suricata
Macros | Functions | Variables
detect-engine-content-inspection.c File Reference
#include "../suricata-common.h"
#include "../decode.h"
#include "../flow.h"
#include "../detect.h"
#include "detect-engine-build.h"
Include dependency graph for detect-engine-content-inspection.c:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Macros

#define TEST_HEADER
 
#define TEST_RUN(buf, buflen, sig, match, steps)
 
#define TEST_FOOTER   PASS
 

Functions

void DetectEngineContentInspectionRegisterTests (void)
 

Variables

thread_local uint32_t ut_inspection_recursion_counter
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Tests for the content inspection engine.

Definition in file detect-engine-content-inspection.c.

Macro Definition Documentation

◆ TEST_FOOTER

#define TEST_FOOTER   PASS

Definition at line 61 of file detect-engine-content-inspection.c.

◆ TEST_HEADER

#define TEST_HEADER
Value:
ThreadVars tv; \
memset(&tv, 0, sizeof(tv)); \
Flow f; \
memset(&f, 0, sizeof(f));

Definition at line 35 of file detect-engine-content-inspection.c.

◆ TEST_RUN

#define TEST_RUN (   buf,
  buflen,
  sig,
  match,
  steps 
)
Value:
{ \
DetectEngineCtx *de_ctx = DetectEngineCtxInit(); \
FAIL_IF_NULL(de_ctx); \
DetectEngineThreadCtx *det_ctx = NULL; \
char rule[2048]; \
snprintf(rule, sizeof(rule), "alert tcp any any -> any any (%s sid:1; rev:1;)", (sig)); \
Signature *s = DetectEngineAppendSig(de_ctx, rule); \
FAIL_IF_NULL(s); \
SigGroupBuild(de_ctx); \
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); \
FAIL_IF_NULL(det_ctx); \
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, \
s->sm_arrays[DETECT_SM_LIST_PMATCH], NULL, &f, (uint8_t *)(buf), (buflen), 0, \
DETECT_CI_FLAGS_SINGLE, DETECT_ENGINE_CONTENT_INSPECTION_MODE_PAYLOAD); \
FAIL_IF_NOT(r == (match)); \
FAIL_IF_NOT(ut_inspection_recursion_counter == (steps)); \
DetectEngineThreadCtxDeinit(&tv, det_ctx); \
DetectEngineCtxFree(de_ctx); \
}

Definition at line 41 of file detect-engine-content-inspection.c.

Function Documentation

◆ DetectEngineContentInspectionRegisterTests()

void DetectEngineContentInspectionRegisterTests ( void  )

Definition at line 317 of file detect-engine-content-inspection.c.

References UtRegisterTest().

Here is the call graph for this function:

Variable Documentation

◆ ut_inspection_recursion_counter

thread_local uint32_t ut_inspection_recursion_counter

Definition at line 68 of file detect-engine-content-inspection.c.

DETECT_SM_LIST_PMATCH
@ DETECT_SM_LIST_PMATCH
Definition: detect.h:116
DetectEngineAppendSig
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
Definition: detect-parse.c:2587
DETECT_ENGINE_CONTENT_INSPECTION_MODE_PAYLOAD
@ DETECT_ENGINE_CONTENT_INSPECTION_MODE_PAYLOAD
Definition: detect-engine-content-inspection.h:32
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:58
DETECT_CI_FLAGS_SINGLE
#define DETECT_CI_FLAGS_SINGLE
Definition: detect-engine-content-inspection.h:49
ut_inspection_recursion_counter
thread_local uint32_t ut_inspection_recursion_counter
Definition: detect-engine-content-inspection.c:68
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:32
DetectEngineCtxInit
DetectEngineCtx * DetectEngineCtxInit(void)
Definition: detect-engine.c:2572
DetectEngineContentInspection
bool DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Packet *p, Flow *f, const uint8_t *buffer, const uint32_t buffer_len, const uint32_t stream_start_offset, const uint8_t flags, const enum DetectContentInspectionType inspection_mode)
wrapper around DetectEngineContentInspectionInternal to return true/false only
Definition: detect-engine-content-inspection.c:717