#include "detect-engine-register.h"
#include "detect-engine-buffer.h"
#include "detect-engine-helper.h"
+#include "detect-parse.h"
#include "conf.h"
#include "detect-parse.h"
#include "detect-engine.h"
#include "detect-engine-buffer.h"
+#include "detect-engine-mpm.h"
#include "detect-engine-prefilter.h"
#include "detect-engine-content-inspection.h"
#include "detect-dns-response.h"
int PrefilterMpmFiledataRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx,
const DetectBufferMpmRegistry *mpm_reg, int list_id);
+// file protocols with common file handling
+typedef struct {
+ AppProto alproto;
+ int direction;
+ int to_client_progress;
+ int to_server_progress;
+} DetectFileHandlerProtocol_t;
+
+/* Table with all filehandler registrations */
+DetectFileHandlerTableElmt filehandler_table[DETECT_TBLSIZE_STATIC];
+
+#define ALPROTO_WITHFILES_MAX 16
+
+// file protocols with common file handling
+DetectFileHandlerProtocol_t al_protocols[ALPROTO_WITHFILES_MAX] = {
+ { .alproto = ALPROTO_NFS, .direction = SIG_FLAG_TOSERVER | SIG_FLAG_TOCLIENT },
+ { .alproto = ALPROTO_SMB, .direction = SIG_FLAG_TOSERVER | SIG_FLAG_TOCLIENT },
+ { .alproto = ALPROTO_FTP, .direction = SIG_FLAG_TOSERVER | SIG_FLAG_TOCLIENT },
+ { .alproto = ALPROTO_FTPDATA, .direction = SIG_FLAG_TOSERVER | SIG_FLAG_TOCLIENT },
+ { .alproto = ALPROTO_HTTP1,
+ .direction = SIG_FLAG_TOSERVER | SIG_FLAG_TOCLIENT,
+ .to_client_progress = HTP_RESPONSE_PROGRESS_BODY,
+ .to_server_progress = HTP_REQUEST_PROGRESS_BODY },
+ { .alproto = ALPROTO_HTTP2,
+ .direction = SIG_FLAG_TOSERVER | SIG_FLAG_TOCLIENT,
+ .to_client_progress = HTTP2StateDataServer,
+ .to_server_progress = HTTP2StateDataClient },
+ { .alproto = ALPROTO_SMTP, .direction = SIG_FLAG_TOSERVER }, { .alproto = ALPROTO_UNKNOWN }
+};
+
+void DetectFileRegisterProto(
+ AppProto alproto, int direction, int to_client_progress, int to_server_progress)
+{
+ size_t i = 0;
+ while (i < ALPROTO_WITHFILES_MAX && al_protocols[i].alproto != ALPROTO_UNKNOWN) {
+ i++;
+ }
+ if (i == ALPROTO_WITHFILES_MAX) {
+ return;
+ }
+ al_protocols[i].alproto = alproto;
+ al_protocols[i].direction = direction;
+ al_protocols[i].to_client_progress = to_client_progress;
+ al_protocols[i].to_server_progress = to_server_progress;
+ if (i + 1 < ALPROTO_WITHFILES_MAX) {
+ al_protocols[i + 1].alproto = ALPROTO_UNKNOWN;
+ }
+}
+
+void DetectFileRegisterFileProtocols(DetectFileHandlerTableElmt *reg)
+{
+ for (size_t i = 0; i < g_alproto_max; i++) {
+ if (al_protocols[i].alproto == ALPROTO_UNKNOWN) {
+ break;
+ }
+ int direction = al_protocols[i].direction == 0
+ ? (int)(SIG_FLAG_TOSERVER | SIG_FLAG_TOCLIENT)
+ : al_protocols[i].direction;
+
+ if (direction & SIG_FLAG_TOCLIENT) {
+ DetectAppLayerMpmRegister(reg->name, SIG_FLAG_TOCLIENT, reg->priority, reg->PrefilterFn,
+ reg->GetData, al_protocols[i].alproto, al_protocols[i].to_client_progress);
+ DetectAppLayerInspectEngineRegister(reg->name, al_protocols[i].alproto,
+ SIG_FLAG_TOCLIENT, al_protocols[i].to_client_progress, reg->Callback,
+ reg->GetData);
+ }
+ if (direction & SIG_FLAG_TOSERVER) {
+ DetectAppLayerMpmRegister(reg->name, SIG_FLAG_TOSERVER, reg->priority, reg->PrefilterFn,
