aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect: remove unused match_flags from inspect engines

Browse Source
pull/1538/head
Victor Julien 11 years ago
parent 9fa2f85cc7
commit 8949054212
3 changed files with 4 additions and 63 deletions
Show Stats Download Patch File Download Diff File

61
src/detect-engine.c
Unescape Escape View File

@ -146,7 +146,6 @@ void DetectEngineRegisterAppInspectionEngines(void)
AppProto alproto;
int32_t sm_list;
uint32_t inspect_flags;
uint32_t match_flags;
uint16_t dir;
int (*Callback)(ThreadVars *tv,
DetectEngineCtx *de_ctx,
@ -162,84 +161,72 @@ void DetectEngineRegisterAppInspectionEngines(void)
ALPROTO_HTTP,
DETECT_SM_LIST_UMATCH,
DE_STATE_FLAG_URI_INSPECT,
DE_STATE_FLAG_URI_INSPECT,
0,
DetectEngineInspectPacketUris },
{ IPPROTO_TCP,
ALPROTO_HTTP,
DETECT_SM_LIST_HRLMATCH,
DE_STATE_FLAG_HRL_INSPECT,
DE_STATE_FLAG_HRL_INSPECT,
0,
DetectEngineInspectHttpRequestLine },
{ IPPROTO_TCP,
ALPROTO_HTTP,
DETECT_SM_LIST_HCBDMATCH,
DE_STATE_FLAG_HCBD_INSPECT,
DE_STATE_FLAG_HCBD_INSPECT,
0,
DetectEngineInspectHttpClientBody },
{ IPPROTO_TCP,
ALPROTO_HTTP,
DETECT_SM_LIST_HHDMATCH,
DE_STATE_FLAG_HHD_INSPECT,
DE_STATE_FLAG_HHD_INSPECT,
0,
DetectEngineInspectHttpHeader },
{ IPPROTO_TCP,
ALPROTO_HTTP,
DETECT_SM_LIST_HRHDMATCH,
DE_STATE_FLAG_HRHD_INSPECT,
DE_STATE_FLAG_HRHD_INSPECT,
0,
DetectEngineInspectHttpRawHeader },
{ IPPROTO_TCP,
ALPROTO_HTTP,
DETECT_SM_LIST_HMDMATCH,
DE_STATE_FLAG_HMD_INSPECT,
DE_STATE_FLAG_HMD_INSPECT,
0,
DetectEngineInspectHttpMethod },
{ IPPROTO_TCP,
ALPROTO_HTTP,
DETECT_SM_LIST_HCDMATCH,
DE_STATE_FLAG_HCD_INSPECT,
DE_STATE_FLAG_HCD_INSPECT,
0,
DetectEngineInspectHttpCookie },
{ IPPROTO_TCP,
ALPROTO_HTTP,
DETECT_SM_LIST_HRUDMATCH,
DE_STATE_FLAG_HRUD_INSPECT,
DE_STATE_FLAG_HRUD_INSPECT,
0,
DetectEngineInspectHttpRawUri },
{ IPPROTO_TCP,
ALPROTO_HTTP,
DETECT_SM_LIST_FILEMATCH,
DE_STATE_FLAG_FILE_TS_INSPECT,
DE_STATE_FLAG_FILE_TS_INSPECT,
0,
DetectFileInspectHttp },
{ IPPROTO_TCP,
ALPROTO_HTTP,
DETECT_SM_LIST_HUADMATCH,
DE_STATE_FLAG_HUAD_INSPECT,
DE_STATE_FLAG_HUAD_INSPECT,
0,
DetectEngineInspectHttpUA },
{ IPPROTO_TCP,
ALPROTO_HTTP,
DETECT_SM_LIST_HHHDMATCH,
DE_STATE_FLAG_HHHD_INSPECT,
DE_STATE_FLAG_HHHD_INSPECT,
0,
DetectEngineInspectHttpHH },
{ IPPROTO_TCP,
ALPROTO_HTTP,
DETECT_SM_LIST_HRHHDMATCH,
DE_STATE_FLAG_HRHHD_INSPECT,
DE_STATE_FLAG_HRHHD_INSPECT,
0,
DetectEngineInspectHttpHRH },
/* DNS */
@ -247,7 +234,6 @@ void DetectEngineRegisterAppInspectionEngines(void)
ALPROTO_DNS,
DETECT_SM_LIST_DNSQUERY_MATCH,
DE_STATE_FLAG_DNSQUERY_INSPECT,
DE_STATE_FLAG_DNSQUERY_INSPECT,
0,
DetectEngineInspectDnsQueryName },
/* specifically for UDP, register again
@ -257,14 +243,12 @@ void DetectEngineRegisterAppInspectionEngines(void)
ALPROTO_DNS,
DETECT_SM_LIST_DNSQUERY_MATCH,
DE_STATE_FLAG_DNSQUERY_INSPECT,
DE_STATE_FLAG_DNSQUERY_INSPECT,
0,
DetectEngineInspectDnsQueryName },
{ IPPROTO_TCP,
ALPROTO_SMTP,
DETECT_SM_LIST_FILEMATCH,
DE_STATE_FLAG_FILE_TS_INSPECT,
DE_STATE_FLAG_FILE_TS_INSPECT,
0,
DetectFileInspectSmtp },
/* Modbus */
@ -272,7 +256,6 @@ void DetectEngineRegisterAppInspectionEngines(void)
ALPROTO_MODBUS,
DETECT_SM_LIST_MODBUS_MATCH,
DE_STATE_FLAG_MODBUS_INSPECT,
DE_STATE_FLAG_MODBUS_INSPECT,
0,
DetectEngineInspectModbus },
/* file_data smtp */
@ -280,7 +263,6 @@ void DetectEngineRegisterAppInspectionEngines(void)
ALPROTO_SMTP,
DETECT_SM_LIST_FILEDATA,
DE_STATE_FLAG_FD_SMTP_INSPECT,
DE_STATE_FLAG_FD_SMTP_INSPECT,
0,
DetectEngineInspectSMTPFiledata },
};
@ -290,49 +272,42 @@ void DetectEngineRegisterAppInspectionEngines(void)
ALPROTO_HTTP,
DETECT_SM_LIST_FILEDATA,
DE_STATE_FLAG_HSBD_INSPECT,
DE_STATE_FLAG_HSBD_INSPECT,
1,
DetectEngineInspectHttpServerBody },
{ IPPROTO_TCP,
ALPROTO_HTTP,
DETECT_SM_LIST_HHDMATCH,
DE_STATE_FLAG_HHD_INSPECT,
DE_STATE_FLAG_HHD_INSPECT,
1,
DetectEngineInspectHttpHeader },
{ IPPROTO_TCP,
ALPROTO_HTTP,
DETECT_SM_LIST_HRHDMATCH,
DE_STATE_FLAG_HRHD_INSPECT,
DE_STATE_FLAG_HRHD_INSPECT,
1,
DetectEngineInspectHttpRawHeader },
{ IPPROTO_TCP,
ALPROTO_HTTP,
DETECT_SM_LIST_HCDMATCH,
DE_STATE_FLAG_HCD_INSPECT,
DE_STATE_FLAG_HCD_INSPECT,
1,
DetectEngineInspectHttpCookie },
{ IPPROTO_TCP,
ALPROTO_HTTP,
DETECT_SM_LIST_FILEMATCH,
DE_STATE_FLAG_FILE_TC_INSPECT,
DE_STATE_FLAG_FILE_TC_INSPECT,
1,
DetectFileInspectHttp },
{ IPPROTO_TCP,
ALPROTO_HTTP,
DETECT_SM_LIST_HSMDMATCH,
DE_STATE_FLAG_HSMD_INSPECT,
DE_STATE_FLAG_HSMD_INSPECT,
1,
DetectEngineInspectHttpStatMsg },
{ IPPROTO_TCP,
ALPROTO_HTTP,
DETECT_SM_LIST_HSCDMATCH,
DE_STATE_FLAG_HSCD_INSPECT,
DE_STATE_FLAG_HSCD_INSPECT,
1,
DetectEngineInspectHttpStatCode },
/* Modbus */
@ -340,7 +315,6 @@ void DetectEngineRegisterAppInspectionEngines(void)
ALPROTO_MODBUS,
DETECT_SM_LIST_MODBUS_MATCH,
DE_STATE_FLAG_MODBUS_INSPECT,
DE_STATE_FLAG_MODBUS_INSPECT,
0,
DetectEngineInspectModbus }
};
@ -352,7 +326,6 @@ void DetectEngineRegisterAppInspectionEngines(void)
data_toserver[i].dir,
data_toserver[i].sm_list,
data_toserver[i].inspect_flags,
data_toserver[i].match_flags,
data_toserver[i].Callback,
app_inspection_engine);
}
@ -363,7 +336,6 @@ void DetectEngineRegisterAppInspectionEngines(void)
data_toclient[i].dir,
data_toclient[i].sm_list,
data_toclient[i].inspect_flags,
data_toclient[i].match_flags,
data_toclient[i].Callback,
app_inspection_engine);
}
@ -384,14 +356,13 @@ static void AppendAppInspectionEngine(DetectEngineAppInspectionEngine *engine,
while (tmp != NULL) {
if (tmp->dir == engine->dir &&
(tmp->sm_list == engine->sm_list ||
tmp->inspect_flags == engine->inspect_flags ||
tmp->match_flags == engine->match_flags)) {
tmp->inspect_flags == engine->inspect_flags
)) {
SCLogError(SC_ERR_DETECT_PREPARE, "App Inspection Engine already "
"registered for this direction(%"PRIu16") ||"
"sm_list(%d) || "
"[match(%"PRIu32")|inspect(%"PRIu32")]_flags",
tmp->dir, tmp->sm_list, tmp->inspect_flags,
tmp->match_flags);
"[inspect(%"PRIu32")]_flags",
tmp->dir, tmp->sm_list, tmp->inspect_flags);
exit(EXIT_FAILURE);
}
insert = tmp;
@ -410,7 +381,6 @@ void DetectEngineRegisterAppInspectionEngine(uint8_t ipproto,
uint16_t dir,
int32_t sm_list,
uint32_t inspect_flags,
uint32_t match_flags,
int (*Callback)(ThreadVars *tv,
DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx,
@ -447,7 +417,6 @@ void DetectEngineRegisterAppInspectionEngine(uint8_t ipproto,
new_engine->dir = dir;
new_engine->sm_list = sm_list;
new_engine->inspect_flags = inspect_flags;
new_engine->match_flags = match_flags;
new_engine->Callback = Callback;
AppendAppInspectionEngine(new_engine, list);
@ -2120,7 +2089,6 @@ int DetectEngineTest05(void)
0 /* STREAM_TOSERVER */,
DETECT_SM_LIST_UMATCH,
DE_STATE_FLAG_URI_INSPECT,
DE_STATE_FLAG_URI_INSPECT,
DummyTestAppInspectionEngine01,
engine_list);
@ -2141,7 +2109,6 @@ int DetectEngineTest05(void)
engine->dir != dir ||
engine->sm_list != DETECT_SM_LIST_UMATCH ||
engine->inspect_flags != DE_STATE_FLAG_URI_INSPECT ||
engine->match_flags != DE_STATE_FLAG_URI_INSPECT ||
engine->Callback != DummyTestAppInspectionEngine01) {
printf("failed for http and dir(0-toserver)\n");
goto end;
@ -2183,7 +2150,6 @@ int DetectEngineTest06(void)
0 /* STREAM_TOSERVER */,
DETECT_SM_LIST_UMATCH,
DE_STATE_FLAG_URI_INSPECT,
DE_STATE_FLAG_URI_INSPECT,
DummyTestAppInspectionEngine01,
engine_list);
DetectEngineRegisterAppInspectionEngine(IPPROTO_TCP,
@ -2191,7 +2157,6 @@ int DetectEngineTest06(void)
1 /* STREAM_TOCLIENT */,
DETECT_SM_LIST_UMATCH,
DE_STATE_FLAG_URI_INSPECT,
DE_STATE_FLAG_URI_INSPECT,
DummyTestAppInspectionEngine02,
engine_list);
@ -2212,7 +2177,6 @@ int DetectEngineTest06(void)
engine->dir != dir ||
engine->sm_list != DETECT_SM_LIST_UMATCH ||
engine->inspect_flags != DE_STATE_FLAG_URI_INSPECT ||
engine->match_flags != DE_STATE_FLAG_URI_INSPECT ||
engine->Callback != DummyTestAppInspectionEngine01) {
printf("failed for http and dir(0-toserver)\n");
goto end;
@ -2231,7 +2195,6 @@ int DetectEngineTest06(void)
engine->dir != dir ||
engine->sm_list != DETECT_SM_LIST_UMATCH ||
engine->inspect_flags != DE_STATE_FLAG_URI_INSPECT ||
engine->match_flags != DE_STATE_FLAG_URI_INSPECT ||
engine->Callback != DummyTestAppInspectionEngine02) {
printf("failed for http and dir(0-toclient)\n");
goto end;
@ -2264,7 +2227,6 @@ int DetectEngineTest07(void)
struct test_data_t {
int32_t sm_list;
uint32_t inspect_flags;
uint32_t match_flags;
uint16_t dir;
int (*Callback)(ThreadVars *tv,
DetectEngineCtx *de_ctx,
@ -2277,67 +2239,54 @@ int DetectEngineTest07(void)
struct test_data_t data[] = {
{ DETECT_SM_LIST_UMATCH,
DE_STATE_FLAG_URI_INSPECT,
DE_STATE_FLAG_URI_INSPECT,
0,
DummyTestAppInspectionEngine01 },
{ DETECT_SM_LIST_HCBDMATCH,
DE_STATE_FLAG_HCBD_INSPECT,
DE_STATE_FLAG_HCBD_INSPECT,
0,
DummyTestAppInspectionEngine02 },
{ DETECT_SM_LIST_FILEDATA,
DE_STATE_FLAG_HSBD_INSPECT,
DE_STATE_FLAG_HSBD_INSPECT,
1,
DummyTestAppInspectionEngine02 },
{ DETECT_SM_LIST_HHDMATCH,
DE_STATE_FLAG_HHD_INSPECT,
DE_STATE_FLAG_HHD_INSPECT,
0,
DummyTestAppInspectionEngine01 },
{ DETECT_SM_LIST_HRHDMATCH,
DE_STATE_FLAG_HRHD_INSPECT,
DE_STATE_FLAG_HRHD_INSPECT,
0,
DummyTestAppInspectionEngine01 },
{ DETECT_SM_LIST_HMDMATCH,
DE_STATE_FLAG_HMD_INSPECT,
DE_STATE_FLAG_HMD_INSPECT,
0,
DummyTestAppInspectionEngine02 },
{ DETECT_SM_LIST_HCDMATCH,
DE_STATE_FLAG_HCD_INSPECT,
DE_STATE_FLAG_HCD_INSPECT,
0,
DummyTestAppInspectionEngine01 },
{ DETECT_SM_LIST_HRUDMATCH,
DE_STATE_FLAG_HRUD_INSPECT,
DE_STATE_FLAG_HRUD_INSPECT,
0,
DummyTestAppInspectionEngine01 },
{ DETECT_SM_LIST_FILEMATCH,
DE_STATE_FLAG_FILE_TS_INSPECT,
DE_STATE_FLAG_FILE_TS_INSPECT,
0,
DummyTestAppInspectionEngine02 },
{ DETECT_SM_LIST_FILEMATCH,
DE_STATE_FLAG_FILE_TC_INSPECT,
DE_STATE_FLAG_FILE_TC_INSPECT,
1,
DummyTestAppInspectionEngine02 },
{ DETECT_SM_LIST_HSMDMATCH,
DE_STATE_FLAG_HSMD_INSPECT,
DE_STATE_FLAG_HSMD_INSPECT,
0,
DummyTestAppInspectionEngine01 },
{ DETECT_SM_LIST_HSCDMATCH,
DE_STATE_FLAG_HSCD_INSPECT,
DE_STATE_FLAG_HSCD_INSPECT,
0,
DummyTestAppInspectionEngine01 },
{ DETECT_SM_LIST_HUADMATCH,
DE_STATE_FLAG_HUAD_INSPECT,
DE_STATE_FLAG_HUAD_INSPECT,
0,
DummyTestAppInspectionEngine02 },
@ -2350,7 +2299,6 @@ int DetectEngineTest07(void)
data[i].dir /* STREAM_TOCLIENT */,
data[i].sm_list,
data[i].inspect_flags,
data[i].match_flags,
data[i].Callback,
engine_list);
}
@ -2376,7 +2324,6 @@ int DetectEngineTest07(void)
engine->dir != data[i].dir ||
engine->sm_list != data[i].sm_list ||
engine->inspect_flags != data[i].inspect_flags ||
engine->match_flags != data[i].match_flags ||
engine->Callback != data[i].Callback) {
printf("failed for http\n");
goto end;

2
src/detect-engine.h
Unescape Escape View File

@ -35,7 +35,6 @@ typedef struct DetectEngineAppInspectionEngine_ {
int32_t sm_list;
uint32_t inspect_flags;
uint32_t match_flags;
/* \retval 0 No match. Don't discontinue matching yet. We need more data.
* 1 Match.
@ -101,7 +100,6 @@ void DetectEngineRegisterAppInspectionEngine(uint8_t ipproto,
uint16_t direction,
int32_t sm_list,
uint32_t inspect_flags,
uint32_t match_flags,
int (*Callback)(ThreadVars *tv,
DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx,

4
src/detect-parse.c
Unescape Escape View File

@ -1504,7 +1504,6 @@ static Signature *SigInitHelper(DetectEngineCtx *de_ctx, char *sigstr,
0,
DETECT_SM_LIST_APP_EVENT,
DE_STATE_FLAG_APP_EVENT_INSPECT,
DE_STATE_FLAG_APP_EVENT_INSPECT,
DetectEngineAptEventInspect,
app_inspection_engine);
}
@ -1514,7 +1513,6 @@ static Signature *SigInitHelper(DetectEngineCtx *de_ctx, char *sigstr,
1,
DETECT_SM_LIST_APP_EVENT,
DE_STATE_FLAG_APP_EVENT_INSPECT,
DE_STATE_FLAG_APP_EVENT_INSPECT,
DetectEngineAptEventInspect,
app_inspection_engine);
}
@ -1526,7 +1524,6 @@ static Signature *SigInitHelper(DetectEngineCtx *de_ctx, char *sigstr,
0,
DETECT_SM_LIST_APP_EVENT,
DE_STATE_FLAG_APP_EVENT_INSPECT,
DE_STATE_FLAG_APP_EVENT_INSPECT,
DetectEngineAptEventInspect,
app_inspection_engine);
}
@ -1536,7 +1533,6 @@ static Signature *SigInitHelper(DetectEngineCtx *de_ctx, char *sigstr,
1,
DETECT_SM_LIST_APP_EVENT,
DE_STATE_FLAG_APP_EVENT_INSPECT,
DE_STATE_FLAG_APP_EVENT_INSPECT,
DetectEngineAptEventInspect,
app_inspection_engine);
}

Write Preview
Loading…
Cancel
Save