From c6c93d1d1231052d7e9c981a5c718602aef94d94 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Mon, 19 Oct 2020 15:49:13 +0200 Subject: [PATCH] detect/stream: convert to inspect API v2 --- src/detect-engine-payload.c | 11 +++++------ src/detect-engine-payload.h | 7 +++---- src/detect-engine.c | 2 +- 3 files changed, 9 insertions(+), 11 deletions(-) diff --git a/src/detect-engine-payload.c b/src/detect-engine-payload.c index a693069434..abe1315c58 100644 --- a/src/detect-engine-payload.c +++ b/src/detect-engine-payload.c @@ -314,17 +314,16 @@ static int StreamContentInspectEngineFunc(void *cb_data, const uint8_t *data, co * * Returns "can't match" if depth is reached. */ -int DetectEngineInspectStream(ThreadVars *tv, - DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatchData *smd, - Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) +int DetectEngineInspectStream(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, + const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, + uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { Packet *p = det_ctx->p; /* TODO: get rid of this HACK */ /* in certain sigs, e.g. 'alert dns', which apply to both tcp and udp * we can get called for UDP. Then we simply inspect the packet payload */ if (p->proto == IPPROTO_UDP) { - return DetectEngineInspectStreamUDPPayload(de_ctx, det_ctx, s, smd, f, p); + return DetectEngineInspectStreamUDPPayload(de_ctx, det_ctx, s, engine->smd, f, p); /* for other non-TCP protocols we assume match */ } else if (p->proto != IPPROTO_TCP) return DETECT_ENGINE_INSPECT_SIG_MATCH; @@ -337,7 +336,7 @@ int DetectEngineInspectStream(ThreadVars *tv, det_ctx->raw_stream_progress, (s->flags & SIG_FLAG_FLUSH)?"true":"false"); uint64_t unused; - struct StreamContentInspectEngineData inspect_data = { de_ctx, det_ctx, s, smd, f }; + struct StreamContentInspectEngineData inspect_data = { de_ctx, det_ctx, s, engine->smd, f }; int match = StreamReassembleRaw(f->protoctx, p, StreamContentInspectEngineFunc, &inspect_data, &unused, ((s->flags & SIG_FLAG_FLUSH) != 0)); diff --git a/src/detect-engine-payload.h b/src/detect-engine-payload.h index c85fe80116..d10ee66a85 100644 --- a/src/detect-engine-payload.h +++ b/src/detect-engine-payload.h @@ -34,10 +34,9 @@ int DetectEngineInspectPacketPayload(DetectEngineCtx *, int DetectEngineInspectStreamPayload(DetectEngineCtx *, DetectEngineThreadCtx *, const Signature *, Flow *, Packet *); -int DetectEngineInspectStream(ThreadVars *tv, - DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatchData *smd, - Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); +int DetectEngineInspectStream(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, + const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, + uint8_t flags, void *alstate, void *txv, uint64_t tx_id); void PayloadRegisterTests(void); diff --git a/src/detect-engine.c b/src/detect-engine.c index bee88283be..62427a84f7 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -436,7 +436,7 @@ static void AppendStreamInspectEngine(Signature *s, SigMatchData *stream, int di new_engine->stream = true; new_engine->sm_list = DETECT_SM_LIST_PMATCH; new_engine->smd = stream; - new_engine->Callback = DetectEngineInspectStream; + new_engine->v2.Callback = DetectEngineInspectStream; new_engine->progress = 0; /* append */