|
suricata
|
|
suricata
|
Signature container. More...
#include <detect.h>
Data Fields | |
| uint32_t | flags |
| AppProto | alproto |
| uint16_t | dsize_low |
| uint16_t | dsize_high |
| SignatureMask | mask |
| SigIntId | num |
| uint8_t | action |
| uint8_t | file_flags |
| DetectProto | proto |
| uint8_t | class |
| uint16_t | addr_dst_match4_cnt |
| uint16_t | addr_src_match4_cnt |
| uint16_t | addr_dst_match6_cnt |
| uint16_t | addr_src_match6_cnt |
| DetectMatchAddressIPv4 * | addr_dst_match4 |
| DetectMatchAddressIPv4 * | addr_src_match4 |
| DetectMatchAddressIPv6 * | addr_dst_match6 |
| DetectMatchAddressIPv6 * | addr_src_match6 |
| uint32_t | id |
| uint32_t | gid |
| uint32_t | rev |
| int | prio |
| DetectPort * | sp |
| DetectPort * | dp |
| uint16_t | profiling_id |
| IPOnlyCIDRItem * | CidrSrc |
| IPOnlyCIDRItem * | CidrDst |
| DetectEngineAppInspectionEngine * | app_inspect |
| DetectEnginePktInspectionEngine * | pkt_inspect |
| SigMatchData * | sm_arrays [DETECT_SM_LIST_MAX] |
| const struct DetectFilestoreData_ * | filestore_ctx |
| char * | msg |
| char * | class_msg |
| DetectReference * | references |
| DetectMetadata * | metadata |
| char * | sig_str |
| SignatureInitData * | init_data |
| struct Signature_ * | next |
| uint8_t Signature_::action |
inline – action
Definition at line 530 of file detect.h.
Referenced by DetectBufferTypeGetByIdTransforms(), DetectSignatureApplyActions(), IPOnlyMatchPacket(), PacketAlertAppend(), PacketAlertFinalize(), and SigMatchListSMBelongsTo().
| DetectMatchAddressIPv4* Signature_::addr_dst_match4 |
Definition at line 544 of file detect.h.
Referenced by DetectSignatureSetAppProto(), SigFree(), and SigMatchSignaturesGetSgh().
| uint16_t Signature_::addr_dst_match4_cnt |
ipv4 match arrays
Definition at line 540 of file detect.h.
Referenced by DetectSignatureSetAppProto(), and SigMatchSignaturesGetSgh().
| DetectMatchAddressIPv6* Signature_::addr_dst_match6 |
ipv6 match arrays
Definition at line 547 of file detect.h.
Referenced by DetectSignatureSetAppProto(), SigFree(), and SigMatchSignaturesGetSgh().
| uint16_t Signature_::addr_dst_match6_cnt |
Definition at line 542 of file detect.h.
Referenced by DetectSignatureSetAppProto(), and SigMatchSignaturesGetSgh().
| DetectMatchAddressIPv4* Signature_::addr_src_match4 |
Definition at line 545 of file detect.h.
Referenced by DetectSignatureSetAppProto(), SigFree(), and SigMatchSignaturesGetSgh().
| uint16_t Signature_::addr_src_match4_cnt |
Definition at line 541 of file detect.h.
Referenced by DetectSignatureSetAppProto(), and SigMatchSignaturesGetSgh().
| DetectMatchAddressIPv6* Signature_::addr_src_match6 |
Definition at line 548 of file detect.h.
Referenced by DetectSignatureSetAppProto(), SigFree(), and SigMatchSignaturesGetSgh().
| uint16_t Signature_::addr_src_match6_cnt |
Definition at line 543 of file detect.h.
Referenced by DetectSignatureSetAppProto(), and SigMatchSignaturesGetSgh().
| AppProto Signature_::alproto |
Definition at line 521 of file detect.h.
Referenced by DetectAppLayerProtocolRegister(), DetectByteExtractDoMatch(), DetectBytejumpDoMatch(), DetectBytetestDoMatch(), DetectEngineAppInspectionEngine2Signature(), DetectEngineContentModifierBufferSetup(), DetectFilestoreRegister(), DetectHttpCookieRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUriSetup(), DetectIsdataatFree(), DetectLuaRegister(), DetectPcrePayloadMatch(), DetectSetupParseRegexes(), DetectSignatureSetAppProto(), EngineAnalysisRules(), EngineAnalysisRules2(), PacketCreateMask(), SigGroupHeadBuildNonPrefilterArray(), SigMatchList2DataArray(), SigMatchListSMBelongsTo(), SigMatchSignaturesGetSgh(), and SignatureIsIPOnly().
| DetectEngineAppInspectionEngine* Signature_::app_inspect |
Definition at line 565 of file detect.h.
Referenced by DetectAppLayerInspectEngineRegister2(), DetectEngineAppInspectionEngine2Signature(), DetectEngineAppInspectionEngineSignatureFree(), EngineAnalysisRules2(), and SigMatchSignaturesGetSgh().
| IPOnlyCIDRItem * Signature_::CidrDst |
Definition at line 563 of file detect.h.
Referenced by IPOnlyAddSignature(), IPOnlySigParseAddress(), and SigFree().
| IPOnlyCIDRItem* Signature_::CidrSrc |
netblocks and hosts specified at the sid, in CIDR format
Definition at line 563 of file detect.h.
Referenced by IPOnlyAddSignature(), IPOnlySigParseAddress(), and SigFree().
| uint8_t Signature_::class |
| char* Signature_::class_msg |
classification message
Definition at line 578 of file detect.h.
Referenced by AlertFastLogger(), AlertFastLogInitCtx(), and DetectClasstypeRegister().
| DetectPort * Signature_::dp |
Definition at line 556 of file detect.h.
Referenced by IPOnlyMatchPacket(), PacketCreateMask(), SigFree(), SigMatchList2DataArray(), SigMatchListSMBelongsTo(), and SigMatchSignaturesGetSgh().
| uint16_t Signature_::dsize_high |
Definition at line 524 of file detect.h.
Referenced by SigMatchSignaturesGetSgh(), and SigParseSetDsizePair().
| uint16_t Signature_::dsize_low |
Definition at line 523 of file detect.h.
Referenced by SigMatchSignaturesGetSgh(), and SigParseSetDsizePair().
| uint8_t Signature_::file_flags |
Definition at line 531 of file detect.h.
Referenced by DetectFileextRegister(), DetectFilemagicRegister(), DetectFilenameRegister(), DetectFilesizeRegister(), SigMatchList2DataArray(), SignatureIsFilemagicInspecting(), SignatureIsFileMd5Inspecting(), SignatureIsFileSha1Inspecting(), SignatureIsFileSha256Inspecting(), and SignatureIsFilesizeInspecting().
| const struct DetectFilestoreData_* Signature_::filestore_ctx |
Definition at line 573 of file detect.h.
Referenced by DetectFilestoreRegister().
| uint32_t Signature_::flags |
Definition at line 518 of file detect.h.
Referenced by DetectAckRegister(), DetectAppLayerEventRegister(), DetectAppLayerProtocolRegister(), DetectBufferTypeGetByIdTransforms(), DetectBypassRegister(), DetectByteExtractDoMatch(), DetectContentPMATCHValidateCallback(), DetectDsizeRegister(), DetectEngineAppInspectionEngine2Signature(), DetectEngineContentModifierBufferSetup(), DetectEngineInspectStream(), DetectEngineInspectStreamPayload(), DetectFilestoreRegister(), DetectFlagsRegister(), DetectFlowbitMatch(), DetectFlowbitsAnalyze(), DetectFlowSetupImplicit(), DetectFragBitsRegister(), DetectFragOffsetRegister(), DetectGeoipRegister(), DetectHostbitFree(), DetectHttpRawHeaderRegister(), DetectIcmpIdRegister(), DetectIdRegister(), DetectIPProtoRegister(), DetectIpv4hdrRegister(), DetectIpv6hdrRegister(), DetectNoalertRegister(), DetectPcrePayloadMatch(), DetectPrefilterRegister(), DetectReplaceRegister(), DetectRpcRegister(), DetectSameipRegister(), DetectSeqRegister(), DetectSetFastPatternAndItsId(), DetectSetupParseRegexes(), DetectSignatureSetAppProto(), DetectTargetRegister(), DetectTcphdrRegister(), DetectTcpmssRegister(), DetectTemplate2Register(), DetectTemplateRegister(), DetectThresholdRegister(), DetectTlsRegister(), DetectTosRegister(), DetectTtlRegister(), DetectUdphdrRegister(), DetectWindowRegister(), DetectXbitMatchHost(), DetectXbitsRegister(), EngineAnalysisRules(), EngineAnalysisRules2(), IPOnlyAddSignature(), IPOnlyMatchPacket(), IPOnlySigParseAddress(), MpmStoreFree(), MpmStorePrepareBuffer(), PacketAlertFinalize(), PacketCreateMask(), SCThresholdConfInitContext(), SigAddressPrepareStage1(), SigAddressPrepareStage2(), SigGroupHeadBuildNonPrefilterArray(), SigMatchList2DataArray(), SigMatchListSMBelongsTo(), SigMatchSignaturesGetSgh(), SignatureHasPacketContent(), SignatureHasStreamContent(), SignatureIsFilestoring(), SignatureIsIPOnly(), SignatureSetType(), SigParseApplyDsizeToContent(), SigParseGetMaxDsize(), and SigParseSetDsizePair().
| uint32_t Signature_::gid |
generator id
Definition at line 551 of file detect.h.
Referenced by AlertFastLogger(), DetectGidRegister(), DetectLuaRegister(), DetectTagRegister(), EngineAnalysisRules2(), PacketAlertTagInit(), PacketAlertThreshold(), SCProfilingRuleInitCounters(), SCThresholdConfInitContext(), SigInit(), SigMatchList2DataArray(), ThresholdIPPairTimeoutCheck(), and Unified2AlertInitCtx().
| uint32_t Signature_::id |
sid, set by the 'sid' rule keyword
Definition at line 550 of file detect.h.
Referenced by AlertFastLogger(), CreateGroupedPortList(), DetectAppLayerInspectEngineRegister2(), DetectEngineAppInspectionEngine2Signature(), DetectEngineInspectStream(), DetectEnginePktInspectionRun(), DetectEnginePktInspectionSetup(), DetectFileInspectGeneric(), DetectFilestoreRegister(), DetectFlowbitsAnalyze(), DetectHttpClientBodyRegister(), DetectHttpHHRegister(), DetectHttpRequestLineRegister(), DetectHttpUriSetup(), DetectLoadCompleteSigPath(), DetectLuaRegister(), DetectSetupParseRegexes(), DetectSidRegister(), DetectTagRegister(), DetectTlsFingerprintRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), DetectTlsSerialRegister(), DetectUrilenApplyToContent(), EngineAnalysisFP(), EngineAnalysisRules(), EngineAnalysisRules2(), IPOnlyMatchPacket(), MpmStoreFree(), PacketAlertAppend(), PacketAlertCheck(), PacketAlertTagInit(), PacketAlertThreshold(), PacketCreateMask(), SCProfilingRuleInitCounters(), SCSigSignatureOrderingModuleCleanup(), SCThresholdConfInitContext(), SigAddressCleanupStage1(), SigAddressPrepareStage1(), SigAddressPrepareStage2(), SigGroupHeadContainsSigId(), SigInit(), SigMatchList2DataArray(), SigMatchSignaturesGetSgh(), SignatureIsIPOnly(), SigParseApplyDsizeToContent(), ThresholdIPPairTimeoutCheck(), Unified2AlertInitCtx(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().
| SignatureInitData* Signature_::init_data |
Definition at line 586 of file detect.h.
Referenced by DetectAckRegister(), DetectAppLayerEventPrepare(), DetectAppLayerInspectEngineRegister2(), DetectBase64DataRegister(), DetectBase64DecodeDoMatch(), DetectBufferGetActiveList(), DetectBufferSetActiveList(), DetectByteExtractDoMatch(), DetectByteExtractRetrieveSMVar(), DetectBytejumpDoMatch(), DetectBytetestDoMatch(), DetectContentPMATCHValidateCallback(), DetectContentPropagateLimits(), DetectContentSetup(), DetectDnsQueryRegister(), DetectDsizeRegister(), DetectEngineAppendSig(), DetectEngineAppInspectionEngine2Signature(), DetectEngineContentModifierBufferSetup(), DetectEnginePktInspectionSetup(), DetectFastPatternRegister(), DetectFileextRegister(), DetectFilemagicRegister(), DetectFilenameRegister(), DetectFlagsSignatureNeedsSynOnlyPackets(), DetectFlagsSignatureNeedsSynPackets(), DetectFlowbitsAnalyze(), DetectFlowFree(), DetectFlowSetupImplicit(), DetectFlowvarMatch(), DetectFragBitsRegister(), DetectFragOffsetFree(), DetectGetLastSM(), DetectGetLastSMByListId(), DetectGetLastSMFromLists(), DetectGetLastSMFromMpmLists(), DetectHttpClientBodyRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectIcmpIdFree(), DetectIcmpSeqFree(), DetectICodeFree(), DetectIdFree(), DetectIPProtoRegister(), DetectIPProtoRemoveAllSMs(), DetectIsdataatSetup(), DetectITypeFree(), DetectLuaRegister(), DetectParseDupSigHashFree(), DetectPcrePayloadMatch(), DetectPktDataRegister(), DetectPrefilterRegister(), DetectRawbytesRegister(), DetectReplaceRegister(), DetectSeqRegister(), DetectSetFastPatternAndItsId(), DetectSetupParseRegexes(), DetectSignatureAddTransform(), DetectSignatureSetAppProto(), DetectTcpmssFree(), DetectTemplate2Free(), DetectTemplateBufferRegister(), DetectTemplateRustBufferRegister(), DetectTlsFingerprintRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), DetectTlsRegister(), DetectTlsSerialRegister(), DetectTosRegister(), DetectTtlFree(), DetectUricontentRegister(), DetectUrilenApplyToContent(), DetectUrilenValidateContent(), EngineAnalysisFP(), EngineAnalysisRules(), EngineAnalysisRules2(), MpmStoreFree(), MpmStorePrepareBuffer(), PacketCreateMask(), PerCentEncodingMatch(), RetrieveFPForSig(), SigAddressPrepareStage1(), SigAddressPrepareStage2(), SigAddressPrepareStage4(), SigAlloc(), SigFree(), SigInit(), SigMatchAppendSMToList(), SigMatchList2DataArray(), SigMatchListSMBelongsTo(), SigMatchRemoveSMFromList(), SignatureHasPacketContent(), SignatureHasStreamContent(), SignatureIsIPOnly(), SignatureSetType(), SigParseApplyDsizeToContent(), SigParseGetMaxDsize(), and SigParseSetDsizePair().
| SignatureMask Signature_::mask |
Definition at line 526 of file detect.h.
Referenced by EngineAnalysisRules2(), PacketCreateMask(), SigGroupHeadBuildNonPrefilterArray(), and SigMatchSignaturesGetSgh().
| DetectMetadata* Signature_::metadata |
Metadata
Definition at line 582 of file detect.h.
Referenced by DetectMetadataHashFree(), and SigAlloc().
| char* Signature_::msg |
Definition at line 575 of file detect.h.
Referenced by AlertFastLogger(), DetectMsgRegister(), EngineAnalysisRules2(), IPOnlyMatchPacket(), and SigFree().
| struct Signature_* Signature_::next |
ptr to the next sig in the list
Definition at line 589 of file detect.h.
Referenced by DetectAckRegister(), DetectAppLayerProtocolRegister(), DetectBytejumpDoMatch(), DetectBytetestDoMatch(), DetectClasstypeRegister(), DetectDceStubDataRegister(), DetectEngineAppendSig(), DetectFastPatternRegister(), DetectFlowbitsAnalyze(), DetectFragOffsetFree(), DetectHostbitFree(), DetectIcmpIdFree(), DetectIcmpSeqFree(), DetectICodeFree(), DetectIsdataatFree(), DetectITypeFree(), DetectL3ProtoRegister(), DetectParseDupSigHashFree(), DetectPcrePayloadMatch(), DetectPriorityRegister(), DetectProtoContainsProto(), DetectReplaceFreeInternal(), DetectRpcFree(), DetectSetFastPatternAndItsId(), DetectSetupParseRegexes(), DetectThresholdRegister(), DetectUricontentRegister(), DetectUrilenValidateContent(), MpmACRegister(), MpmACTileRegister(), PacketCreateMask(), SCACBSPrintInfo(), SCProfilingRuleInitCounters(), SCSigOrderSignatures(), SCSigSignatureOrderingModuleCleanup(), SCThresholdConfInitContext(), SCThresholdConfParseFile(), SigAddressPrepareStage1(), SigAddressPrepareStage2(), SigAddressPrepareStage4(), SigCleanSignatures(), SigFindSignatureBySidGid(), SigGroupBuild(), SigGroupHeadContainsSigId(), SigInit(), and SigParseApplyDsizeToContent().
| SigIntId Signature_::num |
signature number, internal id
Definition at line 527 of file detect.h.
Referenced by DetectEngineStateResetTxs(), DetectFlowbitsAnalyze(), DetectPortHashFree(), DetectSignatureApplyActions(), IPOnlyAddSignature(), MpmStorePrepareBuffer(), PacketAlertAppend(), PacketAlertTagInit(), PacketCreateMask(), PatternStrength(), SCThresholdConfParseFile(), SigAddressPrepareStage1(), SigGroupBuild(), SigGroupHeadAppendSig(), SigGroupHeadBuildNonPrefilterArray(), SigMatchList2DataArray(), and ThresholdIPPairTimeoutCheck().
| DetectEnginePktInspectionEngine* Signature_::pkt_inspect |
Definition at line 566 of file detect.h.
Referenced by DetectEngineAppInspectionEngine2Signature(), DetectEngineAppInspectionEngineSignatureFree(), DetectEnginePktInspectionRun(), and EngineAnalysisRules2().
| int Signature_::prio |
Definition at line 553 of file detect.h.
Referenced by AlertFastLogger(), DetectClasstypeRegister(), DetectPriorityRegister(), PacketAlertTagInit(), SigAlloc(), and SigMatchList2DataArray().
| uint16_t Signature_::profiling_id |
Definition at line 559 of file detect.h.
Referenced by SCProfilingRuleInitCounters().
| DetectProto Signature_::proto |
addresses, ports and proto this sig matches on
Definition at line 534 of file detect.h.
Referenced by DetectAppLayerEventRegister(), DetectIPProtoRegister(), DetectIPProtoRemoveAllSMs(), DetectIpv4hdrRegister(), DetectIpv6hdrRegister(), DetectL3ProtoRegister(), DetectProtoContainsProto(), DetectTcphdrRegister(), DetectUdphdrRegister(), EngineAnalysisRules(), IPOnlyMatchPacket(), PacketCreateMask(), SigAddressPrepareStage1(), SigMatchList2DataArray(), SigMatchListSMBelongsTo(), SigMatchSignaturesGetSgh(), SignatureHasPacketContent(), and SignatureHasStreamContent().
| DetectReference* Signature_::references |
Reference
Definition at line 580 of file detect.h.
Referenced by DetectReferenceFree(), and SigAlloc().
| uint32_t Signature_::rev |
Definition at line 552 of file detect.h.
Referenced by AlertFastLogger(), DetectLuaRegister(), DetectParseDupSigHashFree(), DetectRevRegister(), DetectSetupParseRegexes(), EngineAnalysisRules2(), PacketAlertTagInit(), SCProfilingRuleInitCounters(), and Unified2AlertInitCtx().
| char* Signature_::sig_str |
Definition at line 584 of file detect.h.
Referenced by DetectReplaceRegister(), EngineAnalysisRules2(), SigFree(), and SigMatchListSMBelongsTo().
| SigMatchData* Signature_::sm_arrays[DETECT_SM_LIST_MAX] |
Definition at line 570 of file detect.h.
Referenced by DetectBase64DataDoMatch(), DetectBufferTypeGetByIdTransforms(), DetectEngineInspectPacketPayload(), DetectEngineIPOnlyThreadDeinit(), DetectEnginePktInspectionSetup(), DetectFastPatternRegister(), EngineAnalysisRules2(), IPOnlyMatchPacket(), PacketAlertFinalize(), PacketAlertGetTag(), PacketCreateMask(), SCThresholdConfParseFile(), SigAddressPrepareStage4(), SigAlloc(), SigGetThresholdTypeIter(), SignatureHasPacketContent(), and SignatureHasStreamContent().
| DetectPort* Signature_::sp |
port settings for this signature
Definition at line 556 of file detect.h.
Referenced by DetectSetupParseRegexes(), IPOnlyMatchPacket(), PacketCreateMask(), SigFree(), SigMatchList2DataArray(), SigMatchListSMBelongsTo(), and SigMatchSignaturesGetSgh().
1.8.11 
