suricata
detect-engine.h
Go to the documentation of this file.
1 /* Copyright (C) 2007-2021 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #ifndef SURICATA_DETECT_ENGINE_H
25 #define SURICATA_DETECT_ENGINE_H
26 
27 #include "detect.h"
28 #include "suricata.h"
29 
30 void InspectionBufferInit(InspectionBuffer *buffer, uint32_t initial_size);
31 void InspectionBufferSetup(DetectEngineThreadCtx *det_ctx, const int list_id,
32  InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len);
33 void InspectionBufferFree(InspectionBuffer *buffer);
34 void InspectionBufferCheckAndExpand(InspectionBuffer *buffer, uint32_t min_size);
35 void InspectionBufferCopy(InspectionBuffer *buffer, uint8_t *buf, uint32_t buf_len);
36 void InspectionBufferApplyTransforms(InspectionBuffer *buffer,
37  const DetectEngineTransforms *transforms);
38 void InspectionBufferClean(DetectEngineThreadCtx *det_ctx);
39 InspectionBuffer *InspectionBufferGet(DetectEngineThreadCtx *det_ctx, const int list_id);
40 void InspectionBufferSetupMultiEmpty(InspectionBuffer *buffer);
41 void InspectionBufferSetupMulti(InspectionBuffer *buffer, const DetectEngineTransforms *transforms,
42  const uint8_t *data, const uint32_t data_len);
43 InspectionBuffer *InspectionBufferMultipleForListGet(
44  DetectEngineThreadCtx *det_ctx, const int list_id, uint32_t local_id);
45 
46 /* start up registry funcs */
47 
48 int DetectBufferTypeRegister(const char *name);
49 int DetectBufferTypeGetByName(const char *name);
50 void DetectBufferTypeSupportsMpm(const char *name);
51 void DetectBufferTypeSupportsPacket(const char *name);
52 void DetectBufferTypeSupportsFrames(const char *name);
53 void DetectBufferTypeSupportsTransformations(const char *name);
54 void DetectBufferTypeSupportsMultiInstance(const char *name);
55 int DetectBufferTypeMaxId(void);
56 void DetectBufferTypeCloseRegistration(void);
57 void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc);
58 const char *DetectBufferTypeGetDescriptionByName(const char *name);
59 void DetectBufferTypeRegisterSetupCallback(const char *name,
60  void (*Callback)(const DetectEngineCtx *, Signature *));
61 void DetectBufferTypeRegisterValidateCallback(const char *name,
62  bool (*ValidateCallback)(const Signature *, const char **sigerror));
63 
64 /* detect engine related buffer funcs */
65 
66 int DetectEngineBufferTypeRegisterWithFrameEngines(DetectEngineCtx *de_ctx, const char *name,
67  const int direction, const AppProto alproto, const uint8_t frame_type);
68 int DetectEngineBufferTypeRegister(DetectEngineCtx *de_ctx, const char *name);
69 const char *DetectEngineBufferTypeGetNameById(const DetectEngineCtx *de_ctx, const int id);
70 const DetectBufferType *DetectEngineBufferTypeGetById(const DetectEngineCtx *de_ctx, const int id);
71 bool DetectEngineBufferTypeSupportsMpmGetById(const DetectEngineCtx *de_ctx, const int id);
72 bool DetectEngineBufferTypeSupportsPacketGetById(const DetectEngineCtx *de_ctx, const int id);
73 bool DetectEngineBufferTypeSupportsMultiInstanceGetById(
74  const DetectEngineCtx *de_ctx, const int id);
75 bool DetectEngineBufferTypeSupportsFramesGetById(const DetectEngineCtx *de_ctx, const int id);
76 const char *DetectEngineBufferTypeGetDescriptionById(const DetectEngineCtx *de_ctx, const int id);
77 const DetectBufferType *DetectEngineBufferTypeGetById(const DetectEngineCtx *de_ctx, const int id);
78 int DetectEngineBufferTypeGetByIdTransforms(
79  DetectEngineCtx *de_ctx, const int id, TransformData *transforms, int transform_cnt);
80 void DetectEngineBufferRunSetupCallback(const DetectEngineCtx *de_ctx, const int id, Signature *s);
81 bool DetectEngineBufferRunValidateCallback(
82  const DetectEngineCtx *de_ctx, const int id, const Signature *s, const char **sigerror);
83 bool DetectEngineBufferTypeValidateTransform(DetectEngineCtx *de_ctx, int sm_list,
84  const uint8_t *content, uint16_t content_len, const char **namestr);
85 void DetectEngineBufferTypeSupportsFrames(DetectEngineCtx *de_ctx, const char *name);
86 void DetectEngineBufferTypeSupportsPacket(DetectEngineCtx *de_ctx, const char *name);
87 void DetectEngineBufferTypeSupportsMpm(DetectEngineCtx *de_ctx, const char *name);
88 void DetectEngineBufferTypeSupportsTransformations(DetectEngineCtx *de_ctx, const char *name);
89 
90 /* prototypes */
91 DetectEngineCtx *DetectEngineCtxInitWithPrefix(const char *prefix, uint32_t tenant_id);
92 DetectEngineCtx *DetectEngineCtxInit(void);
93 DetectEngineCtx *DetectEngineCtxInitStubForDD(void);
94 DetectEngineCtx *DetectEngineCtxInitStubForMT(void);
95 void DetectEngineCtxFree(DetectEngineCtx *);
96 
97 int DetectRegisterThreadCtxGlobalFuncs(const char *name,
98  void *(*InitFunc)(void *), void *data, void (*FreeFunc)(void *));
99 void *DetectThreadCtxGetGlobalKeywordThreadCtx(DetectEngineThreadCtx *det_ctx, int id);
100 
101 TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **);
102 TmEcode DetectEngineThreadCtxDeinit(ThreadVars *, void *);
103 //inline uint32_t DetectEngineGetMaxSigId(DetectEngineCtx *);
104 /* faster as a macro than a inline function on my box -- VJ */
105 #define DetectEngineGetMaxSigId(de_ctx) ((de_ctx)->signum)
106 void DetectEngineResetMaxSigId(DetectEngineCtx *);
107 void DetectEngineRegisterTests(void);
108 const char *DetectSigmatchListEnumToString(enum DetectSigmatchListEnum type);
109 
110 uint32_t DetectEngineGetVersion(void);
111 void DetectEngineBumpVersion(void);
112 int DetectEngineAddToMaster(DetectEngineCtx *de_ctx);
113 DetectEngineCtx *DetectEngineGetCurrent(void);
114 DetectEngineCtx *DetectEngineGetByTenantId(uint32_t tenant_id);
115 void DetectEnginePruneFreeList(void);
116 int DetectEngineMoveToFreeList(DetectEngineCtx *de_ctx);
117 void DetectEngineClearMaster(void);
118 DetectEngineCtx *DetectEngineReference(DetectEngineCtx *);
119 void DetectEngineDeReference(DetectEngineCtx **de_ctx);
120 int DetectEngineReload(const SCInstance *suri);
121 int DetectEngineEnabled(void);
122 int DetectEngineMTApply(void);
123 int DetectEngineMultiTenantEnabled(void);
124 int DetectEngineMultiTenantSetup(const bool unix_socket);
125 
126 int DetectEngineReloadStart(void);
127 int DetectEngineReloadIsStart(void);
128 void DetectEngineReloadSetIdle(void);
129 int DetectEngineReloadIsIdle(void);
130 
131 int DetectEngineLoadTenantBlocking(uint32_t tenant_id, const char *yaml);
132 int DetectEngineReloadTenantBlocking(uint32_t tenant_id, const char *yaml, int reload_cnt);
133 int DetectEngineReloadTenantsBlocking(const int reload_cnt);
134 
135 int DetectEngineTenantRegisterLivedev(uint32_t tenant_id, int device_id);
136 int DetectEngineTenantRegisterVlanId(uint32_t tenant_id, uint16_t vlan_id);
137 int DetectEngineTenantUnregisterVlanId(uint32_t tenant_id, uint16_t vlan_id);
138 int DetectEngineTenantRegisterPcapFile(uint32_t tenant_id);
139 int DetectEngineTenantUnregisterPcapFile(uint32_t tenant_id);
140 
141 uint8_t DetectEngineInspectGenericList(DetectEngineCtx *, DetectEngineThreadCtx *,
142  const struct DetectEngineAppInspectionEngine_ *, const Signature *, Flow *, uint8_t, void *,
143  void *, uint64_t);
144 
145 uint8_t DetectEngineInspectBufferGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
146  const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,
147  void *alstate, void *txv, uint64_t tx_id);
148 
149 int DetectEngineInspectPktBufferGeneric(
150  DetectEngineThreadCtx *det_ctx,
151  const DetectEnginePktInspectionEngine *engine,
152  const Signature *s, Packet *p, uint8_t *alert_flags);
153 
154 /**
155  * \brief Registers an app inspection engine.
156  *
157  * \param name Name of the detection list
158  * \param alproto App layer protocol for which we will register the engine.
159  * \param direction The direction for the engine: SIG_FLAG_TOSERVER or
160  * SIG_FLAG_TOCLIENT
161  * \param progress Minimal progress value for inspect engine to run
162  * \param Callback The engine callback.
163  */
164 void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir,
165  int progress, InspectEngineFuncPtr Callback2, InspectionBufferGetDataPtr GetData);
166 
167 void DetectPktInspectEngineRegister(const char *name,
168  InspectionBufferGetPktDataPtr GetPktData,
169  InspectionBufferPktInspectFunc Callback);
170 
171 void DetectEngineFrameInspectEngineRegister(DetectEngineCtx *de_ctx, const char *name, int dir,
172  InspectionBufferFrameInspectFunc Callback, AppProto alproto, uint8_t type);
173 
174 int DetectEngineAppInspectionEngine2Signature(DetectEngineCtx *de_ctx, Signature *s);
175 void DetectEngineAppInspectionEngineSignatureFree(DetectEngineCtx *, Signature *s);
176 
177 bool DetectEnginePktInspectionRun(ThreadVars *tv,
178  DetectEngineThreadCtx *det_ctx, const Signature *s,
179  Flow *f, Packet *p,
180  uint8_t *alert_flags);
181 int DetectEnginePktInspectionSetup(Signature *s);
182 
183 void DetectEngineSetParseMetadata(void);
184 void DetectEngineUnsetParseMetadata(void);
185 int DetectEngineMustParseMetadata(void);
186 
187 SigMatch *DetectBufferGetFirstSigMatch(const Signature *s, const uint32_t buf_id);
188 SigMatch *DetectBufferGetLastSigMatch(const Signature *s, const uint32_t buf_id);
189 bool DetectBufferIsPresent(const Signature *s, const uint32_t buf_id);
190 
191 int WARN_UNUSED DetectBufferSetActiveList(DetectEngineCtx *de_ctx, Signature *s, const int list);
192 int DetectBufferGetActiveList(DetectEngineCtx *de_ctx, Signature *s);
193 SigMatch *DetectBufferGetFirstSigMatch(const Signature *s, const uint32_t buf_id);
194 SigMatch *DetectBufferGetLastSigMatch(const Signature *s, const uint32_t buf_id);
195 
196 DetectEngineThreadCtx *DetectEngineThreadCtxInitForReload(
197  ThreadVars *tv, DetectEngineCtx *new_de_ctx, int mt);
198 
199 void DetectRunStoreStateTx(const SigGroupHead *sgh, Flow *f, void *tx, uint64_t tx_id,
200  const Signature *s, uint32_t inspect_flags, uint8_t flow_flags,
201  const uint16_t file_no_match);
202 
203 void DetectEngineStateResetTxs(Flow *f);
204 
205 void DeStateRegisterTests(void);
206 
207 #endif /* SURICATA_DETECT_ENGINE_H */
DetectEngineMultiTenantSetup
int DetectEngineMultiTenantSetup(const bool unix_socket)
setup multi-detect / multi-tenancy
Definition: detect-engine.c:4139
DetectEngineAppInspectionEngine_
Definition: detect.h:427
DetectEngineReloadIsIdle
int DetectEngineReloadIsIdle(void)
Definition: detect-engine.c:2055
DetectBufferTypeRegister
int DetectBufferTypeRegister(const char *name)
Definition: detect-engine.c:1008
DetectEnginePktInspectionEngine
Definition: detect.h:481
DetectEngineBufferTypeRegister
int DetectEngineBufferTypeRegister(DetectEngineCtx *de_ctx, const char *name)
Definition: detect-engine.c:1159
InspectionBufferGet
InspectionBuffer * InspectionBufferGet(DetectEngineThreadCtx *det_ctx, const int list_id)
Definition: detect-engine.c:1479
SigGroupHead_
Container for matching data for a signature group.
Definition: detect.h:1448
DetectAppLayerInspectEngineRegister
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr Callback2, InspectionBufferGetDataPtr GetData)
Registers an app inspection engine.
Definition: detect-engine.c:169
DetectBufferTypeGetByName
int DetectBufferTypeGetByName(const char *name)
Definition: detect-engine.c:1072
DetectEngineTransforms
Definition: detect.h:409
DetectEnginePktInspectionRun
bool DetectEnginePktInspectionRun(ThreadVars *tv, DetectEngineThreadCtx *det_ctx, const Signature *s, Flow *f, Packet *p, uint8_t *alert_flags)
Definition: detect-engine.c:1937
InspectionBufferMultipleForListGet
InspectionBuffer * InspectionBufferMultipleForListGet(DetectEngineThreadCtx *det_ctx, const int list_id, uint32_t local_id)
for a InspectionBufferMultipleForList get a InspectionBuffer
Definition: detect-engine.c:1499
DetectBufferTypeSetDescriptionByName
void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc)
Definition: detect-engine.c:1169
DetectEngineBufferTypeSupportsFrames
void DetectEngineBufferTypeSupportsFrames(DetectEngineCtx *de_ctx, const char *name)
Definition: detect-engine.c:1198
AppProto
uint16_t AppProto
Definition: app-layer-protos.h:81
InspectionBuffer
Definition: detect.h:374
DetectEngineTenantUnregisterPcapFile
int DetectEngineTenantUnregisterPcapFile(uint32_t tenant_id)
Definition: detect-engine.c:4441
Flow_
Flow data structure.
Definition: flow.h:351
DetectEngineInspectGenericList
uint8_t DetectEngineInspectGenericList(DetectEngineCtx *, DetectEngineThreadCtx *, const struct DetectEngineAppInspectionEngine_ *, const Signature *, Flow *, uint8_t, void *, void *, uint64_t)
Do the content inspection & validation for a signature.
Definition: detect-engine.c:2079
InspectionBufferFree
void InspectionBufferFree(InspectionBuffer *buffer)
Definition: detect-engine.c:1593
DetectEngineReference
DetectEngineCtx * DetectEngineReference(DetectEngineCtx *)
Definition: detect-engine.c:3713
InspectionBufferGetDataPtr
InspectionBuffer *(* InspectionBufferGetDataPtr)(struct DetectEngineThreadCtx_ *det_ctx, const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv, const int list_id)
Definition: detect.h:415
DetectEngineAppInspectionEngine2Signature
int DetectEngineAppInspectionEngine2Signature(DetectEngineCtx *de_ctx, Signature *s)
Definition: detect-engine.c:706
DetectThreadCtxGetGlobalKeywordThreadCtx
void * DetectThreadCtxGetGlobalKeywordThreadCtx(DetectEngineThreadCtx *det_ctx, int id)
Retrieve thread local keyword ctx by id.
Definition: detect-engine.c:3645
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:839
DetectEngineBufferTypeGetDescriptionById
const char * DetectEngineBufferTypeGetDescriptionById(const DetectEngineCtx *de_ctx, const int id)
Definition: detect-engine.c:1180
DetectEngineReloadIsStart
int DetectEngineReloadIsStart(void)
Definition: detect-engine.c:2035
DetectEngineResetMaxSigId
void DetectEngineResetMaxSigId(DetectEngineCtx *)
Definition: detect-engine.c:2922
InspectionBufferClean
void InspectionBufferClean(DetectEngineThreadCtx *det_ctx)
Definition: detect-engine.c:1451
InspectionBufferGetPktDataPtr
InspectionBuffer *(* InspectionBufferGetPktDataPtr)(struct DetectEngineThreadCtx_ *det_ctx, const DetectEngineTransforms *transforms, Packet *p, const int list_id)
Definition: detect.h:476
DetectEngineCtxInitWithPrefix
DetectEngineCtx * DetectEngineCtxInitWithPrefix(const char *prefix, uint32_t tenant_id)
Definition: detect-engine.c:2499
DetectEngineBufferTypeSupportsMultiInstanceGetById
bool DetectEngineBufferTypeSupportsMultiInstanceGetById(const DetectEngineCtx *de_ctx, const int id)
Definition: detect-engine.c:1230
DetectEnginePktInspectionSetup
int DetectEnginePktInspectionSetup(Signature *s)
Definition: detect-engine.c:1985
DetectBufferType_
Definition: detect.h:449
DetectEngineReload
int DetectEngineReload(const SCInstance *suri)
Reload the detection engine.
Definition: detect-engine.c:4629
DetectEngineLoadTenantBlocking
int DetectEngineLoadTenantBlocking(uint32_t tenant_id, const char *yaml)
Load a tenant and wait for loading to complete.
Definition: detect-engine.c:3976
DetectEngineCtxInit
DetectEngineCtx * DetectEngineCtxInit(void)
Definition: detect-engine.c:2494
DetectEngineTenantRegisterLivedev
int DetectEngineTenantRegisterLivedev(uint32_t tenant_id, int device_id)
Definition: detect-engine.c:4419
TransformData_
Definition: detect.h:404
DetectEnginePruneFreeList
void DetectEnginePruneFreeList(void)
Definition: detect-engine.c:4572
DetectEngineBufferTypeSupportsMpm
void DetectEngineBufferTypeSupportsMpm(DetectEngineCtx *de_ctx, const char *name)
Definition: detect-engine.c:1214
DetectBufferTypeGetDescriptionByName
const char * DetectBufferTypeGetDescriptionByName(const char *name)
Definition: detect-engine.c:1189
DetectBufferTypeRegisterSetupCallback
void DetectBufferTypeRegisterSetupCallback(const char *name, void(*Callback)(const DetectEngineCtx *, Signature *))
Definition: detect-engine.c:1266
DetectEngineCtxFree
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
Definition: detect-engine.c:2533
DetectRunStoreStateTx
void DetectRunStoreStateTx(const SigGroupHead *sgh, Flow *f, void *tx, uint64_t tx_id, const Signature *s, uint32_t inspect_flags, uint8_t flow_flags, const uint16_t file_no_match)
Definition: detect-engine-state.c:221
DetectEngineGetByTenantId
DetectEngineCtx * DetectEngineGetByTenantId(uint32_t tenant_id)
Definition: detect-engine.c:4452
DetectEngineTenantUnregisterVlanId
int DetectEngineTenantUnregisterVlanId(uint32_t tenant_id, uint16_t vlan_id)
Definition: detect-engine.c:4430
DetectEngineThreadCtxInit
TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **)
initialize thread specific detection engine context
Definition: detect-engine.c:3244
DetectBufferTypeSupportsFrames
void DetectBufferTypeSupportsFrames(const char *name)
Definition: detect-engine.c:1032
DetectEngineUnsetParseMetadata
void DetectEngineUnsetParseMetadata(void)
Definition: detect-engine.c:4811
InspectionBufferSetup
void InspectionBufferSetup(DetectEngineThreadCtx *det_ctx, const int list_id, InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len)
setup the buffer with our initial data
Definition: detect-engine.c:1574
InspectionBufferPktInspectFunc
int(* InspectionBufferPktInspectFunc)(struct DetectEngineThreadCtx_ *, const struct DetectEnginePktInspectionEngine *engine, const struct Signature_ *s, Packet *p, uint8_t *alert_flags)
Definition: detect.h:469
DetectEngineBufferTypeSupportsTransformations
void DetectEngineBufferTypeSupportsTransformations(DetectEngineCtx *de_ctx, const char *name)
Definition: detect-engine.c:1222
DetectEngineBufferTypeSupportsMpmGetById
bool DetectEngineBufferTypeSupportsMpmGetById(const DetectEngineCtx *de_ctx, const int id)
Definition: detect-engine.c:1248
DetectSigmatchListEnumToString
const char * DetectSigmatchListEnumToString(enum DetectSigmatchListEnum type)
Definition: detect-engine.c:4821
DetectEngineBufferTypeGetByIdTransforms
int DetectEngineBufferTypeGetByIdTransforms(DetectEngineCtx *de_ctx, const int id, TransformData *transforms, int transform_cnt)
Definition: detect-engine.c:1791
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
DetectEngineBufferTypeSupportsFramesGetById
bool DetectEngineBufferTypeSupportsFramesGetById(const DetectEngineCtx *de_ctx, const int id)
Definition: detect-engine.c:1257
DetectEngineReloadTenantBlocking
int DetectEngineReloadTenantBlocking(uint32_t tenant_id, const char *yaml, int reload_cnt)
Reload a tenant and wait for loading to complete.
Definition: detect-engine.c:3990
InspectionBufferCopy
void InspectionBufferCopy(InspectionBuffer *buffer, uint8_t *buf, uint32_t buf_len)
Definition: detect-engine.c:1622
DetectEngineThreadCtx_
Definition: detect.h:1095
DetectEngineReloadSetIdle
void DetectEngineReloadSetIdle(void)
Definition: detect-engine.c:2047
DetectEngineGetCurrent
DetectEngineCtx * DetectEngineGetCurrent(void)
Definition: detect-engine.c:3690
DetectEngineCtxInitStubForMT
DetectEngineCtx * DetectEngineCtxInitStubForMT(void)
Definition: detect-engine.c:2484
DetectEngineBufferTypeGetNameById
const char * DetectEngineBufferTypeGetNameById(const DetectEngineCtx *de_ctx, const int id)
Definition: detect-engine.c:1102
detect.h
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:57
InspectionBufferApplyTransforms
void InspectionBufferApplyTransforms(InspectionBuffer *buffer, const DetectEngineTransforms *transforms)
Definition: detect-engine.c:1678
DetectEngineThreadCtxDeinit
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *, void *)
Definition: detect-engine.c:3454
DetectEngineBufferRunValidateCallback
bool DetectEngineBufferRunValidateCallback(const DetectEngineCtx *de_ctx, const int id, const Signature *s, const char **sigerror)
Definition: detect-engine.c:1294
DetectEngineClearMaster
void DetectEngineClearMaster(void)
Definition: detect-engine.c:4602
DetectEngineDeReference
void DetectEngineDeReference(DetectEngineCtx **de_ctx)
Definition: detect-engine.c:4478
DetectEngineInspectBufferGeneric
uint8_t DetectEngineInspectBufferGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
Definition: detect-engine.c:2122
DetectEngineMustParseMetadata
int DetectEngineMustParseMetadata(void)
Definition: detect-engine.c:4816
InspectionBufferSetupMulti
void InspectionBufferSetupMulti(InspectionBuffer *buffer, const DetectEngineTransforms *transforms, const uint8_t *data, const uint32_t data_len)
setup the buffer with our initial data
Definition: detect-engine.c:1559
DetectEngineFrameInspectEngineRegister
void DetectEngineFrameInspectEngineRegister(DetectEngineCtx *de_ctx, const char *name, int dir, InspectionBufferFrameInspectFunc Callback, AppProto alproto, uint8_t type)
register inspect engine at start up time
Definition: detect-engine.c:357
DetectEngineGetVersion
uint32_t DetectEngineGetVersion(void)
Definition: detect-engine.c:3671
DetectEngineTenantRegisterVlanId
int DetectEngineTenantRegisterVlanId(uint32_t tenant_id, uint16_t vlan_id)
Definition: detect-engine.c:4425
DetectBufferGetActiveList
int DetectBufferGetActiveList(DetectEngineCtx *de_ctx, Signature *s)
Definition: detect-engine.c:1403
DetectBufferTypeSupportsTransformations
void DetectBufferTypeSupportsTransformations(const char *name)
Definition: detect-engine.c:1062
Packet_
Definition: decode.h:437
type
uint16_t type
Definition: decode-vlan.c:107
InspectionBufferFrameInspectFunc
int(* InspectionBufferFrameInspectFunc)(struct DetectEngineThreadCtx_ *, const struct DetectEngineFrameInspectionEngine *engine, const struct Signature_ *s, Packet *p, const struct Frames *frames, const struct Frame *frame)
Definition: detect.h:502
DetectEngineReloadStart
int DetectEngineReloadStart(void)
Definition: detect-engine.c:2021
DetectBufferTypeSupportsPacket
void DetectBufferTypeSupportsPacket(const char *name)
Definition: detect-engine.c:1042
TmEcode
TmEcode
Definition: tm-threads-common.h:83
InspectionBufferInit
void InspectionBufferInit(InspectionBuffer *buffer, uint32_t initial_size)
Definition: detect-engine.c:1536
InspectionBufferSetupMultiEmpty
void InspectionBufferSetupMultiEmpty(InspectionBuffer *buffer)
setup the buffer empty
Definition: detect-engine.c:1546
DetectEngineAddToMaster
int DetectEngineAddToMaster(DetectEngineCtx *de_ctx)
Definition: detect-engine.c:4502
DetectEngineBufferTypeSupportsPacketGetById
bool DetectEngineBufferTypeSupportsPacketGetById(const DetectEngineCtx *de_ctx, const int id)
Definition: detect-engine.c:1239
DetectBufferGetFirstSigMatch
SigMatch * DetectBufferGetFirstSigMatch(const Signature *s, const uint32_t buf_id)
Definition: detect-engine.c:1304
DetectEngineThreadCtxInitForReload
DetectEngineThreadCtx * DetectEngineThreadCtxInitForReload(ThreadVars *tv, DetectEngineCtx *new_de_ctx, int mt)
Definition: detect-engine.c:3308
DetectEngineStateResetTxs
void DetectEngineStateResetTxs(Flow *f)
Reset de state for active tx' To be used on detect engine reload.
Definition: detect-engine-state.c:267
InspectEngineFuncPtr
uint8_t(* InspectEngineFuncPtr)(struct DetectEngineCtx_ *de_ctx, struct DetectEngineThreadCtx_ *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const struct Signature_ *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Definition: detect.h:422
flags
uint8_t flags
Definition: decode-gre.h:0
DetectPktInspectEngineRegister
void DetectPktInspectEngineRegister(const char *name, InspectionBufferGetPktDataPtr GetPktData, InspectionBufferPktInspectFunc Callback)
register inspect engine at start up time
Definition: detect-engine.c:128
InspectionBufferCheckAndExpand
void InspectionBufferCheckAndExpand(InspectionBuffer *buffer, uint32_t min_size)
make sure that the buffer has at least 'min_size' bytes Expand the buffer if necessary
Definition: detect-engine.c:1605
DetectBufferTypeMaxId
int DetectBufferTypeMaxId(void)
Definition: detect-engine.c:899
DetectEngineSetParseMetadata
void DetectEngineSetParseMetadata(void)
Definition: detect-engine.c:4806
DetectEngineBufferTypeSupportsPacket
void DetectEngineBufferTypeSupportsPacket(DetectEngineCtx *de_ctx, const char *name)
Definition: detect-engine.c:1206
DetectEngineBufferRunSetupCallback
void DetectEngineBufferRunSetupCallback(const DetectEngineCtx *de_ctx, const int id, Signature *s)
Definition: detect-engine.c:1276
DetectEngineEnabled
int DetectEngineEnabled(void)
Check if detection is enabled.
Definition: detect-engine.c:3657
DetectEngineCtxInitStubForDD
DetectEngineCtx * DetectEngineCtxInitStubForDD(void)
Definition: detect-engine.c:2489
DetectBufferGetLastSigMatch
SigMatch * DetectBufferGetLastSigMatch(const Signature *s, const uint32_t buf_id)
Definition: detect-engine.c:1314
DetectBufferTypeCloseRegistration
void DetectBufferTypeCloseRegistration(void)
Definition: detect-engine.c:1784
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:32
DetectRegisterThreadCtxGlobalFuncs
int DetectRegisterThreadCtxGlobalFuncs(const char *name, void *(*InitFunc)(void *), void *data, void(*FreeFunc)(void *))
Register Thread keyword context Funcs (Global)
Definition: detect-engine.c:3601
DetectEngineMultiTenantEnabled
int DetectEngineMultiTenantEnabled(void)
Definition: detect-engine.c:3722
DetectEngineMoveToFreeList
int DetectEngineMoveToFreeList(DetectEngineCtx *de_ctx)
Definition: detect-engine.c:4562
Signature_
Signature container.
Definition: detect.h:596
SigMatch_
a single match condition for a signature
Definition: detect.h:350
DetectEngineMTApply
int DetectEngineMTApply(void)
Definition: detect-engine.c:4749
DetectEngineRegisterTests
void DetectEngineRegisterTests(void)
Definition: detect-engine.c:5060
DetectEngineReloadTenantsBlocking
int DetectEngineReloadTenantsBlocking(const int reload_cnt)
Reload all tenants and wait for loading to complete.
Definition: detect-engine.c:4004
suricata.h
DetectEngineBufferTypeRegisterWithFrameEngines
int DetectEngineBufferTypeRegisterWithFrameEngines(DetectEngineCtx *de_ctx, const char *name, const int direction, const AppProto alproto, const uint8_t frame_type)
Definition: detect-engine.c:1125
DetectEngineBufferTypeValidateTransform
bool DetectEngineBufferTypeValidateTransform(DetectEngineCtx *de_ctx, int sm_list, const uint8_t *content, uint16_t content_len, const char **namestr)
Check content byte array compatibility with transforms.
Definition: detect-engine.c:1653
DetectEngineInspectPktBufferGeneric
int DetectEngineInspectPktBufferGeneric(DetectEngineThreadCtx *det_ctx, const DetectEnginePktInspectionEngine *engine, const Signature *s, Packet *p, uint8_t *alert_flags)
Do the content inspection & validation for a signature.
Definition: detect-engine.c:2178
SCInstance_
Definition: suricata.h:123
DetectBufferIsPresent
bool DetectBufferIsPresent(const Signature *s, const uint32_t buf_id)
Definition: detect-engine.c:1325
DetectBufferTypeSupportsMpm
void DetectBufferTypeSupportsMpm(const char *name)
Definition: detect-engine.c:1052
DetectEngineBumpVersion
void DetectEngineBumpVersion(void)
Definition: detect-engine.c:3681
DetectSigmatchListEnum
DetectSigmatchListEnum
Definition: detect.h:112
DeStateRegisterTests
void DeStateRegisterTests(void)
Definition: detect-engine-state.c:1447
DetectEngineAppInspectionEngineSignatureFree
void DetectEngineAppInspectionEngineSignatureFree(DetectEngineCtx *, Signature *s)
free app inspect engines for a signature
Definition: detect-engine.c:793
DetectEngineTenantRegisterPcapFile
int DetectEngineTenantRegisterPcapFile(uint32_t tenant_id)
Definition: detect-engine.c:4435
DetectBufferSetActiveList
int WARN_UNUSED DetectBufferSetActiveList(DetectEngineCtx *de_ctx, Signature *s, const int list)
Definition: detect-engine.c:1335
WARN_UNUSED
#define WARN_UNUSED
Definition: suricata-common.h:403
DetectEngineBufferTypeGetById
const DetectBufferType * DetectEngineBufferTypeGetById(const DetectEngineCtx *de_ctx, const int id)
Definition: detect-engine.c:1092
DetectBufferTypeSupportsMultiInstance
void DetectBufferTypeSupportsMultiInstance(const char *name)
Definition: detect-engine.c:1022
DetectBufferTypeRegisterValidateCallback
void DetectBufferTypeRegisterValidateCallback(const char *name, bool(*ValidateCallback)(const Signature *, const char **sigerror))
Definition: detect-engine.c:1284