#include "suricata-common.h"#include "suricata.h"#include "detect.h"#include "flow.h"#include "flow-private.h"#include "flow-util.h"#include "flow-worker.h"#include "conf.h"#include "conf-yaml-loader.h"#include "datasets.h"#include "app-layer-parser.h"#include "app-layer-events.h"#include "app-layer-htp.h"#include "detect-parse.h"#include "detect-engine-sigorder.h"#include "detect-engine-build.h"#include "detect-engine-siggroup.h"#include "detect-engine-address.h"#include "detect-engine-port.h"#include "detect-engine-prefilter.h"#include "detect-engine-mpm.h"#include "detect-engine-iponly.h"#include "detect-engine-tag.h"#include "detect-engine-frame.h"#include "detect-engine-file.h"#include "detect-engine.h"#include "detect-engine-state.h"#include "detect-engine-payload.h"#include "detect-fast-pattern.h"#include "detect-byte-extract.h"#include "detect-content.h"#include "detect-uricontent.h"#include "detect-tcphdr.h"#include "detect-engine-threshold.h"#include "detect-engine-content-inspection.h"#include "detect-engine-loader.h"#include "detect-engine-alert.h"#include "util-classification-config.h"#include "util-reference-config.h"#include "util-threshold-config.h"#include "util-error.h"#include "util-hash.h"#include "util-byte.h"#include "util-debug.h"#include "util-unittest.h"#include "util-action.h"#include "util-magic.h"#include "util-signal.h"#include "util-spm.h"#include "util-device-private.h"#include "util-var-name.h"#include "util-path.h"#include "util-profiling.h"#include "util-validate.h"#include "util-hash-string.h"#include "util-enum.h"#include "util-conf.h"#include "tm-threads.h"#include "runmodes.h"#include "reputation.h"#include "util-hash-lookup3.h"Go to the source code of this file.
Data Structures | |
| struct | DetectEngineSyncer_ |
| struct | TenantLoaderCtx_ |
Macros | |
| #define | DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT 3000 |
Typedefs | |
| typedef struct DetectEngineSyncer_ | DetectEngineSyncer |
| typedef struct TenantLoaderCtx_ | TenantLoaderCtx |
Enumerations | |
| enum | DetectEngineSyncState { IDLE, RELOAD } |
Variables | |
| const struct SignatureProperties | signature_properties [SIG_TYPE_MAX] |
Detailed Description
Definition in file detect-engine.c.
Macro Definition Documentation
◆ DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT
| #define DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT 3000 |
Definition at line 96 of file detect-engine.c.
Typedef Documentation
◆ DetectEngineSyncer
| typedef struct DetectEngineSyncer_ DetectEngineSyncer |
◆ TenantLoaderCtx
| typedef struct TenantLoaderCtx_ TenantLoaderCtx |
Enumeration Type Documentation
◆ DetectEngineSyncState
| Enumerator | |
|---|---|
| IDLE | ready to start a reload |
| RELOAD | command main thread to do the reload |
Definition at line 1874 of file detect-engine.c.
Function Documentation
◆ DetectAppLayerInspectEngineRegister()
| void DetectAppLayerInspectEngineRegister | ( | const char * | name, |
| AppProto | alproto, | ||
| uint32_t | dir, | ||
| int | progress, | ||
| InspectEngineFuncPtr | Callback2, | ||
| InspectionBufferGetDataPtr | GetData | ||
| ) |
Registers an app inspection engine.
- Parameters
-
name Name of the detection list alproto App layer protocol for which we will register the engine. direction The direction for the engine: SIG_FLAG_TOSERVER or SIG_FLAG_TOCLIENT progress Minimal progress value for inspect engine to run Callback The engine callback.
Definition at line 273 of file detect-engine.c.
Referenced by DetectFileRegisterFileProtocols(), DetectRegisterAppLayerHookLists(), and SCDetectHelperBufferRegister().
◆ DetectAppLayerInspectEngineRegisterSingle()
| void DetectAppLayerInspectEngineRegisterSingle | ( | const char * | name, |
| AppProto | alproto, | ||
| uint32_t | dir, | ||
| int | progress, | ||
| InspectEngineFuncPtr | Callback, | ||
| InspectionSingleBufferGetDataPtr | GetData | ||
| ) |
Definition at line 295 of file detect-engine.c.
◆ DetectAppLayerMultiRegister()
| void DetectAppLayerMultiRegister | ( | const char * | name, |
| AppProto | alproto, | ||
| uint32_t | dir, | ||
| int | progress, | ||
| InspectionMultiBufferGetDataPtr | GetData, | ||
| int | priority | ||
| ) |
Definition at line 2099 of file detect-engine.c.
◆ DetectBufferIsPresent()
| bool DetectBufferIsPresent | ( | const Signature * | s, |
| const uint32_t | buf_id | ||
| ) |
Definition at line 1503 of file detect-engine.c.
References SignatureInitData_::buffer_index, SignatureInitData_::buffers, SignatureInitDataBuffer_::id, and Signature_::init_data.
◆ DetectBufferTypeCloseRegistration()
| void DetectBufferTypeCloseRegistration | ( | void | ) |
Definition at line 1647 of file detect-engine.c.
References BUG_ON.
◆ DetectBufferTypeGetByName()
| int DetectBufferTypeGetByName | ( | const char * | name | ) |
Definition at line 1278 of file detect-engine.c.
Referenced by DetectEngineAppInspectionEngine2Signature(), DetectFrameMpmRegister(), and DetectPktInspectEngineRegister().
◆ DetectBufferTypeMaxId()
| int DetectBufferTypeMaxId | ( | void | ) |
Definition at line 1035 of file detect-engine.c.
◆ DetectBufferTypeRegister()
| int DetectBufferTypeRegister | ( | const char * | name | ) |
Definition at line 1214 of file detect-engine.c.
References BUG_ON.
Referenced by DetectPktInspectEngineRegister(), and SCDetectHelperBufferRegister().
◆ DetectBufferTypeRegisterSetupCallback()
| void DetectBufferTypeRegisterSetupCallback | ( | const char * | name, |
| void(*)(const DetectEngineCtx *, Signature *) | SetupCallback | ||
| ) |
Definition at line 1463 of file detect-engine.c.
References BUG_ON.
◆ DetectBufferTypeRegisterValidateCallback()
| void DetectBufferTypeRegisterValidateCallback | ( | const char * | name, |
| bool(*)(const Signature *, const char **sigerror, const DetectBufferType *) | ValidateCallback | ||
| ) |
Definition at line 1481 of file detect-engine.c.
References BUG_ON.
◆ DetectBufferTypeSetDescriptionByName()
| void DetectBufferTypeSetDescriptionByName | ( | const char * | name, |
| const char * | desc | ||
| ) |
Definition at line 1375 of file detect-engine.c.
References BUG_ON.
◆ DetectBufferTypeSupportsFrames()
| void DetectBufferTypeSupportsFrames | ( | const char * | name | ) |
Definition at line 1238 of file detect-engine.c.
References BUG_ON.
Referenced by DetectFrameMpmRegister().
◆ DetectBufferTypeSupportsMpm()
| void DetectBufferTypeSupportsMpm | ( | const char * | name | ) |
Definition at line 1258 of file detect-engine.c.
References BUG_ON.
Referenced by DetectFrameMpmRegister().
◆ DetectBufferTypeSupportsMultiInstance()
| void DetectBufferTypeSupportsMultiInstance | ( | const char * | name | ) |
Definition at line 1228 of file detect-engine.c.
References BUG_ON.
◆ DetectBufferTypeSupportsPacket()
| void DetectBufferTypeSupportsPacket | ( | const char * | name | ) |
Definition at line 1248 of file detect-engine.c.
References BUG_ON.
◆ DetectBufferTypeSupportsTransformations()
| void DetectBufferTypeSupportsTransformations | ( | const char * | name | ) |
Definition at line 1268 of file detect-engine.c.
References BUG_ON.
Referenced by DetectFrameMpmRegister().
◆ DetectEngineAddToMaster()
| int DetectEngineAddToMaster | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 4659 of file detect-engine.c.
References de_ctx, and SCLogDebug.
◆ DetectEngineAppInspectionEngine2Signature()
| int DetectEngineAppInspectionEngine2Signature | ( | DetectEngineCtx * | de_ctx, |
| Signature * | s | ||
| ) |
- Note
- for the file inspect engine, the id DE_STATE_ID_FILE_INSPECT is assigned.
Definition at line 801 of file detect-engine.c.
References SignatureInitData_::buffer_index, SignatureInitData_::buffers, de_ctx, DE_STATE_FLAG_BASE, DetectBufferTypeGetByName(), DetectEngineBufferTypeGetById(), FatalError, DetectBufferType_::frame, DetectEngineCtx_::frame_inspect_engines, SignatureInitDataBuffer_::head, SignatureInitDataBuffer_::id, Signature_::id, Signature_::init_data, SignatureInitData_::mpm_sm, SignatureInitData_::mpm_sm_list, DetectEngineFrameInspectionEngine::next, SCLogDebug, SigMatchList2DataArray(), and DetectEngineFrameInspectionEngine::sm_list.
◆ DetectEngineAppInspectionEngineSignatureFree()
| void DetectEngineAppInspectionEngineSignatureFree | ( | DetectEngineCtx * | de_ctx, |
| Signature * | s | ||
| ) |
free app inspect engines for a signature
For lists that are registered multiple times, like http_header and http_cookie, making the engines owner of the lists is complicated. Multiple engines in a sig may be pointing to the same list. To address this the 'free' code needs to be extra careful about not double freeing, so it takes an approach to first fill an array of the to-free pointers before freeing them.
Definition at line 929 of file detect-engine.c.
References Signature_::app_inspect, BUG_ON, SigMatchData_::ctx, de_ctx, Signature_::frame_inspect, SigTableElmt_::Free, SigMatchData_::is_last, next, DetectEngineAppInspectionEngine_::next, DetectEnginePktInspectionEngine::next, DetectEngineFrameInspectionEngine::next, Signature_::pkt_inspect, SCFree, sigmatch_table, DetectEngineAppInspectionEngine_::smd, DetectEnginePktInspectionEngine::smd, DetectEngineFrameInspectionEngine::smd, and SigMatchData_::type.
◆ DetectEngineBufferRunSetupCallback()
| void DetectEngineBufferRunSetupCallback | ( | const DetectEngineCtx * | de_ctx, |
| const int | id, | ||
| Signature * | s | ||
| ) |
Definition at line 1473 of file detect-engine.c.
References de_ctx, DetectEngineBufferTypeGetById(), and DetectBufferType_::SetupCallback.
◆ DetectEngineBufferRunValidateCallback()
| bool DetectEngineBufferRunValidateCallback | ( | const DetectEngineCtx * | de_ctx, |
| const int | id, | ||
| const Signature * | s, | ||
| const char ** | sigerror | ||
| ) |
Definition at line 1492 of file detect-engine.c.
References DetectEngineTransforms::cnt, de_ctx, DetectEngineBufferTypeGetById(), DetectBufferType_::transforms, and DetectBufferType_::ValidateCallback.
◆ DetectEngineBufferTypeGetById()
| const DetectBufferType* DetectEngineBufferTypeGetById | ( | const DetectEngineCtx * | de_ctx, |
| const int | id | ||
| ) |
Definition at line 1298 of file detect-engine.c.
References DetectEngineCtx_::buffer_type_hash_id, de_ctx, HashListTableLookup(), DetectBufferType_::id, and id.
Referenced by DetectEngineAppInspectionEngine2Signature(), DetectEngineBufferRunSetupCallback(), DetectEngineBufferRunValidateCallback(), DetectEngineBufferTypeGetByIdTransforms(), DetectEngineBufferTypeGetDescriptionById(), DetectEngineBufferTypeGetNameById(), DetectEngineBufferTypeSupportsFramesGetById(), DetectEngineBufferTypeSupportsMpmGetById(), DetectEngineBufferTypeSupportsMultiInstanceGetById(), DetectEngineBufferTypeSupportsPacketGetById(), and DetectEngineBufferTypeValidateTransform().
◆ DetectEngineBufferTypeGetByIdTransforms()
| int DetectEngineBufferTypeGetByIdTransforms | ( | DetectEngineCtx * | de_ctx, |
| const int | id, | ||
| TransformData * | transforms, | ||
| int | transform_cnt | ||
| ) |
Definition at line 1654 of file detect-engine.c.
References DetectEngineTransforms::cnt, de_ctx, DetectEngineBufferTypeGetById(), DetectBufferType_::name, SCLogDebug, SCLogError, strlcpy(), DetectBufferType_::supports_transforms, DetectEngineTransforms::transforms, and DetectBufferType_::transforms.
Referenced by DetectBufferGetActiveList().
◆ DetectEngineBufferTypeGetDescriptionById()
| const char* DetectEngineBufferTypeGetDescriptionById | ( | const DetectEngineCtx * | de_ctx, |
| const int | id | ||
| ) |
Definition at line 1386 of file detect-engine.c.
References de_ctx, DetectBufferType_::description, and DetectEngineBufferTypeGetById().
Referenced by EngineAnalysisFP().
◆ DetectEngineBufferTypeGetNameById()
| const char* DetectEngineBufferTypeGetNameById | ( | const DetectEngineCtx * | de_ctx, |
| const int | id | ||
| ) |
Definition at line 1308 of file detect-engine.c.
References de_ctx, DetectEngineBufferTypeGetById(), and DetectBufferType_::name.
Referenced by DumpPatterns(), EngineAnalysisFP(), and EngineAnalysisRules2().
◆ DetectEngineBufferTypeRegister()
| int DetectEngineBufferTypeRegister | ( | DetectEngineCtx * | de_ctx, |
| const char * | name | ||
| ) |
Definition at line 1365 of file detect-engine.c.
Referenced by DetectEngineFrameInspectEngineRegister(), and DetectEngineFrameMpmRegister().
◆ DetectEngineBufferTypeRegisterWithFrameEngines()
| int DetectEngineBufferTypeRegisterWithFrameEngines | ( | DetectEngineCtx * | de_ctx, |
| const char * | name, | ||
| const int | direction, | ||
| const AppProto | alproto, | ||
| const uint8_t | frame_type | ||
| ) |
Definition at line 1331 of file detect-engine.c.
◆ DetectEngineBufferTypeSupportsFrames()
| void DetectEngineBufferTypeSupportsFrames | ( | DetectEngineCtx * | de_ctx, |
| const char * | name | ||
| ) |
Definition at line 1395 of file detect-engine.c.
Referenced by DetectEngineFrameMpmRegister().
◆ DetectEngineBufferTypeSupportsFramesGetById()
| bool DetectEngineBufferTypeSupportsFramesGetById | ( | const DetectEngineCtx * | de_ctx, |
| const int | id | ||
| ) |
Definition at line 1454 of file detect-engine.c.
References de_ctx, DetectEngineBufferTypeGetById(), DetectBufferType_::frame, and SCLogDebug.
◆ DetectEngineBufferTypeSupportsMpm()
| void DetectEngineBufferTypeSupportsMpm | ( | DetectEngineCtx * | de_ctx, |
| const char * | name | ||
| ) |
Definition at line 1411 of file detect-engine.c.
Referenced by DetectEngineFrameMpmRegister().
◆ DetectEngineBufferTypeSupportsMpmGetById()
| bool DetectEngineBufferTypeSupportsMpmGetById | ( | const DetectEngineCtx * | de_ctx, |
| const int | id | ||
| ) |
Definition at line 1445 of file detect-engine.c.
References de_ctx, DetectEngineBufferTypeGetById(), DetectBufferType_::mpm, and SCLogDebug.
Referenced by DetectGetLastSMFromMpmLists(), and FastPatternSupportEnabledForSigMatchList().
◆ DetectEngineBufferTypeSupportsMultiInstanceGetById()
| bool DetectEngineBufferTypeSupportsMultiInstanceGetById | ( | const DetectEngineCtx * | de_ctx, |
| const int | id | ||
| ) |
Definition at line 1427 of file detect-engine.c.
References BOOL2STR, de_ctx, DetectEngineBufferTypeGetById(), DetectBufferType_::multi_instance, and SCLogDebug.
Referenced by DetectBufferGetActiveList().
◆ DetectEngineBufferTypeSupportsPacket()
| void DetectEngineBufferTypeSupportsPacket | ( | DetectEngineCtx * | de_ctx, |
| const char * | name | ||
| ) |
Definition at line 1403 of file detect-engine.c.
◆ DetectEngineBufferTypeSupportsPacketGetById()
| bool DetectEngineBufferTypeSupportsPacketGetById | ( | const DetectEngineCtx * | de_ctx, |
| const int | id | ||
| ) |
Definition at line 1436 of file detect-engine.c.
References de_ctx, DetectEngineBufferTypeGetById(), DetectBufferType_::packet, and SCLogDebug.
◆ DetectEngineBufferTypeSupportsTransformations()
| void DetectEngineBufferTypeSupportsTransformations | ( | DetectEngineCtx * | de_ctx, |
| const char * | name | ||
| ) |
Definition at line 1419 of file detect-engine.c.
Referenced by DetectEngineFrameMpmRegister().
◆ DetectEngineBufferTypeValidateTransform()
| bool DetectEngineBufferTypeValidateTransform | ( | DetectEngineCtx * | de_ctx, |
| int | sm_list, | ||
| const uint8_t * | content, | ||
| uint16_t | content_len, | ||
| const char ** | namestr | ||
| ) |
Check content byte array compatibility with transforms.
The "content" array is presented to the transforms so that each transform may validate that it's compatible with the transform.
When a transform indicates the byte array is incompatible, none of the subsequent transforms, if any, are invoked. This means the first validation failure terminates the loop.
- Parameters
-
de_ctx Detection engine context. sm_list The SM list id. content The byte array being validated namestr returns the name of the transform that is incompatible with content.
- Return values
-
true (false) If any of the transforms indicate the byte array is (is not) compatible.
Definition at line 1531 of file detect-engine.c.
References BUG_ON, DetectEngineTransforms::cnt, de_ctx, DetectEngineBufferTypeGetById(), SigTableElmt_::name, TransformData_::options, sigmatch_table, TransformData_::transform, DetectEngineTransforms::transforms, DetectBufferType_::transforms, and SigTableElmt_::TransformValidate.
Referenced by DetectContentSetup().
◆ DetectEngineBumpVersion()
| void DetectEngineBumpVersion | ( | void | ) |
Definition at line 3824 of file detect-engine.c.
◆ DetectEngineClearMaster()
| void DetectEngineClearMaster | ( | void | ) |
Definition at line 4759 of file detect-engine.c.
Referenced by GlobalsDestroy().
◆ DetectEngineCtxFree()
| void DetectEngineCtxFree | ( | DetectEngineCtx * | de_ctx | ) |
Free a DetectEngineCtx::
- Parameters
-
de_ctx DetectEngineCtx:: to be freed
Definition at line 2634 of file detect-engine.c.
References MpmTableElmt_::ConfigDeinit, de_ctx, DetectEngineFreeFastPatternList(), DetectParseDupSigHashFree(), DetectEngineCtx_::filedata_config, DetectEngineCtx_::mpm_cfg, DetectEngineCtx_::mpm_matcher, mpm_table, MpmFactoryDeRegisterAllMpmCtxProfiles(), MpmStoreFree(), DetectEngineCtx_::profile_keyword_ctx, DetectEngineCtx_::profile_sgh_ctx, SCClassConfDeInitContext(), SCFree, SCProfilingKeywordDestroyCtx(), SCProfilingPrefilterDestroyCtx(), SCProfilingSghDestroyCtx(), SCRConfDeInitContext(), SCSigSignatureOrderingModuleCleanup(), DetectEngineCtx_::sig_array, SigCleanSignatures(), SigGroupCleanup(), SigGroupHeadHashFree(), DetectEngineCtx_::sm_types_prefilter, DetectEngineCtx_::sm_types_silent_error, DetectEngineCtx_::spm_global_thread_ctx, and SpmDestroyGlobalThreadCtx().
Referenced by LLVMFuzzerTestOneInput(), UTHGenericTest(), UTHPacketMatchSig(), UTHPacketMatchSigMpm(), and UTHParseSignature().
◆ DetectEngineCtxInit()
| DetectEngineCtx* DetectEngineCtxInit | ( | void | ) |
Definition at line 2595 of file detect-engine.c.
Referenced by DetectEngineCtxInitWithPrefix(), LLVMFuzzerTestOneInput(), UTHGenericTest(), UTHPacketMatchSig(), UTHPacketMatchSigMpm(), and UTHParseSignature().
◆ DetectEngineCtxInitStubForDD()
| DetectEngineCtx* DetectEngineCtxInitStubForDD | ( | void | ) |
Definition at line 2590 of file detect-engine.c.
◆ DetectEngineCtxInitStubForMT()
| DetectEngineCtx* DetectEngineCtxInitStubForMT | ( | void | ) |
Definition at line 2585 of file detect-engine.c.
◆ DetectEngineCtxInitWithPrefix()
| DetectEngineCtx* DetectEngineCtxInitWithPrefix | ( | const char * | prefix, |
| uint32_t | tenant_id | ||
| ) |
Definition at line 2600 of file detect-engine.c.
References DetectEngineCtxInit().
◆ DetectEngineDeReference()
| void DetectEngineDeReference | ( | DetectEngineCtx ** | de_ctx | ) |
Definition at line 4635 of file detect-engine.c.
References de_ctx, and DEBUG_VALIDATE_BUG_ON.
Referenced by GlobalsDestroy(), and SCDetectEngineRegisterRateFilterCallback().
◆ DetectEngineEnabled()
| int DetectEngineEnabled | ( | void | ) |
Check if detection is enabled.
- Return values
-
bool true or false
Definition at line 3800 of file detect-engine.c.
◆ DetectEngineFrameInspectEngineRegister()
| void DetectEngineFrameInspectEngineRegister | ( | DetectEngineCtx * | de_ctx, |
| const char * | name, | ||
| int | dir, | ||
| InspectionBufferFrameInspectFunc | Callback, | ||
| AppProto | alproto, | ||
| uint8_t | type | ||
| ) |
register inspect engine at start up time
- Note
- errors are fatal
Definition at line 451 of file detect-engine.c.
References DetectEngineFrameInspectionEngine::alproto, BUG_ON, DetectEngineFrameInspectionEngine::Callback, de_ctx, DETECT_SM_LIST_MATCH, DetectEngineBufferTypeRegister(), DetectEngineFrameInspectionEngine::dir, FatalError, DetectEngineCtx_::frame_inspect_engines, name, SCCalloc, SCLogError, SIG_FLAG_TOSERVER, DetectEngineFrameInspectionEngine::sm_list, DetectEngineFrameInspectionEngine::sm_list_base, type, DetectEngineFrameInspectionEngine::type, unlikely, and DetectEngineFrameInspectionEngine::v1.
◆ DetectEngineGetByTenantId()
| DetectEngineCtx* DetectEngineGetByTenantId | ( | uint32_t | tenant_id | ) |
Definition at line 4609 of file detect-engine.c.
◆ DetectEngineGetCurrent()
| DetectEngineCtx* DetectEngineGetCurrent | ( | void | ) |
Definition at line 3833 of file detect-engine.c.
Referenced by DetectEngineThreadCtxInit(), GlobalsDestroy(), and SCDetectEngineRegisterRateFilterCallback().
◆ DetectEngineGetVersion()
| uint32_t DetectEngineGetVersion | ( | void | ) |
Definition at line 3814 of file detect-engine.c.
References version.
◆ DetectEngineInspectBufferGeneric()
| uint8_t DetectEngineInspectBufferGeneric | ( | DetectEngineCtx * | de_ctx, |
| DetectEngineThreadCtx * | det_ctx, | ||
| const DetectEngineAppInspectionEngine * | engine, | ||
| const Signature * | s, | ||
| Flow * | f, | ||
| uint8_t | flags, | ||
| void * | alstate, | ||
| void * | txv, | ||
| uint64_t | tx_id | ||
| ) |
Do the content inspection & validation for a signature.
- Parameters
-
de_ctx Detection engine context det_ctx Detection engine thread context s Signature to inspect f Flow flags app layer flags state App layer state
- Return values
-
0 no match. 1 match. 2 Sig can't match.
Definition at line 2049 of file detect-engine.c.
References Flow_::alproto, AppLayerParserGetStateProgress(), de_ctx, DETECT_CI_FLAGS_END, DETECT_CI_FLAGS_START, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, DETECT_ENGINE_INSPECT_SIG_CANT_MATCH, DETECT_ENGINE_INSPECT_SIG_MATCH, DETECT_ENGINE_INSPECT_SIG_NO_MATCH, DetectEngineContentInspection(), flags, InspectionBuffer::flags, DetectEngineAppInspectionEngine_::GetData, InspectionBuffer::inspect, InspectionBuffer::inspect_len, InspectionBuffer::inspect_offset, DetectEngineAppInspectionEngine_::match_on_null, DetectEngineAppInspectionEngine_::mpm, offset, DetectEngineAppInspectionEngine_::progress, Flow_::proto, SCLogDebug, DetectEngineAppInspectionEngine_::sm_list, DetectEngineAppInspectionEngine_::smd, DetectEngineAppInspectionEngine_::transforms, unlikely, and DetectEngineAppInspectionEngine_::v2.
◆ DetectEngineInspectBufferSingle()
| uint8_t DetectEngineInspectBufferSingle | ( | DetectEngineCtx * | de_ctx, |
| DetectEngineThreadCtx * | det_ctx, | ||
| const DetectEngineAppInspectionEngine * | engine, | ||
| const Signature * | s, | ||
| Flow * | f, | ||
| uint8_t | flags, | ||
| void * | alstate, | ||
| void * | txv, | ||
| uint64_t | tx_id | ||
| ) |
Do the content inspection & validation for a signature.
- Parameters
-
de_ctx Detection engine context det_ctx Detection engine thread context s Signature to inspect f Flow flags app layer flags state App layer state
- Return values
-
0 no match. 1 match. 2 Sig can't match.
Definition at line 1988 of file detect-engine.c.
References Flow_::alproto, AppLayerParserGetStateProgress(), de_ctx, DETECT_CI_FLAGS_END, DETECT_CI_FLAGS_START, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, DETECT_ENGINE_INSPECT_SIG_CANT_MATCH, DETECT_ENGINE_INSPECT_SIG_MATCH, DETECT_ENGINE_INSPECT_SIG_NO_MATCH, DetectEngineContentInspection(), DetectGetSingleData(), flags, InspectionBuffer::flags, DetectEngineAppInspectionEngine_::GetDataSingle, InspectionBuffer::inspect, InspectionBuffer::inspect_len, InspectionBuffer::inspect_offset, DetectEngineAppInspectionEngine_::match_on_null, DetectEngineAppInspectionEngine_::mpm, offset, DetectEngineAppInspectionEngine_::progress, Flow_::proto, SCLogDebug, DetectEngineAppInspectionEngine_::sm_list, DetectEngineAppInspectionEngine_::smd, DetectEngineAppInspectionEngine_::transforms, unlikely, and DetectEngineAppInspectionEngine_::v2.
◆ DetectEngineInspectGenericList()
| uint8_t DetectEngineInspectGenericList | ( | DetectEngineCtx * | de_ctx, |
| DetectEngineThreadCtx * | det_ctx, | ||
| const struct DetectEngineAppInspectionEngine_ * | engine, | ||
| const Signature * | s, | ||
| Flow * | f, | ||
| uint8_t | flags, | ||
| void * | alstate, | ||
| void * | txv, | ||
| uint64_t | tx_id | ||
| ) |
Do the content inspection & validation for a signature.
- Parameters
-
de_ctx Detection engine context det_ctx Detection engine thread context s Signature to inspect sm SigMatch to inspect f Flow flags app layer flags state App layer state
- Return values
-
0 no match 1 match
Definition at line 1946 of file detect-engine.c.
References SigMatchData_::ctx, DETECT_ENGINE_INSPECT_SIG_CANT_MATCH, DETECT_ENGINE_INSPECT_SIG_MATCH, DETECT_ENGINE_INSPECT_SIG_NO_MATCH, flags, SigMatchData_::is_last, KEYWORD_PROFILING_END, KEYWORD_PROFILING_START, SCLogDebug, sigmatch_table, DetectEngineAppInspectionEngine_::smd, and SigMatchData_::type.
Referenced by DetectRegisterAppLayerHookLists(), and SCDetectHelperBufferRegister().
◆ DetectEngineInspectMultiBufferGeneric()
| uint8_t DetectEngineInspectMultiBufferGeneric | ( | DetectEngineCtx * | de_ctx, |
| DetectEngineThreadCtx * | det_ctx, | ||
| const DetectEngineAppInspectionEngine * | engine, | ||
| const Signature * | s, | ||
| Flow * | f, | ||
| uint8_t | flags, | ||
| void * | alstate, | ||
| void * | txv, | ||
| uint64_t | tx_id | ||
| ) |
Definition at line 2149 of file detect-engine.c.
References Flow_::alproto, AppLayerParserGetStateProgress(), de_ctx, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, DETECT_ENGINE_INSPECT_SIG_MATCH, DETECT_ENGINE_INSPECT_SIG_NO_MATCH, DetectEngineContentInspectionBuffer(), DetectGetMultiData(), flags, DetectEngineAppInspectionEngine_::GetMultiData, InspectionBuffer::inspect, DetectEngineAppInspectionEngine_::match_on_null, DetectEngineAppInspectionEngine_::mpm, DetectEngineAppInspectionEngine_::progress, Flow_::proto, DetectEngineAppInspectionEngine_::sm_list, DetectEngineAppInspectionEngine_::smd, DetectEngineAppInspectionEngine_::transforms, and DetectEngineAppInspectionEngine_::v2.
◆ DetectEngineInspectPktBufferGeneric()
| int DetectEngineInspectPktBufferGeneric | ( | DetectEngineThreadCtx * | det_ctx, |
| const DetectEnginePktInspectionEngine * | engine, | ||
| const Signature * | s, | ||
| Packet * | p, | ||
| uint8_t * | _alert_flags | ||
| ) |
Do the content inspection & validation for a signature.
- Parameters
-
de_ctx Detection engine context det_ctx Detection engine thread context s Signature to inspect p Packet
- Return values
-
0 no match. 1 match.
Definition at line 2197 of file detect-engine.c.
References DetectEngineThreadCtx_::de_ctx, DETECT_CI_FLAGS_END, DETECT_CI_FLAGS_START, DETECT_ENGINE_CONTENT_INSPECTION_MODE_HEADER, DETECT_ENGINE_INSPECT_SIG_MATCH, DETECT_ENGINE_INSPECT_SIG_NO_MATCH, DetectEngineContentInspection(), InspectionBuffer::flags, Packet_::flow, DetectEnginePktInspectionEngine::GetData, InspectionBuffer::inspect, InspectionBuffer::inspect_len, DetectEnginePktInspectionEngine::mpm, SCLogDebug, DetectEnginePktInspectionEngine::sm_list, DetectEnginePktInspectionEngine::smd, DetectEnginePktInspectionEngine::transforms, unlikely, and DetectEnginePktInspectionEngine::v1.
◆ DetectEngineLoadTenantBlocking()
| int DetectEngineLoadTenantBlocking | ( | uint32_t | tenant_id, |
| const char * | yaml | ||
| ) |
Load a tenant and wait for loading to complete.
Definition at line 4130 of file detect-engine.c.
◆ DetectEngineMoveToFreeList()
| int DetectEngineMoveToFreeList | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 4719 of file detect-engine.c.
Referenced by GlobalsDestroy().
◆ DetectEngineMpmCachingEnabled()
| bool DetectEngineMpmCachingEnabled | ( | void | ) |
Definition at line 2455 of file detect-engine.c.
References SCConfGetBool().
Referenced by DetectEngineMpmCachingGetPath().
◆ DetectEngineMpmCachingGetPath()
| const char* DetectEngineMpmCachingGetPath | ( | void | ) |
Definition at line 2464 of file detect-engine.c.
References DetectEngineMpmCachingEnabled(), SCConfGet(), and SCLogInfo.
◆ DetectEngineMTApply()
| int DetectEngineMTApply | ( | void | ) |
Definition at line 4915 of file detect-engine.c.
◆ DetectEngineMultiTenantEnabled()
| bool DetectEngineMultiTenantEnabled | ( | void | ) |
Definition at line 3870 of file detect-engine.c.
◆ DetectEngineMultiTenantSetup()
| int DetectEngineMultiTenantSetup | ( | const bool | unix_socket | ) |
setup multi-detect / multi-tenancy
See if MT is enabled. If so, setup the selector, tenants and mappings. Tenants and mappings are optional, and can also dynamically be added and removed from the unix socket.
Definition at line 4293 of file detect-engine.c.
References TENANT_SELECTOR_UNKNOWN.
◆ DetectEngineMustParseMetadata()
| int DetectEngineMustParseMetadata | ( | void | ) |
Definition at line 4982 of file detect-engine.c.
Referenced by DetectMetadataHashInit().
◆ DetectEnginePktInspectionRun()
| bool DetectEnginePktInspectionRun | ( | ThreadVars * | tv, |
| DetectEngineThreadCtx * | det_ctx, | ||
| const Signature * | s, | ||
| Flow * | f, | ||
| Packet * | p, | ||
| uint8_t * | alert_flags | ||
| ) |
Definition at line 1804 of file detect-engine.c.
References DetectEnginePktInspectionEngine::Callback, DETECT_ENGINE_INSPECT_SIG_MATCH, Signature_::id, DetectEnginePktInspectionEngine::next, Signature_::pkt_inspect, SCEnter, SCLogDebug, and DetectEnginePktInspectionEngine::v1.
◆ DetectEnginePktInspectionSetup()
| int DetectEnginePktInspectionSetup | ( | Signature * | s | ) |
Definition at line 1852 of file detect-engine.c.
References DETECT_SM_LIST_PMATCH, Signature_::init_data, SignatureInitData_::init_flags, SIG_FLAG_INIT_STATE_MATCH, and Signature_::sm_arrays.
◆ DetectEnginePruneFreeList()
| void DetectEnginePruneFreeList | ( | void | ) |
Definition at line 4729 of file detect-engine.c.
◆ DetectEngineReference()
| DetectEngineCtx* DetectEngineReference | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 3856 of file detect-engine.c.
References de_ctx, and DetectEngineCtx_::ref_cnt.
Referenced by DetectEngineThreadCtxInitForReload().
◆ DetectEngineRegisterTests()
| void DetectEngineRegisterTests | ( | void | ) |
Definition at line 5297 of file detect-engine.c.
References UtRegisterTest().
◆ DetectEngineReload()
| int DetectEngineReload | ( | const SCInstance * | suri | ) |
Reload the detection engine.
- Parameters
-
filename YAML file to load for the detect config
- Return values
-
-1 error 0 ok
Definition at line 4786 of file detect-engine.c.
References SCInstance_::conf_filename, and SCLogNotice.
Referenced by SuricataMainLoop().
◆ DetectEngineReloadIsIdle()
| int DetectEngineReloadIsIdle | ( | void | ) |
Definition at line 1922 of file detect-engine.c.
References SCMutexLock.
◆ DetectEngineReloadIsStart()
| int DetectEngineReloadIsStart | ( | void | ) |
Definition at line 1902 of file detect-engine.c.
References SCMutexLock.
Referenced by SuricataMainLoop().
◆ DetectEngineReloadSetIdle()
| void DetectEngineReloadSetIdle | ( | void | ) |
Definition at line 1914 of file detect-engine.c.
References SCMutexLock.
Referenced by SuricataMainLoop().
◆ DetectEngineReloadStart()
| int DetectEngineReloadStart | ( | void | ) |
Definition at line 1888 of file detect-engine.c.
References SCMutexLock.
Referenced by SuricataMainLoop().
◆ DetectEngineReloadTenantBlocking()
| int DetectEngineReloadTenantBlocking | ( | uint32_t | tenant_id, |
| const char * | yaml, | ||
| int | reload_cnt | ||
| ) |
Reload a tenant and wait for loading to complete.
Definition at line 4144 of file detect-engine.c.
◆ DetectEngineReloadTenantsBlocking()
| int DetectEngineReloadTenantsBlocking | ( | const int | reload_cnt | ) |
Reload all tenants and wait for loading to complete.
Definition at line 4158 of file detect-engine.c.
◆ DetectEngineResetMaxSigId()
| void DetectEngineResetMaxSigId | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 3046 of file detect-engine.c.
References de_ctx, and DetectEngineCtx_::signum.
Referenced by SigCleanSignatures().
◆ DetectEngineSetEvent()
| void DetectEngineSetEvent | ( | DetectEngineThreadCtx * | det_ctx, |
| uint8_t | e | ||
| ) |
Definition at line 5016 of file detect-engine.c.
References DetectEngineThreadCtx_::decoder_events, DetectEngineThreadCtx_::events, and SCAppLayerDecoderEventsSetEventRaw().
Referenced by FileSwfDecompression(), FileSwfLzmaDecompression(), FileSwfZlibDecompression(), InspectionBufferMultipleForListGet(), and PostRuleMatchWorkQueueAppend().
◆ DetectEngineSetParseMetadata()
| void DetectEngineSetParseMetadata | ( | void | ) |
Definition at line 4972 of file detect-engine.c.
◆ DetectEngineTenantRegisterLivedev()
| int DetectEngineTenantRegisterLivedev | ( | uint32_t | tenant_id, |
| int | device_id | ||
| ) |
Definition at line 4576 of file detect-engine.c.
◆ DetectEngineTenantRegisterPcapFile()
| int DetectEngineTenantRegisterPcapFile | ( | uint32_t | tenant_id | ) |
Definition at line 4592 of file detect-engine.c.
References SCLogInfo, and TENANT_SELECTOR_DIRECT.
◆ DetectEngineTenantRegisterVlanId()
| int DetectEngineTenantRegisterVlanId | ( | uint32_t | tenant_id, |
| uint16_t | vlan_id | ||
| ) |
Definition at line 4582 of file detect-engine.c.
◆ DetectEngineTenantUnregisterPcapFile()
| int DetectEngineTenantUnregisterPcapFile | ( | uint32_t | tenant_id | ) |
Definition at line 4598 of file detect-engine.c.
References SCLogInfo, and TENANT_SELECTOR_DIRECT.
◆ DetectEngineTenantUnregisterVlanId()
| int DetectEngineTenantUnregisterVlanId | ( | uint32_t | tenant_id, |
| uint16_t | vlan_id | ||
| ) |
Definition at line 4587 of file detect-engine.c.
◆ DetectEngineThreadCtxDeinit()
| TmEcode DetectEngineThreadCtxDeinit | ( | ThreadVars * | tv, |
| void * | data | ||
| ) |
Definition at line 3596 of file detect-engine.c.
References HashTableFree(), DetectEngineThreadCtx_::mt_det_ctxs_hash, SCLogWarning, and TM_ECODE_OK.
Referenced by DetectEngineThreadCtxInit(), UTHMatchPackets(), UTHMatchPacketsWithResults(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().
◆ DetectEngineThreadCtxGetJsonContext()
| int DetectEngineThreadCtxGetJsonContext | ( | DetectEngineThreadCtx * | det_ctx | ) |
Definition at line 5071 of file detect-engine.c.
References DetectEngineThreadCtx_::json_content, DetectEngineThreadCtx_::json_content_capacity, DetectEngineThreadCtx_::json_content_len, SCLogDebug, SCRealloc, SIG_JSON_CONTENT_ARRAY_LEN, and unlikely.
◆ DetectEngineThreadCtxInit()
| TmEcode DetectEngineThreadCtxInit | ( | ThreadVars * | tv, |
| void * | initdata, | ||
| void ** | data | ||
| ) |
initialize thread specific detection engine context
- Note
- there is a special case when using delayed detect. In this case the function is called twice per thread. The first time the rules are not yet loaded. de_ctx->delayed_detect_initialized will be 0. The 2nd time they will be loaded. de_ctx->delayed_detect_initialized will be 1. This is needed to do the per thread counter registration before the packet runtime starts. In delayed detect mode, the first call will return a NULL ptr through the data ptr.
- Parameters
-
tv ThreadVars for this thread initdata pointer to de_ctx data[out] pointer to store our thread detection ctx
- Return values
-
TM_ECODE_OK if all went well TM_ECODE_FAILED on serious errors
alert counter setup
Definition at line 3364 of file detect-engine.c.
References DetectEngineThreadCtx_::de_ctx, DETECT_ENGINE_TYPE_NORMAL, DETECT_ENGINE_TYPE_TENANT, DetectEngineGetCurrent(), DetectEngineThreadCtxDeinit(), RunmodeIsUnittests(), SCCalloc, TM_ECODE_FAILED, tv, DetectEngineThreadCtx_::tv, DetectEngineCtx_::type, and unlikely.
Referenced by UTHMatchPackets(), UTHMatchPacketsWithResults(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().
◆ DetectEngineThreadCtxInitForReload()
| DetectEngineThreadCtx* DetectEngineThreadCtxInitForReload | ( | ThreadVars * | tv, |
| DetectEngineCtx * | new_de_ctx, | ||
| int | mt | ||
| ) |
alert counter setup
Definition at line 3449 of file detect-engine.c.
References DetectEngineThreadCtx_::de_ctx, DETECT_ENGINE_TYPE_NORMAL, DETECT_ENGINE_TYPE_TENANT, DetectEngineReference(), SCCalloc, SCFree, DetectEngineCtx_::tenant_id, DetectEngineThreadCtx_::tenant_id, tv, DetectEngineThreadCtx_::tv, DetectEngineCtx_::type, and unlikely.
◆ DetectEngineUnsetParseMetadata()
| void DetectEngineUnsetParseMetadata | ( | void | ) |
Definition at line 4977 of file detect-engine.c.
◆ DetectGetMultiData()
| InspectionBuffer* DetectGetMultiData | ( | struct DetectEngineThreadCtx_ * | det_ctx, |
| const DetectEngineTransforms * | transforms, | ||
| Flow * | f, | ||
| const uint8_t | flow_flags, | ||
| void * | txv, | ||
| const int | list_id, | ||
| uint32_t | index, | ||
| InspectionMultiBufferGetDataPtr | GetBuf | ||
| ) |
Definition at line 2125 of file detect-engine.c.
References DETECT_CI_FLAGS_SINGLE, InspectionBuffer::flags, InspectionBuffer::initialized, InspectionBufferMultipleForListGet(), InspectionBufferSetupMulti(), and InspectionBufferSetupMultiEmpty().
Referenced by DetectEngineInspectMultiBufferGeneric().
◆ DetectGetSingleData()
| InspectionBuffer* DetectGetSingleData | ( | struct DetectEngineThreadCtx_ * | det_ctx, |
| const DetectEngineTransforms * | transforms, | ||
| Flow * | f, | ||
| const uint8_t | flow_flags, | ||
| void * | txv, | ||
| const int | list_id, | ||
| InspectionSingleBufferGetDataPtr | GetBuf | ||
| ) |
Definition at line 2108 of file detect-engine.c.
References InspectionBuffer::inspect, InspectionBufferGet(), and InspectionBufferSetupAndApplyTransforms().
Referenced by DetectEngineInspectBufferSingle().
◆ DetectMd5ValidateCallback()
| bool DetectMd5ValidateCallback | ( | const Signature * | s, |
| const char ** | sigerror, | ||
| const DetectBufferType * | map | ||
| ) |
Definition at line 5022 of file detect-engine.c.
References SignatureInitData_::buffer_index, SignatureInitData_::buffers, DetectContentData_::content, DetectContentData_::content_len, SigMatch_::ctx, DETECT_CONTENT, DETECT_CONTENT_NOCASE, DetectContentData_::flags, SignatureInitDataBuffer_::head, DetectBufferType_::id, SignatureInitDataBuffer_::id, Signature_::id, Signature_::init_data, DetectBufferType_::name, SigMatch_::next, SCLogError, SCLogWarning, and SigMatch_::type.
◆ DetectPktInspectEngineRegister()
| void DetectPktInspectEngineRegister | ( | const char * | name, |
| InspectionBufferGetPktDataPtr | GetPktData, | ||
| InspectionBufferPktInspectFunc | Callback | ||
| ) |
register inspect engine at start up time
- Note
- errors are fatal
Definition at line 156 of file detect-engine.c.
References BUG_ON, DetectEnginePktInspectionEngine::Callback, DETECT_SM_LIST_MATCH, DetectBufferTypeGetByName(), DetectBufferTypeRegister(), FatalError, DetectEnginePktInspectionEngine::GetData, name, SCCalloc, SCLogError, DetectEnginePktInspectionEngine::sm_list, DetectEnginePktInspectionEngine::sm_list_base, unlikely, and DetectEnginePktInspectionEngine::v1.
◆ DetectRegisterThreadCtxFuncs()
| int DetectRegisterThreadCtxFuncs | ( | DetectEngineCtx * | de_ctx, |
| const char * | name, | ||
| void *(*)(void *) | InitFunc, | ||
| void * | data, | ||
| void(*)(void *) | FreeFunc, | ||
| int | mode | ||
| ) |
Register Thread keyword context Funcs.
- Parameters
-
de_ctx detection engine to register in name keyword name for error printing InitFunc function ptr data keyword init data to pass to Func. Can be NULL. FreeFunc function ptr mode 0 normal (ctx per keyword instance) 1 shared (one ctx per det_ct)
- Return values
-
id for retrieval of ctx at runtime -1 on error
- Note
- make sure "data" remains valid and it free'd elsewhere. It's recommended to store it in the keywords global ctx so that it's freed when the de_ctx is freed.
Definition at line 3654 of file detect-engine.c.
References BUG_ON, de_ctx, HashListTableInit(), and DetectEngineCtx_::keyword_hash.
◆ DetectRegisterThreadCtxGlobalFuncs()
| int DetectRegisterThreadCtxGlobalFuncs | ( | const char * | name, |
| void *(*)(void *) | InitFunc, | ||
| void * | data, | ||
| void(*)(void *) | FreeFunc | ||
| ) |
Register Thread keyword context Funcs (Global)
IDs stay static over reloads and between tenants
- Parameters
-
name keyword name for error printing InitFunc function ptr FreeFunc function ptr
- Return values
-
id for retrieval of ctx at runtime -1 on error
Definition at line 3744 of file detect-engine.c.
◆ DetectSigmatchListEnumToString()
| const char* DetectSigmatchListEnumToString | ( | enum DetectSigmatchListEnum | type | ) |
Definition at line 4987 of file detect-engine.c.
References DETECT_SM_LIST_BASE64_DATA, DETECT_SM_LIST_MATCH, DETECT_SM_LIST_MAX, DETECT_SM_LIST_PMATCH, DETECT_SM_LIST_POSTMATCH, DETECT_SM_LIST_SUPPRESS, DETECT_SM_LIST_THRESHOLD, DETECT_SM_LIST_TMATCH, and type.
◆ DetectTableToString()
| const char* DetectTableToString | ( | enum DetectTable | table | ) |
Definition at line 131 of file detect-engine.c.
References DETECT_TABLE_APP_FILTER, DETECT_TABLE_APP_TD, DETECT_TABLE_NOT_SET, DETECT_TABLE_PACKET_FILTER, DETECT_TABLE_PACKET_PRE_FLOW, DETECT_TABLE_PACKET_PRE_STREAM, and DETECT_TABLE_PACKET_TD.
◆ DetectThreadCtxGetGlobalKeywordThreadCtx()
| void* DetectThreadCtxGetGlobalKeywordThreadCtx | ( | DetectEngineThreadCtx * | det_ctx, |
| int | id | ||
| ) |
Retrieve thread local keyword ctx by id.
- Parameters
-
det_ctx detection engine thread ctx to retrieve the ctx from id id of the ctx returned by DetectRegisterThreadCtxInitFunc at keyword init.
- Return values
-
ctx or NULL on error
Definition at line 3788 of file detect-engine.c.
References DetectEngineThreadCtx_::global_keyword_ctxs_array, DetectEngineThreadCtx_::global_keyword_ctxs_size, and id.
Referenced by HttpHeaderGetBufferSpace().
◆ DetectThreadCtxGetKeywordThreadCtx()
| void* DetectThreadCtxGetKeywordThreadCtx | ( | DetectEngineThreadCtx * | det_ctx, |
| int | id | ||
| ) |
Retrieve thread local keyword ctx by id.
- Parameters
-
det_ctx detection engine thread ctx to retrieve the ctx from id id of the ctx returned by DetectRegisterThreadCtxInitFunc at keyword init.
- Return values
-
ctx or NULL on error
Definition at line 3724 of file detect-engine.c.
References id, DetectEngineThreadCtx_::keyword_ctxs_array, and DetectEngineThreadCtx_::keyword_ctxs_size.
Referenced by DetectLuaMatchBuffer(), and DetectPcrePayloadMatch().
◆ DetectUnregisterThreadCtxFuncs()
| int DetectUnregisterThreadCtxFuncs | ( | DetectEngineCtx * | de_ctx, |
| void * | data, | ||
| const char * | name | ||
| ) |
Remove Thread keyword context registration.
- Parameters
-
de_ctx detection engine to deregister from det_ctx detection engine thread context to deregister from data keyword init data to pass to Func. Can be NULL. name keyword name for error printing
- Return values
-
1 Item unregistered 0 otherwise
- Note
- make sure "data" remains valid and it free'd elsewhere. It's recommended to store it in the keywords global ctx so that it's freed when the de_ctx is freed.
Definition at line 3706 of file detect-engine.c.
References DetectEngineThreadKeywordCtxItem_::data, de_ctx, HashListTableRemove(), DetectEngineCtx_::keyword_hash, and name.
◆ InjectPacketsForFlush()
| void InjectPacketsForFlush | ( | ThreadVars ** | detect_tvs, |
| int | no_of_detect_tvs | ||
| ) |
Definition at line 2239 of file detect-engine.c.
References PacketQueue_::cond_q, Packet_::flags, PacketQueue_::mutex_q, name, PacketEnqueue(), PacketGetFromAlloc(), PKT_PSEUDO_LOG_FLUSH, PKT_PSEUDO_STREAM_END, PKT_SET_SRC, PKT_SRC_DETECT_RELOAD_FLUSH, SCCondSignal, SCLogDebug, SCMutexLock, SCMutexUnlock, and ThreadVars_::stream_pq.
◆ SCDetectEngineRegisterRateFilterCallback()
| void SCDetectEngineRegisterRateFilterCallback | ( | SCDetectRateFilterFunc | cb, |
| void * | arg | ||
| ) |
Register a callback when a rate_filter has been applied to an alert.
This callback is added to the current detection engine and will be copied to all future detection engines over rule reloads.
Definition at line 5063 of file detect-engine.c.
References de_ctx, DetectEngineDeReference(), DetectEngineGetCurrent(), DetectEngineCtx_::rate_filter_callback_arg, and DetectEngineCtx_::RateFilterCallback.
Referenced by main().
Variable Documentation
◆ signature_properties
| const struct SignatureProperties signature_properties[SIG_TYPE_MAX] |
Definition at line 112 of file detect-engine.c.
Referenced by EngineAnalysisRules2().
