From 82d3c0b5209f85e5e5e63877cea8abb33345ee0e Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Sat, 9 Jul 2016 09:16:24 +0200 Subject: [PATCH] sgh: remove unused flags --- src/detect-engine-mpm.c | 64 +++++++++++++----------------------- src/detect-engine-siggroup.c | 55 ------------------------------- src/detect.h | 27 --------------- 3 files changed, 22 insertions(+), 124 deletions(-) diff --git a/src/detect-engine-mpm.c b/src/detect-engine-mpm.c index 6c94e7a4a8..6ec91025ef 100644 --- a/src/detect-engine-mpm.c +++ b/src/detect-engine-mpm.c @@ -89,7 +89,6 @@ typedef struct AppLayerMpms_ { int32_t sgh_mpm_context; /**< mpm factory id */ int direction; /**< SIG_FLAG_TOSERVER or SIG_FLAG_TOCLIENT */ int sm_list; - uint32_t flags; /**< flags set to SGH when this mpm is present */ int (*PrefilterRegister)(SigGroupHead *sgh, MpmCtx *mpm_ctx); @@ -98,60 +97,60 @@ typedef struct AppLayerMpms_ { AppLayerMpms app_mpms[] = { { "http_uri", 0, SIG_FLAG_TOSERVER, DETECT_SM_LIST_UMATCH, - SIG_GROUP_HEAD_MPM_URI, PrefilterTxUriRegister, 0 }, + PrefilterTxUriRegister, 0 }, { "http_raw_uri", 0, SIG_FLAG_TOSERVER, DETECT_SM_LIST_HRUDMATCH, - SIG_GROUP_HEAD_MPM_HRUD, PrefilterTxRawUriRegister, 1 }, + PrefilterTxRawUriRegister, 1 }, { "http_header", 0, SIG_FLAG_TOSERVER, DETECT_SM_LIST_HHDMATCH, - SIG_GROUP_HEAD_MPM_HHD, PrefilterTxHttpRequestHeadersRegister, 2}, + PrefilterTxHttpRequestHeadersRegister, 2}, { "http_header", 0, SIG_FLAG_TOCLIENT, DETECT_SM_LIST_HHDMATCH, - SIG_GROUP_HEAD_MPM_HHD, PrefilterTxHttpRequestHeadersRegister, 3}, + PrefilterTxHttpRequestHeadersRegister, 3}, { "http_user_agent", 0, SIG_FLAG_TOSERVER, DETECT_SM_LIST_HUADMATCH, - SIG_GROUP_HEAD_MPM_HUAD, PrefilterTxUARegister, 4}, + PrefilterTxUARegister, 4}, { "http_raw_header", 0, SIG_FLAG_TOSERVER, DETECT_SM_LIST_HRHDMATCH, - SIG_GROUP_HEAD_MPM_HRHD, PrefilterTxRequestHeadersRawRegister, 5}, + PrefilterTxRequestHeadersRawRegister, 5}, { "http_raw_header", 0, SIG_FLAG_TOCLIENT, DETECT_SM_LIST_HRHDMATCH, - SIG_GROUP_HEAD_MPM_HRHD, PrefilterTxResponseHeadersRawRegister, 6}, + PrefilterTxResponseHeadersRawRegister, 6}, { "http_method", 0, SIG_FLAG_TOSERVER, DETECT_SM_LIST_HMDMATCH, - SIG_GROUP_HEAD_MPM_HMD, PrefilterTxMethodRegister, 7}, + PrefilterTxMethodRegister, 7}, { "file_data", 0, SIG_FLAG_TOSERVER, DETECT_SM_LIST_FILEDATA, - SIG_GROUP_HEAD_MPM_FD_SMTP, PrefilterTxSmtpFiledataRegister, 8}, /* smtp */ + PrefilterTxSmtpFiledataRegister, 8}, /* smtp */ { "file_data", 0, SIG_FLAG_TOCLIENT, DETECT_SM_LIST_FILEDATA, - SIG_GROUP_HEAD_MPM_HSBD, PrefilterTxHttpResponseBodyRegister, 9}, /* http server body */ + PrefilterTxHttpResponseBodyRegister, 9}, /* http server body */ { "http_stat_msg", 0, SIG_FLAG_TOCLIENT, DETECT_SM_LIST_HSMDMATCH, - SIG_GROUP_HEAD_MPM_HSMD, PrefilterTxHttpStatMsgRegister, 10}, + PrefilterTxHttpStatMsgRegister, 10}, { "http_stat_code", 0, SIG_FLAG_TOCLIENT, DETECT_SM_LIST_HSCDMATCH, - SIG_GROUP_HEAD_MPM_HSCD, PrefilterTxHttpStatCodeRegister, 11}, + PrefilterTxHttpStatCodeRegister, 11}, { "http_client_body", 0, SIG_FLAG_TOSERVER, DETECT_SM_LIST_HCBDMATCH, - SIG_GROUP_HEAD_MPM_HCBD, PrefilterTxHttpRequestBodyRegister, 12}, + PrefilterTxHttpRequestBodyRegister, 12}, { "http_host", 0, SIG_FLAG_TOSERVER, DETECT_SM_LIST_HHHDMATCH, - SIG_GROUP_HEAD_MPM_HHHD, PrefilterTxHostnameRegister, 13}, + PrefilterTxHostnameRegister, 13}, { "http_raw_host", 0, SIG_FLAG_TOSERVER, DETECT_SM_LIST_HRHHDMATCH, - SIG_GROUP_HEAD_MPM_HRHHD, PrefilterTxHostnameRawRegister, 14}, + PrefilterTxHostnameRawRegister, 14}, { "http_cookie", 0, SIG_FLAG_TOSERVER, DETECT_SM_LIST_HCDMATCH, - SIG_GROUP_HEAD_MPM_HCD, PrefilterTxRequestCookieRegister, 15}, + PrefilterTxRequestCookieRegister, 15}, { "http_cookie", 0, SIG_FLAG_TOCLIENT, DETECT_SM_LIST_HCDMATCH, - SIG_GROUP_HEAD_MPM_HCD, PrefilterTxResponseCookieRegister, 16}, + PrefilterTxResponseCookieRegister, 16}, { "dns_query", 0, SIG_FLAG_TOSERVER, DETECT_SM_LIST_DNSQUERYNAME_MATCH, - SIG_GROUP_HEAD_MPM_DNSQUERY, PrefilterTxDnsQueryRegister, 17}, + PrefilterTxDnsQueryRegister, 17}, { "tls_sni", 0, SIG_FLAG_TOSERVER, DETECT_SM_LIST_TLSSNI_MATCH, - SIG_GROUP_HEAD_MPM_TLSSNI, PrefilterTxTlsSniRegister, 18}, + PrefilterTxTlsSniRegister, 18}, { "tls_cert_issuer", 0, SIG_FLAG_TOCLIENT, DETECT_SM_LIST_TLSISSUER_MATCH, - SIG_GROUP_HEAD_MPM_TLSISSUER, PrefilterTxTlsIssuerRegister, 19}, + PrefilterTxTlsIssuerRegister, 19}, { "tls_cert_subject", 0, SIG_FLAG_TOCLIENT, DETECT_SM_LIST_TLSSUBJECT_MATCH, - SIG_GROUP_HEAD_MPM_TLSSUBJECT, PrefilterTxTlsSubjectRegister, 20}, + PrefilterTxTlsSubjectRegister, 20}, - { NULL, 0, 0, 0, 0, NULL, 0, } + { NULL, 0, 0, 0, NULL, 0, } }; void DetectMpmInitializeAppMpms(DetectEngineCtx *de_ctx) @@ -1262,8 +1261,6 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh) if (mpm_store != NULL) { BUG_ON(sh->mpm_packet_ctx); sh->mpm_packet_ctx = mpm_store->mpm_ctx; - if (sh->mpm_packet_ctx) - sh->flags |= SIG_GROUP_HEAD_MPM_PACKET; PrefilterPktPayloadRegister(sh, mpm_store->mpm_ctx); } @@ -1273,8 +1270,6 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh) BUG_ON(mpm_store == NULL); BUG_ON(sh->mpm_stream_ctx); sh->mpm_stream_ctx = mpm_store->mpm_ctx; - if (sh->mpm_stream_ctx) - sh->flags |= SIG_GROUP_HEAD_MPM_STREAM; PrefilterPktStreamRegister(sh, mpm_store->mpm_ctx); } @@ -1284,8 +1279,6 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh) if (mpm_store != NULL) { BUG_ON(sh->mpm_packet_ctx); sh->mpm_packet_ctx = mpm_store->mpm_ctx; - if (sh->mpm_packet_ctx) - sh->flags |= SIG_GROUP_HEAD_MPM_PACKET; PrefilterPktPayloadRegister(sh, mpm_store->mpm_ctx); } @@ -1294,8 +1287,6 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh) if (mpm_store != NULL) { BUG_ON(sh->mpm_stream_ctx); sh->mpm_stream_ctx = mpm_store->mpm_ctx; - if (sh->mpm_stream_ctx) - sh->flags |= SIG_GROUP_HEAD_MPM_STREAM; PrefilterPktStreamRegister(sh, mpm_store->mpm_ctx); } @@ -1308,9 +1299,6 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh) BUG_ON(sh->mpm_packet_ctx); sh->mpm_packet_ctx = mpm_store->mpm_ctx; - if (sh->mpm_packet_ctx != NULL) - sh->flags |= SIG_GROUP_HEAD_MPM_PACKET; - PrefilterPktPayloadRegister(sh, mpm_store->mpm_ctx); } } @@ -1320,9 +1308,6 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh) BUG_ON(sh->mpm_packet_ctx); sh->mpm_packet_ctx = mpm_store->mpm_ctx; - if (sh->mpm_packet_ctx != NULL) - sh->flags |= SIG_GROUP_HEAD_MPM_PACKET; - PrefilterPktPayloadRegister(sh, mpm_store->mpm_ctx); } } @@ -1332,9 +1317,6 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh) BUG_ON(sh->mpm_packet_ctx); sh->mpm_packet_ctx = mpm_store->mpm_ctx; - if (sh->mpm_packet_ctx != NULL) - sh->flags |= SIG_GROUP_HEAD_MPM_PACKET; - PrefilterPktPayloadRegister(sh, mpm_store->mpm_ctx); } } @@ -1344,8 +1326,6 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh) mpm_store = MpmStorePrepareBuffer2(de_ctx, sh, a); if (mpm_store != NULL) { sh->init->app_mpms[a->id] = mpm_store->mpm_ctx; - if (sh->init->app_mpms[a->id] != NULL) - sh->flags |= a->flags; if (a->PrefilterRegister) { BUG_ON(a->PrefilterRegister(sh, mpm_store->mpm_ctx) != 0); diff --git a/src/detect-engine-siggroup.c b/src/detect-engine-siggroup.c index c546d4da52..dee7234a96 100644 --- a/src/detect-engine-siggroup.c +++ b/src/detect-engine-siggroup.c @@ -1235,60 +1235,6 @@ end: UTHFreePackets(&p, 1); return result; } - -/** - * \test sig grouping bug. - */ -static int SigGroupHeadTest11(void) -{ - int result = 0; - DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - Signature *s = NULL; - Packet *p = NULL; - DetectEngineThreadCtx *det_ctx = NULL; - ThreadVars th_v; - - memset(&th_v, 0, sizeof(ThreadVars)); - - p = UTHBuildPacketReal(NULL, 0, IPPROTO_TCP, "192.168.1.1", "1.2.3.4", 60000, 80); - - if (de_ctx == NULL || p == NULL) - return 0; - - s = DetectEngineAppendSig(de_ctx, "alert tcp any 1024: -> any 1024: (content:\"abc\"; sid:1;)"); - if (s == NULL) { - goto end; - } - s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any (content:\"def\"; http_client_body; sid:2;)"); - if (s == NULL) { - goto end; - } - - SigGroupBuild(de_ctx); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); - - AddressDebugPrint(&p->dst); - - SigGroupHead *sgh = SigMatchSignaturesGetSgh(de_ctx, det_ctx, p); - if (sgh == NULL) { - goto end; - } - - /* check if hcbd flag is set in sgh */ - if (!(sgh->flags & SIG_GROUP_HEAD_MPM_HCBD)) { - printf("sgh has not SIG_GROUP_HEAD_MPM_HCBD flag set: "); - goto end; - } - - /* check if sig 2 is part of the sgh */ - - result = 1; -end: - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - UTHFreePackets(&p, 1); - return result; -} #endif void SigGroupHeadRegisterTests(void) @@ -1300,6 +1246,5 @@ void SigGroupHeadRegisterTests(void) UtRegisterTest("SigGroupHeadTest08", SigGroupHeadTest08); UtRegisterTest("SigGroupHeadTest09", SigGroupHeadTest09); UtRegisterTest("SigGroupHeadTest10", SigGroupHeadTest10); - UtRegisterTest("SigGroupHeadTest11", SigGroupHeadTest11); #endif } diff --git a/src/detect.h b/src/detect.h index 6c8b333ba6..e40511331d 100644 --- a/src/detect.h +++ b/src/detect.h @@ -920,39 +920,12 @@ typedef struct SigTableElmt_ { } SigTableElmt; -#define SIG_GROUP_HEAD_MPM_URI (1) -#define SIG_GROUP_HEAD_MPM_HCBD (1 << 1) -#define SIG_GROUP_HEAD_MPM_HHD (1 << 2) -#define SIG_GROUP_HEAD_MPM_HRHD (1 << 3) -#define SIG_GROUP_HEAD_MPM_HMD (1 << 4) -#define SIG_GROUP_HEAD_MPM_HCD (1 << 5) -#define SIG_GROUP_HEAD_MPM_HRUD (1 << 6) -#define SIG_GROUP_HEAD_MPM_HSBD (1 << 7) -#define SIG_GROUP_HEAD_MPM_HSMD (1 << 8) -#define SIG_GROUP_HEAD_MPM_HSCD (1 << 9) -#define SIG_GROUP_HEAD_MPM_HUAD (1 << 10) -#define SIG_GROUP_HEAD_MPM_HHHD (1 << 11) -#define SIG_GROUP_HEAD_MPM_HRHHD (1 << 12) - -#define SIG_GROUP_HEAD_MPM_COPY (1 << 13) -#define SIG_GROUP_HEAD_MPM_URI_COPY (1 << 14) -#define SIG_GROUP_HEAD_MPM_STREAM_COPY (1 << 15) -#define SIG_GROUP_HEAD_FREE (1 << 16) -#define SIG_GROUP_HEAD_MPM_PACKET (1 << 17) -#define SIG_GROUP_HEAD_MPM_STREAM (1 << 18) - #define SIG_GROUP_HEAD_HAVEFILEMAGIC (1 << 20) #define SIG_GROUP_HEAD_HAVEFILEMD5 (1 << 21) #define SIG_GROUP_HEAD_HAVEFILESIZE (1 << 22) #define SIG_GROUP_HEAD_HAVEFILESHA1 (1 << 23) #define SIG_GROUP_HEAD_HAVEFILESHA256 (1 << 24) -#define SIG_GROUP_HEAD_MPM_DNSQUERY (1 << 25) -#define SIG_GROUP_HEAD_MPM_TLSSNI (1 << 26) -#define SIG_GROUP_HEAD_MPM_TLSISSUER (1 << 27) -#define SIG_GROUP_HEAD_MPM_TLSSUBJECT (1 << 28) -#define SIG_GROUP_HEAD_MPM_FD_SMTP (1 << 29) - #define APP_MPMS_MAX 21 enum MpmBuiltinBuffers {