suricata
detect-byte-extract.h File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

void DetectByteExtractRegister (void)
 Registers the keyword handlers for the "byte_extract" keyword.
 
SigMatchDetectByteExtractRetrieveSMVar (const char *, int sm_list, const Signature *)
 Lookup the SigMatch for a named byte_extract variable.
 
int DetectByteExtractDoMatch (DetectEngineThreadCtx *, const SigMatchData *, const Signature *, const uint8_t *, uint32_t, uint64_t *, uint8_t)
 

Detailed Description

Function Documentation

◆ DetectByteExtractDoMatch()

int DetectByteExtractDoMatch ( DetectEngineThreadCtx det_ctx,
const SigMatchData smd,
const Signature s,
const uint8_t *  payload,
uint32_t  payload_len,
uint64_t *  value,
uint8_t  endian 
)

◆ DetectByteExtractRegister()

void DetectByteExtractRegister ( void  )

Registers the keyword handlers for the "byte_extract" keyword.

Definition at line 69 of file detect-byte-extract.c.

References SigTableElmt_::desc, DETECT_BYTE_EXTRACT, SigTableElmt_::Free, SigTableElmt_::Match, SigTableElmt_::name, SigTableElmt_::RegisterTests, SigTableElmt_::Setup, sigmatch_table, and SigTableElmt_::url.

Referenced by SigTableSetup().

Here is the caller graph for this function:

◆ DetectByteExtractRetrieveSMVar()

SigMatch * DetectByteExtractRetrieveSMVar ( const char *  arg,
int  sm_list,
const Signature s 
)

Lookup the SigMatch for a named byte_extract variable.

Parameters
argThe name of the byte_extract variable to lookup.
sPointer the signature to look in.
Return values
Apointer to the SigMatch if found, otherwise NULL.

Definition at line 375 of file detect-byte-extract.c.

References SignatureInitData_::buffer_index, SignatureInitData_::buffers, SigMatch_::ctx, DETECT_BYTE_EXTRACT, DETECT_SM_LIST_MAX, SignatureInitDataBuffer_::head, Signature_::init_data, SigMatch_::next, SignatureInitData_::smlists, and SigMatch_::type.

Referenced by DetectByteRetrieveSMVar().

Here is the caller graph for this function: