#include <detect.h>

Collaboration diagram for DetectEngineThreadCtx_:

[legend]

Public Member Functions
	SC_ATOMIC_DECLARE (int, so_far_used_by_detect)

Data Fields
uint32_t	tenant_id

uint64_t	ticker

ThreadVars *	tv

SigIntId *	non_pf_id_array

uint32_t	non_pf_id_cnt

uint32_t	mt_det_ctxs_cnt

struct DetectEngineThreadCtx_ **	mt_det_ctxs

HashTable *	mt_det_ctxs_hash

struct DetectEngineTenantMapping_ *	tenant_array

uint32_t	tenant_array_size

uint32_t(*	TenantGetId )(const void , const Packet p)

uint64_t	raw_stream_progress

uint32_t	buffer_offset

uint32_t	pcre_match_start_offset

uint16_t	filestore_cnt

uint16_t	counter_alerts

uint16_t	counter_mpm_list

uint16_t	counter_nonmpm_list

uint16_t	counter_fnonmpm_list

uint16_t	counter_match_list

int	inspect_list

struct {
InspectionBuffer * buffers

uint32_t buffers_size

uint32_t to_clear_idx

uint32_t * to_clear_queue

}	inspect

struct {
InspectionBufferMultipleForList * buffers

uint32_t buffers_size

uint32_t to_clear_idx

uint32_t * to_clear_queue

}	multi_inspect

uint16_t	discontinue_matching

uint16_t	flags

uint16_t	tx_id_set

uint64_t	tx_id

Packet *	p

int	inspection_recursion_counter

Signature **	match_array

uint32_t	match_array_len

SigIntId	match_array_cnt

RuleMatchCandidateTx *	tx_candidates

uint32_t	tx_candidates_size

SignatureNonPrefilterStore *	non_pf_store_ptr

uint32_t	non_pf_store_cnt

MpmThreadCtx	mtc

MpmThreadCtx	mtcu

MpmThreadCtx	mtcs

PrefilterRuleStore	pmq

SpmThreadCtx *	spm_thread_ctx

DetectEngineIPOnlyThreadCtx	io_ctx

uint64_t *	bj_values

DetectReplaceList *	replist

DetectVarList *	varlist

struct {
uint32_t file_id

uint64_t tx_id

}	filestore [DETECT_FILESTORE_MAX]

DetectEngineCtx *	de_ctx

void **	keyword_ctxs_array

int	keyword_ctxs_size

int	global_keyword_ctxs_size

void **	global_keyword_ctxs_array

uint8_t *	base64_decoded

int	base64_decoded_len

int	base64_decoded_len_max

AppLayerDecoderEvents *	decoder_events

uint16_t	events

struct SCProfileData_ *	rule_perf_data

int	rule_perf_data_size

struct SCProfileKeywordData_ *	keyword_perf_data

struct SCProfileKeywordData_ **	keyword_perf_data_per_list

int	keyword_perf_list

struct SCProfileSghData_ *	sgh_perf_data

struct SCProfilePrefilterData_ *	prefilter_perf_data

int	prefilter_perf_size

Detailed Description

Detection engine thread data.

Definition at line 1004 of file detect.h.

Member Function Documentation

◆ SC_ATOMIC_DECLARE()

DetectEngineThreadCtx_::SC_ATOMIC_DECLARE	(	int	,
		so_far_used_by_detect
	)

Field Documentation

◆ base64_decoded

uint8_t* DetectEngineThreadCtx_::base64_decoded

Definition at line 1136 of file detect.h.

Referenced by DetectBase64DataDoMatch(), and DetectBase64DecodeDoMatch().

◆ base64_decoded_len

int DetectEngineThreadCtx_::base64_decoded_len

Definition at line 1137 of file detect.h.

Referenced by DetectBase64DataDoMatch(), and DetectBase64DecodeDoMatch().

◆ base64_decoded_len_max

int DetectEngineThreadCtx_::base64_decoded_len_max

Definition at line 1138 of file detect.h.

◆ bj_values

uint64_t* DetectEngineThreadCtx_::bj_values

Definition at line 1113 of file detect.h.

Referenced by DetectEngineContentInspection().

◆ buffer_offset

uint32_t DetectEngineThreadCtx_::buffer_offset

offset into the payload of the last match by: content, pcre, etc

Definition at line 1033 of file detect.h.

Referenced by DetectBase64DecodeDoMatch(), DetectByteExtractDoMatch(), DetectBytejumpDoMatch(), DetectBytetestDoMatch(), DetectEngineContentInspection(), DetectEngineInspectBufferGeneric(), DetectEngineInspectPacketPayload(), DetectEngineInspectPktBufferGeneric(), and DetectPcrePayloadMatch().

◆ buffers [1/2]

InspectionBuffer* DetectEngineThreadCtx_::buffers

Definition at line 1052 of file detect.h.

Referenced by InspectionBufferClean(), InspectionBufferGet(), and InspectionBufferGetMulti().

◆ buffers [2/2]

InspectionBufferMultipleForList* DetectEngineThreadCtx_::buffers

inspection buffers for more complex case. As we can inspect multiple buffers in parallel, we need this extra wrapper struct

Definition at line 1061 of file detect.h.

◆ buffers_size

uint32_t DetectEngineThreadCtx_::buffers_size

in number of elements

Definition at line 1053 of file detect.h.

◆ counter_alerts

uint16_t DetectEngineThreadCtx_::counter_alerts

id for alert counter

Definition at line 1041 of file detect.h.

◆ counter_fnonmpm_list

uint16_t DetectEngineThreadCtx_::counter_fnonmpm_list

Definition at line 1045 of file detect.h.

◆ counter_match_list

uint16_t DetectEngineThreadCtx_::counter_match_list

Definition at line 1046 of file detect.h.

◆ counter_mpm_list

uint16_t DetectEngineThreadCtx_::counter_mpm_list

Definition at line 1043 of file detect.h.

◆ counter_nonmpm_list

uint16_t DetectEngineThreadCtx_::counter_nonmpm_list

Definition at line 1044 of file detect.h.

◆ de_ctx

DetectEngineCtx* DetectEngineThreadCtx_::de_ctx

Definition at line 1128 of file detect.h.

Referenced by DetectEngineInspectPktBufferGeneric(), DetectEngineThreadCtxInfo(), DetectEngineThreadCtxInit(), SCProfilingKeywordThreadCleanup(), SCProfilingKeywordThreadSetup(), SCProfilingPrefilterThreadCleanup(), SCProfilingPrefilterThreadSetup(), SCProfilingPrefilterUpdateCounter(), SCProfilingRuleThreadCleanup(), SCProfilingSghThreadCleanup(), SCProfilingSghThreadSetup(), and SCProfilingSghUpdateCounter().

◆ decoder_events

AppLayerDecoderEvents* DetectEngineThreadCtx_::decoder_events

Definition at line 1140 of file detect.h.

Referenced by DetectEngineGetEvents(), and DetectEngineSetEvent().

◆ discontinue_matching

uint16_t DetectEngineThreadCtx_::discontinue_matching

Definition at line 1068 of file detect.h.

Referenced by DetectEngineContentInspection(), DetectEngineInspectBufferGeneric(), DetectEngineInspectPacketPayload(), and DetectEngineInspectPktBufferGeneric().

◆ events

uint16_t DetectEngineThreadCtx_::events

Definition at line 1141 of file detect.h.

Referenced by DetectEngineSetEvent().

◆ file_id

uint32_t DetectEngineThreadCtx_::file_id

Definition at line 1124 of file detect.h.

◆ filestore

struct { ... } DetectEngineThreadCtx_::filestore[DETECT_FILESTORE_MAX]

◆ filestore_cnt

uint16_t DetectEngineThreadCtx_::filestore_cnt

Definition at line 1038 of file detect.h.

◆ flags

uint16_t DetectEngineThreadCtx_::flags

Definition at line 1069 of file detect.h.

◆ global_keyword_ctxs_array

void** DetectEngineThreadCtx_::global_keyword_ctxs_array

Definition at line 1134 of file detect.h.

Referenced by DetectThreadCtxGetGlobalKeywordThreadCtx().

◆ global_keyword_ctxs_size

int DetectEngineThreadCtx_::global_keyword_ctxs_size

store for keyword contexts that need a per thread storage. Global.

Definition at line 1133 of file detect.h.

Referenced by DetectThreadCtxGetGlobalKeywordThreadCtx().

◆ inspect

struct { ... } DetectEngineThreadCtx_::inspect

Referenced by InspectionBufferClean(), and InspectionBufferGet().

◆ inspect_list

int DetectEngineThreadCtx_::inspect_list

list we're currently inspecting, DETECT_SM_LIST_*

Definition at line 1049 of file detect.h.

◆ inspection_recursion_counter

int DetectEngineThreadCtx_::inspection_recursion_counter

Definition at line 1080 of file detect.h.

Referenced by DetectEngineContentInspection(), DetectEngineInspectBufferGeneric(), DetectEngineInspectPacketPayload(), and DetectEngineInspectPktBufferGeneric().

◆ io_ctx

DetectEngineIPOnlyThreadCtx DetectEngineThreadCtx_::io_ctx

ip only rules ctx

Definition at line 1110 of file detect.h.

◆ keyword_ctxs_array

void** DetectEngineThreadCtx_::keyword_ctxs_array

store for keyword contexts that need a per thread storage. Per de_ctx.

Definition at line 1130 of file detect.h.

Referenced by DetectThreadCtxGetKeywordThreadCtx(), and DetectUnregisterThreadCtxFuncs().

◆ keyword_ctxs_size

int DetectEngineThreadCtx_::keyword_ctxs_size

Definition at line 1131 of file detect.h.

Referenced by DetectThreadCtxGetKeywordThreadCtx().

◆ keyword_perf_data

struct SCProfileKeywordData_* DetectEngineThreadCtx_::keyword_perf_data

Definition at line 1157 of file detect.h.

Referenced by SCProfilingKeywordThreadCleanup(), SCProfilingKeywordThreadSetup(), and SCProfilingKeywordUpdateCounter().

◆ keyword_perf_data_per_list

struct SCProfileKeywordData_** DetectEngineThreadCtx_::keyword_perf_data_per_list

Definition at line 1158 of file detect.h.

Referenced by SCProfilingKeywordThreadSetup(), and SCProfilingKeywordUpdateCounter().

◆ keyword_perf_list

int DetectEngineThreadCtx_::keyword_perf_list

list we're currently inspecting, DETECT_SM_LIST_*

Definition at line 1159 of file detect.h.

Referenced by SCProfilingKeywordUpdateCounter().

◆ match_array

Signature** DetectEngineThreadCtx_::match_array

array of signature pointers we're going to inspect in the detection loop.

Definition at line 1084 of file detect.h.

Referenced by RulesDumpMatchArray().

◆ match_array_cnt

SigIntId DetectEngineThreadCtx_::match_array_cnt

size in use

Definition at line 1089 of file detect.h.

Referenced by RulesDumpMatchArray(), and SCProfilingSghUpdateCounter().

◆ match_array_len

uint32_t DetectEngineThreadCtx_::match_array_len

size of the array in items (mem size if * sizeof(Signature *) Only used during initialization.

Definition at line 1087 of file detect.h.

◆ mt_det_ctxs

struct DetectEngineThreadCtx_** DetectEngineThreadCtx_::mt_det_ctxs

Definition at line 1019 of file detect.h.

◆ mt_det_ctxs_cnt

uint32_t DetectEngineThreadCtx_::mt_det_ctxs_cnt

Definition at line 1018 of file detect.h.

Referenced by Detect().

◆ mt_det_ctxs_hash

HashTable* DetectEngineThreadCtx_::mt_det_ctxs_hash

Definition at line 1020 of file detect.h.

Referenced by DetectEngineThreadCtxDeinit().

◆ mtc

MpmThreadCtx DetectEngineThreadCtx_::mtc

pointer to the current mpm ctx that is stored in a rule group head – can be either a content or uricontent ctx. thread ctx for the mpm

Definition at line 1100 of file detect.h.

Referenced by DetectEngineThreadCtxInfo().

◆ mtcs

MpmThreadCtx DetectEngineThreadCtx_::mtcs

thread ctx for stream mpm

Definition at line 1102 of file detect.h.

