detect-engine-threshold.c File Reference
#include "suricata-common.h"#include "detect.h"#include "flow.h"#include "detect-parse.h"#include "detect-engine.h"#include "detect-engine-threshold.h"#include "detect-engine-address.h"#include "detect-engine-address-ipv6.h"#include "util-misc.h"#include "util-time.h"#include "util-error.h"#include "util-debug.h"#include "action-globals.h"#include "util-validate.h"#include "util-hash.h"#include "util-thash.h"#include "util-hash-lookup3.h"
Include dependency graph for detect-engine-threshold.c:
Go to the source code of this file.
Data Structures | |
| struct | Thresholds |
| struct | ThresholdEntry_ |
| struct | ThresholdCacheItem |
| struct | FlowThresholdEntryList_ |
| struct | FlowVarThreshold_ |
Macros | |
| #define | SID 0 |
| #define | GID 1 |
| #define | REV 2 |
| #define | TRACK 3 |
| #define | TENANT 4 |
| #define | TC_ADDRESS 0 |
| #define | TC_SID 1 |
| #define | TC_GID 2 |
| #define | TC_REV 3 |
| #define | TC_TENANT 4 |
Typedefs | |
| typedef struct ThresholdEntry_ | ThresholdEntry |
| typedef struct ThresholdCacheItem | ThresholdCacheItem |
| typedef struct FlowThresholdEntryList_ | FlowThresholdEntryList |
| typedef struct FlowVarThreshold_ | FlowVarThreshold |
Functions | |
| void | ThresholdInit (void) |
| void | ThresholdDestroy (void) |
| uint32_t | ThresholdsExpire (const SCTime_t ts) |
| RB_HEAD (THRESHOLD_CACHE, ThresholdCacheItem) | |
| RB_PROTOTYPE (THRESHOLD_CACHE, ThresholdCacheItem, rb, ThresholdCacheTreeCompareFunc) | |
| RB_GENERATE (THRESHOLD_CACHE, ThresholdCacheItem, rb, ThresholdCacheTreeCompareFunc) | |
| void | ThresholdCacheThreadFree (void) |
| const DetectThresholdData * | SigGetThresholdTypeIter (const Signature *sig, const SigMatchData **psm, int list) |
| Return next DetectThresholdData for signature. More... | |
| void | FlowThresholdVarFree (void *ptr) |
| int | PacketAlertThreshold (const DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const DetectThresholdData *td, Packet *p, const Signature *s, PacketAlert *pa) |
| Make the threshold logic for signatures. More... | |
Variables | |
| struct Thresholds | ctx |
| thread_local uint64_t | cache_lookup_cnt = 0 |
| thread_local uint64_t | cache_lookup_notinit = 0 |
| thread_local uint64_t | cache_lookup_nosupport = 0 |
| thread_local uint64_t | cache_lookup_miss_expired = 0 |
| thread_local uint64_t | cache_lookup_miss = 0 |
| thread_local uint64_t | cache_lookup_hit = 0 |
| thread_local uint64_t | cache_housekeeping_check = 0 |
| thread_local uint64_t | cache_housekeeping_expired = 0 |
| thread_local struct THRESHOLD_CACHE | threshold_cache_tree |
| thread_local uint64_t | threshold_cache_housekeeping_ts = 0 |
Detailed Description
Threshold part of the detection engine.
Definition in file detect-engine-threshold.c.
