suricata
detect-nfs-version.c
Go to the documentation of this file.
1 /* Copyright (C) 2017 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #include "suricata-common.h"
25 #include "threads.h"
26 #include "debug.h"
27 #include "decode.h"
28 #include "detect.h"
29 
30 #include "detect-parse.h"
31 #include "detect-engine.h"
32 #include "detect-engine-mpm.h"
33 #include "detect-content.h"
34 #include "detect-pcre.h"
35 #include "detect-nfs-version.h"
36 
37 #include "app-layer-parser.h"
38 
39 #include "flow.h"
40 #include "flow-util.h"
41 #include "flow-var.h"
42 
43 #include "util-unittest.h"
44 #include "util-unittest-helper.h"
45 
46 #ifndef HAVE_RUST
48 {
49 }
50 
51 #else
52 
53 #include "app-layer-nfs-tcp.h"
54 #include "rust.h"
55 #include "rust-nfs-nfs-gen.h"
56 
57 /**
58  * [nfs_procedure]:[<|>]<proc>[<><proc>];
59  */
60 #define PARSE_REGEX "^\\s*(<=|>=|<|>)?\\s*([0-9]+)\\s*(?:(<>)\\s*([0-9]+))?\\s*$"
61 static pcre *parse_regex;
62 static pcre_extra *parse_regex_study;
63 
64 enum DetectNfsVersionMode {
65  PROCEDURE_EQ = 1, /* equal */
66  PROCEDURE_LT, /* less than */
67  PROCEDURE_LE, /* less than */
68  PROCEDURE_GT, /* greater than */
69  PROCEDURE_GE, /* greater than */
70  PROCEDURE_RA, /* range */
71 };
72 
73 typedef struct DetectNfsVersionData_ {
74  uint32_t lo;
75  uint32_t hi;
76  enum DetectNfsVersionMode mode;
77 } DetectNfsVersionData;
78 
79 static DetectNfsVersionData *DetectNfsVersionParse (const char *);
80 static int DetectNfsVersionSetup (DetectEngineCtx *, Signature *s, const char *str);
81 static void DetectNfsVersionFree(void *);
82 static void DetectNfsVersionRegisterTests(void);
83 static int g_nfs_request_buffer_id = 0;
84 
85 static int DetectEngineInspectNfsRequestGeneric(ThreadVars *tv,
86  DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
87  const Signature *s, const SigMatchData *smd,
88  Flow *f, uint8_t flags, void *alstate,
89  void *txv, uint64_t tx_id);
90 
91 static int DetectNfsVersionMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *,
92  uint8_t, void *, void *, const Signature *,
93  const SigMatchCtx *);
94 
95 /**
96  * \brief Registration function for nfs_procedure keyword.
97  */
98 void DetectNfsVersionRegister (void)
99 {
100  sigmatch_table[DETECT_AL_NFS_VERSION].name = "nfs_version";
101  sigmatch_table[DETECT_AL_NFS_VERSION].desc = "match NFS version";
102  sigmatch_table[DETECT_AL_NFS_VERSION].url = DOC_URL DOC_VERSION "/rules/nfs-keywords.html#version";
104  sigmatch_table[DETECT_AL_NFS_VERSION].AppLayerTxMatch = DetectNfsVersionMatch;
105  sigmatch_table[DETECT_AL_NFS_VERSION].Setup = DetectNfsVersionSetup;
106  sigmatch_table[DETECT_AL_NFS_VERSION].Free = DetectNfsVersionFree;
107  sigmatch_table[DETECT_AL_NFS_VERSION].RegisterTests = DetectNfsVersionRegisterTests;
108 
109 
110  DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
111 
114  DetectEngineInspectNfsRequestGeneric);
115 
116  g_nfs_request_buffer_id = DetectBufferTypeGetByName("nfs_request");
117 
118  SCLogDebug("g_nfs_request_buffer_id %d", g_nfs_request_buffer_id);
119 }
120 
121 static int DetectEngineInspectNfsRequestGeneric(ThreadVars *tv,
122  DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
123  const Signature *s, const SigMatchData *smd,
124  Flow *f, uint8_t flags, void *alstate,
125  void *txv, uint64_t tx_id)
126 {
127  return DetectEngineInspectGenericList(tv, de_ctx, det_ctx, s, smd,
128  f, flags, alstate, txv, tx_id);
129 }
130 
131 static inline int
132 VersionMatch(const uint32_t version,
133  enum DetectNfsVersionMode mode, uint32_t lo, uint32_t hi)
134 {
135  switch (mode) {
136  case PROCEDURE_EQ:
137  if (version == lo)
138  SCReturnInt(1);
139  break;
140  case PROCEDURE_LT:
141  if (version < lo)
142  SCReturnInt(1);
143  break;
144  case PROCEDURE_LE:
145  if (version <= lo)
146  SCReturnInt(1);
147  break;
148  case PROCEDURE_GT:
149  if (version > lo)
150  SCReturnInt(1);
151  break;
152  case PROCEDURE_GE:
153  if (version >= lo)
154  SCReturnInt(1);
155  break;
156  case PROCEDURE_RA:
157  if (version >= lo && version <= hi)
158  SCReturnInt(1);
159  break;
160  }
161  SCReturnInt(0);
162 }
163 
164 /**
165  * \internal
166  * \brief Function to match version of a TX
167  *
168  * \param t Pointer to thread vars.
169  * \param det_ctx Pointer to the pattern matcher thread.
170  * \param f Pointer to the current flow.
171  * \param flags Flags.
172  * \param state App layer state.
173  * \param s Pointer to the Signature.
174  * \param m Pointer to the sigmatch that we will cast into
175  * DetectNfsVersionData.
176  *
177  * \retval 0 no match.
178  * \retval 1 match.
179  */
180 static int DetectNfsVersionMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
181  Flow *f, uint8_t flags, void *state,
182  void *txv, const Signature *s,
183  const SigMatchCtx *ctx)
184 {
185  SCEnter();
186 
187  const DetectNfsVersionData *dd = (const DetectNfsVersionData *)ctx;
188  uint32_t version;
189  rs_nfs_tx_get_version(txv, &version);
190  SCLogDebug("version %u mode %u lo %u hi %u",
191  version, dd->mode, dd->lo, dd->hi);
192  if (VersionMatch(version, dd->mode, dd->lo, dd->hi))
193  SCReturnInt(1);
194  SCReturnInt(0);
195 }
196 
197 /**
198  * \internal
199  * \brief Function to parse options passed via tls validity keywords.
200  *
201  * \param rawstr Pointer to the user provided options.
202  *
203  * \retval dd pointer to DetectNfsVersionData on success.
204  * \retval NULL on failure.
205  */
206 static DetectNfsVersionData *DetectNfsVersionParse (const char *rawstr)
207 {
208  DetectNfsVersionData *dd = NULL;
209 #define MAX_SUBSTRINGS 30
210  int ret = 0, res = 0;
211  int ov[MAX_SUBSTRINGS];
212  char mode[2] = "";
213  char value1[20] = "";
214  char value2[20] = "";
215  char range[3] = "";
216 
217  ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0,
218  0, ov, MAX_SUBSTRINGS);
219  if (ret < 3 || ret > 5) {
220  SCLogError(SC_ERR_PCRE_MATCH, "Parse error %s", rawstr);
221  goto error;
222  }
223 
224  res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, mode,
225  sizeof(mode));
226  if (res < 0) {
227  SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
228  goto error;
229  }
230  SCLogDebug("mode \"%s\"", mode);
231 
232  res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, value1,
233  sizeof(value1));
234  if (res < 0) {
235  SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
236  goto error;
237  }
238  SCLogDebug("value1 \"%s\"", value1);
239 
240  if (ret > 3) {
241  res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 3,
242  range, sizeof(range));
243  if (res < 0) {
244  SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
245  goto error;
246  }
247  SCLogDebug("range \"%s\"", range);
248 
249  if (ret > 4) {
250  res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 4,
251  value2, sizeof(value2));
252  if (res < 0) {
254  "pcre_copy_substring failed");
255  goto error;
256  }
257  SCLogDebug("value2 \"%s\"", value2);
258  }
259  }
260 
261  dd = SCCalloc(1, sizeof(DetectNfsVersionData));
262  if (unlikely(dd == NULL))
263  goto error;
264 
265  if (strlen(mode) == 1) {
266  if (mode[0] == '<')
267  dd->mode = PROCEDURE_LT;
268  else if (mode[0] == '>')
269  dd->mode = PROCEDURE_GT;
270  } else if (strlen(mode) == 2) {
271  if (strcmp(mode, "<=") == 0)
272  dd->mode = PROCEDURE_LE;
273  if (strcmp(mode, ">=") == 0)
274  dd->mode = PROCEDURE_GE;
275  }
276 
277  if (strlen(range) > 0) {
278  if (strcmp("<>", range) == 0)
279  dd->mode = PROCEDURE_RA;
280  }
281 
282  if (strlen(range) != 0 && strlen(mode) != 0) {
284  "Range specified but mode also set");
285  goto error;
286  }
287 
288  if (dd->mode == 0) {
289  dd->mode = PROCEDURE_EQ;
290  }
291 
292  /* set the first value */
293  dd->lo = atoi(value1); //TODO
294 
295  /* set the second value if specified */
296  if (strlen(value2) > 0) {
297  if (!(dd->mode == PROCEDURE_RA)) {
299  "Multiple tls validity values specified but mode is not range");
300  goto error;
301  }
302 
303  //
304  dd->hi = atoi(value2); // TODO
305 
306  if (dd->hi <= dd->lo) {
308  "Second value in range must not be smaller than the first");
309  goto error;
310  }
311  }
312  return dd;
313 
314 error:
315  if (dd)
316  SCFree(dd);
317  return NULL;
318 }
319 
320 
321 
322 /**
323  * \brief Function to add the parsed tls validity field into the current signature.
324  *
325  * \param de_ctx Pointer to the Detection Engine Context.
326  * \param s Pointer to the Current Signature.
327  * \param rawstr Pointer to the user provided flags options.
328  * \param type Defines if this is notBefore or notAfter.
329  *
330  * \retval 0 on Success.
331  * \retval -1 on Failure.
332  */
333 static int DetectNfsVersionSetup (DetectEngineCtx *de_ctx, Signature *s,
334  const char *rawstr)
335 {
336  DetectNfsVersionData *dd = NULL;
337  SigMatch *sm = NULL;
338 
339  SCLogDebug("\'%s\'", rawstr);
340 
342  return -1;
343 
344  dd = DetectNfsVersionParse(rawstr);
345  if (dd == NULL) {
346  SCLogError(SC_ERR_INVALID_ARGUMENT,"Parsing \'%s\' failed", rawstr);
347  goto error;
348  }
349 
350  /* okay so far so good, lets get this into a SigMatch
351  * and put it in the Signature. */
352  sm = SigMatchAlloc();
353  if (sm == NULL)
354  goto error;
355 
357  sm->ctx = (void *)dd;
358 
359  SCLogDebug("low %u hi %u", dd->lo, dd->hi);
360  SigMatchAppendSMToList(s, sm, g_nfs_request_buffer_id);
361  return 0;
362 
363 error:
364  DetectNfsVersionFree(dd);
365  return -1;
366 }
367 
368 /**
369  * \internal
370  * \brief Function to free memory associated with DetectNfsVersionData.
371  *
372  * \param de_ptr Pointer to DetectNfsVersionData.
373  */
374 void DetectNfsVersionFree(void *ptr)
375 {
376  SCFree(ptr);
377 }
378 
379 #ifdef UNITTESTS
380 
381 /**
382  * \test This is a test for a valid value 1430000000.
383  *
384  * \retval 1 on success.
385  * \retval 0 on failure.
386  */
387 static int ValidityTestParse01 (void)
388 {
389  DetectNfsVersionData *dd = NULL;
390  dd = DetectNfsVersionParse("1430000000");
391  FAIL_IF_NULL(dd);
392  FAIL_IF_NOT(dd->lo == 1430000000 && dd->mode == PROCEDURE_EQ);
393  DetectNfsVersionFree(dd);
394  PASS;
395 }
396 
397 /**
398  * \test This is a test for a valid value >1430000000.
399  *
400  * \retval 1 on success.
401  * \retval 0 on failure.
402  */
403 static int ValidityTestParse02 (void)
404 {
405  DetectNfsVersionData *dd = NULL;
406  dd = DetectNfsVersionParse(">1430000000");
407  FAIL_IF_NULL(dd);
408  FAIL_IF_NOT(dd->lo == 1430000000 && dd->mode == PROCEDURE_GT);
409  DetectNfsVersionFree(dd);
410  PASS;
411 }
412 
413 /**
414  * \test This is a test for a valid value <1430000000.
415  *
416  * \retval 1 on success.
417  * \retval 0 on failure.
418  */
419 static int ValidityTestParse03 (void)
420 {
421  DetectNfsVersionData *dd = NULL;
422  dd = DetectNfsVersionParse("<1430000000");
423  FAIL_IF_NULL(dd);
424  FAIL_IF_NOT(dd->lo == 1430000000 && dd->mode == PROCEDURE_LT);
425  DetectNfsVersionFree(dd);
426  PASS;
427 }
428 
429 /**
430  * \test This is a test for a valid value 1430000000<>1470000000.
431  *
432  * \retval 1 on success.
433  * \retval 0 on failure.
434  */
435 static int ValidityTestParse04 (void)
436 {
437  DetectNfsVersionData *dd = NULL;
438  dd = DetectNfsVersionParse("1430000000<>1470000000");
439  FAIL_IF_NULL(dd);
440  FAIL_IF_NOT(dd->lo == 1430000000 && dd->hi == 1470000000 &&
441  dd->mode == PROCEDURE_RA);
442  DetectNfsVersionFree(dd);
443  PASS;
444 }
445 
446 /**
447  * \test This is a test for a invalid value A.
448  *
449  * \retval 1 on success.
450  * \retval 0 on failure.
451  */
452 static int ValidityTestParse05 (void)
453 {
454  DetectNfsVersionData *dd = NULL;
455  dd = DetectNfsVersionParse("A");
456  FAIL_IF_NOT_NULL(dd);
457  PASS;
458 }
459 
460 /**
461  * \test This is a test for a invalid value >1430000000<>1470000000.
462  *
463  * \retval 1 on success.
464  * \retval 0 on failure.
465  */
466 static int ValidityTestParse06 (void)
467 {
468  DetectNfsVersionData *dd = NULL;
469  dd = DetectNfsVersionParse(">1430000000<>1470000000");
470  FAIL_IF_NOT_NULL(dd);
471  PASS;
472 }
473 
474 /**
475  * \test This is a test for a invalid value 1430000000<>.
476  *
477  * \retval 1 on success.
478  * \retval 0 on failure.
479  */
480 static int ValidityTestParse07 (void)
481 {
482  DetectNfsVersionData *dd = NULL;
483  dd = DetectNfsVersionParse("1430000000<>");
484  FAIL_IF_NOT_NULL(dd);
485  PASS;
486 }
487 
488 /**
489  * \test This is a test for a invalid value <>1430000000.
490  *
491  * \retval 1 on success.
492  * \retval 0 on failure.
493  */
494 static int ValidityTestParse08 (void)
495 {
496  DetectNfsVersionData *dd = NULL;
497  dd = DetectNfsVersionParse("<>1430000000");
498  FAIL_IF_NOT_NULL(dd);
499  PASS;
500 }
501 
502 /**
503  * \test This is a test for a invalid value "".
504  *
505  * \retval 1 on success.
506  * \retval 0 on failure.
507  */
508 static int ValidityTestParse09 (void)
509 {
510  DetectNfsVersionData *dd = NULL;
511  dd = DetectNfsVersionParse("");
512  FAIL_IF_NOT_NULL(dd);
513  PASS;
514 }
515 
516 /**
517  * \test This is a test for a invalid value " ".
518  *
519  * \retval 1 on success.
520  * \retval 0 on failure.
521  */
522 static int ValidityTestParse10 (void)
523 {
524  DetectNfsVersionData *dd = NULL;
525  dd = DetectNfsVersionParse(" ");
526  FAIL_IF_NOT_NULL(dd);
527  PASS;
528 }
529 
530 /**
531  * \test This is a test for a invalid value 1490000000<>1430000000.
532  *
533  * \retval 1 on success.
534  * \retval 0 on failure.
535  */
536 static int ValidityTestParse11 (void)
537 {
538  DetectNfsVersionData *dd = NULL;
539  dd = DetectNfsVersionParse("1490000000<>1430000000");
540  FAIL_IF_NOT_NULL(dd);
541  PASS;
542 }
543 
544 /**
545  * \test This is a test for a valid value 1430000000 <> 1490000000.
546  *
547  * \retval 1 on success.
548  * \retval 0 on failure.
549  */
550 static int ValidityTestParse12 (void)
551 {
552  DetectNfsVersionData *dd = NULL;
553  dd = DetectNfsVersionParse("1430000000 <> 1490000000");
554  FAIL_IF_NULL(dd);
555  FAIL_IF_NOT(dd->lo == 1430000000 && dd->hi == 1490000000 &&
556  dd->mode == PROCEDURE_RA);
557  DetectNfsVersionFree(dd);
558  PASS;
559 }
560 
561 /**
562  * \test This is a test for a valid value > 1430000000.
563  *
564  * \retval 1 on success.
565  * \retval 0 on failure.
566  */
567 static int ValidityTestParse13 (void)
568 {
569  DetectNfsVersionData *dd = NULL;
570  dd = DetectNfsVersionParse("> 1430000000 ");
571  FAIL_IF_NULL(dd);
572  FAIL_IF_NOT(dd->lo == 1430000000 && dd->mode == PROCEDURE_GT);
573  DetectNfsVersionFree(dd);
574  PASS;
575 }
576 
577 /**
578  * \test This is a test for a valid value < 1490000000.
579  *
580  * \retval 1 on success.
581  * \retval 0 on failure.
582  */
583 static int ValidityTestParse14 (void)
584 {
585  DetectNfsVersionData *dd = NULL;
586  dd = DetectNfsVersionParse("< 1490000000 ");
587  FAIL_IF_NULL(dd);
588  FAIL_IF_NOT(dd->lo == 1490000000 && dd->mode == PROCEDURE_LT);
589  DetectNfsVersionFree(dd);
590  PASS;
591 }
592 
593 /**
594  * \test This is a test for a valid value 1490000000.
595  *
596  * \retval 1 on success.
597  * \retval 0 on failure.
598  */
599 static int ValidityTestParse15 (void)
600 {
601  DetectNfsVersionData *dd = NULL;
602  dd = DetectNfsVersionParse(" 1490000000 ");
603  FAIL_IF_NULL(dd);
604  FAIL_IF_NOT(dd->lo == 1490000000 && dd->mode == PROCEDURE_EQ);
605  DetectNfsVersionFree(dd);
606  PASS;
607 }
608 
609 #endif /* UNITTESTS */
610 
611 /**
612  * \brief Register unit tests for nfs_procedure.
613  */
614 void DetectNfsVersionRegisterTests(void)
615 {
616 #ifdef UNITTESTS /* UNITTESTS */
617  UtRegisterTest("ValidityTestParse01", ValidityTestParse01);
618  UtRegisterTest("ValidityTestParse02", ValidityTestParse02);
619  UtRegisterTest("ValidityTestParse03", ValidityTestParse03);
620  UtRegisterTest("ValidityTestParse04", ValidityTestParse04);
621  UtRegisterTest("ValidityTestParse05", ValidityTestParse05);
622  UtRegisterTest("ValidityTestParse06", ValidityTestParse06);
623  UtRegisterTest("ValidityTestParse07", ValidityTestParse07);
624  UtRegisterTest("ValidityTestParse08", ValidityTestParse08);
625  UtRegisterTest("ValidityTestParse09", ValidityTestParse09);
626  UtRegisterTest("ValidityTestParse10", ValidityTestParse10);
627  UtRegisterTest("ValidityTestParse11", ValidityTestParse11);
628  UtRegisterTest("ValidityTestParse12", ValidityTestParse12);
629  UtRegisterTest("ValidityTestParse13", ValidityTestParse13);
630  UtRegisterTest("ValidityTestParse14", ValidityTestParse14);
631  UtRegisterTest("ValidityTestParse15", ValidityTestParse15);
632 #endif /* UNITTESTS */
633 }
634 #endif /* HAVE_RUST */
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
Definition: detect.h:1403
uint16_t flags
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Definition: detect.h:1146
int(* AppLayerTxMatch)(ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)
Definition: detect.h:1132
#define SCLogDebug(...)
Definition: util-debug.h:335
#define MAX_SUBSTRINGS
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
#define PASS
Pass the test.
#define unlikely(expr)
Definition: util-optimize.h:35
Data needed for Match()
Definition: detect.h:333
const char * name
Definition: detect.h:1160
int DetectEngineInspectGenericList(ThreadVars *tv, const DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Flow *f, const uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
Signature container.
Definition: detect.h:492
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
Definition: detect.h:319
main detection engine ctx
Definition: detect.h:720
int DetectBufferTypeGetByName(const char *name)
#define str(s)
#define SCCalloc(nm, a)
Definition: util-mem.h:205
void(* Free)(void *)
Definition: detect.h:1151
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:294
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
void DetectSetupParseRegexes(const char *parse_str, pcre **parse_regex, pcre_extra **parse_regex_study)
#define SIG_FLAG_TOSERVER
Definition: detect.h:243
#define SCEnter(...)
Definition: util-debug.h:337
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
uint8_t type
Definition: detect.h:325
#define SCReturnInt(x)
Definition: util-debug.h:341
void DetectNfsVersionRegister(void)
const char * desc
Definition: detect.h:1162
void SigMatchAppendSMToList(Signature *s, SigMatch *new, int list)
Append a SigMatch to the list type.
Definition: detect-parse.c:282
SigMatchCtx * ctx
Definition: detect.h:327
uint8_t version
Definition: decode-gre.h:405
#define SCFree(a)
Definition: util-mem.h:236
PoolThreadReserved res
uint16_t tx_id
int(* Match)(ThreadVars *, DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
Definition: detect.h:1129
const char * url
Definition: detect.h:1163
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
#define DOC_URL
Definition: suricata.h:86
SigMatch * SigMatchAlloc(void)
Definition: detect-parse.c:226
Per thread variable structure.
Definition: threadvars.h:57
#define PARSE_REGEX
#define DOC_VERSION
Definition: suricata.h:91
Flow data structure.
Definition: flow.h:327
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr Callback)
register inspect engine at start up time
void(* RegisterTests)(void)
Definition: detect.h:1152
a single match condition for a signature
Definition: detect.h:324
#define FAIL_IF_NOT(expr)
Fail a test if expression to true.
Definition: util-unittest.h:82