suricata
detect-http2.c
Go to the documentation of this file.
1 /* Copyright (C) 2020-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Philippe Antoine <p.antoine@catenacyber.fr>
22  *
23  */
24 
25 #include "suricata-common.h"
26 
27 #include "detect.h"
28 #include "detect-parse.h"
29 #include "detect-content.h"
30 
31 #include "detect-engine.h"
32 #include "detect-engine-uint.h"
33 #include "detect-engine-mpm.h"
36 #include "detect-engine-helper.h"
37 
38 #include "detect-http2.h"
39 #include "util-byte.h"
40 #include "rust.h"
41 #include "util-profiling.h"
42 
43 #ifdef UNITTESTS
50 #endif
51 
52 /* prototypes */
53 static int DetectHTTP2frametypeMatch(DetectEngineThreadCtx *det_ctx,
54  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
55  const SigMatchCtx *ctx);
56 static int DetectHTTP2frametypeSetup (DetectEngineCtx *, Signature *, const char *);
58 
59 static int DetectHTTP2errorcodeMatch(DetectEngineThreadCtx *det_ctx,
60  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
61  const SigMatchCtx *ctx);
62 static int DetectHTTP2errorcodeSetup (DetectEngineCtx *, Signature *, const char *);
64 
65 static int DetectHTTP2priorityMatch(DetectEngineThreadCtx *det_ctx,
66  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
67  const SigMatchCtx *ctx);
68 static int DetectHTTP2prioritySetup (DetectEngineCtx *, Signature *, const char *);
70 
71 static int DetectHTTP2windowMatch(DetectEngineThreadCtx *det_ctx,
72  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
73  const SigMatchCtx *ctx);
74 static int DetectHTTP2windowSetup (DetectEngineCtx *, Signature *, const char *);
75 void DetectHTTP2windowFree (DetectEngineCtx *, void *);
76 
77 static int DetectHTTP2sizeUpdateMatch(DetectEngineThreadCtx *det_ctx,
78  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
79  const SigMatchCtx *ctx);
80 static int DetectHTTP2sizeUpdateSetup (DetectEngineCtx *, Signature *, const char *);
82 
83 static int DetectHTTP2settingsMatch(DetectEngineThreadCtx *det_ctx,
84  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
85  const SigMatchCtx *ctx);
86 static int DetectHTTP2settingsSetup (DetectEngineCtx *, Signature *, const char *);
88 
89 static int DetectHTTP2headerNameSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg);
90 
91 #ifdef UNITTESTS
93 #endif
94 
95 static int g_http2_match_buffer_id = 0;
96 static int g_http2_header_name_buffer_id = 0;
97 
98 /**
99  * \brief Registration function for HTTP2 keywords
100  */
101 
102 static InspectionBuffer *GetHttp2HNameData(DetectEngineThreadCtx *det_ctx,
103  const DetectEngineTransforms *transforms, Flow *_f, const uint8_t flags, void *txv,
104  int list_id, uint32_t local_id)
105 {
106  return DetectHelperGetMultiData(det_ctx, transforms, _f, flags, txv, list_id, local_id,
107  (MultiGetTxBuffer)rs_http2_tx_get_header_name);
108 }
109 
111 {
112  sigmatch_table[DETECT_HTTP2_FRAMETYPE].name = "http2.frametype";
113  sigmatch_table[DETECT_HTTP2_FRAMETYPE].desc = "match on HTTP2 frame type field";
114  sigmatch_table[DETECT_HTTP2_FRAMETYPE].url = "/rules/http2-keywords.html#frametype";
116  sigmatch_table[DETECT_HTTP2_FRAMETYPE].AppLayerTxMatch = DetectHTTP2frametypeMatch;
117  sigmatch_table[DETECT_HTTP2_FRAMETYPE].Setup = DetectHTTP2frametypeSetup;
119 #ifdef UNITTESTS
121 #endif
122 
123  sigmatch_table[DETECT_HTTP2_ERRORCODE].name = "http2.errorcode";
124  sigmatch_table[DETECT_HTTP2_ERRORCODE].desc = "match on HTTP2 error code field";
125  sigmatch_table[DETECT_HTTP2_ERRORCODE].url = "/rules/http2-keywords.html#errorcode";
127  sigmatch_table[DETECT_HTTP2_ERRORCODE].AppLayerTxMatch = DetectHTTP2errorcodeMatch;
128  sigmatch_table[DETECT_HTTP2_ERRORCODE].Setup = DetectHTTP2errorcodeSetup;
130 #ifdef UNITTESTS
132 #endif
133 
134  sigmatch_table[DETECT_HTTP2_PRIORITY].name = "http2.priority";
135  sigmatch_table[DETECT_HTTP2_PRIORITY].desc = "match on HTTP2 priority weight field";
136  sigmatch_table[DETECT_HTTP2_PRIORITY].url = "/rules/http2-keywords.html#priority";
138  sigmatch_table[DETECT_HTTP2_PRIORITY].AppLayerTxMatch = DetectHTTP2priorityMatch;
139  sigmatch_table[DETECT_HTTP2_PRIORITY].Setup = DetectHTTP2prioritySetup;
141 #ifdef UNITTESTS
143 #endif
144 
145  sigmatch_table[DETECT_HTTP2_WINDOW].name = "http2.window";
146  sigmatch_table[DETECT_HTTP2_WINDOW].desc = "match on HTTP2 window update size increment field";
147  sigmatch_table[DETECT_HTTP2_WINDOW].url = "/rules/http2-keywords.html#window";
149  sigmatch_table[DETECT_HTTP2_WINDOW].AppLayerTxMatch = DetectHTTP2windowMatch;
150  sigmatch_table[DETECT_HTTP2_WINDOW].Setup = DetectHTTP2windowSetup;
152 #ifdef UNITTESTS
154 #endif
155 
156  sigmatch_table[DETECT_HTTP2_SIZEUPDATE].name = "http2.size_update";
157  sigmatch_table[DETECT_HTTP2_SIZEUPDATE].desc = "match on HTTP2 dynamic headers table size update";
158  sigmatch_table[DETECT_HTTP2_SIZEUPDATE].url = "/rules/http2-keywords.html#sizeupdate";
160  sigmatch_table[DETECT_HTTP2_SIZEUPDATE].AppLayerTxMatch = DetectHTTP2sizeUpdateMatch;
161  sigmatch_table[DETECT_HTTP2_SIZEUPDATE].Setup = DetectHTTP2sizeUpdateSetup;
163 #ifdef UNITTESTS
165 #endif
166 
167  sigmatch_table[DETECT_HTTP2_SETTINGS].name = "http2.settings";
168  sigmatch_table[DETECT_HTTP2_SETTINGS].desc = "match on HTTP2 settings identifier and value fields";
169  sigmatch_table[DETECT_HTTP2_SETTINGS].url = "/rules/http2-keywords.html#settings";
171  sigmatch_table[DETECT_HTTP2_SETTINGS].AppLayerTxMatch = DetectHTTP2settingsMatch;
172  sigmatch_table[DETECT_HTTP2_SETTINGS].Setup = DetectHTTP2settingsSetup;
174 #ifdef UNITTESTS
176 #endif
177 
178  sigmatch_table[DETECT_HTTP2_HEADERNAME].name = "http2.header_name";
179  sigmatch_table[DETECT_HTTP2_HEADERNAME].desc = "sticky buffer to match on one HTTP2 header name";
180  sigmatch_table[DETECT_HTTP2_HEADERNAME].url = "/rules/http2-keywords.html#header_name";
181  sigmatch_table[DETECT_HTTP2_HEADERNAME].Setup = DetectHTTP2headerNameSetup;
183 
185  HTTP2StateOpen, GetHttp2HNameData, 2, HTTP2StateOpen);
187  HTTP2StateOpen, GetHttp2HNameData, 2, HTTP2StateOpen);
188  DetectBufferTypeSupportsMultiInstance("http2_header_name");
189  DetectBufferTypeSetDescriptionByName("http2_header_name",
190  "HTTP2 header name");
191  g_http2_header_name_buffer_id = DetectBufferTypeGetByName("http2_header_name");
192 
197 
198  g_http2_match_buffer_id = DetectBufferTypeRegister("http2");
199 }
200 
201 /**
202  * \brief This function is used to match HTTP2 frame type rule option on a transaction with those passed via http2.frametype:
203  *
204  * \retval 0 no match
205  * \retval 1 match
206  */
207 static int DetectHTTP2frametypeMatch(DetectEngineThreadCtx *det_ctx,
208  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
209  const SigMatchCtx *ctx)
210 
211 {
212  uint8_t *detect = (uint8_t *)ctx;
213 
214  return rs_http2_tx_has_frametype(txv, flags, *detect);
215 }
216 
217 static int DetectHTTP2FuncParseFrameType(const char *str, uint8_t *ft)
218 {
219  // first parse numeric value
220  if (ByteExtractStringUint8(ft, 10, (uint16_t)strlen(str), str) >= 0) {
221  return 1;
222  }
223 
224  // it it failed so far, parse string value from enumeration
225  int r = rs_http2_parse_frametype(str);
226  if (r >= 0 && r <= UINT8_MAX) {
227  *ft = (uint8_t)r;
228  return 1;
229  }
230 
231  return 0;
232 }
233 
234 /**
235  * \brief this function is used to attach the parsed http2.frametype data into the current signature
236  *
237  * \param de_ctx pointer to the Detection Engine Context
238  * \param s pointer to the Current Signature
239  * \param str pointer to the user provided http2.frametype options
240  *
241  * \retval 0 on Success
242  * \retval -1 on Failure
243  */
244 static int DetectHTTP2frametypeSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
245 {
246  uint8_t frame_type;
247 
249  return -1;
250 
251  if (!DetectHTTP2FuncParseFrameType(str, &frame_type)) {
252  SCLogError("Invalid argument \"%s\" supplied to http2.frametype keyword.", str);
253  return -1;
254  }
255 
256  uint8_t *http2ft = SCCalloc(1, sizeof(uint8_t));
257  if (http2ft == NULL)
258  return -1;
259  *http2ft = frame_type;
260 
262  g_http2_match_buffer_id) == NULL) {
263  DetectHTTP2frametypeFree(NULL, http2ft);
264  return -1;
265  }
266 
267  return 0;
268 }
269 
270 /**
271  * \brief this function will free memory associated with uint8_t
272  *
273  * \param ptr pointer to uint8_t
274  */
276 {
277  SCFree(ptr);
278 }
279 
280 /**
281  * \brief This function is used to match HTTP2 error code rule option on a transaction with those passed via http2.errorcode:
282  *
283  * \retval 0 no match
284  * \retval 1 match
285  */
286 static int DetectHTTP2errorcodeMatch(DetectEngineThreadCtx *det_ctx,
287  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
288  const SigMatchCtx *ctx)
289 
290 {
291  uint32_t *detect = (uint32_t *)ctx;
292 
293  return rs_http2_tx_has_errorcode(txv, flags, *detect);
294  //TODOask handle negation rules
295 }
296 
297 static int DetectHTTP2FuncParseErrorCode(const char *str, uint32_t *ec)
298 {
299  // first parse numeric value
300  if (ByteExtractStringUint32(ec, 10, (uint16_t)strlen(str), str) >= 0) {
301  return 1;
302  }
303 
304  // it it failed so far, parse string value from enumeration
305  int r = rs_http2_parse_errorcode(str);
306  if (r >= 0) {
307  *ec = r;
308  return 1;
309  }
310 
311  return 0;
312 }
313 
314 /**
315  * \brief this function is used to attach the parsed http2.errorcode data into the current signature
316  *
317  * \param de_ctx pointer to the Detection Engine Context
318  * \param s pointer to the Current Signature
319  * \param str pointer to the user provided http2.errorcode options
320  *
321  * \retval 0 on Success
322  * \retval -1 on Failure
323  */
324 static int DetectHTTP2errorcodeSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
325 {
326  uint32_t error_code;
327 
329  return -1;
330 
331  if (!DetectHTTP2FuncParseErrorCode(str, &error_code)) {
332  SCLogError("Invalid argument \"%s\" supplied to http2.errorcode keyword.", str);
333  return -1;
334  }
335 
336  uint32_t *http2ec = SCCalloc(1, sizeof(uint32_t));
337  if (http2ec == NULL)
338  return -1;
339  *http2ec = error_code;
340 
342  g_http2_match_buffer_id) == NULL) {
343  DetectHTTP2errorcodeFree(NULL, http2ec);
344  return -1;
345  }
346 
347  return 0;
348 }
349 
350 /**
351  * \brief this function will free memory associated with uint32_t
352  *
353  * \param ptr pointer to uint32_t
354  */
356 {
357  SCFree(ptr);
358 }
359 
360 /**
361  * \brief This function is used to match HTTP2 error code rule option on a transaction with those passed via http2.priority:
362  *
363  * \retval 0 no match
364  * \retval 1 match
365  */
366 static int DetectHTTP2priorityMatch(DetectEngineThreadCtx *det_ctx,
367  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
368  const SigMatchCtx *ctx)
369 
370 {
371  uint32_t nb = 0;
372  int value = rs_http2_tx_get_next_priority(txv, flags, nb);
373  const DetectU8Data *du8 = (const DetectU8Data *)ctx;
374  while (value >= 0) {
375  if (DetectU8Match((uint8_t)value, du8)) {
376  return 1;
377  }
378  nb++;
379  value = rs_http2_tx_get_next_priority(txv, flags, nb);
380  }
381  return 0;
382 }
383 
384 /**
385  * \brief this function is used to attach the parsed http2.priority data into the current signature
386  *
387  * \param de_ctx pointer to the Detection Engine Context
388  * \param s pointer to the Current Signature
389  * \param str pointer to the user provided http2.priority options
390  *
391  * \retval 0 on Success
392  * \retval -1 on Failure
393  */
394 static int DetectHTTP2prioritySetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
395 {
397  return -1;
398 
399  DetectU8Data *prio = DetectU8Parse(str);
400  if (prio == NULL)
401  return -1;
402 
404  g_http2_match_buffer_id) == NULL) {
405  rs_detect_u8_free(prio);
406  return -1;
407  }
408 
409  return 0;
410 }
411 
412 /**
413  * \brief this function will free memory associated with uint32_t
414  *
415  * \param ptr pointer to DetectU8Data
416  */
418 {
419  rs_detect_u8_free(ptr);
420 }
421 
422 /**
423  * \brief This function is used to match HTTP2 window rule option on a transaction with those passed via http2.window:
424  *
425  * \retval 0 no match
426  * \retval 1 match
427  */
428 static int DetectHTTP2windowMatch(DetectEngineThreadCtx *det_ctx,
429  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
430  const SigMatchCtx *ctx)
431 
432 {
433  uint32_t nb = 0;
434  int value = rs_http2_tx_get_next_window(txv, flags, nb);
435  const DetectU32Data *du32 = (const DetectU32Data *)ctx;
436  while (value >= 0) {
437  if (DetectU32Match(value, du32)) {
438  return 1;
439  }
440  nb++;
441  value = rs_http2_tx_get_next_window(txv, flags, nb);
442  }
443  return 0;
444 }
445 
446 /**
447  * \brief this function is used to attach the parsed http2.window data into the current signature
448  *
449  * \param de_ctx pointer to the Detection Engine Context
450  * \param s pointer to the Current Signature
451  * \param str pointer to the user provided http2.window options
452  *
453  * \retval 0 on Success
454  * \retval -1 on Failure
455  */
456 static int DetectHTTP2windowSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
457 {
459  return -1;
460 
462  if (wu == NULL)
463  return -1;
464 
466  g_http2_match_buffer_id) == NULL) {
467  rs_detect_u32_free(wu);
468  return -1;
469  }
470 
471  return 0;
472 }
473 
474 /**
475  * \brief this function will free memory associated with uint32_t
476  *
477  * \param ptr pointer to DetectU8Data
478  */
480 {
481  rs_detect_u32_free(ptr);
482 }
483 
484 /**
485  * \brief This function is used to match HTTP2 size update rule option on a transaction with those passed via http2.size_update:
486  *
487  * \retval 0 no match
488  * \retval 1 match
489  */
490 static int DetectHTTP2sizeUpdateMatch(DetectEngineThreadCtx *det_ctx,
491  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
492  const SigMatchCtx *ctx)
493 
494 {
495  return rs_http2_detect_sizeupdatectx_match(ctx, txv, flags);
496 }
497 
498 /**
499  * \brief this function is used to attach the parsed http2.size_update data into the current signature
500  *
501  * \param de_ctx pointer to the Detection Engine Context
502  * \param s pointer to the Current Signature
503  * \param str pointer to the user provided http2.size_update options
504  *
505  * \retval 0 on Success
506  * \retval -1 on Failure
507  */
508 static int DetectHTTP2sizeUpdateSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
509 {
511  return -1;
512 
513  void *su = rs_detect_u64_parse(str);
514  if (su == NULL)
515  return -1;
516 
518  g_http2_match_buffer_id) == NULL) {
519  DetectHTTP2settingsFree(NULL, su);
520  return -1;
521  }
522 
523  return 0;
524 }
525 
526 /**
527  * \brief this function will free memory associated with uint32_t
528  *
529  * \param ptr pointer to DetectU8Data
530  */
532 {
533  rs_detect_u64_free(ptr);
534 }
535 
536 /**
537  * \brief This function is used to match HTTP2 error code rule option on a transaction with those passed via http2.settings:
538  *
539  * \retval 0 no match
540  * \retval 1 match
541  */
542 static int DetectHTTP2settingsMatch(DetectEngineThreadCtx *det_ctx,
543  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
544  const SigMatchCtx *ctx)
545 
546 {
547  return rs_http2_detect_settingsctx_match(ctx, txv, flags);
548 }
549 
550 /**
551  * \brief this function is used to attach the parsed http2.settings data into the current signature
552  *
553  * \param de_ctx pointer to the Detection Engine Context
554  * \param s pointer to the Current Signature
555  * \param str pointer to the user provided http2.settings options
556  *
557  * \retval 0 on Success
558  * \retval -1 on Failure
559  */
560 static int DetectHTTP2settingsSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
561 {
563  return -1;
564 
565  void *http2set = rs_http2_detect_settingsctx_parse(str);
566  if (http2set == NULL)
567  return -1;
568 
570  g_http2_match_buffer_id) == NULL) {
571  DetectHTTP2settingsFree(NULL, http2set);
572  return -1;
573  }
574 
575  return 0;
576 }
577 
578 /**
579  * \brief this function will free memory associated with rust signature context
580  *
581  * \param ptr pointer to rust signature context
582  */
584 {
585  rs_http2_detect_settingsctx_free(ptr);
586 }
587 
588 static int DetectHTTP2headerNameSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
589 {
590  if (DetectBufferSetActiveList(de_ctx, s, g_http2_header_name_buffer_id) < 0)
591  return -1;
592 
594  return -1;
595 
596  return 0;
597 }
598 
599 #ifdef UNITTESTS
600 #include "tests/detect-http2.c"
601 #endif
util-byte.h
detect-engine-uint.h
SigTableElmt_::url
const char * url
Definition: detect.h:1312
DetectSignatureSetAppProto
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
Definition: detect-parse.c:1738
detect-content.h
detect-engine.h
SIGMATCH_INFO_STICKY_BUFFER
#define SIGMATCH_INFO_STICKY_BUFFER
Definition: detect.h:1517
DetectHTTP2priorityRegisterTests
void DetectHTTP2priorityRegisterTests(void)
Definition: detect-http2.c:90
DetectU32Match
int DetectU32Match(const uint32_t parg, const DetectUintData_u32 *du32)
Definition: detect-engine-uint.c:31
SigTableElmt_::desc
const char * desc
Definition: detect.h:1311
sigmatch_table
SigTableElmt * sigmatch_table
Definition: detect-parse.c:128
SigTableElmt_::Free
void(* Free)(DetectEngineCtx *, void *)
Definition: detect.h:1299
DetectHelperGetMultiData
InspectionBuffer * DetectHelperGetMultiData(struct DetectEngineThreadCtx_ *det_ctx, const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv, const int list_id, uint32_t index, MultiGetTxBuffer GetBuf)
Definition: detect-engine-helper.c:151
SigTableElmt_::name
const char * name
Definition: detect.h:1309
DetectEngineTransforms
Definition: detect.h:408
DetectHTTP2RegisterTests
void DetectHTTP2RegisterTests(void)
DetectU32Parse
DetectUintData_u32 * DetectU32Parse(const char *u32str)
This function is used to parse u32 options passed via some u32 keyword.
Definition: detect-engine-uint.c:45
DetectBufferSetActiveList
int DetectBufferSetActiveList(DetectEngineCtx *de_ctx, Signature *s, const int list)
Definition: detect-engine.c:1357
InspectionBuffer
Definition: detect.h:373
Flow_
Flow data structure.
Definition: flow.h:356
DETECT_HTTP2_SETTINGS
@ DETECT_HTTP2_SETTINGS
Definition: detect-engine-register.h:210
SigTableElmt_::flags
uint16_t flags
Definition: detect.h:1303
ctx
struct Thresholds ctx
DetectHTTP2priorityFree
void DetectHTTP2priorityFree(DetectEngineCtx *, void *)
this function will free memory associated with uint32_t
Definition: detect-http2.c:417
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:843
DETECT_HTTP2_SIZEUPDATE
@ DETECT_HTTP2_SIZEUPDATE
Definition: detect-engine-register.h:209
DetectBufferTypeSupportsMultiInstance
void DetectBufferTypeSupportsMultiInstance(const char *name)
Definition: detect-engine.c:1044
SigTableElmt_::AppLayerTxMatch
int(* AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)
Definition: detect.h:1280
rust.h
ByteExtractStringUint32
int ByteExtractStringUint32(uint32_t *res, int base, size_t len, const char *str)
Definition: util-byte.c:239
DetectHTTP2sizeUpdateFree
void DetectHTTP2sizeUpdateFree(DetectEngineCtx *, void *)
this function will free memory associated with uint32_t
Definition: detect-http2.c:531
DETECT_HTTP2_HEADERNAME
@ DETECT_HTTP2_HEADERNAME
Definition: detect-engine-register.h:211
SIG_FLAG_TOCLIENT
#define SIG_FLAG_TOCLIENT
Definition: detect.h:268
SigTableElmt_::Setup
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Definition: detect.h:1294
detect-engine-prefilter.h
DetectBufferTypeGetByName
int DetectBufferTypeGetByName(const char *name)
Definition: detect-engine.c:1094
DetectAppLayerMultiRegister
void DetectAppLayerMultiRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectionMultiBufferGetDataPtr GetData, int priority, int tx_min_progress)
Definition: detect-engine.c:2205
DetectU8Parse
DetectUintData_u8 * DetectU8Parse(const char *u8str)
This function is used to parse u8 options passed via some u8 keyword.
Definition: detect-engine-uint.c:85
SIG_FLAG_TOSERVER
#define SIG_FLAG_TOSERVER
Definition: detect.h:267
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
MultiGetTxBuffer
bool(* MultiGetTxBuffer)(void *, uint8_t, uint32_t, const uint8_t **, uint32_t *)
Definition: detect-engine-helper.h:35
detect-http2.h
DetectEngineThreadCtx_
Definition: detect.h:1098
detect-engine-mpm.h
detect.h
DetectHTTP2sizeUpdateRegisterTests
void DetectHTTP2sizeUpdateRegisterTests(void)
Definition: detect-http2.c:158
DetectHTTP2settingsFree
void DetectHTTP2settingsFree(DetectEngineCtx *, void *)
this function will free memory associated with rust signature context
Definition: detect-http2.c:583
DetectU8Data
DetectUintData_u8 DetectU8Data
Definition: detect-engine-uint.h:43
detect-engine-helper.h
DetectHTTP2settingsRegisterTests
void DetectHTTP2settingsRegisterTests(void)
Definition: detect-http2.c:135
util-profiling.h
SigTableElmt_::Match
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
Definition: detect.h:1277
ALPROTO_HTTP2
@ ALPROTO_HTTP2
Definition: app-layer-protos.h:64
DetectHTTP2windowRegisterTests
void DetectHTTP2windowRegisterTests(void)
Definition: detect-http2.c:112
detect-engine-content-inspection.h
SigMatchCtx_
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
Definition: detect.h:344
ByteExtractStringUint8
int ByteExtractStringUint8(uint8_t *res, int base, size_t len, const char *str)
Definition: util-byte.c:285
DetectU8Match
int DetectU8Match(const uint8_t parg, const DetectUintData_u8 *du8)
Definition: detect-engine-uint.c:71
DetectBufferTypeRegister
int DetectBufferTypeRegister(const char *name)
Definition: detect-engine.c:1030
flags
uint8_t flags
Definition: decode-gre.h:0
suricata-common.h
DetectHTTP2windowFree
void DetectHTTP2windowFree(DetectEngineCtx *, void *)
this function will free memory associated with uint32_t
Definition: detect-http2.c:479
DETECT_HTTP2_ERRORCODE
@ DETECT_HTTP2_ERRORCODE
Definition: detect-engine-register.h:206
DetectU32Data
DetectUintData_u32 DetectU32Data
Definition: detect-engine-uint.h:41
DetectHttp2Register
void DetectHttp2Register(void)
Definition: detect-http2.c:110
DetectEngineInspectGenericList
uint8_t DetectEngineInspectGenericList(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
Definition: detect-engine.c:2112
str
#define str(s)
Definition: suricata-common.h:291
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
DetectHTTP2errorCodeRegisterTests
void DetectHTTP2errorCodeRegisterTests(void)
Definition: detect-http2.c:68
SCFree
#define SCFree(p)
Definition: util-mem.h:61
DETECT_HTTP2_WINDOW
@ DETECT_HTTP2_WINDOW
Definition: detect-engine-register.h:208
detect-parse.h
Signature_
Signature container.
Definition: detect.h:603
DETECT_HTTP2_PRIORITY
@ DETECT_HTTP2_PRIORITY
Definition: detect-engine-register.h:207
detect-http2.c
SIGMATCH_NOOPT
#define SIGMATCH_NOOPT
Definition: detect.h:1493
DetectAppLayerInspectEngineRegister
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr Callback, InspectionBufferGetDataPtr GetData)
Registers an app inspection engine.
Definition: detect-engine.c:240
SigMatchAppendSMToList
SigMatch * SigMatchAppendSMToList(DetectEngineCtx *de_ctx, Signature *s, uint16_t type, SigMatchCtx *ctx, const int list)
Append a SigMatch to the list type.
Definition: detect-parse.c:437
DetectBufferTypeSetDescriptionByName
void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc)
Definition: detect-engine.c:1191
DetectHTTP2frameTypeRegisterTests
void DetectHTTP2frameTypeRegisterTests(void)
this function registers unit tests for DetectHTTP2frameType
Definition: detect-http2.c:46
DetectHTTP2errorcodeFree
void DetectHTTP2errorcodeFree(DetectEngineCtx *, void *)
this function will free memory associated with uint32_t
Definition: detect-http2.c:355
DetectHTTP2frametypeFree
void DetectHTTP2frametypeFree(DetectEngineCtx *, void *)
this function will free memory associated with uint8_t
Definition: detect-http2.c:275
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
DETECT_HTTP2_FRAMETYPE
@ DETECT_HTTP2_FRAMETYPE
Definition: detect-engine-register.h:205
SigTableElmt_::RegisterTests
void(* RegisterTests)(void)
Definition: detect.h:1301