Go to the documentation of this file.
39 #define PARSE_REGEX "^\\s*([A-z0-9\\.]+|\"[A-z0-9_\\.]+\")\\s*$"
44 uint8_t,
void *,
void *,
const Signature *,
49 static void DetectKrb5MsgTypeRegisterTests (
void);
54 void *alstate,
void *txv, uint64_t tx_id);
56 static int g_krb5_msg_type_list_id = 0;
77 DetectEngineInspectKRB5Generic, NULL);
80 DetectEngineInspectKRB5Generic, NULL);
86 SCLogDebug(
"g_krb5_msg_type_list_id %d", g_krb5_msg_type_list_id);
91 void *alstate,
void *txv, uint64_t tx_id)
118 rs_krb5_tx_get_msgtype(txv, &msg_type);
138 int ret = 0,
res = 0;
147 pcre2len =
sizeof(arg1);
148 res = pcre2_substring_copy_bynumber(parse_regex.
match, 1, (PCRE2_UCHAR8 *)arg1, &pcre2len);
158 (
const char *)arg1) < 0) {
188 krb5d = DetectKrb5MsgTypeParse(krb5str);
197 sm->
ctx = (
void *)krb5d;
205 DetectKrb5MsgTypeFree(
de_ctx, krb5d);
228 static int DetectKrb5MsgTypeParseTest01 (
void)
233 DetectKrb5MsgTypeFree(NULL, krb5d);
237 static int DetectKrb5MsgTypeSignatureTest01 (
void)
252 static void DetectKrb5MsgTypeRegisterTests(
void)
254 UtRegisterTest(
"DetectKrb5MsgTypeParseTest01", DetectKrb5MsgTypeParseTest01);
256 DetectKrb5MsgTypeSignatureTest01);
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
int DetectParsePcreExec(DetectParseRegex *parse_regex, const char *str, int start_offset, int options)
void(* Free)(DetectEngineCtx *, void *)
int DetectEngineInspectGenericList(const DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Flow *f, const uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
main detection engine ctx
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
int(* AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)
@ SC_ERR_PCRE_GET_SUBSTRING
#define SIG_FLAG_TOCLIENT
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
int StringParseUint8(uint8_t *res, int base, size_t len, const char *str)
#define SIG_FLAG_TOSERVER
#define PASS
Pass the test.
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *detect_parse)
void DetectAppLayerInspectEngineRegister2(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr2 Callback2, InspectionBufferGetDataPtr GetData)
register inspect engine at start up time
#define PARSE_REGEX
Regex for parsing our keyword options.
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
SigMatch * SigMatchAlloc(void)
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
Signature * DetectEngineAppendSig(DetectEngineCtx *de_ctx, const char *sigstr)
Parse and append a Signature into the Detection Engine Context signature list.
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
int DetectBufferTypeRegister(const char *name)
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
void DetectKrb5MsgTypeRegister(void)
Registration function for krb5_msg_type: keyword.
a single match condition for a signature
DetectEngineCtx * DetectEngineCtxInit(void)
void SigMatchAppendSMToList(Signature *s, SigMatch *new, int list)
Append a SigMatch to the list type.
void(* RegisterTests)(void)