suricata
detect-dsize.h
Go to the documentation of this file.
1 /* Copyright (C) 2007-2010 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #ifndef __DETECT_DSIZE_H__
25 #define __DETECT_DSIZE_H__
26 
27 #define DETECTDSIZE_LT 0
28 #define DETECTDSIZE_EQ 1
29 #define DETECTDSIZE_GT 2
30 #define DETECTDSIZE_RA 3
31 
32 typedef struct DetectDsizeData_ {
33  uint16_t dsize;
34  uint16_t dsize2;
35  uint8_t mode;
37 
38 /* prototypes */
39 void DetectDsizeRegister (void);
40 
41 int SigParseGetMaxDsize(const Signature *s);
44 
45 #endif /* __DETECT_DSIZE_H__ */
46 
Signature container.
Definition: detect.h:522
struct DetectDsizeData_ DetectDsizeData
void DetectDsizeRegister(void)
Registration function for dsize: keyword.
Definition: detect-dsize.c:65
void SigParseApplyDsizeToContent(Signature *s)
Apply dsize as depth to content matches in the rule.
Definition: detect-dsize.c:440
int SigParseGetMaxDsize(const Signature *s)
get max dsize "depth"
Definition: detect-dsize.c:381
void SigParseSetDsizePair(Signature *s)
set prefilter dsize pair
Definition: detect-dsize.c:403