suricata
detect-http2.c
Go to the documentation of this file.
1 /* Copyright (C) 2020-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Philippe Antoine <p.antoine@catenacyber.fr>
22  *
23  */
24 
25 #include "suricata-common.h"
26 
27 #include "detect.h"
28 #include "detect-parse.h"
29 #include "detect-content.h"
30 
31 #include "detect-engine.h"
32 #include "detect-engine-uint.h"
33 #include "detect-engine-mpm.h"
36 
37 #include "detect-http2.h"
38 #include "util-byte.h"
39 #include "rust.h"
40 #include "util-profiling.h"
41 
42 #ifdef UNITTESTS
49 #endif
50 
51 /* prototypes */
52 static int DetectHTTP2frametypeMatch(DetectEngineThreadCtx *det_ctx,
53  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
54  const SigMatchCtx *ctx);
55 static int DetectHTTP2frametypeSetup (DetectEngineCtx *, Signature *, const char *);
57 
58 static int DetectHTTP2errorcodeMatch(DetectEngineThreadCtx *det_ctx,
59  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
60  const SigMatchCtx *ctx);
61 static int DetectHTTP2errorcodeSetup (DetectEngineCtx *, Signature *, const char *);
63 
64 static int DetectHTTP2priorityMatch(DetectEngineThreadCtx *det_ctx,
65  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
66  const SigMatchCtx *ctx);
67 static int DetectHTTP2prioritySetup (DetectEngineCtx *, Signature *, const char *);
69 
70 static int DetectHTTP2windowMatch(DetectEngineThreadCtx *det_ctx,
71  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
72  const SigMatchCtx *ctx);
73 static int DetectHTTP2windowSetup (DetectEngineCtx *, Signature *, const char *);
74 void DetectHTTP2windowFree (DetectEngineCtx *, void *);
75 
76 static int DetectHTTP2sizeUpdateMatch(DetectEngineThreadCtx *det_ctx,
77  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
78  const SigMatchCtx *ctx);
79 static int DetectHTTP2sizeUpdateSetup (DetectEngineCtx *, Signature *, const char *);
81 
82 static int DetectHTTP2settingsMatch(DetectEngineThreadCtx *det_ctx,
83  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
84  const SigMatchCtx *ctx);
85 static int DetectHTTP2settingsSetup (DetectEngineCtx *, Signature *, const char *);
87 
88 static int DetectHTTP2headerNameSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg);
89 
90 #ifdef UNITTESTS
92 #endif
93 
94 static int g_http2_match_buffer_id = 0;
95 static int g_http2_header_name_buffer_id = 0;
96 
97 /**
98  * \brief Registration function for HTTP2 keywords
99  */
100 
101 static InspectionBuffer *GetHttp2HNameData(DetectEngineThreadCtx *det_ctx,
102  const DetectEngineTransforms *transforms, Flow *_f, const uint8_t flags, void *txv,
103  int list_id, uint32_t local_id)
104 {
105  SCEnter();
106 
107  InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, local_id);
108  if (buffer == NULL)
109  return NULL;
110  if (buffer->initialized)
111  return buffer;
112 
113  uint32_t b_len = 0;
114  const uint8_t *b = NULL;
115 
116  if (rs_http2_tx_get_header_name(txv, flags, local_id, &b, &b_len) != 1) {
118  return NULL;
119  }
120  if (b == NULL || b_len == 0) {
122  return NULL;
123  }
124 
125  InspectionBufferSetupMulti(buffer, transforms, b, b_len);
126  buffer->flags = DETECT_CI_FLAGS_SINGLE;
127 
128  SCReturnPtr(buffer, "InspectionBuffer");
129 }
130 
132 {
133  sigmatch_table[DETECT_HTTP2_FRAMETYPE].name = "http2.frametype";
134  sigmatch_table[DETECT_HTTP2_FRAMETYPE].desc = "match on HTTP2 frame type field";
135  sigmatch_table[DETECT_HTTP2_FRAMETYPE].url = "/rules/http2-keywords.html#frametype";
137  sigmatch_table[DETECT_HTTP2_FRAMETYPE].AppLayerTxMatch = DetectHTTP2frametypeMatch;
138  sigmatch_table[DETECT_HTTP2_FRAMETYPE].Setup = DetectHTTP2frametypeSetup;
140 #ifdef UNITTESTS
142 #endif
143 
144  sigmatch_table[DETECT_HTTP2_ERRORCODE].name = "http2.errorcode";
145  sigmatch_table[DETECT_HTTP2_ERRORCODE].desc = "match on HTTP2 error code field";
146  sigmatch_table[DETECT_HTTP2_ERRORCODE].url = "/rules/http2-keywords.html#errorcode";
148  sigmatch_table[DETECT_HTTP2_ERRORCODE].AppLayerTxMatch = DetectHTTP2errorcodeMatch;
149  sigmatch_table[DETECT_HTTP2_ERRORCODE].Setup = DetectHTTP2errorcodeSetup;
151 #ifdef UNITTESTS
153 #endif
154 
155  sigmatch_table[DETECT_HTTP2_PRIORITY].name = "http2.priority";
156  sigmatch_table[DETECT_HTTP2_PRIORITY].desc = "match on HTTP2 priority weight field";
157  sigmatch_table[DETECT_HTTP2_PRIORITY].url = "/rules/http2-keywords.html#priority";
159  sigmatch_table[DETECT_HTTP2_PRIORITY].AppLayerTxMatch = DetectHTTP2priorityMatch;
160  sigmatch_table[DETECT_HTTP2_PRIORITY].Setup = DetectHTTP2prioritySetup;
162 #ifdef UNITTESTS
164 #endif
165 
166  sigmatch_table[DETECT_HTTP2_WINDOW].name = "http2.window";
167  sigmatch_table[DETECT_HTTP2_WINDOW].desc = "match on HTTP2 window update size increment field";
168  sigmatch_table[DETECT_HTTP2_WINDOW].url = "/rules/http2-keywords.html#window";
170  sigmatch_table[DETECT_HTTP2_WINDOW].AppLayerTxMatch = DetectHTTP2windowMatch;
171  sigmatch_table[DETECT_HTTP2_WINDOW].Setup = DetectHTTP2windowSetup;
173 #ifdef UNITTESTS
175 #endif
176 
177  sigmatch_table[DETECT_HTTP2_SIZEUPDATE].name = "http2.size_update";
178  sigmatch_table[DETECT_HTTP2_SIZEUPDATE].desc = "match on HTTP2 dynamic headers table size update";
179  sigmatch_table[DETECT_HTTP2_SIZEUPDATE].url = "/rules/http2-keywords.html#sizeupdate";
181  sigmatch_table[DETECT_HTTP2_SIZEUPDATE].AppLayerTxMatch = DetectHTTP2sizeUpdateMatch;
182  sigmatch_table[DETECT_HTTP2_SIZEUPDATE].Setup = DetectHTTP2sizeUpdateSetup;
184 #ifdef UNITTESTS
186 #endif
187 
188  sigmatch_table[DETECT_HTTP2_SETTINGS].name = "http2.settings";
189  sigmatch_table[DETECT_HTTP2_SETTINGS].desc = "match on HTTP2 settings identifier and value fields";
190  sigmatch_table[DETECT_HTTP2_SETTINGS].url = "/rules/http2-keywords.html#settings";
192  sigmatch_table[DETECT_HTTP2_SETTINGS].AppLayerTxMatch = DetectHTTP2settingsMatch;
193  sigmatch_table[DETECT_HTTP2_SETTINGS].Setup = DetectHTTP2settingsSetup;
195 #ifdef UNITTESTS
197 #endif
198 
199  sigmatch_table[DETECT_HTTP2_HEADERNAME].name = "http2.header_name";
200  sigmatch_table[DETECT_HTTP2_HEADERNAME].desc = "sticky buffer to match on one HTTP2 header name";
201  sigmatch_table[DETECT_HTTP2_HEADERNAME].url = "/rules/http2-keywords.html#header_name";
202  sigmatch_table[DETECT_HTTP2_HEADERNAME].Setup = DetectHTTP2headerNameSetup;
204 
206  HTTP2StateOpen, GetHttp2HNameData, 2, HTTP2StateOpen);
208  HTTP2StateOpen, GetHttp2HNameData, 2, HTTP2StateOpen);
209  DetectBufferTypeSupportsMultiInstance("http2_header_name");
210  DetectBufferTypeSetDescriptionByName("http2_header_name",
211  "HTTP2 header name");
212  g_http2_header_name_buffer_id = DetectBufferTypeGetByName("http2_header_name");
213 
218 
219  g_http2_match_buffer_id = DetectBufferTypeRegister("http2");
220  return;
221 }
222 
223 /**
224  * \brief This function is used to match HTTP2 frame type rule option on a transaction with those passed via http2.frametype:
225  *
226  * \retval 0 no match
227  * \retval 1 match
228  */
229 static int DetectHTTP2frametypeMatch(DetectEngineThreadCtx *det_ctx,
230  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
231  const SigMatchCtx *ctx)
232 
233 {
234  uint8_t *detect = (uint8_t *)ctx;
235 
236  return rs_http2_tx_has_frametype(txv, flags, *detect);
237 }
238 
239 static int DetectHTTP2FuncParseFrameType(const char *str, uint8_t *ft)
240 {
241  // first parse numeric value
242  if (ByteExtractStringUint8(ft, 10, (uint16_t)strlen(str), str) >= 0) {
243  return 1;
244  }
245 
246  // it it failed so far, parse string value from enumeration
247  int r = rs_http2_parse_frametype(str);
248  if (r >= 0 && r <= UINT8_MAX) {
249  *ft = (uint8_t)r;
250  return 1;
251  }
252 
253  return 0;
254 }
255 
256 /**
257  * \brief this function is used to attach the parsed http2.frametype data into the current signature
258  *
259  * \param de_ctx pointer to the Detection Engine Context
260  * \param s pointer to the Current Signature
261  * \param str pointer to the user provided http2.frametype options
262  *
263  * \retval 0 on Success
264  * \retval -1 on Failure
265  */
266 static int DetectHTTP2frametypeSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
267 {
268  uint8_t frame_type;
269 
271  return -1;
272 
273  if (!DetectHTTP2FuncParseFrameType(str, &frame_type)) {
274  SCLogError("Invalid argument \"%s\" supplied to http2.frametype keyword.", str);
275  return -1;
276  }
277 
278  uint8_t *http2ft = SCCalloc(1, sizeof(uint8_t));
279  if (http2ft == NULL)
280  return -1;
281  *http2ft = frame_type;
282 
284  g_http2_match_buffer_id) == NULL) {
285  DetectHTTP2frametypeFree(NULL, http2ft);
286  return -1;
287  }
288 
289  return 0;
290 }
291 
292 /**
293  * \brief this function will free memory associated with uint8_t
294  *
295  * \param ptr pointer to uint8_t
296  */
298 {
299  SCFree(ptr);
300 }
301 
302 /**
303  * \brief This function is used to match HTTP2 error code rule option on a transaction with those passed via http2.errorcode:
304  *
305  * \retval 0 no match
306  * \retval 1 match
307  */
308 static int DetectHTTP2errorcodeMatch(DetectEngineThreadCtx *det_ctx,
309  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
310  const SigMatchCtx *ctx)
311 
312 {
313  uint32_t *detect = (uint32_t *)ctx;
314 
315  return rs_http2_tx_has_errorcode(txv, flags, *detect);
316  //TODOask handle negation rules
317 }
318 
319 static int DetectHTTP2FuncParseErrorCode(const char *str, uint32_t *ec)
320 {
321  // first parse numeric value
322  if (ByteExtractStringUint32(ec, 10, (uint16_t)strlen(str), str) >= 0) {
323  return 1;
324  }
325 
326  // it it failed so far, parse string value from enumeration
327  int r = rs_http2_parse_errorcode(str);
328  if (r >= 0) {
329  *ec = r;
330  return 1;
331  }
332 
333  return 0;
334 }
335 
336 /**
337  * \brief this function is used to attach the parsed http2.errorcode data into the current signature
338  *
339  * \param de_ctx pointer to the Detection Engine Context
340  * \param s pointer to the Current Signature
341  * \param str pointer to the user provided http2.errorcode options
342  *
343  * \retval 0 on Success
344  * \retval -1 on Failure
345  */
346 static int DetectHTTP2errorcodeSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
347 {
348  uint32_t error_code;
349 
351  return -1;
352 
353  if (!DetectHTTP2FuncParseErrorCode(str, &error_code)) {
354  SCLogError("Invalid argument \"%s\" supplied to http2.errorcode keyword.", str);
355  return -1;
356  }
357 
358  uint32_t *http2ec = SCCalloc(1, sizeof(uint32_t));
359  if (http2ec == NULL)
360  return -1;
361  *http2ec = error_code;
362 
364  g_http2_match_buffer_id) == NULL) {
365  DetectHTTP2errorcodeFree(NULL, http2ec);
366  return -1;
367  }
368 
369  return 0;
370 }
371 
372 /**
373  * \brief this function will free memory associated with uint32_t
374  *
375  * \param ptr pointer to uint32_t
376  */
378 {
379  SCFree(ptr);
380 }
381 
382 /**
383  * \brief This function is used to match HTTP2 error code rule option on a transaction with those passed via http2.priority:
384  *
385  * \retval 0 no match
386  * \retval 1 match
387  */
388 static int DetectHTTP2priorityMatch(DetectEngineThreadCtx *det_ctx,
389  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
390  const SigMatchCtx *ctx)
391 
392 {
393  uint32_t nb = 0;
394  int value = rs_http2_tx_get_next_priority(txv, flags, nb);
395  const DetectU8Data *du8 = (const DetectU8Data *)ctx;
396  while (value >= 0) {
397  if (DetectU8Match((uint8_t)value, du8)) {
398  return 1;
399  }
400  nb++;
401  value = rs_http2_tx_get_next_priority(txv, flags, nb);
402  }
403  return 0;
404 }
405 
406 /**
407  * \brief this function is used to attach the parsed http2.priority data into the current signature
408  *
409  * \param de_ctx pointer to the Detection Engine Context
410  * \param s pointer to the Current Signature
411  * \param str pointer to the user provided http2.priority options
412  *
413  * \retval 0 on Success
414  * \retval -1 on Failure
415  */
416 static int DetectHTTP2prioritySetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
417 {
419  return -1;
420 
421  DetectU8Data *prio = DetectU8Parse(str);
422  if (prio == NULL)
423  return -1;
424 
426  g_http2_match_buffer_id) == NULL) {
427  rs_detect_u8_free(prio);
428  return -1;
429  }
430 
431  return 0;
432 }
433 
434 /**
435  * \brief this function will free memory associated with uint32_t
436  *
437  * \param ptr pointer to DetectU8Data
438  */
440 {
441  rs_detect_u8_free(ptr);
442 }
443 
444 /**
445  * \brief This function is used to match HTTP2 window rule option on a transaction with those passed via http2.window:
446  *
447  * \retval 0 no match
448  * \retval 1 match
449  */
450 static int DetectHTTP2windowMatch(DetectEngineThreadCtx *det_ctx,
451  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
452  const SigMatchCtx *ctx)
453 
454 {
455  uint32_t nb = 0;
456  int value = rs_http2_tx_get_next_window(txv, flags, nb);
457  const DetectU32Data *du32 = (const DetectU32Data *)ctx;
458  while (value >= 0) {
459  if (DetectU32Match(value, du32)) {
460  return 1;
461  }
462  nb++;
463  value = rs_http2_tx_get_next_window(txv, flags, nb);
464  }
465  return 0;
466 }
467 
468 /**
469  * \brief this function is used to attach the parsed http2.window data into the current signature
470  *
471  * \param de_ctx pointer to the Detection Engine Context
472  * \param s pointer to the Current Signature
473  * \param str pointer to the user provided http2.window options
474  *
475  * \retval 0 on Success
476  * \retval -1 on Failure
477  */
478 static int DetectHTTP2windowSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
479 {
481  return -1;
482 
484  if (wu == NULL)
485  return -1;
486 
488  g_http2_match_buffer_id) == NULL) {
489  rs_detect_u32_free(wu);
490  return -1;
491  }
492 
493  return 0;
494 }
495 
496 /**
497  * \brief this function will free memory associated with uint32_t
498  *
499  * \param ptr pointer to DetectU8Data
500  */
502 {
503  rs_detect_u32_free(ptr);
504 }
505 
506 /**
507  * \brief This function is used to match HTTP2 size update rule option on a transaction with those passed via http2.size_update:
508  *
509  * \retval 0 no match
510  * \retval 1 match
511  */
512 static int DetectHTTP2sizeUpdateMatch(DetectEngineThreadCtx *det_ctx,
513  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
514  const SigMatchCtx *ctx)
515 
516 {
517  return rs_http2_detect_sizeupdatectx_match(ctx, txv, flags);
518 }
519 
520 /**
521  * \brief this function is used to attach the parsed http2.size_update data into the current signature
522  *
523  * \param de_ctx pointer to the Detection Engine Context
524  * \param s pointer to the Current Signature
525  * \param str pointer to the user provided http2.size_update options
526  *
527  * \retval 0 on Success
528  * \retval -1 on Failure
529  */
530 static int DetectHTTP2sizeUpdateSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
531 {
533  return -1;
534 
535  void *su = rs_detect_u64_parse(str);
536  if (su == NULL)
537  return -1;
538 
540  g_http2_match_buffer_id) == NULL) {
541  DetectHTTP2settingsFree(NULL, su);
542  return -1;
543  }
544 
545  return 0;
546 }
547 
548 /**
549  * \brief this function will free memory associated with uint32_t
550  *
551  * \param ptr pointer to DetectU8Data
552  */
554 {
555  rs_detect_u64_free(ptr);
556 }
557 
558 /**
559  * \brief This function is used to match HTTP2 error code rule option on a transaction with those passed via http2.settings:
560  *
561  * \retval 0 no match
562  * \retval 1 match
563  */
564 static int DetectHTTP2settingsMatch(DetectEngineThreadCtx *det_ctx,
565  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
566  const SigMatchCtx *ctx)
567 
568 {
569  return rs_http2_detect_settingsctx_match(ctx, txv, flags);
570 }
571 
572 /**
573  * \brief this function is used to attach the parsed http2.settings data into the current signature
574  *
575  * \param de_ctx pointer to the Detection Engine Context
576  * \param s pointer to the Current Signature
577  * \param str pointer to the user provided http2.settings options
578  *
579  * \retval 0 on Success
580  * \retval -1 on Failure
581  */
582 static int DetectHTTP2settingsSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
583 {
585  return -1;
586 
587  void *http2set = rs_http2_detect_settingsctx_parse(str);
588  if (http2set == NULL)
589  return -1;
590 
592  g_http2_match_buffer_id) == NULL) {
593  DetectHTTP2settingsFree(NULL, http2set);
594  return -1;
595  }
596 
597  return 0;
598 }
599 
600 /**
601  * \brief this function will free memory associated with rust signature context
602  *
603  * \param ptr pointer to rust signature context
604  */
606 {
607  rs_http2_detect_settingsctx_free(ptr);
608 }
609 
610 static int DetectHTTP2headerNameSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
611 {
612  if (DetectBufferSetActiveList(de_ctx, s, g_http2_header_name_buffer_id) < 0)
613  return -1;
614 
616  return -1;
617 
618  return 0;
619 }
620 
621 #ifdef UNITTESTS
622 #include "tests/detect-http2.c"
623 #endif
util-byte.h
detect-engine-uint.h
SigTableElmt_::url
const char * url
Definition: detect.h:1311
DetectSignatureSetAppProto
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
Definition: detect-parse.c:1742
detect-content.h
detect-engine.h
SIGMATCH_INFO_STICKY_BUFFER
#define SIGMATCH_INFO_STICKY_BUFFER
Definition: detect.h:1512
DetectHTTP2priorityRegisterTests
void DetectHTTP2priorityRegisterTests(void)
Definition: detect-http2.c:90
DetectU32Match
int DetectU32Match(const uint32_t parg, const DetectUintData_u32 *du32)
Definition: detect-engine-uint.c:31
SigTableElmt_::desc
const char * desc
Definition: detect.h:1310
SigTableElmt_::Free
void(* Free)(DetectEngineCtx *, void *)
Definition: detect.h:1298
SigTableElmt_::name
const char * name
Definition: detect.h:1308
InspectionBuffer::initialized
bool initialized
Definition: detect.h:378
DetectEngineTransforms
Definition: detect.h:409
DetectHTTP2RegisterTests
void DetectHTTP2RegisterTests(void)
DetectU32Parse
DetectUintData_u32 * DetectU32Parse(const char *u32str)
This function is used to parse u32 options passed via some u32 keyword.
Definition: detect-engine-uint.c:45
DetectBufferSetActiveList
int DetectBufferSetActiveList(DetectEngineCtx *de_ctx, Signature *s, const int list)
Definition: detect-engine.c:1350
InspectionBuffer
Definition: detect.h:374
Flow_
Flow data structure.
Definition: flow.h:356
DETECT_HTTP2_SETTINGS
@ DETECT_HTTP2_SETTINGS
Definition: detect-engine-register.h:194
SigTableElmt_::flags
uint16_t flags
Definition: detect.h:1302
DetectHTTP2priorityFree
void DetectHTTP2priorityFree(DetectEngineCtx *, void *)
this function will free memory associated with uint32_t
Definition: detect-http2.c:439
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:848
DETECT_HTTP2_SIZEUPDATE
@ DETECT_HTTP2_SIZEUPDATE
Definition: detect-engine-register.h:193
DetectBufferTypeSupportsMultiInstance
void DetectBufferTypeSupportsMultiInstance(const char *name)
Definition: detect-engine.c:1037
SigTableElmt_::AppLayerTxMatch
int(* AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)
Definition: detect.h:1279
rust.h
ByteExtractStringUint32
int ByteExtractStringUint32(uint32_t *res, int base, size_t len, const char *str)
Definition: util-byte.c:239
InspectionBuffer::flags
uint8_t flags
Definition: detect.h:379
DetectHTTP2sizeUpdateFree
void DetectHTTP2sizeUpdateFree(DetectEngineCtx *, void *)
this function will free memory associated with uint32_t
Definition: detect-http2.c:553
DETECT_HTTP2_HEADERNAME
@ DETECT_HTTP2_HEADERNAME
Definition: detect-engine-register.h:195
SIG_FLAG_TOCLIENT
#define SIG_FLAG_TOCLIENT
Definition: detect.h:267
SigTableElmt_::Setup
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Definition: detect.h:1293
detect-engine-prefilter.h
DetectBufferTypeGetByName
int DetectBufferTypeGetByName(const char *name)
Definition: detect-engine.c:1087
DetectAppLayerMultiRegister
void DetectAppLayerMultiRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectionMultiBufferGetDataPtr GetData, int priority, int tx_min_progress)
Definition: detect-engine.c:2184
DetectU8Parse
DetectUintData_u8 * DetectU8Parse(const char *u8str)
This function is used to parse u8 options passed via some u8 keyword.
Definition: detect-engine-uint.c:85
SIG_FLAG_TOSERVER
#define SIG_FLAG_TOSERVER
Definition: detect.h:266
InspectionBufferSetupMultiEmpty
void InspectionBufferSetupMultiEmpty(InspectionBuffer *buffer)
setup the buffer empty
Definition: detect-engine.c:1561
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
detect-http2.h
DetectEngineThreadCtx_
Definition: detect.h:1104
SCEnter
#define SCEnter(...)
Definition: util-debug.h:271
detect-engine-mpm.h
detect.h
DetectHTTP2sizeUpdateRegisterTests
void DetectHTTP2sizeUpdateRegisterTests(void)
Definition: detect-http2.c:158
DetectHTTP2settingsFree
void DetectHTTP2settingsFree(DetectEngineCtx *, void *)
this function will free memory associated with rust signature context
Definition: detect-http2.c:605
DetectU8Data
DetectUintData_u8 DetectU8Data
Definition: detect-engine-uint.h:43
DetectHTTP2settingsRegisterTests
void DetectHTTP2settingsRegisterTests(void)
Definition: detect-http2.c:135
util-profiling.h
SCReturnPtr
#define SCReturnPtr(x, type)
Definition: util-debug.h:287
SigTableElmt_::Match
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
Definition: detect.h:1276
ALPROTO_HTTP2
@ ALPROTO_HTTP2
Definition: app-layer-protos.h:62
DetectHTTP2windowRegisterTests
void DetectHTTP2windowRegisterTests(void)
Definition: detect-http2.c:112
detect-engine-content-inspection.h
SigMatchCtx_
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
Definition: detect.h:345
ByteExtractStringUint8
int ByteExtractStringUint8(uint8_t *res, int base, size_t len, const char *str)
Definition: util-byte.c:285
DetectU8Match
int DetectU8Match(const uint8_t parg, const DetectUintData_u8 *du8)
Definition: detect-engine-uint.c:71
DETECT_CI_FLAGS_SINGLE
#define DETECT_CI_FLAGS_SINGLE
Definition: detect-engine-content-inspection.h:49
DetectBufferTypeRegister
int DetectBufferTypeRegister(const char *name)
Definition: detect-engine.c:1023
flags
uint8_t flags
Definition: decode-gre.h:0
suricata-common.h
DetectHTTP2windowFree
void DetectHTTP2windowFree(DetectEngineCtx *, void *)
this function will free memory associated with uint32_t
Definition: detect-http2.c:501
DETECT_HTTP2_ERRORCODE
@ DETECT_HTTP2_ERRORCODE
Definition: detect-engine-register.h:190
sigmatch_table
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
Definition: detect-parse.c:127
DetectU32Data
DetectUintData_u32 DetectU32Data
Definition: detect-engine-uint.h:41
DetectHttp2Register
void DetectHttp2Register(void)
Definition: detect-http2.c:131
InspectionBufferSetupMulti
void InspectionBufferSetupMulti(InspectionBuffer *buffer, const DetectEngineTransforms *transforms, const uint8_t *data, const uint32_t data_len)
setup the buffer with our initial data
Definition: detect-engine.c:1574
DetectEngineInspectGenericList
uint8_t DetectEngineInspectGenericList(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
Definition: detect-engine.c:2094
str
#define str(s)
Definition: suricata-common.h:291
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
DetectHTTP2errorCodeRegisterTests
void DetectHTTP2errorCodeRegisterTests(void)
Definition: detect-http2.c:68
SCFree
#define SCFree(p)
Definition: util-mem.h:61
DETECT_HTTP2_WINDOW
@ DETECT_HTTP2_WINDOW
Definition: detect-engine-register.h:192
detect-parse.h
Signature_
Signature container.
Definition: detect.h:602
DETECT_HTTP2_PRIORITY
@ DETECT_HTTP2_PRIORITY
Definition: detect-engine-register.h:191
detect-http2.c
InspectionBufferMultipleForListGet
InspectionBuffer * InspectionBufferMultipleForListGet(DetectEngineThreadCtx *det_ctx, const int list_id, const uint32_t local_id)
for a InspectionBufferMultipleForList get a InspectionBuffer
Definition: detect-engine.c:1514
SIGMATCH_NOOPT
#define SIGMATCH_NOOPT
Definition: detect.h:1488
DetectAppLayerInspectEngineRegister
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr Callback, InspectionBufferGetDataPtr GetData)
Registers an app inspection engine.
Definition: detect-engine.c:233
SigMatchAppendSMToList
SigMatch * SigMatchAppendSMToList(DetectEngineCtx *de_ctx, Signature *s, uint16_t type, SigMatchCtx *ctx, const int list)
Append a SigMatch to the list type.
Definition: detect-parse.c:436
DetectBufferTypeSetDescriptionByName
void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc)
Definition: detect-engine.c:1184
DetectHTTP2frameTypeRegisterTests
void DetectHTTP2frameTypeRegisterTests(void)
this function registers unit tests for DetectHTTP2frameType
Definition: detect-http2.c:46
DetectHTTP2errorcodeFree
void DetectHTTP2errorcodeFree(DetectEngineCtx *, void *)
this function will free memory associated with uint32_t
Definition: detect-http2.c:377
DetectHTTP2frametypeFree
void DetectHTTP2frametypeFree(DetectEngineCtx *, void *)
this function will free memory associated with uint8_t
Definition: detect-http2.c:297
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
DETECT_HTTP2_FRAMETYPE
@ DETECT_HTTP2_FRAMETYPE
Definition: detect-engine-register.h:189
SigTableElmt_::RegisterTests
void(* RegisterTests)(void)
Definition: detect.h:1300