http_request_line: dynamic buffer

9 years ago · 7052f9b933
parent 779d40cedf
commit 7052f9b933
5 changed files with 27 additions and 19 deletions
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@ -2824,8 +2824,6 @@ const char *DetectSigmatchListEnumToString(enum DetectSigmatchListEnum type)
            return "http cookie";
        case DETECT_SM_LIST_HUADMATCH:
            return "http user-agent";
-        case DETECT_SM_LIST_HTTP_REQLINEMATCH:
-            return "http request line";
        case DETECT_SM_LIST_HTTP_RESLINEMATCH:
            return "http response line";
        case DETECT_SM_LIST_APP_EVENT:
--- a/src/detect-http-request-line.c
+++ b/src/detect-http-request-line.c
@ -60,14 +60,15 @@
 #include "stream-tcp.h"
 #include "detect-http-request-line.h"

-int DetectHttpRequestLineSetup(DetectEngineCtx *, Signature *, char *);
-void DetectHttpRequestLineRegisterTests(void);
-void DetectHttpRequestLineFree(void *);
+static int DetectHttpRequestLineSetup(DetectEngineCtx *, Signature *, char *);
+static void DetectHttpRequestLineRegisterTests(void);
 static int PrefilterTxHttpRequestLineRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
 static int DetectEngineInspectHttpRequestLine(ThreadVars *tv,
        DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
        const Signature *s, const SigMatchData *smd,
        Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
+static void DetectHttpRequestLineSetupCallback(Signature *s);
+static int g_http_request_line_buffer_id = 0;

 /**
 * \brief Registers the keyword handlers for the "http_request_line" keyword.
@ -85,15 +86,20 @@ void DetectHttpRequestLineRegister(void)
    sigmatch_table[DETECT_AL_HTTP_REQUEST_LINE].flags |= SIGMATCH_NOOPT;
    sigmatch_table[DETECT_AL_HTTP_REQUEST_LINE].flags |= SIGMATCH_PAYLOAD ;

-    DetectMpmAppLayerRegister("http_request_line", SIG_FLAG_TOSERVER,
-            DETECT_SM_LIST_HTTP_REQLINEMATCH, 2,
+    DetectAppLayerMpmRegister("http_request_line", SIG_FLAG_TOSERVER, 2,
            PrefilterTxHttpRequestLineRegister);

-    DetectAppLayerInspectEngineRegister(ALPROTO_HTTP, SIG_FLAG_TOSERVER,
-            DETECT_SM_LIST_HTTP_REQLINEMATCH,
+    DetectAppLayerInspectEngineRegister2("http_request_line",
+            ALPROTO_HTTP, SIG_FLAG_TOSERVER,
            DetectEngineInspectHttpRequestLine);

-    return;
+    DetectBufferTypeSetDescriptionByName("http_request_line",
+            "http request line");
+
+    DetectBufferTypeRegisterSetupCallback("http_request_line",
+            DetectHttpRequestLineSetupCallback);
+
+    g_http_request_line_buffer_id = DetectBufferTypeGetByName("http_request_line");
 }

 /**
@ -109,13 +115,19 @@ void DetectHttpRequestLineRegister(void)
 * \retval  0 On success
 * \retval -1 On failure
 */
-int DetectHttpRequestLineSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg)
+static int DetectHttpRequestLineSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg)
 {
-    s->init_data->list = DETECT_SM_LIST_HTTP_REQLINEMATCH;
+    s->init_data->list = g_http_request_line_buffer_id;
    s->alproto = ALPROTO_HTTP;
    return 0;
 }

+static void DetectHttpRequestLineSetupCallback(Signature *s)
+{
+    SCLogDebug("callback invoked by %u", s->id);
+    s->mask |= SIG_MASK_REQUIRE_HTTP_STATE;
+}
+
 /** \brief HTTP request line Mpm prefilter callback
 *
 *  \param det_ctx detection engine thread ctx
@ -308,7 +320,7 @@ static int DetectHttpRequestLineTest02(void)

 #endif /* UNITTESTS */

-void DetectHttpRequestLineRegisterTests(void)
+static void DetectHttpRequestLineRegisterTests(void)
 {
 #ifdef UNITTESTS
    UtRegisterTest("DetectHttpRequestLineTest01", DetectHttpRequestLineTest01);
--- a/src/detect-lua.c
+++ b/src/detect-lua.c
@ -1009,8 +1009,10 @@ static int DetectLuaSetup (DetectEngineCtx *de_ctx, Signature *s, char *str)
            SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_HRHDMATCH);
        else if (lua->flags & DATATYPE_HTTP_RESPONSE_COOKIE)
            SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_HCDMATCH);
-        else
-            SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_HTTP_REQLINEMATCH);
+        else {
+            int list = DetectBufferTypeGetByName("http_request_line");
+            SigMatchAppendSMToList(s, sm, list);
+        }
    } else if (lua->alproto == ALPROTO_DNS) {
        if (lua->flags & DATATYPE_DNS_RRNAME) {
            SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_DNSQUERYNAME_MATCH);
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@ -154,7 +154,6 @@ const char *DetectListToHumanString(int list)
        CASE_CODE_STRING(DETECT_SM_LIST_HMDMATCH, "http_method");
        CASE_CODE_STRING(DETECT_SM_LIST_HCDMATCH, "http_cookie");
        CASE_CODE_STRING(DETECT_SM_LIST_HUADMATCH, "http_user_agent");
-        CASE_CODE_STRING(DETECT_SM_LIST_HTTP_REQLINEMATCH, "http_request_line");
        CASE_CODE_STRING(DETECT_SM_LIST_HTTP_RESLINEMATCH, "http_response_line");
        CASE_CODE_STRING(DETECT_SM_LIST_APP_EVENT, "app-layer-event");
        CASE_CODE_STRING(DETECT_SM_LIST_AMATCH, "app-layer");
@ -199,7 +198,6 @@ const char *DetectListToString(int list)
        CASE_CODE(DETECT_SM_LIST_HMDMATCH);
        CASE_CODE(DETECT_SM_LIST_HCDMATCH);
        CASE_CODE(DETECT_SM_LIST_HUADMATCH);
-        CASE_CODE(DETECT_SM_LIST_HTTP_REQLINEMATCH);
        CASE_CODE(DETECT_SM_LIST_HTTP_RESLINEMATCH);
        CASE_CODE(DETECT_SM_LIST_APP_EVENT);
        CASE_CODE(DETECT_SM_LIST_AMATCH);
--- a/src/detect.h
+++ b/src/detect.h
@ -141,8 +141,6 @@ enum DetectSigmatchListEnum {
    DETECT_SM_LIST_HCDMATCH,
    /* list for http_user_agent keyword and the ones relative to it */
    DETECT_SM_LIST_HUADMATCH,
-    /* list for http_request_line keyword and the ones relative to it */
-    DETECT_SM_LIST_HTTP_REQLINEMATCH,
    /* list for http_response_line keyword and the ones relative to it */
    DETECT_SM_LIST_HTTP_RESLINEMATCH,
    /* app event engine sm list */