suricata
Data Structures | Macros | Typedefs | Functions
detect-byte-extract.h File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  DetectByteExtractData_
 Holds data related to byte_extract keyword. More...
 

Macros

#define DETECT_BYTE_EXTRACT_FLAG_RELATIVE   0x01
 
#define DETECT_BYTE_EXTRACT_FLAG_MULTIPLIER   0x02
 
#define DETECT_BYTE_EXTRACT_FLAG_STRING   0x04
 
#define DETECT_BYTE_EXTRACT_FLAG_ALIGN   0x08
 
#define DETECT_BYTE_EXTRACT_FLAG_ENDIAN   0x10
 
#define DETECT_BYTE_EXTRACT_ENDIAN_NONE   0
 
#define DETECT_BYTE_EXTRACT_ENDIAN_BIG   1
 
#define DETECT_BYTE_EXTRACT_ENDIAN_LITTLE   2
 
#define DETECT_BYTE_EXTRACT_ENDIAN_DCE   3
 

Typedefs

typedef struct DetectByteExtractData_ DetectByteExtractData
 Holds data related to byte_extract keyword. More...
 

Functions

void DetectByteExtractRegister (void)
 Registers the keyword handlers for the "byte_extract" keyword. More...
 
SigMatchDetectByteExtractRetrieveSMVar (const char *, const Signature *)
 Lookup the SigMatch for a named byte_extract variable. More...
 
int DetectByteExtractDoMatch (DetectEngineThreadCtx *, const SigMatchData *, const Signature *, const uint8_t *, uint32_t, uint64_t *, uint8_t)
 

Detailed Description

Author
Anoop Saldanha anoop.nosp@m.sald.nosp@m.anha@.nosp@m.gmai.nosp@m.l.com

Definition in file detect-byte-extract.h.

Macro Definition Documentation

◆ DETECT_BYTE_EXTRACT_ENDIAN_BIG

#define DETECT_BYTE_EXTRACT_ENDIAN_BIG   1

Definition at line 37 of file detect-byte-extract.h.

◆ DETECT_BYTE_EXTRACT_ENDIAN_DCE

#define DETECT_BYTE_EXTRACT_ENDIAN_DCE   3

Definition at line 39 of file detect-byte-extract.h.

◆ DETECT_BYTE_EXTRACT_ENDIAN_LITTLE

#define DETECT_BYTE_EXTRACT_ENDIAN_LITTLE   2

Definition at line 38 of file detect-byte-extract.h.

◆ DETECT_BYTE_EXTRACT_ENDIAN_NONE

#define DETECT_BYTE_EXTRACT_ENDIAN_NONE   0

Definition at line 36 of file detect-byte-extract.h.

◆ DETECT_BYTE_EXTRACT_FLAG_ALIGN

#define DETECT_BYTE_EXTRACT_FLAG_ALIGN   0x08

Definition at line 32 of file detect-byte-extract.h.

◆ DETECT_BYTE_EXTRACT_FLAG_ENDIAN

#define DETECT_BYTE_EXTRACT_FLAG_ENDIAN   0x10

Definition at line 33 of file detect-byte-extract.h.

◆ DETECT_BYTE_EXTRACT_FLAG_MULTIPLIER

#define DETECT_BYTE_EXTRACT_FLAG_MULTIPLIER   0x02

Definition at line 30 of file detect-byte-extract.h.

◆ DETECT_BYTE_EXTRACT_FLAG_RELATIVE

#define DETECT_BYTE_EXTRACT_FLAG_RELATIVE   0x01

Definition at line 29 of file detect-byte-extract.h.

◆ DETECT_BYTE_EXTRACT_FLAG_STRING

#define DETECT_BYTE_EXTRACT_FLAG_STRING   0x04

Definition at line 31 of file detect-byte-extract.h.

Typedef Documentation

◆ DetectByteExtractData

typedef struct DetectByteExtractData_ DetectByteExtractData

Holds data related to byte_extract keyword.

Function Documentation

◆ DetectByteExtractDoMatch()

int DetectByteExtractDoMatch ( DetectEngineThreadCtx ,
const SigMatchData ,
const Signature ,
const uint8_t *  ,
uint32_t  ,
uint64_t *  ,
uint8_t   
)

Definition at line 115 of file detect-byte-extract.c.

References DetectByteExtractData_::align_value, DetectByteExtractData_::base, DetectEngineThreadCtx_::buffer_offset, BYTE_BIG_ENDIAN, BYTE_LITTLE_ENDIAN, ByteExtractStringUint64(), ByteExtractUint64(), SigMatchData_::ctx, DETECT_BYTE_EXTRACT_ENDIAN_BIG, DETECT_BYTE_EXTRACT_FLAG_ALIGN, DETECT_BYTE_EXTRACT_FLAG_RELATIVE, DETECT_BYTE_EXTRACT_FLAG_STRING, DetectByteExtractData_::flags, len, DetectByteExtractData_::multiplier_value, DetectByteExtractData_::nbytes, DetectByteExtractData_::offset, payload_len, and SCLogDebug.

Here is the call graph for this function:

◆ DetectByteExtractRegister()

void DetectByteExtractRegister ( void  )

Registers the keyword handlers for the "byte_extract" keyword.

Definition at line 101 of file detect-byte-extract.c.

References SigTableElmt_::desc, DETECT_BYTE_EXTRACT, SigTableElmt_::Match, SigTableElmt_::name, SigTableElmt_::Setup, sigmatch_table, and SigTableElmt_::url.

Referenced by SigTableSetup().

Here is the caller graph for this function:

◆ DetectByteExtractRetrieveSMVar()

SigMatch* DetectByteExtractRetrieveSMVar ( const char *  arg,
const Signature s 
)

Lookup the SigMatch for a named byte_extract variable.

Parameters
argThe name of the byte_extract variable to lookup.
sPointer the signature to look in.
Return values
Apointer to the SigMatch if found, otherwise NULL.

Definition at line 666 of file detect-byte-extract.c.

References Signature_::init_data, and SignatureInitData_::smlists_array_size.

Referenced by DetectByteRetrieveSMVar().

Here is the caller graph for this function: