Signature container. More...
#include <detect.h>
Data Fields | |
| uint32_t | flags |
| AppProto | alproto |
| uint16_t | dsize_low |
| uint16_t | dsize_high |
| SignatureMask | mask |
| SigIntId | num |
| uint8_t | action |
| uint8_t | file_flags |
| DetectProto | proto |
| uint16_t | class_id |
| uint16_t | addr_dst_match4_cnt |
| uint16_t | addr_src_match4_cnt |
| uint16_t | addr_dst_match6_cnt |
| uint16_t | addr_src_match6_cnt |
| DetectMatchAddressIPv4 * | addr_dst_match4 |
| DetectMatchAddressIPv4 * | addr_src_match4 |
| DetectMatchAddressIPv6 * | addr_dst_match6 |
| DetectMatchAddressIPv6 * | addr_src_match6 |
| uint32_t | id |
| uint32_t | gid |
| uint32_t | rev |
| int | prio |
| DetectPort * | sp |
| DetectPort * | dp |
| uint16_t | profiling_id |
| IPOnlyCIDRItem * | CidrSrc |
| IPOnlyCIDRItem * | CidrDst |
| DetectEngineAppInspectionEngine * | app_inspect |
| DetectEnginePktInspectionEngine * | pkt_inspect |
| SigMatchData * | sm_arrays [DETECT_SM_LIST_MAX] |
| const struct DetectFilestoreData_ * | filestore_ctx |
| char * | msg |
| char * | class_msg |
| DetectReference * | references |
| DetectMetadataHead * | metadata |
| char * | sig_str |
| SignatureInitData * | init_data |
| struct Signature_ * | next |
Detailed Description
Field Documentation
◆ action
| uint8_t Signature_::action |
inline – action
Definition at line 541 of file detect.h.
Referenced by DetectSignatureApplyActions(), and PacketAlertAppend().
◆ addr_dst_match4
| DetectMatchAddressIPv4* Signature_::addr_dst_match4 |
◆ addr_dst_match4_cnt
◆ addr_dst_match6
| DetectMatchAddressIPv6* Signature_::addr_dst_match6 |
◆ addr_dst_match6_cnt
◆ addr_src_match4
| DetectMatchAddressIPv4* Signature_::addr_src_match4 |
◆ addr_src_match4_cnt
◆ addr_src_match6
| DetectMatchAddressIPv6* Signature_::addr_src_match6 |
◆ addr_src_match6_cnt
◆ alproto
| AppProto Signature_::alproto |
Definition at line 532 of file detect.h.
Referenced by DetectEngineAppInspectionEngine2Signature(), DetectEngineContentModifierBufferSetup(), DetectSignatureSetAppProto(), EngineAnalysisRules2(), SigGroupHeadBuildNonPrefilterArray(), and SignatureIsIPOnly().
◆ app_inspect
| DetectEngineAppInspectionEngine* Signature_::app_inspect |
Definition at line 576 of file detect.h.
Referenced by DetectEngineAppInspectionEngine2Signature(), and DetectEngineAppInspectionEngineSignatureFree().
◆ CidrDst
| IPOnlyCIDRItem * Signature_::CidrDst |
◆ CidrSrc
| IPOnlyCIDRItem* Signature_::CidrSrc |
◆ class_id
◆ class_msg
| char* Signature_::class_msg |
classification message
Definition at line 589 of file detect.h.
Referenced by AlertFastLogger(), and AlertJsonHeader().
◆ dp
| DetectPort * Signature_::dp |
Definition at line 567 of file detect.h.
Referenced by IPOnlyMatchPacket().
◆ dsize_high
| uint16_t Signature_::dsize_high |
Definition at line 535 of file detect.h.
Referenced by SigParseSetDsizePair().
◆ dsize_low
| uint16_t Signature_::dsize_low |
Definition at line 534 of file detect.h.
Referenced by SigParseSetDsizePair().
◆ file_flags
| uint8_t Signature_::file_flags |
Definition at line 542 of file detect.h.
Referenced by SignatureIsFilemagicInspecting(), SignatureIsFileMd5Inspecting(), SignatureIsFileSha1Inspecting(), SignatureIsFileSha256Inspecting(), and SignatureIsFilesizeInspecting().
◆ filestore_ctx
| const struct DetectFilestoreData_* Signature_::filestore_ctx |
◆ flags
| uint32_t Signature_::flags |
Definition at line 529 of file detect.h.
Referenced by AlertJsonHeader(), DetectContentPMATCHValidateCallback(), DetectEngineAppInspectionEngine2Signature(), DetectEngineContentModifierBufferSetup(), DetectEngineInspectStreamPayload(), DetectFlowSetupImplicit(), DetectSetFastPatternAndItsId(), DetectSignatureSetAppProto(), EngineAnalysisRules2(), IPOnlyAddSignature(), IPOnlyMatchPacket(), IPOnlySigParseAddress(), SigAddressPrepareStage1(), SigGroupHeadBuildNonPrefilterArray(), SignatureHasPacketContent(), SignatureHasStreamContent(), SignatureIsFilestoring(), SignatureIsIPOnly(), SigParseApplyDsizeToContent(), SigParseGetMaxDsize(), and SigParseSetDsizePair().
◆ gid
| uint32_t Signature_::gid |
generator id
Definition at line 562 of file detect.h.
Referenced by AlertFastLogger(), AlertJsonHeader(), and EngineAnalysisRules2().
◆ id
| uint32_t Signature_::id |
sid, set by the 'sid' rule keyword
Definition at line 561 of file detect.h.
Referenced by AlertFastLogger(), AlertJsonHeader(), DetectEngineAppInspectionEngine2Signature(), DetectEnginePktInspectionRun(), DetectFlowbitsAnalyze(), EngineAnalysisRules2(), PacketAlertAppend(), PacketAlertCheck(), RulesDumpMatchArray(), SigAddressPrepareStage1(), SigGroupHeadContainsSigId(), SignatureIsIPOnly(), SigParseApplyDsizeToContent(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().
◆ init_data
| SignatureInitData* Signature_::init_data |
Definition at line 597 of file detect.h.
Referenced by DetectAppLayerEventPrepare(), DetectBufferGetActiveList(), DetectByteExtractRetrieveSMVar(), DetectByteMathRetrieveSMVar(), DetectContentPMATCHValidateCallback(), DetectContentPropagateLimits(), DetectContentSetup(), DetectEngineAppInspectionEngine2Signature(), DetectEngineContentModifierBufferSetup(), DetectEnginePktInspectionSetup(), DetectFlagsSignatureNeedsSynOnlyPackets(), DetectFlagsSignatureNeedsSynPackets(), DetectFlowbitsAnalyze(), DetectGetLastSM(), DetectGetLastSMByListId(), DetectGetLastSMFromLists(), DetectGetLastSMFromMpmLists(), DetectIPProtoRemoveAllSMs(), DetectSetFastPatternAndItsId(), DetectSignatureAddTransform(), EngineAnalysisFP(), RetrieveFPForSig(), SigAlloc(), SigFree(), SigMatchListSMBelongsTo(), SigMatchRemoveSMFromList(), SignatureHasPacketContent(), SignatureHasStreamContent(), SignatureIsIPOnly(), SigParseApplyDsizeToContent(), SigParseGetMaxDsize(), and SigParseSetDsizePair().
◆ mask
| SignatureMask Signature_::mask |
Definition at line 537 of file detect.h.
Referenced by EngineAnalysisRules2(), and SigGroupHeadBuildNonPrefilterArray().
◆ metadata
| DetectMetadataHead* Signature_::metadata |
◆ msg
| char* Signature_::msg |
Definition at line 586 of file detect.h.
Referenced by AlertFastLogger(), AlertJsonHeader(), and EngineAnalysisRules2().
◆ next
| struct Signature_* Signature_::next |
ptr to the next sig in the list
Definition at line 600 of file detect.h.
Referenced by DetectSetFastPatternAndItsId(), SigAddressPrepareStage1(), SigCleanSignatures(), SigFindSignatureBySidGid(), and SigGroupBuild().
◆ num
| SigIntId Signature_::num |
signature number, internal id
Definition at line 538 of file detect.h.
Referenced by DetectFlowbitsAnalyze(), DetectSignatureApplyActions(), PacketAlertAppend(), SigAddressPrepareStage1(), SigGroupBuild(), and SigGroupHeadBuildNonPrefilterArray().
◆ pkt_inspect
| DetectEnginePktInspectionEngine* Signature_::pkt_inspect |
Definition at line 577 of file detect.h.
Referenced by DetectEngineAppInspectionEngine2Signature(), DetectEngineAppInspectionEngineSignatureFree(), DetectEnginePktInspectionRun(), and EngineAnalysisRules2().
◆ prio
| int Signature_::prio |
Definition at line 564 of file detect.h.
Referenced by AlertFastLogger(), AlertJsonHeader(), and SigAlloc().
◆ profiling_id
◆ proto
| DetectProto Signature_::proto |
addresses, ports and proto this sig matches on
Definition at line 545 of file detect.h.
Referenced by IPOnlyMatchPacket(), SignatureHasPacketContent(), and SignatureHasStreamContent().
◆ references
| DetectReference* Signature_::references |
◆ rev
| uint32_t Signature_::rev |
Definition at line 563 of file detect.h.
Referenced by AlertFastLogger(), AlertJsonHeader(), and EngineAnalysisRules2().
◆ sig_str
| char* Signature_::sig_str |
Definition at line 595 of file detect.h.
Referenced by DetectSignatureAddTransform(), and EngineAnalysisRules2().
◆ sm_arrays
| SigMatchData* Signature_::sm_arrays[DETECT_SM_LIST_MAX] |
Definition at line 581 of file detect.h.
Referenced by DetectBase64DataDoMatch(), DetectEngineInspectPacketPayload(), DetectEnginePktInspectionSetup(), SignatureHasPacketContent(), and SignatureHasStreamContent().
◆ sp
| DetectPort* Signature_::sp |
port settings for this signature
Definition at line 567 of file detect.h.
Referenced by IPOnlyMatchPacket().
The documentation for this struct was generated from the following file:
- src/detect.h
