suricata
|
Go to the source code of this file.
Data Structures | |
struct | DetectPcreData_ |
Macros | |
#define | DETECT_PCRE_RELATIVE 0x00001 |
#define | DETECT_PCRE_RAWBYTES 0x00002 |
#define | DETECT_PCRE_CASELESS 0x00004 |
#define | DETECT_PCRE_MATCH_LIMIT 0x00020 |
#define | DETECT_PCRE_RELATIVE_NEXT 0x00040 |
#define | DETECT_PCRE_NEGATE 0x00080 |
#define | DETECT_PCRE_CAPTURE_MAX 8 |
Typedefs | |
typedef struct DetectPcreData_ | DetectPcreData |
Functions | |
int | DetectPcrePayloadMatch (DetectEngineThreadCtx *, const Signature *, const SigMatchData *, Packet *, Flow *, const uint8_t *, uint32_t) |
Match a regex on a single payload. More... | |
void | DetectPcreRegister (void) |
Definition in file detect-pcre.h.
#define DETECT_PCRE_CAPTURE_MAX 8 |
Definition at line 35 of file detect-pcre.h.
Referenced by DetectPcrePayloadMatch().
#define DETECT_PCRE_CASELESS 0x00004 |
Definition at line 29 of file detect-pcre.h.
Referenced by DetectPcrePayloadMatch().
#define DETECT_PCRE_MATCH_LIMIT 0x00020 |
Definition at line 31 of file detect-pcre.h.
Referenced by DetectPcrePayloadMatch().
#define DETECT_PCRE_NEGATE 0x00080 |
Definition at line 33 of file detect-pcre.h.
Referenced by DetectPcrePayloadMatch().
#define DETECT_PCRE_RAWBYTES 0x00002 |
Definition at line 28 of file detect-pcre.h.
Referenced by DetectPcrePayloadMatch().
#define DETECT_PCRE_RELATIVE 0x00001 |
Definition at line 27 of file detect-pcre.h.
Referenced by DetectContentPropagateLimits(), and DetectPcrePayloadMatch().
#define DETECT_PCRE_RELATIVE_NEXT 0x00040 |
Definition at line 32 of file detect-pcre.h.
Referenced by DetectByteExtractDoMatch(), DetectByteExtractRetrieveSMVar(), DetectBytejumpDoMatch(), DetectBytetestDoMatch(), DetectDistanceRegister(), DetectEngineContentInspection(), DetectEngineContentModifierBufferSetup(), DetectIsdataatSetup(), DetectPcrePayloadMatch(), and DetectWithinRegister().
typedef struct DetectPcreData_ DetectPcreData |
int DetectPcrePayloadMatch | ( | DetectEngineThreadCtx * | det_ctx, |
const Signature * | s, | ||
const SigMatchData * | smd, | ||
Packet * | p, | ||
Flow * | f, | ||
const uint8_t * | payload, | ||
uint32_t | payload_len | ||
) |
Match a regex on a single payload.
det_ctx | Thread detection ctx. |
s | Signature. |
sm | Sig match to match against. |
p | Packet to set PktVars if any. |
f | Flow to set FlowVars if any. |
payload | Payload to inspect. |
payload_len | Length of the payload. |
1 | Match. |
0 | No match. |
Definition at line 171 of file detect-pcre.c.
References Packet_::alerts, Flow_::alproto, Signature_::alproto, ALPROTO_DCERPC, ALPROTO_HTTP, ALPROTO_UNKNOWN, Flow_::alstate, AppLayerHtpEnableRequestBodyCallback(), AppLayerParserGetTx(), AppLayerParserGetTxCnt(), AppLayerParserParse(), AppLayerParserThreadCtxAlloc(), AppLayerParserThreadCtxFree(), DetectEngineThreadCtx_::buffer_offset, DetectPcreData_::capids, DetectPcreData_::captypes, PacketAlerts_::cnt, SigMatch_::ctx, SigMatchData_::ctx, FlowVar_::data, DE_QUIET, DETECT_CONTENT, DETECT_CONTENT_RELATIVE_NEXT, DETECT_PCRE, DETECT_PCRE_CAPTURE_MAX, DETECT_PCRE_CASELESS, DETECT_PCRE_MATCH_LIMIT, DETECT_PCRE_NEGATE, DETECT_PCRE_RAWBYTES, DETECT_PCRE_RELATIVE, DETECT_PCRE_RELATIVE_NEXT, DETECT_SM_LIST_NOTSET, DETECT_SM_LIST_PMATCH, DETECT_VAR_TYPE_FLOW_POSTMATCH, DETECT_VAR_TYPE_PKT_POSTMATCH, DetectBufferGetActiveList(), DetectBufferTypeGetByName(), DetectEngineAppendSig(), DetectEngineCtxFree(), DetectEngineCtxInit(), DetectEngineThreadCtxDeinit(), DetectEngineThreadCtxInit(), DetectFlowvarPostMatchSetup(), DetectGetLastSMByListPtr(), DetectSignatureSetAppProto(), DetectVarStoreMatch(), DetectVarStoreMatchKeyValue(), FAIL, FAIL_IF, FAIL_IF_NOT, FAIL_IF_NOT_NULL, FAIL_IF_NULL, HtpBody_::first, DetectPcreData_::flags, DetectContentData_::flags, Flow_::flags, Packet_::flags, Signature_::flags, DetectEngineCtx_::flags, Packet_::flow, FLOW_DESTROY, FLOW_INITIALIZE, FLOW_IPV4, FLOW_PKT_ESTABLISHED, FLOW_PKT_TOSERVER, Packet_::flowflags, FLOWLOCK_UNLOCK, FLOWLOCK_WRLOCK, FlowVarGet(), FlowVar_::fv_str, DetectPcreData_::idx, Signature_::init_data, len, SignatureInitData_::list, MAX_SUBSTRINGS, MIN, SignatureInitData_::negated, Signature_::next, offset, PacketAlertCheck(), PASS, payload_len, pcre_free_study, DetectEngineThreadCtx_::pcre_match_start_offset, PKT_HAS_FLOW, PKT_STREAM_EST, SigMatch_::prev, PrintRawDataFp(), Flow_::proto, Flow_::protoctx, DetectPcreData_::re, HtpTxUserData_::request_body, res, DetectEngineCtx_::rule_file, DetectEngineCtx_::rule_line, HtpBody_::sb, HtpBodyChunk_::sbseg, SC_ERR_INVALID_SIGNATURE, SC_ERR_PCRE_COMPILE, SC_ERR_PCRE_GET_SUBSTRING, SC_ERR_PCRE_MATCH, SC_ERR_PCRE_STUDY, SC_ERR_UNKNOWN_REGEX_MOD, SC_ERR_VAR_LIMIT, SC_MATCH_LIMIT_DEFAULT, SC_MATCH_LIMIT_RECURSION_DEFAULT, SCCalloc, SCEnter, SCFree, SCLogDebug, SCLogError, SCLogWarning, SCMalloc, SCReturnInt, SCSigOrderSignatures(), SCSigRegisterSignatureOrderingFuncs(), SCSigSignatureOrderingModuleCleanup(), DetectPcreData_::sd, SIG_FLAG_APPLAYER, DetectEngineCtx_::sig_list, SigAlloc(), SigCleanSignatures(), SigFree(), SigGroupBuild(), SigGroupCleanup(), SigInit(), SigMatchAlloc(), SigMatchAppendSMToList(), SigMatchSignatures(), STREAM_START, STREAM_TOSERVER, StreamingBufferSegmentCompareRawData(), StreamTcpFreeConfig(), StreamTcpInitConfig(), strlcpy(), Packet_::tcph, TRUE, SigMatch_::type, unlikely, UTHAddSessionToFlow(), UTHAddStreamToFlow(), UTHBuildFlow(), UTHBuildPacket(), UTHFreeFlow(), UTHFreePacket(), UTHFreePackets(), UTHPacketMatchSig(), UTHRemoveSessionFromFlow(), UtRegisterTest(), FlowVarTypeStr::value, FlowVarTypeStr::value_len, VAR_TYPE_FLOW_VAR, VAR_TYPE_PKT_VAR, VAR_TYPE_PKT_VAR_KV, VarNameStoreLookupByName(), and VarNameStoreSetupAdd().
Referenced by DetectEngineContentInspection().
void DetectPcreRegister | ( | void | ) |
Definition at line 86 of file detect-pcre.c.
References ConfGetInt(), SigTableElmt_::desc, DETECT_PCRE, DetectParseRegexAddToFreeList(), DetectSetupParseRegexes(), DOC_URL, DOC_VERSION, FatalError, SigTableElmt_::flags, SigTableElmt_::Free, SigTableElmt_::Match, SigTableElmt_::name, PageSupportsRWX, PARSE_CAPTURE_REGEX, PARSE_REGEX, SigTableElmt_::RegisterTests, SC_ERR_PCRE_COMPILE, SC_ERR_PCRE_STUDY, SC_MATCH_LIMIT_DEFAULT, SC_MATCH_LIMIT_RECURSION_DEFAULT, SCLogDebug, SCLogInfo, SigTableElmt_::Setup, SIGMATCH_HANDLE_NEGATION, SIGMATCH_QUOTES_OPTIONAL, sigmatch_table, and SigTableElmt_::url.
Referenced by SigTableSetup().