suricata
detect-tls-certs.c File Reference
#include "suricata-common.h"
#include "threads.h"
#include "debug.h"
#include "decode.h"
#include "detect.h"
#include "detect-parse.h"
#include "detect-engine.h"
#include "detect-engine-mpm.h"
#include "detect-engine-prefilter.h"
#include "detect-engine-content-inspection.h"
#include "detect-content.h"
#include "detect-pcre.h"
#include "detect-tls-certs.h"
#include "flow.h"
#include "flow-util.h"
#include "flow-var.h"
#include "util-debug.h"
#include "util-unittest.h"
#include "util-spm.h"
#include "util-print.h"
#include "stream-tcp.h"
#include "app-layer.h"
#include "app-layer-ssl.h"
#include "util-unittest-helper.h"
#include "tests/detect-tls-certs.c"
Include dependency graph for detect-tls-certs.c:

Go to the source code of this file.

Data Structures

struct  TlsCertsGetDataArgs
 
struct  PrefilterMpmTlsCerts
 

Typedefs

typedef struct PrefilterMpmTlsCerts PrefilterMpmTlsCerts
 

Functions

void DetectTlsCertsRegister (void)
 Registration function for keyword: tls.certs. More...
 

Detailed Description

Author
Mats Klepsland mats..nosp@m.klep.nosp@m.sland.nosp@m.@gma.nosp@m.il.co.nosp@m.m

Implements support for tls.certs keyword.

Definition in file detect-tls-certs.c.

Typedef Documentation

Function Documentation

void DetectTlsCertsRegister ( void  )

Registration function for keyword: tls.certs.

Definition at line 87 of file detect-tls-certs.c.

References ALPROTO_TLS, Flow_::alstate, DetectBufferMpmRegistery_::app_v2, DetectEngineThreadCtx_::buffer_offset, TlsCertsGetDataArgs::cert, SSLCertsChain_::cert_data, SSLCertsChain_::cert_len, SigTableElmt_::desc, DETECT_AL_TLS_CERTS, DETECT_CI_FLAGS_SINGLE, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, DETECT_ENGINE_INSPECT_SIG_MATCH, DETECT_ENGINE_INSPECT_SIG_NO_MATCH, DetectAppLayerInspectEngineRegister2(), DetectAppLayerMpmRegister2(), DetectBufferSetActiveList(), DetectBufferTypeGetByName(), DetectBufferTypeSetDescriptionByName(), DetectEngineContentInspection(), DetectSignatureSetAppProto(), DetectEngineThreadCtx_::discontinue_matching, DOC_URL, DOC_VERSION, flags, SigTableElmt_::flags, InspectionBuffer::inspect, InspectionBuffer::inspect_len, InspectionBuffer::inspect_offset, DetectEngineThreadCtx_::inspection_recursion_counter, InspectionBufferApplyTransforms(), InspectionBufferGetMulti(), InspectionBufferMultipleForListGet(), InspectionBufferSetup(), PrefilterMpmTlsCerts::list_id, TlsCertsGetDataArgs::local_id, MpmCtx_::minlen, DetectEngineAppInspectionEngine_::mpm, PrefilterMpmTlsCerts::mpm_ctx, mpm_table, MpmCtx_::mpm_type, DetectEngineThreadCtx_::mtcu, DetectBufferMpmRegistery_::name, SigTableElmt_::name, next, DetectEngineThreadCtx_::pmq, PrefilterAppendTxEngine(), SigTableElmt_::RegisterTests, SCCalloc, SCEnter, SCFree, SCReturnPtr, MpmTableElmt_::Search, SSLState_::server_connp, SigTableElmt_::Setup, SIG_FLAG_TOCLIENT, SIGMATCH_INFO_STICKY_BUFFER, SIGMATCH_NOOPT, sigmatch_table, DetectEngineAppInspectionEngine_::sm_list, DetectEngineAppInspectionEngine_::smd, str, TAILQ_EMPTY, TAILQ_FIRST, TAILQ_NEXT, TLS_STATE_CERT_READY, PrefilterMpmTlsCerts::transforms, DetectEngineAppInspectionEngine_::transforms, DetectBufferMpmRegistery_::transforms, tx_id, SigTableElmt_::url, and DetectEngineAppInspectionEngine_::v2.

Referenced by SigTableSetup().

Here is the call graph for this function:

Here is the caller graph for this function: