suricata
Data Structures | Macros | Typedefs | Functions
detect-pcre.h File Reference
#include "detect-parse.h"
Include dependency graph for detect-pcre.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  DetectPcreData_
 

Macros

#define DETECT_PCRE_RELATIVE   0x00001
 
#define DETECT_PCRE_RAWBYTES   0x00002
 
#define DETECT_PCRE_CASELESS   0x00004
 
#define DETECT_PCRE_RELATIVE_NEXT   0x00040
 
#define DETECT_PCRE_NEGATE   0x00080
 
#define DETECT_PCRE_CAPTURE_MAX   8
 
#define SC_MATCH_LIMIT_DEFAULT   3500
 
#define SC_MATCH_LIMIT_RECURSION_DEFAULT   1500
 

Typedefs

typedef struct DetectPcreData_ DetectPcreData
 

Functions

int DetectPcrePayloadMatch (DetectEngineThreadCtx *, const Signature *, const SigMatchData *, Packet *, Flow *, const uint8_t *, uint32_t)
 Match a regex on a single payload. More...
 
void DetectPcreRegister (void)
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file detect-pcre.h.

Macro Definition Documentation

◆ DETECT_PCRE_CAPTURE_MAX

#define DETECT_PCRE_CAPTURE_MAX   8

Definition at line 38 of file detect-pcre.h.

◆ DETECT_PCRE_CASELESS

#define DETECT_PCRE_CASELESS   0x00004

Definition at line 33 of file detect-pcre.h.

◆ DETECT_PCRE_NEGATE

#define DETECT_PCRE_NEGATE   0x00080

Definition at line 36 of file detect-pcre.h.

◆ DETECT_PCRE_RAWBYTES

#define DETECT_PCRE_RAWBYTES   0x00002

Definition at line 32 of file detect-pcre.h.

◆ DETECT_PCRE_RELATIVE

#define DETECT_PCRE_RELATIVE   0x00001

Definition at line 30 of file detect-pcre.h.

◆ DETECT_PCRE_RELATIVE_NEXT

#define DETECT_PCRE_RELATIVE_NEXT   0x00040

Definition at line 35 of file detect-pcre.h.

◆ SC_MATCH_LIMIT_DEFAULT

#define SC_MATCH_LIMIT_DEFAULT   3500

Definition at line 40 of file detect-pcre.h.

◆ SC_MATCH_LIMIT_RECURSION_DEFAULT

#define SC_MATCH_LIMIT_RECURSION_DEFAULT   1500

Definition at line 41 of file detect-pcre.h.

Typedef Documentation

◆ DetectPcreData

typedef struct DetectPcreData_ DetectPcreData

Function Documentation

◆ DetectPcrePayloadMatch()

int DetectPcrePayloadMatch ( DetectEngineThreadCtx det_ctx,
const Signature s,
const SigMatchData smd,
Packet p,
Flow f,
const uint8_t *  payload,
uint32_t  payload_len 
)

Match a regex on a single payload.

Parameters
det_ctxThread detection ctx.
sSignature.
smSig match to match against.
pPacket to set PktVars if any.
fFlow to set FlowVars if any.
payloadPayload to inspect.
payload_lenLength of the payload.
Return values
1Match.
0No match.

Definition at line 173 of file detect-pcre.c.

References DetectEngineThreadCtx_::buffer_offset, SigMatchData_::ctx, DETECT_PCRE_RELATIVE, DetectThreadCtxGetKeywordThreadCtx(), DetectPcreData_::flags, len, payload_len, DetectEngineThreadCtx_::pcre_match_start_offset, SCEnter, and DetectPcreData_::thread_ctx_id.

Here is the call graph for this function:

◆ DetectPcreRegister()

void DetectPcreRegister ( void  )

Definition at line 96 of file detect-pcre.c.

References SigTableElmt_::desc, DETECT_PCRE, SigTableElmt_::Match, SigTableElmt_::name, SigTableElmt_::Setup, sigmatch_table, and SigTableElmt_::url.

Referenced by SigTableSetup().

Here is the caller graph for this function: