39 memset(&g_tag_signature, 0x00,
sizeof(g_tag_signature));
44 g_tag_signature.
rev = 1;
45 g_tag_signature.
prio = 2;
47 memset(&g_tag_pa, 0x00,
sizeof(g_tag_pa));
50 g_tag_pa.
s = &g_tag_signature;
94 if (ret == 0 || ret == 2) {
101 }
while (smd != NULL);
117 if (ret == 0 || ret == 2) {
124 }
while (smd != NULL);
171 for (i = pos; i <= p->
alerts.
cnt - 1; i++) {
243 while (i < p->alerts.cnt) {
247 int res = PacketAlertHandle(de_ctx, det_ctx, s, p, &p->
alerts.
alerts[i]);
268 SCLogDebug(
"testing against \"ip-only\" signatures");
270 if (p->
flow != NULL) {
283 FlowSetNoPacketInspectionFlag(p->
flow);
311 if (res == 0 || res == 2) {
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
#define KEYWORD_PROFILING_END(ctx, type, m)
#define KEYWORD_PROFILING_SET_LIST(ctx, list)
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
#define ACTION_REJECT_DST
#define PACKET_TEST_ACTION(p, a)
void FlowSetIPOnlyFlag(Flow *f, int direction)
Set the IPOnly scanned flag for 'direction'.
const DetectThresholdData * SigGetThresholdTypeIter(const Signature *sig, Packet *p, const SigMatchData **psm, int list)
Return next DetectThresholdData for signature.
void FlowSetHasAlertsFlag(Flow *f)
Set flag to indicate that flow has alerts.
#define PACKET_ALERT_FLAG_DROP_FLOW
void TagHandlePacket(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
Search tags for src and dst. Update entries of the tag, remove if necessary.
#define SIG_FLAG_APPLAYER
main detection engine ctx
PacketAlert alerts[PACKET_ALERT_MAX]
const struct Signature_ * s
#define KEYWORD_PROFILING_START
PacketAlert * PacketAlertGetTag(void)
#define ACTION_REJECT_BOTH
SigMatchData * sm_arrays[DETECT_SM_LIST_MAX]
#define FLOW_PKT_TOSERVER
void DetectSignatureApplyActions(Packet *p, const Signature *s, const uint8_t alert_flags)
Apply action(s) and Set 'drop' sig info, if applicable.
#define PKT_PSEUDO_STREAM_END
int PacketAlertRemove(Packet *p, uint16_t pos)
Remove alert from the p->alerts.alerts array at pos.
int PacketAlertThreshold(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const DetectThresholdData *td, Packet *p, const Signature *s, PacketAlert *pa)
Make the threshold logic for signatures.
#define FLOW_PKT_TOSERVER_IPONLY_SET
void PacketAlertFinalize(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
Check the threshold of the sigs that match, set actions, break on pass action This function iterate t...
int(* Match)(ThreadVars *, DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
int PacketAlertAppend(DetectEngineThreadCtx *det_ctx, const Signature *s, Packet *p, uint64_t tx_id, uint8_t flags)
append a signature match to a packet
void PacketAlertTagInit(void)
#define FLOW_PKT_TOCLIENT_IPONLY_SET
#define FLOW_PKT_TOCLIENT