Go to the source code of this file.
Data Structures | |
| struct | DetectTransaction_ |
| struct | PrefilterStore_ |
Typedefs | |
| typedef struct DetectTransaction_ | DetectTransaction |
| typedef struct PrefilterStore_ | PrefilterStore |
Detailed Description
Definition in file detect-engine-prefilter.h.
Typedef Documentation
◆ DetectTransaction
| typedef struct DetectTransaction_ DetectTransaction |
◆ PrefilterStore
| typedef struct PrefilterStore_ PrefilterStore |
Function Documentation
◆ DetectRunPrefilterTx()
| void DetectRunPrefilterTx | ( | DetectEngineThreadCtx * | det_ctx, |
| const SigGroupHead * | sgh, | ||
| Packet * | p, | ||
| const uint8_t | ipproto, | ||
| const uint8_t | flow_flags, | ||
| const AppProto | alproto, | ||
| void * | alstate, | ||
| DetectTransaction * | tx | ||
| ) |
run prefilter engines on a transaction
Definition at line 95 of file detect-engine-prefilter.c.
References PrefilterEngine_::alproto, AppLayerParserGetStateNameById(), AppProtoToString(), PrefilterEngine_::cb, PrefilterEngine_::ctx, DetectTransaction_::detect_progress, DetectGetInnerTx(), Packet_::flow, PrefilterEngine_::gid, PrefilterEngine_::is_last, PrefilterEngine_::is_last_for_progress, likely, next, PACKET_PROFILING_DETECT_START, Packet_::pcap_cnt, PrefilterEngine_::pectx, DetectEngineThreadCtx_::pmq, PREFILTER_PROFILING_END, PREFILTER_PROFILING_START, PrefilterEngine_::PrefilterTx, PROF_DETECT_PF_SORT1, PrefilterRuleStore_::rule_id_array_cnt, SCLogDebug, DetectTransaction_::tx_data_ptr, SigGroupHead_::tx_engines, DetectTransaction_::tx_id, PrefilterEngine_::tx_min_progress, DetectTransaction_::tx_progress, and DetectTransaction_::tx_ptr.
◆ PostRuleMatchWorkQueueAppend()
| void PostRuleMatchWorkQueueAppend | ( | DetectEngineThreadCtx * | det_ctx, |
| const Signature * | s, | ||
| const int | type, | ||
| const uint32_t | value | ||
| ) |
Definition at line 1750 of file detect-engine-prefilter.c.
References DETECT_EVENT_POST_MATCH_QUEUE_FAILED, DetectEngineSetEvent(), Signature_::iid, PostRuleMatchWorkQueue::len, DetectEngineThreadCtx_::post_rule_work_queue, PostRuleMatchWorkQueue::q, QUEUE_STEP, SCCalloc, SCLogDebug, SCRealloc, PostRuleMatchWorkQueue::size, PostRuleMatchWorkQueueItem::sm_type, type, and PostRuleMatchWorkQueueItem::value.
◆ Prefilter()
| void Prefilter | ( | DetectEngineThreadCtx * | , |
| const SigGroupHead * | , | ||
| Packet * | p, | ||
| const uint8_t | flags, | ||
| const SignatureMask | mask | ||
| ) |
Definition at line 216 of file detect-engine-prefilter.c.
References Flow_::alparser, Flow_::alproto, ALPROTO_UNKNOWN, BIT_U16, PrefilterEngine_::cb, PrefilterEngine_::ctx, flags, Packet_::flags, Packet_::flow, SigGroupHead_::frame_engines, PrefilterEngine_::gid, PrefilterEngine_::is_last, likely, PACKET_PROFILING_DETECT_END, PACKET_PROFILING_DETECT_START, SigGroupHead_::payload_engines, Packet_::payload_len, PrefilterEngine_::pectx, PrefilterEngine_::pkt, PKT_DETECT_HAS_STREAMDATA, SigGroupHead_::pkt_engines, Packet_::pkt_hooks, PKT_NOPAYLOAD_INSPECTION, DetectEngineThreadCtx_::pmq, PrefilterEngine_::Prefilter, PREFILTER_PROFILING_END, PREFILTER_PROFILING_START, PROF_DETECT_PF_PAYLOAD, PROF_DETECT_PF_PKT, PROF_DETECT_PF_RECORD, PROF_DETECT_PF_SORT1, Packet_::proto, PrefilterRuleStore_::rule_id_array_cnt, SCEnter, and SCLogDebug.
◆ PrefilterAppendEngine()
| int PrefilterAppendEngine | ( | DetectEngineCtx * | de_ctx, |
| SigGroupHead * | sgh, | ||
| PrefilterPktFn | PrefilterFunc, | ||
| SignatureMask | mask, | ||
| enum SignatureHookPkt | hook, | ||
| void * | pectx, | ||
| void(*)(void *pectx) | FreeFunc, | ||
| const char * | name | ||
| ) |
Definition at line 282 of file detect-engine-prefilter.c.
References BUG_ON, CLS, PrefilterEngineList_::Free, PrefilterEngineList_::gid, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngineList_::name, name, PrefilterEngineList_::next, PrefilterEngineList_::pectx, SigGroupHeadInitData_::pkt_engines, PrefilterEngineList_::pkt_hook, PrefilterEngineList_::pkt_mask, PrefilterEngineList_::Prefilter, and SCMallocAligned.
Referenced by PrefilterGenericMpmPktRegister().
◆ PrefilterAppendFrameEngine()
| int PrefilterAppendFrameEngine | ( | DetectEngineCtx * | de_ctx, |
| SigGroupHead * | sgh, | ||
| PrefilterFrameFn | PrefilterFrameFunc, | ||
| AppProto | alproto, | ||
| uint8_t | frame_type, | ||
| void * | pectx, | ||
| void(*)(void *pectx) | FreeFunc, | ||
| const char * | name | ||
| ) |
Definition at line 389 of file detect-engine-prefilter.c.
References PrefilterEngineList_::alproto, CLS, SigGroupHeadInitData_::frame_engines, PrefilterEngineList_::frame_type, PrefilterEngineList_::Free, PrefilterEngineList_::gid, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngineList_::name, name, PrefilterEngineList_::next, PrefilterEngineList_::pectx, PrefilterEngineList_::PrefilterFrame, and SCMallocAligned.
Referenced by PrefilterGenericMpmFrameRegister().
◆ PrefilterAppendPayloadEngine()
| int PrefilterAppendPayloadEngine | ( | DetectEngineCtx * | de_ctx, |
| SigGroupHead * | sgh, | ||
| PrefilterPktFn | PrefilterFunc, | ||
| void * | pectx, | ||
| void(*)(void *pectx) | FreeFunc, | ||
| const char * | name | ||
| ) |
Definition at line 320 of file detect-engine-prefilter.c.
References CLS, PrefilterEngineList_::Free, PrefilterEngineList_::gid, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngineList_::name, name, PrefilterEngineList_::next, SigGroupHeadInitData_::payload_engines, PrefilterEngineList_::pectx, PrefilterEngineList_::Prefilter, and SCMallocAligned.
Referenced by PrefilterPktPayloadRegister(), and PrefilterPktStreamRegister().
◆ PrefilterAppendPostRuleEngine()
| int PrefilterAppendPostRuleEngine | ( | DetectEngineCtx * | de_ctx, |
| SigGroupHead * | sgh, | ||
| void(*)(DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p, Flow *f) | PrefilterPostRuleFunc, | ||
| void * | pectx, | ||
| void(*)(void *pectx) | FreeFunc, | ||
| const char * | name | ||
| ) |
Definition at line 424 of file detect-engine-prefilter.c.
References CLS, PrefilterEngineList_::Free, PrefilterEngineList_::gid, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngineList_::name, name, PrefilterEngineList_::next, PrefilterEngineList_::pectx, SigGroupHeadInitData_::post_rule_match_engines, PrefilterEngineList_::PrefilterPostRule, and SCMallocAligned.
◆ PrefilterAppendTxEngine()
| int PrefilterAppendTxEngine | ( | DetectEngineCtx * | de_ctx, |
| SigGroupHead * | sgh, | ||
| PrefilterTxFn | PrefilterTxFunc, | ||
| const AppProto | alproto, | ||
| const int | tx_min_progress, | ||
| void * | pectx, | ||
| void(*)(void *pectx) | FreeFunc, | ||
| const char * | name | ||
| ) |
Definition at line 352 of file detect-engine-prefilter.c.
References PrefilterEngineList_::alproto, CLS, DEBUG_VALIDATE_BUG_ON, PrefilterEngineList_::Free, PrefilterEngineList_::gid, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngineList_::name, name, PrefilterEngineList_::next, PrefilterEngineList_::pectx, PrefilterEngineList_::PrefilterTx, SCMallocAligned, SigGroupHeadInitData_::tx_engines, and PrefilterEngineList_::tx_min_progress.
Referenced by PrefilterGenericMpmRegister(), PrefilterMpmFiledataRegister(), PrefilterMultiGenericMpmRegister(), and PrefilterSingleMpmRegister().
◆ PrefilterCleanupRuleGroup()
| void PrefilterCleanupRuleGroup | ( | const DetectEngineCtx * | de_ctx, |
| SigGroupHead * | sgh | ||
| ) |
Definition at line 493 of file detect-engine-prefilter.c.
References SigGroupHead_::pkt_engines.
Referenced by SigGroupHeadFree().
◆ PrefilterDeinit()
| void PrefilterDeinit | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 1420 of file detect-engine-prefilter.c.
References de_ctx, HashListTableFree(), and DetectEngineCtx_::prefilter_hash_table.
◆ PrefilterFreeEnginesList()
| void PrefilterFreeEnginesList | ( | PrefilterEngineList * | list | ) |
Definition at line 465 of file detect-engine-prefilter.c.
Referenced by SigGroupHeadInitDataFree().
◆ PrefilterGenericMpmPktRegister()
| int PrefilterGenericMpmPktRegister | ( | DetectEngineCtx * | de_ctx, |
| SigGroupHead * | sgh, | ||
| MpmCtx * | mpm_ctx, | ||
| const DetectBufferMpmRegistry * | mpm_reg, | ||
| int | list_id | ||
| ) |
Definition at line 1727 of file detect-engine-prefilter.c.
References de_ctx, PrefilterMpmPktCtx::GetData, PrefilterMpmPktCtx::list_id, PrefilterMpmPktCtx::mpm_ctx, DetectBufferMpmRegistry_::pkt_v1, PrefilterAppendEngine(), SCCalloc, SCEnter, SIGNATURE_HOOK_PKT_NOT_SET, DetectBufferMpmRegistry_::transforms, and PrefilterMpmPktCtx::transforms.
◆ PrefilterGenericMpmRegister()
| int PrefilterGenericMpmRegister | ( | DetectEngineCtx * | de_ctx, |
| SigGroupHead * | sgh, | ||
| MpmCtx * | mpm_ctx, | ||
| const DetectBufferMpmRegistry * | mpm_reg, | ||
| int | list_id | ||
| ) |
Definition at line 1584 of file detect-engine-prefilter.c.
References DetectBufferMpmRegistry_::app_v2, de_ctx, PrefilterMpmCtx::GetData, PrefilterMpmCtx::list_id, PrefilterMpmCtx::mpm_ctx, PrefilterAppendTxEngine(), SCCalloc, SCEnter, DetectBufferMpmRegistry_::transforms, and PrefilterMpmCtx::transforms.
◆ PrefilterInit()
| void PrefilterInit | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 1427 of file detect-engine-prefilter.c.
References BUG_ON, de_ctx, HashListTableInit(), and DetectEngineCtx_::prefilter_hash_table.
◆ PrefilterMultiGenericMpmRegister()
| int PrefilterMultiGenericMpmRegister | ( | DetectEngineCtx * | de_ctx, |
| SigGroupHead * | sgh, | ||
| MpmCtx * | mpm_ctx, | ||
| const DetectBufferMpmRegistry * | mpm_reg, | ||
| int | list_id | ||
| ) |
Definition at line 1658 of file detect-engine-prefilter.c.
References DetectBufferMpmRegistry_::app_v2, de_ctx, PrefilterMpmListId::GetData, PrefilterMpmListId::list_id, PrefilterMpmListId::mpm_ctx, PrefilterAppendTxEngine(), SCCalloc, SCEnter, PrefilterMpmListId::transforms, and DetectBufferMpmRegistry_::transforms.
◆ PrefilterPktNonPFStatsDump()
| void PrefilterPktNonPFStatsDump | ( | void | ) |
Definition at line 590 of file detect-engine-prefilter.c.
References SCLogDebug.
◆ PrefilterPostRuleMatch()
| void PrefilterPostRuleMatch | ( | DetectEngineThreadCtx * | det_ctx, |
| const SigGroupHead * | sgh, | ||
| Packet * | p, | ||
| Flow * | f | ||
| ) |
invoke post-rule match "prefilter" engines
Invoke prefilter engines that depend on a rule match to run. e.g. the flowbits:set prefilter that adds sids that depend on a flowbit "set" to the match array.
Definition at line 193 of file detect-engine-prefilter.c.
References PrefilterEngine_::cb, PrefilterEngine_::gid, PrefilterEngine_::is_last, PrefilterEngine_::pectx, DetectEngineThreadCtx_::pmq, SigGroupHead_::post_rule_match_engines, PREFILTER_PROFILING_END, PREFILTER_PROFILING_START, PrefilterEngine_::PrefilterPostRule, PrefilterRuleStore_::rule_id_array_cnt, and SCLogDebug.
◆ PrefilterSetupRuleGroup()
| int PrefilterSetupRuleGroup | ( | DetectEngineCtx * | de_ctx, |
| SigGroupHead * | sgh | ||
| ) |
Definition at line 1176 of file detect-engine-prefilter.c.
References de_ctx, DETECT_PREFILTER_AUTO, DETECT_TBLSIZE, FatalError, PatternMatchPrepareGroup(), DetectEngineCtx_::prefilter_setting, SigTableElmt_::SetupPrefilter, sigmatch_table, and DetectEngineCtx_::sm_types_prefilter.
Referenced by SigPrepareStage4().
◆ PrefilterSingleMpmRegister()
| int PrefilterSingleMpmRegister | ( | DetectEngineCtx * | de_ctx, |
| SigGroupHead * | sgh, | ||
| MpmCtx * | mpm_ctx, | ||
| const DetectBufferMpmRegistry * | mpm_reg, | ||
| int | list_id | ||
| ) |
Definition at line 1605 of file detect-engine-prefilter.c.
References DetectBufferMpmRegistry_::app_v2, de_ctx, PrefilterMpmCtx::GetDataSingle, PrefilterMpmCtx::list_id, PrefilterMpmCtx::mpm_ctx, PrefilterAppendTxEngine(), SCCalloc, SCEnter, DetectBufferMpmRegistry_::transforms, and PrefilterMpmCtx::transforms.
◆ PrefilterStoreGetName()
| const char* PrefilterStoreGetName | ( | const uint32_t | id | ) |
Definition at line 1492 of file detect-engine-prefilter.c.
