/src/suricata7/src/detect-engine-register.c
Line | Count | Source |
1 | | /* Copyright (C) 2007-2017 Open Information Security Foundation |
2 | | * |
3 | | * You can copy, redistribute or modify this Program under the terms of |
4 | | * the GNU General Public License version 2 as published by the Free |
5 | | * Software Foundation. |
6 | | * |
7 | | * This program is distributed in the hope that it will be useful, |
8 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
9 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
10 | | * GNU General Public License for more details. |
11 | | * |
12 | | * You should have received a copy of the GNU General Public License |
13 | | * version 2 along with this program; if not, write to the Free Software |
14 | | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA |
15 | | * 02110-1301, USA. |
16 | | */ |
17 | | |
18 | | /** |
19 | | * \file |
20 | | * |
21 | | * \author Victor Julien <victor@inliniac.net> |
22 | | */ |
23 | | |
24 | | #include "detect-smb-ntlmssp.h" |
25 | | #include "suricata-common.h" |
26 | | #include "suricata.h" |
27 | | #include "detect.h" |
28 | | #include "flow.h" |
29 | | #include "flow-private.h" |
30 | | #include "flow-bit.h" |
31 | | |
32 | | #include "detect-parse.h" |
33 | | #include "detect-engine.h" |
34 | | #include "detect-engine-profile.h" |
35 | | |
36 | | #include "detect-engine-alert.h" |
37 | | #include "detect-engine-siggroup.h" |
38 | | #include "detect-engine-address.h" |
39 | | #include "detect-engine-proto.h" |
40 | | #include "detect-engine-port.h" |
41 | | #include "detect-engine-mpm.h" |
42 | | #include "detect-engine-iponly.h" |
43 | | #include "detect-engine-threshold.h" |
44 | | #include "detect-engine-prefilter.h" |
45 | | |
46 | | #include "detect-engine-payload.h" |
47 | | #include "detect-engine-dcepayload.h" |
48 | | #include "detect-dns-opcode.h" |
49 | | #include "detect-dns-query.h" |
50 | | #include "detect-tls-sni.h" |
51 | | #include "detect-tls-certs.h" |
52 | | #include "detect-tls-cert-fingerprint.h" |
53 | | #include "detect-tls-cert-issuer.h" |
54 | | #include "detect-tls-cert-subject.h" |
55 | | #include "detect-tls-cert-serial.h" |
56 | | #include "detect-tls-random.h" |
57 | | #include "detect-tls-ja3-hash.h" |
58 | | #include "detect-tls-ja3-string.h" |
59 | | #include "detect-tls-ja3s-hash.h" |
60 | | #include "detect-tls-ja3s-string.h" |
61 | | #include "detect-engine-state.h" |
62 | | #include "detect-engine-analyzer.h" |
63 | | |
64 | | #include "detect-http-cookie.h" |
65 | | #include "detect-http-method.h" |
66 | | #include "detect-http-ua.h" |
67 | | #include "detect-http-host.h" |
68 | | |
69 | | #include "detect-mark.h" |
70 | | #include "detect-nfs-procedure.h" |
71 | | #include "detect-nfs-version.h" |
72 | | |
73 | | #include "detect-engine-event.h" |
74 | | #include "decode.h" |
75 | | |
76 | | #include "detect-config.h" |
77 | | |
78 | | #include "detect-smb-share.h" |
79 | | |
80 | | #include "detect-base64-decode.h" |
81 | | #include "detect-base64-data.h" |
82 | | #include "detect-ipaddr.h" |
83 | | #include "detect-ipopts.h" |
84 | | #include "detect-tcp-flags.h" |
85 | | #include "detect-fragbits.h" |
86 | | #include "detect-fragoffset.h" |
87 | | #include "detect-gid.h" |
88 | | #include "detect-tcp-ack.h" |
89 | | #include "detect-tcp-seq.h" |
90 | | #include "detect-content.h" |
91 | | #include "detect-uricontent.h" |
92 | | #include "detect-pcre.h" |
93 | | #include "detect-depth.h" |
94 | | #include "detect-nocase.h" |
95 | | #include "detect-rawbytes.h" |
96 | | #include "detect-bytetest.h" |
97 | | #include "detect-bytemath.h" |
98 | | #include "detect-bytejump.h" |
99 | | #include "detect-sameip.h" |
100 | | #include "detect-l3proto.h" |
101 | | #include "detect-ipproto.h" |
102 | | #include "detect-within.h" |
103 | | #include "detect-distance.h" |
104 | | #include "detect-offset.h" |
105 | | #include "detect-sid.h" |
106 | | #include "detect-prefilter.h" |
107 | | #include "detect-priority.h" |
108 | | #include "detect-classtype.h" |
109 | | #include "detect-reference.h" |
110 | | #include "detect-tag.h" |
111 | | #include "detect-threshold.h" |
112 | | #include "detect-metadata.h" |
113 | | #include "detect-msg.h" |
114 | | #include "detect-rev.h" |
115 | | #include "detect-flow.h" |
116 | | #include "detect-flow-age.h" |
117 | | #include "detect-requires.h" |
118 | | #include "detect-tcp-window.h" |
119 | | #include "detect-ftpbounce.h" |
120 | | #include "detect-isdataat.h" |
121 | | #include "detect-id.h" |
122 | | #include "detect-rpc.h" |
123 | | #include "detect-asn1.h" |
124 | | #include "detect-filename.h" |
125 | | #include "detect-filestore.h" |
126 | | #include "detect-filemagic.h" |
127 | | #include "detect-filemd5.h" |
128 | | #include "detect-filesha1.h" |
129 | | #include "detect-filesha256.h" |
130 | | #include "detect-filesize.h" |
131 | | #include "detect-dataset.h" |
132 | | #include "detect-datarep.h" |
133 | | #include "detect-dsize.h" |
134 | | #include "detect-flowvar.h" |
135 | | #include "detect-flowint.h" |
136 | | #include "detect-pktvar.h" |
137 | | #include "detect-noalert.h" |
138 | | #include "detect-flowbits.h" |
139 | | #include "detect-hostbits.h" |
140 | | #include "detect-xbits.h" |
141 | | #include "detect-csum.h" |
142 | | #include "detect-stream_size.h" |
143 | | #include "detect-engine-sigorder.h" |
144 | | #include "detect-ttl.h" |
145 | | #include "detect-fast-pattern.h" |
146 | | #include "detect-itype.h" |
147 | | #include "detect-icode.h" |
148 | | #include "detect-icmp-id.h" |
149 | | #include "detect-icmp-seq.h" |
150 | | #include "detect-icmpv4hdr.h" |
151 | | #include "detect-dce-iface.h" |
152 | | #include "detect-dce-opnum.h" |
153 | | #include "detect-dce-stub-data.h" |
154 | | #include "detect-urilen.h" |
155 | | #include "detect-bsize.h" |
156 | | #include "detect-detection-filter.h" |
157 | | #include "detect-http-client-body.h" |
158 | | #include "detect-http-server-body.h" |
159 | | #include "detect-http-header.h" |
160 | | #include "detect-http-header-names.h" |
161 | | #include "detect-http-headers.h" |
162 | | #include "detect-http-raw-header.h" |
163 | | #include "detect-http-uri.h" |
164 | | #include "detect-http-protocol.h" |
165 | | #include "detect-http-start.h" |
166 | | #include "detect-http-stat-msg.h" |
167 | | #include "detect-http-request-line.h" |
168 | | #include "detect-http-response-line.h" |
169 | | #include "detect-http2.h" |
170 | | #include "detect-byte-extract.h" |
171 | | #include "detect-file-data.h" |
172 | | #include "detect-pkt-data.h" |
173 | | #include "detect-replace.h" |
174 | | #include "detect-tos.h" |
175 | | #include "detect-app-layer-event.h" |
176 | | #include "detect-lua.h" |
177 | | #include "detect-iprep.h" |
178 | | #include "detect-geoip.h" |
179 | | #include "detect-app-layer-protocol.h" |
180 | | #include "detect-template.h" |
181 | | #include "detect-template2.h" |
182 | | #include "detect-tcphdr.h" |
183 | | #include "detect-tcpmss.h" |
184 | | #include "detect-udphdr.h" |
185 | | #include "detect-icmpv6hdr.h" |
186 | | #include "detect-icmpv6-mtu.h" |
187 | | #include "detect-ipv4hdr.h" |
188 | | #include "detect-ipv6hdr.h" |
189 | | #include "detect-krb5-cname.h" |
190 | | #include "detect-krb5-errcode.h" |
191 | | #include "detect-krb5-msgtype.h" |
192 | | #include "detect-krb5-sname.h" |
193 | | #include "detect-krb5-ticket-encryption.h" |
194 | | #include "detect-sip-method.h" |
195 | | #include "detect-sip-uri.h" |
196 | | #include "detect-sip-protocol.h" |
197 | | #include "detect-sip-stat-code.h" |
198 | | #include "detect-sip-stat-msg.h" |
199 | | #include "detect-sip-request-line.h" |
200 | | #include "detect-sip-response-line.h" |
201 | | #include "detect-rfb-secresult.h" |
202 | | #include "detect-rfb-sectype.h" |
203 | | #include "detect-rfb-name.h" |
204 | | #include "detect-target.h" |
205 | | #include "detect-template-rust-buffer.h" |
206 | | #include "detect-dhcp-leasetime.h" |
207 | | #include "detect-dhcp-rebinding-time.h" |
208 | | #include "detect-dhcp-renewal-time.h" |
209 | | #include "detect-snmp-usm.h" |
210 | | #include "detect-snmp-version.h" |
211 | | #include "detect-snmp-community.h" |
212 | | #include "detect-snmp-pdu_type.h" |
213 | | #include "detect-mqtt-type.h" |
214 | | #include "detect-mqtt-flags.h" |
215 | | #include "detect-mqtt-qos.h" |
216 | | #include "detect-mqtt-protocol-version.h" |
217 | | #include "detect-mqtt-reason-code.h" |
218 | | #include "detect-mqtt-connect-flags.h" |
219 | | #include "detect-mqtt-connect-clientid.h" |
220 | | #include "detect-mqtt-connect-username.h" |
221 | | #include "detect-mqtt-connect-password.h" |
222 | | #include "detect-mqtt-connect-willtopic.h" |
223 | | #include "detect-mqtt-connect-willmessage.h" |
224 | | #include "detect-mqtt-connack-sessionpresent.h" |
225 | | #include "detect-mqtt-publish-topic.h" |
226 | | #include "detect-mqtt-publish-message.h" |
227 | | #include "detect-mqtt-subscribe-topic.h" |
228 | | #include "detect-mqtt-unsubscribe-topic.h" |
229 | | #include "detect-quic-sni.h" |
230 | | #include "detect-quic-ua.h" |
231 | | #include "detect-quic-version.h" |
232 | | #include "detect-quic-cyu-hash.h" |
233 | | #include "detect-quic-cyu-string.h" |
234 | | #include "detect-ja4-hash.h" |
235 | | |
236 | | #include "detect-bypass.h" |
237 | | #include "detect-ftpdata.h" |
238 | | #include "detect-engine-content-inspection.h" |
239 | | |
240 | | #include "detect-transform-compress-whitespace.h" |
241 | | #include "detect-transform-strip-whitespace.h" |
242 | | #include "detect-transform-strip-pseudo-headers.h" |
243 | | #include "detect-transform-md5.h" |
244 | | #include "detect-transform-sha1.h" |
245 | | #include "detect-transform-sha256.h" |
246 | | #include "detect-transform-dotprefix.h" |
247 | | #include "detect-transform-pcrexform.h" |
248 | | #include "detect-transform-urldecode.h" |
249 | | #include "detect-transform-xor.h" |
250 | | #include "detect-transform-header-lowercase.h" |
251 | | #include "detect-transform-casechange.h" |
252 | | |
253 | | #include "util-rule-vars.h" |
254 | | |
255 | | #include "app-layer.h" |
256 | | #include "app-layer-protos.h" |
257 | | #include "app-layer-htp.h" |
258 | | #include "app-layer-smtp.h" |
259 | | #include "detect-frame.h" |
260 | | #include "detect-tls.h" |
261 | | #include "detect-tls-cert-validity.h" |
262 | | #include "detect-tls-version.h" |
263 | | #include "detect-ssh-proto.h" |
264 | | #include "detect-ssh-proto-version.h" |
265 | | #include "detect-ssh-software.h" |
266 | | #include "detect-ssh-software-version.h" |
267 | | #include "detect-ssh-hassh.h" |
268 | | #include "detect-ssh-hassh-server.h" |
269 | | #include "detect-ssh-hassh-string.h" |
270 | | #include "detect-ssh-hassh-server-string.h" |
271 | | #include "detect-http-stat-code.h" |
272 | | #include "detect-ssl-version.h" |
273 | | #include "detect-ssl-state.h" |
274 | | #include "detect-modbus.h" |
275 | | #include "detect-cipservice.h" |
276 | | #include "detect-dnp3.h" |
277 | | #include "detect-ike-exch-type.h" |
278 | | #include "detect-ike-spi.h" |
279 | | #include "detect-ike-vendor.h" |
280 | | #include "detect-ike-chosen-sa.h" |
281 | | #include "detect-ike-key-exchange-payload-length.h" |
282 | | #include "detect-ike-nonce-payload-length.h" |
283 | | #include "detect-ike-nonce-payload.h" |
284 | | #include "detect-ike-key-exchange-payload.h" |
285 | | |
286 | | #include "action-globals.h" |
287 | | #include "tm-threads.h" |
288 | | |
289 | | #include "pkt-var.h" |
290 | | |
291 | | #include "conf.h" |
292 | | #include "conf-yaml-loader.h" |
293 | | |
294 | | #include "stream-tcp.h" |
295 | | #include "stream-tcp-inline.h" |
296 | | |
297 | | #include "util-lua.h" |
298 | | #include "util-var-name.h" |
299 | | #include "util-classification-config.h" |
300 | | #include "util-threshold-config.h" |
301 | | #include "util-print.h" |
302 | | #include "util-unittest.h" |
303 | | #include "util-unittest-helper.h" |
304 | | #include "util-debug.h" |
305 | | #include "util-hashlist.h" |
306 | | #include "util-privs.h" |
307 | | #include "util-profiling.h" |
308 | | #include "util-validate.h" |
309 | | #include "util-optimize.h" |
310 | | #include "util-path.h" |
311 | | #include "util-mpm-ac.h" |
312 | | #include "runmodes.h" |
313 | | |
314 | | static void PrintFeatureList(const SigTableElmt *e, char sep) |
315 | 0 | { |
316 | 0 | const uint16_t flags = e->flags; |
317 | |
|
318 | 0 | int prev = 0; |
319 | 0 | if (flags & SIGMATCH_NOOPT) { |
320 | 0 | printf("No option"); |
321 | 0 | prev = 1; |
322 | 0 | } |
323 | 0 | if (flags & SIGMATCH_IPONLY_COMPAT) { |
324 | 0 | if (prev == 1) |
325 | 0 | printf("%c", sep); |
326 | 0 | printf("compatible with IP only rule"); |
327 | 0 | prev = 1; |
328 | 0 | } |
329 | 0 | if (flags & SIGMATCH_DEONLY_COMPAT) { |
330 | 0 | if (prev == 1) |
331 | 0 | printf("%c", sep); |
332 | 0 | printf("compatible with decoder event only rule"); |
333 | 0 | prev = 1; |
334 | 0 | } |
335 | 0 | if (flags & SIGMATCH_INFO_CONTENT_MODIFIER) { |
336 | 0 | if (prev == 1) |
337 | 0 | printf("%c", sep); |
338 | 0 | printf("content modifier"); |
339 | 0 | prev = 1; |
340 | 0 | } |
341 | 0 | if (flags & SIGMATCH_INFO_STICKY_BUFFER) { |
342 | 0 | if (prev == 1) |
343 | 0 | printf("%c", sep); |
344 | 0 | printf("sticky buffer"); |
345 | 0 | prev = 1; |
346 | 0 | } |
347 | 0 | if (e->Transform) { |
348 | 0 | if (prev == 1) |
349 | 0 | printf("%c", sep); |
350 | 0 | printf("transform"); |
351 | 0 | prev = 1; |
352 | 0 | } |
353 | 0 | if (e->SupportsPrefilter) { |
354 | 0 | if (prev == 1) |
355 | 0 | printf("%c", sep); |
356 | 0 | printf("prefilter"); |
357 | 0 | prev = 1; |
358 | 0 | } |
359 | 0 | if (prev == 0) { |
360 | 0 | printf("none"); |
361 | 0 | } |
362 | 0 | } |
363 | | |
364 | | static void SigMultilinePrint(int i, const char *prefix) |
365 | 0 | { |
366 | 0 | if (sigmatch_table[i].desc) { |
367 | 0 | printf("%sDescription: %s\n", prefix, sigmatch_table[i].desc); |
368 | 0 | } |
369 | 0 | printf("%sFeatures: ", prefix); |
370 | 0 | PrintFeatureList(&sigmatch_table[i], ','); |
371 | 0 | if (sigmatch_table[i].url) { |
372 | 0 | printf("\n%sDocumentation: %s%s", prefix, GetDocURL(), sigmatch_table[i].url); |
373 | 0 | } |
374 | 0 | if (sigmatch_table[i].alternative) { |
375 | 0 | printf("\n%sReplaced by: %s", prefix, sigmatch_table[sigmatch_table[i].alternative].name); |
376 | 0 | } |
377 | 0 | printf("\n"); |
378 | 0 | } |
379 | | |
380 | | int SigTableList(const char *keyword) |
381 | 0 | { |
382 | 0 | size_t size = sizeof(sigmatch_table) / sizeof(SigTableElmt); |
383 | 0 | size_t i; |
384 | |
|
385 | 0 | if (keyword == NULL) { |
386 | 0 | printf("=====Supported keywords=====\n"); |
387 | 0 | for (i = 0; i < size; i++) { |
388 | 0 | const char *name = sigmatch_table[i].name; |
389 | 0 | if (name != NULL && strlen(name) > 0) { |
390 | 0 | if (name[0] == '_' || strcmp(name, "template") == 0) |
391 | 0 | continue; |
392 | | |
393 | 0 | if (sigmatch_table[i].flags & SIGMATCH_NOT_BUILT) { |
394 | 0 | printf("- %s (not built-in)\n", name); |
395 | 0 | } else { |
396 | 0 | printf("- %s\n", name); |
397 | 0 | } |
398 | 0 | } |
399 | 0 | } |
400 | 0 | } else if (strcmp("csv", keyword) == 0) { |
401 | 0 | printf("name;description;app layer;features;documentation\n"); |
402 | 0 | for (i = 0; i < size; i++) { |
403 | 0 | const char *name = sigmatch_table[i].name; |
404 | 0 | if (name != NULL && strlen(name) > 0) { |
405 | 0 | if (sigmatch_table[i].flags & SIGMATCH_NOT_BUILT) { |
406 | 0 | continue; |
407 | 0 | } |
408 | 0 | if (name[0] == '_' || strcmp(name, "template") == 0) |
409 | 0 | continue; |
410 | | |
411 | 0 | printf("%s;", name); |
412 | 0 | if (sigmatch_table[i].desc) { |
413 | 0 | printf("%s", sigmatch_table[i].desc); |
414 | 0 | } |
415 | | /* Build feature */ |
416 | 0 | printf(";Unset;"); // this used to be alproto |
417 | 0 | PrintFeatureList(&sigmatch_table[i], ':'); |
418 | 0 | printf(";"); |
419 | 0 | if (sigmatch_table[i].url) { |
420 | 0 | printf("%s%s", GetDocURL(), sigmatch_table[i].url); |
421 | 0 | } |
422 | 0 | printf(";"); |
423 | 0 | printf("\n"); |
424 | 0 | } |
425 | 0 | } |
426 | 0 | } else if (strcmp("all", keyword) == 0) { |
427 | 0 | for (i = 0; i < size; i++) { |
428 | 0 | const char *name = sigmatch_table[i].name; |
429 | 0 | if (name != NULL && strlen(name) > 0) { |
430 | 0 | if (name[0] == '_' || strcmp(name, "template") == 0) |
431 | 0 | continue; |
432 | 0 | printf("%s:\n", sigmatch_table[i].name); |
433 | 0 | SigMultilinePrint(i, "\t"); |
434 | 0 | } |
435 | 0 | } |
436 | 0 | } else { |
437 | 0 | for (i = 0; i < size; i++) { |
438 | 0 | if ((sigmatch_table[i].name != NULL) && |
439 | 0 | strcmp(sigmatch_table[i].name, keyword) == 0) { |
440 | 0 | printf("= %s =\n", sigmatch_table[i].name); |
441 | 0 | if (sigmatch_table[i].flags & SIGMATCH_NOT_BUILT) { |
442 | 0 | printf("Not built-in\n"); |
443 | 0 | return TM_ECODE_FAILED; |
444 | 0 | } |
445 | 0 | SigMultilinePrint(i, ""); |
446 | 0 | return TM_ECODE_DONE; |
447 | 0 | } |
448 | 0 | } |
449 | 0 | printf("Non existing keyword\n"); |
450 | 0 | return TM_ECODE_FAILED; |
451 | 0 | } |
452 | 0 | return TM_ECODE_DONE; |
453 | 0 | } |
454 | | |
455 | | static void DetectFileHandlerRegister(void) |
456 | 73 | { |
457 | 19.9k | for (int i = 0; i < DETECT_TBLSIZE; i++) { |
458 | 19.8k | if (filehandler_table[i].name) |
459 | 219 | DetectFileRegisterFileProtocols(&filehandler_table[i]); |
460 | 19.8k | } |
461 | 73 | } |
462 | | |
463 | | void SigTableSetup(void) |
464 | 34 | { |
465 | 34 | memset(sigmatch_table, 0, sizeof(sigmatch_table)); |
466 | | |
467 | 34 | DetectSidRegister(); |
468 | 34 | DetectPriorityRegister(); |
469 | 34 | DetectPrefilterRegister(); |
470 | 34 | DetectRevRegister(); |
471 | 34 | DetectClasstypeRegister(); |
472 | 34 | DetectReferenceRegister(); |
473 | 34 | DetectTagRegister(); |
474 | 34 | DetectThresholdRegister(); |
475 | 34 | DetectMetadataRegister(); |
476 | 34 | DetectMsgRegister(); |
477 | 34 | DetectAckRegister(); |
478 | 34 | DetectSeqRegister(); |
479 | 34 | DetectContentRegister(); |
480 | 34 | DetectUricontentRegister(); |
481 | | |
482 | | /* NOTE: the order of these currently affects inspect |
483 | | * engine registration order and ultimately the order |
484 | | * of inspect engines in the rule. Which in turn affects |
485 | | * state keeping */ |
486 | 34 | DetectHttpUriRegister(); |
487 | 34 | DetectHttpRequestLineRegister(); |
488 | 34 | DetectHttpClientBodyRegister(); |
489 | 34 | DetectHttpResponseLineRegister(); |
490 | 34 | DetectHttpServerBodyRegister(); |
491 | 34 | DetectHttpHeaderRegister(); |
492 | 34 | DetectHttpRequestHeaderRegister(); |
493 | 34 | DetectHttpResponseHeaderRegister(); |
494 | 34 | DetectHttpHeaderNamesRegister(); |
495 | 34 | DetectHttpHeadersRegister(); |
496 | 34 | DetectHttpProtocolRegister(); |
497 | 34 | DetectHttpStartRegister(); |
498 | 34 | DetectHttpRawHeaderRegister(); |
499 | 34 | DetectHttpMethodRegister(); |
500 | 34 | DetectHttpCookieRegister(); |
501 | | |
502 | 34 | DetectFilenameRegister(); |
503 | 34 | DetectFilestoreRegister(); |
504 | 34 | DetectFilemagicRegister(); |
505 | 34 | DetectFileMd5Register(); |
506 | 34 | DetectFileSha1Register(); |
507 | 34 | DetectFileSha256Register(); |
508 | 34 | DetectFilesizeRegister(); |
509 | | |
510 | 34 | DetectHttpUARegister(); |
511 | 34 | DetectHttpHHRegister(); |
512 | | |
513 | 34 | DetectHttpStatMsgRegister(); |
514 | 34 | DetectHttpStatCodeRegister(); |
515 | 34 | DetectHttp2Register(); |
516 | | |
517 | 34 | DetectDnsQueryRegister(); |
518 | 34 | DetectDnsOpcodeRegister(); |
519 | 34 | DetectModbusRegister(); |
520 | 34 | DetectCipServiceRegister(); |
521 | 34 | DetectEnipCommandRegister(); |
522 | 34 | DetectDNP3Register(); |
523 | | |
524 | 34 | DetectIkeExchTypeRegister(); |
525 | 34 | DetectIkeSpiRegister(); |
526 | 34 | DetectIkeVendorRegister(); |
527 | 34 | DetectIkeChosenSaRegister(); |
528 | 34 | DetectIkeKeyExchangePayloadLengthRegister(); |
529 | 34 | DetectIkeNoncePayloadLengthRegister(); |
530 | 34 | DetectIkeNonceRegister(); |
531 | 34 | DetectIkeKeyExchangeRegister(); |
532 | | |
533 | 34 | DetectTlsSniRegister(); |
534 | 34 | DetectTlsIssuerRegister(); |
535 | 34 | DetectTlsSubjectRegister(); |
536 | 34 | DetectTlsSerialRegister(); |
537 | 34 | DetectTlsFingerprintRegister(); |
538 | 34 | DetectTlsCertsRegister(); |
539 | 34 | DetectTlsCertChainLenRegister(); |
540 | 34 | DetectTlsRandomRegister(); |
541 | | |
542 | 34 | DetectTlsJa3HashRegister(); |
543 | 34 | DetectTlsJa3StringRegister(); |
544 | 34 | DetectTlsJa3SHashRegister(); |
545 | 34 | DetectTlsJa3SStringRegister(); |
546 | | |
547 | 34 | DetectAppLayerEventRegister(); |
548 | | /* end of order dependent regs */ |
549 | | |
550 | 34 | DetectFrameRegister(); |
551 | | |
552 | 34 | DetectPcreRegister(); |
553 | 34 | DetectDepthRegister(); |
554 | 34 | DetectNocaseRegister(); |
555 | 34 | DetectRawbytesRegister(); |
556 | 34 | DetectBytetestRegister(); |
557 | 34 | DetectBytejumpRegister(); |
558 | 34 | DetectBytemathRegister(); |
559 | 34 | DetectSameipRegister(); |
560 | 34 | DetectGeoipRegister(); |
561 | 34 | DetectL3ProtoRegister(); |
562 | 34 | DetectIPProtoRegister(); |
563 | 34 | DetectWithinRegister(); |
564 | 34 | DetectDistanceRegister(); |
565 | 34 | DetectOffsetRegister(); |
566 | 34 | DetectReplaceRegister(); |
567 | 34 | DetectFlowRegister(); |
568 | 34 | DetectFlowAgeRegister(); |
569 | 34 | DetectRequiresRegister(); |
570 | 34 | DetectWindowRegister(); |
571 | 34 | DetectRpcRegister(); |
572 | 34 | DetectFtpbounceRegister(); |
573 | 34 | DetectFtpdataRegister(); |
574 | 34 | DetectIsdataatRegister(); |
575 | 34 | DetectIdRegister(); |
576 | 34 | DetectDsizeRegister(); |
577 | 34 | DetectDatasetRegister(); |
578 | 34 | DetectDatarepRegister(); |
579 | 34 | DetectFlowvarRegister(); |
580 | 34 | DetectFlowintRegister(); |
581 | 34 | DetectPktvarRegister(); |
582 | 34 | DetectNoalertRegister(); |
583 | 34 | DetectFlowbitsRegister(); |
584 | 34 | DetectHostbitsRegister(); |
585 | 34 | DetectXbitsRegister(); |
586 | 34 | DetectEngineEventRegister(); |
587 | 34 | DetectIpOptsRegister(); |
588 | 34 | DetectFlagsRegister(); |
589 | 34 | DetectFragBitsRegister(); |
590 | 34 | DetectFragOffsetRegister(); |
591 | 34 | DetectGidRegister(); |
592 | 34 | DetectMarkRegister(); |
593 | 34 | DetectCsumRegister(); |
594 | 34 | DetectStreamSizeRegister(); |
595 | 34 | DetectTtlRegister(); |
596 | 34 | DetectTosRegister(); |
597 | 34 | DetectFastPatternRegister(); |
598 | 34 | DetectITypeRegister(); |
599 | 34 | DetectICodeRegister(); |
600 | 34 | DetectIcmpIdRegister(); |
601 | 34 | DetectIcmpSeqRegister(); |
602 | 34 | DetectIcmpv4HdrRegister(); |
603 | 34 | DetectDceIfaceRegister(); |
604 | 34 | DetectDceOpnumRegister(); |
605 | 34 | DetectDceStubDataRegister(); |
606 | 34 | DetectSmbNamedPipeRegister(); |
607 | 34 | DetectSmbShareRegister(); |
608 | 34 | DetectSmbNtlmsspUserRegister(); |
609 | 34 | DetectSmbNtlmsspDomainRegister(); |
610 | 34 | DetectTlsRegister(); |
611 | 34 | DetectTlsValidityRegister(); |
612 | 34 | DetectTlsVersionRegister(); |
613 | 34 | DetectNfsProcedureRegister(); |
614 | 34 | DetectNfsVersionRegister(); |
615 | 34 | DetectUrilenRegister(); |
616 | 34 | DetectBsizeRegister(); |
617 | 34 | DetectDetectionFilterRegister(); |
618 | 34 | DetectAsn1Register(); |
619 | 34 | DetectSshProtocolRegister(); |
620 | 34 | DetectSshVersionRegister(); |
621 | 34 | DetectSshSoftwareRegister(); |
622 | 34 | DetectSshSoftwareVersionRegister(); |
623 | 34 | DetectSshHasshRegister(); |
624 | 34 | DetectSshHasshServerRegister(); |
625 | 34 | DetectSshHasshStringRegister(); |
626 | 34 | DetectSshHasshServerStringRegister(); |
627 | 34 | DetectSslStateRegister(); |
628 | 34 | DetectSslVersionRegister(); |
629 | 34 | DetectByteExtractRegister(); |
630 | 34 | DetectFiledataRegister(); |
631 | 34 | DetectPktDataRegister(); |
632 | 34 | DetectLuaRegister(); |
633 | 34 | DetectIPRepRegister(); |
634 | 34 | DetectAppLayerProtocolRegister(); |
635 | 34 | DetectBase64DecodeRegister(); |
636 | 34 | DetectBase64DataRegister(); |
637 | 34 | DetectTemplateRegister(); |
638 | 34 | DetectTemplate2Register(); |
639 | 34 | DetectTcphdrRegister(); |
640 | 34 | DetectUdphdrRegister(); |
641 | 34 | DetectTcpmssRegister(); |
642 | 34 | DetectICMPv6hdrRegister(); |
643 | 34 | DetectICMPv6mtuRegister(); |
644 | 34 | DetectIPAddrBufferRegister(); |
645 | 34 | DetectIpv4hdrRegister(); |
646 | 34 | DetectIpv6hdrRegister(); |
647 | 34 | DetectKrb5CNameRegister(); |
648 | 34 | DetectKrb5ErrCodeRegister(); |
649 | 34 | DetectKrb5MsgTypeRegister(); |
650 | 34 | DetectKrb5SNameRegister(); |
651 | 34 | DetectKrb5TicketEncryptionRegister(); |
652 | 34 | DetectSipMethodRegister(); |
653 | 34 | DetectSipUriRegister(); |
654 | 34 | DetectSipProtocolRegister(); |
655 | 34 | DetectSipStatCodeRegister(); |
656 | 34 | DetectSipStatMsgRegister(); |
657 | 34 | DetectSipRequestLineRegister(); |
658 | 34 | DetectSipResponseLineRegister(); |
659 | 34 | DetectRfbSecresultRegister(); |
660 | 34 | DetectRfbSectypeRegister(); |
661 | 34 | DetectRfbNameRegister(); |
662 | 34 | DetectTargetRegister(); |
663 | 34 | DetectTemplateRustBufferRegister(); |
664 | 34 | DetectDHCPLeaseTimeRegister(); |
665 | 34 | DetectDHCPRebindingTimeRegister(); |
666 | 34 | DetectDHCPRenewalTimeRegister(); |
667 | 34 | DetectSNMPUsmRegister(); |
668 | 34 | DetectSNMPVersionRegister(); |
669 | 34 | DetectSNMPCommunityRegister(); |
670 | 34 | DetectSNMPPduTypeRegister(); |
671 | 34 | DetectMQTTTypeRegister(); |
672 | 34 | DetectMQTTFlagsRegister(); |
673 | 34 | DetectMQTTQosRegister(); |
674 | 34 | DetectMQTTProtocolVersionRegister(); |
675 | 34 | DetectMQTTReasonCodeRegister(); |
676 | 34 | DetectMQTTConnectFlagsRegister(); |
677 | 34 | DetectMQTTConnectClientIDRegister(); |
678 | 34 | DetectMQTTConnectUsernameRegister(); |
679 | 34 | DetectMQTTConnectPasswordRegister(); |
680 | 34 | DetectMQTTConnectWillTopicRegister(); |
681 | 34 | DetectMQTTConnectWillMessageRegister(); |
682 | 34 | DetectMQTTConnackSessionPresentRegister(); |
683 | 34 | DetectMQTTPublishTopicRegister(); |
684 | 34 | DetectMQTTPublishMessageRegister(); |
685 | 34 | DetectMQTTSubscribeTopicRegister(); |
686 | 34 | DetectMQTTUnsubscribeTopicRegister(); |
687 | 34 | DetectQuicSniRegister(); |
688 | 34 | DetectQuicUaRegister(); |
689 | 34 | DetectQuicVersionRegister(); |
690 | 34 | DetectQuicCyuHashRegister(); |
691 | 34 | DetectQuicCyuStringRegister(); |
692 | 34 | DetectJa4HashRegister(); |
693 | | |
694 | 34 | DetectBypassRegister(); |
695 | 34 | DetectConfigRegister(); |
696 | | |
697 | 34 | DetectTransformCompressWhitespaceRegister(); |
698 | 34 | DetectTransformStripWhitespaceRegister(); |
699 | 34 | DetectTransformStripPseudoHeadersRegister(); |
700 | 34 | DetectTransformMd5Register(); |
701 | 34 | DetectTransformSha1Register(); |
702 | 34 | DetectTransformSha256Register(); |
703 | 34 | DetectTransformDotPrefixRegister(); |
704 | 34 | DetectTransformPcrexformRegister(); |
705 | 34 | DetectTransformUrlDecodeRegister(); |
706 | 34 | DetectTransformXorRegister(); |
707 | 34 | DetectTransformHeaderLowercaseRegister(); |
708 | 34 | DetectTransformToLowerRegister(); |
709 | 34 | DetectTransformToUpperRegister(); |
710 | | |
711 | 34 | DetectFileHandlerRegister(); |
712 | | |
713 | | /* close keyword registration */ |
714 | 34 | DetectBufferTypeCloseRegistration(); |
715 | 34 | } |
716 | | |
717 | | #ifdef UNITTESTS |
718 | | void SigTableRegisterTests(void) |
719 | | { |
720 | | /* register the tests */ |
721 | | for (int i = 0; i < DETECT_TBLSIZE; i++) { |
722 | | g_ut_modules++; |
723 | | if (sigmatch_table[i].RegisterTests != NULL) { |
724 | | sigmatch_table[i].RegisterTests(); |
725 | | g_ut_covered++; |
726 | | } else { |
727 | | SCLogDebug("detection plugin %s has no unittest " |
728 | | "registration function.", sigmatch_table[i].name); |
729 | | |
730 | | if (coverage_unittests) |
731 | | SCLogWarning("detection plugin %s has no unittest " |
732 | | "registration function.", |
733 | | sigmatch_table[i].name); |
734 | | } |
735 | | } |
736 | | } |
737 | | #endif |