suricata
detect-engine-content-inspection.c File Reference
#include "suricata-common.h"
#include "suricata.h"
#include "decode.h"
#include "detect.h"
#include "detect-engine.h"
#include "detect-parse.h"
#include "rust.h"
#include "detect-asn1.h"
#include "detect-content.h"
#include "detect-pcre.h"
#include "detect-isdataat.h"
#include "detect-bytetest.h"
#include "detect-bytemath.h"
#include "detect-bytejump.h"
#include "detect-byte-extract.h"
#include "detect-replace.h"
#include "detect-engine-content-inspection.h"
#include "detect-uricontent.h"
#include "detect-urilen.h"
#include "detect-engine-uint.h"
#include "detect-bsize.h"
#include "detect-lua.h"
#include "detect-base64-decode.h"
#include "detect-base64-data.h"
#include "detect-dataset.h"
#include "detect-datarep.h"
#include "util-spm.h"
#include "util-debug.h"
#include "util-print.h"
#include "util-validate.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "util-profiling.h"
#include "tests/detect-engine-content-inspection.c"
Include dependency graph for detect-engine-content-inspection.c:

Go to the source code of this file.

Data Structures

struct  DetectEngineContentInspectionCtx
 

Functions

bool DetectEngineContentInspection (DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Packet *p, Flow *f, const uint8_t *buffer, const uint32_t buffer_len, const uint32_t stream_start_offset, const uint8_t flags, const enum DetectContentInspectionType inspection_mode)
 wrapper around DetectEngineContentInspectionInternal to return true/false only More...
 
bool DetectEngineContentInspectionBuffer (DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Packet *p, Flow *f, const InspectionBuffer *b, const enum DetectContentInspectionType inspection_mode)
 wrapper around DetectEngineContentInspectionInternal to return true/false only More...
 

Variables

thread_local uint32_t ut_inspection_recursion_counter = 0
 

Detailed Description

Author
Anoop Saldanha anoop.nosp@m.sald.nosp@m.anha@.nosp@m.gmai.nosp@m.l.com

Performs content inspection on any buffer supplied.

Definition in file detect-engine-content-inspection.c.

Function Documentation

◆ DetectEngineContentInspection()

bool DetectEngineContentInspection ( DetectEngineCtx de_ctx,
DetectEngineThreadCtx det_ctx,
const Signature s,
const SigMatchData smd,
Packet p,
Flow f,
const uint8_t *  buffer,
const uint32_t  buffer_len,
const uint32_t  stream_start_offset,
const uint8_t  flags,
const enum DetectContentInspectionType  inspection_mode 
)

wrapper around DetectEngineContentInspectionInternal to return true/false only

Parameters
smdsigmatches to evaluate

Definition at line 723 of file detect-engine-content-inspection.c.

References DetectEngineThreadCtx_::buffer_offset, DetectEngineContentInspectionCtx::count, de_ctx, DetectEngineCtx_::inspection_recursion_limit, and DetectEngineContentInspectionCtx::recursion.

Referenced by DetectEngineInspectBufferGeneric(), DetectEngineInspectPacketPayload(), and DetectEngineInspectPktBufferGeneric().

Here is the caller graph for this function:

◆ DetectEngineContentInspectionBuffer()

bool DetectEngineContentInspectionBuffer ( DetectEngineCtx de_ctx,
DetectEngineThreadCtx det_ctx,
const Signature s,
const SigMatchData smd,
Packet p,
Flow f,
const InspectionBuffer b,
const enum DetectContentInspectionType  inspection_mode 
)

wrapper around DetectEngineContentInspectionInternal to return true/false only

content inspect entry for inspection buffers

Parameters
smdsigmatches to evaluate

Definition at line 747 of file detect-engine-content-inspection.c.

References DetectEngineThreadCtx_::buffer_offset, DetectEngineContentInspectionCtx::count, de_ctx, DetectEngineCtx_::inspection_recursion_limit, and DetectEngineContentInspectionCtx::recursion.

Referenced by DetectEngineInspectMultiBufferGeneric().

Here is the caller graph for this function:

Variable Documentation

◆ ut_inspection_recursion_counter

thread_local uint32_t ut_inspection_recursion_counter = 0

Definition at line 70 of file detect-engine-content-inspection.c.