suricata
detect-engine-siggroup.h
Go to the documentation of this file.
1 /* Copyright (C) 2007-2010 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #ifndef __DETECT_ENGINE_SIGGROUP_H__
25 #define __DETECT_ENGINE_SIGGROUP_H__
26 
27 int SigGroupHeadAppendSig(const DetectEngineCtx *, SigGroupHead **, const Signature *);
28 int SigGroupHeadClearSigs(SigGroupHead *);
29 int SigGroupHeadCopySigs(DetectEngineCtx *, SigGroupHead *, SigGroupHead **);
30 
31 void SigGroupHeadFree(const DetectEngineCtx *de_ctx, SigGroupHead *);
32 
33 SigGroupHead *SigGroupHeadHashLookup(DetectEngineCtx *, SigGroupHead *);
34 
35 int SigGroupHeadHashAdd(DetectEngineCtx *, SigGroupHead *);
36 
37 void SigGroupHeadHashFree(DetectEngineCtx *);
38 
39 int SigGroupHeadHashInit(DetectEngineCtx *);
40 
41 int SigGroupHeadHashRemove(DetectEngineCtx *, SigGroupHead *);
42 
43 void SigGroupHeadInitDataFree(SigGroupHeadInitData *sghid);
44 void SigGroupHeadSetSigCnt(SigGroupHead *sgh, uint32_t max_idx);
45 void SigGroupHeadSetProtoAndDirection(SigGroupHead *sgh,
46  uint8_t ipproto, int dir);
47 int SigGroupHeadBuildMatchArray(DetectEngineCtx *de_ctx, SigGroupHead *sgh, uint32_t max_idx);
48 
49 int SigGroupHeadContainsSigId (DetectEngineCtx *de_ctx, SigGroupHead *sgh,
50  uint32_t sid);
51 
52 void SigGroupHeadRegisterTests(void);
53 void SigGroupHeadPrintSigs(DetectEngineCtx *de_ctx, SigGroupHead *sgh);
54 
55 void SigGroupHeadStore(DetectEngineCtx *, SigGroupHead *);
56 void SigGroupHeadSetFilemagicFlag(DetectEngineCtx *, SigGroupHead *);
57 void SigGroupHeadSetFilestoreCount(DetectEngineCtx *, SigGroupHead *);
58 void SigGroupHeadSetFileHashFlag(DetectEngineCtx *, SigGroupHead *);
59 void SigGroupHeadSetFilesizeFlag(DetectEngineCtx *, SigGroupHead *);
60 
61 int SigGroupHeadBuildNonPrefilterArray(DetectEngineCtx *de_ctx, SigGroupHead *sgh);
62 
63 #endif /* __DETECT_ENGINE_SIGGROUP_H__ */
SigGroupHead_
Container for matching data for a signature group.
Definition: detect.h:1425
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:827
SigGroupHeadSetFilesizeFlag
void SigGroupHeadSetFilesizeFlag(DetectEngineCtx *, SigGroupHead *)
Set the need size flag in the sgh.
Definition: detect-engine-siggroup.c:557
SigGroupHeadCopySigs
int SigGroupHeadCopySigs(DetectEngineCtx *, SigGroupHead *, SigGroupHead **)
Copies the bitarray holding the sids from the source SigGroupHead to the destination SigGroupHead.
Definition: detect-engine-siggroup.c:393
SigGroupHeadRegisterTests
void SigGroupHeadRegisterTests(void)
Definition: detect-engine-siggroup.c:1108
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
SigGroupHeadFree
void SigGroupHeadFree(const DetectEngineCtx *de_ctx, SigGroupHead *)
Free a SigGroupHead and its members.
Definition: detect-engine-siggroup.c:163
SigGroupHeadHashRemove
int SigGroupHeadHashRemove(DetectEngineCtx *, SigGroupHead *)
Definition: detect-engine-siggroup.c:287
SigGroupHeadSetProtoAndDirection
void SigGroupHeadSetProtoAndDirection(SigGroupHead *sgh, uint8_t ipproto, int dir)
Definition: detect-engine-siggroup.c:440
SigGroupHeadSetFilemagicFlag
void SigGroupHeadSetFilemagicFlag(DetectEngineCtx *, SigGroupHead *)
Set the need magic flag in the sgh.
Definition: detect-engine-siggroup.c:528
SigGroupHeadHashInit
int SigGroupHeadHashInit(DetectEngineCtx *)
Initializes the hash table in the detection engine context to hold the SigGroupHeads.
Definition: detect-engine-siggroup.c:258
SigGroupHeadAppendSig
int SigGroupHeadAppendSig(const DetectEngineCtx *, SigGroupHead **, const Signature *)
Add a Signature to a SigGroupHead.
Definition: detect-engine-siggroup.c:340
SigGroupHeadContainsSigId
int SigGroupHeadContainsSigId(DetectEngineCtx *de_ctx, SigGroupHead *sgh, uint32_t sid)
Check if a SigGroupHead contains a Signature, whose sid is sent as an argument.
Definition: detect-engine-siggroup.c:737
SigGroupHeadHashLookup
SigGroupHead * SigGroupHeadHashLookup(DetectEngineCtx *, SigGroupHead *)
Used to lookup a SigGroupHead hash from the detection engine context SigGroupHead hash table.
Definition: detect-engine-siggroup.c:302
SigGroupHeadStore
void SigGroupHeadStore(DetectEngineCtx *, SigGroupHead *)
Definition: detect-engine-siggroup.c:108
SigGroupHeadSetFilestoreCount
void SigGroupHeadSetFilestoreCount(DetectEngineCtx *, SigGroupHead *)
Set the filestore_cnt in the sgh.
Definition: detect-engine-siggroup.c:626
SigGroupHeadPrintSigs
void SigGroupHeadPrintSigs(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
Helper function used to print the list of sids for the Signatures present in this SigGroupHead.
Definition: detect-engine-siggroup.c:457
SigGroupHeadSetSigCnt
void SigGroupHeadSetSigCnt(SigGroupHead *sgh, uint32_t max_idx)
Updates the SigGroupHead->sig_cnt with the total count of all the Signatures present in this SigGroup...
Definition: detect-engine-siggroup.c:427
SigGroupHeadInitData_
Definition: detect.h:1395
SigGroupHeadHashAdd
int SigGroupHeadHashAdd(DetectEngineCtx *, SigGroupHead *)
Adds a SigGroupHead to the detection engine context SigGroupHead hash table.
Definition: detect-engine-siggroup.c:280
Signature_
Signature container.
Definition: detect.h:582
SigGroupHeadHashFree
void SigGroupHeadHashFree(DetectEngineCtx *)
Frees the hash table - DetectEngineCtx->sgh_hash_table, allocated by SigGroupHeadHashInit() function.
Definition: detect-engine-siggroup.c:318
SigGroupHeadSetFileHashFlag
void SigGroupHeadSetFileHashFlag(DetectEngineCtx *, SigGroupHead *)
Set the need hash flag in the sgh.
Definition: detect-engine-siggroup.c:585
SigGroupHeadInitDataFree
void SigGroupHeadInitDataFree(SigGroupHeadInitData *sghid)
Definition: detect-engine-siggroup.c:59
SigGroupHeadBuildNonPrefilterArray
int SigGroupHeadBuildNonPrefilterArray(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
build an array of rule id's for sigs with no prefilter Also updated de_ctx::non_pf_store_cnt_max to t...
Definition: detect-engine-siggroup.c:650
SigGroupHeadClearSigs
int SigGroupHeadClearSigs(SigGroupHead *)
Clears the bitarray holding the sids for this SigGroupHead.
Definition: detect-engine-siggroup.c:369
SigGroupHeadBuildMatchArray
int SigGroupHeadBuildMatchArray(DetectEngineCtx *de_ctx, SigGroupHead *sgh, uint32_t max_idx)
Create an array with all the internal ids of the sigs that this sig group head will check for.
Definition: detect-engine-siggroup.c:489