suricata中void DetectHttpUriRegister (void) { /* http_uri content modifier / sigmatch_table[DETECT_AL_HTTP_URI].name = "http_uri"; sigmatch_table[DETECT_AL_HTTP_URI].desc = "content modifier to match specifically and only on the HTTP uri-buffer"; sigmatch_table[DETECT_AL_HTTP_URI].url = "/rules/http-keywords.html#http-uri-and-http-uri-raw"; sigmatch_table[DETECT_AL_HTTP_URI].Setup = DetectHttpUriSetup; #ifdef UNITTESTS sigmatch_table[DETECT_AL_HTTP_URI].RegisterTests = DetectHttpUriRegisterTests; #endif sigmatch_table[DETECT_AL_HTTP_URI].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_CONTENT_MODIFIER; sigmatch_table[DETECT_AL_HTTP_URI].alternative = DETECT_HTTP_URI; / http.uri sticky buffer / sigmatch_table[DETECT_HTTP_URI].name = "http.uri"; sigmatch_table[DETECT_HTTP_URI].alias = "http.uri.normalized"; sigmatch_table[DETECT_HTTP_URI].desc = "sticky buffer to match specifically and only on the normalized HTTP URI buffer"; sigmatch_table[DETECT_HTTP_URI].url = "/rules/http-keywords.html#http-uri-and-http-uri-raw"; sigmatch_table[DETECT_HTTP_URI].Setup = DetectHttpUriSetupSticky; sigmatch_table[DETECT_HTTP_URI].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; DetectAppLayerInspectEngineRegister2("http_uri", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister2("http_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_REQUEST_LINE); DetectAppLayerInspectEngineRegister2("http_uri", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); DetectAppLayerMpmRegister2("http_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataClient); DetectBufferTypeSetDescriptionByName("http_uri", "http request uri"); DetectBufferTypeRegisterSetupCallback("http_uri", DetectHttpUriSetupCallback); DetectBufferTypeRegisterValidateCallback("http_uri", DetectHttpUriValidateCallback); g_http_uri_buffer_id = DetectBufferTypeGetByName("http_uri"); 每一句都加上详细的注释
时间: 2024-01-24 19:17:25 浏览: 40
这段代码是suricata中用于检测HTTP请求URI的函数,函数名为DetectHttpUriRegister。下面是每一句代码的详细注释:
```c
void DetectHttpUriRegister (void) {
/* 注册 http_uri 内容修改器 */
sigmatch_table[DETECT_AL_HTTP_URI].name = "http_uri";
sigmatch_table[DETECT_AL_HTTP_URI].desc = "content modifier to match specifically and only on the HTTP uri-buffer";
sigmatch_table[DETECT_AL_HTTP_URI].url = "/rules/http-keywords.html#http-uri-and-http-uri-raw";
sigmatch_table[DETECT_AL_HTTP_URI].Setup = DetectHttpUriSetup;
#ifdef UNITTESTS
sigmatch_table[DETECT_AL_HTTP_URI].RegisterTests = DetectHttpUriRegisterTests;
#endif
sigmatch_table[DETECT_AL_HTTP_URI].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_CONTENT_MODIFIER;
sigmatch_table[DETECT_AL_HTTP_URI].alternative = DETECT_HTTP_URI;
/* 注册 http.uri 粘滞缓冲区 */
sigmatch_table[DETECT_HTTP_URI].name = "http.uri";
sigmatch_table[DETECT_HTTP_URI].alias = "http.uri.normalized";
sigmatch_table[DETECT_HTTP_URI].desc = "sticky buffer to match specifically and only on the normalized HTTP URI buffer";
sigmatch_table[DETECT_HTTP_URI].url = "/rules/http-keywords.html#http-uri-and-http-uri-raw";
sigmatch_table[DETECT_HTTP_URI].Setup = DetectHttpUriSetupSticky;
sigmatch_table[DETECT_HTTP_URI].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER;
/* 注册 http_uri 应用层检测引擎 */
DetectAppLayerInspectEngineRegister2("http_uri", ALPROTO_HTTP1, SIG_FLAG_TOSERVER,
HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetData);
/* 注册 http_uri 多模式匹配 */
DetectAppLayerMpmRegister2("http_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister,
GetData, ALPROTO_HTTP1, HTP_REQUEST_LINE);
/* 注册 http_uri 应用层检测引擎 */
DetectAppLayerInspectEngineRegister2("http_uri", ALPROTO_HTTP2, SIG_FLAG_TOSERVER,
HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2);
/* 注册 http_uri 多模式匹配 */
DetectAppLayerMpmRegister2("http_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister,
GetData2, ALPROTO_HTTP2, HTTP2StateDataClient);
/* 设置 http_uri 缓冲区的描述信息 */
DetectBufferTypeSetDescriptionByName("http_uri", "http request uri");
/* 注册 http_uri 缓冲区的安装回调函数 */
DetectBufferTypeRegisterSetupCallback("http_uri", DetectHttpUriSetupCallback);
/* 注册 http_uri 缓冲区的验证回调函数 */
DetectBufferTypeRegisterValidateCallback("http_uri", DetectHttpUriValidateCallback);
/* 获取 http_uri 缓冲区的ID */
g_http_uri_buffer_id = DetectBufferTypeGetByName("http_uri");
}
```
总体来说,该函数主要是进行各种注册和设置操作,包括内容修改器的注册、粘滞缓冲区的注册、应用层检测引擎的注册、多模式匹配的注册、缓冲区的描述信息设置、安装回调函数的注册、验证回调函数的注册等。
相关推荐
![rar](https://img-home.csdnimg.cn/images/20210720083606.png)
![zip](https://img-home.csdnimg.cn/images/20210720083736.png)
![zip](https://img-home.csdnimg.cn/images/20210720083736.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)