|
suricata
|
|
suricata
|
#include "suricata-common.h"#include "detect.h"#include "flow.h"#include "detect-content.h"#include "detect-parse.h"#include "detect-engine.h"#include "detect-engine-mpm.h"#include "detect-fast-pattern.h"#include "util-error.h"#include "util-debug.h"#include "util-unittest.h"#include "util-unittest-helper.h"
Go to the source code of this file.
Macros | |
| #define | PARSE_REGEX "^(\\s*only\\s*)|\\s*([0-9]+)\\s*,\\s*([0-9]+)\\s*$" |
| #define | MAX_SUBSTRINGS 30 |
Functions | |
| void | DetectFastPatternRegisterTests (void) |
| int | FastPatternSupportEnabledForSigMatchList (const DetectEngineCtx *de_ctx, const int list_id) |
| Checks if a particular list(Signature->sm_lists[]) is in the list of lists that need to be searched for a keyword that has fp support. More... | |
| void | SupportFastPatternForSigMatchList (int list_id, int priority) |
| Lets one add a sm list id to be searched for potential fp supported keywords later. More... | |
| void | SupportFastPatternForSigMatchTypes (void) |
| Registers the keywords(SMs) that should be given fp support. More... | |
| void | DetectFastPatternRegister (void) |
| Registration function for fast_pattern keyword. More... | |
Variables | |
| SCFPSupportSMList * | sm_fp_support_smlist_list = NULL |
Implements the fast_pattern keyword
Definition in file detect-fast-pattern.c.
| #define MAX_SUBSTRINGS 30 |
Referenced by DetectFastPatternRegister().
| #define PARSE_REGEX "^(\\s*only\\s*)|\\s*([0-9]+)\\s*,\\s*([0-9]+)\\s*$" |
Definition at line 40 of file detect-fast-pattern.c.
Referenced by DetectFastPatternRegister().
| void DetectFastPatternRegister | ( | void | ) |
Registration function for fast_pattern keyword.
Definition at line 161 of file detect-fast-pattern.c.
References DetectContentData_::content_len, SigMatch_::ctx, SigMatchData_::ctx, DE_QUIET, SigTableElmt_::desc, DETECT_CONTENT, DETECT_CONTENT_DEPTH, DETECT_CONTENT_DISTANCE, DETECT_CONTENT_FAST_PATTERN, DETECT_CONTENT_FAST_PATTERN_CHOP, DETECT_CONTENT_FAST_PATTERN_ONLY, DETECT_CONTENT_NEGATED, DETECT_CONTENT_NOCASE, DETECT_CONTENT_OFFSET, DETECT_CONTENT_WITHIN, DETECT_FAST_PATTERN, DETECT_SM_LIST_PMATCH, DetectEngineAppendSig(), DetectEngineCtxFree(), DetectEngineCtxInit(), DetectEngineThreadCtxDeinit(), DetectEngineThreadCtxInit(), DetectFastPatternRegisterTests(), DetectGetLastSMFromLists(), DetectGetLastSMFromMpmLists(), DetectSetupParseRegexes(), DOC_URL, DOC_VERSION, FAIL_IF, FAIL_IF_NOT_NULL, FAIL_IF_NULL, DetectContentData_::flags, DetectEngineCtx_::flags, SigTableElmt_::flags, FLOW_QUIET, FlowInitConfig(), FlowShutdown(), DetectContentData_::fp_chop_len, DetectContentData_::fp_chop_offset, SigTableElmt_::Free, DetectContentData_::id, SigMatch_::idx, Signature_::init_data, length, SigTableElmt_::Match, MAX_SUBSTRINGS, SigTableElmt_::name, SigMatch_::next, Signature_::next, offset, PacketAlertCheck(), PARSE_REGEX, PASS, SigTableElmt_::RegisterTests, res, SC_ERR_INVALID_SIGNATURE, SC_ERR_PCRE_GET_SUBSTRING, SC_ERR_PCRE_PARSE, SCLogError, SCLogInfo, SigTableElmt_::Setup, DetectEngineCtx_::sig_list, SigCleanSignatures(), SigGroupBuild(), SigGroupCleanup(), SigInit(), SIGMATCH_NOOPT, sigmatch_table, SigMatchSignatures(), Signature_::sm_arrays, SignatureInitData_::smlists, SignatureInitData_::smlists_array_size, SigMatch_::type, SigTableElmt_::url, UTHBuildPacket(), and UTHFreePackets().
Referenced by SigTableSetup().
| void DetectFastPatternRegisterTests | ( | void | ) |
Definition at line 18864 of file detect-fast-pattern.c.
References DetectBufferTypeGetByName(), and UtRegisterTest().
Referenced by DetectFastPatternRegister().
| int FastPatternSupportEnabledForSigMatchList | ( | const DetectEngineCtx * | de_ctx, |
| const int | list_id | ||
| ) |
Checks if a particular list(Signature->sm_lists[]) is in the list of lists that need to be searched for a keyword that has fp support.
| list_id | The list id. |
| 1 | If supported. |
| 0 | If not. |
Definition at line 61 of file detect-fast-pattern.c.
References DETECT_SM_LIST_L4HDR, DETECT_SM_LIST_PMATCH, DetectBufferTypeSupportsMpmGetById(), SCFPSupportSMList_::list_id, SCFPSupportSMList_::next, and sm_fp_support_smlist_list.
Referenced by RetrieveFPForSig().
| void SupportFastPatternForSigMatchList | ( | int | list_id, |
| int | priority | ||
| ) |
Lets one add a sm list id to be searched for potential fp supported keywords later.
| list_id | SM list id. |
| priority | Priority for this list. |
Definition at line 91 of file detect-fast-pattern.c.
References SCFPSupportSMList_::next, SCLogDebug, SCMalloc, sm_fp_support_smlist_list, and unlikely.
Referenced by DetectAppLayerMpmRegister(), DetectAppLayerMpmRegister2(), DetectAppLayerMpmRegisterByParentId(), DetectTcphdrRegister(), DetectUdphdrRegister(), and SupportFastPatternForSigMatchTypes().
| void SupportFastPatternForSigMatchTypes | ( | void | ) |
Registers the keywords(SMs) that should be given fp support.
Definition at line 140 of file detect-fast-pattern.c.
References DETECT_SM_LIST_PMATCH, SCFPSupportSMList_::list_id, SCFPSupportSMList_::next, SCFPSupportSMList_::priority, sm_fp_support_smlist_list, and SupportFastPatternForSigMatchList().
Referenced by GlobalsInitPreConfig().
| SCFPSupportSMList* sm_fp_support_smlist_list = NULL |
Definition at line 50 of file detect-fast-pattern.c.
Referenced by FastPatternSupportEnabledForSigMatchList(), RetrieveFPForSig(), SupportFastPatternForSigMatchList(), and SupportFastPatternForSigMatchTypes().
1.8.11