Signature_ Struct Reference

Signature container. More...

#include <detect.h>

Collaboration diagram for Signature_:

Data Fields
uint32_t	flags
enum SignatureType	type
AppProto	alproto
uint16_t	dsize_low
uint16_t	dsize_high
uint8_t	dsize_mode
SignatureMask	mask
SigIntId	iid
uint8_t	action
uint8_t	file_flags
DetectProto	proto
uint8_t	action_scope
uint16_t	addr_dst_match4_cnt
uint16_t	addr_src_match4_cnt
uint16_t	addr_dst_match6_cnt
uint16_t	addr_src_match6_cnt
uint16_t	class_id
uint8_t	detect_table
uint8_t	app_progress_hook
DetectMatchAddressIPv4 *	addr_dst_match4
DetectMatchAddressIPv4 *	addr_src_match4
DetectMatchAddressIPv6 *	addr_dst_match6
DetectMatchAddressIPv6 *	addr_src_match6
uint32_t	id
uint32_t	gid
uint32_t	rev
int	prio
DetectPort *	sp
DetectPort *	dp
DetectEngineAppInspectionEngine *	app_inspect
DetectEnginePktInspectionEngine *	pkt_inspect
DetectEngineFrameInspectionEngine *	frame_inspect
SigMatchData *	sm_arrays [DETECT_SM_LIST_MAX]
const struct DetectFilestoreData_ *	filestore_ctx
char *	msg
char *	class_msg
DetectReference *	references
DetectMetadataHead *	metadata
char *	sig_str
SignatureInitData *	init_data
struct Signature_ *	next

Detailed Description

Signature container.

Definition at line 668 of file detect.h.

Field Documentation

action

uint8_t Signature_::action

inline – action

Definition at line 683 of file detect.h.

Referenced by AlertQueueAppend(), EngineAnalysisRules2(), and FirewallAnalyzer().

action_scope

uint8_t Signature_::action_scope

Definition at line 690 of file detect.h.

Referenced by EngineAnalysisRules2().

addr_dst_match4

DetectMatchAddressIPv4* Signature_::addr_dst_match4

Definition at line 707 of file detect.h.

Referenced by SigFree().

addr_dst_match4_cnt

uint16_t Signature_::addr_dst_match4_cnt

ipv4 match arrays

Definition at line 693 of file detect.h.

addr_dst_match6

DetectMatchAddressIPv6* Signature_::addr_dst_match6

ipv6 match arrays

Definition at line 710 of file detect.h.

Referenced by SigFree().

addr_dst_match6_cnt

uint16_t Signature_::addr_dst_match6_cnt

Definition at line 695 of file detect.h.

addr_src_match4

DetectMatchAddressIPv4* Signature_::addr_src_match4

Definition at line 708 of file detect.h.

Referenced by SigFree().

addr_src_match4_cnt

uint16_t Signature_::addr_src_match4_cnt

Definition at line 694 of file detect.h.

addr_src_match6

DetectMatchAddressIPv6* Signature_::addr_src_match6

Definition at line 711 of file detect.h.

Referenced by SigFree().

addr_src_match6_cnt

uint16_t Signature_::addr_src_match6_cnt

Definition at line 696 of file detect.h.

alproto

AppProto Signature_::alproto

Definition at line 673 of file detect.h.

Referenced by DetectEngineContentModifierBufferSetup(), DetectSignatureSetMultiAppProto(), EngineAnalysisRules(), EngineAnalysisRules2(), RetrieveFPForSig(), SCDetectSignatureSetAppProto(), and SignatureIsIPOnly().

app_inspect

DetectEngineAppInspectionEngine* Signature_::app_inspect

Definition at line 725 of file detect.h.

Referenced by DetectEngineAppInspectionEngine2Signature(), DetectEngineAppInspectionEngineSignatureFree(), EngineAnalysisAddAllRulePatterns(), and EngineAnalysisRules2().

app_progress_hook

uint8_t Signature_::app_progress_hook

firewall: progress value for this signature

Definition at line 705 of file detect.h.

class_id

uint16_t Signature_::class_id

classification id

Definition at line 699 of file detect.h.

class_msg

char* Signature_::class_msg

classification message

Definition at line 739 of file detect.h.

Referenced by AlertFastLogger(), and AlertJsonHeader().

detect_table

uint8_t Signature_::detect_table

detect: pseudo table this rule is part of (enum DetectTable)

Definition at line 702 of file detect.h.

dp

DetectPort * Signature_::dp

Definition at line 719 of file detect.h.

Referenced by IPOnlyMatchPacket(), and SigFree().

dsize_high

uint16_t Signature_::dsize_high

Definition at line 676 of file detect.h.

Referenced by SigParseSetDsizePair().

dsize_low

uint16_t Signature_::dsize_low

Definition at line 675 of file detect.h.

Referenced by SigParseSetDsizePair().

dsize_mode

uint8_t Signature_::dsize_mode

Definition at line 677 of file detect.h.

Referenced by SigParseSetDsizePair().

file_flags

uint8_t Signature_::file_flags

Definition at line 684 of file detect.h.

Referenced by DetectFileHashMatch(), DetectFileHashSetup(), SignatureIsFilemagicInspecting(), SignatureIsFileMd5Inspecting(), SignatureIsFileSha1Inspecting(), SignatureIsFileSha256Inspecting(), and SignatureIsFilesizeInspecting().

filestore_ctx

const struct DetectFilestoreData_* Signature_::filestore_ctx

Definition at line 734 of file detect.h.

flags

uint32_t Signature_::flags

Definition at line 669 of file detect.h.

Referenced by AlertJsonHeader(), DetectContentPMATCHValidateCallback(), DetectEngineAppInspectionEngine2Signature(), DetectEngineContentModifierBufferSetup(), DetectEngineInspectStream(), DetectEngineInspectStreamPayload(), DetectFlowSetupImplicit(), DetectRunStoreStateTx(), EngineAnalysisRules(), EngineAnalysisRules2(), FirewallAnalyzer(), IPOnlyMatchPacket(), IPOnlySigParseAddress(), RetrieveFPForSig(), SCDetectSignatureSetAppProto(), SignatureHasPacketContent(), SignatureHasStreamContent(), SignatureIsFilestoring(), SignatureIsIPOnly(), SignatureSetType(), SigParseApplyDsizeToContent(), SigParseGetMaxDsize(), SigParseMaxRequiredDsize(), SigParseSetDsizePair(), and SigPrepareStage1().

frame_inspect

DetectEngineFrameInspectionEngine* Signature_::frame_inspect

Definition at line 727 of file detect.h.

Referenced by DetectEngineAppInspectionEngineSignatureFree(), DetectRunFrameInspectRule(), EngineAnalysisAddAllRulePatterns(), and EngineAnalysisRules2().

gid

uint32_t Signature_::gid

generator id

Definition at line 714 of file detect.h.

Referenced by AlertFastLogger(), AlertJsonHeader(), EngineAnalysisRules2(), PacketAlertTagInit(), and PacketAlertThreshold().

id

uint32_t Signature_::id

sid, set by the 'sid' rule keyword

Definition at line 713 of file detect.h.

Referenced by __attribute__(), AlertFastLogger(), AlertJsonHeader(), AlertQueueAppend(), DetectEngineAppInspectionEngine2Signature(), DetectEngineInspectFrameBufferGeneric(), DetectEngineInspectStream(), DetectEnginePktInspectionRun(), DetectEnginePktInspectionSetup(), DetectFileInspectGeneric(), DetectFlowbitsAnalyze(), DetectMd5ValidateCallback(), DetectRunFrameInspectRule(), DetectSetFastPatternAndItsId(), DetectUrilenApplyToContent(), EngineAnalysisFP(), EngineAnalysisRules(), EngineAnalysisRules2(), FirewallAnalyzer(), IPOnlyAddSignature(), IPOnlyMatchPacket(), PacketAlertCheck(), PacketAlertTagInit(), PacketAlertThreshold(), RetrieveFPForSig(), RulesDumpMatchArray(), RulesDumpTxMatchArray(), SCSigOrderSignatures(), SigGroupHeadContainsSigId(), SignatureIsIPOnly(), SignatureSetType(), SigParseApplyDsizeToContent(), SigPrepareStage1(), SigPrepareStage2(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().

iid

SigIntId Signature_::iid

signature internal id

Definition at line 680 of file detect.h.

Referenced by AlertQueueAppend(), IPOnlyAddSignature(), MpmStorePrepareBuffer(), PacketAlertTagInit(), PostRuleMatchWorkQueueAppend(), SigGroupBuild(), SigGroupHeadAppendSig(), and SigPrepareStage1().

init_data

SignatureInitData* Signature_::init_data

Definition at line 747 of file detect.h.

Referenced by __attribute__(), DetectBufferGetActiveList(), DetectBufferGetFirstSigMatch(), DetectBufferGetLastSigMatch(), DetectBufferIsPresent(), DetectByteExtractRetrieveSMVar(), DetectByteMathRetrieveSMVar(), DetectContentPropagateLimits(), DetectContentSetup(), DetectEngineAppendSig(), DetectEngineAppInspectionEngine2Signature(), DetectEngineContentModifierBufferSetup(), DetectEnginePktInspectionSetup(), DetectFirewallRuleAppendNew(), DetectFlagsSignatureNeedsSynOnlyPackets(), DetectFlagsSignatureNeedsSynPackets(), DetectFlowbitsAnalyze(), DetectGetLastSM(), DetectGetLastSMByListId(), DetectGetLastSMFromLists(), DetectGetLastSMFromMpmLists(), DetectIPProtoRemoveAllSMs(), DetectIsdataatSetup(), DetectMd5ValidateCallback(), DetectSetFastPatternAndItsId(), DetectSignatureSetMultiAppProto(), DetectUrilenApplyToContent(), DetectUrilenValidateContent(), EngineAnalysisFP(), EngineAnalysisRules(), EngineAnalysisRules2(), IPOnlyAddSignature(), IPOnlySigParseAddress(), MpmStorePrepareBuffer(), RetrieveFPForSig(), SCDetectBufferSetActiveList(), SCDetectSignatureAddTransform(), SCDetectSignatureSetAppProto(), SCSigMatchAppendSMToList(), SCSigOrderSignatures(), SigAlloc(), SigFree(), SigMatchListSMBelongsTo(), SigMatchRemoveSMFromList(), SignatureHasPacketContent(), SignatureHasStreamContent(), SignatureInitDataBufferCheckExpand(), SignatureIsIPOnly(), SignatureSetType(), SigParseApplyDsizeToContent(), SigParseGetMaxDsize(), SigParseMaxRequiredDsize(), SigParseSetDsizePair(), SigPrepareStage1(), and SigPrepareStage2().

mask

SignatureMask Signature_::mask

Definition at line 679 of file detect.h.

Referenced by EngineAnalysisRules2().

metadata

DetectMetadataHead* Signature_::metadata

Metadata

Definition at line 743 of file detect.h.

msg

char* Signature_::msg

Definition at line 736 of file detect.h.

Referenced by AlertFastLogger(), AlertJsonHeader(), EngineAnalysisRules2(), IPOnlyAddSignature(), IPOnlyMatchPacket(), and SigFree().

next

struct Signature_* Signature_::next

ptr to the next sig in the list

Definition at line 750 of file detect.h.

Referenced by DetectEngineAppendSig(), DetectFirewallRuleAppendNew(), DetectSetFastPatternAndItsId(), FirewallAnalyzer(), LLVMFuzzerTestOneInput(), SCSigOrderSignatures(), SigCleanSignatures(), SigGroupBuild(), SigPrepareStage1(), and SigPrepareStage2().

pkt_inspect

DetectEnginePktInspectionEngine* Signature_::pkt_inspect

Definition at line 726 of file detect.h.

Referenced by DetectEngineAppInspectionEngineSignatureFree(), DetectEnginePktInspectionRun(), EngineAnalysisAddAllRulePatterns(), and EngineAnalysisRules2().

prio

int Signature_::prio

Definition at line 716 of file detect.h.

Referenced by AlertFastLogger(), AlertJsonHeader(), PacketAlertTagInit(), and SigAlloc().

proto

DetectProto Signature_::proto

addresses, ports and proto this sig matches on

Definition at line 687 of file detect.h.

Referenced by EngineAnalysisRules(), IPOnlyMatchPacket(), SignatureHasPacketContent(), SignatureHasStreamContent(), and SigPrepareStage1().

references

DetectReference* Signature_::references

Reference

Definition at line 741 of file detect.h.

rev

uint32_t Signature_::rev

Definition at line 715 of file detect.h.

Referenced by AlertFastLogger(), AlertJsonHeader(), EngineAnalysisRules2(), PacketAlertTagInit(), and PacketAlertThreshold().

sig_str

char* Signature_::sig_str

Definition at line 745 of file detect.h.

Referenced by AlertJsonHeader(), DetectBsizeValidateContentCallback(), EngineAnalysisRules2(), FirewallAnalyzer(), SCDetectBufferSetActiveList(), SCDetectSignatureAddTransform(), SigFree(), and SigParseMaxRequiredDsize().

sm_arrays

SigMatchData* Signature_::sm_arrays[DETECT_SM_LIST_MAX]

Definition at line 731 of file detect.h.

Referenced by DetectEngineInspectPacketPayload(), DetectEnginePktInspectionSetup(), EngineAnalysisAddAllRulePatterns(), EngineAnalysisRules2(), IPOnlyMatchPacket(), and SigGetThresholdTypeIter().

sp

DetectPort* Signature_::sp

port settings for this signature

Definition at line 719 of file detect.h.

Referenced by IPOnlyMatchPacket(), and SigFree().

type

enum SignatureType Signature_::type

Definition at line 671 of file detect.h.

Referenced by EngineAnalysisRules(), EngineAnalysisRules2(), FirewallAnalyzer(), IPOnlyAddSignature(), SCSigOrderSignatures(), SignatureSetType(), SigPrepareStage1(), and SigPrepareStage2().

---

The documentation for this struct was generated from the following file:

• src/detect.h