element in sigmatch type table. More...

#include <detect.h>

Data Fields
int(*	Match )(DetectEngineThreadCtx , Packet , const Signature , const SigMatchCtx )

int(*	AppLayerTxMatch )(DetectEngineThreadCtx , Flow , uint8_t flags, void alstate, void txv, const Signature , const SigMatchCtx )

int(*	FileMatch )(DetectEngineThreadCtx , Flow , uint8_t flags, File , const Signature , const SigMatchCtx *)

void(*	Transform )(DetectEngineThreadCtx , InspectionBuffer , const void *context)

bool(*	TransformValidate )(const uint8_t content, uint16_t content_len, const void context)

void(*	TransformId )(const uint8_t *data, uint32_t length, const void *context)

int(*	Setup )(DetectEngineCtx , Signature , const char *)

bool(*	SupportsPrefilter )(const Signature *s)

int(*	SetupPrefilter )(DetectEngineCtx de_ctx, struct SigGroupHead_ sgh)

void(*	Free )(DetectEngineCtx , void )

void(*	RegisterTests )(void)

uint32_t	flags

uint8_t	tables

uint16_t	alternative

const char *	name

const char *	alias

const char *	desc

const char *	url

void(*	Cleanup )(struct SigTableElmt_ *)

Detailed Description

element in sigmatch type table.

Definition at line 1460 of file detect.h.

Field Documentation

◆ alias

◆ alternative

uint16_t SigTableElmt_::alternative

better keyword to replace the current one

Definition at line 1498 of file detect.h.

◆ AppLayerTxMatch

int(* SigTableElmt_::AppLayerTxMatch) (DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)

AppLayer TX match function pointer

Definition at line 1465 of file detect.h.

Referenced by DetectFtpdataRegister(), DetectFtpReplyReceivedRegister(), DetectHttp2Register(), DetectKrb5ErrCodeRegister(), DetectKrb5TicketEncryptionRegister(), DetectNfsVersionRegister(), DetectSslStateRegister(), DetectSslVersionRegister(), DetectTlsCertChainLenRegister(), DetectTlsRegister(), DetectTlsValidityRegister(), DetectTlsVersionRegister(), DetectXbitsRegister(), and SCDetectHelperKeywordRegister().

◆ Cleanup

void(* SigTableElmt_::Cleanup) (struct SigTableElmt_ *)

Definition at line 1506 of file detect.h.

Referenced by SCDetectHelperKeywordSetCleanCString(), and SigTableCleanup().

◆ desc

const char* SigTableElmt_::desc

Definition at line 1502 of file detect.h.

◆ FileMatch

int(* SigTableElmt_::FileMatch) (DetectEngineThreadCtx *, Flow *, uint8_t flags, File *, const Signature *, const SigMatchCtx *)

File match function pointer

Definition at line 1470 of file detect.h.

Referenced by DetectFileMd5Register(), DetectFileSha1Register(), DetectFileSha256Register(), DetectFilesizeRegister(), and DetectFilestoreRegister().

◆ flags

uint32_t SigTableElmt_::flags

Definition at line 1491 of file detect.h.

Referenced by SCDetectHelperKeywordRegister(), SCDetectHelperTransformRegister(), and SigTableApplyStrictCommandLineOption().

◆ Free

void(* SigTableElmt_::Free) (DetectEngineCtx *, void *)

Definition at line 1487 of file detect.h.

Referenced by DetectContentRegister(), DetectEngineAppInspectionEngineSignatureFree(), DetectEntropyRegister(), DetectIsdataatRegister(), SCDetectHelperKeywordRegister(), SCDetectHelperTransformRegister(), SigFree(), and SigMatchFree().

◆ Match

int(* SigTableElmt_::Match) (DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)

Packet match function pointer

Definition at line 1462 of file detect.h.

Referenced by DetectAckRegister(), DetectAppLayerEventRegister(), DetectAppLayerProtocolRegister(), DetectBsizeRegister(), DetectBypassRegister(), DetectByteExtractRegister(), DetectBytejumpRegister(), DetectBytemathRegister(), DetectConfigRegister(), DetectContentRegister(), DetectCsumRegister(), DetectDepthRegister(), DetectDetectionFilterRegister(), DetectDistanceRegister(), DetectDsizeRegister(), DetectEngineEventRegister(), DetectFastPatternRegister(), DetectFlagsRegister(), DetectFlowAgeRegister(), DetectFlowbitsRegister(), DetectFlowBytesRegister(), DetectFlowBytesToClientRegister(), DetectFlowBytesToServerRegister(), DetectFlowElephantRegister(), DetectFlowintRegister(), DetectFlowPktsRegister(), DetectFlowPktsToClientRegister(), DetectFlowPktsToServerRegister(), DetectFlowRegister(), DetectFlowvarRegister(), DetectFragBitsRegister(), DetectFragOffsetRegister(), DetectGidRegister(), DetectHostbitsRegister(), DetectHttp2Register(), DetectHttpMethodRegister(), DetectHttpRequestLineRegister(), DetectIcmpIdRegister(), DetectIcmpSeqRegister(), DetectICMPv6mtuRegister(), DetectICodeRegister(), DetectIdRegister(), DetectIGMPTypeRegister(), DetectIpOptsRegister(), DetectIPProtoRegister(), DetectIPRepRegister(), DetectIsdataatRegister(), DetectITypeRegister(), DetectKrb5ErrCodeRegister(), DetectKrb5TicketEncryptionRegister(), DetectL3ProtoRegister(), DetectLuaRegister(), DetectMarkRegister(), DetectMetadataRegister(), DetectModbusRegister(), DetectMsgRegister(), DetectPcreRegister(), DetectPktvarRegister(), DetectReplaceRegister(), DetectRpcRegister(), DetectSameipRegister(), DetectSeqRegister(), DetectSidRegister(), DetectStreamSizeRegister(), DetectTagRegister(), DetectTargetRegister(), DetectTcpmssRegister(), DetectTcpWscaleRegister(), DetectTemplate2Register(), DetectTemplateRegister(), DetectThresholdRegister(), DetectTosRegister(), DetectTtlRegister(), DetectUricontentRegister(), DetectUrilenRegister(), DetectVlanIdRegister(), DetectVlanLayersRegister(), DetectWindowRegister(), and DetectWithinRegister().

◆ name

const char* SigTableElmt_::name

keyword name alias

Definition at line 1500 of file detect.h.

◆ RegisterTests

void(* SigTableElmt_::RegisterTests) (void)

Definition at line 1489 of file detect.h.

Referenced by DetectContentRegister(), DetectHttpUriRegister(), DetectIsdataatRegister(), DetectJa4HashRegister(), and SigTableRegisterTests().

◆ Setup

int(* SigTableElmt_::Setup) (DetectEngineCtx *, Signature *, const char *)

keyword setup function pointer

Definition at line 1482 of file detect.h.

◆ SetupPrefilter

int(* SigTableElmt_::SetupPrefilter) (DetectEngineCtx *de_ctx, struct SigGroupHead_ *sgh)

Definition at line 1485 of file detect.h.

Referenced by PrefilterSetupRuleGroup().

◆ SupportsPrefilter

bool(* SigTableElmt_::SupportsPrefilter) (const Signature *s)

Definition at line 1484 of file detect.h.

◆ tables

uint8_t SigTableElmt_::tables

bitfield of tables supported by this rule: used by DETECT_TABLE_*_FLAG flags.

Definition at line 1495 of file detect.h.

◆ Transform

void(* SigTableElmt_::Transform) (DetectEngineThreadCtx *, InspectionBuffer *, const void *context)

InspectionBuffer transformation callback

Definition at line 1475 of file detect.h.

Referenced by DetectTransformLuaxformRegister(), DetectTransformPcrexformRegister(), and SCDetectHelperTransformRegister().

◆ TransformId

void(* SigTableElmt_::TransformId) (const uint8_t **data, uint32_t *length, const void *context)

Transform identity callback

Definition at line 1479 of file detect.h.

Referenced by SCDetectHelperTransformRegister().

◆ TransformValidate

bool(* SigTableElmt_::TransformValidate) (const uint8_t *content, uint16_t content_len, const void *context)

Definition at line 1476 of file detect.h.

Referenced by DetectEngineBufferTypeValidateTransform(), and SCDetectHelperTransformRegister().

◆ url

const char* SigTableElmt_::url

Definition at line 1503 of file detect.h.

The documentation for this struct was generated from the following file:

src/detect.h

Data Fields