aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect: cleanup direct SIG_FLAG_STATE_MATCH use

Browse Source 
This flag should normally not be set manually. It will be set by the
code registering the app engines in a signature.
pull/3449/head
Victor Julien 7 years ago
parent cbd5ca3f69
commit 5879dafe55
6 changed files with 0 additions and 43 deletions
Show Stats Download Patch File Download Diff File

1
src/detect-ftpdata.c
Unescape Escape View File

@ -215,7 +215,6 @@ static int DetectFtpdataSetup(DetectEngineCtx *de_ctx, Signature *s, const char
sm->type = DETECT_FTPDATA;
sm->ctx = (void *)ftpcommandd;
s->flags |= SIG_FLAG_STATE_MATCH;
SigMatchAppendSMToList(s, sm, g_ftpdata_buffer_id);
return 0;

1
src/detect-krb5-errcode.c
Unescape Escape View File

@ -202,7 +202,6 @@ static int DetectKrb5ErrCodeSetup (DetectEngineCtx *de_ctx, Signature *s, const
sm->type = DETECT_AL_KRB5_ERRCODE;
sm->ctx = (void *)krb5d;
s->flags |= SIG_FLAG_STATE_MATCH;
SigMatchAppendSMToList(s, sm, g_krb5_err_code_list_id);
return 0;

1
src/detect-krb5-msgtype.c
Unescape Escape View File

@ -199,7 +199,6 @@ static int DetectKrb5MsgTypeSetup (DetectEngineCtx *de_ctx, Signature *s, const
sm->type = DETECT_AL_KRB5_MSGTYPE;
sm->ctx = (void *)krb5d;
s->flags |= SIG_FLAG_STATE_MATCH;
SigMatchAppendSMToList(s, sm, g_krb5_msg_type_list_id);
return 0;

1
src/detect-nfs-procedure.c
Unescape Escape View File

@ -364,7 +364,6 @@ static int DetectNfsProcedureSetup (DetectEngineCtx *de_ctx, Signature *s,
sm->type = DETECT_AL_NFS_PROCEDURE;
sm->ctx = (void *)dd;
s->flags |= SIG_FLAG_STATE_MATCH;
SCLogDebug("low %u hi %u", dd->lo, dd->hi);
SigMatchAppendSMToList(s, sm, g_nfs_request_buffer_id);
return 0;

1
src/detect-nfs-version.c
Unescape Escape View File

@ -356,7 +356,6 @@ static int DetectNfsVersionSetup (DetectEngineCtx *de_ctx, Signature *s,
sm->type = DETECT_AL_NFS_VERSION;
sm->ctx = (void *)dd;
s->flags |= SIG_FLAG_STATE_MATCH;
SCLogDebug("low %u hi %u", dd->lo, dd->hi);
SigMatchAppendSMToList(s, sm, g_nfs_request_buffer_id);
return 0;

38
src/detect-parse.c
Unescape Escape View File

@ -1644,44 +1644,6 @@ static int SigValidate(DetectEngineCtx *de_ctx, Signature *s)
SCReturnInt(0);
}
//if (s->alproto != ALPROTO_UNKNOWN) {
// if (s->flags & SIG_FLAG_STATE_MATCH) {
// if (s->alproto == ALPROTO_DNS) {
// if (al_proto_table[ALPROTO_DNS_UDP].to_server == 0 ||
// al_proto_table[ALPROTO_DNS_UDP].to_client == 0 ||
// al_proto_table[ALPROTO_DNS_TCP].to_server == 0 ||
// al_proto_table[ALPROTO_DNS_TCP].to_client == 0) {
// SCLogInfo("Signature uses options that need the app layer "
// "parser for dns, but the parser's disabled "
// "for the protocol. Please check if you have "
// "disabled it through the option "
// "\"app-layer.protocols.dcerpc[udp|tcp].enabled\""
// "or internally the parser has been disabled in "
// "the code. Invalidating signature.");
// SCReturnInt(0);
// }
// } else {
// if (al_proto_table[s->alproto].to_server == 0 ||
// al_proto_table[s->alproto].to_client == 0) {
// const char *proto_name = AppProtoToString(s->alproto);
// SCLogInfo("Signature uses options that need the app layer "
// "parser for \"%s\", but the parser's disabled "
// "for the protocol. Please check if you have "
// "disabled it through the option "
// "\"app-layer.protocols.%s.enabled\" or internally "
// "there the parser has been disabled in the code. "
// "Invalidating signature.", proto_name, proto_name);
// SCReturnInt(0);
// }
// }
// }
//
//
//
//
//
//}
if (s->flags & SIG_FLAG_REQUIRE_PACKET) {
pm = DetectGetLastSMFromLists(s, DETECT_REPLACE, -1);
if (pm != NULL && SigMatchListSMBelongsTo(s, pm) != DETECT_SM_LIST_PMATCH) {

Write Preview
Loading…
Cancel
Save