66 const char *
str = depthstr;
74 "preceding content, uricontent option, http_client_body, "
75 "http_server_body, http_header option, http_raw_header option, "
76 "http_method option, http_cookie, http_raw_uri, "
77 "http_stat_msg, http_stat_code, http_user_agent, "
78 "http_host, http_raw_host or "
79 "file_data/dce_stub_data sticky buffer options.");
87 SCLogError(
"can't use multiple depths for the same content.");
92 "keyword like within/distance with a absolute "
93 "relative keyword like depth/offset for the same "
99 "negated keyword set along with 'fast_pattern'.");
104 "keyword set along with 'fast_pattern:only;'.");
107 if (
str[0] !=
'-' && isalpha((
unsigned char)
str[0])) {
111 "seen in depth - %s.",
124 if (cd->depth < cd->content_len) {
126 "content of len %u.",
127 cd->depth, cd->content_len);
131 cd->depth += cd->offset;
149 "preceding content option.");
158 "depth/startswith settings for the same content.");
163 "keyword like within/distance with a absolute "
164 "relative keyword like depth/offset for the same "
170 "negated keyword set along with a 'fast_pattern'.");
175 "keyword set along with 'fast_pattern:only;'.");
184 cd->depth = cd->content_len;
bool DetectByteRetrieveSMVar(const char *arg, const Signature *s, int sm_list, DetectByteIndexType *index)
Used to retrieve args from BM.
uint8_t DetectByteIndexType
#define DETECT_CONTENT_STARTS_WITH
#define DETECT_CONTENT_DEPTH
#define DETECT_CONTENT_FAST_PATTERN_ONLY
#define DETECT_CONTENT_WITHIN
#define DETECT_CONTENT_FAST_PATTERN
#define DETECT_CONTENT_DEPTH_VAR
#define DETECT_CONTENT_DISTANCE
#define DETECT_CONTENT_OFFSET
#define DETECT_CONTENT_NEGATED
void DetectDepthRegister(void)
SigMatch * DetectGetLastSMFromLists(const Signature *s,...)
Returns the sm with the largest index (added latest) from the lists passed to us.
SigTableElmt * sigmatch_table
main detection engine ctx
a single match condition for a signature
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
void(* Free)(DetectEngineCtx *, void *)
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
int StringParseUint16(uint16_t *res, int base, size_t len, const char *str)
#define SCLogError(...)
Macro used to log ERROR messages.