Skip to content

Commit

Permalink
detect/sip: add sip.from sticky buffer
Browse files Browse the repository at this point in the history
Ticket OISF#6374
  • Loading branch information
glongo committed Apr 18, 2024
1 parent f9b7215 commit e061f30
Show file tree
Hide file tree
Showing 4 changed files with 65 additions and 0 deletions.
2 changes: 2 additions & 0 deletions src/Makefile.am
Original file line number Diff line number Diff line change
Expand Up @@ -290,6 +290,7 @@ noinst_HEADERS = \
detect-sameip.h \
detect-sid.h \
detect-sip-headers-stub.h \
detect-sip-from.h \
detect-sip-method.h \
detect-sip-protocol.h \
detect-sip-request-line.h \
Expand Down Expand Up @@ -904,6 +905,7 @@ libsuricata_c_a_SOURCES = \
detect-rpc.c \
detect-sameip.c \
detect-sid.c \
detect-sip-from.c \
detect-sip-method.c \
detect-sip-protocol.c \
detect-sip-request-line.c \
Expand Down
1 change: 1 addition & 0 deletions src/detect-engine-register.h
Original file line number Diff line number Diff line change
Expand Up @@ -275,6 +275,7 @@ enum DetectKeywordId {
DETECT_AL_SIP_STAT_MSG,
DETECT_AL_SIP_REQUEST_LINE,
DETECT_AL_SIP_RESPONSE_LINE,
DETECT_AL_SIP_HEADER_FROM,
DETECT_AL_RFB_SECRESULT,
DETECT_AL_RFB_SECTYPE,
DETECT_AL_RFB_NAME,
Expand Down
39 changes: 39 additions & 0 deletions src/detect-sip-from.c
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
/* Copyright (C) 2024 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/

/**
* \author Giuseppe Longo <giuseppe@glongo.it>
*
* Implements the sip.from sticky buffer
*/

#define KEYWORD_NAME "sip.from"
#define KEYWORD_DOC "sip-keywords.html#sip-from"
#define BUFFER_NAME "sip.from"
#define BUFFER_DESC "sip from header"
#define HEADER_NAME "From"
#define KEYWORD_ID DETECT_AL_SIP_HEADER_FROM
#define KEYWORD_TOSERVER 1
#define KEYWORD_TOCLIENT 1

#include "detect-sip-headers-stub.h"
#include "detect-sip-from.h"

void RegisterSipHeadersFrom(void)
{
DetectSipHeadersRegisterStub();
}
23 changes: 23 additions & 0 deletions src/detect-sip-from.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
/* Copyright (C) 2023 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/

#ifndef __DETECT_SIP_FROM_H__
#define __DETECT_SIP_FROM_H__

void RegisterSipHeadersFrom(void);

#endif /* __DETECT_SIP_FROM_H__ */

0 comments on commit e061f30

Please sign in to comment.