Go to the source code of this file.
Functions | |
| void | IPOnlyCIDRListFree (IPOnlyCIDRItem *tmphead) |
| This function free a IPOnlyCIDRItem list. More... | |
| int | IPOnlySigParseAddress (const DetectEngineCtx *, Signature *, const char *, char) |
| Parses an address group sent as a character string and updates the IPOnlyCIDRItem lists src and dst of the Signature *s. More... | |
| void | IPOnlyMatchPacket (ThreadVars *tv, const DetectEngineCtx *, DetectEngineThreadCtx *, const DetectEngineIPOnlyCtx *, Packet *) |
| Match a packet against the IP Only detection engine contexts. More... | |
| void | IPOnlyInit (DetectEngineCtx *, DetectEngineIPOnlyCtx *) |
| Setup the IP Only detection engine context. More... | |
| void | IPOnlyPrint (DetectEngineCtx *, DetectEngineIPOnlyCtx *) |
| Print stats of the IP Only engine. More... | |
| void | IPOnlyDeinit (DetectEngineCtx *, DetectEngineIPOnlyCtx *) |
| Deinitialize the IP Only detection engine context. More... | |
| void | IPOnlyPrepare (DetectEngineCtx *) |
| Build the radix trees from the lists of parsed addresses in CIDR format the result should be 4 radix trees: src/dst ipv4 and src/dst ipv6 holding SigNumArrays, each of them with a hierarchical relation of subnets and hosts. More... | |
| SigIntId | IPOnlyTrackSigNum (DetectEngineIPOnlyCtx *, SigIntId) |
| void | IPOnlyAddSignature (DetectEngineCtx *, DetectEngineIPOnlyCtx *, Signature *) |
| Add a signature to the lists of Addresses in CIDR format (sorted) this step is necessary to build the radix tree with a hierarchical relation between nodes. More... | |
| void | IPOnlyRegisterTests (void) |
Detailed Description
Definition in file detect-engine-iponly.h.
Function Documentation
◆ IPOnlyAddSignature()
| void IPOnlyAddSignature | ( | DetectEngineCtx * | de_ctx, |
| DetectEngineIPOnlyCtx * | io_ctx, | ||
| Signature * | s | ||
| ) |
Add a signature to the lists of Addresses in CIDR format (sorted) this step is necessary to build the radix tree with a hierarchical relation between nodes.
- Parameters
-
de_ctx Pointer to the current detection engine context de_ctx Pointer to the current ip only detection engine contest s Pointer to the current signature
ipv4 and ipv6 are mixed, but later we will separate them into different trees
no longer ref to this, it's in the table now
Definition at line 1524 of file detect-engine-iponly.c.
References Signature_::flags, Signature_::id, IPOnlyTrackSigNum(), Signature_::msg, Signature_::num, SCLogDebug, SIG_FLAG_IPONLY, and SigIntId.
◆ IPOnlyCIDRListFree()
| void IPOnlyCIDRListFree | ( | IPOnlyCIDRItem * | tmphead | ) |
This function free a IPOnlyCIDRItem list.
- Parameters
-
tmphead Pointer to the list
Definition at line 447 of file detect-engine-iponly.c.
References next, HtpBodyChunk_::next, IPOnlyCIDRItem_::next, SCEnter, SCFree, SCLogDebug, and SCReturn.
Referenced by SigFree().
◆ IPOnlyDeinit()
| void IPOnlyDeinit | ( | DetectEngineCtx * | de_ctx, |
| DetectEngineIPOnlyCtx * | io_ctx | ||
| ) |
Deinitialize the IP Only detection engine context.
- Parameters
-
de_ctx Pointer to the current detection engine io_ctx Pointer to the current ip only detection engine
Definition at line 915 of file detect-engine-iponly.c.
References SCFree, SCRadixReleaseRadixTree(), DetectEngineIPOnlyCtx_::sig_mapping, DetectEngineIPOnlyCtx_::tree_ipv4dst, DetectEngineIPOnlyCtx_::tree_ipv4src, DetectEngineIPOnlyCtx_::tree_ipv6dst, and DetectEngineIPOnlyCtx_::tree_ipv6src.
Referenced by SigAddressCleanupStage1().
◆ IPOnlyInit()
| void IPOnlyInit | ( | DetectEngineCtx * | de_ctx, |
| DetectEngineIPOnlyCtx * | io_ctx | ||
| ) |
Setup the IP Only detection engine context.
- Parameters
-
de_ctx Pointer to the current detection engine io_ctx Pointer to the current ip only detection engine
Definition at line 876 of file detect-engine-iponly.c.
References SCRadixCreateRadixTree(), and DetectEngineIPOnlyCtx_::tree_ipv4src.
Referenced by SigAddressPrepareStage2().
◆ IPOnlyMatchPacket()
| void IPOnlyMatchPacket | ( | ThreadVars * | tv, |
| const DetectEngineCtx * | de_ctx, | ||
| DetectEngineThreadCtx * | det_ctx, | ||
| const DetectEngineIPOnlyCtx * | io_ctx, | ||
| Packet * | p | ||
| ) |
Match a packet against the IP Only detection engine contexts.
- Parameters
-
de_ctx Pointer to the current detection engine io_ctx Pointer to the current ip only detection engine io_ctx Pointer to the current ip only thread detection engine p Pointer to the Packet to match against
Definition at line 975 of file detect-engine-iponly.c.
References de_ctx, DETECT_PROTO_IPV4, DETECT_PROTO_IPV6, DetectPortLookupGroup(), DetectProtoContainsProto(), Packet_::dp, Signature_::dp, dst, Packet_::dst, Address_::family, DetectProto_::flags, Packet_::flags, Signature_::flags, GET_IPV4_DST_ADDR_U32, GET_IPV4_SRC_ADDR_U32, GET_IPV6_DST_ADDR, GET_IPV6_SRC_ADDR, IP_GET_IPPROTO, IPPROTO_SCTP, PKT_IS_FRAGMENT, PKT_IS_IPV4, PKT_IS_IPV6, Packet_::proto, Signature_::proto, SCEnter, SCLogDebug, SCRadixFindKeyIPV4BestMatch(), SCRadixFindKeyIPV6BestMatch(), SCReturn, DetectEngineCtx_::sig_array, SIG_FLAG_DP_ANY, SIG_FLAG_SP_ANY, DetectEngineIPOnlyCtx_::sig_mapping, Packet_::sp, Signature_::sp, src, Packet_::src, DetectEngineIPOnlyCtx_::tree_ipv4dst, DetectEngineIPOnlyCtx_::tree_ipv4src, DetectEngineIPOnlyCtx_::tree_ipv6dst, and DetectEngineIPOnlyCtx_::tree_ipv6src.
◆ IPOnlyPrepare()
| void IPOnlyPrepare | ( | DetectEngineCtx * | de_ctx | ) |
Build the radix trees from the lists of parsed addresses in CIDR format the result should be 4 radix trees: src/dst ipv4 and src/dst ipv6 holding SigNumArrays, each of them with a hierarchical relation of subnets and hosts.
- Parameters
-
de_ctx Pointer to the current detection engine
Not found, look if there's a subnet of this range with bigger netmask
Not found, look if there's a subnet of this range with bigger netmask
Not found, insert a new one
Update the sig
Unset it
Set it
Not found, look if there's a subnet of this range with bigger netmask
Definition at line 1104 of file detect-engine-iponly.c.
References de_ctx, dst, DetectEngineCtx_::io_ctx, SCLogDebug, SCRadixFindKeyIPV4BestMatch(), SCRadixFindKeyIPV4ExactMatch(), SCRadixFindKeyIPV4Netblock(), and src.
◆ IPOnlyPrint()
| void IPOnlyPrint | ( | DetectEngineCtx * | de_ctx, |
| DetectEngineIPOnlyCtx * | io_ctx | ||
| ) |
Print stats of the IP Only engine.
- Parameters
-
de_ctx Pointer to the current detection engine io_ctx Pointer to the current ip only detection engine
Definition at line 904 of file detect-engine-iponly.c.
◆ IPOnlyRegisterTests()
| void IPOnlyRegisterTests | ( | void | ) |
Definition at line 2404 of file detect-engine-iponly.c.
References UtRegisterTest().
Referenced by SigRegisterTests().
◆ IPOnlySigParseAddress()
| int IPOnlySigParseAddress | ( | const DetectEngineCtx * | de_ctx, |
| Signature * | s, | ||
| const char * | addrstr, | ||
| char | flag | ||
| ) |
Parses an address group sent as a character string and updates the IPOnlyCIDRItem lists src and dst of the Signature *s.
- Parameters
-
s Pointer to the signature structure addrstr Pointer to the character string containing the address group that has to be parsed. flag to indicate if we are parsing the src string or the dst string
- Return values
-
0 On success. -1 On failure.
Definition at line 833 of file detect-engine-iponly.c.
References Signature_::flags, SCLogDebug, and SIG_FLAG_SRC_ANY.
◆ IPOnlyTrackSigNum()
| SigIntId IPOnlyTrackSigNum | ( | DetectEngineIPOnlyCtx * | , |
| SigIntId | |||
| ) |
Definition at line 890 of file detect-engine-iponly.c.
References DetectEngineIPOnlyCtx_::sig_mapping, DetectEngineIPOnlyCtx_::sig_mapping_size, and SigIntId.
Referenced by IPOnlyAddSignature().
