Go to the documentation of this file.
35 #define PARSE_REGEX "(?: *,?!?(?:retain|dup))+"
38 static int mqtt_flags_id = 0;
100 return rs_mqtt_tx_has_flags(txv,
de->retain,
de->dup);
119 SCLogError(
"invalid flag definition: %s", rawstr);
126 de->retain =
de->dup = MQTT_DONT_CARE;
128 char copy[strlen(rawstr)+1];
129 strlcpy(copy, rawstr,
sizeof(copy));
130 char *xsaveptr = NULL;
133 char *flagv = strtok_r(copy,
",", &xsaveptr);
134 while (flagv != NULL) {
136 while (*flagv !=
'\0' && isblank(*flagv)) {
139 if (strlen(flagv) < 2) {
141 SCLogError(
"malformed flag value: %s", flagv);
145 MQTTFlagState fs_to_set = MQTT_MUST_BE_SET;
146 if (flagv[0] ==
'!') {
149 fs_to_set = MQTT_CANT_BE_SET;
151 if (strcmp(flagv+
offset,
"dup") == 0) {
152 if (
de->dup != MQTT_DONT_CARE) {
153 SCLogError(
"duplicate flag definition: %s", flagv);
157 }
else if (strcmp(flagv+
offset,
"retain") == 0) {
158 if (
de->retain != MQTT_DONT_CARE) {
159 SCLogError(
"duplicate flag definition: %s", flagv);
162 de->retain = fs_to_set;
164 SCLogError(
"invalid flag definition: %s", flagv);
168 flagv = strtok_r(NULL,
",", &xsaveptr);
198 de = DetectMQTTFlagsParse(rawstr);
244 static int MQTTFlagsTestParse01 (
void)
248 de = DetectMQTTFlagsParse(
"retain");
252 de = DetectMQTTFlagsParse(
"dup");
256 de = DetectMQTTFlagsParse(
"retain,dup");
260 de = DetectMQTTFlagsParse(
"dup, retain");
273 static int MQTTFlagsTestParse02 (
void)
276 de = DetectMQTTFlagsParse(
"retain,!dup");
289 static int MQTTFlagsTestParse03 (
void)
292 de = DetectMQTTFlagsParse(
"ref");
307 static int MQTTFlagsTestParse04 (
void)
310 de = DetectMQTTFlagsParse(
"dup,!");
325 static int MQTTFlagsTestParse05 (
void)
328 de = DetectMQTTFlagsParse(
"dup,!dup");
334 de = DetectMQTTFlagsParse(
"!retain,retain");
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
int DetectParsePcreExec(DetectParseRegex *parse_regex, const char *str, int start_offset, int options)
void(* Free)(DetectEngineCtx *, void *)
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
main detection engine ctx
int(* AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
int DetectBufferTypeGetByName(const char *name)
size_t strlcpy(char *dst, const char *src, size_t siz)
#define SIG_FLAG_TOSERVER
#define PASS
Pass the test.
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *detect_parse)
void MQTTFlagsRegisterTests(void)
this function registers unit tests for MQTTFlags
void DetectAppLayerInspectEngineRegister2(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr2 Callback2, InspectionBufferGetDataPtr GetData)
register inspect engine at start up time
SigMatch * SigMatchAlloc(void)
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
void DetectMQTTFlagsRegister(void)
Registration function for mqtt.flags: keyword.
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
void DetectMQTTFlagsFree(DetectEngineCtx *de_ctx, void *)
uint8_t DetectEngineInspectGenericList(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
#define SCLogError(...)
Macro used to log ERROR messages.
a single match condition for a signature
struct DetectMQTTFlagsData_ DetectMQTTFlagsData
void SigMatchAppendSMToList(Signature *s, SigMatch *new, int list)
Append a SigMatch to the list type.
void(* RegisterTests)(void)