From e4bfdd53c2a8593fd4ec8aa78c249de7c9aee846 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Sat, 10 Dec 2016 21:55:51 +0100 Subject: [PATCH] cip/enip: dynamic buffer --- src/detect-cipservice.c | 26 ++++++++++++++++---------- src/detect-engine.c | 5 ----- src/detect.h | 3 --- 3 files changed, 16 insertions(+), 18 deletions(-) diff --git a/src/detect-cipservice.c b/src/detect-cipservice.c index 68a0a96d1e..8a6d61b904 100644 --- a/src/detect-cipservice.c +++ b/src/detect-cipservice.c @@ -42,6 +42,7 @@ static int DetectCipServiceSetup(DetectEngineCtx *, Signature *, char *); static void DetectCipServiceFree(void *); static void DetectCipServiceRegisterTests(void); +static int g_cip_buffer_id = 0; /** * \brief Registration function for cip_service: keyword @@ -58,13 +59,15 @@ void DetectCipServiceRegister(void) sigmatch_table[DETECT_CIPSERVICE].RegisterTests = DetectCipServiceRegisterTests; - DetectAppLayerInspectEngineRegister(ALPROTO_ENIP, SIG_FLAG_TOSERVER, - DETECT_SM_LIST_CIP_MATCH, + DetectAppLayerInspectEngineRegister2("cip", + ALPROTO_ENIP, SIG_FLAG_TOSERVER, DetectEngineInspectCIP); - DetectAppLayerInspectEngineRegister(ALPROTO_ENIP, SIG_FLAG_TOCLIENT, - DETECT_SM_LIST_CIP_MATCH, + DetectAppLayerInspectEngineRegister2("cip", + ALPROTO_ENIP, SIG_FLAG_TOCLIENT, DetectEngineInspectCIP); + g_cip_buffer_id = DetectBufferTypeGetByName("cip"); + SCReturn; } @@ -225,7 +228,7 @@ static int DetectCipServiceSetup(DetectEngineCtx *de_ctx, Signature *s, s->alproto = ALPROTO_ENIP; - SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_CIP_MATCH); + SigMatchAppendSMToList(s, sm, g_cip_buffer_id); SCReturnInt(0); @@ -301,6 +304,7 @@ static void DetectCipServiceRegisterTests(void) static int DetectEnipCommandSetup(DetectEngineCtx *, Signature *, char *); static void DetectEnipCommandFree(void *); static void DetectEnipCommandRegisterTests(void); +static int g_enip_buffer_id = 0; /** * \brief Registration function for enip_command: keyword @@ -317,12 +321,14 @@ void DetectEnipCommandRegister(void) sigmatch_table[DETECT_ENIPCOMMAND].RegisterTests = DetectEnipCommandRegisterTests; - DetectAppLayerInspectEngineRegister(ALPROTO_ENIP, SIG_FLAG_TOSERVER, - DETECT_SM_LIST_ENIP_MATCH, + DetectAppLayerInspectEngineRegister2("enip", + ALPROTO_ENIP, SIG_FLAG_TOSERVER, DetectEngineInspectENIP); - DetectAppLayerInspectEngineRegister(ALPROTO_ENIP, SIG_FLAG_TOCLIENT, - DETECT_SM_LIST_ENIP_MATCH, + DetectAppLayerInspectEngineRegister2("enip", + ALPROTO_ENIP, SIG_FLAG_TOCLIENT, DetectEngineInspectENIP); + + g_enip_buffer_id = DetectBufferTypeGetByName("enip"); } /** @@ -399,7 +405,7 @@ static int DetectEnipCommandSetup(DetectEngineCtx *de_ctx, Signature *s, sm->ctx = (void *) enipcmdd; s->alproto = ALPROTO_ENIP; - SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_ENIP_MATCH); + SigMatchAppendSMToList(s, sm, g_enip_buffer_id); SCReturnInt(0); diff --git a/src/detect-engine.c b/src/detect-engine.c index 0c5fd77f88..a577af12a9 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -2811,11 +2811,6 @@ const char *DetectSigmatchListEnumToString(enum DetectSigmatchListEnum type) case DETECT_SM_LIST_FILEMATCH: return "file"; - case DETECT_SM_LIST_CIP_MATCH: - return "cip"; - case DETECT_SM_LIST_ENIP_MATCH: - return "enip"; - case DETECT_SM_LIST_BASE64_DATA: return "base64_data"; diff --git a/src/detect.h b/src/detect.h index 1e98e8da4d..7895ec683f 100644 --- a/src/detect.h +++ b/src/detect.h @@ -120,9 +120,6 @@ enum DetectSigmatchListEnum { DETECT_SM_LIST_FILEMATCH, - DETECT_SM_LIST_CIP_MATCH, - DETECT_SM_LIST_ENIP_MATCH, - DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH, DETECT_SM_LIST_MAX,