suricata
Public Member Functions | Data Fields
DetectEngineThreadCtx_ Struct Reference

#include <detect.h>

Collaboration diagram for DetectEngineThreadCtx_:
Collaboration graph
[legend]

Public Member Functions

 SC_ATOMIC_DECLARE (int, so_far_used_by_detect)
 

Data Fields

uint32_t tenant_id
 
ThreadVarstv
 
SigIntIdnon_pf_id_array
 
uint32_t non_pf_id_cnt
 
uint32_t mt_det_ctxs_cnt
 
struct DetectEngineThreadCtx_ ** mt_det_ctxs
 
HashTablemt_det_ctxs_hash
 
struct DetectEngineTenantMapping_tenant_array
 
uint32_t tenant_array_size
 
uint32_t(* TenantGetId )(const void *, const Packet *p)
 
uint64_t raw_stream_progress
 
uint32_t buffer_offset
 
uint32_t pcre_match_start_offset
 
SpmThreadCtxspm_thread_ctx
 
uint64_t * byte_values
 
uint8_t * base64_decoded
 
int base64_decoded_len
 
int base64_decoded_len_max
 
uint16_t filestore_cnt
 
uint16_t counter_alerts
 
uint16_t counter_alerts_overflow
 
uint16_t counter_alerts_suppressed
 
uint16_t counter_mpm_list
 
uint16_t counter_nonmpm_list
 
uint16_t counter_fnonmpm_list
 
uint16_t counter_match_list
 
struct {
   InspectionBuffer *   buffers
 
   uint32_t   buffers_size
 
   uint32_t   to_clear_idx
 
   uint32_t *   to_clear_queue
 
inspect
 
struct {
   InspectionBufferMultipleForList *   buffers
 
   uint32_t   buffers_size
 
   uint32_t   to_clear_idx
 
   uint32_t *   to_clear_queue
 
multi_inspect
 
bool tx_id_set
 
uint64_t tx_id
 
int64_t frame_id
 
uint64_t frame_inspect_progress
 
Packetp
 
uint16_t alert_queue_size
 
uint16_t alert_queue_capacity
 
PacketAlertalert_queue
 
Signature ** match_array
 
uint32_t match_array_len
 
SigIntId match_array_cnt
 
RuleMatchCandidateTxtx_candidates
 
uint32_t tx_candidates_size
 
SignatureNonPrefilterStorenon_pf_store_ptr
 
uint32_t non_pf_store_cnt
 
MpmThreadCtx mtc
 
PrefilterRuleStore pmq
 
DetectReplaceListreplist
 
DetectVarListvarlist
 
struct {
   uint32_t   file_id
 
   uint64_t   tx_id
 
filestore [DETECT_FILESTORE_MAX]
 
DetectEngineCtxde_ctx
 
void ** keyword_ctxs_array
 
int keyword_ctxs_size
 
int global_keyword_ctxs_size
 
void ** global_keyword_ctxs_array
 
AppLayerDecoderEventsdecoder_events
 
uint16_t events
 
uint16_t lua_rule_errors
 
uint16_t lua_blocked_function_errors
 
uint16_t lua_instruction_limit_errors
 
uint16_t lua_memory_limit_errors
 
struct SCProfileKeywordData_keyword_perf_data
 
struct SCProfileKeywordData_ ** keyword_perf_data_per_list
 
int keyword_perf_list
 
struct SCProfileSghData_sgh_perf_data
 
struct SCProfilePrefilterData_prefilter_perf_data
 
uint64_t prefilter_bytes
 
uint64_t prefilter_bytes_called
 

Detailed Description

Detection engine thread data.

Definition at line 1093 of file detect.h.

Member Function Documentation

◆ SC_ATOMIC_DECLARE()

DetectEngineThreadCtx_::SC_ATOMIC_DECLARE ( int  ,
so_far_used_by_detect   
)

Field Documentation

◆ alert_queue

PacketAlert* DetectEngineThreadCtx_::alert_queue

Definition at line 1182 of file detect.h.

Referenced by AlertQueueFree(), AlertQueueInit(), and PacketAlertFinalize().

◆ alert_queue_capacity

uint16_t DetectEngineThreadCtx_::alert_queue_capacity

Definition at line 1181 of file detect.h.

Referenced by AlertQueueFree(), and AlertQueueInit().

◆ alert_queue_size

uint16_t DetectEngineThreadCtx_::alert_queue_size

Definition at line 1180 of file detect.h.

Referenced by AlertQueueInit(), and PacketAlertFinalize().

◆ base64_decoded

uint8_t* DetectEngineThreadCtx_::base64_decoded

Definition at line 1135 of file detect.h.

Referenced by DetectBase64DecodeDoMatch().

◆ base64_decoded_len

int DetectEngineThreadCtx_::base64_decoded_len

Definition at line 1136 of file detect.h.

Referenced by DetectBase64DecodeDoMatch().

◆ base64_decoded_len_max

int DetectEngineThreadCtx_::base64_decoded_len_max

Definition at line 1137 of file detect.h.

◆ buffer_offset

uint32_t DetectEngineThreadCtx_::buffer_offset

offset into the payload of the end of the last match by: content, pcre, etc

Definition at line 1122 of file detect.h.

Referenced by DetectBase64DecodeDoMatch(), DetectByteExtractDoMatch(), DetectEngineContentInspection(), DetectEngineContentInspectionBuffer(), and DetectPcrePayloadMatch().

◆ buffers [1/2]

InspectionBuffer* DetectEngineThreadCtx_::buffers

Definition at line 1156 of file detect.h.

Referenced by InspectionBufferClean(), and InspectionBufferGet().

◆ buffers [2/2]

InspectionBufferMultipleForList* DetectEngineThreadCtx_::buffers

inspection buffers for more complex case. As we can inspect multiple buffers in parallel, we need this extra wrapper struct

Definition at line 1165 of file detect.h.

◆ buffers_size

uint32_t DetectEngineThreadCtx_::buffers_size

in number of elements

Definition at line 1157 of file detect.h.

◆ byte_values

uint64_t* DetectEngineThreadCtx_::byte_values

Definition at line 1133 of file detect.h.

◆ counter_alerts

uint16_t DetectEngineThreadCtx_::counter_alerts

id for alert counter

Definition at line 1143 of file detect.h.

◆ counter_alerts_overflow

uint16_t DetectEngineThreadCtx_::counter_alerts_overflow

id for discarded alerts counter

Definition at line 1145 of file detect.h.

◆ counter_alerts_suppressed

uint16_t DetectEngineThreadCtx_::counter_alerts_suppressed

id for suppressed alerts counter

Definition at line 1147 of file detect.h.

◆ counter_fnonmpm_list

uint16_t DetectEngineThreadCtx_::counter_fnonmpm_list

Definition at line 1151 of file detect.h.

◆ counter_match_list

uint16_t DetectEngineThreadCtx_::counter_match_list

Definition at line 1152 of file detect.h.

◆ counter_mpm_list

uint16_t DetectEngineThreadCtx_::counter_mpm_list

Definition at line 1149 of file detect.h.

◆ counter_nonmpm_list

uint16_t DetectEngineThreadCtx_::counter_nonmpm_list

Definition at line 1150 of file detect.h.

◆ de_ctx

DetectEngineCtx* DetectEngineThreadCtx_::de_ctx

Definition at line 1215 of file detect.h.

Referenced by DetectEngineInspectPktBufferGeneric(), DetectEngineThreadCtxInit(), DetectEngineThreadCtxInitForReload(), RulesDumpTxMatchArray(), SCProfilingKeywordThreadCleanup(), SCProfilingKeywordThreadSetup(), SCProfilingPrefilterThreadCleanup(), SCProfilingPrefilterThreadSetup(), SCProfilingPrefilterUpdateCounter(), SCProfilingSghThreadCleanup(), SCProfilingSghThreadSetup(), and SCProfilingSghUpdateCounter().

◆ decoder_events

AppLayerDecoderEvents* DetectEngineThreadCtx_::decoder_events

Definition at line 1223 of file detect.h.

Referenced by DetectEngineSetEvent().

◆ events

uint16_t DetectEngineThreadCtx_::events

Definition at line 1224 of file detect.h.

Referenced by DetectEngineSetEvent().

◆ file_id

uint32_t DetectEngineThreadCtx_::file_id

Definition at line 1211 of file detect.h.

◆ filestore

struct { ... } DetectEngineThreadCtx_::filestore[DETECT_FILESTORE_MAX]

◆ filestore_cnt

uint16_t DetectEngineThreadCtx_::filestore_cnt

Definition at line 1140 of file detect.h.

◆ frame_id

int64_t DetectEngineThreadCtx_::frame_id

Definition at line 1175 of file detect.h.

◆ frame_inspect_progress

uint64_t DetectEngineThreadCtx_::frame_inspect_progress

used to set Frame::inspect_progress after all inspection on a frame is complete.

Definition at line 1176 of file detect.h.

◆ global_keyword_ctxs_array

void** DetectEngineThreadCtx_::global_keyword_ctxs_array

Definition at line 1221 of file detect.h.

Referenced by DetectThreadCtxGetGlobalKeywordThreadCtx().

◆ global_keyword_ctxs_size

int DetectEngineThreadCtx_::global_keyword_ctxs_size

store for keyword contexts that need a per thread storage. Global.

Definition at line 1220 of file detect.h.

Referenced by DetectThreadCtxGetGlobalKeywordThreadCtx().

◆ inspect

struct { ... } DetectEngineThreadCtx_::inspect

Referenced by InspectionBufferClean(), InspectionBufferGet(), and InspectionBufferSetup().

◆ keyword_ctxs_array

void** DetectEngineThreadCtx_::keyword_ctxs_array

store for keyword contexts that need a per thread storage. Per de_ctx.

Definition at line 1217 of file detect.h.

Referenced by DetectThreadCtxGetKeywordThreadCtx().

◆ keyword_ctxs_size

int DetectEngineThreadCtx_::keyword_ctxs_size

Definition at line 1218 of file detect.h.

Referenced by DetectThreadCtxGetKeywordThreadCtx().

◆ keyword_perf_data

struct SCProfileKeywordData_* DetectEngineThreadCtx_::keyword_perf_data

Definition at line 1255 of file detect.h.

Referenced by SCProfilingKeywordThreadCleanup(), SCProfilingKeywordThreadSetup(), and SCProfilingKeywordUpdateCounter().

◆ keyword_perf_data_per_list

struct SCProfileKeywordData_** DetectEngineThreadCtx_::keyword_perf_data_per_list

Definition at line 1256 of file detect.h.

Referenced by SCProfilingKeywordThreadSetup(), and SCProfilingKeywordUpdateCounter().

◆ keyword_perf_list

int DetectEngineThreadCtx_::keyword_perf_list

list we're currently inspecting, DETECT_SM_LIST_*

Definition at line 1257 of file detect.h.

Referenced by SCProfilingKeywordUpdateCounter().

◆ lua_blocked_function_errors

uint16_t DetectEngineThreadCtx_::lua_blocked_function_errors

stats id for lua blocked function counts

Definition at line 1230 of file detect.h.

◆ lua_instruction_limit_errors

uint16_t DetectEngineThreadCtx_::lua_instruction_limit_errors

stats if for lua instruction limit errors

Definition at line 1233 of file detect.h.

◆ lua_memory_limit_errors

uint16_t DetectEngineThreadCtx_::lua_memory_limit_errors

stat of lua memory limit errors.

Definition at line 1236 of file detect.h.

◆ lua_rule_errors

uint16_t DetectEngineThreadCtx_::lua_rule_errors

stats id for lua rule errors

Definition at line 1227 of file detect.h.

◆ match_array

Signature** DetectEngineThreadCtx_::match_array

array of signature pointers we're going to inspect in the detection loop.

Definition at line 1186 of file detect.h.

Referenced by RulesDumpMatchArray().

◆ match_array_cnt

SigIntId DetectEngineThreadCtx_::match_array_cnt

size in use

Definition at line 1191 of file detect.h.

Referenced by RulesDumpMatchArray(), and SCProfilingSghUpdateCounter().

◆ match_array_len

uint32_t DetectEngineThreadCtx_::match_array_len

size of the array in items (mem size if * sizeof(Signature *) Only used during initialization.

Definition at line 1189 of file detect.h.

◆ mt_det_ctxs

struct DetectEngineThreadCtx_** DetectEngineThreadCtx_::mt_det_ctxs

Definition at line 1109 of file detect.h.

◆ mt_det_ctxs_cnt

uint32_t DetectEngineThreadCtx_::mt_det_ctxs_cnt

Definition at line 1108 of file detect.h.

Referenced by Detect().

◆ mt_det_ctxs_hash

HashTable* DetectEngineThreadCtx_::mt_det_ctxs_hash

Definition at line 1110 of file detect.h.

Referenced by DetectEngineThreadCtxDeinit().

◆ mtc

MpmThreadCtx DetectEngineThreadCtx_::mtc

thread ctx for the mpm

Definition at line 1199 of file detect.h.

◆ multi_inspect

struct { ... } DetectEngineThreadCtx_::multi_inspect

Referenced by InspectionBufferClean().

◆ non_pf_id_array

SigIntId* DetectEngineThreadCtx_::non_pf_id_array

Array of non-prefiltered sigs that need to be evaluated. Updated per packet based on the rule group and traffic properties.

Definition at line 1105 of file detect.h.

◆ non_pf_id_cnt

uint32_t DetectEngineThreadCtx_::non_pf_id_cnt

Definition at line 1106 of file detect.h.

◆ non_pf_store_cnt

uint32_t DetectEngineThreadCtx_::non_pf_store_cnt

Definition at line 1197 of file detect.h.

Referenced by RulesDumpMatchArray(), RulesDumpTxMatchArray(), and SCProfilingSghUpdateCounter().

◆ non_pf_store_ptr

SignatureNonPrefilterStore* DetectEngineThreadCtx_::non_pf_store_ptr

Definition at line 1196 of file detect.h.

Referenced by SCProfilingSghUpdateCounter().

◆ p

Packet* DetectEngineThreadCtx_::p

Definition at line 1178 of file detect.h.

Referenced by DetectEngineInspectStream().

◆ pcre_match_start_offset

uint32_t DetectEngineThreadCtx_::pcre_match_start_offset

used by pcre match function alone: normally in sync with buffer_offset, but points to 1 byte after the start of the last pcre match if a pcre match happened.

Definition at line 1126 of file detect.h.

Referenced by DetectPcrePayloadMatch().

◆ pmq

PrefilterRuleStore DetectEngineThreadCtx_::pmq

Definition at line 1200 of file detect.h.

Referenced by DetectRunPrefilterTx(), Prefilter(), and SCProfilingSghUpdateCounter().

◆ prefilter_bytes

uint64_t DetectEngineThreadCtx_::prefilter_bytes

bytes inspected by current prefilter callback call

Definition at line 1262 of file detect.h.

◆ prefilter_bytes_called

uint64_t DetectEngineThreadCtx_::prefilter_bytes_called

number of times we inspected a buffer

Definition at line 1264 of file detect.h.

◆ prefilter_perf_data

struct SCProfilePrefilterData_* DetectEngineThreadCtx_::prefilter_perf_data

Definition at line 1260 of file detect.h.

Referenced by SCProfilingPrefilterThreadCleanup(), SCProfilingPrefilterThreadSetup(), and SCProfilingPrefilterUpdateCounter().

◆ raw_stream_progress

uint64_t DetectEngineThreadCtx_::raw_stream_progress

Definition at line 1119 of file detect.h.

◆ replist

DetectReplaceList* DetectEngineThreadCtx_::replist

Definition at line 1203 of file detect.h.

◆ sgh_perf_data

struct SCProfileSghData_* DetectEngineThreadCtx_::sgh_perf_data

Definition at line 1258 of file detect.h.

Referenced by SCProfilingSghThreadCleanup(), SCProfilingSghThreadSetup(), and SCProfilingSghUpdateCounter().

◆ spm_thread_ctx

SpmThreadCtx* DetectEngineThreadCtx_::spm_thread_ctx

SPM thread context used for scanning. This has been cloned from the prototype held by DetectEngineCtx.

Definition at line 1130 of file detect.h.

◆ tenant_array

struct DetectEngineTenantMapping_* DetectEngineThreadCtx_::tenant_array

Definition at line 1112 of file detect.h.

◆ tenant_array_size

uint32_t DetectEngineThreadCtx_::tenant_array_size

Definition at line 1113 of file detect.h.

◆ tenant_id

uint32_t DetectEngineThreadCtx_::tenant_id
Note
multi-tenant hash lookup code from Detect() depends on this being the first member

Definition at line 1096 of file detect.h.

Referenced by DetectEngineThreadCtxInitForReload().

◆ TenantGetId

uint32_t(* DetectEngineThreadCtx_::TenantGetId) (const void *, const Packet *p)

Definition at line 1115 of file detect.h.

Referenced by Detect().

◆ to_clear_idx

uint32_t DetectEngineThreadCtx_::to_clear_idx

Definition at line 1158 of file detect.h.

Referenced by InspectionBufferClean(), and InspectionBufferSetup().

◆ to_clear_queue

uint32_t* DetectEngineThreadCtx_::to_clear_queue

Definition at line 1159 of file detect.h.

Referenced by InspectionBufferClean(), and InspectionBufferSetup().

◆ tv

ThreadVars* DetectEngineThreadCtx_::tv

Definition at line 1101 of file detect.h.

Referenced by DetectEngineThreadCtxInit(), and DetectEngineThreadCtxInitForReload().

◆ tx_candidates

RuleMatchCandidateTx* DetectEngineThreadCtx_::tx_candidates

Definition at line 1193 of file detect.h.

Referenced by RuleMatchCandidateTxArrayFree(), RuleMatchCandidateTxArrayInit(), and RulesDumpTxMatchArray().

◆ tx_candidates_size

uint32_t DetectEngineThreadCtx_::tx_candidates_size

Definition at line 1194 of file detect.h.

Referenced by RuleMatchCandidateTxArrayFree(), and RuleMatchCandidateTxArrayInit().

◆ tx_id

uint64_t DetectEngineThreadCtx_::tx_id

ID of the transaction currently being inspected.

Definition at line 1174 of file detect.h.

◆ tx_id_set

bool DetectEngineThreadCtx_::tx_id_set

Definition at line 1172 of file detect.h.

◆ varlist

DetectVarList* DetectEngineThreadCtx_::varlist

Definition at line 1205 of file detect.h.

Referenced by DetectVarStoreMatch(), and DetectVarStoreMatchKeyValue().

The documentation for this struct was generated from the following file: