detect-engine-register_8c_source.html

 /* Copyright (C) 2007-2017 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
  * Software Foundation.
  *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
  *
  * You should have received a copy of the GNU General Public License
  * version 2 along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  * 02110-1301, USA.
  */

 /**
  * \file
  *
  * \author Victor Julien <victor@inliniac.net>
  */

 #include "suricata-common.h"
 #include "suricata.h"
 #include "debug.h"
 #include "detect.h"
 #include "flow.h"
 #include "flow-private.h"
 #include "flow-bit.h"

 #include "detect-parse.h"
 #include "detect-engine.h"
 #include "detect-engine-profile.h"

 #include "detect-engine-alert.h"
 #include "detect-engine-siggroup.h"
 #include "detect-engine-address.h"
 #include "detect-engine-proto.h"
 #include "detect-engine-port.h"
 #include "detect-engine-mpm.h"
 #include "detect-engine-iponly.h"
 #include "detect-engine-threshold.h"
 #include "detect-engine-prefilter.h"

 #include "detect-engine-payload.h"
 #include "detect-engine-dcepayload.h"
 #include "detect-dns-query.h"
 #include "detect-tls-sni.h"
 #include "detect-tls-certs.h"
 #include "detect-tls-cert-fingerprint.h"
 #include "detect-tls-cert-issuer.h"
 #include "detect-tls-cert-subject.h"
 #include "detect-tls-cert-serial.h"
 #include "detect-tls-ja3-hash.h"
 #include "detect-tls-ja3-string.h"
 #include "detect-tls-ja3s-hash.h"
 #include "detect-tls-ja3s-string.h"
 #include "detect-engine-state.h"
 #include "detect-engine-analyzer.h"

 #include "detect-http-cookie.h"
 #include "detect-http-method.h"
 #include "detect-http-ua.h"
 #include "detect-http-host.h"

 #include "detect-nfs-procedure.h"
 #include "detect-nfs-version.h"

 #include "detect-engine-event.h"
 #include "decode.h"

 #include "detect-smb-share.h"

 #include "detect-base64-decode.h"
 #include "detect-base64-data.h"
 #include "detect-ipopts.h"
 #include "detect-tcp-flags.h"
 #include "detect-fragbits.h"
 #include "detect-fragoffset.h"
 #include "detect-gid.h"
 #include "detect-tcp-ack.h"
 #include "detect-tcp-seq.h"
 #include "detect-content.h"
 #include "detect-uricontent.h"
 #include "detect-pcre.h"
 #include "detect-depth.h"
 #include "detect-nocase.h"
 #include "detect-rawbytes.h"
 #include "detect-bytetest.h"
 #include "detect-bytejump.h"
 #include "detect-sameip.h"
 #include "detect-l3proto.h"
 #include "detect-ipproto.h"
 #include "detect-within.h"
 #include "detect-distance.h"
 #include "detect-offset.h"
 #include "detect-sid.h"
 #include "detect-prefilter.h"
 #include "detect-priority.h"
 #include "detect-classtype.h"
 #include "detect-reference.h"
 #include "detect-tag.h"
 #include "detect-threshold.h"
 #include "detect-metadata.h"
 #include "detect-msg.h"
 #include "detect-rev.h"
 #include "detect-flow.h"
 #include "detect-tcp-window.h"
 #include "detect-ftpbounce.h"
 #include "detect-isdataat.h"
 #include "detect-id.h"
 #include "detect-rpc.h"
 #include "detect-asn1.h"
 #include "detect-filename.h"
 #include "detect-fileext.h"
 #include "detect-filestore.h"
 #include "detect-filemagic.h"
 #include "detect-filemd5.h"
 #include "detect-filesha1.h"
 #include "detect-filesha256.h"
 #include "detect-filesize.h"
 #include "detect-dsize.h"
 #include "detect-flowvar.h"
 #include "detect-flowint.h"
 #include "detect-pktvar.h"
 #include "detect-noalert.h"
 #include "detect-flowbits.h"
 #include "detect-hostbits.h"
 #include "detect-xbits.h"
 #include "detect-csum.h"
 #include "detect-stream_size.h"
 #include "detect-engine-sigorder.h"
 #include "detect-ttl.h"
 #include "detect-fast-pattern.h"
 #include "detect-itype.h"
 #include "detect-icode.h"
 #include "detect-icmp-id.h"
 #include "detect-icmp-seq.h"
 #include "detect-dce-iface.h"
 #include "detect-dce-opnum.h"
 #include "detect-dce-stub-data.h"
 #include "detect-urilen.h"
 #include "detect-bsize.h"
 #include "detect-detection-filter.h"
 #include "detect-http-client-body.h"
 #include "detect-http-server-body.h"
 #include "detect-http-header.h"
 #include "detect-http-header-names.h"
 #include "detect-http-headers.h"
 #include "detect-http-raw-header.h"
 #include "detect-http-uri.h"
 #include "detect-http-protocol.h"
 #include "detect-http-start.h"
 #include "detect-http-stat-msg.h"
 #include "detect-http-request-line.h"
 #include "detect-http-response-line.h"
 #include "detect-byte-extract.h"
 #include "detect-file-data.h"
 #include "detect-pkt-data.h"
 #include "detect-replace.h"
 #include "detect-tos.h"
 #include "detect-app-layer-event.h"
 #include "detect-lua.h"
 #include "detect-iprep.h"
 #include "detect-geoip.h"
 #include "detect-app-layer-protocol.h"
 #include "detect-template.h"
 #include "detect-template2.h"
 #include "detect-tcphdr.h"
 #include "detect-tcpmss.h"
 #include "detect-udphdr.h"
 #include "detect-krb5-cname.h"
 #include "detect-krb5-errcode.h"
 #include "detect-krb5-msgtype.h"
 #include "detect-krb5-sname.h"
 #include "detect-target.h"
 #include "detect-template-rust-buffer.h"
 #include "detect-snmp-version.h"
 #include "detect-snmp-community.h"
 #include "detect-snmp-pdu_type.h"
 #include "detect-template-buffer.h"
 #include "detect-bypass.h"
 #include "detect-ftpdata.h"
 #include "detect-engine-content-inspection.h"

 #include "detect-transform-compress-whitespace.h"
 #include "detect-transform-strip-whitespace.h"
 #include "detect-transform-md5.h"
 #include "detect-transform-sha1.h"
 #include "detect-transform-sha256.h"

 #include "util-rule-vars.h"

 #include "app-layer.h"
 #include "app-layer-protos.h"
 #include "app-layer-htp.h"
 #include "app-layer-smtp.h"
 #include "app-layer-template.h"
 #include "detect-tls.h"
 #include "detect-tls-cert-validity.h"
 #include "detect-tls-version.h"
 #include "detect-ssh-proto.h"
 #include "detect-ssh-proto-version.h"
 #include "detect-ssh-software.h"
 #include "detect-ssh-software-version.h"
 #include "detect-http-stat-code.h"
 #include "detect-ssl-version.h"
 #include "detect-ssl-state.h"
 #include "detect-modbus.h"
 #include "detect-cipservice.h"
 #include "detect-dnp3.h"

 #include "action-globals.h"
 #include "tm-threads.h"

 #include "pkt-var.h"

 #include "conf.h"
 #include "conf-yaml-loader.h"

 #include "stream-tcp.h"
 #include "stream-tcp-inline.h"

 #include "util-lua.h"
 #include "util-var-name.h"
 #include "util-classification-config.h"
 #include "util-threshold-config.h"
 #include "util-print.h"
 #include "util-unittest.h"
 #include "util-unittest-helper.h"
 #include "util-debug.h"
 #include "util-hashlist.h"
 #include "util-privs.h"
 #include "util-profiling.h"
 #include "util-validate.h"
 #include "util-optimize.h"
 #include "util-path.h"
 #include "util-mpm-ac.h"
 #include "runmodes.h"

 static void PrintFeatureList(const SigTableElmt *e, char sep)
 {
     const uint16_t flags = e->flags;

     int prev = 0;
     if (flags & SIGMATCH_NOOPT) {
         printf("No option");
         prev = 1;
     }
     if (flags & SIGMATCH_IPONLY_COMPAT) {
         if (prev == 1)
             printf("%c", sep);
         printf("compatible with IP only rule");
         prev = 1;
     }
     if (flags & SIGMATCH_DEONLY_COMPAT) {
         if (prev == 1)
             printf("%c", sep);
         printf("compatible with decoder event only rule");
         prev = 1;
     }
     if (flags & SIGMATCH_INFO_CONTENT_MODIFIER) {
         if (prev == 1)
             printf("%c", sep);
         printf("content modifier");
         prev = 1;
     }
     if (flags & SIGMATCH_INFO_STICKY_BUFFER) {
         if (prev == 1)
             printf("%c", sep);
         printf("sticky buffer");
         prev = 1;
     }
     if (e->Transform) {
         if (prev == 1)
             printf("%c", sep);
         printf("transform");
         prev = 1;
     }
     if (e->SupportsPrefilter) {
         if (prev == 1)
             printf("%c", sep);
         printf("prefilter");
         prev = 1;
     }
     if (prev == 0) {
         printf("none");
     }
 }

 static void SigMultilinePrint(int i, const char *prefix)
 {
     if (sigmatch_table[i].desc) {
         printf("%sDescription: %s\n", prefix, sigmatch_table[i].desc);
     }
     printf("%sFeatures: ", prefix);
     PrintFeatureList(&sigmatch_table[i], ',');
     if (sigmatch_table[i].url) {
         printf("\n%sDocumentation: %s", prefix, sigmatch_table[i].url);
     }
     if (sigmatch_table[i].alternative) {
         printf("\n%sReplaced by: %s", prefix, sigmatch_table[sigmatch_table[i].alternative].name);
     }
     printf("\n");
 }

 void SigTableList(const char *keyword)
 {
     size_t size = sizeof(sigmatch_table) / sizeof(SigTableElmt);
     size_t i;

     if (keyword == NULL) {
         printf("=====Supported keywords=====\n");
         for (i = 0; i < size; i++) {
             const char *name = sigmatch_table[i].name;
             if (name != NULL && strlen(name) > 0) {
                 if (name[0] == '_' || strcmp(name, "template") == 0)
                     continue;

                 if (sigmatch_table[i].flags & SIGMATCH_NOT_BUILT) {
                     printf("- %s (not built-in)\n", name);
                 } else {
                     printf("- %s\n", name);
                 }
             }
         }
     } else if (strcmp("csv", keyword) == 0) {
         printf("name;description;app layer;features;documentation\n");
         for (i = 0; i < size; i++) {
             const char *name = sigmatch_table[i].name;
             if (name != NULL && strlen(name) > 0) {
                 if (sigmatch_table[i].flags & SIGMATCH_NOT_BUILT) {
                     continue;
                 }
                 if (name[0] == '_' || strcmp(name, "template") == 0)
                     continue;

                 printf("%s;", name);
                 if (sigmatch_table[i].desc) {
                     printf("%s", sigmatch_table[i].desc);
                 }
                 /* Build feature */
                 printf(";Unset;"); // this used to be alproto
                 PrintFeatureList(&sigmatch_table[i], ':');
                 printf(";");
                 if (sigmatch_table[i].url) {
                     printf("%s", sigmatch_table[i].url);
                 }
                 printf(";");
                 printf("\n");
             }
         }
     } else if (strcmp("all", keyword) == 0) {
         for (i = 0; i < size; i++) {
             const char *name = sigmatch_table[i].name;
             if (name != NULL && strlen(name) > 0) {
                 if (name[0] == '_' || strcmp(name, "template") == 0)
                     continue;
                 printf("%s:\n", sigmatch_table[i].name);
                 SigMultilinePrint(i, "\t");
             }
         }
     } else {
         for (i = 0; i < size; i++) {
             if ((sigmatch_table[i].name != NULL) &&
                 strcmp(sigmatch_table[i].name, keyword) == 0) {
                 printf("= %s =\n", sigmatch_table[i].name);
                 if (sigmatch_table[i].flags & SIGMATCH_NOT_BUILT) {
                     printf("Not built-in\n");
                     return;
                 }
                 SigMultilinePrint(i, "");
                 return;
             }
         }
     }
     return;
 }

 void SigTableSetup(void)
 {
     memset(sigmatch_table, 0, sizeof(sigmatch_table));

     DetectSidRegister();
     DetectPriorityRegister();
     DetectPrefilterRegister();
     DetectRevRegister();
     DetectClasstypeRegister();
     DetectReferenceRegister();
     DetectTagRegister();
     DetectThresholdRegister();
     DetectMetadataRegister();
     DetectMsgRegister();
     DetectAckRegister();
     DetectSeqRegister();
     DetectContentRegister();
     DetectUricontentRegister();

     /* NOTE: the order of these currently affects inspect
      * engine registration order and ultimately the order
      * of inspect engines in the rule. Which in turn affects
      * state keeping */
     DetectHttpUriRegister();
     DetectHttpRequestLineRegister();
     DetectHttpClientBodyRegister();
     DetectHttpResponseLineRegister();
     DetectHttpServerBodyRegister();
     DetectHttpHeaderRegister();
     DetectHttpHeaderNamesRegister();
     DetectHttpHeadersRegister();
     DetectHttpProtocolRegister();
     DetectHttpStartRegister();
     DetectHttpRawHeaderRegister();
     DetectHttpMethodRegister();
     DetectHttpCookieRegister();

     DetectFilenameRegister();
     DetectFileextRegister();
     DetectFilestoreRegister();
     DetectFilemagicRegister();
     DetectFileMd5Register();
     DetectFileSha1Register();
     DetectFileSha256Register();
     DetectFilesizeRegister();

     DetectHttpUARegister();
     DetectHttpHHRegister();

     DetectHttpStatMsgRegister();
     DetectHttpStatCodeRegister();

     DetectDnsQueryRegister();
     DetectModbusRegister();
     DetectCipServiceRegister();
     DetectEnipCommandRegister();
     DetectDNP3Register();

     DetectTlsSniRegister();
     DetectTlsIssuerRegister();
     DetectTlsSubjectRegister();
     DetectTlsSerialRegister();
     DetectTlsFingerprintRegister();
     DetectTlsCertsRegister();

     DetectTlsJa3HashRegister();
     DetectTlsJa3StringRegister();
     DetectTlsJa3SHashRegister();
     DetectTlsJa3SStringRegister();

     DetectAppLayerEventRegister();
     /* end of order dependent regs */

     DetectPcreRegister();
     DetectDepthRegister();
     DetectNocaseRegister();
     DetectRawbytesRegister();
     DetectBytetestRegister();
     DetectBytejumpRegister();
     DetectSameipRegister();
     DetectGeoipRegister();
     DetectL3ProtoRegister();
     DetectIPProtoRegister();
     DetectWithinRegister();
     DetectDistanceRegister();
     DetectOffsetRegister();
     DetectReplaceRegister();
     DetectFlowRegister();
     DetectWindowRegister();
     DetectRpcRegister();
     DetectFtpbounceRegister();
     DetectFtpdataRegister();
     DetectIsdataatRegister();
     DetectIdRegister();
     DetectDsizeRegister();
     DetectFlowvarRegister();
     DetectFlowintRegister();
     DetectPktvarRegister();
     DetectNoalertRegister();
     DetectFlowbitsRegister();
     DetectHostbitsRegister();
     DetectXbitsRegister();
     DetectEngineEventRegister();
     DetectIpOptsRegister();
     DetectFlagsRegister();
     DetectFragBitsRegister();
     DetectFragOffsetRegister();
     DetectGidRegister();
     DetectMarkRegister();
     DetectCsumRegister();
     DetectStreamSizeRegister();
     DetectTtlRegister();
     DetectTosRegister();
     DetectFastPatternRegister();
     DetectITypeRegister();
     DetectICodeRegister();
     DetectIcmpIdRegister();
     DetectIcmpSeqRegister();
     DetectDceIfaceRegister();
     DetectDceOpnumRegister();
     DetectDceStubDataRegister();
     DetectSmbNamedPipeRegister();
     DetectSmbShareRegister();
     DetectTlsRegister();
     DetectTlsValidityRegister();
     DetectTlsVersionRegister();
     DetectNfsProcedureRegister();
     DetectNfsVersionRegister();
     DetectUrilenRegister();
     DetectBsizeRegister();
     DetectDetectionFilterRegister();
     DetectAsn1Register();
     DetectSshProtocolRegister();
     DetectSshVersionRegister();
     DetectSshSoftwareRegister();
     DetectSshSoftwareVersionRegister();
     DetectSslStateRegister();
     DetectSslVersionRegister();
     DetectByteExtractRegister();
     DetectFiledataRegister();
     DetectPktDataRegister();
     DetectLuaRegister();
     DetectIPRepRegister();
     DetectAppLayerProtocolRegister();
     DetectBase64DecodeRegister();
     DetectBase64DataRegister();
     DetectTemplateRegister();
     DetectTemplate2Register();
     DetectTcphdrRegister();
     DetectUdphdrRegister();
     DetectTcpmssRegister();
     DetectKrb5CNameRegister();
     DetectKrb5ErrCodeRegister();
     DetectKrb5MsgTypeRegister();
     DetectKrb5SNameRegister();
     DetectTargetRegister();
     DetectTemplateRustBufferRegister();
     DetectSNMPVersionRegister();
     DetectSNMPCommunityRegister();
     DetectSNMPPduTypeRegister();
     DetectTemplateBufferRegister();
     DetectBypassRegister();

     DetectTransformCompressWhitespaceRegister();
     DetectTransformStripWhitespaceRegister();
     DetectTransformMd5Register();
     DetectTransformSha1Register();
     DetectTransformSha256Register();

     /* close keyword registration */
     DetectBufferTypeCloseRegistration();
 }

 void SigTableRegisterTests(void)
 {
     /* register the tests */
     int i = 0;
     for (i = 0; i < DETECT_TBLSIZE; i++) {
         g_ut_modules++;
         if (sigmatch_table[i].RegisterTests != NULL) {
             sigmatch_table[i].RegisterTests();
             g_ut_covered++;
         } else {
             SCLogDebug("detection plugin %s has no unittest "
                    "registration function.", sigmatch_table[i].name);

             if (coverage_unittests)
                 SCLogWarning(SC_WARN_NO_UNITTESTS, "detection plugin %s has no unittest "
                         "registration function.", sigmatch_table[i].name);
         }
     }
 }
DetectAsn1Register
void DetectAsn1Register(void)
Registration function for asn1.
Definition: detect-asn1.c:54

DetectContentRegister
void DetectContentRegister(void)
Definition: detect-content.c:55

DetectDceIfaceRegister
void DetectDceIfaceRegister(void)
Registers the keyword handlers for the "dce_iface" keyword.
Definition: detect-dce-iface.c:76

DetectFileMd5Register
void DetectFileMd5Register(void)
Registration function for keyword: filemd5.
Definition: detect-filemd5.c:45

detect-dns-query.h

DetectGidRegister
void DetectGidRegister(void)
Registration function for gid: keyword.
Definition: detect-gid.c:45

detect-http-stat-msg.h

detect-filesha1.h

detect-isdataat.h

DetectFastPatternRegister
void DetectFastPatternRegister(void)
Registration function for fast_pattern keyword.
Definition: detect-fast-pattern.c:161

DetectTcpmssRegister
void DetectTcpmssRegister(void)
Registration function for tcpmss: keyword.
Definition: detect-tcpmss.c:56

DetectTlsSubjectRegister
void DetectTlsSubjectRegister(void)
Registration function for keyword: tls.cert_subject.
Definition: detect-tls-cert-subject.c:70

SigTableSetup
void SigTableSetup(void)
Definition: detect-engine-register.c:381

detect-engine-payload.h

detect-prefilter.h

detect-app-layer-protocol.h

sigmatch_table
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
Definition: detect.h:1431

pkt-var.h

flags
uint16_t flags
Definition: app-layer-dns-common.h:269

detect-filestore.h

detect-bytejump.h

DetectTlsSerialRegister
void DetectTlsSerialRegister(void)
Registration function for keyword: tls.cert_serial.
Definition: detect-tls-cert-serial.c:74

SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:335

detect-content.h

DetectRawbytesRegister
void DetectRawbytesRegister(void)
Definition: detect-rawbytes.c:43

util-hashlist.h

detect-bsize.h

detect-icmp-id.h

detect-engine-profile.h

detect-krb5-msgtype.h

DetectSNMPPduTypeRegister
void DetectSNMPPduTypeRegister(void)
Definition: detect-snmp-pdu_type.c:65

DetectTtlRegister
void DetectTtlRegister(void)
Registration function for ttl: keyword.
Definition: detect-ttl.c:60

detect-http-protocol.h

DetectSidRegister
void DetectSidRegister(void)
Definition: detect-sid.c:38

detect-within.h

detect-http-client-body.h

detect-dnp3.h

DetectDNP3Register
void DetectDNP3Register(void)
Definition: detect-dnp3.c:581

SC_WARN_NO_UNITTESTS
Definition: util-error.h:266

DetectHttpHeadersRegister
void DetectHttpHeadersRegister(void)
Definition: detect-http-headers.c:29

DetectSmbShareRegister
void DetectSmbShareRegister(void)
Definition: detect-smb-share.c:142

DetectRevRegister
void DetectRevRegister(void)
Definition: detect-rev.c:34

DetectTcphdrRegister
void DetectTcphdrRegister(void)
Registration function for tcphdr: keyword.
Definition: detect-tcphdr.c:45

detect-cipservice.h

detect-tos.h

SIGMATCH_DEONLY_COMPAT
#define SIGMATCH_DEONLY_COMPAT
Definition: detect.h:1358

DetectTemplateBufferRegister
void DetectTemplateBufferRegister(void)
Definition: detect-template-buffer.c:53

detect-tcphdr.h

detect-flowbits.h

DetectBytetestRegister
void DetectBytetestRegister(void)
Definition: detect-bytetest.c:71

util-classification-config.h

detect-depth.h

detect-tcp-seq.h

DetectFtpdataRegister
void DetectFtpdataRegister(void)
Registration function for ftpcommand: keyword.
Definition: detect-ftpdata.c:63

detect-flowint.h

detect-uricontent.h

SigTableElmt_::SupportsPrefilter
_Bool(* SupportsPrefilter)(const Signature *s)
Definition: detect.h:1172

stream-tcp-inline.h

detect-http-raw-header.h

detect-tls-cert-issuer.h

debug.h

detect-nocase.h

DetectDnsQueryRegister
void DetectDnsQueryRegister(void)
Registration function for keyword: dns_query.
Definition: detect-dns-query.c:207

detect-transform-sha256.h

DetectWindowRegister
void DetectWindowRegister(void)
Registration function for window: keyword.
Definition: detect-tcp-window.c:59

util-rule-vars.h

detect-ipopts.h

detect-fileext.h

DetectTemplateRustBufferRegister
void DetectTemplateRustBufferRegister(void)
Definition: detect-template-rust-buffer.c:44

detect-fast-pattern.h

DetectFileSha1Register
void DetectFileSha1Register(void)
Registration function for keyword: filesha1.
Definition: detect-filesha1.c:46

detect-rawbytes.h

DetectFragBitsRegister
void DetectFragBitsRegister(void)
Registration function for fragbits: keyword.
Definition: detect-fragbits.c:83

DetectRpcRegister
void DetectRpcRegister(void)
Registration function for rpc keyword.
Definition: detect-rpc.c:60

suricata.h

DetectTargetRegister
void DetectTargetRegister(void)
Registration function for target keyword.
Definition: detect-target.c:50

DetectHttpHHRegister
void DetectHttpHHRegister(void)
Registers the keyword handlers for the "http_host" keyword.
Definition: detect-http-host.c:82

DetectBase64DecodeRegister
void DetectBase64DecodeRegister(void)
Definition: detect-base64-decode.c:39

DetectHttpRequestLineRegister
void DetectHttpRequestLineRegister(void)
Registers the keyword handlers for the "http_request_line" keyword.
Definition: detect-http-request-line.c:74

detect-ssh-proto-version.h

detect-tls-ja3-hash.h

detect-http-headers.h

detect-ssh-proto.h

DetectDepthRegister
void DetectDepthRegister(void)
Definition: detect-depth.c:47

detect-dce-stub-data.h

DetectTransformMd5Register
void DetectTransformMd5Register(void)
Definition: detect-transform-md5.c:43

detect-ftpdata.h

DetectSeqRegister
void DetectSeqRegister(void)
Registration function for ack: keyword.
Definition: detect-tcp-seq.c:51

DetectL3ProtoRegister
void DetectL3ProtoRegister(void)
Registration function for ip_proto keyword.
Definition: detect-l3proto.c:53

detect-engine-sigorder.h

detect-http-request-line.h

DetectDceStubDataRegister
void DetectDceStubDataRegister(void)
Registers the keyword handlers for the "dce_stub_data" keyword.
Definition: detect-dce-stub-data.c:122

SIGMATCH_INFO_CONTENT_MODIFIER
#define SIGMATCH_INFO_CONTENT_MODIFIER
Definition: detect.h:1376

g_ut_covered
int g_ut_covered
Definition: suricata.c:863

DetectSslVersionRegister
void DetectSslVersionRegister(void)
Registration function for keyword: ssl_version.
Definition: detect-ssl-version.c:76

DetectTlsJa3SStringRegister
void DetectTlsJa3SStringRegister(void)
Registration function for keyword: ja3s.string.
Definition: detect-tls-ja3s-string.c:74

DetectHttpHeaderRegister
void DetectHttpHeaderRegister(void)
Registers the keyword handlers for the "http_header" keyword.
Definition: detect-http-header.c:406

DetectHttpClientBodyRegister
void DetectHttpClientBodyRegister(void)
Registers the keyword handlers for the "http_client_body" keyword.
Definition: detect-http-client-body.c:79

detect-pcre.h

detect-modbus.h

SigTableElmt_
element in sigmatch type table.
Definition: detect.h:1151

detect-http-ua.h

DetectHttpStatCodeRegister
void DetectHttpStatCodeRegister(void)
Registration function for keyword: http_stat_code.
Definition: detect-http-stat-code.c:79

detect-engine-prefilter.h

detect-filename.h

detect-ttl.h

DETECT_TBLSIZE
Definition: detect-engine-register.h:250

DetectFileextRegister
void DetectFileextRegister(void)
Registration function for keyword: fileext.
Definition: detect-fileext.c:64

detect-ssh-software.h

SigTableElmt_::name
const char * name
Definition: detect.h:1184

detect-ssh-software-version.h

DetectBufferTypeCloseRegistration
void DetectBufferTypeCloseRegistration(void)
Definition: detect-engine.c:1051

util-unittest.h

DetectHttpHeaderNamesRegister
void DetectHttpHeaderNamesRegister(void)
Registers the keyword handlers for the "http.header_names" keyword.
Definition: detect-http-header-names.c:391

decode.h

DetectIcmpIdRegister
void DetectIcmpIdRegister(void)
Registration function for icode: icmp_id.
Definition: detect-icmp-id.c:57

detect-iprep.h

DetectFlowRegister
void DetectFlowRegister(void)
Registration function for flow: keyword.
Definition: detect-flow.c:64

detect-tls-certs.h

detect-id.h

detect-snmp-community.h

DetectPrefilterRegister
void DetectPrefilterRegister(void)
Definition: detect-prefilter.c:37

DetectFragOffsetRegister
void DetectFragOffsetRegister(void)
Registration function for fragoffset.
Definition: detect-fragoffset.c:59

DetectNoalertRegister
void DetectNoalertRegister(void)
Definition: detect-noalert.c:33

detect-transform-md5.h

detect-tls-ja3-string.h

detect-offset.h

detect-ssl-state.h

detect-tls.h

detect-tcp-window.h

SigTableElmt_::Transform
void(* Transform)(InspectionBuffer *)
Definition: detect.h:1167

flow-bit.h

DetectTlsValidityRegister
void DetectTlsValidityRegister(void)
Registration function for tls validity keywords.
Definition: detect-tls-cert-validity.c:88

detect-icode.h

DetectSslStateRegister
void DetectSslStateRegister(void)
Registers the keyword handlers for the "ssl_state" keyword.
Definition: detect-ssl-state.c:82

detect-target.h

flow.h

detect-detection-filter.h

detect-tls-sni.h

DetectTemplateRegister
void DetectTemplateRegister(void)
Registration function for template: keyword.
Definition: detect-template.c:55

detect-threshold.h

detect-http-header.h

DetectIPRepRegister
void DetectIPRepRegister(void)
Definition: detect-iprep.c:61

util-privs.h

detect-metadata.h

DetectDsizeRegister
void DetectDsizeRegister(void)
Registration function for dsize: keyword.
Definition: detect-dsize.c:65

detect-dce-iface.h

DetectIPProtoRegister
void DetectIPProtoRegister(void)
Registration function for ip_proto keyword.
Definition: detect-ipproto.c:58

DetectPcreRegister
void DetectPcreRegister(void)
Definition: detect-pcre.c:86

detect-app-layer-event.h

DetectKrb5SNameRegister
void DetectKrb5SNameRegister(void)
Definition: detect-krb5-sname.c:193

detect-http-start.h

detect-engine-event.h

detect-tls-cert-fingerprint.h

detect-http-uri.h

SIGMATCH_INFO_STICKY_BUFFER
#define SIGMATCH_INFO_STICKY_BUFFER
Definition: detect.h:1378

detect-distance.h

detect-template.h

DetectUricontentRegister
void DetectUricontentRegister(void)
Registration function for uricontent: keyword.
Definition: detect-uricontent.c:68

DetectFilenameRegister
void DetectFilenameRegister(void)
Registration function for keyword: filename.
Definition: detect-filename.c:78

detect-pktvar.h

detect-engine-iponly.h

DetectIpOptsRegister
void DetectIpOptsRegister(void)
Registration function for ipopts: keyword.
Definition: detect-ipopts.c:55

detect-tls-cert-serial.h

DetectFilesizeRegister
void DetectFilesizeRegister(void)
Registration function for filesize: keyword.
Definition: detect-filesize.c:64

SIGMATCH_NOT_BUILT
#define SIGMATCH_NOT_BUILT
Definition: detect.h:1360

runmodes.h

util-lua.h

detect-engine-state.h
Data structures and function prototypes for keeping state for the detection engine.

detect-tcp-flags.h

detect-ssl-version.h

DetectPktDataRegister
void DetectPktDataRegister(void)
Registration function for keyword: file_data.
Definition: detect-pkt-data.c:52

DetectOffsetRegister
void DetectOffsetRegister(void)
Definition: detect-offset.c:45

util-debug.h

DetectITypeRegister
void DetectITypeRegister(void)
Registration function for itype: keyword.
Definition: detect-itype.c:61

SigTableRegisterTests
void SigTableRegisterTests(void)
Definition: detect-engine-register.c:554

DetectSshSoftwareRegister
void DetectSshSoftwareRegister(void)
Definition: detect-ssh-software.c:105

DetectFileSha256Register
void DetectFileSha256Register(void)
Registration function for keyword: filesha256.
Definition: detect-filesha256.c:46

DetectAckRegister
void DetectAckRegister(void)
Registration function for ack: keyword.
Definition: detect-tcp-ack.c:54

detect-sameip.h

DetectKrb5ErrCodeRegister
void DetectKrb5ErrCodeRegister(void)
Definition: detect-krb5-errcode.c:270

DetectPriorityRegister
void DetectPriorityRegister(void)
Registers the handler functions for the "priority" keyword.
Definition: detect-priority.c:48

util-unittest-helper.h

detect-asn1.h

DetectLuaRegister
void DetectLuaRegister(void)
Registration function for keyword: lua.
Definition: detect-lua.c:74

DetectWithinRegister
void DetectWithinRegister(void)
Definition: detect-within.c:51

detect-bytetest.h

app-layer-protos.h

DetectDetectionFilterRegister
void DetectDetectionFilterRegister(void)
Registration function for detection_filter: keyword.
Definition: detect-detection-filter.c:63

DetectBase64DataRegister
void DetectBase64DataRegister(void)
Definition: detect-base64-data.c:30

detect-engine-mpm.h

DetectFiledataRegister
void DetectFiledataRegister(void)
Registration function for keyword: file_data.
Definition: detect-file-data.c:81

DetectGeoipRegister
void DetectGeoipRegister(void)
Registration function for geoip keyword (no libgeoip support)
Definition: detect-geoip.c:52

detect-nfs-procedure.h

DetectBytejumpRegister
void DetectBytejumpRegister(void)
Definition: detect-bytejump.c:70

DetectTlsFingerprintRegister
void DetectTlsFingerprintRegister(void)
Registration function for keyword: tls.cert_fingerprint.
Definition: detect-tls-cert-fingerprint.c:74

suricata-common.h

detect-base64-decode.h

detect-urilen.h

detect-l3proto.h

detect-engine-siggroup.h

detect-template-buffer.h

DetectHttpUARegister
void DetectHttpUARegister(void)
Registers the keyword handlers for the "http_user_agent" keyword.
Definition: detect-http-ua.c:76

DetectDceOpnumRegister
void DetectDceOpnumRegister(void)
Registers the keyword handlers for the "dce_opnum" keyword.
Definition: detect-dce-opnum.c:71

detect-engine.h

DetectReplaceRegister
void DetectReplaceRegister(void)
Definition: detect-replace.c:69

detect-tls-version.h

detect-tls-cert-subject.h

detect-http-header-names.h

detect-tls-ja3s-string.h

util-print.h

DetectUdphdrRegister
void DetectUdphdrRegister(void)
Registration function for tcphdr: keyword.
Definition: detect-udphdr.c:45

detect-classtype.h

DetectHttpResponseLineRegister
void DetectHttpResponseLineRegister(void)
Registers the keyword handlers for the "http_response_line" keyword.
Definition: detect-http-response-line.c:74

DetectHttpMethodRegister
void DetectHttpMethodRegister(void)
Registration function for keyword: http_method.
Definition: detect-http-method.c:77

detect-template-rust-buffer.h

DetectSshVersionRegister
void DetectSshVersionRegister(void)
Registration function for keyword: ssh.protoversion.
Definition: detect-ssh-proto-version.c:76

DetectTransformSha1Register
void DetectTransformSha1Register(void)
Definition: detect-transform-sha1.c:43

detect-file-data.h

SCLogWarning
#define SCLogWarning(err_code,...)
Macro used to log WARNING messages.
Definition: util-debug.h:281

