aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Further customize content modifier buffer registration.

Browse Source 
Allow modifier setups functions to have CustomCallbacks to enable their
internal conditions.
pull/325/head
Anoop Saldanha 13 years ago committed by Victor Julien
parent a304a98d1d
commit f8ae53ac02
15 changed files with 64 additions and 23 deletions
Show Stats Download Patch File Download Diff File

10
src/detect-http-client-body.c
Unescape Escape View File

@ -79,6 +79,12 @@ void DetectHttpClientBodyRegister(void)
sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].flags |= SIGMATCH_PAYLOAD ;
}
static void DetectHttpClientBodySetupCallback(Signature *s)
{
AppLayerHtpEnableRequestBodyCallback();
return;
}
/**
* \brief The setup function for the http_client_body keyword for a signature.
*
@ -96,7 +102,9 @@ int DetectHttpClientBodySetup(DetectEngineCtx *de_ctx, Signature *s, char *arg)
{
return DetectEngineContentModifierBufferSetup(de_ctx, s, arg,
DETECT_AL_HTTP_CLIENT_BODY,
DETECT_SM_LIST_HCBDMATCH);
DETECT_SM_LIST_HCBDMATCH,
ALPROTO_HTTP,
DetectHttpClientBodySetupCallback);
}
/**

4
src/detect-http-cookie.c
Unescape Escape View File

@ -111,7 +111,9 @@ static int DetectHttpCookieSetup(DetectEngineCtx *de_ctx, Signature *s, char *st
{
return DetectEngineContentModifierBufferSetup(de_ctx, s, str,
DETECT_AL_HTTP_COOKIE,
DETECT_SM_LIST_HCDMATCH);
DETECT_SM_LIST_HCDMATCH,
ALPROTO_HTTP,
NULL);
}
/******************************** UNITESTS **********************************/

4
src/detect-http-header.c
Unescape Escape View File

@ -117,7 +117,9 @@ int DetectHttpHeaderSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg)
{
return DetectEngineContentModifierBufferSetup(de_ctx, s, arg,
DETECT_AL_HTTP_HEADER,
DETECT_SM_LIST_HHDMATCH);
DETECT_SM_LIST_HHDMATCH,
ALPROTO_HTTP,
NULL);
}
/************************************Unittests*********************************/

4
src/detect-http-hh.c
Unescape Escape View File

@ -97,7 +97,9 @@ int DetectHttpHHSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg)
{
return DetectEngineContentModifierBufferSetup(de_ctx, s, arg,
DETECT_AL_HTTP_HOST,
DETECT_SM_LIST_HHHDMATCH);
DETECT_SM_LIST_HHHDMATCH,
ALPROTO_HTTP,
NULL);
}
/**

4
src/detect-http-hrh.c
Unescape Escape View File

@ -97,7 +97,9 @@ int DetectHttpHRHSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg)
{
return DetectEngineContentModifierBufferSetup(de_ctx, s, arg,
DETECT_AL_HTTP_RAW_HOST,
DETECT_SM_LIST_HRHHDMATCH);
DETECT_SM_LIST_HRHHDMATCH,
ALPROTO_HTTP,
NULL);
}
/**

4
src/detect-http-method.c
Unescape Escape View File

@ -96,7 +96,9 @@ static int DetectHttpMethodSetup(DetectEngineCtx *de_ctx, Signature *s, char *st
{
return DetectEngineContentModifierBufferSetup(de_ctx, s, str,
DETECT_AL_HTTP_METHOD,
DETECT_SM_LIST_HMDMATCH);
DETECT_SM_LIST_HMDMATCH,
ALPROTO_HTTP,
NULL);
}
/**

4
src/detect-http-raw-header.c
Unescape Escape View File

@ -116,7 +116,9 @@ int DetectHttpRawHeaderSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg)
{
return DetectEngineContentModifierBufferSetup(de_ctx, s, arg,
DETECT_AL_HTTP_RAW_HEADER,
DETECT_SM_LIST_HRHDMATCH);
DETECT_SM_LIST_HRHDMATCH,
ALPROTO_HTTP,
NULL);
}
/************************************Unittests*********************************/

4
src/detect-http-raw-uri.c
Unescape Escape View File

@ -90,7 +90,9 @@ static int DetectHttpRawUriSetup(DetectEngineCtx *de_ctx, Signature *s, char *ar
{
return DetectEngineContentModifierBufferSetup(de_ctx, s, arg,
DETECT_AL_HTTP_RAW_URI,
DETECT_SM_LIST_HRUDMATCH);
DETECT_SM_LIST_HRUDMATCH,
ALPROTO_HTTP,
NULL);
}

12
src/detect-http-server-body.c
Unescape Escape View File

@ -80,6 +80,14 @@ void DetectHttpServerBodyRegister(void)
sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].flags |= SIGMATCH_PAYLOAD ;
}
static void DetectHttpServerBodySetupCallback(Signature *s)
{
s->flags |= SIG_FLAG_APPLAYER;
AppLayerHtpEnableResponseBodyCallback();
return;
}
/**
* \brief The setup function for the http_server_body keyword for a signature.
*
@ -97,7 +105,9 @@ int DetectHttpServerBodySetup(DetectEngineCtx *de_ctx, Signature *s, char *arg)
{
return DetectEngineContentModifierBufferSetup(de_ctx, s, arg,
DETECT_AL_HTTP_SERVER_BODY,
DETECT_SM_LIST_HSBDMATCH);
DETECT_SM_LIST_HSBDMATCH,
ALPROTO_HTTP,
DetectHttpServerBodySetupCallback);
}
/**

4
src/detect-http-stat-code.c
Unescape Escape View File

@ -100,7 +100,9 @@ static int DetectHttpStatCodeSetup(DetectEngineCtx *de_ctx, Signature *s, char *
{
return DetectEngineContentModifierBufferSetup(de_ctx, s, arg,
DETECT_AL_HTTP_STAT_CODE,
DETECT_SM_LIST_HSCDMATCH);
DETECT_SM_LIST_HSCDMATCH,
ALPROTO_HTTP,
NULL);
}
#ifdef UNITTESTS

4
src/detect-http-stat-msg.c
Unescape Escape View File

@ -100,7 +100,9 @@ static int DetectHttpStatMsgSetup(DetectEngineCtx *de_ctx, Signature *s, char *a
{
return DetectEngineContentModifierBufferSetup(de_ctx, s, arg,
DETECT_AL_HTTP_STAT_MSG,
DETECT_SM_LIST_HSMDMATCH);
DETECT_SM_LIST_HSMDMATCH,
ALPROTO_HTTP,
NULL);
}
#ifdef UNITTESTS

4
src/detect-http-ua.c
Unescape Escape View File

@ -98,7 +98,9 @@ int DetectHttpUASetup(DetectEngineCtx *de_ctx, Signature *s, char *arg)
{
return DetectEngineContentModifierBufferSetup(de_ctx, s, arg,
DETECT_AL_HTTP_USER_AGENT,
DETECT_SM_LIST_HUADMATCH);
DETECT_SM_LIST_HUADMATCH,
ALPROTO_HTTP,
NULL);
}
/**

4
src/detect-http-uri.c
Unescape Escape View File

@ -91,7 +91,9 @@ int DetectHttpUriSetup(DetectEngineCtx *de_ctx, Signature *s, char *str)
{
return DetectEngineContentModifierBufferSetup(de_ctx, s, str,
DETECT_AL_HTTP_URI,
DETECT_SM_LIST_UMATCH);
DETECT_SM_LIST_UMATCH,
ALPROTO_HTTP,
NULL);
}

17
src/detect-parse.c
Unescape Escape View File

@ -97,7 +97,8 @@ typedef struct SigDuplWrapper_ {
#define OPTION_PCRE "^\\s*([A-z_0-9-\\.]+)(?:\\s*\\:\\s*(.*)(?<!\\\\))?\\s*;\\s*(?:\\s*(.*))?\\s*$"
int DetectEngineContentModifierBufferSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg,
uint8_t sm_type, uint8_t sm_list)
uint8_t sm_type, uint8_t sm_list,
uint16_t alproto, void (*CustomCallback)(Signature *s))
{
SigMatch *sm = NULL;
int ret = -1;
@ -116,9 +117,9 @@ int DetectEngineContentModifierBufferSetup(DetectEngineCtx *de_ctx, Signature *s
goto end;
}
/* for now let's hardcode it as http */
if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains a non http "
"alproto set");
if (s->alproto != ALPROTO_UNKNOWN && s->alproto != alproto) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting "
"alprotos set");
goto end;
}
@ -167,12 +168,10 @@ int DetectEngineContentModifierBufferSetup(DetectEngineCtx *de_ctx, Signature *s
}
}
cd->id = DetectPatternGetId(de_ctx->mpm_pattern_id_store, cd, s, sm_list);
if (CustomCallback != NULL)
CustomCallback(s);
s->alproto = alproto;
s->flags |= SIG_FLAG_APPLAYER;
s->alproto = ALPROTO_HTTP;
if (sm_type == DETECT_AL_HTTP_CLIENT_BODY)
AppLayerHtpEnableRequestBodyCallback();
else if (sm_type == DETECT_AL_HTTP_SERVER_BODY)
AppLayerHtpEnableResponseBodyCallback();
/* transfer the sm from the pmatch list to hcbdmatch list */
SigMatchTransferSigMatchAcrossLists(sm,

4
src/detect-parse.h
Unescape Escape View File

@ -63,6 +63,8 @@ void DetectParseDupSigHashFree(DetectEngineCtx *);
int DetectParseContentString (char *, uint8_t **, uint16_t *, uint32_t *);
int DetectEngineContentModifierBufferSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg,
uint8_t sm_type, uint8_t sm_list);
uint8_t sm_type, uint8_t sm_list,
uint16_t alproto, void (*CustomCallback)(Signature *s));
#endif /* __DETECT_PARSE_H__ */

Write Preview
Loading…
Cancel
Save