Feature #344 » 0002-Add-new-command-line-option-list-app-layer-protocols.patch
| src/app-layer-dcerpc-udp.c | ||
|---|---|---|
|
}
|
||
|
void RegisterDCERPCUDPParsers(void) {
|
||
|
char *proto_name = "dcerpcudp";
|
||
|
/** DCERPC */
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_UDP, ALPROTO_DCERPC_UDP, "|04 00|", 2, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_UDP, ALPROTO_DCERPC_UDP, "|04 00|", 2, 0, STREAM_TOSERVER);
|
||
|
AppLayerRegisterProto("dcerpcudp", ALPROTO_DCERPC_UDP, STREAM_TOSERVER,
|
||
|
AppLayerRegisterProto(proto_name, ALPROTO_DCERPC_UDP, STREAM_TOSERVER,
|
||
|
DCERPCUDPParse);
|
||
|
AppLayerRegisterProto("dcerpcudp", ALPROTO_DCERPC_UDP, STREAM_TOCLIENT,
|
||
|
AppLayerRegisterProto(proto_name, ALPROTO_DCERPC_UDP, STREAM_TOCLIENT,
|
||
|
DCERPCUDPParse);
|
||
|
AppLayerRegisterStateFuncs(ALPROTO_DCERPC_UDP, DCERPCUDPStateAlloc,
|
||
|
DCERPCUDPStateFree);
|
||
| src/app-layer-dcerpc.c | ||
|---|---|---|
|
}
|
||
|
void RegisterDCERPCParsers(void) {
|
||
|
char *proto_name = "dcerpc";
|
||
|
/** DCERPC */
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_DCERPC, "|05 00|", 2, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_DCERPC, "|05 00|", 2, 0, STREAM_TOSERVER);
|
||
|
AppLayerRegisterProto("dcerpc", ALPROTO_DCERPC, STREAM_TOSERVER,
|
||
|
AppLayerRegisterProto(proto_name, ALPROTO_DCERPC, STREAM_TOSERVER,
|
||
|
DCERPCParse);
|
||
|
AppLayerRegisterProto("dcerpc", ALPROTO_DCERPC, STREAM_TOCLIENT,
|
||
|
AppLayerRegisterProto(proto_name, ALPROTO_DCERPC, STREAM_TOCLIENT,
|
||
|
DCERPCParse);
|
||
|
AppLayerRegisterStateFuncs(ALPROTO_DCERPC, DCERPCStateAlloc,
|
||
|
DCERPCStateFree);
|
||
| src/app-layer-detect-proto.c | ||
|---|---|---|
|
* \param offset Offset setting for the content. E.g. 4 mean that the content has to match after the first 4 bytes of the stream.
|
||
|
* \param flags Set STREAM_TOCLIENT or STREAM_TOSERVER for the direction in which to try to match the content.
|
||
|
*/
|
||
|
void AlpProtoAdd(AlpProtoDetectCtx *ctx, uint16_t ip_proto, uint16_t al_proto, char *content, uint16_t depth, uint16_t offset, uint8_t flags) {
|
||
|
void AlpProtoAdd(AlpProtoDetectCtx *ctx, char *name, uint16_t ip_proto, uint16_t al_proto, char *content, uint16_t depth, uint16_t offset, uint8_t flags)
|
||
|
{
|
||
|
if (al_proto_table[al_proto].name != NULL) {
|
||
|
BUG_ON(strcmp(al_proto_table[al_proto].name, name) != 0);
|
||
|
} else {
|
||
|
al_proto_table[al_proto].name = name;
|
||
|
}
|
||
|
DetectContentData *cd = DetectContentParseEncloseQuotes(content);
|
||
|
if (cd == NULL) {
|
||
|
return;
|
||
| ... | ... | |
|
AlpProtoInit(&ctx);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT);
|
||
|
AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT);
|
||
|
SCFree(buf);
|
||
|
if (ctx.toclient.id != 1) {
|
||
| ... | ... | |
|
}
|
||
|
buf = SCStrdup("GET");
|
||
|
AlpProtoAdd(&ctx, IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOSERVER);
|
||
|
if (ctx.toserver.id != 1) {
|
||
|
r = 0;
|
||
|
}
|
||
| ... | ... | |
|
AlpProtoInit(&ctx);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT);
|
||
|
AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT);
|
||
|
SCFree(buf);
|
||
|
if (ctx.toclient.id != 1) {
|
||
| ... | ... | |
|
}
|
||
|
buf = SCStrdup("220 ");
|
||
|
AlpProtoAdd(&ctx, IPPROTO_TCP, ALPROTO_FTP, buf, 4, 0, STREAM_TOCLIENT);
|
||
|
AlpProtoAdd(&ctx, "ftp", IPPROTO_TCP, ALPROTO_FTP, buf, 4, 0, STREAM_TOCLIENT);
|
||
|
SCFree(buf);
|
||
|
if (ctx.toclient.id != 2) {
|
||
| ... | ... | |
|
AlpProtoInit(&ctx);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT);
|
||
|
AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT);
|
||
|
SCFree(buf);
|
||
|
if (ctx.toclient.id != 1) {
|
||
| ... | ... | |
|
}
|
||
|
buf = SCStrdup("220 ");
|
||
|
AlpProtoAdd(&ctx, IPPROTO_TCP, ALPROTO_FTP, buf, 4, 0, STREAM_TOCLIENT);
|
||
|
AlpProtoAdd(&ctx, "ftp", IPPROTO_TCP, ALPROTO_FTP, buf, 4, 0, STREAM_TOCLIENT);
|
||
|
SCFree(buf);
|
||
|
if (ctx.toclient.id != 2) {
|
||
| ... | ... | |
|
AlpProtoInit(&ctx);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT);
|
||
|
AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT);
|
||
|
SCFree(buf);
|
||
|
if (ctx.toclient.id != 1) {
|
||
| ... | ... | |
|
AlpProtoInit(&ctx);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT);
|
||
|
AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT);
|
||
|
SCFree(buf);
|
||
|
if (ctx.toclient.id != 1) {
|
||
| ... | ... | |
|
}
|
||
|
buf = SCStrdup("220 ");
|
||
|
AlpProtoAdd(&ctx, IPPROTO_TCP, ALPROTO_FTP, buf, 4, 0, STREAM_TOCLIENT);
|
||
|
AlpProtoAdd(&ctx, "ftp", IPPROTO_TCP, ALPROTO_FTP, buf, 4, 0, STREAM_TOCLIENT);
|
||
|
SCFree(buf);
|
||
|
if (ctx.toclient.id != 2) {
|
||
| ... | ... | |
|
AlpProtoInit(&ctx);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT);
|
||
|
AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT);
|
||
|
SCFree(buf);
|
||
|
if (ctx.toclient.id != 1) {
|
||
| ... | ... | |
|
}
|
||
|
buf = SCStrdup("220 ");
|
||
|
AlpProtoAdd(&ctx, IPPROTO_TCP, ALPROTO_FTP, buf, 4, 0, STREAM_TOCLIENT);
|
||
|
AlpProtoAdd(&ctx, "ftp", IPPROTO_TCP, ALPROTO_FTP, buf, 4, 0, STREAM_TOCLIENT);
|
||
|
SCFree(buf);
|
||
|
if (ctx.toclient.id != 2) {
|
||
| ... | ... | |
|
AlpProtoInit(&ctx);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT);
|
||
|
AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, buf, 4, 0, STREAM_TOCLIENT);
|
||
|
SCFree(buf);
|
||
|
if (ctx.toclient.id != 1) {
|
||
| ... | ... | |
|
AlpProtoInit(&ctx);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_TCP, ALPROTO_SMB, buf, 8, 4, STREAM_TOCLIENT);
|
||
|
AlpProtoAdd(&ctx, "smb", IPPROTO_TCP, ALPROTO_SMB, buf, 8, 4, STREAM_TOCLIENT);
|
||
|
SCFree(buf);
|
||
|
if (ctx.toclient.id != 1) {
|
||
| ... | ... | |
|
AlpProtoInit(&ctx);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_TCP, ALPROTO_SMB2, buf, 8, 4, STREAM_TOCLIENT);
|
||
|
AlpProtoAdd(&ctx, "smb2", IPPROTO_TCP, ALPROTO_SMB2, buf, 8, 4, STREAM_TOCLIENT);
|
||
|
SCFree(buf);
|
||
|
if (ctx.toclient.id != 1) {
|
||
| ... | ... | |
|
AlpProtoInit(&ctx);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_TCP, ALPROTO_DCERPC, buf, 4, 0, STREAM_TOCLIENT);
|
||
|
AlpProtoAdd(&ctx, "dcerpc", IPPROTO_TCP, ALPROTO_DCERPC, buf, 4, 0, STREAM_TOCLIENT);
|
||
|
SCFree(buf);
|
||
|
if (ctx.toclient.id != 1) {
|
||
| ... | ... | |
|
AlpProtoInit(&ctx);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_TCP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_TCP, ALPROTO_HTTP, "GET", 3, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_TCP, ALPROTO_HTTP, "PUT", 3, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_TCP, ALPROTO_HTTP, "POST", 4, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_TCP, ALPROTO_HTTP, "TRACE", 5, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_TCP, ALPROTO_HTTP, "OPTIONS", 7, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_TCP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOCLIENT);
|
||
|
AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, "GET", 3, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, "PUT", 3, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, "POST", 4, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, "TRACE", 5, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, "OPTIONS", 7, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOCLIENT);
|
||
|
if (ctx.toserver.id != 6) {
|
||
|
printf("ctx.toserver.id %u != 6: ", ctx.toserver.id);
|
||
| ... | ... | |
|
int r = 0;
|
||
|
AlpProtoInit(&ctx);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_TCP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, "http", IPPROTO_TCP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOSERVER);
|
||
|
AlpProtoFinalizeGlobal(&ctx);
|
||
|
if (ctx.head == NULL) {
|
||
| ... | ... | |
|
AlpProtoInit(&ctx);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_UDP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_UDP, ALPROTO_HTTP, "GET", 3, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_UDP, ALPROTO_HTTP, "PUT", 3, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_UDP, ALPROTO_HTTP, "POST", 4, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_UDP, ALPROTO_HTTP, "TRACE", 5, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_UDP, ALPROTO_HTTP, "OPTIONS", 7, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_UDP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOCLIENT);
|
||
|
AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "GET", 3, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "PUT", 3, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "POST", 4, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "TRACE", 5, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "OPTIONS", 7, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOCLIENT);
|
||
|
if (ctx.toserver.id != 6) {
|
||
|
printf("ctx.toserver.id %u != 6: ", ctx.toserver.id);
|
||
| ... | ... | |
|
AlpProtoInit(&ctx);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_UDP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_UDP, ALPROTO_HTTP, "GET", 3, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_UDP, ALPROTO_HTTP, "PUT", 3, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_UDP, ALPROTO_HTTP, "POST", 4, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_UDP, ALPROTO_HTTP, "TRACE", 5, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_UDP, ALPROTO_HTTP, "OPTIONS", 7, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_UDP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOCLIENT);
|
||
|
AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "GET", 3, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "PUT", 3, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "POST", 4, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "TRACE", 5, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "OPTIONS", 7, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, "http", IPPROTO_UDP, ALPROTO_HTTP, "HTTP", 4, 0, STREAM_TOCLIENT);
|
||
|
if (ctx.toserver.id != 6) {
|
||
|
printf("ctx.toserver.id %u != 6: ", ctx.toserver.id);
|
||
| src/app-layer-detect-proto.h | ||
|---|---|---|
|
uint16_t AppLayerDetectGetProto(AlpProtoDetectCtx *, AlpProtoDetectThreadCtx *,
|
||
|
Flow *, uint8_t *, uint32_t,
|
||
|
uint8_t, uint8_t);
|
||
|
void AlpProtoAdd(AlpProtoDetectCtx *, uint16_t, uint16_t, char *, uint16_t, uint16_t, uint8_t);
|
||
|
void AlpProtoAdd(AlpProtoDetectCtx *, char *, uint16_t, uint16_t, char *, uint16_t, uint16_t, uint8_t);
|
||
|
void AppLayerDetectProtoThreadSpawn(void);
|
||
|
void AlpDetectRegisterTests(void);
|
||
| src/app-layer-ftp.c | ||
|---|---|---|
|
void RegisterFTPParsers(void) {
|
||
|
char *proto_name = "ftp";
|
||
|
/** FTP */
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_FTP, "USER ", 5, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_FTP, "PASS ", 5, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_FTP, "PORT ", 5, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_FTP, "USER ", 5, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_FTP, "PASS ", 5, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_FTP, "PORT ", 5, 0, STREAM_TOSERVER);
|
||
|
AppLayerRegisterProto("ftp", ALPROTO_FTP, STREAM_TOSERVER,
|
||
|
AppLayerRegisterProto(proto_name, ALPROTO_FTP, STREAM_TOSERVER,
|
||
|
FTPParseRequest);
|
||
|
AppLayerRegisterProto("ftp", ALPROTO_FTP, STREAM_TOCLIENT,
|
||
|
AppLayerRegisterProto(proto_name, ALPROTO_FTP, STREAM_TOCLIENT,
|
||
|
FTPParseResponse);
|
||
|
AppLayerRegisterParser("ftp.request_command_line", ALPROTO_FTP,
|
||
|
FTP_FIELD_REQUEST_LINE, FTPParseRequestCommandLine,
|
||
| src/app-layer-htp.c | ||
|---|---|---|
|
{
|
||
|
SCEnter();
|
||
|
char *proto_name = "http";
|
||
|
/** HTTP */
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "GET|20|", 4, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "GET|09|", 4, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "PUT|20|", 4, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "PUT|09|", 4, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "POST|20|", 5, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "POST|09|", 5, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "HEAD|20|", 5, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "HEAD|09|", 5, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "TRACE|20|", 6, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "TRACE|09|", 6, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "OPTIONS|20|", 8, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "OPTIONS|09|", 8, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "CONNECT|20|", 8, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_HTTP, "CONNECT|09|", 8, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "GET|20|", 4, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "GET|09|", 4, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "PUT|20|", 4, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "PUT|09|", 4, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "POST|20|", 5, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "POST|09|", 5, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "HEAD|20|", 5, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "HEAD|09|", 5, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "TRACE|20|", 6, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "TRACE|09|", 6, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "OPTIONS|20|", 8, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "OPTIONS|09|", 8, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "CONNECT|20|", 8, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_HTTP, "CONNECT|09|", 8, 0, STREAM_TOSERVER);
|
||
|
AppLayerRegisterStateFuncs(ALPROTO_HTTP, HTPStateAlloc, HTPStateFree);
|
||
|
AppLayerRegisterTransactionIdFuncs(ALPROTO_HTTP, HTPStateUpdateTransactionId, HTPStateTransactionFree);
|
||
| ... | ... | |
|
AppLayerDecoderEventsModuleRegister(ALPROTO_HTTP, http_decoder_event_table);
|
||
|
AppLayerRegisterProto("http", ALPROTO_HTTP, STREAM_TOSERVER,
|
||
|
AppLayerRegisterProto(proto_name, ALPROTO_HTTP, STREAM_TOSERVER,
|
||
|
HTPHandleRequestData);
|
||
|
AppLayerRegisterProto("http", ALPROTO_HTTP, STREAM_TOCLIENT,
|
||
|
AppLayerRegisterProto(proto_name, ALPROTO_HTTP, STREAM_TOCLIENT,
|
||
|
HTPHandleResponseData);
|
||
|
HTPConfigure();
|
||
| src/app-layer-parser.c | ||
|---|---|---|
|
#include "util-unittest-helper.h"
|
||
|
#include "util-validate.h"
|
||
|
static AppLayerProto al_proto_table[ALPROTO_MAX]; /**< Application layer protocol
|
||
|
table mapped to their
|
||
|
corresponding parsers */
|
||
|
AppLayerProto al_proto_table[ALPROTO_MAX]; /**< Application layer protocol
|
||
|
table mapped to their
|
||
|
corresponding parsers */
|
||
|
#define MAX_PARSERS 100
|
||
|
static AppLayerParserTableElement al_parser_table[MAX_PARSERS];
|
||
| ... | ... | |
|
al_parser_table[al_max_parsers].name = name;
|
||
|
al_parser_table[al_max_parsers].AppLayerParser = AppLayerParser;
|
||
|
al_proto_table[proto].name = name;
|
||
|
/* create proto, direction -- parser mapping */
|
||
|
if (flags & STREAM_TOSERVER) {
|
||
|
al_proto_table[proto].to_server = al_max_parsers;
|
||
| ... | ... | |
|
SCReturnInt(r);
|
||
|
}
|
||
|
void AppLayerListSupportedProtocols(void)
|
||
|
{
|
||
|
uint32_t i;
|
||
|
uint32_t temp_alprotos_buf[ALPROTO_MAX];
|
||
|
printf("=========Supported App Layer Protocols=========\n");
|
||
|
/* for each proto, alloc the map array */
|
||
|
for (i = 0; i < ALPROTO_MAX; i++) {
|
||
|
if (al_proto_table[i].name == NULL)
|
||
|
continue;
|
||
|
temp_alprotos_buf[i] = 1;
|
||
|
printf("%s\n", al_proto_table[i].name);
|
||
|
}
|
||
|
AppLayerProbingParserInfo *pinfo = alp_proto_ctx.probing_parsers_info;
|
||
|
while (pinfo != NULL) {
|
||
|
if (temp_alprotos_buf[pinfo->al_proto] == 1) {
|
||
|
pinfo = pinfo->next;
|
||
|
continue;
|
||
|
}
|
||
|
printf("%s\n", pinfo->al_proto_name);
|
||
|
temp_alprotos_buf[pinfo->al_proto] = 1;
|
||
|
pinfo = pinfo->next;
|
||
|
}
|
||
|
printf("=====\n");
|
||
|
return;
|
||
|
}
|
||
|
AppLayerDecoderEvents *AppLayerGetDecoderEventsForFlow(Flow *f)
|
||
|
{
|
||
|
DEBUG_ASSERT_FLOW_LOCKED(f);
|
||
| ... | ... | |
|
/** IMAP */
|
||
|
//AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_IMAP, "|2A 20|OK|20|", 5, 0, STREAM_TOCLIENT);
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_IMAP, "1|20|capability", 12, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, "imap", IPPROTO_TCP, ALPROTO_IMAP, "1|20|capability", 12, 0, STREAM_TOSERVER);
|
||
|
/** MSN Messenger */
|
||
|
//AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_MSN, "MSNP", 10, 6, STREAM_TOCLIENT);
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_MSN, "MSNP", 10, 6, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, "msn", IPPROTO_TCP, ALPROTO_MSN, "MSNP", 10, 6, STREAM_TOSERVER);
|
||
|
/** Jabber */
|
||
|
//AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_JABBER, "xmlns='jabber|3A|client'", 74, 53, STREAM_TOCLIENT);
|
||
| src/app-layer-parser.h | ||
|---|---|---|
|
#define APP_LAYER_PROBING_PARSER_PRIORITY_MEDIUM 2
|
||
|
#define APP_LAYER_PROBING_PARSER_PRIORITY_LOW 3
|
||
|
extern AppLayerProto al_proto_table[];
|
||
|
static inline
|
||
|
AppLayerProbingParser *AppLayerGetProbingParsers(AppLayerProbingParser *probing_parsers,
|
||
|
uint16_t ip_proto,
|
||
| ... | ... | |
|
void AppLayerPrintProbingParsers(AppLayerProbingParser *);
|
||
|
uint16_t AppLayerGetStateVersion(Flow *f);
|
||
|
void AppLayerListSupportedProtocols(void);
|
||
|
FileContainer *AppLayerGetFilesFromFlow(Flow *, uint8_t);
|
||
|
AppLayerDecoderEvents *AppLayerGetDecoderEventsForFlow(Flow *);
|
||
| src/app-layer-smb.c | ||
|---|---|---|
|
}
|
||
|
void RegisterSMBParsers(void) {
|
||
|
char *proto_name = "smb";
|
||
|
/** SMB */
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMB, "|ff|SMB", 8, 4, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_SMB, "|ff|SMB", 8, 4, STREAM_TOSERVER);
|
||
|
/** SMB2 */
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, "smb2", IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOSERVER);
|
||
|
AppLayerRegisterProto("smb", ALPROTO_SMB, STREAM_TOSERVER, SMBParse);
|
||
|
AppLayerRegisterProto("smb", ALPROTO_SMB, STREAM_TOCLIENT, SMBParse);
|
||
|
AppLayerRegisterProto(proto_name, ALPROTO_SMB, STREAM_TOSERVER, SMBParse);
|
||
|
AppLayerRegisterProto(proto_name, ALPROTO_SMB, STREAM_TOCLIENT, SMBParse);
|
||
|
AppLayerRegisterStateFuncs(ALPROTO_SMB, SMBStateAlloc, SMBStateFree);
|
||
|
AppLayerRegisterTransactionIdFuncs(ALPROTO_SMB,
|
||
|
SMBUpdateTransactionId, NULL);
|
||
| ... | ... | |
|
AlpProtoInit(&ctx);
|
||
|
/** SMB */
|
||
|
AlpProtoAdd(&ctx, IPPROTO_TCP, ALPROTO_SMB, "|ff|SMB", 8, 4, STREAM_TOCLIENT);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_TCP, ALPROTO_SMB, "|ff|SMB", 8, 4, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, "smb", IPPROTO_TCP, ALPROTO_SMB, "|ff|SMB", 8, 4, STREAM_TOCLIENT);
|
||
|
AlpProtoAdd(&ctx, "smb", IPPROTO_TCP, ALPROTO_SMB, "|ff|SMB", 8, 4, STREAM_TOSERVER);
|
||
|
/** SMB2 */
|
||
|
AlpProtoAdd(&ctx, IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOCLIENT);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, "smb2", IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOCLIENT);
|
||
|
AlpProtoAdd(&ctx, "smb2", IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOSERVER);
|
||
|
AppLayerRegisterProbingParser(&ctx,
|
||
|
f.dp,
|
||
| ... | ... | |
|
AlpProtoInit(&ctx);
|
||
|
/** SMB */
|
||
|
AlpProtoAdd(&ctx, IPPROTO_TCP, ALPROTO_SMB, "|ff|SMB", 8, 4, STREAM_TOCLIENT);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_TCP, ALPROTO_SMB, "|ff|SMB", 8, 4, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, "smb", IPPROTO_TCP, ALPROTO_SMB, "|ff|SMB", 8, 4, STREAM_TOCLIENT);
|
||
|
AlpProtoAdd(&ctx, "smb", IPPROTO_TCP, ALPROTO_SMB, "|ff|SMB", 8, 4, STREAM_TOSERVER);
|
||
|
/** SMB2 */
|
||
|
AlpProtoAdd(&ctx, IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOCLIENT);
|
||
|
AlpProtoAdd(&ctx, IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&ctx, "smb2", IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOCLIENT);
|
||
|
AlpProtoAdd(&ctx, "smb2", IPPROTO_TCP, ALPROTO_SMB2, "|fe|SMB", 8, 4, STREAM_TOSERVER);
|
||
|
AppLayerRegisterProbingParser(&ctx,
|
||
|
f.dp,
|
||
| src/app-layer-smtp.c | ||
|---|---|---|
|
*/
|
||
|
void RegisterSMTPParsers(void)
|
||
|
{
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMTP, "EHLO", 4, 0,
|
||
|
char *proto_name = "smtp";
|
||
|
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_SMTP, "EHLO", 4, 0,
|
||
|
STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMTP, "HELO", 4, 0,
|
||
|
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_SMTP, "HELO", 4, 0,
|
||
|
STREAM_TOSERVER);
|
||
|
AppLayerRegisterStateFuncs(ALPROTO_SMTP, SMTPStateAlloc, SMTPStateFree);
|
||
|
AppLayerRegisterProto("smtp", ALPROTO_SMTP, STREAM_TOSERVER,
|
||
|
AppLayerRegisterProto(proto_name, ALPROTO_SMTP, STREAM_TOSERVER,
|
||
|
SMTPParseClientRecord);
|
||
|
AppLayerRegisterProto("smtp", ALPROTO_SMTP, STREAM_TOCLIENT,
|
||
|
AppLayerRegisterProto(proto_name, ALPROTO_SMTP, STREAM_TOCLIENT,
|
||
|
SMTPParseServerRecord);
|
||
|
AppLayerDecoderEventsModuleRegister(ALPROTO_SMTP, smtp_decoder_event_table);
|
||
| src/app-layer-ssh.c | ||
|---|---|---|
|
*/
|
||
|
void RegisterSSHParsers(void)
|
||
|
{
|
||
|
char *proto_name = "ssh";
|
||
|
/** SSH */
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SSH, "SSH-", 4, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_SSH, "SSH-", 4, 0, STREAM_TOSERVER);
|
||
|
AppLayerRegisterProto("ssh", ALPROTO_SSH, STREAM_TOCLIENT,
|
||
|
AppLayerRegisterProto(proto_name, ALPROTO_SSH, STREAM_TOCLIENT,
|
||
|
SSHParseServerRecord);
|
||
|
AppLayerRegisterProto("ssh", ALPROTO_SSH, STREAM_TOSERVER,
|
||
|
AppLayerRegisterProto(proto_name, ALPROTO_SSH, STREAM_TOSERVER,
|
||
|
SSHParseClientRecord);
|
||
|
AppLayerRegisterStateFuncs(ALPROTO_SSH, SSHStateAlloc, SSHStateFree);
|
||
| src/app-layer-ssl.c | ||
|---|---|---|
|
*/
|
||
|
void RegisterSSLParsers(void)
|
||
|
{
|
||
|
char *proto_name = "tls";
|
||
|
/** SSLv2 and SSLv23*/
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|01 00 02|", 5, 2, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|01 00 02|", 5, 2, STREAM_TOSERVER);
|
||
|
/* subsection - SSLv2 style record by client, but informing the server the max
|
||
|
* version it supports */
|
||
|
/* Updated by Anoop Saldanha. Disabled it for now. We'll get back to it
|
||
| ... | ... | |
|
//AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|00 02|", 7, 5, STREAM_TOCLIENT);
|
||
|
/** SSLv3 */
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|01 03 00|", 3, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|16 03 00|", 3, 0, STREAM_TOSERVER); /* client hello */
|
||
|
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|01 03 00|", 3, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|16 03 00|", 3, 0, STREAM_TOSERVER); /* client hello */
|
||
|
/** TLSv1 */
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|01 03 01|", 3, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|16 03 01|", 3, 0, STREAM_TOSERVER); /* client hello */
|
||
|
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|01 03 01|", 3, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|16 03 01|", 3, 0, STREAM_TOSERVER); /* client hello */
|
||
|
/** TLSv1.1 */
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|01 03 02|", 3, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|16 03 02|", 3, 0, STREAM_TOSERVER); /* client hello */
|
||
|
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|01 03 02|", 3, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|16 03 02|", 3, 0, STREAM_TOSERVER); /* client hello */
|
||
|
/** TLSv1.2 */
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|01 03 03|", 3, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|16 03 03|", 3, 0, STREAM_TOSERVER); /* client hello */
|
||
|
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|01 03 03|", 3, 0, STREAM_TOSERVER);
|
||
|
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|16 03 03|", 3, 0, STREAM_TOSERVER); /* client hello */
|
||
|
AppLayerRegisterProto("tls", ALPROTO_TLS, STREAM_TOSERVER,
|
||
|
AppLayerRegisterProto(proto_name, ALPROTO_TLS, STREAM_TOSERVER,
|
||
|
SSLParseClientRecord);
|
||
|
AppLayerRegisterProto("tls", ALPROTO_TLS, STREAM_TOCLIENT,
|
||
|
AppLayerRegisterProto(proto_name, ALPROTO_TLS, STREAM_TOCLIENT,
|
||
|
SSLParseServerRecord);
|
||
|
AppLayerRegisterStateFuncs(ALPROTO_TLS, SSLStateAlloc, SSLStateFree);
|
||
| src/suricata.c | ||
|---|---|---|
|
#ifdef UNITTESTS
|
||
|
printf("\t-u : run the unittests and exit\n");
|
||
|
printf("\t-U, --unittest-filter=REGEX : filter unittests with a regex\n");
|
||
|
printf("\t--list-app-layer-protos : list supported app layer protocols\n");
|
||
|
printf("\t--list-unittests : list unit tests\n");
|
||
|
printf("\t--list-keywords : list all keywords implemented by the engine\n");
|
||
|
printf("\t--fatal-unittests : enable fatal failure on unittest error\n");
|
||
| ... | ... | |
|
char *regex_arg = NULL;
|
||
|
#endif
|
||
|
int dump_config = 0;
|
||
|
int list_app_layer_protocols = 0;
|
||
|
int list_unittests = 0;
|
||
|
int list_cuda_cards = 0;
|
||
|
int list_runmodes = 0;
|
||
| ... | ... | |
|
{"pcap", optional_argument, 0, 0},
|
||
|
{"pcap-buffer-size", required_argument, 0, 0},
|
||
|
{"unittest-filter", required_argument, 0, 'U'},
|
||
|
{"list-app-layer-protocols", 0, &list_app_layer_protocols, 1},
|
||
|
{"list-unittests", 0, &list_unittests, 1},
|
||
|
{"list-cuda-cards", 0, &list_cuda_cards, 1},
|
||
|
{"list-runmodes", 0, &list_runmodes, 1},
|
||
| ... | ... | |
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
}
|
||
|
else if(strcmp((long_opts[option_index]).name, "list-app-layer-protocols") == 0) {
|
||
|
/* listing all supported app layer protocols */
|
||
|
}
|
||
|
else if(strcmp((long_opts[option_index]).name, "list-unittests") == 0) {
|
||
|
#ifdef UNITTESTS
|
||
|
/* Set run_mode to unit tests. */
|
||
| ... | ... | |
|
TimeInit();
|
||
|
SupportFastPatternForSigMatchTypes();
|
||
|
/* load the pattern matchers */
|
||
|
MpmTableSetup();
|
||
|
/** \todo we need an api for these */
|
||
|
/* Load yaml configuration file if provided. */
|
||
|
if (conf_filename != NULL) {
|
||
|
if (ConfYamlLoadFile(conf_filename) != 0) {
|
||
| ... | ... | |
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
AppLayerDetectProtoThreadInit();
|
||
|
if (list_app_layer_protocols) {
|
||
|
AppLayerListSupportedProtocols();
|
||
|
exit(EXIT_SUCCESS);
|
||
|
}
|
||
|
AppLayerParsersInitPostProcess();
|
||
|
if (dump_config) {
|
||
|
ConfDump();
|
||
|
exit(EXIT_SUCCESS);
|
||
| ... | ... | |
|
}
|
||
|
/* hardcoded initialization code */
|
||
|
MpmTableSetup(); /* load the pattern matchers */
|
||
|
SigTableSetup(); /* load the rule keywords */
|
||
|
if (list_keywords) {
|
||
|
SigTableList();
|
||
| ... | ... | |
|
AppLayerHtpNeedFileInspection();
|
||
|
/** \todo we need an api for these */
|
||
|
AppLayerDetectProtoThreadInit();
|
||
|
AppLayerParsersInitPostProcess();
|
||
|
#ifdef UNITTESTS
|
||
|
if (run_mode == RUNMODE_UNITTEST) {
|
||
- « Previous
- 1
- 2
- Next »