diff --git a/src/detect-engine.c b/src/detect-engine.c index 6c27b76da0..74bcb2a329 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -146,7 +146,6 @@ void DetectEngineRegisterAppInspectionEngines(void) AppProto alproto; int32_t sm_list; uint32_t inspect_flags; - uint32_t match_flags; uint16_t dir; int (*Callback)(ThreadVars *tv, DetectEngineCtx *de_ctx, @@ -162,84 +161,72 @@ void DetectEngineRegisterAppInspectionEngines(void) ALPROTO_HTTP, DETECT_SM_LIST_UMATCH, DE_STATE_FLAG_URI_INSPECT, - DE_STATE_FLAG_URI_INSPECT, 0, DetectEngineInspectPacketUris }, { IPPROTO_TCP, ALPROTO_HTTP, DETECT_SM_LIST_HRLMATCH, DE_STATE_FLAG_HRL_INSPECT, - DE_STATE_FLAG_HRL_INSPECT, 0, DetectEngineInspectHttpRequestLine }, { IPPROTO_TCP, ALPROTO_HTTP, DETECT_SM_LIST_HCBDMATCH, DE_STATE_FLAG_HCBD_INSPECT, - DE_STATE_FLAG_HCBD_INSPECT, 0, DetectEngineInspectHttpClientBody }, { IPPROTO_TCP, ALPROTO_HTTP, DETECT_SM_LIST_HHDMATCH, DE_STATE_FLAG_HHD_INSPECT, - DE_STATE_FLAG_HHD_INSPECT, 0, DetectEngineInspectHttpHeader }, { IPPROTO_TCP, ALPROTO_HTTP, DETECT_SM_LIST_HRHDMATCH, DE_STATE_FLAG_HRHD_INSPECT, - DE_STATE_FLAG_HRHD_INSPECT, 0, DetectEngineInspectHttpRawHeader }, { IPPROTO_TCP, ALPROTO_HTTP, DETECT_SM_LIST_HMDMATCH, DE_STATE_FLAG_HMD_INSPECT, - DE_STATE_FLAG_HMD_INSPECT, 0, DetectEngineInspectHttpMethod }, { IPPROTO_TCP, ALPROTO_HTTP, DETECT_SM_LIST_HCDMATCH, DE_STATE_FLAG_HCD_INSPECT, - DE_STATE_FLAG_HCD_INSPECT, 0, DetectEngineInspectHttpCookie }, { IPPROTO_TCP, ALPROTO_HTTP, DETECT_SM_LIST_HRUDMATCH, DE_STATE_FLAG_HRUD_INSPECT, - DE_STATE_FLAG_HRUD_INSPECT, 0, DetectEngineInspectHttpRawUri }, { IPPROTO_TCP, ALPROTO_HTTP, DETECT_SM_LIST_FILEMATCH, DE_STATE_FLAG_FILE_TS_INSPECT, - DE_STATE_FLAG_FILE_TS_INSPECT, 0, DetectFileInspectHttp }, { IPPROTO_TCP, ALPROTO_HTTP, DETECT_SM_LIST_HUADMATCH, DE_STATE_FLAG_HUAD_INSPECT, - DE_STATE_FLAG_HUAD_INSPECT, 0, DetectEngineInspectHttpUA }, { IPPROTO_TCP, ALPROTO_HTTP, DETECT_SM_LIST_HHHDMATCH, DE_STATE_FLAG_HHHD_INSPECT, - DE_STATE_FLAG_HHHD_INSPECT, 0, DetectEngineInspectHttpHH }, { IPPROTO_TCP, ALPROTO_HTTP, DETECT_SM_LIST_HRHHDMATCH, DE_STATE_FLAG_HRHHD_INSPECT, - DE_STATE_FLAG_HRHHD_INSPECT, 0, DetectEngineInspectHttpHRH }, /* DNS */ @@ -247,7 +234,6 @@ void DetectEngineRegisterAppInspectionEngines(void) ALPROTO_DNS, DETECT_SM_LIST_DNSQUERY_MATCH, DE_STATE_FLAG_DNSQUERY_INSPECT, - DE_STATE_FLAG_DNSQUERY_INSPECT, 0, DetectEngineInspectDnsQueryName }, /* specifically for UDP, register again @@ -257,14 +243,12 @@ void DetectEngineRegisterAppInspectionEngines(void) ALPROTO_DNS, DETECT_SM_LIST_DNSQUERY_MATCH, DE_STATE_FLAG_DNSQUERY_INSPECT, - DE_STATE_FLAG_DNSQUERY_INSPECT, 0, DetectEngineInspectDnsQueryName }, { IPPROTO_TCP, ALPROTO_SMTP, DETECT_SM_LIST_FILEMATCH, DE_STATE_FLAG_FILE_TS_INSPECT, - DE_STATE_FLAG_FILE_TS_INSPECT, 0, DetectFileInspectSmtp }, /* Modbus */ @@ -272,7 +256,6 @@ void DetectEngineRegisterAppInspectionEngines(void) ALPROTO_MODBUS, DETECT_SM_LIST_MODBUS_MATCH, DE_STATE_FLAG_MODBUS_INSPECT, - DE_STATE_FLAG_MODBUS_INSPECT, 0, DetectEngineInspectModbus }, /* file_data smtp */ @@ -280,7 +263,6 @@ void DetectEngineRegisterAppInspectionEngines(void) ALPROTO_SMTP, DETECT_SM_LIST_FILEDATA, DE_STATE_FLAG_FD_SMTP_INSPECT, - DE_STATE_FLAG_FD_SMTP_INSPECT, 0, DetectEngineInspectSMTPFiledata }, }; @@ -290,49 +272,42 @@ void DetectEngineRegisterAppInspectionEngines(void) ALPROTO_HTTP, DETECT_SM_LIST_FILEDATA, DE_STATE_FLAG_HSBD_INSPECT, - DE_STATE_FLAG_HSBD_INSPECT, 1, DetectEngineInspectHttpServerBody }, { IPPROTO_TCP, ALPROTO_HTTP, DETECT_SM_LIST_HHDMATCH, DE_STATE_FLAG_HHD_INSPECT, - DE_STATE_FLAG_HHD_INSPECT, 1, DetectEngineInspectHttpHeader }, { IPPROTO_TCP, ALPROTO_HTTP, DETECT_SM_LIST_HRHDMATCH, DE_STATE_FLAG_HRHD_INSPECT, - DE_STATE_FLAG_HRHD_INSPECT, 1, DetectEngineInspectHttpRawHeader }, { IPPROTO_TCP, ALPROTO_HTTP, DETECT_SM_LIST_HCDMATCH, DE_STATE_FLAG_HCD_INSPECT, - DE_STATE_FLAG_HCD_INSPECT, 1, DetectEngineInspectHttpCookie }, { IPPROTO_TCP, ALPROTO_HTTP, DETECT_SM_LIST_FILEMATCH, DE_STATE_FLAG_FILE_TC_INSPECT, - DE_STATE_FLAG_FILE_TC_INSPECT, 1, DetectFileInspectHttp }, { IPPROTO_TCP, ALPROTO_HTTP, DETECT_SM_LIST_HSMDMATCH, DE_STATE_FLAG_HSMD_INSPECT, - DE_STATE_FLAG_HSMD_INSPECT, 1, DetectEngineInspectHttpStatMsg }, { IPPROTO_TCP, ALPROTO_HTTP, DETECT_SM_LIST_HSCDMATCH, DE_STATE_FLAG_HSCD_INSPECT, - DE_STATE_FLAG_HSCD_INSPECT, 1, DetectEngineInspectHttpStatCode }, /* Modbus */ @@ -340,7 +315,6 @@ void DetectEngineRegisterAppInspectionEngines(void) ALPROTO_MODBUS, DETECT_SM_LIST_MODBUS_MATCH, DE_STATE_FLAG_MODBUS_INSPECT, - DE_STATE_FLAG_MODBUS_INSPECT, 0, DetectEngineInspectModbus } }; @@ -352,7 +326,6 @@ void DetectEngineRegisterAppInspectionEngines(void) data_toserver[i].dir, data_toserver[i].sm_list, data_toserver[i].inspect_flags, - data_toserver[i].match_flags, data_toserver[i].Callback, app_inspection_engine); } @@ -363,7 +336,6 @@ void DetectEngineRegisterAppInspectionEngines(void) data_toclient[i].dir, data_toclient[i].sm_list, data_toclient[i].inspect_flags, - data_toclient[i].match_flags, data_toclient[i].Callback, app_inspection_engine); } @@ -384,14 +356,13 @@ static void AppendAppInspectionEngine(DetectEngineAppInspectionEngine *engine, while (tmp != NULL) { if (tmp->dir == engine->dir && (tmp->sm_list == engine->sm_list || - tmp->inspect_flags == engine->inspect_flags || - tmp->match_flags == engine->match_flags)) { + tmp->inspect_flags == engine->inspect_flags + )) { SCLogError(SC_ERR_DETECT_PREPARE, "App Inspection Engine already " "registered for this direction(%"PRIu16") ||" "sm_list(%d) || " - "[match(%"PRIu32")|inspect(%"PRIu32")]_flags", - tmp->dir, tmp->sm_list, tmp->inspect_flags, - tmp->match_flags); + "[inspect(%"PRIu32")]_flags", + tmp->dir, tmp->sm_list, tmp->inspect_flags); exit(EXIT_FAILURE); } insert = tmp; @@ -410,7 +381,6 @@ void DetectEngineRegisterAppInspectionEngine(uint8_t ipproto, uint16_t dir, int32_t sm_list, uint32_t inspect_flags, - uint32_t match_flags, int (*Callback)(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, @@ -447,7 +417,6 @@ void DetectEngineRegisterAppInspectionEngine(uint8_t ipproto, new_engine->dir = dir; new_engine->sm_list = sm_list; new_engine->inspect_flags = inspect_flags; - new_engine->match_flags = match_flags; new_engine->Callback = Callback; AppendAppInspectionEngine(new_engine, list); @@ -2120,7 +2089,6 @@ int DetectEngineTest05(void) 0 /* STREAM_TOSERVER */, DETECT_SM_LIST_UMATCH, DE_STATE_FLAG_URI_INSPECT, - DE_STATE_FLAG_URI_INSPECT, DummyTestAppInspectionEngine01, engine_list); @@ -2141,7 +2109,6 @@ int DetectEngineTest05(void) engine->dir != dir || engine->sm_list != DETECT_SM_LIST_UMATCH || engine->inspect_flags != DE_STATE_FLAG_URI_INSPECT || - engine->match_flags != DE_STATE_FLAG_URI_INSPECT || engine->Callback != DummyTestAppInspectionEngine01) { printf("failed for http and dir(0-toserver)\n"); goto end; @@ -2183,7 +2150,6 @@ int DetectEngineTest06(void) 0 /* STREAM_TOSERVER */, DETECT_SM_LIST_UMATCH, DE_STATE_FLAG_URI_INSPECT, - DE_STATE_FLAG_URI_INSPECT, DummyTestAppInspectionEngine01, engine_list); DetectEngineRegisterAppInspectionEngine(IPPROTO_TCP, @@ -2191,7 +2157,6 @@ int DetectEngineTest06(void) 1 /* STREAM_TOCLIENT */, DETECT_SM_LIST_UMATCH, DE_STATE_FLAG_URI_INSPECT, - DE_STATE_FLAG_URI_INSPECT, DummyTestAppInspectionEngine02, engine_list); @@ -2212,7 +2177,6 @@ int DetectEngineTest06(void) engine->dir != dir || engine->sm_list != DETECT_SM_LIST_UMATCH || engine->inspect_flags != DE_STATE_FLAG_URI_INSPECT || - engine->match_flags != DE_STATE_FLAG_URI_INSPECT || engine->Callback != DummyTestAppInspectionEngine01) { printf("failed for http and dir(0-toserver)\n"); goto end; @@ -2231,7 +2195,6 @@ int DetectEngineTest06(void) engine->dir != dir || engine->sm_list != DETECT_SM_LIST_UMATCH || engine->inspect_flags != DE_STATE_FLAG_URI_INSPECT || - engine->match_flags != DE_STATE_FLAG_URI_INSPECT || engine->Callback != DummyTestAppInspectionEngine02) { printf("failed for http and dir(0-toclient)\n"); goto end; @@ -2264,7 +2227,6 @@ int DetectEngineTest07(void) struct test_data_t { int32_t sm_list; uint32_t inspect_flags; - uint32_t match_flags; uint16_t dir; int (*Callback)(ThreadVars *tv, DetectEngineCtx *de_ctx, @@ -2277,67 +2239,54 @@ int DetectEngineTest07(void) struct test_data_t data[] = { { DETECT_SM_LIST_UMATCH, - DE_STATE_FLAG_URI_INSPECT, DE_STATE_FLAG_URI_INSPECT, 0, DummyTestAppInspectionEngine01 }, { DETECT_SM_LIST_HCBDMATCH, - DE_STATE_FLAG_HCBD_INSPECT, DE_STATE_FLAG_HCBD_INSPECT, 0, DummyTestAppInspectionEngine02 }, { DETECT_SM_LIST_FILEDATA, - DE_STATE_FLAG_HSBD_INSPECT, DE_STATE_FLAG_HSBD_INSPECT, 1, DummyTestAppInspectionEngine02 }, { DETECT_SM_LIST_HHDMATCH, - DE_STATE_FLAG_HHD_INSPECT, DE_STATE_FLAG_HHD_INSPECT, 0, DummyTestAppInspectionEngine01 }, { DETECT_SM_LIST_HRHDMATCH, - DE_STATE_FLAG_HRHD_INSPECT, DE_STATE_FLAG_HRHD_INSPECT, 0, DummyTestAppInspectionEngine01 }, { DETECT_SM_LIST_HMDMATCH, - DE_STATE_FLAG_HMD_INSPECT, DE_STATE_FLAG_HMD_INSPECT, 0, DummyTestAppInspectionEngine02 }, { DETECT_SM_LIST_HCDMATCH, - DE_STATE_FLAG_HCD_INSPECT, DE_STATE_FLAG_HCD_INSPECT, 0, DummyTestAppInspectionEngine01 }, { DETECT_SM_LIST_HRUDMATCH, - DE_STATE_FLAG_HRUD_INSPECT, DE_STATE_FLAG_HRUD_INSPECT, 0, DummyTestAppInspectionEngine01 }, { DETECT_SM_LIST_FILEMATCH, - DE_STATE_FLAG_FILE_TS_INSPECT, DE_STATE_FLAG_FILE_TS_INSPECT, 0, DummyTestAppInspectionEngine02 }, { DETECT_SM_LIST_FILEMATCH, - DE_STATE_FLAG_FILE_TC_INSPECT, DE_STATE_FLAG_FILE_TC_INSPECT, 1, DummyTestAppInspectionEngine02 }, { DETECT_SM_LIST_HSMDMATCH, - DE_STATE_FLAG_HSMD_INSPECT, DE_STATE_FLAG_HSMD_INSPECT, 0, DummyTestAppInspectionEngine01 }, { DETECT_SM_LIST_HSCDMATCH, - DE_STATE_FLAG_HSCD_INSPECT, DE_STATE_FLAG_HSCD_INSPECT, 0, DummyTestAppInspectionEngine01 }, { DETECT_SM_LIST_HUADMATCH, - DE_STATE_FLAG_HUAD_INSPECT, DE_STATE_FLAG_HUAD_INSPECT, 0, DummyTestAppInspectionEngine02 }, @@ -2350,7 +2299,6 @@ int DetectEngineTest07(void) data[i].dir /* STREAM_TOCLIENT */, data[i].sm_list, data[i].inspect_flags, - data[i].match_flags, data[i].Callback, engine_list); } @@ -2376,7 +2324,6 @@ int DetectEngineTest07(void) engine->dir != data[i].dir || engine->sm_list != data[i].sm_list || engine->inspect_flags != data[i].inspect_flags || - engine->match_flags != data[i].match_flags || engine->Callback != data[i].Callback) { printf("failed for http\n"); goto end; diff --git a/src/detect-engine.h b/src/detect-engine.h index dfd7bae93a..b89260d613 100644 --- a/src/detect-engine.h +++ b/src/detect-engine.h @@ -35,7 +35,6 @@ typedef struct DetectEngineAppInspectionEngine_ { int32_t sm_list; uint32_t inspect_flags; - uint32_t match_flags; /* \retval 0 No match. Don't discontinue matching yet. We need more data. * 1 Match. @@ -101,7 +100,6 @@ void DetectEngineRegisterAppInspectionEngine(uint8_t ipproto, uint16_t direction, int32_t sm_list, uint32_t inspect_flags, - uint32_t match_flags, int (*Callback)(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, diff --git a/src/detect-parse.c b/src/detect-parse.c index 87745c15d5..4713502ebb 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -1504,7 +1504,6 @@ static Signature *SigInitHelper(DetectEngineCtx *de_ctx, char *sigstr, 0, DETECT_SM_LIST_APP_EVENT, DE_STATE_FLAG_APP_EVENT_INSPECT, - DE_STATE_FLAG_APP_EVENT_INSPECT, DetectEngineAptEventInspect, app_inspection_engine); } @@ -1514,7 +1513,6 @@ static Signature *SigInitHelper(DetectEngineCtx *de_ctx, char *sigstr, 1, DETECT_SM_LIST_APP_EVENT, DE_STATE_FLAG_APP_EVENT_INSPECT, - DE_STATE_FLAG_APP_EVENT_INSPECT, DetectEngineAptEventInspect, app_inspection_engine); } @@ -1526,7 +1524,6 @@ static Signature *SigInitHelper(DetectEngineCtx *de_ctx, char *sigstr, 0, DETECT_SM_LIST_APP_EVENT, DE_STATE_FLAG_APP_EVENT_INSPECT, - DE_STATE_FLAG_APP_EVENT_INSPECT, DetectEngineAptEventInspect, app_inspection_engine); } @@ -1536,7 +1533,6 @@ static Signature *SigInitHelper(DetectEngineCtx *de_ctx, char *sigstr, 1, DETECT_SM_LIST_APP_EVENT, DE_STATE_FLAG_APP_EVENT_INSPECT, - DE_STATE_FLAG_APP_EVENT_INSPECT, DetectEngineAptEventInspect, app_inspection_engine); }