This graph shows which files directly or indirectly include this file:

Functions
int	SigGroupHeadAppendSig (const DetectEngineCtx , SigGroupHead , const Signature )
	Add a Signature to a SigGroupHead. More...

int	SigGroupHeadClearSigs (SigGroupHead *)
	Clears the bitarray holding the sids for this SigGroupHead. More...

int	SigGroupHeadCopySigs (DetectEngineCtx , SigGroupHead , SigGroupHead **)
	Copies the bitarray holding the sids from the source SigGroupHead to the destination SigGroupHead. More...

void	SigGroupHeadFree (const DetectEngineCtx de_ctx, SigGroupHead )
	Free a SigGroupHead and its members. More...

SigGroupHead *	SigGroupHeadHashLookup (DetectEngineCtx , SigGroupHead )
	Used to lookup a SigGroupHead hash from the detection engine context SigGroupHead hash table. More...

int	SigGroupHeadHashAdd (DetectEngineCtx , SigGroupHead )
	Adds a SigGroupHead to the detection engine context SigGroupHead hash table. More...

void	SigGroupHeadHashFree (DetectEngineCtx *)
	Frees the hash table - DetectEngineCtx->sgh_hash_table, allocated by SigGroupHeadHashInit() function. More...

int	SigGroupHeadHashInit (DetectEngineCtx *)
	Initializes the hash table in the detection engine context to hold the SigGroupHeads. More...

void	SigGroupHeadInitDataFree (SigGroupHeadInitData *sghid)

void	SigGroupHeadSetSigCnt (SigGroupHead *sgh, uint32_t max_idx)
	Updates the SigGroupHead->sig_cnt with the total count of all the Signatures present in this SigGroupHead. More...

bool	SigGroupHeadEqual (const SigGroupHead , const SigGroupHead )
	Finds if two Signature Group Heads are the same. More...

void	SigGroupHeadSetProtoAndDirection (SigGroupHead *sgh, uint8_t ipproto, int dir)

int	SigGroupHeadBuildMatchArray (DetectEngineCtx de_ctx, SigGroupHead sgh, uint32_t max_idx)
	Create an array with all the internal ids of the sigs that this sig group head will check for. More...

int	SigGroupHeadContainsSigId (DetectEngineCtx de_ctx, SigGroupHead sgh, uint32_t sid)
	Check if a SigGroupHead contains a Signature, whose sid is sent as an argument. More...

void	SigGroupHeadRegisterTests (void)

void	SigGroupHeadPrintSigs (DetectEngineCtx de_ctx, SigGroupHead sgh)
	Helper function used to print the list of sids for the Signatures present in this SigGroupHead. More...

void	SigGroupHeadStore (DetectEngineCtx , SigGroupHead )

void	SigGroupHeadSetupFiles (const DetectEngineCtx de_ctx, SigGroupHead sgh)
	Set the need hash flag in the sgh. More...

int	SigGroupHeadBuildNonPrefilterArray (DetectEngineCtx de_ctx, SigGroupHead sgh)
	build an array of rule id's for sigs with no prefilter Also updated de_ctx::non_pf_store_cnt_max to track the highest cnt More...

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file detect-engine-siggroup.h.

Function Documentation

◆ SigGroupHeadAppendSig()

int SigGroupHeadAppendSig	(	const DetectEngineCtx *	de_ctx,
		SigGroupHead **	sgh,
		const Signature *	s
	)

Add a Signature to a SigGroupHead.

Parameters

de_ctx	Pointer to the detection engine context.
sgh	Pointer to a SigGroupHead. Can be NULL also.
s	Pointer to the Signature that has to be added to the SigGroupHead.

Return values

0	On success.
-1	On failure.

Definition at line 330 of file detect-engine-siggroup.c.

References de_ctx.

◆ SigGroupHeadBuildMatchArray()

int SigGroupHeadBuildMatchArray	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	sgh,
		uint32_t	max_idx
	)

Create an array with all the internal ids of the sigs that this sig group head will check for.

Parameters

de_ctx	Pointer to the detection engine context.
sgh	Pointer to the SigGroupHead.
max_idx	The maximum value of the sid in the SigGroupHead arg.

Return values

0	success
-1	error

Definition at line 546 of file detect-engine-siggroup.c.

References BUG_ON, de_ctx, SigGroupHead_::init, SigGroupHeadInitData_::match_array, MAX, SigGroupHeadInitData_::max_sig_id, SCCalloc, DetectEngineCtx_::sig_array, SigGroupHeadInitData_::sig_array, and SigGroupHeadInitData_::sig_cnt.

◆ SigGroupHeadBuildNonPrefilterArray()

int SigGroupHeadBuildNonPrefilterArray	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	sgh
	)

build an array of rule id's for sigs with no prefilter Also updated de_ctx::non_pf_store_cnt_max to track the highest cnt

Definition at line 625 of file detect-engine-siggroup.c.

References Signature_::alproto, SignatureNonPrefilterStore_::alproto, BUG_ON, de_ctx, DetectFlagsSignatureNeedsSynPackets(), Signature_::flags, SignatureNonPrefilterStore_::id, SigGroupHead_::init, Signature_::mask, SignatureNonPrefilterStore_::mask, SigGroupHeadInitData_::match_array, MAX, SigGroupHead_::non_pf_other_store_array, SigGroupHead_::non_pf_other_store_cnt, DetectEngineCtx_::non_pf_store_cnt_max, SigGroupHead_::non_pf_syn_store_array, SigGroupHead_::non_pf_syn_store_cnt, Signature_::num, SCCalloc, SigGroupHeadInitData_::sig_cnt, SIG_FLAG_MPM_NEG, and SIG_FLAG_PREFILTER.

Referenced by SigPrepareStage4().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ SigGroupHeadClearSigs()

int SigGroupHeadClearSigs ( SigGroupHead * sgh )

Clears the bitarray holding the sids for this SigGroupHead.

Parameters

sgh	Pointer to the SigGroupHead.

Return values

0 Always.

Definition at line 359 of file detect-engine-siggroup.c.

References SigGroupHead_::init, SigGroupHeadInitData_::sig_array, SigGroupHeadInitData_::sig_cnt, and SigGroupHeadInitData_::sig_size.

◆ SigGroupHeadContainsSigId()

int SigGroupHeadContainsSigId	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	sgh,
		uint32_t	sid
	)

Check if a SigGroupHead contains a Signature, whose sid is sent as an argument.

Parameters

de_ctx	Pointer to the detection engine context.
sgh	Pointer to the SigGroupHead that has to be checked for the presence of a Signature.
sid	The Signature id(sid) that has to be checked in the SigGroupHead.

Return values

1	On successfully finding the sid in the SigGroupHead.
0	If the sid is not found in the SigGroupHead

Definition at line 710 of file detect-engine-siggroup.c.

References de_ctx, DetectEngineGetMaxSigId, Signature_::id, SigGroupHead_::init, SCEnter, SCReturnInt, DetectEngineCtx_::sig_array, and SigGroupHeadInitData_::sig_array.

◆ SigGroupHeadCopySigs()

int SigGroupHeadCopySigs	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	src,
		SigGroupHead **	dst
	)

Copies the bitarray holding the sids from the source SigGroupHead to the destination SigGroupHead.

Parameters

de_ctx	Pointer to the detection engine context.
src	Pointer to the source SigGroupHead.
dst	Pointer to the destination SigGroupHead.

Return values

0	On success.
-1	On failure.

Definition at line 401 of file detect-engine-siggroup.c.

References de_ctx, dst, and src.

Referenced by DetectPortCopySingle(), and SCPortIntervalInsert().

Here is the caller graph for this function:

◆ SigGroupHeadEqual()

bool SigGroupHeadEqual	(	const SigGroupHead *	sgha,
		const SigGroupHead *	sghb
	)

Finds if two Signature Group Heads are the same.

Parameters

sgha	First SGH to be compared
sghb	Secornd SGH to be compared

Returns: true if they're a match, false otherwise

Definition at line 480 of file detect-engine-siggroup.c.

References SigGroupHead_::init, SigGroupHeadInitData_::max_sig_id, SCMemcmp, SigGroupHeadInitData_::sig_array, and SigGroupHeadInitData_::sig_size.

◆ SigGroupHeadFree()

void SigGroupHeadFree	(	const DetectEngineCtx *	de_ctx,
		SigGroupHead *	sgh
	)

Free a SigGroupHead and its members.

Parameters

sgh	Pointer to the SigGroupHead that has to be freed.

Definition at line 162 of file detect-engine-siggroup.c.

References de_ctx, SigGroupHead_::init, SigGroupHead_::non_pf_other_store_array, SigGroupHead_::non_pf_other_store_cnt, SigGroupHead_::non_pf_syn_store_array, SigGroupHead_::non_pf_syn_store_cnt, PrefilterCleanupRuleGroup(), SCFree, SCLogDebug, and SigGroupHeadInitDataFree().

Referenced by DetectPortFree(), and SigAddressCleanupStage1().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ SigGroupHeadHashAdd()

int SigGroupHeadHashAdd	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	sgh
	)

Adds a SigGroupHead to the detection engine context SigGroupHead hash table.

Parameters

de_ctx	Pointer to the detection engine context.
sgh	Pointer to the SigGroupHead.

Return values

ret	0 on Successfully adding the SigGroupHead; -1 on failure.

Definition at line 277 of file detect-engine-siggroup.c.

References de_ctx, HashListTableAdd(), and DetectEngineCtx_::sgh_hash_table.

Here is the call graph for this function:

◆ SigGroupHeadHashFree()

void SigGroupHeadHashFree ( DetectEngineCtx * de_ctx )

Frees the hash table - DetectEngineCtx->sgh_hash_table, allocated by SigGroupHeadHashInit() function.

Parameters

de_ctx Pointer to the detection engine context.

Definition at line 310 of file detect-engine-siggroup.c.

References de_ctx, HashListTableFree(), and DetectEngineCtx_::sgh_hash_table.

Referenced by DetectEngineCtxFree().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ SigGroupHeadHashInit()

int SigGroupHeadHashInit ( DetectEngineCtx * de_ctx )

Initializes the hash table in the detection engine context to hold the SigGroupHeads.

Parameters

de_ctx Pointer to the detection engine context.

Return values

0	On success.
-1	On failure.

Definition at line 255 of file detect-engine-siggroup.c.

References de_ctx, HashListTableInit(), and DetectEngineCtx_::sgh_hash_table.

Here is the call graph for this function:

◆ SigGroupHeadHashLookup()

SigGroupHead* SigGroupHeadHashLookup	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	sgh
	)

Used to lookup a SigGroupHead hash from the detection engine context SigGroupHead hash table.

Parameters

de_ctx	Pointer to the detection engine context.
sgh	Pointer to the SigGroupHead.

Return values

rsgh	On success a pointer to the SigGroupHead if the SigGroupHead is found in the hash table; NULL on failure.

Definition at line 294 of file detect-engine-siggroup.c.

References de_ctx, HashListTableLookup(), SCEnter, SCReturnPtr, and DetectEngineCtx_::sgh_hash_table.

Here is the call graph for this function:

◆ SigGroupHeadInitDataFree()

void SigGroupHeadInitDataFree ( SigGroupHeadInitData * sghid )

Definition at line 60 of file detect-engine-siggroup.c.

References SigGroupHeadInitData_::app_mpms, SigGroupHeadInitData_::frame_engines, SigGroupHeadInitData_::frame_mpms, SigGroupHeadInitData_::match_array, SigGroupHeadInitData_::payload_engines, SigGroupHeadInitData_::pkt_engines, SigGroupHeadInitData_::pkt_mpms, PrefilterFreeEnginesList(), SCFree, SCFreeAligned, SigGroupHeadInitData_::sig_array, and SigGroupHeadInitData_::tx_engines.

Referenced by SigGroupHeadFree().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ SigGroupHeadPrintSigs()

void SigGroupHeadPrintSigs	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	sgh
	)

Helper function used to print the list of sids for the Signatures present in this SigGroupHead.

Parameters

de_ctx	Pointer to the detection engine context.
sgh	Pointer to the SigGroupHead.

Definition at line 514 of file detect-engine-siggroup.c.

References SigGroupHead_::init, SCEnter, SCLogDebug, SCReturn, SigGroupHeadInitData_::sig_array, and SigGroupHeadInitData_::sig_size.

◆ SigGroupHeadRegisterTests()

void SigGroupHeadRegisterTests ( void )

Definition at line 1082 of file detect-engine-siggroup.c.

References UtRegisterTest().

Here is the call graph for this function:

◆ SigGroupHeadSetProtoAndDirection()

void SigGroupHeadSetProtoAndDirection	(	SigGroupHead *	sgh,
		uint8_t	ipproto,
		int	dir
	)

Definition at line 497 of file detect-engine-siggroup.c.

References SigGroupHeadInitData_::direction, SigGroupHead_::init, SigGroupHeadInitData_::protos, and SCLogDebug.

◆ SigGroupHeadSetSigCnt()

void SigGroupHeadSetSigCnt	(	SigGroupHead *	sgh,
		uint32_t	max_idx
	)

Updates the SigGroupHead->sig_cnt with the total count of all the Signatures present in this SigGroupHead.

Parameters

sgh	Pointer to the SigGroupHead.
max_idx	Maximum sid of the all the Signatures present in this SigGroupHead.

Definition at line 457 of file detect-engine-siggroup.c.

References cnt, SigGroupHead_::init, MAX, SigGroupHeadInitData_::max_sig_id, SigGroupHeadInitData_::sig_array, SigGroupHeadInitData_::sig_cnt, and SigGroupHeadInitData_::sig_size.

◆ SigGroupHeadSetupFiles()

void SigGroupHeadSetupFiles	(	const DetectEngineCtx *	de_ctx,
		SigGroupHead *	sgh
	)

Set the need hash flag in the sgh.

Parameters

de_ctx	detection engine ctx for the signatures
sgh	sig group head to update

Definition at line 584 of file detect-engine-siggroup.c.

References DEBUG_VALIDATE_BUG_ON, SigGroupHead_::filestore_cnt, SigGroupHead_::flags, SigGroupHead_::init, SigGroupHeadInitData_::match_array, SCLogDebug, SigGroupHeadInitData_::sig_cnt, SIG_GROUP_HEAD_HAVEFILEMD5, SIG_GROUP_HEAD_HAVEFILESHA1, SIG_GROUP_HEAD_HAVEFILESHA256, SIG_GROUP_HEAD_HAVEFILESIZE, SignatureIsFilemagicInspecting(), SignatureIsFileMd5Inspecting(), SignatureIsFileSha1Inspecting(), SignatureIsFileSha256Inspecting(), SignatureIsFilesizeInspecting(), and SignatureIsFilestoring().

Referenced by SigPrepareStage4().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ SigGroupHeadStore()

void SigGroupHeadStore	(	DetectEngineCtx *	,
		SigGroupHead *
	)

Definition at line 108 of file detect-engine-siggroup.c.

References de_ctx, SCFree, SCRealloc, DetectEngineCtx_::sgh_array, DetectEngineCtx_::sgh_array_cnt, and DetectEngineCtx_::sgh_array_size.

Functions

Detailed Description

Function Documentation

◆ SigGroupHeadAppendSig()

◆ SigGroupHeadBuildMatchArray()

◆ SigGroupHeadBuildNonPrefilterArray()

◆ SigGroupHeadClearSigs()

◆ SigGroupHeadContainsSigId()

◆ SigGroupHeadCopySigs()

◆ SigGroupHeadEqual()

◆ SigGroupHeadFree()

◆ SigGroupHeadHashAdd()

◆ SigGroupHeadHashFree()

◆ SigGroupHeadHashInit()

◆ SigGroupHeadHashLookup()

◆ SigGroupHeadInitDataFree()

◆ SigGroupHeadPrintSigs()

◆ SigGroupHeadRegisterTests()

◆ SigGroupHeadSetProtoAndDirection()

◆ SigGroupHeadSetSigCnt()

◆ SigGroupHeadSetupFiles()

◆ SigGroupHeadStore()