aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Change all inspect callbacks to accept TV and a tx_id param.

Browse Source
pull/146/head
Anoop Saldanha 13 years ago committed by Victor Julien
parent 10a6e6a3eb
commit 7b4eac3e8d
25 changed files with 134 additions and 108 deletions
Show Stats Download Patch File Download Diff File

2
src/detect-engine-file.c
Unescape Escape View File

@ -203,7 +203,7 @@ static int DetectFileInspect(ThreadVars *tv, DetectEngineThreadCtx *det_ctx,
*
* \note flow is not locked at this time
*/
int DetectFileInspectHttp(ThreadVars *tv, DetectEngineThreadCtx *det_ctx, Flow *f, Signature *s, void *alstate, uint8_t flags) {
int DetectFileInspectHttp(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Signature *s, Flow *f, uint8_t flags, void *alstate, int tx_id) {
SCEnter();
int r = 0;

4
src/detect-engine-file.h
Unescape Escape View File

@ -24,6 +24,8 @@
#ifndef __DETECT_ENGINE_FILE_H__
#define __DETECT_ENGINE_FILE_H__
int DetectFileInspectHttp(ThreadVars *, DetectEngineThreadCtx *, Flow *, Signature *, void *, uint8_t);
int DetectFileInspectHttp(ThreadVars *tv, DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, Signature *s,
Flow *f, uint8_t flags, void *alstate, int tx_id);
#endif /* __DETECT_ENGINE_FILE_H__ */

5
src/detect-engine-hcbd.c
Unescape Escape View File

@ -256,10 +256,11 @@ int DetectEngineRunHttpClientBodyMpmV2(DetectEngineCtx *de_ctx,
return cnt;
}
int DetectEngineInspectHttpClientBodyV2(DetectEngineCtx *de_ctx,
int DetectEngineInspectHttpClientBodyV2(ThreadVars *tv,
DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx,
Signature *s, Flow *f, uint8_t flags,
void *alstate)
void *alstate, int tx_id)
{
int r = 0;

5
src/detect-engine-hcbd.h
Unescape Escape View File

@ -30,10 +30,11 @@
int DetectEngineRunHttpClientBodyMpmV2(DetectEngineCtx *,
DetectEngineThreadCtx *, Flow *f,
HtpState *, uint8_t);
int DetectEngineInspectHttpClientBodyV2(DetectEngineCtx *,
int DetectEngineInspectHttpClientBodyV2(ThreadVars *tv,
DetectEngineCtx *,
DetectEngineThreadCtx *,
Signature *, Flow *,
uint8_t, void *);
uint8_t, void *, int);
void DetectEngineCleanHCBDBuffersV2(DetectEngineThreadCtx *);
void DetectEngineHttpClientBodyRegisterTests(void);

5
src/detect-engine-hcd.c
Unescape Escape View File

@ -128,10 +128,11 @@ int DetectEngineRunHttpCookieMpm(DetectEngineThreadCtx *det_ctx, Flow *f,
* \retval 0 No match.
* \retval 1 Match.
*/
int DetectEngineInspectHttpCookie(DetectEngineCtx *de_ctx,
int DetectEngineInspectHttpCookie(ThreadVars *tv,
DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx,
Signature *s, Flow *f, uint8_t flags,
void *alstate)
void *alstate, int tx_id)
{
SCEnter();
int r = 0;

5
src/detect-engine-hcd.h
Unescape Escape View File

@ -25,8 +25,9 @@
#include "app-layer-htp.h"
int DetectEngineInspectHttpCookie(DetectEngineCtx *, DetectEngineThreadCtx *,
Signature *, Flow *, uint8_t, void *);
int DetectEngineInspectHttpCookie(ThreadVars *tv,
DetectEngineCtx *, DetectEngineThreadCtx *,
Signature *, Flow *, uint8_t, void *, int);
int DetectEngineRunHttpCookieMpm(DetectEngineThreadCtx *, Flow *, HtpState *, uint8_t);
void DetectEngineHttpCookieRegisterTests(void);

5
src/detect-engine-hhd.c
Unescape Escape View File

@ -215,10 +215,11 @@ int DetectEngineRunHttpHeaderMpmV2(DetectEngineThreadCtx *det_ctx, Flow *f,
return cnt;
}
int DetectEngineInspectHttpHeaderV2(DetectEngineCtx *de_ctx,
int DetectEngineInspectHttpHeaderV2(ThreadVars *tv,
DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx,
Signature *s, Flow *f, uint8_t flags,
void *alstate)
void *alstate, int tx_id)
{
int r = 0;

5
src/detect-engine-hhd.h
Unescape Escape View File

@ -25,10 +25,11 @@
#include "app-layer-htp.h"
int DetectEngineInspectHttpHeaderV2(DetectEngineCtx *de_ctx,
int DetectEngineInspectHttpHeaderV2(ThreadVars *tv,
DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx,
Signature *s, Flow *f, uint8_t flags,
void *alstate);
void *alstate, int tx_id);
int DetectEngineRunHttpHeaderMpmV2(DetectEngineThreadCtx *det_ctx, Flow *f,
HtpState *htp_state, uint8_t flags);
void DetectEngineCleanHHDBuffersV2(DetectEngineThreadCtx *det_ctx);

5
src/detect-engine-hmd.c
Unescape Escape View File

@ -112,10 +112,11 @@ int DetectEngineRunHttpMethodMpm(DetectEngineThreadCtx *det_ctx, Flow *f,
* \retval 0 No match.
* \retval 1 Match.
*/
int DetectEngineInspectHttpMethod(DetectEngineCtx *de_ctx,
int DetectEngineInspectHttpMethod(ThreadVars *tv,
DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx,
Signature *s, Flow *f, uint8_t flags,
void *alstate)
void *alstate, int tx_id)
{
SCEnter();
int r = 0;

5
src/detect-engine-hmd.h
Unescape Escape View File

@ -25,8 +25,9 @@
#include "app-layer-htp.h"
int DetectEngineInspectHttpMethod(DetectEngineCtx *, DetectEngineThreadCtx *,
Signature *, Flow *, uint8_t, void *);
int DetectEngineInspectHttpMethod(ThreadVars *tv,
DetectEngineCtx *, DetectEngineThreadCtx *,
Signature *, Flow *, uint8_t, void *, int);
int DetectEngineRunHttpMethodMpm(DetectEngineThreadCtx *, Flow *, HtpState *, uint8_t);
void DetectEngineHttpMethodRegisterTests(void);

5
src/detect-engine-hrhd.c
Unescape Escape View File

@ -127,10 +127,11 @@ end:
* \retval 0 No match.
* \retval 1 Match.
*/
int DetectEngineInspectHttpRawHeader(DetectEngineCtx *de_ctx,
int DetectEngineInspectHttpRawHeader(ThreadVars *tv,
DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx,
Signature *s, Flow *f, uint8_t flags,
void *alstate)
void *alstate, int tx_id)
{
SCEnter();
int r = 0;

4
src/detect-engine-hrhd.h
Unescape Escape View File

@ -25,7 +25,9 @@
#include "app-layer-htp.h"
int DetectEngineInspectHttpRawHeader(DetectEngineCtx *, DetectEngineThreadCtx *, Signature *, Flow *, uint8_t, void *);
int DetectEngineInspectHttpRawHeader(ThreadVars *tv, DetectEngineCtx *,
DetectEngineThreadCtx *, Signature *,
Flow *, uint8_t, void *, int);
int DetectEngineRunHttpRawHeaderMpm(DetectEngineThreadCtx *, Flow *, HtpState *,
uint8_t);
void DetectEngineHttpRawHeaderRegisterTests(void);

5
src/detect-engine-hrud.c
Unescape Escape View File

@ -116,10 +116,11 @@ end:
* \retval 0 No match.
* \retval 1 Match.
*/
int DetectEngineInspectHttpRawUri(DetectEngineCtx *de_ctx,
int DetectEngineInspectHttpRawUri(ThreadVars *tv,
DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx,
Signature *s, Flow *f, uint8_t flags,
void *alstate)
void *alstate, int tx_id)
{
SCEnter();

5
src/detect-engine-hrud.h
Unescape Escape View File

@ -28,8 +28,9 @@
int DetectEngineRunHttpRawUriMpm(DetectEngineThreadCtx *,
Flow *f, HtpState *, uint8_t);
int DetectEngineInspectHttpRawUri(DetectEngineCtx *, DetectEngineThreadCtx *,
Signature *, Flow *, uint8_t, void *);
int DetectEngineInspectHttpRawUri(ThreadVars *tv,
DetectEngineCtx *, DetectEngineThreadCtx *,
Signature *, Flow *, uint8_t, void *, int);
void DetectEngineHttpRawUriRegisterTests(void);
#endif /* __DETECT_ENGINE_HRUD_H__ */

5
src/detect-engine-hsbd.c
Unescape Escape View File

@ -257,10 +257,11 @@ int DetectEngineRunHttpServerBodyMpmV2(DetectEngineCtx *de_ctx,
return cnt;
}
int DetectEngineInspectHttpServerBodyV2(DetectEngineCtx *de_ctx,
int DetectEngineInspectHttpServerBodyV2(ThreadVars *tv,
DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx,
Signature *s, Flow *f, uint8_t flags,
void *alstate)
void *alstate, int tx_id)
{
int r = 0;

5
src/detect-engine-hsbd.h
Unescape Escape View File

@ -30,10 +30,11 @@
int DetectEngineRunHttpServerBodyMpmV2(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, Flow *f,
HtpState *htp_state, uint8_t flags);
int DetectEngineInspectHttpServerBodyV2(DetectEngineCtx *de_ctx,
int DetectEngineInspectHttpServerBodyV2(ThreadVars *tv,
DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx,
Signature *s, Flow *f, uint8_t flags,
void *alstate);
void *alstate, int tx_id);
void DetectEngineCleanHSBDBuffersV2(DetectEngineThreadCtx *det_ctx);
void DetectEngineHttpServerBodyRegisterTests(void);

5
src/detect-engine-hscd.c
Unescape Escape View File

@ -113,10 +113,11 @@ end:
* \retval 0 No match.
* \retval 1 Match.
*/
int DetectEngineInspectHttpStatCode(DetectEngineCtx *de_ctx,
int DetectEngineInspectHttpStatCode(ThreadVars *tv,
DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx,
Signature *s, Flow *f, uint8_t flags,
void *alstate)
void *alstate, int tx_id)
{
SCEnter();

5
src/detect-engine-hscd.h
Unescape Escape View File

@ -27,8 +27,9 @@
int DetectEngineRunHttpStatCodeMpm(DetectEngineThreadCtx *,
Flow *f, HtpState *, uint8_t);
int DetectEngineInspectHttpStatCode(DetectEngineCtx *, DetectEngineThreadCtx *,
Signature *, Flow *, uint8_t, void *);
int DetectEngineInspectHttpStatCode(ThreadVars *tv,
DetectEngineCtx *, DetectEngineThreadCtx *,
Signature *, Flow *, uint8_t, void *, int);
void DetectEngineHttpStatCodeRegisterTests(void);
#endif /* __DETECT_ENGINE_HSCD_H__ */

5
src/detect-engine-hsmd.c
Unescape Escape View File

@ -113,10 +113,11 @@ end:
* \retval 0 No match.
* \retval 1 Match.
*/
int DetectEngineInspectHttpStatMsg(DetectEngineCtx *de_ctx,
int DetectEngineInspectHttpStatMsg(ThreadVars *tv,
DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx,
Signature *s, Flow *f, uint8_t flags,
void *alstate)
void *alstate, int tx_id)
{
SCEnter();

5
src/detect-engine-hsmd.h
Unescape Escape View File

@ -27,8 +27,9 @@
int DetectEngineRunHttpStatMsgMpm(DetectEngineThreadCtx *,
Flow *f, HtpState *, uint8_t);
int DetectEngineInspectHttpStatMsg(DetectEngineCtx *, DetectEngineThreadCtx *,
Signature *, Flow *, uint8_t, void *);
int DetectEngineInspectHttpStatMsg(ThreadVars *tv,
DetectEngineCtx *, DetectEngineThreadCtx *,
Signature *, Flow *, uint8_t, void *, int tx_id);
void DetectEngineHttpStatMsgRegisterTests(void);
#endif /* __DETECT_ENGINE_HSMD_H__ */

5
src/detect-engine-hua.c
Unescape Escape View File

@ -119,10 +119,11 @@ int DetectEngineRunHttpUAMpm(DetectEngineThreadCtx *det_ctx, Flow *f,
* \retval 0 No match.
* \retval 1 Match.
*/
int DetectEngineInspectHttpUA(DetectEngineCtx *de_ctx,
int DetectEngineInspectHttpUA(ThreadVars *tv,
DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx,
Signature *s, Flow *f, uint8_t flags,
void *alstate)
void *alstate, int tx_id)
{
SCEnter();

5
src/detect-engine-hua.h
Unescape Escape View File

@ -25,8 +25,9 @@
#include "app-layer-htp.h"
int DetectEngineInspectHttpUA(DetectEngineCtx *, DetectEngineThreadCtx *,
Signature *, Flow *, uint8_t, void *);
int DetectEngineInspectHttpUA(ThreadVars *tv,
DetectEngineCtx *, DetectEngineThreadCtx *,
Signature *, Flow *, uint8_t, void *, int);
int DetectEngineRunHttpUAMpm(DetectEngineThreadCtx *, Flow *, HtpState *, uint8_t);
void DetectEngineHttpUARegisterTests(void);

120
src/detect-engine-state.c
Unescape Escape View File

@ -415,8 +415,8 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
SCLogDebug("inspecting uri");
if (DetectEngineInspectPacketUris(de_ctx, det_ctx, s, f,
flags, alstate) == 1)
if (DetectEngineInspectPacketUris(tv, de_ctx, det_ctx, s, f,
flags, alstate, 0) == 1)
{
SCLogDebug("uri matched");
match_flags |= DE_STATE_FLAG_URI_MATCH;
@ -426,8 +426,8 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
}
if (s->sm_lists[DETECT_SM_LIST_HCBDMATCH] != NULL) {
inspect_flags |= DE_STATE_FLAG_HCBD_INSPECT;
if (DetectEngineInspectHttpClientBodyV2(de_ctx, det_ctx, s, f,
flags, alstate) == 1) {
if (DetectEngineInspectHttpClientBodyV2(tv, de_ctx, det_ctx, s, f,
flags, alstate, 0) == 1) {
match_flags |= DE_STATE_FLAG_HCBD_MATCH;
}
SCLogDebug("inspecting http client body");
@ -438,40 +438,40 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
}
if (s->sm_lists[DETECT_SM_LIST_HHDMATCH] != NULL) {
inspect_flags |= DE_STATE_FLAG_HHD_INSPECT;
if (DetectEngineInspectHttpHeaderV2(de_ctx, det_ctx, s, f,
flags, alstate) == 1) {
if (DetectEngineInspectHttpHeaderV2(tv, de_ctx, det_ctx, s, f,
flags, alstate, 0) == 1) {
match_flags |= DE_STATE_FLAG_HHD_MATCH;
}
SCLogDebug("inspecting http header");
}
if (s->sm_lists[DETECT_SM_LIST_HRHDMATCH] != NULL) {
inspect_flags |= DE_STATE_FLAG_HRHD_INSPECT;
if (DetectEngineInspectHttpRawHeader(de_ctx, det_ctx, s, f,
flags, alstate) == 1) {
if (DetectEngineInspectHttpRawHeader(tv, de_ctx, det_ctx, s, f,
flags, alstate, 0) == 1) {
match_flags |= DE_STATE_FLAG_HRHD_MATCH;
}
SCLogDebug("inspecting http raw header");
}
if (s->sm_lists[DETECT_SM_LIST_HMDMATCH] != NULL) {
inspect_flags |= DE_STATE_FLAG_HMD_INSPECT;
if (DetectEngineInspectHttpMethod(de_ctx, det_ctx, s, f,
flags, alstate) == 1) {
if (DetectEngineInspectHttpMethod(tv, de_ctx, det_ctx, s, f,
flags, alstate, 0) == 1) {
match_flags |= DE_STATE_FLAG_HMD_MATCH;
}
SCLogDebug("inspecting http method");
}
if (s->sm_lists[DETECT_SM_LIST_HCDMATCH] != NULL) {
inspect_flags |= DE_STATE_FLAG_HCD_INSPECT;
if (DetectEngineInspectHttpCookie(de_ctx, det_ctx, s, f,
flags, alstate) == 1) {
if (DetectEngineInspectHttpCookie(tv, de_ctx, det_ctx, s, f,
flags, alstate, 0) == 1) {
match_flags |= DE_STATE_FLAG_HCD_MATCH;
}
SCLogDebug("inspecting http cookie");
}
if (s->sm_lists[DETECT_SM_LIST_HRUDMATCH] != NULL) {
inspect_flags |= DE_STATE_FLAG_HRUD_INSPECT;
if (DetectEngineInspectHttpRawUri(de_ctx, det_ctx, s, f,
flags, alstate) == 1) {
if (DetectEngineInspectHttpRawUri(tv, de_ctx, det_ctx, s, f,
flags, alstate, 0) == 1) {
match_flags |= DE_STATE_FLAG_HRUD_MATCH;
}
SCLogDebug("inspecting http raw uri");
@ -483,7 +483,7 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
SCLogDebug("ready to inspect files");
inspect_flags |= DE_STATE_FLAG_FILE_TS_INSPECT;
match = DetectFileInspectHttp(tv, det_ctx, f, s, alstate, flags);
match = DetectFileInspectHttp(tv, de_ctx, det_ctx, s, f, flags, alstate, 0);
if (match == 1) {
match_flags |= DE_STATE_FLAG_FILE_TS_MATCH;
} else if (match == 2) {
@ -506,8 +506,8 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
}
if (s->sm_lists[DETECT_SM_LIST_HUADMATCH] != NULL) {
inspect_flags |= DE_STATE_FLAG_HUAD_INSPECT;
if (DetectEngineInspectHttpUA(de_ctx, det_ctx, s, f,
flags, alstate) == 1) {
if (DetectEngineInspectHttpUA(tv, de_ctx, det_ctx, s, f,
flags, alstate, 0) == 1) {
match_flags |= DE_STATE_FLAG_HUAD_MATCH;
}
SCLogDebug("inspecting http cookie");
@ -524,24 +524,24 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
}
if (s->sm_lists[DETECT_SM_LIST_HSBDMATCH] != NULL) {
inspect_flags |= DE_STATE_FLAG_HSBD_INSPECT;
if (DetectEngineInspectHttpServerBodyV2(de_ctx, det_ctx, s, f,
flags, alstate) == 1) {
if (DetectEngineInspectHttpServerBodyV2(tv, de_ctx, det_ctx, s, f,
flags, alstate, 0) == 1) {
match_flags |= DE_STATE_FLAG_HSBD_MATCH;
}
SCLogDebug("inspecting http server body");
}
if (s->sm_lists[DETECT_SM_LIST_HHDMATCH] != NULL) {
inspect_flags |= DE_STATE_FLAG_HHD_INSPECT;
if (DetectEngineInspectHttpHeaderV2(de_ctx, det_ctx, s, f,
flags, alstate) == 1) {
if (DetectEngineInspectHttpHeaderV2(tv, de_ctx, det_ctx, s, f,
flags, alstate, 0) == 1) {
match_flags |= DE_STATE_FLAG_HHD_MATCH;
}
SCLogDebug("inspecting http header");
}
if (s->sm_lists[DETECT_SM_LIST_HRHDMATCH] != NULL) {
inspect_flags |= DE_STATE_FLAG_HRHD_INSPECT;
if (DetectEngineInspectHttpRawHeader(de_ctx, det_ctx, s, f,
flags, alstate) == 1) {
if (DetectEngineInspectHttpRawHeader(tv, de_ctx, det_ctx, s, f,
flags, alstate, 0) == 1) {
match_flags |= DE_STATE_FLAG_HRHD_MATCH;
}
SCLogDebug("inspecting http raw header");
@ -551,8 +551,8 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
}
if (s->sm_lists[DETECT_SM_LIST_HCDMATCH] != NULL) {
inspect_flags |= DE_STATE_FLAG_HCD_INSPECT;
if (DetectEngineInspectHttpCookie(de_ctx, det_ctx, s, f,
flags, alstate) == 1) {
if (DetectEngineInspectHttpCookie(tv, de_ctx, det_ctx, s, f,
flags, alstate, 0) == 1) {
match_flags |= DE_STATE_FLAG_HCD_MATCH;
}
SCLogDebug("inspecting http cookie");
@ -567,7 +567,7 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
inspect_flags |= DE_STATE_FLAG_FILE_TC_INSPECT;
match = DetectFileInspectHttp(tv, det_ctx, f, s, alstate, flags);
match = DetectFileInspectHttp(tv, de_ctx, det_ctx, s, f, flags, alstate, 0);
SCLogDebug("match %d", match);
if (match == 1) {
match_flags |= DE_STATE_FLAG_FILE_TC_MATCH;
@ -583,16 +583,16 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
}
if (s->sm_lists[DETECT_SM_LIST_HSMDMATCH] != NULL) {
inspect_flags |= DE_STATE_FLAG_HSMD_INSPECT;
if (DetectEngineInspectHttpStatMsg(de_ctx, det_ctx, s, f,
flags, alstate) == 1) {
if (DetectEngineInspectHttpStatMsg(tv, de_ctx, det_ctx, s, f,
flags, alstate, 0) == 1) {
match_flags |= DE_STATE_FLAG_HSMD_MATCH;
}
SCLogDebug("inspecting http stat msg");
}
if (s->sm_lists[DETECT_SM_LIST_HSCDMATCH] != NULL) {
inspect_flags |= DE_STATE_FLAG_HSCD_INSPECT;
if (DetectEngineInspectHttpStatCode(de_ctx, det_ctx, s, f,
flags, alstate) == 1) {
if (DetectEngineInspectHttpStatCode(tv, de_ctx, det_ctx, s, f,
flags, alstate, 0) == 1) {
match_flags |= DE_STATE_FLAG_HSCD_MATCH;
}
SCLogDebug("inspecting http stat code");
@ -815,8 +815,8 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete
SCLogDebug("inspecting uri");
inspect_flags |= DE_STATE_FLAG_URI_INSPECT;
if (DetectEngineInspectPacketUris(de_ctx, det_ctx, s,
f, flags, alstate) == 1)
if (DetectEngineInspectPacketUris(tv, de_ctx, det_ctx, s,
f, flags, alstate, 0) == 1)
{
SCLogDebug("uri matched");
match_flags |= DE_STATE_FLAG_URI_MATCH;
@ -832,8 +832,8 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete
SCLogDebug("inspecting http client body data");
inspect_flags |= DE_STATE_FLAG_HCBD_INSPECT;
if (DetectEngineInspectHttpClientBodyV2(de_ctx, det_ctx, s, f,
flags, alstate) == 1) {
if (DetectEngineInspectHttpClientBodyV2(tv, de_ctx, det_ctx, s, f,
flags, alstate, 0) == 1) {
SCLogDebug("http client body matched");
match_flags |= DE_STATE_FLAG_HCBD_MATCH;
}
@ -850,8 +850,8 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete
SCLogDebug("inspecting http header data");
inspect_flags |= DE_STATE_FLAG_HHD_INSPECT;
if (DetectEngineInspectHttpHeaderV2(de_ctx, det_ctx, s, f,
flags, alstate) == 1) {
if (DetectEngineInspectHttpHeaderV2(tv, de_ctx, det_ctx, s, f,
flags, alstate, 0) == 1) {
SCLogDebug("http header matched");
match_flags |= DE_STATE_FLAG_HHD_MATCH;
}
@ -862,8 +862,8 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete
SCLogDebug("inspecting http raw header data");
inspect_flags |= DE_STATE_FLAG_HRHD_INSPECT;
if (DetectEngineInspectHttpRawHeader(de_ctx, det_ctx, s, f,
flags, alstate) == 1) {
if (DetectEngineInspectHttpRawHeader(tv, de_ctx, det_ctx, s, f,
flags, alstate, 0) == 1) {
SCLogDebug("http raw header matched");
match_flags |= DE_STATE_FLAG_HRHD_MATCH;
}
@ -874,8 +874,8 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete
SCLogDebug("inspecting http method data");
inspect_flags |= DE_STATE_FLAG_HMD_INSPECT;
if (DetectEngineInspectHttpMethod(de_ctx, det_ctx, s, f,
flags, alstate) == 1) {
if (DetectEngineInspectHttpMethod(tv, de_ctx, det_ctx, s, f,
flags, alstate, 0) == 1) {
SCLogDebug("http method matched");
match_flags |= DE_STATE_FLAG_HMD_MATCH;
}
@ -886,8 +886,8 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete
SCLogDebug("inspecting http cookie data");
inspect_flags |= DE_STATE_FLAG_HCD_INSPECT;
if (DetectEngineInspectHttpCookie(de_ctx, det_ctx, s, f,
flags, alstate) == 1) {
if (DetectEngineInspectHttpCookie(tv, de_ctx, det_ctx, s, f,
flags, alstate, 0) == 1) {
SCLogDebug("http cookie matched");
match_flags |= DE_STATE_FLAG_HCD_MATCH;
}
@ -898,8 +898,8 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete
SCLogDebug("inspecting http raw uri data");
inspect_flags |= DE_STATE_FLAG_HRUD_INSPECT;
if (DetectEngineInspectHttpRawUri(de_ctx, det_ctx, s, f,
flags, alstate) == 1) {
if (DetectEngineInspectHttpRawUri(tv, de_ctx, det_ctx, s, f,
flags, alstate, 0) == 1) {
SCLogDebug("http raw uri matched");
match_flags |= DE_STATE_FLAG_HRUD_MATCH;
}
@ -914,7 +914,7 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete
inspect_flags |= DE_STATE_FLAG_FILE_TS_INSPECT;
match = DetectFileInspectHttp(tv, det_ctx, f, s, alstate, flags);
match = DetectFileInspectHttp(tv, de_ctx, det_ctx, s, f, flags, alstate, 0);
if (match == 1) {
match_flags |= DE_STATE_FLAG_FILE_TS_MATCH;
} else if (match == 2) {
@ -945,8 +945,8 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete
SCLogDebug("inspecting http user agent data");
inspect_flags |= DE_STATE_FLAG_HUAD_INSPECT;
if (DetectEngineInspectHttpUA(de_ctx, det_ctx, s, f,
flags, alstate) == 1) {
if (DetectEngineInspectHttpUA(tv, de_ctx, det_ctx, s, f,
flags, alstate, 0) == 1) {
SCLogDebug("http user agent matched");
match_flags |= DE_STATE_FLAG_HUAD_MATCH;
}
@ -971,8 +971,8 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete
SCLogDebug("inspecting http server body data");
inspect_flags |= DE_STATE_FLAG_HSBD_INSPECT;
if (DetectEngineInspectHttpServerBodyV2(de_ctx, det_ctx, s, f,
flags, alstate) == 1) {
if (DetectEngineInspectHttpServerBodyV2(tv, de_ctx, det_ctx, s, f,
flags, alstate, 0) == 1) {
SCLogDebug("http server body matched");
match_flags |= DE_STATE_FLAG_HSBD_MATCH;
}
@ -981,8 +981,8 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete
if (s->sm_lists[DETECT_SM_LIST_HHDMATCH] != NULL) {
if (!(item->flags & DE_STATE_FLAG_HHD_MATCH)) {
inspect_flags |= DE_STATE_FLAG_HHD_INSPECT;
if (DetectEngineInspectHttpHeaderV2(de_ctx, det_ctx, s, f,
flags, alstate) == 1) {
if (DetectEngineInspectHttpHeaderV2(tv, de_ctx, det_ctx, s, f,
flags, alstate, 0) == 1) {
match_flags |= DE_STATE_FLAG_HHD_MATCH;
}
}
@ -991,8 +991,8 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete
if (s->sm_lists[DETECT_SM_LIST_HRHDMATCH] != NULL) {
if (!(item->flags & DE_STATE_FLAG_HRHD_MATCH)) {
inspect_flags |= DE_STATE_FLAG_HRHD_INSPECT;
if (DetectEngineInspectHttpRawHeader(de_ctx, det_ctx, s, f,
flags, alstate) == 1) {
if (DetectEngineInspectHttpRawHeader(tv, de_ctx, det_ctx, s, f,
flags, alstate, 0) == 1) {
match_flags |= DE_STATE_FLAG_HRHD_MATCH;
}
SCLogDebug("inspecting http raw header");
@ -1006,8 +1006,8 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete
if (s->sm_lists[DETECT_SM_LIST_HCDMATCH] != NULL) {
if (!(item->flags & DE_STATE_FLAG_HCD_MATCH)) {
inspect_flags |= DE_STATE_FLAG_HCD_INSPECT;
if (DetectEngineInspectHttpCookie(de_ctx, det_ctx, s, f,
flags, alstate) == 1) {
if (DetectEngineInspectHttpCookie(tv, de_ctx, det_ctx, s, f,
flags, alstate, 0) == 1) {
match_flags |= DE_STATE_FLAG_HCD_MATCH;
}
SCLogDebug("inspecting http cookie");
@ -1026,7 +1026,7 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete
inspect_flags |= DE_STATE_FLAG_FILE_TC_INSPECT;
match = DetectFileInspectHttp(tv, det_ctx, f, s, alstate, flags);
match = DetectFileInspectHttp(tv, de_ctx, det_ctx, s, f, flags, alstate, 0);
if (match == 1) {
match_flags |= DE_STATE_FLAG_FILE_TC_MATCH;
} else if (match == 2) {
@ -1045,8 +1045,8 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete
SCLogDebug("inspecting http stat msg data");
inspect_flags |= DE_STATE_FLAG_HSMD_INSPECT;
if (DetectEngineInspectHttpStatMsg(de_ctx, det_ctx, s, f,
flags, alstate) == 1) {
if (DetectEngineInspectHttpStatMsg(tv, de_ctx, det_ctx, s, f,
flags, alstate, 0) == 1) {
SCLogDebug("http stat msg matched");
match_flags |= DE_STATE_FLAG_HSMD_MATCH;
}
@ -1057,8 +1057,8 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete
SCLogDebug("inspecting http stat code data");
inspect_flags |= DE_STATE_FLAG_HSCD_INSPECT;
if (DetectEngineInspectHttpStatCode(de_ctx, det_ctx, s, f,
flags, alstate) == 1) {
if (DetectEngineInspectHttpStatCode(tv, de_ctx, det_ctx, s, f,
flags, alstate, 0) == 1) {
SCLogDebug("http stat code matched");
match_flags |= DE_STATE_FLAG_HSCD_MATCH;
}

8
src/detect-engine-uri.c
Unescape Escape View File

@ -59,9 +59,11 @@
* \retval 0 no match
* \retval 1 match
*/
int DetectEngineInspectPacketUris(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, Signature *s, Flow *f, uint8_t flags,
void *alstate)
int DetectEngineInspectPacketUris(ThreadVars *tv,
DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx,
Signature *s, Flow *f, uint8_t flags,
void *alstate, int tx_id)
{
SCEnter();
int r = 0;

5
src/detect-engine-uri.h
Unescape Escape View File

@ -24,8 +24,9 @@
#ifndef __DETECT_ENGINE_URICONTENT_H__
#define __DETECT_ENGINE_URICONTENT_H__
int DetectEngineInspectPacketUris(DetectEngineCtx *, DetectEngineThreadCtx *,
Signature *, Flow *, uint8_t, void *);
int DetectEngineInspectPacketUris(ThreadVars *tv,
DetectEngineCtx *, DetectEngineThreadCtx *,
Signature *, Flow *, uint8_t, void *, int);
void UriRegisterTests(void);
#endif /* __DETECT_ENGINE_URICONTENT_H__ */

Write Preview
Loading…
Cancel
Save