suricata
|
#include "suricata-common.h"
#include "detect.h"
#include "detect-parse.h"
#include "detect-base64-decode.h"
#include "util-base64.h"
#include "util-byte.h"
#include "util-print.h"
#include "detect-engine.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "app-layer-parser.h"
#include "flow-util.h"
#include "stream-tcp.h"
Go to the source code of this file.
Macros | |
#define | BASE64_DECODE_MAX 65535 |
Functions | |
void | DetectBase64DecodeRegister (void) |
int | DetectBase64DecodeDoMatch (DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, const uint8_t *payload, uint32_t payload_len) |
#define BASE64_DECODE_MAX 65535 |
Definition at line 27 of file detect-base64-decode.c.
Referenced by DetectBase64DecodeDoMatch().
int DetectBase64DecodeDoMatch | ( | DetectEngineThreadCtx * | det_ctx, |
const Signature * | s, | ||
const SigMatchData * | smd, | ||
const uint8_t * | payload, | ||
uint32_t | payload_len | ||
) |
Definition at line 56 of file detect-base64-decode.c.
References BASE64_DECODE_MAX, DetectEngineCtx_::base64_decode_max_len, DetectEngineThreadCtx_::base64_decoded, DetectEngineThreadCtx_::base64_decoded_len, DetectEngineThreadCtx_::buffer_offset, ByteExtractStringUint32(), DetectBase64Decode_::bytes, SigMatch_::ctx, SigMatchData_::ctx, DecodeBase64(), DETECT_BASE64_DECODE, DETECT_BYTE_EXTRACT, DETECT_BYTEJUMP, DETECT_BYTETEST, DETECT_CONTENT, DETECT_ISDATAAT, DETECT_PCRE, DETECT_SM_LIST_NOTSET, DETECT_SM_LIST_PMATCH, DetectBufferTypeGetByName(), DetectEngineCtxFree(), DetectEngineCtxInit(), DetectEngineThreadCtxDeinit(), DetectEngineThreadCtxInit(), DetectGetLastSMFromLists(), Signature_::init_data, SignatureInitData_::list, MIN, DetectBase64Decode_::offset, offset, PrintRawDataFp(), DetectBase64Decode_::relative, SC_ERR_INVALID_RULE_ARGUMENT, SCCalloc, SCFree, SCLogDebug, SCLogError, DetectEngineCtx_::sig_list, SigCleanSignatures(), SigGroupBuild(), SigGroupCleanup(), SigInit(), SigMatchAlloc(), SigMatchAppendSMToList(), SigMatchListSMBelongsTo(), SigMatchSignatures(), str, SigMatch_::type, unlikely, UTHBuildPacket(), UTHFreePacket(), and UtRegisterTest().
Referenced by DetectEngineContentInspection().
void DetectBase64DecodeRegister | ( | void | ) |
Definition at line 39 of file detect-base64-decode.c.
References SigTableElmt_::desc, DETECT_BASE64_DECODE, DetectSetupParseRegexes(), DOC_URL, DOC_VERSION, SigTableElmt_::flags, SigTableElmt_::Free, SigTableElmt_::name, SigTableElmt_::RegisterTests, SigTableElmt_::Setup, SIGMATCH_OPTIONAL_OPT, sigmatch_table, and SigTableElmt_::url.
Referenced by SigTableSetup().