suricata
detect-dsize.h File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  DetectDsizeData_
 

Macros

#define DETECTDSIZE_LT   0
 
#define DETECTDSIZE_EQ   1
 
#define DETECTDSIZE_GT   2
 
#define DETECTDSIZE_RA   3
 

Typedefs

typedef struct DetectDsizeData_ DetectDsizeData
 

Functions

void DetectDsizeRegister (void)
 Registration function for dsize: keyword. More...
 
int SigParseGetMaxDsize (const Signature *s)
 get max dsize "depth" More...
 
void SigParseSetDsizePair (Signature *s)
 set prefilter dsize pair More...
 
void SigParseApplyDsizeToContent (Signature *s)
 Apply dsize as depth to content matches in the rule. More...
 

Detailed Description

Macro Definition Documentation

◆ DETECTDSIZE_EQ

#define DETECTDSIZE_EQ   1

Definition at line 29 of file detect-dsize.h.

◆ DETECTDSIZE_GT

#define DETECTDSIZE_GT   2

Definition at line 30 of file detect-dsize.h.

◆ DETECTDSIZE_LT

#define DETECTDSIZE_LT   0

Definition at line 28 of file detect-dsize.h.

◆ DETECTDSIZE_RA

#define DETECTDSIZE_RA   3

Definition at line 31 of file detect-dsize.h.

Typedef Documentation

◆ DetectDsizeData

Function Documentation

◆ DetectDsizeRegister()

void DetectDsizeRegister ( void  )

Registration function for dsize: keyword.

Definition at line 66 of file detect-dsize.c.

References SigTableElmt_::desc, DETECT_DSIZE, SigTableElmt_::Match, SigTableElmt_::name, sigmatch_table, and SigTableElmt_::url.

Referenced by SigTableSetup().

Here is the caller graph for this function:

◆ SigParseApplyDsizeToContent()

void SigParseApplyDsizeToContent ( Signature s)

Apply dsize as depth to content matches in the rule.

Parameters
ssignature to get dsize value from

Definition at line 441 of file detect-dsize.c.

References SigMatch_::ctx, DetectContentData_::depth, DETECT_CONTENT, DETECT_SM_LIST_PMATCH, Signature_::flags, DetectContentData_::id, Signature_::id, Signature_::init_data, SigMatch_::next, SCEnter, SCLogDebug, SIG_FLAG_DSIZE, SigParseGetMaxDsize(), SigParseSetDsizePair(), SignatureInitData_::smlists, and SigMatch_::type.

Here is the call graph for this function:

◆ SigParseGetMaxDsize()

int SigParseGetMaxDsize ( const Signature s)

get max dsize "depth"

Parameters
ssignature to get dsize value from
Return values
depthor negative value

Definition at line 382 of file detect-dsize.c.

References SigMatch_::ctx, DETECTDSIZE_EQ, DETECTDSIZE_GT, DETECTDSIZE_LT, DETECTDSIZE_RA, DetectDsizeData_::dsize, DetectDsizeData_::dsize2, SignatureInitData_::dsize_sm, Signature_::flags, Signature_::init_data, DetectDsizeData_::mode, SCReturnInt, and SIG_FLAG_DSIZE.

Referenced by DetectContentPMATCHValidateCallback(), and SigParseApplyDsizeToContent().

Here is the caller graph for this function:

◆ SigParseSetDsizePair()

void SigParseSetDsizePair ( Signature s)