static void DetectAppLayerEventRegisterTests(void);
static void DetectAppLayerEventFree(void *);
static int DetectEngineAptEventInspect(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *tx, uint64_t tx_id);
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate,
+ void *tx, uint64_t tx_id);
+
/**
* \brief Registers the keyword handlers for the "app-layer-event" keyword.
*/
}
static int DetectEngineAptEventInspect(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *tx, uint64_t tx_id)
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *smi,
+ Flow *f, uint8_t flags, void *alstate,
+ void *tx, uint64_t tx_id)
{
AppLayerDecoderEvents *decoder_events = NULL;
int r = 0;
}
static int DetectEngineInspectDNP3Data(ThreadVars *tv, DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const Signature *s, Flow *f, uint8_t flags,
- void *alstate, void *txv, uint64_t tx_id)
+ DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
SCEnter();
DNP3Transaction *tx = (DNP3Transaction *)txv;
}
static int DetectEngineInspectDNP3(ThreadVars *tv, DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const Signature *s, Flow *f, uint8_t flags,
- void *alstate, void *txv, uint64_t tx_id)
+ DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(tv, de_ctx, det_ctx, s, f, flags,
alstate, txv, tx_id, DETECT_SM_LIST_DNP3_MATCH);
* \retval 1 match
*/
int DetectEngineInspectDnsQueryName(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate, void *txv, uint64_t tx_id)
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate,
+ void *txv, uint64_t tx_id)
{
DNSTransaction *tx = (DNSTransaction *)txv;
DNSQueryEntry *query = NULL;
}
int DetectEngineInspectDnsRequest(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate, void *txv, uint64_t tx_id)
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(tv, de_ctx, det_ctx, s, f, flags,
alstate, txv, tx_id,
}
int DetectEngineInspectDnsResponse(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate, void *txv, uint64_t tx_id)
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(tv, de_ctx, det_ctx, s, f, flags,
alstate, txv, tx_id,
int PrefilterTxDnsQueryRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
-int DetectEngineInspectDnsQueryName(ThreadVars *, DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *, const Signature *,
- Flow *, uint8_t, void *, void *, uint64_t);
+int DetectEngineInspectDnsQueryName(ThreadVars *,
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *,
+ const Signature *, const SigMatch *sm,
+ Flow *, uint8_t, void *, void *, uint64_t);
int DetectEngineInspectDnsRequest(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate, void *txv, uint64_t tx_id);
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
int DetectEngineInspectDnsResponse(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate, void *txv, uint64_t tx_id);
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
#endif /* __DETECT_ENGINE_DNS_H__ */
*
* \retval 0 no match or 1 match
*/
-int DetectEngineInspectCIP(ThreadVars *tv, DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const Signature *s, Flow *f, uint8_t flags,
+int DetectEngineInspectCIP(ThreadVars *tv,
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *smi, Flow *f, uint8_t flags,
void *alstate, void *txv, uint64_t tx_id)
{
SCEnter();
* \retval 0 no match or 1 match
*/
-int DetectEngineInspectENIP(ThreadVars *tv, DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const Signature *s, Flow *f, uint8_t flags,
- void *alstate, void *txv, uint64_t tx_id)
+int DetectEngineInspectENIP(ThreadVars *tv,
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *smi,
+ Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
SCEnter();
#ifndef __DETECT_ENGINE_ENIP_H__
#define __DETECT_ENGINE_ENIP_H__
-int DetectEngineInspectCIP(ThreadVars *, DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *, const Signature *,
- Flow *, uint8_t, void *, void *, uint64_t);
+int DetectEngineInspectCIP(ThreadVars *,
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *,
+ const Signature *, const SigMatch *sm,
+ Flow *, uint8_t, void *, void *, uint64_t);
-int DetectEngineInspectENIP(ThreadVars *, DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *, const Signature *,
- Flow *, uint8_t, void *, void *, uint64_t);
+int DetectEngineInspectENIP(ThreadVars *,
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *,
+ const Signature *, const SigMatch *sm,
+ Flow *, uint8_t, void *, void *, uint64_t);
void DetectEngineInspectENIPRegisterTests(void);
#endif /* __DETECT_ENGINE_ENIP_H__ */
* \note flow should be locked when this function's called.
*/
int DetectFileInspectHttp(ThreadVars *tv,
- DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- Signature *s, Flow *f, uint8_t flags, void *alstate,
- void *tx, uint64_t tx_id)
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id)
{
int r = DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
FileContainer *ffc;
* \note flow is not locked at this time
*/
int DetectFileInspectSmtp(ThreadVars *tv,
- DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- Signature *s, Flow *f, uint8_t flags, void *alstate,
- void *tx, uint64_t tx_id)
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id)
{
SCEnter();
int r = DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
#define __DETECT_ENGINE_FILE_H__
int DetectFileInspectHttp(ThreadVars *tv,
- DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags, void *alstate,
- void *tx, uint64_t tx_id);
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
-int DetectFileInspectSmtp(ThreadVars *tv, DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const Signature *s,
- Flow *f, uint8_t flags, void *alstate,
- void *tx, uint64_t tx_id);
+int DetectFileInspectSmtp(ThreadVars *tv,
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
#endif /* __DETECT_ENGINE_FILE_H__ */
}
int DetectEngineInspectSMTPFiledata(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *tx, uint64_t tx_id)
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id)
{
SMTPState *smtp_state = (SMTPState *)alstate;
FileContainer *ffc = smtp_state->files_ts;
int PrefilterTxSmtpFiledataRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
int DetectEngineInspectSMTPFiledata(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *tx, uint64_t tx_id);
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
+
void DetectEngineCleanSMTPBuffers(DetectEngineThreadCtx *det_ctx);
void DetectEngineSMTPFiledataRegisterTests(void);
}
int DetectEngineInspectHttpClientBody(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- Signature *s, Flow *f, uint8_t flags,
- void *alstate, void *tx, uint64_t tx_id)
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id)
{
HtpState *htp_state = (HtpState *)alstate;
uint32_t buffer_len = 0;
int PrefilterTxHttpRequestBodyRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
int DetectEngineInspectHttpClientBody(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *tx, uint64_t tx_id);
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
+
void DetectEngineCleanHCBDBuffers(DetectEngineThreadCtx *);
void DetectEngineHttpClientBodyRegisterTests(void);
* \retval 1 Match.
*/
int DetectEngineInspectHttpCookie(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *txv, uint64_t tx_id)
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
htp_tx_t *tx = (htp_tx_t *)txv;
htp_header_t *h = NULL;
int PrefilterTxResponseCookieRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
int DetectEngineInspectHttpCookie(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *tx, uint64_t tx_id);
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
void DetectEngineHttpCookieRegisterTests(void);
}
int DetectEngineInspectHttpHeader(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *tx, uint64_t tx_id)
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id)
{
HtpState *htp_state = (HtpState *)alstate;
uint32_t buffer_len = 0;
int PrefilterTxHttpResponseHeadersRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
int DetectEngineInspectHttpHeader(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *tx, uint64_t tx_id);
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
+
void DetectEngineCleanHHDBuffers(DetectEngineThreadCtx *det_ctx);
void DetectEngineHttpHeaderRegisterTests(void);
* \retval 1 Match.
*/
int DetectEngineInspectHttpHH(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *txv, uint64_t tx_id)
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
htp_tx_t *tx = (htp_tx_t *)txv;
if (tx->parsed_uri == NULL || tx->request_hostname == NULL)
int PrefilterTxHostnameRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
int DetectEngineInspectHttpHH(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *tx, uint64_t tx_id);
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
void DetectEngineHttpHHRegisterTests(void);
* \retval 1 Match.
*/
int DetectEngineInspectHttpMethod(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *txv, uint64_t tx_id)
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
htp_tx_t *tx = (htp_tx_t *)txv;
if (tx->request_method == NULL) {
#include "app-layer-htp.h"
int DetectEngineInspectHttpMethod(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *tx, uint64_t tx_id);
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
int PrefilterTxMethodRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
* \retval 1 Match.
*/
int DetectEngineInspectHttpRawHeader(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *txv, uint64_t tx_id)
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
HtpTxUserData *tx_ud = NULL;
uint8_t *headers_raw = NULL;
int PrefilterTxResponseHeadersRawRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
int DetectEngineInspectHttpRawHeader(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *tx, uint64_t tx_id);
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
+
void DetectEngineHttpRawHeaderRegisterTests(void);
#endif /* __DETECT_ENGINE_HHD_H__ */
* \retval 1 Match.
*/
int DetectEngineInspectHttpHRH(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *txv, uint64_t tx_id)
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
uint8_t *hname;
uint32_t hname_len;
int PrefilterTxHostnameRawRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
int DetectEngineInspectHttpHRH(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *tx, uint64_t tx_id);
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
void DetectEngineHttpHRHRegisterTests(void);
* \retval 1 Match.
*/
int DetectEngineInspectHttpRawUri(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *txv, uint64_t tx_id)
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
htp_tx_t *tx = (htp_tx_t *)txv;
if (tx->request_uri == NULL) {
int PrefilterTxRawUriRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
int DetectEngineInspectHttpRawUri(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *tx, uint64_t tx_id);
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
+
void DetectEngineHttpRawUriRegisterTests(void);
#endif /* __DETECT_ENGINE_HRUD_H__ */
int DetectEngineInspectHttpServerBody(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *tx, uint64_t tx_id)
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id)
{
HtpState *htp_state = (HtpState *)alstate;
uint32_t buffer_len = 0;
int PrefilterTxHttpResponseBodyRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
int DetectEngineInspectHttpServerBody(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *tx, uint64_t tx_id);
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate,
+ void *tx, uint64_t tx_id);
+
void DetectEngineCleanHSBDBuffers(DetectEngineThreadCtx *det_ctx);
void DetectEngineHttpServerBodyRegisterTests(void);
* \retval 1 Match.
*/
int DetectEngineInspectHttpStatCode(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *txv, uint64_t tx_id)
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
htp_tx_t *tx = (htp_tx_t *)txv;
if (tx->response_status == NULL) {
int PrefilterTxHttpStatCodeRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
int DetectEngineInspectHttpStatCode(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *tx, uint64_t tx_id);
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
+
void DetectEngineHttpStatCodeRegisterTests(void);
#endif /* __DETECT_ENGINE_HSCD_H__ */
* \retval 1 Match.
*/
int DetectEngineInspectHttpStatMsg(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *txv, uint64_t tx_id)
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
htp_tx_t *tx = (htp_tx_t *)txv;
if (tx->response_message == NULL) {
int PrefilterTxHttpStatMsgRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
int DetectEngineInspectHttpStatMsg(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *tx, uint64_t tx_id);
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
+
void DetectEngineHttpStatMsgRegisterTests(void);
#endif /* __DETECT_ENGINE_HSMD_H__ */
* \retval 1 Match.
*/
int DetectEngineInspectHttpUA(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *txv, uint64_t tx_id)
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
htp_tx_t *tx = (htp_tx_t *)txv;
htp_header_t *h = (htp_header_t *)htp_table_get_c(tx->request_headers,
int PrefilterTxUARegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
int DetectEngineInspectHttpUA(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *tx, uint64_t tx_id);
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
void DetectEngineHttpUARegisterTests(void);
DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx,
const Signature *s,
+ const SigMatch *smi,
Flow *f,
uint8_t flags,
void *alstate,
#ifndef __DETECT_ENGINE_MODBUS_H__
#define __DETECT_ENGINE_MODBUS_H__
-int DetectEngineInspectModbus(ThreadVars *, DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *, const Signature *,
- Flow *, uint8_t, void *, void *, uint64_t);
+int DetectEngineInspectModbus(ThreadVars *,
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *,
+ const Signature *, const SigMatch *,
+ Flow *, uint8_t, void *, void *, uint64_t);
void DetectEngineInspectModbusRegisterTests(void);
#endif /* __DETECT_ENGINE_MODBUS_H__ */
SCLogDebug("inspect_flags %x", inspect_flags);
if (direction == engine->dir) {
KEYWORD_PROFILING_SET_LIST(det_ctx, engine->sm_list);
- int match = engine->Callback(tv, de_ctx, det_ctx, s, f,
- flags, alstate,
- tx, tx_id);
+ int match = engine->Callback(tv, de_ctx, det_ctx,
+ s, engine->sm, f, flags, alstate, tx, tx_id);
SCLogDebug("engine %p match %d", engine, match);
if (match == DETECT_ENGINE_INSPECT_SIG_MATCH) {
inspect_flags |= BIT_U32(engine->id);
{
SCLogDebug("inspect_flags %x", inspect_flags);
KEYWORD_PROFILING_SET_LIST(det_ctx, engine->sm_list);
- int match = engine->Callback(tv, de_ctx, det_ctx, s, f,
- flags, alstate, inspect_tx, inspect_tx_id);
+ int match = engine->Callback(tv, de_ctx, det_ctx,
+ s, engine->sm,
+ f, flags, alstate, inspect_tx, inspect_tx_id);
if (match == DETECT_ENGINE_INSPECT_SIG_MATCH) {
inspect_flags |= BIT_U32(engine->id);
engine = engine->next;
#include "app-layer-template.h"
-int DetectEngineInspectTemplateBuffer(ThreadVars *tv, DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, Signature *s, Flow *f, uint8_t flags,
- void *alstate, void *txv, uint64_t tx_id)
+int DetectEngineInspectTemplateBuffer(ThreadVars *tv,
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
TemplateTransaction *tx = (TemplateTransaction *)txv;
int ret = 0;
#ifndef __DETECT_TEMPLATE_ENGINE_H__
#define __DETECT_TEMPLATE_ENGINE_H__
-int DetectEngineInspectTemplateBuffer(ThreadVars *, DetectEngineCtx *,
- DetectEngineThreadCtx *, const Signature *, Flow *, uint8_t, void *, void *,
- uint64_t);
+int DetectEngineInspectTemplateBuffer(ThreadVars *,
+ DetectEngineCtx *, DetectEngineThreadCtx *,
+ const Signature *, const SigMatch *,
+ Flow *, uint8_t, void *, void *tx, uint64_t tx_id);
#endif /* __DETECT_TEMPLATE_ENGINE_H__ */
* \retval 0 No match
* \retval 1 Match
*/
-int DetectEngineInspectTlsSni(ThreadVars *tv, DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, const Signature *s,
- Flow *f, uint8_t flags, void *alstate, void *txv,
- uint64_t tx_id)
+int DetectEngineInspectTlsSni(ThreadVars *tv,
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
uint8_t *buffer;
uint16_t buffer_len;
* \retval 0 No match
* \retval 1 Match
*/
-int DetectEngineInspectTlsIssuer(ThreadVars *tv, DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, Signature *s,
- Flow *f, uint8_t flags, void *alstate, void *txv,
- uint64_t tx_id)
+int DetectEngineInspectTlsIssuer(ThreadVars *tv,
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
uint8_t *buffer;
uint32_t buffer_len;
* \retval 0 No match
* \retval 1 Match
*/
-int DetectEngineInspectTlsSubject(ThreadVars *tv, DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, Signature *s,
- Flow *f, uint8_t flags, void *alstate, void *txv,
- uint64_t tx_id)
+int DetectEngineInspectTlsSubject(ThreadVars *tv,
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
uint8_t *buffer;
uint32_t buffer_len;
return cnt;
}
-int DetectEngineInspectTlsValidity(ThreadVars *tv, DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx, Signature *s,
- Flow *f, uint8_t flags, void *alstate,
- void *txv, uint64_t tx_id)
+int DetectEngineInspectTlsValidity(ThreadVars *tv,
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate,
+ void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(tv, de_ctx, det_ctx, s, f, flags,
alstate, txv, tx_id,
int PrefilterTxTlsIssuerRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
int PrefilterTxTlsSubjectRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
-int DetectEngineInspectTlsSni(ThreadVars *tv, DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate, void *txv, uint64_t tx_id);
-
-int DetectEngineInspectTlsIssuer(ThreadVars *tv, DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate, void *txv, uint64_t tx_id);
-
-int DetectEngineInspectTlsSubject(ThreadVars *tv, DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate, void *txv, uint64_t tx_id);
-
-int DetectEngineInspectTlsValidity(ThreadVars *tv, DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate, void *txv, uint64_t tx_id);
+int DetectEngineInspectTlsSni(ThreadVars *tv,
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
+
+int DetectEngineInspectTlsIssuer(ThreadVars *tv,
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
+
+int DetectEngineInspectTlsSubject(ThreadVars *tv,
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags,
+ void *alstate, void *txv, uint64_t tx_id);
+
+int DetectEngineInspectTlsValidity(ThreadVars *tv,
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
#endif /* __DETECT_ENGINE_TLS_H__ */
* \retval 2 Sig can't match.
*/
int DetectEngineInspectHttpUri(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *txv, uint64_t tx_id)
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
HtpTxUserData *tx_ud = htp_tx_get_user_data(txv);
int PrefilterTxUriRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
int DetectEngineInspectHttpUri(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *tx, uint64_t tx_id);
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
+
void UriRegisterTests(void);
#endif /* __DETECT_ENGINE_URICONTENT_H__ */
void DetectHttpRequestLineFree(void *);
static int PrefilterTxHttpRequestLineRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
static int DetectEngineInspectHttpRequestLine(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *txv, uint64_t tx_id);
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
+
/**
* \brief Registers the keyword handlers for the "http_request_line" keyword.
*/
* \retval 2 Sig can't match.
*/
static int DetectEngineInspectHttpRequestLine(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *txv, uint64_t tx_id)
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
htp_tx_t *tx = (htp_tx_t *)txv;
void DetectHttpResponseLineFree(void *);
static int PrefilterTxHttpResponseLineRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
static int DetectEngineInspectHttpResponseLine(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *txv, uint64_t tx_id);
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
/**
* \brief Registers the keyword handlers for the "http_response_line" keyword.
* \retval 2 Sig can't match.
*/
int DetectEngineInspectHttpResponseLine(ThreadVars *tv,
- DetectEngineCtx *de_ctx,
- DetectEngineThreadCtx *det_ctx,
- const Signature *s, Flow *f, uint8_t flags,
- void *alstate,
- void *txv, uint64_t tx_id)
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatch *sm,
+ Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
htp_tx_t *tx = (htp_tx_t *)txv;
typedef int (*InspectEngineFuncPtr)(ThreadVars *tv,
struct DetectEngineCtx_ *de_ctx, struct DetectEngineThreadCtx_ *det_ctx,
- const struct Signature_ *sig, Flow *f, uint8_t flags, void *alstate,
+ const struct Signature_ *sig, const SigMatch *sm_list,
+ Flow *f, uint8_t flags, void *alstate,
void *tx, uint64_t tx_id);
typedef struct DetectEngineAppInspectionEngine_ {
*/
InspectEngineFuncPtr Callback;
+ SigMatch *sm;
+
struct DetectEngineAppInspectionEngine_ *next;
} DetectEngineAppInspectionEngine;
projects / thirdparty / suricata.git / commitdiff
