#include "suricata-common.h"
#include "decode.h"
#include "action-globals.h"
#include "detect.h"
#include "threads.h"
#include "flow.h"
#include "flow-bit.h"
#include "flow-util.h"
#include "detect-flowbits.h"
#include "util-spm.h"
#include "rust.h"
#include "app-layer-parser.h"
#include "detect-parse.h"
#include "detect-engine.h"
#include "detect-engine-mpm.h"
#include "detect-engine-state.h"
#include "detect-engine-build.h"
#include "detect-engine-prefilter.h"
#include "tree.h"
#include "util-enum.h"
#include "util-var-name.h"
#include "util-unittest.h"
#include "util-debug.h"
#include "util-conf.h"

Include dependency graph for detect-flowbits.c:

Data Structures
struct	FBAnalyzer

struct	FBAnalyze

struct	PrefilterFlowbit

struct	PrefilterEngineFlowbits

Macros
#define	PARSE_REGEX "^([a-z]+)(?:,\\s(.))?"

#define	MAX_TOKENS 100

#define	MAX_SIDS 8

#define	BLOCK_SIZE 8

Functions
int	DetectFlowbitMatch (DetectEngineThreadCtx , Packet , const Signature , const SigMatchCtx )

void	DetectFlowbitFree (DetectEngineCtx , void )

void	FlowBitsRegisterTests (void)
	this function registers unit tests for FlowBits More...

void	DetectFlowbitsRegister (void)

int	DetectFlowbitsAnalyze (DetectEngineCtx *de_ctx)

struct PrefilterFlowbit	__attribute__ ((__packed__))
	DNP3 link header. More...

	RB_HEAD (PFB, PrefilterFlowbit)

	RB_PROTOTYPE (PFB, PrefilterFlowbit, rb, PrefilterFlowbitCompare)

	RB_GENERATE (PFB, PrefilterFlowbit, rb, PrefilterFlowbitCompare)

Variables
SCEnumCharMap	flowbit_cmds []

bool	rule_engine_analysis_set

SCMutex	g_flowbits_dump_write_m = SCMUTEX_INITIALIZER

uint32_t *	rule_id

struct PrefilterEngineFlowbits	__attribute__

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t; Breno Silva breno.nosp@m..sil.nosp@m.va@gm.nosp@m.ail..nosp@m.com

Implements the flowbits keyword

Definition in file detect-flowbits.c.

Macro Definition Documentation

◆ BLOCK_SIZE

#define BLOCK_SIZE 8

Definition at line 1149 of file detect-flowbits.c.

◆ MAX_SIDS

#define MAX_SIDS 8

Definition at line 575 of file detect-flowbits.c.

◆ MAX_TOKENS

#define MAX_TOKENS 100

Definition at line 60 of file detect-flowbits.c.

◆ PARSE_REGEX

#define PARSE_REGEX "^([a-z]+)(?:,\\s*(.*))?"

Definition at line 57 of file detect-flowbits.c.

Function Documentation

◆ DetectFlowbitFree()

void DetectFlowbitFree	(	DetectEngineCtx *	de_ctx,
		void *	ptr
	)

Definition at line 502 of file detect-flowbits.c.

References DetectFlowbitsData_::idx, DetectFlowbitsData_::or_list, DetectFlowbitsData_::or_list_size, SCFree, VAR_TYPE_FLOW_BIT, and VarNameStoreUnregister().

Here is the call graph for this function:

◆ DetectFlowbitMatch()

int DetectFlowbitMatch	(	DetectEngineThreadCtx *	det_ctx,
		Packet *	p,
		const Signature *	s,
		const SigMatchCtx *	ctx
	)

Definition at line 302 of file detect-flowbits.c.

References DetectFlowbitsData_::cmd, ctx, and DETECT_FLOWBITS_CMD_ISSET.

Referenced by DetectFlowbitsRegister().

Here is the caller graph for this function:

◆ DetectFlowbitsAnalyze()

int DetectFlowbitsAnalyze ( DetectEngineCtx * de_ctx )

Definition at line 673 of file detect-flowbits.c.

References FBAnalyzer::array, FBAnalyzer::array_size, de_ctx, DetectEngineCtx_::max_fb_id, SCCalloc, SCLogDebug, SCLogError, DetectEngineCtx_::sig_array, and DetectEngineCtx_::sig_array_len.

◆ DetectFlowbitsRegister()

void DetectFlowbitsRegister ( void )

Definition at line 72 of file detect-flowbits.c.

References SigTableElmt_::desc, DETECT_FLOWBITS, DetectFlowbitMatch(), SigTableElmt_::Match, SigTableElmt_::name, SigTableElmt_::Setup, sigmatch_table, and SigTableElmt_::url.

Referenced by SigTableSetup().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ FlowBitsRegisterTests()

void FlowBitsRegisterTests ( void )

this function registers unit tests for FlowBits

Definition at line 1898 of file detect-flowbits.c.

References UtRegisterTest().

Here is the call graph for this function:

◆ RB_GENERATE()

RB_GENERATE	(	PFB	,
		PrefilterFlowbit	,
		rb	,
		PrefilterFlowbitCompare
	)

◆ RB_HEAD()

RB_HEAD	(	PFB	,
		PrefilterFlowbit
	)

red-black tree prototype for PFB (Prefilter Flow Bits)

◆ RB_PROTOTYPE()

RB_PROTOTYPE	(	PFB	,
		PrefilterFlowbit	,
		rb	,
		PrefilterFlowbitCompare
	)

Variable Documentation

◆ attribute

struct PrefilterEngineFlowbits __attribute__

◆ flowbit_cmds

SCEnumCharMap flowbit_cmds[]

Initial value:

= {
    { "set", DETECT_FLOWBITS_CMD_SET },
    { "toggle", DETECT_FLOWBITS_CMD_TOGGLE },
    { "unset", DETECT_FLOWBITS_CMD_UNSET },
    { "isnotset", DETECT_FLOWBITS_CMD_ISNOTSET },
    { "isset", DETECT_FLOWBITS_CMD_ISSET },
}

Definition at line 108 of file detect-flowbits.c.

◆ g_flowbits_dump_write_m

SCMutex g_flowbits_dump_write_m = SCMUTEX_INITIALIZER

Definition at line 920 of file detect-flowbits.c.

◆ rule_engine_analysis_set

bool rule_engine_analysis_set

Definition at line 56 of file detect-engine-loader.c.

◆ rule_id

uint32_t* rule_id

array of signature iid that are part of this prefilter

Definition at line 1042 of file detect-flowbits.c.

Data Structures

Macros

Functions

Variables

Detailed Description

Macro Definition Documentation

◆ BLOCK_SIZE

◆ MAX_SIDS

◆ MAX_TOKENS

◆ PARSE_REGEX

Function Documentation

◆ DetectFlowbitFree()

◆ DetectFlowbitMatch()

◆ DetectFlowbitsAnalyze()

◆ DetectFlowbitsRegister()

◆ FlowBitsRegisterTests()

◆ RB_GENERATE()

◆ RB_HEAD()

◆ RB_PROTOTYPE()

Variable Documentation

◆ __attribute__

◆ flowbit_cmds

◆ g_flowbits_dump_write_m

◆ rule_engine_analysis_set

◆ rule_id

◆ attribute