Go to the documentation of this file.
69 #define PARSE_REGEX "^([A-z0-9\\s\\-\\.=,\\*@]+|\"[A-z0-9\\s\\-\\.=,\\*@]+\")\\s*$"
70 #define PARSE_REGEX_FINGERPRINT "^([A-z0-9\\:\\*]+|\"[A-z0-9\\:\\* ]+\")\\s*$"
77 Flow *, uint8_t,
void *,
void *,
83 Flow *, uint8_t,
void *,
void *,
95 static int g_tls_cert_list_id = 0;
96 static int g_tls_cert_fingerprint_list_id = 0;
163 Flow *f, uint8_t
flags,
void *state,
void *txv,
170 if (ssl_state == NULL) {
178 if (
flags & STREAM_TOSERVER) {
185 SCLogDebug(
"TLS: Subject is [%s], looking for [%s]\n",
220 int ret = 0, res = 0;
236 res = pcre2_substring_get_bynumber(
237 subject_parse_regex.
match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
239 SCLogError(
"pcre2_substring_get_bynumber failed");
254 pcre2_substring_free((PCRE2_UCHAR *)str_ptr);
259 if (tmp_str[0] ==
'"') {
260 tmp_str[strlen(tmp_str) - 1] =
'\0';
279 DetectTlsSubjectFree(
de_ctx, tls);
314 sm->
ctx = (
void *)tls;
321 DetectTlsSubjectFree(
de_ctx, tls);
355 Flow *f, uint8_t
flags,
void *state,
void *txv,
362 if (ssl_state == NULL) {
370 if (
flags & STREAM_TOSERVER) {
377 SCLogDebug(
"TLS: IssuerDN is [%s], looking for [%s]\n",
412 int ret = 0, res = 0;
428 res = pcre2_substring_get_bynumber(
429 issuerdn_parse_regex.
match, 1, (PCRE2_UCHAR8 **)&str_ptr, &pcre2_len);
431 SCLogError(
"pcre2_substring_get_bynumber failed");
446 pcre2_substring_free((PCRE2_UCHAR *)str_ptr);
451 if (tmp_str[0] ==
'"')
453 tmp_str[strlen(tmp_str) - 1] =
'\0';
472 DetectTlsIssuerDNFree(
de_ctx, tls);
507 sm->
ctx = (
void *)tls;
514 DetectTlsIssuerDNFree(
de_ctx, tls);
620 if (ssl_state == NULL) {
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
SSLv[2.0|3.[0|1|2|3]] state structure.
#define PARSE_REGEX
Regex for parsing "id" option, matching number or "number".
int DetectParsePcreExec(DetectParseRegex *parse_regex, const char *str, int start_offset, int options)
void(* Free)(DetectEngineCtx *, void *)
SSLStateConnp client_connp
SSLStateConnp server_connp
main detection engine ctx
int(* AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)
#define SIG_FLAG_TOCLIENT
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
@ DETECT_AL_TLS_CERT_SUBJECT
#define SIGMATCH_QUOTES_MANDATORY
@ DETECT_SM_LIST_POSTMATCH
#define PARSE_REGEX_FINGERPRINT
#define SIG_FLAG_TOSERVER
int DetectContentSetup(DetectEngineCtx *de_ctx, Signature *s, const char *contentstr)
Function to setup a content pattern.
@ DETECT_AL_TLS_CERT_ISSUER
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *detect_parse)
#define DETECT_CONTENT_NEGATED
int DetectEngineContentModifierBufferSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg, int sm_type, int sm_list, AppProto alproto)
void DetectAppLayerInspectEngineRegister2(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr2 Callback2, InspectionBufferGetDataPtr GetData)
register inspect engine at start up time
#define SIGMATCH_HANDLE_NEGATION
SignatureInitData * init_data
Data structures and function prototypes for keeping state for the detection engine.
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
SigMatch * SigMatchAlloc(void)
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
@ DETECT_AL_TLS_CERT_FINGERPRINT
void DetectTlsRegister(void)
Registration function for keyword: tls.version.
int DetectBufferTypeRegister(const char *name)
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
uint8_t DetectEngineInspectGenericList(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
#define SCLogError(...)
Macro used to log ERROR messages.
a single match condition for a signature
@ DETECT_AL_TLS_FINGERPRINT
#define SIG_FLAG_TLSSTORE
void SigMatchAppendSMToList(Signature *s, SigMatch *new, int list)
Append a SigMatch to the list type.