suricata
util-rule-vars.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2010 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Anoop Saldanha <anoopsaldanha@gmail.com>
22  *
23  * Rule variable utility functions
24  */
25 
26 #include "suricata-common.h"
27 #include "conf.h"
28 #include "conf-yaml-loader.h"
29 
30 #include "detect.h"
31 #include "detect-content.h"
32 #include "detect-parse.h"
33 #include "detect-engine.h"
34 #include "detect-engine-mpm.h"
35 
36 #include "util-rule-vars.h"
37 #include "util-enum.h"
38 #include "util-debug.h"
39 #include "util-unittest.h"
40 
41 /** An enum-string map, that maps the different vars type in the yaml conf
42  * type with the mapping path in the yaml conf file */
44  { "vars.address-groups", SC_RULE_VARS_ADDRESS_GROUPS },
45  { "vars.port-groups", SC_RULE_VARS_PORT_GROUPS }
46 };
47 
48 /**
49  * \internal
50  * \brief Retrieves a value for a yaml mapping. The sequence from the yaml
51  * conf file, from which the conf value has to be retrieved can be
52  * specified by supplying a SCRuleVarsType enum. The string mapping
53  * for each of the SCRuleVarsType is present in sc_rule_vars_type_map.
54  *
55  * \param conf_var_name Pointer to a character string containing the conf var
56  * name, whose value has to be retrieved from the yaml
57  * conf file.
58  * \param conf_vars_type Holds an enum value that indicates the kind of yaml
59  * mapping that has to be retrieved. Can be one of the
60  * values in SCRuleVarsType.
61  *
62  * \retval conf_var_name_value Pointer to the string containing the conf value
63  * on success; NULL on failure.
64  */
65 const char *SCRuleVarsGetConfVar(const DetectEngineCtx *de_ctx,
66  const char *conf_var_name,
67  SCRuleVarsType conf_vars_type)
68 {
69  SCEnter();
70 
71  const char *conf_var_type_name = NULL;
72  char conf_var_full_name[2048];
73  const char *conf_var_full_name_value = NULL;
74 
75  if (conf_var_name == NULL)
76  goto end;
77 
78  while (conf_var_name[0] != '\0' && isspace((unsigned char)conf_var_name[0])) {
79  conf_var_name++;
80  }
81 
82  (conf_var_name[0] == '$') ? conf_var_name++ : conf_var_name;
83  conf_var_type_name = SCMapEnumValueToName(conf_vars_type,
84  sc_rule_vars_type_map);
85  if (conf_var_type_name == NULL)
86  goto end;
87 
88  if (de_ctx != NULL && strlen(de_ctx->config_prefix) > 0) {
89  if (snprintf(conf_var_full_name, sizeof(conf_var_full_name), "%s.%s.%s",
90  de_ctx->config_prefix, conf_var_type_name, conf_var_name) < 0) {
91  goto end;
92  }
93  } else {
94  if (snprintf(conf_var_full_name, sizeof(conf_var_full_name), "%s.%s",
95  conf_var_type_name, conf_var_name) < 0) {
96  goto end;
97  }
98  }
99 
100  if (ConfGet(conf_var_full_name, &conf_var_full_name_value) != 1) {
101  SCLogError(SC_ERR_UNDEFINED_VAR, "Variable \"%s\" is not defined in "
102  "configuration file", conf_var_name);
103  goto end;
104  }
105 
106  SCLogDebug("Value obtained from the yaml conf file, for the var "
107  "\"%s\" is \"%s\"", conf_var_name, conf_var_full_name_value);
108 
109  end:
110  SCReturnCharPtr(conf_var_full_name_value);
111 }
112 
113 
114 /**********************************Unittests***********************************/
115 #ifdef UNITTESTS
116 
117 static const char *dummy_conf_string =
118  "%YAML 1.1\n"
119  "---\n"
120  "\n"
121  "default-log-dir: /var/log/suricata\n"
122  "\n"
123  "logging:\n"
124  "\n"
125  " default-log-level: debug\n"
126  "\n"
127  " default-format: \"<%t> - <%l>\"\n"
128  "\n"
129  " default-startup-message: Your IDS has started.\n"
130  "\n"
131  " default-output-filter:\n"
132  "\n"
133  " output:\n"
134  "\n"
135  " - interface: console\n"
136  " log-level: info\n"
137  "\n"
138  " - interface: file\n"
139  " filename: /var/log/suricata.log\n"
140  "\n"
141  " - interface: syslog\n"
142  " facility: local5\n"
143  " format: \"%l\"\n"
144  "\n"
145  "pfring:\n"
146  "\n"
147  " interface: eth0\n"
148  "\n"
149  " clusterid: 99\n"
150  "\n"
151  "vars:\n"
152  "\n"
153  " address-groups:\n"
154  "\n"
155  " HOME_NET: \"[192.168.0.0/16,10.8.0.0/16,127.0.0.1,2001:888:"
156  "13c5:5AFE::/64,2001:888:13c5:CAFE::/64]\"\n"
157  "\n"
158  " EXTERNAL_NET: \"[!192.168.0.0/16,2000::/3]\"\n"
159  "\n"
160  " HTTP_SERVERS: \"!192.168.0.0/16\"\n"
161  "\n"
162  " SMTP_SERVERS: \"!192.168.0.0/16\"\n"
163  "\n"
164  " SQL_SERVERS: \"!192.168.0.0/16\"\n"
165  "\n"
166  " DNS_SERVERS: any\n"
167  "\n"
168  " TELNET_SERVERS: any\n"
169  "\n"
170  " AIM_SERVERS: any\n"
171  "\n"
172  " port-groups:\n"
173  "\n"
174  " HTTP_PORTS: \"80:81,88\"\n"
175  "\n"
176  " SHELLCODE_PORTS: 80\n"
177  "\n"
178  " ORACLE_PORTS: 1521\n"
179  "\n"
180  " SSH_PORTS: 22\n"
181  "\n";
182 
183 /**
184  * \test Check that valid address and port group vars are correctly retrieved
185  * from the configuration.
186  */
187 static int SCRuleVarsPositiveTest01(void)
188 {
189  int result = 1;
190 
192  ConfInit();
193  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
194 
195  /* check for address-groups */
196  result &= (SCRuleVarsGetConfVar(NULL,"$HOME_NET", SC_RULE_VARS_ADDRESS_GROUPS) != NULL &&
197  strcmp(SCRuleVarsGetConfVar(NULL,"$HOME_NET", SC_RULE_VARS_ADDRESS_GROUPS),
198  "[192.168.0.0/16,10.8.0.0/16,127.0.0.1,2001:888:13c5:"
199  "5AFE::/64,2001:888:13c5:CAFE::/64]") == 0);
200  result &= (SCRuleVarsGetConfVar(NULL,"$EXTERNAL_NET", SC_RULE_VARS_ADDRESS_GROUPS) != NULL &&
201  strcmp(SCRuleVarsGetConfVar(NULL,"$EXTERNAL_NET", SC_RULE_VARS_ADDRESS_GROUPS),
202  "[!192.168.0.0/16,2000::/3]") == 0);
203  result &= (SCRuleVarsGetConfVar(NULL,"$HTTP_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS) != NULL &&
204  strcmp(SCRuleVarsGetConfVar(NULL,"$HTTP_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS),
205  "!192.168.0.0/16") == 0);
206  result &= (SCRuleVarsGetConfVar(NULL,"$SMTP_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS) != NULL &&
207  strcmp(SCRuleVarsGetConfVar(NULL,"$SMTP_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS),
208  "!192.168.0.0/16") == 0);
209  result &= (SCRuleVarsGetConfVar(NULL,"$SQL_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS) != NULL &&
210  strcmp(SCRuleVarsGetConfVar(NULL,"$SQL_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS),
211  "!192.168.0.0/16") == 0);
212  result &= (SCRuleVarsGetConfVar(NULL,"$DNS_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS) != NULL &&
213  strcmp(SCRuleVarsGetConfVar(NULL,"$DNS_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS),
214  "any") == 0);
215  result &= (SCRuleVarsGetConfVar(NULL,"$TELNET_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS) != NULL &&
216  strcmp(SCRuleVarsGetConfVar(NULL,"$TELNET_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS),
217  "any") == 0);
218  result &= (SCRuleVarsGetConfVar(NULL,"$AIM_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS) != NULL &&
219  strcmp(SCRuleVarsGetConfVar(NULL,"$AIM_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS),
220  "any") == 0);
221 
222  /* Test that a leading space is stripped. */
223  result &= (SCRuleVarsGetConfVar(NULL," $AIM_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS) != NULL &&
224  strcmp(SCRuleVarsGetConfVar(NULL," $AIM_SERVERS", SC_RULE_VARS_ADDRESS_GROUPS),
225  "any") == 0);
226 
227  /* check for port-groups */
228  result &= (SCRuleVarsGetConfVar(NULL,"$HTTP_PORTS", SC_RULE_VARS_PORT_GROUPS) != NULL &&
229  strcmp(SCRuleVarsGetConfVar(NULL,"$HTTP_PORTS", SC_RULE_VARS_PORT_GROUPS),
230  "80:81,88") == 0);
231  result &= (SCRuleVarsGetConfVar(NULL,"$SHELLCODE_PORTS", SC_RULE_VARS_PORT_GROUPS) != NULL &&
232  strcmp(SCRuleVarsGetConfVar(NULL,"$SHELLCODE_PORTS", SC_RULE_VARS_PORT_GROUPS),
233  "80") == 0);
234  result &= (SCRuleVarsGetConfVar(NULL,"$ORACLE_PORTS", SC_RULE_VARS_PORT_GROUPS) != NULL &&
235  strcmp(SCRuleVarsGetConfVar(NULL,"$ORACLE_PORTS", SC_RULE_VARS_PORT_GROUPS),
236  "1521") == 0);
237  result &= (SCRuleVarsGetConfVar(NULL,"$SSH_PORTS", SC_RULE_VARS_PORT_GROUPS) != NULL &&
238  strcmp(SCRuleVarsGetConfVar(NULL,"$SSH_PORTS", SC_RULE_VARS_PORT_GROUPS),
239  "22") == 0);
240 
241  ConfDeInit();
243 
244  return result;
245 }
246 
247 /**
248  * \test Check that invalid address and port groups are properly handled by the
249  * API.
250  */
251 static int SCRuleVarsNegativeTest02(void)
252 {
253  int result = 1;
254 
256  ConfInit();
257  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
258 
259  result &= (SCRuleVarsGetConfVar(NULL,"$HOME_NETW", SC_RULE_VARS_ADDRESS_GROUPS) == NULL);
260  result &= (SCRuleVarsGetConfVar(NULL,"$home_net", SC_RULE_VARS_ADDRESS_GROUPS) == NULL);
261 
262  result &= (SCRuleVarsGetConfVar(NULL,"$TOMCAT_PORTSW", SC_RULE_VARS_PORT_GROUPS) == NULL);
263  result &= (SCRuleVarsGetConfVar(NULL,"$tomcat_ports", SC_RULE_VARS_PORT_GROUPS) == NULL);
264 
265  ConfDeInit();
267 
268  return result;
269 }
270 
271 /**
272  * \test Check that Signatures with valid address and port groups are parsed
273  * without any errors by the Signature parsing API.
274  */
275 static int SCRuleVarsPositiveTest03(void)
276 {
277  int result = 0;
278  Signature *s = NULL;
279  DetectEngineCtx *de_ctx = NULL;
280 
282  ConfInit();
283  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
284 
285  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
286  goto end;
287  de_ctx->flags |= DE_QUIET;
288 /*
289  s = SigInit(de_ctx, "alert tcp $HTTP_SERVERS any -> any any (msg:\"Rule Vars Test\"; sid:1;)");
290  if (s == NULL)
291  goto end;
292  SigFree(s);
293 
294  s = SigInit(de_ctx, "alert tcp $SMTP_SERVERS any -> $HTTP_SERVERS any (msg:\"Rule Vars Test\"; sid:1;)");
295  if (s == NULL)
296  goto end;
297  SigFree(s);
298 
299  s = SigInit(de_ctx, "alert tcp $AIM_SERVERS any -> $AIM_SERVERS any (msg:\"Rule Vars Test\"; sid:1;)");
300  if (s == NULL)
301  goto end;
302  SigFree(s);
303 
304  s = SigInit(de_ctx, "alert tcp $TELNET_SERVERS any -> any $SSH_PORTS (msg:\"Rule Vars Test\"; sid:1;)");
305  if (s == NULL)
306  goto end;
307  SigFree(s);
308 
309  s = SigInit(de_ctx, "alert tcp $TELNET_SERVERS any -> any !$SSH_PORTS (msg:\"Rule Vars Test\"; sid:1;)");
310  if (s == NULL)
311  goto end;
312  SigFree(s);
313 
314  s = SigInit(de_ctx, "alert tcp $TELNET_SERVERS 80 -> any !$SSH_PORTS (msg:\"Rule Vars Test\"; sid:1;)");
315  if (s == NULL)
316  goto end;
317  SigFree(s);
318 
319  s = SigInit(de_ctx, "alert tcp $TELNET_SERVERS !80 -> any !$SSH_PORTS (msg:\"Rule Vars Test\"; sid:1;)");
320  if (s == NULL)
321  goto end;
322  SigFree(s);
323 
324  s = SigInit(de_ctx, "alert tcp !$HTTP_SERVERS !80 -> any !$SSH_PORTS (msg:\"Rule Vars Test\"; sid:1;)");
325  if (s == NULL)
326  goto end;
327  SigFree(s);
328 
329  s = SigInit(de_ctx, "alert tcp 192.168.1.2 any -> any $HTTP_PORTS (msg:\"Rule Vars Test\"; sid:1;)");
330  if (s == NULL)
331  goto end;
332  SigFree(s);
333 
334  s = SigInit(de_ctx, "alert tcp !192.168.1.2 any -> any $HTTP_PORTS (msg:\"Rule Vars Test\"; sid:1;)");
335  if (s == NULL)
336  goto end;
337  SigFree(s);
338 
339  s = SigInit(de_ctx, "alert tcp !192.168.1.2 any -> any !$HTTP_PORTS (msg:\"Rule Vars Test\"; sid:1;)");
340  if (s == NULL)
341  goto end;
342  SigFree(s);
343 
344  s = SigInit(de_ctx, "alert tcp !192.168.1.2 any -> !$HTTP_SERVERS !$HTTP_PORTS (msg:\"Rule Vars Test\"; sid:1;)");
345  if (s == NULL)
346  goto end;
347  SigFree(s);
348 
349  s = SigInit(de_ctx, "alert tcp !192.168.1.2 $HTTP_PORTS -> !$HTTP_SERVERS !$HTTP_PORTS (msg:\"Rule Vars Test\"; sid:1;)");
350  if (s == NULL)
351  goto end;
352  SigFree(s);
353 
354  s = SigInit(de_ctx, "alert tcp [!192.168.24.0/23,!167.12.0.0/24] any -> any $HTTP_PORTS (msg:\"Rule Vars Test\"; sid:1;)");
355  if (s == NULL)
356  goto end;
357  SigFree(s);
358 
359  s = SigInit(de_ctx, "alert tcp ![192.168.24.0/23,!167.12.0.0/24] any -> any $HTTP_PORTS (msg:\"Rule Vars Test\"; sid:1;)");
360  if (s == NULL)
361  goto end;
362  SigFree(s);
363 
364  s = SigInit(de_ctx, "alert tcp [$HOME_NET,!192.168.1.2] $HTTP_PORTS -> !$HTTP_SERVERS !$HTTP_PORTS (msg:\"Rule Vars Test\"; sid:1;)");
365  if (s == NULL)
366  goto end;
367  SigFree(s);
368 
369  s = SigInit(de_ctx, "alert tcp [[192.168.1.3,$EXTERNAL_NET],192.168.2.5] $HTTP_PORTS -> !$HTTP_SERVERS !$HTTP_PORTS (msg:\"Rule Vars Test\"; sid:1;)");
370  if (s == NULL)
371  goto end;
372  SigFree(s);
373 
374  s = SigInit(de_ctx, "alert tcp [[192.168.1.3,$EXTERNAL_NET],192.168.2.5] $HTTP_PORTS -> !$HTTP_SERVERS [80,[!$HTTP_PORTS,$ORACLE_PORTS]] (msg:\"Rule Vars Test\"; sid:1;)");
375  if (s == NULL)
376  goto end;
377  SigFree(s);
378 */
379  s = SigInit(de_ctx, "alert tcp [$HTTP_SERVERS,$HOME_NET,192.168.2.5] $HTTP_PORTS -> $EXTERNAL_NET [80,[!$HTTP_PORTS,$ORACLE_PORTS]] (msg:\"Rule Vars Test\"; sid:1;)");
380  if (s == NULL)
381  goto end;
382  SigFree(s);
383 
384  result = 1;
385 
386 end:
387  ConfDeInit();
389 
390  if (de_ctx != NULL)
391  DetectEngineCtxFree(de_ctx);
392  return result;
393 }
394 
395 /**
396  * \test Check that Signatures with invalid address and port groups, are
397  * are invalidated by the Singature parsing API.
398  */
399 static int SCRuleVarsNegativeTest04(void)
400 {
401  int result = 0;
402  Signature *s = NULL;
403  DetectEngineCtx *de_ctx = NULL;
404 
406  ConfInit();
407  ConfYamlLoadString(dummy_conf_string, strlen(dummy_conf_string));
408 
409  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
410  goto end;
411  de_ctx->flags |= DE_QUIET;
412 
413  s = SigInit(de_ctx, "alert tcp $HTTP_SERVER any -> any any (msg:\"Rule Vars Test\"; sid:1;)");
414  if (s != NULL)
415  goto end;
416 
417  s = SigInit(de_ctx, "alert tcp $http_servers any -> any any (msg:\"Rule Vars Test\"; sid:1;)");
418  if (s != NULL)
419  goto end;
420  SigFree(s);
421 
422  s = SigInit(de_ctx, "alert tcp $http_servers any -> any $HTTP_PORTS (msg:\"Rule Vars Test\"; sid:1;)");
423  if (s != NULL)
424  goto end;
425  SigFree(s);
426 
427  s = SigInit(de_ctx, "alert tcp !$TELNET_SERVERS !80 -> any !$SSH_PORTS (msg:\"Rule Vars Test\"; sid:1;)");
428  if (s != NULL)
429  goto end;
430  SigFree(s);
431 
432  result = 1;
433 
434 end:
435  ConfDeInit();
437 
438  if (de_ctx != NULL)
439  DetectEngineCtxFree(de_ctx);
440  return result;
441 }
442 
443 static const char *dummy_mt_conf_string =
444  "%YAML 1.1\n"
445  "---\n"
446  "vars:\n"
447  "\n"
448  " address-groups:\n"
449  "\n"
450  " HOME_NET: \"[1.2.3.4]\"\n"
451  " port-groups:\n"
452  " HTTP_PORTS: \"12345\"\n"
453  "multi-detect:\n"
454  " 0:\n"
455  " vars:\n"
456  "\n"
457  " address-groups:\n"
458  "\n"
459  " HOME_NET: \"[8.8.8.8]\"\n"
460  " port-groups:\n"
461  " HTTP_PORTS: \"54321\"\n"
462  "\n";
463 
464 /**
465  * \test Check that valid address and port group vars are correctly retrieved
466  * from the configuration.
467  */
468 static int SCRuleVarsMTest01(void)
469 {
470  int result = 0;
471  DetectEngineCtx *de_ctx = NULL;
472 
474  ConfInit();
475  ConfYamlLoadString(dummy_mt_conf_string, strlen(dummy_mt_conf_string));
476 
477  if ( (de_ctx = DetectEngineCtxInit()) == NULL)
478  return 0;
479  de_ctx->flags |= DE_QUIET;
480  snprintf(de_ctx->config_prefix, sizeof(de_ctx->config_prefix),
481  "multi-detect.0");
482 
483  /* check for address-groups */
484  result = (SCRuleVarsGetConfVar(de_ctx,"$HOME_NET", SC_RULE_VARS_ADDRESS_GROUPS) != NULL &&
485  strcmp(SCRuleVarsGetConfVar(de_ctx,"$HOME_NET", SC_RULE_VARS_ADDRESS_GROUPS),
486  "[8.8.8.8]") == 0);
487  if (result == 0)
488  goto end;
489 
490  result = (SCRuleVarsGetConfVar(NULL,"$HOME_NET", SC_RULE_VARS_ADDRESS_GROUPS) != NULL &&
491  strcmp(SCRuleVarsGetConfVar(NULL,"$HOME_NET", SC_RULE_VARS_ADDRESS_GROUPS),
492  "[1.2.3.4]") == 0);
493  if (result == 0)
494  goto end;
495 
496  /* check for port-groups */
497  result = (SCRuleVarsGetConfVar(de_ctx,"$HTTP_PORTS", SC_RULE_VARS_PORT_GROUPS) != NULL &&
498  strcmp(SCRuleVarsGetConfVar(de_ctx,"$HTTP_PORTS", SC_RULE_VARS_PORT_GROUPS),
499  "54321") == 0);
500  if (result == 0)
501  goto end;
502 
503  result = (SCRuleVarsGetConfVar(NULL,"$HTTP_PORTS", SC_RULE_VARS_PORT_GROUPS) != NULL &&
504  strcmp(SCRuleVarsGetConfVar(NULL,"$HTTP_PORTS", SC_RULE_VARS_PORT_GROUPS),
505  "12345") == 0);
506  if (result == 0)
507  goto end;
508 
509 end:
510  ConfDeInit();
512 
513  if (de_ctx != NULL)
514  DetectEngineCtxFree(de_ctx);
515  return result;
516 }
517 
518 #endif /* UNITTESTS */
519 
521 {
522 #ifdef UNITTESTS
523  UtRegisterTest("SCRuleVarsPositiveTest01", SCRuleVarsPositiveTest01);
524  UtRegisterTest("SCRuleVarsNegativeTest02", SCRuleVarsNegativeTest02);
525  UtRegisterTest("SCRuleVarsPositiveTest03", SCRuleVarsPositiveTest03);
526  UtRegisterTest("SCRuleVarsNegativeTest04", SCRuleVarsNegativeTest04);
527 
528  UtRegisterTest("SCRuleVarsMTest01", SCRuleVarsMTest01);
529 #endif
530 
531  return;
532 }
#define SCLogDebug(...)
Definition: util-debug.h:335
const char * SCMapEnumValueToName(int enum_value, SCEnumCharMap *table)
Maps an enum value to a string name, from the supplied table.
Definition: util-enum.c:69
void SCRuleVarsRegisterTests(void)
const char * SCRuleVarsGetConfVar(const DetectEngineCtx *de_ctx, const char *conf_var_name, SCRuleVarsType conf_vars_type)
SCEnumCharMap sc_rule_vars_type_map[]
void ConfDeInit(void)
De-initializes the configuration system.
Definition: conf.c:722
Signature * SigInit(DetectEngineCtx *, const char *)
Parses a signature and adds it to the Detection Engine Context.
int ConfYamlLoadString(const char *string, size_t len)
Load configuration from a YAML string.
char config_prefix[64]
Definition: detect.h:849
#define SCReturnCharPtr(x)
Definition: util-debug.h:349
Signature container.
Definition: detect.h:492
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:331
main detection engine ctx
Definition: detect.h:720
#define DE_QUIET
Definition: detect.h:298
void ConfCreateContextBackup(void)
Creates a backup of the conf_hash hash_table used by the conf API.
Definition: conf.c:699
uint8_t flags
Definition: detect.h:721
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:294
void SigFree(Signature *)
void ConfInit(void)
Initialize the configuration system.
Definition: conf.c:113
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
#define SCEnter(...)
Definition: util-debug.h:337
void ConfRestoreContextBackup(void)
Restores the backup of the hash_table present in backup_conf_hash back to conf_hash.
Definition: conf.c:711
SCRuleVarsType
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
DetectEngineCtx * DetectEngineCtxInit(void)