suricata
detect-engine-register.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2017 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #include "detect-smb-ntlmssp.h"
25 #include "suricata-common.h"
26 #include "suricata.h"
27 #include "detect.h"
28 #include "flow.h"
29 #include "flow-private.h"
30 #include "flow-bit.h"
31 
32 #include "detect-parse.h"
33 #include "detect-engine.h"
34 #include "detect-engine-profile.h"
35 
36 #include "detect-engine-alert.h"
37 #include "detect-engine-siggroup.h"
38 #include "detect-engine-address.h"
39 #include "detect-engine-proto.h"
40 #include "detect-engine-port.h"
41 #include "detect-engine-mpm.h"
42 #include "detect-engine-iponly.h"
43 #include "detect-engine-threshold.h"
44 #include "detect-engine-prefilter.h"
45 
46 #include "detect-engine-payload.h"
47 #include "detect-engine-dcepayload.h"
48 #include "detect-dns-opcode.h"
49 #include "detect-dns-query.h"
50 #include "detect-tls-sni.h"
51 #include "detect-tls-certs.h"
52 #include "detect-tls-cert-fingerprint.h"
53 #include "detect-tls-cert-issuer.h"
54 #include "detect-tls-cert-subject.h"
55 #include "detect-tls-cert-serial.h"
56 #include "detect-tls-random.h"
57 #include "detect-tls-ja3-hash.h"
58 #include "detect-tls-ja3-string.h"
59 #include "detect-tls-ja3s-hash.h"
60 #include "detect-tls-ja3s-string.h"
61 #include "detect-engine-state.h"
62 #include "detect-engine-analyzer.h"
63 
64 #include "detect-http-cookie.h"
65 #include "detect-http-method.h"
66 #include "detect-http-ua.h"
67 #include "detect-http-host.h"
68 
69 #include "detect-mark.h"
70 #include "detect-nfs-procedure.h"
71 #include "detect-nfs-version.h"
72 
73 #include "detect-engine-event.h"
74 #include "decode.h"
75 
76 #include "detect-config.h"
77 
78 #include "detect-smb-share.h"
79 
80 #include "detect-base64-decode.h"
81 #include "detect-base64-data.h"
82 #include "detect-ipaddr.h"
83 #include "detect-ipopts.h"
84 #include "detect-tcp-flags.h"
85 #include "detect-fragbits.h"
86 #include "detect-fragoffset.h"
87 #include "detect-gid.h"
88 #include "detect-tcp-ack.h"
89 #include "detect-tcp-seq.h"
90 #include "detect-content.h"
91 #include "detect-uricontent.h"
92 #include "detect-pcre.h"
93 #include "detect-depth.h"
94 #include "detect-nocase.h"
95 #include "detect-rawbytes.h"
96 #include "detect-bytetest.h"
97 #include "detect-bytemath.h"
98 #include "detect-bytejump.h"
99 #include "detect-sameip.h"
100 #include "detect-l3proto.h"
101 #include "detect-ipproto.h"
102 #include "detect-within.h"
103 #include "detect-distance.h"
104 #include "detect-offset.h"
105 #include "detect-sid.h"
106 #include "detect-prefilter.h"
107 #include "detect-priority.h"
108 #include "detect-classtype.h"
109 #include "detect-reference.h"
110 #include "detect-tag.h"
111 #include "detect-threshold.h"
112 #include "detect-metadata.h"
113 #include "detect-msg.h"
114 #include "detect-rev.h"
115 #include "detect-flow.h"
116 #include "detect-flow-age.h"
117 #include "detect-tcp-window.h"
118 #include "detect-ftpbounce.h"
119 #include "detect-isdataat.h"
120 #include "detect-id.h"
121 #include "detect-rpc.h"
122 #include "detect-asn1.h"
123 #include "detect-filename.h"
124 #include "detect-fileext.h"
125 #include "detect-filestore.h"
126 #include "detect-filemagic.h"
127 #include "detect-filemd5.h"
128 #include "detect-filesha1.h"
129 #include "detect-filesha256.h"
130 #include "detect-filesize.h"
131 #include "detect-dataset.h"
132 #include "detect-datarep.h"
133 #include "detect-dsize.h"
134 #include "detect-flowvar.h"
135 #include "detect-flowint.h"
136 #include "detect-pktvar.h"
137 #include "detect-noalert.h"
138 #include "detect-flowbits.h"
139 #include "detect-hostbits.h"
140 #include "detect-xbits.h"
141 #include "detect-csum.h"
142 #include "detect-stream_size.h"
143 #include "detect-engine-sigorder.h"
144 #include "detect-ttl.h"
145 #include "detect-fast-pattern.h"
146 #include "detect-itype.h"
147 #include "detect-icode.h"
148 #include "detect-icmp-id.h"
149 #include "detect-icmp-seq.h"
150 #include "detect-icmpv4hdr.h"
151 #include "detect-dce-iface.h"
152 #include "detect-dce-opnum.h"
153 #include "detect-dce-stub-data.h"
154 #include "detect-urilen.h"
155 #include "detect-bsize.h"
156 #include "detect-detection-filter.h"
157 #include "detect-http-client-body.h"
158 #include "detect-http-server-body.h"
159 #include "detect-http-header.h"
160 #include "detect-http-header-names.h"
161 #include "detect-http-headers.h"
162 #include "detect-http-raw-header.h"
163 #include "detect-http-uri.h"
164 #include "detect-http-protocol.h"
165 #include "detect-http-start.h"
166 #include "detect-http-stat-msg.h"
167 #include "detect-http-request-line.h"
168 #include "detect-http-response-line.h"
169 #include "detect-http2.h"
170 #include "detect-byte-extract.h"
171 #include "detect-file-data.h"
172 #include "detect-pkt-data.h"
173 #include "detect-replace.h"
174 #include "detect-tos.h"
175 #include "detect-app-layer-event.h"
176 #include "detect-lua.h"
177 #include "detect-iprep.h"
178 #include "detect-geoip.h"
179 #include "detect-app-layer-protocol.h"
180 #include "detect-template.h"
181 #include "detect-template2.h"
182 #include "detect-tcphdr.h"
183 #include "detect-tcpmss.h"
184 #include "detect-udphdr.h"
185 #include "detect-icmpv6hdr.h"
186 #include "detect-icmpv6-mtu.h"
187 #include "detect-ipv4hdr.h"
188 #include "detect-ipv6hdr.h"
189 #include "detect-krb5-cname.h"
190 #include "detect-krb5-errcode.h"
191 #include "detect-krb5-msgtype.h"
192 #include "detect-krb5-sname.h"
193 #include "detect-krb5-ticket-encryption.h"
194 #include "detect-sip-method.h"
195 #include "detect-sip-uri.h"
196 #include "detect-sip-protocol.h"
197 #include "detect-sip-stat-code.h"
198 #include "detect-sip-stat-msg.h"
199 #include "detect-sip-request-line.h"
200 #include "detect-sip-response-line.h"
201 #include "detect-rfb-secresult.h"
202 #include "detect-rfb-sectype.h"
203 #include "detect-rfb-name.h"
204 #include "detect-target.h"
205 #include "detect-template-rust-buffer.h"
206 #include "detect-dhcp-leasetime.h"
207 #include "detect-dhcp-rebinding-time.h"
208 #include "detect-dhcp-renewal-time.h"
209 #include "detect-snmp-usm.h"
210 #include "detect-snmp-version.h"
211 #include "detect-snmp-community.h"
212 #include "detect-snmp-pdu_type.h"
213 #include "detect-mqtt-type.h"
214 #include "detect-mqtt-flags.h"
215 #include "detect-mqtt-qos.h"
216 #include "detect-mqtt-protocol-version.h"
217 #include "detect-mqtt-reason-code.h"
218 #include "detect-mqtt-connect-flags.h"
219 #include "detect-mqtt-connect-clientid.h"
220 #include "detect-mqtt-connect-username.h"
221 #include "detect-mqtt-connect-password.h"
222 #include "detect-mqtt-connect-willtopic.h"
223 #include "detect-mqtt-connect-willmessage.h"
224 #include "detect-mqtt-connack-sessionpresent.h"
225 #include "detect-mqtt-publish-topic.h"
226 #include "detect-mqtt-publish-message.h"
227 #include "detect-mqtt-subscribe-topic.h"
228 #include "detect-mqtt-unsubscribe-topic.h"
229 #include "detect-quic-sni.h"
230 #include "detect-quic-ua.h"
231 #include "detect-quic-version.h"
232 #include "detect-quic-cyu-hash.h"
233 #include "detect-quic-cyu-string.h"
234 
235 #include "detect-template-buffer.h"
236 #include "detect-bypass.h"
237 #include "detect-ftpdata.h"
238 #include "detect-engine-content-inspection.h"
239 
240 #include "detect-transform-compress-whitespace.h"
