suricata
detect-dsize.c File Reference
#include "suricata-common.h"
#include "decode.h"
#include "detect.h"
#include "detect-parse.h"
#include "detect-engine-prefilter-common.h"
#include "detect-engine-build.h"
#include "flow-var.h"
#include "detect-content.h"
#include "detect-dsize.h"
#include "util-unittest.h"
#include "util-debug.h"
#include "util-byte.h"
#include "pkt-var.h"
#include "host.h"
#include "util-profiling.h"
#include "util-unittest-helper.h"
#include "detect-engine.h"
#include "detect-engine-alert.h"
#include "packet.h"
Include dependency graph for detect-dsize.c:

Go to the source code of this file.

Functions

void DetectDsizeRegister (void)
 Registration function for dsize: keyword. More...
 
int SigParseGetMaxDsize (const Signature *s)
 get max dsize "depth" More...
 
void SigParseSetDsizePair (Signature *s)
 set prefilter dsize pair More...
 
int SigParseMaxRequiredDsize (const Signature *s)
 Determine the required dsize for the signature. More...
 
void SigParseApplyDsizeToContent (Signature *s)
 Apply dsize as depth to content matches in the rule. More...
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Implements the dsize keyword

Definition in file detect-dsize.c.

Function Documentation

◆ DetectDsizeRegister()

void DetectDsizeRegister ( void  )

Registration function for dsize: keyword.

Definition at line 61 of file detect-dsize.c.

References SigTableElmt_::desc, DETECT_DSIZE, SigTableElmt_::Match, SigTableElmt_::name, sigmatch_table, and SigTableElmt_::url.

Referenced by SigTableSetup().

Here is the caller graph for this function:

◆ SigParseApplyDsizeToContent()

void SigParseApplyDsizeToContent ( Signature s)

◆ SigParseGetMaxDsize()

int SigParseGetMaxDsize ( const Signature s)

get max dsize "depth"

Parameters
ssignature to get dsize value from
Return values
depthor negative value

Definition at line 211 of file detect-dsize.c.

References SigMatch_::ctx, DETECT_UINT_EQ, DETECT_UINT_GT, DETECT_UINT_LT, DETECT_UINT_NE, DETECT_UINT_RA, SignatureInitData_::dsize_sm, Signature_::flags, Signature_::init_data, SCReturnInt, and SIG_FLAG_DSIZE.

Referenced by DetectContentPMATCHValidateCallback(), SigParseApplyDsizeToContent(), and SigParseMaxRequiredDsize().

Here is the caller graph for this function:

◆ SigParseMaxRequiredDsize()

int SigParseMaxRequiredDsize ( const Signature s)

Determine the required dsize for the signature.

Parameters
ssignature to get dsize value from

Note that negated content does not contribute to the maximum required dsize value. However, each negated content's values must not exceed the dsize value. See SigParseRequiredContentSize.

Return values
-1Signature doesn't have a dsize keyword
>=0 Dsize value required to not exclude content matches

Definition at line 288 of file detect-dsize.c.

References DETECT_SM_LIST_PMATCH, Signature_::flags, Signature_::init_data, offset, SCEnter, SCLogDebug, SCReturnInt, SIG_FLAG_DSIZE, Signature_::sig_str, SigParseGetMaxDsize(), SigParseRequiredContentSize(), and SignatureInitData_::smlists.

Referenced by DetectContentPMATCHValidateCallback().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ SigParseSetDsizePair()

void SigParseSetDsizePair ( Signature s)