Go to the documentation of this file.
37 static int g_smtp_helo_buffer_id = 0;
38 static int g_smtp_mail_from_buffer_id = 0;
39 static int g_smtp_rcpt_to_buffer_id = 0;
60 if (smtp_state->
helo == NULL || smtp_state->
helo_len == 0)
80 static bool GetSmtpMailFromData(
81 const void *txv,
const uint8_t _flow_flags,
const uint8_t **data, uint32_t *data_len)
103 uint32_t idx,
const uint8_t **buffer, uint32_t *buffer_len)
116 for (uint32_t i = 0; i < idx; i++) {
125 *buffer_len = s->
len;
132 kw.
name =
"smtp.helo";
133 kw.
desc =
"SMTP helo buffer";
134 kw.
url =
"/rules/smtp-keywords.html#smtp-helo";
135 kw.
Setup = DetectSmtpHeloSetup;
145 kw.
name =
"smtp.mail_from";
146 kw.
desc =
"SMTP mail from buffer";
147 kw.
url =
"/rules/smtp-keywords.html#smtp-mail-from";
148 kw.
Setup = DetectSmtpMailFromSetup;
152 "smtp.mail_from",
"SMTP MAIL FROM",
ALPROTO_SMTP, STREAM_TOSERVER, GetSmtpMailFromData);
154 kw.
name =
"smtp.rcpt_to";
155 kw.
desc =
"SMTP rcpt to buffer";
156 kw.
url =
"/rules/smtp-keywords.html#smtp-rcpt-to";
157 kw.
Setup = DetectSmtpRcptToSetup;
161 "smtp.rcpt_to",
"SMTP RCPT TO",
ALPROTO_SMTP, STREAM_TOSERVER, GetSmtpRcptToData);
void InspectionBufferApplyTransforms(DetectEngineThreadCtx *det_ctx, InspectionBuffer *buffer, const DetectEngineTransforms *transforms)
const char * url
keyword documentation url
#define SIGMATCH_INFO_STICKY_BUFFER
const char * name
keyword name
uint8_t DetectEngineInspectBufferGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
struct HtpBodyChunk_ * next
main detection engine ctx
#define TAILQ_EMPTY(head)
void InspectionBufferSetup(DetectEngineThreadCtx *det_ctx, const int list_id, InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len)
setup the buffer with our initial data
int SCDetectBufferSetActiveList(DetectEngineCtx *de_ctx, Signature *s, const int list)
int SCDetectHelperBufferMpmRegister(const char *name, const char *desc, AppProto alproto, uint8_t direction, InspectionSingleBufferGetDataPtr GetData)
const char * desc
keyword description
int SCDetectSignatureSetAppProto(Signature *s, AppProto alproto)
InspectionBuffer * InspectionBufferGet(DetectEngineThreadCtx *det_ctx, const int list_id)
int DetectBufferTypeGetByName(const char *name)
App-layer light version of SigTableElmt.
#define SIG_FLAG_TOSERVER
#define TAILQ_FIRST(head)
void SCDetectSMTPRegister(void)
int PrefilterGenericMpmRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
void DetectAppLayerMpmRegister(const char *name, int direction, int priority, PrefilterRegisterFunc PrefilterRegister, InspectionBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress)
register an app layer keyword for mpm
uint16_t SCDetectHelperKeywordRegister(const SCSigTableAppLiteElmt *kw)
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
function callback to parse and setup keyword in rule
int SCDetectHelperMultiBufferMpmRegister(const char *name, const char *desc, AppProto alproto, uint8_t direction, InspectionMultiBufferGetDataPtr GetData)
#define TAILQ_NEXT(elm, field)
uint16_t flags
flags SIGMATCH_*
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr Callback, InspectionBufferGetDataPtr GetData)
Registers an app inspection engine.
void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc)