suricata
|
Go to the source code of this file.
Functions | |
void | PacketCreateMask (Packet *p, SignatureMask *mask, AppProto alproto, bool app_decoder_events) |
int | SignatureIsFilestoring (const Signature *) |
Check if a signature contains the filestore keyword. More... | |
int | SignatureIsFilemagicInspecting (const Signature *) |
Check if a signature contains the filemagic keyword. More... | |
int | SignatureIsFileMd5Inspecting (const Signature *) |
Check if a signature contains the filemd5 keyword. More... | |
int | SignatureIsFileSha1Inspecting (const Signature *s) |
Check if a signature contains the filesha1 keyword. More... | |
int | SignatureIsFileSha256Inspecting (const Signature *s) |
Check if a signature contains the filesha256 keyword. More... | |
int | SignatureIsFilesizeInspecting (const Signature *) |
Check if a signature contains the filesize keyword. More... | |
void | SignatureSetType (DetectEngineCtx *de_ctx, Signature *s) |
int | SigPrepareStage1 (DetectEngineCtx *de_ctx) |
Preprocess signature, classify ip-only, etc, build sig array. More... | |
int | SigPrepareStage2 (DetectEngineCtx *de_ctx) |
Fill the global src group head, with the sigs included. More... | |
int | SigPrepareStage3 (DetectEngineCtx *de_ctx) |
int | SigPrepareStage4 (DetectEngineCtx *de_ctx) |
finalize preparing sgh's More... | |
int | SigAddressCleanupStage1 (DetectEngineCtx *de_ctx) |
void | SigCleanSignatures (DetectEngineCtx *) |
int | SigGroupBuild (DetectEngineCtx *) |
Convert the signature list into the runtime match structure. More... | |
int | SigGroupCleanup (DetectEngineCtx *de_ctx) |
void PacketCreateMask | ( | Packet * | p, |
SignatureMask * | mask, | ||
AppProto | alproto, | ||
bool | app_decoder_events | ||
) |
Definition at line 407 of file detect-engine-build.c.
References Packet_::app_layer_events, AppLayerDecoderEvents_::cnt, PacketEngineEvents_::cnt, Packet_::events, Packet_::flags, Packet_::payload_len, PKT_DETECT_HAS_STREAMDATA, PKT_IS_PSEUDOPKT, PKT_NOPAYLOAD_INSPECTION, SCLogDebug, SIG_MASK_REQUIRE_ENGINE_EVENT, SIG_MASK_REQUIRE_NO_PAYLOAD, SIG_MASK_REQUIRE_PAYLOAD, and SIG_MASK_REQUIRE_REAL_PKT.
int SigAddressCleanupStage1 | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 1944 of file detect-engine-build.c.
References BUG_ON, de_ctx, DetectEngineCtx_::decoder_event_sgh, DetectPortCleanupList(), DetectEngineCtx_::flow_gh, FLOW_STATES, DetectEngineCtx_::io_ctx, IPOnlyDeinit(), SCFree, SCLogDebug, DetectEngineLookupFlow_::sgh, DetectEngineCtx_::sgh_array, DetectEngineCtx_::sgh_array_cnt, DetectEngineCtx_::sgh_array_size, SigGroupHeadFree(), DetectEngineLookupFlow_::tcp, and DetectEngineLookupFlow_::udp.
Referenced by SigGroupCleanup().
void SigCleanSignatures | ( | DetectEngineCtx * | ) |
Definition at line 55 of file detect-engine-build.c.
References de_ctx, DetectEngineResetMaxSigId(), Signature_::next, DetectEngineCtx_::sig_list, and SigFree().
Referenced by DetectEngineCtxFree(), and UTHPacketMatchSig().
int SigGroupBuild | ( | DetectEngineCtx * | de_ctx | ) |
Convert the signature list into the runtime match structure.
de_ctx | Pointer to the Detection Engine Context whose Signatures have to be processed |
0 | On Success. |
-1 | On failure. |
Definition at line 2161 of file detect-engine-build.c.
References de_ctx, DetectSetFastPatternAndItsId(), Signature_::next, Signature_::num, DetectEngineCtx_::sig_list, and DetectEngineCtx_::signum.
Referenced by UTHMatchPackets(), UTHMatchPacketsWithResults(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().
int SigGroupCleanup | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 2228 of file detect-engine-build.c.
References de_ctx, and SigAddressCleanupStage1().
Referenced by DetectEngineCtxFree(), UTHMatchPackets(), and UTHPacketMatchSig().
int SignatureIsFilemagicInspecting | ( | const Signature * | s | ) |
Check if a signature contains the filemagic keyword.
s | signature |
0 | no |
1 | yes |
Definition at line 119 of file detect-engine-build.c.
References Signature_::file_flags, and FILE_SIG_NEED_MAGIC.
Referenced by SigGroupHeadSetupFiles().
int SignatureIsFileMd5Inspecting | ( | const Signature * | s | ) |
Check if a signature contains the filemd5 keyword.
s | signature |
0 | no |
1 | yes |
Definition at line 138 of file detect-engine-build.c.
References Signature_::file_flags, and FILE_SIG_NEED_MD5.
Referenced by SigGroupHeadSetupFiles().
int SignatureIsFileSha1Inspecting | ( | const Signature * | s | ) |
Check if a signature contains the filesha1 keyword.
s | signature |
0 | no |
1 | yes |
Definition at line 154 of file detect-engine-build.c.
References Signature_::file_flags, and FILE_SIG_NEED_SHA1.
Referenced by SigGroupHeadSetupFiles().
int SignatureIsFileSha256Inspecting | ( | const Signature * | s | ) |
Check if a signature contains the filesha256 keyword.
s | signature |
0 | no |
1 | yes |
Definition at line 170 of file detect-engine-build.c.
References Signature_::file_flags, and FILE_SIG_NEED_SHA256.
Referenced by SigGroupHeadSetupFiles().
int SignatureIsFilesizeInspecting | ( | const Signature * | s | ) |
Check if a signature contains the filesize keyword.
s | signature |
0 | no |
1 | yes |
Definition at line 186 of file detect-engine-build.c.
References Signature_::file_flags, and FILE_SIG_NEED_SIZE.
Referenced by SigGroupHeadSetupFiles().
int SignatureIsFilestoring | ( | const Signature * | s | ) |
Check if a signature contains the filestore keyword.
s | signature |
0 | no |
1 | yes |
Definition at line 100 of file detect-engine-build.c.
References Signature_::flags, and SIG_FLAG_FILESTORE.
Referenced by SigGroupHeadSetupFiles().
void SignatureSetType | ( | DetectEngineCtx * | de_ctx, |
Signature * | s | ||
) |
Definition at line 1659 of file detect-engine-build.c.
References BUG_ON, SIG_TYPE_NOT_SET, and Signature_::type.
int SigPrepareStage1 | ( | DetectEngineCtx * | de_ctx | ) |
Preprocess signature, classify ip-only, etc, build sig array.
de_ctx | Pointer to the Detection Engine Context |
0 | on success |
-1 | on failure |
Definition at line 1732 of file detect-engine-build.c.
int SigPrepareStage2 | ( | DetectEngineCtx * | de_ctx | ) |
Fill the global src group head, with the sigs included.
de_ctx | Pointer to the Detection Engine Context whose Signatures have to be processed |
0 | On success |
-1 | On failure |
Definition at line 1897 of file detect-engine-build.c.
References de_ctx, DetectEngineCtx_::flow_gh, DetectEngineCtx_::io_ctx, IPOnlyInit(), SCLogDebug, and DetectEngineLookupFlow_::tcp.
int SigPrepareStage3 | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 1937 of file detect-engine-build.c.
int SigPrepareStage4 | ( | DetectEngineCtx * | de_ctx | ) |
finalize preparing sgh's
Definition at line 2018 of file detect-engine-build.c.
References cnt, ConfGetBool(), de_ctx, DetectEngineCtx_::decoder_event_sgh, SigGroupHead_::filestore_cnt, SigGroupHead_::id, MpmStoreReportStats(), PrefilterSetupRuleGroup(), SCEnter, SCLogDebug, SCLogPerf, DetectEngineCtx_::sgh_array, DetectEngineCtx_::sgh_array_cnt, SigGroupHeadBuildNonPrefilterArray(), and SigGroupHeadSetupFiles().