detect-dsize.c File Reference
#include "suricata-common.h"
#include "decode.h"
#include "detect.h"
#include "detect-parse.h"
#include "detect-engine-prefilter-common.h"
#include "detect-engine-build.h"
#include "flow-var.h"
#include "detect-content.h"
#include "detect-dsize.h"
#include "util-unittest.h"
#include "util-debug.h"
#include "util-byte.h"
#include "pkt-var.h"
#include "host.h"
#include "util-profiling.h"
#include "util-unittest-helper.h"
#include "detect-engine.h"
#include "detect-engine-alert.h"
#include "packet.h"
Include dependency graph for detect-dsize.c:

Go to the source code of this file.


void DetectDsizeRegister (void)
 Registration function for dsize: keyword. More...
int SigParseGetMaxDsize (const Signature *s)
 get max dsize "depth" More...
void SigParseSetDsizePair (Signature *s)
 set prefilter dsize pair More...
int SigParseMaxRequiredDsize (const Signature *s)
 Determine the required dsize for the signature. More...
void SigParseApplyDsizeToContent (Signature *s)
 Apply dsize as depth to content matches in the rule. More...

Detailed Description

Victor Julien

Implements the dsize keyword

Definition in file detect-dsize.c.

Function Documentation

◆ DetectDsizeRegister()

void DetectDsizeRegister ( void  )

Registration function for dsize: keyword.

Definition at line 61 of file detect-dsize.c.

References SigTableElmt_::desc, DETECT_DSIZE, SigTableElmt_::Match, SigTableElmt_::name, sigmatch_table, and SigTableElmt_::url.

Referenced by SigTableSetup().

Here is the caller graph for this function:

◆ SigParseApplyDsizeToContent()

void SigParseApplyDsizeToContent ( Signature s)

◆ SigParseGetMaxDsize()

int SigParseGetMaxDsize ( const Signature s)

get max dsize "depth"

ssignature to get dsize value from
Return values
depthor negative value

Definition at line 220 of file detect-dsize.c.

References SigMatch_::ctx, DETECT_UINT_EQ, DETECT_UINT_GT, DETECT_UINT_LT, DETECT_UINT_NE, DETECT_UINT_RA, SignatureInitData_::dsize_sm, Signature_::flags, Signature_::init_data, SCReturnInt, and SIG_FLAG_DSIZE.

Referenced by DetectContentPMATCHValidateCallback(), SigParseApplyDsizeToContent(), and SigParseMaxRequiredDsize().

Here is the caller graph for this function:

◆ SigParseMaxRequiredDsize()

int SigParseMaxRequiredDsize ( const Signature s)

Determine the required dsize for the signature.

ssignature to get dsize value from

Note that negated content does not contribute to the maximum required dsize value. However, each negated content's values must not exceed the dsize value. See SigParseRequiredContentSize.

Return values
-1Signature doesn't have a dsize keyword
>=0 Dsize value required to not exclude content matches

Definition at line 297 of file detect-dsize.c.

References DETECT_SM_LIST_PMATCH, Signature_::flags, Signature_::init_data, offset, SCEnter, SCLogDebug, SCReturnInt, SIG_FLAG_DSIZE, Signature_::sig_str, SigParseGetMaxDsize(), SigParseRequiredContentSize(), and SignatureInitData_::smlists.

Referenced by DetectContentPMATCHValidateCallback().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ SigParseSetDsizePair()

void SigParseSetDsizePair ( Signature s)