Go to the documentation of this file.
51 #define KEYWORD_NAME "ssh.software"
52 #define KEYWORD_NAME_LEGACY "ssh_software"
53 #define KEYWORD_DOC "ssh-keywords.html#ssh-software"
54 #define BUFFER_NAME "ssh_software"
55 #define BUFFER_DESC "ssh software field"
56 static int g_buffer_id = 0;
60 const uint8_t flow_flags,
void *txv,
const int list_id)
67 const uint8_t *software = NULL;
70 if (rs_ssh_tx_get_software(txv, &software, &b_len, flow_flags) != 1)
72 if (software == NULL || b_len == 0) {
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
#define SIGMATCH_INFO_STICKY_BUFFER
uint8_t DetectEngineInspectBufferGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
void DetectAppLayerMpmRegister2(const char *name, int direction, int priority, int(*PrefilterRegister)(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id), InspectionBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress)
register a MPM engine
int DetectBufferSetActiveList(DetectEngineCtx *de_ctx, Signature *s, const int list)
main detection engine ctx
#define SIG_FLAG_TOCLIENT
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
InspectionBuffer * InspectionBufferGet(DetectEngineThreadCtx *det_ctx, const int list_id)
int DetectBufferTypeGetByName(const char *name)
#define SIG_FLAG_TOSERVER
int PrefilterGenericMpmRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
void DetectAppLayerInspectEngineRegister2(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr2 Callback2, InspectionBufferGetDataPtr GetData)
register inspect engine at start up time
Data structures and function prototypes for keeping state for the detection engine.
void DetectSshSoftwareRegister(void)
void InspectionBufferApplyTransforms(InspectionBuffer *buffer, const DetectEngineTransforms *transforms)
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
#define KEYWORD_NAME_LEGACY
void InspectionBufferSetup(DetectEngineThreadCtx *det_ctx, const int list_id, InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len)
setup the buffer with our initial data
void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc)