#include "suricata-common.h"#include "decode.h"#include "action-globals.h"#include "detect.h"#include "threads.h"#include "flow.h"#include "flow-bit.h"#include "flow-util.h"#include "detect-flowbits.h"#include "util-spm.h"#include "app-layer-parser.h"#include "detect-parse.h"#include "detect-engine.h"#include "detect-engine-mpm.h"#include "detect-engine-state.h"#include "detect-engine-build.h"#include "util-var-name.h"#include "util-unittest.h"#include "util-debug.h"#include "util-conf.h"
Go to the source code of this file.
Data Structures | |
| struct | FBAnalyze |
Macros | |
| #define | PARSE_REGEX "^([a-z]+)(?:,\\s*(.*))?" |
| #define | MAX_TOKENS 100 |
| #define | MAX_SIDS 8 |
Functions | |
| int | DetectFlowbitMatch (DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *) |
| void | DetectFlowbitFree (DetectEngineCtx *, void *) |
| void | FlowBitsRegisterTests (void) |
| this function registers unit tests for FlowBits More... | |
| void | DetectFlowbitsRegister (void) |
| int | DetectFlowbitsAnalyze (DetectEngineCtx *de_ctx) |
Variables | |
| bool | rule_engine_analysis_set |
| SCMutex | g_flowbits_dump_write_m = SCMUTEX_INITIALIZER |
Detailed Description
Implements the flowbits keyword
Definition in file detect-flowbits.c.
Macro Definition Documentation
◆ MAX_SIDS
| #define MAX_SIDS 8 |
◆ MAX_TOKENS
| #define MAX_TOKENS 100 |
Definition at line 55 of file detect-flowbits.c.
◆ PARSE_REGEX
| #define PARSE_REGEX "^([a-z]+)(?:,\\s*(.*))?" |
Definition at line 52 of file detect-flowbits.c.
Function Documentation
◆ DetectFlowbitFree()
| void DetectFlowbitFree | ( | DetectEngineCtx * | de_ctx, |
| void * | ptr | ||
| ) |
Definition at line 376 of file detect-flowbits.c.
References DetectFlowbitsData_::idx, DetectFlowbitsData_::or_list, DetectFlowbitsData_::or_list_size, SCFree, VAR_TYPE_FLOW_BIT, and VarNameStoreUnregister().
◆ DetectFlowbitMatch()
| int DetectFlowbitMatch | ( | DetectEngineThreadCtx * | det_ctx, |
| Packet * | p, | ||
| const Signature * | s, | ||
| const SigMatchCtx * | ctx | ||
| ) |
Definition at line 197 of file detect-flowbits.c.
References DetectFlowbitsData_::cmd, ctx, and DETECT_FLOWBITS_CMD_ISSET.
Referenced by DetectFlowbitsRegister().
◆ DetectFlowbitsAnalyze()
| int DetectFlowbitsAnalyze | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 420 of file detect-flowbits.c.
References SignatureInitData_::buffer_index, DetectFlowbitsData_::cmd, FBAnalyze::cnts, de_ctx, DETECT_FLOWBITS, DETECT_FLOWBITS_CMD_ISNOTSET, DETECT_FLOWBITS_CMD_ISSET, DETECT_FLOWBITS_CMD_SET, DETECT_FLOWBITS_CMD_TOGGLE, DETECT_FLOWBITS_CMD_UNSET, DETECT_SM_LIST_MATCH, DETECT_SM_LIST_POSTMATCH, Signature_::id, DetectFlowbitsData_::idx, Signature_::init_data, SignatureInitData_::init_flags, FBAnalyze::isnotset_sids, FBAnalyze::isnotset_sids_idx, FBAnalyze::isnotset_sids_size, FBAnalyze::isset_sids, FBAnalyze::isset_sids_idx, FBAnalyze::isset_sids_size, MAX, DetectEngineCtx_::max_fb_id, MAX_SIDS, SigMatch_::next, Signature_::num, DetectFlowbitsData_::or_list, DetectFlowbitsData_::or_list_size, rule_engine_analysis_set, SCCalloc, SCLogDebug, SCLogError, SCLogWarning, SCRealloc, FBAnalyze::set_sids, FBAnalyze::set_sids_idx, FBAnalyze::set_sids_size, DetectEngineCtx_::sig_array, DetectEngineCtx_::sig_array_len, SIG_FLAG_INIT_STATE_MATCH, SignatureInitData_::smlists, FBAnalyze::state_cnts, FBAnalyze::toggle_sids, FBAnalyze::toggle_sids_idx, FBAnalyze::toggle_sids_size, FBAnalyze::unset_sids, FBAnalyze::unset_sids_idx, FBAnalyze::unset_sids_size, VAR_TYPE_FLOW_BIT, and VarNameStoreSetupLookup().
◆ DetectFlowbitsRegister()
| void DetectFlowbitsRegister | ( | void | ) |
Definition at line 65 of file detect-flowbits.c.
References SigTableElmt_::desc, DETECT_FLOWBITS, DetectFlowbitMatch(), SigTableElmt_::Match, SigTableElmt_::name, SigTableElmt_::Setup, sigmatch_table, and SigTableElmt_::url.
Referenced by SigTableSetup().
◆ FlowBitsRegisterTests()
| void FlowBitsRegisterTests | ( | void | ) |
this function registers unit tests for FlowBits
Definition at line 1165 of file detect-flowbits.c.
References UtRegisterTest().
Variable Documentation
◆ g_flowbits_dump_write_m
| SCMutex g_flowbits_dump_write_m = SCMUTEX_INITIALIZER |
Definition at line 656 of file detect-flowbits.c.
◆ rule_engine_analysis_set
| bool rule_engine_analysis_set |
Definition at line 55 of file detect-engine-loader.c.
Referenced by DetectFlowbitsAnalyze().
