suricata
Macros | Functions
detect-ssh-proto-version.c File Reference
#include "suricata-common.h"
#include "threads.h"
#include "decode.h"
#include "detect.h"
#include "detect-parse.h"
#include "detect-engine.h"
#include "detect-engine-mpm.h"
#include "detect-engine-state.h"
#include "detect-engine-build.h"
#include "flow.h"
#include "flow-var.h"
#include "flow-util.h"
#include "util-debug.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "app-layer.h"
#include "app-layer-parser.h"
#include "app-layer-ssh.h"
#include "detect-ssh-proto-version.h"
#include "rust.h"
#include "stream-tcp.h"
#include "detect-engine-alert.h"
#include "stream-tcp-reassemble.h"
#include "stream-tcp-util.h"
Include dependency graph for detect-ssh-proto-version.c:

Go to the source code of this file.

Macros

#define PARSE_REGEX   "^\\s*\"?\\s*([0-9]+([\\.\\-0-9]+)?|2_compat)\\s*\"?\\s*$"
 Regex for parsing the protoversion string. More...
 

Functions

void DetectSshVersionRegister (void)
 Registration function for keyword: ssh.protoversion. More...
 

Detailed Description

Author
Pablo Rincon pablo.nosp@m..rin.nosp@m.con.c.nosp@m.resp.nosp@m.o@gma.nosp@m.il.c.nosp@m.om

Implements the ssh.protoversion keyword You can specify a concrete version like ssh.protoversion: 1.66 or search for protoversion 2 compat (1.99 is considered as 2) like ssh.protoversion:2_compat or just the beginning of the string like ssh.protoversion:"1."

Definition in file detect-ssh-proto-version.c.

Macro Definition Documentation

◆ PARSE_REGEX

#define PARSE_REGEX   "^\\s*\"?\\s*([0-9]+([\\.\\-0-9]+)?|2_compat)\\s*\"?\\s*$"

Regex for parsing the protoversion string.

Definition at line 62 of file detect-ssh-proto-version.c.

Function Documentation

◆ DetectSshVersionRegister()

void DetectSshVersionRegister ( void  )

Registration function for keyword: ssh.protoversion.

Definition at line 78 of file detect-ssh-proto-version.c.

References SigTableElmt_::AppLayerTxMatch, SigTableElmt_::desc, DETECT_AL_SSH_PROTOVERSION, SigTableElmt_::name, sigmatch_table, and SigTableElmt_::url.

Referenced by SigTableSetup().

Here is the caller graph for this function: