suricata.8.0.0/datasets_8h_source.html

/* Copyright (C) 2017 Open Information Security Foundation

 *

 * You can copy, redistribute or modify this Program under the terms of

 * the GNU General Public License version 2 as published by the Free

 * Software Foundation.

 *

 * This program is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * version 2 along with this program; if not, write to the Free Software

 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA

 * 02110-1301, USA.

 */


#ifndef SURICATA_DATASETS_H

#define SURICATA_DATASETS_H


#include "util-thash.h"

#include "rust.h"

#include "datasets-reputation.h"


int DatasetsInit(void);

void DatasetsDestroy(void);

void DatasetsSave(void);

void DatasetReload(void);

void DatasetPostReloadCleanup(void);


typedef enum {

    DATASET_FORMAT_CSV = 0,

    DATASET_FORMAT_JSON,   /* File contains one single JSON object */

    DATASET_FORMAT_NDJSON, /* Newline Delimited JSON */

} DatasetFormats;


enum DatasetTypes {

#define DATASET_TYPE_NOTSET 0

    DATASET_TYPE_STRING = 1,

    DATASET_TYPE_MD5,

    DATASET_TYPE_SHA256,

    DATASET_TYPE_IPV4,

    DATASET_TYPE_IPV6,

};


#define DATASET_NAME_MAX_LEN 63


typedef struct Dataset {

    char name[DATASET_NAME_MAX_LEN + 1];

    enum DatasetTypes type;

    uint32_t id;

    bool from_yaml;                     /* Mark whether the set was retrieved from YAML */

    bool hidden;                        /* Mark the old sets hidden in case of reload */

    bool remove_key;                    /* Mark that value key should be removed from extra data */

    THashTableContext *hash;


    char load[PATH_MAX];

    char save[PATH_MAX];


    struct Dataset *next;

} Dataset;


enum DatasetTypes DatasetGetTypeFromString(const char *s);

int DatasetAppendSet(Dataset *set);

Dataset *DatasetAlloc(const char *name);

void DatasetLock(void);

void DatasetUnlock(void);

Dataset *DatasetSearchByName(const char *name);

Dataset *DatasetFind(const char *name, enum DatasetTypes type);

Dataset *DatasetGet(const char *name, enum DatasetTypes type, const char *save, const char *load,

        uint64_t memcap, uint32_t hashsize);

int DatasetGetOrCreate(const char *name, enum DatasetTypes type, const char *save, const char *load,

        uint64_t *memcap, uint32_t *hashsize, Dataset **ret_set);

int DatasetAdd(Dataset *set, const uint8_t *data, const uint32_t data_len);

int DatasetRemove(Dataset *set, const uint8_t *data, const uint32_t data_len);

int DatasetLookup(Dataset *set, const uint8_t *data, const uint32_t data_len);

DataRepResultType DatasetLookupwRep(Dataset *set, const uint8_t *data, const uint32_t data_len,

        const DataRepType *rep);


void DatasetGetDefaultMemcap(uint64_t *memcap, uint32_t *hashsize);

int DatasetParseIpv6String(Dataset *set, const char *line, struct in6_addr *in6);


int DatasetAddSerialized(Dataset *set, const char *string);

int DatasetRemoveSerialized(Dataset *set, const char *string);

int DatasetLookupSerialized(Dataset *set, const char *string);


#endif /* SURICATA_DATASETS_H */

datasets-reputation.h

DatasetUnlock
void DatasetUnlock(void)
Definition datasets.c:107

DatasetSearchByName
Dataset * DatasetSearchByName(const char *name)
Definition datasets.c:121

DatasetLookupSerialized
int DatasetLookupSerialized(Dataset *set, const char *string)
add serialized data to set
Definition datasets.c:1458

DatasetAddSerialized
int DatasetAddSerialized(Dataset *set, const char *string)
add serialized data to set
Definition datasets.c:1446

DatasetLookup
int DatasetLookup(Dataset *set, const uint8_t *data, const uint32_t data_len)
see if data is part of the set
Definition datasets.c:1104

DatasetRemoveSerialized
int DatasetRemoveSerialized(Dataset *set, const char *string)
remove serialized data from set
Definition datasets.c:1536

DatasetPostReloadCleanup
void DatasetPostReloadCleanup(void)
Definition datasets.c:569

DatasetsSave
void DatasetsSave(void)
Definition datasets.c:852

DatasetLookupwRep
DataRepResultType DatasetLookupwRep(Dataset *set, const uint8_t *data, const uint32_t data_len, const DataRepType *rep)
Definition datasets.c:1124

DatasetAlloc
Dataset * DatasetAlloc(const char *name)
Definition datasets.c:112

DatasetTypes
DatasetTypes
Definition datasets.h:37

DATASET_TYPE_STRING
@ DATASET_TYPE_STRING
Definition datasets.h:39

DATASET_TYPE_IPV6
@ DATASET_TYPE_IPV6
Definition datasets.h:43

DATASET_TYPE_IPV4
@ DATASET_TYPE_IPV4
Definition datasets.h:42

DATASET_TYPE_SHA256
@ DATASET_TYPE_SHA256
Definition datasets.h:41

DATASET_TYPE_MD5
@ DATASET_TYPE_MD5
Definition datasets.h:40

DatasetFind
Dataset * DatasetFind(const char *name, enum DatasetTypes type)
look for set by name without creating it
Definition datasets.c:320

DATASET_NAME_MAX_LEN
#define DATASET_NAME_MAX_LEN
Definition datasets.h:46

DatasetsInit
int DatasetsInit(void)
Definition datasets.c:622

DatasetLock
void DatasetLock(void)
Definition datasets.c:102

DatasetReload
void DatasetReload(void)
Definition datasets.c:543

DatasetAppendSet
int DatasetAppendSet(Dataset *set)
Definition datasets.c:79

DatasetFormats
DatasetFormats
Definition datasets.h:31

DATASET_FORMAT_CSV
@ DATASET_FORMAT_CSV
Definition datasets.h:32

DATASET_FORMAT_JSON
@ DATASET_FORMAT_JSON
Definition datasets.h:33

DATASET_FORMAT_NDJSON
@ DATASET_FORMAT_NDJSON
Definition datasets.h:34

DatasetGetDefaultMemcap
void DatasetGetDefaultMemcap(uint64_t *memcap, uint32_t *hashsize)
Definition datasets.c:599

DatasetAdd
int DatasetAdd(Dataset *set, const uint8_t *data, const uint32_t data_len)
Definition datasets.c:1339

DatasetsDestroy
void DatasetsDestroy(void)
Definition datasets.c:774

DatasetGetTypeFromString
enum DatasetTypes DatasetGetTypeFromString(const char *s)
Definition datasets.c:64

DatasetGetOrCreate
int DatasetGetOrCreate(const char *name, enum DatasetTypes type, const char *save, const char *load, uint64_t *memcap, uint32_t *hashsize, Dataset **ret_set)
Definition datasets.c:369

DatasetRemove
int DatasetRemove(Dataset *set, const uint8_t *data, const uint32_t data_len)
Definition datasets.c:1542

DatasetParseIpv6String
int DatasetParseIpv6String(Dataset *set, const char *line, struct in6_addr *in6)
Definition datasets.c:156

DatasetGet
Dataset * DatasetGet(const char *name, enum DatasetTypes type, const char *save, const char *load, uint64_t memcap, uint32_t hashsize)
Definition datasets.c:451

type
uint16_t type
Definition decode-vlan.c:106

rust.h

DataRepResultType
Definition datasets-reputation.h:29

Dataset
Definition datasets.h:47

Dataset::remove_key
bool remove_key
Definition datasets.h:53

Dataset::next
struct Dataset * next
Definition datasets.h:59

Dataset::from_yaml
bool from_yaml
Definition datasets.h:51

Dataset::name
char name[DATASET_NAME_MAX_LEN+1]
Definition datasets.h:48

Dataset::hidden
bool hidden
Definition datasets.h:52

Dataset::hash
THashTableContext * hash
Definition datasets.h:54

Dataset::id
uint32_t id
Definition datasets.h:50

Dataset::type
enum DatasetTypes type
Definition datasets.h:49

Dataset::load
char load[PATH_MAX]
Definition datasets.h:56

Dataset::save
char save[PATH_MAX]
Definition datasets.h:57

THashTableContext_
Definition util-thash.h:141

name
const char * name
Definition tm-threads.c:2163

hashsize
#define hashsize(n)
Definition util-hash-lookup3.h:40

util-thash.h