Go to the documentation of this file.
55 #define PARSE_REGEX "^\\s*(<|>)?\\s*([ -:TW0-9]+)\\s*(?:(<>)\\s*([ -:TW0-9]+))?\\s*$"
59 uint8_t,
void *,
void *,
const Signature *,
62 static time_t DateStringToEpoch (
char *);
76 static int g_tls_validity_buffer_id = 0;
80 uint8_t
flags,
void *alstate,
void *txv, uint64_t tx_id);
139 uint8_t
flags,
void *alstate,
void *txv, uint64_t tx_id)
169 if (ssl_state == NULL) {
177 if (
flags & STREAM_TOSERVER)
184 time_t cert_epoch = 0;
200 cert_epoch >= dd->
epoch && cert_epoch <= dd->epoch2)
203 f->
lastts.tv_sec > cert_epoch)
206 f->
lastts.tv_sec <= cert_epoch)
221 static time_t StringIsEpoch (
char *
string)
223 if (strlen(
string) == 0)
230 if (isdigit(*sp++) == 0)
234 return strtol(
string, NULL, 10);
246 static time_t DateStringToEpoch (
char *
string)
250 const char *patterns[] = {
265 while (isspace(*
string))
268 size_t inlen, oldlen;
270 oldlen = inlen = strlen(
string);
273 while (inlen > 0 && isspace(
string[inlen - 1]))
278 if (inlen < oldlen) {
279 strlcpy(tmp,
string, inlen + 1);
283 time_t epoch = StringIsEpoch(
string);
308 int ret = 0,
res = 0;
311 char value1[20] =
"";
312 char value2[20] =
"";
316 if (ret < 3 || ret > 5) {
321 pcre2len =
sizeof(mode);
329 pcre2len =
sizeof(value1);
330 res = pcre2_substring_copy_bynumber(parse_regex.
match, 2, (PCRE2_UCHAR8 *)value1, &pcre2len);
338 pcre2len =
sizeof(range);
339 res = pcre2_substring_copy_bynumber(parse_regex.
match, 3, (PCRE2_UCHAR8 *)range, &pcre2len);
347 pcre2len =
sizeof(value2);
348 res = pcre2_substring_copy_bynumber(
349 parse_regex.
match, 4, (PCRE2_UCHAR8 *)value2, &pcre2len);
366 if (strlen(mode) > 0) {
369 else if (mode[0] ==
'>')
373 if (strlen(range) > 0) {
374 if (strcmp(
"<>", range) == 0)
378 if (strlen(range) != 0 && strlen(mode) != 0) {
380 "Range specified but mode also set");
389 dd->
epoch = DateStringToEpoch(value1);
394 if (strlen(value2) > 0) {
397 "Multiple tls validity values specified but mode is not range");
401 dd->
epoch2 = DateStringToEpoch(value2);
407 "Second value in range must not be smaller than the first");
458 sm->
ctx = (
void *)dd;
464 DetectTlsValidityFree(
de_ctx, dd);
509 sm->
ctx = (
void *)dd;
515 DetectTlsValidityFree(
de_ctx, dd);
535 int r = DetectTlsValiditySetup(
de_ctx, s, rawstr,
type);
554 int r = DetectTlsValiditySetup(
de_ctx, s, rawstr,
type);
571 const char *rawstr, uint8_t
type)
581 dd = DetectTlsValidityParse(rawstr);
605 sm->
ctx = (
void *)dd;
611 DetectTlsValidityFree(
de_ctx, dd);
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
SSLv[2.0|3.[0|1|2|3]] state structure.
#define DETECT_TLS_TYPE_NOTAFTER
int DetectParsePcreExec(DetectParseRegex *parse_regex, const char *str, int start_offset, int options)
void(* Free)(DetectEngineCtx *, void *)
int DetectEngineInspectGenericList(const DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Flow *f, const uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
SSLStateConnp client_connp
#define DETECT_TLS_VALIDITY_EQ
void TlsNotBeforeRegisterTests(void)
Register unit tests for tls_cert_notbefore.
SSLStateConnp server_connp
void TlsNotAfterRegisterTests(void)
Register unit tests for tls_cert_notafter.
main detection engine ctx
time_t SCMkTimeUtc(struct tm *tp)
Convert broken-down time to seconds since Unix epoch.
#define DETECT_TLS_VALIDITY_RA
int(* AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)
void DetectTlsValidityRegister(void)
Registration function for tls validity keywords.
@ SC_ERR_PCRE_GET_SUBSTRING
#define SIG_FLAG_TOCLIENT
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
int DetectBufferTypeGetByName(const char *name)
size_t strlcpy(char *dst, const char *src, size_t siz)
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *detect_parse)
@ SC_ERR_INVALID_ARGUMENT
void DetectAppLayerInspectEngineRegister2(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr2 Callback2, InspectionBufferGetDataPtr GetData)
register inspect engine at start up time
SigMatch * SigMatchAlloc(void)
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
#define DETECT_TLS_VALIDITY_LT
#define DETECT_TLS_VALIDITY_EX
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
#define DETECT_TLS_VALIDITY_GT
#define DETECT_TLS_VALIDITY_VA
void TlsValidRegisterTests(void)
Register unit tests for tls_cert_valid.
#define DETECT_TLS_TYPE_NOTBEFORE
a single match condition for a signature
int SC_Pcre2SubstringCopy(pcre2_match_data *match_data, uint32_t number, PCRE2_UCHAR *buffer, PCRE2_SIZE *bufflen)
@ DETECT_AL_TLS_NOTBEFORE
int SCStringPatternToTime(char *string, const char **patterns, int num_patterns, struct tm *tp)
Parse a date string based on specified patterns.
void SigMatchAppendSMToList(Signature *s, SigMatch *new, int list)
Append a SigMatch to the list type.
void TlsExpiredRegisterTests(void)
Register unit tests for tls_cert_expired.
void(* RegisterTests)(void)