Go to the documentation of this file.
99 static int g_http2_match_buffer_id = 0;
100 static int g_http2_header_name_buffer_id = 0;
181 PrefilterMpmHttp2HeaderNameRegister, NULL,
ALPROTO_HTTP2, HTTP2StateOpen);
183 HTTP2StateOpen, DetectEngineInspectHttp2HeaderName, NULL);
185 PrefilterMpmHttp2HeaderNameRegister, NULL,
ALPROTO_HTTP2, HTTP2StateOpen);
187 HTTP2StateOpen, DetectEngineInspectHttp2HeaderName, NULL);
190 "HTTP2 header name");
213 uint8_t *detect = (uint8_t *)ctx;
215 return rs_http2_tx_has_frametype(txv,
flags, *detect);
218 static int DetectHTTP2FuncParseFrameType(
const char *
str, uint8_t *ft)
226 int r = rs_http2_parse_frametype(
str);
227 if (r >= 0 && r <= UINT8_MAX) {
252 if (!DetectHTTP2FuncParseFrameType(
str, &frame_type)) {
253 SCLogError(
"Invalid argument \"%s\" supplied to http2.frametype keyword.",
str);
257 uint8_t *http2ft =
SCCalloc(1,
sizeof(uint8_t));
260 *http2ft = frame_type;
263 g_http2_match_buffer_id) == NULL) {
292 uint32_t *detect = (uint32_t *)ctx;
294 return rs_http2_tx_has_errorcode(txv,
flags, *detect);
298 static int DetectHTTP2FuncParseErrorCode(
const char *
str, uint32_t *ec)
306 int r = rs_http2_parse_errorcode(
str);
332 if (!DetectHTTP2FuncParseErrorCode(
str, &error_code)) {
333 SCLogError(
"Invalid argument \"%s\" supplied to http2.errorcode keyword.",
str);
337 uint32_t *http2ec =
SCCalloc(1,
sizeof(uint32_t));
340 *http2ec = error_code;
343 g_http2_match_buffer_id) == NULL) {
373 int value = rs_http2_tx_get_next_priority(txv,
flags, nb);
380 value = rs_http2_tx_get_next_priority(txv,
flags, nb);
405 g_http2_match_buffer_id) == NULL) {
406 rs_detect_u8_free(prio);
420 rs_detect_u8_free(ptr);
435 int value = rs_http2_tx_get_next_window(txv,
flags, nb);
442 value = rs_http2_tx_get_next_window(txv,
flags, nb);
467 g_http2_match_buffer_id) == NULL) {
468 rs_detect_u32_free(wu);
482 rs_detect_u32_free(ptr);
496 return rs_http2_detect_sizeupdatectx_match(ctx, txv,
flags);
514 void *su = rs_detect_u64_parse(
str);
519 g_http2_match_buffer_id) == NULL) {
534 rs_detect_u64_free(ptr);
548 return rs_http2_detect_settingsctx_match(ctx, txv,
flags);
566 void *http2set = rs_http2_detect_settingsctx_parse(
str);
567 if (http2set == NULL)
571 g_http2_match_buffer_id) == NULL) {
586 rs_http2_detect_settingsctx_free(ptr);
600 static void PrefilterMpmHttp2HNameFree(
void *ptr)
619 const uint8_t *b = NULL;
621 if (rs_http2_tx_get_header_name(cbdata->
txv,
flags, cbdata->
local_id, &b, &b_len) != 1) {
625 if (b == NULL || b_len == 0) {
642 const int list_id = ctx->
list_id;
644 uint32_t local_id = 0;
651 GetHttp2HNameData(det_ctx,
flags, ctx->
transforms, f, &cbdata, list_id);
677 mpm_reg->
app_v2.alproto, mpm_reg->
app_v2.tx_min_progress,
678 pectx, PrefilterMpmHttp2HNameFree, mpm_reg->
name);
696 GetHttp2HNameData(det_ctx,
flags, transforms, f, &cbdata, engine->
sm_list);
698 if (buffer == NULL || buffer->
inspect == NULL)
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
#define SIGMATCH_INFO_STICKY_BUFFER
void DetectHTTP2priorityRegisterTests(void)
int DetectU32Match(const uint32_t parg, const DetectUintData_u32 *du32)
void(* Free)(DetectEngineCtx *, void *)
Container for matching data for a signature group.
void DetectHTTP2RegisterTests(void)
DetectUintData_u32 * DetectU32Parse(const char *u32str)
This function is used to parse u32 options passed via some u32 keyword.
int DetectBufferSetActiveList(DetectEngineCtx *de_ctx, Signature *s, const int list)
void DetectHTTP2priorityFree(DetectEngineCtx *, void *)
this function will free memory associated with uint32_t
main detection engine ctx
@ DETECT_HTTP2_SIZEUPDATE
void DetectBufferTypeSupportsMultiInstance(const char *name)
int(* AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)
one time registration of keywords at start up
int ByteExtractStringUint32(uint32_t *res, int base, size_t len, const char *str)
void DetectHTTP2sizeUpdateFree(DetectEngineCtx *, void *)
this function will free memory associated with uint32_t
@ DETECT_HTTP2_HEADERNAME
struct DetectBufferMpmRegistry_::@88::@90 app_v2
#define SIG_FLAG_TOCLIENT
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
DetectEngineTransforms transforms
int DetectBufferTypeGetByName(const char *name)
DetectUintData_u8 * DetectU8Parse(const char *u8str)
This function is used to parse u8 options passed via some u8 keyword.
#define SIG_FLAG_TOSERVER
void InspectionBufferSetupMultiEmpty(InspectionBuffer *buffer)
setup the buffer empty
void DetectHTTP2sizeUpdateRegisterTests(void)
#define DETECT_ENGINE_INSPECT_SIG_MATCH
void DetectHTTP2settingsFree(DetectEngineCtx *, void *)
this function will free memory associated with rust signature context
@ DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE
DetectUintData_u8 DetectU8Data
const DetectEngineTransforms * transforms
void DetectAppLayerMpmRegister(const char *name, int direction, int priority, PrefilterRegisterFunc PrefilterRegister, InspectionBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress)
register a MPM engine
void DetectHTTP2settingsRegisterTests(void)
#define SCReturnPtr(x, type)
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
void DetectHTTP2windowRegisterTests(void)
uint32_t(* Search)(const struct MpmCtx_ *, struct MpmThreadCtx_ *, PrefilterRuleStore *, const uint8_t *, uint32_t)
struct DetectEngineAppInspectionEngine_::@85 v2
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
int ByteExtractStringUint8(uint8_t *res, int base, size_t len, const char *str)
struct AppLayerTxData AppLayerTxData
#define PREFILTER_PROFILING_ADD_BYTES(det_ctx, bytes)
int DetectU8Match(const uint8_t parg, const DetectUintData_u8 *du8)
#define DETECT_CI_FLAGS_SINGLE
int DetectBufferTypeRegister(const char *name)
void DetectHTTP2windowFree(DetectEngineCtx *, void *)
this function will free memory associated with uint32_t
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
DetectUintData_u32 DetectU32Data
void DetectHttp2Register(void)
Registration function for HTTP2 keywords.
void InspectionBufferSetupMulti(InspectionBuffer *buffer, const DetectEngineTransforms *transforms, const uint8_t *data, const uint32_t data_len)
setup the buffer with our initial data
int PrefilterAppendTxEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh, PrefilterTxFn PrefilterTxFunc, AppProto alproto, int tx_min_progress, void *pectx, void(*FreeFunc)(void *pectx), const char *name)
uint8_t DetectEngineInspectGenericList(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
#define DETECT_ENGINE_INSPECT_SIG_NO_MATCH
#define SCLogError(...)
Macro used to log ERROR messages.
void DetectHTTP2errorCodeRegisterTests(void)
const DetectEngineTransforms * transforms
MpmTableElmt mpm_table[MPM_TABLE_SIZE]
InspectionBuffer * InspectionBufferMultipleForListGet(DetectEngineThreadCtx *det_ctx, const int list_id, const uint32_t local_id)
for a InspectionBufferMultipleForList get a InspectionBuffer
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr Callback, InspectionBufferGetDataPtr GetData)
register inspect engine at start up time
SigMatch * SigMatchAppendSMToList(DetectEngineCtx *de_ctx, Signature *s, uint16_t type, SigMatchCtx *ctx, const int list)
Append a SigMatch to the list type.
void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc)
void DetectHTTP2frameTypeRegisterTests(void)
this function registers unit tests for DetectHTTP2frameType
void DetectHTTP2errorcodeFree(DetectEngineCtx *, void *)
this function will free memory associated with uint32_t
void DetectHTTP2frametypeFree(DetectEngineCtx *, void *)
this function will free memory associated with uint8_t
bool DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Packet *p, Flow *f, const uint8_t *buffer, const uint32_t buffer_len, const uint32_t stream_start_offset, const uint8_t flags, const enum DetectContentInspectionType inspection_mode)
wrapper around DetectEngineContentInspectionInternal to return true/false only
void(* RegisterTests)(void)