◆ mtcu

MpmThreadCtx DetectEngineThreadCtx_::mtcu

thread ctx for uricontent mpm

Definition at line 1101 of file detect.h.

Referenced by DetectEngineThreadCtxInfo().

◆ multi_inspect

struct { ... } DetectEngineThreadCtx_::multi_inspect

Referenced by InspectionBufferClean(), and InspectionBufferGetMulti().

◆ non_pf_id_array

SigIntId* DetectEngineThreadCtx_::non_pf_id_array

Definition at line 1015 of file detect.h.

◆ non_pf_id_cnt

uint32_t DetectEngineThreadCtx_::non_pf_id_cnt

Definition at line 1016 of file detect.h.

◆ non_pf_store_cnt

uint32_t DetectEngineThreadCtx_::non_pf_store_cnt

Definition at line 1095 of file detect.h.

Referenced by SCProfilingSghUpdateCounter().

◆ non_pf_store_ptr

SignatureNonPrefilterStore* DetectEngineThreadCtx_::non_pf_store_ptr

Definition at line 1094 of file detect.h.

Referenced by SCProfilingSghUpdateCounter().

◆ p

Packet* DetectEngineThreadCtx_::p

Definition at line 1075 of file detect.h.

Referenced by DetectEngineInspectStream().

◆ pcre_match_start_offset

uint32_t DetectEngineThreadCtx_::pcre_match_start_offset

Definition at line 1035 of file detect.h.

Referenced by DetectEngineContentInspection(), and DetectPcrePayloadMatch().

◆ pmq

PrefilterRuleStore DetectEngineThreadCtx_::pmq

Definition at line 1103 of file detect.h.

Referenced by DetectRunPrefilterTx(), PacketPatternCleanup(), Prefilter(), and SCProfilingSghUpdateCounter().

◆ prefilter_perf_data

struct SCProfilePrefilterData_* DetectEngineThreadCtx_::prefilter_perf_data

Definition at line 1162 of file detect.h.

Referenced by SCProfilingPrefilterThreadCleanup(), SCProfilingPrefilterThreadSetup(), and SCProfilingPrefilterUpdateCounter().

◆ prefilter_perf_size

int DetectEngineThreadCtx_::prefilter_perf_size

Definition at line 1163 of file detect.h.

◆ raw_stream_progress

uint64_t DetectEngineThreadCtx_::raw_stream_progress

Definition at line 1029 of file detect.h.

◆ replist

DetectReplaceList* DetectEngineThreadCtx_::replist

Definition at line 1116 of file detect.h.

Referenced by DetectEngineContentInspection(), and DetectEngineInspectPacketPayload().

◆ rule_perf_data

struct SCProfileData_* DetectEngineThreadCtx_::rule_perf_data

Definition at line 1155 of file detect.h.

Referenced by SCProfilingRuleThreadCleanup(), SCProfilingRuleThreadSetup(), and SCProfilingRuleUpdateCounter().

◆ rule_perf_data_size

int DetectEngineThreadCtx_::rule_perf_data_size

Definition at line 1156 of file detect.h.

Referenced by SCProfilingRuleThreadSetup(), and SCProfilingRuleUpdateCounter().

◆ sgh_perf_data

struct SCProfileSghData_* DetectEngineThreadCtx_::sgh_perf_data

Definition at line 1160 of file detect.h.

Referenced by SCProfilingSghThreadCleanup(), SCProfilingSghThreadSetup(), and SCProfilingSghUpdateCounter().

◆ spm_thread_ctx

SpmThreadCtx* DetectEngineThreadCtx_::spm_thread_ctx

SPM thread context used for scanning. This has been cloned from the prototype held by DetectEngineCtx.

Definition at line 1107 of file detect.h.

Referenced by DetectEngineContentInspection().

◆ tenant_array

struct DetectEngineTenantMapping_* DetectEngineThreadCtx_::tenant_array

Definition at line 1022 of file detect.h.

◆ tenant_array_size

uint32_t DetectEngineThreadCtx_::tenant_array_size

Definition at line 1023 of file detect.h.

◆ tenant_id

uint32_t DetectEngineThreadCtx_::tenant_id

Note: multi-tenant hash lookup code from Detect() depends on this being the first member

Definition at line 1007 of file detect.h.

◆ TenantGetId

uint32_t(* DetectEngineThreadCtx_::TenantGetId) (const void *, const Packet *p)

Definition at line 1025 of file detect.h.

Referenced by Detect().

◆ ticker

uint64_t DetectEngineThreadCtx_::ticker

ticker that is incremented once per packet.

Definition at line 1010 of file detect.h.

Referenced by HttpHeaderGetBufferSpaceForTXID().

◆ to_clear_idx

uint32_t DetectEngineThreadCtx_::to_clear_idx

Definition at line 1054 of file detect.h.

Referenced by InspectionBufferClean(), InspectionBufferGet(), and InspectionBufferGetMulti().

◆ to_clear_queue

uint32_t* DetectEngineThreadCtx_::to_clear_queue

Definition at line 1055 of file detect.h.

Referenced by InspectionBufferClean(), InspectionBufferGet(), and InspectionBufferGetMulti().

◆ tv

ThreadVars* DetectEngineThreadCtx_::tv

Definition at line 1013 of file detect.h.

Referenced by DetectEngineThreadCtxInit().

◆ tx_candidates

RuleMatchCandidateTx* DetectEngineThreadCtx_::tx_candidates

Definition at line 1091 of file detect.h.

Referenced by RuleMatchCandidateTxArrayFree(), and RuleMatchCandidateTxArrayInit().

◆ tx_candidates_size

uint32_t DetectEngineThreadCtx_::tx_candidates_size

Definition at line 1092 of file detect.h.

Referenced by RuleMatchCandidateTxArrayFree(), and RuleMatchCandidateTxArrayInit().

◆ tx_id

uint64_t DetectEngineThreadCtx_::tx_id

ID of the transaction currently being inspected.

Definition at line 1074 of file detect.h.

◆ tx_id_set

uint16_t DetectEngineThreadCtx_::tx_id_set

Definition at line 1072 of file detect.h.

◆ varlist

DetectVarList* DetectEngineThreadCtx_::varlist

Definition at line 1118 of file detect.h.

Referenced by DetectVarStoreMatch(), and DetectVarStoreMatchKeyValue().

The documentation for this struct was generated from the following file:

src/detect.h

Public Member Functions

Data Fields

Detailed Description

Member Function Documentation

◆ SC_ATOMIC_DECLARE()

Field Documentation

◆ base64_decoded

◆ base64_decoded_len

◆ base64_decoded_len_max

◆ bj_values

◆ buffer_offset

◆ buffers [1/2]

◆ buffers [2/2]

◆ buffers_size

◆ counter_alerts

◆ counter_fnonmpm_list

◆ counter_match_list

◆ counter_mpm_list

◆ counter_nonmpm_list

◆ de_ctx

◆ decoder_events

◆ discontinue_matching

◆ events

◆ file_id

◆ filestore

◆ filestore_cnt

◆ flags

◆ global_keyword_ctxs_array

◆ global_keyword_ctxs_size

◆ inspect

◆ inspect_list

◆ inspection_recursion_counter

◆ io_ctx

◆ keyword_ctxs_array

◆ keyword_ctxs_size

◆ keyword_perf_data

◆ keyword_perf_data_per_list

◆ keyword_perf_list

◆ match_array

◆ match_array_cnt

◆ match_array_len

◆ mt_det_ctxs

◆ mt_det_ctxs_cnt

◆ mt_det_ctxs_hash

◆ mtc

◆ mtcs

◆ mtcu

◆ multi_inspect

◆ non_pf_id_array

◆ non_pf_id_cnt

◆ non_pf_store_cnt

◆ non_pf_store_ptr

◆ p

◆ pcre_match_start_offset

◆ pmq

◆ prefilter_perf_data

◆ prefilter_perf_size

◆ raw_stream_progress

◆ replist

◆ rule_perf_data

◆ rule_perf_data_size

◆ sgh_perf_data

◆ spm_thread_ctx

◆ tenant_array

◆ tenant_array_size

◆ tenant_id

◆ TenantGetId

◆ ticker

◆ to_clear_idx

◆ to_clear_queue

◆ tv

◆ tx_candidates

◆ tx_candidates_size

◆ tx_id

◆ tx_id_set

◆ varlist