suricata
detect-filestore.h File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  DetectFilestoreData_
 

Macros

#define FILESTORE_DIR_DEFAULT   0 /* rule dir */
 
#define FILESTORE_DIR_TOSERVER   1
 
#define FILESTORE_DIR_TOCLIENT   2
 
#define FILESTORE_DIR_BOTH   3
 
#define FILESTORE_SCOPE_DEFAULT   0 /* per file */
 
#define FILESTORE_SCOPE_TX   1 /* per transaction */
 
#define FILESTORE_SCOPE_SSN   2 /* per flow/ssn */
 

Typedefs

typedef struct DetectFilestoreData_ DetectFilestoreData
 

Functions

void DetectFilestoreRegister (void)
 Registration function for keyword: filestore. More...
 

Detailed Description

Macro Definition Documentation

#define FILESTORE_DIR_BOTH   3

Definition at line 30 of file detect-filestore.h.

Referenced by DetectFilestoreRegister().

#define FILESTORE_DIR_DEFAULT   0 /* rule dir */

Definition at line 27 of file detect-filestore.h.

Referenced by DetectFilestoreRegister().

#define FILESTORE_DIR_TOCLIENT   2

Definition at line 29 of file detect-filestore.h.

Referenced by DetectFilestoreRegister().

#define FILESTORE_DIR_TOSERVER   1

Definition at line 28 of file detect-filestore.h.

Referenced by DetectFilestoreRegister().

#define FILESTORE_SCOPE_DEFAULT   0 /* per file */

Definition at line 32 of file detect-filestore.h.

Referenced by DetectFilestoreRegister().

#define FILESTORE_SCOPE_SSN   2 /* per flow/ssn */

Definition at line 34 of file detect-filestore.h.

Referenced by DetectFilestoreRegister().

#define FILESTORE_SCOPE_TX   1 /* per transaction */

Definition at line 33 of file detect-filestore.h.

Referenced by DetectFilestoreRegister().

Typedef Documentation

Function Documentation

void DetectFilestoreRegister ( void  )

Registration function for keyword: filestore.

Definition at line 75 of file detect-filestore.c.

References Flow_::alproto, Signature_::alproto, ALPROTO_HTTP, Flow_::alstate, AppLayerHtpNeedFileInspection(), AppLayerParserGetFiles(), BUG_ON, SigMatch_::ctx, DE_QUIET, SigTableElmt_::desc, DETECT_FILESTORE, DETECT_FILESTORE_MAX, DETECT_FILESTORE_POSTMATCH, DETECT_SM_LIST_POSTMATCH, DetectBufferTypeRegister(), DetectEngineCtxFree(), DetectEngineCtxInit(), DetectSetupParseRegexes(), DetectFilestoreData_::direction, DOC_URL, DOC_VERSION, FAIL_IF, FAIL_IF_NOT_NULL, DetectEngineThreadCtx_::file_id, File_::file_store_id, SigTableElmt_::FileMatch, FileReassemblyDepth(), HtpState_::files_tc, HtpState_::files_ts, DetectEngineThreadCtx_::filestore, DetectEngineThreadCtx_::filestore_cnt, Signature_::filestore_ctx, FILESTORE_DIR_BOTH, FILESTORE_DIR_DEFAULT, FILESTORE_DIR_TOCLIENT, FILESTORE_DIR_TOSERVER, FILESTORE_SCOPE_DEFAULT, FILESTORE_SCOPE_SSN, FILESTORE_SCOPE_TX, FileStoreAllFiles(), FileStoreAllFilesForTx(), FileStoreFileById(), HtpState_::flags, flags, Signature_::flags, DetectEngineCtx_::flags, SigTableElmt_::flags, Packet_::flow, FLOW_PKT_TOCLIENT, FLOW_PKT_TOSERVER, Packet_::flowflags, SigTableElmt_::Free, HTP_FLAG_STORE_FILES_TC, HTP_FLAG_STORE_FILES_TS, HTP_FLAG_STORE_FILES_TX_TC, HTP_FLAG_STORE_FILES_TX_TS, Signature_::id, m, SigTableElmt_::Match, MAX_SUBSTRINGS, SigTableElmt_::name, PARSE_REGEX, Flow_::proto, Flow_::protoctx, SigTableElmt_::RegisterTests, res, SC_ERR_CONFLICTING_RULE_KEYWORDS, SC_ERR_PCRE_GET_SUBSTRING, SC_ERR_PCRE_MATCH, SCEnter, SCFree, SCLogDebug, SCLogError, SCMalloc, DetectFilestoreData_::scope, SCRealloc, SCReturnInt, SigTableElmt_::Setup, File_::sid, File_::sid_cnt, File_::sid_max, SIG_FLAG_BYPASS, SIG_FLAG_FILESTORE, DetectEngineCtx_::sig_list, SigInit(), SIGMATCH_OPTIONAL_OPT, sigmatch_table, SigMatchAlloc(), SigMatchAppendSMToList(), HtpState_::store_tx_id, str, STREAM_TOCLIENT, STREAM_TOSERVER, TcpSessionSetReassemblyDepth(), tx_id, DetectEngineThreadCtx_::tx_id, SigMatch_::type, unlikely, SigTableElmt_::url, and UtRegisterTest().

Referenced by SigTableSetup().

Here is the call graph for this function:

Here is the caller graph for this function: