suricata
detect-parse.h
Go to the documentation of this file.
1 /* Copyright (C) 2007-2010 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #ifndef __DETECT_PARSE_H__
25 #define __DETECT_PARSE_H__
26 
27 /** Flags to indicate if the Signature parsing must be done
28 * switching the source and dest (for ip addresses and ports)
29 * or otherwise as normal */
30 enum {
33 };
34 
35 /** Flags to indicate if are referencing the source of the Signature
36 * or the destination (for ip addresses and ports)*/
37 enum {
40 };
41 
42 /* prototypes */
43 int SigParse(DetectEngineCtx *, Signature *, const char *, uint8_t);
44 Signature *SigAlloc(void);
45 void SigFree(Signature *s);
46 Signature *SigInit(DetectEngineCtx *, const char *sigstr);
47 Signature *SigInitReal(DetectEngineCtx *, const char *);
49 void SigParseRegisterTests(void);
51 
54 int SigMatchListSMBelongsTo(const Signature *, const SigMatch *);
55 
58 
60  Signature *s, const char *arg, int sm_type, int sm_list,
61  AppProto alproto);
62 
63 const char *DetectListToHumanString(int list);
64 const char *DetectListToString(int list);
65 
69 SigMatch *DetectGetLastSMByListPtr(const Signature *s, SigMatch *sm_list, ...);
70 SigMatch *DetectGetLastSMByListId(const Signature *s, int list_id, ...);
71 
72 int DetectSignatureAddTransform(Signature *s, int transform);
74 
75 /* parse regex setup and free util funcs */
76 
77 void DetectSetupParseRegexes(const char *parse_str,
78  pcre **parse_regex,
79  pcre_extra **parse_regex_study);
80 void DetectParseRegexAddToFreeList(pcre *regex, pcre_extra *study);
81 void DetectParseFreeRegexes(void);
82 
83 #ifdef AFLFUZZ_RULES
84 int RuleParseDataFromFile(char *filename);
85 #endif
86 
87 #endif /* __DETECT_PARSE_H__ */
88 
void DetectParseFreeRegexes(void)
SigMatch * DetectGetLastSMByListId(const Signature *s, int list_id,...)
Returns the sm with the largest index (added last) from the list passed to us as an id...
Definition: detect-parse.c:473
const char * DetectListToHumanString(int list)
Definition: detect-parse.c:111
void SigParseRegisterTests(void)
pcre_extra * study
Signature * SigInit(DetectEngineCtx *, const char *sigstr)
Parses a signature and adds it to the Detection Engine Context.
Data needed for Match()
Definition: detect.h:333
void DetectParseDupSigHashFree(DetectEngineCtx *)
Frees the hash table that is used to cull duplicate sigs.
void DetectParseRegexAddToFreeList(pcre *regex, pcre_extra *study)
add regex and/or study to at exit free list
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
SigMatch * DetectGetLastSMFromLists(const Signature *s,...)
Returns the sm with the largest index (added latest) from the lists passed to us. ...
Definition: detect-parse.c:401
uint16_t AppProto
void SigMatchRemoveSMFromList(Signature *, SigMatch *, int)
Definition: detect-parse.c:320
Flow * head
Definition: flow-hash.h:102
Signature container.
Definition: detect.h:492
main detection engine ctx
Definition: detect.h:720
SigMatch * DetectGetLastSM(const Signature *)
Returns the sm with the largest index (added latest) from this sig.
Definition: detect-parse.c:505
int DetectSignatureAddTransform(Signature *s, int transform)
SigMatch * DetectGetLastSMFromMpmLists(const DetectEngineCtx *de_ctx, const Signature *s)
get the last SigMatch from lists that support MPM.
Definition: detect-parse.c:362
Signature * SigAlloc(void)
int SigParse(DetectEngineCtx *, Signature *, const char *, uint8_t)
parse a signature
int SigMatchListSMBelongsTo(const Signature *, const SigMatch *)
Definition: detect-parse.c:555
int DetectParseDupSigHashInit(DetectEngineCtx *)
Initializes the hash table that is used to cull duplicate sigs.
void SigMatchAppendSMToList(Signature *, SigMatch *, int)
Append a SigMatch to the list type.
Definition: detect-parse.c:282
int DetectEngineContentModifierBufferSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg, int sm_type, int sm_list, AppProto alproto)
Definition: detect-parse.c:143
const char * DetectListToString(int list)
Definition: detect-parse.c:128
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
SigMatch * DetectGetLastSMByListPtr(const Signature *s, SigMatch *sm_list,...)
Returns the sm with the largest index (added last) from the list passed to us as a pointer...
Definition: detect-parse.c:441
Signature * SigInitReal(DetectEngineCtx *, const char *)
SigMatchData * SigMatchList2DataArray(SigMatch *head)
convert SigMatch list to SigMatchData array
void DetectSetupParseRegexes(const char *parse_str, pcre **parse_regex, pcre_extra **parse_regex_study)
void SigFree(Signature *s)
a single match condition for a signature
Definition: detect.h:324