suricata
util-threshold-config.h File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

void SCThresholdConfParseFile (DetectEngineCtx *, FILE *)
 Parses the Threshold Config file. More...
 
int SCThresholdConfInitContext (DetectEngineCtx *)
 Inits the context to be used by the Threshold Config parsing API. More...
 
void SCThresholdConfRegisterTests (void)
 This function registers unit tests for Classification Config API. More...
 
void SCThresholdConfGlobalInit (void)
 
void SCThresholdConfGlobalFree (void)
 

Detailed Description

Function Documentation

void SCThresholdConfGlobalFree ( void  )

Definition at line 151 of file util-threshold-config.c.

References ConfGet(), DetectEngineCtx_::config_prefix, and THRESHOLD_CONF_DEF_CONF_FILEPATH.

Referenced by GlobalsInitPreConfig().

Here is the call graph for this function:

Here is the caller graph for this function:

void SCThresholdConfGlobalInit ( void  )

Definition at line 103 of file util-threshold-config.c.

References DETECT_BASE_REGEX, DETECT_RATE_REGEX, DETECT_SUPPRESS_REGEX, DETECT_THRESHOLD_REGEX, FatalError, SC_ERR_PCRE_COMPILE, and SC_ERR_PCRE_STUDY.

Referenced by GlobalsInitPreConfig().

Here is the caller graph for this function:

int SCThresholdConfInitContext ( DetectEngineCtx de_ctx)

Inits the context to be used by the Threshold Config parsing API.

This function initializes the hash table to be used by the Detection Engine Context to hold the data from the threshold.config file, obtains the file desc to parse the threshold.config file, and inits the regex used to parse the lines from threshold.config file.

Parameters
de_ctxPointer to the Detection Engine Context.
Return values
0On success.
-1On failure.

Definition at line 237 of file util-threshold-config.c.

References DetectThresholdData_::addrs, BUG_ON, ByteExtractStringUint32(), DetectThresholdData_::count, SigMatch_::ctx, de, DETECT_DETECTION_FILTER, DETECT_SM_LIST_SUPPRESS, DETECT_SM_LIST_THRESHOLD, DETECT_THRESHOLD, DetectAddressHeadCleanup(), DetectAddressParse(), DetectGetLastSMByListId(), Signature_::flags, Signature_::gid, Signature_::id, len, MAX_SUBSTRINGS, DetectThresholdData_::new_action, Signature_::next, SC_ERR_EVENT_ENGINE, SC_ERR_FOPEN, SC_ERR_INVALID_ARGUMENTS, SC_ERR_INVALID_IP_NETBLOCK, SC_ERR_INVALID_VALUE, SC_ERR_MEM_ALLOC, SC_ERR_PCRE_GET_SUBSTRING, SC_ERR_PCRE_MATCH, SCFree, SCLogDebug, SCLogError, SCLogInfo, SCLogWarning, SCMalloc, SCRealloc, SCThresholdConfParseFile(), DetectThresholdData_::seconds, SIG_FLAG_NOALERT, DetectEngineCtx_::sig_list, SigFindSignatureBySidGid(), SigMatchAlloc(), SigMatchAppendSMToList(), SigMatchFree(), SigMatchRemoveSMFromList(), TH_ACTION_ALERT, TH_ACTION_DROP, TH_ACTION_LOG, TH_ACTION_PASS, TH_ACTION_REJECT, TH_ACTION_SDROP, ThresholdCtx_::th_entry, ThresholdCtx_::th_size, THRESHOLD_TYPE_EVENT_FILTER, THRESHOLD_TYPE_RATE, THRESHOLD_TYPE_SUPPRESS, THRESHOLD_TYPE_THRESHOLD, DetectEngineCtx_::ths_ctx, DetectThresholdData_::timeout, DetectThresholdData_::track, TRACK_BOTH, TRACK_DST, TRACK_EITHER, TRACK_RULE, TRACK_SRC, DetectThresholdData_::type, SigMatch_::type, TYPE_BOTH, TYPE_LIMIT, TYPE_RATE, TYPE_SUPPRESS, TYPE_THRESHOLD, and unlikely.

Referenced by SCThresholdConfParseFile(), and SigLoadSignatures().

Here is the call graph for this function:

Here is the caller graph for this function:

void SCThresholdConfParseFile ( DetectEngineCtx de_ctx,
FILE *  fp 
)

Parses the Threshold Config file.

Parameters
de_ctxPointer to the Detection Engine Context.
fdPointer to file descriptor.

Definition at line 1102 of file util-threshold-config.c.

References Packet_::action, ACTION_DROP, Packet_::alerts, PacketAlerts_::cnt, DetectThresholdData_::count, SigMatch_::ctx, SigMatchData_::ctx, de, DE_QUIET, DETECT_DETECTION_FILTER, DETECT_SM_LIST_SUPPRESS, DETECT_SM_LIST_THRESHOLD, DETECT_THRESHOLD, DetectEngineAppendSig(), DetectEngineCtxFree(), DetectEngineCtxInit(), DetectEngineThreadCtxDeinit(), DetectEngineThreadCtxInit(), DetectGetLastSMByListId(), FAIL_IF, FAIL_IF_NOT, FAIL_IF_NOT_NULL, FAIL_IF_NULL, DetectEngineCtx_::flags, HOST_QUIET, HostInitConfig(), HostShutdown(), IPPAIR_QUIET, IPPairInitConfig(), IPPairShutdown(), SigMatchData_::is_last, m, Signature_::next, Signature_::num, PACKET_TEST_ACTION, PacketAlertCheck(), PASS, SCFmemopen, SCLogDebug, SCLogInfo, SCThresholdConfInitContext(), DetectThresholdData_::seconds, DetectEngineCtx_::sig_list, SigGroupBuild(), SigMatchSignatures(), Signature_::sm_arrays, ThresholdCtx_::th_entry, DetectEngineCtx_::ths_ctx, TimeGet(), TimeSetIncrementTime(), DetectThresholdData_::track, TRACK_DST, TRACK_SRC, Packet_::ts, DetectThresholdData_::type, TYPE_BOTH, TYPE_LIMIT, TYPE_RATE, TYPE_SUPPRESS, TYPE_THRESHOLD, UTHBuildPacket(), UTHBuildPacketReal(), UTHBuildPacketSrcDst(), and UTHFreePacket().

Referenced by SCThresholdConfInitContext().

Here is the call graph for this function:

Here is the caller graph for this function:

void SCThresholdConfRegisterTests ( void  )

This function registers unit tests for Classification Config API.

Definition at line 2729 of file util-threshold-config.c.

References UtRegisterTest().

Here is the call graph for this function: