1 /* Copyright (C) 2007-2017 Open Information Security Foundation 2 * 3 * You can copy, redistribute or modify this Program under the terms of 4 * the GNU General Public License version 2 as published by the Free 5 * Software Foundation. 6 * 7 * This program is distributed in the hope that it will be useful, 8 * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 * GNU General Public License for more details. 11 * 12 * You should have received a copy of the GNU General Public License 13 * version 2 along with this program; if not, write to the Free Software 14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 15 * 02110-1301, USA. 16 */ 17 18 /** 19 * \file 20 * 21 * \author Victor Julien <victor@inliniac.net> 22 */ 23 24 #ifndef __DETECT_ENGINE_REGISTER_H__ 25 #define __DETECT_ENGINE_REGISTER_H__ 26 27 enum DetectKeywordId { 28 DETECT_SID, 29 DETECT_PRIORITY, 30 DETECT_REV, 31 DETECT_CLASSTYPE, 32 33 /* sorted by prefilter priority. Higher in this list means it will be 34 * picked over ones lower in the list */ 35 DETECT_AL_APP_LAYER_PROTOCOL, 36 DETECT_ACK, 37 DETECT_SEQ, 38 DETECT_WINDOW, 39 DETECT_IPOPTS, 40 DETECT_FLAGS, 41 DETECT_FRAGBITS, 42 DETECT_FRAGOFFSET, 43 DETECT_TTL, 44 DETECT_TOS, 45 DETECT_ITYPE, 46 DETECT_ICODE, 47 DETECT_ICMP_ID, 48 DETECT_ICMP_SEQ, 49 DETECT_ICMPV4HDR, 50 DETECT_DSIZE, 51 52 DETECT_FLOW, 53 /* end prefilter sort */ 54 55 DETECT_THRESHOLD, 56 DETECT_METADATA, 57 DETECT_REFERENCE, 58 DETECT_TAG, 59 DETECT_MSG, 60 DETECT_CONTENT, 61 DETECT_URICONTENT, 62 DETECT_PCRE, 63 DETECT_DEPTH, 64 DETECT_STARTS_WITH, 65 DETECT_ENDS_WITH, 66 DETECT_DISTANCE, 67 DETECT_WITHIN, 68 DETECT_OFFSET, 69 DETECT_REPLACE, 70 DETECT_NOCASE, 71 DETECT_FAST_PATTERN, 72 DETECT_RAWBYTES, 73 DETECT_BYTETEST, 74 DETECT_BYTEJUMP, 75 DETECT_BYTEMATH, 76 DETECT_SAMEIP, 77 DETECT_GEOIP, 78 DETECT_IPPROTO, 79 DETECT_FTPBOUNCE, 80 DETECT_ISDATAAT, 81 DETECT_ID, 82 DETECT_RPC, 83 DETECT_FLOWVAR, 84 DETECT_FLOWVAR_POSTMATCH, 85 DETECT_FLOWINT, 86 DETECT_PKTVAR, 87 DETECT_NOALERT, 88 DETECT_FLOWBITS, 89 DETECT_HOSTBITS, 90 DETECT_IPV4_CSUM, 91 DETECT_TCPV4_CSUM, 92 DETECT_TCPV6_CSUM, 93 DETECT_UDPV4_CSUM, 94 DETECT_UDPV6_CSUM, 95 DETECT_ICMPV4_CSUM, 96 DETECT_ICMPV6_CSUM, 97 DETECT_STREAM_SIZE, 98 DETECT_DETECTION_FILTER, 99 DETECT_DATASET, 100 DETECT_DATAREP, 101 102 DETECT_DECODE_EVENT, 103 DETECT_GID, 104 DETECT_MARK, 105 106 DETECT_BSIZE, 107 108 DETECT_AL_TLS_VERSION, 109 DETECT_AL_TLS_SUBJECT, 110 DETECT_AL_TLS_ISSUERDN, 111 DETECT_AL_TLS_NOTBEFORE, 112 DETECT_AL_TLS_NOTAFTER, 113 DETECT_AL_TLS_EXPIRED, 114 DETECT_AL_TLS_VALID, 115 DETECT_AL_TLS_FINGERPRINT, 116 DETECT_AL_TLS_STORE, 117 118 DETECT_AL_HTTP_COOKIE, 119 DETECT_HTTP_COOKIE, 120 DETECT_AL_HTTP_METHOD, 121 DETECT_HTTP_METHOD, 122 DETECT_AL_HTTP_PROTOCOL, 123 DETECT_AL_HTTP_START, 124 DETECT_AL_URILEN, 125 DETECT_AL_HTTP_CLIENT_BODY, 126 DETECT_HTTP_REQUEST_BODY, 127 DETECT_AL_HTTP_SERVER_BODY, 128 DETECT_HTTP_RESPONSE_BODY, 129 DETECT_AL_HTTP_HEADER, 130 DETECT_HTTP_HEADER, 131 DETECT_AL_HTTP_HEADER_NAMES, 132 DETECT_AL_HTTP_HEADER_ACCEPT, 133 DETECT_AL_HTTP_HEADER_ACCEPT_LANG, 134 DETECT_AL_HTTP_HEADER_ACCEPT_ENC, 135 DETECT_AL_HTTP_HEADER_CONNECTION, 136 DETECT_AL_HTTP_HEADER_CONTENT_LEN, 137 DETECT_AL_HTTP_HEADER_CONTENT_TYPE, 138 DETECT_AL_HTTP_HEADER_LOCATION, 139 DETECT_AL_HTTP_HEADER_SERVER, 140 DETECT_AL_HTTP_HEADER_REFERER, 141 DETECT_AL_HTTP_RAW_HEADER, 142 DETECT_HTTP_RAW_HEADER, 143 DETECT_AL_HTTP_URI, 144 DETECT_HTTP_URI, 145 DETECT_HTTP_URI_RAW, 146 DETECT_AL_HTTP_RAW_URI, 147 DETECT_AL_HTTP_STAT_MSG, 148 DETECT_HTTP_STAT_MSG, 149 DETECT_AL_HTTP_STAT_CODE, 150 DETECT_HTTP_STAT_CODE, 151 DETECT_AL_HTTP_USER_AGENT, 152 DETECT_HTTP_UA, 153 DETECT_AL_HTTP_HOST, 154 DETECT_HTTP_HOST, 155 DETECT_AL_HTTP_RAW_HOST, 156 DETECT_HTTP_HOST_RAW, 157 DETECT_AL_HTTP_REQUEST_LINE, 158 DETECT_AL_HTTP_RESPONSE_LINE, 159 DETECT_AL_NFS_PROCEDURE, 160 DETECT_AL_NFS_VERSION, 161 DETECT_AL_SSH_PROTOCOL, 162 DETECT_AL_SSH_PROTOVERSION, 163 DETECT_AL_SSH_SOFTWARE, 164 DETECT_AL_SSH_SOFTWAREVERSION, 165 DETECT_AL_SSH_HASSH, 166 DETECT_AL_SSH_HASSH_SERVER, 167 DETECT_AL_SSH_HASSH_STRING, 168 DETECT_AL_SSH_HASSH_SERVER_STRING, 169 DETECT_AL_SSL_VERSION, 170 DETECT_AL_SSL_STATE, 171 DETECT_BYTE_EXTRACT, 172 DETECT_FILE_DATA, 173 DETECT_PKT_DATA, 174 DETECT_AL_APP_LAYER_EVENT, 175 176 DETECT_HTTP2_FRAMETYPE, 177 DETECT_HTTP2_ERRORCODE, 178 DETECT_HTTP2_PRIORITY, 179 DETECT_HTTP2_WINDOW, 180 DETECT_HTTP2_SIZEUPDATE, 181 DETECT_HTTP2_SETTINGS, 182 DETECT_HTTP2_HEADERNAME, 183 DETECT_HTTP2_HEADER, 184 185 DETECT_DCE_IFACE, 186 DETECT_DCE_OPNUM, 187 DETECT_DCE_STUB_DATA, 188 DETECT_SMB_NAMED_PIPE, 189 DETECT_SMB_SHARE, 190 191 DETECT_ASN1, 192 193 DETECT_ENGINE_EVENT, 194 DETECT_STREAM_EVENT, 195 196 DETECT_CONFIG, 197 198 DETECT_FILENAME, 199 DETECT_FILE_NAME, 200 DETECT_FILEEXT, 201 DETECT_FILESTORE, 202 DETECT_FILESTORE_POSTMATCH, 203 DETECT_FILEMAGIC, 204 DETECT_FILE_MAGIC, 205 DETECT_FILEMD5, 206 DETECT_FILESHA1, 207 DETECT_FILESHA256, 208 DETECT_FILESIZE, 209 210 DETECT_L3PROTO, 211 DETECT_LUA, 212 DETECT_IPREP, 213 214 DETECT_AL_DNS_QUERY, 215 DETECT_AL_DNS_OPCODE, 216 DETECT_AL_TLS_SNI, 217 DETECT_AL_TLS_CERTS, 218 DETECT_AL_TLS_CERT_ISSUER, 219 DETECT_AL_TLS_CERT_SUBJECT, 220 DETECT_AL_TLS_CERT_SERIAL, 221 DETECT_AL_TLS_CERT_FINGERPRINT, 222 223 DETECT_AL_TLS_JA3_HASH, 224 DETECT_AL_TLS_JA3_STRING, 225 DETECT_AL_TLS_JA3S_HASH, 226 DETECT_AL_TLS_JA3S_STRING, 227 228 DETECT_AL_MODBUS, 229 DETECT_CIPSERVICE, 230 DETECT_ENIPCOMMAND, 231 232 DETECT_AL_DNP3DATA, 233 DETECT_AL_DNP3FUNC, 234 DETECT_AL_DNP3IND, 235 DETECT_AL_DNP3OBJ, 236 237 DETECT_XBITS, 238 DETECT_BASE64_DECODE, 239 DETECT_BASE64_DATA, 240 241 DETECT_AL_KRB5_ERRCODE, 242 DETECT_AL_KRB5_MSGTYPE, 243 DETECT_AL_KRB5_CNAME, 244 DETECT_AL_KRB5_SNAME, 245 246 DETECT_AL_SIP_METHOD, 247 DETECT_AL_SIP_URI, 248 DETECT_AL_SIP_PROTOCOL, 249 DETECT_AL_SIP_STAT_CODE, 250 DETECT_AL_SIP_STAT_MSG, 251 DETECT_AL_SIP_REQUEST_LINE, 252 DETECT_AL_SIP_RESPONSE_LINE, 253 DETECT_AL_RFB_SECRESULT, 254 DETECT_AL_RFB_SECTYPE, 255 DETECT_AL_RFB_NAME, 256 DETECT_TEMPLATE, 257 DETECT_TEMPLATE2, 258 DETECT_IPV4HDR, 259 DETECT_IPV6HDR, 260 DETECT_ICMPV6HDR, 261 DETECT_ICMPV6MTU, 262 DETECT_TCPHDR, 263 DETECT_UDPHDR, 264 DETECT_TCPMSS, 265 DETECT_FTPDATA, 266 DETECT_TARGET, 267 DETECT_AL_TEMPLATE_RUST_BUFFER, 268 DETECT_AL_SNMP_VERSION, 269 DETECT_AL_SNMP_COMMUNITY, 270 DETECT_AL_SNMP_PDU_TYPE, 271 DETECT_AL_MQTT_TYPE, 272 DETECT_AL_MQTT_FLAGS, 273 DETECT_AL_MQTT_QOS, 274 DETECT_AL_MQTT_PROTOCOL_VERSION, 275 DETECT_AL_MQTT_REASON_CODE, 276 DETECT_AL_MQTT_CONNECT_FLAGS, 277 DETECT_AL_MQTT_CONNECT_CLIENTID, 278 DETECT_AL_MQTT_CONNECT_USERNAME, 279 DETECT_AL_MQTT_CONNECT_PASSWORD, 280 DETECT_AL_MQTT_CONNECT_WILLTOPIC, 281 DETECT_AL_MQTT_CONNECT_WILLMESSAGE, 282 DETECT_AL_MQTT_CONNACK_SESSION_PRESENT, 283 DETECT_AL_MQTT_PUBLISH_TOPIC, 284 DETECT_AL_MQTT_PUBLISH_MESSAGE, 285 DETECT_AL_MQTT_SUBSCRIBE_TOPIC, 286 DETECT_AL_MQTT_UNSUBSCRIBE_TOPIC, 287 DETECT_AL_TEMPLATE_BUFFER, 288 289 DETECT_BYPASS, 290 291 DETECT_PREFILTER, 292 293 DETECT_TRANSFORM_COMPRESS_WHITESPACE, 294 DETECT_TRANSFORM_STRIP_WHITESPACE, 295 DETECT_TRANSFORM_MD5, 296 DETECT_TRANSFORM_SHA1, 297 DETECT_TRANSFORM_SHA256, 298 DETECT_TRANSFORM_DOTPREFIX, 299 DETECT_TRANSFORM_PCREXFORM, 300 DETECT_TRANSFORM_URL_DECODE, 301 302 /* make sure this stays last */ 303 DETECT_TBLSIZE, 304 }; 305 306 void SigTableList(const char *keyword); 307 void SigTableSetup(void); 308 void SigTableRegisterTests(void); 309 310 #endif /* __DETECT_ENGINE_REGISTER_H__ */ 311