suricata
detect-threshold.c File Reference
Thresholding
#include "suricata-common.h"
#include "suricata.h"
#include "decode.h"
#include "host.h"
#include "host-storage.h"
#include "detect.h"
#include "detect-parse.h"
#include "flow-var.h"
#include "decode-events.h"
#include "stream-tcp.h"
#include "detect-threshold.h"
#include "detect-engine-threshold.h"
#include "detect-engine-address.h"
#include "detect-engine-build.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "util-byte.h"
#include "util-debug.h"
#include "util-cpu.h"
#include "detect-engine.h"
#include "detect-engine-mpm.h"
#include "detect-engine-alert.h"
#include "util-time.h"
#include "util-hashlist.h"
#include "packet.h"
#include "action-globals.h"
Include dependency graph for detect-threshold.c:

Go to the source code of this file.

#define PARSE_REGEX_NAME   "(track|type|count|seconds|multiplier)"
 
#define PARSE_REGEX_VALUE   "(limit|both|threshold|backoff|by_dst|by_src|by_both|by_rule|by_flow|\\d+)"
 
#define PARSE_REGEX
 
void DetectThresholdRegister (void)
 Registration function for threshold: keyword. More...
 
DetectThresholdDataDetectThresholdDataCopy (DetectThresholdData *de)
 Make a deep-copy of an extant DetectTHresholdData object. More...
 

Detailed Description

Author
Breno Silva breno.nosp@m..sil.nosp@m.va@gm.nosp@m.ail..nosp@m.com
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Implements the threshold keyword.

The feature depends on what is provided by detect-engine-threshold.c and util-threshold-config.c

Definition in file detect-threshold.c.

Macro Definition Documentation

◆ PARSE_REGEX

#define PARSE_REGEX
Value:
"^\\s*" PARSE_REGEX_NAME "\\s+" PARSE_REGEX_VALUE "\\s*,\\s*" PARSE_REGEX_NAME \
"\\s+" PARSE_REGEX_VALUE "\\s*,\\s*" PARSE_REGEX_NAME "\\s+" PARSE_REGEX_VALUE \
"\\s*,\\s*" PARSE_REGEX_NAME "\\s+" PARSE_REGEX_VALUE "\\s*"

Definition at line 68 of file detect-threshold.c.

◆ PARSE_REGEX_NAME

#define PARSE_REGEX_NAME   "(track|type|count|seconds|multiplier)"

Definition at line 64 of file detect-threshold.c.

◆ PARSE_REGEX_VALUE

#define PARSE_REGEX_VALUE   "(limit|both|threshold|backoff|by_dst|by_src|by_both|by_rule|by_flow|\\d+)"

Definition at line 65 of file detect-threshold.c.

Function Documentation

◆ DetectThresholdDataCopy()

DetectThresholdData* DetectThresholdDataCopy ( DetectThresholdData de)

Make a deep-copy of an extant DetectTHresholdData object.

Parameters
depointer to DetectThresholdData

Definition at line 343 of file detect-threshold.c.

References DetectThresholdData_::addrs, DetectAddressCopy(), DetectAddressHead_::ipv4_head, DetectAddressHead_::ipv6_head, DetectAddress_::next, DetectAddress_::prev, SCCalloc, and unlikely.

Here is the call graph for this function:

◆ DetectThresholdRegister()

void DetectThresholdRegister ( void  )

Registration function for threshold: keyword.

Registration function for threshold: keyword

Definition at line 86 of file detect-threshold.c.

References SigTableElmt_::desc, DETECT_THRESHOLD, SigTableElmt_::Match, SigTableElmt_::name, sigmatch_table, and SigTableElmt_::url.

Referenced by SigTableSetup().

Here is the caller graph for this function:
PARSE_REGEX_NAME
#define PARSE_REGEX_NAME
Definition: detect-threshold.c:63
PARSE_REGEX_VALUE
#define PARSE_REGEX_VALUE
Definition: detect-threshold.c:64