suricata
detect-stream_size.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2020 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Gurvinder Singh <gurvindersinghdahiya@gmail.com>
22  *
23  * Stream size for the engine.
24  */
25 
26 #include "suricata-common.h"
27 #include "stream-tcp.h"
28 #include "util-unittest.h"
29 
30 #include "detect.h"
31 #include "detect-parse.h"
32 
33 #include "flow.h"
34 #include "detect-stream_size.h"
35 #include "stream-tcp-private.h"
36 #include "util-debug.h"
37 
38 /**
39  * \brief Regex for parsing our flow options
40  */
41 #define PARSE_REGEX "^\\s*([A-z_]+)\\s*,\\s*([<=>!]+)\\s*,\\s*([0-9]+)\\s*$"
42 
43 static DetectParseRegex parse_regex;
44 
45 /*prototypes*/
46 static int DetectStreamSizeMatch (DetectEngineThreadCtx *, Packet *,
47  const Signature *, const SigMatchCtx *);
48 static int DetectStreamSizeSetup (DetectEngineCtx *, Signature *, const char *);
51 
52 /**
53  * \brief Registration function for stream_size: keyword
54  */
55 
57 {
58  sigmatch_table[DETECT_STREAM_SIZE].name = "stream_size";
59  sigmatch_table[DETECT_STREAM_SIZE].desc = "match on amount of bytes of a stream";
60  sigmatch_table[DETECT_STREAM_SIZE].url = "/rules/flow-keywords.html#stream-size";
61  sigmatch_table[DETECT_STREAM_SIZE].Match = DetectStreamSizeMatch;
62  sigmatch_table[DETECT_STREAM_SIZE].Setup = DetectStreamSizeSetup;
65 
66  DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
67 }
68 
69 /**
70  * \brief Function to comapre the stream size against defined size in the user
71  * options.
72  *
73  * \param diff The stream size of server or client stream.
74  * \param stream_size User defined stream size
75  * \param mode The mode defined by user.
76  *
77  * \retval 1 on success and 0 on failure.
78  */
79 
80 static int DetectStreamSizeCompare (uint32_t diff, uint32_t stream_size, uint8_t mode)
81 {
82  SCLogDebug("diff %u stream_size %u mode %u", diff, stream_size, mode);
83 
84  int ret = 0;
85  switch (mode) {
86  case DETECTSSIZE_LT:
87  if (diff < stream_size)
88  ret = 1;
89  break;
90  case DETECTSSIZE_LEQ:
91  if (diff <= stream_size)
92  ret = 1;
93  break;
94  case DETECTSSIZE_EQ:
95  if (diff == stream_size)
96  ret = 1;
97  break;
98  case DETECTSSIZE_NEQ:
99  if (diff != stream_size)
100  ret = 1;
101  break;
102  case DETECTSSIZE_GEQ:
103  if (diff >= stream_size)
104  ret = 1;
105  break;
106  case DETECTSSIZE_GT:
107  if (diff > stream_size)
108  ret = 1;
109  break;
110  }
111 
112  SCReturnInt(ret);
113 }
114 
115 /**
116  * \brief This function is used to match Stream size rule option on a packet with those passed via stream_size:
117  *
118  * \param t pointer to thread vars
119  * \param det_ctx pointer to the pattern matcher thread
120  * \param p pointer to the current packet
121  * \param m pointer to the sigmatch that we will cast into DetectStreamSizeData
122  *
123  * \retval 0 no match
124  * \retval 1 match
125  */
126 static int DetectStreamSizeMatch (DetectEngineThreadCtx *det_ctx, Packet *p,
127  const Signature *s, const SigMatchCtx *ctx)
128 {
129 
130  const DetectStreamSizeData *sd = (const DetectStreamSizeData *)ctx;
131 
132  if (!(PKT_IS_TCP(p)))
133  return 0;
134  if (p->flow == NULL || p->flow->protoctx == NULL)
135  return 0;
136 
137  const TcpSession *ssn = (TcpSession *)p->flow->protoctx;
138  int ret = 0;
139  uint32_t csdiff = 0;
140  uint32_t ssdiff = 0;
141 
142  if (sd->flags & STREAM_SIZE_SERVER) {
143  /* get the server stream size */
144  ssdiff = ssn->server.next_seq - ssn->server.isn;
145  ret = DetectStreamSizeCompare(ssdiff, sd->ssize, sd->mode);
146 
147  } else if (sd->flags & STREAM_SIZE_CLIENT) {
148  /* get the client stream size */
149  csdiff = ssn->client.next_seq - ssn->client.isn;
150  ret = DetectStreamSizeCompare(csdiff, sd->ssize, sd->mode);
151 
152  } else if (sd->flags & STREAM_SIZE_BOTH) {
153  ssdiff = ssn->server.next_seq - ssn->server.isn;
154  csdiff = ssn->client.next_seq - ssn->client.isn;
155 
156  if (DetectStreamSizeCompare(ssdiff, sd->ssize, sd->mode) &&
157  DetectStreamSizeCompare(csdiff, sd->ssize, sd->mode))
158  ret = 1;
159 
160  } else if (sd->flags & STREAM_SIZE_EITHER) {
161  ssdiff = ssn->server.next_seq - ssn->server.isn;
162  csdiff = ssn->client.next_seq - ssn->client.isn;
163 
164  if (DetectStreamSizeCompare(ssdiff, sd->ssize, sd->mode) ||
165  DetectStreamSizeCompare(csdiff, sd->ssize, sd->mode))
166  ret = 1;
167  }
168 
169  SCReturnInt(ret);
170 }
171 
172 /**
173  * \brief This function is used to parse stream options passed via stream_size: keyword
174  *
175  * \param de_ctx Pointer to the detection engine context
176  * \param streamstr Pointer to the user provided stream_size options
177  *
178  * \retval sd pointer to DetectStreamSizeData on success
179  * \retval NULL on failure
180  */
181 static DetectStreamSizeData *DetectStreamSizeParse (DetectEngineCtx *de_ctx, const char *streamstr)
182 {
183 
184  DetectStreamSizeData *sd = NULL;
185  char *arg = NULL;
186  char *value = NULL;
187  char *mode = NULL;
188  int ret = 0, res = 0;
189  int ov[MAX_SUBSTRINGS];
190 
191  ret = DetectParsePcreExec(&parse_regex, streamstr, 0, 0, ov, MAX_SUBSTRINGS);
192  if (ret != 4) {
193  SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, streamstr);
194  goto error;
195  }
196 
197  const char *str_ptr;
198 
199  res = pcre_get_substring((char *)streamstr, ov, MAX_SUBSTRINGS, 1, &str_ptr);
200  if (res < 0) {
201  SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
202  goto error;
203  }
204  arg = (char *)str_ptr;
205 
206  res = pcre_get_substring((char *)streamstr, ov, MAX_SUBSTRINGS, 2, &str_ptr);
207  if (res < 0) {
208  SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
209  goto error;
210  }
211  mode = (char *)str_ptr;
212 
213  res = pcre_get_substring((char *)streamstr, ov, MAX_SUBSTRINGS, 3, &str_ptr);
214  if (res < 0) {
215  SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
216  goto error;
217  }
218  value = (char *)str_ptr;
219 
220  sd = SCMalloc(sizeof(DetectStreamSizeData));
221  if (unlikely(sd == NULL))
222  goto error;
223  sd->ssize = 0;
224  sd->flags = 0;
225 
226  if (strlen(mode) == 0)
227  goto error;
228 
229  if (mode[0] == '=') {
230  sd->mode = DETECTSSIZE_EQ;
231  } else if (mode[0] == '<') {
232  sd->mode = DETECTSSIZE_LT;
233  if (strcmp("<=", mode) == 0)
234  sd->mode = DETECTSSIZE_LEQ;
235  } else if (mode[0] == '>') {
236  sd->mode = DETECTSSIZE_GT;
237  if (strcmp(">=", mode) == 0)
238  sd->mode = DETECTSSIZE_GEQ;
239  } else if (strcmp("!=", mode) == 0) {
240  sd->mode = DETECTSSIZE_NEQ;
241  } else {
242  SCLogError(SC_ERR_INVALID_OPERATOR, "Invalid operator");
243  goto error;
244  }
245 
246  /* set the value */
247  sd->ssize = (uint32_t)atoi(value);
248 
249  /* inspect our options and set the flags */
250  if (strcmp(arg, "server") == 0) {
251  sd->flags |= STREAM_SIZE_SERVER;
252  } else if (strcmp(arg, "client") == 0) {
253  sd->flags |= STREAM_SIZE_CLIENT;
254  } else if ((strcmp(arg, "both") == 0)) {
255  sd->flags |= STREAM_SIZE_BOTH;
256  } else if (strcmp(arg, "either") == 0) {
257  sd->flags |= STREAM_SIZE_EITHER;
258  } else {
259  goto error;
260  }
261 
262  SCFree(mode);
263  SCFree(arg);
264  SCFree(value);
265  return sd;
266 
267 error:
268  if (mode != NULL)
269  SCFree(mode);
270  if (arg != NULL)
271  SCFree(arg);
272  if (value != NULL)
273  SCFree(value);
274  if (sd != NULL)
276 
277  return NULL;
278 }
279 
280 /**
281  * \brief this function is used to add the parsed stream size data into the current signature
282  *
283  * \param de_ctx pointer to the Detection Engine Context
284  * \param s pointer to the Current Signature
285  * \param streamstr pointer to the user provided stream size options
286  *
287  * \retval 0 on Success
288  * \retval -1 on Failure
289  */
290 static int DetectStreamSizeSetup (DetectEngineCtx *de_ctx, Signature *s, const char *streamstr)
291 {
292 
293  DetectStreamSizeData *sd = NULL;
294  SigMatch *sm = NULL;
295 
296  sd = DetectStreamSizeParse(de_ctx, streamstr);
297  if (sd == NULL)
298  goto error;
299 
300  sm = SigMatchAlloc();
301  if (sm == NULL)
302  goto error;
303 
304  sm->type = DETECT_STREAM_SIZE;
305  sm->ctx = (SigMatchCtx *)sd;
306 
308 
309  return 0;
310 
311 error:
312  if (sd != NULL) DetectStreamSizeFree(de_ctx, sd);
313  if (sm != NULL) SCFree(sm);
314  return -1;
315 }
316 
317 /**
318  * \brief this function will free memory associated with DetectStreamSizeData
319  *
320  * \param ptr pointer to DetectStreamSizeData
321  */
323 {
325  SCFree(sd);
326 }
327 
328 #ifdef UNITTESTS
329 /**
330  * \test DetectStreamSizeParseTest01 is a test to make sure that we parse the
331  * user options correctly, when given valid stream_size options.
332  */
333 
334 static int DetectStreamSizeParseTest01 (void)
335 {
336  int result = 0;
337  DetectStreamSizeData *sd = NULL;
338  sd = DetectStreamSizeParse(NULL, "server,<,6");
339  if (sd != NULL) {
340  if (sd->flags & STREAM_SIZE_SERVER && sd->mode == DETECTSSIZE_LT && sd->ssize == 6)
341  result = 1;
342  DetectStreamSizeFree(NULL, sd);
343  }
344 
345  return result;
346 }
347 
348 /**
349  * \test DetectStreamSizeParseTest02 is a test to make sure that we detect the
350  * invalid stream_size options.
351  */
352 
353 static int DetectStreamSizeParseTest02 (void)
354 {
355  int result = 1;
356  DetectStreamSizeData *sd = NULL;
357  sd = DetectStreamSizeParse(NULL, "invalidoption,<,6");
358  if (sd != NULL) {
359  printf("expected: NULL got 0x%02X %" PRIu32 ": ",sd->flags, sd->ssize);
360  result = 0;
361  DetectStreamSizeFree(NULL, sd);
362  }
363 
364  return result;
365 }
366 
367 /**
368  * \test DetectStreamSizeParseTest03 is a test to make sure that we match the
369  * packet correctly provided valid stream size.
370  */
371 
372 static int DetectStreamSizeParseTest03 (void)
373 {
374 
375  int result = 0;
376  DetectStreamSizeData *sd = NULL;
377  TcpSession ssn;
378  ThreadVars tv;
380  Packet *p = PacketGetFromAlloc();
381  if (unlikely(p == NULL))
382  return 0;
383  Signature s;
384  SigMatch sm;
385  TcpStream client;
386  Flow f;
387  TCPHdr tcph;
388 
389  memset(&ssn, 0, sizeof(TcpSession));
390  memset(&tv, 0, sizeof(ThreadVars));
391  memset(&dtx, 0, sizeof(DetectEngineThreadCtx));
392  memset(&s, 0, sizeof(Signature));
393  memset(&sm, 0, sizeof(SigMatch));
394  memset(&client, 0, sizeof(TcpStream));
395  memset(&f, 0, sizeof(Flow));
396  memset(&tcph, 0, sizeof(TCPHdr));
397 
398  sd = DetectStreamSizeParse(NULL, "client,>,8");
399  if (sd != NULL) {
400  if (!(sd->flags & STREAM_SIZE_CLIENT)) {
401  printf("sd->flags not STREAM_SIZE_CLIENT: ");
402  DetectStreamSizeFree(NULL, sd);
403  SCFree(p);
404  return 0;
405  }
406 
407  if (sd->mode != DETECTSSIZE_GT) {
408  printf("sd->mode not DETECTSSIZE_GT: ");
409  DetectStreamSizeFree(NULL, sd);
410  SCFree(p);
411  return 0;
412  }
413 
414  if (sd->ssize != 8) {
415  printf("sd->ssize is %"PRIu32", not 8: ", sd->ssize);
416  DetectStreamSizeFree(NULL, sd);
417  SCFree(p);
418  return 0;
419  }
420  } else {
421  printf("sd == NULL: ");
422  SCFree(p);
423  return 0;
424  }
425 
426  client.next_seq = 20;
427  client.isn = 10;
428  ssn.client = client;
429  f.protoctx = &ssn;
430  p->flow = &f;
431  p->tcph = &tcph;
432  sm.ctx = (SigMatchCtx*)sd;
433 
434  result = DetectStreamSizeMatch(&dtx, p, &s, sm.ctx);
435  if (result == 0) {
436  printf("result 0 != 1: ");
437  }
438  DetectStreamSizeFree(NULL, sd);
439  SCFree(p);
440  return result;
441 }
442 
443 /**
444  * \test DetectStreamSizeParseTest04 is a test to make sure that we match the
445  * stream_size against invalid packet parameters.
446  */
447 
448 static int DetectStreamSizeParseTest04 (void)
449 {
450 
451  int result = 0;
452  DetectStreamSizeData *sd = NULL;
453  TcpSession ssn;
454  ThreadVars tv;
456  Packet *p = PacketGetFromAlloc();
457  if (unlikely(p == NULL))
458  return 0;
459  Signature s;
460  SigMatch sm;
461  TcpStream client;
462  Flow f;
463  IPV4Hdr ip4h;
464 
465  memset(&ssn, 0, sizeof(TcpSession));
466  memset(&tv, 0, sizeof(ThreadVars));
467  memset(&dtx, 0, sizeof(DetectEngineThreadCtx));
468  memset(&s, 0, sizeof(Signature));
469  memset(&sm, 0, sizeof(SigMatch));
470  memset(&client, 0, sizeof(TcpStream));
471  memset(&f, 0, sizeof(Flow));
472  memset(&ip4h, 0, sizeof(IPV4Hdr));
473 
474  sd = DetectStreamSizeParse(NULL, " client , > , 8 ");
475  if (sd != NULL) {
476  if (!(sd->flags & STREAM_SIZE_CLIENT) && sd->mode != DETECTSSIZE_GT && sd->ssize != 8) {
477  SCFree(p);
478  return 0;
479  }
480  } else
481  {
482  SCFree(p);
483  return 0;
484  }
485 
486  client.next_seq = 20;
487  client.isn = 12;
488  ssn.client = client;
489  f.protoctx = &ssn;
490  p->flow = &f;
491  p->ip4h = &ip4h;
492  sm.ctx = (SigMatchCtx*)sd;
493 
494  if (!DetectStreamSizeMatch(&dtx, p, &s, sm.ctx))
495  result = 1;
496 
497  SCFree(p);
498  return result;
499 }
500 #endif /* UNITTESTS */
501 
502 /**
503  * \brief this function registers unit tests for DetectStreamSize
504  */
506 {
507 #ifdef UNITTESTS
508  UtRegisterTest("DetectStreamSizeParseTest01", DetectStreamSizeParseTest01);
509  UtRegisterTest("DetectStreamSizeParseTest02", DetectStreamSizeParseTest02);
510  UtRegisterTest("DetectStreamSizeParseTest03", DetectStreamSizeParseTest03);
511  UtRegisterTest("DetectStreamSizeParseTest04", DetectStreamSizeParseTest04);
512 #endif /* UNITTESTS */
513 }
514 
SigTableElmt_::url
const char * url
Definition: detect.h:1212
TcpStream_
Definition: stream-tcp-private.h:94
TcpStream_::isn
uint32_t isn
Definition: stream-tcp-private.h:101
SigTableElmt_::desc
const char * desc
Definition: detect.h:1211
STREAM_SIZE_BOTH
#define STREAM_SIZE_BOTH
Definition: detect-stream_size.h:36
SigTableElmt_::Free
void(* Free)(DetectEngineCtx *, void *)
Definition: detect.h:1200
SigTableElmt_::name
const char * name
Definition: detect.h:1209
stream-tcp.h
DETECTSSIZE_GT
#define DETECTSSIZE_GT
Definition: detect-stream_size.h:31
MAX_SUBSTRINGS
#define MAX_SUBSTRINGS
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:298
Flow_
Flow data structure.
Definition: flow.h:343
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:766
DETECT_STREAM_SIZE
@ DETECT_STREAM_SIZE
Definition: detect-engine-register.h:95
STREAM_SIZE_SERVER
#define STREAM_SIZE_SERVER
Definition: detect-stream_size.h:34
SC_ERR_PCRE_GET_SUBSTRING
@ SC_ERR_PCRE_GET_SUBSTRING
Definition: util-error.h:34
Flow_::protoctx
void * protoctx
Definition: flow.h:416
SigTableElmt_::Setup
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Definition: detect.h:1195
util-unittest.h
detect-stream_size.h
PKT_IS_TCP
#define PKT_IS_TCP(p)
Definition: decode.h:256
DETECTSSIZE_EQ
#define DETECTSSIZE_EQ
Definition: detect-stream_size.h:29
DetectStreamSizeData_::mode
uint8_t mode
Definition: detect-stream_size.h:41
DETECTSSIZE_GEQ
#define DETECTSSIZE_GEQ
Definition: detect-stream_size.h:32
util-debug.h
SC_ERR_PCRE_MATCH
@ SC_ERR_PCRE_MATCH
Definition: util-error.h:32
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
DetectEngineThreadCtx_
Definition: detect.h:1009
res
PoolThreadReserved res
Definition: stream-tcp-private.h:0
STREAM_SIZE_EITHER
#define STREAM_SIZE_EITHER
Definition: detect-stream_size.h:37
DetectSetupParseRegexes
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *detect_parse)
Definition: detect-parse.c:2470
STREAM_SIZE_CLIENT
#define STREAM_SIZE_CLIENT
Definition: detect-stream_size.h:35
detect.h
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:58
DETECT_SM_LIST_MATCH
@ DETECT_SM_LIST_MATCH
Definition: detect.h:89
SigMatch_::ctx
SigMatchCtx * ctx
Definition: detect.h:322
DetectParsePcreExec
int DetectParsePcreExec(DetectParseRegex *parse_regex, const char *str, int start_offset, int options, int *ovector, int ovector_size)
Definition: detect-parse.c:2400
Packet_
Definition: decode.h:411
DetectStreamSizeData_::ssize
uint32_t ssize
Definition: detect-stream_size.h:42
stream-tcp-private.h
DetectStreamSizeFree
void DetectStreamSizeFree(DetectEngineCtx *de_ctx, void *)
this function will free memory associated with DetectStreamSizeData
Definition: detect-stream_size.c:322
Packet_::ip4h
IPV4Hdr * ip4h
Definition: decode.h:503
SigTableElmt_::Match
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
Definition: detect.h:1178
SigMatchAlloc
SigMatch * SigMatchAlloc(void)
Definition: detect-parse.c:235
DETECTSSIZE_NEQ
#define DETECTSSIZE_NEQ
Definition: detect-stream_size.h:30
SigMatch_::type
uint8_t type
Definition: detect.h:320
SigMatchCtx_
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
Definition: detect.h:314
IPV4Hdr_
Definition: decode-ipv4.h:71
Packet_::flow
struct Flow_ * flow
Definition: decode.h:448
DETECTSSIZE_LEQ
#define DETECTSSIZE_LEQ
Definition: detect-stream_size.h:28
SC_ERR_INVALID_OPERATOR
@ SC_ERR_INVALID_OPERATOR
Definition: util-error.h:162
suricata-common.h
Packet_::tcph
TCPHdr * tcph
Definition: decode.h:525
DetectStreamSizeData_
Definition: detect-stream_size.h:39
sigmatch_table
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
Definition: detect-parse.c:73
DetectParseRegex_
Definition: detect-parse.h:42
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:257
TcpSession_::client
TcpStream client
Definition: stream-tcp-private.h:272
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:29
TcpStream_::next_seq
uint32_t next_seq
Definition: stream-tcp-private.h:102
PacketGetFromAlloc
Packet * PacketGetFromAlloc(void)
Get a malloced packet.
Definition: decode.c:144
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
TcpSession_::server
TcpStream server
Definition: stream-tcp-private.h:271
SCFree
#define SCFree(p)
Definition: util-mem.h:61
DETECTSSIZE_LT
#define DETECTSSIZE_LT
Definition: detect-stream_size.h:27
DetectStreamSizeRegister
void DetectStreamSizeRegister(void)
Registration function for stream_size: keyword.
Definition: detect-stream_size.c:56
detect-parse.h
Signature_
Signature container.
Definition: detect.h:527
SigMatch_
a single match condition for a signature
Definition: detect.h:319
PARSE_REGEX
#define PARSE_REGEX
Regex for parsing our flow options.
Definition: detect-stream_size.c:41
TcpSession_
Definition: stream-tcp-private.h:260
flow.h
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:304
SigMatchAppendSMToList
void SigMatchAppendSMToList(Signature *s, SigMatch *new, int list)
Append a SigMatch to the list type.
Definition: detect-parse.c:349
DetectStreamSizeData_::flags
uint8_t flags
Definition: detect-stream_size.h:40
SigTableElmt_::RegisterTests
void(* RegisterTests)(void)
Definition: detect.h:1201
DetectStreamSizeRegisterTests
void DetectStreamSizeRegisterTests(void)
this function registers unit tests for DetectStreamSize
Definition: detect-stream_size.c:505