Go to the documentation of this file.
37 #define PARSE_REGEX "^\\s*(<=|>=|<|>)?\\s*([0-9]+)\\s*$"
57 static void DetectSNMPVersionRegisterTests(
void);
59 static int g_snmp_version_buffer_id = 0;
66 uint8_t,
void *,
void *,
const Signature *,
88 DetectEngineInspectSNMPRequestGeneric, NULL);
91 DetectEngineInspectSNMPRequestGeneric, NULL);
105 VersionMatch(
const uint32_t
version,
158 rs_snmp_tx_get_version(txv, &
version);
159 SCLogDebug(
"version %u mode %u ref_version %d",
178 int ret = 0,
res = 0;
181 char value1[20] =
"";
185 if (ret < 3 || ret > 5) {
190 pcre2len =
sizeof(mode);
197 pcre2len =
sizeof(value1);
198 res = pcre2_substring_copy_bynumber(parse_regex.
match, 2, (PCRE2_UCHAR8 *)value1, &pcre2len);
208 if (strlen(mode) == 1) {
211 else if (mode[0] ==
'>')
213 }
else if (strlen(mode) == 2) {
214 if (strcmp(mode,
"<=") == 0)
216 if (strcmp(mode,
">=") == 0)
225 dd->
version = strtoul(value1, &endptr, 10);
226 if (endptr == NULL || *endptr !=
'\0') {
228 "to snmp.version keyword");
262 dd = DetectSNMPVersionParse(rawstr);
275 sm->
ctx = (
void *)dd;
282 DetectSNMPVersionFree(
de_ctx, dd);
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
int DetectParsePcreExec(DetectParseRegex *parse_regex, const char *str, int start_offset, int options)
void(* Free)(DetectEngineCtx *, void *)
int DetectEngineInspectGenericList(const DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Flow *f, const uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
enum DetectSNMPVersionMode mode
struct DetectSNMPVersionData_ DetectSNMPVersionData
main detection engine ctx
@ SC_ERR_INVALID_SIGNATURE
int(* AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)
@ SC_ERR_PCRE_GET_SUBSTRING
#define SIG_FLAG_TOCLIENT
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
int DetectBufferTypeGetByName(const char *name)
#define SIG_FLAG_TOSERVER
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *detect_parse)
@ SC_ERR_INVALID_ARGUMENT
void DetectAppLayerInspectEngineRegister2(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr2 Callback2, InspectionBufferGetDataPtr GetData)
register inspect engine at start up time
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
SigMatch * SigMatchAlloc(void)
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
void DetectSNMPVersionRegister(void)
Registration function for snmp.procedure keyword.
a single match condition for a signature
int SC_Pcre2SubstringCopy(pcre2_match_data *match_data, uint32_t number, PCRE2_UCHAR *buffer, PCRE2_SIZE *bufflen)
void SigMatchAppendSMToList(Signature *s, SigMatch *new, int list)
Append a SigMatch to the list type.
void(* RegisterTests)(void)