#include "interval-tree.h"
#include "detect.h"

Include dependency graph for detect-engine-port.h:

This graph shows which files directly or indirectly include this file:

Data Structures
struct	SCPortIntervalNode

struct	SCPortIntervalTree_

Typedefs
typedef struct SCPortIntervalNode	SCPortIntervalNode

typedef struct SCPortIntervalTree_	SCPortIntervalTree

Functions
	IRB_HEAD (PI, SCPortIntervalNode)

	IRB_PROTOTYPE (PI, SCPortIntervalNode, irb, SCPortIntervalCompare)

SCPortIntervalTree *	SCPortIntervalTreeInit (void)
	Function to initialize the interval tree. More...

void	SCPortIntervalTreeFree (DetectEngineCtx , SCPortIntervalTree )
	Function to free an entire interval tree. More...

int	SCPortIntervalInsert (DetectEngineCtx , SCPortIntervalTree , const DetectPort *)
	Function to insert a node in the interval tree. More...

void	SCPortIntervalFindOverlappingRanges (DetectEngineCtx , const uint16_t, const uint16_t, const struct PI , DetectPort **)
	Callee function to find all overlapping port ranges as asked by the detection engine during Stage 2 of signature grouping. More...

int	DetectPortParse (const DetectEngineCtx , DetectPort head, const char str)
	Function for parsing port strings. More...

DetectPort *	DetectPortCopySingle (DetectEngineCtx , DetectPort )
	Function that return a copy of DetectPort src sigs. More...

int	DetectPortInsert (DetectEngineCtx , DetectPort , DetectPort )
	function for inserting a port group object. This also makes sure SigGroupContainer lists are handled correctly. More...

void	DetectPortCleanupList (const DetectEngineCtx de_ctx, DetectPort head)
	Free a DetectPort list and each of its members. More...

DetectPort *	DetectPortLookupGroup (DetectPort *dp, uint16_t port)
	Function that find the group matching port in a group head. More...

bool	DetectPortListsAreEqual (DetectPort list1, DetectPort list2)
	Checks if two port group lists are equal. More...

void	DetectPortPrint (DetectPort *)
	Helper function that print the DetectPort info. More...

void	DetectPortPrintList (DetectPort *head)
	Helper function used to print the list of ports present in this DetectPort list. More...

int	DetectPortCmp (DetectPort , DetectPort )
	Function that compare port groups. More...

DetectPort *	DetectPortInit (void)
	Alloc a DetectPort structure and update counters. More...

void	DetectPortFree (const DetectEngineCtx de_ctx, DetectPort )
	Free a DetectPort and its members. More...

int	DetectPortTestConfVars (void)

DetectPort *	DetectPortHashLookup (DetectEngineCtx de_ctx, DetectPort dp)
	Used to lookup a DetectPort hash from the detection engine context DetectPort hash table. More...

void	DetectPortHashFree (DetectEngineCtx *de_ctx)
	Frees the hash table - DetectEngineCtx->sgh_hash_table, allocated by DetectPortInit() function. More...

int	DetectPortHashAdd (DetectEngineCtx de_ctx, DetectPort dp)
	Adds a DetectPort to the detection engine context DetectPort hash table. More...

int	DetectPortHashInit (DetectEngineCtx *de_ctx)
	Initializes the hash table in the detection engine context to hold the DetectPort hash. More...

void	DetectPortTests (void)

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file detect-engine-port.h.

Typedef Documentation

◆ SCPortIntervalNode

typedef struct SCPortIntervalNode SCPortIntervalNode

◆ SCPortIntervalTree

typedef struct SCPortIntervalTree_ SCPortIntervalTree

Function Documentation

◆ DetectPortCleanupList()

void DetectPortCleanupList	(	const DetectEngineCtx *	de_ctx,
		DetectPort *	head
	)

Free a DetectPort list and each of its members.

Parameters

head	Pointer to the DetectPort list head

Definition at line 124 of file detect-engine-port.c.

References de_ctx, DetectPortFree(), head, next, and DetectPort_::next.

Referenced by DetectPortTestConfVars(), and SigAddressCleanupStage1().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DetectPortCmp()

int DetectPortCmp	(	DetectPort *	a,
		DetectPort *	b
	)

Function that compare port groups.

Parameters

a	pointer to DetectPort "a"
b	pointer to DetectPort "b"

Return values

PORT_XX	(Port enum value, XX is EQ, ES, EB, LE, etc)
PORT_ER	on error

Definition at line 497 of file detect-engine-port.c.

References DetectPort_::flags, DetectPort_::port, DetectPort_::port2, PORT_EB, PORT_EQ, PORT_ER, PORT_ES, PORT_FLAG_ANY, PORT_GE, PORT_GT, PORT_LE, and PORT_LT.

Referenced by DetectPortInsert(), and DetectPortListsAreEqual().

Here is the caller graph for this function:

◆ DetectPortCopySingle()

DetectPort* DetectPortCopySingle	(	DetectEngineCtx *	de_ctx,
		DetectPort *	src
	)

Function that return a copy of DetectPort src sigs.

Parameters

de_ctx	Pointer to the current Detection Engine Context
src	Pointer to a DetectPort group to copy

Return values

Pointer	to a DetectPort instance (copy of src)
NULL	on error

Definition at line 550 of file detect-engine-port.c.

References de_ctx, DetectPortInit(), dst, SigGroupHeadCopySigs(), and src.

Here is the call graph for this function:

◆ DetectPortFree()

void DetectPortFree	(	const DetectEngineCtx *	de_ctx,
		DetectPort *	dp
	)

Free a DetectPort and its members.

Parameters

dp	Pointer to the DetectPort that has to be freed.

Definition at line 80 of file detect-engine-port.c.

References de_ctx, DetectPort_::flags, PORT_SIGGROUPHEAD_COPY, SCFree, DetectPort_::sh, and SigGroupHeadFree().

Referenced by DetectPortCleanupList(), and DetectPortInsert().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DetectPortHashAdd()

int DetectPortHashAdd	(	DetectEngineCtx *	de_ctx,
		DetectPort *	dp
	)

Adds a DetectPort to the detection engine context DetectPort hash table.

Parameters

de_ctx	Pointer to the detection engine context.
dp	Pointer to the DetectPort.

Return values

ret	0 on Successfully adding the DetectPort; -1 on failure.

Definition at line 1390 of file detect-engine-port.c.

References de_ctx, DetectEngineCtx_::dport_hash_table, and HashListTableAdd().

Here is the call graph for this function:

◆ DetectPortHashFree()

void DetectPortHashFree ( DetectEngineCtx * de_ctx )

Frees the hash table - DetectEngineCtx->sgh_hash_table, allocated by DetectPortInit() function.

Parameters

de_ctx Pointer to the detection engine context.

Definition at line 1421 of file detect-engine-port.c.

References de_ctx, DetectEngineCtx_::dport_hash_table, HashListTableFree(), and DetectEngineCtx_::sgh_hash_table.

Here is the call graph for this function:

◆ DetectPortHashInit()

int DetectPortHashInit ( DetectEngineCtx * de_ctx )

Initializes the hash table in the detection engine context to hold the DetectPort hash.

Parameters

de_ctx Pointer to the detection engine context.

Return values

0	On success.
-1	On failure.

Definition at line 1370 of file detect-engine-port.c.

References de_ctx, DetectEngineCtx_::dport_hash_table, and HashListTableInit().

Here is the call graph for this function:

◆ DetectPortHashLookup()

DetectPort* DetectPortHashLookup	(	DetectEngineCtx *	de_ctx,
		DetectPort *	dp
	)

Used to lookup a DetectPort hash from the detection engine context DetectPort hash table.

Parameters

de_ctx	Pointer to the detection engine context.
sgh	Pointer to the DetectPort.

