Go to the documentation of this file.
35 #define PARSE_REGEX "(?: *,?!?(?:retain|dup))+"
38 static int mqtt_flags_id = 0;
100 return rs_mqtt_tx_has_flags(txv,
de->retain,
de->dup);
119 pcre2_match_data *match = NULL;
122 SCLogError(
"invalid flag definition: %s", rawstr);
124 pcre2_match_data_free(match);
130 de->retain =
de->dup = MQTT_DONT_CARE;
132 char copy[strlen(rawstr)+1];
133 strlcpy(copy, rawstr,
sizeof(copy));
134 char *xsaveptr = NULL;
137 char *flagv = strtok_r(copy,
",", &xsaveptr);
138 while (flagv != NULL) {
140 while (*flagv !=
'\0' && isblank(*flagv)) {
143 if (strlen(flagv) < 2) {
145 SCLogError(
"malformed flag value: %s", flagv);
149 MQTTFlagState fs_to_set = MQTT_MUST_BE_SET;
150 if (flagv[0] ==
'!') {
153 fs_to_set = MQTT_CANT_BE_SET;
155 if (strcmp(flagv+
offset,
"dup") == 0) {
156 if (
de->dup != MQTT_DONT_CARE) {
157 SCLogError(
"duplicate flag definition: %s", flagv);
161 }
else if (strcmp(flagv+
offset,
"retain") == 0) {
162 if (
de->retain != MQTT_DONT_CARE) {
163 SCLogError(
"duplicate flag definition: %s", flagv);
166 de->retain = fs_to_set;
168 SCLogError(
"invalid flag definition: %s", flagv);
172 flagv = strtok_r(NULL,
",", &xsaveptr);
175 pcre2_match_data_free(match);
180 pcre2_match_data_free(match);
206 de = DetectMQTTFlagsParse(rawstr);
252 static int MQTTFlagsTestParse01 (
void)
256 de = DetectMQTTFlagsParse(
"retain");
260 de = DetectMQTTFlagsParse(
"dup");
264 de = DetectMQTTFlagsParse(
"retain,dup");
268 de = DetectMQTTFlagsParse(
"dup, retain");
281 static int MQTTFlagsTestParse02 (
void)
284 de = DetectMQTTFlagsParse(
"retain,!dup");
297 static int MQTTFlagsTestParse03 (
void)
300 de = DetectMQTTFlagsParse(
"ref");
315 static int MQTTFlagsTestParse04 (
void)
318 de = DetectMQTTFlagsParse(
"dup,!");
333 static int MQTTFlagsTestParse05 (
void)
336 de = DetectMQTTFlagsParse(
"dup,!dup");
342 de = DetectMQTTFlagsParse(
"!retain,retain");
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
void SigMatchAppendSMToList(Signature *s, SigMatch *new, const int list)
Append a SigMatch to the list type.
void(* Free)(DetectEngineCtx *, void *)
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
main detection engine ctx
int(* AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)
int DetectParsePcreExec(DetectParseRegex *parse_regex, pcre2_match_data **match, const char *str, int start_offset, int options)
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
int DetectBufferTypeGetByName(const char *name)
size_t strlcpy(char *dst, const char *src, size_t siz)
#define SIG_FLAG_TOSERVER
#define PASS
Pass the test.
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *detect_parse)
void MQTTFlagsRegisterTests(void)
this function registers unit tests for MQTTFlags
void DetectAppLayerInspectEngineRegister2(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr2 Callback2, InspectionBufferGetDataPtr GetData)
register inspect engine at start up time
SigMatch * SigMatchAlloc(void)
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
void DetectMQTTFlagsRegister(void)
Registration function for mqtt.flags: keyword.
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
void DetectMQTTFlagsFree(DetectEngineCtx *de_ctx, void *)
uint8_t DetectEngineInspectGenericList(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
#define SCLogError(...)
Macro used to log ERROR messages.
a single match condition for a signature
struct DetectMQTTFlagsData_ DetectMQTTFlagsData
void(* RegisterTests)(void)