suricata
detect-tls-cert-validity.c File Reference
#include "suricata-common.h"
#include "threads.h"
#include "debug.h"
#include "decode.h"
#include "detect.h"
#include "detect-parse.h"
#include "detect-engine.h"
#include "detect-engine-mpm.h"
#include "detect-content.h"
#include "detect-pcre.h"
#include "detect-tls-cert-validity.h"
#include "flow.h"
#include "flow-util.h"
#include "flow-var.h"
#include "stream-tcp.h"
#include "app-layer.h"
#include "app-layer-ssl.h"
#include "util-time.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
Include dependency graph for detect-tls-cert-validity.c:

Go to the source code of this file.

Macros

#define PARSE_REGEX   "^\\s*(<|>)?\\s*([ -:TW0-9]+)\\s*(?:(<>)\\s*([ -:TW0-9]+))?\\s*$"
 
#define MAX_SUBSTRINGS   30
 

Functions

void DetectTlsValidityRegister (void)
 Registration function for tls validity keywords. More...
 

Detailed Description

Author
Mats Klepsland mats..nosp@m.klep.nosp@m.sland.nosp@m.@gma.nosp@m.il.co.nosp@m.m

Implements tls certificate validity keywords

Definition in file detect-tls-cert-validity.c.

Macro Definition Documentation

#define MAX_SUBSTRINGS   30
#define PARSE_REGEX   "^\\s*(<|>)?\\s*([ -:TW0-9]+)\\s*(?:(<>)\\s*([ -:TW0-9]+))?\\s*$"

[tls_notbefore|tls_notafter]:[<|>]<date string>="">[<><date string>="">];

Definition at line 55 of file detect-tls-cert-validity.c.

Referenced by DetectTlsValidityRegister().

Function Documentation

void DetectTlsValidityRegister ( void  )

Registration function for tls validity keywords.

Definition at line 86 of file detect-tls-cert-validity.c.

References Flow_::alproto, ALPROTO_TLS, Flow_::alstate, AppLayerParserParse(), AppLayerParserThreadCtxAlloc(), AppLayerParserThreadCtxFree(), SigTableElmt_::AppLayerTxMatch, SSLStateConnp_::cert0_not_after, SSLStateConnp_::cert0_not_before, SSLState_::client_connp, SigMatch_::ctx, DE_QUIET, SigTableElmt_::desc, DETECT_AL_TLS_EXPIRED, DETECT_AL_TLS_NOTAFTER, DETECT_AL_TLS_NOTBEFORE, DETECT_AL_TLS_VALID, DETECT_TLS_TYPE_NOTAFTER, DETECT_TLS_TYPE_NOTBEFORE, DETECT_TLS_VALIDITY_EQ, DETECT_TLS_VALIDITY_EX, DETECT_TLS_VALIDITY_GT, DETECT_TLS_VALIDITY_LT, DETECT_TLS_VALIDITY_RA, DETECT_TLS_VALIDITY_VA, DetectAppLayerInspectEngineRegister(), DetectBufferTypeGetByName(), DetectEngineAppendSig(), DetectEngineCtxFree(), DetectEngineCtxInit(), DetectEngineInspectGenericList(), DetectEngineThreadCtxDeinit(), DetectEngineThreadCtxInit(), DetectSetupParseRegexes(), DetectSignatureSetAppProto(), DOC_URL, DOC_VERSION, DetectTlsValidityData_::epoch, DetectTlsValidityData_::epoch2, FAIL_IF, FAIL_IF_NOT, FAIL_IF_NOT_NULL, FAIL_IF_NULL, flags, Flow_::flags, Packet_::flags, DetectEngineCtx_::flags, SigTableElmt_::flags, Packet_::flow, FLOW_DESTROY, FLOW_INITIALIZE, FLOW_IPV4, FLOW_PKT_ESTABLISHED, FLOW_PKT_TOCLIENT, FLOW_PKT_TOSERVER, Packet_::flowflags, FlowGetProtoMapping(), SigTableElmt_::Free, Flow_::lastts, SigTableElmt_::Match, MAX_SUBSTRINGS, DetectTlsValidityData_::mode, SigTableElmt_::name, PacketAlertCheck(), PARSE_REGEX, PASS, Packet_::pcap_cnt, PKT_HAS_FLOW, PKT_STREAM_EST, Flow_::proto, Flow_::protomap, SigTableElmt_::RegisterTests, res, SC_ERR_INVALID_ARGUMENT, SC_ERR_PCRE_GET_SUBSTRING, SC_ERR_PCRE_MATCH, SCCalloc, SCEnter, SCFree, SCLogDebug, SCLogError, SCMalloc, SCMkTimeUtc(), SCReturnInt, SCStringPatternToTime(), SSLState_::server_connp, SigTableElmt_::Setup, SIG_FLAG_TOCLIENT, SigGroupBuild(), SIGMATCH_NOOPT, sigmatch_table, SigMatchAlloc(), SigMatchAppendSMToList(), SigMatchSignatures(), STREAM_TOCLIENT, STREAM_TOSERVER, StreamTcpFreeConfig(), StreamTcpInitConfig(), strlcpy(), TLS_STATE_CERT_READY, TRUE, tx_id, DetectTlsValidityData_::type, SigMatch_::type, type, unlikely, SigTableElmt_::url, UTHBuildPacketReal(), UTHFreePacket(), and UtRegisterTest().

Referenced by SigTableSetup().

Here is the call graph for this function:

Here is the caller graph for this function: