#include "suricata-common.h"#include "suricata.h"#include "app-layer-parser.h"#include "rust.h"#include "app-layer-frames.h"#include "detect-engine.h"#include "detect-engine-prefilter.h"#include "detect-engine-content-inspection.h"#include "detect-engine-mpm.h"#include "detect-engine-frame.h"#include "stream-tcp.h"#include "util-profiling.h"#include "util-validate.h"#include "util-print.h"
Go to the source code of this file.
Data Structures | |
| struct | FrameStreamData |
| struct | PrefilterMpmFrameCtx |
Typedefs | |
| typedef struct PrefilterMpmFrameCtx | PrefilterMpmFrameCtx |
Functions | |
| void | DetectRunPrefilterFrame (DetectEngineThreadCtx *det_ctx, const SigGroupHead *sgh, Packet *p, const Frames *frames, const Frame *frame, const AppProto alproto) |
| int | PrefilterGenericMpmFrameRegister (DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id) |
| bool | DetectRunFrameInspectRule (ThreadVars *tv, DetectEngineThreadCtx *det_ctx, const Signature *s, Flow *f, Packet *p, const Frames *frames, const Frame *frame) |
| int | DetectEngineInspectFrameBufferGeneric (DetectEngineThreadCtx *det_ctx, const DetectEngineFrameInspectionEngine *engine, const Signature *s, Packet *p, const Frames *frames, const Frame *frame) |
| Do the content inspection & validation for a signature. More... | |
Detailed Description
Definition in file detect-engine-frame.c.
Typedef Documentation
◆ PrefilterMpmFrameCtx
| typedef struct PrefilterMpmFrameCtx PrefilterMpmFrameCtx |
Function Documentation
◆ DetectEngineInspectFrameBufferGeneric()
| int DetectEngineInspectFrameBufferGeneric | ( | DetectEngineThreadCtx * | det_ctx, |
| const DetectEngineFrameInspectionEngine * | engine, | ||
| const Signature * | s, | ||
| Packet * | p, | ||
| const Frames * | frames, | ||
| const Frame * | frame | ||
| ) |
Do the content inspection & validation for a signature.
- Parameters
-
de_ctx Detection engine context det_ctx Detection engine thread context s Signature to inspect p Packet frame stream frame to inspect
- Return values
-
0 no match. 1 match.
Definition at line 561 of file detect-engine-frame.c.
References FrameStreamData::list_id, DetectEngineFrameInspectionEngine::mpm, FrameStreamData::p, Packet_::proto, SCLogDebug, DetectEngineFrameInspectionEngine::sm_list, FrameStreamData::transforms, DetectEngineFrameInspectionEngine::transforms, and DetectEngineFrameInspectionEngine::v1.
◆ DetectRunFrameInspectRule()
| bool DetectRunFrameInspectRule | ( | ThreadVars * | tv, |
| DetectEngineThreadCtx * | det_ctx, | ||
| const Signature * | s, | ||
| Flow * | f, | ||
| Packet * | p, | ||
| const Frames * | frames, | ||
| const Frame * | frame | ||
| ) |
Definition at line 229 of file detect-engine-frame.c.
References Flow_::alproto, AppLayerParserGetFrameNameById(), DEBUG_VALIDATE_BUG_ON, FrameStreamData::det_ctx, FrameStreamData::frame, Signature_::frame_inspect, Frame::id, Signature_::id, DetectEngineFrameInspectionEngine::next, FrameStreamData::p, Flow_::proto, FrameStreamData::s, SCLogDebug, and Frame::type.
◆ DetectRunPrefilterFrame()
| void DetectRunPrefilterFrame | ( | DetectEngineThreadCtx * | det_ctx, |
| const SigGroupHead * | sgh, | ||
| Packet * | p, | ||
| const Frames * | frames, | ||
| const Frame * | frame, | ||
| const AppProto | alproto | ||
| ) |
Definition at line 74 of file detect-engine-frame.c.
References PrefilterEngine_::alproto, ALPROTO_UNKNOWN, PrefilterEngine_::cb, PrefilterEngine_::ctx, FRAME_ANY_TYPE, SigGroupHead_::frame_engines, PrefilterEngine_::frame_type, PrefilterEngine_::gid, PrefilterEngine_::is_last, Packet_::pcap_cnt, PrefilterEngine_::pectx, PREFILTER_PROFILING_END, PREFILTER_PROFILING_START, PrefilterEngine_::PrefilterFrame, SCLogDebug, and Frame::type.
◆ PrefilterGenericMpmFrameRegister()
| int PrefilterGenericMpmFrameRegister | ( | DetectEngineCtx * | de_ctx, |
| SigGroupHead * | sgh, | ||
| MpmCtx * | mpm_ctx, | ||
| const DetectBufferMpmRegistry * | mpm_reg, | ||
| int | list_id | ||
| ) |
Definition at line 209 of file detect-engine-frame.c.
References ALPROTO_UNKNOWN, BUG_ON, de_ctx, DetectBufferMpmRegistry_::frame_v1, FrameStreamData::list_id, PrefilterMpmFrameCtx::list_id, FrameStreamData::mpm_ctx, PrefilterMpmFrameCtx::mpm_ctx, PrefilterAppendFrameEngine(), SCCalloc, SCEnter, PrefilterMpmFrameCtx::transforms, and DetectBufferMpmRegistry_::transforms.
