|
suricata
|
|
suricata
|
Go to the source code of this file.
Macros | |
| #define | DetectEngineGetMaxSigId(de_ctx) ((de_ctx)->signum) |
Definition in file detect-engine.h.
| #define DetectEngineGetMaxSigId | ( | de_ctx | ) | ((de_ctx)->signum) |
Definition at line 81 of file detect-engine.h.
Referenced by IPOnlyInit(), MpmStorePrepareBuffer(), SigAddressCleanupStage1(), SigAddressPrepareStage1(), SigAddressPrepareStage2(), SigGroupHeadAppendSig(), SigGroupHeadContainsSigId(), and SigGroupHeadCopySigs().
| void DetectAppLayerInspectEngineRegister | ( | const char * | name, |
| AppProto | alproto, | ||
| uint32_t | dir, | ||
| int | progress, | ||
| InspectEngineFuncPtr | Callback | ||
| ) |
Registers an app inspection engine.
| name | Name of the detection list |
| alproto | App layer protocol for which we will register the engine. |
| direction | The direction for the engine: SIG_FLAG_TOSERVER or SIG_FLAG_TOCLIENT |
| progress | Minimal progress value for inspect engine to run |
| Callback | The engine callback. |
Registers an app inspection engine.
Definition at line 170 of file detect-engine.c.
References DetectEngineAppInspectionEngine_::alproto, ALPROTO_FAILED, BUG_ON, DetectEngineAppInspectionEngine_::Callback, DETECT_SM_LIST_MATCH, DetectBufferTypeGetByName(), DetectBufferTypeRegister(), DetectEngineAppInspectionEngine_::dir, FatalError, DetectEngineAppInspectionEngine_::next, DetectEngineAppInspectionEngine_::progress, SC_ERR_INITIALIZATION, SC_ERR_INVALID_ARGUMENTS, SCLogError, SCMalloc, SIG_FLAG_TOCLIENT, SIG_FLAG_TOSERVER, DetectEngineAppInspectionEngine_::sm_list, and unlikely.
Referenced by DetectAppLayerEventRegister(), DetectCipServiceRegister(), DetectDceIfaceRegister(), DetectDNP3Register(), DetectDnsQueryRegister(), DetectEnipCommandRegister(), DetectFilenameRegister(), DetectFtpbounceRegister(), DetectFtpdataRegister(), DetectLuaRegister(), DetectModbusRegister(), DetectNfsProcedureRegister(), DetectNfsVersionRegister(), DetectSNMPPduTypeRegister(), DetectSNMPVersionRegister(), DetectSshSoftwareVersionRegister(), DetectSslStateRegister(), DetectTemplateRustBufferRegister(), DetectTlsRegister(), and DetectTlsValidityRegister().
| void DetectAppLayerInspectEngineRegister2 | ( | const char * | name, |
| AppProto | alproto, | ||
| uint32_t | dir, | ||
| int | progress, | ||
| InspectEngineFuncPtr2 | Callback2, | ||
| InspectionBufferGetDataPtr | GetData | ||
| ) |
register inspect engine at start up time
Definition at line 224 of file detect-engine.c.
References DetectEngineAppInspectionEngine_::alproto, ALPROTO_FAILED, ALPROTO_UNKNOWN, Signature_::app_inspect, DetectEngineCtx_::app_inspect_engines, BUG_ON, DetectEngineAppInspectionEngine_::Callback, DE_STATE_FLAG_BASE, DETECT_SM_LIST_MATCH, DETECT_SM_LIST_PMATCH, DetectBufferTypeGetByName(), DetectBufferTypeRegister(), DetectEngineInspectBufferGeneric(), DetectEngineInspectStream(), DetectEngineAppInspectionEngine_::dir, FatalError, DetectEngineAppInspectionEngine_::GetData, DetectEngineAppInspectionEngine_::id, Signature_::id, Signature_::init_data, DetectEngineAppInspectionEngine_::mpm, SignatureInitData_::mpm_sm, DetectEngineAppInspectionEngine_::next, DetectEnginePktInspectionEngine::next, DetectEngineCtx_::pkt_inspect_engines, DetectEngineAppInspectionEngine_::progress, SC_ERR_INITIALIZATION, SC_ERR_INVALID_ARGUMENTS, SCCalloc, SCLogDebug, SCLogError, SCMalloc, SIG_FLAG_TOCLIENT, SIG_FLAG_TOSERVER, SigMatchListSMBelongsTo(), DetectEngineAppInspectionEngine_::sm_list, DetectEnginePktInspectionEngine::sm_list, DetectEngineAppInspectionEngine_::smd, DetectEngineAppInspectionEngine_::stream, DetectEngineAppInspectionEngine_::transforms, DetectEnginePktInspectionEngine::transforms, unlikely, DetectEnginePktInspectionEngine::v1, and DetectEngineAppInspectionEngine_::v2.
Referenced by DetectDceStubDataRegister(), DetectDnsQueryRegister(), DetectFiledataRegister(), DetectFilemagicRegister(), DetectFilenameRegister(), DetectHttpClientBodyRegister(), DetectHttpCookieRegister(), DetectHttpHeaderNamesRegister(), DetectHttpHeaderRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpProtocolRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectHttpStartRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriRegister(), DetectKrb5CNameRegister(), DetectKrb5SNameRegister(), DetectSmbNamedPipeRegister(), DetectSmbShareRegister(), DetectSNMPCommunityRegister(), DetectSshProtocolRegister(), DetectSshSoftwareRegister(), DetectTemplateBufferRegister(), DetectTlsCertsRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), DetectTlsJa3SStringRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), and DetectTlsSubjectRegister().
| int DetectBufferGetActiveList | ( | DetectEngineCtx * | de_ctx, |
| Signature * | s | ||
| ) |
Definition at line 977 of file detect-engine.c.
References BUG_ON, DetectBufferTypeGetByIdTransforms(), Signature_::init_data, SignatureInitData_::list, SignatureInitData_::list_set, SCLogDebug, SignatureInitData_::transform_cnt, and SignatureInitData_::transforms.
Referenced by DetectBytejumpDoMatch(), DetectBytetestDoMatch(), DetectContentSetup(), DetectIsdataatSetup(), DetectLuaRegister(), and DetectPcrePayloadMatch().
| void DetectBufferRunSetupCallback | ( | const DetectEngineCtx * | de_ctx, |
| const int | id, | ||
| Signature * | s | ||
| ) |
Definition at line 935 of file detect-engine.c.
References DetectBufferType_::SetupCallback.
Referenced by SigAddressPrepareStage1(), and SigMatchList2DataArray().
| bool DetectBufferRunValidateCallback | ( | const DetectEngineCtx * | de_ctx, |
| const int | id, | ||
| const Signature * | s, | ||
| const char ** | sigerror | ||
| ) |
Definition at line 954 of file detect-engine.c.
References TRUE, and DetectBufferType_::ValidateCallback.
Referenced by SigMatchList2DataArray().
| int DetectBufferSetActiveList | ( | Signature * | s, |
| const int | list | ||
| ) |
Definition at line 964 of file detect-engine.c.
References BUG_ON, Signature_::init_data, SignatureInitData_::list, SignatureInitData_::list_set, and SignatureInitData_::transform_cnt.
Referenced by DetectDceStubDataRegister(), DetectDnsQueryRegister(), DetectFilemagicRegister(), DetectFilenameRegister(), DetectHttpClientBodyRegister(), DetectHttpCookieRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectHttpServerBodyRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriSetup(), DetectIpv4hdrRegister(), DetectIpv6hdrRegister(), DetectSNMPCommunityRegister(), DetectTcphdrRegister(), DetectTlsCertsRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), DetectTlsJa3SStringRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), DetectTlsSubjectRegister(), and DetectUdphdrRegister().
| void DetectBufferTypeCloseRegistration | ( | void | ) |
Definition at line 1221 of file detect-engine.c.
References BUG_ON.
Referenced by SigTableSetup().
| int DetectBufferTypeGetByIdTransforms | ( | DetectEngineCtx * | de_ctx, |
| const int | id, | ||
| int * | transforms, | ||
| int | transform_cnt | ||
| ) |
Definition at line 1228 of file detect-engine.c.
References Signature_::action, ACTION_DROP, DetectEngineCtx_::buffer_type_hash, DetectEngineCtx_::buffer_type_id, DetectEngineCtx_::buffer_type_map, DetectEngineCtx_::buffer_type_map_elements, BUG_ON, DetectEngineTransforms::cnt, SigMatchData_::ctx, DetectEngineThreadCtx_::de_ctx, DETECT_ENGINE_THREAD_CTX_STREAM_CONTENT_MATCH, DETECT_SM_LIST_MATCH, DETECT_SM_LIST_PMATCH, DetectAppLayerMpmRegisterByParentId(), DetectEngineInspectPacketPayload(), DetectEngineInspectStreamPayload(), DetectPktMpmRegisterByParentId(), Packet_::flags, Signature_::flags, DetectEngineThreadCtx_::flags, Packet_::flow, HashListTableAdd(), HashListTableLookup(), DetectBufferType_::id, SigMatchData_::is_last, KEYWORD_PROFILING_END, KEYWORD_PROFILING_SET_LIST, KEYWORD_PROFILING_START, SigTableElmt_::Match, DetectBufferType_::mpm, DetectBufferType_::packet, PACKET_ALERT_FLAG_DROP_FLOW, PACKET_ALERT_FLAG_STREAM_MATCH, DetectBufferType_::parent_id, PKT_DETECT_HAS_STREAMDATA, PKT_STREAM_ADD, res, SC_ERR_INVALID_SIGNATURE, SCCalloc, SCEnter, SCLogDebug, SCLogError, SCRealloc, DetectBufferType_::SetupCallback, SIG_FLAG_REQUIRE_PACKET, SIG_FLAG_REQUIRE_STREAM, sigmatch_table, Signature_::sm_arrays, DetectBufferType_::string, DetectBufferType_::supports_transforms, DetectEngineTransforms::transforms, DetectBufferType_::transforms, SigMatchData_::type, and DetectBufferType_::ValidateCallback.
Referenced by DetectBufferGetActiveList().
| int DetectBufferTypeGetByName | ( | const char * | name | ) |
Definition at line 852 of file detect-engine.c.
References DetectBufferType_::id.
Referenced by DcePayloadRegisterTests(), DetectAppLayerEventRegister(), DetectAppLayerInspectEngineRegister(), DetectAppLayerInspectEngineRegister2(), DetectAppLayerMpmRegister2(), DetectBase64DataDoMatch(), DetectBase64DecodeDoMatch(), DetectByteExtractRetrieveSMVar(), DetectBytejumpDoMatch(), DetectBytetestDoMatch(), DetectCipServiceRegister(), DetectDceStubDataRegister(), DetectDnsQueryRegister(), DetectEngineAppInspectionEngine2Signature(), DetectEnipCommandRegister(), DetectFastPatternRegisterTests(), DetectFiledataRegister(), DetectFilemagicRegister(), DetectFilenameRegister(), DetectFtpdataRegister(), DetectHttpClientBodyRegister(), DetectHttpCookieRegister(), DetectHttpCookieRegisterTests(), DetectHttpHeaderNamesRegister(), DetectHttpHeaderRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpProtocolRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectHttpStartRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriRegister(), DetectIsdataatRegisterTests(), DetectKrb5CNameRegister(), DetectKrb5SNameRegister(), DetectLuaRegister(), DetectModbusRegister(), DetectNfsProcedureRegister(), DetectNfsVersionRegister(), DetectPcrePayloadMatch(), DetectPktDataRegister(), DetectPktInspectEngineRegister(), DetectPktMpmRegister(), DetectSmbNamedPipeRegister(), DetectSmbShareRegister(), DetectSNMPCommunityRegister(), DetectSNMPPduTypeRegister(), DetectSNMPVersionRegister(), DetectSshProtocolRegister(), DetectSshSoftwareRegister(), DetectTemplateBufferRegister(), DetectTemplateRustBufferRegister(), DetectTlsCertsRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), DetectTlsJa3SStringRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), DetectTlsSubjectRegister(), DetectTlsValidityRegister(), EngineAnalysisRules(), and PacketCreateMask().
| const char* DetectBufferTypeGetDescriptionById | ( | const DetectEngineCtx * | de_ctx, |
| const int | id | ||
| ) |
Definition at line 889 of file detect-engine.c.
References DetectBufferType_::description.
Referenced by EngineAnalysisFP(), and PerCentEncodingMatch().
| const char* DetectBufferTypeGetDescriptionByName | ( | const char * | name | ) |
Definition at line 898 of file detect-engine.c.
References DetectBufferType_::description.
| const char* DetectBufferTypeGetNameById | ( | const DetectEngineCtx * | de_ctx, |
| const int | id | ||
| ) |
Definition at line 861 of file detect-engine.c.
References DetectEngineCtx_::buffer_type_map, DetectEngineCtx_::buffer_type_map_elements, BUG_ON, and DetectBufferType_::string.
Referenced by DetectEngineAppInspectionEngine2Signature(), DetectRawbytesRegister(), EngineAnalysisFP(), EngineAnalysisRulesFailure(), PerCentEncodingMatch(), SCProfilingKeywordsGlobalInit(), SigMatchList2DataArray(), and SignatureIsIPOnly().
| int DetectBufferTypeMaxId | ( | void | ) |
Definition at line 727 of file detect-engine.c.
References HashListTable_::array_size, BUG_ON, HashListTableAdd(), HashListTableFree(), HashListTableInit(), HashListTableLookup(), hashlittle_safe(), DetectBufferType_::id, res, SCCalloc, SCFree, SCLogDebug, DetectBufferType_::string, and DetectBufferType_::transforms.
Referenced by SigAlloc().
| int DetectBufferTypeRegister | ( | const char * | name | ) |
Definition at line 808 of file detect-engine.c.
References BUG_ON, and DetectBufferType_::id.
Referenced by DetectAppLayerInspectEngineRegister(), DetectAppLayerInspectEngineRegister2(), DetectBufferTypeRegisterSetupCallback(), DetectBufferTypeRegisterValidateCallback(), DetectBufferTypeSupportsMpm(), DetectBufferTypeSupportsPacket(), DetectBufferTypeSupportsTransformations(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectDNP3Register(), DetectFileextRegister(), DetectFilemagicRegister(), DetectFileMd5Register(), DetectFileSha1Register(), DetectFileSha256Register(), DetectFilesizeRegister(), DetectFilestoreRegister(), DetectFtpbounceRegister(), DetectHttpServerBodyRegister(), DetectIpv4hdrRegister(), DetectIpv6hdrRegister(), DetectLuaRegister(), DetectPktInspectEngineRegister(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectSslStateRegister(), DetectSslVersionRegister(), DetectTcphdrRegister(), DetectTlsRegister(), DetectTlsVersionRegister(), DetectUdphdrRegister(), DetectUricontentRegister(), and DetectUrilenRegister().
| void DetectBufferTypeRegisterSetupCallback | ( | const char * | name, |
| void(*)(const DetectEngineCtx *, Signature *) | Callback | ||
| ) |
Definition at line 925 of file detect-engine.c.
References BUG_ON, DetectBufferTypeRegister(), and DetectBufferType_::SetupCallback.
Referenced by DetectFiledataRegister(), DetectHttpClientBodyRegister(), DetectHttpUriRegister(), DetectTlsFingerprintRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), and DetectTlsSerialRegister().
| void DetectBufferTypeRegisterValidateCallback | ( | const char * | name, |
| _Bool(*)(const Signature *, const char **sigerror) | ValidateCallback | ||
| ) |
Definition at line 944 of file detect-engine.c.
References BUG_ON, DetectBufferTypeRegister(), and DetectBufferType_::ValidateCallback.
Referenced by DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpRawHeaderRegister(), DetectHttpUriRegister(), DetectTlsFingerprintRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), and DetectTlsSerialRegister().
| void DetectBufferTypeSetDescriptionByName | ( | const char * | name, |
| const char * | desc | ||
| ) |
Definition at line 880 of file detect-engine.c.
References DetectBufferType_::description.
Referenced by DetectDnsQueryRegister(), DetectFiledataRegister(), DetectFilemagicRegister(), DetectFilenameRegister(), DetectHttpClientBodyRegister(), DetectHttpCookieRegister(), DetectHttpHeaderNamesRegister(), DetectHttpHeaderRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpProtocolRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectHttpStartRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriRegister(), DetectKrb5CNameRegister(), DetectKrb5SNameRegister(), DetectSNMPCommunityRegister(), DetectSshProtocolRegister(), DetectSshSoftwareRegister(), DetectSslStateRegister(), DetectTlsCertsRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), DetectTlsJa3SStringRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), and DetectTlsSubjectRegister().
| void DetectBufferTypeSupportsMpm | ( | const char * | name | ) |
Definition at line 832 of file detect-engine.c.
References BUG_ON, DetectBufferTypeRegister(), DetectBufferType_::id, DetectBufferType_::mpm, SCLogDebug, and TRUE.
Referenced by DetectAppLayerMpmRegister2(), and DetectPktMpmRegister().
| bool DetectBufferTypeSupportsMpmGetById | ( | const DetectEngineCtx * | de_ctx, |
| const int | id | ||
| ) |
Definition at line 916 of file detect-engine.c.
References FALSE, DetectBufferType_::mpm, and SCLogDebug.
Referenced by DetectGetLastSMFromMpmLists(), and FastPatternSupportEnabledForSigMatchList().
| void DetectBufferTypeSupportsPacket | ( | const char * | name | ) |
Definition at line 822 of file detect-engine.c.
References BUG_ON, DetectBufferTypeRegister(), DetectBufferType_::id, DetectBufferType_::packet, SCLogDebug, and TRUE.
Referenced by DetectIpv4hdrRegister(), DetectIpv6hdrRegister(), DetectTcphdrRegister(), and DetectUdphdrRegister().
| bool DetectBufferTypeSupportsPacketGetById | ( | const DetectEngineCtx * | de_ctx, |
| const int | id | ||
| ) |
Definition at line 907 of file detect-engine.c.
References FALSE, DetectBufferType_::packet, and SCLogDebug.
Referenced by SigMatchList2DataArray().
| void DetectBufferTypeSupportsTransformations | ( | const char * | name | ) |
Definition at line 842 of file detect-engine.c.
References BUG_ON, DetectBufferTypeRegister(), DetectBufferType_::id, SCLogDebug, and DetectBufferType_::supports_transforms.
Referenced by DetectAppLayerMpmRegister2(), and DetectPktMpmRegister().
| int DetectEngineAddToMaster | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 3884 of file detect-engine.c.
References DetectEngineMasterCtx_::lock, SCLogDebug, SCMutexLock, and SCMutexUnlock.
Referenced by DetectEngineMultiTenantEnabled(), DetectEngineReload(), DetectReplaceFreeInternal(), and PostRunDeinit().
| int DetectEngineAppInspectionEngine2Signature | ( | DetectEngineCtx * | de_ctx, |
| Signature * | s | ||
| ) |
Definition at line 459 of file detect-engine.c.
References DetectEngineAppInspectionEngine_::alproto, Signature_::alproto, ALPROTO_UNKNOWN, Signature_::app_inspect, DetectEngineCtx_::app_inspect_engines, BUG_ON, DetectEngineAppInspectionEngine_::Callback, DetectEnginePktInspectionEngine::Callback, DE_STATE_FLAG_BASE, DE_STATE_ID_FILE_INSPECT, DETECT_SM_LIST_DYNAMIC_START, DETECT_SM_LIST_PMATCH, DetectBufferTypeGetByName(), DetectBufferTypeGetNameById(), DetectEngineAppInspectionEngine_::dir, Signature_::flags, DetectEngineAppInspectionEngine_::GetData, DetectEnginePktInspectionEngine::GetData, DetectEngineAppInspectionEngine_::id, Signature_::id, Signature_::init_data, SignatureInitData_::init_flags, DetectEngineAppInspectionEngine_::mpm, DetectEnginePktInspectionEngine::mpm, SignatureInitData_::mpm_sm, DetectEngineAppInspectionEngine_::next, DetectEnginePktInspectionEngine::next, next, Signature_::pkt_inspect, DetectEngineCtx_::pkt_inspect_engines, DetectEngineAppInspectionEngine_::progress, SCCalloc, SCLogDebug, SIG_FLAG_FLUSH, SIG_FLAG_INIT_NEED_FLUSH, SIG_FLAG_INIT_STATE_MATCH, SIG_FLAG_TOCLIENT, SIG_FLAG_TOSERVER, SigMatchList2DataArray(), SigMatchListSMBelongsTo(), DetectEngineAppInspectionEngine_::sm_list, DetectEnginePktInspectionEngine::sm_list, DetectEngineAppInspectionEngine_::smd, DetectEnginePktInspectionEngine::smd, SignatureInitData_::smlists, SignatureInitData_::smlists_array_size, DetectEngineAppInspectionEngine_::transforms, DetectEnginePktInspectionEngine::transforms, unlikely, DetectEnginePktInspectionEngine::v1, and DetectEngineAppInspectionEngine_::v2.
Referenced by SigAddressPrepareStage4().
| void DetectEngineAppInspectionEngineSignatureFree | ( | Signature * | s | ) |
free app inspect engines for a signature
For lists that are registered multiple times, like http_header and http_cookie, making the engines owner of the lists is complicated. Multiple engines in a sig may be pointing to the same list. To address this the 'free' code needs to be extra careful about not double freeing, so it takes an approach to first fill an array of the to-free pointers before freeing them.
Definition at line 659 of file detect-engine.c.
References Signature_::app_inspect, BUG_ON, SigMatchData_::ctx, DETECT_SM_LIST_DYNAMIC_START, SigTableElmt_::Free, SigMatchData_::is_last, MAX, DetectEngineAppInspectionEngine_::next, DetectEnginePktInspectionEngine::next, next, Signature_::pkt_inspect, SCFree, sigmatch_table, DetectEngineAppInspectionEngine_::sm_list, DetectEnginePktInspectionEngine::sm_list, DetectEngineAppInspectionEngine_::smd, DetectEnginePktInspectionEngine::smd, DetectEngineTransforms::transforms, and SigMatchData_::type.
Referenced by SigFree().
| void DetectEngineBumpVersion | ( | void | ) |
Definition at line 3150 of file detect-engine.c.
References DetectEngineMasterCtx_::lock, SCLogDebug, SCMutexLock, SCMutexUnlock, and DetectEngineMasterCtx_::version.
Referenced by DetectEngineReload(), and PostRunDeinit().
| void DetectEngineCtxFree | ( | DetectEngineCtx * | de_ctx | ) |
Free a DetectEngineCtx::
| de_ctx | DetectEngineCtx:: to be freed |
Definition at line 2065 of file detect-engine.c.
References ByteExtractStringUint16(), ConfDump(), ConfGet(), ConfGetInt(), ConfGetNode(), DetectEngineCtx_::config_prefix, ConfNodeLookupChild(), ConfNodeLookupChildValue(), ConfNodeRemove(), DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT, DETECT_PREFILTER_AUTO, DETECT_PREFILTER_MPM, DetectAddressMapFree(), DetectMetadataHashFree(), DetectParseDupSigHashFree(), DetectPortCleanupList(), DetectPortParse(), ENGINE_PROFILE_CUSTOM, ENGINE_PROFILE_HIGH, ENGINE_PROFILE_LOW, ENGINE_PROFILE_MEDIUM, ENGINE_PROFILE_UNKNOWN, ENGINE_SGH_MPM_FACTORY_CONTEXT_FULL, ENGINE_SGH_MPM_FACTORY_CONTEXT_SINGLE, DetectEngineCtx_::inspection_recursion_limit, DetectEngineCtx_::max_uniq_toclient_groups, DetectEngineCtx_::max_uniq_toserver_groups, MPM_AC, MPM_AC_BS, MPM_AC_KS, MPM_HS, DetectEngineCtx_::mpm_matcher, MpmFactoryDeRegisterAllMpmCtxProfiles(), MpmStoreFree(), ConfNode_::name, DetectPort_::next, next, DetectPort_::port, DetectPort_::port2, DetectEngineCtx_::prefilter_setting, DetectEngineCtx_::profile_ctx, DetectEngineCtx_::profile_keyword_ctx, DetectEngineCtx_::profile_sgh_ctx, run_mode, RUNMODE_UNITTEST, SC_ERR_INVALID_YAML_CONF_ENTRY, SC_ERR_SIZE_PARSE, SCClassConfDeInitContext(), SCFree, SCLogDebug, SCLogError, SCLogWarning, SCProfilingKeywordDestroyCtx(), SCProfilingPrefilterDestroyCtx(), SCProfilingRuleDestroyCtx(), SCProfilingSghDestroyCtx(), SCRConfDeInitContext(), SCSigSignatureOrderingModuleCleanup(), DetectEngineCtx_::sgh_mpm_context, DetectEngineCtx_::sig_array, SigCleanSignatures(), SigGroupCleanup(), SigGroupHeadHashFree(), DetectEngineCtx_::spm_global_thread_ctx, SpmDestroyGlobalThreadCtx(), SRepDestroy(), TAILQ_FOREACH, DetectEngineCtx_::tcp_whitelist, ThresholdContextDestroy(), DetectEngineCtx_::udp_whitelist, ConfNode_::val, VarNameStoreFree(), and DetectEngineCtx_::version.
Referenced by DetectEngineGetEventInfo(), DetectEngineInspectPktBufferGeneric(), DetectEngineMultiTenantEnabled(), DetectEnginePruneFreeList(), and DetectEngineReload().
| DetectEngineCtx* DetectEngineCtxInit | ( | void | ) |
Definition at line 2020 of file detect-engine.c.
References DETECT_ENGINE_TYPE_NORMAL.
Referenced by DetectEngineCtxInitWithPrefix(), and DetectEngineGetEventInfo().
| DetectEngineCtx* DetectEngineCtxInitStubForDD | ( | void | ) |
Definition at line 2015 of file detect-engine.c.
References DETECT_ENGINE_TYPE_DD_STUB.
Referenced by PostRunDeinit().
| DetectEngineCtx* DetectEngineCtxInitStubForMT | ( | void | ) |
Definition at line 2010 of file detect-engine.c.
References DETECT_ENGINE_TYPE_MT_STUB.
Referenced by DetectEngineMTApply(), and PostRunDeinit().
| DetectEngineCtx* DetectEngineCtxInitWithPrefix | ( | const char * | prefix | ) |
Definition at line 2025 of file detect-engine.c.
References DETECT_ENGINE_TYPE_NORMAL, DetectEngineCtxInit(), SigString_::filename, DetectEngineCtx_::keyword_list, next, DetectEngineThreadKeywordCtxItem_::next, SCFree, SigString_::sig_error, DetectEngineCtx_::sig_stat, SigString_::sig_str, TAILQ_FOREACH_SAFE, and TAILQ_REMOVE.
Referenced by DetectEngineMultiTenantEnabled(), and DetectEngineReload().
| void DetectEngineDeReference | ( | DetectEngineCtx ** | de_ctx | ) |
Definition at line 3860 of file detect-engine.c.
References BUG_ON, DetectEngineMasterCtx_::list, and DetectEngineCtx_::next.
Referenced by DetectEngineMultiTenantEnabled(), DetectEngineReload(), DetectEngineThreadCtxInit(), GlobalsInitPreConfig(), and UnixSocketPcapFile().
| int DetectEngineEnabled | ( | void | ) |
Check if detection is enabled.
| bool | true or false |
Definition at line 3126 of file detect-engine.c.
References DetectEngineMasterCtx_::list, DetectEngineMasterCtx_::lock, SCMutexLock, and SCMutexUnlock.
Referenced by PostRunDeinit().
| DetectEngineCtx* DetectEngineGetByTenantId | ( | int | tenant_id | ) |
Definition at line 3834 of file detect-engine.c.
References DETECT_ENGINE_TYPE_TENANT, DetectEngineMasterCtx_::list, DetectEngineMasterCtx_::lock, DetectEngineCtx_::next, DetectEngineCtx_::ref_cnt, SCMutexLock, SCMutexUnlock, DetectEngineCtx_::tenant_id, and DetectEngineCtx_::type.
Referenced by DetectEngineMultiTenantEnabled(), and UnixSocketPcapFile().
| DetectEngineCtx* DetectEngineGetCurrent | ( | void | ) |
Definition at line 3159 of file detect-engine.c.
References DETECT_ENGINE_TYPE_DD_STUB, DETECT_ENGINE_TYPE_MT_STUB, DETECT_ENGINE_TYPE_NORMAL, DetectEngineMasterCtx_::list, DetectEngineMasterCtx_::lock, DetectEngineCtx_::next, DetectEngineCtx_::ref_cnt, SCLogDebug, SCMutexLock, SCMutexUnlock, and DetectEngineCtx_::type.
Referenced by DetectEngineReload(), DetectEngineThreadCtxInit(), and GlobalsInitPreConfig().
| uint32_t DetectEngineGetVersion | ( | void | ) |
Definition at line 3140 of file detect-engine.c.
References DetectEngineMasterCtx_::lock, SCMutexLock, SCMutexUnlock, version, and DetectEngineMasterCtx_::version.
Referenced by DetectEngineInspectPktBufferGeneric().
| int DetectEngineInspectBufferGeneric | ( | DetectEngineCtx * | de_ctx, |
| DetectEngineThreadCtx * | det_ctx, | ||
| const DetectEngineAppInspectionEngine * | engine, | ||
| const Signature * | s, | ||
| Flow * | f, | ||
| uint8_t | flags, | ||
| void * | alstate, | ||
| void * | txv, | ||
| uint64_t | tx_id | ||
| ) |
Do the content inspection & validation for a signature.
| de_ctx | Detection engine context |
| det_ctx | Detection engine thread context |
| s | Signature to inspect |
| f | Flow |
| flags | app layer flags |
| state | App layer state |
| 0 | no match. |
| 1 | match. |
| 2 | Sig can't match. |
Definition at line 1562 of file detect-engine.c.
References Flow_::alproto, AppLayerParserGetStateProgress(), DetectEngineThreadCtx_::buffer_offset, DETECT_CI_FLAGS_END, DETECT_CI_FLAGS_START, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, DETECT_ENGINE_INSPECT_SIG_CANT_MATCH, DETECT_ENGINE_INSPECT_SIG_MATCH, DETECT_ENGINE_INSPECT_SIG_NO_MATCH, DetectEngineContentInspection(), DetectEngineThreadCtx_::discontinue_matching, InspectionBuffer::flags, DetectEngineAppInspectionEngine_::GetData, InspectionBuffer::inspect, InspectionBuffer::inspect_len, InspectionBuffer::inspect_offset, DetectEngineThreadCtx_::inspection_recursion_counter, DetectEngineAppInspectionEngine_::mpm, offset, DetectEngineAppInspectionEngine_::progress, Flow_::proto, SCLogDebug, DetectEngineAppInspectionEngine_::sm_list, DetectEngineAppInspectionEngine_::smd, DetectEngineAppInspectionEngine_::transforms, unlikely, and DetectEngineAppInspectionEngine_::v2.
Referenced by DetectAppLayerInspectEngineRegister2(), DetectDceStubDataRegister(), DetectFiledataRegister(), DetectHttpClientBodyRegister(), DetectHttpCookieRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpProtocolRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriRegister(), DetectSmbNamedPipeRegister(), DetectSmbShareRegister(), DetectSNMPCommunityRegister(), DetectSshProtocolRegister(), DetectSshSoftwareRegister(), DetectTemplateBufferRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), DetectTlsJa3SStringRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), and DetectTlsSubjectRegister().
| int DetectEngineInspectGenericList | ( | ThreadVars * | tv, |
| const DetectEngineCtx * | de_ctx, | ||
| DetectEngineThreadCtx * | det_ctx, | ||
| const Signature * | s, | ||
| const SigMatchData * | smd, | ||
| Flow * | f, | ||
| const uint8_t | flags, | ||
| void * | alstate, | ||
| void * | txv, | ||
| uint64_t | tx_id | ||
| ) |
Do the content inspection & validation for a signature.
| de_ctx | Detection engine context |
| det_ctx | Detection engine thread context |
| s | Signature to inspect |
| sm | SigMatch to inspect |
| f | Flow |
| flags | app layer flags |
| state | App layer state |
| 0 | no match |
| 1 | match |
Definition at line 1517 of file detect-engine.c.
References SigMatchData_::ctx, DETECT_ENGINE_INSPECT_SIG_CANT_MATCH, DETECT_ENGINE_INSPECT_SIG_MATCH, DETECT_ENGINE_INSPECT_SIG_NO_MATCH, SigMatchData_::is_last, KEYWORD_PROFILING_END, KEYWORD_PROFILING_START, SCLogDebug, sigmatch_table, and SigMatchData_::type.
Referenced by DetectDceIfaceRegister(), DetectEngineInspectDnsRequest(), DetectEngineInspectDnsResponse(), DetectFtpbounceRegister(), DetectFtpdataRegister(), DetectLuaRegister(), DetectNfsProcedureRegister(), DetectNfsVersionRegister(), DetectSNMPPduTypeRegister(), DetectSNMPVersionRegister(), DetectSslStateRegister(), and DetectTlsValidityRegister().
| int DetectEngineInspectPktBufferGeneric | ( | DetectEngineThreadCtx * | det_ctx, |
| const DetectEnginePktInspectionEngine * | engine, | ||
| const Signature * | s, | ||
| Packet * | p, | ||
| uint8_t * | _alert_flags | ||
| ) |
Do the content inspection & validation for a signature.
| de_ctx | Detection engine context |
| det_ctx | Detection engine thread context |
| s | Signature to inspect |
| p | Packet |
| 0 | no match. |
| 1 | match. |
Definition at line 1627 of file detect-engine.c.
References ActionInitConfig(), DetectEngineThreadCtx_::buffer_offset, BUG_ON, PacketQueue_::cond_q, ConfGetBool(), DetectEngineCtx_::config_prefix, DetectEngineThreadCtx_::de_ctx, DETECT_CI_FLAGS_END, DETECT_CI_FLAGS_START, DETECT_ENGINE_CONTENT_INSPECTION_MODE_HEADER, DETECT_ENGINE_INSPECT_SIG_MATCH, DETECT_ENGINE_INSPECT_SIG_NO_MATCH, DETECT_ENGINE_TYPE_DD_STUB, DETECT_ENGINE_TYPE_MT_STUB, DetectAddressMapInit(), DetectEngineContentInspection(), DetectEngineCtxFree(), DetectEngineGetVersion(), DetectEngineThreadCtxDeinit(), DetectMetadataHashInit(), DetectParseDupSigHashInit(), DetectEngineThreadCtx_::discontinue_matching, DetectEngineCtx_::failure_fatal, TmModule_::flags, InspectionBuffer::flags, Packet_::flags, Packet_::flow, FlowWorkerGetDetectCtxPtr(), FlowWorkerReplaceDetectCtx(), DetectEnginePktInspectionEngine::GetData, Tmq_::id, ThreadVars_::inq, InspectionBuffer::inspect, InspectionBuffer::inspect_len, DetectEngineThreadCtx_::inspection_recursion_counter, DetectEnginePktInspectionEngine::mpm, DetectEngineCtx_::mpm_matcher, mpm_table, MpmStoreInit(), PacketQueue_::mutex_q, SpmTableElmt_::name, MpmTableElmt_::name, ThreadVars_::next, offset, PacketEnqueue(), PacketGetFromAlloc(), PatternMatchDefaultMatcher(), PKT_PSEUDO_STREAM_END, TmModule_::PktAcqBreakLoop, TmModule_::PktAcqLoop, SC_ATOMIC_GET, SC_ERR_LIVE_RULE_SWAP, SCClassConfLoadClassficationConfigFile(), SCCondSignal, SCEnter, SCLogDebug, SCLogError, SCLogInfo, SCMalloc, SCMutexLock, SCMutexUnlock, SCRConfLoadReferenceConfigFile(), DetectEngineCtx_::sig_stat, DetectEngineCtx_::sigerror, SigGroupHeadHashInit(), SinglePatternMatchDefaultMatcher(), TmSlot_::slot_next, DetectEnginePktInspectionEngine::sm_list, DetectEnginePktInspectionEngine::smd, DetectEngineCtx_::spm_global_thread_ctx, DetectEngineCtx_::spm_matcher, spm_table, SpmInitGlobalThreadCtx(), SRepInit(), SRepReloadComplete(), strlcpy(), suricata_ctl_flags, TAILQ_INIT, ThresholdHashInit(), THV_CAPTURE_INJECT_PKT, THV_RUNNING_DONE, TM_FLAG_DETECT_TM, TM_FLAG_RECEIVE_TM, TmSlot_::tm_id, ThreadVars_::tm_slots, TmModuleGetById(), TmThreadsCheckFlag(), TmThreadsSetFlag(), trans_q, DetectEnginePktInspectionEngine::transforms, tv_root, tv_root_lock, TVT_PPT, type, DetectEngineCtx_::type, unlikely, DetectEnginePktInspectionEngine::v1, VarNameStoreSetupStaging(), and DetectEngineCtx_::version.
Referenced by DetectIpv4hdrRegister(), DetectIpv6hdrRegister(), DetectTcphdrRegister(), and DetectUdphdrRegister().
| int DetectEngineLoadTenantBlocking | ( | uint32_t | tenant_id, |
| const char * | yaml | ||
| ) |
Load a tenant and wait for loading to complete.
Definition at line 3385 of file detect-engine.c.
References DetectLoadersSync().
Referenced by UnixSocketPcapFile().
| int DetectEngineMoveToFreeList | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 3900 of file detect-engine.c.
References DetectEngineMasterCtx_::free_list, DetectEngineMasterCtx_::list, DetectEngineMasterCtx_::lock, next, DetectEngineCtx_::next, DetectEngineCtx_::ref_cnt, SCLogDebug, SCMutexLock, and SCMutexUnlock.
Referenced by DetectEngineMultiTenantEnabled(), DetectEngineReload(), DetectReplaceFreeInternal(), GlobalsInitPreConfig(), and UnixSocketPcapFile().
| int DetectEngineMTApply | ( | void | ) |
Definition at line 4091 of file detect-engine.c.
References DETECT_ENGINE_TYPE_DD_STUB, DETECT_ENGINE_TYPE_MT_STUB, DETECT_ENGINE_TYPE_NORMAL, DetectEngineCtxInitStubForMT(), DetectEnginePruneFreeList(), DetectEngineMasterCtx_::list, DetectEngineMasterCtx_::lock, DetectEngineCtx_::next, SCLogDebug, SCLogInfo, SCMutexLock, SCMutexUnlock, DetectEngineCtx_::tenant_id, DetectEngineMasterCtx_::tenant_selector, TENANT_SELECTOR_UNKNOWN, and DetectEngineCtx_::type.
Referenced by UnixSocketPcapFile().
| int DetectEngineMultiTenantEnabled | ( | void | ) |
TODO locking? Not needed if this is a one time setting at startup
Definition at line 3191 of file detect-engine.c.
References ConfGetNode(), DetectEngineCtx_::config_prefix, ConfYamlLoadFileWithPrefix(), DETECT_ENGINE_TYPE_TENANT, DetectEngineAddToMaster(), DetectEngineCtxFree(), DetectEngineCtxInitWithPrefix(), DetectEngineDeReference(), DetectEngineGetByTenantId(), DetectEngineMoveToFreeList(), DetectEngineCtx_::loader_id, DetectEngineMasterCtx_::multi_tenant_enabled, SC_ERR_CONF_YAML_ERROR, SC_ERR_FOPEN, SC_ERR_INITIALIZATION, SC_ERR_MT_DUPLICATE_TENANT, SC_ERR_NO_RULES_LOADED, SCLogDebug, SCLogError, SigLoadSignatures(), DetectEngineCtx_::tenant_id, and DetectEngineCtx_::type.
Referenced by DetectEngineThreadCtxInit(), SigGroupBuild(), and UnixSocketPcapFile().
| int DetectEngineMultiTenantSetup | ( | void | ) |
setup multi-detect / multi-tenancy
See if MT is enabled. If so, setup the selector, tenants and mappings. Tenants and mappings are optional, and can also dynamically be added and removed from the unix socket.
Definition at line 3534 of file detect-engine.c.
References ByteExtractStringUint32(), ConfGet(), ConfGetBool(), ConfGetNode(), ConfNodeLookupChild(), ConfUnixSocketIsEnable(), ConfYamlLoadFileWithPrefix(), DetectLoadersInit(), DetectLoadersSync(), DetectLoaderThreadSpawn(), LiveDevice_::dev, EngineModeIsIPS(), Packet_::livedev, DetectEngineMasterCtx_::lock, DetectEngineSyncer_::m, DetectEngineMasterCtx_::multi_tenant_enabled, next, DetectEngineTenantMapping_::next, SC_ERR_CONF_YAML_ERROR, SC_ERR_INVALID_ARGUMENT, SC_ERR_INVALID_VALUE, SC_ERR_MT_NO_MAPPING, SCCalloc, SCFree, SCLogDebug, SCLogError, SCLogInfo, SCLogNotice, SCLogWarning, SCMutexLock, SCMutexUnlock, TAILQ_FOREACH, DetectEngineThreadCtx_::tenant_array, DetectEngineThreadCtx_::tenant_array_size, LiveDevice_::tenant_id, DetectEngineTenantMapping_::tenant_id, DetectEngineMasterCtx_::tenant_mapping_list, DetectEngineMasterCtx_::tenant_selector, TENANT_SELECTOR_DIRECT, TENANT_SELECTOR_LIVEDEV, TENANT_SELECTOR_UNKNOWN, TENANT_SELECTOR_VLAN, TmModuleDetectLoaderRegister(), TmThreadContinueDetectLoaderThreads(), DetectEngineTenantMapping_::traffic_id, ConfNode_::val, VarNameStoreActivateStaging(), Packet_::vlan_id, and Packet_::vlan_idx.
Referenced by PostRunDeinit().
| int DetectEngineMustParseMetadata | ( | void | ) |
Definition at line 4156 of file detect-engine.c.
Referenced by DetectMetadataHashFree(), and DetectMetadataHashInit().
| bool DetectEnginePktInspectionRun | ( | ThreadVars * | tv, |
| DetectEngineThreadCtx * | det_ctx, | ||
| const Signature * | s, | ||
| Flow * | f, | ||
| Packet * | p, | ||
| uint8_t * | alert_flags | ||
| ) |
Definition at line 1378 of file detect-engine.c.
References DetectEnginePktInspectionEngine::Callback, Signature_::id, DetectEnginePktInspectionEngine::next, Signature_::pkt_inspect, SCCalloc, SCEnter, SCLogDebug, DetectEnginePktInspectionEngine::smd, and DetectEnginePktInspectionEngine::v1.
Referenced by SigMatchSignaturesGetSgh().
| int DetectEnginePktInspectionSetup | ( | Signature * | s | ) |
Definition at line 1423 of file detect-engine.c.
References DETECT_SM_LIST_MATCH, DETECT_SM_LIST_PMATCH, Signature_::id, Signature_::init_data, SignatureInitData_::init_flags, SCLogDebug, SIG_FLAG_INIT_STATE_MATCH, and Signature_::sm_arrays.
Referenced by SigAddressPrepareStage4().
| void DetectEnginePruneFreeList | ( | void | ) |
Definition at line 3951 of file detect-engine.c.
References DetectEngineCtxFree(), DetectEngineMasterCtx_::free_list, DetectEngineMasterCtx_::lock, next, DetectEngineCtx_::next, DetectEngineCtx_::ref_cnt, SCLogDebug, SCMutexLock, and SCMutexUnlock.
Referenced by DetectEngineMTApply(), DetectEngineReload(), DetectReplaceFreeInternal(), GlobalsInitPreConfig(), and UnixSocketPcapFile().
| DetectEngineCtx* DetectEngineReference | ( | DetectEngineCtx * | ) |
Definition at line 3182 of file detect-engine.c.
References DetectEngineCtx_::ref_cnt.
Referenced by DetectEngineThreadCtxInit().
| void DetectEngineRegisterTests | ( | void | ) |
Definition at line 4457 of file detect-engine.c.
References UtRegisterTest().
| int DetectEngineReload | ( | const SCInstance * | suri | ) |
Reload the detection engine.
| filename | YAML file to load for the detect config |
| -1 | error |
| 0 | ok |
Definition at line 3990 of file detect-engine.c.
References HashTable_::array_size, SCInstance_::conf_filename, ConfDump(), ConfGetNode(), ConfYamlLoadFileWithPrefix(), DETECT_ENGINE_TYPE_DD_STUB, DETECT_ENGINE_TYPE_NORMAL, DetectEngineAddToMaster(), DetectEngineBumpVersion(), DetectEngineCtxFree(), DetectEngineCtxInitWithPrefix(), DetectEngineDeReference(), DetectEngineGetCurrent(), DetectEngineMoveToFreeList(), DetectEnginePruneFreeList(), SC_ERR_CONF_YAML_ERROR, SC_ERR_INITIALIZATION, SCLogDebug, SCLogError, SCLogNotice, SCInstance_::sig_file, SCInstance_::sig_file_exclusive, SigLoadSignatures(), DetectEngineThreadCtx_::tenant_id, and DetectEngineCtx_::type.
Referenced by PostRunDeinit().
| int DetectEngineReloadIsIdle | ( | void | ) |
Definition at line 1493 of file detect-engine.c.
References DetectEngineSyncer_::m, SCMutexLock, SCMutexUnlock, and DetectEngineSyncer_::state.
| int DetectEngineReloadIsStart | ( | void | ) |
Definition at line 1473 of file detect-engine.c.
References DetectEngineSyncer_::m, RELOAD, SCMutexLock, SCMutexUnlock, and DetectEngineSyncer_::state.
Referenced by PostRunDeinit().
| void DetectEngineReloadSetIdle | ( | void | ) |
Definition at line 1485 of file detect-engine.c.
References IDLE, DetectEngineSyncer_::m, SCMutexLock, SCMutexUnlock, and DetectEngineSyncer_::state.
Referenced by PostRunDeinit().
| int DetectEngineReloadStart | ( | void | ) |
Definition at line 1459 of file detect-engine.c.
References DetectEngineSyncer_::m, RELOAD, SCMutexLock, SCMutexUnlock, and DetectEngineSyncer_::state.
Referenced by PostRunDeinit().
| int DetectEngineReloadTenantBlocking | ( | uint32_t | tenant_id, |
| const char * | yaml, | ||
| int | reload_cnt | ||
| ) |
Reload a tenant and wait for loading to complete.
Definition at line 3399 of file detect-engine.c.
References ByteExtractStringUint16(), ByteExtractStringUint32(), ConfNodeLookupChild(), DetectEngineTentantRegisterLivedev(), DetectEngineTentantRegisterVlanId(), DetectLoadersSync(), LiveDevice_::id, LiveGetDevice(), next, SC_ERR_INVALID_ARGUMENT, SC_ERR_MT_NO_MAPPING, SCLogError, SCLogWarning, TAILQ_FOREACH, LiveDevice_::tenant_id, LiveDevice_::tenant_id_set, and ConfNode_::val.
Referenced by UnixSocketPcapFile().
| void DetectEngineResetMaxSigId | ( | DetectEngineCtx * | ) |
Definition at line 2438 of file detect-engine.c.
References DetectEngineCtx_::base64_decode_max_len, DetectEngineThreadCtx_::base64_decoded, DetectEngineThreadCtx_::base64_decoded_len, DetectEngineThreadCtx_::base64_decoded_len_max, DetectEngineThreadCtx_::bj_values, DetectEngineCtx_::buffer_type_id, DetectEngineThreadCtx_::buffers, DetectEngineThreadCtx_::buffers_size, BUG_ON, DetectEngineCtx_::byte_extract_max_local_id, DetectEngineThreadKeywordCtxItem_::data, DetectEngineIPOnlyThreadInit(), DetectEngineThreadKeywordCtxItem_::FreeFunc, DetectEngineThreadCtx_::global_keyword_ctxs_array, DetectEngineThreadCtx_::global_keyword_ctxs_size, HashTableAdd(), HashTableFree(), HashTableInit(), DetectEngineThreadKeywordCtxItem_::id, DetectEngineThreadKeywordCtxItem_::InitFunc, DetectEngineThreadCtx_::inspect, DetectEngineThreadCtx_::io_ctx, DetectEngineThreadCtx_::keyword_ctxs_array, DetectEngineThreadCtx_::keyword_ctxs_size, DetectEngineCtx_::keyword_id, DetectEngineMasterCtx_::keyword_id, DetectEngineCtx_::keyword_list, DetectEngineMasterCtx_::keyword_list, DetectEngineMasterCtx_::list, DetectEngineThreadCtx_::match_array, DetectEngineThreadCtx_::match_array_len, DetectEngineCtx_::mpm_matcher, DetectEngineThreadCtx_::mt_det_ctxs_cnt, DetectEngineThreadCtx_::mt_det_ctxs_hash, DetectEngineThreadCtx_::mtc, DetectEngineThreadCtx_::mtcs, DetectEngineThreadCtx_::mtcu, DetectEngineThreadCtx_::multi_inspect, DetectEngineThreadKeywordCtxItem_::name, DetectEngineThreadKeywordCtxItem_::next, DetectEngineCtx_::next, DetectEngineTenantMapping_::next, DetectEngineThreadCtx_::non_pf_id_array, DetectEngineCtx_::non_pf_store_cnt_max, PatternMatchThreadPrepare(), DetectEngineThreadCtx_::pmq, PmqSetup(), DetectEngineCtx_::profile_ctx, DetectEngineCtx_::profile_keyword_ctx, DetectEngineCtx_::profile_prefilter_ctx, DetectEngineCtx_::profile_sgh_ctx, RuleMatchCandidateTxArrayInit(), SC_ATOMIC_INIT, SC_ERR_DETECT_PREPARE, SC_ERR_MT_NO_SELECTOR, SCCalloc, SCFree, SCLogDebug, SCLogError, SCLogInfo, SCMalloc, SCProfilingKeywordThreadSetup(), SCProfilingPrefilterThreadSetup(), SCProfilingRuleThreadSetup(), SCProfilingSghThreadSetup(), DetectEngineCtx_::sig_array_len, SigIntId, DetectEngineCtx_::signum, DetectEngineCtx_::spm_global_thread_ctx, DetectEngineThreadCtx_::spm_thread_ctx, SpmMakeThreadCtx(), DetectEngineThreadCtx_::tenant_array, DetectEngineThreadCtx_::tenant_array_size, DetectEngineCtx_::tenant_id, DetectEngineTenantMapping_::tenant_id, DetectEngineMasterCtx_::tenant_mapping_list, DetectEngineMasterCtx_::tenant_selector, TENANT_SELECTOR_DIRECT, TENANT_SELECTOR_LIVEDEV, TENANT_SELECTOR_UNKNOWN, TENANT_SELECTOR_VLAN, DetectEngineThreadCtx_::TenantGetId, TM_ECODE_FAILED, TM_ECODE_OK, DetectEngineThreadCtx_::to_clear_idx, DetectEngineThreadCtx_::to_clear_queue, and DetectEngineTenantMapping_::traffic_id.
Referenced by SigCleanSignatures().
| void DetectEngineSetParseMetadata | ( | void | ) |
Definition at line 4146 of file detect-engine.c.
Referenced by DetectMetadataHashFree().
| int DetectEngineTentantRegisterLivedev | ( | uint32_t | tenant_id, |
| int | device_id | ||
| ) |
Definition at line 3802 of file detect-engine.c.
References TENANT_SELECTOR_LIVEDEV.
Referenced by DetectEngineReloadTenantBlocking().
| int DetectEngineTentantRegisterPcapFile | ( | uint32_t | tenant_id | ) |
Definition at line 3817 of file detect-engine.c.
References SCLogInfo, and TENANT_SELECTOR_DIRECT.
Referenced by UnixSocketPcapFile().
| int DetectEngineTentantRegisterVlanId | ( | uint32_t | tenant_id, |
| uint16_t | vlan_id | ||
| ) |
Definition at line 3807 of file detect-engine.c.
References TENANT_SELECTOR_VLAN.
Referenced by DetectEngineReloadTenantBlocking(), and UnixSocketPcapFile().
| int DetectEngineTentantUnregisterPcapFile | ( | uint32_t | tenant_id | ) |
Definition at line 3823 of file detect-engine.c.
References Packet_::pcap_v, SCLogInfo, PcapPacketVars_::tenant_id, and TENANT_SELECTOR_DIRECT.
Referenced by UnixSocketPcapFile().
| int DetectEngineTentantUnregisterVlanId | ( | uint32_t | tenant_id, |
| uint16_t | vlan_id | ||
| ) |
Definition at line 3812 of file detect-engine.c.
References TENANT_SELECTOR_VLAN.
Referenced by UnixSocketPcapFile().
| TmEcode DetectEngineThreadCtxDeinit | ( | ThreadVars * | , |
| void * | |||
| ) |
Definition at line 2969 of file detect-engine.c.
References HashTableFree(), DetectEngineThreadCtx_::mt_det_ctxs_hash, SC_ERR_INVALID_ARGUMENTS, SCLogWarning, and TM_ECODE_OK.
Referenced by DetectEngineInspectPktBufferGeneric(), and DetectEngineThreadCtxInit().
| TmEcode DetectEngineThreadCtxInit | ( | ThreadVars * | tv, |
| void * | initdata, | ||
| void ** | data | ||
| ) |
initialize thread specific detection engine context
| tv | ThreadVars for this thread |
| initdata | pointer to de_ctx |
| data[out] | pointer to store our thread detection ctx |
| TM_ECODE_OK | if all went well |
| TM_ECODE_FAILED | on serious erro |
alert counter setup
Definition at line 2761 of file detect-engine.c.
References AppLayerDecoderEventsFreeEvents(), DetectEngineThreadCtx_::base64_decoded, DetectEngineThreadCtx_::bj_values, DetectEngineThreadCtx_::buffers, DetectEngineThreadCtx_::buffers_size, DetectEngineThreadCtx_::counter_alerts, DetectEngineThreadCtx_::counter_fnonmpm_list, DetectEngineThreadCtx_::counter_match_list, DetectEngineThreadCtx_::counter_mpm_list, DetectEngineThreadCtx_::counter_nonmpm_list, DetectEngineThreadCtx_::de_ctx, DetectEngineThreadCtx_::decoder_events, DETECT_ENGINE_TYPE_NORMAL, DETECT_ENGINE_TYPE_TENANT, DetectEngineDeReference(), DetectEngineGetCurrent(), DetectEngineIPOnlyThreadDeinit(), DetectEngineMultiTenantEnabled(), DetectEngineReference(), DetectEngineThreadCtxDeinit(), DetectEngineThreadCtx_::inspect, InspectionBufferMultipleForList::inspection_buffers, InspectionBufferFree(), DetectEngineThreadCtx_::io_ctx, DetectEngineThreadCtx_::match_array, DetectEngineCtx_::mpm_matcher, DetectEngineThreadCtx_::mtc, DetectEngineThreadCtx_::mtcs, DetectEngineThreadCtx_::mtcu, DetectEngineThreadCtx_::multi_inspect, DetectEngineThreadCtx_::non_pf_id_array, PatternMatchThreadDestroy(), DetectEngineThreadCtx_::pmq, PmqFree(), DetectEngineCtx_::ref_cnt, RuleMatchCandidateTxArrayFree(), RunmodeIsUnittests(), SCFree, SCLogDebug, SCMalloc, SCProfilingKeywordThreadCleanup(), SCProfilingPrefilterThreadCleanup(), SCProfilingRuleThreadCleanup(), SCProfilingSghThreadCleanup(), InspectionBufferMultipleForList::size, DetectEngineThreadCtx_::spm_thread_ctx, SpmDestroyThreadCtx(), StatsRegisterAvgCounter(), StatsRegisterCounter(), DetectEngineThreadCtx_::tenant_array, DetectEngineCtx_::tenant_id, DetectEngineThreadCtx_::tenant_id, TM_ECODE_FAILED, TM_ECODE_OK, DetectEngineThreadCtx_::to_clear_queue, DetectEngineThreadCtx_::tv, DetectEngineCtx_::type, and unlikely.
| void DetectEngineUnsetParseMetadata | ( | void | ) |
Definition at line 4151 of file detect-engine.c.
Referenced by DetectMetadataHashFree().
| void DetectPktInspectEngineRegister | ( | const char * | name, |
| InspectionBufferGetPktDataPtr | GetPktData, | ||
| InspectionBufferPktInspectFunc | Callback | ||
| ) |
register inspect engine at start up time
Definition at line 128 of file detect-engine.c.
References BUG_ON, DetectEnginePktInspectionEngine::Callback, DETECT_SM_LIST_MATCH, DetectBufferTypeGetByName(), DetectBufferTypeRegister(), FatalError, DetectEnginePktInspectionEngine::GetData, DetectEnginePktInspectionEngine::next, SC_ERR_INITIALIZATION, SC_ERR_INVALID_ARGUMENTS, SCCalloc, SCLogError, DetectEnginePktInspectionEngine::sm_list, unlikely, and DetectEnginePktInspectionEngine::v1.
Referenced by DetectIpv4hdrRegister(), DetectIpv6hdrRegister(), DetectTcphdrRegister(), and DetectUdphdrRegister().
| int DetectRegisterThreadCtxGlobalFuncs | ( | const char * | name, |
| void *(*)(void *) | InitFunc, | ||
| void * | data, | ||
| void(*)(void *) | FreeFunc | ||
| ) |
Register Thread keyword context Funcs (Global)
IDs stay static over reloads and between tenants
| name | keyword name for error printing |
| InitFunc | function ptr |
| FreeFunc | function ptr |
| id | for retrieval of ctx at runtime |
| -1 | on error |
Definition at line 3070 of file detect-engine.c.
References BUG_ON, DetectEngineThreadKeywordCtxItem_::data, DetectEngineThreadKeywordCtxItem_::FreeFunc, DetectEngineThreadKeywordCtxItem_::id, DetectEngineThreadKeywordCtxItem_::InitFunc, DetectEngineMasterCtx_::keyword_id, DetectEngineMasterCtx_::keyword_list, DetectEngineThreadKeywordCtxItem_::name, DetectEngineThreadKeywordCtxItem_::next, SCCalloc, and unlikely.
Referenced by DetectHttpHeaderNamesRegister(), DetectHttpHeaderRegister(), and DetectHttpStartRegister().
| const char* DetectSigmatchListEnumToString | ( | enum DetectSigmatchListEnum | type | ) |
Definition at line 4161 of file detect-engine.c.
References DETECT_SM_LIST_BASE64_DATA, DETECT_SM_LIST_MATCH, DETECT_SM_LIST_MAX, DETECT_SM_LIST_PMATCH, DETECT_SM_LIST_POSTMATCH, DETECT_SM_LIST_SUPPRESS, DETECT_SM_LIST_THRESHOLD, and DETECT_SM_LIST_TMATCH.
Referenced by CleanupFPAnalyzer(), EngineAnalysisRulesFailure(), and SCProfilingKeywordsGlobalInit().
| void* DetectThreadCtxGetGlobalKeywordThreadCtx | ( | DetectEngineThreadCtx * | det_ctx, |
| int | id | ||
| ) |
Retrieve thread local keyword ctx by id.
| det_ctx | detection engine thread ctx to retrieve the ctx from |
| id | id of the ctx returned by DetectRegisterThreadCtxInitFunc at keyword init. |
| ctx | or NULL on error |
Definition at line 3114 of file detect-engine.c.
References DetectEngineThreadCtx_::global_keyword_ctxs_array, and DetectEngineThreadCtx_::global_keyword_ctxs_size.
Referenced by HttpHeaderGetBufferSpaceForTXID().
| void InspectionBufferApplyTransforms | ( | InspectionBuffer * | buffer, |
| const DetectEngineTransforms * | transforms | ||
| ) |
Definition at line 1132 of file detect-engine.c.
References DetectEngineCtx_::app_inspect_engines, DetectEngineCtx_::app_mpms_list, DetectEngineCtx_::buffer_type_hash, DetectEngineCtx_::buffer_type_id, DetectEngineCtx_::buffer_type_map, DetectEngineCtx_::buffer_type_map_elements, BUG_ON, DetectBufferType_::description, DETECT_SM_LIST_DYNAMIC_START, DETECT_TRANSFORMS_MAX, DetectMpmInitializeAppMpms(), DetectMpmInitializePktMpms(), HashListTableFree(), HashListTableGetListData, HashListTableGetListHead(), HashListTableGetListNext, HashListTableInit(), DetectBufferType_::id, DetectBufferType_::mpm, DetectEngineAppInspectionEngine_::next, DetectEnginePktInspectionEngine::next, next, DetectBufferMpmRegistery_::next, DetectBufferType_::packet, DetectEngineCtx_::pkt_inspect_engines, DetectEngineCtx_::pkt_mpms_list, PrefilterDeinit(), PrefilterInit(), SCCalloc, SCFree, SCLogDebug, DetectBufferType_::SetupCallback, sigmatch_table, DetectBufferType_::string, SigTableElmt_::Transform, DetectEngineTransforms::transforms, and DetectBufferType_::ValidateCallback.
Referenced by DetectFilemagicRegister(), DetectFilenameRegister(), DetectHttpCookieRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriSetup(), DetectIpv4hdrRegister(), DetectIpv6hdrRegister(), DetectSNMPCommunityRegister(), DetectTcphdrRegister(), DetectTemplateBufferRegister(), DetectTlsCertsRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), DetectTlsJa3SStringRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), DetectTlsSubjectRegister(), and DetectUdphdrRegister().
| void InspectionBufferCheckAndExpand | ( | InspectionBuffer * | buffer, |
| uint32_t | min_size | ||
| ) |
make sure that the buffer has at least 'min_size' bytes Expand the buffer if necessary
Definition at line 1103 of file detect-engine.c.
References InspectionBuffer::buf, likely, SCRealloc, and InspectionBuffer::size.
Referenced by FileSwfDecompression(), and InspectionBufferCopy().
| void InspectionBufferClean | ( | DetectEngineThreadCtx * | det_ctx | ) |
Definition at line 999 of file detect-engine.c.
References DetectEngineThreadCtx_::buffers, InspectionBufferMultipleForList::init, InspectionBuffer::inspect, DetectEngineThreadCtx_::inspect, InspectionBufferMultipleForList::inspection_buffers, InspectionBufferMultipleForList::max, DetectEngineThreadCtx_::multi_inspect, DetectEngineThreadCtx_::to_clear_idx, and DetectEngineThreadCtx_::to_clear_queue.
| void InspectionBufferCopy | ( | InspectionBuffer * | buffer, |
| uint8_t * | buf, | ||
| uint32_t | buf_len | ||
| ) |
Definition at line 1120 of file detect-engine.c.
References InspectionBuffer::buf, InspectionBuffer::inspect, InspectionBuffer::inspect_len, InspectionBufferCheckAndExpand(), MIN, and InspectionBuffer::size.
Referenced by DetectTransformCompressWhitespaceRegister(), DetectTransformMd5Register(), DetectTransformSha1Register(), DetectTransformSha256Register(), and DetectTransformStripWhitespaceRegister().
| void InspectionBufferFree | ( | InspectionBuffer * | buffer | ) |
Definition at line 1091 of file detect-engine.c.
References InspectionBuffer::buf, and SCFree.
Referenced by DetectEngineThreadCtxInit(), DetectTransformCompressWhitespaceRegister(), DetectTransformMd5Register(), DetectTransformSha1Register(), DetectTransformSha256Register(), and DetectTransformStripWhitespaceRegister().
| InspectionBuffer* InspectionBufferGet | ( | DetectEngineThreadCtx * | det_ctx, |
| const int | list_id | ||
| ) |
Definition at line 1025 of file detect-engine.c.
References DetectEngineThreadCtx_::buffers, InspectionBuffer::inspect, DetectEngineThreadCtx_::inspect, DetectEngineThreadCtx_::to_clear_idx, and DetectEngineThreadCtx_::to_clear_queue.
Referenced by DetectHttpClientBodyRegister(), DetectHttpCookieRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriSetup(), DetectIpv4hdrRegister(), DetectIpv6hdrRegister(), DetectSNMPCommunityRegister(), DetectTcphdrRegister(), DetectTemplateBufferRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), DetectTlsJa3SStringRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), DetectTlsSubjectRegister(), and DetectUdphdrRegister().
| InspectionBufferMultipleForList* InspectionBufferGetMulti | ( | DetectEngineThreadCtx * | det_ctx, |
| const int | list_id | ||
| ) |
Definition at line 1064 of file detect-engine.c.
References DetectEngineThreadCtx_::buffers, InspectionBufferMultipleForList::init, DetectEngineThreadCtx_::multi_inspect, DetectEngineThreadCtx_::to_clear_idx, and DetectEngineThreadCtx_::to_clear_queue.
Referenced by DetectFilemagicRegister(), DetectFilenameRegister(), and DetectTlsCertsRegister().
| void InspectionBufferInit | ( | InspectionBuffer * | buffer, |
| uint32_t | initial_size | ||
| ) |
Definition at line 1074 of file detect-engine.c.
References InspectionBuffer::buf, SCCalloc, and InspectionBuffer::size.
Referenced by DetectTransformCompressWhitespaceRegister(), DetectTransformMd5Register(), DetectTransformSha1Register(), DetectTransformSha256Register(), and DetectTransformStripWhitespaceRegister().
| InspectionBuffer* InspectionBufferMultipleForListGet | ( | InspectionBufferMultipleForList * | fb, |
| uint32_t | local_id | ||
| ) |
for a InspectionBufferMultipleForList get a InspectionBuffer
| fb | the multiple buffer array |
| local_id | the index to get a buffer |
| buffer | the inspect buffer or NULL in case of error |
Definition at line 1038 of file detect-engine.c.
References InspectionBufferMultipleForList::inspection_buffers, InspectionBufferMultipleForList::max, MAX, SCLogDebug, SCRealloc, and InspectionBufferMultipleForList::size.
Referenced by DetectFilemagicRegister(), DetectFilenameRegister(), and DetectTlsCertsRegister().
| void InspectionBufferSetup | ( | InspectionBuffer * | buffer, |
| const uint8_t * | data, | ||
| const uint32_t | data_len | ||
| ) |
setup the buffer with our initial data
Definition at line 1084 of file detect-engine.c.
References InspectionBuffer::inspect, InspectionBuffer::inspect_len, InspectionBuffer::len, InspectionBuffer::orig, and InspectionBuffer::orig_len.
Referenced by DetectFilemagicRegister(), DetectFilenameRegister(), DetectHttpClientBodyRegister(), DetectHttpCookieRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriSetup(), DetectIpv4hdrRegister(), DetectIpv6hdrRegister(), DetectSNMPCommunityRegister(), DetectTcphdrRegister(), DetectTemplateBufferRegister(), DetectTlsCertsRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), DetectTlsJa3SStringRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), DetectTlsSubjectRegister(), DetectTransformCompressWhitespaceRegister(), DetectTransformMd5Register(), DetectTransformSha1Register(), DetectTransformSha256Register(), DetectTransformStripWhitespaceRegister(), and DetectUdphdrRegister().
1.8.11 
