Go to the documentation of this file.
35 #define PARSE_REGEX "(?: *,?!?(?:retain|dup))+"
38 static int mqtt_flags_id = 0;
74 DetectEngineInspectMQTTFlagsGeneric, NULL);
112 return rs_mqtt_tx_has_flags(txv,
de->retain,
de->dup);
138 de->retain =
de->dup = MQTT_DONT_CARE;
140 char copy[strlen(rawstr)+1];
141 strlcpy(copy, rawstr,
sizeof(copy));
142 char *xsaveptr = NULL;
145 char *flagv = strtok_r(copy,
",", &xsaveptr);
146 while (flagv != NULL) {
148 while (*flagv !=
'\0' && isblank(*flagv)) {
151 if (strlen(flagv) < 2) {
157 MQTTFlagState fs_to_set = MQTT_MUST_BE_SET;
158 if (flagv[0] ==
'!') {
161 fs_to_set = MQTT_CANT_BE_SET;
163 if (strcmp(flagv+
offset,
"dup") == 0) {
164 if (
de->dup != MQTT_DONT_CARE) {
169 }
else if (strcmp(flagv+
offset,
"retain") == 0) {
170 if (
de->retain != MQTT_DONT_CARE) {
174 de->retain = fs_to_set;
180 flagv = strtok_r(NULL,
",", &xsaveptr);
210 de = DetectMQTTFlagsParse(rawstr);
256 static int MQTTFlagsTestParse01 (
void)
260 de = DetectMQTTFlagsParse(
"retain");
264 de = DetectMQTTFlagsParse(
"dup");
268 de = DetectMQTTFlagsParse(
"retain,dup");
272 de = DetectMQTTFlagsParse(
"dup, retain");
285 static int MQTTFlagsTestParse02 (
void)
288 de = DetectMQTTFlagsParse(
"retain,!dup");
301 static int MQTTFlagsTestParse03 (
void)
304 de = DetectMQTTFlagsParse(
"ref");
319 static int MQTTFlagsTestParse04 (
void)
322 de = DetectMQTTFlagsParse(
"dup,!");
337 static int MQTTFlagsTestParse05 (
void)
340 de = DetectMQTTFlagsParse(
"dup,!dup");
346 de = DetectMQTTFlagsParse(
"!retain,retain");
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
int DetectParsePcreExec(DetectParseRegex *parse_regex, const char *str, int start_offset, int options)
void(* Free)(DetectEngineCtx *, void *)
int DetectEngineInspectGenericList(const DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Flow *f, const uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
main detection engine ctx
int(* AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
int DetectBufferTypeGetByName(const char *name)
size_t strlcpy(char *dst, const char *src, size_t siz)
#define SIG_FLAG_TOSERVER
#define PASS
Pass the test.
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *detect_parse)
void MQTTFlagsRegisterTests(void)
this function registers unit tests for MQTTFlags
void DetectAppLayerInspectEngineRegister2(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr2 Callback2, InspectionBufferGetDataPtr GetData)
register inspect engine at start up time
SigMatch * SigMatchAlloc(void)
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
void DetectMQTTFlagsRegister(void)
Registration function for mqtt.flags: keyword.
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
void DetectMQTTFlagsFree(DetectEngineCtx *de_ctx, void *)
a single match condition for a signature
struct DetectMQTTFlagsData_ DetectMQTTFlagsData
void SigMatchAppendSMToList(Signature *s, SigMatch *new, int list)
Append a SigMatch to the list type.
void(* RegisterTests)(void)