suricata
Data Structures | Macros | Typedefs | Enumerations | Functions | Variables
detect-parse.h File Reference
#include "detect.h"
#include "detect-engine-mpm.h"
Include dependency graph for detect-parse.h:

Go to the source code of this file.

Data Structures

struct  DetectFileHandlerTableElmt_
 
struct  DetectParseRegex
 

Macros

#define MAX_DETECT_ALPROTO_CNT   10
 

Typedefs

typedef struct DetectFileHandlerTableElmt_ DetectFileHandlerTableElmt
 
typedef struct DetectParseRegex DetectParseRegex
 

Enumerations

enum  { SIG_DIREC_NORMAL, SIG_DIREC_SWITCHED }
 
enum  { SIG_DIREC_SRC, SIG_DIREC_DST }
 

Functions

void DetectFileRegisterFileProtocols (DetectFileHandlerTableElmt *entry)
 
int SignatureInitDataBufferCheckExpand (Signature *s)
 check if buffers array still has space left, expand if not More...
 
SignatureSigAlloc (void)
 
void SigFree (DetectEngineCtx *de_ctx, Signature *s)
 
SignatureSigInit (DetectEngineCtx *, const char *sigstr)
 Parses a signature and adds it to the Detection Engine Context. More...
 
SigMatchDataSigMatchList2DataArray (SigMatch *head)
 convert SigMatch list to SigMatchData array More...
 
void SigParseRegisterTests (void)
 
SignatureDetectEngineAppendSig (DetectEngineCtx *, const char *)
 Parse and append a Signature into the Detection Engine Context signature list. More...
 
SignatureDetectFirewallRuleAppendNew (DetectEngineCtx *, const char *)
 Parse and append a Signature into the Detection Engine Context signature list. More...
 
SigMatchSigMatchAppendSMToList (DetectEngineCtx *, Signature *, uint16_t, SigMatchCtx *, int)
 Append a SigMatch to the list type. More...
 
void SigMatchRemoveSMFromList (Signature *, SigMatch *, int)
 
int SigMatchListSMBelongsTo (const Signature *, const SigMatch *)
 
int DetectParseDupSigHashInit (DetectEngineCtx *)
 Initializes the hash table that is used to cull duplicate sigs. More...
 
void DetectParseDupSigHashFree (DetectEngineCtx *)
 Frees the hash table that is used to cull duplicate sigs. More...
 
int DetectEngineContentModifierBufferSetup (DetectEngineCtx *de_ctx, Signature *s, const char *arg, int sm_type, int sm_list, AppProto alproto)
 
bool SigMatchSilentErrorEnabled (const DetectEngineCtx *de_ctx, const enum DetectKeywordId id)
 
bool SigMatchStrictEnabled (const enum DetectKeywordId id)
 
const char * DetectListToHumanString (int list)
 
const char * DetectListToString (int list)
 
void SigTableApplyStrictCommandLineOption (const char *str)
 
SigMatchDetectGetLastSM (const Signature *)
 Returns the sm with the largest index (added latest) from this sig. More...
 
SigMatchDetectGetLastSMFromMpmLists (const DetectEngineCtx *de_ctx, const Signature *s)
 get the last SigMatch from lists that support MPM. More...
 
SigMatchDetectGetLastSMFromLists (const Signature *s,...)
 Returns the sm with the largest index (added latest) from the lists passed to us. More...
 
SigMatchDetectGetLastSMByListPtr (const Signature *s, SigMatch *sm_list,...)
 Returns the sm with the largest index (added last) from the list passed to us as a pointer. More...
 
SigMatchDetectGetLastSMByListId (const Signature *s, int list_id,...)
 Returns the sm with the largest index (added last) from the list passed to us as an id. More...
 
int DetectSignatureAddTransform (Signature *s, int transform, void *options)
 
int WARN_UNUSED DetectSignatureSetAppProto (Signature *s, AppProto alproto)
 
int WARN_UNUSED DetectSignatureSetMultiAppProto (Signature *s, const AppProto *alprotos)
 this function is used to set multiple possible app-layer protos More...
 
DetectParseRegexDetectSetupPCRE2 (const char *parse_str, int opts)
 
bool DetectSetupParseRegexesOpts (const char *parse_str, DetectParseRegex *parse_regex, int opts)
 
void DetectSetupParseRegexes (const char *parse_str, DetectParseRegex *parse_regex)
 
void DetectParseRegexAddToFreeList (DetectParseRegex *parse_regex)
 add regex and/or study to at exit free list More...
 
void DetectParseFreeRegexes (void)
 
void DetectParseFreeRegex (DetectParseRegex *r)
 
int DetectParsePcreExec (DetectParseRegex *parse_regex, pcre2_match_data **match, const char *str, int start_offset, int options)
 
int SC_Pcre2SubstringCopy (pcre2_match_data *match_data, uint32_t number, PCRE2_UCHAR *buffer, PCRE2_SIZE *bufflen)
 
int SC_Pcre2SubstringGet (pcre2_match_data *match_data, uint32_t number, PCRE2_UCHAR **bufferptr, PCRE2_SIZE *bufflen)
 
int DetectSetupDirection (Signature *s, const char *str)
 Parse and setup a direction. More...
 
void DetectRegisterAppLayerHookLists (void)
 register app hooks as generic lists More...
 

Variables

DetectFileHandlerTableElmt filehandler_table [DETECT_TBLSIZE_STATIC]
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file detect-parse.h.

Macro Definition Documentation

◆ MAX_DETECT_ALPROTO_CNT

#define MAX_DETECT_ALPROTO_CNT   10

Definition at line 32 of file detect-parse.h.

Typedef Documentation

◆ DetectFileHandlerTableElmt

typedef struct DetectFileHandlerTableElmt_ DetectFileHandlerTableElmt

◆ DetectParseRegex

typedef struct DetectParseRegex DetectParseRegex

Enumeration Type Documentation

◆ anonymous enum

anonymous enum

Flags to indicate if the Signature parsing must be done switching the source and dest (for ip addresses and ports) or otherwise as normal

Enumerator
SIG_DIREC_NORMAL 
SIG_DIREC_SWITCHED 

Definition at line 50 of file detect-parse.h.

◆ anonymous enum

anonymous enum

Flags to indicate if are referencing the source of the Signature or the destination (for ip addresses and ports)

Enumerator
SIG_DIREC_SRC 
SIG_DIREC_DST 

Definition at line 57 of file detect-parse.h.

Function Documentation

◆ DetectEngineAppendSig()

Signature* DetectEngineAppendSig ( DetectEngineCtx de_ctx,
const char *  sigstr 
)

Parse and append a Signature into the Detection Engine Context signature list.

If the signature is bidirectional it should append two signatures (with the addresses switched) into the list. Also handle duplicate signatures. In case of duplicate sigs, use the ones that have the latest revision. We use the sid and the msg to identify duplicate sigs. If 2 sigs have the same sid and gid, they are duplicates.

Parameters
de_ctxPointer to the Detection Engine Context.
sigstrPointer to a character string containing the signature to be parsed.
sig_filePointer to a character string containing the filename from which signature is read
linenoLine number from where signature is read
Return values
Pointerto the head Signature in the detection engine ctx sig_list on success; NULL on failure.

In DetectEngineAppendSig(), the signatures are prepended and we always return the first one so if the signature is bidirectional, the returned sig will point through "next" ptr to the cloned signatures with the switched addresses

Definition at line 3344 of file detect-parse.c.

References de_ctx, and SigInit().

Here is the call graph for this function:

◆ DetectEngineContentModifierBufferSetup()

int DetectEngineContentModifierBufferSetup ( DetectEngineCtx de_ctx,
Signature s,
const char *  arg,
int  sm_type,
int  sm_list,
AppProto  alproto 
)
Parameters
argNULL or empty string

Definition at line 222 of file detect-parse.c.

References Signature_::alproto, ALPROTO_UNKNOWN, DETECT_SM_LIST_NOTSET, Signature_::init_data, SignatureInitData_::list, name, SCLogError, and sigmatch_table.

Referenced by DetectHttpUriSetup().

Here is the caller graph for this function:

◆ DetectFileRegisterFileProtocols()

void DetectFileRegisterFileProtocols ( DetectFileHandlerTableElmt entry)

Definition at line 127 of file detect-parse.c.

References al_protocols, DetectFileHandlerProtocol_t::alproto, ALPROTO_UNKNOWN, DetectFileHandlerTableElmt_::Callback, DetectAppLayerInspectEngineRegister(), DetectAppLayerMpmRegister(), DetectFileHandlerProtocol_t::direction, g_alproto_max, DetectFileHandlerTableElmt_::GetData, DetectFileHandlerTableElmt_::name, DetectFileHandlerTableElmt_::PrefilterFn, DetectFileHandlerTableElmt_::priority, SIG_FLAG_TOCLIENT, SIG_FLAG_TOSERVER, DetectFileHandlerProtocol_t::to_client_progress, and DetectFileHandlerProtocol_t::to_server_progress.

Here is the call graph for this function:

◆ DetectFirewallRuleAppendNew()

Signature* DetectFirewallRuleAppendNew ( DetectEngineCtx de_ctx,
const char *  sigstr 
)

Parse and append a Signature into the Detection Engine Context signature list.

If the signature is bidirectional it should append two signatures (with the addresses switched) into the list. Also handle duplicate signatures. In case of duplicate sigs, use the ones that have the latest revision. We use the sid and the msg to identify duplicate sigs. If 2 sigs have the same sid and gid, they are duplicates.

Parameters
de_ctxPointer to the Detection Engine Context.
sigstrPointer to a character string containing the signature to be parsed.
sig_filePointer to a character string containing the filename from which signature is read
linenoLine number from where signature is read
Return values
Pointerto the head Signature in the detection engine ctx sig_list on success; NULL on failure.

In DetectEngineAppendSig(), the signatures are prepended and we always return the first one so if the signature is bidirectional, the returned sig will point through "next" ptr to the cloned signatures with the switched addresses

Definition at line 3272 of file detect-parse.c.

◆ DetectGetLastSM()

SigMatch* DetectGetLastSM ( const Signature s)

Returns the sm with the largest index (added latest) from this sig.

Return values
sm_lastPointer to last sm

Definition at line 779 of file detect-parse.c.

References SignatureInitData_::buffer_index, SignatureInitData_::buffers, DETECT_SM_LIST_MAX, SigMatch_::idx, Signature_::init_data, SignatureInitData_::smlists_tail, and SignatureInitDataBuffer_::tail.

◆ DetectGetLastSMByListId()

SigMatch* DetectGetLastSMByListId ( const Signature s,
int  list_id,
  ... 
)

Returns the sm with the largest index (added last) from the list passed to us as an id.

Parameters
list_idid of the list to be searched
va_argslist of keyword types terminated by -1
Return values
sm_lastto last sm.

Definition at line 728 of file detect-parse.c.

References SignatureInitData_::buffer_index, SignatureInitData_::buffers, DETECT_SM_LIST_MAX, Signature_::init_data, and SignatureInitDataBuffer_::tail.

◆ DetectGetLastSMByListPtr()

SigMatch* DetectGetLastSMByListPtr ( const Signature s,
SigMatch sm_list,
  ... 
)

Returns the sm with the largest index (added last) from the list passed to us as a pointer.

Parameters
sm_listpointer to the SigMatch we should look before
va_argslist of keyword types terminated by -1
Return values
sm_lastto last sm.

Definition at line 696 of file detect-parse.c.

Referenced by DetectGetLastSMFromMpmLists().

Here is the caller graph for this function:

◆ DetectGetLastSMFromLists()

SigMatch* DetectGetLastSMFromLists ( const Signature s,
  ... 
)

Returns the sm with the largest index (added latest) from the lists passed to us.

Return values
Pointerto Last sm.

Definition at line 634 of file detect-parse.c.

References SignatureInitData_::buffer_index, SignatureInitData_::buffers, DETECT_SM_LIST_NOTSET, SignatureInitDataBuffer_::id, Signature_::init_data, SignatureInitData_::list, and SCLogDebug.

◆ DetectGetLastSMFromMpmLists()

SigMatch* DetectGetLastSMFromMpmLists ( const DetectEngineCtx de_ctx,
const Signature s 
)

get the last SigMatch from lists that support MPM.

Note
only supports the lists that are registered through DetectBufferTypeSupportsMpm().

Definition at line 597 of file detect-parse.c.

References SignatureInitData_::buffer_index, SignatureInitData_::buffers, de_ctx, DETECT_CONTENT, DETECT_SM_LIST_MAX, DetectEngineBufferTypeSupportsMpmGetById(), DetectGetLastSMByListPtr(), SignatureInitDataBuffer_::id, SigMatch_::idx, Signature_::init_data, SignatureInitData_::smlists_tail, and SignatureInitDataBuffer_::tail.

Here is the call graph for this function:

◆ DetectListToHumanString()

const char* DetectListToHumanString ( int  list)

Definition at line 188 of file detect-parse.c.

Referenced by DumpPatterns().

Here is the caller graph for this function:

◆ DetectListToString()

const char* DetectListToString ( int  list)

Definition at line 206 of file detect-parse.c.

◆ DetectParseDupSigHashFree()

void DetectParseDupSigHashFree ( DetectEngineCtx de_ctx)

Frees the hash table that is used to cull duplicate sigs.

Parameters
de_ctxPointer to the detection engine context that holds this table.

Definition at line 3094 of file detect-parse.c.

References de_ctx, DetectEngineCtx_::dup_sig_hash_table, and HashListTableFree().

Referenced by DetectEngineCtxFree().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DetectParseDupSigHashInit()

int DetectParseDupSigHashInit ( DetectEngineCtx de_ctx)

Initializes the hash table that is used to cull duplicate sigs.

Parameters
de_ctxPointer to the detection engine context.
Return values
0On success.
-1On failure.

Definition at line 3077 of file detect-parse.c.

References de_ctx, DetectEngineCtx_::dup_sig_hash_table, and HashListTableInit().

Here is the call graph for this function:

◆ DetectParseFreeRegex()

void DetectParseFreeRegex ( DetectParseRegex r)

Definition at line 3408 of file detect-parse.c.

References DetectParseRegex::context, and DetectParseRegex::regex.

◆ DetectParseFreeRegexes()

void DetectParseFreeRegexes ( void  )

Definition at line 3418 of file detect-parse.c.

Referenced by GlobalsDestroy().

Here is the caller graph for this function:

◆ DetectParsePcreExec()

int DetectParsePcreExec ( DetectParseRegex parse_regex,
pcre2_match_data **  match,
const char *  str,
int  start_offset,
int  options 
)

Definition at line 3398 of file detect-parse.c.

◆ DetectParseRegexAddToFreeList()

void DetectParseRegexAddToFreeList ( DetectParseRegex parse_regex)

add regex and/or study to at exit free list

Definition at line 3434 of file detect-parse.c.

References FatalError, DetectParseRegex::next, DetectParseRegex::regex, and SCCalloc.

Referenced by DetectSetupParseRegexesOpts().

Here is the caller graph for this function:

◆ DetectRegisterAppLayerHookLists()

void DetectRegisterAppLayerHookLists ( void  )

register app hooks as generic lists

Register each hook in each app protocol as: <alproto>:<hook name>:generic These lists can be used by lua scripts to hook into.

Todo:
move elsewhere? maybe a detect-engine-hook.c?

Definition at line 1133 of file detect-parse.c.

References ALPROTO_FAILED, AppLayerParserGetStateNameById(), AppLayerParserGetStateProgressCompletionStatus(), AppProtoToString(), DetectAppLayerInspectEngineRegister(), DetectEngineInspectGenericList(), g_alproto_max, name, SCLogDebug, SIG_FLAG_TOCLIENT, and SIG_FLAG_TOSERVER.

Referenced by SigTableSetup().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DetectSetupDirection()

int DetectSetupDirection ( Signature s,
const char *  str 
)

Parse and setup a direction.

Parameters
ssiganture
strargument to the keyword
Return values
0on success, -1 on failure

Definition at line 3539 of file detect-parse.c.

References Signature_::flags, Signature_::init_data, SignatureInitData_::init_flags, SCLogError, SIG_FLAG_INIT_FORCE_TOCLIENT, SIG_FLAG_INIT_FORCE_TOSERVER, SIG_FLAG_TOCLIENT, SIG_FLAG_TOSERVER, SIG_FLAG_TXBOTHDIR, and str.

◆ DetectSetupParseRegexes()

void DetectSetupParseRegexes ( const char *  parse_str,
DetectParseRegex parse_regex 
)

Definition at line 3524 of file detect-parse.c.

References DetectSetupParseRegexesOpts(), and FatalError.

Here is the call graph for this function:

◆ DetectSetupParseRegexesOpts()

bool DetectSetupParseRegexesOpts ( const char *  parse_str,
DetectParseRegex parse_regex,
int  opts 
)

Definition at line 3445 of file detect-parse.c.

References DetectParseRegex::context, DetectParseRegexAddToFreeList(), DetectParseRegex::regex, SC_MATCH_LIMIT_DEFAULT, SC_MATCH_LIMIT_RECURSION_DEFAULT, and SCLogError.

Referenced by DetectSetupParseRegexes().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DetectSetupPCRE2()

DetectParseRegex* DetectSetupPCRE2 ( const char *  parse_str,
int  opts 
)

Definition at line 3474 of file detect-parse.c.

References DetectParseRegex::next, DetectParseRegex::regex, SCCalloc, SCFree, and SCLogError.

◆ DetectSignatureAddTransform()

int DetectSignatureAddTransform ( Signature s,
int  transform,
void *  options 
)

Definition at line 2105 of file detect-parse.c.

References DetectEngineTransforms::cnt, DETECT_TRANSFORMS_MAX, Signature_::init_data, SignatureInitData_::list, SignatureInitData_::list_set, TransformData_::options, SCLogDebug, SCLogError, SCReturnInt, Signature_::sig_str, TransformData_::transform, DetectEngineTransforms::transforms, and SignatureInitData_::transforms.

◆ DetectSignatureSetAppProto()

int WARN_UNUSED DetectSignatureSetAppProto ( Signature s,
AppProto  alproto 
)

Definition at line 2218 of file detect-parse.c.

Referenced by DetectSignatureSetMultiAppProto().

Here is the caller graph for this function:

◆ DetectSignatureSetMultiAppProto()

int WARN_UNUSED DetectSignatureSetMultiAppProto ( Signature s,
const AppProto alprotos 
)

this function is used to set multiple possible app-layer protos

into the current signature (for example ja4 for both tls and quic)

Parameters
spointer to the Current Signature
alprotosan array terminated by ALPROTO_UNKNOWN
Return values
0on Success
-1on Failure

Definition at line 2140 of file detect-parse.c.

References Signature_::alproto, ALPROTO_UNKNOWN, SignatureInitData_::alprotos, DetectSignatureSetAppProto(), Signature_::init_data, and SIG_ALPROTO_MAX.

Here is the call graph for this function:

◆ SC_Pcre2SubstringCopy()

int SC_Pcre2SubstringCopy ( pcre2_match_data *  match_data,
uint32_t  number,
PCRE2_UCHAR *  buffer,
PCRE2_SIZE *  bufflen 
)

Definition at line 3500 of file detect-parse.c.

◆ SC_Pcre2SubstringGet()

int SC_Pcre2SubstringGet ( pcre2_match_data *  match_data,
uint32_t  number,
PCRE2_UCHAR **  bufferptr,
PCRE2_SIZE *  bufflen 
)

Definition at line 3512 of file detect-parse.c.

◆ SigAlloc()

Signature* SigAlloc ( void  )

Definition at line 1901 of file detect-parse.c.

References SignatureInitData_::buffers, SignatureInitData_::buffers_size, DETECT_SM_LIST_NOTSET, Signature_::init_data, SignatureInitData_::is_rule_state_dependant, SignatureInitData_::list, SignatureInitData_::mpm_sm_list, Signature_::prio, SignatureInitData_::rule_state_dependant_sids_idx, SCCalloc, SCFree, and unlikely.

◆ SigFree()

void SigFree ( DetectEngineCtx de_ctx,
Signature s 
)

Definition at line 2021 of file detect-parse.c.

References SignatureInitData_::buffer_index, SignatureInitData_::buffers, SignatureInitData_::cidr_dst, SignatureInitData_::cidr_src, DetectEngineTransforms::cnt, de_ctx, DETECT_SM_LIST_MAX, SigTableElmt_::Free, SignatureInitDataBuffer_::head, Signature_::init_data, IPOnlyCIDRListFree(), SigMatch_::next, TransformData_::options, SCFree, sigmatch_table, SigMatchFree(), SignatureInitData_::smlists, TransformData_::transform, DetectEngineTransforms::transforms, and SignatureInitData_::transforms.

Here is the call graph for this function:

◆ SigInit()

Signature* SigInit ( DetectEngineCtx de_ctx,
const char *  sigstr 
)

Parses a signature and adds it to the Detection Engine Context.

Parameters
de_ctxPointer to the Detection Engine Context.
sigstrPointer to a character string containing the signature to be parsed.
Return values
Pointerto the Signature instance on success; NULL on failure.

Definition at line 3002 of file detect-parse.c.

Referenced by DetectEngineAppendSig(), LLVMFuzzerTestOneInput(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().

Here is the caller graph for this function:

◆ SigMatchAppendSMToList()

SigMatch* SigMatchAppendSMToList ( DetectEngineCtx de_ctx,
Signature s,
uint16_t  type,
SigMatchCtx ctx,
const int  list 
)

Append a SigMatch to the list type.

Parameters
sSignature.
newThe sig match to append.
listThe list to append to.

Definition at line 464 of file detect-parse.c.

Referenced by DetectContentSetup(), and DetectFlowvarPostMatchSetup().

Here is the caller graph for this function:

◆ SigMatchList2DataArray()

SigMatchData* SigMatchList2DataArray ( SigMatch head)

convert SigMatch list to SigMatchData array

Note
ownership of sm->ctx is transferred to smd->ctx

Definition at line 2354 of file detect-parse.c.

References len.

Referenced by DetectEngineAppInspectionEngine2Signature().

Here is the caller graph for this function:

◆ SigMatchListSMBelongsTo()

int SigMatchListSMBelongsTo ( const Signature ,
const SigMatch  
)

Definition at line 833 of file detect-parse.c.

References SignatureInitData_::buffer_index, SignatureInitData_::buffers, SignatureInitDataBuffer_::head, SignatureInitDataBuffer_::id, Signature_::init_data, and SigMatch_::next.

◆ SigMatchRemoveSMFromList()

void SigMatchRemoveSMFromList ( Signature ,
SigMatch ,
int   
)

Definition at line 557 of file detect-parse.c.

References Signature_::init_data, SigMatch_::next, SigMatch_::prev, SignatureInitData_::smlists, and SignatureInitData_::smlists_tail.

Referenced by DetectIPProtoRemoveAllSMs().

Here is the caller graph for this function:

◆ SigMatchSilentErrorEnabled()

bool SigMatchSilentErrorEnabled ( const DetectEngineCtx de_ctx,
const enum DetectKeywordId  id 
)

Definition at line 406 of file detect-parse.c.

References de_ctx, id, and DetectEngineCtx_::sm_types_silent_error.

◆ SigMatchStrictEnabled()

bool SigMatchStrictEnabled ( const enum DetectKeywordId  id)

Definition at line 412 of file detect-parse.c.

References DETECT_TBLSIZE, flags, SIGMATCH_STRICT_PARSING, and sigmatch_table.

◆ SignatureInitDataBufferCheckExpand()

int SignatureInitDataBufferCheckExpand ( Signature s)

check if buffers array still has space left, expand if not

Definition at line 1881 of file detect-parse.c.

References SignatureInitData_::buffer_index, SignatureInitData_::buffers, SignatureInitData_::buffers_size, Signature_::init_data, and SCRealloc.

Referenced by DetectBufferGetActiveList().

Here is the caller graph for this function:

◆ SigParseRegisterTests()

void SigParseRegisterTests ( void  )

Definition at line 5313 of file detect-parse.c.

References DetectParseRegisterTests(), and UtRegisterTest().

Referenced by SigRegisterTests().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ SigTableApplyStrictCommandLineOption()

void SigTableApplyStrictCommandLineOption ( const char *  str)

Definition at line 420 of file detect-parse.c.

References DETECT_TBLSIZE, FatalError, SigTableElmt_::flags, SCStrdup, SIGMATCH_STRICT_PARSING, sigmatch_table, and str.

Variable Documentation

◆ filehandler_table

DetectFileHandlerTableElmt filehandler_table[DETECT_TBLSIZE_STATIC]

Definition at line 87 of file detect-parse.c.