suricata/src/detect-content.h

#ifndef __DETECT_CONTENT_H__
#define __DETECT_CONTENT_H__

#define DETECT_CONTENT_NOCASE        0x01
#define DETECT_CONTENT_DISTANCE      0x02
#define DETECT_CONTENT_WITHIN        0x04

#define DETECT_CONTENT_DISTANCE_NEXT 0x08
#define DETECT_CONTENT_WITHIN_NEXT   0x10

#define DETECT_CONTENT_RAWBYTES      0x20

typedef struct DetectContentData_ {
    uint8_t *content;
    uint8_t content_len;
    uint32_t id;

    uint16_t depth;
    uint16_t offset;
    int32_t distance;
    int32_t within;
    uint8_t flags;
} DetectContentData;

/* prototypes */
void DetectContentRegister (void);
uint32_t DetectContentMaxId(DetectEngineCtx *);
DetectContentData *DetectContentParse (char *contentstr);
void DetectContentFree(DetectContentData *);

#endif /* __DETECT_CONTENT_H__ */
Initial add of the files. 17 years ago			`#ifndef __DETECT_CONTENT_H__`
			`#define __DETECT_CONTENT_H__`

			`#define DETECT_CONTENT_NOCASE 0x01`
			`#define DETECT_CONTENT_DISTANCE 0x02`
			`#define DETECT_CONTENT_WITHIN 0x04`

			`#define DETECT_CONTENT_DISTANCE_NEXT 0x08`
			`#define DETECT_CONTENT_WITHIN_NEXT 0x10`

			`#define DETECT_CONTENT_RAWBYTES 0x20`

Rename all structure definitions in the "typedef struct _SomeStruct" format to "typedef struct SomeStruct_" to make the Doxygen output more useful. Remove the Trie multi pattern matcher code. It wasn't used anymore. 16 years ago			`typedef struct DetectContentData_ {`
64 bit cleanup part2 16 years ago			`uint8_t *content;`
			`uint8_t content_len;`
			`uint32_t id;`
Initial add of the files. 17 years ago
64 bit cleanup part2 16 years ago			`uint16_t depth;`
			`uint16_t offset;`
Initial add of the files. 17 years ago			`int32_t distance;`
			`int32_t within;`
64 bit cleanup part2 16 years ago			`uint8_t flags;`
Initial add of the files. 17 years ago			`} DetectContentData;`

			`/* prototypes */`
			`void DetectContentRegister (void);`
64 bit cleanup part2 16 years ago			`uint32_t DetectContentMaxId(DetectEngineCtx *);`
Improvements to content keyword memory handling. First version of a simple pattern based L7 proto detection engine. Currently just works by matching a single pattern in the initial data. Implemented HTTP, SSL, MSN, JABBER, SMTP and a few more. Couple of pattern matcher cleanups. 16 years ago			`DetectContentData DetectContentParse (char contentstr);`
			`void DetectContentFree(DetectContentData *);`
Initial add of the files. 17 years ago
			`#endif /* __DETECT_CONTENT_H__ */`