From f8ae53ac02787a5e1c4554bad10cc8ddbe125052 Mon Sep 17 00:00:00 2001 From: Anoop Saldanha Date: Thu, 28 Feb 2013 16:21:43 +0530 Subject: [PATCH] Further customize content modifier buffer registration. Allow modifier setups functions to have CustomCallbacks to enable their internal conditions. --- src/detect-http-client-body.c | 10 +++++++++- src/detect-http-cookie.c | 4 +++- src/detect-http-header.c | 4 +++- src/detect-http-hh.c | 4 +++- src/detect-http-hrh.c | 4 +++- src/detect-http-method.c | 4 +++- src/detect-http-raw-header.c | 4 +++- src/detect-http-raw-uri.c | 4 +++- src/detect-http-server-body.c | 12 +++++++++++- src/detect-http-stat-code.c | 4 +++- src/detect-http-stat-msg.c | 4 +++- src/detect-http-ua.c | 4 +++- src/detect-http-uri.c | 4 +++- src/detect-parse.c | 17 ++++++++--------- src/detect-parse.h | 4 +++- 15 files changed, 64 insertions(+), 23 deletions(-) diff --git a/src/detect-http-client-body.c b/src/detect-http-client-body.c index 7769fe6f7a..f17eb921a9 100644 --- a/src/detect-http-client-body.c +++ b/src/detect-http-client-body.c @@ -79,6 +79,12 @@ void DetectHttpClientBodyRegister(void) sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].flags |= SIGMATCH_PAYLOAD ; } +static void DetectHttpClientBodySetupCallback(Signature *s) +{ + AppLayerHtpEnableRequestBodyCallback(); + return; +} + /** * \brief The setup function for the http_client_body keyword for a signature. * @@ -96,7 +102,9 @@ int DetectHttpClientBodySetup(DetectEngineCtx *de_ctx, Signature *s, char *arg) { return DetectEngineContentModifierBufferSetup(de_ctx, s, arg, DETECT_AL_HTTP_CLIENT_BODY, - DETECT_SM_LIST_HCBDMATCH); + DETECT_SM_LIST_HCBDMATCH, + ALPROTO_HTTP, + DetectHttpClientBodySetupCallback); } /** diff --git a/src/detect-http-cookie.c b/src/detect-http-cookie.c index 0fd583fd9b..7c7a25fd3f 100644 --- a/src/detect-http-cookie.c +++ b/src/detect-http-cookie.c @@ -111,7 +111,9 @@ static int DetectHttpCookieSetup(DetectEngineCtx *de_ctx, Signature *s, char *st { return DetectEngineContentModifierBufferSetup(de_ctx, s, str, DETECT_AL_HTTP_COOKIE, - DETECT_SM_LIST_HCDMATCH); + DETECT_SM_LIST_HCDMATCH, + ALPROTO_HTTP, + NULL); } /******************************** UNITESTS **********************************/ diff --git a/src/detect-http-header.c b/src/detect-http-header.c index 2150acfb08..44c5a80489 100644 --- a/src/detect-http-header.c +++ b/src/detect-http-header.c @@ -117,7 +117,9 @@ int DetectHttpHeaderSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg) { return DetectEngineContentModifierBufferSetup(de_ctx, s, arg, DETECT_AL_HTTP_HEADER, - DETECT_SM_LIST_HHDMATCH); + DETECT_SM_LIST_HHDMATCH, + ALPROTO_HTTP, + NULL); } /************************************Unittests*********************************/ diff --git a/src/detect-http-hh.c b/src/detect-http-hh.c index e0cbdc812f..b04cb33b04 100644 --- a/src/detect-http-hh.c +++ b/src/detect-http-hh.c @@ -97,7 +97,9 @@ int DetectHttpHHSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg) { return DetectEngineContentModifierBufferSetup(de_ctx, s, arg, DETECT_AL_HTTP_HOST, - DETECT_SM_LIST_HHHDMATCH); + DETECT_SM_LIST_HHHDMATCH, + ALPROTO_HTTP, + NULL); } /** diff --git a/src/detect-http-hrh.c b/src/detect-http-hrh.c index d2def6370c..47928450a1 100644 --- a/src/detect-http-hrh.c +++ b/src/detect-http-hrh.c @@ -97,7 +97,9 @@ int DetectHttpHRHSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg) { return DetectEngineContentModifierBufferSetup(de_ctx, s, arg, DETECT_AL_HTTP_RAW_HOST, - DETECT_SM_LIST_HRHHDMATCH); + DETECT_SM_LIST_HRHHDMATCH, + ALPROTO_HTTP, + NULL); } /** diff --git a/src/detect-http-method.c b/src/detect-http-method.c index 80d6f208a4..3b9ba68bdf 100644 --- a/src/detect-http-method.c +++ b/src/detect-http-method.c @@ -96,7 +96,9 @@ static int DetectHttpMethodSetup(DetectEngineCtx *de_ctx, Signature *s, char *st { return DetectEngineContentModifierBufferSetup(de_ctx, s, str, DETECT_AL_HTTP_METHOD, - DETECT_SM_LIST_HMDMATCH); + DETECT_SM_LIST_HMDMATCH, + ALPROTO_HTTP, + NULL); } /** diff --git a/src/detect-http-raw-header.c b/src/detect-http-raw-header.c index 37da514abc..9f8a2ca10e 100644 --- a/src/detect-http-raw-header.c +++ b/src/detect-http-raw-header.c @@ -116,7 +116,9 @@ int DetectHttpRawHeaderSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg) { return DetectEngineContentModifierBufferSetup(de_ctx, s, arg, DETECT_AL_HTTP_RAW_HEADER, - DETECT_SM_LIST_HRHDMATCH); + DETECT_SM_LIST_HRHDMATCH, + ALPROTO_HTTP, + NULL); } /************************************Unittests*********************************/ diff --git a/src/detect-http-raw-uri.c b/src/detect-http-raw-uri.c index ca41bdb184..afb742e0f5 100644 --- a/src/detect-http-raw-uri.c +++ b/src/detect-http-raw-uri.c @@ -90,7 +90,9 @@ static int DetectHttpRawUriSetup(DetectEngineCtx *de_ctx, Signature *s, char *ar { return DetectEngineContentModifierBufferSetup(de_ctx, s, arg, DETECT_AL_HTTP_RAW_URI, - DETECT_SM_LIST_HRUDMATCH); + DETECT_SM_LIST_HRUDMATCH, + ALPROTO_HTTP, + NULL); } diff --git a/src/detect-http-server-body.c b/src/detect-http-server-body.c index e2ecd5e100..4b02e8245e 100644 --- a/src/detect-http-server-body.c +++ b/src/detect-http-server-body.c @@ -80,6 +80,14 @@ void DetectHttpServerBodyRegister(void) sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].flags |= SIGMATCH_PAYLOAD ; } +static void DetectHttpServerBodySetupCallback(Signature *s) +{ + s->flags |= SIG_FLAG_APPLAYER; + AppLayerHtpEnableResponseBodyCallback(); + + return; +} + /** * \brief The setup function for the http_server_body keyword for a signature. * @@ -97,7 +105,9 @@ int DetectHttpServerBodySetup(DetectEngineCtx *de_ctx, Signature *s, char *arg) { return DetectEngineContentModifierBufferSetup(de_ctx, s, arg, DETECT_AL_HTTP_SERVER_BODY, - DETECT_SM_LIST_HSBDMATCH); + DETECT_SM_LIST_HSBDMATCH, + ALPROTO_HTTP, + DetectHttpServerBodySetupCallback); } /** diff --git a/src/detect-http-stat-code.c b/src/detect-http-stat-code.c index 6825145605..e10de68620 100644 --- a/src/detect-http-stat-code.c +++ b/src/detect-http-stat-code.c @@ -100,7 +100,9 @@ static int DetectHttpStatCodeSetup(DetectEngineCtx *de_ctx, Signature *s, char * { return DetectEngineContentModifierBufferSetup(de_ctx, s, arg, DETECT_AL_HTTP_STAT_CODE, - DETECT_SM_LIST_HSCDMATCH); + DETECT_SM_LIST_HSCDMATCH, + ALPROTO_HTTP, + NULL); } #ifdef UNITTESTS diff --git a/src/detect-http-stat-msg.c b/src/detect-http-stat-msg.c index 7a350066e6..37200f28e7 100644 --- a/src/detect-http-stat-msg.c +++ b/src/detect-http-stat-msg.c @@ -100,7 +100,9 @@ static int DetectHttpStatMsgSetup(DetectEngineCtx *de_ctx, Signature *s, char *a { return DetectEngineContentModifierBufferSetup(de_ctx, s, arg, DETECT_AL_HTTP_STAT_MSG, - DETECT_SM_LIST_HSMDMATCH); + DETECT_SM_LIST_HSMDMATCH, + ALPROTO_HTTP, + NULL); } #ifdef UNITTESTS diff --git a/src/detect-http-ua.c b/src/detect-http-ua.c index fbc9d13ee6..f78ef63d4c 100644 --- a/src/detect-http-ua.c +++ b/src/detect-http-ua.c @@ -98,7 +98,9 @@ int DetectHttpUASetup(DetectEngineCtx *de_ctx, Signature *s, char *arg) { return DetectEngineContentModifierBufferSetup(de_ctx, s, arg, DETECT_AL_HTTP_USER_AGENT, - DETECT_SM_LIST_HUADMATCH); + DETECT_SM_LIST_HUADMATCH, + ALPROTO_HTTP, + NULL); } /** diff --git a/src/detect-http-uri.c b/src/detect-http-uri.c index 0b84a20c30..557dc11934 100644 --- a/src/detect-http-uri.c +++ b/src/detect-http-uri.c @@ -91,7 +91,9 @@ int DetectHttpUriSetup(DetectEngineCtx *de_ctx, Signature *s, char *str) { return DetectEngineContentModifierBufferSetup(de_ctx, s, str, DETECT_AL_HTTP_URI, - DETECT_SM_LIST_UMATCH); + DETECT_SM_LIST_UMATCH, + ALPROTO_HTTP, + NULL); } diff --git a/src/detect-parse.c b/src/detect-parse.c index e700ec8f44..8a11857e38 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -97,7 +97,8 @@ typedef struct SigDuplWrapper_ { #define OPTION_PCRE "^\\s*([A-z_0-9-\\.]+)(?:\\s*\\:\\s*(.*)(?alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) { - SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains a non http " - "alproto set"); + if (s->alproto != ALPROTO_UNKNOWN && s->alproto != alproto) { + SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting " + "alprotos set"); goto end; } @@ -167,12 +168,10 @@ int DetectEngineContentModifierBufferSetup(DetectEngineCtx *de_ctx, Signature *s } } cd->id = DetectPatternGetId(de_ctx->mpm_pattern_id_store, cd, s, sm_list); + if (CustomCallback != NULL) + CustomCallback(s); + s->alproto = alproto; s->flags |= SIG_FLAG_APPLAYER; - s->alproto = ALPROTO_HTTP; - if (sm_type == DETECT_AL_HTTP_CLIENT_BODY) - AppLayerHtpEnableRequestBodyCallback(); - else if (sm_type == DETECT_AL_HTTP_SERVER_BODY) - AppLayerHtpEnableResponseBodyCallback(); /* transfer the sm from the pmatch list to hcbdmatch list */ SigMatchTransferSigMatchAcrossLists(sm, diff --git a/src/detect-parse.h b/src/detect-parse.h index 09194ce95d..fda2311e5b 100644 --- a/src/detect-parse.h +++ b/src/detect-parse.h @@ -63,6 +63,8 @@ void DetectParseDupSigHashFree(DetectEngineCtx *); int DetectParseContentString (char *, uint8_t **, uint16_t *, uint32_t *); int DetectEngineContentModifierBufferSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg, - uint8_t sm_type, uint8_t sm_list); + uint8_t sm_type, uint8_t sm_list, + uint16_t alproto, void (*CustomCallback)(Signature *s)); + #endif /* __DETECT_PARSE_H__ */