Go to the source code of this file.
Data Structures | |
| struct | DetectBytetestData_ |
Macros | |
| #define | DETECT_BYTETEST_OP_LT 1 |
| #define | DETECT_BYTETEST_OP_GT 2 |
| #define | DETECT_BYTETEST_OP_EQ 3 |
| #define | DETECT_BYTETEST_OP_AND 4 |
| #define | DETECT_BYTETEST_OP_OR 5 |
| #define | DETECT_BYTETEST_OP_GE 6 |
| #define | DETECT_BYTETEST_OP_LE 7 |
| #define | DETECT_BYTETEST_BASE_UNSET 0 |
| #define | DETECT_BYTETEST_BASE_OCT 8 |
| #define | DETECT_BYTETEST_BASE_DEC 10 |
| #define | DETECT_BYTETEST_BASE_HEX 16 |
| #define | DETECT_BYTETEST_LITTLE BIT_U8(0) |
| #define | DETECT_BYTETEST_BIG BIT_U8(1) |
| #define | DETECT_BYTETEST_STRING BIT_U8(2) |
| #define | DETECT_BYTETEST_RELATIVE BIT_U8(3) |
| #define | DETECT_BYTETEST_DCE BIT_U8(4) |
| #define | DETECT_BYTETEST_BITMASK BIT_U8(5) |
| #define | DETECT_BYTETEST_VALUE_VAR BIT_U8(6) |
| #define | DETECT_BYTETEST_OFFSET_VAR BIT_U8(7) |
Typedefs | |
| typedef struct DetectBytetestData_ | DetectBytetestData |
Functions | |
| void | DetectBytetestRegister (void) |
| int | DetectBytetestDoMatch (DetectEngineThreadCtx *, const Signature *, const SigMatchCtx *ctx, const uint8_t *, uint32_t, uint8_t, int32_t, uint64_t) |
| Bytetest detection code. More... | |
Detailed Description
Definition in file detect-bytetest.h.
Macro Definition Documentation
◆ DETECT_BYTETEST_BASE_DEC
| #define DETECT_BYTETEST_BASE_DEC 10 |
"dec" type value string
Definition at line 40 of file detect-bytetest.h.
◆ DETECT_BYTETEST_BASE_HEX
| #define DETECT_BYTETEST_BASE_HEX 16 |
"hex" type value string
Definition at line 41 of file detect-bytetest.h.
◆ DETECT_BYTETEST_BASE_OCT
| #define DETECT_BYTETEST_BASE_OCT 8 |
"oct" type value string
Definition at line 39 of file detect-bytetest.h.
◆ DETECT_BYTETEST_BASE_UNSET
| #define DETECT_BYTETEST_BASE_UNSET 0 |
Bytetest Base Unset type value string (automatic)
Definition at line 38 of file detect-bytetest.h.
◆ DETECT_BYTETEST_BIG
| #define DETECT_BYTETEST_BIG BIT_U8(1) |
"bi" endian value
Definition at line 45 of file detect-bytetest.h.
◆ DETECT_BYTETEST_BITMASK
| #define DETECT_BYTETEST_BITMASK BIT_U8(5) |
bitmask supplied
Definition at line 49 of file detect-bytetest.h.
◆ DETECT_BYTETEST_DCE
| #define DETECT_BYTETEST_DCE BIT_U8(4) |
dce enabled
Definition at line 48 of file detect-bytetest.h.
◆ DETECT_BYTETEST_LITTLE
| #define DETECT_BYTETEST_LITTLE BIT_U8(0) |
Bytetest Flags "little" endian value
Definition at line 44 of file detect-bytetest.h.
◆ DETECT_BYTETEST_OFFSET_VAR
| #define DETECT_BYTETEST_OFFSET_VAR BIT_U8(7) |
byte extract value enabled
Definition at line 51 of file detect-bytetest.h.
◆ DETECT_BYTETEST_OP_AND
| #define DETECT_BYTETEST_OP_AND 4 |
"bitwise and" operator
Definition at line 32 of file detect-bytetest.h.
◆ DETECT_BYTETEST_OP_EQ
| #define DETECT_BYTETEST_OP_EQ 3 |
"equals" operator
Definition at line 31 of file detect-bytetest.h.
◆ DETECT_BYTETEST_OP_GE
| #define DETECT_BYTETEST_OP_GE 6 |
greater than equal operator
Definition at line 34 of file detect-bytetest.h.
◆ DETECT_BYTETEST_OP_GT
| #define DETECT_BYTETEST_OP_GT 2 |
"greater than" operator
Definition at line 30 of file detect-bytetest.h.
◆ DETECT_BYTETEST_OP_LE
| #define DETECT_BYTETEST_OP_LE 7 |
less than equal operator
Definition at line 35 of file detect-bytetest.h.
◆ DETECT_BYTETEST_OP_LT
| #define DETECT_BYTETEST_OP_LT 1 |
Bytetest Operators "less than" operator
Definition at line 29 of file detect-bytetest.h.
◆ DETECT_BYTETEST_OP_OR
| #define DETECT_BYTETEST_OP_OR 5 |
"bitwise or" operator
Definition at line 33 of file detect-bytetest.h.
◆ DETECT_BYTETEST_RELATIVE
| #define DETECT_BYTETEST_RELATIVE BIT_U8(3) |
"relative" offset
Definition at line 47 of file detect-bytetest.h.
◆ DETECT_BYTETEST_STRING
| #define DETECT_BYTETEST_STRING BIT_U8(2) |
"string" value
Definition at line 46 of file detect-bytetest.h.
◆ DETECT_BYTETEST_VALUE_VAR
| #define DETECT_BYTETEST_VALUE_VAR BIT_U8(6) |
byte extract value enabled
Definition at line 50 of file detect-bytetest.h.
Typedef Documentation
◆ DetectBytetestData
| typedef struct DetectBytetestData_ DetectBytetestData |
Function Documentation
◆ DetectBytetestDoMatch()
| int DetectBytetestDoMatch | ( | DetectEngineThreadCtx * | det_ctx, |
| const Signature * | s, | ||
| const SigMatchCtx * | ctx, | ||
| const uint8_t * | payload, | ||
| uint32_t | payload_len, | ||
| uint8_t | flags, | ||
| int32_t | offset, | ||
| uint64_t | value | ||
| ) |
Bytetest detection code.
Byte test works on the packet payload.
- Parameters
-
det_ctx thread de ctx s signature m sigmatch for this bytettest payload ptr to the start of the buffer to inspect payload_len length of the payload
- Return values
-
1 match 0 no match
Definition at line 106 of file detect-bytetest.c.
References DetectBytetestData_::base, DetectBytetestData_::bitmask, DetectBytetestData_::bitmask_shift_count, DetectEngineThreadCtx_::buffer_offset, BYTE_BIG_ENDIAN, BYTE_LITTLE_ENDIAN, ByteExtractStringUint64(), ByteExtractUint64(), DETECT_BYTETEST_BITMASK, DETECT_BYTETEST_LITTLE, DETECT_BYTETEST_OP_AND, DETECT_BYTETEST_OP_EQ, DETECT_BYTETEST_OP_GE, DETECT_BYTETEST_OP_GT, DETECT_BYTETEST_OP_LE, DETECT_BYTETEST_OP_LT, DETECT_BYTETEST_OP_OR, DETECT_BYTETEST_RELATIVE, DETECT_BYTETEST_STRING, flags, len, DetectBytetestData_::nbytes, DetectBytetestData_::neg_op, offset, DetectBytetestData_::offset, DetectBytetestData_::op, payload_len, SCEnter, SCLogDebug, SCReturnInt, and DetectBytetestData_::value.
◆ DetectBytetestRegister()
| void DetectBytetestRegister | ( | void | ) |
Registration function for byte_test.
- Todo:
- add support for no_stream and stream_only
Definition at line 80 of file detect-bytetest.c.
References SigTableElmt_::desc, DETECT_BYTETEST, SigTableElmt_::Match, SigTableElmt_::name, sigmatch_table, and SigTableElmt_::url.
Referenced by SigTableSetup().
