diff --git a/src/detect-engine-file.c b/src/detect-engine-file.c index 7ffb355740..7db290d3e5 100644 --- a/src/detect-engine-file.c +++ b/src/detect-engine-file.c @@ -81,7 +81,6 @@ static int DetectFileInspect(ThreadVars *tv, DetectEngineThreadCtx *det_ctx, int match = 0; int store_r = 0; - KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_FILEMATCH); SCLogDebug("file inspection... %p", ffc); if (ffc != NULL) { diff --git a/src/detect-engine.c b/src/detect-engine.c index a577af12a9..34d3381581 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -2808,9 +2808,6 @@ const char *DetectSigmatchListEnumToString(enum DetectSigmatchListEnum type) case DETECT_SM_LIST_TMATCH: return "tag"; - case DETECT_SM_LIST_FILEMATCH: - return "file"; - case DETECT_SM_LIST_BASE64_DATA: return "base64_data"; diff --git a/src/detect-fileext.c b/src/detect-fileext.c index f9a08dacf3..eecc63ffe5 100644 --- a/src/detect-fileext.c +++ b/src/detect-fileext.c @@ -56,6 +56,7 @@ static int DetectFileextMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *, static int DetectFileextSetup (DetectEngineCtx *, Signature *, char *); static void DetectFileextRegisterTests(void); static void DetectFileextFree(void *); +static int g_file_match_list_id = 0; /** * \brief Registration function for keyword: fileext @@ -70,6 +71,8 @@ void DetectFileextRegister(void) sigmatch_table[DETECT_FILEEXT].Free = DetectFileextFree; sigmatch_table[DETECT_FILEEXT].RegisterTests = DetectFileextRegisterTests; + g_file_match_list_id = DetectBufferTypeRegister("files"); + SCLogDebug("registering fileext rule option"); return; } @@ -208,7 +211,7 @@ static int DetectFileextSetup (DetectEngineCtx *de_ctx, Signature *s, char *str) sm->type = DETECT_FILEEXT; sm->ctx = (void *)fileext; - SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH); + SigMatchAppendSMToList(s, sm, g_file_match_list_id); s->file_flags |= (FILE_SIG_NEED_FILE|FILE_SIG_NEED_FILENAME); return 0; diff --git a/src/detect-filemagic.c b/src/detect-filemagic.c index b70e4c820d..dbf1dd767e 100644 --- a/src/detect-filemagic.c +++ b/src/detect-filemagic.c @@ -80,6 +80,7 @@ static int DetectFilemagicMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *, static int DetectFilemagicSetup (DetectEngineCtx *, Signature *, char *); static void DetectFilemagicRegisterTests(void); static void DetectFilemagicFree(void *); +static int g_file_match_list_id = 0; /** * \brief Registration function for keyword: filemagic @@ -94,6 +95,8 @@ void DetectFilemagicRegister(void) sigmatch_table[DETECT_FILEMAGIC].Free = DetectFilemagicFree; sigmatch_table[DETECT_FILEMAGIC].RegisterTests = DetectFilemagicRegisterTests; + g_file_match_list_id = DetectBufferTypeRegister("files"); + SCLogDebug("registering filemagic rule option"); return; } @@ -377,7 +380,7 @@ static int DetectFilemagicSetup (DetectEngineCtx *de_ctx, Signature *s, char *st sm->type = DETECT_FILEMAGIC; sm->ctx = (void *)filemagic; - SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH); + SigMatchAppendSMToList(s, sm, g_file_match_list_id); s->file_flags |= (FILE_SIG_NEED_FILE|FILE_SIG_NEED_MAGIC); return 0; diff --git a/src/detect-filemd5.c b/src/detect-filemd5.c index 8f1b43d197..a4f3f56dfe 100644 --- a/src/detect-filemd5.c +++ b/src/detect-filemd5.c @@ -24,6 +24,7 @@ #include "suricata-common.h" +#include "detect-engine.h" #include "util-detect-file-hash.h" #include "util-unittest.h" #include "util-unittest-helper.h" @@ -56,6 +57,8 @@ void DetectFileMd5Register(void) #else /* HAVE_NSS */ +static int g_file_match_list_id = 0; + static int DetectFileMd5Setup (DetectEngineCtx *, Signature *, char *); static void DetectFileMd5RegisterTests(void); @@ -72,6 +75,8 @@ void DetectFileMd5Register(void) sigmatch_table[DETECT_FILEMD5].Free = DetectFileHashFree; sigmatch_table[DETECT_FILEMD5].RegisterTests = DetectFileMd5RegisterTests; + g_file_match_list_id = DetectBufferTypeRegister("files"); + SCLogDebug("registering filemd5 rule option"); return; } @@ -89,7 +94,7 @@ void DetectFileMd5Register(void) */ static int DetectFileMd5Setup (DetectEngineCtx *de_ctx, Signature *s, char *str) { - return DetectFileHashSetup(de_ctx, s, str, DETECT_FILEMD5); + return DetectFileHashSetup(de_ctx, s, str, DETECT_FILEMD5, g_file_match_list_id); } #ifdef UNITTESTS diff --git a/src/detect-filename.c b/src/detect-filename.c index e751d2b4fa..1b59519fb9 100644 --- a/src/detect-filename.c +++ b/src/detect-filename.c @@ -57,6 +57,7 @@ static int DetectFilenameMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *, static int DetectFilenameSetup (DetectEngineCtx *, Signature *, char *); static void DetectFilenameRegisterTests(void); static void DetectFilenameFree(void *); +static int g_file_match_list_id = 0; /** * \brief Registration function for keyword: filename @@ -71,17 +72,19 @@ void DetectFilenameRegister(void) sigmatch_table[DETECT_FILENAME].Free = DetectFilenameFree; sigmatch_table[DETECT_FILENAME].RegisterTests = DetectFilenameRegisterTests; - DetectAppLayerInspectEngineRegister(ALPROTO_HTTP, SIG_FLAG_TOSERVER, - DETECT_SM_LIST_FILEMATCH, + DetectAppLayerInspectEngineRegister2("files", + ALPROTO_HTTP, SIG_FLAG_TOSERVER, DetectFileInspectHttp); - DetectAppLayerInspectEngineRegister(ALPROTO_HTTP, SIG_FLAG_TOCLIENT, - DETECT_SM_LIST_FILEMATCH, + DetectAppLayerInspectEngineRegister2("files", + ALPROTO_HTTP, SIG_FLAG_TOCLIENT, DetectFileInspectHttp); - DetectAppLayerInspectEngineRegister(ALPROTO_SMTP, SIG_FLAG_TOSERVER, - DETECT_SM_LIST_FILEMATCH, + DetectAppLayerInspectEngineRegister2("files", + ALPROTO_SMTP, SIG_FLAG_TOSERVER, DetectFileInspectSmtp); + g_file_match_list_id = DetectBufferTypeGetByName("files"); + SCLogDebug("registering filename rule option"); return; } @@ -225,7 +228,7 @@ static int DetectFilenameSetup (DetectEngineCtx *de_ctx, Signature *s, char *str sm->type = DETECT_FILENAME; sm->ctx = (void *)filename; - SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH); + SigMatchAppendSMToList(s, sm, g_file_match_list_id); s->file_flags |= (FILE_SIG_NEED_FILE|FILE_SIG_NEED_FILENAME); return 0; diff --git a/src/detect-filesha1.c b/src/detect-filesha1.c index 22196bda93..3bb26b5746 100644 --- a/src/detect-filesha1.c +++ b/src/detect-filesha1.c @@ -25,6 +25,7 @@ #include "suricata-common.h" +#include "detect-engine.h" #include "util-detect-file-hash.h" #include "util-unittest.h" #include "util-unittest-helper.h" @@ -59,6 +60,7 @@ void DetectFileSha1Register(void) static int DetectFileSha1Setup (DetectEngineCtx *, Signature *, char *); static void DetectFileSha1RegisterTests(void); +static int g_file_match_list_id = 0; /** * \brief Registration function for keyword: filesha1 @@ -73,6 +75,8 @@ void DetectFileSha1Register(void) sigmatch_table[DETECT_FILESHA1].Free = DetectFileHashFree; sigmatch_table[DETECT_FILESHA1].RegisterTests = DetectFileSha1RegisterTests; + g_file_match_list_id = DetectBufferTypeRegister("files"); + SCLogDebug("registering filesha1 rule option"); return; } @@ -90,7 +94,7 @@ void DetectFileSha1Register(void) */ static int DetectFileSha1Setup (DetectEngineCtx *de_ctx, Signature *s, char *str) { - return DetectFileHashSetup(de_ctx, s, str, DETECT_FILESHA1); + return DetectFileHashSetup(de_ctx, s, str, DETECT_FILESHA1, g_file_match_list_id); } #ifdef UNITTESTS diff --git a/src/detect-filesha256.c b/src/detect-filesha256.c index 0a58e33a30..b95831e7da 100644 --- a/src/detect-filesha256.c +++ b/src/detect-filesha256.c @@ -25,6 +25,7 @@ #include "suricata-common.h" +#include "detect-engine.h" #include "util-detect-file-hash.h" #include "util-unittest.h" #include "util-unittest-helper.h" @@ -59,6 +60,7 @@ void DetectFileSha256Register(void) static int DetectFileSha256Setup (DetectEngineCtx *, Signature *, char *); static void DetectFileSha256RegisterTests(void); +static int g_file_match_list_id = 0; /** * \brief Registration function for keyword: filesha256 @@ -73,6 +75,8 @@ void DetectFileSha256Register(void) sigmatch_table[DETECT_FILESHA256].Free = DetectFileHashFree; sigmatch_table[DETECT_FILESHA256].RegisterTests = DetectFileSha256RegisterTests; + g_file_match_list_id = DetectBufferTypeRegister("files"); + SCLogDebug("registering filesha256 rule option"); return; } @@ -90,7 +94,7 @@ void DetectFileSha256Register(void) */ static int DetectFileSha256Setup (DetectEngineCtx *de_ctx, Signature *s, char *str) { - return DetectFileHashSetup(de_ctx, s, str, DETECT_FILESHA256); + return DetectFileHashSetup(de_ctx, s, str, DETECT_FILESHA256, g_file_match_list_id); } #ifdef UNITTESTS diff --git a/src/detect-filesize.c b/src/detect-filesize.c index 1b12221b84..547ea38963 100644 --- a/src/detect-filesize.c +++ b/src/detect-filesize.c @@ -31,6 +31,7 @@ #include "detect.h" #include "detect-parse.h" +#include "detect-engine.h" #include "detect-engine-state.h" #include "detect-filesize.h" @@ -53,6 +54,7 @@ static int DetectFilesizeMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, F static int DetectFilesizeSetup (DetectEngineCtx *, Signature *, char *); static void DetectFilesizeFree (void *); static void DetectFilesizeRegisterTests (void); +static int g_file_match_list_id = 0; /** * \brief Registration function for filesize: keyword @@ -70,6 +72,8 @@ void DetectFilesizeRegister(void) sigmatch_table[DETECT_FILESIZE].flags |= SIGMATCH_PAYLOAD; /** XXX necessary? */ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + + g_file_match_list_id = DetectBufferTypeRegister("files"); } /** @@ -286,7 +290,7 @@ static int DetectFilesizeSetup (DetectEngineCtx *de_ctx, Signature *s, char *str sm->type = DETECT_FILESIZE; sm->ctx = (SigMatchCtx *)fsd; - SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH); + SigMatchAppendSMToList(s, sm, g_file_match_list_id); s->file_flags |= (FILE_SIG_NEED_FILE|FILE_SIG_NEED_SIZE); SCReturnInt(0); diff --git a/src/detect-filestore.c b/src/detect-filestore.c index 328b211803..6801e8cbf0 100644 --- a/src/detect-filestore.c +++ b/src/detect-filestore.c @@ -64,6 +64,7 @@ static int DetectFilestoreMatch (ThreadVars *, DetectEngineThreadCtx *, static int DetectFilestoreSetup (DetectEngineCtx *, Signature *, char *); static void DetectFilestoreFree(void *); static void DetectFilestoreRegisterTests(void); +static int g_file_match_list_id = 0; /** * \brief Registration function for keyword: filestore @@ -80,6 +81,8 @@ void DetectFilestoreRegister(void) sigmatch_table[DETECT_FILESTORE].flags = SIGMATCH_OPTIONAL_OPT; DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); + + g_file_match_list_id = DetectBufferTypeRegister("files"); } /** @@ -401,7 +404,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, char *st AppLayerHtpNeedFileInspection(); } - SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH); + SigMatchAppendSMToList(s, sm, g_file_match_list_id); s->filestore_ctx = (const DetectFilestoreData *)sm->ctx; s->flags |= SIG_FLAG_FILESTORE; diff --git a/src/detect-parse.c b/src/detect-parse.c index d8a9928dc8..3b24f5fa37 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -145,7 +145,6 @@ const char *DetectListToHumanString(int list) CASE_CODE_STRING(DETECT_SM_LIST_AMATCH, "app-layer"); CASE_CODE_STRING(DETECT_SM_LIST_DMATCH, "dcerpc"); CASE_CODE_STRING(DETECT_SM_LIST_TMATCH, "tag"); - CASE_CODE_STRING(DETECT_SM_LIST_FILEMATCH, "file"); CASE_CODE_STRING(DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH, "template"); CASE_CODE_STRING(DETECT_SM_LIST_POSTMATCH, "postmatch"); CASE_CODE_STRING(DETECT_SM_LIST_SUPPRESS, "suppress"); @@ -167,7 +166,6 @@ const char *DetectListToString(int list) CASE_CODE(DETECT_SM_LIST_AMATCH); CASE_CODE(DETECT_SM_LIST_DMATCH); CASE_CODE(DETECT_SM_LIST_TMATCH); - CASE_CODE(DETECT_SM_LIST_FILEMATCH); CASE_CODE(DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH); CASE_CODE(DETECT_SM_LIST_POSTMATCH); CASE_CODE(DETECT_SM_LIST_SUPPRESS); diff --git a/src/detect.h b/src/detect.h index 7895ec683f..70c76dfada 100644 --- a/src/detect.h +++ b/src/detect.h @@ -118,8 +118,6 @@ enum DetectSigmatchListEnum { /* app event engine sm list */ DETECT_SM_LIST_APP_EVENT = DETECT_SM_LIST_BUILTIN_MAX, - DETECT_SM_LIST_FILEMATCH, - DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH, DETECT_SM_LIST_MAX, diff --git a/src/util-detect-file-hash.c b/src/util-detect-file-hash.c index aff4302f41..e7e157bd9e 100644 --- a/src/util-detect-file-hash.c +++ b/src/util-detect-file-hash.c @@ -303,7 +303,7 @@ error: * \retval -1 on Failure */ int DetectFileHashSetup (DetectEngineCtx *de_ctx, Signature *s, char *str, - uint32_t type) + uint32_t type, int list) { DetectFileHashData *filehash = NULL; SigMatch *sm = NULL; @@ -321,7 +321,7 @@ int DetectFileHashSetup (DetectEngineCtx *de_ctx, Signature *s, char *str, sm->type = type; sm->ctx = (void *)filehash; - SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH); + SigMatchAppendSMToList(s, sm, list); s->file_flags |= FILE_SIG_NEED_FILE; diff --git a/src/util-detect-file-hash.h b/src/util-detect-file-hash.h index ee0b37de61..b8d5078934 100644 --- a/src/util-detect-file-hash.h +++ b/src/util-detect-file-hash.h @@ -39,7 +39,7 @@ int LoadHashTable(ROHashTable *, char *, char *, int, uint32_t); int DetectFileHashMatch(ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t, File *, const Signature *, const SigMatchData *); -int DetectFileHashSetup(DetectEngineCtx *, Signature *, char *, uint32_t); +int DetectFileHashSetup(DetectEngineCtx *, Signature *, char *, uint32_t, int); void DetectFileHashFree(void *); #endif /* __UTIL_DETECT_FILE_HASH_H__ */