suricata
Macros | Functions
detect-flow.c File Reference
#include "suricata-common.h"
#include "decode.h"
#include "detect.h"
#include "detect-parse.h"
#include "detect-engine.h"
#include "detect-engine-prefilter-common.h"
#include "detect-engine-build.h"
#include "flow.h"
#include "flow-var.h"
#include "detect-flow.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "util-debug.h"
#include "detect-engine-alert.h"
Include dependency graph for detect-flow.c:

Go to the source code of this file.

Macros

#define PARSE_REGEX   "^\\s*([A-z_]+)\\s*(?:,\\s*([A-z_]+))?\\s*(?:,\\s*([A-z_]+))?\\s*$"
 Regex for parsing our flow options. More...
 
#define SIG_FLAG_BOTH   (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)
 

Functions

int DetectFlowMatch (DetectEngineThreadCtx *det_ctx, Packet *p, const Signature *s, const SigMatchCtx *ctx)
 This function is used to match flow flags set on a packet with those passed via flow: More...
 
void DetectFlowFree (DetectEngineCtx *de_ctx, void *ptr)
 this function will free memory associated with DetectFlowData More...
 
void DetectFlowRegister (void)
 Registration function for flow: keyword. More...
 
int DetectFlowSetupImplicit (Signature *s, uint32_t flags)
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

FLOW part of the detection engine.

Definition in file detect-flow.c.

Macro Definition Documentation

◆ PARSE_REGEX

#define PARSE_REGEX   "^\\s*([A-z_]+)\\s*(?:,\\s*([A-z_]+))?\\s*(?:,\\s*([A-z_]+))?\\s*$"

Regex for parsing our flow options.

Definition at line 48 of file detect-flow.c.

◆ SIG_FLAG_BOTH

#define SIG_FLAG_BOTH   (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT)

Function Documentation

◆ DetectFlowFree()

void DetectFlowFree ( DetectEngineCtx de_ctx,
void *  ptr 
)

this function will free memory associated with DetectFlowData

Parameters
fdpointer to DetectFlowData

Definition at line 439 of file detect-flow.c.

References SCFree.

◆ DetectFlowMatch()

int DetectFlowMatch ( DetectEngineThreadCtx det_ctx,
Packet p,
const Signature s,
const SigMatchCtx ctx 
)

This function is used to match flow flags set on a packet with those passed via flow:

Parameters
tpointer to thread vars
det_ctxpointer to the pattern matcher thread
ppointer to the current packet
mpointer to the sigmatch that we will cast into DetectFlowData
Return values
0no match
1match

Definition at line 129 of file detect-flow.c.

References FLOW_PKT_ESTABLISHED, FLOW_PKT_TOCLIENT, FLOW_PKT_TOSERVER, Packet_::flowflags, SCEnter, and SCLogDebug.

Referenced by DetectFlowRegister().

Here is the caller graph for this function:

◆ DetectFlowRegister()

void DetectFlowRegister ( void  )

Registration function for flow: keyword.

Definition at line 65 of file detect-flow.c.

References SigTableElmt_::desc, DETECT_FLOW, DetectFlowMatch(), SigTableElmt_::Match, SigTableElmt_::name, SigTableElmt_::Setup, sigmatch_table, and SigTableElmt_::url.

Referenced by SigTableSetup().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DetectFlowSetupImplicit()

int DetectFlowSetupImplicit ( Signature s,
uint32_t  flags 
)

Definition at line 336 of file detect-flow.c.

References BUG_ON, flags, Signature_::flags, SCLogDebug, SIG_FLAG_BOTH, SIG_FLAG_TOCLIENT, and SIG_FLAG_TOSERVER.