suricata
detect-nfs-version.c
Go to the documentation of this file.
1 /* Copyright (C) 2017-2020 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #include "suricata-common.h"
25 #include "threads.h"
26 #include "debug.h"
27 #include "decode.h"
28 #include "detect.h"
29 
30 #include "detect-parse.h"
31 #include "detect-engine.h"
32 #include "detect-engine-mpm.h"
33 #include "detect-content.h"
34 #include "detect-pcre.h"
35 #include "detect-nfs-version.h"
36 
37 #include "app-layer-parser.h"
38 
39 #include "flow.h"
40 #include "flow-util.h"
41 #include "flow-var.h"
42 
43 #include "util-unittest.h"
44 #include "util-unittest-helper.h"
45 #include "util-byte.h"
46 
47 #include "app-layer-nfs-tcp.h"
48 #include "rust.h"
49 
50 /**
51  * [nfs_procedure]:[<|>]<proc>[<><proc>];
52  */
53 #define PARSE_REGEX "^\\s*(<=|>=|<|>)?\\s*([0-9]+)\\s*(?:(<>)\\s*([0-9]+))?\\s*$"
54 static DetectParseRegex parse_regex;
55 
57  PROCEDURE_EQ = 1, /* equal */
58  PROCEDURE_LT, /* less than */
59  PROCEDURE_LE, /* less than */
60  PROCEDURE_GT, /* greater than */
61  PROCEDURE_GE, /* greater than */
62  PROCEDURE_RA, /* range */
63 };
64 
65 typedef struct DetectNfsVersionData_ {
66  uint32_t lo;
67  uint32_t hi;
70 
71 static DetectNfsVersionData *DetectNfsVersionParse (const char *);
72 static int DetectNfsVersionSetup (DetectEngineCtx *, Signature *s, const char *str);
73 static void DetectNfsVersionFree(DetectEngineCtx *de_ctx, void *);
74 #ifdef UNITTESTS
75 static void DetectNfsVersionRegisterTests(void);
76 #endif
77 static int g_nfs_request_buffer_id = 0;
78 
79 static int DetectEngineInspectNfsRequestGeneric(ThreadVars *tv,
81  const Signature *s, const SigMatchData *smd,
82  Flow *f, uint8_t flags, void *alstate,
83  void *txv, uint64_t tx_id);
84 
85 static int DetectNfsVersionMatch (DetectEngineThreadCtx *, Flow *,
86  uint8_t, void *, void *, const Signature *,
87  const SigMatchCtx *);
88 
89 /**
90  * \brief Registration function for nfs_procedure keyword.
91  */
93 {
94  sigmatch_table[DETECT_AL_NFS_VERSION].name = "nfs.version";
96  sigmatch_table[DETECT_AL_NFS_VERSION].desc = "match NFS version";
97  sigmatch_table[DETECT_AL_NFS_VERSION].url = "/rules/nfs-keywords.html#version";
98  sigmatch_table[DETECT_AL_NFS_VERSION].AppLayerTxMatch = DetectNfsVersionMatch;
99  sigmatch_table[DETECT_AL_NFS_VERSION].Setup = DetectNfsVersionSetup;
100  sigmatch_table[DETECT_AL_NFS_VERSION].Free = DetectNfsVersionFree;
101 #ifdef UNITTESTS
102  sigmatch_table[DETECT_AL_NFS_VERSION].RegisterTests = DetectNfsVersionRegisterTests;
103 #endif
104  DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
105 
108  DetectEngineInspectNfsRequestGeneric);
109 
110  g_nfs_request_buffer_id = DetectBufferTypeGetByName("nfs_request");
111 
112  SCLogDebug("g_nfs_request_buffer_id %d", g_nfs_request_buffer_id);
113 }
114 
115 static int DetectEngineInspectNfsRequestGeneric(ThreadVars *tv,
117  const Signature *s, const SigMatchData *smd,
118  Flow *f, uint8_t flags, void *alstate,
119  void *txv, uint64_t tx_id)
120 {
121  return DetectEngineInspectGenericList(tv, de_ctx, det_ctx, s, smd,
122  f, flags, alstate, txv, tx_id);
123 }
124 
125 static inline int
126 VersionMatch(const uint32_t version,
127  enum DetectNfsVersionMode mode, uint32_t lo, uint32_t hi)
128 {
129  switch (mode) {
130  case PROCEDURE_EQ:
131  if (version == lo)
132  SCReturnInt(1);
133  break;
134  case PROCEDURE_LT:
135  if (version < lo)
136  SCReturnInt(1);
137  break;
138  case PROCEDURE_LE:
139  if (version <= lo)
140  SCReturnInt(1);
141  break;
142  case PROCEDURE_GT:
143  if (version > lo)
144  SCReturnInt(1);
145  break;
146  case PROCEDURE_GE:
147  if (version >= lo)
148  SCReturnInt(1);
149  break;
150  case PROCEDURE_RA:
151  if (version >= lo && version <= hi)
152  SCReturnInt(1);
153  break;
154  }
155  SCReturnInt(0);
156 }
157 
158 /**
159  * \internal
160  * \brief Function to match version of a TX
161  *
162  * \param t Pointer to thread vars.
163  * \param det_ctx Pointer to the pattern matcher thread.
164  * \param f Pointer to the current flow.
165  * \param flags Flags.
166  * \param state App layer state.
167  * \param s Pointer to the Signature.
168  * \param m Pointer to the sigmatch that we will cast into
169  * DetectNfsVersionData.
170  *
171  * \retval 0 no match.
172  * \retval 1 match.
173  */
174 static int DetectNfsVersionMatch (DetectEngineThreadCtx *det_ctx,
175  Flow *f, uint8_t flags, void *state,
176  void *txv, const Signature *s,
177  const SigMatchCtx *ctx)
178 {
179  SCEnter();
180 
181  const DetectNfsVersionData *dd = (const DetectNfsVersionData *)ctx;
182  uint32_t version;
183  rs_nfs_tx_get_version(txv, &version);
184  SCLogDebug("version %u mode %u lo %u hi %u",
185  version, dd->mode, dd->lo, dd->hi);
186  if (VersionMatch(version, dd->mode, dd->lo, dd->hi))
187  SCReturnInt(1);
188  SCReturnInt(0);
189 }
190 
191 /**
192  * \internal
193  * \brief Function to parse options passed via tls validity keywords.
194  *
195  * \param rawstr Pointer to the user provided options.
196  *
197  * \retval dd pointer to DetectNfsVersionData on success.
198  * \retval NULL on failure.
199  */
200 static DetectNfsVersionData *DetectNfsVersionParse (const char *rawstr)
201 {
202  DetectNfsVersionData *dd = NULL;
203  int ret = 0, res = 0;
204  int ov[MAX_SUBSTRINGS];
205  char mode[2] = "";
206  char value1[20] = "";
207  char value2[20] = "";
208  char range[3] = "";
209 
210  ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
211  if (ret < 3 || ret > 5) {
212  SCLogError(SC_ERR_PCRE_MATCH, "Parse error %s", rawstr);
213  goto error;
214  }
215 
216  res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, mode,
217  sizeof(mode));
218  if (res < 0) {
219  SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
220  goto error;
221  }
222  SCLogDebug("mode \"%s\"", mode);
223 
224  res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, value1,
225  sizeof(value1));
226  if (res < 0) {
227  SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
228  goto error;
229  }
230  SCLogDebug("value1 \"%s\"", value1);
231 
232  if (ret > 3) {
233  res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 3,
234  range, sizeof(range));
235  if (res < 0) {
236  SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
237  goto error;
238  }
239  SCLogDebug("range \"%s\"", range);
240 
241  if (ret > 4) {
242  res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 4,
243  value2, sizeof(value2));
244  if (res < 0) {
246  "pcre_copy_substring failed");
247  goto error;
248  }
249  SCLogDebug("value2 \"%s\"", value2);
250  }
251  }
252 
253  dd = SCCalloc(1, sizeof(DetectNfsVersionData));
254  if (unlikely(dd == NULL))
255  goto error;
256 
257  if (strlen(mode) == 1) {
258  if (mode[0] == '<')
259  dd->mode = PROCEDURE_LT;
260  else if (mode[0] == '>')
261  dd->mode = PROCEDURE_GT;
262  } else if (strlen(mode) == 2) {
263  if (strcmp(mode, "<=") == 0)
264  dd->mode = PROCEDURE_LE;
265  if (strcmp(mode, ">=") == 0)
266  dd->mode = PROCEDURE_GE;
267  }
268 
269  if (strlen(range) > 0) {
270  if (strcmp("<>", range) == 0)
271  dd->mode = PROCEDURE_RA;
272  }
273 
274  if (strlen(range) != 0 && strlen(mode) != 0) {
276  "Range specified but mode also set");
277  goto error;
278  }
279 
280  if (dd->mode == 0) {
281  dd->mode = PROCEDURE_EQ;
282  }
283 
284  /* set the first value */
285  if (StringParseUint32(&dd->lo, 10, 0, (const char *)value1) < 0) {
286  SCLogError(SC_ERR_INVALID_ARGUMENT, "Invalid first value: \"%s\"", value1);
287  goto error;
288  }
289  /* set the second value if specified */
290  if (strlen(value2) > 0) {
291  if (!(dd->mode == PROCEDURE_RA)) {
293  "Multiple tls validity values specified but mode is not range");
294  goto error;
295  }
296 
297  if (StringParseUint32(&dd->hi, 10, 0, (const char *)value2) < 0) {
298  SCLogError(SC_ERR_INVALID_ARGUMENT, "Invalid second value: \"%s\"", value2);
299  goto error;
300  }
301  if (dd->hi <= dd->lo) {
303  "Second value in range must not be smaller than the first");
304  goto error;
305  }
306  }
307  return dd;
308 
309 error:
310  if (dd)
311  SCFree(dd);
312  return NULL;
313 }
314 
315 
316 
317 /**
318  * \brief Function to add the parsed tls validity field into the current signature.
319  *
320  * \param de_ctx Pointer to the Detection Engine Context.
321  * \param s Pointer to the Current Signature.
322  * \param rawstr Pointer to the user provided flags options.
323  * \param type Defines if this is notBefore or notAfter.
324  *
325  * \retval 0 on Success.
326  * \retval -1 on Failure.
327  */
328 static int DetectNfsVersionSetup (DetectEngineCtx *de_ctx, Signature *s,
329  const char *rawstr)
330 {
331  SCLogDebug("\'%s\'", rawstr);
332 
334  return -1;
335 
336  DetectNfsVersionData *dd = DetectNfsVersionParse(rawstr);
337  if (dd == NULL) {
338  SCLogError(SC_ERR_INVALID_ARGUMENT,"Parsing \'%s\' failed", rawstr);
339  return -1;
340  }
341 
342  /* okay so far so good, lets get this into a SigMatch
343  * and put it in the Signature. */
344  SigMatch *sm = SigMatchAlloc();
345  if (sm == NULL)
346  goto error;
347 
349  sm->ctx = (void *)dd;
350 
351  SCLogDebug("low %u hi %u", dd->lo, dd->hi);
352  SigMatchAppendSMToList(s, sm, g_nfs_request_buffer_id);
353  return 0;
354 
355 error:
356  DetectNfsVersionFree(de_ctx, dd);
357  return -1;
358 }
359 
360 /**
361  * \internal
362  * \brief Function to free memory associated with DetectNfsVersionData.
363  *
364  * \param de_ptr Pointer to DetectNfsVersionData.
365  */
366 void DetectNfsVersionFree(DetectEngineCtx *de_ctx, void *ptr)
367 {
368  SCFree(ptr);
369 }
370 
371 #ifdef UNITTESTS
372 
373 /**
374  * \test This is a test for a valid value 1430000000.
375  *
376  * \retval 1 on success.
377  * \retval 0 on failure.
378  */
379 static int ValidityTestParse01 (void)
380 {
381  DetectNfsVersionData *dd = NULL;
382  dd = DetectNfsVersionParse("1430000000");
383  FAIL_IF_NULL(dd);
384  FAIL_IF_NOT(dd->lo == 1430000000 && dd->mode == PROCEDURE_EQ);
385  DetectNfsVersionFree(NULL, dd);
386  PASS;
387 }
388 
389 /**
390  * \test This is a test for a valid value >1430000000.
391  *
392  * \retval 1 on success.
393  * \retval 0 on failure.
394  */
395 static int ValidityTestParse02 (void)
396 {
397  DetectNfsVersionData *dd = NULL;
398  dd = DetectNfsVersionParse(">1430000000");
399  FAIL_IF_NULL(dd);
400  FAIL_IF_NOT(dd->lo == 1430000000 && dd->mode == PROCEDURE_GT);
401  DetectNfsVersionFree(NULL, dd);
402  PASS;
403 }
404 
405 /**
406  * \test This is a test for a valid value <1430000000.
407  *
408  * \retval 1 on success.
409  * \retval 0 on failure.
410  */
411 static int ValidityTestParse03 (void)
412 {
413  DetectNfsVersionData *dd = NULL;
414  dd = DetectNfsVersionParse("<1430000000");
415  FAIL_IF_NULL(dd);
416  FAIL_IF_NOT(dd->lo == 1430000000 && dd->mode == PROCEDURE_LT);
417  DetectNfsVersionFree(NULL, dd);
418  PASS;
419 }
420 
421 /**
422  * \test This is a test for a valid value 1430000000<>1470000000.
423  *
424  * \retval 1 on success.
425  * \retval 0 on failure.
426  */
427 static int ValidityTestParse04 (void)
428 {
429  DetectNfsVersionData *dd = NULL;
430  dd = DetectNfsVersionParse("1430000000<>1470000000");
431  FAIL_IF_NULL(dd);
432  FAIL_IF_NOT(dd->lo == 1430000000 && dd->hi == 1470000000 &&
433  dd->mode == PROCEDURE_RA);
434  DetectNfsVersionFree(NULL, dd);
435  PASS;
436 }
437 
438 /**
439  * \test This is a test for a invalid value A.
440  *
441  * \retval 1 on success.
442  * \retval 0 on failure.
443  */
444 static int ValidityTestParse05 (void)
445 {
446  DetectNfsVersionData *dd = NULL;
447  dd = DetectNfsVersionParse("A");
448  FAIL_IF_NOT_NULL(dd);
449  PASS;
450 }
451 
452 /**
453  * \test This is a test for a invalid value >1430000000<>1470000000.
454  *
455  * \retval 1 on success.
456  * \retval 0 on failure.
457  */
458 static int ValidityTestParse06 (void)
459 {
460  DetectNfsVersionData *dd = NULL;
461  dd = DetectNfsVersionParse(">1430000000<>1470000000");
462  FAIL_IF_NOT_NULL(dd);
463  PASS;
464 }
465 
466 /**
467  * \test This is a test for a invalid value 1430000000<>.
468  *
469  * \retval 1 on success.
470  * \retval 0 on failure.
471  */
472 static int ValidityTestParse07 (void)
473 {
474  DetectNfsVersionData *dd = NULL;
475  dd = DetectNfsVersionParse("1430000000<>");
476  FAIL_IF_NOT_NULL(dd);
477  PASS;
478 }
479 
480 /**
481  * \test This is a test for a invalid value <>1430000000.
482  *
483  * \retval 1 on success.
484  * \retval 0 on failure.
485  */
486 static int ValidityTestParse08 (void)
487 {
488  DetectNfsVersionData *dd = NULL;
489  dd = DetectNfsVersionParse("<>1430000000");
490  FAIL_IF_NOT_NULL(dd);
491  PASS;
492 }
493 
494 /**
495  * \test This is a test for a invalid value "".
496  *
497  * \retval 1 on success.
498  * \retval 0 on failure.
499  */
500 static int ValidityTestParse09 (void)
501 {
502  DetectNfsVersionData *dd = NULL;
503  dd = DetectNfsVersionParse("");
504  FAIL_IF_NOT_NULL(dd);
505  PASS;
506 }
507 
508 /**
509  * \test This is a test for a invalid value " ".
510  *
511  * \retval 1 on success.
512  * \retval 0 on failure.
513  */
514 static int ValidityTestParse10 (void)
515 {
516  DetectNfsVersionData *dd = NULL;
517  dd = DetectNfsVersionParse(" ");
518  FAIL_IF_NOT_NULL(dd);
519  PASS;
520 }
521 
522 /**
523  * \test This is a test for a invalid value 1490000000<>1430000000.
524  *
525  * \retval 1 on success.
526  * \retval 0 on failure.
527  */
528 static int ValidityTestParse11 (void)
529 {
530  DetectNfsVersionData *dd = NULL;
531  dd = DetectNfsVersionParse("1490000000<>1430000000");
532  FAIL_IF_NOT_NULL(dd);
533  PASS;
534 }
535 
536 /**
537  * \test This is a test for a valid value 1430000000 <> 1490000000.
538  *
539  * \retval 1 on success.
540  * \retval 0 on failure.
541  */
542 static int ValidityTestParse12 (void)
543 {
544  DetectNfsVersionData *dd = NULL;
545  dd = DetectNfsVersionParse("1430000000 <> 1490000000");
546  FAIL_IF_NULL(dd);
547  FAIL_IF_NOT(dd->lo == 1430000000 && dd->hi == 1490000000 &&
548  dd->mode == PROCEDURE_RA);
549  DetectNfsVersionFree(NULL, dd);
550  PASS;
551 }
552 
553 /**
554  * \test This is a test for a valid value > 1430000000.
555  *
556  * \retval 1 on success.
557  * \retval 0 on failure.
558  */
559 static int ValidityTestParse13 (void)
560 {
561  DetectNfsVersionData *dd = NULL;
562  dd = DetectNfsVersionParse("> 1430000000 ");
563  FAIL_IF_NULL(dd);
564  FAIL_IF_NOT(dd->lo == 1430000000 && dd->mode == PROCEDURE_GT);
565  DetectNfsVersionFree(NULL, dd);
566  PASS;
567 }
568 
569 /**
570  * \test This is a test for a valid value < 1490000000.
571  *
572  * \retval 1 on success.
573  * \retval 0 on failure.
574  */
575 static int ValidityTestParse14 (void)
576 {
577  DetectNfsVersionData *dd = NULL;
578  dd = DetectNfsVersionParse("< 1490000000 ");
579  FAIL_IF_NULL(dd);
580  FAIL_IF_NOT(dd->lo == 1490000000 && dd->mode == PROCEDURE_LT);
581  DetectNfsVersionFree(NULL, dd);
582  PASS;
583 }
584 
585 /**
586  * \test This is a test for a valid value 1490000000.
587  *
588  * \retval 1 on success.
589  * \retval 0 on failure.
590  */
591 static int ValidityTestParse15 (void)
592 {
593  DetectNfsVersionData *dd = NULL;
594  dd = DetectNfsVersionParse(" 1490000000 ");
595  FAIL_IF_NULL(dd);
596  FAIL_IF_NOT(dd->lo == 1490000000 && dd->mode == PROCEDURE_EQ);
597  DetectNfsVersionFree(NULL, dd);
598  PASS;
599 }
600 
601 /**
602  * \brief Register unit tests for nfs_procedure.
603  */
604 void DetectNfsVersionRegisterTests(void)
605 {
606  UtRegisterTest("ValidityTestParse01", ValidityTestParse01);
607  UtRegisterTest("ValidityTestParse02", ValidityTestParse02);
608  UtRegisterTest("ValidityTestParse03", ValidityTestParse03);
609  UtRegisterTest("ValidityTestParse04", ValidityTestParse04);
610  UtRegisterTest("ValidityTestParse05", ValidityTestParse05);
611  UtRegisterTest("ValidityTestParse06", ValidityTestParse06);
612  UtRegisterTest("ValidityTestParse07", ValidityTestParse07);
613  UtRegisterTest("ValidityTestParse08", ValidityTestParse08);
614  UtRegisterTest("ValidityTestParse09", ValidityTestParse09);
615  UtRegisterTest("ValidityTestParse10", ValidityTestParse10);
616  UtRegisterTest("ValidityTestParse11", ValidityTestParse11);
617  UtRegisterTest("ValidityTestParse12", ValidityTestParse12);
618  UtRegisterTest("ValidityTestParse13", ValidityTestParse13);
619  UtRegisterTest("ValidityTestParse14", ValidityTestParse14);
620  UtRegisterTest("ValidityTestParse15", ValidityTestParse15);
621 }
622 #endif /* UNITTESTS */
util-byte.h
SigTableElmt_::url
const char * url
Definition: detect.h:1214
DetectSignatureSetAppProto
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
Definition: detect-parse.c:1480
detect-content.h
PROCEDURE_GT
@ PROCEDURE_GT
Definition: detect-nfs-version.c:60
detect-engine.h
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
DetectNfsVersionMode
DetectNfsVersionMode
Definition: detect-nfs-version.c:56
PROCEDURE_LE
@ PROCEDURE_LE
Definition: detect-nfs-version.c:59
DetectNfsVersionRegister
void DetectNfsVersionRegister(void)
Registration function for nfs_procedure keyword.
Definition: detect-nfs-version.c:92
SigTableElmt_::desc
const char * desc
Definition: detect.h:1213
SigTableElmt_::Free
void(* Free)(DetectEngineCtx *, void *)
Definition: detect.h:1201
flow-util.h
SigTableElmt_::name
const char * name
Definition: detect.h:1211
PROCEDURE_EQ
@ PROCEDURE_EQ
Definition: detect-nfs-version.c:57
DetectNfsVersionData_::hi
uint32_t hi
Definition: detect-nfs-version.c:67
detect-nfs-version.h
MAX_SUBSTRINGS
#define MAX_SUBSTRINGS
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:298
threads.h
Flow_
Flow data structure.
Definition: flow.h:347
DetectNfsVersionData_
Definition: detect-nfs-version.c:65
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:767
DETECT_AL_NFS_VERSION
@ DETECT_AL_NFS_VERSION
Definition: detect-engine-register.h:159
PROCEDURE_GE
@ PROCEDURE_GE
Definition: detect-nfs-version.c:61
SigTableElmt_::AppLayerTxMatch
int(* AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)
Definition: detect.h:1182
rust.h
SC_ERR_PCRE_GET_SUBSTRING
@ SC_ERR_PCRE_GET_SUBSTRING
Definition: util-error.h:34
SigMatchData_
Data needed for Match()
Definition: detect.h:329
SigTableElmt_::Setup
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Definition: detect.h:1196
detect-pcre.h
util-unittest.h
PROCEDURE_LT
@ PROCEDURE_LT
Definition: detect-nfs-version.c:58
util-unittest-helper.h
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression to true.
Definition: util-unittest.h:82
DetectEngineInspectGenericList
int DetectEngineInspectGenericList(ThreadVars *tv, const DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Flow *f, const uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
Definition: detect-engine.c:1596
DetectBufferTypeGetByName
int DetectBufferTypeGetByName(const char *name)
Definition: detect-engine.c:880
SIG_FLAG_TOSERVER
#define SIG_FLAG_TOSERVER
Definition: detect.h:236
decode.h
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
SC_ERR_PCRE_MATCH
@ SC_ERR_PCRE_MATCH
Definition: util-error.h:32
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
DetectEngineThreadCtx_
Definition: detect.h:1010
res
PoolThreadReserved res
Definition: stream-tcp-private.h:0
DetectSetupParseRegexes
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *detect_parse)
Definition: detect-parse.c:2493
SCEnter
#define SCEnter(...)
Definition: util-debug.h:300
detect-engine-mpm.h
detect.h
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:58
SC_ERR_INVALID_ARGUMENT
@ SC_ERR_INVALID_ARGUMENT
Definition: util-error.h:43
app-layer-parser.h
SigMatch_::ctx
SigMatchCtx * ctx
Definition: detect.h:323
DetectParsePcreExec
int DetectParsePcreExec(DetectParseRegex *parse_regex, const char *str, int start_offset, int options, int *ovector, int ovector_size)
Definition: detect-parse.c:2423
PARSE_REGEX
#define PARSE_REGEX
Definition: detect-nfs-version.c:53
DetectNfsVersionData
struct DetectNfsVersionData_ DetectNfsVersionData
SigMatchAlloc
SigMatch * SigMatchAlloc(void)
Definition: detect-parse.c:235
SigMatch_::type
uint8_t type
Definition: detect.h:321
SigMatchCtx_
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
Definition: detect.h:315
StringParseUint32
int StringParseUint32(uint32_t *res, int base, uint16_t len, const char *str)
Definition: util-byte.c:313
flags
uint8_t flags
Definition: decode-gre.h:0
SigTableElmt_::alias
const char * alias
Definition: detect.h:1212
suricata-common.h
sigmatch_table
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
Definition: detect-parse.c:73
DetectParseRegex_
Definition: detect-parse.h:42
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:257
version
uint8_t version
Definition: decode-gre.h:1
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:29
PROCEDURE_RA
@ PROCEDURE_RA
Definition: detect-nfs-version.c:62
str
#define str(s)
Definition: suricata-common.h:273
SCFree
#define SCFree(p)
Definition: util-mem.h:61
detect-parse.h
Signature_
Signature container.
Definition: detect.h:528
SigMatch_
a single match condition for a signature
Definition: detect.h:320
DetectNfsVersionData_::mode
enum DetectNfsVersionMode mode
Definition: detect-nfs-version.c:68
flow.h
DetectAppLayerInspectEngineRegister
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr Callback)
register inspect engine at start up time
Definition: detect-engine.c:171
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:304
flow-var.h
SigMatchAppendSMToList
void SigMatchAppendSMToList(Signature *s, SigMatch *new, int list)
Append a SigMatch to the list type.
Definition: detect-parse.c:349
ALPROTO_NFS
@ ALPROTO_NFS
Definition: app-layer-protos.h:45
debug.h
SigTableElmt_::RegisterTests
void(* RegisterTests)(void)
Definition: detect.h:1203
app-layer-nfs-tcp.h
DetectNfsVersionData_::lo
uint32_t lo
Definition: detect-nfs-version.c:66