template: dynamic buffer

8 years ago · 40851eecf0
parent 815120896b
commit 40851eecf0
4 changed files with 9 additions and 12 deletions
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@ -2808,9 +2808,6 @@ const char *DetectSigmatchListEnumToString(enum DetectSigmatchListEnum type)
        case DETECT_SM_LIST_BASE64_DATA:
            return "base64_data";

-        case DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH:
-            return "template_buffer";
-
        case DETECT_SM_LIST_POSTMATCH:
            return "post-match";

@ -2819,6 +2816,7 @@ const char *DetectSigmatchListEnumToString(enum DetectSigmatchListEnum type)
        case DETECT_SM_LIST_THRESHOLD:
            return "threshold";

+        case DETECT_SM_LIST_BUILTIN_MAX:
        case DETECT_SM_LIST_MAX:
            return "max (internal)";
        case DETECT_SM_LIST_NOTSET:
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@ -144,7 +144,6 @@ const char *DetectListToHumanString(int list)
        CASE_CODE_STRING(DETECT_SM_LIST_AMATCH, "app-layer");
        CASE_CODE_STRING(DETECT_SM_LIST_DMATCH, "dcerpc");
        CASE_CODE_STRING(DETECT_SM_LIST_TMATCH, "tag");
-        CASE_CODE_STRING(DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH, "template");
        CASE_CODE_STRING(DETECT_SM_LIST_POSTMATCH, "postmatch");
        CASE_CODE_STRING(DETECT_SM_LIST_SUPPRESS, "suppress");
        CASE_CODE_STRING(DETECT_SM_LIST_THRESHOLD, "threshold");
@ -164,7 +163,6 @@ const char *DetectListToString(int list)
        CASE_CODE(DETECT_SM_LIST_AMATCH);
        CASE_CODE(DETECT_SM_LIST_DMATCH);
        CASE_CODE(DETECT_SM_LIST_TMATCH);
-        CASE_CODE(DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH);
        CASE_CODE(DETECT_SM_LIST_POSTMATCH);
        CASE_CODE(DETECT_SM_LIST_SUPPRESS);
        CASE_CODE(DETECT_SM_LIST_THRESHOLD);
--- a/src/detect-template-buffer.c
+++ b/src/detect-template-buffer.c
@ -39,6 +39,7 @@

 static int DetectTemplateBufferSetup(DetectEngineCtx *, Signature *, char *);
 static void DetectTemplateBufferRegisterTests(void);
+static int g_template_buffer_id = 0;

 void DetectTemplateBufferRegister(void)
 {
@ -58,20 +59,22 @@ void DetectTemplateBufferRegister(void)
    sigmatch_table[DETECT_AL_TEMPLATE_BUFFER].flags |= SIGMATCH_PAYLOAD;

    /* register inspect engines */
-    DetectAppLayerInspectEngineRegister(ALPROTO_TEMPLATE, SIG_FLAG_TOSERVER,
-            DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH,
+    DetectAppLayerInspectEngineRegister2("template_buffer",
+            ALPROTO_TEMPLATE, SIG_FLAG_TOSERVER,
            DetectEngineInspectTemplateBuffer);
-    DetectAppLayerInspectEngineRegister(ALPROTO_TEMPLATE, SIG_FLAG_TOCLIENT,
-            DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH,
+    DetectAppLayerInspectEngineRegister2("template_buffer",
+            ALPROTO_TEMPLATE, SIG_FLAG_TOCLIENT,
            DetectEngineInspectTemplateBuffer);

+    g_template_buffer_id = DetectBufferTypeGetByName("template_buffer");
+
    SCLogNotice("Template application layer detect registered.");
 }

 static int DetectTemplateBufferSetup(DetectEngineCtx *de_ctx, Signature *s,
    char *str)
 {
-    s->init_data->list = DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH;
+    s->init_data->list = g_template_buffer_id;
    s->alproto = ALPROTO_TEMPLATE;
    return 0;
 }
--- a/src/detect.h
+++ b/src/detect.h
@ -115,8 +115,6 @@ enum DetectSigmatchListEnum {

    DETECT_SM_LIST_BUILTIN_MAX,

-    DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH = DETECT_SM_LIST_BUILTIN_MAX,
-
    DETECT_SM_LIST_MAX,

 };