#include "suricata-common.h"#include "threads.h"#include "decode.h"#include "detect.h"#include "detect-parse.h"#include "detect-engine.h"#include "detect-engine-buffer.h"#include "detect-engine-mpm.h"#include "detect-engine-state.h"#include "detect-engine-prefilter.h"#include "detect-engine-content-inspection.h"#include "detect-engine-file.h"#include "detect-file-data.h"#include "app-layer.h"#include "app-layer-parser.h"#include "app-layer-htp.h"#include "app-layer-smtp.h"#include "flow.h"#include "flow-var.h"#include "flow-util.h"#include "util-debug.h"#include "util-spm-bm.h"#include "util-unittest.h"#include "util-unittest-helper.h"#include "util-file-decompression.h"#include "util-profiling.h"#include "tests/detect-file-data.c"
Go to the source code of this file.
Functions | |
| int | PrefilterMpmFiledataRegister (DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id) |
| void | DetectFiledataRegister (void) |
| Registration function for keyword: file_data. More... | |
| uint8_t | DetectEngineInspectFiledata (DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) |
Detailed Description
Definition in file detect-file-data.c.
Function Documentation
◆ DetectEngineInspectFiledata()
| uint8_t DetectEngineInspectFiledata | ( | DetectEngineCtx * | de_ctx, |
| DetectEngineThreadCtx * | det_ctx, | ||
| const DetectEngineAppInspectionEngine * | engine, | ||
| const Signature * | s, | ||
| Flow * | f, | ||
| uint8_t | flags, | ||
| void * | alstate, | ||
| void * | txv, | ||
| uint64_t | tx_id | ||
| ) |
Definition at line 405 of file detect-file-data.c.
References Flow_::alproto, AppLayerParserGetStateProgress(), AppLayerParserGetTxFiles(), DETECT_ENGINE_INSPECT_SIG_CANT_MATCH_FILES, DETECT_ENGINE_INSPECT_SIG_MATCH, DETECT_ENGINE_INSPECT_SIG_NO_MATCH, flags, FileContainer_::head, DetectEngineAppInspectionEngine_::match_on_null, DetectEngineAppInspectionEngine_::mpm, File_::next, DetectEngineAppInspectionEngine_::progress, Flow_::proto, DetectEngineAppInspectionEngine_::transforms, and DetectEngineAppInspectionEngine_::v2.
◆ DetectFiledataRegister()
| void DetectFiledataRegister | ( | void | ) |
Registration function for keyword: file_data.
Definition at line 72 of file detect-file-data.c.
References SigTableElmt_::alias, SigTableElmt_::desc, DETECT_FILE_DATA, SigTableElmt_::name, SigTableElmt_::Setup, sigmatch_table, and SigTableElmt_::url.
Referenced by SigTableSetup().
◆ PrefilterMpmFiledataRegister()
| int PrefilterMpmFiledataRegister | ( | DetectEngineCtx * | de_ctx, |
| SigGroupHead * | sgh, | ||
| MpmCtx * | mpm_ctx, | ||
| const DetectBufferMpmRegistry * | mpm_reg, | ||
| int | list_id | ||
| ) |
Definition at line 502 of file detect-file-data.c.
References PrefilterMpmFiledata::base_list_id, de_ctx, PrefilterMpmFiledata::list_id, PrefilterMpmFiledata::mpm_ctx, PrefilterAppendTxEngine(), SCCalloc, DetectBufferMpmRegistry_::sm_list_base, PrefilterMpmFiledata::transforms, and DetectBufferMpmRegistry_::transforms.
