detect-engine-payload.c File Reference

#include "suricata-common.h"
#include "suricata.h"
#include "rust.h"
#include "decode.h"
#include "detect.h"
#include "detect-engine.h"
#include "detect-parse.h"
#include "detect-engine-content-inspection.h"
#include "detect-engine-prefilter.h"
#include "detect-engine-state.h"
#include "detect-engine-payload.h"
#include "detect-engine-build.h"
#include "stream.h"
#include "stream-tcp.h"
#include "util-debug.h"
#include "util-print.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "util-validate.h"
#include "util-profiling.h"
#include "util-mpm-ac.h"
#include "detect-engine-alert.h"

Include dependency graph for detect-engine-payload.c:

Go to the source code of this file.

Data Structures
struct	StreamMpmData
struct	StreamContentInspectData
struct	StreamContentInspectEngineData

Functions
int	PrefilterPktStreamRegister (DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx)
int	PrefilterPktPayloadRegister (DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx)
uint8_t	DetectEngineInspectPacketPayload (DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, Flow *f, Packet *p)
	Do the content inspection & validation for a signature. More...
int	DetectEngineInspectStreamPayload (DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, Flow *f, Packet *p)
	Do the content inspection & validation for a signature on the raw stream. More...
uint8_t	DetectEngineInspectStream (DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
	inspect engine for stateful rules More...
void	PayloadRegisterTests (void)

Detailed Description

Author

Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Performs payload matching functions

Definition in file detect-engine-payload.c.

Function Documentation

DetectEngineInspectPacketPayload()

uint8_t DetectEngineInspectPacketPayload	(	DetectEngineCtx *	de_ctx,
		DetectEngineThreadCtx *	det_ctx,
		const Signature *	s,
		Flow *	f,
		Packet *	p
	)

Do the content inspection & validation for a signature.

Parameters

de_ctx	Detection engine context
det_ctx	Detection engine thread context
s	Signature to inspect
f	flow (for pcre flowvar storage)
p	Packet

Return values

0	no match
1	match

Definition at line 152 of file detect-engine-payload.c.

References de_ctx, StreamMpmData::det_ctx, DETECT_CI_FLAGS_SINGLE, DETECT_ENGINE_CONTENT_INSPECTION_MODE_PAYLOAD, DETECT_SM_LIST_PMATCH, DetectEngineContentInspection(), Packet_::payload, Packet_::payload_len, SCEnter, SCReturnInt, and Signature_::sm_arrays.

Here is the call graph for this function:

DetectEngineInspectStream()

uint8_t DetectEngineInspectStream	(	DetectEngineCtx *	de_ctx,
		DetectEngineThreadCtx *	det_ctx,
		const struct DetectEngineAppInspectionEngine_ *	engine,
		const Signature *	s,
		Flow *	f,
		uint8_t	flags,
		void *	alstate,
		void *	txv,
		uint64_t	tx_id
	)

inspect engine for stateful rules

Caches results as it may be called multiple times if we inspect multiple transactions in one packet.

Returns "can't match" if depth is reached.

Definition at line 298 of file detect-engine-payload.c.

References StreamContentInspectEngineData::det_ctx, DetectEngineThreadCtx_::p, and Packet_::proto.

DetectEngineInspectStreamPayload()

int DetectEngineInspectStreamPayload	(	DetectEngineCtx *	de_ctx,
		DetectEngineThreadCtx *	det_ctx,
		const Signature *	s,
		Flow *	f,
		Packet *	p
	)

Do the content inspection & validation for a signature on the raw stream.

Parameters

de_ctx	Detection engine context
det_ctx	Detection engine thread context
s	Signature to inspect
f	flow (for pcre flowvar storage)

Return values

0	no match
1	match

Definition at line 248 of file detect-engine-payload.c.

References de_ctx, StreamContentInspectData::det_ctx, StreamContentInspectData::f, Signature_::flags, Flow_::protoctx, StreamContentInspectData::s, SCEnter, SCLogDebug, SIG_FLAG_FLUSH, and StreamReassembleRaw().

Here is the call graph for this function:

PayloadRegisterTests()

void PayloadRegisterTests

(

void

)

Definition at line 1142 of file detect-engine-payload.c.

References UtRegisterTest().

Here is the call graph for this function:

PrefilterPktPayloadRegister()

int PrefilterPktPayloadRegister	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	sgh,
		MpmCtx *	mpm_ctx
	)

Definition at line 132 of file detect-engine-payload.c.

References de_ctx, and PrefilterAppendPayloadEngine().

Referenced by PatternMatchPrepareGroup().

Here is the call graph for this function:

Here is the caller graph for this function:

PrefilterPktStreamRegister()

int PrefilterPktStreamRegister	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	sgh,
		MpmCtx *	mpm_ctx
	)

Definition at line 109 of file detect-engine-payload.c.

References de_ctx, and PrefilterAppendPayloadEngine().

Referenced by PatternMatchPrepareGroup().

Here is the call graph for this function:

Here is the caller graph for this function: