Signature container. More...
#include <detect.h>
Data Fields | |
| uint32_t | flags |
| enum SignatureType | type |
| AppProto | alproto |
| uint16_t | dsize_low |
| uint16_t | dsize_high |
| uint8_t | dsize_mode |
| SignatureMask | mask |
| SigIntId | num |
| uint8_t | action |
| uint8_t | file_flags |
| DetectProto | proto |
| uint16_t | class_id |
| uint16_t | addr_dst_match4_cnt |
| uint16_t | addr_src_match4_cnt |
| uint16_t | addr_dst_match6_cnt |
| uint16_t | addr_src_match6_cnt |
| DetectMatchAddressIPv4 * | addr_dst_match4 |
| DetectMatchAddressIPv4 * | addr_src_match4 |
| DetectMatchAddressIPv6 * | addr_dst_match6 |
| DetectMatchAddressIPv6 * | addr_src_match6 |
| uint32_t | id |
| uint32_t | gid |
| uint32_t | rev |
| int | prio |
| DetectPort * | sp |
| DetectPort * | dp |
| DetectEngineAppInspectionEngine * | app_inspect |
| DetectEnginePktInspectionEngine * | pkt_inspect |
| DetectEngineFrameInspectionEngine * | frame_inspect |
| SigMatchData * | sm_arrays [DETECT_SM_LIST_MAX] |
| const struct DetectFilestoreData_ * | filestore_ctx |
| char * | msg |
| char * | class_msg |
| DetectReference * | references |
| DetectMetadataHead * | metadata |
| char * | sig_str |
| SignatureInitData * | init_data |
| struct Signature_ * | next |
Detailed Description
Field Documentation
◆ action
| uint8_t Signature_::action |
inline – action
Definition at line 618 of file detect.h.
Referenced by AlertQueueAppend(), and EngineAnalysisRules2().
◆ addr_dst_match4
| DetectMatchAddressIPv4* Signature_::addr_dst_match4 |
◆ addr_dst_match4_cnt
◆ addr_dst_match6
| DetectMatchAddressIPv6* Signature_::addr_dst_match6 |
◆ addr_dst_match6_cnt
◆ addr_src_match4
| DetectMatchAddressIPv4* Signature_::addr_src_match4 |
◆ addr_src_match4_cnt
◆ addr_src_match6
| DetectMatchAddressIPv6* Signature_::addr_src_match6 |
◆ addr_src_match6_cnt
◆ alproto
| AppProto Signature_::alproto |
Definition at line 608 of file detect.h.
Referenced by DetectEngineContentModifierBufferSetup(), DetectSignatureSetAppProto(), EngineAnalysisRules2(), SigGroupHeadBuildNonPrefilterArray(), and SignatureIsIPOnly().
◆ app_inspect
| DetectEngineAppInspectionEngine* Signature_::app_inspect |
Definition at line 650 of file detect.h.
Referenced by DetectEngineAppInspectionEngineSignatureFree().
◆ class_id
◆ class_msg
| char* Signature_::class_msg |
◆ dp
| DetectPort * Signature_::dp |
◆ dsize_high
| uint16_t Signature_::dsize_high |
Definition at line 611 of file detect.h.
Referenced by SigParseSetDsizePair().
◆ dsize_low
| uint16_t Signature_::dsize_low |
Definition at line 610 of file detect.h.
Referenced by SigParseSetDsizePair().
◆ dsize_mode
| uint8_t Signature_::dsize_mode |
Definition at line 612 of file detect.h.
Referenced by SigParseSetDsizePair().
◆ file_flags
| uint8_t Signature_::file_flags |
Definition at line 619 of file detect.h.
Referenced by DetectFileHashMatch(), SignatureIsFilemagicInspecting(), SignatureIsFileMd5Inspecting(), SignatureIsFileSha1Inspecting(), SignatureIsFileSha256Inspecting(), and SignatureIsFilesizeInspecting().
◆ filestore_ctx
| const struct DetectFilestoreData_* Signature_::filestore_ctx |
◆ flags
| uint32_t Signature_::flags |
Definition at line 604 of file detect.h.
Referenced by AlertJsonHeader(), DetectContentPMATCHValidateCallback(), DetectEngineInspectStreamPayload(), DetectFlowSetupImplicit(), DetectSetFastPatternAndItsId(), EngineAnalysisRules2(), IPOnlySigParseAddress(), SigGroupHeadBuildNonPrefilterArray(), SignatureHasPacketContent(), SignatureHasStreamContent(), SignatureIsFilestoring(), SignatureIsIPOnly(), SigParseApplyDsizeToContent(), SigParseGetMaxDsize(), SigParseMaxRequiredDsize(), and SigParseSetDsizePair().
◆ frame_inspect
| DetectEngineFrameInspectionEngine* Signature_::frame_inspect |
Definition at line 652 of file detect.h.
Referenced by DetectEngineAppInspectionEngineSignatureFree(), and DetectRunFrameInspectRule().
◆ gid
| uint32_t Signature_::gid |
generator id
Definition at line 639 of file detect.h.
Referenced by AlertJsonHeader(), DetectLuaPostSetup(), and EngineAnalysisRules2().
◆ id
| uint32_t Signature_::id |
sid, set by the 'sid' rule keyword
Definition at line 638 of file detect.h.
Referenced by AlertJsonHeader(), DetectEnginePktInspectionRun(), DetectFileInspectGeneric(), DetectFlowbitsAnalyze(), DetectLuaPostSetup(), DetectRunFrameInspectRule(), EngineAnalysisFP(), EngineAnalysisRules2(), IPOnlyAddSignature(), PacketAlertCheck(), RulesDumpMatchArray(), RulesDumpTxMatchArray(), SigGroupHeadContainsSigId(), SigParseApplyDsizeToContent(), SigPrepareStage1(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().
◆ init_data
| SignatureInitData* Signature_::init_data |
Definition at line 672 of file detect.h.
Referenced by DetectBufferGetActiveList(), DetectBufferGetFirstSigMatch(), DetectBufferGetLastSigMatch(), DetectBufferIsPresent(), DetectByteExtractRetrieveSMVar(), DetectByteMathRetrieveSMVar(), DetectContentPMATCHValidateCallback(), DetectContentSetup(), DetectEngineAppInspectionEngine2Signature(), DetectEngineContentModifierBufferSetup(), DetectEnginePktInspectionSetup(), DetectFlagsSignatureNeedsSynOnlyPackets(), DetectFlagsSignatureNeedsSynPackets(), DetectFlowbitsAnalyze(), DetectGetLastSM(), DetectGetLastSMByListId(), DetectGetLastSMFromLists(), DetectGetLastSMFromMpmLists(), DetectIPProtoRemoveAllSMs(), DetectLuaPostSetup(), DetectSetFastPatternAndItsId(), DetectSignatureAddTransform(), EngineAnalysisFP(), MpmStorePrepareBuffer(), RetrieveFPForSig(), SigAlloc(), SigFree(), SigMatchListSMBelongsTo(), SigMatchRemoveSMFromList(), SignatureHasPacketContent(), SignatureHasStreamContent(), SignatureInitDataBufferCheckExpand(), SignatureIsIPOnly(), SigParseApplyDsizeToContent(), SigParseGetMaxDsize(), SigParseMaxRequiredDsize(), and SigParseSetDsizePair().
◆ mask
| SignatureMask Signature_::mask |
Definition at line 614 of file detect.h.
Referenced by EngineAnalysisRules2(), and SigGroupHeadBuildNonPrefilterArray().
◆ metadata
| DetectMetadataHead* Signature_::metadata |
◆ msg
| char* Signature_::msg |
Definition at line 661 of file detect.h.
Referenced by AlertJsonHeader(), EngineAnalysisRules2(), and IPOnlyAddSignature().
◆ next
| struct Signature_* Signature_::next |
ptr to the next sig in the list
Definition at line 675 of file detect.h.
Referenced by DetectSetFastPatternAndItsId(), LLVMFuzzerTestOneInput(), SigCleanSignatures(), SigFindSignatureBySidGid(), SigGroupBuild(), and SigPrepareStage1().
◆ num
| SigIntId Signature_::num |
signature number, internal id
Definition at line 615 of file detect.h.
Referenced by DetectFlowbitsAnalyze(), IPOnlyAddSignature(), SigGroupBuild(), SigGroupHeadBuildNonPrefilterArray(), and SigPrepareStage1().
◆ pkt_inspect
| DetectEnginePktInspectionEngine* Signature_::pkt_inspect |
Definition at line 651 of file detect.h.
Referenced by DetectEngineAppInspectionEngineSignatureFree(), DetectEnginePktInspectionRun(), and EngineAnalysisRules2().
◆ prio
| int Signature_::prio |
Definition at line 641 of file detect.h.
Referenced by AlertJsonHeader(), and SigAlloc().
◆ proto
| DetectProto Signature_::proto |
addresses, ports and proto this sig matches on
Definition at line 622 of file detect.h.
Referenced by IPOnlyMatchPacket(), SignatureHasPacketContent(), and SignatureHasStreamContent().
◆ references
| DetectReference* Signature_::references |
◆ rev
| uint32_t Signature_::rev |
Definition at line 640 of file detect.h.
Referenced by AlertJsonHeader(), DetectLuaPostSetup(), and EngineAnalysisRules2().
◆ sig_str
| char* Signature_::sig_str |
Definition at line 670 of file detect.h.
Referenced by DetectSignatureAddTransform(), EngineAnalysisRules2(), and SigParseMaxRequiredDsize().
◆ sm_arrays
| SigMatchData* Signature_::sm_arrays[DETECT_SM_LIST_MAX] |
Definition at line 656 of file detect.h.
Referenced by DetectEngineInspectPacketPayload(), and DetectEnginePktInspectionSetup().
◆ sp
| DetectPort* Signature_::sp |
◆ type
| enum SignatureType Signature_::type |
Definition at line 604 of file detect.h.
Referenced by EngineAnalysisRules2(), IPOnlyAddSignature(), SignatureSetType(), and SigPrepareStage1().
The documentation for this struct was generated from the following file:
- src/detect.h