241 #include "detect-transform-strip-whitespace.h"
242 #include "detect-transform-md5.h"
243 #include "detect-transform-sha1.h"
244 #include "detect-transform-sha256.h"
245 #include "detect-transform-dotprefix.h"
246 #include "detect-transform-pcrexform.h"
247 #include "detect-transform-urldecode.h"
248 #include "detect-transform-xor.h"
249 
250 #include "util-rule-vars.h"
251 
252 #include "app-layer.h"
253 #include "app-layer-protos.h"
254 #include "app-layer-htp.h"
255 #include "app-layer-smtp.h"
256 #include "app-layer-template.h"
257 #include "detect-frame.h"
258 #include "detect-tls.h"
259 #include "detect-tls-cert-validity.h"
260 #include "detect-tls-version.h"
261 #include "detect-ssh-proto.h"
262 #include "detect-ssh-proto-version.h"
263 #include "detect-ssh-software.h"
264 #include "detect-ssh-software-version.h"
265 #include "detect-ssh-hassh.h"
266 #include "detect-ssh-hassh-server.h"
267 #include "detect-ssh-hassh-string.h"
268 #include "detect-ssh-hassh-server-string.h"
269 #include "detect-http-stat-code.h"
270 #include "detect-ssl-version.h"
271 #include "detect-ssl-state.h"
272 #include "detect-modbus.h"
273 #include "detect-cipservice.h"
274 #include "detect-dnp3.h"
275 #include "detect-ike-exch-type.h"
276 #include "detect-ike-spi.h"
277 #include "detect-ike-vendor.h"
278 #include "detect-ike-chosen-sa.h"
279 #include "detect-ike-key-exchange-payload-length.h"
280 #include "detect-ike-nonce-payload-length.h"
281 #include "detect-ike-nonce-payload.h"
282 #include "detect-ike-key-exchange-payload.h"
283 
284 #include "action-globals.h"
285 #include "tm-threads.h"
286 
287 #include "pkt-var.h"
288 
289 #include "conf.h"
290 #include "conf-yaml-loader.h"
291 
292 #include "stream-tcp.h"
293 #include "stream-tcp-inline.h"
294 
295 #include "util-lua.h"
296 #include "util-var-name.h"
297 #include "util-classification-config.h"
298 #include "util-threshold-config.h"
299 #include "util-print.h"
300 #include "util-unittest.h"
301 #include "util-unittest-helper.h"
302 #include "util-debug.h"
303 #include "util-hashlist.h"
304 #include "util-privs.h"
305 #include "util-profiling.h"
306 #include "util-validate.h"
307 #include "util-optimize.h"
308 #include "util-path.h"
309 #include "util-mpm-ac.h"
310 #include "runmodes.h"
311 
312 static void PrintFeatureList(const SigTableElmt *e, char sep)
313 {
314  const uint16_t flags = e->flags;
315 
316  int prev = 0;
317  if (flags & SIGMATCH_NOOPT) {
318  printf("No option");
319  prev = 1;
320  }
321  if (flags & SIGMATCH_IPONLY_COMPAT) {
322  if (prev == 1)
323  printf("%c", sep);
324  printf("compatible with IP only rule");
325  prev = 1;
326  }
327  if (flags & SIGMATCH_DEONLY_COMPAT) {
328  if (prev == 1)
329  printf("%c", sep);
330  printf("compatible with decoder event only rule");
331  prev = 1;
332  }
333  if (flags & SIGMATCH_INFO_CONTENT_MODIFIER) {
334  if (prev == 1)
335  printf("%c", sep);
336  printf("content modifier");
337  prev = 1;
338  }
339  if (flags & SIGMATCH_INFO_STICKY_BUFFER) {
340  if (prev == 1)
341  printf("%c", sep);
342  printf("sticky buffer");
343  prev = 1;
344  }
345  if (e->Transform) {
346  if (prev == 1)
347  printf("%c", sep);
348  printf("transform");
349  prev = 1;
350  }
351  if (e->SupportsPrefilter) {
352  if (prev == 1)
353  printf("%c", sep);
354  printf("prefilter");
355  prev = 1;
356  }
357  if (prev == 0) {
358  printf("none");
359  }
360 }
361 
362 static void SigMultilinePrint(int i, const char *prefix)
363 {
364  if (sigmatch_table[i].desc) {
365  printf("%sDescription: %s\n", prefix, sigmatch_table[i].desc);
366  }
367  printf("%sFeatures: ", prefix);
368  PrintFeatureList(&sigmatch_table[i], ',');
369  if (sigmatch_table[i].url) {
370  printf("\n%sDocumentation: %s%s", prefix, GetDocURL(), sigmatch_table[i].url);
371  }
372  if (sigmatch_table[i].alternative) {
373  printf("\n%sReplaced by: %s", prefix, sigmatch_table[sigmatch_table[i].alternative].name);
374  }
375  printf("\n");
376 }
377 
378 int SigTableList(const char *keyword)
379 {
380  size_t size = sizeof(sigmatch_table) / sizeof(SigTableElmt);
381  size_t i;
382 
383  if (keyword == NULL) {
384  printf("=====Supported keywords=====\n");
385  for (i = 0; i < size; i++) {
386  const char *name = sigmatch_table[i].name;
387  if (name != NULL && strlen(name) > 0) {
388  if (name[0] == '_' || strcmp(name, "template") == 0)
389  continue;
390 
391  if (sigmatch_table[i].flags & SIGMATCH_NOT_BUILT) {
392  printf("- %s (not built-in)\n", name);
393  } else {
394  printf("- %s\n", name);
395  }
396  }
397  }
398  } else if (strcmp("csv", keyword) == 0) {
399  printf("name;description;app layer;features;documentation\n");
400  for (i = 0; i < size; i++) {
401  const char *name = sigmatch_table[i].name;
402  if (name != NULL && strlen(name) > 0) {
403  if (sigmatch_table[i].flags & SIGMATCH_NOT_BUILT) {
404  continue;
405  }
406  if (name[0] == '_' || strcmp(name, "template") == 0)
407  continue;
408 
409  printf("%s;", name);
410  if (sigmatch_table[i].desc) {
411  printf("%s", sigmatch_table[i].desc);
412  }
413  /* Build feature */
414  printf(";Unset;"); // this used to be alproto
415  PrintFeatureList(&sigmatch_table[i], ':');
416  printf(";");
417  if (sigmatch_table[i].url) {
418  printf("%s%s", GetDocURL(), sigmatch_table[i].url);
419  }
420  printf(";");
421  printf("\n");
422  }
423  }
424  } else if (strcmp("all", keyword) == 0) {
425  for (i = 0; i < size; i++) {
426  const char *name = sigmatch_table[i].name;
427  if (name != NULL && strlen(name) > 0) {
428  if (name[0] == '_' || strcmp(name, "template") == 0)
429  continue;
430  printf("%s:\n", sigmatch_table[i].name);
431  SigMultilinePrint(i, "\t");
432  }
433  }
434  } else {
435  for (i = 0; i < size; i++) {
436  if ((sigmatch_table[i].name != NULL) &&
437  strcmp(sigmatch_table[i].name, keyword) == 0) {
438  printf("= %s =\n", sigmatch_table[i].name);
439  if (sigmatch_table[i].flags & SIGMATCH_NOT_BUILT) {
440  printf("Not built-in\n");
441  return TM_ECODE_FAILED;
442  }
443  SigMultilinePrint(i, "");
444  return TM_ECODE_DONE;
445  }
446  }
447  printf("Non existing keyword\n");
448  return TM_ECODE_FAILED;
449  }
450  return TM_ECODE_DONE;
451 }
452 
453 void SigTableSetup(void)
454 {
455  memset(sigmatch_table, 0, sizeof(sigmatch_table));
456 
457  DetectSidRegister();
458  DetectPriorityRegister();
459  DetectPrefilterRegister();
460  DetectRevRegister();
461  DetectClasstypeRegister();
462  DetectReferenceRegister();
463  DetectTagRegister();
464  DetectThresholdRegister();
465  DetectMetadataRegister();
466  DetectMsgRegister();
467  DetectAckRegister();
468  DetectSeqRegister();
469  DetectContentRegister();
470  DetectUricontentRegister();
471 
472  /* NOTE: the order of these currently affects inspect
473  * engine registration order and ultimately the order
474  * of inspect engines in the rule. Which in turn affects
475  * state keeping */
476  DetectHttpUriRegister();
477  DetectHttpRequestLineRegister();
478  DetectHttpClientBodyRegister();
479  DetectHttpResponseLineRegister();
480  DetectHttpServerBodyRegister();
481  DetectHttpHeaderRegister();
482  DetectHttpHeaderNamesRegister();
483  DetectHttpHeadersRegister();
484  DetectHttpProtocolRegister();
485  DetectHttpStartRegister();
486  DetectHttpRawHeaderRegister();
487  DetectHttpMethodRegister();
488  DetectHttpCookieRegister();
489 
490  DetectFilenameRegister();
491  DetectFileextRegister();
492  DetectFilestoreRegister();
493  DetectFilemagicRegister();
494  DetectFileMd5Register();
495  DetectFileSha1Register();
496  DetectFileSha256Register();
497  DetectFilesizeRegister();
498 
499  DetectHttpUARegister();
500  DetectHttpHHRegister();
501 
502  DetectHttpStatMsgRegister();
503  DetectHttpStatCodeRegister();
504  DetectHttp2Register();
505 
506  DetectDnsQueryRegister();
507  DetectDnsOpcodeRegister();
508  DetectModbusRegister();
509  DetectCipServiceRegister();
510  DetectEnipCommandRegister();
511  DetectDNP3Register();
512 
513  DetectIkeExchTypeRegister();
514  DetectIkeSpiRegister();
515  DetectIkeVendorRegister();
516  DetectIkeChosenSaRegister();
517  DetectIkeKeyExchangePayloadLengthRegister();
518  DetectIkeNoncePayloadLengthRegister();
519  DetectIkeNonceRegister();
520  DetectIkeKeyExchangeRegister();
521 
522  DetectTlsSniRegister();
523  DetectTlsIssuerRegister();
524  DetectTlsSubjectRegister();
525  DetectTlsSerialRegister();
526  DetectTlsFingerprintRegister();
527  DetectTlsCertsRegister();
528  DetectTlsCertChainLenRegister();
529  DetectTlsRandomRegister();
530 
531  DetectTlsJa3HashRegister();
532  DetectTlsJa3StringRegister();
533  DetectTlsJa3SHashRegister();
534  DetectTlsJa3SStringRegister();
535 
536  DetectAppLayerEventRegister();
537  /* end of order dependent regs */
538 
539  DetectFrameRegister();
540 
541  DetectPcreRegister();
542  DetectDepthRegister();
543  DetectNocaseRegister();
544  DetectRawbytesRegister();
545  DetectBytetestRegister();
546  DetectBytejumpRegister();
547  DetectBytemathRegister();
548  DetectSameipRegister();
549  DetectGeoipRegister();
550  DetectL3ProtoRegister();
551  DetectIPProtoRegister();
552  DetectWithinRegister();
553  DetectDistanceRegister();
554  DetectOffsetRegister();
555  DetectReplaceRegister();
556  DetectFlowRegister();
557  DetectFlowAgeRegister();
558  DetectWindowRegister();
559  DetectRpcRegister();
560  DetectFtpbounceRegister();
561  DetectFtpdataRegister();
562  DetectIsdataatRegister();
563  DetectIdRegister();
564  DetectDsizeRegister();
565  DetectDatasetRegister();
566  DetectDatarepRegister();
567  DetectFlowvarRegister();
568  DetectFlowintRegister();
569  DetectPktvarRegister();
570  DetectNoalertRegister();
571  DetectFlowbitsRegister();
572  DetectHostbitsRegister();
573  DetectXbitsRegister();
574  DetectEngineEventRegister();
575  DetectIpOptsRegister();
576  DetectFlagsRegister();
577  DetectFragBitsRegister();
578  DetectFragOffsetRegister();
579  DetectGidRegister();
580  DetectMarkRegister();
581  DetectCsumRegister();
582  DetectStreamSizeRegister();
583  DetectTtlRegister();
584  DetectTosRegister();
585  DetectFastPatternRegister();
586  DetectITypeRegister();
587  DetectICodeRegister();
588  DetectIcmpIdRegister();
589  DetectIcmpSeqRegister();
590  DetectIcmpv4HdrRegister();
591  DetectDceIfaceRegister();
592  DetectDceOpnumRegister();
593  DetectDceStubDataRegister();
594  DetectSmbNamedPipeRegister();
595  DetectSmbShareRegister();
596  DetectSmbNtlmsspUserRegister();
597  DetectSmbNtlmsspDomainRegister();
598  DetectTlsRegister();
599  DetectTlsValidityRegister();
600  DetectTlsVersionRegister();
601  DetectNfsProcedureRegister();
602  DetectNfsVersionRegister();
603  DetectUrilenRegister();
604  DetectBsizeRegister();
605  DetectDetectionFilterRegister();
606  DetectAsn1Register();
607  DetectSshProtocolRegister();
608  DetectSshVersionRegister();
609  DetectSshSoftwareRegister();
610  DetectSshSoftwareVersionRegister();
611  DetectSshHasshRegister();
612  DetectSshHasshServerRegister();
613  DetectSshHasshStringRegister();
614  DetectSshHasshServerStringRegister();
615  DetectSslStateRegister();
616  DetectSslVersionRegister();
617  DetectByteExtractRegister();
618  DetectFiledataRegister();
619  DetectPktDataRegister();
620  DetectLuaRegister();
621  DetectIPRepRegister();
622  DetectAppLayerProtocolRegister();
623  DetectBase64DecodeRegister();
624  DetectBase64DataRegister();
625  DetectTemplateRegister();
626  DetectTemplate2Register();
627  DetectTcphdrRegister();
628  DetectUdphdrRegister();
629  DetectTcpmssRegister();
630  DetectICMPv6hdrRegister();
631  DetectICMPv6mtuRegister();
632  DetectIPAddrBufferRegister();
633  DetectIpv4hdrRegister();
634  DetectIpv6hdrRegister();
635  DetectKrb5CNameRegister();
636  DetectKrb5ErrCodeRegister();
637  DetectKrb5MsgTypeRegister();
638  DetectKrb5SNameRegister();
639  DetectKrb5TicketEncryptionRegister();
640  DetectSipMethodRegister();
641  DetectSipUriRegister();
642  DetectSipProtocolRegister();
643  DetectSipStatCodeRegister();
644  DetectSipStatMsgRegister();
645  DetectSipRequestLineRegister();
646  DetectSipResponseLineRegister();
647  DetectRfbSecresultRegister();
648  DetectRfbSectypeRegister();
649  DetectRfbNameRegister();
650  DetectTargetRegister();
651  DetectTemplateRustBufferRegister();
652  DetectDHCPLeaseTimeRegister();
653  DetectDHCPRebindingTimeRegister();
654  DetectDHCPRenewalTimeRegister();
655  DetectSNMPUsmRegister();
656  DetectSNMPVersionRegister();
657  DetectSNMPCommunityRegister();
658  DetectSNMPPduTypeRegister();
659  DetectMQTTTypeRegister();
660  DetectMQTTFlagsRegister();
661  DetectMQTTQosRegister();
662  DetectMQTTProtocolVersionRegister();
663  DetectMQTTReasonCodeRegister();
664  DetectMQTTConnectFlagsRegister();
665  DetectMQTTConnectClientIDRegister();
666  DetectMQTTConnectUsernameRegister();
667  DetectMQTTConnectPasswordRegister();
668  DetectMQTTConnectWillTopicRegister();
669  DetectMQTTConnectWillMessageRegister();
670  DetectMQTTConnackSessionPresentRegister();
671  DetectMQTTPublishTopicRegister();
672  DetectMQTTPublishMessageRegister();
673  DetectMQTTSubscribeTopicRegister();
674  DetectMQTTUnsubscribeTopicRegister();
675  DetectQuicSniRegister();
676  DetectQuicUaRegister();
677  DetectQuicVersionRegister();
678  DetectQuicCyuHashRegister();
679  DetectQuicCyuStringRegister();
680 
681  DetectTemplateBufferRegister();
682  DetectBypassRegister();
683  DetectConfigRegister();
684 
685  DetectTransformCompressWhitespaceRegister();
686  DetectTransformStripWhitespaceRegister();
687  DetectTransformMd5Register();
688  DetectTransformSha1Register();
689  DetectTransformSha256Register();
690  DetectTransformDotPrefixRegister();
691  DetectTransformPcrexformRegister();
692  DetectTransformUrlDecodeRegister();
693  DetectTransformXorRegister();
694 
695  /* close keyword registration */
696  DetectBufferTypeCloseRegistration();
697 }
698 
699 #ifdef UNITTESTS
700 void SigTableRegisterTests(void)
701 {
702  /* register the tests */
703  for (int i = 0; i < DETECT_TBLSIZE; i++) {
704  g_ut_modules++;
705  if (sigmatch_table[i].RegisterTests != NULL) {
706  sigmatch_table[i].RegisterTests();
707  g_ut_covered++;
708  } else {
709  SCLogDebug("detection plugin %s has no unittest "
710  "registration function.", sigmatch_table[i].name);
711 
712  if (coverage_unittests)
713  SCLogWarning(SC_WARN_NO_UNITTESTS, "detection plugin %s has no unittest "
714  "registration function.", sigmatch_table[i].name);
715  }
716  }
717 }
718 #endif
detect-mqtt-flags.h
detect-tcp-flags.h
detect-ssh-hassh-server-string.h
DetectSshVersionRegister
void DetectSshVersionRegister(void)
Registration function for keyword: ssh.protoversion.
Definition: detect-ssh-proto-version.c:78
DetectDceStubDataRegister
void DetectDceStubDataRegister(void)
Registers the keyword handlers for the "dce_stub_data" keyword.
Definition: detect-dce-stub-data.c:118
DetectFragBitsRegister
void DetectFragBitsRegister(void)
Registration function for fragbits: keyword.
Definition: detect-fragbits.c:85
DetectHttpHHRegister
void DetectHttpHHRegister(void)
Registers the keyword handlers for the "http_host" keyword.
Definition: detect-http-host.c:88
DetectITypeRegister
void DetectITypeRegister(void)
Registration function for itype: keyword.
Definition: detect-itype.c:57
detect-icmpv4hdr.h
DetectAppLayerEventRegister
void DetectAppLayerEventRegister(void)
Registers the keyword handlers for the "app-layer-event" keyword.
Definition: detect-app-layer-event.c:79
tm-threads.h
DetectDsizeRegister
void DetectDsizeRegister(void)
Registration function for dsize: keyword.
Definition: detect-dsize.c:61
DetectMQTTReasonCodeRegister
void DetectMQTTReasonCodeRegister(void)
Registration function for mqtt.reason_code: keyword.
Definition: detect-mqtt-reason-code.c:52
detect-transform-xor.h
detect-content.h
detect-target.h
DetectMsgRegister
void DetectMsgRegister(void)
Definition: detect-msg.c:42
detect-quic-cyu-string.h
DetectTlsJa3HashRegister
void DetectTlsJa3HashRegister(void)
Registration function for keyword: ja3_hash.
Definition: detect-tls-ja3-hash.c:73
DetectMQTTProtocolVersionRegister
void DetectMQTTProtocolVersionRegister(void)
Registration function for mqtt.protocol_version: keyword.
Definition: detect-mqtt-protocol-version.c:50
detect-ssh-hassh-string.h
DetectTemplateRegister
void DetectTemplateRegister(void)
Registration function for template: keyword.
Definition: detect-template.c:55
detect-engine.h
DetectTransformSha256Register
void DetectTransformSha256Register(void)
Definition: detect-transform-sha256.c:45
detect-app-layer-protocol.h
detect-dce-iface.h
SIGMATCH_INFO_STICKY_BUFFER
#define SIGMATCH_INFO_STICKY_BUFFER
Definition: detect.h:1445
DetectGeoipRegister
void DetectGeoipRegister(void)
Registration function for geoip keyword (no libgeoip support)
Definition: detect-geoip.c:54
detect-engine-proto.h
DetectNfsVersionRegister
void DetectNfsVersionRegister(void)
Registration function for nfs_procedure keyword.
Definition: detect-nfs-version.c:62
DetectXbitsRegister
void DetectXbitsRegister(void)
Definition: detect-xbits.c:68
DetectTlsJa3SHashRegister
void DetectTlsJa3SHashRegister(void)
Registration function for keyword: ja3s.hash.
Definition: detect-tls-ja3s-hash.c:73
detect-dsize.h
DetectRevRegister
void DetectRevRegister(void)
Definition: detect-rev.c:34
detect-noalert.h
detect-gid.h
DetectIkeExchTypeRegister
void DetectIkeExchTypeRegister(void)
Registration function for ike.exchtype keyword.
Definition: detect-ike-exch-type.c:50
DetectConfigRegister
void DetectConfigRegister(void)
Registration function for keyword: filestore.
Definition: detect-config.c:76
stream-tcp-inline.h
DetectRfbSecresultRegister
void DetectRfbSecresultRegister(void)
Registration function for rfb.secresult: keyword.
Definition: detect-rfb-secresult.c:57
detect-priority.h
util-hashlist.h
DetectTcpmssRegister
void DetectTcpmssRegister(void)
Registration function for tcpmss: keyword.
Definition: detect-tcpmss.c:51
detect-sip-request-line.h
detect-filesha1.h
g_ut_modules
int g_ut_modules
Definition: suricata.c:875
detect-sid.h
DetectTlsSerialRegister
void DetectTlsSerialRegister(void)
Registration function for keyword: tls.cert_serial.
Definition: detect-tls-cert-serial.c:72
detect-engine-siggroup.h
SIGMATCH_INFO_CONTENT_MODIFIER
#define SIGMATCH_INFO_CONTENT_MODIFIER
Definition: detect.h:1443
DetectSidRegister
void DetectSidRegister(void)
Definition: detect-sid.c:40
DetectIkeNonceRegister
void DetectIkeNonceRegister(void)
Definition: detect-ike-nonce-payload.c:92
SigTableElmt_::name
const char * name
Definition: detect.h:1235
DetectSshSoftwareVersionRegister
void DetectSshSoftwareVersionRegister(void)
Registration function for keyword: ssh.softwareversion.
Definition: detect-ssh-software-version.c:83
stream-tcp.h
detect-template-rust-buffer.h
detect-engine-event.h
detect-tls-cert-validity.h
detect-mark.h
detect-pktvar.h
detect-nfs-version.h
DetectMQTTQosRegister
void DetectMQTTQosRegister(void)
Registration function for mqtt.qos: keyword.
Definition: detect-mqtt-qos.c:49
detect-dhcp-rebinding-time.h
DetectQuicCyuHashRegister
void DetectQuicCyuHashRegister(void)
Definition: detect-quic-cyu-hash.c:222
detect-mqtt-connect-username.h
DetectTlsFingerprintRegister
void DetectTlsFingerprintRegister(void)
Registration function for keyword: tls.cert_fingerprint.
Definition: detect-tls-cert-fingerprint.c:72
DetectSmbNtlmsspDomainRegister
void DetectSmbNtlmsspDomainRegister(void)
Definition: detect-smb-ntlmssp.c:134
DetectHttpServerBodyRegister
void DetectHttpServerBodyRegister(void)
Registers the keyword handlers for the "http_server_body" keyword.
Definition: detect-http-server-body.c:72
detect-tls-cert-fingerprint.h
DetectMQTTSubscribeTopicRegister
void DetectMQTTSubscribeTopicRegister(void)
Registration function for keyword: mqtt.subscribe.topic.
Definition: detect-mqtt-subscribe-topic.c:194
DetectHttpHeadersRegister
void DetectHttpHeadersRegister(void)
Definition: detect-http-headers.c:29
DetectHttpStartRegister
void DetectHttpStartRegister(void)
Registers the keyword handlers for the "http_start" keyword.
Definition: detect-http-start.c:182
DetectDNP3Register
void DetectDNP3Register(void)
Definition: detect-dnp3.c:577
DetectHttpUriRegister
void DetectHttpUriRegister(void)
Registration function for keywords: http_uri and http.uri.
Definition: detect-http-uri.c:89
DetectGidRegister
void DetectGidRegister(void)
Registration function for gid: keyword.
Definition: detect-gid.c:48
detect-ike-nonce-payload-length.h
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:296
detect-transform-strip-whitespace.h
detect-isdataat.h
detect-ssh-software.h
DetectQuicUaRegister
void DetectQuicUaRegister(void)
Registration function for quic.ua: keyword.
Definition: detect-quic-ua.c:72
DetectMQTTConnectUsernameRegister
void DetectMQTTConnectUsernameRegister(void)
Definition: detect-mqtt-connect-username.c:72
DetectIPProtoRegister
void DetectIPProtoRegister(void)
Registration function for ip_proto keyword.
Definition: detect-ipproto.c:60
SigTableSetup
void SigTableSetup(void)
Definition: detect-engine-register.c:453
DetectMQTTConnectClientIDRegister
void DetectMQTTConnectClientIDRegister(void)
Definition: detect-mqtt-connect-clientid.c:72
detect-classtype.h
detect-smb-share.h
DetectFileextRegister
void DetectFileextRegister(void)
Registration function for keyword: fileext.
Definition: detect-fileext.c:72
util-lua.h
DetectICMPv6hdrRegister
void DetectICMPv6hdrRegister(void)
Registration function for icmpv6.hdr: keyword.
Definition: detect-icmpv6hdr.c:51
DetectSshHasshRegister
void DetectSshHasshRegister(void)
Registration function for hassh keyword.
Definition: detect-ssh-hassh.c:191
DetectTlsJa3StringRegister
void DetectTlsJa3StringRegister(void)
Registration function for keyword: ja3.string.
Definition: detect-tls-ja3-string.c:69
TM_ECODE_DONE
@ TM_ECODE_DONE
Definition: tm-threads-common.h:84
detect-bsize.h
action-globals.h
DetectTlsRandomRegister
void DetectTlsRandomRegister(void)
Registration function for keyword: tls.random.
Definition: detect-tls-random.c:112
DetectPriorityRegister
void DetectPriorityRegister(void)
Registers the handler functions for the "priority" keyword.
Definition: detect-priority.c:49
detect-smb-ntlmssp.h
DetectDceIfaceRegister
void DetectDceIfaceRegister(void)
Registers the keyword handlers for the "dce_iface" keyword.
Definition: detect-dce-iface.c:69
DetectTemplateBufferRegister
void DetectTemplateBufferRegister(void)
Definition: detect-template-buffer.c:53
DETECT_TBLSIZE
@ DETECT_TBLSIZE
Definition: detect-engine-register.h:336
flow-private.h
DetectFilesizeRegister
void DetectFilesizeRegister(void)
Registration function for filesize: keyword.
Definition: detect-filesize.c:61
DetectHttpProtocolRegister
void DetectHttpProtocolRegister(void)
Registers the keyword handlers for the "http.protocol" keyword.
Definition: detect-http-protocol.c:120
detect-rfb-sectype.h
DetectFragOffsetRegister
void DetectFragOffsetRegister(void)
Registration function for fragoffset.
Definition: detect-fragoffset.c:60
DetectRpcRegister
void DetectRpcRegister(void)
Registration function for rpc keyword.
Definition: detect-rpc.c:61
detect-tcpmss.h
SigTableElmt_::flags
uint16_t flags
Definition: detect.h:1229
DetectMQTTUnsubscribeTopicRegister
void DetectMQTTUnsubscribeTopicRegister(void)
Registration function for keyword: mqtt.unsubscribe.topic.
Definition: detect-mqtt-unsubscribe-topic.c:194
DetectSameipRegister
void DetectSameipRegister(void)
Registration function for sameip: keyword.
Definition: detect-sameip.c:51
detect-template2.h
detect-ftpbounce.h
detect-transform-sha256.h
detect-ssh-hassh-server.h
detect-dns-opcode.h
g_ut_covered
int g_ut_covered
Definition: suricata.c:876
DetectSshHasshStringRegister
void DetectSshHasshStringRegister(void)
Registration function for hassh.string keyword.
Definition: detect-ssh-hassh-string.c:123
DetectIcmpv4HdrRegister
void DetectIcmpv4HdrRegister(void)
Registration function for icmpv4.hdr: keyword.
Definition: detect-icmpv4hdr.c:46
detect-tls-ja3-string.h
detect-filemd5.h
DetectTransformDotPrefixRegister
void DetectTransformDotPrefixRegister(void)
Definition: detect-transform-dotprefix.c:46
SIGMATCH_DEONLY_COMPAT
#define SIGMATCH_DEONLY_COMPAT
Definition: detect.h:1425
detect-tls-random.h
detect-tcp-seq.h
detect-http-header.h
detect-lua.h
detect-flowint.h
detect-fileext.h
DetectSipRequestLineRegister
void DetectSipRequestLineRegister(void)
Definition: detect-sip-request-line.c:94
flow-bit.h
DetectTcphdrRegister
void DetectTcphdrRegister(void)
Registration function for tcp.hdr: keyword.
Definition: detect-tcphdr.c:50
util-var-name.h
detect-dnp3.h
detect-http-client-body.h
DetectDatarepRegister
void DetectDatarepRegister(void)
Definition: detect-datarep.c:52
detect-file-data.h
detect-mqtt-subscribe-topic.h
util-privs.h
DetectHostbitsRegister
void DetectHostbitsRegister(void)
Definition: detect-hostbits.c:79
detect-flow-age.h
DetectTlsValidityRegister
void DetectTlsValidityRegister(void)
Registration function for tls validity keywords.
Definition: detect-tls-cert-validity.c:80
DetectIpOptsRegister
void DetectIpOptsRegister(void)
Registration function for ipopts: keyword.
Definition: detect-ipopts.c:56
DetectSshHasshServerRegister
void DetectSshHasshServerRegister(void)
Registration function for hasshServer keyword.
Definition: detect-ssh-hassh-server.c:189
detect-icmpv6-mtu.h
detect-rev.h
DetectUricontentRegister
void DetectUricontentRegister(void)
Registration function for uricontent: keyword.
Definition: detect-uricontent.c:70
detect-tag.h
detect-ftpdata.h
detect-tls-sni.h
detect-engine-payload.h
DetectMetadataRegister
void DetectMetadataRegister(void)
Definition: detect-metadata.c:44
detect-l3proto.h
DetectSipResponseLineRegister
void DetectSipResponseLineRegister(void)
Definition: detect-sip-response-line.c:94
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:83
SigTableElmt_
element in sigmatch type table.
Definition: detect.h:1201
DetectRfbSectypeRegister
void DetectRfbSectypeRegister(void)
Registration function for rfb.sectype keyword.
Definition: detect-rfb-sectype.c:48
DetectDHCPLeaseTimeRegister
void DetectDHCPLeaseTimeRegister(void)
Registration function for dhcp.procedure keyword.
Definition: detect-dhcp-leasetime.c:114
detect-pcre.h
DetectMQTTConnectPasswordRegister
void DetectMQTTConnectPasswordRegister(void)
Definition: detect-mqtt-connect-password.c:72
DetectHttpHeaderNamesRegister
void DetectHttpHeaderNamesRegister(void)
Registers the keyword handlers for the "http.header_names" keyword.
Definition: detect-http-header-names.c:211
detect-depth.h
detect-engine-prefilter.h
detect-icmpv6hdr.h
DetectFilemagicRegister
void DetectFilemagicRegister(void)
Registration function for keyword: filemagic.
Definition: detect-filemagic.c:71
util-unittest.h
DetectTlsSniRegister
void DetectTlsSniRegister(void)
Registration function for keyword: tls.sni.
Definition: detect-tls-sni.c:65
DetectTargetRegister
void DetectTargetRegister(void)
Registration function for target keyword.
Definition: detect-target.c:51
DetectBufferTypeCloseRegistration
void DetectBufferTypeCloseRegistration(void)
Definition: detect-engine.c:1658
SIGMATCH_NOT_BUILT
#define SIGMATCH_NOT_BUILT
Definition: detect.h:1427
detect-filename.h
util-unittest-helper.h
detect-mqtt-connect-password.h
detect-stream_size.h
DetectSipStatMsgRegister
void DetectSipStatMsgRegister(void)
Definition: detect-sip-stat-msg.c:97
detect-http-ua.h
detect-asn1.h
DetectMQTTConnectWillMessageRegister
void DetectMQTTConnectWillMessageRegister(void)
Definition: detect-mqtt-connect-willmessage.c:72
detect-flowvar.h
detect-base64-data.h
detect-krb5-errcode.h
SigTableRegisterTests
void SigTableRegisterTests(void)
Definition: detect-engine-register.c:700
detect-udphdr.h
detect-http-protocol.h
detect-reference.h
detect-rpc.h
detect-sameip.h
detect-dce-stub-data.h
detect-dns-query.h
DetectTransformStripWhitespaceRegister
void DetectTransformStripWhitespaceRegister(void)
Definition: detect-transform-strip-whitespace.c:45
DetectSeqRegister
void DetectSeqRegister(void)
Registration function for ack: keyword.
Definition: detect-tcp-seq.c:53
DetectAsn1Register
void DetectAsn1Register(void)
Registration function for asn1.
Definition: detect-asn1.c:50
DetectFlowAgeRegister
void DetectFlowAgeRegister(void)
Definition: detect-flow-age.c:91
detect-krb5-msgtype.h
DetectBsizeRegister
void DetectBsizeRegister(void)
Registration function for bsize: keyword.
Definition: detect-bsize.c:99
DetectSmbShareRegister
void DetectSmbShareRegister(void)
Definition: detect-smb-share.c:141
app-layer-htp.h
detect-xbits.h
detect-app-layer-event.h
DetectBytejumpRegister
void DetectBytejumpRegister(void)
Definition: detect-bytejump.c:73
detect-ike-nonce-payload.h
decode.h
DetectICMPv6mtuRegister
void DetectICMPv6mtuRegister(void)
Registration function for icmpv6.mtu: keyword.
Definition: detect-icmpv6-mtu.c:48
detect-ssh-hassh.h
util-debug.h
detect-transform-pcrexform.h
detect-http-header-names.h
detect-transform-compress-whitespace.h
DetectTlsVersionRegister
void DetectTlsVersionRegister(void)
Registration function for keyword: tls.version.
Definition: detect-tls-version.c:73
DetectReplaceRegister
void DetectReplaceRegister(void)
Definition: detect-replace.c:70
detect-detection-filter.h
DetectICodeRegister
void DetectICodeRegister(void)
Registration function for icode: keyword.
Definition: detect-icode.c:60
detect-iprep.h
detect-rawbytes.h
DetectWindowRegister
void DetectWindowRegister(void)
Registration function for window: keyword.
Definition: detect-tcp-window.c:59
detect-http2.h
DetectL3ProtoRegister
void DetectL3ProtoRegister(void)
Registration function for ip_proto keyword.
Definition: detect-l3proto.c:54
detect-fragbits.h
DetectKrb5ErrCodeRegister
void DetectKrb5ErrCodeRegister(void)
Registration function for krb5_err_code: keyword.
Definition: detect-krb5-errcode.c:59
detect-ipv6hdr.h
DetectWithinRegister
void DetectWithinRegister(void)
Definition: detect-within.c:52
DetectContentRegister
void DetectContentRegister(void)
Definition: detect-content.c:58
detect-http-response-line.h
detect-tos.h
util-print.h
DetectSshProtocolRegister
void DetectSshProtocolRegister(void)
Definition: detect-ssh-proto.c:95
detect-filemagic.h
detect-transform-md5.h
detect-engine-mpm.h
DetectIcmpIdRegister
void DetectIcmpIdRegister(void)
Registration function for icode: icmp_id.
Definition: detect-icmp-id.c:59
detect.h
DetectSslStateRegister
void DetectSslStateRegister(void)
Registers the keyword handlers for the "ssl_state" keyword.
Definition: detect-ssl-state.c:73
detect-http-start.h
DetectLuaRegister
void DetectLuaRegister(void)
Registration function for keyword: lua.
Definition: detect-lua.c:77
pkt-var.h
DetectIkeVendorRegister
void DetectIkeVendorRegister(void)
Registration function for ike.vendor keyword.
Definition: detect-ike-vendor.c:176
detect-quic-version.h
DetectFiledataRegister
void DetectFiledataRegister(void)
Registration function for keyword: file_data.
Definition: detect-file-data.c:83
detect-prefilter.h
DetectIpv6hdrRegister
void DetectIpv6hdrRegister(void)
Registration function for ipv6.hdr: keyword.
Definition: detect-ipv6hdr.c:50
DetectIkeKeyExchangeRegister
void DetectIkeKeyExchangeRegister(void)
Definition: detect-ike-key-exchange-payload.c:92
detect-http-uri.h
detect-tcp-window.h
detect-engine-port.h
DetectIcmpSeqRegister
void DetectIcmpSeqRegister(void)
Registration function for icmp_seq.
Definition: detect-icmp-seq.c:58
DetectIdRegister
void DetectIdRegister(void)
Registration function for keyword: id.
Definition: detect-id.c:65
DetectHttpUARegister
void DetectHttpUARegister(void)
Registers the keyword handlers for the "http_user_agent" keyword.
Definition: detect-http-ua.c:79
detect-ike-vendor.h
detect-mqtt-unsubscribe-topic.h
detect-mqtt-publish-topic.h
DetectRfbNameRegister
void DetectRfbNameRegister(void)
Definition: detect-rfb-name.c:91
detect-itype.h
detect-engine-profile.h
detect-sip-protocol.h
DetectPktDataRegister
void DetectPktDataRegister(void)
Registration function for keyword: file_data.
Definition: detect-pkt-data.c:53
util-profiling.h
detect-mqtt-connack-sessionpresent.h
DetectMQTTTypeRegister
void DetectMQTTTypeRegister(void)
Registration function for ipopts: keyword.
Definition: detect-mqtt-type.c:48
util-rule-vars.h
detect-frame.h
DetectFlowbitsRegister
void DetectFlowbitsRegister(void)
Definition: detect-flowbits.c:64
DetectDatasetRegister
void DetectDatasetRegister(void)
Definition: detect-dataset.c:49
DetectUdphdrRegister
void DetectUdphdrRegister(void)
Registration function for udp.hdr: keyword.
Definition: detect-udphdr.c:49
conf-yaml-loader.h
DetectBytetestRegister
void DetectBytetestRegister(void)
Definition: detect-bytetest.c:79
DetectDHCPRenewalTimeRegister
void DetectDHCPRenewalTimeRegister(void)
Registration function for dhcp.procedure keyword.
Definition: detect-dhcp-renewal-time.c:114
detect-modbus.h
DetectDepthRegister
void DetectDepthRegister(void)
Definition: detect-depth.c:48
detect-bytejump.h
detect-snmp-usm.h
detect-id.h
conf.h
detect-engine-alert.h
DetectSipMethodRegister
void DetectSipMethodRegister(void)
Definition: detect-sip-method.c:124
detect-ike-spi.h
detect-ipproto.h
DetectTransformPcrexformRegister
void DetectTransformPcrexformRegister(void)
Definition: detect-transform-pcrexform.c:46
DetectDHCPRebindingTimeRegister
void DetectDHCPRebindingTimeRegister(void)
Registration function for dhcp.procedure keyword.
Definition: detect-dhcp-rebinding-time.c:114
detect-krb5-ticket-encryption.h
detect-nfs-procedure.h
detect-engine-state.h
Data structures and function prototypes for keeping state for the detection engine.
detect-filestore.h
detect-http-stat-code.h
detect-replace.h
detect-krb5-cname.h
DetectMarkRegister
void DetectMarkRegister(void)
Registration function for nfq_set_mark: keyword.
Definition: detect-mark.c:56
DetectReferenceRegister
void DetectReferenceRegister(void)
Registration function for the reference: keyword.
Definition: detect-reference.c:58
detect-sip-method.h
DetectFileSha256Register
void DetectFileSha256Register(void)
Registration function for keyword: filesha256.
Definition: detect-filesha256.c:44
DetectPrefilterRegister
void DetectPrefilterRegister(void)
Definition: detect-prefilter.c:37
util-mpm-ac.h
detect-krb5-sname.h
DetectTlsCertsRegister
void DetectTlsCertsRegister(void)
Registration function for keyword: tls.certs.
Definition: detect-tls-certs.c:85
DetectFtpbounceRegister
void DetectFtpbounceRegister(void)
Registration function for ftpbounce: keyword.
Definition: detect-ftpbounce.c:64
detect-flowbits.h
detect-dhcp-renewal-time.h
runmodes.h
DetectKrb5TicketEncryptionRegister
void DetectKrb5TicketEncryptionRegister(void)
Definition: detect-krb5-ticket-encryption.c:75
detect-ssl-version.h
detect-offset.h
DetectOffsetRegister
void DetectOffsetRegister(void)
Definition: detect-offset.c:46
detect-nocase.h
detect-http-host.h
detect-fragoffset.h
detect-dhcp-leasetime.h
detect-ttl.h
detect-sip-stat-code.h
detect-transform-dotprefix.h
detect-mqtt-connect-willmessage.h
DetectSshSoftwareRegister
void DetectSshSoftwareRegister(void)
Definition: detect-ssh-software.c:96
DetectQuicSniRegister
void DetectQuicSniRegister(void)
Registration function for quic.sni: keyword.
Definition: detect-quic-sni.c:72
DetectSipProtocolRegister
void DetectSipProtocolRegister(void)
Definition: detect-sip-protocol.c:94
detect-engine-analyzer.h
detect-rfb-secresult.h
DetectSipUriRegister
void DetectSipUriRegister(void)
Definition: detect-sip-uri.c:107
detect-engine-content-inspection.h
detect-quic-cyu-hash.h
detect-http-server-body.h
detect-mqtt-publish-message.h
detect-ssh-software-version.h
detect-bypass.h
DetectBypassRegister
void DetectBypassRegister(void)
Registration function for keyword: bypass.
Definition: detect-bypass.c:59
DetectAckRegister
void DetectAckRegister(void)
Registration function for ack: keyword.
Definition: detect-tcp-ack.c:56
DetectFilestoreRegister
void DetectFilestoreRegister(void)
Registration function for keyword: filestore.
Definition: detect-filestore.c:79
detect-mqtt-type.h
DetectTlsRegister
void DetectTlsRegister(void)
Registration function for keyword: tls.version.
Definition: detect-tls.c:101
DetectTagRegister
void DetectTagRegister(void)
Registration function for keyword tag.
Definition: detect-tag.c:69
DetectHttpResponseLineRegister
void DetectHttpResponseLineRegister(void)
Registers the keyword handlers for the "http_response_line" keyword.
Definition: detect-http-response-line.c:76
detect-ike-key-exchange-payload.h
detect-fast-pattern.h
DetectTlsIssuerRegister
void DetectTlsIssuerRegister(void)
Registration function for keyword: tls.cert_issuer.
Definition: detect-tls-cert-issuer.c:68
DetectTransformUrlDecodeRegister
void DetectTransformUrlDecodeRegister(void)
Definition: detect-transform-urldecode.c:45
DetectSmbNtlmsspUserRegister
void DetectSmbNtlmsspUserRegister(void)
Definition: detect-smb-ntlmssp.c:77
detect-mqtt-qos.h
detect-ssh-proto-version.h
DetectBase64DataRegister
void DetectBase64DataRegister(void)
Definition: detect-base64-data.c:33
flags
uint8_t flags
Definition: decode-gre.h:0
DetectHttpStatCodeRegister
void DetectHttpStatCodeRegister(void)
Registration function for keyword: http_stat_code.
Definition: detect-http-stat-code.c:81
DetectDceOpnumRegister
void DetectDceOpnumRegister(void)
Registers the keyword handlers for the "dce_opnum" keyword.
Definition: detect-dce-opnum.c:70
DetectKrb5CNameRegister
void DetectKrb5CNameRegister(void)
Definition: detect-krb5-cname.c:189
DetectHttpHeaderRegister
void DetectHttpHeaderRegister(void)
Registers the keyword handlers for the "http_header" keyword.
Definition: detect-http-header.c:417
detect-tls.h
suricata-common.h
DetectMQTTFlagsRegister
void DetectMQTTFlagsRegister(void)
Registration function for mqtt.flags: keyword.
Definition: detect-mqtt-flags.c:55
DetectCipServiceRegister
void DetectCipServiceRegister(void)
Registration function for cip_service: keyword.
Definition: detect-cipservice.c:53
util-path.h
detect-mqtt-reason-code.h
detect-byte-extract.h
detect-metadata.h
DetectKrb5SNameRegister
void DetectKrb5SNameRegister(void)
Definition: detect-krb5-sname.c:189
detect-sip-response-line.h
sigmatch_table
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
Definition: detect-parse.c:76
SigTableElmt_::Transform
void(* Transform)(InspectionBuffer *, void *context)
Definition: detect.h:1216
DetectHttpClientBodyRegister
void DetectHttpClientBodyRegister(void)
Registers the keyword handlers for the "http_client_body" keyword.
Definition: detect-http-client-body.c:82
DetectIkeSpiRegister
void DetectIkeSpiRegister(void)
Definition: detect-ike-spi.c:130
detect-http-headers.h
DetectDnsOpcodeRegister
void DetectDnsOpcodeRegister(void)
Definition: detect-dns-opcode.c:77
DetectCsumRegister
void DetectCsumRegister(void)
Registers handlers for all the checksum keywords. The checksum keywords that are registered are ipv4-...
Definition: detect-csum.c:139
DetectTransformSha1Register
void DetectTransformSha1Register(void)
Definition: detect-transform-sha1.c:45
DetectUrilenRegister
void DetectUrilenRegister(void)
Registration function for urilen: keyword.
Definition: detect-urilen.c:61
detect-tls-cert-subject.h
detect-sip-stat-msg.h
DetectIkeNoncePayloadLengthRegister
void DetectIkeNoncePayloadLengthRegister(void)
Registration function for ike.nonce_payload_length keyword.
Definition: detect-ike-nonce-payload-length.c:49
detect-tls-version.h
detect-dataset.h
detect-template.h
util-classification-config.h
DetectHttp2Register
void DetectHttp2Register(void)
Registration function for HTTP2 keywords.
Definition: detect-http2.c:118
detect-rfb-name.h
DetectNfsProcedureRegister
void DetectNfsProcedureRegister(void)
Registration function for nfs_procedure keyword.
Definition: detect-nfs-procedure.c:64
DetectIpv4hdrRegister
void DetectIpv4hdrRegister(void)
Registration function for ipv4.hdr: keyword.
Definition: detect-ipv4hdr.c:50
DetectHttpRequestLineRegister
void DetectHttpRequestLineRegister(void)
Registers the keyword handlers for the "http_request_line" keyword.
Definition: detect-http-request-line.c:76
DetectFileSha1Register
void DetectFileSha1Register(void)
Registration function for keyword: filesha1.
Definition: detect-filesha1.c:44
DetectFlowRegister
void DetectFlowRegister(void)
Registration function for flow: keyword.
Definition: detect-flow.c:65
DetectDnsQueryRegister
void DetectDnsQueryRegister(void)
Registration function for keyword: dns_query.
Definition: detect-dns-query.c:202
DetectEnipCommandRegister
void DetectEnipCommandRegister(void)
Registration function for enip_command: keyword.
Definition: detect-cipservice.c:306
detect-hostbits.h
DetectSshHasshServerStringRegister
void DetectSshHasshServerStringRegister(void)
Registration function for hasshServer.string keyword.
Definition: detect-ssh-hassh-server-string.c:123
DetectRawbytesRegister
void DetectRawbytesRegister(void)
Definition: detect-rawbytes.c:43
detect-sip-uri.h
detect-snmp-version.h
DetectTosRegister
void DetectTosRegister(void)
Register Tos keyword.
Definition: detect-tos.c:64
util-optimize.h
detect-ike-exch-type.h
detect-tls-certs.h
util-validate.h
DetectBytemathRegister
void DetectBytemathRegister(void)
Registers the keyword handlers for the "byte_math" keyword.
Definition: detect-bytemath.c:68
detect-flow.h
detect-quic-ua.h
detect-base64-decode.h
DetectEngineEventRegister
void DetectEngineEventRegister(void)
Registration function for decode-event: keyword.
Definition: detect-engine-event.c:62
DetectFlagsRegister
void DetectFlagsRegister(void)
Registration function for flags: keyword.
Definition: detect-tcp-flags.c:75
detect-http-raw-header.h
detect-engine-sigorder.h
detect-quic-sni.h
DetectKrb5MsgTypeRegister
void DetectKrb5MsgTypeRegister(void)
Registration function for krb5_msg_type: keyword.
Definition: detect-krb5-msgtype.c:59
detect-mqtt-connect-clientid.h
DetectFlowvarRegister
void DetectFlowvarRegister(void)
Definition: detect-flowvar.c:54
detect-tcp-ack.h
detect-http-method.h
detect-within.h
DetectNoalertRegister
void DetectNoalertRegister(void)
Definition: detect-noalert.c:33
detect-tls-cert-issuer.h
SCLogWarning
#define SCLogWarning(err_code,...)
Macro used to log WARNING messages.
Definition: util-debug.h:242
detect-datarep.h
detect-http-request-line.h
DetectQuicCyuStringRegister
void DetectQuicCyuStringRegister(void)
Definition: detect-quic-cyu-string.c:177
SigTableElmt_::SupportsPrefilter
bool(* SupportsPrefilter)(const Signature *s)
Definition: detect.h:1222
app-layer-template.h
DetectQuicVersionRegister
void DetectQuicVersionRegister(void)
Registration function for quic.version: keyword.
Definition: detect-quic-version.c:72
detect-tcphdr.h
DetectMQTTPublishTopicRegister
void DetectMQTTPublishTopicRegister(void)
Definition: detect-mqtt-publish-topic.c:72
detect-tls-ja3s-hash.h
DetectSNMPCommunityRegister
void DetectSNMPCommunityRegister(void)
Definition: detect-snmp-community.c:50
DetectSmbNamedPipeRegister
void DetectSmbNamedPipeRegister(void)
Definition: detect-smb-share.c:78
DetectStreamSizeRegister
void DetectStreamSizeRegister(void)
Registration function for stream_size: keyword.
Definition: detect-stream_size.c:57
detect-engine-iponly.h
detect-parse.h
DetectSNMPVersionRegister
void DetectSNMPVersionRegister(void)
Registration function for snmp.procedure keyword.
Definition: detect-snmp-version.c:50
DetectDetectionFilterRegister
void DetectDetectionFilterRegister(void)
Registration function for detection_filter: keyword.
Definition: detect-detection-filter.c:64
detect-icode.h
DetectMQTTConnackSessionPresentRegister
void DetectMQTTConnackSessionPresentRegister(void)
Registration function for mqtt.connack.session_present: keyword.
Definition: detect-mqtt-connack-sessionpresent.c:51
detect-mqtt-connect-willtopic.h
detect-pkt-data.h
detect-threshold.h
DetectSipStatCodeRegister
void DetectSipStatCodeRegister(void)
Definition: detect-sip-stat-code.c:97
DetectDistanceRegister
void DetectDistanceRegister(void)
Definition: detect-distance.c:56
DetectTlsJa3SStringRegister
void DetectTlsJa3SStringRegister(void)
Registration function for keyword: ja3s.string.
Definition: detect-tls-ja3s-string.c:69
detect-geoip.h
detect-ssh-proto.h
DetectThresholdRegister
void DetectThresholdRegister(void)
Registration function for threshold: keyword.
Definition: detect-threshold.c:79
DetectSNMPUsmRegister
void DetectSNMPUsmRegister(void)
Definition: detect-snmp-usm.c:60
detect-tls-ja3-hash.h
DetectFlowintRegister
void DetectFlowintRegister(void)
Definition: detect-flowint.c:64
detect-filesize.h
DetectByteExtractRegister
void DetectByteExtractRegister(void)
Registers the keyword handlers for the "byte_extract" keyword.
Definition: detect-byte-extract.c:101
detect-icmp-id.h
DetectAppLayerProtocolRegister
void DetectAppLayerProtocolRegister(void)
Definition: detect-app-layer-protocol.c:267
app-layer-protos.h
detect-ssl-state.h
DetectSNMPPduTypeRegister
void DetectSNMPPduTypeRegister(void)
Definition: detect-snmp-pdu_type.c:56
detect-ipopts.h
DetectTlsCertChainLenRegister
void DetectTlsCertChainLenRegister(void)
Definition: detect-tls-certs.c:343
detect-tls-ja3s-string.h
detect-urilen.h
suricata.h
DetectIPAddrBufferRegister
void DetectIPAddrBufferRegister(void)
Definition: detect-ipaddr.c:53
detect-ipv4hdr.h
GetDocURL
const char * GetDocURL(void)
Definition: suricata.c:1077
DetectFastPatternRegister
void DetectFastPatternRegister(void)
Registration function for fast_pattern keyword.
Definition: detect-fast-pattern.c:187
DetectHttpStatMsgRegister
void DetectHttpStatMsgRegister(void)
Registration function for keyword: http_stat_msg.
Definition: detect-http-stat-msg.c:78
DetectMQTTConnectFlagsRegister
void DetectMQTTConnectFlagsRegister(void)
Registration function for mqtt.connect.flags: keyword.
Definition: detect-mqtt-connect-flags.c:59
DetectPktvarRegister
void DetectPktvarRegister(void)
Definition: detect-pktvar.c:48
detect-uricontent.h
DetectSslVersionRegister
void DetectSslVersionRegister(void)
Registration function for keyword: ssl_version.
Definition: detect-ssl-version.c:67
DetectModbusRegister
void DetectModbusRegister(void)
Registration function for Modbus keyword.
Definition: detect-modbus.c:127
DetectMQTTPublishMessageRegister
void DetectMQTTPublishMessageRegister(void)
Definition: detect-mqtt-publish-message.c:72
detect-mqtt-protocol-version.h
SIGMATCH_NOOPT
#define SIGMATCH_NOOPT
Definition: detect.h:1421
detect-tls-cert-serial.h
DetectTransformCompressWhitespaceRegister
void DetectTransformCompressWhitespaceRegister(void)
Definition: detect-transform-compress-whitespace.c:45
detect-csum.h
detect-transform-sha1.h
app-layer-smtp.h
DetectNocaseRegister
void DetectNocaseRegister(void)
Definition: detect-nocase.c:39
detect-mqtt-connect-flags.h
coverage_unittests
int coverage_unittests
Definition: suricata.c:874
detect-transform-urldecode.h
DetectTemplateRustBufferRegister
void DetectTemplateRustBufferRegister(void)
Definition: detect-template-rust-buffer.c:55
detect-ike-chosen-sa.h
detect-distance.h
flow.h
DetectBase64DecodeRegister
void DetectBase64DecodeRegister(void)
Definition: detect-base64-decode.c:48
detect-ipaddr.h
DetectFilenameRegister
void DetectFilenameRegister(void)
Registration function for keyword: filename.
Definition: detect-filename.c:87
detect-ike-key-exchange-payload-length.h
DetectMQTTConnectWillTopicRegister
void DetectMQTTConnectWillTopicRegister(void)
Definition: detect-mqtt-connect-willtopic.c:72
DetectIPRepRegister
void DetectIPRepRegister(void)
Definition: detect-iprep.c:63
DetectIkeChosenSaRegister
void DetectIkeChosenSaRegister(void)
Registration function for ike.ChosenSa keyword.
Definition: detect-ike-chosen-sa.c:66
detect-engine-dcepayload.h
DetectIkeKeyExchangePayloadLengthRegister
void DetectIkeKeyExchangePayloadLengthRegister(void)
Registration function for ike.key_exchange_payload_length keyword.
Definition: detect-ike-key-exchange-payload-length.c:49
detect-config.h
detect-cipservice.h
SC_WARN_NO_UNITTESTS
@ SC_WARN_NO_UNITTESTS
Definition: util-error.h:266
DetectTransformMd5Register
void DetectTransformMd5Register(void)
Definition: detect-transform-md5.c:44
DetectFtpdataRegister
void DetectFtpdataRegister(void)
Registration function for ftpcommand: keyword.
Definition: detect-ftpdata.c:59
DetectHttpMethodRegister
void DetectHttpMethodRegister(void)
Registration function for keyword: http_method.
Definition: detect-http-method.c:79
SIGMATCH_IPONLY_COMPAT
#define SIGMATCH_IPONLY_COMPAT
Definition: detect.h:1423
DetectTtlRegister
void DetectTtlRegister(void)
Registration function for ttl: keyword.
Definition: detect-ttl.c:54
DetectTemplate2Register
void DetectTemplate2Register(void)
Registration function for template2: keyword.
Definition: detect-template2.c:51
DetectTlsSubjectRegister
void DetectTlsSubjectRegister(void)
Registration function for keyword: tls.cert_subject.
Definition: detect-tls-cert-subject.c:68
detect-http-stat-msg.h
DetectPcreRegister
void DetectPcreRegister(void)
Definition: detect-pcre.c:96
DetectClasstypeRegister
void DetectClasstypeRegister(void)
Registers the handler functions for the "Classtype" keyword.
Definition: detect-classtype.c:51
detect-engine-address.h
detect-dce-opnum.h
util-threshold-config.h
detect-snmp-pdu_type.h
SigTableList
int SigTableList(const char *keyword)
Definition: detect-engine-register.c:378
detect-snmp-community.h
SigTableElmt_::RegisterTests
void(* RegisterTests)(void)
Definition: detect.h:1227
detect-engine-threshold.h
DetectIsdataatRegister
void DetectIsdataatRegister(void)
Registration function for isdataat: keyword.
Definition: detect-isdataat.c:67
detect-icmp-seq.h
detect-bytemath.h
app-layer.h
detect-bytetest.h
detect-template-buffer.h
DetectFileMd5Register
void DetectFileMd5Register(void)
Registration function for keyword: filemd5.
Definition: detect-filemd5.c:44
DetectHttpRawHeaderRegister
void DetectHttpRawHeaderRegister(void)
Registers the keyword handlers for the "http_raw_header" keyword.
Definition: detect-http-raw-header.c:80
DetectTransformXorRegister
void DetectTransformXorRegister(void)
Definition: detect-transform-xor.c:45
detect-filesha256.h
DetectFrameRegister
void DetectFrameRegister(void)
Registration function for keyword: ja3_hash.
Definition: detect-frame.c:182
detect-msg.h