#include "suricata-common.h"#include "suricata.h"#include "detect.h"#include "detect-engine-alert.h"#include "detect-engine-threshold.h"#include "detect-engine-tag.h"#include "decode.h"#include "packet.h"#include "flow.h"#include "flow-private.h"#include "util-profiling.h"#include "util-validate.h"#include "action-globals.h"#include "tests/detect-engine-alert.c"
Go to the source code of this file.
Functions | |
| void | PacketAlertTagInit (void) |
| int | PacketAlertCheck (Packet *p, uint32_t sid) |
| Check if a certain sid alerted, this is used in the test functions. More... | |
| void | AlertQueueInit (DetectEngineThreadCtx *det_ctx) |
| void | AlertQueueFree (DetectEngineThreadCtx *det_ctx) |
| void | AlertQueueAppend (DetectEngineThreadCtx *det_ctx, const Signature *s, Packet *p, uint64_t tx_id, uint8_t alert_flags) |
| Append signature to local packet alert queue for later preprocessing. More... | |
| void | PacketAlertFinalize (const DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p) |
| Check the threshold of the sigs that match, set actions, break on pass action This function iterate the packet alerts array, removing those that didn't match the threshold, and those that match after a signature with the action "pass". The array is sorted by action priority/order. More... | |
Function Documentation
◆ AlertQueueAppend()
| void AlertQueueAppend | ( | DetectEngineThreadCtx * | det_ctx, |
| const Signature * | s, | ||
| Packet * | p, | ||
| uint64_t | tx_id, | ||
| uint8_t | alert_flags | ||
| ) |
Append signature to local packet alert queue for later preprocessing.
Definition at line 353 of file detect-engine-alert.c.
References PacketAlert_::action, Signature_::action, ACTION_DROP, Packet_::alerts, and PacketAlerts_::drop.
◆ AlertQueueFree()
| void AlertQueueFree | ( | DetectEngineThreadCtx * | det_ctx | ) |
Definition at line 258 of file detect-engine-alert.c.
References DetectEngineThreadCtx_::alert_queue, DetectEngineThreadCtx_::alert_queue_capacity, and SCFree.
◆ AlertQueueInit()
| void AlertQueueInit | ( | DetectEngineThreadCtx * | det_ctx | ) |
Definition at line 245 of file detect-engine-alert.c.
References DetectEngineThreadCtx_::alert_queue, DetectEngineThreadCtx_::alert_queue_capacity, DetectEngineThreadCtx_::alert_queue_size, FatalError, packet_alert_max, SCCalloc, and SCLogDebug.
◆ PacketAlertCheck()
| int PacketAlertCheck | ( | Packet * | p, |
| uint32_t | sid | ||
| ) |
Check if a certain sid alerted, this is used in the test functions.
- Parameters
-
p Packet on which we want to check if the signature alerted or not sid Signature id of the signature that has to be checked for a match
- Return values
-
match A value > 0 on a match; 0 on no match
Definition at line 142 of file detect-engine-alert.c.
References PacketAlerts_::alerts, Packet_::alerts, BUG_ON, PacketAlerts_::cnt, Signature_::id, and PacketAlert_::s.
Referenced by UTHCheckPacketMatchResults(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().
◆ PacketAlertFinalize()
| void PacketAlertFinalize | ( | const DetectEngineCtx * | de_ctx, |
| DetectEngineThreadCtx * | det_ctx, | ||
| Packet * | p | ||
| ) |
Check the threshold of the sigs that match, set actions, break on pass action This function iterate the packet alerts array, removing those that didn't match the threshold, and those that match after a signature with the action "pass". The array is sorted by action priority/order.
- Parameters
-
de_ctx detection engine context det_ctx detection engine thread context p pointer to the packet
Definition at line 578 of file detect-engine-alert.c.
References DetectEngineThreadCtx_::alert_queue_size, and SCEnter.
◆ PacketAlertTagInit()
| void PacketAlertTagInit | ( | void | ) |
Definition at line 46 of file detect-engine-alert.c.
