aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main-8.0.x
main
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '59b98649de'
${ noResults }
suricata/scripts/setup-app-layer-detect.sh

236 lines
4.9 KiB
Bash
Raw Blame History

#! /usr/bin/env bash
#
# Script to provision a new application layer detector and parser.
set -e
function usage() {
cat <<EOF
usage: $0 <protocol name>
This script will provision content inspection for app-layer decoded
buffers.
Examples:
$0 DNP3
$0 Gopher
EOF
}
fail_if_exists() {
path="$1"
if test -e "${path}"; then
echo "error: ${path} already exists."
exit 1
fi
}
function copy_template_file() {
src="$1"
dst="$2"
echo "Creating ${dst}."
sed -e '/TEMPLATE_START_REMOVE/,/TEMPLATE_END_REMOVE/d' \
-e "s/TEMPLATE/${protoname_upper}/g" \
-e "s/template/${protoname_lower}/g" \
-e "s/Template/${protoname}/g" \
> ${dst} < ${src}
}
function copy_templates() {
detect_h_dst="src/detect-${protoname_lower}-buffer.h"
detect_c_dst="src/detect-${protoname_lower}-buffer.c"
detect_engine_h_dst="src/detect-engine-${protoname_lower}.h"
detect_engine_c_dst="src/detect-engine-${protoname_lower}.c"
fail_if_exists ${detect_h_dst}
fail_if_exists ${detect_c_dst}
fail_if_exists ${detect_engine_h_dst}
fail_if_exists ${detect_engine_c_dst}
copy_template_file "src/detect-template-buffer.h" ${detect_h_dst}
copy_template_file "src/detect-template-buffer.c" ${detect_c_dst}
copy_template_file "src/detect-engine-template.h" ${detect_engine_h_dst}
copy_template_file "src/detect-engine-template.c" ${detect_engine_c_dst}
}
function patch_makefile_am() {
filename="src/Makefile.am"
echo "Patching ${filename}."
ed -s ${filename} > /dev/null <<EOF
/^detect-engine-template.c
t-
s/template/${protoname_lower}/g
/^detect-template-buffer.c
t-
s/template/${protoname_lower}/g
w
EOF
}
function patch_detect_engine_content_inspection_h() {
filename="src/detect-engine-content-inspection.h"
echo "Patching ${filename}."
ed -s ${filename} > /dev/null <<EOF
/DETECT_ENGINE_CONTENT_INSPECTION_MODE_TEMPLATE_BUFFER
t-
s/TEMPLATE/${protoname_upper}/
w
EOF
}
function patch_detect_engine_state_h() {
filename="src/detect-engine-state.h"
echo "Patching ${filename}."
ed -s ${filename} > /dev/null <<EOF
/#define DE_STATE_FLAG_TEMPLATE_BUFFER_INSPECT
t-
s/TEMPLATE/${protoname_upper}/
w
EOF
}
function patch_detect_engine_c() {
filename="src/detect-engine.c"
echo "Patching ${filename}."
ed -s ${filename} > /dev/null <<EOF
/#include "detect-engine-template.h"
t-
s/template/${protoname_lower}/
w
/ALPROTO_TEMPLATE
-2
.,+6t-
-6
.,+6s/Template/${protoname}/g
-6
.,+6s/TEMPLATE/${protoname_upper}/g
+6
/ALPROTO_TEMPLATE
-2
.,+6t-
-6
.,+6s/Template/${protoname}/g
-6
.,+6s/TEMPLATE/${protoname_upper}/g
w
EOF
ed -s ${filename} > /dev/null <<EOF
/case DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH
.,+1t-
-
s/TEMPLATE/${protoname_upper}/g
+
s/template/${protoname_lower}/g
w
EOF
}
function patch_detect_parse_c() {
filename="src/detect-parse.c"
echo "Patching ${filename}."
ed -s ${filename} > /dev/null <<EOF
/\/\* Template\. \*\/
.,+4t-
-4s/Template/${protoname}/g
+1s/TEMPLATE/${protoname_upper}/g
w
EOF
}
function patch_detect_c() {
filename="src/detect.c"
echo "Patching ${filename}."
ed -s ${filename} > /dev/null <<EOF
/#include "detect-template-buffer.h"
t-
s/template/${protoname_lower}/
/case ALPROTO_TEMPLATE
.,+3t-
-3
s/ALPROTO_TEMPLATE/ALPROTO_${protoname_upper}/g
+
s/template/${protoname_lower}/g
+
s/TEMPLATE/${protoname_upper}/g
+2
/ALPROTO_TEMPLATE
.,+3t-
-3
.,+s/TEMPLATE/${protoname_upper}/g
+
s/template/${protoname_lower}/g
+3
/SIG_MASK_REQUIRE_TEMPLATE_STATE
.t-
s/TEMPLATE/${protoname_upper}/g
/DetectTemplateBufferRegister
t-
s/Template/${protoname}/
w
EOF
}
function patch_detect_h() {
filename="src/detect.h"
echo "Patching ${filename}."
ed -s ${filename} > /dev/null <<EOF
/DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH
t-
s/TEMPLATE/${protoname_upper}/
/SIG_MASK_REQUIRE_TEMPLATE_STATE
t-
s/TEMPLATE/${protoname_upper}/
/DETECT_AL_TEMPLATE_BUFFER
t-
s/TEMPLATE/${protoname_upper}/
w
EOF
}
protoname="$1"
if [ "${protoname}" = "" ]; then
usage
exit 1
fi
protoname_lower=$(printf ${protoname} | tr '[:upper:]' '[:lower:]')
protoname_upper=$(printf ${protoname} | tr '[:lower:]' '[:upper:]')
copy_templates
patch_makefile_am
patch_detect_engine_content_inspection_h
patch_detect_engine_state_h
patch_detect_engine_c
patch_detect_parse_c
patch_detect_c
patch_detect_h
cat <<EOF
The following files have been created and linked into the build:
detect-${protoname_lower}-buffer.h detect-${protoname_lower}-buffer.c
The setup for the content inspection modifier keyword.
detect-engine-${protoname_lower}.h detect-engine-${protoname_lower}.c
The content inspection engine.
Please fix in src/detect-engine-state.h the values for:
DE_STATE_FLAG_${protoname_upper}_BUFFER_INSPECT
DE_STATE_FLAG_TEMPLATE_BUFFER_INSPECT
Please fix in src/detect.h the values for:
SIG_MASK_REQUIRE_${protoname_upper}_STATE
SIG_MASK_REQUIRE_TEMPLATE_STATE
EOF
Reference in New Issue View Git Blame Copy Permalink