suricata
detect-engine-analyzer.h File Reference
#include <stdint.h>
Include dependency graph for detect-engine-analyzer.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

int SetupFPAnalyzer (void)
 Sets up the fast pattern analyzer according to the config. More...
 
void CleanupFPAnalyzer (void)
 
int SetupRuleAnalyzer (void)
 Sets up the rule analyzer according to the config. More...
 
void CleanupRuleAnalyzer (void)
 
int PerCentEncodingSetup (void)
 Compiles regex for rule analysis. More...
 
int PerCentEncodingMatch (uint8_t *content, uint8_t content_len)
 Checks for % encoding in content. More...
 
void EngineAnalysisFP (const DetectEngineCtx *de_ctx, const Signature *s, char *line)
 
void EngineAnalysisRules (const DetectEngineCtx *de_ctx, const Signature *s, const char *line)
 Prints analysis of loaded rules. More...
 
void EngineAnalysisRulesFailure (char *line, char *file, int lineno)
 
void EngineAnalysisRules2 (const DetectEngineCtx *de_ctx, const Signature *s)
 

Detailed Description

Function Documentation

◆ CleanupFPAnalyzer()

void CleanupFPAnalyzer ( void  )

Definition at line 390 of file detect-engine-analyzer.c.

◆ CleanupRuleAnalyzer()

void CleanupRuleAnalyzer ( void  )

Definition at line 414 of file detect-engine-analyzer.c.

◆ EngineAnalysisFP()

◆ EngineAnalysisRules()

void EngineAnalysisRules ( const DetectEngineCtx de_ctx,
const Signature s,
const char *  line 
)

Prints analysis of loaded rules.

   Warns if potential rule issues are detected. For example,
   warns if a rule uses a construct that may perform poorly,
   e.g. pcre without content or with http_method content only;
   warns if a rule uses a construct that may not be consistent with intent,
   e.g. client side ports only, http and content without any http_* modifiers, etc.
Parameters
sPointer to the signature.

Definition at line 1109 of file detect-engine-analyzer.c.

◆ EngineAnalysisRules2()

◆ EngineAnalysisRulesFailure()

void EngineAnalysisRulesFailure ( char *  line,
char *  file,
int  lineno 
)

Definition at line 549 of file detect-engine-analyzer.c.

◆ PerCentEncodingMatch()

int PerCentEncodingMatch ( uint8_t *  content,
uint8_t  content_len 
)

Checks for % encoding in content.

Parameters
Pointerto content
Return values
numberof matches if content has % encoding
0if it doesn't have % encoding
-1on error

Definition at line 460 of file detect-engine-analyzer.c.

◆ PerCentEncodingSetup()

int PerCentEncodingSetup ( )

Compiles regex for rule analysis.

Return values
1if successful
0if on error

Definition at line 432 of file detect-engine-analyzer.c.

◆ SetupFPAnalyzer()

int SetupFPAnalyzer ( void  )

Sets up the fast pattern analyzer according to the config.

Return values
1If rule analyzer successfully enabled.
0If not enabled.

Definition at line 284 of file detect-engine-analyzer.c.

◆ SetupRuleAnalyzer()

int SetupRuleAnalyzer ( void  )

Sets up the rule analyzer according to the config.

Return values
1if rule analyzer successfully enabled
0if not enabled

Definition at line 334 of file detect-engine-analyzer.c.

References ConfGetNode(), ConfNodeLookupChildValue(), and ConfValIsTrue().

Here is the call graph for this function: