From 7b4eac3e8d87388407e17a89f2c78a6630524ece Mon Sep 17 00:00:00 2001 From: Anoop Saldanha Date: Sun, 14 Oct 2012 19:46:46 +0530 Subject: [PATCH] Change all inspect callbacks to accept TV and a tx_id param. --- src/detect-engine-file.c | 2 +- src/detect-engine-file.h | 4 +- src/detect-engine-hcbd.c | 5 +- src/detect-engine-hcbd.h | 5 +- src/detect-engine-hcd.c | 5 +- src/detect-engine-hcd.h | 5 +- src/detect-engine-hhd.c | 5 +- src/detect-engine-hhd.h | 5 +- src/detect-engine-hmd.c | 5 +- src/detect-engine-hmd.h | 5 +- src/detect-engine-hrhd.c | 5 +- src/detect-engine-hrhd.h | 4 +- src/detect-engine-hrud.c | 5 +- src/detect-engine-hrud.h | 5 +- src/detect-engine-hsbd.c | 5 +- src/detect-engine-hsbd.h | 5 +- src/detect-engine-hscd.c | 5 +- src/detect-engine-hscd.h | 5 +- src/detect-engine-hsmd.c | 9 +-- src/detect-engine-hsmd.h | 5 +- src/detect-engine-hua.c | 5 +- src/detect-engine-hua.h | 5 +- src/detect-engine-state.c | 120 +++++++++++++++++++------------------- src/detect-engine-uri.c | 8 ++- src/detect-engine-uri.h | 5 +- 25 files changed, 134 insertions(+), 108 deletions(-) diff --git a/src/detect-engine-file.c b/src/detect-engine-file.c index 251ee57fb3..43fd5bdf42 100644 --- a/src/detect-engine-file.c +++ b/src/detect-engine-file.c @@ -203,7 +203,7 @@ static int DetectFileInspect(ThreadVars *tv, DetectEngineThreadCtx *det_ctx, * * \note flow is not locked at this time */ -int DetectFileInspectHttp(ThreadVars *tv, DetectEngineThreadCtx *det_ctx, Flow *f, Signature *s, void *alstate, uint8_t flags) { +int DetectFileInspectHttp(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Signature *s, Flow *f, uint8_t flags, void *alstate, int tx_id) { SCEnter(); int r = 0; diff --git a/src/detect-engine-file.h b/src/detect-engine-file.h index 1f233b159a..778240484e 100644 --- a/src/detect-engine-file.h +++ b/src/detect-engine-file.h @@ -24,6 +24,8 @@ #ifndef __DETECT_ENGINE_FILE_H__ #define __DETECT_ENGINE_FILE_H__ -int DetectFileInspectHttp(ThreadVars *, DetectEngineThreadCtx *, Flow *, Signature *, void *, uint8_t); +int DetectFileInspectHttp(ThreadVars *tv, DetectEngineCtx *de_ctx, + DetectEngineThreadCtx *det_ctx, Signature *s, + Flow *f, uint8_t flags, void *alstate, int tx_id); #endif /* __DETECT_ENGINE_FILE_H__ */ diff --git a/src/detect-engine-hcbd.c b/src/detect-engine-hcbd.c index 9fd09ec88b..1b70206427 100644 --- a/src/detect-engine-hcbd.c +++ b/src/detect-engine-hcbd.c @@ -256,10 +256,11 @@ int DetectEngineRunHttpClientBodyMpmV2(DetectEngineCtx *de_ctx, return cnt; } -int DetectEngineInspectHttpClientBodyV2(DetectEngineCtx *de_ctx, +int DetectEngineInspectHttpClientBodyV2(ThreadVars *tv, + DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Signature *s, Flow *f, uint8_t flags, - void *alstate) + void *alstate, int tx_id) { int r = 0; diff --git a/src/detect-engine-hcbd.h b/src/detect-engine-hcbd.h index d0c200613f..438b7d441b 100644 --- a/src/detect-engine-hcbd.h +++ b/src/detect-engine-hcbd.h @@ -30,10 +30,11 @@ int DetectEngineRunHttpClientBodyMpmV2(DetectEngineCtx *, DetectEngineThreadCtx *, Flow *f, HtpState *, uint8_t); -int DetectEngineInspectHttpClientBodyV2(DetectEngineCtx *, +int DetectEngineInspectHttpClientBodyV2(ThreadVars *tv, + DetectEngineCtx *, DetectEngineThreadCtx *, Signature *, Flow *, - uint8_t, void *); + uint8_t, void *, int); void DetectEngineCleanHCBDBuffersV2(DetectEngineThreadCtx *); void DetectEngineHttpClientBodyRegisterTests(void); diff --git a/src/detect-engine-hcd.c b/src/detect-engine-hcd.c index b7ad2b88ea..8a94be7ad3 100644 --- a/src/detect-engine-hcd.c +++ b/src/detect-engine-hcd.c @@ -128,10 +128,11 @@ int DetectEngineRunHttpCookieMpm(DetectEngineThreadCtx *det_ctx, Flow *f, * \retval 0 No match. * \retval 1 Match. */ -int DetectEngineInspectHttpCookie(DetectEngineCtx *de_ctx, +int DetectEngineInspectHttpCookie(ThreadVars *tv, + DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Signature *s, Flow *f, uint8_t flags, - void *alstate) + void *alstate, int tx_id) { SCEnter(); int r = 0; diff --git a/src/detect-engine-hcd.h b/src/detect-engine-hcd.h index e1028658d8..e072673aa1 100644 --- a/src/detect-engine-hcd.h +++ b/src/detect-engine-hcd.h @@ -25,8 +25,9 @@ #include "app-layer-htp.h" -int DetectEngineInspectHttpCookie(DetectEngineCtx *, DetectEngineThreadCtx *, - Signature *, Flow *, uint8_t, void *); +int DetectEngineInspectHttpCookie(ThreadVars *tv, + DetectEngineCtx *, DetectEngineThreadCtx *, + Signature *, Flow *, uint8_t, void *, int); int DetectEngineRunHttpCookieMpm(DetectEngineThreadCtx *, Flow *, HtpState *, uint8_t); void DetectEngineHttpCookieRegisterTests(void); diff --git a/src/detect-engine-hhd.c b/src/detect-engine-hhd.c index 2ee1b81f4c..1f77ee98f2 100644 --- a/src/detect-engine-hhd.c +++ b/src/detect-engine-hhd.c @@ -215,10 +215,11 @@ int DetectEngineRunHttpHeaderMpmV2(DetectEngineThreadCtx *det_ctx, Flow *f, return cnt; } -int DetectEngineInspectHttpHeaderV2(DetectEngineCtx *de_ctx, +int DetectEngineInspectHttpHeaderV2(ThreadVars *tv, + DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Signature *s, Flow *f, uint8_t flags, - void *alstate) + void *alstate, int tx_id) { int r = 0; diff --git a/src/detect-engine-hhd.h b/src/detect-engine-hhd.h index 738dc02bd9..089fb1fe2b 100644 --- a/src/detect-engine-hhd.h +++ b/src/detect-engine-hhd.h @@ -25,10 +25,11 @@ #include "app-layer-htp.h" -int DetectEngineInspectHttpHeaderV2(DetectEngineCtx *de_ctx, +int DetectEngineInspectHttpHeaderV2(ThreadVars *tv, + DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Signature *s, Flow *f, uint8_t flags, - void *alstate); + void *alstate, int tx_id); int DetectEngineRunHttpHeaderMpmV2(DetectEngineThreadCtx *det_ctx, Flow *f, HtpState *htp_state, uint8_t flags); void DetectEngineCleanHHDBuffersV2(DetectEngineThreadCtx *det_ctx); diff --git a/src/detect-engine-hmd.c b/src/detect-engine-hmd.c index 00865013ba..391d1d9065 100644 --- a/src/detect-engine-hmd.c +++ b/src/detect-engine-hmd.c @@ -112,10 +112,11 @@ int DetectEngineRunHttpMethodMpm(DetectEngineThreadCtx *det_ctx, Flow *f, * \retval 0 No match. * \retval 1 Match. */ -int DetectEngineInspectHttpMethod(DetectEngineCtx *de_ctx, +int DetectEngineInspectHttpMethod(ThreadVars *tv, + DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Signature *s, Flow *f, uint8_t flags, - void *alstate) + void *alstate, int tx_id) { SCEnter(); int r = 0; diff --git a/src/detect-engine-hmd.h b/src/detect-engine-hmd.h index a9a58d8a0d..c5eb5e4ca2 100644 --- a/src/detect-engine-hmd.h +++ b/src/detect-engine-hmd.h @@ -25,8 +25,9 @@ #include "app-layer-htp.h" -int DetectEngineInspectHttpMethod(DetectEngineCtx *, DetectEngineThreadCtx *, - Signature *, Flow *, uint8_t, void *); +int DetectEngineInspectHttpMethod(ThreadVars *tv, + DetectEngineCtx *, DetectEngineThreadCtx *, + Signature *, Flow *, uint8_t, void *, int); int DetectEngineRunHttpMethodMpm(DetectEngineThreadCtx *, Flow *, HtpState *, uint8_t); void DetectEngineHttpMethodRegisterTests(void); diff --git a/src/detect-engine-hrhd.c b/src/detect-engine-hrhd.c index 68dc00b524..3b8a471a63 100644 --- a/src/detect-engine-hrhd.c +++ b/src/detect-engine-hrhd.c @@ -127,10 +127,11 @@ end: * \retval 0 No match. * \retval 1 Match. */ -int DetectEngineInspectHttpRawHeader(DetectEngineCtx *de_ctx, +int DetectEngineInspectHttpRawHeader(ThreadVars *tv, + DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Signature *s, Flow *f, uint8_t flags, - void *alstate) + void *alstate, int tx_id) { SCEnter(); int r = 0; diff --git a/src/detect-engine-hrhd.h b/src/detect-engine-hrhd.h index 5a92bb535a..d9f38d0bc3 100644 --- a/src/detect-engine-hrhd.h +++ b/src/detect-engine-hrhd.h @@ -25,7 +25,9 @@ #include "app-layer-htp.h" -int DetectEngineInspectHttpRawHeader(DetectEngineCtx *, DetectEngineThreadCtx *, Signature *, Flow *, uint8_t, void *); +int DetectEngineInspectHttpRawHeader(ThreadVars *tv, DetectEngineCtx *, + DetectEngineThreadCtx *, Signature *, + Flow *, uint8_t, void *, int); int DetectEngineRunHttpRawHeaderMpm(DetectEngineThreadCtx *, Flow *, HtpState *, uint8_t); void DetectEngineHttpRawHeaderRegisterTests(void); diff --git a/src/detect-engine-hrud.c b/src/detect-engine-hrud.c index ec00454079..52342a5c11 100644 --- a/src/detect-engine-hrud.c +++ b/src/detect-engine-hrud.c @@ -116,10 +116,11 @@ end: * \retval 0 No match. * \retval 1 Match. */ -int DetectEngineInspectHttpRawUri(DetectEngineCtx *de_ctx, +int DetectEngineInspectHttpRawUri(ThreadVars *tv, + DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Signature *s, Flow *f, uint8_t flags, - void *alstate) + void *alstate, int tx_id) { SCEnter(); diff --git a/src/detect-engine-hrud.h b/src/detect-engine-hrud.h index 6c5a7214e1..32cf236ff5 100644 --- a/src/detect-engine-hrud.h +++ b/src/detect-engine-hrud.h @@ -28,8 +28,9 @@ int DetectEngineRunHttpRawUriMpm(DetectEngineThreadCtx *, Flow *f, HtpState *, uint8_t); -int DetectEngineInspectHttpRawUri(DetectEngineCtx *, DetectEngineThreadCtx *, - Signature *, Flow *, uint8_t, void *); +int DetectEngineInspectHttpRawUri(ThreadVars *tv, + DetectEngineCtx *, DetectEngineThreadCtx *, + Signature *, Flow *, uint8_t, void *, int); void DetectEngineHttpRawUriRegisterTests(void); #endif /* __DETECT_ENGINE_HRUD_H__ */ diff --git a/src/detect-engine-hsbd.c b/src/detect-engine-hsbd.c index 6f27e0e9d3..0df51cb99b 100644 --- a/src/detect-engine-hsbd.c +++ b/src/detect-engine-hsbd.c @@ -257,10 +257,11 @@ int DetectEngineRunHttpServerBodyMpmV2(DetectEngineCtx *de_ctx, return cnt; } -int DetectEngineInspectHttpServerBodyV2(DetectEngineCtx *de_ctx, +int DetectEngineInspectHttpServerBodyV2(ThreadVars *tv, + DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Signature *s, Flow *f, uint8_t flags, - void *alstate) + void *alstate, int tx_id) { int r = 0; diff --git a/src/detect-engine-hsbd.h b/src/detect-engine-hsbd.h index f1801f07de..22e3c20957 100644 --- a/src/detect-engine-hsbd.h +++ b/src/detect-engine-hsbd.h @@ -30,10 +30,11 @@ int DetectEngineRunHttpServerBodyMpmV2(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Flow *f, HtpState *htp_state, uint8_t flags); -int DetectEngineInspectHttpServerBodyV2(DetectEngineCtx *de_ctx, +int DetectEngineInspectHttpServerBodyV2(ThreadVars *tv, + DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Signature *s, Flow *f, uint8_t flags, - void *alstate); + void *alstate, int tx_id); void DetectEngineCleanHSBDBuffersV2(DetectEngineThreadCtx *det_ctx); void DetectEngineHttpServerBodyRegisterTests(void); diff --git a/src/detect-engine-hscd.c b/src/detect-engine-hscd.c index cf3e6f93f7..f82be47e5c 100644 --- a/src/detect-engine-hscd.c +++ b/src/detect-engine-hscd.c @@ -113,10 +113,11 @@ end: * \retval 0 No match. * \retval 1 Match. */ -int DetectEngineInspectHttpStatCode(DetectEngineCtx *de_ctx, +int DetectEngineInspectHttpStatCode(ThreadVars *tv, + DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Signature *s, Flow *f, uint8_t flags, - void *alstate) + void *alstate, int tx_id) { SCEnter(); diff --git a/src/detect-engine-hscd.h b/src/detect-engine-hscd.h index 29663f383c..f6ffa0e2d9 100644 --- a/src/detect-engine-hscd.h +++ b/src/detect-engine-hscd.h @@ -27,8 +27,9 @@ int DetectEngineRunHttpStatCodeMpm(DetectEngineThreadCtx *, Flow *f, HtpState *, uint8_t); -int DetectEngineInspectHttpStatCode(DetectEngineCtx *, DetectEngineThreadCtx *, - Signature *, Flow *, uint8_t, void *); +int DetectEngineInspectHttpStatCode(ThreadVars *tv, + DetectEngineCtx *, DetectEngineThreadCtx *, + Signature *, Flow *, uint8_t, void *, int); void DetectEngineHttpStatCodeRegisterTests(void); #endif /* __DETECT_ENGINE_HSCD_H__ */ diff --git a/src/detect-engine-hsmd.c b/src/detect-engine-hsmd.c index a407fcf52e..d937a6e8bb 100644 --- a/src/detect-engine-hsmd.c +++ b/src/detect-engine-hsmd.c @@ -113,10 +113,11 @@ end: * \retval 0 No match. * \retval 1 Match. */ -int DetectEngineInspectHttpStatMsg(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, - Signature *s, Flow *f, uint8_t flags, - void *alstate) +int DetectEngineInspectHttpStatMsg(ThreadVars *tv, + DetectEngineCtx *de_ctx, + DetectEngineThreadCtx *det_ctx, + Signature *s, Flow *f, uint8_t flags, + void *alstate, int tx_id) { SCEnter(); diff --git a/src/detect-engine-hsmd.h b/src/detect-engine-hsmd.h index e80eb95701..93f86259c3 100644 --- a/src/detect-engine-hsmd.h +++ b/src/detect-engine-hsmd.h @@ -27,8 +27,9 @@ int DetectEngineRunHttpStatMsgMpm(DetectEngineThreadCtx *, Flow *f, HtpState *, uint8_t); -int DetectEngineInspectHttpStatMsg(DetectEngineCtx *, DetectEngineThreadCtx *, - Signature *, Flow *, uint8_t, void *); +int DetectEngineInspectHttpStatMsg(ThreadVars *tv, + DetectEngineCtx *, DetectEngineThreadCtx *, + Signature *, Flow *, uint8_t, void *, int tx_id); void DetectEngineHttpStatMsgRegisterTests(void); #endif /* __DETECT_ENGINE_HSMD_H__ */ diff --git a/src/detect-engine-hua.c b/src/detect-engine-hua.c index a7f5937163..9cee91303e 100644 --- a/src/detect-engine-hua.c +++ b/src/detect-engine-hua.c @@ -119,10 +119,11 @@ int DetectEngineRunHttpUAMpm(DetectEngineThreadCtx *det_ctx, Flow *f, * \retval 0 No match. * \retval 1 Match. */ -int DetectEngineInspectHttpUA(DetectEngineCtx *de_ctx, +int DetectEngineInspectHttpUA(ThreadVars *tv, + DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Signature *s, Flow *f, uint8_t flags, - void *alstate) + void *alstate, int tx_id) { SCEnter(); diff --git a/src/detect-engine-hua.h b/src/detect-engine-hua.h index c1048867a0..d4b0777a9d 100644 --- a/src/detect-engine-hua.h +++ b/src/detect-engine-hua.h @@ -25,8 +25,9 @@ #include "app-layer-htp.h" -int DetectEngineInspectHttpUA(DetectEngineCtx *, DetectEngineThreadCtx *, - Signature *, Flow *, uint8_t, void *); +int DetectEngineInspectHttpUA(ThreadVars *tv, + DetectEngineCtx *, DetectEngineThreadCtx *, + Signature *, Flow *, uint8_t, void *, int); int DetectEngineRunHttpUAMpm(DetectEngineThreadCtx *, Flow *, HtpState *, uint8_t); void DetectEngineHttpUARegisterTests(void); diff --git a/src/detect-engine-state.c b/src/detect-engine-state.c index 7ea8486c21..16465b1d39 100644 --- a/src/detect-engine-state.c +++ b/src/detect-engine-state.c @@ -415,8 +415,8 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, SCLogDebug("inspecting uri"); - if (DetectEngineInspectPacketUris(de_ctx, det_ctx, s, f, - flags, alstate) == 1) + if (DetectEngineInspectPacketUris(tv, de_ctx, det_ctx, s, f, + flags, alstate, 0) == 1) { SCLogDebug("uri matched"); match_flags |= DE_STATE_FLAG_URI_MATCH; @@ -426,8 +426,8 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, } if (s->sm_lists[DETECT_SM_LIST_HCBDMATCH] != NULL) { inspect_flags |= DE_STATE_FLAG_HCBD_INSPECT; - if (DetectEngineInspectHttpClientBodyV2(de_ctx, det_ctx, s, f, - flags, alstate) == 1) { + if (DetectEngineInspectHttpClientBodyV2(tv, de_ctx, det_ctx, s, f, + flags, alstate, 0) == 1) { match_flags |= DE_STATE_FLAG_HCBD_MATCH; } SCLogDebug("inspecting http client body"); @@ -438,40 +438,40 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, } if (s->sm_lists[DETECT_SM_LIST_HHDMATCH] != NULL) { inspect_flags |= DE_STATE_FLAG_HHD_INSPECT; - if (DetectEngineInspectHttpHeaderV2(de_ctx, det_ctx, s, f, - flags, alstate) == 1) { + if (DetectEngineInspectHttpHeaderV2(tv, de_ctx, det_ctx, s, f, + flags, alstate, 0) == 1) { match_flags |= DE_STATE_FLAG_HHD_MATCH; } SCLogDebug("inspecting http header"); } if (s->sm_lists[DETECT_SM_LIST_HRHDMATCH] != NULL) { inspect_flags |= DE_STATE_FLAG_HRHD_INSPECT; - if (DetectEngineInspectHttpRawHeader(de_ctx, det_ctx, s, f, - flags, alstate) == 1) { + if (DetectEngineInspectHttpRawHeader(tv, de_ctx, det_ctx, s, f, + flags, alstate, 0) == 1) { match_flags |= DE_STATE_FLAG_HRHD_MATCH; } SCLogDebug("inspecting http raw header"); } if (s->sm_lists[DETECT_SM_LIST_HMDMATCH] != NULL) { inspect_flags |= DE_STATE_FLAG_HMD_INSPECT; - if (DetectEngineInspectHttpMethod(de_ctx, det_ctx, s, f, - flags, alstate) == 1) { + if (DetectEngineInspectHttpMethod(tv, de_ctx, det_ctx, s, f, + flags, alstate, 0) == 1) { match_flags |= DE_STATE_FLAG_HMD_MATCH; } SCLogDebug("inspecting http method"); } if (s->sm_lists[DETECT_SM_LIST_HCDMATCH] != NULL) { inspect_flags |= DE_STATE_FLAG_HCD_INSPECT; - if (DetectEngineInspectHttpCookie(de_ctx, det_ctx, s, f, - flags, alstate) == 1) { + if (DetectEngineInspectHttpCookie(tv, de_ctx, det_ctx, s, f, + flags, alstate, 0) == 1) { match_flags |= DE_STATE_FLAG_HCD_MATCH; } SCLogDebug("inspecting http cookie"); } if (s->sm_lists[DETECT_SM_LIST_HRUDMATCH] != NULL) { inspect_flags |= DE_STATE_FLAG_HRUD_INSPECT; - if (DetectEngineInspectHttpRawUri(de_ctx, det_ctx, s, f, - flags, alstate) == 1) { + if (DetectEngineInspectHttpRawUri(tv, de_ctx, det_ctx, s, f, + flags, alstate, 0) == 1) { match_flags |= DE_STATE_FLAG_HRUD_MATCH; } SCLogDebug("inspecting http raw uri"); @@ -483,7 +483,7 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, SCLogDebug("ready to inspect files"); inspect_flags |= DE_STATE_FLAG_FILE_TS_INSPECT; - match = DetectFileInspectHttp(tv, det_ctx, f, s, alstate, flags); + match = DetectFileInspectHttp(tv, de_ctx, det_ctx, s, f, flags, alstate, 0); if (match == 1) { match_flags |= DE_STATE_FLAG_FILE_TS_MATCH; } else if (match == 2) { @@ -506,8 +506,8 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, } if (s->sm_lists[DETECT_SM_LIST_HUADMATCH] != NULL) { inspect_flags |= DE_STATE_FLAG_HUAD_INSPECT; - if (DetectEngineInspectHttpUA(de_ctx, det_ctx, s, f, - flags, alstate) == 1) { + if (DetectEngineInspectHttpUA(tv, de_ctx, det_ctx, s, f, + flags, alstate, 0) == 1) { match_flags |= DE_STATE_FLAG_HUAD_MATCH; } SCLogDebug("inspecting http cookie"); @@ -524,24 +524,24 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, } if (s->sm_lists[DETECT_SM_LIST_HSBDMATCH] != NULL) { inspect_flags |= DE_STATE_FLAG_HSBD_INSPECT; - if (DetectEngineInspectHttpServerBodyV2(de_ctx, det_ctx, s, f, - flags, alstate) == 1) { + if (DetectEngineInspectHttpServerBodyV2(tv, de_ctx, det_ctx, s, f, + flags, alstate, 0) == 1) { match_flags |= DE_STATE_FLAG_HSBD_MATCH; } SCLogDebug("inspecting http server body"); } if (s->sm_lists[DETECT_SM_LIST_HHDMATCH] != NULL) { inspect_flags |= DE_STATE_FLAG_HHD_INSPECT; - if (DetectEngineInspectHttpHeaderV2(de_ctx, det_ctx, s, f, - flags, alstate) == 1) { + if (DetectEngineInspectHttpHeaderV2(tv, de_ctx, det_ctx, s, f, + flags, alstate, 0) == 1) { match_flags |= DE_STATE_FLAG_HHD_MATCH; } SCLogDebug("inspecting http header"); } if (s->sm_lists[DETECT_SM_LIST_HRHDMATCH] != NULL) { inspect_flags |= DE_STATE_FLAG_HRHD_INSPECT; - if (DetectEngineInspectHttpRawHeader(de_ctx, det_ctx, s, f, - flags, alstate) == 1) { + if (DetectEngineInspectHttpRawHeader(tv, de_ctx, det_ctx, s, f, + flags, alstate, 0) == 1) { match_flags |= DE_STATE_FLAG_HRHD_MATCH; } SCLogDebug("inspecting http raw header"); @@ -551,8 +551,8 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, } if (s->sm_lists[DETECT_SM_LIST_HCDMATCH] != NULL) { inspect_flags |= DE_STATE_FLAG_HCD_INSPECT; - if (DetectEngineInspectHttpCookie(de_ctx, det_ctx, s, f, - flags, alstate) == 1) { + if (DetectEngineInspectHttpCookie(tv, de_ctx, det_ctx, s, f, + flags, alstate, 0) == 1) { match_flags |= DE_STATE_FLAG_HCD_MATCH; } SCLogDebug("inspecting http cookie"); @@ -567,7 +567,7 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, inspect_flags |= DE_STATE_FLAG_FILE_TC_INSPECT; - match = DetectFileInspectHttp(tv, det_ctx, f, s, alstate, flags); + match = DetectFileInspectHttp(tv, de_ctx, det_ctx, s, f, flags, alstate, 0); SCLogDebug("match %d", match); if (match == 1) { match_flags |= DE_STATE_FLAG_FILE_TC_MATCH; @@ -583,16 +583,16 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, } if (s->sm_lists[DETECT_SM_LIST_HSMDMATCH] != NULL) { inspect_flags |= DE_STATE_FLAG_HSMD_INSPECT; - if (DetectEngineInspectHttpStatMsg(de_ctx, det_ctx, s, f, - flags, alstate) == 1) { + if (DetectEngineInspectHttpStatMsg(tv, de_ctx, det_ctx, s, f, + flags, alstate, 0) == 1) { match_flags |= DE_STATE_FLAG_HSMD_MATCH; } SCLogDebug("inspecting http stat msg"); } if (s->sm_lists[DETECT_SM_LIST_HSCDMATCH] != NULL) { inspect_flags |= DE_STATE_FLAG_HSCD_INSPECT; - if (DetectEngineInspectHttpStatCode(de_ctx, det_ctx, s, f, - flags, alstate) == 1) { + if (DetectEngineInspectHttpStatCode(tv, de_ctx, det_ctx, s, f, + flags, alstate, 0) == 1) { match_flags |= DE_STATE_FLAG_HSCD_MATCH; } SCLogDebug("inspecting http stat code"); @@ -815,8 +815,8 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete SCLogDebug("inspecting uri"); inspect_flags |= DE_STATE_FLAG_URI_INSPECT; - if (DetectEngineInspectPacketUris(de_ctx, det_ctx, s, - f, flags, alstate) == 1) + if (DetectEngineInspectPacketUris(tv, de_ctx, det_ctx, s, + f, flags, alstate, 0) == 1) { SCLogDebug("uri matched"); match_flags |= DE_STATE_FLAG_URI_MATCH; @@ -832,8 +832,8 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete SCLogDebug("inspecting http client body data"); inspect_flags |= DE_STATE_FLAG_HCBD_INSPECT; - if (DetectEngineInspectHttpClientBodyV2(de_ctx, det_ctx, s, f, - flags, alstate) == 1) { + if (DetectEngineInspectHttpClientBodyV2(tv, de_ctx, det_ctx, s, f, + flags, alstate, 0) == 1) { SCLogDebug("http client body matched"); match_flags |= DE_STATE_FLAG_HCBD_MATCH; } @@ -850,8 +850,8 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete SCLogDebug("inspecting http header data"); inspect_flags |= DE_STATE_FLAG_HHD_INSPECT; - if (DetectEngineInspectHttpHeaderV2(de_ctx, det_ctx, s, f, - flags, alstate) == 1) { + if (DetectEngineInspectHttpHeaderV2(tv, de_ctx, det_ctx, s, f, + flags, alstate, 0) == 1) { SCLogDebug("http header matched"); match_flags |= DE_STATE_FLAG_HHD_MATCH; } @@ -862,8 +862,8 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete SCLogDebug("inspecting http raw header data"); inspect_flags |= DE_STATE_FLAG_HRHD_INSPECT; - if (DetectEngineInspectHttpRawHeader(de_ctx, det_ctx, s, f, - flags, alstate) == 1) { + if (DetectEngineInspectHttpRawHeader(tv, de_ctx, det_ctx, s, f, + flags, alstate, 0) == 1) { SCLogDebug("http raw header matched"); match_flags |= DE_STATE_FLAG_HRHD_MATCH; } @@ -874,8 +874,8 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete SCLogDebug("inspecting http method data"); inspect_flags |= DE_STATE_FLAG_HMD_INSPECT; - if (DetectEngineInspectHttpMethod(de_ctx, det_ctx, s, f, - flags, alstate) == 1) { + if (DetectEngineInspectHttpMethod(tv, de_ctx, det_ctx, s, f, + flags, alstate, 0) == 1) { SCLogDebug("http method matched"); match_flags |= DE_STATE_FLAG_HMD_MATCH; } @@ -886,8 +886,8 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete SCLogDebug("inspecting http cookie data"); inspect_flags |= DE_STATE_FLAG_HCD_INSPECT; - if (DetectEngineInspectHttpCookie(de_ctx, det_ctx, s, f, - flags, alstate) == 1) { + if (DetectEngineInspectHttpCookie(tv, de_ctx, det_ctx, s, f, + flags, alstate, 0) == 1) { SCLogDebug("http cookie matched"); match_flags |= DE_STATE_FLAG_HCD_MATCH; } @@ -898,8 +898,8 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete SCLogDebug("inspecting http raw uri data"); inspect_flags |= DE_STATE_FLAG_HRUD_INSPECT; - if (DetectEngineInspectHttpRawUri(de_ctx, det_ctx, s, f, - flags, alstate) == 1) { + if (DetectEngineInspectHttpRawUri(tv, de_ctx, det_ctx, s, f, + flags, alstate, 0) == 1) { SCLogDebug("http raw uri matched"); match_flags |= DE_STATE_FLAG_HRUD_MATCH; } @@ -914,7 +914,7 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete inspect_flags |= DE_STATE_FLAG_FILE_TS_INSPECT; - match = DetectFileInspectHttp(tv, det_ctx, f, s, alstate, flags); + match = DetectFileInspectHttp(tv, de_ctx, det_ctx, s, f, flags, alstate, 0); if (match == 1) { match_flags |= DE_STATE_FLAG_FILE_TS_MATCH; } else if (match == 2) { @@ -945,8 +945,8 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete SCLogDebug("inspecting http user agent data"); inspect_flags |= DE_STATE_FLAG_HUAD_INSPECT; - if (DetectEngineInspectHttpUA(de_ctx, det_ctx, s, f, - flags, alstate) == 1) { + if (DetectEngineInspectHttpUA(tv, de_ctx, det_ctx, s, f, + flags, alstate, 0) == 1) { SCLogDebug("http user agent matched"); match_flags |= DE_STATE_FLAG_HUAD_MATCH; } @@ -971,8 +971,8 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete SCLogDebug("inspecting http server body data"); inspect_flags |= DE_STATE_FLAG_HSBD_INSPECT; - if (DetectEngineInspectHttpServerBodyV2(de_ctx, det_ctx, s, f, - flags, alstate) == 1) { + if (DetectEngineInspectHttpServerBodyV2(tv, de_ctx, det_ctx, s, f, + flags, alstate, 0) == 1) { SCLogDebug("http server body matched"); match_flags |= DE_STATE_FLAG_HSBD_MATCH; } @@ -981,8 +981,8 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete if (s->sm_lists[DETECT_SM_LIST_HHDMATCH] != NULL) { if (!(item->flags & DE_STATE_FLAG_HHD_MATCH)) { inspect_flags |= DE_STATE_FLAG_HHD_INSPECT; - if (DetectEngineInspectHttpHeaderV2(de_ctx, det_ctx, s, f, - flags, alstate) == 1) { + if (DetectEngineInspectHttpHeaderV2(tv, de_ctx, det_ctx, s, f, + flags, alstate, 0) == 1) { match_flags |= DE_STATE_FLAG_HHD_MATCH; } } @@ -991,8 +991,8 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete if (s->sm_lists[DETECT_SM_LIST_HRHDMATCH] != NULL) { if (!(item->flags & DE_STATE_FLAG_HRHD_MATCH)) { inspect_flags |= DE_STATE_FLAG_HRHD_INSPECT; - if (DetectEngineInspectHttpRawHeader(de_ctx, det_ctx, s, f, - flags, alstate) == 1) { + if (DetectEngineInspectHttpRawHeader(tv, de_ctx, det_ctx, s, f, + flags, alstate, 0) == 1) { match_flags |= DE_STATE_FLAG_HRHD_MATCH; } SCLogDebug("inspecting http raw header"); @@ -1006,8 +1006,8 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete if (s->sm_lists[DETECT_SM_LIST_HCDMATCH] != NULL) { if (!(item->flags & DE_STATE_FLAG_HCD_MATCH)) { inspect_flags |= DE_STATE_FLAG_HCD_INSPECT; - if (DetectEngineInspectHttpCookie(de_ctx, det_ctx, s, f, - flags, alstate) == 1) { + if (DetectEngineInspectHttpCookie(tv, de_ctx, det_ctx, s, f, + flags, alstate, 0) == 1) { match_flags |= DE_STATE_FLAG_HCD_MATCH; } SCLogDebug("inspecting http cookie"); @@ -1026,7 +1026,7 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete inspect_flags |= DE_STATE_FLAG_FILE_TC_INSPECT; - match = DetectFileInspectHttp(tv, det_ctx, f, s, alstate, flags); + match = DetectFileInspectHttp(tv, de_ctx, det_ctx, s, f, flags, alstate, 0); if (match == 1) { match_flags |= DE_STATE_FLAG_FILE_TC_MATCH; } else if (match == 2) { @@ -1045,8 +1045,8 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete SCLogDebug("inspecting http stat msg data"); inspect_flags |= DE_STATE_FLAG_HSMD_INSPECT; - if (DetectEngineInspectHttpStatMsg(de_ctx, det_ctx, s, f, - flags, alstate) == 1) { + if (DetectEngineInspectHttpStatMsg(tv, de_ctx, det_ctx, s, f, + flags, alstate, 0) == 1) { SCLogDebug("http stat msg matched"); match_flags |= DE_STATE_FLAG_HSMD_MATCH; } @@ -1057,8 +1057,8 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete SCLogDebug("inspecting http stat code data"); inspect_flags |= DE_STATE_FLAG_HSCD_INSPECT; - if (DetectEngineInspectHttpStatCode(de_ctx, det_ctx, s, f, - flags, alstate) == 1) { + if (DetectEngineInspectHttpStatCode(tv, de_ctx, det_ctx, s, f, + flags, alstate, 0) == 1) { SCLogDebug("http stat code matched"); match_flags |= DE_STATE_FLAG_HSCD_MATCH; } diff --git a/src/detect-engine-uri.c b/src/detect-engine-uri.c index edc6d1bf2c..e7979282b3 100644 --- a/src/detect-engine-uri.c +++ b/src/detect-engine-uri.c @@ -59,9 +59,11 @@ * \retval 0 no match * \retval 1 match */ -int DetectEngineInspectPacketUris(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, Signature *s, Flow *f, uint8_t flags, - void *alstate) +int DetectEngineInspectPacketUris(ThreadVars *tv, + DetectEngineCtx *de_ctx, + DetectEngineThreadCtx *det_ctx, + Signature *s, Flow *f, uint8_t flags, + void *alstate, int tx_id) { SCEnter(); int r = 0; diff --git a/src/detect-engine-uri.h b/src/detect-engine-uri.h index 1eb886cf49..c1e4129b95 100644 --- a/src/detect-engine-uri.h +++ b/src/detect-engine-uri.h @@ -24,8 +24,9 @@ #ifndef __DETECT_ENGINE_URICONTENT_H__ #define __DETECT_ENGINE_URICONTENT_H__ -int DetectEngineInspectPacketUris(DetectEngineCtx *, DetectEngineThreadCtx *, - Signature *, Flow *, uint8_t, void *); +int DetectEngineInspectPacketUris(ThreadVars *tv, + DetectEngineCtx *, DetectEngineThreadCtx *, + Signature *, Flow *, uint8_t, void *, int); void UriRegisterTests(void); #endif /* __DETECT_ENGINE_URICONTENT_H__ */