#define MAX_ALPROTO_NAME 50
+typedef struct DetectAppLayerEventData_ {
+ AppProto alproto;
+ uint8_t event_id;
+
+ /* it's used to check if there are event set into the detect engine */
+ bool needs_detctx;
+
+ char *arg;
+} DetectAppLayerEventData;
+
static int DetectAppLayerEventPktMatch(DetectEngineThreadCtx *det_ctx,
Packet *p, const Signature *s, const SigMatchCtx *ctx);
static int DetectAppLayerEventSetupP1(DetectEngineCtx *, Signature *, const char *);
#ifndef __DETECT_APP_LAYER_EVENT_H__
#define __DETECT_APP_LAYER_EVENT_H__
-typedef struct DetectAppLayerEventData_ {
- AppProto alproto;
- uint8_t event_id;
-
- /* it's used to check if there are event set into the detect engine */
- bool needs_detctx;
-
- char *arg;
-} DetectAppLayerEventData;
-
int DetectAppLayerEventPrepare(DetectEngineCtx *de_ctx, Signature *s);
void DetectAppLayerEventRegister(void);
static void DetectAppLayerProtocolRegisterTests(void);
#endif
+typedef struct DetectAppLayerProtocolData_ {
+ AppProto alproto;
+ uint8_t negated;
+} DetectAppLayerProtocolData;
+
static int DetectAppLayerProtocolPacketMatch(
DetectEngineThreadCtx *det_ctx,
Packet *p, const Signature *s, const SigMatchCtx *ctx)
#ifndef __DETECT_APP_LAYER_PROTOCOL__H__
#define __DETECT_APP_LAYER_PROTOCOL__H__
-typedef struct DetectAppLayerProtocolData_ {
- AppProto alproto;
- uint8_t negated;
-} DetectAppLayerProtocolData;
-
void DetectAppLayerProtocolRegister(void);
#endif /* __DETECT_APP_LAYER_PROTOCOL__H__ */
/* Arbitrary maximum buffer size for decoded base64 data. */
#define BASE64_DECODE_MAX 65535
+typedef struct DetectBase64Decode_ {
+ uint32_t bytes;
+ uint32_t offset;
+ uint8_t relative;
+} DetectBase64Decode;
+
static const char decode_pattern[] = "\\s*(bytes\\s+(\\d+),?)?"
"\\s*(offset\\s+(\\d+),?)?"
"\\s*(\\w+)?";
#ifndef __DETECT_BASE64_DECODE_H__
#define __DETECT_BASE64_DECODE_H__
-
-typedef struct DetectBase64Decode_ {
- uint32_t bytes;
- uint32_t offset;
- uint8_t relative;
-} DetectBase64Decode;
-
void DetectBase64DecodeRegister(void);
int DetectBase64DecodeDoMatch(DetectEngineThreadCtx *, const Signature *,
const SigMatchData *, const uint8_t *, uint32_t);
#include "util-profiling.h"
#include "detect-engine-build.h"
+#define DETECT_CSUM_VALID "valid"
+#define DETECT_CSUM_INVALID "invalid"
+
+typedef struct DetectCsumData_ {
+ /* Indicates if the csum-<protocol> keyword in a rule holds the
+ keyvalue "valid" or "invalid" */
+ int16_t valid;
+} DetectCsumData;
+
/* prototypes for the "ipv4-csum" rule keyword */
static int DetectIPV4CsumMatch(DetectEngineThreadCtx *,
Packet *, const Signature *, const SigMatchCtx *);
#ifndef __DETECT_CSUM_H__
#define __DETECT_CSUM_H__
-#define DETECT_CSUM_VALID "valid"
-#define DETECT_CSUM_INVALID "invalid"
-
-typedef struct DetectCsumData_ {
- /* Indicates if the csum-<protocol> keyword in a rule holds the
- keyvalue "valid" or "invalid" */
- int16_t valid;
-} DetectCsumData;
-
void DetectCsumRegister(void);
#endif /* __DETECT_CSUM_H__ */
projects / thirdparty / suricata.git / commitdiff
