#include "suricata-common.h"#include "suricata.h"#include "decode.h"#include "packet.h"#include "flow.h"#include "stream-tcp.h"#include "app-layer.h"#include "app-layer-parser.h"#include "app-layer-frames.h"#include "detect.h"#include "detect-dsize.h"#include "detect-engine.h"#include "detect-engine-build.h"#include "detect-engine-frame.h"#include "detect-engine-profile.h"#include "detect-engine-alert.h"#include "detect-engine-siggroup.h"#include "detect-engine-address.h"#include "detect-engine-proto.h"#include "detect-engine-port.h"#include "detect-engine-mpm.h"#include "detect-engine-iponly.h"#include "detect-engine-threshold.h"#include "detect-engine-prefilter.h"#include "detect-engine-state.h"#include "detect-engine-analyzer.h"#include "detect-engine-payload.h"#include "detect-engine-event.h"#include "detect-filestore.h"#include "detect-flowvar.h"#include "detect-replace.h"#include "util-validate.h"#include "util-detect.h"#include "util-profiling.h"#include "action-globals.h"#include "tests/detect.c"
Go to the source code of this file.
Data Structures | |
| struct | DetectRunScratchpad |
Macros | |
| #define | TRACE_SID_TXS(sid, txs, ...) |
| #define | NO_TX |
Typedefs | |
| typedef struct DetectRunScratchpad | DetectRunScratchpad |
Functions | |
| const SigGroupHead * | SigMatchSignaturesGetSgh (const DetectEngineCtx *de_ctx, const Packet *p) |
| Get the SigGroupHead for a packet. More... | |
| void | RuleMatchCandidateTxArrayInit (DetectEngineThreadCtx *det_ctx, uint32_t size) |
| void | RuleMatchCandidateTxArrayFree (DetectEngineThreadCtx *det_ctx) |
| void * | DetectGetInnerTx (void *tx_ptr, AppProto alproto, AppProto engine_alproto, uint8_t flow_flags) |
| uint8_t | DetectPreFlow (ThreadVars *tv, DetectEngineThreadCtx *det_ctx, Packet *p) |
| uint8_t | DetectPreStream (ThreadVars *tv, DetectEngineThreadCtx *det_ctx, Packet *p) |
| TmEcode | Detect (ThreadVars *tv, Packet *p, void *data) |
| Detection engine thread wrapper. More... | |
| void | DisableDetectFlowFileFlags (Flow *f) |
| disable file features we don't need Called if we have no detection engine. More... | |
| void | SigMatchSignatures (ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p) |
| wrapper for old tests More... | |
Variables | |
| thread_local Signature | default_accept |
Detailed Description
Basic detection engine
Definition in file detect.c.
Macro Definition Documentation
◆ NO_TX
| #define NO_TX |
◆ TRACE_SID_TXS
Typedef Documentation
◆ DetectRunScratchpad
| typedef struct DetectRunScratchpad DetectRunScratchpad |
Function Documentation
◆ Detect()
| TmEcode Detect | ( | ThreadVars * | tv, |
| Packet * | p, | ||
| void * | data | ||
| ) |
Detection engine thread wrapper.
- Parameters
-
tv thread vars p packet to inspect data thread specific data pq packet queue
- Return values
-
TM_ECODE_FAILED error TM_ECODE_OK ok
Definition at line 2337 of file detect.c.
References de_ctx, DEBUG_VALIDATE_PACKET, DetectEngineThreadCtx_::mt_det_ctxs_cnt, SC_ATOMIC_GET, SC_ATOMIC_SET, SCLogDebug, Packet_::tenant_id, DetectEngineThreadCtx_::TenantGetId, and unlikely.
◆ DetectGetInnerTx()
| void* DetectGetInnerTx | ( | void * | tx_ptr, |
| AppProto | alproto, | ||
| AppProto | engine_alproto, | ||
| uint8_t | flow_flags | ||
| ) |
Definition at line 1149 of file detect.c.
References ALPROTO_DNS, ALPROTO_DOH2, ALPROTO_HTTP2, ALPROTO_UNKNOWN, and unlikely.
Referenced by AlertJsonDoh2(), and DetectRunPrefilterTx().
◆ DetectPreFlow()
| uint8_t DetectPreFlow | ( | ThreadVars * | tv, |
| DetectEngineThreadCtx * | det_ctx, | ||
| Packet * | p | ||
| ) |
Definition at line 2308 of file detect.c.
References de_ctx, DetectEngineThreadCtx_::de_ctx, ThreadVars_::id, Packet_::pcap_cnt, DetectEngineCtx_::pre_flow_sgh, SCLogDebug, and tv.
◆ DetectPreStream()
| uint8_t DetectPreStream | ( | ThreadVars * | tv, |
| DetectEngineThreadCtx * | det_ctx, | ||
| Packet * | p | ||
| ) |
Definition at line 2318 of file detect.c.
References de_ctx, DetectEngineThreadCtx_::de_ctx, ThreadVars_::id, Packet_::pcap_cnt, PKT_IS_TOCLIENT, DetectEngineCtx_::pre_stream_sgh, SCLogDebug, and tv.
◆ DisableDetectFlowFileFlags()
| void DisableDetectFlowFileFlags | ( | Flow * | f | ) |
◆ RuleMatchCandidateTxArrayFree()
| void RuleMatchCandidateTxArrayFree | ( | DetectEngineThreadCtx * | det_ctx | ) |
Definition at line 1082 of file detect.c.
References SCFree, DetectEngineThreadCtx_::tx_candidates, and DetectEngineThreadCtx_::tx_candidates_size.
◆ RuleMatchCandidateTxArrayInit()
| void RuleMatchCandidateTxArrayInit | ( | DetectEngineThreadCtx * | det_ctx, |
| uint32_t | size | ||
| ) |
Definition at line 1069 of file detect.c.
References DEBUG_VALIDATE_BUG_ON, FatalError, SCCalloc, SCLogDebug, DetectEngineThreadCtx_::tx_candidates, and DetectEngineThreadCtx_::tx_candidates_size.
◆ SigMatchSignatures()
| void SigMatchSignatures | ( | ThreadVars * | tv, |
| DetectEngineCtx * | de_ctx, | ||
| DetectEngineThreadCtx * | det_ctx, | ||
| Packet * | p | ||
| ) |
wrapper for old tests
Definition at line 2416 of file detect.c.
References Packet_::flow.
Referenced by UTHMatchPackets(), UTHMatchPacketsWithResults(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().
◆ SigMatchSignaturesGetSgh()
| const SigGroupHead* SigMatchSignaturesGetSgh | ( | const DetectEngineCtx * | de_ctx, |
| const Packet * | p | ||
| ) |
Get the SigGroupHead for a packet.
- Parameters
-
de_ctx detection engine context p packet
- Return values
-
sgh the SigGroupHead or NULL if non applies to the packet
Definition at line 282 of file detect.c.
References PacketEngineEvents_::cnt, de_ctx, DetectEngineCtx_::decoder_event_sgh, Packet_::events, Packet_::proto, SCEnter, and SCReturnPtr.
