* 02110-1301, USA.
*/
-use super::websocket::WebSocketTransaction;
+use super::websocket::{WebSocketTransaction, ALPROTO_WEBSOCKET};
use crate::detect::uint::{
- detect_parse_uint, detect_parse_uint_enum, DetectUintData, DetectUintMode,
+ detect_parse_uint, detect_parse_uint_enum, rs_detect_u32_free, rs_detect_u32_match,
+ rs_detect_u32_parse, rs_detect_u8_free, rs_detect_u8_match, DetectUintData, DetectUintMode,
+};
+use crate::detect::{
+ DetectBufferSetActiveList, DetectHelperBufferMpmRegister, DetectHelperBufferRegister,
+ DetectHelperGetData, DetectHelperKeywordRegister, DetectSignatureSetAppProto, SCSigTableElmt,
+ SigMatchAppendSMToList, SIGMATCH_INFO_STICKY_BUFFER, SIGMATCH_NOOPT,
};
use crate::websocket::parser::WebSocketOpcode;
use nom7::IResult;
use std::ffi::CStr;
+use std::os::raw::{c_int, c_void};
-#[no_mangle]
-pub unsafe extern "C" fn SCWebSocketGetOpcode(tx: &mut WebSocketTransaction) -> u8 {
- return tx.pdu.opcode;
-}
-
-#[no_mangle]
-pub unsafe extern "C" fn SCWebSocketGetFlags(tx: &mut WebSocketTransaction) -> u8 {
- return tx.pdu.flags;
-}
-
-#[no_mangle]
-pub unsafe extern "C" fn SCWebSocketGetPayload(
- tx: &WebSocketTransaction, buffer: *mut *const u8, buffer_len: *mut u32,
-) -> bool {
- *buffer = tx.pdu.payload.as_ptr();
- *buffer_len = tx.pdu.payload.len() as u32;
- return true;
-}
-
-#[no_mangle]
-pub unsafe extern "C" fn SCWebSocketGetMask(
- tx: &mut WebSocketTransaction, value: *mut u32,
-) -> bool {
- if let Some(xorkey) = tx.pdu.mask {
- *value = xorkey;
- return true;
- }
- return false;
-}
-
-#[no_mangle]
-pub unsafe extern "C" fn SCWebSocketParseOpcode(
+unsafe extern "C" fn websocket_parse_opcode(
ustr: *const std::os::raw::c_char,
) -> *mut DetectUintData<u8> {
let ft_name: &CStr = CStr::from_ptr(ustr); //unsafe
return None;
}
-#[no_mangle]
-pub unsafe extern "C" fn SCWebSocketParseFlags(
+unsafe extern "C" fn websocket_parse_flags(
ustr: *const std::os::raw::c_char,
) -> *mut DetectUintData<u8> {
let ft_name: &CStr = CStr::from_ptr(ustr); //unsafe
}
return std::ptr::null_mut();
}
+
+static mut G_WEBSOCKET_OPCODE_KW_ID: c_int = 0;
+static mut G_WEBSOCKET_OPCODE_BUFFER_ID: c_int = 0;
+static mut G_WEBSOCKET_MASK_KW_ID: c_int = 0;
+static mut G_WEBSOCKET_MASK_BUFFER_ID: c_int = 0;
+static mut G_WEBSOCKET_FLAGS_KW_ID: c_int = 0;
+static mut G_WEBSOCKET_FLAGS_BUFFER_ID: c_int = 0;
+static mut G_WEBSOCKET_PAYLOAD_BUFFER_ID: c_int = 0;
+
+unsafe extern "C" fn websocket_detect_opcode_setup(
+ de: *mut c_void, s: *mut c_void, raw: *const libc::c_char,
+) -> c_int {
+ if DetectSignatureSetAppProto(s, ALPROTO_WEBSOCKET) != 0 {
+ return -1;
+ }
+ let ctx = websocket_parse_opcode(raw) as *mut c_void;
+ if ctx.is_null() {
+ return -1;
+ }
+ if SigMatchAppendSMToList(
+ de,
+ s,
+ G_WEBSOCKET_OPCODE_KW_ID,
+ ctx,
+ G_WEBSOCKET_OPCODE_BUFFER_ID,
+ )
+ .is_null()
+ {
+ websocket_detect_opcode_free(std::ptr::null_mut(), ctx);
+ return -1;
+ }
+ return 0;
+}
+
+unsafe extern "C" fn websocket_detect_opcode_match(
+ _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
+ _sig: *const c_void, ctx: *const c_void,
+) -> c_int {
+ let tx = cast_pointer!(tx, WebSocketTransaction);
+ let ctx = cast_pointer!(ctx, DetectUintData<u8>);
+ return rs_detect_u8_match(tx.pdu.opcode, ctx);
+}
+
+unsafe extern "C" fn websocket_detect_opcode_free(_de: *mut c_void, ctx: *mut c_void) {
+ // Just unbox...
+ let ctx = cast_pointer!(ctx, DetectUintData<u8>);
+ rs_detect_u8_free(ctx);
+}
+
+unsafe extern "C" fn websocket_detect_mask_setup(
+ de: *mut c_void, s: *mut c_void, raw: *const libc::c_char,
+) -> c_int {
+ if DetectSignatureSetAppProto(s, ALPROTO_WEBSOCKET) != 0 {
+ return -1;
+ }
+ let ctx = rs_detect_u32_parse(raw) as *mut c_void;
+ if ctx.is_null() {
+ return -1;
+ }
+ if SigMatchAppendSMToList(
+ de,
+ s,
+ G_WEBSOCKET_MASK_KW_ID,
+ ctx,
+ G_WEBSOCKET_MASK_BUFFER_ID,
+ )
+ .is_null()
+ {
+ websocket_detect_mask_free(std::ptr::null_mut(), ctx);
+ return -1;
+ }
+ return 0;
+}
+
+unsafe extern "C" fn websocket_detect_mask_match(
+ _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
+ _sig: *const c_void, ctx: *const c_void,
+) -> c_int {
+ let tx = cast_pointer!(tx, WebSocketTransaction);
+ let ctx = cast_pointer!(ctx, DetectUintData<u32>);
+ if let Some(xorkey) = tx.pdu.mask {
+ return rs_detect_u32_match(xorkey, ctx);
+ }
+ return 0;
+}
+
+unsafe extern "C" fn websocket_detect_mask_free(_de: *mut c_void, ctx: *mut c_void) {
+ // Just unbox...
+ let ctx = cast_pointer!(ctx, DetectUintData<u32>);
+ rs_detect_u32_free(ctx);
+}
+
+unsafe extern "C" fn websocket_detect_flags_setup(
+ de: *mut c_void, s: *mut c_void, raw: *const libc::c_char,
+) -> c_int {
+ if DetectSignatureSetAppProto(s, ALPROTO_WEBSOCKET) != 0 {
+ return -1;
+ }
+ let ctx = websocket_parse_flags(raw) as *mut c_void;
+ if ctx.is_null() {
+ return -1;
+ }
+ if SigMatchAppendSMToList(
+ de,
+ s,
+ G_WEBSOCKET_FLAGS_KW_ID,
+ ctx,
+ G_WEBSOCKET_FLAGS_BUFFER_ID,
+ )
+ .is_null()
+ {
+ websocket_detect_flags_free(std::ptr::null_mut(), ctx);
+ return -1;
+ }
+ return 0;
+}
+
+unsafe extern "C" fn websocket_detect_flags_match(
+ _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
+ _sig: *const c_void, ctx: *const c_void,
+) -> c_int {
+ let tx = cast_pointer!(tx, WebSocketTransaction);
+ let ctx = cast_pointer!(ctx, DetectUintData<u8>);
+ return rs_detect_u8_match(tx.pdu.flags, ctx);
+}
+
+unsafe extern "C" fn websocket_detect_flags_free(_de: *mut c_void, ctx: *mut c_void) {
+ // Just unbox...
+ let ctx = cast_pointer!(ctx, DetectUintData<u8>);
+ rs_detect_u8_free(ctx);
+}
+
+pub unsafe extern "C" fn websocket_detect_payload_setup(
+ de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char,
+) -> c_int {
+ if DetectSignatureSetAppProto(s, ALPROTO_WEBSOCKET) != 0 {
+ return -1;
+ }
+ if DetectBufferSetActiveList(de, s, G_WEBSOCKET_PAYLOAD_BUFFER_ID) < 0 {
+ return -1;
+ }
+ return 0;
+}
+
+pub unsafe extern "C" fn websocket_detect_payload_get(
+ tx: *const c_void, _flow_flags: u8, buffer: *mut *const u8, buffer_len: *mut u32,
+) -> bool {
+ let tx = cast_pointer!(tx, WebSocketTransaction);
+ *buffer = tx.pdu.payload.as_ptr();
+ *buffer_len = tx.pdu.payload.len() as u32;
+ return true;
+}
+
+pub unsafe extern "C" fn websocket_detect_payload_get_data(
+ de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
+ tx: *const c_void, list_id: c_int,
+) -> *mut c_void {
+ return DetectHelperGetData(
+ de,
+ transforms,
+ flow,
+ flow_flags,
+ tx,
+ list_id,
+ websocket_detect_payload_get,
+ );
+}
+
+#[no_mangle]
+pub unsafe extern "C" fn ScDetectWebsocketRegister() {
+ let kw = SCSigTableElmt {
+ name: b"websocket.opcode\0".as_ptr() as *const libc::c_char,
+ desc: b"match WebSocket opcode\0".as_ptr() as *const libc::c_char,
+ url: b"/rules/websocket-keywords.html#websocket-opcode\0".as_ptr() as *const libc::c_char,
+ AppLayerTxMatch: Some(websocket_detect_opcode_match),
+ Setup: websocket_detect_opcode_setup,
+ Free: Some(websocket_detect_opcode_free),
+ flags: 0,
+ };
+ unsafe {
+ G_WEBSOCKET_OPCODE_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_WEBSOCKET_OPCODE_BUFFER_ID = DetectHelperBufferRegister(
+ b"websocket.opcode\0".as_ptr() as *const libc::c_char,
+ ALPROTO_WEBSOCKET,
+ true,
+ true,
+ );
+ }
+ let kw = SCSigTableElmt {
+ name: b"websocket.mask\0".as_ptr() as *const libc::c_char,
+ desc: b"match WebSocket mask\0".as_ptr() as *const libc::c_char,
+ url: b"/rules/websocket-keywords.html#websocket-mask\0".as_ptr() as *const libc::c_char,
+ AppLayerTxMatch: Some(websocket_detect_mask_match),
+ Setup: websocket_detect_mask_setup,
+ Free: Some(websocket_detect_mask_free),
+ flags: 0,
+ };
+ unsafe {
+ G_WEBSOCKET_MASK_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_WEBSOCKET_MASK_BUFFER_ID = DetectHelperBufferRegister(
+ b"websocket.mask\0".as_ptr() as *const libc::c_char,
+ ALPROTO_WEBSOCKET,
+ true,
+ true,
+ );
+ }
+ let kw = SCSigTableElmt {
+ name: b"websocket.flags\0".as_ptr() as *const libc::c_char,
+ desc: b"match WebSocket flags\0".as_ptr() as *const libc::c_char,
+ url: b"/rules/websocket-keywords.html#websocket-flags\0".as_ptr() as *const libc::c_char,
+ AppLayerTxMatch: Some(websocket_detect_flags_match),
+ Setup: websocket_detect_flags_setup,
+ Free: Some(websocket_detect_flags_free),
+ flags: 0,
+ };
+ unsafe {
+ G_WEBSOCKET_FLAGS_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_WEBSOCKET_FLAGS_BUFFER_ID = DetectHelperBufferRegister(
+ b"websocket.flags\0".as_ptr() as *const libc::c_char,
+ ALPROTO_WEBSOCKET,
+ true,
+ true,
+ );
+ }
+ let kw = SCSigTableElmt {
+ name: b"websocket.payload\0".as_ptr() as *const libc::c_char,
+ desc: b"match WebSocket payload\0".as_ptr() as *const libc::c_char,
+ url: b"/rules/websocket-keywords.html#websocket-payload\0".as_ptr() as *const libc::c_char,
+ Setup: websocket_detect_payload_setup,
+ flags: SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER,
+ AppLayerTxMatch: None,
+ Free: None,
+ };
+ unsafe {
+ let _g_ws_payload_kw_id = DetectHelperKeywordRegister(&kw);
+ G_WEBSOCKET_PAYLOAD_BUFFER_ID = DetectHelperBufferMpmRegister(
+ b"websocket.payload\0".as_ptr() as *const libc::c_char,
+ b"WebSocket payload\0".as_ptr() as *const libc::c_char,
+ ALPROTO_WEBSOCKET,
+ true,
+ true,
+ websocket_detect_payload_get_data,
+ );
+ }
+}
use std::io::Read;
use std::os::raw::{c_char, c_int, c_void};
-static mut ALPROTO_WEBSOCKET: AppProto = ALPROTO_UNKNOWN;
+pub(super) static mut ALPROTO_WEBSOCKET: AppProto = ALPROTO_UNKNOWN;
static mut WEBSOCKET_MAX_PAYLOAD_SIZE: u32 = 0xFFFF;
detect-urilen.h \
detect-within.h \
detect-xbits.h \
- detect-websocket.h \
device-storage.h \
feature.h \
flow-bit.h \
detect-urilen.c \
detect-within.c \
detect-xbits.c \
- detect-websocket.c \
device-storage.c \
feature.c \
flow-bit.c \
#include "detect-quic-cyu-hash.h"
#include "detect-quic-cyu-string.h"
#include "detect-ja4-hash.h"
-#include "detect-websocket.h"
#include "detect-bypass.h"
#include "detect-ftpdata.h"
DetectQuicCyuHashRegister();
DetectQuicCyuStringRegister();
DetectJa4HashRegister();
- DetectWebsocketRegister();
DetectBypassRegister();
DetectConfigRegister();
ScDetectSNMPRegister();
ScDetectDHCPRegister();
+ ScDetectWebsocketRegister();
/* close keyword registration */
DetectBufferTypeCloseRegistration();
DETECT_AL_QUIC_UA,
DETECT_AL_QUIC_CYU_HASH,
DETECT_AL_QUIC_CYU_STRING,
- DETECT_WEBSOCKET_MASK,
- DETECT_WEBSOCKET_OPCODE,
- DETECT_WEBSOCKET_FLAGS,
- DETECT_WEBSOCKET_PAYLOAD,
DETECT_BYPASS,
+++ /dev/null
-/* Copyright (C) 2023 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * \author Philippe Antoine
- */
-
-#include "suricata-common.h"
-#include "detect.h"
-#include "detect-parse.h"
-#include "detect-engine.h"
-#include "detect-engine-content-inspection.h"
-#include "detect-engine-uint.h"
-#include "detect-engine-prefilter.h"
-#include "detect-websocket.h"
-
-#include "rust.h"
-
-static int websocket_tx_id = 0;
-static int websocket_payload_id = 0;
-
-/**
- * \internal
- * \brief this function will free memory associated with DetectWebSocketOpcodeData
- *
- * \param de pointer to DetectWebSocketOpcodeData
- */
-static void DetectWebSocketOpcodeFree(DetectEngineCtx *de_ctx, void *de_ptr)
-{
- rs_detect_u8_free(de_ptr);
-}
-
-/**
- * \internal
- * \brief Function to match opcode of a websocket tx
- *
- * \param det_ctx Pointer to the pattern matcher thread.
- * \param f Pointer to the current flow.
- * \param flags Flags.
- * \param state App layer state.
- * \param txv Pointer to the transaction.
- * \param s Pointer to the Signature.
- * \param ctx Pointer to the sigmatch that we will cast into DetectWebSocketOpcodeData.
- *
- * \retval 0 no match.
- * \retval 1 match.
- */
-static int DetectWebSocketOpcodeMatch(DetectEngineThreadCtx *det_ctx, Flow *f, uint8_t flags,
- void *state, void *txv, const Signature *s, const SigMatchCtx *ctx)
-{
- const DetectU8Data *de = (const DetectU8Data *)ctx;
- uint8_t opc = SCWebSocketGetOpcode(txv);
- return DetectU8Match(opc, de);
-}
-
-/**
- * \internal
- * \brief this function is used to add the parsed sigmatch into the current signature
- *
- * \param de_ctx pointer to the Detection Engine Context
- * \param s pointer to the Current Signature
- * \param rawstr pointer to the user provided options
- *
- * \retval 0 on Success
- * \retval -1 on Failure
- */
-static int DetectWebSocketOpcodeSetup(DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
-{
- if (DetectSignatureSetAppProto(s, ALPROTO_WEBSOCKET) < 0)
- return -1;
-
- DetectU8Data *de = SCWebSocketParseOpcode(rawstr);
- if (de == NULL)
- return -1;
-
- if (SigMatchAppendSMToList(
- de_ctx, s, DETECT_WEBSOCKET_OPCODE, (SigMatchCtx *)de, websocket_tx_id) == NULL) {
- DetectWebSocketOpcodeFree(de_ctx, de);
- return -1;
- }
-
- return 0;
-}
-
-/**
- * \internal
- * \brief this function will free memory associated with DetectWebSocketMaskData
- *
- * \param de pointer to DetectWebSocketMaskData
- */
-static void DetectWebSocketMaskFree(DetectEngineCtx *de_ctx, void *de_ptr)
-{
- rs_detect_u32_free(de_ptr);
-}
-
-static int DetectWebSocketMaskMatch(DetectEngineThreadCtx *det_ctx, Flow *f, uint8_t flags,
- void *state, void *txv, const Signature *s, const SigMatchCtx *ctx)
-{
- uint32_t val;
- const DetectU32Data *du32 = (const DetectU32Data *)ctx;
- if (SCWebSocketGetMask(txv, &val)) {
- return DetectU32Match(val, du32);
- }
- return 0;
-}
-
-static int DetectWebSocketMaskSetup(DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
-{
- if (DetectSignatureSetAppProto(s, ALPROTO_WEBSOCKET) < 0)
- return -1;
-
- DetectU32Data *du32 = DetectU32Parse(rawstr);
- if (du32 == NULL)
- return -1;
-
- if (SigMatchAppendSMToList(
- de_ctx, s, DETECT_WEBSOCKET_MASK, (SigMatchCtx *)du32, websocket_tx_id) == NULL) {
- DetectWebSocketMaskFree(de_ctx, du32);
- return -1;
- }
-
- return 0;
-}
-
-static void DetectWebSocketFlagsFree(DetectEngineCtx *de_ctx, void *de_ptr)
-{
- rs_detect_u8_free(de_ptr);
-}
-
-static int DetectWebSocketFlagsMatch(DetectEngineThreadCtx *det_ctx, Flow *f, uint8_t flags,
- void *state, void *txv, const Signature *s, const SigMatchCtx *ctx)
-{
- const DetectU8Data *de = (const DetectU8Data *)ctx;
- uint8_t val = SCWebSocketGetFlags(txv);
- return DetectU8Match(val, de);
-}
-
-static int DetectWebSocketFlagsSetup(DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
-{
- if (DetectSignatureSetAppProto(s, ALPROTO_WEBSOCKET) < 0)
- return -1;
-
- DetectU8Data *de = SCWebSocketParseFlags(rawstr);
- if (de == NULL)
- return -1;
-
- if (SigMatchAppendSMToList(
- de_ctx, s, DETECT_WEBSOCKET_FLAGS, (SigMatchCtx *)de, websocket_tx_id) == NULL) {
- DetectWebSocketOpcodeFree(de_ctx, de);
- return -1;
- }
-
- return 0;
-}
-
-static int DetectWebSocketPayloadSetup(DetectEngineCtx *de_ctx, Signature *s, const char *rulestr)
-{
- if (DetectBufferSetActiveList(de_ctx, s, websocket_payload_id) < 0)
- return -1;
-
- if (DetectSignatureSetAppProto(s, ALPROTO_WEBSOCKET) != 0)
- return -1;
-
- return 0;
-}
-
-static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *_f, const uint8_t _flow_flags, void *txv,
- const int list_id)
-{
- InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
- if (buffer->inspect == NULL) {
- const uint8_t *b = NULL;
- uint32_t b_len = 0;
-
- if (!SCWebSocketGetPayload(txv, &b, &b_len))
- return NULL;
- if (b == NULL || b_len == 0)
- return NULL;
-
- InspectionBufferSetup(det_ctx, list_id, buffer, b, b_len);
- InspectionBufferApplyTransforms(buffer, transforms);
- }
- return buffer;
-}
-
-/**
- * \brief Registration function for websocket.opcode: keyword
- */
-void DetectWebsocketRegister(void)
-{
- sigmatch_table[DETECT_WEBSOCKET_OPCODE].name = "websocket.opcode";
- sigmatch_table[DETECT_WEBSOCKET_OPCODE].desc = "match WebSocket opcode";
- sigmatch_table[DETECT_WEBSOCKET_OPCODE].url = "/rules/websocket-keywords.html#websocket-opcode";
- sigmatch_table[DETECT_WEBSOCKET_OPCODE].AppLayerTxMatch = DetectWebSocketOpcodeMatch;
- sigmatch_table[DETECT_WEBSOCKET_OPCODE].Setup = DetectWebSocketOpcodeSetup;
- sigmatch_table[DETECT_WEBSOCKET_OPCODE].Free = DetectWebSocketOpcodeFree;
-
- DetectAppLayerInspectEngineRegister("websocket.tx", ALPROTO_WEBSOCKET, SIG_FLAG_TOSERVER, 1,
- DetectEngineInspectGenericList, NULL);
- DetectAppLayerInspectEngineRegister("websocket.tx", ALPROTO_WEBSOCKET, SIG_FLAG_TOCLIENT, 1,
- DetectEngineInspectGenericList, NULL);
-
- websocket_tx_id = DetectBufferTypeGetByName("websocket.tx");
-
- sigmatch_table[DETECT_WEBSOCKET_MASK].name = "websocket.mask";
- sigmatch_table[DETECT_WEBSOCKET_MASK].desc = "match WebSocket mask";
- sigmatch_table[DETECT_WEBSOCKET_MASK].url = "/rules/websocket-keywords.html#websocket-mask";
- sigmatch_table[DETECT_WEBSOCKET_MASK].AppLayerTxMatch = DetectWebSocketMaskMatch;
- sigmatch_table[DETECT_WEBSOCKET_MASK].Setup = DetectWebSocketMaskSetup;
- sigmatch_table[DETECT_WEBSOCKET_MASK].Free = DetectWebSocketMaskFree;
-
- sigmatch_table[DETECT_WEBSOCKET_FLAGS].name = "websocket.flags";
- sigmatch_table[DETECT_WEBSOCKET_FLAGS].desc = "match WebSocket flags";
- sigmatch_table[DETECT_WEBSOCKET_FLAGS].url = "/rules/websocket-keywords.html#websocket-flags";
- sigmatch_table[DETECT_WEBSOCKET_FLAGS].AppLayerTxMatch = DetectWebSocketFlagsMatch;
- sigmatch_table[DETECT_WEBSOCKET_FLAGS].Setup = DetectWebSocketFlagsSetup;
- sigmatch_table[DETECT_WEBSOCKET_FLAGS].Free = DetectWebSocketFlagsFree;
-
- sigmatch_table[DETECT_WEBSOCKET_PAYLOAD].name = "websocket.payload";
- sigmatch_table[DETECT_WEBSOCKET_PAYLOAD].desc = "match WebSocket payload";
- sigmatch_table[DETECT_WEBSOCKET_PAYLOAD].url =
- "/rules/websocket-keywords.html#websocket-payload";
- sigmatch_table[DETECT_WEBSOCKET_PAYLOAD].Setup = DetectWebSocketPayloadSetup;
- sigmatch_table[DETECT_WEBSOCKET_PAYLOAD].flags |= SIGMATCH_NOOPT;
- DetectAppLayerInspectEngineRegister("websocket.payload", ALPROTO_WEBSOCKET, SIG_FLAG_TOSERVER,
- 0, DetectEngineInspectBufferGeneric, GetData);
- DetectAppLayerInspectEngineRegister("websocket.payload", ALPROTO_WEBSOCKET, SIG_FLAG_TOCLIENT,
- 0, DetectEngineInspectBufferGeneric, GetData);
- DetectAppLayerMpmRegister("websocket.payload", SIG_FLAG_TOSERVER, 2,
- PrefilterGenericMpmRegister, GetData, ALPROTO_WEBSOCKET, 1);
- DetectAppLayerMpmRegister("websocket.payload", SIG_FLAG_TOCLIENT, 2,
- PrefilterGenericMpmRegister, GetData, ALPROTO_WEBSOCKET, 1);
- websocket_payload_id = DetectBufferTypeGetByName("websocket.payload");
-}
+++ /dev/null
-/* Copyright (C) 2023 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * \author Philippe Antoine
- */
-
-#ifndef __DETECT_WEBSOCKET_H__
-#define __DETECT_WEBSOCKET_H__
-
-void DetectWebsocketRegister(void);
-
-#endif /* __DETECT_WEBSOCKET_H__ */
projects / thirdparty / suricata.git / commitdiff
