#include "suricata-common.h"#include "detect.h"#include "detect-xbits.h"#include "detect-flowbits.h"#include "detect-flowint.h"#include "detect-parse.h"#include "detect-engine-sigorder.h"#include "detect-pcre.h"#include "util-unittest.h"#include "util-unittest-helper.h"#include "util-debug.h"#include "util-action.h"#include "action-globals.h"#include "flow-util.h"
Go to the source code of this file.
Macros | |
| #define | DETECT_FLOWVAR_NOT_USED 1 |
| #define | DETECT_FLOWVAR_TYPE_READ 2 |
| #define | DETECT_FLOWVAR_TYPE_SET_READ 3 |
| #define | DETECT_FLOWVAR_TYPE_SET 4 |
| #define | DETECT_PKTVAR_NOT_USED 1 |
| #define | DETECT_PKTVAR_TYPE_READ 2 |
| #define | DETECT_PKTVAR_TYPE_SET_READ 3 |
| #define | DETECT_PKTVAR_TYPE_SET 4 |
| #define | DETECT_FLOWBITS_NOT_USED 1 |
| #define | DETECT_FLOWBITS_TYPE_READ 2 |
| #define | DETECT_FLOWBITS_TYPE_SET_READ 3 |
| #define | DETECT_FLOWBITS_TYPE_SET 4 |
| #define | DETECT_FLOWINT_NOT_USED 1 |
| #define | DETECT_FLOWINT_TYPE_READ 2 |
| #define | DETECT_FLOWINT_TYPE_SET_READ 3 |
| #define | DETECT_FLOWINT_TYPE_SET 4 |
| #define | DETECT_XBITS_NOT_USED 1 |
| #define | DETECT_XBITS_TYPE_READ 2 |
| #define | DETECT_XBITS_TYPE_SET_READ 3 |
| #define | DETECT_XBITS_TYPE_SET 4 |
Functions | |
| void | SCSigOrderSignatures (DetectEngineCtx *de_ctx) |
| Orders the signatures. More... | |
| void | SCSigRegisterSignatureOrderingFuncs (DetectEngineCtx *de_ctx) |
| Lets you register the Signature ordering functions. The order in which the functions are registered, show the priority. The first function registered provides more priority than the function registered after it. To add a new registration function, register it by listing it in the correct position in the below sequence, based on the priority you would want to offer to that keyword. More... | |
| void | SCSigSignatureOrderingModuleCleanup (DetectEngineCtx *de_ctx) |
| De-registers all the signature ordering functions registered. More... | |
| DetectEngineCtx * | DetectEngineCtxInit (void) |
| Signature * | SigInit (DetectEngineCtx *, const char *) |
| Parses a signature and adds it to the Detection Engine Context. More... | |
| void | SigFree (DetectEngineCtx *, Signature *) |
| void | DetectEngineCtxFree (DetectEngineCtx *) |
| Free a DetectEngineCtx:: More... | |
| void | SCSigRegisterSignatureOrderingTests (void) |
Detailed Description
Signature ordering part of the detection engine.
Definition in file detect-engine-sigorder.c.
Macro Definition Documentation
◆ DETECT_FLOWBITS_NOT_USED
| #define DETECT_FLOWBITS_NOT_USED 1 |
Definition at line 53 of file detect-engine-sigorder.c.
◆ DETECT_FLOWBITS_TYPE_READ
| #define DETECT_FLOWBITS_TYPE_READ 2 |
Definition at line 54 of file detect-engine-sigorder.c.
◆ DETECT_FLOWBITS_TYPE_SET
| #define DETECT_FLOWBITS_TYPE_SET 4 |
Definition at line 56 of file detect-engine-sigorder.c.
◆ DETECT_FLOWBITS_TYPE_SET_READ
| #define DETECT_FLOWBITS_TYPE_SET_READ 3 |
Definition at line 55 of file detect-engine-sigorder.c.
◆ DETECT_FLOWINT_NOT_USED
| #define DETECT_FLOWINT_NOT_USED 1 |
Definition at line 58 of file detect-engine-sigorder.c.
◆ DETECT_FLOWINT_TYPE_READ
| #define DETECT_FLOWINT_TYPE_READ 2 |
Definition at line 59 of file detect-engine-sigorder.c.
◆ DETECT_FLOWINT_TYPE_SET
| #define DETECT_FLOWINT_TYPE_SET 4 |
Definition at line 61 of file detect-engine-sigorder.c.
◆ DETECT_FLOWINT_TYPE_SET_READ
| #define DETECT_FLOWINT_TYPE_SET_READ 3 |
Definition at line 60 of file detect-engine-sigorder.c.
◆ DETECT_FLOWVAR_NOT_USED
| #define DETECT_FLOWVAR_NOT_USED 1 |
Definition at line 43 of file detect-engine-sigorder.c.
◆ DETECT_FLOWVAR_TYPE_READ
| #define DETECT_FLOWVAR_TYPE_READ 2 |
Definition at line 44 of file detect-engine-sigorder.c.
◆ DETECT_FLOWVAR_TYPE_SET
| #define DETECT_FLOWVAR_TYPE_SET 4 |
Definition at line 46 of file detect-engine-sigorder.c.
◆ DETECT_FLOWVAR_TYPE_SET_READ
| #define DETECT_FLOWVAR_TYPE_SET_READ 3 |
Definition at line 45 of file detect-engine-sigorder.c.
◆ DETECT_PKTVAR_NOT_USED
| #define DETECT_PKTVAR_NOT_USED 1 |
Definition at line 48 of file detect-engine-sigorder.c.
◆ DETECT_PKTVAR_TYPE_READ
| #define DETECT_PKTVAR_TYPE_READ 2 |
Definition at line 49 of file detect-engine-sigorder.c.
◆ DETECT_PKTVAR_TYPE_SET
| #define DETECT_PKTVAR_TYPE_SET 4 |
Definition at line 51 of file detect-engine-sigorder.c.
◆ DETECT_PKTVAR_TYPE_SET_READ
| #define DETECT_PKTVAR_TYPE_SET_READ 3 |
Definition at line 50 of file detect-engine-sigorder.c.
◆ DETECT_XBITS_NOT_USED
| #define DETECT_XBITS_NOT_USED 1 |
Definition at line 63 of file detect-engine-sigorder.c.
◆ DETECT_XBITS_TYPE_READ
| #define DETECT_XBITS_TYPE_READ 2 |
Definition at line 64 of file detect-engine-sigorder.c.
◆ DETECT_XBITS_TYPE_SET
| #define DETECT_XBITS_TYPE_SET 4 |
Definition at line 66 of file detect-engine-sigorder.c.
◆ DETECT_XBITS_TYPE_SET_READ
| #define DETECT_XBITS_TYPE_SET_READ 3 |
Definition at line 65 of file detect-engine-sigorder.c.
Function Documentation
◆ DetectEngineCtxFree()
| void DetectEngineCtxFree | ( | DetectEngineCtx * | de_ctx | ) |
Free a DetectEngineCtx::
- Parameters
-
de_ctx DetectEngineCtx:: to be freed
Definition at line 2039 of file detect-engine.c.
Referenced by UTHGenericTest(), UTHPacketMatchSig(), UTHPacketMatchSigMpm(), and UTHParseSignature().
◆ DetectEngineCtxInit()
| DetectEngineCtx* DetectEngineCtxInit | ( | void | ) |
Definition at line 1994 of file detect-engine.c.
Referenced by UTHGenericTest(), UTHPacketMatchSig(), UTHPacketMatchSigMpm(), and UTHParseSignature().
◆ SCSigOrderSignatures()
| void SCSigOrderSignatures | ( | DetectEngineCtx * | de_ctx | ) |
Orders the signatures.
- Parameters
-
de_ctx Pointer to the Detection Engine Context that holds the signatures to be ordered
Definition at line 728 of file detect-engine-sigorder.c.
References de_ctx, SCLogDebug, and DetectEngineCtx_::sig_list.
Referenced by UTHMatchPackets().
◆ SCSigRegisterSignatureOrderingFuncs()
| void SCSigRegisterSignatureOrderingFuncs | ( | DetectEngineCtx * | de_ctx | ) |
Lets you register the Signature ordering functions. The order in which the functions are registered, show the priority. The first function registered provides more priority than the function registered after it. To add a new registration function, register it by listing it in the correct position in the below sequence, based on the priority you would want to offer to that keyword.
- Parameters
-
de_ctx Pointer to the detection engine context from which the signatures have to be ordered.
Definition at line 788 of file detect-engine-sigorder.c.
References SCLogDebug.
Referenced by UTHMatchPackets().
◆ SCSigRegisterSignatureOrderingTests()
| void SCSigRegisterSignatureOrderingTests | ( | void | ) |
Definition at line 2152 of file detect-engine-sigorder.c.
References UtRegisterTest().
◆ SCSigSignatureOrderingModuleCleanup()
| void SCSigSignatureOrderingModuleCleanup | ( | DetectEngineCtx * | de_ctx | ) |
De-registers all the signature ordering functions registered.
- Parameters
-
de_ctx Pointer to the detection engine context from which the signatures were ordered.
Definition at line 808 of file detect-engine-sigorder.c.
References de_ctx, SCSigOrderFunc_::next, DetectEngineCtx_::sc_sig_order_funcs, and SCFree.
Referenced by DetectEngineCtxFree(), and UTHMatchPackets().
◆ SigFree()
| void SigFree | ( | DetectEngineCtx * | , |
| Signature * | |||
| ) |
Definition at line 1387 of file detect-parse.c.
Referenced by SigCleanSignatures().
◆ SigInit()
| Signature* SigInit | ( | DetectEngineCtx * | de_ctx, |
| const char * | sigstr | ||
| ) |
Parses a signature and adds it to the Detection Engine Context.
- Parameters
-
de_ctx Pointer to the Detection Engine Context. sigstr Pointer to a character string containing the signature to be parsed.
- Return values
-
Pointer to the Signature instance on success; NULL on failure.
Definition at line 2069 of file detect-parse.c.
Referenced by UTHPacketMatchSig(), and UTHPacketMatchSigMpm().
