suricata
detect-http2.c
Go to the documentation of this file.
1 /* Copyright (C) 2020-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Philippe Antoine <p.antoine@catenacyber.fr>
22  *
23  */
24 
25 #include "suricata-common.h"
26 
27 #include "detect.h"
28 #include "detect-parse.h"
29 #include "detect-content.h"
30 
31 #include "detect-engine.h"
32 #include "detect-engine-buffer.h"
33 #include "detect-engine-uint.h"
34 #include "detect-engine-mpm.h"
37 #include "detect-engine-helper.h"
38 
39 #include "detect-http2.h"
40 #include "util-byte.h"
41 #include "rust.h"
42 #include "util-profiling.h"
43 
44 #ifdef UNITTESTS
51 #endif
52 
53 /* prototypes */
54 static int DetectHTTP2frametypeMatch(DetectEngineThreadCtx *det_ctx,
55  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
56  const SigMatchCtx *ctx);
57 static int DetectHTTP2frametypeSetup (DetectEngineCtx *, Signature *, const char *);
59 
60 static int DetectHTTP2errorcodeMatch(DetectEngineThreadCtx *det_ctx,
61  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
62  const SigMatchCtx *ctx);
63 static int DetectHTTP2errorcodeSetup (DetectEngineCtx *, Signature *, const char *);
65 
66 static int DetectHTTP2priorityMatch(DetectEngineThreadCtx *det_ctx,
67  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
68  const SigMatchCtx *ctx);
69 static int DetectHTTP2prioritySetup (DetectEngineCtx *, Signature *, const char *);
71 
72 static int DetectHTTP2windowMatch(DetectEngineThreadCtx *det_ctx,
73  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
74  const SigMatchCtx *ctx);
75 static int DetectHTTP2windowSetup (DetectEngineCtx *, Signature *, const char *);
76 void DetectHTTP2windowFree (DetectEngineCtx *, void *);
77 
78 static int DetectHTTP2sizeUpdateMatch(DetectEngineThreadCtx *det_ctx,
79  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
80  const SigMatchCtx *ctx);
81 static int DetectHTTP2sizeUpdateSetup (DetectEngineCtx *, Signature *, const char *);
83 
84 static int DetectHTTP2settingsMatch(DetectEngineThreadCtx *det_ctx,
85  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
86  const SigMatchCtx *ctx);
87 static int DetectHTTP2settingsSetup (DetectEngineCtx *, Signature *, const char *);
89 
90 static int DetectHTTP2headerNameSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg);
91 
92 #ifdef UNITTESTS
94 #endif
95 
96 static int g_http2_match_buffer_id = 0;
97 static int g_http2_complete_buffer_id = 0;
98 static int g_http2_header_buffer_id = 0;
99 
100 /**
101  * \brief Registration function for HTTP2 keywords
102  */
103 
105 {
106  sigmatch_table[DETECT_HTTP2_FRAMETYPE].name = "http2.frametype";
107  sigmatch_table[DETECT_HTTP2_FRAMETYPE].desc = "match on HTTP2 frame type field";
108  sigmatch_table[DETECT_HTTP2_FRAMETYPE].url = "/rules/http2-keywords.html#http2-frametype";
110  sigmatch_table[DETECT_HTTP2_FRAMETYPE].AppLayerTxMatch = DetectHTTP2frametypeMatch;
111  sigmatch_table[DETECT_HTTP2_FRAMETYPE].Setup = DetectHTTP2frametypeSetup;
115 #ifdef UNITTESTS
117 #endif
118 
119  sigmatch_table[DETECT_HTTP2_ERRORCODE].name = "http2.errorcode";
120  sigmatch_table[DETECT_HTTP2_ERRORCODE].desc = "match on HTTP2 error code field";
121  sigmatch_table[DETECT_HTTP2_ERRORCODE].url = "/rules/http2-keywords.html#http2-errorcode";
123  sigmatch_table[DETECT_HTTP2_ERRORCODE].AppLayerTxMatch = DetectHTTP2errorcodeMatch;
124  sigmatch_table[DETECT_HTTP2_ERRORCODE].Setup = DetectHTTP2errorcodeSetup;
128 #ifdef UNITTESTS
130 #endif
131 
132  sigmatch_table[DETECT_HTTP2_PRIORITY].name = "http2.priority";
133  sigmatch_table[DETECT_HTTP2_PRIORITY].desc = "match on HTTP2 priority weight field";
134  sigmatch_table[DETECT_HTTP2_PRIORITY].url = "/rules/http2-keywords.html#http2-priority";
136  sigmatch_table[DETECT_HTTP2_PRIORITY].AppLayerTxMatch = DetectHTTP2priorityMatch;
137  sigmatch_table[DETECT_HTTP2_PRIORITY].Setup = DetectHTTP2prioritySetup;
140 #ifdef UNITTESTS
142 #endif
143 
144  sigmatch_table[DETECT_HTTP2_WINDOW].name = "http2.window";
145  sigmatch_table[DETECT_HTTP2_WINDOW].desc = "match on HTTP2 window update size increment field";
146  sigmatch_table[DETECT_HTTP2_WINDOW].url = "/rules/http2-keywords.html#http2-window";
148  sigmatch_table[DETECT_HTTP2_WINDOW].AppLayerTxMatch = DetectHTTP2windowMatch;
149  sigmatch_table[DETECT_HTTP2_WINDOW].Setup = DetectHTTP2windowSetup;
152 #ifdef UNITTESTS
154 #endif
155 
156  sigmatch_table[DETECT_HTTP2_SIZEUPDATE].name = "http2.size_update";
157  sigmatch_table[DETECT_HTTP2_SIZEUPDATE].desc = "match on HTTP2 dynamic headers table size update";
158  sigmatch_table[DETECT_HTTP2_SIZEUPDATE].url = "/rules/http2-keywords.html#http2-size-update";
160  sigmatch_table[DETECT_HTTP2_SIZEUPDATE].AppLayerTxMatch = DetectHTTP2sizeUpdateMatch;
161  sigmatch_table[DETECT_HTTP2_SIZEUPDATE].Setup = DetectHTTP2sizeUpdateSetup;
164 #ifdef UNITTESTS
166 #endif
167 
168  sigmatch_table[DETECT_HTTP2_SETTINGS].name = "http2.settings";
169  sigmatch_table[DETECT_HTTP2_SETTINGS].desc = "match on HTTP2 settings identifier and value fields";
170  sigmatch_table[DETECT_HTTP2_SETTINGS].url = "/rules/http2-keywords.html#http2-settings";
172  sigmatch_table[DETECT_HTTP2_SETTINGS].AppLayerTxMatch = DetectHTTP2settingsMatch;
173  sigmatch_table[DETECT_HTTP2_SETTINGS].Setup = DetectHTTP2settingsSetup;
175 #ifdef UNITTESTS
177 #endif
178 
179  sigmatch_table[DETECT_HTTP2_HEADERNAME].name = "http2.header_name";
180  sigmatch_table[DETECT_HTTP2_HEADERNAME].desc = "sticky buffer to match on one HTTP2 header name";
181  sigmatch_table[DETECT_HTTP2_HEADERNAME].url = "/rules/http2-keywords.html#http2-header-name";
182  sigmatch_table[DETECT_HTTP2_HEADERNAME].Setup = DetectHTTP2headerNameSetup;
185 
186  /* registration for for Stream Tx Sub State */
188  HTTP2TxTypeStream, HTTP2ProgHeaders, SCHttp2TxGetHeaderName, 2);
190  HTTP2TxTypeStream, HTTP2ProgHeaders, SCHttp2TxGetHeaderName, 2);
191 
192  DetectBufferTypeSupportsMultiInstance("http2:header_name");
193  DetectBufferTypeSetDescriptionByName("http2:header_name", "HTTP2 header name");
194  g_http2_header_buffer_id = DetectBufferTypeGetByName("http2:header_name");
195 
196  g_http2_match_buffer_id = DetectBufferTypeRegister("http2:start");
197  /* registration for for Stream Tx Sub State */
199  HTTP2TxTypeStream, 0, DetectEngineInspectGenericList, NULL);
201  HTTP2TxTypeStream, 0, DetectEngineInspectGenericList, NULL);
202  /* registration for for Global Tx Sub State */
204  HTTP2TxTypeGlobal, 0, DetectEngineInspectGenericList, NULL);
206  HTTP2TxTypeGlobal, 0, DetectEngineInspectGenericList, NULL);
207 
208  g_http2_complete_buffer_id = DetectBufferTypeRegister("http2:complete");
209 
210  /* registration for for Stream Tx Sub State */
212  HTTP2TxTypeStream, HTTP2ProgComplete, DetectEngineInspectGenericList, NULL);
214  HTTP2TxTypeStream, HTTP2ProgComplete, DetectEngineInspectGenericList, NULL);
215  /* registration for for Global Tx Sub State */
217  HTTP2TxTypeGlobal, HTTP2ProgGlobalComplete, DetectEngineInspectGenericList, NULL);
219  HTTP2TxTypeGlobal, HTTP2ProgGlobalComplete, DetectEngineInspectGenericList, NULL);
220 }
221 
222 /**
223  * \brief This function is used to match HTTP2 frame type rule option on a transaction with those passed via http2.frametype:
224  *
225  * \retval 0 no match
226  * \retval 1 match
227  */
228 static int DetectHTTP2frametypeMatch(DetectEngineThreadCtx *det_ctx,
229  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
230  const SigMatchCtx *ctx)
231 
232 {
233  return SCHttp2TxHasFrametype(txv, flags, ctx);
234 }
235 
236 /**
