This graph shows which files directly or indirectly include this file:

Data Structures
struct	SigNumArray_

Typedefs
typedef struct SigNumArray_	SigNumArray

Functions
void	IPOnlyCIDRListFree (IPOnlyCIDRItem *tmphead)
	This function free a IPOnlyCIDRItem list. More...

int	IPOnlySigParseAddress (const DetectEngineCtx , Signature , const char *, char)
	Parses an address group sent as a character string and updates the IPOnlyCIDRItem lists src and dst of the Signature *s. More...

void	IPOnlyMatchPacket (ThreadVars tv, const DetectEngineCtx , DetectEngineThreadCtx , const DetectEngineIPOnlyCtx , DetectEngineIPOnlyThreadCtx , Packet )
	Match a packet against the IP Only detection engine contexts. More...

void	IPOnlyInit (DetectEngineCtx , DetectEngineIPOnlyCtx )
	Setup the IP Only detection engine context. More...

void	IPOnlyPrint (DetectEngineCtx , DetectEngineIPOnlyCtx )
	Print stats of the IP Only engine. More...

void	IPOnlyDeinit (DetectEngineCtx , DetectEngineIPOnlyCtx )
	Deinitialize the IP Only detection engine context. More...

void	IPOnlyPrepare (DetectEngineCtx *)
	Build the radix trees from the lists of parsed adresses in CIDR format the result should be 4 radix trees: src/dst ipv4 and src/dst ipv6 holding SigNumArrays, each of them with a hierarchical relation of subnets and hosts. More...

void	DetectEngineIPOnlyThreadInit (DetectEngineCtx , DetectEngineIPOnlyThreadCtx )
	Setup the IP Only thread detection engine context. More...

void	DetectEngineIPOnlyThreadDeinit (DetectEngineIPOnlyThreadCtx *)
	Deinitialize the IP Only thread detection engine context. More...

void	IPOnlyAddSignature (DetectEngineCtx , DetectEngineIPOnlyCtx , Signature *)
	Add a signature to the lists of Adrresses in CIDR format (sorted) this step is necesary to build the radix tree with a hierarchical relation between nodes. More...

void	IPOnlyRegisterTests (void)

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file detect-engine-iponly.h.

Typedef Documentation

◆ SigNumArray

typedef struct SigNumArray_ SigNumArray

SigNumArray is a bit array representing signatures it can be used linked to src/dst address to indicate which signatures apply to this addres at IP Only we store SigNumArrays at the radix trees

Function Documentation

◆ DetectEngineIPOnlyThreadDeinit()

void DetectEngineIPOnlyThreadDeinit ( DetectEngineIPOnlyThreadCtx * io_tctx )

Deinitialize the IP Only thread detection engine context.

Parameters

de_ctx	Pointer to the current detection engine
io_ctx	Pointer to the current ip only detection engine

Definition at line 939 of file detect-engine-iponly.c.

References SCFree, and DetectEngineIPOnlyThreadCtx_::sig_match_array.

◆ DetectEngineIPOnlyThreadInit()

void DetectEngineIPOnlyThreadInit	(	DetectEngineCtx *	de_ctx,
		DetectEngineIPOnlyThreadCtx *	io_tctx
	)

Setup the IP Only thread detection engine context.

Parameters

de_ctx	Pointer to the current detection engine
io_ctx	Pointer to the current ip only thread detection engine

Definition at line 876 of file detect-engine-iponly.c.

References de_ctx, DetectEngineCtx_::io_ctx, DetectEngineIPOnlyCtx_::max_idx, SCMalloc, DetectEngineIPOnlyThreadCtx_::sig_match_array, and DetectEngineIPOnlyThreadCtx_::sig_match_size.

◆ IPOnlyAddSignature()

void IPOnlyAddSignature	(	DetectEngineCtx *	de_ctx,
		DetectEngineIPOnlyCtx *	io_ctx,
		Signature *	s
	)

Add a signature to the lists of Adrresses in CIDR format (sorted) this step is necesary to build the radix tree with a hierarchical relation between nodes.

Parameters

de_ctx	Pointer to the current detection engine context
de_ctx	Pointer to the current ip only detection engine contest
s	Pointer to the current signature

ipv4 and ipv6 are mixed, but later we will separate them into different trees

no longer ref to this, it's in the table now

Definition at line 1538 of file detect-engine-iponly.c.

References Signature_::flags, and SIG_FLAG_IPONLY.

◆ IPOnlyCIDRListFree()

void IPOnlyCIDRListFree ( IPOnlyCIDRItem * tmphead )

This function free a IPOnlyCIDRItem list.

Parameters

tmphead Pointer to the list

Definition at line 409 of file detect-engine-iponly.c.

References next, HtpBodyChunk_::next, IPOnlyCIDRItem_::next, SCEnter, SCFree, SCLogDebug, and SCReturn.

Referenced by SigFree().

Here is the caller graph for this function:

◆ IPOnlyDeinit()

void IPOnlyDeinit	(	DetectEngineCtx *	de_ctx,
		DetectEngineIPOnlyCtx *	io_ctx
	)

Deinitialize the IP Only detection engine context.

Parameters

de_ctx	Pointer to the current detection engine
io_ctx	Pointer to the current ip only detection engine

Definition at line 906 of file detect-engine-iponly.c.

References SCFree, SCRadixReleaseRadixTree(), DetectEngineIPOnlyCtx_::sig_init_array, DetectEngineIPOnlyCtx_::tree_ipv4dst, DetectEngineIPOnlyCtx_::tree_ipv4src, DetectEngineIPOnlyCtx_::tree_ipv6dst, and DetectEngineIPOnlyCtx_::tree_ipv6src.

Referenced by SigAddressCleanupStage1().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ IPOnlyInit()

void IPOnlyInit	(	DetectEngineCtx *	de_ctx,
		DetectEngineIPOnlyCtx *	io_ctx
	)

Setup the IP Only detection engine context.

Parameters

de_ctx	Pointer to the current detection engine
io_ctx	Pointer to the current ip only detection engine

Definition at line 849 of file detect-engine-iponly.c.

References de_ctx, DetectEngineGetMaxSigId, SC_ERR_FATAL, SCLogError, SCMalloc, SCRadixCreateRadixTree(), DetectEngineIPOnlyCtx_::sig_init_array, DetectEngineIPOnlyCtx_::sig_init_size, and DetectEngineIPOnlyCtx_::tree_ipv4src.

Referenced by SigAddressPrepareStage2().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ IPOnlyMatchPacket()

void IPOnlyMatchPacket	(	ThreadVars *	tv,
		const DetectEngineCtx *	de_ctx,
		DetectEngineThreadCtx *	det_ctx,
		const DetectEngineIPOnlyCtx *	io_ctx,
		DetectEngineIPOnlyThreadCtx *	io_tctx,
		Packet *	p
	)

Match a packet against the IP Only detection engine contexts.

Parameters

de_ctx	Pointer to the current detection engine
io_ctx	Pointer to the current ip only detection engine
io_ctx	Pointer to the current ip only thread detection engine
p	Pointer to the Packet to match against

Definition at line 977 of file detect-engine-iponly.c.

References de_ctx, DETECT_PROTO_IPV4, DETECT_PROTO_IPV6, DetectPortLookupGroup(), DetectProtoContainsProto(), Packet_::dp, Signature_::dp, dst, Packet_::dst, Address_::family, DetectProto_::flags, Packet_::flags, Signature_::flags, GET_IPV4_DST_ADDR_U32, GET_IPV4_SRC_ADDR_U32, GET_IPV6_DST_ADDR, GET_IPV6_SRC_ADDR, IP_GET_IPPROTO, PKT_IS_FRAGMENT, PKT_IS_IPV4, PKT_IS_IPV6, Packet_::proto, Signature_::proto, SCEnter, SCLogDebug, SCRadixFindKeyIPV4BestMatch(), SCRadixFindKeyIPV6BestMatch(), SCReturn, DetectEngineCtx_::sig_array, SIG_FLAG_DP_ANY, SIG_FLAG_SP_ANY, DetectEngineIPOnlyThreadCtx_::sig_match_array, Packet_::sp, Signature_::sp, src, Packet_::src, DetectEngineIPOnlyCtx_::tree_ipv4dst, DetectEngineIPOnlyCtx_::tree_ipv4src, DetectEngineIPOnlyCtx_::tree_ipv6dst, and DetectEngineIPOnlyCtx_::tree_ipv6src.

Here is the call graph for this function:

◆ IPOnlyPrepare()

void IPOnlyPrepare ( DetectEngineCtx * de_ctx )

Build the radix trees from the lists of parsed adresses in CIDR format the result should be 4 radix trees: src/dst ipv4 and src/dst ipv6 holding SigNumArrays, each of them with a hierarchical relation of subnets and hosts.

Parameters

de_ctx Pointer to the current detection engine

Not found, look if there's a subnet of this range with bigger netmask

Not found, insert a new one

Update the sig

Unset it

Set it

Not found, look if there's a subnet of this range with bigger netmask

Definition at line 1119 of file detect-engine-iponly.c.

References de_ctx, dst, DetectEngineCtx_::io_ctx, SCLogDebug, SCRadixFindKeyIPV4BestMatch(), SCRadixFindKeyIPV4ExactMatch(), SCRadixFindKeyIPV4Netblock(), and src.

Here is the call graph for this function:

◆ IPOnlyPrint()

void IPOnlyPrint	(	DetectEngineCtx *	de_ctx,
		DetectEngineIPOnlyCtx *	io_ctx
	)

Print stats of the IP Only engine.

Parameters

de_ctx	Pointer to the current detection engine
io_ctx	Pointer to the current ip only detection engine

Definition at line 895 of file detect-engine-iponly.c.

◆ IPOnlyRegisterTests()

void IPOnlyRegisterTests ( void )

Definition at line 2261 of file detect-engine-iponly.c.

References UtRegisterTest().

Referenced by SigRegisterTests().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ IPOnlySigParseAddress()

int IPOnlySigParseAddress	(	const DetectEngineCtx *	de_ctx,
		Signature *	s,
		const char *	addrstr,
		char	flag
	)

Parses an address group sent as a character string and updates the IPOnlyCIDRItem lists src and dst of the Signature *s.

Parameters

s	Pointer to the signature structure
addrstr	Pointer to the character string containing the address group that has to be parsed.
flag	to indicate if we are parsing the src string or the dst string

Return values

0	On success.
-1	On failure.

Definition at line 793 of file detect-engine-iponly.c.

References Signature_::flags, SCLogDebug, and SIG_FLAG_SRC_ANY.

Data Structures

Typedefs

Functions

Detailed Description

Typedef Documentation

◆ SigNumArray

Function Documentation

◆ DetectEngineIPOnlyThreadDeinit()

◆ DetectEngineIPOnlyThreadInit()

◆ IPOnlyAddSignature()

◆ IPOnlyCIDRListFree()

◆ IPOnlyDeinit()

◆ IPOnlyInit()

◆ IPOnlyMatchPacket()

◆ IPOnlyPrepare()

◆ IPOnlyPrint()

◆ IPOnlyRegisterTests()

◆ IPOnlySigParseAddress()