Go to the source code of this file.
Data Structures | |
| struct | DetectTransaction_ |
| struct | PrefilterStore_ |
Typedefs | |
| typedef struct DetectTransaction_ | DetectTransaction |
| typedef struct PrefilterStore_ | PrefilterStore |
Detailed Description
Definition in file detect-engine-prefilter.h.
Typedef Documentation
◆ DetectTransaction
| typedef struct DetectTransaction_ DetectTransaction |
◆ PrefilterStore
| typedef struct PrefilterStore_ PrefilterStore |
Function Documentation
◆ DetectRunPrefilterTx()
| void DetectRunPrefilterTx | ( | DetectEngineThreadCtx * | det_ctx, |
| const SigGroupHead * | sgh, | ||
| Packet * | p, | ||
| const uint8_t | ipproto, | ||
| const uint8_t | flow_flags, | ||
| const AppProto | alproto, | ||
| void * | alstate, | ||
| DetectTransaction * | tx | ||
| ) |
run prefilter engines on a transaction
Definition at line 95 of file detect-engine-prefilter.c.
References PrefilterEngine_::alproto, AppLayerParserGetStateNameById(), AppProtoToString(), PrefilterEngine_::cb, PrefilterEngine_::ctx, DetectTransaction_::detect_progress, DetectGetInnerTx(), Packet_::flow, PrefilterEngine_::gid, PrefilterEngine_::is_last, PrefilterEngine_::is_last_for_progress, likely, next, PACKET_PROFILING_DETECT_END, PACKET_PROFILING_DETECT_START, Packet_::pcap_cnt, PrefilterEngine_::pectx, DetectEngineThreadCtx_::pmq, PREFILTER_PROFILING_END, PREFILTER_PROFILING_START, PrefilterEngine_::PrefilterTx, PROF_DETECT_PF_SORT1, PrefilterRuleStore_::rule_id_array, PrefilterRuleStore_::rule_id_array_cnt, SCLogDebug, DetectTransaction_::tx_data_ptr, SigGroupHead_::tx_engines, DetectTransaction_::tx_id, PrefilterEngine_::tx_min_progress, DetectTransaction_::tx_progress, and DetectTransaction_::tx_ptr.
◆ PostRuleMatchWorkQueueAppend()
| void PostRuleMatchWorkQueueAppend | ( | DetectEngineThreadCtx * | det_ctx, |
| const Signature * | s, | ||
| const int | type, | ||
| const uint32_t | value | ||
| ) |
Definition at line 1750 of file detect-engine-prefilter.c.
References DETECT_EVENT_POST_MATCH_QUEUE_FAILED, DetectEngineSetEvent(), Signature_::iid, PostRuleMatchWorkQueue::len, DetectEngineThreadCtx_::post_rule_work_queue, PostRuleMatchWorkQueue::q, QUEUE_STEP, SCCalloc, SCLogDebug, SCRealloc, PostRuleMatchWorkQueue::size, PostRuleMatchWorkQueueItem::sm_type, type, and PostRuleMatchWorkQueueItem::value.
Referenced by DetectFlowbitMatch().
◆ Prefilter()
| void Prefilter | ( | DetectEngineThreadCtx * | det_ctx, |
| const SigGroupHead * | sgh, | ||
| Packet * | p, | ||
| const uint8_t | flags, | ||
| const SignatureMask | mask | ||
| ) |
Definition at line 216 of file detect-engine-prefilter.c.
References Flow_::alparser, Flow_::alproto, ALPROTO_UNKNOWN, BIT_U16, PrefilterEngine_::cb, PrefilterEngine_::ctx, flags, Packet_::flags, Packet_::flow, SigGroupHead_::frame_engines, PrefilterEngine_::gid, PrefilterEngine_::hook, PrefilterEngine_::is_last, likely, PrefilterEngine_::mask, PACKET_PROFILING_DETECT_END, PACKET_PROFILING_DETECT_START, SigGroupHead_::payload_engines, Packet_::payload_len, PrefilterEngine_::pectx, PrefilterEngine_::pkt, PKT_DETECT_HAS_STREAMDATA, SigGroupHead_::pkt_engines, Packet_::pkt_hooks, PKT_NOPAYLOAD_INSPECTION, DetectEngineThreadCtx_::pmq, PrefilterEngine_::Prefilter, PREFILTER_PROFILING_END, PREFILTER_PROFILING_START, PROF_DETECT_PF_PAYLOAD, PROF_DETECT_PF_PKT, PROF_DETECT_PF_RECORD, PROF_DETECT_PF_SORT1, Packet_::proto, PrefilterRuleStore_::rule_id_array, PrefilterRuleStore_::rule_id_array_cnt, SCEnter, SCLogDebug, and SCReturn.
◆ PrefilterAppendEngine()
| int PrefilterAppendEngine | ( | DetectEngineCtx * | de_ctx, |
| SigGroupHead * | sgh, | ||
| PrefilterPktFn | PrefilterFunc, | ||
| SignatureMask | mask, | ||
| enum SignatureHookPkt | hook, | ||
| void * | pectx, | ||
| void(*)(void *pectx) | FreeFunc, | ||
| const char * | name | ||
| ) |
Definition at line 282 of file detect-engine-prefilter.c.
References BUG_ON, CLS, de_ctx, PrefilterEngineList_::Free, PrefilterEngineList_::gid, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngineList_::name, name, PrefilterEngineList_::next, PrefilterEngineList_::pectx, SigGroupHeadInitData_::pkt_engines, PrefilterEngineList_::pkt_hook, PrefilterEngineList_::pkt_mask, PrefilterEngineList_::Prefilter, and SCMallocAligned.
Referenced by PrefilterGenericMpmPktRegister().
◆ PrefilterAppendFrameEngine()
| int PrefilterAppendFrameEngine | ( | DetectEngineCtx * | de_ctx, |
| SigGroupHead * | sgh, | ||
| PrefilterFrameFn | PrefilterFrameFunc, | ||
| AppProto | alproto, | ||
| uint8_t | frame_type, | ||
| void * | pectx, | ||
| void(*)(void *pectx) | FreeFunc, | ||
| const char * | name | ||
| ) |
Definition at line 389 of file detect-engine-prefilter.c.
References PrefilterEngineList_::alproto, CLS, de_ctx, SigGroupHeadInitData_::frame_engines, PrefilterEngineList_::frame_type, PrefilterEngineList_::Free, PrefilterEngineList_::gid, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngineList_::name, name, PrefilterEngineList_::next, PrefilterEngineList_::pectx, PrefilterEngineList_::PrefilterFrame, and SCMallocAligned.
Referenced by PrefilterGenericMpmFrameRegister().
◆ PrefilterAppendPayloadEngine()
| int PrefilterAppendPayloadEngine | ( | DetectEngineCtx * | de_ctx, |
| SigGroupHead * | sgh, | ||
| PrefilterPktFn | PrefilterFunc, | ||
| void * | pectx, | ||
| void(*)(void *pectx) | FreeFunc, | ||
| const char * | name | ||
| ) |
Definition at line 320 of file detect-engine-prefilter.c.
References CLS, de_ctx, PrefilterEngineList_::Free, PrefilterEngineList_::gid, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngineList_::name, name, PrefilterEngineList_::next, SigGroupHeadInitData_::payload_engines, PrefilterEngineList_::pectx, PrefilterEngineList_::Prefilter, and SCMallocAligned.
Referenced by PrefilterPktPayloadRegister(), and PrefilterPktStreamRegister().
◆ PrefilterAppendPostRuleEngine()
| int PrefilterAppendPostRuleEngine | ( | DetectEngineCtx * | de_ctx, |
| SigGroupHead * | sgh, | ||
| void(*)(DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p, Flow *f) | PrefilterPostRuleFunc, | ||
| void * | pectx, | ||
| void(*)(void *pectx) | FreeFunc, | ||
| const char * | name | ||
| ) |
Definition at line 424 of file detect-engine-prefilter.c.
References CLS, de_ctx, PrefilterEngineList_::Free, PrefilterEngineList_::gid, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngineList_::name, name, PrefilterEngineList_::next, PrefilterEngineList_::pectx, SigGroupHeadInitData_::post_rule_match_engines, PrefilterEngineList_::PrefilterPostRule, and SCMallocAligned.
◆ PrefilterAppendTxEngine()
| int PrefilterAppendTxEngine | ( | DetectEngineCtx * | de_ctx, |
| SigGroupHead * | sgh, | ||
| PrefilterTxFn | PrefilterTxFunc, | ||
| const AppProto | alproto, | ||
| const int | tx_min_progress, | ||
| void * | pectx, | ||
| void(*)(void *pectx) | FreeFunc, | ||
| const char * | name | ||
| ) |
Definition at line 352 of file detect-engine-prefilter.c.
References PrefilterEngineList_::alproto, CLS, de_ctx, DEBUG_VALIDATE_BUG_ON, PrefilterEngineList_::Free, PrefilterEngineList_::gid, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngineList_::name, name, PrefilterEngineList_::next, PrefilterEngineList_::pectx, PrefilterEngineList_::PrefilterTx, SCMallocAligned, SigGroupHeadInitData_::tx_engines, and PrefilterEngineList_::tx_min_progress.
Referenced by PrefilterGenericMpmRegister(), PrefilterMpmFiledataRegister(), PrefilterMultiGenericMpmRegister(), and PrefilterSingleMpmRegister().
◆ PrefilterCleanupRuleGroup()
| void PrefilterCleanupRuleGroup | ( | const DetectEngineCtx * | de_ctx, |
| SigGroupHead * | sgh | ||
| ) |
Definition at line 493 of file detect-engine-prefilter.c.
References de_ctx, SigGroupHead_::frame_engines, SigGroupHead_::payload_engines, SigGroupHead_::pkt_engines, SigGroupHead_::post_rule_match_engines, and SigGroupHead_::tx_engines.
Referenced by SigGroupHeadFree().
◆ PrefilterDeinit()
| void PrefilterDeinit | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 1420 of file detect-engine-prefilter.c.
References de_ctx, HashListTableFree(), and DetectEngineCtx_::prefilter_hash_table.
◆ PrefilterFreeEnginesList()
| void PrefilterFreeEnginesList | ( | PrefilterEngineList * | list | ) |
Definition at line 465 of file detect-engine-prefilter.c.
References next, and PrefilterEngineList_::next.
Referenced by SigGroupHeadInitDataFree().
◆ PrefilterGenericMpmPktRegister()
| int PrefilterGenericMpmPktRegister | ( | DetectEngineCtx * | de_ctx, |
| SigGroupHead * | sgh, | ||
| MpmCtx * | mpm_ctx, | ||
| const DetectBufferMpmRegistry * | mpm_reg, | ||
| int | list_id | ||
| ) |
Definition at line 1727 of file detect-engine-prefilter.c.
References de_ctx, PrefilterMpmPktCtx::GetData, DetectBufferMpmRegistry_::GetData, PrefilterMpmPktCtx::list_id, PrefilterMpmPktCtx::mpm_ctx, DetectBufferMpmRegistry_::pkt_v1, DetectBufferMpmRegistry_::pname, PrefilterAppendEngine(), SCCalloc, SCEnter, SCFree, SIGNATURE_HOOK_PKT_NOT_SET, PrefilterMpmPktCtx::transforms, and DetectBufferMpmRegistry_::transforms.
Referenced by DetectIcmpv4HdrRegister(), DetectICMPv6hdrRegister(), DetectIPAddrBufferRegister(), DetectIpv4hdrRegister(), DetectIpv6hdrRegister(), DetectPktMpmRegister(), DetectTcphdrRegister(), and DetectUdphdrRegister().
◆ PrefilterGenericMpmRegister()
| int PrefilterGenericMpmRegister | ( | DetectEngineCtx * | de_ctx, |
| SigGroupHead * | sgh, | ||
| MpmCtx * | mpm_ctx, | ||
| const DetectBufferMpmRegistry * | mpm_reg, | ||
| int | list_id | ||
| ) |
Definition at line 1584 of file detect-engine-prefilter.c.
References DetectBufferMpmRegistry_::alproto, DetectBufferMpmRegistry_::app_v2, de_ctx, PrefilterMpmCtx::GetData, DetectBufferMpmRegistry_::GetData, PrefilterMpmCtx::list_id, PrefilterMpmCtx::mpm_ctx, DetectBufferMpmRegistry_::pname, PrefilterAppendTxEngine(), SCCalloc, SCEnter, SCFree, PrefilterMpmCtx::transforms, DetectBufferMpmRegistry_::transforms, and DetectBufferMpmRegistry_::tx_min_progress.
Referenced by DetectDceStubDataRegister(), DetectHttpCookieRegister(), DetectHttpHeaderNamesRegister(), DetectHttpHeaderRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpProtocolRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectHttpStartRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriRegister(), DetectIkeKeyExchangeRegister(), DetectIkeNonceRegister(), DetectIkeSpiRegister(), DetectJa4HashRegister(), DetectQuicSniRegister(), DetectQuicUaRegister(), DetectQuicVersionRegister(), DetectSipMethodRegister(), DetectSipUriRegister(), DetectSmbNamedPipeRegister(), DetectSmbNtlmsspDomainRegister(), DetectSmbNtlmsspUserRegister(), DetectSmbShareRegister(), DetectSshHasshRegister(), DetectSshHasshServerRegister(), DetectSshHasshServerStringRegister(), DetectSshHasshStringRegister(), DetectSshProtocolRegister(), DetectSshSoftwareRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), DetectTlsJa3SStringRegister(), DetectTlsJa3StringRegister(), DetectTlsRandomBytesRegister(), DetectTlsRandomRegister(), DetectTlsRandomTimeRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), DetectTlsSubjectRegister(), and SCDetectSMTPRegister().
◆ PrefilterInit()
| void PrefilterInit | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 1427 of file detect-engine-prefilter.c.
References BUG_ON, de_ctx, HashListTableInit(), and DetectEngineCtx_::prefilter_hash_table.
◆ PrefilterMultiGenericMpmRegister()
| int PrefilterMultiGenericMpmRegister | ( | DetectEngineCtx * | de_ctx, |
| SigGroupHead * | sgh, | ||
| MpmCtx * | mpm_ctx, | ||
| const DetectBufferMpmRegistry * | mpm_reg, | ||
| int | list_id | ||
| ) |
Definition at line 1658 of file detect-engine-prefilter.c.
References DetectBufferMpmRegistry_::alproto, DetectBufferMpmRegistry_::app_v2, de_ctx, PrefilterMpmListId::GetData, DetectBufferMpmRegistry_::GetMultiData, PrefilterMpmListId::list_id, PrefilterMpmListId::mpm_ctx, DetectBufferMpmRegistry_::pname, PrefilterAppendTxEngine(), SCCalloc, SCEnter, SCFree, PrefilterMpmListId::transforms, DetectBufferMpmRegistry_::transforms, and DetectBufferMpmRegistry_::tx_min_progress.
Referenced by DetectAppLayerMultiRegister().
◆ PrefilterPktNonPFStatsDump()
| void PrefilterPktNonPFStatsDump | ( | void | ) |
Definition at line 590 of file detect-engine-prefilter.c.
References SCLogDebug.
◆ PrefilterPostRuleMatch()
| void PrefilterPostRuleMatch | ( | DetectEngineThreadCtx * | det_ctx, |
| const SigGroupHead * | sgh, | ||
| Packet * | p, | ||
| Flow * | f | ||
| ) |
invoke post-rule match "prefilter" engines
Invoke prefilter engines that depend on a rule match to run. e.g. the flowbits:set prefilter that adds sids that depend on a flowbit "set" to the match array.
Definition at line 193 of file detect-engine-prefilter.c.
References PrefilterEngine_::cb, PrefilterEngine_::gid, PrefilterEngine_::is_last, PrefilterEngine_::pectx, DetectEngineThreadCtx_::pmq, SigGroupHead_::post_rule_match_engines, PREFILTER_PROFILING_END, PREFILTER_PROFILING_START, PrefilterEngine_::PrefilterPostRule, PrefilterRuleStore_::rule_id_array, PrefilterRuleStore_::rule_id_array_cnt, and SCLogDebug.
◆ PrefilterSetupRuleGroup()
| int PrefilterSetupRuleGroup | ( | DetectEngineCtx * | de_ctx, |
| SigGroupHead * | sgh | ||
| ) |
Definition at line 1176 of file detect-engine-prefilter.c.
References PrefilterEngineList_::alproto, PrefilterEngine_::alproto, ALPROTO_FAILED, AppProtoToString(), BUG_ON, PrefilterEngine_::cb, CLS, cnt, PrefilterEngine_::ctx, de_ctx, DETECT_PREFILTER_AUTO, DETECT_TBLSIZE, FatalError, SigGroupHeadInitData_::frame_engines, SigGroupHead_::frame_engines, PrefilterEngineList_::frame_type, PrefilterEngine_::frame_type, g_alproto_max, PrefilterEngineList_::gid, PrefilterEngine_::gid, PrefilterEngine_::hook, PrefilterEngineList_::id, SigGroupHead_::init, PrefilterEngine_::is_last, PrefilterEngine_::is_last_for_progress, PrefilterEngine_::local_id, PrefilterEngine_::mask, PrefilterEngineList_::next, PatternMatchPrepareGroup(), SigGroupHeadInitData_::payload_engines, SigGroupHead_::payload_engines, PrefilterEngineList_::pectx, PrefilterEngine_::pectx, PrefilterEngine_::pkt, SigGroupHeadInitData_::pkt_engines, SigGroupHead_::pkt_engines, PrefilterEngineList_::pkt_hook, PrefilterEngineList_::pkt_mask, SigGroupHeadInitData_::post_rule_match_engines, SigGroupHead_::post_rule_match_engines, PrefilterEngineList_::Prefilter, PrefilterEngine_::Prefilter, DetectEngineCtx_::prefilter_setting, PrefilterEngineList_::PrefilterFrame, PrefilterEngine_::PrefilterFrame, PrefilterEngineList_::PrefilterPostRule, PrefilterEngine_::PrefilterPostRule, PrefilterEngineList_::PrefilterTx, PrefilterEngine_::PrefilterTx, SCLogDebug, SCMallocAligned, SigTableElmt_::SetupPrefilter, sigmatch_table, DetectEngineCtx_::sm_types_prefilter, SigGroupHeadInitData_::tx_engines, SigGroupHead_::tx_engines, PrefilterEngineList_::tx_min_progress, and PrefilterEngine_::tx_min_progress.
Referenced by SigPrepareStage4().
◆ PrefilterSingleMpmRegister()
| int PrefilterSingleMpmRegister | ( | DetectEngineCtx * | de_ctx, |
| SigGroupHead * | sgh, | ||
| MpmCtx * | mpm_ctx, | ||
| const DetectBufferMpmRegistry * | mpm_reg, | ||
| int | list_id | ||
| ) |
Definition at line 1605 of file detect-engine-prefilter.c.
References DetectBufferMpmRegistry_::alproto, DetectBufferMpmRegistry_::app_v2, de_ctx, PrefilterMpmCtx::GetDataSingle, DetectBufferMpmRegistry_::GetDataSingle, PrefilterMpmCtx::list_id, PrefilterMpmCtx::mpm_ctx, DetectBufferMpmRegistry_::pname, PrefilterAppendTxEngine(), SCCalloc, SCEnter, SCFree, PrefilterMpmCtx::transforms, DetectBufferMpmRegistry_::transforms, and DetectBufferMpmRegistry_::tx_min_progress.
Referenced by SCDetectHelperBufferMpmRegister().
◆ PrefilterStoreGetName()
| const char * PrefilterStoreGetName | ( | const uint32_t | id | ) |
Definition at line 1492 of file detect-engine-prefilter.c.
