suricata: src/detect-engine-payload.h File Reference

suricata

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions
int	PrefilterPktPayloadRegister (DetectEngineCtx de_ctx, SigGroupHead sgh, MpmCtx *mpm_ctx)

int	PrefilterPktStreamRegister (DetectEngineCtx de_ctx, SigGroupHead sgh, MpmCtx *mpm_ctx)

uint8_t	DetectEngineInspectPacketPayload (DetectEngineCtx , DetectEngineThreadCtx , const Signature , Flow , Packet *)
	Do the content inspection & validation for a signature. More...

int	DetectEngineInspectStreamPayload (DetectEngineCtx , DetectEngineThreadCtx , const Signature , Flow , Packet *)
	Do the content inspection & validation for a signature on the raw stream. More...

uint8_t	DetectEngineInspectStream (DetectEngineCtx de_ctx, DetectEngineThreadCtx det_ctx, const struct DetectEngineAppInspectionEngine_ engine, const Signature s, Flow f, uint8_t flags, void alstate, void *txv, uint64_t tx_id)
	inspect engine for stateful rules More...

void	PayloadRegisterTests (void)

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file detect-engine-payload.h.

Function Documentation

◆ DetectEngineInspectPacketPayload()

uint8_t DetectEngineInspectPacketPayload	(	DetectEngineCtx *	de_ctx,
		DetectEngineThreadCtx *	det_ctx,
		const Signature *	s,
		Flow *	f,
		Packet *	p
	)

Do the content inspection & validation for a signature.

Parameters

de_ctx	Detection engine context
det_ctx	Detection engine thread context
s	Signature to inspect
f	flow (for pcre flowvar storage)
p	Packet

Return values

0	no match
1	match

Definition at line 153 of file detect-engine-payload.c.

References DetectEngineThreadCtx_::buffer_offset, de_ctx, StreamMpmData::det_ctx, DETECT_CI_FLAGS_SINGLE, DETECT_ENGINE_CONTENT_INSPECTION_MODE_PAYLOAD, DETECT_SM_LIST_PMATCH, DetectEngineContentInspection(), DetectEngineThreadCtx_::discontinue_matching, DetectEngineThreadCtx_::inspection_recursion_counter, Packet_::payload, Packet_::payload_len, DetectEngineThreadCtx_::replist, SCEnter, SCReturnInt, and Signature_::sm_arrays.

Here is the call graph for this function:

◆ DetectEngineInspectStream()

uint8_t DetectEngineInspectStream	(	DetectEngineCtx *	de_ctx,
		DetectEngineThreadCtx *	det_ctx,
		const struct DetectEngineAppInspectionEngine_ *	engine,
		const Signature *	s,
		Flow *	f,
		uint8_t	flags,
		void *	alstate,
		void *	txv,
		uint64_t	tx_id
	)

inspect engine for stateful rules

Caches results as it may be called multiple times if we inspect multiple transactions in one packet.

Returns "can't match" if depth is reached.

Definition at line 321 of file detect-engine-payload.c.

References StreamContentInspectEngineData::det_ctx, DetectEngineThreadCtx_::p, and Packet_::proto.

◆ DetectEngineInspectStreamPayload()

int DetectEngineInspectStreamPayload	(	DetectEngineCtx *	de_ctx,
		DetectEngineThreadCtx *	det_ctx,
		const Signature *	s,
		Flow *	f,
		Packet *	p
	)

Do the content inspection & validation for a signature on the raw stream.

Parameters

de_ctx	Detection engine context
det_ctx	Detection engine thread context
s	Signature to inspect
f	flow (for pcre flowvar storage)

Return values

0	no match
1	match

Definition at line 266 of file detect-engine-payload.c.

References de_ctx, StreamContentInspectData::det_ctx, StreamContentInspectData::f, Signature_::flags, Flow_::protoctx, StreamContentInspectData::s, SCEnter, SCLogDebug, SIG_FLAG_FLUSH, and StreamReassembleRaw().

Here is the call graph for this function:

◆ PayloadRegisterTests()

void PayloadRegisterTests ( void )

Definition at line 1165 of file detect-engine-payload.c.

References UtRegisterTest().

Here is the call graph for this function:

◆ PrefilterPktPayloadRegister()

int PrefilterPktPayloadRegister	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	sgh,
		MpmCtx *	mpm_ctx
	)

Definition at line 133 of file detect-engine-payload.c.

References de_ctx, and PrefilterAppendPayloadEngine().

Referenced by PatternMatchPrepareGroup().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ PrefilterPktStreamRegister()

int PrefilterPktStreamRegister	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	sgh,
		MpmCtx *	mpm_ctx
	)

Definition at line 110 of file detect-engine-payload.c.

References de_ctx, and PrefilterAppendPayloadEngine().

Referenced by PatternMatchPrepareGroup().

Here is the call graph for this function:

Here is the caller graph for this function:

src
detect-engine-payload.h
Generated on Sun Sep 24 2023 23:30:44 for suricata by 1.8.18