Go to the source code of this file.
Functions | |
| void | PacketCreateMask (Packet *p, SignatureMask *mask, AppProto alproto, bool app_decoder_events) |
| int | SignatureIsFilestoring (const Signature *) |
| Check if a signature contains the filestore keyword. More... | |
| int | SignatureIsFilemagicInspecting (const Signature *) |
| Check if a signature contains the filemagic keyword. More... | |
| int | SignatureIsFileMd5Inspecting (const Signature *) |
| Check if a signature contains the filemd5 keyword. More... | |
| int | SignatureIsFileSha1Inspecting (const Signature *s) |
| Check if a signature contains the filesha1 keyword. More... | |
| int | SignatureIsFileSha256Inspecting (const Signature *s) |
| Check if a signature contains the filesha256 keyword. More... | |
| int | SignatureIsFilesizeInspecting (const Signature *) |
| Check if a signature contains the filesize keyword. More... | |
| void | SignatureSetType (DetectEngineCtx *de_ctx, Signature *s) |
| int | SigPrepareStage1 (DetectEngineCtx *de_ctx) |
| Preprocess signature, classify ip-only, etc, build sig array. More... | |
| int | SigPrepareStage2 (DetectEngineCtx *de_ctx) |
| Fill the global src group head, with the sigs included. More... | |
| int | SigPrepareStage3 (DetectEngineCtx *de_ctx) |
| int | SigPrepareStage4 (DetectEngineCtx *de_ctx) |
| finalize preparing sgh's More... | |
| int | SigAddressCleanupStage1 (DetectEngineCtx *de_ctx) |
| void | SigCleanSignatures (DetectEngineCtx *) |
| int | SigGroupBuild (DetectEngineCtx *) |
| Convert the signature list into the runtime match structure. More... | |
| int | SigGroupCleanup (DetectEngineCtx *de_ctx) |
Function Documentation
◆ PacketCreateMask()
| void PacketCreateMask | ( | Packet * | p, |
| SignatureMask * | mask, | ||
| AppProto | alproto, | ||
| bool | app_decoder_events | ||
| ) |
Definition at line 407 of file detect-engine-build.c.
References Packet_::app_layer_events, AppLayerDecoderEvents_::cnt, PacketEngineEvents_::cnt, Packet_::events, Packet_::flags, Packet_::payload_len, PKT_DETECT_HAS_STREAMDATA, PKT_IS_PSEUDOPKT, PKT_NOPAYLOAD_INSPECTION, SCLogDebug, SIG_MASK_REQUIRE_ENGINE_EVENT, SIG_MASK_REQUIRE_NO_PAYLOAD, SIG_MASK_REQUIRE_PAYLOAD, and SIG_MASK_REQUIRE_REAL_PKT.
◆ SigAddressCleanupStage1()
| int SigAddressCleanupStage1 | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 1927 of file detect-engine-build.c.
References BUG_ON, de_ctx, DetectEngineCtx_::decoder_event_sgh, DetectPortCleanupList(), DetectEngineCtx_::flow_gh, FLOW_STATES, DetectEngineCtx_::io_ctx, IPOnlyDeinit(), SCFree, SCLogDebug, DetectEngineLookupFlow_::sgh, DetectEngineCtx_::sgh_array, DetectEngineCtx_::sgh_array_cnt, DetectEngineCtx_::sgh_array_size, SigGroupHeadFree(), DetectEngineLookupFlow_::tcp, and DetectEngineLookupFlow_::udp.
Referenced by SigGroupCleanup().
◆ SigCleanSignatures()
| void SigCleanSignatures | ( | DetectEngineCtx * | ) |
Definition at line 55 of file detect-engine-build.c.
References de_ctx, DetectEngineResetMaxSigId(), Signature_::next, DetectEngineCtx_::sig_list, and SigFree().
Referenced by DetectEngineCtxFree(), and UTHPacketMatchSig().
◆ SigGroupBuild()
| int SigGroupBuild | ( | DetectEngineCtx * | de_ctx | ) |
Convert the signature list into the runtime match structure.
- Parameters
-
de_ctx Pointer to the Detection Engine Context whose Signatures have to be processed
- Return values
-
0 On Success. -1 On failure.
Definition at line 2144 of file detect-engine-build.c.
References de_ctx, DetectSetFastPatternAndItsId(), Signature_::next, Signature_::num, DetectEngineCtx_::sig_list, and DetectEngineCtx_::signum.
Referenced by UTHMatchPackets(), UTHMatchPacketsWithResults(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().
◆ SigGroupCleanup()
| int SigGroupCleanup | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 2211 of file detect-engine-build.c.
References de_ctx, and SigAddressCleanupStage1().
Referenced by DetectEngineCtxFree(), UTHMatchPackets(), and UTHPacketMatchSig().
◆ SignatureIsFilemagicInspecting()
| int SignatureIsFilemagicInspecting | ( | const Signature * | s | ) |
Check if a signature contains the filemagic keyword.
- Parameters
-
s signature
- Return values
-
0 no 1 yes
Definition at line 119 of file detect-engine-build.c.
References Signature_::file_flags, and FILE_SIG_NEED_MAGIC.
Referenced by SigGroupHeadSetupFiles().
◆ SignatureIsFileMd5Inspecting()
| int SignatureIsFileMd5Inspecting | ( | const Signature * | s | ) |
Check if a signature contains the filemd5 keyword.
- Parameters
-
s signature
- Return values
-
0 no 1 yes
Definition at line 138 of file detect-engine-build.c.
References Signature_::file_flags, and FILE_SIG_NEED_MD5.
Referenced by SigGroupHeadSetupFiles().
◆ SignatureIsFileSha1Inspecting()
| int SignatureIsFileSha1Inspecting | ( | const Signature * | s | ) |
Check if a signature contains the filesha1 keyword.
- Parameters
-
s signature
- Return values
-
0 no 1 yes
Definition at line 154 of file detect-engine-build.c.
References Signature_::file_flags, and FILE_SIG_NEED_SHA1.
Referenced by SigGroupHeadSetupFiles().
◆ SignatureIsFileSha256Inspecting()
| int SignatureIsFileSha256Inspecting | ( | const Signature * | s | ) |
Check if a signature contains the filesha256 keyword.
- Parameters
-
s signature
- Return values
-
0 no 1 yes
Definition at line 170 of file detect-engine-build.c.
References Signature_::file_flags, and FILE_SIG_NEED_SHA256.
Referenced by SigGroupHeadSetupFiles().
◆ SignatureIsFilesizeInspecting()
| int SignatureIsFilesizeInspecting | ( | const Signature * | s | ) |
Check if a signature contains the filesize keyword.
- Parameters
-
s signature
- Return values
-
0 no 1 yes
Definition at line 186 of file detect-engine-build.c.
References Signature_::file_flags, and FILE_SIG_NEED_SIZE.
Referenced by SigGroupHeadSetupFiles().
◆ SignatureIsFilestoring()
| int SignatureIsFilestoring | ( | const Signature * | s | ) |
Check if a signature contains the filestore keyword.
- Parameters
-
s signature
- Return values
-
0 no 1 yes
Definition at line 100 of file detect-engine-build.c.
References Signature_::flags, and SIG_FLAG_FILESTORE.
Referenced by SigGroupHeadSetupFiles().
◆ SignatureSetType()
| void SignatureSetType | ( | DetectEngineCtx * | de_ctx, |
| Signature * | s | ||
| ) |
Definition at line 1642 of file detect-engine-build.c.
References BUG_ON, SIG_TYPE_NOT_SET, and Signature_::type.
◆ SigPrepareStage1()
| int SigPrepareStage1 | ( | DetectEngineCtx * | de_ctx | ) |
Preprocess signature, classify ip-only, etc, build sig array.
- Parameters
-
de_ctx Pointer to the Detection Engine Context
- Return values
-
0 on success -1 on failure
Definition at line 1715 of file detect-engine-build.c.
◆ SigPrepareStage2()
| int SigPrepareStage2 | ( | DetectEngineCtx * | de_ctx | ) |
Fill the global src group head, with the sigs included.
- Parameters
-
de_ctx Pointer to the Detection Engine Context whose Signatures have to be processed
- Return values
-
0 On success -1 On failure
Definition at line 1880 of file detect-engine-build.c.
References de_ctx, DetectEngineCtx_::flow_gh, DetectEngineCtx_::io_ctx, IPOnlyInit(), SCLogDebug, and DetectEngineLookupFlow_::tcp.
◆ SigPrepareStage3()
| int SigPrepareStage3 | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 1920 of file detect-engine-build.c.
◆ SigPrepareStage4()
| int SigPrepareStage4 | ( | DetectEngineCtx * | de_ctx | ) |
finalize preparing sgh's
Definition at line 2001 of file detect-engine-build.c.
References cnt, ConfGetBool(), de_ctx, DetectEngineCtx_::decoder_event_sgh, SigGroupHead_::filestore_cnt, SigGroupHead_::id, MpmStoreReportStats(), PrefilterSetupRuleGroup(), SCEnter, SCLogDebug, SCLogPerf, DetectEngineCtx_::sgh_array, DetectEngineCtx_::sgh_array_cnt, SigGroupHeadBuildNonPrefilterArray(), and SigGroupHeadSetupFiles().
