suricata
datasets.h
Go to the documentation of this file.
1 /* Copyright (C) 2017 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 #ifndef SURICATA_DATASETS_H
19 #define SURICATA_DATASETS_H
20 
21 // forward declaration to make things opaque to bindgen
22 typedef uint16_t DataRepType;
23 typedef struct Dataset Dataset;
24 int SCDatasetAdd(Dataset *set, const uint8_t *data, const uint32_t data_len);
25 int SCDatasetAddwRep(
26  Dataset *set, const uint8_t *data, const uint32_t data_len, const DataRepType *rep);
27 
28 #ifndef SURICATA_BINDGEN_H
29 #include "util-thash.h"
30 #include "rust.h"
31 #include "datasets-reputation.h"
32 
33 int DatasetsInit(void);
34 void DatasetsDestroy(void);
35 void DatasetsSave(void);
36 void DatasetReload(void);
37 void DatasetPostReloadCleanup(void);
38 
39 typedef enum {
40  DATASET_FORMAT_CSV = 0,
41  DATASET_FORMAT_JSON, /* File contains one single JSON object */
42  DATASET_FORMAT_NDJSON, /* Newline Delimited JSON */
43 } DatasetFormats;
44 
45 enum DatasetTypes {
46 #define DATASET_TYPE_NOTSET 0
47  DATASET_TYPE_STRING = 1,
48  DATASET_TYPE_MD5,
49  DATASET_TYPE_SHA256,
50  DATASET_TYPE_IPV4,
51  DATASET_TYPE_IPV6,
52 };
53 
54 #define DATASET_NAME_MAX_LEN 63
55 typedef struct Dataset {
56  char name[DATASET_NAME_MAX_LEN + 1];
57  enum DatasetTypes type;
58  uint32_t id;
59  bool from_yaml; /* Mark whether the set was retrieved from YAML */
60  bool hidden; /* Mark the old sets hidden in case of reload */
61  bool remove_key; /* Mark that value key should be removed from extra data */
62  THashTableContext *hash;
63 
64  char load[PATH_MAX];
65  char save[PATH_MAX];
66 
67  struct Dataset *next;
68 } Dataset;
69 
70 enum DatasetTypes DatasetGetTypeFromString(const char *s);
71 int DatasetAppendSet(Dataset *set);
72 Dataset *DatasetAlloc(const char *name);
73 void DatasetLock(void);
74 void DatasetUnlock(void);
75 Dataset *DatasetSearchByName(const char *name);
76 Dataset *DatasetFind(const char *name, enum DatasetTypes type);
77 Dataset *DatasetGet(const char *name, enum DatasetTypes type, const char *save, const char *load,
78  uint64_t memcap, uint32_t hashsize);
79 int DatasetGetOrCreate(const char *name, enum DatasetTypes type, const char *save, const char *load,
80  uint64_t *memcap, uint32_t *hashsize, Dataset **ret_set);
81 int DatasetRemove(Dataset *set, const uint8_t *data, const uint32_t data_len);
82 int DatasetLookup(Dataset *set, const uint8_t *data, const uint32_t data_len);
83 DataRepResultType DatasetLookupwRep(Dataset *set, const uint8_t *data, const uint32_t data_len,
84  const DataRepType *rep);
85 
86 void DatasetGetDefaultMemcap(uint64_t *memcap, uint32_t *hashsize);
87 int DatasetParseIpv6String(Dataset *set, const char *line, struct in6_addr *in6);
88 
89 int DatasetAddSerialized(Dataset *set, const char *string);
90 int DatasetRemoveSerialized(Dataset *set, const char *string);
91 int DatasetLookupSerialized(Dataset *set, const char *string);
92 
93 #endif // SURICATA_BINDGEN_H
94 
95 #endif /* SURICATA_DATASETS_H */
DatasetFind
Dataset * DatasetFind(const char *name, enum DatasetTypes type)
look for set by name without creating it
Definition: datasets.c:320
DatasetRemoveSerialized
int DatasetRemoveSerialized(Dataset *set, const char *string)
remove serialized data from set
Definition: datasets.c:1535
DatasetAppendSet
int DatasetAppendSet(Dataset *set)
Definition: datasets.c:79
Dataset::name
char name[DATASET_NAME_MAX_LEN+1]
Definition: datasets.h:56
Dataset::id
uint32_t id
Definition: datasets.h:58
Dataset::save
char save[PATH_MAX]
Definition: datasets.h:65
Dataset::hash
THashTableContext * hash
Definition: datasets.h:62
DatasetFormats
DatasetFormats
Definition: datasets.h:39
DatasetAddSerialized
int DatasetAddSerialized(Dataset *set, const char *string)
add serialized data to set
Definition: datasets.c:1446
Dataset::type
enum DatasetTypes type
Definition: datasets.h:57
Dataset
struct Dataset Dataset
Definition: datasets.h:23
DatasetsSave
void DatasetsSave(void)
Definition: datasets.c:852
rust.h
DatasetLock
void DatasetLock(void)
Definition: datasets.c:102
DATASET_TYPE_SHA256
@ DATASET_TYPE_SHA256
Definition: datasets.h:49
DatasetLookup
int DatasetLookup(Dataset *set, const uint8_t *data, const uint32_t data_len)
see if data is part of the set
Definition: datasets.c:1104
datasets-reputation.h
SCDatasetAddwRep
int SCDatasetAddwRep(Dataset *set, const uint8_t *data, const uint32_t data_len, const DataRepType *rep)
Definition: datasets.c:1358
DatasetReload
void DatasetReload(void)
Definition: datasets.c:543
DatasetLookupwRep
DataRepResultType DatasetLookupwRep(Dataset *set, const uint8_t *data, const uint32_t data_len, const DataRepType *rep)
Definition: datasets.c:1124
DATASET_TYPE_IPV6
@ DATASET_TYPE_IPV6
Definition: datasets.h:51
DatasetGetDefaultMemcap
void DatasetGetDefaultMemcap(uint64_t *memcap, uint32_t *hashsize)
Definition: datasets.c:599
DataRepResultType
Definition: datasets-reputation.h:29
DatasetLookupSerialized
int DatasetLookupSerialized(Dataset *set, const char *string)
add serialized data to set
Definition: datasets.c:1458
DatasetGetOrCreate
int DatasetGetOrCreate(const char *name, enum DatasetTypes type, const char *save, const char *load, uint64_t *memcap, uint32_t *hashsize, Dataset **ret_set)
Definition: datasets.c:369
DatasetPostReloadCleanup
void DatasetPostReloadCleanup(void)
Definition: datasets.c:569
THashTableContext_
Definition: util-thash.h:141
DatasetsInit
int DatasetsInit(void)
Definition: datasets.c:622
type
uint16_t type
Definition: decode-vlan.c:106
DATASET_FORMAT_CSV
@ DATASET_FORMAT_CSV
Definition: datasets.h:40
name
const char * name
Definition: tm-threads.c:2163
DATASET_TYPE_IPV4
@ DATASET_TYPE_IPV4
Definition: datasets.h:50
DatasetTypes
DatasetTypes
Definition: datasets.h:45
Dataset::next
struct Dataset * next
Definition: datasets.h:67
DatasetsDestroy
void DatasetsDestroy(void)
Definition: datasets.c:774
Dataset::remove_key
bool remove_key
Definition: datasets.h:61
DATASET_FORMAT_NDJSON
@ DATASET_FORMAT_NDJSON
Definition: datasets.h:42
DATASET_FORMAT_JSON
@ DATASET_FORMAT_JSON
Definition: datasets.h:41
DatasetRemove
int DatasetRemove(Dataset *set, const uint8_t *data, const uint32_t data_len)
Definition: datasets.c:1541
DATASET_NAME_MAX_LEN
#define DATASET_NAME_MAX_LEN
Definition: datasets.h:54
hashsize
#define hashsize(n)
Definition: util-hash-lookup3.h:40
DatasetAlloc
Dataset * DatasetAlloc(const char *name)
Definition: datasets.c:112
Dataset::hidden
bool hidden
Definition: datasets.h:60
DatasetSearchByName
Dataset * DatasetSearchByName(const char *name)
Definition: datasets.c:121
DataRepType
uint16_t DataRepType
Definition: datasets.h:22
DATASET_TYPE_MD5
@ DATASET_TYPE_MD5
Definition: datasets.h:48
DATASET_TYPE_STRING
@ DATASET_TYPE_STRING
Definition: datasets.h:47
DatasetParseIpv6String
int DatasetParseIpv6String(Dataset *set, const char *line, struct in6_addr *in6)
Definition: datasets.c:156
SCDatasetAdd
int SCDatasetAdd(Dataset *set, const uint8_t *data, const uint32_t data_len)
Definition: datasets.c:1338
DatasetGet
Dataset * DatasetGet(const char *name, enum DatasetTypes type, const char *save, const char *load, uint64_t memcap, uint32_t hashsize)
Definition: datasets.c:451
DatasetUnlock
void DatasetUnlock(void)
Definition: datasets.c:107
Dataset
Definition: datasets.h:55
Dataset::from_yaml
bool from_yaml
Definition: datasets.h:59
DatasetGetTypeFromString
enum DatasetTypes DatasetGetTypeFromString(const char *s)
Definition: datasets.c:64
util-thash.h
Dataset::load
char load[PATH_MAX]
Definition: datasets.h:64