diff --git a/src/Makefile.am b/src/Makefile.am index 52f02a1e0e..768a345a40 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -143,7 +143,6 @@ detect-engine-siggroup.c detect-engine-siggroup.h \ detect-engine-sigorder.c detect-engine-sigorder.h \ detect-engine-state.c detect-engine-state.h \ detect-engine-tag.c detect-engine-tag.h \ -detect-engine-template.c detect-engine-template.h \ detect-engine-threshold.c detect-engine-threshold.h \ detect-engine-uri.c detect-engine-uri.h \ detect-fast-pattern.c detect-fast-pattern.h \ diff --git a/src/detect-engine-template.c b/src/detect-engine-template.c deleted file mode 100644 index c5a712c66a..0000000000 --- a/src/detect-engine-template.c +++ /dev/null @@ -1,60 +0,0 @@ -/* Copyright (C) 2015 Open Information Security Foundation - * - * You can copy, redistribute or modify this Program under the terms of - * the GNU General Public License version 2 as published by the Free - * Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * version 2 along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -/* - * TODO: Update your name below and in detect-engine-template.h. - * TODO: Update description in the \file section below. - * TODO: Remove SCLogNotice statements or convert to debug. - */ - -/** - * \file - * - * \author FirstName LastName - * - * Implement buffer inspection on the decoded application layer - * content buffers. - */ - -#include "suricata-common.h" -#include "stream.h" -#include "detect-engine-content-inspection.h" -#include "detect-engine-template.h" -#include "app-layer-template.h" - -int DetectEngineInspectTemplateBuffer(ThreadVars *tv, - DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatchData *smd, - Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - TemplateTransaction *tx = (TemplateTransaction *)txv; - int ret = 0; - - if (flags & STREAM_TOSERVER && tx->request_buffer != NULL) { - ret = DetectEngineContentInspection(de_ctx, det_ctx, s, smd, - f, tx->request_buffer, tx->request_buffer_len, 0, - DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL); - } - else if (flags & STREAM_TOCLIENT && tx->response_buffer != NULL) { - ret = DetectEngineContentInspection(de_ctx, det_ctx, s, smd, - f, tx->response_buffer, tx->response_buffer_len, 0, - DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL); - } - - SCLogNotice("Returning %d.", ret); - return ret; -} diff --git a/src/detect-engine-template.h b/src/detect-engine-template.h deleted file mode 100644 index fb836f0702..0000000000 --- a/src/detect-engine-template.h +++ /dev/null @@ -1,32 +0,0 @@ -/* Copyright (C) 2015 Open Information Security Foundation - * - * You can copy, redistribute or modify this Program under the terms of - * the GNU General Public License version 2 as published by the Free - * Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * version 2 along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -/** - * \file - * - * \author FirstName LastName - */ - -#ifndef __DETECT_TEMPLATE_ENGINE_H__ -#define __DETECT_TEMPLATE_ENGINE_H__ - -int DetectEngineInspectTemplateBuffer(ThreadVars *, - DetectEngineCtx *, DetectEngineThreadCtx *, - const Signature *, const SigMatchData *, - Flow *, uint8_t, void *, void *tx, uint64_t tx_id); - -#endif /* __DETECT_TEMPLATE_ENGINE_H__ */ diff --git a/src/detect-template-buffer.c b/src/detect-template-buffer.c index 46f824503c..ad6066688b 100644 --- a/src/detect-template-buffer.c +++ b/src/detect-template-buffer.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2015 Open Information Security Foundation +/* Copyright (C) 2015-2017 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -33,12 +33,17 @@ #include "suricata-common.h" #include "conf.h" #include "detect.h" +#include "detect-parse.h" #include "detect-engine.h" +#include "detect-engine-content-inspection.h" #include "app-layer-template.h" -#include "detect-engine-template.h" #include "detect-template-buffer.h" static int DetectTemplateBufferSetup(DetectEngineCtx *, Signature *, const char *); +static int DetectEngineInspectTemplateBuffer(ThreadVars *tv, + DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, + const Signature *s, const SigMatchData *smd, + Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); static void DetectTemplateBufferRegisterTests(void); static int g_template_buffer_id = 0; @@ -75,10 +80,36 @@ static int DetectTemplateBufferSetup(DetectEngineCtx *de_ctx, Signature *s, const char *str) { s->init_data->list = g_template_buffer_id; - s->alproto = ALPROTO_TEMPLATE; + + if (DetectSignatureSetAppProto(s, ALPROTO_TEMPLATE) != 0) + return -1; + return 0; } +static int DetectEngineInspectTemplateBuffer(ThreadVars *tv, + DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, + const Signature *s, const SigMatchData *smd, + Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) +{ + TemplateTransaction *tx = (TemplateTransaction *)txv; + int ret = 0; + + if (flags & STREAM_TOSERVER && tx->request_buffer != NULL) { + ret = DetectEngineContentInspection(de_ctx, det_ctx, s, smd, + f, tx->request_buffer, tx->request_buffer_len, 0, + DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL); + } + else if (flags & STREAM_TOCLIENT && tx->response_buffer != NULL) { + ret = DetectEngineContentInspection(de_ctx, det_ctx, s, smd, + f, tx->response_buffer, tx->response_buffer_len, 0, + DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL); + } + + SCLogNotice("Returning %d.", ret); + return ret; +} + #ifdef UNITTESTS #include "util-unittest.h" diff --git a/src/detect-template-buffer.h b/src/detect-template-buffer.h index 4385e44308..c23062a406 100644 --- a/src/detect-template-buffer.h +++ b/src/detect-template-buffer.h @@ -1,4 +1,4 @@ -/* Copyright (C) 2015 Open Information Security Foundation +/* Copyright (C) 2015-2017 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free diff --git a/src/detect-template.c b/src/detect-template.c index f9c7aad468..cb6bb5223d 100644 --- a/src/detect-template.c +++ b/src/detect-template.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2015-2016 Open Information Security Foundation +/* Copyright (C) 2015-2017 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free diff --git a/src/detect-template.h b/src/detect-template.h index 6b2b4435ef..7e4aa75834 100644 --- a/src/detect-template.h +++ b/src/detect-template.h @@ -1,4 +1,4 @@ -/* Copyright (C) 2015-2016 Open Information Security Foundation +/* Copyright (C) 2015-2017 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free