aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge SIG_FLAG_MPM_HTTP and SIG_FLAG_MPM_DNS into SIG_FLAG_MPM_APPLAYER, do the same for the _NEG variant.

Browse Source
pull/412/merge
Victor Julien 12 years ago
parent 43ba5a677e
commit 6645620c03
3 changed files with 33 additions and 40 deletions
Show Stats Download Patch File Download Diff File

56
src/detect-engine-mpm.c
Unescape Escape View File

@ -1564,126 +1564,126 @@ static void PopulateMpmAddPatternToMpm(DetectEngineCtx *de_ctx,
if (s->flags & SIG_FLAG_TOCLIENT)
mpm_ctx_tc = sgh->mpm_uri_ctx_tc;
sgh_flags = SIG_GROUP_HEAD_MPM_URI;
sig_flags |= SIG_FLAG_MPM_HTTP;
sig_flags |= SIG_FLAG_MPM_APPLAYER;
if (cd->flags & DETECT_CONTENT_NEGATED)
sig_flags |= SIG_FLAG_MPM_HTTP_NEG;
sig_flags |= SIG_FLAG_MPM_APPLAYER_NEG;
} else if (sm_list == DETECT_SM_LIST_HCBDMATCH) {
if (s->flags & SIG_FLAG_TOSERVER)
mpm_ctx_ts = sgh->mpm_hcbd_ctx_ts;
if (s->flags & SIG_FLAG_TOCLIENT)
mpm_ctx_tc = sgh->mpm_hcbd_ctx_tc;
sgh_flags = SIG_GROUP_HEAD_MPM_HCBD;
sig_flags |= SIG_FLAG_MPM_HTTP;
sig_flags |= SIG_FLAG_MPM_APPLAYER;
if (cd->flags & DETECT_CONTENT_NEGATED)
sig_flags |= SIG_FLAG_MPM_HTTP_NEG;
sig_flags |= SIG_FLAG_MPM_APPLAYER_NEG;
} else if (sm_list == DETECT_SM_LIST_HSBDMATCH) {
if (s->flags & SIG_FLAG_TOSERVER)
mpm_ctx_ts = sgh->mpm_hsbd_ctx_ts;
if (s->flags & SIG_FLAG_TOCLIENT)
mpm_ctx_tc = sgh->mpm_hsbd_ctx_tc;
sgh_flags = SIG_GROUP_HEAD_MPM_HSBD;
sig_flags |= SIG_FLAG_MPM_HTTP;
sig_flags |= SIG_FLAG_MPM_APPLAYER;
if (cd->flags & DETECT_CONTENT_NEGATED)
sig_flags |= SIG_FLAG_MPM_HTTP_NEG;
sig_flags |= SIG_FLAG_MPM_APPLAYER_NEG;
} else if (sm_list == DETECT_SM_LIST_HHDMATCH) {
if (s->flags & SIG_FLAG_TOSERVER)
mpm_ctx_ts = sgh->mpm_hhd_ctx_ts;
if (s->flags & SIG_FLAG_TOCLIENT)
mpm_ctx_tc = sgh->mpm_hhd_ctx_tc;
sgh_flags = SIG_GROUP_HEAD_MPM_HHD;
sig_flags |= SIG_FLAG_MPM_HTTP;
sig_flags |= SIG_FLAG_MPM_APPLAYER;
if (cd->flags & DETECT_CONTENT_NEGATED)
sig_flags |= SIG_FLAG_MPM_HTTP_NEG;
sig_flags |= SIG_FLAG_MPM_APPLAYER_NEG;
} else if (sm_list == DETECT_SM_LIST_HRHDMATCH) {
if (s->flags & SIG_FLAG_TOSERVER)
mpm_ctx_ts = sgh->mpm_hrhd_ctx_ts;
if (s->flags & SIG_FLAG_TOCLIENT)
mpm_ctx_tc = sgh->mpm_hrhd_ctx_tc;
sgh_flags = SIG_GROUP_HEAD_MPM_HRHD;
sig_flags |= SIG_FLAG_MPM_HTTP;
sig_flags |= SIG_FLAG_MPM_APPLAYER;
if (cd->flags & DETECT_CONTENT_NEGATED)
sig_flags |= SIG_FLAG_MPM_HTTP_NEG;
sig_flags |= SIG_FLAG_MPM_APPLAYER_NEG;
} else if (sm_list == DETECT_SM_LIST_HMDMATCH) {
if (s->flags & SIG_FLAG_TOSERVER)
mpm_ctx_ts = sgh->mpm_hmd_ctx_ts;
if (s->flags & SIG_FLAG_TOCLIENT)
mpm_ctx_tc = sgh->mpm_hmd_ctx_tc;
sgh_flags = SIG_GROUP_HEAD_MPM_HMD;
sig_flags |= SIG_FLAG_MPM_HTTP;
sig_flags |= SIG_FLAG_MPM_APPLAYER;
if (cd->flags & DETECT_CONTENT_NEGATED)
sig_flags |= SIG_FLAG_MPM_HTTP_NEG;
sig_flags |= SIG_FLAG_MPM_APPLAYER_NEG;
} else if (sm_list == DETECT_SM_LIST_HCDMATCH) {
if (s->flags & SIG_FLAG_TOSERVER)
mpm_ctx_ts = sgh->mpm_hcd_ctx_ts;
if (s->flags & SIG_FLAG_TOCLIENT)
mpm_ctx_tc = sgh->mpm_hcd_ctx_tc;
sgh_flags = SIG_GROUP_HEAD_MPM_HCD;
sig_flags |= SIG_FLAG_MPM_HTTP;
sig_flags |= SIG_FLAG_MPM_APPLAYER;
if (cd->flags & DETECT_CONTENT_NEGATED)
sig_flags |= SIG_FLAG_MPM_HTTP_NEG;
sig_flags |= SIG_FLAG_MPM_APPLAYER_NEG;
} else if (sm_list == DETECT_SM_LIST_HRUDMATCH) {
if (s->flags & SIG_FLAG_TOSERVER)
mpm_ctx_ts = sgh->mpm_hrud_ctx_ts;
if (s->flags & SIG_FLAG_TOCLIENT)
mpm_ctx_tc = sgh->mpm_hrud_ctx_tc;
sgh_flags = SIG_GROUP_HEAD_MPM_HRUD;
sig_flags |= SIG_FLAG_MPM_HTTP;
sig_flags |= SIG_FLAG_MPM_APPLAYER;
if (cd->flags & DETECT_CONTENT_NEGATED)
sig_flags |= SIG_FLAG_MPM_HTTP_NEG;
sig_flags |= SIG_FLAG_MPM_APPLAYER_NEG;
} else if (sm_list == DETECT_SM_LIST_HSMDMATCH) {
if (s->flags & SIG_FLAG_TOSERVER)
mpm_ctx_ts = sgh->mpm_hsmd_ctx_ts;
if (s->flags & SIG_FLAG_TOCLIENT)
mpm_ctx_tc = sgh->mpm_hsmd_ctx_tc;
sgh_flags = SIG_GROUP_HEAD_MPM_HSMD;
sig_flags |= SIG_FLAG_MPM_HTTP;
sig_flags |= SIG_FLAG_MPM_APPLAYER;
if (cd->flags & DETECT_CONTENT_NEGATED)
sig_flags |= SIG_FLAG_MPM_HTTP_NEG;
sig_flags |= SIG_FLAG_MPM_APPLAYER_NEG;
} else if (sm_list == DETECT_SM_LIST_HSCDMATCH) {
if (s->flags & SIG_FLAG_TOSERVER)
mpm_ctx_ts = sgh->mpm_hscd_ctx_ts;
if (s->flags & SIG_FLAG_TOCLIENT)
mpm_ctx_tc = sgh->mpm_hscd_ctx_tc;
sgh_flags = SIG_GROUP_HEAD_MPM_HSCD;
sig_flags |= SIG_FLAG_MPM_HTTP;
sig_flags |= SIG_FLAG_MPM_APPLAYER;
if (cd->flags & DETECT_CONTENT_NEGATED)
sig_flags |= SIG_FLAG_MPM_HTTP_NEG;
sig_flags |= SIG_FLAG_MPM_APPLAYER_NEG;
} else if (sm_list == DETECT_SM_LIST_HUADMATCH) {
if (s->flags & SIG_FLAG_TOSERVER)
mpm_ctx_ts = sgh->mpm_huad_ctx_ts;
if (s->flags & SIG_FLAG_TOCLIENT)
mpm_ctx_tc = sgh->mpm_huad_ctx_tc;
sgh_flags = SIG_GROUP_HEAD_MPM_HUAD;
sig_flags |= SIG_FLAG_MPM_HTTP;
sig_flags |= SIG_FLAG_MPM_APPLAYER;
if (cd->flags & DETECT_CONTENT_NEGATED)
sig_flags |= SIG_FLAG_MPM_HTTP_NEG;
sig_flags |= SIG_FLAG_MPM_APPLAYER_NEG;
} else if (sm_list == DETECT_SM_LIST_HHHDMATCH) {
if (s->flags & SIG_FLAG_TOSERVER)
mpm_ctx_ts = sgh->mpm_hhhd_ctx_ts;
if (s->flags & SIG_FLAG_TOCLIENT)
mpm_ctx_tc = sgh->mpm_hhhd_ctx_tc;
sgh_flags = SIG_GROUP_HEAD_MPM_HHHD;
sig_flags |= SIG_FLAG_MPM_HTTP;
sig_flags |= SIG_FLAG_MPM_APPLAYER;
if (cd->flags & DETECT_CONTENT_NEGATED)
sig_flags |= SIG_FLAG_MPM_HTTP_NEG;
sig_flags |= SIG_FLAG_MPM_APPLAYER_NEG;
} else if (sm_list == DETECT_SM_LIST_HRHHDMATCH) {
if (s->flags & SIG_FLAG_TOSERVER)
mpm_ctx_ts = sgh->mpm_hrhhd_ctx_ts;
if (s->flags & SIG_FLAG_TOCLIENT)
mpm_ctx_tc = sgh->mpm_hrhhd_ctx_tc;
sgh_flags = SIG_GROUP_HEAD_MPM_HRHHD;
sig_flags |= SIG_FLAG_MPM_HTTP;
sig_flags |= SIG_FLAG_MPM_APPLAYER;
if (cd->flags & DETECT_CONTENT_NEGATED)
sig_flags |= SIG_FLAG_MPM_HTTP_NEG;
sig_flags |= SIG_FLAG_MPM_APPLAYER_NEG;
} else if (sm_list == DETECT_SM_LIST_DNSQUERY_MATCH) {
if (s->flags & SIG_FLAG_TOSERVER)
mpm_ctx_ts = sgh->mpm_dnsquery_ctx_ts;
if (s->flags & SIG_FLAG_TOCLIENT)
mpm_ctx_tc = NULL;
sgh_flags = SIG_GROUP_HEAD_MPM_DNSQUERY;
sig_flags |= SIG_FLAG_MPM_DNS;
sig_flags |= SIG_FLAG_MPM_APPLAYER;
if (cd->flags & DETECT_CONTENT_NEGATED)
sig_flags |= SIG_FLAG_MPM_DNS_NEG;
sig_flags |= SIG_FLAG_MPM_APPLAYER_NEG;
}
if (cd->flags & DETECT_CONTENT_FAST_PATTERN_CHOP) {

10
src/detect.c
Unescape Escape View File

@ -528,7 +528,7 @@ static inline int SigMatchSignaturesBuildMatchArrayAddSignature(DetectEngineThre
}
/* check for a pattern match of the one pattern in this sig. */
if (likely(s->flags & (SIG_FLAG_MPM_PACKET|SIG_FLAG_MPM_STREAM|SIG_FLAG_MPM_HTTP|SIG_FLAG_MPM_DNS)))
if (likely(s->flags & (SIG_FLAG_MPM_PACKET|SIG_FLAG_MPM_STREAM|SIG_FLAG_MPM_APPLAYER)))
{
/* filter out sigs that want pattern matches, but
* have no matches */
@ -543,12 +543,8 @@ static inline int SigMatchSignaturesBuildMatchArrayAddSignature(DetectEngineThre
if (!(s->flags & SIG_FLAG_MPM_STREAM_NEG)) {
return 0;
}
} else if (s->flags & SIG_FLAG_MPM_HTTP) {
if (!(s->flags & SIG_FLAG_MPM_HTTP_NEG)) {
return 0;
}
} else if (s->flags & SIG_FLAG_MPM_DNS) {
if (!(s->flags & SIG_FLAG_MPM_DNS_NEG)) {
} else if (s->flags & SIG_FLAG_MPM_APPLAYER) {
if (!(s->flags & SIG_FLAG_MPM_APPLAYER_NEG)) {
return 0;
}
}

7
src/detect.h
Unescape Escape View File

@ -259,8 +259,8 @@ typedef struct DetectPort_ {
#define SIG_FLAG_MPM_PACKET_NEG (1<<12)
#define SIG_FLAG_MPM_STREAM (1<<13)
#define SIG_FLAG_MPM_STREAM_NEG (1<<14)
#define SIG_FLAG_MPM_HTTP (1<<15)
#define SIG_FLAG_MPM_HTTP_NEG (1<<16)
#define SIG_FLAG_MPM_APPLAYER (1<<15)
#define SIG_FLAG_MPM_APPLAYER_NEG (1<<16)
#define SIG_FLAG_REQUIRE_FLOWVAR (1<<17) /**< signature can only match if a flowbit, flowvar or flowint is available. */
@ -271,9 +271,6 @@ typedef struct DetectPort_ {
#define SIG_FLAG_TLSSTORE (1<<21)
#define SIG_FLAG_MPM_DNS (1<<22)
#define SIG_FLAG_MPM_DNS_NEG (1<<23)
/* signature init flags */
#define SIG_FLAG_INIT_DEONLY 1 /**< decode event only signature */
#define SIG_FLAG_INIT_PACKET (1<<1) /**< signature has matches against a packet (as opposed to app layer) */

Write Preview
Loading…
Cancel
Save