suricata
Data Structures | Typedefs | Functions
detect-engine-prefilter.h File Reference
#include "detect.h"
#include "detect-engine-state.h"
Include dependency graph for detect-engine-prefilter.h:

Go to the source code of this file.

Data Structures

struct  DetectTransaction_
 
struct  PrefilterStore_
 

Typedefs

typedef struct DetectTransaction_ DetectTransaction
 
typedef struct PrefilterStore_ PrefilterStore
 

Functions

void Prefilter (DetectEngineThreadCtx *, const SigGroupHead *, Packet *p, const uint8_t flags)
 
int PrefilterAppendEngine (DetectEngineCtx *de_ctx, SigGroupHead *sgh, void(*Prefilter)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx), void *pectx, void(*FreeFunc)(void *pectx), const char *name)
 
int PrefilterAppendPayloadEngine (DetectEngineCtx *de_ctx, SigGroupHead *sgh, void(*Prefilter)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx), void *pectx, void(*FreeFunc)(void *pectx), const char *name)
 
int PrefilterAppendTxEngine (DetectEngineCtx *de_ctx, SigGroupHead *sgh, PrefilterTxFn PrefilterTxFunc, const AppProto alproto, const int tx_min_progress, void *pectx, void(*FreeFunc)(void *pectx), const char *name)
 
int PrefilterAppendFrameEngine (DetectEngineCtx *de_ctx, SigGroupHead *sgh, PrefilterFrameFn PrefilterFrameFunc, AppProto alproto, uint8_t frame_type, void *pectx, void(*FreeFunc)(void *pectx), const char *name)
 
void DetectRunPrefilterTx (DetectEngineThreadCtx *det_ctx, const SigGroupHead *sgh, Packet *p, const uint8_t ipproto, const uint8_t flow_flags, const AppProto alproto, void *alstate, DetectTransaction *tx)
 run prefilter engines on a transaction More...
 
void PrefilterFreeEnginesList (PrefilterEngineList *list)
 
void PrefilterSetupRuleGroup (DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 
void PrefilterCleanupRuleGroup (const DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 
const char * PrefilterStoreGetName (const uint32_t id)
 
void PrefilterInit (DetectEngineCtx *de_ctx)
 
void PrefilterDeinit (DetectEngineCtx *de_ctx)
 
int PrefilterGenericMpmRegister (DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
 
int PrefilterGenericMpmPktRegister (DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file detect-engine-prefilter.h.

Typedef Documentation

◆ DetectTransaction

typedef struct DetectTransaction_ DetectTransaction

◆ PrefilterStore

typedef struct PrefilterStore_ PrefilterStore

Function Documentation

◆ DetectRunPrefilterTx()

void DetectRunPrefilterTx ( DetectEngineThreadCtx det_ctx,
const SigGroupHead sgh,
Packet p,
const uint8_t  ipproto,
const uint8_t  flow_flags,
const AppProto  alproto,
void *  alstate,
DetectTransaction tx 
)

run prefilter engines on a transaction

Definition at line 93 of file detect-engine-prefilter.c.

References PrefilterEngine_::alproto, BIT_U64, PrefilterEngine_::cb, PrefilterEngine_::ctx, Packet_::flow, PrefilterEngine_::gid, PrefilterEngine_::is_last, PrefilterEngine_::is_last_for_progress, likely, next, PACKET_PROFILING_DETECT_START, Packet_::pcap_cnt, PrefilterEngine_::pectx, DetectEngineThreadCtx_::pmq, DetectTransaction_::prefilter_flags, PREFILTER_PROFILING_END, PREFILTER_PROFILING_START, PrefilterEngine_::PrefilterTx, PROF_DETECT_PF_SORT1, PrefilterRuleStore_::rule_id_array_cnt, SCLogDebug, DetectTransaction_::tx_data_ptr, SigGroupHead_::tx_engines, DetectTransaction_::tx_id, PrefilterEngine_::tx_min_progress, DetectTransaction_::tx_progress, and DetectTransaction_::tx_ptr.

◆ Prefilter()

void Prefilter ( DetectEngineThreadCtx ,
const SigGroupHead ,
Packet p,
const uint8_t  flags 
)

Definition at line 143 of file detect-engine-prefilter.c.

References Flow_::alparser, Flow_::alproto, ALPROTO_UNKNOWN, PrefilterEngine_::cb, flags, Packet_::flags, Packet_::flow, SigGroupHead_::frame_engines, PrefilterEngine_::gid, PrefilterEngine_::is_last, likely, PACKET_PROFILING_DETECT_END, PACKET_PROFILING_DETECT_START, SigGroupHead_::payload_engines, Packet_::payload_len, PrefilterEngine_::pectx, PKT_DETECT_HAS_STREAMDATA, SigGroupHead_::pkt_engines, PKT_NOPAYLOAD_INSPECTION, DetectEngineThreadCtx_::pmq, PrefilterEngine_::Prefilter, PREFILTER_PROFILING_END, PREFILTER_PROFILING_START, PROF_DETECT_PF_PAYLOAD, PROF_DETECT_PF_PKT, PROF_DETECT_PF_RECORD, PROF_DETECT_PF_SORT1, Packet_::proto, PrefilterRuleStore_::rule_id_array_cnt, SCEnter, and SCLogDebug.

◆ PrefilterAppendEngine()

int PrefilterAppendEngine ( DetectEngineCtx de_ctx,
SigGroupHead sgh,
void(*)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)  Prefilter,
void *  pectx,
void(*)(void *pectx)  FreeFunc,
const char *  name 
)

Definition at line 202 of file detect-engine-prefilter.c.

References CLS, PrefilterEngineList_::Free, PrefilterEngineList_::gid, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngineList_::name, PrefilterEngineList_::next, PrefilterEngineList_::pectx, SigGroupHeadInitData_::pkt_engines, PrefilterEngineList_::Prefilter, and SCMallocAligned.

Referenced by PrefilterGenericMpmPktRegister().

Here is the caller graph for this function:

◆ PrefilterAppendFrameEngine()

int PrefilterAppendFrameEngine ( DetectEngineCtx de_ctx,
SigGroupHead sgh,
PrefilterFrameFn  PrefilterFrameFunc,
AppProto  alproto,
uint8_t  frame_type,
void *  pectx,
void(*)(void *pectx)  FreeFunc,
const char *  name 
)

Definition at line 307 of file detect-engine-prefilter.c.

References PrefilterEngineList_::alproto, CLS, SigGroupHeadInitData_::frame_engines, PrefilterEngineList_::frame_type, PrefilterEngineList_::Free, PrefilterEngineList_::gid, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngineList_::name, PrefilterEngineList_::next, PrefilterEngineList_::pectx, PrefilterEngineList_::PrefilterFrame, and SCMallocAligned.

Referenced by PrefilterGenericMpmFrameRegister().

Here is the caller graph for this function:

◆ PrefilterAppendPayloadEngine()

int PrefilterAppendPayloadEngine ( DetectEngineCtx de_ctx,
SigGroupHead sgh,
void(*)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)  Prefilter,
void *  pectx,
void(*)(void *pectx)  FreeFunc,
const char *  name 
)

Definition at line 236 of file detect-engine-prefilter.c.

References CLS, PrefilterEngineList_::Free, PrefilterEngineList_::gid, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngineList_::name, PrefilterEngineList_::next, SigGroupHeadInitData_::payload_engines, PrefilterEngineList_::pectx, PrefilterEngineList_::Prefilter, and SCMallocAligned.

Referenced by PrefilterPktPayloadRegister(), and PrefilterPktStreamRegister().

Here is the caller graph for this function:

◆ PrefilterAppendTxEngine()

int PrefilterAppendTxEngine ( DetectEngineCtx de_ctx,
SigGroupHead sgh,
PrefilterTxFn  PrefilterTxFunc,
const AppProto  alproto,
const int  tx_min_progress,
void *  pectx,
void(*)(void *pectx)  FreeFunc,
const char *  name 
)

Definition at line 270 of file detect-engine-prefilter.c.

References PrefilterEngineList_::alproto, CLS, DEBUG_VALIDATE_BUG_ON, PrefilterEngineList_::Free, PrefilterEngineList_::gid, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngineList_::name, PrefilterEngineList_::next, PrefilterEngineList_::pectx, PrefilterEngineList_::PrefilterTx, SCMallocAligned, SigGroupHeadInitData_::tx_engines, and PrefilterEngineList_::tx_min_progress.

Referenced by PrefilterGenericMpmRegister(), and PrefilterMpmFiledataRegister().

Here is the caller graph for this function:

◆ PrefilterCleanupRuleGroup()

void PrefilterCleanupRuleGroup ( const DetectEngineCtx de_ctx,
SigGroupHead sgh 
)

Definition at line 378 of file detect-engine-prefilter.c.

References SigGroupHead_::pkt_engines.

Referenced by SigGroupHeadFree().

Here is the caller graph for this function:

◆ PrefilterDeinit()

void PrefilterDeinit ( DetectEngineCtx de_ctx)

Definition at line 618 of file detect-engine-prefilter.c.

References de_ctx, HashListTableFree(), and DetectEngineCtx_::prefilter_hash_table.

Here is the call graph for this function:

◆ PrefilterFreeEnginesList()

void PrefilterFreeEnginesList ( PrefilterEngineList list)

Definition at line 350 of file detect-engine-prefilter.c.

Referenced by SigGroupHeadInitDataFree().

Here is the caller graph for this function:

◆ PrefilterGenericMpmPktRegister()

int PrefilterGenericMpmPktRegister ( DetectEngineCtx de_ctx,
SigGroupHead sgh,
MpmCtx mpm_ctx,
const DetectBufferMpmRegistry mpm_reg,
int  list_id 
)

Definition at line 815 of file detect-engine-prefilter.c.

References de_ctx, PrefilterMpmPktCtx::GetData, PrefilterMpmPktCtx::list_id, PrefilterMpmPktCtx::mpm_ctx, DetectBufferMpmRegistry_::pkt_v1, PrefilterAppendEngine(), SCCalloc, SCEnter, DetectBufferMpmRegistry_::transforms, and PrefilterMpmPktCtx::transforms.

Here is the call graph for this function:

◆ PrefilterGenericMpmRegister()

int PrefilterGenericMpmRegister ( DetectEngineCtx de_ctx,
SigGroupHead sgh,
MpmCtx mpm_ctx,
const DetectBufferMpmRegistry mpm_reg,
int  list_id 
)

Definition at line 745 of file detect-engine-prefilter.c.

References DetectBufferMpmRegistry_::app_v2, de_ctx, PrefilterMpmCtx::GetData, PrefilterMpmCtx::list_id, PrefilterMpmCtx::mpm_ctx, PrefilterAppendTxEngine(), SCCalloc, SCEnter, DetectBufferMpmRegistry_::transforms, and PrefilterMpmCtx::transforms.

Here is the call graph for this function:

◆ PrefilterInit()

void PrefilterInit ( DetectEngineCtx de_ctx)

Definition at line 625 of file detect-engine-prefilter.c.

References BUG_ON, de_ctx, HashListTableInit(), and DetectEngineCtx_::prefilter_hash_table.

Here is the call graph for this function:

◆ PrefilterSetupRuleGroup()

void PrefilterSetupRuleGroup ( DetectEngineCtx de_ctx,
SigGroupHead sgh 
)

Definition at line 413 of file detect-engine-prefilter.c.

References de_ctx, DETECT_PREFILTER_AUTO, DETECT_TBLSIZE, FatalError, SigGroupHead_::init, PatternMatchPrepareGroup(), SigGroupHeadInitData_::pkt_engines, DetectEngineCtx_::prefilter_setting, SigTableElmt_::SetupPrefilter, sigmatch_table, and DetectEngineCtx_::sm_types_prefilter.

Here is the call graph for this function:

◆ PrefilterStoreGetName()

const char* PrefilterStoreGetName ( const uint32_t  id)

Definition at line 690 of file detect-engine-prefilter.c.