#include "suricata.h"
#include "suricata-common.h"
#include "app-layer-protos.h"
#include "decode.h"
#include "detect.h"
#include "detect-engine.h"
#include "detect-engine-siggroup.h"
#include "detect-engine-mpm.h"
#include "detect-engine-iponly.h"
#include "detect-parse.h"
#include "detect-engine-prefilter.h"
#include "util-mpm.h"
#include "util-memcmp.h"
#include "util-memcpy.h"
#include "conf.h"
#include "detect-fast-pattern.h"
#include "flow.h"
#include "flow-var.h"
#include "detect-flow.h"
#include "detect-content.h"
#include "detect-engine-payload.h"
#include "detect-engine-dns.h"
#include "stream.h"
#include "util-enum.h"
#include "util-debug.h"
#include "util-print.h"
#include "util-validate.h"

Include dependency graph for detect-engine-mpm.c:

Data Structures
struct	DetectFPAndItsId_

Macros
#define	SGH_PROTO(sgh, p) ((sgh)->init->protos[(p)] == 1)

#define	SGH_DIRECTION_TS(sgh) ((sgh)->init->direction & SIG_FLAG_TOSERVER)

#define	SGH_DIRECTION_TC(sgh) ((sgh)->init->direction & SIG_FLAG_TOCLIENT)

Typedefs
typedef struct DetectFPAndItsId_	DetectFPAndItsId

Functions
void	DetectAppLayerMpmRegister2 (const char name, int direction, int priority, int(PrefilterRegister)(DetectEngineCtx de_ctx, SigGroupHead sgh, MpmCtx mpm_ctx, const DetectMpmAppLayerRegistery mpm_reg, int list_id), InspectionBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress)
	register a MPM engine More...

void	DetectAppLayerMpmRegister (const char name, int direction, int priority, int(PrefilterRegister)(DetectEngineCtx de_ctx, SigGroupHead sgh, MpmCtx *mpm_ctx))
	register an app layer keyword for mpm More...

void	DetectAppLayerMpmRegisterByParentId (DetectEngineCtx de_ctx, const int id, const int parent_id, DetectEngineTransforms transforms)
	copy a mpm engine from parent_id, add in transforms More...

void	DetectMpmInitializeAppMpms (DetectEngineCtx *de_ctx)

void	DetectMpmSetupAppMpms (DetectEngineCtx *de_ctx)

int	DetectMpmPrepareAppMpms (DetectEngineCtx *de_ctx)
	initialize mpm contexts for applayer buffers that are in "single or "shared" mode. More...

void	DetectMpmInitializeBuiltinMpms (DetectEngineCtx *de_ctx)

int	DetectMpmPrepareBuiltinMpms (DetectEngineCtx *de_ctx)
	initialize mpm contexts for builtin buffers that are in "single or "shared" mode. More...

int	SignatureHasPacketContent (const Signature *s)
	check if a signature has patterns that are to be inspected against a packets payload (as opposed to the stream payload) More...

int	SignatureHasStreamContent (const Signature *s)
	check if a signature has patterns that are to be inspected against the stream payload (as opposed to the individual packets payload(s)) More...

uint16_t	PatternMatchDefaultMatcher (void)
	Function to return the multi pattern matcher algorithm to be used by the engine, based on the mpm-algo setting in yaml Use the default mpm if none is specified in the yaml file. More...

void	PacketPatternCleanup (DetectEngineThreadCtx *det_ctx)
	cleans up the mpm instance after a match More...

void	PatternMatchDestroy (MpmCtx *mpm_ctx, uint16_t mpm_matcher)

void	PatternMatchThreadPrint (MpmThreadCtx *mpm_thread_ctx, uint16_t mpm_matcher)

void	PatternMatchThreadDestroy (MpmThreadCtx *mpm_thread_ctx, uint16_t mpm_matcher)

void	PatternMatchThreadPrepare (MpmThreadCtx *mpm_thread_ctx, uint16_t mpm_matcher)

uint32_t	PatternStrength (uint8_t *pat, uint16_t patlen)
	Predict a strength value for patterns. More...

void	RetrieveFPForSig (const DetectEngineCtx de_ctx, Signature s)

int	MpmStoreInit (DetectEngineCtx *de_ctx)
	Initializes the MpmStore mpm hash table to be used by the detection engine context. More...

void	MpmStoreReportStats (const DetectEngineCtx *de_ctx)

void	MpmStoreFree (DetectEngineCtx *de_ctx)
	Frees the hash table - DetectEngineCtx->mpm_hash_table, allocated by MpmStoreInit() function. More...

MpmStore *	MpmStorePrepareBuffer (DetectEngineCtx de_ctx, SigGroupHead sgh, enum MpmBuiltinBuffers buf)
	Get MpmStore for a built-in buffer type. More...

int	PatternMatchPrepareGroup (DetectEngineCtx de_ctx, SigGroupHead sh)
	Prepare the pattern matcher ctx in a sig group head. More...

int	DetectSetFastPatternAndItsId (DetectEngineCtx *de_ctx)
	Figured out the FP and their respective content ids for all the sigs in the engine. More...

Variables
const char *	builtin_mpms []

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t; Anoop Saldanha anoop.nosp@m.sald.nosp@m.anha@.nosp@m.gmai.nosp@m.l.com

Multi pattern matcher

Definition in file detect-engine-mpm.c.

Macro Definition Documentation

#define SGH_DIRECTION_TC ( sgh ) ((sgh)->init->direction & SIG_FLAG_TOCLIENT)

Definition at line 627 of file detect-engine-mpm.c.

Referenced by PatternMatchPrepareGroup().

#define SGH_DIRECTION_TS ( sgh ) ((sgh)->init->direction & SIG_FLAG_TOSERVER)

Definition at line 626 of file detect-engine-mpm.c.

Referenced by PatternMatchPrepareGroup().

#define SGH_PROTO	(	sgh,
		p
	)	((sgh)->init->protos[(p)] == 1)

Definition at line 625 of file detect-engine-mpm.c.

Referenced by PatternMatchPrepareGroup().

Typedef Documentation

typedef struct DetectFPAndItsId_ DetectFPAndItsId

Function Documentation

void DetectAppLayerMpmRegister	(	const char *	name,
		int	direction,
		int	priority,
		int()(DetectEngineCtx de_ctx, SigGroupHead sgh, MpmCtx mpm_ctx)	PrefilterRegister
	)

register an app layer keyword for mpm

Parameters

name	keyword name
direction	SIG_FLAG_TOSERVER or SIG_FLAG_TOCLIENT
PrefilterRegister	Prefilter api registration function

Note: direction must be set to either toserver or toclient. If both are needed, register the keyword twice.

Definition at line 138 of file detect-engine-mpm.c.

References BUG_ON, DetectBufferTypeGetByName(), DetectBufferTypeSupportsMpm(), DetectMpmAppLayerRegistery_::direction, DetectMpmAppLayerRegistery_::id, DetectMpmAppLayerRegistery_::name, DetectMpmAppLayerRegistery_::next, DetectMpmAppLayerRegistery_::pname, DetectMpmAppLayerRegistery_::PrefilterRegister, DetectMpmAppLayerRegistery_::priority, SCCalloc, SCLogDebug, DetectMpmAppLayerRegistery_::sm_list, and SupportFastPatternForSigMatchList().

Referenced by DetectDceStubDataRegister(), DetectHttpHeaderNamesRegister(), DetectHttpResponseLineRegister(), and DetectHttpStartRegister().

Here is the call graph for this function:

Here is the caller graph for this function:

void DetectAppLayerMpmRegister2	(	const char *	name,
		int	direction,
		int	priority,
		int()(DetectEngineCtx de_ctx, SigGroupHead sgh, MpmCtx mpm_ctx, const DetectMpmAppLayerRegistery *mpm_reg, int list_id)	PrefilterRegister,
		InspectionBufferGetDataPtr	GetData,
		AppProto	alproto,
		int	tx_min_progress
	)

register a MPM engine

Note: to be used at start up / registration only. Errors are fatal.

Definition at line 85 of file detect-engine-mpm.c.

Here is the call graph for this function:

Here is the caller graph for this function:

void DetectAppLayerMpmRegisterByParentId	(	DetectEngineCtx *	de_ctx,
		const int	id,
		const int	parent_id,
		DetectEngineTransforms *	transforms
	)

copy a mpm engine from parent_id, add in transforms

Definition at line 176 of file detect-engine-mpm.c.

Referenced by DetectBufferTypeGetByIdTransforms().

Here is the call graph for this function:

Here is the caller graph for this function:

void DetectMpmInitializeAppMpms ( DetectEngineCtx * de_ctx )

Definition at line 214 of file detect-engine-mpm.c.

References DetectEngineCtx_::app_mpms_list, DetectEngineCtx_::app_mpms_list_cnt, BUG_ON, DetectMpmAppLayerRegistery_::next, SCCalloc, and SCLogDebug.

Referenced by InspectionBufferApplyTransforms().

Here is the caller graph for this function:

void DetectMpmInitializeBuiltinMpms ( DetectEngineCtx * de_ctx )

Definition at line 332 of file detect-engine-mpm.c.

References DetectEngineCtx_::sgh_mpm_context_proto_other_packet, DetectEngineCtx_::sgh_mpm_context_proto_tcp_packet, DetectEngineCtx_::sgh_mpm_context_proto_udp_packet, and DetectEngineCtx_::sgh_mpm_context_stream.

Referenced by PacketCreateMask().

Here is the caller graph for this function:

int DetectMpmPrepareAppMpms ( DetectEngineCtx * de_ctx )

initialize mpm contexts for applayer buffers that are in "single or "shared" mode.

Definition at line 287 of file detect-engine-mpm.c.

References DetectEngineCtx_::app_mpms, ConfGetBool(), DetectMpmAppLayerRegistery_::direction, ENGINE_SGH_MPM_FACTORY_CONTEXT_SINGLE, MPM_CTX_FACTORY_UNIQUE_CONTEXT, DetectEngineCtx_::mpm_matcher, mpm_table, MpmFactoryGetMpmCtxForProfile(), MpmFactoryRegisterMpmCtxProfile(), MpmTableElmt_::Prepare, DetectMpmAppLayerKeyword_::reg, SCLogPerf, DetectMpmAppLayerKeyword_::sgh_mpm_context, DetectEngineCtx_::sgh_mpm_context, SIG_FLAG_TOSERVER, and strlcat().

Referenced by SigGroupBuild().

Here is the call graph for this function:

Here is the caller graph for this function:

int DetectMpmPrepareBuiltinMpms ( DetectEngineCtx * de_ctx )

initialize mpm contexts for builtin buffers that are in "single or "shared" mode.

Definition at line 345 of file detect-engine-mpm.c.

References MPM_CTX_FACTORY_UNIQUE_CONTEXT, DetectEngineCtx_::mpm_matcher, mpm_table, MpmFactoryGetMpmCtxForProfile(), MpmTableElmt_::Prepare, DetectEngineCtx_::sgh_mpm_context_proto_other_packet, DetectEngineCtx_::sgh_mpm_context_proto_tcp_packet, DetectEngineCtx_::sgh_mpm_context_proto_udp_packet, and DetectEngineCtx_::sgh_mpm_context_stream.

Referenced by SigGroupBuild().

Here is the call graph for this function:

Here is the caller graph for this function:

void DetectMpmSetupAppMpms ( DetectEngineCtx * de_ctx )

Definition at line 242 of file detect-engine-mpm.c.

References DetectEngineCtx_::app_mpms, DetectEngineCtx_::app_mpms_list, DetectEngineCtx_::app_mpms_list_cnt, BUG_ON, ConfGetBool(), DE_QUIET, ENGINE_SGH_MPM_FACTORY_CONTEXT_SINGLE, DetectEngineCtx_::flags, DetectMpmAppLayerRegistery_::id, MPM_CTX_FACTORY_UNIQUE_CONTEXT, MpmFactoryRegisterMpmCtxProfile(), DetectMpmAppLayerRegistery_::name, DetectMpmAppLayerRegistery_::next, DetectMpmAppLayerKeyword_::reg, SCCalloc, SCLogDebug, SCLogPerf, DetectMpmAppLayerKeyword_::sgh_mpm_context, DetectEngineCtx_::sgh_mpm_context, and strlcat().

Referenced by PacketCreateMask().

Here is the call graph for this function:

Here is the caller graph for this function:

int DetectSetFastPatternAndItsId ( DetectEngineCtx * de_ctx )

Figured out the FP and their respective content ids for all the sigs in the engine.

Parameters

de_ctx Detection engine context.

Return values

0	On success.
-1	On failure.

Definition at line 1457 of file detect-engine-mpm.c.

References BUG_ON, DetectContentData_::content, DetectFPAndItsId_::content, DetectContentData_::content_len, DetectFPAndItsId_::content_len, SigMatch_::ctx, DETECT_CONTENT_FAST_PATTERN_CHOP, DETECT_CONTENT_NOCASE, DetectContentData_::flags, Signature_::flags, DetectFPAndItsId_::flags, DetectContentData_::fp_chop_len, DetectContentData_::fp_chop_offset, DetectContentData_::id, DetectFPAndItsId_::id, Signature_::init_data, DetectEngineCtx_::max_fp_id, SignatureInitData_::mpm_sm, Signature_::next, PatIntId, RetrieveFPForSig(), SCFree, SCMalloc, SCMemcmp, SIG_FLAG_PREFILTER, DetectEngineCtx_::sig_list, SigMatchListSMBelongsTo(), DetectFPAndItsId_::sm_list, and unlikely.

Referenced by SigGroupBuild().

Here is the call graph for this function:

Here is the caller graph for this function:

void MpmStoreFree ( DetectEngineCtx * de_ctx )

Frees the hash table - DetectEngineCtx->mpm_hash_table, allocated by MpmStoreInit() function.

Parameters

de_ctx Pointer to the detection engine context.

Definition at line 1000 of file detect-engine-mpm.c.

References MpmStore_::buffer, BUG_ON, SigMatch_::ctx, DETECT_CONTENT_FAST_PATTERN_CHOP, DETECT_CONTENT_MPM_IS_CONCLUSIVE, DETECT_CONTENT_NEGATED, DETECT_SM_LIST_PMATCH, MpmStore_::direction, DetectContentData_::flags, Signature_::flags, HashListTableFree(), Signature_::id, Signature_::init_data, MpmStore_::mpm_ctx, MPM_CTX_FACTORY_UNIQUE_CONTEXT, DetectEngineCtx_::mpm_hash_table, DetectEngineCtx_::mpm_matcher, SignatureInitData_::mpm_sm, mpm_table, MpmCtx_::mpm_type, MPMB_MAX, MPMB_OTHERIP, MPMB_TCP_PKT_TC, MPMB_TCP_PKT_TS, MPMB_TCP_STREAM_TC, MPMB_TCP_STREAM_TS, MPMB_UDP_TC, MPMB_UDP_TS, MpmFactoryGetMpmCtxForProfile(), MpmFactoryReClaimMpmCtx(), MpmInitCtx(), MpmCtx_::pattern_cnt, MpmTableElmt_::Prepare, SCLogDebug, MpmStore_::sgh_mpm_context, MpmStore_::sid_array, MpmStore_::sid_array_size, DetectEngineCtx_::sig_array, SIG_FLAG_TOCLIENT, SIG_FLAG_TOSERVER, SigMatchListSMBelongsTo(), and MpmStore_::sm_list.

Referenced by DetectEngineCtxFree().

Here is the call graph for this function:

Here is the caller graph for this function:

int MpmStoreInit ( DetectEngineCtx * de_ctx )

Initializes the MpmStore mpm hash table to be used by the detection engine context.

Parameters

de_ctx Pointer to the detection engine context.

Return values

0	On success.
-1	On failure.

Definition at line 888 of file detect-engine-mpm.c.

References HashListTableAdd(), HashListTableInit(), HashListTableLookup(), and DetectEngineCtx_::mpm_hash_table.

Referenced by DetectEngineInspectBufferGeneric().

Here is the call graph for this function:

Here is the caller graph for this function:

MpmStore* MpmStorePrepareBuffer	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	sgh,
		enum MpmBuiltinBuffers	buf
	)

Get MpmStore for a built-in buffer type.

Definition at line 1110 of file detect-engine-mpm.c.

References MpmStore_::buffer, BUG_ON, DETECT_SM_LIST_PMATCH, DetectEngineGetMaxSigId, DetectMpmAppLayerRegistery_::direction, MpmStore_::direction, Signature_::flags, SigGroupHead_::flags, Signature_::init_data, SigGroupHead_::match_array, SignatureInitData_::mpm_sm, MPMB_MAX, MPMB_OTHERIP, MPMB_TCP_PKT_TC, MPMB_TCP_PKT_TS, MPMB_TCP_STREAM_TC, MPMB_TCP_STREAM_TS, MPMB_UDP_TC, MPMB_UDP_TS, DetectMpmAppLayerRegistery_::name, Signature_::num, DetectMpmAppLayerKeyword_::reg, SCCalloc, SCFree, SCLogDebug, DetectMpmAppLayerKeyword_::sgh_mpm_context, MpmStore_::sgh_mpm_context, DetectEngineCtx_::sgh_mpm_context_proto_other_packet, DetectEngineCtx_::sgh_mpm_context_proto_tcp_packet, DetectEngineCtx_::sgh_mpm_context_proto_udp_packet, DetectEngineCtx_::sgh_mpm_context_stream, MpmStore_::sid_array, MpmStore_::sid_array_size, SigGroupHead_::sig_cnt, SIG_FLAG_TOCLIENT, SIG_FLAG_TOSERVER, SIG_GROUP_HEAD_HAVERAWSTREAM, SigMatchListSMBelongsTo(), SignatureHasPacketContent(), SignatureHasStreamContent(), DetectMpmAppLayerRegistery_::sm_list, and MpmStore_::sm_list.

Referenced by PatternMatchPrepareGroup().

Here is the call graph for this function:

Here is the caller graph for this function:

void MpmStoreReportStats ( const DetectEngineCtx * de_ctx )

Definition at line 933 of file detect-engine-mpm.c.

References DetectEngineCtx_::app_mpms, MpmStore_::buffer, builtin_mpms, DE_QUIET, DETECT_SM_LIST_PMATCH, DetectMpmAppLayerRegistery_::direction, MpmStore_::direction, DetectEngineCtx_::flags, HashListTableGetListData, HashListTableGetListHead(), HashListTableGetListNext, MpmCtx_::maxlen, MpmCtx_::minlen, MpmStore_::mpm_ctx, DetectEngineCtx_::mpm_hash_table, MPMB_MAX, DetectMpmAppLayerRegistery_::name, MpmCtx_::pattern_cnt, DetectMpmAppLayerKeyword_::reg, SCLogDebug, SCLogPerf, SIG_FLAG_TOSERVER, DetectMpmAppLayerRegistery_::sm_list, and MpmStore_::sm_list.

Referenced by SigAddressPrepareStage4().

Here is the call graph for this function:

Here is the caller graph for this function:

void PacketPatternCleanup ( DetectEngineThreadCtx * det_ctx )

cleans up the mpm instance after a match

Definition at line 513 of file detect-engine-mpm.c.

References DetectEngineThreadCtx_::pmq, and PmqReset().

Referenced by SigMatchSignaturesGetSgh().

Here is the call graph for this function:

Here is the caller graph for this function:

uint16_t PatternMatchDefaultMatcher ( void )

Function to return the multi pattern matcher algorithm to be used by the engine, based on the mpm-algo setting in yaml Use the default mpm if none is specified in the yaml file.

Return values

mpm	algo value

Definition at line 472 of file detect-engine-mpm.c.

References ConfGet(), mpm_default_matcher, mpm_table, MPM_TABLE_SIZE, SC_ERR_INVALID_YAML_CONF_ENTRY, and SCLogError.

Referenced by AppLayerProtoDetectSetup(), and DetectEngineInspectBufferGeneric().

Here is the call graph for this function:

Here is the caller graph for this function:

void PatternMatchDestroy	(	MpmCtx *	mpm_ctx,
		uint16_t	mpm_matcher
	)

Definition at line 518 of file detect-engine-mpm.c.

References MpmTableElmt_::DestroyCtx, mpm_table, and SCLogDebug.

int PatternMatchPrepareGroup	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	sh
	)

Prepare the pattern matcher ctx in a sig group head.

Definition at line 1342 of file detect-engine-mpm.c.

References DetectEngineCtx_::app_mpms, SigGroupHeadInitData_::app_mpms, BUG_ON, DetectMpmAppLayerRegistery_::direction, DetectMpmAppLayerRegistery_::id, SigGroupHead_::init, MpmStore_::mpm_ctx, MPMB_OTHERIP, MPMB_TCP_PKT_TC, MPMB_TCP_PKT_TS, MPMB_TCP_STREAM_TC, MPMB_TCP_STREAM_TS, MPMB_UDP_TC, MPMB_UDP_TS, MpmStorePrepareBuffer(), DetectMpmAppLayerRegistery_::name, PrefilterPktPayloadRegister(), PrefilterPktStreamRegister(), DetectMpmAppLayerRegistery_::PrefilterRegister, DetectMpmAppLayerRegistery_::PrefilterRegisterWithListId, DetectMpmAppLayerKeyword_::reg, SCCalloc, SCLogDebug, SGH_DIRECTION_TC, SGH_DIRECTION_TS, SGH_PROTO, SIG_FLAG_TOCLIENT, SIG_FLAG_TOSERVER, DetectMpmAppLayerRegistery_::sm_list, and DetectMpmAppLayerRegistery_::v2.

Referenced by PrefilterSetupRuleGroup().

Here is the call graph for this function:

Here is the caller graph for this function:

void PatternMatchThreadDestroy	(	MpmThreadCtx *	mpm_thread_ctx,
		uint16_t	mpm_matcher
	)

Definition at line 529 of file detect-engine-mpm.c.

References MpmTableElmt_::DestroyThreadCtx, mpm_table, and SCLogDebug.

Referenced by DetectEngineThreadCtxInit().

Here is the caller graph for this function:

void PatternMatchThreadPrepare	(	MpmThreadCtx *	mpm_thread_ctx,
		uint16_t	mpm_matcher
	)

Definition at line 535 of file detect-engine-mpm.c.

References MpmInitThreadCtx(), and SCLogDebug.

Referenced by DetectEngineResetMaxSigId().

Here is the call graph for this function:

Here is the caller graph for this function:

void PatternMatchThreadPrint	(	MpmThreadCtx *	mpm_thread_ctx,
		uint16_t	mpm_matcher
	)

Definition at line 524 of file detect-engine-mpm.c.

References SCLogDebug.

Referenced by DetectEngineThreadCtxInfo().

Here is the caller graph for this function:

uint32_t PatternStrength	(	uint8_t *	pat,
		uint16_t	patlen
	)

Predict a strength value for patterns.

Patterns with high character diversity score higher. Alpha chars score not so high Other printable + a few common codes a little higher Everything else highest. Longer patterns score better than short patters.

Parameters

pat	pattern
patlen	length of the patternn

Return values

s	pattern score

Definition at line 554 of file detect-engine-mpm.c.

References DetectContentData_::content, DetectContentData_::content_len, DetectContentData_::depth, DETECT_CONTENT_NOCASE, DetectContentData_::flags, flags, DetectContentData_::fp_chop_len, DetectContentData_::fp_chop_offset, DetectContentData_::id, MPM_PATTERN_CTX_OWNS_ID, MpmAddPatternCI(), MpmAddPatternCS(), Signature_::num, and DetectContentData_::offset.

Referenced by PacketCreateMask().

Here is the call graph for this function:

Here is the caller graph for this function:

void RetrieveFPForSig	(	const DetectEngineCtx *	de_ctx,
		Signature *	s
	)

Definition at line 692 of file detect-engine-mpm.c.

References HashListTable_::array_size, MpmStore_::buffer, BUG_ON, DetectContentData_::content_len, MpmTableElmt_::DestroyCtx, DETECT_CONTENT, DETECT_CONTENT_FAST_PATTERN, DETECT_CONTENT_NEGATED, MpmStore_::direction, FastPatternSupportEnabledForSigMatchList(), MpmCtx_::flags, DetectContentData_::flags, Signature_::init_data, SCFPSupportSMList_::list_id, MpmStore_::mpm_ctx, SignatureInitData_::mpm_sm, mpm_table, MpmCtx_::mpm_type, MPMCTX_FLAGS_GLOBAL, SCFPSupportSMList_::next, SigMatch_::next, SCFPSupportSMList_::priority, SCFree, SCLogDebug, SCMemcmp, MpmStore_::sid_array, MpmStore_::sid_array_size, sm_fp_support_smlist_list, MpmStore_::sm_list, SignatureInitData_::smlists, and SignatureInitData_::smlists_array_size.

Referenced by DetectLoadCompleteSigPath(), and DetectSetFastPatternAndItsId().

Here is the call graph for this function:

Here is the caller graph for this function:

int SignatureHasPacketContent ( const Signature * s )

check if a signature has patterns that are to be inspected against a packets payload (as opposed to the stream payload)

Parameters

s signature

Return values

1	true
0	false

Definition at line 402 of file detect-engine-mpm.c.

References DETECT_SM_LIST_PMATCH, Signature_::flags, Signature_::init_data, DetectProto_::proto, Signature_::proto, SCEnter, SCLogDebug, SCReturnInt, SIG_FLAG_REQUIRE_PACKET, Signature_::sm_arrays, and SignatureInitData_::smlists.

Referenced by MpmStorePrepareBuffer(), and PerCentEncodingMatch().

Here is the caller graph for this function:

int SignatureHasStreamContent ( const Signature * s )

check if a signature has patterns that are to be inspected against the stream payload (as opposed to the individual packets payload(s))

Parameters

s signature

Return values

1	true
0	false

Definition at line 438 of file detect-engine-mpm.c.

References DETECT_SM_LIST_PMATCH, Signature_::flags, Signature_::init_data, DetectProto_::proto, Signature_::proto, SCEnter, SCLogDebug, SCReturnInt, SIG_FLAG_REQUIRE_STREAM, Signature_::sm_arrays, and SignatureInitData_::smlists.

Referenced by MpmStorePrepareBuffer(), and PerCentEncodingMatch().

Here is the caller graph for this function:

Variable Documentation

const char* builtin_mpms[]

Initial value:

= {
    "toserver TCP packet",
    "toclient TCP packet",
    "toserver TCP stream",
    "toclient TCP stream",
    "toserver UDP packet",
    "toclient UDP packet",
    "other IP packet",
    NULL }

Definition at line 62 of file detect-engine-mpm.c.

Referenced by MpmStoreReportStats().

Data Structures

Macros

Typedefs

Functions

Variables

Detailed Description

Macro Definition Documentation

Typedef Documentation

Function Documentation

Variable Documentation