suricata
detect-engine-register.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2017 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #include "suricata-common.h"
25 #include "suricata.h"
26 #include "debug.h"
27 #include "detect.h"
28 #include "flow.h"
29 #include "flow-private.h"
30 #include "flow-bit.h"
31 
32 #include "detect-parse.h"
33 #include "detect-engine.h"
34 #include "detect-engine-profile.h"
35 
36 #include "detect-engine-alert.h"
37 #include "detect-engine-siggroup.h"
38 #include "detect-engine-address.h"
39 #include "detect-engine-proto.h"
40 #include "detect-engine-port.h"
41 #include "detect-engine-mpm.h"
42 #include "detect-engine-iponly.h"
43 #include "detect-engine-threshold.h"
44 #include "detect-engine-prefilter.h"
45 
46 #include "detect-engine-payload.h"
47 #include "detect-engine-dcepayload.h"
48 #include "detect-dns-query.h"
49 #include "detect-tls-sni.h"
50 #include "detect-tls-cert-fingerprint.h"
51 #include "detect-tls-cert-issuer.h"
52 #include "detect-tls-cert-subject.h"
53 #include "detect-tls-cert-serial.h"
54 #include "detect-tls-ja3-hash.h"
55 #include "detect-tls-ja3-string.h"
56 #include "detect-engine-state.h"
57 #include "detect-engine-analyzer.h"
58 
59 #include "detect-http-cookie.h"
60 #include "detect-http-method.h"
61 #include "detect-http-ua.h"
62 #include "detect-http-hh.h"
63 
64 #include "detect-nfs-procedure.h"
65 #include "detect-nfs-version.h"
66 
67 #include "detect-engine-event.h"
68 #include "decode.h"
69 
70 #include "detect-smb-share.h"
71 
72 #include "detect-base64-decode.h"
73 #include "detect-base64-data.h"
74 #include "detect-ipopts.h"
75 #include "detect-flags.h"
76 #include "detect-fragbits.h"
77 #include "detect-fragoffset.h"
78 #include "detect-gid.h"
79 #include "detect-ack.h"
80 #include "detect-seq.h"
81 #include "detect-content.h"
82 #include "detect-uricontent.h"
83 #include "detect-pcre.h"
84 #include "detect-depth.h"
85 #include "detect-nocase.h"
86 #include "detect-rawbytes.h"
87 #include "detect-bytetest.h"
88 #include "detect-bytejump.h"
89 #include "detect-sameip.h"
90 #include "detect-l3proto.h"
91 #include "detect-ipproto.h"
92 #include "detect-within.h"
93 #include "detect-distance.h"
94 #include "detect-offset.h"
95 #include "detect-sid.h"
96 #include "detect-prefilter.h"
97 #include "detect-priority.h"
98 #include "detect-classtype.h"
99 #include "detect-reference.h"
100 #include "detect-tag.h"
101 #include "detect-threshold.h"
102 #include "detect-metadata.h"
103 #include "detect-msg.h"
104 #include "detect-rev.h"
105 #include "detect-flow.h"
106 #include "detect-window.h"
107 #include "detect-ftpbounce.h"
108 #include "detect-isdataat.h"
109 #include "detect-id.h"
110 #include "detect-rpc.h"
111 #include "detect-asn1.h"
112 #include "detect-filename.h"
113 #include "detect-fileext.h"
114 #include "detect-filestore.h"
115 #include "detect-filemagic.h"
116 #include "detect-filemd5.h"
117 #include "detect-filesha1.h"
118 #include "detect-filesha256.h"
119 #include "detect-filesize.h"
120 #include "detect-dsize.h"
121 #include "detect-flowvar.h"
122 #include "detect-flowint.h"
123 #include "detect-pktvar.h"
124 #include "detect-noalert.h"
125 #include "detect-flowbits.h"
126 #include "detect-hostbits.h"
127 #include "detect-xbits.h"
128 #include "detect-csum.h"
129 #include "detect-stream_size.h"
130 #include "detect-engine-sigorder.h"
131 #include "detect-ttl.h"
132 #include "detect-fast-pattern.h"
133 #include "detect-itype.h"
134 #include "detect-icode.h"
135 #include "detect-icmp-id.h"
136 #include "detect-icmp-seq.h"
137 #include "detect-dce-iface.h"
138 #include "detect-dce-opnum.h"
139 #include "detect-dce-stub-data.h"
140 #include "detect-urilen.h"
141 #include "detect-bsize.h"
142 #include "detect-detection-filter.h"
143 #include "detect-http-client-body.h"
144 #include "detect-http-server-body.h"
145 #include "detect-http-header.h"
146 #include "detect-http-header-names.h"
147 #include "detect-http-headers.h"
148 #include "detect-http-raw-header.h"
149 #include "detect-http-uri.h"
150 #include "detect-http-protocol.h"
151 #include "detect-http-start.h"
152 #include "detect-http-stat-msg.h"
153 #include "detect-http-request-line.h"
154 #include "detect-http-response-line.h"
155 #include "detect-byte-extract.h"
156 #include "detect-file-data.h"
157 #include "detect-pkt-data.h"
158 #include "detect-replace.h"
159 #include "detect-tos.h"
160 #include "detect-app-layer-event.h"
161 #include "detect-lua.h"
162 #include "detect-iprep.h"
163 #include "detect-geoip.h"
164 #include "detect-app-layer-protocol.h"
165 #include "detect-template.h"
166 #include "detect-template2.h"
167 #include "detect-krb5-cname.h"
168 #include "detect-krb5-errcode.h"
169 #include "detect-krb5-msgtype.h"
170 #include "detect-krb5-sname.h"
171 #include "detect-target.h"
172 #include "detect-template-rust-buffer.h"
173 #include "detect-template-buffer.h"
174 #include "detect-bypass.h"
175 #include "detect-ftpdata.h"
176 #include "detect-engine-content-inspection.h"
177 
178 #include "detect-transform-compress-whitespace.h"
179 #include "detect-transform-strip-whitespace.h"
180 #include "detect-transform-md5.h"
181 #include "detect-transform-sha1.h"
182 #include "detect-transform-sha256.h"
183 
184 #include "util-rule-vars.h"
185 
186 #include "app-layer.h"
187 #include "app-layer-protos.h"
188 #include "app-layer-htp.h"
189 #include "app-layer-smtp.h"
190 #include "app-layer-template.h"
191 #include "detect-tls.h"
192 #include "detect-tls-cert-validity.h"
193 #include "detect-tls-version.h"
194 #include "detect-ssh-proto.h"
195 #include "detect-ssh-proto-version.h"
196 #include "detect-ssh-software.h"
197 #include "detect-ssh-software-version.h"
198 #include "detect-http-stat-code.h"
199 #include "detect-ssl-version.h"
200 #include "detect-ssl-state.h"
201 #include "detect-modbus.h"
202 #include "detect-cipservice.h"
203 #include "detect-dnp3.h"
204 
205 #include "action-globals.h"
206 #include "tm-threads.h"
207 
208 #include "pkt-var.h"
209 
210 #include "conf.h"
211 #include "conf-yaml-loader.h"
212 
213 #include "stream-tcp.h"
214 #include "stream-tcp-inline.h"
215 
216 #include "util-lua.h"
217 #include "util-var-name.h"
218 #include "util-classification-config.h"
219 #include "util-threshold-config.h"
220 #include "util-print.h"
221 #include "util-unittest.h"
222 #include "util-unittest-helper.h"
223 #include "util-debug.h"
224 #include "util-hashlist.h"
225 #include "util-privs.h"
226 #include "util-profiling.h"
227 #include "util-validate.h"
228 #include "util-optimize.h"
229 #include "util-path.h"
230 #include "util-mpm-ac.h"
231 #include "runmodes.h"
232 
233 static void PrintFeatureList(const SigTableElmt *e, char sep)
234 {
235  const uint16_t flags = e->flags;
236 
237  int prev = 0;
238  if (flags & SIGMATCH_NOOPT) {
239  printf("No option");
240  prev = 1;
241  }
242  if (flags & SIGMATCH_IPONLY_COMPAT) {
243  if (prev == 1)
244  printf("%c", sep);
245  printf("compatible with IP only rule");
246  prev = 1;
247  }
248  if (flags & SIGMATCH_DEONLY_COMPAT) {
249  if (prev == 1)
250  printf("%c", sep);
251  printf("compatible with decoder event only rule");
252  prev = 1;
253  }
254  if (flags & SIGMATCH_INFO_CONTENT_MODIFIER) {
255  if (prev == 1)
256  printf("%c", sep);
257  printf("content modifier");
258  prev = 1;
259  }
260  if (flags & SIGMATCH_INFO_STICKY_BUFFER) {
261  if (prev == 1)
262  printf("%c", sep);
263  printf("sticky buffer");
264  prev = 1;
265  }
266  if (e->Transform) {
267  if (prev == 1)
268  printf("%c", sep);
269  printf("transform");
270  prev = 1;
271  }
272  if (e->SupportsPrefilter) {
273  if (prev == 1)
274  printf("%c", sep);
275  printf("prefilter");
276  prev = 1;
277  }
278  if (prev == 0) {
279  printf("none");
280  }
281 }
282 
283 static void SigMultilinePrint(int i, const char *prefix)
284 {
285  if (sigmatch_table[i].desc) {
286  printf("%sDescription: %s\n", prefix, sigmatch_table[i].desc);
287  }
288  printf("%sFeatures: ", prefix);
289  PrintFeatureList(&sigmatch_table[i], ',');
290  if (sigmatch_table[i].url) {
291  printf("\n%sDocumentation: %s", prefix, sigmatch_table[i].url);
292  }
293  if (sigmatch_table[i].alternative) {
294  printf("\n%sReplaced by: %s", prefix, sigmatch_table[sigmatch_table[i].alternative].name);
295  }
296  printf("\n");
297 }
298 
299 void SigTableList(const char *keyword)
300 {
301  size_t size = sizeof(sigmatch_table) / sizeof(SigTableElmt);
302  size_t i;
303 
304  if (keyword == NULL) {
305  printf("=====Supported keywords=====\n");
306  for (i = 0; i < size; i++) {
307  const char *name = sigmatch_table[i].name;
308  if (name != NULL && strlen(name) > 0) {
309  if (name[0] == '_' || strcmp(name, "template") == 0)
310  continue;
311 
312  if (sigmatch_table[i].flags & SIGMATCH_NOT_BUILT) {
313  printf("- %s (not built-in)\n", name);
314  } else {
315  printf("- %s\n", name);
316  }
317  }
318  }
319  } else if (strcmp("csv", keyword) == 0) {
320  printf("name;description;app layer;features;documentation\n");
321  for (i = 0; i < size; i++) {
322  const char *name = sigmatch_table[i].name;
323  if (name != NULL && strlen(name) > 0) {
324  if (sigmatch_table[i].flags & SIGMATCH_NOT_BUILT) {
325  continue;
326  }
327  if (name[0] == '_' || strcmp(name, "template") == 0)
328  continue;
329 
330  printf("%s;", name);
331  if (sigmatch_table[i].desc) {
332  printf("%s", sigmatch_table[i].desc);
333  }
334  /* Build feature */
335  printf(";Unset;"); // this used to be alproto
336  PrintFeatureList(&sigmatch_table[i], ':');
337  printf(";");
338  if (sigmatch_table[i].url) {
339  printf("%s", sigmatch_table[i].url);
340  }
341  printf(";");
342  printf("\n");
343  }
344  }
345  } else if (strcmp("all", keyword) == 0) {
346  for (i = 0; i < size; i++) {
347  const char *name = sigmatch_table[i].name;
348  if (name != NULL && strlen(name) > 0) {
349  if (name[0] == '_' || strcmp(name, "template") == 0)
350  continue;
351  printf("%s:\n", sigmatch_table[i].name);
352  SigMultilinePrint(i, "\t");
353  }
354  }
355  } else {
356  for (i = 0; i < size; i++) {
357  if ((sigmatch_table[i].name != NULL) &&
358  strcmp(sigmatch_table[i].name, keyword) == 0) {
359  printf("= %s =\n", sigmatch_table[i].name);
360  if (sigmatch_table[i].flags & SIGMATCH_NOT_BUILT) {
361  printf("Not built-in\n");
362  return;
363  }
364  SigMultilinePrint(i, "");
365  return;
366  }
367  }
368  }
369  return;
370 }
371 
372 void SigTableSetup(void)
373 {
374  memset(sigmatch_table, 0, sizeof(sigmatch_table));
375 
376  DetectSidRegister();
377  DetectPriorityRegister();
378  DetectPrefilterRegister();
379  DetectRevRegister();
380  DetectClasstypeRegister();
381  DetectReferenceRegister();
382  DetectTagRegister();
383  DetectThresholdRegister();
384  DetectMetadataRegister();
385  DetectMsgRegister();
386  DetectAckRegister();
387  DetectSeqRegister();
388  DetectContentRegister();
389  DetectUricontentRegister();
390 
391  /* NOTE: the order of these currently affects inspect
392  * engine registration order and ultimately the order
393  * of inspect engines in the rule. Which in turn affects
394  * state keeping */
395  DetectHttpUriRegister();
396  DetectHttpRequestLineRegister();
397  DetectHttpClientBodyRegister();
398  DetectHttpResponseLineRegister();
399  DetectHttpServerBodyRegister();
400  DetectHttpHeaderRegister();
401  DetectHttpHeaderNamesRegister();
402  DetectHttpHeadersRegister();
403  DetectHttpProtocolRegister();
404  DetectHttpStartRegister();
405  DetectHttpRawHeaderRegister();
406  DetectHttpMethodRegister();
407  DetectHttpCookieRegister();
408 
409  DetectFilenameRegister();
410  DetectFileextRegister();
411  DetectFilestoreRegister();
412  DetectFilemagicRegister();
413  DetectFileMd5Register();
414  DetectFileSha1Register();
415  DetectFileSha256Register();
416  DetectFilesizeRegister();
417 
418  DetectHttpUARegister();
419  DetectHttpHHRegister();
420 
421  DetectHttpStatMsgRegister();
422  DetectHttpStatCodeRegister();
423 
424  DetectDnsQueryRegister();
425  DetectModbusRegister();
426  DetectCipServiceRegister();
427  DetectEnipCommandRegister();
428  DetectDNP3Register();
429 
430  DetectTlsSniRegister();
431  DetectTlsIssuerRegister();
432  DetectTlsSubjectRegister();
433  DetectTlsSerialRegister();
434  DetectTlsFingerprintRegister();
435 
436  DetectTlsJa3HashRegister();
437  DetectTlsJa3StringRegister();
438 
439  DetectAppLayerEventRegister();
440  /* end of order dependent regs */
441 
442  DetectPcreRegister();
443  DetectDepthRegister();
444  DetectNocaseRegister();
445  DetectRawbytesRegister();
446  DetectBytetestRegister();
447  DetectBytejumpRegister();
448  DetectSameipRegister();
449  DetectGeoipRegister();
450  DetectL3ProtoRegister();
451  DetectIPProtoRegister();
452  DetectWithinRegister();
453  DetectDistanceRegister();
454  DetectOffsetRegister();
455  DetectReplaceRegister();
456  DetectFlowRegister();
457  DetectWindowRegister();
458  DetectRpcRegister();
459  DetectFtpbounceRegister();
460  DetectFtpdataRegister();
461  DetectIsdataatRegister();
462  DetectIdRegister();
463  DetectDsizeRegister();
464  DetectFlowvarRegister();
465  DetectFlowintRegister();
466  DetectPktvarRegister();
467  DetectNoalertRegister();
468  DetectFlowbitsRegister();
469  DetectHostbitsRegister();
470  DetectXbitsRegister();
471  DetectEngineEventRegister();
472  DetectIpOptsRegister();
473  DetectFlagsRegister();
474  DetectFragBitsRegister();
475  DetectFragOffsetRegister();
476  DetectGidRegister();
477  DetectMarkRegister();
478  DetectCsumRegister();
479  DetectStreamSizeRegister();
480  DetectTtlRegister();
481  DetectTosRegister();
482  DetectFastPatternRegister();
483  DetectITypeRegister();
484  DetectICodeRegister();
485  DetectIcmpIdRegister();
486  DetectIcmpSeqRegister();
487  DetectDceIfaceRegister();
488  DetectDceOpnumRegister();
489  DetectDceStubDataRegister();
490  DetectSmbNamedPipeRegister();
491  DetectSmbShareRegister();
492  DetectTlsRegister();
493  DetectTlsValidityRegister();
494  DetectTlsVersionRegister();
495  DetectNfsProcedureRegister();
496  DetectNfsVersionRegister();
497  DetectUrilenRegister();
498  DetectBsizeRegister();
499  DetectDetectionFilterRegister();
500  DetectAsn1Register();
501  DetectSshProtocolRegister();
502  DetectSshVersionRegister();
503  DetectSshSoftwareRegister();
504  DetectSshSoftwareVersionRegister();
505  DetectSslStateRegister();
506  DetectSslVersionRegister();
507  DetectByteExtractRegister();
508  DetectFiledataRegister();
509  DetectPktDataRegister();
510  DetectLuaRegister();
511  DetectIPRepRegister();
512  DetectAppLayerProtocolRegister();
513  DetectBase64DecodeRegister();
514  DetectBase64DataRegister();
515  DetectTemplateRegister();
516  DetectTemplate2Register();
517  DetectKrb5CNameRegister();
518  DetectKrb5ErrCodeRegister();
519  DetectKrb5MsgTypeRegister();
520  DetectKrb5SNameRegister();
521  DetectTargetRegister();
522  DetectTemplateRustBufferRegister();
523  DetectTemplateBufferRegister();
524  DetectBypassRegister();
525 
526  DetectTransformCompressWhitespaceRegister();
527  DetectTransformStripWhitespaceRegister();
528  DetectTransformMd5Register();
529  DetectTransformSha1Register();
530  DetectTransformSha256Register();
531 
532  /* close keyword registration */
533  DetectBufferTypeCloseRegistration();
534 }
535 
536 void SigTableRegisterTests(void)
537 {
538  /* register the tests */
539  int i = 0;
540  for (i = 0; i < DETECT_TBLSIZE; i++) {
541  g_ut_modules++;
542  if (sigmatch_table[i].RegisterTests != NULL) {
543  sigmatch_table[i].RegisterTests();
544  g_ut_covered++;
545  } else {
546  SCLogDebug("detection plugin %s has no unittest "
547  "registration function.", sigmatch_table[i].name);
548 
549  if (coverage_unittests)
550  SCLogWarning(SC_WARN_NO_UNITTESTS, "detection plugin %s has no unittest "
551  "registration function.", sigmatch_table[i].name);
552  }
553  }
554 }
DetectAsn1Register
void DetectAsn1Register(void)
Registration function for asn1.
Definition: detect-asn1.c:54
DetectContentRegister
void DetectContentRegister(void)
Definition: detect-content.c:55
DetectDceIfaceRegister
void DetectDceIfaceRegister(void)
Registers the keyword handlers for the "dce_iface" keyword.
Definition: detect-dce-iface.c:76
DetectFileMd5Register
void DetectFileMd5Register(void)
Registration function for keyword: filemd5.
Definition: detect-filemd5.c:45
DetectGidRegister
void DetectGidRegister(void)
Registration function for gid: keyword.
Definition: detect-gid.c:45
DetectFastPatternRegister
void DetectFastPatternRegister(void)
Registration function for fast_pattern keyword.
Definition: detect-fast-pattern.c:161
DetectTlsSubjectRegister
void DetectTlsSubjectRegister(void)
Registration function for keyword: tls.cert_subject.
Definition: detect-tls-cert-subject.c:68
SigTableSetup
void SigTableSetup(void)
Definition: detect-engine-register.c:372
sigmatch_table
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
Definition: detect.h:1406
flags
uint16_t flags
Definition: app-layer-dns-common.h:246
DetectTlsSerialRegister
void DetectTlsSerialRegister(void)
Registration function for keyword: tls.cert_serial.
Definition: detect-tls-cert-serial.c:72
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:335
detect-content.h
DetectRawbytesRegister
void DetectRawbytesRegister(void)
Definition: detect-rawbytes.c:43
DetectTtlRegister
void DetectTtlRegister(void)
Registration function for ttl: keyword.
Definition: detect-ttl.c:60
DetectSidRegister
void DetectSidRegister(void)
Definition: detect-sid.c:38
detect-http-client-body.h
DetectDNP3Register
void DetectDNP3Register(void)
Definition: detect-dnp3.c:564
DetectHttpHeadersRegister
void DetectHttpHeadersRegister(void)
Definition: detect-http-headers.c:29
DetectSmbShareRegister
void DetectSmbShareRegister(void)
Definition: detect-smb-share.c:154
DetectRevRegister
void DetectRevRegister(void)
Definition: detect-rev.c:34
SIGMATCH_DEONLY_COMPAT
#define SIGMATCH_DEONLY_COMPAT
Definition: detect.h:1335
DetectTemplateBufferRegister
void DetectTemplateBufferRegister(void)
Definition: detect-template-buffer.c:53
DetectBytetestRegister
void DetectBytetestRegister(void)
Definition: detect-bytetest.c:71
DetectFtpdataRegister
void DetectFtpdataRegister(void)
Registration function for ftpcommand: keyword.
Definition: detect-ftpdata.c:63
DetectSeqRegister
void DetectSeqRegister(void)
Registration function for ack: keyword.
Definition: detect-seq.c:51
SigTableElmt_::SupportsPrefilter
_Bool(* SupportsPrefilter)(const Signature *s)
Definition: detect.h:1151
DetectDnsQueryRegister
void DetectDnsQueryRegister(void)
Registration function for keyword: dns_query.
Definition: detect-dns-query.c:207
DetectTemplateRustBufferRegister
void DetectTemplateRustBufferRegister(void)
Definition: detect-template-rust-buffer.c:44
DetectFlagsRegister
void DetectFlagsRegister(void)
Registration function for flags: keyword.
Definition: detect-flags.c:73
DetectFileSha1Register
void DetectFileSha1Register(void)
Registration function for keyword: filesha1.
Definition: detect-filesha1.c:46
DetectFragBitsRegister
void DetectFragBitsRegister(void)
Registration function for fragbits: keyword.
Definition: detect-fragbits.c:83
DetectRpcRegister
void DetectRpcRegister(void)
Registration function for rpc keyword.
Definition: detect-rpc.c:60
DetectTargetRegister
void DetectTargetRegister(void)
Registration function for target keyword.
Definition: detect-target.c:50
DetectBase64DecodeRegister
void DetectBase64DecodeRegister(void)
Definition: detect-base64-decode.c:39
DetectHttpRequestLineRegister
void DetectHttpRequestLineRegister(void)
Registers the keyword handlers for the "http_request_line" keyword.
Definition: detect-http-request-line.c:74
DetectDepthRegister
void DetectDepthRegister(void)
Definition: detect-depth.c:47
DetectTransformMd5Register
void DetectTransformMd5Register(void)
Definition: detect-transform-md5.c:43
DetectL3ProtoRegister
void DetectL3ProtoRegister(void)
Registration function for ip_proto keyword.
Definition: detect-l3proto.c:53
DetectDceStubDataRegister
void DetectDceStubDataRegister(void)
Registers the keyword handlers for the "dce_stub_data" keyword.
Definition: detect-dce-stub-data.c:227
SIGMATCH_INFO_CONTENT_MODIFIER
#define SIGMATCH_INFO_CONTENT_MODIFIER
Definition: detect.h:1353
g_ut_covered
int g_ut_covered
Definition: suricata.c:861
DetectSslVersionRegister
void DetectSslVersionRegister(void)
Registration function for keyword: ssl_version.
Definition: detect-ssl-version.c:74
DetectHttpHeaderRegister
void DetectHttpHeaderRegister(void)
Registers the keyword handlers for the "http_header" keyword.
Definition: detect-http-header.c:408
DetectHttpClientBodyRegister
void DetectHttpClientBodyRegister(void)
Registers the keyword handlers for the "http_client_body" keyword.
Definition: detect-http-client-body.c:79
SigTableElmt_
element in sigmatch type table.
Definition: detect.h:1130
DetectHttpStatCodeRegister
void DetectHttpStatCodeRegister(void)
Registration function for keyword: http_stat_code.
Definition: detect-http-stat-code.c:79
DetectFileextRegister
void DetectFileextRegister(void)
Registration function for keyword: fileext.
Definition: detect-fileext.c:64
SigTableElmt_::name
const char * name
Definition: detect.h:1163
DetectBufferTypeCloseRegistration
void DetectBufferTypeCloseRegistration(void)
Definition: detect-engine.c:1053
DetectHttpHeaderNamesRegister
void DetectHttpHeaderNamesRegister(void)
Registers the keyword handlers for the "http_header" keyword.
Definition: detect-http-header-names.c:373
DetectIcmpIdRegister
void DetectIcmpIdRegister(void)
Registration function for icode: icmp_id.
Definition: detect-icmp-id.c:57
DetectFlowRegister
void DetectFlowRegister(void)
Registration function for flow: keyword.
Definition: detect-flow.c:64
DetectPrefilterRegister
void DetectPrefilterRegister(void)
Definition: detect-prefilter.c:37
DetectFragOffsetRegister
void DetectFragOffsetRegister(void)
Registration function for fragoffset.
Definition: detect-fragoffset.c:59
DetectNoalertRegister
void DetectNoalertRegister(void)
Definition: detect-noalert.c:33
SigTableElmt_::Transform
void(* Transform)(InspectionBuffer *)
Definition: detect.h:1146
DetectTlsValidityRegister
void DetectTlsValidityRegister(void)
Registration function for tls validity keywords.
Definition: detect-tls-cert-validity.c:86
DetectSslStateRegister
void DetectSslStateRegister(void)
Registers the keyword handlers for the "ssl_state" keyword.
Definition: detect-ssl-state.c:80
DetectTemplateRegister
void DetectTemplateRegister(void)
Registration function for template: keyword.
Definition: detect-template.c:55
DetectIPRepRegister
void DetectIPRepRegister(void)
Definition: detect-iprep.c:61
DetectDsizeRegister
void DetectDsizeRegister(void)
Registration function for dsize: keyword.
Definition: detect-dsize.c:65
DetectIPProtoRegister
void DetectIPProtoRegister(void)
Registration function for ip_proto keyword.
Definition: detect-ipproto.c:58
DetectPcreRegister
void DetectPcreRegister(void)
Definition: detect-pcre.c:86
DetectKrb5SNameRegister
void DetectKrb5SNameRegister(void)
Definition: detect-krb5-sname.c:216
SIGMATCH_INFO_STICKY_BUFFER
#define SIGMATCH_INFO_STICKY_BUFFER
Definition: detect.h:1355
DetectUricontentRegister
void DetectUricontentRegister(void)
Registration function for uricontent: keyword.
Definition: detect-uricontent.c:68
DetectFilenameRegister
void DetectFilenameRegister(void)
Registration function for keyword: filename.
Definition: detect-filename.c:78
DetectIpOptsRegister
void DetectIpOptsRegister(void)
Registration function for ipopts: keyword.
Definition: detect-ipopts.c:55
DetectFilesizeRegister
void DetectFilesizeRegister(void)
Registration function for filesize: keyword.
Definition: detect-filesize.c:64
SIGMATCH_NOT_BUILT
#define SIGMATCH_NOT_BUILT
Definition: detect.h:1337
detect-engine-state.h
Data structures and function prototypes for keeping state for the detection engine.
DetectPktDataRegister
void DetectPktDataRegister(void)
Registration function for keyword: file_data.
Definition: detect-pkt-data.c:52
DetectOffsetRegister
void DetectOffsetRegister(void)
Definition: detect-offset.c:45
DetectITypeRegister
void DetectITypeRegister(void)
Registration function for itype: keyword.
Definition: detect-itype.c:61
SigTableRegisterTests
void SigTableRegisterTests(void)
Definition: detect-engine-register.c:536
DetectSshSoftwareRegister
void DetectSshSoftwareRegister(void)
Definition: detect-ssh-software.c:105
DetectFileSha256Register
void DetectFileSha256Register(void)
Registration function for keyword: filesha256.
Definition: detect-filesha256.c:46
DetectKrb5ErrCodeRegister
void DetectKrb5ErrCodeRegister(void)
Definition: detect-krb5-errcode.c:270
DetectPriorityRegister
void DetectPriorityRegister(void)
Registers the handler functions for the "priority" keyword.
Definition: detect-priority.c:48
DetectLuaRegister
void DetectLuaRegister(void)
Registration function for keyword: lua.
Definition: detect-lua.c:74
DetectWithinRegister
void DetectWithinRegister(void)
Definition: detect-within.c:51
DetectDetectionFilterRegister
void DetectDetectionFilterRegister(void)
Registration function for detection_filter: keyword.
Definition: detect-detection-filter.c:63
DetectBase64DataRegister
void DetectBase64DataRegister(void)
Definition: detect-base64-data.c:30
DetectFiledataRegister
void DetectFiledataRegister(void)
Registration function for keyword: file_data.
Definition: detect-file-data.c:81
DetectGeoipRegister
void DetectGeoipRegister(void)
Registration function for geoip keyword (no libgeoip support)
Definition: detect-geoip.c:52
DetectBytejumpRegister
void DetectBytejumpRegister(void)
Definition: detect-bytejump.c:70
DetectTlsFingerprintRegister
void DetectTlsFingerprintRegister(void)
Registration function for keyword: tls.cert_fingerprint.
Definition: detect-tls-cert-fingerprint.c:72
DetectAckRegister
void DetectAckRegister(void)
Registration function for ack: keyword.
Definition: detect-ack.c:54
DetectHttpUARegister
void DetectHttpUARegister(void)
Registers the keyword handlers for the "http_user_agent" keyword.
Definition: detect-http-ua.c:76
DetectDceOpnumRegister
void DetectDceOpnumRegister(void)
Registers the keyword handlers for the "dce_opnum" keyword.
Definition: detect-dce-opnum.c:71
DetectReplaceRegister
void DetectReplaceRegister(void)
Definition: detect-replace.c:69
DetectHttpResponseLineRegister
void DetectHttpResponseLineRegister(void)
Registers the keyword handlers for the "http_response_line" keyword.
Definition: detect-http-response-line.c:76
DetectHttpMethodRegister
void DetectHttpMethodRegister(void)
Registration function for keyword: http_method.
Definition: detect-http-method.c:77
DetectSshVersionRegister
void DetectSshVersionRegister(void)
Registration function for keyword: ssh.protoversion.
Definition: detect-ssh-proto-version.c:76
DetectTransformSha1Register
void DetectTransformSha1Register(void)
Definition: detect-transform-sha1.c:43
SCLogWarning
#define SCLogWarning(err_code,...)
Macro used to log WARNING messages.
Definition: util-debug.h:281
DetectNfsVersionRegister
void DetectNfsVersionRegister(void)
Definition: detect-nfs-version.c:47
DetectXbitsRegister
void DetectXbitsRegister(void)
Definition: detect-xbits.c:65
DetectTransformCompressWhitespaceRegister
void DetectTransformCompressWhitespaceRegister(void)
Definition: detect-transform-compress-whitespace.c:42
detect-stream_size.h
DetectTosRegister
void DetectTosRegister(void)
Register Tos keyword.
Definition: detect-tos.c:63
DetectHttpRawHeaderRegister
void DetectHttpRawHeaderRegister(void)
Registers the keyword handlers for the "http_raw_header" keyword.
Definition: detect-http-raw-header.c:76
DetectHttpProtocolRegister
void DetectHttpProtocolRegister(void)
Registers the keyword handlers for the "http.protocol" keyword.
Definition: detect-http-protocol.c:122
DetectHttpHHRegister
void DetectHttpHHRegister(void)
Registers the keyword handlers for the "http_host" keyword.
Definition: detect-http-hh.c:82
DetectMarkRegister
void DetectMarkRegister(void)
Registration function for nfq_set_mark: keyword.
Definition: detect-mark.c:54
DetectTlsSniRegister
void DetectTlsSniRegister(void)
Registration function for keyword: tls.sni.
Definition: detect-tls-sni.c:68
DetectTagRegister
void DetectTagRegister(void)
Registration function for keyword tag.
Definition: detect-tag.c:69
coverage_unittests
int coverage_unittests
Definition: suricata.c:859
DetectFtpbounceRegister
void DetectFtpbounceRegister(void)
Registration function for ftpbounce: keyword.
Definition: detect-ftpbounce.c:68
detect-http-server-body.h
g_ut_modules
int g_ut_modules
Definition: suricata.c:860
DetectTlsJa3HashRegister
void DetectTlsJa3HashRegister(void)
Registration function for keyword: ja3_hash.
Definition: detect-tls-ja3-hash.c:76
DetectKrb5MsgTypeRegister
void DetectKrb5MsgTypeRegister(void)
Definition: detect-krb5-msgtype.c:267
DetectEnipCommandRegister
void DetectEnipCommandRegister(void)
Registration function for enip_command: keyword.
Definition: detect-cipservice.c:304
DetectAppLayerEventRegister
void DetectAppLayerEventRegister(void)
Registers the keyword handlers for the "app-layer-event" keyword.
Definition: detect-app-layer-event.c:66
DetectCsumRegister
void DetectCsumRegister(void)
Registers handlers for all the checksum keywords. The checksum keywords that are registered are ipv4-...
Definition: detect-csum.c:128
DetectReferenceRegister
void DetectReferenceRegister(void)
Registration function for the reference: keyword.
Definition: detect-reference.c:56
DetectBsizeRegister
void DetectBsizeRegister(void)
Registration function for bsize: keyword.
Definition: detect-bsize.c:50
detect-engine-content-inspection.h
DetectTlsJa3StringRegister
void DetectTlsJa3StringRegister(void)
Registration function for keyword: ja3.string.
Definition: detect-tls-ja3-string.c:72
SIGMATCH_NOOPT
#define SIGMATCH_NOOPT
Definition: detect.h:1331
DetectHttpStatMsgRegister
void DetectHttpStatMsgRegister(void)
Registration function for keyword: http_stat_msg.
Definition: detect-http-stat-msg.c:79
DetectTlsRegister
void DetectTlsRegister(void)
Registration function for keyword: tls.version.
Definition: detect-tls.c:116
DetectHostbitsRegister
void DetectHostbitsRegister(void)
Definition: detect-hostbits.c:77
DetectMetadataRegister
void DetectMetadataRegister(void)
Definition: detect-metadata.c:40
DetectICodeRegister
void DetectICodeRegister(void)
Registration function for icode: keyword.
Definition: detect-icode.c:61
DetectAppLayerProtocolRegister
void DetectAppLayerProtocolRegister(void)
Definition: detect-app-layer-protocol.c:258
DetectFilemagicRegister
void DetectFilemagicRegister(void)
Registration function for keyword: filemagic.
Definition: detect-filemagic.c:68
DetectDistanceRegister
void DetectDistanceRegister(void)
Definition: detect-distance.c:53
DetectByteExtractRegister
void DetectByteExtractRegister(void)
Registers the keyword handlers for the "byte_extract" keyword.
Definition: detect-byte-extract.c:99
DetectBypassRegister
void DetectBypassRegister(void)
Registration function for keyword: bypass.
Definition: detect-bypass.c:61
DetectTransformSha256Register
void DetectTransformSha256Register(void)
Definition: detect-transform-sha256.c:43
DetectTlsIssuerRegister
void DetectTlsIssuerRegister(void)
Registration function for keyword: tls.cert_issuer.
Definition: detect-tls-cert-issuer.c:68
DetectTemplate2Register
void DetectTemplate2Register(void)
Registration function for template2: keyword.
Definition: detect-template2.c:56
DetectModbusRegister
void DetectModbusRegister(void)
Registration function for Modbus keyword.
Definition: detect-modbus.c:516
DetectPktvarRegister
void DetectPktvarRegister(void)
Definition: detect-pktvar.c:47
DetectHttpUriRegister
void DetectHttpUriRegister(void)
Registration function for keywords: http_uri and http.uri.
Definition: detect-http-uri.c:88
SIGMATCH_IPONLY_COMPAT
#define SIGMATCH_IPONLY_COMPAT
Definition: detect.h:1333
DetectEngineEventRegister
void DetectEngineEventRegister(void)
Registration function for decode-event: keyword.
Definition: detect-engine-event.c:62
DetectNfsProcedureRegister
void DetectNfsProcedureRegister(void)
Definition: detect-nfs-procedure.c:47
SigTableList
void SigTableList(const char *keyword)
Definition: detect-engine-register.c:299
DetectNocaseRegister
void DetectNocaseRegister(void)
Definition: detect-nocase.c:38
DetectThresholdRegister
void DetectThresholdRegister(void)
Registration function for threshold: keyword.
Definition: detect-threshold.c:76
DetectSshSoftwareVersionRegister
void DetectSshSoftwareVersionRegister(void)
Registration function for keyword: ssh.softwareversion.
Definition: detect-ssh-software-version.c:90
DetectFlowbitsRegister
void DetectFlowbitsRegister(void)
Definition: detect-flowbits.c:58
DetectTransformStripWhitespaceRegister
void DetectTransformStripWhitespaceRegister(void)
Definition: detect-transform-strip-whitespace.c:42
DetectIsdataatRegister
void DetectIsdataatRegister(void)
Registration function for isdataat: keyword.
Definition: detect-isdataat.c:67
DetectUrilenRegister
void DetectUrilenRegister(void)
Registration function for urilen: keyword.
Definition: detect-urilen.c:65
DetectHttpStartRegister
void DetectHttpStartRegister(void)
Registers the keyword handlers for the "http_header" keyword.
Definition: detect-http-start.c:297
DetectWindowRegister
void DetectWindowRegister(void)
Registration function for window: keyword.
Definition: detect-window.c:59
DetectMsgRegister
void DetectMsgRegister(void)
Definition: detect-msg.c:40
DetectKrb5CNameRegister
void DetectKrb5CNameRegister(void)
Definition: detect-krb5-cname.c:216
SigTableElmt_::flags
uint16_t flags
Definition: detect.h:1157
DetectSameipRegister
void DetectSameipRegister(void)
Registration function for sameip: keyword.
Definition: detect-sameip.c:49
DetectSshProtocolRegister
void DetectSshProtocolRegister(void)
Definition: detect-ssh-proto.c:104
DetectStreamSizeRegister
void DetectStreamSizeRegister(void)
Registration function for stream_size: keyword.
Definition: detect-stream_size.c:57
DetectTlsVersionRegister
void DetectTlsVersionRegister(void)
Registration function for keyword: tls.version.
Definition: detect-tls-version.c:73
SigTableElmt_::RegisterTests
void(* RegisterTests)(void)
Definition: detect.h:1155
DetectIcmpSeqRegister
void DetectIcmpSeqRegister(void)
Registration function for icmp_seq.
Definition: detect-icmp-seq.c:57
DetectClasstypeRegister
void DetectClasstypeRegister(void)
Registers the handler functions for the "Classtype" keyword.
Definition: detect-classtype.c:51
DetectFlowvarRegister
void DetectFlowvarRegister(void)
Definition: detect-flowvar.c:55
DetectCipServiceRegister
void DetectCipServiceRegister(void)
Registration function for cip_service: keyword.
Definition: detect-cipservice.c:50
DetectIdRegister
void DetectIdRegister(void)
Registration function for keyword: id.
Definition: detect-id.c:64
DetectFilestoreRegister
void DetectFilestoreRegister(void)
Registration function for keyword: filestore.
Definition: detect-filestore.c:75
DetectSmbNamedPipeRegister
void DetectSmbNamedPipeRegister(void)
Definition: detect-smb-share.c:98
DetectHttpServerBodyRegister
void DetectHttpServerBodyRegister(void)
Registers the keyword handlers for the "http_server_body" keyword.
Definition: detect-http-server-body.c:72
DetectFlowintRegister
void DetectFlowintRegister(void)
Definition: detect-flowint.c:62