suricata
|
Signature container. More...
#include <detect.h>
uint8_t Signature_::action |
inline – action
Definition at line 662 of file detect.h.
Referenced by AlertQueueAppend(), EngineAnalysisRules2(), and FirewallAnalyzer().
uint8_t Signature_::action_scope |
Definition at line 669 of file detect.h.
Referenced by EngineAnalysisRules2().
DetectMatchAddressIPv4* Signature_::addr_dst_match4 |
DetectMatchAddressIPv6* Signature_::addr_dst_match6 |
DetectMatchAddressIPv4* Signature_::addr_src_match4 |
DetectMatchAddressIPv6* Signature_::addr_src_match6 |
AppProto Signature_::alproto |
Definition at line 652 of file detect.h.
Referenced by DetectEngineContentModifierBufferSetup(), DetectSignatureSetMultiAppProto(), EngineAnalysisRules2(), and SignatureIsIPOnly().
DetectEngineAppInspectionEngine* Signature_::app_inspect |
Definition at line 704 of file detect.h.
Referenced by DetectEngineAppInspectionEngineSignatureFree().
uint8_t Signature_::app_progress_hook |
char* Signature_::class_msg |
DetectPort * Signature_::dp |
uint16_t Signature_::dsize_high |
Definition at line 655 of file detect.h.
Referenced by SigParseSetDsizePair().
uint16_t Signature_::dsize_low |
Definition at line 654 of file detect.h.
Referenced by SigParseSetDsizePair().
uint8_t Signature_::dsize_mode |
Definition at line 656 of file detect.h.
Referenced by SigParseSetDsizePair().
uint8_t Signature_::file_flags |
Definition at line 663 of file detect.h.
Referenced by DetectFileHashMatch(), SignatureIsFilemagicInspecting(), SignatureIsFileMd5Inspecting(), SignatureIsFileSha1Inspecting(), SignatureIsFileSha256Inspecting(), and SignatureIsFilesizeInspecting().
const struct DetectFilestoreData_* Signature_::filestore_ctx |
uint8_t Signature_::firewall_table |
uint32_t Signature_::flags |
Definition at line 648 of file detect.h.
Referenced by AlertJsonHeader(), DetectContentPMATCHValidateCallback(), DetectEngineInspectStreamPayload(), DetectFlowSetupImplicit(), EngineAnalysisRules2(), FirewallAnalyzer(), IPOnlySigParseAddress(), SignatureHasPacketContent(), SignatureHasStreamContent(), SignatureIsFilestoring(), SignatureIsIPOnly(), SigParseApplyDsizeToContent(), SigParseGetMaxDsize(), SigParseMaxRequiredDsize(), and SigParseSetDsizePair().
DetectEngineFrameInspectionEngine* Signature_::frame_inspect |
Definition at line 706 of file detect.h.
Referenced by DetectEngineAppInspectionEngineSignatureFree(), and DetectRunFrameInspectRule().
uint32_t Signature_::gid |
generator id
Definition at line 693 of file detect.h.
Referenced by AlertJsonHeader(), and EngineAnalysisRules2().
uint32_t Signature_::id |
sid, set by the 'sid' rule keyword
Definition at line 692 of file detect.h.
Referenced by AlertJsonHeader(), DetectEngineAppInspectionEngine2Signature(), DetectEnginePktInspectionRun(), DetectFileInspectGeneric(), DetectMd5ValidateCallback(), DetectRunFrameInspectRule(), EngineAnalysisFP(), EngineAnalysisRules2(), FirewallAnalyzer(), IPOnlyAddSignature(), PacketAlertCheck(), RulesDumpMatchArray(), RulesDumpTxMatchArray(), SigGroupHeadContainsSigId(), SignatureSetType(), SigParseApplyDsizeToContent(), SigPrepareStage1(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().
SigIntId Signature_::iid |
signature internal id
Definition at line 659 of file detect.h.
Referenced by IPOnlyAddSignature(), PostRuleMatchWorkQueueAppend(), SigGroupBuild(), and SigPrepareStage1().
SignatureInitData* Signature_::init_data |
Definition at line 726 of file detect.h.
Referenced by DetectBufferGetActiveList(), DetectBufferGetFirstSigMatch(), DetectBufferGetLastSigMatch(), DetectBufferIsPresent(), DetectByteExtractRetrieveSMVar(), DetectByteMathRetrieveSMVar(), DetectContentSetup(), DetectEngineAppInspectionEngine2Signature(), DetectEngineContentModifierBufferSetup(), DetectEnginePktInspectionSetup(), DetectFlagsSignatureNeedsSynOnlyPackets(), DetectFlagsSignatureNeedsSynPackets(), DetectGetLastSM(), DetectGetLastSMByListId(), DetectGetLastSMFromLists(), DetectGetLastSMFromMpmLists(), DetectIPProtoRemoveAllSMs(), DetectMd5ValidateCallback(), DetectSetFastPatternAndItsId(), DetectSignatureSetMultiAppProto(), DetectUrilenValidateContent(), EngineAnalysisFP(), EngineAnalysisRules2(), MpmStorePrepareBuffer(), RetrieveFPForSig(), SCDetectSignatureAddTransform(), SigAlloc(), SigFree(), SigMatchListSMBelongsTo(), SigMatchRemoveSMFromList(), SignatureHasPacketContent(), SignatureHasStreamContent(), SignatureInitDataBufferCheckExpand(), SignatureIsIPOnly(), SignatureSetType(), SigParseApplyDsizeToContent(), SigParseGetMaxDsize(), SigParseMaxRequiredDsize(), and SigParseSetDsizePair().
SignatureMask Signature_::mask |
Definition at line 658 of file detect.h.
Referenced by EngineAnalysisRules2().
DetectMetadataHead* Signature_::metadata |
char* Signature_::msg |
Definition at line 715 of file detect.h.
Referenced by AlertJsonHeader(), EngineAnalysisRules2(), and IPOnlyAddSignature().
struct Signature_* Signature_::next |
ptr to the next sig in the list
Definition at line 729 of file detect.h.
Referenced by DetectSetFastPatternAndItsId(), FirewallAnalyzer(), LLVMFuzzerTestOneInput(), SigCleanSignatures(), SigFindSignatureBySidGid(), SigGroupBuild(), and SigPrepareStage1().
DetectEnginePktInspectionEngine* Signature_::pkt_inspect |
Definition at line 705 of file detect.h.
Referenced by DetectEngineAppInspectionEngineSignatureFree(), DetectEnginePktInspectionRun(), and EngineAnalysisRules2().
int Signature_::prio |
Definition at line 695 of file detect.h.
Referenced by AlertJsonHeader(), and SigAlloc().
DetectProto Signature_::proto |
addresses, ports and proto this sig matches on
Definition at line 666 of file detect.h.
Referenced by IPOnlyMatchPacket(), SignatureHasPacketContent(), and SignatureHasStreamContent().
DetectReference* Signature_::references |
uint32_t Signature_::rev |
Definition at line 694 of file detect.h.
Referenced by AlertJsonHeader(), and EngineAnalysisRules2().
char* Signature_::sig_str |
Definition at line 724 of file detect.h.
Referenced by EngineAnalysisRules2(), FirewallAnalyzer(), SCDetectSignatureAddTransform(), and SigParseMaxRequiredDsize().
SigMatchData* Signature_::sm_arrays[DETECT_SM_LIST_MAX] |
Definition at line 710 of file detect.h.
Referenced by DetectEngineInspectPacketPayload(), and DetectEnginePktInspectionSetup().
DetectPort* Signature_::sp |
enum SignatureType Signature_::type |
Definition at line 648 of file detect.h.
Referenced by EngineAnalysisRules2(), FirewallAnalyzer(), IPOnlyAddSignature(), SignatureSetType(), and SigPrepareStage1().