suricata
Data Structures | Macros | Typedefs | Functions
detect-bytejump.h File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  DetectBytejumpData_
 

Macros

#define DETECT_BYTEJUMP_BASE_UNSET   0
 
#define DETECT_BYTEJUMP_BASE_OCT   8
 
#define DETECT_BYTEJUMP_BASE_DEC   10
 
#define DETECT_BYTEJUMP_BASE_HEX   16
 
#define DETECT_BYTEJUMP_BEGIN   BIT_U16(0)
 
#define DETECT_BYTEJUMP_LITTLE   BIT_U16(1)
 
#define DETECT_BYTEJUMP_BIG   BIT_U16(2)
 
#define DETECT_BYTEJUMP_STRING   BIT_U16(3)
 
#define DETECT_BYTEJUMP_RELATIVE   BIT_U16(4)
 
#define DETECT_BYTEJUMP_ALIGN   BIT_U16(5)
 
#define DETECT_BYTEJUMP_DCE   BIT_U16(6)
 
#define DETECT_BYTEJUMP_OFFSET_BE   BIT_U16(7)
 
#define DETECT_BYTEJUMP_END   BIT_U16(8)
 
#define DETECT_BYTEJUMP_NBYTES_VAR   BIT_U16(9)
 
#define DETECT_BYTEJUMP_OFFSET_VAR   BIT_U16(10)
 

Typedefs

typedef struct DetectBytejumpData_ DetectBytejumpData
 

Functions

void DetectBytejumpRegister (void)
 
bool DetectBytejumpDoMatch (DetectEngineThreadCtx *, const Signature *, const SigMatchCtx *, const uint8_t *, uint32_t, uint16_t, int32_t, int32_t)
 Byte jump match function. More...
 

Detailed Description

Author
Brian Rectanus brect.nosp@m.anu@.nosp@m.gmail.nosp@m..com

Definition in file detect-bytejump.h.

Macro Definition Documentation

◆ DETECT_BYTEJUMP_ALIGN

#define DETECT_BYTEJUMP_ALIGN   BIT_U16(5)

"align" offset

Definition at line 40 of file detect-bytejump.h.

◆ DETECT_BYTEJUMP_BASE_DEC

#define DETECT_BYTEJUMP_BASE_DEC   10

"dec" type value string

Definition at line 31 of file detect-bytejump.h.

◆ DETECT_BYTEJUMP_BASE_HEX

#define DETECT_BYTEJUMP_BASE_HEX   16

"hex" type value string

Definition at line 32 of file detect-bytejump.h.

◆ DETECT_BYTEJUMP_BASE_OCT

#define DETECT_BYTEJUMP_BASE_OCT   8

"oct" type value string

Definition at line 30 of file detect-bytejump.h.

◆ DETECT_BYTEJUMP_BASE_UNSET

#define DETECT_BYTEJUMP_BASE_UNSET   0

Bytejump Base Unset type value string (automatic)

Definition at line 29 of file detect-bytejump.h.

◆ DETECT_BYTEJUMP_BEGIN

#define DETECT_BYTEJUMP_BEGIN   BIT_U16(0)

Bytejump Flags "from_beginning" jump

Definition at line 35 of file detect-bytejump.h.

◆ DETECT_BYTEJUMP_BIG

#define DETECT_BYTEJUMP_BIG   BIT_U16(2)

"big" endian value

Definition at line 37 of file detect-bytejump.h.

◆ DETECT_BYTEJUMP_DCE

#define DETECT_BYTEJUMP_DCE   BIT_U16(6)

"dce" enabled

Definition at line 41 of file detect-bytejump.h.

◆ DETECT_BYTEJUMP_END

#define DETECT_BYTEJUMP_END   BIT_U16(8)

"from_end" jump

Definition at line 43 of file detect-bytejump.h.

◆ DETECT_BYTEJUMP_LITTLE

#define DETECT_BYTEJUMP_LITTLE   BIT_U16(1)

"little" endian value

Definition at line 36 of file detect-bytejump.h.

◆ DETECT_BYTEJUMP_NBYTES_VAR

#define DETECT_BYTEJUMP_NBYTES_VAR   BIT_U16(9)

nbytes string

Definition at line 44 of file detect-bytejump.h.

◆ DETECT_BYTEJUMP_OFFSET_BE

#define DETECT_BYTEJUMP_OFFSET_BE   BIT_U16(7)

"byte extract" enabled

Definition at line 42 of file detect-bytejump.h.

◆ DETECT_BYTEJUMP_OFFSET_VAR

#define DETECT_BYTEJUMP_OFFSET_VAR   BIT_U16(10)

byte extract value enabled

Definition at line 45 of file detect-bytejump.h.

◆ DETECT_BYTEJUMP_RELATIVE

#define DETECT_BYTEJUMP_RELATIVE   BIT_U16(4)

"relative" offset

Definition at line 39 of file detect-bytejump.h.

◆ DETECT_BYTEJUMP_STRING

#define DETECT_BYTEJUMP_STRING   BIT_U16(3)

"string" value

Definition at line 38 of file detect-bytejump.h.

Typedef Documentation

◆ DetectBytejumpData

typedef struct DetectBytejumpData_ DetectBytejumpData

Function Documentation

◆ DetectBytejumpDoMatch()

bool DetectBytejumpDoMatch ( DetectEngineThreadCtx det_ctx,
const Signature s,
const SigMatchCtx ctx,
const uint8_t *  payload,
uint32_t  payload_len,
uint16_t  flags,
int32_t  nbytes,
int32_t  offset 
)

Byte jump match function.

This function is used to match byte_jump

Parameters
tpointer to thread vars
det_ctxpointer to the pattern matcher thread
ppointer to the current packet
mpointer to the sigmatch that we will cast into DetectBytejumpData
Return values
falseno match
true
Parameters
det_ctxthread detect engine ctx
ssignature
mbyte jump sigmatch
payloadptr to the payload
payload_lenlength of the payload
Return values
truematch
falseno match

Definition at line 136 of file detect-bytejump.c.

References ctx, DETECT_BYTEJUMP_NBYTES_VAR, DetectBytejumpData_::flags, len, payload_len, SCEnter, and SCReturnBool.

◆ DetectBytejumpRegister()

void DetectBytejumpRegister ( void  )

Registration function for byte_jump.

Todo:
add support for no_stream and stream_only

Definition at line 72 of file detect-bytejump.c.

References SigTableElmt_::desc, DETECT_BYTEJUMP, SigTableElmt_::Match, SigTableElmt_::name, SigTableElmt_::Setup, sigmatch_table, and SigTableElmt_::url.

Referenced by SigTableSetup().

Here is the caller graph for this function: