suricata
Data Structures | Macros | Typedefs | Functions
detect-pcre.h File Reference
#include "detect-parse.h"
Include dependency graph for detect-pcre.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  DetectPcreData_
 

Macros

#define DETECT_PCRE_RELATIVE   0x00001
 
#define DETECT_PCRE_RAWBYTES   0x00002
 
#define DETECT_PCRE_CASELESS   0x00004
 
#define DETECT_PCRE_RELATIVE_NEXT   0x00040
 
#define DETECT_PCRE_NEGATE   0x00080
 
#define DETECT_PCRE_CAPTURE_MAX   8
 
#define SC_MATCH_LIMIT_DEFAULT   3500
 
#define SC_MATCH_LIMIT_RECURSION_DEFAULT   1500
 

Typedefs

typedef struct DetectPcreData_ DetectPcreData
 

Functions

int DetectPcrePayloadMatch (DetectEngineThreadCtx *, const Signature *, const SigMatchData *, Packet *, Flow *, const uint8_t *, uint32_t)
 Match a regex on a single payload.
 
void DetectPcreRegister (void)
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file detect-pcre.h.

Macro Definition Documentation

◆ DETECT_PCRE_CAPTURE_MAX

#define DETECT_PCRE_CAPTURE_MAX   8

Definition at line 37 of file detect-pcre.h.

◆ DETECT_PCRE_CASELESS

#define DETECT_PCRE_CASELESS   0x00004

Definition at line 32 of file detect-pcre.h.

◆ DETECT_PCRE_NEGATE

#define DETECT_PCRE_NEGATE   0x00080

Definition at line 35 of file detect-pcre.h.

◆ DETECT_PCRE_RAWBYTES

#define DETECT_PCRE_RAWBYTES   0x00002

Definition at line 31 of file detect-pcre.h.

◆ DETECT_PCRE_RELATIVE

#define DETECT_PCRE_RELATIVE   0x00001

Definition at line 29 of file detect-pcre.h.

◆ DETECT_PCRE_RELATIVE_NEXT

#define DETECT_PCRE_RELATIVE_NEXT   0x00040

Definition at line 34 of file detect-pcre.h.

◆ SC_MATCH_LIMIT_DEFAULT

#define SC_MATCH_LIMIT_DEFAULT   3500

Definition at line 43 of file detect-pcre.h.

◆ SC_MATCH_LIMIT_RECURSION_DEFAULT

#define SC_MATCH_LIMIT_RECURSION_DEFAULT   1500

Definition at line 44 of file detect-pcre.h.

Typedef Documentation

◆ DetectPcreData

typedef struct DetectPcreData_ DetectPcreData

Function Documentation

◆ DetectPcrePayloadMatch()

int DetectPcrePayloadMatch ( DetectEngineThreadCtx det_ctx,
const Signature s,
const SigMatchData smd,
Packet p,
Flow f,
const uint8_t *  payload,
uint32_t  payload_len 
)

Match a regex on a single payload.

Parameters
det_ctxThread detection ctx.
sSignature.
smSig match to match against.
pPacket to set PktVars if any.
fFlow to set FlowVars if any.
payloadPayload to inspect.
payload_lenLength of the payload.
Return values
1Match.
0No match.

Definition at line 222 of file detect-pcre.c.

References DetectEngineThreadCtx_::buffer_offset, BUG_ON, DetectPcreData_::capids, DetectPcreData_::captypes, SigMatchData_::ctx, DETECT_PCRE_NEGATE, DETECT_PCRE_RELATIVE, DETECT_VAR_TYPE_FLOW_POSTMATCH, DETECT_VAR_TYPE_PKT_POSTMATCH, DetectThreadCtxGetKeywordThreadCtx(), DetectVarStoreMatch(), DetectVarStoreMatchKeyValue(), DetectPcreData_::flags, DetectPcreData_::idx, len, payload_len, DetectEngineThreadCtx_::pcre_match_start_offset, SCEnter, SCFree, SCLogDebug, SCMalloc, SCReturnInt, DetectPcreData_::thread_ctx_id, unlikely, VAR_TYPE_ALERT_VAR, VAR_TYPE_FLOW_VAR, VAR_TYPE_PKT_VAR, and VAR_TYPE_PKT_VAR_KV.

Here is the call graph for this function:

◆ DetectPcreRegister()

void DetectPcreRegister ( void  )

Definition at line 97 of file detect-pcre.c.

References SigTableElmt_::desc, DETECT_PCRE, DetectSetupPCRE2(), FatalError, SigTableElmt_::flags, SigTableElmt_::Free, SigTableElmt_::Match, SigTableElmt_::name, PageSupportsRWX, PARSE_CAPTURE_REGEX, PARSE_REGEX, SigTableElmt_::RegisterTests, SC_MATCH_LIMIT_DEFAULT, SC_MATCH_LIMIT_RECURSION_DEFAULT, SCConfGetInt(), SCLogConfig, SCLogDebug, SCLogInfo, SigTableElmt_::Setup, SIGMATCH_HANDLE_NEGATION, SIGMATCH_QUOTES_OPTIONAL, sigmatch_table, and SigTableElmt_::url.

Referenced by SigTableSetup().

Here is the call graph for this function:
Here is the caller graph for this function: