static void DetectAppLayerEventRegisterTests(void);
#endif
static void DetectAppLayerEventFree(DetectEngineCtx *, void *);
-static int DetectEngineAptEventInspect(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+static uint8_t DetectEngineAptEventInspect(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
static int g_applayer_events_list_id = 0;
g_applayer_events_list_id = DetectBufferTypeGetByName("app-layer-events");
}
-static int DetectEngineAptEventInspect(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+static uint8_t DetectEngineAptEventInspect(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *tx, uint64_t tx_id)
{
#endif
static int g_dce_generic_list_id = 0;
-static int InspectDceGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+static uint8_t InspectDceGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
"dce_generic", ALPROTO_SMB, SIG_FLAG_TOCLIENT, 0, InspectDceGeneric, NULL);
}
-static int InspectDceGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+static uint8_t InspectDceGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return buffer;
}
-static int DetectEngineInspectDNP3(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+static uint8_t DetectEngineInspectDNP3(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return rs_dns_opcode_match(txv, (void *)ctx, flags);
}
-static int DetectEngineInspectRequestGenericDnsOpcode(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectRequestGenericDnsOpcode(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
SCReturnPtr(buffer, "InspectionBuffer");
}
-static int DetectEngineInspectDnsQuery(
- DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const DetectEngineAppInspectionEngine *engine,
- const Signature *s,
- Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
+static uint8_t DetectEngineInspectDnsQuery(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,
+ void *alstate, void *txv, uint64_t tx_id)
{
uint32_t local_id = 0;
}
#ifdef HAVE_LUA
-static int DetectEngineInspectDnsRequest(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
- uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
+static uint8_t DetectEngineInspectDnsRequest(DetectEngineCtx *de_ctx,
+ DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
+ const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
}
-static int DetectEngineInspectDnsResponse(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
- uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
+static uint8_t DetectEngineInspectDnsResponse(DetectEngineCtx *de_ctx,
+ DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
+ const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
* \retval 0 no match
* \retval 1 match
*/
-int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatchData *smd,
- Packet *p, Flow *f,
- const uint8_t *buffer, uint32_t buffer_len,
- uint32_t stream_start_offset, uint8_t flags,
- uint8_t inspection_mode)
+uint8_t DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatchData *smd, Packet *p, Flow *f, const uint8_t *buffer,
+ uint32_t buffer_len, uint32_t stream_start_offset, uint8_t flags, uint8_t inspection_mode)
{
SCEnter();
KEYWORD_PROFILING_START;
/* see if the next buffer keywords match. If not, we will
* search for another occurrence of this content and see
* if the others match then until we run out of matches */
- int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd+1,
- p, f, buffer, buffer_len, stream_start_offset, flags,
- inspection_mode);
+ uint8_t r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd + 1, p, f,
+ buffer, buffer_len, stream_start_offset, flags, inspection_mode);
if (r == 1) {
SCReturnInt(1);
}
} else if (smd->type == DETECT_AL_URILEN) {
SCLogDebug("inspecting uri len");
- int r = 0;
+ uint8_t r = 0;
DetectUrilenData *urilend = (DetectUrilenData *) smd->ctx;
switch (urilend->mode) {
* the buffer portion of the signature matched. */
if (!smd->is_last) {
KEYWORD_PROFILING_END(det_ctx, smd->type, 1);
- int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd+1,
- p, f, buffer, buffer_len, stream_start_offset, flags,
- inspection_mode);
+ uint8_t r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd + 1, p, f, buffer,
+ buffer_len, stream_start_offset, flags, inspection_mode);
SCReturnInt(r);
}
final_match:
* inspection function contains both start and end of the data. */
#define DETECT_CI_FLAGS_SINGLE (DETECT_CI_FLAGS_START|DETECT_CI_FLAGS_END)
-int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatchData *smd,
- Packet *p, Flow *f,
- const uint8_t *buffer, uint32_t buffer_len,
- uint32_t stream_start_offset, uint8_t flags,
- uint8_t inspection_mode);
+uint8_t DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatchData *smd, Packet *p, Flow *f, const uint8_t *buffer,
+ uint32_t buffer_len, uint32_t stream_start_offset, uint8_t flags, uint8_t inspection_mode);
void DetectEngineContentInspectionRegisterTests(void);
#ifndef __DETECT_ENGINE_DCEPAYLOAD_H__
#define __DETECT_ENGINE_DCEPAYLOAD_H__
-//int DetectEngineInspectDcePayload(DetectEngineCtx *, DetectEngineThreadCtx *,
+// uint8_t DetectEngineInspectDcePayload(DetectEngineCtx *, DetectEngineThreadCtx *,
// const Signature *, Flow *, uint8_t, void *);
void DcePayloadRegisterTests(void);
*
* \retval 0 no match or 1 match
*/
-int DetectEngineInspectCIP(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+uint8_t DetectEngineInspectCIP(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
* \retval 0 no match or 1 match
*/
-int DetectEngineInspectENIP(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+uint8_t DetectEngineInspectENIP(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
#ifndef __DETECT_ENGINE_ENIP_H__
#define __DETECT_ENGINE_ENIP_H__
-int DetectEngineInspectCIP(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *,
+uint8_t DetectEngineInspectCIP(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *,
const struct DetectEngineAppInspectionEngine_ *, const Signature *, Flow *, uint8_t, void *,
void *, uint64_t);
-int DetectEngineInspectENIP(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *,
+uint8_t DetectEngineInspectENIP(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *,
const struct DetectEngineAppInspectionEngine_ *, const Signature *, Flow *, uint8_t, void *,
void *, uint64_t);
* \retval 2 can't match
* \retval 3 can't match filestore signature
*/
-static int DetectFileInspect(DetectEngineThreadCtx *det_ctx, Flow *f, const Signature *s,
+static uint8_t DetectFileInspect(DetectEngineThreadCtx *det_ctx, Flow *f, const Signature *s,
const SigMatchData *smd, uint8_t flags, FileContainer *ffc)
{
- int r = 0;
+ uint8_t r = 0;
int match = 0;
int store_r = 0;
*
* \note flow is not locked at this time
*/
-int DetectFileInspectGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+uint8_t DetectFileInspectGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *_alstate, void *tx, uint64_t tx_id)
{
SCReturnInt(DETECT_ENGINE_INSPECT_SIG_NO_MATCH);
}
- int r = DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
- int match = DetectFileInspect(det_ctx, f, s, engine->smd, flags, ffc);
+ uint8_t r = DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
+ uint8_t match = DetectFileInspect(det_ctx, f, s, engine->smd, flags, ffc);
if (match == DETECT_ENGINE_INSPECT_SIG_MATCH) {
r = DETECT_ENGINE_INSPECT_SIG_MATCH;
} else if (match == DETECT_ENGINE_INSPECT_SIG_CANT_MATCH) {
#ifndef __DETECT_ENGINE_FILE_H__
#define __DETECT_ENGINE_FILE_H__
-int DetectFileInspectGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+uint8_t DetectFileInspectGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *_alstate, void *tx, uint64_t tx_id);
* \retval 0 no match
* \retval 1 match
*/
-int DetectEngineInspectPacketPayload(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const Signature *s, Flow *f, Packet *p)
+uint8_t DetectEngineInspectPacketPayload(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, Flow *f, Packet *p)
{
SCEnter();
int r = 0;
* \retval 0 no match
* \retval 1 match
*/
-static int DetectEngineInspectStreamUDPPayload(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatchData *smd,
- Flow *f, Packet *p)
+static uint8_t DetectEngineInspectStreamUDPPayload(DetectEngineCtx *de_ctx,
+ DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Flow *f,
+ Packet *p)
{
SCEnter();
int r = 0;
*
* Returns "can't match" if depth is reached.
*/
-int DetectEngineInspectStream(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+uint8_t DetectEngineInspectStream(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
int PrefilterPktStreamRegister(DetectEngineCtx *de_ctx,
SigGroupHead *sgh, MpmCtx *mpm_ctx);
-int DetectEngineInspectPacketPayload(DetectEngineCtx *,
- DetectEngineThreadCtx *, const Signature *, Flow *, Packet *);
+uint8_t DetectEngineInspectPacketPayload(
+ DetectEngineCtx *, DetectEngineThreadCtx *, const Signature *, Flow *, Packet *);
int DetectEngineInspectStreamPayload(DetectEngineCtx *,
DetectEngineThreadCtx *, const Signature *, Flow *,
Packet *);
-int DetectEngineInspectStream(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+uint8_t DetectEngineInspectStream(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
* \retval 0 no match
* \retval 1 match
*/
-int DetectEngineInspectGenericList(const DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatchData *smd, Flow *f, const uint8_t flags, void *alstate,
- void *txv, uint64_t tx_id)
+uint8_t DetectEngineInspectGenericList(const DetectEngineCtx *de_ctx,
+ DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Flow *f,
+ const uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
SCLogDebug("running match functions, sm %p", smd);
if (smd != NULL) {
* \retval 1 match.
* \retval 2 Sig can't match.
*/
-int DetectEngineInspectBufferGeneric(
- DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const DetectEngineAppInspectionEngine *engine,
- const Signature *s,
- Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
+uint8_t DetectEngineInspectBufferGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,
+ void *alstate, void *txv, uint64_t tx_id)
{
const int list_id = engine->sm_list;
SCLogDebug("running inspect on %d", list_id);
int DetectEngineTentantRegisterPcapFile(uint32_t tenant_id);
int DetectEngineTentantUnregisterPcapFile(uint32_t tenant_id);
-int DetectEngineInspectGenericList(const DetectEngineCtx *, DetectEngineThreadCtx *,
+uint8_t DetectEngineInspectGenericList(const DetectEngineCtx *, DetectEngineThreadCtx *,
const Signature *, const SigMatchData *, Flow *, const uint8_t, void *, void *, uint64_t);
-int DetectEngineInspectBufferGeneric(
- DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const DetectEngineAppInspectionEngine *engine,
- const Signature *s,
- Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
+uint8_t DetectEngineInspectBufferGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,
+ void *alstate, void *txv, uint64_t tx_id);
int DetectEngineInspectPktBufferGeneric(
DetectEngineThreadCtx *det_ctx,
MpmCtx *mpm_ctx, const DetectBufferMpmRegistery *mpm_reg, int list_id);
/* file API */
-static int DetectEngineInspectFiledata(
- DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const DetectEngineAppInspectionEngine *engine,
- const Signature *s,
- Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
+static uint8_t DetectEngineInspectFiledata(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,
+ void *alstate, void *txv, uint64_t tx_id);
int PrefilterMpmFiledataRegister(DetectEngineCtx *de_ctx,
SigGroupHead *sgh, MpmCtx *mpm_ctx,
const DetectBufferMpmRegistery *mpm_reg, int list_id);
-static int DetectEngineInspectBufferHttpBody(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectBufferHttpBody(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
SCReturnPtr(buffer, "InspectionBuffer");
}
-static int DetectEngineInspectBufferHttpBody(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectBufferHttpBody(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
}
}
-static int DetectEngineInspectFiledata(
- DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const DetectEngineAppInspectionEngine *engine,
- const Signature *s,
- Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
+static uint8_t DetectEngineInspectFiledata(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,
+ void *alstate, void *txv, uint64_t tx_id)
{
int r = 0;
int match = 0;
static int PrefilterMpmFilemagicRegister(DetectEngineCtx *de_ctx,
SigGroupHead *sgh, MpmCtx *mpm_ctx,
const DetectBufferMpmRegistery *mpm_reg, int list_id);
-static int DetectEngineInspectFilemagic(
- DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const DetectEngineAppInspectionEngine *engine,
- const Signature *s,
- Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
+static uint8_t DetectEngineInspectFilemagic(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,
+ void *alstate, void *txv, uint64_t tx_id);
static int g_magic_thread_ctx_id = -1;
SCReturnPtr(buffer, "InspectionBuffer");
}
-static int DetectEngineInspectFilemagic(
- DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const DetectEngineAppInspectionEngine *engine,
- const Signature *s,
- Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
+static uint8_t DetectEngineInspectFilemagic(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,
+ void *alstate, void *txv, uint64_t tx_id)
{
const DetectEngineTransforms *transforms = NULL;
if (!engine->mpm) {
return DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
}
- int r = DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
+ uint8_t r = DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
int local_file_id = 0;
for (File *file = ffc->head; file != NULL; file = file->next) {
if (file->txid != tx_id)
static int PrefilterMpmFilenameRegister(DetectEngineCtx *de_ctx,
SigGroupHead *sgh, MpmCtx *mpm_ctx,
const DetectBufferMpmRegistery *mpm_reg, int list_id);
-static int DetectEngineInspectFilename(
- DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const DetectEngineAppInspectionEngine *engine,
- const Signature *s,
- Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
+static uint8_t DetectEngineInspectFilename(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,
+ void *alstate, void *txv, uint64_t tx_id);
/**
* \brief Registration function for keyword: filename
SCReturnPtr(buffer, "InspectionBuffer");
}
-static int DetectEngineInspectFilename(
- DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const DetectEngineAppInspectionEngine *engine,
- const Signature *s,
- Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
+static uint8_t DetectEngineInspectFilename(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,
+ void *alstate, void *txv, uint64_t tx_id)
{
const DetectEngineTransforms *transforms = NULL;
if (!engine->mpm) {
return DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
}
- int r = DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
+ uint8_t r = DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
int local_file_id = 0;
for (File *file = ffc->head; file != NULL; file = file->next) {
if (file->txid != tx_id)
#endif
static int g_ftp_request_list_id = 0;
-static int InspectFtpRequest(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+static uint8_t InspectFtpRequest(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
"ftp_request", ALPROTO_FTP, SIG_FLAG_TOSERVER, 0, InspectFtpRequest, NULL);
}
-static int InspectFtpRequest(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+static uint8_t InspectFtpRequest(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
#ifdef UNITTESTS
static void DetectFtpdataRegisterTests (void);
#endif
-static int DetectEngineInspectFtpdataGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectFtpdataGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
static int g_ftpdata_buffer_id = 0;
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
-static int DetectEngineInspectFtpdataGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectFtpdataGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
Signature *s);
static int g_http_client_body_buffer_id = 0;
-static int DetectEngineInspectBufferHttpBody(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectBufferHttpBody(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
SCReturnPtr(buffer, "InspectionBuffer");
}
-static int DetectEngineInspectBufferHttpBody(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectBufferHttpBody(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
/** \internal
* \brief custom inspect function to utilize the cached headers
*/
-static int DetectEngineInspectBufferHttpHeader(
- DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const DetectEngineAppInspectionEngine *engine,
- const Signature *s,
- Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
+static uint8_t DetectEngineInspectBufferHttpHeader(DetectEngineCtx *de_ctx,
+ DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine,
+ const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
SCEnter();
static int PrefilterMpmHttp2HeaderNameRegister(DetectEngineCtx *de_ctx,
SigGroupHead *sgh, MpmCtx *mpm_ctx,
const DetectBufferMpmRegistery *mpm_reg, int list_id);
-static int DetectEngineInspectHttp2HeaderName(
- DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const DetectEngineAppInspectionEngine *engine,
- const Signature *s,
- Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
+static uint8_t DetectEngineInspectHttp2HeaderName(DetectEngineCtx *de_ctx,
+ DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine,
+ const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
static int DetectHTTP2headerSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg);
static int PrefilterMpmHttp2HeaderRegister(DetectEngineCtx *de_ctx,
SigGroupHead *sgh, MpmCtx *mpm_ctx,
const DetectBufferMpmRegistery *mpm_reg, int list_id);
-static int DetectEngineInspectHttp2Header(
- DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const DetectEngineAppInspectionEngine *engine,
- const Signature *s,
- Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
+static uint8_t DetectEngineInspectHttp2Header(DetectEngineCtx *de_ctx,
+ DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine,
+ const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
static bool DetectHttp2HeaderValidateCallback(const Signature *s, const char **sigerror);
#ifdef UNITTESTS
static int g_http2_header_name_buffer_id = 0;
static int g_http2_header_buffer_id = 0;
-static int DetectEngineInspectHTTP2(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+static uint8_t DetectEngineInspectHTTP2(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
pectx, PrefilterMpmHttp2HNameFree, mpm_reg->name);
}
-static int DetectEngineInspectHttp2HeaderName(
- DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const DetectEngineAppInspectionEngine *engine,
- const Signature *s,
- Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
+static uint8_t DetectEngineInspectHttp2HeaderName(DetectEngineCtx *de_ctx,
+ DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine,
+ const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
uint32_t local_id = 0;
pectx, PrefilterMpmHttp2HeaderFree, mpm_reg->name);
}
-static int DetectEngineInspectHttp2Header(
- DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const DetectEngineAppInspectionEngine *engine,
- const Signature *s,
- Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
+static uint8_t DetectEngineInspectHttp2Header(DetectEngineCtx *de_ctx,
+ DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine,
+ const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
uint32_t local_id = 0;
static void DetectIkeChosenSaFree(DetectEngineCtx *, void *);
static int g_ike_chosen_sa_buffer_id = 0;
-static int DetectEngineInspectIkeChosenSaGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectIkeChosenSaGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
g_ike_chosen_sa_buffer_id = DetectBufferTypeGetByName("ike.chosen_sa_attribute");
}
-static int DetectEngineInspectIkeChosenSaGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectIkeChosenSaGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
static void DetectIkeExchTypeFree(DetectEngineCtx *, void *);
static int g_ike_exch_type_buffer_id = 0;
-static int DetectEngineInspectIkeExchTypeGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectIkeExchTypeGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
g_ike_exch_type_buffer_id = DetectBufferTypeGetByName("ike.exchtype");
}
-static int DetectEngineInspectIkeExchTypeGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectIkeExchTypeGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
static void DetectIkeKeyExchangePayloadLengthFree(DetectEngineCtx *, void *);
static int g_ike_key_exch_payload_length_buffer_id = 0;
-static int DetectEngineInspectIkeKeyExchangePayloadLengthGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectIkeKeyExchangePayloadLengthGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
DetectBufferTypeGetByName("ike.key_exchange_payload_length");
}
-static int DetectEngineInspectIkeKeyExchangePayloadLengthGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectIkeKeyExchangePayloadLengthGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
static void DetectIkeNoncePayloadLengthFree(DetectEngineCtx *, void *);
static int g_ike_nonce_payload_length_buffer_id = 0;
-static int DetectEngineInspectIkeNoncePayloadLengthGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectIkeNoncePayloadLengthGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
g_ike_nonce_payload_length_buffer_id = DetectBufferTypeGetByName("ike.nonce_payload_length");
}
-static int DetectEngineInspectIkeNoncePayloadLengthGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectIkeNoncePayloadLengthGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
mpm_reg->app_v2.tx_min_progress, pectx, PrefilterMpmIkeVendorFree, mpm_reg->pname);
}
-static int DetectEngineInspectIkeVendor(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+static uint8_t DetectEngineInspectIkeVendor(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,
void *alstate, void *txv, uint64_t tx_id)
{
SCReturnPtr(buffer, "InspectionBuffer");
}
-static int DetectEngineInspectKrb5CName(
- DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const DetectEngineAppInspectionEngine *engine,
- const Signature *s,
- Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
+static uint8_t DetectEngineInspectKrb5CName(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,
+ void *alstate, void *txv, uint64_t tx_id)
{
uint32_t local_id = 0;
static void DetectKrb5ErrCodeRegisterTests (void);
#endif
-static int DetectEngineInspectKRB5Generic(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
- uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
+static uint8_t DetectEngineInspectKRB5Generic(DetectEngineCtx *de_ctx,
+ DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
+ const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
static int g_krb5_err_code_list_id = 0;
SCLogDebug("g_krb5_err_code_list_id %d", g_krb5_err_code_list_id);
}
-static int DetectEngineInspectKRB5Generic(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
- uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
+static uint8_t DetectEngineInspectKRB5Generic(DetectEngineCtx *de_ctx,
+ DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
+ const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
static void DetectKrb5MsgTypeRegisterTests (void);
#endif
-static int DetectEngineInspectKRB5Generic(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,
- void *alstate, void *txv, uint64_t tx_id);
+static uint8_t DetectEngineInspectKRB5Generic(DetectEngineCtx *de_ctx,
+ DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine,
+ const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
static int g_krb5_msg_type_list_id = 0;
SCLogDebug("g_krb5_msg_type_list_id %d", g_krb5_msg_type_list_id);
}
-static int DetectEngineInspectKRB5Generic(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,
- void *alstate, void *txv, uint64_t tx_id)
+static uint8_t DetectEngineInspectKRB5Generic(DetectEngineCtx *de_ctx,
+ DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine,
+ const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
SCReturnPtr(buffer, "InspectionBuffer");
}
-static int DetectEngineInspectKrb5SName(
- DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const DetectEngineAppInspectionEngine *engine,
- const Signature *s,
- Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
+static uint8_t DetectEngineInspectKrb5SName(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,
+ void *alstate, void *txv, uint64_t tx_id)
{
uint32_t local_id = 0;
static void DetectLuaFree(DetectEngineCtx *, void *);
static int g_smtp_generic_list_id = 0;
-static int InspectSmtpGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+static uint8_t InspectSmtpGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
return;
}
-static int InspectSmtpGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+static uint8_t InspectSmtpGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
*
* \retval 0 no match or 1 match
*/
-static int DetectEngineInspectModbus(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+static uint8_t DetectEngineInspectModbus(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
void MQTTConnackSessionPresentRegisterTests(void);
void DetectMQTTConnackSessionPresentFree(DetectEngineCtx *de_ctx, void *);
-static int DetectEngineInspectMQTTConnackSessionPresentGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectMQTTConnackSessionPresentGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
mqtt_connack_session_present_id = DetectBufferTypeGetByName("mqtt.connack.session_present");
}
-static int DetectEngineInspectMQTTConnackSessionPresentGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectMQTTConnackSessionPresentGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
void MQTTConnectFlagsRegisterTests(void);
void DetectMQTTConnectFlagsFree(DetectEngineCtx *de_ctx, void *);
-static int DetectEngineInspectMQTTConnectFlagsGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectMQTTConnectFlagsGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
mqtt_connect_flags_id = DetectBufferTypeGetByName("mqtt.connect.flags");
}
-static int DetectEngineInspectMQTTConnectFlagsGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectMQTTConnectFlagsGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
void MQTTFlagsRegisterTests(void);
void DetectMQTTFlagsFree(DetectEngineCtx *de_ctx, void *);
-static int DetectEngineInspectMQTTFlagsGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectMQTTFlagsGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
mqtt_flags_id = DetectBufferTypeGetByName("mqtt.flags");
}
-static int DetectEngineInspectMQTTFlagsGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectMQTTFlagsGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
void MQTTProtocolVersionRegisterTests(void);
void DetectMQTTProtocolVersionFree(DetectEngineCtx *de_ctx, void *);
-static int DetectEngineInspectMQTTProtocolVersionGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectMQTTProtocolVersionGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
mqtt_protocol_version_id = DetectBufferTypeGetByName("mqtt.protocol_version");
}
-static int DetectEngineInspectMQTTProtocolVersionGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectMQTTProtocolVersionGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
void MQTTQosRegisterTests(void);
void DetectMQTTQosFree(DetectEngineCtx *de_ctx, void *);
-static int DetectEngineInspectMQTTQosGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectMQTTQosGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
mqtt_qos_id = DetectBufferTypeGetByName("mqtt.qos");
}
-static int DetectEngineInspectMQTTQosGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectMQTTQosGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
void MQTTReasonCodeRegisterTests(void);
void DetectMQTTReasonCodeFree(DetectEngineCtx *de_ctx, void *);
-static int DetectEngineInspectMQTTReasonCodeGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectMQTTReasonCodeGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
mqtt_reason_code_id = DetectBufferTypeGetByName("mqtt.reason_code");
}
-static int DetectEngineInspectMQTTReasonCodeGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectMQTTReasonCodeGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
SCReturnPtr(buffer, "InspectionBuffer");
}
-static int DetectEngineInspectMQTTSubscribeTopic(
- DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const DetectEngineAppInspectionEngine *engine,
- const Signature *s,
- Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
+static uint8_t DetectEngineInspectMQTTSubscribeTopic(DetectEngineCtx *de_ctx,
+ DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine,
+ const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
uint32_t local_id = 0;
void MQTTTypeRegisterTests(void);
void DetectMQTTTypeFree(DetectEngineCtx *de_ctx, void *);
-static int DetectEngineInspectMQTTTypeGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectMQTTTypeGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
mqtt_type_id = DetectBufferTypeGetByName("mqtt.type");
}
-static int DetectEngineInspectMQTTTypeGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectMQTTTypeGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
SCReturnPtr(buffer, "InspectionBuffer");
}
-static int DetectEngineInspectMQTTUnsubscribeTopic(
- DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const DetectEngineAppInspectionEngine *engine,
- const Signature *s,
- Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
+static uint8_t DetectEngineInspectMQTTUnsubscribeTopic(DetectEngineCtx *de_ctx,
+ DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine,
+ const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
uint32_t local_id = 0;
#endif
static int g_nfs_request_buffer_id = 0;
-static int DetectEngineInspectNfsRequestGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectNfsRequestGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
SCLogDebug("g_nfs_request_buffer_id %d", g_nfs_request_buffer_id);
}
-static int DetectEngineInspectNfsRequestGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectNfsRequestGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
#endif
static int g_nfs_request_buffer_id = 0;
-static int DetectEngineInspectNfsRequestGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectNfsRequestGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
SCLogDebug("g_nfs_request_buffer_id %d", g_nfs_request_buffer_id);
}
-static int DetectEngineInspectNfsRequestGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectNfsRequestGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
SCReturnPtr(buffer, "InspectionBuffer");
}
-static int DetectEngineInspectQuicHash(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+static uint8_t DetectEngineInspectQuicHash(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,
void *alstate, void *txv, uint64_t tx_id)
{
SCReturnPtr(buffer, "InspectionBuffer");
}
-static int DetectEngineInspectQuicString(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,
- void *alstate, void *txv, uint64_t tx_id)
+static uint8_t DetectEngineInspectQuicString(DetectEngineCtx *de_ctx,
+ DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine,
+ const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
uint32_t local_id = 0;
#endif
void DetectRfbSecresultFree(DetectEngineCtx *, void *);
-static int DetectEngineInspectRfbSecresultGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectRfbSecresultGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
rfb_secresult_id = DetectBufferTypeGetByName("rfb.secresult");
}
-static int DetectEngineInspectRfbSecresultGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectRfbSecresultGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
static void DetectRfbSectypeFree(DetectEngineCtx *, void *);
static int g_rfb_sectype_buffer_id = 0;
-static int DetectEngineInspectRfbSectypeGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectRfbSectypeGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
g_rfb_sectype_buffer_id = DetectBufferTypeGetByName("rfb.sectype");
}
-static int DetectEngineInspectRfbSectypeGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectRfbSectypeGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
#endif
static int g_snmp_pdu_type_buffer_id = 0;
-static int DetectEngineInspectSNMPRequestGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectSNMPRequestGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
g_snmp_pdu_type_buffer_id = DetectBufferTypeGetByName("snmp.pdu_type");
}
-static int DetectEngineInspectSNMPRequestGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectSNMPRequestGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
#endif
static int g_snmp_version_buffer_id = 0;
-static int DetectEngineInspectSNMPRequestGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectSNMPRequestGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
g_snmp_version_buffer_id = DetectBufferTypeGetByName("snmp.version");
}
-static int DetectEngineInspectSNMPRequestGeneric(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectSNMPRequestGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
static void DetectSshSoftwareVersionFree(DetectEngineCtx *de_ctx, void *);
static int g_ssh_banner_list_id = 0;
-static int InspectSshBanner(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+static uint8_t InspectSshBanner(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
#endif
static void DetectSslStateFree(DetectEngineCtx *, void *);
-static int InspectTlsGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+static uint8_t InspectTlsGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
"tls_generic", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, InspectTlsGeneric, NULL);
}
-static int InspectTlsGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+static uint8_t InspectTlsGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
static int DetectTemplateRustBufferSetup(DetectEngineCtx *, Signature *,
const char *);
-static int DetectEngineInspectTemplateRustBuffer(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectTemplateRustBuffer(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
#ifdef UNITTESTS
return 0;
}
-static int DetectEngineInspectTemplateRustBuffer(DetectEngineCtx *de_ctx,
+static uint8_t DetectEngineInspectTemplateRustBuffer(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
- int ret = 0;
+ uint8_t ret = 0;
const uint8_t *data = NULL;
uint32_t data_len = 0;
static void DetectTlsValidityFree(DetectEngineCtx *, void *);
static int g_tls_validity_buffer_id = 0;
-static int DetectEngineInspectTlsValidity(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
- uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
+static uint8_t DetectEngineInspectTlsValidity(DetectEngineCtx *de_ctx,
+ DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
+ const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
/**
* \brief Registration function for tls validity keywords.
g_tls_validity_buffer_id = DetectBufferTypeGetByName("tls_validity");
}
-static int DetectEngineInspectTlsValidity(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
- uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
+static uint8_t DetectEngineInspectTlsValidity(DetectEngineCtx *de_ctx,
+ DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
+ const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
#ifdef UNITTESTS
static void DetectTlsCertsRegisterTests(void);
#endif
-static int DetectEngineInspectTlsCerts(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const DetectEngineAppInspectionEngine *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv,
- uint64_t tx_id);
+static uint8_t DetectEngineInspectTlsCerts(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,
+ void *alstate, void *txv, uint64_t tx_id);
static int PrefilterMpmTlsCertsRegister(DetectEngineCtx *de_ctx,
SigGroupHead *sgh, MpmCtx *mpm_ctx,
const DetectBufferMpmRegistery *mpm_reg, int list_id);
SCReturnPtr(buffer, "InspectionBuffer");
}
-static int DetectEngineInspectTlsCerts(DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const DetectEngineAppInspectionEngine *engine,
- const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv,
- uint64_t tx_id)
+static uint8_t DetectEngineInspectTlsCerts(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,
+ void *alstate, void *txv, uint64_t tx_id)
{
const DetectEngineTransforms *transforms = NULL;
if (!engine->mpm) {
static int g_tls_cert_list_id = 0;
-static int InspectTlsCert(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+static uint8_t InspectTlsCert(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
}
/* run callback: but bypass stream callback if we can */
- int match;
+ uint8_t match;
if (unlikely(engine->stream && can->stream_stored)) {
match = can->stream_result;
TRACE_SID_TXS(s->id, tx, "stream skipped, stored result %d used instead", match);
TRACE_SID_TXS(s->id, tx, "engine %p match %d", engine, match);
if (engine->stream) {
can->stream_stored = true;
- // TODO change Callback prototype ?
- can->stream_result = (uint8_t)match;
+ can->stream_result = match;
TRACE_SID_TXS(s->id, tx, "stream ran, store result %d for next tx (if any)", match);
}
}
void *txv, const int list_id);
struct DetectEngineAppInspectionEngine_;
-typedef int (*InspectEngineFuncPtr2)(
- struct DetectEngineCtx_ *de_ctx, struct DetectEngineThreadCtx_ *det_ctx,
- const struct DetectEngineAppInspectionEngine_ *engine,
- const struct Signature_ *s,
- Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
+typedef uint8_t (*InspectEngineFuncPtr2)(struct DetectEngineCtx_ *de_ctx,
+ struct DetectEngineThreadCtx_ *det_ctx,
+ const struct DetectEngineAppInspectionEngine_ *engine, const struct Signature_ *s, Flow *f,
+ uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
typedef struct DetectEngineAppInspectionEngine_ {
AppProto alproto;
projects / thirdparty / suricata.git / commitdiff
