| Array_t | Array structure |
| Circbuf_t | Structure for keeping a generic circular buffer |
| Evl_Action_t | Struct encoding the action to be taken |
| Evl_BddLevelPair_t | A bdd_t and the level we are thinking of it as being at |
| Evl_Bridge_t | Basic structure used for pulling packets in and out |
| Evl_BridgeStats_t | Structure encapsulating various stats, used for testing purposes |
| Evl_ContentMgr_t | A stucture for evaluating L7 rules |
| Evl_Fsm_t | Fsm structure |
| Evl_GenericManager_t | Generic checks |
| Evl_L4Flow_t | Encapsulate L4 flow information specifically destPort, srcPort, destIP, srcIP |
| Evl_L4LookupTable_t | A lookup table for finding potentially applicable rules for a packet based on L4 header information |
| Evl_L4Manager_t | Everything needed to check TCP packets |
| Evl_Manager_t | A representation of rules and corresponding lookup table |
| Hash_Entry_t | Hash table entry |
| Hash_Generator_t | Used for traversing entries in a table |
| Hash_t | Hash table |
| Heap_t | Heap data structure |
| Nm_TclCD_t | Structure used to pass return values around as integers |
| Pkt_EthernetHdr_t | Ethernet Packet Header |
| Pkt_IcmpHdr_t | ICMP packet header |
| Pkt_IpFlags_t | Packed bit-fields for ip frag flags, offset |
| Pkt_IpHdr_t | IP Packet header |
| Pkt_L4Flow_t | Layer 4 flow captured by 4 fields - source/dest IP, source/dest TCP ports |
| Pkt_LibNet_t | An encapsulation of the libnet_t structure |
| Pkt_LibPcap_t | An encapsulation of the libpcap_t structure |
| Pkt_ProcessPkt_t | Packet and rules that are to be applied |
| Pkt_TcpHdr_t | TCP Packet header |
| Pkt_TcpResDoffFlags_t | Packed bit-fields for tcp flags, offset, etc |
| Pkt_TfcMode_t | Structure encapsulating settings for Pkt_CreateRandEthPktArray |
| Pkt_UdpHdr_t | UDP Packet header |
| Pkt_VectorBuff_t | Useful for passing sets of packets around |
| Pkt_WifiHdr_t | Use for wlan detection |
| Q_Cos_t | Data structure for differentiated service based on class of service |
| Q_Drr_t | Data structure for differentiated service based on DRR |
| Q_Flow_t | Data structure for keeping flow |
| Q_Q_t | Cos Queue structure used for actions |
| Rlp_AckAttribute_t | TCP ack value to check against |
| Rlp_Action_t | Struct encoding the action to be taken |
| Rlp_ByteJumpAttribute_t | Byte jump operation |
| Rlp_ByteTestAttribute_t | Byte test operation |
| Rlp_ContentAttribute_t | Content to test for |
| Rlp_ContentCheckAttribute_t | Struct for checking a content type rule |
| Rlp_DepthAttribute_t | Sets maximum search depth for the content pattern match to search from beginning of region |
| Rlp_DistanceAttribute_t | Look for at least N bytes between pattern matches using content |
| Rlp_DsizeAttribute_t | The dsize option is used to test the packet payload size. It may be set to any value, plus use the greater than/less than signs to indicate ranges and limits |
| Rlp_FlagsAttribute_t | Test the TCP flags for a match |
| Rlp_FragbitsAttribute_t | This rule inspects the fragment and reserved bits in the IP header |
| Rlp_IcmpIdAttribute_t | The icmp_id option examines an ICMP ECHO packet's ICMP ID number for a specific value |
| Rlp_IcmpSeqAttribute_t | The icmp_id option examines an ICMP ECHO packet's ICMP sequence field for a specific value |
| Rlp_IcodeAttribute_t | Itype rule, just set a numeric value in here and Detect any traffic using that ICMP code value |
| Rlp_IfAttribute_t | Interface to check against |
| Rlp_IpOptsAttribute_t | Ip options |
| Rlp_IpProtoAttribute_t | Check the ip proto field |
| Rlp_ItypeAttribute_t | This rule tests the value of the ICMP type field. It is set using the numeric value of this field |
| Rlp_L4Check_t | A struct for holding the layer 4 check on a formula |
| Rlp_L7Check_t | A struct for holding the content tests on a formula |
| Rlp_NocaseAttribute_t | The nocase option is used to deactivate case sensitivity in a content rule |
| Rlp_Node_t | Node structure - basically a cons list |
| Rlp_OffsetAttribute_t | The offset rule option is used as a modifier to rules using the content option keyword |
| Rlp_PcreAttribute_t | Struct for pcre checking |
| Rlp_RpcAttribute_t | This option looks at RPC requests and automatically decodes the application, procedure, and program version, indicating success when all three variables are matched |
| Rlp_SameIpAttribute_t | Check if source and dest ip are the same |
| Rlp_SampleAttribute_t | Sampling threshold |
| Rlp_SeqAttribute_t | This rule option refers to the TCP sequence number |
| Rlp_TtlAttribute_t | This rule option is used to set a specific time-to-live value to test against |
| Rlp_WithinAttribute_t | The within keyword is a content modifier that makes sure that at least N bytes are between pattern matches |
| RlpIntAttribute_t | Struct to represent a single int entry |
| util_attrib_val_t | Attribute-value pair used to read formula |
| util_byte_array_t | Struct to represent byte-array |
| util_int_array_t | Struct to represent int-arrays |
| util_timing_t | An encapsulation of a pair of u_int32_t's used to manipulate times |
| var_set_t | Bit vector |
