diff --git a/src/Makefile.am b/src/Makefile.am index 0ab87fe08a..3ca39e3025 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -138,6 +138,7 @@ detect-http-header.c detect-http-header.h \ detect-http-raw-header.c detect-http-raw-header.h \ detect-http-uri.c detect-http-uri.h \ detect-http-raw-uri.c detect-http-raw-uri.h \ +detect-file-data.c detect-file-data.h \ detect-tls-version.c detect-tls-version.h \ detect-ssh-proto-version.c detect-ssh-proto-version.h \ detect-ssh-software-version.c detect-ssh-software-version.h \ diff --git a/src/detect-file-data.c b/src/detect-file-data.c new file mode 100644 index 0000000000..1dca1ef4b2 --- /dev/null +++ b/src/detect-file-data.c @@ -0,0 +1,77 @@ +/* Copyright (C) 2007-2011 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * \author Victor Julien + * + */ + +#include "suricata-common.h" +#include "threads.h" +#include "debug.h" +#include "decode.h" + +#include "detect.h" +#include "detect-parse.h" + +#include "detect-engine.h" +#include "detect-engine-mpm.h" +#include "detect-engine-state.h" + +#include "flow.h" +#include "flow-var.h" +#include "flow-util.h" + +#include "util-debug.h" +#include "util-spm-bm.h" +#include "util-unittest.h" +#include "util-unittest-helper.h" + +static int DetectFiledataSetup (DetectEngineCtx *, Signature *, char *); + +/** + * \brief Registration function for keyword: file_data + */ +void DetectFiledataRegister(void) { + sigmatch_table[DETECT_FILE_DATA].name = "file_data"; + sigmatch_table[DETECT_FILE_DATA].Match = NULL; + sigmatch_table[DETECT_FILE_DATA].AppLayerMatch = NULL; + sigmatch_table[DETECT_FILE_DATA].alproto = ALPROTO_HTTP; + sigmatch_table[DETECT_FILE_DATA].Setup = DetectFiledataSetup; + sigmatch_table[DETECT_FILE_DATA].Free = NULL; + sigmatch_table[DETECT_FILE_DATA].RegisterTests = NULL; +} + +/** + * \brief this function is used to parse filedata options + * \brief into the current signature + * + * \param de_ctx pointer to the Detection Engine Context + * \param s pointer to the Current Signature + * \param str pointer to the user provided "filestore" option + * + * \retval 0 on Success + * \retval -1 on Failure + */ +static int DetectFiledataSetup (DetectEngineCtx *de_ctx, Signature *s, char *str) +{ + SCEnter(); + + return 0; +} diff --git a/src/detect-file-data.h b/src/detect-file-data.h new file mode 100644 index 0000000000..41cdd734b4 --- /dev/null +++ b/src/detect-file-data.h @@ -0,0 +1,30 @@ +/* Copyright (C) 2007-2011 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * \author Victor Julien + */ + +#ifndef __DETECT_FILEDATA_H__ +#define __DETECT_FILEDATA_H__ + +/* prototypes */ +void DetectFiledataRegister (void); + +#endif /* __DETECT_FILEDATA_H__ */ diff --git a/src/detect.c b/src/detect.c index e54f26ffba..9793339425 100644 --- a/src/detect.c +++ b/src/detect.c @@ -129,6 +129,7 @@ #include "detect-engine-hcd.h" #include "detect-engine-hrud.h" #include "detect-byte-extract.h" +#include "detect-file-data.h" #include "detect-replace.h" #include "detect-tos.h" @@ -4318,6 +4319,7 @@ void SigTableSetup(void) { DetectHttpStatCodeRegister(); DetectSslVersionRegister(); DetectByteExtractRegister(); + DetectFiledataRegister(); DetectFilenameRegister(); DetectFileextRegister(); DetectFilestoreRegister(); diff --git a/src/detect.h b/src/detect.h index aef403e61f..fab36fccbd 100644 --- a/src/detect.h +++ b/src/detect.h @@ -992,6 +992,7 @@ enum { DETECT_AL_SSL_VERSION, DETECT_AL_SSL_STATE, DETECT_BYTE_EXTRACT, + DETECT_FILE_DATA, DETECT_DCE_IFACE, DETECT_DCE_OPNUM,