/**
* \brief Registration function for keyword: file_data
*/
void DetectFiledataRegister(void)
{
sigmatch_table[DETECT_FILE_DATA].name = "file_data";
sigmatch_table[DETECT_FILE_DATA].desc = "make content keywords match on HTTP response body";
sigmatch_table[DETECT_FILE_DATA].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#file-data";
sigmatch_table[DETECT_FILE_DATA].Match = NULL;
sigmatch_table[DETECT_FILE_DATA].Setup = DetectFiledataSetup;
sigmatch_table[DETECT_FILE_DATA].Free = NULL;
sigmatch_table[DETECT_FILE_DATA].RegisterTests = DetectFiledataRegisterTests;
sigmatch_table[DETECT_FILE_DATA].flags = SIGMATCH_NOOPT;
DetectAppLayerMpmRegister("file_data", SIG_FLAG_TOSERVER, 2,
PrefilterTxSmtpFiledataRegister);
DetectAppLayerMpmRegister("file_data", SIG_FLAG_TOCLIENT, 2,
PrefilterTxHttpResponseBodyRegister);
DetectAppLayerInspectEngineRegister("file_data",
ALPROTO_HTTP, SIG_FLAG_TOCLIENT, HTP_RESPONSE_BODY,
DetectEngineInspectHttpServerBody);
DetectAppLayerInspectEngineRegister("file_data",
ALPROTO_SMTP, SIG_FLAG_TOSERVER, 0,
DetectEngineInspectSMTPFiledata);
DetectBufferTypeRegisterSetupCallback("file_data",
DetectFiledataSetupCallback);
DetectBufferTypeSetDescriptionByName("file_data",
"http response body or smtp attachments data");
g_file_data_buffer_id = DetectBufferTypeGetByName("file_data");
}
/**
* \brief Registration function for keyword: http_uri
*/
void DetectHttpUriRegister (void)
{
sigmatch_table[DETECT_AL_HTTP_URI].name = "http_uri";
sigmatch_table[DETECT_AL_HTTP_URI].desc = "content modifier to match specifically and only on the HTTP uri-buffer";
sigmatch_table[DETECT_AL_HTTP_URI].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http-uri-and-http-raw-uri";
sigmatch_table[DETECT_AL_HTTP_URI].Match = NULL;
sigmatch_table[DETECT_AL_HTTP_URI].Setup = DetectHttpUriSetup;
sigmatch_table[DETECT_AL_HTTP_URI].Free = NULL;
sigmatch_table[DETECT_AL_HTTP_URI].RegisterTests = DetectHttpUriRegisterTests;
sigmatch_table[DETECT_AL_HTTP_URI].flags |= SIGMATCH_NOOPT;
DetectAppLayerMpmRegister("http_uri", SIG_FLAG_TOSERVER, 2,
PrefilterTxUriRegister);
DetectAppLayerInspectEngineRegister("http_uri",
ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE,
DetectEngineInspectHttpUri);
DetectBufferTypeSetDescriptionByName("http_uri",
"http request uri");
DetectBufferTypeRegisterSetupCallback("http_uri",
DetectHttpUriSetupCallback);
DetectBufferTypeRegisterValidateCallback("http_uri",
DetectHttpUriValidateCallback);
g_http_uri_buffer_id = DetectBufferTypeGetByName("http_uri");
}
/**
* \brief Registration function for keyword: http_stat_msg
*/
void DetectHttpStatMsgRegister (void)
{
sigmatch_table[DETECT_AL_HTTP_STAT_MSG].name = "http_stat_msg";
sigmatch_table[DETECT_AL_HTTP_STAT_MSG].desc = "content modifier to match on HTTP stat-msg-buffer";
sigmatch_table[DETECT_AL_HTTP_STAT_MSG].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http_stat-msg";
sigmatch_table[DETECT_AL_HTTP_STAT_MSG].Match = NULL;
sigmatch_table[DETECT_AL_HTTP_STAT_MSG].Setup = DetectHttpStatMsgSetup;
sigmatch_table[DETECT_AL_HTTP_STAT_MSG].Free = NULL;
sigmatch_table[DETECT_AL_HTTP_STAT_MSG].RegisterTests = DetectHttpStatMsgRegisterTests;
sigmatch_table[DETECT_AL_HTTP_STAT_MSG].flags |= SIGMATCH_NOOPT;
DetectAppLayerMpmRegister("http_stat_msg", SIG_FLAG_TOCLIENT, 3,
PrefilterTxHttpStatMsgRegister);
DetectAppLayerInspectEngineRegister("http_stat_msg",
ALPROTO_HTTP, SIG_FLAG_TOCLIENT, HTP_RESPONSE_LINE,
DetectEngineInspectHttpStatMsg);
DetectBufferTypeSetDescriptionByName("http_stat_msg",
"http response status message");
DetectBufferTypeRegisterSetupCallback("http_stat_msg",
DetectHttpStatMsgSetupCallback);
g_http_stat_msg_buffer_id = DetectBufferTypeGetByName("http_stat_msg");
}
/**
* \brief Registration function for keyword: http_method
*/
void DetectHttpMethodRegister(void)
{
sigmatch_table[DETECT_AL_HTTP_METHOD].name = "http_method";
sigmatch_table[DETECT_AL_HTTP_METHOD].desc = "content modifier to match only on the HTTP method-buffer";
sigmatch_table[DETECT_AL_HTTP_METHOD].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http-method";
sigmatch_table[DETECT_AL_HTTP_METHOD].Match = NULL;
sigmatch_table[DETECT_AL_HTTP_METHOD].Setup = DetectHttpMethodSetup;
sigmatch_table[DETECT_AL_HTTP_METHOD].Free = DetectHttpMethodFree;
sigmatch_table[DETECT_AL_HTTP_METHOD].RegisterTests = DetectHttpMethodRegisterTests;
sigmatch_table[DETECT_AL_HTTP_METHOD].flags |= SIGMATCH_NOOPT;
DetectAppLayerMpmRegister("http_method", SIG_FLAG_TOSERVER, 4,
PrefilterTxMethodRegister);
DetectAppLayerInspectEngineRegister("http_method",
ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE,
DetectEngineInspectHttpMethod);
DetectBufferTypeSetDescriptionByName("http_method",
"http request method");
DetectBufferTypeRegisterValidateCallback("http_method",
DetectHttpMethodValidateCallback);
g_http_method_buffer_id = DetectBufferTypeGetByName("http_method");
SCLogDebug("registering http_method rule option");
}
