#include <detect.h>

Collaboration diagram for SignatureInitData_:

[legend]

Data Fields
SignatureHook	hook

uint16_t	sm_cnt

bool	negated

bool	src_contains_negation

bool	dst_contains_negation

bool	has_possible_prefilter

uint32_t	init_flags

AppProto	alprotos [SIG_ALPROTO_MAX]

SigMatch *	dsize_sm

IPOnlyCIDRItem *	cidr_src

IPOnlyCIDRItem *	cidr_dst

int	mpm_sm_list

SigMatch *	mpm_sm

SigMatch *	prefilter_sm

int	list

bool	list_set

DetectEngineTransforms	transforms

int	score

const DetectAddressHead *	src

const DetectAddressHead *	dst

struct SigMatch_ *	smlists [DETECT_SM_LIST_MAX]

struct SigMatch_ *	smlists_tail [DETECT_SM_LIST_MAX]

SignatureInitDataBuffer *	buffers

uint32_t	buffer_index

uint32_t	buffers_size

SignatureInitDataBuffer *	curbuf

uint32_t	max_content_list_id

bool	is_rule_state_dependant

uint32_t *	rule_state_dependant_sids_array

uint32_t	rule_state_dependant_sids_size

uint32_t	rule_state_dependant_sids_idx

uint32_t *	rule_state_flowbits_ids_array

uint32_t	rule_state_flowbits_ids_size

bool	firewall_rule

Detailed Description

Definition at line 591 of file detect.h.

Field Documentation

◆ alprotos

AppProto SignatureInitData_::alprotos[SIG_ALPROTO_MAX]

Definition at line 614 of file detect.h.

Referenced by DetectSignatureSetMultiAppProto().

◆ buffer_index

uint32_t SignatureInitData_::buffer_index

Definition at line 650 of file detect.h.

Referenced by DetectBufferGetActiveList(), DetectBufferGetFirstSigMatch(), DetectBufferGetLastSigMatch(), DetectBufferIsPresent(), DetectByteExtractRetrieveSMVar(), DetectByteMathRetrieveSMVar(), DetectEngineAppInspectionEngine2Signature(), DetectGetLastSM(), DetectGetLastSMByListId(), DetectGetLastSMFromLists(), DetectGetLastSMFromMpmLists(), DetectMd5ValidateCallback(), DetectUrilenValidateContent(), SigFree(), SigMatchListSMBelongsTo(), and SignatureInitDataBufferCheckExpand().

◆ buffers

◆ buffers_size

uint32_t SignatureInitData_::buffers_size

Definition at line 651 of file detect.h.

Referenced by SigAlloc(), and SignatureInitDataBufferCheckExpand().

◆ cidr_dst

IPOnlyCIDRItem * SignatureInitData_::cidr_dst

Definition at line 620 of file detect.h.

Referenced by SigFree().

◆ cidr_src

IPOnlyCIDRItem* SignatureInitData_::cidr_src

netblocks and hosts specified at the sid, in CIDR format

Definition at line 620 of file detect.h.

Referenced by SigFree().

◆ curbuf

SignatureInitDataBuffer* SignatureInitData_::curbuf

Definition at line 652 of file detect.h.

Referenced by DetectBufferGetActiveList().

◆ dsize_sm

SigMatch* SignatureInitData_::dsize_sm

Definition at line 617 of file detect.h.

Referenced by SigParseGetMaxDsize(), and SigParseSetDsizePair().

◆ dst

const DetectAddressHead * SignatureInitData_::dst

Definition at line 641 of file detect.h.

◆ dst_contains_negation

bool SignatureInitData_::dst_contains_negation

Definition at line 604 of file detect.h.

◆ firewall_rule

bool SignatureInitData_::firewall_rule

Definition at line 666 of file detect.h.

Referenced by EngineAnalysisRules2().

◆ has_possible_prefilter

bool SignatureInitData_::has_possible_prefilter

see if any of the sigmatches supports an enabled prefilter

Definition at line 607 of file detect.h.

◆ hook

SignatureHook SignatureInitData_::hook

Definition at line 592 of file detect.h.

Referenced by SignatureIsIPOnly(), and SignatureSetType().

◆ init_flags

uint32_t SignatureInitData_::init_flags

Definition at line 610 of file detect.h.

Referenced by DetectEnginePktInspectionSetup().

◆ is_rule_state_dependant

bool SignatureInitData_::is_rule_state_dependant

Definition at line 658 of file detect.h.

Referenced by EngineAnalysisRules2(), and SigAlloc().

◆ list

int SignatureInitData_::list

Definition at line 630 of file detect.h.

Referenced by DetectBufferGetActiveList(), DetectContentSetup(), DetectEngineContentModifierBufferSetup(), DetectGetLastSMFromLists(), DetectSignatureAddTransform(), and SigAlloc().

◆ list_set

bool SignatureInitData_::list_set

Definition at line 631 of file detect.h.

Referenced by DetectBufferGetActiveList(), and DetectSignatureAddTransform().

◆ max_content_list_id

uint32_t SignatureInitData_::max_content_list_id

Definition at line 655 of file detect.h.

Referenced by RetrieveFPForSig().

◆ mpm_sm

SigMatch* SignatureInitData_::mpm_sm

Definition at line 625 of file detect.h.

Referenced by DetectEngineAppInspectionEngine2Signature(), DetectSetFastPatternAndItsId(), EngineAnalysisFP(), MpmStorePrepareBuffer(), and RetrieveFPForSig().

◆ mpm_sm_list

int SignatureInitData_::mpm_sm_list

Definition at line 623 of file detect.h.

Referenced by DetectEngineAppInspectionEngine2Signature(), EngineAnalysisFP(), and SigAlloc().

◆ negated

bool SignatureInitData_::negated

option was prefixed with '!'. Only set for sigmatches that have the SIGMATCH_HANDLE_NEGATION flag set.

Definition at line 599 of file detect.h.

Referenced by DetectContentSetup().

◆ prefilter_sm

SigMatch* SignatureInitData_::prefilter_sm

Definition at line 627 of file detect.h.

Referenced by EngineAnalysisFP().

◆ rule_state_dependant_sids_array

uint32_t* SignatureInitData_::rule_state_dependant_sids_array

Definition at line 659 of file detect.h.

Referenced by EngineAnalysisRules2().

◆ rule_state_dependant_sids_idx

uint32_t SignatureInitData_::rule_state_dependant_sids_idx

Definition at line 661 of file detect.h.

Referenced by EngineAnalysisRules2(), and SigAlloc().

◆ rule_state_dependant_sids_size

uint32_t SignatureInitData_::rule_state_dependant_sids_size

Definition at line 660 of file detect.h.

Referenced by EngineAnalysisRules2().

◆ rule_state_flowbits_ids_array

uint32_t* SignatureInitData_::rule_state_flowbits_ids_array

Definition at line 662 of file detect.h.

Referenced by EngineAnalysisRules2().

◆ rule_state_flowbits_ids_size

uint32_t SignatureInitData_::rule_state_flowbits_ids_size

Definition at line 663 of file detect.h.

Referenced by EngineAnalysisRules2().

◆ score

int SignatureInitData_::score

score to influence rule grouping. A higher value leads to a higher likelihood of a rulegroup with this sig ending up as a contained group.

Definition at line 638 of file detect.h.

◆ sm_cnt

uint16_t SignatureInitData_::sm_cnt

Number of sigmatches. Used for assigning SigMatch::idx

Definition at line 595 of file detect.h.

◆ smlists

struct SigMatch_* SignatureInitData_::smlists[DETECT_SM_LIST_MAX]

Definition at line 644 of file detect.h.

Referenced by DetectFlagsSignatureNeedsSynOnlyPackets(), DetectFlagsSignatureNeedsSynPackets(), DetectIPProtoRemoveAllSMs(), RetrieveFPForSig(), SigFree(), SigMatchRemoveSMFromList(), SignatureHasPacketContent(), SignatureHasStreamContent(), SignatureIsIPOnly(), SigParseApplyDsizeToContent(), and SigParseMaxRequiredDsize().

◆ smlists_tail

struct SigMatch_* SignatureInitData_::smlists_tail[DETECT_SM_LIST_MAX]

Definition at line 646 of file detect.h.

Referenced by DetectGetLastSM(), DetectGetLastSMFromMpmLists(), and SigMatchRemoveSMFromList().

◆ src

const DetectAddressHead* SignatureInitData_::src

address settings for this signature

Definition at line 641 of file detect.h.

◆ src_contains_negation

bool SignatureInitData_::src_contains_negation

Definition at line 603 of file detect.h.

◆ transforms

DetectEngineTransforms SignatureInitData_::transforms

Definition at line 633 of file detect.h.

Referenced by DetectBufferGetActiveList(), DetectSignatureAddTransform(), and SigFree().

The documentation for this struct was generated from the following file:

src/detect.h

Data Fields

Detailed Description

Field Documentation

◆ alprotos

◆ buffer_index

◆ buffers

◆ buffers_size

◆ cidr_dst

◆ cidr_src

◆ curbuf

◆ dsize_sm

◆ dst

◆ dst_contains_negation

◆ firewall_rule

◆ has_possible_prefilter

◆ hook

◆ init_flags

◆ is_rule_state_dependant

◆ list

◆ list_set

◆ max_content_list_id

◆ mpm_sm

◆ mpm_sm_list

◆ negated

◆ prefilter_sm

◆ rule_state_dependant_sids_array

◆ rule_state_dependant_sids_idx

◆ rule_state_dependant_sids_size

◆ rule_state_flowbits_ids_array

◆ rule_state_flowbits_ids_size

◆ score

◆ sm_cnt

◆ smlists

◆ smlists_tail

◆ src

◆ src_contains_negation

◆ transforms