suricata
Data Structures | Typedefs | Functions
detect-engine-prefilter.h File Reference
#include "detect.h"
#include "detect-engine-state.h"
Include dependency graph for detect-engine-prefilter.h:

Go to the source code of this file.

Data Structures

struct  DetectTransaction_
 
struct  PrefilterStore_
 

Typedefs

typedef struct DetectTransaction_ DetectTransaction
 
typedef struct PrefilterStore_ PrefilterStore
 

Functions

void Prefilter (DetectEngineThreadCtx *, const SigGroupHead *, Packet *p, const uint8_t flags, const SignatureMask mask)
 
int PrefilterAppendEngine (DetectEngineCtx *de_ctx, SigGroupHead *sgh, PrefilterPktFn PrefilterFunc, SignatureMask mask, void *pectx, void(*FreeFunc)(void *pectx), const char *name)
 
int PrefilterAppendPayloadEngine (DetectEngineCtx *de_ctx, SigGroupHead *sgh, PrefilterPktFn PrefilterFunc, void *pectx, void(*FreeFunc)(void *pectx), const char *name)
 
int PrefilterAppendTxEngine (DetectEngineCtx *de_ctx, SigGroupHead *sgh, PrefilterTxFn PrefilterTxFunc, const AppProto alproto, const int tx_min_progress, void *pectx, void(*FreeFunc)(void *pectx), const char *name)
 
int PrefilterAppendFrameEngine (DetectEngineCtx *de_ctx, SigGroupHead *sgh, PrefilterFrameFn PrefilterFrameFunc, AppProto alproto, uint8_t frame_type, void *pectx, void(*FreeFunc)(void *pectx), const char *name)
 
void DetectRunPrefilterTx (DetectEngineThreadCtx *det_ctx, const SigGroupHead *sgh, Packet *p, const uint8_t ipproto, const uint8_t flow_flags, const AppProto alproto, void *alstate, DetectTransaction *tx)
 run prefilter engines on a transaction More...
 
void PrefilterFreeEnginesList (PrefilterEngineList *list)
 
void PrefilterSetupRuleGroup (DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 
void PrefilterCleanupRuleGroup (const DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 
const char * PrefilterStoreGetName (const uint32_t id)
 
void PrefilterInit (DetectEngineCtx *de_ctx)
 
void PrefilterDeinit (DetectEngineCtx *de_ctx)
 
int PrefilterGenericMpmRegister (DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
 
int PrefilterMultiGenericMpmRegister (DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
 
int PrefilterGenericMpmPktRegister (DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file detect-engine-prefilter.h.

Typedef Documentation

◆ DetectTransaction

typedef struct DetectTransaction_ DetectTransaction

◆ PrefilterStore

typedef struct PrefilterStore_ PrefilterStore

Function Documentation

◆ DetectRunPrefilterTx()

void DetectRunPrefilterTx ( DetectEngineThreadCtx det_ctx,
const SigGroupHead sgh,
Packet p,
const uint8_t  ipproto,
const uint8_t  flow_flags,
const AppProto  alproto,
void *  alstate,
DetectTransaction tx 
)

run prefilter engines on a transaction

Definition at line 93 of file detect-engine-prefilter.c.

References PrefilterEngine_::alproto, BIT_U64, PrefilterEngine_::cb, PrefilterEngine_::ctx, DetectGetInnerTx(), Packet_::flow, PrefilterEngine_::gid, PrefilterEngine_::is_last, PrefilterEngine_::is_last_for_progress, likely, next, PACKET_PROFILING_DETECT_START, Packet_::pcap_cnt, PrefilterEngine_::pectx, DetectEngineThreadCtx_::pmq, DetectTransaction_::prefilter_flags, PREFILTER_PROFILING_END, PREFILTER_PROFILING_START, PrefilterEngine_::PrefilterTx, PROF_DETECT_PF_SORT1, PrefilterRuleStore_::rule_id_array_cnt, SCLogDebug, DetectTransaction_::tx_data_ptr, SigGroupHead_::tx_engines, DetectTransaction_::tx_id, PrefilterEngine_::tx_min_progress, DetectTransaction_::tx_progress, and DetectTransaction_::tx_ptr.

Here is the call graph for this function:

◆ Prefilter()

void Prefilter ( DetectEngineThreadCtx ,
const SigGroupHead ,
Packet p,
const uint8_t  flags,
const SignatureMask  mask 
)

Definition at line 147 of file detect-engine-prefilter.c.

References Flow_::alparser, Flow_::alproto, ALPROTO_UNKNOWN, PrefilterEngine_::cb, PrefilterEngine_::ctx, flags, Packet_::flags, Packet_::flow, SigGroupHead_::frame_engines, PrefilterEngine_::gid, PrefilterEngine_::is_last, likely, PACKET_PROFILING_DETECT_END, PACKET_PROFILING_DETECT_START, SigGroupHead_::payload_engines, Packet_::payload_len, PrefilterEngine_::pectx, PKT_DETECT_HAS_STREAMDATA, SigGroupHead_::pkt_engines, PrefilterEngine_::pkt_mask, PKT_NOPAYLOAD_INSPECTION, DetectEngineThreadCtx_::pmq, PrefilterEngine_::Prefilter, PREFILTER_PROFILING_END, PREFILTER_PROFILING_START, PROF_DETECT_PF_PAYLOAD, PROF_DETECT_PF_PKT, PROF_DETECT_PF_RECORD, PROF_DETECT_PF_SORT1, Packet_::proto, PrefilterRuleStore_::rule_id_array_cnt, SCEnter, and SCLogDebug.

◆ PrefilterAppendEngine()

int PrefilterAppendEngine ( DetectEngineCtx de_ctx,
SigGroupHead sgh,
PrefilterPktFn  PrefilterFunc,
SignatureMask  mask,
void *  pectx,
void(*)(void *pectx)  FreeFunc,
const char *  name 
)

Definition at line 208 of file detect-engine-prefilter.c.

References CLS, PrefilterEngineList_::Free, PrefilterEngineList_::gid, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngineList_::name, PrefilterEngineList_::next, PrefilterEngineList_::pectx, SigGroupHeadInitData_::pkt_engines, PrefilterEngineList_::pkt_mask, PrefilterEngineList_::Prefilter, and SCMallocAligned.

Referenced by PrefilterGenericMpmPktRegister().

Here is the caller graph for this function:

◆ PrefilterAppendFrameEngine()

int PrefilterAppendFrameEngine ( DetectEngineCtx de_ctx,
SigGroupHead sgh,
PrefilterFrameFn  PrefilterFrameFunc,
AppProto  alproto,
uint8_t  frame_type,
void *  pectx,
void(*)(void *pectx)  FreeFunc,
const char *  name 
)

Definition at line 310 of file detect-engine-prefilter.c.

References PrefilterEngineList_::alproto, CLS, SigGroupHeadInitData_::frame_engines, PrefilterEngineList_::frame_type, PrefilterEngineList_::Free, PrefilterEngineList_::gid, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngineList_::name, PrefilterEngineList_::next, PrefilterEngineList_::pectx, PrefilterEngineList_::PrefilterFrame, and SCMallocAligned.

Referenced by PrefilterGenericMpmFrameRegister().

Here is the caller graph for this function:

◆ PrefilterAppendPayloadEngine()

int PrefilterAppendPayloadEngine ( DetectEngineCtx de_ctx,
SigGroupHead sgh,
PrefilterPktFn  PrefilterFunc,
void *  pectx,
void(*)(void *pectx)  FreeFunc,
const char *  name 
)

Definition at line 241 of file detect-engine-prefilter.c.

References CLS, PrefilterEngineList_::Free, PrefilterEngineList_::gid, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngineList_::name, PrefilterEngineList_::next, SigGroupHeadInitData_::payload_engines, PrefilterEngineList_::pectx, PrefilterEngineList_::Prefilter, and SCMallocAligned.

Referenced by PrefilterPktPayloadRegister(), and PrefilterPktStreamRegister().

Here is the caller graph for this function:

◆ PrefilterAppendTxEngine()

int PrefilterAppendTxEngine ( DetectEngineCtx de_ctx,
SigGroupHead sgh,
PrefilterTxFn  PrefilterTxFunc,
const AppProto  alproto,
const int  tx_min_progress,
void *  pectx,
void(*)(void *pectx)  FreeFunc,
const char *  name 
)

Definition at line 273 of file detect-engine-prefilter.c.

References PrefilterEngineList_::alproto, CLS, DEBUG_VALIDATE_BUG_ON, PrefilterEngineList_::Free, PrefilterEngineList_::gid, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngineList_::name, PrefilterEngineList_::next, PrefilterEngineList_::pectx, PrefilterEngineList_::PrefilterTx, SCMallocAligned, SigGroupHeadInitData_::tx_engines, and PrefilterEngineList_::tx_min_progress.

Referenced by PrefilterGenericMpmRegister(), PrefilterMpmFiledataRegister(), and PrefilterMultiGenericMpmRegister().

Here is the caller graph for this function:

◆ PrefilterCleanupRuleGroup()

void PrefilterCleanupRuleGroup ( const DetectEngineCtx de_ctx,
SigGroupHead sgh 
)

Definition at line 381 of file detect-engine-prefilter.c.

References SigGroupHead_::pkt_engines.

Referenced by SigGroupHeadFree().

Here is the caller graph for this function:

◆ PrefilterDeinit()

void PrefilterDeinit ( DetectEngineCtx de_ctx)

Definition at line 623 of file detect-engine-prefilter.c.

References de_ctx, HashListTableFree(), and DetectEngineCtx_::prefilter_hash_table.

Here is the call graph for this function:

◆ PrefilterFreeEnginesList()

void PrefilterFreeEnginesList ( PrefilterEngineList list)

Definition at line 353 of file detect-engine-prefilter.c.

Referenced by SigGroupHeadInitDataFree().

Here is the caller graph for this function:

◆ PrefilterGenericMpmPktRegister()

int PrefilterGenericMpmPktRegister ( DetectEngineCtx de_ctx,
SigGroupHead sgh,
MpmCtx mpm_ctx,
const DetectBufferMpmRegistry mpm_reg,
int  list_id 
)

Definition at line 873 of file detect-engine-prefilter.c.

References de_ctx, PrefilterMpmPktCtx::GetData, PrefilterMpmPktCtx::list_id, PrefilterMpmPktCtx::mpm_ctx, DetectBufferMpmRegistry_::pkt_v1, PrefilterAppendEngine(), SCCalloc, SCEnter, DetectBufferMpmRegistry_::transforms, and PrefilterMpmPktCtx::transforms.

Here is the call graph for this function:

◆ PrefilterGenericMpmRegister()

int PrefilterGenericMpmRegister ( DetectEngineCtx de_ctx,
SigGroupHead sgh,
MpmCtx mpm_ctx,
const DetectBufferMpmRegistry mpm_reg,
int  list_id 
)

Definition at line 750 of file detect-engine-prefilter.c.

References DetectBufferMpmRegistry_::app_v2, de_ctx, PrefilterMpmCtx::GetData, PrefilterMpmCtx::list_id, PrefilterMpmCtx::mpm_ctx, PrefilterAppendTxEngine(), SCCalloc, SCEnter, DetectBufferMpmRegistry_::transforms, and PrefilterMpmCtx::transforms.

Here is the call graph for this function:

◆ PrefilterInit()

void PrefilterInit ( DetectEngineCtx de_ctx)

Definition at line 630 of file detect-engine-prefilter.c.

References BUG_ON, de_ctx, HashListTableInit(), and DetectEngineCtx_::prefilter_hash_table.

Here is the call graph for this function:

◆ PrefilterMultiGenericMpmRegister()

int PrefilterMultiGenericMpmRegister ( DetectEngineCtx de_ctx,
SigGroupHead sgh,
MpmCtx mpm_ctx,
const DetectBufferMpmRegistry mpm_reg,
int  list_id 
)

Definition at line 804 of file detect-engine-prefilter.c.

References DetectBufferMpmRegistry_::app_v2, de_ctx, PrefilterMpmListId::GetData, PrefilterMpmListId::list_id, PrefilterMpmListId::mpm_ctx, PrefilterAppendTxEngine(), SCCalloc, SCEnter, PrefilterMpmListId::transforms, and DetectBufferMpmRegistry_::transforms.

Here is the call graph for this function:

◆ PrefilterSetupRuleGroup()

void PrefilterSetupRuleGroup ( DetectEngineCtx de_ctx,
SigGroupHead sgh 
)

Definition at line 416 of file detect-engine-prefilter.c.

References PrefilterEngineList_::alproto, PrefilterEngine_::alproto, PrefilterEngine_::cb, CLS, cnt, PrefilterEngine_::ctx, de_ctx, DETECT_PREFILTER_AUTO, DETECT_TBLSIZE, FatalError, PrefilterEngineList_::gid, PrefilterEngine_::gid, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngine_::is_last, PrefilterEngine_::local_id, PrefilterEngineList_::next, PatternMatchPrepareGroup(), SigGroupHeadInitData_::payload_engines, SigGroupHead_::payload_engines, PrefilterEngineList_::pectx, PrefilterEngine_::pectx, SigGroupHeadInitData_::pkt_engines, SigGroupHead_::pkt_engines, PrefilterEngineList_::pkt_mask, PrefilterEngine_::pkt_mask, PrefilterEngineList_::Prefilter, PrefilterEngine_::Prefilter, DetectEngineCtx_::prefilter_setting, PrefilterEngineList_::PrefilterTx, PrefilterEngine_::PrefilterTx, SCMallocAligned, SigTableElmt_::SetupPrefilter, sigmatch_table, DetectEngineCtx_::sm_types_prefilter, SigGroupHeadInitData_::tx_engines, SigGroupHead_::tx_engines, PrefilterEngineList_::tx_min_progress, and PrefilterEngine_::tx_min_progress.

Referenced by SigPrepareStage4().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ PrefilterStoreGetName()

const char* PrefilterStoreGetName ( const uint32_t  id)

Definition at line 695 of file detect-engine-prefilter.c.