#include "suricata-common.h"#include "decode.h"#include "detect.h"#include "pkt-var.h"#include "flow-var.h"#include "flow-util.h"#include "detect-pcre.h"#include "detect-flowvar.h"#include "detect-parse.h"#include "detect-content.h"#include "detect-engine.h"#include "detect-engine-sigorder.h"#include "detect-engine-mpm.h"#include "detect-engine-state.h"#include "detect-engine-build.h"#include "util-var-name.h"#include "util-unittest-helper.h"#include "util-debug.h"#include "util-unittest.h"#include "util-print.h"#include "util-pool.h"#include "conf.h"#include "app-layer.h"#include "app-layer-htp.h"#include "stream.h"#include "stream-tcp.h"#include "stream-tcp-private.h"#include "stream-tcp-reassemble.h"#include "app-layer-protos.h"#include "app-layer-parser.h"#include "util-pages.h"#include "detect-engine-alert.h"
Go to the source code of this file.
Macros | |
| #define | PARSE_CAPTURE_REGEX "\\(\\?P\\<([A-z]+)\\_([A-z0-9_]+)\>" |
| #define | PARSE_REGEX "(?<!\\\\)/(.*(?<!(?<!\\\\)\\\\))/([^\"]*)" |
Functions | |
| void | DetectPcreRegister (void) |
| int | DetectPcrePayloadMatch (DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Packet *p, Flow *f, const uint8_t *payload, uint32_t payload_len) |
| Match a regex on a single payload. More... | |
Detailed Description
Implements the pcre keyword
Definition in file detect-pcre.c.
Macro Definition Documentation
◆ PARSE_CAPTURE_REGEX
| #define PARSE_CAPTURE_REGEX "\\(\\?P\\<([A-z]+)\\_([A-z0-9_]+)\>" |
Definition at line 66 of file detect-pcre.c.
◆ PARSE_REGEX
| #define PARSE_REGEX "(?<!\\\\)/(.*(?<!(?<!\\\\)\\\\))/([^\"]*)" |
Definition at line 67 of file detect-pcre.c.
Function Documentation
◆ DetectPcrePayloadMatch()
| int DetectPcrePayloadMatch | ( | DetectEngineThreadCtx * | det_ctx, |
| const Signature * | s, | ||
| const SigMatchData * | smd, | ||
| Packet * | p, | ||
| Flow * | f, | ||
| const uint8_t * | payload, | ||
| uint32_t | payload_len | ||
| ) |
Match a regex on a single payload.
- Parameters
-
det_ctx Thread detection ctx. s Signature. sm Sig match to match against. p Packet to set PktVars if any. f Flow to set FlowVars if any. payload Payload to inspect. payload_len Length of the payload.
- Return values
-
1 Match. 0 No match.
Definition at line 173 of file detect-pcre.c.
References DetectEngineThreadCtx_::buffer_offset, SigMatchData_::ctx, DETECT_PCRE_RELATIVE, DetectThreadCtxGetKeywordThreadCtx(), DetectPcreData_::flags, len, payload_len, DetectEngineThreadCtx_::pcre_match_start_offset, SCEnter, and DetectPcreData_::thread_ctx_id.
◆ DetectPcreRegister()
| void DetectPcreRegister | ( | void | ) |
Definition at line 96 of file detect-pcre.c.
References SigTableElmt_::desc, DETECT_PCRE, SigTableElmt_::Match, SigTableElmt_::name, SigTableElmt_::Setup, sigmatch_table, and SigTableElmt_::url.
Referenced by SigTableSetup().
