suricata
detect-entropy.c
Go to the documentation of this file.
1 /* Copyright (C) 2024 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 #include "suricata-common.h"
19 
20 #include "detect.h"
21 #include "detect-parse.h"
22 #include "detect-engine.h"
23 #include "detect-engine-buffer.h"
24 
25 #include "detect-entropy.h"
26 
27 #include "rust.h"
28 
29 static int DetectEntropySetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
30 {
31  DetectEntropyData *ded = SCDetectEntropyParse(arg);
32  if (ded == NULL) {
33  goto error;
34  }
35 
36  int sm_list = DETECT_SM_LIST_PMATCH;
38  if (DetectBufferGetActiveList(de_ctx, s) == -1)
39  goto error;
40 
41  sm_list = s->init_data->list;
42  }
43 
44  if (SigMatchAppendSMToList(de_ctx, s, DETECT_ENTROPY, (SigMatchCtx *)ded, sm_list) != NULL) {
45  SCReturnInt(0);
46  }
47 
48  /* fall through */
49 
50 error:
51  SCLogDebug("error during entropy setup");
52  if (ded != NULL) {
53  SCDetectEntropyFree(ded);
54  }
55  SCReturnInt(-1);
56 }
57 
58 static void DetectEntropyFree(DetectEngineCtx *de_ctx, void *ptr)
59 {
60  SCDetectEntropyFree(ptr);
61 }
62 
64  const SigMatchCtx *ctx, const uint8_t *buffer, const uint32_t buffer_len)
65 {
66  return SCDetectEntropyMatch(buffer, buffer_len, (const DetectEntropyData *)ctx);
67 }
68 
70 {
71  sigmatch_table[DETECT_ENTROPY].name = "entropy";
72  sigmatch_table[DETECT_ENTROPY].desc = "calculate entropy";
73  sigmatch_table[DETECT_BYTE_EXTRACT].url = "/rules/payload-keywords.html#entropy";
74  sigmatch_table[DETECT_ENTROPY].Free = DetectEntropyFree;
75  sigmatch_table[DETECT_ENTROPY].Setup = DetectEntropySetup;
76 }
SigTableElmt_::url
const char * url
Definition: detect.h:1431
detect-engine.h
DETECT_SM_LIST_PMATCH
@ DETECT_SM_LIST_PMATCH
Definition: detect.h:118
SigTableElmt_::desc
const char * desc
Definition: detect.h:1430
sigmatch_table
SigTableElmt * sigmatch_table
Definition: detect-parse.c:155
detect-entropy.h
SigTableElmt_::Free
void(* Free)(DetectEngineCtx *, void *)
Definition: detect.h:1418
SigTableElmt_::name
const char * name
Definition: detect.h:1428
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
DetectEntropyDoMatch
bool DetectEntropyDoMatch(DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchCtx *ctx, const uint8_t *buffer, const uint32_t buffer_len)
Definition: detect-entropy.c:63
ctx
struct Thresholds ctx
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:931
DETECT_ENTROPY
@ DETECT_ENTROPY
Definition: detect-engine-register.h:96
rust.h
SigTableElmt_::Setup
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Definition: detect.h:1413
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:18
DetectEngineThreadCtx_
Definition: detect.h:1223
SignatureInitData_::list
int list
Definition: detect.h:630
detect.h
Signature_::init_data
SignatureInitData * init_data
Definition: detect.h:749
SigMatchCtx_
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
Definition: detect.h:351
DETECT_SM_LIST_NOTSET
#define DETECT_SM_LIST_NOTSET
Definition: detect.h:143
suricata-common.h
detect-engine-buffer.h
DetectEntropyRegister
void DetectEntropyRegister(void)
Definition: detect-entropy.c:69
DETECT_BYTE_EXTRACT
@ DETECT_BYTE_EXTRACT
Definition: detect-engine-register.h:85
detect-parse.h
Signature_
Signature container.
Definition: detect.h:670
SigMatchAppendSMToList
SigMatch * SigMatchAppendSMToList(DetectEngineCtx *de_ctx, Signature *s, uint16_t type, SigMatchCtx *ctx, const int list)
Append a SigMatch to the list type.
Definition: detect-parse.c:464
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:275
DetectBufferGetActiveList
int DetectBufferGetActiveList(DetectEngineCtx *de_ctx, Signature *s)
Definition: detect-engine-buffer.c:109