State is stored in the DetectEngineState structure. This is basically a container for storage item of type DeStateStore. They contains an array of DeStateStoreItem which store the state of match for an individual signature identified by DeStateStoreItem::sid. More...
Files | |
| file | detect-engine-state.c |
| State based signature handling. | |
| file | detect-engine-state.h |
| Data structures and function prototypes for keeping state for the detection engine. | |
Functions | |
| DetectEngineState * | DetectEngineStateAlloc (void) |
| Alloc a DetectEngineState object. More... | |
| void | DetectEngineStateFree (DetectEngineState *state) |
| Frees a DetectEngineState object. More... | |
| void | DetectRunStoreStateTx (const SigGroupHead *sgh, Flow *f, void *tx, uint64_t tx_id, const Signature *s, uint32_t inspect_flags, uint8_t flow_flags, const uint16_t file_no_match) |
| void | DetectEngineStateResetTxs (Flow *f) |
| Reset de state for active tx' To be used on detect engine reload. More... | |
| void | DeStateRegisterTests (void) |
Detailed Description
State is stored in the DetectEngineState structure. This is basically a container for storage item of type DeStateStore. They contains an array of DeStateStoreItem which store the state of match for an individual signature identified by DeStateStoreItem::sid.
Function Documentation
◆ DeStateRegisterTests()
| void DeStateRegisterTests | ( | void | ) |
Definition at line 1437 of file detect-engine-state.c.
References UtRegisterTest().
◆ DetectEngineStateAlloc()
| DetectEngineState* DetectEngineStateAlloc | ( | void | ) |
Alloc a DetectEngineState object.
- Return values
-
Alloc'd instance of DetectEngineState.
Definition at line 160 of file detect-engine-state.c.
References SCCalloc, and unlikely.
Referenced by DetectRunStoreStateTx().
◆ DetectEngineStateFree()
| void DetectEngineStateFree | ( | DetectEngineState * | state | ) |
Frees a DetectEngineState object.
- Parameters
-
state DetectEngineState instance to free.
Definition at line 169 of file detect-engine-state.c.
References DetectEngineState_::dir_state, DetectEngineStateDirection_::head, DeStateStore_::next, and SCFree.
◆ DetectEngineStateResetTxs()
| void DetectEngineStateResetTxs | ( | Flow * | f | ) |
Reset de state for active tx' To be used on detect engine reload.
- Parameters
-
f write LOCKED flow
Definition at line 260 of file detect-engine-state.c.
◆ DetectRunStoreStateTx()
| void DetectRunStoreStateTx | ( | const SigGroupHead * | sgh, |
| Flow * | f, | ||
| void * | tx, | ||
| uint64_t | tx_id, | ||
| const Signature * | s, | ||
| uint32_t | inspect_flags, | ||
| uint8_t | flow_flags, | ||
| const uint16_t | file_no_match | ||
| ) |
Definition at line 214 of file detect-engine-state.c.
References Flow_::alproto, AppLayerParserGetTxData(), DetectEngineStateAlloc(), Flow_::proto, and SCLogDebug.
