suricata: src/detect-engine-payload.h File Reference

suricata

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions
int	PrefilterPktPayloadRegister (DetectEngineCtx de_ctx, SigGroupHead sgh, MpmCtx *mpm_ctx)

int	PrefilterPktStreamRegister (DetectEngineCtx de_ctx, SigGroupHead sgh, MpmCtx *mpm_ctx)

int	DetectEngineInspectPacketPayload (DetectEngineCtx , DetectEngineThreadCtx , const Signature , Flow , Packet *)
	Do the content inspection & validation for a signature. More...

int	DetectEngineInspectStreamPayload (DetectEngineCtx , DetectEngineThreadCtx , const Signature , Flow , Packet *)
	Do the content inspection & validation for a signature on the raw stream. More...

int	DetectEngineInspectStream (ThreadVars tv, DetectEngineCtx de_ctx, DetectEngineThreadCtx det_ctx, const Signature s, const SigMatchData smd, Flow f, uint8_t flags, void alstate, void txv, uint64_t tx_id)
	inspect engine for stateful rules More...

void	PayloadRegisterTests (void)

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file detect-engine-payload.h.

Function Documentation

◆ DetectEngineInspectPacketPayload()

int DetectEngineInspectPacketPayload	(	DetectEngineCtx *	de_ctx,
		DetectEngineThreadCtx *	det_ctx,
		const Signature *	s,
		Flow *	f,
		Packet *	p
	)

Do the content inspection & validation for a signature.

Parameters

de_ctx	Detection engine context
det_ctx	Detection engine thread context
s	Signature to inspect
f	flow (for pcre flowvar storage)
p	Packet

Return values

0	no match
1	match

Definition at line 150 of file detect-engine-payload.c.

References DetectEngineThreadCtx_::buffer_offset, de_ctx, StreamMpmData::det_ctx, DETECT_CI_FLAGS_SINGLE, DETECT_ENGINE_CONTENT_INSPECTION_MODE_PAYLOAD, DETECT_SM_LIST_PMATCH, DetectEngineContentInspection(), DetectEngineThreadCtx_::discontinue_matching, DetectEngineThreadCtx_::inspection_recursion_counter, Packet_::payload, Packet_::payload_len, DetectEngineThreadCtx_::replist, SCEnter, SCReturnInt, and Signature_::sm_arrays.

Here is the call graph for this function:

◆ DetectEngineInspectStream()

int DetectEngineInspectStream	(	ThreadVars *	tv,
		DetectEngineCtx *	de_ctx,
		DetectEngineThreadCtx *	det_ctx,
		const Signature *	s,
		const SigMatchData *	smd,
		Flow *	f,
		uint8_t	flags,
		void *	alstate,
		void *	txv,
		uint64_t	tx_id
	)

inspect engine for stateful rules

Caches results as it may be called multiple times if we inspect multiple transactions in one packet.

Returns "can't match" if depth is reached.

Definition at line 317 of file detect-engine-payload.c.

References StreamContentInspectEngineData::det_ctx, DetectEngineThreadCtx_::p, and Packet_::proto.

◆ DetectEngineInspectStreamPayload()

int DetectEngineInspectStreamPayload	(	DetectEngineCtx *	de_ctx,
		DetectEngineThreadCtx *	det_ctx,
		const Signature *	s,
		Flow *	f,
		Packet *	p
	)

Do the content inspection & validation for a signature on the raw stream.

Parameters

de_ctx	Detection engine context
det_ctx	Detection engine thread context
s	Signature to inspect
f	flow (for pcre flowvar storage)

Return values

0	no match
1	match

Definition at line 263 of file detect-engine-payload.c.

References de_ctx, StreamContentInspectData::det_ctx, StreamContentInspectData::f, Signature_::flags, Flow_::protoctx, StreamContentInspectData::s, SCEnter, SCLogDebug, SIG_FLAG_FLUSH, and StreamReassembleRaw().

Here is the call graph for this function:

◆ PayloadRegisterTests()

void PayloadRegisterTests ( void )

Definition at line 1317 of file detect-engine-payload.c.

References UtRegisterTest().

Here is the call graph for this function:

◆ PrefilterPktPayloadRegister()

int PrefilterPktPayloadRegister	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	sgh,
		MpmCtx *	mpm_ctx
	)

Definition at line 130 of file detect-engine-payload.c.

References de_ctx, and PrefilterAppendPayloadEngine().

Referenced by PatternMatchPrepareGroup().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ PrefilterPktStreamRegister()

int PrefilterPktStreamRegister	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	sgh,
		MpmCtx *	mpm_ctx
	)

Definition at line 109 of file detect-engine-payload.c.

References de_ctx, and PrefilterAppendPayloadEngine().

Referenced by PatternMatchPrepareGroup().

Here is the call graph for this function:

Here is the caller graph for this function:

src
detect-engine-payload.h
Generated on Sun Sep 20 2020 23:30:45 for suricata by 1.8.18