suricata
Data Structures | Typedefs | Functions
detect-flowvar.h File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  DetectFlowvarData_
 

Typedefs

typedef struct DetectFlowvarData_ DetectFlowvarData
 

Functions

void DetectFlowvarRegister (void)
 
int DetectFlowvarPostMatchSetup (DetectEngineCtx *de_ctx, Signature *s, uint32_t idx)
 Setup a post-match for flowvar storage We're piggyback riding the DetectFlowvarData struct. More...
 
int DetectVarStoreMatch (DetectEngineThreadCtx *, uint32_t, uint8_t *, uint16_t, int)
 Store flowvar in det_ctx so we can exec it post-match. More...
 
int DetectVarStoreMatchKeyValue (DetectEngineThreadCtx *, uint8_t *, uint16_t, uint8_t *, uint16_t, int)
 Store flowvar in det_ctx so we can exec it post-match. More...
 
void DetectVarProcessListInternal (DetectVarList *fs, Flow *f, Packet *p)
 Handle flowvar candidate list in det_ctx: clean up the list. More...
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file detect-flowvar.h.

Typedef Documentation

◆ DetectFlowvarData

typedef struct DetectFlowvarData_ DetectFlowvarData

Function Documentation

◆ DetectFlowvarPostMatchSetup()

int DetectFlowvarPostMatchSetup ( DetectEngineCtx de_ctx,
Signature s,
uint32_t  idx 
)

Setup a post-match for flowvar storage We're piggyback riding the DetectFlowvarData struct.

Definition at line 259 of file detect-flowvar.c.

References de_ctx, DETECT_FLOWVAR_POSTMATCH, DETECT_SM_LIST_POSTMATCH, DetectFlowvarData_::idx, DetectFlowvarData_::post_match, SCCalloc, SigMatchAppendSMToList(), and unlikely.

Here is the call graph for this function:

◆ DetectFlowvarRegister()

void DetectFlowvarRegister ( void  )

Definition at line 54 of file detect-flowvar.c.

References DETECT_FLOWVAR, DetectFlowvarMatch(), SigTableElmt_::Match, SigTableElmt_::name, SigTableElmt_::Setup, and sigmatch_table.

Referenced by SigTableSetup().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DetectVarProcessListInternal()

void DetectVarProcessListInternal ( DetectVarList fs,
Flow f,
Packet p 
)

Handle flowvar candidate list in det_ctx: clean up the list.

Only called from DetectVarProcessList() when varlist is not NULL.

Definition at line 347 of file detect-flowvar.c.

References DetectVarList_::buffer, DetectVarList_::key, next, DetectVarList_::next, and SCFree.

◆ DetectVarStoreMatch()

int DetectVarStoreMatch ( DetectEngineThreadCtx ,
uint32_t  ,
uint8_t *  ,
uint16_t  ,
int   
)

Store flowvar in det_ctx so we can exec it post-match.

Definition at line 223 of file detect-flowvar.c.

References DetectVarList_::buffer, DetectVarList_::idx, len, DetectVarList_::len, DetectVarList_::next, SCCalloc, SCFree, type, DetectVarList_::type, unlikely, and DetectEngineThreadCtx_::varlist.

◆ DetectVarStoreMatchKeyValue()

int DetectVarStoreMatchKeyValue ( DetectEngineThreadCtx ,
uint8_t *  ,
uint16_t  ,
uint8_t *  ,
uint16_t  ,
int   
)

Store flowvar in det_ctx so we can exec it post-match.

Definition at line 203 of file detect-flowvar.c.

References DetectVarList_::buffer, DetectVarList_::key, DetectVarList_::key_len, len, DetectVarList_::len, DetectVarList_::next, SCCalloc, type, DetectVarList_::type, unlikely, and DetectEngineThreadCtx_::varlist.