Datasets
========
+.. warning:: This is an experimental feature. Syntax and functionality may
+ change in future releases.
+
Using the ``dataset`` and ``datarep`` keyword it is possible to match on
large amounts of data against any sticky buffer.
SCMutex sets_lock = SCMUTEX_INITIALIZER;
static Dataset *sets = NULL;
static uint32_t set_ids = 0;
+static bool experimental_warning = false;
static int DatasetAddwRep(Dataset *set, const uint8_t *data, const uint32_t data_len,
DataRepType *rep);
}
SCMutexLock(&sets_lock);
+ if (!experimental_warning) {
+ SCLogNotice("dataset and datarep features are experimental and subject to change");
+ experimental_warning = true;
+ }
Dataset *set = DatasetSearchByName(name);
if (set) {
if (type != DATASET_TYPE_NOTSET && set->type != type) {
void DetectDatarepRegister (void)
{
sigmatch_table[DETECT_DATAREP].name = "datarep";
- sigmatch_table[DETECT_DATAREP].desc = "operate on datasets";
+ sigmatch_table[DETECT_DATAREP].desc = "operate on datasets (experimental)";
sigmatch_table[DETECT_DATAREP].url = DOC_URL DOC_VERSION "/rules/dataset-keywords.html#datarep";
sigmatch_table[DETECT_DATAREP].Setup = DetectDatarepSetup;
sigmatch_table[DETECT_DATAREP].Free = DetectDatarepFree;
void DetectDatasetRegister (void)
{
sigmatch_table[DETECT_DATASET].name = "dataset";
- sigmatch_table[DETECT_DATASET].desc = "match sticky buffer against datasets";
+ sigmatch_table[DETECT_DATASET].desc = "match sticky buffer against datasets (experimental)";
sigmatch_table[DETECT_DATASET].url = DOC_URL DOC_VERSION "/rules/dataset-keywords.html#dataset";
sigmatch_table[DETECT_DATASET].Setup = DetectDatasetSetup;
sigmatch_table[DETECT_DATASET].Free = DetectDatasetFree;
projects / thirdparty / suricata.git / commitdiff
