suricata
detect-ssl-version.c File Reference
#include "suricata-common.h"
#include "threads.h"
#include "debug.h"
#include "decode.h"
#include "detect.h"
#include "detect-parse.h"
#include "detect-engine.h"
#include "detect-engine-mpm.h"
#include "detect-engine-state.h"
#include "flow.h"
#include "flow-var.h"
#include "flow-util.h"
#include "util-debug.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "app-layer.h"
#include "app-layer-parser.h"
#include "detect-ssl-version.h"
#include "stream-tcp.h"
#include "app-layer-ssl.h"
#include "stream-tcp-reassemble.h"
Include dependency graph for detect-ssl-version.c:

Go to the source code of this file.

Macros

#define PARSE_REGEX
 Regex for parsing "id" option, matching number or "number". More...
 
#define MAX_SUBSTRINGS   30
 

Functions

void DetectSslVersionRegister (void)
 Registration function for keyword: ssl_version. More...
 

Detailed Description

Author
Gurvinder Singh gurvi.nosp@m.nder.nosp@m.singh.nosp@m.dahi.nosp@m.ya@gm.nosp@m.ail..nosp@m.com

Implements the ssl_version keyword

Definition in file detect-ssl-version.c.

Macro Definition Documentation

#define MAX_SUBSTRINGS   30
#define PARSE_REGEX
Value:
"^\\s*(!?[A-z0-9.]+)\\s*,?\\s*(!?[A-z0-9.]+)?\\s*\\,?\\s*" \
"(!?[A-z0-9.]+)?\\s*,?\\s*(!?[A-z0-9.]+)?\\s*,?\\s*(!?[A-z0-9.]+)?\\s*$"

Regex for parsing "id" option, matching number or "number".

Definition at line 57 of file detect-ssl-version.c.

Referenced by DetectSslVersionRegister().

Function Documentation

void DetectSslVersionRegister ( void  )

Registration function for keyword: ssl_version.

Definition at line 74 of file detect-ssl-version.c.

References Flow_::alproto, ALPROTO_TLS, Flow_::alstate, AppLayerParserParse(), AppLayerParserThreadCtxAlloc(), AppLayerParserThreadCtxFree(), SigTableElmt_::AppLayerTxMatch, SSLState_::client_connp, SSLStateConnp_::content_type, SigMatch_::ctx, DetectSslVersionData_::data, DE_QUIET, DETECT_AL_SSL_VERSION, DETECT_SSL_VERSION_NEGATED, DetectBufferTypeRegister(), DetectEngineCtxFree(), DetectEngineCtxInit(), DetectEngineThreadCtxDeinit(), DetectEngineThreadCtxInit(), DetectSetupParseRegexes(), DetectSignatureSetAppProto(), FAIL_IF, FAIL_IF_NOT, FAIL_IF_NOT_NULL, FAIL_IF_NULL, flags, SSLVersionData_::flags, Packet_::flags, DetectEngineCtx_::flags, Packet_::flow, FLOW_DESTROY, FLOW_INITIALIZE, FLOW_PKT_ESTABLISHED, FLOW_PKT_TOSERVER, Packet_::flowflags, FLOWLOCK_UNLOCK, FLOWLOCK_WRLOCK, SigTableElmt_::Free, m, MAX_SUBSTRINGS, SigTableElmt_::name, PacketAlertCheck(), PARSE_REGEX, PASS, PKT_HAS_FLOW, PKT_STREAM_EST, Flow_::proto, Flow_::protoctx, SigTableElmt_::RegisterTests, res, SC_ERR_INVALID_VALUE, SC_ERR_PCRE_GET_SUBSTRING, SC_ERR_PCRE_MATCH, SCCalloc, SCEnter, SCFree, SCLogDebug, SCLogError, SCReturnInt, SCStrdup, SSLState_::server_connp, SigTableElmt_::Setup, DetectEngineCtx_::sig_list, SigGroupBuild(), SigInit(), sigmatch_table, SigMatchAlloc(), SigMatchAppendSMToList(), SigMatchSignatures(), SSL_VERSION_2, SSL_VERSION_3, SSLv2, SSLv3, str, STREAM_TOCLIENT, STREAM_TOSERVER, StreamTcpFreeConfig(), StreamTcpInitConfig(), TLS10, TLS11, TLS12, TLS13, TLS_UNKNOWN, TLS_VERSION_10, TLS_VERSION_11, TLS_VERSION_12, TLS_VERSION_13, TLS_VERSION_13_DRAFT16, TLS_VERSION_13_DRAFT17, TLS_VERSION_13_DRAFT18, TLS_VERSION_13_DRAFT19, TLS_VERSION_13_DRAFT20, TLS_VERSION_13_DRAFT21, TLS_VERSION_13_DRAFT22, TLS_VERSION_13_DRAFT23, TLS_VERSION_13_DRAFT24, TLS_VERSION_13_DRAFT25, TLS_VERSION_13_DRAFT26, TLS_VERSION_13_DRAFT27, TLS_VERSION_13_DRAFT28, TLS_VERSION_13_PRE_DRAFT16, TRUE, SigMatch_::type, unlikely, UTHBuildPacket(), UTHFreePackets(), UtRegisterTest(), SSLVersionData_::ver, and SSLStateConnp_::version.

Referenced by SigTableSetup().

Here is the call graph for this function:

Here is the caller graph for this function: