detect: remove wrappers around DetectEngineInspectGenericList

3 years ago · 83a8cd80b2
parent 7eaf1688b5
commit 83a8cd80b2
34 changed files with 70 additions and 442 deletions
--- a/src/detect-dce-iface.c
+++ b/src/detect-dce-iface.c
@ -63,10 +63,6 @@ static void DetectDceIfaceRegisterTests(void);
 #endif
 static int g_dce_generic_list_id = 0;
 static uint8_t InspectDceGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
        const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
        uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
 /**
 * \brief Registers the keyword handlers for the "dce_iface" keyword.
 */
@ -84,23 +80,15 @@ void DetectDceIfaceRegister(void)
    g_dce_generic_list_id = DetectBufferTypeRegister("dce_generic");
    DetectAppLayerInspectEngineRegister2("dce_generic", ALPROTO_DCERPC, SIG_FLAG_TOSERVER, 0,
            DetectEngineInspectGenericList, NULL);
    DetectAppLayerInspectEngineRegister2(
-            "dce_generic", ALPROTO_DCERPC, SIG_FLAG_TOSERVER, 0, InspectDceGeneric, NULL);
+            "dce_generic", ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL);
    DetectAppLayerInspectEngineRegister2(
            "dce_generic", ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, InspectDceGeneric, NULL);
    DetectAppLayerInspectEngineRegister2("dce_generic", ALPROTO_DCERPC, SIG_FLAG_TOCLIENT, 0,
            DetectEngineInspectGenericList, NULL);
    DetectAppLayerInspectEngineRegister2(
-            "dce_generic", ALPROTO_DCERPC, SIG_FLAG_TOCLIENT, 0, InspectDceGeneric, NULL);
+            "dce_generic", ALPROTO_SMB, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL);
    DetectAppLayerInspectEngineRegister2(
            "dce_generic", ALPROTO_SMB, SIG_FLAG_TOCLIENT, 0, InspectDceGeneric, NULL);
 }
 static uint8_t InspectDceGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
        const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
        uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 /**
--- a/src/detect-dnp3.c
+++ b/src/detect-dnp3.c
@ -176,14 +176,6 @@ static InspectionBuffer *GetDNP3Data(DetectEngineThreadCtx *det_ctx,
    return buffer;
 }
 static uint8_t DetectEngineInspectDNP3(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
        const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
        uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 /**
 * \brief Parse the provided function name or code to its integer
 *     value.
@ -598,9 +590,9 @@ void DetectDNP3Register(void)
    /* Register the list of func, ind and obj. */
    DetectAppLayerInspectEngineRegister2(
-            "dnp3", ALPROTO_DNP3, SIG_FLAG_TOSERVER, 0, DetectEngineInspectDNP3, NULL);
+            "dnp3", ALPROTO_DNP3, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL);
    DetectAppLayerInspectEngineRegister2(
-            "dnp3", ALPROTO_DNP3, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectDNP3, NULL);
+            "dnp3", ALPROTO_DNP3, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL);
    g_dnp3_match_buffer_id = DetectBufferTypeRegister("dnp3");
--- a/src/detect-dns-opcode.c
+++ b/src/detect-dns-opcode.c
@ -74,14 +74,6 @@ static int DetectDnsOpcodeMatch(DetectEngineThreadCtx *det_ctx,
    return rs_dns_opcode_match(txv, (void *)ctx, flags);
 }
 static uint8_t DetectEngineInspectRequestGenericDnsOpcode(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 void DetectDnsOpcodeRegister(void)
 {
    sigmatch_table[DETECT_AL_DNS_OPCODE].name  = "dns.opcode";
@ -92,11 +84,11 @@ void DetectDnsOpcodeRegister(void)
    sigmatch_table[DETECT_AL_DNS_OPCODE].AppLayerTxMatch =
        DetectDnsOpcodeMatch;
-    DetectAppLayerInspectEngineRegister2("dns.opcode", ALPROTO_DNS, SIG_FLAG_TOSERVER, 0,
+    DetectAppLayerInspectEngineRegister2(
-            DetectEngineInspectRequestGenericDnsOpcode, NULL);
+            "dns.opcode", ALPROTO_DNS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL);
-    DetectAppLayerInspectEngineRegister2("dns.opcode", ALPROTO_DNS, SIG_FLAG_TOCLIENT, 0,
+    DetectAppLayerInspectEngineRegister2(
-            DetectEngineInspectRequestGenericDnsOpcode, NULL);
+            "dns.opcode", ALPROTO_DNS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL);
    dns_opcode_list_id = DetectBufferTypeGetByName("dns.opcode");
 }
--- a/src/detect-dns-query.c
+++ b/src/detect-dns-query.c
@ -197,24 +197,6 @@ static int PrefilterMpmDnsQueryRegister(DetectEngineCtx *de_ctx,
            pectx, PrefilterMpmDnsQueryFree, mpm_reg->pname);
 }
 #ifdef HAVE_LUA
 static uint8_t DetectEngineInspectDnsRequest(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 static uint8_t DetectEngineInspectDnsResponse(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 #endif
 /**
 * \brief Registration function for keyword: dns_query
 */
@ -247,9 +229,9 @@ void DetectDnsQueryRegister (void)
 #ifdef HAVE_LUA
    /* register these generic engines from here for now */
    DetectAppLayerInspectEngineRegister2(
-            "dns_request", ALPROTO_DNS, SIG_FLAG_TOSERVER, 1, DetectEngineInspectDnsRequest, NULL);
+            "dns_request", ALPROTO_DNS, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL);
    DetectAppLayerInspectEngineRegister2("dns_response", ALPROTO_DNS, SIG_FLAG_TOCLIENT, 1,
-            DetectEngineInspectDnsResponse, NULL);
+            DetectEngineInspectGenericList, NULL);
    DetectBufferTypeSetDescriptionByName("dns_request",
            "dns requests");
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@ -1949,10 +1949,11 @@ int DetectEngineReloadIsIdle(void)
 *  \retval 0 no match
 *  \retval 1 match
 */
-uint8_t DetectEngineInspectGenericList(const DetectEngineCtx *de_ctx,
+uint8_t DetectEngineInspectGenericList(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
-        DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Flow *f,
+        const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
-        const uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
+        uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    SigMatchData *smd = engine->smd;
    SCLogDebug("running match functions, sm %p", smd);
    if (smd != NULL) {
        while (1) {
--- a/src/detect-engine.h
+++ b/src/detect-engine.h
@ -131,8 +131,9 @@ int DetectEngineTentantUnregisterVlanId(uint32_t tenant_id, uint16_t vlan_id);
 int DetectEngineTentantRegisterPcapFile(uint32_t tenant_id);
 int DetectEngineTentantUnregisterPcapFile(uint32_t tenant_id);
-uint8_t DetectEngineInspectGenericList(const DetectEngineCtx *, DetectEngineThreadCtx *,
+uint8_t DetectEngineInspectGenericList(DetectEngineCtx *, DetectEngineThreadCtx *,
-        const Signature *, const SigMatchData *, Flow *, const uint8_t, void *, void *, uint64_t);
+        const struct DetectEngineAppInspectionEngine_ *, const Signature *, Flow *, uint8_t, void *,
        void *, uint64_t);
 uint8_t DetectEngineInspectBufferGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
        const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,
--- a/src/detect-ftpbounce.c
+++ b/src/detect-ftpbounce.c
@ -58,10 +58,6 @@ static void DetectFtpbounceRegisterTests(void);
 #endif
 static int g_ftp_request_list_id = 0;
 static uint8_t InspectFtpRequest(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
        const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
        uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
 /**
 * \brief Registration function for ftpbounce: keyword
 * \todo add support for no_stream and stream_only
@ -81,15 +77,7 @@ void DetectFtpbounceRegister(void)
    g_ftp_request_list_id = DetectBufferTypeRegister("ftp_request");
    DetectAppLayerInspectEngineRegister2(
-            "ftp_request", ALPROTO_FTP, SIG_FLAG_TOSERVER, 0, InspectFtpRequest, NULL);
+            "ftp_request", ALPROTO_FTP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL);
 }
 static uint8_t InspectFtpRequest(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
        const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
        uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 /**
--- a/src/detect-ftpdata.c
+++ b/src/detect-ftpdata.c
@ -49,9 +49,6 @@ static void DetectFtpdataFree (DetectEngineCtx *, void *);
 #ifdef UNITTESTS
 static void DetectFtpdataRegisterTests (void);
 #endif
 static uint8_t DetectEngineInspectFtpdataGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
 static int g_ftpdata_buffer_id = 0;
 /**
@ -77,24 +74,16 @@ void DetectFtpdataRegister(void) {
    sigmatch_table[DETECT_FTPDATA].RegisterTests = DetectFtpdataRegisterTests;
 #endif
    DetectAppLayerInspectEngineRegister2("ftpdata_command", ALPROTO_FTPDATA, SIG_FLAG_TOSERVER, 0,
-            DetectEngineInspectFtpdataGeneric, NULL);
+            DetectEngineInspectGenericList, NULL);
    DetectAppLayerInspectEngineRegister2("ftpdata_command", ALPROTO_FTPDATA, SIG_FLAG_TOCLIENT, 0,
-            DetectEngineInspectFtpdataGeneric, NULL);
+            DetectEngineInspectGenericList, NULL);
    g_ftpdata_buffer_id = DetectBufferTypeGetByName("ftpdata_command");
    /* set up the PCRE for keyword parsing */
    DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
 }
 static uint8_t DetectEngineInspectFtpdataGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 /**
 * \brief This function is used to check matches from the FTP App Layer Parser
 *
--- a/src/detect-http2.c
+++ b/src/detect-http2.c
@ -109,13 +109,6 @@ static int g_http2_match_buffer_id = 0;
 static int g_http2_header_name_buffer_id = 0;
 static int g_http2_header_buffer_id = 0;
 static uint8_t DetectEngineInspectHTTP2(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
        const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
        uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 /**
 * \brief Registration function for HTTP2 keywords
@ -237,9 +230,9 @@ void DetectHttp2Register(void)
    g_http2_header_buffer_id = DetectBufferTypeGetByName("http2_header");
    DetectAppLayerInspectEngineRegister2(
-            "http2", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, 0, DetectEngineInspectHTTP2, NULL);
+            "http2", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL);
    DetectAppLayerInspectEngineRegister2(
-            "http2", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectHTTP2, NULL);
+            "http2", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL);
    g_http2_match_buffer_id = DetectBufferTypeRegister("http2");
    return;
--- a/src/detect-ike-chosen-sa.c
+++ b/src/detect-ike-chosen-sa.c
@ -56,10 +56,6 @@ static int DetectIkeChosenSaSetup(DetectEngineCtx *, Signature *s, const char *s
 static void DetectIkeChosenSaFree(DetectEngineCtx *, void *);
 static int g_ike_chosen_sa_buffer_id = 0;
 static uint8_t DetectEngineInspectIkeChosenSaGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
 static int DetectIkeChosenSaMatch(DetectEngineThreadCtx *, Flow *, uint8_t, void *, void *,
        const Signature *, const SigMatchCtx *);
 void IKEChosenSaRegisterTests(void);
@ -82,19 +78,11 @@ void DetectIkeChosenSaRegister(void)
    DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
    DetectAppLayerInspectEngineRegister2("ike.chosen_sa_attribute", ALPROTO_IKE, SIG_FLAG_TOCLIENT,
-            1, DetectEngineInspectIkeChosenSaGeneric, NULL);
+            1, DetectEngineInspectGenericList, NULL);
    g_ike_chosen_sa_buffer_id = DetectBufferTypeGetByName("ike.chosen_sa_attribute");
 }
 static uint8_t DetectEngineInspectIkeChosenSaGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 /**
 * \internal
 * \brief Function to match SA attributes of a IKE state
--- a/src/detect-ike-exch-type.c
+++ b/src/detect-ike-exch-type.c
@ -41,10 +41,6 @@ static int DetectIkeExchTypeSetup(DetectEngineCtx *, Signature *s, const char *s
 static void DetectIkeExchTypeFree(DetectEngineCtx *, void *);
 static int g_ike_exch_type_buffer_id = 0;
 static uint8_t DetectEngineInspectIkeExchTypeGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
 static int DetectIkeExchTypeMatch(DetectEngineThreadCtx *, Flow *, uint8_t, void *, void *,
        const Signature *, const SigMatchCtx *);
@ -62,22 +58,14 @@ void DetectIkeExchTypeRegister(void)
    sigmatch_table[DETECT_AL_IKE_EXCH_TYPE].Free = DetectIkeExchTypeFree;
    DetectAppLayerInspectEngineRegister2("ike.exchtype", ALPROTO_IKE, SIG_FLAG_TOSERVER, 1,
-            DetectEngineInspectIkeExchTypeGeneric, NULL);
+            DetectEngineInspectGenericList, NULL);
    DetectAppLayerInspectEngineRegister2("ike.exchtype", ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1,
-            DetectEngineInspectIkeExchTypeGeneric, NULL);
+            DetectEngineInspectGenericList, NULL);
    g_ike_exch_type_buffer_id = DetectBufferTypeGetByName("ike.exchtype");
 }
 static uint8_t DetectEngineInspectIkeExchTypeGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 /**
 * \internal
 * \brief Function to match exchange type of a IKE state
--- a/src/detect-ike-key-exchange-payload-length.c
+++ b/src/detect-ike-key-exchange-payload-length.c
@ -40,10 +40,6 @@ static int DetectIkeKeyExchangePayloadLengthSetup(DetectEngineCtx *, Signature *
 static void DetectIkeKeyExchangePayloadLengthFree(DetectEngineCtx *, void *);
 static int g_ike_key_exch_payload_length_buffer_id = 0;
 static uint8_t DetectEngineInspectIkeKeyExchangePayloadLengthGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
 static int DetectIkeKeyExchangePayloadLengthMatch(DetectEngineThreadCtx *, Flow *, uint8_t, void *,
        void *, const Signature *, const SigMatchCtx *);
@ -66,23 +62,15 @@ void DetectIkeKeyExchangePayloadLengthRegister(void)
            DetectIkeKeyExchangePayloadLengthFree;
    DetectAppLayerInspectEngineRegister2("ike.key_exchange_payload_length", ALPROTO_IKE,
-            SIG_FLAG_TOSERVER, 1, DetectEngineInspectIkeKeyExchangePayloadLengthGeneric, NULL);
+            SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL);
    DetectAppLayerInspectEngineRegister2("ike.key_exchange_payload_length", ALPROTO_IKE,
-            SIG_FLAG_TOCLIENT, 1, DetectEngineInspectIkeKeyExchangePayloadLengthGeneric, NULL);
+            SIG_FLAG_TOCLIENT, 1, DetectEngineInspectGenericList, NULL);
    g_ike_key_exch_payload_length_buffer_id =
            DetectBufferTypeGetByName("ike.key_exchange_payload_length");
 }
 static uint8_t DetectEngineInspectIkeKeyExchangePayloadLengthGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 /**
 * \internal
 * \brief Function to match key exchange payload length of a IKE state
--- a/src/detect-ike-nonce-payload-length.c
+++ b/src/detect-ike-nonce-payload-length.c
@ -40,10 +40,6 @@ static int DetectIkeNoncePayloadLengthSetup(DetectEngineCtx *, Signature *s, con
 static void DetectIkeNoncePayloadLengthFree(DetectEngineCtx *, void *);
 static int g_ike_nonce_payload_length_buffer_id = 0;
 static uint8_t DetectEngineInspectIkeNoncePayloadLengthGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
 static int DetectIkeNoncePayloadLengthMatch(DetectEngineThreadCtx *, Flow *, uint8_t, void *,
        void *, const Signature *, const SigMatchCtx *);
@ -62,22 +58,14 @@ void DetectIkeNoncePayloadLengthRegister(void)
    sigmatch_table[DETECT_AL_IKE_NONCE_PAYLOAD_LENGTH].Free = DetectIkeNoncePayloadLengthFree;
    DetectAppLayerInspectEngineRegister2("ike.nonce_payload_length", ALPROTO_IKE, SIG_FLAG_TOSERVER,
-            1, DetectEngineInspectIkeNoncePayloadLengthGeneric, NULL);
+            1, DetectEngineInspectGenericList, NULL);
    DetectAppLayerInspectEngineRegister2("ike.nonce_payload_length", ALPROTO_IKE, SIG_FLAG_TOCLIENT,
-            1, DetectEngineInspectIkeNoncePayloadLengthGeneric, NULL);
+            1, DetectEngineInspectGenericList, NULL);
    g_ike_nonce_payload_length_buffer_id = DetectBufferTypeGetByName("ike.nonce_payload_length");
 }
 static uint8_t DetectEngineInspectIkeNoncePayloadLengthGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 /**
 * \internal
 * \brief Function to match nonce length of a IKE state
--- a/src/detect-krb5-errcode.c
+++ b/src/detect-krb5-errcode.c
@ -49,10 +49,6 @@ static void DetectKrb5ErrCodeFree (DetectEngineCtx *, void *);
 static void DetectKrb5ErrCodeRegisterTests (void);
 #endif
 static uint8_t DetectEngineInspectKRB5Generic(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
 static int g_krb5_err_code_list_id = 0;
 /**
@ -74,10 +70,10 @@ void DetectKrb5ErrCodeRegister(void)
 #endif
    DetectAppLayerInspectEngineRegister2("krb5_err_code", ALPROTO_KRB5, SIG_FLAG_TOSERVER, 0,
-            DetectEngineInspectKRB5Generic, NULL);
+            DetectEngineInspectGenericList, NULL);
    DetectAppLayerInspectEngineRegister2("krb5_err_code", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0,
-            DetectEngineInspectKRB5Generic, NULL);
+            DetectEngineInspectGenericList, NULL);
    /* set up the PCRE for keyword parsing */
    DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
@ -86,14 +82,6 @@ void DetectKrb5ErrCodeRegister(void)
    SCLogDebug("g_krb5_err_code_list_id %d", g_krb5_err_code_list_id);
 }
 static uint8_t DetectEngineInspectKRB5Generic(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 /**
 * \brief This function is used to match KRB5 rule option on a packet
 *
--- a/src/detect-krb5-msgtype.c
+++ b/src/detect-krb5-msgtype.c
@ -49,10 +49,6 @@ static void DetectKrb5MsgTypeFree (DetectEngineCtx *, void *);
 static void DetectKrb5MsgTypeRegisterTests (void);
 #endif
 static uint8_t DetectEngineInspectKRB5Generic(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
 static int g_krb5_msg_type_list_id = 0;
 /**
@ -74,10 +70,10 @@ void DetectKrb5MsgTypeRegister(void)
 #endif
    DetectAppLayerInspectEngineRegister2("krb5_msg_type", ALPROTO_KRB5, SIG_FLAG_TOSERVER, 0,
-            DetectEngineInspectKRB5Generic, NULL);
+            DetectEngineInspectGenericList, NULL);
    DetectAppLayerInspectEngineRegister2("krb5_msg_type", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0,
-            DetectEngineInspectKRB5Generic, NULL);
+            DetectEngineInspectGenericList, NULL);
    /* set up the PCRE for keyword parsing */
    DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
@ -86,14 +82,6 @@ void DetectKrb5MsgTypeRegister(void)
    SCLogDebug("g_krb5_msg_type_list_id %d", g_krb5_msg_type_list_id);
 }
 static uint8_t DetectEngineInspectKRB5Generic(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 /**
 * \brief This function is used to match KRB5 rule option on a packet
 *
--- a/src/detect-lua.c
+++ b/src/detect-lua.c
@ -104,10 +104,6 @@ static void DetectLuaRegisterTests(void);
 static void DetectLuaFree(DetectEngineCtx *, void *);
 static int g_smtp_generic_list_id = 0;
 static uint8_t InspectSmtpGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
        const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
        uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
 /**
 * \brief Registration function for keyword: lua
 */
@ -126,23 +122,15 @@ void DetectLuaRegister(void)
 #endif
    g_smtp_generic_list_id = DetectBufferTypeRegister("smtp_generic");
-    DetectAppLayerInspectEngineRegister2(
+    DetectAppLayerInspectEngineRegister2("smtp_generic", ALPROTO_SMTP, SIG_FLAG_TOSERVER, 0,
-            "smtp_generic", ALPROTO_SMTP, SIG_FLAG_TOSERVER, 0, InspectSmtpGeneric, NULL);
+            DetectEngineInspectGenericList, NULL);
-    DetectAppLayerInspectEngineRegister2(
+    DetectAppLayerInspectEngineRegister2("smtp_generic", ALPROTO_SMTP, SIG_FLAG_TOCLIENT, 0,
-            "smtp_generic", ALPROTO_SMTP, SIG_FLAG_TOCLIENT, 0, InspectSmtpGeneric, NULL);
+            DetectEngineInspectGenericList, NULL);
    SCLogDebug("registering lua rule option");
    return;
 }
 static uint8_t InspectSmtpGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
        const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
        uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 #define DATATYPE_PACKET  BIT_U32(0)
 #define DATATYPE_PAYLOAD BIT_U32(1)
 #define DATATYPE_STREAM  BIT_U32(2)
--- a/src/detect-modbus.c
+++ b/src/detect-modbus.c
@ -121,26 +121,6 @@ static int DetectModbusMatch(DetectEngineThreadCtx *det_ctx, Flow *f, uint8_t fl
    return rs_modbus_inspect(txv, (void *)ctx);
 }
 /** \brief Do the content inspection & validation for a signature
 *
 *  \param de_ctx   Detection engine context
 *  \param det_ctx  Detection engine thread context
 *  \param s        Signature to inspect ( and sm: SigMatch to inspect)
 *  \param f        Flow
 *  \param flags    App layer flags
 *  \param alstate  App layer state
 *  \param txv      Pointer to Modbus Transaction structure
 *
 *  \retval 0 no match or 1 match
 */
 static uint8_t DetectEngineInspectModbus(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
        const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
        uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 /**
 * \brief Registration function for Modbus keyword
 */
@ -155,7 +135,7 @@ void DetectModbusRegister(void)
    sigmatch_table[DETECT_AL_MODBUS].AppLayerTxMatch = DetectModbusMatch;
    DetectAppLayerInspectEngineRegister2(
-            "modbus", ALPROTO_MODBUS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectModbus, NULL);
+            "modbus", ALPROTO_MODBUS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL);
    g_modbus_buffer_id = DetectBufferTypeGetByName("modbus");
 }
--- a/src/detect-mqtt-connack-sessionpresent.c
+++ b/src/detect-mqtt-connack-sessionpresent.c
@ -45,10 +45,6 @@ static int DetectMQTTConnackSessionPresentSetup (DetectEngineCtx *, Signature *,
 void MQTTConnackSessionPresentRegisterTests(void);
 void DetectMQTTConnackSessionPresentFree(DetectEngineCtx *de_ctx, void *);
 static uint8_t DetectEngineInspectMQTTConnackSessionPresentGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
 /**
 * \brief Registration function for mqtt.connack.session_present: keyword
 */
@ -67,19 +63,11 @@ void DetectMQTTConnackSessionPresentRegister (void)
    DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
    DetectAppLayerInspectEngineRegister2("mqtt.connack.session_present", ALPROTO_MQTT,
-            SIG_FLAG_TOSERVER, 1, DetectEngineInspectMQTTConnackSessionPresentGeneric, NULL);
+            SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL);
    mqtt_connack_session_present_id = DetectBufferTypeGetByName("mqtt.connack.session_present");
 }
 static uint8_t DetectEngineInspectMQTTConnackSessionPresentGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 /**
 * \internal
 * \brief Function to match session_present flag of an MQTT CONNACK message
--- a/src/detect-mqtt-connect-flags.c
+++ b/src/detect-mqtt-connect-flags.c
@ -45,10 +45,6 @@ static int DetectMQTTConnectFlagsSetup (DetectEngineCtx *, Signature *, const ch
 void MQTTConnectFlagsRegisterTests(void);
 void DetectMQTTConnectFlagsFree(DetectEngineCtx *de_ctx, void *);
 static uint8_t DetectEngineInspectMQTTConnectFlagsGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
 typedef struct DetectMQTTConnectFlagsData_ {
    MQTTFlagState username,
                  password,
@ -75,19 +71,11 @@ void DetectMQTTConnectFlagsRegister (void)
    DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
    DetectAppLayerInspectEngineRegister2("mqtt.connect.flags", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1,
-            DetectEngineInspectMQTTConnectFlagsGeneric, NULL);
+            DetectEngineInspectGenericList, NULL);
    mqtt_connect_flags_id = DetectBufferTypeGetByName("mqtt.connect.flags");
 }
 static uint8_t DetectEngineInspectMQTTConnectFlagsGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 /**
 * \internal
 * \brief Function to match variable header flags of an MQTT CONNECT Tx
--- a/src/detect-mqtt-flags.c
+++ b/src/detect-mqtt-flags.c
@ -45,10 +45,6 @@ static int DetectMQTTFlagsSetup (DetectEngineCtx *, Signature *, const char *);
 void MQTTFlagsRegisterTests(void);
 void DetectMQTTFlagsFree(DetectEngineCtx *de_ctx, void *);
 static uint8_t DetectEngineInspectMQTTFlagsGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
 typedef struct DetectMQTTFlagsData_ {
    MQTTFlagState retain, dup;
 } DetectMQTTFlagsData;
@ -70,20 +66,12 @@ void DetectMQTTFlagsRegister (void)
    DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
-    DetectAppLayerInspectEngineRegister2("mqtt.flags", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1,
+    DetectAppLayerInspectEngineRegister2(
-            DetectEngineInspectMQTTFlagsGeneric, NULL);
+            "mqtt.flags", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL);
    mqtt_flags_id = DetectBufferTypeGetByName("mqtt.flags");
 }
 static uint8_t DetectEngineInspectMQTTFlagsGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 /**
 * \internal
 * \brief Function to match fixed header flags of an MQTT Tx
--- a/src/detect-mqtt-protocol-version.c
+++ b/src/detect-mqtt-protocol-version.c
@ -44,10 +44,6 @@ static int DetectMQTTProtocolVersionSetup (DetectEngineCtx *, Signature *, const
 void MQTTProtocolVersionRegisterTests(void);
 void DetectMQTTProtocolVersionFree(DetectEngineCtx *de_ctx, void *);
 static uint8_t DetectEngineInspectMQTTProtocolVersionGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
 /**
 * \brief Registration function for mqtt.protocol_version: keyword
 */
@ -64,19 +60,11 @@ void DetectMQTTProtocolVersionRegister (void)
 #endif
    DetectAppLayerInspectEngineRegister2("mqtt.protocol_version", ALPROTO_MQTT, SIG_FLAG_TOSERVER,
-            1, DetectEngineInspectMQTTProtocolVersionGeneric, NULL);
+            1, DetectEngineInspectGenericList, NULL);
    mqtt_protocol_version_id = DetectBufferTypeGetByName("mqtt.protocol_version");
 }
 static uint8_t DetectEngineInspectMQTTProtocolVersionGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 /**
 * \internal
 * \brief Function to match protocol version of an MQTT Tx
--- a/src/detect-mqtt-qos.c
+++ b/src/detect-mqtt-qos.c
@ -43,10 +43,6 @@ static int DetectMQTTQosSetup (DetectEngineCtx *, Signature *, const char *);
 void MQTTQosRegisterTests(void);
 void DetectMQTTQosFree(DetectEngineCtx *de_ctx, void *);
 static uint8_t DetectEngineInspectMQTTQosGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
 /**
 * \brief Registration function for mqtt.qos: keyword
 */
@ -62,20 +58,12 @@ void DetectMQTTQosRegister (void)
    sigmatch_table[DETECT_AL_MQTT_QOS].RegisterTests = MQTTQosRegisterTests;
 #endif
-    DetectAppLayerInspectEngineRegister2("mqtt.qos", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1,
+    DetectAppLayerInspectEngineRegister2(
-            DetectEngineInspectMQTTQosGeneric, NULL);
+            "mqtt.qos", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL);
    mqtt_qos_id = DetectBufferTypeGetByName("mqtt.qos");
 }
 static uint8_t DetectEngineInspectMQTTQosGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 /**
 * \internal
 * \brief Function to match fixed header QOS field of an MQTT Tx
--- a/src/detect-mqtt-reason-code.c
+++ b/src/detect-mqtt-reason-code.c
@ -46,10 +46,6 @@ static int DetectMQTTReasonCodeSetup (DetectEngineCtx *, Signature *, const char
 void MQTTReasonCodeRegisterTests(void);
 void DetectMQTTReasonCodeFree(DetectEngineCtx *de_ctx, void *);
 static uint8_t DetectEngineInspectMQTTReasonCodeGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
 /**
 * \brief Registration function for mqtt.reason_code: keyword
 */
@ -69,19 +65,11 @@ void DetectMQTTReasonCodeRegister (void)
    DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
    DetectAppLayerInspectEngineRegister2("mqtt.reason_code", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1,
-            DetectEngineInspectMQTTReasonCodeGeneric, NULL);
+            DetectEngineInspectGenericList, NULL);
    mqtt_reason_code_id = DetectBufferTypeGetByName("mqtt.reason_code");
 }
 static uint8_t DetectEngineInspectMQTTReasonCodeGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 /**
 * \internal
 * \brief Function to match reason code of an MQTT 5.0 Tx
--- a/src/detect-mqtt-type.c
+++ b/src/detect-mqtt-type.c
@ -42,10 +42,6 @@ static int DetectMQTTTypeSetup (DetectEngineCtx *, Signature *, const char *);
 void MQTTTypeRegisterTests(void);
 void DetectMQTTTypeFree(DetectEngineCtx *de_ctx, void *);
 static uint8_t DetectEngineInspectMQTTTypeGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
 /**
 * \brief Registration function for ipopts: keyword
 */
@ -61,20 +57,12 @@ void DetectMQTTTypeRegister (void)
    sigmatch_table[DETECT_AL_MQTT_TYPE].RegisterTests = MQTTTypeRegisterTests;
 #endif
-    DetectAppLayerInspectEngineRegister2("mqtt.type", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1,
+    DetectAppLayerInspectEngineRegister2(
-            DetectEngineInspectMQTTTypeGeneric, NULL);
+            "mqtt.type", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL);
    mqtt_type_id = DetectBufferTypeGetByName("mqtt.type");
 }
 static uint8_t DetectEngineInspectMQTTTypeGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 /**
 * \internal
 * \brief Function to match control packet type of an MQTT Tx
--- a/src/detect-nfs-procedure.c
+++ b/src/detect-nfs-procedure.c
@ -55,10 +55,6 @@ static void DetectNfsProcedureRegisterTests(void);
 #endif
 static int g_nfs_request_buffer_id = 0;
 static uint8_t DetectEngineInspectNfsRequestGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
 static int DetectNfsProcedureMatch (DetectEngineThreadCtx *, Flow *,
                                   uint8_t, void *, void *, const Signature *,
                                   const SigMatchCtx *);
@ -79,22 +75,14 @@ void DetectNfsProcedureRegister (void)
    sigmatch_table[DETECT_AL_NFS_PROCEDURE].RegisterTests = DetectNfsProcedureRegisterTests;
 #endif
-    DetectAppLayerInspectEngineRegister2("nfs_request", ALPROTO_NFS, SIG_FLAG_TOSERVER, 0,
+    DetectAppLayerInspectEngineRegister2(
-            DetectEngineInspectNfsRequestGeneric, NULL);
+            "nfs_request", ALPROTO_NFS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL);
    g_nfs_request_buffer_id = DetectBufferTypeGetByName("nfs_request");
    SCLogDebug("g_nfs_request_buffer_id %d", g_nfs_request_buffer_id);
 }
 static uint8_t DetectEngineInspectNfsRequestGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 /**
 * \internal
 * \brief Function to match procedure of a TX
--- a/src/detect-nfs-version.c
+++ b/src/detect-nfs-version.c
@ -53,10 +53,6 @@ static int DetectNfsVersionSetup (DetectEngineCtx *, Signature *s, const char *s
 static void DetectNfsVersionFree(DetectEngineCtx *de_ctx, void *);
 static int g_nfs_request_buffer_id = 0;
 static uint8_t DetectEngineInspectNfsRequestGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
 static int DetectNfsVersionMatch (DetectEngineThreadCtx *, Flow *,
                                   uint8_t, void *, void *, const Signature *,
                                   const SigMatchCtx *);
@ -74,22 +70,14 @@ void DetectNfsVersionRegister (void)
    sigmatch_table[DETECT_AL_NFS_VERSION].Setup = DetectNfsVersionSetup;
    sigmatch_table[DETECT_AL_NFS_VERSION].Free = DetectNfsVersionFree;
    // unit tests were the same as DetectNfsProcedureRegisterTests
-    DetectAppLayerInspectEngineRegister2("nfs_request", ALPROTO_NFS, SIG_FLAG_TOSERVER, 0,
+    DetectAppLayerInspectEngineRegister2(
-            DetectEngineInspectNfsRequestGeneric, NULL);
+            "nfs_request", ALPROTO_NFS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL);
    g_nfs_request_buffer_id = DetectBufferTypeGetByName("nfs_request");
    SCLogDebug("g_nfs_request_buffer_id %d", g_nfs_request_buffer_id);
 }
 static uint8_t DetectEngineInspectNfsRequestGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 /**
 * \internal
 * \brief Function to match version of a TX
--- a/src/detect-rfb-secresult.c
+++ b/src/detect-rfb-secresult.c
@ -47,10 +47,6 @@ static void RfbSecresultRegisterTests(void);
 #endif
 void DetectRfbSecresultFree(DetectEngineCtx *, void *);
 static uint8_t DetectEngineInspectRfbSecresultGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
 typedef struct DetectRfbSecresultData_ {
    uint32_t result; /** result code */
 } DetectRfbSecresultData;
@ -72,19 +68,11 @@ void DetectRfbSecresultRegister (void)
    DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
    DetectAppLayerInspectEngineRegister2("rfb.secresult", ALPROTO_RFB, SIG_FLAG_TOCLIENT, 1,
-            DetectEngineInspectRfbSecresultGeneric, NULL);
+            DetectEngineInspectGenericList, NULL);
    rfb_secresult_id = DetectBufferTypeGetByName("rfb.secresult");
 }
 static uint8_t DetectEngineInspectRfbSecresultGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 enum {
    RFB_SECRESULT_OK = 0,
    RFB_SECRESULT_FAIL,
--- a/src/detect-rfb-sectype.c
+++ b/src/detect-rfb-sectype.c
@ -38,10 +38,6 @@ static int DetectRfbSectypeSetup (DetectEngineCtx *, Signature *s, const char *s
 static void DetectRfbSectypeFree(DetectEngineCtx *, void *);
 static int g_rfb_sectype_buffer_id = 0;
 static uint8_t DetectEngineInspectRfbSectypeGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
 static int DetectRfbSectypeMatch (DetectEngineThreadCtx *, Flow *,
                                   uint8_t, void *, void *, const Signature *,
                                   const SigMatchCtx *);
@ -58,20 +54,12 @@ void DetectRfbSectypeRegister (void)
    sigmatch_table[DETECT_AL_RFB_SECTYPE].Setup = DetectRfbSectypeSetup;
    sigmatch_table[DETECT_AL_RFB_SECTYPE].Free = DetectRfbSectypeFree;
-    DetectAppLayerInspectEngineRegister2("rfb.sectype", ALPROTO_RFB, SIG_FLAG_TOSERVER, 1,
+    DetectAppLayerInspectEngineRegister2(
-            DetectEngineInspectRfbSectypeGeneric, NULL);
+            "rfb.sectype", ALPROTO_RFB, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL);
    g_rfb_sectype_buffer_id = DetectBufferTypeGetByName("rfb.sectype");
 }
 static uint8_t DetectEngineInspectRfbSectypeGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 /**
 * \internal
 * \brief Function to match security type of a RFB TX
--- a/src/detect-snmp-pdu_type.c
+++ b/src/detect-snmp-pdu_type.c
@ -49,10 +49,6 @@ static void DetectSNMPPduTypeRegisterTests(void);
 #endif
 static int g_snmp_pdu_type_buffer_id = 0;
 static uint8_t DetectEngineInspectSNMPRequestGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
 static int DetectSNMPPduTypeMatch (DetectEngineThreadCtx *, Flow *,
                                   uint8_t, void *, void *, const Signature *,
                                   const SigMatchCtx *);
@ -73,22 +69,14 @@ void DetectSNMPPduTypeRegister(void)
    DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
    DetectAppLayerInspectEngineRegister2("snmp.pdu_type", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0,
-            DetectEngineInspectSNMPRequestGeneric, NULL);
+            DetectEngineInspectGenericList, NULL);
    DetectAppLayerInspectEngineRegister2("snmp.pdu_type", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0,
-            DetectEngineInspectSNMPRequestGeneric, NULL);
+            DetectEngineInspectGenericList, NULL);
    g_snmp_pdu_type_buffer_id = DetectBufferTypeGetByName("snmp.pdu_type");
 }
 static uint8_t DetectEngineInspectSNMPRequestGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 /**
 * \internal
 * \brief Function to match pdu_type of a TX
--- a/src/detect-snmp-version.c
+++ b/src/detect-snmp-version.c
@ -40,10 +40,6 @@ static void DetectSNMPVersionRegisterTests(void);
 #endif
 static int g_snmp_version_buffer_id = 0;
 static uint8_t DetectEngineInspectSNMPRequestGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
 static int DetectSNMPVersionMatch (DetectEngineThreadCtx *, Flow *,
                                   uint8_t, void *, void *, const Signature *,
                                   const SigMatchCtx *);
@ -65,22 +61,14 @@ void DetectSNMPVersionRegister (void)
 #endif
    DetectAppLayerInspectEngineRegister2("snmp.version", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0,
-            DetectEngineInspectSNMPRequestGeneric, NULL);
+            DetectEngineInspectGenericList, NULL);
    DetectAppLayerInspectEngineRegister2("snmp.version", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0,
-            DetectEngineInspectSNMPRequestGeneric, NULL);
+            DetectEngineInspectGenericList, NULL);
    g_snmp_version_buffer_id = DetectBufferTypeGetByName("snmp.version");
 }
 static uint8_t DetectEngineInspectSNMPRequestGeneric(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 /**
 * \internal
 * \brief Function to match version of a TX
--- a/src/detect-ssh-software-version.c
+++ b/src/detect-ssh-software-version.c
@ -77,13 +77,6 @@ static void DetectSshSoftwareVersionRegisterTests(void);
 static void DetectSshSoftwareVersionFree(DetectEngineCtx *de_ctx, void *);
 static int g_ssh_banner_list_id = 0;
 static uint8_t InspectSshBanner(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
        const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
        uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 /**
 * \brief Registration function for keyword: ssh.softwareversion
@ -107,9 +100,9 @@ void DetectSshSoftwareVersionRegister(void)
    g_ssh_banner_list_id = DetectBufferTypeRegister("ssh_banner");
    DetectAppLayerInspectEngineRegister2("ssh_banner", ALPROTO_SSH, SIG_FLAG_TOSERVER,
-            SshStateBannerDone, InspectSshBanner, NULL);
+            SshStateBannerDone, DetectEngineInspectGenericList, NULL);
    DetectAppLayerInspectEngineRegister2("ssh_banner", ALPROTO_SSH, SIG_FLAG_TOCLIENT,
-            SshStateBannerDone, InspectSshBanner, NULL);
+            SshStateBannerDone, DetectEngineInspectGenericList, NULL);
 }
 /**
--- a/src/detect-ssl-state.c
+++ b/src/detect-ssl-state.c
@ -66,10 +66,6 @@ static void DetectSslStateRegisterTests(void);
 #endif
 static void DetectSslStateFree(DetectEngineCtx *, void *);
 static uint8_t InspectTlsGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
        const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
        uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
 static int g_tls_generic_list_id = 0;
 /**
@ -95,17 +91,9 @@ void DetectSslStateRegister(void)
            "generic ssl/tls inspection");
    DetectAppLayerInspectEngineRegister2(
-            "tls_generic", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, InspectTlsGeneric, NULL);
+            "tls_generic", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL);
    DetectAppLayerInspectEngineRegister2(
-            "tls_generic", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, InspectTlsGeneric, NULL);
+            "tls_generic", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL);
 }
 static uint8_t InspectTlsGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
        const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
        uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 /**
--- a/src/detect-tls-cert-validity.c
+++ b/src/detect-tls-cert-validity.c
@ -75,10 +75,6 @@ static void TlsValidRegisterTests(void);
 static void DetectTlsValidityFree(DetectEngineCtx *, void *);
 static int g_tls_validity_buffer_id = 0;
 static uint8_t DetectEngineInspectTlsValidity(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
 /**
 * \brief Registration function for tls validity keywords.
 */
@ -129,19 +125,11 @@ void DetectTlsValidityRegister (void)
    DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
    DetectAppLayerInspectEngineRegister2("tls_validity", ALPROTO_TLS, SIG_FLAG_TOCLIENT,
-            TLS_STATE_CERT_READY, DetectEngineInspectTlsValidity, NULL);
+            TLS_STATE_CERT_READY, DetectEngineInspectGenericList, NULL);
    g_tls_validity_buffer_id = DetectBufferTypeGetByName("tls_validity");
 }
 static uint8_t DetectEngineInspectTlsValidity(DetectEngineCtx *de_ctx,
        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 /**
 * \internal
 * \brief Function to match validity field in a tls certificate.
--- a/src/detect-tls.c
+++ b/src/detect-tls.c
@ -96,13 +96,6 @@ static int DetectTlsStorePostMatch (DetectEngineThreadCtx *det_ctx,
 static int g_tls_cert_list_id = 0;
 static uint8_t InspectTlsCert(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
        const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
        uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
 {
    return DetectEngineInspectGenericList(
            de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
 }
 /**
 * \brief Registration function for keyword: tls.version
@ -150,8 +143,8 @@ void DetectTlsRegister (void)
    g_tls_cert_list_id = DetectBufferTypeRegister("tls_cert");
-    DetectAppLayerInspectEngineRegister2(
+    DetectAppLayerInspectEngineRegister2("tls_cert", ALPROTO_TLS, SIG_FLAG_TOCLIENT,
-            "tls_cert", ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, InspectTlsCert, NULL);
+            TLS_STATE_CERT_READY, DetectEngineInspectGenericList, NULL);
 }
 /**