suricata中void DetectHttpUriRegister (void) { /* http_uri content modifier / sigmatch_table[DETECT_AL_HTTP_URI].name = "http_uri"; sigmatch_table[DETECT_AL_HTTP_URI].desc = "content modifier to match specifically and only on the HTTP uri-buffer"; sigmatch_table[DETECT_AL_HTTP_URI].url = "/rules/http-keywords.html#http-uri-and-http-uri-raw"; sigmatch_table[DETECT_AL_HTTP_URI].Setup = DetectHttpUriSetup; #ifdef UNITTESTS sigmatch_table[DETECT_AL_HTTP_URI].RegisterTests = DetectHttpUriRegisterTests; #endif sigmatch_table[DETECT_AL_HTTP_URI].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_CONTENT_MODIFIER; sigmatch_table[DETECT_AL_HTTP_URI].alternative = DETECT_HTTP_URI; / http.uri sticky buffer / sigmatch_table[DETECT_HTTP_URI].name = "http.uri"; sigmatch_table[DETECT_HTTP_URI].alias = "http.uri.normalized"; sigmatch_table[DETECT_HTTP_URI].desc = "sticky buffer to match specifically and only on the normalized HTTP URI buffer"; sigmatch_table[DETECT_HTTP_URI].url = "/rules/http-keywords.html#http-uri-and-http-uri-raw"; sigmatch_table[DETECT_HTTP_URI].Setup = DetectHttpUriSetupSticky; sigmatch_table[DETECT_HTTP_URI].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; DetectAppLayerInspectEngineRegister2("http_uri", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister2("http_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_REQUEST_LINE); DetectAppLayerInspectEngineRegister2("http_uri", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); DetectAppLayerMpmRegister2("http_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataClient); DetectBufferTypeSetDescriptionByName("http_uri", "http request uri"); DetectBufferTypeRegisterSetupCallback("http_uri", DetectHttpUriSetupCallback); DetectBufferTypeRegisterValidateCallback("http_uri", DetectHttpUriValidateCallback); g_http_uri_buffer_id = DetectBufferTypeGetByName("http_uri");
时间: 2024-01-24 12:18:07 浏览: 7
这段代码是关于Suricata中HTTP URI检测的注册函数。在这个函数中,首先注册了一个名为“http_uri”的内容修改器,用于匹配HTTP URI缓冲区。然后,注册了一个名为“http.uri”的粘性缓冲区,用于仅匹配标准化的HTTP URI缓冲区。接下来,注册了两个应用层检测引擎和两个多模式匹配引擎,用于HTTP1和HTTP2协议的请求行。最后,还注册了一个名为“http_uri”的缓冲区类型,并设置了相关的回调函数。通过这些注册和设置,Suricata能够检测到HTTP URI,并进行相应的处理。
相关问题
suricata中void DetectHttpUriRegister (void) { /* http_uri content modifier / sigmatch_table[DETECT_AL_HTTP_URI].name = "http_uri"; sigmatch_table[DETECT_AL_HTTP_URI].desc = "content modifier to match specifically and only on the HTTP uri-buffer"; sigmatch_table[DETECT_AL_HTTP_URI].url = "/rules/http-keywords.html#http-uri-and-http-uri-raw"; sigmatch_table[DETECT_AL_HTTP_URI].Setup = DetectHttpUriSetup; #ifdef UNITTESTS sigmatch_table[DETECT_AL_HTTP_URI].RegisterTests = DetectHttpUriRegisterTests; #endif sigmatch_table[DETECT_AL_HTTP_URI].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_CONTENT_MODIFIER; sigmatch_table[DETECT_AL_HTTP_URI].alternative = DETECT_HTTP_URI; / http.uri sticky buffer / sigmatch_table[DETECT_HTTP_URI].name = "http.uri"; sigmatch_table[DETECT_HTTP_URI].alias = "http.uri.normalized"; sigmatch_table[DETECT_HTTP_URI].desc = "sticky buffer to match specifically and only on the normalized HTTP URI buffer"; sigmatch_table[DETECT_HTTP_URI].url = "/rules/http-keywords.html#http-uri-and-http-uri-raw"; sigmatch_table[DETECT_HTTP_URI].Setup = DetectHttpUriSetupSticky; sigmatch_table[DETECT_HTTP_URI].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; DetectAppLayerInspectEngineRegister2("http_uri", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister2("http_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_REQUEST_LINE); DetectAppLayerInspectEngineRegister2("http_uri", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); DetectAppLayerMpmRegister2("http_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataClient); DetectBufferTypeSetDescriptionByName("http_uri", "http request uri"); DetectBufferTypeRegisterSetupCallback("http_uri", DetectHttpUriSetupCallback); DetectBufferTypeRegisterValidateCallback("http_uri", DetectHttpUriValidateCallback); g_http_uri_buffer_id = DetectBufferTypeGetByName("http_uri"); 每一句都加上详细的注释
这段代码是suricata中用于检测HTTP请求URI的函数,函数名为DetectHttpUriRegister。下面是每一句代码的详细注释:
```c
void DetectHttpUriRegister (void) {
/* 注册 http_uri 内容修改器 */
sigmatch_table[DETECT_AL_HTTP_URI].name = "http_uri";
sigmatch_table[DETECT_AL_HTTP_URI].desc = "content modifier to match specifically and only on the HTTP uri-buffer";
sigmatch_table[DETECT_AL_HTTP_URI].url = "/rules/http-keywords.html#http-uri-and-http-uri-raw";
sigmatch_table[DETECT_AL_HTTP_URI].Setup = DetectHttpUriSetup;
#ifdef UNITTESTS
sigmatch_table[DETECT_AL_HTTP_URI].RegisterTests = DetectHttpUriRegisterTests;
#endif
sigmatch_table[DETECT_AL_HTTP_URI].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_CONTENT_MODIFIER;
sigmatch_table[DETECT_AL_HTTP_URI].alternative = DETECT_HTTP_URI;
/* 注册 http.uri 粘滞缓冲区 */
sigmatch_table[DETECT_HTTP_URI].name = "http.uri";
sigmatch_table[DETECT_HTTP_URI].alias = "http.uri.normalized";
sigmatch_table[DETECT_HTTP_URI].desc = "sticky buffer to match specifically and only on the normalized HTTP URI buffer";
sigmatch_table[DETECT_HTTP_URI].url = "/rules/http-keywords.html#http-uri-and-http-uri-raw";
sigmatch_table[DETECT_HTTP_URI].Setup = DetectHttpUriSetupSticky;
sigmatch_table[DETECT_HTTP_URI].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER;
/* 注册 http_uri 应用层检测引擎 */
DetectAppLayerInspectEngineRegister2("http_uri", ALPROTO_HTTP1, SIG_FLAG_TOSERVER,
HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetData);
/* 注册 http_uri 多模式匹配 */
DetectAppLayerMpmRegister2("http_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister,
GetData, ALPROTO_HTTP1, HTP_REQUEST_LINE);
/* 注册 http_uri 应用层检测引擎 */
DetectAppLayerInspectEngineRegister2("http_uri", ALPROTO_HTTP2, SIG_FLAG_TOSERVER,
HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2);
/* 注册 http_uri 多模式匹配 */
DetectAppLayerMpmRegister2("http_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister,
GetData2, ALPROTO_HTTP2, HTTP2StateDataClient);
/* 设置 http_uri 缓冲区的描述信息 */
DetectBufferTypeSetDescriptionByName("http_uri", "http request uri");
/* 注册 http_uri 缓冲区的安装回调函数 */
DetectBufferTypeRegisterSetupCallback("http_uri", DetectHttpUriSetupCallback);
/* 注册 http_uri 缓冲区的验证回调函数 */
DetectBufferTypeRegisterValidateCallback("http_uri", DetectHttpUriValidateCallback);
/* 获取 http_uri 缓冲区的ID */
g_http_uri_buffer_id = DetectBufferTypeGetByName("http_uri");
}
```
总体来说,该函数主要是进行各种注册和设置操作,包括内容修改器的注册、粘滞缓冲区的注册、应用层检测引擎的注册、多模式匹配的注册、缓冲区的描述信息设置、安装回调函数的注册、验证回调函数的注册等。
/** * \brief We set the slot functions. * * \param tv Pointer to the TV to set the slot function for. * \param name Name of the slot variant. * \param fn_p Pointer to a custom slot function. Used only if slot variant * "name" is "custom". * * \retval TmEcode TM_ECODE_OK on success; TM_ECODE_FAILED on failure. 这是suricata的注释
这段注释是关于在Suricata中设置插槽函数的。插槽函数是用于处理不同类型数据的函数,例如IP包、TCP包等。
该函数的输入参数包括指向TV的指针和插槽变量的名称。如果插槽变量的名称为“custom”,则还需要提供一个指向自定义插槽函数的指针。
该函数的返回值为TmEcode类型的错误码,如果执行成功则返回TM_ECODE_OK,如果执行失败则返回TM_ECODE_FAILED。
相关推荐
![rar](https://img-home.csdnimg.cn/images/20210720083606.png)
![zip](https://img-home.csdnimg.cn/images/20210720083736.png)
![zip](https://img-home.csdnimg.cn/images/20210720083736.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)