Go to the documentation of this file.
36 if (direction & STREAM_TOSERVER) {
40 if (direction & STREAM_TOCLIENT) {
50 if (direction & STREAM_TOSERVER) {
56 if (direction & STREAM_TOCLIENT) {
69 if (direction & STREAM_TOSERVER) {
72 if (direction & STREAM_TOCLIENT) {
106 if (keyword_id < 0) {
121 return (uint16_t)keyword_id;
132 if (transform_id < 0) {
144 const uint8_t *content, uint16_t content_len,
void *context))kw->
TransformValidate;
149 (void (*)(
const uint8_t **id_data, uint32_t *length,
void *context))kw->
TransformId;
int(* AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)
function callback to match on an app-layer transaction
const char * url
keyword documentation url
const char * name
keyword name
SigTableElmt * sigmatch_table
int SCDetectHelperNewKeywordId(void)
void(* Free)(DetectEngineCtx *, void *)
uint8_t DetectEngineInspectBufferSingle(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
void DetectAppLayerInspectEngineRegisterSingle(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr Callback, InspectionSingleBufferGetDataPtr GetData)
int PrefilterSingleMpmRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, const DetectBufferMpmRegistry *mpm_reg, int list_id)
main detection engine ctx
int SCDetectHelperMultiBufferProgressMpmRegister(const char *name, const char *desc, AppProto alproto, uint8_t direction, InspectionMultiBufferGetDataPtr GetData, int progress)
void DetectBufferTypeSupportsMultiInstance(const char *name)
void SCDetectHelperKeywordAliasRegister(uint16_t kwid, const char *alias)
DetectEngineThreadCtx * det_ctx
int(* AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)
int SCDetectHelperBufferMpmRegister(const char *name, const char *desc, AppProto alproto, uint8_t direction, InspectionSingleBufferGetDataPtr GetData)
const char * desc
keyword description
#define SIG_FLAG_TOCLIENT
element in sigmatch type table.
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
int SCDetectHelperBufferRegister(const char *name, AppProto alproto, uint8_t direction)
int DetectBufferTypeGetByName(const char *name)
App-layer light version of SigTableElmt.
#define SIG_FLAG_TOSERVER
bool(* TransformValidate)(const uint8_t *content, uint16_t content_len, void *context)
int SCDetectHelperTransformRegister(const SCTransformTableElmt *kw)
bool(* InspectionSingleBufferGetDataPtr)(const void *txv, const uint8_t flow_flags, const uint8_t **buf, uint32_t *buf_len)
void(* Free)(DetectEngineCtx *, void *)
function callback to free structure allocated by setup if any
uint16_t SCDetectHelperKeywordRegister(const SCSigTableAppLiteElmt *kw)
bool(* InspectionMultiBufferGetDataPtr)(struct DetectEngineThreadCtx_ *det_ctx, const void *txv, const uint8_t flow_flags, uint32_t local_id, const uint8_t **buf, uint32_t *buf_len)
#define SCRealloc(ptr, sz)
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
int DetectBufferTypeRegister(const char *name)
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
function callback to parse and setup keyword in rule
void DetectAppLayerMpmRegisterSingle(const char *name, int direction, int priority, PrefilterRegisterFunc PrefilterRegister, InspectionSingleBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress)
#define DETECT_TBLSIZE_STEP
int SCDetectHelperMultiBufferMpmRegister(const char *name, const char *desc, AppProto alproto, uint8_t direction, InspectionMultiBufferGetDataPtr GetData)
uint8_t DetectEngineInspectGenericList(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
uint16_t flags
flags SIGMATCH_*
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr Callback, InspectionBufferGetDataPtr GetData)
Registers an app inspection engine.
void DetectBufferTypeSetDescriptionByName(const char *name, const char *desc)
void DetectAppLayerMultiRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectionMultiBufferGetDataPtr GetData, int priority)
void(* Transform)(DetectEngineThreadCtx *, InspectionBuffer *, void *context)
void(* TransformId)(const uint8_t **data, uint32_t *length, void *context)