Go to the documentation of this file.
40 static int g_krb5_sname_buffer_id = 0;
72 const uint8_t *b = NULL;
74 if (rs_krb5_tx_get_sname(cbdata->
txv, cbdata->
local_id, &b, &b_len) != 1) {
78 if (b == NULL || b_len == 0) {
90 void *alstate,
void *txv, uint64_t tx_id)
92 uint32_t local_id = 0;
102 GetKrb5SNameData(det_ctx, transforms, f, &cbdata, engine->
sm_list);
104 if (buffer == NULL || buffer->
inspect == NULL)
147 const int list_id = ctx->
list_id;
149 uint32_t local_id = 0;
170 static void PrefilterMpmKrb5NameFree(
void *ptr)
186 mpm_reg->
app_v2.alproto, mpm_reg->
app_v2.tx_min_progress,
187 pectx, PrefilterMpmKrb5NameFree, mpm_reg->
name);
200 PrefilterMpmKrb5SNameRegister, NULL,
205 DetectEngineInspectKrb5SName, NULL);
208 "Kerberos 5 ticket server name");
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
void DetectAppLayerMpmRegister2(const char *name, int direction, int priority, PrefilterRegisterFunc PrefilterRegister, InspectionBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress)
register a MPM engine
#define SIGMATCH_INFO_STICKY_BUFFER
Container for matching data for a signature group.
int DetectBufferSetActiveList(DetectEngineCtx *de_ctx, Signature *s, const int list)
main detection engine ctx
void DetectBufferTypeSupportsMultiInstance(const char *name)
one time registration of keywords at start up
#define SIG_FLAG_TOCLIENT
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
DetectEngineTransforms transforms
int DetectBufferTypeGetByName(const char *name)
void InspectionBufferSetupMultiEmpty(InspectionBuffer *buffer)
setup the buffer empty
#define DETECT_ENGINE_INSPECT_SIG_MATCH
void DetectAppLayerInspectEngineRegister2(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr2 Callback2, InspectionBufferGetDataPtr GetData)
register inspect engine at start up time
#define SCReturnPtr(x, type)
Data structures and function prototypes for keeping state for the detection engine.
uint32_t(* Search)(const struct MpmCtx_ *, struct MpmThreadCtx_ *, PrefilterRuleStore *, const uint8_t *, uint32_t)
uint16_t discontinue_matching
const DetectEngineTransforms * transforms
uint8_t DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Packet *p, Flow *f, const uint8_t *buffer, uint32_t buffer_len, uint32_t stream_start_offset, uint8_t flags, uint8_t inspection_mode)
Run the actual payload match functions.
struct AppLayerTxData AppLayerTxData
#define PREFILTER_PROFILING_ADD_BYTES(det_ctx, bytes)
#define DETECT_CI_FLAGS_SINGLE
struct DetectBufferMpmRegistry_::@86::@88 app_v2
void DetectKrb5SNameRegister(void)
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
int inspection_recursion_counter
void InspectionBufferSetupMulti(InspectionBuffer *buffer, const DetectEngineTransforms *transforms, const uint8_t *data, const uint32_t data_len)
setup the buffer with our initial data
int PrefilterAppendTxEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh, PrefilterTxFn PrefilterTxFunc, AppProto alproto, int tx_min_progress, void *pectx, void(*FreeFunc)(void *pectx), const char *name)
#define DETECT_ENGINE_INSPECT_SIG_NO_MATCH
struct DetectEngineAppInspectionEngine_::@83 v2
const DetectEngineTransforms * transforms
MpmTableElmt mpm_table[MPM_TABLE_SIZE]
InspectionBuffer * InspectionBufferMultipleForListGet(DetectEngineThreadCtx *det_ctx, const int list_id, const uint32_t local_id)
for a InspectionBufferMultipleForList get a InspectionBuffer
struct PrefilterMpmKrb5Name PrefilterMpmKrb5Name
@ DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE
void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc)