suricata
Functions
detect-engine-modbus.c File Reference
#include "suricata-common.h"
#include "app-layer.h"
#include "app-layer-modbus.h"
#include "detect.h"
#include "detect-modbus.h"
#include "detect-engine-modbus.h"
#include "flow.h"
#include "util-debug.h"
#include "app-layer-parser.h"
#include "detect-parse.h"
#include "detect-engine.h"
#include "flow-util.h"
#include "stream-tcp.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
Include dependency graph for detect-engine-modbus.c:

Go to the source code of this file.

Functions

int DetectEngineInspectModbus (ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 Do the content inspection & validation for a signature. More...
 
void DetectEngineInspectModbusRegisterTests (void)
 

Detailed Description

Author
David DIALLO diall.nosp@m.o@et.nosp@m..esie.nosp@m.a.fr

Based on detect-engine-dns.c

Definition in file detect-engine-modbus.c.

Function Documentation

int DetectEngineInspectModbus ( ThreadVars tv,
DetectEngineCtx de_ctx,
DetectEngineThreadCtx det_ctx,
const Signature s,
const SigMatchData smd,
Flow f,
uint8_t  flags,
void *  alstate,
void *  txv,
uint64_t  tx_id 
)

Do the content inspection & validation for a signature.

Parameters
de_ctxDetection engine context
det_ctxDetection engine thread context
sSignature to inspect ( and sm: SigMatch to inspect)
fFlow
flagsApp layer flags
alstateApp layer state
txvPointer to Modbus Transaction structure
Return values
0no match or 1 match

Definition at line 199 of file detect-engine-modbus.c.

References DetectModbus_::address, Flow_::alproto, ALPROTO_MODBUS, Flow_::alstate, AppLayerParserParse(), AppLayerParserThreadCtxAlloc(), AppLayerParserThreadCtxFree(), DetectModbus_::category, ModbusTransaction_::category, SigMatchData_::ctx, DetectModbus_::data, DE_QUIET, DetectEngineAppendSig(), DetectEngineCtxFree(), DetectEngineCtxInit(), DetectEngineThreadCtxDeinit(), DetectEngineThreadCtxInit(), FAIL_IF, FAIL_IF_NOT, FAIL_IF_NULL, Flow_::flags, Packet_::flags, DetectEngineCtx_::flags, Packet_::flow, FLOW_DESTROY, FLOW_INITIALIZE, FLOW_IPV4, FLOW_PKT_ESTABLISHED, FLOW_PKT_TOSERVER, Packet_::flowflags, FLOWLOCK_UNLOCK, FLOWLOCK_WRLOCK, DetectModbus_::function, ModbusTransaction_::function, DetectModbusValue_::min, MODBUS_CAT_NONE, MODBUS_FUNC_NONE, MODBUS_TYP_ACCESS_FUNCTION_MASK, MODBUS_TYP_ACCESS_MASK, MODBUS_TYP_NONE, PacketAlertCheck(), PASS, PKT_HAS_FLOW, PKT_STREAM_EST, Flow_::proto, Flow_::protoctx, SCEnter, SCLogDebug, SCReturnInt, DetectEngineCtx_::sig_list, SigGroupBuild(), SigGroupCleanup(), SigInit(), SigMatchSignatures(), STREAM_TOSERVER, StreamTcpFreeConfig(), StreamTcpInitConfig(), DetectModbus_::subfunction, ModbusTransaction_::subFunction, TRUE, DetectModbus_::type, ModbusTransaction_::type, DetectModbus_::unit_id, ModbusTransaction_::unit_id, UTHBuildPacket(), and UTHFreePacket().

Referenced by DetectModbusRegister().

Here is the call graph for this function:

Here is the caller graph for this function:

void DetectEngineInspectModbusRegisterTests ( void  )

Definition at line 1444 of file detect-engine-modbus.c.

References UtRegisterTest().

Here is the call graph for this function: