suricata
Data Structures | Macros | Typedefs | Functions
detect.c File Reference
#include "suricata-common.h"
#include "suricata.h"
#include "conf.h"
#include "decode.h"
#include "packet.h"
#include "flow.h"
#include "stream-tcp.h"
#include "app-layer.h"
#include "app-layer-parser.h"
#include "app-layer-frames.h"
#include "detect.h"
#include "detect-dsize.h"
#include "detect-engine.h"
#include "detect-engine-build.h"
#include "detect-engine-frame.h"
#include "detect-engine-profile.h"
#include "detect-engine-alert.h"
#include "detect-engine-siggroup.h"
#include "detect-engine-address.h"
#include "detect-engine-proto.h"
#include "detect-engine-port.h"
#include "detect-engine-mpm.h"
#include "detect-engine-iponly.h"
#include "detect-engine-threshold.h"
#include "detect-engine-prefilter.h"
#include "detect-engine-state.h"
#include "detect-engine-analyzer.h"
#include "detect-engine-payload.h"
#include "detect-engine-event.h"
#include "detect-filestore.h"
#include "detect-flowvar.h"
#include "detect-replace.h"
#include "util-validate.h"
#include "util-detect.h"
#include "util-profiling.h"
#include "action-globals.h"
#include "tests/detect.c"
Include dependency graph for detect.c:

Go to the source code of this file.

Data Structures

struct  DetectRunScratchpad
 

Macros

#define TRACE_SID_TXS(sid, txs, ...)
 
#define NO_TX
 

Typedefs

typedef struct DetectRunScratchpad DetectRunScratchpad
 

Functions

const SigGroupHeadSigMatchSignaturesGetSgh (const DetectEngineCtx *de_ctx, const Packet *p)
 Get the SigGroupHead for a packet. More...
 
void RuleMatchCandidateTxArrayInit (DetectEngineThreadCtx *det_ctx, uint32_t size)
 
void RuleMatchCandidateTxArrayFree (DetectEngineThreadCtx *det_ctx)
 
TmEcode Detect (ThreadVars *tv, Packet *p, void *data)
 Detection engine thread wrapper. More...
 
void DisableDetectFlowFileFlags (Flow *f)
 disable file features we don't need Called if we have no detection engine. More...
 
void SigMatchSignatures (ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
 wrapper for old tests More...
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Basic detection engine

Definition in file detect.c.

Macro Definition Documentation

◆ NO_TX

#define NO_TX
Value:
{ \
NULL, 0, NULL, NULL, 0, 0, 0, 0, 0, \
}

Definition at line 1247 of file detect.c.

◆ TRACE_SID_TXS

#define TRACE_SID_TXS (   sid,
  txs,
  ... 
)

Definition at line 1053 of file detect.c.

Typedef Documentation

◆ DetectRunScratchpad

typedef struct DetectRunScratchpad DetectRunScratchpad

Function Documentation

◆ Detect()

TmEcode Detect ( ThreadVars tv,
Packet p,
void *  data 
)

Detection engine thread wrapper.

Parameters
tvthread vars
ppacket to inspect
datathread specific data
pqpacket queue
Return values
TM_ECODE_FAILEDerror
TM_ECODE_OKok

Definition at line 1818 of file detect.c.

References de_ctx, DEBUG_VALIDATE_PACKET, DetectEngineThreadCtx_::mt_det_ctxs_cnt, SC_ATOMIC_GET, SC_ATOMIC_SET, SCLogDebug, Packet_::tenant_id, DetectEngineThreadCtx_::TenantGetId, and unlikely.

◆ DisableDetectFlowFileFlags()

void DisableDetectFlowFileFlags ( Flow f)

disable file features we don't need Called if we have no detection engine.

Definition at line 1887 of file detect.c.

◆ RuleMatchCandidateTxArrayFree()

void RuleMatchCandidateTxArrayFree ( DetectEngineThreadCtx det_ctx)

Definition at line 989 of file detect.c.

References SCFree, DetectEngineThreadCtx_::tx_candidates, and DetectEngineThreadCtx_::tx_candidates_size.

◆ RuleMatchCandidateTxArrayInit()

void RuleMatchCandidateTxArrayInit ( DetectEngineThreadCtx det_ctx,
uint32_t  size 
)

Definition at line 976 of file detect.c.

References DEBUG_VALIDATE_BUG_ON, FatalError, SCCalloc, SCLogDebug, DetectEngineThreadCtx_::tx_candidates, and DetectEngineThreadCtx_::tx_candidates_size.

◆ SigMatchSignatures()

void SigMatchSignatures ( ThreadVars tv,
DetectEngineCtx de_ctx,
DetectEngineThreadCtx det_ctx,
Packet p 
)

wrapper for old tests

Definition at line 1897 of file detect.c.

References Packet_::flow.

Referenced by UTHMatchPackets(), UTHMatchPacketsWithResults(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().

Here is the caller graph for this function:

◆ SigMatchSignaturesGetSgh()

const SigGroupHead* SigMatchSignaturesGetSgh ( const DetectEngineCtx de_ctx,
const Packet p 
)

Get the SigGroupHead for a packet.

Parameters
de_ctxdetection engine context
ppacket
Return values
sghthe SigGroupHead or NULL if non applies to the packet

Definition at line 215 of file detect.c.

References PacketEngineEvents_::cnt, de_ctx, DetectEngineCtx_::decoder_event_sgh, Packet_::events, FLOW_PKT_TOCLIENT, Packet_::flowflags, IP_GET_IPPROTO, PKT_IS_IPV4, PKT_IS_IPV6, proto, Packet_::proto, SCEnter, and SCReturnPtr.