diff --git a/src/detect-engine.c b/src/detect-engine.c index c58672ebc8..0c5fd77f88 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -2811,9 +2811,6 @@ const char *DetectSigmatchListEnumToString(enum DetectSigmatchListEnum type) case DETECT_SM_LIST_FILEMATCH: return "file"; - case DETECT_SM_LIST_MODBUS_MATCH: - return "modbus"; - case DETECT_SM_LIST_CIP_MATCH: return "cip"; case DETECT_SM_LIST_ENIP_MATCH: diff --git a/src/detect-modbus.c b/src/detect-modbus.c index 5e71d8f61a..82600c909a 100644 --- a/src/detect-modbus.c +++ b/src/detect-modbus.c @@ -70,6 +70,8 @@ static pcre_extra *function_parse_regex_study; static pcre *access_parse_regex; static pcre_extra *access_parse_regex_study; +static int g_modbus_buffer_id = 0; + #define MAX_SUBSTRINGS 30 void DetectModbusRegisterTests(void); @@ -384,7 +386,7 @@ static int DetectModbusSetup(DetectEngineCtx *de_ctx, Signature *s, char *str) sm->type = DETECT_AL_MODBUS; sm->ctx = (void *) modbus; - SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MODBUS_MATCH); + SigMatchAppendSMToList(s, sm, g_modbus_buffer_id); s->alproto = ALPROTO_MODBUS; SCReturnInt(0); @@ -415,12 +417,14 @@ void DetectModbusRegister(void) DetectSetupParseRegexes(PARSE_REGEX_ACCESS, &access_parse_regex, &access_parse_regex_study); - DetectAppLayerInspectEngineRegister(ALPROTO_MODBUS, SIG_FLAG_TOSERVER, - DETECT_SM_LIST_MODBUS_MATCH, + DetectAppLayerInspectEngineRegister2("modbus", + ALPROTO_MODBUS, SIG_FLAG_TOSERVER, DetectEngineInspectModbus); - DetectAppLayerInspectEngineRegister(ALPROTO_MODBUS, SIG_FLAG_TOCLIENT, - DETECT_SM_LIST_MODBUS_MATCH, + DetectAppLayerInspectEngineRegister2("modbus", + ALPROTO_MODBUS, SIG_FLAG_TOCLIENT, DetectEngineInspectModbus); + + g_modbus_buffer_id = DetectBufferTypeGetByName("modbus"); } #ifdef UNITTESTS /* UNITTESTS */ @@ -447,13 +451,13 @@ static int DetectModbusTest01(void) if (de_ctx->sig_list == NULL) goto end; - if ((de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_MODBUS_MATCH] == NULL) || - (de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_MODBUS_MATCH]->ctx == NULL)) { + if ((de_ctx->sig_list->sm_lists_tail[g_modbus_buffer_id] == NULL) || + (de_ctx->sig_list->sm_lists_tail[g_modbus_buffer_id]->ctx == NULL)) { printf("de_ctx->pmatch_tail == NULL && de_ctx->pmatch_tail->ctx == NULL: "); goto end; } - modbus = (DetectModbus *) de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_MODBUS_MATCH]->ctx; + modbus = (DetectModbus *) de_ctx->sig_list->sm_lists_tail[g_modbus_buffer_id]->ctx; if (modbus->function != 1) { printf("expected function %d, got %" PRIu8 ": ", 1, modbus->function); @@ -491,13 +495,13 @@ static int DetectModbusTest02(void) if (de_ctx->sig_list == NULL) goto end; - if ((de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_MODBUS_MATCH] == NULL) || - (de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_MODBUS_MATCH]->ctx == NULL)) { + if ((de_ctx->sig_list->sm_lists_tail[g_modbus_buffer_id] == NULL) || + (de_ctx->sig_list->sm_lists_tail[g_modbus_buffer_id]->ctx == NULL)) { printf("de_ctx->pmatch_tail == NULL && de_ctx->pmatch_tail->ctx == NULL: "); goto end; } - modbus = (DetectModbus *) de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_MODBUS_MATCH]->ctx; + modbus = (DetectModbus *) de_ctx->sig_list->sm_lists_tail[g_modbus_buffer_id]->ctx; if ((modbus->function != 8) || (*modbus->subfunction != 4)) { printf("expected function %d, got %" PRIu8 ": ", 