From b055a21d6376bc8c9907a95a1d90b25d7558e825 Mon Sep 17 00:00:00 2001 From: Eric Leblond Date: Sun, 9 Oct 2011 20:23:23 +0200 Subject: [PATCH] doc: create doxygen group for state detection. --- src/detect-engine-state.c | 29 +++++++++++++++++++++++++++++ src/detect-engine-state.h | 9 +++++++++ 2 files changed, 38 insertions(+) diff --git a/src/detect-engine-state.c b/src/detect-engine-state.c index 22782a0d69..c6de7452a0 100644 --- a/src/detect-engine-state.c +++ b/src/detect-engine-state.c @@ -15,10 +15,36 @@ * 02110-1301, USA. */ +/** + * \defgroup sigstate State support + * + * It is possible to do matching on reconstructed applicative flow. + * This is done by this code. It uses the ::Flow structure to store + * the list of signatures to match on the reconstructed stream. + * + * The Flow::de_state is a ::DetectEngineState structure. This is + * basically a containter for storage item of type ::DeStateStore. + * They contains an array of ::DeStateStoreItem which store the + * state of match for an individual signature identified by + * DeStateStoreItem::sid. + * + * The state is constructed by DeStateDetectStartDetection() which + * also starts the matching. Work is continued by + * DeStateDetectContinueDetection(). + * + * Once a transaction has been analysed DeStateRestartDetection() + * is used to reset the structures. + * + * @{ + */ + /** * \file * * \author Victor Julien + * + * \brief State based signature handling + * */ #include "suricata-common.h" @@ -1253,3 +1279,6 @@ void DeStateRegisterTests(void) { #endif } +/** + * @} + */ diff --git a/src/detect-engine-state.h b/src/detect-engine-state.h index d25d9ceeaf..8de5d6232c 100644 --- a/src/detect-engine-state.h +++ b/src/detect-engine-state.h @@ -15,6 +15,12 @@ * 02110-1301, USA. */ +/** + * \ingroup sigstate + * + * @{ + */ + /** * \file * @@ -122,3 +128,6 @@ int DeStateUpdateInspectTransactionId(Flow *, char); #endif /* __DETECT_ENGINE_STATE_H__ */ +/** + * @} + */