suricata
|
Signature container. More...
#include <detect.h>
Data Fields | |
uint32_t | flags |
enum SignatureType | type |
AppProto | alproto |
uint16_t | dsize_low |
uint16_t | dsize_high |
uint8_t | dsize_mode |
SignatureMask | mask |
SigIntId | num |
uint8_t | action |
uint8_t | file_flags |
DetectProto | proto |
uint16_t | class_id |
uint16_t | addr_dst_match4_cnt |
uint16_t | addr_src_match4_cnt |
uint16_t | addr_dst_match6_cnt |
uint16_t | addr_src_match6_cnt |
DetectMatchAddressIPv4 * | addr_dst_match4 |
DetectMatchAddressIPv4 * | addr_src_match4 |
DetectMatchAddressIPv6 * | addr_dst_match6 |
DetectMatchAddressIPv6 * | addr_src_match6 |
uint32_t | id |
uint32_t | gid |
uint32_t | rev |
int | prio |
DetectPort * | sp |
DetectPort * | dp |
DetectEngineAppInspectionEngine * | app_inspect |
DetectEnginePktInspectionEngine * | pkt_inspect |
DetectEngineFrameInspectionEngine * | frame_inspect |
SigMatchData * | sm_arrays [DETECT_SM_LIST_MAX] |
const struct DetectFilestoreData_ * | filestore_ctx |
char * | msg |
char * | class_msg |
DetectReference * | references |
DetectMetadataHead * | metadata |
char * | sig_str |
SignatureInitData * | init_data |
struct Signature_ * | next |
uint8_t Signature_::action |
DetectMatchAddressIPv4* Signature_::addr_dst_match4 |
DetectMatchAddressIPv6* Signature_::addr_dst_match6 |
DetectMatchAddressIPv4* Signature_::addr_src_match4 |
DetectMatchAddressIPv6* Signature_::addr_src_match6 |
AppProto Signature_::alproto |
Definition at line 598 of file detect.h.
Referenced by DetectEngineContentModifierBufferSetup(), DetectSignatureSetAppProto(), EngineAnalysisRules2(), SigGroupHeadBuildNonPrefilterArray(), and SignatureIsIPOnly().
DetectEngineAppInspectionEngine* Signature_::app_inspect |
Definition at line 640 of file detect.h.
Referenced by DetectEngineAppInspectionEngineSignatureFree().
char* Signature_::class_msg |
classification message
Definition at line 654 of file detect.h.
Referenced by AlertFastLogger(), and AlertJsonHeader().
DetectPort * Signature_::dp |
Definition at line 634 of file detect.h.
Referenced by IPOnlyMatchPacket().
uint16_t Signature_::dsize_high |
Definition at line 601 of file detect.h.
Referenced by SigParseSetDsizePair().
uint16_t Signature_::dsize_low |
Definition at line 600 of file detect.h.
Referenced by SigParseSetDsizePair().
uint8_t Signature_::dsize_mode |
Definition at line 602 of file detect.h.
Referenced by SigParseSetDsizePair().
uint8_t Signature_::file_flags |
Definition at line 609 of file detect.h.
Referenced by DetectFileHashMatch(), SignatureIsFilemagicInspecting(), SignatureIsFileMd5Inspecting(), SignatureIsFileSha1Inspecting(), SignatureIsFileSha256Inspecting(), and SignatureIsFilesizeInspecting().
const struct DetectFilestoreData_* Signature_::filestore_ctx |
uint32_t Signature_::flags |
Definition at line 594 of file detect.h.
Referenced by AlertJsonHeader(), DetectContentPMATCHValidateCallback(), DetectEngineInspectStreamPayload(), DetectFlowSetupImplicit(), DetectSetFastPatternAndItsId(), EngineAnalysisRules2(), IPOnlyMatchPacket(), IPOnlySigParseAddress(), SigGroupHeadBuildNonPrefilterArray(), SignatureHasPacketContent(), SignatureHasStreamContent(), SignatureIsFilestoring(), SignatureIsIPOnly(), SigParseApplyDsizeToContent(), SigParseGetMaxDsize(), SigParseMaxRequiredDsize(), and SigParseSetDsizePair().
DetectEngineFrameInspectionEngine* Signature_::frame_inspect |
Definition at line 642 of file detect.h.
Referenced by DetectEngineAppInspectionEngineSignatureFree(), and DetectRunFrameInspectRule().
uint32_t Signature_::gid |
generator id
Definition at line 629 of file detect.h.
Referenced by AlertFastLogger(), AlertJsonHeader(), and EngineAnalysisRules2().
uint32_t Signature_::id |
sid, set by the 'sid' rule keyword
Definition at line 628 of file detect.h.
Referenced by AlertFastLogger(), AlertJsonHeader(), DetectEnginePktInspectionRun(), DetectFileInspectGeneric(), DetectFlowbitsAnalyze(), DetectRunFrameInspectRule(), EngineAnalysisFP(), EngineAnalysisRules2(), IPOnlyAddSignature(), PacketAlertCheck(), RulesDumpMatchArray(), RulesDumpTxMatchArray(), SigGroupHeadContainsSigId(), SigParseApplyDsizeToContent(), SigPrepareStage1(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().
SignatureInitData* Signature_::init_data |
Definition at line 662 of file detect.h.
Referenced by DetectBufferGetActiveList(), DetectBufferGetFirstSigMatch(), DetectBufferGetLastSigMatch(), DetectBufferIsPresent(), DetectByteExtractRetrieveSMVar(), DetectByteMathRetrieveSMVar(), DetectContentSetup(), DetectEngineAppInspectionEngine2Signature(), DetectEngineContentModifierBufferSetup(), DetectEnginePktInspectionSetup(), DetectFlagsSignatureNeedsSynOnlyPackets(), DetectFlagsSignatureNeedsSynPackets(), DetectFlowbitsAnalyze(), DetectGetLastSM(), DetectGetLastSMByListId(), DetectGetLastSMFromLists(), DetectGetLastSMFromMpmLists(), DetectIPProtoRemoveAllSMs(), DetectSetFastPatternAndItsId(), DetectSignatureAddTransform(), EngineAnalysisFP(), MpmStorePrepareBuffer(), RetrieveFPForSig(), SigAlloc(), SigFree(), SigMatchListSMBelongsTo(), SigMatchRemoveSMFromList(), SignatureHasPacketContent(), SignatureHasStreamContent(), SignatureInitDataBufferCheckExpand(), SignatureIsIPOnly(), SigParseApplyDsizeToContent(), SigParseGetMaxDsize(), SigParseMaxRequiredDsize(), and SigParseSetDsizePair().
SignatureMask Signature_::mask |
Definition at line 604 of file detect.h.
Referenced by EngineAnalysisRules2(), and SigGroupHeadBuildNonPrefilterArray().
DetectMetadataHead* Signature_::metadata |
char* Signature_::msg |
Definition at line 651 of file detect.h.
Referenced by AlertFastLogger(), AlertJsonHeader(), EngineAnalysisRules2(), and IPOnlyAddSignature().
struct Signature_* Signature_::next |
ptr to the next sig in the list
Definition at line 665 of file detect.h.
Referenced by DetectSetFastPatternAndItsId(), LLVMFuzzerTestOneInput(), SigCleanSignatures(), SigFindSignatureBySidGid(), SigGroupBuild(), SigPrepareStage1(), and ThresholdHashAllocate().
SigIntId Signature_::num |
signature number, internal id
Definition at line 605 of file detect.h.
Referenced by DetectFlowbitsAnalyze(), IPOnlyAddSignature(), SigGroupBuild(), SigGroupHeadBuildNonPrefilterArray(), SigPrepareStage1(), and ThresholdHashAllocate().
DetectEnginePktInspectionEngine* Signature_::pkt_inspect |
Definition at line 641 of file detect.h.
Referenced by DetectEngineAppInspectionEngineSignatureFree(), DetectEnginePktInspectionRun(), and EngineAnalysisRules2().
int Signature_::prio |
Definition at line 631 of file detect.h.
Referenced by AlertFastLogger(), AlertJsonHeader(), and SigAlloc().
DetectProto Signature_::proto |
addresses, ports and proto this sig matches on
Definition at line 612 of file detect.h.
Referenced by IPOnlyMatchPacket(), SignatureHasPacketContent(), and SignatureHasStreamContent().
DetectReference* Signature_::references |
uint32_t Signature_::rev |
Definition at line 630 of file detect.h.
Referenced by AlertFastLogger(), AlertJsonHeader(), and EngineAnalysisRules2().
char* Signature_::sig_str |
Definition at line 660 of file detect.h.
Referenced by DetectSignatureAddTransform(), EngineAnalysisRules2(), and SigParseMaxRequiredDsize().
SigMatchData* Signature_::sm_arrays[DETECT_SM_LIST_MAX] |
Definition at line 646 of file detect.h.
Referenced by DetectEngineInspectPacketPayload(), DetectEnginePktInspectionSetup(), and ThresholdHashAllocate().
DetectPort* Signature_::sp |
port settings for this signature
Definition at line 634 of file detect.h.
Referenced by IPOnlyMatchPacket().
enum SignatureType Signature_::type |
Definition at line 594 of file detect.h.
Referenced by EngineAnalysisRules2(), IPOnlyAddSignature(), SignatureSetType(), and SigPrepareStage1().