#include "suricata-common.h"#include "decode.h"#include "detect.h"#include "detect-parse.h"#include "detect-engine-prefilter-common.h"#include "detect-engine-build.h"#include "flow-var.h"#include "detect-content.h"#include "detect-dsize.h"#include "util-unittest.h"#include "util-debug.h"#include "util-byte.h"#include "pkt-var.h"#include "host.h"#include "util-profiling.h"#include "util-unittest-helper.h"#include "detect-engine.h"#include "detect-engine-alert.h"#include "packet.h"
Go to the source code of this file.
Functions | |
| void | DetectDsizeRegister (void) |
| Registration function for dsize: keyword. More... | |
| int | SigParseGetMaxDsize (const Signature *s) |
| get max dsize "depth" More... | |
| void | SigParseSetDsizePair (Signature *s) |
| set prefilter dsize pair More... | |
| int | SigParseMaxRequiredDsize (const Signature *s) |
| Determine the required dsize for the signature. More... | |
| void | SigParseApplyDsizeToContent (Signature *s) |
| Apply dsize as depth to content matches in the rule. More... | |
Detailed Description
Implements the dsize keyword
Definition in file detect-dsize.c.
Function Documentation
◆ DetectDsizeRegister()
| void DetectDsizeRegister | ( | void | ) |
Registration function for dsize: keyword.
Definition at line 61 of file detect-dsize.c.
References SigTableElmt_::desc, DETECT_DSIZE, SigTableElmt_::Match, SigTableElmt_::name, sigmatch_table, and SigTableElmt_::url.
Referenced by SigTableSetup().
◆ SigParseApplyDsizeToContent()
| void SigParseApplyDsizeToContent | ( | Signature * | s | ) |
Apply dsize as depth to content matches in the rule.
- Parameters
-
s signature to get dsize value from
Definition at line 333 of file detect-dsize.c.
References SigMatch_::ctx, DetectContentData_::depth, DETECT_CONTENT, DETECT_CONTENT_DEPTH, DETECT_SM_LIST_PMATCH, DetectContentData_::flags, Signature_::flags, DetectContentData_::id, Signature_::id, Signature_::init_data, SigMatch_::next, SCEnter, SCLogDebug, SIG_FLAG_DSIZE, SigParseGetMaxDsize(), SigParseSetDsizePair(), SignatureInitData_::smlists, and SigMatch_::type.
◆ SigParseGetMaxDsize()
| int SigParseGetMaxDsize | ( | const Signature * | s | ) |
get max dsize "depth"
- Parameters
-
s signature to get dsize value from
- Return values
-
depth or negative value
Definition at line 220 of file detect-dsize.c.
References SigMatch_::ctx, DETECT_UINT_EQ, DETECT_UINT_GT, DETECT_UINT_LT, DETECT_UINT_NE, DETECT_UINT_RA, SignatureInitData_::dsize_sm, Signature_::flags, Signature_::init_data, SCReturnInt, and SIG_FLAG_DSIZE.
Referenced by DetectContentPMATCHValidateCallback(), SigParseApplyDsizeToContent(), and SigParseMaxRequiredDsize().
◆ SigParseMaxRequiredDsize()
| int SigParseMaxRequiredDsize | ( | const Signature * | s | ) |
Determine the required dsize for the signature.
- Parameters
-
s signature to get dsize value from
Note that negated content does not contribute to the maximum required dsize value. However, each negated content's values must not exceed the dsize value. See SigParseRequiredContentSize.
- Return values
-
-1 Signature doesn't have a dsize keyword >= 0 Dsize value required to not exclude content matches
Definition at line 297 of file detect-dsize.c.
References DETECT_SM_LIST_PMATCH, Signature_::flags, Signature_::init_data, offset, SCEnter, SCLogDebug, SCReturnInt, SIG_FLAG_DSIZE, Signature_::sig_str, SigParseGetMaxDsize(), SigParseRequiredContentSize(), and SignatureInitData_::smlists.
Referenced by DetectContentPMATCHValidateCallback().
◆ SigParseSetDsizePair()
| void SigParseSetDsizePair | ( | Signature * | s | ) |
set prefilter dsize pair
- Parameters
-
s signature to get dsize value from
Definition at line 243 of file detect-dsize.c.
References SigMatch_::ctx, DETECT_UINT_EQ, DETECT_UINT_GT, DETECT_UINT_GTE, DETECT_UINT_LT, DETECT_UINT_LTE, DETECT_UINT_NE, DETECT_UINT_RA, Signature_::dsize_high, Signature_::dsize_low, Signature_::dsize_mode, SignatureInitData_::dsize_sm, Signature_::flags, Signature_::init_data, SCLogDebug, and SIG_FLAG_DSIZE.
Referenced by SigParseApplyDsizeToContent().
