suricata
detect-parse.h File Reference

Go to the source code of this file.

Enumerations

enum  { SIG_DIREC_NORMAL, SIG_DIREC_SWITCHED }
 
enum  { SIG_DIREC_SRC, SIG_DIREC_DST }
 

Functions

SignatureSigAlloc (void)
 
void SigFree (Signature *s)
 
SignatureSigInit (DetectEngineCtx *, const char *sigstr)
 Parses a signature and adds it to the Detection Engine Context. More...
 
SignatureSigInitReal (DetectEngineCtx *, const char *)
 
SigMatchDataSigMatchList2DataArray (SigMatch *head)
 convert SigMatch list to SigMatchData array More...
 
void SigParseRegisterTests (void)
 
SignatureDetectEngineAppendSig (DetectEngineCtx *, const char *)
 Parse and append a Signature into the Detection Engine Context signature list. More...
 
void SigMatchAppendSMToList (Signature *, SigMatch *, int)
 Append a SigMatch to the list type. More...
 
void SigMatchRemoveSMFromList (Signature *, SigMatch *, int)
 
int SigMatchListSMBelongsTo (const Signature *, const SigMatch *)
 
int DetectParseDupSigHashInit (DetectEngineCtx *)
 Initializes the hash table that is used to cull duplicate sigs. More...
 
void DetectParseDupSigHashFree (DetectEngineCtx *)
 Frees the hash table that is used to cull duplicate sigs. More...
 
int DetectEngineContentModifierBufferSetup (DetectEngineCtx *de_ctx, Signature *s, const char *arg, int sm_type, int sm_list, AppProto alproto)
 
bool SigMatchSilentErrorEnabled (const DetectEngineCtx *de_ctx, const enum DetectKeywordId id)
 
bool SigMatchStrictEnabled (const enum DetectKeywordId id)
 
const char * DetectListToHumanString (int list)
 
const char * DetectListToString (int list)
 
void SigTableApplyStrictCommandlineOption (const char *str)
 
SigMatchDetectGetLastSM (const Signature *)
 Returns the sm with the largest index (added latest) from this sig. More...
 
SigMatchDetectGetLastSMFromMpmLists (const DetectEngineCtx *de_ctx, const Signature *s)
 get the last SigMatch from lists that support MPM. More...
 
SigMatchDetectGetLastSMFromLists (const Signature *s,...)
 Returns the sm with the largest index (added latest) from the lists passed to us. More...
 
SigMatchDetectGetLastSMByListPtr (const Signature *s, SigMatch *sm_list,...)
 Returns the sm with the largest index (added last) from the list passed to us as a pointer. More...
 
SigMatchDetectGetLastSMByListId (const Signature *s, int list_id,...)
 Returns the sm with the largest index (added last) from the list passed to us as an id. More...
 
int DetectSignatureAddTransform (Signature *s, int transform)
 
int WARN_UNUSED DetectSignatureSetAppProto (Signature *s, AppProto alproto)
 
void DetectSetupParseRegexes (const char *parse_str, pcre **parse_regex, pcre_extra **parse_regex_study)
 
void DetectParseRegexAddToFreeList (pcre *regex, pcre_extra *study)
 add regex and/or study to at exit free list More...
 
void DetectParseFreeRegexes (void)
 

Detailed Description

Enumeration Type Documentation

anonymous enum

Flags to indicate if the Signature parsing must be done switching the source and dest (for ip addresses and ports) or otherwise as normal

Enumerator
SIG_DIREC_NORMAL 
SIG_DIREC_SWITCHED 

Definition at line 30 of file detect-parse.h.

anonymous enum

Flags to indicate if are referencing the source of the Signature or the destination (for ip addresses and ports)

Enumerator
SIG_DIREC_SRC 
SIG_DIREC_DST 

Definition at line 37 of file detect-parse.h.

Function Documentation

Signature* DetectEngineAppendSig ( DetectEngineCtx de_ctx,
const char *  sigstr 
)

Parse and append a Signature into the Detection Engine Context signature list.

If the signature is bidirectional it should append two signatures (with the addresses switched) into the list. Also handle duplicate signatures. In case of duplicate sigs, use the ones that have the latest revision. We use the sid and the msg to identifiy duplicate sigs. If 2 sigs have the same sid and gid, they are duplicates.

Parameters
de_ctxPointer to the Detection Engine Context.
sigstrPointer to a character string containing the signature to be parsed.
sig_filePointer to a character string containing the filename from which signature is read
linenoLine number from where signature is read
Return values
Pointerto the head Signature in the detection engine ctx sig_list on success; NULL on failure.

In DetectEngineAppendSig(), the signatures are prepended and we always return the first one so if the signature is bidirectional, the returned sig will point through "next" ptr to the cloned signatures with the switched addresses

Definition at line 2302 of file detect-parse.c.

References Signature_::init_data, SignatureInitData_::init_flags, Signature_::next, SC_ERR_DUPLICATE_SIG, SCLogError, SCLogWarning, SIG_FLAG_INIT_BIDIREC, DetectEngineCtx_::sig_list, SigFree(), and SigInit().

Referenced by DetectAppLayerProtocolRegister(), DetectCipServiceRegister(), DetectClasstypeRegister(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectDceStubDataRegister(), DetectDNP3Register(), DetectDnsQueryRegister(), DetectEngineInspectModbus(), DetectEngineStateResetTxs(), DetectEnipCommandRegister(), DetectFastPatternRegister(), DetectFtpdataRegister(), DetectGidRegister(), DetectHostbitFree(), DetectIsdataatFree(), DetectKrb5ErrCodeRegister(), DetectKrb5MsgTypeRegister(), DetectLoadCompleteSigPath(), DetectLuaRegister(), DetectMetadataHashFree(), DetectPcrePayloadMatch(), DetectPriorityRegister(), DetectReferenceFree(), DetectSetupParseRegexes(), DetectSidRegister(), DetectTargetRegister(), DetectTemplateRustBufferRegister(), DetectTransformCompressWhitespaceRegister(), DetectTransformDotPrefixRegister(), DetectTransformStripWhitespaceRegister(), DetectUricontentRegister(), DetectWithinRegister(), DetectXbitFree(), RegisterModbusParsers(), SCSigSignatureOrderingModuleCleanup(), SCThresholdConfParseFile(), SigGroupHeadContainsSigId(), SMTPParserCleanup(), UTHAppendSigs(), and UTHParseSignature().

Here is the call graph for this function:

Here is the caller graph for this function:

SigMatch* DetectGetLastSM ( const Signature s)

Returns the sm with the largest index (added latest) from this sig.

Return values
sm_lastPointer to last sm

Definition at line 569 of file detect-parse.c.

References SigMatch_::idx, Signature_::init_data, SigMatch_::next, SigMatch_::prev, SignatureInitData_::smlists_array_size, and SignatureInitData_::smlists_tail.

Referenced by DetectPrefilterRegister().

Here is the caller graph for this function:

SigMatch* DetectGetLastSMByListId ( const Signature s,
int  list_id,
  ... 
)

Returns the sm with the largest index (added last) from the list passed to us as an id.

Parameters
list_idid of the list to be searched
va_argslist of keyword types terminated by -1
Return values
sm_lastto last sm.

Definition at line 537 of file detect-parse.c.

References SigMatch_::idx, Signature_::init_data, and SignatureInitData_::smlists_tail.

Referenced by DetectByteExtractDoMatch(), DetectEngineContentModifierBufferSetup(), DetectRawbytesRegister(), DetectReplaceRegister(), SCThresholdConfInitContext(), and SCThresholdConfParseFile().

Here is the caller graph for this function:

SigMatch* DetectGetLastSMByListPtr ( const Signature s,
SigMatch sm_list,
  ... 
)

Returns the sm with the largest index (added last) from the list passed to us as a pointer.

Parameters
sm_listpointer to the SigMatch we should look before
va_argslist of keyword types terminated by -1
Return values
sm_lastto last sm.

Definition at line 505 of file detect-parse.c.

References SigMatch_::idx.

Referenced by DetectDistanceRegister(), DetectEngineContentModifierBufferSetup(), DetectGetLastSMFromMpmLists(), DetectPcrePayloadMatch(), and DetectWithinRegister().

Here is the caller graph for this function:

SigMatch* DetectGetLastSMFromMpmLists ( const DetectEngineCtx de_ctx,
const Signature s 
)

get the last SigMatch from lists that support MPM.

Note
only supports the lists that are registered through DetectBufferTypeSupportsMpm().

Definition at line 426 of file detect-parse.c.

References DETECT_CONTENT, DETECT_SM_LIST_NOTSET, DetectBufferTypeSupportsMpmGetById(), DetectGetLastSMByListPtr(), SigMatch_::idx, Signature_::init_data, SignatureInitData_::list, SignatureInitData_::smlists_array_size, and SignatureInitData_::smlists_tail.

Referenced by DetectFastPatternRegister().

Here is the call graph for this function:

Here is the caller graph for this function:

const char* DetectListToHumanString ( int  list)
const char* DetectListToString ( int  list)
void DetectParseDupSigHashFree ( DetectEngineCtx de_ctx)

Frees the hash table that is used to cull duplicate sigs.

Parameters
de_ctxPointer to the detection engine context that holds this table.

Definition at line 2133 of file detect-parse.c.

References DetectEngineCtx_::dup_sig_hash_table, HashListTableAdd(), HashListTableFree(), HashListTableLookup(), Signature_::init_data, SignatureInitData_::init_flags, Signature_::next, Signature_::rev, SigDuplWrapper_::s, SigDuplWrapper_::s_prev, SCFree, SCMalloc, SIG_FLAG_INIT_BIDIREC, DetectEngineCtx_::sig_list, SigFree(), and unlikely.

Referenced by DetectEngineCtxFree(), and SigLoadSignatures().

Here is the call graph for this function:

Here is the caller graph for this function:

int DetectParseDupSigHashInit ( DetectEngineCtx de_ctx)

Initializes the hash table that is used to cull duplicate sigs.

Parameters
de_ctxPointer to the detection engine context.
Return values
0On success.
-1On failure.

Definition at line 2116 of file detect-parse.c.

References DetectEngineCtx_::dup_sig_hash_table, and HashListTableInit().

Referenced by DetectEngineInspectPktBufferGeneric().

Here is the call graph for this function:

Here is the caller graph for this function:

void DetectParseFreeRegexes ( void  )

Definition at line 2356 of file detect-parse.c.

References next, DetectParseRegex_::next, pcre_free_study, DetectParseRegex_::regex, SCFree, and DetectParseRegex_::study.

Referenced by GlobalsInitPreConfig().

Here is the caller graph for this function:

void DetectParseRegexAddToFreeList ( pcre *  regex,
pcre_extra *  study 
)

add regex and/or study to at exit free list

Definition at line 2376 of file detect-parse.c.

References FatalError, DetectParseRegex_::next, DetectParseRegex_::regex, SC_ERR_MEM_ALLOC, SCCalloc, and DetectParseRegex_::study.

Referenced by DetectPcreRegister(), and DetectSetupParseRegexes().

Here is the caller graph for this function:

void DetectSetupParseRegexes ( const char *  parse_str,
pcre **  parse_regex,
pcre_extra **  parse_regex_study 
)

Definition at line 2388 of file detect-parse.c.

References Signature_::alproto, BUG_ON, DE_QUIET, DecodeEthernet(), DETECT_SM_LIST_PMATCH, DetectEngineAppendSig(), DetectEngineCtxFree(), DetectEngineCtxInit(), DetectEngineThreadCtxDeinit(), DetectEngineThreadCtxInit(), DetectParseRegexAddToFreeList(), DetectParseRegisterTests(), DetectPortCleanupList(), DetectPortCmp(), DetectPortParse(), DetectPortPrint(), FAIL_IF, FAIL_IF_NOT, FAIL_IF_NOT_NULL, FAIL_IF_NULL, FatalError, Signature_::flags, DetectEngineCtx_::flags, FLOW_QUIET, FlowInitConfig(), FlowShutdown(), Signature_::id, Signature_::init_data, SignatureInitData_::init_flags, Signature_::next, PACKET_RECYCLE, PacketAlertCheck(), PASS, PORT_EQ, Signature_::rev, SigDuplWrapper_::s, SC_ERR_PCRE_COMPILE, SC_ERR_PCRE_STUDY, SCClassConfDeinit(), SCClassConfGenerateValidDummyClassConfigFD01(), SCClassConfInit(), SCClassConfLoadClassficationConfigFile(), SCFree, SCLogDebug, SCMalloc, SCReferenceConfDeinit(), SCReferenceConfInit(), SIG_FLAG_INIT_BIDIREC, SIG_FLAG_REQUIRE_PACKET, SIG_FLAG_REQUIRE_STREAM, DetectEngineCtx_::sig_list, SigCleanSignatures(), SigFree(), SigGroupBuild(), SigGroupCleanup(), SigInit(), SigMatchSignatures(), DetectEngineCtx_::signum, SigTableSetup(), SIZE_OF_PACKET, SignatureInitData_::smlists, Signature_::sp, unlikely, UTHAppendSigs(), UTHBuildPacketFromEth(), UTHCheckPacketMatchResults(), and UTHMatchPackets().

Referenced by DetectBase64DecodeRegister(), DetectByteExtractRegister(), DetectBytejumpRegister(), DetectBytetestRegister(), DetectClasstypeRegister(), DetectDatarepRegister(), DetectDatasetRegister(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectDetectionFilterRegister(), DetectDsizeRegister(), DetectEngineEventRegister(), DetectFastPatternRegister(), DetectFilesizeRegister(), DetectFilestoreRegister(), DetectFlagsRegister(), DetectFlowbitsRegister(), DetectFlowintRegister(), DetectFlowRegister(), DetectFlowvarRegister(), DetectFragBitsRegister(), DetectFragOffsetRegister(), DetectFtpdataRegister(), DetectHostbitsRegister(), DetectIcmpIdRegister(), DetectIcmpSeqRegister(), DetectICodeRegister(), DetectIdRegister(), DetectIpOptsRegister(), DetectIPProtoRegister(), DetectIPRepRegister(), DetectIsdataatRegister(), DetectITypeRegister(), DetectKrb5ErrCodeRegister(), DetectKrb5MsgTypeRegister(), DetectMarkRegister(), DetectModbusRegister(), DetectNfsProcedureRegister(), DetectNfsVersionRegister(), DetectPcreRegister(), DetectPktvarRegister(), DetectPriorityRegister(), DetectReferenceRegister(), DetectRpcRegister(), DetectSNMPPduTypeRegister(), DetectSNMPVersionRegister(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectSslStateRegister(), DetectSslVersionRegister(), DetectStreamSizeRegister(), DetectTagRegister(), DetectTargetRegister(), DetectTcpmssRegister(), DetectTemplate2Register(), DetectTemplateRegister(), DetectThresholdRegister(), DetectTlsRegister(), DetectTlsValidityRegister(), DetectTlsVersionRegister(), DetectTosRegister(), DetectTtlRegister(), DetectUrilenRegister(), DetectWindowRegister(), and DetectXbitsRegister().

Here is the call graph for this function:

int WARN_UNUSED DetectSignatureSetAppProto ( Signature s,
AppProto  alproto 
)

Definition at line 1460 of file detect-parse.c.

References Signature_::addr_dst_match4, Signature_::addr_dst_match4_cnt, Signature_::addr_dst_match6, Signature_::addr_dst_match6_cnt, Signature_::addr_src_match4, Signature_::addr_src_match4_cnt, Signature_::addr_src_match6, Signature_::addr_src_match6_cnt, Signature_::alproto, ALPROTO_FAILED, ALPROTO_UNKNOWN, AppProtoToString(), SignatureInitData_::dst, Signature_::flags, Signature_::init_data, DetectAddress_::ip, DetectMatchAddressIPv4_::ip, DetectMatchAddressIPv6_::ip, DetectAddress_::ip2, DetectMatchAddressIPv4_::ip2, DetectMatchAddressIPv6_::ip2, DetectAddressHead_::ipv4_head, DetectAddressHead_::ipv6_head, len, DetectAddress_::next, SigMatch_::next, SC_ERR_CONFLICTING_RULE_KEYWORDS, SC_ERR_INVALID_ARGUMENT, SCLogError, SCMalloc, SCNtohl, SIG_FLAG_APPLAYER, and SignatureInitData_::src.

Referenced by DetectAppLayerEventRegister(), DetectByteExtractDoMatch(), DetectBytejumpDoMatch(), DetectBytetestDoMatch(), DetectCipServiceRegister(), DetectDnsQueryRegister(), DetectEnipCommandRegister(), DetectFtpbounceRegister(), DetectFtpdataRegister(), DetectHttpClientBodyRegister(), DetectHttpCookieRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectHttpServerBodyRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriSetup(), DetectIsdataatFree(), DetectKrb5ErrCodeRegister(), DetectKrb5MsgTypeRegister(), DetectNfsProcedureRegister(), DetectNfsVersionRegister(), DetectPcrePayloadMatch(), DetectSNMPCommunityRegister(), DetectSNMPPduTypeRegister(), DetectSNMPVersionRegister(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectSslStateRegister(), DetectSslVersionRegister(), DetectTemplateBufferRegister(), DetectTemplateRustBufferRegister(), DetectTlsCertsRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), DetectTlsJa3SStringRegister(), DetectTlsJa3StringRegister(), DetectTlsRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), DetectTlsSubjectRegister(), DetectTlsValidityRegister(), DetectTlsVersionRegister(), and DetectUrilenRegister().

Here is the call graph for this function:

Signature* SigInit ( DetectEngineCtx de_ctx,
const char *  sigstr 
)

Parses a signature and adds it to the Detection Engine Context.

Parameters
de_ctxPointer to the Detection Engine Context.
sigstrPointer to a character string containing the signature to be parsed.
Return values
Pointerto the Signature instance on success; NULL on failure.

Definition at line 2009 of file detect-parse.c.

References HashListTable_::array_size, Signature_::gid, Signature_::id, Signature_::init_data, SignatureInitData_::init_flags, Signature_::next, SigDuplWrapper_::s, SCEnter, SCFree, SCLogInfo, SCReturnPtr, SIG_DIREC_NORMAL, SIG_DIREC_SWITCHED, SIG_FLAG_INIT_BIDIREC, DetectEngineCtx_::sigerror_silent, SigFree(), and DetectEngineCtx_::signum.

Referenced by DetectEngineAppendSig(), and DetectSetupParseRegexes().

Here is the call graph for this function:

Here is the caller graph for this function:

Signature* SigInitReal ( DetectEngineCtx ,
const char *   
)
void SigMatchAppendSMToList ( Signature s,
SigMatch new,
int  list 
)

Append a SigMatch to the list type.

Parameters
sSignature.
newThe sig match to append.
listThe list to append to.

Definition at line 346 of file detect-parse.c.

References SigMatch_::idx, Signature_::init_data, SigMatch_::next, SigMatch_::prev, SCRealloc, SignatureInitData_::sm_cnt, SignatureInitData_::smlists, SignatureInitData_::smlists_array_size, and SignatureInitData_::smlists_tail.

Referenced by DetectAckRegister(), DetectAppLayerEventRegister(), DetectAsn1Register(), DetectBase64DecodeDoMatch(), DetectBypassRegister(), DetectByteExtractDoMatch(), DetectBytejumpDoMatch(), DetectBytetestDoMatch(), DetectCipServiceRegister(), DetectContentSetup(), DetectCsumRegister(), DetectDatarepBufferMatch(), DetectDatasetBufferMatch(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectDetectionFilterRegister(), DetectDsizeRegister(), DetectEngineEventRegister(), DetectEnipCommandRegister(), DetectFileextRegister(), DetectFilemagicRegister(), DetectFilenameRegister(), DetectFilesizeRegister(), DetectFilestoreRegister(), DetectFlagsRegister(), DetectFlowbitMatch(), DetectFlowintMatch(), DetectFlowSetupImplicit(), DetectFlowvarMatch(), DetectFlowvarPostMatchSetup(), DetectFragBitsRegister(), DetectFragOffsetRegister(), DetectFtpbounceRegister(), DetectFtpdataRegister(), DetectGeoipRegister(), DetectIcmpIdRegister(), DetectIcmpSeqRegister(), DetectIdRegister(), DetectIPProtoRegister(), DetectIPRepRegister(), DetectIsdataatSetup(), DetectKrb5ErrCodeRegister(), DetectKrb5MsgTypeRegister(), DetectLuaRegister(), DetectMarkRegister(), DetectNfsProcedureRegister(), DetectNfsVersionRegister(), DetectPcrePayloadMatch(), DetectPktvarRegister(), DetectReplaceRegister(), DetectRpcRegister(), DetectSameipRegister(), DetectSeqRegister(), DetectSNMPPduTypeRegister(), DetectSNMPVersionRegister(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectSslStateRegister(), DetectSslVersionRegister(), DetectStreamSizeRegister(), DetectTagRegister(), DetectTcpmssRegister(), DetectTemplate2Register(), DetectTemplateRegister(), DetectThresholdRegister(), DetectTlsRegister(), DetectTlsValidityRegister(), DetectTlsVersionRegister(), DetectTosRegister(), DetectTtlRegister(), DetectUrilenRegister(), DetectWindowRegister(), DetectXbitMatchHost(), DetectXbitsRegister(), and SCThresholdConfInitContext().

SigMatchData* SigMatchList2DataArray ( SigMatch head)

convert SigMatch list to SigMatchData array

Note
ownership of sm->ctx is transfered to smd->ctx

Definition at line 1597 of file detect-parse.c.

References DetectEngineAppInspectionEngine_::alproto, Signature_::alproto, ALPROTO_HTTP, ALPROTO_SMTP, ALPROTO_UNKNOWN, DetectEngineCtx_::app_inspect_engines, AppLayerHtpNeedFileInspection(), AppLayerParserSupportsFiles(), AppLayerProtoDetectSupportedIpprotos(), AppProtoToString(), BUG_ON, SigMatch_::ctx, SigMatchData_::ctx, DETECT_CONTENT, DETECT_CONTENT_DEPTH, DETECT_CONTENT_OFFSET, DETECT_DEFAULT_PRIO, DETECT_PROTO_ANY, DETECT_SM_LIST_BASE64_DATA, DETECT_SM_LIST_MATCH, DETECT_SM_LIST_NOTSET, DETECT_SM_LIST_PMATCH, DETECT_SM_LIST_POSTMATCH, DETECT_SM_LIST_SUPPRESS, DETECT_SM_LIST_THRESHOLD, DETECT_SM_LIST_TMATCH, DETECT_STREAM_SIZE, DetectAddressListsAreEqual(), DetectAppLayerEventPrepare(), DetectBufferRunSetupCallback(), DetectBufferRunValidateCallback(), DetectBufferTypeGetNameById(), DetectBufferTypeSupportsPacketGetById(), DetectContentPMATCHValidateCallback(), DetectFlowSetupImplicit(), DetectLuaPostSetup(), DetectPortListsAreEqual(), DetectEngineAppInspectionEngine_::dir, Signature_::dp, SignatureParser_::dst, SignatureInitData_::dst, dst, FALSE, Signature_::file_flags, DetectProto_::flags, Signature_::flags, Signature_::gid, head, Signature_::id, SigMatch_::idx, Signature_::init_data, SignatureInitData_::init_flags, IPOnlySigParseAddress(), DetectAddressHead_::ipv4_head, DetectAddressHead_::ipv6_head, SigMatchData_::is_last, len, SignatureInitData_::list, SigTableElmt_::Match, SigMatch_::next, DetectEngineAppInspectionEngine_::next, Signature_::num, SigMatch_::prev, Signature_::prio, DetectProto_::proto, Signature_::proto, SC_ERR_DETECT_PREPARE, SC_ERR_INVALID_SIGNATURE, SC_ERR_NO_FILES_FOR_PROTOCOL, SCCalloc, SCEnter, SCLogDebug, SCLogError, SCReturnInt, SIG_DIREC_DST, SIG_DIREC_SRC, SIG_FLAG_APPLAYER, SIG_FLAG_DP_ANY, SIG_FLAG_DST_ANY, SIG_FLAG_FILESTORE, SIG_FLAG_INIT_FLOW, SIG_FLAG_INIT_PACKET, SIG_FLAG_IPONLY, SIG_FLAG_REQUIRE_PACKET, SIG_FLAG_REQUIRE_STREAM, SIG_FLAG_SP_ANY, SIG_FLAG_SRC_ANY, SIG_FLAG_TOCLIENT, SIG_FLAG_TOSERVER, SigAlloc(), DetectEngineCtx_::sigerror, DetectEngineCtx_::sigerror_silent, SigFree(), sigmatch_table, SignatureSetType(), DetectEngineCtx_::signum, DetectEngineAppInspectionEngine_::sm_list, SignatureInitData_::smlists, SignatureInitData_::smlists_array_size, Signature_::sp, SignatureParser_::src, SignatureInitData_::src, src, ts, SigMatch_::type, and SigMatchData_::type.

Referenced by DetectEngineAppInspectionEngine2Signature(), and SigAddressPrepareStage4().

Here is the call graph for this function:

Here is the caller graph for this function:

int SigMatchListSMBelongsTo ( const Signature ,
const SigMatch  
)

Definition at line 619 of file detect-parse.c.

References SignatureParser_::action, Signature_::action, ACTION_ALERT, ACTION_DROP, ACTION_PASS, ACTION_REJECT, ACTION_REJECT_BOTH, ACTION_REJECT_DST, Signature_::alproto, ALPROTO_UNKNOWN, SigTableElmt_::alternative, AppLayerGetProtoByName(), AppLayerProtoDetectSupportedIpprotos(), DETECT_MAX_RULE_SIZE, DETECT_PROTO_ONLY_PKT, DETECT_PROTO_ONLY_STREAM, DetectIPProtoRemoveAllSMs(), DetectParseAddress(), DetectPortParse(), DetectProtoParse(), SignatureParser_::direction, SignatureParser_::dp, Signature_::dp, SignatureParser_::dst, SignatureInitData_::dst, SignatureInitData_::dst_contains_negation, DetectProto_::flags, Signature_::flags, SigTableElmt_::flags, Signature_::init_data, SignatureInitData_::init_flags, len, SigTableElmt_::name, SignatureInitData_::negated, SigMatch_::next, SignatureParser_::opts, DetectProto_::proto, Signature_::proto, SignatureParser_::protocol, SigDuplWrapper_::s, SC_ERR_INVALID_ACTION, SC_ERR_INVALID_DIRECTION, SC_ERR_INVALID_RULE_ARGUMENT, SC_ERR_INVALID_SIGNATURE, SC_ERR_LIBNET11_INCOMPATIBLE_WITH_LIBCAP_NG, SC_ERR_LIBNET_REQUIRED_FOR_ACTION, SC_ERR_RULE_KEYWORD_UNKNOWN, SC_ERR_UNKNOWN_PROTOCOL, sc_set_caps, SC_WARN_DEPRECATED, SCEnter, SCLogDebug, SCLogError, SCLogWarning, SCReturnInt, SCStrdup, SigTableElmt_::Setup, SIG_DIREC_DST, SIG_DIREC_SRC, SIG_FLAG_APPLAYER, SIG_FLAG_DP_ANY, SIG_FLAG_DST_ANY, SIG_FLAG_INIT_BIDIREC, SIG_FLAG_REQUIRE_PACKET, SIG_FLAG_REQUIRE_STREAM, SIG_FLAG_SP_ANY, SIG_FLAG_SRC_ANY, Signature_::sig_str, SIGMATCH_HANDLE_NEGATION, SIGMATCH_INFO_DEPRECATED, SIGMATCH_NOOPT, SIGMATCH_OPTIONAL_OPT, SIGMATCH_QUOTES_MANDATORY, SIGMATCH_QUOTES_OPTIONAL, sigmatch_table, DetectEngineCtx_::sm_types_silent_error, SignatureInitData_::smlists, SignatureInitData_::smlists_array_size, SignatureParser_::sp, Signature_::sp, SignatureParser_::src, SignatureInitData_::src, SignatureInitData_::src_contains_negation, strlcpy(), TRUE, unlikely, and URL.

Referenced by DetectAppLayerInspectEngineRegister2(), DetectBase64DecodeDoMatch(), DetectByteExtractDoMatch(), DetectBytejumpDoMatch(), DetectBytetestDoMatch(), DetectEngineAppInspectionEngine2Signature(), DetectIsdataatSetup(), DetectSetFastPatternAndItsId(), EngineAnalysisFP(), EngineAnalysisRules(), MpmStoreFree(), MpmStorePrepareBuffer(), PacketCreateMask(), PerCentEncodingMatch(), and RulesDumpMatchArray().

Here is the call graph for this function:

Here is the caller graph for this function:

void SigMatchRemoveSMFromList ( Signature ,
SigMatch ,
int   
)
bool SigMatchSilentErrorEnabled ( const DetectEngineCtx de_ctx,
const enum DetectKeywordId  id 
)

Definition at line 289 of file detect-parse.c.

References DetectEngineCtx_::sm_types_silent_error.

Referenced by DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), DetectTlsJa3SStringRegister(), and DetectTlsJa3StringRegister().

Here is the caller graph for this function:

bool SigMatchStrictEnabled ( const enum DetectKeywordId  id)

Definition at line 295 of file detect-parse.c.

References DETECT_TBLSIZE, flags, SIGMATCH_STRICT_PARSING, and sigmatch_table.

Referenced by DetectClasstypeRegister(), and DetectReferenceFree().

Here is the caller graph for this function:

void SigParseRegisterTests ( void  )

Definition at line 4104 of file detect-parse.c.

References DetectParseRegisterTests(), and UtRegisterTest().

Referenced by SigRegisterTests().

Here is the call graph for this function:

Here is the caller graph for this function:

void SigTableApplyStrictCommandlineOption ( const char *  str)

Definition at line 303 of file detect-parse.c.

References DETECT_TBLSIZE, FatalError, SigTableElmt_::flags, SC_ERR_CMD_LINE, SC_ERR_MEM_ALLOC, SCFree, SCLogWarning, SCStrdup, SIGMATCH_STRICT_PARSING, and sigmatch_table.

Referenced by PostRunDeinit().

Here is the caller graph for this function: