detect: remove the AMATCH list

8 years ago · ad238121e3
parent 775e182531
commit ad238121e3
6 changed files with 1 additions and 54 deletions
--- a/src/detect-app-layer-protocol.c
+++ b/src/detect-app-layer-protocol.c
@ -355,7 +355,6 @@ static int DetectAppLayerProtocolTest04(void)
    FAIL_IF(s->alproto != ALPROTO_UNKNOWN);
    FAIL_IF(s->flags & SIG_FLAG_APPLAYER);

-    FAIL_IF_NOT(s->sm_lists[DETECT_SM_LIST_AMATCH] == NULL);
    FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_MATCH]);
    FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_MATCH]->ctx);

@ -382,7 +381,6 @@ static int DetectAppLayerProtocolTest05(void)
    FAIL_IF(s->alproto != ALPROTO_UNKNOWN);
    FAIL_IF(s->flags & SIG_FLAG_APPLAYER);

-    FAIL_IF_NOT(s->sm_lists[DETECT_SM_LIST_AMATCH] == NULL);
    FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_MATCH]);
    FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_MATCH]->ctx);

--- a/src/detect-dce-stub-data.c
+++ b/src/detect-dce-stub-data.c
@ -110,7 +110,6 @@ static int DetectDceStubDataTestParse01(void)
    Signature *s = DetectEngineAppendSig(de_ctx,
            "alert tcp any any -> any any (dce_stub_data; content:\"1\"; sid:1;)");
    FAIL_IF_NULL(s);
-    FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_AMATCH]);
    FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_DMATCH]);
    DetectEngineCtxFree(de_ctx);
    PASS;
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@ -2906,8 +2906,6 @@ const char *DetectSigmatchListEnumToString(enum DetectSigmatchListEnum type)
        case DETECT_SM_LIST_PMATCH:
            return "packet/stream payload";

-        case DETECT_SM_LIST_AMATCH:
-            return "generic app layer";
        case DETECT_SM_LIST_DMATCH:
            return "dcerpc";
        case DETECT_SM_LIST_TMATCH:
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@ -141,7 +141,6 @@ const char *DetectListToHumanString(int list)
    switch (list) {
        CASE_CODE_STRING(DETECT_SM_LIST_MATCH, "packet");
        CASE_CODE_STRING(DETECT_SM_LIST_PMATCH, "payload");
-        CASE_CODE_STRING(DETECT_SM_LIST_AMATCH, "app-layer");
        CASE_CODE_STRING(DETECT_SM_LIST_DMATCH, "dcerpc");
        CASE_CODE_STRING(DETECT_SM_LIST_TMATCH, "tag");
        CASE_CODE_STRING(DETECT_SM_LIST_POSTMATCH, "postmatch");
@ -159,7 +158,6 @@ const char *DetectListToString(int list)
    switch (list) {
        CASE_CODE(DETECT_SM_LIST_MATCH);
        CASE_CODE(DETECT_SM_LIST_PMATCH);
-        CASE_CODE(DETECT_SM_LIST_AMATCH);
        CASE_CODE(DETECT_SM_LIST_DMATCH);
        CASE_CODE(DETECT_SM_LIST_TMATCH);
        CASE_CODE(DETECT_SM_LIST_POSTMATCH);
@ -1461,19 +1459,6 @@ int SigValidate(DetectEngineCtx *de_ctx, Signature *s)
        }
    }

-    for (sm = s->init_data->smlists[DETECT_SM_LIST_AMATCH]; sm != NULL; sm = sm->next) {
-        if (sm->type != DETECT_AL_APP_LAYER_PROTOCOL)
-            continue;
-        if (((DetectAppLayerProtocolData *)sm->ctx)->negated)
-            break;
-    }
-    if (sm != NULL && s->alproto != ALPROTO_UNKNOWN) {
-        SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "We can't have "
-                   "the rule match on a fixed alproto and at the same time"
-                   "have an app-layer-protocol keyword set.");
-        SCReturnInt(0);
-    }
-
    /* TCP: pkt vs stream vs depth/offset */
    if (s->proto.proto[IPPROTO_TCP / 8] & (1 << (IPPROTO_TCP % 8))) {
        if (!(s->flags & (SIG_FLAG_REQUIRE_PACKET | SIG_FLAG_REQUIRE_STREAM))) {
@ -1613,13 +1598,8 @@ static Signature *SigInitHelper(DetectEngineCtx *de_ctx, char *sigstr,
        }
    }

-    if (sig->init_data->smlists[DETECT_SM_LIST_AMATCH] != NULL)
-        sig->flags |= SIG_FLAG_APPLAYER;
-
    if (sig->init_data->smlists[DETECT_SM_LIST_DMATCH])
        sig->flags |= SIG_FLAG_STATE_MATCH;
-    if (sig->init_data->smlists[DETECT_SM_LIST_AMATCH])
-        sig->flags |= SIG_FLAG_STATE_MATCH;
    /* for other lists this flag is set when the inspect engines
     * are registered */

--- a/src/detect.c
+++ b/src/detect.c
@ -1914,9 +1914,6 @@ int SignatureIsIPOnly(DetectEngineCtx *de_ctx, const Signature *s)
    if (s->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL)
        return 0;

-    if (s->init_data->smlists[DETECT_SM_LIST_AMATCH] != NULL)
-        return 0;
-
    /* for now assume that all registered buffer types are incompatible */
    const int nlists = DetectBufferTypeMaxId();
    for (int i = 0; i < nlists; i++) {
@ -1986,9 +1983,6 @@ static int SignatureIsPDOnly(const Signature *s)
    if (s->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL)
        return 0;

-    if (s->init_data->smlists[DETECT_SM_LIST_AMATCH] != NULL)
-        return 0;
-
    /* for now assume that all registered buffer types are incompatible */
    const int nlists = DetectBufferTypeMaxId();
    for (int i = 0; i < nlists; i++) {
@ -2084,8 +2078,7 @@ static int SignatureIsDEOnly(DetectEngineCtx *de_ctx, const Signature *s)
        SCReturnInt(0);
    }

-    if (s->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL ||
-        s->init_data->smlists[DETECT_SM_LIST_AMATCH] != NULL)
+    if (s->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL)
    {
        SCReturnInt(0);
    }
@ -2239,19 +2232,6 @@ static int SignatureCreateMask(Signature *s)
    }

    SigMatch *sm;
-    for (sm = s->init_data->smlists[DETECT_SM_LIST_AMATCH] ; sm != NULL; sm = sm->next) {
-        switch(sm->type) {
-            case DETECT_AL_URILEN:
-            case DETECT_AL_HTTP_URI:
-                s->mask |= SIG_MASK_REQUIRE_HTTP_STATE;
-                SCLogDebug("sig requires dce http state");
-                break;
-            case DETECT_AL_APP_LAYER_EVENT:
-                s->mask |= SIG_MASK_REQUIRE_ENGINE_EVENT;
-                break;
-        }
-    }
-
    for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
        switch(sm->type) {
            case DETECT_FLOWBITS:
@ -2390,11 +2370,6 @@ static int SignatureCreateMask(Signature *s)
        SCLogDebug("sig requires flow");
    }

-    if (s->init_data->smlists[DETECT_SM_LIST_AMATCH] != NULL) {
-        s->mask |= SIG_MASK_REQUIRE_FLOW;
-        SCLogDebug("sig requires flow");
-    }
-
    if (s->flags & SIG_FLAG_APPLAYER) {
        s->mask |= SIG_MASK_REQUIRE_FLOW;
        SCLogDebug("sig requires flow");
--- a/src/detect.h
+++ b/src/detect.h
@ -88,9 +88,6 @@ enum DetectSigmatchListEnum {
    DETECT_SM_LIST_MATCH = 0,
    DETECT_SM_LIST_PMATCH,

-    /* list for per flow matches. Deprecated. */
-    DETECT_SM_LIST_AMATCH,
-
    /* list for DCE matches */
    DETECT_SM_LIST_DMATCH,