Go to the documentation of this file.
66 static void DetectHttpRequestLineRegisterTests(
void);
70 Flow *_f,
const uint8_t _flow_flags,
71 void *txv,
const int list_id);
72 static int g_http_request_line_buffer_id = 0;
83 const uint8_t *b = NULL;
85 if (SCHttp2TxGetRequestLine(txv, &b, &b_len) != 1)
87 if (b == NULL || b_len == 0)
104 "sticky buffer to match on the HTTP request line";
125 "http request line");
156 Flow *_f,
const uint8_t _flow_flags,
157 void *txv,
const int list_id)
161 htp_tx_t *tx = (htp_tx_t *)txv;
162 if (
unlikely(htp_tx_request_line(tx) == NULL)) {
165 const uint32_t data_len = (uint32_t)bstr_len(htp_tx_request_line(tx));
166 const uint8_t *data = bstr_ptr(htp_tx_request_line(tx));
169 det_ctx, list_id, buffer, data, data_len, transforms);
184 static int DetectHttpRequestLineTest01(
void)
191 "(http_request_line; content:\"GET /\"; sid:1;)");
198 static void DetectHttpRequestLineRegisterTests(
void)
200 UtRegisterTest(
"DetectHttpRequestLineTest01", DetectHttpRequestLineTest01);
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
#define SIGMATCH_INFO_STICKY_BUFFER
SigTableElmt * sigmatch_table
uint8_t DetectEngineInspectBufferGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
void InspectionBufferSetupAndApplyTransforms(DetectEngineThreadCtx *det_ctx, const int list_id, InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len, const DetectEngineTransforms *transforms)
setup the buffer with our initial data
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
main detection engine ctx
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
int SCDetectBufferSetActiveList(DetectEngineCtx *de_ctx, Signature *s, const int list)
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
InspectionBuffer * InspectionBufferGet(DetectEngineThreadCtx *det_ctx, const int list_id)
int DetectBufferTypeGetByName(const char *name)
#define SIG_FLAG_TOSERVER
#define PASS
Pass the test.
@ DETECT_HTTP_REQUEST_LINE
int PrefilterGenericMpmRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
Signature * SigInit(DetectEngineCtx *de_ctx, const char *sigstr)
Parses a signature and adds it to the Detection Engine Context.
void DetectAppLayerMpmRegister(const char *name, int direction, int priority, PrefilterRegisterFunc PrefilterRegister, InspectionBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress)
register an app layer keyword for mpm
Data structures and function prototypes for keeping state for the detection engine.
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
void DetectHttpRequestLineRegister(void)
Registers the keyword handlers for the "http_request_line" keyword.
DetectEngineCtx * DetectEngineCtxInit(void)
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr Callback, InspectionBufferGetDataPtr GetData)
Registers an app inspection engine.
void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc)
void(* RegisterTests)(void)