suricata
|
#include "suricata-common.h"
#include "detect.h"
#include "detect-engine.h"
#include "detect-engine-address.h"
#include "detect-engine-port.h"
#include "detect-engine-mpm.h"
#include "detect-engine-state.h"
#include "detect-engine-build.h"
#include "detect-content.h"
#include "detect-bsize.h"
#include "detect-pcre.h"
#include "detect-uricontent.h"
#include "detect-reference.h"
#include "detect-ipproto.h"
#include "detect-flow.h"
#include "detect-app-layer-protocol.h"
#include "detect-lua.h"
#include "detect-app-layer-event.h"
#include "detect-http-method.h"
#include "pkt-var.h"
#include "host.h"
#include "util-profiling.h"
#include "decode.h"
#include "flow.h"
#include "util-rule-vars.h"
#include "conf.h"
#include "conf-yaml-loader.h"
#include "app-layer.h"
#include "app-layer-protos.h"
#include "app-layer-parser.h"
#include "app-layer-htp.h"
#include "util-classification-config.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "util-debug.h"
#include "string.h"
#include "detect-parse.h"
#include "detect-engine-iponly.h"
#include "app-layer-detect-proto.h"
#include "action-globals.h"
#include "util-validate.h"
#include "detect-engine-alert.h"
#include "packet.h"
#include "tests/detect-parse.c"
Go to the source code of this file.
Data Structures | |
struct | SigDuplWrapper_ |
Registration table for file handlers. More... | |
struct | SignatureParser_ |
Macros | |
#define | CONFIG_PARTS 8 |
#define | CONFIG_ACTION 0 |
#define | CONFIG_PROTO 1 |
#define | CONFIG_SRC 2 |
#define | CONFIG_SP 3 |
#define | CONFIG_DIREC 4 |
#define | CONFIG_DST 5 |
#define | CONFIG_DP 6 |
#define | CONFIG_OPTS 7 |
#define | CASE_CODE_STRING(E, S) case E: return S; break |
#define | CASE_CODE(E) case E: return #E |
#define | URL "https://suricata.io/our-story/deprecation-policy/" |
Typedefs | |
typedef struct SigDuplWrapper_ | SigDuplWrapper |
Registration table for file handlers. More... | |
typedef struct SignatureParser_ | SignatureParser |
Functions | |
void | DetectFileRegisterFileProtocols (DetectFileHandlerTableElmt *reg) |
const char * | DetectListToHumanString (int list) |
const char * | DetectListToString (int list) |
int | DetectEngineContentModifierBufferSetup (DetectEngineCtx *de_ctx, Signature *s, const char *arg, int sm_type, int sm_list, AppProto alproto) |
SigMatch * | SigMatchAlloc (void) |
void | SigMatchFree (DetectEngineCtx *de_ctx, SigMatch *sm) |
free a SigMatch More... | |
bool | SigMatchSilentErrorEnabled (const DetectEngineCtx *de_ctx, const enum DetectKeywordId id) |
bool | SigMatchStrictEnabled (const enum DetectKeywordId id) |
void | SigTableApplyStrictCommandLineOption (const char *str) |
SigMatch * | SigMatchAppendSMToList (DetectEngineCtx *de_ctx, Signature *s, uint16_t type, SigMatchCtx *ctx, const int list) |
Append a SigMatch to the list type. More... | |
void | SigMatchRemoveSMFromList (Signature *s, SigMatch *sm, int sm_list) |
SigMatch * | DetectGetLastSMFromMpmLists (const DetectEngineCtx *de_ctx, const Signature *s) |
get the last SigMatch from lists that support MPM. More... | |
SigMatch * | DetectGetLastSMFromLists (const Signature *s,...) |
Returns the sm with the largest index (added latest) from the lists passed to us. More... | |
SigMatch * | DetectGetLastSMByListPtr (const Signature *s, SigMatch *sm_list,...) |
Returns the sm with the largest index (added last) from the list passed to us as a pointer. More... | |
SigMatch * | DetectGetLastSMByListId (const Signature *s, int list_id,...) |
Returns the sm with the largest index (added last) from the list passed to us as an id. More... | |
SigMatch * | DetectGetLastSM (const Signature *s) |
Returns the sm with the largest index (added latest) from this sig. More... | |
int | SigMatchListSMBelongsTo (const Signature *s, const SigMatch *key_sm) |
int | SignatureInitDataBufferCheckExpand (Signature *s) |
check if buffers array still has space left, expand if not More... | |
Signature * | SigAlloc (void) |
void | SigFree (DetectEngineCtx *de_ctx, Signature *s) |
int | DetectSignatureAddTransform (Signature *s, int transform, void *options) |
int | DetectSignatureSetAppProto (Signature *s, AppProto alproto) |
SigMatchData * | SigMatchList2DataArray (SigMatch *head) |
convert SigMatch list to SigMatchData array More... | |
Signature * | SigInit (DetectEngineCtx *de_ctx, const char *sigstr) |
Parses a signature and adds it to the Detection Engine Context. More... | |
int | DetectParseDupSigHashInit (DetectEngineCtx *de_ctx) |
Initializes the hash table that is used to cull duplicate sigs. More... | |
void | DetectParseDupSigHashFree (DetectEngineCtx *de_ctx) |
Frees the hash table that is used to cull duplicate sigs. More... | |
Signature * | DetectEngineAppendSig (DetectEngineCtx *de_ctx, const char *sigstr) |
Parse and append a Signature into the Detection Engine Context signature list. More... | |
int | DetectParsePcreExec (DetectParseRegex *parse_regex, pcre2_match_data **match, const char *str, int start_offset, int options) |
void | DetectParseFreeRegex (DetectParseRegex *r) |
void | DetectParseFreeRegexes (void) |
void | DetectParseRegexAddToFreeList (DetectParseRegex *detect_parse) |
add regex and/or study to at exit free list More... | |
bool | DetectSetupParseRegexesOpts (const char *parse_str, DetectParseRegex *detect_parse, int opts) |
DetectParseRegex * | DetectSetupPCRE2 (const char *parse_str, int opts) |
int | SC_Pcre2SubstringCopy (pcre2_match_data *match_data, uint32_t number, PCRE2_UCHAR *buffer, PCRE2_SIZE *bufflen) |
int | SC_Pcre2SubstringGet (pcre2_match_data *match_data, uint32_t number, PCRE2_UCHAR **bufferptr, PCRE2_SIZE *bufflen) |
void | DetectSetupParseRegexes (const char *parse_str, DetectParseRegex *detect_parse) |
void | DetectParseRegisterTests (void) |
this function registers unit tests for DetectParse More... | |
void | SigParseRegisterTests (void) |
Variables | |
DetectFileHandlerTableElmt | filehandler_table [DETECT_TBLSIZE] |
SigTableElmt | sigmatch_table [DETECT_TBLSIZE] |
bool | sc_set_caps |
signature parser
Definition in file detect-parse.c.
#define CASE_CODE | ( | E | ) | case E: return #E |
Definition at line 189 of file detect-parse.c.
#define CASE_CODE_STRING | ( | E, | |
S | |||
) | case E: return S; break |
#define CONFIG_ACTION 0 |
Definition at line 151 of file detect-parse.c.
#define CONFIG_DIREC 4 |
Definition at line 155 of file detect-parse.c.
#define CONFIG_DP 6 |
Definition at line 157 of file detect-parse.c.
#define CONFIG_DST 5 |
Definition at line 156 of file detect-parse.c.
#define CONFIG_OPTS 7 |
Definition at line 158 of file detect-parse.c.
#define CONFIG_PARTS 8 |
Definition at line 149 of file detect-parse.c.
#define CONFIG_PROTO 1 |
Definition at line 152 of file detect-parse.c.
#define CONFIG_SP 3 |
Definition at line 154 of file detect-parse.c.
#define CONFIG_SRC 2 |
Definition at line 153 of file detect-parse.c.
#define URL "https://suricata.io/our-story/deprecation-policy/" |
typedef struct SigDuplWrapper_ SigDuplWrapper |
Registration table for file handlers.
We use this as data to the hash table DetectEngineCtx->dup_sig_hash_table.
typedef struct SignatureParser_ SignatureParser |
helper structure for sig parsing
Signature* DetectEngineAppendSig | ( | DetectEngineCtx * | de_ctx, |
const char * | sigstr | ||
) |
Parse and append a Signature into the Detection Engine Context signature list.
If the signature is bidirectional it should append two signatures (with the addresses switched) into the list. Also handle duplicate signatures. In case of duplicate sigs, use the ones that have the latest revision. We use the sid and the msg to identify duplicate sigs. If 2 sigs have the same sid and gid, they are duplicates.
de_ctx | Pointer to the Detection Engine Context. |
sigstr | Pointer to a character string containing the signature to be parsed. |
sig_file | Pointer to a character string containing the filename from which signature is read |
lineno | Line number from where signature is read |
Pointer | to the head Signature in the detection engine ctx sig_list on success; NULL on failure. |
In DetectEngineAppendSig(), the signatures are prepended and we always return the first one so if the signature is bidirectional, the returned sig will point through "next" ptr to the cloned signatures with the switched addresses
Definition at line 2620 of file detect-parse.c.
References de_ctx, and SigInit().
Referenced by UTHAppendSigs(), and UTHParseSignature().
int DetectEngineContentModifierBufferSetup | ( | DetectEngineCtx * | de_ctx, |
Signature * | s, | ||
const char * | arg, | ||
int | sm_type, | ||
int | sm_list, | ||
AppProto | alproto | ||
) |
arg | NULL or empty string |
Definition at line 205 of file detect-parse.c.
References Signature_::alproto, ALPROTO_UNKNOWN, DETECT_SM_LIST_NOTSET, Signature_::init_data, SignatureInitData_::list, SCLogError, and sigmatch_table.
Referenced by DetectHttpUriSetup().
void DetectFileRegisterFileProtocols | ( | DetectFileHandlerTableElmt * | reg | ) |
Definition at line 79 of file detect-parse.c.
References ALPROTO_FTP, ALPROTO_FTPDATA, ALPROTO_HTTP1, ALPROTO_HTTP2, ALPROTO_NFS, ALPROTO_SMB, ALPROTO_SMTP, ARRAY_SIZE, DetectFileHandlerTableElmt_::Callback, DetectAppLayerInspectEngineRegister(), DetectAppLayerMpmRegister(), DetectFileHandlerTableElmt_::GetData, DetectFileHandlerTableElmt_::name, DetectFileHandlerTableElmt_::PrefilterFn, DetectFileHandlerTableElmt_::priority, SIG_FLAG_TOCLIENT, and SIG_FLAG_TOSERVER.
Returns the sm with the largest index (added latest) from this sig.
sm_last | Pointer to last sm |
Definition at line 764 of file detect-parse.c.
References SignatureInitData_::buffer_index, SignatureInitData_::buffers, DETECT_SM_LIST_MAX, SigMatch_::idx, Signature_::init_data, SignatureInitData_::smlists_tail, and SignatureInitDataBuffer_::tail.
Returns the sm with the largest index (added last) from the list passed to us as an id.
list_id | id of the list to be searched |
va_args | list of keyword types terminated by -1 |
sm_last | to last sm. |
Definition at line 713 of file detect-parse.c.
References SignatureInitData_::buffer_index, SignatureInitData_::buffers, DETECT_SM_LIST_MAX, Signature_::init_data, and SignatureInitDataBuffer_::tail.
Returns the sm with the largest index (added last) from the list passed to us as a pointer.
sm_list | pointer to the SigMatch we should look before |
va_args | list of keyword types terminated by -1 |
sm_last | to last sm. |
Definition at line 681 of file detect-parse.c.
Referenced by DetectGetLastSMFromMpmLists().
Returns the sm with the largest index (added latest) from the lists passed to us.
Pointer | to Last sm. |
Definition at line 619 of file detect-parse.c.
References SignatureInitData_::buffer_index, SignatureInitData_::buffers, DETECT_SM_LIST_NOTSET, SignatureInitDataBuffer_::id, Signature_::init_data, SignatureInitData_::list, and SCLogDebug.
SigMatch* DetectGetLastSMFromMpmLists | ( | const DetectEngineCtx * | de_ctx, |
const Signature * | s | ||
) |
get the last SigMatch from lists that support MPM.
Definition at line 582 of file detect-parse.c.
References SignatureInitData_::buffer_index, SignatureInitData_::buffers, de_ctx, DETECT_CONTENT, DETECT_SM_LIST_MAX, DetectEngineBufferTypeSupportsMpmGetById(), DetectGetLastSMByListPtr(), SignatureInitDataBuffer_::id, SigMatch_::idx, Signature_::init_data, SignatureInitData_::smlists_tail, and SignatureInitDataBuffer_::tail.
const char* DetectListToHumanString | ( | int | list | ) |
Definition at line 171 of file detect-parse.c.
Referenced by DumpPatterns().
const char* DetectListToString | ( | int | list | ) |
Definition at line 189 of file detect-parse.c.
void DetectParseDupSigHashFree | ( | DetectEngineCtx * | de_ctx | ) |
Frees the hash table that is used to cull duplicate sigs.
de_ctx | Pointer to the detection engine context that holds this table. |
Definition at line 2440 of file detect-parse.c.
References de_ctx, DetectEngineCtx_::dup_sig_hash_table, and HashListTableFree().
Referenced by DetectEngineCtxFree().
int DetectParseDupSigHashInit | ( | DetectEngineCtx * | de_ctx | ) |
Initializes the hash table that is used to cull duplicate sigs.
de_ctx | Pointer to the detection engine context. |
0 | On success. |
-1 | On failure. |
Definition at line 2423 of file detect-parse.c.
References de_ctx, DetectEngineCtx_::dup_sig_hash_table, and HashListTableInit().
void DetectParseFreeRegex | ( | DetectParseRegex * | r | ) |
Definition at line 2684 of file detect-parse.c.
References DetectParseRegex::context, and DetectParseRegex::regex.
void DetectParseFreeRegexes | ( | void | ) |
Definition at line 2694 of file detect-parse.c.
int DetectParsePcreExec | ( | DetectParseRegex * | parse_regex, |
pcre2_match_data ** | match, | ||
const char * | str, | ||
int | start_offset, | ||
int | options | ||
) |
Definition at line 2674 of file detect-parse.c.
void DetectParseRegexAddToFreeList | ( | DetectParseRegex * | detect_parse | ) |
add regex and/or study to at exit free list
Definition at line 2710 of file detect-parse.c.
References FatalError, DetectParseRegex::next, DetectParseRegex::regex, and SCCalloc.
Referenced by DetectSetupParseRegexesOpts().
void DetectParseRegisterTests | ( | void | ) |
this function registers unit tests for DetectParse
Definition at line 146 of file detect-parse.c.
References UtRegisterTest().
Referenced by SigParseRegisterTests().
void DetectSetupParseRegexes | ( | const char * | parse_str, |
DetectParseRegex * | detect_parse | ||
) |
Definition at line 2791 of file detect-parse.c.
References DetectSetupParseRegexesOpts(), and FatalError.
bool DetectSetupParseRegexesOpts | ( | const char * | parse_str, |
DetectParseRegex * | detect_parse, | ||
int | opts | ||
) |
Definition at line 2721 of file detect-parse.c.
References DetectParseRegexAddToFreeList(), DetectParseRegex::regex, and SCLogError.
Referenced by DetectSetupParseRegexes().
DetectParseRegex* DetectSetupPCRE2 | ( | const char * | parse_str, |
int | opts | ||
) |
Definition at line 2741 of file detect-parse.c.
References DetectParseRegex::next, DetectParseRegex::regex, SCCalloc, SCFree, and SCLogError.
int DetectSignatureAddTransform | ( | Signature * | s, |
int | transform, | ||
void * | options | ||
) |
Definition at line 1728 of file detect-parse.c.
References DetectEngineTransforms::cnt, DETECT_TRANSFORMS_MAX, Signature_::init_data, SignatureInitData_::list, SignatureInitData_::list_set, TransformData_::options, SCLogDebug, SCLogError, SCReturnInt, Signature_::sig_str, TransformData_::transform, DetectEngineTransforms::transforms, and SignatureInitData_::transforms.
Definition at line 1753 of file detect-parse.c.
References Signature_::alproto, ALPROTO_DCERPC, ALPROTO_FAILED, ALPROTO_SMB, ALPROTO_UNKNOWN, AppProtoToString(), and SCLogError.
int SC_Pcre2SubstringCopy | ( | pcre2_match_data * | match_data, |
uint32_t | number, | ||
PCRE2_UCHAR * | buffer, | ||
PCRE2_SIZE * | bufflen | ||
) |
Definition at line 2767 of file detect-parse.c.
int SC_Pcre2SubstringGet | ( | pcre2_match_data * | match_data, |
uint32_t | number, | ||
PCRE2_UCHAR ** | bufferptr, | ||
PCRE2_SIZE * | bufflen | ||
) |
Definition at line 2779 of file detect-parse.c.
Signature* SigAlloc | ( | void | ) |
Definition at line 1529 of file detect-parse.c.
References SignatureInitData_::buffers, SignatureInitData_::buffers_size, DETECT_SM_LIST_NOTSET, Signature_::init_data, SignatureInitData_::list, SignatureInitData_::mpm_sm_list, Signature_::prio, SCCalloc, SCFree, and unlikely.
void SigFree | ( | DetectEngineCtx * | de_ctx, |
Signature * | s | ||
) |
Definition at line 1644 of file detect-parse.c.
References SignatureInitData_::buffer_index, SignatureInitData_::buffers, SignatureInitData_::cidr_dst, SignatureInitData_::cidr_src, DetectEngineTransforms::cnt, de_ctx, DETECT_SM_LIST_MAX, SigTableElmt_::Free, SignatureInitDataBuffer_::head, Signature_::init_data, IPOnlyCIDRListFree(), SigMatch_::next, TransformData_::options, SCFree, sigmatch_table, SigMatchFree(), SignatureInitData_::smlists, TransformData_::transform, DetectEngineTransforms::transforms, and SignatureInitData_::transforms.
Referenced by LLVMFuzzerTestOneInput(), and SigCleanSignatures().
Signature* SigInit | ( | DetectEngineCtx * | de_ctx, |
const char * | sigstr | ||
) |
Parses a signature and adds it to the Detection Engine Context.
de_ctx | Pointer to the Detection Engine Context. |
sigstr | Pointer to a character string containing the signature to be parsed. |
Pointer | to the Signature instance on success; NULL on failure. |
Definition at line 2314 of file detect-parse.c.
References de_ctx, SCEnter, DetectEngineCtx_::sigerror_ok, DetectEngineCtx_::sigerror_requires, DetectEngineCtx_::sigerror_silent, and DetectEngineCtx_::signum.
Referenced by DetectEngineAppendSig(), LLVMFuzzerTestOneInput(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().
SigMatch* SigMatchAlloc | ( | void | ) |
Definition at line 333 of file detect-parse.c.
References SigMatch_::next, SigMatch_::prev, SCCalloc, and unlikely.
SigMatch* SigMatchAppendSMToList | ( | DetectEngineCtx * | de_ctx, |
Signature * | s, | ||
uint16_t | type, | ||
SigMatchCtx * | ctx, | ||
const int | list | ||
) |
Append a SigMatch to the list type.
s | Signature. |
new | The sig match to append. |
list | The list to append to. |
Definition at line 447 of file detect-parse.c.
Referenced by DetectContentSetup(), and DetectFlowvarPostMatchSetup().
void SigMatchFree | ( | DetectEngineCtx * | de_ctx, |
SigMatch * | sm | ||
) |
free a SigMatch
sm | SigMatch to free. |
free the ctx, for that we call the Free func
Definition at line 347 of file detect-parse.c.
References SigMatch_::ctx, de_ctx, SigTableElmt_::Free, SCFree, sigmatch_table, and SigMatch_::type.
Referenced by DetectIPProtoRemoveAllSMs(), and SigFree().
SigMatchData* SigMatchList2DataArray | ( | SigMatch * | head | ) |
convert SigMatch list to SigMatchData array
Definition at line 1883 of file detect-parse.c.
References len.
Referenced by DetectEngineAppInspectionEngine2Signature().
Definition at line 820 of file detect-parse.c.
References SignatureInitData_::buffer_index, SignatureInitData_::buffers, SignatureInitDataBuffer_::head, SignatureInitDataBuffer_::id, Signature_::init_data, and SigMatch_::next.
Definition at line 540 of file detect-parse.c.
References Signature_::init_data, SigMatch_::next, SigMatch_::prev, SignatureInitData_::smlists, and SignatureInitData_::smlists_tail.
Referenced by DetectIPProtoRemoveAllSMs().
bool SigMatchSilentErrorEnabled | ( | const DetectEngineCtx * | de_ctx, |
const enum DetectKeywordId | id | ||
) |
Definition at line 389 of file detect-parse.c.
References de_ctx, and DetectEngineCtx_::sm_types_silent_error.
bool SigMatchStrictEnabled | ( | const enum DetectKeywordId | id | ) |
Definition at line 395 of file detect-parse.c.
References DETECT_TBLSIZE, flags, SIGMATCH_STRICT_PARSING, and sigmatch_table.
int SignatureInitDataBufferCheckExpand | ( | Signature * | s | ) |
check if buffers array still has space left, expand if not
Definition at line 1509 of file detect-parse.c.
References SignatureInitData_::buffer_index, SignatureInitData_::buffers, SignatureInitData_::buffers_size, Signature_::init_data, and SCRealloc.
Referenced by DetectBufferGetActiveList().
void SigParseRegisterTests | ( | void | ) |
Definition at line 4469 of file detect-parse.c.
References DetectParseRegisterTests(), and UtRegisterTest().
Referenced by SigRegisterTests().
void SigTableApplyStrictCommandLineOption | ( | const char * | str | ) |
Definition at line 403 of file detect-parse.c.
References DETECT_TBLSIZE, FatalError, SigTableElmt_::flags, SCStrdup, SIGMATCH_STRICT_PARSING, sigmatch_table, and str.
DetectFileHandlerTableElmt filehandler_table[DETECT_TBLSIZE] |
Definition at line 77 of file detect-parse.c.
bool sc_set_caps |
set caps or not
Definition at line 193 of file suricata.c.
SigTableElmt sigmatch_table[DETECT_TBLSIZE] |
Definition at line 127 of file detect-parse.c.
Referenced by DetectAckRegister(), DetectAppLayerEventRegister(), DetectAppLayerMpmRegisterByParentId(), DetectAppLayerProtocolRegister(), DetectAsn1Register(), DetectBase64DataRegister(), DetectBase64DecodeRegister(), DetectBsizeRegister(), DetectBypassRegister(), DetectByteExtractRegister(), DetectBytejumpRegister(), DetectBytemathRegister(), DetectBytetestRegister(), DetectCipServiceRegister(), DetectClasstypeRegister(), DetectConfigRegister(), DetectContentRegister(), DetectCsumRegister(), DetectDatarepRegister(), DetectDatasetRegister(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectDceStubDataRegister(), DetectDepthRegister(), DetectDetectionFilterRegister(), DetectDHCPLeaseTimeRegister(), DetectDHCPRebindingTimeRegister(), DetectDHCPRenewalTimeRegister(), DetectDistanceRegister(), DetectDnsAnswerNameRegister(), DetectDnsOpcodeRegister(), DetectDnsQueryNameRegister(), DetectDnsQueryRegister(), DetectDnsRcodeRegister(), DetectDnsRrtypeRegister(), DetectDsizeRegister(), DetectEngineAppInspectionEngineSignatureFree(), DetectEngineBufferTypeValidateTransform(), DetectEngineContentModifierBufferSetup(), DetectEngineEventRegister(), DetectEngineInspectGenericList(), DetectEnipCommandRegister(), DetectFastPatternRegister(), DetectFiledataRegister(), DetectFilemagicRegister(), DetectFileMd5Register(), DetectFilenameRegister(), DetectFileSha1Register(), DetectFileSha256Register(), DetectFilesizeRegister(), DetectFilestoreRegister(), DetectFlagsRegister(), DetectFlowAgeRegister(), DetectFlowbitsRegister(), DetectFlowBytesToClientRegister(), DetectFlowBytesToServerRegister(), DetectFlowintRegister(), DetectFlowPktsToClientRegister(), DetectFlowPktsToServerRegister(), DetectFlowRegister(), DetectFlowvarRegister(), DetectFragBitsRegister(), DetectFragOffsetRegister(), DetectFrameRegister(), DetectFtpbounceRegister(), DetectFtpdataRegister(), DetectGeoipRegister(), DetectGidRegister(), DetectHostbitsRegister(), DetectHttp2Register(), DetectHttpClientBodyRegister(), DetectHttpCookieRegister(), DetectHttpHeaderNamesRegister(), DetectHttpHeaderRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpProtocolRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseHeaderRegister(), DetectHttpResponseLineRegister(), DetectHttpServerBodyRegister(), DetectHttpStartRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriRegister(), DetectIcmpIdRegister(), DetectIcmpSeqRegister(), DetectIcmpv4HdrRegister(), DetectICMPv6hdrRegister(), DetectICMPv6mtuRegister(), DetectICodeRegister(), DetectIdRegister(), DetectIkeChosenSaRegister(), DetectIkeExchTypeRegister(), DetectIkeKeyExchangePayloadLengthRegister(), DetectIkeKeyExchangeRegister(), DetectIkeNoncePayloadLengthRegister(), DetectIkeNonceRegister(), DetectIkeSpiRegister(), DetectIkeVendorRegister(), DetectIPAddrBufferRegister(), DetectIpOptsRegister(), DetectIPProtoRegister(), DetectIPRepRegister(), DetectIpv4hdrRegister(), DetectIpv6hdrRegister(), DetectIsdataatRegister(), DetectITypeRegister(), DetectKrb5CNameRegister(), DetectKrb5ErrCodeRegister(), DetectKrb5MsgTypeRegister(), DetectKrb5SNameRegister(), DetectKrb5TicketEncryptionRegister(), DetectL3ProtoRegister(), DetectLuaRegister(), DetectMarkRegister(), DetectMetadataRegister(), DetectModbusRegister(), DetectMQTTConnackSessionPresentRegister(), DetectMQTTConnectClientIDRegister(), DetectMQTTConnectFlagsRegister(), DetectMQTTConnectPasswordRegister(), DetectMQTTConnectProtocolStringRegister(), DetectMQTTConnectUsernameRegister(), DetectMQTTConnectWillMessageRegister(), DetectMQTTConnectWillTopicRegister(), DetectMQTTFlagsRegister(), DetectMQTTProtocolVersionRegister(), DetectMQTTPublishMessageRegister(), DetectMQTTPublishTopicRegister(), DetectMQTTQosRegister(), DetectMQTTReasonCodeRegister(), DetectMQTTSubscribeTopicRegister(), DetectMQTTTypeRegister(), DetectMQTTUnsubscribeTopicRegister(), DetectMsgRegister(), DetectNfsProcedureRegister(), DetectNfsVersionRegister(), DetectNoalertRegister(), DetectNocaseRegister(), DetectOffsetRegister(), DetectPcreRegister(), DetectPktDataRegister(), DetectPktvarRegister(), DetectPrefilterRegister(), DetectPriorityRegister(), DetectQuicCyuHashRegister(), DetectQuicCyuStringRegister(), DetectQuicSniRegister(), DetectQuicUaRegister(), DetectQuicVersionRegister(), DetectRawbytesRegister(), DetectReferenceRegister(), DetectReplaceRegister(), DetectRequiresRegister(), DetectRevRegister(), DetectRfbNameRegister(), DetectRfbSecresultRegister(), DetectRfbSectypeRegister(), DetectRpcRegister(), DetectSameipRegister(), DetectSeqRegister(), DetectSidRegister(), DetectSipMethodRegister(), DetectSipProtocolRegister(), DetectSipRequestLineRegister(), DetectSipResponseLineRegister(), DetectSipStatCodeRegister(), DetectSipStatMsgRegister(), DetectSipUriRegister(), DetectSmbNamedPipeRegister(), DetectSmbNtlmsspDomainRegister(), DetectSmbNtlmsspUserRegister(), DetectSmbShareRegister(), DetectSmbVersionRegister(), DetectSNMPCommunityRegister(), DetectSNMPPduTypeRegister(), DetectSNMPUsmRegister(), DetectSNMPVersionRegister(), DetectSshHasshRegister(), DetectSshHasshServerRegister(), DetectSshHasshServerStringRegister(), DetectSshHasshStringRegister(), DetectSshProtocolRegister(), DetectSshSoftwareRegister(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectSslStateRegister(), DetectSslVersionRegister(), DetectStreamSizeRegister(), DetectTagRegister(), DetectTargetRegister(), DetectTcphdrRegister(), DetectTcpmssRegister(), DetectTemplate2Register(), DetectTemplateRegister(), DetectTemplateRustBufferRegister(), DetectThresholdRegister(), DetectTlsCertChainLenRegister(), DetectTlsCertsRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), DetectTlsJa3SStringRegister(), DetectTlsJa3StringRegister(), DetectTlsRandomBytesRegister(), DetectTlsRandomRegister(), DetectTlsRandomTimeRegister(), DetectTlsRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), DetectTlsSubjectRegister(), DetectTlsValidityRegister(), DetectTlsVersionRegister(), DetectTosRegister(), DetectTransformCompressWhitespaceRegister(), DetectTransformDotPrefixRegister(), DetectTransformHeaderLowercaseRegister(), DetectTransformMd5Register(), DetectTransformPcrexformRegister(), DetectTransformSha1Register(), DetectTransformSha256Register(), DetectTransformStripPseudoHeadersRegister(), DetectTransformStripWhitespaceRegister(), DetectTransformToLowerRegister(), DetectTransformToUpperRegister(), DetectTransformUrlDecodeRegister(), DetectTransformXorRegister(), DetectTtlRegister(), DetectUdphdrRegister(), DetectUricontentRegister(), DetectUrilenRegister(), DetectWindowRegister(), DetectWithinRegister(), DetectXbitsRegister(), EngineAnalysisFP(), EngineAnalysisRules2(), InspectionBufferApplyTransforms(), PrefilterSetupRuleGroup(), SigFree(), SigMatchFree(), SigMatchStrictEnabled(), SigTableApplyStrictCommandLineOption(), SigTableList(), SigTableRegisterTests(), and SigTableSetup().