suricata
Data Structures | Macros | Functions | Variables
detect-flowbits.c File Reference
#include "suricata-common.h"
#include "decode.h"
#include "action-globals.h"
#include "detect.h"
#include "threads.h"
#include "flow.h"
#include "flow-bit.h"
#include "flow-util.h"
#include "detect-flowbits.h"
#include "util-spm.h"
#include "app-layer-parser.h"
#include "detect-parse.h"
#include "detect-engine.h"
#include "detect-engine-mpm.h"
#include "detect-engine-state.h"
#include "detect-engine-build.h"
#include "util-var-name.h"
#include "util-unittest.h"
#include "util-debug.h"
#include "util-conf.h"
Include dependency graph for detect-flowbits.c:

Go to the source code of this file.

Data Structures

struct  FBAnalyze
 

Macros

#define PARSE_REGEX   "^([a-z]+)(?:,\\s*(.*))?"
 
#define MAX_TOKENS   100
 
#define MAX_SIDS   8
 

Functions

int DetectFlowbitMatch (DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
 
void DetectFlowbitFree (DetectEngineCtx *, void *)
 
void FlowBitsRegisterTests (void)
 this function registers unit tests for FlowBits More...
 
void DetectFlowbitsRegister (void)
 
int DetectFlowbitsAnalyze (DetectEngineCtx *de_ctx)
 

Variables

bool rule_engine_analysis_set
 
SCMutex g_flowbits_dump_write_m = SCMUTEX_INITIALIZER
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t
Breno Silva breno.nosp@m..sil.nosp@m.va@gm.nosp@m.ail..nosp@m.com

Implements the flowbits keyword

Definition in file detect-flowbits.c.

Macro Definition Documentation

◆ MAX_SIDS

#define MAX_SIDS   8

◆ MAX_TOKENS

#define MAX_TOKENS   100

Definition at line 55 of file detect-flowbits.c.

◆ PARSE_REGEX

#define PARSE_REGEX   "^([a-z]+)(?:,\\s*(.*))?"

Definition at line 52 of file detect-flowbits.c.

Function Documentation

◆ DetectFlowbitFree()

void DetectFlowbitFree ( DetectEngineCtx de_ctx,
void *  ptr 
)

Definition at line 376 of file detect-flowbits.c.

References DetectFlowbitsData_::idx, DetectFlowbitsData_::or_list, DetectFlowbitsData_::or_list_size, SCFree, VAR_TYPE_FLOW_BIT, and VarNameStoreUnregister().

Here is the call graph for this function:

◆ DetectFlowbitMatch()

int DetectFlowbitMatch ( DetectEngineThreadCtx det_ctx,
Packet p,
const Signature s,
const SigMatchCtx ctx 
)

Definition at line 197 of file detect-flowbits.c.

References DetectFlowbitsData_::cmd, ctx, and DETECT_FLOWBITS_CMD_ISSET.

Referenced by DetectFlowbitsRegister().

Here is the caller graph for this function:

◆ DetectFlowbitsAnalyze()

int DetectFlowbitsAnalyze ( DetectEngineCtx de_ctx)

Definition at line 420 of file detect-flowbits.c.

References SignatureInitData_::buffer_index, DetectFlowbitsData_::cmd, FBAnalyze::cnts, de_ctx, DETECT_FLOWBITS, DETECT_FLOWBITS_CMD_ISNOTSET, DETECT_FLOWBITS_CMD_ISSET, DETECT_FLOWBITS_CMD_SET, DETECT_FLOWBITS_CMD_TOGGLE, DETECT_FLOWBITS_CMD_UNSET, DETECT_SM_LIST_MATCH, DETECT_SM_LIST_POSTMATCH, Signature_::id, DetectFlowbitsData_::idx, Signature_::init_data, SignatureInitData_::init_flags, SignatureInitData_::is_rule_state_dependant, FBAnalyze::isnotset_sids, FBAnalyze::isnotset_sids_idx, FBAnalyze::isnotset_sids_size, FBAnalyze::isset_sids, FBAnalyze::isset_sids_idx, FBAnalyze::isset_sids_size, MAX, DetectEngineCtx_::max_fb_id, MAX_SIDS, SigMatch_::next, Signature_::num, DetectFlowbitsData_::or_list, DetectFlowbitsData_::or_list_size, rule_engine_analysis_set, SignatureInitData_::rule_state_dependant_sids_array, SignatureInitData_::rule_state_dependant_sids_idx, SignatureInitData_::rule_state_dependant_sids_size, SignatureInitData_::rule_state_flowbits_ids_array, SignatureInitData_::rule_state_flowbits_ids_size, SCCalloc, SCLogDebug, SCLogError, SCLogWarning, SCRealloc, FBAnalyze::set_sids, FBAnalyze::set_sids_idx, FBAnalyze::set_sids_size, DetectEngineCtx_::sig_array, DetectEngineCtx_::sig_array_len, SIG_FLAG_INIT_STATE_MATCH, SignatureInitData_::smlists, FBAnalyze::state_cnts, FBAnalyze::toggle_sids, FBAnalyze::toggle_sids_idx, FBAnalyze::toggle_sids_size, FBAnalyze::unset_sids, FBAnalyze::unset_sids_idx, FBAnalyze::unset_sids_size, VAR_TYPE_FLOW_BIT, and VarNameStoreSetupLookup().

Here is the call graph for this function:

◆ DetectFlowbitsRegister()

void DetectFlowbitsRegister ( void  )

Definition at line 65 of file detect-flowbits.c.

References SigTableElmt_::desc, DETECT_FLOWBITS, DetectFlowbitMatch(), SigTableElmt_::Match, SigTableElmt_::name, SigTableElmt_::Setup, sigmatch_table, and SigTableElmt_::url.

Referenced by SigTableSetup().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ FlowBitsRegisterTests()

void FlowBitsRegisterTests ( void  )

this function registers unit tests for FlowBits

Definition at line 1229 of file detect-flowbits.c.

References UtRegisterTest().

Here is the call graph for this function:

Variable Documentation

◆ g_flowbits_dump_write_m

SCMutex g_flowbits_dump_write_m = SCMUTEX_INITIALIZER

Definition at line 720 of file detect-flowbits.c.

◆ rule_engine_analysis_set

bool rule_engine_analysis_set

Definition at line 55 of file detect-engine-loader.c.

Referenced by DetectFlowbitsAnalyze().