suricata
detect-nfs-version.c
Go to the documentation of this file.
1 /* Copyright (C) 2017-2020 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #include "suricata-common.h"
25 #include "threads.h"
26 #include "debug.h"
27 #include "decode.h"
28 #include "detect.h"
29 
30 #include "detect-parse.h"
31 #include "detect-engine.h"
32 #include "detect-engine-mpm.h"
33 #include "detect-content.h"
34 #include "detect-pcre.h"
35 #include "detect-nfs-version.h"
36 
37 #include "app-layer-parser.h"
38 
39 #include "flow.h"
40 #include "flow-util.h"
41 #include "flow-var.h"
42 
43 #include "util-unittest.h"
44 #include "util-unittest-helper.h"
45 
46 #include "app-layer-nfs-tcp.h"
47 #include "rust.h"
48 
49 /**
50  * [nfs_procedure]:[<|>]<proc>[<><proc>];
51  */
52 #define PARSE_REGEX "^\\s*(<=|>=|<|>)?\\s*([0-9]+)\\s*(?:(<>)\\s*([0-9]+))?\\s*$"
53 static DetectParseRegex parse_regex;
54 
56  PROCEDURE_EQ = 1, /* equal */
57  PROCEDURE_LT, /* less than */
58  PROCEDURE_LE, /* less than */
59  PROCEDURE_GT, /* greater than */
60  PROCEDURE_GE, /* greater than */
61  PROCEDURE_RA, /* range */
62 };
63 
64 typedef struct DetectNfsVersionData_ {
65  uint32_t lo;
66  uint32_t hi;
69 
70 static DetectNfsVersionData *DetectNfsVersionParse (const char *);
71 static int DetectNfsVersionSetup (DetectEngineCtx *, Signature *s, const char *str);
72 static void DetectNfsVersionFree(DetectEngineCtx *de_ctx, void *);
73 static void DetectNfsVersionRegisterTests(void);
74 static int g_nfs_request_buffer_id = 0;
75 
76 static int DetectEngineInspectNfsRequestGeneric(ThreadVars *tv,
78  const Signature *s, const SigMatchData *smd,
79  Flow *f, uint8_t flags, void *alstate,
80  void *txv, uint64_t tx_id);
81 
82 static int DetectNfsVersionMatch (DetectEngineThreadCtx *, Flow *,
83  uint8_t, void *, void *, const Signature *,
84  const SigMatchCtx *);
85 
86 /**
87  * \brief Registration function for nfs_procedure keyword.
88  */
90 {
91  sigmatch_table[DETECT_AL_NFS_VERSION].name = "nfs.version";
93  sigmatch_table[DETECT_AL_NFS_VERSION].desc = "match NFS version";
94  sigmatch_table[DETECT_AL_NFS_VERSION].url = "/rules/nfs-keywords.html#version";
95  sigmatch_table[DETECT_AL_NFS_VERSION].AppLayerTxMatch = DetectNfsVersionMatch;
96  sigmatch_table[DETECT_AL_NFS_VERSION].Setup = DetectNfsVersionSetup;
97  sigmatch_table[DETECT_AL_NFS_VERSION].Free = DetectNfsVersionFree;
98  sigmatch_table[DETECT_AL_NFS_VERSION].RegisterTests = DetectNfsVersionRegisterTests;
99 
100  DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
101 
104  DetectEngineInspectNfsRequestGeneric);
105 
106  g_nfs_request_buffer_id = DetectBufferTypeGetByName("nfs_request");
107 
108  SCLogDebug("g_nfs_request_buffer_id %d", g_nfs_request_buffer_id);
109 }
110 
111 static int DetectEngineInspectNfsRequestGeneric(ThreadVars *tv,
113  const Signature *s, const SigMatchData *smd,
114  Flow *f, uint8_t flags, void *alstate,
115  void *txv, uint64_t tx_id)
116 {
117  return DetectEngineInspectGenericList(tv, de_ctx, det_ctx, s, smd,
118  f, flags, alstate, txv, tx_id);
119 }
120 
121 static inline int
122 VersionMatch(const uint32_t version,
123  enum DetectNfsVersionMode mode, uint32_t lo, uint32_t hi)
124 {
125  switch (mode) {
126  case PROCEDURE_EQ:
127  if (version == lo)
128  SCReturnInt(1);
129  break;
130  case PROCEDURE_LT:
131  if (version < lo)
132  SCReturnInt(1);
133  break;
134  case PROCEDURE_LE:
135  if (version <= lo)
136  SCReturnInt(1);
137  break;
138  case PROCEDURE_GT:
139  if (version > lo)
140  SCReturnInt(1);
141  break;
142  case PROCEDURE_GE:
143  if (version >= lo)
144  SCReturnInt(1);
145  break;
146  case PROCEDURE_RA:
147  if (version >= lo && version <= hi)
148  SCReturnInt(1);
149  break;
150  }
151  SCReturnInt(0);
152 }
153 
154 /**
155  * \internal
156  * \brief Function to match version of a TX
157  *
158  * \param t Pointer to thread vars.
159  * \param det_ctx Pointer to the pattern matcher thread.
160  * \param f Pointer to the current flow.
161  * \param flags Flags.
162  * \param state App layer state.
163  * \param s Pointer to the Signature.
164  * \param m Pointer to the sigmatch that we will cast into
165  * DetectNfsVersionData.
166  *
167  * \retval 0 no match.
168  * \retval 1 match.
169  */
170 static int DetectNfsVersionMatch (DetectEngineThreadCtx *det_ctx,
171  Flow *f, uint8_t flags, void *state,
172  void *txv, const Signature *s,
173  const SigMatchCtx *ctx)
174 {
175  SCEnter();
176 
177  const DetectNfsVersionData *dd = (const DetectNfsVersionData *)ctx;
178  uint32_t version;
179  rs_nfs_tx_get_version(txv, &version);
180  SCLogDebug("version %u mode %u lo %u hi %u",
181  version, dd->mode, dd->lo, dd->hi);
182  if (VersionMatch(version, dd->mode, dd->lo, dd->hi))
183  SCReturnInt(1);
184  SCReturnInt(0);
185 }
186 
187 /**
188  * \internal
189  * \brief Function to parse options passed via tls validity keywords.
190  *
191  * \param rawstr Pointer to the user provided options.
192  *
193  * \retval dd pointer to DetectNfsVersionData on success.
194  * \retval NULL on failure.
195  */
196 static DetectNfsVersionData *DetectNfsVersionParse (const char *rawstr)
197 {
198  DetectNfsVersionData *dd = NULL;
199  int ret = 0, res = 0;
200  int ov[MAX_SUBSTRINGS];
201  char mode[2] = "";
202  char value1[20] = "";
203  char value2[20] = "";
204  char range[3] = "";
205 
206  ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS);
207  if (ret < 3 || ret > 5) {
208  SCLogError(SC_ERR_PCRE_MATCH, "Parse error %s", rawstr);
209  goto error;
210  }
211 
212  res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 1, mode,
213  sizeof(mode));
214  if (res < 0) {
215  SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
216  goto error;
217  }
218  SCLogDebug("mode \"%s\"", mode);
219 
220  res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, value1,
221  sizeof(value1));
222  if (res < 0) {
223  SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
224  goto error;
225  }
226  SCLogDebug("value1 \"%s\"", value1);
227 
228  if (ret > 3) {
229  res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 3,
230  range, sizeof(range));
231  if (res < 0) {
232  SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_copy_substring failed");
233  goto error;
234  }
235  SCLogDebug("range \"%s\"", range);
236 
237  if (ret > 4) {
238  res = pcre_copy_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 4,
239  value2, sizeof(value2));
240  if (res < 0) {
242  "pcre_copy_substring failed");
243  goto error;
244  }
245  SCLogDebug("value2 \"%s\"", value2);
246  }
247  }
248 
249  dd = SCCalloc(1, sizeof(DetectNfsVersionData));
250  if (unlikely(dd == NULL))
251  goto error;
252 
253  if (strlen(mode) == 1) {
254  if (mode[0] == '<')
255  dd->mode = PROCEDURE_LT;
256  else if (mode[0] == '>')
257  dd->mode = PROCEDURE_GT;
258  } else if (strlen(mode) == 2) {
259  if (strcmp(mode, "<=") == 0)
260  dd->mode = PROCEDURE_LE;
261  if (strcmp(mode, ">=") == 0)
262  dd->mode = PROCEDURE_GE;
263  }
264 
265  if (strlen(range) > 0) {
266  if (strcmp("<>", range) == 0)
267  dd->mode = PROCEDURE_RA;
268  }
269 
270  if (strlen(range) != 0 && strlen(mode) != 0) {
272  "Range specified but mode also set");
273  goto error;
274  }
275 
276  if (dd->mode == 0) {
277  dd->mode = PROCEDURE_EQ;
278  }
279 
280  /* set the first value */
281  dd->lo = atoi(value1); //TODO
282 
283  /* set the second value if specified */
284  if (strlen(value2) > 0) {
285  if (!(dd->mode == PROCEDURE_RA)) {
287  "Multiple tls validity values specified but mode is not range");
288  goto error;
289  }
290 
291  //
292  dd->hi = atoi(value2); // TODO
293 
294  if (dd->hi <= dd->lo) {
296  "Second value in range must not be smaller than the first");
297  goto error;
298  }
299  }
300  return dd;
301 
302 error:
303  if (dd)
304  SCFree(dd);
305  return NULL;
306 }
307 
308 
309 
310 /**
311  * \brief Function to add the parsed tls validity field into the current signature.
312  *
313  * \param de_ctx Pointer to the Detection Engine Context.
314  * \param s Pointer to the Current Signature.
315  * \param rawstr Pointer to the user provided flags options.
316  * \param type Defines if this is notBefore or notAfter.
317  *
318  * \retval 0 on Success.
319  * \retval -1 on Failure.
320  */
321 static int DetectNfsVersionSetup (DetectEngineCtx *de_ctx, Signature *s,
322  const char *rawstr)
323 {
324  SCLogDebug("\'%s\'", rawstr);
325 
327  return -1;
328 
329  DetectNfsVersionData *dd = DetectNfsVersionParse(rawstr);
330  if (dd == NULL) {
331  SCLogError(SC_ERR_INVALID_ARGUMENT,"Parsing \'%s\' failed", rawstr);
332  return -1;
333  }
334 
335  /* okay so far so good, lets get this into a SigMatch
336  * and put it in the Signature. */
337  SigMatch *sm = SigMatchAlloc();
338  if (sm == NULL)
339  goto error;
340 
342  sm->ctx = (void *)dd;
343 
344  SCLogDebug("low %u hi %u", dd->lo, dd->hi);
345  SigMatchAppendSMToList(s, sm, g_nfs_request_buffer_id);
346  return 0;
347 
348 error:
349  DetectNfsVersionFree(de_ctx, dd);
350  return -1;
351 }
352 
353 /**
354  * \internal
355  * \brief Function to free memory associated with DetectNfsVersionData.
356  *
357  * \param de_ptr Pointer to DetectNfsVersionData.
358  */
359 void DetectNfsVersionFree(DetectEngineCtx *de_ctx, void *ptr)
360 {
361  SCFree(ptr);
362 }
363 
364 #ifdef UNITTESTS
365 
366 /**
367  * \test This is a test for a valid value 1430000000.
368  *
369  * \retval 1 on success.
370  * \retval 0 on failure.
371  */
372 static int ValidityTestParse01 (void)
373 {
374  DetectNfsVersionData *dd = NULL;
375  dd = DetectNfsVersionParse("1430000000");
376  FAIL_IF_NULL(dd);
377  FAIL_IF_NOT(dd->lo == 1430000000 && dd->mode == PROCEDURE_EQ);
378  DetectNfsVersionFree(NULL, dd);
379  PASS;
380 }
381 
382 /**
383  * \test This is a test for a valid value >1430000000.
384  *
385  * \retval 1 on success.
386  * \retval 0 on failure.
387  */
388 static int ValidityTestParse02 (void)
389 {
390  DetectNfsVersionData *dd = NULL;
391  dd = DetectNfsVersionParse(">1430000000");
392  FAIL_IF_NULL(dd);
393  FAIL_IF_NOT(dd->lo == 1430000000 && dd->mode == PROCEDURE_GT);
394  DetectNfsVersionFree(NULL, dd);
395  PASS;
396 }
397 
398 /**
399  * \test This is a test for a valid value <1430000000.
400  *
401  * \retval 1 on success.
402  * \retval 0 on failure.
403  */
404 static int ValidityTestParse03 (void)
405 {
406  DetectNfsVersionData *dd = NULL;
407  dd = DetectNfsVersionParse("<1430000000");
408  FAIL_IF_NULL(dd);
409  FAIL_IF_NOT(dd->lo == 1430000000 && dd->mode == PROCEDURE_LT);
410  DetectNfsVersionFree(NULL, dd);
411  PASS;
412 }
413 
414 /**
415  * \test This is a test for a valid value 1430000000<>1470000000.
416  *
417  * \retval 1 on success.
418  * \retval 0 on failure.
419  */
420 static int ValidityTestParse04 (void)
421 {
422  DetectNfsVersionData *dd = NULL;
423  dd = DetectNfsVersionParse("1430000000<>1470000000");
424  FAIL_IF_NULL(dd);
425  FAIL_IF_NOT(dd->lo == 1430000000 && dd->hi == 1470000000 &&
426  dd->mode == PROCEDURE_RA);
427  DetectNfsVersionFree(NULL, dd);
428  PASS;
429 }
430 
431 /**
432  * \test This is a test for a invalid value A.
433  *
434  * \retval 1 on success.
435  * \retval 0 on failure.
436  */
437 static int ValidityTestParse05 (void)
438 {
439  DetectNfsVersionData *dd = NULL;
440  dd = DetectNfsVersionParse("A");
441  FAIL_IF_NOT_NULL(dd);
442  PASS;
443 }
444 
445 /**
446  * \test This is a test for a invalid value >1430000000<>1470000000.
447  *
448  * \retval 1 on success.
449  * \retval 0 on failure.
450  */
451 static int ValidityTestParse06 (void)
452 {
453  DetectNfsVersionData *dd = NULL;
454  dd = DetectNfsVersionParse(">1430000000<>1470000000");
455  FAIL_IF_NOT_NULL(dd);
456  PASS;
457 }
458 
459 /**
460  * \test This is a test for a invalid value 1430000000<>.
461  *
462  * \retval 1 on success.
463  * \retval 0 on failure.
464  */
465 static int ValidityTestParse07 (void)
466 {
467  DetectNfsVersionData *dd = NULL;
468  dd = DetectNfsVersionParse("1430000000<>");
469  FAIL_IF_NOT_NULL(dd);
470  PASS;
471 }
472 
473 /**
474  * \test This is a test for a invalid value <>1430000000.
475  *
476  * \retval 1 on success.
477  * \retval 0 on failure.
478  */
479 static int ValidityTestParse08 (void)
480 {
481  DetectNfsVersionData *dd = NULL;
482  dd = DetectNfsVersionParse("<>1430000000");
483  FAIL_IF_NOT_NULL(dd);
484  PASS;
485 }
486 
487 /**
488  * \test This is a test for a invalid value "".
489  *
490  * \retval 1 on success.
491  * \retval 0 on failure.
492  */
493 static int ValidityTestParse09 (void)
494 {
495  DetectNfsVersionData *dd = NULL;
496  dd = DetectNfsVersionParse("");
497  FAIL_IF_NOT_NULL(dd);
498  PASS;
499 }
500 
501 /**
502  * \test This is a test for a invalid value " ".
503  *
504  * \retval 1 on success.
505  * \retval 0 on failure.
506  */
507 static int ValidityTestParse10 (void)
508 {
509  DetectNfsVersionData *dd = NULL;
510  dd = DetectNfsVersionParse(" ");
511  FAIL_IF_NOT_NULL(dd);
512  PASS;
513 }
514 
515 /**
516  * \test This is a test for a invalid value 1490000000<>1430000000.
517  *
518  * \retval 1 on success.
519  * \retval 0 on failure.
520  */
521 static int ValidityTestParse11 (void)
522 {
523  DetectNfsVersionData *dd = NULL;
524  dd = DetectNfsVersionParse("1490000000<>1430000000");
525  FAIL_IF_NOT_NULL(dd);
526  PASS;
527 }
528 
529 /**
530  * \test This is a test for a valid value 1430000000 <> 1490000000.
531  *
532  * \retval 1 on success.
533  * \retval 0 on failure.
534  */
535 static int ValidityTestParse12 (void)
536 {
537  DetectNfsVersionData *dd = NULL;
538  dd = DetectNfsVersionParse("1430000000 <> 1490000000");
539  FAIL_IF_NULL(dd);
540  FAIL_IF_NOT(dd->lo == 1430000000 && dd->hi == 1490000000 &&
541  dd->mode == PROCEDURE_RA);
542  DetectNfsVersionFree(NULL, dd);
543  PASS;
544 }
545 
546 /**
547  * \test This is a test for a valid value > 1430000000.
548  *
549  * \retval 1 on success.
550  * \retval 0 on failure.
551  */
552 static int ValidityTestParse13 (void)
553 {
554  DetectNfsVersionData *dd = NULL;
555  dd = DetectNfsVersionParse("> 1430000000 ");
556  FAIL_IF_NULL(dd);
557  FAIL_IF_NOT(dd->lo == 1430000000 && dd->mode == PROCEDURE_GT);
558  DetectNfsVersionFree(NULL, dd);
559  PASS;
560 }
561 
562 /**
563  * \test This is a test for a valid value < 1490000000.
564  *
565  * \retval 1 on success.
566  * \retval 0 on failure.
567  */
568 static int ValidityTestParse14 (void)
569 {
570  DetectNfsVersionData *dd = NULL;
571  dd = DetectNfsVersionParse("< 1490000000 ");
572  FAIL_IF_NULL(dd);
573  FAIL_IF_NOT(dd->lo == 1490000000 && dd->mode == PROCEDURE_LT);
574  DetectNfsVersionFree(NULL, dd);
575  PASS;
576 }
577 
578 /**
579  * \test This is a test for a valid value 1490000000.
580  *
581  * \retval 1 on success.
582  * \retval 0 on failure.
583  */
584 static int ValidityTestParse15 (void)
585 {
586  DetectNfsVersionData *dd = NULL;
587  dd = DetectNfsVersionParse(" 1490000000 ");
588  FAIL_IF_NULL(dd);
589  FAIL_IF_NOT(dd->lo == 1490000000 && dd->mode == PROCEDURE_EQ);
590  DetectNfsVersionFree(NULL, dd);
591  PASS;
592 }
593 
594 #endif /* UNITTESTS */
595 
596 /**
597  * \brief Register unit tests for nfs_procedure.
598  */
599 void DetectNfsVersionRegisterTests(void)
600 {
601 #ifdef UNITTESTS /* UNITTESTS */
602  UtRegisterTest("ValidityTestParse01", ValidityTestParse01);
603  UtRegisterTest("ValidityTestParse02", ValidityTestParse02);
604  UtRegisterTest("ValidityTestParse03", ValidityTestParse03);
605  UtRegisterTest("ValidityTestParse04", ValidityTestParse04);
606  UtRegisterTest("ValidityTestParse05", ValidityTestParse05);
607  UtRegisterTest("ValidityTestParse06", ValidityTestParse06);
608  UtRegisterTest("ValidityTestParse07", ValidityTestParse07);
609  UtRegisterTest("ValidityTestParse08", ValidityTestParse08);
610  UtRegisterTest("ValidityTestParse09", ValidityTestParse09);
611  UtRegisterTest("ValidityTestParse10", ValidityTestParse10);
612  UtRegisterTest("ValidityTestParse11", ValidityTestParse11);
613  UtRegisterTest("ValidityTestParse12", ValidityTestParse12);
614  UtRegisterTest("ValidityTestParse13", ValidityTestParse13);
615  UtRegisterTest("ValidityTestParse14", ValidityTestParse14);
616  UtRegisterTest("ValidityTestParse15", ValidityTestParse15);
617 #endif /* UNITTESTS */
618 }
SigTableElmt_::url
const char * url
Definition: detect.h:1212
DetectSignatureSetAppProto
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
Definition: detect-parse.c:1468
detect-content.h
PROCEDURE_GT
@ PROCEDURE_GT
Definition: detect-nfs-version.c:59
detect-engine.h
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
DetectNfsVersionMode
DetectNfsVersionMode
Definition: detect-nfs-version.c:55
PROCEDURE_LE
@ PROCEDURE_LE
Definition: detect-nfs-version.c:58
DetectNfsVersionRegister
void DetectNfsVersionRegister(void)
Registration function for nfs_procedure keyword.
Definition: detect-nfs-version.c:89
SigTableElmt_::desc
const char * desc
Definition: detect.h:1211
SigTableElmt_::Free
void(* Free)(DetectEngineCtx *, void *)
Definition: detect.h:1200
flow-util.h
SigTableElmt_::name
const char * name
Definition: detect.h:1209
PROCEDURE_EQ
@ PROCEDURE_EQ
Definition: detect-nfs-version.c:56
DetectNfsVersionData_::hi
uint32_t hi
Definition: detect-nfs-version.c:66
detect-nfs-version.h
MAX_SUBSTRINGS
#define MAX_SUBSTRINGS
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:298
threads.h
Flow_
Flow data structure.
Definition: flow.h:343
DetectNfsVersionData_
Definition: detect-nfs-version.c:64
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:766
DETECT_AL_NFS_VERSION
@ DETECT_AL_NFS_VERSION
Definition: detect-engine-register.h:158
PROCEDURE_GE
@ PROCEDURE_GE
Definition: detect-nfs-version.c:60
SigTableElmt_::AppLayerTxMatch
int(* AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)
Definition: detect.h:1181
rust.h
SC_ERR_PCRE_GET_SUBSTRING
@ SC_ERR_PCRE_GET_SUBSTRING
Definition: util-error.h:34
SigMatchData_
Data needed for Match()
Definition: detect.h:328
SigTableElmt_::Setup
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Definition: detect.h:1195
detect-pcre.h
util-unittest.h
PROCEDURE_LT
@ PROCEDURE_LT
Definition: detect-nfs-version.c:57
util-unittest-helper.h
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression to true.
Definition: util-unittest.h:82
DetectEngineInspectGenericList
int DetectEngineInspectGenericList(ThreadVars *tv, const DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Flow *f, const uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
Definition: detect-engine.c:1592
DetectBufferTypeGetByName
int DetectBufferTypeGetByName(const char *name)
Definition: detect-engine.c:876
SIG_FLAG_TOSERVER
#define SIG_FLAG_TOSERVER
Definition: detect.h:236
decode.h
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
SC_ERR_PCRE_MATCH
@ SC_ERR_PCRE_MATCH
Definition: util-error.h:32
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
DetectEngineThreadCtx_
Definition: detect.h:1009
res
PoolThreadReserved res
Definition: stream-tcp-private.h:0
DetectSetupParseRegexes
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *detect_parse)
Definition: detect-parse.c:2456
SCEnter
#define SCEnter(...)
Definition: util-debug.h:300
detect-engine-mpm.h
detect.h
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:58
SC_ERR_INVALID_ARGUMENT
@ SC_ERR_INVALID_ARGUMENT
Definition: util-error.h:43
app-layer-parser.h
SigMatch_::ctx
SigMatchCtx * ctx
Definition: detect.h:322
DetectParsePcreExec
int DetectParsePcreExec(DetectParseRegex *parse_regex, const char *str, int start_offset, int options, int *ovector, int ovector_size)
Definition: detect-parse.c:2388
PARSE_REGEX
#define PARSE_REGEX
Definition: detect-nfs-version.c:52
DetectNfsVersionData
struct DetectNfsVersionData_ DetectNfsVersionData
SigMatchAlloc
SigMatch * SigMatchAlloc(void)
Definition: detect-parse.c:235
SigMatch_::type
uint8_t type
Definition: detect.h:320
SigMatchCtx_
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
Definition: detect.h:314
flags
uint8_t flags
Definition: decode-gre.h:0
SigTableElmt_::alias
const char * alias
Definition: detect.h:1210
suricata-common.h
sigmatch_table
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
Definition: detect-parse.c:73
DetectParseRegex_
Definition: detect-parse.h:42
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:257
version
uint8_t version
Definition: decode-gre.h:1
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:29
PROCEDURE_RA
@ PROCEDURE_RA
Definition: detect-nfs-version.c:61
str
#define str(s)
Definition: suricata-common.h:273
SCFree
#define SCFree(p)
Definition: util-mem.h:61
detect-parse.h
Signature_
Signature container.
Definition: detect.h:527
SigMatch_
a single match condition for a signature
Definition: detect.h:319
DetectNfsVersionData_::mode
enum DetectNfsVersionMode mode
Definition: detect-nfs-version.c:67
flow.h
DetectAppLayerInspectEngineRegister
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr Callback)
register inspect engine at start up time
Definition: detect-engine.c:170
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:304
flow-var.h
SigMatchAppendSMToList
void SigMatchAppendSMToList(Signature *s, SigMatch *new, int list)
Append a SigMatch to the list type.
Definition: detect-parse.c:349
ALPROTO_NFS
@ ALPROTO_NFS
Definition: app-layer-protos.h:45
debug.h
SigTableElmt_::RegisterTests
void(* RegisterTests)(void)
Definition: detect.h:1201
app-layer-nfs-tcp.h
DetectNfsVersionData_::lo
uint32_t lo
Definition: detect-nfs-version.c:65