suricata
Data Fields
Signature_ Struct Reference

Signature container. More...

#include <detect.h>

Collaboration diagram for Signature_:
Collaboration graph
[legend]

Data Fields

uint32_t flags
 
enum SignatureType type
 
AppProto alproto
 
uint16_t dsize_low
 
uint16_t dsize_high
 
uint8_t dsize_mode
 
SignatureMask mask
 
SigIntId iid
 
uint8_t action
 
uint8_t file_flags
 
DetectProtoproto
 
uint8_t action_scope
 
uint16_t addr_dst_match4_cnt
 
uint16_t addr_src_match4_cnt
 
uint16_t addr_dst_match6_cnt
 
uint16_t addr_src_match6_cnt
 
uint16_t class_id
 
uint8_t detect_table
 
uint8_t app_progress_hook
 
DetectMatchAddressIPv4addr_dst_match4
 
DetectMatchAddressIPv4addr_src_match4
 
DetectMatchAddressIPv6addr_dst_match6
 
DetectMatchAddressIPv6addr_src_match6
 
uint32_t id
 
uint32_t gid
 
uint32_t rev
 
int prio
 
DetectPortsp
 
DetectPortdp
 
DetectEngineAppInspectionEngineapp_inspect
 
DetectEnginePktInspectionEnginepkt_inspect
 
DetectEngineFrameInspectionEngineframe_inspect
 
SigMatchDatasm_arrays [DETECT_SM_LIST_MAX]
 
const struct DetectFilestoreData_filestore_ctx
 
char * msg
 
char * class_msg
 
DetectReferencereferences
 
DetectMetadataHeadmetadata
 
char * sig_str
 
SignatureInitDatainit_data
 
struct Signature_next
 

Detailed Description

Signature container.

Definition at line 672 of file detect.h.

Field Documentation

◆ action

uint8_t Signature_::action

inline – action

Definition at line 687 of file detect.h.

Referenced by AlertQueueAppend(), EngineAnalysisRules2(), and FirewallAnalyzer().

◆ action_scope

uint8_t Signature_::action_scope

Definition at line 694 of file detect.h.

Referenced by EngineAnalysisRules2().

◆ addr_dst_match4

DetectMatchAddressIPv4* Signature_::addr_dst_match4

Definition at line 711 of file detect.h.

◆ addr_dst_match4_cnt

uint16_t Signature_::addr_dst_match4_cnt

ipv4 match arrays

Definition at line 697 of file detect.h.

◆ addr_dst_match6

DetectMatchAddressIPv6* Signature_::addr_dst_match6

ipv6 match arrays

Definition at line 714 of file detect.h.

◆ addr_dst_match6_cnt

uint16_t Signature_::addr_dst_match6_cnt

Definition at line 699 of file detect.h.

◆ addr_src_match4

DetectMatchAddressIPv4* Signature_::addr_src_match4

Definition at line 712 of file detect.h.

◆ addr_src_match4_cnt

uint16_t Signature_::addr_src_match4_cnt

Definition at line 698 of file detect.h.

◆ addr_src_match6

DetectMatchAddressIPv6* Signature_::addr_src_match6

Definition at line 715 of file detect.h.

◆ addr_src_match6_cnt

uint16_t Signature_::addr_src_match6_cnt

Definition at line 700 of file detect.h.

◆ alproto

AppProto Signature_::alproto

Definition at line 677 of file detect.h.

Referenced by DetectEngineContentModifierBufferSetup(), DetectSignatureSetMultiAppProto(), EngineAnalysisRules2(), and SignatureIsIPOnly().

◆ app_inspect

DetectEngineAppInspectionEngine* Signature_::app_inspect

Definition at line 729 of file detect.h.

Referenced by DetectEngineAppInspectionEngineSignatureFree().

◆ app_progress_hook

uint8_t Signature_::app_progress_hook

firewall: progress value for this signature

Definition at line 709 of file detect.h.

◆ class_id

uint16_t Signature_::class_id

classification id

Definition at line 703 of file detect.h.

◆ class_msg

char* Signature_::class_msg

classification message

Definition at line 743 of file detect.h.

Referenced by AlertJsonHeader().

◆ detect_table

uint8_t Signature_::detect_table

detect: pseudo table this rule is part of (enum DetectTable)

Definition at line 706 of file detect.h.

◆ dp

DetectPort * Signature_::dp

Definition at line 723 of file detect.h.

◆ dsize_high

uint16_t Signature_::dsize_high

Definition at line 680 of file detect.h.

Referenced by SigParseSetDsizePair().

◆ dsize_low

uint16_t Signature_::dsize_low

Definition at line 679 of file detect.h.

Referenced by SigParseSetDsizePair().

◆ dsize_mode

uint8_t Signature_::dsize_mode

Definition at line 681 of file detect.h.

Referenced by SigParseSetDsizePair().

◆ file_flags

uint8_t Signature_::file_flags

Definition at line 688 of file detect.h.

Referenced by DetectFileHashMatch(), SignatureIsFilemagicInspecting(), SignatureIsFileMd5Inspecting(), SignatureIsFileSha1Inspecting(), and SignatureIsFileSha256Inspecting().

◆ filestore_ctx

const struct DetectFilestoreData_* Signature_::filestore_ctx

Definition at line 738 of file detect.h.

◆ flags

uint32_t Signature_::flags

Definition at line 673 of file detect.h.

Referenced by AlertJsonHeader(), DetectContentPMATCHValidateCallback(), DetectEngineInspectStreamPayload(), DetectFlowSetupImplicit(), EngineAnalysisRules2(), FirewallAnalyzer(), IPOnlySigParseAddress(), SignatureHasPacketContent(), SignatureHasStreamContent(), SignatureIsFilestoring(), SignatureIsIPOnly(), SigParseApplyDsizeToContent(), SigParseGetMaxDsize(), SigParseMaxRequiredDsize(), and SigParseSetDsizePair().

◆ frame_inspect

DetectEngineFrameInspectionEngine* Signature_::frame_inspect

Definition at line 731 of file detect.h.

Referenced by DetectEngineAppInspectionEngineSignatureFree(), and DetectRunFrameInspectRule().

◆ gid

uint32_t Signature_::gid

generator id

Definition at line 718 of file detect.h.

Referenced by AlertJsonHeader(), and EngineAnalysisRules2().

◆ id

uint32_t Signature_::id

sid, set by the 'sid' rule keyword

Definition at line 717 of file detect.h.

Referenced by AlertJsonHeader(), DetectEngineAppInspectionEngine2Signature(), DetectEnginePktInspectionRun(), DetectFileInspectGeneric(), DetectMd5ValidateCallback(), DetectProtoFinalizeSignature(), DetectRunFrameInspectRule(), EngineAnalysisFP(), EngineAnalysisRules2(), FirewallAnalyzer(), IPOnlyAddSignature(), PacketAlertCheck(), RulesDumpMatchArray(), RulesDumpTxMatchArray(), SigGroupHeadContainsSigId(), SignatureSetType(), SigParseApplyDsizeToContent(), SigPrepareStage1(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().

◆ iid

SigIntId Signature_::iid

signature internal id

Definition at line 684 of file detect.h.

Referenced by IPOnlyAddSignature(), PostRuleMatchWorkQueueAppend(), SigGroupBuild(), and SigPrepareStage1().

◆ init_data

SignatureInitData* Signature_::init_data

Definition at line 751 of file detect.h.

Referenced by DetectBufferGetActiveList(), DetectBufferGetFirstSigMatch(), DetectBufferGetLastSigMatch(), DetectBufferIsPresent(), DetectByteExtractRetrieveSMVar(), DetectByteMathRetrieveSMVar(), DetectContentSetup(), DetectEngineAppInspectionEngine2Signature(), DetectEngineContentModifierBufferSetup(), DetectEnginePktInspectionSetup(), DetectFlagsSignatureNeedsSynOnlyPackets(), DetectFlagsSignatureNeedsSynPackets(), DetectGetLastSM(), DetectGetLastSMByListId(), DetectGetLastSMFromMpmLists(), DetectIPProtoRemoveAllSMs(), DetectLowerSetupCallback(), DetectMd5ValidateCallback(), DetectProtoFinalizeSignature(), DetectSetFastPatternAndItsId(), DetectSignatureSetMultiAppProto(), DetectUrilenValidateContent(), EngineAnalysisFP(), EngineAnalysisRules2(), MpmStorePrepareBuffer(), RetrieveFPForSig(), SCDetectGetLastSMFromLists(), SCDetectSignatureAddTransform(), SigAlloc(), SigFree(), SigMatchListSMBelongsTo(), SigMatchRemoveSMFromList(), SignatureHasPacketContent(), SignatureHasStreamContent(), SignatureInitDataBufferCheckExpand(), SignatureIsIPOnly(), SignatureSetType(), SigParseApplyDsizeToContent(), SigParseGetMaxDsize(), SigParseMaxRequiredDsize(), and SigParseSetDsizePair().

◆ mask

SignatureMask Signature_::mask

Definition at line 683 of file detect.h.

Referenced by EngineAnalysisRules2().

◆ metadata

DetectMetadataHead* Signature_::metadata

Metadata

Definition at line 747 of file detect.h.

◆ msg

char* Signature_::msg

Definition at line 740 of file detect.h.

Referenced by AlertJsonHeader(), EngineAnalysisRules2(), and IPOnlyAddSignature().

◆ next

struct Signature_* Signature_::next

ptr to the next sig in the list

Definition at line 754 of file detect.h.

Referenced by DetectSetFastPatternAndItsId(), FirewallAnalyzer(), SigCleanSignatures(), SigFindSignatureBySidGid(), SigGroupBuild(), and SigPrepareStage1().

◆ pkt_inspect

DetectEnginePktInspectionEngine* Signature_::pkt_inspect

Definition at line 730 of file detect.h.

Referenced by DetectEngineAppInspectionEngineSignatureFree(), DetectEnginePktInspectionRun(), and EngineAnalysisRules2().

◆ prio

int Signature_::prio

Definition at line 720 of file detect.h.

Referenced by AlertJsonHeader(), and SigAlloc().

◆ proto

DetectProto* Signature_::proto

rule protocol: can be NULL if the check can be skipped

Definition at line 691 of file detect.h.

Referenced by DetectProtoFinalizeSignature(), and IPOnlyMatchPacket().

◆ references

DetectReference* Signature_::references

Reference

Definition at line 745 of file detect.h.

◆ rev

uint32_t Signature_::rev

Definition at line 719 of file detect.h.

Referenced by AlertJsonHeader(), and EngineAnalysisRules2().

◆ sig_str

char* Signature_::sig_str

Definition at line 749 of file detect.h.

Referenced by EngineAnalysisRules2(), FirewallAnalyzer(), SCDetectSignatureAddTransform(), and SigParseMaxRequiredDsize().

◆ sm_arrays

SigMatchData* Signature_::sm_arrays[DETECT_SM_LIST_MAX]

Definition at line 735 of file detect.h.

Referenced by DetectEngineInspectPacketPayload(), and DetectEnginePktInspectionSetup().

◆ sp

DetectPort* Signature_::sp

port settings for this signature

Definition at line 723 of file detect.h.

◆ type

enum SignatureType Signature_::type

Definition at line 673 of file detect.h.

Referenced by DetectProtoFinalizeSignature(), EngineAnalysisRules2(), FirewallAnalyzer(), IPOnlyAddSignature(), SignatureSetType(), and SigPrepareStage1().

The documentation for this struct was generated from the following file: