#include "detect.h"

Include dependency graph for detect-engine-mpm.h:

Data Structures
struct	PrefilterMpmListId

struct	MpmListIdDataArgs

Typedefs
typedef int(*	PrefilterRegisterFunc) (DetectEngineCtx de_ctx, SigGroupHead sgh, MpmCtx mpm_ctx, const DetectBufferMpmRegistry mpm_reg, int list_id)

typedef struct PrefilterMpmListId	PrefilterMpmListId

Functions
void	DetectMpmInitializeFrameMpms (DetectEngineCtx *de_ctx)

int	DetectMpmPrepareFrameMpms (DetectEngineCtx *de_ctx)
	initialize mpm contexts for applayer buffers that are in "single or "shared" mode. More...

void	DetectMpmInitializePktMpms (DetectEngineCtx *de_ctx)

int	DetectMpmPreparePktMpms (DetectEngineCtx *de_ctx)
	initialize mpm contexts for applayer buffers that are in "single or "shared" mode. More...

void	DetectMpmInitializeAppMpms (DetectEngineCtx *de_ctx)

int	DetectMpmPrepareAppMpms (DetectEngineCtx *de_ctx)
	initialize mpm contexts for applayer buffers that are in "single or "shared" mode. More...

void	DetectMpmInitializeBuiltinMpms (DetectEngineCtx *de_ctx)

int	DetectMpmPrepareBuiltinMpms (DetectEngineCtx *de_ctx)
	initialize mpm contexts for builtin buffers that are in "single or "shared" mode. More...

uint32_t	PatternStrength (uint8_t *, uint16_t)
	Predict a strength value for patterns. More...

uint8_t	PatternMatchDefaultMatcher (void)
	Function to return the multi pattern matcher algorithm to be used by the engine, based on the mpm-algo setting in yaml Use the default mpm if none is specified in the yaml file. More...

void	PatternMatchPrepare (MpmCtx *, uint16_t)

void	PatternMatchThreadPrepare (MpmThreadCtx *, uint16_t type)

void	PatternMatchDestroy (MpmCtx *, uint16_t)

void	PatternMatchThreadDestroy (MpmThreadCtx *mpm_thread_ctx, uint16_t)

int	PatternMatchPrepareGroup (DetectEngineCtx , SigGroupHead )
	Prepare the pattern matcher ctx in a sig group head. More...

TmEcode	DetectEngineThreadCtxInit (ThreadVars , void , void **)
	initialize thread specific detection engine context More...

TmEcode	DetectEngineThreadCtxDeinit (ThreadVars , void )

int	SignatureHasPacketContent (const Signature *)
	check if a signature has patterns that are to be inspected against a packets payload (as opposed to the stream payload) More...

int	SignatureHasStreamContent (const Signature *)
	check if a signature has patterns that are to be inspected against the stream payload (as opposed to the individual packets payload(s)) More...

void	RetrieveFPForSig (const DetectEngineCtx de_ctx, Signature s)

int	MpmStoreInit (DetectEngineCtx *)
	Initializes the MpmStore mpm hash table to be used by the detection engine context. More...

void	MpmStoreFree (DetectEngineCtx *)
	Frees the hash table - DetectEngineCtx->mpm_hash_table, allocated by MpmStoreInit() function. More...

void	MpmStoreReportStats (const DetectEngineCtx *de_ctx)

MpmStore *	MpmStorePrepareBuffer (DetectEngineCtx de_ctx, SigGroupHead sgh, enum MpmBuiltinBuffers buf)
	Get MpmStore for a built-in buffer type. More...

int	DetectSetFastPatternAndItsId (DetectEngineCtx *de_ctx)
	Figure out the FP and their respective content ids for all the sigs in the engine. More...

void	DetectAppLayerMpmRegister (const char *name, int direction, int priority, PrefilterRegisterFunc PrefilterRegister, InspectionBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress)
	register an app layer keyword for mpm More...

void	DetectAppLayerMpmRegisterByParentId (DetectEngineCtx de_ctx, const int id, const int parent_id, DetectEngineTransforms transforms)
	copy a mpm engine from parent_id, add in transforms More...

void	DetectPktMpmRegister (const char *name, int priority, PrefilterRegisterFunc PrefilterRegister, InspectionBufferGetPktDataPtr GetData)

void	DetectPktMpmRegisterByParentId (DetectEngineCtx de_ctx, const int id, const int parent_id, DetectEngineTransforms transforms)
	copy a mpm engine from parent_id, add in transforms More...

void	DetectFrameMpmRegister (const char name, int direction, int priority, int(PrefilterRegister)(DetectEngineCtx de_ctx, SigGroupHead sgh, MpmCtx mpm_ctx, const DetectBufferMpmRegistry mpm_reg, int list_id), AppProto alproto, uint8_t type)
	register a MPM engine More...

void	DetectFrameMpmRegisterByParentId (DetectEngineCtx de_ctx, const int id, const int parent_id, DetectEngineTransforms transforms)
	copy a mpm engine from parent_id, add in transforms More...

void	DetectEngineFrameMpmRegister (DetectEngineCtx de_ctx, const char name, int direction, int priority, int(PrefilterRegister)(DetectEngineCtx de_ctx, SigGroupHead sgh, MpmCtx mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id), AppProto alproto, uint8_t type)

int	PrefilterGenericMpmPktRegister (DetectEngineCtx de_ctx, SigGroupHead sgh, MpmCtx mpm_ctx, const DetectBufferMpmRegistry mpm_reg, int list_id)

int	PrefilterGenericMpmFrameRegister (DetectEngineCtx de_ctx, SigGroupHead sgh, MpmCtx mpm_ctx, const DetectBufferMpmRegistry mpm_reg, int list_id)

void	EngineAnalysisAddAllRulePatterns (DetectEngineCtx de_ctx, const Signature s)
	add all patterns on our stats hash Used to fill the hash later used by DumpPatterns() More...

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file detect-engine-mpm.h.

Typedef Documentation

◆ PrefilterMpmListId

typedef struct PrefilterMpmListId PrefilterMpmListId

◆ PrefilterRegisterFunc

typedef int(* PrefilterRegisterFunc) (DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)

Definition at line 75 of file detect-engine-mpm.h.

Function Documentation

◆ DetectAppLayerMpmRegister()

void DetectAppLayerMpmRegister	(	const char *	name,
		int	direction,
		int	priority,
		PrefilterRegisterFunc	PrefilterRegister,
		InspectionBufferGetDataPtr	GetData,
		AppProto	alproto,
		int	tx_min_progress
	)

register an app layer keyword for mpm

Parameters

name	buffer name
direction	SIG_FLAG_TOSERVER or SIG_FLAG_TOCLIENT
priority	mpm keyword priority
PrefilterRegister	Prefilter api registration function
GetData	callback to setup a InspectBuffer. May be NULL.
alproto	AppProto this MPM engine inspects
tx_min_progress	min tx progress needed to invoke this engine.

Note: direction must be set to either toserver or toclient. If both are needed, register the keyword twice.

register an app layer keyword for mpm

Note: to be used at start up / registration only. Errors are fatal.

Definition at line 89 of file detect-engine-mpm.c.

Referenced by DetectFileRegisterFileProtocols().

Here is the caller graph for this function:

◆ DetectAppLayerMpmRegisterByParentId()

void DetectAppLayerMpmRegisterByParentId	(	DetectEngineCtx *	de_ctx,
		const int	id,
		const int	parent_id,
		DetectEngineTransforms *	transforms
	)

copy a mpm engine from parent_id, add in transforms

Definition at line 143 of file detect-engine-mpm.c.

Referenced by DetectEngineBufferTypeGetByIdTransforms().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DetectEngineFrameMpmRegister()

void DetectEngineFrameMpmRegister	(	DetectEngineCtx *	de_ctx,
		const char *	name,
		int	direction,
		int	priority,
		int()(DetectEngineCtx de_ctx, SigGroupHead sgh, MpmCtx mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)	PrefilterRegister,
		AppProto	alproto,
		uint8_t	type
	)

Definition at line 373 of file detect-engine-mpm.c.

Here is the call graph for this function:

◆ DetectEngineThreadCtxDeinit()

TmEcode DetectEngineThreadCtxDeinit	(	ThreadVars *	,
		void *
	)

Definition at line 3454 of file detect-engine.c.

Referenced by UTHMatchPackets(), UTHMatchPacketsWithResults(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().

Here is the caller graph for this function:

◆ DetectEngineThreadCtxInit()

TmEcode DetectEngineThreadCtxInit	(	ThreadVars *	tv,
		void *	initdata,
		void **	data
	)

initialize thread specific detection engine context

Note: there is a special case when using delayed detect. In this case the function is called twice per thread. The first time the rules are not yet loaded. de_ctx->delayed_detect_initialized will be 0. The 2nd time they will be loaded. de_ctx->delayed_detect_initialized will be 1. This is needed to do the per thread counter registration before the packet runtime starts. In delayed detect mode, the first call will return a NULL ptr through the data ptr.

Parameters

tv	ThreadVars for this thread
initdata	pointer to de_ctx
data[out]	pointer to store our thread detection ctx

Return values

TM_ECODE_OK	if all went well
TM_ECODE_FAILED	on serious errors

alert counter setup

Definition at line 3244 of file detect-engine.c.

Referenced by UTHMatchPackets(), UTHMatchPacketsWithResults(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().

Here is the caller graph for this function:

◆ DetectFrameMpmRegister()

void DetectFrameMpmRegister	(	const char *	name,
		int	direction,
		int	priority,
		int()(DetectEngineCtx de_ctx, SigGroupHead sgh, MpmCtx mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)	PrefilterRegister,
		AppProto	alproto,
		uint8_t	type
	)

register a MPM engine

Note: to be used at start up / registration only. Errors are fatal.

Definition at line 286 of file detect-engine-mpm.c.

Here is the call graph for this function:

◆ DetectFrameMpmRegisterByParentId()

void DetectFrameMpmRegisterByParentId	(	DetectEngineCtx *	de_ctx,
		const int	id,
		const int	parent_id,
		DetectEngineTransforms *	transforms
	)

copy a mpm engine from parent_id, add in transforms

Definition at line 334 of file detect-engine-mpm.c.

Referenced by DetectEngineBufferTypeGetByIdTransforms().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DetectMpmInitializeAppMpms()

void DetectMpmInitializeAppMpms ( DetectEngineCtx * de_ctx )

Definition at line 211 of file detect-engine-mpm.c.

◆ DetectMpmInitializeBuiltinMpms()

void DetectMpmInitializeBuiltinMpms ( DetectEngineCtx * de_ctx )

Definition at line 701 of file detect-engine-mpm.c.

References de_ctx, and DetectEngineCtx_::sgh_mpm_context_proto_tcp_packet.

◆ DetectMpmInitializeFrameMpms()

void DetectMpmInitializeFrameMpms ( DetectEngineCtx * de_ctx )

Definition at line 436 of file detect-engine-mpm.c.

◆ DetectMpmInitializePktMpms()

void DetectMpmInitializePktMpms ( DetectEngineCtx * de_ctx )

Definition at line 603 of file detect-engine-mpm.c.

◆ DetectMpmPrepareAppMpms()

int DetectMpmPrepareAppMpms ( DetectEngineCtx * de_ctx )

initialize mpm contexts for applayer buffers that are in "single or "shared" mode.

Definition at line 261 of file detect-engine-mpm.c.

References DetectEngineCtx_::app_mpms_list, de_ctx, DetectBufferMpmRegistry_::direction, MPM_CTX_FACTORY_UNIQUE_CONTEXT, DetectEngineCtx_::mpm_matcher, mpm_table, MpmFactoryGetMpmCtxForProfile(), DetectBufferMpmRegistry_::next, MpmTableElmt_::Prepare, DetectBufferMpmRegistry_::sgh_mpm_context, and SIG_FLAG_TOSERVER.

Here is the call graph for this function:

◆ DetectMpmPrepareBuiltinMpms()

int DetectMpmPrepareBuiltinMpms ( DetectEngineCtx * de_ctx )

initialize mpm contexts for builtin buffers that are in "single or "shared" mode.

Definition at line 714 of file detect-engine-mpm.c.

References de_ctx, MPM_CTX_FACTORY_UNIQUE_CONTEXT, DetectEngineCtx_::mpm_matcher, mpm_table, MpmFactoryGetMpmCtxForProfile(), MpmTableElmt_::Prepare, DetectEngineCtx_::sgh_mpm_context_proto_other_packet, DetectEngineCtx_::sgh_mpm_context_proto_tcp_packet, DetectEngineCtx_::sgh_mpm_context_proto_udp_packet, and DetectEngineCtx_::sgh_mpm_context_stream.

Here is the call graph for this function:

◆ DetectMpmPrepareFrameMpms()

int DetectMpmPrepareFrameMpms ( DetectEngineCtx * de_ctx )

initialize mpm contexts for applayer buffers that are in "single or "shared" mode.

Definition at line 488 of file detect-engine-mpm.c.

References de_ctx, DetectBufferMpmRegistry_::direction, DetectEngineCtx_::frame_mpms_list, MPM_CTX_FACTORY_UNIQUE_CONTEXT, DetectEngineCtx_::mpm_matcher, mpm_table, MpmFactoryGetMpmCtxForProfile(), DetectBufferMpmRegistry_::name, DetectBufferMpmRegistry_::next, MpmTableElmt_::Prepare, SCLogDebug, DetectBufferMpmRegistry_::sgh_mpm_context, and SIG_FLAG_TOSERVER.

Here is the call graph for this function:

◆ DetectMpmPreparePktMpms()

int DetectMpmPreparePktMpms ( DetectEngineCtx * de_ctx )

initialize mpm contexts for applayer buffers that are in "single or "shared" mode.

Definition at line 655 of file detect-engine-mpm.c.

References de_ctx, MPM_CTX_FACTORY_UNIQUE_CONTEXT, DetectEngineCtx_::mpm_matcher, mpm_table, MpmFactoryGetMpmCtxForProfile(), DetectBufferMpmRegistry_::name, DetectBufferMpmRegistry_::next, DetectEngineCtx_::pkt_mpms_list, MpmTableElmt_::Prepare, SCLogDebug, and DetectBufferMpmRegistry_::sgh_mpm_context.

Here is the call graph for this function:

◆ DetectPktMpmRegister()

void DetectPktMpmRegister	(	const char *	name,
		int	priority,
		PrefilterRegisterFunc	PrefilterRegister,
		InspectionBufferGetPktDataPtr	GetData
	)

◆ DetectPktMpmRegisterByParentId()

void DetectPktMpmRegisterByParentId	(	DetectEngineCtx *	de_ctx,
		const int	id,
		const int	parent_id,
		DetectEngineTransforms *	transforms
	)

copy a mpm engine from parent_id, add in transforms

Definition at line 565 of file detect-engine-mpm.c.

Referenced by DetectEngineBufferTypeGetByIdTransforms().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DetectSetFastPatternAndItsId()

int DetectSetFastPatternAndItsId ( DetectEngineCtx * de_ctx )

Figure out the FP and their respective content ids for all the sigs in the engine.

Parameters

de_ctx Detection engine context.

Return values

0	On success.
-1	On failure.

Definition at line 2394 of file detect-engine-mpm.c.

References cnt, de_ctx, Signature_::flags, HashListTableInit(), Signature_::init_data, SignatureInitData_::mpm_sm, Signature_::next, RetrieveFPForSig(), SIG_FLAG_PREFILTER, and DetectEngineCtx_::sig_list.

Referenced by SigGroupBuild().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ EngineAnalysisAddAllRulePatterns()

void EngineAnalysisAddAllRulePatterns	(	DetectEngineCtx *	de_ctx,
		const Signature *	s
	)

add all patterns on our stats hash Used to fill the hash later used by DumpPatterns()

Note: sets up the hash table on first call

Definition at line 2456 of file detect-engine-mpm.c.

References de_ctx, HashListTableInit(), and DetectEngineCtx_::pattern_hash_table.

Here is the call graph for this function:

◆ MpmStoreFree()

void MpmStoreFree ( DetectEngineCtx * de_ctx )

Frees the hash table - DetectEngineCtx->mpm_hash_table, allocated by MpmStoreInit() function.

Parameters

de_ctx Pointer to the detection engine context.

Definition at line 1505 of file detect-engine-mpm.c.

References de_ctx, HashListTableFree(), and DetectEngineCtx_::mpm_hash_table.

Referenced by DetectEngineCtxFree().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ MpmStoreInit()

int MpmStoreInit ( DetectEngineCtx * de_ctx )

Initializes the MpmStore mpm hash table to be used by the detection engine context.

Parameters

de_ctx Pointer to the detection engine context.

Return values

0	On success.
-1	On failure.

Definition at line 1342 of file detect-engine-mpm.c.

References de_ctx, HashListTableInit(), and DetectEngineCtx_::mpm_hash_table.

Here is the call graph for this function:

◆ MpmStorePrepareBuffer()

MpmStore* MpmStorePrepareBuffer	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	sgh,
		enum MpmBuiltinBuffers	buf
	)

Get MpmStore for a built-in buffer type.

Definition at line 1611 of file detect-engine-mpm.c.

References BUG_ON, cnt, de_ctx, DETECT_SM_LIST_PMATCH, DetectEngineGetMaxSigId, SigGroupHead_::init, Signature_::init_data, SigGroupHeadInitData_::match_array, SignatureInitData_::mpm_sm, MPMB_MAX, MPMB_OTHERIP, MPMB_TCP_PKT_TC, MPMB_TCP_PKT_TS, MPMB_TCP_STREAM_TC, MPMB_TCP_STREAM_TS, MPMB_UDP_TC, MPMB_UDP_TS, DetectEngineCtx_::sgh_mpm_context_proto_other_packet, DetectEngineCtx_::sgh_mpm_context_proto_tcp_packet, DetectEngineCtx_::sgh_mpm_context_proto_udp_packet, DetectEngineCtx_::sgh_mpm_context_stream, SigGroupHeadInitData_::sig_cnt, SIG_FLAG_TOCLIENT, and SIG_FLAG_TOSERVER.

Referenced by PatternMatchPrepareGroup().

Here is the caller graph for this function:

◆ MpmStoreReportStats()

void MpmStoreReportStats ( const DetectEngineCtx * de_ctx )

Definition at line 1408 of file detect-engine-mpm.c.

References MpmStore_::buffer, DetectEngineCtx_::buffer_type_id, de_ctx, DETECT_SM_LIST_PMATCH, HashListTableGetListData, HashListTableGetListHead(), HashListTableGetListNext, MpmStore_::mpm_ctx, DetectEngineCtx_::mpm_hash_table, MPMB_MAX, and MpmStore_::sm_list.

Referenced by SigPrepareStage4().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ PatternMatchDefaultMatcher()

uint8_t PatternMatchDefaultMatcher ( void )

Function to return the multi pattern matcher algorithm to be used by the engine, based on the mpm-algo setting in yaml Use the default mpm if none is specified in the yaml file.

Return values

mpm	algo value

Definition at line 829 of file detect-engine-mpm.c.

References ConfGet(), FatalError, mpm_default_matcher, mpm_table, MPM_TABLE_SIZE, and SCLogWarning.

Here is the call graph for this function:

◆ PatternMatchDestroy()

void PatternMatchDestroy	(	MpmCtx *	,
		uint16_t
	)

Definition at line 875 of file detect-engine-mpm.c.

References MpmTableElmt_::DestroyCtx, mpm_table, and SCLogDebug.

◆ PatternMatchPrepare()

void PatternMatchPrepare	(	MpmCtx *	,
		uint16_t
	)

◆ PatternMatchPrepareGroup()

int PatternMatchPrepareGroup	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	sh
	)

Prepare the pattern matcher ctx in a sig group head.

Definition at line 2203 of file detect-engine-mpm.c.

References de_ctx, MpmStore_::mpm_ctx, MPMB_TCP_PKT_TS, MPMB_TCP_STREAM_TS, MpmStorePrepareBuffer(), PrefilterPktPayloadRegister(), PrefilterPktStreamRegister(), SGH_DIRECTION_TS, and SGH_PROTO.

Referenced by PrefilterSetupRuleGroup().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ PatternMatchThreadDestroy()

void PatternMatchThreadDestroy	(	MpmThreadCtx *	mpm_thread_ctx,
		uint16_t
	)

Definition at line 881 of file detect-engine-mpm.c.

References MpmDestroyThreadCtx(), and SCLogDebug.

Here is the call graph for this function:

◆ PatternMatchThreadPrepare()

void PatternMatchThreadPrepare	(	MpmThreadCtx *	,
		uint16_t	type
	)

Definition at line 886 of file detect-engine-mpm.c.

References MpmInitThreadCtx(), and SCLogDebug.

Here is the call graph for this function:

◆ PatternStrength()

uint32_t PatternStrength	(	uint8_t *	pat,
		uint16_t	patlen
	)

Predict a strength value for patterns.

Patterns with high character diversity score higher. Alpha chars score not so high Other printable + a few common codes a little higher Everything else highest. Longer patterns score better than short patters.

Parameters

pat	pattern
patlen	length of the pattern

Return values

s	pattern score

Definition at line 905 of file detect-engine-mpm.c.

◆ PrefilterGenericMpmFrameRegister()

int PrefilterGenericMpmFrameRegister	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	sgh,
		MpmCtx *	mpm_ctx,
		const DetectBufferMpmRegistry *	mpm_reg,
		int	list_id
	)

Definition at line 207 of file detect-engine-frame.c.

References ALPROTO_UNKNOWN, BUG_ON, de_ctx, DetectBufferMpmRegistry_::frame_v1, FrameStreamData::list_id, PrefilterMpmFrameCtx::list_id, FrameStreamData::mpm_ctx, PrefilterMpmFrameCtx::mpm_ctx, PrefilterAppendFrameEngine(), SCCalloc, SCEnter, PrefilterMpmFrameCtx::transforms, and DetectBufferMpmRegistry_::transforms.

Here is the call graph for this function:

◆ PrefilterGenericMpmPktRegister()

int PrefilterGenericMpmPktRegister	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	sgh,
		MpmCtx *	mpm_ctx,
		const DetectBufferMpmRegistry *	mpm_reg,
		int	list_id
	)

Definition at line 815 of file detect-engine-prefilter.c.

◆ RetrieveFPForSig()

void RetrieveFPForSig	(	const DetectEngineCtx *	de_ctx,
		Signature *	s
	)

Definition at line 1052 of file detect-engine-mpm.c.

References de_ctx, DETECT_CONTENT, DETECT_CONTENT_FAST_PATTERN, DETECT_SM_LIST_PMATCH, FastPatternSupportEnabledForSigMatchList(), DetectContentData_::flags, g_skip_prefilter, Signature_::init_data, SignatureInitData_::max_content_list_id, SignatureInitData_::mpm_sm, SigMatch_::next, and SignatureInitData_::smlists.

Referenced by DetectSetFastPatternAndItsId().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ SignatureHasPacketContent()

int SignatureHasPacketContent ( const Signature * s )

check if a signature has patterns that are to be inspected against a packets payload (as opposed to the stream payload)

Parameters

s signature

Return values

1	true
0	false

Definition at line 771 of file detect-engine-mpm.c.

References DETECT_SM_LIST_PMATCH, Signature_::flags, Signature_::init_data, DetectProto_::proto, Signature_::proto, SCEnter, SCLogDebug, SCReturnInt, SIG_FLAG_REQUIRE_PACKET, and SignatureInitData_::smlists.

◆ SignatureHasStreamContent()

int SignatureHasStreamContent ( const Signature * s )

check if a signature has patterns that are to be inspected against the stream payload (as opposed to the individual packets payload(s))

Parameters

s signature

Return values

1	true
0	false

Definition at line 801 of file detect-engine-mpm.c.

References DETECT_SM_LIST_PMATCH, Signature_::flags, Signature_::init_data, DetectProto_::proto, Signature_::proto, SCEnter, SCLogDebug, SCReturnInt, SIG_FLAG_REQUIRE_STREAM, and SignatureInitData_::smlists.

Data Structures

Typedefs

Functions

Detailed Description

Typedef Documentation

◆ PrefilterMpmListId

◆ PrefilterRegisterFunc

Function Documentation

◆ DetectAppLayerMpmRegister()

◆ DetectAppLayerMpmRegisterByParentId()

◆ DetectEngineFrameMpmRegister()

◆ DetectEngineThreadCtxDeinit()

◆ DetectEngineThreadCtxInit()

◆ DetectFrameMpmRegister()

◆ DetectFrameMpmRegisterByParentId()

◆ DetectMpmInitializeAppMpms()

◆ DetectMpmInitializeBuiltinMpms()

◆ DetectMpmInitializeFrameMpms()

◆ DetectMpmInitializePktMpms()

◆ DetectMpmPrepareAppMpms()

◆ DetectMpmPrepareBuiltinMpms()

◆ DetectMpmPrepareFrameMpms()

◆ DetectMpmPreparePktMpms()

◆ DetectPktMpmRegister()

◆ DetectPktMpmRegisterByParentId()

◆ DetectSetFastPatternAndItsId()

◆ EngineAnalysisAddAllRulePatterns()

◆ MpmStoreFree()

◆ MpmStoreInit()

◆ MpmStorePrepareBuffer()

◆ MpmStoreReportStats()

◆ PatternMatchDefaultMatcher()

◆ PatternMatchDestroy()

◆ PatternMatchPrepare()

◆ PatternMatchPrepareGroup()

◆ PatternMatchThreadDestroy()

◆ PatternMatchThreadPrepare()

◆ PatternStrength()

◆ PrefilterGenericMpmFrameRegister()

◆ PrefilterGenericMpmPktRegister()

◆ RetrieveFPForSig()

◆ SignatureHasPacketContent()

◆ SignatureHasStreamContent()