|
suricata
|
|
suricata
|
Go to the source code of this file.
Macros | |
| #define | DetectEngineGetMaxSigId(de_ctx) ((de_ctx)->signum) |
Definition in file detect-engine.h.
| #define DetectEngineGetMaxSigId | ( | de_ctx | ) | ((de_ctx)->signum) |
Definition at line 81 of file detect-engine.h.
Referenced by IPOnlyInit(), MpmStorePrepareBuffer(), SigAddressCleanupStage1(), SigAddressPrepareStage1(), SigAddressPrepareStage2(), SigGroupHeadAppendSig(), SigGroupHeadContainsSigId(), and SigGroupHeadCopySigs().
| void DetectAppLayerInspectEngineRegister | ( | const char * | name, |
| AppProto | alproto, | ||
| uint32_t | dir, | ||
| int | progress, | ||
| InspectEngineFuncPtr | Callback | ||
| ) |
Registers an app inspection engine.
| name | Name of the detection list |
| alproto | App layer protocol for which we will register the engine. |
| direction | The direction for the engine: SIG_FLAG_TOSERVER or SIG_FLAG_TOCLIENT |
| progress | Minimal progress value for inspect engine to run |
| Callback | The engine callback. |
Registers an app inspection engine.
Definition at line 127 of file detect-engine.c.
References DetectEngineAppInspectionEngine_::alproto, ALPROTO_FAILED, BUG_ON, DetectEngineAppInspectionEngine_::Callback, DETECT_SM_LIST_MATCH, DetectBufferTypeGetByName(), DetectBufferTypeRegister(), DetectEngineAppInspectionEngine_::dir, FatalError, DetectEngineAppInspectionEngine_::next, DetectEngineAppInspectionEngine_::progress, SC_ERR_INITIALIZATION, SC_ERR_INVALID_ARGUMENTS, SCLogError, SCMalloc, SIG_FLAG_TOCLIENT, SIG_FLAG_TOSERVER, DetectEngineAppInspectionEngine_::sm_list, and unlikely.
Referenced by DetectAppLayerEventRegister(), DetectCipServiceRegister(), DetectDceIfaceRegister(), DetectDNP3Register(), DetectDnsQueryRegister(), DetectEnipCommandRegister(), DetectFilenameRegister(), DetectFtpbounceRegister(), DetectFtpdataRegister(), DetectLuaRegister(), DetectModbusRegister(), DetectNfsProcedureRegister(), DetectNfsVersionRegister(), DetectSNMPPduTypeRegister(), DetectSNMPVersionRegister(), DetectSshSoftwareVersionRegister(), DetectSslStateRegister(), DetectTemplateRustBufferRegister(), DetectTlsRegister(), and DetectTlsValidityRegister().
| void DetectAppLayerInspectEngineRegister2 | ( | const char * | name, |
| AppProto | alproto, | ||
| uint32_t | dir, | ||
| int | progress, | ||
| InspectEngineFuncPtr2 | Callback2, | ||
| InspectionBufferGetDataPtr | GetData | ||
| ) |
register inspect engine at start up time
Definition at line 181 of file detect-engine.c.
References DetectEngineAppInspectionEngine_::alproto, ALPROTO_FAILED, ALPROTO_UNKNOWN, Signature_::app_inspect, DetectEngineCtx_::app_inspect_engines, BUG_ON, DetectEngineAppInspectionEngine_::Callback, DE_STATE_FLAG_BASE, DETECT_SM_LIST_MATCH, DETECT_SM_LIST_PMATCH, DetectBufferTypeGetByName(), DetectBufferTypeRegister(), DetectEngineInspectBufferGeneric(), DetectEngineInspectStream(), DetectEngineAppInspectionEngine_::dir, FatalError, DetectEngineAppInspectionEngine_::GetData, DetectEngineAppInspectionEngine_::id, Signature_::id, Signature_::init_data, DetectEngineAppInspectionEngine_::mpm, SignatureInitData_::mpm_sm, DetectEngineAppInspectionEngine_::next, DetectEngineAppInspectionEngine_::progress, SC_ERR_INITIALIZATION, SC_ERR_INVALID_ARGUMENTS, SCCalloc, SCLogDebug, SCLogError, SCMalloc, SIG_FLAG_TOCLIENT, SIG_FLAG_TOSERVER, SigMatchListSMBelongsTo(), DetectEngineAppInspectionEngine_::sm_list, DetectEngineAppInspectionEngine_::smd, DetectEngineAppInspectionEngine_::stream, DetectEngineAppInspectionEngine_::transforms, unlikely, and DetectEngineAppInspectionEngine_::v2.
Referenced by DetectDceStubDataRegister(), DetectDnsQueryRegister(), DetectFiledataRegister(), DetectFilemagicRegister(), DetectFilenameRegister(), DetectHttpClientBodyRegister(), DetectHttpCookieRegister(), DetectHttpHeaderNamesRegister(), DetectHttpHeaderRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpProtocolRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectHttpStartRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriRegister(), DetectKrb5CNameRegister(), DetectKrb5SNameRegister(), DetectSmbNamedPipeRegister(), DetectSmbShareRegister(), DetectSNMPCommunityRegister(), DetectSshProtocolRegister(), DetectSshSoftwareRegister(), DetectTemplateBufferRegister(), DetectTlsCertsRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), DetectTlsJa3SStringRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), and DetectTlsSubjectRegister().
| int DetectBufferGetActiveList | ( | DetectEngineCtx * | de_ctx, |
| Signature * | s | ||
| ) |
Definition at line 821 of file detect-engine.c.
References BUG_ON, DetectBufferTypeGetByIdTransforms(), Signature_::init_data, SignatureInitData_::list, SignatureInitData_::list_set, SCLogDebug, SignatureInitData_::transform_cnt, and SignatureInitData_::transforms.
Referenced by DetectBytejumpDoMatch(), DetectBytetestDoMatch(), DetectContentSetup(), DetectIsdataatSetup(), DetectLuaRegister(), and DetectPcrePayloadMatch().
| void DetectBufferRunSetupCallback | ( | const DetectEngineCtx * | de_ctx, |
| const int | id, | ||
| Signature * | s | ||
| ) |
Definition at line 779 of file detect-engine.c.
References DetectBufferType_::SetupCallback.
Referenced by SigAddressPrepareStage1(), and SigMatchList2DataArray().
| bool DetectBufferRunValidateCallback | ( | const DetectEngineCtx * | de_ctx, |
| const int | id, | ||
| const Signature * | s, | ||
| const char ** | sigerror | ||
| ) |
Definition at line 798 of file detect-engine.c.
References TRUE, and DetectBufferType_::ValidateCallback.
Referenced by SigMatchList2DataArray().
| int DetectBufferSetActiveList | ( | Signature * | s, |
| const int | list | ||
| ) |
Definition at line 808 of file detect-engine.c.
References BUG_ON, Signature_::init_data, SignatureInitData_::list, SignatureInitData_::list_set, and SignatureInitData_::transform_cnt.
Referenced by DetectDceStubDataRegister(), DetectDnsQueryRegister(), DetectFilemagicRegister(), DetectFilenameRegister(), DetectHttpClientBodyRegister(), DetectHttpCookieRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectHttpServerBodyRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriSetup(), DetectSNMPCommunityRegister(), DetectTcphdrRegister(), DetectTlsCertsRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), DetectTlsJa3SStringRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), DetectTlsSubjectRegister(), and DetectUdphdrRegister().
| void DetectBufferTypeCloseRegistration | ( | void | ) |
Definition at line 1051 of file detect-engine.c.
References BUG_ON.
Referenced by SigTableSetup().
| int DetectBufferTypeGetByIdTransforms | ( | DetectEngineCtx * | de_ctx, |
| const int | id, | ||
| int * | transforms, | ||
| int | transform_cnt | ||
| ) |
Definition at line 1058 of file detect-engine.c.
References Signature_::action, ACTION_DROP, DetectEngineCtx_::buffer_type_hash, DetectEngineCtx_::buffer_type_id, DetectEngineCtx_::buffer_type_map, DetectEngineCtx_::buffer_type_map_elements, BUG_ON, DetectEngineTransforms::cnt, SigMatchData_::ctx, DetectEngineThreadCtx_::de_ctx, DETECT_ENGINE_THREAD_CTX_STREAM_CONTENT_MATCH, DETECT_SM_LIST_MATCH, DETECT_SM_LIST_PMATCH, DetectAppLayerMpmRegisterByParentId(), DetectEngineInspectPacketPayload(), DetectEngineInspectStreamPayload(), Packet_::flags, Signature_::flags, DetectEngineThreadCtx_::flags, HashListTableAdd(), HashListTableLookup(), DetectBufferType_::id, SigMatchData_::is_last, KEYWORD_PROFILING_END, KEYWORD_PROFILING_SET_LIST, KEYWORD_PROFILING_START, SigTableElmt_::Match, DetectBufferType_::mpm, PACKET_ALERT_FLAG_DROP_FLOW, PACKET_ALERT_FLAG_STREAM_MATCH, DetectBufferType_::parent_id, PKT_DETECT_HAS_STREAMDATA, PKT_STREAM_ADD, res, SC_ERR_INVALID_SIGNATURE, SCCalloc, SCEnter, SCLogDebug, SCLogError, SCRealloc, DetectBufferType_::SetupCallback, SIG_FLAG_REQUIRE_PACKET, SIG_FLAG_REQUIRE_STREAM, sigmatch_table, Signature_::sm_arrays, DetectBufferType_::string, DetectBufferType_::supports_transforms, DetectEngineTransforms::transforms, DetectBufferType_::transforms, SigMatchData_::type, and DetectBufferType_::ValidateCallback.
Referenced by DetectBufferGetActiveList().
| int DetectBufferTypeGetByName | ( | const char * | name | ) |
Definition at line 696 of file detect-engine.c.
References DetectBufferType_::id.
Referenced by DcePayloadRegisterTests(), DetectAppLayerEventRegister(), DetectAppLayerInspectEngineRegister(), DetectAppLayerInspectEngineRegister2(), DetectAppLayerMpmRegister(), DetectAppLayerMpmRegister2(), DetectBase64DataDoMatch(), DetectBase64DecodeDoMatch(), DetectByteExtractRetrieveSMVar(), DetectBytejumpDoMatch(), DetectBytetestDoMatch(), DetectCipServiceRegister(), DetectDceStubDataRegister(), DetectDnsQueryRegister(), DetectEngineAppInspectionEngine2Signature(), DetectEnipCommandRegister(), DetectFastPatternRegisterTests(), DetectFiledataRegister(), DetectFilemagicRegister(), DetectFilenameRegister(), DetectFtpdataRegister(), DetectHttpClientBodyRegister(), DetectHttpCookieRegister(), DetectHttpCookieRegisterTests(), DetectHttpHeaderNamesRegister(), DetectHttpHeaderRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpProtocolRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectHttpStartRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriRegister(), DetectIsdataatRegisterTests(), DetectKrb5CNameRegister(), DetectKrb5SNameRegister(), DetectLuaRegister(), DetectModbusRegister(), DetectNfsProcedureRegister(), DetectNfsVersionRegister(), DetectPcrePayloadMatch(), DetectPktDataRegister(), DetectSmbNamedPipeRegister(), DetectSmbShareRegister(), DetectSNMPCommunityRegister(), DetectSNMPPduTypeRegister(), DetectSNMPVersionRegister(), DetectSshProtocolRegister(), DetectSshSoftwareRegister(), DetectTemplateBufferRegister(), DetectTemplateRustBufferRegister(), DetectTlsCertsRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), DetectTlsJa3SStringRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), DetectTlsSubjectRegister(), DetectTlsValidityRegister(), EngineAnalysisRules(), and PacketCreateMask().
| const char* DetectBufferTypeGetDescriptionById | ( | const DetectEngineCtx * | de_ctx, |
| const int | id | ||
| ) |
Definition at line 733 of file detect-engine.c.
References DetectBufferType_::description.
Referenced by EngineAnalysisFP(), and PerCentEncodingMatch().
| const char* DetectBufferTypeGetDescriptionByName | ( | const char * | name | ) |
Definition at line 742 of file detect-engine.c.
References DetectBufferType_::description.
| const char* DetectBufferTypeGetNameById | ( | const DetectEngineCtx * | de_ctx, |
| const int | id | ||
| ) |
Definition at line 705 of file detect-engine.c.
References DetectEngineCtx_::buffer_type_map, DetectEngineCtx_::buffer_type_map_elements, BUG_ON, and DetectBufferType_::string.
Referenced by DetectEngineAppInspectionEngine2Signature(), DetectRawbytesRegister(), EngineAnalysisFP(), EngineAnalysisRulesFailure(), PerCentEncodingMatch(), SCProfilingKeywordsGlobalInit(), SigMatchList2DataArray(), and SignatureIsIPOnly().
| int DetectBufferTypeMaxId | ( | void | ) |
Definition at line 571 of file detect-engine.c.
References HashListTable_::array_size, BUG_ON, HashListTableAdd(), HashListTableFree(), HashListTableInit(), HashListTableLookup(), hashlittle_safe(), DetectBufferType_::id, res, SCCalloc, SCFree, SCLogDebug, DetectBufferType_::string, and DetectBufferType_::transforms.
Referenced by SigAlloc().
| int DetectBufferTypeRegister | ( | const char * | name | ) |
Definition at line 652 of file detect-engine.c.
References BUG_ON, and DetectBufferType_::id.
Referenced by DetectAppLayerInspectEngineRegister(), DetectAppLayerInspectEngineRegister2(), DetectBufferTypeRegisterSetupCallback(), DetectBufferTypeRegisterValidateCallback(), DetectBufferTypeSupportsMpm(), DetectBufferTypeSupportsPacket(), DetectBufferTypeSupportsTransformations(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectDNP3Register(), DetectFileextRegister(), DetectFilemagicRegister(), DetectFileMd5Register(), DetectFileSha1Register(), DetectFileSha256Register(), DetectFilesizeRegister(), DetectFilestoreRegister(), DetectFtpbounceRegister(), DetectHttpServerBodyRegister(), DetectLuaRegister(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectSslStateRegister(), DetectSslVersionRegister(), DetectTlsRegister(), DetectTlsVersionRegister(), DetectUricontentRegister(), and DetectUrilenRegister().
| void DetectBufferTypeRegisterSetupCallback | ( | const char * | name, |
| void(*)(const DetectEngineCtx *, Signature *) | Callback | ||
| ) |
Definition at line 769 of file detect-engine.c.
References BUG_ON, DetectBufferTypeRegister(), and DetectBufferType_::SetupCallback.
Referenced by DetectFiledataRegister(), DetectHttpClientBodyRegister(), DetectHttpUriRegister(), DetectTlsFingerprintRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), and DetectTlsSerialRegister().
| void DetectBufferTypeRegisterValidateCallback | ( | const char * | name, |
| _Bool(*)(const Signature *, const char **sigerror) | ValidateCallback | ||
| ) |
Definition at line 788 of file detect-engine.c.
References BUG_ON, DetectBufferTypeRegister(), and DetectBufferType_::ValidateCallback.
Referenced by DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpRawHeaderRegister(), DetectHttpUriRegister(), DetectTlsFingerprintRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), and DetectTlsSerialRegister().
| void DetectBufferTypeSetDescriptionByName | ( | const char * | name, |
| const char * | desc | ||
| ) |
Definition at line 724 of file detect-engine.c.
References DetectBufferType_::description.
Referenced by DetectDnsQueryRegister(), DetectFiledataRegister(), DetectFilemagicRegister(), DetectFilenameRegister(), DetectHttpClientBodyRegister(), DetectHttpCookieRegister(), DetectHttpHeaderNamesRegister(), DetectHttpHeaderRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpProtocolRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectHttpStartRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriRegister(), DetectKrb5CNameRegister(), DetectKrb5SNameRegister(), DetectSNMPCommunityRegister(), DetectSshProtocolRegister(), DetectSshSoftwareRegister(), DetectSslStateRegister(), DetectTlsCertsRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), DetectTlsJa3SStringRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), and DetectTlsSubjectRegister().
| void DetectBufferTypeSupportsMpm | ( | const char * | name | ) |
Definition at line 676 of file detect-engine.c.
References BUG_ON, DetectBufferTypeRegister(), DetectBufferType_::id, DetectBufferType_::mpm, SCLogDebug, and TRUE.
Referenced by DetectAppLayerMpmRegister(), and DetectAppLayerMpmRegister2().
| bool DetectBufferTypeSupportsMpmGetById | ( | const DetectEngineCtx * | de_ctx, |
| const int | id | ||
| ) |
Definition at line 760 of file detect-engine.c.
References FALSE, DetectBufferType_::mpm, and SCLogDebug.
Referenced by DetectGetLastSMFromMpmLists(), and FastPatternSupportEnabledForSigMatchList().
| void DetectBufferTypeSupportsPacket | ( | const char * | name | ) |
Definition at line 666 of file detect-engine.c.
References BUG_ON, DetectBufferTypeRegister(), DetectBufferType_::id, DetectBufferType_::packet, SCLogDebug, and TRUE.
| bool DetectBufferTypeSupportsPacketGetById | ( | const DetectEngineCtx * | de_ctx, |
| const int | id | ||
| ) |
Definition at line 751 of file detect-engine.c.
References FALSE, DetectBufferType_::packet, and SCLogDebug.
Referenced by SigMatchList2DataArray().
| void DetectBufferTypeSupportsTransformations | ( | const char * | name | ) |
Definition at line 686 of file detect-engine.c.
References BUG_ON, DetectBufferTypeRegister(), DetectBufferType_::id, SCLogDebug, and DetectBufferType_::supports_transforms.
Referenced by DetectAppLayerMpmRegister2().
| int DetectEngineAddToMaster | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 3656 of file detect-engine.c.
References DetectEngineMasterCtx_::lock, SCLogDebug, SCMutexLock, and SCMutexUnlock.
Referenced by DetectEngineMultiTenantEnabled(), DetectEngineReload(), DetectReplaceFreeInternal(), and PostRunDeinit().
| int DetectEngineAppInspectionEngine2Signature | ( | DetectEngineCtx * | de_ctx, |
| Signature * | s | ||
| ) |
Definition at line 356 of file detect-engine.c.
References DetectEngineAppInspectionEngine_::alproto, Signature_::alproto, ALPROTO_UNKNOWN, Signature_::app_inspect, DetectEngineCtx_::app_inspect_engines, BUG_ON, DetectEngineAppInspectionEngine_::Callback, DE_STATE_FLAG_BASE, DE_STATE_ID_FILE_INSPECT, DETECT_SM_LIST_DYNAMIC_START, DETECT_SM_LIST_PMATCH, DetectBufferTypeGetByName(), DetectBufferTypeGetNameById(), DetectEngineAppInspectionEngine_::dir, Signature_::flags, DetectEngineAppInspectionEngine_::GetData, DetectEngineAppInspectionEngine_::id, Signature_::id, Signature_::init_data, SignatureInitData_::init_flags, DetectEngineAppInspectionEngine_::mpm, SignatureInitData_::mpm_sm, DetectEngineAppInspectionEngine_::next, next, DetectEngineAppInspectionEngine_::progress, SCCalloc, SCLogDebug, SIG_FLAG_FLUSH, SIG_FLAG_INIT_NEED_FLUSH, SIG_FLAG_INIT_STATE_MATCH, SIG_FLAG_TOCLIENT, SIG_FLAG_TOSERVER, SigMatchList2DataArray(), SigMatchListSMBelongsTo(), DetectEngineAppInspectionEngine_::sm_list, DetectEngineAppInspectionEngine_::smd, SignatureInitData_::smlists, SignatureInitData_::smlists_array_size, DetectEngineAppInspectionEngine_::transforms, unlikely, and DetectEngineAppInspectionEngine_::v2.
Referenced by SigAddressPrepareStage4().
| void DetectEngineAppInspectionEngineSignatureFree | ( | Signature * | s | ) |
free app inspect engines for a signature
For lists that are registered multiple times, like http_header and http_cookie, making the engines owner of the lists is complicated. Multiple engines in a sig may be pointing to the same list. To address this the 'free' code needs to be extra careful about not double freeing, so it takes an approach to first fill an array of the to-free pointers before freeing them.
Definition at line 515 of file detect-engine.c.
References Signature_::app_inspect, BUG_ON, SigMatchData_::ctx, DETECT_SM_LIST_DYNAMIC_START, SigTableElmt_::Free, SigMatchData_::is_last, MAX, DetectEngineAppInspectionEngine_::next, next, SCFree, sigmatch_table, DetectEngineAppInspectionEngine_::sm_list, DetectEngineAppInspectionEngine_::smd, DetectEngineTransforms::transforms, and SigMatchData_::type.
Referenced by SigFree().
| void DetectEngineBumpVersion | ( | void | ) |
Definition at line 2922 of file detect-engine.c.
References DetectEngineMasterCtx_::lock, SCLogDebug, SCMutexLock, SCMutexUnlock, and DetectEngineMasterCtx_::version.
Referenced by DetectEngineReload(), and PostRunDeinit().
| void DetectEngineCtxFree | ( | DetectEngineCtx * | de_ctx | ) |
Free a DetectEngineCtx::
| de_ctx | DetectEngineCtx:: to be freed |
Definition at line 1835 of file detect-engine.c.
References DetectEngineCtx_::app_mpms, ByteExtractStringUint16(), ConfDump(), ConfGet(), ConfGetInt(), ConfGetNode(), DetectEngineCtx_::config_prefix, ConfNodeLookupChild(), ConfNodeLookupChildValue(), ConfNodeRemove(), DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT, DETECT_PREFILTER_AUTO, DETECT_PREFILTER_MPM, DetectAddressMapFree(), DetectMetadataHashFree(), DetectParseDupSigHashFree(), DetectPortCleanupList(), DetectPortParse(), ENGINE_PROFILE_CUSTOM, ENGINE_PROFILE_HIGH, ENGINE_PROFILE_LOW, ENGINE_PROFILE_MEDIUM, ENGINE_PROFILE_UNKNOWN, ENGINE_SGH_MPM_FACTORY_CONTEXT_FULL, ENGINE_SGH_MPM_FACTORY_CONTEXT_SINGLE, DetectEngineCtx_::inspection_recursion_limit, DetectEngineCtx_::max_uniq_toclient_groups, DetectEngineCtx_::max_uniq_toserver_groups, MPM_AC, MPM_AC_BS, MPM_AC_KS, MPM_HS, DetectEngineCtx_::mpm_matcher, MpmFactoryDeRegisterAllMpmCtxProfiles(), MpmStoreFree(), ConfNode_::name, DetectPort_::next, next, DetectPort_::port, DetectPort_::port2, DetectEngineCtx_::prefilter_setting, DetectEngineCtx_::profile_ctx, DetectEngineCtx_::profile_keyword_ctx, DetectEngineCtx_::profile_sgh_ctx, run_mode, RUNMODE_UNITTEST, SC_ERR_INVALID_YAML_CONF_ENTRY, SC_ERR_SIZE_PARSE, SCClassConfDeInitContext(), SCFree, SCLogDebug, SCLogError, SCLogWarning, SCProfilingKeywordDestroyCtx(), SCProfilingPrefilterDestroyCtx(), SCProfilingRuleDestroyCtx(), SCProfilingSghDestroyCtx(), SCRConfDeInitContext(), SCSigSignatureOrderingModuleCleanup(), DetectEngineCtx_::sgh_mpm_context, DetectEngineCtx_::sig_array, SigCleanSignatures(), SigGroupCleanup(), SigGroupHeadHashFree(), DetectEngineCtx_::spm_global_thread_ctx, SpmDestroyGlobalThreadCtx(), SRepDestroy(), TAILQ_FOREACH, DetectEngineCtx_::tcp_whitelist, ThresholdContextDestroy(), DetectEngineCtx_::udp_whitelist, ConfNode_::val, VarNameStoreFree(), and DetectEngineCtx_::version.
Referenced by DetectEngineGetEventInfo(), DetectEngineInspectBufferGeneric(), DetectEngineMultiTenantEnabled(), DetectEnginePruneFreeList(), and DetectEngineReload().
| DetectEngineCtx* DetectEngineCtxInit | ( | void | ) |
Definition at line 1790 of file detect-engine.c.
References DETECT_ENGINE_TYPE_NORMAL.
Referenced by DetectEngineCtxInitWithPrefix(), and DetectEngineGetEventInfo().
| DetectEngineCtx* DetectEngineCtxInitStubForDD | ( | void | ) |
Definition at line 1785 of file detect-engine.c.
References DETECT_ENGINE_TYPE_DD_STUB.
Referenced by PostRunDeinit().
| DetectEngineCtx* DetectEngineCtxInitStubForMT | ( | void | ) |
Definition at line 1780 of file detect-engine.c.
References DETECT_ENGINE_TYPE_MT_STUB.
Referenced by DetectEngineMTApply(), and PostRunDeinit().
| DetectEngineCtx* DetectEngineCtxInitWithPrefix | ( | const char * | prefix | ) |
Definition at line 1795 of file detect-engine.c.
References DETECT_ENGINE_TYPE_NORMAL, DetectEngineCtxInit(), SigString_::filename, DetectEngineCtx_::keyword_list, next, DetectEngineThreadKeywordCtxItem_::next, SCFree, SigString_::sig_error, DetectEngineCtx_::sig_stat, SigString_::sig_str, TAILQ_FOREACH_SAFE, and TAILQ_REMOVE.
Referenced by DetectEngineMultiTenantEnabled(), and DetectEngineReload().
| void DetectEngineDeReference | ( | DetectEngineCtx ** | de_ctx | ) |
Definition at line 3632 of file detect-engine.c.
References BUG_ON, DetectEngineMasterCtx_::list, and DetectEngineCtx_::next.
Referenced by DetectEngineMultiTenantEnabled(), DetectEngineReload(), DetectEngineThreadCtxInit(), GlobalsInitPreConfig(), and UnixSocketPcapFile().
| int DetectEngineEnabled | ( | void | ) |
Check if detection is enabled.
| bool | true or false |
Definition at line 2898 of file detect-engine.c.
References DetectEngineMasterCtx_::list, DetectEngineMasterCtx_::lock, SCMutexLock, and SCMutexUnlock.
Referenced by PostRunDeinit().
| DetectEngineCtx* DetectEngineGetByTenantId | ( | int | tenant_id | ) |
Definition at line 3606 of file detect-engine.c.
References DETECT_ENGINE_TYPE_TENANT, DetectEngineMasterCtx_::list, DetectEngineMasterCtx_::lock, DetectEngineCtx_::next, DetectEngineCtx_::ref_cnt, SCMutexLock, SCMutexUnlock, DetectEngineCtx_::tenant_id, and DetectEngineCtx_::type.
Referenced by DetectEngineMultiTenantEnabled(), and UnixSocketPcapFile().
| DetectEngineCtx* DetectEngineGetCurrent | ( | void | ) |
Definition at line 2931 of file detect-engine.c.
References DETECT_ENGINE_TYPE_DD_STUB, DETECT_ENGINE_TYPE_MT_STUB, DETECT_ENGINE_TYPE_NORMAL, DetectEngineMasterCtx_::list, DetectEngineMasterCtx_::lock, DetectEngineCtx_::next, DetectEngineCtx_::ref_cnt, SCLogDebug, SCMutexLock, SCMutexUnlock, and DetectEngineCtx_::type.
Referenced by DetectEngineReload(), DetectEngineThreadCtxInit(), and GlobalsInitPreConfig().
| uint32_t DetectEngineGetVersion | ( | void | ) |
Definition at line 2912 of file detect-engine.c.
References DetectEngineMasterCtx_::lock, SCMutexLock, SCMutexUnlock, version, and DetectEngineMasterCtx_::version.
Referenced by DetectEngineInspectBufferGeneric().
| int DetectEngineInspectBufferGeneric | ( | DetectEngineCtx * | de_ctx, |
| DetectEngineThreadCtx * | det_ctx, | ||
| const DetectEngineAppInspectionEngine * | engine, | ||
| const Signature * | s, | ||
| Flow * | f, | ||
| uint8_t | flags, | ||
| void * | alstate, | ||
| void * | txv, | ||
| uint64_t | tx_id | ||
| ) |
Do the content inspection & validation for a signature.
| de_ctx | Detection engine context |
| det_ctx | Detection engine thread context |
| s | Signature to inspect |
| f | Flow |
| flags | app layer flags |
| state | App layer state |
| 0 | no match. |
| 1 | match. |
| 2 | Sig can't match. |
Definition at line 1391 of file detect-engine.c.
References ActionInitConfig(), Flow_::alproto, AppLayerParserGetStateProgress(), DetectEngineThreadCtx_::buffer_offset, BUG_ON, PacketQueue_::cond_q, ConfGetBool(), DetectEngineCtx_::config_prefix, DETECT_CI_FLAGS_END, DETECT_CI_FLAGS_START, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, DETECT_ENGINE_INSPECT_SIG_CANT_MATCH, DETECT_ENGINE_INSPECT_SIG_MATCH, DETECT_ENGINE_INSPECT_SIG_NO_MATCH, DETECT_ENGINE_TYPE_DD_STUB, DETECT_ENGINE_TYPE_MT_STUB, DetectAddressMapInit(), DetectEngineContentInspection(), DetectEngineCtxFree(), DetectEngineGetVersion(), DetectEngineThreadCtxDeinit(), DetectMetadataHashInit(), DetectParseDupSigHashInit(), DetectEngineThreadCtx_::discontinue_matching, DetectEngineCtx_::failure_fatal, TmModule_::flags, InspectionBuffer::flags, Packet_::flags, FlowWorkerGetDetectCtxPtr(), FlowWorkerReplaceDetectCtx(), DetectEngineAppInspectionEngine_::GetData, Tmq_::id, ThreadVars_::inq, InspectionBuffer::inspect, InspectionBuffer::inspect_len, InspectionBuffer::inspect_offset, DetectEngineThreadCtx_::inspection_recursion_counter, DetectEngineAppInspectionEngine_::mpm, DetectEngineCtx_::mpm_matcher, mpm_table, MpmStoreInit(), PacketQueue_::mutex_q, SpmTableElmt_::name, MpmTableElmt_::name, ThreadVars_::next, offset, PacketEnqueue(), PacketGetFromAlloc(), PatternMatchDefaultMatcher(), PKT_PSEUDO_STREAM_END, TmModule_::PktAcqBreakLoop, TmModule_::PktAcqLoop, DetectEngineAppInspectionEngine_::progress, Flow_::proto, SC_ATOMIC_GET, SC_ERR_LIVE_RULE_SWAP, SCClassConfLoadClassficationConfigFile(), SCCondSignal, SCEnter, SCLogDebug, SCLogError, SCLogInfo, SCMalloc, SCMutexLock, SCMutexUnlock, SCRConfLoadReferenceConfigFile(), DetectEngineCtx_::sig_stat, DetectEngineCtx_::sigerror, SigGroupHeadHashInit(), SinglePatternMatchDefaultMatcher(), TmSlot_::slot_next, DetectEngineAppInspectionEngine_::sm_list, DetectEngineAppInspectionEngine_::smd, DetectEngineCtx_::spm_global_thread_ctx, DetectEngineCtx_::spm_matcher, spm_table, SpmInitGlobalThreadCtx(), SRepInit(), SRepReloadComplete(), strlcpy(), suricata_ctl_flags, TAILQ_INIT, ThresholdHashInit(), THV_CAPTURE_INJECT_PKT, THV_RUNNING_DONE, TM_FLAG_DETECT_TM, TM_FLAG_RECEIVE_TM, TmSlot_::tm_id, ThreadVars_::tm_slots, TmModuleGetById(), TmThreadsCheckFlag(), TmThreadsSetFlag(), trans_q, DetectEngineAppInspectionEngine_::transforms, tv_root, tv_root_lock, TVT_PPT, type, DetectEngineCtx_::type, unlikely, DetectEngineAppInspectionEngine_::v2, VarNameStoreSetupStaging(), and DetectEngineCtx_::version.
Referenced by DetectAppLayerInspectEngineRegister2(), DetectDceStubDataRegister(), DetectFiledataRegister(), DetectHttpClientBodyRegister(), DetectHttpCookieRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpProtocolRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriRegister(), DetectSmbNamedPipeRegister(), DetectSmbShareRegister(), DetectSNMPCommunityRegister(), DetectSshProtocolRegister(), DetectSshSoftwareRegister(), DetectTemplateBufferRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), DetectTlsJa3SStringRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), and DetectTlsSubjectRegister().
| int DetectEngineInspectGenericList | ( | ThreadVars * | tv, |
| const DetectEngineCtx * | de_ctx, | ||
| DetectEngineThreadCtx * | det_ctx, | ||
| const Signature * | s, | ||
| const SigMatchData * | smd, | ||
| Flow * | f, | ||
| const uint8_t | flags, | ||
| void * | alstate, | ||
| void * | txv, | ||
| uint64_t | tx_id | ||
| ) |
Do the content inspection & validation for a signature.
| de_ctx | Detection engine context |
| det_ctx | Detection engine thread context |
| s | Signature to inspect |
| sm | SigMatch to inspect |
| f | Flow |
| flags | app layer flags |
| state | App layer state |
| 0 | no match |
| 1 | match |
Definition at line 1342 of file detect-engine.c.
References SigMatchData_::ctx, DETECT_ENGINE_INSPECT_SIG_CANT_MATCH, DETECT_ENGINE_INSPECT_SIG_MATCH, DETECT_ENGINE_INSPECT_SIG_NO_MATCH, SigMatchData_::is_last, KEYWORD_PROFILING_END, KEYWORD_PROFILING_START, SCLogDebug, sigmatch_table, and SigMatchData_::type.
Referenced by DetectDceIfaceRegister(), DetectEngineInspectDnsRequest(), DetectEngineInspectDnsResponse(), DetectFtpbounceRegister(), DetectFtpdataRegister(), DetectLuaRegister(), DetectNfsProcedureRegister(), DetectNfsVersionRegister(), DetectSNMPPduTypeRegister(), DetectSNMPVersionRegister(), DetectSslStateRegister(), and DetectTlsValidityRegister().
| int DetectEngineLoadTenantBlocking | ( | uint32_t | tenant_id, |
| const char * | yaml | ||
| ) |
Load a tenant and wait for loading to complete.
Definition at line 3157 of file detect-engine.c.
References DetectLoadersSync().
Referenced by UnixSocketPcapFile().
| int DetectEngineMoveToFreeList | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 3672 of file detect-engine.c.
References DetectEngineMasterCtx_::free_list, DetectEngineMasterCtx_::list, DetectEngineMasterCtx_::lock, next, DetectEngineCtx_::next, DetectEngineCtx_::ref_cnt, SCLogDebug, SCMutexLock, and SCMutexUnlock.
Referenced by DetectEngineMultiTenantEnabled(), DetectEngineReload(), DetectReplaceFreeInternal(), GlobalsInitPreConfig(), and UnixSocketPcapFile().
| int DetectEngineMTApply | ( | void | ) |
Definition at line 3863 of file detect-engine.c.
References DETECT_ENGINE_TYPE_DD_STUB, DETECT_ENGINE_TYPE_MT_STUB, DETECT_ENGINE_TYPE_NORMAL, DetectEngineCtxInitStubForMT(), DetectEnginePruneFreeList(), DetectEngineMasterCtx_::list, DetectEngineMasterCtx_::lock, DetectEngineCtx_::next, SCLogDebug, SCLogInfo, SCMutexLock, SCMutexUnlock, DetectEngineCtx_::tenant_id, DetectEngineMasterCtx_::tenant_selector, TENANT_SELECTOR_UNKNOWN, and DetectEngineCtx_::type.
Referenced by UnixSocketPcapFile().
| int DetectEngineMultiTenantEnabled | ( | void | ) |
TODO locking? Not needed if this is a one time setting at startup
Definition at line 2963 of file detect-engine.c.
References ConfGetNode(), DetectEngineCtx_::config_prefix, ConfYamlLoadFileWithPrefix(), DETECT_ENGINE_TYPE_TENANT, DetectEngineAddToMaster(), DetectEngineCtxFree(), DetectEngineCtxInitWithPrefix(), DetectEngineDeReference(), DetectEngineGetByTenantId(), DetectEngineMoveToFreeList(), DetectEngineCtx_::loader_id, DetectEngineMasterCtx_::multi_tenant_enabled, SC_ERR_CONF_YAML_ERROR, SC_ERR_FOPEN, SC_ERR_INITIALIZATION, SC_ERR_MT_DUPLICATE_TENANT, SC_ERR_NO_RULES_LOADED, SCLogDebug, SCLogError, SigLoadSignatures(), DetectEngineCtx_::tenant_id, and DetectEngineCtx_::type.
Referenced by DetectEngineThreadCtxInit(), SigGroupBuild(), and UnixSocketPcapFile().
| int DetectEngineMultiTenantSetup | ( | void | ) |
setup multi-detect / multi-tenancy
See if MT is enabled. If so, setup the selector, tenants and mappings. Tenants and mappings are optional, and can also dynamically be added and removed from the unix socket.
Definition at line 3306 of file detect-engine.c.
References ByteExtractStringUint32(), ConfGet(), ConfGetBool(), ConfGetNode(), ConfNodeLookupChild(), ConfUnixSocketIsEnable(), ConfYamlLoadFileWithPrefix(), DetectLoadersInit(), DetectLoadersSync(), DetectLoaderThreadSpawn(), LiveDevice_::dev, EngineModeIsIPS(), Packet_::livedev, DetectEngineMasterCtx_::lock, DetectEngineSyncer_::m, DetectEngineMasterCtx_::multi_tenant_enabled, next, DetectEngineTenantMapping_::next, SC_ERR_CONF_YAML_ERROR, SC_ERR_INVALID_ARGUMENT, SC_ERR_INVALID_VALUE, SC_ERR_MT_NO_MAPPING, SCCalloc, SCFree, SCLogDebug, SCLogError, SCLogInfo, SCLogNotice, SCLogWarning, SCMutexLock, SCMutexUnlock, TAILQ_FOREACH, DetectEngineThreadCtx_::tenant_array, DetectEngineThreadCtx_::tenant_array_size, LiveDevice_::tenant_id, DetectEngineTenantMapping_::tenant_id, DetectEngineMasterCtx_::tenant_mapping_list, DetectEngineMasterCtx_::tenant_selector, TENANT_SELECTOR_DIRECT, TENANT_SELECTOR_LIVEDEV, TENANT_SELECTOR_UNKNOWN, TENANT_SELECTOR_VLAN, TmModuleDetectLoaderRegister(), TmThreadContinueDetectLoaderThreads(), DetectEngineTenantMapping_::traffic_id, ConfNode_::val, VarNameStoreActivateStaging(), Packet_::vlan_id, and Packet_::vlan_idx.
Referenced by PostRunDeinit().
| int DetectEngineMustParseMetadata | ( | void | ) |
Definition at line 3928 of file detect-engine.c.
Referenced by DetectMetadataHashFree(), and DetectMetadataHashInit().
| bool DetectEnginePktInspectionRun | ( | ThreadVars * | tv, |
| DetectEngineThreadCtx * | det_ctx, | ||
| const Signature * | s, | ||
| Flow * | f, | ||
| Packet * | p, | ||
| uint8_t * | alert_flags | ||
| ) |
Definition at line 1198 of file detect-engine.c.
References DetectEnginePktInspectionEngine::Callback, Signature_::id, DetectEnginePktInspectionEngine::next, Signature_::pkt_inspect, SCCalloc, SCEnter, SCLogDebug, and DetectEnginePktInspectionEngine::sm_data.
Referenced by SigMatchSignaturesGetSgh().
| int DetectEnginePktInspectionSetup | ( | Signature * | s | ) |
Definition at line 1239 of file detect-engine.c.
References DETECT_SM_LIST_L4HDR, DETECT_SM_LIST_MATCH, DETECT_SM_LIST_PMATCH, DetectEngineInspectRuleTcpHeaderMatches(), Signature_::id, Signature_::init_data, SignatureInitData_::init_flags, DetectProto_::proto, Signature_::proto, SCLogDebug, SIG_FLAG_INIT_STATE_MATCH, and Signature_::sm_arrays.
Referenced by SigAddressPrepareStage4().
| void DetectEnginePruneFreeList | ( | void | ) |
Definition at line 3723 of file detect-engine.c.
References DetectEngineCtxFree(), DetectEngineMasterCtx_::free_list, DetectEngineMasterCtx_::lock, next, DetectEngineCtx_::next, DetectEngineCtx_::ref_cnt, SCLogDebug, SCMutexLock, and SCMutexUnlock.
Referenced by DetectEngineMTApply(), DetectEngineReload(), DetectReplaceFreeInternal(), GlobalsInitPreConfig(), and UnixSocketPcapFile().
| DetectEngineCtx* DetectEngineReference | ( | DetectEngineCtx * | ) |
Definition at line 2954 of file detect-engine.c.
References DetectEngineCtx_::ref_cnt.
Referenced by DetectEngineThreadCtxInit().
| void DetectEngineRegisterTests | ( | void | ) |
Definition at line 4231 of file detect-engine.c.
References UtRegisterTest().
| int DetectEngineReload | ( | const SCInstance * | suri | ) |
Reload the detection engine.
| filename | YAML file to load for the detect config |
| -1 | error |
| 0 | ok |
Definition at line 3762 of file detect-engine.c.
References HashTable_::array_size, SCInstance_::conf_filename, ConfDump(), ConfGetNode(), ConfYamlLoadFileWithPrefix(), DETECT_ENGINE_TYPE_DD_STUB, DETECT_ENGINE_TYPE_NORMAL, DetectEngineAddToMaster(), DetectEngineBumpVersion(), DetectEngineCtxFree(), DetectEngineCtxInitWithPrefix(), DetectEngineDeReference(), DetectEngineGetCurrent(), DetectEngineMoveToFreeList(), DetectEnginePruneFreeList(), SC_ERR_CONF_YAML_ERROR, SC_ERR_INITIALIZATION, SCLogDebug, SCLogError, SCLogNotice, SCInstance_::sig_file, SCInstance_::sig_file_exclusive, SigLoadSignatures(), DetectEngineThreadCtx_::tenant_id, and DetectEngineCtx_::type.
Referenced by PostRunDeinit().
| int DetectEngineReloadIsIdle | ( | void | ) |
Definition at line 1318 of file detect-engine.c.
References DetectEngineSyncer_::m, SCMutexLock, SCMutexUnlock, and DetectEngineSyncer_::state.
| int DetectEngineReloadIsStart | ( | void | ) |
Definition at line 1298 of file detect-engine.c.
References DetectEngineSyncer_::m, RELOAD, SCMutexLock, SCMutexUnlock, and DetectEngineSyncer_::state.
Referenced by PostRunDeinit().
| void DetectEngineReloadSetIdle | ( | void | ) |
Definition at line 1310 of file detect-engine.c.
References IDLE, DetectEngineSyncer_::m, SCMutexLock, SCMutexUnlock, and DetectEngineSyncer_::state.
Referenced by PostRunDeinit().
| int DetectEngineReloadStart | ( | void | ) |
Definition at line 1284 of file detect-engine.c.
References DetectEngineSyncer_::m, RELOAD, SCMutexLock, SCMutexUnlock, and DetectEngineSyncer_::state.
Referenced by PostRunDeinit().
| int DetectEngineReloadTenantBlocking | ( | uint32_t | tenant_id, |
| const char * | yaml, | ||
| int | reload_cnt | ||
| ) |
Reload a tenant and wait for loading to complete.
Definition at line 3171 of file detect-engine.c.
References ByteExtractStringUint16(), ByteExtractStringUint32(), ConfNodeLookupChild(), DetectEngineTentantRegisterLivedev(), DetectEngineTentantRegisterVlanId(), DetectLoadersSync(), LiveDevice_::id, LiveGetDevice(), next, SC_ERR_INVALID_ARGUMENT, SC_ERR_MT_NO_MAPPING, SCLogError, SCLogWarning, TAILQ_FOREACH, LiveDevice_::tenant_id, LiveDevice_::tenant_id_set, and ConfNode_::val.
Referenced by UnixSocketPcapFile().
| void DetectEngineResetMaxSigId | ( | DetectEngineCtx * | ) |
Definition at line 2210 of file detect-engine.c.
References DetectEngineCtx_::base64_decode_max_len, DetectEngineThreadCtx_::base64_decoded, DetectEngineThreadCtx_::base64_decoded_len, DetectEngineThreadCtx_::base64_decoded_len_max, DetectEngineThreadCtx_::bj_values, DetectEngineCtx_::buffer_type_id, DetectEngineThreadCtx_::buffers, DetectEngineThreadCtx_::buffers_size, BUG_ON, DetectEngineCtx_::byte_extract_max_local_id, DetectEngineThreadKeywordCtxItem_::data, DetectEngineIPOnlyThreadInit(), DetectEngineThreadKeywordCtxItem_::FreeFunc, DetectEngineThreadCtx_::global_keyword_ctxs_array, DetectEngineThreadCtx_::global_keyword_ctxs_size, HashTableAdd(), HashTableFree(), HashTableInit(), DetectEngineThreadKeywordCtxItem_::id, DetectEngineThreadKeywordCtxItem_::InitFunc, DetectEngineThreadCtx_::inspect, DetectEngineThreadCtx_::io_ctx, DetectEngineThreadCtx_::keyword_ctxs_array, DetectEngineThreadCtx_::keyword_ctxs_size, DetectEngineCtx_::keyword_id, DetectEngineMasterCtx_::keyword_id, DetectEngineCtx_::keyword_list, DetectEngineMasterCtx_::keyword_list, DetectEngineMasterCtx_::list, DetectEngineThreadCtx_::match_array, DetectEngineThreadCtx_::match_array_len, DetectEngineCtx_::mpm_matcher, DetectEngineThreadCtx_::mt_det_ctxs_cnt, DetectEngineThreadCtx_::mt_det_ctxs_hash, DetectEngineThreadCtx_::mtc, DetectEngineThreadCtx_::mtcs, DetectEngineThreadCtx_::mtcu, DetectEngineThreadCtx_::multi_inspect, DetectEngineThreadKeywordCtxItem_::name, DetectEngineThreadKeywordCtxItem_::next, DetectEngineCtx_::next, DetectEngineTenantMapping_::next, DetectEngineThreadCtx_::non_pf_id_array, DetectEngineCtx_::non_pf_store_cnt_max, PatternMatchThreadPrepare(), DetectEngineThreadCtx_::pmq, PmqSetup(), DetectEngineCtx_::profile_ctx, DetectEngineCtx_::profile_keyword_ctx, DetectEngineCtx_::profile_prefilter_ctx, DetectEngineCtx_::profile_sgh_ctx, RuleMatchCandidateTxArrayInit(), SC_ATOMIC_INIT, SC_ERR_DETECT_PREPARE, SC_ERR_MT_NO_SELECTOR, SCCalloc, SCFree, SCLogDebug, SCLogError, SCLogInfo, SCMalloc, SCProfilingKeywordThreadSetup(), SCProfilingPrefilterThreadSetup(), SCProfilingRuleThreadSetup(), SCProfilingSghThreadSetup(), DetectEngineCtx_::sig_array_len, SigIntId, DetectEngineCtx_::signum, DetectEngineCtx_::spm_global_thread_ctx, DetectEngineThreadCtx_::spm_thread_ctx, SpmMakeThreadCtx(), DetectEngineThreadCtx_::tenant_array, DetectEngineThreadCtx_::tenant_array_size, DetectEngineCtx_::tenant_id, DetectEngineTenantMapping_::tenant_id, DetectEngineMasterCtx_::tenant_mapping_list, DetectEngineMasterCtx_::tenant_selector, TENANT_SELECTOR_DIRECT, TENANT_SELECTOR_LIVEDEV, TENANT_SELECTOR_UNKNOWN, TENANT_SELECTOR_VLAN, DetectEngineThreadCtx_::TenantGetId, TM_ECODE_FAILED, TM_ECODE_OK, DetectEngineThreadCtx_::to_clear_idx, DetectEngineThreadCtx_::to_clear_queue, and DetectEngineTenantMapping_::traffic_id.
Referenced by SigCleanSignatures().
| void DetectEngineSetParseMetadata | ( | void | ) |
Definition at line 3918 of file detect-engine.c.
Referenced by DetectMetadataHashFree().
| int DetectEngineTentantRegisterLivedev | ( | uint32_t | tenant_id, |
| int | device_id | ||
| ) |
Definition at line 3574 of file detect-engine.c.
References TENANT_SELECTOR_LIVEDEV.
Referenced by DetectEngineReloadTenantBlocking().
| int DetectEngineTentantRegisterPcapFile | ( | uint32_t | tenant_id | ) |
Definition at line 3589 of file detect-engine.c.
References SCLogInfo, and TENANT_SELECTOR_DIRECT.
Referenced by UnixSocketPcapFile().
| int DetectEngineTentantRegisterVlanId | ( | uint32_t | tenant_id, |
| uint16_t | vlan_id | ||
| ) |
Definition at line 3579 of file detect-engine.c.
References TENANT_SELECTOR_VLAN.
Referenced by DetectEngineReloadTenantBlocking(), and UnixSocketPcapFile().
| int DetectEngineTentantUnregisterPcapFile | ( | uint32_t | tenant_id | ) |
Definition at line 3595 of file detect-engine.c.
References Packet_::pcap_v, SCLogInfo, PcapPacketVars_::tenant_id, and TENANT_SELECTOR_DIRECT.
Referenced by UnixSocketPcapFile().
| int DetectEngineTentantUnregisterVlanId | ( | uint32_t | tenant_id, |
| uint16_t | vlan_id | ||
| ) |
Definition at line 3584 of file detect-engine.c.
References TENANT_SELECTOR_VLAN.
Referenced by UnixSocketPcapFile().
| TmEcode DetectEngineThreadCtxDeinit | ( | ThreadVars * | , |
| void * | |||
| ) |
Definition at line 2741 of file detect-engine.c.
References HashTableFree(), DetectEngineThreadCtx_::mt_det_ctxs_hash, SC_ERR_INVALID_ARGUMENTS, SCLogWarning, and TM_ECODE_OK.
Referenced by DetectEngineInspectBufferGeneric(), and DetectEngineThreadCtxInit().
| TmEcode DetectEngineThreadCtxInit | ( | ThreadVars * | tv, |
| void * | initdata, | ||
| void ** | data | ||
| ) |
initialize thread specific detection engine context
| tv | ThreadVars for this thread |
| initdata | pointer to de_ctx |
| data[out] | pointer to store our thread detection ctx |
| TM_ECODE_OK | if all went well |
| TM_ECODE_FAILED | on serious erro |
alert counter setup
Definition at line 2533 of file detect-engine.c.
References AppLayerDecoderEventsFreeEvents(), DetectEngineThreadCtx_::base64_decoded, DetectEngineThreadCtx_::bj_values, DetectEngineThreadCtx_::buffers, DetectEngineThreadCtx_::buffers_size, DetectEngineThreadCtx_::counter_alerts, DetectEngineThreadCtx_::counter_fnonmpm_list, DetectEngineThreadCtx_::counter_match_list, DetectEngineThreadCtx_::counter_mpm_list, DetectEngineThreadCtx_::counter_nonmpm_list, DetectEngineThreadCtx_::de_ctx, DetectEngineThreadCtx_::decoder_events, DETECT_ENGINE_TYPE_NORMAL, DETECT_ENGINE_TYPE_TENANT, DetectEngineDeReference(), DetectEngineGetCurrent(), DetectEngineIPOnlyThreadDeinit(), DetectEngineMultiTenantEnabled(), DetectEngineReference(), DetectEngineThreadCtxDeinit(), DetectEngineThreadCtx_::inspect, InspectionBufferMultipleForList::inspection_buffers, InspectionBufferFree(), DetectEngineThreadCtx_::io_ctx, DetectEngineThreadCtx_::match_array, DetectEngineCtx_::mpm_matcher, DetectEngineThreadCtx_::mtc, DetectEngineThreadCtx_::mtcs, DetectEngineThreadCtx_::mtcu, DetectEngineThreadCtx_::multi_inspect, DetectEngineThreadCtx_::non_pf_id_array, PatternMatchThreadDestroy(), DetectEngineThreadCtx_::pmq, PmqFree(), DetectEngineCtx_::ref_cnt, RuleMatchCandidateTxArrayFree(), RunmodeIsUnittests(), SCFree, SCLogDebug, SCMalloc, SCProfilingKeywordThreadCleanup(), SCProfilingPrefilterThreadCleanup(), SCProfilingRuleThreadCleanup(), SCProfilingSghThreadCleanup(), InspectionBufferMultipleForList::size, DetectEngineThreadCtx_::spm_thread_ctx, SpmDestroyThreadCtx(), StatsRegisterAvgCounter(), StatsRegisterCounter(), DetectEngineThreadCtx_::tenant_array, DetectEngineCtx_::tenant_id, DetectEngineThreadCtx_::tenant_id, TM_ECODE_FAILED, TM_ECODE_OK, DetectEngineThreadCtx_::to_clear_queue, DetectEngineThreadCtx_::tv, DetectEngineCtx_::type, and unlikely.
| void DetectEngineUnsetParseMetadata | ( | void | ) |
Definition at line 3923 of file detect-engine.c.
Referenced by DetectMetadataHashFree().
| int DetectRegisterThreadCtxGlobalFuncs | ( | const char * | name, |
| void *(*)(void *) | InitFunc, | ||
| void * | data, | ||
| void(*)(void *) | FreeFunc | ||
| ) |
Register Thread keyword context Funcs (Global)
IDs stay static over reloads and between tenants
| name | keyword name for error printing |
| InitFunc | function ptr |
| FreeFunc | function ptr |
| id | for retrieval of ctx at runtime |
| -1 | on error |
Definition at line 2842 of file detect-engine.c.
References BUG_ON, DetectEngineThreadKeywordCtxItem_::data, DetectEngineThreadKeywordCtxItem_::FreeFunc, DetectEngineThreadKeywordCtxItem_::id, DetectEngineThreadKeywordCtxItem_::InitFunc, DetectEngineMasterCtx_::keyword_id, DetectEngineMasterCtx_::keyword_list, DetectEngineThreadKeywordCtxItem_::name, DetectEngineThreadKeywordCtxItem_::next, SCCalloc, and unlikely.
Referenced by DetectHttpHeaderNamesRegister(), DetectHttpHeaderRegister(), and DetectHttpStartRegister().
| const char* DetectSigmatchListEnumToString | ( | enum DetectSigmatchListEnum | type | ) |
Definition at line 3933 of file detect-engine.c.
References DETECT_SM_LIST_BASE64_DATA, DETECT_SM_LIST_L4HDR, DETECT_SM_LIST_MATCH, DETECT_SM_LIST_MAX, DETECT_SM_LIST_PMATCH, DETECT_SM_LIST_POSTMATCH, DETECT_SM_LIST_SUPPRESS, DETECT_SM_LIST_THRESHOLD, and DETECT_SM_LIST_TMATCH.
Referenced by CleanupFPAnalyzer(), EngineAnalysisRulesFailure(), and SCProfilingKeywordsGlobalInit().
| void* DetectThreadCtxGetGlobalKeywordThreadCtx | ( | DetectEngineThreadCtx * | det_ctx, |
| int | id | ||
| ) |
Retrieve thread local keyword ctx by id.
| det_ctx | detection engine thread ctx to retrieve the ctx from |
| id | id of the ctx returned by DetectRegisterThreadCtxInitFunc at keyword init. |
| ctx | or NULL on error |
Definition at line 2886 of file detect-engine.c.
References DetectEngineThreadCtx_::global_keyword_ctxs_array, and DetectEngineThreadCtx_::global_keyword_ctxs_size.
Referenced by HttpHeaderGetBufferSpaceForTXID().
| void InspectionBufferApplyTransforms | ( | InspectionBuffer * | buffer, |
| const DetectEngineTransforms * | transforms | ||
| ) |
Definition at line 976 of file detect-engine.c.
References DetectEngineCtx_::app_inspect_engines, DetectEngineCtx_::app_mpms_list, DetectEngineCtx_::buffer_type_hash, DetectEngineCtx_::buffer_type_id, DetectEngineCtx_::buffer_type_map, DetectEngineCtx_::buffer_type_map_elements, BUG_ON, DetectBufferType_::description, DETECT_SM_LIST_DYNAMIC_START, DETECT_TRANSFORMS_MAX, DetectMpmInitializeAppMpms(), HashListTableFree(), HashListTableGetListData, HashListTableGetListHead(), HashListTableGetListNext, HashListTableInit(), DetectBufferType_::id, DetectBufferType_::mpm, DetectEngineAppInspectionEngine_::next, next, DetectMpmAppLayerRegistery_::next, DetectBufferType_::packet, PrefilterDeinit(), PrefilterInit(), SCCalloc, SCFree, SCLogDebug, DetectBufferType_::SetupCallback, sigmatch_table, DetectBufferType_::string, SigTableElmt_::Transform, DetectEngineTransforms::transforms, and DetectBufferType_::ValidateCallback.
Referenced by DetectFilemagicRegister(), DetectFilenameRegister(), DetectHttpCookieRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriSetup(), DetectSNMPCommunityRegister(), DetectTemplateBufferRegister(), DetectTlsCertsRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), DetectTlsJa3SStringRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), and DetectTlsSubjectRegister().
| void InspectionBufferCheckAndExpand | ( | InspectionBuffer * | buffer, |
| uint32_t | min_size | ||
| ) |
make sure that the buffer has at least 'min_size' bytes Expand the buffer if necessary
Definition at line 947 of file detect-engine.c.
References InspectionBuffer::buf, likely, SCRealloc, and InspectionBuffer::size.
Referenced by FileSwfDecompression(), and InspectionBufferCopy().
| void InspectionBufferClean | ( | DetectEngineThreadCtx * | det_ctx | ) |
Definition at line 843 of file detect-engine.c.
References DetectEngineThreadCtx_::buffers, InspectionBufferMultipleForList::init, InspectionBuffer::inspect, DetectEngineThreadCtx_::inspect, InspectionBufferMultipleForList::inspection_buffers, InspectionBufferMultipleForList::max, DetectEngineThreadCtx_::multi_inspect, DetectEngineThreadCtx_::to_clear_idx, and DetectEngineThreadCtx_::to_clear_queue.
| void InspectionBufferCopy | ( | InspectionBuffer * | buffer, |
| uint8_t * | buf, | ||
| uint32_t | buf_len | ||
| ) |
Definition at line 964 of file detect-engine.c.
References InspectionBuffer::buf, InspectionBuffer::inspect, InspectionBuffer::inspect_len, InspectionBufferCheckAndExpand(), MIN, and InspectionBuffer::size.
Referenced by DetectTransformCompressWhitespaceRegister(), DetectTransformMd5Register(), DetectTransformSha1Register(), DetectTransformSha256Register(), and DetectTransformStripWhitespaceRegister().
| void InspectionBufferFree | ( | InspectionBuffer * | buffer | ) |
Definition at line 935 of file detect-engine.c.
References InspectionBuffer::buf, and SCFree.
Referenced by DetectEngineThreadCtxInit(), DetectTransformCompressWhitespaceRegister(), DetectTransformMd5Register(), DetectTransformSha1Register(), DetectTransformSha256Register(), and DetectTransformStripWhitespaceRegister().
| InspectionBuffer* InspectionBufferGet | ( | DetectEngineThreadCtx * | det_ctx, |
| const int | list_id | ||
| ) |
Definition at line 869 of file detect-engine.c.
References DetectEngineThreadCtx_::buffers, InspectionBuffer::inspect, DetectEngineThreadCtx_::inspect, DetectEngineThreadCtx_::to_clear_idx, and DetectEngineThreadCtx_::to_clear_queue.
Referenced by DetectHttpClientBodyRegister(), DetectHttpCookieRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriSetup(), DetectSNMPCommunityRegister(), DetectTemplateBufferRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), DetectTlsJa3SStringRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), and DetectTlsSubjectRegister().
| InspectionBufferMultipleForList* InspectionBufferGetMulti | ( | DetectEngineThreadCtx * | det_ctx, |
| const int | list_id | ||
| ) |
Definition at line 908 of file detect-engine.c.
References DetectEngineThreadCtx_::buffers, InspectionBufferMultipleForList::init, DetectEngineThreadCtx_::multi_inspect, DetectEngineThreadCtx_::to_clear_idx, and DetectEngineThreadCtx_::to_clear_queue.
Referenced by DetectFilemagicRegister(), DetectFilenameRegister(), and DetectTlsCertsRegister().
| void InspectionBufferInit | ( | InspectionBuffer * | buffer, |
| uint32_t | initial_size | ||
| ) |
Definition at line 918 of file detect-engine.c.
References InspectionBuffer::buf, SCCalloc, and InspectionBuffer::size.
Referenced by DetectTransformCompressWhitespaceRegister(), DetectTransformMd5Register(), DetectTransformSha1Register(), DetectTransformSha256Register(), and DetectTransformStripWhitespaceRegister().
| InspectionBuffer* InspectionBufferMultipleForListGet | ( | InspectionBufferMultipleForList * | fb, |
| uint32_t | local_id | ||
| ) |
for a InspectionBufferMultipleForList get a InspectionBuffer
| fb | the multiple buffer array |
| local_id | the index to get a buffer |
| buffer | the inspect buffer or NULL in case of error |
Definition at line 882 of file detect-engine.c.
References InspectionBufferMultipleForList::inspection_buffers, MAX, InspectionBufferMultipleForList::max, SCLogDebug, SCRealloc, and InspectionBufferMultipleForList::size.
Referenced by DetectFilemagicRegister(), DetectFilenameRegister(), and DetectTlsCertsRegister().
| void InspectionBufferSetup | ( | InspectionBuffer * | buffer, |
| const uint8_t * | data, | ||
| const uint32_t | data_len | ||
| ) |
setup the buffer with our initial data
Definition at line 928 of file detect-engine.c.
References InspectionBuffer::inspect, InspectionBuffer::inspect_len, InspectionBuffer::len, InspectionBuffer::orig, and InspectionBuffer::orig_len.
Referenced by DetectFilemagicRegister(), DetectFilenameRegister(), DetectHttpClientBodyRegister(), DetectHttpCookieRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriSetup(), DetectSNMPCommunityRegister(), DetectTemplateBufferRegister(), DetectTlsCertsRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), DetectTlsJa3SStringRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), DetectTlsSubjectRegister(), DetectTransformCompressWhitespaceRegister(), DetectTransformMd5Register(), DetectTransformSha1Register(), DetectTransformSha256Register(), and DetectTransformStripWhitespaceRegister().
1.8.11 
