suricata
detect-parse.c File Reference
#include "suricata-common.h"
#include "detect.h"
#include "detect-engine.h"
#include "detect-engine-address.h"
#include "detect-engine-port.h"
#include "detect-engine-mpm.h"
#include "detect-engine-state.h"
#include "detect-engine-build.h"
#include "detect-content.h"
#include "detect-bsize.h"
#include "detect-pcre.h"
#include "detect-uricontent.h"
#include "detect-reference.h"
#include "detect-ipproto.h"
#include "detect-flow.h"
#include "detect-app-layer-protocol.h"
#include "detect-lua.h"
#include "detect-app-layer-event.h"
#include "detect-http-method.h"
#include "pkt-var.h"
#include "host.h"
#include "util-profiling.h"
#include "decode.h"
#include "flow.h"
#include "util-rule-vars.h"
#include "conf.h"
#include "conf-yaml-loader.h"
#include "app-layer.h"
#include "app-layer-protos.h"
#include "app-layer-parser.h"
#include "app-layer-htp.h"
#include "util-classification-config.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "util-debug.h"
#include "string.h"
#include "detect-parse.h"
#include "detect-engine-iponly.h"
#include "app-layer-detect-proto.h"
#include "action-globals.h"
#include "util-validate.h"
#include "detect-engine-alert.h"
#include "packet.h"
#include "tests/detect-parse.c"
Include dependency graph for detect-parse.c:

Go to the source code of this file.

Data Structures

struct  SigDuplWrapper_
 Registration table for file handlers. More...
 
struct  SignatureParser_
 

Macros

#define CONFIG_PARTS   8
 
#define CONFIG_ACTION   0
 
#define CONFIG_PROTO   1
 
#define CONFIG_SRC   2
 
#define CONFIG_SP   3
 
#define CONFIG_DIREC   4
 
#define CONFIG_DST   5
 
#define CONFIG_DP   6
 
#define CONFIG_OPTS   7
 
#define CASE_CODE_STRING(E, S)   case E: return S; break
 
#define CASE_CODE(E)   case E: return #E
 
#define URL   "https://suricata.io/our-story/deprecation-policy/"
 

Typedefs

typedef struct SigDuplWrapper_ SigDuplWrapper
 Registration table for file handlers. More...
 
typedef struct SignatureParser_ SignatureParser
 

Functions

void DetectFileRegisterFileProtocols (DetectFileHandlerTableElmt *reg)
 
const char * DetectListToHumanString (int list)
 
const char * DetectListToString (int list)
 
int DetectEngineContentModifierBufferSetup (DetectEngineCtx *de_ctx, Signature *s, const char *arg, int sm_type, int sm_list, AppProto alproto)
 
SigMatchSigMatchAlloc (void)
 
void SigMatchFree (DetectEngineCtx *de_ctx, SigMatch *sm)
 free a SigMatch More...
 
bool SigMatchSilentErrorEnabled (const DetectEngineCtx *de_ctx, const enum DetectKeywordId id)
 
bool SigMatchStrictEnabled (const enum DetectKeywordId id)
 
void SigTableApplyStrictCommandLineOption (const char *str)
 
SigMatchSigMatchAppendSMToList (DetectEngineCtx *de_ctx, Signature *s, uint16_t type, SigMatchCtx *ctx, const int list)
 Append a SigMatch to the list type. More...
 
void SigMatchRemoveSMFromList (Signature *s, SigMatch *sm, int sm_list)
 
SigMatchDetectGetLastSMFromMpmLists (const DetectEngineCtx *de_ctx, const Signature *s)
 get the last SigMatch from lists that support MPM. More...
 
SigMatchDetectGetLastSMFromLists (const Signature *s,...)
 Returns the sm with the largest index (added latest) from the lists passed to us. More...
 
SigMatchDetectGetLastSMByListPtr (const Signature *s, SigMatch *sm_list,...)
 Returns the sm with the largest index (added last) from the list passed to us as a pointer. More...
 
SigMatchDetectGetLastSMByListId (const Signature *s, int list_id,...)
 Returns the sm with the largest index (added last) from the list passed to us as an id. More...
 
SigMatchDetectGetLastSM (const Signature *s)
 Returns the sm with the largest index (added latest) from this sig. More...
 
int SigMatchListSMBelongsTo (const Signature *s, const SigMatch *key_sm)
 
int SignatureInitDataBufferCheckExpand (Signature *s)
 check if buffers array still has space left, expand if not More...
 
SignatureSigAlloc (void)
 
void SigFree (DetectEngineCtx *de_ctx, Signature *s)
 
int DetectSignatureAddTransform (Signature *s, int transform, void *options)
 
int DetectSignatureSetAppProto (Signature *s, AppProto alproto)
 
SigMatchDataSigMatchList2DataArray (SigMatch *head)
 convert SigMatch list to SigMatchData array More...
 
SignatureSigInit (DetectEngineCtx *de_ctx, const char *sigstr)
 Parses a signature and adds it to the Detection Engine Context. More...
 
int DetectParseDupSigHashInit (DetectEngineCtx *de_ctx)
 Initializes the hash table that is used to cull duplicate sigs. More...
 
void DetectParseDupSigHashFree (DetectEngineCtx *de_ctx)
 Frees the hash table that is used to cull duplicate sigs. More...
 
SignatureDetectEngineAppendSig (DetectEngineCtx *de_ctx, const char *sigstr)
 Parse and append a Signature into the Detection Engine Context signature list. More...
 
int DetectParsePcreExec (DetectParseRegex *parse_regex, pcre2_match_data **match, const char *str, int start_offset, int options)
 
void DetectParseFreeRegex (DetectParseRegex *r)
 
void DetectParseFreeRegexes (void)
 
void DetectParseRegexAddToFreeList (DetectParseRegex *detect_parse)
 add regex and/or study to at exit free list More...
 
bool DetectSetupParseRegexesOpts (const char *parse_str, DetectParseRegex *detect_parse, int opts)
 
DetectParseRegexDetectSetupPCRE2 (const char *parse_str, int opts)
 
int SC_Pcre2SubstringCopy (pcre2_match_data *match_data, uint32_t number, PCRE2_UCHAR *buffer, PCRE2_SIZE *bufflen)
 
int SC_Pcre2SubstringGet (pcre2_match_data *match_data, uint32_t number, PCRE2_UCHAR **bufferptr, PCRE2_SIZE *bufflen)
 
void DetectSetupParseRegexes (const char *parse_str, DetectParseRegex *detect_parse)
 
void DetectParseRegisterTests (void)
 this function registers unit tests for DetectParse More...
 
void SigParseRegisterTests (void)
 

Variables

DetectFileHandlerTableElmt filehandler_table [DETECT_TBLSIZE]
 
SigTableElmt sigmatch_table [DETECT_TBLSIZE]
 
bool sc_set_caps
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

signature parser

Definition in file detect-parse.c.

Macro Definition Documentation

◆ CASE_CODE

#define CASE_CODE (   E)    case E: return #E

Definition at line 189 of file detect-parse.c.

◆ CASE_CODE_STRING

#define CASE_CODE_STRING (   E,
 
)    case E: return S; break

◆ CONFIG_ACTION

#define CONFIG_ACTION   0

Definition at line 151 of file detect-parse.c.

◆ CONFIG_DIREC

#define CONFIG_DIREC   4

Definition at line 155 of file detect-parse.c.

◆ CONFIG_DP

#define CONFIG_DP   6

Definition at line 157 of file detect-parse.c.

◆ CONFIG_DST

#define CONFIG_DST   5

Definition at line 156 of file detect-parse.c.

◆ CONFIG_OPTS

#define CONFIG_OPTS   7

Definition at line 158 of file detect-parse.c.

◆ CONFIG_PARTS

#define CONFIG_PARTS   8

Definition at line 149 of file detect-parse.c.

◆ CONFIG_PROTO

#define CONFIG_PROTO   1

Definition at line 152 of file detect-parse.c.

◆ CONFIG_SP

#define CONFIG_SP   3

Definition at line 154 of file detect-parse.c.

◆ CONFIG_SRC

#define CONFIG_SRC   2

Definition at line 153 of file detect-parse.c.

◆ URL

#define URL   "https://suricata.io/our-story/deprecation-policy/"

Typedef Documentation

◆ SigDuplWrapper

Registration table for file handlers.

We use this as data to the hash table DetectEngineCtx->dup_sig_hash_table.

◆ SignatureParser

helper structure for sig parsing

Function Documentation

◆ DetectEngineAppendSig()

Signature* DetectEngineAppendSig ( DetectEngineCtx de_ctx,
const char *  sigstr 
)

Parse and append a Signature into the Detection Engine Context signature list.

If the signature is bidirectional it should append two signatures (with the addresses switched) into the list. Also handle duplicate signatures. In case of duplicate sigs, use the ones that have the latest revision. We use the sid and the msg to identify duplicate sigs. If 2 sigs have the same sid and gid, they are duplicates.

Parameters
de_ctxPointer to the Detection Engine Context.
sigstrPointer to a character string containing the signature to be parsed.
sig_filePointer to a character string containing the filename from which signature is read
linenoLine number from where signature is read
Return values
Pointerto the head Signature in the detection engine ctx sig_list on success; NULL on failure.

In DetectEngineAppendSig(), the signatures are prepended and we always return the first one so if the signature is bidirectional, the returned sig will point through "next" ptr to the cloned signatures with the switched addresses

Definition at line 2620 of file detect-parse.c.

References de_ctx, and SigInit().

Referenced by UTHAppendSigs(), and UTHParseSignature().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DetectEngineContentModifierBufferSetup()

int DetectEngineContentModifierBufferSetup ( DetectEngineCtx de_ctx,
Signature s,
const char *  arg,
int  sm_type,
int  sm_list,
AppProto  alproto 
)
Parameters
argNULL or empty string

Definition at line 205 of file detect-parse.c.

References Signature_::alproto, ALPROTO_UNKNOWN, DETECT_SM_LIST_NOTSET, Signature_::init_data, SignatureInitData_::list, SCLogError, and sigmatch_table.

Referenced by DetectHttpUriSetup().

Here is the caller graph for this function:

◆ DetectFileRegisterFileProtocols()

◆ DetectGetLastSM()

SigMatch* DetectGetLastSM ( const Signature s)

Returns the sm with the largest index (added latest) from this sig.

Return values
sm_lastPointer to last sm

Definition at line 764 of file detect-parse.c.

References SignatureInitData_::buffer_index, SignatureInitData_::buffers, DETECT_SM_LIST_MAX, SigMatch_::idx, Signature_::init_data, SignatureInitData_::smlists_tail, and SignatureInitDataBuffer_::tail.

◆ DetectGetLastSMByListId()

SigMatch* DetectGetLastSMByListId ( const Signature s,
int  list_id,
  ... 
)

Returns the sm with the largest index (added last) from the list passed to us as an id.

Parameters
list_idid of the list to be searched
va_argslist of keyword types terminated by -1
Return values
sm_lastto last sm.

Definition at line 713 of file detect-parse.c.

References SignatureInitData_::buffer_index, SignatureInitData_::buffers, DETECT_SM_LIST_MAX, Signature_::init_data, and SignatureInitDataBuffer_::tail.

◆ DetectGetLastSMByListPtr()

SigMatch* DetectGetLastSMByListPtr ( const Signature s,
SigMatch sm_list,
  ... 
)

Returns the sm with the largest index (added last) from the list passed to us as a pointer.

Parameters
sm_listpointer to the SigMatch we should look before
va_argslist of keyword types terminated by -1
Return values
sm_lastto last sm.

Definition at line 681 of file detect-parse.c.

Referenced by DetectGetLastSMFromMpmLists().

Here is the caller graph for this function:

◆ DetectGetLastSMFromLists()

SigMatch* DetectGetLastSMFromLists ( const Signature s,
  ... 
)

Returns the sm with the largest index (added latest) from the lists passed to us.

Return values
Pointerto Last sm.

Definition at line 619 of file detect-parse.c.

References SignatureInitData_::buffer_index, SignatureInitData_::buffers, DETECT_SM_LIST_NOTSET, SignatureInitDataBuffer_::id, Signature_::init_data, SignatureInitData_::list, and SCLogDebug.

◆ DetectGetLastSMFromMpmLists()

SigMatch* DetectGetLastSMFromMpmLists ( const DetectEngineCtx de_ctx,
const Signature s 
)

◆ DetectListToHumanString()

const char* DetectListToHumanString ( int  list)

Definition at line 171 of file detect-parse.c.

Referenced by DumpPatterns().

Here is the caller graph for this function:

◆ DetectListToString()

const char* DetectListToString ( int  list)

Definition at line 189 of file detect-parse.c.

◆ DetectParseDupSigHashFree()

void DetectParseDupSigHashFree ( DetectEngineCtx de_ctx)

Frees the hash table that is used to cull duplicate sigs.

Parameters
de_ctxPointer to the detection engine context that holds this table.

Definition at line 2440 of file detect-parse.c.

References de_ctx, DetectEngineCtx_::dup_sig_hash_table, and HashListTableFree().

Referenced by DetectEngineCtxFree().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DetectParseDupSigHashInit()

int DetectParseDupSigHashInit ( DetectEngineCtx de_ctx)

Initializes the hash table that is used to cull duplicate sigs.

Parameters
de_ctxPointer to the detection engine context.
Return values
0On success.
-1On failure.

Definition at line 2423 of file detect-parse.c.

References de_ctx, DetectEngineCtx_::dup_sig_hash_table, and HashListTableInit().

Here is the call graph for this function:

◆ DetectParseFreeRegex()

void DetectParseFreeRegex ( DetectParseRegex r)

Definition at line 2684 of file detect-parse.c.

References DetectParseRegex::context, and DetectParseRegex::regex.

◆ DetectParseFreeRegexes()

void DetectParseFreeRegexes ( void  )

Definition at line 2694 of file detect-parse.c.

◆ DetectParsePcreExec()

int DetectParsePcreExec ( DetectParseRegex parse_regex,
pcre2_match_data **  match,
const char *  str,
int  start_offset,
int  options 
)

Definition at line 2674 of file detect-parse.c.

◆ DetectParseRegexAddToFreeList()

void DetectParseRegexAddToFreeList ( DetectParseRegex detect_parse)

add regex and/or study to at exit free list

Definition at line 2710 of file detect-parse.c.

References FatalError, DetectParseRegex::next, DetectParseRegex::regex, and SCCalloc.

Referenced by DetectSetupParseRegexesOpts().

Here is the caller graph for this function:

◆ DetectParseRegisterTests()

void DetectParseRegisterTests ( void  )

this function registers unit tests for DetectParse

Definition at line 146 of file detect-parse.c.

References UtRegisterTest().

Referenced by SigParseRegisterTests().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DetectSetupParseRegexes()

void DetectSetupParseRegexes ( const char *  parse_str,
DetectParseRegex detect_parse 
)

Definition at line 2791 of file detect-parse.c.

References DetectSetupParseRegexesOpts(), and FatalError.

Here is the call graph for this function:

◆ DetectSetupParseRegexesOpts()

bool DetectSetupParseRegexesOpts ( const char *  parse_str,
DetectParseRegex detect_parse,
int  opts 
)

Definition at line 2721 of file detect-parse.c.

References DetectParseRegexAddToFreeList(), DetectParseRegex::regex, and SCLogError.

Referenced by DetectSetupParseRegexes().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DetectSetupPCRE2()

DetectParseRegex* DetectSetupPCRE2 ( const char *  parse_str,
int  opts 
)

◆ DetectSignatureAddTransform()

◆ DetectSignatureSetAppProto()

int DetectSignatureSetAppProto ( Signature s,
AppProto  alproto 
)

Definition at line 1753 of file detect-parse.c.

References Signature_::alproto, ALPROTO_DCERPC, ALPROTO_FAILED, ALPROTO_SMB, ALPROTO_UNKNOWN, AppProtoToString(), and SCLogError.

Here is the call graph for this function:

◆ SC_Pcre2SubstringCopy()

int SC_Pcre2SubstringCopy ( pcre2_match_data *  match_data,
uint32_t  number,
PCRE2_UCHAR *  buffer,
PCRE2_SIZE *  bufflen 
)

Definition at line 2767 of file detect-parse.c.

◆ SC_Pcre2SubstringGet()

int SC_Pcre2SubstringGet ( pcre2_match_data *  match_data,
uint32_t  number,
PCRE2_UCHAR **  bufferptr,
PCRE2_SIZE *  bufflen 
)

Definition at line 2779 of file detect-parse.c.

◆ SigAlloc()

◆ SigFree()

◆ SigInit()

Signature* SigInit ( DetectEngineCtx de_ctx,
const char *  sigstr 
)

Parses a signature and adds it to the Detection Engine Context.

Parameters
de_ctxPointer to the Detection Engine Context.
sigstrPointer to a character string containing the signature to be parsed.
Return values
Pointerto the Signature instance on success; NULL on failure.

Definition at line 2314 of file detect-parse.c.

References de_ctx, SCEnter, DetectEngineCtx_::sigerror_ok, DetectEngineCtx_::sigerror_requires, DetectEngineCtx_::sigerror_silent, and DetectEngineCtx_::signum.

Referenced by DetectEngineAppendSig(), LLVMFuzzerTestOneInput(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().

Here is the caller graph for this function:

◆ SigMatchAlloc()

SigMatch* SigMatchAlloc ( void  )

Definition at line 333 of file detect-parse.c.

References SigMatch_::next, SigMatch_::prev, SCCalloc, and unlikely.

◆ SigMatchAppendSMToList()

SigMatch* SigMatchAppendSMToList ( DetectEngineCtx de_ctx,
Signature s,
uint16_t  type,
SigMatchCtx ctx,
const int  list 
)

Append a SigMatch to the list type.

Parameters
sSignature.
newThe sig match to append.
listThe list to append to.

Definition at line 447 of file detect-parse.c.

Referenced by DetectContentSetup(), and DetectFlowvarPostMatchSetup().

Here is the caller graph for this function:

◆ SigMatchFree()

void SigMatchFree ( DetectEngineCtx de_ctx,
SigMatch sm 
)

free a SigMatch

Parameters
smSigMatch to free.

free the ctx, for that we call the Free func

Definition at line 347 of file detect-parse.c.

References SigMatch_::ctx, de_ctx, SigTableElmt_::Free, SCFree, sigmatch_table, and SigMatch_::type.

Referenced by DetectIPProtoRemoveAllSMs(), and SigFree().

Here is the caller graph for this function:

◆ SigMatchList2DataArray()

SigMatchData* SigMatchList2DataArray ( SigMatch head)

convert SigMatch list to SigMatchData array

Note
ownership of sm->ctx is transferred to smd->ctx

Definition at line 1883 of file detect-parse.c.

References len.

Referenced by DetectEngineAppInspectionEngine2Signature().

Here is the caller graph for this function:

◆ SigMatchListSMBelongsTo()

◆ SigMatchRemoveSMFromList()

void SigMatchRemoveSMFromList ( Signature s,
SigMatch sm,
int  sm_list 
)

Definition at line 540 of file detect-parse.c.

References Signature_::init_data, SigMatch_::next, SigMatch_::prev, SignatureInitData_::smlists, and SignatureInitData_::smlists_tail.

Referenced by DetectIPProtoRemoveAllSMs().

Here is the caller graph for this function:

◆ SigMatchSilentErrorEnabled()

bool SigMatchSilentErrorEnabled ( const DetectEngineCtx de_ctx,
const enum DetectKeywordId  id 
)

Definition at line 389 of file detect-parse.c.

References de_ctx, and DetectEngineCtx_::sm_types_silent_error.

◆ SigMatchStrictEnabled()

bool SigMatchStrictEnabled ( const enum DetectKeywordId  id)

Definition at line 395 of file detect-parse.c.

References DETECT_TBLSIZE, flags, SIGMATCH_STRICT_PARSING, and sigmatch_table.

◆ SignatureInitDataBufferCheckExpand()

int SignatureInitDataBufferCheckExpand ( Signature s)

check if buffers array still has space left, expand if not

Definition at line 1509 of file detect-parse.c.

References SignatureInitData_::buffer_index, SignatureInitData_::buffers, SignatureInitData_::buffers_size, Signature_::init_data, and SCRealloc.

Referenced by DetectBufferGetActiveList().

Here is the caller graph for this function:

◆ SigParseRegisterTests()

void SigParseRegisterTests ( void  )

Definition at line 4469 of file detect-parse.c.

References DetectParseRegisterTests(), and UtRegisterTest().

Referenced by SigRegisterTests().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ SigTableApplyStrictCommandLineOption()

void SigTableApplyStrictCommandLineOption ( const char *  str)

Variable Documentation

◆ filehandler_table

Definition at line 77 of file detect-parse.c.

◆ sc_set_caps

bool sc_set_caps

set caps or not

Definition at line 193 of file suricata.c.

◆ sigmatch_table

SigTableElmt sigmatch_table[DETECT_TBLSIZE]

Definition at line 127 of file detect-parse.c.

Referenced by DetectAckRegister(), DetectAppLayerEventRegister(), DetectAppLayerMpmRegisterByParentId(), DetectAppLayerProtocolRegister(), DetectAsn1Register(), DetectBase64DataRegister(), DetectBase64DecodeRegister(), DetectBsizeRegister(), DetectBypassRegister(), DetectByteExtractRegister(), DetectBytejumpRegister(), DetectBytemathRegister(), DetectBytetestRegister(), DetectCipServiceRegister(), DetectClasstypeRegister(), DetectConfigRegister(), DetectContentRegister(), DetectCsumRegister(), DetectDatarepRegister(), DetectDatasetRegister(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectDceStubDataRegister(), DetectDepthRegister(), DetectDetectionFilterRegister(), DetectDHCPLeaseTimeRegister(), DetectDHCPRebindingTimeRegister(), DetectDHCPRenewalTimeRegister(), DetectDistanceRegister(), DetectDnsAnswerNameRegister(), DetectDnsOpcodeRegister(), DetectDnsQueryNameRegister(), DetectDnsQueryRegister(), DetectDnsRcodeRegister(), DetectDnsRrtypeRegister(), DetectDsizeRegister(), DetectEngineAppInspectionEngineSignatureFree(), DetectEngineBufferTypeValidateTransform(), DetectEngineContentModifierBufferSetup(), DetectEngineEventRegister(), DetectEngineInspectGenericList(), DetectEnipCommandRegister(), DetectFastPatternRegister(), DetectFiledataRegister(), DetectFilemagicRegister(), DetectFileMd5Register(), DetectFilenameRegister(), DetectFileSha1Register(), DetectFileSha256Register(), DetectFilesizeRegister(), DetectFilestoreRegister(), DetectFlagsRegister(), DetectFlowAgeRegister(), DetectFlowbitsRegister(), DetectFlowBytesToClientRegister(), DetectFlowBytesToServerRegister(), DetectFlowintRegister(), DetectFlowPktsToClientRegister(), DetectFlowPktsToServerRegister(), DetectFlowRegister(), DetectFlowvarRegister(), DetectFragBitsRegister(), DetectFragOffsetRegister(), DetectFrameRegister(), DetectFtpbounceRegister(), DetectFtpdataRegister(), DetectGeoipRegister(), DetectGidRegister(), DetectHostbitsRegister(), DetectHttp2Register(), DetectHttpClientBodyRegister(), DetectHttpCookieRegister(), DetectHttpHeaderNamesRegister(), DetectHttpHeaderRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpProtocolRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseHeaderRegister(), DetectHttpResponseLineRegister(), DetectHttpServerBodyRegister(), DetectHttpStartRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriRegister(), DetectIcmpIdRegister(), DetectIcmpSeqRegister(), DetectIcmpv4HdrRegister(), DetectICMPv6hdrRegister(), DetectICMPv6mtuRegister(), DetectICodeRegister(), DetectIdRegister(), DetectIkeChosenSaRegister(), DetectIkeExchTypeRegister(), DetectIkeKeyExchangePayloadLengthRegister(), DetectIkeKeyExchangeRegister(), DetectIkeNoncePayloadLengthRegister(), DetectIkeNonceRegister(), DetectIkeSpiRegister(), DetectIkeVendorRegister(), DetectIPAddrBufferRegister(), DetectIpOptsRegister(), DetectIPProtoRegister(), DetectIPRepRegister(), DetectIpv4hdrRegister(), DetectIpv6hdrRegister(), DetectIsdataatRegister(), DetectITypeRegister(), DetectKrb5CNameRegister(), DetectKrb5ErrCodeRegister(), DetectKrb5MsgTypeRegister(), DetectKrb5SNameRegister(), DetectKrb5TicketEncryptionRegister(), DetectL3ProtoRegister(), DetectLuaRegister(), DetectMarkRegister(), DetectMetadataRegister(), DetectModbusRegister(), DetectMQTTConnackSessionPresentRegister(), DetectMQTTConnectClientIDRegister(), DetectMQTTConnectFlagsRegister(), DetectMQTTConnectPasswordRegister(), DetectMQTTConnectProtocolStringRegister(), DetectMQTTConnectUsernameRegister(), DetectMQTTConnectWillMessageRegister(), DetectMQTTConnectWillTopicRegister(), DetectMQTTFlagsRegister(), DetectMQTTProtocolVersionRegister(), DetectMQTTPublishMessageRegister(), DetectMQTTPublishTopicRegister(), DetectMQTTQosRegister(), DetectMQTTReasonCodeRegister(), DetectMQTTSubscribeTopicRegister(), DetectMQTTTypeRegister(), DetectMQTTUnsubscribeTopicRegister(), DetectMsgRegister(), DetectNfsProcedureRegister(), DetectNfsVersionRegister(), DetectNoalertRegister(), DetectNocaseRegister(), DetectOffsetRegister(), DetectPcreRegister(), DetectPktDataRegister(), DetectPktvarRegister(), DetectPrefilterRegister(), DetectPriorityRegister(), DetectQuicCyuHashRegister(), DetectQuicCyuStringRegister(), DetectQuicSniRegister(), DetectQuicUaRegister(), DetectQuicVersionRegister(), DetectRawbytesRegister(), DetectReferenceRegister(), DetectReplaceRegister(), DetectRequiresRegister(), DetectRevRegister(), DetectRfbNameRegister(), DetectRfbSecresultRegister(), DetectRfbSectypeRegister(), DetectRpcRegister(), DetectSameipRegister(), DetectSeqRegister(), DetectSidRegister(), DetectSipMethodRegister(), DetectSipProtocolRegister(), DetectSipRequestLineRegister(), DetectSipResponseLineRegister(), DetectSipStatCodeRegister(), DetectSipStatMsgRegister(), DetectSipUriRegister(), DetectSmbNamedPipeRegister(), DetectSmbNtlmsspDomainRegister(), DetectSmbNtlmsspUserRegister(), DetectSmbShareRegister(), DetectSmbVersionRegister(), DetectSNMPCommunityRegister(), DetectSNMPPduTypeRegister(), DetectSNMPUsmRegister(), DetectSNMPVersionRegister(), DetectSshHasshRegister(), DetectSshHasshServerRegister(), DetectSshHasshServerStringRegister(), DetectSshHasshStringRegister(), DetectSshProtocolRegister(), DetectSshSoftwareRegister(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectSslStateRegister(), DetectSslVersionRegister(), DetectStreamSizeRegister(), DetectTagRegister(), DetectTargetRegister(), DetectTcphdrRegister(), DetectTcpmssRegister(), DetectTemplate2Register(), DetectTemplateRegister(), DetectTemplateRustBufferRegister(), DetectThresholdRegister(), DetectTlsCertChainLenRegister(), DetectTlsCertsRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), DetectTlsJa3SStringRegister(), DetectTlsJa3StringRegister(), DetectTlsRandomBytesRegister(), DetectTlsRandomRegister(), DetectTlsRandomTimeRegister(), DetectTlsRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), DetectTlsSubjectRegister(), DetectTlsValidityRegister(), DetectTlsVersionRegister(), DetectTosRegister(), DetectTransformCompressWhitespaceRegister(), DetectTransformDotPrefixRegister(), DetectTransformHeaderLowercaseRegister(), DetectTransformMd5Register(), DetectTransformPcrexformRegister(), DetectTransformSha1Register(), DetectTransformSha256Register(), DetectTransformStripPseudoHeadersRegister(), DetectTransformStripWhitespaceRegister(), DetectTransformToLowerRegister(), DetectTransformToUpperRegister(), DetectTransformUrlDecodeRegister(), DetectTransformXorRegister(), DetectTtlRegister(), DetectUdphdrRegister(), DetectUricontentRegister(), DetectUrilenRegister(), DetectWindowRegister(), DetectWithinRegister(), DetectXbitsRegister(), EngineAnalysisFP(), EngineAnalysisRules2(), InspectionBufferApplyTransforms(), PrefilterSetupRuleGroup(), SigFree(), SigMatchFree(), SigMatchStrictEnabled(), SigTableApplyStrictCommandLineOption(), SigTableList(), SigTableRegisterTests(), and SigTableSetup().