suricata: src/detect-engine-payload.h File Reference

suricata

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions
int	PrefilterPktPayloadRegister (DetectEngineCtx de_ctx, SigGroupHead sgh, MpmCtx *mpm_ctx)

int	PrefilterPktStreamRegister (DetectEngineCtx de_ctx, SigGroupHead sgh, MpmCtx *mpm_ctx)

uint8_t	DetectEngineInspectPacketPayload (DetectEngineCtx , DetectEngineThreadCtx , const Signature , Flow , Packet *)
	Do the content inspection & validation for a signature.

int	DetectEngineInspectStreamPayload (DetectEngineCtx , DetectEngineThreadCtx , const Signature , Flow , Packet *)
	Do the content inspection & validation for a signature on the raw stream.

uint8_t	DetectEngineInspectStream (DetectEngineCtx de_ctx, DetectEngineThreadCtx det_ctx, const struct DetectEngineAppInspectionEngine_ engine, const Signature s, Flow f, uint8_t flags, void alstate, void *txv, uint64_t tx_id)
	inspect engine for stateful rules

void	PayloadRegisterTests (void)

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file detect-engine-payload.h.

Function Documentation

◆ DetectEngineInspectPacketPayload()

uint8_t DetectEngineInspectPacketPayload	(	DetectEngineCtx *	de_ctx,
		DetectEngineThreadCtx *	det_ctx,
		const Signature *	s,
		Flow *	f,
		Packet *	p
	)

Do the content inspection & validation for a signature.

Parameters

de_ctx	Detection engine context
det_ctx	Detection engine thread context
s	Signature to inspect
f	flow (for pcre flowvar storage)
p	Packet

Return values

0	no match
1	match

Definition at line 152 of file detect-engine-payload.c.

References de_ctx, StreamMpmData::det_ctx, DETECT_CI_FLAGS_SINGLE, DETECT_ENGINE_CONTENT_INSPECTION_MODE_PAYLOAD, DETECT_SM_LIST_PMATCH, DetectEngineContentInspection(), Packet_::payload, Packet_::payload_len, SCEnter, SCReturnInt, and Signature_::sm_arrays.

Here is the call graph for this function:

◆ DetectEngineInspectStream()

uint8_t DetectEngineInspectStream	(	DetectEngineCtx *	de_ctx,
		DetectEngineThreadCtx *	det_ctx,
		const struct DetectEngineAppInspectionEngine_ *	engine,
		const Signature *	s,
		Flow *	f,
		uint8_t	flags,
		void *	alstate,
		void *	txv,
		uint64_t	tx_id
	)

inspect engine for stateful rules

Caches results as it may be called multiple times if we inspect multiple transactions in one packet.

Returns "can't match" if depth is reached.

Definition at line 298 of file detect-engine-payload.c.

References TcpSession_::client, de_ctx, StreamContentInspectEngineData::det_ctx, DETECT_ENGINE_INSPECT_SIG_CANT_MATCH, DETECT_ENGINE_INSPECT_SIG_MATCH, DETECT_ENGINE_INSPECT_SIG_NO_MATCH, StreamContentInspectEngineData::f, flags, Signature_::flags, TcpStream_::flags, Signature_::id, DetectEngineThreadCtx_::p, Packet_::pcap_cnt, Packet_::proto, Flow_::protoctx, DetectEngineThreadCtx_::raw_stream_progress, StreamContentInspectEngineData::s, SCLogDebug, TcpSession_::server, SIG_FLAG_FLUSH, DetectEngineAppInspectionEngine_::smd, StreamReassembleRaw(), and STREAMTCP_STREAM_FLAG_DEPTH_REACHED.

Here is the call graph for this function:

◆ DetectEngineInspectStreamPayload()

int DetectEngineInspectStreamPayload	(	DetectEngineCtx *	de_ctx,
		DetectEngineThreadCtx *	det_ctx,
		const Signature *	s,
		Flow *	f,
		Packet *	p
	)

Do the content inspection & validation for a signature on the raw stream.

Parameters

de_ctx	Detection engine context
det_ctx	Detection engine thread context
s	Signature to inspect
f	flow (for pcre flowvar storage)

Return values

0	no match
1	match

Definition at line 248 of file detect-engine-payload.c.

References de_ctx, StreamContentInspectData::det_ctx, StreamContentInspectData::f, Signature_::flags, Flow_::protoctx, StreamContentInspectData::s, SCEnter, SCLogDebug, SIG_FLAG_FLUSH, and StreamReassembleRaw().

Here is the call graph for this function:

◆ PayloadRegisterTests()

void PayloadRegisterTests ( void )

Definition at line 1142 of file detect-engine-payload.c.

References UtRegisterTest().

Here is the call graph for this function:

◆ PrefilterPktPayloadRegister()

int PrefilterPktPayloadRegister	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	sgh,
		MpmCtx *	mpm_ctx
	)

Definition at line 132 of file detect-engine-payload.c.

References de_ctx, StreamMpmData::mpm_ctx, and PrefilterAppendPayloadEngine().

Referenced by PatternMatchPrepareGroup().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ PrefilterPktStreamRegister()

int PrefilterPktStreamRegister	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	sgh,
		MpmCtx *	mpm_ctx
	)

Definition at line 109 of file detect-engine-payload.c.

References de_ctx, StreamMpmData::mpm_ctx, and PrefilterAppendPayloadEngine().

Referenced by PatternMatchPrepareGroup().

Here is the call graph for this function:

Here is the caller graph for this function:

src
detect-engine-payload.h
Generated on Wed Jul 23 2025 10:11:03 for suricata by 1.9.8