suricata
Data Structures | Macros | Typedefs | Functions
detect-itype.c File Reference
#include "suricata-common.h"
#include "debug.h"
#include "decode.h"
#include "detect.h"
#include "detect-parse.h"
#include "detect-engine-prefilter-common.h"
#include "detect-itype.h"
#include "util-byte.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "util-debug.h"
#include "detect-engine.h"
#include "detect-engine-mpm.h"
Include dependency graph for detect-itype.c:

Go to the source code of this file.

Data Structures

struct  DetectITypeData_
 

Macros

#define PARSE_REGEX   "^\\s*(<|>)?\\s*([0-9]+)\\s*(?:<>\\s*([0-9]+))?\\s*$"
 Regex for parsing our itype options. More...
 
#define DETECT_ITYPE_EQ   PREFILTER_U8HASH_MODE_EQ
 
#define DETECT_ITYPE_LT   PREFILTER_U8HASH_MODE_LT
 
#define DETECT_ITYPE_GT   PREFILTER_U8HASH_MODE_GT
 
#define DETECT_ITYPE_RN   PREFILTER_U8HASH_MODE_RA
 
#define MAX_SUBSTRINGS   30
 

Typedefs

typedef struct DetectITypeData_ DetectITypeData
 

Functions

void DetectITypeRegisterTests (void)
 this function registers unit tests for DetectIType More...
 
void DetectITypeFree (void *ptr)
 this function will free memory associated with DetectITypeData More...
 
void DetectITypeRegister (void)
 Registration function for itype: keyword. More...
 

Detailed Description

Author
Gerardo Iglesias igles.nosp@m.iasg.nosp@m.@gmai.nosp@m.l.co.nosp@m.m

Implements itype keyword support

Definition in file detect-itype.c.

Macro Definition Documentation

#define DETECT_ITYPE_EQ   PREFILTER_U8HASH_MODE_EQ

"equal" operator

Definition at line 77 of file detect-itype.c.

Referenced by DetectITypeFree().

#define DETECT_ITYPE_GT   PREFILTER_U8HASH_MODE_GT

"greater than" operator

Definition at line 79 of file detect-itype.c.

Referenced by DetectITypeFree().

#define DETECT_ITYPE_LT   PREFILTER_U8HASH_MODE_LT

"less than" operator

Definition at line 78 of file detect-itype.c.

Referenced by DetectITypeFree().

#define DETECT_ITYPE_RN   PREFILTER_U8HASH_MODE_RA

"range" operator

Definition at line 80 of file detect-itype.c.

Referenced by DetectITypeFree().

#define MAX_SUBSTRINGS   30
#define PARSE_REGEX   "^\\s*(<|>)?\\s*([0-9]+)\\s*(?:<>\\s*([0-9]+))?\\s*$"

Regex for parsing our itype options.

Definition at line 44 of file detect-itype.c.

Referenced by DetectITypeRegister().

Typedef Documentation

typedef struct DetectITypeData_ DetectITypeData

Function Documentation

void DetectITypeFree ( void *  ptr)

this function will free memory associated with DetectITypeData

Parameters
ptrpointer to DetectITypeData

Definition at line 282 of file detect-itype.c.

References PrefilterPacketU8HashCtx_::array, SigsArray_::cnt, DE_QUIET, DETECT_ITYPE, DETECT_ITYPE_EQ, DETECT_ITYPE_GT, DETECT_ITYPE_LT, DETECT_ITYPE_RN, DETECT_SM_LIST_MATCH, DetectEngineCtxFree(), DetectEngineCtxInit(), DetectEngineThreadCtxDeinit(), DetectEngineThreadCtxInit(), FALSE, DetectEngineCtx_::flags, ICMPV4_GET_TYPE, Packet_::icmpv4h, ICMPV6_GET_TYPE, Signature_::init_data, DetectITypeData_::mode, SigMatch_::next, Signature_::next, PacketAlertCheck(), PKT_IS_ICMPV4, PKT_IS_ICMPV6, PKT_IS_PSEUDOPKT, DetectEngineThreadCtx_::pmq, PrefilterSetupPacketHeaderU8Hash(), SCFree, SCLogDebug, SCReturn, DetectEngineCtx_::sig_list, SigCleanSignatures(), SigGroupBuild(), SigGroupCleanup(), SigInit(), SigMatchSignatures(), SigsArray_::sigs, SignatureInitData_::smlists, TRUE, SigMatch_::type, DetectITypeData_::type1, DetectITypeData_::type2, PrefilterPacketHeaderValue::u8, UTHBuildPacket(), and UTHFreePackets().

Referenced by DetectITypeRegister().

Here is the call graph for this function:

Here is the caller graph for this function:

void DetectITypeRegister ( void  )

Registration function for itype: keyword.

Definition at line 61 of file detect-itype.c.

References SigTableElmt_::desc, DETECT_ITYPE, DetectITypeFree(), DetectITypeRegisterTests(), DetectSetupParseRegexes(), DOC_URL, DOC_VERSION, SigTableElmt_::Free, SigTableElmt_::Match, SigTableElmt_::name, PARSE_REGEX, SigTableElmt_::RegisterTests, SigTableElmt_::Setup, SigTableElmt_::SetupPrefilter, sigmatch_table, SigTableElmt_::SupportsPrefilter, and SigTableElmt_::url.

Referenced by SigTableSetup().

Here is the call graph for this function:

Here is the caller graph for this function:

void DetectITypeRegisterTests ( void  )

this function registers unit tests for DetectIType

Definition at line 587 of file detect-itype.c.

References UtRegisterTest().

Referenced by DetectITypeRegister().

Here is the call graph for this function:

Here is the caller graph for this function: