detect: move keyword registration into own file

src/Makefile.am

@@ -142,6 +142,7 @@ detect-engine-prefilter.c detect-engine-prefilter.h \
 detect-engine-prefilter-common.c detect-engine-prefilter-common.h \
 detect-engine-proto.c detect-engine-proto.h \
 detect-engine-profile.c detect-engine-profile.h \
+detect-engine-register.c detect-engine-register.h \
 detect-engine-siggroup.c detect-engine-siggroup.h \
 detect-engine-sigorder.c detect-engine-sigorder.h \
 detect-engine-state.c detect-engine-state.h \

src/detect-engine-register.c

@@ -0,0 +1,503 @@
+/* Copyright (C) 2007-2017 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * \author Victor Julien <victor@inliniac.net>
+ */
+
+#include "suricata-common.h"
+#include "suricata.h"
+#include "debug.h"
+#include "detect.h"
+#include "flow.h"
+#include "flow-private.h"
+#include "flow-bit.h"
+
+#include "detect-parse.h"
+#include "detect-engine.h"
+#include "detect-engine-profile.h"
+
+#include "detect-engine-alert.h"
+#include "detect-engine-siggroup.h"
+#include "detect-engine-address.h"
+#include "detect-engine-proto.h"
+#include "detect-engine-port.h"
+#include "detect-engine-mpm.h"
+#include "detect-engine-iponly.h"
+#include "detect-engine-threshold.h"
+#include "detect-engine-prefilter.h"
+
+#include "detect-engine-payload.h"
+#include "detect-engine-dcepayload.h"
+#include "detect-engine-uri.h"
+#include "detect-dns-query.h"
+#include "detect-tls-sni.h"
+#include "detect-tls-cert-fingerprint.h"
+#include "detect-tls-cert-issuer.h"
+#include "detect-tls-cert-subject.h"
+#include "detect-tls-cert-serial.h"
+#include "detect-engine-state.h"
+#include "detect-engine-analyzer.h"
+#include "detect-engine-filedata-smtp.h"
+
+#include "detect-http-cookie.h"
+#include "detect-http-method.h"
+#include "detect-http-ua.h"
+#include "detect-http-hh.h"
+#include "detect-http-hrh.h"
+
+#include "detect-nfs-procedure.h"
+#include "detect-nfs-version.h"
+
+#include "detect-engine-event.h"
+#include "decode.h"
+
+#include "detect-base64-decode.h"
+#include "detect-base64-data.h"
+#include "detect-ipopts.h"
+#include "detect-flags.h"
+#include "detect-fragbits.h"
+#include "detect-fragoffset.h"
+#include "detect-gid.h"
+#include "detect-ack.h"
+#include "detect-seq.h"
+#include "detect-content.h"
+#include "detect-uricontent.h"
+#include "detect-pcre.h"
+#include "detect-depth.h"
+#include "detect-nocase.h"
+#include "detect-rawbytes.h"
+#include "detect-bytetest.h"
+#include "detect-bytejump.h"
+#include "detect-sameip.h"
+#include "detect-l3proto.h"
+#include "detect-ipproto.h"
+#include "detect-within.h"
+#include "detect-distance.h"
+#include "detect-offset.h"
+#include "detect-sid.h"
+#include "detect-prefilter.h"
+#include "detect-priority.h"
+#include "detect-classtype.h"
+#include "detect-reference.h"
+#include "detect-tag.h"
+#include "detect-threshold.h"
+#include "detect-metadata.h"
+#include "detect-msg.h"
+#include "detect-rev.h"
+#include "detect-flow.h"
+#include "detect-window.h"
+#include "detect-ftpbounce.h"
+#include "detect-isdataat.h"
+#include "detect-id.h"
+#include "detect-rpc.h"
+#include "detect-asn1.h"
+#include "detect-filename.h"
+#include "detect-fileext.h"
+#include "detect-filestore.h"
+#include "detect-filemagic.h"
+#include "detect-filemd5.h"
+#include "detect-filesha1.h"
+#include "detect-filesha256.h"
+#include "detect-filesize.h"
+#include "detect-dsize.h"
+#include "detect-flowvar.h"
+#include "detect-flowint.h"
+#include "detect-pktvar.h"
+#include "detect-noalert.h"
+#include "detect-flowbits.h"
+#include "detect-hostbits.h"
+#include "detect-xbits.h"
+#include "detect-csum.h"
+#include "detect-stream_size.h"
+#include "detect-engine-sigorder.h"
+#include "detect-ttl.h"
+#include "detect-fast-pattern.h"
+#include "detect-itype.h"
+#include "detect-icode.h"
+#include "detect-icmp-id.h"
+#include "detect-icmp-seq.h"
+#include "detect-dce-iface.h"
+#include "detect-dce-opnum.h"
+#include "detect-dce-stub-data.h"
+#include "detect-urilen.h"
+#include "detect-detection-filter.h"
+#include "detect-http-client-body.h"
+#include "detect-http-server-body.h"
+#include "detect-http-header.h"
+#include "detect-http-header-names.h"
+#include "detect-http-headers.h"
+#include "detect-http-raw-header.h"
+#include "detect-http-uri.h"
+#include "detect-http-protocol.h"
+#include "detect-http-start.h"
+#include "detect-http-raw-uri.h"
+#include "detect-http-stat-msg.h"
+#include "detect-http-request-line.h"
+#include "detect-http-response-line.h"
+#include "detect-engine-hcbd.h"
+#include "detect-engine-hsbd.h"
+#include "detect-engine-hrhd.h"
+#include "detect-engine-hmd.h"
+#include "detect-engine-hcd.h"
+#include "detect-engine-hrud.h"
+#include "detect-engine-hsmd.h"
+#include "detect-engine-hscd.h"
+#include "detect-engine-hua.h"
+#include "detect-engine-hhhd.h"
+#include "detect-engine-hrhhd.h"
+#include "detect-byte-extract.h"
+#include "detect-file-data.h"
+#include "detect-pkt-data.h"
+#include "detect-replace.h"
+#include "detect-tos.h"
+#include "detect-app-layer-event.h"
+#include "detect-lua.h"
+#include "detect-iprep.h"
+#include "detect-geoip.h"
+#include "detect-app-layer-protocol.h"
+#include "detect-template.h"
+#include "detect-target.h"
+#include "detect-template-buffer.h"
+#include "detect-bypass.h"
+#include "detect-engine-content-inspection.h"
+
+#include "util-rule-vars.h"
+
+#include "app-layer.h"
+#include "app-layer-protos.h"
+#include "app-layer-htp.h"
+#include "app-layer-smtp.h"
+#include "app-layer-template.h"
+#include "detect-tls.h"
+#include "detect-tls-cert-validity.h"
+#include "detect-tls-version.h"
+#include "detect-ssh-proto.h"
+#include "detect-ssh-proto-version.h"
+#include "detect-ssh-software.h"
+#include "detect-ssh-software-version.h"
+#include "detect-http-stat-code.h"
+#include "detect-ssl-version.h"
+#include "detect-ssl-state.h"
+#include "detect-modbus.h"
+#include "detect-cipservice.h"
+#include "detect-dnp3.h"
+
+#include "action-globals.h"
+#include "tm-threads.h"
+
+#include "pkt-var.h"
+
+#include "conf.h"
+#include "conf-yaml-loader.h"
+
+#include "stream-tcp.h"
+#include "stream-tcp-inline.h"
+
+#include "util-lua.h"
+#include "util-var-name.h"
+#include "util-classification-config.h"
+#include "util-threshold-config.h"
+#include "util-print.h"
+#include "util-unittest.h"
+#include "util-unittest-helper.h"
+#include "util-debug.h"
+#include "util-hashlist.h"
+#include "util-cuda.h"
+#include "util-privs.h"
+#include "util-profiling.h"
+#include "util-validate.h"
+#include "util-optimize.h"
+#include "util-path.h"
+#include "util-mpm-ac.h"
+#include "runmodes.h"
+
+static void PrintFeatureList(const SigTableElmt *e, char sep)
+{
+    const uint8_t flags = e->flags;
+
+    int prev = 0;
+    if (flags & SIGMATCH_NOOPT) {
+        printf("No option");
+        prev = 1;
+    }
+    if (flags & SIGMATCH_IPONLY_COMPAT) {
+        if (prev == 1)
+            printf("%c", sep);
+        printf("compatible with IP only rule");
+        prev = 1;
+    }
+    if (flags & SIGMATCH_DEONLY_COMPAT) {
+        if (prev == 1)
+            printf("%c", sep);
+        printf("compatible with decoder event only rule");
+        prev = 1;
+    }
+    if (e->SupportsPrefilter) {
+        if (prev == 1)
+            printf("%c", sep);
+        printf("prefilter");
+        prev = 1;
+    }
+    if (prev == 0) {
+        printf("none");
+    }
+}
+
+static void SigMultilinePrint(int i, const char *prefix)
+{
+    if (sigmatch_table[i].desc) {
+        printf("%sDescription: %s\n", prefix, sigmatch_table[i].desc);
+    }
+    printf("%sFeatures: ", prefix);
+    PrintFeatureList(&sigmatch_table[i], ',');
+    if (sigmatch_table[i].url) {
+        printf("\n%sDocumentation: %s", prefix, sigmatch_table[i].url);
+    }
+    printf("\n");
+}
+
+void SigTableList(const char *keyword)
+{
+    size_t size = sizeof(sigmatch_table) / sizeof(SigTableElmt);
+    size_t i;
+
+    if (keyword == NULL) {
+        printf("=====Supported keywords=====\n");
+        for (i = 0; i < size; i++) {
+            if (sigmatch_table[i].name != NULL) {
+                if (sigmatch_table[i].flags & SIGMATCH_NOT_BUILT) {
+                    printf("- %s (not built-in)\n", sigmatch_table[i].name);
+                } else {
+                    printf("- %s\n", sigmatch_table[i].name);
+                }
+            }
+        }
+    } else if (strcmp("csv", keyword) == 0) {
+        printf("name;description;app layer;features;documentation\n");
+        for (i = 0; i < size; i++) {
+            if (sigmatch_table[i].name != NULL) {
+                if (sigmatch_table[i].flags & SIGMATCH_NOT_BUILT) {
+                    continue;
+                }
+                printf("%s;", sigmatch_table[i].name);
+                if (sigmatch_table[i].desc) {
+                    printf("%s", sigmatch_table[i].desc);
+                }
+                /* Build feature */
+                printf(";Unset;"); // this used to be alproto
+                PrintFeatureList(&sigmatch_table[i], ':');
+                printf(";");
+                if (sigmatch_table[i].url) {
+                    printf("%s", sigmatch_table[i].url);
+                }
+                printf(";");
+                printf("\n");
+            }
+        }
+    } else if (strcmp("all", keyword) == 0) {
+        for (i = 0; i < size; i++) {
+            if (sigmatch_table[i].name != NULL) {
+                printf("%s:\n", sigmatch_table[i].name);
+                SigMultilinePrint(i, "\t");
+            }
+        }
+    } else {
+        for (i = 0; i < size; i++) {
+            if ((sigmatch_table[i].name != NULL) &&
+                strcmp(sigmatch_table[i].name, keyword) == 0) {
+                printf("= %s =\n", sigmatch_table[i].name);
+                if (sigmatch_table[i].flags & SIGMATCH_NOT_BUILT) {
+                    printf("Not built-in\n");
+                    return;
+                }
+                SigMultilinePrint(i, "");
+                return;
+            }
+        }
+    }
+    return;
+}
+
+void SigTableSetup(void)
+{
+    memset(sigmatch_table, 0, sizeof(sigmatch_table));
+
+    DetectSidRegister();
+    DetectPriorityRegister();
+    DetectPrefilterRegister();
+    DetectRevRegister();
+    DetectClasstypeRegister();
+    DetectReferenceRegister();
+    DetectTagRegister();
+    DetectThresholdRegister();
+    DetectMetadataRegister();
+    DetectMsgRegister();
+    DetectAckRegister();
+    DetectSeqRegister();
+    DetectContentRegister();
+    DetectUricontentRegister();
+
+    /* NOTE: the order of these currently affects inspect
+     * engine registration order and ultimately the order
+     * of inspect engines in the rule. Which in turn affects
+     * state keeping */
+    DetectHttpUriRegister();
+    DetectHttpRequestLineRegister();
+    DetectHttpClientBodyRegister();
+    DetectHttpResponseLineRegister();
+    DetectHttpServerBodyRegister();
+    DetectHttpHeaderRegister();
+    DetectHttpHeaderNamesRegister();
+    DetectHttpHeadersRegister();
+    DetectHttpProtocolRegister();
+    DetectHttpStartRegister();
+    DetectHttpRawHeaderRegister();
+    DetectHttpMethodRegister();
+    DetectHttpCookieRegister();
+    DetectHttpRawUriRegister();
+
+    DetectFilenameRegister();
+    DetectFileextRegister();
+    DetectFilestoreRegister();
+    DetectFilemagicRegister();
+    DetectFileMd5Register();
+    DetectFileSha1Register();
+    DetectFileSha256Register();
+    DetectFilesizeRegister();
+
+    DetectHttpUARegister();
+    DetectHttpHHRegister();
+    DetectHttpHRHRegister();
+
+    DetectHttpStatMsgRegister();
+    DetectHttpStatCodeRegister();
+
+    DetectDnsQueryRegister();
+    DetectModbusRegister();
+    DetectCipServiceRegister();
+    DetectEnipCommandRegister();
+    DetectDNP3Register();
+
+    DetectTlsSniRegister();
+    DetectTlsIssuerRegister();
+    DetectTlsSubjectRegister();
+    DetectTlsSerialRegister();
+    DetectTlsFingerprintRegister();
+
+    DetectAppLayerEventRegister();
+    /* end of order dependent regs */
+
+    DetectPcreRegister();
+    DetectDepthRegister();
+    DetectNocaseRegister();
+    DetectRawbytesRegister();
+    DetectBytetestRegister();
+    DetectBytejumpRegister();
+    DetectSameipRegister();
+    DetectGeoipRegister();
+    DetectL3ProtoRegister();
+    DetectIPProtoRegister();
+    DetectWithinRegister();
+    DetectDistanceRegister();
+    DetectOffsetRegister();
+    DetectReplaceRegister();
+    DetectFlowRegister();
+    DetectWindowRegister();
+    DetectRpcRegister();
+    DetectFtpbounceRegister();
+    DetectIsdataatRegister();
+    DetectIdRegister();
+    DetectDsizeRegister();
+    DetectFlowvarRegister();
+    DetectFlowintRegister();
+    DetectPktvarRegister();
+    DetectNoalertRegister();
+    DetectFlowbitsRegister();
+    DetectHostbitsRegister();
+    DetectXbitsRegister();
+    DetectEngineEventRegister();
+    DetectIpOptsRegister();
+    DetectFlagsRegister();
+    DetectFragBitsRegister();
+    DetectFragOffsetRegister();
+    DetectGidRegister();
+    DetectMarkRegister();
+    DetectCsumRegister();
+    DetectStreamSizeRegister();
+    DetectTtlRegister();
+    DetectTosRegister();
+    DetectFastPatternRegister();
+    DetectITypeRegister();
+    DetectICodeRegister();
+    DetectIcmpIdRegister();
+    DetectIcmpSeqRegister();
+    DetectDceIfaceRegister();
+    DetectDceOpnumRegister();
+    DetectDceStubDataRegister();
+    DetectTlsRegister();
+    DetectTlsValidityRegister();
+    DetectTlsVersionRegister();
+    DetectNfsProcedureRegister();
+    DetectNfsVersionRegister();
+    DetectUrilenRegister();
+    DetectDetectionFilterRegister();
+    DetectAsn1Register();
+    DetectSshProtocolRegister();
+    DetectSshVersionRegister();
+    DetectSshSoftwareRegister();
+    DetectSshSoftwareVersionRegister();
+    DetectSslStateRegister();
+    DetectSslVersionRegister();
+    DetectByteExtractRegister();
+    DetectFiledataRegister();
+    DetectPktDataRegister();
+    DetectLuaRegister();
+    DetectIPRepRegister();
+    DetectAppLayerProtocolRegister();
+    DetectBase64DecodeRegister();
+    DetectBase64DataRegister();
+    DetectTemplateRegister();
+    DetectTargetRegister();
+    DetectTemplateBufferRegister();
+    DetectBypassRegister();
+
+    /* close keyword registration */
+    DetectBufferTypeFinalizeRegistration();
+}
+
+void SigTableRegisterTests(void)
+{
+    /* register the tests */
+    int i = 0;
+    for (i = 0; i < DETECT_TBLSIZE; i++) {
+        g_ut_modules++;
+        if (sigmatch_table[i].RegisterTests != NULL) {
+            sigmatch_table[i].RegisterTests();
+            g_ut_covered++;
+        } else {
+            SCLogDebug("detection plugin %s has no unittest "
+                   "registration function.", sigmatch_table[i].name);
+
+            if (coverage_unittests)
+                SCLogWarning(SC_WARN_NO_UNITTESTS, "detection plugin %s has no unittest "
+                        "registration function.", sigmatch_table[i].name);
+        }
+    }
+}

src/detect-engine-register.h

@@ -0,0 +1,210 @@
+/* Copyright (C) 2007-2017 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * \author Victor Julien <victor@inliniac.net>
+ */
+
+#ifndef __DETECT_ENGINE_REGISTER_H__
+#define __DETECT_ENGINE_REGISTER_H__
+
+enum {
+    DETECT_SID,
+    DETECT_PRIORITY,
+    DETECT_REV,
+    DETECT_CLASSTYPE,
+
+    /* sorted by prefilter priority. Higher in this list means it will be
+     * picked over ones lower in the list */
+    DETECT_AL_APP_LAYER_PROTOCOL,
+    DETECT_ACK,
+    DETECT_SEQ,
+    DETECT_WINDOW,
+    DETECT_IPOPTS,
+    DETECT_FLAGS,
+    DETECT_FRAGBITS,
+    DETECT_FRAGOFFSET,
+    DETECT_TTL,
+    DETECT_TOS,
+    DETECT_ITYPE,
+    DETECT_ICODE,
+    DETECT_ICMP_ID,
+    DETECT_ICMP_SEQ,
+    DETECT_DSIZE,
+
+    DETECT_FLOW,
+    /* end prefilter sort */
+
+    DETECT_THRESHOLD,
+    DETECT_METADATA,
+    DETECT_REFERENCE,
+    DETECT_TAG,
+    DETECT_MSG,
+    DETECT_CONTENT,
+    DETECT_URICONTENT,
+    DETECT_PCRE,
+    DETECT_DEPTH,
+    DETECT_DISTANCE,
+    DETECT_WITHIN,
+    DETECT_OFFSET,
+    DETECT_REPLACE,
+    DETECT_NOCASE,
+    DETECT_FAST_PATTERN,
+    DETECT_RAWBYTES,
+    DETECT_BYTETEST,
+    DETECT_BYTEJUMP,
+    DETECT_SAMEIP,
+    DETECT_GEOIP,
+    DETECT_IPPROTO,
+    DETECT_FTPBOUNCE,
+    DETECT_ISDATAAT,
+    DETECT_ID,
+    DETECT_RPC,
+    DETECT_FLOWVAR,
+    DETECT_FLOWVAR_POSTMATCH,
+    DETECT_FLOWINT,
+    DETECT_PKTVAR,
+    DETECT_NOALERT,
+    DETECT_FLOWBITS,
+    DETECT_HOSTBITS,
+    DETECT_IPV4_CSUM,
+    DETECT_TCPV4_CSUM,
+    DETECT_TCPV6_CSUM,
+    DETECT_UDPV4_CSUM,
+    DETECT_UDPV6_CSUM,
+    DETECT_ICMPV4_CSUM,
+    DETECT_ICMPV6_CSUM,
+    DETECT_STREAM_SIZE,
+    DETECT_DETECTION_FILTER,
+
+    DETECT_DECODE_EVENT,
+    DETECT_GID,
+    DETECT_MARK,
+
+    DETECT_AL_TLS_VERSION,
+    DETECT_AL_TLS_SUBJECT,
+    DETECT_AL_TLS_ISSUERDN,
+    DETECT_AL_TLS_NOTBEFORE,
+    DETECT_AL_TLS_NOTAFTER,
+    DETECT_AL_TLS_EXPIRED,
+    DETECT_AL_TLS_VALID,
+    DETECT_AL_TLS_FINGERPRINT,
+    DETECT_AL_TLS_STORE,
+
+    DETECT_AL_HTTP_COOKIE,
+    DETECT_AL_HTTP_METHOD,
+    DETECT_AL_HTTP_PROTOCOL,
+    DETECT_AL_HTTP_START,
+    DETECT_AL_URILEN,
+    DETECT_AL_HTTP_CLIENT_BODY,
+    DETECT_AL_HTTP_SERVER_BODY,
+    DETECT_AL_HTTP_HEADER,
+    DETECT_AL_HTTP_HEADER_NAMES,
+    DETECT_AL_HTTP_HEADER_ACCEPT,
+    DETECT_AL_HTTP_HEADER_ACCEPT_LANG,
+    DETECT_AL_HTTP_HEADER_ACCEPT_ENC,
+    DETECT_AL_HTTP_HEADER_CONNECTION,
+    DETECT_AL_HTTP_HEADER_CONTENT_LEN,
+    DETECT_AL_HTTP_HEADER_CONTENT_TYPE,
+    DETECT_AL_HTTP_HEADER_REFERER,
+    DETECT_AL_HTTP_RAW_HEADER,
+    DETECT_AL_HTTP_URI,
+    DETECT_AL_HTTP_RAW_URI,
+    DETECT_AL_HTTP_STAT_MSG,
+    DETECT_AL_HTTP_STAT_CODE,
+    DETECT_AL_HTTP_USER_AGENT,
+    DETECT_AL_HTTP_HOST,
+    DETECT_AL_HTTP_RAW_HOST,
+    DETECT_AL_HTTP_REQUEST_LINE,
+    DETECT_AL_HTTP_RESPONSE_LINE,
+    DETECT_AL_NFS_PROCEDURE,
+    DETECT_AL_NFS_VERSION,
+    DETECT_AL_SSH_PROTOCOL,
+    DETECT_AL_SSH_PROTOVERSION,
+    DETECT_AL_SSH_SOFTWARE,
+    DETECT_AL_SSH_SOFTWAREVERSION,
+    DETECT_AL_SSL_VERSION,
+    DETECT_AL_SSL_STATE,
+    DETECT_BYTE_EXTRACT,
+    DETECT_FILE_DATA,
+    DETECT_PKT_DATA,
+    DETECT_AL_APP_LAYER_EVENT,
+
+    DETECT_DCE_IFACE,
+    DETECT_DCE_OPNUM,
+    DETECT_DCE_STUB_DATA,
+
+    DETECT_ASN1,
+
+    DETECT_ENGINE_EVENT,
+    DETECT_STREAM_EVENT,
+
+    DETECT_FILENAME,
+    DETECT_FILEEXT,
+    DETECT_FILESTORE,
+    DETECT_FILEMAGIC,
+    DETECT_FILEMD5,
+    DETECT_FILESHA1,
+    DETECT_FILESHA256,
+    DETECT_FILESIZE,
+
+    DETECT_L3PROTO,
+    DETECT_LUA,
+    DETECT_IPREP,
+
+    DETECT_AL_DNS_QUERY,
+    DETECT_AL_TLS_SNI,
+    DETECT_AL_TLS_CERT_ISSUER,
+    DETECT_AL_TLS_CERT_SUBJECT,
+    DETECT_AL_TLS_CERT_SERIAL,
+    DETECT_AL_TLS_CERT_FINGERPRINT,
+
+    DETECT_AL_MODBUS,
+    DETECT_CIPSERVICE,
+    DETECT_ENIPCOMMAND,
+
+    DETECT_AL_DNP3DATA,
+    DETECT_AL_DNP3FUNC,
+    DETECT_AL_DNP3IND,
+    DETECT_AL_DNP3OBJ,
+
+    DETECT_XBITS,
+    DETECT_BASE64_DECODE,
+    DETECT_BASE64_DATA,
+
+    DETECT_TEMPLATE,
+    DETECT_TARGET,
+    DETECT_AL_TEMPLATE_BUFFER,
+
+    DETECT_BYPASS,
+
+    DETECT_PREFILTER,
+
+    /* make sure this stays last */
+    DETECT_TBLSIZE,
+};
+
+/* Table with all SigMatch registrations */
+SigTableElmt sigmatch_table[DETECT_TBLSIZE];
+
+void SigTableList(const char *keyword);
+void SigTableSetup(void);
+void SigTableRegisterTests(void);
+
+#endif /* __DETECT_ENGINE_REGISTER_H__ */

src/detect.c

@@ -1,4 +1,4 @@
-/* Copyright (C) 2007-2014 Open Information Security Foundation
+/* Copyright (C) 2007-2017 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
@@ -25,12 +25,22 @@
 
 #include "suricata-common.h"
 #include "suricata.h"
+#include "tm-threads.h"
 #include "debug.h"
-#include "detect.h"
+#include "decode.h"
 #include "flow.h"
-#include "flow-private.h"
+#include "stream-tcp.h"
-#include "flow-bit.h"
+#include "app-layer.h"
+#include "app-layer-parser.h"
+#include "app-layer-protos.h"
+
+#include "pkt-var.h"
+
+#include "conf.h"
+#include "conf-yaml-loader.h"
 
+#include "action-globals.h"
+#include "detect.h"
 #include "detect-parse.h"
 #include "detect-engine.h"
 #include "detect-engine-profile.h"
@@ -45,114 +55,13 @@
 #include "detect-engine-threshold.h"
 #include "detect-engine-prefilter.h"
 
-#include "detect-engine-payload.h"
-#include "detect-engine-dcepayload.h"
-#include "detect-engine-uri.h"
-#include "detect-dns-query.h"
-#include "detect-tls-sni.h"
-#include "detect-tls-cert-issuer.h"
-#include "detect-tls-cert-subject.h"
-#include "detect-tls-cert-serial.h"
-#include "detect-tls-cert-fingerprint.h"
 #include "detect-engine-state.h"
 #include "detect-engine-analyzer.h"
+#include "detect-engine-payload.h"
 #include "detect-engine-filedata-smtp.h"
 
-#include "detect-http-cookie.h"
-#include "detect-http-method.h"
-#include "detect-http-ua.h"
-#include "detect-http-hh.h"
-#include "detect-http-hrh.h"
-
-#include "detect-nfs-procedure.h"
-#include "detect-nfs-version.h"
-
 #include "detect-engine-event.h"
-#include "decode.h"
-
-#include "detect-base64-decode.h"
-#include "detect-base64-data.h"
-#include "detect-ipopts.h"
-#include "detect-flags.h"
-#include "detect-fragbits.h"
-#include "detect-fragoffset.h"
-#include "detect-gid.h"
-#include "detect-ack.h"
-#include "detect-seq.h"
-#include "detect-content.h"
-#include "detect-uricontent.h"
-#include "detect-pcre.h"
-#include "detect-depth.h"
-#include "detect-nocase.h"
-#include "detect-rawbytes.h"
-#include "detect-bytetest.h"
-#include "detect-bytejump.h"
-#include "detect-sameip.h"
-#include "detect-l3proto.h"
-#include "detect-ipproto.h"
-#include "detect-within.h"
-#include "detect-distance.h"
-#include "detect-offset.h"
-#include "detect-sid.h"
-#include "detect-prefilter.h"
-#include "detect-priority.h"
-#include "detect-classtype.h"
-#include "detect-reference.h"
-#include "detect-tag.h"
-#include "detect-threshold.h"
-#include "detect-metadata.h"
-#include "detect-msg.h"
-#include "detect-rev.h"
-#include "detect-flow.h"
-#include "detect-window.h"
-#include "detect-ftpbounce.h"
-#include "detect-isdataat.h"
-#include "detect-id.h"
-#include "detect-rpc.h"
-#include "detect-asn1.h"
-#include "detect-filename.h"
-#include "detect-fileext.h"
-#include "detect-filestore.h"
-#include "detect-filemagic.h"
-#include "detect-filemd5.h"
-#include "detect-filesha1.h"
-#include "detect-filesha256.h"
-#include "detect-filesize.h"
-#include "detect-dsize.h"
-#include "detect-flowvar.h"
-#include "detect-flowint.h"
-#include "detect-pktvar.h"
-#include "detect-noalert.h"
-#include "detect-flowbits.h"
-#include "detect-hostbits.h"
-#include "detect-xbits.h"
-#include "detect-csum.h"
-#include "detect-stream_size.h"
 #include "detect-engine-sigorder.h"
-#include "detect-ttl.h"
-#include "detect-fast-pattern.h"
-#include "detect-itype.h"
-#include "detect-icode.h"
-#include "detect-icmp-id.h"
-#include "detect-icmp-seq.h"
-#include "detect-dce-iface.h"
-#include "detect-dce-opnum.h"
-#include "detect-dce-stub-data.h"
-#include "detect-urilen.h"
-#include "detect-detection-filter.h"
-#include "detect-http-client-body.h"
-#include "detect-http-server-body.h"
-#include "detect-http-header.h"
-#include "detect-http-header-names.h"
-#include "detect-http-headers.h"
-#include "detect-http-raw-header.h"
-#include "detect-http-uri.h"
-#include "detect-http-protocol.h"
-#include "detect-http-start.h"
-#include "detect-http-raw-uri.h"
-#include "detect-http-stat-msg.h"
-#include "detect-http-request-line.h"
-#include "detect-http-response-line.h"
 #include "detect-engine-hcbd.h"
 #include "detect-engine-hsbd.h"
 #include "detect-engine-hrhd.h"
@@ -164,72 +73,21 @@
 #include "detect-engine-hua.h"
 #include "detect-engine-hhhd.h"
 #include "detect-engine-hrhhd.h"
-#include "detect-byte-extract.h"
-#include "detect-file-data.h"
-#include "detect-pkt-data.h"
-#include "detect-replace.h"
-#include "detect-tos.h"
-#include "detect-app-layer-event.h"
-#include "detect-lua.h"
-#include "detect-iprep.h"
-#include "detect-geoip.h"
-#include "detect-app-layer-protocol.h"
-#include "detect-template.h"
-#include "detect-target.h"
-#include "detect-template-buffer.h"
-#include "detect-bypass.h"
 #include "detect-engine-content-inspection.h"
 
-#include "util-rule-vars.h"
+#include "detect-filestore.h"
-
+#include "detect-flowvar.h"
-#include "app-layer.h"
+#include "detect-replace.h"
-#include "app-layer-protos.h"
-#include "app-layer-htp.h"
-#include "app-layer-smtp.h"
-#include "app-layer-template.h"
-#include "detect-tls.h"
-#include "detect-tls-cert-validity.h"
-#include "detect-tls-version.h"
-#include "detect-ssh-proto.h"
-#include "detect-ssh-proto-version.h"
-#include "detect-ssh-software.h"
-#include "detect-ssh-software-version.h"
-#include "detect-http-stat-code.h"
-#include "detect-ssl-version.h"
-#include "detect-ssl-state.h"
-#include "detect-modbus.h"
-#include "detect-cipservice.h"
-#include "detect-dnp3.h"
-
-#include "action-globals.h"
-#include "tm-threads.h"
-
-#include "pkt-var.h"
-
-#include "conf.h"
-#include "conf-yaml-loader.h"
-
-#include "stream-tcp.h"
-#include "stream-tcp-inline.h"
 
-#include "util-lua.h"
+#include "util-rule-vars.h"
 #include "util-var-name.h"
 #include "util-classification-config.h"
 #include "util-threshold-config.h"
 #include "util-print.h"
-#include "util-unittest.h"
-#include "util-unittest-helper.h"
 #include "util-debug.h"
-#include "util-hashlist.h"
-#include "util-cuda.h"
-#include "util-privs.h"
-#include "util-profiling.h"
 #include "util-validate.h"
-#include "util-optimize.h"
 #include "util-path.h"
-#include "util-mpm-ac.h"
 #include "util-detect.h"
-#include "runmodes.h"
 
 #ifdef HAVE_GLOB_H
 #include <glob.h>
@@ -1602,280 +1460,6 @@ void DisableDetectFlowFileFlags(Flow *f)
     DetectPostInspectFileFlagsUpdate(f, NULL /* no sgh */, STREAM_TOCLIENT);
 }
 
-static void PrintFeatureList(const SigTableElmt *e, char sep)
-{
-    const uint8_t flags = e->flags;
-
-    int prev = 0;
-    if (flags & SIGMATCH_NOOPT) {
-        printf("No option");
-        prev = 1;
-    }
-    if (flags & SIGMATCH_IPONLY_COMPAT) {
-        if (prev == 1)
-            printf("%c", sep);
-        printf("compatible with IP only rule");
-        prev = 1;
-    }
-    if (flags & SIGMATCH_DEONLY_COMPAT) {
-        if (prev == 1)
-            printf("%c", sep);
-        printf("compatible with decoder event only rule");
-        prev = 1;
-    }
-    if (e->SupportsPrefilter) {
-        if (prev == 1)
-            printf("%c", sep);
-        printf("prefilter");
-        prev = 1;
-    }
-    if (prev == 0) {
-        printf("none");
-    }
-}
-
-static void SigMultilinePrint(int i, const char *prefix)
-{
-    if (sigmatch_table[i].desc) {
-        printf("%sDescription: %s\n", prefix, sigmatch_table[i].desc);
-    }
-    printf("%sFeatures: ", prefix);
-    PrintFeatureList(&sigmatch_table[i], ',');
-    if (sigmatch_table[i].url) {
-        printf("\n%sDocumentation: %s", prefix, sigmatch_table[i].url);
-    }
-    printf("\n");
-}
-
-void SigTableList(const char *keyword)
-{
-    size_t size = sizeof(sigmatch_table) / sizeof(SigTableElmt);
-    size_t i;
-
-    if (keyword == NULL) {
-        printf("=====Supported keywords=====\n");
-        for (i = 0; i < size; i++) {
-            if (sigmatch_table[i].name != NULL) {
-                if (sigmatch_table[i].flags & SIGMATCH_NOT_BUILT) {
-                    printf("- %s (not built-in)\n", sigmatch_table[i].name);
-                } else {
-                    printf("- %s\n", sigmatch_table[i].name);
-                }
-            }
-        }
-    } else if (strcmp("csv", keyword) == 0) {
-        printf("name;description;app layer;features;documentation\n");
-        for (i = 0; i < size; i++) {
-            if (sigmatch_table[i].name != NULL) {
-                if (sigmatch_table[i].flags & SIGMATCH_NOT_BUILT) {
-                    continue;
-                }
-                printf("%s;", sigmatch_table[i].name);
-                if (sigmatch_table[i].desc) {
-                    printf("%s", sigmatch_table[i].desc);
-                }
-                /* Build feature */
-                printf(";Unset;"); // this used to be alproto
-                PrintFeatureList(&sigmatch_table[i], ':');
-                printf(";");
-                if (sigmatch_table[i].url) {
-                    printf("%s", sigmatch_table[i].url);
-                }
-                printf(";");
-                printf("\n");
-            }
-        }
-    } else if (strcmp("all", keyword) == 0) {
-        for (i = 0; i < size; i++) {
-            if (sigmatch_table[i].name != NULL) {
-                printf("%s:\n", sigmatch_table[i].name);
-                SigMultilinePrint(i, "\t");
-            }
-        }
-    } else {
-        for (i = 0; i < size; i++) {
-            if ((sigmatch_table[i].name != NULL) &&
-                strcmp(sigmatch_table[i].name, keyword) == 0) {
-                printf("= %s =\n", sigmatch_table[i].name);
-                if (sigmatch_table[i].flags & SIGMATCH_NOT_BUILT) {
-                    printf("Not built-in\n");
-                    return;
-                }
-                SigMultilinePrint(i, "");
-                return;
-            }
-        }
-    }
-    return;
-}
-
-void SigTableSetup(void)
-{
-    memset(sigmatch_table, 0, sizeof(sigmatch_table));
-
-    DetectSidRegister();
-    DetectPriorityRegister();
-    DetectPrefilterRegister();
-    DetectRevRegister();
-    DetectClasstypeRegister();
-    DetectReferenceRegister();
-    DetectTagRegister();
-    DetectThresholdRegister();
-    DetectMetadataRegister();
-    DetectMsgRegister();
-    DetectAckRegister();
-    DetectSeqRegister();
-    DetectContentRegister();
-    DetectUricontentRegister();
-
-    /* NOTE: the order of these currently affects inspect
-     * engine registration order and ultimately the order
-     * of inspect engines in the rule. Which in turn affects
-     * state keeping */
-    DetectHttpUriRegister();
-    DetectHttpRequestLineRegister();
-    DetectHttpClientBodyRegister();
-    DetectHttpResponseLineRegister();
-    DetectHttpServerBodyRegister();
-    DetectHttpHeaderRegister();
-    DetectHttpHeaderNamesRegister();
-    DetectHttpHeadersRegister();
-    DetectHttpProtocolRegister();
-    DetectHttpStartRegister();
-    DetectHttpRawHeaderRegister();
-    DetectHttpMethodRegister();
-    DetectHttpCookieRegister();
-    DetectHttpRawUriRegister();
-
-    DetectFilenameRegister();
-    DetectFileextRegister();
-    DetectFilestoreRegister();
-    DetectFilemagicRegister();
-    DetectFileMd5Register();
-    DetectFileSha1Register();
-    DetectFileSha256Register();
-    DetectFilesizeRegister();
-
-    DetectHttpUARegister();
-    DetectHttpHHRegister();
-    DetectHttpHRHRegister();
-
-    DetectHttpStatMsgRegister();
-    DetectHttpStatCodeRegister();
-
-    DetectDnsQueryRegister();
-    DetectModbusRegister();
-    DetectCipServiceRegister();
-    DetectEnipCommandRegister();
-    DetectDNP3Register();
-
-    DetectTlsSniRegister();
-    DetectTlsIssuerRegister();
-    DetectTlsSubjectRegister();
-    DetectTlsSerialRegister();
-    DetectTlsFingerprintRegister();
-
-    DetectAppLayerEventRegister();
-    /* end of order dependent regs */
-
-    DetectPcreRegister();
-    DetectDepthRegister();
-    DetectNocaseRegister();
-    DetectRawbytesRegister();
-    DetectBytetestRegister();
-    DetectBytejumpRegister();
-    DetectSameipRegister();
-    DetectGeoipRegister();
-    DetectL3ProtoRegister();
-    DetectIPProtoRegister();
-    DetectWithinRegister();
-    DetectDistanceRegister();
-    DetectOffsetRegister();
-    DetectReplaceRegister();
-    DetectFlowRegister();
-    DetectWindowRegister();
-    DetectRpcRegister();
-    DetectFtpbounceRegister();
-    DetectIsdataatRegister();
-    DetectIdRegister();
-    DetectDsizeRegister();
-    DetectFlowvarRegister();
-    DetectFlowintRegister();
-    DetectPktvarRegister();
-    DetectNoalertRegister();
-    DetectFlowbitsRegister();
-    DetectHostbitsRegister();
-    DetectXbitsRegister();
-    DetectEngineEventRegister();
-    DetectIpOptsRegister();
-    DetectFlagsRegister();
-    DetectFragBitsRegister();
-    DetectFragOffsetRegister();
-    DetectGidRegister();
-    DetectMarkRegister();
-    DetectCsumRegister();
-    DetectStreamSizeRegister();
-    DetectTtlRegister();
-    DetectTosRegister();
-    DetectFastPatternRegister();
-    DetectITypeRegister();
-    DetectICodeRegister();
-    DetectIcmpIdRegister();
-    DetectIcmpSeqRegister();
-    DetectDceIfaceRegister();
-    DetectDceOpnumRegister();
-    DetectDceStubDataRegister();
-    DetectTlsRegister();
-    DetectTlsValidityRegister();
-    DetectTlsVersionRegister();
-    DetectNfsProcedureRegister();
-    DetectNfsVersionRegister();
-    DetectUrilenRegister();
-    DetectDetectionFilterRegister();
-    DetectAsn1Register();
-    DetectSshProtocolRegister();
-    DetectSshVersionRegister();
-    DetectSshSoftwareRegister();
-    DetectSshSoftwareVersionRegister();
-    DetectSslStateRegister();
-    DetectSslVersionRegister();
-    DetectByteExtractRegister();
-    DetectFiledataRegister();
-    DetectPktDataRegister();
-    DetectLuaRegister();
-    DetectIPRepRegister();
-    DetectAppLayerProtocolRegister();
-    DetectBase64DecodeRegister();
-    DetectBase64DataRegister();
-    DetectTemplateRegister();
-    DetectTargetRegister();
-    DetectTemplateBufferRegister();
-    DetectBypassRegister();
-
-    /* close keyword registration */
-    DetectBufferTypeFinalizeRegistration();
-}
-
-void SigTableRegisterTests(void)
-{
-    /* register the tests */
-    int i = 0;
-    for (i = 0; i < DETECT_TBLSIZE; i++) {
-        g_ut_modules++;
-        if (sigmatch_table[i].RegisterTests != NULL) {
-            sigmatch_table[i].RegisterTests();
-            g_ut_covered++;
-        } else {
-            SCLogDebug("detection plugin %s has no unittest "
-                   "registration function.", sigmatch_table[i].name);
-
-            if (coverage_unittests)
-                SCLogWarning(SC_WARN_NO_UNITTESTS, "detection plugin %s has no unittest "
-                        "registration function.", sigmatch_table[i].name);
-        }
-    }
-}
-
 /*
  * TESTS
  */

src/detect.h

@@ -1204,184 +1204,6 @@ typedef struct DetectEngineMasterCtx_ {
 
 /** Remember to add the options in SignatureIsIPOnly() at detect.c otherwise it wont be part of a signature group */
 
-enum {
-    DETECT_SID,
-    DETECT_PRIORITY,
-    DETECT_REV,
-    DETECT_CLASSTYPE,
-
-    /* sorted by prefilter priority. Higher in this list means it will be
-     * picked over ones lower in the list */
-    DETECT_AL_APP_LAYER_PROTOCOL,
-    DETECT_ACK,
-    DETECT_SEQ,
-    DETECT_WINDOW,
-    DETECT_IPOPTS,
-    DETECT_FLAGS,
-    DETECT_FRAGBITS,
-    DETECT_FRAGOFFSET,
-    DETECT_TTL,
-    DETECT_TOS,
-    DETECT_ITYPE,
-    DETECT_ICODE,
-    DETECT_ICMP_ID,
-    DETECT_ICMP_SEQ,
-    DETECT_DSIZE,
-
-    DETECT_FLOW,
-    /* end prefilter sort */
-
-    DETECT_THRESHOLD,
-    DETECT_METADATA,
-    DETECT_REFERENCE,
-    DETECT_TAG,
-    DETECT_MSG,
-    DETECT_CONTENT,
-    DETECT_URICONTENT,
-    DETECT_PCRE,
-    DETECT_DEPTH,
-    DETECT_DISTANCE,
-    DETECT_WITHIN,
-    DETECT_OFFSET,
-    DETECT_REPLACE,
-    DETECT_NOCASE,
-    DETECT_FAST_PATTERN,
-    DETECT_RAWBYTES,
-    DETECT_BYTETEST,
-    DETECT_BYTEJUMP,
-    DETECT_SAMEIP,
-    DETECT_GEOIP,
-    DETECT_IPPROTO,
-    DETECT_FTPBOUNCE,
-    DETECT_ISDATAAT,
-    DETECT_ID,
-    DETECT_RPC,
-    DETECT_FLOWVAR,
-    DETECT_FLOWVAR_POSTMATCH,
-    DETECT_FLOWINT,
-    DETECT_PKTVAR,
-    DETECT_NOALERT,
-    DETECT_FLOWBITS,
-    DETECT_HOSTBITS,
-    DETECT_IPV4_CSUM,
-    DETECT_TCPV4_CSUM,
-    DETECT_TCPV6_CSUM,
-    DETECT_UDPV4_CSUM,
-    DETECT_UDPV6_CSUM,
-    DETECT_ICMPV4_CSUM,
-    DETECT_ICMPV6_CSUM,
-    DETECT_STREAM_SIZE,
-    DETECT_DETECTION_FILTER,
-
-    DETECT_DECODE_EVENT,
-    DETECT_GID,
-    DETECT_MARK,
-
-    DETECT_AL_TLS_VERSION,
-    DETECT_AL_TLS_SUBJECT,
-    DETECT_AL_TLS_ISSUERDN,
-    DETECT_AL_TLS_NOTBEFORE,
-    DETECT_AL_TLS_NOTAFTER,
-    DETECT_AL_TLS_EXPIRED,
-    DETECT_AL_TLS_VALID,
-    DETECT_AL_TLS_FINGERPRINT,
-    DETECT_AL_TLS_STORE,
-
-    DETECT_AL_HTTP_COOKIE,
-    DETECT_AL_HTTP_METHOD,
-    DETECT_AL_HTTP_PROTOCOL,
-    DETECT_AL_HTTP_START,
-    DETECT_AL_URILEN,
-    DETECT_AL_HTTP_CLIENT_BODY,
-    DETECT_AL_HTTP_SERVER_BODY,
-    DETECT_AL_HTTP_HEADER,
-    DETECT_AL_HTTP_HEADER_NAMES,
-    DETECT_AL_HTTP_HEADER_ACCEPT,
-    DETECT_AL_HTTP_HEADER_ACCEPT_LANG,
-    DETECT_AL_HTTP_HEADER_ACCEPT_ENC,
-    DETECT_AL_HTTP_HEADER_CONNECTION,
-    DETECT_AL_HTTP_HEADER_CONTENT_LEN,
-    DETECT_AL_HTTP_HEADER_CONTENT_TYPE,
-    DETECT_AL_HTTP_HEADER_REFERER,
-    DETECT_AL_HTTP_RAW_HEADER,
-    DETECT_AL_HTTP_URI,
-    DETECT_AL_HTTP_RAW_URI,
-    DETECT_AL_HTTP_STAT_MSG,
-    DETECT_AL_HTTP_STAT_CODE,
-    DETECT_AL_HTTP_USER_AGENT,
-    DETECT_AL_HTTP_HOST,
-    DETECT_AL_HTTP_RAW_HOST,
-    DETECT_AL_HTTP_REQUEST_LINE,
-    DETECT_AL_HTTP_RESPONSE_LINE,
-    DETECT_AL_NFS_PROCEDURE,
-    DETECT_AL_NFS_VERSION,
-    DETECT_AL_SSH_PROTOCOL,
-    DETECT_AL_SSH_PROTOVERSION,
-    DETECT_AL_SSH_SOFTWARE,
-    DETECT_AL_SSH_SOFTWAREVERSION,
-    DETECT_AL_SSL_VERSION,
-    DETECT_AL_SSL_STATE,
-    DETECT_BYTE_EXTRACT,
-    DETECT_FILE_DATA,
-    DETECT_PKT_DATA,
-    DETECT_AL_APP_LAYER_EVENT,
-
-    DETECT_DCE_IFACE,
-    DETECT_DCE_OPNUM,
-    DETECT_DCE_STUB_DATA,
-
-    DETECT_ASN1,
-
-    DETECT_ENGINE_EVENT,
-    DETECT_STREAM_EVENT,
-
-    DETECT_FILENAME,
-    DETECT_FILEEXT,
-    DETECT_FILESTORE,
-    DETECT_FILEMAGIC,
-    DETECT_FILEMD5,
-    DETECT_FILESHA1,
-    DETECT_FILESHA256,
-    DETECT_FILESIZE,
-
-    DETECT_L3PROTO,
-    DETECT_LUA,
-    DETECT_IPREP,
-
-    DETECT_AL_DNS_QUERY,
-    DETECT_AL_TLS_SNI,
-    DETECT_AL_TLS_CERT_ISSUER,
-    DETECT_AL_TLS_CERT_SUBJECT,
-    DETECT_AL_TLS_CERT_SERIAL,
-    DETECT_AL_TLS_CERT_FINGERPRINT,
-    DETECT_AL_MODBUS,
-    DETECT_CIPSERVICE,
-    DETECT_ENIPCOMMAND,
-
-    DETECT_AL_DNP3DATA,
-    DETECT_AL_DNP3FUNC,
-    DETECT_AL_DNP3IND,
-    DETECT_AL_DNP3OBJ,
-
-    DETECT_XBITS,
-    DETECT_BASE64_DECODE,
-    DETECT_BASE64_DATA,
-
-    DETECT_TEMPLATE,
-    DETECT_TARGET,
-    DETECT_AL_TEMPLATE_BUFFER,
-
-    DETECT_BYPASS,
-
-    DETECT_PREFILTER,
-
-    /* make sure this stays last */
-    DETECT_TBLSIZE,
-};
-
-/* Table with all SigMatch registrations */
-SigTableElmt sigmatch_table[DETECT_TBLSIZE];
-
 /* detection api */
 TmEcode Detect(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq);
 
@@ -1392,7 +1214,6 @@ void SigMatchSignaturesBuildMatchArray(DetectEngineThreadCtx *,
                                        uint16_t);
 void SigMatchFree(SigMatch *sm);
 
-void SigTableRegisterTests(void);
 void SigRegisterTests(void);
 void DetectSimdRegisterTests(void);
 void TmModuleDetectRegister (void);
@@ -1402,8 +1223,6 @@ void SigAddressPrepareBidirectionals (DetectEngineCtx *);
 void DisableDetectFlowFileFlags(Flow *f);
 char *DetectLoadCompleteSigPath(const DetectEngineCtx *, const char *sig_file);
 int SigLoadSignatures (DetectEngineCtx *, char *, int);
-void SigTableList(const char *keyword);
-void SigTableSetup(void);
 void SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx,
                        DetectEngineThreadCtx *det_ctx, Packet *p);
 
@@ -1422,6 +1241,7 @@ int SigMatchSignaturesRunPostMatch(ThreadVars *tv,
 void DetectSignatureApplyActions(Packet *p, const Signature *s, const uint8_t);
 
 #include "detect-engine-build.h"
+#include "detect-engine-register.h"
 
 #endif /* __DETECT_H__ */
 

src/tests/detect.c

@@ -23,6 +23,8 @@
 #include "../pkt-var.h"
 #include "../flow-util.h"
 #include "../stream-tcp-reassemble.h"
+#include "../util-unittest.h"
+#include "../util-unittest-helper.h"
 
 static const char *dummy_conf_string =
     "%YAML 1.1\n"