suricata
Data Structures | Typedefs | Functions
detect-engine-prefilter.h File Reference
#include "detect-engine-state.h"
Include dependency graph for detect-engine-prefilter.h:

Go to the source code of this file.

Data Structures

struct  PrefilterStore_
 

Typedefs

typedef struct PrefilterStore_ PrefilterStore
 

Functions

void Prefilter (DetectEngineThreadCtx *, const SigGroupHead *, Packet *p, const uint8_t flags)
 
int PrefilterAppendEngine (DetectEngineCtx *de_ctx, SigGroupHead *sgh, void(*Prefilter)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx), void *pectx, void(*FreeFunc)(void *pectx), const char *name)
 
int PrefilterAppendPayloadEngine (DetectEngineCtx *de_ctx, SigGroupHead *sgh, void(*Prefilter)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx), void *pectx, void(*FreeFunc)(void *pectx), const char *name)
 
int PrefilterAppendTxEngine (DetectEngineCtx *de_ctx, SigGroupHead *sgh, void(*PrefilterTx)(DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p, Flow *f, void *tx, const uint64_t idx, const uint8_t flags), const AppProto alproto, const int tx_min_progress, void *pectx, void(*FreeFunc)(void *pectx), const char *name)
 
void DetectRunPrefilterTx (DetectEngineThreadCtx *det_ctx, const SigGroupHead *sgh, Packet *p, const uint8_t ipproto, const uint8_t flow_flags, const AppProto alproto, void *alstate, DetectTransaction *tx)
 run prefilter engines on a transaction More...
 
void PrefilterFreeEnginesList (PrefilterEngineList *list)
 
void PrefilterSetupRuleGroup (DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 
void PrefilterCleanupRuleGroup (const DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 
const char * PrefilterStoreGetName (const uint32_t id)
 
void PrefilterInit (DetectEngineCtx *de_ctx)
 
void PrefilterDeinit (DetectEngineCtx *de_ctx)
 
int PrefilterGenericMpmRegister (DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistery *mpm_reg, int list_id)
 
int PrefilterGenericMpmPktRegister (DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistery *mpm_reg, int list_id)
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file detect-engine-prefilter.h.

Typedef Documentation

typedef struct PrefilterStore_ PrefilterStore

Function Documentation

void DetectRunPrefilterTx ( DetectEngineThreadCtx det_ctx,
const SigGroupHead sgh,
Packet p,
const uint8_t  ipproto,
const uint8_t  flow_flags,
const AppProto  alproto,
void *  alstate,
DetectTransaction tx 
)

run prefilter engines on a transaction

Definition at line 90 of file detect-engine-prefilter.c.

References PrefilterEngine_::alproto, PrefilterEngine_::cb, Packet_::flow, PrefilterEngine_::gid, PrefilterEngine_::is_last, likely, PrefilterEngine_::local_id, next, PACKET_PROFILING_DETECT_END, PACKET_PROFILING_DETECT_START, PrefilterEngine_::pectx, DetectEngineThreadCtx_::pmq, DetectTransaction_::prefilter_flags, PREFILTER_PROFILING_END, PREFILTER_PROFILING_START, PrefilterEngine_::PrefilterTx, PROF_DETECT_PF_SORT1, PrefilterRuleStore_::rule_id_array, PrefilterRuleStore_::rule_id_array_cnt, SCLogDebug, SigGroupHead_::tx_engines, DetectTransaction_::tx_id, PrefilterEngine_::tx_min_progress, DetectTransaction_::tx_progress, and DetectTransaction_::tx_ptr.

void Prefilter ( DetectEngineThreadCtx ,
const SigGroupHead ,
Packet p,
const uint8_t  flags 
)

Definition at line 139 of file detect-engine-prefilter.c.

References PrefilterEngine_::cb, Packet_::flags, PrefilterEngine_::gid, PrefilterEngine_::is_last, likely, PACKET_PROFILING_DETECT_END, PACKET_PROFILING_DETECT_START, SigGroupHead_::payload_engines, Packet_::payload_len, PrefilterEngine_::pectx, PKT_DETECT_HAS_STREAMDATA, SigGroupHead_::pkt_engines, PKT_NOPAYLOAD_INSPECTION, DetectEngineThreadCtx_::pmq, PrefilterEngine_::Prefilter, PREFILTER_PROFILING_END, PREFILTER_PROFILING_START, PROF_DETECT_PF_PAYLOAD, PROF_DETECT_PF_PKT, PROF_DETECT_PF_SORT1, PrefilterRuleStore_::rule_id_array, PrefilterRuleStore_::rule_id_array_cnt, SCEnter, and SCReturn.

Referenced by SigMatchSignaturesGetSgh().

Here is the caller graph for this function:

int PrefilterAppendEngine ( DetectEngineCtx de_ctx,
SigGroupHead sgh,
void(*)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)  Prefilter,
void *  pectx,
void(*)(void *pectx)  FreeFunc,
const char *  name 
)

Definition at line 189 of file detect-engine-prefilter.c.

References CLS, PrefilterEngineList_::Free, PrefilterEngineList_::gid, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngineList_::name, PrefilterEngineList_::next, PrefilterEngineList_::pectx, SigGroupHeadInitData_::pkt_engines, PrefilterEngineList_::Prefilter, and SCMallocAligned.

Referenced by PrefilterGenericMpmPktRegister().

Here is the caller graph for this function:

int PrefilterAppendPayloadEngine ( DetectEngineCtx de_ctx,
SigGroupHead sgh,
void(*)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)  Prefilter,
void *  pectx,
void(*)(void *pectx)  FreeFunc,
const char *  name 
)

Definition at line 223 of file detect-engine-prefilter.c.

References CLS, PrefilterEngineList_::Free, PrefilterEngineList_::gid, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngineList_::name, PrefilterEngineList_::next, SigGroupHeadInitData_::payload_engines, PrefilterEngineList_::pectx, PrefilterEngineList_::Prefilter, and SCMallocAligned.

Referenced by PrefilterPktPayloadRegister(), and PrefilterPktStreamRegister().

Here is the caller graph for this function:

int PrefilterAppendTxEngine ( DetectEngineCtx de_ctx,
SigGroupHead sgh,
void(*)(DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p, Flow *f, void *tx, const uint64_t idx, const uint8_t flags PrefilterTx,
const AppProto  alproto,
const int  tx_min_progress,
void *  pectx,
void(*)(void *pectx)  FreeFunc,
const char *  name 
)

Definition at line 257 of file detect-engine-prefilter.c.

References PrefilterEngineList_::alproto, CLS, PrefilterEngineList_::Free, PrefilterEngineList_::gid, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngineList_::name, PrefilterEngineList_::next, PrefilterEngineList_::pectx, PrefilterEngineList_::PrefilterTx, SCFreeAligned, SCMallocAligned, SigGroupHeadInitData_::tx_engines, and PrefilterEngineList_::tx_min_progress.

Referenced by DetectFilemagicRegister(), DetectTlsCertsRegister(), PrefilterGenericMpmRegister(), and PrefilterMpmFiledataRegister().

Here is the caller graph for this function:

void PrefilterCleanupRuleGroup ( const DetectEngineCtx de_ctx,
SigGroupHead sgh 
)

Definition at line 332 of file detect-engine-prefilter.c.

References SigGroupHead_::payload_engines, SigGroupHead_::pkt_engines, and SigGroupHead_::tx_engines.

Referenced by SigGroupHeadFree().

Here is the caller graph for this function:

void PrefilterDeinit ( DetectEngineCtx de_ctx)

Definition at line 483 of file detect-engine-prefilter.c.

References HashListTableFree(), and DetectEngineCtx_::prefilter_hash_table.

Referenced by InspectionBufferApplyTransforms().

Here is the call graph for this function:

Here is the caller graph for this function:

void PrefilterFreeEnginesList ( PrefilterEngineList list)

Definition at line 304 of file detect-engine-prefilter.c.

References PrefilterStore_::FreeFunc, PrefilterEngine_::gid, PrefilterEngine_::is_last, next, PrefilterEngineList_::next, PrefilterEngine_::pectx, and SCFreeAligned.

Referenced by SigGroupHeadInitDataFree().

Here is the caller graph for this function:

int PrefilterGenericMpmPktRegister ( DetectEngineCtx de_ctx,
SigGroupHead sgh,
MpmCtx mpm_ctx,
const DetectBufferMpmRegistery mpm_reg,
int  list_id 
)

Definition at line 681 of file detect-engine-prefilter.c.

References PrefilterMpmPktCtx::GetData, PrefilterMpmCtx::list_id, PrefilterMpmPktCtx::list_id, PrefilterMpmCtx::mpm_ctx, PrefilterMpmPktCtx::mpm_ctx, DetectBufferMpmRegistery_::pkt_v1, DetectBufferMpmRegistery_::pname, PrefilterAppendEngine(), SCCalloc, SCEnter, SCFree, DetectBufferMpmRegistery_::transforms, and PrefilterMpmPktCtx::transforms.

Here is the call graph for this function:

int PrefilterGenericMpmRegister ( DetectEngineCtx de_ctx,
SigGroupHead sgh,
MpmCtx mpm_ctx,
const DetectBufferMpmRegistery mpm_reg,
int  list_id 
)

Definition at line 611 of file detect-engine-prefilter.c.

References DetectBufferMpmRegistery_::app_v2, PrefilterMpmCtx::GetData, PrefilterMpmCtx::list_id, PrefilterMpmCtx::mpm_ctx, DetectBufferMpmRegistery_::pname, PrefilterAppendTxEngine(), SCCalloc, SCEnter, SCFree, PrefilterMpmCtx::transforms, and DetectBufferMpmRegistery_::transforms.

Referenced by DetectAppLayerMpmRegister2(), DetectDceStubDataRegister(), DetectFiledataRegister(), DetectHttpClientBodyRegister(), DetectHttpCookieRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpProtocolRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriRegister(), DetectSipMethodRegister(), DetectSipProtocolRegister(), DetectSipRequestLineRegister(), DetectSipResponseLineRegister(), DetectSipStatCodeRegister(), DetectSipStatMsgRegister(), DetectSipUriRegister(), DetectSmbNamedPipeRegister(), DetectSmbShareRegister(), DetectSNMPCommunityRegister(), DetectSshProtocolRegister(), DetectSshSoftwareRegister(), DetectTemplateBufferRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), DetectTlsJa3SStringRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), and DetectTlsSubjectRegister().

Here is the call graph for this function:

Here is the caller graph for this function:

void PrefilterInit ( DetectEngineCtx de_ctx)

Definition at line 490 of file detect-engine-prefilter.c.

References BUG_ON, PrefilterStore_::FreeFunc, HashListTableAdd(), HashListTableGetListData, HashListTableGetListHead(), HashListTableGetListNext, HashListTableInit(), HashListTableLookup(), PrefilterStore_::id, PrefilterStore_::name, DetectEngineCtx_::prefilter_hash_table, DetectEngineCtx_::prefilter_id, SCCalloc, SCFree, and SCLogDebug.

Referenced by InspectionBufferApplyTransforms().

Here is the call graph for this function:

Here is the caller graph for this function:

void PrefilterSetupRuleGroup ( DetectEngineCtx de_ctx,
SigGroupHead sgh 
)

Definition at line 348 of file detect-engine-prefilter.c.

References PrefilterEngineList_::alproto, PrefilterEngine_::alproto, HashListTable_::array_size, PrefilterEngine_::cb, CLS, DETECT_PREFILTER_AUTO, DETECT_TBLSIZE, FatalError, PrefilterEngineList_::gid, PrefilterEngine_::gid, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngine_::is_last, PrefilterEngine_::local_id, MAX, PrefilterStore_::name, PrefilterEngineList_::next, PatternMatchPrepareGroup(), SigGroupHeadInitData_::payload_engines, SigGroupHead_::payload_engines, PrefilterEngineList_::pectx, PrefilterEngine_::pectx, SigGroupHeadInitData_::pkt_engines, SigGroupHead_::pkt_engines, PrefilterEngineList_::Prefilter, PrefilterEngine_::Prefilter, DetectEngineCtx_::prefilter_maxid, DetectEngineCtx_::prefilter_setting, PrefilterEngineList_::PrefilterTx, PrefilterEngine_::PrefilterTx, SC_ERR_INITIALIZATION, SCFree, SCLogDebug, SCMallocAligned, SigTableElmt_::SetupPrefilter, sigmatch_table, DetectEngineCtx_::sm_types_prefilter, TRUE, SigGroupHeadInitData_::tx_engines, SigGroupHead_::tx_engines, PrefilterEngineList_::tx_min_progress, and PrefilterEngine_::tx_min_progress.

Referenced by SigAddressPrepareStage4().

Here is the call graph for this function:

Here is the caller graph for this function:

const char* PrefilterStoreGetName ( const uint32_t  id)

Definition at line 555 of file detect-engine-prefilter.c.