suricata
datasets.h
Go to the documentation of this file.
1 /* Copyright (C) 2017 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 #ifndef SURICATA_DATASETS_H
19 #define SURICATA_DATASETS_H
20 
21 #include "util-thash.h"
22 #include "datasets-reputation.h"
23 
24 int DatasetsInit(void);
25 void DatasetsDestroy(void);
26 void DatasetsSave(void);
27 void DatasetReload(void);
28 void DatasetPostReloadCleanup(void);
29 
30 enum DatasetTypes {
31 #define DATASET_TYPE_NOTSET 0
32  DATASET_TYPE_STRING = 1,
33  DATASET_TYPE_MD5,
34  DATASET_TYPE_SHA256,
35  DATASET_TYPE_IPV4,
36  DATASET_TYPE_IPV6,
37 };
38 
39 #define DATASET_NAME_MAX_LEN 63
40 typedef struct Dataset {
41  char name[DATASET_NAME_MAX_LEN + 1];
42  enum DatasetTypes type;
43  uint32_t id;
44  bool from_yaml; /* Mark whether the set was retrieved from YAML */
45  bool hidden; /* Mark the old sets hidden in case of reload */
46  THashTableContext *hash;
47 
48  char load[PATH_MAX];
49  char save[PATH_MAX];
50 
51  struct Dataset *next;
52 } Dataset;
53 
54 enum DatasetTypes DatasetGetTypeFromString(const char *s);
55 Dataset *DatasetFind(const char *name, enum DatasetTypes type);
56 Dataset *DatasetGet(const char *name, enum DatasetTypes type, const char *save, const char *load,
57  uint64_t memcap, uint32_t hashsize);
58 int DatasetAdd(Dataset *set, const uint8_t *data, const uint32_t data_len);
59 int DatasetRemove(Dataset *set, const uint8_t *data, const uint32_t data_len);
60 int DatasetLookup(Dataset *set, const uint8_t *data, const uint32_t data_len);
61 DataRepResultType DatasetLookupwRep(Dataset *set, const uint8_t *data, const uint32_t data_len,
62  const DataRepType *rep);
63 
64 int DatasetAddSerialized(Dataset *set, const char *string);
65 int DatasetRemoveSerialized(Dataset *set, const char *string);
66 int DatasetLookupSerialized(Dataset *set, const char *string);
67 
68 #endif /* SURICATA_DATASETS_H */
DatasetFind
Dataset * DatasetFind(const char *name, enum DatasetTypes type)
look for set by name without creating it
Definition: datasets.c:616
DatasetRemoveSerialized
int DatasetRemoveSerialized(Dataset *set, const char *string)
remove serialized data from set
Definition: datasets.c:1749
Dataset::name
char name[DATASET_NAME_MAX_LEN+1]
Definition: datasets.h:41
Dataset::id
uint32_t id
Definition: datasets.h:43
Dataset::save
char save[PATH_MAX]
Definition: datasets.h:49
Dataset::hash
THashTableContext * hash
Definition: datasets.h:46
DatasetAddSerialized
int DatasetAddSerialized(Dataset *set, const char *string)
add serialized data to set
Definition: datasets.c:1659
Dataset::type
enum DatasetTypes type
Definition: datasets.h:42
Dataset
struct Dataset Dataset
DatasetsSave
void DatasetsSave(void)
Definition: datasets.c:1068
DATASET_TYPE_SHA256
@ DATASET_TYPE_SHA256
Definition: datasets.h:34
DatasetLookup
int DatasetLookup(Dataset *set, const uint8_t *data, const uint32_t data_len)
see if data is part of the set
Definition: datasets.c:1320
datasets-reputation.h
DatasetReload
void DatasetReload(void)
Definition: datasets.c:787
DatasetLookupwRep
DataRepResultType DatasetLookupwRep(Dataset *set, const uint8_t *data, const uint32_t data_len, const DataRepType *rep)
Definition: datasets.c:1340
DATASET_TYPE_IPV6
@ DATASET_TYPE_IPV6
Definition: datasets.h:36
DataRepResultType
Definition: datasets-reputation.h:31
DatasetLookupSerialized
int DatasetLookupSerialized(Dataset *set, const char *string)
add serialized data to set
Definition: datasets.c:1671
DatasetPostReloadCleanup
void DatasetPostReloadCleanup(void)
Definition: datasets.c:809
THashTableContext_
Definition: util-thash.h:141
DatasetsInit
int DatasetsInit(void)
Definition: datasets.c:856
type
uint16_t type
Definition: decode-vlan.c:107
DATASET_TYPE_IPV4
@ DATASET_TYPE_IPV4
Definition: datasets.h:35
DatasetTypes
DatasetTypes
Definition: datasets.h:30
Dataset::next
struct Dataset * next
Definition: datasets.h:51
DatasetsDestroy
void DatasetsDestroy(void)
Definition: datasets.c:990
DatasetRemove
int DatasetRemove(Dataset *set, const uint8_t *data, const uint32_t data_len)
Definition: datasets.c:1755
DATASET_NAME_MAX_LEN
#define DATASET_NAME_MAX_LEN
Definition: datasets.h:39
DatasetAdd
int DatasetAdd(Dataset *set, const uint8_t *data, const uint32_t data_len)
Definition: datasets.c:1555
hashsize
#define hashsize(n)
Definition: util-hash-lookup3.h:40
Dataset::hidden
bool hidden
Definition: datasets.h:45
DATASET_TYPE_MD5
@ DATASET_TYPE_MD5
Definition: datasets.h:33
DATASET_TYPE_STRING
@ DATASET_TYPE_STRING
Definition: datasets.h:32
DatasetGet
Dataset * DatasetGet(const char *name, enum DatasetTypes type, const char *save, const char *load, uint64_t memcap, uint32_t hashsize)
Definition: datasets.c:630
Dataset
Definition: datasets.h:40
Dataset::from_yaml
bool from_yaml
Definition: datasets.h:44
DatasetGetTypeFromString
enum DatasetTypes DatasetGetTypeFromString(const char *s)
Definition: datasets.c:58
util-thash.h
Dataset::load
char load[PATH_MAX]
Definition: datasets.h:48
DataRepType
Definition: datasets-reputation.h:27