#include "suricata-common.h"#include "decode.h"#include "detect.h"#include "detect-parse.h"#include "detect-content.h"#include "threads.h"#include "flow.h"#include "flow-var.h"#include "pkt-var.h"#include "detect-flowvar.h"#include "util-spm.h"#include "util-var-name.h"#include "util-debug.h"#include "util-print.h"
Go to the source code of this file.
Macros | |
| #define | PARSE_REGEX "(.*),(.*)" |
Functions | |
| int | DetectFlowvarMatch (DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *) |
| void | DetectFlowvarRegister (void) |
| int | DetectVarStoreMatchKeyValue (DetectEngineThreadCtx *det_ctx, uint8_t *key, uint16_t key_len, uint8_t *buffer, uint16_t len, uint16_t type) |
| Store flowvar in det_ctx so we can exec it post-match. More... | |
| int | DetectVarStoreMatch (DetectEngineThreadCtx *det_ctx, uint32_t idx, uint8_t *buffer, uint16_t len, uint16_t type) |
| Store flowvar in det_ctx so we can exec it post-match. More... | |
| int | DetectFlowvarPostMatchSetup (DetectEngineCtx *de_ctx, Signature *s, uint32_t idx) |
| Setup a post-match for flowvar storage We're piggyback riding the DetectFlowvarData struct. More... | |
| void | DetectVarProcessListInternal (DetectVarList *fs, Flow *f, Packet *p) |
| Handle flowvar candidate list in det_ctx: clean up the list. More... | |
Detailed Description
Simple flowvar content match part of the detection engine.
Definition in file detect-flowvar.c.
Macro Definition Documentation
◆ PARSE_REGEX
| #define PARSE_REGEX "(.*),(.*)" |
Definition at line 45 of file detect-flowvar.c.
Function Documentation
◆ DetectFlowvarMatch()
| int DetectFlowvarMatch | ( | DetectEngineThreadCtx * | det_ctx, |
| Packet * | p, | ||
| const Signature * | s, | ||
| const SigMatchCtx * | ctx | ||
| ) |
Definition at line 99 of file detect-flowvar.c.
References DetectFlowvarData_::content, DetectFlowvarData_::content_len, ctx, FlowVar_::data, Packet_::flow, FlowVarGet(), FlowVar_::fv_str, DetectFlowvarData_::idx, SpmSearch, FlowVarTypeStr::value, and FlowVarTypeStr::value_len.
Referenced by DetectFlowvarRegister().
◆ DetectFlowvarPostMatchSetup()
| int DetectFlowvarPostMatchSetup | ( | DetectEngineCtx * | de_ctx, |
| Signature * | s, | ||
| uint32_t | idx | ||
| ) |
Setup a post-match for flowvar storage We're piggyback riding the DetectFlowvarData struct.
Definition at line 257 of file detect-flowvar.c.
References de_ctx, DETECT_FLOWVAR_POSTMATCH, DETECT_SM_LIST_POSTMATCH, DetectFlowvarData_::idx, DetectFlowvarData_::post_match, SCCalloc, SCSigMatchAppendSMToList(), and unlikely.
◆ DetectFlowvarRegister()
| void DetectFlowvarRegister | ( | void | ) |
Definition at line 54 of file detect-flowvar.c.
References DETECT_FLOWVAR, DetectFlowvarMatch(), SigTableElmt_::Match, SigTableElmt_::name, SigTableElmt_::Setup, and sigmatch_table.
Referenced by SigTableSetup().
◆ DetectVarProcessListInternal()
| void DetectVarProcessListInternal | ( | DetectVarList * | fs, |
| Flow * | f, | ||
| Packet * | p | ||
| ) |
Handle flowvar candidate list in det_ctx: clean up the list.
Only called from DetectVarProcessList() when varlist is not NULL.
Definition at line 345 of file detect-flowvar.c.
References DetectVarList_::buffer, DetectVarList_::key, next, DetectVarList_::next, and SCFree.
◆ DetectVarStoreMatch()
| int DetectVarStoreMatch | ( | DetectEngineThreadCtx * | det_ctx, |
| uint32_t | idx, | ||
| uint8_t * | buffer, | ||
| uint16_t | len, | ||
| uint16_t | type | ||
| ) |
Store flowvar in det_ctx so we can exec it post-match.
Definition at line 222 of file detect-flowvar.c.
References DetectVarList_::buffer, DetectVarList_::idx, len, DetectVarList_::len, DetectVarList_::next, SCCalloc, SCFree, type, DetectVarList_::type, unlikely, and DetectEngineThreadCtx_::varlist.
◆ DetectVarStoreMatchKeyValue()
| int DetectVarStoreMatchKeyValue | ( | DetectEngineThreadCtx * | det_ctx, |
| uint8_t * | key, | ||
| uint16_t | key_len, | ||
| uint8_t * | buffer, | ||
| uint16_t | len, | ||
| uint16_t | type | ||
| ) |
Store flowvar in det_ctx so we can exec it post-match.
Definition at line 203 of file detect-flowvar.c.
References DetectVarList_::buffer, DetectVarList_::key, DetectVarList_::key_len, len, DetectVarList_::len, DetectVarList_::next, SCCalloc, type, DetectVarList_::type, unlikely, and DetectEngineThreadCtx_::varlist.
