Main Page | Modules | Class List | Directories | File List | Class Members | File Members | Related Pages
src / detection-plugins

sp_pattern_match.h

Go to the documentation of this file.
00001 /*
00002 ** Copyright (C) 1998-2002 Martin Roesch <roesch@sourcefire.com>
00003 **
00004 ** This program is free software; you can redistribute it and/or modify
00005 ** it under the terms of the GNU General Public License as published by
00006 ** the Free Software Foundation; either version 2 of the License, or
00007 ** (at your option) any later version.
00008 **
00009 ** This program is distributed in the hope that it will be useful,
00010 ** but WITHOUT ANY WARRANTY; without even the implied warranty of
00011 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00012 ** GNU General Public License for more details.
00013 **
00014 ** You should have received a copy of the GNU General Public License
00015 ** along with this program; if not, write to the Free Software
00016 ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
00017 */
00018 
00019 /* $Id$ */
00020 
00021 #ifndef __SP_PATTERN_MATCH_H__
00022 #define __SP_PATTERN_MATCH_H__
00023 
00024 #include "snort.h"
00025 #include "debug.h"
00026 #include "rules.h" /* needed for OptTreeNode defintion */
00027 #include <ctype.h>
00028 
00029 typedef struct _PatternMatchData
00030 {
00031     u_int8_t exception_flag; /* search for "not this pattern" */
00032     int offset;             /* pattern search start offset */
00033     int depth;              /* pattern search depth */
00034 
00035     int distance;           /* offset to start from based on last match */
00036     int within;             /* this pattern must be found 
00037                                within X bytes of last match*/
00038     int rawbytes;           /* Search the raw bytes rather than any decoded app
00039                                buffer */
00040 
00041     int nocase;             /* Toggle case insensitity */
00042     int use_doe;            /* Use the doe_ptr for relative pattern searching */
00043     u_int pattern_size;     /* size of app layer pattern */
00044     u_int replace_size;     /* size of app layter replace pattern */
00045     char *replace_buf;      /* app layer pattern to replace with */
00046     char *pattern_buf;      /* app layer pattern to match on */
00047     int (*search)(char *, int, struct _PatternMatchData *);  /* search function */
00048     int *skip_stride; /* B-M skip array */
00049     int *shift_stride; /* B-M shift array */
00050     u_int pattern_max_jump_size; /* Maximum distance we can jump to search for
00051                                   * this pattern again. */
00052     struct _PatternMatchData *next; /* ptr to next match struct */
00053 } PatternMatchData;
00054 
00055 void SetupPatternMatch(void);
00056 int SetUseDoePtr(OptTreeNode *otn);
00057 
00058 #endif /* __SP_PATTERN_MATCH_H__ */
Generated on Sun May 14 14:51:13 2006 by  doxygen 1.4.2