#include "suricata-common.h"
#include "suricata.h"
#include "debug.h"
#include "detect.h"
#include "flow.h"
#include "flow-private.h"
#include "flow-util.h"
#include "flow-worker.h"
#include "conf.h"
#include "conf-yaml-loader.h"
#include "app-layer-parser.h"
#include "app-layer-htp.h"
#include "detect-parse.h"
#include "detect-engine-sigorder.h"
#include "detect-engine-siggroup.h"
#include "detect-engine-address.h"
#include "detect-engine-port.h"
#include "detect-engine-prefilter.h"
#include "detect-engine-mpm.h"
#include "detect-engine-iponly.h"
#include "detect-engine-tag.h"
#include "detect-engine-file.h"
#include "detect-engine.h"
#include "detect-engine-state.h"
#include "detect-engine-payload.h"
#include "detect-byte-extract.h"
#include "detect-content.h"
#include "detect-uricontent.h"
#include "detect-tcphdr.h"
#include "detect-engine-threshold.h"
#include "detect-engine-content-inspection.h"
#include "detect-engine-loader.h"
#include "util-classification-config.h"
#include "util-reference-config.h"
#include "util-threshold-config.h"
#include "util-error.h"
#include "util-hash.h"
#include "util-byte.h"
#include "util-debug.h"
#include "util-unittest.h"
#include "util-action.h"
#include "util-magic.h"
#include "util-signal.h"
#include "util-spm.h"
#include "util-device.h"
#include "util-var-name.h"
#include "util-profiling.h"
#include "tm-threads.h"
#include "runmodes.h"
#include "reputation.h"
#include "util-hash-lookup3.h"

Data Structures
struct	DetectEngineSyncer_

struct	TenantLoaderCtx_

Macros
#define	DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT 3000

Typedefs
typedef struct DetectEngineSyncer_	DetectEngineSyncer

typedef struct TenantLoaderCtx_	TenantLoaderCtx

Enumerations
enum	DetectEngineSyncState { IDLE, RELOAD }

Functions
void	DetectPktInspectEngineRegister (const char *name, InspectionBufferGetPktDataPtr GetPktData, InspectionBufferPktInspectFunc Callback)
	register inspect engine at start up time More...

void	DetectAppLayerInspectEngineRegister (const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr Callback)
	register inspect engine at start up time More...

void	DetectAppLayerInspectEngineRegister2 (const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr2 Callback2, InspectionBufferGetDataPtr GetData)
	register inspect engine at start up time More...

int	DetectEngineAppInspectionEngine2Signature (DetectEngineCtx de_ctx, Signature s)

void	DetectEngineAppInspectionEngineSignatureFree (Signature *s)
	free app inspect engines for a signature More...

int	DetectBufferTypeMaxId (void)

int	DetectBufferTypeRegister (const char *name)

void	DetectBufferTypeSupportsPacket (const char *name)

void	DetectBufferTypeSupportsMpm (const char *name)

void	DetectBufferTypeSupportsTransformations (const char *name)

int	DetectBufferTypeGetByName (const char *name)

const char *	DetectBufferTypeGetNameById (const DetectEngineCtx *de_ctx, const int id)

void	DetectBufferTypeSetDescriptionByName (const char name, const char desc)

const char *	DetectBufferTypeGetDescriptionById (const DetectEngineCtx *de_ctx, const int id)

const char *	DetectBufferTypeGetDescriptionByName (const char *name)

bool	DetectBufferTypeSupportsPacketGetById (const DetectEngineCtx *de_ctx, const int id)

bool	DetectBufferTypeSupportsMpmGetById (const DetectEngineCtx *de_ctx, const int id)

void	DetectBufferTypeRegisterSetupCallback (const char name, void(SetupCallback)(const DetectEngineCtx , Signature ))

void	DetectBufferRunSetupCallback (const DetectEngineCtx de_ctx, const int id, Signature s)

void	DetectBufferTypeRegisterValidateCallback (const char name, _Bool(ValidateCallback)(const Signature , const char *sigerror))

bool	DetectBufferRunValidateCallback (const DetectEngineCtx de_ctx, const int id, const Signature s, const char **sigerror)

int	DetectBufferSetActiveList (Signature *s, const int list)

int	DetectBufferGetActiveList (DetectEngineCtx de_ctx, Signature s)

void	InspectionBufferClean (DetectEngineThreadCtx *det_ctx)

InspectionBuffer *	InspectionBufferGet (DetectEngineThreadCtx *det_ctx, const int list_id)

InspectionBuffer *	InspectionBufferMultipleForListGet (InspectionBufferMultipleForList *fb, uint32_t local_id)
	for a InspectionBufferMultipleForList get a InspectionBuffer More...

InspectionBufferMultipleForList *	InspectionBufferGetMulti (DetectEngineThreadCtx *det_ctx, const int list_id)

void	InspectionBufferInit (InspectionBuffer *buffer, uint32_t initial_size)

void	InspectionBufferSetup (InspectionBuffer buffer, const uint8_t data, const uint32_t data_len)
	setup the buffer with our initial data More...

void	InspectionBufferFree (InspectionBuffer *buffer)

void	InspectionBufferCheckAndExpand (InspectionBuffer *buffer, uint32_t min_size)
	make sure that the buffer has at least 'min_size' bytes Expand the buffer if necessary More...

void	InspectionBufferCopy (InspectionBuffer buffer, uint8_t buf, uint32_t buf_len)

void	InspectionBufferApplyTransforms (InspectionBuffer buffer, const DetectEngineTransforms transforms)

void	DetectBufferTypeCloseRegistration (void)

int	DetectBufferTypeGetByIdTransforms (DetectEngineCtx de_ctx, const int id, int transforms, int transform_cnt)

bool	DetectEnginePktInspectionRun (ThreadVars tv, DetectEngineThreadCtx det_ctx, const Signature s, Flow f, Packet p, uint8_t alert_flags)

int	DetectEnginePktInspectionSetup (Signature *s)

int	DetectEngineReloadStart (void)

int	DetectEngineReloadIsStart (void)

void	DetectEngineReloadSetIdle (void)

int	DetectEngineReloadIsIdle (void)

int	DetectEngineInspectGenericList (ThreadVars tv, const DetectEngineCtx de_ctx, DetectEngineThreadCtx det_ctx, const Signature s, const SigMatchData smd, Flow f, const uint8_t flags, void alstate, void txv, uint64_t tx_id)
	Do the content inspection & validation for a signature. More...

int	DetectEngineInspectBufferGeneric (DetectEngineCtx de_ctx, DetectEngineThreadCtx det_ctx, const DetectEngineAppInspectionEngine engine, const Signature s, Flow f, uint8_t flags, void alstate, void *txv, uint64_t tx_id)
	Do the content inspection & validation for a signature. More...

int	DetectEngineInspectPktBufferGeneric (DetectEngineThreadCtx det_ctx, const DetectEnginePktInspectionEngine engine, const Signature s, Packet p, uint8_t *_alert_flags)
	Do the content inspection & validation for a signature. More...

DetectEngineCtx *	DetectEngineCtxInitStubForMT (void)

DetectEngineCtx *	DetectEngineCtxInitStubForDD (void)

DetectEngineCtx *	DetectEngineCtxInit (void)

DetectEngineCtx *	DetectEngineCtxInitWithPrefix (const char *prefix)

void	DetectEngineCtxFree (DetectEngineCtx *de_ctx)
	Free a DetectEngineCtx:: More...

void	DetectEngineResetMaxSigId (DetectEngineCtx *de_ctx)

TmEcode	DetectEngineThreadCtxInit (ThreadVars tv, void initdata, void **data)
	initialize thread specific detection engine context More...

TmEcode	DetectEngineThreadCtxDeinit (ThreadVars tv, void data)

void	DetectEngineThreadCtxInfo (ThreadVars t, DetectEngineThreadCtx det_ctx)

int	DetectRegisterThreadCtxFuncs (DetectEngineCtx de_ctx, const char name, void (InitFunc)(void ), void data, void(FreeFunc)(void ), int mode)
	Register Thread keyword context Funcs. More...

void *	DetectThreadCtxGetKeywordThreadCtx (DetectEngineThreadCtx *det_ctx, int id)
	Retrieve thread local keyword ctx by id. More...

int	DetectRegisterThreadCtxGlobalFuncs (const char name, void (InitFunc)(void ), void data, void(FreeFunc)(void *))
	Register Thread keyword context Funcs (Global) More...

void *	DetectThreadCtxGetGlobalKeywordThreadCtx (DetectEngineThreadCtx *det_ctx, int id)
	Retrieve thread local keyword ctx by id. More...

int	DetectEngineEnabled (void)
	Check if detection is enabled. More...

uint32_t	DetectEngineGetVersion (void)

void	DetectEngineBumpVersion (void)

DetectEngineCtx *	DetectEngineGetCurrent (void)

DetectEngineCtx *	DetectEngineReference (DetectEngineCtx *de_ctx)

int	DetectEngineMultiTenantEnabled (void)

int	DetectEngineLoadTenantBlocking (uint32_t tenant_id, const char *yaml)
	Load a tenant and wait for loading to complete. More...

int	DetectEngineReloadTenantBlocking (uint32_t tenant_id, const char *yaml, int reload_cnt)
	Reload a tenant and wait for loading to complete. More...

int	DetectEngineMultiTenantSetup (void)
	setup multi-detect / multi-tenancy More...

int	DetectEngineTentantRegisterLivedev (uint32_t tenant_id, int device_id)

int	DetectEngineTentantRegisterVlanId (uint32_t tenant_id, uint16_t vlan_id)

int	DetectEngineTentantUnregisterVlanId (uint32_t tenant_id, uint16_t vlan_id)

int	DetectEngineTentantRegisterPcapFile (uint32_t tenant_id)

int	DetectEngineTentantUnregisterPcapFile (uint32_t tenant_id)

DetectEngineCtx *	DetectEngineGetByTenantId (int tenant_id)

void	DetectEngineDeReference (DetectEngineCtx **de_ctx)

int	DetectEngineAddToMaster (DetectEngineCtx *de_ctx)

int	DetectEngineMoveToFreeList (DetectEngineCtx *de_ctx)

void	DetectEnginePruneFreeList (void)

int	DetectEngineReload (const SCInstance *suri)
	Reload the detection engine. More...

int	DetectEngineMTApply (void)

void	DetectEngineSetParseMetadata (void)

void	DetectEngineUnsetParseMetadata (void)

int	DetectEngineMustParseMetadata (void)

const char *	DetectSigmatchListEnumToString (enum DetectSigmatchListEnum type)

void	DetectEngineSetEvent (DetectEngineThreadCtx *det_ctx, uint8_t e)

AppLayerDecoderEvents *	DetectEngineGetEvents (DetectEngineThreadCtx *det_ctx)

int	DetectEngineGetEventInfo (const char event_name, int event_id, AppLayerEventType *event_type)

void	DetectEngineRegisterTests ()

Variables
SCEnumCharMap	det_ctx_event_table []

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file detect-engine.c.

Macro Definition Documentation

#define DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT 3000

Definition at line 84 of file detect-engine.c.

Referenced by DetectEngineCtxFree(), and DetectEngineGetEventInfo().

Typedef Documentation

typedef struct DetectEngineSyncer_ DetectEngineSyncer

typedef struct TenantLoaderCtx_ TenantLoaderCtx

Enumeration Type Documentation

enum DetectEngineSyncState

Enumerator
IDLE	ready to start a reload
RELOAD	command main thread to do the reload

Definition at line 1453 of file detect-engine.c.

Function Documentation

void DetectAppLayerInspectEngineRegister	(	const char *	name,
		AppProto	alproto,
		uint32_t	dir,
		int	progress,
		InspectEngineFuncPtr	Callback
	)

register inspect engine at start up time

Registers an app inspection engine.

Note: errors are fatal

Definition at line 170 of file detect-engine.c.

References DetectEngineAppInspectionEngine_::alproto, ALPROTO_FAILED, AppLayerParserIsTxAware(), AppLayerParserSupportsTxDetectFlags(), AppProtoToString(), BUG_ON, DetectEngineAppInspectionEngine_::Callback, DETECT_SM_LIST_MATCH, DetectBufferTypeGetByName(), DetectBufferTypeRegister(), DetectEngineAppInspectionEngine_::dir, FatalError, DetectEngineAppInspectionEngine_::next, DetectEngineAppInspectionEngine_::progress, SC_ERR_INITIALIZATION, SC_ERR_INVALID_ARGUMENTS, SCLogError, SCMalloc, SIG_FLAG_TOCLIENT, SIG_FLAG_TOSERVER, DetectEngineAppInspectionEngine_::sm_list, and unlikely.

Referenced by DetectAppLayerEventRegister(), DetectCipServiceRegister(), DetectDceIfaceRegister(), DetectDNP3Register(), DetectDnsOpcodeRegister(), DetectDnsQueryRegister(), DetectEnipCommandRegister(), DetectFilenameRegister(), DetectFtpbounceRegister(), DetectFtpdataRegister(), DetectKrb5ErrCodeRegister(), DetectKrb5MsgTypeRegister(), DetectLuaRegister(), DetectModbusRegister(), DetectNfsProcedureRegister(), DetectNfsVersionRegister(), DetectSNMPPduTypeRegister(), DetectSNMPVersionRegister(), DetectSshSoftwareVersionRegister(), DetectSslStateRegister(), DetectTemplateRustBufferRegister(), DetectTlsRegister(), and DetectTlsValidityRegister().

Here is the call graph for this function:

Here is the caller graph for this function:

void DetectAppLayerInspectEngineRegister2	(	const char *	name,
		AppProto	alproto,
		uint32_t	dir,
		int	progress,
		InspectEngineFuncPtr2	Callback2,
		InspectionBufferGetDataPtr	GetData
	)

register inspect engine at start up time

Note: errors are fatal

Definition at line 231 of file detect-engine.c.

Here is the call graph for this function:

Here is the caller graph for this function:

int DetectBufferGetActiveList	(	DetectEngineCtx *	de_ctx,
		Signature *	s
	)

Definition at line 985 of file detect-engine.c.

References BUG_ON, DetectBufferTypeGetByIdTransforms(), Signature_::init_data, SignatureInitData_::list, SignatureInitData_::list_set, SCLogDebug, SignatureInitData_::transform_cnt, and SignatureInitData_::transforms.

Referenced by DetectBytejumpDoMatch(), DetectBytetestDoMatch(), DetectContentSetup(), DetectDatarepBufferMatch(), DetectDatasetBufferMatch(), DetectIsdataatSetup(), DetectLuaRegister(), and DetectPcrePayloadMatch().

Here is the call graph for this function:

Here is the caller graph for this function:

void DetectBufferRunSetupCallback	(	const DetectEngineCtx *	de_ctx,
		const int	id,
		Signature *	s
	)

Definition at line 943 of file detect-engine.c.

References DetectBufferType_::SetupCallback.

Referenced by SigAddressPrepareStage1(), and SigMatchList2DataArray().

Here is the caller graph for this function:

bool DetectBufferRunValidateCallback	(	const DetectEngineCtx *	de_ctx,
		const int	id,
		const Signature *	s,
		const char **	sigerror
	)

Definition at line 962 of file detect-engine.c.

References TRUE, and DetectBufferType_::ValidateCallback.

Referenced by SigMatchList2DataArray().

Here is the caller graph for this function:

int DetectBufferSetActiveList	(	Signature *	s,
		const int	list
	)

Definition at line 972 of file detect-engine.c.

References BUG_ON, Signature_::init_data, SignatureInitData_::list, SignatureInitData_::list_set, and SignatureInitData_::transform_cnt.

Here is the caller graph for this function:

void DetectBufferTypeCloseRegistration ( void )

Definition at line 1229 of file detect-engine.c.

References BUG_ON.

Referenced by SigTableSetup().

Here is the caller graph for this function:

int DetectBufferTypeGetByIdTransforms	(	DetectEngineCtx *	de_ctx,
		const int	id,
		int *	transforms,
		int	transform_cnt
	)

Definition at line 1236 of file detect-engine.c.

References Signature_::action, ACTION_DROP, DetectEngineCtx_::buffer_type_hash, DetectEngineCtx_::buffer_type_id, DetectEngineCtx_::buffer_type_map, DetectEngineCtx_::buffer_type_map_elements, BUG_ON, DetectEngineTransforms::cnt, SigMatchData_::ctx, DetectEngineThreadCtx_::de_ctx, DETECT_ENGINE_THREAD_CTX_STREAM_CONTENT_MATCH, DETECT_SM_LIST_MATCH, DETECT_SM_LIST_PMATCH, DetectAppLayerMpmRegisterByParentId(), DetectEngineInspectPacketPayload(), DetectEngineInspectStreamPayload(), DetectPktMpmRegisterByParentId(), Packet_::flags, Signature_::flags, DetectEngineThreadCtx_::flags, Packet_::flow, HashListTableAdd(), HashListTableLookup(), DetectBufferType_::id, SigMatchData_::is_last, KEYWORD_PROFILING_END, KEYWORD_PROFILING_SET_LIST, KEYWORD_PROFILING_START, SigTableElmt_::Match, DetectBufferType_::mpm, DetectBufferType_::packet, PACKET_ALERT_FLAG_DROP_FLOW, PACKET_ALERT_FLAG_STREAM_MATCH, DetectBufferType_::parent_id, PKT_DETECT_HAS_STREAMDATA, PKT_STREAM_ADD, res, SC_ERR_INVALID_SIGNATURE, SCCalloc, SCEnter, SCLogDebug, SCLogError, SCRealloc, DetectBufferType_::SetupCallback, SIG_FLAG_REQUIRE_PACKET, SIG_FLAG_REQUIRE_STREAM, sigmatch_table, Signature_::sm_arrays, DetectBufferType_::string, DetectBufferType_::supports_transforms, DetectEngineTransforms::transforms, DetectBufferType_::transforms, SigMatchData_::type, and DetectBufferType_::ValidateCallback.

Referenced by DetectBufferGetActiveList().

Here is the call graph for this function:

Here is the caller graph for this function:

int DetectBufferTypeGetByName ( const char * name )

Definition at line 860 of file detect-engine.c.

References DetectBufferType_::id.

const char* DetectBufferTypeGetDescriptionById	(	const DetectEngineCtx *	de_ctx,
		const int	id
	)

Definition at line 897 of file detect-engine.c.

References DetectBufferType_::description.

Referenced by EngineAnalysisFP(), and PerCentEncodingMatch().

Here is the caller graph for this function:

const char* DetectBufferTypeGetDescriptionByName ( const char * name )

Definition at line 906 of file detect-engine.c.

References DetectBufferType_::description.

const char* DetectBufferTypeGetNameById	(	const DetectEngineCtx *	de_ctx,
		const int	id
	)

Definition at line 869 of file detect-engine.c.

References DetectEngineCtx_::buffer_type_map, DetectEngineCtx_::buffer_type_map_elements, BUG_ON, and DetectBufferType_::string.

Referenced by DetectEngineAppInspectionEngine2Signature(), DetectRawbytesRegister(), EngineAnalysisFP(), EngineAnalysisRules2(), PerCentEncodingMatch(), SCProfilingKeywordsGlobalInit(), SigMatchList2DataArray(), and SignatureIsIPOnly().

Here is the caller graph for this function:

int DetectBufferTypeMaxId ( void )

Definition at line 735 of file detect-engine.c.

References HashListTable_::array_size, BUG_ON, HashListTableAdd(), HashListTableFree(), HashListTableInit(), HashListTableLookup(), hashlittle_safe(), DetectBufferType_::id, res, SCCalloc, SCFree, SCLogDebug, DetectBufferType_::string, and DetectBufferType_::transforms.

Referenced by SigAlloc().

Here is the call graph for this function:

Here is the caller graph for this function:

int DetectBufferTypeRegister ( const char * name )

Definition at line 816 of file detect-engine.c.

References BUG_ON, and DetectBufferType_::id.

Referenced by DetectAppLayerInspectEngineRegister(), DetectAppLayerInspectEngineRegister2(), DetectBufferTypeRegisterSetupCallback(), DetectBufferTypeRegisterValidateCallback(), DetectBufferTypeSupportsMpm(), DetectBufferTypeSupportsPacket(), DetectBufferTypeSupportsTransformations(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectDNP3Register(), DetectFileextRegister(), DetectFilemagicRegister(), DetectFileMd5Register(), DetectFileSha1Register(), DetectFileSha256Register(), DetectFilesizeRegister(), DetectFilestoreRegister(), DetectFtpbounceRegister(), DetectHttpServerBodyRegister(), DetectIpv4hdrRegister(), DetectIpv6hdrRegister(), DetectKrb5ErrCodeRegister(), DetectKrb5MsgTypeRegister(), DetectLuaRegister(), DetectPktInspectEngineRegister(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectSslStateRegister(), DetectSslVersionRegister(), DetectTcphdrRegister(), DetectTlsRegister(), DetectTlsVersionRegister(), DetectUdphdrRegister(), DetectUricontentRegister(), and DetectUrilenRegister().

Here is the caller graph for this function:

void DetectBufferTypeRegisterSetupCallback	(	const char *	name,
		void()(const DetectEngineCtx , Signature *)	SetupCallback
	)

Definition at line 933 of file detect-engine.c.

References BUG_ON, DetectBufferTypeRegister(), and DetectBufferType_::SetupCallback.

Referenced by DetectFiledataRegister(), DetectHttpClientBodyRegister(), DetectHttpUriRegister(), DetectSipUriRegister(), DetectTlsFingerprintRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), and DetectTlsSerialRegister().

Here is the call graph for this function:

Here is the caller graph for this function:

void DetectBufferTypeRegisterValidateCallback	(	const char *	name,
		_Bool()(const Signature , const char **sigerror)	ValidateCallback
	)

Definition at line 952 of file detect-engine.c.

References BUG_ON, DetectBufferTypeRegister(), and DetectBufferType_::ValidateCallback.

Referenced by DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpRawHeaderRegister(), DetectHttpUriRegister(), DetectSipMethodRegister(), DetectSipUriRegister(), DetectTlsFingerprintRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), and DetectTlsSerialRegister().

Here is the call graph for this function:

Here is the caller graph for this function:

void DetectBufferTypeSetDescriptionByName	(	const char *	name,
		const char *	desc
	)

Definition at line 888 of file detect-engine.c.

References DetectBufferType_::description.

Here is the caller graph for this function:

void DetectBufferTypeSupportsMpm ( const char * name )

Definition at line 840 of file detect-engine.c.

References BUG_ON, DetectBufferTypeRegister(), DetectBufferType_::id, DetectBufferType_::mpm, SCLogDebug, and TRUE.

Referenced by DetectAppLayerMpmRegister2(), and DetectPktMpmRegister().

Here is the call graph for this function:

Here is the caller graph for this function:

bool DetectBufferTypeSupportsMpmGetById	(	const DetectEngineCtx *	de_ctx,
		const int	id
	)

Definition at line 924 of file detect-engine.c.

References FALSE, DetectBufferType_::mpm, and SCLogDebug.

Referenced by DetectGetLastSMFromMpmLists(), and FastPatternSupportEnabledForSigMatchList().

Here is the caller graph for this function:

void DetectBufferTypeSupportsPacket ( const char * name )

Definition at line 830 of file detect-engine.c.

References BUG_ON, DetectBufferTypeRegister(), DetectBufferType_::id, DetectBufferType_::packet, SCLogDebug, and TRUE.

Referenced by DetectIpv4hdrRegister(), DetectIpv6hdrRegister(), DetectTcphdrRegister(), and DetectUdphdrRegister().

Here is the call graph for this function:

Here is the caller graph for this function:

bool DetectBufferTypeSupportsPacketGetById	(	const DetectEngineCtx *	de_ctx,
		const int	id
	)

Definition at line 915 of file detect-engine.c.

References FALSE, DetectBufferType_::packet, and SCLogDebug.

Referenced by SigMatchList2DataArray().

Here is the caller graph for this function:

void DetectBufferTypeSupportsTransformations ( const char * name )

Definition at line 850 of file detect-engine.c.

References BUG_ON, DetectBufferTypeRegister(), DetectBufferType_::id, SCLogDebug, and DetectBufferType_::supports_transforms.

Referenced by DetectAppLayerMpmRegister2(), and DetectPktMpmRegister().

Here is the call graph for this function:

Here is the caller graph for this function:

int DetectEngineAddToMaster ( DetectEngineCtx * de_ctx )

Definition at line 3893 of file detect-engine.c.

References DetectEngineMasterCtx_::lock, SCLogDebug, SCMutexLock, and SCMutexUnlock.

Referenced by DetectEngineMultiTenantEnabled(), DetectEngineReload(), DetectReplaceFreeInternal(), and PostRunDeinit().

Here is the caller graph for this function:

int DetectEngineAppInspectionEngine2Signature	(	DetectEngineCtx *	de_ctx,
		Signature *	s
	)

Note: for the file inspect engine, the id DE_STATE_ID_FILE_INSPECT is assigned.

Definition at line 466 of file detect-engine.c.

Referenced by SigAddressPrepareStage4().

Here is the call graph for this function:

Here is the caller graph for this function:

void DetectEngineAppInspectionEngineSignatureFree ( Signature * s )

free app inspect engines for a signature

For lists that are registered multiple times, like http_header and http_cookie, making the engines owner of the lists is complicated. Multiple engines in a sig may be pointing to the same list. To address this the 'free' code needs to be extra careful about not double freeing, so it takes an approach to first fill an array of the to-free pointers before freeing them.

Definition at line 667 of file detect-engine.c.

References Signature_::app_inspect, BUG_ON, SigMatchData_::ctx, DETECT_SM_LIST_DYNAMIC_START, SigTableElmt_::Free, SigMatchData_::is_last, MAX, DetectEngineAppInspectionEngine_::next, DetectEnginePktInspectionEngine::next, next, Signature_::pkt_inspect, SCFree, sigmatch_table, DetectEngineAppInspectionEngine_::sm_list, DetectEnginePktInspectionEngine::sm_list, DetectEngineAppInspectionEngine_::smd, DetectEnginePktInspectionEngine::smd, DetectEngineTransforms::transforms, and SigMatchData_::type.

Referenced by SigFree().

Here is the caller graph for this function:

void DetectEngineBumpVersion ( void )

Definition at line 3159 of file detect-engine.c.

References DetectEngineMasterCtx_::lock, SCLogDebug, SCMutexLock, SCMutexUnlock, and DetectEngineMasterCtx_::version.

Referenced by DetectEngineReload(), and PostRunDeinit().

Here is the caller graph for this function:

void DetectEngineCtxFree ( DetectEngineCtx * de_ctx )

Free a DetectEngineCtx::

Parameters

de_ctx DetectEngineCtx:: to be freed

Definition at line 2074 of file detect-engine.c.

References ByteExtractStringUint16(), ConfDump(), ConfGet(), ConfGetInt(), ConfGetNode(), DetectEngineCtx_::config_prefix, ConfNodeLookupChild(), ConfNodeLookupChildValue(), ConfNodeRemove(), DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT, DETECT_PREFILTER_AUTO, DETECT_PREFILTER_MPM, DetectAddressMapFree(), DetectMetadataHashFree(), DetectParseDupSigHashFree(), DetectPortCleanupList(), DetectPortParse(), ENGINE_PROFILE_CUSTOM, ENGINE_PROFILE_HIGH, ENGINE_PROFILE_LOW, ENGINE_PROFILE_MEDIUM, ENGINE_PROFILE_UNKNOWN, ENGINE_SGH_MPM_FACTORY_CONTEXT_FULL, ENGINE_SGH_MPM_FACTORY_CONTEXT_SINGLE, DetectEngineCtx_::inspection_recursion_limit, DetectEngineCtx_::max_uniq_toclient_groups, DetectEngineCtx_::max_uniq_toserver_groups, MPM_AC, MPM_AC_BS, MPM_AC_KS, MPM_HS, DetectEngineCtx_::mpm_matcher, MpmFactoryDeRegisterAllMpmCtxProfiles(), MpmStoreFree(), ConfNode_::name, DetectPort_::next, next, DetectPort_::port, DetectPort_::port2, DetectEngineCtx_::prefilter_setting, DetectEngineCtx_::profile_ctx, DetectEngineCtx_::profile_keyword_ctx, DetectEngineCtx_::profile_sgh_ctx, run_mode, RUNMODE_UNITTEST, SC_ERR_INVALID_YAML_CONF_ENTRY, SC_ERR_SIZE_PARSE, SCClassConfDeInitContext(), SCFree, SCLogDebug, SCLogError, SCLogWarning, SCProfilingKeywordDestroyCtx(), SCProfilingPrefilterDestroyCtx(), SCProfilingRuleDestroyCtx(), SCProfilingSghDestroyCtx(), SCRConfDeInitContext(), SCSigSignatureOrderingModuleCleanup(), DetectEngineCtx_::sgh_mpm_context, DetectEngineCtx_::sig_array, SigCleanSignatures(), SigGroupCleanup(), SigGroupHeadHashFree(), DetectEngineCtx_::spm_global_thread_ctx, SpmDestroyGlobalThreadCtx(), SRepDestroy(), TAILQ_FOREACH, DetectEngineCtx_::tcp_whitelist, ThresholdContextDestroy(), DetectEngineCtx_::udp_whitelist, ConfNode_::val, VarNameStoreFree(), and DetectEngineCtx_::version.

Referenced by ActionInitConfig(), AlertFastLogInitCtx(), DetectAckRegister(), DetectAppLayerProtocolRegister(), DetectBase64DataDoMatch(), DetectBase64DecodeDoMatch(), DetectByteExtractRetrieveSMVar(), DetectBytejumpDoMatch(), DetectBytetestDoMatch(), DetectCipServiceRegister(), DetectClasstypeRegister(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectDceStubDataRegister(), DetectDetectionFilterRegister(), DetectDistanceRegister(), DetectDNP3Register(), DetectDnsQueryRegister(), DetectEngineGetEventInfo(), DetectEngineInspectENIP(), DetectEngineInspectModbus(), DetectEngineInspectPktBufferGeneric(), DetectEngineInspectStream(), DetectEngineMultiTenantEnabled(), DetectEnginePruneFreeList(), DetectEngineReload(), DetectEngineStateResetTxs(), DetectEnipCommandRegister(), DetectFastPatternRegister(), DetectFilesizeRegister(), DetectFilestoreRegister(), DetectFlowFree(), DetectFlowintFree(), DetectFragOffsetFree(), DetectFtpbounceRegister(), DetectFtpdataRegister(), DetectGeoipRegister(), DetectGidRegister(), DetectHostbitFree(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectIcmpIdFree(), DetectIcmpSeqFree(), DetectICodeFree(), DetectIPProtoRemoveAllSMs(), DetectIPRepFree(), DetectIsdataatFree(), DetectITypeFree(), DetectKrb5ErrCodeRegister(), DetectKrb5MsgTypeRegister(), DetectL3ProtoRegister(), DetectLuaRegister(), DetectMetadataHashFree(), DetectModbusRegister(), DetectMsgRegister(), DetectPcrePayloadMatch(), DetectPktDataRegister(), DetectPriorityRegister(), DetectProtoContainsProto(), DetectReferenceFree(), DetectReplaceFreeInternal(), DetectRpcFree(), DetectSameipRegister(), DetectSeqRegister(), DetectSetupParseRegexes(), DetectSidRegister(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectTargetRegister(), DetectTemplateRustBufferRegister(), DetectThresholdRegister(), DetectTransformDotPrefixRegister(), DetectTransformStripWhitespaceRegister(), DetectUricontentRegister(), DetectUrilenValidateContent(), DetectWithinRegister(), DetectXbitFree(), HtpConfigRestoreBackup(), IPOnlyAddSignature(), MpmACRegister(), MpmACTileRegister(), RegisterModbusParsers(), SCACBSPrintInfo(), SCClassConfGenerateInValidDummyClassConfigFD03(), SCRConfGenerateInValidDummyReferenceConfigFD03(), SCRuleVarsGetConfVar(), SCSigSignatureOrderingModuleCleanup(), SCThresholdConfParseFile(), SigGroupHeadContainsSigId(), SigParseApplyDsizeToContent(), SMTPParserCleanup(), TagTimeoutCheck(), UTHGenericTest(), UTHPacketMatchSig(), UTHPacketMatchSigMpm(), and UTHParseSignature().

Here is the call graph for this function:

DetectEngineCtx* DetectEngineCtxInit ( void )

Definition at line 2029 of file detect-engine.c.

References DETECT_ENGINE_TYPE_NORMAL.

Referenced by ActionInitConfig(), AlertFastLogInitCtx(), DetectAckRegister(), DetectAppLayerProtocolRegister(), DetectBase64DataDoMatch(), DetectBase64DecodeDoMatch(), DetectBypassRegister(), DetectByteExtractRetrieveSMVar(), DetectBytejumpDoMatch(), DetectBytetestDoMatch(), DetectCipServiceRegister(), DetectClasstypeRegister(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectDceStubDataRegister(), DetectDetectionFilterRegister(), DetectDistanceRegister(), DetectDNP3Register(), DetectDnsQueryRegister(), DetectEngineCtxInitWithPrefix(), DetectEngineGetEventInfo(), DetectEngineInspectENIP(), DetectEngineInspectModbus(), DetectEngineInspectStream(), DetectEngineStateResetTxs(), DetectEnipCommandRegister(), DetectFastPatternRegister(), DetectFilesizeRegister(), DetectFilestoreRegister(), DetectFlowFree(), DetectFlowintFree(), DetectFragOffsetFree(), DetectFtpbounceRegister(), DetectFtpdataRegister(), DetectGeoipRegister(), DetectGidRegister(), DetectHostbitFree(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectIcmpIdFree(), DetectIcmpSeqFree(), DetectICodeFree(), DetectIPProtoRemoveAllSMs(), DetectIPRepFree(), DetectIsdataatFree(), DetectITypeFree(), DetectKrb5ErrCodeRegister(), DetectKrb5MsgTypeRegister(), DetectL3ProtoRegister(), DetectLuaRegister(), DetectMetadataHashFree(), DetectModbusRegister(), DetectMsgRegister(), DetectPcrePayloadMatch(), DetectPktDataRegister(), DetectPortHashFree(), DetectPriorityRegister(), DetectProtoContainsProto(), DetectReferenceFree(), DetectReplaceFreeInternal(), DetectRpcFree(), DetectSameipRegister(), DetectSeqRegister(), DetectSetupParseRegexes(), DetectSidRegister(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectTargetRegister(), DetectTemplateRustBufferRegister(), DetectThresholdRegister(), DetectTransformDotPrefixRegister(), DetectTransformStripWhitespaceRegister(), DetectUricontentRegister(), DetectUrilenValidateContent(), DetectWithinRegister(), DetectXbitFree(), HtpConfigRestoreBackup(), IPOnlyAddSignature(), MpmACRegister(), MpmACTileRegister(), PostRunDeinit(), RegisterModbusParsers(), SCACBSPrintInfo(), SCClassConfGenerateInValidDummyClassConfigFD03(), SCRConfGenerateInValidDummyReferenceConfigFD03(), SCRuleVarsGetConfVar(), SCSigSignatureOrderingModuleCleanup(), SCThresholdConfParseFile(), SigGroupHeadContainsSigId(), SigParseApplyDsizeToContent(), SMTPParserCleanup(), TagTimeoutCheck(), UTHGenericTest(), UTHPacketMatchSig(), UTHPacketMatchSigMpm(), and UTHParseSignature().

DetectEngineCtx* DetectEngineCtxInitStubForDD ( void )

Definition at line 2024 of file detect-engine.c.

References DETECT_ENGINE_TYPE_DD_STUB.

Referenced by PostRunDeinit().

Here is the caller graph for this function:

DetectEngineCtx* DetectEngineCtxInitStubForMT ( void )

Definition at line 2019 of file detect-engine.c.

References DETECT_ENGINE_TYPE_MT_STUB.

Referenced by DetectEngineMTApply(), and PostRunDeinit().

Here is the caller graph for this function:

DetectEngineCtx* DetectEngineCtxInitWithPrefix ( const char * prefix )

Definition at line 2034 of file detect-engine.c.

References DETECT_ENGINE_TYPE_NORMAL, DetectEngineCtxInit(), SigString_::filename, DetectEngineCtx_::keyword_list, next, DetectEngineThreadKeywordCtxItem_::next, SCFree, SigString_::sig_error, DetectEngineCtx_::sig_stat, SigString_::sig_str, TAILQ_FOREACH_SAFE, and TAILQ_REMOVE.

Referenced by DetectEngineMultiTenantEnabled(), and DetectEngineReload().

Here is the call graph for this function:

Here is the caller graph for this function:

void DetectEngineDeReference ( DetectEngineCtx ** de_ctx )

Definition at line 3869 of file detect-engine.c.

References BUG_ON, DetectEngineMasterCtx_::list, and DetectEngineCtx_::next.

Referenced by DetectEngineMultiTenantEnabled(), DetectEngineReload(), DetectEngineThreadCtxInit(), GlobalsInitPreConfig(), and UnixSocketPcapFile().

Here is the caller graph for this function:

int DetectEngineEnabled ( void )

Check if detection is enabled.

Return values

bool	true or false

Definition at line 3135 of file detect-engine.c.

References DetectEngineMasterCtx_::list, DetectEngineMasterCtx_::lock, SCMutexLock, and SCMutexUnlock.

Referenced by PostRunDeinit().

Here is the caller graph for this function:

DetectEngineCtx* DetectEngineGetByTenantId ( int tenant_id )

Definition at line 3843 of file detect-engine.c.

References DETECT_ENGINE_TYPE_TENANT, DetectEngineMasterCtx_::list, DetectEngineMasterCtx_::lock, DetectEngineCtx_::next, DetectEngineCtx_::ref_cnt, SCMutexLock, SCMutexUnlock, DetectEngineCtx_::tenant_id, and DetectEngineCtx_::type.

Referenced by DetectEngineMultiTenantEnabled(), and UnixSocketPcapFile().

Here is the caller graph for this function:

DetectEngineCtx* DetectEngineGetCurrent ( void )

Definition at line 3168 of file detect-engine.c.

References DETECT_ENGINE_TYPE_DD_STUB, DETECT_ENGINE_TYPE_MT_STUB, DETECT_ENGINE_TYPE_NORMAL, DetectEngineMasterCtx_::list, DetectEngineMasterCtx_::lock, DetectEngineCtx_::next, DetectEngineCtx_::ref_cnt, SCLogDebug, SCMutexLock, SCMutexUnlock, and DetectEngineCtx_::type.

Referenced by DetectEngineReload(), DetectEngineThreadCtxInit(), and GlobalsInitPreConfig().

Here is the caller graph for this function:

int DetectEngineGetEventInfo	(	const char *	event_name,
		int *	event_id,
		AppLayerEventType *	event_type
	)

Definition at line 4210 of file detect-engine.c.

References APP_LAYER_EVENT_TYPE_TRANSACTION, ConfCreateContextBackup(), ConfDeInit(), ConfInit(), ConfRestoreContextBackup(), ConfYamlLoadString(), DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT, DetectEngineCtxFree(), DetectEngineCtxInit(), DetectEngineCtx_::inspection_recursion_limit, DetectEngineCtx_::max_uniq_toclient_groups, DetectEngineCtx_::max_uniq_toserver_groups, SC_ERR_INVALID_ENUM_MAP, SCLogError, and SCMapEnumNameToValue().

Referenced by DetectAppLayerEventRegister().

Here is the call graph for this function:

Here is the caller graph for this function:

AppLayerDecoderEvents* DetectEngineGetEvents ( DetectEngineThreadCtx * det_ctx )

Definition at line 4205 of file detect-engine.c.

References DetectEngineThreadCtx_::decoder_events.

uint32_t DetectEngineGetVersion ( void )

Definition at line 3149 of file detect-engine.c.

References DetectEngineMasterCtx_::lock, SCMutexLock, SCMutexUnlock, version, and DetectEngineMasterCtx_::version.

Referenced by DetectEngineInspectPktBufferGeneric().

Here is the caller graph for this function:

int DetectEngineInspectBufferGeneric	(	DetectEngineCtx *	de_ctx,
		DetectEngineThreadCtx *	det_ctx,
		const DetectEngineAppInspectionEngine *	engine,
		const Signature *	s,
		Flow *	f,
		uint8_t	flags,
		void *	alstate,
		void *	txv,
		uint64_t	tx_id
	)

Do the content inspection & validation for a signature.

Parameters

de_ctx	Detection engine context
det_ctx	Detection engine thread context
s	Signature to inspect
f	Flow
flags	app layer flags
state	App layer state

Return values

0	no match.
1	match.
2	Sig can't match.

Definition at line 1570 of file detect-engine.c.

References Flow_::alproto, AppLayerParserGetStateProgress(), DetectEngineThreadCtx_::buffer_offset, DETECT_CI_FLAGS_END, DETECT_CI_FLAGS_START, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, DETECT_ENGINE_INSPECT_SIG_CANT_MATCH, DETECT_ENGINE_INSPECT_SIG_MATCH, DETECT_ENGINE_INSPECT_SIG_NO_MATCH, DetectEngineContentInspection(), DetectEngineThreadCtx_::discontinue_matching, InspectionBuffer::flags, DetectEngineAppInspectionEngine_::GetData, InspectionBuffer::inspect, InspectionBuffer::inspect_len, InspectionBuffer::inspect_offset, DetectEngineThreadCtx_::inspection_recursion_counter, DetectEngineAppInspectionEngine_::mpm, offset, DetectEngineAppInspectionEngine_::progress, Flow_::proto, SCLogDebug, DetectEngineAppInspectionEngine_::sm_list, DetectEngineAppInspectionEngine_::smd, DetectEngineAppInspectionEngine_::transforms, unlikely, and DetectEngineAppInspectionEngine_::v2.

Here is the call graph for this function:

Here is the caller graph for this function:

int DetectEngineInspectGenericList	(	ThreadVars *	tv,
		const DetectEngineCtx *	de_ctx,
		DetectEngineThreadCtx *	det_ctx,
		const Signature *	s,
		const SigMatchData *	smd,
		Flow *	f,
		const uint8_t	flags,
		void *	alstate,
		void *	txv,
		uint64_t	tx_id
	)

Do the content inspection & validation for a signature.

Parameters

de_ctx	Detection engine context
det_ctx	Detection engine thread context
s	Signature to inspect
sm	SigMatch to inspect
f	Flow
flags	app layer flags
state	App layer state

Return values

0	no match
1	match

Definition at line 1525 of file detect-engine.c.

References SigMatchData_::ctx, DETECT_ENGINE_INSPECT_SIG_CANT_MATCH, DETECT_ENGINE_INSPECT_SIG_MATCH, DETECT_ENGINE_INSPECT_SIG_NO_MATCH, SigMatchData_::is_last, KEYWORD_PROFILING_END, KEYWORD_PROFILING_START, SCLogDebug, sigmatch_table, and SigMatchData_::type.

Referenced by DetectDceIfaceRegister(), DetectEngineInspectDnsRequest(), DetectEngineInspectDnsResponse(), DetectFtpbounceRegister(), DetectFtpdataRegister(), DetectKrb5ErrCodeRegister(), DetectKrb5MsgTypeRegister(), DetectLuaRegister(), DetectNfsProcedureRegister(), DetectNfsVersionRegister(), DetectSNMPPduTypeRegister(), DetectSNMPVersionRegister(), DetectSslStateRegister(), and DetectTlsValidityRegister().

Here is the caller graph for this function:

int DetectEngineInspectPktBufferGeneric	(	DetectEngineThreadCtx *	det_ctx,
		const DetectEnginePktInspectionEngine *	engine,
		const Signature *	s,
		Packet *	p,
		uint8_t *	_alert_flags
	)

Do the content inspection & validation for a signature.

Parameters

de_ctx	Detection engine context
det_ctx	Detection engine thread context
s	Signature to inspect
p	Packet

Return values

0	no match.
1	match.

Definition at line 1635 of file detect-engine.c.

References ActionInitConfig(), DetectEngineThreadCtx_::buffer_offset, BUG_ON, PacketQueue_::cond_q, ConfGetBool(), DetectEngineCtx_::config_prefix, DetectEngineThreadCtx_::de_ctx, DETECT_CI_FLAGS_END, DETECT_CI_FLAGS_START, DETECT_ENGINE_CONTENT_INSPECTION_MODE_HEADER, DETECT_ENGINE_INSPECT_SIG_MATCH, DETECT_ENGINE_INSPECT_SIG_NO_MATCH, DETECT_ENGINE_TYPE_DD_STUB, DETECT_ENGINE_TYPE_MT_STUB, DetectAddressMapInit(), DetectEngineContentInspection(), DetectEngineCtxFree(), DetectEngineGetVersion(), DetectEngineThreadCtxDeinit(), DetectMetadataHashInit(), DetectParseDupSigHashInit(), DetectEngineThreadCtx_::discontinue_matching, DetectEngineCtx_::failure_fatal, TmModule_::flags, InspectionBuffer::flags, Packet_::flags, Packet_::flow, FlowWorkerGetDetectCtxPtr(), FlowWorkerReplaceDetectCtx(), DetectEnginePktInspectionEngine::GetData, Tmq_::id, ThreadVars_::inq, InspectionBuffer::inspect, InspectionBuffer::inspect_len, DetectEngineThreadCtx_::inspection_recursion_counter, DetectEnginePktInspectionEngine::mpm, DetectEngineCtx_::mpm_matcher, mpm_table, MpmStoreInit(), PacketQueue_::mutex_q, SpmTableElmt_::name, MpmTableElmt_::name, ThreadVars_::next, offset, PacketEnqueue(), PacketGetFromAlloc(), PatternMatchDefaultMatcher(), PKT_PSEUDO_STREAM_END, PKT_SET_SRC, PKT_SRC_DETECT_RELOAD_FLUSH, TmModule_::PktAcqBreakLoop, TmModule_::PktAcqLoop, SC_ATOMIC_GET, SC_ERR_LIVE_RULE_SWAP, SCClassConfLoadClassficationConfigFile(), SCCondSignal, SCEnter, SCLogDebug, SCLogError, SCLogInfo, SCMalloc, SCMutexLock, SCMutexUnlock, SCRConfLoadReferenceConfigFile(), DetectEngineCtx_::sig_stat, DetectEngineCtx_::sigerror, SigGroupHeadHashInit(), SinglePatternMatchDefaultMatcher(), TmSlot_::slot_next, DetectEnginePktInspectionEngine::sm_list, DetectEnginePktInspectionEngine::smd, DetectEngineCtx_::spm_global_thread_ctx, DetectEngineCtx_::spm_matcher, spm_table, SpmInitGlobalThreadCtx(), SRepInit(), SRepReloadComplete(), strlcpy(), suricata_ctl_flags, TAILQ_INIT, ThresholdHashInit(), THV_CAPTURE_INJECT_PKT, THV_RUNNING_DONE, TM_FLAG_DETECT_TM, TM_FLAG_RECEIVE_TM, TmSlot_::tm_id, ThreadVars_::tm_slots, TmModuleGetById(), TmThreadsCheckFlag(), TmThreadsSetFlag(), trans_q, DetectEnginePktInspectionEngine::transforms, tv_root, tv_root_lock, TVT_PPT, type, DetectEngineCtx_::type, unlikely, DetectEnginePktInspectionEngine::v1, VarNameStoreSetupStaging(), and DetectEngineCtx_::version.

Referenced by DetectIpv4hdrRegister(), DetectIpv6hdrRegister(), DetectTcphdrRegister(), and DetectUdphdrRegister().

Here is the call graph for this function:

Here is the caller graph for this function:

int DetectEngineLoadTenantBlocking	(	uint32_t	tenant_id,
		const char *	yaml
	)

Load a tenant and wait for loading to complete.

Definition at line 3394 of file detect-engine.c.

References DetectLoadersSync().

Referenced by UnixSocketPcapFile().

Here is the call graph for this function:

Here is the caller graph for this function:

int DetectEngineMoveToFreeList ( DetectEngineCtx * de_ctx )

Definition at line 3909 of file detect-engine.c.

References DetectEngineMasterCtx_::free_list, DetectEngineMasterCtx_::list, DetectEngineMasterCtx_::lock, next, DetectEngineCtx_::next, DetectEngineCtx_::ref_cnt, SCLogDebug, SCMutexLock, and SCMutexUnlock.

Referenced by DetectEngineMultiTenantEnabled(), DetectEngineReload(), DetectReplaceFreeInternal(), GlobalsInitPreConfig(), and UnixSocketPcapFile().

Here is the caller graph for this function:

int DetectEngineMTApply ( void )

Definition at line 4100 of file detect-engine.c.

References DETECT_ENGINE_TYPE_DD_STUB, DETECT_ENGINE_TYPE_MT_STUB, DETECT_ENGINE_TYPE_NORMAL, DetectEngineCtxInitStubForMT(), DetectEnginePruneFreeList(), DetectEngineMasterCtx_::list, DetectEngineMasterCtx_::lock, DetectEngineCtx_::next, SCLogDebug, SCLogInfo, SCMutexLock, SCMutexUnlock, DetectEngineCtx_::tenant_id, DetectEngineMasterCtx_::tenant_selector, TENANT_SELECTOR_UNKNOWN, and DetectEngineCtx_::type.

Referenced by UnixSocketPcapFile().

Here is the call graph for this function:

Here is the caller graph for this function:

int DetectEngineMultiTenantEnabled ( void )

TODO locking? Not needed if this is a one time setting at startup

Definition at line 3200 of file detect-engine.c.

References ConfGetNode(), DetectEngineCtx_::config_prefix, ConfYamlLoadFileWithPrefix(), DETECT_ENGINE_TYPE_TENANT, DetectEngineAddToMaster(), DetectEngineCtxFree(), DetectEngineCtxInitWithPrefix(), DetectEngineDeReference(), DetectEngineGetByTenantId(), DetectEngineMoveToFreeList(), DetectEngineCtx_::loader_id, DetectEngineMasterCtx_::multi_tenant_enabled, SC_ERR_CONF_YAML_ERROR, SC_ERR_FOPEN, SC_ERR_INITIALIZATION, SC_ERR_MT_DUPLICATE_TENANT, SC_ERR_NO_RULES_LOADED, SCLogDebug, SCLogError, SigLoadSignatures(), DetectEngineCtx_::tenant_id, and DetectEngineCtx_::type.

Referenced by DetectEngineThreadCtxInit(), SigGroupBuild(), and UnixSocketPcapFile().

Here is the call graph for this function:

Here is the caller graph for this function:

int DetectEngineMultiTenantSetup ( void )

setup multi-detect / multi-tenancy

See if MT is enabled. If so, setup the selector, tenants and mappings. Tenants and mappings are optional, and can also dynamically be added and removed from the unix socket.

Definition at line 3543 of file detect-engine.c.

References ByteExtractStringUint32(), ConfGet(), ConfGetBool(), ConfGetNode(), ConfNodeLookupChild(), ConfUnixSocketIsEnable(), ConfYamlLoadFileWithPrefix(), DetectLoadersInit(), DetectLoadersSync(), DetectLoaderThreadSpawn(), LiveDevice_::dev, EngineModeIsIPS(), Packet_::livedev, DetectEngineMasterCtx_::lock, DetectEngineSyncer_::m, DetectEngineMasterCtx_::multi_tenant_enabled, next, DetectEngineTenantMapping_::next, SC_ERR_CONF_YAML_ERROR, SC_ERR_INVALID_ARGUMENT, SC_ERR_INVALID_VALUE, SC_ERR_MT_NO_MAPPING, SCCalloc, SCFree, SCLogDebug, SCLogError, SCLogInfo, SCLogNotice, SCLogWarning, SCMutexLock, SCMutexUnlock, TAILQ_FOREACH, DetectEngineThreadCtx_::tenant_array, DetectEngineThreadCtx_::tenant_array_size, LiveDevice_::tenant_id, DetectEngineTenantMapping_::tenant_id, DetectEngineMasterCtx_::tenant_mapping_list, DetectEngineMasterCtx_::tenant_selector, TENANT_SELECTOR_DIRECT, TENANT_SELECTOR_LIVEDEV, TENANT_SELECTOR_UNKNOWN, TENANT_SELECTOR_VLAN, TmModuleDetectLoaderRegister(), TmThreadContinueDetectLoaderThreads(), DetectEngineTenantMapping_::traffic_id, ConfNode_::val, VarNameStoreActivateStaging(), Packet_::vlan_id, and Packet_::vlan_idx.

Referenced by PostRunDeinit().

Here is the call graph for this function:

Here is the caller graph for this function:

int DetectEngineMustParseMetadata ( void )

Definition at line 4165 of file detect-engine.c.

Referenced by DetectMetadataHashFree(), and DetectMetadataHashInit().

Here is the caller graph for this function:

bool DetectEnginePktInspectionRun	(	ThreadVars *	tv,
		DetectEngineThreadCtx *	det_ctx,
		const Signature *	s,
		Flow *	f,
		Packet *	p,
		uint8_t *	alert_flags
	)

Definition at line 1386 of file detect-engine.c.

References DetectEnginePktInspectionEngine::Callback, Signature_::id, DetectEnginePktInspectionEngine::next, Signature_::pkt_inspect, SCCalloc, SCEnter, SCLogDebug, DetectEnginePktInspectionEngine::smd, and DetectEnginePktInspectionEngine::v1.

Referenced by SigMatchSignaturesGetSgh().

Here is the caller graph for this function:

int DetectEnginePktInspectionSetup ( Signature * s )

Definition at line 1431 of file detect-engine.c.

References DETECT_SM_LIST_MATCH, DETECT_SM_LIST_PMATCH, Signature_::id, Signature_::init_data, SignatureInitData_::init_flags, SCLogDebug, SIG_FLAG_INIT_STATE_MATCH, and Signature_::sm_arrays.

Referenced by SigAddressPrepareStage4().

Here is the caller graph for this function:

void DetectEnginePruneFreeList ( void )

Definition at line 3960 of file detect-engine.c.

References DetectEngineCtxFree(), DetectEngineMasterCtx_::free_list, DetectEngineMasterCtx_::lock, next, DetectEngineCtx_::next, DetectEngineCtx_::ref_cnt, SCLogDebug, SCMutexLock, and SCMutexUnlock.

Referenced by DetectEngineMTApply(), DetectEngineReload(), DetectReplaceFreeInternal(), GlobalsInitPreConfig(), and UnixSocketPcapFile().

Here is the call graph for this function:

Here is the caller graph for this function:

DetectEngineCtx* DetectEngineReference ( DetectEngineCtx * de_ctx )

Definition at line 3191 of file detect-engine.c.

References DetectEngineCtx_::ref_cnt.

Referenced by DetectEngineThreadCtxInit().

Here is the caller graph for this function:

void DetectEngineRegisterTests ( void )

Definition at line 4466 of file detect-engine.c.

References UtRegisterTest().

Here is the call graph for this function:

int DetectEngineReload ( const SCInstance * suri )

Reload the detection engine.

Parameters

filename YAML file to load for the detect config

Return values

-1	error
0	ok

Definition at line 3999 of file detect-engine.c.

References HashTable_::array_size, SCInstance_::conf_filename, ConfDump(), ConfGetNode(), ConfYamlLoadFileWithPrefix(), DETECT_ENGINE_TYPE_DD_STUB, DETECT_ENGINE_TYPE_NORMAL, DetectEngineAddToMaster(), DetectEngineBumpVersion(), DetectEngineCtxFree(), DetectEngineCtxInitWithPrefix(), DetectEngineDeReference(), DetectEngineGetCurrent(), DetectEngineMoveToFreeList(), DetectEnginePruneFreeList(), SC_ERR_CONF_YAML_ERROR, SC_ERR_INITIALIZATION, SCLogDebug, SCLogError, SCLogNotice, SCInstance_::sig_file, SCInstance_::sig_file_exclusive, SigLoadSignatures(), DetectEngineThreadCtx_::tenant_id, and DetectEngineCtx_::type.

Referenced by PostRunDeinit().

Here is the call graph for this function:

Here is the caller graph for this function:

int DetectEngineReloadIsIdle ( void )

Definition at line 1501 of file detect-engine.c.

References DetectEngineSyncer_::m, SCMutexLock, SCMutexUnlock, and DetectEngineSyncer_::state.

int DetectEngineReloadIsStart ( void )

Definition at line 1481 of file detect-engine.c.

References DetectEngineSyncer_::m, RELOAD, SCMutexLock, SCMutexUnlock, and DetectEngineSyncer_::state.

Referenced by PostRunDeinit().

Here is the caller graph for this function:

void DetectEngineReloadSetIdle ( void )

Definition at line 1493 of file detect-engine.c.

References IDLE, DetectEngineSyncer_::m, SCMutexLock, SCMutexUnlock, and DetectEngineSyncer_::state.

Referenced by PostRunDeinit().

Here is the caller graph for this function:

int DetectEngineReloadStart ( void )

Definition at line 1467 of file detect-engine.c.

References DetectEngineSyncer_::m, RELOAD, SCMutexLock, SCMutexUnlock, and DetectEngineSyncer_::state.

Referenced by PostRunDeinit().

Here is the caller graph for this function:

int DetectEngineReloadTenantBlocking	(	uint32_t	tenant_id,
		const char *	yaml,
		int	reload_cnt
	)

Reload a tenant and wait for loading to complete.

Definition at line 3408 of file detect-engine.c.

References ByteExtractStringUint16(), ByteExtractStringUint32(), ConfNodeLookupChild(), DetectEngineTentantRegisterLivedev(), DetectEngineTentantRegisterVlanId(), DetectLoadersSync(), LiveDevice_::id, LiveGetDevice(), next, SC_ERR_INVALID_ARGUMENT, SC_ERR_MT_NO_MAPPING, SCLogError, SCLogWarning, TAILQ_FOREACH, LiveDevice_::tenant_id, LiveDevice_::tenant_id_set, and ConfNode_::val.

Referenced by UnixSocketPcapFile().

Here is the call graph for this function:

Here is the caller graph for this function:

void DetectEngineResetMaxSigId ( DetectEngineCtx * de_ctx )

Definition at line 2447 of file detect-engine.c.

Referenced by SigCleanSignatures().

Here is the call graph for this function:

Here is the caller graph for this function:

void DetectEngineSetEvent	(	DetectEngineThreadCtx *	det_ctx,
		uint8_t	e
	)

Definition at line 4199 of file detect-engine.c.

References AppLayerDecoderEventsSetEventRaw(), DetectEngineThreadCtx_::decoder_events, and DetectEngineThreadCtx_::events.

Referenced by FileSwfDecompression(), FileSwfLzmaDecompression(), and FileSwfZlibDecompression().

Here is the call graph for this function:

Here is the caller graph for this function:

void DetectEngineSetParseMetadata ( void )

Definition at line 4155 of file detect-engine.c.

Referenced by DetectMetadataHashFree().

Here is the caller graph for this function:

int DetectEngineTentantRegisterLivedev	(	uint32_t	tenant_id,
		int	device_id
	)

Definition at line 3811 of file detect-engine.c.

References TENANT_SELECTOR_LIVEDEV.

Referenced by DetectEngineReloadTenantBlocking().

Here is the caller graph for this function:

int DetectEngineTentantRegisterPcapFile ( uint32_t tenant_id )

Definition at line 3826 of file detect-engine.c.

References SCLogInfo, and TENANT_SELECTOR_DIRECT.

Referenced by UnixSocketPcapFile().

Here is the caller graph for this function:

int DetectEngineTentantRegisterVlanId	(	uint32_t	tenant_id,
		uint16_t	vlan_id
	)

Definition at line 3816 of file detect-engine.c.

References TENANT_SELECTOR_VLAN.

Referenced by DetectEngineReloadTenantBlocking(), and UnixSocketPcapFile().

Here is the caller graph for this function:

int DetectEngineTentantUnregisterPcapFile ( uint32_t tenant_id )

Definition at line 3832 of file detect-engine.c.

References Packet_::pcap_v, SCLogInfo, PcapPacketVars_::tenant_id, and TENANT_SELECTOR_DIRECT.

Referenced by UnixSocketPcapFile().

Here is the caller graph for this function:

int DetectEngineTentantUnregisterVlanId	(	uint32_t	tenant_id,
		uint16_t	vlan_id
	)

Definition at line 3821 of file detect-engine.c.

References TENANT_SELECTOR_VLAN.

Referenced by UnixSocketPcapFile().

Here is the caller graph for this function:

TmEcode DetectEngineThreadCtxDeinit	(	ThreadVars *	tv,
		void *	data
	)

Definition at line 2978 of file detect-engine.c.

References HashTableFree(), DetectEngineThreadCtx_::mt_det_ctxs_hash, SC_ERR_INVALID_ARGUMENTS, SCLogWarning, and TM_ECODE_OK.

Referenced by AlertFastLogInitCtx(), DetectAckRegister(), DetectBase64DecodeDoMatch(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectDceStubDataRegister(), DetectDetectionFilterRegister(), DetectDNP3Register(), DetectDnsQueryRegister(), DetectEngineInspectENIP(), DetectEngineInspectModbus(), DetectEngineInspectPktBufferGeneric(), DetectEngineInspectStream(), DetectEngineStateResetTxs(), DetectEngineThreadCtxInit(), DetectFastPatternRegister(), DetectFlowFree(), DetectFlowintFree(), DetectFragOffsetFree(), DetectFtpbounceRegister(), DetectHostbitFree(), DetectIcmpIdFree(), DetectIcmpSeqFree(), DetectICodeFree(), DetectIPProtoRemoveAllSMs(), DetectIPRepFree(), DetectITypeFree(), DetectL3ProtoRegister(), DetectPcrePayloadMatch(), DetectProtoContainsProto(), DetectReplaceFreeInternal(), DetectRpcFree(), DetectSameipRegister(), DetectSetupParseRegexes(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectTemplateRustBufferRegister(), DetectThresholdRegister(), DetectTransformDotPrefixRegister(), DetectTransformStripWhitespaceRegister(), DetectUricontentRegister(), DetectXbitFree(), HtpConfigRestoreBackup(), MpmACRegister(), MpmACTileRegister(), RegisterModbusParsers(), SCACBSPrintInfo(), SCThresholdConfParseFile(), SigParseApplyDsizeToContent(), SMTPParserCleanup(), TagTimeoutCheck(), UTHMatchPackets(), UTHMatchPacketsWithResults(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().

Here is the call graph for this function:

void DetectEngineThreadCtxInfo	(	ThreadVars *	t,
		DetectEngineThreadCtx *	det_ctx
	)

Definition at line 2996 of file detect-engine.c.

References DetectEngineThreadCtx_::de_ctx, DetectEngineCtx_::mpm_matcher, DetectEngineThreadCtx_::mtc, DetectEngineThreadCtx_::mtcu, and PatternMatchThreadPrint().

Here is the call graph for this function:

TmEcode DetectEngineThreadCtxInit	(	ThreadVars *	tv,
		void *	initdata,
		void **	data
	)

initialize thread specific detection engine context

Note: there is a special case when using delayed detect. In this case the function is called twice per thread. The first time the rules are not yet loaded. de_ctx->delayed_detect_initialized will be 0. The 2nd time they will be loaded. de_ctx->delayed_detect_initialized will be 1. This is needed to do the per thread counter registration before the packet runtime starts. In delayed detect mode, the first call will return a NULL ptr through the data ptr.

Parameters

tv	ThreadVars for this thread
initdata	pointer to de_ctx
data[out]	pointer to store our thread detection ctx

Return values

TM_ECODE_OK	if all went well
TM_ECODE_FAILED	on serious erro

alert counter setup

Definition at line 2770 of file detect-engine.c.

Referenced by AlertFastLogInitCtx(), DetectAckRegister(), DetectBase64DecodeDoMatch(), DetectBypassRegister(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectDceStubDataRegister(), DetectDetectionFilterRegister(), DetectDNP3Register(), DetectDnsQueryRegister(), DetectEngineInspectENIP(), DetectEngineInspectModbus(), DetectEngineInspectStream(), DetectEngineStateResetTxs(), DetectFastPatternRegister(), DetectFlowFree(), DetectFlowintFree(), DetectFragOffsetFree(), DetectFtpbounceRegister(), DetectHostbitFree(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectIcmpIdFree(), DetectIcmpSeqFree(), DetectICodeFree(), DetectIPProtoRemoveAllSMs(), DetectIPRepFree(), DetectITypeFree(), DetectL3ProtoRegister(), DetectLuaRegister(), DetectPcrePayloadMatch(), DetectProtoContainsProto(), DetectReplaceFreeInternal(), DetectRpcFree(), DetectSameipRegister(), DetectSetupParseRegexes(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectTemplateRustBufferRegister(), DetectThresholdRegister(), DetectTransformDotPrefixRegister(), DetectTransformStripWhitespaceRegister(), DetectUricontentRegister(), DetectUrilenValidateContent(), DetectXbitFree(), HtpConfigRestoreBackup(), MpmACRegister(), MpmACTileRegister(), RegisterModbusParsers(), SCACBSPrintInfo(), SCThresholdConfParseFile(), SigGroupHeadContainsSigId(), SigParseApplyDsizeToContent(), SMTPParserCleanup(), TagTimeoutCheck(), UTHMatchPackets(), UTHMatchPacketsWithResults(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().

Here is the call graph for this function:

void DetectEngineUnsetParseMetadata ( void )

Definition at line 4160 of file detect-engine.c.

Referenced by DetectMetadataHashFree().

Here is the caller graph for this function:

void DetectPktInspectEngineRegister	(	const char *	name,
		InspectionBufferGetPktDataPtr	GetPktData,
		InspectionBufferPktInspectFunc	Callback
	)

register inspect engine at start up time

Note: errors are fatal

Definition at line 128 of file detect-engine.c.

References BUG_ON, DetectEnginePktInspectionEngine::Callback, DETECT_SM_LIST_MATCH, DetectBufferTypeGetByName(), DetectBufferTypeRegister(), FatalError, DetectEnginePktInspectionEngine::GetData, DetectEnginePktInspectionEngine::next, SC_ERR_INITIALIZATION, SC_ERR_INVALID_ARGUMENTS, SCCalloc, SCLogError, DetectEnginePktInspectionEngine::sm_list, unlikely, and DetectEnginePktInspectionEngine::v1.

Referenced by DetectIpv4hdrRegister(), DetectIpv6hdrRegister(), DetectTcphdrRegister(), and DetectUdphdrRegister().

Here is the call graph for this function:

Here is the caller graph for this function:

int DetectRegisterThreadCtxFuncs	(	DetectEngineCtx *	de_ctx,
		const char *	name,
		void ()(void *)	InitFunc,
		void *	data,
		void()(void )	FreeFunc,
		int	mode
	)

Register Thread keyword context Funcs.

Parameters

de_ctx	detection engine to register in
name	keyword name for error printing
InitFunc	function ptr
data	keyword init data to pass to Func. Can be NULL.
FreeFunc	function ptr
mode	0 normal (ctx per keyword instance) 1 shared (one ctx per det_ct)

Return values

id	for retrieval of ctx at runtime
-1	on error

Note: make sure "data" remains valid and it free'd elsewhere. It's recommended to store it in the keywords global ctx so that it's freed when the de_ctx is freed.

Definition at line 3019 of file detect-engine.c.

References BUG_ON, DetectEngineThreadKeywordCtxItem_::data, DetectEngineThreadKeywordCtxItem_::FreeFunc, DetectEngineThreadKeywordCtxItem_::id, DetectEngineThreadKeywordCtxItem_::InitFunc, DetectEngineCtx_::keyword_id, DetectEngineCtx_::keyword_list, DetectEngineThreadKeywordCtxItem_::name, DetectEngineThreadKeywordCtxItem_::next, SCMalloc, and unlikely.

Referenced by DetectFilemagicRegister(), and DetectLuaRegister().

Here is the caller graph for this function:

int DetectRegisterThreadCtxGlobalFuncs	(	const char *	name,
		void ()(void *)	InitFunc,
		void *	data,
		void()(void )	FreeFunc
	)

Register Thread keyword context Funcs (Global)

IDs stay static over reloads and between tenants

Parameters

name	keyword name for error printing
InitFunc	function ptr
FreeFunc	function ptr

Return values

id	for retrieval of ctx at runtime
-1	on error

Definition at line 3079 of file detect-engine.c.

References BUG_ON, DetectEngineThreadKeywordCtxItem_::data, DetectEngineThreadKeywordCtxItem_::FreeFunc, DetectEngineThreadKeywordCtxItem_::id, DetectEngineThreadKeywordCtxItem_::InitFunc, DetectEngineMasterCtx_::keyword_id, DetectEngineMasterCtx_::keyword_list, DetectEngineThreadKeywordCtxItem_::name, DetectEngineThreadKeywordCtxItem_::next, SCCalloc, and unlikely.

Referenced by DetectHttpHeaderNamesRegister(), DetectHttpHeaderRegister(), and DetectHttpStartRegister().

Here is the caller graph for this function:

const char* DetectSigmatchListEnumToString ( enum DetectSigmatchListEnum type )

Definition at line 4170 of file detect-engine.c.

References DETECT_SM_LIST_BASE64_DATA, DETECT_SM_LIST_MATCH, DETECT_SM_LIST_MAX, DETECT_SM_LIST_PMATCH, DETECT_SM_LIST_POSTMATCH, DETECT_SM_LIST_SUPPRESS, DETECT_SM_LIST_THRESHOLD, and DETECT_SM_LIST_TMATCH.

Referenced by CleanupFPAnalyzer(), EngineAnalysisRules2(), and SCProfilingKeywordsGlobalInit().

Here is the caller graph for this function:

void* DetectThreadCtxGetGlobalKeywordThreadCtx	(	DetectEngineThreadCtx *	det_ctx,
		int	id
	)

Retrieve thread local keyword ctx by id.

Parameters

det_ctx	detection engine thread ctx to retrieve the ctx from
id	id of the ctx returned by DetectRegisterThreadCtxInitFunc at keyword init.

Return values

ctx	or NULL on error

Definition at line 3123 of file detect-engine.c.

References DetectEngineThreadCtx_::global_keyword_ctxs_array, and DetectEngineThreadCtx_::global_keyword_ctxs_size.

Referenced by HttpHeaderGetBufferSpaceForTXID().

Here is the caller graph for this function:

void* DetectThreadCtxGetKeywordThreadCtx	(	DetectEngineThreadCtx *	det_ctx,
		int	id
	)

Retrieve thread local keyword ctx by id.

Parameters

det_ctx	detection engine thread ctx to retrieve the ctx from
id	id of the ctx returned by DetectRegisterThreadCtxInitFunc at keyword init.

Return values

ctx	or NULL on error

Definition at line 3059 of file detect-engine.c.

References DetectEngineThreadCtx_::keyword_ctxs_array, and DetectEngineThreadCtx_::keyword_ctxs_size.

Referenced by DetectFilemagicRegister(), and DetectLuaRegister().

Here is the caller graph for this function:

void InspectionBufferApplyTransforms	(	InspectionBuffer *	buffer,
		const DetectEngineTransforms *	transforms
	)

Definition at line 1140 of file detect-engine.c.

References DetectEngineCtx_::app_inspect_engines, DetectEngineCtx_::app_mpms_list, DetectEngineCtx_::buffer_type_hash, DetectEngineCtx_::buffer_type_id, DetectEngineCtx_::buffer_type_map, DetectEngineCtx_::buffer_type_map_elements, BUG_ON, DetectBufferType_::description, DETECT_SM_LIST_DYNAMIC_START, DETECT_TRANSFORMS_MAX, DetectMpmInitializeAppMpms(), DetectMpmInitializePktMpms(), HashListTableFree(), HashListTableGetListData, HashListTableGetListHead(), HashListTableGetListNext, HashListTableInit(), DetectBufferType_::id, DetectBufferType_::mpm, DetectEngineAppInspectionEngine_::next, DetectEnginePktInspectionEngine::next, next, DetectBufferMpmRegistery_::next, DetectBufferType_::packet, DetectEngineCtx_::pkt_inspect_engines, DetectEngineCtx_::pkt_mpms_list, PrefilterDeinit(), PrefilterInit(), SCCalloc, SCFree, SCLogDebug, DetectBufferType_::SetupCallback, sigmatch_table, DetectBufferType_::string, SigTableElmt_::Transform, DetectEngineTransforms::transforms, and DetectBufferType_::ValidateCallback.

Here is the call graph for this function:

Here is the caller graph for this function:

void InspectionBufferCheckAndExpand	(	InspectionBuffer *	buffer,
		uint32_t	min_size
	)

make sure that the buffer has at least 'min_size' bytes Expand the buffer if necessary

Definition at line 1111 of file detect-engine.c.

References InspectionBuffer::buf, likely, SCRealloc, and InspectionBuffer::size.

Referenced by FileSwfDecompression(), and InspectionBufferCopy().

Here is the caller graph for this function:

void InspectionBufferClean ( DetectEngineThreadCtx * det_ctx )

Definition at line 1007 of file detect-engine.c.

References DetectEngineThreadCtx_::buffers, InspectionBufferMultipleForList::init, InspectionBuffer::inspect, DetectEngineThreadCtx_::inspect, InspectionBufferMultipleForList::inspection_buffers, InspectionBufferMultipleForList::max, DetectEngineThreadCtx_::multi_inspect, DetectEngineThreadCtx_::to_clear_idx, and DetectEngineThreadCtx_::to_clear_queue.

Referenced by SigMatchSignaturesGetSgh().

Here is the caller graph for this function:

void InspectionBufferCopy	(	InspectionBuffer *	buffer,
		uint8_t *	buf,
		uint32_t	buf_len
	)

Definition at line 1128 of file detect-engine.c.

References InspectionBuffer::buf, InspectionBuffer::inspect, InspectionBuffer::inspect_len, InspectionBufferCheckAndExpand(), MIN, and InspectionBuffer::size.

Referenced by DetectTransformCompressWhitespaceRegister(), DetectTransformDotPrefixRegister(), DetectTransformMd5Register(), DetectTransformSha1Register(), DetectTransformSha256Register(), and DetectTransformStripWhitespaceRegister().

Here is the call graph for this function:

Here is the caller graph for this function:

void InspectionBufferFree ( InspectionBuffer * buffer )

Definition at line 1099 of file detect-engine.c.

References InspectionBuffer::buf, and SCFree.

Referenced by DetectEngineThreadCtxInit(), DetectTransformCompressWhitespaceRegister(), DetectTransformDotPrefixRegister(), DetectTransformMd5Register(), DetectTransformSha1Register(), DetectTransformSha256Register(), and DetectTransformStripWhitespaceRegister().

Here is the caller graph for this function:

InspectionBuffer* InspectionBufferGet	(	DetectEngineThreadCtx *	det_ctx,
		const int	list_id
	)

Definition at line 1033 of file detect-engine.c.

References DetectEngineThreadCtx_::buffers, InspectionBuffer::inspect, DetectEngineThreadCtx_::inspect, DetectEngineThreadCtx_::to_clear_idx, and DetectEngineThreadCtx_::to_clear_queue.

Referenced by DetectHttpClientBodyRegister(), DetectHttpCookieRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriSetup(), DetectIpv4hdrRegister(), DetectIpv6hdrRegister(), DetectSNMPCommunityRegister(), DetectTcphdrRegister(), DetectTemplateBufferRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), DetectTlsJa3SStringRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), DetectTlsSubjectRegister(), and DetectUdphdrRegister().

Here is the caller graph for this function:

InspectionBufferMultipleForList* InspectionBufferGetMulti	(	DetectEngineThreadCtx *	det_ctx,
		const int	list_id
	)

Definition at line 1072 of file detect-engine.c.

References DetectEngineThreadCtx_::buffers, InspectionBufferMultipleForList::init, DetectEngineThreadCtx_::multi_inspect, DetectEngineThreadCtx_::to_clear_idx, and DetectEngineThreadCtx_::to_clear_queue.

Referenced by DetectFilemagicRegister(), DetectFilenameRegister(), and DetectTlsCertsRegister().

Here is the caller graph for this function:

void InspectionBufferInit	(	InspectionBuffer *	buffer,
		uint32_t	initial_size
	)

Definition at line 1082 of file detect-engine.c.

References InspectionBuffer::buf, SCCalloc, and InspectionBuffer::size.

Referenced by DetectTransformCompressWhitespaceRegister(), DetectTransformDotPrefixRegister(), DetectTransformMd5Register(), DetectTransformSha1Register(), DetectTransformSha256Register(), and DetectTransformStripWhitespaceRegister().

Here is the caller graph for this function:

InspectionBuffer* InspectionBufferMultipleForListGet	(	InspectionBufferMultipleForList *	fb,
		uint32_t	local_id
	)

for a InspectionBufferMultipleForList get a InspectionBuffer

Parameters

fb	the multiple buffer array
local_id	the index to get a buffer
buffer	the inspect buffer or NULL in case of error

Definition at line 1046 of file detect-engine.c.

References InspectionBufferMultipleForList::inspection_buffers, MAX, InspectionBufferMultipleForList::max, SCLogDebug, SCRealloc, and InspectionBufferMultipleForList::size.

Referenced by DetectFilemagicRegister(), DetectFilenameRegister(), and DetectTlsCertsRegister().

Here is the caller graph for this function:

void InspectionBufferSetup	(	InspectionBuffer *	buffer,
		const uint8_t *	data,
		const uint32_t	data_len
	)

setup the buffer with our initial data

Definition at line 1092 of file detect-engine.c.

References InspectionBuffer::inspect, InspectionBuffer::inspect_len, InspectionBuffer::len, InspectionBuffer::orig, and InspectionBuffer::orig_len.

Here is the caller graph for this function:

Variable Documentation

SCEnumCharMap det_ctx_event_table[]

Initial value:

= {
    { "TEST",                       DET_CTX_EVENT_TEST },
    { "NO_MEMORY",                  FILE_DECODER_EVENT_NO_MEM },
    { "INVALID_SWF_LENGTH",         FILE_DECODER_EVENT_INVALID_SWF_LENGTH },
    { "INVALID_SWF_VERSION",        FILE_DECODER_EVENT_INVALID_SWF_VERSION },
    { "Z_DATA_ERROR",               FILE_DECODER_EVENT_Z_DATA_ERROR },
    { "Z_STREAM_ERROR",             FILE_DECODER_EVENT_Z_STREAM_ERROR },
    { "Z_BUF_ERROR",                FILE_DECODER_EVENT_Z_BUF_ERROR },
    { "Z_UNKNOWN_ERROR",            FILE_DECODER_EVENT_Z_UNKNOWN_ERROR },
    { "LZMA_DECODER_ERROR",         FILE_DECODER_EVENT_LZMA_DECODER_ERROR },
    { "LZMA_MEMLIMIT_ERROR",        FILE_DECODER_EVENT_LZMA_MEMLIMIT_ERROR },
    { "LZMA_OPTIONS_ERROR",         FILE_DECODER_EVENT_LZMA_OPTIONS_ERROR },
    { "LZMA_FORMAT_ERROR",          FILE_DECODER_EVENT_LZMA_FORMAT_ERROR },
    { "LZMA_DATA_ERROR",            FILE_DECODER_EVENT_LZMA_DATA_ERROR },
    { "LZMA_BUF_ERROR",             FILE_DECODER_EVENT_LZMA_BUF_ERROR },
    { "LZMA_UNKNOWN_ERROR",         FILE_DECODER_EVENT_LZMA_UNKNOWN_ERROR },
    { NULL,                         -1 },
}

Definition at line 104 of file detect-engine.c.

Data Structures

Macros

Typedefs

Enumerations

Functions

Variables

Detailed Description

Macro Definition Documentation

Typedef Documentation

Enumeration Type Documentation

Function Documentation

Variable Documentation