cip/enip: dynamic buffer

src/detect-cipservice.c

@@ -42,6 +42,7 @@
 static int DetectCipServiceSetup(DetectEngineCtx *, Signature *, char *);
 static void DetectCipServiceFree(void *);
 static void DetectCipServiceRegisterTests(void);
+static int g_cip_buffer_id = 0;
 
 /**
  * \brief Registration function for cip_service: keyword
@@ -58,13 +59,15 @@ void DetectCipServiceRegister(void)
     sigmatch_table[DETECT_CIPSERVICE].RegisterTests
             = DetectCipServiceRegisterTests;
 
-    DetectAppLayerInspectEngineRegister(ALPROTO_ENIP, SIG_FLAG_TOSERVER,
+    DetectAppLayerInspectEngineRegister2("cip",
-            DETECT_SM_LIST_CIP_MATCH,
+            ALPROTO_ENIP, SIG_FLAG_TOSERVER,
             DetectEngineInspectCIP);
-    DetectAppLayerInspectEngineRegister(ALPROTO_ENIP, SIG_FLAG_TOCLIENT,
+    DetectAppLayerInspectEngineRegister2("cip",
-            DETECT_SM_LIST_CIP_MATCH,
+            ALPROTO_ENIP, SIG_FLAG_TOCLIENT,
             DetectEngineInspectCIP);
 
+    g_cip_buffer_id = DetectBufferTypeGetByName("cip");
+
     SCReturn;
 }
 
@@ -225,7 +228,7 @@ static int DetectCipServiceSetup(DetectEngineCtx *de_ctx, Signature *s,
 
     s->alproto = ALPROTO_ENIP;
 
-    SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_CIP_MATCH);
+    SigMatchAppendSMToList(s, sm, g_cip_buffer_id);
 
     SCReturnInt(0);
 
@@ -301,6 +304,7 @@ static void DetectCipServiceRegisterTests(void)
 static int DetectEnipCommandSetup(DetectEngineCtx *, Signature *, char *);
 static void DetectEnipCommandFree(void *);
 static void DetectEnipCommandRegisterTests(void);
+static int g_enip_buffer_id = 0;
 
 /**
  * \brief Registration function for enip_command: keyword
@@ -317,12 +321,14 @@ void DetectEnipCommandRegister(void)
     sigmatch_table[DETECT_ENIPCOMMAND].RegisterTests
             = DetectEnipCommandRegisterTests;
 
-    DetectAppLayerInspectEngineRegister(ALPROTO_ENIP, SIG_FLAG_TOSERVER,
+    DetectAppLayerInspectEngineRegister2("enip",
-            DETECT_SM_LIST_ENIP_MATCH,
+            ALPROTO_ENIP, SIG_FLAG_TOSERVER,
             DetectEngineInspectENIP);
-    DetectAppLayerInspectEngineRegister(ALPROTO_ENIP, SIG_FLAG_TOCLIENT,
+    DetectAppLayerInspectEngineRegister2("enip",
-            DETECT_SM_LIST_ENIP_MATCH,
+            ALPROTO_ENIP, SIG_FLAG_TOCLIENT,
             DetectEngineInspectENIP);
+
+    g_enip_buffer_id = DetectBufferTypeGetByName("enip");
 }
 
 /**
@@ -399,7 +405,7 @@ static int DetectEnipCommandSetup(DetectEngineCtx *de_ctx, Signature *s,
     sm->ctx = (void *) enipcmdd;
 
     s->alproto = ALPROTO_ENIP;
-    SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_ENIP_MATCH);
+    SigMatchAppendSMToList(s, sm, g_enip_buffer_id);
 
     SCReturnInt(0);
 

src/detect-engine.c

@@ -2811,11 +2811,6 @@ const char *DetectSigmatchListEnumToString(enum DetectSigmatchListEnum type)
         case DETECT_SM_LIST_FILEMATCH:
             return "file";
 
-        case DETECT_SM_LIST_CIP_MATCH:
-            return "cip";
-        case DETECT_SM_LIST_ENIP_MATCH:
-            return "enip";
-
         case DETECT_SM_LIST_BASE64_DATA:
             return "base64_data";
 

src/detect.h

@@ -120,9 +120,6 @@ enum DetectSigmatchListEnum {
 
     DETECT_SM_LIST_FILEMATCH,
 
-    DETECT_SM_LIST_CIP_MATCH,
-    DETECT_SM_LIST_ENIP_MATCH,
-
     DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH,
 
     DETECT_SM_LIST_MAX,