detect-engine-prefilter.h File Reference

#include "detect-engine-state.h"

Include dependency graph for detect-engine-prefilter.h:

Go to the source code of this file.

Data Structures
struct	PrefilterStore_

Typedefs
typedef struct PrefilterStore_	PrefilterStore

Functions
void	Prefilter (DetectEngineThreadCtx *, const SigGroupHead *, Packet *p, const uint8_t flags)
int	PrefilterAppendEngine (DetectEngineCtx *de_ctx, SigGroupHead *sgh, void(*Prefilter)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx), void *pectx, void(*FreeFunc)(void *pectx), const char *name)
int	PrefilterAppendPayloadEngine (DetectEngineCtx *de_ctx, SigGroupHead *sgh, void(*Prefilter)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx), void *pectx, void(*FreeFunc)(void *pectx), const char *name)
int	PrefilterAppendTxEngine (DetectEngineCtx *de_ctx, SigGroupHead *sgh, void(*PrefilterTx)(DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p, Flow *f, void *tx, const uint64_t idx, const uint8_t flags), const AppProto alproto, const int tx_min_progress, void *pectx, void(*FreeFunc)(void *pectx), const char *name)
void	DetectRunPrefilterTx (DetectEngineThreadCtx *det_ctx, const SigGroupHead *sgh, Packet *p, const uint8_t ipproto, const uint8_t flow_flags, const AppProto alproto, void *alstate, DetectTransaction *tx)
	run prefilter engines on a transaction More...
void	PrefilterFreeEnginesList (PrefilterEngineList *list)
void	PrefilterSetupRuleGroup (DetectEngineCtx *de_ctx, SigGroupHead *sgh)
void	PrefilterCleanupRuleGroup (const DetectEngineCtx *de_ctx, SigGroupHead *sgh)
const char *	PrefilterStoreGetName (const uint32_t id)
void	PrefilterInit (DetectEngineCtx *de_ctx)
void	PrefilterDeinit (DetectEngineCtx *de_ctx)
int	PrefilterGenericMpmRegister (DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectMpmAppLayerRegistery *mpm_reg, int list_id)

Detailed Description

Author

Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file detect-engine-prefilter.h.

Typedef Documentation

typedef struct PrefilterStore_ PrefilterStore

Function Documentation

void DetectRunPrefilterTx	(	DetectEngineThreadCtx *	det_ctx,
		const SigGroupHead *	sgh,
		Packet *	p,
		const uint8_t	ipproto,
		const uint8_t	flow_flags,
		const AppProto	alproto,
		void *	alstate,
		DetectTransaction *	tx
	)

run prefilter engines on a transaction

Definition at line 90 of file detect-engine-prefilter.c.

References PrefilterEngine_::alproto, PrefilterEngine_::cb, Packet_::flow, PrefilterEngine_::gid, PrefilterEngine_::is_last, likely, PrefilterEngine_::local_id, next, PACKET_PROFILING_DETECT_END, PACKET_PROFILING_DETECT_START, PrefilterEngine_::pectx, DetectEngineThreadCtx_::pmq, DetectTransaction_::prefilter_flags, PREFILTER_PROFILING_END, PREFILTER_PROFILING_START, PrefilterEngine_::PrefilterTx, PROF_DETECT_PF_SORT1, PrefilterRuleStore_::rule_id_array, PrefilterRuleStore_::rule_id_array_cnt, SCLogDebug, SigGroupHead_::tx_engines, DetectTransaction_::tx_id, PrefilterEngine_::tx_min_progress, DetectTransaction_::tx_progress, and DetectTransaction_::tx_ptr.

void Prefilter	(	DetectEngineThreadCtx *	,
		const SigGroupHead *	,
		Packet *	p,
		const uint8_t	flags
	)

Definition at line 139 of file detect-engine-prefilter.c.

References PrefilterEngine_::cb, Packet_::flags, PrefilterEngine_::gid, PrefilterEngine_::is_last, likely, PACKET_PROFILING_DETECT_END, PACKET_PROFILING_DETECT_START, SigGroupHead_::payload_engines, Packet_::payload_len, PrefilterEngine_::pectx, PKT_DETECT_HAS_STREAMDATA, SigGroupHead_::pkt_engines, PKT_NOPAYLOAD_INSPECTION, DetectEngineThreadCtx_::pmq, PrefilterEngine_::Prefilter, PREFILTER_PROFILING_END, PREFILTER_PROFILING_START, PROF_DETECT_PF_PAYLOAD, PROF_DETECT_PF_PKT, PROF_DETECT_PF_SORT1, PrefilterRuleStore_::rule_id_array, PrefilterRuleStore_::rule_id_array_cnt, SCEnter, and SCReturn.

Referenced by SigMatchSignaturesGetSgh().

Here is the caller graph for this function:

int PrefilterAppendEngine	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	sgh,
		void(*)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)	Prefilter,
		void *	pectx,
		void(*)(void *pectx)	FreeFunc,
		const char *	name
	)

Definition at line 189 of file detect-engine-prefilter.c.

References CLS, PrefilterEngineList_::Free, PrefilterEngineList_::gid, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngineList_::name, PrefilterEngineList_::next, PrefilterEngineList_::pectx, SigGroupHeadInitData_::pkt_engines, PrefilterEngineList_::Prefilter, and SCMallocAligned.

int PrefilterAppendPayloadEngine	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	sgh,
		void(*)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)	Prefilter,
		void *	pectx,
		void(*)(void *pectx)	FreeFunc,
		const char *	name
	)

Definition at line 223 of file detect-engine-prefilter.c.

References CLS, PrefilterEngineList_::Free, PrefilterEngineList_::gid, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngineList_::name, PrefilterEngineList_::next, SigGroupHeadInitData_::payload_engines, PrefilterEngineList_::pectx, PrefilterEngineList_::Prefilter, and SCMallocAligned.

Referenced by PrefilterPktPayloadRegister(), and PrefilterPktStreamRegister().

Here is the caller graph for this function:

int PrefilterAppendTxEngine	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	sgh,
		void(*)(DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p, Flow *f, void *tx, const uint64_t idx, const uint8_t flags)	PrefilterTx,
		const AppProto	alproto,
		const int	tx_min_progress,
		void *	pectx,
		void(*)(void *pectx)	FreeFunc,
		const char *	name
	)

Definition at line 257 of file detect-engine-prefilter.c.

References PrefilterEngineList_::alproto, CLS, PrefilterEngineList_::Free, PrefilterEngineList_::gid, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngineList_::name, PrefilterEngineList_::next, PrefilterEngineList_::pectx, PrefilterEngineList_::PrefilterTx, SCFreeAligned, SCMallocAligned, SigGroupHeadInitData_::tx_engines, and PrefilterEngineList_::tx_min_progress.

Referenced by DetectFilemagicRegister(), DetectTlsCertsRegister(), PrefilterGenericMpmRegister(), and PrefilterMpmFiledataRegister().

Here is the caller graph for this function:

void PrefilterCleanupRuleGroup	(	const DetectEngineCtx *	de_ctx,
		SigGroupHead *	sgh
	)

Definition at line 332 of file detect-engine-prefilter.c.

References SigGroupHead_::payload_engines, SigGroupHead_::pkt_engines, and SigGroupHead_::tx_engines.

Referenced by SigGroupHeadFree().

Here is the caller graph for this function:

void PrefilterDeinit

(

DetectEngineCtx *

de_ctx

)

Definition at line 480 of file detect-engine-prefilter.c.

References HashListTableFree(), and DetectEngineCtx_::prefilter_hash_table.

Referenced by InspectionBufferApplyTransforms().

Here is the call graph for this function:

Here is the caller graph for this function:

void PrefilterFreeEnginesList

(

PrefilterEngineList *

list

)

Definition at line 304 of file detect-engine-prefilter.c.

References PrefilterStore_::FreeFunc, PrefilterEngine_::gid, PrefilterEngine_::is_last, next, PrefilterEngineList_::next, PrefilterEngine_::pectx, and SCFreeAligned.

Referenced by SigGroupHeadInitDataFree().

Here is the caller graph for this function:

int PrefilterGenericMpmRegister	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	sgh,
		MpmCtx *	mpm_ctx,
		const DetectMpmAppLayerRegistery *	mpm_reg,
		int	list_id
	)

Definition at line 608 of file detect-engine-prefilter.c.

References DetectMpmAppLayerRegistery_::alproto, PrefilterMpmCtx::GetData, DetectMpmAppLayerRegistery_::GetData, PrefilterMpmCtx::list_id, PrefilterMpmCtx::mpm_ctx, DetectMpmAppLayerRegistery_::pname, PrefilterAppendTxEngine(), SCCalloc, SCEnter, SCFree, PrefilterMpmCtx::transforms, DetectMpmAppLayerRegistery_::transforms, DetectMpmAppLayerRegistery_::tx_min_progress, and DetectMpmAppLayerRegistery_::v2.

Referenced by DetectAppLayerMpmRegister2(), DetectDceStubDataRegister(), DetectFiledataRegister(), DetectHttpClientBodyRegister(), DetectHttpCookieRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpProtocolRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriRegister(), DetectSmbNamedPipeRegister(), DetectSmbShareRegister(), DetectSNMPCommunityRegister(), DetectSshProtocolRegister(), DetectSshSoftwareRegister(), DetectTemplateBufferRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), DetectTlsJa3SStringRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), and DetectTlsSubjectRegister().

Here is the call graph for this function:

Here is the caller graph for this function:

void PrefilterInit

(

DetectEngineCtx *

de_ctx

)

Definition at line 487 of file detect-engine-prefilter.c.

References BUG_ON, PrefilterStore_::FreeFunc, HashListTableAdd(), HashListTableGetListData, HashListTableGetListHead(), HashListTableGetListNext, HashListTableInit(), HashListTableLookup(), PrefilterStore_::id, PrefilterStore_::name, DetectEngineCtx_::prefilter_hash_table, DetectEngineCtx_::prefilter_id, SCCalloc, SCFree, and SCLogDebug.

Referenced by InspectionBufferApplyTransforms().

Here is the call graph for this function:

Here is the caller graph for this function:

void PrefilterSetupRuleGroup	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	sgh
	)

Definition at line 348 of file detect-engine-prefilter.c.

References PrefilterEngineList_::alproto, PrefilterEngine_::alproto, HashListTable_::array_size, BUG_ON, PrefilterEngine_::cb, CLS, DETECT_PREFILTER_AUTO, DETECT_TBLSIZE, PrefilterEngineList_::gid, PrefilterEngine_::gid, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngine_::is_last, PrefilterEngine_::local_id, MAX, PrefilterStore_::name, PrefilterEngineList_::next, PatternMatchPrepareGroup(), SigGroupHeadInitData_::payload_engines, SigGroupHead_::payload_engines, PrefilterEngineList_::pectx, PrefilterEngine_::pectx, SigGroupHeadInitData_::pkt_engines, SigGroupHead_::pkt_engines, PrefilterEngineList_::Prefilter, PrefilterEngine_::Prefilter, DetectEngineCtx_::prefilter_maxid, DetectEngineCtx_::prefilter_setting, PrefilterEngineList_::PrefilterTx, PrefilterEngine_::PrefilterTx, SCFree, SCLogDebug, SCMallocAligned, SigTableElmt_::SetupPrefilter, sigmatch_table, DetectEngineCtx_::sm_types_prefilter, TRUE, SigGroupHeadInitData_::tx_engines, SigGroupHead_::tx_engines, PrefilterEngineList_::tx_min_progress, and PrefilterEngine_::tx_min_progress.

Referenced by SigAddressPrepareStage4().

Here is the call graph for this function:

Here is the caller graph for this function:

const char* PrefilterStoreGetName

(

const uint32_t

id

)

Definition at line 552 of file detect-engine-prefilter.c.