suricata
Macros | Functions
detect-bytemath.c File Reference
#include "suricata-common.h"
#include "threads.h"
#include "decode.h"
#include "app-layer-parser.h"
#include "app-layer-protos.h"
#include "detect.h"
#include "detect-parse.h"
#include "detect-engine.h"
#include "detect-engine-mpm.h"
#include "detect-engine-state.h"
#include "detect-engine-build.h"
#include "rust-bindings.h"
#include "detect-content.h"
#include "detect-pcre.h"
#include "detect-byte.h"
#include "detect-bytemath.h"
#include "flow.h"
#include "flow-var.h"
#include "flow-util.h"
#include "util-byte.h"
#include "util-debug.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "util-spm.h"
#include "detect-engine-alert.h"
Include dependency graph for detect-bytemath.c:

Go to the source code of this file.

Macros

#define DETECT_BYTEMATH_ENDIAN_DEFAULT   (uint8_t) BigEndian
 
#define DETECT_BYTEMATH_BASE_DEFAULT   (uint8_t) BaseDec
 

Functions

void DetectBytemathRegister (void)
 Registers the keyword handlers for the "byte_math" keyword. More...
 
int DetectByteMathDoMatch (DetectEngineThreadCtx *det_ctx, const DetectByteMathData *data, const Signature *s, const uint8_t *payload, const uint32_t payload_len, uint8_t nbytes, uint64_t rvalue, uint64_t *value, uint8_t endian)
 
SigMatchDetectByteMathRetrieveSMVar (const char *arg, const Signature *s)
 Lookup the SigMatch for a named byte_math variable. More...
 

Detailed Description

Author
Jeff Lucovsky jeff@.nosp@m.luco.nosp@m.vsky..nosp@m.org

Definition in file detect-bytemath.c.

Macro Definition Documentation

◆ DETECT_BYTEMATH_BASE_DEFAULT

#define DETECT_BYTEMATH_BASE_DEFAULT   (uint8_t) BaseDec

Definition at line 67 of file detect-bytemath.c.

◆ DETECT_BYTEMATH_ENDIAN_DEFAULT

#define DETECT_BYTEMATH_ENDIAN_DEFAULT   (uint8_t) BigEndian

Definition at line 66 of file detect-bytemath.c.

Function Documentation

◆ DetectByteMathDoMatch()

int DetectByteMathDoMatch ( DetectEngineThreadCtx det_ctx,
const DetectByteMathData *  data,
const Signature s,
const uint8_t *  payload,
const uint32_t  payload_len,
uint8_t  nbytes,
uint64_t  rvalue,
uint64_t *  value,
uint8_t  endian 
)

Definition at line 87 of file detect-bytemath.c.

References payload_len.

◆ DetectBytemathRegister()

void DetectBytemathRegister ( void  )

Registers the keyword handlers for the "byte_math" keyword.

Definition at line 70 of file detect-bytemath.c.

References DETECT_BYTEMATH, SigTableElmt_::Match, SigTableElmt_::name, SigTableElmt_::Setup, and sigmatch_table.

Referenced by SigTableSetup().

Here is the caller graph for this function:

◆ DetectByteMathRetrieveSMVar()

SigMatch* DetectByteMathRetrieveSMVar ( const char *  arg,
const Signature s 
)

Lookup the SigMatch for a named byte_math variable.

Parameters
argThe name of the byte_math variable to lookup.
sPointer the signature to look in.
Return values
Apointer to the SigMatch if found, otherwise NULL.

Definition at line 441 of file detect-bytemath.c.

References SignatureInitData_::buffer_index, SignatureInitData_::buffers, SigMatch_::ctx, DETECT_BYTEMATH, SignatureInitDataBuffer_::head, Signature_::init_data, SigMatch_::next, SCLogDebug, and SigMatch_::type.

Referenced by DetectByteRetrieveSMVar().

Here is the caller graph for this function: