detect/multi-buf: use only one progress

for both inspect engine and app-layer mpm
7 months ago · 990ed204eb
parent 8ecc3efdc8
commit 990ed204eb
15 changed files with 27 additions and 29 deletions
--- a/src/detect-dns-name.c
+++ b/src/detect-dns-name.c
@ -89,8 +89,8 @@ static int Register(const char *keyword, const char *desc, const char *doc,
    sigmatch_table[keyword_id].flags |= SIGMATCH_NOOPT;
    sigmatch_table[keyword_id].flags |= SIGMATCH_INFO_STICKY_BUFFER;

-    DetectAppLayerMultiRegister(keyword, ALPROTO_DNS, SIG_FLAG_TOSERVER, 0, GetBufferFn, 2, 1);
-    DetectAppLayerMultiRegister(keyword, ALPROTO_DNS, SIG_FLAG_TOCLIENT, 0, GetBufferFn, 2, 1);
+    DetectAppLayerMultiRegister(keyword, ALPROTO_DNS, SIG_FLAG_TOSERVER, 1, GetBufferFn, 2);
+    DetectAppLayerMultiRegister(keyword, ALPROTO_DNS, SIG_FLAG_TOCLIENT, 1, GetBufferFn, 2);

    DetectBufferTypeSetDescriptionByName(keyword, keyword);
    DetectBufferTypeSupportsMultiInstance(keyword);
--- a/src/detect-engine-helper.c
+++ b/src/detect-engine-helper.c
@ -84,12 +84,10 @@ int DetectHelperMultiBufferProgressMpmRegister(const char *name, const char *des
        bool toclient, bool toserver, InspectionMultiBufferGetDataPtr GetData, int progress)
 {
    if (toserver) {
-        DetectAppLayerMultiRegister(
-                name, alproto, SIG_FLAG_TOSERVER, progress, GetData, 2, progress);
+        DetectAppLayerMultiRegister(name, alproto, SIG_FLAG_TOSERVER, progress, GetData, 2);
    }
    if (toclient) {
-        DetectAppLayerMultiRegister(
-                name, alproto, SIG_FLAG_TOCLIENT, progress, GetData, 2, progress);
+        DetectAppLayerMultiRegister(name, alproto, SIG_FLAG_TOCLIENT, progress, GetData, 2);
    }
    DetectBufferTypeSupportsMultiInstance(name);
    DetectBufferTypeSetDescriptionByName(name, desc);
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@ -2300,12 +2300,12 @@ uint8_t DetectEngineInspectBufferGeneric(DetectEngineCtx *de_ctx, DetectEngineTh
 // wrapper for both DetectAppLayerInspectEngineRegister and DetectAppLayerMpmRegister
 // with cast of callback function
 void DetectAppLayerMultiRegister(const char *name, AppProto alproto, uint32_t dir, int progress,
-        InspectionMultiBufferGetDataPtr GetData, int priority, int tx_min_progress)
+        InspectionMultiBufferGetDataPtr GetData, int priority)
 {
    AppLayerInspectEngineRegisterInternal(
            name, alproto, dir, progress, DetectEngineInspectMultiBufferGeneric, NULL, GetData);
-    DetectAppLayerMpmMultiRegister(name, dir, priority, PrefilterMultiGenericMpmRegister, GetData,
-            alproto, tx_min_progress);
+    DetectAppLayerMpmMultiRegister(
+            name, dir, priority, PrefilterMultiGenericMpmRegister, GetData, alproto, progress);
 }

 InspectionBuffer *DetectGetMultiData(struct DetectEngineThreadCtx_ *det_ctx,
--- a/src/detect-engine.h
+++ b/src/detect-engine.h
@ -177,7 +177,7 @@ void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uin
        int progress, InspectEngineFuncPtr Callback2, InspectionBufferGetDataPtr GetData);

 void DetectAppLayerMultiRegister(const char *name, AppProto alproto, uint32_t dir, int progress,
-        InspectionMultiBufferGetDataPtr GetData, int priority, int tx_min_progress);
+        InspectionMultiBufferGetDataPtr GetData, int priority);

 void DetectPktInspectEngineRegister(const char *name,
        InspectionBufferGetPktDataPtr GetPktData,
--- a/src/detect-ftp-reply.c
+++ b/src/detect-ftp-reply.c
@ -96,7 +96,7 @@ void DetectFtpReplyRegister(void)
    sigmatch_table[DETECT_FTP_REPLY].flags |= SIGMATCH_NOOPT;

    DetectAppLayerMultiRegister(
-            BUFFER_NAME, ALPROTO_FTP, SIG_FLAG_TOCLIENT, 0, DetectFTPReplyGetData, 2, 1);
+            BUFFER_NAME, ALPROTO_FTP, SIG_FLAG_TOCLIENT, 1, DetectFTPReplyGetData, 2);

    DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC);

--- a/src/detect-http-header.c
+++ b/src/detect-http-header.c
@ -591,9 +591,9 @@ void DetectHttpRequestHeaderRegister(void)
            SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;

    DetectAppLayerMultiRegister("http_request_header", ALPROTO_HTTP2, SIG_FLAG_TOSERVER,
-            HTTP2StateOpen, rs_http2_tx_get_header, 2, HTTP2StateOpen);
+            HTTP2StateOpen, rs_http2_tx_get_header, 2);
    DetectAppLayerMultiRegister("http_request_header", ALPROTO_HTTP1, SIG_FLAG_TOSERVER,
-            HTP_REQUEST_PROGRESS_HEADERS, GetHttp1HeaderData, 2, HTP_REQUEST_PROGRESS_HEADERS);
+            HTP_REQUEST_PROGRESS_HEADERS, GetHttp1HeaderData, 2);

    DetectBufferTypeSetDescriptionByName("http_request_header", "HTTP header name and value");
    g_http_request_header_buffer_id = DetectBufferTypeGetByName("http_request_header");
@ -624,9 +624,9 @@ void DetectHttpResponseHeaderRegister(void)
            SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;

    DetectAppLayerMultiRegister("http_response_header", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT,
-            HTTP2StateOpen, rs_http2_tx_get_header, 2, HTTP2StateOpen);
+            HTTP2StateOpen, rs_http2_tx_get_header, 2);
    DetectAppLayerMultiRegister("http_response_header", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT,
-            HTP_RESPONSE_PROGRESS_HEADERS, GetHttp1HeaderData, 2, HTP_RESPONSE_PROGRESS_HEADERS);
+            HTP_RESPONSE_PROGRESS_HEADERS, GetHttp1HeaderData, 2);

    DetectBufferTypeSetDescriptionByName("http_response_header", "HTTP header name and value");
    g_http_response_header_buffer_id = DetectBufferTypeGetByName("http_response_header");
--- a/src/detect-http2.c
+++ b/src/detect-http2.c
@ -174,9 +174,9 @@ void DetectHttp2Register(void)
    sigmatch_table[DETECT_HTTP2_HEADERNAME].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;

    DetectAppLayerMultiRegister("http2_header_name", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT,
-            HTTP2StateOpen, rs_http2_tx_get_header_name, 2, HTTP2StateOpen);
+            HTTP2StateOpen, rs_http2_tx_get_header_name, 2);
    DetectAppLayerMultiRegister("http2_header_name", ALPROTO_HTTP2, SIG_FLAG_TOSERVER,
-            HTTP2StateOpen, rs_http2_tx_get_header_name, 2, HTTP2StateOpen);
+            HTTP2StateOpen, rs_http2_tx_get_header_name, 2);

    DetectBufferTypeSupportsMultiInstance("http2_header_name");
    DetectBufferTypeSetDescriptionByName("http2_header_name",
--- a/src/detect-ike-vendor.c
+++ b/src/detect-ike-vendor.c
@ -52,7 +52,7 @@ void DetectIkeVendorRegister(void)
    sigmatch_table[DETECT_IKE_VENDOR].flags |= SIGMATCH_INFO_STICKY_BUFFER;

    DetectAppLayerMultiRegister(
-            "ike.vendor", ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, rs_ike_tx_get_vendor, 1, 1);
+            "ike.vendor", ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, rs_ike_tx_get_vendor, 1);

    g_ike_vendor_buffer_id = DetectBufferTypeGetByName("ike.vendor");

--- a/src/detect-krb5-cname.c
+++ b/src/detect-krb5-cname.c
@ -59,7 +59,7 @@ void DetectKrb5CNameRegister(void)
    sigmatch_table[DETECT_KRB5_CNAME].desc = "sticky buffer to match on Kerberos 5 client name";

    DetectAppLayerMultiRegister(
-            "krb5_cname", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, rs_krb5_tx_get_cname, 2, 1);
+            "krb5_cname", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 1, rs_krb5_tx_get_cname, 2);

    DetectBufferTypeSetDescriptionByName("krb5_cname",
            "Kerberos 5 ticket client name");
--- a/src/detect-krb5-sname.c
+++ b/src/detect-krb5-sname.c
@ -59,7 +59,7 @@ void DetectKrb5SNameRegister(void)
    sigmatch_table[DETECT_KRB5_SNAME].desc = "sticky buffer to match on Kerberos 5 server name";

    DetectAppLayerMultiRegister(
-            "krb5_sname", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, rs_krb5_tx_get_sname, 2, 1);
+            "krb5_sname", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 1, rs_krb5_tx_get_sname, 2);

    DetectBufferTypeSetDescriptionByName("krb5_sname",
            "Kerberos 5 ticket server name");
--- a/src/detect-quic-cyu-hash.c
+++ b/src/detect-quic-cyu-hash.c
@ -68,7 +68,7 @@ void DetectQuicCyuHashRegister(void)
 #endif

    DetectAppLayerMultiRegister(
-            BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 0, rs_quic_tx_get_cyu_hash, 2, 1);
+            BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, rs_quic_tx_get_cyu_hash, 2);

    DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC);

--- a/src/detect-quic-cyu-string.c
+++ b/src/detect-quic-cyu-string.c
@ -66,7 +66,7 @@ void DetectQuicCyuStringRegister(void)
 #endif

    DetectAppLayerMultiRegister(
-            BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 0, rs_quic_tx_get_cyu_string, 2, 1);
+            BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, rs_quic_tx_get_cyu_string, 2);

    DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC);

--- a/src/detect-tls-alpn.c
+++ b/src/detect-tls-alpn.c
@ -104,9 +104,9 @@ void DetectTlsAlpnRegister(void)
    sigmatch_table[DETECT_TLS_ALPN].flags |= SIGMATCH_INFO_STICKY_BUFFER;

    DetectAppLayerMultiRegister("tls.alpn", ALPROTO_TLS, SIG_FLAG_TOSERVER,
-            TLS_STATE_CLIENT_HELLO_DONE, TlsAlpnGetData, 2, TLS_STATE_CLIENT_HELLO_DONE);
-    DetectAppLayerMultiRegister("tls.alpn", ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_SERVER_HELLO,
-            TlsAlpnGetData, 2, TLS_STATE_SERVER_HELLO);
+            TLS_STATE_CLIENT_HELLO_DONE, TlsAlpnGetData, 2);
+    DetectAppLayerMultiRegister(
+            "tls.alpn", ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_SERVER_HELLO, TlsAlpnGetData, 2);

    DetectBufferTypeSetDescriptionByName("tls.alpn", "TLS APLN");

--- a/src/detect-tls-certs.c
+++ b/src/detect-tls-certs.c
@ -113,9 +113,9 @@ void DetectTlsCertsRegister(void)
    sigmatch_table[DETECT_TLS_CERTS].flags |= SIGMATCH_INFO_STICKY_BUFFER;

    DetectAppLayerMultiRegister("tls.certs", ALPROTO_TLS, SIG_FLAG_TOCLIENT,
-            TLS_STATE_SERVER_CERT_DONE, TlsCertsGetData, 2, 1);
+            TLS_STATE_SERVER_CERT_DONE, TlsCertsGetData, 2);
    DetectAppLayerMultiRegister("tls.certs", ALPROTO_TLS, SIG_FLAG_TOSERVER,
-            TLS_STATE_CLIENT_CERT_DONE, TlsCertsGetData, 2, 1);
+            TLS_STATE_CLIENT_CERT_DONE, TlsCertsGetData, 2);

    DetectBufferTypeSetDescriptionByName("tls.certs", "TLS certificate");

--- a/src/detect-tls-subjectaltname.c
+++ b/src/detect-tls-subjectaltname.c
@ -84,8 +84,8 @@ void DetectTlsSubjectAltNameRegister(void)
    sigmatch_table[DETECT_TLS_SUBJECTALTNAME].flags |= SIGMATCH_NOOPT;
    sigmatch_table[DETECT_TLS_SUBJECTALTNAME].flags |= SIGMATCH_INFO_STICKY_BUFFER;

-    DetectAppLayerMultiRegister("tls.subjectaltname", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0,
-            TlsSubjectAltNameGetData, 2, TLS_STATE_SERVER_CERT_DONE);
+    DetectAppLayerMultiRegister("tls.subjectaltname", ALPROTO_TLS, SIG_FLAG_TOCLIENT,
+            TLS_STATE_SERVER_CERT_DONE, TlsSubjectAltNameGetData, 2);

    DetectBufferTypeSetDescriptionByName("tls.subjectaltname", "TLS Subject Alternative Name");