|
suricata
|
|
suricata
|
Go to the source code of this file.
Macros | |
| #define | DetectEngineGetMaxSigId(de_ctx) ((de_ctx)->signum) |
Definition in file detect-engine.h.
| #define DetectEngineGetMaxSigId | ( | de_ctx | ) | ((de_ctx)->signum) |
Definition at line 81 of file detect-engine.h.
Referenced by IPOnlyInit(), MpmStorePrepareBuffer(), SigAddressCleanupStage1(), SigAddressPrepareStage1(), SigAddressPrepareStage2(), SigGroupHeadAppendSig(), SigGroupHeadContainsSigId(), and SigGroupHeadCopySigs().
| void DetectAppLayerInspectEngineRegister | ( | const char * | name, |
| AppProto | alproto, | ||
| uint32_t | dir, | ||
| int | progress, | ||
| InspectEngineFuncPtr | Callback | ||
| ) |
Registers an app inspection engine.
| name | Name of the detection list |
| alproto | App layer protocol for which we will register the engine. |
| direction | The direction for the engine: SIG_FLAG_TOSERVER or SIG_FLAG_TOCLIENT |
| progress | Minimal progress value for inspect engine to run |
| Callback | The engine callback. |
Registers an app inspection engine.
Definition at line 129 of file detect-engine.c.
References DetectEngineAppInspectionEngine_::alproto, ALPROTO_FAILED, BUG_ON, DetectEngineAppInspectionEngine_::Callback, DETECT_SM_LIST_MATCH, DetectBufferTypeGetByName(), DetectBufferTypeRegister(), DetectEngineAppInspectionEngine_::dir, FatalError, DetectEngineAppInspectionEngine_::next, DetectEngineAppInspectionEngine_::progress, SC_ERR_INITIALIZATION, SC_ERR_INVALID_ARGUMENTS, SCLogError, SCMalloc, SIG_FLAG_TOCLIENT, SIG_FLAG_TOSERVER, DetectEngineAppInspectionEngine_::sm_list, and unlikely.
Referenced by DetectAppLayerEventRegister(), DetectCipServiceRegister(), DetectDceIfaceRegister(), DetectDceStubDataRegister(), DetectDNP3Register(), DetectDnsQueryRegister(), DetectEnipCommandRegister(), DetectFilenameRegister(), DetectFtpbounceRegister(), DetectFtpdataRegister(), DetectHttpHeaderNamesRegister(), DetectHttpProtocolRegister(), DetectHttpResponseLineRegister(), DetectHttpStartRegister(), DetectLuaRegister(), DetectModbusRegister(), DetectNfsProcedureRegister(), DetectNfsVersionRegister(), DetectSshProtocolRegister(), DetectSshSoftwareRegister(), DetectSshSoftwareVersionRegister(), DetectSslStateRegister(), DetectTemplateRustBufferRegister(), DetectTlsRegister(), and DetectTlsValidityRegister().
| void DetectAppLayerInspectEngineRegister2 | ( | const char * | name, |
| AppProto | alproto, | ||
| uint32_t | dir, | ||
| int | progress, | ||
| InspectEngineFuncPtr2 | Callback2, | ||
| InspectionBufferGetDataPtr | GetData | ||
| ) |
register inspect engine at start up time
Definition at line 183 of file detect-engine.c.
References DetectEngineAppInspectionEngine_::alproto, ALPROTO_FAILED, ALPROTO_UNKNOWN, Signature_::app_inspect, DetectEngineCtx_::app_inspect_engines, BUG_ON, DetectEngineAppInspectionEngine_::Callback, DE_STATE_FLAG_BASE, DETECT_SM_LIST_MATCH, DETECT_SM_LIST_PMATCH, DetectBufferTypeGetByName(), DetectBufferTypeRegister(), DetectEngineInspectBufferGeneric(), DetectEngineInspectStream(), DetectEngineAppInspectionEngine_::dir, FatalError, DetectEngineAppInspectionEngine_::GetData, DetectEngineAppInspectionEngine_::id, Signature_::id, Signature_::init_data, DetectEngineAppInspectionEngine_::mpm, SignatureInitData_::mpm_sm, DetectEngineAppInspectionEngine_::next, DetectEngineAppInspectionEngine_::progress, SC_ERR_INITIALIZATION, SC_ERR_INVALID_ARGUMENTS, SCCalloc, SCLogDebug, SCLogError, SCMalloc, SIG_FLAG_TOCLIENT, SIG_FLAG_TOSERVER, SigMatchListSMBelongsTo(), DetectEngineAppInspectionEngine_::sm_list, DetectEngineAppInspectionEngine_::smd, DetectEngineAppInspectionEngine_::stream, DetectEngineAppInspectionEngine_::transforms, unlikely, and DetectEngineAppInspectionEngine_::v2.
Referenced by DetectDnsQueryRegister(), DetectFiledataRegister(), DetectFilenameRegister(), DetectHttpClientBodyRegister(), DetectHttpCookieRegister(), DetectHttpHeaderRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriRegister(), DetectSmbNamedPipeRegister(), DetectTemplateBufferRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), and DetectTlsSubjectRegister().
| int DetectBufferGetActiveList | ( | DetectEngineCtx * | de_ctx, |
| Signature * | s | ||
| ) |
Definition at line 823 of file detect-engine.c.
References BUG_ON, DetectBufferTypeGetByIdTransforms(), Signature_::init_data, SignatureInitData_::list, SignatureInitData_::list_set, SCLogDebug, SignatureInitData_::transform_cnt, and SignatureInitData_::transforms.
Referenced by DetectBytejumpDoMatch(), DetectBytetestDoMatch(), DetectContentSetup(), DetectIsdataatSetup(), and DetectPcrePayloadMatch().
| void DetectBufferRunSetupCallback | ( | const DetectEngineCtx * | de_ctx, |
| const int | id, | ||
| Signature * | s | ||
| ) |
Definition at line 781 of file detect-engine.c.
References DetectBufferType_::SetupCallback.
Referenced by SigAddressPrepareStage1(), and SigMatchList2DataArray().
| bool DetectBufferRunValidateCallback | ( | const DetectEngineCtx * | de_ctx, |
| const int | id, | ||
| const Signature * | s, | ||
| const char ** | sigerror | ||
| ) |
Definition at line 800 of file detect-engine.c.
References TRUE, and DetectBufferType_::ValidateCallback.
Referenced by SigMatchList2DataArray().
| int DetectBufferSetActiveList | ( | Signature * | s, |
| const int | list | ||
| ) |
Definition at line 810 of file detect-engine.c.
References BUG_ON, Signature_::init_data, SignatureInitData_::list, SignatureInitData_::list_set, and SignatureInitData_::transform_cnt.
Referenced by DetectDnsQueryRegister(), DetectFilenameRegister(), DetectHttpClientBodyRegister(), DetectHttpCookieRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpServerBodyRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriSetup(), DetectSmbNamedPipeRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), and DetectTlsSubjectRegister().
| void DetectBufferTypeCloseRegistration | ( | void | ) |
Definition at line 1053 of file detect-engine.c.
References BUG_ON.
Referenced by SigTableSetup().
| int DetectBufferTypeGetByIdTransforms | ( | DetectEngineCtx * | de_ctx, |
| const int | id, | ||
| int * | transforms, | ||
| int | transform_cnt | ||
| ) |
Definition at line 1060 of file detect-engine.c.
References DetectEngineCtx_::buffer_type_hash, DetectEngineCtx_::buffer_type_id, DetectEngineCtx_::buffer_type_map, DetectEngineCtx_::buffer_type_map_elements, BUG_ON, DetectEngineTransforms::cnt, DetectAppLayerMpmRegisterByParentId(), HashListTableAdd(), HashListTableLookup(), DetectBufferType_::id, DetectBufferType_::mpm, DetectBufferType_::parent_id, res, SC_ERR_INVALID_SIGNATURE, SCCalloc, SCLogDebug, SCLogError, SCRealloc, DetectBufferType_::SetupCallback, DetectBufferType_::string, DetectBufferType_::supports_transforms, DetectEngineTransforms::transforms, DetectBufferType_::transforms, and DetectBufferType_::ValidateCallback.
Referenced by DetectBufferGetActiveList().
| int DetectBufferTypeGetByName | ( | const char * | name | ) |
Definition at line 698 of file detect-engine.c.
References DetectBufferType_::id.
Referenced by DcePayloadRegisterTests(), DetectAppLayerEventRegister(), DetectAppLayerInspectEngineRegister(), DetectAppLayerInspectEngineRegister2(), DetectAppLayerMpmRegister(), DetectAppLayerMpmRegister2(), DetectBase64DataDoMatch(), DetectBase64DecodeDoMatch(), DetectByteExtractRetrieveSMVar(), DetectBytejumpDoMatch(), DetectBytetestDoMatch(), DetectCipServiceRegister(), DetectDceStubDataRegister(), DetectDnsQueryRegister(), DetectEngineAppInspectionEngine2Signature(), DetectEnipCommandRegister(), DetectFastPatternRegisterTests(), DetectFiledataRegister(), DetectFilenameRegister(), DetectFtpdataRegister(), DetectHttpClientBodyRegister(), DetectHttpCookieRegister(), DetectHttpCookieRegisterTests(), DetectHttpHeaderNamesRegister(), DetectHttpHeaderRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpProtocolRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectHttpStartRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriRegister(), DetectIsdataatRegisterTests(), DetectLuaRegister(), DetectModbusRegister(), DetectNfsProcedureRegister(), DetectNfsVersionRegister(), DetectPcrePayloadMatch(), DetectPktDataRegister(), DetectSmbNamedPipeRegister(), DetectSshProtocolRegister(), DetectSshSoftwareRegister(), DetectTemplateBufferRegister(), DetectTemplateRustBufferRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), DetectTlsSubjectRegister(), DetectTlsValidityRegister(), EngineAnalysisRules(), and PacketCreateMask().
| const char* DetectBufferTypeGetDescriptionById | ( | const DetectEngineCtx * | de_ctx, |
| const int | id | ||
| ) |
Definition at line 735 of file detect-engine.c.
References DetectBufferType_::description.
Referenced by EngineAnalysisFP(), and PerCentEncodingMatch().
| const char* DetectBufferTypeGetDescriptionByName | ( | const char * | name | ) |
Definition at line 744 of file detect-engine.c.
References DetectBufferType_::description.
| const char* DetectBufferTypeGetNameById | ( | const DetectEngineCtx * | de_ctx, |
| const int | id | ||
| ) |
Definition at line 707 of file detect-engine.c.
References DetectEngineCtx_::buffer_type_map, DetectEngineCtx_::buffer_type_map_elements, BUG_ON, and DetectBufferType_::string.
Referenced by DetectEngineAppInspectionEngine2Signature(), DetectRawbytesRegister(), EngineAnalysisFP(), EngineAnalysisRulesFailure(), PerCentEncodingMatch(), SCProfilingKeywordsGlobalInit(), SigMatchList2DataArray(), and SignatureIsIPOnly().
| int DetectBufferTypeMaxId | ( | void | ) |
Definition at line 573 of file detect-engine.c.
References HashListTable_::array_size, BUG_ON, HashListTableAdd(), HashListTableFree(), HashListTableInit(), HashListTableLookup(), hashlittle_safe(), DetectBufferType_::id, res, SCCalloc, SCFree, SCLogDebug, DetectBufferType_::string, and DetectBufferType_::transforms.
Referenced by SigAlloc().
| int DetectBufferTypeRegister | ( | const char * | name | ) |
Definition at line 654 of file detect-engine.c.
References BUG_ON, and DetectBufferType_::id.
Referenced by DetectAppLayerInspectEngineRegister(), DetectAppLayerInspectEngineRegister2(), DetectBufferTypeRegisterSetupCallback(), DetectBufferTypeRegisterValidateCallback(), DetectBufferTypeSupportsMpm(), DetectBufferTypeSupportsPacket(), DetectBufferTypeSupportsTransformations(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectDNP3Register(), DetectFileextRegister(), DetectFilemagicRegister(), DetectFileMd5Register(), DetectFileSha1Register(), DetectFileSha256Register(), DetectFilesizeRegister(), DetectFilestoreRegister(), DetectFtpbounceRegister(), DetectHttpServerBodyRegister(), DetectLuaRegister(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectSslStateRegister(), DetectSslVersionRegister(), DetectTlsRegister(), DetectTlsVersionRegister(), DetectUricontentRegister(), and DetectUrilenRegister().
| void DetectBufferTypeRegisterSetupCallback | ( | const char * | name, |
| void(*)(const DetectEngineCtx *, Signature *) | Callback | ||
| ) |
Definition at line 771 of file detect-engine.c.
References BUG_ON, DetectBufferTypeRegister(), and DetectBufferType_::SetupCallback.
Referenced by DetectFiledataRegister(), DetectHttpClientBodyRegister(), DetectHttpUriRegister(), DetectTlsFingerprintRegister(), DetectTlsJa3HashRegister(), and DetectTlsSerialRegister().
| void DetectBufferTypeRegisterValidateCallback | ( | const char * | name, |
| _Bool(*)(const Signature *, const char **sigerror) | ValidateCallback | ||
| ) |
Definition at line 790 of file detect-engine.c.
References BUG_ON, DetectBufferTypeRegister(), and DetectBufferType_::ValidateCallback.
Referenced by DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpRawHeaderRegister(), DetectHttpUriRegister(), DetectTlsFingerprintRegister(), DetectTlsJa3HashRegister(), and DetectTlsSerialRegister().
| void DetectBufferTypeSetDescriptionByName | ( | const char * | name, |
| const char * | desc | ||
| ) |
Definition at line 726 of file detect-engine.c.
References DetectBufferType_::description.
Referenced by DetectDnsQueryRegister(), DetectFiledataRegister(), DetectFilenameRegister(), DetectHttpClientBodyRegister(), DetectHttpCookieRegister(), DetectHttpHeaderNamesRegister(), DetectHttpHeaderRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpProtocolRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectHttpStartRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriRegister(), DetectSshProtocolRegister(), DetectSshSoftwareRegister(), DetectSslStateRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), and DetectTlsSubjectRegister().
| void DetectBufferTypeSupportsMpm | ( | const char * | name | ) |
Definition at line 678 of file detect-engine.c.
References BUG_ON, DetectBufferTypeRegister(), DetectBufferType_::id, DetectBufferType_::mpm, SCLogDebug, and TRUE.
Referenced by DetectAppLayerMpmRegister(), and DetectAppLayerMpmRegister2().
| bool DetectBufferTypeSupportsMpmGetById | ( | const DetectEngineCtx * | de_ctx, |
| const int | id | ||
| ) |
Definition at line 762 of file detect-engine.c.
References FALSE, DetectBufferType_::mpm, and SCLogDebug.
Referenced by DetectGetLastSMFromMpmLists(), and FastPatternSupportEnabledForSigMatchList().
| void DetectBufferTypeSupportsPacket | ( | const char * | name | ) |
Definition at line 668 of file detect-engine.c.
References BUG_ON, DetectBufferTypeRegister(), DetectBufferType_::id, DetectBufferType_::packet, SCLogDebug, and TRUE.
| bool DetectBufferTypeSupportsPacketGetById | ( | const DetectEngineCtx * | de_ctx, |
| const int | id | ||
| ) |
Definition at line 753 of file detect-engine.c.
References FALSE, DetectBufferType_::packet, and SCLogDebug.
Referenced by SigMatchList2DataArray().
| void DetectBufferTypeSupportsTransformations | ( | const char * | name | ) |
Definition at line 688 of file detect-engine.c.
References BUG_ON, DetectBufferTypeRegister(), DetectBufferType_::id, SCLogDebug, and DetectBufferType_::supports_transforms.
Referenced by DetectAppLayerMpmRegister2().
| int DetectEngineAddToMaster | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 3506 of file detect-engine.c.
References DetectEngineMasterCtx_::lock, SCLogDebug, SCMutexLock, and SCMutexUnlock.
Referenced by DetectEngineMultiTenantEnabled(), DetectEngineReload(), DetectReplaceFreeInternal(), and PostRunDeinit().
| int DetectEngineAppInspectionEngine2Signature | ( | DetectEngineCtx * | de_ctx, |
| Signature * | s | ||
| ) |
Definition at line 358 of file detect-engine.c.
References DetectEngineAppInspectionEngine_::alproto, Signature_::alproto, ALPROTO_UNKNOWN, Signature_::app_inspect, DetectEngineCtx_::app_inspect_engines, BUG_ON, DetectEngineAppInspectionEngine_::Callback, DE_STATE_FLAG_BASE, DE_STATE_ID_FILE_INSPECT, DETECT_SM_LIST_DYNAMIC_START, DETECT_SM_LIST_PMATCH, DetectBufferTypeGetByName(), DetectBufferTypeGetNameById(), DetectEngineAppInspectionEngine_::dir, Signature_::flags, DetectEngineAppInspectionEngine_::GetData, DetectEngineAppInspectionEngine_::id, Signature_::id, Signature_::init_data, SignatureInitData_::init_flags, DetectEngineAppInspectionEngine_::mpm, SignatureInitData_::mpm_sm, DetectEngineAppInspectionEngine_::next, next, DetectEngineAppInspectionEngine_::progress, SCCalloc, SCLogDebug, SIG_FLAG_FLUSH, SIG_FLAG_INIT_NEED_FLUSH, SIG_FLAG_INIT_STATE_MATCH, SIG_FLAG_TOCLIENT, SIG_FLAG_TOSERVER, SigMatchList2DataArray(), SigMatchListSMBelongsTo(), DetectEngineAppInspectionEngine_::sm_list, DetectEngineAppInspectionEngine_::smd, SignatureInitData_::smlists, SignatureInitData_::smlists_array_size, DetectEngineAppInspectionEngine_::transforms, unlikely, and DetectEngineAppInspectionEngine_::v2.
Referenced by SigAddressPrepareStage4().
| void DetectEngineAppInspectionEngineSignatureFree | ( | Signature * | s | ) |
free app inspect engines for a signature
For lists that are registered multiple times, like http_header and http_cookie, making the engines owner of the lists is complicated. Multiple engines in a sig may be pointing to the same list. To address this the 'free' code needs to be extra careful about not double freeing, so it takes an approach to first fill an array of the to-free pointers before freeing them.
Definition at line 517 of file detect-engine.c.
References Signature_::app_inspect, BUG_ON, SigMatchData_::ctx, DETECT_SM_LIST_DYNAMIC_START, SigTableElmt_::Free, SigMatchData_::is_last, MAX, DetectEngineAppInspectionEngine_::next, next, SCFree, sigmatch_table, DetectEngineAppInspectionEngine_::sm_list, DetectEngineAppInspectionEngine_::smd, DetectEngineTransforms::transforms, and SigMatchData_::type.
Referenced by SigFree().
| void DetectEngineBumpVersion | ( | void | ) |
Definition at line 2772 of file detect-engine.c.
References DetectEngineMasterCtx_::lock, SCLogDebug, SCMutexLock, SCMutexUnlock, and DetectEngineMasterCtx_::version.
Referenced by DetectEngineReload(), and PostRunDeinit().
| void DetectEngineCtxFree | ( | DetectEngineCtx * | de_ctx | ) |
Free a DetectEngineCtx::
| de_ctx | DetectEngineCtx:: to be freed |
Definition at line 1685 of file detect-engine.c.
References DetectEngineCtx_::app_mpms, ByteExtractStringUint16(), ConfDump(), ConfGet(), ConfGetInt(), ConfGetNode(), DetectEngineCtx_::config_prefix, ConfNodeLookupChild(), ConfNodeLookupChildValue(), ConfNodeRemove(), DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT, DETECT_PREFILTER_AUTO, DETECT_PREFILTER_MPM, DetectAddressMapFree(), DetectMetadataHashFree(), DetectParseDupSigHashFree(), DetectPortCleanupList(), DetectPortParse(), ENGINE_PROFILE_CUSTOM, ENGINE_PROFILE_HIGH, ENGINE_PROFILE_LOW, ENGINE_PROFILE_MEDIUM, ENGINE_PROFILE_UNKNOWN, ENGINE_SGH_MPM_FACTORY_CONTEXT_FULL, ENGINE_SGH_MPM_FACTORY_CONTEXT_SINGLE, DetectEngineCtx_::inspection_recursion_limit, DetectEngineCtx_::max_uniq_toclient_groups, DetectEngineCtx_::max_uniq_toserver_groups, MPM_AC, MPM_AC_BS, MPM_AC_TILE, MPM_HS, DetectEngineCtx_::mpm_matcher, MpmFactoryDeRegisterAllMpmCtxProfiles(), MpmStoreFree(), ConfNode_::name, DetectPort_::next, next, DetectPort_::port, DetectPort_::port2, DetectEngineCtx_::prefilter_setting, DetectEngineCtx_::profile_ctx, DetectEngineCtx_::profile_keyword_ctx, DetectEngineCtx_::profile_sgh_ctx, run_mode, RUNMODE_UNITTEST, SC_ERR_INVALID_YAML_CONF_ENTRY, SC_ERR_SIZE_PARSE, SCClassConfDeInitContext(), SCFree, SCLogDebug, SCLogError, SCLogWarning, SCProfilingKeywordDestroyCtx(), SCProfilingPrefilterDestroyCtx(), SCProfilingRuleDestroyCtx(), SCProfilingSghDestroyCtx(), SCRConfDeInitContext(), SCSigSignatureOrderingModuleCleanup(), DetectEngineCtx_::sgh_mpm_context, DetectEngineCtx_::sig_array, SigCleanSignatures(), SigGroupCleanup(), SigGroupHeadHashFree(), DetectEngineCtx_::spm_global_thread_ctx, SpmDestroyGlobalThreadCtx(), SRepDestroy(), TAILQ_FOREACH, DetectEngineCtx_::tcp_whitelist, ThresholdContextDestroy(), DetectEngineCtx_::udp_whitelist, ConfNode_::val, VarNameStoreFree(), and DetectEngineCtx_::version.
Referenced by DetectEngineGetEventInfo(), DetectEngineInspectBufferGeneric(), DetectEngineMultiTenantEnabled(), DetectEnginePruneFreeList(), and DetectEngineReload().
| DetectEngineCtx* DetectEngineCtxInit | ( | void | ) |
Definition at line 1640 of file detect-engine.c.
References DETECT_ENGINE_TYPE_NORMAL.
Referenced by DetectEngineCtxInitWithPrefix(), and DetectEngineGetEventInfo().
| DetectEngineCtx* DetectEngineCtxInitStubForDD | ( | void | ) |
Definition at line 1635 of file detect-engine.c.
References DETECT_ENGINE_TYPE_DD_STUB.
Referenced by PostRunDeinit().
| DetectEngineCtx* DetectEngineCtxInitStubForMT | ( | void | ) |
Definition at line 1630 of file detect-engine.c.
References DETECT_ENGINE_TYPE_MT_STUB.
Referenced by DetectEngineMTApply(), and PostRunDeinit().
| DetectEngineCtx* DetectEngineCtxInitWithPrefix | ( | const char * | prefix | ) |
Definition at line 1645 of file detect-engine.c.
References DETECT_ENGINE_TYPE_NORMAL, DetectEngineCtxInit(), SigString_::filename, DetectEngineCtx_::keyword_list, next, DetectEngineThreadKeywordCtxItem_::next, SCFree, SigString_::sig_error, DetectEngineCtx_::sig_stat, SigString_::sig_str, TAILQ_FOREACH_SAFE, and TAILQ_REMOVE.
Referenced by DetectEngineMultiTenantEnabled(), and DetectEngineReload().
| void DetectEngineDeReference | ( | DetectEngineCtx ** | de_ctx | ) |
Definition at line 3482 of file detect-engine.c.
References BUG_ON, DetectEngineMasterCtx_::list, and DetectEngineCtx_::next.
Referenced by DetectEngineMultiTenantEnabled(), DetectEngineReload(), DetectEngineThreadCtxInit(), GlobalsInitPreConfig(), and UnixSocketPcapFile().
| int DetectEngineEnabled | ( | void | ) |
Check if detection is enabled.
| bool | true or false |
Definition at line 2748 of file detect-engine.c.
References DetectEngineMasterCtx_::list, DetectEngineMasterCtx_::lock, SCMutexLock, and SCMutexUnlock.
Referenced by PostRunDeinit().
| DetectEngineCtx* DetectEngineGetByTenantId | ( | int | tenant_id | ) |
Definition at line 3456 of file detect-engine.c.
References DETECT_ENGINE_TYPE_TENANT, DetectEngineMasterCtx_::list, DetectEngineMasterCtx_::lock, DetectEngineCtx_::next, DetectEngineCtx_::ref_cnt, SCMutexLock, SCMutexUnlock, DetectEngineCtx_::tenant_id, and DetectEngineCtx_::type.
Referenced by DetectEngineMultiTenantEnabled(), and UnixSocketPcapFile().
| DetectEngineCtx* DetectEngineGetCurrent | ( | void | ) |
Definition at line 2781 of file detect-engine.c.
References DETECT_ENGINE_TYPE_DD_STUB, DETECT_ENGINE_TYPE_MT_STUB, DETECT_ENGINE_TYPE_NORMAL, DetectEngineMasterCtx_::list, DetectEngineMasterCtx_::lock, DetectEngineCtx_::next, DetectEngineCtx_::ref_cnt, SCLogDebug, SCMutexLock, SCMutexUnlock, and DetectEngineCtx_::type.
Referenced by DetectEngineReload(), DetectEngineThreadCtxInit(), and GlobalsInitPreConfig().
| uint32_t DetectEngineGetVersion | ( | void | ) |
Definition at line 2762 of file detect-engine.c.
References DetectEngineMasterCtx_::lock, SCMutexLock, SCMutexUnlock, version, and DetectEngineMasterCtx_::version.
Referenced by DetectEngineInspectBufferGeneric().
| int DetectEngineInspectBufferGeneric | ( | DetectEngineCtx * | de_ctx, |
| DetectEngineThreadCtx * | det_ctx, | ||
| const DetectEngineAppInspectionEngine * | engine, | ||
| const Signature * | s, | ||
| Flow * | f, | ||
| uint8_t | flags, | ||
| void * | alstate, | ||
| void * | txv, | ||
| uint64_t | tx_id | ||
| ) |
Do the content inspection & validation for a signature.
| de_ctx | Detection engine context |
| det_ctx | Detection engine thread context |
| s | Signature to inspect |
| f | Flow |
| flags | app layer flags |
| state | App layer state |
| 0 | no match. |
| 1 | match. |
| 2 | Sig can't match. |
Definition at line 1242 of file detect-engine.c.
References ActionInitConfig(), Flow_::alproto, AppLayerParserGetStateProgress(), DetectEngineThreadCtx_::buffer_offset, BUG_ON, PacketQueue_::cond_q, ConfGetBool(), DetectEngineCtx_::config_prefix, DETECT_CI_FLAGS_END, DETECT_CI_FLAGS_START, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, DETECT_ENGINE_INSPECT_SIG_CANT_MATCH, DETECT_ENGINE_INSPECT_SIG_MATCH, DETECT_ENGINE_INSPECT_SIG_NO_MATCH, DETECT_ENGINE_TYPE_DD_STUB, DETECT_ENGINE_TYPE_MT_STUB, DetectAddressMapInit(), DetectEngineContentInspection(), DetectEngineCtxFree(), DetectEngineGetVersion(), DetectEngineThreadCtxDeinit(), DetectMetadataHashInit(), DetectParseDupSigHashInit(), DetectEngineThreadCtx_::discontinue_matching, DetectEngineCtx_::failure_fatal, TmModule_::flags, Packet_::flags, FlowWorkerGetDetectCtxPtr(), FlowWorkerReplaceDetectCtx(), DetectEngineAppInspectionEngine_::GetData, Tmq_::id, ThreadVars_::inq, InspectionBuffer::inspect, InspectionBuffer::inspect_len, InspectionBuffer::inspect_offset, DetectEngineThreadCtx_::inspection_recursion_counter, DetectEngineAppInspectionEngine_::mpm, DetectEngineCtx_::mpm_matcher, mpm_table, MpmStoreInit(), PacketQueue_::mutex_q, SpmTableElmt_::name, MpmTableElmt_::name, ThreadVars_::next, offset, PacketEnqueue(), PacketGetFromAlloc(), PatternMatchDefaultMatcher(), PKT_PSEUDO_STREAM_END, TmModule_::PktAcqBreakLoop, TmModule_::PktAcqLoop, DetectEngineAppInspectionEngine_::progress, Flow_::proto, SC_ATOMIC_GET, SC_ERR_LIVE_RULE_SWAP, SCClassConfLoadClassficationConfigFile(), SCCondSignal, SCEnter, SCLogDebug, SCLogError, SCLogInfo, SCMalloc, SCMutexLock, SCMutexUnlock, SCRConfLoadReferenceConfigFile(), DetectEngineCtx_::sig_stat, DetectEngineCtx_::sigerror, SigGroupHeadHashInit(), SinglePatternMatchDefaultMatcher(), TmSlot_::slot_next, DetectEngineAppInspectionEngine_::sm_list, DetectEngineAppInspectionEngine_::smd, DetectEngineCtx_::spm_global_thread_ctx, DetectEngineCtx_::spm_matcher, spm_table, SpmInitGlobalThreadCtx(), SRepInit(), SRepReloadComplete(), strlcpy(), suricata_ctl_flags, TAILQ_INIT, ThresholdHashInit(), THV_CAPTURE_INJECT_PKT, THV_RUNNING_DONE, TM_FLAG_DETECT_TM, TM_FLAG_RECEIVE_TM, TmSlot_::tm_id, ThreadVars_::tm_slots, TmModuleGetById(), TmThreadsCheckFlag(), TmThreadsSetFlag(), trans_q, DetectEngineAppInspectionEngine_::transforms, tv_root, tv_root_lock, TVT_PPT, type, DetectEngineCtx_::type, unlikely, DetectEngineAppInspectionEngine_::v2, VarNameStoreSetupStaging(), and DetectEngineCtx_::version.
Referenced by DetectAppLayerInspectEngineRegister2(), DetectFiledataRegister(), DetectHttpClientBodyRegister(), DetectHttpCookieRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriRegister(), DetectSmbNamedPipeRegister(), DetectTemplateBufferRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), and DetectTlsSubjectRegister().
| int DetectEngineInspectGenericList | ( | ThreadVars * | tv, |
| const DetectEngineCtx * | de_ctx, | ||
| DetectEngineThreadCtx * | det_ctx, | ||
| const Signature * | s, | ||
| const SigMatchData * | smd, | ||
| Flow * | f, | ||
| const uint8_t | flags, | ||
| void * | alstate, | ||
| void * | txv, | ||
| uint64_t | tx_id | ||
| ) |
Do the content inspection & validation for a signature.
| de_ctx | Detection engine context |
| det_ctx | Detection engine thread context |
| s | Signature to inspect |
| sm | SigMatch to inspect |
| f | Flow |
| flags | app layer flags |
| state | App layer state |
| 0 | no match |
| 1 | match |
Definition at line 1193 of file detect-engine.c.
References SigMatchData_::ctx, DETECT_ENGINE_INSPECT_SIG_CANT_MATCH, DETECT_ENGINE_INSPECT_SIG_MATCH, DETECT_ENGINE_INSPECT_SIG_NO_MATCH, SigMatchData_::is_last, KEYWORD_PROFILING_END, KEYWORD_PROFILING_START, SCLogDebug, sigmatch_table, and SigMatchData_::type.
Referenced by DetectDceIfaceRegister(), DetectEngineInspectDnsRequest(), DetectEngineInspectDnsResponse(), DetectFtpbounceRegister(), DetectFtpdataRegister(), DetectLuaRegister(), DetectNfsProcedureRegister(), DetectNfsVersionRegister(), DetectSslStateRegister(), and DetectTlsValidityRegister().
| int DetectEngineLoadTenantBlocking | ( | uint32_t | tenant_id, |
| const char * | yaml | ||
| ) |
Load a tenant and wait for loading to complete.
Definition at line 3007 of file detect-engine.c.
References DetectLoadersSync().
Referenced by UnixSocketPcapFile().
| int DetectEngineMoveToFreeList | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 3522 of file detect-engine.c.
References DetectEngineMasterCtx_::free_list, DetectEngineMasterCtx_::list, DetectEngineMasterCtx_::lock, next, DetectEngineCtx_::next, DetectEngineCtx_::ref_cnt, SCLogDebug, SCMutexLock, and SCMutexUnlock.
Referenced by DetectEngineMultiTenantEnabled(), DetectEngineReload(), DetectReplaceFreeInternal(), GlobalsInitPreConfig(), and UnixSocketPcapFile().
| int DetectEngineMTApply | ( | void | ) |
Definition at line 3713 of file detect-engine.c.
References DETECT_ENGINE_TYPE_DD_STUB, DETECT_ENGINE_TYPE_MT_STUB, DETECT_ENGINE_TYPE_NORMAL, DetectEngineCtxInitStubForMT(), DetectEnginePruneFreeList(), DetectEngineMasterCtx_::list, DetectEngineMasterCtx_::lock, DetectEngineCtx_::next, SCLogDebug, SCLogInfo, SCMutexLock, SCMutexUnlock, DetectEngineCtx_::tenant_id, DetectEngineMasterCtx_::tenant_selector, TENANT_SELECTOR_UNKNOWN, and DetectEngineCtx_::type.
Referenced by UnixSocketPcapFile().
| int DetectEngineMultiTenantEnabled | ( | void | ) |
TODO locking? Not needed if this is a one time setting at startup
Definition at line 2813 of file detect-engine.c.
References ConfGetNode(), DetectEngineCtx_::config_prefix, ConfYamlLoadFileWithPrefix(), DETECT_ENGINE_TYPE_TENANT, DetectEngineAddToMaster(), DetectEngineCtxFree(), DetectEngineCtxInitWithPrefix(), DetectEngineDeReference(), DetectEngineGetByTenantId(), DetectEngineMoveToFreeList(), DetectEngineCtx_::loader_id, DetectEngineMasterCtx_::multi_tenant_enabled, SC_ERR_CONF_YAML_ERROR, SC_ERR_FOPEN, SC_ERR_INITIALIZATION, SC_ERR_MT_DUPLICATE_TENANT, SC_ERR_NO_RULES_LOADED, SCLogDebug, SCLogError, SigLoadSignatures(), DetectEngineCtx_::tenant_id, and DetectEngineCtx_::type.
Referenced by DetectEngineThreadCtxInit(), SigGroupBuild(), and UnixSocketPcapFile().
| int DetectEngineMultiTenantSetup | ( | void | ) |
setup multi-detect / multi-tenancy
See if MT is enabled. If so, setup the selector, tenants and mappings. Tenants and mappings are optional, and can also dynamically be added and removed from the unix socket.
Definition at line 3156 of file detect-engine.c.
References ByteExtractStringUint32(), ConfGet(), ConfGetBool(), ConfGetNode(), ConfNodeLookupChild(), ConfUnixSocketIsEnable(), ConfYamlLoadFileWithPrefix(), DetectLoadersInit(), DetectLoadersSync(), DetectLoaderThreadSpawn(), LiveDevice_::dev, EngineModeIsIPS(), Packet_::livedev, DetectEngineMasterCtx_::lock, DetectEngineSyncer_::m, DetectEngineMasterCtx_::multi_tenant_enabled, next, DetectEngineTenantMapping_::next, SC_ERR_CONF_YAML_ERROR, SC_ERR_INVALID_ARGUMENT, SC_ERR_INVALID_VALUE, SC_ERR_MT_NO_MAPPING, SCCalloc, SCFree, SCLogDebug, SCLogError, SCLogInfo, SCLogNotice, SCLogWarning, SCMutexLock, SCMutexUnlock, TAILQ_FOREACH, DetectEngineThreadCtx_::tenant_array, DetectEngineThreadCtx_::tenant_array_size, LiveDevice_::tenant_id, DetectEngineTenantMapping_::tenant_id, DetectEngineMasterCtx_::tenant_mapping_list, DetectEngineMasterCtx_::tenant_selector, TENANT_SELECTOR_DIRECT, TENANT_SELECTOR_LIVEDEV, TENANT_SELECTOR_UNKNOWN, TENANT_SELECTOR_VLAN, TmModuleDetectLoaderRegister(), TmThreadContinueDetectLoaderThreads(), DetectEngineTenantMapping_::traffic_id, ConfNode_::val, VarNameStoreActivateStaging(), Packet_::vlan_id, and Packet_::vlan_idx.
Referenced by PostRunDeinit().
| int DetectEngineMustParseMetadata | ( | void | ) |
Definition at line 3778 of file detect-engine.c.
Referenced by DetectMetadataHashFree(), and DetectMetadataHashInit().
| void DetectEnginePruneFreeList | ( | void | ) |
Definition at line 3573 of file detect-engine.c.
References DetectEngineCtxFree(), DetectEngineMasterCtx_::free_list, DetectEngineMasterCtx_::lock, next, DetectEngineCtx_::next, DetectEngineCtx_::ref_cnt, SCLogDebug, SCMutexLock, and SCMutexUnlock.
Referenced by DetectEngineMTApply(), DetectEngineReload(), DetectReplaceFreeInternal(), GlobalsInitPreConfig(), and UnixSocketPcapFile().
| DetectEngineCtx* DetectEngineReference | ( | DetectEngineCtx * | ) |
Definition at line 2804 of file detect-engine.c.
References DetectEngineCtx_::ref_cnt.
Referenced by DetectEngineThreadCtxInit().
| void DetectEngineRegisterTests | ( | void | ) |
Definition at line 4079 of file detect-engine.c.
References UtRegisterTest().
| int DetectEngineReload | ( | const SCInstance * | suri | ) |
Reload the detection engine.
| filename | YAML file to load for the detect config |
| -1 | error |
| 0 | ok |
Definition at line 3612 of file detect-engine.c.
References HashTable_::array_size, SCInstance_::conf_filename, ConfDump(), ConfGetNode(), ConfYamlLoadFileWithPrefix(), DETECT_ENGINE_TYPE_DD_STUB, DETECT_ENGINE_TYPE_NORMAL, DetectEngineAddToMaster(), DetectEngineBumpVersion(), DetectEngineCtxFree(), DetectEngineCtxInitWithPrefix(), DetectEngineDeReference(), DetectEngineGetCurrent(), DetectEngineMoveToFreeList(), DetectEnginePruneFreeList(), SC_ERR_CONF_YAML_ERROR, SC_ERR_INITIALIZATION, SCLogDebug, SCLogError, SCLogNotice, SCInstance_::sig_file, SCInstance_::sig_file_exclusive, SigLoadSignatures(), DetectEngineThreadCtx_::tenant_id, and DetectEngineCtx_::type.
Referenced by PostRunDeinit().
| int DetectEngineReloadIsIdle | ( | void | ) |
Definition at line 1169 of file detect-engine.c.
References DetectEngineSyncer_::m, SCMutexLock, SCMutexUnlock, and DetectEngineSyncer_::state.
| int DetectEngineReloadIsStart | ( | void | ) |
Definition at line 1149 of file detect-engine.c.
References DetectEngineSyncer_::m, RELOAD, SCMutexLock, SCMutexUnlock, and DetectEngineSyncer_::state.
Referenced by PostRunDeinit().
| void DetectEngineReloadSetIdle | ( | void | ) |
Definition at line 1161 of file detect-engine.c.
References IDLE, DetectEngineSyncer_::m, SCMutexLock, SCMutexUnlock, and DetectEngineSyncer_::state.
Referenced by PostRunDeinit().
| int DetectEngineReloadStart | ( | void | ) |
Definition at line 1135 of file detect-engine.c.
References DetectEngineSyncer_::m, RELOAD, SCMutexLock, SCMutexUnlock, and DetectEngineSyncer_::state.
Referenced by PostRunDeinit().
| int DetectEngineReloadTenantBlocking | ( | uint32_t | tenant_id, |
| const char * | yaml, | ||
| int | reload_cnt | ||
| ) |
Reload a tenant and wait for loading to complete.
Definition at line 3021 of file detect-engine.c.
References ByteExtractStringUint16(), ByteExtractStringUint32(), ConfNodeLookupChild(), DetectEngineTentantRegisterLivedev(), DetectEngineTentantRegisterVlanId(), DetectLoadersSync(), LiveDevice_::id, LiveGetDevice(), next, SC_ERR_INVALID_ARGUMENT, SC_ERR_MT_NO_MAPPING, SCLogError, SCLogWarning, TAILQ_FOREACH, LiveDevice_::tenant_id, LiveDevice_::tenant_id_set, and ConfNode_::val.
Referenced by UnixSocketPcapFile().
| void DetectEngineResetMaxSigId | ( | DetectEngineCtx * | ) |
Definition at line 2060 of file detect-engine.c.
References DetectEngineCtx_::base64_decode_max_len, DetectEngineThreadCtx_::base64_decoded, DetectEngineThreadCtx_::base64_decoded_len, DetectEngineThreadCtx_::base64_decoded_len_max, DetectEngineThreadCtx_::bj_values, DetectEngineCtx_::buffer_type_id, DetectEngineThreadCtx_::buffers, DetectEngineThreadCtx_::buffers_size, BUG_ON, DetectEngineCtx_::byte_extract_max_local_id, DetectEngineThreadKeywordCtxItem_::data, DetectEngineIPOnlyThreadInit(), DetectEngineThreadKeywordCtxItem_::FreeFunc, DetectEngineThreadCtx_::global_keyword_ctxs_array, DetectEngineThreadCtx_::global_keyword_ctxs_size, HashTableAdd(), HashTableFree(), HashTableInit(), DetectEngineThreadKeywordCtxItem_::id, DetectEngineThreadKeywordCtxItem_::InitFunc, DetectEngineThreadCtx_::inspect, DetectEngineThreadCtx_::io_ctx, DetectEngineThreadCtx_::keyword_ctxs_array, DetectEngineThreadCtx_::keyword_ctxs_size, DetectEngineCtx_::keyword_id, DetectEngineMasterCtx_::keyword_id, DetectEngineCtx_::keyword_list, DetectEngineMasterCtx_::keyword_list, DetectEngineMasterCtx_::list, DetectEngineThreadCtx_::match_array, DetectEngineThreadCtx_::match_array_len, DetectEngineCtx_::mpm_matcher, DetectEngineThreadCtx_::mt_det_ctxs_cnt, DetectEngineThreadCtx_::mt_det_ctxs_hash, DetectEngineThreadCtx_::mtc, DetectEngineThreadCtx_::mtcs, DetectEngineThreadCtx_::mtcu, DetectEngineThreadCtx_::multi_inspect, DetectEngineThreadKeywordCtxItem_::name, DetectEngineThreadKeywordCtxItem_::next, DetectEngineCtx_::next, DetectEngineTenantMapping_::next, DetectEngineThreadCtx_::non_pf_id_array, DetectEngineCtx_::non_pf_store_cnt_max, PatternMatchThreadPrepare(), DetectEngineThreadCtx_::pmq, PmqSetup(), DetectEngineCtx_::profile_ctx, DetectEngineCtx_::profile_keyword_ctx, DetectEngineCtx_::profile_prefilter_ctx, DetectEngineCtx_::profile_sgh_ctx, RuleMatchCandidateTxArrayInit(), SC_ATOMIC_INIT, SC_ERR_DETECT_PREPARE, SC_ERR_MT_NO_SELECTOR, SCCalloc, SCFree, SCLogDebug, SCLogError, SCLogInfo, SCMalloc, SCProfilingKeywordThreadSetup(), SCProfilingPrefilterThreadSetup(), SCProfilingRuleThreadSetup(), SCProfilingSghThreadSetup(), DetectEngineCtx_::sig_array_len, SigIntId, DetectEngineCtx_::signum, DetectEngineCtx_::spm_global_thread_ctx, DetectEngineThreadCtx_::spm_thread_ctx, SpmMakeThreadCtx(), DetectEngineThreadCtx_::tenant_array, DetectEngineThreadCtx_::tenant_array_size, DetectEngineCtx_::tenant_id, DetectEngineTenantMapping_::tenant_id, DetectEngineMasterCtx_::tenant_mapping_list, DetectEngineMasterCtx_::tenant_selector, TENANT_SELECTOR_DIRECT, TENANT_SELECTOR_LIVEDEV, TENANT_SELECTOR_UNKNOWN, TENANT_SELECTOR_VLAN, DetectEngineThreadCtx_::TenantGetId, TM_ECODE_FAILED, TM_ECODE_OK, DetectEngineThreadCtx_::to_clear_idx, DetectEngineThreadCtx_::to_clear_queue, and DetectEngineTenantMapping_::traffic_id.
Referenced by SigCleanSignatures().
| void DetectEngineSetParseMetadata | ( | void | ) |
Definition at line 3768 of file detect-engine.c.
Referenced by DetectMetadataHashFree().
| int DetectEngineTentantRegisterLivedev | ( | uint32_t | tenant_id, |
| int | device_id | ||
| ) |
Definition at line 3424 of file detect-engine.c.
References TENANT_SELECTOR_LIVEDEV.
Referenced by DetectEngineReloadTenantBlocking().
| int DetectEngineTentantRegisterPcapFile | ( | uint32_t | tenant_id | ) |
Definition at line 3439 of file detect-engine.c.
References SCLogInfo, and TENANT_SELECTOR_DIRECT.
Referenced by UnixSocketPcapFile().
| int DetectEngineTentantRegisterVlanId | ( | uint32_t | tenant_id, |
| uint16_t | vlan_id | ||
| ) |
Definition at line 3429 of file detect-engine.c.
References TENANT_SELECTOR_VLAN.
Referenced by DetectEngineReloadTenantBlocking(), and UnixSocketPcapFile().
| int DetectEngineTentantUnregisterPcapFile | ( | uint32_t | tenant_id | ) |
Definition at line 3445 of file detect-engine.c.
References Packet_::pcap_v, SCLogInfo, PcapPacketVars_::tenant_id, and TENANT_SELECTOR_DIRECT.
Referenced by UnixSocketPcapFile().
| int DetectEngineTentantUnregisterVlanId | ( | uint32_t | tenant_id, |
| uint16_t | vlan_id | ||
| ) |
Definition at line 3434 of file detect-engine.c.
References TENANT_SELECTOR_VLAN.
Referenced by UnixSocketPcapFile().
| TmEcode DetectEngineThreadCtxDeinit | ( | ThreadVars * | , |
| void * | |||
| ) |
Definition at line 2591 of file detect-engine.c.
References HashTableFree(), DetectEngineThreadCtx_::mt_det_ctxs_hash, SC_ERR_INVALID_ARGUMENTS, SCLogWarning, and TM_ECODE_OK.
Referenced by DetectEngineInspectBufferGeneric(), and DetectEngineThreadCtxInit().
| TmEcode DetectEngineThreadCtxInit | ( | ThreadVars * | tv, |
| void * | initdata, | ||
| void ** | data | ||
| ) |
initialize thread specific detection engine context
| tv | ThreadVars for this thread |
| initdata | pointer to de_ctx |
| data[out] | pointer to store our thread detection ctx |
| TM_ECODE_OK | if all went well |
| TM_ECODE_FAILED | on serious erro |
alert counter setup
Definition at line 2383 of file detect-engine.c.
References AppLayerDecoderEventsFreeEvents(), DetectEngineThreadCtx_::base64_decoded, DetectEngineThreadCtx_::bj_values, DetectEngineThreadCtx_::buffers, DetectEngineThreadCtx_::buffers_size, DetectEngineThreadCtx_::counter_alerts, DetectEngineThreadCtx_::counter_fnonmpm_list, DetectEngineThreadCtx_::counter_match_list, DetectEngineThreadCtx_::counter_mpm_list, DetectEngineThreadCtx_::counter_nonmpm_list, DetectEngineThreadCtx_::de_ctx, DetectEngineThreadCtx_::decoder_events, DETECT_ENGINE_TYPE_NORMAL, DETECT_ENGINE_TYPE_TENANT, DetectEngineDeReference(), DetectEngineGetCurrent(), DetectEngineIPOnlyThreadDeinit(), DetectEngineMultiTenantEnabled(), DetectEngineReference(), DetectEngineThreadCtxDeinit(), DetectEngineThreadCtx_::inspect, InspectionBufferMultipleForList::inspection_buffers, InspectionBufferFree(), DetectEngineThreadCtx_::io_ctx, DetectEngineThreadCtx_::match_array, DetectEngineCtx_::mpm_matcher, DetectEngineThreadCtx_::mtc, DetectEngineThreadCtx_::mtcs, DetectEngineThreadCtx_::mtcu, DetectEngineThreadCtx_::multi_inspect, DetectEngineThreadCtx_::non_pf_id_array, PatternMatchThreadDestroy(), DetectEngineThreadCtx_::pmq, PmqFree(), DetectEngineCtx_::ref_cnt, RuleMatchCandidateTxArrayFree(), RunmodeIsUnittests(), SCFree, SCLogDebug, SCMalloc, SCProfilingKeywordThreadCleanup(), SCProfilingPrefilterThreadCleanup(), SCProfilingRuleThreadCleanup(), SCProfilingSghThreadCleanup(), InspectionBufferMultipleForList::size, DetectEngineThreadCtx_::spm_thread_ctx, SpmDestroyThreadCtx(), StatsRegisterAvgCounter(), StatsRegisterCounter(), DetectEngineThreadCtx_::tenant_array, DetectEngineCtx_::tenant_id, DetectEngineThreadCtx_::tenant_id, TM_ECODE_FAILED, TM_ECODE_OK, DetectEngineThreadCtx_::to_clear_queue, DetectEngineThreadCtx_::tv, DetectEngineCtx_::type, and unlikely.
| void DetectEngineUnsetParseMetadata | ( | void | ) |
Definition at line 3773 of file detect-engine.c.
Referenced by DetectMetadataHashFree().
| int DetectRegisterThreadCtxGlobalFuncs | ( | const char * | name, |
| void *(*)(void *) | InitFunc, | ||
| void * | data, | ||
| void(*)(void *) | FreeFunc | ||
| ) |
Register Thread keyword context Funcs (Global)
IDs stay static over reloads and between tenants
| name | keyword name for error printing |
| InitFunc | function ptr |
| FreeFunc | function ptr |
| id | for retrieval of ctx at runtime |
| -1 | on error |
Definition at line 2692 of file detect-engine.c.
References BUG_ON, DetectEngineThreadKeywordCtxItem_::data, DetectEngineThreadKeywordCtxItem_::FreeFunc, DetectEngineThreadKeywordCtxItem_::id, DetectEngineThreadKeywordCtxItem_::InitFunc, DetectEngineMasterCtx_::keyword_id, DetectEngineMasterCtx_::keyword_list, DetectEngineThreadKeywordCtxItem_::name, DetectEngineThreadKeywordCtxItem_::next, SCCalloc, and unlikely.
Referenced by DetectHttpHeaderNamesRegister(), DetectHttpHeaderRegister(), and DetectHttpStartRegister().
| const char* DetectSigmatchListEnumToString | ( | enum DetectSigmatchListEnum | type | ) |
Definition at line 3783 of file detect-engine.c.
References DETECT_SM_LIST_BASE64_DATA, DETECT_SM_LIST_MATCH, DETECT_SM_LIST_MAX, DETECT_SM_LIST_PMATCH, DETECT_SM_LIST_POSTMATCH, DETECT_SM_LIST_SUPPRESS, DETECT_SM_LIST_THRESHOLD, and DETECT_SM_LIST_TMATCH.
Referenced by CleanupFPAnalyzer(), EngineAnalysisRulesFailure(), and SCProfilingKeywordsGlobalInit().
| void* DetectThreadCtxGetGlobalKeywordThreadCtx | ( | DetectEngineThreadCtx * | det_ctx, |
| int | id | ||
| ) |
Retrieve thread local keyword ctx by id.
| det_ctx | detection engine thread ctx to retrieve the ctx from |
| id | id of the ctx returned by DetectRegisterThreadCtxInitFunc at keyword init. |
| ctx | or NULL on error |
Definition at line 2736 of file detect-engine.c.
References DetectEngineThreadCtx_::global_keyword_ctxs_array, and DetectEngineThreadCtx_::global_keyword_ctxs_size.
Referenced by HttpHeaderGetBufferSpaceForTXID().
| void InspectionBufferApplyTransforms | ( | InspectionBuffer * | buffer, |
| const DetectEngineTransforms * | transforms | ||
| ) |
Definition at line 978 of file detect-engine.c.
References DetectEngineCtx_::app_inspect_engines, DetectEngineCtx_::app_mpms_list, DetectEngineCtx_::buffer_type_hash, DetectEngineCtx_::buffer_type_id, DetectEngineCtx_::buffer_type_map, DetectEngineCtx_::buffer_type_map_elements, BUG_ON, DetectBufferType_::description, DETECT_SM_LIST_DYNAMIC_START, DETECT_TRANSFORMS_MAX, DetectMpmInitializeAppMpms(), HashListTableFree(), HashListTableGetListData, HashListTableGetListHead(), HashListTableGetListNext, HashListTableInit(), DetectBufferType_::id, DetectBufferType_::mpm, DetectEngineAppInspectionEngine_::next, next, DetectMpmAppLayerRegistery_::next, DetectBufferType_::packet, PrefilterDeinit(), PrefilterInit(), SCCalloc, SCFree, SCLogDebug, DetectBufferType_::SetupCallback, sigmatch_table, DetectBufferType_::string, SigTableElmt_::Transform, DetectEngineTransforms::transforms, and DetectBufferType_::ValidateCallback.
Referenced by DetectFilenameRegister(), DetectHttpCookieRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriSetup(), DetectSmbNamedPipeRegister(), DetectTemplateBufferRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), and DetectTlsSubjectRegister().
| void InspectionBufferCheckAndExpand | ( | InspectionBuffer * | buffer, |
| uint32_t | min_size | ||
| ) |
make sure that the buffer has at least 'min_size' bytes Expand the buffer if necessary
Definition at line 949 of file detect-engine.c.
References InspectionBuffer::buf, likely, SCRealloc, and InspectionBuffer::size.
Referenced by FileSwfDecompression(), and InspectionBufferCopy().
| void InspectionBufferClean | ( | DetectEngineThreadCtx * | det_ctx | ) |
Definition at line 845 of file detect-engine.c.
References DetectEngineThreadCtx_::buffers, InspectionBufferMultipleForList::init, InspectionBuffer::inspect, DetectEngineThreadCtx_::inspect, InspectionBufferMultipleForList::inspection_buffers, InspectionBufferMultipleForList::max, DetectEngineThreadCtx_::multi_inspect, DetectEngineThreadCtx_::to_clear_idx, and DetectEngineThreadCtx_::to_clear_queue.
| void InspectionBufferCopy | ( | InspectionBuffer * | buffer, |
| uint8_t * | buf, | ||
| uint32_t | buf_len | ||
| ) |
Definition at line 966 of file detect-engine.c.
References InspectionBuffer::buf, InspectionBuffer::inspect, InspectionBuffer::inspect_len, InspectionBufferCheckAndExpand(), MIN, and InspectionBuffer::size.
Referenced by DetectTransformCompressWhitespaceRegister(), DetectTransformMd5Register(), DetectTransformSha1Register(), DetectTransformSha256Register(), and DetectTransformStripWhitespaceRegister().
| void InspectionBufferFree | ( | InspectionBuffer * | buffer | ) |
Definition at line 937 of file detect-engine.c.
References InspectionBuffer::buf, and SCFree.
Referenced by DetectEngineThreadCtxInit(), DetectTransformCompressWhitespaceRegister(), DetectTransformMd5Register(), DetectTransformSha1Register(), DetectTransformSha256Register(), and DetectTransformStripWhitespaceRegister().
| InspectionBuffer* InspectionBufferGet | ( | DetectEngineThreadCtx * | det_ctx, |
| const int | list_id | ||
| ) |
Definition at line 871 of file detect-engine.c.
References DetectEngineThreadCtx_::buffers, InspectionBuffer::inspect, DetectEngineThreadCtx_::inspect, DetectEngineThreadCtx_::to_clear_idx, and DetectEngineThreadCtx_::to_clear_queue.
Referenced by DetectHttpClientBodyRegister(), DetectHttpCookieRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriSetup(), DetectSmbNamedPipeRegister(), DetectTemplateBufferRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), and DetectTlsSubjectRegister().
| InspectionBufferMultipleForList* InspectionBufferGetMulti | ( | DetectEngineThreadCtx * | det_ctx, |
| const int | list_id | ||
| ) |
Definition at line 910 of file detect-engine.c.
References DetectEngineThreadCtx_::buffers, InspectionBufferMultipleForList::init, DetectEngineThreadCtx_::multi_inspect, DetectEngineThreadCtx_::to_clear_idx, and DetectEngineThreadCtx_::to_clear_queue.
Referenced by DetectFilenameRegister().
| void InspectionBufferInit | ( | InspectionBuffer * | buffer, |
| uint32_t | initial_size | ||
| ) |
Definition at line 920 of file detect-engine.c.
References InspectionBuffer::buf, SCCalloc, and InspectionBuffer::size.
Referenced by DetectTransformCompressWhitespaceRegister(), DetectTransformMd5Register(), DetectTransformSha1Register(), DetectTransformSha256Register(), and DetectTransformStripWhitespaceRegister().
| InspectionBuffer* InspectionBufferMultipleForListGet | ( | InspectionBufferMultipleForList * | fb, |
| uint32_t | local_id | ||
| ) |
for a InspectionBufferMultipleForList get a InspectionBuffer
| fb | the multiple buffer array |
| local_id | the index to get a buffer |
| buffer | the inspect buffer or NULL in case of error |
Definition at line 884 of file detect-engine.c.
References InspectionBufferMultipleForList::inspection_buffers, MAX, InspectionBufferMultipleForList::max, SCLogDebug, SCRealloc, and InspectionBufferMultipleForList::size.
Referenced by DetectFilenameRegister().
| void InspectionBufferSetup | ( | InspectionBuffer * | buffer, |
| const uint8_t * | data, | ||
| const uint32_t | data_len | ||
| ) |
setup the buffer with our initial data
Definition at line 930 of file detect-engine.c.
References InspectionBuffer::inspect, InspectionBuffer::inspect_len, InspectionBuffer::len, InspectionBuffer::orig, and InspectionBuffer::orig_len.
Referenced by DetectFilenameRegister(), DetectHttpClientBodyRegister(), DetectHttpCookieRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriSetup(), DetectSmbNamedPipeRegister(), DetectTemplateBufferRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3StringRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), DetectTlsSubjectRegister(), DetectTransformCompressWhitespaceRegister(), DetectTransformMd5Register(), DetectTransformSha1Register(), DetectTransformSha256Register(), and DetectTransformStripWhitespaceRegister().
1.8.11 
