suricata
detect-http2.c
Go to the documentation of this file.
1 /* Copyright (C) 2020-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Philippe Antoine <p.antoine@catenacyber.fr>
22  *
23  */
24 
25 #include "suricata-common.h"
26 
27 #include "detect.h"
28 #include "detect-parse.h"
29 #include "detect-content.h"
30 
31 #include "detect-engine.h"
32 #include "detect-engine-buffer.h"
33 #include "detect-engine-uint.h"
34 #include "detect-engine-mpm.h"
37 #include "detect-engine-helper.h"
38 
39 #include "detect-http2.h"
40 #include "util-byte.h"
41 #include "rust.h"
42 #include "util-profiling.h"
43 
44 #ifdef UNITTESTS
51 #endif
52 
53 /* prototypes */
54 static int DetectHTTP2frametypeMatch(DetectEngineThreadCtx *det_ctx,
55  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
56  const SigMatchCtx *ctx);
57 static int DetectHTTP2frametypeSetup (DetectEngineCtx *, Signature *, const char *);
59 
60 static int DetectHTTP2errorcodeMatch(DetectEngineThreadCtx *det_ctx,
61  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
62  const SigMatchCtx *ctx);
63 static int DetectHTTP2errorcodeSetup (DetectEngineCtx *, Signature *, const char *);
65 
66 static int DetectHTTP2priorityMatch(DetectEngineThreadCtx *det_ctx,
67  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
68  const SigMatchCtx *ctx);
69 static int DetectHTTP2prioritySetup (DetectEngineCtx *, Signature *, const char *);
71 
72 static int DetectHTTP2windowMatch(DetectEngineThreadCtx *det_ctx,
73  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
74  const SigMatchCtx *ctx);
75 static int DetectHTTP2windowSetup (DetectEngineCtx *, Signature *, const char *);
76 void DetectHTTP2windowFree (DetectEngineCtx *, void *);
77 
78 static int DetectHTTP2sizeUpdateMatch(DetectEngineThreadCtx *det_ctx,
79  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
80  const SigMatchCtx *ctx);
81 static int DetectHTTP2sizeUpdateSetup (DetectEngineCtx *, Signature *, const char *);
83 
84 static int DetectHTTP2settingsMatch(DetectEngineThreadCtx *det_ctx,
85  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
86  const SigMatchCtx *ctx);
87 static int DetectHTTP2settingsSetup (DetectEngineCtx *, Signature *, const char *);
89 
90 static int DetectHTTP2headerNameSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg);
91 
92 #ifdef UNITTESTS
94 #endif
95 
96 static int g_http2_match_buffer_id = 0;
97 static int g_http2_complete_buffer_id = 0;
98 static int g_http2_header_name_buffer_id = 0;
99 
100 /**
101  * \brief Registration function for HTTP2 keywords
102  */
103 
105 {
106  sigmatch_table[DETECT_HTTP2_FRAMETYPE].name = "http2.frametype";
107  sigmatch_table[DETECT_HTTP2_FRAMETYPE].desc = "match on HTTP2 frame type field";
108  sigmatch_table[DETECT_HTTP2_FRAMETYPE].url = "/rules/http2-keywords.html#frametype";
110  sigmatch_table[DETECT_HTTP2_FRAMETYPE].AppLayerTxMatch = DetectHTTP2frametypeMatch;
111  sigmatch_table[DETECT_HTTP2_FRAMETYPE].Setup = DetectHTTP2frametypeSetup;
113 #ifdef UNITTESTS
115 #endif
116 
117  sigmatch_table[DETECT_HTTP2_ERRORCODE].name = "http2.errorcode";
118  sigmatch_table[DETECT_HTTP2_ERRORCODE].desc = "match on HTTP2 error code field";
119  sigmatch_table[DETECT_HTTP2_ERRORCODE].url = "/rules/http2-keywords.html#errorcode";
121  sigmatch_table[DETECT_HTTP2_ERRORCODE].AppLayerTxMatch = DetectHTTP2errorcodeMatch;
122  sigmatch_table[DETECT_HTTP2_ERRORCODE].Setup = DetectHTTP2errorcodeSetup;
124 #ifdef UNITTESTS
126 #endif
127 
128  sigmatch_table[DETECT_HTTP2_PRIORITY].name = "http2.priority";
129  sigmatch_table[DETECT_HTTP2_PRIORITY].desc = "match on HTTP2 priority weight field";
130  sigmatch_table[DETECT_HTTP2_PRIORITY].url = "/rules/http2-keywords.html#priority";
132  sigmatch_table[DETECT_HTTP2_PRIORITY].AppLayerTxMatch = DetectHTTP2priorityMatch;
133  sigmatch_table[DETECT_HTTP2_PRIORITY].Setup = DetectHTTP2prioritySetup;
137 #ifdef UNITTESTS
139 #endif
140 
141  sigmatch_table[DETECT_HTTP2_WINDOW].name = "http2.window";
142  sigmatch_table[DETECT_HTTP2_WINDOW].desc = "match on HTTP2 window update size increment field";
143  sigmatch_table[DETECT_HTTP2_WINDOW].url = "/rules/http2-keywords.html#window";
145  sigmatch_table[DETECT_HTTP2_WINDOW].AppLayerTxMatch = DetectHTTP2windowMatch;
146  sigmatch_table[DETECT_HTTP2_WINDOW].Setup = DetectHTTP2windowSetup;
149 #ifdef UNITTESTS
151 #endif
152 
153  sigmatch_table[DETECT_HTTP2_SIZEUPDATE].name = "http2.size_update";
154  sigmatch_table[DETECT_HTTP2_SIZEUPDATE].desc = "match on HTTP2 dynamic headers table size update";
155  sigmatch_table[DETECT_HTTP2_SIZEUPDATE].url = "/rules/http2-keywords.html#sizeupdate";
157  sigmatch_table[DETECT_HTTP2_SIZEUPDATE].AppLayerTxMatch = DetectHTTP2sizeUpdateMatch;
158  sigmatch_table[DETECT_HTTP2_SIZEUPDATE].Setup = DetectHTTP2sizeUpdateSetup;
161 #ifdef UNITTESTS
163 #endif
164 
165  sigmatch_table[DETECT_HTTP2_SETTINGS].name = "http2.settings";
166  sigmatch_table[DETECT_HTTP2_SETTINGS].desc = "match on HTTP2 settings identifier and value fields";
167  sigmatch_table[DETECT_HTTP2_SETTINGS].url = "/rules/http2-keywords.html#settings";
169  sigmatch_table[DETECT_HTTP2_SETTINGS].AppLayerTxMatch = DetectHTTP2settingsMatch;
170  sigmatch_table[DETECT_HTTP2_SETTINGS].Setup = DetectHTTP2settingsSetup;
172 #ifdef UNITTESTS
174 #endif
175 
176  sigmatch_table[DETECT_HTTP2_HEADERNAME].name = "http2.header_name";
177  sigmatch_table[DETECT_HTTP2_HEADERNAME].desc = "sticky buffer to match on one HTTP2 header name";
178  sigmatch_table[DETECT_HTTP2_HEADERNAME].url = "/rules/http2-keywords.html#header_name";
179  sigmatch_table[DETECT_HTTP2_HEADERNAME].Setup = DetectHTTP2headerNameSetup;
182 
184  HTTP2StateOpen, SCHttp2TxGetHeaderName, 2);
186  HTTP2StateOpen, SCHttp2TxGetHeaderName, 2);
187 
188  DetectBufferTypeSupportsMultiInstance("http2_header_name");
189  DetectBufferTypeSetDescriptionByName("http2_header_name",
190  "HTTP2 header name");
191  g_http2_header_name_buffer_id = DetectBufferTypeGetByName("http2_header_name");
192 
197 
198  g_http2_match_buffer_id = DetectBufferTypeRegister("http2");
199 
201  HTTP2StateClosed, DetectEngineInspectGenericList, NULL);
203  HTTP2StateClosed, DetectEngineInspectGenericList, NULL);
204 
205  g_http2_complete_buffer_id = DetectBufferTypeRegister("http2_complete");
206 }
207 
208 /**
209  * \brief This function is used to match HTTP2 frame type rule option on a transaction with those passed via http2.frametype:
210  *
211  * \retval 0 no match
212  * \retval 1 match
213  */
214 static int DetectHTTP2frametypeMatch(DetectEngineThreadCtx *det_ctx,
215  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
216  const SigMatchCtx *ctx)
217 
218 {
219  uint8_t *detect = (uint8_t *)ctx;
220 
221  return SCHttp2TxHasFrametype(txv, flags, *detect);
222 }
223 
224 static int DetectHTTP2FuncParseFrameType(const char *str, uint8_t *ft)
225 {
226  // first parse numeric value
227  if (ByteExtractStringUint8(ft, 10, (uint16_t)strlen(str), str) > 0) {
228  return 1;
229  }
230 
231  // it it failed so far, parse string value from enumeration
232  int r = SCHttp2ParseFrametype(str);
233  if (r >= 0 && r <= UINT8_MAX) {
234  *ft = (uint8_t)r;
235  return 1;
236  }
237 
238  return 0;
239 }
240 
241 /**
242  * \brief this function is used to attach the parsed http2.frametype data into the current signature
243  *
244  * \param de_ctx pointer to the Detection Engine Context
245  * \param s pointer to the Current Signature
246  * \param str pointer to the user provided http2.frametype options
247  *
248  * \retval 0 on Success
249  * \retval -1 on Failure
250  */
251 static int DetectHTTP2frametypeSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
252 {
253  uint8_t frame_type;
254 
256  return -1;
257 
258  if (!DetectHTTP2FuncParseFrameType(str, &frame_type)) {
259  SCLogError("Invalid argument \"%s\" supplied to http2.frametype keyword.", str);
260  return -1;
261  }
262 
263  uint8_t *http2ft = SCCalloc(1, sizeof(uint8_t));
264  if (http2ft == NULL)
265  return -1;
266  *http2ft = frame_type;
267 
269  g_http2_match_buffer_id) == NULL) {
270  DetectHTTP2frametypeFree(NULL, http2ft);
271  return -1;
272  }
273 
274  return 0;
275 }
276 
277 /**
278  * \brief this function will free memory associated with uint8_t
279  *
280  * \param ptr pointer to uint8_t
281  */
283 {
284  SCFree(ptr);
285 }
286 
287 /**
288  * \brief This function is used to match HTTP2 error code rule option on a transaction with those passed via http2.errorcode:
289  *
290  * \retval 0 no match
291  * \retval 1 match
292  */
293 static int DetectHTTP2errorcodeMatch(DetectEngineThreadCtx *det_ctx,
294  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
295  const SigMatchCtx *ctx)
296 
297 {
298  uint32_t *detect = (uint32_t *)ctx;
299 
300  return SCHttp2TxHasErrorCode(txv, flags, *detect);
301  //TODOask handle negation rules
302 }
303 
304 static int DetectHTTP2FuncParseErrorCode(const char *str, uint32_t *ec)
305 {
306  // first parse numeric value
307  if (ByteExtractStringUint32(ec, 10, (uint16_t)strlen(str), str) > 0) {
308  return 1;
309  }
310 
311  // it it failed so far, parse string value from enumeration
312  int r = SCHttp2ParseErrorCode(str);
313  if (r >= 0) {
314  *ec = r;
315  return 1;
316  }
317 
318  return 0;
319 }
320 
321 /**
322  * \brief this function is used to attach the parsed http2.errorcode data into the current signature
323  *
324  * \param de_ctx pointer to the Detection Engine Context
325  * \param s pointer to the Current Signature
326  * \param str pointer to the user provided http2.errorcode options
327  *
328  * \retval 0 on Success
329  * \retval -1 on Failure
330  */
331 static int DetectHTTP2errorcodeSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
332 {
333  uint32_t error_code;
334 
336  return -1;
337 
338  if (!DetectHTTP2FuncParseErrorCode(str, &error_code)) {
339  SCLogError("Invalid argument \"%s\" supplied to http2.errorcode keyword.", str);
340  return -1;
341  }
342 
343  uint32_t *http2ec = SCCalloc(1, sizeof(uint32_t));
344  if (http2ec == NULL)
345  return -1;
346  *http2ec = error_code;
347 
349  g_http2_match_buffer_id) == NULL) {
350  DetectHTTP2errorcodeFree(NULL, http2ec);
351  return -1;
352  }
353 
354  return 0;
355 }
356 
357 /**
358  * \brief this function will free memory associated with uint32_t
359  *
360  * \param ptr pointer to uint32_t
361  */
363 {
364  SCFree(ptr);
365 }
366 
367 /**
368  * \brief This function is used to match HTTP2 error code rule option on a transaction with those passed via http2.priority:
369  *
370  * \retval 0 no match
371  * \retval 1 match
372  */
373 static int DetectHTTP2priorityMatch(DetectEngineThreadCtx *det_ctx,
374  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
375  const SigMatchCtx *ctx)
376 
377 {
378  return SCHttp2PriorityMatch(txv, flags, ctx);
379 }
380 
381 /**
382  * \brief this function is used to attach the parsed http2.priority data into the current signature
383  *
384  * \param de_ctx pointer to the Detection Engine Context
385  * \param s pointer to the Current Signature
386  * \param str pointer to the user provided http2.priority options
387  *
388  * \retval 0 on Success
389  * \retval -1 on Failure
390  */
391 static int DetectHTTP2prioritySetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
392 {
394  return -1;
395 
396  DetectU8Data *prio = SCDetectU8ArrayParse(str);
397  if (prio == NULL)
398  return -1;
399 
401  g_http2_match_buffer_id) == NULL) {
402  SCDetectU8Free(prio);
403  return -1;
404  }
405 
406  return 0;
407 }
408 
409 /**
410  * \brief this function will free memory associated with uint32_t
411  *
412  * \param ptr pointer to DetectU8Data
413  */
415 {
416  SCDetectU8ArrayFree(ptr);
417 }
418 
419 /**
420  * \brief This function is used to match HTTP2 window rule option on a transaction with those passed via http2.window:
421  *
422  * \retval 0 no match
423  * \retval 1 match
424  */
425 static int DetectHTTP2windowMatch(DetectEngineThreadCtx *det_ctx,
426  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
427  const SigMatchCtx *ctx)
428 
429 {
430  return SCHttp2WindowMatch(txv, flags, ctx);
431 }
432 
433 /**
434  * \brief this function is used to attach the parsed http2.window data into the current signature
435  *
436  * \param de_ctx pointer to the Detection Engine Context
437  * \param s pointer to the Current Signature
438  * \param str pointer to the user provided http2.window options
439  *
440  * \retval 0 on Success
441  * \retval -1 on Failure
442  */
443 static int DetectHTTP2windowSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
444 {
446  return -1;
447 
448  DetectU32Data *wu = SCDetectU32ArrayParse(str);
449  if (wu == NULL)
450  return -1;
451 
452  // use g_http2_complete_buffer_id as we may have window changes in any state
454  g_http2_complete_buffer_id) == NULL) {
455  SCDetectU32Free(wu);
456  return -1;
457  }
458 
459  return 0;
460 }
461 
462 /**
463  * \brief this function will free memory associated with uint32_t
464  *
465  * \param ptr pointer to DetectU8Data
466  */
468 {
469  SCDetectU32ArrayFree(ptr);
470 }
471 
472 /**
473  * \brief This function is used to match HTTP2 size update rule option on a transaction with those passed via http2.size_update:
474  *
475  * \retval 0 no match
476  * \retval 1 match
477  */
478 static int DetectHTTP2sizeUpdateMatch(DetectEngineThreadCtx *det_ctx,
479  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
480  const SigMatchCtx *ctx)
481 
482 {
483  return SCHttp2DetectSizeUpdateCtxMatch(ctx, txv, flags);
484 }
485 
486 /**
487  * \brief this function is used to attach the parsed http2.size_update data into the current signature
488  *
489  * \param de_ctx pointer to the Detection Engine Context
490  * \param s pointer to the Current Signature
491  * \param str pointer to the user provided http2.size_update options
492  *
493  * \retval 0 on Success
494  * \retval -1 on Failure
495  */
496 static int DetectHTTP2sizeUpdateSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
497 {
499  return -1;
500 
501  void *su = SCDetectU64Parse(str);
502  if (su == NULL)
503  return -1;
504 
506  g_http2_match_buffer_id) == NULL) {
507  DetectHTTP2settingsFree(NULL, su);
508  return -1;
509  }
510 
511  return 0;
512 }
513 
514 /**
515  * \brief this function will free memory associated with uint32_t
516  *
517  * \param ptr pointer to DetectU8Data
518  */
520 {
521  SCDetectU64Free(ptr);
522 }
523 
524 /**
525  * \brief This function is used to match HTTP2 error code rule option on a transaction with those passed via http2.settings:
526  *
527  * \retval 0 no match
528  * \retval 1 match
529  */
530 static int DetectHTTP2settingsMatch(DetectEngineThreadCtx *det_ctx,
531  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
532  const SigMatchCtx *ctx)
533 
534 {
535  return SCHttp2DetectSettingsCtxMatch(ctx, txv, flags);
536 }
537 
538 /**
539  * \brief this function is used to attach the parsed http2.settings data into the current signature
540  *
541  * \param de_ctx pointer to the Detection Engine Context
542  * \param s pointer to the Current Signature
543  * \param str pointer to the user provided http2.settings options
544  *
545  * \retval 0 on Success
546  * \retval -1 on Failure
547  */
548 static int DetectHTTP2settingsSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
549 {
551  return -1;
552 
553  void *http2set = SCHttp2DetectSettingsCtxParse(str);
554  if (http2set == NULL)
555  return -1;
556 
558  g_http2_match_buffer_id) == NULL) {
559  DetectHTTP2settingsFree(NULL, http2set);
560  return -1;
561  }
562 
563  return 0;
564 }
565 
566 /**
567  * \brief this function will free memory associated with rust signature context
568  *
569  * \param ptr pointer to rust signature context
570  */
572 {
573  SCHttp2DetectSettingsCtxFree(ptr);
574 }
575 
576 static int DetectHTTP2headerNameSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
577 {
578  if (SCDetectBufferSetActiveList(de_ctx, s, g_http2_header_name_buffer_id) < 0)
579  return -1;
580 
582  return -1;
583 
584  return 0;
585 }
586 
587 #ifdef UNITTESTS
588 #include "tests/detect-http2.c"
589 #endif
util-byte.h
detect-engine-uint.h
SigTableElmt_::url
const char * url
Definition: detect.h:1460
detect-content.h
detect-engine.h
SIGMATCH_INFO_STICKY_BUFFER
#define SIGMATCH_INFO_STICKY_BUFFER
Definition: detect.h:1674
DetectHTTP2priorityRegisterTests
void DetectHTTP2priorityRegisterTests(void)
Definition: detect-http2.c:90
SigTableElmt_::desc
const char * desc
Definition: detect.h:1459
sigmatch_table
SigTableElmt * sigmatch_table
Definition: detect-parse.c:79
SigTableElmt_::Free
void(* Free)(DetectEngineCtx *, void *)
Definition: detect.h:1444
SigTableElmt_::name
const char * name
Definition: detect.h:1457
DetectHTTP2RegisterTests
void DetectHTTP2RegisterTests(void)
SigTableElmt_::flags
uint32_t flags
Definition: detect.h:1448
Flow_
Flow data structure.
Definition: flow.h:348
DETECT_HTTP2_SETTINGS
@ DETECT_HTTP2_SETTINGS
Definition: detect-engine-register.h:211
ctx
struct Thresholds ctx
DetectHTTP2priorityFree
void DetectHTTP2priorityFree(DetectEngineCtx *, void *)
this function will free memory associated with uint32_t
Definition: detect-http2.c:414
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:932
DETECT_HTTP2_SIZEUPDATE
@ DETECT_HTTP2_SIZEUPDATE
Definition: detect-engine-register.h:210
DetectBufferTypeSupportsMultiInstance
void DetectBufferTypeSupportsMultiInstance(const char *name)
Definition: detect-engine.c:1228
SigTableElmt_::AppLayerTxMatch
int(* AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)
Definition: detect.h:1422
rust.h
ByteExtractStringUint32
int ByteExtractStringUint32(uint32_t *res, int base, size_t len, const char *str)
Definition: util-byte.c:242
DetectHTTP2sizeUpdateFree
void DetectHTTP2sizeUpdateFree(DetectEngineCtx *, void *)
this function will free memory associated with uint32_t
Definition: detect-http2.c:519
DETECT_HTTP2_HEADERNAME
@ DETECT_HTTP2_HEADERNAME
Definition: detect-engine-register.h:212
SCDetectBufferSetActiveList
int SCDetectBufferSetActiveList(DetectEngineCtx *de_ctx, Signature *s, const int list)
Definition: detect-engine-buffer.c:29
SCDetectSignatureSetAppProto
int SCDetectSignatureSetAppProto(Signature *s, AppProto alproto)
Definition: detect-parse.c:2229
SIG_FLAG_TOCLIENT
#define SIG_FLAG_TOCLIENT
Definition: detect.h:272
SigTableElmt_::Setup
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Definition: detect.h:1439
detect-engine-prefilter.h
DetectBufferTypeGetByName
int DetectBufferTypeGetByName(const char *name)
Definition: detect-engine.c:1278
SIGMATCH_INFO_UINT32
#define SIGMATCH_INFO_UINT32
Definition: detect.h:1690
SIG_FLAG_TOSERVER
#define SIG_FLAG_TOSERVER
Definition: detect.h:271
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:18
detect-http2.h
DetectEngineThreadCtx_
Definition: detect.h:1244
SIGMATCH_INFO_MULTI_UINT
#define SIGMATCH_INFO_MULTI_UINT
Definition: detect.h:1694
detect-engine-mpm.h
SCSigMatchAppendSMToList
SigMatch * SCSigMatchAppendSMToList(DetectEngineCtx *de_ctx, Signature *s, uint16_t type, SigMatchCtx *ctx, const int list)
Append a SigMatch to the list type.
Definition: detect-parse.c:388
detect.h
DetectHTTP2sizeUpdateRegisterTests
void DetectHTTP2sizeUpdateRegisterTests(void)
Definition: detect-http2.c:158
DetectHTTP2settingsFree
void DetectHTTP2settingsFree(DetectEngineCtx *, void *)
this function will free memory associated with rust signature context
Definition: detect-http2.c:571
DetectU8Data
DetectUintData_u8 DetectU8Data
Definition: detect-engine-uint.h:43
detect-engine-helper.h
DetectHTTP2settingsRegisterTests
void DetectHTTP2settingsRegisterTests(void)
Definition: detect-http2.c:135
util-profiling.h
SigTableElmt_::Match
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
Definition: detect.h:1419
ALPROTO_HTTP2
@ ALPROTO_HTTP2
Definition: app-layer-protos.h:69
DetectHTTP2windowRegisterTests
void DetectHTTP2windowRegisterTests(void)
Definition: detect-http2.c:112
detect-engine-content-inspection.h
SigMatchCtx_
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
Definition: detect.h:351
ByteExtractStringUint8
int ByteExtractStringUint8(uint8_t *res, int base, size_t len, const char *str)
Definition: util-byte.c:288
DetectBufferTypeRegister
int DetectBufferTypeRegister(const char *name)
Definition: detect-engine.c:1214
flags
uint8_t flags
Definition: decode-gre.h:0
suricata-common.h
DetectHTTP2windowFree
void DetectHTTP2windowFree(DetectEngineCtx *, void *)
this function will free memory associated with uint32_t
Definition: detect-http2.c:467
DETECT_HTTP2_ERRORCODE
@ DETECT_HTTP2_ERRORCODE
Definition: detect-engine-register.h:207
DetectU32Data
DetectUintData_u32 DetectU32Data
Definition: detect-engine-uint.h:41
detect-engine-buffer.h
SIGMATCH_INFO_UINT64
#define SIGMATCH_INFO_UINT64
Definition: detect.h:1692
DetectHttp2Register
void DetectHttp2Register(void)
Registration function for HTTP2 keywords.
Definition: detect-http2.c:104
DetectEngineInspectGenericList
uint8_t DetectEngineInspectGenericList(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
Definition: detect-engine.c:1946
SIGMATCH_INFO_MULTI_BUFFER
#define SIGMATCH_INFO_MULTI_BUFFER
Definition: detect.h:1684
str
#define str(s)
Definition: suricata-common.h:308
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:271
DetectHTTP2errorCodeRegisterTests
void DetectHTTP2errorCodeRegisterTests(void)
Definition: detect-http2.c:68
SCFree
#define SCFree(p)
Definition: util-mem.h:61
DETECT_HTTP2_WINDOW
@ DETECT_HTTP2_WINDOW
Definition: detect-engine-register.h:209
detect-parse.h
Signature_
Signature container.
Definition: detect.h:668
SIGMATCH_INFO_UINT8
#define SIGMATCH_INFO_UINT8
Definition: detect.h:1686
DETECT_HTTP2_PRIORITY
@ DETECT_HTTP2_PRIORITY
Definition: detect-engine-register.h:208
detect-http2.c
SIGMATCH_NOOPT
#define SIGMATCH_NOOPT
Definition: detect.h:1649
DetectAppLayerInspectEngineRegister
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr Callback, InspectionBufferGetDataPtr GetData)
Registers an app inspection engine.
Definition: detect-engine.c:273
DetectBufferTypeSetDescriptionByName
void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc)
Definition: detect-engine.c:1375
DetectHTTP2frameTypeRegisterTests
void DetectHTTP2frameTypeRegisterTests(void)
this function registers unit tests for DetectHTTP2frameType
Definition: detect-http2.c:46
DetectHTTP2errorcodeFree
void DetectHTTP2errorcodeFree(DetectEngineCtx *, void *)
this function will free memory associated with uint32_t
Definition: detect-http2.c:362
DetectAppLayerMultiRegister
void DetectAppLayerMultiRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectionMultiBufferGetDataPtr GetData, int priority)
Definition: detect-engine.c:2099
DetectHTTP2frametypeFree
void DetectHTTP2frametypeFree(DetectEngineCtx *, void *)
this function will free memory associated with uint8_t
Definition: detect-http2.c:282
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
DETECT_HTTP2_FRAMETYPE
@ DETECT_HTTP2_FRAMETYPE
Definition: detect-engine-register.h:206
SigTableElmt_::RegisterTests
void(* RegisterTests)(void)
Definition: detect.h:1446