detect-engine-frame.h File Reference

#include "app-layer-frames.h"

Include dependency graph for detect-engine-frame.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions
void	DetectRunPrefilterFrame (DetectEngineThreadCtx *det_ctx, const SigGroupHead *sgh, Packet *p, const Frames *frames, const Frame *frame, const AppProto alproto)
bool	DetectRunFrameInspectRule (ThreadVars *tv, DetectEngineThreadCtx *det_ctx, const Signature *s, Flow *f, Packet *p, const Frames *frames, const Frame *frame)
int	DetectEngineInspectFrameBufferGeneric (DetectEngineThreadCtx *det_ctx, const DetectEngineFrameInspectionEngine *engine, const Signature *s, Packet *p, const Frames *frames, const Frame *frame)
	Do the content inspection & validation for a signature. More...

Detailed Description

Author

Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file detect-engine-frame.h.

Function Documentation

DetectEngineInspectFrameBufferGeneric()

int DetectEngineInspectFrameBufferGeneric	(	DetectEngineThreadCtx *	det_ctx,
		const DetectEngineFrameInspectionEngine *	engine,
		const Signature *	s,
		Packet *	p,
		const Frames *	frames,
		const Frame *	frame
	)

Do the content inspection & validation for a signature.

Parameters

de_ctx	Detection engine context
det_ctx	Detection engine thread context
s	Signature to inspect
p	Packet
frame	stream frame to inspect

Return values

0	no match.
1	match.

Definition at line 556 of file detect-engine-frame.c.

References FrameStreamData::list_id, DetectEngineFrameInspectionEngine::mpm, FrameStreamData::p, Packet_::proto, SCLogDebug, DetectEngineFrameInspectionEngine::sm_list, FrameStreamData::transforms, DetectEngineFrameInspectionEngine::transforms, and DetectEngineFrameInspectionEngine::v1.

DetectRunFrameInspectRule()

bool DetectRunFrameInspectRule	(	ThreadVars *	tv,
		DetectEngineThreadCtx *	det_ctx,
		const Signature *	s,
		Flow *	f,
		Packet *	p,
		const Frames *	frames,
		const Frame *	frame
	)

Definition at line 227 of file detect-engine-frame.c.

References Flow_::alproto, AppLayerParserGetFrameNameById(), BUG_ON, FrameStreamData::det_ctx, FrameStreamData::frame, Signature_::frame_inspect, Frame::id, Signature_::id, DetectEngineFrameInspectionEngine::next, FrameStreamData::p, Flow_::proto, FrameStreamData::s, SCLogDebug, and Frame::type.

Here is the call graph for this function:

DetectRunPrefilterFrame()

void DetectRunPrefilterFrame	(	DetectEngineThreadCtx *	det_ctx,
		const SigGroupHead *	sgh,
		Packet *	p,
		const Frames *	frames,
		const Frame *	frame,
		const AppProto	alproto
	)

Definition at line 73 of file detect-engine-frame.c.

References PrefilterEngine_::alproto, ALPROTO_UNKNOWN, BUG_ON, PrefilterEngine_::cb, PrefilterEngine_::ctx, SigGroupHead_::frame_engines, PrefilterEngine_::frame_type, PrefilterEngine_::gid, PrefilterEngine_::is_last, Packet_::pcap_cnt, PrefilterEngine_::pectx, PREFILTER_PROFILING_END, PREFILTER_PROFILING_START, PrefilterEngine_::PrefilterFrame, SCLogDebug, and Frame::type.