#include "suricata-common.h"#include "decode.h"#include "detect.h"#include "detect-parse.h"#include "detect-engine.h"#include "detect-engine-prefilter-common.h"#include "detect-engine-build.h"#include "flow.h"#include "flow-var.h"#include "detect-flow.h"#include "util-unittest.h"#include "util-unittest-helper.h"#include "util-debug.h"#include "detect-engine-alert.h"
Go to the source code of this file.
Macros | |
| #define | PARSE_REGEX "^\\s*([A-z_]+)\\s*(?:,\\s*([A-z_]+))?\\s*(?:,\\s*([A-z_]+))?\\s*$" |
| Regex for parsing our flow options. | |
| #define | SIG_FLAG_BOTH (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT) |
Functions | |
| int | DetectFlowMatch (DetectEngineThreadCtx *det_ctx, Packet *p, const Signature *s, const SigMatchCtx *ctx) |
| This function is used to match flow flags set on a packet with those passed via flow: | |
| void | DetectFlowFree (DetectEngineCtx *de_ctx, void *ptr) |
| this function will free memory associated with DetectFlowData | |
| void | DetectFlowRegister (void) |
| Registration function for flow: keyword. | |
| int | DetectFlowSetupImplicit (Signature *s, uint32_t flags) |
Detailed Description
FLOW part of the detection engine.
Definition in file detect-flow.c.
Macro Definition Documentation
◆ PARSE_REGEX
| #define PARSE_REGEX "^\\s*([A-z_]+)\\s*(?:,\\s*([A-z_]+))?\\s*(?:,\\s*([A-z_]+))?\\s*$" |
Regex for parsing our flow options.
Definition at line 47 of file detect-flow.c.
◆ SIG_FLAG_BOTH
| #define SIG_FLAG_BOTH (SIG_FLAG_TOSERVER|SIG_FLAG_TOCLIENT) |
Function Documentation
◆ DetectFlowFree()
| void DetectFlowFree | ( | DetectEngineCtx * | de_ctx, |
| void * | ptr | ||
| ) |
this function will free memory associated with DetectFlowData
- Parameters
-
fd pointer to DetectFlowData
Definition at line 465 of file detect-flow.c.
References SCFree.
Referenced by DetectFlowRegister().
◆ DetectFlowMatch()
| int DetectFlowMatch | ( | DetectEngineThreadCtx * | det_ctx, |
| Packet * | p, | ||
| const Signature * | s, | ||
| const SigMatchCtx * | ctx | ||
| ) |
This function is used to match flow flags set on a packet with those passed via flow:
- Parameters
-
t pointer to thread vars det_ctx pointer to the pattern matcher thread p pointer to the current packet m pointer to the sigmatch that we will cast into DetectFlowData
- Return values
-
0 no match 1 match
Definition at line 134 of file detect-flow.c.
References ctx, Packet_::flags, DetectFlowData_::flags, FLOW_PKT_ESTABLISHED, FLOW_PKT_TOCLIENT, FLOW_PKT_TOSERVER, Packet_::flowflags, DetectFlowData_::match_cnt, SCEnter, SCLogDebug, and SCReturnInt.
Referenced by DetectFlowRegister().
◆ DetectFlowRegister()
| void DetectFlowRegister | ( | void | ) |
Registration function for flow: keyword.
Definition at line 65 of file detect-flow.c.
References SigTableElmt_::desc, DETECT_FLOW, DETECT_TABLE_APP_FILTER_FLAG, DETECT_TABLE_APP_TD_FLAG, DETECT_TABLE_PACKET_FILTER_FLAG, DETECT_TABLE_PACKET_PRE_STREAM_FLAG, DETECT_TABLE_PACKET_TD_FLAG, DetectFlowFree(), DetectFlowMatch(), DetectSetupParseRegexes(), SigTableElmt_::flags, SigTableElmt_::Free, SigTableElmt_::Match, SigTableElmt_::name, PARSE_REGEX, SigTableElmt_::RegisterTests, SigTableElmt_::Setup, SigTableElmt_::SetupPrefilter, SIGMATCH_SUPPORT_FIREWALL, sigmatch_table, SigTableElmt_::SupportsPrefilter, SigTableElmt_::tables, and SigTableElmt_::url.
Referenced by SigTableSetup().
◆ DetectFlowSetupImplicit()
| int DetectFlowSetupImplicit | ( | Signature * | s, |
| uint32_t | flags | ||
| ) |
Definition at line 341 of file detect-flow.c.
References BUG_ON, flags, Signature_::flags, SCLogDebug, SIG_FLAG_BOTH, SIG_FLAG_TOCLIENT, and SIG_FLAG_TOSERVER.
