util-threshold-config.c File Reference

#include "suricata-common.h"
#include "action-globals.h"
#include "host.h"
#include "ippair.h"
#include "detect.h"
#include "detect-engine.h"
#include "detect-engine-address.h"
#include "detect-engine-threshold.h"
#include "detect-threshold.h"
#include "detect-parse.h"
#include "detect-engine-build.h"
#include "conf.h"
#include "util-threshold-config.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "util-byte.h"
#include "util-time.h"
#include "util-debug.h"
#include "util-fmemopen.h"
#include "detect-engine-alert.h"
#include "packet.h"

Include dependency graph for util-threshold-config.c:

Go to the source code of this file.

#define	DETECT_BASE_REGEX   "^\\s*(event_filter|threshold|rate_filter|suppress)\\s*gen_id\\s*(\\d+)\\s*,\\s*sig_id\\s*(\\d+)\\s*(.*)\\s*$"
#define	DETECT_THRESHOLD_REGEX
#define	DETECT_RATE_REGEX
#define	DETECT_SUPPRESS_REGEX   "^,\\s*track\\s*(by_dst|by_src|by_either)\\s*,\\s*ip\\s*([\\[\\],\\$\\s\\da-zA-Z.:/_]+)*\\s*$"
#define	THRESHOLD_CONF_DEF_CONF_FILEPATH   CONFIG_DIR "/threshold.config"
enum	ThresholdRuleType { THRESHOLD_TYPE_EVENT_FILTER, THRESHOLD_TYPE_THRESHOLD, THRESHOLD_TYPE_RATE, THRESHOLD_TYPE_SUPPRESS }
typedef enum ThresholdRuleType	ThresholdRuleType
void	SCThresholdConfGlobalInit (void)
int	SCThresholdConfInitContext (DetectEngineCtx *de_ctx)
	Inits the context to be used by the Threshold Config parsing API. More...
int	SCThresholdConfParseFile (DetectEngineCtx *de_ctx, FILE *fp)
	Parses the Threshold Config file. More...
void	SCThresholdConfRegisterTests (void)
	This function registers unit tests for Classification Config API. More...

Detailed Description

Author

Breno Silva Pinto breno.nosp@m..sil.nosp@m.va@gm.nosp@m.ail..nosp@m.com

Implements Threshold support

Definition in file util-threshold-config.c.

Macro Definition Documentation

DETECT_BASE_REGEX

#define DETECT_BASE_REGEX   "^\\s*(event_filter|threshold|rate_filter|suppress)\\s*gen_id\\s*(\\d+)\\s*,\\s*sig_id\\s*(\\d+)\\s*(.*)\\s*$"

Definition at line 68 of file util-threshold-config.c.

DETECT_RATE_REGEX

#define DETECT_RATE_REGEX

Value:

    "^,\\s*track\\s*(by_dst|by_src|by_both|by_rule|by_flow)\\s*,\\s*count\\s*(\\d+)\\s*,\\s*"      \
    "seconds\\s*(\\d+)\\s*,\\s*new_action\\s*(alert|drop|pass|log|sdrop|reject)\\s*,\\s*"          \
    "timeout\\s*(\\d+)\\s*$"

Definition at line 76 of file util-threshold-config.c.

DETECT_SUPPRESS_REGEX

#define DETECT_SUPPRESS_REGEX   "^,\\s*track\\s*(by_dst|by_src|by_either)\\s*,\\s*ip\\s*([\\[\\],\\$\\s\\da-zA-Z.:/_]+)*\\s*$"

Definition at line 87 of file util-threshold-config.c.

DETECT_THRESHOLD_REGEX

#define DETECT_THRESHOLD_REGEX

Value:

    "^,\\s*type\\s*(limit|both|threshold)\\s*,\\s*track\\s*(by_dst|by_src|by_both|by_rule|by_"     \
    "flow)\\s*,"                                                                                   \
    "\\s*count\\s*(\\d+)\\s*,\\s*seconds\\s*(\\d+)\\s*$"

Definition at line 70 of file util-threshold-config.c.

THRESHOLD_CONF_DEF_CONF_FILEPATH

#define THRESHOLD_CONF_DEF_CONF_FILEPATH   CONFIG_DIR "/threshold.config"

Definition at line 93 of file util-threshold-config.c.

Typedef Documentation

ThresholdRuleType

typedef enum ThresholdRuleType ThresholdRuleType

Enumeration Type Documentation

ThresholdRuleType

enum ThresholdRuleType

Enumerator
THRESHOLD_TYPE_EVENT_FILTER
THRESHOLD_TYPE_THRESHOLD
THRESHOLD_TYPE_RATE
THRESHOLD_TYPE_SUPPRESS

Definition at line 54 of file util-threshold-config.c.

Function Documentation

SCThresholdConfGlobalInit()

void SCThresholdConfGlobalInit

(

void

)

Definition at line 102 of file util-threshold-config.c.

Referenced by GlobalsInitPreConfig().

Here is the caller graph for this function:

SCThresholdConfInitContext()

int SCThresholdConfInitContext

(

DetectEngineCtx *

de_ctx

)

Inits the context to be used by the Threshold Config parsing API.

   This function initializes the hash table to be used by the Detection
   Engine Context to hold the data from the threshold.config file,
   obtains the file desc to parse the threshold.config file, and
   inits the regex used to parse the lines from threshold.config
   file.

Parameters

de_ctx

Pointer to the Detection Engine Context.

Return values

0	On success.
-1	On failure.

Definition at line 169 of file util-threshold-config.c.

SCThresholdConfParseFile()

int SCThresholdConfParseFile	(	DetectEngineCtx *	de_ctx,
		FILE *	fp
	)

Parses the Threshold Config file.

Parameters

de_ctx	Pointer to the Detection Engine Context.
fd	Pointer to file descriptor.

Definition at line 983 of file util-threshold-config.c.

SCThresholdConfRegisterTests()

void SCThresholdConfRegisterTests

(

void

)

This function registers unit tests for Classification Config API.

Definition at line 2580 of file util-threshold-config.c.

References UtRegisterTest().

Here is the call graph for this function: