suricata
Public Member Functions | Data Fields
DetectEngineThreadCtx_ Struct Reference

#include <detect.h>

Collaboration diagram for DetectEngineThreadCtx_:
Collaboration graph
[legend]

Public Member Functions

 SC_ATOMIC_DECLARE (int, so_far_used_by_detect)
 

Data Fields

uint32_t tenant_id
 
uint64_t ticker
 
ThreadVarstv
 
SigIntIdnon_pf_id_array
 
uint32_t non_pf_id_cnt
 
uint32_t mt_det_ctxs_cnt
 
struct DetectEngineThreadCtx_ ** mt_det_ctxs
 
HashTablemt_det_ctxs_hash
 
struct DetectEngineTenantMapping_tenant_array
 
uint32_t tenant_array_size
 
uint32_t(* TenantGetId )(const void *, const Packet *p)
 
uint64_t raw_stream_progress
 
uint32_t buffer_offset
 
uint32_t pcre_match_start_offset
 
uint16_t filestore_cnt
 
uint16_t counter_alerts
 
uint16_t counter_mpm_list
 
uint16_t counter_nonmpm_list
 
uint16_t counter_fnonmpm_list
 
uint16_t counter_match_list
 
int inspect_list
 
struct {
   InspectionBuffer *   buffers
 
   uint32_t   buffers_size
 
   uint32_t   to_clear_idx
 
   uint32_t *   to_clear_queue
 
inspect
 
struct {
   InspectionBufferMultipleForList *   buffers
 
   uint32_t   buffers_size
 
   uint32_t   to_clear_idx
 
   uint32_t *   to_clear_queue
 
multi_inspect
 
uint16_t discontinue_matching
 
uint16_t flags
 
uint16_t tx_id_set
 
uint64_t tx_id
 
Packetp
 
int inspection_recursion_counter
 
Signature ** match_array
 
uint32_t match_array_len
 
SigIntId match_array_cnt
 
RuleMatchCandidateTxtx_candidates
 
uint32_t tx_candidates_size
 
SignatureNonPrefilterStorenon_pf_store_ptr
 
uint32_t non_pf_store_cnt
 
MpmThreadCtx mtc
 
MpmThreadCtx mtcu
 
MpmThreadCtx mtcs
 
PrefilterRuleStore pmq
 
SpmThreadCtxspm_thread_ctx
 
DetectEngineIPOnlyThreadCtx io_ctx
 
uint64_t * bj_values
 
DetectReplaceListreplist
 
DetectVarListvarlist
 
struct {
   uint32_t   file_id
 
   uint64_t   tx_id
 
filestore [DETECT_FILESTORE_MAX]
 
DetectEngineCtxde_ctx
 
void ** keyword_ctxs_array
 
int keyword_ctxs_size
 
int global_keyword_ctxs_size
 
void ** global_keyword_ctxs_array
 
uint8_t * base64_decoded
 
int base64_decoded_len
 
int base64_decoded_len_max
 
AppLayerDecoderEventsdecoder_events
 
uint16_t events
 
struct SCProfileData_rule_perf_data
 
int rule_perf_data_size
 
struct SCProfileKeywordData_keyword_perf_data
 
struct SCProfileKeywordData_ ** keyword_perf_data_per_list
 
int keyword_perf_list
 
struct SCProfileSghData_sgh_perf_data
 
struct SCProfilePrefilterData_prefilter_perf_data
 
int prefilter_perf_size
 

Detailed Description

Detection engine thread data.

Definition at line 996 of file detect.h.

Member Function Documentation

DetectEngineThreadCtx_::SC_ATOMIC_DECLARE ( int  ,
so_far_used_by_detect   
)

Field Documentation

uint8_t* DetectEngineThreadCtx_::base64_decoded

Definition at line 1128 of file detect.h.

Referenced by DetectBase64DataDoMatch(), DetectBase64DecodeDoMatch(), DetectEngineResetMaxSigId(), and DetectEngineThreadCtxInit().

int DetectEngineThreadCtx_::base64_decoded_len

Definition at line 1129 of file detect.h.

Referenced by DetectBase64DataDoMatch(), DetectBase64DecodeDoMatch(), DetectEngineResetMaxSigId(), and SigMatchSignaturesGetSgh().

int DetectEngineThreadCtx_::base64_decoded_len_max

Definition at line 1130 of file detect.h.

Referenced by DetectEngineResetMaxSigId().

uint64_t* DetectEngineThreadCtx_::bj_values

Definition at line 1105 of file detect.h.

Referenced by DetectEngineContentInspection(), DetectEngineResetMaxSigId(), and DetectEngineThreadCtxInit().

uint32_t DetectEngineThreadCtx_::buffer_offset

offset into the payload of the last match by: content, pcre, etc

Definition at line 1025 of file detect.h.

Referenced by DetectBase64DecodeDoMatch(), DetectByteExtractDoMatch(), DetectBytejumpDoMatch(), DetectBytetestDoMatch(), DetectEngineContentInspection(), DetectEngineInspectBufferGeneric(), DetectEngineInspectPacketPayload(), DetectEngineInspectPktBufferGeneric(), DetectFilemagicRegister(), DetectFilenameRegister(), DetectPcrePayloadMatch(), and DetectTlsCertsRegister().

InspectionBuffer* DetectEngineThreadCtx_::buffers

Definition at line 1044 of file detect.h.

Referenced by DetectEngineResetMaxSigId(), DetectEngineThreadCtxInit(), InspectionBufferClean(), InspectionBufferGet(), and InspectionBufferGetMulti().

InspectionBufferMultipleForList* DetectEngineThreadCtx_::buffers

inspection buffers for more complex case. As we can inspect multiple buffers in parallel, we need this extra wrapper struct

Definition at line 1053 of file detect.h.

uint32_t DetectEngineThreadCtx_::buffers_size

in number of elements

Definition at line 1045 of file detect.h.

Referenced by DetectEngineResetMaxSigId(), and DetectEngineThreadCtxInit().

uint16_t DetectEngineThreadCtx_::counter_alerts

id for alert counter

Definition at line 1033 of file detect.h.

Referenced by DetectEngineThreadCtxInit(), and SigMatchSignaturesGetSgh().

uint16_t DetectEngineThreadCtx_::counter_fnonmpm_list

Definition at line 1037 of file detect.h.

Referenced by DetectEngineThreadCtxInit(), and SigMatchSignaturesGetSgh().

uint16_t DetectEngineThreadCtx_::counter_match_list

Definition at line 1038 of file detect.h.

Referenced by DetectEngineThreadCtxInit(), and SigMatchSignaturesGetSgh().

uint16_t DetectEngineThreadCtx_::counter_mpm_list

Definition at line 1035 of file detect.h.

Referenced by DetectEngineThreadCtxInit(), and SigMatchSignaturesGetSgh().

uint16_t DetectEngineThreadCtx_::counter_nonmpm_list

Definition at line 1036 of file detect.h.

Referenced by DetectEngineThreadCtxInit(), and SigMatchSignaturesGetSgh().

DetectEngineCtx* DetectEngineThreadCtx_::de_ctx

Definition at line 1120 of file detect.h.

Referenced by Detect(), DetectBufferTypeGetByIdTransforms(), DetectEngineInspectPktBufferGeneric(), DetectEngineThreadCtxInfo(), DetectEngineThreadCtxInit(), DetectIPRepRegister(), SCProfilingKeywordThreadCleanup(), SCProfilingKeywordThreadSetup(), SCProfilingPrefilterThreadCleanup(), SCProfilingPrefilterThreadSetup(), SCProfilingPrefilterUpdateCounter(), SCProfilingRuleThreadCleanup(), SCProfilingSghThreadCleanup(), SCProfilingSghThreadSetup(), and SCProfilingSghUpdateCounter().

AppLayerDecoderEvents* DetectEngineThreadCtx_::decoder_events

Definition at line 1132 of file detect.h.

Referenced by DetectEngineGetEvents(), DetectEngineSetEvent(), and DetectEngineThreadCtxInit().

uint16_t DetectEngineThreadCtx_::discontinue_matching

Definition at line 1060 of file detect.h.

Referenced by DetectEngineContentInspection(), DetectEngineInspectBufferGeneric(), DetectEngineInspectPacketPayload(), DetectEngineInspectPktBufferGeneric(), DetectFilemagicRegister(), DetectFilenameRegister(), and DetectTlsCertsRegister().

uint16_t DetectEngineThreadCtx_::events

Definition at line 1133 of file detect.h.

Referenced by DetectEngineSetEvent().

uint32_t DetectEngineThreadCtx_::file_id

Definition at line 1116 of file detect.h.

Referenced by DetectFilestoreRegister().

struct { ... } DetectEngineThreadCtx_::filestore[DETECT_FILESTORE_MAX]

Referenced by DetectFilestoreRegister().

uint16_t DetectEngineThreadCtx_::filestore_cnt

Definition at line 1030 of file detect.h.

Referenced by DetectFilestoreRegister(), and SigMatchSignaturesGetSgh().

uint16_t DetectEngineThreadCtx_::flags

Definition at line 1061 of file detect.h.

Referenced by DetectBufferTypeGetByIdTransforms(), DetectFlowFree(), DetectFlowMatch(), and SigMatchSignaturesGetSgh().

void** DetectEngineThreadCtx_::global_keyword_ctxs_array

Definition at line 1126 of file detect.h.

Referenced by DetectEngineResetMaxSigId(), and DetectThreadCtxGetGlobalKeywordThreadCtx().

int DetectEngineThreadCtx_::global_keyword_ctxs_size

store for keyword contexts that need a per thread storage. Global.

Definition at line 1125 of file detect.h.

Referenced by DetectEngineResetMaxSigId(), and DetectThreadCtxGetGlobalKeywordThreadCtx().

struct { ... } DetectEngineThreadCtx_::inspect

Referenced by DetectEngineResetMaxSigId(), DetectEngineThreadCtxInit(), InspectionBufferClean(), and InspectionBufferGet().

int DetectEngineThreadCtx_::inspect_list

list we're currently inspecting, DETECT_SM_LIST_*

Definition at line 1041 of file detect.h.

int DetectEngineThreadCtx_::inspection_recursion_counter

Definition at line 1072 of file detect.h.

Referenced by DetectEngineContentInspection(), DetectEngineInspectBufferGeneric(), DetectEngineInspectPacketPayload(), DetectEngineInspectPktBufferGeneric(), DetectFilemagicRegister(), DetectFilenameRegister(), and DetectTlsCertsRegister().

DetectEngineIPOnlyThreadCtx DetectEngineThreadCtx_::io_ctx

ip only rules ctx

Definition at line 1102 of file detect.h.

Referenced by DetectEngineResetMaxSigId(), DetectEngineThreadCtxInit(), and SigMatchSignaturesGetSgh().

void** DetectEngineThreadCtx_::keyword_ctxs_array

store for keyword contexts that need a per thread storage. Per de_ctx.

Definition at line 1122 of file detect.h.

Referenced by DetectEngineResetMaxSigId(), and DetectThreadCtxGetKeywordThreadCtx().

int DetectEngineThreadCtx_::keyword_ctxs_size

Definition at line 1123 of file detect.h.

Referenced by DetectEngineResetMaxSigId(), and DetectThreadCtxGetKeywordThreadCtx().

struct SCProfileKeywordData_* DetectEngineThreadCtx_::keyword_perf_data

Definition at line 1149 of file detect.h.

Referenced by SCProfilingKeywordThreadCleanup(), SCProfilingKeywordThreadSetup(), and SCProfilingKeywordUpdateCounter().

struct SCProfileKeywordData_** DetectEngineThreadCtx_::keyword_perf_data_per_list

Definition at line 1150 of file detect.h.

Referenced by SCProfilingKeywordThreadCleanup(), SCProfilingKeywordThreadSetup(), and SCProfilingKeywordUpdateCounter().

int DetectEngineThreadCtx_::keyword_perf_list

list we're currently inspecting, DETECT_SM_LIST_*

Definition at line 1151 of file detect.h.

Referenced by SCProfilingKeywordUpdateCounter().

Signature** DetectEngineThreadCtx_::match_array

array of signature pointers we're going to inspect in the detection loop.

Definition at line 1076 of file detect.h.

Referenced by DetectEngineResetMaxSigId(), DetectEngineThreadCtxInit(), and SigMatchSignaturesGetSgh().

SigIntId DetectEngineThreadCtx_::match_array_cnt

size in use

Definition at line 1081 of file detect.h.

Referenced by SCProfilingSghUpdateCounter(), and SigMatchSignaturesGetSgh().

uint32_t DetectEngineThreadCtx_::match_array_len

size of the array in items (mem size if * sizeof(Signature *) Only used during initialization.

Definition at line 1079 of file detect.h.

Referenced by DetectEngineResetMaxSigId().

struct DetectEngineThreadCtx_** DetectEngineThreadCtx_::mt_det_ctxs

Definition at line 1011 of file detect.h.

uint32_t DetectEngineThreadCtx_::mt_det_ctxs_cnt

Definition at line 1010 of file detect.h.

Referenced by Detect(), and DetectEngineResetMaxSigId().

HashTable* DetectEngineThreadCtx_::mt_det_ctxs_hash

Definition at line 1012 of file detect.h.

Referenced by Detect(), DetectEngineResetMaxSigId(), and DetectEngineThreadCtxDeinit().

MpmThreadCtx DetectEngineThreadCtx_::mtc

pointer to the current mpm ctx that is stored in a rule group head – can be either a content or uricontent ctx. thread ctx for the mpm

Definition at line 1092 of file detect.h.

Referenced by DetectEngineResetMaxSigId(), DetectEngineThreadCtxInfo(), DetectEngineThreadCtxInit(), and PrefilterPktStreamRegister().

MpmThreadCtx DetectEngineThreadCtx_::mtcs

thread ctx for stream mpm

Definition at line 1094 of file detect.h.

Referenced by DetectEngineResetMaxSigId(), and DetectEngineThreadCtxInit().

MpmThreadCtx DetectEngineThreadCtx_::mtcu

thread ctx for uricontent mpm

Definition at line 1093 of file detect.h.

Referenced by DetectEngineResetMaxSigId(), DetectEngineThreadCtxInfo(), DetectEngineThreadCtxInit(), DetectFilemagicRegister(), and DetectTlsCertsRegister().

struct { ... } DetectEngineThreadCtx_::multi_inspect

Referenced by DetectEngineResetMaxSigId(), DetectEngineThreadCtxInit(), InspectionBufferClean(), and InspectionBufferGetMulti().

SigIntId* DetectEngineThreadCtx_::non_pf_id_array

Definition at line 1007 of file detect.h.

Referenced by DetectEngineResetMaxSigId(), DetectEngineThreadCtxInit(), and SigMatchSignaturesGetSgh().

uint32_t DetectEngineThreadCtx_::non_pf_id_cnt

Definition at line 1008 of file detect.h.

Referenced by SigMatchSignaturesGetSgh().

uint32_t DetectEngineThreadCtx_::non_pf_store_cnt

Definition at line 1087 of file detect.h.

Referenced by SCProfilingSghUpdateCounter(), and SigMatchSignaturesGetSgh().

SignatureNonPrefilterStore* DetectEngineThreadCtx_::non_pf_store_ptr

Definition at line 1086 of file detect.h.

Referenced by SCProfilingSghUpdateCounter(), and SigMatchSignaturesGetSgh().

Packet* DetectEngineThreadCtx_::p

Definition at line 1067 of file detect.h.

Referenced by DetectEngineInspectStream().

uint32_t DetectEngineThreadCtx_::pcre_match_start_offset

Definition at line 1027 of file detect.h.

Referenced by DetectEngineContentInspection(), and DetectPcrePayloadMatch().

PrefilterRuleStore DetectEngineThreadCtx_::pmq

Definition at line 1095 of file detect.h.

Referenced by DetectAckRegister(), DetectDsizeRegister(), DetectEngineResetMaxSigId(), DetectEngineThreadCtxInit(), DetectFilemagicRegister(), DetectFlagsSignatureNeedsSynOnlyPackets(), DetectFlowFree(), DetectFragBitsRegister(), DetectFragOffsetFree(), DetectIcmpIdFree(), DetectIcmpSeqFree(), DetectICodeFree(), DetectIdFree(), DetectITypeFree(), DetectRunPrefilterTx(), DetectSeqRegister(), DetectTcpmssFree(), DetectTemplate2Free(), DetectTlsCertsRegister(), DetectTtlFree(), PacketPatternCleanup(), Prefilter(), PrefilterPktStreamRegister(), SCProfilingSghUpdateCounter(), and SigMatchSignaturesGetSgh().

struct SCProfilePrefilterData_* DetectEngineThreadCtx_::prefilter_perf_data

Definition at line 1154 of file detect.h.

Referenced by SCProfilingPrefilterThreadCleanup(), SCProfilingPrefilterThreadSetup(), and SCProfilingPrefilterUpdateCounter().

int DetectEngineThreadCtx_::prefilter_perf_size

Definition at line 1155 of file detect.h.

uint64_t DetectEngineThreadCtx_::raw_stream_progress

Definition at line 1021 of file detect.h.

Referenced by DetectEngineInspectStream(), and SigMatchSignaturesGetSgh().

DetectReplaceList* DetectEngineThreadCtx_::replist

Definition at line 1108 of file detect.h.

Referenced by DetectEngineContentInspection(), DetectEngineInspectPacketPayload(), and DetectReplaceRegister().

struct SCProfileData_* DetectEngineThreadCtx_::rule_perf_data

Definition at line 1147 of file detect.h.

Referenced by SCProfilingRuleThreadCleanup(), SCProfilingRuleThreadSetup(), and SCProfilingRuleUpdateCounter().

int DetectEngineThreadCtx_::rule_perf_data_size

Definition at line 1148 of file detect.h.

Referenced by SCProfilingRuleThreadCleanup(), SCProfilingRuleThreadSetup(), and SCProfilingRuleUpdateCounter().

struct SCProfileSghData_* DetectEngineThreadCtx_::sgh_perf_data

Definition at line 1152 of file detect.h.

Referenced by SCProfilingSghThreadCleanup(), SCProfilingSghThreadSetup(), and SCProfilingSghUpdateCounter().

SpmThreadCtx* DetectEngineThreadCtx_::spm_thread_ctx

SPM thread context used for scanning. This has been cloned from the prototype held by DetectEngineCtx.

Definition at line 1099 of file detect.h.

Referenced by DetectEngineContentInspection(), DetectEngineResetMaxSigId(), and DetectEngineThreadCtxInit().

struct DetectEngineTenantMapping_* DetectEngineThreadCtx_::tenant_array

Definition at line 1014 of file detect.h.

Referenced by DetectEngineMultiTenantSetup(), DetectEngineResetMaxSigId(), and DetectEngineThreadCtxInit().

uint32_t DetectEngineThreadCtx_::tenant_array_size

Definition at line 1015 of file detect.h.

Referenced by DetectEngineMultiTenantSetup(), and DetectEngineResetMaxSigId().

uint32_t DetectEngineThreadCtx_::tenant_id
Note
multi-tenant hash lookup code from Detect() depends on this beeing the first member

Definition at line 999 of file detect.h.

Referenced by DetectEngineReload(), and DetectEngineThreadCtxInit().

uint32_t(* DetectEngineThreadCtx_::TenantGetId) (const void *, const Packet *p)

Definition at line 1017 of file detect.h.

Referenced by Detect(), and DetectEngineResetMaxSigId().

uint64_t DetectEngineThreadCtx_::ticker

ticker that is incremented once per packet.

Definition at line 1002 of file detect.h.

Referenced by HttpHeaderGetBufferSpaceForTXID(), and SigMatchSignaturesGetSgh().

uint32_t DetectEngineThreadCtx_::to_clear_idx

Definition at line 1046 of file detect.h.

Referenced by DetectEngineResetMaxSigId(), InspectionBufferClean(), InspectionBufferGet(), and InspectionBufferGetMulti().

uint32_t* DetectEngineThreadCtx_::to_clear_queue

Definition at line 1047 of file detect.h.

Referenced by DetectEngineResetMaxSigId(), DetectEngineThreadCtxInit(), InspectionBufferClean(), InspectionBufferGet(), and InspectionBufferGetMulti().

ThreadVars* DetectEngineThreadCtx_::tv

Definition at line 1005 of file detect.h.

Referenced by DetectEngineThreadCtxInit(), and DetectLuaRegister().

RuleMatchCandidateTx* DetectEngineThreadCtx_::tx_candidates

Definition at line 1083 of file detect.h.

Referenced by RuleMatchCandidateTxArrayFree(), and RuleMatchCandidateTxArrayInit().

uint32_t DetectEngineThreadCtx_::tx_candidates_size

Definition at line 1084 of file detect.h.

Referenced by RuleMatchCandidateTxArrayFree(), and RuleMatchCandidateTxArrayInit().

uint64_t DetectEngineThreadCtx_::tx_id

ID of the transaction currently being inspected.

Definition at line 1066 of file detect.h.

Referenced by DetectFilestoreRegister(), and DetectLuaRegister().

uint16_t DetectEngineThreadCtx_::tx_id_set

Definition at line 1064 of file detect.h.

DetectVarList* DetectEngineThreadCtx_::varlist

Definition at line 1110 of file detect.h.

Referenced by DetectFlowvarPostMatchSetup(), DetectVarStoreMatch(), and DetectVarStoreMatchKeyValue().

The documentation for this struct was generated from the following file: