aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect: remove wrappers around DetectEngineInspectGenericList

Browse Source
pull/7654/head
Philippe Antoine 3 years ago committed by Victor Julien
parent 7eaf1688b5
commit 83a8cd80b2
34 changed files with 70 additions and 442 deletions
Show Stats Download Patch File Download Diff File

24
src/detect-dce-iface.c
Unescape Escape View File

@ -63,10 +63,6 @@ static void DetectDceIfaceRegisterTests(void);
#endif
static int g_dce_generic_list_id = 0;
static uint8_t InspectDceGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
/**
* \brief Registers the keyword handlers for the "dce_iface" keyword.
*/
@ -84,23 +80,15 @@ void DetectDceIfaceRegister(void)
g_dce_generic_list_id = DetectBufferTypeRegister("dce_generic");
DetectAppLayerInspectEngineRegister2("dce_generic", ALPROTO_DCERPC, SIG_FLAG_TOSERVER, 0,
DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2(
"dce_generic", ALPROTO_DCERPC, SIG_FLAG_TOSERVER, 0, InspectDceGeneric, NULL);
DetectAppLayerInspectEngineRegister2(
"dce_generic", ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, InspectDceGeneric, NULL);
"dce_generic", ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2("dce_generic", ALPROTO_DCERPC, SIG_FLAG_TOCLIENT, 0,
DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2(
"dce_generic", ALPROTO_DCERPC, SIG_FLAG_TOCLIENT, 0, InspectDceGeneric, NULL);
DetectAppLayerInspectEngineRegister2(
"dce_generic", ALPROTO_SMB, SIG_FLAG_TOCLIENT, 0, InspectDceGeneric, NULL);
}
static uint8_t InspectDceGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
"dce_generic", ALPROTO_SMB, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL);
}
/**

12
src/detect-dnp3.c
Unescape Escape View File

@ -176,14 +176,6 @@ static InspectionBuffer *GetDNP3Data(DetectEngineThreadCtx *det_ctx,
return buffer;
}
static uint8_t DetectEngineInspectDNP3(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
}
/**
* \brief Parse the provided function name or code to its integer
* value.
@ -598,9 +590,9 @@ void DetectDNP3Register(void)
/* Register the list of func, ind and obj. */
DetectAppLayerInspectEngineRegister2(
"dnp3", ALPROTO_DNP3, SIG_FLAG_TOSERVER, 0, DetectEngineInspectDNP3, NULL);
"dnp3", ALPROTO_DNP3, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2(
"dnp3", ALPROTO_DNP3, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectDNP3, NULL);
"dnp3", ALPROTO_DNP3, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL);
g_dnp3_match_buffer_id = DetectBufferTypeRegister("dnp3");

16
src/detect-dns-opcode.c
Unescape Escape View File

@ -74,14 +74,6 @@ static int DetectDnsOpcodeMatch(DetectEngineThreadCtx *det_ctx,
return rs_dns_opcode_match(txv, (void *)ctx, flags);
}
static uint8_t DetectEngineInspectRequestGenericDnsOpcode(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
}
void DetectDnsOpcodeRegister(void)
{
sigmatch_table[DETECT_AL_DNS_OPCODE].name = "dns.opcode";
@ -92,11 +84,11 @@ void DetectDnsOpcodeRegister(void)
sigmatch_table[DETECT_AL_DNS_OPCODE].AppLayerTxMatch =
DetectDnsOpcodeMatch;
DetectAppLayerInspectEngineRegister2("dns.opcode", ALPROTO_DNS, SIG_FLAG_TOSERVER, 0,
DetectEngineInspectRequestGenericDnsOpcode, NULL);
DetectAppLayerInspectEngineRegister2(
"dns.opcode", ALPROTO_DNS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2("dns.opcode", ALPROTO_DNS, SIG_FLAG_TOCLIENT, 0,
DetectEngineInspectRequestGenericDnsOpcode, NULL);
DetectAppLayerInspectEngineRegister2(
"dns.opcode", ALPROTO_DNS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL);
dns_opcode_list_id = DetectBufferTypeGetByName("dns.opcode");
}

22
src/detect-dns-query.c
Unescape Escape View File

@ -197,24 +197,6 @@ static int PrefilterMpmDnsQueryRegister(DetectEngineCtx *de_ctx,
pectx, PrefilterMpmDnsQueryFree, mpm_reg->pname);
}
#ifdef HAVE_LUA
static uint8_t DetectEngineInspectDnsRequest(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
}
static uint8_t DetectEngineInspectDnsResponse(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
}
#endif
/**
* \brief Registration function for keyword: dns_query
*/
@ -247,9 +229,9 @@ void DetectDnsQueryRegister (void)
#ifdef HAVE_LUA
/* register these generic engines from here for now */
DetectAppLayerInspectEngineRegister2(
"dns_request", ALPROTO_DNS, SIG_FLAG_TOSERVER, 1, DetectEngineInspectDnsRequest, NULL);
"dns_request", ALPROTO_DNS, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2("dns_response", ALPROTO_DNS, SIG_FLAG_TOCLIENT, 1,
DetectEngineInspectDnsResponse, NULL);
DetectEngineInspectGenericList, NULL);
DetectBufferTypeSetDescriptionByName("dns_request",
"dns requests");

7
src/detect-engine.c
Unescape Escape View File

@ -1949,10 +1949,11 @@ int DetectEngineReloadIsIdle(void)
* \retval 0 no match
* \retval 1 match
*/
uint8_t DetectEngineInspectGenericList(const DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Flow *f,
const uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
uint8_t DetectEngineInspectGenericList(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
SigMatchData *smd = engine->smd;
SCLogDebug("running match functions, sm %p", smd);
if (smd != NULL) {
while (1) {

5
src/detect-engine.h
Unescape Escape View File

@ -131,8 +131,9 @@ int DetectEngineTentantUnregisterVlanId(uint32_t tenant_id, uint16_t vlan_id);
int DetectEngineTentantRegisterPcapFile(uint32_t tenant_id);
int DetectEngineTentantUnregisterPcapFile(uint32_t tenant_id);
uint8_t DetectEngineInspectGenericList(const DetectEngineCtx *, DetectEngineThreadCtx *,
const Signature *, const SigMatchData *, Flow *, const uint8_t, void *, void *, uint64_t);
uint8_t DetectEngineInspectGenericList(DetectEngineCtx *, DetectEngineThreadCtx *,
const struct DetectEngineAppInspectionEngine_ *, const Signature *, Flow *, uint8_t, void *,
void *, uint64_t);
uint8_t DetectEngineInspectBufferGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,

14
src/detect-ftpbounce.c
Unescape Escape View File

@ -58,10 +58,6 @@ static void DetectFtpbounceRegisterTests(void);
#endif
static int g_ftp_request_list_id = 0;
static uint8_t InspectFtpRequest(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
/**
* \brief Registration function for ftpbounce: keyword
* \todo add support for no_stream and stream_only
@ -81,15 +77,7 @@ void DetectFtpbounceRegister(void)
g_ftp_request_list_id = DetectBufferTypeRegister("ftp_request");
DetectAppLayerInspectEngineRegister2(
"ftp_request", ALPROTO_FTP, SIG_FLAG_TOSERVER, 0, InspectFtpRequest, NULL);
}
static uint8_t InspectFtpRequest(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
"ftp_request", ALPROTO_FTP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL);
}
/**

15
src/detect-ftpdata.c
Unescape Escape View File

@ -49,9 +49,6 @@ static void DetectFtpdataFree (DetectEngineCtx *, void *);
#ifdef UNITTESTS
static void DetectFtpdataRegisterTests (void);
#endif
static uint8_t DetectEngineInspectFtpdataGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
static int g_ftpdata_buffer_id = 0;
/**
@ -77,24 +74,16 @@ void DetectFtpdataRegister(void) {
sigmatch_table[DETECT_FTPDATA].RegisterTests = DetectFtpdataRegisterTests;
#endif
DetectAppLayerInspectEngineRegister2("ftpdata_command", ALPROTO_FTPDATA, SIG_FLAG_TOSERVER, 0,
DetectEngineInspectFtpdataGeneric, NULL);
DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2("ftpdata_command", ALPROTO_FTPDATA, SIG_FLAG_TOCLIENT, 0,
DetectEngineInspectFtpdataGeneric, NULL);
DetectEngineInspectGenericList, NULL);
g_ftpdata_buffer_id = DetectBufferTypeGetByName("ftpdata_command");
/* set up the PCRE for keyword parsing */
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}
static uint8_t DetectEngineInspectFtpdataGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
}
/**
* \brief This function is used to check matches from the FTP App Layer Parser
*

11
src/detect-http2.c
Unescape Escape View File

@ -109,13 +109,6 @@ static int g_http2_match_buffer_id = 0;
static int g_http2_header_name_buffer_id = 0;
static int g_http2_header_buffer_id = 0;
static uint8_t DetectEngineInspectHTTP2(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
}
/**
* \brief Registration function for HTTP2 keywords
@ -237,9 +230,9 @@ void DetectHttp2Register(void)
g_http2_header_buffer_id = DetectBufferTypeGetByName("http2_header");
DetectAppLayerInspectEngineRegister2(
"http2", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, 0, DetectEngineInspectHTTP2, NULL);
"http2", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2(
"http2", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectHTTP2, NULL);
"http2", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL);
g_http2_match_buffer_id = DetectBufferTypeRegister("http2");
return;

14
src/detect-ike-chosen-sa.c
Unescape Escape View File

@ -56,10 +56,6 @@ static int DetectIkeChosenSaSetup(DetectEngineCtx *, Signature *s, const char *s
static void DetectIkeChosenSaFree(DetectEngineCtx *, void *);
static int g_ike_chosen_sa_buffer_id = 0;
static uint8_t DetectEngineInspectIkeChosenSaGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
static int DetectIkeChosenSaMatch(DetectEngineThreadCtx *, Flow *, uint8_t, void *, void *,
const Signature *, const SigMatchCtx *);
void IKEChosenSaRegisterTests(void);
@ -82,19 +78,11 @@ void DetectIkeChosenSaRegister(void)
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
DetectAppLayerInspectEngineRegister2("ike.chosen_sa_attribute", ALPROTO_IKE, SIG_FLAG_TOCLIENT,
1, DetectEngineInspectIkeChosenSaGeneric, NULL);
1, DetectEngineInspectGenericList, NULL);
g_ike_chosen_sa_buffer_id = DetectBufferTypeGetByName("ike.chosen_sa_attribute");
}
static uint8_t DetectEngineInspectIkeChosenSaGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
}
/**
* \internal
* \brief Function to match SA attributes of a IKE state

16
src/detect-ike-exch-type.c
Unescape Escape View File

@ -41,10 +41,6 @@ static int DetectIkeExchTypeSetup(DetectEngineCtx *, Signature *s, const char *s
static void DetectIkeExchTypeFree(DetectEngineCtx *, void *);
static int g_ike_exch_type_buffer_id = 0;
static uint8_t DetectEngineInspectIkeExchTypeGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
static int DetectIkeExchTypeMatch(DetectEngineThreadCtx *, Flow *, uint8_t, void *, void *,
const Signature *, const SigMatchCtx *);
@ -62,22 +58,14 @@ void DetectIkeExchTypeRegister(void)
sigmatch_table[DETECT_AL_IKE_EXCH_TYPE].Free = DetectIkeExchTypeFree;
DetectAppLayerInspectEngineRegister2("ike.exchtype", ALPROTO_IKE, SIG_FLAG_TOSERVER, 1,
DetectEngineInspectIkeExchTypeGeneric, NULL);
DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2("ike.exchtype", ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1,
DetectEngineInspectIkeExchTypeGeneric, NULL);
DetectEngineInspectGenericList, NULL);
g_ike_exch_type_buffer_id = DetectBufferTypeGetByName("ike.exchtype");
}
static uint8_t DetectEngineInspectIkeExchTypeGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
}
/**
* \internal
* \brief Function to match exchange type of a IKE state

16
src/detect-ike-key-exchange-payload-length.c
Unescape Escape View File

@ -40,10 +40,6 @@ static int DetectIkeKeyExchangePayloadLengthSetup(DetectEngineCtx *, Signature *
static void DetectIkeKeyExchangePayloadLengthFree(DetectEngineCtx *, void *);
static int g_ike_key_exch_payload_length_buffer_id = 0;
static uint8_t DetectEngineInspectIkeKeyExchangePayloadLengthGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
static int DetectIkeKeyExchangePayloadLengthMatch(DetectEngineThreadCtx *, Flow *, uint8_t, void *,
void *, const Signature *, const SigMatchCtx *);
@ -66,23 +62,15 @@ void DetectIkeKeyExchangePayloadLengthRegister(void)
DetectIkeKeyExchangePayloadLengthFree;
DetectAppLayerInspectEngineRegister2("ike.key_exchange_payload_length", ALPROTO_IKE,
SIG_FLAG_TOSERVER, 1, DetectEngineInspectIkeKeyExchangePayloadLengthGeneric, NULL);
SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2("ike.key_exchange_payload_length", ALPROTO_IKE,
SIG_FLAG_TOCLIENT, 1, DetectEngineInspectIkeKeyExchangePayloadLengthGeneric, NULL);
SIG_FLAG_TOCLIENT, 1, DetectEngineInspectGenericList, NULL);
g_ike_key_exch_payload_length_buffer_id =
DetectBufferTypeGetByName("ike.key_exchange_payload_length");
}
static uint8_t DetectEngineInspectIkeKeyExchangePayloadLengthGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
}
/**
* \internal
* \brief Function to match key exchange payload length of a IKE state

16
src/detect-ike-nonce-payload-length.c
Unescape Escape View File

@ -40,10 +40,6 @@ static int DetectIkeNoncePayloadLengthSetup(DetectEngineCtx *, Signature *s, con
static void DetectIkeNoncePayloadLengthFree(DetectEngineCtx *, void *);
static int g_ike_nonce_payload_length_buffer_id = 0;
static uint8_t DetectEngineInspectIkeNoncePayloadLengthGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
static int DetectIkeNoncePayloadLengthMatch(DetectEngineThreadCtx *, Flow *, uint8_t, void *,
void *, const Signature *, const SigMatchCtx *);
@ -62,22 +58,14 @@ void DetectIkeNoncePayloadLengthRegister(void)
sigmatch_table[DETECT_AL_IKE_NONCE_PAYLOAD_LENGTH].Free = DetectIkeNoncePayloadLengthFree;
DetectAppLayerInspectEngineRegister2("ike.nonce_payload_length", ALPROTO_IKE, SIG_FLAG_TOSERVER,
1, DetectEngineInspectIkeNoncePayloadLengthGeneric, NULL);
1, DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2("ike.nonce_payload_length", ALPROTO_IKE, SIG_FLAG_TOCLIENT,
1, DetectEngineInspectIkeNoncePayloadLengthGeneric, NULL);
1, DetectEngineInspectGenericList, NULL);
g_ike_nonce_payload_length_buffer_id = DetectBufferTypeGetByName("ike.nonce_payload_length");
}
static uint8_t DetectEngineInspectIkeNoncePayloadLengthGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
}
/**
* \internal
* \brief Function to match nonce length of a IKE state

16
src/detect-krb5-errcode.c
Unescape Escape View File

@ -49,10 +49,6 @@ static void DetectKrb5ErrCodeFree (DetectEngineCtx *, void *);
static void DetectKrb5ErrCodeRegisterTests (void);
#endif
static uint8_t DetectEngineInspectKRB5Generic(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
static int g_krb5_err_code_list_id = 0;
/**
@ -74,10 +70,10 @@ void DetectKrb5ErrCodeRegister(void)
#endif
DetectAppLayerInspectEngineRegister2("krb5_err_code", ALPROTO_KRB5, SIG_FLAG_TOSERVER, 0,
DetectEngineInspectKRB5Generic, NULL);
DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2("krb5_err_code", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0,
DetectEngineInspectKRB5Generic, NULL);
DetectEngineInspectGenericList, NULL);
/* set up the PCRE for keyword parsing */
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
@ -86,14 +82,6 @@ void DetectKrb5ErrCodeRegister(void)
SCLogDebug("g_krb5_err_code_list_id %d", g_krb5_err_code_list_id);
}
static uint8_t DetectEngineInspectKRB5Generic(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
}
/**
* \brief This function is used to match KRB5 rule option on a packet
*

16
src/detect-krb5-msgtype.c
Unescape Escape View File

@ -49,10 +49,6 @@ static void DetectKrb5MsgTypeFree (DetectEngineCtx *, void *);
static void DetectKrb5MsgTypeRegisterTests (void);
#endif
static uint8_t DetectEngineInspectKRB5Generic(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
static int g_krb5_msg_type_list_id = 0;
/**
@ -74,10 +70,10 @@ void DetectKrb5MsgTypeRegister(void)
#endif
DetectAppLayerInspectEngineRegister2("krb5_msg_type", ALPROTO_KRB5, SIG_FLAG_TOSERVER, 0,
DetectEngineInspectKRB5Generic, NULL);
DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2("krb5_msg_type", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0,
DetectEngineInspectKRB5Generic, NULL);
DetectEngineInspectGenericList, NULL);
/* set up the PCRE for keyword parsing */
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
@ -86,14 +82,6 @@ void DetectKrb5MsgTypeRegister(void)
SCLogDebug("g_krb5_msg_type_list_id %d", g_krb5_msg_type_list_id);
}
static uint8_t DetectEngineInspectKRB5Generic(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
}
/**
* \brief This function is used to match KRB5 rule option on a packet
*

20
src/detect-lua.c
Unescape Escape View File

@ -104,10 +104,6 @@ static void DetectLuaRegisterTests(void);
static void DetectLuaFree(DetectEngineCtx *, void *);
static int g_smtp_generic_list_id = 0;
static uint8_t InspectSmtpGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
/**
* \brief Registration function for keyword: lua
*/
@ -126,23 +122,15 @@ void DetectLuaRegister(void)
#endif
g_smtp_generic_list_id = DetectBufferTypeRegister("smtp_generic");
DetectAppLayerInspectEngineRegister2(
"smtp_generic", ALPROTO_SMTP, SIG_FLAG_TOSERVER, 0, InspectSmtpGeneric, NULL);
DetectAppLayerInspectEngineRegister2(
"smtp_generic", ALPROTO_SMTP, SIG_FLAG_TOCLIENT, 0, InspectSmtpGeneric, NULL);
DetectAppLayerInspectEngineRegister2("smtp_generic", ALPROTO_SMTP, SIG_FLAG_TOSERVER, 0,
DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2("smtp_generic", ALPROTO_SMTP, SIG_FLAG_TOCLIENT, 0,
DetectEngineInspectGenericList, NULL);
SCLogDebug("registering lua rule option");
return;
}
static uint8_t InspectSmtpGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
}
#define DATATYPE_PACKET BIT_U32(0)
#define DATATYPE_PAYLOAD BIT_U32(1)
#define DATATYPE_STREAM BIT_U32(2)

22
src/detect-modbus.c
Unescape Escape View File

@ -121,26 +121,6 @@ static int DetectModbusMatch(DetectEngineThreadCtx *det_ctx, Flow *f, uint8_t fl
return rs_modbus_inspect(txv, (void *)ctx);
}
/** \brief Do the content inspection & validation for a signature
*
* \param de_ctx Detection engine context
* \param det_ctx Detection engine thread context
* \param s Signature to inspect ( and sm: SigMatch to inspect)
* \param f Flow
* \param flags App layer flags
* \param alstate App layer state
* \param txv Pointer to Modbus Transaction structure
*
* \retval 0 no match or 1 match
*/
static uint8_t DetectEngineInspectModbus(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
}
/**
* \brief Registration function for Modbus keyword
*/
@ -155,7 +135,7 @@ void DetectModbusRegister(void)
sigmatch_table[DETECT_AL_MODBUS].AppLayerTxMatch = DetectModbusMatch;
DetectAppLayerInspectEngineRegister2(
"modbus", ALPROTO_MODBUS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectModbus, NULL);
"modbus", ALPROTO_MODBUS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL);
g_modbus_buffer_id = DetectBufferTypeGetByName("modbus");
}

14
src/detect-mqtt-connack-sessionpresent.c
Unescape Escape View File

@ -45,10 +45,6 @@ static int DetectMQTTConnackSessionPresentSetup (DetectEngineCtx *, Signature *,
void MQTTConnackSessionPresentRegisterTests(void);
void DetectMQTTConnackSessionPresentFree(DetectEngineCtx *de_ctx, void *);
static uint8_t DetectEngineInspectMQTTConnackSessionPresentGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
/**
* \brief Registration function for mqtt.connack.session_present: keyword
*/
@ -67,19 +63,11 @@ void DetectMQTTConnackSessionPresentRegister (void)
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
DetectAppLayerInspectEngineRegister2("mqtt.connack.session_present", ALPROTO_MQTT,
SIG_FLAG_TOSERVER, 1, DetectEngineInspectMQTTConnackSessionPresentGeneric, NULL);
SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL);
mqtt_connack_session_present_id = DetectBufferTypeGetByName("mqtt.connack.session_present");
}
static uint8_t DetectEngineInspectMQTTConnackSessionPresentGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
}
/**
* \internal
* \brief Function to match session_present flag of an MQTT CONNACK message

14
src/detect-mqtt-connect-flags.c
Unescape Escape View File

@ -45,10 +45,6 @@ static int DetectMQTTConnectFlagsSetup (DetectEngineCtx *, Signature *, const ch
void MQTTConnectFlagsRegisterTests(void);
void DetectMQTTConnectFlagsFree(DetectEngineCtx *de_ctx, void *);
static uint8_t DetectEngineInspectMQTTConnectFlagsGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
typedef struct DetectMQTTConnectFlagsData_ {
MQTTFlagState username,
password,
@ -75,19 +71,11 @@ void DetectMQTTConnectFlagsRegister (void)
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
DetectAppLayerInspectEngineRegister2("mqtt.connect.flags", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1,
DetectEngineInspectMQTTConnectFlagsGeneric, NULL);
DetectEngineInspectGenericList, NULL);
mqtt_connect_flags_id = DetectBufferTypeGetByName("mqtt.connect.flags");
}
static uint8_t DetectEngineInspectMQTTConnectFlagsGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
}
/**
* \internal
* \brief Function to match variable header flags of an MQTT CONNECT Tx

16
src/detect-mqtt-flags.c
Unescape Escape View File

@ -45,10 +45,6 @@ static int DetectMQTTFlagsSetup (DetectEngineCtx *, Signature *, const char *);
void MQTTFlagsRegisterTests(void);
void DetectMQTTFlagsFree(DetectEngineCtx *de_ctx, void *);
static uint8_t DetectEngineInspectMQTTFlagsGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
typedef struct DetectMQTTFlagsData_ {
MQTTFlagState retain, dup;
} DetectMQTTFlagsData;
@ -70,20 +66,12 @@ void DetectMQTTFlagsRegister (void)
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
DetectAppLayerInspectEngineRegister2("mqtt.flags", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1,
DetectEngineInspectMQTTFlagsGeneric, NULL);
DetectAppLayerInspectEngineRegister2(
"mqtt.flags", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL);
mqtt_flags_id = DetectBufferTypeGetByName("mqtt.flags");
}
static uint8_t DetectEngineInspectMQTTFlagsGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
}
/**
* \internal
* \brief Function to match fixed header flags of an MQTT Tx

14
src/detect-mqtt-protocol-version.c
Unescape Escape View File

@ -44,10 +44,6 @@ static int DetectMQTTProtocolVersionSetup (DetectEngineCtx *, Signature *, const
void MQTTProtocolVersionRegisterTests(void);
void DetectMQTTProtocolVersionFree(DetectEngineCtx *de_ctx, void *);
static uint8_t DetectEngineInspectMQTTProtocolVersionGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
/**
* \brief Registration function for mqtt.protocol_version: keyword
*/
@ -64,19 +60,11 @@ void DetectMQTTProtocolVersionRegister (void)
#endif
DetectAppLayerInspectEngineRegister2("mqtt.protocol_version", ALPROTO_MQTT, SIG_FLAG_TOSERVER,
1, DetectEngineInspectMQTTProtocolVersionGeneric, NULL);
1, DetectEngineInspectGenericList, NULL);
mqtt_protocol_version_id = DetectBufferTypeGetByName("mqtt.protocol_version");
}
static uint8_t DetectEngineInspectMQTTProtocolVersionGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
}
/**
* \internal
* \brief Function to match protocol version of an MQTT Tx

16
src/detect-mqtt-qos.c
Unescape Escape View File

@ -43,10 +43,6 @@ static int DetectMQTTQosSetup (DetectEngineCtx *, Signature *, const char *);
void MQTTQosRegisterTests(void);
void DetectMQTTQosFree(DetectEngineCtx *de_ctx, void *);
static uint8_t DetectEngineInspectMQTTQosGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
/**
* \brief Registration function for mqtt.qos: keyword
*/
@ -62,20 +58,12 @@ void DetectMQTTQosRegister (void)
sigmatch_table[DETECT_AL_MQTT_QOS].RegisterTests = MQTTQosRegisterTests;
#endif
DetectAppLayerInspectEngineRegister2("mqtt.qos", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1,
DetectEngineInspectMQTTQosGeneric, NULL);
DetectAppLayerInspectEngineRegister2(
"mqtt.qos", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL);
mqtt_qos_id = DetectBufferTypeGetByName("mqtt.qos");
}
static uint8_t DetectEngineInspectMQTTQosGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
}
/**
* \internal
* \brief Function to match fixed header QOS field of an MQTT Tx

14
src/detect-mqtt-reason-code.c
Unescape Escape View File

@ -46,10 +46,6 @@ static int DetectMQTTReasonCodeSetup (DetectEngineCtx *, Signature *, const char
void MQTTReasonCodeRegisterTests(void);
void DetectMQTTReasonCodeFree(DetectEngineCtx *de_ctx, void *);
static uint8_t DetectEngineInspectMQTTReasonCodeGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
/**
* \brief Registration function for mqtt.reason_code: keyword
*/
@ -69,19 +65,11 @@ void DetectMQTTReasonCodeRegister (void)
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
DetectAppLayerInspectEngineRegister2("mqtt.reason_code", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1,
DetectEngineInspectMQTTReasonCodeGeneric, NULL);
DetectEngineInspectGenericList, NULL);
mqtt_reason_code_id = DetectBufferTypeGetByName("mqtt.reason_code");
}
static uint8_t DetectEngineInspectMQTTReasonCodeGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
}
/**
* \internal
* \brief Function to match reason code of an MQTT 5.0 Tx

16
src/detect-mqtt-type.c
Unescape Escape View File

@ -42,10 +42,6 @@ static int DetectMQTTTypeSetup (DetectEngineCtx *, Signature *, const char *);
void MQTTTypeRegisterTests(void);
void DetectMQTTTypeFree(DetectEngineCtx *de_ctx, void *);
static uint8_t DetectEngineInspectMQTTTypeGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
/**
* \brief Registration function for ipopts: keyword
*/
@ -61,20 +57,12 @@ void DetectMQTTTypeRegister (void)
sigmatch_table[DETECT_AL_MQTT_TYPE].RegisterTests = MQTTTypeRegisterTests;
#endif
DetectAppLayerInspectEngineRegister2("mqtt.type", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1,
DetectEngineInspectMQTTTypeGeneric, NULL);
DetectAppLayerInspectEngineRegister2(
"mqtt.type", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL);
mqtt_type_id = DetectBufferTypeGetByName("mqtt.type");
}
static uint8_t DetectEngineInspectMQTTTypeGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
}
/**
* \internal
* \brief Function to match control packet type of an MQTT Tx

16
src/detect-nfs-procedure.c
Unescape Escape View File

@ -55,10 +55,6 @@ static void DetectNfsProcedureRegisterTests(void);
#endif
static int g_nfs_request_buffer_id = 0;
static uint8_t DetectEngineInspectNfsRequestGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
static int DetectNfsProcedureMatch (DetectEngineThreadCtx *, Flow *,
uint8_t, void *, void *, const Signature *,
const SigMatchCtx *);
@ -79,22 +75,14 @@ void DetectNfsProcedureRegister (void)
sigmatch_table[DETECT_AL_NFS_PROCEDURE].RegisterTests = DetectNfsProcedureRegisterTests;
#endif
DetectAppLayerInspectEngineRegister2("nfs_request", ALPROTO_NFS, SIG_FLAG_TOSERVER, 0,
DetectEngineInspectNfsRequestGeneric, NULL);
DetectAppLayerInspectEngineRegister2(
"nfs_request", ALPROTO_NFS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL);
g_nfs_request_buffer_id = DetectBufferTypeGetByName("nfs_request");
SCLogDebug("g_nfs_request_buffer_id %d", g_nfs_request_buffer_id);
}
static uint8_t DetectEngineInspectNfsRequestGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
}
/**
* \internal
* \brief Function to match procedure of a TX

16
src/detect-nfs-version.c
Unescape Escape View File

@ -53,10 +53,6 @@ static int DetectNfsVersionSetup (DetectEngineCtx *, Signature *s, const char *s
static void DetectNfsVersionFree(DetectEngineCtx *de_ctx, void *);
static int g_nfs_request_buffer_id = 0;
static uint8_t DetectEngineInspectNfsRequestGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
static int DetectNfsVersionMatch (DetectEngineThreadCtx *, Flow *,
uint8_t, void *, void *, const Signature *,
const SigMatchCtx *);
@ -74,22 +70,14 @@ void DetectNfsVersionRegister (void)
sigmatch_table[DETECT_AL_NFS_VERSION].Setup = DetectNfsVersionSetup;
sigmatch_table[DETECT_AL_NFS_VERSION].Free = DetectNfsVersionFree;
// unit tests were the same as DetectNfsProcedureRegisterTests
DetectAppLayerInspectEngineRegister2("nfs_request", ALPROTO_NFS, SIG_FLAG_TOSERVER, 0,
DetectEngineInspectNfsRequestGeneric, NULL);
DetectAppLayerInspectEngineRegister2(
"nfs_request", ALPROTO_NFS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL);
g_nfs_request_buffer_id = DetectBufferTypeGetByName("nfs_request");
SCLogDebug("g_nfs_request_buffer_id %d", g_nfs_request_buffer_id);
}
static uint8_t DetectEngineInspectNfsRequestGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
}
/**
* \internal
* \brief Function to match version of a TX

14
src/detect-rfb-secresult.c
Unescape Escape View File

@ -47,10 +47,6 @@ static void RfbSecresultRegisterTests(void);
#endif
void DetectRfbSecresultFree(DetectEngineCtx *, void *);
static uint8_t DetectEngineInspectRfbSecresultGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
typedef struct DetectRfbSecresultData_ {
uint32_t result; /** result code */
} DetectRfbSecresultData;
@ -72,19 +68,11 @@ void DetectRfbSecresultRegister (void)
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
DetectAppLayerInspectEngineRegister2("rfb.secresult", ALPROTO_RFB, SIG_FLAG_TOCLIENT, 1,
DetectEngineInspectRfbSecresultGeneric, NULL);
DetectEngineInspectGenericList, NULL);
rfb_secresult_id = DetectBufferTypeGetByName("rfb.secresult");
}
static uint8_t DetectEngineInspectRfbSecresultGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
}
enum {
RFB_SECRESULT_OK = 0,
RFB_SECRESULT_FAIL,

16
src/detect-rfb-sectype.c
Unescape Escape View File

@ -38,10 +38,6 @@ static int DetectRfbSectypeSetup (DetectEngineCtx *, Signature *s, const char *s
static void DetectRfbSectypeFree(DetectEngineCtx *, void *);
static int g_rfb_sectype_buffer_id = 0;
static uint8_t DetectEngineInspectRfbSectypeGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
static int DetectRfbSectypeMatch (DetectEngineThreadCtx *, Flow *,
uint8_t, void *, void *, const Signature *,
const SigMatchCtx *);
@ -58,20 +54,12 @@ void DetectRfbSectypeRegister (void)
sigmatch_table[DETECT_AL_RFB_SECTYPE].Setup = DetectRfbSectypeSetup;
sigmatch_table[DETECT_AL_RFB_SECTYPE].Free = DetectRfbSectypeFree;
DetectAppLayerInspectEngineRegister2("rfb.sectype", ALPROTO_RFB, SIG_FLAG_TOSERVER, 1,
DetectEngineInspectRfbSectypeGeneric, NULL);
DetectAppLayerInspectEngineRegister2(
"rfb.sectype", ALPROTO_RFB, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL);
g_rfb_sectype_buffer_id = DetectBufferTypeGetByName("rfb.sectype");
}
static uint8_t DetectEngineInspectRfbSectypeGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
}
/**
* \internal
* \brief Function to match security type of a RFB TX

16
src/detect-snmp-pdu_type.c
Unescape Escape View File

@ -49,10 +49,6 @@ static void DetectSNMPPduTypeRegisterTests(void);
#endif
static int g_snmp_pdu_type_buffer_id = 0;
static uint8_t DetectEngineInspectSNMPRequestGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
static int DetectSNMPPduTypeMatch (DetectEngineThreadCtx *, Flow *,
uint8_t, void *, void *, const Signature *,
const SigMatchCtx *);
@ -73,22 +69,14 @@ void DetectSNMPPduTypeRegister(void)
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
DetectAppLayerInspectEngineRegister2("snmp.pdu_type", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0,
DetectEngineInspectSNMPRequestGeneric, NULL);
DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2("snmp.pdu_type", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0,
DetectEngineInspectSNMPRequestGeneric, NULL);
DetectEngineInspectGenericList, NULL);
g_snmp_pdu_type_buffer_id = DetectBufferTypeGetByName("snmp.pdu_type");
}
static uint8_t DetectEngineInspectSNMPRequestGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
}
/**
* \internal
* \brief Function to match pdu_type of a TX

16
src/detect-snmp-version.c
Unescape Escape View File

@ -40,10 +40,6 @@ static void DetectSNMPVersionRegisterTests(void);
#endif
static int g_snmp_version_buffer_id = 0;
static uint8_t DetectEngineInspectSNMPRequestGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
static int DetectSNMPVersionMatch (DetectEngineThreadCtx *, Flow *,
uint8_t, void *, void *, const Signature *,
const SigMatchCtx *);
@ -65,22 +61,14 @@ void DetectSNMPVersionRegister (void)
#endif
DetectAppLayerInspectEngineRegister2("snmp.version", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0,
DetectEngineInspectSNMPRequestGeneric, NULL);
DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2("snmp.version", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0,
DetectEngineInspectSNMPRequestGeneric, NULL);
DetectEngineInspectGenericList, NULL);
g_snmp_version_buffer_id = DetectBufferTypeGetByName("snmp.version");
}
static uint8_t DetectEngineInspectSNMPRequestGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
}
/**
* \internal
* \brief Function to match version of a TX

11
src/detect-ssh-software-version.c
Unescape Escape View File

@ -77,13 +77,6 @@ static void DetectSshSoftwareVersionRegisterTests(void);
static void DetectSshSoftwareVersionFree(DetectEngineCtx *de_ctx, void *);
static int g_ssh_banner_list_id = 0;
static uint8_t InspectSshBanner(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
}
/**
* \brief Registration function for keyword: ssh.softwareversion
@ -107,9 +100,9 @@ void DetectSshSoftwareVersionRegister(void)
g_ssh_banner_list_id = DetectBufferTypeRegister("ssh_banner");
DetectAppLayerInspectEngineRegister2("ssh_banner", ALPROTO_SSH, SIG_FLAG_TOSERVER,
SshStateBannerDone, InspectSshBanner, NULL);
SshStateBannerDone, DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2("ssh_banner", ALPROTO_SSH, SIG_FLAG_TOCLIENT,
SshStateBannerDone, InspectSshBanner, NULL);
SshStateBannerDone, DetectEngineInspectGenericList, NULL);
}
/**

16
src/detect-ssl-state.c
Unescape Escape View File

@ -66,10 +66,6 @@ static void DetectSslStateRegisterTests(void);
#endif
static void DetectSslStateFree(DetectEngineCtx *, void *);
static uint8_t InspectTlsGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
static int g_tls_generic_list_id = 0;
/**
@ -95,17 +91,9 @@ void DetectSslStateRegister(void)
"generic ssl/tls inspection");
DetectAppLayerInspectEngineRegister2(
"tls_generic", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, InspectTlsGeneric, NULL);
"tls_generic", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2(
"tls_generic", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, InspectTlsGeneric, NULL);
}
static uint8_t InspectTlsGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
"tls_generic", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL);
}
/**

14
src/detect-tls-cert-validity.c
Unescape Escape View File

@ -75,10 +75,6 @@ static void TlsValidRegisterTests(void);
static void DetectTlsValidityFree(DetectEngineCtx *, void *);
static int g_tls_validity_buffer_id = 0;
static uint8_t DetectEngineInspectTlsValidity(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
/**
* \brief Registration function for tls validity keywords.
*/
@ -129,19 +125,11 @@ void DetectTlsValidityRegister (void)
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
DetectAppLayerInspectEngineRegister2("tls_validity", ALPROTO_TLS, SIG_FLAG_TOCLIENT,
TLS_STATE_CERT_READY, DetectEngineInspectTlsValidity, NULL);
TLS_STATE_CERT_READY, DetectEngineInspectGenericList, NULL);
g_tls_validity_buffer_id = DetectBufferTypeGetByName("tls_validity");
}
static uint8_t DetectEngineInspectTlsValidity(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
}
/**
* \internal
* \brief Function to match validity field in a tls certificate.

11
src/detect-tls.c
Unescape Escape View File

@ -96,13 +96,6 @@ static int DetectTlsStorePostMatch (DetectEngineThreadCtx *det_ctx,
static int g_tls_cert_list_id = 0;
static uint8_t InspectTlsCert(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(
de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id);
}
/**
* \brief Registration function for keyword: tls.version
@ -150,8 +143,8 @@ void DetectTlsRegister (void)
g_tls_cert_list_id = DetectBufferTypeRegister("tls_cert");
DetectAppLayerInspectEngineRegister2(
"tls_cert", ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, InspectTlsCert, NULL);
DetectAppLayerInspectEngineRegister2("tls_cert", ALPROTO_TLS, SIG_FLAG_TOCLIENT,
TLS_STATE_CERT_READY, DetectEngineInspectGenericList, NULL);
}
/**

Write Preview
Loading…
Cancel
Save