#include "suricata-common.h"#include "detect.h"#include "detect-parse.h"#include "detect-file-hash-common.h"#include "app-layer-htp.h"
Go to the source code of this file.
Functions | |
| int | ReadHashString (uint8_t *hash, const char *string, const char *filename, int line_no, uint16_t expected_len) |
| Read the bytes of a hash from an hexadecimal string. More... | |
| int | LoadHashTable (ROHashTable *hash_table, const char *string, const char *filename, int line_no, uint32_t type) |
| Store a hash into the hash table. More... | |
| int | DetectFileHashMatch (DetectEngineThreadCtx *det_ctx, Flow *f, uint8_t flags, File *file, const Signature *s, const SigMatchCtx *m) |
| Match the specified file hash. More... | |
| int | DetectFileHashSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str, uint16_t type, int list) |
| this function is used to parse filemd5, filesha1 and filesha256 options More... | |
| void | DetectFileHashFree (DetectEngineCtx *de_ctx, void *ptr) |
| this function will free memory associated with DetectFileHashData More... | |
Detailed Description
Definition in file detect-file-hash-common.c.
Function Documentation
◆ DetectFileHashFree()
| void DetectFileHashFree | ( | DetectEngineCtx * | de_ctx, |
| void * | ptr | ||
| ) |
this function will free memory associated with DetectFileHashData
- Parameters
-
filehash pointer to DetectFileHashData
Definition at line 359 of file detect-file-hash-common.c.
References DetectFileHashData_::hash, ROHashFree(), and SCFree.
◆ DetectFileHashMatch()
| int DetectFileHashMatch | ( | DetectEngineThreadCtx * | det_ctx, |
| Flow * | f, | ||
| uint8_t | flags, | ||
| File * | file, | ||
| const Signature * | s, | ||
| const SigMatchCtx * | m | ||
| ) |
Match the specified file hash.
- Parameters
-
det_ctx pattern matcher thread local data f LOCKED flow flags direction flags file file being inspected s signature being inspected m sigmatch that we will cast into DetectFileHashData
- Return values
-
0 no match 1 match
Definition at line 144 of file detect-file-hash-common.c.
References Signature_::file_flags, FILE_MD5, FILE_SIG_NEED_MD5, FILE_STATE_CLOSED, File_::flags, m, SCEnter, SCReturnInt, and File_::state.
Referenced by DetectFileMd5Register(), DetectFileSha1Register(), and DetectFileSha256Register().
◆ DetectFileHashSetup()
| int DetectFileHashSetup | ( | DetectEngineCtx * | de_ctx, |
| Signature * | s, | ||
| const char * | str, | ||
| uint16_t | type, | ||
| int | list | ||
| ) |
this function is used to parse filemd5, filesha1 and filesha256 options
into the current signature
- Parameters
-
de_ctx pointer to the Detection Engine Context s pointer to the Current Signature str pointer to the user provided "filemd5", "filesha1" or "filesha256" option type type of file hash to setup
- Return values
-
0 on Success -1 on Failure
Definition at line 318 of file detect-file-hash-common.c.
◆ LoadHashTable()
| int LoadHashTable | ( | ROHashTable * | hash_table, |
| const char * | string, | ||
| const char * | filename, | ||
| int | line_no, | ||
| uint32_t | type | ||
| ) |
Store a hash into the hash table.
- Parameters
-
hash_table hash table that will hold the hash string hexadecimal string representing the hash filename file name from where the string was read line_no file line number from where the string was read type the hash algorithm
- Return values
-
-1 failed to load the hash into the hash table 1 successfully loaded the has into the hash table
Definition at line 85 of file detect-file-hash-common.c.
References DETECT_FILEMD5, DETECT_FILESHA1, ReadHashString(), ROHashInitQueueValue(), and type.
◆ ReadHashString()
| int ReadHashString | ( | uint8_t * | hash, |
| const char * | string, | ||
| const char * | filename, | ||
| int | line_no, | ||
| uint16_t | expected_len | ||
| ) |
Read the bytes of a hash from an hexadecimal string.
- Parameters
-
hash buffer to store the resulting bytes string hexadecimal string representing the hash filename file name from where the string was read line_no file line number from where the string was read expected_len the expected length of the string that was read
- Return values
-
-1 the hexadecimal string is invalid 1 the hexadecimal string was read successfully
Definition at line 47 of file detect-file-hash-common.c.
References SCLogError.
Referenced by LoadHashTable().
