return false;
}
+/** \brief wrapper around DetectEngineContentInspectionInternal to return true/false only
+ *
+ * \param smd sigmatches to evaluate
+ */
+bool DetectEngineContentInspectionBuffer(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatchData *smd, Packet *p, Flow *f, const InspectionBuffer *b,
+ const enum DetectContentInspectionType inspection_mode)
+{
+ det_ctx->buffer_offset = 0;
+ det_ctx->inspection_recursion_counter = 0;
+
+ int r = DetectEngineContentInspectionInternal(de_ctx, det_ctx, s, smd, p, f, b->inspect,
+ b->inspect_len, b->inspect_offset, b->flags, inspection_mode);
+ if (r == 1)
+ return true;
+ else
+ return false;
+}
+
#ifdef UNITTESTS
#include "tests/detect-engine-content-inspection.c"
#endif
const uint32_t buffer_len, const uint32_t stream_start_offset, const uint8_t flags,
const enum DetectContentInspectionType inspection_mode);
+/** \brief content inspect entry for inspection buffers
+ * \param de_ctx detection engine
+ * \param det_ctx detect engine thread ctx
+ * \param s signature being inspected
+ * \param smd array of content inspection matches
+ * \param p packet
+ * \param f flow
+ * \param b inspection buffer to inspect
+ * \param inspection_mode inspection mode to use
+ * \retval bool true if smd matched the buffer b, false otherwise */
+bool DetectEngineContentInspectionBuffer(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatchData *smd, Packet *p, Flow *f, const InspectionBuffer *b,
+ const enum DetectContentInspectionType inspection_mode);
+
void DetectEngineContentInspectionRegisterTests(void);
#endif /* __DETECT_ENGINE_CONTENT_INSPECTION_H__ */
projects / thirdparty / suricata.git / commitdiff
