suricata
detect-pcre.c File Reference
#include "suricata-common.h"
#include "pcre.h"
#include "debug.h"
#include "decode.h"
#include "detect.h"
#include "pkt-var.h"
#include "flow-var.h"
#include "flow-util.h"
#include "detect-pcre.h"
#include "detect-flowvar.h"
#include "detect-parse.h"
#include "detect-engine.h"
#include "detect-engine-sigorder.h"
#include "detect-engine-mpm.h"
#include "detect-engine-state.h"
#include "util-var-name.h"
#include "util-unittest-helper.h"
#include "util-debug.h"
#include "util-unittest.h"
#include "util-print.h"
#include "util-pool.h"
#include "conf.h"
#include "app-layer.h"
#include "app-layer-htp.h"
#include "stream.h"
#include "stream-tcp.h"
#include "stream-tcp-private.h"
#include "stream-tcp-reassemble.h"
#include "app-layer-protos.h"
#include "app-layer-parser.h"
#include "util-pages.h"
Include dependency graph for detect-pcre.c:

Go to the source code of this file.

Macros

#define PARSE_CAPTURE_REGEX   "\\‍(\\?P\\<([A-z]+)\\_([A-z0-9_]+)\>"
 
#define PARSE_REGEX   "(?<!\\\\‍)/(.*(?<!(?<!\\\\‍)\\\\‍))/([^\"]*)"
 
#define SC_MATCH_LIMIT_DEFAULT   3500
 
#define SC_MATCH_LIMIT_RECURSION_DEFAULT   1500
 

Functions

void DetectPcreRegister (void)
 
int DetectPcrePayloadMatch (DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Packet *p, Flow *f, const uint8_t *payload, uint32_t payload_len)
 Match a regex on a single payload. More...
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Implements the pcre keyword

Definition in file detect-pcre.c.

Macro Definition Documentation

◆ PARSE_CAPTURE_REGEX

#define PARSE_CAPTURE_REGEX   "\\‍(\\?P\\<([A-z]+)\\_([A-z0-9_]+)\>"

Definition at line 66 of file detect-pcre.c.

◆ PARSE_REGEX

#define PARSE_REGEX   "(?<!\\\\‍)/(.*(?<!(?<!\\\\‍)\\\\‍))/([^\"]*)"

Definition at line 67 of file detect-pcre.c.

◆ SC_MATCH_LIMIT_DEFAULT

#define SC_MATCH_LIMIT_DEFAULT   3500

Definition at line 69 of file detect-pcre.c.

◆ SC_MATCH_LIMIT_RECURSION_DEFAULT

#define SC_MATCH_LIMIT_RECURSION_DEFAULT   1500

Definition at line 70 of file detect-pcre.c.

Function Documentation

◆ DetectPcrePayloadMatch()

int DetectPcrePayloadMatch ( DetectEngineThreadCtx det_ctx,
const Signature s,
const SigMatchData smd,
Packet p,
Flow f,
const uint8_t *  payload,
uint32_t  payload_len 
)

Match a regex on a single payload.

Parameters
det_ctxThread detection ctx.
sSignature.
smSig match to match against.
pPacket to set PktVars if any.
fFlow to set FlowVars if any.
payloadPayload to inspect.
payload_lenLength of the payload.
Return values
1Match.
0No match.

Definition at line 184 of file detect-pcre.c.

References DetectEngineThreadCtx_::buffer_offset, SigMatchData_::ctx, DETECT_PCRE_RELATIVE, DetectPcreData_::flags, len, MAX_SUBSTRINGS, payload_len, DetectEngineThreadCtx_::pcre_match_start_offset, and SCEnter.

Referenced by DetectEngineContentInspection().

Here is the caller graph for this function:

◆ DetectPcreRegister()

void DetectPcreRegister ( void  )

Definition at line 113 of file detect-pcre.c.

References SigTableElmt_::desc, DETECT_PCRE, SigTableElmt_::Match, SigTableElmt_::name, SigTableElmt_::Setup, sigmatch_table, and SigTableElmt_::url.

Referenced by SigTableSetup().

Here is the caller graph for this function: