Go to the documentation of this file.
147 sgh->
init = SigGroupHeadInitDataAlloc(size);
148 if (sgh->
init == NULL)
182 if (sgh->
init != NULL) {
203 static uint32_t SigGroupHeadHashFunc(
HashListTable *ht,
void *data, uint16_t datalen)
231 static char SigGroupHeadCompareFunc(
void *data1, uint16_t len1,
void *data2,
237 if (data1 == NULL || data2 == NULL)
261 SigGroupHeadCompareFunc, NULL);
354 (*sgh)->init->sig_array[s->
num / 8] |= 1 << (s->
num % 8);
407 for (idx = 0; idx <
src->init->sig_size; idx++)
408 (*dst)->init->sig_array[idx] = (*dst)->init->sig_array[idx] |
src->init->sig_array[idx];
410 if (
src->init->whitelist)
411 (*dst)->init->whitelist =
MAX((*dst)->init->whitelist,
src->init->whitelist);
432 for (sig = 0; sig < max_idx + 1; sig++) {
441 uint8_t ipproto,
int dir)
443 if (sgh && sgh->
init) {
444 SCLogDebug(
"setting proto %u and dir %d on sgh %p", ipproto, dir, sgh);
467 SCLogDebug(
"The Signatures present in this SigGroupHead are: ");
471 printf(
"s->num %"PRIu32
" ", u);
507 for (sig = 0; sig < max_idx + 1; sig++) {
543 sgh->
flags |= SIG_GROUP_HEAD_HAVEFILEMAGIC;
655 uint32_t non_pf_syn = 0;
675 if (non_pf == 0 && non_pf_syn == 0) {
687 if (non_pf_syn > 0) {
750 for (sig = 0; sig < max_sid; sig++) {
785 static int SigGroupHeadTest01(
void)
803 static int SigGroupHeadTest02(
void)
811 "(msg:\"SigGroupHead tests\"; content:\"test1\"; "
812 "content:\"test2\"; content:\"test3\"; sid:1;)");
816 "(msg:\"SigGroupHead tests\"; content:\"test1\"; "
817 "content:\"test2\"; content:\"test3\"; sid:2;)");
821 "(msg:\"SigGroupHead tests\"; content:\"test1\"; "
822 "content:\"test2\"; content:\"test3\"; sid:3;)");
826 "(msg:\"SigGroupHead tests\"; content:\"test1\"; "
827 "content:\"test2\"; content:\"test3\"; sid:4;)");
831 "(msg:\"SigGroupHead tests\"; content:\"test1\"; "
832 "content:\"test2\"; content:\"test3\"; sid:5;)");
863 static int SigGroupHeadTest03(
void)
871 "(msg:\"SigGroupHead tests\"; content:\"test1\"; "
872 "content:\"test2\"; content:\"test3\"; sid:1;)");
876 "(msg:\"SigGroupHead tests\"; content:\"test1\"; "
877 "content:\"test2\"; content:\"test3\"; sid:2;)");
881 "(msg:\"SigGroupHead tests\"; content:\"test1\"; "
882 "content:\"test2\"; content:\"test3\"; sid:3;)");
886 "(msg:\"SigGroupHead tests\"; content:\"test1\"; "
887 "content:\"test2\"; content:\"test3\"; sid:4;)");
891 "(msg:\"SigGroupHead tests\"; content:\"test1\"; "
892 "content:\"test2\"; content:\"test3\"; sid:5;)");
930 static int SigGroupHeadTest04(
void)
939 "(msg:\"SigGroupHead tests\"; content:\"test1\"; "
940 "content:\"test2\"; content:\"test3\"; sid:1;)");
944 "(msg:\"SigGroupHead tests\"; content:\"test1\"; "
945 "content:\"test2\"; content:\"test3\"; sid:2;)");
949 "(msg:\"SigGroupHead tests\"; content:\"test1\"; "
950 "content:\"test2\"; content:\"test3\"; sid:3;)");
954 "(msg:\"SigGroupHead tests\"; content:\"test1\"; "
955 "content:\"test2\"; content:\"test3\"; sid:4;)");
959 "(msg:\"SigGroupHead tests\"; content:\"test1\"; "
960 "content:\"test2\"; content:\"test3\"; sid:5;)");
1001 static int SigGroupHeadTest05(
void)
1009 "(msg:\"SigGroupHead tests\"; content:\"test1\"; "
1010 "content:\"test2\"; content:\"test3\"; sid:1;)");
1014 "(msg:\"SigGroupHead tests\"; content:\"test1\"; "
1015 "content:\"test2\"; content:\"test3\"; sid:2;)");
1019 "(msg:\"SigGroupHead tests\"; content:\"test1\"; "
1020 "content:\"test2\"; content:\"test3\"; sid:3;)");
1024 "(msg:\"SigGroupHead tests\"; content:\"test1\"; "
1025 "content:\"test2\"; content:\"test3\"; sid:4;)");
1029 "(msg:\"SigGroupHead tests\"; content:\"test1\"; "
1030 "content:\"test2\"; content:\"test3\"; sid:5;)");
1064 static int SigGroupHeadTest06(
void)
1086 "(icode:>1; itype:11; sid:1; rev:1;)");
1090 "(icode:1; itype:5; sid:2; rev:1;)");
HashListTable * sgh_hash_table
uint32_t non_pf_syn_store_cnt
#define SIG_GROUP_HEAD_HAVEFILEMD5
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Container for matching data for a signature group.
#define SIG_GROUP_HEAD_HAVEFILESIZE
int SigGroupHeadBuildNonPrefilterArray(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
build an array of rule id's for sigs with no prefilter Also updated de_ctx::non_pf_store_cnt_max to t...
void SigGroupHeadSetFilestoreCount(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
Set the filestore_cnt in the sgh.
void SigGroupHeadSetFileHashFlag(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
Set the need hash flag in the sgh.
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
uint32_t non_pf_store_cnt_max
void AddressDebugPrint(Address *a)
Debug print function for printing addresses.
Packet * UTHBuildPacketSrcDst(uint8_t *payload, uint16_t payload_len, uint8_t ipproto, const char *src, const char *dst)
UTHBuildPacketSrcDst is a wrapper that build packets specifying IPs and defaulting ports.
#define SIG_GROUP_HEAD_HAVEFILESHA1
main detection engine ctx
void SigGroupHeadSetFilesizeFlag(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
Set the need size flag in the sgh.
int DetectFlagsSignatureNeedsSynPackets(const Signature *s)
void SigGroupHeadSetProtoAndDirection(SigGroupHead *sgh, uint8_t ipproto, int dir)
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
void SigGroupHeadPrintSigs(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
Helper function used to print the list of sids for the Signatures present in this SigGroupHead.
void * HashListTableLookup(HashListTable *ht, void *data, uint16_t datalen)
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
int SignatureIsFilesizeInspecting(const Signature *s)
Check if a signature contains the filesize keyword.
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
void SigGroupHeadRegisterTests(void)
int HashListTableAdd(HashListTable *ht, void *data, uint16_t datalen)
int SigGroupHeadHashInit(DetectEngineCtx *de_ctx)
Initializes the hash table in the detection engine context to hold the SigGroupHeads.
int SigAddressPrepareStage1(DetectEngineCtx *)
Preprocess signature, classify ip-only, etc, build sig array.
int SignatureIsFileSha256Inspecting(const Signature *s)
Check if a signature contains the filesha256 keyword.
HashListTable * HashListTableInit(uint32_t size, uint32_t(*Hash)(struct HashListTable_ *, void *, uint16_t), char(*Compare)(void *, uint16_t, void *, uint16_t), void(*Free)(void *))
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
int SigGroupHeadBuildMatchArray(DetectEngineCtx *de_ctx, SigGroupHead *sgh, uint32_t max_idx)
Create an array with all the internal ids of the sigs that this sig group head will check for.
#define PASS
Pass the test.
PrefilterEngineList * tx_engines
#define DetectEngineGetMaxSigId(de_ctx)
void SigGroupHeadSetFilemagicFlag(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
Set the need magic flag in the sgh.
Per thread variable structure.
SigGroupHeadInitData * init
#define SCReturnPtr(x, type)
int SigGroupHeadAppendSig(const DetectEngineCtx *de_ctx, SigGroupHead **sgh, const Signature *s)
Add a Signature to a SigGroupHead.
struct SigGroupHead_ ** sgh_array
void SigGroupHeadFree(const DetectEngineCtx *de_ctx, SigGroupHead *sgh)
Free a SigGroupHead and its members.
int SigGroupHeadHashRemove(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
int SignatureIsFileSha1Inspecting(const Signature *s)
Check if a signature contains the filesha1 keyword.
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
#define SCRealloc(ptr, sz)
PrefilterEngineList * pkt_engines
void SigGroupHeadSetSigCnt(SigGroupHead *sgh, uint32_t max_idx)
Updates the SigGroupHead->sig_cnt with the total count of all the Signatures present in this SigGroup...
TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **)
initialize thread specific detection engine context
SignatureNonPrefilterStore * non_pf_other_store_array
void SigGroupHeadStore(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
PrefilterEngineList * frame_engines
PrefilterEngineList * payload_engines
void HashListTableFree(HashListTable *ht)
uint32_t non_pf_other_store_cnt
void PrefilterCleanupRuleGroup(const DetectEngineCtx *de_ctx, SigGroupHead *sgh)
void SigGroupHeadHashFree(DetectEngineCtx *de_ctx)
Frees the hash table - DetectEngineCtx->sgh_hash_table, allocated by SigGroupHeadHashInit() function.
int SigGroupHeadHashAdd(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
Adds a SigGroupHead to the detection engine context SigGroupHead hash table.
SigGroupHead * SigGroupHeadHashLookup(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
Used to lookup a SigGroupHead hash from the detection engine context SigGroupHead hash table.
int SignatureIsFilestoring(const Signature *s)
Check if a signature contains the filestore keyword.
int HashListTableRemove(HashListTable *ht, void *data, uint16_t datalen)
void SigGroupHeadInitDataFree(SigGroupHeadInitData *sghid)
int SigGroupHeadContainsSigId(DetectEngineCtx *de_ctx, SigGroupHead *sgh, uint32_t sid)
Check if a SigGroupHead contains a Signature, whose sid is sent as an argument.
int SignatureIsFileMd5Inspecting(const Signature *s)
Check if a signature contains the filemd5 keyword.
DetectEngineCtx * DetectEngineCtxInit(void)
SignatureNonPrefilterStore * non_pf_syn_store_array
#define SIG_GROUP_HEAD_HAVEFILESHA256
int SignatureIsFilemagicInspecting(const Signature *s)
Check if a signature contains the filemagic keyword.
void PrefilterFreeEnginesList(PrefilterEngineList *list)
#define SCMemcmp(a, b, c)
#define SIG_FLAG_PREFILTER
const SigGroupHead * SigMatchSignaturesGetSgh(const DetectEngineCtx *de_ctx, const Packet *p)
Get the SigGroupHead for a packet.
int SigGroupHeadCopySigs(DetectEngineCtx *de_ctx, SigGroupHead *src, SigGroupHead **dst)
Copies the bitarray holding the sids from the source SigGroupHead to the destination SigGroupHead.
int SigGroupHeadClearSigs(SigGroupHead *)
Clears the bitarray holding the sids for this SigGroupHead.
void UTHFreePackets(Packet **p, int numpkts)
UTHFreePackets: function to release the allocated data from UTHBuildPacket and the packet itself.