1, modbus->function); @@ -536,13 +540,13 @@ static int DetectModbusTest03(void) if (de_ctx->sig_list == NULL) goto end; - if ((de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_MODBUS_MATCH] == NULL) || - (de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_MODBUS_MATCH]->ctx == NULL)) { + if ((de_ctx->sig_list->sm_lists_tail[g_modbus_buffer_id] == NULL) || + (de_ctx->sig_list->sm_lists_tail[g_modbus_buffer_id]->ctx == NULL)) { printf("de_ctx->pmatch_tail == NULL && de_ctx->pmatch_tail->ctx == NULL: "); goto end; } - modbus = (DetectModbus *) de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_MODBUS_MATCH]->ctx; + modbus = (DetectModbus *) de_ctx->sig_list->sm_lists_tail[g_modbus_buffer_id]->ctx; if (modbus->category != MODBUS_CAT_RESERVED) { printf("expected function %d, got %" PRIu8 ": ", MODBUS_CAT_RESERVED, modbus->category); @@ -582,13 +586,13 @@ static int DetectModbusTest04(void) if (de_ctx->sig_list == NULL) goto end; - if ((de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_MODBUS_MATCH] == NULL) || - (de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_MODBUS_MATCH]->ctx == NULL)) { + if ((de_ctx->sig_list->sm_lists_tail[g_modbus_buffer_id] == NULL) || + (de_ctx->sig_list->sm_lists_tail[g_modbus_buffer_id]->ctx == NULL)) { printf("de_ctx->pmatch_tail == NULL && de_ctx->pmatch_tail->ctx == NULL: "); goto end; } - modbus = (DetectModbus *) de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_MODBUS_MATCH]->ctx; + modbus = (DetectModbus *) de_ctx->sig_list->sm_lists_tail[g_modbus_buffer_id]->ctx; if (modbus->category != category) { printf("expected function %u, got %" PRIu8 ": ", ~MODBUS_CAT_PUBLIC_ASSIGNED, modbus->category); @@ -626,13 +630,13 @@ static int DetectModbusTest05(void) if (de_ctx->sig_list == NULL) goto end; - if ((de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_MODBUS_MATCH] == NULL) || - (de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_MODBUS_MATCH]->ctx == NULL)) { + if ((de_ctx->sig_list->sm_lists_tail[g_modbus_buffer_id] == NULL) || + (de_ctx->sig_list->sm_lists_tail[g_modbus_buffer_id]->ctx == NULL)) { printf("de_ctx->pmatch_tail == NULL && de_ctx->pmatch_tail->ctx == NULL: "); goto end; } - modbus = (DetectModbus *) de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_MODBUS_MATCH]->ctx; + modbus = (DetectModbus *) de_ctx->sig_list->sm_lists_tail[g_modbus_buffer_id]->ctx; if (modbus->type != MODBUS_TYP_READ) { printf("expected function %d, got %" PRIu8 ": ", MODBUS_TYP_READ, modbus->type); @@ -672,13 +676,13 @@ static int DetectModbusTest06(void) if (de_ctx->sig_list == NULL) goto end; - if ((de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_MODBUS_MATCH] == NULL) || - (de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_MODBUS_MATCH]->ctx == NULL)) { + if ((de_ctx->sig_list->sm_lists_tail[g_modbus_buffer_id] == NULL) || + (de_ctx->sig_list->sm_lists_tail[g_modbus_buffer_id]->ctx == NULL)) { printf("de_ctx->pmatch_tail == NULL && de_ctx->pmatch_tail->ctx == NULL: "); goto end; } - modbus = (DetectModbus *) de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_MODBUS_MATCH]->ctx; + modbus = (DetectModbus *) de_ctx->sig_list->sm_lists_tail[g_modbus_buffer_id]->ctx; if (modbus->type != type) { printf("expected function %" PRIu8 ", got %" PRIu8 ": ", type, modbus->type); @@ -718,13 +722,13 @@ static int DetectModbusTest07(void) if (de_ctx->sig_list == NULL) goto end; - if ((de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_MODBUS_MATCH] == NULL) || - (de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_MODBUS_MATCH]->ctx == NULL)) { + if ((de_ctx->sig_list->sm_lists_tail[g_modbus_buffer_id] == NULL) || + (de_ctx->sig_list->sm_lists_tail[g_modbus_buffer_id]->ctx == NULL)) { printf("de_ctx->pmatch_tail == NULL && de_ctx->pmatch_tail->ctx == NULL: "); goto end; } - modbus = (DetectModbus *) de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_MODBUS_MATCH]->ctx; + modbus = (DetectModbus *) de_ctx->sig_list->sm_lists_tail[g_modbus_buffer_id]->ctx; if ((modbus->type != type) || ((*modbus->address).mode != mode) || @@ -768,13 +772,13 @@ static int DetectModbusTest08(void) if (de_ctx->sig_list == NULL) goto end; - if ((de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_MODBUS_MATCH] == NULL) || - (de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_MODBUS_MATCH]->ctx == NULL)) { + if ((de_ctx->sig_list->sm_lists_tail[g_modbus_buffer_id] == NULL) || + (de_ctx->sig_list->sm_lists_tail[g_modbus_buffer_id]->ctx == NULL)) { printf("de_ctx->pmatch_tail == NULL && de_ctx->pmatch_tail->ctx == NULL: "); goto end; } - modbus = (DetectModbus *) de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_MODBUS_MATCH]->ctx; + modbus = (DetectModbus *) de_ctx->sig_list->sm_lists_tail[g_modbus_buffer_id]->ctx; if ((modbus->type != type) || ((*modbus->address).mode != mode) || @@ -819,13 +823,13 @@ static int DetectModbusTest09(void) if (de_ctx->sig_list == NULL) goto end; - if ((de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_MODBUS_MATCH] == NULL) || - (de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_MODBUS_MATCH]->ctx == NULL)) { + if ((de_ctx->sig_list->sm_lists_tail[g_modbus_buffer_id] == NULL) || + (de_ctx->sig_list->sm_lists_tail[g_modbus_buffer_id]->ctx == NULL)) { printf("de_ctx->pmatch_tail == NULL && de_ctx->pmatch_tail->ctx == NULL: "); goto end; } - modbus = (DetectModbus *) de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_MODBUS_MATCH]->ctx; + modbus = (DetectModbus *) de_ctx->sig_list->sm_lists_tail[g_modbus_buffer_id]->ctx; if ((modbus->type != type) || ((*modbus->address).mode != addressMode) || diff --git a/src/detect-parse.c b/src/detect-parse.c index bdfe4bd471..d8a9928dc8 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -146,7 +146,6 @@ const char *DetectListToHumanString(int list) CASE_CODE_STRING(DETECT_SM_LIST_DMATCH, "dcerpc"); CASE_CODE_STRING(DETECT_SM_LIST_TMATCH, "tag"); CASE_CODE_STRING(DETECT_SM_LIST_FILEMATCH, "file"); - CASE_CODE_STRING(DETECT_SM_LIST_MODBUS_MATCH, "modbus"); CASE_CODE_STRING(DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH, "template"); CASE_CODE_STRING(DETECT_SM_LIST_POSTMATCH, "postmatch"); CASE_CODE_STRING(DETECT_SM_LIST_SUPPRESS, "suppress"); @@ -169,7 +168,6 @@ const char *DetectListToString(int list) CASE_CODE(DETECT_SM_LIST_DMATCH); CASE_CODE(DETECT_SM_LIST_TMATCH); CASE_CODE(DETECT_SM_LIST_FILEMATCH); - CASE_CODE(DETECT_SM_LIST_MODBUS_MATCH); CASE_CODE(DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH); CASE_CODE(DETECT_SM_LIST_POSTMATCH); CASE_CODE(DETECT_SM_LIST_SUPPRESS); diff --git a/src/detect.h b/src/detect.h index bd901e3735..1e98e8da4d 100644 --- a/src/detect.h +++ b/src/detect.h @@ -120,8 +120,6 @@ enum DetectSigmatchListEnum { DETECT_SM_LIST_FILEMATCH, - DETECT_SM_LIST_MODBUS_MATCH, - DETECT_SM_LIST_CIP_MATCH, DETECT_SM_LIST_ENIP_MATCH,