aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect: register multi-buffer keywords

Browse Source 
Register the keywords that use multi buffer support as such, so that
rule parsing can set them up with multi-instance support.

Ticket: #5784.
pull/8792/head
Victor Julien 2 years ago
parent ad88efc2d8
commit 5890a8a8ab
14 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File

1
src/detect-dns-query.c
Unescape Escape View File

@ -222,6 +222,7 @@ void DetectDnsQueryRegister (void)
DetectBufferTypeSetDescriptionByName("dns_query",
"dns request query");
DetectBufferTypeSupportsMultiInstance("dns_query");
g_dns_query_buffer_id = DetectBufferTypeGetByName("dns_query");

1
src/detect-file-data.c
Unescape Escape View File

@ -159,6 +159,7 @@ void DetectFiledataRegister(void)
"file_data", ALPROTO_FTP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectFiledata, NULL);
DetectBufferTypeSetDescriptionByName("file_data", "data from tracked files");
DetectBufferTypeSupportsMultiInstance("file_data");
g_file_data_buffer_id = DetectBufferTypeGetByName("file_data");
}

1
src/detect-filemagic.c
Unescape Escape View File

@ -162,6 +162,7 @@ void DetectFilemagicRegister(void)
DetectBufferTypeSetDescriptionByName("file.magic",
"file magic");
DetectBufferTypeSupportsMultiInstance("file.magic");
g_file_magic_buffer_id = DetectBufferTypeGetByName("file.magic");
SCLogDebug("registering filemagic rule option");

1
src/detect-filename.c
Unescape Escape View File

@ -160,6 +160,7 @@ void DetectFilenameRegister(void)
}
DetectBufferTypeSetDescriptionByName("file.name", "file name");
DetectBufferTypeSupportsMultiInstance("file.name");
g_file_name_buffer_id = DetectBufferTypeGetByName("file.name");
SCLogDebug("registering filename rule option");

3
src/detect-http2.c
Unescape Escape View File

@ -201,7 +201,7 @@ void DetectHttp2Register(void)
DetectAppLayerInspectEngineRegister2("http2_header_name",
ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateOpen,
DetectEngineInspectHttp2HeaderName, NULL);
DetectBufferTypeSupportsMultiInstance("http2_header_name");
DetectBufferTypeSetDescriptionByName("http2_header_name",
"HTTP2 header name");
g_http2_header_name_buffer_id = DetectBufferTypeGetByName("http2_header_name");
@ -211,6 +211,7 @@ void DetectHttp2Register(void)
sigmatch_table[DETECT_HTTP2_HEADER].url = "/rules/http2-keywords.html#header";
sigmatch_table[DETECT_HTTP2_HEADER].Setup = DetectHTTP2headerSetup;
sigmatch_table[DETECT_HTTP2_HEADER].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
DetectBufferTypeSupportsMultiInstance("http2_header");
DetectAppLayerMpmRegister2("http2_header", SIG_FLAG_TOCLIENT, 2,
PrefilterMpmHttp2HeaderRegister, NULL,

2
src/detect-ike-vendor.c
Unescape Escape View File

@ -189,6 +189,8 @@ void DetectIkeVendorRegister(void)
"ike.vendor", ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, DetectEngineInspectIkeVendor, NULL);
g_ike_vendor_buffer_id = DetectBufferTypeGetByName("ike.vendor");
DetectBufferTypeSupportsMultiInstance("ike.vendor");
}
/**

2
src/detect-krb5-cname.c
Unescape Escape View File

@ -209,4 +209,6 @@ void DetectKrb5CNameRegister(void)
"Kerberos 5 ticket client name");
g_krb5_cname_buffer_id = DetectBufferTypeGetByName("krb5_cname");
DetectBufferTypeSupportsMultiInstance("krb5_cname");
}

2
src/detect-krb5-sname.c
Unescape Escape View File

@ -209,4 +209,6 @@ void DetectKrb5SNameRegister(void)
"Kerberos 5 ticket server name");
g_krb5_sname_buffer_id = DetectBufferTypeGetByName("krb5_sname");
DetectBufferTypeSupportsMultiInstance("krb5_sname");
}

2
src/detect-mqtt-subscribe-topic.c
Unescape Escape View File

@ -224,6 +224,8 @@ void DetectMQTTSubscribeTopicRegister (void)
"subscribe topic query");
g_mqtt_subscribe_topic_buffer_id = DetectBufferTypeGetByName("mqtt.subscribe.topic");
DetectBufferTypeSupportsMultiInstance("mqtt.subscribe.topic");
}
/**

2
src/detect-mqtt-unsubscribe-topic.c
Unescape Escape View File

@ -224,6 +224,8 @@ void DetectMQTTUnsubscribeTopicRegister (void)
"unsubscribe topic query");
g_mqtt_unsubscribe_topic_buffer_id = DetectBufferTypeGetByName("mqtt.unsubscribe.topic");
DetectBufferTypeSupportsMultiInstance("mqtt.unsubscribe.topic");
}
/**

2
src/detect-quic-cyu-hash.c
Unescape Escape View File

@ -245,6 +245,8 @@ void DetectQuicCyuHashRegister(void)
g_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME);
DetectBufferTypeRegisterValidateCallback(BUFFER_NAME, DetectQuicHashValidateCallback);
DetectBufferTypeSupportsMultiInstance(BUFFER_NAME);
}
#ifdef UNITTESTS

2
src/detect-quic-cyu-string.c
Unescape Escape View File

@ -197,6 +197,8 @@ void DetectQuicCyuStringRegister(void)
g_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME);
DetectBufferTypeSupportsMultiInstance(BUFFER_NAME);
SCLogDebug("registering " BUFFER_NAME " rule option");
}

2
src/detect-tls-cert-subject.c
Unescape Escape View File

@ -92,6 +92,8 @@ void DetectTlsSubjectRegister(void)
PrefilterGenericMpmRegister, GetData, ALPROTO_TLS,
TLS_STATE_CERT_READY);
DetectBufferTypeSupportsMultiInstance("tls.cert_subject");
DetectBufferTypeSetDescriptionByName("tls.cert_subject",
"TLS certificate subject");

2
src/detect-tls-certs.c
Unescape Escape View File

@ -110,6 +110,8 @@ void DetectTlsCertsRegister(void)
DetectBufferTypeSetDescriptionByName("tls.certs", "TLS certificate");
DetectBufferTypeSupportsMultiInstance("tls.certs");
g_tls_certs_buffer_id = DetectBufferTypeGetByName("tls.certs");
}

Write Preview
Loading…
Cancel
Save