suricata
Macros | Enumerations | Functions | Variables
detect-engine-register.h File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Macros

#define DETECT_TBLSIZE_STEP   256
 
#define SIGMATCH_NOOPT   (1UL << (0))
 
#define SIGMATCH_IPONLY_COMPAT   (1UL << (1))
 
#define SIGMATCH_DEONLY_COMPAT   (1UL << (2))
 
#define SIGMATCH_OPTIONAL_OPT   (1UL << (3))
 
#define SIGMATCH_QUOTES_OPTIONAL   (1UL << (4))
 
#define SIGMATCH_QUOTES_MANDATORY   (1UL << (5))
 
#define SIGMATCH_HANDLE_NEGATION   (1UL << (6))
 
#define SIGMATCH_INFO_CONTENT_MODIFIER   (1UL << (7))
 
#define SIGMATCH_INFO_STICKY_BUFFER   (1UL << (8))
 
#define SIGMATCH_INFO_DEPRECATED   (1UL << (9))
 
#define SIGMATCH_STRICT_PARSING   (1UL << (10))
 
#define SIGMATCH_SUPPORT_FIREWALL   (1UL << (11))
 
#define SIGMATCH_SUPPORT_DIR   (1UL << (12))
 
#define SIGMATCH_INFO_MULTI_BUFFER   (1UL << (13))
 
#define SIGMATCH_INFO_UINT8   (1UL << (14))
 
#define SIGMATCH_INFO_UINT16   (1UL << (15))
 
#define SIGMATCH_INFO_UINT32   (1UL << (16))
 
#define SIGMATCH_INFO_UINT64   (1UL << (17))
 
#define SIGMATCH_INFO_MULTI_UINT   (1UL << (18))
 
#define SIGMATCH_INFO_ENUM_UINT   (1UL << (19))
 
#define SIGMATCH_INFO_BITFLAGS_UINT   (1UL << (20))
 

Enumerations

enum  DetectKeywordId {
  DETECT_SID, DETECT_PRIORITY, DETECT_REV, DETECT_CLASSTYPE,
  DETECT_APP_LAYER_PROTOCOL, DETECT_ACK, DETECT_SEQ, DETECT_WINDOW,
  DETECT_IPOPTS, DETECT_IPADDR_SRC, DETECT_IPADDR_DST, DETECT_FLAGS,
  DETECT_FRAGBITS, DETECT_FRAGOFFSET, DETECT_TTL, DETECT_TOS,
  DETECT_ITYPE, DETECT_ICODE, DETECT_ICMP_ID, DETECT_ICMP_SEQ,
  DETECT_ICMPV4HDR, DETECT_IGMPHDR, DETECT_IGMP_TYPE, DETECT_DSIZE,
  DETECT_FLOW, DETECT_THRESHOLD, DETECT_FLOWBITS, DETECT_FLOWVAR,
  DETECT_FLOWVAR_POSTMATCH, DETECT_FLOWINT, DETECT_HOSTBITS, DETECT_XBITS,
  DETECT_PKTVAR, DETECT_CONTENT, DETECT_URICONTENT, DETECT_PCRE,
  DETECT_DEPTH, DETECT_STARTS_WITH, DETECT_ENDS_WITH, DETECT_DISTANCE,
  DETECT_WITHIN, DETECT_OFFSET, DETECT_REPLACE, DETECT_NOCASE,
  DETECT_FAST_PATTERN, DETECT_RAWBYTES, DETECT_BYTETEST, DETECT_BYTEJUMP,
  DETECT_BYTEMATH, DETECT_BYTE_EXTRACT, DETECT_DATASET, DETECT_DATAREP,
  DETECT_BASE64_DECODE, DETECT_BASE64_DATA, DETECT_BSIZE, DETECT_ASN1,
  DETECT_LUA, DETECT_ISDATAAT, DETECT_URILEN, DETECT_ABSENT,
  DETECT_ENTROPY, DETECT_METADATA, DETECT_REFERENCE, DETECT_TAG,
  DETECT_MSG, DETECT_SAMEIP, DETECT_GEOIP, DETECT_IPPROTO,
  DETECT_FTPBOUNCE, DETECT_FTP_DYNPORT, DETECT_ID, DETECT_RPC,
  DETECT_NOALERT, DETECT_ALERT, DETECT_IPV4_CSUM, DETECT_TCPV4_CSUM,
  DETECT_TCPV6_CSUM, DETECT_UDPV4_CSUM, DETECT_UDPV6_CSUM, DETECT_ICMPV4_CSUM,
  DETECT_ICMPV6_CSUM, DETECT_IGMP_CSUM, DETECT_STREAM_SIZE, DETECT_DETECTION_FILTER,
  DETECT_DECODE_EVENT, DETECT_GID, DETECT_MARK, DETECT_FRAME,
  DETECT_FLOW_AGE, DETECT_FLOW_PKTS, DETECT_FLOW_PKTS_TO_SERVER, DETECT_FLOW_PKTS_TO_CLIENT,
  DETECT_FLOW_BYTES, DETECT_FLOW_BYTES_TO_SERVER, DETECT_FLOW_BYTES_TO_CLIENT, DETECT_FLOW_ELEPHANT,
  DETECT_REQUIRES, DETECT_TLS_VERSION, DETECT_TLS_SUBJECT, DETECT_TLS_ISSUERDN,
  DETECT_TLS_NOTBEFORE, DETECT_TLS_NOTAFTER, DETECT_TLS_EXPIRED, DETECT_TLS_VALID,
  DETECT_TLS_FINGERPRINT, DETECT_TLS_STORE, DETECT_TLS_CHAIN_LEN, DETECT_TLS_ALPN,
  DETECT_HTTP_COOKIE_CM, DETECT_HTTP_COOKIE, DETECT_HTTP_METHOD_CM, DETECT_HTTP_METHOD,
  DETECT_HTTP_PROTOCOL, DETECT_HTTP_START, DETECT_HTTP_CLIENT_BODY, DETECT_HTTP_REQUEST_BODY,
  DETECT_HTTP_SERVER_BODY, DETECT_HTTP_RESPONSE_BODY, DETECT_HTTP_HEADER_CM, DETECT_HTTP_HEADER,
  DETECT_HTTP_HEADER_NAMES, DETECT_HTTP_HEADER_ACCEPT, DETECT_HTTP_HEADER_ACCEPT_LANG, DETECT_HTTP_HEADER_ACCEPT_ENC,
  DETECT_HTTP_HEADER_CONNECTION, DETECT_HTTP_HEADER_CONTENT_LEN, DETECT_HTTP_HEADER_CONTENT_TYPE, DETECT_HTTP_HEADER_LOCATION,
  DETECT_HTTP_HEADER_SERVER, DETECT_HTTP_HEADER_REFERER, DETECT_HTTP_RAW_HEADER_CM, DETECT_HTTP_RAW_HEADER,
  DETECT_HTTP_URI_CM, DETECT_HTTP_URI, DETECT_HTTP_URI_RAW, DETECT_HTTP_RAW_URI,
  DETECT_HTTP_STAT_MSG_CM, DETECT_HTTP_STAT_MSG, DETECT_HTTP_STAT_CODE_CM, DETECT_HTTP_STAT_CODE,
  DETECT_HTTP_USER_AGENT, DETECT_HTTP_UA, DETECT_HTTP_HOST_CM, DETECT_HTTP_HOST,
  DETECT_HTTP_RAW_HOST, DETECT_HTTP_HOST_RAW, DETECT_HTTP_REQUEST_LINE, DETECT_HTTP_RESPONSE_LINE,
  DETECT_NFS_VERSION, DETECT_SSL_VERSION, DETECT_SSL_STATE, DETECT_FILE_DATA,
  DETECT_PKT_DATA, DETECT_APP_LAYER_EVENT, DETECT_APP_LAYER_STATE, DETECT_HTTP2_FRAMETYPE,
  DETECT_HTTP2_ERRORCODE, DETECT_HTTP2_PRIORITY, DETECT_HTTP2_WINDOW, DETECT_HTTP2_SIZEUPDATE,
  DETECT_HTTP2_SETTINGS, DETECT_HTTP2_HEADERNAME, DETECT_HTTP_REQUEST_HEADER, DETECT_HTTP_RESPONSE_HEADER,
  DETECT_DCE_IFACE, DETECT_DCE_OPNUM, DETECT_DCE_STUB_DATA, DETECT_ENGINE_EVENT,
  DETECT_STREAM_EVENT, DETECT_CONFIG, DETECT_FILENAME, DETECT_FILE_NAME,
  DETECT_FILEEXT, DETECT_FILESTORE, DETECT_FILESTORE_POSTMATCH, DETECT_FILEMAGIC,
  DETECT_FILE_MAGIC, DETECT_FILEMD5, DETECT_FILESHA1, DETECT_FILESHA256,
  DETECT_FILESIZE, DETECT_L3PROTO, DETECT_IPREP, DETECT_DNS_RESPONSE,
  DETECT_TLS_SNI, DETECT_TLS_CERTS, DETECT_TLS_CERT_ISSUER, DETECT_TLS_CERT_SUBJECT,
  DETECT_TLS_CERT_SERIAL, DETECT_TLS_CERT_FINGERPRINT, DETECT_TLS_SUBJECTALTNAME, DETECT_TLS_RANDOM_TIME,
  DETECT_TLS_RANDOM_BYTES, DETECT_TLS_RANDOM, DETECT_TLS_JA3_HASH, DETECT_TLS_JA3_STRING,
  DETECT_TLS_JA3S_HASH, DETECT_TLS_JA3S_STRING, DETECT_MODBUS, DETECT_DNP3DATA,
  DETECT_DNP3FUNC, DETECT_DNP3IND, DETECT_DNP3OBJ, DETECT_KRB5_ERRCODE,
  DETECT_KRB5_CNAME, DETECT_KRB5_SNAME, DETECT_KRB5_TICKET_ENCRYPTION, DETECT_SIP_METHOD,
  DETECT_SIP_URI, DETECT_TEMPLATE, DETECT_TEMPLATE2, DETECT_ETHERHDR,
  DETECT_IPV4HDR, DETECT_IPV6HDR, DETECT_ICMPV6HDR, DETECT_ICMPV6MTU,
  DETECT_TCPHDR, DETECT_UDPHDR, DETECT_TCPMSS, DETECT_TCP_WSCALE,
  DETECT_FTPDATA, DETECT_TARGET, DETECT_BYPASS, DETECT_PREFILTER,
  DETECT_TRANSFORM_PCREXFORM, DETECT_TRANSFORM_LUAXFORM, DETECT_JA4_HASH, DETECT_FTP_COMMAND,
  DETECT_FTP_COMMAND_DATA, DETECT_FTP_REPLY, DETECT_FTP_MODE, DETECT_FTP_REPLY_RECEIVED,
  DETECT_FTP_COMPLETION_CODE, DETECT_VLAN_ID, DETECT_VLAN_LAYERS, DETECT_TBLSIZE_STATIC
}
 

Functions

int SigTableList (const char *keyword)
 
void SigTableCleanup (void)
 
void SigTableInit (void)
 
void SigTableSetup (void)
 
int SCSigTablePreRegister (void(*KeywordsRegister)(void))
 
void SigTableRegisterTests (void)
 
bool SCSigTableHasKeyword (const char *keyword)
 Check if a keyword exists. More...
 
void SCDetectHelperKeywordSetCleanCString (uint16_t id)
 

Variables

int DETECT_TBLSIZE
 
int DETECT_TBLSIZE_IDX
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file detect-engine-register.h.

Macro Definition Documentation

◆ DETECT_TBLSIZE_STEP

#define DETECT_TBLSIZE_STEP   256

Definition at line 308 of file detect-engine-register.h.

◆ SIGMATCH_DEONLY_COMPAT

#define SIGMATCH_DEONLY_COMPAT   (1UL << (2))

sigmatch is compatible with a decode event only rule

Definition at line 316 of file detect-engine-register.h.

◆ SIGMATCH_HANDLE_NEGATION

#define SIGMATCH_HANDLE_NEGATION   (1UL << (6))

negation parsing is handled by the rule parser. Signature::init_data::negated will be set to true or false prior to calling the keyword parser. Exclamation mark is stripped from the input to the keyword parser.

Definition at line 330 of file detect-engine-register.h.

◆ SIGMATCH_INFO_BITFLAGS_UINT

#define SIGMATCH_INFO_BITFLAGS_UINT   (1UL << (20))

keyword is an uint with bitflags

Definition at line 358 of file detect-engine-register.h.

◆ SIGMATCH_INFO_CONTENT_MODIFIER

#define SIGMATCH_INFO_CONTENT_MODIFIER   (1UL << (7))

keyword is a content modifier

Definition at line 332 of file detect-engine-register.h.

◆ SIGMATCH_INFO_DEPRECATED

#define SIGMATCH_INFO_DEPRECATED   (1UL << (9))

keyword is deprecated: used to suggest an alternative

Definition at line 336 of file detect-engine-register.h.

◆ SIGMATCH_INFO_ENUM_UINT

#define SIGMATCH_INFO_ENUM_UINT   (1UL << (19))

keyword is an uint with enumeration stringer

Definition at line 356 of file detect-engine-register.h.

◆ SIGMATCH_INFO_MULTI_BUFFER

#define SIGMATCH_INFO_MULTI_BUFFER   (1UL << (13))

keyword is a multi buffer

Definition at line 344 of file detect-engine-register.h.

◆ SIGMATCH_INFO_MULTI_UINT

#define SIGMATCH_INFO_MULTI_UINT   (1UL << (18))

keyword is a multi uint

Definition at line 354 of file detect-engine-register.h.

◆ SIGMATCH_INFO_STICKY_BUFFER

#define SIGMATCH_INFO_STICKY_BUFFER   (1UL << (8))

keyword is a sticky buffer

Definition at line 334 of file detect-engine-register.h.

◆ SIGMATCH_INFO_UINT16

#define SIGMATCH_INFO_UINT16   (1UL << (15))

keyword is a unsigned 16-bit integer

Definition at line 348 of file detect-engine-register.h.

◆ SIGMATCH_INFO_UINT32

#define SIGMATCH_INFO_UINT32   (1UL << (16))

keyword is a unsigned 32-bit integer

Definition at line 350 of file detect-engine-register.h.

◆ SIGMATCH_INFO_UINT64

#define SIGMATCH_INFO_UINT64   (1UL << (17))

keyword is a unsigned 64-bit integer

Definition at line 352 of file detect-engine-register.h.

◆ SIGMATCH_INFO_UINT8

#define SIGMATCH_INFO_UINT8   (1UL << (14))

keyword is a unsigned 8-bit integer

Definition at line 346 of file detect-engine-register.h.

◆ SIGMATCH_IPONLY_COMPAT

#define SIGMATCH_IPONLY_COMPAT   (1UL << (1))

sigmatch is compatible with a ip only rule

Definition at line 314 of file detect-engine-register.h.

◆ SIGMATCH_NOOPT

#define SIGMATCH_NOOPT   (1UL << (0))

sigmatch has no options, so the parser shouldn't expect any

Definition at line 312 of file detect-engine-register.h.

◆ SIGMATCH_OPTIONAL_OPT

#define SIGMATCH_OPTIONAL_OPT   (1UL << (3))

sigmatch may have options, so the parser should be ready to deal with both cases

Definition at line 319 of file detect-engine-register.h.

◆ SIGMATCH_QUOTES_MANDATORY

#define SIGMATCH_QUOTES_MANDATORY   (1UL << (5))

input MUST be wrapped in double quotes. They will be stripped before input data is passed to keyword parser. Missing double quotes lead to error and signature invalidation.

Definition at line 326 of file detect-engine-register.h.

◆ SIGMATCH_QUOTES_OPTIONAL

#define SIGMATCH_QUOTES_OPTIONAL   (1UL << (4))

input may be wrapped in double quotes. They will be stripped before input data is passed to keyword parser

Definition at line 322 of file detect-engine-register.h.

◆ SIGMATCH_STRICT_PARSING

#define SIGMATCH_STRICT_PARSING   (1UL << (10))

strict parsing is enabled

Definition at line 338 of file detect-engine-register.h.

◆ SIGMATCH_SUPPORT_DIR

#define SIGMATCH_SUPPORT_DIR   (1UL << (12))

keyword supporting setting an optional direction

Definition at line 342 of file detect-engine-register.h.

◆ SIGMATCH_SUPPORT_FIREWALL

#define SIGMATCH_SUPPORT_FIREWALL   (1UL << (11))

keyword supported by firewall rules

Definition at line 340 of file detect-engine-register.h.

Enumeration Type Documentation

◆ DetectKeywordId

enum DetectKeywordId
Enumerator
DETECT_SID 
DETECT_PRIORITY 
DETECT_REV 
DETECT_CLASSTYPE 
DETECT_APP_LAYER_PROTOCOL 
DETECT_ACK 
DETECT_SEQ 
DETECT_WINDOW 
DETECT_IPOPTS 
DETECT_IPADDR_SRC 
DETECT_IPADDR_DST 
DETECT_FLAGS 
DETECT_FRAGBITS 
DETECT_FRAGOFFSET 
DETECT_TTL 
DETECT_TOS 
DETECT_ITYPE 
DETECT_ICODE 
DETECT_ICMP_ID 
DETECT_ICMP_SEQ 
DETECT_ICMPV4HDR 
DETECT_IGMPHDR 
DETECT_IGMP_TYPE 
DETECT_DSIZE 
DETECT_FLOW 
DETECT_THRESHOLD 
DETECT_FLOWBITS 
DETECT_FLOWVAR 
DETECT_FLOWVAR_POSTMATCH 
DETECT_FLOWINT 
DETECT_HOSTBITS 
DETECT_XBITS 
DETECT_PKTVAR 
DETECT_CONTENT 
DETECT_URICONTENT 
DETECT_PCRE 
DETECT_DEPTH 
DETECT_STARTS_WITH 
DETECT_ENDS_WITH 
DETECT_DISTANCE 
DETECT_WITHIN 
DETECT_OFFSET 
DETECT_REPLACE 
DETECT_NOCASE 
DETECT_FAST_PATTERN 
DETECT_RAWBYTES 
DETECT_BYTETEST 
DETECT_BYTEJUMP 
DETECT_BYTEMATH 
DETECT_BYTE_EXTRACT 
DETECT_DATASET 
DETECT_DATAREP 
DETECT_BASE64_DECODE 
DETECT_BASE64_DATA 
DETECT_BSIZE 
DETECT_ASN1 
DETECT_LUA 
DETECT_ISDATAAT 
DETECT_URILEN 
DETECT_ABSENT 
DETECT_ENTROPY 
DETECT_METADATA 
DETECT_REFERENCE 
DETECT_TAG 
DETECT_MSG 
DETECT_SAMEIP 
DETECT_GEOIP 
DETECT_IPPROTO 
DETECT_FTPBOUNCE 
DETECT_FTP_DYNPORT 
DETECT_ID 
DETECT_RPC 
DETECT_NOALERT 
DETECT_ALERT 
DETECT_IPV4_CSUM 
DETECT_TCPV4_CSUM 
DETECT_TCPV6_CSUM 
DETECT_UDPV4_CSUM 
DETECT_UDPV6_CSUM 
DETECT_ICMPV4_CSUM 
DETECT_ICMPV6_CSUM 
DETECT_IGMP_CSUM 
DETECT_STREAM_SIZE 
DETECT_DETECTION_FILTER 
DETECT_DECODE_EVENT 
DETECT_GID 
DETECT_MARK 
DETECT_FRAME 
DETECT_FLOW_AGE 
DETECT_FLOW_PKTS 
DETECT_FLOW_PKTS_TO_SERVER 
DETECT_FLOW_PKTS_TO_CLIENT 
DETECT_FLOW_BYTES 
DETECT_FLOW_BYTES_TO_SERVER 
DETECT_FLOW_BYTES_TO_CLIENT 
DETECT_FLOW_ELEPHANT 
DETECT_REQUIRES 
DETECT_TLS_VERSION 
DETECT_TLS_SUBJECT 
DETECT_TLS_ISSUERDN 
DETECT_TLS_NOTBEFORE 
DETECT_TLS_NOTAFTER 
DETECT_TLS_EXPIRED 
DETECT_TLS_VALID 
DETECT_TLS_FINGERPRINT 
DETECT_TLS_STORE 
DETECT_TLS_CHAIN_LEN 
DETECT_TLS_ALPN 
DETECT_HTTP_COOKIE_CM 
DETECT_HTTP_COOKIE 
DETECT_HTTP_METHOD_CM 
DETECT_HTTP_METHOD 
DETECT_HTTP_PROTOCOL 
DETECT_HTTP_START 
DETECT_HTTP_CLIENT_BODY 
DETECT_HTTP_REQUEST_BODY 
DETECT_HTTP_SERVER_BODY 
DETECT_HTTP_RESPONSE_BODY 
DETECT_HTTP_HEADER_CM 
DETECT_HTTP_HEADER 
DETECT_HTTP_HEADER_NAMES 
DETECT_HTTP_HEADER_ACCEPT 
DETECT_HTTP_HEADER_ACCEPT_LANG 
DETECT_HTTP_HEADER_ACCEPT_ENC 
DETECT_HTTP_HEADER_CONNECTION 
DETECT_HTTP_HEADER_CONTENT_LEN 
DETECT_HTTP_HEADER_CONTENT_TYPE 
DETECT_HTTP_HEADER_LOCATION 
DETECT_HTTP_HEADER_SERVER 
DETECT_HTTP_HEADER_REFERER 
DETECT_HTTP_RAW_HEADER_CM 
DETECT_HTTP_RAW_HEADER 
DETECT_HTTP_URI_CM 
DETECT_HTTP_URI 
DETECT_HTTP_URI_RAW 
DETECT_HTTP_RAW_URI 
DETECT_HTTP_STAT_MSG_CM 
DETECT_HTTP_STAT_MSG 
DETECT_HTTP_STAT_CODE_CM 
DETECT_HTTP_STAT_CODE 
DETECT_HTTP_USER_AGENT 
DETECT_HTTP_UA 
DETECT_HTTP_HOST_CM 
DETECT_HTTP_HOST 
DETECT_HTTP_RAW_HOST 
DETECT_HTTP_HOST_RAW 
DETECT_HTTP_REQUEST_LINE 
DETECT_HTTP_RESPONSE_LINE 
DETECT_NFS_VERSION 
DETECT_SSL_VERSION 
DETECT_SSL_STATE 
DETECT_FILE_DATA 
DETECT_PKT_DATA 
DETECT_APP_LAYER_EVENT 
DETECT_APP_LAYER_STATE 
DETECT_HTTP2_FRAMETYPE 
DETECT_HTTP2_ERRORCODE 
DETECT_HTTP2_PRIORITY 
DETECT_HTTP2_WINDOW 
DETECT_HTTP2_SIZEUPDATE 
DETECT_HTTP2_SETTINGS 
DETECT_HTTP2_HEADERNAME 
DETECT_HTTP_REQUEST_HEADER 
DETECT_HTTP_RESPONSE_HEADER 
DETECT_DCE_IFACE 
DETECT_DCE_OPNUM 
DETECT_DCE_STUB_DATA 
DETECT_ENGINE_EVENT 
DETECT_STREAM_EVENT 
DETECT_CONFIG 
DETECT_FILENAME 
DETECT_FILE_NAME 
DETECT_FILEEXT 
DETECT_FILESTORE 
DETECT_FILESTORE_POSTMATCH 
DETECT_FILEMAGIC 
DETECT_FILE_MAGIC 
DETECT_FILEMD5 
DETECT_FILESHA1 
DETECT_FILESHA256 
DETECT_FILESIZE 
DETECT_L3PROTO 
DETECT_IPREP 
DETECT_DNS_RESPONSE 
DETECT_TLS_SNI 
DETECT_TLS_CERTS 
DETECT_TLS_CERT_ISSUER 
DETECT_TLS_CERT_SUBJECT 
DETECT_TLS_CERT_SERIAL 
DETECT_TLS_CERT_FINGERPRINT 
DETECT_TLS_SUBJECTALTNAME 
DETECT_TLS_RANDOM_TIME 
DETECT_TLS_RANDOM_BYTES 
DETECT_TLS_RANDOM 
DETECT_TLS_JA3_HASH 
DETECT_TLS_JA3_STRING 
DETECT_TLS_JA3S_HASH 
DETECT_TLS_JA3S_STRING 
DETECT_MODBUS 
DETECT_DNP3DATA 
DETECT_DNP3FUNC 
DETECT_DNP3IND 
DETECT_DNP3OBJ 
DETECT_KRB5_ERRCODE 
DETECT_KRB5_CNAME 
DETECT_KRB5_SNAME 
DETECT_KRB5_TICKET_ENCRYPTION 
DETECT_SIP_METHOD 
DETECT_SIP_URI 
DETECT_TEMPLATE 
DETECT_TEMPLATE2 
DETECT_ETHERHDR 
DETECT_IPV4HDR 
DETECT_IPV6HDR 
DETECT_ICMPV6HDR 
DETECT_ICMPV6MTU 
DETECT_TCPHDR 
DETECT_UDPHDR 
DETECT_TCPMSS 
DETECT_TCP_WSCALE 
DETECT_FTPDATA 
DETECT_TARGET 
DETECT_BYPASS 
DETECT_PREFILTER 
DETECT_TRANSFORM_PCREXFORM 
DETECT_TRANSFORM_LUAXFORM 
DETECT_JA4_HASH 
DETECT_FTP_COMMAND 
DETECT_FTP_COMMAND_DATA 
DETECT_FTP_REPLY 
DETECT_FTP_MODE 
DETECT_FTP_REPLY_RECEIVED 
DETECT_FTP_COMPLETION_CODE 
DETECT_VLAN_ID 
DETECT_VLAN_LAYERS 
DETECT_TBLSIZE_STATIC 

Definition at line 27 of file detect-engine-register.h.

Function Documentation

◆ SCDetectHelperKeywordSetCleanCString()

void SCDetectHelperKeywordSetCleanCString ( uint16_t  id)

Definition at line 472 of file detect-engine-register.c.

References SigTableElmt_::Cleanup, and sigmatch_table.

◆ SCSigTableHasKeyword()

bool SCSigTableHasKeyword ( const char *  keyword)

Check if a keyword exists.

Definition at line 373 of file detect-engine-register.c.

References DETECT_TBLSIZE, name, SigTableElmt_::name, and sigmatch_table.

◆ SCSigTablePreRegister()

int SCSigTablePreRegister ( void(*)(void)  KeywordsRegister)

Definition at line 501 of file detect-engine-register.c.

◆ SigTableCleanup()

void SigTableCleanup ( void  )

Definition at line 477 of file detect-engine-register.c.

References SigTableElmt_::Cleanup, DETECT_TBLSIZE, SCFree, and sigmatch_table.

Referenced by GlobalsDestroy().

Here is the caller graph for this function:

◆ SigTableInit()

void SigTableInit ( void  )

Definition at line 517 of file detect-engine-register.c.

References DETECT_TBLSIZE, DETECT_TBLSIZE_STATIC, DETECT_TBLSIZE_STEP, FatalError, SCCalloc, and sigmatch_table.

Referenced by ListKeywords(), LLVMFuzzerTestOneInput(), PostConfLoadedSetup(), and RunUnittests().

Here is the caller graph for this function:

◆ SigTableList()

int SigTableList ( const char *  keyword)

Definition at line 390 of file detect-engine-register.c.

References DETECT_TBLSIZE, name, SigTableElmt_::name, and sigmatch_table.

Referenced by ListKeywords().

Here is the caller graph for this function:

◆ SigTableRegisterTests()

void SigTableRegisterTests ( void  )

Definition at line 777 of file detect-engine-register.c.

References coverage_unittests, DETECT_TBLSIZE, g_ut_covered, g_ut_modules, name, SigTableElmt_::RegisterTests, SCLogDebug, SCLogWarning, and sigmatch_table.

◆ SigTableSetup()

void SigTableSetup ( void  )

Definition at line 529 of file detect-engine-register.c.

References DetectAckRegister(), DetectAppLayerEventRegister(), DetectAppLayerProtocolRegister(), DetectAppLayerStateRegister(), DetectAsn1Register(), DetectBase64DataRegister(), DetectBase64DecodeRegister(), DetectBsizeRegister(), DetectBypassRegister(), DetectByteExtractRegister(), DetectBytejumpRegister(), DetectBytemathRegister(), DetectBytetestRegister(), DetectClasstypeRegister(), DetectConfigRegister(), DetectContentRegister(), DetectCsumRegister(), DetectDatarepRegister(), DetectDatasetRegister(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectDceStubDataRegister(), DetectDepthRegister(), DetectDetectionFilterRegister(), DetectDistanceRegister(), DetectDNP3Register(), DetectDnsNameRegister(), DetectDnsResponseRegister(), DetectDsizeRegister(), DetectEngineEventRegister(), DetectEntropyRegister(), DetectEtherhdrRegister(), DetectFastPatternRegister(), DetectFiledataRegister(), DetectFilemagicRegister(), DetectFileMd5Register(), DetectFilenameRegister(), DetectFileSha1Register(), DetectFileSha256Register(), DetectFilesizeRegister(), DetectFilestoreRegister(), DetectFlagsRegister(), DetectFlowAgeRegister(), DetectFlowbitsRegister(), DetectFlowBytesRegister(), DetectFlowBytesToClientRegister(), DetectFlowBytesToServerRegister(), DetectFlowElephantRegister(), DetectFlowintRegister(), DetectFlowPktsRegister(), DetectFlowPktsToClientRegister(), DetectFlowPktsToServerRegister(), DetectFlowRegister(), DetectFlowvarRegister(), DetectFragBitsRegister(), DetectFragOffsetRegister(), DetectFrameRegister(), DetectFtpbounceRegister(), DetectFtpCommandDataRegister(), DetectFtpCommandRegister(), DetectFtpCompletionCodeRegister(), DetectFtpdataRegister(), DetectFtpDynamicPortRegister(), DetectFtpModeRegister(), DetectFtpReplyReceivedRegister(), DetectFtpReplyRegister(), DetectGeoipRegister(), DetectGidRegister(), DetectHostbitsRegister(), DetectHttp2Register(), DetectHttpClientBodyRegister(), DetectHttpCookieRegister(), DetectHttpHeaderNamesRegister(), DetectHttpHeaderRegister(), DetectHttpHeadersRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpProtocolRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseHeaderRegister(), DetectHttpResponseLineRegister(), DetectHttpServerBodyRegister(), DetectHttpStartRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriRegister(), DetectIcmpIdRegister(), DetectIcmpSeqRegister(), DetectIcmpv4HdrRegister(), DetectICMPv6hdrRegister(), DetectICMPv6mtuRegister(), DetectICodeRegister(), DetectIdRegister(), DetectIGMPHdrRegister(), DetectIGMPTypeRegister(), DetectIPAddrBufferRegister(), DetectIpOptsRegister(), DetectIPProtoRegister(), DetectIPRepRegister(), DetectIpv4hdrRegister(), DetectIpv6hdrRegister(), DetectIsdataatRegister(), DetectITypeRegister(), DetectJa4HashRegister(), DetectKrb5CNameRegister(), DetectKrb5ErrCodeRegister(), DetectKrb5SNameRegister(), DetectKrb5TicketEncryptionRegister(), DetectL3ProtoRegister(), DetectLuaRegister(), DetectMarkRegister(), DetectMetadataRegister(), DetectModbusRegister(), DetectMsgRegister(), DetectNfsVersionRegister(), DetectNoalertRegister(), DetectNocaseRegister(), DetectOffsetRegister(), DetectPcreRegister(), DetectPktDataRegister(), DetectPktvarRegister(), DetectPrefilterRegister(), DetectPriorityRegister(), DetectRawbytesRegister(), DetectReferenceRegister(), DetectRegisterAppLayerHookLists(), DetectReplaceRegister(), DetectRequiresRegister(), DetectRevRegister(), DetectRpcRegister(), DetectSameipRegister(), DetectSeqRegister(), DetectSidRegister(), DetectSipMethodRegister(), DetectSipUriRegister(), DetectSslStateRegister(), DetectSslVersionRegister(), DetectStreamSizeRegister(), DetectTagRegister(), DetectTargetRegister(), DetectTcphdrRegister(), DetectTcpmssRegister(), DetectTcpWscaleRegister(), DetectTemplate2Register(), DetectTemplateRegister(), DetectThresholdRegister(), DetectTlsAlpnRegister(), DetectTlsCertChainLenRegister(), DetectTlsCertsRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), DetectTlsJa3SStringRegister(), DetectTlsJa3StringRegister(), DetectTlsRandomRegister(), DetectTlsRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), DetectTlsSubjectAltNameRegister(), DetectTlsSubjectRegister(), DetectTlsValidityRegister(), DetectTlsVersionRegister(), DetectTosRegister(), DetectTransformLuaxformRegister(), DetectTransformPcrexformRegister(), DetectTtlRegister(), DetectUdphdrRegister(), DetectUricontentRegister(), DetectUrilenRegister(), DetectWindowRegister(), DetectWithinRegister(), and DetectXbitsRegister().

Referenced by ListKeywords(), LLVMFuzzerTestOneInput(), and RunUnittests().

Here is the caller graph for this function:

Variable Documentation

◆ DETECT_TBLSIZE

int DETECT_TBLSIZE

Definition at line 268 of file detect-engine-register.c.

Referenced by PrefilterSetupRuleGroup(), SCDetectHelperNewKeywordId(), SCProfilingKeywordThreadSetup(), SCProfilingKeywordUpdateCounter(), SCSigTableHasKeyword(), SigMatchStrictEnabled(), SigTableApplyStrictCommandLineOption(), SigTableCleanup(), SigTableInit(), SigTableList(), and SigTableRegisterTests().

◆ DETECT_TBLSIZE_IDX

int DETECT_TBLSIZE_IDX

Definition at line 269 of file detect-engine-register.c.

Referenced by SCDetectHelperNewKeywordId().