suricata
Data Fields
Signature_ Struct Reference

Signature container. More...

#include <detect.h>

Collaboration diagram for Signature_:
Collaboration graph
[legend]

Data Fields

uint32_t flags
 
AppProto alproto
 
uint16_t dsize_low
 
uint16_t dsize_high
 
uint8_t dsize_mode
 
SignatureMask mask
 
SigIntId num
 
uint8_t action
 
uint8_t file_flags
 
DetectProto proto
 
uint16_t class_id
 
uint16_t addr_dst_match4_cnt
 
uint16_t addr_src_match4_cnt
 
uint16_t addr_dst_match6_cnt
 
uint16_t addr_src_match6_cnt
 
DetectMatchAddressIPv4addr_dst_match4
 
DetectMatchAddressIPv4addr_src_match4
 
DetectMatchAddressIPv6addr_dst_match6
 
DetectMatchAddressIPv6addr_src_match6
 
uint32_t id
 
uint32_t gid
 
uint32_t rev
 
int prio
 
DetectPortsp
 
DetectPortdp
 
uint16_t profiling_id
 
IPOnlyCIDRItemCidrSrc
 
IPOnlyCIDRItemCidrDst
 
DetectEngineAppInspectionEngineapp_inspect
 
DetectEnginePktInspectionEnginepkt_inspect
 
SigMatchDatasm_arrays [DETECT_SM_LIST_MAX]
 
const struct DetectFilestoreData_filestore_ctx
 
char * msg
 
char * class_msg
 
DetectReferencereferences
 
DetectMetadataHeadmetadata
 
char * sig_str
 
SignatureInitDatainit_data
 
struct Signature_next
 

Detailed Description

Signature container.

Definition at line 517 of file detect.h.

Field Documentation

◆ action

uint8_t Signature_::action

inline – action

Definition at line 531 of file detect.h.

Referenced by PacketAlertAppend().

◆ addr_dst_match4

DetectMatchAddressIPv4* Signature_::addr_dst_match4

Definition at line 545 of file detect.h.

◆ addr_dst_match4_cnt

uint16_t Signature_::addr_dst_match4_cnt

ipv4 match arrays

Definition at line 541 of file detect.h.

◆ addr_dst_match6

DetectMatchAddressIPv6* Signature_::addr_dst_match6

ipv6 match arrays

Definition at line 548 of file detect.h.

◆ addr_dst_match6_cnt

uint16_t Signature_::addr_dst_match6_cnt

Definition at line 543 of file detect.h.

◆ addr_src_match4

DetectMatchAddressIPv4* Signature_::addr_src_match4

Definition at line 546 of file detect.h.

◆ addr_src_match4_cnt

uint16_t Signature_::addr_src_match4_cnt

Definition at line 542 of file detect.h.

◆ addr_src_match6

DetectMatchAddressIPv6* Signature_::addr_src_match6

Definition at line 549 of file detect.h.

◆ addr_src_match6_cnt

uint16_t Signature_::addr_src_match6_cnt

Definition at line 544 of file detect.h.

◆ alproto

AppProto Signature_::alproto

Definition at line 521 of file detect.h.

Referenced by DetectEngineAppInspectionEngine2Signature(), DetectEngineContentModifierBufferSetup(), DetectSignatureSetAppProto(), SigGroupHeadBuildNonPrefilterArray(), and SignatureIsIPOnly().

◆ app_inspect

DetectEngineAppInspectionEngine* Signature_::app_inspect

Definition at line 566 of file detect.h.

Referenced by DetectEngineAppInspectionEngineSignatureFree().

◆ CidrDst

IPOnlyCIDRItem * Signature_::CidrDst

Definition at line 564 of file detect.h.

Referenced by SigFree().

◆ CidrSrc

IPOnlyCIDRItem* Signature_::CidrSrc

netblocks and hosts specified at the sid, in CIDR format

Definition at line 564 of file detect.h.

Referenced by SigFree().

◆ class_id

uint16_t Signature_::class_id

classification id

Definition at line 538 of file detect.h.

◆ class_msg

char* Signature_::class_msg

classification message

Definition at line 579 of file detect.h.

Referenced by AlertFastLogger().

◆ dp

DetectPort * Signature_::dp

Definition at line 557 of file detect.h.

Referenced by IPOnlyMatchPacket().

◆ dsize_high

uint16_t Signature_::dsize_high

Definition at line 524 of file detect.h.

Referenced by SigParseSetDsizePair().

◆ dsize_low

uint16_t Signature_::dsize_low

Definition at line 523 of file detect.h.

Referenced by SigParseSetDsizePair().

◆ dsize_mode

uint8_t Signature_::dsize_mode

Definition at line 525 of file detect.h.

Referenced by SigParseSetDsizePair().

◆ file_flags

uint8_t Signature_::file_flags

Definition at line 532 of file detect.h.

Referenced by DetectFileHashMatch(), SignatureIsFilemagicInspecting(), SignatureIsFileMd5Inspecting(), SignatureIsFileSha1Inspecting(), SignatureIsFileSha256Inspecting(), and SignatureIsFilesizeInspecting().

◆ filestore_ctx

const struct DetectFilestoreData_* Signature_::filestore_ctx

Definition at line 574 of file detect.h.

◆ flags

uint32_t Signature_::flags

Definition at line 518 of file detect.h.

Referenced by DetectContentPMATCHValidateCallback(), DetectEngineInspectStreamPayload(), DetectFlowSetupImplicit(), DetectSetFastPatternAndItsId(), IPOnlyAddSignature(), IPOnlyMatchPacket(), IPOnlySigParseAddress(), SigAddressPrepareStage1(), SigGroupHeadBuildNonPrefilterArray(), SignatureHasPacketContent(), SignatureHasStreamContent(), SignatureIsFilestoring(), SignatureIsIPOnly(), SigParseApplyDsizeToContent(), SigParseGetMaxDsize(), and SigParseSetDsizePair().

◆ gid

uint32_t Signature_::gid

generator id

Definition at line 552 of file detect.h.

Referenced by AlertFastLogger().

◆ id

uint32_t Signature_::id

sid, set by the 'sid' rule keyword

Definition at line 551 of file detect.h.

Referenced by AlertFastLogger(), DetectEnginePktInspectionRun(), DetectFlowbitsAnalyze(), PacketAlertAppend(), PacketAlertCheck(), PacketAlertFinalize(), RulesDumpMatchArray(), RulesDumpTxMatchArray(), SigAddressPrepareStage1(), SigGroupHeadContainsSigId(), SignatureIsIPOnly(), SigParseApplyDsizeToContent(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().

◆ init_data

SignatureInitData* Signature_::init_data

Definition at line 587 of file detect.h.

Referenced by DetectAppLayerEventPrepare(), DetectBufferGetActiveList(), DetectByteExtractRetrieveSMVar(), DetectByteMathRetrieveSMVar(), DetectContentPMATCHValidateCallback(), DetectContentPropagateLimits(), DetectContentSetup(), DetectEngineAppInspectionEngine2Signature(), DetectEngineContentModifierBufferSetup(), DetectEnginePktInspectionSetup(), DetectFlagsSignatureNeedsSynOnlyPackets(), DetectFlagsSignatureNeedsSynPackets(), DetectFlowbitsAnalyze(), DetectGetLastSM(), DetectGetLastSMByListId(), DetectGetLastSMFromLists(), DetectGetLastSMFromMpmLists(), DetectIPProtoRemoveAllSMs(), DetectSetFastPatternAndItsId(), DetectSignatureAddTransform(), EngineAnalysisFP(), RetrieveFPForSig(), SigAlloc(), SigFree(), SigMatchListSMBelongsTo(), SigMatchRemoveSMFromList(), SignatureHasPacketContent(), SignatureHasStreamContent(), SignatureIsIPOnly(), SigParseApplyDsizeToContent(), SigParseGetMaxDsize(), and SigParseSetDsizePair().

◆ mask

SignatureMask Signature_::mask

Definition at line 527 of file detect.h.

Referenced by SigGroupHeadBuildNonPrefilterArray().

◆ metadata

DetectMetadataHead* Signature_::metadata

Metadata

Definition at line 583 of file detect.h.

◆ msg

char* Signature_::msg

Definition at line 576 of file detect.h.

Referenced by AlertFastLogger().

◆ next

struct Signature_* Signature_::next

ptr to the next sig in the list

Definition at line 590 of file detect.h.

Referenced by DetectSetFastPatternAndItsId(), SigAddressPrepareStage1(), SigCleanSignatures(), SigFindSignatureBySidGid(), SigGroupBuild(), and ThresholdHashAllocate().

◆ num

SigIntId Signature_::num

signature number, internal id

Definition at line 528 of file detect.h.

Referenced by DetectFlowbitsAnalyze(), PacketAlertAppend(), SigAddressPrepareStage1(), SigGroupBuild(), SigGroupHeadBuildNonPrefilterArray(), and ThresholdHashAllocate().

◆ pkt_inspect

DetectEnginePktInspectionEngine* Signature_::pkt_inspect

Definition at line 567 of file detect.h.

Referenced by DetectEngineAppInspectionEngine2Signature(), DetectEngineAppInspectionEngineSignatureFree(), and DetectEnginePktInspectionRun().

◆ prio

int Signature_::prio

Definition at line 554 of file detect.h.

Referenced by AlertFastLogger(), and SigAlloc().

◆ profiling_id

uint16_t Signature_::profiling_id

Definition at line 560 of file detect.h.

◆ proto

DetectProto Signature_::proto

addresses, ports and proto this sig matches on

Definition at line 535 of file detect.h.

Referenced by IPOnlyMatchPacket(), SignatureHasPacketContent(), and SignatureHasStreamContent().

◆ references

DetectReference* Signature_::references

Reference

Definition at line 581 of file detect.h.

◆ rev

uint32_t Signature_::rev

Definition at line 553 of file detect.h.

Referenced by AlertFastLogger().

◆ sig_str

char* Signature_::sig_str

Definition at line 585 of file detect.h.

Referenced by DetectSignatureAddTransform().

◆ sm_arrays

SigMatchData* Signature_::sm_arrays[DETECT_SM_LIST_MAX]

Definition at line 571 of file detect.h.

Referenced by DetectBase64DataDoMatch(), DetectEngineInspectPacketPayload(), DetectEnginePktInspectionSetup(), SignatureHasPacketContent(), SignatureHasStreamContent(), and ThresholdHashAllocate().

◆ sp

DetectPort* Signature_::sp

port settings for this signature

Definition at line 557 of file detect.h.

Referenced by IPOnlyMatchPacket().

The documentation for this struct was generated from the following file: