suricata/src/detect-pcre.h

#ifndef __DETECT_PCRE_H__
#define __DETECT_PCRE_H__

#define DETECT_PCRE_DISTANCE      0x0001
#define DETECT_PCRE_WITHIN        0x0002
#define DETECT_PCRE_RELATIVE      0x0004

#define DETECT_PCRE_DISTANCE_NEXT 0x0008
#define DETECT_PCRE_WITHIN_NEXT   0x0010

#define DETECT_PCRE_RAWBYTES      0x0020
#define DETECT_PCRE_URI           0x0040

#define DETECT_PCRE_CAPTURE_PKT   0x0080
#define DETECT_PCRE_CAPTURE_FLOW  0x0100
#define DETECT_PCRE_MATCH_LIMIT   0x0200

#define DETECT_PCRE_HTTP_BODY_AL  0x0400

typedef struct DetectPcreData_ {
    /* pcre options */
    pcre *re;
    pcre_extra *sd;
    int opts;

    /* match position vars */
    uint16_t depth;
    uint16_t offset;
    int32_t within;
    int32_t distance;

    uint16_t flags;
    uint8_t negate;

    char *capname;
    uint16_t capidx;
} DetectPcreData;

/* prototypes */
int DetectPcreDoMatch(DetectEngineThreadCtx *, Packet *, Signature *, SigMatch *);
int DetectPcreALDoMatch(DetectEngineThreadCtx *, Signature *, SigMatch *, Flow *, uint8_t, void *);
void DetectPcreRegister (void);

#endif /* __DETECT_PCRE_H__ */
Initial add of the files. 17 years ago			`#ifndef __DETECT_PCRE_H__`
			`#define __DETECT_PCRE_H__`

Implement per packet variables and switch the http stuff to it. 17 years ago			`#define DETECT_PCRE_DISTANCE 0x0001`
			`#define DETECT_PCRE_WITHIN 0x0002`
			`#define DETECT_PCRE_RELATIVE 0x0004`
Initial add of the files. 17 years ago
Implement per packet variables and switch the http stuff to it. 17 years ago			`#define DETECT_PCRE_DISTANCE_NEXT 0x0008`
			`#define DETECT_PCRE_WITHIN_NEXT 0x0010`
Initial add of the files. 17 years ago
Implement per packet variables and switch the http stuff to it. 17 years ago			`#define DETECT_PCRE_RAWBYTES 0x0020`
			`#define DETECT_PCRE_URI 0x0040`

			`#define DETECT_PCRE_CAPTURE_PKT 0x0080`
			`#define DETECT_PCRE_CAPTURE_FLOW 0x0100`
Small fix 16 years ago			`#define DETECT_PCRE_MATCH_LIMIT 0x0200`
Initial add of the files. 17 years ago
pcre P modifier support (pcre match over http body requests) 16 years ago			`#define DETECT_PCRE_HTTP_BODY_AL 0x0400`

Rename all structure definitions in the "typedef struct _SomeStruct" format to "typedef struct SomeStruct_" to make the Doxygen output more useful. Remove the Trie multi pattern matcher code. It wasn't used anymore. 16 years ago			`typedef struct DetectPcreData_ {`
Initial add of the files. 17 years ago			`/* pcre options */`
			`pcre *re;`
			`pcre_extra *sd;`
			`int opts;`

			`/* match position vars */`
64 bit cleanup part2 16 years ago			`uint16_t depth;`
			`uint16_t offset;`
Initial add of the files. 17 years ago			`int32_t within;`
			`int32_t distance;`

64 bit cleanup part2 16 years ago			`uint16_t flags;`
Add pcre negate support. 16 years ago			`uint8_t negate;`
Initial add of the files. 17 years ago
			`char *capname;`
64 bit cleanup part2 16 years ago			`uint16_t capidx;`
Initial add of the files. 17 years ago			`} DetectPcreData;`

			`/* prototypes */`
First stage of detect engine redesign: equal patterns share id's, search phase no longer used, new match verification phase. 16 years ago			`int DetectPcreDoMatch(DetectEngineThreadCtx , Packet , Signature , SigMatch );`
			`int DetectPcreALDoMatch(DetectEngineThreadCtx , Signature , SigMatch , Flow , uint8_t, void *);`
Initial add of the files. 17 years ago			`void DetectPcreRegister (void);`

			`#endif /* __DETECT_PCRE_H__ */`