aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feature #414 - support listing supported keywords. Remove support for dummy keywords __address__, __proto__, __port__. Remove support for recursive keyword and all references to it

Browse Source
remotes/origin/master
Anoop Saldanha 14 years ago committed by Victor Julien
parent 603d4a719a
commit e682796d03
12 changed files with 74 additions and 209 deletions
Show Stats Download Patch File Download Diff File

11
src/detect-engine-address.c
Unescape Escape View File

@ -44,17 +44,6 @@
#include "util-debug.h"
#include "util-print.h"
void DetectAddressTests(void);
void DetectAddressRegister(void)
{
sigmatch_table[DETECT_ADDRESS].name = "__address__";
sigmatch_table[DETECT_ADDRESS].Match = NULL;
sigmatch_table[DETECT_ADDRESS].Setup = NULL;
sigmatch_table[DETECT_ADDRESS].Free = NULL;
sigmatch_table[DETECT_ADDRESS].RegisterTests = DetectAddressTests;
}
/* prototypes */
void DetectAddressPrint(DetectAddress *);
static int DetectAddressCutNot(DetectAddress *, DetectAddress **);

3
src/detect-engine-address.h
Unescape Escape View File

@ -55,4 +55,7 @@ int DetectAddressCmp(DetectAddress *, DetectAddress *);
int DetectAddressMatchIPv4(DetectMatchAddressIPv4 *, uint16_t, Address *);
int DetectAddressMatchIPv6(DetectMatchAddressIPv6 *, uint16_t, Address *);
void DetectAddressTests(void);
#endif /* __DETECT_ADDRESS_H__ */

11
src/detect-engine-port.c
Unescape Escape View File

@ -47,7 +47,6 @@
#include "util-debug.h"
#include "util-error.h"
void DetectPortTests(void);
static int DetectPortCutNot(DetectPort *, DetectPort **);
static int DetectPortCut(DetectEngineCtx *, DetectPort *, DetectPort *,
DetectPort **);
@ -59,16 +58,6 @@ static uint32_t detect_port_memory = 0;
static uint32_t detect_port_init_cnt = 0;
static uint32_t detect_port_free_cnt = 0;
/** DetectPort module registration */
void DetectPortRegister(void) {
sigmatch_table[DETECT_PORT].name = "__port__";
sigmatch_table[DETECT_PORT].Match = NULL;
sigmatch_table[DETECT_PORT].Setup = NULL;
sigmatch_table[DETECT_PORT].Free = NULL;
sigmatch_table[DETECT_PORT].RegisterTests = DetectPortTests;
}
/**
* \brief Alloc a DetectPort structure and update counters
*

4
src/detect-engine-port.h
Unescape Escape View File

@ -25,8 +25,6 @@
#define __DETECT_PORT_H__
/* prototypes */
void DetectPortRegister (void);
int DetectPortParse(DetectPort **head, char *str);
DetectPort *DetectPortCopy(DetectEngineCtx *, DetectPort *);
@ -62,5 +60,7 @@ void DetectPortPrintList(DetectPort *head);
int DetectPortCmp(DetectPort *, DetectPort *);
void DetectPortFree(DetectPort *);
void DetectPortTests(void);
#endif /* __DETECT_PORT_H__ */

15
src/detect-engine-proto.c
Unescape Escape View File

@ -44,21 +44,6 @@
#include "util-unittest-helper.h"
#include "util-debug.h"
/*Prototypes*/
void DetectProtoTests (void);
/**
* \brief To register the protocol detection function
*/
void DetectProtoRegister (void)
{
sigmatch_table[DETECT_PROTO].name = "__proto__";
sigmatch_table[DETECT_PROTO].Match = NULL;
sigmatch_table[DETECT_PROTO].Setup = NULL;
sigmatch_table[DETECT_PROTO].Free = NULL;
sigmatch_table[DETECT_PROTO].RegisterTests = DetectProtoTests;
}
/**
* \brief Function to initialize the protocol detection and
* allocate memory to the DetectProto structure.

3
src/detect-engine-proto.h
Unescape Escape View File

@ -37,9 +37,10 @@ typedef struct DetectProto_ {
} DetectProto;
/* prototypes */
void DetectProtoRegister (void);
int DetectProtoParse(DetectProto *dp, char *str);
int DetectProtoContainsProto(DetectProto *, int);
void DetectProtoTests(void);
#endif /* __DETECT_PROTO_H__ */

33
src/detect-pcre.c
Unescape Escape View File

@ -93,24 +93,6 @@ void DetectPcreRegister (void) {
sigmatch_table[DETECT_PCRE].flags |= SIGMATCH_PAYLOAD;
sigmatch_table[DETECT_PCRE_HTTPCOOKIE].name = "__pcre_http_cookie__"; /* not a real keyword */
sigmatch_table[DETECT_PCRE_HTTPCOOKIE].Match = NULL;
sigmatch_table[DETECT_PCRE_HTTPCOOKIE].AppLayerMatch = DetectPcreALMatchCookie;
sigmatch_table[DETECT_PCRE_HTTPCOOKIE].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_PCRE_HTTPCOOKIE].Setup = NULL;
sigmatch_table[DETECT_PCRE_HTTPCOOKIE].Free = DetectPcreFree;
sigmatch_table[DETECT_PCRE_HTTPCOOKIE].RegisterTests = NULL;
sigmatch_table[DETECT_PCRE_HTTPCOOKIE].flags |= SIGMATCH_PAYLOAD;
sigmatch_table[DETECT_PCRE_HTTPMETHOD].name = "__pcre_http_method__"; /* not a real keyword */
sigmatch_table[DETECT_PCRE_HTTPMETHOD].Match = NULL;
sigmatch_table[DETECT_PCRE_HTTPMETHOD].AppLayerMatch = DetectPcreALMatchMethod;
sigmatch_table[DETECT_PCRE_HTTPMETHOD].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_PCRE_HTTPMETHOD].Setup = NULL;
sigmatch_table[DETECT_PCRE_HTTPMETHOD].Free = DetectPcreFree;
sigmatch_table[DETECT_PCRE_HTTPMETHOD].RegisterTests = NULL;
sigmatch_table[DETECT_PCRE_HTTPMETHOD].flags |= SIGMATCH_PAYLOAD;
const char *eb;
int eo;
int opts = 0;
@ -490,10 +472,7 @@ int DetectPcrePayloadMatch(DetectEngineThreadCtx *det_ctx, Signature *s,
//if (pe->flags & DETECT_PCRE_HTTP_BODY_AL)
// SCReturnInt(0);
if (s->flags & SIG_FLAG_RECURSIVE) {
ptr = payload + det_ctx->buffer_offset;
len = payload_len - det_ctx->buffer_offset;
} else if (pe->flags & DETECT_PCRE_RELATIVE) {
if (pe->flags & DETECT_PCRE_RELATIVE) {
ptr = payload + det_ctx->buffer_offset;
len = payload_len - det_ctx->buffer_offset;
} else {
@ -587,10 +566,7 @@ int DetectPcrePacketPayloadMatch(DetectEngineThreadCtx *det_ctx, Packet *p, Sign
if (pe->flags & DETECT_PCRE_HTTP_CLIENT_BODY)
SCReturnInt(0);
if (s->flags & SIG_FLAG_RECURSIVE) {
ptr = p->payload + det_ctx->buffer_offset;
len = p->payload_len - det_ctx->buffer_offset;
} else if (pe->flags & DETECT_PCRE_RELATIVE) {
if (pe->flags & DETECT_PCRE_RELATIVE) {
ptr = p->payload + det_ctx->buffer_offset;
len = p->payload_len - det_ctx->buffer_offset;
if (ptr == NULL || len == 0)
@ -680,10 +656,7 @@ int DetectPcrePayloadDoMatch(DetectEngineThreadCtx *det_ctx, Signature *s,
if (pe->flags & DETECT_PCRE_HTTP_CLIENT_BODY)
SCReturnInt(0);
if (s->flags & SIG_FLAG_RECURSIVE) {
ptr = data + det_ctx->buffer_offset;
len = data_len - det_ctx->buffer_offset;
} else if (pe->flags & DETECT_PCRE_RELATIVE) {
if (pe->flags & DETECT_PCRE_RELATIVE) {
ptr = data + det_ctx->buffer_offset;
len = data_len - det_ctx->buffer_offset;
if (ptr == NULL || len == 0)

58
src/detect-recursive.c
Unescape Escape View File

@ -1,58 +0,0 @@
/* Copyright (C) 2007-2010 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/**
* \file
*
* \author Victor Julien <victor@inliniac.net>
*
* Implements recursive keyword support
*
* Used to capture variables recursively in a payload,
* used for example to extract http_uri for uricontent.
*
* Note: non Snort compatible.
*/
#include "suricata-common.h"
#include "decode.h"
#include "detect.h"
#include "flow-var.h"
static int DetectRecursiveSetup (DetectEngineCtx *, Signature *, char *);
void DetectRecursiveRegister (void) {
sigmatch_table[DETECT_RECURSIVE].name = "recursive";
sigmatch_table[DETECT_RECURSIVE].Match = NULL;
sigmatch_table[DETECT_RECURSIVE].Setup = DetectRecursiveSetup;
sigmatch_table[DETECT_RECURSIVE].Free = NULL;
sigmatch_table[DETECT_RECURSIVE].RegisterTests = NULL;
sigmatch_table[DETECT_RECURSIVE].flags |= SIGMATCH_NOOPT;
}
static int DetectRecursiveSetup (DetectEngineCtx *de_ctx, Signature *s, char *nullstr)
{
if (nullstr != NULL) {
printf("DetectRecursiveSetup: recursive has no value\n");
return -1;
}
s->flags |= SIG_FLAG_RECURSIVE;
return 0;
}

31
src/detect-recursive.h
Unescape Escape View File

@ -1,31 +0,0 @@
/* Copyright (C) 2007-2010 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/**
* \file
*
* \author Victor Julien <victor@inliniac.net>
*/
#ifndef __DETECT_RECURSIVE_H__
#define __DETECT_RECURSIVE_H__
/* prototypes */
void DetectRecursiveRegister (void);
#endif /* __DETECT_RECURSIVE_H__ */

40
src/detect.c
Unescape Escape View File

@ -65,7 +65,6 @@
#include "detect-pcre.h"
#include "detect-depth.h"
#include "detect-nocase.h"
#include "detect-recursive.h"
#include "detect-rawbytes.h"
#include "detect-bytetest.h"
#include "detect-bytejump.h"
@ -2204,8 +2203,6 @@ static int SignatureCreateMask(Signature *s) {
case DETECT_AL_HTTP_RAW_HEADER:
case DETECT_AL_HTTP_URI:
case DETECT_AL_HTTP_RAW_URI:
case DETECT_PCRE_HTTPBODY:
case DETECT_PCRE_HTTPHEADER:
s->mask |= SIG_MASK_REQUIRE_HTTP_STATE;
SCLogDebug("sig requires dce http state");
break;
@ -4433,13 +4430,23 @@ int SigGroupCleanup (DetectEngineCtx *de_ctx) {
return 0;
}
void SigTableList(void)
{
size_t size = sizeof(sigmatch_table) / sizeof(SigTableElmt);
size_t i;
printf("=====Supported keywords=====\n");
for (i = 0; i < size; i++) {
if (sigmatch_table[i].name != NULL)
printf("- %s\n", sigmatch_table[i].name);
}
return;
}
void SigTableSetup(void) {
memset(sigmatch_table, 0, sizeof(sigmatch_table));
DetectAddressRegister();
DetectProtoRegister();
DetectPortRegister();
DetectSidRegister();
DetectPriorityRegister();
DetectRevRegister();
@ -4456,7 +4463,6 @@ void SigTableSetup(void) {
DetectPcreRegister();
DetectDepthRegister();
DetectNocaseRegister();
DetectRecursiveRegister();
DetectRawbytesRegister();
DetectBytetestRegister();
DetectBytejumpRegister();
@ -4629,7 +4635,7 @@ static int SigTest01Real (int mpm_type) {
Packet *p = UTHBuildPacket( buf, buflen, IPPROTO_TCP);
int result = 0;
char sig[] = "alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:1;)";
char sig[] = "alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; sid:1;)";
if (UTHPacketMatchSigMpm(p, sig, mpm_type) == 0) {
result = 0;
goto end;
@ -4915,7 +4921,7 @@ static int SigTest06Real (int mpm_type) {
de_ctx->mpm_matcher = mpm_type;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:1;)");
de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; sid:1;)");
if (de_ctx->sig_list == NULL) {
result = 0;
goto end;
@ -5008,7 +5014,7 @@ static int SigTest07Real (int mpm_type) {
de_ctx->mpm_matcher = mpm_type;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:1;)");
de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; sid:1;)");
if (de_ctx->sig_list == NULL) {
result = 0;
goto end;
@ -8651,7 +8657,7 @@ static int SigTestMemory01 (void) {
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:1;)");
de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; sid:1;)");
if (de_ctx->sig_list == NULL) {
result = 0;
goto end;
@ -8692,12 +8698,12 @@ static int SigTestMemory02 (void) {
}
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any 456 (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:1;)");
de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any 456 (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; sid:1;)");
if (de_ctx->sig_list == NULL) {
result = 0;
goto end;
}
de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any 1:1000 (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:2;)");
de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any 1:1000 (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; sid:2;)");
if (de_ctx->sig_list->next == NULL) {
result = 0;
goto end;
@ -8735,17 +8741,17 @@ static int SigTestMemory03 (void) {
}
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> 1.2.3.4 456 (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:1;)");
de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> 1.2.3.4 456 (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; sid:1;)");
if (de_ctx->sig_list == NULL) {
result = 0;
goto end;
}
de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> 1.2.3.3-1.2.3.6 1:1000 (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:2;)");
de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> 1.2.3.3-1.2.3.6 1:1000 (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; sid:2;)");
if (de_ctx->sig_list->next == NULL) {
result = 0;
goto end;
}
de_ctx->sig_list->next->next = SigInit(de_ctx,"alert tcp any any -> !1.2.3.5 1:990 (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:3;)");
de_ctx->sig_list->next->next = SigInit(de_ctx,"alert tcp any any -> !1.2.3.5 1:990 (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; sid:3;)");
if (de_ctx->sig_list->next->next == NULL) {
result = 0;
goto end;

53
src/detect.h
Unescape Escape View File

@ -230,36 +230,34 @@ typedef struct DetectPort_ {
} DetectPort;
/* Signature flags */
#define SIG_FLAG_RECURSIVE (1) /**< recursive capturing enabled */
#define SIG_FLAG_SRC_ANY (1) /**< source is any */
#define SIG_FLAG_DST_ANY (1<<1) /**< destination is any */
#define SIG_FLAG_SP_ANY (1<<2) /**< source port is any */
#define SIG_FLAG_DP_ANY (1<<3) /**< destination port is any */
#define SIG_FLAG_SRC_ANY (1<<1) /**< source is any */
#define SIG_FLAG_DST_ANY (1<<2) /**< destination is any */
#define SIG_FLAG_SP_ANY (1<<3) /**< source port is any */
#define SIG_FLAG_DP_ANY (1<<4) /**< destination port is any */
#define SIG_FLAG_NOALERT (1<<4) /**< no alert flag is set */
#define SIG_FLAG_DSIZE (1<<5) /**< signature has a dsize setting */
#define SIG_FLAG_APPLAYER (1<<6) /**< signature applies to app layer instead of packets */
#define SIG_FLAG_IPONLY (1<<7) /**< ip only signature */
#define SIG_FLAG_NOALERT (1<<5) /**< no alert flag is set */
#define SIG_FLAG_DSIZE (1<<6) /**< signature has a dsize setting */
#define SIG_FLAG_APPLAYER (1<<7) /**< signature applies to app layer instead of packets */
#define SIG_FLAG_IPONLY (1<<8) /**< ip only signature */
#define SIG_FLAG_STATE_MATCH (1<<8) /**< signature has matches that require stateful inspection */
#define SIG_FLAG_STATE_MATCH (1<<9) /**< signature has matches that require stateful inspection */
#define SIG_FLAG_REQUIRE_PACKET (1<<9) /**< signature is requiring packet match */
#define SIG_FLAG_REQUIRE_STREAM (1<<10) /**< signature is requiring stream match */
#define SIG_FLAG_REQUIRE_PACKET (1<<10) /**< signature is requiring packet match */
#define SIG_FLAG_REQUIRE_STREAM (1<<11) /**< signature is requiring stream match */
#define SIG_FLAG_MPM_PACKET (1<<11)
#define SIG_FLAG_MPM_PACKET_NEG (1<<12)
#define SIG_FLAG_MPM_STREAM (1<<13)
#define SIG_FLAG_MPM_STREAM_NEG (1<<14)
#define SIG_FLAG_MPM_HTTP (1<<15)
#define SIG_FLAG_MPM_HTTP_NEG (1<<16)
#define SIG_FLAG_MPM_PACKET (1<<12)
#define SIG_FLAG_MPM_PACKET_NEG (1<<13)
#define SIG_FLAG_MPM_STREAM (1<<14)
#define SIG_FLAG_MPM_STREAM_NEG (1<<15)
#define SIG_FLAG_MPM_HTTP (1<<16)
#define SIG_FLAG_MPM_HTTP_NEG (1<<17)
#define SIG_FLAG_REQUIRE_FLOWVAR (1<<17) /**< signature can only match if a flowbit, flowvar or flowint is available. */
#define SIG_FLAG_REQUIRE_FLOWVAR (1<<18) /**< signature can only match if a flowbit, flowvar or flowint is available. */
#define SIG_FLAG_FILESTORE (1<<18) /**< signature has filestore keyword */
#define SIG_FLAG_FILESTORE (1<<19) /**< signature has filestore keyword */
#define SIG_FLAG_TOSERVER (1<<20)
#define SIG_FLAG_TOCLIENT (1<<21)
#define SIG_FLAG_TOSERVER (1<<19)
#define SIG_FLAG_TOCLIENT (1<<20)
/* signature init flags */
#define SIG_FLAG_INIT_DEONLY 1 /**< decode event only signature */
@ -949,10 +947,6 @@ enum {
DETECT_CONTENT,
DETECT_URICONTENT,
DETECT_PCRE,
DETECT_PCRE_HTTPBODY,
DETECT_PCRE_HTTPCOOKIE,
DETECT_PCRE_HTTPHEADER,
DETECT_PCRE_HTTPMETHOD,
DETECT_ACK,
DETECT_SEQ,
DETECT_DEPTH,
@ -962,7 +956,6 @@ enum {
DETECT_REPLACE,
DETECT_NOCASE,
DETECT_FAST_PATTERN,
DETECT_RECURSIVE,
DETECT_RAWBYTES,
DETECT_BYTETEST,
DETECT_BYTEJUMP,
@ -997,9 +990,6 @@ enum {
DETECT_ICMP_SEQ,
DETECT_DETECTION_FILTER,
DETECT_ADDRESS,
DETECT_PROTO,
DETECT_PORT,
DETECT_DECODE_EVENT,
DETECT_IPOPTS,
DETECT_FLAGS,
@ -1064,6 +1054,7 @@ int SigGroupCleanup (DetectEngineCtx *de_ctx);
void SigAddressPrepareBidirectionals (DetectEngineCtx *);
int SigLoadSignatures (DetectEngineCtx *, char *, int);
void SigTableList(void);
void SigTableSetup(void);
int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, Packet *p);

21
src/suricata.c
Unescape Escape View File

@ -52,6 +52,9 @@
#include "detect-parse.h"
#include "detect-engine.h"
#include "detect-engine-address.h"
#include "detect-engine-proto.h"
#include "detect-engine-port.h"
#include "detect-engine-mpm.h"
#include "detect-engine-sigorder.h"
#include "detect-engine-payload.h"
@ -434,6 +437,7 @@ void usage(const char *progname)
printf("\t-u : run the unittests and exit\n");
printf("\t-U, --unittest-filter=REGEX : filter unittests with a regex\n");
printf("\t--list-unittests : list unit tests\n");
printf("\t--list-keywords : list all keywords implemented by the engine\n");
printf("\t--fatal-unittests : enable fatal failure on unittest error\n");
#endif /* UNITTESTS */
#ifdef __SC_CUDA_SUPPORT__
@ -610,6 +614,7 @@ int main(int argc, char **argv)
int list_unittests = 0;
int list_cuda_cards = 0;
int list_runmodes = 0;
int list_keywords = 0;
const char *runmode_custom_mode = NULL;
int daemon = 0;
#ifndef OS_WIN32
@ -686,6 +691,7 @@ int main(int argc, char **argv)
{"list-unittests", 0, &list_unittests, 1},
{"list-cuda-cards", 0, &list_cuda_cards, 1},
{"list-runmodes", 0, &list_runmodes, 1},
{"list-keywords", 0, &list_keywords, 1},
{"runmode", required_argument, NULL, 0},
{"engine-analysis", 0, &engine_analysis, 1},
#ifdef OS_WIN32
@ -835,6 +841,8 @@ int main(int argc, char **argv)
} else if (strcmp((long_opts[option_index]).name, "list-runmodes") == 0) {
RunModeListRunmodes();
exit(EXIT_SUCCESS);
} else if (strcmp((long_opts[option_index]).name, "list-keywords") == 0) {
// do nothing
} else if (strcmp((long_opts[option_index]).name, "runmode") == 0) {
runmode_custom_mode = optarg;
} else if(strcmp((long_opts[option_index]).name, "engine-analysis") == 0) {
@ -1170,7 +1178,8 @@ int main(int argc, char **argv)
}
}
} else if (run_mode != RUNMODE_UNITTEST){
} else if (run_mode != RUNMODE_UNITTEST &&
!list_keywords){
SCLogError(SC_ERR_OPENING_FILE, "Configuration file has not been provided");
usage(argv[0]);
exit(EXIT_FAILURE);
@ -1256,7 +1265,7 @@ int main(int argc, char **argv)
DefragInit();
if (run_mode == RUNMODE_UNKNOWN) {
if (!engine_analysis) {
if (!engine_analysis && !list_keywords) {
usage(argv[0]);
exit(EXIT_FAILURE);
}
@ -1287,8 +1296,13 @@ int main(int argc, char **argv)
/* hardcoded initialization code */
MpmTableSetup(); /* load the pattern matchers */
SigTableSetup(); /* load the rule keywords */
if (list_keywords) {
SigTableList();
exit(EXIT_FAILURE);
}
TmqhSetup();
CIDRInit();
SigParsePrepare();
//PatternMatchPrepare(mpm_ctx, MPM_B2G);
@ -1446,6 +1460,9 @@ int main(int argc, char **argv)
SMTPParserRegisterTests();
MagicRegisterTests();
UtilMiscRegisterTests();
DetectAddressTests();
DetectProtoTests();
DetectPortTests();
if (list_unittests) {
UtListTests(regex_arg);
}

Write Preview
Loading…
Cancel
Save