Return values

rsgh	On success a pointer to the DetectPort if the DetectPort is found in the hash table; NULL on failure.

Definition at line 1406 of file detect-engine-port.c.

References de_ctx, DetectEngineCtx_::dport_hash_table, HashListTableLookup(), SCEnter, and SCReturnPtr.

Here is the call graph for this function:

◆ DetectPortInit()

DetectPort* DetectPortInit ( void )

Alloc a DetectPort structure and update counters.

Return values

dp	newly created DetectPort on success; or NULL in case of error.

Definition at line 67 of file detect-engine-port.c.

References SCCalloc, and unlikely.

Referenced by DetectPortCopySingle(), DetectPortTestConfVars(), and PortParse().

Here is the caller graph for this function:

◆ DetectPortInsert()

int DetectPortInsert	(	DetectEngineCtx *	de_ctx,
		DetectPort **	head,
		DetectPort *	new
	)

function for inserting a port group object. This also makes sure SigGroupContainer lists are handled correctly.

Parameters

de_ctx	Pointer to the current detection engine context
head	Pointer to the DetectPort list head
dp	DetectPort to search in the DetectPort list

Return values

1	inserted
0	not inserted, memory of new is freed
-1	error

Todo:: rewrite to avoid recursive calls

Definition at line 153 of file detect-engine-port.c.

References BUG_ON, de_ctx, DetectPortCmp(), DetectPortFree(), head, DetectPort_::next, PORT_EQ, PORT_ER, PORT_GT, PORT_LT, DetectPort_::prev, and SCLogDebug.

Here is the call graph for this function:

◆ DetectPortListsAreEqual()

bool DetectPortListsAreEqual	(	DetectPort *	list1,
		DetectPort *	list2
	)

Checks if two port group lists are equal.

Parameters

list1	Pointer to the first port group list.
list2	Pointer to the second port group list.

Return values

true	On success.
false	On failure.

Definition at line 638 of file detect-engine-port.c.

References DetectPortCmp(), DetectPort_::next, and PORT_EQ.

Here is the call graph for this function:

◆ DetectPortLookupGroup()

DetectPort* DetectPortLookupGroup	(	DetectPort *	dp,
		uint16_t	port
	)

Function that find the group matching port in a group head.

Parameters

dp	Pointer to DetectPort group where we try to find the group
port	port to search/lookup

Return values

Pointer	to the DetectPort group of our port if it matched
NULL	if port is not in the list

Definition at line 613 of file detect-engine-port.c.

References DetectPort_::next.

Referenced by IPOnlyMatchPacket().

Here is the caller graph for this function:

◆ DetectPortParse()

int DetectPortParse	(	const DetectEngineCtx *	de_ctx,
		DetectPort **	head,
		const char *	str
	)

Function for parsing port strings.

Parameters

de_ctx	Pointer to the detection engine context
head	Pointer to the head of the DetectPort group list
str	Pointer to the port string

Return values

0	on success
-1	on error

Definition at line 1182 of file detect-engine-port.c.

References SCLogDebug, and str.

◆ DetectPortPrint()

void DetectPortPrint ( DetectPort * dp )

Helper function that print the DetectPort info.

Return values

none

Definition at line 590 of file detect-engine-port.c.

References DetectPort_::flags, DetectPort_::port, DetectPort_::port2, PORT_FLAG_ANY, and SCLogDebug.

Referenced by DetectPortPrintList().

Here is the caller graph for this function:

◆ DetectPortPrintList()

void DetectPortPrintList ( DetectPort * head )

Helper function used to print the list of ports present in this DetectPort list.

Parameters

head	Pointer to the DetectPort list head

Definition at line 100 of file detect-engine-port.c.

References cnt, DetectPortPrint(), head, DetectPort_::next, and SCLogDebug.

Here is the call graph for this function:

◆ DetectPortTestConfVars()

int DetectPortTestConfVars ( void )

Definition at line 1106 of file detect-engine-port.c.

References ConfGetNode(), DetectPortCleanupList(), DetectPortInit(), ConfNode_::name, next, SCLogDebug, SCLogError, TAILQ_FOREACH, TAILQ_HEAD_INITIALIZER, and ConfNode_::val.

Here is the call graph for this function:

◆ DetectPortTests()

void DetectPortTests ( void )

◆ IRB_HEAD()

IRB_HEAD	(	PI	,
		SCPortIntervalNode
	)

◆ IRB_PROTOTYPE()

IRB_PROTOTYPE	(	PI	,
		SCPortIntervalNode	,
		irb	,
		SCPortIntervalCompare
	)

◆ SCPortIntervalFindOverlappingRanges()

void SCPortIntervalFindOverlappingRanges	(	DetectEngineCtx *	de_ctx,
		const uint16_t	port,
		const uint16_t	port2,
		const struct PI *	head,
		DetectPort **	list
	)

Callee function to find all overlapping port ranges as asked by the detection engine during Stage 2 of signature grouping.

Parameters

de_ctx	Detection Engine Context
port	Given low port
port2	Given high port
head	Pointer to the head of the tree named PI
list	Pointer to the list of port objects that needs to be filled/updated

Definition at line 316 of file util-port-interval-tree.c.

◆ SCPortIntervalInsert()

int SCPortIntervalInsert	(	DetectEngineCtx *	de_ctx,
		SCPortIntervalTree *	it,
		const DetectPort *	p
	)

Function to insert a node in the interval tree.

Parameters

de_ctx	Detection Engine Context
it	Pointer to the interval tree
p	Pointer to a DetectPort object

Returns: SC_OK if the node was inserted successfully, SC_EINVAL otherwise

Definition at line 109 of file util-port-interval-tree.c.

References de_ctx, DEBUG_VALIDATE_BUG_ON, SCPortIntervalNode::port, DetectPort_::port, SCPortIntervalNode::port2, DetectPort_::port2, SC_EINVAL, SC_OK, SCCalloc, SCFree, SCLogDebug, SCPortIntervalNode::sh, DetectPort_::sh, SigGroupHeadCopySigs(), and SCPortIntervalTree_::tree.

Here is the call graph for this function:

◆ SCPortIntervalTreeFree()

void SCPortIntervalTreeFree	(	DetectEngineCtx *	de_ctx,
		SCPortIntervalTree *	it
	)

Function to free an entire interval tree.

Parameters

de_ctx	Detection Engine Context
it	Pointer to the interval tree

Definition at line 92 of file util-port-interval-tree.c.

◆ SCPortIntervalTreeInit()

SCPortIntervalTree* SCPortIntervalTreeInit ( void )

Function to initialize the interval tree.

Returns: Pointer to the newly created interval tree

Definition at line 58 of file util-port-interval-tree.c.

References SCCalloc.

Data Structures

Typedefs

Functions

Detailed Description

Typedef Documentation

◆ SCPortIntervalNode

◆ SCPortIntervalTree

Function Documentation

◆ DetectPortCleanupList()

◆ DetectPortCmp()

◆ DetectPortCopySingle()

◆ DetectPortFree()

◆ DetectPortHashAdd()

◆ DetectPortHashFree()

◆ DetectPortHashInit()

◆ DetectPortHashLookup()

◆ DetectPortInit()

◆ DetectPortInsert()

◆ DetectPortListsAreEqual()

◆ DetectPortLookupGroup()

◆ DetectPortParse()

◆ DetectPortPrint()

◆ DetectPortPrintList()

◆ DetectPortTestConfVars()

◆ DetectPortTests()

◆ IRB_HEAD()

◆ IRB_PROTOTYPE()

◆ SCPortIntervalFindOverlappingRanges()

◆ SCPortIntervalInsert()

◆ SCPortIntervalTreeFree()

◆ SCPortIntervalTreeInit()