suricata
detect-engine-helper.h
Go to the documentation of this file.
1 /* Copyright (C) 2023 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Philippe Antoine <p.antoine@catenacyber.fr>
22  */
23 
24 #ifndef SURICATA_DETECT_ENGINE_HELPER_H
25 #define SURICATA_DETECT_ENGINE_HELPER_H
26 
27 #include "app-layer-protos.h"
28 #include "detect.h"
29 #include "rust.h"
30 
31 int SCDetectHelperNewKeywordId(void);
32 
33 int DetectHelperKeywordRegister(const SCSigTableElmt *kw);
34 int DetectHelperBufferRegister(const char *name, AppProto alproto, bool toclient, bool toserver);
35 
36 typedef bool (*SimpleGetTxBuffer)(void *, uint8_t, const uint8_t **, uint32_t *);
37 typedef bool (*MultiGetTxBuffer)(void *, uint8_t, uint32_t, const uint8_t **, uint32_t *);
38 
39 InspectionBuffer *DetectHelperGetData(struct DetectEngineThreadCtx_ *det_ctx,
40  const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv,
41  const int list_id, SimpleGetTxBuffer GetBuf);
42 int DetectHelperBufferMpmRegister(const char *name, const char *desc, AppProto alproto,
43  bool toclient, bool toserver, InspectionBufferGetDataPtr GetData);
44 int DetectHelperMultiBufferMpmRegister(const char *name, const char *desc, AppProto alproto,
45  bool toclient, bool toserver, InspectionMultiBufferGetDataPtr GetData);
46 
47 InspectionBuffer *DetectHelperGetMultiData(struct DetectEngineThreadCtx_ *det_ctx,
48  const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv,
49  const int list_id, uint32_t index, MultiGetTxBuffer GetBuf);
50 
51 int DetectHelperTransformRegister(const SCTransformTableElmt *kw);
52 const uint8_t *InspectionBufferPtr(InspectionBuffer *buf);
53 uint32_t InspectionBufferLength(InspectionBuffer *buf);
54 
55 #endif /* SURICATA_DETECT_ENGINE_HELPER_H */
DetectHelperKeywordRegister
int DetectHelperKeywordRegister(const SCSigTableElmt *kw)
Definition: detect-engine-helper.c:114
DetectHelperTransformRegister
int DetectHelperTransformRegister(const SCTransformTableElmt *kw)
Definition: detect-engine-helper.c:135
DetectEngineTransforms
Definition: detect.h:409
AppProto
uint16_t AppProto
Definition: app-layer-protos.h:85
InspectionMultiBufferGetDataPtr
InspectionBuffer *(* InspectionMultiBufferGetDataPtr)(struct DetectEngineThreadCtx_ *det_ctx, const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv, const int list_id, const uint32_t local_id)
Definition: detect.h:420
InspectionBuffer
Definition: detect.h:374
FrameStreamData::list_id
int list_id
Definition: detect-engine-frame.c:48
Flow_
Flow data structure.
Definition: flow.h:354
InspectionBufferGetDataPtr
InspectionBuffer *(* InspectionBufferGetDataPtr)(struct DetectEngineThreadCtx_ *det_ctx, const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv, const int list_id)
Definition: detect.h:415
FrameStreamData::det_ctx
DetectEngineThreadCtx * det_ctx
Definition: detect-engine-frame.c:45
InspectionBufferLength
uint32_t InspectionBufferLength(InspectionBuffer *buf)
Definition: detect-engine-helper.c:186
rust.h
DetectHelperGetMultiData
InspectionBuffer * DetectHelperGetMultiData(struct DetectEngineThreadCtx_ *det_ctx, const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv, const int list_id, uint32_t index, MultiGetTxBuffer GetBuf)
Definition: detect-engine-helper.c:157
InspectionBufferPtr
const uint8_t * InspectionBufferPtr(InspectionBuffer *buf)
Definition: detect-engine-helper.c:181
MultiGetTxBuffer
bool(* MultiGetTxBuffer)(void *, uint8_t, uint32_t, const uint8_t **, uint32_t *)
Definition: detect-engine-helper.h:37
DetectEngineThreadCtx_
Definition: detect.h:1116
SimpleGetTxBuffer
bool(* SimpleGetTxBuffer)(void *, uint8_t, const uint8_t **, uint32_t *)
Definition: detect-engine-helper.h:36
DetectHelperGetData
InspectionBuffer * DetectHelperGetData(struct DetectEngineThreadCtx_ *det_ctx, const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv, const int list_id, SimpleGetTxBuffer GetBuf)
detect.h
FrameStreamData::transforms
const DetectEngineTransforms * transforms
Definition: detect-engine-frame.c:46
SCDetectHelperNewKeywordId
int SCDetectHelperNewKeywordId(void)
Definition: detect-engine-helper.c:97
DetectHelperBufferRegister
int DetectHelperBufferRegister(const char *name, AppProto alproto, bool toclient, bool toserver)
Definition: detect-engine-helper.c:33
name
const char * name
Definition: tm-threads.c:2081
app-layer-protos.h
DetectHelperBufferMpmRegister
int DetectHelperBufferMpmRegister(const char *name, const char *desc, AppProto alproto, bool toclient, bool toserver, InspectionBufferGetDataPtr GetData)
Definition: detect-engine-helper.c:64
DetectHelperMultiBufferMpmRegister
int DetectHelperMultiBufferMpmRegister(const char *name, const char *desc, AppProto alproto, bool toclient, bool toserver, InspectionMultiBufferGetDataPtr GetData)
Definition: detect-engine-helper.c:83