Go to the documentation of this file.
56 const char *
str = offsetstr;
64 "preceding content option.");
81 "keyword like within/distance with a absolute "
82 "relative keyword like depth/offset for the same "
88 "negated keyword set along with 'fast_pattern'.");
93 "keyword set along with 'fast_pattern:only;'.");
96 if (
str[0] !=
'-' && isalpha((
unsigned char)
str[0])) {
100 "seen in offset - %s.",
str);
111 if (cd->
depth != 0) {
113 SCLogDebug(
"depth increased to %"PRIu32
" to match pattern len",
@ SC_ERR_OFFSET_MISSING_CONTENT
main detection engine ctx
int StringParseUint16(uint16_t *res, int base, size_t len, const char *str)
@ SC_ERR_INVALID_SIGNATURE
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
uint8_t DetectByteIndexType
#define DETECT_CONTENT_DISTANCE
#define DETECT_CONTENT_NEGATED
void DetectOffsetRegister(void)
#define DETECT_CONTENT_STARTS_WITH
bool DetectByteRetrieveSMVar(const char *arg, const Signature *s, DetectByteIndexType *index)
Used to retrieve args from BM.
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
#define DETECT_CONTENT_OFFSET
#define DETECT_CONTENT_FAST_PATTERN_ONLY
a single match condition for a signature
SigMatch * DetectGetLastSMFromLists(const Signature *s,...)
Returns the sm with the largest index (added latest) from the lists passed to us.
#define DETECT_CONTENT_FAST_PATTERN
#define DETECT_CONTENT_WITHIN
#define DETECT_CONTENT_OFFSET_VAR