#include "suricata-common.h"
#include "decode.h"
#include "detect.h"
#include "flow-var.h"
#include "util-cidr.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "util-rule-vars.h"
#include "detect-parse.h"
#include "detect-engine.h"
#include "detect-engine-mpm.h"
#include "detect-engine-siggroup.h"
#include "detect-engine-port.h"
#include "conf.h"
#include "util-debug.h"
#include "util-error.h"
#include "pkt-var.h"
#include "host.h"
#include "util-profiling.h"
#include "util-var.h"
#include "util-byte.h"
#include "packet.h"

Include dependency graph for detect-engine-port.c:

Functions
DetectPort *	PortParse (const char *str)
	Helper function for parsing port strings. More...

DetectPort *	DetectPortInit (void)
	Alloc a DetectPort structure and update counters. More...

void	DetectPortFree (const DetectEngineCtx de_ctx, DetectPort dp)
	Free a DetectPort and its members. More...

void	DetectPortPrintList (DetectPort *head)
	Helper function used to print the list of ports present in this DetectPort list. More...

void	DetectPortCleanupList (const DetectEngineCtx de_ctx, DetectPort head)
	Free a DetectPort list and each of its members. More...

int	DetectPortInsert (DetectEngineCtx de_ctx, DetectPort head, DetectPort new)
	function for inserting a port group object. This also makes sure SigGroupContainer lists are handled correctly. More...

int	DetectPortCmp (DetectPort a, DetectPort b)
	Function that compare port groups. More...

DetectPort *	DetectPortCopySingle (DetectEngineCtx de_ctx, DetectPort src)
	Function that return a copy of DetectPort src sigs. More...

void	DetectPortPrint (DetectPort *dp)
	Helper function that print the DetectPort info. More...

DetectPort *	DetectPortLookupGroup (DetectPort *dp, uint16_t port)
	Function that find the group matching port in a group head. More...

bool	DetectPortListsAreEqual (DetectPort list1, DetectPort list2)
	Checks if two port group lists are equal. More...

int	DetectPortTestConfVars (void)

int	DetectPortParse (const DetectEngineCtx de_ctx, DetectPort head, const char str)
	Function for parsing port strings. More...

int	DetectPortHashInit (DetectEngineCtx *de_ctx)
	Initializes the hash table in the detection engine context to hold the DetectPort hash. More...

int	DetectPortHashAdd (DetectEngineCtx de_ctx, DetectPort dp)
	Adds a DetectPort to the detection engine context DetectPort hash table. More...

DetectPort *	DetectPortHashLookup (DetectEngineCtx de_ctx, DetectPort dp)
	Used to lookup a DetectPort hash from the detection engine context DetectPort hash table. More...

void	DetectPortHashFree (DetectEngineCtx *de_ctx)
	Frees the hash table - DetectEngineCtx->sgh_hash_table, allocated by DetectPortInit() function. More...

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Ports part of the detection engine.

Todo:: more unit testing

Definition in file detect-engine-port.c.

Function Documentation

◆ DetectPortCleanupList()

void DetectPortCleanupList	(	const DetectEngineCtx *	de_ctx,
		DetectPort *	head
	)

Free a DetectPort list and each of its members.

Parameters

head	Pointer to the DetectPort list head

Definition at line 124 of file detect-engine-port.c.

References de_ctx, DetectPortFree(), head, next, and DetectPort_::next.

Referenced by DetectPortTestConfVars(), and SigAddressCleanupStage1().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DetectPortCmp()

int DetectPortCmp	(	DetectPort *	a,
		DetectPort *	b
	)

Function that compare port groups.

Parameters

a	pointer to DetectPort "a"
b	pointer to DetectPort "b"

Return values

PORT_XX	(Port enum value, XX is EQ, ES, EB, LE, etc)
PORT_ER	on error

Definition at line 497 of file detect-engine-port.c.

References DetectPort_::flags, DetectPort_::port, DetectPort_::port2, PORT_EB, PORT_EQ, PORT_ER, PORT_ES, PORT_FLAG_ANY, PORT_GE, PORT_GT, PORT_LE, and PORT_LT.

Referenced by DetectPortInsert(), and DetectPortListsAreEqual().

Here is the caller graph for this function:

◆ DetectPortCopySingle()

DetectPort* DetectPortCopySingle	(	DetectEngineCtx *	de_ctx,
		DetectPort *	src
	)

Function that return a copy of DetectPort src sigs.

Parameters

de_ctx	Pointer to the current Detection Engine Context
src	Pointer to a DetectPort group to copy

Return values

Pointer	to a DetectPort instance (copy of src)
NULL	on error

Definition at line 550 of file detect-engine-port.c.

References de_ctx, DetectPortInit(), dst, SigGroupHeadCopySigs(), and src.

Here is the call graph for this function:

◆ DetectPortFree()

void DetectPortFree	(	const DetectEngineCtx *	de_ctx,
		DetectPort *	dp
	)

Free a DetectPort and its members.

Parameters

dp	Pointer to the DetectPort that has to be freed.

Definition at line 80 of file detect-engine-port.c.

References de_ctx, DetectPort_::flags, PORT_SIGGROUPHEAD_COPY, SCFree, DetectPort_::sh, and SigGroupHeadFree().

Referenced by DetectPortCleanupList(), and DetectPortInsert().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DetectPortHashAdd()

int DetectPortHashAdd	(	DetectEngineCtx *	de_ctx,
		DetectPort *	dp
	)

Adds a DetectPort to the detection engine context DetectPort hash table.

Parameters

de_ctx	Pointer to the detection engine context.
dp	Pointer to the DetectPort.

Return values

ret	0 on Successfully adding the DetectPort; -1 on failure.

Definition at line 1390 of file detect-engine-port.c.

References de_ctx, DetectEngineCtx_::dport_hash_table, and HashListTableAdd().

Here is the call graph for this function:

◆ DetectPortHashFree()

void DetectPortHashFree ( DetectEngineCtx * de_ctx )

Frees the hash table - DetectEngineCtx->sgh_hash_table, allocated by DetectPortInit() function.

Parameters

de_ctx Pointer to the detection engine context.

Definition at line 1421 of file detect-engine-port.c.

References de_ctx, DetectEngineCtx_::dport_hash_table, HashListTableFree(), and DetectEngineCtx_::sgh_hash_table.

Here is the call graph for this function:

◆ DetectPortHashInit()

int DetectPortHashInit ( DetectEngineCtx * de_ctx )

Initializes the hash table in the detection engine context to hold the DetectPort hash.

Parameters

de_ctx Pointer to the detection engine context.

Return values

0	On success.
-1	On failure.

Definition at line 1370 of file detect-engine-port.c.

References de_ctx, DetectEngineCtx_::dport_hash_table, and HashListTableInit().

Here is the call graph for this function:

◆ DetectPortHashLookup()

DetectPort* DetectPortHashLookup	(	DetectEngineCtx *	de_ctx,
		DetectPort *	dp
	)

Used to lookup a DetectPort hash from the detection engine context DetectPort hash table.

Parameters

de_ctx	Pointer to the detection engine context.
sgh	Pointer to the DetectPort.

Return values

rsgh	On success a pointer to the DetectPort if the DetectPort is found in the hash table; NULL on failure.

Definition at line 1406 of file detect-engine-port.c.

References de_ctx, DetectEngineCtx_::dport_hash_table, HashListTableLookup(), SCEnter, and SCReturnPtr.

Here is the call graph for this function:

◆ DetectPortInit()

DetectPort* DetectPortInit ( void )

Alloc a DetectPort structure and update counters.

Return values

dp	newly created DetectPort on success; or NULL in case of error.

Definition at line 67 of file detect-engine-port.c.

References SCCalloc, and unlikely.

Referenced by DetectPortCopySingle(), DetectPortTestConfVars(), and PortParse().

Here is the caller graph for this function:

◆ DetectPortInsert()

int DetectPortInsert	(	DetectEngineCtx *	de_ctx,
		DetectPort **	head,
		DetectPort *	new
	)

function for inserting a port group object. This also makes sure SigGroupContainer lists are handled correctly.

Parameters

de_ctx	Pointer to the current detection engine context
head	Pointer to the DetectPort list head
dp	DetectPort to search in the DetectPort list

Return values

1	inserted
0	not inserted, memory of new is freed
-1	error

Todo:: rewrite to avoid recursive calls

Definition at line 153 of file detect-engine-port.c.

References BUG_ON, de_ctx, DetectPortCmp(), DetectPortFree(), head, DetectPort_::next, PORT_EQ, PORT_ER, PORT_GT, PORT_LT, DetectPort_::prev, and SCLogDebug.

Here is the call graph for this function:

◆ DetectPortListsAreEqual()

bool DetectPortListsAreEqual	(	DetectPort *	list1,
		DetectPort *	list2
	)

Checks if two port group lists are equal.

Parameters

list1	Pointer to the first port group list.
list2	Pointer to the second port group list.

Return values

true	On success.
false	On failure.

Definition at line 638 of file detect-engine-port.c.

References DetectPortCmp(), DetectPort_::next, and PORT_EQ.

Here is the call graph for this function:

◆ DetectPortLookupGroup()

DetectPort* DetectPortLookupGroup	(	DetectPort *	dp,
		uint16_t	port
	)

Function that find the group matching port in a group head.

Parameters

dp	Pointer to DetectPort group where we try to find the group
port	port to search/lookup

Return values

Pointer	to the DetectPort group of our port if it matched
NULL	if port is not in the list

Definition at line 613 of file detect-engine-port.c.

References DetectPort_::next.

Referenced by IPOnlyMatchPacket().

Here is the caller graph for this function:

◆ DetectPortParse()

int DetectPortParse	(	const DetectEngineCtx *	de_ctx,
		DetectPort **	head,
		const char *	str
	)

Function for parsing port strings.

Parameters

de_ctx	Pointer to the detection engine context
head	Pointer to the head of the DetectPort group list
str	Pointer to the port string

Return values

0	on success
-1	on error

Definition at line 1182 of file detect-engine-port.c.

References SCLogDebug, and str.

◆ DetectPortPrint()

void DetectPortPrint ( DetectPort * dp )

Helper function that print the DetectPort info.

Return values

none

Definition at line 590 of file detect-engine-port.c.

References DetectPort_::flags, DetectPort_::port, DetectPort_::port2, PORT_FLAG_ANY, and SCLogDebug.

Referenced by DetectPortPrintList().

Here is the caller graph for this function:

◆ DetectPortPrintList()

void DetectPortPrintList ( DetectPort * head )

Helper function used to print the list of ports present in this DetectPort list.

Parameters

head	Pointer to the DetectPort list head

Definition at line 100 of file detect-engine-port.c.

References cnt, DetectPortPrint(), head, DetectPort_::next, and SCLogDebug.

Here is the call graph for this function:

◆ DetectPortTestConfVars()

int DetectPortTestConfVars ( void )

Definition at line 1106 of file detect-engine-port.c.

References ConfGetNode(), DetectPortCleanupList(), DetectPortInit(), ConfNode_::name, next, SCLogDebug, SCLogError, TAILQ_FOREACH, TAILQ_HEAD_INITIALIZER, and ConfNode_::val.

Here is the call graph for this function:

◆ PortParse()

DetectPort * PortParse ( const char * str )

Helper function for parsing port strings.

Parameters

str	Pointer to the port string

Return values

DetectPort	pointer of the parse string on success
NULL	on error

Definition at line 1218 of file detect-engine-port.c.

References DetectPortInit(), DetectPort_::flags, PORT_FLAG_NOT, str, and strlcpy().

Here is the call graph for this function:

Functions

Detailed Description

Function Documentation

◆ DetectPortCleanupList()

◆ DetectPortCmp()

◆ DetectPortCopySingle()

◆ DetectPortFree()

◆ DetectPortHashAdd()

◆ DetectPortHashFree()

◆ DetectPortHashInit()

◆ DetectPortHashLookup()

◆ DetectPortInit()

◆ DetectPortInsert()

◆ DetectPortListsAreEqual()

◆ DetectPortLookupGroup()

◆ DetectPortParse()

◆ DetectPortPrint()

◆ DetectPortPrintList()

◆ DetectPortTestConfVars()

◆ PortParse()