suricata
|
Go to the source code of this file.
Data Structures | |
struct | SigNumArray_ |
Typedefs | |
typedef struct SigNumArray_ | SigNumArray |
Functions | |
void | IPOnlyCIDRListFree (IPOnlyCIDRItem *tmphead) |
This function free a IPOnlyCIDRItem list. More... | |
int | IPOnlySigParseAddress (const DetectEngineCtx *, Signature *, const char *, char) |
Parses an address group sent as a character string and updates the IPOnlyCIDRItem lists src and dst of the Signature *s. More... | |
void | IPOnlyMatchPacket (ThreadVars *tv, const DetectEngineCtx *, DetectEngineThreadCtx *, const DetectEngineIPOnlyCtx *, DetectEngineIPOnlyThreadCtx *, Packet *) |
Match a packet against the IP Only detection engine contexts. More... | |
void | IPOnlyInit (DetectEngineCtx *, DetectEngineIPOnlyCtx *) |
Setup the IP Only detection engine context. More... | |
void | IPOnlyPrint (DetectEngineCtx *, DetectEngineIPOnlyCtx *) |
Print stats of the IP Only engine. More... | |
void | IPOnlyDeinit (DetectEngineCtx *, DetectEngineIPOnlyCtx *) |
Deinitialize the IP Only detection engine context. More... | |
void | IPOnlyPrepare (DetectEngineCtx *) |
Build the radix trees from the lists of parsed adresses in CIDR format the result should be 4 radix trees: src/dst ipv4 and src/dst ipv6 holding SigNumArrays, each of them with a hierarchical relation of subnets and hosts. More... | |
void | DetectEngineIPOnlyThreadInit (DetectEngineCtx *, DetectEngineIPOnlyThreadCtx *) |
Setup the IP Only thread detection engine context. More... | |
void | DetectEngineIPOnlyThreadDeinit (DetectEngineIPOnlyThreadCtx *) |
Deinitialize the IP Only thread detection engine context. More... | |
void | IPOnlyAddSignature (DetectEngineCtx *, DetectEngineIPOnlyCtx *, Signature *) |
Add a signature to the lists of Adrresses in CIDR format (sorted) this step is necesary to build the radix tree with a hierarchical relation between nodes. More... | |
void | IPOnlyRegisterTests (void) |
Definition in file detect-engine-iponly.h.
typedef struct SigNumArray_ SigNumArray |
SigNumArray is a bit array representing signatures it can be used linked to src/dst address to indicate which signatures apply to this addres at IP Only we store SigNumArrays at the radix trees
void DetectEngineIPOnlyThreadDeinit | ( | DetectEngineIPOnlyThreadCtx * | io_tctx | ) |
Deinitialize the IP Only thread detection engine context.
de_ctx | Pointer to the current detection engine |
io_ctx | Pointer to the current ip only detection engine |
Definition at line 938 of file detect-engine-iponly.c.
References BUG_ON, SigMatchData_::ctx, DETECT_SM_LIST_MATCH, SigTableElmt_::flags, SigMatchData_::is_last, KEYWORD_PROFILING_END, KEYWORD_PROFILING_SET_LIST, KEYWORD_PROFILING_START, SigTableElmt_::Match, SCFree, DetectEngineIPOnlyThreadCtx_::sig_match_array, SIGMATCH_IPONLY_COMPAT, sigmatch_table, Signature_::sm_arrays, and SigMatchData_::type.
Referenced by DetectEngineThreadCtxInit().
void DetectEngineIPOnlyThreadInit | ( | DetectEngineCtx * | de_ctx, |
DetectEngineIPOnlyThreadCtx * | io_tctx | ||
) |
Setup the IP Only thread detection engine context.
de_ctx | Pointer to the current detection engine |
io_ctx | Pointer to the current ip only thread detection engine |
Definition at line 875 of file detect-engine-iponly.c.
References DetectEngineCtx_::io_ctx, DetectEngineIPOnlyCtx_::max_idx, SCMalloc, DetectEngineIPOnlyThreadCtx_::sig_match_array, and DetectEngineIPOnlyThreadCtx_::sig_match_size.
Referenced by DetectEngineResetMaxSigId().
void IPOnlyAddSignature | ( | DetectEngineCtx * | de_ctx, |
DetectEngineIPOnlyCtx * | io_ctx, | ||
Signature * | s | ||
) |
Add a signature to the lists of Adrresses in CIDR format (sorted) this step is necesary to build the radix tree with a hierarchical relation between nodes.
de_ctx | Pointer to the current detection engine context |
de_ctx | Pointer to the current ip only detection engine contest |
s | Pointer to the current signature |
ipv4 and ipv6 are mixed, but later we will separate them into different trees
no longer ref to this, it's in the table now
Definition at line 1534 of file detect-engine-iponly.c.
References Signature_::CidrDst, Signature_::CidrSrc, DE_QUIET, DetectEngineCtxFree(), DetectEngineCtxInit(), FAIL_IF, Packet_::flags, Signature_::flags, DetectEngineCtx_::flags, Packet_::flow, FLOW_DESTROY, FLOW_INITIALIZE, FLOW_PKT_TOSERVER, Packet_::flowflags, Flow_::flowvar, head, DetectEngineIPOnlyCtx_::ip_dst, DetectEngineIPOnlyCtx_::ip_src, IPOnlyCIDRListFree(), DetectEngineIPOnlyCtx_::max_idx, Signature_::num, PASS, PKT_HAS_FLOW, SIG_FLAG_IPONLY, DetectEngineIPOnlyCtx_::sig_init_array, SigFree(), SigInit(), SignatureIsIPOnly(), UTHBuildPacket(), UTHBuildPacketIPV6SrcDst(), UTHBuildPacketSrcDst(), UTHFreePackets(), and UTHGenericTest().
Referenced by SigAddressPrepareStage2().
void IPOnlyCIDRListFree | ( | IPOnlyCIDRItem * | tmphead | ) |
This function free a IPOnlyCIDRItem list.
tmphead | Pointer to the list |
Definition at line 408 of file detect-engine-iponly.c.
References address, SigNumArray_::array, head, IPOnlyCIDRItem_::ip, IPOnlyCIDRListFree(), DetectEngineIPOnlyCtx_::max_idx, IPOnlyCIDRItem_::negated, IPOnlyCIDRItem_::netmask, IPOnlyCIDRItem_::next, next, SC_ERR_ADDRESS_ENGINE_GENERIC, SC_ERR_FATAL, SC_RULE_VARS_ADDRESS_GROUPS, SCEnter, SCFree, SCLogDebug, SCLogError, SCMalloc, SCReturn, SCRuleVarsGetConfVar(), SCStrdup, SigIntId, IPOnlyCIDRItem_::signum, SigNumArray_::size, and unlikely.
Referenced by IPOnlyAddSignature(), IPOnlyCIDRListFree(), and SigFree().
void IPOnlyDeinit | ( | DetectEngineCtx * | de_ctx, |
DetectEngineIPOnlyCtx * | io_ctx | ||
) |
Deinitialize the IP Only detection engine context.
de_ctx | Pointer to the current detection engine |
io_ctx | Pointer to the current ip only detection engine |
Definition at line 905 of file detect-engine-iponly.c.
References SCFree, SCRadixReleaseRadixTree(), DetectEngineIPOnlyCtx_::sig_init_array, DetectEngineIPOnlyCtx_::tree_ipv4dst, DetectEngineIPOnlyCtx_::tree_ipv4src, DetectEngineIPOnlyCtx_::tree_ipv6dst, and DetectEngineIPOnlyCtx_::tree_ipv6src.
Referenced by SigAddressCleanupStage1().
void IPOnlyInit | ( | DetectEngineCtx * | de_ctx, |
DetectEngineIPOnlyCtx * | io_ctx | ||
) |
Setup the IP Only detection engine context.
de_ctx | Pointer to the current detection engine |
io_ctx | Pointer to the current ip only detection engine |
Definition at line 848 of file detect-engine-iponly.c.
References DetectEngineGetMaxSigId, SC_ERR_FATAL, SCLogError, SCMalloc, SCRadixCreateRadixTree(), DetectEngineIPOnlyCtx_::sig_init_array, DetectEngineIPOnlyCtx_::sig_init_size, DetectEngineIPOnlyCtx_::tree_ipv4dst, DetectEngineIPOnlyCtx_::tree_ipv4src, DetectEngineIPOnlyCtx_::tree_ipv6dst, and DetectEngineIPOnlyCtx_::tree_ipv6src.
Referenced by SigAddressPrepareStage2().
void IPOnlyMatchPacket | ( | ThreadVars * | tv, |
const DetectEngineCtx * | de_ctx, | ||
DetectEngineThreadCtx * | det_ctx, | ||
const DetectEngineIPOnlyCtx * | io_ctx, | ||
DetectEngineIPOnlyThreadCtx * | io_tctx, | ||
Packet * | p | ||
) |
Match a packet against the IP Only detection engine contexts.
de_ctx | Pointer to the current detection engine |
io_ctx | Pointer to the current ip only detection engine |
io_ctx | Pointer to the current ip only thread detection engine |
p | Pointer to the Packet to match against |
Definition at line 976 of file detect-engine-iponly.c.
References Signature_::action, ACTION_DROP, SigNumArray_::array, SigMatchData_::ctx, DETECT_PROTO_IPV4, DETECT_PROTO_IPV6, DETECT_SM_LIST_POSTMATCH, DetectPortLookupGroup(), DetectProtoContainsProto(), DetectSignatureApplyActions(), Packet_::dp, Signature_::dp, Packet_::dst, dst, Address_::family, DetectProto_::flags, Packet_::flags, Signature_::flags, GET_IPV4_DST_ADDR_U32, GET_IPV4_SRC_ADDR_U32, GET_IPV6_DST_ADDR, GET_IPV6_SRC_ADDR, Signature_::id, IP_GET_IPPROTO, SigMatchData_::is_last, KEYWORD_PROFILING_END, KEYWORD_PROFILING_SET_LIST, KEYWORD_PROFILING_START, SigTableElmt_::Match, Signature_::msg, PACKET_ALERT_FLAG_DROP_FLOW, PacketAlertAppend(), PKT_IS_FRAGMENT, PKT_IS_IPV4, PKT_IS_IPV6, Packet_::proto, Signature_::proto, SCLogDebug, SCRadixFindKeyIPV4BestMatch(), SCRadixFindKeyIPV6BestMatch(), DetectEngineCtx_::sig_array, SIG_FLAG_DP_ANY, SIG_FLAG_NOALERT, SIG_FLAG_SP_ANY, DetectEngineIPOnlyThreadCtx_::sig_match_array, sigmatch_table, SigNumArray_::size, Signature_::sm_arrays, Packet_::sp, Signature_::sp, Packet_::src, src, DetectEngineIPOnlyCtx_::tree_ipv4dst, DetectEngineIPOnlyCtx_::tree_ipv4src, DetectEngineIPOnlyCtx_::tree_ipv6dst, DetectEngineIPOnlyCtx_::tree_ipv6src, and SigMatchData_::type.
Referenced by SigMatchSignaturesGetSgh().
void IPOnlyPrepare | ( | DetectEngineCtx * | de_ctx | ) |
Build the radix trees from the lists of parsed adresses in CIDR format the result should be 4 radix trees: src/dst ipv4 and src/dst ipv6 holding SigNumArrays, each of them with a hierarchical relation of subnets and hosts.
de_ctx | Pointer to the current detection engine |
Not found, look if there's a subnet of this range with bigger netmask
Not found, look if there's a subnet of this range with bigger netmask
Not found, insert a new one
Update the sig
Unset it
Set it
Not found, look if there's a subnet of this range with bigger netmask
Definition at line 1115 of file detect-engine-iponly.c.
References SigNumArray_::array, dst, IPOnlyCIDRItem_::family, DetectEngineCtx_::io_ctx, IPOnlyCIDRItem_::ip, IPOnlyCIDRItem_::negated, IPOnlyCIDRItem_::netmask, IPOnlyCIDRItem_::next, PrintInet(), SC_ERR_IPONLY_RADIX, SCFree, SCLogDebug, SCLogError, SCRadixAddKeyIPV4(), SCRadixAddKeyIPV4Netblock(), SCRadixAddKeyIPV6(), SCRadixAddKeyIPV6Netblock(), SCRadixFindKeyIPV4BestMatch(), SCRadixFindKeyIPV4ExactMatch(), SCRadixFindKeyIPV4Netblock(), SCRadixFindKeyIPV6BestMatch(), SCRadixFindKeyIPV6ExactMatch(), SCRadixFindKeyIPV6Netblock(), IPOnlyCIDRItem_::signum, and src.
Referenced by SigAddressPrepareStage2().
void IPOnlyPrint | ( | DetectEngineCtx * | de_ctx, |
DetectEngineIPOnlyCtx * | io_ctx | ||
) |
Print stats of the IP Only engine.
de_ctx | Pointer to the current detection engine |
io_ctx | Pointer to the current ip only detection engine |
Definition at line 894 of file detect-engine-iponly.c.
Referenced by SigAddressPrepareStage2().
void IPOnlyRegisterTests | ( | void | ) |
Definition at line 2257 of file detect-engine-iponly.c.
References UtRegisterTest().
Referenced by SigRegisterTests().
int IPOnlySigParseAddress | ( | const DetectEngineCtx * | de_ctx, |
Signature * | s, | ||
const char * | addrstr, | ||
char | flag | ||
) |
Parses an address group sent as a character string and updates the IPOnlyCIDRItem lists src and dst of the Signature *s.
s | Pointer to the signature structure |
addrstr | Pointer to the character string containing the address group that has to be parsed. |
flag | to indicate if we are parsing the src string or the dst string |
0 | On success. |
-1 | On failure. |
Definition at line 792 of file detect-engine-iponly.c.
References Signature_::CidrDst, Signature_::CidrSrc, Signature_::flags, SC_ERR_ADDRESS_ENGINE_GENERIC, SCLogDebug, SCLogError, SIG_FLAG_DST_ANY, and SIG_FLAG_SRC_ANY.
Referenced by SigMatchListSMBelongsTo().