aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect/tls: convert to v2 inspect API

Browse Source
pull/5635/head
Victor Julien 5 years ago
parent 71a508000b
commit 494f8f2700
3 changed files with 30 additions and 44 deletions
Show Stats Download Patch File Download Diff File

30
src/detect-ssl-state.c
Unescape Escape View File

@ -66,11 +66,9 @@ static void DetectSslStateRegisterTests(void);
#endif #endif
static void DetectSslStateFree(DetectEngineCtx *, void *); static void DetectSslStateFree(DetectEngineCtx *, void *);
static int InspectTlsGeneric(ThreadVars *tv, static int InspectTlsGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
const Signature *s, const SigMatchData *smd, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
Flow *f, uint8_t flags, void *alstate,
void *txv, uint64_t tx_id);
static int g_tls_generic_list_id = 0; static int g_tls_generic_list_id = 0;
@ -96,22 +94,18 @@ void DetectSslStateRegister(void)
DetectBufferTypeSetDescriptionByName("tls_generic", DetectBufferTypeSetDescriptionByName("tls_generic",
"generic ssl/tls inspection"); "generic ssl/tls inspection");
DetectAppLayerInspectEngineRegister("tls_generic", DetectAppLayerInspectEngineRegister2(
ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, "tls_generic", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, InspectTlsGeneric, NULL);
InspectTlsGeneric); DetectAppLayerInspectEngineRegister2(
DetectAppLayerInspectEngineRegister("tls_generic", "tls_generic", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, InspectTlsGeneric, NULL);
ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0,
InspectTlsGeneric);
} }
static int InspectTlsGeneric(ThreadVars *tv, static int InspectTlsGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
const Signature *s, const SigMatchData *smd, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Flow *f, uint8_t flags, void *alstate,
void *txv, uint64_t tx_id)
{ {
return DetectEngineInspectGenericList(tv, de_ctx, det_ctx, s, smd, return DetectEngineInspectGenericList(
f, flags, alstate, txv, tx_id); NULL, de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
} }
/** /**

25
src/detect-tls-cert-validity.c
Unescape Escape View File

@ -75,11 +75,9 @@ static void TlsValidRegisterTests(void);
static void DetectTlsValidityFree(DetectEngineCtx *, void *); static void DetectTlsValidityFree(DetectEngineCtx *, void *);
static int g_tls_validity_buffer_id = 0; static int g_tls_validity_buffer_id = 0;
static int DetectEngineInspectTlsValidity(ThreadVars *tv, static int DetectEngineInspectTlsValidity(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
const Signature *s, const SigMatchData *smd, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
Flow *f, uint8_t flags, void *alstate,
void *txv, uint64_t tx_id);
/** /**
* \brief Registration function for tls validity keywords. * \brief Registration function for tls validity keywords.
@ -130,21 +128,18 @@ void DetectTlsValidityRegister (void)
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
DetectAppLayerInspectEngineRegister("tls_validity", DetectAppLayerInspectEngineRegister2("tls_validity", ALPROTO_TLS, SIG_FLAG_TOCLIENT,
ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, TLS_STATE_CERT_READY, DetectEngineInspectTlsValidity, NULL);
DetectEngineInspectTlsValidity);
g_tls_validity_buffer_id = DetectBufferTypeGetByName("tls_validity"); g_tls_validity_buffer_id = DetectBufferTypeGetByName("tls_validity");
} }
static int DetectEngineInspectTlsValidity(ThreadVars *tv, static int DetectEngineInspectTlsValidity(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
const Signature *s, const SigMatchData *smd, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Flow *f, uint8_t flags, void *alstate,
void *txv, uint64_t tx_id)
{ {
return DetectEngineInspectGenericList(tv, de_ctx, det_ctx, s, smd, return DetectEngineInspectGenericList(
f, flags, alstate, txv, tx_id); NULL, de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
} }
/** /**
* \internal * \internal

17
src/detect-tls.c
Unescape Escape View File

@ -95,14 +95,12 @@ static int DetectTlsStorePostMatch (DetectEngineThreadCtx *det_ctx,
static int g_tls_cert_list_id = 0; static int g_tls_cert_list_id = 0;
static int InspectTlsCert(ThreadVars *tv, static int InspectTlsCert(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
const Signature *s, const SigMatchData *smd, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Flow *f, uint8_t flags, void *alstate,
void *txv, uint64_t tx_id)
{ {
return DetectEngineInspectGenericList(tv, de_ctx, det_ctx, s, smd, return DetectEngineInspectGenericList(
f, flags, alstate, txv, tx_id); NULL, de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
} }
/** /**
@ -151,9 +149,8 @@ void DetectTlsRegister (void)
g_tls_cert_list_id = DetectBufferTypeRegister("tls_cert"); g_tls_cert_list_id = DetectBufferTypeRegister("tls_cert");
DetectAppLayerInspectEngineRegister("tls_cert", DetectAppLayerInspectEngineRegister2(
ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, "tls_cert", ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, InspectTlsCert, NULL);
InspectTlsCert);
} }
/** /**

Write Preview
Loading…
Cancel
Save