Go to the documentation of this file.
60 static void DetectTlsCertsRegisterTests(
void);
64 void *alstate,
void *txv, uint64_t tx_id);
68 static int g_tls_certs_buffer_id = 0;
152 if (cbdata->
flags & STREAM_TOSERVER) {
163 if (cbdata->
cert == NULL) {
168 if (cbdata->
cert == NULL) {
180 void *alstate,
void *txv, uint64_t tx_id)
193 if (buffer == NULL || buffer->
inspect == NULL)
216 const int list_id = ctx->
list_id;
223 f, &cbdata, list_id);
237 static void PrefilterMpmTlsCertsFree(
void *ptr)
254 mpm_reg->
app_v2.alproto, mpm_reg->
app_v2.tx_min_progress,
255 pectx, PrefilterMpmTlsCertsFree, mpm_reg->
name);
258 static int g_tls_cert_buffer_id = 0;
259 #define BUFFER_NAME "tls_validity"
260 #define KEYWORD_ID DETECT_AL_TLS_CHAIN_LEN
261 #define KEYWORD_NAME "tls.cert_chain_len"
262 #define KEYWORD_DESC "match TLS certificate chain length"
263 #define KEYWORD_URL "/rules/tls-keywords.html#tls-cert-chain-len"
287 if (
flags & STREAM_TOCLIENT) {
312 rs_detect_u32_free(ptr);
339 rs_detect_u32_free(dd);
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
SSLv[2.0|3.[0|1|2|3]] state structure.
#define SIGMATCH_INFO_STICKY_BUFFER
int DetectU32Match(const uint32_t parg, const DetectUintData_u32 *du32)
void(* Free)(DetectEngineCtx *, void *)
Container for matching data for a signature group.
SSLStateConnp client_connp
DetectUintData_u32 * DetectU32Parse(const char *u32str)
This function is used to parse u32 options passed via some u32 keyword.
struct HtpBodyChunk_ * next
SSLStateConnp server_connp
int DetectBufferSetActiveList(DetectEngineCtx *de_ctx, Signature *s, const int list)
main detection engine ctx
#define TAILQ_EMPTY(head)
void DetectBufferTypeSupportsMultiInstance(const char *name)
#define TAILQ_FOREACH(var, head, field)
int(* AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)
one time registration of keywords at start up
struct DetectBufferMpmRegistry_::@88::@90 app_v2
#define SIG_FLAG_TOCLIENT
struct PrefilterMpmTlsCerts PrefilterMpmTlsCerts
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
DetectEngineTransforms transforms
int DetectBufferTypeGetByName(const char *name)
#define SIG_FLAG_TOSERVER
void InspectionBufferSetupMultiEmpty(InspectionBuffer *buffer)
setup the buffer empty
#define TAILQ_FIRST(head)
#define DETECT_ENGINE_INSPECT_SIG_MATCH
@ DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE
void DetectAppLayerMpmRegister(const char *name, int direction, int priority, PrefilterRegisterFunc PrefilterRegister, InspectionBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress)
register a MPM engine
#define SCReturnPtr(x, type)
void DetectTlsCertsRegister(void)
Registration function for keyword: tls.certs.
uint32_t(* Search)(const struct MpmCtx_ *, struct MpmThreadCtx_ *, PrefilterRuleStore *, const uint8_t *, uint32_t)
struct DetectEngineAppInspectionEngine_::@85 v2
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
struct AppLayerTxData AppLayerTxData
#define PREFILTER_PROFILING_ADD_BYTES(det_ctx, bytes)
#define DETECT_CI_FLAGS_SINGLE
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
DetectUintData_u32 DetectU32Data
#define TAILQ_NEXT(elm, field)
void InspectionBufferSetupMulti(InspectionBuffer *buffer, const DetectEngineTransforms *transforms, const uint8_t *data, const uint32_t data_len)
setup the buffer with our initial data
int PrefilterAppendTxEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh, PrefilterTxFn PrefilterTxFunc, AppProto alproto, int tx_min_progress, void *pectx, void(*FreeFunc)(void *pectx), const char *name)
uint8_t DetectEngineInspectGenericList(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
#define DETECT_ENGINE_INSPECT_SIG_NO_MATCH
#define SCLogError(...)
Macro used to log ERROR messages.
const DetectEngineTransforms * transforms
const DetectEngineTransforms * transforms
MpmTableElmt mpm_table[MPM_TABLE_SIZE]
void DetectTlsCertChainLenRegister(void)
InspectionBuffer * InspectionBufferMultipleForListGet(DetectEngineThreadCtx *det_ctx, const int list_id, const uint32_t local_id)
for a InspectionBufferMultipleForList get a InspectionBuffer
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr Callback, InspectionBufferGetDataPtr GetData)
register inspect engine at start up time
SigMatch * SigMatchAppendSMToList(DetectEngineCtx *de_ctx, Signature *s, uint16_t type, SigMatchCtx *ctx, const int list)
Append a SigMatch to the list type.
void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc)
bool DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Packet *p, Flow *f, const uint8_t *buffer, const uint32_t buffer_len, const uint32_t stream_start_offset, const uint8_t flags, const enum DetectContentInspectionType inspection_mode)
wrapper around DetectEngineContentInspectionInternal to return true/false only
void(* RegisterTests)(void)