#include "suricata-common.h"
#include "suricata.h"
#include "app-layer-parser.h"
#include "app-layer-frames.h"
#include "detect-engine.h"
#include "detect-engine-prefilter.h"
#include "detect-engine-content-inspection.h"
#include "detect-engine-mpm.h"
#include "detect-engine-frame.h"
#include "stream-tcp.h"
#include "util-profiling.h"
#include "util-validate.h"
#include "util-print.h"

Include dependency graph for detect-engine-frame.c:

Data Structures
struct	FrameStreamData

struct	PrefilterMpmFrameCtx

Typedefs
typedef struct PrefilterMpmFrameCtx	PrefilterMpmFrameCtx

Functions
void	DetectRunPrefilterFrame (DetectEngineThreadCtx det_ctx, const SigGroupHead sgh, Packet p, const Frames frames, const Frame *frame, const AppProto alproto)

int	PrefilterGenericMpmFrameRegister (DetectEngineCtx de_ctx, SigGroupHead sgh, MpmCtx mpm_ctx, const DetectBufferMpmRegistry mpm_reg, int list_id)

bool	DetectRunFrameInspectRule (ThreadVars tv, DetectEngineThreadCtx det_ctx, const Signature s, Flow f, Packet p, const Frames frames, const Frame *frame)

int	DetectEngineInspectFrameBufferGeneric (DetectEngineThreadCtx det_ctx, const DetectEngineFrameInspectionEngine engine, const Signature s, Packet p, const Frames frames, const Frame frame)
	Do the content inspection & validation for a signature.

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file detect-engine-frame.c.

Typedef Documentation

◆ PrefilterMpmFrameCtx

typedef struct PrefilterMpmFrameCtx PrefilterMpmFrameCtx

Function Documentation

◆ DetectEngineInspectFrameBufferGeneric()

int DetectEngineInspectFrameBufferGeneric	(	DetectEngineThreadCtx *	det_ctx,
		const DetectEngineFrameInspectionEngine *	engine,
		const Signature *	s,
		Packet *	p,
		const Frames *	frames,
		const Frame *	frame
	)

Do the content inspection & validation for a signature.

Parameters

de_ctx	Detection engine context
det_ctx	Detection engine thread context
s	Signature to inspect
p	Packet
frame	stream frame to inspect

Return values

0	no match.
1	match.

Definition at line 560 of file detect-engine-frame.c.

References TcpSession_::client, DEBUG_VALIDATE_BUG_ON, FrameStreamData::det_ctx, DETECT_ENGINE_INSPECT_SIG_NO_MATCH, Packet_::flow, FrameStreamData::frame, Frame::id, Signature_::id, FrameStreamData::inspect_engine, FrameStreamData::inspect_result, FrameStreamData::list_id, DetectEngineFrameInspectionEngine::mpm, FrameStreamData::p, Packet_::pcap_cnt, PKT_IS_PSEUDOPKT, PKT_IS_TOSERVER, Packet_::proto, Flow_::protoctx, FrameStreamData::requested_stream_offset, FrameStreamData::s, SCLogDebug, TcpSession_::server, DetectEngineFrameInspectionEngine::sm_list, TcpSession_::state, StreamReassembleForFrame(), TCP_CLOSED, FrameStreamData::transforms, DetectEngineFrameInspectionEngine::transforms, and DetectEngineFrameInspectionEngine::v1.

Referenced by DetectEngineBufferTypeRegisterWithFrameEngines().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DetectRunFrameInspectRule()

bool DetectRunFrameInspectRule	(	ThreadVars *	tv,
		DetectEngineThreadCtx *	det_ctx,
		const Signature *	s,
		Flow *	f,
		Packet *	p,
		const Frames *	frames,
		const Frame *	frame
	)

Definition at line 228 of file detect-engine-frame.c.

References Flow_::alproto, AppLayerParserGetFrameNameById(), DEBUG_VALIDATE_BUG_ON, FrameStreamData::det_ctx, FrameStreamData::frame, Signature_::frame_inspect, Frame::id, Signature_::id, FrameStreamData::p, Flow_::proto, FrameStreamData::s, SCLogDebug, and Frame::type.

Here is the call graph for this function:

◆ DetectRunPrefilterFrame()

void DetectRunPrefilterFrame	(	DetectEngineThreadCtx *	det_ctx,
		const SigGroupHead *	sgh,
		Packet *	p,
		const Frames *	frames,
		const Frame *	frame,
		const AppProto	alproto
	)

Definition at line 73 of file detect-engine-frame.c.

References PrefilterEngine_::alproto, ALPROTO_UNKNOWN, PrefilterEngine_::cb, PrefilterEngine_::ctx, FRAME_ANY_TYPE, SigGroupHead_::frame_engines, PrefilterEngine_::frame_type, PrefilterEngine_::gid, PrefilterEngine_::is_last, Packet_::pcap_cnt, PrefilterEngine_::pectx, PREFILTER_PROFILING_END, PREFILTER_PROFILING_START, PrefilterEngine_::PrefilterFrame, SCLogDebug, and Frame::type.

◆ PrefilterGenericMpmFrameRegister()

int PrefilterGenericMpmFrameRegister	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	sgh,
		MpmCtx *	mpm_ctx,
		const DetectBufferMpmRegistry *	mpm_reg,
		int	list_id
	)

Definition at line 208 of file detect-engine-frame.c.

References DetectBufferMpmRegistry_::alproto, ALPROTO_UNKNOWN, BUG_ON, de_ctx, DetectBufferMpmRegistry_::frame_v1, FrameStreamData::list_id, PrefilterMpmFrameCtx::list_id, FrameStreamData::mpm_ctx, PrefilterMpmFrameCtx::mpm_ctx, DetectBufferMpmRegistry_::pname, PrefilterAppendFrameEngine(), SCCalloc, SCEnter, SCFree, PrefilterMpmFrameCtx::transforms, DetectBufferMpmRegistry_::transforms, and DetectBufferMpmRegistry_::type.

Referenced by DetectEngineBufferTypeRegisterWithFrameEngines().

Here is the call graph for this function:

Here is the caller graph for this function:

Data Structures

Typedefs

Functions

Detailed Description

Typedef Documentation

◆ PrefilterMpmFrameCtx

Function Documentation

◆ DetectEngineInspectFrameBufferGeneric()

◆ DetectRunFrameInspectRule()

◆ DetectRunPrefilterFrame()

◆ PrefilterGenericMpmFrameRegister()