+ reg->GetData, al_protocols[i].alproto, al_protocols[i].to_server_progress);
+ DetectAppLayerInspectEngineRegister(reg->name, al_protocols[i].alproto,
+ SIG_FLAG_TOSERVER, al_protocols[i].to_server_progress, reg->Callback,
+ reg->GetData);
+ }
+ }
+}
+
/**
* \brief Registration function for keyword: file_data
*/
/* prototypes */
void DetectFiledataRegister (void);
+/* File handler registration */
+#define MAX_DETECT_ALPROTO_CNT 10
+typedef struct DetectFileHandlerTableElmt_ {
+ const char *name;
+ int priority;
+ PrefilterRegisterFunc PrefilterFn;
+ InspectEngineFuncPtr Callback;
+ InspectionBufferGetDataPtr GetData;
+ int al_protocols[MAX_DETECT_ALPROTO_CNT];
+ int tx_progress;
+ int progress;
+} DetectFileHandlerTableElmt;
+void DetectFileRegisterFileProtocols(DetectFileHandlerTableElmt *entry);
+
+/* File registration table */
+extern DetectFileHandlerTableElmt filehandler_table[DETECT_TBLSIZE_STATIC];
+
typedef struct PrefilterMpmFiledata {
int list_id;
int base_list_id;
#include "action-globals.h"
#include "util-validate.h"
-// file protocols with common file handling
-typedef struct {
- AppProto alproto;
- int direction;
- int to_client_progress;
- int to_server_progress;
-} DetectFileHandlerProtocol_t;
-
-/* Table with all filehandler registrations */
-DetectFileHandlerTableElmt filehandler_table[DETECT_TBLSIZE_STATIC];
-
-#define ALPROTO_WITHFILES_MAX 16
-
-// file protocols with common file handling
-DetectFileHandlerProtocol_t al_protocols[ALPROTO_WITHFILES_MAX] = {
- { .alproto = ALPROTO_NFS, .direction = SIG_FLAG_TOSERVER | SIG_FLAG_TOCLIENT },
- { .alproto = ALPROTO_SMB, .direction = SIG_FLAG_TOSERVER | SIG_FLAG_TOCLIENT },
- { .alproto = ALPROTO_FTP, .direction = SIG_FLAG_TOSERVER | SIG_FLAG_TOCLIENT },
- { .alproto = ALPROTO_FTPDATA, .direction = SIG_FLAG_TOSERVER | SIG_FLAG_TOCLIENT },
- { .alproto = ALPROTO_HTTP1,
- .direction = SIG_FLAG_TOSERVER | SIG_FLAG_TOCLIENT,
- .to_client_progress = HTP_RESPONSE_PROGRESS_BODY,
- .to_server_progress = HTP_REQUEST_PROGRESS_BODY },
- { .alproto = ALPROTO_HTTP2,
- .direction = SIG_FLAG_TOSERVER | SIG_FLAG_TOCLIENT,
- .to_client_progress = HTTP2StateDataServer,
- .to_server_progress = HTTP2StateDataClient },
- { .alproto = ALPROTO_SMTP, .direction = SIG_FLAG_TOSERVER }, { .alproto = ALPROTO_UNKNOWN }
-};
-
-void DetectFileRegisterProto(
- AppProto alproto, int direction, int to_client_progress, int to_server_progress)
-{
- size_t i = 0;
- while (i < ALPROTO_WITHFILES_MAX && al_protocols[i].alproto != ALPROTO_UNKNOWN) {
- i++;
- }
- if (i == ALPROTO_WITHFILES_MAX) {
- return;
- }
- al_protocols[i].alproto = alproto;
- al_protocols[i].direction = direction;
- al_protocols[i].to_client_progress = to_client_progress;
- al_protocols[i].to_server_progress = to_server_progress;
- if (i + 1 < ALPROTO_WITHFILES_MAX) {
- al_protocols[i + 1].alproto = ALPROTO_UNKNOWN;
- }
-}
-
-void DetectFileRegisterFileProtocols(DetectFileHandlerTableElmt *reg)
-{
- for (size_t i = 0; i < g_alproto_max; i++) {
- if (al_protocols[i].alproto == ALPROTO_UNKNOWN) {
- break;
- }
- int direction = al_protocols[i].direction == 0
- ? (int)(SIG_FLAG_TOSERVER | SIG_FLAG_TOCLIENT)
- : al_protocols[i].direction;
-
- if (direction & SIG_FLAG_TOCLIENT) {
- DetectAppLayerMpmRegister(reg->name, SIG_FLAG_TOCLIENT, reg->priority, reg->PrefilterFn,
- reg->GetData, al_protocols[i].alproto, al_protocols[i].to_client_progress);
- DetectAppLayerInspectEngineRegister(reg->name, al_protocols[i].alproto,
- SIG_FLAG_TOCLIENT, al_protocols[i].to_client_progress, reg->Callback,
- reg->GetData);
- }
- if (direction & SIG_FLAG_TOSERVER) {
- DetectAppLayerMpmRegister(reg->name, SIG_FLAG_TOSERVER, reg->priority, reg->PrefilterFn,
- reg->GetData, al_protocols[i].alproto, al_protocols[i].to_server_progress);
- DetectAppLayerInspectEngineRegister(reg->name, al_protocols[i].alproto,
- SIG_FLAG_TOSERVER, al_protocols[i].to_server_progress, reg->Callback,
- reg->GetData);
- }
- }
-}
-
/* Table with all SigMatch registrations */
SigTableElmt *sigmatch_table = NULL;
#ifndef SURICATA_DETECT_PARSE_H
#define SURICATA_DETECT_PARSE_H
-#include "detect.h"
-#include "detect-engine-mpm.h"
-
-/* File handler registration */
-#define MAX_DETECT_ALPROTO_CNT 10
-typedef struct DetectFileHandlerTableElmt_ {
- const char *name;
- int priority;
- PrefilterRegisterFunc PrefilterFn;
- InspectEngineFuncPtr Callback;
- InspectionBufferGetDataPtr GetData;
- int al_protocols[MAX_DETECT_ALPROTO_CNT];
- int tx_progress;
- int progress;
-} DetectFileHandlerTableElmt;
-void DetectFileRegisterFileProtocols(DetectFileHandlerTableElmt *entry);
-
-/* File registration table */
-extern DetectFileHandlerTableElmt filehandler_table[DETECT_TBLSIZE_STATIC];
+#include "app-layer-protos.h"
+#include "detect-engine-register.h"
+// types from detect.h with only forward declarations for bindgen
+typedef struct DetectEngineCtx_ DetectEngineCtx;
+typedef struct Signature_ Signature;
+typedef struct SigMatchCtx_ SigMatchCtx;
+typedef struct SigMatch_ SigMatch;
+typedef struct SigMatchData_ SigMatchData;
/** Flags to indicate if the Signature parsing must be done
* switching the source and dest (for ip addresses and ports)
SIG_DIREC_DST
};
-typedef struct DetectParseRegex {
- pcre2_code *regex;
- pcre2_match_context *context;
- struct DetectParseRegex *next;
-} DetectParseRegex;
-
/* prototypes */
int SignatureInitDataBufferCheckExpand(Signature *s);
Signature *SigAlloc(void);
/* parse regex setup and free util funcs */
+#ifndef SURICATA_BINDGEN_H
+typedef struct DetectParseRegex {
+ pcre2_code *regex;
+ pcre2_match_context *context;
+ struct DetectParseRegex *next;
+} DetectParseRegex;
+
DetectParseRegex *DetectSetupPCRE2(const char *parse_str, int opts);
bool DetectSetupParseRegexesOpts(const char *parse_str, DetectParseRegex *parse_regex, int opts);
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *parse_regex);
pcre2_match_data *match_data, uint32_t number, PCRE2_UCHAR *buffer, PCRE2_SIZE *bufflen);
int SC_Pcre2SubstringGet(pcre2_match_data *match_data, uint32_t number, PCRE2_UCHAR **bufferptr,
PCRE2_SIZE *bufflen);
+#endif
void DetectRegisterAppLayerHookLists(void);
#include "detect-engine-buffer.h"
#include "detect-engine-content-inspection.h"
#include "detect-engine-helper.h"
+#include "detect-engine-mpm.h"
#include "detect-engine-prefilter.h"
#include "detect-parse.h"
#include "app-layer-smtp.h"
projects / thirdparty / suricata.git / commitdiff
