Go to the documentation of this file.
62 #define PARSE_REGEX "^\\s*([A-z_]+)\\s*\\s*([A-z_]+)\\s*(?:,\\s*([A-z_]+)\\s+([A-z_]+))?\\s*(?:,\\s*([A-z_]+)\\s+([A-z_]+))?$"
71 static void DetectConfigRegisterTests(
void);
89 static void ConfigApplyTx(
Flow *f,
99 SCLogDebug(
"tx %p txd %p: log_flags %x", tx, txd, txd->config.log_flags);
100 txd->config.log_flags |=
BIT_U8(config->
type);
108 AppLayerTxConfig req;
109 memset(&req, 0,
sizeof(req));
125 bool this_tx =
false;
126 bool this_flow =
false;
128 switch (config->
scope) {
139 ConfigApplyTx(p->
flow, det_ctx->
tx_id, config);
140 }
else if (this_flow) {
152 ConfigApply(det_ctx, p, config);
173 int ret = 0,
res = 0;
179 "filestore can't work with bypass keyword");
188 if (
str == NULL || strlen(
str) == 0) {
205 pcre2len =
sizeof(subsys);
206 res = pcre2_substring_copy_bynumber(parse_regex.
match, 1, (PCRE2_UCHAR8 *)subsys, &pcre2len);
212 if (strcmp(subsys,
"logging") != 0) {
218 pcre2len =
sizeof(state);
219 res = pcre2_substring_copy_bynumber(parse_regex.
match, 2, (PCRE2_UCHAR8 *)state, &pcre2len);
225 if (strcmp(state,
"disable") != 0) {
231 pcre2len =
sizeof(
type);
232 res = pcre2_substring_copy_bynumber(parse_regex.
match, 3, (PCRE2_UCHAR8 *)
type, &pcre2len);
238 if (strcmp(
type,
"type") != 0) {
244 pcre2len =
sizeof(typeval);
245 res = pcre2_substring_copy_bynumber(parse_regex.
match, 4, (PCRE2_UCHAR8 *)typeval, &pcre2len);
251 if (!(strcmp(typeval,
"tx") == 0 ||strcmp(typeval,
"flow") == 0)) {
257 pcre2len =
sizeof(scope);
258 res = pcre2_substring_copy_bynumber(parse_regex.
match, 5, (PCRE2_UCHAR8 *)scope, &pcre2len);
264 if (strcmp(scope,
"scope") != 0) {
270 pcre2len =
sizeof(scopeval);
271 res = pcre2_substring_copy_bynumber(parse_regex.
match, 6, (PCRE2_UCHAR8 *)scopeval, &pcre2len);
277 if (!(strcmp(scopeval,
"tx") == 0 ||strcmp(scopeval,
"flow") == 0)) {
287 if (strcmp(typeval,
"tx") == 0) {
290 if (strcmp(scopeval,
"tx") == 0) {
322 static int DetectConfigTest01(
void)
328 "config dns any any -> any any ("
329 "dns.query; content:\"common.domain.com\"; "
330 "config:logging disable, type tx, scope tx; "
337 void DetectConfigRegisterTests(
void)
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
int DetectParsePcreExec(DetectParseRegex *parse_regex, const char *str, int start_offset, int options)
void DetectConfigRegister(void)
Registration function for keyword: filestore.
void(* Free)(DetectEngineCtx *, void *)
void AppLayerParserApplyTxConfig(uint8_t ipproto, AppProto alproto, void *state, void *tx, enum ConfigAction mode, AppLayerTxConfig config)
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
@ SC_ERR_INVALID_RULE_ARGUMENT
#define PARSE_REGEX
Regex for parsing our flow options.
main detection engine ctx
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
uint32_t AppLayerParserGetOptionFlags(uint8_t protomap, AppProto alproto)
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
#define SIG_FLAG_APPLAYER
@ DETECT_SM_LIST_POSTMATCH
#define PASS
Pass the test.
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *detect_parse)
@ SC_ERR_PCRE_COPY_SUBSTRING
#define APP_LAYER_PARSER_OPT_UNIDIR_TXS
Data structures and function prototypes for keeping state for the detection engine.
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
SigMatch * SigMatchAlloc(void)
void * AppLayerParserGetTx(uint8_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id)
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
Signature * DetectEngineAppendSig(DetectEngineCtx *de_ctx, const char *sigstr)
Parse and append a Signature into the Detection Engine Context signature list.
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
AppLayerTxData * AppLayerParserGetTxData(uint8_t ipproto, AppProto alproto, void *tx)
a single match condition for a signature
DetectEngineCtx * DetectEngineCtxInit(void)
AppProto alproto
application level protocol
void SigMatchAppendSMToList(Signature *s, SigMatch *new, int list)
Append a SigMatch to the list type.
void(* RegisterTests)(void)
@ SC_ERR_CONFLICTING_RULE_KEYWORDS