Go to the source code of this file.
Functions | |
| void | AlertQueueInit (DetectEngineThreadCtx *det_ctx) |
| void | AlertQueueFree (DetectEngineThreadCtx *det_ctx) |
| void | AlertQueueAppend (DetectEngineThreadCtx *det_ctx, const Signature *s, Packet *p, uint64_t tx_id, uint8_t alert_flags) |
| Append signature to local packet alert queue for later preprocessing. More... | |
| void | PacketAlertFinalize (DetectEngineCtx *, DetectEngineThreadCtx *, Packet *) |
| Check the threshold of the sigs that match, set actions, break on pass action This function iterate the packet alerts array, removing those that didn't match the threshold, and those that match after a signature with the action "pass". The array is sorted by action priority/order. More... | |
| int | PacketAlertCheck (Packet *, uint32_t) |
| Check if a certain sid alerted, this is used in the test functions. More... | |
| void | PacketAlertTagInit (void) |
| void | DetectEngineAlertRegisterTests (void) |
| Registers Detect Engine Alert unit tests. More... | |
Detailed Description
Definition in file detect-engine-alert.h.
Function Documentation
◆ AlertQueueAppend()
| void AlertQueueAppend | ( | DetectEngineThreadCtx * | det_ctx, |
| const Signature * | s, | ||
| Packet * | p, | ||
| uint64_t | tx_id, | ||
| uint8_t | alert_flags | ||
| ) |
Append signature to local packet alert queue for later preprocessing.
Definition at line 283 of file detect-engine-alert.c.
◆ AlertQueueFree()
| void AlertQueueFree | ( | DetectEngineThreadCtx * | det_ctx | ) |
Definition at line 235 of file detect-engine-alert.c.
◆ AlertQueueInit()
| void AlertQueueInit | ( | DetectEngineThreadCtx * | det_ctx | ) |
Definition at line 222 of file detect-engine-alert.c.
◆ DetectEngineAlertRegisterTests()
| void DetectEngineAlertRegisterTests | ( | void | ) |
Registers Detect Engine Alert unit tests.
Definition at line 71 of file detect-engine-alert.c.
References UtRegisterTest().
◆ PacketAlertCheck()
| int PacketAlertCheck | ( | Packet * | p, |
| uint32_t | sid | ||
| ) |
Check if a certain sid alerted, this is used in the test functions.
- Parameters
-
p Packet on which we want to check if the signature alerted or not sid Signature id of the signature that has to be checked for a match
- Return values
-
match A value > 0 on a match; 0 on no match
Definition at line 141 of file detect-engine-alert.c.
References PacketAlerts_::alerts, Packet_::alerts, BUG_ON, PacketAlerts_::cnt, Signature_::id, and PacketAlert_::s.
Referenced by UTHCheckPacketMatchResults(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().
◆ PacketAlertFinalize()
| void PacketAlertFinalize | ( | DetectEngineCtx * | de_ctx, |
| DetectEngineThreadCtx * | det_ctx, | ||
| Packet * | p | ||
| ) |
Check the threshold of the sigs that match, set actions, break on pass action This function iterate the packet alerts array, removing those that didn't match the threshold, and those that match after a signature with the action "pass". The array is sorted by action priority/order.
- Parameters
-
de_ctx detection engine context det_ctx detection engine thread context p pointer to the packet
Definition at line 367 of file detect-engine-alert.c.
References DetectEngineThreadCtx_::alert_queue, DetectEngineThreadCtx_::alert_queue_size, and SCEnter.
◆ PacketAlertTagInit()
| void PacketAlertTagInit | ( | void | ) |
Definition at line 45 of file detect-engine-alert.c.
