From: Victor Julien Date: Sat, 2 Dec 2023 08:44:06 +0000 (+0100) Subject: detect/content-inspect: add entry for InspectionBuffer X-Git-Tag: suricata-8.0.0-beta1~1958 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d73cce478c4071cbe796428532955d87afb92d40;p=thirdparty%2Fsuricata.git detect/content-inspect: add entry for InspectionBuffer This is a convinience addition to abstract away the internals of the InspectionBuffer in keyword specific detection code. --- diff --git a/src/detect-engine-content-inspection.c b/src/detect-engine-content-inspection.c index d5ffc135af..09d838378f 100644 --- a/src/detect-engine-content-inspection.c +++ b/src/detect-engine-content-inspection.c @@ -714,6 +714,25 @@ bool DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCt return false; } +/** \brief wrapper around DetectEngineContentInspectionInternal to return true/false only + * + * \param smd sigmatches to evaluate + */ +bool DetectEngineContentInspectionBuffer(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, + const Signature *s, const SigMatchData *smd, Packet *p, Flow *f, const InspectionBuffer *b, + const enum DetectContentInspectionType inspection_mode) +{ + det_ctx->buffer_offset = 0; + det_ctx->inspection_recursion_counter = 0; + + int r = DetectEngineContentInspectionInternal(de_ctx, det_ctx, s, smd, p, f, b->inspect, + b->inspect_len, b->inspect_offset, b->flags, inspection_mode); + if (r == 1) + return true; + else + return false; +} + #ifdef UNITTESTS #include "tests/detect-engine-content-inspection.c" #endif diff --git a/src/detect-engine-content-inspection.h b/src/detect-engine-content-inspection.h index 06c5407f5a..4e362dad8d 100644 --- a/src/detect-engine-content-inspection.h +++ b/src/detect-engine-content-inspection.h @@ -58,6 +58,20 @@ bool DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCt const uint32_t buffer_len, const uint32_t stream_start_offset, const uint8_t flags, const enum DetectContentInspectionType inspection_mode); +/** \brief content inspect entry for inspection buffers + * \param de_ctx detection engine + * \param det_ctx detect engine thread ctx + * \param s signature being inspected + * \param smd array of content inspection matches + * \param p packet + * \param f flow + * \param b inspection buffer to inspect + * \param inspection_mode inspection mode to use + * \retval bool true if smd matched the buffer b, false otherwise */ +bool DetectEngineContentInspectionBuffer(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, + const Signature *s, const SigMatchData *smd, Packet *p, Flow *f, const InspectionBuffer *b, + const enum DetectContentInspectionType inspection_mode); + void DetectEngineContentInspectionRegisterTests(void); #endif /* __DETECT_ENGINE_CONTENT_INSPECTION_H__ */