38 #include "rust-smb-detect-gen.h" 40 #define BUFFER_NAME "smb_named_pipe" 41 #define KEYWORD_NAME "smb.named_pipe" 42 #define KEYWORD_NAME_LEGACY BUFFER_NAME 43 #define KEYWORD_ID DETECT_SMB_NAMED_PIPE 45 static int g_smb_named_pipe_buffer_id = 0;
60 Flow *_f,
const uint8_t _flow_flags,
61 void *txv,
const int list_id)
66 const uint8_t *b = NULL;
68 if (rs_smb_tx_get_named_pipe(txv, &b, &b_len) != 1)
70 if (b == NULL || b_len == 0)
100 #undef KEYWORD_NAME_LEGACY 103 #define BUFFER_NAME "smb_share" 104 #define KEYWORD_NAME "smb.share" 105 #define KEYWORD_NAME_LEGACY BUFFER_NAME 106 #define KEYWORD_ID DETECT_SMB_SHARE 108 static int g_smb_share_buffer_id = 0;
123 Flow *_f,
const uint8_t _flow_flags,
124 void *txv,
const int list_id)
129 const uint8_t *b = NULL;
131 if (rs_smb_tx_get_share(txv, &b, &b_len) != 1)
133 if (b == NULL || b_len == 0)
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
void DetectSmbShareRegister(void)
#define KEYWORD_NAME_LEGACY
InspectionBuffer * InspectionBufferGet(DetectEngineThreadCtx *det_ctx, const int list_id)
void DetectAppLayerMpmRegister2(const char *name, int direction, int priority, int(*PrefilterRegister)(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistery *mpm_reg, int list_id), InspectionBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress)
register a MPM engine
main detection engine ctx
int DetectBufferTypeGetByName(const char *name)
#define SIGMATCH_INFO_STICKY_BUFFER
Data structures and function prototypes for keeping state for the detection engine.
#define SIG_FLAG_TOSERVER
void DetectAppLayerInspectEngineRegister2(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr2 Callback2, InspectionBufferGetDataPtr GetData)
register inspect engine at start up time
int DetectEngineInspectBufferGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
int PrefilterGenericMpmRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistery *mpm_reg, int list_id)
void InspectionBufferSetup(InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len)
setup the buffer with our initial data
void InspectionBufferApplyTransforms(InspectionBuffer *buffer, const DetectEngineTransforms *transforms)
int DetectBufferSetActiveList(Signature *s, const int list)
void DetectSmbNamedPipeRegister(void)