suricata
|
#include "suricata-common.h"
#include "flow.h"
#include "detect-engine-proto.h"
#include "detect-reference.h"
#include "detect-metadata.h"
#include "detect-engine-register.h"
#include "util-prefilter.h"
#include "util-mpm.h"
#include "util-spm.h"
#include "util-hash.h"
#include "util-hashlist.h"
#include "util-radix-tree.h"
#include "util-file.h"
#include "reputation.h"
Go to the source code of this file.
Functions | |
TmEcode | Detect (ThreadVars *tv, Packet *p, void *data) |
Detection engine thread wrapper. More... | |
SigMatch * | SigMatchAlloc (void) |
Signature * | SigFindSignatureBySidGid (DetectEngineCtx *, uint32_t, uint32_t) |
Find a specific signature by sid and gid. More... | |
void | SigMatchFree (DetectEngineCtx *, SigMatch *sm) |
free a SigMatch More... | |
void | SigRegisterTests (void) |
void | DisableDetectFlowFileFlags (Flow *f) |
disable file features we don't need Called if we have no detection engine. More... | |
char * | DetectLoadCompleteSigPath (const DetectEngineCtx *, const char *sig_file) |
Create the path if default-rule-path was specified. More... | |
int | SigLoadSignatures (DetectEngineCtx *, char *, bool) |
Load signatures. More... | |
void | SigMatchSignatures (ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p) |
wrapper for old tests More... | |
int | SignatureIsIPOnly (DetectEngineCtx *de_ctx, const Signature *s) |
Test is a initialized signature is IP only. More... | |
const SigGroupHead * | SigMatchSignaturesGetSgh (const DetectEngineCtx *de_ctx, const Packet *p) |
Get the SigGroupHead for a packet. More... | |
int | DetectUnregisterThreadCtxFuncs (DetectEngineCtx *, void *data, const char *name) |
Remove Thread keyword context registration. More... | |
int | DetectRegisterThreadCtxFuncs (DetectEngineCtx *, const char *name, void *(*InitFunc)(void *), void *data, void(*FreeFunc)(void *), int) |
Register Thread keyword context Funcs. More... | |
void * | DetectThreadCtxGetKeywordThreadCtx (DetectEngineThreadCtx *, int) |
Retrieve thread local keyword ctx by id. More... | |
void * | DetectGetInnerTx (void *tx_ptr, AppProto alproto, AppProto engine_alproto, uint8_t flow_flags) |
void | RuleMatchCandidateTxArrayInit (DetectEngineThreadCtx *det_ctx, uint32_t size) |
void | RuleMatchCandidateTxArrayFree (DetectEngineThreadCtx *det_ctx) |
int | DetectFlowbitsAnalyze (DetectEngineCtx *de_ctx) |
int | DetectMetadataHashInit (DetectEngineCtx *de_ctx) |
void | DetectMetadataHashFree (DetectEngineCtx *de_ctx) |
void | DetectEngineSetEvent (DetectEngineThreadCtx *det_ctx, uint8_t e) |
void | DumpPatterns (DetectEngineCtx *de_ctx) |
Variables | |
const struct SignatureProperties | signature_properties [SIG_TYPE_MAX] |
SigTableElmt * | sigmatch_table |
Definition in file detect.h.
#define DETECT_DEFAULT_PRIO 3 |
#define DETECT_VAR_TYPE_FLOW_POSTMATCH 1 |
#define ENGINE_SGH_MPM_FACTORY_CONTEXT_START_ID_RANGE (ENGINE_SGH_MPM_FACTORY_CONTEXT_AUTO + 1) |
#define FILE_SIG_NEED_MAGIC 0x04 |
#define SIG_FLAG_APPLAYER BIT_U32(6) |
#define SIG_FLAG_DEST_IS_TARGET BIT_U32(26) |
#define SIG_FLAG_DSIZE BIT_U32(5) |
#define SIG_FLAG_FILESTORE BIT_U32(18) |
#define SIG_FLAG_FLUSH BIT_U32(12) |
#define SIG_FLAG_HAS_TARGET (SIG_FLAG_DEST_IS_TARGET|SIG_FLAG_SRC_IS_TARGET) |
#define SIG_FLAG_INIT_BIDIREC BIT_U32(3) |
#define SIG_FLAG_INIT_FILEDATA BIT_U32(9) |
#define SIG_FLAG_INIT_FIRST_IPPROTO_SEEN BIT_U32(4) /** < signature has seen the first ip_proto keyword */ |
#define SIG_FLAG_INIT_FLOW BIT_U32(2) |
#define SIG_FLAG_INIT_JA BIT_U32(10) |
#define SIG_FLAG_INIT_PACKET BIT_U32(1) |
#define SIG_FLAG_INIT_PRIO_EXPLICIT BIT_U32(8) |
#define SIG_FLAG_INIT_STATE_MATCH BIT_U32(6) |
#define SIG_FLAG_PREFILTER BIT_U32(23) |
#define SIG_FLAG_REQUIRE_FLOWVAR BIT_U32(17) |
#define SIG_FLAG_REQUIRE_PACKET BIT_U32(9) |
#define SIG_FLAG_REQUIRE_STREAM BIT_U32(10) |
#define SIG_FLAG_REQUIRE_STREAM_ONLY BIT_U32(13) |
#define SIG_FLAG_SRC_ANY BIT_U32(0) |
#define SIG_FLAG_SRC_IS_TARGET BIT_U32(25) |
#define SIG_MASK_REQUIRE_FLAGS_INITDEINIT BIT_U8(2) /* SYN, FIN, RST */ |
#define SIG_MASK_REQUIRE_FLAGS_UNUSUAL BIT_U8(3) /* URG, ECN, CWR */ |
#define SIG_MASK_REQUIRE_PAYLOAD BIT_U8(0) |
#define SIGMATCH_DEONLY_COMPAT BIT_U16(2) |
#define SIGMATCH_HANDLE_NEGATION BIT_U16(7) |
#define SIGMATCH_INFO_CONTENT_MODIFIER BIT_U16(8) |
#define SIGMATCH_INFO_DEPRECATED BIT_U16(10) |
#define SIGMATCH_INFO_STICKY_BUFFER BIT_U16(9) |
#define SIGMATCH_IPONLY_COMPAT BIT_U16(1) |
#define SIGMATCH_NOOPT BIT_U16(0) |
#define SIGMATCH_OPTIONAL_OPT BIT_U16(4) |
#define SIGMATCH_QUOTES_MANDATORY BIT_U16(6) |
#define SIGMATCH_QUOTES_OPTIONAL BIT_U16(5) |
#define SIGMATCH_STRICT_PARSING BIT_U16(11) |
typedef struct AppLayerTxData AppLayerTxData |
typedef struct DetectAddress_ DetectAddress |
address structure for use in the detection engine.
Contains the address information and matching information.
typedef struct DetectAddressHead_ DetectAddressHead |
Address grouping head. IPv4 and IPv6 are split out
typedef struct DetectBufferMpmRegistry_ DetectBufferMpmRegistry |
one time registration of keywords at start up
typedef struct DetectBufferType_ DetectBufferType |
typedef struct DetectEngineAppInspectionEngine_ DetectEngineAppInspectionEngine |
typedef struct DetectEngineCtx_ DetectEngineCtx |
main detection engine ctx
typedef struct DetectEngineIPOnlyCtx_ DetectEngineIPOnlyCtx |
IP only rules matching ctx.
typedef struct DetectEngineLookupFlow_ DetectEngineLookupFlow |
typedef struct DetectEngineMasterCtx_ DetectEngineMasterCtx |
typedef struct DetectEnginePktInspectionEngine DetectEnginePktInspectionEngine |
typedef struct DetectEngineTenantMapping_ DetectEngineTenantMapping |
typedef struct DetectEngineThreadCtx_ DetectEngineThreadCtx |
Detection engine thread data.
typedef struct DetectEngineTransforms DetectEngineTransforms |
typedef struct DetectMatchAddressIPv4_ DetectMatchAddressIPv4 |
typedef struct DetectMatchAddressIPv6_ DetectMatchAddressIPv6 |
typedef struct DetectPatternTracker DetectPatternTracker |
typedef struct DetectPort_ DetectPort |
Port structure for detection engine.
typedef struct DetectReplaceList_ DetectReplaceList |
typedef struct DetectVarList_ DetectVarList |
list for flowvar store candidates, to be stored from post-match function
typedef uint8_t(* InspectEngineFuncPtr) (struct DetectEngineCtx_ *de_ctx, struct DetectEngineThreadCtx_ *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const struct Signature_ *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) |
typedef struct InspectionBuffer InspectionBuffer |
typedef int(* InspectionBufferFrameInspectFunc) (struct DetectEngineThreadCtx_ *, const struct DetectEngineFrameInspectionEngine *engine, const struct Signature_ *s, Packet *p, const struct Frames *frames, const struct Frame *frame) |
typedef InspectionBuffer*(* InspectionBufferGetDataPtr) (struct DetectEngineThreadCtx_ *det_ctx, const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv, const int list_id) |
typedef InspectionBuffer*(* InspectionBufferGetPktDataPtr) (struct DetectEngineThreadCtx_ *det_ctx, const DetectEngineTransforms *transforms, Packet *p, const int list_id) |
typedef struct InspectionBufferMultipleForList InspectionBufferMultipleForList |
typedef int(* InspectionBufferPktInspectFunc) (struct DetectEngineThreadCtx_ *, const struct DetectEnginePktInspectionEngine *engine, const struct Signature_ *s, Packet *p, uint8_t *alert_flags) |
typedef InspectionBuffer*(* InspectionMultiBufferGetDataPtr) (struct DetectEngineThreadCtx_ *det_ctx, const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv, const int list_id, const uint32_t local_id) |
typedef struct IPOnlyCIDRItem_ IPOnlyCIDRItem |
typedef struct PrefilterEngine_ PrefilterEngine |
typedef struct PrefilterEngineList_ PrefilterEngineList |
typedef void(* PrefilterFrameFn) (DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p, const struct Frames *frames, const struct Frame *frame) |
typedef void(* PrefilterPktFn) (DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx) |
typedef void(* PrefilterTxFn) (DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p, Flow *f, void *tx, const uint64_t tx_id, const AppLayerTxData *tx_data, const uint8_t flags) |
typedef struct RuleMatchCandidateTx RuleMatchCandidateTx |
array of TX inspect rule candidates
typedef struct SCDetectRequiresStatus SCDetectRequiresStatus |
typedef struct SCFPSupportSMList_ SCFPSupportSMList |
typedef struct SigFileLoaderStat_ SigFileLoaderStat |
Signature loader statistics.
typedef struct SigGroupHead_ SigGroupHead |
Container for matching data for a signature group.
typedef struct SigGroupHeadInitData_ SigGroupHeadInitData |
typedef struct SigMatchCtx_ SigMatchCtx |
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something else.
typedef struct SigMatchData_ SigMatchData |
Data needed for Match()
typedef struct Signature_ Signature |
Signature container.
typedef struct SignatureInitData_ SignatureInitData |
typedef struct SignatureInitDataBuffer_ SignatureInitDataBuffer |
typedef struct SignatureNonPrefilterStore_ SignatureNonPrefilterStore |
typedef struct SigString_ SigString |
typedef struct SigTableElmt_ SigTableElmt |
element in sigmatch type table.
typedef struct TransformData_ TransformData |
anonymous enum |
anonymous enum |
anonymous enum |
anonymous enum |
anonymous enum |
enum DetectBufferMpmType |
enum DetectEngineType |
enum MpmBuiltinBuffers |
enum SignatureType |
TmEcode Detect | ( | ThreadVars * | tv, |
Packet * | p, | ||
void * | data | ||
) |
Detection engine thread wrapper.
Remember to add the options in SignatureIsIPOnly() at detect.c otherwise it wont be part of a signature group
tv | thread vars |
p | packet to inspect |
data | thread specific data |
pq | packet queue |
TM_ECODE_FAILED | error |
TM_ECODE_OK | ok |
void DetectEngineSetEvent | ( | DetectEngineThreadCtx * | det_ctx, |
uint8_t | e | ||
) |
Definition at line 4961 of file detect-engine.c.
References AppLayerDecoderEventsSetEventRaw(), DetectEngineThreadCtx_::decoder_events, and DetectEngineThreadCtx_::events.
Referenced by FileSwfDecompression(), FileSwfLzmaDecompression(), FileSwfZlibDecompression(), and InspectionBufferMultipleForListGet().
int DetectFlowbitsAnalyze | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 420 of file detect-flowbits.c.
References SignatureInitData_::buffer_index, DetectFlowbitsData_::cmd, FBAnalyze::cnts, de_ctx, DETECT_FLOWBITS, DETECT_FLOWBITS_CMD_ISNOTSET, DETECT_FLOWBITS_CMD_ISSET, DETECT_FLOWBITS_CMD_SET, DETECT_FLOWBITS_CMD_TOGGLE, DETECT_FLOWBITS_CMD_UNSET, DETECT_SM_LIST_MATCH, DETECT_SM_LIST_POSTMATCH, Signature_::id, DetectFlowbitsData_::idx, Signature_::init_data, SignatureInitData_::init_flags, FBAnalyze::isnotset_sids, FBAnalyze::isnotset_sids_idx, FBAnalyze::isnotset_sids_size, FBAnalyze::isset_sids, FBAnalyze::isset_sids_idx, FBAnalyze::isset_sids_size, MAX, DetectEngineCtx_::max_fb_id, MAX_SIDS, SigMatch_::next, Signature_::num, DetectFlowbitsData_::or_list, DetectFlowbitsData_::or_list_size, rule_engine_analysis_set, SCCalloc, SCLogDebug, SCLogError, SCLogWarning, SCRealloc, FBAnalyze::set_sids, FBAnalyze::set_sids_idx, FBAnalyze::set_sids_size, DetectEngineCtx_::sig_array, DetectEngineCtx_::sig_array_len, SIG_FLAG_INIT_STATE_MATCH, SignatureInitData_::smlists, FBAnalyze::state_cnts, FBAnalyze::toggle_sids, FBAnalyze::toggle_sids_idx, FBAnalyze::toggle_sids_size, FBAnalyze::unset_sids, FBAnalyze::unset_sids_idx, FBAnalyze::unset_sids_size, VAR_TYPE_FLOW_BIT, and VarNameStoreSetupLookup().
void* DetectGetInnerTx | ( | void * | tx_ptr, |
AppProto | alproto, | ||
AppProto | engine_alproto, | ||
uint8_t | flow_flags | ||
) |
Definition at line 1067 of file detect.c.
References ALPROTO_DNS, ALPROTO_DOH2, ALPROTO_HTTP2, and unlikely.
Referenced by AlertJsonDoh2(), and DetectRunPrefilterTx().
char* DetectLoadCompleteSigPath | ( | const DetectEngineCtx * | de_ctx, |
const char * | sig_file | ||
) |
Create the path if default-rule-path was specified.
sig_file | The name of the file |
str | Pointer to the string path + sig_file |
Definition at line 62 of file detect-engine-loader.c.
References ConfGetNode(), DetectEngineCtx_::config_prefix, de_ctx, ConfNode_::final, PathIsRelative(), PathMergeAlloc(), SCLogError, SCStrdup, unlikely, and ConfNode_::val.
void DetectMetadataHashFree | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 80 of file detect-metadata.c.
References de_ctx, HashTableFree(), and DetectEngineCtx_::metadata_table.
int DetectMetadataHashInit | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 69 of file detect-metadata.c.
References de_ctx, DetectEngineMustParseMetadata(), HashTableInit(), DetectEngineCtx_::metadata_table, StringHashCompareFunc(), StringHashFreeFunc(), and StringHashFunc().
int DetectRegisterThreadCtxFuncs | ( | DetectEngineCtx * | de_ctx, |
const char * | name, | ||
void *(*)(void *) | InitFunc, | ||
void * | data, | ||
void(*)(void *) | FreeFunc, | ||
int | mode | ||
) |
Register Thread keyword context Funcs.
de_ctx | detection engine to register in |
name | keyword name for error printing |
InitFunc | function ptr |
data | keyword init data to pass to Func. Can be NULL. |
FreeFunc | function ptr |
mode | 0 normal (ctx per keyword instance) 1 shared (one ctx per det_ct) |
id | for retrieval of ctx at runtime |
-1 | on error |
Definition at line 3619 of file detect-engine.c.
References BUG_ON, de_ctx, HashListTableInit(), and DetectEngineCtx_::keyword_hash.
void* DetectThreadCtxGetKeywordThreadCtx | ( | DetectEngineThreadCtx * | det_ctx, |
int | id | ||
) |
Retrieve thread local keyword ctx by id.
det_ctx | detection engine thread ctx to retrieve the ctx from |
id | id of the ctx returned by DetectRegisterThreadCtxInitFunc at keyword init. |
ctx | or NULL on error |
Definition at line 3689 of file detect-engine.c.
References DetectEngineThreadCtx_::keyword_ctxs_array, and DetectEngineThreadCtx_::keyword_ctxs_size.
Referenced by DetectLuaMatchBuffer(), and DetectPcrePayloadMatch().
int DetectUnregisterThreadCtxFuncs | ( | DetectEngineCtx * | de_ctx, |
void * | data, | ||
const char * | name | ||
) |
Remove Thread keyword context registration.
de_ctx | detection engine to deregister from |
det_ctx | detection engine thread context to deregister from |
data | keyword init data to pass to Func. Can be NULL. |
name | keyword name for error printing |
1 | Item unregistered |
0 | otherwise |
Definition at line 3671 of file detect-engine.c.
References DetectEngineThreadKeywordCtxItem_::data, de_ctx, HashListTableRemove(), and DetectEngineCtx_::keyword_hash.
void DisableDetectFlowFileFlags | ( | Flow * | f | ) |
void DumpPatterns | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 1304 of file detect-engine-analyzer.c.
References DetectEngineCtx_::buffer_type_id, DetectPatternTracker::cd, DetectPatternTracker::cnt, ConfigGetLogDirectory(), DetectContentData_::content_len, de_ctx, DETECT_CONTENT_DEPTH, DETECT_CONTENT_ENDS_WITH, DETECT_CONTENT_NEGATED, DETECT_CONTENT_NOCASE, DETECT_CONTENT_OFFSET, DETECT_SM_LIST_DYNAMIC_START, DetectContentPatternPrettyPrint(), DetectEngineBufferTypeGetNameById(), DetectListToHumanString(), DetectEngineCtx_::ea, EngineAnalysisCtx_::file_prefix, DetectContentData_::flags, g_rules_analyzer_write_m, HashListTableFree(), HashListTableGetListData, HashListTableGetListHead(), HashListTableGetListNext, DetectPatternTracker::mpm, DetectEngineCtx_::pattern_hash_table, SCMutexLock, SCMutexUnlock, DetectPatternTracker::sm_list, and str.
void RuleMatchCandidateTxArrayFree | ( | DetectEngineThreadCtx * | det_ctx | ) |
Definition at line 1000 of file detect.c.
References SCFree, DetectEngineThreadCtx_::tx_candidates, and DetectEngineThreadCtx_::tx_candidates_size.
void RuleMatchCandidateTxArrayInit | ( | DetectEngineThreadCtx * | det_ctx, |
uint32_t | size | ||
) |
Definition at line 987 of file detect.c.
References DEBUG_VALIDATE_BUG_ON, FatalError, SCCalloc, SCLogDebug, DetectEngineThreadCtx_::tx_candidates, and DetectEngineThreadCtx_::tx_candidates_size.
Signature* SigFindSignatureBySidGid | ( | DetectEngineCtx * | de_ctx, |
uint32_t | sid, | ||
uint32_t | gid | ||
) |
Find a specific signature by sid and gid.
de_ctx | detection engine ctx |
sid | the signature id |
gid | the signature group id |
s | sig found |
NULL | sig not found |
Definition at line 79 of file detect-engine-build.c.
References de_ctx, Signature_::next, and DetectEngineCtx_::sig_list.
int SigLoadSignatures | ( | DetectEngineCtx * | de_ctx, |
char * | sig_file, | ||
bool | sig_file_exclusive | ||
) |
Load signatures.
de_ctx | Pointer to the detection engine context |
sig_file | Filename (or pattern) holding signatures |
sig_file_exclusive | File passed in 'sig_file' should be loaded exclusively. |
-1 | on error |
Definition at line 287 of file detect-engine-loader.c.
References DetectEngineCtx_::config_prefix, de_ctx, RUNMODE_ENGINE_ANALYSIS, SCEnter, SCRunmodeGet(), SetupEngineAnalysis(), and DetectEngineCtx_::sig_stat.
SigMatch* SigMatchAlloc | ( | void | ) |
Definition at line 322 of file detect-parse.c.
References SigMatch_::next, SigMatch_::prev, SCCalloc, and unlikely.
void SigMatchFree | ( | DetectEngineCtx * | de_ctx, |
SigMatch * | sm | ||
) |
free a SigMatch
sm | SigMatch to free. |
free the ctx, for that we call the Free func
Definition at line 336 of file detect-parse.c.
References SigMatch_::ctx, de_ctx, SigTableElmt_::Free, SCFree, sigmatch_table, and SigMatch_::type.
Referenced by DetectIPProtoRemoveAllSMs(), and SigFree().
void SigMatchSignatures | ( | ThreadVars * | th_v, |
DetectEngineCtx * | de_ctx, | ||
DetectEngineThreadCtx * | det_ctx, | ||
Packet * | p | ||
) |
wrapper for old tests
Definition at line 1938 of file detect.c.
References Packet_::flow.
Referenced by UTHMatchPackets(), UTHMatchPacketsWithResults(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().
const SigGroupHead* SigMatchSignaturesGetSgh | ( | const DetectEngineCtx * | de_ctx, |
const Packet * | p | ||
) |
Get the SigGroupHead for a packet.
de_ctx | detection engine context |
p | packet |
sgh | the SigGroupHead or NULL if non applies to the packet |
Definition at line 220 of file detect.c.
References PacketEngineEvents_::cnt, de_ctx, DetectEngineCtx_::decoder_event_sgh, Packet_::events, Packet_::proto, SCEnter, and SCReturnPtr.
int SignatureIsIPOnly | ( | DetectEngineCtx * | de_ctx, |
const Signature * | s | ||
) |
Test is a initialized signature is IP only.
de_ctx | detection engine ctx |
s | the signature |
1 | sig is ip only |
2 | sig is like ip only |
0 | sig is not ip only |
Definition at line 209 of file detect-engine-build.c.
References Signature_::alproto, ALPROTO_UNKNOWN, DETECT_SM_LIST_PMATCH, Signature_::flags, Signature_::init_data, SIG_FLAG_APPLAYER, SIG_FLAG_TOCLIENT, SIG_FLAG_TOSERVER, and SignatureInitData_::smlists.
void SigRegisterTests | ( | void | ) |
Definition at line 4961 of file detect.c.
References IPOnlyRegisterTests(), SigParseRegisterTests(), and UtRegisterTest().
SigTableElmt* sigmatch_table |
Definition at line 127 of file detect-parse.c.
Referenced by DetectAckRegister(), DetectAppLayerEventRegister(), DetectAppLayerMpmRegisterByParentId(), DetectAppLayerProtocolRegister(), DetectAsn1Register(), DetectBase64DataRegister(), DetectBase64DecodeRegister(), DetectBsizeRegister(), DetectBypassRegister(), DetectByteExtractRegister(), DetectBytejumpRegister(), DetectBytemathRegister(), DetectBytetestRegister(), DetectClasstypeRegister(), DetectConfigRegister(), DetectContentRegister(), DetectCsumRegister(), DetectDatarepRegister(), DetectDatasetRegister(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectDceStubDataRegister(), DetectDepthRegister(), DetectDetectionFilterRegister(), DetectDistanceRegister(), DetectDnsAnswerNameRegister(), DetectDnsOpcodeRegister(), DetectDnsQueryNameRegister(), DetectDnsQueryRegister(), DetectDnsRcodeRegister(), DetectDnsRrtypeRegister(), DetectDsizeRegister(), DetectEngineAppInspectionEngineSignatureFree(), DetectEngineBufferTypeValidateTransform(), DetectEngineContentModifierBufferSetup(), DetectEngineEventRegister(), DetectEngineInspectGenericList(), DetectFastPatternRegister(), DetectFiledataRegister(), DetectFilemagicRegister(), DetectFileMd5Register(), DetectFilenameRegister(), DetectFileSha1Register(), DetectFileSha256Register(), DetectFilesizeRegister(), DetectFilestoreRegister(), DetectFlagsRegister(), DetectFlowAgeRegister(), DetectFlowbitsRegister(), DetectFlowBytesToClientRegister(), DetectFlowBytesToServerRegister(), DetectFlowintRegister(), DetectFlowPktsToClientRegister(), DetectFlowPktsToServerRegister(), DetectFlowRegister(), DetectFlowvarRegister(), DetectFragBitsRegister(), DetectFragOffsetRegister(), DetectFrameRegister(), DetectFtpbounceRegister(), DetectFtpdataRegister(), DetectGeoipRegister(), DetectGidRegister(), DetectHelperKeywordRegister(), DetectHostbitsRegister(), DetectHttp2Register(), DetectHttpClientBodyRegister(), DetectHttpCookieRegister(), DetectHttpHeaderNamesRegister(), DetectHttpHeaderRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpProtocolRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseHeaderRegister(), DetectHttpResponseLineRegister(), DetectHttpServerBodyRegister(), DetectHttpStartRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriRegister(), DetectIcmpIdRegister(), DetectIcmpSeqRegister(), DetectIcmpv4HdrRegister(), DetectICMPv6hdrRegister(), DetectICMPv6mtuRegister(), DetectICodeRegister(), DetectIdRegister(), DetectIkeChosenSaRegister(), DetectIkeExchTypeRegister(), DetectIkeKeyExchangePayloadLengthRegister(), DetectIkeKeyExchangeRegister(), DetectIkeNoncePayloadLengthRegister(), DetectIkeNonceRegister(), DetectIkeSpiRegister(), DetectIkeVendorRegister(), DetectIPAddrBufferRegister(), DetectIpOptsRegister(), DetectIPProtoRegister(), DetectIPRepRegister(), DetectIpv4hdrRegister(), DetectIpv6hdrRegister(), DetectIsdataatRegister(), DetectITypeRegister(), DetectJa4HashRegister(), DetectKrb5CNameRegister(), DetectKrb5ErrCodeRegister(), DetectKrb5MsgTypeRegister(), DetectKrb5SNameRegister(), DetectKrb5TicketEncryptionRegister(), DetectL3ProtoRegister(), DetectLuaRegister(), DetectMarkRegister(), DetectMetadataRegister(), DetectModbusRegister(), DetectMsgRegister(), DetectNfsProcedureRegister(), DetectNfsVersionRegister(), DetectNoalertRegister(), DetectNocaseRegister(), DetectOffsetRegister(), DetectPcreRegister(), DetectPktDataRegister(), DetectPktvarRegister(), DetectPrefilterRegister(), DetectPriorityRegister(), DetectQuicCyuHashRegister(), DetectQuicCyuStringRegister(), DetectQuicSniRegister(), DetectQuicUaRegister(), DetectQuicVersionRegister(), DetectRawbytesRegister(), DetectReferenceRegister(), DetectReplaceRegister(), DetectRequiresRegister(), DetectRevRegister(), DetectRpcRegister(), DetectSameipRegister(), DetectSeqRegister(), DetectSidRegister(), DetectSipMethodRegister(), DetectSipUriRegister(), DetectSmbNamedPipeRegister(), DetectSmbNtlmsspDomainRegister(), DetectSmbNtlmsspUserRegister(), DetectSmbShareRegister(), DetectSmbVersionRegister(), DetectSshHasshRegister(), DetectSshHasshServerRegister(), DetectSshHasshServerStringRegister(), DetectSshHasshStringRegister(), DetectSshProtocolRegister(), DetectSshSoftwareRegister(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectSslStateRegister(), DetectSslVersionRegister(), DetectStreamSizeRegister(), DetectTagRegister(), DetectTargetRegister(), DetectTcphdrRegister(), DetectTcpmssRegister(), DetectTemplate2Register(), DetectTemplateRegister(), DetectThresholdRegister(), DetectTlsAlpnRegister(), DetectTlsCertChainLenRegister(), DetectTlsCertsRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), DetectTlsJa3SStringRegister(), DetectTlsJa3StringRegister(), DetectTlsRandomBytesRegister(), DetectTlsRandomRegister(), DetectTlsRandomTimeRegister(), DetectTlsRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), DetectTlsSubjectAltNameRegister(), DetectTlsSubjectRegister(), DetectTlsValidityRegister(), DetectTlsVersionRegister(), DetectTosRegister(), DetectTransformCompressWhitespaceRegister(), DetectTransformDotPrefixRegister(), DetectTransformFromBase64DecodeRegister(), DetectTransformHeaderLowercaseRegister(), DetectTransformMd5Register(), DetectTransformPcrexformRegister(), DetectTransformSha1Register(), DetectTransformSha256Register(), DetectTransformStripPseudoHeadersRegister(), DetectTransformStripWhitespaceRegister(), DetectTransformToLowerRegister(), DetectTransformToUpperRegister(), DetectTransformUrlDecodeRegister(), DetectTransformXorRegister(), DetectTtlRegister(), DetectUdphdrRegister(), DetectUricontentRegister(), DetectUrilenRegister(), DetectWindowRegister(), DetectWithinRegister(), DetectXbitsRegister(), EngineAnalysisFP(), EngineAnalysisRules2(), InspectionBufferApplyTransforms(), PrefilterSetupRuleGroup(), SigFree(), SigMatchFree(), SigMatchStrictEnabled(), SigTableApplyStrictCommandLineOption(), SigTableCleanup(), SigTableList(), SigTableRegisterTests(), and SigTableSetup().
const struct SignatureProperties signature_properties[SIG_TYPE_MAX] |
Definition at line 110 of file detect-engine.c.