http_response_line: dynamic buffer

src/detect-engine.c

@@ -2818,8 +2818,6 @@ const char *DetectSigmatchListEnumToString(enum DetectSigmatchListEnum type)
             return "http cookie";
         case DETECT_SM_LIST_HUADMATCH:
             return "http user-agent";
-        case DETECT_SM_LIST_HTTP_RESLINEMATCH:
-            return "http response line";
         case DETECT_SM_LIST_APP_EVENT:
             return "app layer events";
 

src/detect-http-response-line.c

@@ -60,14 +60,15 @@
 #include "stream-tcp.h"
 #include "detect-http-response-line.h"
 
-int DetectHttpResponseLineSetup(DetectEngineCtx *, Signature *, char *);
-void DetectHttpResponseLineRegisterTests(void);
-void DetectHttpResponseLineFree(void *);
+static int DetectHttpResponseLineSetup(DetectEngineCtx *, Signature *, char *);
+static void DetectHttpResponseLineRegisterTests(void);
 static int PrefilterTxHttpResponseLineRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
 static int DetectEngineInspectHttpResponseLine(ThreadVars *tv,
         DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
         const Signature *s, const SigMatchData *smd,
         Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
+static void DetectHttpResponseLineSetupCallback(Signature *s);
+static int g_http_response_line_id = 0;
 
 /**
  * \brief Registers the keyword handlers for the "http_response_line" keyword.
@@ -85,15 +86,20 @@ void DetectHttpResponseLineRegister(void)
     sigmatch_table[DETECT_AL_HTTP_RESPONSE_LINE].flags |= SIGMATCH_NOOPT;
     sigmatch_table[DETECT_AL_HTTP_RESPONSE_LINE].flags |= SIGMATCH_PAYLOAD ;
 
-    DetectMpmAppLayerRegister("http_response_line", SIG_FLAG_TOCLIENT,
-            DETECT_SM_LIST_HTTP_RESLINEMATCH, 2,
+    DetectAppLayerMpmRegister("http_response_line", SIG_FLAG_TOCLIENT, 2,
             PrefilterTxHttpResponseLineRegister);
 
-    DetectAppLayerInspectEngineRegister(ALPROTO_HTTP, SIG_FLAG_TOCLIENT,
-            DETECT_SM_LIST_HTTP_RESLINEMATCH,
+    DetectAppLayerInspectEngineRegister2("http_response_line",
+            ALPROTO_HTTP, SIG_FLAG_TOCLIENT,
             DetectEngineInspectHttpResponseLine);
 
-    return;
+    DetectBufferTypeSetDescriptionByName("http_response_line",
+            "http response line");
+
+    DetectBufferTypeRegisterSetupCallback("http_response_line",
+            DetectHttpResponseLineSetupCallback);
+
+    g_http_response_line_id = DetectBufferTypeGetByName("http_response_line");
 }
 
 /**
@@ -109,13 +115,19 @@ void DetectHttpResponseLineRegister(void)
  * \retval  0 On success
  * \retval -1 On failure
  */
-int DetectHttpResponseLineSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg)
+static int DetectHttpResponseLineSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg)
 {
-    s->init_data->list = DETECT_SM_LIST_HTTP_RESLINEMATCH;
+    s->init_data->list = g_http_response_line_id;
     s->alproto = ALPROTO_HTTP;
     return 0;
 }
 
+static void DetectHttpResponseLineSetupCallback(Signature *s)
+{
+    SCLogDebug("callback invoked by %u", s->id);
+    s->mask |= SIG_MASK_REQUIRE_HTTP_STATE;
+}
+
 /** \brief HTTP response line Mpm prefilter callback
  *
  *  \param det_ctx detection engine thread ctx

src/detect-parse.c

@@ -151,7 +151,6 @@ const char *DetectListToHumanString(int list)
         CASE_CODE_STRING(DETECT_SM_LIST_HRHHDMATCH, "http_raw_host");
         CASE_CODE_STRING(DETECT_SM_LIST_HCDMATCH, "http_cookie");
         CASE_CODE_STRING(DETECT_SM_LIST_HUADMATCH, "http_user_agent");
-        CASE_CODE_STRING(DETECT_SM_LIST_HTTP_RESLINEMATCH, "http_response_line");
         CASE_CODE_STRING(DETECT_SM_LIST_APP_EVENT, "app-layer-event");
         CASE_CODE_STRING(DETECT_SM_LIST_AMATCH, "app-layer");
         CASE_CODE_STRING(DETECT_SM_LIST_DMATCH, "dcerpc");
@@ -192,7 +191,6 @@ const char *DetectListToString(int list)
         CASE_CODE(DETECT_SM_LIST_HRHHDMATCH);
         CASE_CODE(DETECT_SM_LIST_HCDMATCH);
         CASE_CODE(DETECT_SM_LIST_HUADMATCH);
-        CASE_CODE(DETECT_SM_LIST_HTTP_RESLINEMATCH);
         CASE_CODE(DETECT_SM_LIST_APP_EVENT);
         CASE_CODE(DETECT_SM_LIST_AMATCH);
         CASE_CODE(DETECT_SM_LIST_DMATCH);

src/detect.h

@@ -135,8 +135,6 @@ enum DetectSigmatchListEnum {
     DETECT_SM_LIST_HCDMATCH,
     /* list for http_user_agent keyword and the ones relative to it */
     DETECT_SM_LIST_HUADMATCH,
-    /* list for http_response_line keyword and the ones relative to it */
-    DETECT_SM_LIST_HTTP_RESLINEMATCH,
     /* app event engine sm list */
     DETECT_SM_LIST_APP_EVENT,