suricata
detect-ssl-state.c File Reference
#include "suricata-common.h"
#include "threads.h"
#include "debug.h"
#include "decode.h"
#include "detect.h"
#include "detect-parse.h"
#include "detect-engine.h"
#include "detect-engine-mpm.h"
#include "detect-engine-state.h"
#include "flow.h"
#include "flow-var.h"
#include "flow-util.h"
#include "util-debug.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "app-layer.h"
#include "app-layer-parser.h"
#include "detect-ssl-state.h"
#include "stream-tcp.h"
#include "app-layer-ssl.h"
Include dependency graph for detect-ssl-state.c:

Go to the source code of this file.

Macros

#define PARSE_REGEX1   "^(!?)([_a-zA-Z0-9]+)(.*)$"
 
#define PARSE_REGEX2   "^(?:\\s*[|,]\\s*(!?)([_a-zA-Z0-9]+))(.*)$"
 
#define MAX_SUBSTRINGS   30
 

Functions

void DetectSslStateRegister (void)
 Registers the keyword handlers for the "ssl_state" keyword. More...
 

Detailed Description

Author
Anoop Saldanha anoop.nosp@m.sald.nosp@m.anha@.nosp@m.gmai.nosp@m.l.com

Implements support for ssl_state keyword.

Definition in file detect-ssl-state.c.

Macro Definition Documentation

#define MAX_SUBSTRINGS   30

Referenced by DetectSslStateRegister().

#define PARSE_REGEX1   "^(!?)([_a-zA-Z0-9]+)(.*)$"

Definition at line 54 of file detect-ssl-state.c.

Referenced by DetectSslStateRegister().

#define PARSE_REGEX2   "^(?:\\s*[|,]\\s*(!?)([_a-zA-Z0-9]+))(.*)$"

Definition at line 58 of file detect-ssl-state.c.

Referenced by DetectSslStateRegister().

Function Documentation

void DetectSslStateRegister ( void  )

Registers the keyword handlers for the "ssl_state" keyword.

Definition at line 80 of file detect-ssl-state.c.

References Packet_::alerts, Flow_::alproto, ALPROTO_TLS, Flow_::alstate, AppLayerParserParse(), AppLayerParserThreadCtxAlloc(), AppLayerParserThreadCtxFree(), SigTableElmt_::AppLayerTxMatch, PacketAlerts_::cnt, SigMatch_::ctx, SSLState_::current_flags, DE_QUIET, DETECT_AL_SSL_STATE, DETECT_SSL_STATE_CLIENT_HELLO, DETECT_SSL_STATE_CLIENT_KEYX, DETECT_SSL_STATE_SERVER_HELLO, DETECT_SSL_STATE_SERVER_KEYX, DETECT_SSL_STATE_UNKNOWN, DetectAppLayerInspectEngineRegister(), DetectBufferTypeRegister(), DetectBufferTypeSetDescriptionByName(), DetectEngineAppendSig(), DetectEngineCtxFree(), DetectEngineCtxInit(), DetectEngineInspectGenericList(), DetectEngineThreadCtxDeinit(), DetectEngineThreadCtxInit(), DetectSetupParseRegexes(), DetectSignatureSetAppProto(), FAIL_IF, FAIL_IF_NOT, FAIL_IF_NOT_NULL, FAIL_IF_NULL, DetectSslStateData_::flags, flags, Packet_::flags, DetectEngineCtx_::flags, Packet_::flow, FLOW_DESTROY, FLOW_INITIALIZE, FLOW_PKT_ESTABLISHED, FLOW_PKT_TOCLIENT, FLOW_PKT_TOSERVER, Packet_::flowflags, FLOWLOCK_UNLOCK, FLOWLOCK_WRLOCK, SigTableElmt_::Free, m, DetectSslStateData_::mask, MAX_SUBSTRINGS, SigTableElmt_::name, PacketAlertCheck(), PARSE_REGEX1, PARSE_REGEX2, PASS, PKT_HAS_FLOW, PKT_STREAM_EST, Flow_::proto, Flow_::protoctx, SigTableElmt_::RegisterTests, res, SC_ERR_INVALID_SIGNATURE, SC_ERR_PCRE_GET_SUBSTRING, SCFree, SCLogDebug, SCLogError, SCMalloc, SigTableElmt_::Setup, SIG_FLAG_TOCLIENT, SIG_FLAG_TOSERVER, SigCleanSignatures(), SigGroupBuild(), SigGroupCleanup(), sigmatch_table, SigMatchAlloc(), SigMatchAppendSMToList(), SigMatchSignatures(), STREAM_START, STREAM_TOCLIENT, STREAM_TOSERVER, StreamTcpFreeConfig(), StreamTcpInitConfig(), TRUE, tx_id, SigMatch_::type, UTHBuildPacket(), UTHFreePackets(), and UtRegisterTest().

Referenced by SigTableSetup().

Here is the call graph for this function:

Here is the caller graph for this function: