Go to the documentation of this file.
40 static int g_krb5_cname_buffer_id = 0;
72 const uint8_t *b = NULL;
74 if (rs_krb5_tx_get_cname(cbdata->
txv, cbdata->
local_id, &b, &b_len) != 1) {
78 if (b == NULL || b_len == 0) {
90 void *alstate,
void *txv, uint64_t tx_id)
92 uint32_t local_id = 0;
102 GetKrb5CNameData(det_ctx, transforms, f, &cbdata, engine->
sm_list);
104 if (buffer == NULL || buffer->
inspect == NULL)
147 const int list_id = ctx->
list_id;
149 uint32_t local_id = 0;
170 static void PrefilterMpmKrb5NameFree(
void *ptr)
187 mpm_reg->
app_v2.alproto, mpm_reg->
app_v2.tx_min_progress,
188 pectx, PrefilterMpmKrb5NameFree, mpm_reg->
name);
201 PrefilterMpmKrb5CNameRegister, NULL,
206 DetectEngineInspectKrb5CName, NULL);
209 "Kerberos 5 ticket client name");
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
#define SIGMATCH_INFO_STICKY_BUFFER
@ DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE
Container for matching data for a signature group.
DetectEngineTransforms transforms
struct DetectBufferMpmRegistery_::@87::@89 app_v2
main detection engine ctx
one time registration of keywords at start up
#define SIG_FLAG_TOCLIENT
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
struct DetectEngineAppInspectionEngine_::@84 v2
int DetectBufferTypeGetByName(const char *name)
void InspectionBufferSetupMultiEmpty(InspectionBuffer *buffer)
setup the buffer empty
#define DETECT_ENGINE_INSPECT_SIG_MATCH
void DetectAppLayerInspectEngineRegister2(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr2 Callback2, InspectionBufferGetDataPtr GetData)
register inspect engine at start up time
#define SCReturnPtr(x, type)
Data structures and function prototypes for keeping state for the detection engine.
uint32_t(* Search)(const struct MpmCtx_ *, struct MpmThreadCtx_ *, PrefilterRuleStore *, const uint8_t *, uint32_t)
uint16_t discontinue_matching
const DetectEngineTransforms * transforms
uint8_t DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Packet *p, Flow *f, const uint8_t *buffer, uint32_t buffer_len, uint32_t stream_start_offset, uint8_t flags, uint8_t inspection_mode)
Run the actual payload match functions.
void DetectAppLayerMpmRegister2(const char *name, int direction, int priority, int(*PrefilterRegister)(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistery *mpm_reg, int list_id), InspectionBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress)
register a MPM engine
struct AppLayerTxData AppLayerTxData
#define PREFILTER_PROFILING_ADD_BYTES(det_ctx, bytes)
#define DETECT_CI_FLAGS_SINGLE
void DetectKrb5CNameRegister(void)
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
int inspection_recursion_counter
void InspectionBufferSetupMulti(InspectionBuffer *buffer, const DetectEngineTransforms *transforms, const uint8_t *data, const uint32_t data_len)
setup the buffer with our initial data
int PrefilterAppendTxEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh, PrefilterTxFn PrefilterTxFunc, AppProto alproto, int tx_min_progress, void *pectx, void(*FreeFunc)(void *pectx), const char *name)
#define DETECT_ENGINE_INSPECT_SIG_NO_MATCH
const DetectEngineTransforms * transforms
struct PrefilterMpmKrb5Name PrefilterMpmKrb5Name
MpmTableElmt mpm_table[MPM_TABLE_SIZE]
InspectionBuffer * InspectionBufferMultipleForListGet(DetectEngineThreadCtx *det_ctx, const int list_id, const uint32_t local_id)
for a InspectionBufferMultipleForList get a InspectionBuffer
int DetectBufferSetActiveList(Signature *s, const int list)
void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc)