#include <detect.h>

Collaboration diagram for DetectEngineThreadCtx_:

[legend]

Public Member Functions
	SC_ATOMIC_DECLARE (int, so_far_used_by_detect)

Data Fields
uint32_t	tenant_id

uint64_t	ticker

ThreadVars *	tv

SigIntId *	non_pf_id_array

uint32_t	non_pf_id_cnt

uint32_t	mt_det_ctxs_cnt

struct DetectEngineThreadCtx_ **	mt_det_ctxs

HashTable *	mt_det_ctxs_hash

struct DetectEngineTenantMapping_ *	tenant_array

uint32_t	tenant_array_size

uint32_t(*	TenantGetId )(const void , const Packet p)

uint64_t	raw_stream_progress

uint32_t	buffer_offset

uint32_t	pcre_match_start_offset

uint16_t	filestore_cnt

uint16_t	counter_alerts

uint16_t	counter_mpm_list

uint16_t	counter_nonmpm_list

uint16_t	counter_fnonmpm_list

uint16_t	counter_match_list

int	inspect_list

struct {
InspectionBuffer * buffers

uint32_t buffers_size

uint32_t to_clear_idx

uint32_t * to_clear_queue

}	inspect

struct {
InspectionBufferMultipleForList * buffers

uint32_t buffers_size

uint32_t to_clear_idx

uint32_t * to_clear_queue

}	multi_inspect

uint16_t	discontinue_matching

uint16_t	flags

uint16_t	tx_id_set

uint64_t	tx_id

Packet *	p

int	inspection_recursion_counter

Signature **	match_array

uint32_t	match_array_len

SigIntId	match_array_cnt

RuleMatchCandidateTx *	tx_candidates

uint32_t	tx_candidates_size

SignatureNonPrefilterStore *	non_pf_store_ptr

uint32_t	non_pf_store_cnt

MpmThreadCtx	mtc

MpmThreadCtx	mtcu

MpmThreadCtx	mtcs

PrefilterRuleStore	pmq

SpmThreadCtx *	spm_thread_ctx

DetectEngineIPOnlyThreadCtx	io_ctx

uint64_t *	bj_values

DetectReplaceList *	replist

DetectVarList *	varlist

struct {
uint32_t file_id

uint64_t tx_id

}	filestore [DETECT_FILESTORE_MAX]

DetectEngineCtx *	de_ctx

void **	keyword_ctxs_array

int	keyword_ctxs_size

int	global_keyword_ctxs_size

void **	global_keyword_ctxs_array

uint8_t *	base64_decoded

int	base64_decoded_len

int	base64_decoded_len_max

AppLayerDecoderEvents *	decoder_events

uint16_t	events

struct SCProfileData_ *	rule_perf_data

int	rule_perf_data_size

struct SCProfileKeywordData_ *	keyword_perf_data

struct SCProfileKeywordData_ **	keyword_perf_data_per_list

int	keyword_perf_list

struct SCProfileSghData_ *	sgh_perf_data

struct SCProfilePrefilterData_ *	prefilter_perf_data

int	prefilter_perf_size

Detailed Description

Detection engine thread data.

Definition at line 1003 of file detect.h.

Member Function Documentation

DetectEngineThreadCtx_::SC_ATOMIC_DECLARE	(	int	,
		so_far_used_by_detect
	)

Field Documentation

uint8_t* DetectEngineThreadCtx_::base64_decoded

Definition at line 1135 of file detect.h.

Referenced by DetectBase64DataDoMatch(), DetectBase64DecodeDoMatch(), DetectEngineResetMaxSigId(), and DetectEngineThreadCtxInit().

int DetectEngineThreadCtx_::base64_decoded_len

Definition at line 1136 of file detect.h.

Referenced by DetectBase64DataDoMatch(), DetectBase64DecodeDoMatch(), DetectEngineResetMaxSigId(), and SigMatchSignaturesGetSgh().

int DetectEngineThreadCtx_::base64_decoded_len_max

Definition at line 1137 of file detect.h.

Referenced by DetectEngineResetMaxSigId().

uint64_t* DetectEngineThreadCtx_::bj_values

Definition at line 1112 of file detect.h.

Referenced by DetectEngineContentInspection(), DetectEngineResetMaxSigId(), and DetectEngineThreadCtxInit().

uint32_t DetectEngineThreadCtx_::buffer_offset

offset into the payload of the last match by: content, pcre, etc

Definition at line 1032 of file detect.h.

Referenced by DetectBase64DecodeDoMatch(), DetectByteExtractDoMatch(), DetectBytejumpDoMatch(), DetectBytetestDoMatch(), DetectEngineContentInspection(), DetectEngineInspectBufferGeneric(), DetectEngineInspectPacketPayload(), DetectEngineInspectPktBufferGeneric(), DetectFilemagicRegister(), DetectFilenameRegister(), DetectPcrePayloadMatch(), and DetectTlsCertsRegister().

InspectionBuffer* DetectEngineThreadCtx_::buffers

Definition at line 1051 of file detect.h.

Referenced by DetectEngineResetMaxSigId(), DetectEngineThreadCtxInit(), InspectionBufferClean(), InspectionBufferGet(), and InspectionBufferGetMulti().

InspectionBufferMultipleForList* DetectEngineThreadCtx_::buffers

inspection buffers for more complex case. As we can inspect multiple buffers in parallel, we need this extra wrapper struct

Definition at line 1060 of file detect.h.

uint32_t DetectEngineThreadCtx_::buffers_size

in number of elements

Definition at line 1052 of file detect.h.

Referenced by DetectEngineResetMaxSigId(), and DetectEngineThreadCtxInit().

uint16_t DetectEngineThreadCtx_::counter_alerts

id for alert counter

Definition at line 1040 of file detect.h.

Referenced by DetectEngineThreadCtxInit(), and SigMatchSignaturesGetSgh().

uint16_t DetectEngineThreadCtx_::counter_fnonmpm_list

Definition at line 1044 of file detect.h.

Referenced by DetectEngineThreadCtxInit(), and SigMatchSignaturesGetSgh().

uint16_t DetectEngineThreadCtx_::counter_match_list

Definition at line 1045 of file detect.h.

Referenced by DetectEngineThreadCtxInit(), and SigMatchSignaturesGetSgh().

uint16_t DetectEngineThreadCtx_::counter_mpm_list

Definition at line 1042 of file detect.h.

Referenced by DetectEngineThreadCtxInit(), and SigMatchSignaturesGetSgh().

uint16_t DetectEngineThreadCtx_::counter_nonmpm_list

Definition at line 1043 of file detect.h.

Referenced by DetectEngineThreadCtxInit(), and SigMatchSignaturesGetSgh().

DetectEngineCtx* DetectEngineThreadCtx_::de_ctx

Definition at line 1127 of file detect.h.

Referenced by Detect(), DetectBufferTypeGetByIdTransforms(), DetectEngineInspectPktBufferGeneric(), DetectEngineThreadCtxInfo(), DetectEngineThreadCtxInit(), DetectIPRepRegister(), SCProfilingKeywordThreadCleanup(), SCProfilingKeywordThreadSetup(), SCProfilingPrefilterThreadCleanup(), SCProfilingPrefilterThreadSetup(), SCProfilingPrefilterUpdateCounter(), SCProfilingRuleThreadCleanup(), SCProfilingSghThreadCleanup(), SCProfilingSghThreadSetup(), and SCProfilingSghUpdateCounter().

AppLayerDecoderEvents* DetectEngineThreadCtx_::decoder_events

Definition at line 1139 of file detect.h.

Referenced by DetectEngineGetEvents(), DetectEngineSetEvent(), and DetectEngineThreadCtxInit().

uint16_t DetectEngineThreadCtx_::discontinue_matching

Definition at line 1067 of file detect.h.

Referenced by DetectEngineContentInspection(), DetectEngineInspectBufferGeneric(), DetectEngineInspectPacketPayload(), DetectEngineInspectPktBufferGeneric(), DetectFilemagicRegister(), DetectFilenameRegister(), and DetectTlsCertsRegister().

uint16_t DetectEngineThreadCtx_::events

Definition at line 1140 of file detect.h.

Referenced by DetectEngineSetEvent().

uint32_t DetectEngineThreadCtx_::file_id

Definition at line 1123 of file detect.h.

