suricata
Data Structures | Typedefs | Functions
detect-engine-prefilter.h File Reference
#include "detect.h"
#include "detect-engine-state.h"
Include dependency graph for detect-engine-prefilter.h:

Go to the source code of this file.

Data Structures

struct  DetectTransaction_
 
struct  PrefilterStore_
 

Typedefs

typedef struct DetectTransaction_ DetectTransaction
 
typedef struct PrefilterStore_ PrefilterStore
 

Functions

void Prefilter (DetectEngineThreadCtx *, const SigGroupHead *, Packet *p, const uint8_t flags, const SignatureMask mask)
 
int PrefilterAppendEngine (DetectEngineCtx *de_ctx, SigGroupHead *sgh, PrefilterPktFn PrefilterFunc, SignatureMask mask, enum SignatureHookPkt hook, void *pectx, void(*FreeFunc)(void *pectx), const char *name)
 
void PrefilterPostRuleMatch (DetectEngineThreadCtx *det_ctx, const SigGroupHead *sgh, Packet *p, Flow *f)
 invoke post-rule match "prefilter" engines More...
 
int PrefilterAppendPayloadEngine (DetectEngineCtx *de_ctx, SigGroupHead *sgh, PrefilterPktFn PrefilterFunc, void *pectx, void(*FreeFunc)(void *pectx), const char *name)
 
int PrefilterAppendTxEngine (DetectEngineCtx *de_ctx, SigGroupHead *sgh, PrefilterTxFn PrefilterTxFunc, const AppProto alproto, const int tx_min_progress, void *pectx, void(*FreeFunc)(void *pectx), const char *name)
 
int PrefilterAppendFrameEngine (DetectEngineCtx *de_ctx, SigGroupHead *sgh, PrefilterFrameFn PrefilterFrameFunc, AppProto alproto, uint8_t frame_type, void *pectx, void(*FreeFunc)(void *pectx), const char *name)
 
int PrefilterAppendPostRuleEngine (DetectEngineCtx *de_ctx, SigGroupHead *sgh, void(*PrefilterPostRuleFunc)(DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p, Flow *f), void *pectx, void(*FreeFunc)(void *pectx), const char *name)
 
void DetectRunPrefilterTx (DetectEngineThreadCtx *det_ctx, const SigGroupHead *sgh, Packet *p, const uint8_t ipproto, const uint8_t flow_flags, const AppProto alproto, void *alstate, DetectTransaction *tx)
 run prefilter engines on a transaction More...
 
void PrefilterFreeEnginesList (PrefilterEngineList *list)
 
int PrefilterSetupRuleGroup (DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 
void PrefilterCleanupRuleGroup (const DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 
const char * PrefilterStoreGetName (const uint32_t id)
 
void PrefilterInit (DetectEngineCtx *de_ctx)
 
void PrefilterDeinit (DetectEngineCtx *de_ctx)
 
int PrefilterGenericMpmRegister (DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
 
int PrefilterMultiGenericMpmRegister (DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
 
int PrefilterGenericMpmPktRegister (DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
 
void PostRuleMatchWorkQueueAppend (DetectEngineThreadCtx *det_ctx, const Signature *s, const int type, const uint32_t value)
 
void PrefilterPktNonPFStatsDump (void)
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file detect-engine-prefilter.h.

Typedef Documentation

◆ DetectTransaction

typedef struct DetectTransaction_ DetectTransaction

◆ PrefilterStore

typedef struct PrefilterStore_ PrefilterStore

Function Documentation

◆ DetectRunPrefilterTx()

void DetectRunPrefilterTx ( DetectEngineThreadCtx det_ctx,
const SigGroupHead sgh,
Packet p,
const uint8_t  ipproto,
const uint8_t  flow_flags,
const AppProto  alproto,
void *  alstate,
DetectTransaction tx 
)

run prefilter engines on a transaction

Definition at line 95 of file detect-engine-prefilter.c.

References PrefilterEngine_::alproto, AppLayerParserGetStateNameById(), AppProtoToString(), PrefilterEngine_::cb, PrefilterEngine_::ctx, DetectTransaction_::detect_progress, DetectGetInnerTx(), Packet_::flow, PrefilterEngine_::gid, PrefilterEngine_::is_last, PrefilterEngine_::is_last_for_progress, likely, next, PACKET_PROFILING_DETECT_START, Packet_::pcap_cnt, PrefilterEngine_::pectx, DetectEngineThreadCtx_::pmq, PREFILTER_PROFILING_END, PREFILTER_PROFILING_START, PrefilterEngine_::PrefilterTx, PROF_DETECT_PF_SORT1, PrefilterRuleStore_::rule_id_array_cnt, SCLogDebug, DetectTransaction_::tx_data_ptr, SigGroupHead_::tx_engines, DetectTransaction_::tx_id, PrefilterEngine_::tx_min_progress, DetectTransaction_::tx_progress, and DetectTransaction_::tx_ptr.

Here is the call graph for this function:

◆ PostRuleMatchWorkQueueAppend()

void PostRuleMatchWorkQueueAppend ( DetectEngineThreadCtx det_ctx,
const Signature s,
const int  type,
const uint32_t  value 
)

Definition at line 1693 of file detect-engine-prefilter.c.

References DETECT_EVENT_POST_MATCH_QUEUE_FAILED, DetectEngineSetEvent(), PostRuleMatchWorkQueue::len, Signature_::num, DetectEngineThreadCtx_::post_rule_work_queue, PostRuleMatchWorkQueue::q, QUEUE_STEP, SCCalloc, SCLogDebug, SCRealloc, PostRuleMatchWorkQueue::size, PostRuleMatchWorkQueueItem::sm_type, type, and PostRuleMatchWorkQueueItem::value.

Here is the call graph for this function:

◆ Prefilter()

void Prefilter ( DetectEngineThreadCtx ,
const SigGroupHead ,
Packet p,
const uint8_t  flags,
const SignatureMask  mask 
)

Definition at line 216 of file detect-engine-prefilter.c.

References Flow_::alparser, Flow_::alproto, ALPROTO_UNKNOWN, BIT_U16, PrefilterEngine_::cb, PrefilterEngine_::ctx, flags, Packet_::flags, Packet_::flow, SigGroupHead_::frame_engines, PrefilterEngine_::gid, PrefilterEngine_::is_last, likely, PACKET_PROFILING_DETECT_END, PACKET_PROFILING_DETECT_START, SigGroupHead_::payload_engines, Packet_::payload_len, PrefilterEngine_::pectx, PrefilterEngine_::pkt, PKT_DETECT_HAS_STREAMDATA, SigGroupHead_::pkt_engines, Packet_::pkt_hooks, PKT_NOPAYLOAD_INSPECTION, DetectEngineThreadCtx_::pmq, PrefilterEngine_::Prefilter, PREFILTER_PROFILING_END, PREFILTER_PROFILING_START, PROF_DETECT_PF_PAYLOAD, PROF_DETECT_PF_PKT, PROF_DETECT_PF_RECORD, PROF_DETECT_PF_SORT1, Packet_::proto, PrefilterRuleStore_::rule_id_array_cnt, SCEnter, and SCLogDebug.

◆ PrefilterAppendEngine()

int PrefilterAppendEngine ( DetectEngineCtx de_ctx,
SigGroupHead sgh,
PrefilterPktFn  PrefilterFunc,
SignatureMask  mask,
enum SignatureHookPkt  hook,
void *  pectx,
void(*)(void *pectx)  FreeFunc,
const char *  name 
)

Definition at line 282 of file detect-engine-prefilter.c.

References BUG_ON, CLS, PrefilterEngineList_::Free, PrefilterEngineList_::gid, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngineList_::name, name, PrefilterEngineList_::next, PrefilterEngineList_::pectx, SigGroupHeadInitData_::pkt_engines, PrefilterEngineList_::pkt_hook, PrefilterEngineList_::pkt_mask, PrefilterEngineList_::Prefilter, and SCMallocAligned.

Referenced by PrefilterGenericMpmPktRegister().

Here is the caller graph for this function:

◆ PrefilterAppendFrameEngine()

int PrefilterAppendFrameEngine ( DetectEngineCtx de_ctx,
SigGroupHead sgh,
PrefilterFrameFn  PrefilterFrameFunc,
AppProto  alproto,
uint8_t  frame_type,
void *  pectx,
void(*)(void *pectx)  FreeFunc,
const char *  name 
)

Definition at line 389 of file detect-engine-prefilter.c.

References PrefilterEngineList_::alproto, CLS, SigGroupHeadInitData_::frame_engines, PrefilterEngineList_::frame_type, PrefilterEngineList_::Free, PrefilterEngineList_::gid, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngineList_::name, name, PrefilterEngineList_::next, PrefilterEngineList_::pectx, PrefilterEngineList_::PrefilterFrame, and SCMallocAligned.

Referenced by PrefilterGenericMpmFrameRegister().

Here is the caller graph for this function:

◆ PrefilterAppendPayloadEngine()

int PrefilterAppendPayloadEngine ( DetectEngineCtx de_ctx,
SigGroupHead sgh,
PrefilterPktFn  PrefilterFunc,
void *  pectx,
void(*)(void *pectx)  FreeFunc,
const char *  name 
)

Definition at line 320 of file detect-engine-prefilter.c.

References CLS, PrefilterEngineList_::Free, PrefilterEngineList_::gid, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngineList_::name, name, PrefilterEngineList_::next, SigGroupHeadInitData_::payload_engines, PrefilterEngineList_::pectx, PrefilterEngineList_::Prefilter, and SCMallocAligned.

Referenced by PrefilterPktPayloadRegister(), and PrefilterPktStreamRegister().

Here is the caller graph for this function:

◆ PrefilterAppendPostRuleEngine()

int PrefilterAppendPostRuleEngine ( DetectEngineCtx de_ctx,
SigGroupHead sgh,
void(*)(DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p, Flow *f)  PrefilterPostRuleFunc,
void *  pectx,
void(*)(void *pectx)  FreeFunc,
const char *  name 
)

Definition at line 424 of file detect-engine-prefilter.c.

References CLS, PrefilterEngineList_::Free, PrefilterEngineList_::gid, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngineList_::name, name, PrefilterEngineList_::next, PrefilterEngineList_::pectx, SigGroupHeadInitData_::post_rule_match_engines, PrefilterEngineList_::PrefilterPostRule, and SCMallocAligned.

◆ PrefilterAppendTxEngine()

int PrefilterAppendTxEngine ( DetectEngineCtx de_ctx,
SigGroupHead sgh,
PrefilterTxFn  PrefilterTxFunc,
const AppProto  alproto,
const int  tx_min_progress,
void *  pectx,
void(*)(void *pectx)  FreeFunc,
const char *  name 
)

Definition at line 352 of file detect-engine-prefilter.c.

References PrefilterEngineList_::alproto, CLS, DEBUG_VALIDATE_BUG_ON, PrefilterEngineList_::Free, PrefilterEngineList_::gid, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngineList_::name, name, PrefilterEngineList_::next, PrefilterEngineList_::pectx, PrefilterEngineList_::PrefilterTx, SCMallocAligned, SigGroupHeadInitData_::tx_engines, and PrefilterEngineList_::tx_min_progress.

Referenced by PrefilterGenericMpmRegister(), PrefilterMpmFiledataRegister(), and PrefilterMultiGenericMpmRegister().

Here is the caller graph for this function:

◆ PrefilterCleanupRuleGroup()

void PrefilterCleanupRuleGroup ( const DetectEngineCtx de_ctx,
SigGroupHead sgh 
)

Definition at line 493 of file detect-engine-prefilter.c.

References SigGroupHead_::pkt_engines.

Referenced by SigGroupHeadFree().

Here is the caller graph for this function:

◆ PrefilterDeinit()

void PrefilterDeinit ( DetectEngineCtx de_ctx)

Definition at line 1420 of file detect-engine-prefilter.c.

References de_ctx, HashListTableFree(), and DetectEngineCtx_::prefilter_hash_table.

Here is the call graph for this function:

◆ PrefilterFreeEnginesList()

void PrefilterFreeEnginesList ( PrefilterEngineList list)

Definition at line 465 of file detect-engine-prefilter.c.

Referenced by SigGroupHeadInitDataFree().

Here is the caller graph for this function:

◆ PrefilterGenericMpmPktRegister()

int PrefilterGenericMpmPktRegister ( DetectEngineCtx de_ctx,
SigGroupHead sgh,
MpmCtx mpm_ctx,
const DetectBufferMpmRegistry mpm_reg,
int  list_id 
)

Definition at line 1670 of file detect-engine-prefilter.c.

References de_ctx, PrefilterMpmPktCtx::GetData, PrefilterMpmPktCtx::list_id, PrefilterMpmPktCtx::mpm_ctx, DetectBufferMpmRegistry_::pkt_v1, PrefilterAppendEngine(), SCCalloc, SCEnter, SIGNATURE_HOOK_PKT_NOT_SET, DetectBufferMpmRegistry_::transforms, and PrefilterMpmPktCtx::transforms.

Here is the call graph for this function:

◆ PrefilterGenericMpmRegister()

int PrefilterGenericMpmRegister ( DetectEngineCtx de_ctx,
SigGroupHead sgh,
MpmCtx mpm_ctx,
const DetectBufferMpmRegistry mpm_reg,
int  list_id 
)

Definition at line 1547 of file detect-engine-prefilter.c.

References DetectBufferMpmRegistry_::app_v2, de_ctx, PrefilterMpmCtx::GetData, PrefilterMpmCtx::list_id, PrefilterMpmCtx::mpm_ctx, PrefilterAppendTxEngine(), SCCalloc, SCEnter, DetectBufferMpmRegistry_::transforms, and PrefilterMpmCtx::transforms.

Here is the call graph for this function:

◆ PrefilterInit()

void PrefilterInit ( DetectEngineCtx de_ctx)

Definition at line 1427 of file detect-engine-prefilter.c.

References BUG_ON, de_ctx, HashListTableInit(), and DetectEngineCtx_::prefilter_hash_table.

Here is the call graph for this function:

◆ PrefilterMultiGenericMpmRegister()

int PrefilterMultiGenericMpmRegister ( DetectEngineCtx de_ctx,
SigGroupHead sgh,
MpmCtx mpm_ctx,
const DetectBufferMpmRegistry mpm_reg,
int  list_id 
)

Definition at line 1601 of file detect-engine-prefilter.c.

References DetectBufferMpmRegistry_::app_v2, de_ctx, PrefilterMpmListId::GetData, PrefilterMpmListId::list_id, PrefilterMpmListId::mpm_ctx, PrefilterAppendTxEngine(), SCCalloc, SCEnter, PrefilterMpmListId::transforms, and DetectBufferMpmRegistry_::transforms.

Here is the call graph for this function:

◆ PrefilterPktNonPFStatsDump()

void PrefilterPktNonPFStatsDump ( void  )

Definition at line 590 of file detect-engine-prefilter.c.

References SCLogDebug.

◆ PrefilterPostRuleMatch()

void PrefilterPostRuleMatch ( DetectEngineThreadCtx det_ctx,
const SigGroupHead sgh,
Packet p,
Flow f 
)

invoke post-rule match "prefilter" engines

Invoke prefilter engines that depend on a rule match to run. e.g. the flowbits:set prefilter that adds sids that depend on a flowbit "set" to the match array.

Definition at line 193 of file detect-engine-prefilter.c.

References PrefilterEngine_::cb, PrefilterEngine_::gid, PrefilterEngine_::is_last, PrefilterEngine_::pectx, DetectEngineThreadCtx_::pmq, SigGroupHead_::post_rule_match_engines, PREFILTER_PROFILING_END, PREFILTER_PROFILING_START, PrefilterEngine_::PrefilterPostRule, PrefilterRuleStore_::rule_id_array_cnt, and SCLogDebug.

◆ PrefilterSetupRuleGroup()

int PrefilterSetupRuleGroup ( DetectEngineCtx de_ctx,
SigGroupHead sgh 
)

Definition at line 1176 of file detect-engine-prefilter.c.

References de_ctx, DETECT_PREFILTER_AUTO, DETECT_TBLSIZE, FatalError, PatternMatchPrepareGroup(), DetectEngineCtx_::prefilter_setting, SigTableElmt_::SetupPrefilter, sigmatch_table, and DetectEngineCtx_::sm_types_prefilter.

Referenced by SigPrepareStage4().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ PrefilterStoreGetName()

const char* PrefilterStoreGetName ( const uint32_t  id)

Definition at line 1492 of file detect-engine-prefilter.c.