DetectNfsVersionRegister
void DetectNfsVersionRegister(void)
Registration function for nfs_procedure keyword.
Definition: detect-nfs-version.c:91

detect-base64-data.h

DetectXbitsRegister
void DetectXbitsRegister(void)
Definition: detect-xbits.c:65

util-mpm-ac.h

DetectTransformCompressWhitespaceRegister
void DetectTransformCompressWhitespaceRegister(void)
Definition: detect-transform-compress-whitespace.c:42

detect-stream_size.h

DetectTosRegister
void DetectTosRegister(void)
Register Tos keyword.
Definition: detect-tos.c:63

detect-transform-sha1.h

DetectTlsCertsRegister
void DetectTlsCertsRegister(void)
Registration function for keyword: tls.certs.
Definition: detect-tls-certs.c:87

DetectHttpRawHeaderRegister
void DetectHttpRawHeaderRegister(void)
Registers the keyword handlers for the "http_raw_header" keyword.
Definition: detect-http-raw-header.c:76

detect-krb5-cname.h

detect-udphdr.h

detect-krb5-sname.h

DetectHttpProtocolRegister
void DetectHttpProtocolRegister(void)
Registers the keyword handlers for the "http.protocol" keyword.
Definition: detect-http-protocol.c:122

detect-msg.h

detect-ftpbounce.h

util-path.h

DetectMarkRegister
void DetectMarkRegister(void)
Registration function for nfq_set_mark: keyword.
Definition: detect-mark.c:54

DetectTlsSniRegister
void DetectTlsSniRegister(void)
Registration function for keyword: tls.sni.
Definition: detect-tls-sni.c:70

detect-template2.h

stream-tcp.h

DetectTagRegister
void DetectTagRegister(void)
Registration function for keyword tag.
Definition: detect-tag.c:69

detect-fragoffset.h

detect-krb5-errcode.h

coverage_unittests
int coverage_unittests
Definition: suricata.c:861

DetectFtpbounceRegister
void DetectFtpbounceRegister(void)
Registration function for ftpbounce: keyword.
Definition: detect-ftpbounce.c:68

app-layer-htp.h

detect-http-server-body.h

detect-transform-strip-whitespace.h

g_ut_modules
int g_ut_modules
Definition: suricata.c:862

DetectTlsJa3HashRegister
void DetectTlsJa3HashRegister(void)
Registration function for keyword: ja3_hash.
Definition: detect-tls-ja3-hash.c:78

detect-parse.h

detect-bypass.h

DetectKrb5MsgTypeRegister
void DetectKrb5MsgTypeRegister(void)
Definition: detect-krb5-msgtype.c:267

detect-filemd5.h

detect-smb-share.h

detect-engine-address.h

detect-gid.h

util-profiling.h

DetectEnipCommandRegister
void DetectEnipCommandRegister(void)
Registration function for enip_command: keyword.
Definition: detect-cipservice.c:304

detect-engine-threshold.h

DetectTlsJa3SHashRegister
void DetectTlsJa3SHashRegister(void)
Registration function for keyword: ja3s.hash.
Definition: detect-tls-ja3s-hash.c:78

detect-sid.h

util-var-name.h

detect-engine-proto.h

DetectAppLayerEventRegister
void DetectAppLayerEventRegister(void)
Registers the keyword handlers for the "app-layer-event" keyword.
Definition: detect-app-layer-event.c:66

DetectCsumRegister
void DetectCsumRegister(void)
Registers handlers for all the checksum keywords. The checksum keywords that are registered are ipv4-...
Definition: detect-csum.c:128

DetectReferenceRegister
void DetectReferenceRegister(void)
Registration function for the reference: keyword.
Definition: detect-reference.c:56

DetectBsizeRegister
void DetectBsizeRegister(void)
Registration function for bsize: keyword.
Definition: detect-bsize.c:50

detect-engine-content-inspection.h

DetectSNMPVersionRegister
void DetectSNMPVersionRegister(void)
Registration function for snmp.procedure keyword.
Definition: detect-snmp-version.c:77

DetectTlsJa3StringRegister
void DetectTlsJa3StringRegister(void)
Registration function for keyword: ja3.string.
Definition: detect-tls-ja3-string.c:74

SIGMATCH_NOOPT
#define SIGMATCH_NOOPT
Definition: detect.h:1354

DetectHttpStatMsgRegister
void DetectHttpStatMsgRegister(void)
Registration function for keyword: http_stat_msg.
Definition: detect-http-stat-msg.c:79

detect-itype.h

DetectTlsRegister
void DetectTlsRegister(void)
Registration function for keyword: tls.version.
Definition: detect-tls.c:116

DetectHostbitsRegister
void DetectHostbitsRegister(void)
Definition: detect-hostbits.c:77

detect-priority.h

DetectMetadataRegister
void DetectMetadataRegister(void)
Definition: detect-metadata.c:40

detect-tls-ja3s-hash.h

DetectICodeRegister
void DetectICodeRegister(void)
Registration function for icode: keyword.
Definition: detect-icode.c:61

detect-engine-dcepayload.h

DetectAppLayerProtocolRegister
void DetectAppLayerProtocolRegister(void)
Definition: detect-app-layer-protocol.c:258

util-validate.h

DetectFilemagicRegister
void DetectFilemagicRegister(void)
Registration function for keyword: filemagic.
Definition: detect-filemagic.c:70

DetectDistanceRegister
void DetectDistanceRegister(void)
Definition: detect-distance.c:53

DetectByteExtractRegister
void DetectByteExtractRegister(void)
Registers the keyword handlers for the "byte_extract" keyword.
Definition: detect-byte-extract.c:99

DetectBypassRegister
void DetectBypassRegister(void)
Registration function for keyword: bypass.
Definition: detect-bypass.c:61

DetectTransformSha256Register
void DetectTransformSha256Register(void)
Definition: detect-transform-sha256.c:43

detect-replace.h

detect-filemagic.h

detect-flow.h

DetectTlsIssuerRegister
void DetectTlsIssuerRegister(void)
Registration function for keyword: tls.cert_issuer.
Definition: detect-tls-cert-issuer.c:70

detect-xbits.h

detect-hostbits.h

detect-ipproto.h

DetectTemplate2Register
void DetectTemplate2Register(void)
Registration function for template2: keyword.
Definition: detect-template2.c:56

DetectModbusRegister
void DetectModbusRegister(void)
Registration function for Modbus keyword.
Definition: detect-modbus.c:516

detect-byte-extract.h

DetectPktvarRegister
void DetectPktvarRegister(void)
Definition: detect-pktvar.c:47

detect-tls-cert-validity.h

detect-http-method.h

detect-csum.h

DetectHttpUriRegister
void DetectHttpUriRegister(void)
Registration function for keywords: http_uri and http.uri.
Definition: detect-http-uri.c:88

SIGMATCH_IPONLY_COMPAT
#define SIGMATCH_IPONLY_COMPAT
Definition: detect.h:1356

DetectEngineEventRegister
void DetectEngineEventRegister(void)
Registration function for decode-event: keyword.
Definition: detect-engine-event.c:62

DetectNfsProcedureRegister
void DetectNfsProcedureRegister(void)
Registration function for nfs_procedure keyword.
Definition: detect-nfs-procedure.c:91

SigTableList
void SigTableList(const char *keyword)
Definition: detect-engine-register.c:308

DetectNocaseRegister
void DetectNocaseRegister(void)
Definition: detect-nocase.c:38

DetectThresholdRegister
void DetectThresholdRegister(void)
Registration function for threshold: keyword.
Definition: detect-threshold.c:76

flow-private.h

DetectSshSoftwareVersionRegister
void DetectSshSoftwareVersionRegister(void)
Registration function for keyword: ssh.softwareversion.
Definition: detect-ssh-software-version.c:90

DetectFlowbitsRegister
void DetectFlowbitsRegister(void)
Definition: detect-flowbits.c:58

DetectTransformStripWhitespaceRegister
void DetectTransformStripWhitespaceRegister(void)
Definition: detect-transform-strip-whitespace.c:42

DetectIsdataatRegister
void DetectIsdataatRegister(void)
Registration function for isdataat: keyword.
Definition: detect-isdataat.c:67

detect-tcpmss.h

DetectHttpCookieRegister
void DetectHttpCookieRegister(void)
Registration function for keyword: http_cookie.
Definition: detect-http-cookie.c:83

detect-lua.h

app-layer.h

DetectUrilenRegister
void DetectUrilenRegister(void)
Registration function for urilen: keyword.
Definition: detect-urilen.c:65

DetectHttpStartRegister
void DetectHttpStartRegister(void)
Registers the keyword handlers for the "http_header" keyword.
Definition: detect-http-start.c:375

detect-snmp-version.h

app-layer-smtp.h

detect-engine-alert.h

detect-pkt-data.h

detect-filesize.h

util-threshold-config.h

detect-snmp-pdu_type.h

tm-threads.h

detect-dce-opnum.h

detect-fragbits.h

detect-rev.h

detect-tag.h

DetectMsgRegister
void DetectMsgRegister(void)
Definition: detect-msg.c:40

detect-icmp-seq.h

DetectKrb5CNameRegister
void DetectKrb5CNameRegister(void)
Definition: detect-krb5-cname.c:193

SigTableElmt_::flags
uint16_t flags
Definition: detect.h:1178

detect-transform-compress-whitespace.h

detect-http-stat-code.h

DetectSameipRegister
void DetectSameipRegister(void)
Registration function for sameip: keyword.
Definition: detect-sameip.c:49

DetectSshProtocolRegister
void DetectSshProtocolRegister(void)
Definition: detect-ssh-proto.c:104

app-layer-template.h

detect-filesha256.h

detect-nfs-version.h

DetectStreamSizeRegister
void DetectStreamSizeRegister(void)
Registration function for stream_size: keyword.
Definition: detect-stream_size.c:57

DetectTlsVersionRegister
void DetectTlsVersionRegister(void)
Registration function for keyword: tls.version.
Definition: detect-tls-version.c:75

detect-dsize.h

detect-http-host.h

detect-http-response-line.h

action-globals.h

SigTableElmt_::RegisterTests
void(* RegisterTests)(void)
Definition: detect.h:1176

DetectSNMPCommunityRegister
void DetectSNMPCommunityRegister(void)
Definition: detect-snmp-community.c:52

util-optimize.h

DetectFlagsRegister
void DetectFlagsRegister(void)
Registration function for flags: keyword.
Definition: detect-tcp-flags.c:73

DetectIcmpSeqRegister
void DetectIcmpSeqRegister(void)
Registration function for icmp_seq.
Definition: detect-icmp-seq.c:57

detect-geoip.h

detect-http-cookie.h

DetectClasstypeRegister
void DetectClasstypeRegister(void)
Registers the handler functions for the "Classtype" keyword.
Definition: detect-classtype.c:51

detect-engine-analyzer.h

DetectFlowvarRegister
void DetectFlowvarRegister(void)
Definition: detect-flowvar.c:55

DetectCipServiceRegister
void DetectCipServiceRegister(void)
Registration function for cip_service: keyword.
Definition: detect-cipservice.c:50

detect-flowvar.h

detect-noalert.h

DetectIdRegister
void DetectIdRegister(void)
Registration function for keyword: id.
Definition: detect-id.c:64

detect-tcp-ack.h

DetectFilestoreRegister
void DetectFilestoreRegister(void)
Registration function for keyword: filestore.
Definition: detect-filestore.c:75

detect-rpc.h

conf.h

detect-engine-port.h

DetectSmbNamedPipeRegister
void DetectSmbNamedPipeRegister(void)
Definition: detect-smb-share.c:79

DetectHttpServerBodyRegister
void DetectHttpServerBodyRegister(void)
Registers the keyword handlers for the "http_server_body" keyword.
Definition: detect-http-server-body.c:72

detect.h

conf-yaml-loader.h

detect-reference.h

DetectFlowintRegister
void DetectFlowintRegister(void)
Definition: detect-flowint.c:62