Go to the documentation of this file.
61 uint8_t
flags,
void *alstate,
void *tx, uint64_t tx_id);
62 static int g_applayer_state_list_id = 0;
68 "match on events generated by the App Layer Parsers and the protocol detection engine";
74 DetectEngineAptStateInspect, NULL);
76 DetectEngineAptStateInspect, NULL);
83 uint8_t
flags,
void *alstate,
void *tx, uint64_t tx_id)
87 const uint8_t tx_progress =
96 if (data->
mode == -1) {
97 SCLogDebug(
"sid:%u tx_progress %u < keyword progress %u ?", s->
id, tx_progress,
99 if (tx_progress < data->progress) {
102 }
else if (data->
mode == 1) {
103 SCLogDebug(
"sid:%u tx_progress %u > keyword progress %u ?", s->
id, tx_progress,
128 SCLogDebug(
"DETECT_ENGINE_INSPECT_SIG_MATCH");
132 uint8_t tx_end_state;
136 if (
flags & STREAM_TOSERVER)
142 SCLogDebug(
"DETECT_ENGINE_INSPECT_SIG_CANT_MATCH");
145 SCLogDebug(
"DETECT_ENGINE_INSPECT_SIG_NO_MATCH");
156 .t.app.alproto = alproto,
157 .t.app.app_progress = progress,
170 if (strlen(arg) > 0) {
174 }
else if (arg[0] ==
'>') {
184 IPPROTO_TCP , s->
alproto, h, STREAM_TOSERVER);
185 if (progress_ts >= 0) {
190 IPPROTO_TCP , s->
alproto, h, STREAM_TOCLIENT);
191 if (progress_tc < 0) {
203 const int progress_ts =
205 if (progress_ts >= 0) {
207 progress = progress_ts;
210 IPPROTO_TCP , s->
alproto, h, STREAM_TOCLIENT);
211 if (progress_tc < 0) {
215 progress = progress_tc;
223 data->
mode = (int8_t)mode;
226 g_applayer_state_list_id) == NULL) {
SigTableElmt * sigmatch_table
void(* Free)(DetectEngineCtx *, void *)
struct SignatureHook_::@87::@88 app
uint8_t AppLayerParserGetStateProgressCompletionStatus(AppProto alproto, uint8_t direction)
union SignatureHook_::@87 t
main detection engine ctx
int AppLayerParserGetStateIdByName(uint8_t ipproto, AppProto alproto, const char *name, const uint8_t direction)
#define SIG_FLAG_TOCLIENT
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
#define KEYWORD_PROFILING_START
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, uint8_t progress, InspectEngineFuncPtr Callback, InspectionBufferGetDataPtr GetData)
Registers an app inspection engine.
#define SIG_FLAG_APPLAYER
int DetectBufferTypeGetByName(const char *name)
#define KEYWORD_PROFILING_END(ctx, type, m)
@ SIGNATURE_HOOK_TYPE_APP
#define SIG_FLAG_TOSERVER
SigMatch * SCSigMatchAppendSMToList(DetectEngineCtx *de_ctx, Signature *s, uint16_t type, SigMatchCtx *ctx, const int list)
Append a SigMatch to the list type.
#define DETECT_ENGINE_INSPECT_SIG_MATCH
int AppLayerParserGetStateProgress(uint8_t ipproto, AppProto alproto, void *tx, uint8_t flags)
get the progress value for a tx/protocol
SignatureInitData * init_data
Data structures and function prototypes for keeping state for the detection engine.
#define DETECT_ENGINE_INSPECT_SIG_CANT_MATCH
struct DetectAppLayerStateData_ DetectAppLayerStateData
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
void DetectAppLayerStateRegister(void)
enum SignatureHookType type
AppLayerTxData * AppLayerParserGetTxData(uint8_t ipproto, AppProto alproto, void *tx)
uint8_t tx_type_eop_tc
toclient end of tx progress value
#define DETECT_ENGINE_INSPECT_SIG_NO_MATCH
AppProto alproto
application level protocol