suricata
detect-engine-register.c
Go to the documentation of this file.
1/* Copyright (C) 2007-2024 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18/**
19 * \file
20 *
21 * \author Victor Julien <victor@inliniac.net>
22 */
23
24#include "detect-smb-ntlmssp.h"
25#include "suricata-common.h"
26#include "suricata.h"
27#include "detect.h"
28#include "flow.h"
29#include "flow-private.h"
30#include "flow-bit.h"
31
32#include "detect-parse.h"
33#include "detect-engine.h"
34#include "detect-engine-profile.h"
35
36#include "detect-engine-alert.h"
37#include "detect-engine-siggroup.h"
38#include "detect-engine-address.h"
39#include "detect-engine-proto.h"
40#include "detect-engine-port.h"
41#include "detect-engine-mpm.h"
42#include "detect-engine-iponly.h"
43#include "detect-engine-threshold.h"
44#include "detect-engine-prefilter.h"
45
46#include "rust.h"
47
48#include "detect-engine-payload.h"
49#include "detect-engine-dcepayload.h"
50#include "detect-dns-name.h"
51#include "detect-dns-response.h"
52#include "detect-tls-sni.h"
53#include "detect-tls-certs.h"
54#include "detect-tls-cert-fingerprint.h"
55#include "detect-tls-cert-issuer.h"
56#include "detect-tls-cert-subject.h"
57#include "detect-tls-cert-serial.h"
58#include "detect-tls-alpn.h"
59#include "detect-tls-subjectaltname.h"
60#include "detect-tls-random.h"
61#include "detect-tls-ja3-hash.h"
62#include "detect-tls-ja3-string.h"
63#include "detect-tls-ja3s-hash.h"
64#include "detect-tls-ja3s-string.h"
65#include "detect-engine-state.h"
66#include "detect-engine-analyzer.h"
67
68#include "detect-http-cookie.h"
69#include "detect-http-method.h"
70#include "detect-http-ua.h"
71#include "detect-http-host.h"
72
73#include "detect-mark.h"
74#include "detect-nfs-procedure.h"
75#include "detect-nfs-version.h"
76
77#include "detect-engine-event.h"
78#include "decode.h"
79
80#include "detect-config.h"
81
82#include "detect-smb-share.h"
83#include "detect-smb-version.h"
84#include "detect-smtp.h"
85
86#include "detect-base64-decode.h"
87#include "detect-base64-data.h"
88#include "detect-ipaddr.h"
89#include "detect-ipopts.h"
90#include "detect-tcp-flags.h"
91#include "detect-fragbits.h"
92#include "detect-fragoffset.h"
93#include "detect-gid.h"
94#include "detect-tcp-ack.h"
95#include "detect-tcp-seq.h"
96#include "detect-content.h"
97#include "detect-uricontent.h"
98#include "detect-pcre.h"
99#include "detect-depth.h"
100#include "detect-nocase.h"
101#include "detect-rawbytes.h"
102#include "detect-bytetest.h"
103#include "detect-bytemath.h"
104#include "detect-bytejump.h"
105#include "detect-sameip.h"
106#include "detect-l3proto.h"
107#include "detect-ipproto.h"
108#include "detect-within.h"
109#include "detect-distance.h"
110#include "detect-offset.h"
111#include "detect-sid.h"
112#include "detect-prefilter.h"
113#include "detect-priority.h"
114#include "detect-classtype.h"
115#include "detect-reference.h"
116#include "detect-tag.h"
117#include "detect-threshold.h"
118#include "detect-metadata.h"
119#include "detect-msg.h"
120#include "detect-rev.h"
121#include "detect-flow.h"
122#include "detect-flow-age.h"
123#include "detect-flow-pkts.h"
124#include "detect-requires.h"
125#include "detect-tcp-window.h"
126#include "detect-tcp-wscale.h"
127#include "detect-ftpbounce.h"
128#include "detect-ftp-dynamic-port.h"
129#include "detect-isdataat.h"
130#include "detect-id.h"
131#include "detect-rpc.h"
132#include "detect-asn1.h"
133#include "detect-filename.h"
134#include "detect-filestore.h"
135#include "detect-filemagic.h"
136#include "detect-filemd5.h"
137#include "detect-filesha1.h"
138#include "detect-filesha256.h"
139#include "detect-filesize.h"
140#include "detect-dataset.h"
141#include "detect-datarep.h"
142#include "detect-dsize.h"
143#include "detect-flowvar.h"
144#include "detect-flowint.h"
145#include "detect-pktvar.h"
146#include "detect-noalert.h"
147#include "detect-flowbits.h"
148#include "detect-hostbits.h"
149#include "detect-xbits.h"
150#include "detect-csum.h"
151#include "detect-stream_size.h"
152#include "detect-engine-sigorder.h"
153#include "detect-ttl.h"
154#include "detect-fast-pattern.h"
155#include "detect-itype.h"
156#include "detect-icode.h"
157#include "detect-icmp-id.h"
158#include "detect-icmp-seq.h"
159#include "detect-icmpv4hdr.h"
160#include "detect-dce-iface.h"
161#include "detect-dce-opnum.h"
162#include "detect-dce-stub-data.h"
163#include "detect-urilen.h"
164#include "detect-bsize.h"
165#include "detect-detection-filter.h"
166#include "detect-http-client-body.h"
167#include "detect-http-server-body.h"
168#include "detect-http-header.h"
169#include "detect-http-header-names.h"
170#include "detect-http-headers.h"
171#include "detect-http-raw-header.h"
172#include "detect-http-uri.h"
173#include "detect-http-protocol.h"
174#include "detect-http-start.h"
175#include "detect-http-stat-msg.h"
176#include "detect-http-request-line.h"
177#include "detect-http-response-line.h"
178#include "detect-http2.h"
179#include "detect-byte-extract.h"
180#include "detect-file-data.h"
181#include "detect-pkt-data.h"
182#include "detect-replace.h"
183#include "detect-tos.h"
184#include "detect-app-layer-event.h"
185#include "detect-app-layer-state.h"
186#include "detect-lua.h"
187#include "detect-iprep.h"
188#include "detect-geoip.h"
189#include "detect-app-layer-protocol.h"
190#include "detect-template.h"
191#include "detect-template2.h"
192#include "detect-tcphdr.h"
193#include "detect-tcpmss.h"
194#include "detect-udphdr.h"
195#include "detect-icmpv6hdr.h"
196#include "detect-icmpv6-mtu.h"
197#include "detect-ipv4hdr.h"
198#include "detect-ipv6hdr.h"
199#include "detect-krb5-cname.h"
200#include "detect-krb5-errcode.h"
201#include "detect-krb5-msgtype.h"
202#include "detect-krb5-sname.h"
203#include "detect-krb5-ticket-encryption.h"
204#include "detect-sip-method.h"
205#include "detect-sip-uri.h"
206#include "detect-target.h"
207#include "detect-quic-sni.h"
208#include "detect-quic-ua.h"
209#include "detect-quic-version.h"
210#include "detect-quic-cyu-hash.h"
211#include "detect-quic-cyu-string.h"
212#include "detect-ja4-hash.h"
213#include "detect-ftp-command.h"
214#include "detect-entropy.h"
215#include "detect-ftp-command-data.h"
216#include "detect-ftp-completion-code.h"
217#include "detect-ftp-reply.h"
218#include "detect-ftp-mode.h"
219#include "detect-ftp-reply-received.h"
220
221#include "detect-bypass.h"
222#include "detect-ftpdata.h"
223#include "detect-engine-content-inspection.h"
224
225#include "detect-transform-pcrexform.h"
226#include "detect-transform-luaxform.h"
227
228#include "util-rule-vars.h"
229
230#include "app-layer.h"
231#include "app-layer-protos.h"
232#include "app-layer-htp.h"
233#include "app-layer-smtp.h"
234#include "detect-frame.h"
235#include "detect-tls.h"
236#include "detect-tls-cert-validity.h"
237#include "detect-tls-version.h"
238#include "detect-ssh-proto.h"
239#include "detect-ssh-proto-version.h"
240#include "detect-ssh-software.h"
241#include "detect-ssh-software-version.h"
242#include "detect-ssh-hassh.h"
243#include "detect-ssh-hassh-server.h"
244#include "detect-ssh-hassh-string.h"
245#include "detect-ssh-hassh-server-string.h"
246#include "detect-http-stat-code.h"
247#include "detect-ssl-version.h"
248#include "detect-ssl-state.h"
249#include "detect-modbus.h"
250#include "detect-dnp3.h"
251#include "detect-ike-exch-type.h"
252#include "detect-ike-spi.h"
253#include "detect-ike-vendor.h"
254#include "detect-ike-chosen-sa.h"
255#include "detect-ike-key-exchange-payload-length.h"
256#include "detect-ike-nonce-payload-length.h"
257#include "detect-ike-nonce-payload.h"
258#include "detect-ike-key-exchange-payload.h"
259#include "detect-vlan.h"
260#include "detect-email.h"
261
262#include "action-globals.h"
263#include "tm-threads.h"
264
265#include "pkt-var.h"
266
267#include "conf.h"
268#include "conf-yaml-loader.h"
269
270#include "stream-tcp.h"
271#include "stream-tcp-inline.h"
272
273#include "util-lua.h"
274#include "util-var-name.h"
275#include "util-classification-config.h"
276#include "util-threshold-config.h"
277#include "util-print.h"
278#include "util-unittest.h"
279#include "util-unittest-helper.h"
280#include "util-debug.h"
281#include "util-hashlist.h"
282#include "util-privs.h"
283#include "util-profiling.h"
284#include "util-validate.h"
285#include "util-optimize.h"
286#include "util-path.h"
287#include "util-mpm-ac.h"
288#include "runmodes.h"
289
290int DETECT_TBLSIZE = 0;
291int DETECT_TBLSIZE_IDX = DETECT_TBLSIZE_STATIC;
292
293static void PrintFeatureList(const SigTableElmt *e, char sep)
294{
295 const uint16_t flags = e->flags;
296
297 int prev = 0;
298 if (flags & SIGMATCH_NOOPT) {
299 printf("No option");
300 prev = 1;
301 }
302 if (flags & SIGMATCH_IPONLY_COMPAT) {
303 if (prev == 1)
304 printf("%c", sep);
305 printf("compatible with IP only rule");
306 prev = 1;
307 }
308 if (flags & SIGMATCH_DEONLY_COMPAT) {
309 if (prev == 1)
310 printf("%c", sep);
311 printf("compatible with decoder event only rule");
312 prev = 1;
313 }
314 if (flags & SIGMATCH_INFO_CONTENT_MODIFIER) {
315 if (prev == 1)
316 printf("%c", sep);
317 printf("content modifier");
318 prev = 1;
319 }
320 if (flags & SIGMATCH_INFO_STICKY_BUFFER) {
321 if (prev == 1)
322 printf("%c", sep);
323 printf("sticky buffer");
324 prev = 1;
325 }
326 if (flags & SIGMATCH_SUPPORT_FIREWALL) {
327 if (prev == 1)
328 printf("%c", sep);
329 printf("supports firewall");
330 prev = 1;
331 }
332 if (e->Transform) {
333 if (prev == 1)
334 printf("%c", sep);
335 printf("transform");
336 prev = 1;
337 }
338 if (e->SupportsPrefilter) {
339 if (prev == 1)
340 printf("%c", sep);
341 printf("prefilter");
342 prev = 1;
343 }
344 if (prev == 0) {
345 printf("none");
346 }
347}
348
349static void SigMultilinePrint(size_t i, const char *prefix)
350{
351 if (sigmatch_table[i].desc) {
352 printf("%sDescription: %s\n", prefix, sigmatch_table[i].desc);
353 }
354 printf("%sFeatures: ", prefix);
355 PrintFeatureList(&sigmatch_table[i], ',');
356 if (sigmatch_table[i].url) {
357 printf("\n%sDocumentation: %s%s", prefix, GetDocURL(), sigmatch_table[i].url);
358 }
359 if (sigmatch_table[i].alternative) {
360 printf("\n%sReplaced by: %s", prefix, sigmatch_table[sigmatch_table[i].alternative].name);
361 }
362 printf("\n");
363}
364
365/** \brief Check if a keyword exists. */
366bool SigTableHasKeyword(const char *keyword)
367{
368 for (int i = 0; i < DETECT_TBLSIZE; i++) {
369 const char *name = sigmatch_table[i].name;
370
371 if (name == NULL || strlen(name) == 0) {
372 continue;
373 }
374
375 if (strcmp(keyword, name) == 0) {
376 return true;
377 }
378 }
379
380 return false;
381}
382
383int SigTableList(const char *keyword)
384{
385 size_t size = DETECT_TBLSIZE;
386 size_t i;
387
388 if (keyword == NULL) {
389 printf("=====Supported keywords=====\n");
390 for (i = 0; i < size; i++) {
391 const char *name = sigmatch_table[i].name;
392 if (name != NULL && strlen(name) > 0) {
393 if (name[0] == '_' || strcmp(name, "template") == 0)
394 continue;
395
396 printf("- %s\n", name);
397 }
398 }
399 } else if (strcmp("csv", keyword) == 0) {
400 printf("name;description;app layer;features;documentation\n");
401 for (i = 0; i < size; i++) {
402 const char *name = sigmatch_table[i].name;
403 if (name != NULL && strlen(name) > 0) {
404 if (name[0] == '_' || strcmp(name, "template") == 0)
405 continue;
406
407 printf("%s;", name);
408 if (sigmatch_table[i].desc) {
409 printf("%s", sigmatch_table[i].desc);
410 }
411 /* Build feature */
412 printf(";Unset;"); // this used to be alproto
413 PrintFeatureList(&sigmatch_table[i], ':');
414 printf(";");
415 if (sigmatch_table[i].url) {
416 printf("%s%s", GetDocURL(), sigmatch_table[i].url);
417 }
418 printf(";");
419 printf("\n");
420 }
421 }
422 } else if (strcmp("all", keyword) == 0) {
423 for (i = 0; i < size; i++) {
424 const char *name = sigmatch_table[i].name;
425 if (name != NULL && strlen(name) > 0) {
426 if (name[0] == '_' || strcmp(name, "template") == 0)
427 continue;
428 printf("%s:\n", sigmatch_table[i].name);
429 SigMultilinePrint(i, "\t");
430 }
431 }
432 } else {
433 for (i = 0; i < size; i++) {
434 if ((sigmatch_table[i].name != NULL) &&
435 strcmp(sigmatch_table[i].name, keyword) == 0) {
436 printf("= %s =\n", sigmatch_table[i].name);
437 SigMultilinePrint(i, "");
438 return TM_ECODE_DONE;
439 }
440 }
441 printf("Non existing keyword\n");
442 return TM_ECODE_FAILED;
443 }
444 return TM_ECODE_DONE;
445}
446
447static void DetectFileHandlerRegister(void)
448{
449 for (int i = 0; i < DETECT_TBLSIZE_STATIC; i++) {
450 if (filehandler_table[i].name)
451 DetectFileRegisterFileProtocols(&filehandler_table[i]);
452 }
453}
454
455static void SigCleanCString(SigTableElmt *base)
456{
457 SCSigTableNamesElmt kw;
458 // remove const for mut to release
459 kw.name = (char *)base->name;
460 kw.desc = (char *)base->desc;
461 kw.url = (char *)base->url;
462 SCDetectSigMatchNamesFree(&kw);
463}
464
465void SCDetectHelperKeywordSetCleanCString(uint16_t id)
466{
467 sigmatch_table[id].Cleanup = SigCleanCString;
468}
469
470void SigTableCleanup(void)
471{
472 if (sigmatch_table != NULL) {
473 for (int i = 0; i < DETECT_TBLSIZE; i++) {
474 if ((sigmatch_table[i].Cleanup) == NULL) {
475 continue;
476 }
477 sigmatch_table[i].Cleanup(&sigmatch_table[i]);
478 }
479 SCFree(sigmatch_table);
480 sigmatch_table = NULL;
481 DETECT_TBLSIZE = 0;
482 }
483}
484
485#define ARRAY_CAP_STEP 16
486static void (**PreregisteredCallbacks)(void) = NULL;
487static size_t preregistered_callbacks_nb = 0;
488static size_t preregistered_callbacks_cap = 0;
489
490// Plugins can preregister keywords with this function :
491// When an app-layer plugin is loaded, it wants to register its keywords
492// But the plugin is loaded before keywords can register
493// The preregistration callbacks will later be called by SigTableSetup
494int SCSigTablePreRegister(void (*KeywordsRegister)(void))
495{
496 if (preregistered_callbacks_nb == preregistered_callbacks_cap) {
497 void *tmp = SCRealloc(PreregisteredCallbacks,
498 sizeof(void *) * (preregistered_callbacks_cap + ARRAY_CAP_STEP));
499 if (tmp == NULL) {
500 return 1;
501 }
502 preregistered_callbacks_cap += ARRAY_CAP_STEP;
503 PreregisteredCallbacks = tmp;
504 }
505 PreregisteredCallbacks[preregistered_callbacks_nb] = KeywordsRegister;
506 preregistered_callbacks_nb++;
507 return 0;
508}
509
510void SigTableInit(void)
511{
512 if (sigmatch_table == NULL) {
513 DETECT_TBLSIZE = DETECT_TBLSIZE_STATIC + DETECT_TBLSIZE_STEP;
514 sigmatch_table = SCCalloc(DETECT_TBLSIZE, sizeof(SigTableElmt));
515 if (sigmatch_table == NULL) {
516 DETECT_TBLSIZE = 0;
517 FatalError("Could not allocate sigmatch_table");
518 }
519 }
520}
521
522void SigTableSetup(void)
523{
524 DetectRegisterAppLayerHookLists();
525
526 DetectSidRegister();
527 DetectPriorityRegister();
528 DetectPrefilterRegister();
529 DetectRevRegister();
530 DetectClasstypeRegister();
531 DetectReferenceRegister();
532 DetectTagRegister();
533 DetectThresholdRegister();
534 DetectMetadataRegister();
535 DetectMsgRegister();
536 DetectAckRegister();
537 DetectSeqRegister();
538 DetectContentRegister();
539 DetectUricontentRegister();
540
541 /* NOTE: the order of these currently affects inspect
542 * engine registration order and ultimately the order
543 * of inspect engines in the rule. Which in turn affects
544 * state keeping */
545 DetectHttpUriRegister();
546 DetectHttpRequestLineRegister();
547 DetectHttpClientBodyRegister();
548 DetectHttpResponseLineRegister();
549 DetectHttpServerBodyRegister();
550 DetectHttpHeaderRegister();
551 DetectHttpRequestHeaderRegister();
552 DetectHttpResponseHeaderRegister();
553 DetectHttpHeaderNamesRegister();
554 DetectHttpHeadersRegister();
555 DetectHttpProtocolRegister();
556 DetectHttpStartRegister();
557 DetectHttpRawHeaderRegister();
558 DetectHttpMethodRegister();
559 DetectHttpCookieRegister();
560
561 DetectFilenameRegister();
562 DetectFilestoreRegister();
563 DetectFilemagicRegister();
564 DetectFileMd5Register();
565 DetectFileSha1Register();
566 DetectFileSha256Register();
567 DetectFilesizeRegister();
568
569 DetectHttpUARegister();
570 DetectHttpHHRegister();
571
572 DetectHttpStatMsgRegister();
573 DetectHttpStatCodeRegister();
574 DetectHttp2Register();
575
576 DetectDnsNameRegister();
577 DetectDnsResponseRegister();
578 DetectModbusRegister();
579 DetectDNP3Register();
580
581 DetectIkeExchTypeRegister();
582 DetectIkeSpiRegister();
583 DetectIkeVendorRegister();
584 DetectIkeChosenSaRegister();
585 DetectIkeKeyExchangePayloadLengthRegister();
586 DetectIkeNoncePayloadLengthRegister();
587 DetectIkeNonceRegister();
588 DetectIkeKeyExchangeRegister();
589
590 DetectTlsSniRegister();
591 DetectTlsIssuerRegister();
592 DetectTlsSubjectRegister();
593 DetectTlsSerialRegister();
594 DetectTlsFingerprintRegister();
595 DetectTlsCertsRegister();
596 DetectTlsCertChainLenRegister();
597 DetectTlsSubjectAltNameRegister();
598 DetectTlsAlpnRegister();
599 DetectTlsRandomRegister();
600
601 DetectTlsJa3HashRegister();
602 DetectTlsJa3StringRegister();
603 DetectTlsJa3SHashRegister();
604 DetectTlsJa3SStringRegister();
605
606 DetectAppLayerEventRegister();
607 DetectAppLayerStateRegister();
608 /* end of order dependent regs */
609
610 DetectFrameRegister();
611
612 DetectPcreRegister();
613 DetectDepthRegister();
614 DetectNocaseRegister();
615 DetectRawbytesRegister();
616 DetectBytetestRegister();
617 DetectBytejumpRegister();
618 DetectBytemathRegister();
619 DetectEntropyRegister();
620 DetectSameipRegister();
621 DetectGeoipRegister();
622 DetectL3ProtoRegister();
623 DetectIPProtoRegister();
624 DetectWithinRegister();
625 DetectDistanceRegister();
626 DetectOffsetRegister();
627 DetectReplaceRegister();
628 DetectFlowRegister();
629 DetectFlowAgeRegister();
630 DetectFlowPktsRegister();
631 DetectFlowPktsToServerRegister();
632 DetectFlowPktsToClientRegister();
633 DetectFlowBytesRegister();
634 DetectFlowBytesToServerRegister();
635 DetectFlowBytesToClientRegister();
636 DetectRequiresRegister();
637 DetectWindowRegister();
638 DetectRpcRegister();
639 DetectFtpbounceRegister();
640 DetectFtpdataRegister();
641 DetectFtpDynamicPortRegister();
642 DetectIsdataatRegister();
643 DetectIdRegister();
644 DetectDsizeRegister();
645 DetectDatasetRegister();
646 DetectDatarepRegister();
647 DetectFlowvarRegister();
648 DetectFlowintRegister();
649 DetectPktvarRegister();
650 DetectNoalertRegister();
651 DetectFlowbitsRegister();
652 DetectHostbitsRegister();
653 DetectXbitsRegister();
654 DetectEngineEventRegister();
655 DetectIpOptsRegister();
656 DetectFlagsRegister();
657 DetectFragBitsRegister();
658 DetectFragOffsetRegister();
659 DetectGidRegister();
660 DetectMarkRegister();
661 DetectCsumRegister();
662 DetectStreamSizeRegister();
663 DetectTtlRegister();
664 DetectTosRegister();
665 DetectFastPatternRegister();
666 DetectITypeRegister();
667 DetectICodeRegister();
668 DetectIcmpIdRegister();
669 DetectIcmpSeqRegister();
670 DetectIcmpv4HdrRegister();
671 DetectDceIfaceRegister();
672 DetectDceOpnumRegister();
673 DetectDceStubDataRegister();
674 DetectSmbNamedPipeRegister();
675 DetectSmbShareRegister();
676 DetectSmbNtlmsspUserRegister();
677 DetectSmbNtlmsspDomainRegister();
678 DetectSmbVersionRegister();
679 DetectTlsRegister();
680 DetectTlsValidityRegister();
681 DetectTlsVersionRegister();
682 DetectNfsProcedureRegister();
683 DetectNfsVersionRegister();
684 DetectUrilenRegister();
685 DetectBsizeRegister();
686 DetectDetectionFilterRegister();
687 DetectAsn1Register();
688 DetectSshProtocolRegister();
689 DetectSshVersionRegister();
690 DetectSshSoftwareRegister();
691 DetectSshSoftwareVersionRegister();
692 DetectSshHasshRegister();
693 DetectSshHasshServerRegister();
694 DetectSshHasshStringRegister();
695 DetectSshHasshServerStringRegister();
696 DetectSslStateRegister();
697 DetectSslVersionRegister();
698 DetectByteExtractRegister();
699 DetectFiledataRegister();
700 DetectPktDataRegister();
701 DetectLuaRegister();
702 DetectIPRepRegister();
703 DetectAppLayerProtocolRegister();
704 DetectBase64DecodeRegister();
705 DetectBase64DataRegister();
706 DetectTemplateRegister();
707 DetectTemplate2Register();
708 DetectTcphdrRegister();
709 DetectUdphdrRegister();
710 DetectTcpmssRegister();
711 DetectTcpWscaleRegister();
712 DetectICMPv6hdrRegister();
713 DetectICMPv6mtuRegister();
714 DetectIPAddrBufferRegister();
715 DetectIpv4hdrRegister();
716 DetectIpv6hdrRegister();
717 DetectKrb5CNameRegister();
718 DetectKrb5ErrCodeRegister();
719 DetectKrb5MsgTypeRegister();
720 DetectKrb5SNameRegister();
721 DetectKrb5TicketEncryptionRegister();
722 DetectSipMethodRegister();
723 DetectSipUriRegister();
724 DetectTargetRegister();
725 DetectQuicSniRegister();
726 DetectQuicUaRegister();
727 DetectQuicVersionRegister();
728 DetectQuicCyuHashRegister();
729 DetectQuicCyuStringRegister();
730 DetectJa4HashRegister();
731 DetectFtpCommandRegister();
732 DetectFtpCommandDataRegister();
733 DetectFtpCompletionCodeRegister();
734 DetectFtpReplyRegister();
735 DetectFtpModeRegister();
736 DetectFtpReplyReceivedRegister();
737
738 DetectBypassRegister();
739 DetectConfigRegister();
740
741 DetectTransformCompressWhitespaceRegister();
742 DetectTransformStripWhitespaceRegister();
743 DetectTransformStripPseudoHeadersRegister();
744 DetectTransformMd5Register();
745 DetectTransformSha1Register();
746 DetectTransformSha256Register();
747 DetectTransformDotPrefixRegister();
748 DetectTransformPcrexformRegister();
749 DetectTransformUrlDecodeRegister();
750 DetectTransformXorRegister();
751 DetectTransformToLowerRegister();
752 DetectTransformToUpperRegister();
753 DetectTransformHeaderLowercaseRegister();
754 DetectTransformFromBase64DecodeRegister();
755 SCDetectTransformDomainRegister();
756 DetectTransformLuaxformRegister();
757
758 DetectFileHandlerRegister();
759
760 DetectVlanIdRegister();
761 DetectVlanLayersRegister();
762
763 DetectEmailRegister();
764
765 SCDetectSMTPRegister();
766 SCDetectDHCPRegister();
767 SCDetectWebsocketRegister();
768 SCDetectEnipRegister();
769 SCDetectMqttRegister();
770 SCDetectRfbRegister();
771 SCDetectSipRegister();
772 SCDetectTemplateRegister();
773 SCDetectLdapRegister();
774 SCDetectSdpRegister();
775 SCDetectDNSRegister();
776 SCDetectPgsqlRegister();
777
778 for (size_t i = 0; i < preregistered_callbacks_nb; i++) {
779 PreregisteredCallbacks[i]();
780 }
781
782 /* close keyword registration */
783 DetectBufferTypeCloseRegistration();
784}
785
786#ifdef UNITTESTS
787void SigTableRegisterTests(void)
788{
789 /* register the tests */
790 for (int i = 0; i < DETECT_TBLSIZE; i++) {
791 g_ut_modules++;
792 if (sigmatch_table[i].RegisterTests != NULL) {
793 sigmatch_table[i].RegisterTests();
794 g_ut_covered++;
795 } else {
796 SCLogDebug("detection plugin %s has no unittest "
797 "registration function.", sigmatch_table[i].name);
798
799 if (coverage_unittests)
800 SCLogWarning("detection plugin %s has no unittest "
801 "registration function.",
802 sigmatch_table[i].name);
803 }
804 }
805}
806#endif
flags
uint8_t flags
Definition decode-gre.h:0
DetectAppLayerEventRegister
void DetectAppLayerEventRegister(void)
Registers the keyword handlers for the "app-layer-event" keyword.
Definition detect-app-layer-event.c:72
DetectAppLayerProtocolRegister
void DetectAppLayerProtocolRegister(void)
Definition detect-app-layer-protocol.c:397
DetectAppLayerStateRegister
void DetectAppLayerStateRegister(void)
Definition detect-app-layer-state.c:64
DetectAsn1Register
void DetectAsn1Register(void)
Registration function for asn1.
Definition detect-asn1.c:48
DetectBase64DataRegister
void DetectBase64DataRegister(void)
Definition detect-base64-data.c:33
DetectBase64DecodeRegister
void DetectBase64DecodeRegister(void)
Definition detect-base64-decode.c:48
DetectBsizeRegister
void DetectBsizeRegister(void)
Registration function for bsize: keyword.
Definition detect-bsize.c:100
DetectBypassRegister
void DetectBypassRegister(void)
Registration function for keyword: bypass.
Definition detect-bypass.c:59
DetectByteExtractRegister
void DetectByteExtractRegister(void)
Registers the keyword handlers for the "byte_extract" keyword.
Definition detect-byte-extract.c:69
DetectBytejumpRegister
void DetectBytejumpRegister(void)
Definition detect-bytejump.c:73
DetectBytemathRegister
void DetectBytemathRegister(void)
Registers the keyword handlers for the "byte_math" keyword.
Definition detect-bytemath.c:71
DetectBytetestRegister
void DetectBytetestRegister(void)
Definition detect-bytetest.c:78
DetectClasstypeRegister
void DetectClasstypeRegister(void)
Registers the handler functions for the "Classtype" keyword.
Definition detect-classtype.c:51
DetectConfigRegister
void DetectConfigRegister(void)
Registers the "config" keyword for detection.
Definition detect-config.c:74
DetectContentRegister
void DetectContentRegister(void)
Definition detect-content.c:59
detect-content.h
DetectCsumRegister
void DetectCsumRegister(void)
Registers handlers for all the checksum keywords. The checksum keywords that are registered are ipv4-...
Definition detect-csum.c:139
DetectDatarepRegister
void DetectDatarepRegister(void)
Definition detect-datarep.c:53
DetectDatasetRegister
void DetectDatasetRegister(void)
Definition detect-dataset.c:55
DetectDceIfaceRegister
void DetectDceIfaceRegister(void)
Registers the keyword handlers for the "dce_iface" keyword.
Definition detect-dce-iface.c:66
DetectDceOpnumRegister
void DetectDceOpnumRegister(void)
Registers the keyword handlers for the "dce_opnum" keyword.
Definition detect-dce-opnum.c:70
DetectDceStubDataRegister
void DetectDceStubDataRegister(void)
Registers the keyword handlers for the "dce_stub_data" keyword.
Definition detect-dce-stub-data.c:118
DetectDepthRegister
void DetectDepthRegister(void)
Definition detect-depth.c:48
DetectDetectionFilterRegister
void DetectDetectionFilterRegister(void)
Registration function for detection_filter: keyword.
Definition detect-detection-filter.c:67
DetectDistanceRegister
void DetectDistanceRegister(void)
Definition detect-distance.c:56
DetectDNP3Register
void DetectDNP3Register(void)
Definition detect-dnp3.c:547
DetectDnsNameRegister
void DetectDnsNameRegister(void)
Definition detect-dns-name.c:127
DetectDnsResponseRegister
void DetectDnsResponseRegister(void)
Definition detect-dns-response.c:352
DetectDsizeRegister
void DetectDsizeRegister(void)
Registration function for dsize: keyword.
Definition detect-dsize.c:61
DetectEmailRegister
void DetectEmailRegister(void)
Definition detect-email.c:228
detect-engine-content-inspection.h
DetectEngineEventRegister
void DetectEngineEventRegister(void)
Registration function for decode-event: keyword.
Definition detect-engine-event.c:127
DETECT_TBLSIZE_IDX
int DETECT_TBLSIZE_IDX
Definition detect-engine-register.c:291
ARRAY_CAP_STEP
#define ARRAY_CAP_STEP
Definition detect-engine-register.c:485
SigTableSetup
void SigTableSetup(void)
Definition detect-engine-register.c:522
DETECT_TBLSIZE
int DETECT_TBLSIZE
Definition detect-engine-register.c:290
SigTableList
int SigTableList(const char *keyword)
Definition detect-engine-register.c:383
SCSigTablePreRegister
int SCSigTablePreRegister(void(*KeywordsRegister)(void))
Definition detect-engine-register.c:494
SCDetectHelperKeywordSetCleanCString
void SCDetectHelperKeywordSetCleanCString(uint16_t id)
Definition detect-engine-register.c:465
SigTableHasKeyword
bool SigTableHasKeyword(const char *keyword)
Check if a keyword exists.
Definition detect-engine-register.c:366
SigTableCleanup
void SigTableCleanup(void)
Definition detect-engine-register.c:470
SigTableInit
void SigTableInit(void)
Definition detect-engine-register.c:510
SigTableRegisterTests
void SigTableRegisterTests(void)
Definition detect-engine-register.c:787
DETECT_TBLSIZE_STEP
#define DETECT_TBLSIZE_STEP
Definition detect-engine-register.h:337
DETECT_TBLSIZE_STATIC
@ DETECT_TBLSIZE_STATIC
Definition detect-engine-register.h:331
detect-engine-state.h
Data structures and function prototypes for keeping state for the detection engine.
DetectBufferTypeCloseRegistration
void DetectBufferTypeCloseRegistration(void)
Definition detect-engine.c:1655
DetectEntropyRegister
void DetectEntropyRegister(void)
Definition detect-entropy.c:85
DetectFastPatternRegister
void DetectFastPatternRegister(void)
Registration function for fast_pattern keyword.
Definition detect-fast-pattern.c:184
filehandler_table
DetectFileHandlerTableElmt filehandler_table[DETECT_TBLSIZE_STATIC]
Definition detect-file-data.c:78
DetectFiledataRegister
void DetectFiledataRegister(void)
Registration function for keyword: file_data.
Definition detect-file-data.c:148
DetectFileRegisterFileProtocols
void DetectFileRegisterFileProtocols(DetectFileHandlerTableElmt *reg)
Definition detect-file-data.c:118
DetectFilemagicRegister
void DetectFilemagicRegister(void)
Registration function for keyword: filemagic.
Definition detect-filemagic.c:74
DetectFileMd5Register
void DetectFileMd5Register(void)
Registration function for keyword: filemd5.
Definition detect-filemd5.c:44
DetectFilenameRegister
void DetectFilenameRegister(void)
Registration function for keyword: filename.
Definition detect-filename.c:80
DetectFileSha1Register
void DetectFileSha1Register(void)
Registration function for keyword: filesha1.
Definition detect-filesha1.c:44
DetectFileSha256Register
void DetectFileSha256Register(void)
Registration function for keyword: filesha256.
Definition detect-filesha256.c:44
DetectFilesizeRegister
void DetectFilesizeRegister(void)
Registration function for filesize: keyword.
Definition detect-filesize.c:61
DetectFilestoreRegister
void DetectFilestoreRegister(void)
Registration function for keyword: filestore.
Definition detect-filestore.c:79
DetectFlowAgeRegister
void DetectFlowAgeRegister(void)
Definition detect-flow-age.c:89
DetectFlowBytesToServerRegister
void DetectFlowBytesToServerRegister(void)
Definition detect-flow-pkts.c:281
DetectFlowPktsRegister
void DetectFlowPktsRegister(void)
Definition detect-flow-pkts.c:155
DetectFlowBytesRegister
void DetectFlowBytesRegister(void)
Definition detect-flow-pkts.c:271
DetectFlowBytesToClientRegister
void DetectFlowBytesToClientRegister(void)
Definition detect-flow-pkts.c:292
DetectFlowPktsToClientRegister
void DetectFlowPktsToClientRegister(void)
Definition detect-flow-pkts.c:180
DetectFlowPktsToServerRegister
void DetectFlowPktsToServerRegister(void)
Definition detect-flow-pkts.c:167
DetectFlowRegister
void DetectFlowRegister(void)
Registration function for flow: keyword.
Definition detect-flow.c:65
DetectFlowbitsRegister
void DetectFlowbitsRegister(void)
Definition detect-flowbits.c:71
id
uint32_t id
Definition detect-flowbits.c:938
DetectFlowintRegister
void DetectFlowintRegister(void)
Definition detect-flowint.c:67
DetectFlowvarRegister
void DetectFlowvarRegister(void)
Definition detect-flowvar.c:54
DetectFragBitsRegister
void DetectFragBitsRegister(void)
Registration function for fragbits: keyword.
Definition detect-fragbits.c:85
DetectFragOffsetRegister
void DetectFragOffsetRegister(void)
Registration function for fragoffset.
Definition detect-fragoffset.c:60
DetectFrameRegister
void DetectFrameRegister(void)
Registration function for keyword: ja3_hash.
Definition detect-frame.c:188
DetectFtpCommandDataRegister
void DetectFtpCommandDataRegister(void)
Definition detect-ftp-command-data.c:89
DetectFtpCommandRegister
void DetectFtpCommandRegister(void)
Definition detect-ftp-command.c:77
DetectFtpCompletionCodeRegister
void DetectFtpCompletionCodeRegister(void)
Definition detect-ftp-completion-code.c:87
DetectFtpDynamicPortRegister
void DetectFtpDynamicPortRegister(void)
Definition detect-ftp-dynamic-port.c:98
DetectFtpModeRegister
void DetectFtpModeRegister(void)
Definition detect-ftp-mode.c:121
DetectFtpReplyReceivedRegister
void DetectFtpReplyReceivedRegister(void)
Registration function for ftp.reply_received: keyword.
Definition detect-ftp-reply-received.c:121
DetectFtpReplyRegister
void DetectFtpReplyRegister(void)
Definition detect-ftp-reply.c:90
DetectFtpbounceRegister
void DetectFtpbounceRegister(void)
Registration function for ftpbounce: keyword.
Definition detect-ftpbounce.c:61
DetectFtpdataRegister
void DetectFtpdataRegister(void)
Registration function for ftpcommand: keyword.
Definition detect-ftpdata.c:59
DetectGeoipRegister
void DetectGeoipRegister(void)
Registration function for geoip keyword (no libgeoip support)
Definition detect-geoip.c:54
DetectGidRegister
void DetectGidRegister(void)
Registration function for gid: keyword.
Definition detect-gid.c:49
DetectHostbitsRegister
void DetectHostbitsRegister(void)
Definition detect-hostbits.c:81
DetectHttpClientBodyRegister
void DetectHttpClientBodyRegister(void)
Registers the keyword handlers for the "http_client_body" keyword.
Definition detect-http-client-body.c:85
detect-http-client-body.h
DetectHttpHeaderNamesRegister
void DetectHttpHeaderNamesRegister(void)
Registers the keyword handlers for the "http.header_names" keyword.
Definition detect-http-header-names.c:211
DetectHttpHeaderRegister
void DetectHttpHeaderRegister(void)
Registers the keyword handlers for the "http_header" keyword.
Definition detect-http-header.c:403
DetectHttpResponseHeaderRegister
void DetectHttpResponseHeaderRegister(void)
Definition detect-http-header.c:617
DetectHttpRequestHeaderRegister
void DetectHttpRequestHeaderRegister(void)
Definition detect-http-header.c:584
DetectHttpHeadersRegister
void DetectHttpHeadersRegister(void)
Definition detect-http-headers.c:29
DetectHttpHHRegister
void DetectHttpHHRegister(void)
Registers the keyword handlers for the "http_host" keyword.
Definition detect-http-host.c:90
DetectHttpMethodRegister
void DetectHttpMethodRegister(void)
Registration function for keyword: http_method.
Definition detect-http-method.c:81
DetectHttpProtocolRegister
void DetectHttpProtocolRegister(void)
Registers the keyword handlers for the "http.protocol" keyword.
Definition detect-http-protocol.c:157
DetectHttpRawHeaderRegister
void DetectHttpRawHeaderRegister(void)
Registers the keyword handlers for the "http_raw_header" keyword.
Definition detect-http-raw-header.c:80
DetectHttpRequestLineRegister
void DetectHttpRequestLineRegister(void)
Registers the keyword handlers for the "http_request_line" keyword.
Definition detect-http-request-line.c:99
DetectHttpResponseLineRegister
void DetectHttpResponseLineRegister(void)
Registers the keyword handlers for the "http_response_line" keyword.
Definition detect-http-response-line.c:99
DetectHttpServerBodyRegister
void DetectHttpServerBodyRegister(void)
Registers the keyword handlers for the "http_server_body" keyword.
Definition detect-http-server-body.c:69
detect-http-server-body.h
DetectHttpStartRegister
void DetectHttpStartRegister(void)
Registers the keyword handlers for the "http_start" keyword.
Definition detect-http-start.c:183
DetectHttpStatCodeRegister
void DetectHttpStatCodeRegister(void)
Registration function for keyword: http_stat_code.
Definition detect-http-stat-code.c:82
DetectHttpStatMsgRegister
void DetectHttpStatMsgRegister(void)
Registration function for keyword: http_stat_msg.
Definition detect-http-stat-msg.c:92
DetectHttpUARegister
void DetectHttpUARegister(void)
Registers the keyword handlers for the "http_user_agent" keyword.
Definition detect-http-ua.c:80
DetectHttpUriRegister
void DetectHttpUriRegister(void)
Registration function for keywords: http_uri and http.uri.
Definition detect-http-uri.c:86
DetectHttp2Register
void DetectHttp2Register(void)
Registration function for HTTP2 keywords.
Definition detect-http2.c:103
DetectIcmpIdRegister
void DetectIcmpIdRegister(void)
Registration function for icode: icmp_id.
Definition detect-icmp-id.c:59
DetectIcmpSeqRegister
void DetectIcmpSeqRegister(void)
Registration function for icmp_seq.
Definition detect-icmp-seq.c:58
DetectIcmpv4HdrRegister
void DetectIcmpv4HdrRegister(void)
Registration function for icmpv4.hdr: keyword.
Definition detect-icmpv4hdr.c:48
DetectICMPv6mtuRegister
void DetectICMPv6mtuRegister(void)
Registration function for icmpv6.mtu: keyword.
Definition detect-icmpv6-mtu.c:48
DetectICMPv6hdrRegister
void DetectICMPv6hdrRegister(void)
Registration function for icmpv6.hdr: keyword.
Definition detect-icmpv6hdr.c:52
DetectICodeRegister
void DetectICodeRegister(void)
Registration function for icode: keyword.
Definition detect-icode.c:60
DetectIdRegister
void DetectIdRegister(void)
Registration function for keyword: id.
Definition detect-id.c:65
DetectIkeChosenSaRegister
void DetectIkeChosenSaRegister(void)
Registration function for ike.ChosenSa keyword.
Definition detect-ike-chosen-sa.c:66
DetectIkeExchTypeRegister
void DetectIkeExchTypeRegister(void)
Registration function for ike.exchtype keyword.
Definition detect-ike-exch-type.c:50
DetectIkeKeyExchangePayloadLengthRegister
void DetectIkeKeyExchangePayloadLengthRegister(void)
Registration function for ike.key_exchange_payload_length keyword.
Definition detect-ike-key-exchange-payload-length.c:49
DetectIkeKeyExchangeRegister
void DetectIkeKeyExchangeRegister(void)
Definition detect-ike-key-exchange-payload.c:92
DetectIkeNoncePayloadLengthRegister
void DetectIkeNoncePayloadLengthRegister(void)
Registration function for ike.nonce_payload_length keyword.
Definition detect-ike-nonce-payload-length.c:49
DetectIkeNonceRegister
void DetectIkeNonceRegister(void)
Definition detect-ike-nonce-payload.c:92
DetectIkeSpiRegister
void DetectIkeSpiRegister(void)
Definition detect-ike-spi.c:129
DetectIkeVendorRegister
void DetectIkeVendorRegister(void)
Registration function for ike.vendor keyword.
Definition detect-ike-vendor.c:46
DetectIPAddrBufferRegister
void DetectIPAddrBufferRegister(void)
Definition detect-ipaddr.c:53
DetectIpOptsRegister
void DetectIpOptsRegister(void)
Registration function for ipopts: keyword.
Definition detect-ipopts.c:47
DetectIPProtoRegister
void DetectIPProtoRegister(void)
Registration function for ip_proto keyword.
Definition detect-ipproto.c:60
DetectIPRepRegister
void DetectIPRepRegister(void)
Definition detect-iprep.c:63
DetectIpv4hdrRegister
void DetectIpv4hdrRegister(void)
Registration function for ipv4.hdr: keyword.
Definition detect-ipv4hdr.c:51
DetectIpv6hdrRegister
void DetectIpv6hdrRegister(void)
Registration function for ipv6.hdr: keyword.
Definition detect-ipv6hdr.c:51
DetectIsdataatRegister
void DetectIsdataatRegister(void)
Registration function for isdataat: keyword.
Definition detect-isdataat.c:157
DetectITypeRegister
void DetectITypeRegister(void)
Registration function for itype: keyword.
Definition detect-itype.c:57
DetectJa4HashRegister
void DetectJa4HashRegister(void)
Registration function for keyword: ja4.hash.
Definition detect-ja4-hash.c:67
DetectKrb5CNameRegister
void DetectKrb5CNameRegister(void)
Definition detect-krb5-cname.c:53
DetectKrb5ErrCodeRegister
void DetectKrb5ErrCodeRegister(void)
Registration function for krb5_err_code: keyword.
Definition detect-krb5-errcode.c:58
DetectKrb5MsgTypeRegister
void DetectKrb5MsgTypeRegister(void)
Registration function for krb5_msg_type: keyword.
Definition detect-krb5-msgtype.c:58
DetectKrb5SNameRegister
void DetectKrb5SNameRegister(void)
Definition detect-krb5-sname.c:53
DetectKrb5TicketEncryptionRegister
void DetectKrb5TicketEncryptionRegister(void)
Definition detect-krb5-ticket-encryption.c:68
DetectL3ProtoRegister
void DetectL3ProtoRegister(void)
Registration function for ip_proto keyword.
Definition detect-l3proto.c:54
DetectLuaRegister
void DetectLuaRegister(void)
Registration function for keyword: lua.
Definition detect-lua.c:83
DetectMarkRegister
void DetectMarkRegister(void)
Registration function for nfq_set_mark: keyword.
Definition detect-mark.c:57
DetectMetadataRegister
void DetectMetadataRegister(void)
Definition detect-metadata.c:44
DetectModbusRegister
void DetectModbusRegister(void)
Registration function for Modbus keyword.
Definition detect-modbus.c:120
DetectMsgRegister
void DetectMsgRegister(void)
Definition detect-msg.c:42
DetectNfsProcedureRegister
void DetectNfsProcedureRegister(void)
Registration function for nfs_procedure keyword.
Definition detect-nfs-procedure.c:64
DetectNfsVersionRegister
void DetectNfsVersionRegister(void)
Registration function for nfs_procedure keyword.
Definition detect-nfs-version.c:62
DetectNoalertRegister
void DetectNoalertRegister(void)
Definition detect-noalert.c:49
DetectNocaseRegister
void DetectNocaseRegister(void)
Definition detect-nocase.c:39
DetectOffsetRegister
void DetectOffsetRegister(void)
Definition detect-offset.c:46
DetectRegisterAppLayerHookLists
void DetectRegisterAppLayerHookLists(void)
register app hooks as generic lists
Definition detect-parse.c:1152
sigmatch_table
SigTableElmt * sigmatch_table
Definition detect-parse.c:79
DetectPcreRegister
void DetectPcreRegister(void)
Definition detect-pcre.c:97
DetectPktDataRegister
void DetectPktDataRegister(void)
Registration function for keyword: file_data.
Definition detect-pkt-data.c:53
DetectPktvarRegister
void DetectPktvarRegister(void)
Definition detect-pktvar.c:48
DetectPrefilterRegister
void DetectPrefilterRegister(void)
Definition detect-prefilter.c:38
DetectPriorityRegister
void DetectPriorityRegister(void)
Registers the handler functions for the "priority" keyword.
Definition detect-priority.c:49
DetectQuicCyuHashRegister
void DetectQuicCyuHashRegister(void)
Definition detect-quic-cyu-hash.c:59
DetectQuicCyuStringRegister
void DetectQuicCyuStringRegister(void)
Definition detect-quic-cyu-string.c:57
DetectQuicSniRegister
void DetectQuicSniRegister(void)
Registration function for quic.sni: keyword.
Definition detect-quic-sni.c:71
DetectQuicUaRegister
void DetectQuicUaRegister(void)
Registration function for quic.ua: keyword.
Definition detect-quic-ua.c:71
DetectQuicVersionRegister
void DetectQuicVersionRegister(void)
Registration function for quic.version: keyword.
Definition detect-quic-version.c:71
DetectRawbytesRegister
void DetectRawbytesRegister(void)
Definition detect-rawbytes.c:43
DetectReferenceRegister
void DetectReferenceRegister(void)
Registration function for the reference: keyword.
Definition detect-reference.c:61
DetectReplaceRegister
void DetectReplaceRegister(void)
Definition detect-replace.c:58
DetectRequiresRegister
void DetectRequiresRegister(void)
Definition detect-requires.c:44
DetectRevRegister
void DetectRevRegister(void)
Definition detect-rev.c:41
DetectRpcRegister
void DetectRpcRegister(void)
Registration function for rpc keyword.
Definition detect-rpc.c:61
DetectSameipRegister
void DetectSameipRegister(void)
Registration function for sameip: keyword.
Definition detect-sameip.c:51
DetectSidRegister
void DetectSidRegister(void)
Definition detect-sid.c:41
DetectSipMethodRegister
void DetectSipMethodRegister(void)
Definition detect-sip-method.c:128
DetectSipUriRegister
void DetectSipUriRegister(void)
Definition detect-sip-uri.c:101
DetectSmbNtlmsspUserRegister
void DetectSmbNtlmsspUserRegister(void)
Definition detect-smb-ntlmssp.c:77
DetectSmbNtlmsspDomainRegister
void DetectSmbNtlmsspDomainRegister(void)
Definition detect-smb-ntlmssp.c:133
DetectSmbNamedPipeRegister
void DetectSmbNamedPipeRegister(void)
Definition detect-smb-share.c:78
DetectSmbShareRegister
void DetectSmbShareRegister(void)
Definition detect-smb-share.c:138
DetectSmbVersionRegister
void DetectSmbVersionRegister(void)
Registers the keyword handlers for the "smb_version" keyword.
Definition detect-smb-version.c:135
SCDetectSMTPRegister
void SCDetectSMTPRegister(void)
Definition detect-smtp.c:129
DetectSshHasshServerStringRegister
void DetectSshHasshServerStringRegister(void)
Registration function for hasshServer.string keyword.
Definition detect-ssh-hassh-server-string.c:123
DetectSshHasshServerRegister
void DetectSshHasshServerRegister(void)
Registration function for hasshServer keyword.
Definition detect-ssh-hassh-server.c:151
DetectSshHasshStringRegister
void DetectSshHasshStringRegister(void)
Registration function for hassh.string keyword.
Definition detect-ssh-hassh-string.c:123
DetectSshHasshRegister
void DetectSshHasshRegister(void)
Registration function for hassh keyword.
Definition detect-ssh-hassh.c:151
DetectSshVersionRegister
void DetectSshVersionRegister(void)
Registration function for keyword: ssh.protoversion.
Definition detect-ssh-proto-version.c:39
DetectSshProtocolRegister
void DetectSshProtocolRegister(void)
Definition detect-ssh-proto.c:96
DetectSshSoftwareVersionRegister
void DetectSshSoftwareVersionRegister(void)
Registration function for keyword: ssh.softwareversion.
Definition detect-ssh-software-version.c:39
DetectSshSoftwareRegister
void DetectSshSoftwareRegister(void)
Definition detect-ssh-software.c:97
DetectSslStateRegister
void DetectSslStateRegister(void)
Registers the keyword handlers for the "ssl_state" keyword.
Definition detect-ssl-state.c:73
DetectSslVersionRegister
void DetectSslVersionRegister(void)
Registration function for keyword: ssl_version.
Definition detect-ssl-version.c:67
DetectStreamSizeRegister
void DetectStreamSizeRegister(void)
Registration function for stream_size: keyword.
Definition detect-stream_size.c:58
detect-stream_size.h
DetectTagRegister
void DetectTagRegister(void)
Registration function for keyword tag.
Definition detect-tag.c:69
DetectTargetRegister
void DetectTargetRegister(void)
Registration function for target keyword.
Definition detect-target.c:51
DetectAckRegister
void DetectAckRegister(void)
Registration function for ack: keyword.
Definition detect-tcp-ack.c:56
DetectFlagsRegister
void DetectFlagsRegister(void)
Registration function for flags: keyword.
Definition detect-tcp-flags.c:76
DetectSeqRegister
void DetectSeqRegister(void)
Registration function for ack: keyword.
Definition detect-tcp-seq.c:53
DetectWindowRegister
void DetectWindowRegister(void)
Registration function for window: keyword.
Definition detect-tcp-window.c:59
DetectTcpWscaleRegister
void DetectTcpWscaleRegister(void)
Registration function for tcp.wscale keyword.
Definition detect-tcp-wscale.c:47
DetectTcphdrRegister
void DetectTcphdrRegister(void)
Registration function for tcp.hdr: keyword.
Definition detect-tcphdr.c:51
DetectTcpmssRegister
void DetectTcpmssRegister(void)
Registration function for tcpmss: keyword.
Definition detect-tcpmss.c:51
DetectTemplate2Register
void DetectTemplate2Register(void)
Registration function for template2: keyword.
Definition detect-template2.c:51
DetectTemplateRegister
void DetectTemplateRegister(void)
Registration function for template: keyword.
Definition detect-template.c:55
DetectThresholdRegister
void DetectThresholdRegister(void)
Registration function for threshold: keyword.
Definition detect-threshold.c:86
DetectTlsAlpnRegister
void DetectTlsAlpnRegister(void)
Registration function for keyword: tls.alpn.
Definition detect-tls-alpn.c:85
DetectTlsFingerprintRegister
void DetectTlsFingerprintRegister(void)
Registration function for keyword: tls.cert_fingerprint.
Definition detect-tls-cert-fingerprint.c:73
DetectTlsIssuerRegister
void DetectTlsIssuerRegister(void)
Registration function for keyword: tls.cert_issuer.
Definition detect-tls-cert-issuer.c:69
DetectTlsSerialRegister
void DetectTlsSerialRegister(void)
Registration function for keyword: tls.cert_serial.
Definition detect-tls-cert-serial.c:73
DetectTlsSubjectRegister
void DetectTlsSubjectRegister(void)
Registration function for keyword: tls.cert_subject.
Definition detect-tls-cert-subject.c:69
DetectTlsValidityRegister
void DetectTlsValidityRegister(void)
Registration function for tls validity keywords.
Definition detect-tls-cert-validity.c:80
DetectTlsCertChainLenRegister
void DetectTlsCertChainLenRegister(void)
Definition detect-tls-certs.c:237
DetectTlsCertsRegister
void DetectTlsCertsRegister(void)
Registration function for keyword: tls.certs.
Definition detect-tls-certs.c:104
DetectTlsJa3HashRegister
void DetectTlsJa3HashRegister(void)
Registration function for keyword: ja3_hash.
Definition detect-tls-ja3-hash.c:81
DetectTlsJa3StringRegister
void DetectTlsJa3StringRegister(void)
Registration function for keyword: ja3.string.
Definition detect-tls-ja3-string.c:80
DetectTlsJa3SHashRegister
void DetectTlsJa3SHashRegister(void)
Registration function for keyword: ja3s.hash.
Definition detect-tls-ja3s-hash.c:81
DetectTlsJa3SStringRegister
void DetectTlsJa3SStringRegister(void)
Registration function for keyword: ja3s.string.
Definition detect-tls-ja3s-string.c:80
DetectTlsRandomRegister
void DetectTlsRandomRegister(void)
Registration function for keyword: tls.random.
Definition detect-tls-random.c:112
DetectTlsSniRegister
void DetectTlsSniRegister(void)
Registration function for keyword: tls.sni.
Definition detect-tls-sni.c:66
DetectTlsSubjectAltNameRegister
void DetectTlsSubjectAltNameRegister(void)
Registration function for keyword: tls.subjectaltname.
Definition detect-tls-subjectaltname.c:78
DetectTlsVersionRegister
void DetectTlsVersionRegister(void)
Registration function for keyword: tls.version.
Definition detect-tls-version.c:73
DetectTlsRegister
void DetectTlsRegister(void)
Registration function for keyword: tls.version.
Definition detect-tls.c:101
DetectTosRegister
void DetectTosRegister(void)
Register Tos keyword.
Definition detect-tos.c:64
DetectTransformLuaxformRegister
void DetectTransformLuaxformRegister(void)
Definition detect-transform-luaxform.c:368
DetectTransformPcrexformRegister
void DetectTransformPcrexformRegister(void)
Definition detect-transform-pcrexform.c:58
DetectTtlRegister
void DetectTtlRegister(void)
Registration function for ttl: keyword.
Definition detect-ttl.c:54
DetectUdphdrRegister
void DetectUdphdrRegister(void)
Registration function for udp.hdr: keyword.
Definition detect-udphdr.c:50
DetectUricontentRegister
void DetectUricontentRegister(void)
Registration function for uricontent: keyword.
Definition detect-uricontent.c:67
DetectUrilenRegister
void DetectUrilenRegister(void)
Registration function for urilen: keyword.
Definition detect-urilen.c:61
DetectVlanLayersRegister
void DetectVlanLayersRegister(void)
Definition detect-vlan.c:209
DetectVlanIdRegister
void DetectVlanIdRegister(void)
Definition detect-vlan.c:132
DetectWithinRegister
void DetectWithinRegister(void)
Definition detect-within.c:52
DetectXbitsRegister
void DetectXbitsRegister(void)
Definition detect-xbits.c:73
SIGMATCH_IPONLY_COMPAT
#define SIGMATCH_IPONLY_COMPAT
Definition detect.h:1653
SIGMATCH_NOOPT
#define SIGMATCH_NOOPT
Definition detect.h:1651
SIGMATCH_INFO_STICKY_BUFFER
#define SIGMATCH_INFO_STICKY_BUFFER
Definition detect.h:1676
SIGMATCH_DEONLY_COMPAT
#define SIGMATCH_DEONLY_COMPAT
Definition detect.h:1655
SIGMATCH_SUPPORT_FIREWALL
#define SIGMATCH_SUPPORT_FIREWALL
Definition detect.h:1682
SIGMATCH_INFO_CONTENT_MODIFIER
#define SIGMATCH_INFO_CONTENT_MODIFIER
Definition detect.h:1674
SigTableElmt_
element in sigmatch type table.
Definition detect.h:1419
SigTableElmt_::flags
uint16_t flags
Definition detect.h:1450
SigTableElmt_::RegisterTests
void(* RegisterTests)(void)
Definition detect.h:1448
SigTableElmt_::Cleanup
void(* Cleanup)(struct SigTableElmt_ *)
Definition detect.h:1465
SigTableElmt_::name
const char * name
Definition detect.h:1459
SigTableElmt_::Transform
void(* Transform)(DetectEngineThreadCtx *, InspectionBuffer *, void *context)
Definition detect.h:1434
SigTableElmt_::SupportsPrefilter
bool(* SupportsPrefilter)(const Signature *s)
Definition detect.h:1443
coverage_unittests
int coverage_unittests
Definition suricata.c:943
g_ut_covered
int g_ut_covered
Definition suricata.c:945
g_ut_modules
int g_ut_modules
Definition suricata.c:944
GetDocURL
const char * GetDocURL(void)
Definition suricata.c:1165
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition tm-threads-common.h:82
TM_ECODE_DONE
@ TM_ECODE_DONE
Definition tm-threads-common.h:83
name
const char * name
Definition tm-threads.c:2163
FatalError
#define FatalError(...)
Definition util-debug.h:510
SCLogDebug
#define SCLogDebug(...)
Definition util-debug.h:275
SCLogWarning
#define SCLogWarning(...)
Macro used to log WARNING messages.
Definition util-debug.h:255
SCFree
#define SCFree(p)
Definition util-mem.h:61
SCRealloc
#define SCRealloc(ptr, sz)
Definition util-mem.h:50
SCCalloc
#define SCCalloc(nm, sz)
Definition util-mem.h:53