suricata
Data Structures | Macros | Typedefs | Enumerations | Functions
datasets.h File Reference
#include "util-thash.h"
#include "rust.h"
#include "datasets-reputation.h"
Include dependency graph for datasets.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  Dataset
 

Macros

#define DATASET_TYPE_NOTSET   0
 
#define DATASET_NAME_MAX_LEN   63
 

Typedefs

typedef struct Dataset Dataset
 

Enumerations

enum  DatasetFormats { DATASET_FORMAT_CSV = 0 , DATASET_FORMAT_JSON , DATASET_FORMAT_NDJSON }
 
enum  DatasetTypes {
  DATASET_TYPE_STRING = 1 , DATASET_TYPE_MD5 , DATASET_TYPE_SHA256 , DATASET_TYPE_IPV4 ,
  DATASET_TYPE_IPV6
}
 

Functions

int DatasetsInit (void)
 
void DatasetsDestroy (void)
 
void DatasetsSave (void)
 
void DatasetReload (void)
 
void DatasetPostReloadCleanup (void)
 
enum DatasetTypes DatasetGetTypeFromString (const char *s)
 
int DatasetAppendSet (Dataset *set)
 
DatasetDatasetAlloc (const char *name)
 
void DatasetLock (void)
 
void DatasetUnlock (void)
 
DatasetDatasetSearchByName (const char *name)
 
DatasetDatasetFind (const char *name, enum DatasetTypes type)
 look for set by name without creating it
 
DatasetDatasetGet (const char *name, enum DatasetTypes type, const char *save, const char *load, uint64_t memcap, uint32_t hashsize)
 
int DatasetGetOrCreate (const char *name, enum DatasetTypes type, const char *save, const char *load, uint64_t *memcap, uint32_t *hashsize, Dataset **ret_set)
 
int DatasetAdd (Dataset *set, const uint8_t *data, const uint32_t data_len)
 
int DatasetRemove (Dataset *set, const uint8_t *data, const uint32_t data_len)
 
int DatasetLookup (Dataset *set, const uint8_t *data, const uint32_t data_len)
 see if data is part of the set
 
DataRepResultType DatasetLookupwRep (Dataset *set, const uint8_t *data, const uint32_t data_len, const DataRepType *rep)
 
void DatasetGetDefaultMemcap (uint64_t *memcap, uint32_t *hashsize)
 
int DatasetParseIpv6String (Dataset *set, const char *line, struct in6_addr *in6)
 
int DatasetAddSerialized (Dataset *set, const char *string)
 add serialized data to set
 
int DatasetRemoveSerialized (Dataset *set, const char *string)
 remove serialized data from set
 
int DatasetLookupSerialized (Dataset *set, const char *string)
 add serialized data to set
 

Macro Definition Documentation

◆ DATASET_NAME_MAX_LEN

#define DATASET_NAME_MAX_LEN   63

Definition at line 46 of file datasets.h.

◆ DATASET_TYPE_NOTSET

#define DATASET_TYPE_NOTSET   0

Definition at line 38 of file datasets.h.

Typedef Documentation

◆ Dataset

typedef struct Dataset Dataset

Enumeration Type Documentation

◆ DatasetFormats

enum DatasetFormats
Enumerator
DATASET_FORMAT_CSV 
DATASET_FORMAT_JSON 
DATASET_FORMAT_NDJSON 

Definition at line 31 of file datasets.h.

◆ DatasetTypes

enum DatasetTypes
Enumerator
DATASET_TYPE_STRING 
DATASET_TYPE_MD5 
DATASET_TYPE_SHA256 
DATASET_TYPE_IPV4 
DATASET_TYPE_IPV6 

Definition at line 37 of file datasets.h.

Function Documentation

◆ DatasetAdd()

int DatasetAdd ( Dataset set,
const uint8_t *  data,
const uint32_t  data_len 
)

Definition at line 1339 of file datasets.c.

References THashDataGetResult::data, DATASET_TYPE_IPV4, DATASET_TYPE_IPV6, DATASET_TYPE_MD5, DATASET_TYPE_SHA256, DATASET_TYPE_STRING, and Dataset::type.

Referenced by DetectDatasetBufferMatch().

Here is the caller graph for this function:

◆ DatasetAddSerialized()

int DatasetAddSerialized ( Dataset set,
const char *  string 
)

add serialized data to set

Return values
int1 added
int0 already in hash
int-1 API error (not added)
int-2 DATA error

Definition at line 1446 of file datasets.c.

◆ DatasetAlloc()

Dataset * DatasetAlloc ( const char *  name)

Definition at line 112 of file datasets.c.

References Dataset::id, and SCCalloc.

Referenced by DatasetGetOrCreate().

Here is the caller graph for this function:

◆ DatasetAppendSet()

int DatasetAppendSet ( Dataset set)

Definition at line 79 of file datasets.c.

References THashTableContext_::config, Dataset::hash, THashDataConfig_::hash_size, Dataset::load, Dataset::name, Dataset::next, Dataset::save, SC_ATOMIC_GET, SCLogDebug, SCLogError, and Dataset::type.

Referenced by DatajsonGet(), and DatasetGet().

Here is the caller graph for this function:

◆ DatasetFind()

Dataset * DatasetFind ( const char *  name,
enum DatasetTypes  type 
)

look for set by name without creating it

Definition at line 320 of file datasets.c.

References DatasetLock(), DatasetSearchByName(), DatasetUnlock(), name, Dataset::type, and type.

Here is the call graph for this function:

◆ DatasetGet()

Dataset * DatasetGet ( const char *  name,
enum DatasetTypes  type,
const char *  save,
const char *  load,
uint64_t  memcap,
uint32_t  hashsize 
)

Definition at line 451 of file datasets.c.

References DATASET_TYPE_IPV4, DATASET_TYPE_IPV6, DATASET_TYPE_MD5, DATASET_TYPE_SHA256, DATASET_TYPE_STRING, DatasetAppendSet(), DatasetGetOrCreate(), DatasetLock(), DatasetUnlock(), Dataset::hash, hashsize, IPv4Compare(), IPv4Free(), IPv4Hash(), IPv4Set(), IPv6Compare(), IPv6Free(), IPv6Hash(), IPv6Set(), Md5StrCompare(), Md5StrFree(), Md5StrHash(), Md5StrSet(), name, SCFree, SCLogDebug, SCLogError, Sha256StrCompare(), Sha256StrFree(), Sha256StrHash(), Sha256StrSet(), StringCompare(), StringFree(), StringGetLength(), StringHash(), StringSet(), THashInit(), THashShutdown(), and type.

Referenced by DatasetsInit().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DatasetGetDefaultMemcap()

void DatasetGetDefaultMemcap ( uint64_t *  memcap,
uint32_t *  hashsize 
)

Definition at line 599 of file datasets.c.

References DATASETS_HASHSIZE_DEFAULT, hashsize, ParseSizeStringU32(), ParseSizeStringU64(), SCConfGet(), SCLogWarning, and str.

Referenced by DatasetGetOrCreate(), and DatasetsInit().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DatasetGetOrCreate()

int DatasetGetOrCreate ( const char *  name,
enum DatasetTypes  type,
const char *  save,
const char *  load,
uint64_t *  memcap,
uint32_t *  hashsize,
Dataset **  ret_set 
)
Returns
-1 on error
0 on successful creation
1 if the dataset already exists

Calling function is responsible for locking via DatasetLock()

Definition at line 369 of file datasets.c.

References DATASET_NAME_MAX_LEN, DATASET_TYPE_NOTSET, DatasetAlloc(), DatasetGetDefaultMemcap(), DatasetSearchByName(), DatasetUnlock(), hashsize, Dataset::load, Dataset::name, name, Dataset::save, SCFree, SCLogDebug, SCLogError, strlcpy(), Dataset::type, and type.

Referenced by DatajsonGet(), and DatasetGet().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DatasetGetTypeFromString()

enum DatasetTypes DatasetGetTypeFromString ( const char *  s)

Definition at line 64 of file datasets.c.

References DATASET_TYPE_IPV4, DATASET_TYPE_IPV6, DATASET_TYPE_MD5, DATASET_TYPE_NOTSET, DATASET_TYPE_SHA256, and DATASET_TYPE_STRING.

◆ DatasetLock()

void DatasetLock ( void  )

Definition at line 102 of file datasets.c.

References SCMutexLock, and sets_lock.

Referenced by DatajsonGet(), DatasetFind(), DatasetGet(), DatasetPostReloadCleanup(), DatasetReload(), DatasetsDestroy(), and DatasetsSave().

Here is the caller graph for this function:

◆ DatasetLookup()

int DatasetLookup ( Dataset set,
const uint8_t *  data,
const uint32_t  data_len 
)

see if data is part of the set

Parameters
setdataset
datadata to look up
data_lenlength in bytes of data
Return values
-1error
0not found
1found

Definition at line 1104 of file datasets.c.

References DATASET_TYPE_IPV4, DATASET_TYPE_IPV6, DATASET_TYPE_MD5, DATASET_TYPE_SHA256, DATASET_TYPE_STRING, and Dataset::type.

Referenced by DetectDatasetBufferMatch().

Here is the caller graph for this function:

◆ DatasetLookupSerialized()

int DatasetLookupSerialized ( Dataset set,
const char *  string 
)

add serialized data to set

Return values
int1 added
int0 already in hash
int-1 API error (not added)
int-2 DATA error

Definition at line 1458 of file datasets.c.

◆ DatasetLookupwRep()

DataRepResultType DatasetLookupwRep ( Dataset set,
const uint8_t *  data,
const uint32_t  data_len,
const DataRepType *  rep 
)

Definition at line 1124 of file datasets.c.

References DATASET_TYPE_IPV4, DATASET_TYPE_IPV6, DATASET_TYPE_MD5, DATASET_TYPE_SHA256, DATASET_TYPE_STRING, DataRepResultType::found, and Dataset::type.

Referenced by DetectDatarepBufferMatch().

Here is the caller graph for this function:

◆ DatasetParseIpv6String()

int DatasetParseIpv6String ( Dataset set,
const char *  line,
struct in6_addr *  in6 
)

Definition at line 156 of file datasets.c.

References FatalErrorOnInit, Dataset::load, and Dataset::name.

Referenced by DatajsonAddSerialized().

Here is the caller graph for this function:

◆ DatasetPostReloadCleanup()

void DatasetPostReloadCleanup ( void  )

Definition at line 569 of file datasets.c.

References DatasetLock(), DatasetUnlock(), Dataset::hash, Dataset::hidden, next, Dataset::next, SCFree, SCLogDebug, and THashShutdown().

Referenced by DetectEngineReload().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DatasetReload()

void DatasetReload ( void  )

Definition at line 543 of file datasets.c.

References THashTableContext_::config, dataset_max_total_hashsize, dataset_used_hashsize, DatasetLock(), DatasetUnlock(), DEBUG_VALIDATE_BUG_ON, Dataset::from_yaml, Dataset::hash, THashDataConfig_::hash_size, Dataset::hidden, Dataset::load, Dataset::name, Dataset::next, Dataset::save, and SCLogDebug.

Referenced by DetectEngineReload().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DatasetRemove()

int DatasetRemove ( Dataset set,
const uint8_t *  data,
const uint32_t  data_len 
)

Definition at line 1542 of file datasets.c.

References DATASET_TYPE_IPV4, DATASET_TYPE_IPV6, DATASET_TYPE_MD5, DATASET_TYPE_SHA256, DATASET_TYPE_STRING, and Dataset::type.

Referenced by DetectDatasetBufferMatch().

Here is the caller graph for this function:

◆ DatasetRemoveSerialized()

int DatasetRemoveSerialized ( Dataset set,
const char *  string 
)

remove serialized data from set

Return values
int1 removed
int0 found but busy (not removed)
int-1 API error (not removed)
int-2 DATA error

Definition at line 1536 of file datasets.c.

◆ DatasetsDestroy()

void DatasetsDestroy ( void  )

Definition at line 774 of file datasets.c.

References DatasetLock(), DatasetUnlock(), Dataset::hash, Dataset::name, next, Dataset::next, SCFree, SCLogDebug, and THashShutdown().

Referenced by GlobalsDestroy().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DatasetSearchByName()

Dataset * DatasetSearchByName ( const char *  name)

Definition at line 121 of file datasets.c.

References Dataset::hidden, Dataset::name, name, and Dataset::next.

Referenced by DatasetFind(), and DatasetGetOrCreate().

Here is the caller graph for this function:

◆ DatasetsInit()

int DatasetsInit ( void  )

Definition at line 622 of file datasets.c.

References dataset_max_one_hashsize, dataset_max_total_hashsize, DATASET_NAME_MAX_LEN, DATASET_TYPE_IPV4, DATASET_TYPE_IPV6, DATASET_TYPE_MD5, DATASET_TYPE_SHA256, DATASET_TYPE_STRING, DatasetGet(), DatasetGetDefaultMemcap(), FatalError, FatalErrorOnInit, Dataset::from_yaml, hashsize, Dataset::id, SCConfNode_::name, next, ParseSizeStringU32(), ParseSizeStringU64(), SCConfGet(), SCConfGetNode(), SCConfNodeLookupChild(), SCLogDebug, SCLogWarning, str, strlcpy(), TAILQ_FOREACH, TYPE_LOAD, TYPE_STATE, and SCConfNode_::val.

Referenced by PreRunPostPrivsDropInit().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DatasetsSave()

void DatasetsSave ( void  )

Definition at line 852 of file datasets.c.

References DATASET_TYPE_IPV4, DATASET_TYPE_IPV6, DATASET_TYPE_MD5, DATASET_TYPE_SHA256, DATASET_TYPE_STRING, DatasetLock(), DatasetUnlock(), Dataset::hash, Dataset::name, next, Dataset::next, Dataset::save, SCLogDebug, StringAsBase64(), THashWalk(), and Dataset::type.

Referenced by GlobalsDestroy().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DatasetUnlock()

void DatasetUnlock ( void  )

Definition at line 107 of file datasets.c.

References SCMutexUnlock, and sets_lock.

Referenced by DatajsonGet(), DatasetFind(), DatasetGet(), DatasetGetOrCreate(), DatasetPostReloadCleanup(), DatasetReload(), DatasetsDestroy(), and DatasetsSave().

Here is the caller graph for this function: