#include "suricata-common.h"#include "decode.h"#include "action-globals.h"#include "detect.h"#include "threads.h"#include "flow.h"#include "flow-util.h"#include "detect-xbits.h"#include "detect-hostbits.h"#include "util-spm.h"#include "util-byte.h"#include "detect-engine-sigorder.h"#include "app-layer-parser.h"#include "detect-parse.h"#include "detect-engine.h"#include "detect-engine-mpm.h"#include "detect-engine-state.h"#include "detect-engine-build.h"#include "flow-bit.h"#include "host-bit.h"#include "ippair-bit.h"#include "tx-bit.h"#include "util-var-name.h"#include "util-unittest.h"#include "util-debug.h"
Include dependency graph for detect-xbits.c:
Go to the source code of this file.
Macros | |
| #define | PARSE_REGEX "^([a-z]+)" "(?:,\\s*([^,]+))?" "(?:,\\s*(?:track\\s+([^,]+)))" "(?:,\\s*(?:expire\\s+([^,]+)))?" |
| #define | BAD_INPUT(str) FAIL_IF_NOT(DetectXbitParse(de_ctx, (str), &cd) == -1); |
| #define | GOOD_INPUT(str, command, trk, typ, exp) |
Functions | |
| void | DetectXbitsRegister (void) |
Detailed Description
Implements the xbits keyword
Definition in file detect-xbits.c.
Macro Definition Documentation
◆ BAD_INPUT
| #define BAD_INPUT | ( | str | ) | FAIL_IF_NOT(DetectXbitParse(de_ctx, (str), &cd) == -1); |
◆ GOOD_INPUT
| #define GOOD_INPUT | ( | str, | |
| command, | |||
| trk, | |||
| typ, | |||
| exp | |||
| ) |
Value:
FAIL_IF_NULL(cd); \
FAIL_IF_NOT(cd->cmd == (command)); \
FAIL_IF_NOT(cd->tracker == (trk)); \
FAIL_IF_NOT(cd->type == (typ)); \
FAIL_IF_NOT(cd->expire == (exp)); \
DetectXbitFree(NULL, cd); \
cd = NULL;
◆ PARSE_REGEX
| #define PARSE_REGEX "^([a-z]+)" "(?:,\\s*([^,]+))?" "(?:,\\s*(?:track\\s+([^,]+)))" "(?:,\\s*(?:expire\\s+([^,]+)))?" |
Definition at line 62 of file detect-xbits.c.
Function Documentation
◆ DetectXbitsRegister()
| void DetectXbitsRegister | ( | void | ) |
Definition at line 73 of file detect-xbits.c.
References SigTableElmt_::AppLayerTxMatch, SigTableElmt_::desc, DETECT_XBITS, SigTableElmt_::name, sigmatch_table, and SigTableElmt_::url.
Referenced by SigTableSetup().
Here is the caller graph for this function:
