detect: remove AppLayerMatch API call

9 years ago · 775e182531
parent f018ae94b0
commit 775e182531
32 changed files with 4 additions and 141 deletions
--- a/src/detect-bypass.c
+++ b/src/detect-bypass.c
@ -63,7 +63,6 @@ void DetectBypassRegister(void)
    sigmatch_table[DETECT_BYPASS].desc = "call the bypass callback when the match of a sig is complete";
    sigmatch_table[DETECT_BYPASS].url = "";
    sigmatch_table[DETECT_BYPASS].Match = DetectBypassMatch;
-    sigmatch_table[DETECT_BYPASS].AppLayerMatch = NULL;
    sigmatch_table[DETECT_BYPASS].Setup = DetectBypassSetup;
    sigmatch_table[DETECT_BYPASS].Free  = NULL;
    sigmatch_table[DETECT_BYPASS].RegisterTests = DetectBypassRegisterTests;
--- a/src/detect-byte-extract.c
+++ b/src/detect-byte-extract.c
@ -100,7 +100,6 @@ void DetectByteExtractRegister(void)
 {
    sigmatch_table[DETECT_BYTE_EXTRACT].name = "byte_extract";
    sigmatch_table[DETECT_BYTE_EXTRACT].Match = NULL;
-    sigmatch_table[DETECT_BYTE_EXTRACT].AppLayerMatch = NULL;
    sigmatch_table[DETECT_BYTE_EXTRACT].Setup = DetectByteExtractSetup;
    sigmatch_table[DETECT_BYTE_EXTRACT].Free = DetectByteExtractFree;
    sigmatch_table[DETECT_BYTE_EXTRACT].RegisterTests = DetectByteExtractRegisterTests;
--- a/src/detect-cipservice.c
+++ b/src/detect-cipservice.c
@ -53,7 +53,6 @@ void DetectCipServiceRegister(void)
    sigmatch_table[DETECT_CIPSERVICE].name = "cip_service"; //rule keyword
    sigmatch_table[DETECT_CIPSERVICE].desc = "Rules for detecting CIP Service ";
    sigmatch_table[DETECT_CIPSERVICE].Match = NULL;
-    sigmatch_table[DETECT_CIPSERVICE].AppLayerMatch = NULL;
    sigmatch_table[DETECT_CIPSERVICE].Setup = DetectCipServiceSetup;
    sigmatch_table[DETECT_CIPSERVICE].Free = DetectCipServiceFree;
    sigmatch_table[DETECT_CIPSERVICE].RegisterTests
@ -315,7 +314,6 @@ void DetectEnipCommandRegister(void)
    sigmatch_table[DETECT_ENIPCOMMAND].desc
            = "Rules for detecting EtherNet/IP command";
    sigmatch_table[DETECT_ENIPCOMMAND].Match = NULL;
-    sigmatch_table[DETECT_ENIPCOMMAND].AppLayerMatch = NULL;
    sigmatch_table[DETECT_ENIPCOMMAND].Setup = DetectEnipCommandSetup;
    sigmatch_table[DETECT_ENIPCOMMAND].Free = DetectEnipCommandFree;
    sigmatch_table[DETECT_ENIPCOMMAND].RegisterTests
--- a/src/detect-dce-stub-data.c
+++ b/src/detect-dce-stub-data.c
@ -59,7 +59,6 @@ void DetectDceStubDataRegister(void)
 {
    sigmatch_table[DETECT_DCE_STUB_DATA].name = "dce_stub_data";
    sigmatch_table[DETECT_DCE_STUB_DATA].Match = NULL;
-    sigmatch_table[DETECT_DCE_STUB_DATA].AppLayerMatch = NULL;
    sigmatch_table[DETECT_DCE_STUB_DATA].Setup = DetectDceStubDataSetup;
    sigmatch_table[DETECT_DCE_STUB_DATA].Free  = NULL;
    sigmatch_table[DETECT_DCE_STUB_DATA].RegisterTests = DetectDceStubDataRegisterTests;
--- a/src/detect-dnp3.c
+++ b/src/detect-dnp3.c
@ -482,7 +482,6 @@ static void DetectDNP3FuncRegister(void)
    sigmatch_table[DETECT_AL_DNP3FUNC].name          = "dnp3_func";
    sigmatch_table[DETECT_AL_DNP3FUNC].alias         = "dnp3.func";
    sigmatch_table[DETECT_AL_DNP3FUNC].Match         = NULL;
-    sigmatch_table[DETECT_AL_DNP3FUNC].AppLayerMatch = NULL;
    sigmatch_table[DETECT_AL_DNP3FUNC].AppLayerTxMatch = DetectDNP3FuncMatch;
    sigmatch_table[DETECT_AL_DNP3FUNC].Setup         = DetectDNP3FuncSetup;
    sigmatch_table[DETECT_AL_DNP3FUNC].Free          = DetectDNP3Free;
@ -499,7 +498,6 @@ static void DetectDNP3IndRegister(void)
    sigmatch_table[DETECT_AL_DNP3IND].name          = "dnp3_ind";
    sigmatch_table[DETECT_AL_DNP3IND].alias         = "dnp3.ind";
    sigmatch_table[DETECT_AL_DNP3IND].Match         = NULL;
-    sigmatch_table[DETECT_AL_DNP3IND].AppLayerMatch = NULL;
    sigmatch_table[DETECT_AL_DNP3IND].AppLayerTxMatch = DetectDNP3IndMatch;
    sigmatch_table[DETECT_AL_DNP3IND].Setup         = DetectDNP3IndSetup;
    sigmatch_table[DETECT_AL_DNP3IND].Free          = DetectDNP3Free;
@ -516,7 +514,6 @@ static void DetectDNP3ObjRegister(void)
    sigmatch_table[DETECT_AL_DNP3OBJ].name          = "dnp3_obj";
    sigmatch_table[DETECT_AL_DNP3OBJ].alias         = "dnp3.obj";
    sigmatch_table[DETECT_AL_DNP3OBJ].Match         = NULL;
-    sigmatch_table[DETECT_AL_DNP3OBJ].AppLayerMatch = NULL;
    sigmatch_table[DETECT_AL_DNP3OBJ].AppLayerTxMatch = DetectDNP3ObjMatch;
    sigmatch_table[DETECT_AL_DNP3OBJ].Setup         = DetectDNP3ObjSetup;
    sigmatch_table[DETECT_AL_DNP3OBJ].Free          = DetectDNP3Free;
@ -540,7 +537,6 @@ static void DetectDNP3DataRegister(void)

    sigmatch_table[DETECT_AL_DNP3DATA].name          = "dnp3_data";
    sigmatch_table[DETECT_AL_DNP3DATA].Match         = NULL;
-    sigmatch_table[DETECT_AL_DNP3DATA].AppLayerMatch = NULL;
    sigmatch_table[DETECT_AL_DNP3DATA].Setup         = DetectDNP3DataSetup;
    sigmatch_table[DETECT_AL_DNP3DATA].Free          = NULL;
    sigmatch_table[DETECT_AL_DNP3DATA].RegisterTests =
--- a/src/detect-dns-query.c
+++ b/src/detect-dns-query.c
@ -70,7 +70,6 @@ void DetectDnsQueryRegister (void)
    sigmatch_table[DETECT_AL_DNS_QUERY].name = "dns_query";
    sigmatch_table[DETECT_AL_DNS_QUERY].desc = "content modifier to match specifically and only on the DNS query-buffer";
    sigmatch_table[DETECT_AL_DNS_QUERY].Match = NULL;
-    sigmatch_table[DETECT_AL_DNS_QUERY].AppLayerMatch = NULL;
    sigmatch_table[DETECT_AL_DNS_QUERY].Setup = DetectDnsQuerySetup;
    sigmatch_table[DETECT_AL_DNS_QUERY].Free  = NULL;
    sigmatch_table[DETECT_AL_DNS_QUERY].RegisterTests = DetectDnsQueryRegisterTests;
--- a/src/detect-engine-state.c
+++ b/src/detect-engine-state.c
@ -635,57 +635,18 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
        }
    }

-    int amatch = 0;
-    /* flow based matches */
-    KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_AMATCH);
-    smd = s->sm_arrays[DETECT_SM_LIST_AMATCH];
-    if (smd != NULL) {
-        void *alstate = FlowGetAppState(f);
-        if (alstate == NULL) {
-            goto end;
-        }
-
-        while (1) {
-            if (sigmatch_table[smd->type].AppLayerMatch != NULL) {
-                int match = 0;
-                KEYWORD_PROFILING_START;
-                match = sigmatch_table[smd->type].
-                    AppLayerMatch(tv, det_ctx, f, flags, alstate, s, smd);
-                KEYWORD_PROFILING_END(det_ctx, smd->type, (match == 1));
-
-                if (match == 0) {
-                    break;
-                } else if (match == 2) {
-                    inspect_flags |= DE_STATE_FLAG_SIG_CANT_MATCH;
-                    break;
-                } else if (match == 1 && smd->is_last) {
-                    amatch = 1;
-                }
-            }
-            if (smd->is_last)
-                break;
-            smd++;
-        }
-    }
-
    /* if AMATCH and/or DMATCH are in use, see if we need to
     * alert and store the state */
-    if ((s->sm_arrays[DETECT_SM_LIST_AMATCH] != NULL ||
-         s->sm_arrays[DETECT_SM_LIST_DMATCH] != NULL))
+    if (s->sm_arrays[DETECT_SM_LIST_DMATCH] != NULL)
    {
-        /* if dmatch in use and match + amatch in use and match
-           or
-           if dmatch in use and match + amatch not in use
-           or
-           if dmatch not in use + amatch in use and match
+        /* if dmatch in use and match
           or
           sig can't match
         */
        if (inspect_flags & DE_STATE_FLAG_SIG_CANT_MATCH) {
            inspect_flags |= DE_STATE_FLAG_FULL_INSPECT;
        } else {
-            if ((amatch || s->sm_arrays[DETECT_SM_LIST_AMATCH] == NULL) &&
-                (dmatch || s->sm_arrays[DETECT_SM_LIST_DMATCH] == NULL))
+            if (dmatch || s->sm_arrays[DETECT_SM_LIST_DMATCH] == NULL)
            {
                if (!(s->flags & SIG_FLAG_NOALERT)) {
                    PacketAlertAppend(det_ctx, s, p, 0,
@ -936,45 +897,6 @@ static int DoInspectFlowRule(ThreadVars *tv,

    RULE_PROFILING_START(p);

-    KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_AMATCH);
-    if (item->nm != NULL) {
-        void *alstate = FlowGetAppState(f);
-        if (alstate == NULL) {
-            RULE_PROFILING_END(det_ctx, s, 0 /* no match */, p);
-            return -1;
-        }
-
-        smd = item->nm;
-        while(1) {
-            if (sigmatch_table[smd->type].AppLayerMatch != NULL) {
-                int match = 0;
-                KEYWORD_PROFILING_START;
-                match = sigmatch_table[smd->type].
-                    AppLayerMatch(tv, det_ctx, f, flags, alstate, s, smd);
-                KEYWORD_PROFILING_END(det_ctx, smd->type, (match == 1));
-
-                if (match == 0)
-                    break;
-                else if (match == 2) {
-                    inspect_flags |= DE_STATE_FLAG_SIG_CANT_MATCH;
-                    break;
-                }
-                else if (match == 1) {
-                    total_matches++;
-
-                    if (smd->is_last)
-                        full_match = 1;
-                }
-            }
-            if (smd->is_last)
-                break;
-            smd++;
-        }
-    } else {
-        /* AMATCH isn't there */
-        full_match = 1;
-    }
-
    /* DCERPC matches */
    if (s->sm_arrays[DETECT_SM_LIST_DMATCH] != NULL &&
            (alproto == ALPROTO_DCERPC || alproto == ALPROTO_SMB ||
@ -993,7 +915,7 @@ static int DoInspectFlowRule(ThreadVars *tv,
        }
    }
    /* update full_match with DMATCH result */
-    if (full_match && s->sm_arrays[DETECT_SM_LIST_DMATCH] != NULL) {
+    if (s->sm_arrays[DETECT_SM_LIST_DMATCH] != NULL) {
        full_match = ((inspect_flags & DE_STATE_FLAG_DCE_PAYLOAD_INSPECT) != 0);
    }

--- a/src/detect-file-data.c
+++ b/src/detect-file-data.c
@ -60,7 +60,6 @@ void DetectFiledataRegister(void)
    sigmatch_table[DETECT_FILE_DATA].desc = "make content keywords match on HTTP response body";
    sigmatch_table[DETECT_FILE_DATA].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#file-data";
    sigmatch_table[DETECT_FILE_DATA].Match = NULL;
-    sigmatch_table[DETECT_FILE_DATA].AppLayerMatch = NULL;
    sigmatch_table[DETECT_FILE_DATA].Setup = DetectFiledataSetup;
    sigmatch_table[DETECT_FILE_DATA].Free  = NULL;
    sigmatch_table[DETECT_FILE_DATA].RegisterTests = DetectFiledataRegisterTests;
--- a/src/detect-http-client-body.c
+++ b/src/detect-http-client-body.c
@ -73,7 +73,6 @@ void DetectHttpClientBodyRegister(void)
    sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].desc = "content modifier to match only on HTTP request-body";
    sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http_client-body";
    sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].Match = NULL;
-    sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].AppLayerMatch = NULL;
    sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].Setup = DetectHttpClientBodySetup;
    sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].Free  = DetectHttpClientBodyFree;
    sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].RegisterTests = DetectHttpClientBodyRegisterTests;
--- a/src/detect-http-cookie.c
+++ b/src/detect-http-cookie.c
@ -76,7 +76,6 @@ void DetectHttpCookieRegister(void)
    sigmatch_table[DETECT_AL_HTTP_COOKIE].desc = "content modifier to match only on the HTTP cookie-buffer";
    sigmatch_table[DETECT_AL_HTTP_COOKIE].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http-cookie";
    sigmatch_table[DETECT_AL_HTTP_COOKIE].Match = NULL;
-    sigmatch_table[DETECT_AL_HTTP_COOKIE].AppLayerMatch = NULL;
    sigmatch_table[DETECT_AL_HTTP_COOKIE].Setup = DetectHttpCookieSetup;
    sigmatch_table[DETECT_AL_HTTP_COOKIE].Free  = DetectHttpCookieFree;
    sigmatch_table[DETECT_AL_HTTP_COOKIE].RegisterTests = DetectHttpCookieRegisterTests;
--- a/src/detect-http-hh.c
+++ b/src/detect-http-hh.c
@ -74,7 +74,6 @@ void DetectHttpHHRegister(void)
    sigmatch_table[DETECT_AL_HTTP_HOST].name = "http_host";
    sigmatch_table[DETECT_AL_HTTP_HOST].desc = "content modifier to match only on the HTTP hostname";
    sigmatch_table[DETECT_AL_HTTP_HOST].Match = NULL;
-    sigmatch_table[DETECT_AL_HTTP_HOST].AppLayerMatch = NULL;
    sigmatch_table[DETECT_AL_HTTP_HOST].Setup = DetectHttpHHSetup;
    sigmatch_table[DETECT_AL_HTTP_HOST].Free  = DetectHttpHHFree;
    sigmatch_table[DETECT_AL_HTTP_HOST].RegisterTests = DetectHttpHHRegisterTests;
--- a/src/detect-http-hrh.c
+++ b/src/detect-http-hrh.c
@ -73,7 +73,6 @@ void DetectHttpHRHRegister(void)
    sigmatch_table[DETECT_AL_HTTP_RAW_HOST].name = "http_raw_host";
    sigmatch_table[DETECT_AL_HTTP_RAW_HOST].desc = "content modifier to match only on the HTTP host header or the raw hostname from the HTTP uri";
    sigmatch_table[DETECT_AL_HTTP_RAW_HOST].Match = NULL;
-    sigmatch_table[DETECT_AL_HTTP_RAW_HOST].AppLayerMatch = NULL;
    sigmatch_table[DETECT_AL_HTTP_RAW_HOST].Setup = DetectHttpHRHSetup;
    sigmatch_table[DETECT_AL_HTTP_RAW_HOST].Free  = DetectHttpHRHFree;
    sigmatch_table[DETECT_AL_HTTP_RAW_HOST].RegisterTests = DetectHttpHRHRegisterTests;
--- a/src/detect-http-method.c
+++ b/src/detect-http-method.c
@ -76,7 +76,6 @@ void DetectHttpMethodRegister(void)
    sigmatch_table[DETECT_AL_HTTP_METHOD].desc = "content modifier to match only on the HTTP method-buffer";
    sigmatch_table[DETECT_AL_HTTP_METHOD].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http-method";
    sigmatch_table[DETECT_AL_HTTP_METHOD].Match = NULL;
-    sigmatch_table[DETECT_AL_HTTP_METHOD].AppLayerMatch = NULL;
    sigmatch_table[DETECT_AL_HTTP_METHOD].Setup = DetectHttpMethodSetup;
    sigmatch_table[DETECT_AL_HTTP_METHOD].Free  = DetectHttpMethodFree;
    sigmatch_table[DETECT_AL_HTTP_METHOD].RegisterTests = DetectHttpMethodRegisterTests;
--- a/src/detect-http-raw-header.c
+++ b/src/detect-http-raw-header.c
@ -74,7 +74,6 @@ void DetectHttpRawHeaderRegister(void)
 {
    sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].name = "http_raw_header";
    sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].Match = NULL;
-    sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].AppLayerMatch = NULL;
    sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].Setup = DetectHttpRawHeaderSetup;
    sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].Free  = DetectHttpRawHeaderFree;
    sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].RegisterTests = DetectHttpRawHeaderRegisterTests;
--- a/src/detect-http-raw-uri.c
+++ b/src/detect-http-raw-uri.c
@ -69,7 +69,6 @@ void DetectHttpRawUriRegister(void)
    sigmatch_table[DETECT_AL_HTTP_RAW_URI].desc = "content modifier to match on HTTP uri";
    sigmatch_table[DETECT_AL_HTTP_RAW_URI].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http_uri-and-http_raw-uri";
    sigmatch_table[DETECT_AL_HTTP_RAW_URI].Match = NULL;
-    sigmatch_table[DETECT_AL_HTTP_RAW_URI].AppLayerMatch = NULL;
    sigmatch_table[DETECT_AL_HTTP_RAW_URI].Setup = DetectHttpRawUriSetup;
    sigmatch_table[DETECT_AL_HTTP_RAW_URI].Free = NULL;
    sigmatch_table[DETECT_AL_HTTP_RAW_URI].RegisterTests = DetectHttpRawUriRegisterTests;
--- a/src/detect-http-request-line.c
+++ b/src/detect-http-request-line.c
@ -79,7 +79,6 @@ void DetectHttpRequestLineRegister(void)
    sigmatch_table[DETECT_AL_HTTP_REQUEST_LINE].desc = "content modifier to match only on the HTTP request line";
    sigmatch_table[DETECT_AL_HTTP_REQUEST_LINE].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http_request-line";
    sigmatch_table[DETECT_AL_HTTP_REQUEST_LINE].Match = NULL;
-    sigmatch_table[DETECT_AL_HTTP_REQUEST_LINE].AppLayerMatch = NULL;
    sigmatch_table[DETECT_AL_HTTP_REQUEST_LINE].Setup = DetectHttpRequestLineSetup;
    sigmatch_table[DETECT_AL_HTTP_REQUEST_LINE].RegisterTests = DetectHttpRequestLineRegisterTests;

--- a/src/detect-http-response-line.c
+++ b/src/detect-http-response-line.c
@ -79,7 +79,6 @@ void DetectHttpResponseLineRegister(void)
    sigmatch_table[DETECT_AL_HTTP_RESPONSE_LINE].desc = "content modifier to match only on the HTTP response line";
    sigmatch_table[DETECT_AL_HTTP_RESPONSE_LINE].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http_response-line";
    sigmatch_table[DETECT_AL_HTTP_RESPONSE_LINE].Match = NULL;
-    sigmatch_table[DETECT_AL_HTTP_RESPONSE_LINE].AppLayerMatch = NULL;
    sigmatch_table[DETECT_AL_HTTP_RESPONSE_LINE].Setup = DetectHttpResponseLineSetup;
    sigmatch_table[DETECT_AL_HTTP_RESPONSE_LINE].RegisterTests = DetectHttpResponseLineRegisterTests;

--- a/src/detect-http-server-body.c
+++ b/src/detect-http-server-body.c
@ -74,7 +74,6 @@ void DetectHttpServerBodyRegister(void)
    sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].desc = "content modifier to match only on the HTTP response-body";
    sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http_server-body";
    sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].Match = NULL;
-    sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].AppLayerMatch = NULL;
    sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].Setup = DetectHttpServerBodySetup;
    sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].Free  = DetectHttpServerBodyFree;
    sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].RegisterTests = DetectHttpServerBodyRegisterTests;
--- a/src/detect-http-stat-code.c
+++ b/src/detect-http-stat-code.c
@ -77,7 +77,6 @@ void DetectHttpStatCodeRegister (void)
    sigmatch_table[DETECT_AL_HTTP_STAT_CODE].desc = "content modifier to match only on HTTP stat-code-buffer";
    sigmatch_table[DETECT_AL_HTTP_STAT_CODE].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http_stat-code";
    sigmatch_table[DETECT_AL_HTTP_STAT_CODE].Match = NULL;
-    sigmatch_table[DETECT_AL_HTTP_STAT_CODE].AppLayerMatch = NULL;
    sigmatch_table[DETECT_AL_HTTP_STAT_CODE].Setup = DetectHttpStatCodeSetup;
    sigmatch_table[DETECT_AL_HTTP_STAT_CODE].Free  = NULL;
    sigmatch_table[DETECT_AL_HTTP_STAT_CODE].RegisterTests = DetectHttpStatCodeRegisterTests;
--- a/src/detect-http-stat-msg.c
+++ b/src/detect-http-stat-msg.c
@ -77,7 +77,6 @@ void DetectHttpStatMsgRegister (void)
    sigmatch_table[DETECT_AL_HTTP_STAT_MSG].desc = "content modifier to match on HTTP stat-msg-buffer";
    sigmatch_table[DETECT_AL_HTTP_STAT_MSG].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http_stat-msg";
    sigmatch_table[DETECT_AL_HTTP_STAT_MSG].Match = NULL;
-    sigmatch_table[DETECT_AL_HTTP_STAT_MSG].AppLayerMatch = NULL;
    sigmatch_table[DETECT_AL_HTTP_STAT_MSG].Setup = DetectHttpStatMsgSetup;
    sigmatch_table[DETECT_AL_HTTP_STAT_MSG].Free  = NULL;
    sigmatch_table[DETECT_AL_HTTP_STAT_MSG].RegisterTests = DetectHttpStatMsgRegisterTests;
--- a/src/detect-http-ua.c
+++ b/src/detect-http-ua.c
@ -74,7 +74,6 @@ void DetectHttpUARegister(void)
    sigmatch_table[DETECT_AL_HTTP_USER_AGENT].desc = "content modifier to match only on the HTTP User-Agent header";
    sigmatch_table[DETECT_AL_HTTP_USER_AGENT].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http_user-agent";
    sigmatch_table[DETECT_AL_HTTP_USER_AGENT].Match = NULL;
-    sigmatch_table[DETECT_AL_HTTP_USER_AGENT].AppLayerMatch = NULL;
    sigmatch_table[DETECT_AL_HTTP_USER_AGENT].Setup = DetectHttpUASetup;
    sigmatch_table[DETECT_AL_HTTP_USER_AGENT].Free  = DetectHttpUAFree;
    sigmatch_table[DETECT_AL_HTTP_USER_AGENT].RegisterTests = DetectHttpUARegisterTests;
--- a/src/detect-http-uri.c
+++ b/src/detect-http-uri.c
@ -70,7 +70,6 @@ void DetectHttpUriRegister (void)
    sigmatch_table[DETECT_AL_HTTP_URI].desc = "content modifier to match specifically and only on the HTTP uri-buffer";
    sigmatch_table[DETECT_AL_HTTP_URI].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http_uri-and-http_raw-uri";
    sigmatch_table[DETECT_AL_HTTP_URI].Match = NULL;
-    sigmatch_table[DETECT_AL_HTTP_URI].AppLayerMatch = NULL;
    sigmatch_table[DETECT_AL_HTTP_URI].Setup = DetectHttpUriSetup;
    sigmatch_table[DETECT_AL_HTTP_URI].Free  = NULL;
    sigmatch_table[DETECT_AL_HTTP_URI].RegisterTests = DetectHttpUriRegisterTests;
--- a/src/detect-lua.c
+++ b/src/detect-lua.c
@ -89,8 +89,6 @@ void DetectLuaRegister(void)

 static int DetectLuaMatch (ThreadVars *, DetectEngineThreadCtx *,
        Packet *, const Signature *, const SigMatchCtx *);
-static int DetectLuaAppMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
-        Flow *f, uint8_t flags, void *state, const Signature *s, const SigMatchData *m);
 static int DetectLuaAppTxMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
                                Flow *f, uint8_t flags,
                                void *state, void *txv, const Signature *s,
@ -116,7 +114,6 @@ void DetectLuaRegister(void)
    sigmatch_table[DETECT_LUA].desc = "match via a lua script";
    sigmatch_table[DETECT_LUA].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Lua_scripting";
    sigmatch_table[DETECT_LUA].Match = DetectLuaMatch;
-    sigmatch_table[DETECT_LUA].AppLayerMatch = DetectLuaAppMatch;
    sigmatch_table[DETECT_LUA].AppLayerTxMatch = DetectLuaAppTxMatch;
    sigmatch_table[DETECT_LUA].Setup = DetectLuaSetup;
    sigmatch_table[DETECT_LUA].Free  = DetectLuaFree;
@ -551,24 +548,6 @@ static int DetectLuaAppMatchCommon (ThreadVars *t, DetectEngineThreadCtx *det_ct
    SCReturnInt(ret);
 }

-/**
- * \brief match the specified lua script in AMATCH
- *
- * \param t thread local vars
- * \param det_ctx pattern matcher thread local data
- * \param s signature being inspected
- * \param m sigmatch that we will cast into DetectLuaData
- *
- * \retval 0 no match
- * \retval 1 match
- */
-static int DetectLuaAppMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
-        Flow *f, uint8_t flags, void *state,
-        const Signature *s, const SigMatchData *m)
-{
-    return DetectLuaAppMatchCommon(t, det_ctx, f, flags, state, s, m->ctx);
-}
-
 /**
 * \brief match the specified lua script in a list with a tx
 *
--- a/src/detect-modbus.c
+++ b/src/detect-modbus.c
@ -407,7 +407,6 @@ void DetectModbusRegister(void)
    SCEnter();
    sigmatch_table[DETECT_AL_MODBUS].name          = "modbus";
    sigmatch_table[DETECT_AL_MODBUS].Match         = NULL;
-    sigmatch_table[DETECT_AL_MODBUS].AppLayerMatch = NULL;
    sigmatch_table[DETECT_AL_MODBUS].Setup         = DetectModbusSetup;
    sigmatch_table[DETECT_AL_MODBUS].Free          = DetectModbusFree;
    sigmatch_table[DETECT_AL_MODBUS].RegisterTests = DetectModbusRegisterTests;
--- a/src/detect-pcre.c
+++ b/src/detect-pcre.c
@ -90,7 +90,6 @@ void DetectPcreRegister (void)
    sigmatch_table[DETECT_PCRE].desc = "match on regular expression";
    sigmatch_table[DETECT_PCRE].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#pcre-perl-compatible-regular-expressions";
    sigmatch_table[DETECT_PCRE].Match = NULL;
-    sigmatch_table[DETECT_PCRE].AppLayerMatch = NULL;
    sigmatch_table[DETECT_PCRE].Setup = DetectPcreSetup;
    sigmatch_table[DETECT_PCRE].Free  = DetectPcreFree;
    sigmatch_table[DETECT_PCRE].RegisterTests  = DetectPcreRegisterTests;
--- a/src/detect-pkt-data.c
+++ b/src/detect-pkt-data.c
@ -53,7 +53,6 @@ void DetectPktDataRegister(void)
 {
    sigmatch_table[DETECT_PKT_DATA].name = "pkt_data";
    sigmatch_table[DETECT_PKT_DATA].Match = NULL;
-    sigmatch_table[DETECT_PKT_DATA].AppLayerMatch = NULL;
    sigmatch_table[DETECT_PKT_DATA].Setup = DetectPktDataSetup;
    sigmatch_table[DETECT_PKT_DATA].Free  = NULL;
    sigmatch_table[DETECT_PKT_DATA].RegisterTests = DetectPktDataTestRegister;
--- a/src/detect-tls-cert-issuer.c
+++ b/src/detect-tls-cert-issuer.c
@ -66,7 +66,6 @@ void DetectTlsIssuerRegister(void)
    sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].desc = "content modifier to match specifically and only on the TLS cert issuer buffer";
    sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].url = DOC_URL DOC_VERSION "/rules/tls-keywords.html#tls-cert-issuer";
    sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].Match = NULL;
-    sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].AppLayerMatch = NULL;
    sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].Setup = DetectTlsIssuerSetup;
    sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].Free  = NULL;
    sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].RegisterTests = DetectTlsIssuerRegisterTests;
--- a/src/detect-tls-cert-subject.c
+++ b/src/detect-tls-cert-subject.c
@ -66,7 +66,6 @@ void DetectTlsSubjectRegister(void)
    sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].desc = "content modifier to match specifically and only on the TLS cert subject buffer";
    sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].url = DOC_URL DOC_VERSION "/rules/tls-keywords.html#tls-cert-subject";
    sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].Match = NULL;
-    sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].AppLayerMatch = NULL;
    sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].Setup = DetectTlsSubjectSetup;
    sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].Free  = NULL;
    sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].RegisterTests = DetectTlsSubjectRegisterTests;
--- a/src/detect-tls-sni.c
+++ b/src/detect-tls-sni.c
@ -66,7 +66,6 @@ void DetectTlsSniRegister(void)
    sigmatch_table[DETECT_AL_TLS_SNI].desc = "content modifier to match specifically and only on the TLS SNI buffer";
    sigmatch_table[DETECT_AL_TLS_SNI].url = DOC_URL DOC_VERSION "/rules/tls-keywords.html#tls-sni";
    sigmatch_table[DETECT_AL_TLS_SNI].Match = NULL;
-    sigmatch_table[DETECT_AL_TLS_SNI].AppLayerMatch = NULL;
    sigmatch_table[DETECT_AL_TLS_SNI].Setup = DetectTlsSniSetup;
    sigmatch_table[DETECT_AL_TLS_SNI].Free  = NULL;
    sigmatch_table[DETECT_AL_TLS_SNI].RegisterTests = DetectTlsSniRegisterTests;
--- a/src/detect-uricontent.c
+++ b/src/detect-uricontent.c
@ -69,7 +69,6 @@ static int g_http_uri_buffer_id = 0;
 void DetectUricontentRegister (void)
 {
    sigmatch_table[DETECT_URICONTENT].name = "uricontent";
-    sigmatch_table[DETECT_URICONTENT].AppLayerMatch = NULL;
    sigmatch_table[DETECT_URICONTENT].Match = NULL;
    sigmatch_table[DETECT_URICONTENT].Setup = DetectUricontentSetup;
    sigmatch_table[DETECT_URICONTENT].Free  = DetectUricontentFree;
--- a/src/detect-urilen.c
+++ b/src/detect-urilen.c
@ -67,7 +67,6 @@ void DetectUrilenRegister(void)
    sigmatch_table[DETECT_AL_URILEN].desc = "match on the length of the HTTP uri";
    sigmatch_table[DETECT_AL_URILEN].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#urilen";
    sigmatch_table[DETECT_AL_URILEN].Match = NULL;
-    sigmatch_table[DETECT_AL_URILEN].AppLayerMatch = NULL /**< We handle this at detect-engine-uri.c now */;
    sigmatch_table[DETECT_AL_URILEN].Setup = DetectUrilenSetup;
    sigmatch_table[DETECT_AL_URILEN].Free = DetectUrilenFree;
    sigmatch_table[DETECT_AL_URILEN].RegisterTests = DetectUrilenRegisterTests;
--- a/src/detect.h
+++ b/src/detect.h
@ -924,11 +924,6 @@ typedef struct SigTableElmt_ {
    /** Packet match function pointer */
    int (*Match)(ThreadVars *, DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *);

-    /** AppLayer match function  pointer */
-    int (*AppLayerMatch)(ThreadVars *, DetectEngineThreadCtx *,
-            Flow *, uint8_t flags, void *alstate,
-            const Signature *, const SigMatchData *);
-
    /** AppLayer TX match function pointer */
    int (*AppLayerTxMatch)(ThreadVars *, DetectEngineThreadCtx *, Flow *,
            uint8_t flags, void *alstate, void *txv,