#include "suricata-common.h"#include "threads.h"#include "decode.h"#include "detect.h"#include "detect-parse.h"#include "detect-engine.h"#include "detect-engine-buffer.h"#include "detect-engine-mpm.h"#include "detect-engine-state.h"#include "detect-engine-prefilter.h"#include "detect-engine-content-inspection.h"#include "detect-engine-file.h"#include "detect-file-data.h"#include "app-layer.h"#include "app-layer-parser.h"#include "app-layer-htp.h"#include "app-layer-smtp.h"#include "flow.h"#include "flow-var.h"#include "flow-util.h"#include "util-debug.h"#include "util-spm-bm.h"#include "util-unittest.h"#include "util-unittest-helper.h"#include "util-file-decompression.h"#include "util-profiling.h"#include "tests/detect-file-data.c"
Go to the source code of this file.
Data Structures | |
| struct | DetectFileHandlerProtocol_t |
Macros | |
| #define | ALPROTO_WITHFILES_MAX 16 |
Functions | |
| int | PrefilterMpmFiledataRegister (DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id) |
| void | DetectFileRegisterProto (AppProto alproto, int direction, int to_client_progress, int to_server_progress) |
| void | DetectFileRegisterFileProtocols (DetectFileHandlerTableElmt *reg) |
| void | DetectFiledataRegister (void) |
| Registration function for keyword: file_data. More... | |
| uint8_t | DetectEngineInspectFiledata (DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) |
Variables | |
| DetectFileHandlerTableElmt | filehandler_table [DETECT_TBLSIZE_STATIC] |
| DetectFileHandlerProtocol_t | al_protocols [ALPROTO_WITHFILES_MAX] |
Detailed Description
Definition in file detect-file-data.c.
Macro Definition Documentation
◆ ALPROTO_WITHFILES_MAX
| #define ALPROTO_WITHFILES_MAX 16 |
Definition at line 81 of file detect-file-data.c.
Function Documentation
◆ DetectEngineInspectFiledata()
| uint8_t DetectEngineInspectFiledata | ( | DetectEngineCtx * | de_ctx, |
| DetectEngineThreadCtx * | det_ctx, | ||
| const DetectEngineAppInspectionEngine * | engine, | ||
| const Signature * | s, | ||
| Flow * | f, | ||
| uint8_t | flags, | ||
| void * | alstate, | ||
| void * | txv, | ||
| uint64_t | tx_id | ||
| ) |
Definition at line 481 of file detect-file-data.c.
References Flow_::alproto, AppLayerParserGetStateProgress(), AppLayerParserGetTxFiles(), DETECT_ENGINE_INSPECT_SIG_CANT_MATCH_FILES, DETECT_ENGINE_INSPECT_SIG_MATCH, DETECT_ENGINE_INSPECT_SIG_NO_MATCH, flags, FileContainer_::head, DetectEngineAppInspectionEngine_::match_on_null, DetectEngineAppInspectionEngine_::mpm, File_::next, DetectEngineAppInspectionEngine_::progress, Flow_::proto, DetectEngineAppInspectionEngine_::transforms, and DetectEngineAppInspectionEngine_::v2.
◆ DetectFiledataRegister()
| void DetectFiledataRegister | ( | void | ) |
Registration function for keyword: file_data.
Definition at line 148 of file detect-file-data.c.
References SigTableElmt_::alias, SigTableElmt_::desc, DETECT_FILE_DATA, SigTableElmt_::name, SigTableElmt_::Setup, sigmatch_table, and SigTableElmt_::url.
Referenced by SigTableSetup().
◆ DetectFileRegisterFileProtocols()
| void DetectFileRegisterFileProtocols | ( | DetectFileHandlerTableElmt * | reg | ) |
Definition at line 118 of file detect-file-data.c.
References al_protocols, DetectFileHandlerProtocol_t::alproto, ALPROTO_UNKNOWN, DetectFileHandlerTableElmt_::Callback, DetectAppLayerInspectEngineRegister(), DetectAppLayerMpmRegister(), DetectFileHandlerProtocol_t::direction, g_alproto_max, DetectFileHandlerTableElmt_::GetData, DetectFileHandlerTableElmt_::name, DetectFileHandlerTableElmt_::PrefilterFn, DetectFileHandlerTableElmt_::priority, SIG_FLAG_TOCLIENT, SIG_FLAG_TOSERVER, DetectFileHandlerProtocol_t::to_client_progress, and DetectFileHandlerProtocol_t::to_server_progress.
◆ DetectFileRegisterProto()
| void DetectFileRegisterProto | ( | AppProto | alproto, |
| int | direction, | ||
| int | to_client_progress, | ||
| int | to_server_progress | ||
| ) |
◆ PrefilterMpmFiledataRegister()
| int PrefilterMpmFiledataRegister | ( | DetectEngineCtx * | de_ctx, |
| SigGroupHead * | sgh, | ||
| MpmCtx * | mpm_ctx, | ||
| const DetectBufferMpmRegistry * | mpm_reg, | ||
| int | list_id | ||
| ) |
Definition at line 582 of file detect-file-data.c.
References PrefilterMpmFiledata::base_list_id, de_ctx, PrefilterMpmFiledata::list_id, PrefilterMpmFiledata::mpm_ctx, PrefilterAppendTxEngine(), SCCalloc, DetectBufferMpmRegistry_::sm_list_base, PrefilterMpmFiledata::transforms, and DetectBufferMpmRegistry_::transforms.
Variable Documentation
◆ al_protocols
| DetectFileHandlerProtocol_t al_protocols[ALPROTO_WITHFILES_MAX] |
Definition at line 83 of file detect-file-data.c.
Referenced by DetectFileRegisterFileProtocols(), and DetectFileRegisterProto().
◆ filehandler_table
| DetectFileHandlerTableElmt filehandler_table[DETECT_TBLSIZE_STATIC] |
Definition at line 78 of file detect-file-data.c.
