State is stored in the DetectEngineState structure. This is basically a containter for storage item of type DeStateStore. They contains an array of DeStateStoreItem which store the state of match for an individual signature identified by DeStateStoreItem::sid. More...
Files | |
| file | detect-engine-state.c |
| State based signature handling. | |
| file | detect-engine-state.h |
| Data structures and function prototypes for keeping state for the detection engine. | |
Macros | |
| #define | CASE_CODE(E) case E: return #E |
Functions | |
| DetectEngineState * | DetectEngineStateAlloc (void) |
| Alloc a DetectEngineState object. More... | |
| void | DetectEngineStateFree (DetectEngineState *state) |
| Frees a DetectEngineState object. More... | |
| void | DetectRunStoreStateTx (const SigGroupHead *sgh, Flow *f, void *tx, uint64_t tx_id, const Signature *s, uint32_t inspect_flags, uint8_t flow_flags, const uint16_t file_no_match) |
| void | DeStateUpdateInspectTransactionId (Flow *f, const uint8_t flags, const bool tag_txs_as_inspected) |
| update flow's inspection id's More... | |
| void | DetectEngineStateResetTxs (Flow *f) |
| Reset de state for active tx' To be used on detect engine reload. More... | |
| void | DeStateRegisterTests (void) |
Detailed Description
State is stored in the DetectEngineState structure. This is basically a containter for storage item of type DeStateStore. They contains an array of DeStateStoreItem which store the state of match for an individual signature identified by DeStateStoreItem::sid.
Macro Definition Documentation
◆ CASE_CODE
| #define CASE_CODE | ( | E | ) | case E: return #E |
convert enum to string
Definition at line 69 of file detect-engine-state.c.
Function Documentation
◆ DeStateRegisterTests()
| void DeStateRegisterTests | ( | void | ) |
Definition at line 1358 of file detect-engine-state.c.
References UtRegisterTest().
◆ DeStateUpdateInspectTransactionId()
| void DeStateUpdateInspectTransactionId | ( | Flow * | f, |
| const uint8_t | flags, | ||
| const bool | tag_txs_as_inspected | ||
| ) |
update flow's inspection id's
Update the inspect id.
- Parameters
-
f unlocked flow flags direction and disruption flags tag_txs_as_inspected if true all 'complete' txs will be marked 'inspected'
- Note
- it is possible that f->alstate, f->alparser are NULL
Definition at line 252 of file detect-engine-state.c.
References Flow_::alparser, Flow_::alstate, AppLayerParserSetTransactionInspectId(), and flags.
◆ DetectEngineStateAlloc()
| DetectEngineState* DetectEngineStateAlloc | ( | void | ) |
Alloc a DetectEngineState object.
- Return values
-
Alloc'd instance of DetectEngineState.
Definition at line 165 of file detect-engine-state.c.
References SCMalloc, and unlikely.
Referenced by DetectRunStoreStateTx().
◆ DetectEngineStateFree()
| void DetectEngineStateFree | ( | DetectEngineState * | state | ) |
Frees a DetectEngineState object.
- Parameters
-
state DetectEngineState instance to free.
Definition at line 175 of file detect-engine-state.c.
References DetectEngineState_::dir_state, DetectEngineStateDirection_::head, DeStateStore_::next, and SCFree.
Referenced by DetectRunStoreStateTx(), and InitGlobal().
◆ DetectEngineStateResetTxs()
| void DetectEngineStateResetTxs | ( | Flow * | f | ) |
Reset de state for active tx' To be used on detect engine reload.
- Parameters
-
f write LOCKED flow
Definition at line 267 of file detect-engine-state.c.
References FlowGetAppState().
◆ DetectRunStoreStateTx()
| void DetectRunStoreStateTx | ( | const SigGroupHead * | sgh, |
| Flow * | f, | ||
| void * | tx, | ||
| uint64_t | tx_id, | ||
| const Signature * | s, | ||
| uint32_t | inspect_flags, | ||
| uint8_t | flow_flags, | ||
| const uint16_t | file_no_match | ||
| ) |
Definition at line 220 of file detect-engine-state.c.
References Flow_::alproto, AppLayerParserGetTxDetectState(), AppLayerParserSetTxDetectState(), DetectEngineStateAlloc(), DetectEngineStateFree(), Flow_::proto, and SCLogDebug.
