Go to the documentation of this file.
43 static void DetectBsizeRegisterTests (
void);
63 #define DETECT_BSIZE_LT 0
64 #define DETECT_BSIZE_GT 1
65 #define DETECT_BSIZE_RA 2
66 #define DETECT_BSIZE_EQ 3
89 if (buffer_size < bsz->lo) {
95 if (buffer_size > bsz->
lo) {
103 if (buffer_size == bsz->
lo) {
105 }
else if (buffer_size > bsz->
lo) {
114 if (buffer_size > bsz->
lo && buffer_size < bsz->hi) {
116 }
else if (buffer_size <= bsz->lo && eof) {
118 }
else if (buffer_size <= bsz->lo) {
120 }
else if (buffer_size >= bsz->
hi) {
127 #define ERR(...) do { \
129 snprintf(_buf, sizeof(_buf), __VA_ARGS__); \
130 SCLogError(SC_ERR_INVALID_RULE_ARGUMENT, "bsize: bad input, %s", _buf); \
155 while (isspace(*
str))
174 while (isspace(*
str))
177 char str1[11], *p = str1;
178 memset(str1, 0,
sizeof(str1));
179 while (*
str && isdigit(*
str)) {
180 if (p - str1 >= ((
int)
sizeof(str1) - 1))
185 while (*
str && isspace(*
str)) {
198 }
else if (*
str ==
'<') {
201 ERR(
"only '<>' allowed");
208 ERR(
"mode already set");
220 while (*
str && isspace(*
str))
225 memset(str2, 0,
sizeof(str2));
226 while (*
str && isdigit(*
str)) {
227 if (p - str2 >= ((
int)
sizeof(str2) - 1))
232 while (*
str && isspace(*
str)) {
240 ERR(
"'%s' is not a valid u32", str2);
245 ERR(
"%u > %u", lo, hi);
250 ERR(
"trailing data");
263 bsz->
mode = (uint8_t)mode;
298 sm->
ctx = (
void *)bsz;
305 DetectBsizeFree(
de_ctx, bsz);
void(* Free)(DetectEngineCtx *, void *)
int ParseSizeStringU64(const char *size, uint64_t *res)
main detection engine ctx
int DetectBufferGetActiveList(DetectEngineCtx *de_ctx, Signature *s)
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
void DetectBsizeRegister(void)
Registration function for bsize: keyword.
int DetectBsizeMatch(const SigMatchCtx *ctx, const uint64_t buffer_size, bool eof)
bsize match function
SignatureInitData * init_data
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
SigMatch * SigMatchAlloc(void)
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
#define DETECT_SM_LIST_NOTSET
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
a single match condition for a signature
struct DetectBsizeData DetectBsizeData
void SigMatchAppendSMToList(Signature *s, SigMatch *new, int list)
Append a SigMatch to the list type.
void(* RegisterTests)(void)