Go to the source code of this file.
Functions | |
| void | IPOnlyCIDRListFree (IPOnlyCIDRItem *tmphead) |
| This function free a IPOnlyCIDRItem list. More... | |
| int | IPOnlySigParseAddress (const DetectEngineCtx *, Signature *, const char *, char) |
| Parses an address group sent as a character string and updates the IPOnlyCIDRItem lists src and dst of the Signature *s. More... | |
| void | IPOnlyMatchPacket (ThreadVars *tv, const DetectEngineCtx *, DetectEngineThreadCtx *, const DetectEngineIPOnlyCtx *, Packet *) |
| Match a packet against the IP Only detection engine contexts. More... | |
| void | IPOnlyInit (DetectEngineCtx *, DetectEngineIPOnlyCtx *) |
| Setup the IP Only detection engine context. More... | |
| void | IPOnlyPrint (DetectEngineCtx *, DetectEngineIPOnlyCtx *) |
| Print stats of the IP Only engine. More... | |
| void | IPOnlyDeinit (DetectEngineCtx *, DetectEngineIPOnlyCtx *) |
| Deinitialize the IP Only detection engine context. More... | |
| void | IPOnlyPrepare (DetectEngineCtx *) |
| Build the radix trees from the lists of parsed addresses in CIDR format the result should be 4 radix trees: src/dst ipv4 and src/dst ipv6 holding SigNumArrays, each of them with a hierarchical relation of subnets and hosts. More... | |
| SigIntId | IPOnlyTrackSigNum (DetectEngineIPOnlyCtx *, SigIntId) |
| void | IPOnlyAddSignature (DetectEngineCtx *, DetectEngineIPOnlyCtx *, Signature *) |
| Add a signature to the lists of Addresses in CIDR format (sorted) this step is necessary to build the radix tree with a hierarchical relation between nodes. More... | |
| void | IPOnlyRegisterTests (void) |
Detailed Description
Definition in file detect-engine-iponly.h.
Function Documentation
◆ IPOnlyAddSignature()
| void IPOnlyAddSignature | ( | DetectEngineCtx * | de_ctx, |
| DetectEngineIPOnlyCtx * | io_ctx, | ||
| Signature * | s | ||
| ) |
Add a signature to the lists of Addresses in CIDR format (sorted) this step is necessary to build the radix tree with a hierarchical relation between nodes.
- Parameters
-
de_ctx Pointer to the current detection engine context de_ctx Pointer to the current ip only detection engine contest s Pointer to the current signature
ipv4 and ipv6 are mixed, but later we will separate them into different trees
no longer ref to this, it's in the table now
Definition at line 1410 of file detect-engine-iponly.c.
References Signature_::id, Signature_::iid, IPOnlyTrackSigNum(), Signature_::msg, SCLogDebug, SIG_TYPE_IPONLY, SigIntId, and Signature_::type.
◆ IPOnlyCIDRListFree()
| void IPOnlyCIDRListFree | ( | IPOnlyCIDRItem * | tmphead | ) |
This function free a IPOnlyCIDRItem list.
- Parameters
-
tmphead Pointer to the list
Definition at line 482 of file detect-engine-iponly.c.
References next, HtpBodyChunk_::next, IPOnlyCIDRItem_::next, SCEnter, SCFree, SCLogDebug, and SCReturn.
Referenced by SigFree().
◆ IPOnlyDeinit()
| void IPOnlyDeinit | ( | DetectEngineCtx * | de_ctx, |
| DetectEngineIPOnlyCtx * | io_ctx | ||
| ) |
Deinitialize the IP Only detection engine context.
- Parameters
-
de_ctx Pointer to the current detection engine io_ctx Pointer to the current ip only detection engine
Definition at line 952 of file detect-engine-iponly.c.
References SCRadix4TreeRelease(), and DetectEngineIPOnlyCtx_::tree_ipv4src.
Referenced by SigAddressCleanupStage1().
◆ IPOnlyInit()
| void IPOnlyInit | ( | DetectEngineCtx * | de_ctx, |
| DetectEngineIPOnlyCtx * | io_ctx | ||
| ) |
Setup the IP Only detection engine context.
- Parameters
-
de_ctx Pointer to the current detection engine io_ctx Pointer to the current ip only detection engine
Definition at line 913 of file detect-engine-iponly.c.
References de_ctx, FatalError, SCCalloc, SCRadix4TreeInitialize(), SCRadix6TreeInitialize(), DetectEngineCtx_::sig_array_len, DetectEngineIPOnlyCtx_::sig_mapping, DetectEngineIPOnlyCtx_::sig_mapping_size, DetectEngineIPOnlyCtx_::tree_ipv4dst, DetectEngineIPOnlyCtx_::tree_ipv4src, DetectEngineIPOnlyCtx_::tree_ipv6dst, and DetectEngineIPOnlyCtx_::tree_ipv6src.
Referenced by SigPrepareStage2().
◆ IPOnlyMatchPacket()
| void IPOnlyMatchPacket | ( | ThreadVars * | tv, |
| const DetectEngineCtx * | de_ctx, | ||
| DetectEngineThreadCtx * | det_ctx, | ||
| const DetectEngineIPOnlyCtx * | io_ctx, | ||
| Packet * | p | ||
| ) |
Match a packet against the IP Only detection engine contexts.
- Parameters
-
de_ctx Pointer to the current detection engine io_ctx Pointer to the current ip only detection engine io_ctx Pointer to the current ip only thread detection engine p Pointer to the Packet to match against
Definition at line 998 of file detect-engine-iponly.c.
References de_ctx, DETECT_PROTO_IPV4, dst, Packet_::dst, Address_::family, DetectProto_::flags, GET_IPV4_DST_ADDR_U32, GET_IPV4_SRC_ADDR_U32, GET_IPV6_DST_ADDR, GET_IPV6_SRC_ADDR, Signature_::proto, SCEnter, SCLogDebug, SCRadix4TreeFindBestMatch(), SCRadix6TreeFindBestMatch(), SCReturn, DetectEngineCtx_::sig_array, DetectEngineIPOnlyCtx_::sig_mapping, src, Packet_::src, DetectEngineIPOnlyCtx_::tree_ipv4dst, DetectEngineIPOnlyCtx_::tree_ipv4src, DetectEngineIPOnlyCtx_::tree_ipv6dst, and DetectEngineIPOnlyCtx_::tree_ipv6src.
◆ IPOnlyPrepare()
| void IPOnlyPrepare | ( | DetectEngineCtx * | de_ctx | ) |
Build the radix trees from the lists of parsed addresses in CIDR format the result should be 4 radix trees: src/dst ipv4 and src/dst ipv6 holding SigNumArrays, each of them with a hierarchical relation of subnets and hosts.
- Parameters
-
de_ctx Pointer to the current detection engine
Not found, look if there's a subnet of this range with bigger netmask
Not found, look if there's a subnet of this range with bigger netmask
Not found, insert a new one
Not found, look if there's a subnet of this range with bigger netmask
Definition at line 1138 of file detect-engine-iponly.c.
References SCLogDebug.
◆ IPOnlyPrint()
| void IPOnlyPrint | ( | DetectEngineCtx * | de_ctx, |
| DetectEngineIPOnlyCtx * | io_ctx | ||
| ) |
Print stats of the IP Only engine.
- Parameters
-
de_ctx Pointer to the current detection engine io_ctx Pointer to the current ip only detection engine
Definition at line 941 of file detect-engine-iponly.c.
◆ IPOnlyRegisterTests()
| void IPOnlyRegisterTests | ( | void | ) |
Definition at line 2350 of file detect-engine-iponly.c.
References UtRegisterTest().
Referenced by SigRegisterTests().
◆ IPOnlySigParseAddress()
| int IPOnlySigParseAddress | ( | const DetectEngineCtx * | de_ctx, |
| Signature * | s, | ||
| const char * | addrstr, | ||
| char | flag | ||
| ) |
Parses an address group sent as a character string and updates the IPOnlyCIDRItem lists src and dst of the Signature *s.
- Parameters
-
s Pointer to the signature structure addrstr Pointer to the character string containing the address group that has to be parsed. flag to indicate if we are parsing the src string or the dst string
- Return values
-
0 On success. -1 On failure.
Definition at line 867 of file detect-engine-iponly.c.
References Signature_::flags, SCLogDebug, and SIG_FLAG_SRC_ANY.
◆ IPOnlyTrackSigNum()
| SigIntId IPOnlyTrackSigNum | ( | DetectEngineIPOnlyCtx * | , |
| SigIntId | |||
| ) |
Definition at line 927 of file detect-engine-iponly.c.
References DetectEngineIPOnlyCtx_::sig_mapping, DetectEngineIPOnlyCtx_::sig_mapping_size, and SigIntId.
Referenced by IPOnlyAddSignature().
