Go to the source code of this file.
Functions | |
| void | PacketAlertFinalize (DetectEngineCtx *, DetectEngineThreadCtx *, Packet *) |
| Check the threshold of the sigs that match, set actions, break on pass action This function iterate the packet alerts array, removing those that didn't match the threshold, and those that match after a signature with the action "pass". The array is sorted by action priority/order. More... | |
| int | PacketAlertAppend (DetectEngineThreadCtx *, const Signature *, Packet *, uint64_t tx_id, uint8_t) |
| append a signature match to a packet More... | |
| int | PacketAlertCheck (Packet *, uint32_t) |
| Check if a certain sid alerted, this is used in the test functions. More... | |
| int | PacketAlertRemove (Packet *, uint16_t) |
| Remove alert from the p->alerts.alerts array at pos. More... | |
| void | PacketAlertTagInit (void) |
| PacketAlert * | PacketAlertGetTag (void) |
Detailed Description
Definition in file detect-engine-alert.h.
Function Documentation
◆ PacketAlertAppend()
| int PacketAlertAppend | ( | DetectEngineThreadCtx * | det_ctx, |
| const Signature * | s, | ||
| Packet * | p, | ||
| uint64_t | tx_id, | ||
| uint8_t | flags | ||
| ) |
append a signature match to a packet
- Parameters
-
det_ctx thread detection engine ctx s the signature that matched p packet flags alert flags
Definition at line 188 of file detect-engine-alert.c.
References PacketAlert_::action, Signature_::action, PacketAlerts_::alerts, Packet_::alerts, PacketAlerts_::cnt, flags, PacketAlert_::flags, Signature_::id, PacketAlert_::num, Signature_::num, PACKET_ALERT_MAX, PacketAlert_::s, SCLogDebug, and PacketAlert_::tx_id.
◆ PacketAlertCheck()
| int PacketAlertCheck | ( | Packet * | p, |
| uint32_t | sid | ||
| ) |
Check if a certain sid alerted, this is used in the test functions.
- Parameters
-
p Packet on which we want to check if the signature alerted or not sid Signature id of the signature that thas to be checked for a match
- Return values
-
match A value > 0 on a match; 0 on no match
Definition at line 138 of file detect-engine-alert.c.
References PacketAlerts_::alerts, Packet_::alerts, PacketAlerts_::cnt, Signature_::id, and PacketAlert_::s.
Referenced by UTHCheckPacketMatchResults(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().
◆ PacketAlertFinalize()
| void PacketAlertFinalize | ( | DetectEngineCtx * | de_ctx, |
| DetectEngineThreadCtx * | det_ctx, | ||
| Packet * | p | ||
| ) |
Check the threshold of the sigs that match, set actions, break on pass action This function iterate the packet alerts array, removing those that didn't match the threshold, and those that match after a signature with the action "pass". The array is sorted by action priority/order.
- Parameters
-
de_ctx detection engine context det_ctx detection engine thread context p pointer to the packet
Definition at line 251 of file detect-engine-alert.c.
References PacketAlerts_::alerts, Packet_::alerts, de_ctx, PacketAlert_::num, res, SCEnter, SCLogDebug, and DetectEngineCtx_::sig_array.
◆ PacketAlertGetTag()
| PacketAlert* PacketAlertGetTag | ( | void | ) |
Definition at line 53 of file detect-engine-alert.c.
◆ PacketAlertRemove()
| int PacketAlertRemove | ( | Packet * | p, |
| uint16_t | pos | ||
| ) |
Remove alert from the p->alerts.alerts array at pos.
- Parameters
-
p Pointer to the Packet pos Position in the array
- Return values
-
0 if the number of alerts is less than pos 1 if all goes well
Definition at line 161 of file detect-engine-alert.c.
References PacketAlerts_::alerts, Packet_::alerts, PacketAlerts_::cnt, and SCLogDebug.
◆ PacketAlertTagInit()
| void PacketAlertTagInit | ( | void | ) |
Definition at line 37 of file detect-engine-alert.c.
