You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
suricata/doc/userguide/devguide/extending/detect/index.rst

41 lines
1.1 KiB
ReStructuredText

Detection
#########
Rate Filter Callback
********************
A callback can be registered for any signature hit whose action has
been modified by the rate filter. This allows for the user to modify
the action, if needed using their own custom logic.
For an example, see ``examples/lib/custom/main.c`` in the Suricata
source code.
The Callback
============
The callback function will be called with the packet, signature
details (sid, gid, rev), original action, the new action, and a user
provided argument. It will only be called if the Suricata rate filter
modified the action:
.. literalinclude:: ../../../../../src/detect.h
:language: c
:start-at: * \brief Function type for rate filter callback.
:end-at: );
:prepend: /**
Callback Registration
=====================
To register the rate filter callback, use the
``SCDetectEngineRegisterRateFilterCallback`` function with your
callback and a user provided argument which will be provided to the
callback.
.. literalinclude:: ../../../../../src/detect.h
:language: c
:start-at: * \brief Register a callback when a rate_filter
:end-at: );
:prepend: /**