1 /* Copyright (C) 2007-2020 Open Information Security Foundation 2 * 3 * You can copy, redistribute or modify this Program under the terms of 4 * the GNU General Public License version 2 as published by the Free 5 * Software Foundation. 6 * 7 * This program is distributed in the hope that it will be useful, 8 * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 * GNU General Public License for more details. 11 * 12 * You should have received a copy of the GNU General Public License 13 * version 2 along with this program; if not, write to the Free Software 14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 15 * 02110-1301, USA. 16 */ 17 18 /** 19 * \file 20 * 21 * \author Victor Julien <victor@inliniac.net> 22 */ 23 24 #ifndef __DETECT_PARSE_H__ 25 #define __DETECT_PARSE_H__ 26 27 /** Flags to indicate if the Signature parsing must be done 28 * switching the source and dest (for ip addresses and ports) 29 * or otherwise as normal */ 30 enum { 31 SIG_DIREC_NORMAL, 32 SIG_DIREC_SWITCHED 33 }; 34 35 /** Flags to indicate if are referencing the source of the Signature 36 * or the destination (for ip addresses and ports)*/ 37 enum { 38 SIG_DIREC_SRC, 39 SIG_DIREC_DST 40 }; 41 42 typedef struct DetectParseRegex_ { 43 pcre *regex; 44 pcre_extra *study; 45 #ifdef PCRE_HAVE_JIT_EXEC 46 pcre_jit_stack *jit_stack; 47 #endif 48 struct DetectParseRegex_ *next; 49 } DetectParseRegex; 50 51 /* prototypes */ 52 Signature *SigAlloc(void); 53 void SigFree(DetectEngineCtx *de_ctx, Signature *s); 54 Signature *SigInit(DetectEngineCtx *, const char *sigstr); 55 Signature *SigInitReal(DetectEngineCtx *, const char *); 56 SigMatchData* SigMatchList2DataArray(SigMatch *head); 57 void SigParseRegisterTests(void); 58 Signature *DetectEngineAppendSig(DetectEngineCtx *, const char *); 59 60 void SigMatchAppendSMToList(Signature *, SigMatch *, int); 61 void SigMatchRemoveSMFromList(Signature *, SigMatch *, int); 62 int SigMatchListSMBelongsTo(const Signature *, const SigMatch *); 63 64 int DetectParseDupSigHashInit(DetectEngineCtx *); 65 void DetectParseDupSigHashFree(DetectEngineCtx *); 66 67 int DetectEngineContentModifierBufferSetup(DetectEngineCtx *de_ctx, 68 Signature *s, const char *arg, int sm_type, int sm_list, 69 AppProto alproto); 70 71 bool SigMatchSilentErrorEnabled(const DetectEngineCtx *de_ctx, 72 const enum DetectKeywordId id); 73 bool SigMatchStrictEnabled(const enum DetectKeywordId id); 74 75 const char *DetectListToHumanString(int list); 76 const char *DetectListToString(int list); 77 78 void SigTableApplyStrictCommandlineOption(const char *str); 79 80 SigMatch *DetectGetLastSM(const Signature *); 81 SigMatch *DetectGetLastSMFromMpmLists(const DetectEngineCtx *de_ctx, const Signature *s); 82 SigMatch *DetectGetLastSMFromLists(const Signature *s, ...); 83 SigMatch *DetectGetLastSMByListPtr(const Signature *s, SigMatch *sm_list, ...); 84 SigMatch *DetectGetLastSMByListId(const Signature *s, int list_id, ...); 85 86 int DetectSignatureAddTransform(Signature *s, int transform, void *options); 87 int WARN_UNUSED DetectSignatureSetAppProto(Signature *s, AppProto alproto); 88 89 /* parse regex setup and free util funcs */ 90 91 bool DetectSetupParseRegexesOpts(const char *parse_str, DetectParseRegex *parse_regex, int opts); 92 void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *parse_regex); 93 void DetectParseRegexAddToFreeList(DetectParseRegex *parse_regex); 94 void DetectParseFreeRegexes(void); 95 void DetectParseFreeRegex(DetectParseRegex *r); 96 97 /* parse regex exec */ 98 int DetectParsePcreExec(DetectParseRegex *parse_regex, const char *str, 99 int start_offset, int options, 100 int *ovector, int ovector_size); 101 int DetectParsePcreExecLen(DetectParseRegex *parse_regex, const char *str, 102 int str_len, int start_offset, int options, 103 int *ovector, int ovector_size); 104 105 /* typical size of ovector */ 106 #define MAX_SUBSTRINGS 30 107 108 #endif /* __DETECT_PARSE_H__ */ 109 110