#include "suricata-common.h"#include "decode.h"#include "detect.h"#include "detect-engine.h"#include "detect-content.h"#include "detect-pcre.h"#include "detect-bytejump.h"#include "detect-bytetest.h"#include "detect-byte-extract.h"#include "detect-isdataat.h"#include "detect-engine-build.h"#include "rust.h"#include "app-layer-protos.h"#include "util-byte.h"#include "util-debug.h"#include "util-unittest.h"#include "util-unittest-helper.h"
Go to the source code of this file.
Macros | |
| #define | DETECT_BYTE_EXTRACT_BASE_HEX BaseHex |
| #define | DETECT_BYTE_EXTRACT_BASE_DEC BaseDec |
| #define | DETECT_BYTE_EXTRACT_BASE_OCT BaseOct |
| #define | STRING_MAX_BYTES_TO_EXTRACT_FOR_OCT 23 |
| #define | STRING_MAX_BYTES_TO_EXTRACT_FOR_DEC 20 |
| #define | STRING_MAX_BYTES_TO_EXTRACT_FOR_HEX 14 |
| #define | NO_STRING_MAX_BYTES_TO_EXTRACT 8 |
Functions | |
| void | DetectByteExtractRegister (void) |
| Registers the keyword handlers for the "byte_extract" keyword. More... | |
| int | DetectByteExtractDoMatch (DetectEngineThreadCtx *det_ctx, const SigMatchData *smd, const Signature *s, const uint8_t *payload, uint32_t payload_len, uint64_t *value, uint8_t endian) |
| SigMatch * | DetectByteExtractRetrieveSMVar (const char *arg, const Signature *s) |
| Lookup the SigMatch for a named byte_extract variable. More... | |
Detailed Description
Definition in file detect-byte-extract.c.
Macro Definition Documentation
◆ DETECT_BYTE_EXTRACT_BASE_DEC
| #define DETECT_BYTE_EXTRACT_BASE_DEC BaseDec |
Definition at line 50 of file detect-byte-extract.c.
◆ DETECT_BYTE_EXTRACT_BASE_HEX
| #define DETECT_BYTE_EXTRACT_BASE_HEX BaseHex |
Definition at line 49 of file detect-byte-extract.c.
◆ DETECT_BYTE_EXTRACT_BASE_OCT
| #define DETECT_BYTE_EXTRACT_BASE_OCT BaseOct |
Definition at line 51 of file detect-byte-extract.c.
◆ NO_STRING_MAX_BYTES_TO_EXTRACT
| #define NO_STRING_MAX_BYTES_TO_EXTRACT 8 |
Definition at line 59 of file detect-byte-extract.c.
◆ STRING_MAX_BYTES_TO_EXTRACT_FOR_DEC
| #define STRING_MAX_BYTES_TO_EXTRACT_FOR_DEC 20 |
Definition at line 56 of file detect-byte-extract.c.
◆ STRING_MAX_BYTES_TO_EXTRACT_FOR_HEX
| #define STRING_MAX_BYTES_TO_EXTRACT_FOR_HEX 14 |
Definition at line 57 of file detect-byte-extract.c.
◆ STRING_MAX_BYTES_TO_EXTRACT_FOR_OCT
| #define STRING_MAX_BYTES_TO_EXTRACT_FOR_OCT 23 |
Definition at line 55 of file detect-byte-extract.c.
Function Documentation
◆ DetectByteExtractDoMatch()
| int DetectByteExtractDoMatch | ( | DetectEngineThreadCtx * | det_ctx, |
| const SigMatchData * | smd, | ||
| const Signature * | s, | ||
| const uint8_t * | payload, | ||
| uint32_t | payload_len, | ||
| uint64_t * | value, | ||
| uint8_t | endian | ||
| ) |
Definition at line 82 of file detect-byte-extract.c.
References DetectEngineThreadCtx_::buffer_offset, BYTE_BIG_ENDIAN, BYTE_LITTLE_ENDIAN, ByteExtractStringUint64(), ByteExtractUint64(), SigMatchData_::ctx, len, payload_len, and SCLogDebug.
◆ DetectByteExtractRegister()
| void DetectByteExtractRegister | ( | void | ) |
Registers the keyword handlers for the "byte_extract" keyword.
Definition at line 69 of file detect-byte-extract.c.
References SigTableElmt_::desc, DETECT_BYTE_EXTRACT, SigTableElmt_::Match, SigTableElmt_::name, SigTableElmt_::Setup, sigmatch_table, and SigTableElmt_::url.
Referenced by SigTableSetup().
◆ DetectByteExtractRetrieveSMVar()
Lookup the SigMatch for a named byte_extract variable.
- Parameters
-
arg The name of the byte_extract variable to lookup. s Pointer the signature to look in.
- Return values
-
A pointer to the SigMatch if found, otherwise NULL.
Definition at line 375 of file detect-byte-extract.c.
References SignatureInitData_::buffer_index, SignatureInitData_::buffers, SigMatch_::ctx, DETECT_BYTE_EXTRACT, SignatureInitDataBuffer_::head, Signature_::init_data, SigMatch_::next, and SigMatch_::type.
Referenced by DetectByteRetrieveSMVar().
