Go to the source code of this file.
Functions | |
| void | AlertQueueInit (DetectEngineThreadCtx *det_ctx) |
| void | AlertQueueFree (DetectEngineThreadCtx *det_ctx) |
| void | AlertQueueAppend (DetectEngineThreadCtx *det_ctx, const Signature *s, Packet *p, uint64_t tx_id, uint8_t alert_flags) |
| Append signature to local packet alert queue for later preprocessing. More... | |
| void | PacketAlertFinalize (DetectEngineCtx *, DetectEngineThreadCtx *, Packet *) |
| Check the threshold of the sigs that match, set actions, break on pass action This function iterate the packet alerts array, removing those that didn't match the threshold, and those that match after a signature with the action "pass". The array is sorted by action priority/order. More... | |
| int | PacketAlertCheck (Packet *, uint32_t) |
| Check if a certain sid alerted, this is used in the test functions. More... | |
| void | PacketAlertTagInit (void) |
| PacketAlert * | PacketAlertGetTag (void) |
Detailed Description
Definition in file detect-engine-alert.h.
Function Documentation
◆ AlertQueueAppend()
| void AlertQueueAppend | ( | DetectEngineThreadCtx * | det_ctx, |
| const Signature * | s, | ||
| Packet * | p, | ||
| uint64_t | tx_id, | ||
| uint8_t | alert_flags | ||
| ) |
Append signature to local packet alert queue for later preprocessing.
Definition at line 260 of file detect-engine-alert.c.
◆ AlertQueueFree()
| void AlertQueueFree | ( | DetectEngineThreadCtx * | det_ctx | ) |
Definition at line 216 of file detect-engine-alert.c.
◆ AlertQueueInit()
| void AlertQueueInit | ( | DetectEngineThreadCtx * | det_ctx | ) |
Definition at line 203 of file detect-engine-alert.c.
◆ PacketAlertCheck()
| int PacketAlertCheck | ( | Packet * | p, |
| uint32_t | sid | ||
| ) |
Check if a certain sid alerted, this is used in the test functions.
- Parameters
-
p Packet on which we want to check if the signature alerted or not sid Signature id of the signature that has to be checked for a match
- Return values
-
match A value > 0 on a match; 0 on no match
Definition at line 137 of file detect-engine-alert.c.
References PacketAlerts_::alerts, Packet_::alerts, PacketAlerts_::cnt, Signature_::id, and PacketAlert_::s.
Referenced by UTHCheckPacketMatchResults(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().
◆ PacketAlertFinalize()
| void PacketAlertFinalize | ( | DetectEngineCtx * | de_ctx, |
| DetectEngineThreadCtx * | det_ctx, | ||
| Packet * | p | ||
| ) |
Check the threshold of the sigs that match, set actions, break on pass action This function iterate the packet alerts array, removing those that didn't match the threshold, and those that match after a signature with the action "pass". The array is sorted by action priority/order.
- Parameters
-
de_ctx detection engine context det_ctx detection engine thread context p pointer to the packet
Definition at line 335 of file detect-engine-alert.c.
References DetectEngineThreadCtx_::alert_queue, DetectEngineThreadCtx_::alert_queue_size, and SCEnter.
◆ PacketAlertGetTag()
| PacketAlert* PacketAlertGetTag | ( | void | ) |
Definition at line 53 of file detect-engine-alert.c.
◆ PacketAlertTagInit()
| void PacketAlertTagInit | ( | void | ) |
Definition at line 37 of file detect-engine-alert.c.
