#include "detect.h"

Include dependency graph for detect-engine-mpm.h:

Data Structures
struct	PrefilterMpmListId

struct	MpmListIdDataArgs

Typedefs
typedef int(*	PrefilterRegisterFunc) (DetectEngineCtx de_ctx, SigGroupHead sgh, MpmCtx mpm_ctx, const DetectBufferMpmRegistry mpm_reg, int list_id)

typedef struct PrefilterMpmListId	PrefilterMpmListId

Functions
void	DetectMpmInitializeFrameMpms (DetectEngineCtx *de_ctx)

int	DetectMpmPrepareFrameMpms (DetectEngineCtx *de_ctx)
	initialize mpm contexts for applayer buffers that are in "single or "shared" mode.

void	DetectMpmInitializePktMpms (DetectEngineCtx *de_ctx)

int	DetectMpmPreparePktMpms (DetectEngineCtx *de_ctx)
	initialize mpm contexts for applayer buffers that are in "single or "shared" mode.

void	DetectMpmInitializeAppMpms (DetectEngineCtx *de_ctx)

int	DetectMpmPrepareAppMpms (DetectEngineCtx *de_ctx)
	initialize mpm contexts for applayer buffers that are in "single or "shared" mode.

void	DetectMpmInitializeBuiltinMpms (DetectEngineCtx *de_ctx)

int	DetectMpmPrepareBuiltinMpms (DetectEngineCtx *de_ctx)
	initialize mpm contexts for builtin buffers that are in "single or "shared" mode.

uint32_t	PatternStrength (uint8_t *, uint16_t)
	Predict a strength value for patterns.

uint8_t	PatternMatchDefaultMatcher (void)
	Function to return the multi pattern matcher algorithm to be used by the engine, based on the mpm-algo setting in yaml Use the default mpm if none is specified in the yaml file.

void	PatternMatchPrepare (MpmCtx *, uint16_t)

void	PatternMatchThreadPrepare (MpmThreadCtx *, uint16_t type)

void	PatternMatchDestroy (MpmCtx *, uint16_t)

void	PatternMatchThreadDestroy (MpmThreadCtx *mpm_thread_ctx, uint16_t)

int	PatternMatchPrepareGroup (DetectEngineCtx , SigGroupHead )
	Prepare the pattern matcher ctx in a sig group head.

int	SignatureHasPacketContent (const Signature *)
	check if a signature has patterns that are to be inspected against a packets payload (as opposed to the stream payload)

int	SignatureHasStreamContent (const Signature *)
	check if a signature has patterns that are to be inspected against the stream payload (as opposed to the individual packets payload(s))

void	RetrieveFPForSig (const DetectEngineCtx de_ctx, Signature s)

int	MpmStoreInit (DetectEngineCtx *)
	Initializes the MpmStore mpm hash table to be used by the detection engine context.

void	MpmStoreFree (DetectEngineCtx *)
	Frees the hash table - DetectEngineCtx->mpm_hash_table, allocated by MpmStoreInit() function.

void	MpmStoreReportStats (const DetectEngineCtx *de_ctx)

MpmStore *	MpmStorePrepareBuffer (DetectEngineCtx de_ctx, SigGroupHead sgh, enum MpmBuiltinBuffers buf)
	Get MpmStore for a built-in buffer type.

int	DetectSetFastPatternAndItsId (DetectEngineCtx *de_ctx)
	Figure out the FP and their respective content ids for all the sigs in the engine.

void	DetectAppLayerMpmRegister (const char *name, int direction, int priority, PrefilterRegisterFunc PrefilterRegister, InspectionBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress)
	register an app layer keyword for mpm

void	DetectAppLayerMpmRegisterSingle (const char *name, int direction, int priority, PrefilterRegisterFunc PrefilterRegister, InspectionSingleBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress)

void	DetectAppLayerMpmMultiRegister (const char *name, int direction, int priority, PrefilterRegisterFunc PrefilterRegister, InspectionMultiBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress)

void	DetectAppLayerMpmRegisterByParentId (DetectEngineCtx de_ctx, const int id, const int parent_id, DetectEngineTransforms transforms)
	copy a mpm engine from parent_id, add in transforms

void	DetectPktMpmRegister (const char *name, int priority, PrefilterRegisterFunc PrefilterRegister, InspectionBufferGetPktDataPtr GetData)

void	DetectPktMpmRegisterByParentId (DetectEngineCtx de_ctx, const int id, const int parent_id, DetectEngineTransforms transforms)
	copy a mpm engine from parent_id, add in transforms

void	DetectFrameMpmRegister (const char name, int direction, int priority, int(PrefilterRegister)(DetectEngineCtx de_ctx, SigGroupHead sgh, MpmCtx mpm_ctx, const DetectBufferMpmRegistry mpm_reg, int list_id), AppProto alproto, uint8_t type)
	register a MPM engine

void	DetectFrameMpmRegisterByParentId (DetectEngineCtx de_ctx, const int id, const int parent_id, DetectEngineTransforms transforms)
	copy a mpm engine from parent_id, add in transforms

void	DetectEngineFrameMpmRegister (DetectEngineCtx de_ctx, const char name, int direction, int priority, int(PrefilterRegister)(DetectEngineCtx de_ctx, SigGroupHead sgh, MpmCtx mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id), AppProto alproto, uint8_t type)

int	PrefilterGenericMpmFrameRegister (DetectEngineCtx de_ctx, SigGroupHead sgh, MpmCtx mpm_ctx, const DetectBufferMpmRegistry mpm_reg, int list_id)

void	EngineAnalysisAddAllRulePatterns (DetectEngineCtx de_ctx, const Signature s)
	add all patterns on our stats hash Used to fill the hash later used by DumpPatterns()

bool	DetectBufferToClient (const DetectEngineCtx *de_ctx, int buf_id, AppProto alproto)

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file detect-engine-mpm.h.

Typedef Documentation

◆ PrefilterMpmListId

typedef struct PrefilterMpmListId PrefilterMpmListId

◆ PrefilterRegisterFunc

typedef int(* PrefilterRegisterFunc) (DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)

Definition at line 72 of file detect-engine-mpm.h.

Function Documentation

◆ DetectAppLayerMpmMultiRegister()

void DetectAppLayerMpmMultiRegister	(	const char *	name,
		int	direction,
		int	priority,
		PrefilterRegisterFunc	PrefilterRegister,
		InspectionMultiBufferGetDataPtr	GetData,
		AppProto	alproto,
		int	tx_min_progress
	)

Definition at line 168 of file detect-engine-mpm.c.

References name.

Referenced by DetectAppLayerMultiRegister().

Here is the caller graph for this function:

◆ DetectAppLayerMpmRegister()

void DetectAppLayerMpmRegister	(	const char *	name,
		int	direction,
		int	priority,
		PrefilterRegisterFunc	PrefilterRegister,
		InspectionBufferGetDataPtr	GetData,
		AppProto	alproto,
		int	tx_min_progress
	)

register an app layer keyword for mpm

Parameters

name	buffer name
direction	SIG_FLAG_TOSERVER or SIG_FLAG_TOCLIENT
priority	mpm keyword priority
PrefilterRegister	Prefilter api registration function
GetData	callback to setup a InspectBuffer. May be NULL.
alproto	AppProto this MPM engine inspects
tx_min_progress	min tx progress needed to invoke this engine.

Note: direction must be set to either toserver or toclient. If both are needed, register the keyword twice.

Definition at line 152 of file detect-engine-mpm.c.

References name.

◆ DetectAppLayerMpmRegisterByParentId()

void DetectAppLayerMpmRegisterByParentId	(	DetectEngineCtx *	de_ctx,
		const int	id,
		const int	parent_id,
		DetectEngineTransforms *	transforms
	)

copy a mpm engine from parent_id, add in transforms

Definition at line 177 of file detect-engine-mpm.c.

Referenced by DetectEngineBufferTypeGetByIdTransforms().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DetectAppLayerMpmRegisterSingle()

void DetectAppLayerMpmRegisterSingle	(	const char *	name,
		int	direction,
		int	priority,
		PrefilterRegisterFunc	PrefilterRegister,
		InspectionSingleBufferGetDataPtr	GetData,
		AppProto	alproto,
		int	tx_min_progress
	)

Definition at line 160 of file detect-engine-mpm.c.

References name.

Referenced by SCDetectHelperBufferMpmRegister().

Here is the caller graph for this function:

◆ DetectBufferToClient()

bool DetectBufferToClient	(	const DetectEngineCtx *	de_ctx,
		int	buf_id,
		AppProto	alproto
	)

Definition at line 1074 of file detect-engine-mpm.c.

References DetectEngineAppInspectionEngine_::alproto, ALPROTO_UNKNOWN, DetectEngineCtx_::app_inspect_engines, de_ctx, DetectEngineAppInspectionEngine_::dir, DetectEngineAppInspectionEngine_::next, and DetectEngineAppInspectionEngine_::sm_list.

Referenced by RetrieveFPForSig().

Here is the caller graph for this function:

◆ DetectEngineFrameMpmRegister()

void DetectEngineFrameMpmRegister	(	DetectEngineCtx *	de_ctx,
		const char *	name,
		int	direction,
		int	priority,
		int()(DetectEngineCtx de_ctx, SigGroupHead sgh, MpmCtx mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)	PrefilterRegister,
		AppProto	alproto,
		uint8_t	type
	)

Definition at line 407 of file detect-engine-mpm.c.

Referenced by DetectEngineBufferTypeRegisterWithFrameEngines().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DetectFrameMpmRegister()

void DetectFrameMpmRegister	(	const char *	name,
		int	direction,
		int	priority,
		int()(DetectEngineCtx de_ctx, SigGroupHead sgh, MpmCtx mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)	PrefilterRegister,
		AppProto	alproto,
		uint8_t	type
	)

register a MPM engine

Note: to be used at start up / registration only. Errors are fatal.

Definition at line 320 of file detect-engine-mpm.c.

Here is the call graph for this function:

◆ DetectFrameMpmRegisterByParentId()

void DetectFrameMpmRegisterByParentId	(	DetectEngineCtx *	de_ctx,
		const int	id,
		const int	parent_id,
		DetectEngineTransforms *	transforms
	)

copy a mpm engine from parent_id, add in transforms

Definition at line 368 of file detect-engine-mpm.c.

Referenced by DetectEngineBufferTypeGetByIdTransforms().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DetectMpmInitializeAppMpms()

void DetectMpmInitializeAppMpms ( DetectEngineCtx * de_ctx )

Definition at line 245 of file detect-engine-mpm.c.

References DetectBufferMpmRegistry_::alproto, DetectEngineCtx_::app_mpms_list, DetectEngineCtx_::app_mpms_list_cnt, DetectBufferMpmRegistry_::app_v2, BUG_ON, de_ctx, DETECT_BUFFER_MPM_TYPE_APP, ENGINE_SGH_MPM_FACTORY_CONTEXT_SINGLE, MPM_CTX_FACTORY_UNIQUE_CONTEXT, MpmFactoryRegisterMpmCtxProfile(), DetectBufferMpmRegistry_::name, DetectBufferMpmRegistry_::next, SCCalloc, SCConfGetBool(), SCLogDebug, DetectBufferMpmRegistry_::sgh_mpm_context, DetectEngineCtx_::sgh_mpm_ctx_cnf, DetectBufferMpmRegistry_::sm_list, and strlcat().

Here is the call graph for this function:

◆ DetectMpmInitializeBuiltinMpms()

void DetectMpmInitializeBuiltinMpms ( DetectEngineCtx * de_ctx )

Definition at line 733 of file detect-engine-mpm.c.

References de_ctx, DetectEngineCtx_::sgh_mpm_context_proto_other_packet, DetectEngineCtx_::sgh_mpm_context_proto_tcp_packet, DetectEngineCtx_::sgh_mpm_context_proto_udp_packet, and DetectEngineCtx_::sgh_mpm_context_stream.

◆ DetectMpmInitializeFrameMpms()

void DetectMpmInitializeFrameMpms ( DetectEngineCtx * de_ctx )

◆ DetectMpmInitializePktMpms()

void DetectMpmInitializePktMpms ( DetectEngineCtx * de_ctx )

Definition at line 635 of file detect-engine-mpm.c.

References ALPROTO_UNKNOWN, BUG_ON, de_ctx, DETECT_BUFFER_MPM_TYPE_PKT, ENGINE_SGH_MPM_FACTORY_CONTEXT_SINGLE, MPM_CTX_FACTORY_UNIQUE_CONTEXT, MpmFactoryRegisterMpmCtxProfile(), DetectBufferMpmRegistry_::name, DetectBufferMpmRegistry_::next, DetectEngineCtx_::pkt_mpms_list, DetectEngineCtx_::pkt_mpms_list_cnt, SCCalloc, SCConfGetBool(), SCLogDebug, DetectBufferMpmRegistry_::sgh_mpm_context, DetectEngineCtx_::sgh_mpm_ctx_cnf, DetectBufferMpmRegistry_::sm_list, and strlcat().

Here is the call graph for this function:

◆ DetectMpmPrepareAppMpms()

int DetectMpmPrepareAppMpms ( DetectEngineCtx * de_ctx )

initialize mpm contexts for applayer buffers that are in "single or "shared" mode.

Definition at line 295 of file detect-engine-mpm.c.

References DetectEngineCtx_::app_mpms_list, de_ctx, DetectBufferMpmRegistry_::direction, DetectEngineCtx_::mpm_cfg, MPM_CTX_FACTORY_UNIQUE_CONTEXT, DetectEngineCtx_::mpm_matcher, mpm_table, MpmFactoryGetMpmCtxForProfile(), DetectBufferMpmRegistry_::next, MpmTableElmt_::Prepare, DetectBufferMpmRegistry_::sgh_mpm_context, and SIG_FLAG_TOSERVER.

Referenced by SigGroupBuild().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DetectMpmPrepareBuiltinMpms()

int DetectMpmPrepareBuiltinMpms ( DetectEngineCtx * de_ctx )

initialize mpm contexts for builtin buffers that are in "single or "shared" mode.

Definition at line 746 of file detect-engine-mpm.c.

References de_ctx, DetectEngineCtx_::mpm_cfg, MPM_CTX_FACTORY_UNIQUE_CONTEXT, DetectEngineCtx_::mpm_matcher, mpm_table, MpmFactoryGetMpmCtxForProfile(), MpmTableElmt_::Prepare, DetectEngineCtx_::sgh_mpm_context_proto_other_packet, DetectEngineCtx_::sgh_mpm_context_proto_tcp_packet, DetectEngineCtx_::sgh_mpm_context_proto_udp_packet, and DetectEngineCtx_::sgh_mpm_context_stream.

Referenced by SigGroupBuild().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DetectMpmPrepareFrameMpms()

int DetectMpmPrepareFrameMpms ( DetectEngineCtx * de_ctx )

initialize mpm contexts for applayer buffers that are in "single or "shared" mode.

Definition at line 522 of file detect-engine-mpm.c.

References de_ctx, DetectBufferMpmRegistry_::direction, DetectEngineCtx_::frame_mpms_list, DetectEngineCtx_::mpm_cfg, MPM_CTX_FACTORY_UNIQUE_CONTEXT, DetectEngineCtx_::mpm_matcher, mpm_table, MpmFactoryGetMpmCtxForProfile(), DetectBufferMpmRegistry_::name, DetectBufferMpmRegistry_::next, MpmTableElmt_::Prepare, SCLogDebug, DetectBufferMpmRegistry_::sgh_mpm_context, and SIG_FLAG_TOSERVER.

Referenced by SigGroupBuild().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DetectMpmPreparePktMpms()

int DetectMpmPreparePktMpms ( DetectEngineCtx * de_ctx )

initialize mpm contexts for applayer buffers that are in "single or "shared" mode.

Definition at line 687 of file detect-engine-mpm.c.

References de_ctx, DetectEngineCtx_::mpm_cfg, MPM_CTX_FACTORY_UNIQUE_CONTEXT, DetectEngineCtx_::mpm_matcher, mpm_table, MpmFactoryGetMpmCtxForProfile(), DetectBufferMpmRegistry_::name, DetectBufferMpmRegistry_::next, DetectEngineCtx_::pkt_mpms_list, MpmTableElmt_::Prepare, SCLogDebug, and DetectBufferMpmRegistry_::sgh_mpm_context.

Referenced by SigGroupBuild().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DetectPktMpmRegister()

void DetectPktMpmRegister	(	const char *	name,
		int	priority,
		PrefilterRegisterFunc	PrefilterRegister,
		InspectionBufferGetPktDataPtr	GetData
	)

◆ DetectPktMpmRegisterByParentId()

void DetectPktMpmRegisterByParentId	(	DetectEngineCtx *	de_ctx,
		const int	id,
		const int	parent_id,
		DetectEngineTransforms *	transforms
	)

copy a mpm engine from parent_id, add in transforms

Definition at line 597 of file detect-engine-mpm.c.

Referenced by DetectEngineBufferTypeGetByIdTransforms().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DetectSetFastPatternAndItsId()

int DetectSetFastPatternAndItsId ( DetectEngineCtx * de_ctx )

Figure out the FP and their respective content ids for all the sigs in the engine.

Parameters

de_ctx Detection engine context.

Return values

0	On success.
-1	On failure.

Definition at line 2459 of file detect-engine-mpm.c.

References BUG_ON, DetectPatternTracker::cd, DetectPatternTracker::cnt, cnt, SigMatch_::ctx, de_ctx, DETECT_CONTENT_MPM, DetectContentData_::flags, HashListTableAdd(), HashListTableFree(), HashListTableInit(), HashListTableLookup(), DetectContentData_::id, Signature_::id, Signature_::init_data, DetectPatternTracker::mpm, SignatureInitData_::mpm_sm, SignatureInitData_::mpm_sm_list, Signature_::next, PatIntId, SCCalloc, SCLogDebug, DetectEngineCtx_::sig_list, and DetectPatternTracker::sm_list.

Referenced by SigGroupBuild().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ EngineAnalysisAddAllRulePatterns()

void EngineAnalysisAddAllRulePatterns	(	DetectEngineCtx *	de_ctx,
		const Signature *	s
	)

add all patterns on our stats hash Used to fill the hash later used by DumpPatterns()

Note: sets up the hash table on first call

Definition at line 2516 of file detect-engine-mpm.c.

References Signature_::app_inspect, BUG_ON, DetectPatternTracker::cd, DetectPatternTracker::cnt, SigMatchData_::ctx, de_ctx, DETECT_CONTENT, DETECT_CONTENT_MPM, DETECT_SM_LIST_DYNAMIC_START, DETECT_SM_LIST_PMATCH, DetectContentData_::flags, Signature_::frame_inspect, HashListTableAdd(), HashListTableInit(), HashListTableLookup(), SigMatchData_::is_last, DetectPatternTracker::mpm, DetectEngineAppInspectionEngine_::next, DetectEnginePktInspectionEngine::next, DetectEngineFrameInspectionEngine::next, DetectEngineCtx_::pattern_hash_table, Signature_::pkt_inspect, SCCalloc, Signature_::sm_arrays, DetectEngineAppInspectionEngine_::sm_list, DetectEnginePktInspectionEngine::sm_list, DetectEngineFrameInspectionEngine::sm_list, DetectPatternTracker::sm_list, DetectEngineAppInspectionEngine_::smd, DetectEnginePktInspectionEngine::smd, DetectEngineFrameInspectionEngine::smd, and SigMatchData_::type.

Here is the call graph for this function:

◆ MpmStoreFree()

void MpmStoreFree ( DetectEngineCtx * de_ctx )

Frees the hash table - DetectEngineCtx->mpm_hash_table, allocated by MpmStoreInit() function.

Parameters

de_ctx Pointer to the detection engine context.

Definition at line 1569 of file detect-engine-mpm.c.

References de_ctx, HashListTableFree(), and DetectEngineCtx_::mpm_hash_table.

Referenced by DetectEngineCtxFree().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ MpmStoreInit()

int MpmStoreInit ( DetectEngineCtx * de_ctx )

Initializes the MpmStore mpm hash table to be used by the detection engine context.

Parameters

de_ctx Pointer to the detection engine context.

Return values

0	On success.
-1	On failure.

Definition at line 1406 of file detect-engine-mpm.c.

References de_ctx, HashListTableInit(), and DetectEngineCtx_::mpm_hash_table.

Here is the call graph for this function:

◆ MpmStorePrepareBuffer()

MpmStore * MpmStorePrepareBuffer	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	sgh,
		enum MpmBuiltinBuffers	buf
	)

Get MpmStore for a built-in buffer type.

Definition at line 1677 of file detect-engine-mpm.c.

References MpmStore_::buffer, BUG_ON, cnt, de_ctx, DETECT_SM_LIST_PMATCH, DetectEngineGetMaxSigId, MpmStore_::direction, Signature_::iid, SigGroupHead_::init, Signature_::init_data, SigGroupHeadInitData_::match_array, SignatureInitData_::mpm_sm, SignatureInitData_::mpm_sm_list, MPMB_MAX, MPMB_OTHERIP, MPMB_TCP_PKT_TC, MPMB_TCP_PKT_TS, MPMB_TCP_STREAM_TC, MPMB_TCP_STREAM_TS, MPMB_UDP_TC, MPMB_UDP_TS, SCCalloc, SCFree, MpmStore_::sgh_mpm_context, DetectEngineCtx_::sgh_mpm_context_proto_other_packet, DetectEngineCtx_::sgh_mpm_context_proto_tcp_packet, DetectEngineCtx_::sgh_mpm_context_proto_udp_packet, DetectEngineCtx_::sgh_mpm_context_stream, MpmStore_::sid_array, MpmStore_::sid_array_size, SigGroupHeadInitData_::sig_cnt, SIG_FLAG_TOCLIENT, SIG_FLAG_TOSERVER, SignatureHasPacketContent(), SignatureHasStreamContent(), and MpmStore_::sm_list.

Referenced by PatternMatchPrepareGroup().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ MpmStoreReportStats()

void MpmStoreReportStats ( const DetectEngineCtx * de_ctx )

Definition at line 1472 of file detect-engine-mpm.c.

References DetectBufferMpmRegistry_::alproto, MpmStore_::alproto, DetectEngineCtx_::app_mpms_list, DetectBufferMpmRegistry_::app_v2, AppProtoToString(), MpmStore_::buffer, DetectEngineCtx_::buffer_type_id, builtin_mpms, de_ctx, DE_QUIET, DETECT_BUFFER_MPM_TYPE_APP, DETECT_BUFFER_MPM_TYPE_FRAME, DETECT_BUFFER_MPM_TYPE_PKT, DETECT_BUFFER_MPM_TYPE_SIZE, DETECT_SM_LIST_PMATCH, DetectBufferMpmRegistry_::direction, DetectEngineCtx_::flags, DetectEngineCtx_::frame_mpms_list, HashListTableGetListData, HashListTableGetListHead(), HashListTableGetListNext, MpmCtx_::maxlen, MpmCtx_::minlen, MpmStore_::mpm_ctx, DetectEngineCtx_::mpm_hash_table, MPMB_MAX, DetectBufferMpmRegistry_::name, name, DetectBufferMpmRegistry_::next, MpmCtx_::pattern_cnt, DetectEngineCtx_::pkt_mpms_list, SCLogDebug, SCLogPerf, SIG_FLAG_TOSERVER, DetectBufferMpmRegistry_::sm_list, MpmStore_::sm_list, and DetectBufferMpmRegistry_::type.

Referenced by SigPrepareStage4().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ PatternMatchDefaultMatcher()

uint8_t PatternMatchDefaultMatcher ( void )

Function to return the multi pattern matcher algorithm to be used by the engine, based on the mpm-algo setting in yaml Use the default mpm if none is specified in the yaml file.

Return values

mpm	algo value

Definition at line 861 of file detect-engine-mpm.c.

References FatalError, mpm_default_matcher, mpm_table, MPM_TABLE_SIZE, name, SCConfGet(), and SCLogWarning.

Referenced by AppLayerProtoDetectSetup().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ PatternMatchDestroy()

void PatternMatchDestroy	(	MpmCtx *	mpm_ctx,
		uint16_t	mpm_matcher
	)

Definition at line 907 of file detect-engine-mpm.c.

References MpmTableElmt_::DestroyCtx, mpm_table, and SCLogDebug.

◆ PatternMatchPrepare()

void PatternMatchPrepare	(	MpmCtx *	,
		uint16_t
	)

◆ PatternMatchPrepareGroup()

int PatternMatchPrepareGroup	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	sh
	)

Prepare the pattern matcher ctx in a sig group head.

Definition at line 2268 of file detect-engine-mpm.c.

References de_ctx, MpmStore_::mpm_ctx, MPMB_OTHERIP, MPMB_TCP_PKT_TC, MPMB_TCP_PKT_TS, MPMB_TCP_STREAM_TC, MPMB_TCP_STREAM_TS, MPMB_UDP_TC, MPMB_UDP_TS, MpmStorePrepareBuffer(), PrefilterPktPayloadRegister(), PrefilterPktStreamRegister(), SGH_DIRECTION_TC, SGH_DIRECTION_TS, and SGH_PROTO.

Referenced by PrefilterSetupRuleGroup().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ PatternMatchThreadDestroy()

void PatternMatchThreadDestroy	(	MpmThreadCtx *	mpm_thread_ctx,
		uint16_t	mpm_matcher
	)

Definition at line 913 of file detect-engine-mpm.c.

References MpmDestroyThreadCtx(), and SCLogDebug.

Here is the call graph for this function:

◆ PatternMatchThreadPrepare()

void PatternMatchThreadPrepare	(	MpmThreadCtx *	mpm_thread_ctx,
		uint16_t	type
	)

Definition at line 918 of file detect-engine-mpm.c.

References MpmInitThreadCtx(), and SCLogDebug.

Here is the call graph for this function:

◆ PatternStrength()

uint32_t PatternStrength	(	uint8_t *	pat,
		uint16_t	patlen
	)

Predict a strength value for patterns.

Patterns with high character diversity score higher. Alpha chars score not so high Other printable + a few common codes a little higher Everything else highest. Longer patterns score better than short patters.

Parameters

pat	pattern
patlen	length of the pattern

Return values

s	pattern score

Definition at line 937 of file detect-engine-mpm.c.

◆ PrefilterGenericMpmFrameRegister()

int PrefilterGenericMpmFrameRegister	(	DetectEngineCtx *	de_ctx,
		SigGroupHead *	sgh,
		MpmCtx *	mpm_ctx,
		const DetectBufferMpmRegistry *	mpm_reg,
		int	list_id
	)

Definition at line 208 of file detect-engine-frame.c.

References DetectBufferMpmRegistry_::alproto, ALPROTO_UNKNOWN, BUG_ON, de_ctx, DetectBufferMpmRegistry_::frame_v1, FrameStreamData::list_id, PrefilterMpmFrameCtx::list_id, FrameStreamData::mpm_ctx, PrefilterMpmFrameCtx::mpm_ctx, DetectBufferMpmRegistry_::pname, PrefilterAppendFrameEngine(), SCCalloc, SCEnter, SCFree, PrefilterMpmFrameCtx::transforms, DetectBufferMpmRegistry_::transforms, and DetectBufferMpmRegistry_::type.

Referenced by DetectEngineBufferTypeRegisterWithFrameEngines().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ RetrieveFPForSig()

void RetrieveFPForSig	(	const DetectEngineCtx *	de_ctx,
		Signature *	s
	)

Definition at line 1093 of file detect-engine-mpm.c.

References Signature_::alproto, SignatureInitData_::buffer_index, SignatureInitData_::buffers, BUG_ON, DetectContentData_::content_len, de_ctx, DETECT_ABSENT, DETECT_CONTENT, DETECT_CONTENT_FAST_PATTERN, DETECT_CONTENT_NEGATED, DETECT_SM_LIST_PMATCH, DetectBufferToClient(), DetectEngineBufferTypeGetNameById(), FastPatternSupportEnabledForSigMatchList(), DetectContentData_::flags, Signature_::flags, DetectEngineCtx_::fp_support_smlist_list, g_skip_prefilter, SignatureInitDataBuffer_::head, SignatureInitDataBuffer_::id, Signature_::id, Signature_::init_data, SCFPSupportSMList_::list_id, MAX, SignatureInitData_::max_content_list_id, SignatureInitData_::mpm_sm, SCFPSupportSMList_::next, SignatureInitDataBuffer_::only_tc, SCFPSupportSMList_::priority, SCLogDebug, SIG_FLAG_TXBOTHDIR, SigMatchListSMBelongsTo(), and SignatureInitData_::smlists.

Here is the call graph for this function:

◆ SignatureHasPacketContent()

int SignatureHasPacketContent ( const Signature * s )

check if a signature has patterns that are to be inspected against a packets payload (as opposed to the stream payload)

Parameters

s signature

Return values

1	true
0	false

Definition at line 803 of file detect-engine-mpm.c.

References DETECT_SM_LIST_PMATCH, Signature_::flags, Signature_::init_data, DetectProto_::proto, Signature_::proto, SCEnter, SCLogDebug, SCReturnInt, SIG_FLAG_REQUIRE_PACKET, and SignatureInitData_::smlists.

Referenced by MpmStorePrepareBuffer().

Here is the caller graph for this function:

◆ SignatureHasStreamContent()

int SignatureHasStreamContent ( const Signature * s )

check if a signature has patterns that are to be inspected against the stream payload (as opposed to the individual packets payload(s))

Parameters

s signature

Return values

1	true
0	false

Definition at line 833 of file detect-engine-mpm.c.

References DETECT_SM_LIST_PMATCH, Signature_::flags, Signature_::init_data, DetectProto_::proto, Signature_::proto, SCEnter, SCLogDebug, SCReturnInt, SIG_FLAG_REQUIRE_STREAM, and SignatureInitData_::smlists.

Referenced by MpmStorePrepareBuffer().

Here is the caller graph for this function:

Data Structures

Typedefs

Functions

Detailed Description

Typedef Documentation

◆ PrefilterMpmListId

◆ PrefilterRegisterFunc

Function Documentation

◆ DetectAppLayerMpmMultiRegister()

◆ DetectAppLayerMpmRegister()

◆ DetectAppLayerMpmRegisterByParentId()

◆ DetectAppLayerMpmRegisterSingle()

◆ DetectBufferToClient()

◆ DetectEngineFrameMpmRegister()

◆ DetectFrameMpmRegister()

◆ DetectFrameMpmRegisterByParentId()

◆ DetectMpmInitializeAppMpms()

◆ DetectMpmInitializeBuiltinMpms()

◆ DetectMpmInitializeFrameMpms()

◆ DetectMpmInitializePktMpms()

◆ DetectMpmPrepareAppMpms()

◆ DetectMpmPrepareBuiltinMpms()

◆ DetectMpmPrepareFrameMpms()

◆ DetectMpmPreparePktMpms()

◆ DetectPktMpmRegister()

◆ DetectPktMpmRegisterByParentId()

◆ DetectSetFastPatternAndItsId()

◆ EngineAnalysisAddAllRulePatterns()

◆ MpmStoreFree()

◆ MpmStoreInit()

◆ MpmStorePrepareBuffer()

◆ MpmStoreReportStats()

◆ PatternMatchDefaultMatcher()

◆ PatternMatchDestroy()

◆ PatternMatchPrepare()

◆ PatternMatchPrepareGroup()

◆ PatternMatchThreadDestroy()

◆ PatternMatchThreadPrepare()

◆ PatternStrength()

◆ PrefilterGenericMpmFrameRegister()

◆ RetrieveFPForSig()

◆ SignatureHasPacketContent()

◆ SignatureHasStreamContent()