Go to the documentation of this file.
52 #define PARSE_REGEX "^\\s*([0-9a-zA-Z]{8}-[0-9a-zA-Z]{4}-[0-9a-zA-Z]{4}-[0-9a-zA-Z]{4}-[0-9a-zA-Z]{12})(?:\\s*,\\s*(<|>|=|!)([0-9]{1,5}))?(?:\\s*,\\s*(any_frag))?\\s*$"
57 Flow *f, uint8_t
flags,
void *state,
void *txv,
61 static int g_dce_generic_list_id = 0;
103 Flow *f, uint8_t
flags,
void *state,
void *txv,
110 return SCDcerpcIfaceMatch(txv, state, (
void *)
m);
115 if (rs_smb_tx_get_dce_iface(f->
alstate, txv, (
void *)
m) != 1) {
116 SCLogDebug(
"rs_smb_tx_get_dce_iface: didn't match");
118 SCLogDebug(
"rs_smb_tx_get_dce_iface: matched!");
144 void *did = SCDcerpcIfaceParse(arg);
146 SCLogError(
"Error parsing dce_iface option in "
152 DetectDceIfaceFree(
de_ctx, did);
162 SCDcerpcIfaceFree(ptr);
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
SigTableElmt * sigmatch_table
void(* Free)(DetectEngineCtx *, void *)
void DetectDceIfaceRegister(void)
Registers the keyword handlers for the "dce_iface" keyword.
main detection engine ctx
int(* AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)
#define SIG_FLAG_TOCLIENT
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
#define SIG_FLAG_TOSERVER
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *detect_parse)
Data structures and function prototypes for keeping state for the detection engine.
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
int DetectBufferTypeRegister(const char *name)
uint8_t DetectEngineInspectGenericList(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
#define SCLogError(...)
Macro used to log ERROR messages.
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr Callback, InspectionBufferGetDataPtr GetData)
Registers an app inspection engine.
SigMatch * SigMatchAppendSMToList(DetectEngineCtx *de_ctx, Signature *s, uint16_t type, SigMatchCtx *ctx, const int list)
Append a SigMatch to the list type.
AppProto alproto
application level protocol