Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 08:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

signatures: Add data_end_offset to signature_match() and custom events

Browse source 
This change tracks the current offset (number of bytes fed into matchers)
on the top-level RuleEndpointState such that we can compute the relative ending
for matched texts individually.

Additionally, it adds the data_end_offset as a new optional parameter to
signature_match().
This commit is contained in:
Arne Welzel 2024-10-28 18:59:58 +01:00
parent 5859e23198
commit 04872d4e78
19 changed files with 219 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/RuleMatcher.h
View file

@ -161,6 +161,7 @@ public:
private:
friend class RuleMatcher;
friend class RuleActionEvent; // For access to match state.
// Constructor is private; use RuleMatcher::InitEndpoint()
// for creating an instance.
@ -184,13 +185,14 @@ private:
// The follow tracks which rules for which all patterns have matched,
// in a parallel list the (first instance of the) corresponding
// matched text, and in another parallel list the offset of the
// end of the last pattern match.
// matched text, and in another parallel list the offset of the
// end of the last pattern match.
rule_list matched_by_patterns;
bstr_list matched_text;
match_offset_list match_offsets;
match_offset_list matched_text_end_of_match;
int payload_size;
size_t current_pos; // The number of bytes fed into state.
bool is_orig;
int_list matched_rules; // Rules for which all conditions have matched