aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

sgh: remove unused flags

Browse Source
pull/2310/head
Victor Julien 9 years ago
parent 08407b6d47
commit 82d3c0b520
3 changed files with 22 additions and 124 deletions
Show Stats Download Patch File Download Diff File

64
src/detect-engine-mpm.c
Unescape Escape View File

@ -89,7 +89,6 @@ typedef struct AppLayerMpms_ {
int32_t sgh_mpm_context; /**< mpm factory id */
int direction; /**< SIG_FLAG_TOSERVER or SIG_FLAG_TOCLIENT */
int sm_list;
uint32_t flags; /**< flags set to SGH when this mpm is present */
int (*PrefilterRegister)(SigGroupHead *sgh, MpmCtx *mpm_ctx);
@ -98,60 +97,60 @@ typedef struct AppLayerMpms_ {
AppLayerMpms app_mpms[] = {
{ "http_uri", 0, SIG_FLAG_TOSERVER, DETECT_SM_LIST_UMATCH,
SIG_GROUP_HEAD_MPM_URI, PrefilterTxUriRegister, 0 },
PrefilterTxUriRegister, 0 },
{ "http_raw_uri", 0, SIG_FLAG_TOSERVER, DETECT_SM_LIST_HRUDMATCH,
SIG_GROUP_HEAD_MPM_HRUD, PrefilterTxRawUriRegister, 1 },
PrefilterTxRawUriRegister, 1 },
{ "http_header", 0, SIG_FLAG_TOSERVER, DETECT_SM_LIST_HHDMATCH,
SIG_GROUP_HEAD_MPM_HHD, PrefilterTxHttpRequestHeadersRegister, 2},
PrefilterTxHttpRequestHeadersRegister, 2},
{ "http_header", 0, SIG_FLAG_TOCLIENT, DETECT_SM_LIST_HHDMATCH,
SIG_GROUP_HEAD_MPM_HHD, PrefilterTxHttpRequestHeadersRegister, 3},
PrefilterTxHttpRequestHeadersRegister, 3},
{ "http_user_agent", 0, SIG_FLAG_TOSERVER, DETECT_SM_LIST_HUADMATCH,
SIG_GROUP_HEAD_MPM_HUAD, PrefilterTxUARegister, 4},
PrefilterTxUARegister, 4},
{ "http_raw_header", 0, SIG_FLAG_TOSERVER, DETECT_SM_LIST_HRHDMATCH,
SIG_GROUP_HEAD_MPM_HRHD, PrefilterTxRequestHeadersRawRegister, 5},
PrefilterTxRequestHeadersRawRegister, 5},
{ "http_raw_header", 0, SIG_FLAG_TOCLIENT, DETECT_SM_LIST_HRHDMATCH,
SIG_GROUP_HEAD_MPM_HRHD, PrefilterTxResponseHeadersRawRegister, 6},
PrefilterTxResponseHeadersRawRegister, 6},
{ "http_method", 0, SIG_FLAG_TOSERVER, DETECT_SM_LIST_HMDMATCH,
SIG_GROUP_HEAD_MPM_HMD, PrefilterTxMethodRegister, 7},
PrefilterTxMethodRegister, 7},
{ "file_data", 0, SIG_FLAG_TOSERVER, DETECT_SM_LIST_FILEDATA,
SIG_GROUP_HEAD_MPM_FD_SMTP, PrefilterTxSmtpFiledataRegister, 8}, /* smtp */
PrefilterTxSmtpFiledataRegister, 8}, /* smtp */
{ "file_data", 0, SIG_FLAG_TOCLIENT, DETECT_SM_LIST_FILEDATA,
SIG_GROUP_HEAD_MPM_HSBD, PrefilterTxHttpResponseBodyRegister, 9}, /* http server body */
PrefilterTxHttpResponseBodyRegister, 9}, /* http server body */
{ "http_stat_msg", 0, SIG_FLAG_TOCLIENT, DETECT_SM_LIST_HSMDMATCH,
SIG_GROUP_HEAD_MPM_HSMD, PrefilterTxHttpStatMsgRegister, 10},
PrefilterTxHttpStatMsgRegister, 10},
{ "http_stat_code", 0, SIG_FLAG_TOCLIENT, DETECT_SM_LIST_HSCDMATCH,
SIG_GROUP_HEAD_MPM_HSCD, PrefilterTxHttpStatCodeRegister, 11},
PrefilterTxHttpStatCodeRegister, 11},
{ "http_client_body", 0, SIG_FLAG_TOSERVER, DETECT_SM_LIST_HCBDMATCH,
SIG_GROUP_HEAD_MPM_HCBD, PrefilterTxHttpRequestBodyRegister, 12},
PrefilterTxHttpRequestBodyRegister, 12},
{ "http_host", 0, SIG_FLAG_TOSERVER, DETECT_SM_LIST_HHHDMATCH,
SIG_GROUP_HEAD_MPM_HHHD, PrefilterTxHostnameRegister, 13},
PrefilterTxHostnameRegister, 13},
{ "http_raw_host", 0, SIG_FLAG_TOSERVER, DETECT_SM_LIST_HRHHDMATCH,
SIG_GROUP_HEAD_MPM_HRHHD, PrefilterTxHostnameRawRegister, 14},
PrefilterTxHostnameRawRegister, 14},
{ "http_cookie", 0, SIG_FLAG_TOSERVER, DETECT_SM_LIST_HCDMATCH,
SIG_GROUP_HEAD_MPM_HCD, PrefilterTxRequestCookieRegister, 15},
PrefilterTxRequestCookieRegister, 15},
{ "http_cookie", 0, SIG_FLAG_TOCLIENT, DETECT_SM_LIST_HCDMATCH,
SIG_GROUP_HEAD_MPM_HCD, PrefilterTxResponseCookieRegister, 16},
PrefilterTxResponseCookieRegister, 16},
{ "dns_query", 0, SIG_FLAG_TOSERVER, DETECT_SM_LIST_DNSQUERYNAME_MATCH,
SIG_GROUP_HEAD_MPM_DNSQUERY, PrefilterTxDnsQueryRegister, 17},
PrefilterTxDnsQueryRegister, 17},
{ "tls_sni", 0, SIG_FLAG_TOSERVER, DETECT_SM_LIST_TLSSNI_MATCH,
SIG_GROUP_HEAD_MPM_TLSSNI, PrefilterTxTlsSniRegister, 18},
PrefilterTxTlsSniRegister, 18},
{ "tls_cert_issuer", 0, SIG_FLAG_TOCLIENT, DETECT_SM_LIST_TLSISSUER_MATCH,
SIG_GROUP_HEAD_MPM_TLSISSUER, PrefilterTxTlsIssuerRegister, 19},
PrefilterTxTlsIssuerRegister, 19},
{ "tls_cert_subject", 0, SIG_FLAG_TOCLIENT, DETECT_SM_LIST_TLSSUBJECT_MATCH,
SIG_GROUP_HEAD_MPM_TLSSUBJECT, PrefilterTxTlsSubjectRegister, 20},
PrefilterTxTlsSubjectRegister, 20},
{ NULL, 0, 0, 0, 0, NULL, 0, }
{ NULL, 0, 0, 0, NULL, 0, }
};
void DetectMpmInitializeAppMpms(DetectEngineCtx *de_ctx)
@ -1262,8 +1261,6 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh)
if (mpm_store != NULL) {
BUG_ON(sh->mpm_packet_ctx);
sh->mpm_packet_ctx = mpm_store->mpm_ctx;
if (sh->mpm_packet_ctx)
sh->flags |= SIG_GROUP_HEAD_MPM_PACKET;
PrefilterPktPayloadRegister(sh, mpm_store->mpm_ctx);
}
@ -1273,8 +1270,6 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh)
BUG_ON(mpm_store == NULL);
BUG_ON(sh->mpm_stream_ctx);
sh->mpm_stream_ctx = mpm_store->mpm_ctx;
if (sh->mpm_stream_ctx)
sh->flags |= SIG_GROUP_HEAD_MPM_STREAM;
PrefilterPktStreamRegister(sh, mpm_store->mpm_ctx);
}
@ -1284,8 +1279,6 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh)
if (mpm_store != NULL) {
BUG_ON(sh->mpm_packet_ctx);
sh->mpm_packet_ctx = mpm_store->mpm_ctx;
if (sh->mpm_packet_ctx)
sh->flags |= SIG_GROUP_HEAD_MPM_PACKET;
PrefilterPktPayloadRegister(sh, mpm_store->mpm_ctx);
}
@ -1294,8 +1287,6 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh)
if (mpm_store != NULL) {
BUG_ON(sh->mpm_stream_ctx);
sh->mpm_stream_ctx = mpm_store->mpm_ctx;
if (sh->mpm_stream_ctx)
sh->flags |= SIG_GROUP_HEAD_MPM_STREAM;
PrefilterPktStreamRegister(sh, mpm_store->mpm_ctx);
}
@ -1308,9 +1299,6 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh)
BUG_ON(sh->mpm_packet_ctx);
sh->mpm_packet_ctx = mpm_store->mpm_ctx;
if (sh->mpm_packet_ctx != NULL)
sh->flags |= SIG_GROUP_HEAD_MPM_PACKET;
PrefilterPktPayloadRegister(sh, mpm_store->mpm_ctx);
}
}
@ -1320,9 +1308,6 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh)
BUG_ON(sh->mpm_packet_ctx);
sh->mpm_packet_ctx = mpm_store->mpm_ctx;
if (sh->mpm_packet_ctx != NULL)
sh->flags |= SIG_GROUP_HEAD_MPM_PACKET;
PrefilterPktPayloadRegister(sh, mpm_store->mpm_ctx);
}
}
@ -1332,9 +1317,6 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh)
BUG_ON(sh->mpm_packet_ctx);
sh->mpm_packet_ctx = mpm_store->mpm_ctx;
if (sh->mpm_packet_ctx != NULL)
sh->flags |= SIG_GROUP_HEAD_MPM_PACKET;
PrefilterPktPayloadRegister(sh, mpm_store->mpm_ctx);
}
}
@ -1344,8 +1326,6 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh)
mpm_store = MpmStorePrepareBuffer2(de_ctx, sh, a);
if (mpm_store != NULL) {
sh->init->app_mpms[a->id] = mpm_store->mpm_ctx;
if (sh->init->app_mpms[a->id] != NULL)
sh->flags |= a->flags;
if (a->PrefilterRegister) {
BUG_ON(a->PrefilterRegister(sh, mpm_store->mpm_ctx) != 0);

