detect-file-data.c File Reference

#include "suricata-common.h"
#include "threads.h"
#include "decode.h"
#include "detect.h"
#include "detect-parse.h"
#include "detect-engine.h"
#include "detect-engine-buffer.h"
#include "detect-engine-mpm.h"
#include "detect-engine-state.h"
#include "detect-engine-prefilter.h"
#include "detect-engine-content-inspection.h"
#include "detect-engine-file.h"
#include "detect-file-data.h"
#include "app-layer.h"
#include "app-layer-parser.h"
#include "app-layer-htp.h"
#include "app-layer-smtp.h"
#include "flow.h"
#include "flow-var.h"
#include "flow-util.h"
#include "util-debug.h"
#include "util-spm-bm.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "util-file-decompression.h"
#include "util-profiling.h"
#include "tests/detect-file-data.c"

Include dependency graph for detect-file-data.c:

Go to the source code of this file.

Data Structures
struct	DetectFileHandlerProtocol_t

Macros
#define	ALPROTO_WITHFILES_MAX   16

Functions
int	PrefilterMpmFiledataRegister (DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
void	DetectFileRegisterProto (AppProto alproto, int direction, int to_client_progress, int to_server_progress)
void	DetectFileRegisterFileProtocols (DetectFileHandlerTableElmt *reg)
void	DetectFiledataRegister (void)
	Registration function for keyword: file_data.
uint8_t	DetectEngineInspectFiledata (DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)

Variables
DetectFileHandlerTableElmt	filehandler_table [DETECT_TBLSIZE_STATIC]
DetectFileHandlerProtocol_t	al_protocols [ALPROTO_WITHFILES_MAX]

Detailed Description

Author

Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file detect-file-data.c.

Macro Definition Documentation

ALPROTO_WITHFILES_MAX

#define ALPROTO_WITHFILES_MAX   16

Definition at line 80 of file detect-file-data.c.

Function Documentation

DetectEngineInspectFiledata()

uint8_t DetectEngineInspectFiledata	(	DetectEngineCtx *	de_ctx,
		DetectEngineThreadCtx *	det_ctx,
		const DetectEngineAppInspectionEngine *	engine,
		const Signature *	s,
		Flow *	f,
		uint8_t	flags,
		void *	alstate,
		void *	txv,
		uint64_t	tx_id
	)

Definition at line 481 of file detect-file-data.c.

References Flow_::alproto, AppLayerParserGetStateProgress(), AppLayerParserGetTxFiles(), de_ctx, DETECT_CI_FLAGS_END, DETECT_CI_FLAGS_START, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, DETECT_ENGINE_INSPECT_SIG_CANT_MATCH_FILES, DETECT_ENGINE_INSPECT_SIG_MATCH, DETECT_ENGINE_INSPECT_SIG_NO_MATCH, DetectEngineContentInspection(), FILE_STATE_CLOSED, flags, FileContainer_::head, InspectionBuffer::inspect, InspectionBuffer::inspect_len, InspectionBuffer::inspect_offset, DetectEngineAppInspectionEngine_::match_on_null, DetectEngineAppInspectionEngine_::mpm, File_::next, DetectEngineAppInspectionEngine_::progress, Flow_::proto, DetectEngineAppInspectionEngine_::sm_list, DetectEngineAppInspectionEngine_::sm_list_base, DetectEngineAppInspectionEngine_::smd, File_::state, DetectEngineAppInspectionEngine_::transforms, and DetectEngineAppInspectionEngine_::v2.

Referenced by DetectFiledataRegister(), and DetectHttpClientBodyRegister().

Here is the call graph for this function:

Here is the caller graph for this function:

DetectFiledataRegister()

void DetectFiledataRegister

(

void

)

Registration function for keyword: file_data.

Definition at line 148 of file detect-file-data.c.

References SigTableElmt_::alias, DetectFileHandlerTableElmt_::Callback, SigTableElmt_::desc, DETECT_FILE_DATA, DetectBufferTypeGetByName(), DetectBufferTypeRegisterSetupCallback(), DetectBufferTypeSetDescriptionByName(), DetectBufferTypeSupportsMultiInstance(), DetectEngineInspectFiledata(), DetectFiledataRegisterTests(), filehandler_table, SigTableElmt_::flags, DetectFileHandlerTableElmt_::name, SigTableElmt_::name, DetectFileHandlerTableElmt_::PrefilterFn, PrefilterMpmFiledataRegister(), DetectFileHandlerTableElmt_::priority, SigTableElmt_::RegisterTests, SigTableElmt_::Setup, SIGMATCH_OPTIONAL_OPT, SIGMATCH_SUPPORT_DIR, sigmatch_table, and SigTableElmt_::url.

Referenced by SigTableSetup().

Here is the call graph for this function:

Here is the caller graph for this function:

DetectFileRegisterFileProtocols()

void DetectFileRegisterFileProtocols

(

DetectFileHandlerTableElmt *

reg

)

Definition at line 118 of file detect-file-data.c.

References al_protocols, DetectFileHandlerProtocol_t::alproto, ALPROTO_UNKNOWN, DetectFileHandlerTableElmt_::Callback, DetectAppLayerInspectEngineRegister(), DetectAppLayerMpmRegister(), DetectFileHandlerProtocol_t::direction, g_alproto_max, DetectFileHandlerTableElmt_::GetData, DetectFileHandlerTableElmt_::name, DetectFileHandlerTableElmt_::PrefilterFn, DetectFileHandlerTableElmt_::priority, SIG_FLAG_TOCLIENT, SIG_FLAG_TOSERVER, DetectFileHandlerProtocol_t::to_client_progress, and DetectFileHandlerProtocol_t::to_server_progress.

Here is the call graph for this function:

DetectFileRegisterProto()

void DetectFileRegisterProto	(	AppProto	alproto,
		int	direction,
		int	to_client_progress,
		int	to_server_progress
	)

Definition at line 99 of file detect-file-data.c.

References al_protocols, DetectFileHandlerProtocol_t::alproto, ALPROTO_UNKNOWN, ALPROTO_WITHFILES_MAX, DetectFileHandlerProtocol_t::direction, DetectFileHandlerProtocol_t::to_client_progress, and DetectFileHandlerProtocol_t::to_server_progress.

PrefilterMpmFiledataRegister()

int PrefilterMpmFiledataRegister	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	sgh,
		MpmCtx *	mpm_ctx,
		const DetectBufferMpmRegistry *	mpm_reg,
		int	list_id
	)

Definition at line 582 of file detect-file-data.c.

References DetectBufferMpmRegistry_::alproto, DetectBufferMpmRegistry_::app_v2, PrefilterMpmFiledata::base_list_id, de_ctx, PrefilterMpmFiledata::list_id, PrefilterMpmFiledata::mpm_ctx, DetectBufferMpmRegistry_::pname, PrefilterAppendTxEngine(), SCCalloc, DetectBufferMpmRegistry_::sm_list_base, PrefilterMpmFiledata::transforms, DetectBufferMpmRegistry_::transforms, and DetectBufferMpmRegistry_::tx_min_progress.

Referenced by DetectFiledataRegister(), and DetectHttpClientBodyRegister().

Here is the call graph for this function:

Here is the caller graph for this function:

Variable Documentation

al_protocols

DetectFileHandlerProtocol_t al_protocols[ALPROTO_WITHFILES_MAX]

Initial value:

= {
    { .alproto = ALPROTO_NFS, .direction = SIG_FLAG_TOSERVER | SIG_FLAG_TOCLIENT },
    { .alproto = ALPROTO_SMB, .direction = SIG_FLAG_TOSERVER | SIG_FLAG_TOCLIENT },
    { .alproto = ALPROTO_FTP, .direction = SIG_FLAG_TOSERVER | SIG_FLAG_TOCLIENT },
    { .alproto = ALPROTO_FTPDATA, .direction = SIG_FLAG_TOSERVER | SIG_FLAG_TOCLIENT },
    { .alproto = ALPROTO_HTTP1,
            .direction = SIG_FLAG_TOSERVER | SIG_FLAG_TOCLIENT,
            .to_client_progress = HTP_RESPONSE_PROGRESS_BODY,
            .to_server_progress = HTP_REQUEST_PROGRESS_BODY },
    { .alproto = ALPROTO_HTTP2,
            .direction = SIG_FLAG_TOSERVER | SIG_FLAG_TOCLIENT,
            .to_client_progress = HTTP2StateDataServer,
            .to_server_progress = HTTP2StateDataClient },
    { .alproto = ALPROTO_SMTP, .direction = SIG_FLAG_TOSERVER }, { .alproto = ALPROTO_UNKNOWN }
}

Definition at line 83 of file detect-file-data.c.

Referenced by DetectFileRegisterFileProtocols(), and DetectFileRegisterProto().

filehandler_table

DetectFileHandlerTableElmt filehandler_table[DETECT_TBLSIZE_STATIC]

Definition at line 78 of file detect-file-data.c.

Referenced by DetectFiledataRegister(), and DetectFilenameRegister().