Go to the documentation of this file.
66 char buffer_name[512] =
"";
70 if (!(is_tcp || is_udp)) {
75 char *dot = strchr(value,
'.');
78 const char *val = dot ? dot : value;
79 const char *
proto = dot ? value : NULL;
81 bool is_short =
false;
87 if (!AppProtoIsValid(keyword_alproto)) {
89 keyword_alproto = rule_alproto;
93 keyword_alproto = rule_alproto;
98 "rule protocol unknown, can't use shorthand notation for frame '%s'",
str);
103 }
else if (!AppProtoEquals(rule_alproto, keyword_alproto)) {
105 "frame '%s' protocol '%s' mismatch with rule protocol '%s'",
str,
110 const char *frame_str = is_short ?
str : val;
111 int raw_frame_type = -1;
114 if (is_udp && raw_frame_type < 0)
116 if (raw_frame_type < 0) {
121 BUG_ON(raw_frame_type >= UINT8_MAX);
127 strlcpy(buffer_name,
str,
sizeof(buffer_name));
131 uint8_t frame_type = (uint8_t)raw_frame_type;
146 static int DetectFrameTestBadRules(
void)
151 const char *sigs[] = {
152 "alert tcp-pkt any any -> any any (frame:tls.pdu; content:\"a\"; sid:1;)",
153 "alert udp any any -> any any (frame:tls.pdu; content:\"a\"; sid:2;)",
154 "alert smb any any -> any any (frame:tls.pdu; content:\"a\"; sid:3;)",
155 "alert tcp any any -> any any (frame:tls; content:\"a\"; sid:4;)",
156 "alert tls any any -> any any (content:\"abc\"; frame:tls.pdu; content:\"a\"; sid:5;)",
157 "alert tls any any -> any any (tls.version:1.0; frame:tls.pdu; content:\"a\"; sid:6;)",
158 "alert tls any any -> any any (frame:smb1.pdu; content:\"a\"; sid:7;)",
162 const char **sig = sigs;
174 static void DetectFrameRegisterTests(
void)
176 UtRegisterTest(
"DetectFrameTestBadRules", DetectFrameTestBadRules);
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
#define SIGMATCH_INFO_STICKY_BUFFER
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
@ SC_ERR_INVALID_RULE_ARGUMENT
const char * AppProtoToString(AppProto alproto)
Maps the ALPROTO_*, to its string equivalent.
main detection engine ctx
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
#define SIG_FLAG_TOCLIENT
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
size_t strlcpy(char *dst, const char *src, size_t siz)
#define SIG_FLAG_TOSERVER
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
#define PASS
Pass the test.
AppProto StringToAppProto(const char *proto_name)
Maps a string to its ALPROTO_* equivalent.
int DetectEngineBufferTypeRegisterWithFrameEngines(DetectEngineCtx *de_ctx, const char *name, const int direction, const AppProto alproto, const uint8_t frame_type)
Signature * DetectEngineAppendSig(DetectEngineCtx *de_ctx, const char *sigstr)
Parse and append a Signature into the Detection Engine Context signature list.
int AppLayerParserGetFrameIdByName(uint8_t ipproto, AppProto alproto, const char *name)
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
DetectEngineCtx * DetectEngineCtxInit(void)
int DetectBufferSetActiveList(Signature *s, const int list)
void(* RegisterTests)(void)
int DetectProtoContainsProto(const DetectProto *dp, int proto)
see if a DetectProto contains a certain proto
void DetectFrameRegister(void)
Registration function for keyword: ja3_hash.