suricata.8.0.0/detect-file-data_8h_source.html

/* Copyright (C) 2007-2011 Open Information Security Foundation

 *

 * You can copy, redistribute or modify this Program under the terms of

 * the GNU General Public License version 2 as published by the Free

 * Software Foundation.

 *

 * This program is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * version 2 along with this program; if not, write to the Free Software

 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA

 * 02110-1301, USA.

 */


/**

 * \file

 *

 * \author Victor Julien <victor@inliniac.net>

 */


#ifndef SURICATA_DETECT_FILEDATA_H

#define SURICATA_DETECT_FILEDATA_H


/* prototypes */

void DetectFiledataRegister (void);


/* File handler registration */

#define MAX_DETECT_ALPROTO_CNT 10


typedef struct DetectFileHandlerTableElmt_ {

    const char *name;

    int priority;

    PrefilterRegisterFunc PrefilterFn;

    InspectEngineFuncPtr Callback;

    InspectionBufferGetDataPtr GetData;

    int al_protocols[MAX_DETECT_ALPROTO_CNT];

    int tx_progress;

    int progress;

} DetectFileHandlerTableElmt;


void DetectFileRegisterFileProtocols(DetectFileHandlerTableElmt *entry);


/* File registration table */

extern DetectFileHandlerTableElmt filehandler_table[DETECT_TBLSIZE_STATIC];


typedef struct PrefilterMpmFiledata {

    int list_id;

    int base_list_id;

    const MpmCtx *mpm_ctx;

    const DetectEngineTransforms *transforms;

} PrefilterMpmFiledata;


uint8_t DetectEngineInspectFiledata(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,

        const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,

        void *alstate, void *txv, uint64_t tx_id);

int PrefilterMpmFiledataRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx,

        const DetectBufferMpmRegistry *mpm_reg, int list_id);


#endif /* SURICATA_DETECT_FILEDATA_H */

flags
uint8_t flags
Definition decode-gre.h:0

InspectionBufferGetDataPtr
InspectionBuffer *(* InspectionBufferGetDataPtr)(struct DetectEngineThreadCtx_ *det_ctx, const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv, const int list_id)
Definition detect-engine-helper.h:39

PrefilterRegisterFunc
int(* PrefilterRegisterFunc)(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
Definition detect-engine-mpm.h:72

DETECT_TBLSIZE_STATIC
@ DETECT_TBLSIZE_STATIC
Definition detect-engine-register.h:331

DetectFileHandlerTableElmt
struct DetectFileHandlerTableElmt_ DetectFileHandlerTableElmt

filehandler_table
DetectFileHandlerTableElmt filehandler_table[DETECT_TBLSIZE_STATIC]
Definition detect-file-data.c:78

DetectFileRegisterFileProtocols
void DetectFileRegisterFileProtocols(DetectFileHandlerTableElmt *entry)
Definition detect-file-data.c:118

DetectFiledataRegister
void DetectFiledataRegister(void)
Registration function for keyword: file_data.
Definition detect-file-data.c:148

DetectEngineInspectFiledata
uint8_t DetectEngineInspectFiledata(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Definition detect-file-data.c:481

MAX_DETECT_ALPROTO_CNT
#define MAX_DETECT_ALPROTO_CNT
Definition detect-file-data.h:31

PrefilterMpmFiledataRegister
int PrefilterMpmFiledataRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
Definition detect-file-data.c:582

InspectEngineFuncPtr
uint8_t(* InspectEngineFuncPtr)(struct DetectEngineCtx_ *de_ctx, struct DetectEngineThreadCtx_ *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const struct Signature_ *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Definition detect.h:411

de_ctx
DetectEngineCtx * de_ctx
Definition fuzz_siginit.c:18

DetectBufferMpmRegistry_
one time registration of keywords at start up
Definition detect.h:762

DetectEngineAppInspectionEngine_
Definition detect.h:416

DetectEngineCtx_
main detection engine ctx
Definition detect.h:932

DetectEngineThreadCtx_
Definition detect.h:1244

DetectEngineTransforms
Definition detect.h:391

DetectFileHandlerTableElmt_
Definition detect-file-data.h:32

DetectFileHandlerTableElmt_::al_protocols
int al_protocols[MAX_DETECT_ALPROTO_CNT]
Definition detect-file-data.h:38

DetectFileHandlerTableElmt_::tx_progress
int tx_progress
Definition detect-file-data.h:39

DetectFileHandlerTableElmt_::name
const char * name
Definition detect-file-data.h:33

DetectFileHandlerTableElmt_::GetData
InspectionBufferGetDataPtr GetData
Definition detect-file-data.h:37

DetectFileHandlerTableElmt_::progress
int progress
Definition detect-file-data.h:40

DetectFileHandlerTableElmt_::PrefilterFn
PrefilterRegisterFunc PrefilterFn
Definition detect-file-data.h:35

DetectFileHandlerTableElmt_::Callback
InspectEngineFuncPtr Callback
Definition detect-file-data.h:36

DetectFileHandlerTableElmt_::priority
int priority
Definition detect-file-data.h:34

Flow_
Flow data structure.
Definition flow.h:356

MpmCtx_
Definition util-mpm.h:93

PrefilterMpmFiledata
Definition detect-file-data.h:47

PrefilterMpmFiledata::list_id
int list_id
Definition detect-file-data.h:48

PrefilterMpmFiledata::mpm_ctx
const MpmCtx * mpm_ctx
Definition detect-file-data.h:50

PrefilterMpmFiledata::base_list_id
int base_list_id
Definition detect-file-data.h:49

PrefilterMpmFiledata::transforms
const DetectEngineTransforms * transforms
Definition detect-file-data.h:51

SigGroupHead_
Container for matching data for a signature group.
Definition detect.h:1629

Signature_
Signature container.
Definition detect.h:668