suricata: src/reputation.h File Reference

suricata

#include "host.h"
#include "util-radix4-tree.h"
#include "util-radix6-tree.h"

Include dependency graph for reputation.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures
struct	SRepCIDRTree_

struct	SReputation_

Macros
#define	SREP_MAX_CATS 60

#define	SREP_MAX_VAL 127

Typedefs
typedef struct SRepCIDRTree_	SRepCIDRTree

typedef struct SReputation_	SReputation

Functions
void	SRepFreeHostData (Host *h)

uint8_t	SRepCatGetByShortname (char *shortname)

int	SRepInit (struct DetectEngineCtx_ *de_ctx)
	init reputation

void	SRepDestroy (struct DetectEngineCtx_ *de_ctx)

void	SRepReloadComplete (void)
	Increment effective reputation version after a rule/reputation reload is complete.

int	SRepHostTimedOut (Host *)
	Check if a Host is timed out wrt ip rep, meaning a new version is in place.

int8_t	SRepCIDRGetIPRepSrc (SRepCIDRTree cidr_ctx, Packet p, uint8_t cat, uint32_t version)

int8_t	SRepCIDRGetIPRepDst (SRepCIDRTree cidr_ctx, Packet p, uint8_t cat, uint32_t version)

void	SRepResetVersion (void)

int	SRepLoadCatFileFromFD (FILE *fp)

int	SRepLoadFileFromFD (SRepCIDRTree cidr_ctx, FILE fp)

void	SCReputationRegisterTests (void)

Detailed Description

Author: Pablo Rincon Crespo pablo.nosp@m..rin.nosp@m.con.c.nosp@m.resp.nosp@m.o@gma.nosp@m.il.c.nosp@m.om; Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t Original Idea by Matt Jonkman

Definition in file reputation.h.

Macro Definition Documentation

◆ SREP_MAX_CATS

#define SREP_MAX_CATS 60

Definition at line 33 of file reputation.h.

◆ SREP_MAX_VAL

#define SREP_MAX_VAL 127

Definition at line 34 of file reputation.h.

Typedef Documentation

◆ SRepCIDRTree

typedef struct SRepCIDRTree_ SRepCIDRTree

◆ SReputation

typedef struct SReputation_ SReputation

Function Documentation

◆ SCReputationRegisterTests()

void SCReputationRegisterTests ( void )

Register the following unittests for the Reputation module

Definition at line 174 of file reputation.c.

References UtRegisterTest().

Here is the call graph for this function:

◆ SRepCatGetByShortname()

uint8_t SRepCatGetByShortname ( char * shortname )

Definition at line 329 of file reputation.c.

References SREP_MAX_CATS.

◆ SRepCIDRGetIPRepDst()

int8_t SRepCIDRGetIPRepDst	(	SRepCIDRTree *	cidr_ctx,
		Packet *	p,
		uint8_t	cat,
		uint32_t	version
	)

Definition at line 147 of file reputation.c.

References GET_IPV4_DST_ADDR_PTR, and GET_IPV6_DST_ADDR.

◆ SRepCIDRGetIPRepSrc()

int8_t SRepCIDRGetIPRepSrc	(	SRepCIDRTree *	cidr_ctx,
		Packet *	p,
		uint8_t	cat,
		uint32_t	version
	)

Definition at line 135 of file reputation.c.

References GET_IPV4_SRC_ADDR_PTR, and GET_IPV6_SRC_ADDR.

◆ SRepDestroy()

void SRepDestroy ( struct DetectEngineCtx_ * de_ctx )

Definition at line 649 of file reputation.c.

References de_ctx, SCFree, SCRadix4TreeRelease(), SCRadix6TreeRelease(), SRepCIDRTree_::srep_ipv4_tree, SRepCIDRTree_::srep_ipv6_tree, SREP_MAX_CATS, and DetectEngineCtx_::srepCIDR_ctx.

Referenced by DetectEngineCtxFree().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ SRepFreeHostData()

void SRepFreeHostData ( Host * h )

Definition at line 167 of file reputation.c.

References DEBUG_VALIDATE_BUG_ON, HostDecrUsecnt, Host_::iprep, SC_ATOMIC_GET, and SCFree.

Referenced by HostClearMemory(), and SRepHostTimedOut().

Here is the caller graph for this function:

◆ SRepHostTimedOut()

int SRepHostTimedOut ( Host * h )

Check if a Host is timed out wrt ip rep, meaning a new version is in place.

We clean up the old version here.

Parameters

h host

Return values

0	not timed out
1	timed out

Definition at line 193 of file reputation.c.

References BUG_ON, Host_::iprep, SCLogDebug, SRepFreeHostData(), and SReputation_::version.

Here is the call graph for this function:

◆ SRepInit()

int SRepInit ( DetectEngineCtx * de_ctx )

init reputation

Parameters

de_ctx detection engine ctx for tracking iprep version

Return values

0	ok
-1	error

If this function is called more than once, the category file is not reloaded.

Definition at line 566 of file reputation.c.

References de_ctx, DetectEngineCtx_::failure_fatal, HostPrintStats(), next, SC_ATOMIC_INIT, SCCalloc, SCConfGet(), SCConfGetNode(), SCFree, SCLogConfig, SCLogDebug, SCLogError, SCLogInfo, SCRadix4TreeInitialize(), SCRadix6TreeInitialize(), SRepCIDRTree_::srep_ipv4_tree, SRepCIDRTree_::srep_ipv6_tree, SREP_MAX_CATS, DetectEngineCtx_::srep_version, DetectEngineCtx_::srepCIDR_ctx, TAILQ_FOREACH, and SCConfNode_::val.

Here is the call graph for this function:

◆ SRepLoadCatFileFromFD()

int SRepLoadCatFileFromFD ( FILE * fp )

Definition at line 357 of file reputation.c.

References BUG_ON, Address_::family, len, SCLogDebug, SCLogError, SREP_MAX_CATS, SREP_SHORTNAME_LEN, and strlcpy().

Here is the call graph for this function:

◆ SRepLoadFileFromFD()

int SRepLoadFileFromFD	(	SRepCIDRTree *	cidr_ctx,
		FILE *	fp
	)

Definition at line 423 of file reputation.c.

References Address_::address, Address_::family, HostGetHostFromHash(), HostIncrUsecnt, HostRelease(), Host_::iprep, len, PrintInet(), SReputation_::rep, SCCalloc, SCLogDebug, SCLogDebugEnabled(), SCLogError, SREP_MAX_CATS, and SReputation_::version.

Here is the call graph for this function:

◆ SRepReloadComplete()

void SRepReloadComplete ( void )

Increment effective reputation version after a rule/reputation reload is complete.

Definition at line 161 of file reputation.c.

References SC_ATOMIC_ADD, and SCLogDebug.

◆ SRepResetVersion()

void SRepResetVersion ( void )

Definition at line 64 of file reputation.c.

src
reputation.h
Generated on Wed Jul 23 2025 10:11:05 for suricata by 1.9.8