suricata
detect-http2.c
Go to the documentation of this file.
1 /* Copyright (C) 2020-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Philippe Antoine <p.antoine@catenacyber.fr>
22  *
23  */
24 
25 #include "suricata-common.h"
26 
27 #include "detect.h"
28 #include "detect-parse.h"
29 #include "detect-content.h"
30 
31 #include "detect-engine.h"
32 #include "detect-engine-buffer.h"
33 #include "detect-engine-uint.h"
34 #include "detect-engine-mpm.h"
37 #include "detect-engine-helper.h"
38 
39 #include "detect-http2.h"
40 #include "util-byte.h"
41 #include "rust.h"
42 #include "util-profiling.h"
43 
44 #ifdef UNITTESTS
51 #endif
52 
53 /* prototypes */
54 static int DetectHTTP2frametypeMatch(DetectEngineThreadCtx *det_ctx,
55  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
56  const SigMatchCtx *ctx);
57 static int DetectHTTP2frametypeSetup (DetectEngineCtx *, Signature *, const char *);
59 
60 static int DetectHTTP2errorcodeMatch(DetectEngineThreadCtx *det_ctx,
61  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
62  const SigMatchCtx *ctx);
63 static int DetectHTTP2errorcodeSetup (DetectEngineCtx *, Signature *, const char *);
65 
66 static int DetectHTTP2priorityMatch(DetectEngineThreadCtx *det_ctx,
67  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
68  const SigMatchCtx *ctx);
69 static int DetectHTTP2prioritySetup (DetectEngineCtx *, Signature *, const char *);
71 
72 static int DetectHTTP2windowMatch(DetectEngineThreadCtx *det_ctx,
73  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
74  const SigMatchCtx *ctx);
75 static int DetectHTTP2windowSetup (DetectEngineCtx *, Signature *, const char *);
76 void DetectHTTP2windowFree (DetectEngineCtx *, void *);
77 
78 static int DetectHTTP2sizeUpdateMatch(DetectEngineThreadCtx *det_ctx,
79  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
80  const SigMatchCtx *ctx);
81 static int DetectHTTP2sizeUpdateSetup (DetectEngineCtx *, Signature *, const char *);
83 
84 static int DetectHTTP2settingsMatch(DetectEngineThreadCtx *det_ctx,
85  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
86  const SigMatchCtx *ctx);
87 static int DetectHTTP2settingsSetup (DetectEngineCtx *, Signature *, const char *);
89 
90 static int DetectHTTP2headerNameSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg);
91 
92 #ifdef UNITTESTS
94 #endif
95 
96 static int g_http2_match_buffer_id = 0;
97 static int g_http2_header_name_buffer_id = 0;
98 
99 /**
100  * \brief Registration function for HTTP2 keywords
101  */
102 
104 {
105  sigmatch_table[DETECT_HTTP2_FRAMETYPE].name = "http2.frametype";
106  sigmatch_table[DETECT_HTTP2_FRAMETYPE].desc = "match on HTTP2 frame type field";
107  sigmatch_table[DETECT_HTTP2_FRAMETYPE].url = "/rules/http2-keywords.html#frametype";
109  sigmatch_table[DETECT_HTTP2_FRAMETYPE].AppLayerTxMatch = DetectHTTP2frametypeMatch;
110  sigmatch_table[DETECT_HTTP2_FRAMETYPE].Setup = DetectHTTP2frametypeSetup;
112 #ifdef UNITTESTS
114 #endif
115 
116  sigmatch_table[DETECT_HTTP2_ERRORCODE].name = "http2.errorcode";
117  sigmatch_table[DETECT_HTTP2_ERRORCODE].desc = "match on HTTP2 error code field";
118  sigmatch_table[DETECT_HTTP2_ERRORCODE].url = "/rules/http2-keywords.html#errorcode";
120  sigmatch_table[DETECT_HTTP2_ERRORCODE].AppLayerTxMatch = DetectHTTP2errorcodeMatch;
121  sigmatch_table[DETECT_HTTP2_ERRORCODE].Setup = DetectHTTP2errorcodeSetup;
123 #ifdef UNITTESTS
125 #endif
126 
127  sigmatch_table[DETECT_HTTP2_PRIORITY].name = "http2.priority";
128  sigmatch_table[DETECT_HTTP2_PRIORITY].desc = "match on HTTP2 priority weight field";
129  sigmatch_table[DETECT_HTTP2_PRIORITY].url = "/rules/http2-keywords.html#priority";
131  sigmatch_table[DETECT_HTTP2_PRIORITY].AppLayerTxMatch = DetectHTTP2priorityMatch;
132  sigmatch_table[DETECT_HTTP2_PRIORITY].Setup = DetectHTTP2prioritySetup;
134 #ifdef UNITTESTS
136 #endif
137 
138  sigmatch_table[DETECT_HTTP2_WINDOW].name = "http2.window";
139  sigmatch_table[DETECT_HTTP2_WINDOW].desc = "match on HTTP2 window update size increment field";
140  sigmatch_table[DETECT_HTTP2_WINDOW].url = "/rules/http2-keywords.html#window";
142  sigmatch_table[DETECT_HTTP2_WINDOW].AppLayerTxMatch = DetectHTTP2windowMatch;
143  sigmatch_table[DETECT_HTTP2_WINDOW].Setup = DetectHTTP2windowSetup;
145 #ifdef UNITTESTS
147 #endif
148 
149  sigmatch_table[DETECT_HTTP2_SIZEUPDATE].name = "http2.size_update";
150  sigmatch_table[DETECT_HTTP2_SIZEUPDATE].desc = "match on HTTP2 dynamic headers table size update";
151  sigmatch_table[DETECT_HTTP2_SIZEUPDATE].url = "/rules/http2-keywords.html#sizeupdate";
153  sigmatch_table[DETECT_HTTP2_SIZEUPDATE].AppLayerTxMatch = DetectHTTP2sizeUpdateMatch;
154  sigmatch_table[DETECT_HTTP2_SIZEUPDATE].Setup = DetectHTTP2sizeUpdateSetup;
156 #ifdef UNITTESTS
158 #endif
159 
160  sigmatch_table[DETECT_HTTP2_SETTINGS].name = "http2.settings";
161  sigmatch_table[DETECT_HTTP2_SETTINGS].desc = "match on HTTP2 settings identifier and value fields";
162  sigmatch_table[DETECT_HTTP2_SETTINGS].url = "/rules/http2-keywords.html#settings";
164  sigmatch_table[DETECT_HTTP2_SETTINGS].AppLayerTxMatch = DetectHTTP2settingsMatch;
165  sigmatch_table[DETECT_HTTP2_SETTINGS].Setup = DetectHTTP2settingsSetup;
167 #ifdef UNITTESTS
169 #endif
170 
171  sigmatch_table[DETECT_HTTP2_HEADERNAME].name = "http2.header_name";
172  sigmatch_table[DETECT_HTTP2_HEADERNAME].desc = "sticky buffer to match on one HTTP2 header name";
173  sigmatch_table[DETECT_HTTP2_HEADERNAME].url = "/rules/http2-keywords.html#header_name";
174  sigmatch_table[DETECT_HTTP2_HEADERNAME].Setup = DetectHTTP2headerNameSetup;
176 
178  HTTP2StateOpen, SCHttp2TxGetHeaderName, 2);
180  HTTP2StateOpen, SCHttp2TxGetHeaderName, 2);
181 
182  DetectBufferTypeSupportsMultiInstance("http2_header_name");
183  DetectBufferTypeSetDescriptionByName("http2_header_name",
184  "HTTP2 header name");
185  g_http2_header_name_buffer_id = DetectBufferTypeGetByName("http2_header_name");
186 
191 
192  g_http2_match_buffer_id = DetectBufferTypeRegister("http2");
193 }
194 
195 /**
196  * \brief This function is used to match HTTP2 frame type rule option on a transaction with those passed via http2.frametype:
197  *
198  * \retval 0 no match
199  * \retval 1 match
200  */
201 static int DetectHTTP2frametypeMatch(DetectEngineThreadCtx *det_ctx,
202  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
203  const SigMatchCtx *ctx)
204 
205 {
206  uint8_t *detect = (uint8_t *)ctx;
207 
208  return SCHttp2TxHasFrametype(txv, flags, *detect);
209 }
210 
211 static int DetectHTTP2FuncParseFrameType(const char *str, uint8_t *ft)
212 {
213  // first parse numeric value
214  if (ByteExtractStringUint8(ft, 10, (uint16_t)strlen(str), str) >= 0) {
215  return 1;
216  }
217 
218  // it it failed so far, parse string value from enumeration
219  int r = SCHttp2ParseFrametype(str);
220  if (r >= 0 && r <= UINT8_MAX) {
221  *ft = (uint8_t)r;
222  return 1;
223  }
224 
225  return 0;
226 }
227 
228 /**
229  * \brief this function is used to attach the parsed http2.frametype data into the current signature
230  *
231  * \param de_ctx pointer to the Detection Engine Context
232  * \param s pointer to the Current Signature
233  * \param str pointer to the user provided http2.frametype options
234  *
235  * \retval 0 on Success
236  * \retval -1 on Failure
237  */
238 static int DetectHTTP2frametypeSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
239 {
240  uint8_t frame_type;
241 
243  return -1;
244 
245  if (!DetectHTTP2FuncParseFrameType(str, &frame_type)) {
246  SCLogError("Invalid argument \"%s\" supplied to http2.frametype keyword.", str);
247  return -1;
248  }
249 
250  uint8_t *http2ft = SCCalloc(1, sizeof(uint8_t));
251  if (http2ft == NULL)
252  return -1;
253  *http2ft = frame_type;
254 
256  g_http2_match_buffer_id) == NULL) {
257  DetectHTTP2frametypeFree(NULL, http2ft);
258  return -1;
259  }
260 
261  return 0;
262 }
263 
264 /**
265  * \brief this function will free memory associated with uint8_t
266  *
267  * \param ptr pointer to uint8_t
268  */
270 {
271  SCFree(ptr);
272 }
273 
274 /**
275  * \brief This function is used to match HTTP2 error code rule option on a transaction with those passed via http2.errorcode:
276  *
277  * \retval 0 no match
278  * \retval 1 match
279  */
280 static int DetectHTTP2errorcodeMatch(DetectEngineThreadCtx *det_ctx,
281  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
282  const SigMatchCtx *ctx)
283 
284 {
285  uint32_t *detect = (uint32_t *)ctx;
286 
287  return SCHttp2TxHasErrorCode(txv, flags, *detect);
288  //TODOask handle negation rules
289 }
290 
291 static int DetectHTTP2FuncParseErrorCode(const char *str, uint32_t *ec)
292 {
293  // first parse numeric value
294  if (ByteExtractStringUint32(ec, 10, (uint16_t)strlen(str), str) >= 0) {
295  return 1;
296  }
297 
298  // it it failed so far, parse string value from enumeration
299  int r = SCHttp2ParseErrorCode(str);
300  if (r >= 0) {
301  *ec = r;
302  return 1;
303  }
304 
305  return 0;
306 }
307 
308 /**
309  * \brief this function is used to attach the parsed http2.errorcode data into the current signature
310  *
311  * \param de_ctx pointer to the Detection Engine Context
312  * \param s pointer to the Current Signature
313  * \param str pointer to the user provided http2.errorcode options
314  *
315  * \retval 0 on Success
316  * \retval -1 on Failure
317  */
318 static int DetectHTTP2errorcodeSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
319 {
320  uint32_t error_code;
321 
323  return -1;
324 
325  if (!DetectHTTP2FuncParseErrorCode(str, &error_code)) {
326  SCLogError("Invalid argument \"%s\" supplied to http2.errorcode keyword.", str);
327  return -1;
328  }
329 
330  uint32_t *http2ec = SCCalloc(1, sizeof(uint32_t));
331  if (http2ec == NULL)
332  return -1;
333  *http2ec = error_code;
334 
336  g_http2_match_buffer_id) == NULL) {
337  DetectHTTP2errorcodeFree(NULL, http2ec);
338  return -1;
339  }
340 
341  return 0;
342 }
343 
344 /**
345  * \brief this function will free memory associated with uint32_t
346  *
347  * \param ptr pointer to uint32_t
348  */
350 {
351  SCFree(ptr);
352 }
353 
354 /**
355  * \brief This function is used to match HTTP2 error code rule option on a transaction with those passed via http2.priority:
356  *
357  * \retval 0 no match
358  * \retval 1 match
359  */
360 static int DetectHTTP2priorityMatch(DetectEngineThreadCtx *det_ctx,
361  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
362  const SigMatchCtx *ctx)
363 
364 {
365  uint32_t nb = 0;
366  int value = SCHttp2TxGetNextPriority(txv, flags, nb);
367  const DetectU8Data *du8 = (const DetectU8Data *)ctx;
368  while (value >= 0) {
369  if (DetectU8Match((uint8_t)value, du8)) {
370  return 1;
371  }
372  nb++;
373  value = SCHttp2TxGetNextPriority(txv, flags, nb);
374  }
375  return 0;
376 }
377 
378 /**
379  * \brief this function is used to attach the parsed http2.priority data into the current signature
380  *
381  * \param de_ctx pointer to the Detection Engine Context
382  * \param s pointer to the Current Signature
383  * \param str pointer to the user provided http2.priority options
384  *
385  * \retval 0 on Success
386  * \retval -1 on Failure
387  */
388 static int DetectHTTP2prioritySetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
389 {
391  return -1;
392 
393  DetectU8Data *prio = DetectU8Parse(str);
394  if (prio == NULL)
395  return -1;
396 
398  g_http2_match_buffer_id) == NULL) {
399  SCDetectU8Free(prio);
400  return -1;
401  }
402 
403  return 0;
404 }
405 
406 /**
407  * \brief this function will free memory associated with uint32_t
408  *
409  * \param ptr pointer to DetectU8Data
410  */
412 {
413  SCDetectU8Free(ptr);
414 }
415 
416 /**
417  * \brief This function is used to match HTTP2 window rule option on a transaction with those passed via http2.window:
418  *
419  * \retval 0 no match
420  * \retval 1 match
421  */
422 static int DetectHTTP2windowMatch(DetectEngineThreadCtx *det_ctx,
423  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
424  const SigMatchCtx *ctx)
425 
426 {
427  uint32_t nb = 0;
428  int value = SCHttp2TxGetNextWindow(txv, flags, nb);
429  const DetectU32Data *du32 = (const DetectU32Data *)ctx;
430  while (value >= 0) {
431  if (DetectU32Match(value, du32)) {
432  return 1;
433  }
434  nb++;
435  value = SCHttp2TxGetNextWindow(txv, flags, nb);
436  }
437  return 0;
438 }
439 
440 /**
441  * \brief this function is used to attach the parsed http2.window data into the current signature
442  *
443  * \param de_ctx pointer to the Detection Engine Context
444  * \param s pointer to the Current Signature
445  * \param str pointer to the user provided http2.window options
446  *
447  * \retval 0 on Success
448  * \retval -1 on Failure
449  */
450 static int DetectHTTP2windowSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
451 {
453  return -1;
454 
456  if (wu == NULL)
457  return -1;
458 
460  g_http2_match_buffer_id) == NULL) {
461  SCDetectU32Free(wu);
462  return -1;
463  }
464 
465  return 0;
466 }
467 
468 /**
469  * \brief this function will free memory associated with uint32_t
470  *
471  * \param ptr pointer to DetectU8Data
472  */
474 {
475  SCDetectU32Free(ptr);
476 }
477 
478 /**
479  * \brief This function is used to match HTTP2 size update rule option on a transaction with those passed via http2.size_update:
480  *
481  * \retval 0 no match
482  * \retval 1 match
483  */
484 static int DetectHTTP2sizeUpdateMatch(DetectEngineThreadCtx *det_ctx,
485  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
486  const SigMatchCtx *ctx)
487 
488 {
489  return SCHttp2DetectSizeUpdateCtxMatch(ctx, txv, flags);
490 }
491 
492 /**
493  * \brief this function is used to attach the parsed http2.size_update data into the current signature
494  *
495  * \param de_ctx pointer to the Detection Engine Context
496  * \param s pointer to the Current Signature
497  * \param str pointer to the user provided http2.size_update options
498  *
499  * \retval 0 on Success
500  * \retval -1 on Failure
501  */
502 static int DetectHTTP2sizeUpdateSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
503 {
505  return -1;
506 
507  void *su = SCDetectU64Parse(str);
508  if (su == NULL)
509  return -1;
510 
512  g_http2_match_buffer_id) == NULL) {
513  DetectHTTP2settingsFree(NULL, su);
514  return -1;
515  }
516 
517  return 0;
518 }
519 
520 /**
521  * \brief this function will free memory associated with uint32_t
522  *
523  * \param ptr pointer to DetectU8Data
524  */
526 {
527  SCDetectU64Free(ptr);
528 }
529 
530 /**
531  * \brief This function is used to match HTTP2 error code rule option on a transaction with those passed via http2.settings:
532  *
533  * \retval 0 no match
534  * \retval 1 match
535  */
536 static int DetectHTTP2settingsMatch(DetectEngineThreadCtx *det_ctx,
537  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
538  const SigMatchCtx *ctx)
539 
540 {
541  return SCHttp2DetectSettingsCtxMatch(ctx, txv, flags);
542 }
543 
544 /**
545  * \brief this function is used to attach the parsed http2.settings data into the current signature
546  *
547  * \param de_ctx pointer to the Detection Engine Context
548  * \param s pointer to the Current Signature
549  * \param str pointer to the user provided http2.settings options
550  *
551  * \retval 0 on Success
552  * \retval -1 on Failure
553  */
554 static int DetectHTTP2settingsSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
555 {
557  return -1;
558 
559  void *http2set = SCHttp2DetectSettingsCtxParse(str);
560  if (http2set == NULL)
561  return -1;
562 
564  g_http2_match_buffer_id) == NULL) {
565  DetectHTTP2settingsFree(NULL, http2set);
566  return -1;
567  }
568 
569  return 0;
570 }
571 
572 /**
573  * \brief this function will free memory associated with rust signature context
574  *
575  * \param ptr pointer to rust signature context
576  */
578 {
579  SCHttp2DetectSettingsCtxFree(ptr);
580 }
581 
582 static int DetectHTTP2headerNameSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
583 {
584  if (SCDetectBufferSetActiveList(de_ctx, s, g_http2_header_name_buffer_id) < 0)
585  return -1;
586 
588  return -1;
589 
590  return 0;
591 }
592 
593 #ifdef UNITTESTS
594 #include "tests/detect-http2.c"
595 #endif
util-byte.h
detect-engine-uint.h
SigTableElmt_::url
const char * url
Definition: detect.h:1431
DetectSignatureSetAppProto
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
Definition: detect-parse.c:2313
detect-content.h
detect-engine.h
SIGMATCH_INFO_STICKY_BUFFER
#define SIGMATCH_INFO_STICKY_BUFFER
Definition: detect.h:1645
DetectHTTP2priorityRegisterTests
void DetectHTTP2priorityRegisterTests(void)
Definition: detect-http2.c:90
DetectU32Match
int DetectU32Match(const uint32_t parg, const DetectUintData_u32 *du32)
Definition: detect-engine-uint.c:31
SigTableElmt_::desc
const char * desc
Definition: detect.h:1430
sigmatch_table
SigTableElmt * sigmatch_table
Definition: detect-parse.c:155
SigTableElmt_::Free
void(* Free)(DetectEngineCtx *, void *)
Definition: detect.h:1418
SigTableElmt_::name
const char * name
Definition: detect.h:1428
DetectHTTP2RegisterTests
void DetectHTTP2RegisterTests(void)
DetectU32Parse
DetectUintData_u32 * DetectU32Parse(const char *u32str)
This function is used to parse u32 options passed via some u32 keyword.
Definition: detect-engine-uint.c:45
Flow_
Flow data structure.
Definition: flow.h:356
DETECT_HTTP2_SETTINGS
@ DETECT_HTTP2_SETTINGS
Definition: detect-engine-register.h:212
SigTableElmt_::flags
uint16_t flags
Definition: detect.h:1422
ctx
struct Thresholds ctx
DetectHTTP2priorityFree
void DetectHTTP2priorityFree(DetectEngineCtx *, void *)
this function will free memory associated with uint32_t
Definition: detect-http2.c:411
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:931
DETECT_HTTP2_SIZEUPDATE
@ DETECT_HTTP2_SIZEUPDATE
Definition: detect-engine-register.h:211
DetectBufferTypeSupportsMultiInstance
void DetectBufferTypeSupportsMultiInstance(const char *name)
Definition: detect-engine.c:1107
SigTableElmt_::AppLayerTxMatch
int(* AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)
Definition: detect.h:1399
rust.h
ByteExtractStringUint32
int ByteExtractStringUint32(uint32_t *res, int base, size_t len, const char *str)
Definition: util-byte.c:239
DetectHTTP2sizeUpdateFree
void DetectHTTP2sizeUpdateFree(DetectEngineCtx *, void *)
this function will free memory associated with uint32_t
Definition: detect-http2.c:525
DETECT_HTTP2_HEADERNAME
@ DETECT_HTTP2_HEADERNAME
Definition: detect-engine-register.h:213
SCDetectBufferSetActiveList
int SCDetectBufferSetActiveList(DetectEngineCtx *de_ctx, Signature *s, const int list)
Definition: detect-engine-buffer.c:29
SIG_FLAG_TOCLIENT
#define SIG_FLAG_TOCLIENT
Definition: detect.h:271
SigTableElmt_::Setup
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Definition: detect.h:1413
detect-engine-prefilter.h
DetectBufferTypeGetByName
int DetectBufferTypeGetByName(const char *name)
Definition: detect-engine.c:1157
DetectU8Parse
DetectUintData_u8 * DetectU8Parse(const char *u8str)
This function is used to parse u8 options passed via some u8 keyword.
Definition: detect-engine-uint.c:85
SIG_FLAG_TOSERVER
#define SIG_FLAG_TOSERVER
Definition: detect.h:270
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:18
detect-http2.h
DetectEngineThreadCtx_
Definition: detect.h:1223
detect-engine-mpm.h
detect.h
DetectHTTP2sizeUpdateRegisterTests
void DetectHTTP2sizeUpdateRegisterTests(void)
Definition: detect-http2.c:158
DetectHTTP2settingsFree
void DetectHTTP2settingsFree(DetectEngineCtx *, void *)
this function will free memory associated with rust signature context
Definition: detect-http2.c:577
DetectU8Data
DetectUintData_u8 DetectU8Data
Definition: detect-engine-uint.h:43
detect-engine-helper.h
DetectHTTP2settingsRegisterTests
void DetectHTTP2settingsRegisterTests(void)
Definition: detect-http2.c:135
util-profiling.h
SigTableElmt_::Match
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
Definition: detect.h:1396
ALPROTO_HTTP2
@ ALPROTO_HTTP2
Definition: app-layer-protos.h:69
DetectHTTP2windowRegisterTests
void DetectHTTP2windowRegisterTests(void)
Definition: detect-http2.c:112
detect-engine-content-inspection.h
SigMatchCtx_
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
Definition: detect.h:351
ByteExtractStringUint8
int ByteExtractStringUint8(uint8_t *res, int base, size_t len, const char *str)
Definition: util-byte.c:285
DetectU8Match
int DetectU8Match(const uint8_t parg, const DetectUintData_u8 *du8)
Definition: detect-engine-uint.c:71
DetectBufferTypeRegister
int DetectBufferTypeRegister(const char *name)
Definition: detect-engine.c:1093
flags
uint8_t flags
Definition: decode-gre.h:0
suricata-common.h
DetectHTTP2windowFree
void DetectHTTP2windowFree(DetectEngineCtx *, void *)
this function will free memory associated with uint32_t
Definition: detect-http2.c:473
DETECT_HTTP2_ERRORCODE
@ DETECT_HTTP2_ERRORCODE
Definition: detect-engine-register.h:208
DetectU32Data
DetectUintData_u32 DetectU32Data
Definition: detect-engine-uint.h:41
detect-engine-buffer.h
DetectHttp2Register
void DetectHttp2Register(void)
Registration function for HTTP2 keywords.
Definition: detect-http2.c:103
DetectEngineInspectGenericList
uint8_t DetectEngineInspectGenericList(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
Definition: detect-engine.c:2060
str
#define str(s)
Definition: suricata-common.h:308
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
DetectHTTP2errorCodeRegisterTests
void DetectHTTP2errorCodeRegisterTests(void)
Definition: detect-http2.c:68
SCFree
#define SCFree(p)
Definition: util-mem.h:61
DETECT_HTTP2_WINDOW
@ DETECT_HTTP2_WINDOW
Definition: detect-engine-register.h:210
detect-parse.h
Signature_
Signature container.
Definition: detect.h:670
DETECT_HTTP2_PRIORITY
@ DETECT_HTTP2_PRIORITY
Definition: detect-engine-register.h:209
detect-http2.c
SIGMATCH_NOOPT
#define SIGMATCH_NOOPT
Definition: detect.h:1620
DetectAppLayerInspectEngineRegister
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr Callback, InspectionBufferGetDataPtr GetData)
Registers an app inspection engine.
Definition: detect-engine.c:245
SigMatchAppendSMToList
SigMatch * SigMatchAppendSMToList(DetectEngineCtx *de_ctx, Signature *s, uint16_t type, SigMatchCtx *ctx, const int list)
Append a SigMatch to the list type.
Definition: detect-parse.c:464
DetectBufferTypeSetDescriptionByName
void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc)
Definition: detect-engine.c:1254
DetectHTTP2frameTypeRegisterTests
void DetectHTTP2frameTypeRegisterTests(void)
this function registers unit tests for DetectHTTP2frameType
Definition: detect-http2.c:46
DetectHTTP2errorcodeFree
void DetectHTTP2errorcodeFree(DetectEngineCtx *, void *)
this function will free memory associated with uint32_t
Definition: detect-http2.c:349
DetectAppLayerMultiRegister
void DetectAppLayerMultiRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectionMultiBufferGetDataPtr GetData, int priority)
Definition: detect-engine.c:2153
DetectHTTP2frametypeFree
void DetectHTTP2frametypeFree(DetectEngineCtx *, void *)
this function will free memory associated with uint8_t
Definition: detect-http2.c:269
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
DETECT_HTTP2_FRAMETYPE
@ DETECT_HTTP2_FRAMETYPE
Definition: detect-engine-register.h:207
SigTableElmt_::RegisterTests
void(* RegisterTests)(void)
Definition: detect.h:1420