suricata
|
Signature container. More...
#include <detect.h>
uint8_t Signature_::action |
DetectMatchAddressIPv4* Signature_::addr_dst_match4 |
DetectMatchAddressIPv6* Signature_::addr_dst_match6 |
DetectMatchAddressIPv4* Signature_::addr_src_match4 |
DetectMatchAddressIPv6* Signature_::addr_src_match6 |
AppProto Signature_::alproto |
Definition at line 544 of file detect.h.
Referenced by DetectEngineAppInspectionEngine2Signature(), DetectEngineContentModifierBufferSetup(), DetectSignatureSetAppProto(), EngineAnalysisRules2(), SigGroupHeadBuildNonPrefilterArray(), and SignatureIsIPOnly().
DetectEngineAppInspectionEngine* Signature_::app_inspect |
Definition at line 589 of file detect.h.
Referenced by DetectEngineAppInspectionEngineSignatureFree().
IPOnlyCIDRItem * Signature_::cidr_dst |
IPOnlyCIDRItem* Signature_::cidr_src |
char* Signature_::class_msg |
classification message
Definition at line 603 of file detect.h.
Referenced by AlertFastLogger(), and AlertJsonHeader().
DetectPort * Signature_::dp |
Definition at line 580 of file detect.h.
Referenced by IPOnlyMatchPacket().
uint16_t Signature_::dsize_high |
Definition at line 547 of file detect.h.
Referenced by SigParseSetDsizePair().
uint16_t Signature_::dsize_low |
Definition at line 546 of file detect.h.
Referenced by SigParseSetDsizePair().
uint8_t Signature_::dsize_mode |
Definition at line 548 of file detect.h.
Referenced by SigParseSetDsizePair().
uint8_t Signature_::file_flags |
Definition at line 555 of file detect.h.
Referenced by DetectFileHashMatch(), SignatureIsFilemagicInspecting(), SignatureIsFileMd5Inspecting(), SignatureIsFileSha1Inspecting(), SignatureIsFileSha256Inspecting(), and SignatureIsFilesizeInspecting().
const struct DetectFilestoreData_* Signature_::filestore_ctx |
uint32_t Signature_::flags |
Definition at line 541 of file detect.h.
Referenced by AlertJsonHeader(), DetectContentPMATCHValidateCallback(), DetectEngineInspectStreamPayload(), DetectFlowSetupImplicit(), EngineAnalysisRules2(), IPOnlyAddSignature(), IPOnlyMatchPacket(), IPOnlySigParseAddress(), SigAddressPrepareStage1(), SigGroupHeadBuildNonPrefilterArray(), SignatureHasPacketContent(), SignatureHasStreamContent(), SignatureIsFilestoring(), SignatureIsIPOnly(), SigParseApplyDsizeToContent(), SigParseGetMaxDsize(), SigParseMaxRequiredDsize(), and SigParseSetDsizePair().
DetectEngineFrameInspectionEngine* Signature_::frame_inspect |
Definition at line 591 of file detect.h.
Referenced by DetectEngineAppInspectionEngineSignatureFree(), and DetectRunFrameInspectRule().
uint32_t Signature_::gid |
generator id
Definition at line 575 of file detect.h.
Referenced by AlertFastLogger(), AlertJsonHeader(), and EngineAnalysisRules2().
uint32_t Signature_::id |
sid, set by the 'sid' rule keyword
Definition at line 574 of file detect.h.
Referenced by AlertFastLogger(), AlertJsonHeader(), DetectEnginePktInspectionRun(), DetectFileInspectGeneric(), DetectFlowbitsAnalyze(), DetectRunFrameInspectRule(), EngineAnalysisRules2(), PacketAlertCheck(), RulesDumpMatchArray(), RulesDumpTxMatchArray(), SigAddressPrepareStage1(), SigGroupHeadContainsSigId(), SignatureIsIPOnly(), SigParseApplyDsizeToContent(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().
SignatureInitData* Signature_::init_data |
Definition at line 611 of file detect.h.
Referenced by DetectAppLayerEventPrepare(), DetectBufferGetActiveList(), DetectByteExtractRetrieveSMVar(), DetectByteMathRetrieveSMVar(), DetectContentPropagateLimits(), DetectContentSetup(), DetectEngineAppInspectionEngine2Signature(), DetectEngineContentModifierBufferSetup(), DetectEnginePktInspectionSetup(), DetectFlagsSignatureNeedsSynOnlyPackets(), DetectFlagsSignatureNeedsSynPackets(), DetectFlowbitsAnalyze(), DetectGetLastSM(), DetectGetLastSMByListId(), DetectGetLastSMFromLists(), DetectGetLastSMFromMpmLists(), DetectIPProtoRemoveAllSMs(), DetectSignatureAddTransform(), EngineAnalysisFP(), RetrieveFPForSig(), SigAlloc(), SigFree(), SigMatchListSMBelongsTo(), SigMatchRemoveSMFromList(), SignatureHasPacketContent(), SignatureHasStreamContent(), SignatureIsIPOnly(), SigParseApplyDsizeToContent(), SigParseGetMaxDsize(), and SigParseSetDsizePair().
SignatureMask Signature_::mask |
Definition at line 550 of file detect.h.
Referenced by EngineAnalysisRules2(), and SigGroupHeadBuildNonPrefilterArray().
DetectMetadataHead* Signature_::metadata |
char* Signature_::msg |
Definition at line 600 of file detect.h.
Referenced by AlertFastLogger(), AlertJsonHeader(), and EngineAnalysisRules2().
struct Signature_* Signature_::next |
ptr to the next sig in the list
Definition at line 614 of file detect.h.
Referenced by SigAddressPrepareStage1(), SigCleanSignatures(), SigFindSignatureBySidGid(), SigGroupBuild(), and ThresholdHashAllocate().
SigIntId Signature_::num |
signature number, internal id
Definition at line 551 of file detect.h.
Referenced by DetectFlowbitsAnalyze(), SigAddressPrepareStage1(), SigGroupBuild(), SigGroupHeadBuildNonPrefilterArray(), and ThresholdHashAllocate().
DetectEnginePktInspectionEngine* Signature_::pkt_inspect |
Definition at line 590 of file detect.h.
Referenced by DetectEngineAppInspectionEngineSignatureFree(), DetectEnginePktInspectionRun(), and EngineAnalysisRules2().
int Signature_::prio |
Definition at line 577 of file detect.h.
Referenced by AlertFastLogger(), AlertJsonHeader(), and SigAlloc().
DetectProto Signature_::proto |
addresses, ports and proto this sig matches on
Definition at line 558 of file detect.h.
Referenced by IPOnlyMatchPacket(), SignatureHasPacketContent(), and SignatureHasStreamContent().
DetectReference* Signature_::references |
uint32_t Signature_::rev |
Definition at line 576 of file detect.h.
Referenced by AlertFastLogger(), AlertJsonHeader(), and EngineAnalysisRules2().
char* Signature_::sig_str |
Definition at line 609 of file detect.h.
Referenced by DetectSignatureAddTransform(), EngineAnalysisRules2(), and SigParseMaxRequiredDsize().
SigMatchData* Signature_::sm_arrays[DETECT_SM_LIST_MAX] |
Definition at line 595 of file detect.h.
Referenced by DetectBase64DataDoMatch(), DetectEngineInspectPacketPayload(), DetectEnginePktInspectionSetup(), SignatureHasPacketContent(), SignatureHasStreamContent(), and ThresholdHashAllocate().
DetectPort* Signature_::sp |
port settings for this signature
Definition at line 580 of file detect.h.
Referenced by IPOnlyMatchPacket().