suricata
detect-engine-prefilter.h
Go to the documentation of this file.
1 /* Copyright (C) 2016-2025 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #ifndef SURICATA_DETECT_ENGINE_PREFILTER_H
25 #define SURICATA_DETECT_ENGINE_PREFILTER_H
26 
27 #include "detect.h"
28 #include "detect-engine-state.h"
29 
30 // TODO
31 typedef struct DetectTransaction_ {
32  void *tx_ptr;
33  const uint64_t tx_id;
34  struct AppLayerTxData *tx_data_ptr;
35  DetectEngineStateDirection *de_state;
36 
37  /* tracking detect progress. Holds the value of
38  * the last completed "progress" + 1. */
39  uint8_t detect_progress;
40  /* original value to track changes. */
41  const uint8_t detect_progress_orig;
42 
43  const int tx_progress;
44  const int tx_end_state;
45 } DetectTransaction;
46 
47 typedef struct PrefilterStore_ {
48  const char *name;
49  void (*FreeFunc)(void *);
50  uint32_t id;
51 } PrefilterStore;
52 
53 void Prefilter(DetectEngineThreadCtx *, const SigGroupHead *, Packet *p, const uint8_t flags,
54  const SignatureMask mask);
55 
56 int PrefilterAppendEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh, PrefilterPktFn PrefilterFunc,
57  SignatureMask mask, enum SignatureHookPkt hook, void *pectx, void (*FreeFunc)(void *pectx),
58  const char *name);
59 
60 void PrefilterPostRuleMatch(
61  DetectEngineThreadCtx *det_ctx, const SigGroupHead *sgh, Packet *p, Flow *f);
62 
63 int PrefilterAppendPayloadEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh,
64  PrefilterPktFn PrefilterFunc, void *pectx, void (*FreeFunc)(void *pectx), const char *name);
65 int PrefilterAppendTxEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh,
66  PrefilterTxFn PrefilterTxFunc, const AppProto alproto, const int tx_min_progress,
67  void *pectx, void (*FreeFunc)(void *pectx), const char *name);
68 int PrefilterAppendFrameEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh,
69  PrefilterFrameFn PrefilterFrameFunc, AppProto alproto, uint8_t frame_type, void *pectx,
70  void (*FreeFunc)(void *pectx), const char *name);
71 int PrefilterAppendPostRuleEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh,
72  void (*PrefilterPostRuleFunc)(
73  DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p, Flow *f),
74  void *pectx, void (*FreeFunc)(void *pectx), const char *name);
75 
76 void DetectRunPrefilterTx(DetectEngineThreadCtx *det_ctx,
77  const SigGroupHead *sgh,
78  Packet *p,
79  const uint8_t ipproto,
80  const uint8_t flow_flags,
81  const AppProto alproto,
82  void *alstate,
83  DetectTransaction *tx);
84 
85 void PrefilterFreeEnginesList(PrefilterEngineList *list);
86 
87 int PrefilterSetupRuleGroup(DetectEngineCtx *de_ctx, SigGroupHead *sgh);
88 void PrefilterCleanupRuleGroup(const DetectEngineCtx *de_ctx, SigGroupHead *sgh);
89 
90 #ifdef PROFILING
91 const char *PrefilterStoreGetName(const uint32_t id);
92 #endif
93 
94 void PrefilterInit(DetectEngineCtx *de_ctx);
95 void PrefilterDeinit(DetectEngineCtx *de_ctx);
96 
97 int PrefilterGenericMpmRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx,
98  const DetectBufferMpmRegistry *mpm_reg, int list_id);
99 
100 int PrefilterMultiGenericMpmRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx,
101  const DetectBufferMpmRegistry *mpm_reg, int list_id);
102 
103 int PrefilterGenericMpmPktRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx,
104  const DetectBufferMpmRegistry *mpm_reg, int list_id);
105 
106 void PostRuleMatchWorkQueueAppend(
107  DetectEngineThreadCtx *det_ctx, const Signature *s, const int type, const uint32_t value);
108 
109 void PrefilterPktNonPFStatsDump(void);
110 
111 #endif
PostRuleMatchWorkQueueAppend
void PostRuleMatchWorkQueueAppend(DetectEngineThreadCtx *det_ctx, const Signature *s, const int type, const uint32_t value)
Definition: detect-engine-prefilter.c:1693
DetectTransaction_::tx_data_ptr
struct AppLayerTxData * tx_data_ptr
Definition: detect-engine-prefilter.h:34
PrefilterAppendTxEngine
int PrefilterAppendTxEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh, PrefilterTxFn PrefilterTxFunc, const AppProto alproto, const int tx_min_progress, void *pectx, void(*FreeFunc)(void *pectx), const char *name)
Definition: detect-engine-prefilter.c:352
PrefilterStore_::FreeFunc
void(* FreeFunc)(void *)
Definition: detect-engine-prefilter.h:49
PrefilterStore_
Definition: detect-engine-prefilter.h:47
SigGroupHead_
Container for matching data for a signature group.
Definition: detect.h:1570
DetectRunPrefilterTx
void DetectRunPrefilterTx(DetectEngineThreadCtx *det_ctx, const SigGroupHead *sgh, Packet *p, const uint8_t ipproto, const uint8_t flow_flags, const AppProto alproto, void *alstate, DetectTransaction *tx)
run prefilter engines on a transaction
Definition: detect-engine-prefilter.c:95
PrefilterAppendPayloadEngine
int PrefilterAppendPayloadEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh, PrefilterPktFn PrefilterFunc, void *pectx, void(*FreeFunc)(void *pectx), const char *name)
Definition: detect-engine-prefilter.c:320
PrefilterPktNonPFStatsDump
void PrefilterPktNonPFStatsDump(void)
Definition: detect-engine-prefilter.c:590
AppProto
uint16_t AppProto
Definition: app-layer-protos.h:85
Flow_
Flow data structure.
Definition: flow.h:356
DetectTransaction_::tx_end_state
const int tx_end_state
Definition: detect-engine-prefilter.h:44
PrefilterDeinit
void PrefilterDeinit(DetectEngineCtx *de_ctx)
Definition: detect-engine-prefilter.c:1420
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:920
DetectBufferMpmRegistry_
one time registration of keywords at start up
Definition: detect.h:763
PrefilterAppendFrameEngine
int PrefilterAppendFrameEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh, PrefilterFrameFn PrefilterFrameFunc, AppProto alproto, uint8_t frame_type, void *pectx, void(*FreeFunc)(void *pectx), const char *name)
Definition: detect-engine-prefilter.c:389
DetectTransaction_::tx_progress
const int tx_progress
Definition: detect-engine-prefilter.h:43
PrefilterStore_::id
uint32_t id
Definition: detect-engine-prefilter.h:50
PrefilterGenericMpmRegister
int PrefilterGenericMpmRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
Definition: detect-engine-prefilter.c:1547
PrefilterMultiGenericMpmRegister
int PrefilterMultiGenericMpmRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
Definition: detect-engine-prefilter.c:1601
PrefilterCleanupRuleGroup
void PrefilterCleanupRuleGroup(const DetectEngineCtx *de_ctx, SigGroupHead *sgh)
Definition: detect-engine-prefilter.c:493
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:18
DetectTransaction
struct DetectTransaction_ DetectTransaction
DetectTransaction_::detect_progress_orig
const uint8_t detect_progress_orig
Definition: detect-engine-prefilter.h:41
DetectEngineThreadCtx_
Definition: detect.h:1197
DetectTransaction_::detect_progress
uint8_t detect_progress
Definition: detect-engine-prefilter.h:39
PrefilterFreeEnginesList
void PrefilterFreeEnginesList(PrefilterEngineList *list)
Definition: detect-engine-prefilter.c:465
PrefilterAppendPostRuleEngine
int PrefilterAppendPostRuleEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh, void(*PrefilterPostRuleFunc)(DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p, Flow *f), void *pectx, void(*FreeFunc)(void *pectx), const char *name)
Definition: detect-engine-prefilter.c:424
detect.h
PrefilterStoreGetName
const char * PrefilterStoreGetName(const uint32_t id)
Definition: detect-engine-prefilter.c:1492
SignatureHookPkt
SignatureHookPkt
Definition: detect.h:551
PrefilterFrameFn
void(* PrefilterFrameFn)(DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p, const struct Frames *frames, const struct Frame *frame)
Definition: detect.h:1463
DetectTransaction_::tx_id
const uint64_t tx_id
Definition: detect-engine-prefilter.h:33
PrefilterStore
struct PrefilterStore_ PrefilterStore
Packet_
Definition: decode.h:484
type
uint16_t type
Definition: decode-vlan.c:106
name
const char * name
Definition: tm-threads.c:2135
DetectTransaction_::de_state
DetectEngineStateDirection * de_state
Definition: detect-engine-prefilter.h:35
detect-engine-state.h
Data structures and function prototypes for keeping state for the detection engine.
PrefilterTxFn
void(* PrefilterTxFn)(DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p, Flow *f, void *tx, const uint64_t tx_id, const AppLayerTxData *tx_data, const uint8_t flags)
Definition: detect.h:1467
PrefilterInit
void PrefilterInit(DetectEngineCtx *de_ctx)
Definition: detect-engine-prefilter.c:1427
AppLayerTxData
struct AppLayerTxData AppLayerTxData
Definition: detect.h:1466
PrefilterAppendEngine
int PrefilterAppendEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh, PrefilterPktFn PrefilterFunc, SignatureMask mask, enum SignatureHookPkt hook, void *pectx, void(*FreeFunc)(void *pectx), const char *name)
Definition: detect-engine-prefilter.c:282
flags
uint8_t flags
Definition: decode-gre.h:0
DetectTransaction_
Definition: detect-engine-prefilter.h:31
PrefilterEngineList_
Definition: detect.h:1470
DetectEngineStateDirection_
Definition: detect-engine-state.h:82
PrefilterPktFn
void(* PrefilterPktFn)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)
Definition: detect.h:1462
DetectTransaction_::tx_ptr
void * tx_ptr
Definition: detect-engine-prefilter.h:32
PrefilterStore_::name
const char * name
Definition: detect-engine-prefilter.h:48
Signature_
Signature container.
Definition: detect.h:669
Prefilter
void Prefilter(DetectEngineThreadCtx *, const SigGroupHead *, Packet *p, const uint8_t flags, const SignatureMask mask)
Definition: detect-engine-prefilter.c:216
MpmCtx_
Definition: util-mpm.h:93
PrefilterPostRuleMatch
void PrefilterPostRuleMatch(DetectEngineThreadCtx *det_ctx, const SigGroupHead *sgh, Packet *p, Flow *f)
invoke post-rule match "prefilter" engines
Definition: detect-engine-prefilter.c:193
PrefilterGenericMpmPktRegister
int PrefilterGenericMpmPktRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
Definition: detect-engine-prefilter.c:1670
PrefilterSetupRuleGroup
int PrefilterSetupRuleGroup(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
Definition: detect-engine-prefilter.c:1176
SignatureMask
#define SignatureMask
Definition: decode.h:99