Go to the documentation of this file.
75 for (
File *file = ffc->
head; file != NULL; file = file->
next) {
84 SCLogDebug(
"sig needs filename, but we don't have any");
91 SCLogDebug(
"sig needs file content, but we don't have any");
97 SCLogDebug(
"sig needs file content, but we don't have any");
103 SCLogDebug(
"sig needs file md5, but we don't have any");
109 SCLogDebug(
"sig needs file sha1, but we don't have any");
115 SCLogDebug(
"sig needs file sha256, but we don't have any");
121 SCLogDebug(
"sig needs filesize, but state < FILE_STATE_CLOSED");
158 SCLogDebug(
"stored MATCH, current file NOMATCH");
185 uint8_t
flags,
void *alstate,
void *tx, uint64_t tx_id)
190 const uint8_t direction =
flags & (STREAM_TOSERVER|STREAM_TOCLIENT);
193 SCLogDebug(
"tx %p tx_id %" PRIu64
" ffc %p ffc->head %p sid %u", tx, tx_id, ffc,
194 ffc ? ffc->
head : NULL, s->
id);
197 }
else if (ffc->
head == NULL) {
202 uint8_t match = DetectFileInspect(det_ctx, f, s, engine->
smd,
flags, ffc);
206 SCLogDebug(
"sid %u can't match on this transaction", s->
id);
209 SCLogDebug(
"sid %u can't match on this transaction (file sig)", s->
id);
#define FILE_SIG_NEED_SHA1
int(* FileMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, File *, const Signature *, const SigMatchCtx *)
main detection engine ctx
#define FILE_SIG_NEED_FILENAME
#define KEYWORD_PROFILING_START
#define KEYWORD_PROFILING_END(ctx, type, m)
#define FILE_SIG_NEED_MD5
#define DETECT_ENGINE_INSPECT_SIG_CANT_MATCH_FILES
#define FILE_SIG_NEED_MAGIC
#define DETECT_ENGINE_INSPECT_SIG_MATCH
#define FILE_SIG_NEED_SHA256
Data structures and function prototypes for keeping state for the detection engine.
#define DETECT_ENGINE_INSPECT_SIG_CANT_MATCH
uint64_t FileDataSize(const File *file)
get the size of the file data
#define DETECT_ENGINE_INSPECT_SIG_MATCH_MORE_FILES
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
#define DETECT_ENGINE_INSPECT_SIG_NO_MATCH
uint8_t DetectFileInspectGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id)
Inspect the file inspecting keywords against the state.
#define FILE_SIG_NEED_FILECONTENT
AppLayerGetFileState AppLayerParserGetTxFiles(const Flow *f, void *state, void *tx, const uint8_t direction)
#define DEBUG_VALIDATE_BUG_ON(exp)
#define FILE_SIG_NEED_SIZE