suricata
Signature_ Struct Reference

Signature container. More...

#include <detect.h>

Collaboration diagram for Signature_:

Data Fields

uint32_t flags
 
enum SignatureType type
 
AppProto alproto
 
uint16_t dsize_low
 
uint16_t dsize_high
 
uint8_t dsize_mode
 
SignatureMask mask
 
SigIntId num
 
uint8_t action
 
uint8_t file_flags
 
DetectProto proto
 
uint8_t action_scope
 
uint16_t addr_dst_match4_cnt
 
uint16_t addr_src_match4_cnt
 
uint16_t addr_dst_match6_cnt
 
uint16_t addr_src_match6_cnt
 
uint16_t class_id
 
uint8_t firewall_table
 
uint8_t app_progress_hook
 
DetectMatchAddressIPv4addr_dst_match4
 
DetectMatchAddressIPv4addr_src_match4
 
DetectMatchAddressIPv6addr_dst_match6
 
DetectMatchAddressIPv6addr_src_match6
 
uint32_t id
 
uint32_t gid
 
uint32_t rev
 
int prio
 
DetectPortsp
 
DetectPortdp
 
DetectEngineAppInspectionEngineapp_inspect
 
DetectEnginePktInspectionEnginepkt_inspect
 
DetectEngineFrameInspectionEngineframe_inspect
 
SigMatchDatasm_arrays [DETECT_SM_LIST_MAX]
 
const struct DetectFilestoreData_filestore_ctx
 
char * msg
 
char * class_msg
 
DetectReferencereferences
 
DetectMetadataHeadmetadata
 
char * sig_str
 
SignatureInitDatainit_data
 
struct Signature_next
 

Detailed Description

Signature container.

Definition at line 669 of file detect.h.

Field Documentation

◆ action

uint8_t Signature_::action

inline – action

Definition at line 684 of file detect.h.

Referenced by AlertQueueAppend(), EngineAnalysisRules2(), and FirewallAnalyzer().

◆ action_scope

uint8_t Signature_::action_scope

Definition at line 691 of file detect.h.

Referenced by EngineAnalysisRules2().

◆ addr_dst_match4

DetectMatchAddressIPv4* Signature_::addr_dst_match4

Definition at line 708 of file detect.h.

◆ addr_dst_match4_cnt

uint16_t Signature_::addr_dst_match4_cnt

ipv4 match arrays

Definition at line 694 of file detect.h.

◆ addr_dst_match6

DetectMatchAddressIPv6* Signature_::addr_dst_match6

ipv6 match arrays

Definition at line 711 of file detect.h.

◆ addr_dst_match6_cnt

uint16_t Signature_::addr_dst_match6_cnt

Definition at line 696 of file detect.h.

◆ addr_src_match4

DetectMatchAddressIPv4* Signature_::addr_src_match4

Definition at line 709 of file detect.h.

◆ addr_src_match4_cnt

uint16_t Signature_::addr_src_match4_cnt

Definition at line 695 of file detect.h.

◆ addr_src_match6

DetectMatchAddressIPv6* Signature_::addr_src_match6

Definition at line 712 of file detect.h.

◆ addr_src_match6_cnt

uint16_t Signature_::addr_src_match6_cnt

Definition at line 697 of file detect.h.

◆ alproto

◆ app_inspect

DetectEngineAppInspectionEngine* Signature_::app_inspect

Definition at line 726 of file detect.h.

Referenced by DetectEngineAppInspectionEngineSignatureFree().

◆ app_progress_hook

uint8_t Signature_::app_progress_hook

firewall: progress value for this signature

Definition at line 706 of file detect.h.

◆ class_id

uint16_t Signature_::class_id

classification id

Definition at line 700 of file detect.h.

◆ class_msg

char* Signature_::class_msg

classification message

Definition at line 740 of file detect.h.

Referenced by AlertJsonHeader().

◆ dp

DetectPort * Signature_::dp

Definition at line 720 of file detect.h.

◆ dsize_high

uint16_t Signature_::dsize_high

Definition at line 677 of file detect.h.

Referenced by SigParseSetDsizePair().

◆ dsize_low

uint16_t Signature_::dsize_low

Definition at line 676 of file detect.h.

Referenced by SigParseSetDsizePair().

◆ dsize_mode

uint8_t Signature_::dsize_mode

Definition at line 678 of file detect.h.

Referenced by SigParseSetDsizePair().

◆ file_flags

◆ filestore_ctx

const struct DetectFilestoreData_* Signature_::filestore_ctx

Definition at line 735 of file detect.h.

◆ firewall_table

uint8_t Signature_::firewall_table

firewall: pseudo table this rule is part of (enum FirewallTable)

Definition at line 703 of file detect.h.

◆ flags

◆ frame_inspect

DetectEngineFrameInspectionEngine* Signature_::frame_inspect

◆ gid

uint32_t Signature_::gid

generator id

Definition at line 715 of file detect.h.

Referenced by AlertJsonHeader(), and EngineAnalysisRules2().

◆ id

◆ init_data

◆ mask

SignatureMask Signature_::mask

Definition at line 680 of file detect.h.

Referenced by EngineAnalysisRules2().

◆ metadata

DetectMetadataHead* Signature_::metadata

Metadata

Definition at line 744 of file detect.h.

◆ msg

char* Signature_::msg

Definition at line 737 of file detect.h.

Referenced by AlertJsonHeader(), EngineAnalysisRules2(), and IPOnlyAddSignature().

◆ next

struct Signature_* Signature_::next

◆ num

SigIntId Signature_::num

signature number, internal id

Definition at line 681 of file detect.h.

Referenced by IPOnlyAddSignature(), PostRuleMatchWorkQueueAppend(), SigGroupBuild(), and SigPrepareStage1().

◆ pkt_inspect

◆ prio

int Signature_::prio

Definition at line 717 of file detect.h.

Referenced by AlertJsonHeader(), and SigAlloc().

◆ proto

DetectProto Signature_::proto

addresses, ports and proto this sig matches on

Definition at line 688 of file detect.h.

Referenced by IPOnlyMatchPacket(), SignatureHasPacketContent(), and SignatureHasStreamContent().

◆ references

DetectReference* Signature_::references

Reference

Definition at line 742 of file detect.h.

◆ rev

uint32_t Signature_::rev

Definition at line 716 of file detect.h.

Referenced by AlertJsonHeader(), and EngineAnalysisRules2().

◆ sig_str

char* Signature_::sig_str

◆ sm_arrays

SigMatchData* Signature_::sm_arrays[DETECT_SM_LIST_MAX]

Definition at line 732 of file detect.h.

Referenced by DetectEngineInspectPacketPayload(), and DetectEnginePktInspectionSetup().

◆ sp

DetectPort* Signature_::sp

port settings for this signature

Definition at line 720 of file detect.h.

◆ type

enum SignatureType Signature_::type

The documentation for this struct was generated from the following file: