suricata
Data Structures | Macros | Typedefs | Functions
detect-pcre.h File Reference

Go to the source code of this file.

Data Structures

struct  DetectPcreData_
 

Macros

#define DETECT_PCRE_RELATIVE   0x00001
 
#define DETECT_PCRE_RAWBYTES   0x00002
 
#define DETECT_PCRE_CASELESS   0x00004
 
#define DETECT_PCRE_MATCH_LIMIT   0x00020
 
#define DETECT_PCRE_RELATIVE_NEXT   0x00040
 
#define DETECT_PCRE_NEGATE   0x00080
 
#define DETECT_PCRE_CAPTURE_MAX   8
 

Typedefs

typedef struct DetectPcreData_ DetectPcreData
 

Functions

int DetectPcrePayloadMatch (DetectEngineThreadCtx *, const Signature *, const SigMatchData *, Packet *, Flow *, const uint8_t *, uint32_t)
 Match a regex on a single payload. More...
 
void DetectPcreRegister (void)
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file detect-pcre.h.

Macro Definition Documentation

#define DETECT_PCRE_CAPTURE_MAX   8

Definition at line 35 of file detect-pcre.h.

Referenced by DetectPcrePayloadMatch().

#define DETECT_PCRE_CASELESS   0x00004

Definition at line 29 of file detect-pcre.h.

Referenced by DetectPcrePayloadMatch().

#define DETECT_PCRE_MATCH_LIMIT   0x00020

Definition at line 31 of file detect-pcre.h.

Referenced by DetectPcrePayloadMatch().

#define DETECT_PCRE_NEGATE   0x00080

Definition at line 33 of file detect-pcre.h.

Referenced by DetectPcrePayloadMatch().

#define DETECT_PCRE_RAWBYTES   0x00002

Definition at line 28 of file detect-pcre.h.

Referenced by DetectPcrePayloadMatch().

#define DETECT_PCRE_RELATIVE   0x00001

Definition at line 27 of file detect-pcre.h.

Referenced by DetectContentPropagateLimits(), and DetectPcrePayloadMatch().

#define DETECT_PCRE_RELATIVE_NEXT   0x00040

Definition at line 32 of file detect-pcre.h.

Referenced by DetectByteExtractDoMatch(), DetectByteExtractRetrieveSMVar(), DetectBytejumpDoMatch(), DetectBytetestDoMatch(), DetectDistanceRegister(), DetectEngineContentInspection(), DetectEngineContentModifierBufferSetup(), DetectIsdataatSetup(), DetectPcrePayloadMatch(), and DetectWithinRegister().

Typedef Documentation

typedef struct DetectPcreData_ DetectPcreData

Function Documentation

int DetectPcrePayloadMatch ( DetectEngineThreadCtx det_ctx,
const Signature s,
const SigMatchData smd,
Packet p,
Flow f,
const uint8_t *  payload,
uint32_t  payload_len 
)

Match a regex on a single payload.

Parameters
det_ctxThread detection ctx.
sSignature.
smSig match to match against.
pPacket to set PktVars if any.
fFlow to set FlowVars if any.
payloadPayload to inspect.
payload_lenLength of the payload.
Return values
1Match.
0No match.

Definition at line 171 of file detect-pcre.c.

References Packet_::alerts, Flow_::alproto, Signature_::alproto, ALPROTO_DCERPC, ALPROTO_HTTP, ALPROTO_UNKNOWN, Flow_::alstate, AppLayerHtpEnableRequestBodyCallback(), AppLayerParserGetTx(), AppLayerParserGetTxCnt(), AppLayerParserParse(), AppLayerParserThreadCtxAlloc(), AppLayerParserThreadCtxFree(), DetectEngineThreadCtx_::buffer_offset, DetectPcreData_::capids, DetectPcreData_::captypes, PacketAlerts_::cnt, SigMatch_::ctx, SigMatchData_::ctx, FlowVar_::data, DE_QUIET, DETECT_CONTENT, DETECT_CONTENT_RELATIVE_NEXT, DETECT_PCRE, DETECT_PCRE_CAPTURE_MAX, DETECT_PCRE_CASELESS, DETECT_PCRE_MATCH_LIMIT, DETECT_PCRE_NEGATE, DETECT_PCRE_RAWBYTES, DETECT_PCRE_RELATIVE, DETECT_PCRE_RELATIVE_NEXT, DETECT_SM_LIST_NOTSET, DETECT_SM_LIST_PMATCH, DETECT_VAR_TYPE_FLOW_POSTMATCH, DETECT_VAR_TYPE_PKT_POSTMATCH, DetectBufferGetActiveList(), DetectBufferTypeGetByName(), DetectEngineAppendSig(), DetectEngineCtxFree(), DetectEngineCtxInit(), DetectEngineThreadCtxDeinit(), DetectEngineThreadCtxInit(), DetectFlowvarPostMatchSetup(), DetectGetLastSMByListPtr(), DetectSignatureSetAppProto(), DetectVarStoreMatch(), DetectVarStoreMatchKeyValue(), FAIL, FAIL_IF, FAIL_IF_NOT, FAIL_IF_NOT_NULL, FAIL_IF_NULL, HtpBody_::first, DetectPcreData_::flags, DetectContentData_::flags, Flow_::flags, Packet_::flags, Signature_::flags, DetectEngineCtx_::flags, Packet_::flow, FLOW_DESTROY, FLOW_INITIALIZE, FLOW_IPV4, FLOW_PKT_ESTABLISHED, FLOW_PKT_TOSERVER, Packet_::flowflags, FLOWLOCK_UNLOCK, FLOWLOCK_WRLOCK, FlowVarGet(), FlowVar_::fv_str, DetectPcreData_::idx, Signature_::init_data, len, SignatureInitData_::list, MAX_SUBSTRINGS, MIN, SignatureInitData_::negated, Signature_::next, offset, PacketAlertCheck(), PASS, payload_len, pcre_free_study, DetectEngineThreadCtx_::pcre_match_start_offset, PKT_HAS_FLOW, PKT_STREAM_EST, SigMatch_::prev, PrintRawDataFp(), Flow_::proto, Flow_::protoctx, DetectPcreData_::re, HtpTxUserData_::request_body, res, DetectEngineCtx_::rule_file, DetectEngineCtx_::rule_line, HtpBody_::sb, HtpBodyChunk_::sbseg, SC_ERR_INVALID_SIGNATURE, SC_ERR_PCRE_COMPILE, SC_ERR_PCRE_GET_SUBSTRING, SC_ERR_PCRE_MATCH, SC_ERR_PCRE_STUDY, SC_ERR_UNKNOWN_REGEX_MOD, SC_ERR_VAR_LIMIT, SC_MATCH_LIMIT_DEFAULT, SC_MATCH_LIMIT_RECURSION_DEFAULT, SCCalloc, SCEnter, SCFree, SCLogDebug, SCLogError, SCLogWarning, SCMalloc, SCReturnInt, SCSigOrderSignatures(), SCSigRegisterSignatureOrderingFuncs(), SCSigSignatureOrderingModuleCleanup(), DetectPcreData_::sd, SIG_FLAG_APPLAYER, DetectEngineCtx_::sig_list, SigAlloc(), SigCleanSignatures(), SigFree(), SigGroupBuild(), SigGroupCleanup(), SigInit(), SigMatchAlloc(), SigMatchAppendSMToList(), SigMatchSignatures(), STREAM_START, STREAM_TOSERVER, StreamingBufferSegmentCompareRawData(), StreamTcpFreeConfig(), StreamTcpInitConfig(), strlcpy(), Packet_::tcph, TRUE, SigMatch_::type, unlikely, UTHAddSessionToFlow(), UTHAddStreamToFlow(), UTHBuildFlow(), UTHBuildPacket(), UTHFreeFlow(), UTHFreePacket(), UTHFreePackets(), UTHPacketMatchSig(), UTHRemoveSessionFromFlow(), UtRegisterTest(), FlowVarTypeStr::value, FlowVarTypeStr::value_len, VAR_TYPE_FLOW_VAR, VAR_TYPE_PKT_VAR, VAR_TYPE_PKT_VAR_KV, VarNameStoreLookupByName(), and VarNameStoreSetupAdd().

Referenced by DetectEngineContentInspection().

Here is the call graph for this function:

Here is the caller graph for this function:

void DetectPcreRegister ( void  )

Definition at line 86 of file detect-pcre.c.

References ConfGetInt(), SigTableElmt_::desc, DETECT_PCRE, DetectParseRegexAddToFreeList(), DetectSetupParseRegexes(), DOC_URL, DOC_VERSION, FatalError, SigTableElmt_::flags, SigTableElmt_::Free, SigTableElmt_::Match, SigTableElmt_::name, PageSupportsRWX, PARSE_CAPTURE_REGEX, PARSE_REGEX, SigTableElmt_::RegisterTests, SC_ERR_PCRE_COMPILE, SC_ERR_PCRE_STUDY, SC_MATCH_LIMIT_DEFAULT, SC_MATCH_LIMIT_RECURSION_DEFAULT, SCLogDebug, SCLogInfo, SigTableElmt_::Setup, SIGMATCH_HANDLE_NEGATION, SIGMATCH_QUOTES_OPTIONAL, sigmatch_table, and SigTableElmt_::url.

Referenced by SigTableSetup().

Here is the call graph for this function:

Here is the caller graph for this function: