element in sigmatch type table. More...

#include <detect.h>

Data Fields
int(*	Match )(DetectEngineThreadCtx , Packet , const Signature , const SigMatchCtx )

int(*	AppLayerTxMatch )(DetectEngineThreadCtx , Flow , uint8_t flags, void alstate, void txv, const Signature , const SigMatchCtx )

int(*	FileMatch )(DetectEngineThreadCtx , Flow , uint8_t flags, File , const Signature , const SigMatchCtx *)

void(*	Transform )(DetectEngineThreadCtx , InspectionBuffer , void *context)

bool(*	TransformValidate )(const uint8_t content, uint16_t content_len, void context)

void(*	TransformId )(const uint8_t *data, uint32_t length, void *context)

int(*	Setup )(DetectEngineCtx , Signature , const char *)

bool(*	SupportsPrefilter )(const Signature *s)

int(*	SetupPrefilter )(DetectEngineCtx de_ctx, struct SigGroupHead_ sgh)

void(*	Free )(DetectEngineCtx , void )

void(*	RegisterTests )(void)

uint32_t	flags

uint8_t	tables

uint16_t	alternative

const char *	name

const char *	alias

const char *	desc

const char *	url

void(*	Cleanup )(struct SigTableElmt_ *)

Detailed Description

element in sigmatch type table.

Definition at line 1418 of file detect.h.

Field Documentation

◆ alias

const char* SigTableElmt_::alias

◆ alternative

uint16_t SigTableElmt_::alternative

better keyword to replace the current one

Definition at line 1456 of file detect.h.

◆ AppLayerTxMatch

int(* SigTableElmt_::AppLayerTxMatch) (DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)

AppLayer TX match function pointer

Definition at line 1423 of file detect.h.

Referenced by DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectFtpdataRegister(), DetectFtpReplyReceivedRegister(), DetectHttp2Register(), DetectKrb5ErrCodeRegister(), DetectKrb5TicketEncryptionRegister(), DetectNfsVersionRegister(), DetectSslStateRegister(), DetectSslVersionRegister(), DetectTlsCertChainLenRegister(), DetectTlsRegister(), DetectTlsValidityRegister(), DetectTlsVersionRegister(), DetectXbitsRegister(), and SCDetectHelperKeywordRegister().

◆ Cleanup

void(* SigTableElmt_::Cleanup) (struct SigTableElmt_ *)

Definition at line 1464 of file detect.h.

Referenced by SCDetectHelperKeywordSetCleanCString(), and SigTableCleanup().

◆ desc

const char* SigTableElmt_::desc

Definition at line 1460 of file detect.h.

◆ FileMatch

int(* SigTableElmt_::FileMatch) (DetectEngineThreadCtx *, Flow *, uint8_t flags, File *, const Signature *, const SigMatchCtx *)

File match function pointer

Definition at line 1428 of file detect.h.

Referenced by DetectFileMd5Register(), DetectFileSha1Register(), DetectFileSha256Register(), DetectFilesizeRegister(), and DetectFilestoreRegister().

◆ flags

uint32_t SigTableElmt_::flags

Definition at line 1449 of file detect.h.

Referenced by SCDetectHelperKeywordRegister(), SCDetectHelperTransformRegister(), and SigTableApplyStrictCommandLineOption().

◆ Free

void(* SigTableElmt_::Free) (DetectEngineCtx *, void *)

Definition at line 1445 of file detect.h.

Referenced by DetectContentRegister(), DetectEngineAppInspectionEngineSignatureFree(), DetectEntropyRegister(), DetectIsdataatRegister(), SCDetectHelperKeywordRegister(), SCDetectHelperTransformRegister(), SigFree(), and SigMatchFree().

◆ Match

int(* SigTableElmt_::Match) (DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)

Packet match function pointer

Definition at line 1420 of file detect.h.

Referenced by DetectAckRegister(), DetectAppLayerEventRegister(), DetectAppLayerProtocolRegister(), DetectBsizeRegister(), DetectBypassRegister(), DetectByteExtractRegister(), DetectBytejumpRegister(), DetectBytemathRegister(), DetectConfigRegister(), DetectContentRegister(), DetectCsumRegister(), DetectDepthRegister(), DetectDetectionFilterRegister(), DetectDistanceRegister(), DetectDsizeRegister(), DetectEngineEventRegister(), DetectFastPatternRegister(), DetectFlagsRegister(), DetectFlowAgeRegister(), DetectFlowbitsRegister(), DetectFlowBytesRegister(), DetectFlowBytesToClientRegister(), DetectFlowBytesToServerRegister(), DetectFlowElephantRegister(), DetectFlowintRegister(), DetectFlowPktsRegister(), DetectFlowPktsToClientRegister(), DetectFlowPktsToServerRegister(), DetectFlowRegister(), DetectFlowvarRegister(), DetectFragBitsRegister(), DetectFragOffsetRegister(), DetectGidRegister(), DetectHostbitsRegister(), DetectHttp2Register(), DetectHttpMethodRegister(), DetectHttpRequestLineRegister(), DetectIcmpIdRegister(), DetectIcmpSeqRegister(), DetectICMPv6mtuRegister(), DetectICodeRegister(), DetectIdRegister(), DetectIpOptsRegister(), DetectIPProtoRegister(), DetectIPRepRegister(), DetectIsdataatRegister(), DetectITypeRegister(), DetectKrb5ErrCodeRegister(), DetectKrb5TicketEncryptionRegister(), DetectL3ProtoRegister(), DetectLuaRegister(), DetectMarkRegister(), DetectMetadataRegister(), DetectModbusRegister(), DetectMsgRegister(), DetectPcreRegister(), DetectPktvarRegister(), DetectReplaceRegister(), DetectRpcRegister(), DetectSameipRegister(), DetectSeqRegister(), DetectSidRegister(), DetectStreamSizeRegister(), DetectTagRegister(), DetectTargetRegister(), DetectTcpmssRegister(), DetectTcpWscaleRegister(), DetectTemplate2Register(), DetectTemplateRegister(), DetectThresholdRegister(), DetectTosRegister(), DetectTtlRegister(), DetectUricontentRegister(), DetectUrilenRegister(), DetectVlanIdRegister(), DetectVlanLayersRegister(), DetectWindowRegister(), and DetectWithinRegister().

◆ name

const char* SigTableElmt_::name

keyword name alias

Definition at line 1458 of file detect.h.

◆ RegisterTests

void(* SigTableElmt_::RegisterTests) (void)

Definition at line 1447 of file detect.h.

Referenced by DetectContentRegister(), DetectHttpUriRegister(), DetectIsdataatRegister(), DetectJa4HashRegister(), and SigTableRegisterTests().

◆ Setup

int(* SigTableElmt_::Setup) (DetectEngineCtx *, Signature *, const char *)

keyword setup function pointer

Definition at line 1440 of file detect.h.

◆ SetupPrefilter

int(* SigTableElmt_::SetupPrefilter) (DetectEngineCtx *de_ctx, struct SigGroupHead_ *sgh)

Definition at line 1443 of file detect.h.

Referenced by PrefilterSetupRuleGroup().

◆ SupportsPrefilter

bool(* SigTableElmt_::SupportsPrefilter) (const Signature *s)

Definition at line 1442 of file detect.h.

◆ tables

uint8_t SigTableElmt_::tables

bitfield of tables supported by this rule: used by DETECT_TABLE_*_FLAG flags.

Definition at line 1453 of file detect.h.

◆ Transform

void(* SigTableElmt_::Transform) (DetectEngineThreadCtx *, InspectionBuffer *, void *context)

InspectionBuffer transformation callback

Definition at line 1433 of file detect.h.

Referenced by DetectTransformLuaxformRegister(), DetectTransformPcrexformRegister(), and SCDetectHelperTransformRegister().

◆ TransformId

void(* SigTableElmt_::TransformId) (const uint8_t **data, uint32_t *length, void *context)

Transform identity callback

Definition at line 1437 of file detect.h.

Referenced by SCDetectHelperTransformRegister().

◆ TransformValidate

bool(* SigTableElmt_::TransformValidate) (const uint8_t *content, uint16_t content_len, void *context)

Definition at line 1434 of file detect.h.

Referenced by DetectEngineBufferTypeValidateTransform(), and SCDetectHelperTransformRegister().

◆ url

const char* SigTableElmt_::url

Definition at line 1461 of file detect.h.

The documentation for this struct was generated from the following file:

src/detect.h

Data Fields