suricata
detect-engine-build.h File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

void PacketCreateMask (Packet *p, SignatureMask *mask, AppProto alproto, bool app_decoder_events)
 
int SignatureIsFilestoring (const Signature *)
 Check if a signature contains the filestore keyword. More...
 
int SignatureIsFilemagicInspecting (const Signature *)
 Check if a signature contains the filemagic keyword. More...
 
int SignatureIsFileMd5Inspecting (const Signature *)
 Check if a signature contains the filemd5 keyword. More...
 
int SignatureIsFileSha1Inspecting (const Signature *s)
 Check if a signature contains the filesha1 keyword. More...
 
int SignatureIsFileSha256Inspecting (const Signature *s)
 Check if a signature contains the filesha256 keyword. More...
 
int SignatureIsFilesizeInspecting (const Signature *)
 Check if a signature contains the filesize keyword. More...
 
void SignatureSetType (DetectEngineCtx *de_ctx, Signature *s)
 
int SigAddressPrepareStage1 (DetectEngineCtx *de_ctx)
 Preprocess signature, classify ip-only, etc, build sig array. More...
 
int SigAddressPrepareStage2 (DetectEngineCtx *de_ctx)
 Fill the global src group head, with the sigs included. More...
 
int SigAddressPrepareStage3 (DetectEngineCtx *de_ctx)
 
int SigAddressPrepareStage4 (DetectEngineCtx *de_ctx)
 finalize preparing sgh's More...
 
int SigAddressCleanupStage1 (DetectEngineCtx *de_ctx)
 
void SigCleanSignatures (DetectEngineCtx *)
 
int SigGroupBuild (DetectEngineCtx *)
 Convert the signature list into the runtime match structure. More...
 
int SigGroupCleanup (DetectEngineCtx *de_ctx)
 

Function Documentation

◆ PacketCreateMask()

◆ SigAddressCleanupStage1()

◆ SigAddressPrepareStage1()

int SigAddressPrepareStage1 ( DetectEngineCtx de_ctx)

Preprocess signature, classify ip-only, etc, build sig array.

Parameters
de_ctxPointer to the Detection Engine Context
Return values
0on success
-1on failure

Definition at line 1286 of file detect-engine-build.c.

◆ SigAddressPrepareStage2()

int SigAddressPrepareStage2 ( DetectEngineCtx de_ctx)

Fill the global src group head, with the sigs included.

Parameters
de_ctxPointer to the Detection Engine Context whose Signatures have to be processed
Return values
0On success
-1On failure

Definition at line 1625 of file detect-engine-build.c.

References de_ctx, DetectEngineCtx_::flow_gh, DetectEngineCtx_::io_ctx, IPOnlyInit(), SCLogDebug, and DetectEngineLookupFlow_::tcp.

Here is the call graph for this function:

◆ SigAddressPrepareStage3()

int SigAddressPrepareStage3 ( DetectEngineCtx de_ctx)

Definition at line 1672 of file detect-engine-build.c.

◆ SigAddressPrepareStage4()

int SigAddressPrepareStage4 ( DetectEngineCtx de_ctx)

finalize preparing sgh's

Definition at line 1756 of file detect-engine-build.c.

References SCEnter.

◆ SigCleanSignatures()

void SigCleanSignatures ( DetectEngineCtx )

Definition at line 39 of file detect-engine-build.c.

References de_ctx, DetectEngineResetMaxSigId(), Signature_::next, DetectEngineCtx_::sig_list, and SigFree().

Referenced by DetectEngineCtxFree(), UTHGenericTest(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ SigGroupBuild()

int SigGroupBuild ( DetectEngineCtx de_ctx)

Convert the signature list into the runtime match structure.

Parameters
de_ctxPointer to the Detection Engine Context whose Signatures have to be processed
Return values
0On Success.
-1On failure.

Definition at line 1878 of file detect-engine-build.c.

References de_ctx, DetectSetFastPatternAndItsId(), Signature_::next, Signature_::num, DetectEngineCtx_::sig_list, and DetectEngineCtx_::signum.

Referenced by UTHMatchPackets(), UTHMatchPacketsWithResults(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ SigGroupCleanup()

int SigGroupCleanup ( DetectEngineCtx de_ctx)

Definition at line 1949 of file detect-engine-build.c.

References de_ctx, and SigAddressCleanupStage1().

Referenced by DetectEngineCtxFree(), UTHGenericTest(), UTHMatchPackets(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ SignatureIsFilemagicInspecting()

int SignatureIsFilemagicInspecting ( const Signature s)

Check if a signature contains the filemagic keyword.

Parameters
ssignature
Return values
0no
1yes

Definition at line 103 of file detect-engine-build.c.

References Signature_::file_flags, and FILE_SIG_NEED_MAGIC.

Referenced by SigGroupHeadSetFilemagicFlag().

Here is the caller graph for this function:

◆ SignatureIsFileMd5Inspecting()

int SignatureIsFileMd5Inspecting ( const Signature s)

Check if a signature contains the filemd5 keyword.

Parameters
ssignature
Return values
0no
1yes

Definition at line 122 of file detect-engine-build.c.

References Signature_::file_flags, and FILE_SIG_NEED_MD5.

Referenced by SigGroupHeadSetFileHashFlag().

Here is the caller graph for this function:

◆ SignatureIsFileSha1Inspecting()

int SignatureIsFileSha1Inspecting ( const Signature s)

Check if a signature contains the filesha1 keyword.

Parameters
ssignature
Return values
0no
1yes

Definition at line 138 of file detect-engine-build.c.

References Signature_::file_flags, and FILE_SIG_NEED_SHA1.

Referenced by SigGroupHeadSetFileHashFlag().

Here is the caller graph for this function:

◆ SignatureIsFileSha256Inspecting()

int SignatureIsFileSha256Inspecting ( const Signature s)

Check if a signature contains the filesha256 keyword.

Parameters
ssignature
Return values
0no
1yes

Definition at line 154 of file detect-engine-build.c.

References Signature_::file_flags, and FILE_SIG_NEED_SHA256.

Referenced by SigGroupHeadSetFileHashFlag().

Here is the caller graph for this function:

◆ SignatureIsFilesizeInspecting()

int SignatureIsFilesizeInspecting ( const Signature s)

Check if a signature contains the filesize keyword.

Parameters
ssignature
Return values
0no
1yes

Definition at line 170 of file detect-engine-build.c.

References Signature_::file_flags, and FILE_SIG_NEED_SIZE.

Referenced by SigGroupHeadSetFilesizeFlag().

Here is the caller graph for this function:

◆ SignatureIsFilestoring()

int SignatureIsFilestoring ( const Signature s)

Check if a signature contains the filestore keyword.

Parameters
ssignature
Return values
0no
1yes

Definition at line 84 of file detect-engine-build.c.

References Signature_::flags, and SIG_FLAG_FILESTORE.

Referenced by SigGroupHeadSetFilestoreCount().

Here is the caller graph for this function:

◆ SignatureSetType()

void SignatureSetType ( DetectEngineCtx de_ctx,
Signature s 
)

Definition at line 1263 of file detect-engine-build.c.