suricata
detect-engine-payload.c File Reference
#include "suricata-common.h"
#include "suricata.h"
#include "rust.h"
#include "decode.h"
#include "detect.h"
#include "detect-engine.h"
#include "detect-parse.h"
#include "detect-engine-content-inspection.h"
#include "detect-engine-prefilter.h"
#include "detect-engine-state.h"
#include "detect-engine-payload.h"
#include "detect-engine-build.h"
#include "stream.h"
#include "stream-tcp.h"
#include "util-debug.h"
#include "util-print.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "util-validate.h"
#include "util-profiling.h"
#include "util-mpm-ac.h"
#include "detect-engine-alert.h"
Include dependency graph for detect-engine-payload.c:

Go to the source code of this file.

Data Structures

struct  StreamMpmData
 
struct  StreamContentInspectData
 
struct  StreamContentInspectEngineData
 

Functions

int PrefilterPktStreamRegister (DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx)
 
int PrefilterPktPayloadRegister (DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx)
 
uint8_t DetectEngineInspectPacketPayload (DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, Flow *f, Packet *p)
 Do the content inspection & validation for a signature. More...
 
int DetectEngineInspectStreamPayload (DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, Flow *f, Packet *p)
 Do the content inspection & validation for a signature on the raw stream. More...
 
uint8_t DetectEngineInspectStream (DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 inspect engine for stateful rules More...
 
void PayloadRegisterTests (void)
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Performs payload matching functions

Definition in file detect-engine-payload.c.

Function Documentation

◆ DetectEngineInspectPacketPayload()

uint8_t DetectEngineInspectPacketPayload ( DetectEngineCtx de_ctx,
DetectEngineThreadCtx det_ctx,
const Signature s,
Flow f,
Packet p 
)

Do the content inspection & validation for a signature.

Parameters
de_ctxDetection engine context
det_ctxDetection engine thread context
sSignature to inspect
fflow (for pcre flowvar storage)
pPacket
Return values
0no match
1match

Definition at line 152 of file detect-engine-payload.c.

References de_ctx, StreamMpmData::det_ctx, DETECT_CI_FLAGS_SINGLE, DETECT_ENGINE_CONTENT_INSPECTION_MODE_PAYLOAD, DETECT_SM_LIST_PMATCH, DetectEngineContentInspection(), Packet_::payload, Packet_::payload_len, SCEnter, SCReturnInt, and Signature_::sm_arrays.

Here is the call graph for this function:

◆ DetectEngineInspectStream()

uint8_t DetectEngineInspectStream ( DetectEngineCtx de_ctx,
DetectEngineThreadCtx det_ctx,
const struct DetectEngineAppInspectionEngine_ engine,
const Signature s,
Flow f,
uint8_t  flags,
void *  alstate,
void *  txv,
uint64_t  tx_id 
)

inspect engine for stateful rules

Caches results as it may be called multiple times if we inspect multiple transactions in one packet.

Returns "can't match" if depth is reached.

Definition at line 298 of file detect-engine-payload.c.

References StreamContentInspectEngineData::det_ctx, DetectEngineThreadCtx_::p, and Packet_::proto.

◆ DetectEngineInspectStreamPayload()

int DetectEngineInspectStreamPayload ( DetectEngineCtx de_ctx,
DetectEngineThreadCtx det_ctx,
const Signature s,
Flow f,
Packet p 
)

Do the content inspection & validation for a signature on the raw stream.

Parameters
de_ctxDetection engine context
det_ctxDetection engine thread context
sSignature to inspect
fflow (for pcre flowvar storage)
Return values
0no match
1match

Definition at line 248 of file detect-engine-payload.c.

References de_ctx, StreamContentInspectData::det_ctx, StreamContentInspectData::f, Signature_::flags, Flow_::protoctx, StreamContentInspectData::s, SCEnter, SCLogDebug, SIG_FLAG_FLUSH, and StreamReassembleRaw().

Here is the call graph for this function:

◆ PayloadRegisterTests()

void PayloadRegisterTests ( void  )

Definition at line 1142 of file detect-engine-payload.c.

References UtRegisterTest().

Here is the call graph for this function:

◆ PrefilterPktPayloadRegister()

int PrefilterPktPayloadRegister ( DetectEngineCtx de_ctx,
SigGroupHead sgh,
MpmCtx mpm_ctx 
)

Definition at line 132 of file detect-engine-payload.c.

References de_ctx, and PrefilterAppendPayloadEngine().

Referenced by PatternMatchPrepareGroup().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ PrefilterPktStreamRegister()

int PrefilterPktStreamRegister ( DetectEngineCtx de_ctx,
SigGroupHead sgh,
MpmCtx mpm_ctx 
)

Definition at line 109 of file detect-engine-payload.c.

References de_ctx, and PrefilterAppendPayloadEngine().

Referenced by PatternMatchPrepareGroup().

Here is the call graph for this function:
Here is the caller graph for this function: