suricata
detect-byte-extract.c File Reference
#include "suricata-common.h"
#include "decode.h"
#include "detect.h"
#include "detect-engine.h"
#include "detect-content.h"
#include "detect-pcre.h"
#include "detect-bytejump.h"
#include "detect-bytetest.h"
#include "detect-byte-extract.h"
#include "detect-isdataat.h"
#include "detect-engine-build.h"
#include "rust.h"
#include "app-layer-protos.h"
#include "util-byte.h"
#include "util-debug.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
Include dependency graph for detect-byte-extract.c:

Go to the source code of this file.

Macros

#define DETECT_BYTE_EXTRACT_BASE_HEX   BaseHex
 
#define DETECT_BYTE_EXTRACT_BASE_DEC   BaseDec
 
#define DETECT_BYTE_EXTRACT_BASE_OCT   BaseOct
 
#define STRING_MAX_BYTES_TO_EXTRACT_FOR_OCT   23
 
#define STRING_MAX_BYTES_TO_EXTRACT_FOR_DEC   20
 
#define STRING_MAX_BYTES_TO_EXTRACT_FOR_HEX   14
 
#define NO_STRING_MAX_BYTES_TO_EXTRACT   8
 

Functions

void DetectByteExtractRegister (void)
 Registers the keyword handlers for the "byte_extract" keyword. More...
 
int DetectByteExtractDoMatch (DetectEngineThreadCtx *det_ctx, const SigMatchData *smd, const Signature *s, const uint8_t *payload, uint32_t payload_len, uint64_t *value, uint8_t endian)
 
SigMatchDetectByteExtractRetrieveSMVar (const char *arg, const Signature *s)
 Lookup the SigMatch for a named byte_extract variable. More...
 

Detailed Description

Macro Definition Documentation

◆ DETECT_BYTE_EXTRACT_BASE_DEC

#define DETECT_BYTE_EXTRACT_BASE_DEC   BaseDec

Definition at line 50 of file detect-byte-extract.c.

◆ DETECT_BYTE_EXTRACT_BASE_HEX

#define DETECT_BYTE_EXTRACT_BASE_HEX   BaseHex

Definition at line 49 of file detect-byte-extract.c.

◆ DETECT_BYTE_EXTRACT_BASE_OCT

#define DETECT_BYTE_EXTRACT_BASE_OCT   BaseOct

Definition at line 51 of file detect-byte-extract.c.

◆ NO_STRING_MAX_BYTES_TO_EXTRACT

#define NO_STRING_MAX_BYTES_TO_EXTRACT   8

Definition at line 59 of file detect-byte-extract.c.

◆ STRING_MAX_BYTES_TO_EXTRACT_FOR_DEC

#define STRING_MAX_BYTES_TO_EXTRACT_FOR_DEC   20

Definition at line 56 of file detect-byte-extract.c.

◆ STRING_MAX_BYTES_TO_EXTRACT_FOR_HEX

#define STRING_MAX_BYTES_TO_EXTRACT_FOR_HEX   14

Definition at line 57 of file detect-byte-extract.c.

◆ STRING_MAX_BYTES_TO_EXTRACT_FOR_OCT

#define STRING_MAX_BYTES_TO_EXTRACT_FOR_OCT   23

Definition at line 55 of file detect-byte-extract.c.

Function Documentation

◆ DetectByteExtractDoMatch()

int DetectByteExtractDoMatch ( DetectEngineThreadCtx det_ctx,
const SigMatchData smd,
const Signature s,
const uint8_t *  payload,
uint32_t  payload_len,
uint64_t *  value,
uint8_t  endian 
)

◆ DetectByteExtractRegister()

void DetectByteExtractRegister ( void  )

Registers the keyword handlers for the "byte_extract" keyword.

Definition at line 69 of file detect-byte-extract.c.

References SigTableElmt_::desc, DETECT_BYTE_EXTRACT, SigTableElmt_::Match, SigTableElmt_::name, SigTableElmt_::Setup, sigmatch_table, and SigTableElmt_::url.

Referenced by SigTableSetup().

Here is the caller graph for this function:

◆ DetectByteExtractRetrieveSMVar()

SigMatch* DetectByteExtractRetrieveSMVar ( const char *  arg,
const Signature s 
)

Lookup the SigMatch for a named byte_extract variable.

Parameters
argThe name of the byte_extract variable to lookup.
sPointer the signature to look in.
Return values
Apointer to the SigMatch if found, otherwise NULL.

Definition at line 375 of file detect-byte-extract.c.

References SignatureInitData_::buffer_index, SignatureInitData_::buffers, SigMatch_::ctx, DETECT_BYTE_EXTRACT, SignatureInitDataBuffer_::head, Signature_::init_data, SigMatch_::next, and SigMatch_::type.

Referenced by DetectByteRetrieveSMVar().

Here is the caller graph for this function: