suricata
detect-file-data.h
Go to the documentation of this file.
1 /* Copyright (C) 2007-2011 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #ifndef SURICATA_DETECT_FILEDATA_H
25 #define SURICATA_DETECT_FILEDATA_H
26 
27 /* prototypes */
28 void DetectFiledataRegister (void);
29 
30 /* File handler registration */
31 #define MAX_DETECT_ALPROTO_CNT 10
32 typedef struct DetectFileHandlerTableElmt_ {
33  const char *name;
34  int priority;
35  PrefilterRegisterFunc PrefilterFn;
36  InspectEngineFuncPtr Callback;
37  InspectionBufferGetDataPtr GetData;
38  int al_protocols[MAX_DETECT_ALPROTO_CNT];
39  int tx_progress;
40  int progress;
41 } DetectFileHandlerTableElmt;
42 void DetectFileRegisterFileProtocols(DetectFileHandlerTableElmt *entry);
43 
44 /* File registration table */
45 extern DetectFileHandlerTableElmt filehandler_table[DETECT_TBLSIZE_STATIC];
46 
47 typedef struct PrefilterMpmFiledata {
48  int list_id;
49  int base_list_id;
50  const MpmCtx *mpm_ctx;
51  const DetectEngineTransforms *transforms;
52 } PrefilterMpmFiledata;
53 
54 uint8_t DetectEngineInspectFiledata(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
55  const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,
56  void *alstate, void *txv, uint64_t tx_id);
57 int PrefilterMpmFiledataRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx,
58  const DetectBufferMpmRegistry *mpm_reg, int list_id);
59 
60 #endif /* SURICATA_DETECT_FILEDATA_H */
DETECT_TBLSIZE_STATIC
@ DETECT_TBLSIZE_STATIC
Definition: detect-engine-register.h:331
DetectEngineAppInspectionEngine_
Definition: detect.h:416
SigGroupHead_
Container for matching data for a signature group.
Definition: detect.h:1629
DetectEngineTransforms
Definition: detect.h:391
DetectFileHandlerTableElmt
struct DetectFileHandlerTableElmt_ DetectFileHandlerTableElmt
Flow_
Flow data structure.
Definition: flow.h:356
DetectEngineInspectFiledata
uint8_t DetectEngineInspectFiledata(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Definition: detect-file-data.c:481
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:932
DetectBufferMpmRegistry_
one time registration of keywords at start up
Definition: detect.h:762
MAX_DETECT_ALPROTO_CNT
#define MAX_DETECT_ALPROTO_CNT
Definition: detect-file-data.h:31
DetectFileHandlerTableElmt_::GetData
InspectionBufferGetDataPtr GetData
Definition: detect-file-data.h:37
filehandler_table
DetectFileHandlerTableElmt filehandler_table[DETECT_TBLSIZE_STATIC]
Definition: detect-file-data.c:78
PrefilterMpmFiledata::transforms
const DetectEngineTransforms * transforms
Definition: detect-file-data.h:51
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:18
DetectEngineThreadCtx_
Definition: detect.h:1244
PrefilterMpmFiledata::mpm_ctx
const MpmCtx * mpm_ctx
Definition: detect-file-data.h:50
DetectFileHandlerTableElmt_::progress
int progress
Definition: detect-file-data.h:40
DetectFileHandlerTableElmt_
Definition: detect-file-data.h:32
DetectFileHandlerTableElmt_::al_protocols
int al_protocols[MAX_DETECT_ALPROTO_CNT]
Definition: detect-file-data.h:38
PrefilterMpmFiledata::base_list_id
int base_list_id
Definition: detect-file-data.h:49
PrefilterRegisterFunc
int(* PrefilterRegisterFunc)(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
Definition: detect-engine-mpm.h:72
DetectFileHandlerTableElmt_::priority
int priority
Definition: detect-file-data.h:34
InspectEngineFuncPtr
uint8_t(* InspectEngineFuncPtr)(struct DetectEngineCtx_ *de_ctx, struct DetectEngineThreadCtx_ *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const struct Signature_ *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Definition: detect.h:411
flags
uint8_t flags
Definition: decode-gre.h:0
DetectFiledataRegister
void DetectFiledataRegister(void)
Registration function for keyword: file_data.
Definition: detect-file-data.c:148
PrefilterMpmFiledata
struct PrefilterMpmFiledata PrefilterMpmFiledata
DetectFileHandlerTableElmt_::PrefilterFn
PrefilterRegisterFunc PrefilterFn
Definition: detect-file-data.h:35
PrefilterMpmFiledataRegister
int PrefilterMpmFiledataRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
Definition: detect-file-data.c:582
Signature_
Signature container.
Definition: detect.h:668
DetectFileHandlerTableElmt_::tx_progress
int tx_progress
Definition: detect-file-data.h:39
DetectFileRegisterFileProtocols
void DetectFileRegisterFileProtocols(DetectFileHandlerTableElmt *entry)
Definition: detect-file-data.c:118
DetectFileHandlerTableElmt_::Callback
InspectEngineFuncPtr Callback
Definition: detect-file-data.h:36
InspectionBufferGetDataPtr
InspectionBuffer *(* InspectionBufferGetDataPtr)(struct DetectEngineThreadCtx_ *det_ctx, const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv, const int list_id)
Definition: detect-engine-helper.h:39
DetectFileHandlerTableElmt_::name
const char * name
Definition: detect-file-data.h:33
PrefilterMpmFiledata
Definition: detect-file-data.h:47
MpmCtx_
Definition: util-mpm.h:93
PrefilterMpmFiledata::list_id
int list_id
Definition: detect-file-data.h:48