suricata
detect-file-hash-common.c File Reference
#include "suricata-common.h"
#include "detect.h"
#include "detect-parse.h"
#include "detect-file-hash-common.h"
#include "app-layer-htp.h"
Include dependency graph for detect-file-hash-common.c:

Go to the source code of this file.

Functions

int ReadHashString (uint8_t *hash, const char *string, const char *filename, int line_no, uint16_t expected_len)
 Read the bytes of a hash from an hexadecimal string. More...
 
int LoadHashTable (ROHashTable *hash_table, const char *string, const char *filename, int line_no, uint32_t type)
 Store a hash into the hash table. More...
 
int DetectFileHashMatch (DetectEngineThreadCtx *det_ctx, Flow *f, uint8_t flags, File *file, const Signature *s, const SigMatchCtx *m)
 Match the specified file hash. More...
 
int DetectFileHashSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str, uint16_t type, int list)
 this function is used to parse filemd5, filesha1 and filesha256 options More...
 
void DetectFileHashFree (DetectEngineCtx *de_ctx, void *ptr)
 this function will free memory associated with DetectFileHashData More...
 

Detailed Description

Function Documentation

◆ DetectFileHashFree()

void DetectFileHashFree ( DetectEngineCtx de_ctx,
void *  ptr 
)

this function will free memory associated with DetectFileHashData

Parameters
filehashpointer to DetectFileHashData

Definition at line 371 of file detect-file-hash-common.c.

References DetectFileHashData_::hash, ROHashFree(), and SCFree.

Here is the call graph for this function:

◆ DetectFileHashMatch()

int DetectFileHashMatch ( DetectEngineThreadCtx det_ctx,
Flow f,
uint8_t  flags,
File file,
const Signature s,
const SigMatchCtx m 
)

Match the specified file hash.

Parameters
det_ctxpattern matcher thread local data
fLOCKED flow
flagsdirection flags
filefile being inspected
ssignature being inspected
msigmatch that we will cast into DetectFileHashData
Return values
0no match
1match

Definition at line 146 of file detect-file-hash-common.c.

References Signature_::file_flags, FILE_MD5, FILE_SIG_NEED_MD5, FILE_STATE_CLOSED, File_::flags, m, SCEnter, SCReturnInt, and File_::state.

Referenced by DetectFileMd5Register(), DetectFileSha1Register(), and DetectFileSha256Register().

Here is the caller graph for this function:

◆ DetectFileHashSetup()

int DetectFileHashSetup ( DetectEngineCtx de_ctx,
Signature s,
const char *  str,
uint16_t  type,
int  list 
)

this function is used to parse filemd5, filesha1 and filesha256 options

into the current signature

Parameters
de_ctxpointer to the Detection Engine Context
spointer to the Current Signature
strpointer to the user provided "filemd5", "filesha1" or "filesha256" option
typetype of file hash to setup
Return values
0on Success
-1on Failure

Definition at line 323 of file detect-file-hash-common.c.

◆ LoadHashTable()

int LoadHashTable ( ROHashTable hash_table,
const char *  string,
const char *  filename,
int  line_no,
uint32_t  type 
)

Store a hash into the hash table.

Parameters
hash_tablehash table that will hold the hash
stringhexadecimal string representing the hash
filenamefile name from where the string was read
line_nofile line number from where the string was read
typethe hash algorithm
Return values
-1failed to load the hash into the hash table
1successfully loaded the has into the hash table

Definition at line 87 of file detect-file-hash-common.c.

References DETECT_FILEMD5, DETECT_FILESHA1, ReadHashString(), ROHashInitQueueValue(), and type.

Here is the call graph for this function:

◆ ReadHashString()

int ReadHashString ( uint8_t *  hash,
const char *  string,
const char *  filename,
int  line_no,
uint16_t  expected_len 
)

Read the bytes of a hash from an hexadecimal string.

Parameters
hashbuffer to store the resulting bytes
stringhexadecimal string representing the hash
filenamefile name from where the string was read
line_nofile line number from where the string was read
expected_lenthe expected length of the string that was read
Return values
-1the hexadecimal string is invalid
1the hexadecimal string was read successfully

Definition at line 47 of file detect-file-hash-common.c.

References SC_ERR_INVALID_HASH, and SCLogError.

Referenced by LoadHashTable().

Here is the caller graph for this function: