suricata
Data Structures | Typedefs | Functions
detect-engine-helper.h File Reference
#include "app-layer-protos.h"
#include "detect-engine-inspect-buffer.h"
Include dependency graph for detect-engine-helper.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  SCSigTableAppLiteElmt
 App-layer light version of SigTableElmt. More...
 
struct  SCTransformTableElmt
 

Typedefs

typedef struct Flow_ Flow
 
typedef struct DetectEngineCtx_ DetectEngineCtx
 
typedef struct Signature_ Signature
 
typedef struct SigMatchCtx_ SigMatchCtx
 
typedef struct DetectEngineThreadCtx_ DetectEngineThreadCtx
 
typedef struct DetectEngineTransforms DetectEngineTransforms
 
typedef InspectionBuffer *(* InspectionBufferGetDataPtr) (struct DetectEngineThreadCtx_ *det_ctx, const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv, const int list_id)
 
typedef bool(* InspectionMultiBufferGetDataPtr) (struct DetectEngineThreadCtx_ *det_ctx, const void *txv, const uint8_t flow_flags, uint32_t local_id, const uint8_t **buf, uint32_t *buf_len)
 
typedef bool(* InspectionSingleBufferGetDataPtr) (const void *txv, const uint8_t flow_flags, const uint8_t **buf, uint32_t *buf_len)
 
typedef struct SCSigTableAppLiteElmt SCSigTableAppLiteElmt
 App-layer light version of SigTableElmt. More...
 
typedef struct SCTransformTableElmt SCTransformTableElmt
 

Functions

int SCDetectHelperNewKeywordId (void)
 
uint16_t SCDetectHelperKeywordRegister (const SCSigTableAppLiteElmt *kw)
 
void SCDetectHelperKeywordAliasRegister (uint16_t kwid, const char *alias)
 
int SCDetectHelperBufferRegister (const char *name, AppProto alproto, uint8_t direction)
 
int SCDetectHelperBufferMpmRegister (const char *name, const char *desc, AppProto alproto, uint8_t direction, InspectionSingleBufferGetDataPtr GetData)
 
int SCDetectHelperMultiBufferMpmRegister (const char *name, const char *desc, AppProto alproto, uint8_t direction, InspectionMultiBufferGetDataPtr GetData)
 
int SCDetectHelperMultiBufferProgressMpmRegister (const char *name, const char *desc, AppProto alproto, uint8_t direction, InspectionMultiBufferGetDataPtr GetData, int progress)
 
int SCDetectHelperTransformRegister (const SCTransformTableElmt *kw)
 

Detailed Description

Author
Philippe Antoine p.ant.nosp@m.oine.nosp@m.@cate.nosp@m.nacy.nosp@m.ber.f.nosp@m.r

Definition in file detect-engine-helper.h.

Typedef Documentation

◆ DetectEngineCtx

typedef struct DetectEngineCtx_ DetectEngineCtx

Definition at line 1 of file detect-engine-helper.h.

◆ DetectEngineThreadCtx

typedef struct DetectEngineThreadCtx_ DetectEngineThreadCtx

Definition at line 1 of file detect-engine-helper.h.

◆ DetectEngineTransforms

typedef struct DetectEngineTransforms DetectEngineTransforms

Definition at line 1 of file detect-engine-helper.h.

◆ Flow

typedef struct Flow_ Flow

Definition at line 1 of file detect-engine-helper.h.

◆ InspectionBufferGetDataPtr

typedef InspectionBuffer*(* InspectionBufferGetDataPtr) (struct DetectEngineThreadCtx_ *det_ctx, const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv, const int list_id)

Definition at line 39 of file detect-engine-helper.h.

◆ InspectionMultiBufferGetDataPtr

typedef bool(* InspectionMultiBufferGetDataPtr) (struct DetectEngineThreadCtx_ *det_ctx, const void *txv, const uint8_t flow_flags, uint32_t local_id, const uint8_t **buf, uint32_t *buf_len)

Definition at line 42 of file detect-engine-helper.h.

◆ InspectionSingleBufferGetDataPtr

typedef bool(* InspectionSingleBufferGetDataPtr) (const void *txv, const uint8_t flow_flags, const uint8_t **buf, uint32_t *buf_len)

Definition at line 45 of file detect-engine-helper.h.

◆ SCSigTableAppLiteElmt

typedef struct SCSigTableAppLiteElmt SCSigTableAppLiteElmt

App-layer light version of SigTableElmt.

◆ SCTransformTableElmt

typedef struct SCTransformTableElmt SCTransformTableElmt

◆ SigMatchCtx

typedef struct SigMatchCtx_ SigMatchCtx

Definition at line 1 of file detect-engine-helper.h.

◆ Signature

typedef struct Signature_ Signature

Definition at line 1 of file detect-engine-helper.h.

Function Documentation

◆ SCDetectHelperBufferMpmRegister()

int SCDetectHelperBufferMpmRegister ( const char *  name,
const char *  desc,
AppProto  alproto,
uint8_t  direction,
InspectionSingleBufferGetDataPtr  GetData 
)

Definition at line 47 of file detect-engine-helper.c.

◆ SCDetectHelperBufferRegister()

int SCDetectHelperBufferRegister ( const char *  name,
AppProto  alproto,
uint8_t  direction 
)

Definition at line 34 of file detect-engine-helper.c.

References DetectAppLayerInspectEngineRegister(), DetectBufferTypeRegister(), DetectEngineInspectGenericList(), name, SIG_FLAG_TOCLIENT, and SIG_FLAG_TOSERVER.

Here is the call graph for this function:

◆ SCDetectHelperKeywordAliasRegister()

void SCDetectHelperKeywordAliasRegister ( uint16_t  kwid,
const char *  alias 
)

Definition at line 124 of file detect-engine-helper.c.

References SigTableElmt_::alias, and sigmatch_table.

◆ SCDetectHelperKeywordRegister()

uint16_t SCDetectHelperKeywordRegister ( const SCSigTableAppLiteElmt kw)

Definition at line 103 of file detect-engine-helper.c.

References SCSigTableAppLiteElmt::AppLayerTxMatch, SigTableElmt_::AppLayerTxMatch, ctx, SCSigTableAppLiteElmt::desc, SigTableElmt_::desc, FrameStreamData::det_ctx, flags, SCSigTableAppLiteElmt::flags, SigTableElmt_::flags, SCSigTableAppLiteElmt::Free, SigTableElmt_::Free, SCSigTableAppLiteElmt::name, SigTableElmt_::name, FrameStreamData::s, SCDetectHelperNewKeywordId(), SCSigTableAppLiteElmt::Setup, SigTableElmt_::Setup, sigmatch_table, SCSigTableAppLiteElmt::url, and SigTableElmt_::url.

Here is the call graph for this function:

◆ SCDetectHelperMultiBufferMpmRegister()

int SCDetectHelperMultiBufferMpmRegister ( const char *  name,
const char *  desc,
AppProto  alproto,
uint8_t  direction,
InspectionMultiBufferGetDataPtr  GetData 
)

Definition at line 80 of file detect-engine-helper.c.

◆ SCDetectHelperMultiBufferProgressMpmRegister()

int SCDetectHelperMultiBufferProgressMpmRegister ( const char *  name,
const char *  desc,
AppProto  alproto,
uint8_t  direction,
InspectionMultiBufferGetDataPtr  GetData,
int  progress 
)

Definition at line 66 of file detect-engine-helper.c.

◆ SCDetectHelperNewKeywordId()

int SCDetectHelperNewKeywordId ( void  )

Definition at line 86 of file detect-engine-helper.c.

References DETECT_TBLSIZE, DETECT_TBLSIZE_IDX, DETECT_TBLSIZE_STEP, SCRealloc, sigmatch_table, and unlikely.

Referenced by SCDetectHelperKeywordRegister(), and SCDetectHelperTransformRegister().

Here is the caller graph for this function:

◆ SCDetectHelperTransformRegister()

int SCDetectHelperTransformRegister ( const SCTransformTableElmt kw)

Definition at line 129 of file detect-engine-helper.c.

References SCTransformTableElmt::desc, SigTableElmt_::desc, FrameStreamData::det_ctx, SCTransformTableElmt::flags, SigTableElmt_::flags, SCTransformTableElmt::Free, SigTableElmt_::Free, SCTransformTableElmt::name, SigTableElmt_::name, FrameStreamData::s, SCDetectHelperNewKeywordId(), SCTransformTableElmt::Setup, SigTableElmt_::Setup, sigmatch_table, SCTransformTableElmt::Transform, SigTableElmt_::Transform, SCTransformTableElmt::TransformId, SigTableElmt_::TransformId, SCTransformTableElmt::TransformValidate, SigTableElmt_::TransformValidate, SCTransformTableElmt::url, and SigTableElmt_::url.

Here is the call graph for this function: