aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect: pass SigMatchData to inspect functions

Browse Source
pull/2559/head
Victor Julien 9 years ago
parent a0fe67a3c0
commit bd456076a8
67 changed files with 204 additions and 201 deletions
Show Stats Download Patch File Download Diff File

17
src/detect-app-layer-event.c
Unescape Escape View File

@ -57,7 +57,7 @@ static void DetectAppLayerEventRegisterTests(void);
static void DetectAppLayerEventFree(void *);
static int DetectEngineAptEventInspect(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate,
void *tx, uint64_t tx_id);
@ -88,7 +88,7 @@ void DetectAppLayerEventRegister(void)
static int DetectEngineAptEventInspect(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate,
void *tx, uint64_t tx_id)
{
@ -102,15 +102,20 @@ static int DetectEngineAptEventInspect(ThreadVars *tv,
if (decoder_events == NULL)
goto end;
for ( ; sm != NULL; sm = sm->next) {
aled = (DetectAppLayerEventData *)sm->ctx;
while (1) {
aled = (DetectAppLayerEventData *)smd->ctx;
KEYWORD_PROFILING_START;
if (AppLayerDecoderEventsIsEventSet(decoder_events, aled->event_id)) {
KEYWORD_PROFILING_END(det_ctx, sm->type, 1);
KEYWORD_PROFILING_END(det_ctx, smd->type, 1);
if (smd->is_last)
break;
smd++;
continue;
}
KEYWORD_PROFILING_END(det_ctx, sm->type, 0);
KEYWORD_PROFILING_END(det_ctx, smd->type, 0);
goto end;
}

2
src/detect-base64-data.c
Unescape Escape View File

@ -75,7 +75,7 @@ int DetectBase64DataDoMatch(DetectEngineCtx *de_ctx,
{
if (det_ctx->base64_decoded_len) {
return DetectEngineContentInspection(de_ctx, det_ctx, s,
s->sm_lists[DETECT_SM_LIST_BASE64_DATA], f, det_ctx->base64_decoded,
s->sm_arrays[DETECT_SM_LIST_BASE64_DATA], f, det_ctx->base64_decoded,
det_ctx->base64_decoded_len, 0,
DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL);
}

4
src/detect-base64-decode.c
Unescape Escape View File

@ -55,9 +55,9 @@ void DetectBase64DecodeRegister(void)
}
int DetectBase64DecodeDoMatch(DetectEngineThreadCtx *det_ctx, const Signature *s,
const SigMatch *sm, uint8_t *payload, uint32_t payload_len)
const SigMatchData *smd, uint8_t *payload, uint32_t payload_len)
{
DetectBase64Decode *data = (DetectBase64Decode *)sm->ctx;
DetectBase64Decode *data = (DetectBase64Decode *)smd->ctx;
int decode_len;
#if 0

4
src/detect-base64-decode.h
Unescape Escape View File

@ -27,7 +27,7 @@ typedef struct DetectBase64Decode_ {
} DetectBase64Decode;
void DetectBase64DecodeRegister(void);
int DetectBase64DecodeDoMatch(DetectEngineThreadCtx *,
const Signature *, const SigMatch *, uint8_t *, uint32_t);
int DetectBase64DecodeDoMatch(DetectEngineThreadCtx *, const Signature *,
const SigMatchData *, uint8_t *, uint32_t);
#endif /* __DETECT_BASE64_DECODE_H__ */

4
src/detect-byte-extract.c
Unescape Escape View File

@ -110,12 +110,12 @@ void DetectByteExtractRegister(void)
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
}
int DetectByteExtractDoMatch(DetectEngineThreadCtx *det_ctx, const SigMatch *sm,
int DetectByteExtractDoMatch(DetectEngineThreadCtx *det_ctx, const SigMatchData *smd,
const Signature *s, uint8_t *payload,
uint16_t payload_len, uint64_t *value,
uint8_t endian)
{
DetectByteExtractData *data = (DetectByteExtractData *)sm->ctx;
DetectByteExtractData *data = (DetectByteExtractData *)smd->ctx;
uint8_t *ptr = NULL;
int32_t len = 0;
uint64_t val = 0;

2
src/detect-byte-extract.h
Unescape Escape View File

@ -62,7 +62,7 @@ typedef struct DetectByteExtractData_ {
void DetectByteExtractRegister(void);
SigMatch *DetectByteExtractRetrieveSMVar(const char *, const Signature *);
int DetectByteExtractDoMatch(DetectEngineThreadCtx *, const SigMatch *, const Signature *,
int DetectByteExtractDoMatch(DetectEngineThreadCtx *, const SigMatchData *, const Signature *,
uint8_t *, uint16_t, uint64_t *, uint8_t);
#endif /* __DETECT_BYTEEXTRACT_H__ */

8
src/detect-dnp3.c
Unescape Escape View File

@ -139,7 +139,7 @@ static char *TrimString(char *str)
}
static int DetectEngineInspectDNP3Data(ThreadVars *tv, DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatch *sm,
DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
SCEnter();
@ -150,12 +150,12 @@ static int DetectEngineInspectDNP3Data(ThreadVars *tv, DetectEngineCtx *de_ctx,
/* Content match - should probably be put into its own file. */
if (flags & STREAM_TOSERVER && tx->request_buffer != NULL) {
r = DetectEngineContentInspection(de_ctx, det_ctx, s,
s->sm_lists[DETECT_SM_LIST_DNP3_DATA_MATCH], f, tx->request_buffer,
s->sm_arrays[DETECT_SM_LIST_DNP3_DATA_MATCH], f, tx->request_buffer,
tx->request_buffer_len, 0, 0, NULL);
}
else if (flags & STREAM_TOCLIENT && tx->response_buffer != NULL) {
r = DetectEngineContentInspection(de_ctx, det_ctx, s,
s->sm_lists[DETECT_SM_LIST_DNP3_DATA_MATCH], f, tx->response_buffer,
s->sm_arrays[DETECT_SM_LIST_DNP3_DATA_MATCH], f, tx->response_buffer,
tx->response_buffer_len, 0, 0, NULL);
}
@ -163,7 +163,7 @@ static int DetectEngineInspectDNP3Data(ThreadVars *tv, DetectEngineCtx *de_ctx,
}
static int DetectEngineInspectDNP3(ThreadVars *tv, DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatch *sm,
DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
return DetectEngineInspectGenericList(tv, de_ctx, det_ctx, s, f, flags,

80
src/detect-engine-content-inspection.c
Unescape Escape View File

@ -99,7 +99,7 @@
* \retval 1 match
*/
int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f,
uint8_t *buffer, uint32_t buffer_len,
uint32_t stream_start_offset,
@ -112,19 +112,19 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
if (det_ctx->inspection_recursion_counter == de_ctx->inspection_recursion_limit) {
det_ctx->discontinue_matching = 1;
KEYWORD_PROFILING_END(det_ctx, sm->type, 0);
KEYWORD_PROFILING_END(det_ctx, smd->type, 0);
SCReturnInt(0);
}
if (sm == NULL || buffer_len == 0) {
KEYWORD_PROFILING_END(det_ctx, sm->type, 0);
if (smd == NULL || buffer_len == 0) {
KEYWORD_PROFILING_END(det_ctx, smd->type, 0);
SCReturnInt(0);
}
/* \todo unify this which is phase 2 of payload inspection unification */
if (sm->type == DETECT_CONTENT) {
if (smd->type == DETECT_CONTENT) {
DetectContentData *cd = (DetectContentData *)sm->ctx;
DetectContentData *cd = (DetectContentData *)smd->ctx;
SCLogDebug("inspecting content %"PRIu32" buffer_len %"PRIu32, cd->id, buffer_len);
/* we might have already have this content matched by the mpm.
@ -318,17 +318,18 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
/* bail out if we have no next match. Technically this is an
* error, as the current cd has the DETECT_CONTENT_RELATIVE_NEXT
* flag set. */
if (sm->next == NULL) {
if (smd->is_last) {
goto no_match;
}
SCLogDebug("content %"PRIu32, cd->id);
KEYWORD_PROFILING_END(det_ctx, sm->type, 1);
KEYWORD_PROFILING_END(det_ctx, smd->type, 1);
/* see if the next buffer keywords match. If not, we will
* search for another occurence of this content and see
* if the others match then until we run out of matches */
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm->next, f, buffer, buffer_len, stream_start_offset, inspection_mode, data);
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd+1,
f, buffer, buffer_len, stream_start_offset, inspection_mode, data);
if (r == 1) {
SCReturnInt(1);
}
@ -343,10 +344,10 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
} while(1);
} else if (sm->type == DETECT_ISDATAAT) {
} else if (smd->type == DETECT_ISDATAAT) {
SCLogDebug("inspecting isdataat");
DetectIsdataatData *id = (DetectIsdataatData *)sm->ctx;
DetectIsdataatData *id = (DetectIsdataatData *)smd->ctx;
if (id->flags & ISDATAAT_RELATIVE) {
if (det_ctx->buffer_offset + id->dataat > buffer_len) {
SCLogDebug("det_ctx->buffer_offset + id->dataat %"PRIu32" > %"PRIu32, det_ctx->buffer_offset + id->dataat, buffer_len);
@ -373,9 +374,9 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
}
}
} else if (sm->type == DETECT_PCRE) {
} else if (smd->type == DETECT_PCRE) {
SCLogDebug("inspecting pcre");
DetectPcreData *pe = (DetectPcreData *)sm->ctx;
DetectPcreData *pe = (DetectPcreData *)smd->ctx;
uint32_t prev_buffer_offset = det_ctx->buffer_offset;
uint32_t prev_offset = 0;
int r = 0;
@ -385,7 +386,7 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
Packet *p = NULL;
if (inspection_mode == DETECT_ENGINE_CONTENT_INSPECTION_MODE_PAYLOAD)
p = (Packet *)data;
r = DetectPcrePayloadMatch(det_ctx, s, sm, p, f,
r = DetectPcrePayloadMatch(det_ctx, s, smd, p, f,
buffer, buffer_len);
if (r == 0) {
goto no_match;
@ -395,7 +396,7 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
SCLogDebug("no relative match coming up, so this is a match");
goto match;
}
KEYWORD_PROFILING_END(det_ctx, sm->type, 1);
KEYWORD_PROFILING_END(det_ctx, smd->type, 1);
/* save it, in case we need to do a pcre match once again */
prev_offset = det_ctx->pcre_match_start_offset;
@ -403,8 +404,8 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
/* see if the next payload keywords match. If not, we will
* search for another occurence of this pcre and see
* if the others match, until we run out of matches */
r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm->next,
f, buffer, buffer_len, stream_start_offset, inspection_mode, data);
r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd+1,
f, buffer, buffer_len, stream_start_offset, inspection_mode, data);
if (r == 1) {
SCReturnInt(1);
}
@ -416,8 +417,8 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
det_ctx->pcre_match_start_offset = prev_offset;
} while (1);
} else if (sm->type == DETECT_BYTETEST) {
DetectBytetestData *btd = (DetectBytetestData *)sm->ctx;
} else if (smd->type == DETECT_BYTETEST) {
DetectBytetestData *btd = (DetectBytetestData *)smd->ctx;
uint8_t flags = btd->flags;
int32_t offset = btd->offset;
uint64_t value = btd->value;
@ -438,15 +439,15 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
DETECT_BYTETEST_LITTLE: 0);
}
if (DetectBytetestDoMatch(det_ctx, s, sm->ctx, buffer, buffer_len, flags,
if (DetectBytetestDoMatch(det_ctx, s, smd->ctx, buffer, buffer_len, flags,
offset, value) != 1) {
goto no_match;
}
goto match;
} else if (sm->type == DETECT_BYTEJUMP) {
DetectBytejumpData *bjd = (DetectBytejumpData *)sm->ctx;
} else if (smd->type == DETECT_BYTEJUMP) {
DetectBytejumpData *bjd = (DetectBytejumpData *)smd->ctx;
uint8_t flags = bjd->flags;
int32_t offset = bjd->offset;
@ -464,16 +465,16 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
DETECT_BYTEJUMP_LITTLE: 0);
}
if (DetectBytejumpDoMatch(det_ctx, s, sm->ctx, buffer, buffer_len,
if (DetectBytejumpDoMatch(det_ctx, s, smd->ctx, buffer, buffer_len,
flags, offset) != 1) {
goto no_match;
}
goto match;
} else if (sm->type == DETECT_BYTE_EXTRACT) {
} else if (smd->type == DETECT_BYTE_EXTRACT) {
DetectByteExtractData *bed = (DetectByteExtractData *)sm->ctx;
DetectByteExtractData *bed = (DetectByteExtractData *)smd->ctx;
uint8_t endian = bed->endian;
/* if we have dce enabled we will have to use the endianness
@ -488,7 +489,7 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
DETECT_BYTE_EXTRACT_ENDIAN_LITTLE : DETECT_BYTE_EXTRACT_ENDIAN_BIG);
}
if (DetectByteExtractDoMatch(det_ctx, sm, s, buffer,
if (DetectByteExtractDoMatch(det_ctx, smd, s, buffer,
buffer_len,
&det_ctx->bj_values[bed->local_id],
endian) != 1) {
@ -498,11 +499,11 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
goto match;
/* we should never get here, but bail out just in case */
} else if (sm->type == DETECT_AL_URILEN) {
} else if (smd->type == DETECT_AL_URILEN) {
SCLogDebug("inspecting uri len");
int r = 0;
DetectUrilenData *urilend = (DetectUrilenData *) sm->ctx;
DetectUrilenData *urilend = (DetectUrilenData *) smd->ctx;
switch (urilend->mode) {
case DETECT_URILEN_EQ:
@ -534,10 +535,10 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
goto no_match;
#ifdef HAVE_LUA
}
else if (sm->type == DETECT_LUA) {
else if (smd->type == DETECT_LUA) {
SCLogDebug("lua starting");
if (DetectLuaMatchBuffer(det_ctx, s, sm, buffer, buffer_len,
if (DetectLuaMatchBuffer(det_ctx, s, smd, buffer, buffer_len,
det_ctx->buffer_offset, f) != 1)
{
SCLogDebug("lua no_match");
@ -546,10 +547,10 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
SCLogDebug("lua match");
goto match;
#endif /* HAVE_LUA */
} else if (sm->type == DETECT_BASE64_DECODE) {
if (DetectBase64DecodeDoMatch(det_ctx, s, sm, buffer, buffer_len)) {
} else if (smd->type == DETECT_BASE64_DECODE) {
if (DetectBase64DecodeDoMatch(det_ctx, s, smd, buffer, buffer_len)) {
if (s->sm_arrays[DETECT_SM_LIST_BASE64_DATA] != NULL) {
KEYWORD_PROFILING_END(det_ctx, sm->type, 1);
KEYWORD_PROFILING_END(det_ctx, smd->type, 1);
if (DetectBase64DataDoMatch(de_ctx, det_ctx, s, f)) {
/* Base64 is a terminal list. */
goto final_match;
@ -557,25 +558,26 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
}
}
} else {
SCLogDebug("sm->type %u", sm->type);
SCLogDebug("sm->type %u", smd->type);
#ifdef DEBUG
BUG_ON(1);
#endif
}
no_match:
KEYWORD_PROFILING_END(det_ctx, sm->type, 0);
KEYWORD_PROFILING_END(det_ctx, smd->type, 0);
SCReturnInt(0);
match:
/* this sigmatch matched, inspect the next one. If it was the last,
* the buffer portion of the signature matched. */
if (sm->next != NULL) {
KEYWORD_PROFILING_END(det_ctx, sm->type, 1);
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm->next, f, buffer, buffer_len, stream_start_offset, inspection_mode, data);
if (!smd->is_last) {
KEYWORD_PROFILING_END(det_ctx, smd->type, 1);
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd+1,
f, buffer, buffer_len, stream_start_offset, inspection_mode, data);
SCReturnInt(r);
}
final_match:
KEYWORD_PROFILING_END(det_ctx, sm->type, 1);
KEYWORD_PROFILING_END(det_ctx, smd->type, 1);
SCReturnInt(1);
}

2
src/detect-engine-content-inspection.h
Unescape Escape View File

@ -34,7 +34,7 @@ enum {
};
int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f,
uint8_t *buffer, uint32_t buffer_len,
uint32_t stream_start_offset,

4
src/detect-engine-dcepayload.c
Unescape Escape View File

@ -85,7 +85,7 @@ int DetectEngineInspectDcePayload(DetectEngineCtx *de_ctx,
det_ctx->discontinue_matching = 0;
det_ctx->inspection_recursion_counter = 0;
r = DetectEngineContentInspection(de_ctx, det_ctx, s, s->sm_lists[DETECT_SM_LIST_DMATCH],
r = DetectEngineContentInspection(de_ctx, det_ctx, s, s->sm_arrays[DETECT_SM_LIST_DMATCH],
f,
dce_stub_data,
dce_stub_data_len,
@ -108,7 +108,7 @@ int DetectEngineInspectDcePayload(DetectEngineCtx *de_ctx,
det_ctx->discontinue_matching = 0;
det_ctx->inspection_recursion_counter = 0;
r = DetectEngineContentInspection(de_ctx, det_ctx, s, s->sm_lists[DETECT_SM_LIST_DMATCH],
r = DetectEngineContentInspection(de_ctx, det_ctx, s, s->sm_arrays[DETECT_SM_LIST_DMATCH],
f,
dce_stub_data,
dce_stub_data_len,

4
src/detect-engine-dns.c
Unescape Escape View File

@ -62,7 +62,7 @@
*/
int DetectEngineInspectDnsQueryName(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate,
void *txv, uint64_t tx_id)
{
@ -86,7 +86,7 @@ int DetectEngineInspectDnsQueryName(ThreadVars *tv,
//PrintRawDataFp(stdout, buffer, buffer_len);
r = DetectEngineContentInspection(de_ctx, det_ctx,
s, sm,
s, smd,
f, buffer, buffer_len, 0,
DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL);
if (r == 1)

6
src/detect-engine-dns.h
Unescape Escape View File

@ -27,15 +27,15 @@ int PrefilterTxDnsQueryRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
int DetectEngineInspectDnsQueryName(ThreadVars *,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *,
const Signature *, const SigMatch *sm,
const Signature *, const SigMatchData *smd,
Flow *, uint8_t, void *, void *, uint64_t);
int DetectEngineInspectDnsRequest(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
int DetectEngineInspectDnsResponse(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
#endif /* __DETECT_ENGINE_DNS_H__ */

8
src/detect-engine-enip.c
Unescape Escape View File

@ -219,14 +219,14 @@ int CIPServiceMatch(ENIPTransaction *enip_data,
*/
int DetectEngineInspectCIP(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm, Flow *f, uint8_t flags,
const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags,
void *alstate, void *txv, uint64_t tx_id)
{
SCEnter();
ENIPTransaction *tx = (ENIPTransaction *) txv;
DetectCipServiceData *cipserviced = (DetectCipServiceData *) sm->ctx;
DetectCipServiceData *cipserviced = (DetectCipServiceData *) smd->ctx;
if (cipserviced == NULL)
{
@ -259,13 +259,13 @@ int DetectEngineInspectCIP(ThreadVars *tv,
int DetectEngineInspectENIP(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
SCEnter();
ENIPTransaction *tx = (ENIPTransaction *) txv;
DetectEnipCommandData *enipcmdd = (DetectEnipCommandData *) sm->ctx;
DetectEnipCommandData *enipcmdd = (DetectEnipCommandData *) smd->ctx;
if (enipcmdd == NULL)
{

4
src/detect-engine-enip.h
Unescape Escape View File

@ -25,12 +25,12 @@
int DetectEngineInspectCIP(ThreadVars *,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *,
const Signature *, const SigMatch *sm,
const Signature *, const SigMatchData *smd,
Flow *, uint8_t, void *, void *, uint64_t);
int DetectEngineInspectENIP(ThreadVars *,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *,
const Signature *, const SigMatch *sm,
const Signature *, const SigMatchData *smd,
Flow *, uint8_t, void *, void *, uint64_t);
void DetectEngineInspectENIPRegisterTests(void);

42
src/detect-engine-file.c
Unescape Escape View File

@ -74,9 +74,9 @@
* \note flow is not locked at this time
*/
static int DetectFileInspect(ThreadVars *tv, DetectEngineThreadCtx *det_ctx,
Flow *f, Signature *s, const SigMatch *smi, uint8_t flags, FileContainer *ffc)
Flow *f, Signature *s, const SigMatchData *smd,
uint8_t flags, FileContainer *ffc)
{
const SigMatch *sm = NULL;
int r = 0;
int match = 0;
int store_r = 0;
@ -148,22 +148,25 @@ static int DetectFileInspect(ThreadVars *tv, DetectEngineThreadCtx *det_ctx,
}
/* run the file match functions. */
for (sm = smi; sm != NULL; sm = sm->next) {
SCLogDebug("sm %p, sm->next %p", sm, sm->next);
while (1) {
SCLogDebug("smd %p", smd);
if (sigmatch_table[sm->type].FileMatch != NULL) {
if (sigmatch_table[smd->type].FileMatch != NULL) {
KEYWORD_PROFILING_START;
match = sigmatch_table[sm->type].
FileMatch(tv, det_ctx, f, flags, file, s, sm);
KEYWORD_PROFILING_END(det_ctx, sm->type, (match > 0));
match = sigmatch_table[smd->type].
FileMatch(tv, det_ctx, f, flags, file, s, smd);
KEYWORD_PROFILING_END(det_ctx, smd->type, (match > 0));
if (match == 0) {
r = DETECT_ENGINE_INSPECT_SIG_CANT_MATCH;
break;
} else if (sm->next == NULL) {
} else if (smd->is_last) {
r = DETECT_ENGINE_INSPECT_SIG_MATCH;
break;
}
}
if (smd->is_last)
break;
smd++;
}
/* continue inspection for other files as we may want to store
@ -183,16 +186,15 @@ static int DetectFileInspect(ThreadVars *tv, DetectEngineThreadCtx *det_ctx,
} else {
/* if we have a filestore sm with a scope > file (so tx, ssn) we
* run it here */
sm = smi;
if (sm != NULL && sm->next == NULL && sm->type == DETECT_FILESTORE &&
sm->ctx != NULL)
if (smd != NULL && smd->is_last && smd->type == DETECT_FILESTORE &&
smd->ctx != NULL)
{
DetectFilestoreData *fd = (DetectFilestoreData *)sm->ctx;
DetectFilestoreData *fd = (DetectFilestoreData *)smd->ctx;
if (fd->scope > FILESTORE_SCOPE_DEFAULT) {
KEYWORD_PROFILING_START;
match = sigmatch_table[sm->type].
FileMatch(tv, det_ctx, f, flags, /* no file */NULL, s, sm);
KEYWORD_PROFILING_END(det_ctx, sm->type, (match > 0));
match = sigmatch_table[smd->type].
FileMatch(tv, det_ctx, f, flags, /* no file */NULL, s, smd);
KEYWORD_PROFILING_END(det_ctx, smd->type, (match > 0));
if (match == 1) {
r = DETECT_ENGINE_INSPECT_SIG_MATCH;
@ -230,7 +232,7 @@ static int DetectFileInspect(ThreadVars *tv, DetectEngineThreadCtx *det_ctx,
*/
int DetectFileInspectHttp(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
Signature *s, const SigMatch *sm,
Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id)
{
int r = DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
@ -242,7 +244,7 @@ int DetectFileInspectHttp(ThreadVars *tv,
else
ffc = htp_state->files_ts;
int match = DetectFileInspect(tv, det_ctx, f, s, sm, flags, ffc);
int match = DetectFileInspect(tv, det_ctx, f, s, smd, flags, ffc);
if (match == DETECT_ENGINE_INSPECT_SIG_MATCH) {
r = DETECT_ENGINE_INSPECT_SIG_MATCH;
} else if (match == DETECT_ENGINE_INSPECT_SIG_CANT_MATCH) {
@ -275,7 +277,7 @@ int DetectFileInspectHttp(ThreadVars *tv,
*/
int DetectFileInspectSmtp(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
Signature *s, const SigMatch *sm,
Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id)
{
SCEnter();
@ -294,7 +296,7 @@ int DetectFileInspectSmtp(ThreadVars *tv,
else
goto end;
int match = DetectFileInspect(tv, det_ctx, f, s, sm, flags, ffc);
int match = DetectFileInspect(tv, det_ctx, f, s, smd, flags, ffc);
if (match == DETECT_ENGINE_INSPECT_SIG_MATCH) {
r = DETECT_ENGINE_INSPECT_SIG_MATCH;
} else if (match == DETECT_ENGINE_INSPECT_SIG_CANT_MATCH) {

4
src/detect-engine-file.h
Unescape Escape View File

@ -26,12 +26,12 @@
int DetectFileInspectHttp(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
int DetectFileInspectSmtp(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
#endif /* __DETECT_ENGINE_FILE_H__ */

4
src/detect-engine-filedata-smtp.c
Unescape Escape View File

@ -175,7 +175,7 @@ end:
int DetectEngineInspectSMTPFiledata(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
Signature *s, const SigMatch *sm,
Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id)
{
SMTPState *smtp_state = (SMTPState *)alstate;
@ -201,7 +201,7 @@ int DetectEngineInspectSMTPFiledata(ThreadVars *tv,
det_ctx->buffer_offset = 0;
det_ctx->discontinue_matching = 0;
det_ctx->inspection_recursion_counter = 0;
match = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
match = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f,
(uint8_t *)buffer,
buffer_len,

2
src/detect-engine-filedata-smtp.h
Unescape Escape View File

@ -29,7 +29,7 @@ int PrefilterTxSmtpFiledataRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
int DetectEngineInspectSMTPFiledata(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
void DetectEngineCleanSMTPBuffers(DetectEngineThreadCtx *det_ctx);

4
src/detect-engine-hcbd.c
Unescape Escape View File

@ -258,7 +258,7 @@ int PrefilterTxHttpRequestBodyRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx)
int DetectEngineInspectHttpClientBody(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
Signature *s, const SigMatch *sm,
Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id)
{
HtpState *htp_state = (HtpState *)alstate;
@ -276,7 +276,7 @@ int DetectEngineInspectHttpClientBody(ThreadVars *tv,
det_ctx->buffer_offset = 0;
det_ctx->discontinue_matching = 0;
det_ctx->inspection_recursion_counter = 0;
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f,
(uint8_t *)buffer,
buffer_len,

2
src/detect-engine-hcbd.h
Unescape Escape View File

@ -31,7 +31,7 @@ int PrefilterTxHttpRequestBodyRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
int DetectEngineInspectHttpClientBody(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
void DetectEngineCleanHCBDBuffers(DetectEngineThreadCtx *);

4
src/detect-engine-hcd.c
Unescape Escape View File

@ -167,7 +167,7 @@ int PrefilterTxResponseCookieRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx)
*/
int DetectEngineInspectHttpCookie(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
htp_tx_t *tx = (htp_tx_t *)txv;
@ -191,7 +191,7 @@ int DetectEngineInspectHttpCookie(ThreadVars *tv,
det_ctx->buffer_offset = 0;
det_ctx->discontinue_matching = 0;
det_ctx->inspection_recursion_counter = 0;
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f,
(uint8_t *)bstr_ptr(h->value),
bstr_len(h->value),

2
src/detect-engine-hcd.h
Unescape Escape View File

@ -30,7 +30,7 @@ int PrefilterTxResponseCookieRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
int DetectEngineInspectHttpCookie(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
void DetectEngineHttpCookieRegisterTests(void);

4
src/detect-engine-hhd.c
Unescape Escape View File

@ -383,7 +383,7 @@ int PrefilterTxHttpResponseHeadersRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx)
int DetectEngineInspectHttpHeader(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id)
{
HtpState *htp_state = (HtpState *)alstate;
@ -399,7 +399,7 @@ int DetectEngineInspectHttpHeader(ThreadVars *tv,
det_ctx->buffer_offset = 0;
det_ctx->discontinue_matching = 0;
det_ctx->inspection_recursion_counter = 0;
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f,
buffer,
buffer_len,

2
src/detect-engine-hhd.h
Unescape Escape View File

@ -30,7 +30,7 @@ int PrefilterTxHttpResponseHeadersRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
int DetectEngineInspectHttpHeader(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
void DetectEngineCleanHHDBuffers(DetectEngineThreadCtx *det_ctx);

4
src/detect-engine-hhhd.c
Unescape Escape View File

@ -116,7 +116,7 @@ int PrefilterTxHostnameRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx)
*/
int DetectEngineInspectHttpHH(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
htp_tx_t *tx = (htp_tx_t *)txv;
@ -130,7 +130,7 @@ int DetectEngineInspectHttpHH(ThreadVars *tv,
det_ctx->buffer_offset = 0;
det_ctx->discontinue_matching = 0;
det_ctx->inspection_recursion_counter = 0;
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f,
hname, hname_len,
0,

2
src/detect-engine-hhhd.h
Unescape Escape View File

@ -29,7 +29,7 @@ int PrefilterTxHostnameRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
int DetectEngineInspectHttpHH(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
void DetectEngineHttpHHRegisterTests(void);

4
src/detect-engine-hmd.c
Unescape Escape View File

@ -113,7 +113,7 @@ int PrefilterTxMethodRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx)
*/
int DetectEngineInspectHttpMethod(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
htp_tx_t *tx = (htp_tx_t *)txv;
@ -127,7 +127,7 @@ int DetectEngineInspectHttpMethod(ThreadVars *tv,
det_ctx->buffer_offset = 0;
det_ctx->discontinue_matching = 0;
det_ctx->inspection_recursion_counter = 0;
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f,
(uint8_t *)bstr_ptr(tx->request_method),
bstr_len(tx->request_method),

2
src/detect-engine-hmd.h
Unescape Escape View File

@ -27,7 +27,7 @@
int DetectEngineInspectHttpMethod(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
int PrefilterTxMethodRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);

4
src/detect-engine-hrhd.c
Unescape Escape View File

@ -164,7 +164,7 @@ int PrefilterTxResponseHeadersRawRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx)
*/
int DetectEngineInspectHttpRawHeader(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
HtpTxUserData *tx_ud = NULL;
@ -195,7 +195,7 @@ int DetectEngineInspectHttpRawHeader(ThreadVars *tv,
det_ctx->buffer_offset = 0;
det_ctx->discontinue_matching = 0;
det_ctx->inspection_recursion_counter = 0;
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f,
headers_raw,
headers_raw_len,

2
src/detect-engine-hrhd.h
Unescape Escape View File

@ -30,7 +30,7 @@ int PrefilterTxResponseHeadersRawRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
int DetectEngineInspectHttpRawHeader(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
void DetectEngineHttpRawHeaderRegisterTests(void);

4
src/detect-engine-hrhhd.c
Unescape Escape View File

@ -128,7 +128,7 @@ int PrefilterTxHostnameRawRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx)
*/
int DetectEngineInspectHttpHRH(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
uint8_t *hname;
@ -153,7 +153,7 @@ int DetectEngineInspectHttpHRH(ThreadVars *tv,
det_ctx->buffer_offset = 0;
det_ctx->discontinue_matching = 0;
det_ctx->inspection_recursion_counter = 0;
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f,
hname, hname_len,
0,

2
src/detect-engine-hrhhd.h
Unescape Escape View File

@ -29,7 +29,7 @@ int PrefilterTxHostnameRawRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
int DetectEngineInspectHttpHRH(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
void DetectEngineHttpHRHRegisterTests(void);

4
src/detect-engine-hrud.c
Unescape Escape View File

@ -113,7 +113,7 @@ int PrefilterTxRawUriRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx)
*/
int DetectEngineInspectHttpRawUri(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
htp_tx_t *tx = (htp_tx_t *)txv;
@ -129,7 +129,7 @@ int DetectEngineInspectHttpRawUri(ThreadVars *tv,
det_ctx->inspection_recursion_counter = 0;
/* Inspect all the uricontents fetched on each
* transaction at the app layer */
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f,
(uint8_t *)bstr_ptr(tx->request_uri),
bstr_len(tx->request_uri),

2
src/detect-engine-hrud.h
Unescape Escape View File

@ -30,7 +30,7 @@ int PrefilterTxRawUriRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
int DetectEngineInspectHttpRawUri(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
void DetectEngineHttpRawUriRegisterTests(void);

4
src/detect-engine-hsbd.c
Unescape Escape View File

@ -263,7 +263,7 @@ int PrefilterTxHttpResponseBodyRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx)
int DetectEngineInspectHttpServerBody(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
Signature *s, const SigMatch *sm,
Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id)
{
HtpState *htp_state = (HtpState *)alstate;
@ -281,7 +281,7 @@ int DetectEngineInspectHttpServerBody(ThreadVars *tv,
det_ctx->buffer_offset = 0;
det_ctx->discontinue_matching = 0;
det_ctx->inspection_recursion_counter = 0;
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f,
(uint8_t *)buffer,
buffer_len,

2
src/detect-engine-hsbd.h
Unescape Escape View File

@ -31,7 +31,7 @@ int PrefilterTxHttpResponseBodyRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
int DetectEngineInspectHttpServerBody(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate,
void *tx, uint64_t tx_id);

4
src/detect-engine-hscd.c
Unescape Escape View File

@ -112,7 +112,7 @@ int PrefilterTxHttpStatCodeRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx)
*/
int DetectEngineInspectHttpStatCode(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
htp_tx_t *tx = (htp_tx_t *)txv;
@ -126,7 +126,7 @@ int DetectEngineInspectHttpStatCode(ThreadVars *tv,
det_ctx->discontinue_matching = 0;
det_ctx->buffer_offset = 0;
det_ctx->inspection_recursion_counter = 0;
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f,
(uint8_t *)bstr_ptr(tx->response_status),
bstr_len(tx->response_status),

2
src/detect-engine-hscd.h
Unescape Escape View File

@ -29,7 +29,7 @@ int PrefilterTxHttpStatCodeRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
int DetectEngineInspectHttpStatCode(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
void DetectEngineHttpStatCodeRegisterTests(void);

4
src/detect-engine-hsmd.c
Unescape Escape View File

@ -112,7 +112,7 @@ int PrefilterTxHttpStatMsgRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx)
*/
int DetectEngineInspectHttpStatMsg(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
htp_tx_t *tx = (htp_tx_t *)txv;
@ -126,7 +126,7 @@ int DetectEngineInspectHttpStatMsg(ThreadVars *tv,
det_ctx->discontinue_matching = 0;
det_ctx->buffer_offset = 0;
det_ctx->inspection_recursion_counter = 0;
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f,
(uint8_t *)bstr_ptr(tx->response_message),
bstr_len(tx->response_message),

2
src/detect-engine-hsmd.h
Unescape Escape View File

@ -29,7 +29,7 @@ int PrefilterTxHttpStatMsgRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
int DetectEngineInspectHttpStatMsg(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
void DetectEngineHttpStatMsgRegisterTests(void);

4
src/detect-engine-hua.c
Unescape Escape View File

@ -121,7 +121,7 @@ int PrefilterTxUARegister(SigGroupHead *sgh, MpmCtx *mpm_ctx)
*/
int DetectEngineInspectHttpUA(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
htp_tx_t *tx = (htp_tx_t *)txv;
@ -135,7 +135,7 @@ int DetectEngineInspectHttpUA(ThreadVars *tv,
det_ctx->buffer_offset = 0;
det_ctx->discontinue_matching = 0;
det_ctx->inspection_recursion_counter = 0;
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f,
(uint8_t *)bstr_ptr(h->value),
bstr_len(h->value),

2
src/detect-engine-hua.h
Unescape Escape View File

@ -29,7 +29,7 @@ int PrefilterTxUARegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
int DetectEngineInspectHttpUA(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
void DetectEngineHttpUARegisterTests(void);

4
src/detect-engine-modbus.c
Unescape Escape View File

@ -200,7 +200,7 @@ int DetectEngineInspectModbus(ThreadVars *tv,
DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx,
const Signature *s,
const SigMatch *sm,
const SigMatchData *smd,
Flow *f,
uint8_t flags,
void *alstate,
@ -209,7 +209,7 @@ int DetectEngineInspectModbus(ThreadVars *tv,
{
SCEnter();
ModbusTransaction *tx = (ModbusTransaction *)txv;
DetectModbus *modbus = (DetectModbus *) sm->ctx;
DetectModbus *modbus = (DetectModbus *) smd->ctx;
int ret = 0;

2
src/detect-engine-modbus.h
Unescape Escape View File

@ -35,7 +35,7 @@
int DetectEngineInspectModbus(ThreadVars *,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *,
const Signature *, const SigMatch *,
const Signature *, const SigMatchData *,
Flow *, uint8_t, void *, void *, uint64_t);
void DetectEngineInspectModbusRegisterTests(void);

4
src/detect-engine-payload.c
Unescape Escape View File

@ -143,7 +143,7 @@ int DetectEngineInspectPacketPayload(DetectEngineCtx *de_ctx,
det_ctx->inspection_recursion_counter = 0;
det_ctx->replist = NULL;
r = DetectEngineContentInspection(de_ctx, det_ctx, s, s->sm_lists[DETECT_SM_LIST_PMATCH],
r = DetectEngineContentInspection(de_ctx, det_ctx, s, s->sm_arrays[DETECT_SM_LIST_PMATCH],
f, p->payload, p->payload_len, 0,
DETECT_ENGINE_CONTENT_INSPECTION_MODE_PAYLOAD, p);
if (r == 1) {
@ -184,7 +184,7 @@ int DetectEngineInspectStreamPayload(DetectEngineCtx *de_ctx,
det_ctx->discontinue_matching = 0;
det_ctx->inspection_recursion_counter = 0;
r = DetectEngineContentInspection(de_ctx, det_ctx, s, s->sm_lists[DETECT_SM_LIST_PMATCH],
r = DetectEngineContentInspection(de_ctx, det_ctx, s, s->sm_arrays[DETECT_SM_LIST_PMATCH],
f, payload, payload_len, 0,
DETECT_ENGINE_CONTENT_INSPECTION_MODE_STREAM, NULL);
if (r == 1) {

4
src/detect-engine-state.c
Unescape Escape View File

@ -534,7 +534,7 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
if (direction == engine->dir) {
KEYWORD_PROFILING_SET_LIST(det_ctx, engine->sm_list);
int match = engine->Callback(tv, de_ctx, det_ctx,
s, engine->sm, f, flags, alstate, tx, tx_id);
s, engine->smd, f, flags, alstate, tx, tx_id);
SCLogDebug("engine %p match %d", engine, match);
if (match == DETECT_ENGINE_INSPECT_SIG_MATCH) {
inspect_flags |= BIT_U32(engine->id);
@ -859,7 +859,7 @@ static int DoInspectItem(ThreadVars *tv,
SCLogDebug("inspect_flags %x", inspect_flags);
KEYWORD_PROFILING_SET_LIST(det_ctx, engine->sm_list);
int match = engine->Callback(tv, de_ctx, det_ctx,
s, engine->sm,
s, engine->smd,
f, flags, alstate, inspect_tx, inspect_tx_id);
if (match == DETECT_ENGINE_INSPECT_SIG_MATCH) {
inspect_flags |= BIT_U32(engine->id);

6
src/detect-engine-template.c
Unescape Escape View File

@ -38,19 +38,19 @@
int DetectEngineInspectTemplateBuffer(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
Signature *s, const SigMatch *sm,
Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
TemplateTransaction *tx = (TemplateTransaction *)txv;
int ret = 0;
if (flags & STREAM_TOSERVER && tx->request_buffer != NULL) {
ret = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
ret = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f, tx->request_buffer, tx->request_buffer_len, 0,
DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL);
}
else if (flags & STREAM_TOCLIENT && tx->response_buffer != NULL) {
ret = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
ret = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f, tx->response_buffer, tx->response_buffer_len, 0,
DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL);
}

2
src/detect-engine-template.h
Unescape Escape View File

@ -26,7 +26,7 @@
int DetectEngineInspectTemplateBuffer(ThreadVars *,
DetectEngineCtx *, DetectEngineThreadCtx *,
const Signature *, const SigMatch *,
const Signature *, const SigMatchData *,
Flow *, uint8_t, void *, void *tx, uint64_t tx_id);
#endif /* __DETECT_TEMPLATE_ENGINE_H__ */

14
src/detect-engine-tls.c
Unescape Escape View File

@ -99,7 +99,7 @@ int PrefilterTxTlsSniRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx)
*/
int DetectEngineInspectTlsSni(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
uint8_t *buffer;
@ -114,7 +114,7 @@ int DetectEngineInspectTlsSni(ThreadVars *tv,
buffer = (uint8_t *)ssl_state->client_connp.sni;
buffer_len = strlen(ssl_state->client_connp.sni);
cnt = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
cnt = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f, buffer, buffer_len, 0,
DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL);
@ -174,7 +174,7 @@ int PrefilterTxTlsIssuerRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx)
*/
int DetectEngineInspectTlsIssuer(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
Signature *s, const SigMatch *sm,
Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
uint8_t *buffer;
@ -189,7 +189,7 @@ int DetectEngineInspectTlsIssuer(ThreadVars *tv,
buffer = (uint8_t *)ssl_state->server_connp.cert0_issuerdn;
buffer_len = strlen(ssl_state->server_connp.cert0_issuerdn);
cnt = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
cnt = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f, buffer, buffer_len, 0,
DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL);
@ -249,7 +249,7 @@ int PrefilterTxTlsSubjectRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx)
*/
int DetectEngineInspectTlsSubject(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
Signature *s, const SigMatch *sm,
Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
uint8_t *buffer;
@ -264,7 +264,7 @@ int DetectEngineInspectTlsSubject(ThreadVars *tv,
buffer = (uint8_t *)ssl_state->server_connp.cert0_subject;
buffer_len = strlen(ssl_state->server_connp.cert0_subject);
cnt = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
cnt = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f, buffer, buffer_len, 0,
DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL);
@ -273,7 +273,7 @@ int DetectEngineInspectTlsSubject(ThreadVars *tv,
int DetectEngineInspectTlsValidity(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
Signature *s, const SigMatch *sm,
Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate,
void *txv, uint64_t tx_id)
{

8
src/detect-engine-tls.h
Unescape Escape View File

@ -29,23 +29,23 @@ int PrefilterTxTlsSubjectRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
int DetectEngineInspectTlsSni(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
int DetectEngineInspectTlsIssuer(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
int DetectEngineInspectTlsSubject(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags,
void *alstate, void *txv, uint64_t tx_id);
int DetectEngineInspectTlsValidity(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
#endif /* __DETECT_ENGINE_TLS_H__ */

4
src/detect-engine-uri.c
Unescape Escape View File

@ -106,7 +106,7 @@ int PrefilterTxUriRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx)
*/
int DetectEngineInspectHttpUri(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
Signature *s, const SigMatch *sm,
Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
HtpTxUserData *tx_ud = htp_tx_get_user_data(txv);
@ -129,7 +129,7 @@ int DetectEngineInspectHttpUri(ThreadVars *tv,
/* Inspect all the uricontents fetched on each
* transaction at the app layer */
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f,
bstr_ptr(tx_ud->request_uri_normalized),
bstr_len(tx_ud->request_uri_normalized),

2
src/detect-engine-uri.h
Unescape Escape View File

@ -28,7 +28,7 @@ int PrefilterTxUriRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
int DetectEngineInspectHttpUri(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
void UriRegisterTests(void);

20
src/detect-engine.c
Unescape Escape View File

@ -208,9 +208,7 @@ int DetectEngineAppInspectionEngine2Signature(Signature *s)
case DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH:
new_engine->sm = s->sm_lists[new_engine->sm_list];
s->sm_lists[new_engine->sm_list] = NULL;
s->sm_lists_tail[new_engine->sm_list] = NULL;
new_engine->smd = s->sm_arrays[new_engine->sm_list];
lists_used[t->sm_list] = 1;
break;
default:
@ -239,8 +237,7 @@ next:
int i;
for (i = 0; i < DETECT_SM_LIST_MAX; i++) {
if (lists_used[i]) {
s->sm_lists[i] = NULL;
s->sm_lists_tail[i] = NULL;
s->sm_arrays[i] = NULL;
}
}
@ -258,13 +255,13 @@ next:
*/
void DetectEngineAppInspectionEngineSignatureFree(Signature *s)
{
SigMatch *ptrs[DETECT_SM_LIST_MAX] = { NULL };
SigMatchData *ptrs[DETECT_SM_LIST_MAX] = { NULL };
DetectEngineAppInspectionEngine *ie = s->app_inspect;
while (ie) {
DetectEngineAppInspectionEngine *next = ie->next;
BUG_ON(ptrs[ie->sm_list] != NULL && ptrs[ie->sm_list] != ie->sm);
ptrs[ie->sm_list] = ie->sm;
BUG_ON(ptrs[ie->sm_list] != NULL && ptrs[ie->sm_list] != ie->smd);
ptrs[ie->sm_list] = ie->smd;
SCFree(ie);
ie = next;
}
@ -272,12 +269,7 @@ void DetectEngineAppInspectionEngineSignatureFree(Signature *s)
int i;
for (i = 0; i < DETECT_SM_LIST_MAX; i++)
{
SigMatch *sm = ptrs[i];
while (sm != NULL) {
SigMatch *nsm = sm->next;
SigMatchFree(sm);
sm = nsm;
}
SCFree(ptrs[i]);
}
}

4
src/detect-fileext.c
Unescape Escape View File

@ -52,7 +52,7 @@
#include "detect-fileext.h"
static int DetectFileextMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *,
uint8_t, File *, const Signature *, const SigMatch *);
uint8_t, File *, const Signature *, const SigMatchData *);
static int DetectFileextSetup (DetectEngineCtx *, Signature *, char *);
static void DetectFileextRegisterTests(void);
static void DetectFileextFree(void *);
@ -89,7 +89,7 @@ void DetectFileextRegister(void)
* \retval 1 match
*/
static int DetectFileextMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
Flow *f, uint8_t flags, File *file, const Signature *s, const SigMatch *m)
Flow *f, uint8_t flags, File *file, const Signature *s, const SigMatchData *m)
{
SCEnter();
int ret = 0;

4
src/detect-filemagic.c
Unescape Escape View File

@ -76,7 +76,7 @@ void DetectFilemagicRegister(void)
#else /* HAVE_MAGIC */
static int DetectFilemagicMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *,
uint8_t, File *, const Signature *, const SigMatch *);
uint8_t, File *, const Signature *, const SigMatchData *);
static int DetectFilemagicSetup (DetectEngineCtx *, Signature *, char *);
static void DetectFilemagicRegisterTests(void);
static void DetectFilemagicFree(void *);
@ -176,7 +176,7 @@ int FilemagicThreadLookup(magic_t *ctx, File *file)
* \retval 1 match
*/
static int DetectFilemagicMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
Flow *f, uint8_t flags, File *file, const Signature *s, const SigMatch *m)
Flow *f, uint8_t flags, File *file, const Signature *s, const SigMatchData *m)
{
SCEnter();
int ret = 0;

4
src/detect-filename.c
Unescape Escape View File

@ -53,7 +53,7 @@
#include "app-layer-parser.h"
static int DetectFilenameMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *,
uint8_t, File *, const Signature *, const SigMatch *);
uint8_t, File *, const Signature *, const SigMatchData *);
static int DetectFilenameSetup (DetectEngineCtx *, Signature *, char *);
static void DetectFilenameRegisterTests(void);
static void DetectFilenameFree(void *);
@ -101,7 +101,7 @@ void DetectFilenameRegister(void)
* \retval 1 match
*/
static int DetectFilenameMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
Flow *f, uint8_t flags, File *file, const Signature *s, const SigMatch *m)
Flow *f, uint8_t flags, File *file, const Signature *s, const SigMatchData *m)
{
SCEnter();
int ret = 0;

4
src/detect-filesize.c
Unescape Escape View File

@ -49,7 +49,7 @@ static pcre_extra *parse_regex_study;
/*prototypes*/
static int DetectFilesizeMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f,
uint8_t flags, File *file, const Signature *s, const SigMatch *m);
uint8_t flags, File *file, const Signature *s, const SigMatchData *m);
static int DetectFilesizeSetup (DetectEngineCtx *, Signature *, char *);
static void DetectFilesizeFree (void *);
static void DetectFilesizeRegisterTests (void);
@ -87,7 +87,7 @@ void DetectFilesizeRegister(void)
* \retval 1 match
*/
static int DetectFilesizeMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f,
uint8_t flags, File *file, const Signature *s, const SigMatch *m)
uint8_t flags, File *file, const Signature *s, const SigMatchData *m)
{
SCEnter();

4
src/detect-filestore.c
Unescape Escape View File

@ -60,7 +60,7 @@ static pcre *parse_regex;
static pcre_extra *parse_regex_study;
static int DetectFilestoreMatch (ThreadVars *, DetectEngineThreadCtx *,
Flow *, uint8_t, File *, const Signature *, const SigMatch *);
Flow *, uint8_t, File *, const Signature *, const SigMatchData *);
static int DetectFilestoreSetup (DetectEngineCtx *, Signature *, char *);
static void DetectFilestoreFree(void *);
static void DetectFilestoreRegisterTests(void);
@ -247,7 +247,7 @@ int DetectFilestorePostMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, Pack
* needs to be put behind a api.
*/
static int DetectFilestoreMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f,
uint8_t flags, File *file, const Signature *s, const SigMatch *m)
uint8_t flags, File *file, const Signature *s, const SigMatchData *m)
{
uint16_t file_id = 0;

6
src/detect-http-request-line.c
Unescape Escape View File

@ -66,7 +66,7 @@ void DetectHttpRequestLineFree(void *);
static int PrefilterTxHttpRequestLineRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
static int DetectEngineInspectHttpRequestLine(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
/**
@ -172,7 +172,7 @@ static int PrefilterTxHttpRequestLineRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx
*/
static int DetectEngineInspectHttpRequestLine(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
htp_tx_t *tx = (htp_tx_t *)txv;
@ -191,7 +191,7 @@ static int DetectEngineInspectHttpRequestLine(ThreadVars *tv,
/* Inspect all the uricontents fetched on each
* transaction at the app layer */
int r = DetectEngineContentInspection(de_ctx, det_ctx,
s, sm,
s, smd,
f,
bstr_ptr(tx->request_line),
bstr_len(tx->request_line),

6
src/detect-http-response-line.c
Unescape Escape View File

@ -66,7 +66,7 @@ void DetectHttpResponseLineFree(void *);
static int PrefilterTxHttpResponseLineRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
static int DetectEngineInspectHttpResponseLine(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
/**
@ -172,7 +172,7 @@ static int PrefilterTxHttpResponseLineRegister(SigGroupHead *sgh, MpmCtx *mpm_ct
*/
int DetectEngineInspectHttpResponseLine(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
htp_tx_t *tx = (htp_tx_t *)txv;
@ -194,7 +194,7 @@ int DetectEngineInspectHttpResponseLine(ThreadVars *tv,
#endif
/* run the inspection against the buffer */
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, sm,
int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
f,
bstr_ptr(tx->response_line),
bstr_len(tx->response_line),

4
src/detect-lua.c
Unescape Escape View File

@ -186,7 +186,7 @@ void LuaDumpStack(lua_State *state)
}
int DetectLuaMatchBuffer(DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
uint8_t *buffer, uint32_t buffer_len, uint32_t offset,
Flow *f)
{
@ -196,7 +196,7 @@ int DetectLuaMatchBuffer(DetectEngineThreadCtx *det_ctx,
if (buffer == NULL || buffer_len == 0)
SCReturnInt(0);
DetectLuaData *lua = (DetectLuaData *)sm->ctx;
DetectLuaData *lua = (DetectLuaData *)smd->ctx;
if (lua == NULL)
SCReturnInt(0);

2
src/detect-lua.h
Unescape Escape View File

@ -56,7 +56,7 @@ typedef struct DetectLuaData {
/* prototypes */
void DetectLuaRegister (void);
int DetectLuaMatchBuffer(DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatch *sm,
const Signature *s, const SigMatchData *smd,
uint8_t *buffer, uint32_t buffer_len, uint32_t offset,
Flow *f);

6
src/detect-pcre.c
Unescape Escape View File

@ -172,8 +172,8 @@ void DetectPcreRegister (void)
* \retval 0 No match.
*/
int DetectPcrePayloadMatch(DetectEngineThreadCtx *det_ctx, const Signature *s,
const SigMatch *sm, Packet *p, Flow *f, uint8_t *payload,
uint32_t payload_len)
const SigMatchData *smd, Packet *p, Flow *f,
uint8_t *payload, uint32_t payload_len)
{
SCEnter();
#define MAX_SUBSTRINGS 30
@ -183,7 +183,7 @@ int DetectPcrePayloadMatch(DetectEngineThreadCtx *det_ctx, const Signature *s,
uint16_t len = 0;
uint16_t capture_len = 0;
DetectPcreData *pe = (DetectPcreData *)sm->ctx;
DetectPcreData *pe = (DetectPcreData *)smd->ctx;
if (pe->flags & DETECT_PCRE_RELATIVE) {
ptr = payload + det_ctx->buffer_offset;

7
src/detect-pcre.h
Unescape Escape View File

@ -44,8 +44,11 @@ typedef struct DetectPcreData_ {
} DetectPcreData;
/* prototypes */
int DetectPcrePayloadMatch(DetectEngineThreadCtx *, const Signature *,
const SigMatch *, Packet *, Flow *, uint8_t *, uint32_t);
int DetectPcrePayloadMatch(DetectEngineThreadCtx *,
const Signature *, const SigMatchData *,
Packet *, Flow *, uint8_t *, uint32_t);
int DetectPcrePacketPayloadMatch(DetectEngineThreadCtx *, Packet *, Signature *, SigMatch *);
int DetectPcrePayloadDoMatch(DetectEngineThreadCtx *, Signature *, SigMatch *,
Packet *, uint8_t *, uint16_t);

7
src/detect.h
Unescape Escape View File

@ -377,7 +377,7 @@ struct DetectEngineThreadCtx_;// DetectEngineThreadCtx;
typedef int (*InspectEngineFuncPtr)(ThreadVars *tv,
struct DetectEngineCtx_ *de_ctx, struct DetectEngineThreadCtx_ *det_ctx,
const struct Signature_ *sig, const SigMatch *sm_list,
const struct Signature_ *sig, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate,
void *tx, uint64_t tx_id);
@ -395,7 +395,7 @@ typedef struct DetectEngineAppInspectionEngine_ {
*/
InspectEngineFuncPtr Callback;
SigMatch *sm;
SigMatchData *smd;
struct DetectEngineAppInspectionEngine_ *next;
} DetectEngineAppInspectionEngine;
@ -955,7 +955,6 @@ typedef struct DetectEngineThreadCtx_ {
} DetectEngineThreadCtx;
/** \brief element in sigmatch type table.
* \note FileMatch pointer below takes a locked flow, AppLayerMatch an unlocked flow
*/
typedef struct SigTableElmt_ {
/** Packet match function pointer */
@ -973,7 +972,7 @@ typedef struct SigTableElmt_ {
int (*FileMatch)(ThreadVars *, /**< thread local vars */
DetectEngineThreadCtx *,
Flow *, /**< *LOCKED* flow */
uint8_t flags, File *, const Signature *, const SigMatch *);
uint8_t flags, File *, const Signature *, const SigMatchData *);
/** keyword setup function pointer */
int (*Setup)(DetectEngineCtx *, Signature *, char *);

2
src/util-detect-file-hash.c
Unescape Escape View File

@ -147,7 +147,7 @@ static int HashMatchHashTable(ROHashTable *hash_table, uint8_t *hash,
* \retval 1 match
*/
int DetectFileHashMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
Flow *f, uint8_t flags, File *file, const Signature *s, const SigMatch *m)
Flow *f, uint8_t flags, File *file, const Signature *s, const SigMatchData *m)
{
SCEnter();
int ret = 0;

2
src/util-detect-file-hash.h
Unescape Escape View File

@ -38,7 +38,7 @@ int ReadHashString(uint8_t *, char *, char *, int, uint16_t);
int LoadHashTable(ROHashTable *, char *, char *, int, uint32_t);
int DetectFileHashMatch(ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t,
File *, const Signature *, const SigMatch *);
File *, const Signature *, const SigMatchData *);
int DetectFileHashSetup(DetectEngineCtx *, Signature *, char *, uint32_t);
void DetectFileHashFree(void *);

Write Preview
Loading…
Cancel
Save