, tagstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 ", string %s", ret, tagstr);
goto error;
*/
#define PARSE_REGEX "^\\s*(src_ip|dest_ip)\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
/* Prototypes of functions registered in DetectTargetRegister below */
static int DetectTargetSetup (DetectEngineCtx *, Signature *, const char *);
sigmatch_table[DETECT_TARGET].RegisterTests = DetectTargetRegisterTests;
/* set up the PCRE for keyword parsing */
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
/**
*/
static int DetectTargetParse(Signature *s, const char *targetstr)
{
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
char value[10];
- ret = pcre_exec(parse_regex, parse_regex_study,
- targetstr, strlen(targetstr), 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, targetstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, targetstr);
return -1;
#define MODIFIER_PLUS 2
#define MODIFIER_ANY 3
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
static int DetectFlagsMatch (DetectEngineThreadCtx *, Packet *,
const Signature *, const SigMatchCtx *);
sigmatch_table[DETECT_FLAGS].SupportsPrefilter = PrefilterTcpFlagsIsPrefilterable;
sigmatch_table[DETECT_FLAGS].SetupPrefilter = PrefilterSetupTcpFlags;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
static inline int FlagsMatch(const uint8_t pflags, const uint8_t modifier,
{
SCEnter();
-#define MAX_SUBSTRINGS 30
int ret = 0, found = 0, ignore = 0, res = 0;
int ov[MAX_SUBSTRINGS];
char *ptr;
char arg2[16] = "";
char arg3[16] = "";
- ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr),
- 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
SCLogDebug("input '%s', pcre said %d", rawstr, ret);
if (ret < 3) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre match failed");
*/
#define PARSE_REGEX "^\\s*([!])?\\s*([0-9]{1,9}+)\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
static int DetectWindowMatch(DetectEngineThreadCtx *, Packet *,
const Signature *, const SigMatchCtx *);
sigmatch_table[DETECT_WINDOW].Free = DetectWindowFree;
sigmatch_table[DETECT_WINDOW].RegisterTests = DetectWindowRegisterTests;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
/**
static DetectWindowData *DetectWindowParse(const char *windowstr)
{
DetectWindowData *wd = NULL;
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
- ret = pcre_exec(parse_regex, parse_regex_study, windowstr, strlen(windowstr), 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, windowstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1 || ret > 3) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, windowstr);
goto error;
*/
#define PARSE_REGEX "^\\s*([0-9]*)?\\s*([<>=-]+)?\\s*([0-9]+)?\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
/* prototypes */
static int DetectTcpmssMatch (DetectEngineThreadCtx *, Packet *,
sigmatch_table[DETECT_TCPMSS].SupportsPrefilter = PrefilterTcpmssIsPrefilterable;
sigmatch_table[DETECT_TCPMSS].SetupPrefilter = PrefilterSetupTcpmss;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
return;
}
char *arg1 = NULL;
char *arg2 = NULL;
char *arg3 = NULL;
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
- ret = pcre_exec(parse_regex, parse_regex_study, tcpmssstr, strlen(tcpmssstr), 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, tcpmssstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 2 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret);
goto error;
* \brief Regex for parsing our keyword options
*/
#define PARSE_REGEX "^\\s*([0-9]+)?\\s*,s*([0-9]+)?\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
/* Prototypes of functions registered in DetectTemplateRegister below */
static int DetectTemplateMatch (DetectEngineThreadCtx *,
sigmatch_table[DETECT_TEMPLATE].RegisterTests = DetectTemplateRegisterTests;
#endif
/* set up the PCRE for keyword parsing */
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
/**
{
char arg1[4] = "";
char arg2[4] = "";
-#define MAX_SUBSTRINGS 30
int ov[MAX_SUBSTRINGS];
- int ret = pcre_exec(parse_regex, parse_regex_study,
- templatestr, strlen(templatestr),
- 0, 0, ov, MAX_SUBSTRINGS);
+ int ret = DetectParsePcreExec(&parse_regex, templatestr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret != 3) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret);
return NULL;
*/
#define PARSE_REGEX "^\\s*([0-9]*)?\\s*([<>=-]+)?\\s*([0-9]+)?\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
/* prototypes */
static int DetectTemplate2Match (DetectEngineThreadCtx *, Packet *,
sigmatch_table[DETECT_TEMPLATE2].SupportsPrefilter = PrefilterTemplate2IsPrefilterable;
sigmatch_table[DETECT_TEMPLATE2].SetupPrefilter = PrefilterSetupTemplate2;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
return;
}
char *arg1 = NULL;
char *arg2 = NULL;
char *arg3 = NULL;
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
- ret = pcre_exec(parse_regex, parse_regex_study, template2str, strlen(template2str), 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, template2str, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 2 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret);
goto error;
#define PARSE_REGEX "^\\s*(track|type|count|seconds)\\s+(limit|both|threshold|by_dst|by_src|\\d+)\\s*,\\s*(track|type|count|seconds)\\s+(limit|both|threshold|by_dst|by_src|\\d+)\\s*,\\s*(track|type|count|seconds)\\s+(limit|both|threshold|by_dst|by_src|\\d+)\\s*,\\s*(track|type|count|seconds)\\s+(limit|both|threshold|by_dst|by_src|\\d+)\\s*"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
static int DetectThresholdMatch(DetectEngineThreadCtx *, Packet *,
const Signature *, const SigMatchCtx *);
/* this is compatible to ip-only signatures */
sigmatch_table[DETECT_THRESHOLD].flags |= SIGMATCH_IPONLY_COMPAT;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
static int DetectThresholdMatch(DetectEngineThreadCtx *det_ctx, Packet *p,
static DetectThresholdData *DetectThresholdParse(const char *rawstr)
{
DetectThresholdData *de = NULL;
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
const char *str_ptr = NULL;
if(count_found != 1 || second_found != 1 || type_found != 1 || track_found != 1)
goto error;
- ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS);
-
+ ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 5) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr);
goto error;
* [tls_notbefore|tls_notafter]:[<|>]<date string>[<><date string>];
*/
#define PARSE_REGEX "^\\s*(<|>)?\\s*([ -:TW0-9]+)\\s*(?:(<>)\\s*([ -:TW0-9]+))?\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
static int DetectTlsValidityMatch (DetectEngineThreadCtx *, Flow *,
uint8_t, void *, void *, const Signature *,
sigmatch_table[DETECT_AL_TLS_VALID].RegisterTests = TlsValidRegisterTests;
#endif
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
DetectAppLayerInspectEngineRegister("tls_validity",
ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY,
static DetectTlsValidityData *DetectTlsValidityParse (const char *rawstr)
{
DetectTlsValidityData *dd = NULL;
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
char mode[2] = "";
char value2[20] = "";
char range[3] = "";
- ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0,
- 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 3 || ret > 5) {
SCLogError(SC_ERR_PCRE_MATCH, "Parse error %s", rawstr);
goto error;
*/
#define PARSE_REGEX "^\\s*([A-z0-9\\.]+|\"[A-z0-9\\.]+\")\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
static int DetectTlsVersionMatch (DetectEngineThreadCtx *,
Flow *, uint8_t, void *, void *,
sigmatch_table[DETECT_AL_TLS_VERSION].RegisterTests = DetectTlsVersionRegisterTests;
#endif
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
g_tls_generic_list_id = DetectBufferTypeRegister("tls_generic");
}
{
uint16_t temp;
DetectTlsVersionData *tls = NULL;
- #define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
- ret = pcre_exec(parse_regex, parse_regex_study, str, strlen(str), 0, 0,
- ov, MAX_SUBSTRINGS);
-
+ ret = DetectParsePcreExec(&parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1 || ret > 3) {
SCLogError(SC_ERR_PCRE_MATCH, "invalid tls.version option");
goto error;
#define PARSE_REGEX "^([A-z0-9\\s\\-\\.=,\\*@]+|\"[A-z0-9\\s\\-\\.=,\\*@]+\")\\s*$"
#define PARSE_REGEX_FINGERPRINT "^([A-z0-9\\:\\*]+|\"[A-z0-9\\:\\* ]+\")\\s*$"
-static pcre *subject_parse_regex;
-static pcre_extra *subject_parse_regex_study;
-static pcre *issuerdn_parse_regex;
-static pcre_extra *issuerdn_parse_regex_study;
-static pcre *fingerprint_parse_regex;
-static pcre_extra *fingerprint_parse_regex_study;
+static DetectParseRegex subject_parse_regex;
+static DetectParseRegex issuerdn_parse_regex;
+static DetectParseRegex fingerprint_parse_regex;
static int DetectTlsSubjectMatch (DetectEngineThreadCtx *,
Flow *, uint8_t, void *, void *,
sigmatch_table[DETECT_AL_TLS_STORE].RegisterTests = NULL;
sigmatch_table[DETECT_AL_TLS_STORE].flags |= SIGMATCH_NOOPT;
- DetectSetupParseRegexes(PARSE_REGEX,
- &subject_parse_regex, &subject_parse_regex_study);
- DetectSetupParseRegexes(PARSE_REGEX,
- &issuerdn_parse_regex, &issuerdn_parse_regex_study);
- DetectSetupParseRegexes(PARSE_REGEX_FINGERPRINT,
- &fingerprint_parse_regex, &fingerprint_parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &subject_parse_regex);
+ DetectSetupParseRegexes(PARSE_REGEX, &issuerdn_parse_regex);
+ DetectSetupParseRegexes(PARSE_REGEX_FINGERPRINT, &fingerprint_parse_regex);
g_tls_cert_list_id = DetectBufferTypeRegister("tls_cert");
static DetectTlsData *DetectTlsSubjectParse (const char *str, bool negate)
{
DetectTlsData *tls = NULL;
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
const char *str_ptr;
char *tmp_str;
uint32_t flag = 0;
- ret = pcre_exec(subject_parse_regex, subject_parse_regex_study, str, strlen(str), 0, 0,
- ov, MAX_SUBSTRINGS);
-
+ ret = DetectParsePcreExec(&subject_parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS);
if (ret != 2) {
SCLogError(SC_ERR_PCRE_MATCH, "invalid tls.subject option");
goto error;
static DetectTlsData *DetectTlsIssuerDNParse(const char *str, bool negate)
{
DetectTlsData *tls = NULL;
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
const char *str_ptr;
char *tmp_str;
uint32_t flag = 0;
- ret = pcre_exec(issuerdn_parse_regex, issuerdn_parse_regex_study, str, strlen(str), 0, 0,
- ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&issuerdn_parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS);
if (ret != 2) {
SCLogError(SC_ERR_PCRE_MATCH, "invalid tls.issuerdn option");
goto error;
static DetectTlsData *DetectTlsFingerprintParse (const char *str, bool negate)
{
DetectTlsData *tls = NULL;
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
const char *str_ptr;
char *tmp_str;
uint32_t flag = 0;
- ret = pcre_exec(fingerprint_parse_regex, fingerprint_parse_regex_study, str, strlen(str), 0, 0,
- ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&fingerprint_parse_regex, str, 0, 0, ov, MAX_SUBSTRINGS);
if (ret != 2) {
SCLogError(SC_ERR_PCRE_MATCH, "invalid tls.fingerprint option");
goto error;
#define PARSE_REGEX "^\\s*(!?\\s*[0-9]{1,3}|!?\\s*[xX][0-9a-fA-F]{1,2})\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
static int DetectTosSetup(DetectEngineCtx *, Signature *, const char *);
static int DetectTosMatch(DetectEngineThreadCtx *, Packet *,
sigmatch_table[DETECT_TOS].url =
DOC_URL DOC_VERSION "/rules/header-keywords.html#tos";
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
/**
static DetectTosData *DetectTosParse(const char *arg, bool negate)
{
DetectTosData *tosd = NULL;
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
- ret = pcre_exec(parse_regex, parse_regex_study, arg, strlen(arg), 0, 0,
- ov, MAX_SUBSTRINGS);
-
+ ret = DetectParsePcreExec(&parse_regex, arg, 0, 0, ov, MAX_SUBSTRINGS);
if (ret != 2) {
SCLogError(SC_ERR_PCRE_MATCH, "invalid tos option - %s. "
"The tos option value must be in the range "
*/
#define PARSE_REGEX "^\\s*([0-9]*)?\\s*([<>=-]+)?\\s*([0-9]+)?\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
/* prototypes */
static int DetectTtlMatch (DetectEngineThreadCtx *, Packet *,
sigmatch_table[DETECT_TTL].SupportsPrefilter = PrefilterTtlIsPrefilterable;
sigmatch_table[DETECT_TTL].SetupPrefilter = PrefilterSetupTtl;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
return;
}
static DetectTtlData *DetectTtlParse (const char *ttlstr)
{
-#define MAX_SUBSTRINGS 30
int ov[MAX_SUBSTRINGS];
char arg1[6] = "";
char arg2[6] = "";
char arg3[6] = "";
- int ret = pcre_exec(parse_regex, parse_regex_study, ttlstr, strlen(ttlstr), 0, 0, ov, MAX_SUBSTRINGS);
+ int ret = DetectParsePcreExec(&parse_regex, ttlstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 2 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 "", ret);
return NULL;
*/
#define PARSE_REGEX "^(?:\\s*)(<|>)?(?:\\s*)([0-9]{1,5})(?:\\s*)(?:(<>)(?:\\s*)([0-9]{1,5}))?\\s*(?:,\\s*(norm|raw))?\\s*$"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
/*prototypes*/
static int DetectUrilenSetup (DetectEngineCtx *, Signature *, const char *);
sigmatch_table[DETECT_AL_URILEN].Free = DetectUrilenFree;
sigmatch_table[DETECT_AL_URILEN].RegisterTests = DetectUrilenRegisterTests;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
g_http_uri_buffer_id = DetectBufferTypeRegister("http_uri");
g_http_raw_uri_buffer_id = DetectBufferTypeRegister("http_raw_uri");
char *arg3 = NULL;
char *arg4 = NULL;
char *arg5 = NULL;
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
- ret = pcre_exec(parse_regex, parse_regex_study, urilenstr, strlen(urilenstr),
- 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, urilenstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 3 || ret > 6) {
SCLogError(SC_ERR_PCRE_PARSE, "urilen option pcre parse error: \"%s\"", urilenstr);
goto error;
*/
#define PARSE_REGEX "^([a-z]+)" "(?:,\\s*([^,]+))?" "(?:,\\s*(?:track\\s+([^,]+)))" "(?:,\\s*(?:expire\\s+([^,]+)))?"
-static pcre *parse_regex;
-static pcre_extra *parse_regex_study;
+static DetectParseRegex parse_regex;
static int DetectXbitMatch (DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *);
static int DetectXbitSetup (DetectEngineCtx *, Signature *, const char *);
/* this is compatible to ip-only signatures */
sigmatch_table[DETECT_XBITS].flags |= SIGMATCH_IPONLY_COMPAT;
- DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
static int DetectIPPairbitMatchToggle (Packet *p, const DetectXbitsData *fd)
DetectXbitsData *cd = NULL;
uint8_t fb_cmd = 0;
uint8_t hb_dir = 0;
-#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
char fb_cmd_str[16] = "", fb_name[256] = "";
enum VarTypes var_type = VAR_TYPE_NOT_SET;
int expire = DETECT_XBITS_EXPIRE_DEFAULT;
- ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS);
+ ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
if (ret != 2 && ret != 3 && ret != 4 && ret != 5) {
SCLogError(SC_ERR_PCRE_MATCH, "\"%s\" is not a valid setting for xbits.", rawstr);
return -1;
projects / thirdparty / suricata.git / commitdiff
