suricata
Macros | Functions
detect-pcre.c File Reference
#include "suricata-common.h"
#include "decode.h"
#include "detect.h"
#include "pkt-var.h"
#include "flow-var.h"
#include "flow-util.h"
#include "detect-pcre.h"
#include "detect-flowvar.h"
#include "detect-parse.h"
#include "detect-content.h"
#include "detect-engine.h"
#include "detect-engine-buffer.h"
#include "detect-engine-sigorder.h"
#include "detect-engine-mpm.h"
#include "detect-engine-state.h"
#include "detect-engine-build.h"
#include "util-var-name.h"
#include "util-unittest-helper.h"
#include "util-debug.h"
#include "util-unittest.h"
#include "util-print.h"
#include "util-pool.h"
#include "conf.h"
#include "app-layer.h"
#include "app-layer-htp.h"
#include "stream.h"
#include "stream-tcp.h"
#include "stream-tcp-private.h"
#include "stream-tcp-reassemble.h"
#include "app-layer-protos.h"
#include "app-layer-parser.h"
#include "util-pages.h"
#include "detect-engine-alert.h"
Include dependency graph for detect-pcre.c:

Go to the source code of this file.

Macros

#define PARSE_CAPTURE_REGEX   "\\‍(\\?P\\<([A-z]+)\\_([A-z0-9_]+)\>"
 
#define PARSE_REGEX   "(?<!\\\\‍)/(.*(?<!(?<!\\\\‍)\\\\‍))/([^\"]*)"
 

Functions

void DetectPcreRegister (void)
 
int DetectPcrePayloadMatch (DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Packet *p, Flow *f, const uint8_t *payload, uint32_t payload_len)
 Match a regex on a single payload. More...
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Implements the pcre keyword

Definition in file detect-pcre.c.

Macro Definition Documentation

◆ PARSE_CAPTURE_REGEX

#define PARSE_CAPTURE_REGEX   "\\‍(\\?P\\<([A-z]+)\\_([A-z0-9_]+)\>"

Definition at line 67 of file detect-pcre.c.

◆ PARSE_REGEX

#define PARSE_REGEX   "(?<!\\\\‍)/(.*(?<!(?<!\\\\‍)\\\\‍))/([^\"]*)"

Definition at line 68 of file detect-pcre.c.

Function Documentation

◆ DetectPcrePayloadMatch()

int DetectPcrePayloadMatch ( DetectEngineThreadCtx det_ctx,
const Signature s,
const SigMatchData smd,
Packet p,
Flow f,
const uint8_t *  payload,
uint32_t  payload_len 
)

Match a regex on a single payload.

Parameters
det_ctxThread detection ctx.
sSignature.
smSig match to match against.
pPacket to set PktVars if any.
fFlow to set FlowVars if any.
payloadPayload to inspect.
payload_lenLength of the payload.
Return values
1Match.
0No match.

Definition at line 222 of file detect-pcre.c.

References DetectEngineThreadCtx_::buffer_offset, SigMatchData_::ctx, DETECT_PCRE_RELATIVE, DetectThreadCtxGetKeywordThreadCtx(), DetectPcreData_::flags, len, payload_len, DetectEngineThreadCtx_::pcre_match_start_offset, SCEnter, and DetectPcreData_::thread_ctx_id.

Here is the call graph for this function:

◆ DetectPcreRegister()

void DetectPcreRegister ( void  )

Definition at line 97 of file detect-pcre.c.

References SigTableElmt_::desc, DETECT_PCRE, SigTableElmt_::Match, SigTableElmt_::name, SigTableElmt_::Setup, sigmatch_table, and SigTableElmt_::url.

Referenced by SigTableSetup().

Here is the caller graph for this function: