Go to the documentation of this file.
51 #define KEYWORD_NAME "ssh.hassh.string"
52 #define KEYWORD_ALIAS "ssh-hassh-string"
53 #define KEYWORD_DOC "ssh-keywords.html#hassh.string"
54 #define BUFFER_NAME "ssh.hassh.string"
55 #define BUFFER_DESC "Ssh Client Key Exchange methods For ssh Clients "
56 static int g_ssh_hassh_string_buffer_id = 0;
61 const uint8_t flow_flags,
void *txv,
const int list_id)
69 const uint8_t *hassh = NULL;
72 if (rs_ssh_tx_get_hassh_string(txv, &hassh, &b_len, flow_flags) != 1)
74 if (hassh == NULL || b_len == 0) {
106 rs_ssh_enable_hassh();
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
void DetectAppLayerMpmRegister2(const char *name, int direction, int priority, PrefilterRegisterFunc PrefilterRegister, InspectionBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress)
register a MPM engine
#define SIGMATCH_INFO_STICKY_BUFFER
uint8_t DetectEngineInspectBufferGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
int DetectBufferSetActiveList(DetectEngineCtx *de_ctx, Signature *s, const int list)
main detection engine ctx
void DetectSshHasshStringRegister(void)
Registration function for hassh.string keyword.
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
InspectionBuffer * InspectionBufferGet(DetectEngineThreadCtx *det_ctx, const int list_id)
int DetectBufferTypeGetByName(const char *name)
#define SIG_FLAG_TOSERVER
int PrefilterGenericMpmRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
void DetectAppLayerInspectEngineRegister2(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr2 Callback2, InspectionBufferGetDataPtr GetData)
register inspect engine at start up time
Data structures and function prototypes for keeping state for the detection engine.
int RunmodeIsUnittests(void)
bool SigMatchSilentErrorEnabled(const DetectEngineCtx *de_ctx, const enum DetectKeywordId id)
@ DETECT_AL_SSH_HASSH_STRING
void InspectionBufferApplyTransforms(InspectionBuffer *buffer, const DetectEngineTransforms *transforms)
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
#define SCLogError(...)
Macro used to log ERROR messages.
void InspectionBufferSetup(DetectEngineThreadCtx *det_ctx, const int list_id, InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len)
setup the buffer with our initial data
void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc)