Data structures and function prototypes for keeping state for the detection engine. More...

Data Structures
struct	DeStateStoreItem_

struct	DeStateStore_

struct	DetectEngineStateDirection_

struct	DetectEngineState_

#define	DETECT_ENGINE_INSPECT_SIG_NO_MATCH 0

#define	DETECT_ENGINE_INSPECT_SIG_MATCH 1

#define	DETECT_ENGINE_INSPECT_SIG_CANT_MATCH 2

#define	DETECT_ENGINE_INSPECT_SIG_CANT_MATCH_FILES 3

#define	DETECT_ENGINE_INSPECT_SIG_MATCH_MORE_FILES 4

#define	DE_STATE_CHUNK_SIZE 15

#define	DE_STATE_FLAG_FULL_INSPECT BIT_U32(0)

#define	DE_STATE_FLAG_SIG_CANT_MATCH BIT_U32(1)

#define	DE_STATE_ID_FILE_INSPECT 2UL

#define	DE_STATE_FLAG_FILE_INSPECT BIT_U32(DE_STATE_ID_FILE_INSPECT)

#define	DE_STATE_FLAG_BASE 3UL

#define	DETECT_ENGINE_STATE_FLAG_FILE_NEW BIT_U8(0)

typedef struct DeStateStoreItem_	DeStateStoreItem

typedef struct DeStateStore_	DeStateStore

typedef struct DetectEngineStateDirection_	DetectEngineStateDirection

typedef struct DetectEngineState_	DetectEngineState

DetectEngineState *	DetectEngineStateAlloc (void)
	Alloc a DetectEngineState object. More...

void	DetectEngineStateFree (DetectEngineState *state)
	Frees a DetectEngineState object. More...

Detailed Description

Data structures and function prototypes for keeping state for the detection engine.

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t; Anoop Saldanha anoop.nosp@m.sald.nosp@m.anha@.nosp@m.gmai.nosp@m.l.com

Definition in file detect-engine-state.h.

Macro Definition Documentation

◆ DE_STATE_CHUNK_SIZE

#define DE_STATE_CHUNK_SIZE 15

number of DeStateStoreItem's in one DeStateStore object

Definition at line 53 of file detect-engine-state.h.

◆ DE_STATE_FLAG_BASE

#define DE_STATE_FLAG_BASE 3UL

Definition at line 64 of file detect-engine-state.h.

◆ DE_STATE_FLAG_FILE_INSPECT

#define DE_STATE_FLAG_FILE_INSPECT BIT_U32(DE_STATE_ID_FILE_INSPECT)

Definition at line 61 of file detect-engine-state.h.

◆ DE_STATE_FLAG_FULL_INSPECT

#define DE_STATE_FLAG_FULL_INSPECT BIT_U32(0)

Definition at line 56 of file detect-engine-state.h.

◆ DE_STATE_FLAG_SIG_CANT_MATCH

#define DE_STATE_FLAG_SIG_CANT_MATCH BIT_U32(1)

Definition at line 57 of file detect-engine-state.h.

◆ DE_STATE_ID_FILE_INSPECT

#define DE_STATE_ID_FILE_INSPECT 2UL

Definition at line 60 of file detect-engine-state.h.

◆ DETECT_ENGINE_INSPECT_SIG_CANT_MATCH

#define DETECT_ENGINE_INSPECT_SIG_CANT_MATCH 2

Definition at line 40 of file detect-engine-state.h.

◆ DETECT_ENGINE_INSPECT_SIG_CANT_MATCH_FILES

#define DETECT_ENGINE_INSPECT_SIG_CANT_MATCH_FILES 3

indicate that the file inspection portion of a sig didn't match. This is used to handle state keeping as the detect engine is still only marginally aware of files.

Definition at line 44 of file detect-engine-state.h.

◆ DETECT_ENGINE_INSPECT_SIG_MATCH

#define DETECT_ENGINE_INSPECT_SIG_MATCH 1

Definition at line 39 of file detect-engine-state.h.

◆ DETECT_ENGINE_INSPECT_SIG_MATCH_MORE_FILES

#define DETECT_ENGINE_INSPECT_SIG_MATCH_MORE_FILES 4

hack to work around a file inspection limitation. Since there can be multiple files in a TX and the detection engine really don't know about that, we have to give the file inspection engine a way to indicate that one of the files matched, but that there are still more files that have ongoing inspection.

Definition at line 50 of file detect-engine-state.h.

◆ DETECT_ENGINE_INSPECT_SIG_NO_MATCH

#define DETECT_ENGINE_INSPECT_SIG_NO_MATCH 0

Definition at line 38 of file detect-engine-state.h.

◆ DETECT_ENGINE_STATE_FLAG_FILE_NEW

#define DETECT_ENGINE_STATE_FLAG_FILE_NEW BIT_U8(0)

Definition at line 71 of file detect-engine-state.h.

Typedef Documentation

◆ DeStateStore

typedef struct DeStateStore_ DeStateStore

◆ DeStateStoreItem

typedef struct DeStateStoreItem_ DeStateStoreItem

◆ DetectEngineState

typedef struct DetectEngineState_ DetectEngineState

◆ DetectEngineStateDirection

typedef struct DetectEngineStateDirection_ DetectEngineStateDirection

Data Structures