aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add libmagic detection, linking and a basic API.

Browse Source
remotes/origin/master-1.2.x
Victor Julien 14 years ago
parent 23e01d23d3
commit f4a6f4b293
6 changed files with 590 additions and 0 deletions
Show Stats Download Patch File Download Diff File

29
configure.in
Unescape Escape View File

@ -1018,6 +1018,35 @@ AC_CHECK_HEADER(pcap.h,,[AC_ERROR(pcap.h not found ...)])
fi
fi
#libmagic
AC_ARG_WITH(libmagic_includes,
[ --with-libmagic-includes=DIR libmagic include directory],
[with_libmagic_includes="$withval"],[with_libmagic_includes=no])
AC_ARG_WITH(libmagic_libraries,
[ --with-libmagic-libraries=DIR libmagic library directory],
[with_libmagic_libraries="$withval"],[with_libmagic_libraries="no"])
if test "$with_libmagic_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libmagic_includes}"
fi
AC_CHECK_HEADER(magic.h,,[AC_ERROR(magic.h not found ...)])
if test "$with_libmagic_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libmagic_libraries}"
fi
MAGIC=""
AC_CHECK_LIB(magic, magic_open,, MAGIC="no")
if test "$MAGIC" = "no"; then
echo
echo " ERROR! magic library not found, go get it"
echo " from http://www.darwinsys.com/file/."
echo
exit 1
fi
# get revision
if test -f ./revision; then
REVISION=`cat ./revision`

2
src/Makefile.am
Unescape Escape View File

@ -159,6 +159,8 @@ detect-ssl-version.c detect-ssl-version.h \
detect-ssl-state.c detect-ssl-state.h \
detect-byte-extract.c detect-byte-extract.h \
detect-replace.c detect-replace.h \
util-filetype.c util-filetype.h \
util-magic.c util-magic.h \
util-atomic.h \
util-print.c util-print.h \
util-fmemopen.c util-fmemopen.h \

7
src/suricata.c
Unescape Escape View File

@ -137,6 +137,7 @@
#include "util-threshold-config.h"
#include "util-reference-config.h"
#include "util-profiling.h"
#include "util-magic.h"
#include "defrag.h"
@ -1359,6 +1360,8 @@ int main(int argc, char **argv)
DetectEngineRegisterTests();
SCLogRegisterTests();
SMTPParserRegisterTests();
MagicRegisterTests();
if (list_unittests) {
UtListTests(regex_arg);
}
@ -1467,6 +1470,9 @@ int main(int argc, char **argv)
ActionInitConfig();
if (MagicInit() != 0)
exit(EXIT_FAILURE);
if (SigLoadSignatures(de_ctx, sig_file, sig_file_exclusive) < 0) {
if (sig_file == NULL) {
SCLogError(SC_ERR_OPENING_FILE, "Signature file has not been provided");
@ -1724,6 +1730,7 @@ int main(int argc, char **argv)
SCProtoNameDeInit();
DefragDestroy();
TmqhPacketpoolDestroy();
MagicDeinit();
#ifdef PROFILING
if (profiling_rules_enabled)

2
src/util-error.h
Unescape Escape View File

@ -223,6 +223,8 @@ typedef enum {
SC_ERR_NO_AF_PACKET,
SC_ERR_PCAP_FILE_DELETE_FAILED,
SC_ERR_CMD_LINE,
SC_ERR_MAGIC_OPEN,
SC_ERR_MAGIC_LOAD,
} SCError;
const char *SCErrorToString(SCError);

516
src/util-magic.c
Unescape Escape View File

@ -0,0 +1,516 @@
/* Copyright (C) 2007-2011 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/**
* \file
*
* \author Victor Julien <victor@inliniac.net>
*
* Wrappers and tests for libmagic usage.
*/
#include "suricata-common.h"
#include "conf.h"
#include "util-unittest.h"
#include <magic.h>
static magic_t g_magic_ctx = NULL;
/**
* \brief Initialize the "magic" context.
*/
int MagicInit(void) {
char *filename = NULL;
FILE *fd = NULL;
SCEnter();
if (g_magic_ctx == NULL) {
g_magic_ctx = magic_open(0);
if (g_magic_ctx == NULL) {
SCLogError(SC_ERR_MAGIC_OPEN, "magic_open failed: %s", magic_error(g_magic_ctx));
goto error;
}
ConfGet("magic-file", &filename);
if (filename != NULL) {
SCLogInfo("using magic-file %s", filename);
if ( (fd = fopen(filename, "r")) == NULL) {
SCLogWarning(SC_ERR_FOPEN, "Error opening file: \"%s\": %s", filename, strerror(errno));
goto error;
}
fclose(fd);
}
if (magic_load(g_magic_ctx, filename) != 0) {
SCLogError(SC_ERR_MAGIC_LOAD, "magic_load failed: %s", magic_error(g_magic_ctx));
goto error;
}
}
SCReturnInt(0);
error:
if (g_magic_ctx != NULL) {
magic_close(g_magic_ctx);
g_magic_ctx = NULL;
}
SCReturnInt(-1);
}
/**
* \brief Find the magic value for a buffer.
*
* \param buf the buffer
* \param buflen length of the buffer
*
* \retval result pointer to const string
*/
const char *MagicLookup(uint8_t *buf, uint32_t buflen) {
const char *result = NULL;
if (buf != NULL && buflen > 0) {
result = magic_buffer(g_magic_ctx, (void *)buf, (size_t)buflen);
}
SCReturnPtr(result, "const char");
}
void MagicDeinit(void) {
if (g_magic_ctx != NULL) {
magic_close(g_magic_ctx);
g_magic_ctx = NULL;
}
}
#ifdef UNITTESTS
/** \test magic lib calls -- init */
int MagicInitTest01(void) {
magic_t magic_ctx;
magic_ctx = magic_open(0);
if (magic_load(magic_ctx, NULL) == -1)
return 0;
magic_close(magic_ctx);
return 1;
}
/** \test magic init through api */
int MagicInitTest02(void) {
if (g_magic_ctx != NULL) {
printf("g_magic_ctx != NULL at start of the test: ");
return 0;
}
MagicInit();
if (g_magic_ctx == NULL) {
printf("g_magic_ctx == NULL: ");
return 0;
}
MagicDeinit();
if (g_magic_ctx != NULL) {
printf("g_magic_ctx != NULL at end of the test: ");
return 0;
}
return 1;
}
/** \test magic lib calls -- lookup */
int MagicDetectTest01(void) {
magic_t magic_ctx;
char *result = NULL;
char buffer[] = { 0x25, 'P', 'D', 'F', '-', '1', '.', '3', 0x0d, 0x0a};
size_t buffer_len = sizeof(buffer);
int retval = 0;
magic_ctx = magic_open(0);
if (magic_load(magic_ctx, NULL) == -1)
return 0;
result = (char *)magic_buffer(magic_ctx, (void *)buffer, buffer_len);
if (result == NULL || strncmp(result, "PDF document", 12) != 0) {
printf("result %p:%s, not \"PDF document\": ", result,result?result:"(null)");
goto end;
}
retval = 1;
end:
magic_close(magic_ctx);
return retval;
}
/** \test magic lib calls -- lookup */
int MagicDetectTest02(void) {
magic_t magic_ctx;
char *result = NULL;
char buffer[] = {
0xd0, 0xcf, 0x11, 0xe0, 0xa1, 0xb1, 0x1a, 0xe1,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x3e, 0x00, 0x03, 0x00, 0xfe, 0xff, 0x09, 0x00,
0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
0x96, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x10, 0x00, 0x00, 0x98, 0x00, 0x00, 0x00,
0x01, 0x00, 0x00, 0x00, 0xfe, 0xff, 0xff, 0xff,
0x00, 0x00, 0x00, 0x00, 0x90, 0x00, 0x00, 0x00,
0x97, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
};
size_t buffer_len = sizeof(buffer);
int retval = 0;
magic_ctx = magic_open(0);
if (magic_load(magic_ctx, NULL) == -1)
return 0;
result = (char *)magic_buffer(magic_ctx, (void *)buffer, buffer_len);
if (result == NULL || strcmp(result, "Microsoft Office Document") != 0) {
printf("result %p:%s, not \"Microsoft Office Document\": ", result,result?result:"(null)");
goto end;
}
retval = 1;
end:
magic_close(magic_ctx);
return retval;
}
/** \test magic lib calls -- lookup */
int MagicDetectTest03(void) {
magic_t magic_ctx;
char *result = NULL;
char buffer[] = {
0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, 0x00,
0x00, 0x00, 0x0b, 0x55, 0x2a, 0x36, 0x5e, 0xc6,
0x32, 0x0c, 0x27, 0x00, 0x00, 0x00, 0x27, 0x00,
0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x6d, 0x69,
0x6d, 0x65, 0x74, 0x79, 0x70, 0x65, 0x61, 0x70,
0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
0x6e, 0x2f, 0x76, 0x6e, 0x64, 0x2e, 0x6f, 0x61,
0x73, 0x69, 0x73, 0x2e, 0x6f, 0x70, 0x65, 0x6e,
0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74,
0x2e, 0x74, 0x65, 0x78, 0x74, 0x50, 0x4b, 0x03,
0x04, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b,
0x55, 0x2a, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a,
0x00, 0x00, 0x00, 0x43, 0x6f, 0x6e, 0x66, 0x69,
0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
0x73, 0x32, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75,
0x73, 0x62, 0x61, 0x72, 0x2f, 0x50, 0x4b, 0x03,
0x04, 0x14, 0x00, 0x08, 0x00, 0x08, 0x00, 0x0b,
};
size_t buffer_len = sizeof(buffer);
int retval = 0;
magic_ctx = magic_open(0);
if (magic_load(magic_ctx, NULL) == -1)
return 0;
result = (char *)magic_buffer(magic_ctx, (void *)buffer, buffer_len);
if (result == NULL || strcmp(result, "OpenDocument Text") != 0) {
printf("result %p:%s, not \"OpenDocument Text\": ", result,result?result:"(null)");
goto end;
}
retval = 1;
end:
magic_close(magic_ctx);
return retval;
}
/** \test magic lib calls -- lookup */
int MagicDetectTest04(void) {
magic_t magic_ctx;
char *result = NULL;
char buffer[] = {
0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, 0x08,
0x00, 0x00, 0x52, 0x7b, 0x86, 0x3c, 0x8b, 0x70,
0x96, 0x08, 0x1c, 0x00, 0x00, 0x00, 0x1c, 0x00,
0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x6d, 0x69,
0x6d, 0x65, 0x74, 0x79, 0x70, 0x65, 0x61, 0x70,
0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
0x6e, 0x2f, 0x76, 0x6e, 0x64, 0x2e, 0x73, 0x75,
0x6e, 0x2e, 0x78, 0x6d, 0x6c, 0x2e, 0x62, 0x61,
0x73, 0x65, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00,
0x00, 0x08, 0x00, 0x00, 0x52, 0x7b, 0x86, 0x3c,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00,
0x4d, 0x45, 0x54, 0x41, 0x2d, 0x49, 0x4e, 0x46,
0x2f, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00,
0x08, 0x08, 0x00, 0xa8, 0x42, 0x1d, 0x37, 0x5d,
0xa7, 0xb2, 0xc1, 0xde, 0x01, 0x00, 0x00, 0x7e,
0x04, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x63,
0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2e, 0x78,
0x6d, 0x6c, 0x95, 0x54, 0x4d, 0x6f, 0xdb, 0x30,
0x0c, 0xbd, 0xe7, 0x57, 0x18, 0x02, 0x06, 0x6c,
0x07, 0xc5, 0xe9, 0xb6, 0xc3, 0x22, 0xc4, 0x29,
0x86, 0x7d, 0x00, 0x05, 0x8a, 0x9d, 0xb2, 0x43,
0x8f, 0xb2, 0x24, 0xa7, 0xc2, 0x64, 0xc9, 0x15,
};
size_t buffer_len = sizeof(buffer);
int retval = 0;
magic_ctx = magic_open(0);
if (magic_load(magic_ctx, NULL) == -1)
return 0;
result = (char *)magic_buffer(magic_ctx, (void *)buffer, buffer_len);
if (result == NULL || strcmp(result, "OpenOffice.org 1.x Database file") != 0) {
printf("result %p:%s, not \"OpenOffice.org 1.x Database file\": ", result,result?result:"(null)");
goto end;
}
retval = 1;
end:
magic_close(magic_ctx);
return retval;
}
/** \test magic api calls -- lookup */
int MagicDetectTest05(void) {
const char *result = NULL;
uint8_t buffer[] = { 0x25, 'P', 'D', 'F', '-', '1', '.', '3', 0x0d, 0x0a};
size_t buffer_len = sizeof(buffer);
int retval = 0;
MagicInit();
result = MagicLookup(buffer, buffer_len);
if (result == NULL || strncmp(result, "PDF document", 12) != 0) {
printf("result %p:%s, not \"PDF document\": ", result,result?result:"(null)");
goto end;
}
retval = 1;
end:
MagicDeinit();
return retval;
}
/** \test magic api calls -- lookup */
int MagicDetectTest06(void) {
const char *result = NULL;
uint8_t buffer[] = {
0xd0, 0xcf, 0x11, 0xe0, 0xa1, 0xb1, 0x1a, 0xe1,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x3e, 0x00, 0x03, 0x00, 0xfe, 0xff, 0x09, 0x00,
0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
0x96, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x10, 0x00, 0x00, 0x98, 0x00, 0x00, 0x00,
0x01, 0x00, 0x00, 0x00, 0xfe, 0xff, 0xff, 0xff,
0x00, 0x00, 0x00, 0x00, 0x90, 0x00, 0x00, 0x00,
0x97, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
};
size_t buffer_len = sizeof(buffer);
int retval = 0;
MagicInit();
result = MagicLookup(buffer, buffer_len);
if (result == NULL || strcmp(result, "Microsoft Office Document") != 0) {
printf("result %p:%s, not \"Microsoft Office Document\": ", result,result?result:"(null)");
goto end;
}
retval = 1;
end:
MagicDeinit();
return retval;
}
/** \test magic api calls -- lookup */
int MagicDetectTest07(void) {
const char *result = NULL;
uint8_t buffer[] = {
0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, 0x00,
0x00, 0x00, 0x0b, 0x55, 0x2a, 0x36, 0x5e, 0xc6,
0x32, 0x0c, 0x27, 0x00, 0x00, 0x00, 0x27, 0x00,
0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x6d, 0x69,
0x6d, 0x65, 0x74, 0x79, 0x70, 0x65, 0x61, 0x70,
0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
0x6e, 0x2f, 0x76, 0x6e, 0x64, 0x2e, 0x6f, 0x61,
0x73, 0x69, 0x73, 0x2e, 0x6f, 0x70, 0x65, 0x6e,
0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74,
0x2e, 0x74, 0x65, 0x78, 0x74, 0x50, 0x4b, 0x03,
0x04, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b,
0x55, 0x2a, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a,
0x00, 0x00, 0x00, 0x43, 0x6f, 0x6e, 0x66, 0x69,
0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
0x73, 0x32, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75,
0x73, 0x62, 0x61, 0x72, 0x2f, 0x50, 0x4b, 0x03,
0x04, 0x14, 0x00, 0x08, 0x00, 0x08, 0x00, 0x0b,
};
size_t buffer_len = sizeof(buffer);
int retval = 0;
MagicInit();
result = MagicLookup(buffer, buffer_len);
if (result == NULL || strcmp(result, "OpenDocument Text") != 0) {
printf("result %p:%s, not \"OpenDocument Text\": ", result,result?result:"(null)");
goto end;
}
retval = 1;
end:
MagicDeinit();
return retval;
}
/** \test magic api calls -- lookup */
int MagicDetectTest08(void) {
const char *result = NULL;
uint8_t buffer[] = {
0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, 0x08,
0x00, 0x00, 0x52, 0x7b, 0x86, 0x3c, 0x8b, 0x70,
0x96, 0x08, 0x1c, 0x00, 0x00, 0x00, 0x1c, 0x00,
0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x6d, 0x69,
0x6d, 0x65, 0x74, 0x79, 0x70, 0x65, 0x61, 0x70,
0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
0x6e, 0x2f, 0x76, 0x6e, 0x64, 0x2e, 0x73, 0x75,
0x6e, 0x2e, 0x78, 0x6d, 0x6c, 0x2e, 0x62, 0x61,
0x73, 0x65, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00,
0x00, 0x08, 0x00, 0x00, 0x52, 0x7b, 0x86, 0x3c,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00,
0x4d, 0x45, 0x54, 0x41, 0x2d, 0x49, 0x4e, 0x46,
0x2f, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00,
0x08, 0x08, 0x00, 0xa8, 0x42, 0x1d, 0x37, 0x5d,
0xa7, 0xb2, 0xc1, 0xde, 0x01, 0x00, 0x00, 0x7e,
0x04, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x63,
0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2e, 0x78,
0x6d, 0x6c, 0x95, 0x54, 0x4d, 0x6f, 0xdb, 0x30,
0x0c, 0xbd, 0xe7, 0x57, 0x18, 0x02, 0x06, 0x6c,
0x07, 0xc5, 0xe9, 0xb6, 0xc3, 0x22, 0xc4, 0x29,
0x86, 0x7d, 0x00, 0x05, 0x8a, 0x9d, 0xb2, 0x43,
0x8f, 0xb2, 0x24, 0xa7, 0xc2, 0x64, 0xc9, 0x15,
};
size_t buffer_len = sizeof(buffer);
int retval = 0;
MagicInit();
result = MagicLookup(buffer, buffer_len);
if (result == NULL || strcmp(result, "OpenOffice.org 1.x Database file") != 0) {
printf("result %p:%s, not \"OpenOffice.org 1.x Database file\": ", result,result?result:"(null)");
goto end;
}
retval = 1;
end:
MagicDeinit();
return retval;
}
/** \test magic api calls -- make sure memory is shared */
int MagicDetectTest09(void) {
const char *result1 = NULL;
const char *result2 = NULL;
uint8_t buffer[] = { 0x25, 'P', 'D', 'F', '-', '1', '.', '3', 0x0d, 0x0a};
size_t buffer_len = sizeof(buffer);
int retval = 0;
MagicInit();
result1 = MagicLookup(buffer, buffer_len);
if (result1 == NULL || strncmp(result1, "PDF document", 12) != 0) {
printf("result %p:%s, not \"PDF document\": ", result1,result1?result1:"(null)");
goto end;
}
result2 = MagicLookup(buffer, buffer_len);
if (result2 == NULL || strncmp(result2, "PDF document", 12) != 0) {
printf("result %p:%s, not \"PDF document\": ", result2,result2?result2:"(null)");
goto end;
}
if (result1 != result2) {
printf("pointers not equal, weird... %p != %p: ", result1, result2);
goto end;
}
retval = 1;
end:
MagicDeinit();
return retval;
}
#endif /* UNITTESTS */
void MagicRegisterTests(void) {
#ifdef UNITTESTS
UtRegisterTest("MagicInitTest01", MagicInitTest01, 1);
UtRegisterTest("MagicInitTest02", MagicInitTest02, 1);
UtRegisterTest("MagicDetectTest01", MagicDetectTest01, 1);
UtRegisterTest("MagicDetectTest02", MagicDetectTest02, 1);
UtRegisterTest("MagicDetectTest03", MagicDetectTest03, 1);
UtRegisterTest("MagicDetectTest04", MagicDetectTest04, 1);
UtRegisterTest("MagicDetectTest05", MagicDetectTest05, 1);
UtRegisterTest("MagicDetectTest06", MagicDetectTest06, 1);
UtRegisterTest("MagicDetectTest07", MagicDetectTest07, 1);
UtRegisterTest("MagicDetectTest08", MagicDetectTest08, 1);
/* fails in valgrind, somehow it returns different pointers then.
UtRegisterTest("MagicDetectTest09", MagicDetectTest09, 1); */
#endif /* UNITTESTS */
}

34
src/util-magic.h
Unescape Escape View File

@ -0,0 +1,34 @@
/* Copyright (C) 2007-2011 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/**
* \file
*
* \author Victor Julien <victor@inliniac.net>
*/
#ifndef __UTIL_MAGIC_H__
#define __UTIL_MAGIC_H__
int MagicInit(void);
void MagicDeinit(void);
const char *MagicLookup(uint8_t *, uint32_t);
void MagicRegisterTests(void);
#endif /* __UTIL_MAGIC_H__ */
Write Preview
Loading…
Cancel
Save