suricata
|
#include <stdint.h>
Go to the source code of this file.
Functions | |
int | SetupFPAnalyzer (void) |
Sets up the fast pattern analyzer according to the config. More... | |
void | CleanupFPAnalyzer (void) |
int | SetupRuleAnalyzer (void) |
Sets up the rule analyzer according to the config. More... | |
void | CleanupRuleAnalyzer (void) |
int | PerCentEncodingSetup (void) |
Compiles regex for rule analysis. More... | |
void | EngineAnalysisFP (const DetectEngineCtx *de_ctx, const Signature *s, char *line) |
void | EngineAnalysisRules (const DetectEngineCtx *de_ctx, const Signature *s, const char *line) |
Prints analysis of loaded rules. More... | |
void | EngineAnalysisRulesFailure (char *line, char *file, int lineno) |
void | EngineAnalysisRules2 (const DetectEngineCtx *de_ctx, const Signature *s) |
Definition in file detect-engine-analyzer.h.
void CleanupFPAnalyzer | ( | void | ) |
Definition at line 395 of file detect-engine-analyzer.c.
void CleanupRuleAnalyzer | ( | void | ) |
Definition at line 419 of file detect-engine-analyzer.c.
void EngineAnalysisFP | ( | const DetectEngineCtx * | de_ctx, |
const Signature * | s, | ||
char * | line | ||
) |
Definition at line 157 of file detect-engine-analyzer.c.
References SigMatch_::ctx, DETECT_CONTENT_FAST_PATTERN, DETECT_CONTENT_FAST_PATTERN_CHOP, DETECT_CONTENT_FAST_PATTERN_ONLY, DetectContentData_::flags, Signature_::init_data, SignatureInitData_::mpm_sm, and SignatureInitData_::mpm_sm_list.
void EngineAnalysisRules | ( | const DetectEngineCtx * | de_ctx, |
const Signature * | s, | ||
const char * | line | ||
) |
Prints analysis of loaded rules.
Warns if potential rule issues are detected. For example, warns if a rule uses a construct that may perform poorly, e.g. pcre without content or with http_method content only; warns if a rule uses a construct that may not be consistent with intent, e.g. client side ports only, http and content without any http_* modifiers, etc.
s | Pointer to the signature. |
Definition at line 1256 of file detect-engine-analyzer.c.
void EngineAnalysisRules2 | ( | const DetectEngineCtx * | de_ctx, |
const Signature * | s | ||
) |
Definition at line 801 of file detect-engine-analyzer.c.
References Signature_::alproto, AppProtoToString(), DetectEngineTransforms::cnt, de_ctx, DETECT_SM_LIST_MATCH, DETECT_SM_LIST_PMATCH, DetectEngineBufferTypeGetNameById(), Signature_::flags, Signature_::gid, Signature_::id, RuleAnalyzer::js, Signature_::mask, DetectEnginePktInspectionEngine::mpm, Signature_::msg, SigTableElmt_::name, DetectEnginePktInspectionEngine::next, Signature_::pkt_inspect, Signature_::rev, SCEnter, SCReturn, SIG_FLAG_APPLAYER, SIG_FLAG_BYPASS, SIG_FLAG_DEST_IS_TARGET, SIG_FLAG_DP_ANY, SIG_FLAG_DSIZE, SIG_FLAG_DST_ANY, SIG_FLAG_FILESTORE, SIG_FLAG_FLUSH, SIG_FLAG_IPONLY, SIG_FLAG_MPM_NEG, SIG_FLAG_NOALERT, SIG_FLAG_PDONLY, SIG_FLAG_PREFILTER, SIG_FLAG_REQUIRE_FLOWVAR, SIG_FLAG_REQUIRE_PACKET, SIG_FLAG_REQUIRE_STREAM, SIG_FLAG_SP_ANY, SIG_FLAG_SRC_ANY, SIG_FLAG_SRC_IS_TARGET, SIG_FLAG_TLSSTORE, SIG_FLAG_TOCLIENT, SIG_FLAG_TOSERVER, SIG_MASK_REQUIRE_DCERPC, SIG_MASK_REQUIRE_ENGINE_EVENT, SIG_MASK_REQUIRE_FLAGS_INITDEINIT, SIG_MASK_REQUIRE_FLAGS_UNUSUAL, SIG_MASK_REQUIRE_FLOW, SIG_MASK_REQUIRE_NO_PAYLOAD, SIG_MASK_REQUIRE_PAYLOAD, Signature_::sig_str, sigmatch_table, DetectEnginePktInspectionEngine::sm_list, TransformData_::transform, DetectEngineTransforms::transforms, DetectEnginePktInspectionEngine::transforms, and DetectEnginePktInspectionEngine::v1.
void EngineAnalysisRulesFailure | ( | char * | line, |
char * | file, | ||
int | lineno | ||
) |
Definition at line 554 of file detect-engine-analyzer.c.
int PerCentEncodingSetup | ( | void | ) |
Compiles regex for rule analysis.
1 | if successful |
0 | if on error |
Definition at line 437 of file detect-engine-analyzer.c.
int SetupFPAnalyzer | ( | void | ) |
Sets up the fast pattern analyzer according to the config.
1 | If rule analyzer successfully enabled. |
0 | If not enabled. |
Definition at line 290 of file detect-engine-analyzer.c.
int SetupRuleAnalyzer | ( | void | ) |
Sets up the rule analyzer according to the config.
1 | if rule analyzer successfully enabled |
0 | if not enabled |
Definition at line 339 of file detect-engine-analyzer.c.
References ConfGetNode(), ConfNodeLookupChildValue(), and ConfValIsTrue().