aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Rename signature init flags to indicate they are init flags.

Browse Source
remotes/origin/master-1.2.x
Victor Julien 14 years ago
parent 6ebd71545b
commit 2650551192
8 changed files with 32 additions and 39 deletions
Show Stats Download Patch File Download Diff File

2
src/detect-engine-file.c
Unescape Escape View File

@ -145,7 +145,7 @@ static int DetectFileInspect(ThreadVars *tv, DetectEngineThreadCtx *det_ctx,
/* if this is a filestore sig, and the sig can't match
* return 3 so we can distinguish */
if (s->init_flags & SIG_FLAG_FILESTORE && r == 2)
if (s->flags & SIG_FLAG_FILESTORE && r == 2)
r = 3;
/* continue, this file may (or may not) be unable to match

2
src/detect-filestore.c
Unescape Escape View File

@ -327,7 +327,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, char *st
s->alproto = ALPROTO_HTTP;
s->init_flags |= SIG_FLAG_FILESTORE;
s->flags |= SIG_FLAG_FILESTORE;
return 0;
error:

2
src/detect-flow.c
Unescape Escape View File

@ -315,7 +315,7 @@ int DetectFlowSetup (DetectEngineCtx *de_ctx, Signature *s, char *flowstr)
SigMatchAppendPacket(s, sm);
s->init_flags |= SIG_FLAG_FLOW;
s->init_flags |= SIG_FLAG_INIT_FLOW;
return 0;
error:

30
src/detect-parse.c
Unescape Escape View File

@ -969,7 +969,7 @@ static int SigParseBasics(Signature *s, char *sigstr, char ***result, uint8_t ad
/* Check if it is bidirectional */
if (strcmp(arr[CONFIG_DIREC], "<>") == 0)
s->init_flags |= SIG_FLAG_BIDIREC;
s->init_flags |= SIG_FLAG_INIT_BIDIREC;
/* Parse Address & Ports */
if (SigParseAddress(s, arr[CONFIG_SRC], SIG_DIREC_SRC ^ addrs_direction) < 0)
@ -1487,10 +1487,10 @@ Signature *SigInit(DetectEngineCtx *de_ctx, char *sigstr) {
if (sigmatch_table[sm->type].AppLayerMatch != NULL)
sig->flags |= SIG_FLAG_APPLAYER;
if (sigmatch_table[sm->type].Match != NULL)
sig->init_flags |= SIG_FLAG_PACKET;
sig->init_flags |= SIG_FLAG_INIT_PACKET;
}
} else {
sig->init_flags |= SIG_FLAG_PACKET;
sig->init_flags |= SIG_FLAG_INIT_PACKET;
}
}
@ -1519,7 +1519,7 @@ Signature *SigInit(DetectEngineCtx *de_ctx, char *sigstr) {
SCLogDebug("sig %"PRIu32" SIG_FLAG_APPLAYER: %s, SIG_FLAG_PACKET: %s",
sig->id, sig->flags & SIG_FLAG_APPLAYER ? "set" : "not set",
sig->init_flags & SIG_FLAG_PACKET ? "set" : "not set");
sig->init_flags & SIG_FLAG_INIT_PACKET ? "set" : "not set");
SigBuildAddressMatchArray(sig);
@ -1630,7 +1630,7 @@ Signature *SigInitReal(DetectEngineCtx *de_ctx, char *sigstr) {
}
}
}
if (sig->init_flags & SIG_FLAG_BIDIREC) {
if (sig->init_flags & SIG_FLAG_INIT_BIDIREC) {
/* Allocate a copy of this signature with the addresses siwtched
This copy will be installed at sig->next */
sig->next = SigAlloc();
@ -1695,10 +1695,10 @@ Signature *SigInitReal(DetectEngineCtx *de_ctx, char *sigstr) {
if (sigmatch_table[sm->type].AppLayerMatch != NULL)
sig->flags |= SIG_FLAG_APPLAYER;
if (sigmatch_table[sm->type].Match != NULL)
sig->init_flags |= SIG_FLAG_PACKET;
sig->init_flags |= SIG_FLAG_INIT_PACKET;
}
} else {
sig->init_flags |= SIG_FLAG_PACKET;
sig->init_flags |= SIG_FLAG_INIT_PACKET;
}
}
@ -1727,7 +1727,7 @@ Signature *SigInitReal(DetectEngineCtx *de_ctx, char *sigstr) {
SCLogDebug("sig %"PRIu32" SIG_FLAG_APPLAYER: %s, SIG_FLAG_PACKET: %s",
sig->id, sig->flags & SIG_FLAG_APPLAYER ? "set" : "not set",
sig->init_flags & SIG_FLAG_PACKET ? "set" : "not set");
sig->init_flags & SIG_FLAG_INIT_PACKET ? "set" : "not set");
/* validate signature, SigValidate will report the error reason */
if (SigValidate(sig) == 0) {
@ -1925,7 +1925,7 @@ static inline int DetectEngineSignatureIsDuplicate(DetectEngineCtx *de_ctx,
if (sw_dup->s_prev == NULL) {
SigDuplWrapper sw_temp;
memset(&sw_temp, 0, sizeof(SigDuplWrapper));
if (sw_dup->s->init_flags & SIG_FLAG_BIDIREC) {
if (sw_dup->s->init_flags & SIG_FLAG_INIT_BIDIREC) {
sw_temp.s = sw_dup->s->next->next;
de_ctx->sig_list = sw_dup->s->next->next;
SigFree(sw_dup->s->next);
@ -1943,7 +1943,7 @@ static inline int DetectEngineSignatureIsDuplicate(DetectEngineCtx *de_ctx,
} else {
SigDuplWrapper sw_temp;
memset(&sw_temp, 0, sizeof(SigDuplWrapper));
if (sw_dup->s->init_flags & SIG_FLAG_BIDIREC) {
if (sw_dup->s->init_flags & SIG_FLAG_INIT_BIDIREC) {
sw_temp.s = sw_dup->s->next->next;
sw_dup->s_prev->next = sw_dup->s->next->next;
SigFree(sw_dup->s->next);
@ -2013,7 +2013,7 @@ Signature *DetectEngineAppendSig(DetectEngineCtx *de_ctx, char *sigstr)
sigstr);
}
if (sig->init_flags & SIG_FLAG_BIDIREC) {
if (sig->init_flags & SIG_FLAG_INIT_BIDIREC) {
if (sig->next != NULL) {
sig->next->next = de_ctx->sig_list;
} else {
@ -2714,7 +2714,7 @@ int SigTestBidirec01 (void) {
goto end;
if (sig->next != NULL)
goto end;
if (sig->init_flags & SIG_FLAG_BIDIREC)
if (sig->init_flags & SIG_FLAG_INIT_BIDIREC)
goto end;
if (de_ctx->signum != 1)
goto end;
@ -2747,7 +2747,7 @@ int SigTestBidirec02 (void) {
goto end;
if (de_ctx->sig_list != sig)
goto end;
if (!(sig->init_flags & SIG_FLAG_BIDIREC))
if (!(sig->init_flags & SIG_FLAG_INIT_BIDIREC))
goto end;
if (sig->next == NULL)
goto end;
@ -2756,7 +2756,7 @@ int SigTestBidirec02 (void) {
copy = sig->next;
if (copy->next != NULL)
goto end;
if (!(copy->init_flags & SIG_FLAG_BIDIREC))
if (!(copy->init_flags & SIG_FLAG_INIT_BIDIREC))
goto end;
result = 1;
@ -2910,7 +2910,7 @@ int SigTestBidirec04 (void) {
sig = DetectEngineAppendSig(de_ctx, "alert tcp 192.168.1.1 any <> any any (msg:\"SigTestBidirec03 sid 2 bidirectional\"; sid:2;)");
if (sig == NULL)
goto end;
if ( !(sig->init_flags & SIG_FLAG_BIDIREC))
if ( !(sig->init_flags & SIG_FLAG_INIT_BIDIREC))
goto end;
if (sig->next == NULL)
goto end;

4
src/detect-ssl-version.c
Unescape Escape View File

@ -684,10 +684,6 @@ static int DetectSslVersionTestDetect03(void)
goto end;
}
if (s->flags & SIG_FLAG_PACKET) {
SCLogDebug("SIG_FLAG_PACKET flags");
}
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);

4
src/detect-tls-version.c
Unescape Escape View File

@ -593,10 +593,6 @@ static int DetectTlsVersionTestDetect03(void) {
goto end;
}
if (s->init_flags & SIG_FLAG_PACKET) {
SCLogDebug("SIG_FLAG_PACKET flags");
}
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);

14
src/detect.c
Unescape Escape View File

@ -1903,7 +1903,7 @@ int SignatureIsFilestoring(Signature *s) {
if (s == NULL)
return 0;
if (s->init_flags & SIG_FLAG_FILESTORE)
if (s->flags & SIG_FLAG_FILESTORE)
return 1;
return 0;
@ -2290,7 +2290,7 @@ static int SignatureCreateMask(Signature *s) {
SCLogDebug("sig requires flow");
}
if (s->init_flags & SIG_FLAG_FLOW) {
if (s->init_flags & SIG_FLAG_INIT_FLOW) {
s->mask |= SIG_MASK_REQUIRE_FLOW;
SCLogDebug("sig requires flow");
}
@ -2394,12 +2394,12 @@ int SigAddressPrepareStage1(DetectEngineCtx *de_ctx) {
/* see if any sig is inspecting the packet payload */
} else if (SignatureIsInspectingPayload(de_ctx, tmp_s) == 1) {
tmp_s->init_flags |= SIG_FLAG_PAYLOAD;
tmp_s->init_flags |= SIG_FLAG_INIT_PAYLOAD;
cnt_payload++;
SCLogDebug("Signature %"PRIu32" is considered \"Payload inspecting\"", tmp_s->id);
} else if (SignatureIsDEOnly(de_ctx, tmp_s) == 1) {
tmp_s->init_flags |= SIG_FLAG_DEONLY;
tmp_s->init_flags |= SIG_FLAG_INIT_DEONLY;
SCLogDebug("Signature %"PRIu32" is considered \"Decoder Event only\"", tmp_s->id);
cnt_deonly++;
}
@ -2546,7 +2546,7 @@ error:
static int DetectEngineLookupFlowAddSig(DetectEngineCtx *de_ctx, Signature *s, int family) {
uint8_t flags = 0;
if (s->init_flags & SIG_FLAG_FLOW) {
if (s->init_flags & SIG_FLAG_INIT_FLOW) {
SigMatch *sm = s->sm_lists[DETECT_SM_LIST_MATCH];
for ( ; sm != NULL; sm = sm->next) {
if (sm->type != DETECT_FLOW)
@ -2981,7 +2981,7 @@ int SigAddressPrepareStage2(DetectEngineCtx *de_ctx) {
SCLogDebug("tmp_s->id %"PRIu32, tmp_s->id);
if (tmp_s->flags & SIG_FLAG_IPONLY) {
IPOnlyAddSignature(de_ctx, &de_ctx->io_ctx, tmp_s);
} else if (tmp_s->init_flags & SIG_FLAG_DEONLY) {
} else if (tmp_s->init_flags & SIG_FLAG_INIT_DEONLY) {
DetectEngineAddDecoderEventSig(de_ctx, tmp_s);
} else {
DetectEngineLookupFlowAddSig(de_ctx, tmp_s, AF_INET);
@ -8428,7 +8428,7 @@ int SigTest40NoPayloadInspection02(void) {
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
if (!(de_ctx->sig_list->init_flags & SIG_FLAG_PAYLOAD))
if (!(de_ctx->sig_list->init_flags & SIG_FLAG_INIT_PAYLOAD))
result = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);

13
src/detect.h
Unescape Escape View File

@ -269,13 +269,14 @@ typedef struct DetectPort_ {
#define SIG_FLAG_MPM_HSBDCONTENT (((uint64_t)1)<<32)
#define SIG_FLAG_MPM_HSBDCONTENT_NEG (((uint64_t)1)<<33)
#define SIG_FLAG_FILESTORE (((uint64_t)1)<<34) /**< signature has filestore keyword */
/* signature init flags */
#define SIG_FLAG_DEONLY 1 /**< decode event only signature */
#define SIG_FLAG_PACKET (1<<1) /**< signature has matches against a packet (as opposed to app layer) */
#define SIG_FLAG_FLOW (1<<2) /**< signature has a flow setting */
#define SIG_FLAG_BIDIREC (1<<3) /**< signature has bidirectional operator */
#define SIG_FLAG_PAYLOAD (1<<4) /**< signature is inspecting the packet payload */
#define SIG_FLAG_FILESTORE (1<<5) /**< signature has filestore keyword */
#define SIG_FLAG_INIT_DEONLY 1 /**< decode event only signature */
#define SIG_FLAG_INIT_PACKET (1<<1) /**< signature has matches against a packet (as opposed to app layer) */
#define SIG_FLAG_INIT_FLOW (1<<2) /**< signature has a flow setting */
#define SIG_FLAG_INIT_BIDIREC (1<<3) /**< signature has bidirectional operator */
#define SIG_FLAG_INIT_PAYLOAD (1<<4) /**< signature is inspecting the packet payload */
/* signature mask flags */
#define SIG_MASK_REQUIRE_PAYLOAD 1

Write Preview
Loading…
Cancel
Save