From a44da9f5cb0be1c1c85ce847a86d4addaf2868d8 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Tue, 18 Oct 2016 00:41:17 +0200 Subject: [PATCH] detect: simplify SIG_FLAG_STATE_MATCH set logic --- src/detect-engine.c | 2 ++ src/detect-parse.c | 77 ++------------------------------------------- 2 files changed, 4 insertions(+), 75 deletions(-) diff --git a/src/detect-engine.c b/src/detect-engine.c index e1af308ed1..05fe1a0f76 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -190,6 +190,8 @@ int DetectEngineAppInspectionEngine2Signature(Signature *s) new_engine->inspect_flags = BIT_U32(new_engine->id + DE_STATE_FLAG_BASE); } SCLogDebug("sid %u: engine %p/%u added", s->id, new_engine, new_engine->id); + + s->flags |= SIG_FLAG_STATE_MATCH; next: t = t->next; } diff --git a/src/detect-parse.c b/src/detect-parse.c index 7307d974be..17042cb54d 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -1559,85 +1559,12 @@ static Signature *SigInitHelper(DetectEngineCtx *de_ctx, char *sigstr, if (sig->sm_lists[DETECT_SM_LIST_AMATCH] != NULL) sig->flags |= SIG_FLAG_APPLAYER; - if (sig->sm_lists[DETECT_SM_LIST_UMATCH]) - sig->flags |= SIG_FLAG_STATE_MATCH; if (sig->sm_lists[DETECT_SM_LIST_DMATCH]) sig->flags |= SIG_FLAG_STATE_MATCH; if (sig->sm_lists[DETECT_SM_LIST_AMATCH]) sig->flags |= SIG_FLAG_STATE_MATCH; - if (sig->sm_lists[DETECT_SM_LIST_HTTP_REQLINEMATCH]) - sig->flags |= SIG_FLAG_STATE_MATCH; - if (sig->sm_lists[DETECT_SM_LIST_HTTP_RESLINEMATCH]) - sig->flags |= SIG_FLAG_STATE_MATCH; - if (sig->sm_lists[DETECT_SM_LIST_HCBDMATCH]) - sig->flags |= SIG_FLAG_STATE_MATCH; - if (sig->sm_lists[DETECT_SM_LIST_FILEDATA]) - sig->flags |= SIG_FLAG_STATE_MATCH; - if (sig->sm_lists[DETECT_SM_LIST_HHDMATCH]) - sig->flags |= SIG_FLAG_STATE_MATCH; - if (sig->sm_lists[DETECT_SM_LIST_HRHDMATCH]) - sig->flags |= SIG_FLAG_STATE_MATCH; - if (sig->sm_lists[DETECT_SM_LIST_HMDMATCH]) - sig->flags |= SIG_FLAG_STATE_MATCH; - if (sig->sm_lists[DETECT_SM_LIST_HCDMATCH]) - sig->flags |= SIG_FLAG_STATE_MATCH; - if (sig->sm_lists[DETECT_SM_LIST_HRUDMATCH]) - sig->flags |= SIG_FLAG_STATE_MATCH; - if (sig->sm_lists[DETECT_SM_LIST_FILEMATCH]) - sig->flags |= SIG_FLAG_STATE_MATCH; - if (sig->sm_lists[DETECT_SM_LIST_HSMDMATCH]) - sig->flags |= SIG_FLAG_STATE_MATCH; - if (sig->sm_lists[DETECT_SM_LIST_HSCDMATCH]) - sig->flags |= SIG_FLAG_STATE_MATCH; - if (sig->sm_lists[DETECT_SM_LIST_HUADMATCH]) - sig->flags |= SIG_FLAG_STATE_MATCH; - if (sig->sm_lists[DETECT_SM_LIST_HHHDMATCH]) - sig->flags |= SIG_FLAG_STATE_MATCH; - if (sig->sm_lists[DETECT_SM_LIST_HRHHDMATCH]) - sig->flags |= SIG_FLAG_STATE_MATCH; - - /* DNP3. */ - if (sig->sm_lists[DETECT_SM_LIST_DNP3_DATA_MATCH]) { - sig->flags |= SIG_FLAG_STATE_MATCH; - } - if (sig->sm_lists[DETECT_SM_LIST_DNP3_MATCH]) { - sig->flags |= SIG_FLAG_STATE_MATCH; - } - - /* Template. */ - if (sig->sm_lists[DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH]) { - sig->flags |= SIG_FLAG_STATE_MATCH; - } - - /* DNS */ - if (sig->sm_lists[DETECT_SM_LIST_DNSQUERYNAME_MATCH]) - sig->flags |= SIG_FLAG_STATE_MATCH; - if (sig->sm_lists[DETECT_SM_LIST_DNSREQUEST_MATCH]) { - sig->flags |= SIG_FLAG_STATE_MATCH; - } - if (sig->sm_lists[DETECT_SM_LIST_DNSRESPONSE_MATCH]) { - sig->flags |= SIG_FLAG_STATE_MATCH; - } - - /* TLS */ - if (sig->sm_lists[DETECT_SM_LIST_TLSSNI_MATCH]) - sig->flags |= SIG_FLAG_STATE_MATCH; - if (sig->sm_lists[DETECT_SM_LIST_TLSISSUER_MATCH]) - sig->flags |= SIG_FLAG_STATE_MATCH; - if (sig->sm_lists[DETECT_SM_LIST_TLSSUBJECT_MATCH]) - sig->flags |= SIG_FLAG_STATE_MATCH; - if (sig->sm_lists[DETECT_SM_LIST_TLSVALIDITY_MATCH]) - sig->flags |= SIG_FLAG_STATE_MATCH; - - if (sig->sm_lists[DETECT_SM_LIST_MODBUS_MATCH]) - sig->flags |= SIG_FLAG_STATE_MATCH; - if (sig->sm_lists[DETECT_SM_LIST_APP_EVENT]) - sig->flags |= SIG_FLAG_STATE_MATCH; - - if (sig->sm_lists[DETECT_SM_LIST_CIP_MATCH]) - sig->flags |= SIG_FLAG_STATE_MATCH; - if (sig->sm_lists[DETECT_SM_LIST_ENIP_MATCH]) - sig->flags |= SIG_FLAG_STATE_MATCH; + /* for other lists this flag is set when the inspect engines + * are registered */ if (!(sig->init_flags & SIG_FLAG_INIT_FLOW)) { sig->flags |= SIG_FLAG_TOSERVER;