diff --git a/src/detect-dce-iface.c b/src/detect-dce-iface.c index de711e3df5..b7033fc1f4 100644 --- a/src/detect-dce-iface.c +++ b/src/detect-dce-iface.c @@ -160,11 +160,9 @@ static int DetectDceIfaceSetup(DetectEngineCtx *de_ctx, Signature *s, const char { SCEnter(); - if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_DCERPC && - s->alproto != ALPROTO_SMB) { - SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords."); + if (DetectSignatureSetAppProto(s, ALPROTO_DCERPC) < 0) return -1; - } + void *did = rs_dcerpc_iface_parse(arg); if (did == NULL) { SCLogError(SC_ERR_INVALID_SIGNATURE, "Error parsing dce_iface option in " @@ -181,7 +179,6 @@ static int DetectDceIfaceSetup(DetectEngineCtx *de_ctx, Signature *s, const char sm->ctx = did; SigMatchAppendSMToList(s, sm, g_dce_generic_list_id); - s->init_data->init_flags |= SIG_FLAG_INIT_DCERPC; return 0; } diff --git a/src/detect-dce-opnum.c b/src/detect-dce-opnum.c index ccaa12b6f6..6f19ecf47d 100644 --- a/src/detect-dce-opnum.c +++ b/src/detect-dce-opnum.c @@ -132,11 +132,9 @@ static int DetectDceOpnumSetup(DetectEngineCtx *de_ctx, Signature *s, const char return -1; } - if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_DCERPC && - s->alproto != ALPROTO_SMB) { - SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords."); + if (DetectSignatureSetAppProto(s, ALPROTO_DCERPC) < 0) return -1; - } + void *dod = rs_dcerpc_opnum_parse(arg); if (dod == NULL) { SCLogError(SC_ERR_INVALID_SIGNATURE, "Error parsing dce_opnum option in " @@ -154,7 +152,6 @@ static int DetectDceOpnumSetup(DetectEngineCtx *de_ctx, Signature *s, const char sm->ctx = (void *)dod; SigMatchAppendSMToList(s, sm, g_dce_generic_list_id); - s->init_data->init_flags |= SIG_FLAG_INIT_DCERPC; return 0; } diff --git a/src/detect-dce-stub-data.c b/src/detect-dce-stub-data.c index 69a9f1a849..61e3206b48 100644 --- a/src/detect-dce-stub-data.c +++ b/src/detect-dce-stub-data.c @@ -158,8 +158,7 @@ void DetectDceStubDataRegister(void) } /** - * \brief Creates a SigMatch for the \"dce_stub_data\" keyword being sent as argument, - * and appends it to the Signature(s). + * \brief setups the dce_stub_data list * * \param de_ctx Pointer to the detection engine context * \param s Pointer to signature for the current Signature being parsed @@ -171,15 +170,10 @@ void DetectDceStubDataRegister(void) static int DetectDceStubDataSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg) { - if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_DCERPC && - s->alproto != ALPROTO_SMB) { - SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords."); + if (DetectSignatureSetAppProto(s, ALPROTO_DCERPC) < 0) return -1; - } if (DetectBufferSetActiveList(s, g_dce_stub_data_buffer_id) < 0) return -1; - - s->init_data->init_flags |= SIG_FLAG_INIT_DCERPC; return 0; } diff --git a/src/detect-parse.c b/src/detect-parse.c index cf495bf051..ad509fb6f9 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -1887,14 +1887,6 @@ static int SigValidate(DetectEngineCtx *de_ctx, Signature *s) AppLayerHtpNeedFileInspection(); } } - if (s->init_data->init_flags & SIG_FLAG_INIT_DCERPC) { - if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_DCERPC && - s->alproto != ALPROTO_SMB) { - SCLogError(SC_ERR_NO_FILES_FOR_PROTOCOL, "protocol %s doesn't support DCERPC keyword", - AppProtoToString(s->alproto)); - SCReturnInt(0); - } - } SCReturnInt(1); } diff --git a/src/detect.h b/src/detect.h index 3ee4901cc6..df6f14493c 100644 --- a/src/detect.h +++ b/src/detect.h @@ -266,7 +266,6 @@ typedef struct DetectPort_ { #define SIG_FLAG_INIT_NEED_FLUSH BIT_U32(7) #define SIG_FLAG_INIT_PRIO_EXPLICT BIT_U32(8) /**< priority is explicitly set by the priority keyword */ #define SIG_FLAG_INIT_FILEDATA BIT_U32(9) /**< signature has filedata keyword */ -#define SIG_FLAG_INIT_DCERPC BIT_U32(10) /**< signature has DCERPC keyword */ /* signature mask flags */ /** \note: additions should be added to the rule analyzer as well */