C++ (Cpp) DetectTlsFingerprintParse Examples

Programming Language: C++ (Cpp)

Method/Function: DetectTlsFingerprintParse

Examples at hotexamples.com: 2

C++ (Cpp) DetectTlsFingerprintParse - 2 examples found. These are the top rated real world C++ (Cpp) examples of DetectTlsFingerprintParse extracted from open source projects. You can rate examples to help us improve the quality of examples.

Example #1

Show file

File: detect-tls.c Project: micsoftvn/suricata

/**
 * \brief this function is used to add the parsed "fingerprint" option
 * \brief into the current signature
 *
 * \param de_ctx pointer to the Detection Engine Context
 * \param s pointer to the Current Signature
 * \param id pointer to the user provided "fingerprint" option
 *
 * \retval 0 on Success
 * \retval -1 on Failure
 */
static int DetectTlsFingerprintSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
{
    DetectTlsData *tls = NULL;
    SigMatch *sm = NULL;

    if (DetectSignatureSetAppProto(s, ALPROTO_TLS) != 0)
        return -1;

    tls = DetectTlsFingerprintParse(str, s->init_data->negated);
    if (tls == NULL)
        goto error;

    /* Okay so far so good, lets get this into a SigMatch
     * and put it in the Signature. */
    sm = SigMatchAlloc();
    if (sm == NULL)
        goto error;

    sm->type = DETECT_AL_TLS_FINGERPRINT;
    sm->ctx = (void *)tls;

    SigMatchAppendSMToList(s, sm, g_tls_cert_list_id);
    return 0;

error:
    if (tls != NULL)
        DetectTlsFingerprintFree(tls);
    if (sm != NULL)
        SCFree(sm);
    return -1;

}

Example #2

Show file

File: detect-tls.c Project: BreakingTheory/suricata

/**
 * \brief this function is used to add the parsed "fingerprint" option
 * \brief into the current signature
 *
 * \param de_ctx pointer to the Detection Engine Context
 * \param s pointer to the Current Signature
 * \param id pointer to the user provided "fingerprint" option
 *
 * \retval 0 on Success
 * \retval -1 on Failure
 */
static int DetectTlsFingerprintSetup (DetectEngineCtx *de_ctx, Signature *s, char *str)
{
    DetectTlsData *tls = NULL;
    SigMatch *sm = NULL;

    tls = DetectTlsFingerprintParse(str);
    if (tls == NULL)
        goto error;

    /* Okay so far so good, lets get this into a SigMatch
     * and put it in the Signature. */
    sm = SigMatchAlloc();
    if (sm == NULL)
        goto error;

    if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_TLS) {
        SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords.");
        goto error;
    }

    sm->type = DETECT_AL_TLS_FINGERPRINT;
    sm->ctx = (void *)tls;

    s->flags |= SIG_FLAG_APPLAYER;
    s->alproto = ALPROTO_TLS;

    SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH);

    return 0;

error:
    if (tls != NULL)
        DetectTlsFingerprintFree(tls);
    if (sm != NULL)
        SCFree(sm);
    return -1;

}