#include <stdint.h>

Include dependency graph for detect-engine-analyzer.h:

This graph shows which files directly or indirectly include this file:

Functions
int	SetupFPAnalyzer (void)
	Sets up the fast pattern analyzer according to the config. More...

void	CleanupFPAnalyzer (void)

int	SetupRuleAnalyzer (void)
	Sets up the rule analyzer according to the config. More...

void	CleanupRuleAnalyzer (void)

int	PerCentEncodingSetup (void)
	Compiles regex for rule analysis. More...

void	EngineAnalysisFP (const DetectEngineCtx de_ctx, const Signature s, char *line)

void	EngineAnalysisRules (const DetectEngineCtx de_ctx, const Signature s, const char *line)
	Prints analysis of loaded rules. More...

void	EngineAnalysisRulesFailure (char line, char file, int lineno)

void	EngineAnalysisRules2 (const DetectEngineCtx de_ctx, const Signature s)

Detailed Description

Author: Eileen Donlon emdon.nosp@m.lo@g.nosp@m.mail..nosp@m.com

Definition in file detect-engine-analyzer.h.

Function Documentation

◆ CleanupFPAnalyzer()

void CleanupFPAnalyzer ( void )

Definition at line 395 of file detect-engine-analyzer.c.

◆ CleanupRuleAnalyzer()

void CleanupRuleAnalyzer ( void )

Definition at line 419 of file detect-engine-analyzer.c.

◆ EngineAnalysisFP()

void EngineAnalysisFP	(	const DetectEngineCtx *	de_ctx,
		const Signature *	s,
		char *	line
	)

Definition at line 157 of file detect-engine-analyzer.c.

References SigMatch_::ctx, DETECT_CONTENT_FAST_PATTERN, DETECT_CONTENT_FAST_PATTERN_CHOP, DETECT_CONTENT_FAST_PATTERN_ONLY, DetectContentData_::flags, Signature_::init_data, SignatureInitData_::mpm_sm, and SignatureInitData_::mpm_sm_list.

◆ EngineAnalysisRules()

void EngineAnalysisRules	(	const DetectEngineCtx *	de_ctx,
		const Signature *	s,
		const char *	line
	)

Prints analysis of loaded rules.

   Warns if potential rule issues are detected. For example,
   warns if a rule uses a construct that may perform poorly,
   e.g. pcre without content or with http_method content only;
   warns if a rule uses a construct that may not be consistent with intent,
   e.g. client side ports only, http and content without any http_* modifiers, etc.

Parameters

s	Pointer to the signature.

Definition at line 1256 of file detect-engine-analyzer.c.

◆ EngineAnalysisRules2()

void EngineAnalysisRules2	(	const DetectEngineCtx *	de_ctx,
		const Signature *	s
	)

Definition at line 801 of file detect-engine-analyzer.c.

References Signature_::alproto, AppProtoToString(), DetectEngineTransforms::cnt, de_ctx, DETECT_SM_LIST_MATCH, DETECT_SM_LIST_PMATCH, DetectEngineBufferTypeGetNameById(), Signature_::flags, Signature_::gid, Signature_::id, RuleAnalyzer::js, Signature_::mask, DetectEnginePktInspectionEngine::mpm, Signature_::msg, SigTableElmt_::name, DetectEnginePktInspectionEngine::next, Signature_::pkt_inspect, Signature_::rev, SCEnter, SCReturn, SIG_FLAG_APPLAYER, SIG_FLAG_BYPASS, SIG_FLAG_DEST_IS_TARGET, SIG_FLAG_DP_ANY, SIG_FLAG_DSIZE, SIG_FLAG_DST_ANY, SIG_FLAG_FILESTORE, SIG_FLAG_FLUSH, SIG_FLAG_IPONLY, SIG_FLAG_MPM_NEG, SIG_FLAG_NOALERT, SIG_FLAG_PDONLY, SIG_FLAG_PREFILTER, SIG_FLAG_REQUIRE_FLOWVAR, SIG_FLAG_REQUIRE_PACKET, SIG_FLAG_REQUIRE_STREAM, SIG_FLAG_SP_ANY, SIG_FLAG_SRC_ANY, SIG_FLAG_SRC_IS_TARGET, SIG_FLAG_TLSSTORE, SIG_FLAG_TOCLIENT, SIG_FLAG_TOSERVER, SIG_MASK_REQUIRE_DCERPC, SIG_MASK_REQUIRE_ENGINE_EVENT, SIG_MASK_REQUIRE_FLAGS_INITDEINIT, SIG_MASK_REQUIRE_FLAGS_UNUSUAL, SIG_MASK_REQUIRE_FLOW, SIG_MASK_REQUIRE_NO_PAYLOAD, SIG_MASK_REQUIRE_PAYLOAD, Signature_::sig_str, sigmatch_table, DetectEnginePktInspectionEngine::sm_list, TransformData_::transform, DetectEngineTransforms::transforms, DetectEnginePktInspectionEngine::transforms, and DetectEnginePktInspectionEngine::v1.

Here is the call graph for this function:

◆ EngineAnalysisRulesFailure()

void EngineAnalysisRulesFailure	(	char *	line,
		char *	file,
		int	lineno
	)

Definition at line 554 of file detect-engine-analyzer.c.

◆ PerCentEncodingSetup()

int PerCentEncodingSetup ( void )

Compiles regex for rule analysis.

Return values

1	if successful
0	if on error

Definition at line 437 of file detect-engine-analyzer.c.

◆ SetupFPAnalyzer()

int SetupFPAnalyzer ( void )

Sets up the fast pattern analyzer according to the config.

Return values

1	If rule analyzer successfully enabled.
0	If not enabled.

Definition at line 290 of file detect-engine-analyzer.c.

◆ SetupRuleAnalyzer()

int SetupRuleAnalyzer ( void )

Sets up the rule analyzer according to the config.

Return values

1	if rule analyzer successfully enabled
0	if not enabled

Definition at line 339 of file detect-engine-analyzer.c.

References ConfGetNode(), ConfNodeLookupChildValue(), and ConfValIsTrue().

Here is the call graph for this function:

Functions

Detailed Description

Function Documentation

◆ CleanupFPAnalyzer()

◆ CleanupRuleAnalyzer()

◆ EngineAnalysisFP()

◆ EngineAnalysisRules()

◆ EngineAnalysisRules2()

◆ EngineAnalysisRulesFailure()

◆ PerCentEncodingSetup()

◆ SetupFPAnalyzer()

◆ SetupRuleAnalyzer()