1 /* Copyright (C) 2007-2020 Open Information Security Foundation 2 * 3 * You can copy, redistribute or modify this Program under the terms of 4 * the GNU General Public License version 2 as published by the Free 5 * Software Foundation. 6 * 7 * This program is distributed in the hope that it will be useful, 8 * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 * GNU General Public License for more details. 11 * 12 * You should have received a copy of the GNU General Public License 13 * version 2 along with this program; if not, write to the Free Software 14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 15 * 02110-1301, USA. 16 */ 17 18 /** 19 * \file 20 * 21 * \author Victor Julien <victor@inliniac.net> 22 */ 23 24 #ifndef __DETECT_PCRE_H__ 25 #define __DETECT_PCRE_H__ 26 27 #include "detect-parse.h" 28 29 #define DETECT_PCRE_RELATIVE 0x00001 30 #define DETECT_PCRE_RAWBYTES 0x00002 31 #define DETECT_PCRE_CASELESS 0x00004 32 33 #define DETECT_PCRE_MATCH_LIMIT 0x00020 34 #define DETECT_PCRE_RELATIVE_NEXT 0x00040 35 #define DETECT_PCRE_NEGATE 0x00080 36 37 #define DETECT_PCRE_CAPTURE_MAX 8 38 39 typedef struct DetectPcreData_ { 40 /* pcre options */ 41 DetectParseRegex parse_regex; 42 43 #ifdef PCRE_HAVE_JIT_EXEC 44 /* JIT stack thread context id */ 45 int thread_ctx_jit_stack_id; 46 #endif 47 int opts; 48 uint16_t flags; 49 uint8_t idx; 50 uint8_t captypes[DETECT_PCRE_CAPTURE_MAX]; 51 uint32_t capids[DETECT_PCRE_CAPTURE_MAX]; 52 } DetectPcreData; 53 54 /* prototypes */ 55 56 int DetectPcrePayloadMatch(DetectEngineThreadCtx *, 57 const Signature *, const SigMatchData *, 58 Packet *, Flow *, const uint8_t *, uint32_t); 59 60 void DetectPcreRegister (void); 61 62 #endif /* __DETECT_PCRE_H__ */ 63 64