Go to the source code of this file.
Data Structures | |
| struct | DetectByteMathData_ |
| Holds data related to byte_math keyword. More... | |
Macros | |
| #define | DETECT_BYTEMATH_FLAG_RELATIVE 0x01 |
| #define | DETECT_BYTEMATH_FLAG_STRING 0x02 |
| #define | DETECT_BYTEMATH_FLAG_BITMASK 0x04 |
| #define | DETECT_BYTEMATH_FLAG_ENDIAN 0x08 |
| #define | DETECT_BYTEMATH_RVALUE_VAR 0x10 |
| #define | DETECT_BYTEMATH_ENDIAN_NONE 0 |
| #define | DETECT_BYTEMATH_ENDIAN_BIG 1 |
| #define | DETECT_BYTEMATH_ENDIAN_LITTLE 2 |
| #define | DETECT_BYTEMATH_ENDIAN_DCE 3 |
| #define | DETECT_BYTEMATH_OPERATOR_NONE 1 |
| #define | DETECT_BYTEMATH_OPERATOR_PLUS 2 |
| #define | DETECT_BYTEMATH_OPERATOR_MINUS 3 |
| #define | DETECT_BYTEMATH_OPERATOR_DIVIDE 4 |
| #define | DETECT_BYTEMATH_OPERATOR_MULTIPLY 5 |
| #define | DETECT_BYTEMATH_OPERATOR_LSHIFT 6 |
| #define | DETECT_BYTEMATH_OPERATOR_RSHIFT 7 |
Typedefs | |
| typedef struct DetectByteMathData_ | DetectByteMathData |
| Holds data related to byte_math keyword. More... | |
Functions | |
| void | DetectBytemathRegister (void) |
| Registers the keyword handlers for the "byte_math" keyword. More... | |
| SigMatch * | DetectByteMathRetrieveSMVar (const char *, const Signature *) |
| Lookup the SigMatch for a named byte_math variable. More... | |
| int | DetectByteMathDoMatch (DetectEngineThreadCtx *, const SigMatchData *, const Signature *, const uint8_t *, uint16_t, uint64_t, uint64_t *, uint8_t) |
Detailed Description
Definition in file detect-bytemath.h.
Macro Definition Documentation
◆ DETECT_BYTEMATH_ENDIAN_BIG
| #define DETECT_BYTEMATH_ENDIAN_BIG 1 |
Definition at line 37 of file detect-bytemath.h.
◆ DETECT_BYTEMATH_ENDIAN_DCE
| #define DETECT_BYTEMATH_ENDIAN_DCE 3 |
Definition at line 39 of file detect-bytemath.h.
◆ DETECT_BYTEMATH_ENDIAN_LITTLE
| #define DETECT_BYTEMATH_ENDIAN_LITTLE 2 |
Definition at line 38 of file detect-bytemath.h.
◆ DETECT_BYTEMATH_ENDIAN_NONE
| #define DETECT_BYTEMATH_ENDIAN_NONE 0 |
Definition at line 36 of file detect-bytemath.h.
◆ DETECT_BYTEMATH_FLAG_BITMASK
| #define DETECT_BYTEMATH_FLAG_BITMASK 0x04 |
Definition at line 31 of file detect-bytemath.h.
◆ DETECT_BYTEMATH_FLAG_ENDIAN
| #define DETECT_BYTEMATH_FLAG_ENDIAN 0x08 |
Definition at line 32 of file detect-bytemath.h.
◆ DETECT_BYTEMATH_FLAG_RELATIVE
| #define DETECT_BYTEMATH_FLAG_RELATIVE 0x01 |
Definition at line 29 of file detect-bytemath.h.
◆ DETECT_BYTEMATH_FLAG_STRING
| #define DETECT_BYTEMATH_FLAG_STRING 0x02 |
Definition at line 30 of file detect-bytemath.h.
◆ DETECT_BYTEMATH_OPERATOR_DIVIDE
| #define DETECT_BYTEMATH_OPERATOR_DIVIDE 4 |
Definition at line 44 of file detect-bytemath.h.
◆ DETECT_BYTEMATH_OPERATOR_LSHIFT
| #define DETECT_BYTEMATH_OPERATOR_LSHIFT 6 |
Definition at line 46 of file detect-bytemath.h.
◆ DETECT_BYTEMATH_OPERATOR_MINUS
| #define DETECT_BYTEMATH_OPERATOR_MINUS 3 |
Definition at line 43 of file detect-bytemath.h.
◆ DETECT_BYTEMATH_OPERATOR_MULTIPLY
| #define DETECT_BYTEMATH_OPERATOR_MULTIPLY 5 |
Definition at line 45 of file detect-bytemath.h.
◆ DETECT_BYTEMATH_OPERATOR_NONE
| #define DETECT_BYTEMATH_OPERATOR_NONE 1 |
Definition at line 41 of file detect-bytemath.h.
◆ DETECT_BYTEMATH_OPERATOR_PLUS
| #define DETECT_BYTEMATH_OPERATOR_PLUS 2 |
Definition at line 42 of file detect-bytemath.h.
◆ DETECT_BYTEMATH_OPERATOR_RSHIFT
| #define DETECT_BYTEMATH_OPERATOR_RSHIFT 7 |
Definition at line 47 of file detect-bytemath.h.
◆ DETECT_BYTEMATH_RVALUE_VAR
| #define DETECT_BYTEMATH_RVALUE_VAR 0x10 |
Definition at line 33 of file detect-bytemath.h.
Typedef Documentation
◆ DetectByteMathData
| typedef struct DetectByteMathData_ DetectByteMathData |
Holds data related to byte_math keyword.
Function Documentation
◆ DetectByteMathDoMatch()
| int DetectByteMathDoMatch | ( | DetectEngineThreadCtx * | , |
| const SigMatchData * | , | ||
| const Signature * | , | ||
| const uint8_t * | , | ||
| uint16_t | , | ||
| uint64_t | , | ||
| uint64_t * | , | ||
| uint8_t | |||
| ) |
Definition at line 137 of file detect-bytemath.c.
References DetectByteMathData_::base, DetectByteMathData_::bitmask_shift_count, DetectByteMathData_::bitmask_val, DetectEngineThreadCtx_::buffer_offset, BUG_ON, BYTE_BIG_ENDIAN, BYTE_LITTLE_ENDIAN, ByteExtractStringUint64(), ByteExtractUint64(), SigMatchData_::ctx, DETECT_BYTEMATH_ENDIAN_BIG, DETECT_BYTEMATH_FLAG_BITMASK, DETECT_BYTEMATH_FLAG_RELATIVE, DETECT_BYTEMATH_FLAG_STRING, DETECT_BYTEMATH_OPERATOR_DIVIDE, DETECT_BYTEMATH_OPERATOR_LSHIFT, DETECT_BYTEMATH_OPERATOR_MINUS, DETECT_BYTEMATH_OPERATOR_MULTIPLY, DETECT_BYTEMATH_OPERATOR_NONE, DETECT_BYTEMATH_OPERATOR_PLUS, DETECT_BYTEMATH_OPERATOR_RSHIFT, DetectByteMathData_::flags, len, DetectByteMathData_::nbytes, DetectByteMathData_::offset, DetectByteMathData_::oper, payload_len, and SCLogDebug.
◆ DetectBytemathRegister()
| void DetectBytemathRegister | ( | void | ) |
Registers the keyword handlers for the "byte_math" keyword.
Definition at line 125 of file detect-bytemath.c.
References DETECT_BYTEMATH, SigTableElmt_::Match, SigTableElmt_::name, SigTableElmt_::Setup, and sigmatch_table.
Referenced by SigTableSetup().
◆ DetectByteMathRetrieveSMVar()
Lookup the SigMatch for a named byte_math variable.
- Parameters
-
arg The name of the byte_math variable to lookup. s Pointer the signature to look in.
- Return values
-
A pointer to the SigMatch if found, otherwise NULL.
Definition at line 758 of file detect-bytemath.c.
References Signature_::init_data, and SignatureInitData_::smlists_array_size.
Referenced by DetectByteRetrieveSMVar().
