|
suricata
|
|
suricata
|
#include "suricata-common.h"#include "threads.h"#include "decode.h"#include "app-layer.h"#include "app-layer-protos.h"#include "app-layer-parser.h"#include "app-layer-smtp.h"#include "detect.h"#include "detect-parse.h"#include "detect-engine.h"#include "detect-engine-state.h"#include "detect-app-layer-event.h"#include "flow.h"#include "flow-var.h"#include "flow-util.h"#include "decode-events.h"#include "util-byte.h"#include "util-debug.h"#include "util-unittest.h"#include "util-unittest-helper.h"#include "stream-tcp-util.h"#include "stream-tcp-private.h"#include "stream-tcp-reassemble.h"#include "stream-tcp.h"
Go to the source code of this file.
Macros | |
| #define | MAX_ALPROTO_NAME 50 |
| #define | APP_LAYER_EVENT_TEST_MAP_EVENT1 0 |
| #define | APP_LAYER_EVENT_TEST_MAP_EVENT2 1 |
| #define | APP_LAYER_EVENT_TEST_MAP_EVENT3 2 |
| #define | APP_LAYER_EVENT_TEST_MAP_EVENT4 3 |
| #define | APP_LAYER_EVENT_TEST_MAP_EVENT5 4 |
| #define | APP_LAYER_EVENT_TEST_MAP_EVENT6 5 |
Functions | |
| void | DetectAppLayerEventRegister (void) |
| Registers the keyword handlers for the "app-layer-event" keyword. More... | |
| int | DetectAppLayerEventPrepare (Signature *s) |
Variables | |
| SCEnumCharMap | app_layer_event_test_map [] |
Definition in file detect-app-layer-event.c.
| #define APP_LAYER_EVENT_TEST_MAP_EVENT1 0 |
Definition at line 386 of file detect-app-layer-event.c.
| #define APP_LAYER_EVENT_TEST_MAP_EVENT2 1 |
Definition at line 387 of file detect-app-layer-event.c.
| #define APP_LAYER_EVENT_TEST_MAP_EVENT3 2 |
Definition at line 388 of file detect-app-layer-event.c.
| #define APP_LAYER_EVENT_TEST_MAP_EVENT4 3 |
Definition at line 389 of file detect-app-layer-event.c.
| #define APP_LAYER_EVENT_TEST_MAP_EVENT5 4 |
Definition at line 390 of file detect-app-layer-event.c.
| #define APP_LAYER_EVENT_TEST_MAP_EVENT6 5 |
Definition at line 391 of file detect-app-layer-event.c.
| #define MAX_ALPROTO_NAME 50 |
Definition at line 49 of file detect-app-layer-event.c.
Referenced by DetectAppLayerEventRegister().
| int DetectAppLayerEventPrepare | ( | Signature * | s | ) |
Definition at line 349 of file detect-app-layer-event.c.
References Signature_::init_data, SigMatch_::next, SigMatch_::prev, SigMatchFree(), SignatureInitData_::smlists, and SignatureInitData_::smlists_tail.
Referenced by SigMatchList2DataArray().
| void DetectAppLayerEventRegister | ( | void | ) |
Registers the keyword handlers for the "app-layer-event" keyword.
Definition at line 66 of file detect-app-layer-event.c.
References DetectAppLayerEventData_::alproto, Flow_::alproto, ALPROTO_UNKNOWN, APP_LAYER_EVENT_TYPE_PACKET, Packet_::app_layer_events, AppLayerGetPktEventInfo(), AppLayerGetProtoByName(), AppLayerParserGetEventInfo(), AppLayerParserGetEventsByTx(), AppLayerParserGetStateProgress(), AppLayerParserGetStateProgressCompletionStatus(), DetectAppLayerEventData_::arg, SigMatch_::ctx, SigMatchData_::ctx, DETECT_AL_APP_LAYER_EVENT, DETECT_ENGINE_INSPECT_SIG_CANT_MATCH, DETECT_ENGINE_INSPECT_SIG_MATCH, DETECT_ENGINE_INSPECT_SIG_NO_MATCH, DETECT_SM_LIST_MATCH, DetectAppLayerInspectEngineRegister(), DetectBufferTypeGetByName(), DetectEngineGetEventInfo(), DetectSignatureSetAppProto(), DetectAppLayerEventData_::event_id, event_type, FALSE, flags, Signature_::flags, SigTableElmt_::Free, SigMatchData_::is_last, KEYWORD_PROFILING_END, KEYWORD_PROFILING_START, SigTableElmt_::Match, MAX_ALPROTO_NAME, SigTableElmt_::name, DetectAppLayerEventData_::needs_detctx, DetectProto_::proto, Flow_::proto, Signature_::proto, SigTableElmt_::RegisterTests, SC_ERR_INVALID_SIGNATURE, SCFree, SCLogError, SCMalloc, SCStrdup, SigTableElmt_::Setup, SIG_FLAG_APPLAYER, SIG_FLAG_TOCLIENT, SIG_FLAG_TOSERVER, sigmatch_table, SigMatchAlloc(), SigMatchAppendSMToList(), SigMatchFree(), strlcpy(), TRUE, tx_id, SigMatch_::type, SigMatchData_::type, and unlikely.
Referenced by SigTableSetup().
| SCEnumCharMap app_layer_event_test_map[] |
Definition at line 393 of file detect-app-layer-event.c.
1.8.11