Go to the documentation of this file.
35 #define PARSE_REGEX "(?: *,?!?(?:retain|dup))+"
38 static int mqtt_flags_id = 0;
100 return rs_mqtt_tx_has_flags(txv,
de->retain,
de->dup);
119 pcre2_match_data *match = NULL;
122 SCLogError(
"invalid flag definition: %s", rawstr);
124 pcre2_match_data_free(match);
130 de->retain =
de->dup = MQTT_DONT_CARE;
132 char copy[strlen(rawstr)+1];
133 strlcpy(copy, rawstr,
sizeof(copy));
134 char *xsaveptr = NULL;
137 char *flagv = strtok_r(copy,
",", &xsaveptr);
138 while (flagv != NULL) {
140 while (*flagv !=
'\0' && isblank(*flagv)) {
143 if (strlen(flagv) < 2) {
145 SCLogError(
"malformed flag value: %s", flagv);
149 MQTTFlagState fs_to_set = MQTT_MUST_BE_SET;
150 if (flagv[0] ==
'!') {
153 fs_to_set = MQTT_CANT_BE_SET;
155 if (strcmp(flagv+
offset,
"dup") == 0) {
156 if (
de->dup != MQTT_DONT_CARE) {
157 SCLogError(
"duplicate flag definition: %s", flagv);
161 }
else if (strcmp(flagv+
offset,
"retain") == 0) {
162 if (
de->retain != MQTT_DONT_CARE) {
163 SCLogError(
"duplicate flag definition: %s", flagv);
166 de->retain = fs_to_set;
168 SCLogError(
"invalid flag definition: %s", flagv);
172 flagv = strtok_r(NULL,
",", &xsaveptr);
175 pcre2_match_data_free(match);
180 pcre2_match_data_free(match);
205 de = DetectMQTTFlagsParse(rawstr);
245 static int MQTTFlagsTestParse01 (
void)
249 de = DetectMQTTFlagsParse(
"retain");
253 de = DetectMQTTFlagsParse(
"dup");
257 de = DetectMQTTFlagsParse(
"retain,dup");
261 de = DetectMQTTFlagsParse(
"dup, retain");
274 static int MQTTFlagsTestParse02 (
void)
277 de = DetectMQTTFlagsParse(
"retain,!dup");
290 static int MQTTFlagsTestParse03 (
void)
293 de = DetectMQTTFlagsParse(
"ref");
308 static int MQTTFlagsTestParse04 (
void)
311 de = DetectMQTTFlagsParse(
"dup,!");
326 static int MQTTFlagsTestParse05 (
void)
329 de = DetectMQTTFlagsParse(
"dup,!dup");
335 de = DetectMQTTFlagsParse(
"!retain,retain");
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
void(* Free)(DetectEngineCtx *, void *)
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
main detection engine ctx
int(* AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)
int DetectParsePcreExec(DetectParseRegex *parse_regex, pcre2_match_data **match, const char *str, int start_offset, int options)
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
int DetectBufferTypeGetByName(const char *name)
size_t strlcpy(char *dst, const char *src, size_t siz)
#define SIG_FLAG_TOSERVER
#define PASS
Pass the test.
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *detect_parse)
void MQTTFlagsRegisterTests(void)
this function registers unit tests for MQTTFlags
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
void DetectMQTTFlagsRegister(void)
Registration function for mqtt.flags: keyword.
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
void DetectMQTTFlagsFree(DetectEngineCtx *de_ctx, void *)
uint8_t DetectEngineInspectGenericList(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
#define SCLogError(...)
Macro used to log ERROR messages.
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr Callback, InspectionBufferGetDataPtr GetData)
register inspect engine at start up time
SigMatch * SigMatchAppendSMToList(DetectEngineCtx *de_ctx, Signature *s, uint16_t type, SigMatchCtx *ctx, const int list)
Append a SigMatch to the list type.
struct DetectMQTTFlagsData_ DetectMQTTFlagsData
void(* RegisterTests)(void)