237  * \brief this function is used to attach the parsed http2.frametype data into the current signature
238  *
239  * \param de_ctx pointer to the Detection Engine Context
240  * \param s pointer to the Current Signature
241  * \param str pointer to the user provided http2.frametype options
242  *
243  * \retval 0 on Success
244  * \retval -1 on Failure
245  */
246 static int DetectHTTP2frametypeSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
247 {
249  return -1;
250 
251  void *dua8 = SCHttp2ParseFrametype(str);
252  if (dua8 == NULL) {
253  SCLogError("Invalid http2.frametype: %s", str);
254  return -1;
255  }
256 
258  g_http2_complete_buffer_id) == NULL) {
259  DetectHTTP2frametypeFree(NULL, dua8);
260  return -1;
261  }
262 
263  return 0;
264 }
265 
266 /**
267  * \brief this function will free memory associated with uint8_t
268  *
269  * \param ptr pointer to uint8_t
270  */
272 {
273  SCDetectU8ArrayFree(ptr);
274 }
275 
276 /**
277  * \brief This function is used to match HTTP2 error code rule option on a transaction with those passed via http2.errorcode:
278  *
279  * \retval 0 no match
280  * \retval 1 match
281  */
282 static int DetectHTTP2errorcodeMatch(DetectEngineThreadCtx *det_ctx,
283  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
284  const SigMatchCtx *ctx)
285 
286 {
287  return SCHttp2TxHasErrorCode(txv, flags, ctx);
288 }
289 
290 /**
291  * \brief this function is used to attach the parsed http2.errorcode data into the current signature
292  *
293  * \param de_ctx pointer to the Detection Engine Context
294  * \param s pointer to the Current Signature
295  * \param str pointer to the user provided http2.errorcode options
296  *
297  * \retval 0 on Success
298  * \retval -1 on Failure
299  */
300 static int DetectHTTP2errorcodeSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
301 {
303  return -1;
304 
305  void *dua32 = SCHttp2ParseErrorCode(str);
306  if (dua32 == NULL) {
307  SCLogError("Invalid http2.errorcode: %s", str);
308  return -1;
309  }
310 
312  g_http2_complete_buffer_id) == NULL) {
313  DetectHTTP2errorcodeFree(NULL, dua32);
314  return -1;
315  }
316 
317  return 0;
318 }
319 
320 /**
321  * \brief this function will free memory associated with uint32_t
322  *
323  * \param ptr pointer to uint32_t
324  */
326 {
327  SCDetectU32ArrayFree(ptr);
328 }
329 
330 /**
331  * \brief This function is used to match HTTP2 error code rule option on a transaction with those passed via http2.priority:
332  *
333  * \retval 0 no match
334  * \retval 1 match
335  */
336 static int DetectHTTP2priorityMatch(DetectEngineThreadCtx *det_ctx,
337  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
338  const SigMatchCtx *ctx)
339 
340 {
341  return SCHttp2PriorityMatch(txv, flags, ctx);
342 }
343 
344 /**
345  * \brief this function is used to attach the parsed http2.priority data into the current signature
346  *
347  * \param de_ctx pointer to the Detection Engine Context
348  * \param s pointer to the Current Signature
349  * \param str pointer to the user provided http2.priority options
350  *
351  * \retval 0 on Success
352  * \retval -1 on Failure
353  */
354 static int DetectHTTP2prioritySetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
355 {
357  return -1;
358 
359  void *prio = SCDetectU8ArrayParse(str);
360  if (prio == NULL)
361  return -1;
362 
364  g_http2_complete_buffer_id) == NULL) {
365  DetectHTTP2priorityFree(NULL, prio);
366  return -1;
367  }
368 
369  return 0;
370 }
371 
372 /**
373  * \brief this function will free memory associated with uint32_t
374  *
375  * \param ptr pointer to DetectU8Data
376  */
378 {
379  SCDetectU8ArrayFree(ptr);
380 }
381 
382 /**
383  * \brief This function is used to match HTTP2 window rule option on a transaction with those passed via http2.window:
384  *
385  * \retval 0 no match
386  * \retval 1 match
387  */
388 static int DetectHTTP2windowMatch(DetectEngineThreadCtx *det_ctx,
389  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
390  const SigMatchCtx *ctx)
391 
392 {
393  return SCHttp2WindowMatch(txv, flags, ctx);
394 }
395 
396 /**
397  * \brief this function is used to attach the parsed http2.window data into the current signature
398  *
399  * \param de_ctx pointer to the Detection Engine Context
400  * \param s pointer to the Current Signature
401  * \param str pointer to the user provided http2.window options
402  *
403  * \retval 0 on Success
404  * \retval -1 on Failure
405  */
406 static int DetectHTTP2windowSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
407 {
409  return -1;
410 
411  void *wu = SCDetectU32ArrayParse(str);
412  if (wu == NULL)
413  return -1;
414 
415  // use g_http2_complete_buffer_id as we may have window changes in any state
417  g_http2_complete_buffer_id) == NULL) {
418  DetectHTTP2windowFree(NULL, wu);
419  return -1;
420  }
421 
422  return 0;
423 }
424 
425 /**
426  * \brief this function will free memory associated with uint32_t
427  *
428  * \param ptr pointer to DetectU8Data
429  */
431 {
432  SCDetectU32ArrayFree(ptr);
433 }
434 
435 /**
436  * \brief This function is used to match HTTP2 size update rule option on a transaction with those passed via http2.size_update:
437  *
438  * \retval 0 no match
439  * \retval 1 match
440  */
441 static int DetectHTTP2sizeUpdateMatch(DetectEngineThreadCtx *det_ctx,
442  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
443  const SigMatchCtx *ctx)
444 
445 {
446  return SCHttp2DetectSizeUpdateCtxMatch(ctx, txv, flags);
447 }
448 
449 /**
450  * \brief this function is used to attach the parsed http2.size_update data into the current signature
451  *
452  * \param de_ctx pointer to the Detection Engine Context
453  * \param s pointer to the Current Signature
454  * \param str pointer to the user provided http2.size_update options
455  *
456  * \retval 0 on Success
457  * \retval -1 on Failure
458  */
459 static int DetectHTTP2sizeUpdateSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
460 {
462  return -1;
463 
464  DetectU64Data *su = SCDetectU64Parse(str);
465  if (su == NULL)
466  return -1;
467 
469  g_http2_header_buffer_id) == NULL) {
470  DetectHTTP2sizeUpdateFree(NULL, su);
471  return -1;
472  }
473 
474  return 0;
475 }
476 
477 /**
478  * \brief this function will free memory associated with uint32_t
479  *
480  * \param ptr pointer to DetectU8Data
481  */
483 {
484  SCDetectU64Free(ptr);
485 }
486 
487 /**
488  * \brief This function is used to match HTTP2 error code rule option on a transaction with those passed via http2.settings:
489  *
490  * \retval 0 no match
491  * \retval 1 match
492  */
493 static int DetectHTTP2settingsMatch(DetectEngineThreadCtx *det_ctx,
494  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
495  const SigMatchCtx *ctx)
496 
497 {
498  return SCHttp2DetectSettingsCtxMatch(ctx, txv, flags);
499 }
500 
501 /**
502  * \brief this function is used to attach the parsed http2.settings data into the current signature
503  *
504  * \param de_ctx pointer to the Detection Engine Context
505  * \param s pointer to the Current Signature
506  * \param str pointer to the user provided http2.settings options
507  *
508  * \retval 0 on Success
509  * \retval -1 on Failure
510  */
511 static int DetectHTTP2settingsSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
512 {
514  return -1;
515 
516  void *http2set = SCHttp2DetectSettingsCtxParse(str);
517  if (http2set == NULL)
518  return -1;
519 
521  g_http2_match_buffer_id) == NULL) {
522  DetectHTTP2settingsFree(NULL, http2set);
523  return -1;
524  }
525 
526  return 0;
527 }
528 
529 /**
530  * \brief this function will free memory associated with rust signature context
531  *
532  * \param ptr pointer to rust signature context
533  */
535 {
536  SCHttp2DetectSettingsCtxFree(ptr);
537 }
538 
539 static int DetectHTTP2headerNameSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
540 {
541  if (SCDetectBufferSetActiveList(de_ctx, s, g_http2_header_buffer_id) < 0)
542  return -1;
543 
545  return -1;
546 
547  return 0;
548 }
549 
550 #ifdef UNITTESTS
551 #include "tests/detect-http2.c"
552 #endif
util-byte.h
detect-engine-uint.h
SigTableElmt_::url
const char * url
Definition: detect.h:1521
detect-content.h
detect-engine.h
SIGMATCH_NOOPT
#define SIGMATCH_NOOPT
Definition: detect-engine-register.h:306
SIGMATCH_INFO_MULTI_UINT
#define SIGMATCH_INFO_MULTI_UINT
Definition: detect-engine-register.h:348
DetectHTTP2priorityRegisterTests
void DetectHTTP2priorityRegisterTests(void)
Definition: detect-http2.c:90
SigTableElmt_::desc
const char * desc
Definition: detect.h:1520
sigmatch_table
SigTableElmt * sigmatch_table
Definition: detect-parse.c:79
SigTableElmt_::Free
void(* Free)(DetectEngineCtx *, void *)
Definition: detect.h:1505
SigTableElmt_::name
const char * name
Definition: detect.h:1518
DetectHTTP2RegisterTests
void DetectHTTP2RegisterTests(void)
SigTableElmt_::flags
uint32_t flags
Definition: detect.h:1509
SIGMATCH_INFO_UINT8
#define SIGMATCH_INFO_UINT8
Definition: detect-engine-register.h:340
Flow_
Flow data structure.
Definition: flow.h:354
DETECT_HTTP2_SETTINGS
@ DETECT_HTTP2_SETTINGS
Definition: detect-engine-register.h:212
ctx
struct Thresholds ctx
DetectHTTP2priorityFree
void DetectHTTP2priorityFree(DetectEngineCtx *, void *)
this function will free memory associated with uint32_t
Definition: detect-http2.c:377
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:981
DETECT_HTTP2_SIZEUPDATE
@ DETECT_HTTP2_SIZEUPDATE
Definition: detect-engine-register.h:211
DetectBufferTypeSupportsMultiInstance
void DetectBufferTypeSupportsMultiInstance(const char *name)
Definition: detect-engine.c:1405
SigTableElmt_::AppLayerTxMatch
int(* AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)
Definition: detect.h:1483
DetectAppLayerMultiRegisterSubState
void DetectAppLayerMultiRegisterSubState(const char *name, AppProto alproto, uint32_t dir, uint8_t sub_state, uint8_t progress, InspectionMultiBufferGetDataPtr GetData, int priority)
Definition: detect-engine.c:2276
rust.h
DetectHTTP2sizeUpdateFree
void DetectHTTP2sizeUpdateFree(DetectEngineCtx *, void *)
this function will free memory associated with uint32_t
Definition: detect-http2.c:482
DETECT_HTTP2_HEADERNAME
@ DETECT_HTTP2_HEADERNAME
Definition: detect-engine-register.h:213
SCDetectBufferSetActiveList
int SCDetectBufferSetActiveList(DetectEngineCtx *de_ctx, Signature *s, const int list)
Definition: detect-engine-buffer.c:29
SCDetectSignatureSetAppProto
int SCDetectSignatureSetAppProto(Signature *s, AppProto alproto)
Definition: detect-parse.c:2461
SIG_FLAG_TOCLIENT
#define SIG_FLAG_TOCLIENT
Definition: detect.h:271
SigTableElmt_::Setup
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Definition: detect.h:1500
detect-engine-prefilter.h
DetectBufferTypeGetByName
int DetectBufferTypeGetByName(const char *name)
Definition: detect-engine.c:1455
SIGMATCH_INFO_MULTI_BUFFER
#define SIGMATCH_INFO_MULTI_BUFFER
Definition: detect-engine-register.h:338
SIG_FLAG_TOSERVER
#define SIG_FLAG_TOSERVER
Definition: detect.h:270
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:22
detect-http2.h
DetectEngineThreadCtx_
Definition: detect.h:1300
detect-engine-mpm.h
SCSigMatchAppendSMToList
SigMatch * SCSigMatchAppendSMToList(DetectEngineCtx *de_ctx, Signature *s, uint16_t type, SigMatchCtx *ctx, const int list)
Append a SigMatch to the list type.
Definition: detect-parse.c:387
detect.h
SIGMATCH_INFO_UINT64
#define SIGMATCH_INFO_UINT64
Definition: detect-engine-register.h:346
DetectHTTP2sizeUpdateRegisterTests
void DetectHTTP2sizeUpdateRegisterTests(void)
Definition: detect-http2.c:158
DetectHTTP2settingsFree
void DetectHTTP2settingsFree(DetectEngineCtx *, void *)
this function will free memory associated with rust signature context
Definition: detect-http2.c:534
detect-engine-helper.h
DetectHTTP2settingsRegisterTests
void DetectHTTP2settingsRegisterTests(void)
Definition: detect-http2.c:135
util-profiling.h
SigTableElmt_::Match
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
Definition: detect.h:1480
ALPROTO_HTTP2
@ ALPROTO_HTTP2
Definition: app-layer-protos.h:69
DetectHTTP2windowRegisterTests
void DetectHTTP2windowRegisterTests(void)
Definition: detect-http2.c:112
detect-engine-content-inspection.h
SigMatchCtx_
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
Definition: detect.h:351
DetectBufferTypeRegister
int DetectBufferTypeRegister(const char *name)
Definition: detect-engine.c:1391
flags
uint8_t flags
Definition: decode-gre.h:0
suricata-common.h
DetectHTTP2windowFree
void DetectHTTP2windowFree(DetectEngineCtx *, void *)
this function will free memory associated with uint32_t
Definition: detect-http2.c:430
DETECT_HTTP2_ERRORCODE
@ DETECT_HTTP2_ERRORCODE
Definition: detect-engine-register.h:208
detect-engine-buffer.h
DetectHttp2Register
void DetectHttp2Register(void)
Registration function for HTTP2 keywords.
Definition: detect-http2.c:104
DetectEngineInspectGenericList
uint8_t DetectEngineInspectGenericList(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
Definition: detect-engine.c:2123
DetectAppLayerInspectEngineRegisterSubState
void DetectAppLayerInspectEngineRegisterSubState(const char *name, AppProto alproto, uint32_t dir, uint8_t sub_state, uint8_t progress, InspectEngineFuncPtr Callback, InspectionBufferGetDataPtr GetData)
register an app inspection engine for a tx type
Definition: detect-engine.c:299
SIGMATCH_INFO_ENUM_UINT
#define SIGMATCH_INFO_ENUM_UINT
Definition: detect-engine-register.h:350
str
#define str(s)
Definition: suricata-common.h:316
DetectU64Data
DetectUintData_u64 DetectU64Data
Definition: detect-engine-uint.h:40
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:274
DetectHTTP2errorCodeRegisterTests
void DetectHTTP2errorCodeRegisterTests(void)
Definition: detect-http2.c:68
SIGMATCH_INFO_UINT32
#define SIGMATCH_INFO_UINT32
Definition: detect-engine-register.h:344
DETECT_HTTP2_WINDOW
@ DETECT_HTTP2_WINDOW
Definition: detect-engine-register.h:210
detect-parse.h
Signature_
Signature container.
Definition: detect.h:682
SIGMATCH_INFO_STICKY_BUFFER
#define SIGMATCH_INFO_STICKY_BUFFER
Definition: detect-engine-register.h:328
DETECT_HTTP2_PRIORITY
@ DETECT_HTTP2_PRIORITY
Definition: detect-engine-register.h:209
detect-http2.c
DetectBufferTypeSetDescriptionByName
void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc)
Definition: detect-engine.c:1552
DetectHTTP2frameTypeRegisterTests
void DetectHTTP2frameTypeRegisterTests(void)
this function registers unit tests for DetectHTTP2frameType
Definition: detect-http2.c:46
DetectHTTP2errorcodeFree
void DetectHTTP2errorcodeFree(DetectEngineCtx *, void *)
this function will free memory associated with uint32_t
Definition: detect-http2.c:325
DetectHTTP2frametypeFree
void DetectHTTP2frametypeFree(DetectEngineCtx *, void *)
this function will free memory associated with uint8_t
Definition: detect-http2.c:271
DETECT_HTTP2_FRAMETYPE
@ DETECT_HTTP2_FRAMETYPE
Definition: detect-engine-register.h:207
SigTableElmt_::RegisterTests
void(* RegisterTests)(void)
Definition: detect.h:1507