Referenced by DetectFilestoreRegister().

struct { ... } DetectEngineThreadCtx_::filestore[DETECT_FILESTORE_MAX]

Referenced by DetectFilestoreRegister().

uint16_t DetectEngineThreadCtx_::filestore_cnt

Definition at line 1037 of file detect.h.

Referenced by DetectFilestoreRegister(), and SigMatchSignaturesGetSgh().

uint16_t DetectEngineThreadCtx_::flags

Definition at line 1068 of file detect.h.

Referenced by DetectBufferTypeGetByIdTransforms(), DetectFlowFree(), DetectFlowMatch(), and SigMatchSignaturesGetSgh().

void** DetectEngineThreadCtx_::global_keyword_ctxs_array

Definition at line 1133 of file detect.h.

Referenced by DetectEngineResetMaxSigId(), and DetectThreadCtxGetGlobalKeywordThreadCtx().

int DetectEngineThreadCtx_::global_keyword_ctxs_size

store for keyword contexts that need a per thread storage. Global.

Definition at line 1132 of file detect.h.

Referenced by DetectEngineResetMaxSigId(), and DetectThreadCtxGetGlobalKeywordThreadCtx().

struct { ... } DetectEngineThreadCtx_::inspect

Referenced by DetectEngineResetMaxSigId(), DetectEngineThreadCtxInit(), InspectionBufferClean(), and InspectionBufferGet().

int DetectEngineThreadCtx_::inspect_list

list we're currently inspecting, DETECT_SM_LIST_*

Definition at line 1048 of file detect.h.

int DetectEngineThreadCtx_::inspection_recursion_counter

Definition at line 1079 of file detect.h.

Referenced by DetectEngineContentInspection(), DetectEngineInspectBufferGeneric(), DetectEngineInspectPacketPayload(), DetectEngineInspectPktBufferGeneric(), DetectFilemagicRegister(), DetectFilenameRegister(), and DetectTlsCertsRegister().

DetectEngineIPOnlyThreadCtx DetectEngineThreadCtx_::io_ctx

ip only rules ctx

Definition at line 1109 of file detect.h.

Referenced by DetectEngineResetMaxSigId(), DetectEngineThreadCtxInit(), and SigMatchSignaturesGetSgh().

void** DetectEngineThreadCtx_::keyword_ctxs_array

store for keyword contexts that need a per thread storage. Per de_ctx.

Definition at line 1129 of file detect.h.

Referenced by DetectEngineResetMaxSigId(), and DetectThreadCtxGetKeywordThreadCtx().

int DetectEngineThreadCtx_::keyword_ctxs_size

Definition at line 1130 of file detect.h.

Referenced by DetectEngineResetMaxSigId(), and DetectThreadCtxGetKeywordThreadCtx().

struct SCProfileKeywordData_* DetectEngineThreadCtx_::keyword_perf_data

Definition at line 1156 of file detect.h.

Referenced by SCProfilingKeywordThreadCleanup(), SCProfilingKeywordThreadSetup(), and SCProfilingKeywordUpdateCounter().

struct SCProfileKeywordData_** DetectEngineThreadCtx_::keyword_perf_data_per_list

Definition at line 1157 of file detect.h.

Referenced by SCProfilingKeywordThreadCleanup(), SCProfilingKeywordThreadSetup(), and SCProfilingKeywordUpdateCounter().

int DetectEngineThreadCtx_::keyword_perf_list

list we're currently inspecting, DETECT_SM_LIST_*

Definition at line 1158 of file detect.h.

Referenced by SCProfilingKeywordUpdateCounter().

Signature** DetectEngineThreadCtx_::match_array

array of signature pointers we're going to inspect in the detection loop.

Definition at line 1083 of file detect.h.

Referenced by DetectEngineResetMaxSigId(), DetectEngineThreadCtxInit(), RulesDumpMatchArray(), and SigMatchSignaturesGetSgh().

SigIntId DetectEngineThreadCtx_::match_array_cnt

size in use

Definition at line 1088 of file detect.h.

Referenced by RulesDumpMatchArray(), SCProfilingSghUpdateCounter(), and SigMatchSignaturesGetSgh().

uint32_t DetectEngineThreadCtx_::match_array_len

size of the array in items (mem size if * sizeof(Signature *) Only used during initialization.

Definition at line 1086 of file detect.h.

Referenced by DetectEngineResetMaxSigId().

struct DetectEngineThreadCtx_** DetectEngineThreadCtx_::mt_det_ctxs

Definition at line 1018 of file detect.h.

uint32_t DetectEngineThreadCtx_::mt_det_ctxs_cnt

Definition at line 1017 of file detect.h.

Referenced by Detect(), and DetectEngineResetMaxSigId().

HashTable* DetectEngineThreadCtx_::mt_det_ctxs_hash

Definition at line 1019 of file detect.h.

Referenced by Detect(), DetectEngineResetMaxSigId(), and DetectEngineThreadCtxDeinit().

MpmThreadCtx DetectEngineThreadCtx_::mtc

pointer to the current mpm ctx that is stored in a rule group head – can be either a content or uricontent ctx. thread ctx for the mpm

Definition at line 1099 of file detect.h.

Referenced by DetectEngineResetMaxSigId(), DetectEngineThreadCtxInfo(), DetectEngineThreadCtxInit(), and PrefilterPktStreamRegister().

MpmThreadCtx DetectEngineThreadCtx_::mtcs

thread ctx for stream mpm

Definition at line 1101 of file detect.h.

Referenced by DetectEngineResetMaxSigId(), and DetectEngineThreadCtxInit().

MpmThreadCtx DetectEngineThreadCtx_::mtcu

thread ctx for uricontent mpm

Definition at line 1100 of file detect.h.

Referenced by DetectEngineResetMaxSigId(), DetectEngineThreadCtxInfo(), DetectEngineThreadCtxInit(), DetectFilemagicRegister(), and DetectTlsCertsRegister().

struct { ... } DetectEngineThreadCtx_::multi_inspect

Referenced by DetectEngineResetMaxSigId(), DetectEngineThreadCtxInit(), InspectionBufferClean(), and InspectionBufferGetMulti().

SigIntId* DetectEngineThreadCtx_::non_pf_id_array

Definition at line 1014 of file detect.h.

Referenced by DetectEngineResetMaxSigId(), DetectEngineThreadCtxInit(), and SigMatchSignaturesGetSgh().

uint32_t DetectEngineThreadCtx_::non_pf_id_cnt

Definition at line 1015 of file detect.h.

Referenced by SigMatchSignaturesGetSgh().

uint32_t DetectEngineThreadCtx_::non_pf_store_cnt

Definition at line 1094 of file detect.h.

Referenced by SCProfilingSghUpdateCounter(), and SigMatchSignaturesGetSgh().

SignatureNonPrefilterStore* DetectEngineThreadCtx_::non_pf_store_ptr

Definition at line 1093 of file detect.h.

Referenced by SCProfilingSghUpdateCounter(), and SigMatchSignaturesGetSgh().

Packet* DetectEngineThreadCtx_::p

Definition at line 1074 of file detect.h.

Referenced by DetectEngineInspectStream().

uint32_t DetectEngineThreadCtx_::pcre_match_start_offset

Definition at line 1034 of file detect.h.

Referenced by DetectEngineContentInspection(), and DetectPcrePayloadMatch().

struct SCProfilePrefilterData_* DetectEngineThreadCtx_::prefilter_perf_data

Definition at line 1161 of file detect.h.

Referenced by SCProfilingPrefilterThreadCleanup(), SCProfilingPrefilterThreadSetup(), and SCProfilingPrefilterUpdateCounter().

int DetectEngineThreadCtx_::prefilter_perf_size

Definition at line 1162 of file detect.h.

uint64_t DetectEngineThreadCtx_::raw_stream_progress

Definition at line 1028 of file detect.h.

Referenced by DetectEngineInspectStream(), and SigMatchSignaturesGetSgh().

DetectReplaceList* DetectEngineThreadCtx_::replist

Definition at line 1115 of file detect.h.

Referenced by DetectEngineContentInspection(), DetectEngineInspectPacketPayload(), and DetectReplaceRegister().

struct SCProfileData_* DetectEngineThreadCtx_::rule_perf_data

Definition at line 1154 of file detect.h.

Referenced by SCProfilingRuleThreadCleanup(), SCProfilingRuleThreadSetup(), and SCProfilingRuleUpdateCounter().

int DetectEngineThreadCtx_::rule_perf_data_size

Definition at line 1155 of file detect.h.

Referenced by SCProfilingRuleThreadCleanup(), SCProfilingRuleThreadSetup(), and SCProfilingRuleUpdateCounter().

struct SCProfileSghData_* DetectEngineThreadCtx_::sgh_perf_data

Definition at line 1159 of file detect.h.

Referenced by SCProfilingSghThreadCleanup(), SCProfilingSghThreadSetup(), and SCProfilingSghUpdateCounter().

SpmThreadCtx* DetectEngineThreadCtx_::spm_thread_ctx

SPM thread context used for scanning. This has been cloned from the prototype held by DetectEngineCtx.

Definition at line 1106 of file detect.h.

Referenced by DetectEngineContentInspection(), DetectEngineResetMaxSigId(), and DetectEngineThreadCtxInit().

struct DetectEngineTenantMapping_* DetectEngineThreadCtx_::tenant_array

Definition at line 1021 of file detect.h.

Referenced by DetectEngineMultiTenantSetup(), DetectEngineResetMaxSigId(), and DetectEngineThreadCtxInit().

uint32_t DetectEngineThreadCtx_::tenant_array_size

Definition at line 1022 of file detect.h.

Referenced by DetectEngineMultiTenantSetup(), and DetectEngineResetMaxSigId().

uint32_t DetectEngineThreadCtx_::tenant_id

Note: multi-tenant hash lookup code from Detect() depends on this beeing the first member

Definition at line 1006 of file detect.h.

Referenced by DetectEngineReload(), and DetectEngineThreadCtxInit().

uint32_t(* DetectEngineThreadCtx_::TenantGetId) (const void *, const Packet *p)

Definition at line 1024 of file detect.h.

Referenced by Detect(), and DetectEngineResetMaxSigId().

uint64_t DetectEngineThreadCtx_::ticker

ticker that is incremented once per packet.

Definition at line 1009 of file detect.h.

Referenced by HttpHeaderGetBufferSpaceForTXID(), and SigMatchSignaturesGetSgh().

uint32_t DetectEngineThreadCtx_::to_clear_idx

Definition at line 1053 of file detect.h.

Referenced by DetectEngineResetMaxSigId(), InspectionBufferClean(), InspectionBufferGet(), and InspectionBufferGetMulti().

uint32_t* DetectEngineThreadCtx_::to_clear_queue

Definition at line 1054 of file detect.h.

Referenced by DetectEngineResetMaxSigId(), DetectEngineThreadCtxInit(), InspectionBufferClean(), InspectionBufferGet(), and InspectionBufferGetMulti().

ThreadVars* DetectEngineThreadCtx_::tv

Definition at line 1012 of file detect.h.

Referenced by DetectEngineThreadCtxInit(), and DetectLuaRegister().

RuleMatchCandidateTx* DetectEngineThreadCtx_::tx_candidates

Definition at line 1090 of file detect.h.

Referenced by RuleMatchCandidateTxArrayFree(), and RuleMatchCandidateTxArrayInit().

uint32_t DetectEngineThreadCtx_::tx_candidates_size

Definition at line 1091 of file detect.h.

Referenced by RuleMatchCandidateTxArrayFree(), and RuleMatchCandidateTxArrayInit().

uint64_t DetectEngineThreadCtx_::tx_id

ID of the transaction currently being inspected.

Definition at line 1073 of file detect.h.

Referenced by DetectFilestoreRegister(), and DetectLuaRegister().

uint16_t DetectEngineThreadCtx_::tx_id_set

Definition at line 1071 of file detect.h.

DetectVarList* DetectEngineThreadCtx_::varlist

Definition at line 1117 of file detect.h.

Referenced by DetectFlowvarPostMatchSetup(), DetectVarStoreMatch(), and DetectVarStoreMatchKeyValue().

The documentation for this struct was generated from the following file:

src/detect.h

Public Member Functions

Data Fields

Detailed Description

Member Function Documentation

Field Documentation