suricata
Functions
detect-engine-payload.h File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

int PrefilterPktPayloadRegister (DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx)
 
int PrefilterPktStreamRegister (DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx)
 
int DetectEngineInspectPacketPayload (DetectEngineCtx *, DetectEngineThreadCtx *, const Signature *, Flow *, Packet *)
 Do the content inspection & validation for a signature. More...
 
int DetectEngineInspectStreamPayload (DetectEngineCtx *, DetectEngineThreadCtx *, const Signature *, Flow *, Packet *)
 Do the content inspection & validation for a signature on the raw stream. More...
 
int DetectEngineInspectStream (ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 inspect engine for stateful rules More...
 
void PayloadRegisterTests (void)
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file detect-engine-payload.h.

Function Documentation

int DetectEngineInspectPacketPayload ( DetectEngineCtx de_ctx,
DetectEngineThreadCtx det_ctx,
const Signature s,
Flow f,
Packet p 
)

Do the content inspection & validation for a signature.

Parameters
de_ctxDetection engine context
det_ctxDetection engine thread context
sSignature to inspect
fflow (for pcre flowvar storage)
pPacket
Return values
0no match
1match

Definition at line 150 of file detect-engine-payload.c.

References DetectEngineThreadCtx_::buffer_offset, DETECT_CI_FLAGS_SINGLE, DETECT_ENGINE_CONTENT_INSPECTION_MODE_PAYLOAD, DETECT_SM_LIST_PMATCH, DetectEngineContentInspection(), DetectEngineThreadCtx_::discontinue_matching, DetectEngineThreadCtx_::inspection_recursion_counter, Packet_::payload, Packet_::payload_len, DetectEngineThreadCtx_::replist, SCEnter, SCReturnInt, and Signature_::sm_arrays.

Referenced by SigMatchSignaturesGetSgh().

Here is the call graph for this function:

Here is the caller graph for this function:

int DetectEngineInspectStream ( ThreadVars tv,
DetectEngineCtx de_ctx,
DetectEngineThreadCtx det_ctx,
const Signature s,
const SigMatchData smd,
Flow f,
uint8_t  flags,
void *  alstate,
void *  txv,
uint64_t  tx_id 
)

inspect engine for stateful rules

Caches results as it may be called multiple times if we inspect multiple transactions in one packet.

Returns "can't match" if depth is reached.

Definition at line 317 of file detect-engine-payload.c.

References TcpSession_::client, StreamContentInspectEngineData::de_ctx, DE_QUIET, StreamMpmData::det_ctx, DETECT_ENGINE_INSPECT_SIG_CANT_MATCH, DETECT_ENGINE_INSPECT_SIG_MATCH, DETECT_ENGINE_INSPECT_SIG_NO_MATCH, DetectEngineCtxFree(), DetectEngineCtxInit(), DetectEngineThreadCtxDeinit(), DetectEngineThreadCtxInit(), TcpStream_::flags, Packet_::flags, Signature_::flags, DetectEngineCtx_::flags, Signature_::id, DetectEngineCtx_::inspection_recursion_limit, mpm_default_matcher, DetectEngineCtx_::mpm_matcher, DetectEngineThreadCtx_::p, PacketAlertCheck(), Packet_::pcap_cnt, PKT_STREAM_ADD, Packet_::proto, Flow_::protoctx, DetectEngineThreadCtx_::raw_stream_progress, StreamContentInspectEngineData::s, SCLogDebug, TcpSession_::server, SIG_FLAG_FLUSH, DetectEngineCtx_::sig_list, SigCleanSignatures(), SigGroupBuild(), SigGroupCleanup(), SigInit(), SigMatchSignatures(), StreamContentInspectEngineData::smd, STREAM_TOSERVER, StreamReassembleRaw(), STREAMTCP_STREAM_FLAG_DEPTH_REACHED, UTHBuildPacket(), UTHFreePacket(), and UTHPacketMatchSigMpm().

Referenced by DetectAppLayerInspectEngineRegister2().

Here is the call graph for this function:

Here is the caller graph for this function:

int DetectEngineInspectStreamPayload ( DetectEngineCtx de_ctx,
DetectEngineThreadCtx det_ctx,
const Signature s,
Flow f,
Packet p 
)

Do the content inspection & validation for a signature on the raw stream.

Parameters
de_ctxDetection engine context
det_ctxDetection engine thread context
sSignature to inspect
fflow (for pcre flowvar storage)
Return values
0no match
1match

Definition at line 263 of file detect-engine-payload.c.

References StreamContentInspectData::de_ctx, StreamMpmData::det_ctx, Signature_::flags, StreamContentInspectData::s, SCEnter, SIG_FLAG_FLUSH, and StreamReassembleRaw().

Referenced by SigMatchSignaturesGetSgh().

Here is the call graph for this function:

Here is the caller graph for this function:

void PayloadRegisterTests ( void  )

Definition at line 1316 of file detect-engine-payload.c.

References UtRegisterTest().

Here is the call graph for this function:

int PrefilterPktPayloadRegister ( DetectEngineCtx de_ctx,
SigGroupHead sgh,
MpmCtx mpm_ctx 
)

Definition at line 130 of file detect-engine-payload.c.

References PrefilterAppendPayloadEngine().

Referenced by PatternMatchPrepareGroup().

Here is the call graph for this function:

Here is the caller graph for this function:

int PrefilterPktStreamRegister ( DetectEngineCtx de_ctx,
SigGroupHead sgh,
MpmCtx mpm_ctx 
)

Definition at line 109 of file detect-engine-payload.c.

References MpmCtx_::minlen, StreamMpmData::mpm_ctx, mpm_table, MpmCtx_::mpm_type, DetectEngineThreadCtx_::mtc, Packet_::payload, Packet_::payload_len, DetectEngineThreadCtx_::pmq, PrefilterAppendPayloadEngine(), SCEnter, SCReturn, and MpmTableElmt_::Search.

Referenced by PatternMatchPrepareGroup().

Here is the call graph for this function:

Here is the caller graph for this function: