suricata
Data Structures | Macros | Typedefs | Functions
detect-bsize.c File Reference
#include "suricata-common.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "detect.h"
#include "detect-parse.h"
#include "detect-engine.h"
#include "detect-content.h"
#include "detect-bsize.h"
#include "util-misc.h"
#include "tests/detect-bsize.c"
Include dependency graph for detect-bsize.c:

Go to the source code of this file.

Data Structures

struct  DetectBsizeData
 

Macros

#define DETECT_BSIZE_LT   0
 
#define DETECT_BSIZE_GT   1
 
#define DETECT_BSIZE_RA   2
 
#define DETECT_BSIZE_EQ   3
 
#define ERR(...)
 

Typedefs

typedef struct DetectBsizeData DetectBsizeData
 

Functions

void DetectBsizeRegister (void)
 Registration function for bsize: keyword. More...
 
int DetectBsizeMatch (const SigMatchCtx *ctx, const uint64_t buffer_size, bool eof)
 bsize match function More...
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Implements the bsize generic buffer length keyword

Definition in file detect-bsize.c.

Macro Definition Documentation

◆ DETECT_BSIZE_EQ

#define DETECT_BSIZE_EQ   3

Definition at line 66 of file detect-bsize.c.

◆ DETECT_BSIZE_GT

#define DETECT_BSIZE_GT   1

Definition at line 64 of file detect-bsize.c.

◆ DETECT_BSIZE_LT

#define DETECT_BSIZE_LT   0

Definition at line 63 of file detect-bsize.c.

◆ DETECT_BSIZE_RA

#define DETECT_BSIZE_RA   2

Definition at line 65 of file detect-bsize.c.

◆ ERR

#define ERR (   ...)
Value:
do { \
char _buf[2048]; \
snprintf(_buf, sizeof(_buf), __VA_ARGS__); \
SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "bsize: bad input, %s", _buf); \
} while(0)

Definition at line 127 of file detect-bsize.c.

Typedef Documentation

◆ DetectBsizeData

typedef struct DetectBsizeData DetectBsizeData

Function Documentation

◆ DetectBsizeMatch()

int DetectBsizeMatch ( const SigMatchCtx ctx,
const uint64_t  buffer_size,
bool  eof 
)

bsize match function

Parameters
ctxmatch ctx
buffer_sizesize of the buffer
eofis the buffer closed?
Return values
r1 match, 0 no match, -1 can't match
Todo:
check logic around < vs <=

Definition at line 84 of file detect-bsize.c.

References DETECT_BSIZE_EQ, DETECT_BSIZE_GT, DETECT_BSIZE_LT, DETECT_BSIZE_RA, DetectBsizeData::hi, DetectBsizeData::lo, and DetectBsizeData::mode.

◆ DetectBsizeRegister()

void DetectBsizeRegister ( void  )

Registration function for bsize: keyword.

Definition at line 50 of file detect-bsize.c.

References SigTableElmt_::desc, DETECT_BSIZE, DOC_URL, DOC_VERSION, SigTableElmt_::Match, SigTableElmt_::name, SigTableElmt_::Setup, sigmatch_table, and SigTableElmt_::url.

Referenced by SigTableSetup().

Here is the caller graph for this function:
SC_ERR_INVALID_RULE_ARGUMENT
@ SC_ERR_INVALID_RULE_ARGUMENT
Definition: util-error.h:302