Project

General

Profile

Download (25.4 KB)

Feature #414 » 0001-feature-414-support-listing-supported-keywords.-Remo.patch

Anoop Saldanha, 02/15/2012 11:31 AM

View differences:

src/detect-engine-address.c
#include "util-debug.h"
#include "util-print.h"
void DetectAddressTests(void);
void DetectAddressRegister(void)
{
sigmatch_table[DETECT_ADDRESS].name = "__address__";
sigmatch_table[DETECT_ADDRESS].Match = NULL;
sigmatch_table[DETECT_ADDRESS].Setup = NULL;
sigmatch_table[DETECT_ADDRESS].Free = NULL;
sigmatch_table[DETECT_ADDRESS].RegisterTests = DetectAddressTests;
}
/* prototypes */
void DetectAddressPrint(DetectAddress *);
static int DetectAddressCutNot(DetectAddress *, DetectAddress **);
src/detect-engine-address.h
int DetectAddressMatchIPv4(DetectMatchAddressIPv4 *, uint16_t, Address *);
int DetectAddressMatchIPv6(DetectMatchAddressIPv6 *, uint16_t, Address *);
void DetectAddressTests(void);
#endif /* __DETECT_ADDRESS_H__ */
src/detect-engine-port.c
#include "util-debug.h"
#include "util-error.h"
void DetectPortTests(void);
static int DetectPortCutNot(DetectPort *, DetectPort **);
static int DetectPortCut(DetectEngineCtx *, DetectPort *, DetectPort *,
DetectPort **);
......
static uint32_t detect_port_init_cnt = 0;
static uint32_t detect_port_free_cnt = 0;
/** DetectPort module registration */
void DetectPortRegister(void) {
sigmatch_table[DETECT_PORT].name = "__port__";
sigmatch_table[DETECT_PORT].Match = NULL;
sigmatch_table[DETECT_PORT].Setup = NULL;
sigmatch_table[DETECT_PORT].Free = NULL;
sigmatch_table[DETECT_PORT].RegisterTests = DetectPortTests;
}
/**
* \brief Alloc a DetectPort structure and update counters
*
src/detect-engine-port.h
#define __DETECT_PORT_H__
/* prototypes */
void DetectPortRegister (void);
int DetectPortParse(DetectPort **head, char *str);
DetectPort *DetectPortCopy(DetectEngineCtx *, DetectPort *);
......
int DetectPortCmp(DetectPort *, DetectPort *);
void DetectPortFree(DetectPort *);
void DetectPortTests(void);
#endif /* __DETECT_PORT_H__ */
src/detect-engine-proto.c
#include "util-unittest-helper.h"
#include "util-debug.h"
/*Prototypes*/
void DetectProtoTests (void);
/**
* \brief To register the protocol detection function
*/
void DetectProtoRegister (void)
{
sigmatch_table[DETECT_PROTO].name = "__proto__";
sigmatch_table[DETECT_PROTO].Match = NULL;
sigmatch_table[DETECT_PROTO].Setup = NULL;
sigmatch_table[DETECT_PROTO].Free = NULL;
sigmatch_table[DETECT_PROTO].RegisterTests = DetectProtoTests;
}
/**
* \brief Function to initialize the protocol detection and
* allocate memory to the DetectProto structure.
src/detect-engine-proto.h
} DetectProto;
/* prototypes */
void DetectProtoRegister (void);
int DetectProtoParse(DetectProto *dp, char *str);
int DetectProtoContainsProto(DetectProto *, int);
void DetectProtoTests(void);
#endif /* __DETECT_PROTO_H__ */
src/detect-pcre.c
sigmatch_table[DETECT_PCRE].flags |= SIGMATCH_PAYLOAD;
sigmatch_table[DETECT_PCRE_HTTPCOOKIE].name = "__pcre_http_cookie__"; /* not a real keyword */
sigmatch_table[DETECT_PCRE_HTTPCOOKIE].Match = NULL;
sigmatch_table[DETECT_PCRE_HTTPCOOKIE].AppLayerMatch = DetectPcreALMatchCookie;
sigmatch_table[DETECT_PCRE_HTTPCOOKIE].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_PCRE_HTTPCOOKIE].Setup = NULL;
sigmatch_table[DETECT_PCRE_HTTPCOOKIE].Free = DetectPcreFree;
sigmatch_table[DETECT_PCRE_HTTPCOOKIE].RegisterTests = NULL;
sigmatch_table[DETECT_PCRE_HTTPCOOKIE].flags |= SIGMATCH_PAYLOAD;
sigmatch_table[DETECT_PCRE_HTTPMETHOD].name = "__pcre_http_method__"; /* not a real keyword */
sigmatch_table[DETECT_PCRE_HTTPMETHOD].Match = NULL;
sigmatch_table[DETECT_PCRE_HTTPMETHOD].AppLayerMatch = DetectPcreALMatchMethod;
sigmatch_table[DETECT_PCRE_HTTPMETHOD].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_PCRE_HTTPMETHOD].Setup = NULL;
sigmatch_table[DETECT_PCRE_HTTPMETHOD].Free = DetectPcreFree;
sigmatch_table[DETECT_PCRE_HTTPMETHOD].RegisterTests = NULL;
sigmatch_table[DETECT_PCRE_HTTPMETHOD].flags |= SIGMATCH_PAYLOAD;
const char *eb;
int eo;
int opts = 0;
......
//if (pe->flags & DETECT_PCRE_HTTP_BODY_AL)
// SCReturnInt(0);
if (s->flags & SIG_FLAG_RECURSIVE) {
ptr = payload + det_ctx->buffer_offset;
len = payload_len - det_ctx->buffer_offset;
} else if (pe->flags & DETECT_PCRE_RELATIVE) {
if (pe->flags & DETECT_PCRE_RELATIVE) {
ptr = payload + det_ctx->buffer_offset;
len = payload_len - det_ctx->buffer_offset;
} else {
......
if (pe->flags & DETECT_PCRE_HTTP_CLIENT_BODY)
SCReturnInt(0);
if (s->flags & SIG_FLAG_RECURSIVE) {
ptr = p->payload + det_ctx->buffer_offset;
len = p->payload_len - det_ctx->buffer_offset;
} else if (pe->flags & DETECT_PCRE_RELATIVE) {
if (pe->flags & DETECT_PCRE_RELATIVE) {
ptr = p->payload + det_ctx->buffer_offset;
len = p->payload_len - det_ctx->buffer_offset;
if (ptr == NULL || len == 0)
......
if (pe->flags & DETECT_PCRE_HTTP_CLIENT_BODY)
SCReturnInt(0);
if (s->flags & SIG_FLAG_RECURSIVE) {
ptr = data + det_ctx->buffer_offset;
len = data_len - det_ctx->buffer_offset;
} else if (pe->flags & DETECT_PCRE_RELATIVE) {
if (pe->flags & DETECT_PCRE_RELATIVE) {
ptr = data + det_ctx->buffer_offset;
len = data_len - det_ctx->buffer_offset;
if (ptr == NULL || len == 0)
src/detect-recursive.c
/* Copyright (C) 2007-2010 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/**
* \file
*
* \author Victor Julien <victor@inliniac.net>
*
* Implements recursive keyword support
*
* Used to capture variables recursively in a payload,
* used for example to extract http_uri for uricontent.
*
* Note: non Snort compatible.
*/
#include "suricata-common.h"
#include "decode.h"
#include "detect.h"
#include "flow-var.h"
static int DetectRecursiveSetup (DetectEngineCtx *, Signature *, char *);
void DetectRecursiveRegister (void) {
sigmatch_table[DETECT_RECURSIVE].name = "recursive";
sigmatch_table[DETECT_RECURSIVE].Match = NULL;
sigmatch_table[DETECT_RECURSIVE].Setup = DetectRecursiveSetup;
sigmatch_table[DETECT_RECURSIVE].Free = NULL;
sigmatch_table[DETECT_RECURSIVE].RegisterTests = NULL;
sigmatch_table[DETECT_RECURSIVE].flags |= SIGMATCH_NOOPT;
}
static int DetectRecursiveSetup (DetectEngineCtx *de_ctx, Signature *s, char *nullstr)
{
if (nullstr != NULL) {
printf("DetectRecursiveSetup: recursive has no value\n");
return -1;
}
s->flags |= SIG_FLAG_RECURSIVE;
return 0;
}
src/detect-recursive.h
/* Copyright (C) 2007-2010 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/**
* \file
*
* \author Victor Julien <victor@inliniac.net>
*/
#ifndef __DETECT_RECURSIVE_H__
#define __DETECT_RECURSIVE_H__
/* prototypes */
void DetectRecursiveRegister (void);
#endif /* __DETECT_RECURSIVE_H__ */
src/detect.c
#include "detect-pcre.h"
#include "detect-depth.h"
#include "detect-nocase.h"
#include "detect-recursive.h"
#include "detect-rawbytes.h"
#include "detect-bytetest.h"
#include "detect-bytejump.h"
......
case DETECT_AL_HTTP_RAW_HEADER:
case DETECT_AL_HTTP_URI:
case DETECT_AL_HTTP_RAW_URI:
case DETECT_PCRE_HTTPBODY:
case DETECT_PCRE_HTTPHEADER:
s->mask |= SIG_MASK_REQUIRE_HTTP_STATE;
SCLogDebug("sig requires dce http state");
break;
......
return 0;
}
void SigTableList(void)
{
size_t size = sizeof(sigmatch_table) / sizeof(SigTableElmt);
size_t i;
printf("=====Supported keywords=====\n");
for (i = 0; i < size; i++) {
if (sigmatch_table[i].name != NULL)
printf("- %s\n", sigmatch_table[i].name);
}
return;
}
void SigTableSetup(void) {
memset(sigmatch_table, 0, sizeof(sigmatch_table));
DetectAddressRegister();
DetectProtoRegister();
DetectPortRegister();
DetectSidRegister();
DetectPriorityRegister();
DetectRevRegister();
......
DetectPcreRegister();
DetectDepthRegister();
DetectNocaseRegister();
DetectRecursiveRegister();
DetectRawbytesRegister();
DetectBytetestRegister();
DetectBytejumpRegister();
......
Packet *p = UTHBuildPacket( buf, buflen, IPPROTO_TCP);
int result = 0;
char sig[] = "alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:1;)";
char sig[] = "alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; sid:1;)";
if (UTHPacketMatchSigMpm(p, sig, mpm_type) == 0) {
result = 0;
goto end;
......
de_ctx->mpm_matcher = mpm_type;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:1;)");
de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; sid:1;)");
if (de_ctx->sig_list == NULL) {
result = 0;
goto end;
......
de_ctx->mpm_matcher = mpm_type;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:1;)");
de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; sid:1;)");
if (de_ctx->sig_list == NULL) {
result = 0;
goto end;
......
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:1;)");
de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; sid:1;)");
if (de_ctx->sig_list == NULL) {
result = 0;
goto end;
......
}
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any 456 (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:1;)");
de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any 456 (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; sid:1;)");
if (de_ctx->sig_list == NULL) {
result = 0;
goto end;
}
de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any 1:1000 (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:2;)");
de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any 1:1000 (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; sid:2;)");
if (de_ctx->sig_list->next == NULL) {
result = 0;
goto end;
......
}
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> 1.2.3.4 456 (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:1;)");
de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> 1.2.3.4 456 (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; sid:1;)");
if (de_ctx->sig_list == NULL) {
result = 0;
goto end;
}
de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> 1.2.3.3-1.2.3.6 1:1000 (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:2;)");
de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> 1.2.3.3-1.2.3.6 1:1000 (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; sid:2;)");
if (de_ctx->sig_list->next == NULL) {
result = 0;
goto end;
}
de_ctx->sig_list->next->next = SigInit(de_ctx,"alert tcp any any -> !1.2.3.5 1:990 (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; recursive; sid:3;)");
de_ctx->sig_list->next->next = SigInit(de_ctx,"alert tcp any any -> !1.2.3.5 1:990 (msg:\"HTTP URI cap\"; content:\"GET \"; depth:4; pcre:\"/GET (?P<pkt_http_uri>.*) HTTP\\/\\d\\.\\d\\r\\n/G\"; sid:3;)");
if (de_ctx->sig_list->next->next == NULL) {
result = 0;
goto end;
src/detect.h
} DetectPort;
/* Signature flags */
#define SIG_FLAG_RECURSIVE (1) /**< recursive capturing enabled */
#define SIG_FLAG_SRC_ANY (1) /**< source is any */
#define SIG_FLAG_DST_ANY (1<<1) /**< destination is any */
#define SIG_FLAG_SP_ANY (1<<2) /**< source port is any */
#define SIG_FLAG_DP_ANY (1<<3) /**< destination port is any */
#define SIG_FLAG_SRC_ANY (1<<1) /**< source is any */
#define SIG_FLAG_DST_ANY (1<<2) /**< destination is any */
#define SIG_FLAG_SP_ANY (1<<3) /**< source port is any */
#define SIG_FLAG_DP_ANY (1<<4) /**< destination port is any */
#define SIG_FLAG_NOALERT (1<<4) /**< no alert flag is set */
#define SIG_FLAG_DSIZE (1<<5) /**< signature has a dsize setting */
#define SIG_FLAG_APPLAYER (1<<6) /**< signature applies to app layer instead of packets */
#define SIG_FLAG_IPONLY (1<<7) /**< ip only signature */
#define SIG_FLAG_NOALERT (1<<5) /**< no alert flag is set */
#define SIG_FLAG_DSIZE (1<<6) /**< signature has a dsize setting */
#define SIG_FLAG_APPLAYER (1<<7) /**< signature applies to app layer instead of packets */
#define SIG_FLAG_IPONLY (1<<8) /**< ip only signature */
#define SIG_FLAG_STATE_MATCH (1<<8) /**< signature has matches that require stateful inspection */
#define SIG_FLAG_STATE_MATCH (1<<9) /**< signature has matches that require stateful inspection */
#define SIG_FLAG_REQUIRE_PACKET (1<<9) /**< signature is requiring packet match */
#define SIG_FLAG_REQUIRE_STREAM (1<<10) /**< signature is requiring stream match */
#define SIG_FLAG_REQUIRE_PACKET (1<<10) /**< signature is requiring packet match */
#define SIG_FLAG_REQUIRE_STREAM (1<<11) /**< signature is requiring stream match */
#define SIG_FLAG_MPM_PACKET (1<<11)
#define SIG_FLAG_MPM_PACKET_NEG (1<<12)
#define SIG_FLAG_MPM_STREAM (1<<13)
#define SIG_FLAG_MPM_STREAM_NEG (1<<14)
#define SIG_FLAG_MPM_HTTP (1<<15)
#define SIG_FLAG_MPM_HTTP_NEG (1<<16)
#define SIG_FLAG_MPM_PACKET (1<<12)
#define SIG_FLAG_MPM_PACKET_NEG (1<<13)
#define SIG_FLAG_MPM_STREAM (1<<14)
#define SIG_FLAG_MPM_STREAM_NEG (1<<15)
#define SIG_FLAG_MPM_HTTP (1<<16)
#define SIG_FLAG_MPM_HTTP_NEG (1<<17)
#define SIG_FLAG_REQUIRE_FLOWVAR (1<<17) /**< signature can only match if a flowbit, flowvar or flowint is available. */
#define SIG_FLAG_REQUIRE_FLOWVAR (1<<18) /**< signature can only match if a flowbit, flowvar or flowint is available. */
#define SIG_FLAG_FILESTORE (1<<18) /**< signature has filestore keyword */
#define SIG_FLAG_FILESTORE (1<<19) /**< signature has filestore keyword */
#define SIG_FLAG_TOSERVER (1<<20)
#define SIG_FLAG_TOCLIENT (1<<21)
#define SIG_FLAG_TOSERVER (1<<19)
#define SIG_FLAG_TOCLIENT (1<<20)
/* signature init flags */
#define SIG_FLAG_INIT_DEONLY 1 /**< decode event only signature */
......
DETECT_CONTENT,
DETECT_URICONTENT,
DETECT_PCRE,
DETECT_PCRE_HTTPBODY,
DETECT_PCRE_HTTPCOOKIE,
DETECT_PCRE_HTTPHEADER,
DETECT_PCRE_HTTPMETHOD,
DETECT_ACK,
DETECT_SEQ,
DETECT_DEPTH,
......
DETECT_REPLACE,
DETECT_NOCASE,
DETECT_FAST_PATTERN,
DETECT_RECURSIVE,
DETECT_RAWBYTES,
DETECT_BYTETEST,
DETECT_BYTEJUMP,
......
DETECT_ICMP_SEQ,
DETECT_DETECTION_FILTER,
DETECT_ADDRESS,
DETECT_PROTO,
DETECT_PORT,
DETECT_DECODE_EVENT,
DETECT_IPOPTS,
DETECT_FLAGS,
......
void SigAddressPrepareBidirectionals (DetectEngineCtx *);
int SigLoadSignatures (DetectEngineCtx *, char *, int);
void SigTableList(void);
void SigTableSetup(void);
int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, Packet *p);
src/suricata.c
#include "detect-parse.h"
#include "detect-engine.h"
#include "detect-engine-address.h"
#include "detect-engine-proto.h"
#include "detect-engine-port.h"
#include "detect-engine-mpm.h"
#include "detect-engine-sigorder.h"
#include "detect-engine-payload.h"
......
printf("\t-u : run the unittests and exit\n");
printf("\t-U, --unittest-filter=REGEX : filter unittests with a regex\n");
printf("\t--list-unittests : list unit tests\n");
printf("\t--list-keywords : list all keywords implemented by the engine\n");
printf("\t--fatal-unittests : enable fatal failure on unittest error\n");
#endif /* UNITTESTS */
#ifdef __SC_CUDA_SUPPORT__
......
int list_unittests = 0;
int list_cuda_cards = 0;
int list_runmodes = 0;
int list_keywords = 0;
const char *runmode_custom_mode = NULL;
int daemon = 0;
#ifndef OS_WIN32
......
{"list-unittests", 0, &list_unittests, 1},
{"list-cuda-cards", 0, &list_cuda_cards, 1},
{"list-runmodes", 0, &list_runmodes, 1},
{"list-keywords", 0, &list_keywords, 1},
{"runmode", required_argument, NULL, 0},
{"engine-analysis", 0, &engine_analysis, 1},
#ifdef OS_WIN32
......
} else if (strcmp((long_opts[option_index]).name, "list-runmodes") == 0) {
RunModeListRunmodes();
exit(EXIT_SUCCESS);
} else if (strcmp((long_opts[option_index]).name, "list-keywords") == 0) {
// do nothing
} else if (strcmp((long_opts[option_index]).name, "runmode") == 0) {
runmode_custom_mode = optarg;
} else if(strcmp((long_opts[option_index]).name, "engine-analysis") == 0) {
......
}
}
} else if (run_mode != RUNMODE_UNITTEST){
} else if (run_mode != RUNMODE_UNITTEST &&
!list_keywords){
SCLogError(SC_ERR_OPENING_FILE, "Configuration file has not been provided");
usage(argv[0]);
exit(EXIT_FAILURE);
......
DefragInit();
if (run_mode == RUNMODE_UNKNOWN) {
if (!engine_analysis) {
if (!engine_analysis && !list_keywords) {
usage(argv[0]);
exit(EXIT_FAILURE);
}
......
/* hardcoded initialization code */
MpmTableSetup(); /* load the pattern matchers */
SigTableSetup(); /* load the rule keywords */
if (list_keywords) {
SigTableList();
exit(EXIT_FAILURE);
}
TmqhSetup();
CIDRInit();
SigParsePrepare();
//PatternMatchPrepare(mpm_ctx, MPM_B2G);
......
SMTPParserRegisterTests();
MagicRegisterTests();
UtilMiscRegisterTests();
DetectAddressTests();
DetectProtoTests();
DetectPortTests();
if (list_unittests) {
UtListTests(regex_arg);
}
(1-1/2)