|
suricata
|
|
suricata
|
#include "suricata-common.h"#include "threads.h"#include "debug.h"#include "decode.h"#include "detect.h"#include "detect-parse.h"#include "detect-engine.h"#include "detect-engine-mpm.h"#include "detect-engine-state.h"#include "flow.h"#include "flow-var.h"#include "flow-util.h"#include "util-debug.h"#include "util-unittest.h"#include "util-unittest-helper.h"#include "app-layer.h"#include "app-layer-parser.h"#include "app-layer-ssh.h"#include "detect-ssh-proto-version.h"#include "stream-tcp.h"#include "stream-tcp-reassemble.h"
Go to the source code of this file.
Macros | |
| #define | PARSE_REGEX "^\\s*\"?\\s*([0-9]+([\\.\\-0-9]+)?|2_compat)\\s*\"?\\s*$" |
| Regex for parsing the protoversion string. More... | |
| #define | MAX_SUBSTRINGS 30 |
Functions | |
| void | DetectSshVersionRegister (void) |
| Registration function for keyword: ssh.protoversion. More... | |
Implements the ssh.protoversion keyword You can specify a concrete version like ssh.protoversion: 1.66 or search for protoversion 2 compat (1.99 is considered as 2) like ssh.protoversion:2_compat or just the beginning of the string like ssh.protoversion:"1."
Definition in file detect-ssh-proto-version.c.
| #define MAX_SUBSTRINGS 30 |
Referenced by DetectSshVersionRegister().
| #define PARSE_REGEX "^\\s*\"?\\s*([0-9]+([\\.\\-0-9]+)?|2_compat)\\s*\"?\\s*$" |
Regex for parsing the protoversion string.
Definition at line 60 of file detect-ssh-proto-version.c.
Referenced by DetectSshVersionRegister().
| void DetectSshVersionRegister | ( | void | ) |
Registration function for keyword: ssh.protoversion.
Definition at line 76 of file detect-ssh-proto-version.c.
References Flow_::alproto, ALPROTO_SSH, Flow_::alstate, SigTableElmt_::alternative, AppLayerParserParse(), AppLayerParserThreadCtxAlloc(), AppLayerParserThreadCtxFree(), SigTableElmt_::AppLayerTxMatch, SshState_::cli_hdr, SigMatch_::ctx, DE_QUIET, SigTableElmt_::desc, DETECT_AL_SSH_PROTOCOL, DETECT_AL_SSH_PROTOVERSION, DetectBufferTypeRegister(), DetectEngineCtxFree(), DetectEngineCtxInit(), DetectEngineThreadCtxDeinit(), DetectEngineThreadCtxInit(), DetectSetupParseRegexes(), DetectSignatureSetAppProto(), DOC_URL, DOC_VERSION, FAIL_IF, FAIL_IF_NULL, DetectSshVersionData_::flags, SshHeader_::flags, flags, Packet_::flags, DetectEngineCtx_::flags, SigTableElmt_::flags, Packet_::flow, FLOW_DESTROY, FLOW_INITIALIZE, FLOW_PKT_ESTABLISHED, FLOW_PKT_TOSERVER, Packet_::flowflags, FLOWLOCK_UNLOCK, FLOWLOCK_WRLOCK, SigTableElmt_::Free, DetectSshVersionData_::len, m, MAX_SUBSTRINGS, SigTableElmt_::name, PacketAlertCheck(), PARSE_REGEX, PASS, PKT_HAS_FLOW, PKT_STREAM_EST, Flow_::proto, SshHeader_::proto_version, Flow_::protoctx, SigTableElmt_::RegisterTests, res, SC_ERR_PCRE_GET_SUBSTRING, SC_ERR_PCRE_MATCH, SCEnter, SCFree, SCLogDebug, SCLogError, SCMalloc, SCReturnInt, SCStrdup, SigTableElmt_::Setup, DetectEngineCtx_::sig_list, SigCleanSignatures(), SigGroupBuild(), SigGroupCleanup(), SigInit(), SIGMATCH_INFO_DEPRECATED, SIGMATCH_QUOTES_OPTIONAL, sigmatch_table, SigMatchAlloc(), SigMatchAppendSMToList(), SigMatchSignatures(), SshState_::srv_hdr, SSH_FLAG_PROTOVERSION_2_COMPAT, SSH_FLAG_VERSION_PARSED, str, STREAM_TOCLIENT, STREAM_TOSERVER, StreamTcpFreeConfig(), StreamTcpInitConfig(), TRUE, SigMatch_::type, unlikely, SigTableElmt_::url, UTHBuildPacket(), UTHFreePackets(), UtRegisterTest(), and DetectSshVersionData_::ver.
Referenced by SigTableSetup().
1.8.11