#include "decode.h"#include "rules.h"#include "parser.h"#include "log.h"#include "event.h"Go to the source code of this file.
|
||||||||||||||||
|
Definition at line 1466 of file detect.c. References _OptTreeNode::activation_counter, active_dynamic_nodes, _RuleTreeNode::active_flag, _OptTreeNode::active_flag, CallAlertFuncs(), CallLogFuncs(), _RuleTreeNode::countdown, _OptTreeNode::countdown, DEBUG_DETECT, DEBUG_WRAP, _RuleTreeNode::listhead, LogMessage(), _SigInfo::message, NULL, _OptTreeNode::OTN_activation_ptr, _OptTreeNode::rtn, _OptTreeNode::RTN_activation_ptr, and _OptTreeNode::sigInfo. Referenced by fpLogEvent(). |
|
||||||||||||||||
|
Definition at line 1498 of file detect.c. References CallAlertFuncs(), CallLogFuncs(), CallSigOutputFuncs(), DEBUG_DETECT, DEBUG_WRAP, _RuleTreeNode::listhead, _SigInfo::message, _OptTreeNode::outputFuncs, _OptTreeNode::rtn, and _OptTreeNode::sigInfo. Referenced by fpLogEvent(). |
|
||||||||||||||||||||
|
Definition at line 343 of file detect.c. References _PacketCount::alert_pkts, _ListHead::AlertList, _OutputFuncNode::arg, CallAlertPlugins(), event_id, _Event::event_id, _progvars::event_log_id, _Event::event_reference, _OutputFuncNode::func, _OutputFuncNode::next, NULL, ObfuscatePacket(), _progvars::obfuscation_flag, pc, pv, _Event::ref_time, sfthreshold_test(), _Event::sig_generator, and _Event::sig_id. Referenced by ActivateAction(), AlertAction(), AlertIntermediateInfo(), DropAction(), GenerateSnortEvent(), PortscanPreprocFunction(), and SAlert(). |
|
||||||||||||||||||||
|
Definition at line 416 of file detect.c. References _PacketCount::alert_pkts, _OutputFuncNode::arg, DEBUG_DETECT, DEBUG_WRAP, _OutputFuncNode::func, _OutputFuncNode::next, NULL, ObfuscatePacket(), _progvars::obfuscation_flag, pc, and pv. Referenced by CallAlertFuncs(). |
|
||||||||||||||||||||
|
Definition at line 229 of file detect.c. References _OutputFuncNode::arg, CallLogPlugins(), event_id, _Event::event_id, _progvars::event_log_id, _OutputFuncNode::func, _IPHdr::ip_dst, _IPHdr::ip_src, _Packet::iph, _PacketCount::log_pkts, _ListHead::LogList, _OutputFuncNode::next, NULL, ObfuscatePacket(), _progvars::obfuscation_flag, pc, _Packet::pkth, pv, _Event::ref_time, sfthreshold_test(), _Event::sig_generator, _Event::sig_id, and pcap_pkthdr::ts. Referenced by ActivateAction(), AlertAction(), CheckTagging(), DropAction(), DynamicAction(), GenerateOpenPortEvent(), GenerateSnortEvent(), LogAction(), and LogTagData(). |
|
||||||||||||||||||||
|
Definition at line 302 of file detect.c. References _OutputFuncNode::arg, _OutputFuncNode::func, _PacketCount::log_pkts, _OutputFuncNode::next, NULL, ObfuscatePacket(), _progvars::obfuscation_flag, pc, and pv. Referenced by CallLogFuncs(), and ProcessPacket(). |
|
|
|
|
||||||||||||||||||||||||||||
|
|
|
||||||||||||||||
|
Definition at line 829 of file detect.c. References CHECK_DST, CHECK_SRC, CheckAddrPort(), DEBUG_DETECT, DEBUG_WRAP, _RuleTreeNode::dip, _RuleTreeNode::flags, _RuleTreeNode::hdp, _RuleTreeNode::hsp, INVERSE, _RuleTreeNode::ldp, _RuleTreeNode::lsp, and _RuleTreeNode::sip. Referenced by SetupRTNFuncList(). |
|
||||||||||||||||
|
Definition at line 1039 of file detect.c. References _IpAddrSet::addr_flags, DEBUG_DETECT, DEBUG_WRAP, _RuleTreeNode::dip, EXCEPT_DST_IP, EXCEPT_IP, _RuleTreeNode::flags, _IpAddrSet::ip_addr, _IPHdr::ip_dst, _IPHdr::ip_src, _Packet::iph, _IpAddrSet::netmask, _RuleFpList::next, _IpAddrSet::next, NULL, and _RuleFpList::RuleHeadFunc. Referenced by AddrToFunc(). |
|
||||||||||||||||
|
Definition at line 1115 of file detect.c. References DEBUG_DETECT, DEBUG_WRAP, _RuleTreeNode::dip, _IpAddrSet::ip_addr, _IPHdr::ip_dst, _Packet::iph, _IpAddrSet::netmask, _RuleFpList::next, _IpAddrSet::next, NULL, and _RuleFpList::RuleHeadFunc. |
|
||||||||||||||||
|
Definition at line 1183 of file detect.c. References DEBUG_DETECT, DEBUG_WRAP, _Packet::dp, _RuleTreeNode::hdp, _RuleTreeNode::ldp, _RuleFpList::next, and _RuleFpList::RuleHeadFunc. Referenced by PortToFunc(). |
|
||||||||||||||||
|
Definition at line 1203 of file detect.c. References DEBUG_DETECT, DEBUG_WRAP, _Packet::dp, _RuleTreeNode::hdp, _RuleTreeNode::ldp, _RuleFpList::next, and _RuleFpList::RuleHeadFunc. Referenced by PortToFunc(). |
|
||||||||||||||||
|
Definition at line 923 of file detect.c. References _IpAddrSet::addr_flags, DEBUG_DETECT, DEBUG_WRAP, EXCEPT_IP, EXCEPT_SRC_IP, _RuleTreeNode::flags, _IpAddrSet::ip_addr, _IPHdr::ip_src, _Packet::iph, _IpAddrSet::netmask, _RuleFpList::next, _IpAddrSet::next, NULL, _RuleFpList::RuleHeadFunc, and _RuleTreeNode::sip. Referenced by AddrToFunc(). |
|
||||||||||||||||
|
Definition at line 1001 of file detect.c. References DEBUG_DETECT, DEBUG_WRAP, _IpAddrSet::ip_addr, _IPHdr::ip_src, _Packet::iph, _IpAddrSet::netmask, _RuleFpList::next, _IpAddrSet::next, NULL, _RuleFpList::RuleHeadFunc, and _RuleTreeNode::sip. |
|
||||||||||||||||
|
Definition at line 1139 of file detect.c. References DEBUG_DETECT, DEBUG_WRAP, _RuleTreeNode::hsp, _RuleTreeNode::lsp, _RuleFpList::next, _RuleFpList::RuleHeadFunc, and _Packet::sp. Referenced by PortToFunc(). |
|
||||||||||||||||
|
Definition at line 1161 of file detect.c. References DEBUG_DETECT, DEBUG_WRAP, _RuleTreeNode::hsp, _RuleTreeNode::lsp, _RuleFpList::next, _RuleFpList::RuleHeadFunc, and _Packet::sp. Referenced by PortToFunc(). |
|
|
Definition at line 450 of file detect.c. References fpEvalPacket(), and NULL. Referenced by Preprocess(), and SnortHttpInspect(). |
|
|
Definition at line 65 of file detect.h. References do_detect, and _Packet::preprocessors. Referenced by Frag2Defrag(), InsertFrag(), and ReassembleStream4(). |
|
||||||||||||||||
|
Definition at line 1532 of file detect.c. References CallAlertFuncs(), CallLogFuncs(), DEBUG_DETECT, DEBUG_WRAP, InlineDrop(), _RuleTreeNode::listhead, _SigInfo::message, _Stream4Data::ms_inline_alerts, _Packet::packet_flags, PKT_INLINE_DROP, _OptTreeNode::rtn, _Session::session_flags, _OptTreeNode::sigInfo, SSNFLAG_MIDSTREAM, and _Packet::ssnptr. Referenced by fpLogEvent(). |
|
||||||||||||||||
|
Definition at line 1730 of file detect.c. References active_dynamic_nodes, _RuleTreeNode::active_flag, _OptTreeNode::active_flag, CallLogFuncs(), _OptTreeNode::countdown, _RuleTreeNode::countdown, DEBUG_DETECT, DEBUG_WRAP, _RuleTreeNode::listhead, _SigInfo::message, _OptTreeNode::rtn, and _OptTreeNode::sigInfo. Referenced by fpLogEvent(). |
|
||||||||||||||||
|
|
|
||||||||||||
|
|
|
||||||||||||||||
|
|
|
||||||||||||||||
|
Definition at line 1760 of file detect.c. References CallLogFuncs(), DEBUG_DETECT, DEBUG_WRAP, _RuleTreeNode::listhead, _SigInfo::message, _OptTreeNode::rtn, and _OptTreeNode::sigInfo. Referenced by fpLogEvent(). |
|
|
Definition at line 1776 of file detect.c. References _progvars::homenet, _IPHdr::ip_dst, _IPHdr::ip_src, _Packet::iph, _progvars::netmask, _progvars::obfuscation_mask, _progvars::obfuscation_net, _Packet::packet_flags, PKT_OBFUSCATED, and pv. Referenced by CallAlertFuncs(), CallAlertPlugins(), CallLogFuncs(), CallLogPlugins(), and CallSigOutputFuncs(). |
|
||||||||||||||||
|
Definition at line 1229 of file detect.c. Referenced by ParseRuleOptions(). |
|
|
Definition at line 1456 of file detect.c. References DEBUG_DETECT, DEBUG_WRAP, _PacketCount::pass_pkts, and pc. Referenced by fpLogEvent(). |
|
|
See if we should go ahead and remove this flow from the flow_preprocessor -- cmg Definition at line 107 of file detect.c. References AlertFlushStream(), _Packet::bytes_to_inspect, check_tags_flag, CheckFlowShutdown(), CheckTagging(), _PreprocessFuncNode::context, _Packet::csum_flags, DEBUG_DETECT, DEBUG_WRAP, _HttpUri::decode_flags, Detect(), do_detect, _Packet::dsize, _PreprocessFuncNode::func, _PreprocessFuncNode::next, NULL, PP_ALL, _Packet::preprocessors, SnortEventqLog(), SnortEventqReset(), _Packet::ssnptr, and _Packet::uri_count. Referenced by FlushStream(), and ProcessPacket(). |
|
||||||||||||||||
|
Definition at line 1223 of file detect.c. Referenced by SetupRTNFuncList(). |
|
||||||||||||
|
Definition at line 470 of file detect.c. References DEBUG_DETECT, DEBUG_WRAP, _RspFpList::next, NULL, _RspFpList::ResponseFunc, and _OptTreeNode::rsp_func. Referenced by fpLogEvent(). |
|
|
|
1.4.2