dnp3: dynamic buffers/lists

pull/2559/head
Victor Julien 9 years ago
parent 9ba386a141
commit cfdd934aba

@ -27,6 +27,9 @@
#include "app-layer-dnp3.h" #include "app-layer-dnp3.h"
static int g_dnp3_match_buffer_id = 0;
static int g_dnp3_data_buffer_id = 0;
/** /**
* The detection struct. * The detection struct.
*/ */
@ -227,7 +230,7 @@ static int DetectDNP3FuncSetup(DetectEngineCtx *de_ctx, Signature *s, char *str)
s->alproto = ALPROTO_DNP3; s->alproto = ALPROTO_DNP3;
s->flags |= SIG_FLAG_STATE_MATCH; s->flags |= SIG_FLAG_STATE_MATCH;
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_DNP3_MATCH); SigMatchAppendSMToList(s, sm, g_dnp3_match_buffer_id);
SCReturnInt(0); SCReturnInt(0);
error: error:
@ -314,7 +317,7 @@ static int DetectDNP3IndSetup(DetectEngineCtx *de_ctx, Signature *s, char *str)
s->alproto = ALPROTO_DNP3; s->alproto = ALPROTO_DNP3;
s->flags |= SIG_FLAG_STATE_MATCH; s->flags |= SIG_FLAG_STATE_MATCH;
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_DNP3_MATCH); SigMatchAppendSMToList(s, sm, g_dnp3_match_buffer_id);
SCReturnInt(0); SCReturnInt(0);
error: error:
@ -387,7 +390,7 @@ static int DetectDNP3ObjSetup(DetectEngineCtx *de_ctx, Signature *s, char *str)
sm->ctx = (void *)detect; sm->ctx = (void *)detect;
s->alproto = ALPROTO_DNP3; s->alproto = ALPROTO_DNP3;
s->flags |= SIG_FLAG_STATE_MATCH; s->flags |= SIG_FLAG_STATE_MATCH;
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_DNP3_MATCH); SigMatchAppendSMToList(s, sm, g_dnp3_match_buffer_id);
SCReturnInt(1); SCReturnInt(1);
fail: fail:
@ -526,7 +529,7 @@ static void DetectDNP3ObjRegister(void)
static int DetectDNP3DataSetup(DetectEngineCtx *de_ctx, Signature *s, char *str) static int DetectDNP3DataSetup(DetectEngineCtx *de_ctx, Signature *s, char *str)
{ {
SCEnter(); SCEnter();
s->init_data->list = DETECT_SM_LIST_DNP3_DATA_MATCH; s->init_data->list = g_dnp3_data_buffer_id;
s->alproto = ALPROTO_DNP3; s->alproto = ALPROTO_DNP3;
SCReturnInt(0); SCReturnInt(0);
} }
@ -546,11 +549,14 @@ static void DetectDNP3DataRegister(void)
sigmatch_table[DETECT_AL_DNP3DATA].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_DNP3DATA].flags |= SIGMATCH_NOOPT;
sigmatch_table[DETECT_AL_DNP3DATA].flags |= SIGMATCH_PAYLOAD; sigmatch_table[DETECT_AL_DNP3DATA].flags |= SIGMATCH_PAYLOAD;
DetectAppLayerInspectEngineRegister(ALPROTO_DNP3, SIG_FLAG_TOSERVER, DetectAppLayerInspectEngineRegister2("dnp3_data",
DETECT_SM_LIST_DNP3_DATA_MATCH, DetectEngineInspectDNP3Data); ALPROTO_DNP3, SIG_FLAG_TOSERVER,
DetectAppLayerInspectEngineRegister(ALPROTO_DNP3, SIG_FLAG_TOCLIENT, DetectEngineInspectDNP3Data);
DETECT_SM_LIST_DNP3_DATA_MATCH, DetectEngineInspectDNP3Data); DetectAppLayerInspectEngineRegister2("dnp3_data",
ALPROTO_DNP3, SIG_FLAG_TOCLIENT,
DetectEngineInspectDNP3Data);
g_dnp3_data_buffer_id = DetectBufferTypeGetByName("dnp3_data");
SCReturn; SCReturn;
} }
@ -563,10 +569,15 @@ void DetectDNP3Register(void)
DetectDNP3ObjRegister(); DetectDNP3ObjRegister();
/* Register the list of func, ind and obj. */ /* Register the list of func, ind and obj. */
DetectAppLayerInspectEngineRegister(ALPROTO_DNP3, SIG_FLAG_TOSERVER, DetectAppLayerInspectEngineRegister2("dnp3",
DETECT_SM_LIST_DNP3_MATCH, DetectEngineInspectDNP3); ALPROTO_DNP3, SIG_FLAG_TOSERVER,
DetectAppLayerInspectEngineRegister(ALPROTO_DNP3, SIG_FLAG_TOCLIENT, DetectEngineInspectDNP3);
DETECT_SM_LIST_DNP3_MATCH, DetectEngineInspectDNP3); DetectAppLayerInspectEngineRegister2("dnp3",
ALPROTO_DNP3, SIG_FLAG_TOCLIENT,
DetectEngineInspectDNP3);
g_dnp3_match_buffer_id = DetectBufferTypeRegister("dnp3");
} }
#ifdef UNITTESTS #ifdef UNITTESTS
@ -625,10 +636,10 @@ static int DetectDNP3FuncTest01(void)
"dnp3_func:2; sid:5000009; rev:1;)"); "dnp3_func:2; sid:5000009; rev:1;)");
FAIL_IF_NULL(de_ctx->sig_list); FAIL_IF_NULL(de_ctx->sig_list);
FAIL_IF_NULL(de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_DNP3_MATCH]); FAIL_IF_NULL(de_ctx->sig_list->sm_lists_tail[g_dnp3_match_buffer_id]);
FAIL_IF_NULL(de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_DNP3_MATCH]->ctx); FAIL_IF_NULL(de_ctx->sig_list->sm_lists_tail[g_dnp3_match_buffer_id]->ctx);
dnp3func = (DetectDNP3 *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_DNP3_MATCH]->ctx; dnp3func = (DetectDNP3 *)de_ctx->sig_list->sm_lists_tail[g_dnp3_match_buffer_id]->ctx;
FAIL_IF(dnp3func->function_code != 2); FAIL_IF(dnp3func->function_code != 2);
if (de_ctx != NULL) { if (de_ctx != NULL) {
@ -691,10 +702,10 @@ static int DetectDNP3ObjSetupTest(void)
"dnp3_obj:99,99; sid:1; rev:1;)"); "dnp3_obj:99,99; sid:1; rev:1;)");
FAIL_IF(de_ctx->sig_list == NULL); FAIL_IF(de_ctx->sig_list == NULL);
FAIL_IF(de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_DNP3_MATCH] == NULL); FAIL_IF(de_ctx->sig_list->sm_lists_tail[g_dnp3_match_buffer_id] == NULL);
FAIL_IF(de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_DNP3_MATCH]->ctx == NULL); FAIL_IF(de_ctx->sig_list->sm_lists_tail[g_dnp3_match_buffer_id]->ctx == NULL);
detect = (DetectDNP3 *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_DNP3_MATCH]->ctx; detect = (DetectDNP3 *)de_ctx->sig_list->sm_lists_tail[g_dnp3_match_buffer_id]->ctx;
FAIL_IF(detect->obj_group != 99); FAIL_IF(detect->obj_group != 99);
FAIL_IF(detect->obj_variation != 99); FAIL_IF(detect->obj_variation != 99);

@ -446,8 +446,6 @@ static void EngineAnalysisRulesPrintFP(const Signature *s)
fprintf(rule_engine_analysis_FD, "%s", fprintf(rule_engine_analysis_FD, "%s",
payload ? (stream ? "payload and reassembled stream" : "payload") : "reassembled stream"); payload ? (stream ? "payload and reassembled stream" : "payload") : "reassembled stream");
} }
else if (list_type == DETECT_SM_LIST_DNP3_DATA_MATCH)
fprintf(rule_engine_analysis_FD, "dnp3 data content");
else { else {
const char *desc = DetectBufferTypeGetDescriptionById(list_type); const char *desc = DetectBufferTypeGetDescriptionById(list_type);
const char *name = DetectBufferTypeGetNameById(list_type); const char *name = DetectBufferTypeGetNameById(list_type);

@ -2813,10 +2813,6 @@ const char *DetectSigmatchListEnumToString(enum DetectSigmatchListEnum type)
case DETECT_SM_LIST_MODBUS_MATCH: case DETECT_SM_LIST_MODBUS_MATCH:
return "modbus"; return "modbus";
case DETECT_SM_LIST_DNP3_DATA_MATCH:
return "dnp3_data";
case DETECT_SM_LIST_DNP3_MATCH:
return "dnp3";
case DETECT_SM_LIST_CIP_MATCH: case DETECT_SM_LIST_CIP_MATCH:
return "cip"; return "cip";

@ -1039,7 +1039,8 @@ static int DetectLuaSetup (DetectEngineCtx *de_ctx, Signature *s, char *str)
} else if (lua->alproto == ALPROTO_SMTP) { } else if (lua->alproto == ALPROTO_SMTP) {
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH); SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH);
} else if (lua->alproto == ALPROTO_DNP3) { } else if (lua->alproto == ALPROTO_DNP3) {
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_DNP3_MATCH); int list = DetectBufferTypeGetByName("dnp3");
SigMatchAppendSMToList(s, sm, list);
} else { } else {
SCLogError(SC_ERR_LUA_ERROR, "lua can't be used with protocol %s", SCLogError(SC_ERR_LUA_ERROR, "lua can't be used with protocol %s",
AppLayerGetProtoName(lua->alproto)); AppLayerGetProtoName(lua->alproto));

@ -125,9 +125,6 @@ enum DetectSigmatchListEnum {
DETECT_SM_LIST_CIP_MATCH, DETECT_SM_LIST_CIP_MATCH,
DETECT_SM_LIST_ENIP_MATCH, DETECT_SM_LIST_ENIP_MATCH,
DETECT_SM_LIST_DNP3_DATA_MATCH,
DETECT_SM_LIST_DNP3_MATCH,
DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH, DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH,
DETECT_SM_LIST_MAX, DETECT_SM_LIST_MAX,

Loading…
Cancel
Save