#include <detect.h>
Data Fields | |
| SignatureHook | hook |
| uint16_t | sm_cnt |
| bool | negated |
| bool | src_contains_negation |
| bool | dst_contains_negation |
| bool | has_possible_prefilter |
| uint32_t | init_flags |
| AppProto | alprotos [SIG_ALPROTO_MAX] |
| SigMatch * | dsize_sm |
| IPOnlyCIDRItem * | cidr_src |
| IPOnlyCIDRItem * | cidr_dst |
| int | mpm_sm_list |
| SigMatch * | mpm_sm |
| SigMatch * | prefilter_sm |
| int | list |
| bool | list_set |
| DetectEngineTransforms | transforms |
| int | score |
| const DetectAddressHead * | src |
| const DetectAddressHead * | dst |
| struct SigMatch_ * | smlists [DETECT_SM_LIST_MAX] |
| struct SigMatch_ * | smlists_tail [DETECT_SM_LIST_MAX] |
| SignatureInitDataBuffer * | buffers |
| uint32_t | buffer_index |
| uint32_t | buffers_size |
| SignatureInitDataBuffer * | curbuf |
| uint32_t | max_content_list_id |
| bool | is_rule_state_dependant |
| uint32_t * | rule_state_dependant_sids_array |
| uint32_t | rule_state_dependant_sids_size |
| uint32_t | rule_state_dependant_sids_idx |
| uint32_t * | rule_state_flowbits_ids_array |
| uint32_t | rule_state_flowbits_ids_size |
| bool | firewall_rule |
Detailed Description
Field Documentation
◆ alprotos
| AppProto SignatureInitData_::alprotos[SIG_ALPROTO_MAX] |
Definition at line 612 of file detect.h.
Referenced by DetectSignatureSetMultiAppProto(), and SCDetectSignatureSetAppProto().
◆ buffer_index
| uint32_t SignatureInitData_::buffer_index |
Definition at line 648 of file detect.h.
Referenced by DetectBufferGetActiveList(), DetectBufferGetFirstSigMatch(), DetectBufferGetLastSigMatch(), DetectBufferIsPresent(), DetectByteExtractRetrieveSMVar(), DetectByteMathRetrieveSMVar(), DetectContentPropagateLimits(), DetectEngineAppInspectionEngine2Signature(), DetectEngineContentModifierBufferSetup(), DetectGetLastSM(), DetectGetLastSMByListId(), DetectGetLastSMFromLists(), DetectGetLastSMFromMpmLists(), DetectMd5ValidateCallback(), DetectUrilenApplyToContent(), DetectUrilenValidateContent(), RetrieveFPForSig(), SCDetectBufferSetActiveList(), SCSigMatchAppendSMToList(), SigFree(), SigMatchListSMBelongsTo(), SignatureInitDataBufferCheckExpand(), SignatureSetType(), and SigPrepareStage1().
◆ buffers
| SignatureInitDataBuffer* SignatureInitData_::buffers |
Definition at line 647 of file detect.h.
Referenced by DetectBufferGetActiveList(), DetectBufferGetFirstSigMatch(), DetectBufferGetLastSigMatch(), DetectBufferIsPresent(), DetectByteExtractRetrieveSMVar(), DetectByteMathRetrieveSMVar(), DetectContentPropagateLimits(), DetectEngineAppInspectionEngine2Signature(), DetectEngineContentModifierBufferSetup(), DetectGetLastSM(), DetectGetLastSMByListId(), DetectGetLastSMFromLists(), DetectGetLastSMFromMpmLists(), DetectMd5ValidateCallback(), DetectUrilenApplyToContent(), DetectUrilenValidateContent(), RetrieveFPForSig(), SCDetectBufferSetActiveList(), SCSigMatchAppendSMToList(), SigAlloc(), SigFree(), SigMatchListSMBelongsTo(), SignatureInitDataBufferCheckExpand(), SignatureSetType(), and SigPrepareStage1().
◆ buffers_size
| uint32_t SignatureInitData_::buffers_size |
Definition at line 649 of file detect.h.
Referenced by SCDetectBufferSetActiveList(), SigAlloc(), and SignatureInitDataBufferCheckExpand().
◆ cidr_dst
| IPOnlyCIDRItem * SignatureInitData_::cidr_dst |
Definition at line 618 of file detect.h.
Referenced by IPOnlyAddSignature(), IPOnlySigParseAddress(), and SigFree().
◆ cidr_src
| IPOnlyCIDRItem* SignatureInitData_::cidr_src |
netblocks and hosts specified at the sid, in CIDR format
Definition at line 618 of file detect.h.
Referenced by IPOnlyAddSignature(), IPOnlySigParseAddress(), and SigFree().
◆ curbuf
| SignatureInitDataBuffer* SignatureInitData_::curbuf |
Definition at line 650 of file detect.h.
Referenced by DetectBufferGetActiveList(), DetectEngineContentModifierBufferSetup(), SCDetectBufferSetActiveList(), and SCSigMatchAppendSMToList().
◆ dsize_sm
| SigMatch* SignatureInitData_::dsize_sm |
Definition at line 615 of file detect.h.
Referenced by SigParseGetMaxDsize(), and SigParseSetDsizePair().
◆ dst
| const DetectAddressHead * SignatureInitData_::dst |
◆ dst_contains_negation
| bool SignatureInitData_::dst_contains_negation |
Definition at line 602 of file detect.h.
Referenced by SignatureIsIPOnly().
◆ firewall_rule
| bool SignatureInitData_::firewall_rule |
Definition at line 664 of file detect.h.
Referenced by EngineAnalysisRules2(), and SCSigOrderSignatures().
◆ has_possible_prefilter
| bool SignatureInitData_::has_possible_prefilter |
◆ hook
| SignatureHook SignatureInitData_::hook |
Definition at line 590 of file detect.h.
Referenced by DetectEngineAppInspectionEngine2Signature(), SignatureIsIPOnly(), SignatureSetType(), and SigPrepareStage2().
◆ init_flags
| uint32_t SignatureInitData_::init_flags |
Definition at line 608 of file detect.h.
Referenced by DetectEngineAppendSig(), DetectEngineAppInspectionEngine2Signature(), DetectEnginePktInspectionSetup(), DetectFirewallRuleAppendNew(), DetectFlowbitsAnalyze(), EngineAnalysisRules(), EngineAnalysisRules2(), SCDetectBufferSetActiveList(), and SCSigMatchAppendSMToList().
◆ is_rule_state_dependant
| bool SignatureInitData_::is_rule_state_dependant |
Definition at line 656 of file detect.h.
Referenced by DetectFlowbitsAnalyze(), EngineAnalysisRules2(), and SigAlloc().
◆ list
| int SignatureInitData_::list |
Definition at line 628 of file detect.h.
Referenced by DetectBufferGetActiveList(), DetectContentSetup(), DetectEngineContentModifierBufferSetup(), DetectGetLastSMFromLists(), DetectIsdataatSetup(), SCDetectBufferSetActiveList(), SCDetectSignatureAddTransform(), SCSigMatchAppendSMToList(), and SigAlloc().
◆ list_set
| bool SignatureInitData_::list_set |
Definition at line 629 of file detect.h.
Referenced by DetectBufferGetActiveList(), SCDetectBufferSetActiveList(), SCDetectSignatureAddTransform(), and SCSigMatchAppendSMToList().
◆ max_content_list_id
| uint32_t SignatureInitData_::max_content_list_id |
Definition at line 653 of file detect.h.
Referenced by DetectEngineContentModifierBufferSetup(), RetrieveFPForSig(), and SCSigMatchAppendSMToList().
◆ mpm_sm
| SigMatch* SignatureInitData_::mpm_sm |
Definition at line 623 of file detect.h.
Referenced by DetectEngineAppInspectionEngine2Signature(), DetectSetFastPatternAndItsId(), EngineAnalysisFP(), EngineAnalysisRules(), MpmStorePrepareBuffer(), and RetrieveFPForSig().
◆ mpm_sm_list
| int SignatureInitData_::mpm_sm_list |
Definition at line 621 of file detect.h.
Referenced by DetectEngineAppInspectionEngine2Signature(), DetectSetFastPatternAndItsId(), EngineAnalysisFP(), EngineAnalysisRules(), MpmStorePrepareBuffer(), and SigAlloc().
◆ negated
| bool SignatureInitData_::negated |
option was prefixed with '!'. Only set for sigmatches that have the SIGMATCH_HANDLE_NEGATION flag set.
Definition at line 597 of file detect.h.
Referenced by DetectContentSetup().
◆ prefilter_sm
| SigMatch* SignatureInitData_::prefilter_sm |
Definition at line 625 of file detect.h.
Referenced by EngineAnalysisFP(), EngineAnalysisRules(), and EngineAnalysisRules2().
◆ rule_state_dependant_sids_array
| uint32_t* SignatureInitData_::rule_state_dependant_sids_array |
Definition at line 657 of file detect.h.
Referenced by DetectFlowbitsAnalyze(), and EngineAnalysisRules2().
◆ rule_state_dependant_sids_idx
| uint32_t SignatureInitData_::rule_state_dependant_sids_idx |
Definition at line 659 of file detect.h.
Referenced by DetectFlowbitsAnalyze(), EngineAnalysisRules2(), and SigAlloc().
◆ rule_state_dependant_sids_size
| uint32_t SignatureInitData_::rule_state_dependant_sids_size |
Definition at line 658 of file detect.h.
Referenced by DetectFlowbitsAnalyze(), and EngineAnalysisRules2().
◆ rule_state_flowbits_ids_array
| uint32_t* SignatureInitData_::rule_state_flowbits_ids_array |
Definition at line 660 of file detect.h.
Referenced by DetectFlowbitsAnalyze(), and EngineAnalysisRules2().
◆ rule_state_flowbits_ids_size
| uint32_t SignatureInitData_::rule_state_flowbits_ids_size |
Definition at line 661 of file detect.h.
Referenced by DetectFlowbitsAnalyze(), and EngineAnalysisRules2().
◆ score
| int SignatureInitData_::score |
◆ sm_cnt
| uint16_t SignatureInitData_::sm_cnt |
Number of sigmatches. Used for assigning SigMatch::idx
Definition at line 593 of file detect.h.
Referenced by SCSigMatchAppendSMToList().
◆ smlists
| struct SigMatch_* SignatureInitData_::smlists[DETECT_SM_LIST_MAX] |
Definition at line 642 of file detect.h.
Referenced by __attribute__(), DetectByteExtractRetrieveSMVar(), DetectByteMathRetrieveSMVar(), DetectContentPropagateLimits(), DetectEngineAppInspectionEngine2Signature(), DetectEngineContentModifierBufferSetup(), DetectFlagsSignatureNeedsSynOnlyPackets(), DetectFlagsSignatureNeedsSynPackets(), DetectGetLastSMFromLists(), DetectIPProtoRemoveAllSMs(), EngineAnalysisRules(), RetrieveFPForSig(), SCSigMatchAppendSMToList(), SigFree(), SigMatchListSMBelongsTo(), SigMatchRemoveSMFromList(), SignatureHasPacketContent(), SignatureHasStreamContent(), SignatureIsIPOnly(), SignatureSetType(), SigParseApplyDsizeToContent(), SigParseMaxRequiredDsize(), and SigPrepareStage1().
◆ smlists_tail
| struct SigMatch_* SignatureInitData_::smlists_tail[DETECT_SM_LIST_MAX] |
Definition at line 644 of file detect.h.
Referenced by DetectEngineContentModifierBufferSetup(), DetectGetLastSM(), DetectGetLastSMByListId(), DetectGetLastSMFromLists(), DetectGetLastSMFromMpmLists(), SCSigMatchAppendSMToList(), and SigMatchRemoveSMFromList().
◆ src
| const DetectAddressHead* SignatureInitData_::src |
◆ src_contains_negation
| bool SignatureInitData_::src_contains_negation |
Definition at line 601 of file detect.h.
Referenced by SignatureIsIPOnly().
◆ transforms
| DetectEngineTransforms SignatureInitData_::transforms |
Definition at line 631 of file detect.h.
Referenced by DetectBufferGetActiveList(), SCDetectBufferSetActiveList(), SCDetectSignatureAddTransform(), and SigFree().
The documentation for this struct was generated from the following file:
- src/detect.h
