-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Detect validate callbacks 5634 v3 #11902
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -27,6 +27,24 @@ | |
#include "detect.h" | ||
#include "suricata.h" | ||
|
||
#include "detect-content.h" | ||
|
||
typedef struct DetectBufferType_ { | ||
char name[32]; | ||
char description[128]; | ||
int id; | ||
int parent_id; | ||
bool mpm; | ||
bool packet; /**< compat to packet matches */ | ||
bool frame; /**< is about Frame inspection */ | ||
bool supports_transforms; | ||
bool multi_instance; /**< buffer supports multiple buffer instances per tx */ | ||
void (*SetupCallback)(const struct DetectEngineCtx_ *, struct Signature_ *); | ||
bool (*ValidateCallback)( | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. validation should be possible for non-content as well There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Interesting, what can we validate besides content ? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. all other keywords :) examples would be bsize, byte*, etc. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ok, so we could have (As of today, we only use content though, right ?) |
||
const struct Signature_ *s, const DetectContentData *cd, const char **sigerror); | ||
DetectEngineTransforms transforms; | ||
} DetectBufferType; | ||
|
||
void InspectionBufferInit(InspectionBuffer *buffer, uint32_t initial_size); | ||
void InspectionBufferSetup(DetectEngineThreadCtx *det_ctx, const int list_id, | ||
InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len); | ||
|
@@ -58,8 +76,9 @@ void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc); | |
const char *DetectBufferTypeGetDescriptionByName(const char *name); | ||
void DetectBufferTypeRegisterSetupCallback(const char *name, | ||
void (*Callback)(const DetectEngineCtx *, Signature *)); | ||
void DetectBufferTypeRegisterValidateCallback(const char *name, | ||
bool (*ValidateCallback)(const Signature *, const char **sigerror)); | ||
void DetectBufferTypeRegisterValidateCallback( | ||
const char *name, bool (*ValidateCallback)(const Signature *s, const DetectContentData *cd, | ||
const char **sigerror)); | ||
|
||
/* detect engine related buffer funcs */ | ||
|
||
|
@@ -207,6 +226,9 @@ void DetectRunStoreStateTx(const SigGroupHead *sgh, Flow *f, void *tx, uint64_t | |
|
||
void DetectEngineStateResetTxs(Flow *f); | ||
|
||
bool DetectMd5ValidateCallback( | ||
const Signature *s, const DetectContentData *cd, const char **sigerror); | ||
|
||
void DeStateRegisterTests(void); | ||
|
||
#endif /* SURICATA_DETECT_ENGINE_H */ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this logic seems to turn a generic validation callback mechanism into a specific one for content. That does not look correct.