Go to the source code of this file.
Macros | |
| #define | DetectEngineGetMaxSigId(de_ctx) ((de_ctx)->signum) |
Detailed Description
Definition in file detect-engine.h.
Macro Definition Documentation
◆ DetectEngineGetMaxSigId
Definition at line 101 of file detect-engine.h.
Function Documentation
◆ DetectAppLayerInspectEngineRegister2()
| void DetectAppLayerInspectEngineRegister2 | ( | const char * | name, |
| AppProto | alproto, | ||
| uint32_t | dir, | ||
| int | progress, | ||
| InspectEngineFuncPtr2 | Callback2, | ||
| InspectionBufferGetDataPtr | GetData | ||
| ) |
Registers an app inspection engine.
- Parameters
-
name Name of the detection list alproto App layer protocol for which we will register the engine. direction The direction for the engine: SIG_FLAG_TOSERVER or SIG_FLAG_TOCLIENT progress Minimal progress value for inspect engine to run Callback The engine callback.
Registers an app inspection engine.
- Note
- errors are fatal
Definition at line 227 of file detect-engine.c.
◆ DetectBufferGetActiveList()
| int DetectBufferGetActiveList | ( | DetectEngineCtx * | de_ctx, |
| Signature * | s | ||
| ) |
Definition at line 1312 of file detect-engine.c.
References BUG_ON, DetectEngineTransforms::cnt, de_ctx, DETECT_SM_LIST_DYNAMIC_START, DETECT_SM_LIST_NOTSET, DetectEngineBufferTypeGetByIdTransforms(), Signature_::init_data, SignatureInitData_::list, SignatureInitData_::list_set, SC_ERR_INVALID_SIGNATURE, SCLogDebug, SCLogError, SCReturnInt, DetectEngineTransforms::transforms, and SignatureInitData_::transforms.
Referenced by DetectContentSetup().
◆ DetectBufferSetActiveList()
| int WARN_UNUSED DetectBufferSetActiveList | ( | Signature * | s, |
| const int | list | ||
| ) |
Definition at line 1299 of file detect-engine.c.
◆ DetectBufferTypeCloseRegistration()
| void DetectBufferTypeCloseRegistration | ( | void | ) |
Definition at line 1657 of file detect-engine.c.
References BUG_ON.
Referenced by SigTableSetup().
◆ DetectBufferTypeGetByName()
| int DetectBufferTypeGetByName | ( | const char * | name | ) |
Definition at line 1085 of file detect-engine.c.
Referenced by DetectEngineAppInspectionEngine2Signature(), DetectFrameInspectEngineRegister(), DetectFrameMpmRegister(), and DetectPktInspectEngineRegister().
◆ DetectBufferTypeGetDescriptionByName()
| const char* DetectBufferTypeGetDescriptionByName | ( | const char * | name | ) |
Definition at line 1202 of file detect-engine.c.
◆ DetectBufferTypeMaxId()
| int DetectBufferTypeMaxId | ( | void | ) |
Definition at line 921 of file detect-engine.c.
Referenced by SigAlloc().
◆ DetectBufferTypeRegister()
| int DetectBufferTypeRegister | ( | const char * | name | ) |
Definition at line 1031 of file detect-engine.c.
References BUG_ON.
Referenced by DetectFrameInspectEngineRegister(), and DetectPktInspectEngineRegister().
◆ DetectBufferTypeRegisterSetupCallback()
| void DetectBufferTypeRegisterSetupCallback | ( | const char * | name, |
| void(*)(const DetectEngineCtx *, Signature *) | Callback | ||
| ) |
Definition at line 1261 of file detect-engine.c.
References BUG_ON.
◆ DetectBufferTypeRegisterValidateCallback()
| void DetectBufferTypeRegisterValidateCallback | ( | const char * | name, |
| bool(*)(const Signature *, const char **sigerror) | ValidateCallback | ||
| ) |
Definition at line 1279 of file detect-engine.c.
References BUG_ON.
◆ DetectBufferTypeSetDescriptionByName()
| void DetectBufferTypeSetDescriptionByName | ( | const char * | name, |
| const char * | desc | ||
| ) |
Definition at line 1182 of file detect-engine.c.
References BUG_ON.
◆ DetectBufferTypeSupportsFrames()
| void DetectBufferTypeSupportsFrames | ( | const char * | name | ) |
Definition at line 1045 of file detect-engine.c.
References BUG_ON.
Referenced by DetectFrameMpmRegister().
◆ DetectBufferTypeSupportsMpm()
| void DetectBufferTypeSupportsMpm | ( | const char * | name | ) |
Definition at line 1065 of file detect-engine.c.
References BUG_ON.
Referenced by DetectFrameMpmRegister().
◆ DetectBufferTypeSupportsPacket()
| void DetectBufferTypeSupportsPacket | ( | const char * | name | ) |
Definition at line 1055 of file detect-engine.c.
References BUG_ON.
◆ DetectBufferTypeSupportsTransformations()
| void DetectBufferTypeSupportsTransformations | ( | const char * | name | ) |
Definition at line 1075 of file detect-engine.c.
References BUG_ON.
Referenced by DetectFrameMpmRegister().
◆ DetectEngineAddToMaster()
| int DetectEngineAddToMaster | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 4331 of file detect-engine.c.
References de_ctx, and SCLogDebug.
◆ DetectEngineAppInspectionEngine2Signature()
| int DetectEngineAppInspectionEngine2Signature | ( | DetectEngineCtx * | de_ctx, |
| Signature * | s | ||
| ) |
- Note
- for the file inspect engine, the id DE_STATE_ID_FILE_INSPECT is assigned.
Definition at line 586 of file detect-engine.c.
References DetectEngineFrameInspectionEngine::alproto, Signature_::alproto, ALPROTO_UNKNOWN, de_ctx, DETECT_SM_LIST_DYNAMIC_START, DetectBufferTypeGetByName(), DetectEngineCtx_::frame_inspect_engines, Signature_::init_data, SignatureInitData_::mpm_sm, SignatureInitData_::mpm_sm_list, SCLogDebug, SigMatchList2DataArray(), DetectEngineFrameInspectionEngine::sm_list, SignatureInitData_::smlists, and SignatureInitData_::smlists_array_size.
◆ DetectEngineAppInspectionEngineSignatureFree()
| void DetectEngineAppInspectionEngineSignatureFree | ( | DetectEngineCtx * | de_ctx, |
| Signature * | s | ||
| ) |
free app inspect engines for a signature
For lists that are registered multiple times, like http_header and http_cookie, making the engines owner of the lists is complicated. Multiple engines in a sig may be pointing to the same list. To address this the 'free' code needs to be extra careful about not double freeing, so it takes an approach to first fill an array of the to-free pointers before freeing them.
Definition at line 842 of file detect-engine.c.
References Signature_::app_inspect, BUG_ON, SigMatchData_::ctx, de_ctx, Signature_::frame_inspect, SigTableElmt_::Free, SigMatchData_::is_last, MAX, next, DetectEngineAppInspectionEngine_::next, DetectEnginePktInspectionEngine::next, DetectEngineFrameInspectionEngine::next, Signature_::pkt_inspect, SCFree, sigmatch_table, DetectEngineAppInspectionEngine_::sm_list, DetectEnginePktInspectionEngine::sm_list, DetectEngineFrameInspectionEngine::sm_list, DetectEngineAppInspectionEngine_::smd, DetectEnginePktInspectionEngine::smd, DetectEngineFrameInspectionEngine::smd, and SigMatchData_::type.
◆ DetectEngineBufferRunSetupCallback()
| void DetectEngineBufferRunSetupCallback | ( | const DetectEngineCtx * | de_ctx, |
| const int | id, | ||
| Signature * | s | ||
| ) |
Definition at line 1271 of file detect-engine.c.
References de_ctx, DetectEngineBufferTypeGetById(), and DetectBufferType_::SetupCallback.
◆ DetectEngineBufferRunValidateCallback()
| bool DetectEngineBufferRunValidateCallback | ( | const DetectEngineCtx * | de_ctx, |
| const int | id, | ||
| const Signature * | s, | ||
| const char ** | sigerror | ||
| ) |
Definition at line 1289 of file detect-engine.c.
References de_ctx, DetectEngineBufferTypeGetById(), and DetectBufferType_::ValidateCallback.
◆ DetectEngineBufferTypeGetById()
| const DetectBufferType* DetectEngineBufferTypeGetById | ( | const DetectEngineCtx * | de_ctx, |
| const int | id | ||
| ) |
Definition at line 1105 of file detect-engine.c.
References DetectEngineCtx_::buffer_type_hash_id, de_ctx, HashListTableLookup(), and DetectBufferType_::id.
Referenced by DetectEngineBufferRunSetupCallback(), DetectEngineBufferRunValidateCallback(), DetectEngineBufferTypeGetByIdTransforms(), DetectEngineBufferTypeGetDescriptionById(), DetectEngineBufferTypeGetNameById(), DetectEngineBufferTypeSupportsMpmGetById(), DetectEngineBufferTypeSupportsPacketGetById(), and DetectEngineBufferTypeValidateTransform().
◆ DetectEngineBufferTypeGetByIdTransforms()
| int DetectEngineBufferTypeGetByIdTransforms | ( | DetectEngineCtx * | de_ctx, |
| const int | id, | ||
| TransformData * | transforms, | ||
| int | transform_cnt | ||
| ) |
Definition at line 1664 of file detect-engine.c.
References DetectEngineCtx_::buffer_type_hash_id, DetectEngineCtx_::buffer_type_hash_name, DetectEngineCtx_::buffer_type_id, BUG_ON, DetectEngineTransforms::cnt, de_ctx, DetectAppLayerMpmRegisterByParentId(), DetectEngineBufferTypeGetById(), DetectFrameMpmRegisterByParentId(), DetectPktMpmRegisterByParentId(), DetectBufferType_::frame, HashListTableAdd(), HashListTableLookup(), DetectBufferType_::id, DetectBufferType_::mpm, DetectBufferType_::name, DetectBufferType_::packet, DetectBufferType_::parent_id, SC_ERR_INVALID_SIGNATURE, SCCalloc, SCLogDebug, SCLogError, DetectBufferType_::SetupCallback, strlcpy(), DetectBufferType_::supports_transforms, DetectEngineTransforms::transforms, DetectBufferType_::transforms, and DetectBufferType_::ValidateCallback.
Referenced by DetectBufferGetActiveList().
◆ DetectEngineBufferTypeGetDescriptionById()
| const char* DetectEngineBufferTypeGetDescriptionById | ( | const DetectEngineCtx * | de_ctx, |
| const int | id | ||
| ) |
Definition at line 1193 of file detect-engine.c.
References de_ctx, DetectBufferType_::description, and DetectEngineBufferTypeGetById().
◆ DetectEngineBufferTypeGetNameById()
| const char* DetectEngineBufferTypeGetNameById | ( | const DetectEngineCtx * | de_ctx, |
| const int | id | ||
| ) |
Definition at line 1115 of file detect-engine.c.
References de_ctx, DetectEngineBufferTypeGetById(), and DetectBufferType_::name.
Referenced by DumpPatterns(), EngineAnalysisRules2(), and SignatureIsIPOnly().
◆ DetectEngineBufferTypeRegister()
| int DetectEngineBufferTypeRegister | ( | DetectEngineCtx * | de_ctx, |
| const char * | name | ||
| ) |
Definition at line 1172 of file detect-engine.c.
Referenced by DetectEngineFrameInspectEngineRegister(), and DetectEngineFrameMpmRegister().
◆ DetectEngineBufferTypeRegisterWithFrameEngines()
| int DetectEngineBufferTypeRegisterWithFrameEngines | ( | DetectEngineCtx * | de_ctx, |
| const char * | name, | ||
| const int | direction, | ||
| const AppProto | alproto, | ||
| const uint8_t | frame_type | ||
| ) |
Definition at line 1138 of file detect-engine.c.
◆ DetectEngineBufferTypeSupportsFrames()
| void DetectEngineBufferTypeSupportsFrames | ( | DetectEngineCtx * | de_ctx, |
| const char * | name | ||
| ) |
Definition at line 1211 of file detect-engine.c.
Referenced by DetectEngineFrameMpmRegister().
◆ DetectEngineBufferTypeSupportsMpm()
| void DetectEngineBufferTypeSupportsMpm | ( | DetectEngineCtx * | de_ctx, |
| const char * | name | ||
| ) |
Definition at line 1227 of file detect-engine.c.
Referenced by DetectEngineFrameMpmRegister().
◆ DetectEngineBufferTypeSupportsMpmGetById()
| bool DetectEngineBufferTypeSupportsMpmGetById | ( | const DetectEngineCtx * | de_ctx, |
| const int | id | ||
| ) |
Definition at line 1252 of file detect-engine.c.
References de_ctx, DetectEngineBufferTypeGetById(), DetectBufferType_::mpm, and SCLogDebug.
Referenced by DetectGetLastSMFromMpmLists(), and FastPatternSupportEnabledForSigMatchList().
◆ DetectEngineBufferTypeSupportsPacket()
| void DetectEngineBufferTypeSupportsPacket | ( | DetectEngineCtx * | de_ctx, |
| const char * | name | ||
| ) |
Definition at line 1219 of file detect-engine.c.
◆ DetectEngineBufferTypeSupportsPacketGetById()
| bool DetectEngineBufferTypeSupportsPacketGetById | ( | const DetectEngineCtx * | de_ctx, |
| const int | id | ||
| ) |
Definition at line 1243 of file detect-engine.c.
References de_ctx, DetectEngineBufferTypeGetById(), DetectBufferType_::packet, and SCLogDebug.
◆ DetectEngineBufferTypeSupportsTransformations()
| void DetectEngineBufferTypeSupportsTransformations | ( | DetectEngineCtx * | de_ctx, |
| const char * | name | ||
| ) |
Definition at line 1235 of file detect-engine.c.
Referenced by DetectEngineFrameMpmRegister().
◆ DetectEngineBufferTypeValidateTransform()
| bool DetectEngineBufferTypeValidateTransform | ( | DetectEngineCtx * | de_ctx, |
| int | sm_list, | ||
| const uint8_t * | content, | ||
| uint16_t | content_len, | ||
| const char ** | namestr | ||
| ) |
Check content byte array compatibility with transforms.
The "content" array is presented to the transforms so that each transform may validate that it's compatible with the transform.
When a transform indicates the byte array is incompatible, none of the subsequent transforms, if any, are invoked. This means the first positive validation result terminates the loop.
- Parameters
-
de_ctx Detection engine context. sm_list The SM list id. content The byte array being validated namestr returns the name of the transform that is incompatible with content.
- Return values
-
true (false) If any of the transforms indicate the byte array is (is not) compatible.
Definition at line 1526 of file detect-engine.c.
References BUG_ON, DetectEngineTransforms::cnt, de_ctx, DetectEngineBufferTypeGetById(), SigTableElmt_::name, TransformData_::options, sigmatch_table, TransformData_::transform, DetectEngineTransforms::transforms, DetectBufferType_::transforms, and SigTableElmt_::TransformValidate.
Referenced by DetectContentSetup().
◆ DetectEngineBumpVersion()
| void DetectEngineBumpVersion | ( | void | ) |
Definition at line 3601 of file detect-engine.c.
◆ DetectEngineCtxFree()
| void DetectEngineCtxFree | ( | DetectEngineCtx * | de_ctx | ) |
Free a DetectEngineCtx::
- Parameters
-
de_ctx DetectEngineCtx:: to be freed
Definition at line 2444 of file detect-engine.c.
References de_ctx, DetectEngineFreeFastPatternList(), DetectParseDupSigHashFree(), MpmFactoryDeRegisterAllMpmCtxProfiles(), MpmStoreFree(), DetectEngineCtx_::profile_ctx, DetectEngineCtx_::profile_keyword_ctx, DetectEngineCtx_::profile_sgh_ctx, SCClassConfDeInitContext(), SCFree, SCProfilingKeywordDestroyCtx(), SCProfilingPrefilterDestroyCtx(), SCProfilingRuleDestroyCtx(), SCProfilingSghDestroyCtx(), SCRConfDeInitContext(), SCSigSignatureOrderingModuleCleanup(), DetectEngineCtx_::sig_array, SigCleanSignatures(), SigGroupCleanup(), SigGroupHeadHashFree(), DetectEngineCtx_::spm_global_thread_ctx, SpmDestroyGlobalThreadCtx(), and ThresholdContextDestroy().
◆ DetectEngineCtxInit()
| DetectEngineCtx* DetectEngineCtxInit | ( | void | ) |
Definition at line 2405 of file detect-engine.c.
Referenced by DetectEngineCtxInitWithPrefix().
◆ DetectEngineCtxInitStubForDD()
| DetectEngineCtx* DetectEngineCtxInitStubForDD | ( | void | ) |
Definition at line 2400 of file detect-engine.c.
◆ DetectEngineCtxInitStubForMT()
| DetectEngineCtx* DetectEngineCtxInitStubForMT | ( | void | ) |
Definition at line 2395 of file detect-engine.c.
◆ DetectEngineCtxInitWithPrefix()
| DetectEngineCtx* DetectEngineCtxInitWithPrefix | ( | const char * | prefix | ) |
Definition at line 2410 of file detect-engine.c.
References DetectEngineCtxInit().
◆ DetectEngineDeReference()
| void DetectEngineDeReference | ( | DetectEngineCtx ** | de_ctx | ) |
Definition at line 4307 of file detect-engine.c.
◆ DetectEngineEnabled()
| int DetectEngineEnabled | ( | void | ) |
Check if detection is enabled.
- Return values
-
bool true or false
Definition at line 3577 of file detect-engine.c.
◆ DetectEngineFrameInspectEngineRegister()
| void DetectEngineFrameInspectEngineRegister | ( | DetectEngineCtx * | de_ctx, |
| const char * | name, | ||
| int | dir, | ||
| InspectionBufferFrameInspectFunc | Callback, | ||
| AppProto | alproto, | ||
| uint8_t | type | ||
| ) |
register inspect engine at start up time
- Note
- errors are fatal
Definition at line 420 of file detect-engine.c.
References DetectEngineFrameInspectionEngine::alproto, BUG_ON, DetectEngineFrameInspectionEngine::Callback, de_ctx, DETECT_SM_LIST_MATCH, DetectEngineBufferTypeRegister(), DetectEngineFrameInspectionEngine::dir, FatalError, DetectEngineCtx_::frame_inspect_engines, SC_ERR_INITIALIZATION, SC_ERR_INVALID_ARGUMENTS, SCCalloc, SCLogError, SIG_FLAG_TOSERVER, DetectEngineFrameInspectionEngine::sm_list, DetectEngineFrameInspectionEngine::sm_list_base, type, DetectEngineFrameInspectionEngine::type, unlikely, and DetectEngineFrameInspectionEngine::v1.
◆ DetectEngineFrameInspectionRun()
| bool DetectEngineFrameInspectionRun | ( | ThreadVars * | tv, |
| DetectEngineThreadCtx * | det_ctx, | ||
| const Signature * | s, | ||
| Flow * | f, | ||
| Packet * | p, | ||
| uint8_t * | alert_flags | ||
| ) |
◆ DetectEngineGetByTenantId()
| DetectEngineCtx* DetectEngineGetByTenantId | ( | int | tenant_id | ) |
Definition at line 4281 of file detect-engine.c.
◆ DetectEngineGetCurrent()
| DetectEngineCtx* DetectEngineGetCurrent | ( | void | ) |
Definition at line 3610 of file detect-engine.c.
Referenced by DetectEngineThreadCtxInit().
◆ DetectEngineGetVersion()
| uint32_t DetectEngineGetVersion | ( | void | ) |
Definition at line 3591 of file detect-engine.c.
References version.
◆ DetectEngineInspectBufferGeneric()
| uint8_t DetectEngineInspectBufferGeneric | ( | DetectEngineCtx * | de_ctx, |
| DetectEngineThreadCtx * | det_ctx, | ||
| const DetectEngineAppInspectionEngine * | engine, | ||
| const Signature * | s, | ||
| Flow * | f, | ||
| uint8_t | flags, | ||
| void * | alstate, | ||
| void * | txv, | ||
| uint64_t | tx_id | ||
| ) |
Do the content inspection & validation for a signature.
- Parameters
-
de_ctx Detection engine context det_ctx Detection engine thread context s Signature to inspect f Flow flags app layer flags state App layer state
- Return values
-
0 no match. 1 match. 2 Sig can't match.
Definition at line 1993 of file detect-engine.c.
References Flow_::alproto, AppLayerParserGetStateProgress(), DetectEngineThreadCtx_::buffer_offset, de_ctx, DETECT_CI_FLAGS_END, DETECT_CI_FLAGS_START, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, DETECT_ENGINE_INSPECT_SIG_CANT_MATCH, DETECT_ENGINE_INSPECT_SIG_MATCH, DETECT_ENGINE_INSPECT_SIG_NO_MATCH, DetectEngineContentInspection(), DetectEngineThreadCtx_::discontinue_matching, flags, InspectionBuffer::flags, DetectEngineAppInspectionEngine_::GetData, InspectionBuffer::inspect, InspectionBuffer::inspect_len, InspectionBuffer::inspect_offset, DetectEngineThreadCtx_::inspection_recursion_counter, DetectEngineAppInspectionEngine_::mpm, offset, DetectEngineAppInspectionEngine_::progress, Flow_::proto, SCLogDebug, DetectEngineAppInspectionEngine_::sm_list, DetectEngineAppInspectionEngine_::smd, DetectEngineAppInspectionEngine_::transforms, unlikely, and DetectEngineAppInspectionEngine_::v2.
◆ DetectEngineInspectGenericList()
| uint8_t DetectEngineInspectGenericList | ( | DetectEngineCtx * | de_ctx, |
| DetectEngineThreadCtx * | det_ctx, | ||
| const struct DetectEngineAppInspectionEngine_ * | engine, | ||
| const Signature * | s, | ||
| Flow * | f, | ||
| uint8_t | flags, | ||
| void * | alstate, | ||
| void * | txv, | ||
| uint64_t | tx_id | ||
| ) |
Do the content inspection & validation for a signature.
- Parameters
-
de_ctx Detection engine context det_ctx Detection engine thread context s Signature to inspect sm SigMatch to inspect f Flow flags app layer flags state App layer state
- Return values
-
0 no match 1 match
Definition at line 1950 of file detect-engine.c.
References SigMatchData_::ctx, DETECT_ENGINE_INSPECT_SIG_CANT_MATCH, DETECT_ENGINE_INSPECT_SIG_MATCH, DETECT_ENGINE_INSPECT_SIG_NO_MATCH, flags, SigMatchData_::is_last, KEYWORD_PROFILING_END, KEYWORD_PROFILING_START, SCLogDebug, sigmatch_table, DetectEngineAppInspectionEngine_::smd, and SigMatchData_::type.
◆ DetectEngineInspectPktBufferGeneric()
| int DetectEngineInspectPktBufferGeneric | ( | DetectEngineThreadCtx * | det_ctx, |
| const DetectEnginePktInspectionEngine * | engine, | ||
| const Signature * | s, | ||
| Packet * | p, | ||
| uint8_t * | _alert_flags | ||
| ) |
Do the content inspection & validation for a signature.
- Parameters
-
de_ctx Detection engine context det_ctx Detection engine thread context s Signature to inspect p Packet
- Return values
-
0 no match. 1 match.
Definition at line 2056 of file detect-engine.c.
References DetectEngineThreadCtx_::buffer_offset, DetectEngineThreadCtx_::de_ctx, DETECT_CI_FLAGS_END, DETECT_CI_FLAGS_START, DETECT_ENGINE_CONTENT_INSPECTION_MODE_HEADER, DETECT_ENGINE_INSPECT_SIG_MATCH, DETECT_ENGINE_INSPECT_SIG_NO_MATCH, DetectEngineContentInspection(), DetectEngineThreadCtx_::discontinue_matching, InspectionBuffer::flags, Packet_::flow, DetectEnginePktInspectionEngine::GetData, InspectionBuffer::inspect, InspectionBuffer::inspect_len, DetectEngineThreadCtx_::inspection_recursion_counter, DetectEnginePktInspectionEngine::mpm, offset, SCLogDebug, DetectEnginePktInspectionEngine::sm_list, DetectEnginePktInspectionEngine::smd, DetectEnginePktInspectionEngine::transforms, unlikely, and DetectEnginePktInspectionEngine::v1.
◆ DetectEngineLoadTenantBlocking()
| int DetectEngineLoadTenantBlocking | ( | uint32_t | tenant_id, |
| const char * | yaml | ||
| ) |
Load a tenant and wait for loading to complete.
Definition at line 3836 of file detect-engine.c.
◆ DetectEngineMoveToFreeList()
| int DetectEngineMoveToFreeList | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 4347 of file detect-engine.c.
◆ DetectEngineMTApply()
| int DetectEngineMTApply | ( | void | ) |
Definition at line 4541 of file detect-engine.c.
◆ DetectEngineMultiTenantEnabled()
| int DetectEngineMultiTenantEnabled | ( | void | ) |
TODO locking? Not needed if this is a one time setting at startup
Definition at line 3642 of file detect-engine.c.
◆ DetectEngineMultiTenantSetup()
| int DetectEngineMultiTenantSetup | ( | void | ) |
setup multi-detect / multi-tenancy
See if MT is enabled. If so, setup the selector, tenants and mappings. Tenants and mappings are optional, and can also dynamically be added and removed from the unix socket.
Definition at line 3982 of file detect-engine.c.
References TENANT_SELECTOR_UNKNOWN.
◆ DetectEngineMustParseMetadata()
| int DetectEngineMustParseMetadata | ( | void | ) |
Definition at line 4606 of file detect-engine.c.
Referenced by DetectMetadataHashInit().
◆ DetectEnginePktInspectionRun()
| bool DetectEnginePktInspectionRun | ( | ThreadVars * | tv, |
| DetectEngineThreadCtx * | det_ctx, | ||
| const Signature * | s, | ||
| Flow * | f, | ||
| Packet * | p, | ||
| uint8_t * | alert_flags | ||
| ) |
Definition at line 1808 of file detect-engine.c.
References Signature_::id, DetectEnginePktInspectionEngine::next, Signature_::pkt_inspect, SCEnter, and SCLogDebug.
◆ DetectEnginePktInspectionSetup()
| int DetectEnginePktInspectionSetup | ( | Signature * | s | ) |
Definition at line 1856 of file detect-engine.c.
References DETECT_SM_LIST_PMATCH, Signature_::init_data, SignatureInitData_::init_flags, SIG_FLAG_INIT_STATE_MATCH, and Signature_::sm_arrays.
◆ DetectEnginePruneFreeList()
| void DetectEnginePruneFreeList | ( | void | ) |
Definition at line 4398 of file detect-engine.c.
◆ DetectEngineReference()
| DetectEngineCtx* DetectEngineReference | ( | DetectEngineCtx * | ) |
Definition at line 3633 of file detect-engine.c.
References de_ctx, and DetectEngineCtx_::ref_cnt.
Referenced by DetectEngineThreadCtxInitForReload().
◆ DetectEngineRegisterTests()
| void DetectEngineRegisterTests | ( | void | ) |
Definition at line 4870 of file detect-engine.c.
References UtRegisterTest().
◆ DetectEngineReload()
| int DetectEngineReload | ( | const SCInstance * | suri | ) |
Reload the detection engine.
- Parameters
-
filename YAML file to load for the detect config
- Return values
-
-1 error 0 ok
Definition at line 4437 of file detect-engine.c.
References SCInstance_::conf_filename, and SCLogNotice.
◆ DetectEngineReloadIsIdle()
| int DetectEngineReloadIsIdle | ( | void | ) |
Definition at line 1926 of file detect-engine.c.
References SCMutexLock.
◆ DetectEngineReloadIsStart()
| int DetectEngineReloadIsStart | ( | void | ) |
Definition at line 1906 of file detect-engine.c.
References SCMutexLock.
◆ DetectEngineReloadSetIdle()
| void DetectEngineReloadSetIdle | ( | void | ) |
Definition at line 1918 of file detect-engine.c.
References SCMutexLock.
◆ DetectEngineReloadStart()
| int DetectEngineReloadStart | ( | void | ) |
Definition at line 1892 of file detect-engine.c.
References SCMutexLock.
◆ DetectEngineReloadTenantBlocking()
| int DetectEngineReloadTenantBlocking | ( | uint32_t | tenant_id, |
| const char * | yaml, | ||
| int | reload_cnt | ||
| ) |
Reload a tenant and wait for loading to complete.
Definition at line 3850 of file detect-engine.c.
◆ DetectEngineResetMaxSigId()
| void DetectEngineResetMaxSigId | ( | DetectEngineCtx * | ) |
Definition at line 2826 of file detect-engine.c.
References de_ctx, and DetectEngineCtx_::signum.
Referenced by SigCleanSignatures().
◆ DetectEngineSetParseMetadata()
| void DetectEngineSetParseMetadata | ( | void | ) |
Definition at line 4596 of file detect-engine.c.
◆ DetectEngineTentantRegisterLivedev()
| int DetectEngineTentantRegisterLivedev | ( | uint32_t | tenant_id, |
| int | device_id | ||
| ) |
Definition at line 4249 of file detect-engine.c.
◆ DetectEngineTentantRegisterPcapFile()
| int DetectEngineTentantRegisterPcapFile | ( | uint32_t | tenant_id | ) |
Definition at line 4264 of file detect-engine.c.
References SCLogInfo, and TENANT_SELECTOR_DIRECT.
◆ DetectEngineTentantRegisterVlanId()
| int DetectEngineTentantRegisterVlanId | ( | uint32_t | tenant_id, |
| uint16_t | vlan_id | ||
| ) |
Definition at line 4254 of file detect-engine.c.
◆ DetectEngineTentantUnregisterPcapFile()
| int DetectEngineTentantUnregisterPcapFile | ( | uint32_t | tenant_id | ) |
Definition at line 4270 of file detect-engine.c.
References SCLogInfo, and TENANT_SELECTOR_DIRECT.
◆ DetectEngineTentantUnregisterVlanId()
| int DetectEngineTentantUnregisterVlanId | ( | uint32_t | tenant_id, |
| uint16_t | vlan_id | ||
| ) |
Definition at line 4259 of file detect-engine.c.
◆ DetectEngineThreadCtxDeinit()
| TmEcode DetectEngineThreadCtxDeinit | ( | ThreadVars * | , |
| void * | |||
| ) |
Definition at line 3367 of file detect-engine.c.
References HashTableFree(), DetectEngineThreadCtx_::mt_det_ctxs_hash, SC_ERR_INVALID_ARGUMENTS, SCLogWarning, and TM_ECODE_OK.
Referenced by DetectEngineThreadCtxInit().
◆ DetectEngineThreadCtxInit()
| TmEcode DetectEngineThreadCtxInit | ( | ThreadVars * | tv, |
| void * | initdata, | ||
| void ** | data | ||
| ) |
initialize thread specific detection engine context
- Note
- there is a special case when using delayed detect. In this case the function is called twice per thread. The first time the rules are not yet loaded. de_ctx->delayed_detect_initialized will be 0. The 2nd time they will be loaded. de_ctx->delayed_detect_initialized will be 1. This is needed to do the per thread counter registration before the packet runtime starts. In delayed detect mode, the first call will return a NULL ptr through the data ptr.
- Parameters
-
tv ThreadVars for this thread initdata pointer to de_ctx data[out] pointer to store our thread detection ctx
- Return values
-
TM_ECODE_OK if all went well TM_ECODE_FAILED on serious errors
alert counter setup
Definition at line 3153 of file detect-engine.c.
References DetectEngineThreadCtx_::de_ctx, DETECT_ENGINE_TYPE_NORMAL, DETECT_ENGINE_TYPE_TENANT, DetectEngineGetCurrent(), DetectEngineThreadCtxDeinit(), RunmodeIsUnittests(), SCMalloc, TM_ECODE_FAILED, tv, DetectEngineThreadCtx_::tv, DetectEngineCtx_::type, and unlikely.
◆ DetectEngineThreadCtxInitForReload()
| DetectEngineThreadCtx* DetectEngineThreadCtxInitForReload | ( | ThreadVars * | tv, |
| DetectEngineCtx * | new_de_ctx, | ||
| int | mt | ||
| ) |
alert counter setup
Definition at line 3218 of file detect-engine.c.
References DetectEngineThreadCtx_::de_ctx, DETECT_ENGINE_TYPE_NORMAL, DETECT_ENGINE_TYPE_TENANT, DetectEngineReference(), SCFree, SCMalloc, DetectEngineCtx_::tenant_id, DetectEngineThreadCtx_::tenant_id, tv, DetectEngineThreadCtx_::tv, DetectEngineCtx_::type, and unlikely.
◆ DetectEngineUnsetParseMetadata()
| void DetectEngineUnsetParseMetadata | ( | void | ) |
Definition at line 4601 of file detect-engine.c.
◆ DetectFrameInspectEngineRegister()
| void DetectFrameInspectEngineRegister | ( | const char * | name, |
| int | dir, | ||
| InspectionBufferFrameInspectFunc | Callback, | ||
| AppProto | alproto, | ||
| uint8_t | type | ||
| ) |
register inspect engine at start up time
- Note
- errors are fatal
Definition at line 179 of file detect-engine.c.
References DetectEngineFrameInspectionEngine::alproto, BUG_ON, DetectEngineFrameInspectionEngine::Callback, DETECT_SM_LIST_MATCH, DetectBufferTypeGetByName(), DetectBufferTypeRegister(), DetectEngineFrameInspectionEngine::dir, FatalError, SC_ERR_INITIALIZATION, SC_ERR_INVALID_ARGUMENTS, SCCalloc, SCLogError, SIG_FLAG_TOSERVER, DetectEngineFrameInspectionEngine::sm_list, DetectEngineFrameInspectionEngine::sm_list_base, type, DetectEngineFrameInspectionEngine::type, unlikely, and DetectEngineFrameInspectionEngine::v1.
◆ DetectPktInspectEngineRegister()
| void DetectPktInspectEngineRegister | ( | const char * | name, |
| InspectionBufferGetPktDataPtr | GetPktData, | ||
| InspectionBufferPktInspectFunc | Callback | ||
| ) |
register inspect engine at start up time
- Note
- errors are fatal
Definition at line 136 of file detect-engine.c.
References BUG_ON, DetectEnginePktInspectionEngine::Callback, DETECT_SM_LIST_MATCH, DetectBufferTypeGetByName(), DetectBufferTypeRegister(), FatalError, DetectEnginePktInspectionEngine::GetData, SC_ERR_INITIALIZATION, SC_ERR_INVALID_ARGUMENTS, SCCalloc, SCLogError, DetectEnginePktInspectionEngine::sm_list, DetectEnginePktInspectionEngine::sm_list_base, unlikely, and DetectEnginePktInspectionEngine::v1.
◆ DetectRegisterThreadCtxGlobalFuncs()
| int DetectRegisterThreadCtxGlobalFuncs | ( | const char * | name, |
| void *(*)(void *) | InitFunc, | ||
| void * | data, | ||
| void(*)(void *) | FreeFunc | ||
| ) |
Register Thread keyword context Funcs (Global)
IDs stay static over reloads and between tenants
- Parameters
-
name keyword name for error printing InitFunc function ptr FreeFunc function ptr
- Return values
-
id for retrieval of ctx at runtime -1 on error
Definition at line 3521 of file detect-engine.c.
References BUG_ON.
◆ DetectRunStoreStateTxFileOnly()
| void DetectRunStoreStateTxFileOnly | ( | const SigGroupHead * | sgh, |
| Flow * | f, | ||
| void * | tx, | ||
| uint64_t | tx_id, | ||
| const uint8_t | flow_flags, | ||
| const uint16_t | file_no_match | ||
| ) |
◆ DetectSigmatchListEnumToString()
| const char* DetectSigmatchListEnumToString | ( | enum DetectSigmatchListEnum | type | ) |
Definition at line 4611 of file detect-engine.c.
References DETECT_SM_LIST_BASE64_DATA, DETECT_SM_LIST_MATCH, DETECT_SM_LIST_MAX, DETECT_SM_LIST_PMATCH, DETECT_SM_LIST_POSTMATCH, DETECT_SM_LIST_SUPPRESS, DETECT_SM_LIST_THRESHOLD, DETECT_SM_LIST_TMATCH, and type.
◆ DetectThreadCtxGetGlobalKeywordThreadCtx()
| void* DetectThreadCtxGetGlobalKeywordThreadCtx | ( | DetectEngineThreadCtx * | det_ctx, |
| int | id | ||
| ) |
Retrieve thread local keyword ctx by id.
- Parameters
-
det_ctx detection engine thread ctx to retrieve the ctx from id id of the ctx returned by DetectRegisterThreadCtxInitFunc at keyword init.
- Return values
-
ctx or NULL on error
Definition at line 3565 of file detect-engine.c.
References DetectEngineThreadCtx_::global_keyword_ctxs_array, and DetectEngineThreadCtx_::global_keyword_ctxs_size.
Referenced by HttpHeaderGetBufferSpace().
◆ InspectionBufferApplyTransforms()
| void InspectionBufferApplyTransforms | ( | InspectionBuffer * | buffer, |
| const DetectEngineTransforms * | transforms | ||
| ) |
Definition at line 1551 of file detect-engine.c.
References BUG_ON, DETECT_TRANSFORMS_MAX, TransformData_::options, SCLogDebug, sigmatch_table, TransformData_::transform, SigTableElmt_::Transform, and DetectEngineTransforms::transforms.
Referenced by InspectionBufferSetupMulti(), Ja3DetectGetHash(), and Ja3DetectGetString().
◆ InspectionBufferCheckAndExpand()
| void InspectionBufferCheckAndExpand | ( | InspectionBuffer * | buffer, |
| uint32_t | min_size | ||
| ) |
make sure that the buffer has at least 'min_size' bytes Expand the buffer if necessary
Definition at line 1479 of file detect-engine.c.
References InspectionBuffer::buf, likely, SCRealloc, and InspectionBuffer::size.
Referenced by FileSwfDecompression(), and InspectionBufferCopy().
◆ InspectionBufferClean()
| void InspectionBufferClean | ( | DetectEngineThreadCtx * | det_ctx | ) |
Definition at line 1342 of file detect-engine.c.
References DetectEngineThreadCtx_::buffers, InspectionBufferMultipleForList::init, InspectionBuffer::inspect, DetectEngineThreadCtx_::inspect, InspectionBufferMultipleForList::inspection_buffers, InspectionBufferMultipleForList::max, DetectEngineThreadCtx_::multi_inspect, DetectEngineThreadCtx_::to_clear_idx, and DetectEngineThreadCtx_::to_clear_queue.
◆ InspectionBufferCopy()
| void InspectionBufferCopy | ( | InspectionBuffer * | buffer, |
| uint8_t * | buf, | ||
| uint32_t | buf_len | ||
| ) |
Definition at line 1496 of file detect-engine.c.
References InspectionBuffer::buf, InspectionBuffer::inspect, InspectionBuffer::inspect_len, InspectionBufferCheckAndExpand(), MIN, and InspectionBuffer::size.
Referenced by Ja3DetectGetHash().
◆ InspectionBufferFree()
| void InspectionBufferFree | ( | InspectionBuffer * | buffer | ) |
Definition at line 1467 of file detect-engine.c.
References InspectionBuffer::buf, and SCFree.
◆ InspectionBufferGet()
| InspectionBuffer* InspectionBufferGet | ( | DetectEngineThreadCtx * | det_ctx, |
| const int | list_id | ||
| ) |
Definition at line 1368 of file detect-engine.c.
References DetectEngineThreadCtx_::buffers, and DetectEngineThreadCtx_::inspect.
Referenced by InspectionBufferSetup(), Ja3DetectGetHash(), and Ja3DetectGetString().
◆ InspectionBufferInit()
| void InspectionBufferInit | ( | InspectionBuffer * | buffer, |
| uint32_t | initial_size | ||
| ) |
Definition at line 1425 of file detect-engine.c.
References InspectionBuffer::buf, SCCalloc, and InspectionBuffer::size.
◆ InspectionBufferMultipleForListGet()
| InspectionBuffer* InspectionBufferMultipleForListGet | ( | DetectEngineThreadCtx * | det_ctx, |
| const int | list_id, | ||
| const uint32_t | local_id | ||
| ) |
for a InspectionBufferMultipleForList get a InspectionBuffer
- Parameters
-
fb the multiple buffer array local_id the index to get a buffer buffer the inspect buffer or NULL in case of error
Definition at line 1388 of file detect-engine.c.
References DETECT_EVENT_TOO_MANY_BUFFERS, DetectEngineSetEvent(), and unlikely.
Referenced by DetectFrame2InspectBuffer().
◆ InspectionBufferSetup()
| void InspectionBufferSetup | ( | DetectEngineThreadCtx * | det_ctx, |
| const int | list_id, | ||
| InspectionBuffer * | buffer, | ||
| const uint8_t * | data, | ||
| const uint32_t | data_len | ||
| ) |
setup the buffer with our initial data
Definition at line 1449 of file detect-engine.c.
References DEBUG_VALIDATE_BUG_ON, InspectionBuffer::inspect, DetectEngineThreadCtx_::inspect, InspectionBuffer::inspect_len, InspectionBufferGet(), InspectionBuffer::len, InspectionBuffer::orig, InspectionBuffer::orig_len, DetectEngineThreadCtx_::to_clear_idx, and DetectEngineThreadCtx_::to_clear_queue.
Referenced by Ja3DetectGetHash(), and Ja3DetectGetString().
◆ InspectionBufferSetupMulti()
| void InspectionBufferSetupMulti | ( | InspectionBuffer * | buffer, |
| const DetectEngineTransforms * | transforms, | ||
| const uint8_t * | data, | ||
| const uint32_t | data_len | ||
| ) |
setup the buffer with our initial data
Definition at line 1435 of file detect-engine.c.
References DEBUG_VALIDATE_BUG_ON, InspectionBuffer::inspect, InspectionBuffer::inspect_len, InspectionBufferApplyTransforms(), InspectionBuffer::len, InspectionBuffer::orig, and InspectionBuffer::orig_len.
