suricata
detect-tls.c File Reference
#include "suricata-common.h"
#include "threads.h"
#include "debug.h"
#include "decode.h"
#include "detect.h"
#include "detect-parse.h"
#include "detect-engine.h"
#include "detect-engine-mpm.h"
#include "detect-engine-state.h"
#include "flow.h"
#include "flow-var.h"
#include "flow-util.h"
#include "util-debug.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "app-layer.h"
#include "app-layer-ssl.h"
#include "detect-tls.h"
#include "stream-tcp.h"
Include dependency graph for detect-tls.c:

Go to the source code of this file.

Macros

#define PARSE_REGEX   "^([A-z0-9\\s\\-\\.=,\\*@]+|\"[A-z0-9\\s\\-\\.=,\\*@]+\")\\s*$"
 Regex for parsing "id" option, matching number or "number". More...
 
#define PARSE_REGEX_FINGERPRINT   "^([A-z0-9\\:\\*]+|\"[A-z0-9\\:\\* ]+\")\\s*$"
 
#define MAX_SUBSTRINGS   30
 
#define MAX_SUBSTRINGS   30
 
#define MAX_SUBSTRINGS   30
 

Functions

void DetectTlsRegister (void)
 Registration function for keyword: tls.version. More...
 

Detailed Description

Author
Pierre Chifflier pierr.nosp@m.e.ch.nosp@m.iffli.nosp@m.er@s.nosp@m.si.go.nosp@m.uv.f.nosp@m.r

Implements the tls.* keywords

Definition in file detect-tls.c.

Macro Definition Documentation

#define MAX_SUBSTRINGS   30

Referenced by DetectTlsRegister().

#define MAX_SUBSTRINGS   30
#define MAX_SUBSTRINGS   30
#define PARSE_REGEX   "^([A-z0-9\\s\\-\\.=,\\*@]+|\"[A-z0-9\\s\\-\\.=,\\*@]+\")\\s*$"

Regex for parsing "id" option, matching number or "number".

Definition at line 67 of file detect-tls.c.

Referenced by DetectTlsRegister().

#define PARSE_REGEX_FINGERPRINT   "^([A-z0-9\\:\\*]+|\"[A-z0-9\\:\\* ]+\")\\s*$"

Definition at line 68 of file detect-tls.c.

Referenced by DetectTlsRegister().

Function Documentation

void DetectTlsRegister ( void  )

Registration function for keyword: tls.version.

Definition at line 116 of file detect-tls.c.

References SigTableElmt_::alias, ALPROTO_TLS, SigTableElmt_::AppLayerTxMatch, SSLStateConnp_::cert0_fingerprint, SSLStateConnp_::cert0_issuerdn, SSLStateConnp_::cert0_subject, SSLStateConnp_::cert_log_flag, SSLState_::client_connp, SigMatch_::ctx, SigTableElmt_::desc, DETECT_AL_TLS_FINGERPRINT, DETECT_AL_TLS_ISSUERDN, DETECT_AL_TLS_STORE, DETECT_AL_TLS_SUBJECT, DETECT_CONTENT_NEGATED, DETECT_SM_LIST_POSTMATCH, DetectAppLayerInspectEngineRegister(), DetectBufferTypeRegister(), DetectSetupParseRegexes(), DetectSignatureSetAppProto(), DOC_URL, DOC_VERSION, DetectTlsData_::fingerprint, DetectTlsData_::flags, flags, Signature_::flags, SigTableElmt_::flags, Packet_::flow, FlowGetAppState(), SigTableElmt_::Free, Signature_::init_data, DetectTlsData_::issuerdn, m, SigTableElmt_::Match, MAX_SUBSTRINGS, SigTableElmt_::name, SignatureInitData_::negated, PARSE_REGEX, PARSE_REGEX_FINGERPRINT, SigTableElmt_::RegisterTests, res, SC_ERR_MEM_ALLOC, SC_ERR_PCRE_GET_SUBSTRING, SC_ERR_PCRE_MATCH, SCEnter, SCFree, SCLogDebug, SCLogError, SCMalloc, SCReturnInt, SCStrdup, SSLState_::server_connp, SigTableElmt_::Setup, SIG_FLAG_TLSSTORE, SIG_FLAG_TOCLIENT, SIGMATCH_HANDLE_NEGATION, SIGMATCH_NOOPT, SIGMATCH_QUOTES_MANDATORY, sigmatch_table, SigMatchAlloc(), SigMatchAppendSMToList(), SSL_TLS_LOG_PEM, str, STREAM_TOSERVER, DetectTlsData_::subject, TLS_STATE_CERT_READY, SigMatch_::type, unlikely, and SigTableElmt_::url.

Referenced by SigTableSetup().

Here is the call graph for this function:

Here is the caller graph for this function: