Signature container. More...
#include <detect.h>
Detailed Description
Field Documentation
◆ action
| uint8_t Signature_::action |
inline – action
Definition at line 690 of file detect.h.
Referenced by AlertQueueAppend(), EngineAnalysisRules2(), and FirewallAnalyzer().
◆ action_scope
| uint8_t Signature_::action_scope |
Definition at line 697 of file detect.h.
Referenced by EngineAnalysisRules2().
◆ addr_dst_match4
| DetectMatchAddressIPv4* Signature_::addr_dst_match4 |
◆ addr_dst_match4_cnt
◆ addr_dst_match6
| DetectMatchAddressIPv6* Signature_::addr_dst_match6 |
◆ addr_dst_match6_cnt
◆ addr_src_match4
| DetectMatchAddressIPv4* Signature_::addr_src_match4 |
◆ addr_src_match4_cnt
◆ addr_src_match6
| DetectMatchAddressIPv6* Signature_::addr_src_match6 |
◆ addr_src_match6_cnt
◆ alproto
| AppProto Signature_::alproto |
Definition at line 680 of file detect.h.
Referenced by DetectEngineContentModifierBufferSetup(), DetectFirewallGetPolicySignature(), DetectSignatureSetMultiAppProto(), EngineAnalysisRules2(), and SignatureIsIPOnly().
◆ app_inspect
| DetectEngineAppInspectionEngine* Signature_::app_inspect |
Definition at line 732 of file detect.h.
Referenced by DetectEngineAppInspectionEngineSignatureFree().
◆ app_progress_hook
| uint8_t Signature_::app_progress_hook |
firewall: progress value for this signature
Definition at line 712 of file detect.h.
Referenced by DetectEngineAppInspectionEngine2Signature(), and DetectFirewallGetPolicySignature().
◆ class_id
◆ class_msg
| char* Signature_::class_msg |
◆ detect_table
| uint8_t Signature_::detect_table |
◆ dp
| DetectPort * Signature_::dp |
◆ dsize_high
| uint16_t Signature_::dsize_high |
Definition at line 683 of file detect.h.
Referenced by SigParseSetDsizePair().
◆ dsize_low
| uint16_t Signature_::dsize_low |
Definition at line 682 of file detect.h.
Referenced by SigParseSetDsizePair().
◆ dsize_mode
| uint8_t Signature_::dsize_mode |
Definition at line 684 of file detect.h.
Referenced by SigParseSetDsizePair().
◆ file_flags
| uint8_t Signature_::file_flags |
Definition at line 691 of file detect.h.
Referenced by DetectFileHashMatch(), SignatureIsFilemagicInspecting(), SignatureIsFileMd5Inspecting(), SignatureIsFileSha1Inspecting(), and SignatureIsFileSha256Inspecting().
◆ filestore_ctx
| const struct DetectFilestoreData_* Signature_::filestore_ctx |
◆ flags
| uint32_t Signature_::flags |
Definition at line 676 of file detect.h.
Referenced by AlertJsonHeader(), DetectContentPMATCHValidateCallback(), DetectEngineAppInspectionEngine2Signature(), DetectEngineInspectStreamPayload(), DetectFirewallGetPolicySignature(), DetectFlowSetupImplicit(), EngineAnalysisRules2(), FirewallAnalyzer(), IPOnlySigParseAddress(), SignatureHasPacketContent(), SignatureHasStreamContent(), SignatureIsFilestoring(), SignatureIsIPOnly(), SigParseApplyDsizeToContent(), SigParseGetMaxDsize(), SigParseMaxRequiredDsize(), and SigParseSetDsizePair().
◆ frame_inspect
| DetectEngineFrameInspectionEngine* Signature_::frame_inspect |
Definition at line 734 of file detect.h.
Referenced by DetectEngineAppInspectionEngineSignatureFree(), and DetectRunFrameInspectRule().
◆ gid
| uint32_t Signature_::gid |
generator id
Definition at line 721 of file detect.h.
Referenced by AlertJsonHeader(), and EngineAnalysisRules2().
◆ id
| uint32_t Signature_::id |
sid, set by the 'sid' rule keyword
Definition at line 720 of file detect.h.
Referenced by AlertJsonHeader(), DetectEngineAppInspectionEngine2Signature(), DetectEnginePktInspectionRun(), DetectFileInspectGeneric(), DetectMd5ValidateCallback(), DetectProtoFinalizeSignature(), DetectRunFrameInspectRule(), EngineAnalysisFP(), EngineAnalysisRules2(), FirewallAnalyzer(), IPOnlyAddSignature(), PacketAlertCheck(), RulesDumpMatchArray(), RulesDumpTxMatchArray(), SigGroupHeadContainsSigId(), SignatureSetType(), SigParseApplyDsizeToContent(), SigPrepareStage1(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().
◆ iid
| SigIntId Signature_::iid |
signature internal id
Definition at line 687 of file detect.h.
Referenced by IPOnlyAddSignature(), PostRuleMatchWorkQueueAppend(), SigGroupBuild(), and SigPrepareStage1().
◆ init_data
| SignatureInitData* Signature_::init_data |
Definition at line 754 of file detect.h.
Referenced by DetectBufferGetActiveList(), DetectBufferGetFirstSigMatch(), DetectBufferGetLastSigMatch(), DetectBufferIsPresent(), DetectByteExtractRetrieveSMVar(), DetectByteMathRetrieveSMVar(), DetectContentSetup(), DetectEngineAppInspectionEngine2Signature(), DetectEngineContentModifierBufferSetup(), DetectEnginePktInspectionSetup(), DetectFlagsSignatureNeedsSynOnlyPackets(), DetectFlagsSignatureNeedsSynPackets(), DetectGetLastSM(), DetectGetLastSMByListId(), DetectGetLastSMFromMpmLists(), DetectIPProtoRemoveAllSMs(), DetectLowerSetupCallback(), DetectMd5ValidateCallback(), DetectProtoFinalizeSignature(), DetectSetFastPatternAndItsId(), DetectSignatureSetMultiAppProto(), DetectUrilenValidateContent(), EngineAnalysisFP(), EngineAnalysisRules2(), MpmStorePrepareBuffer(), RetrieveFPForSig(), SCDetectGetLastSMFromLists(), SCDetectSignatureAddTransform(), SigAlloc(), SigFree(), SigMatchListSMBelongsTo(), SigMatchRemoveSMFromList(), SignatureHasPacketContent(), SignatureHasStreamContent(), SignatureInitDataBufferCheckExpand(), SignatureIsIPOnly(), SignatureSetType(), SigParseApplyDsizeToContent(), SigParseGetMaxDsize(), SigParseMaxRequiredDsize(), and SigParseSetDsizePair().
◆ mask
| SignatureMask Signature_::mask |
Definition at line 686 of file detect.h.
Referenced by EngineAnalysisRules2().
◆ metadata
| DetectMetadataHead* Signature_::metadata |
◆ msg
| char* Signature_::msg |
Definition at line 743 of file detect.h.
Referenced by AlertJsonHeader(), EngineAnalysisRules2(), and IPOnlyAddSignature().
◆ next
| struct Signature_* Signature_::next |
ptr to the next sig in the list
Definition at line 757 of file detect.h.
Referenced by DetectSetFastPatternAndItsId(), FirewallAnalyzer(), SigCleanSignatures(), SigFindSignatureBySidGid(), SigGroupBuild(), and SigPrepareStage1().
◆ pkt_inspect
| DetectEnginePktInspectionEngine* Signature_::pkt_inspect |
Definition at line 733 of file detect.h.
Referenced by DetectEngineAppInspectionEngineSignatureFree(), DetectEnginePktInspectionRun(), and EngineAnalysisRules2().
◆ prio
| int Signature_::prio |
Definition at line 723 of file detect.h.
Referenced by AlertJsonHeader(), and SigAlloc().
◆ proto
| DetectProto* Signature_::proto |
rule protocol: can be NULL if the check can be skipped
Definition at line 694 of file detect.h.
Referenced by DetectProtoFinalizeSignature(), and IPOnlyMatchPacket().
◆ references
| DetectReference* Signature_::references |
◆ rev
| uint32_t Signature_::rev |
Definition at line 722 of file detect.h.
Referenced by AlertJsonHeader(), and EngineAnalysisRules2().
◆ sig_str
| char* Signature_::sig_str |
Definition at line 752 of file detect.h.
Referenced by EngineAnalysisRules2(), FirewallAnalyzer(), SCDetectSignatureAddTransform(), and SigParseMaxRequiredDsize().
◆ sm_arrays
| SigMatchData* Signature_::sm_arrays[DETECT_SM_LIST_MAX] |
Definition at line 738 of file detect.h.
Referenced by DetectEngineInspectPacketPayload(), and DetectEnginePktInspectionSetup().
◆ sp
| DetectPort* Signature_::sp |
◆ type
| enum SignatureType Signature_::type |
Definition at line 676 of file detect.h.
Referenced by DetectProtoFinalizeSignature(), EngineAnalysisRules2(), FirewallAnalyzer(), IPOnlyAddSignature(), SignatureSetType(), and SigPrepareStage1().
The documentation for this struct was generated from the following file:
- src/detect.h
