Go to the documentation of this file.
45 static void DetectTemplateRustBufferRegisterTests(
void);
47 static int g_template_rust_id = 0;
65 uint32_t data_len = 0;
66 const uint8_t *data = NULL;
67 if (
flags & STREAM_TOSERVER) {
68 rs_template_get_request_buffer(txv, &data, &data_len);
70 rs_template_get_response_buffer(txv, &data, &data_len);
81 if (
ConfGetNode(
"app-layer.protocols.template-rust") == NULL) {
87 "Template content modifier to match on the template buffers";
102 SCLogNotice(
"Template application layer detect registered.");
113 static int DetectTemplateRustBufferTest(
void)
124 uint8_t request[] =
"12:Hello World!";
127 memset(&f, 0,
sizeof(
Flow));
134 f.
proto = IPPROTO_TCP;
146 "msg:\"TEMPLATE Test Rule\"; "
147 "template_rust_buffer; content:\"World!\"; "
153 "msg:\"TEMPLATE Test Rule\"; "
154 "template_rust_buffer; content:\"W0rld!\"; "
187 static void DetectTemplateRustBufferRegisterTests(
void)
190 DetectTemplateRustBufferTest);
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
SigTableElmt * sigmatch_table
uint8_t DetectEngineInspectBufferGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
main detection engine ctx
@ DETECT_AL_TEMPLATE_BUFFER
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx)
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
#define FLOW_PKT_TOSERVER
Packet * UTHBuildPacket(uint8_t *payload, uint16_t payload_len, uint8_t ipproto)
UTHBuildPacket is a wrapper that build packets with default ip and port fields.
void SigMatchSignatures(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
#define SIG_FLAG_TOCLIENT
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
InspectionBuffer * InspectionBufferGet(DetectEngineThreadCtx *det_ctx, const int list_id)
int DetectBufferTypeGetByName(const char *name)
void StreamTcpInitConfig(bool)
To initialize the stream global configuration data.
#define FLOW_INITIALIZE(f)
#define SIG_FLAG_TOSERVER
#define PASS
Pass the test.
AppLayerParserThreadCtx * alp_tctx
Per thread variable structure.
int SigGroupCleanup(DetectEngineCtx *de_ctx)
SignatureInitData * init_data
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
AppLayerParserThreadCtx * AppLayerParserThreadCtxAlloc(void)
Gets a new app layer protocol's parser thread context.
TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **)
initialize thread specific detection engine context
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
void StreamTcpFreeConfig(bool quiet)
int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto, uint8_t flags, const uint8_t *input, uint32_t input_len)
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *, void *)
void InspectionBufferApplyTransforms(InspectionBuffer *buffer, const DetectEngineTransforms *transforms)
void InspectionBufferSetup(DetectEngineThreadCtx *det_ctx, const int list_id, InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len)
setup the buffer with our initial data
void UTHFreePacket(Packet *p)
UTHFreePacket: function to release the allocated data from UTHBuildPacket and the packet itself.
#define FLOW_PKT_ESTABLISHED
DetectEngineCtx * DetectEngineCtxInit(void)
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr Callback, InspectionBufferGetDataPtr GetData)
Registers an app inspection engine.
void DetectTemplateRustBufferRegister(void)
#define SCLogNotice(...)
Macro used to log NOTICE messages.
AppProto alproto
application level protocol
void(* RegisterTests)(void)