55
src/detect-engine-siggroup.c
Unescape Escape View File

@ -1235,60 +1235,6 @@ end:
UTHFreePackets(&p, 1);
return result;
}
/**
* \test sig grouping bug.
*/
static int SigGroupHeadTest11(void)
{
int result = 0;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
Signature *s = NULL;
Packet *p = NULL;
DetectEngineThreadCtx *det_ctx = NULL;
ThreadVars th_v;
memset(&th_v, 0, sizeof(ThreadVars));
p = UTHBuildPacketReal(NULL, 0, IPPROTO_TCP, "192.168.1.1", "1.2.3.4", 60000, 80);
if (de_ctx == NULL || p == NULL)
return 0;
s = DetectEngineAppendSig(de_ctx, "alert tcp any 1024: -> any 1024: (content:\"abc\"; sid:1;)");
if (s == NULL) {
goto end;
}
s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any (content:\"def\"; http_client_body; sid:2;)");
if (s == NULL) {
goto end;
}
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
AddressDebugPrint(&p->dst);
SigGroupHead *sgh = SigMatchSignaturesGetSgh(de_ctx, det_ctx, p);
if (sgh == NULL) {
goto end;
}
/* check if hcbd flag is set in sgh */
if (!(sgh->flags & SIG_GROUP_HEAD_MPM_HCBD)) {
printf("sgh has not SIG_GROUP_HEAD_MPM_HCBD flag set: ");
goto end;
}
/* check if sig 2 is part of the sgh */
result = 1;
end:
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
UTHFreePackets(&p, 1);
return result;
}
#endif
void SigGroupHeadRegisterTests(void)
@ -1300,6 +1246,5 @@ void SigGroupHeadRegisterTests(void)
UtRegisterTest("SigGroupHeadTest08", SigGroupHeadTest08);
UtRegisterTest("SigGroupHeadTest09", SigGroupHeadTest09);
UtRegisterTest("SigGroupHeadTest10", SigGroupHeadTest10);
UtRegisterTest("SigGroupHeadTest11", SigGroupHeadTest11);
#endif
}

27
src/detect.h
Unescape Escape View File

@ -920,39 +920,12 @@ typedef struct SigTableElmt_ {
} SigTableElmt;
#define SIG_GROUP_HEAD_MPM_URI (1)
#define SIG_GROUP_HEAD_MPM_HCBD (1 << 1)
#define SIG_GROUP_HEAD_MPM_HHD (1 << 2)
#define SIG_GROUP_HEAD_MPM_HRHD (1 << 3)
#define SIG_GROUP_HEAD_MPM_HMD (1 << 4)
#define SIG_GROUP_HEAD_MPM_HCD (1 << 5)
#define SIG_GROUP_HEAD_MPM_HRUD (1 << 6)
#define SIG_GROUP_HEAD_MPM_HSBD (1 << 7)
#define SIG_GROUP_HEAD_MPM_HSMD (1 << 8)
#define SIG_GROUP_HEAD_MPM_HSCD (1 << 9)
#define SIG_GROUP_HEAD_MPM_HUAD (1 << 10)
#define SIG_GROUP_HEAD_MPM_HHHD (1 << 11)
#define SIG_GROUP_HEAD_MPM_HRHHD (1 << 12)
#define SIG_GROUP_HEAD_MPM_COPY (1 << 13)
#define SIG_GROUP_HEAD_MPM_URI_COPY (1 << 14)
#define SIG_GROUP_HEAD_MPM_STREAM_COPY (1 << 15)
#define SIG_GROUP_HEAD_FREE (1 << 16)
#define SIG_GROUP_HEAD_MPM_PACKET (1 << 17)
#define SIG_GROUP_HEAD_MPM_STREAM (1 << 18)
#define SIG_GROUP_HEAD_HAVEFILEMAGIC (1 << 20)
#define SIG_GROUP_HEAD_HAVEFILEMD5 (1 << 21)
#define SIG_GROUP_HEAD_HAVEFILESIZE (1 << 22)
#define SIG_GROUP_HEAD_HAVEFILESHA1 (1 << 23)
#define SIG_GROUP_HEAD_HAVEFILESHA256 (1 << 24)
#define SIG_GROUP_HEAD_MPM_DNSQUERY (1 << 25)
#define SIG_GROUP_HEAD_MPM_TLSSNI (1 << 26)
#define SIG_GROUP_HEAD_MPM_TLSISSUER (1 << 27)
#define SIG_GROUP_HEAD_MPM_TLSSUBJECT (1 << 28)
#define SIG_GROUP_HEAD_MPM_FD_SMTP (1 << 29)
#define APP_MPMS_MAX 21
enum MpmBuiltinBuffers {

Write Preview
Loading…
Cancel
Save