#include "suricata.h"
#include "suricata-common.h"
#include "app-layer-protos.h"
#include "decode.h"
#include "detect.h"
#include "detect-engine.h"
#include "detect-engine-siggroup.h"
#include "detect-engine-mpm.h"
#include "detect-engine-iponly.h"
#include "detect-parse.h"
#include "detect-engine-prefilter.h"
#include "util-mpm.h"
#include "util-memcmp.h"
#include "util-memcpy.h"
#include "conf.h"
#include "detect-fast-pattern.h"
#include "detect-tcphdr.h"
#include "detect-udphdr.h"
#include "flow.h"
#include "flow-var.h"
#include "detect-flow.h"
#include "detect-content.h"
#include "detect-engine-payload.h"
#include "stream.h"
#include "util-misc.h"
#include "util-enum.h"
#include "util-debug.h"
#include "util-print.h"
#include "util-validate.h"
#include "util-hash-string.h"

Include dependency graph for detect-engine-mpm.c:

Data Structures
struct	SidsArray

struct	DetectBufferInstance

Macros
#define	SGH_PROTO(sgh, p) ((sgh)->init->protos[(p)] == 1)

#define	SGH_DIRECTION_TS(sgh) ((sgh)->init->direction & SIG_FLAG_TOSERVER)

#define	SGH_DIRECTION_TC(sgh) ((sgh)->init->direction & SIG_FLAG_TOCLIENT)

Typedefs
typedef struct DetectBufferInstance	DetectBufferInstance

Functions
void	DetectAppLayerMpmRegister (const char *name, int direction, int priority, PrefilterRegisterFunc PrefilterRegister, InspectionBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress)
	register an app layer keyword for mpm More...

void	DetectAppLayerMpmRegisterSingle (const char *name, int direction, int priority, PrefilterRegisterFunc PrefilterRegister, InspectionSingleBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress)

void	DetectAppLayerMpmMultiRegister (const char *name, int direction, int priority, PrefilterRegisterFunc PrefilterRegister, InspectionMultiBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress)

void	DetectAppLayerMpmRegisterByParentId (DetectEngineCtx de_ctx, const int id, const int parent_id, DetectEngineTransforms transforms)
	copy a mpm engine from parent_id, add in transforms More...

void	DetectMpmInitializeAppMpms (DetectEngineCtx *de_ctx)

int	DetectMpmPrepareAppMpms (DetectEngineCtx *de_ctx)
	initialize mpm contexts for applayer buffers that are in "single or "shared" mode. More...

void	DetectFrameMpmRegister (const char name, int direction, int priority, int(PrefilterRegister)(DetectEngineCtx de_ctx, SigGroupHead sgh, MpmCtx mpm_ctx, const DetectBufferMpmRegistry mpm_reg, int list_id), AppProto alproto, uint8_t type)
	register a MPM engine More...

void	DetectFrameMpmRegisterByParentId (DetectEngineCtx de_ctx, const int id, const int parent_id, DetectEngineTransforms transforms)
	copy a mpm engine from parent_id, add in transforms More...

void	DetectEngineFrameMpmRegister (DetectEngineCtx de_ctx, const char name, int direction, int priority, int(PrefilterRegister)(DetectEngineCtx de_ctx, SigGroupHead sgh, MpmCtx mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id), AppProto alproto, uint8_t type)

void	DetectMpmInitializeFrameMpms (DetectEngineCtx *de_ctx)

int	DetectMpmPrepareFrameMpms (DetectEngineCtx *de_ctx)
	initialize mpm contexts for applayer buffers that are in "single or "shared" mode. More...

void	DetectPktMpmRegister (const char name, int priority, int(PrefilterRegister)(DetectEngineCtx de_ctx, SigGroupHead sgh, MpmCtx mpm_ctx, const DetectBufferMpmRegistry mpm_reg, int list_id), InspectionBufferGetPktDataPtr GetData)
	register a MPM engine More...

void	DetectPktMpmRegisterByParentId (DetectEngineCtx de_ctx, const int id, const int parent_id, DetectEngineTransforms transforms)
	copy a mpm engine from parent_id, add in transforms More...

void	DetectMpmInitializePktMpms (DetectEngineCtx *de_ctx)

int	DetectMpmPreparePktMpms (DetectEngineCtx *de_ctx)
	initialize mpm contexts for applayer buffers that are in "single or "shared" mode. More...

void	DetectMpmInitializeBuiltinMpms (DetectEngineCtx *de_ctx)

int	DetectMpmPrepareBuiltinMpms (DetectEngineCtx *de_ctx)
	initialize mpm contexts for builtin buffers that are in "single or "shared" mode. More...

int	SignatureHasPacketContent (const Signature *s)
	check if a signature has patterns that are to be inspected against a packets payload (as opposed to the stream payload) More...

int	SignatureHasStreamContent (const Signature *s)
	check if a signature has patterns that are to be inspected against the stream payload (as opposed to the individual packets payload(s)) More...

uint8_t	PatternMatchDefaultMatcher (void)
	Function to return the multi pattern matcher algorithm to be used by the engine, based on the mpm-algo setting in yaml Use the default mpm if none is specified in the yaml file. More...

void	PatternMatchDestroy (MpmCtx *mpm_ctx, uint16_t mpm_matcher)

void	PatternMatchThreadDestroy (MpmThreadCtx *mpm_thread_ctx, uint16_t mpm_matcher)

void	PatternMatchThreadPrepare (MpmThreadCtx *mpm_thread_ctx, uint16_t mpm_matcher)

uint32_t	PatternStrength (uint8_t *pat, uint16_t patlen)
	Predict a strength value for patterns. More...

bool	DetectBufferToClient (const DetectEngineCtx *de_ctx, int buf_id, AppProto alproto)

void	RetrieveFPForSig (const DetectEngineCtx de_ctx, Signature s)

int	MpmStoreInit (DetectEngineCtx *de_ctx)
	Initializes the MpmStore mpm hash table to be used by the detection engine context. More...

void	MpmStoreReportStats (const DetectEngineCtx *de_ctx)

void	MpmStoreFree (DetectEngineCtx *de_ctx)
	Frees the hash table - DetectEngineCtx->mpm_hash_table, allocated by MpmStoreInit() function. More...

MpmStore *	MpmStorePrepareBuffer (DetectEngineCtx de_ctx, SigGroupHead sgh, enum MpmBuiltinBuffers buf)
	Get MpmStore for a built-in buffer type. More...

int	PatternMatchPrepareGroup (DetectEngineCtx de_ctx, SigGroupHead sh)
	Prepare the pattern matcher ctx in a sig group head. More...

int	DetectSetFastPatternAndItsId (DetectEngineCtx *de_ctx)
	Figure out the FP and their respective content ids for all the sigs in the engine. More...

void	EngineAnalysisAddAllRulePatterns (DetectEngineCtx de_ctx, const Signature s)
	add all patterns on our stats hash Used to fill the hash later used by DumpPatterns() More...

Variables
const char *	builtin_mpms []

int	g_skip_prefilter = 0

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t; Anoop Saldanha anoop.nosp@m.sald.nosp@m.anha@.nosp@m.gmai.nosp@m.l.com

Multi pattern matcher

Definition in file detect-engine-mpm.c.

Macro Definition Documentation

◆ SGH_DIRECTION_TC

#define SGH_DIRECTION_TC ( sgh ) ((sgh)->init->direction & SIG_FLAG_TOCLIENT)

Definition at line 1006 of file detect-engine-mpm.c.

◆ SGH_DIRECTION_TS

#define SGH_DIRECTION_TS ( sgh ) ((sgh)->init->direction & SIG_FLAG_TOSERVER)

Definition at line 1005 of file detect-engine-mpm.c.

◆ SGH_PROTO

#define SGH_PROTO	(	sgh,
		p
	)	((sgh)->init->protos[(p)] == 1)

Definition at line 1004 of file detect-engine-mpm.c.

Typedef Documentation

◆ DetectBufferInstance

typedef struct DetectBufferInstance DetectBufferInstance

Function Documentation

◆ DetectAppLayerMpmMultiRegister()

void DetectAppLayerMpmMultiRegister	(	const char *	name,
		int	direction,
		int	priority,
		PrefilterRegisterFunc	PrefilterRegister,
		InspectionMultiBufferGetDataPtr	GetData,
		AppProto	alproto,
		int	tx_min_progress
	)

Definition at line 168 of file detect-engine-mpm.c.

◆ DetectAppLayerMpmRegister()

void DetectAppLayerMpmRegister	(	const char *	name,
		int	direction,
		int	priority,
		PrefilterRegisterFunc	PrefilterRegister,
		InspectionBufferGetDataPtr	GetData,
		AppProto	alproto,
		int	tx_min_progress
	)

register an app layer keyword for mpm

Parameters

name	buffer name
direction	SIG_FLAG_TOSERVER or SIG_FLAG_TOCLIENT
priority	mpm keyword priority
PrefilterRegister	Prefilter api registration function
GetData	callback to setup a InspectBuffer. May be NULL.
alproto	AppProto this MPM engine inspects
tx_min_progress	min tx progress needed to invoke this engine.

Note: direction must be set to either toserver or toclient. If both are needed, register the keyword twice.

Definition at line 152 of file detect-engine-mpm.c.

Referenced by DetectFileRegisterFileProtocols().

Here is the caller graph for this function:

◆ DetectAppLayerMpmRegisterByParentId()

void DetectAppLayerMpmRegisterByParentId	(	DetectEngineCtx *	de_ctx,
		const int	id,
		const int	parent_id,
		DetectEngineTransforms *	transforms
	)

copy a mpm engine from parent_id, add in transforms

Definition at line 177 of file detect-engine-mpm.c.

Here is the call graph for this function:

◆ DetectAppLayerMpmRegisterSingle()

void DetectAppLayerMpmRegisterSingle	(	const char *	name,
		int	direction,
		int	priority,
		PrefilterRegisterFunc	PrefilterRegister,
		InspectionSingleBufferGetDataPtr	GetData,
		AppProto	alproto,
		int	tx_min_progress
	)

Definition at line 160 of file detect-engine-mpm.c.

◆ DetectBufferToClient()

bool DetectBufferToClient	(	const DetectEngineCtx *	de_ctx,
		int	buf_id,
		AppProto	alproto
	)

Definition at line 1074 of file detect-engine-mpm.c.

References DetectEngineCtx_::app_inspect_engines, de_ctx, DetectEngineAppInspectionEngine_::next, and DetectEngineAppInspectionEngine_::sm_list.

◆ DetectEngineFrameMpmRegister()

void DetectEngineFrameMpmRegister	(	DetectEngineCtx *	de_ctx,
		const char *	name,
		int	direction,
		int	priority,
		int()(DetectEngineCtx de_ctx, SigGroupHead sgh, MpmCtx mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)	PrefilterRegister,
		AppProto	alproto,
		uint8_t	type
	)

Definition at line 407 of file detect-engine-mpm.c.

Here is the call graph for this function:

◆ DetectFrameMpmRegister()

void DetectFrameMpmRegister	(	const char *	name,
		int	direction,
		int	priority,
		int()(DetectEngineCtx de_ctx, SigGroupHead sgh, MpmCtx mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)	PrefilterRegister,
		AppProto	alproto,
		uint8_t	type
	)

register a MPM engine

Note: to be used at start up / registration only. Errors are fatal.

Definition at line 320 of file detect-engine-mpm.c.

Here is the call graph for this function:

◆ DetectFrameMpmRegisterByParentId()

void DetectFrameMpmRegisterByParentId	(	DetectEngineCtx *	de_ctx,
		const int	id,
		const int	parent_id,
		DetectEngineTransforms *	transforms
	)

copy a mpm engine from parent_id, add in transforms

Definition at line 368 of file detect-engine-mpm.c.

Here is the call graph for this function:

◆ DetectMpmInitializeAppMpms()

void DetectMpmInitializeAppMpms ( DetectEngineCtx * de_ctx )

Definition at line 245 of file detect-engine-mpm.c.

◆ DetectMpmInitializeBuiltinMpms()

void DetectMpmInitializeBuiltinMpms ( DetectEngineCtx * de_ctx )

Definition at line 733 of file detect-engine-mpm.c.

References de_ctx, and DetectEngineCtx_::sgh_mpm_context_proto_tcp_packet.

◆ DetectMpmInitializeFrameMpms()

void DetectMpmInitializeFrameMpms ( DetectEngineCtx * de_ctx )

Definition at line 470 of file detect-engine-mpm.c.

◆ DetectMpmInitializePktMpms()

void DetectMpmInitializePktMpms ( DetectEngineCtx * de_ctx )

Definition at line 635 of file detect-engine-mpm.c.

◆ DetectMpmPrepareAppMpms()

int DetectMpmPrepareAppMpms ( DetectEngineCtx * de_ctx )

initialize mpm contexts for applayer buffers that are in "single or "shared" mode.

Definition at line 295 of file detect-engine-mpm.c.

References DetectEngineCtx_::app_mpms_list, de_ctx, DetectBufferMpmRegistry_::direction, DetectEngineCtx_::mpm_cfg, MPM_CTX_FACTORY_UNIQUE_CONTEXT, DetectEngineCtx_::mpm_matcher, mpm_table, MpmFactoryGetMpmCtxForProfile(), DetectBufferMpmRegistry_::next, MpmTableElmt_::Prepare, DetectBufferMpmRegistry_::sgh_mpm_context, and SIG_FLAG_TOSERVER.

Here is the call graph for this function:

◆ DetectMpmPrepareBuiltinMpms()

int DetectMpmPrepareBuiltinMpms ( DetectEngineCtx * de_ctx )

initialize mpm contexts for builtin buffers that are in "single or "shared" mode.

Definition at line 746 of file detect-engine-mpm.c.

References de_ctx, DetectEngineCtx_::mpm_cfg, MPM_CTX_FACTORY_UNIQUE_CONTEXT, DetectEngineCtx_::mpm_matcher, mpm_table, MpmFactoryGetMpmCtxForProfile(), MpmTableElmt_::Prepare, DetectEngineCtx_::sgh_mpm_context_proto_other_packet, DetectEngineCtx_::sgh_mpm_context_proto_tcp_packet, DetectEngineCtx_::sgh_mpm_context_proto_udp_packet, and DetectEngineCtx_::sgh_mpm_context_stream.

Here is the call graph for this function:

◆ DetectMpmPrepareFrameMpms()

int DetectMpmPrepareFrameMpms ( DetectEngineCtx * de_ctx )

initialize mpm contexts for applayer buffers that are in "single or "shared" mode.

Definition at line 522 of file detect-engine-mpm.c.

References de_ctx, DetectBufferMpmRegistry_::direction, DetectEngineCtx_::frame_mpms_list, DetectEngineCtx_::mpm_cfg, MPM_CTX_FACTORY_UNIQUE_CONTEXT, DetectEngineCtx_::mpm_matcher, mpm_table, MpmFactoryGetMpmCtxForProfile(), DetectBufferMpmRegistry_::name, DetectBufferMpmRegistry_::next, MpmTableElmt_::Prepare, SCLogDebug, DetectBufferMpmRegistry_::sgh_mpm_context, and SIG_FLAG_TOSERVER.

Here is the call graph for this function:

◆ DetectMpmPreparePktMpms()

int DetectMpmPreparePktMpms ( DetectEngineCtx * de_ctx )

initialize mpm contexts for applayer buffers that are in "single or "shared" mode.

Definition at line 687 of file detect-engine-mpm.c.

References de_ctx, DetectEngineCtx_::mpm_cfg, MPM_CTX_FACTORY_UNIQUE_CONTEXT, DetectEngineCtx_::mpm_matcher, mpm_table, MpmFactoryGetMpmCtxForProfile(), DetectBufferMpmRegistry_::name, DetectBufferMpmRegistry_::next, DetectEngineCtx_::pkt_mpms_list, MpmTableElmt_::Prepare, SCLogDebug, and DetectBufferMpmRegistry_::sgh_mpm_context.

Here is the call graph for this function:

◆ DetectPktMpmRegister()

void DetectPktMpmRegister	(	const char *	name,
		int	priority,
		int()(DetectEngineCtx de_ctx, SigGroupHead sgh, MpmCtx mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)	PrefilterRegister,
		InspectionBufferGetPktDataPtr	GetData
	)

register a MPM engine

Note: to be used at start up / registration only. Errors are fatal.

Definition at line 550 of file detect-engine-mpm.c.

◆ DetectPktMpmRegisterByParentId()

void DetectPktMpmRegisterByParentId	(	DetectEngineCtx *	de_ctx,
		const int	id,
		const int	parent_id,
		DetectEngineTransforms *	transforms
	)

copy a mpm engine from parent_id, add in transforms

Definition at line 597 of file detect-engine-mpm.c.

Here is the call graph for this function:

◆ DetectSetFastPatternAndItsId()

int DetectSetFastPatternAndItsId ( DetectEngineCtx * de_ctx )

Figure out the FP and their respective content ids for all the sigs in the engine.

Parameters

de_ctx Detection engine context.

Return values

0	On success.
-1	On failure.

Definition at line 2459 of file detect-engine-mpm.c.

References cnt, de_ctx, HashListTableInit(), Signature_::init_data, SignatureInitData_::mpm_sm, Signature_::next, and DetectEngineCtx_::sig_list.

Referenced by SigGroupBuild().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ EngineAnalysisAddAllRulePatterns()

void EngineAnalysisAddAllRulePatterns	(	DetectEngineCtx *	de_ctx,
		const Signature *	s
	)

add all patterns on our stats hash Used to fill the hash later used by DumpPatterns()

Note: sets up the hash table on first call

Definition at line 2516 of file detect-engine-mpm.c.

References de_ctx, HashListTableInit(), and DetectEngineCtx_::pattern_hash_table.

Here is the call graph for this function:

◆ MpmStoreFree()

void MpmStoreFree ( DetectEngineCtx * de_ctx )

Frees the hash table - DetectEngineCtx->mpm_hash_table, allocated by MpmStoreInit() function.

Parameters

de_ctx Pointer to the detection engine context.

Definition at line 1569 of file detect-engine-mpm.c.

References de_ctx, HashListTableFree(), and DetectEngineCtx_::mpm_hash_table.

Referenced by DetectEngineCtxFree().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ MpmStoreInit()

int MpmStoreInit ( DetectEngineCtx * de_ctx )

Initializes the MpmStore mpm hash table to be used by the detection engine context.

Parameters

de_ctx Pointer to the detection engine context.

Return values

0	On success.
-1	On failure.

Definition at line 1406 of file detect-engine-mpm.c.

References de_ctx, HashListTableInit(), and DetectEngineCtx_::mpm_hash_table.

Here is the call graph for this function:

◆ MpmStorePrepareBuffer()

MpmStore* MpmStorePrepareBuffer	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	sgh,
		enum MpmBuiltinBuffers	buf
	)

Get MpmStore for a built-in buffer type.

Definition at line 1677 of file detect-engine-mpm.c.

References BUG_ON, cnt, de_ctx, DETECT_SM_LIST_PMATCH, DetectEngineGetMaxSigId, SigGroupHead_::init, Signature_::init_data, SigGroupHeadInitData_::match_array, SignatureInitData_::mpm_sm, MPMB_MAX, MPMB_OTHERIP, MPMB_TCP_PKT_TC, MPMB_TCP_PKT_TS, MPMB_TCP_STREAM_TC, MPMB_TCP_STREAM_TS, MPMB_UDP_TC, MPMB_UDP_TS, DetectEngineCtx_::sgh_mpm_context_proto_other_packet, DetectEngineCtx_::sgh_mpm_context_proto_tcp_packet, DetectEngineCtx_::sgh_mpm_context_proto_udp_packet, DetectEngineCtx_::sgh_mpm_context_stream, SigGroupHeadInitData_::sig_cnt, SIG_FLAG_TOCLIENT, and SIG_FLAG_TOSERVER.

Referenced by PatternMatchPrepareGroup().

Here is the caller graph for this function:

◆ MpmStoreReportStats()

void MpmStoreReportStats ( const DetectEngineCtx * de_ctx )

Definition at line 1472 of file detect-engine-mpm.c.

References MpmStore_::buffer, DetectEngineCtx_::buffer_type_id, de_ctx, DETECT_SM_LIST_PMATCH, HashListTableGetListData, HashListTableGetListHead(), HashListTableGetListNext, MpmStore_::mpm_ctx, DetectEngineCtx_::mpm_hash_table, MPMB_MAX, and MpmStore_::sm_list.

Referenced by SigPrepareStage4().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ PatternMatchDefaultMatcher()

uint8_t PatternMatchDefaultMatcher ( void )

Function to return the multi pattern matcher algorithm to be used by the engine, based on the mpm-algo setting in yaml Use the default mpm if none is specified in the yaml file.

Return values

mpm	algo value

Definition at line 861 of file detect-engine-mpm.c.

References FatalError, mpm_default_matcher, mpm_table, MPM_TABLE_SIZE, name, SCConfGet(), and SCLogWarning.

Here is the call graph for this function:

◆ PatternMatchDestroy()

void PatternMatchDestroy	(	MpmCtx *	mpm_ctx,
		uint16_t	mpm_matcher
	)

Definition at line 907 of file detect-engine-mpm.c.

References MpmTableElmt_::DestroyCtx, mpm_table, and SCLogDebug.

◆ PatternMatchPrepareGroup()

int PatternMatchPrepareGroup	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	sh
	)

Prepare the pattern matcher ctx in a sig group head.

Definition at line 2268 of file detect-engine-mpm.c.

References de_ctx, MpmStore_::mpm_ctx, MPMB_TCP_PKT_TS, MPMB_TCP_STREAM_TS, MpmStorePrepareBuffer(), PrefilterPktPayloadRegister(), PrefilterPktStreamRegister(), SGH_DIRECTION_TS, and SGH_PROTO.

Referenced by PrefilterSetupRuleGroup().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ PatternMatchThreadDestroy()

void PatternMatchThreadDestroy	(	MpmThreadCtx *	mpm_thread_ctx,
		uint16_t	mpm_matcher
	)

Definition at line 913 of file detect-engine-mpm.c.

References MpmDestroyThreadCtx(), and SCLogDebug.

Here is the call graph for this function:

◆ PatternMatchThreadPrepare()

void PatternMatchThreadPrepare	(	MpmThreadCtx *	mpm_thread_ctx,
		uint16_t	mpm_matcher
	)

Definition at line 918 of file detect-engine-mpm.c.

References MpmInitThreadCtx(), and SCLogDebug.

Here is the call graph for this function:

◆ PatternStrength()

uint32_t PatternStrength	(	uint8_t *	pat,
		uint16_t	patlen
	)

Predict a strength value for patterns.

Patterns with high character diversity score higher. Alpha chars score not so high Other printable + a few common codes a little higher Everything else highest. Longer patterns score better than short patters.

Parameters

pat	pattern
patlen	length of the pattern

Return values

s	pattern score

Definition at line 937 of file detect-engine-mpm.c.

◆ RetrieveFPForSig()

void RetrieveFPForSig	(	const DetectEngineCtx *	de_ctx,
		Signature *	s
	)

Definition at line 1093 of file detect-engine-mpm.c.

References de_ctx, DETECT_CONTENT, DETECT_CONTENT_FAST_PATTERN, DETECT_SM_LIST_PMATCH, FastPatternSupportEnabledForSigMatchList(), DetectContentData_::flags, g_skip_prefilter, Signature_::init_data, SignatureInitData_::max_content_list_id, SignatureInitData_::mpm_sm, SigMatch_::next, and SignatureInitData_::smlists.

Here is the call graph for this function:

◆ SignatureHasPacketContent()

int SignatureHasPacketContent ( const Signature * s )

check if a signature has patterns that are to be inspected against a packets payload (as opposed to the stream payload)

Parameters

s signature

Return values

1	true
0	false

Definition at line 803 of file detect-engine-mpm.c.

References DETECT_SM_LIST_PMATCH, Signature_::flags, Signature_::init_data, DetectProto_::proto, Signature_::proto, SCEnter, SCLogDebug, SCReturnInt, SIG_FLAG_REQUIRE_PACKET, and SignatureInitData_::smlists.

◆ SignatureHasStreamContent()

int SignatureHasStreamContent ( const Signature * s )

check if a signature has patterns that are to be inspected against the stream payload (as opposed to the individual packets payload(s))

Parameters

s signature

Return values

1	true
0	false

Definition at line 833 of file detect-engine-mpm.c.

References DETECT_SM_LIST_PMATCH, Signature_::flags, Signature_::init_data, DetectProto_::proto, Signature_::proto, SCEnter, SCLogDebug, SCReturnInt, SIG_FLAG_REQUIRE_STREAM, and SignatureInitData_::smlists.

Variable Documentation

◆ builtin_mpms

const char* builtin_mpms[]

Initial value:

= {
    "toserver TCP packet",
    "toclient TCP packet",
    "toserver TCP stream",
    "toclient TCP stream",
    "toserver UDP packet",
    "toclient UDP packet",
    "other IP packet",
 
    NULL }

Definition at line 66 of file detect-engine-mpm.c.

◆ g_skip_prefilter

int g_skip_prefilter = 0

Definition at line 1071 of file detect-engine-mpm.c.

Referenced by RetrieveFPForSig(), and SCParseCommandLine().

Data Structures

Macros

Typedefs

Functions

Variables

Detailed Description

Macro Definition Documentation

◆ SGH_DIRECTION_TC

◆ SGH_DIRECTION_TS

◆ SGH_PROTO

Typedef Documentation

◆ DetectBufferInstance

Function Documentation

◆ DetectAppLayerMpmMultiRegister()

◆ DetectAppLayerMpmRegister()

◆ DetectAppLayerMpmRegisterByParentId()

◆ DetectAppLayerMpmRegisterSingle()

◆ DetectBufferToClient()

◆ DetectEngineFrameMpmRegister()

◆ DetectFrameMpmRegister()

◆ DetectFrameMpmRegisterByParentId()

◆ DetectMpmInitializeAppMpms()

◆ DetectMpmInitializeBuiltinMpms()

◆ DetectMpmInitializeFrameMpms()

◆ DetectMpmInitializePktMpms()

◆ DetectMpmPrepareAppMpms()

◆ DetectMpmPrepareBuiltinMpms()

◆ DetectMpmPrepareFrameMpms()

◆ DetectMpmPreparePktMpms()

◆ DetectPktMpmRegister()

◆ DetectPktMpmRegisterByParentId()

◆ DetectSetFastPatternAndItsId()

◆ EngineAnalysisAddAllRulePatterns()

◆ MpmStoreFree()

◆ MpmStoreInit()

◆ MpmStorePrepareBuffer()

◆ MpmStoreReportStats()

◆ PatternMatchDefaultMatcher()

◆ PatternMatchDestroy()

◆ PatternMatchPrepareGroup()

◆ PatternMatchThreadDestroy()

◆ PatternMatchThreadPrepare()

◆ PatternStrength()

◆ RetrieveFPForSig()

◆ SignatureHasPacketContent()

◆ SignatureHasStreamContent()

Variable Documentation

◆ builtin_mpms

◆ g_skip_prefilter