suricata
|
Signature container. More...
#include <detect.h>
Data Fields | |
uint32_t | flags |
enum SignatureType | type |
AppProto | alproto |
uint16_t | dsize_low |
uint16_t | dsize_high |
uint8_t | dsize_mode |
SignatureMask | mask |
SigIntId | num |
uint8_t | action |
uint8_t | file_flags |
DetectProto | proto |
uint16_t | class_id |
uint16_t | addr_dst_match4_cnt |
uint16_t | addr_src_match4_cnt |
uint16_t | addr_dst_match6_cnt |
uint16_t | addr_src_match6_cnt |
DetectMatchAddressIPv4 * | addr_dst_match4 |
DetectMatchAddressIPv4 * | addr_src_match4 |
DetectMatchAddressIPv6 * | addr_dst_match6 |
DetectMatchAddressIPv6 * | addr_src_match6 |
uint32_t | id |
uint32_t | gid |
uint32_t | rev |
int | prio |
DetectPort * | sp |
DetectPort * | dp |
DetectEngineAppInspectionEngine * | app_inspect |
DetectEnginePktInspectionEngine * | pkt_inspect |
DetectEngineFrameInspectionEngine * | frame_inspect |
SigMatchData * | sm_arrays [DETECT_SM_LIST_MAX] |
const struct DetectFilestoreData_ * | filestore_ctx |
char * | msg |
char * | class_msg |
DetectReference * | references |
DetectMetadataHead * | metadata |
char * | sig_str |
SignatureInitData * | init_data |
struct Signature_ * | next |
uint8_t Signature_::action |
DetectMatchAddressIPv4* Signature_::addr_dst_match4 |
DetectMatchAddressIPv6* Signature_::addr_dst_match6 |
DetectMatchAddressIPv4* Signature_::addr_src_match4 |
DetectMatchAddressIPv6* Signature_::addr_src_match6 |
AppProto Signature_::alproto |
Definition at line 601 of file detect.h.
Referenced by DetectEngineContentModifierBufferSetup(), DetectSignatureSetAppProto(), EngineAnalysisRules2(), SigGroupHeadBuildNonPrefilterArray(), and SignatureIsIPOnly().
DetectEngineAppInspectionEngine* Signature_::app_inspect |
Definition at line 643 of file detect.h.
Referenced by DetectEngineAppInspectionEngineSignatureFree().
char* Signature_::class_msg |
classification message
Definition at line 657 of file detect.h.
Referenced by AlertFastLogger(), and AlertJsonHeader().
DetectPort * Signature_::dp |
Definition at line 637 of file detect.h.
Referenced by IPOnlyMatchPacket().
uint16_t Signature_::dsize_high |
Definition at line 604 of file detect.h.
Referenced by SigParseSetDsizePair().
uint16_t Signature_::dsize_low |
Definition at line 603 of file detect.h.
Referenced by SigParseSetDsizePair().
uint8_t Signature_::dsize_mode |
Definition at line 605 of file detect.h.
Referenced by SigParseSetDsizePair().
uint8_t Signature_::file_flags |
Definition at line 612 of file detect.h.
Referenced by DetectFileHashMatch(), SignatureIsFilemagicInspecting(), SignatureIsFileMd5Inspecting(), SignatureIsFileSha1Inspecting(), SignatureIsFileSha256Inspecting(), and SignatureIsFilesizeInspecting().
const struct DetectFilestoreData_* Signature_::filestore_ctx |
uint32_t Signature_::flags |
Definition at line 597 of file detect.h.
Referenced by AlertJsonHeader(), DetectContentPMATCHValidateCallback(), DetectEngineInspectStreamPayload(), DetectFlowSetupImplicit(), DetectSetFastPatternAndItsId(), EngineAnalysisRules2(), IPOnlyMatchPacket(), IPOnlySigParseAddress(), SigGroupHeadBuildNonPrefilterArray(), SignatureHasPacketContent(), SignatureHasStreamContent(), SignatureIsFilestoring(), SignatureIsIPOnly(), SigParseApplyDsizeToContent(), SigParseGetMaxDsize(), SigParseMaxRequiredDsize(), and SigParseSetDsizePair().
DetectEngineFrameInspectionEngine* Signature_::frame_inspect |
Definition at line 645 of file detect.h.
Referenced by DetectEngineAppInspectionEngineSignatureFree(), and DetectRunFrameInspectRule().
uint32_t Signature_::gid |
generator id
Definition at line 632 of file detect.h.
Referenced by AlertFastLogger(), AlertJsonHeader(), and EngineAnalysisRules2().
uint32_t Signature_::id |
sid, set by the 'sid' rule keyword
Definition at line 631 of file detect.h.
Referenced by AlertFastLogger(), AlertJsonHeader(), DetectEnginePktInspectionRun(), DetectFileInspectGeneric(), DetectFlowbitsAnalyze(), DetectRunFrameInspectRule(), EngineAnalysisFP(), EngineAnalysisRules2(), IPOnlyAddSignature(), PacketAlertCheck(), RulesDumpMatchArray(), RulesDumpTxMatchArray(), SigGroupHeadContainsSigId(), SigParseApplyDsizeToContent(), SigPrepareStage1(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().
SignatureInitData* Signature_::init_data |
Definition at line 665 of file detect.h.
Referenced by DetectBufferGetActiveList(), DetectBufferGetFirstSigMatch(), DetectBufferGetLastSigMatch(), DetectBufferIsPresent(), DetectByteExtractRetrieveSMVar(), DetectByteMathRetrieveSMVar(), DetectContentSetup(), DetectEngineAppInspectionEngine2Signature(), DetectEngineContentModifierBufferSetup(), DetectEnginePktInspectionSetup(), DetectFlagsSignatureNeedsSynOnlyPackets(), DetectFlagsSignatureNeedsSynPackets(), DetectFlowbitsAnalyze(), DetectGetLastSM(), DetectGetLastSMByListId(), DetectGetLastSMFromLists(), DetectGetLastSMFromMpmLists(), DetectIPProtoRemoveAllSMs(), DetectSetFastPatternAndItsId(), DetectSignatureAddTransform(), EngineAnalysisFP(), MpmStorePrepareBuffer(), RetrieveFPForSig(), SigAlloc(), SigFree(), SigMatchListSMBelongsTo(), SigMatchRemoveSMFromList(), SignatureHasPacketContent(), SignatureHasStreamContent(), SignatureInitDataBufferCheckExpand(), SignatureIsIPOnly(), SigParseApplyDsizeToContent(), SigParseGetMaxDsize(), SigParseMaxRequiredDsize(), and SigParseSetDsizePair().
SignatureMask Signature_::mask |
Definition at line 607 of file detect.h.
Referenced by EngineAnalysisRules2(), and SigGroupHeadBuildNonPrefilterArray().
DetectMetadataHead* Signature_::metadata |
char* Signature_::msg |
Definition at line 654 of file detect.h.
Referenced by AlertFastLogger(), AlertJsonHeader(), EngineAnalysisRules2(), and IPOnlyAddSignature().
struct Signature_* Signature_::next |
ptr to the next sig in the list
Definition at line 668 of file detect.h.
Referenced by DetectSetFastPatternAndItsId(), LLVMFuzzerTestOneInput(), SigCleanSignatures(), SigFindSignatureBySidGid(), SigGroupBuild(), SigPrepareStage1(), and ThresholdHashAllocate().
SigIntId Signature_::num |
signature number, internal id
Definition at line 608 of file detect.h.
Referenced by DetectFlowbitsAnalyze(), IPOnlyAddSignature(), SigGroupBuild(), SigGroupHeadBuildNonPrefilterArray(), SigPrepareStage1(), and ThresholdHashAllocate().
DetectEnginePktInspectionEngine* Signature_::pkt_inspect |
Definition at line 644 of file detect.h.
Referenced by DetectEngineAppInspectionEngineSignatureFree(), DetectEnginePktInspectionRun(), and EngineAnalysisRules2().
int Signature_::prio |
Definition at line 634 of file detect.h.
Referenced by AlertFastLogger(), AlertJsonHeader(), and SigAlloc().
DetectProto Signature_::proto |
addresses, ports and proto this sig matches on
Definition at line 615 of file detect.h.
Referenced by IPOnlyMatchPacket(), SignatureHasPacketContent(), and SignatureHasStreamContent().
DetectReference* Signature_::references |
uint32_t Signature_::rev |
Definition at line 633 of file detect.h.
Referenced by AlertFastLogger(), AlertJsonHeader(), and EngineAnalysisRules2().
char* Signature_::sig_str |
Definition at line 663 of file detect.h.
Referenced by DetectSignatureAddTransform(), EngineAnalysisRules2(), and SigParseMaxRequiredDsize().
SigMatchData* Signature_::sm_arrays[DETECT_SM_LIST_MAX] |
Definition at line 649 of file detect.h.
Referenced by DetectEngineInspectPacketPayload(), DetectEnginePktInspectionSetup(), and ThresholdHashAllocate().
DetectPort* Signature_::sp |
port settings for this signature
Definition at line 637 of file detect.h.
Referenced by IPOnlyMatchPacket().
enum SignatureType Signature_::type |
Definition at line 597 of file detect.h.
Referenced by EngineAnalysisRules2(), IPOnlyAddSignature(), SignatureSetType(), and SigPrepareStage1().