for (sm = s->sm_lists[DETECT_SM_LIST_FILEMATCH]; sm != NULL; sm = sm->next) {
SCLogDebug("sm %p, sm->next %p", sm, sm->next);
- if (sigmatch_table[sm->type].AppLayerMatch != NULL) {
+ if (sigmatch_table[sm->type].FileMatch != NULL) {
match = sigmatch_table[sm->type].
- AppLayerMatch(tv, det_ctx, f, flags, (void *)file, s, sm);
+ FileMatch(tv, det_ctx, f, flags, file, s, sm);
if (match == 0) {
r = 2;
break;
DetectFilestoreData *fd = sm->ctx;
if (fd->scope > FILESTORE_SCOPE_DEFAULT) {
match = sigmatch_table[sm->type].
- AppLayerMatch(tv, det_ctx, f, flags, NULL, s, sm);
+ FileMatch(tv, det_ctx, f, flags, /* no file */NULL, s, sm);
if (match == 1) {
r = 1;
}
-/* Copyright (C) 2007-2011 Open Information Security Foundation
+/* Copyright (C) 2007-2012 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#include "stream-tcp.h"
#include "detect-fileext.h"
-int DetectFileextMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t, void *, Signature *, SigMatch *);
+static int DetectFileextMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *,
+ uint8_t, File *, Signature *, SigMatch *);
static int DetectFileextSetup (DetectEngineCtx *, Signature *, char *);
-void DetectFileextRegisterTests(void);
-void DetectFileextFree(void *);
+static void DetectFileextRegisterTests(void);
+static void DetectFileextFree(void *);
/**
* \brief Registration function for keyword: fileext
*/
void DetectFileextRegister(void) {
sigmatch_table[DETECT_FILEEXT].name = "fileext";
- sigmatch_table[DETECT_FILEEXT].Match = NULL;
- sigmatch_table[DETECT_FILEEXT].AppLayerMatch = DetectFileextMatch;
+ sigmatch_table[DETECT_FILEEXT].FileMatch = DetectFileextMatch;
sigmatch_table[DETECT_FILEEXT].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_FILEEXT].Setup = DetectFileextSetup;
sigmatch_table[DETECT_FILEEXT].Free = DetectFileextFree;
/**
* \brief match the specified file extension
*
- * \param t pointer to thread vars
- * \param det_ctx pointer to the pattern matcher thread
- * \param p pointer to the current packet
- * \param m pointer to the sigmatch that we will cast into DetectFileextData
+ * \param t thread local vars
+ * \param det_ctx pattern matcher thread local data
+ * \param f *LOCKED* flow
+ * \param flags direction flags
+ * \param file file being inspected
+ * \param s signature being inspected
+ * \param m sigmatch that we will cast into DetectFileextData
*
* \retval 0 no match
* \retval 1 match
*/
-int DetectFileextMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f, uint8_t flags, void *state, Signature *s, SigMatch *m)
+static int DetectFileextMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
+ Flow *f, uint8_t flags, File *file, Signature *s, SigMatch *m)
{
SCEnter();
int ret = 0;
DetectFileextData *fileext = (DetectFileextData *)m->ctx;
- File *file = (File *)state;
if (file->name == NULL)
SCReturnInt(0);
* \retval pointer to DetectFileextData on success
* \retval NULL on failure
*/
-DetectFileextData *DetectFileextParse (char *str)
+static DetectFileextData *DetectFileextParse (char *str)
{
DetectFileextData *fileext = NULL;
*
* \param fileext pointer to DetectFileextData
*/
-void DetectFileextFree(void *ptr) {
+static void DetectFileextFree(void *ptr) {
if (ptr != NULL) {
DetectFileextData *fileext = (DetectFileextData *)ptr;
if (fileext->ext != NULL)
-/* Copyright (C) 2007-2011 Open Information Security Foundation
+/* Copyright (C) 2007-2012 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#include "detect-filemagic.h"
-int DetectFilemagicMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t, void *, Signature *, SigMatch *);
+static int DetectFilemagicMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *,
+ uint8_t, File *, Signature *, SigMatch *);
static int DetectFilemagicSetup (DetectEngineCtx *, Signature *, char *);
-void DetectFilemagicRegisterTests(void);
-void DetectFilemagicFree(void *);
+static void DetectFilemagicRegisterTests(void);
+static void DetectFilemagicFree(void *);
/**
* \brief Registration function for keyword: filemagic
*/
void DetectFilemagicRegister(void) {
sigmatch_table[DETECT_FILEMAGIC].name = "filemagic";
- sigmatch_table[DETECT_FILEMAGIC].Match = NULL;
- sigmatch_table[DETECT_FILEMAGIC].AppLayerMatch = DetectFilemagicMatch;
+ sigmatch_table[DETECT_FILEMAGIC].FileMatch = DetectFilemagicMatch;
sigmatch_table[DETECT_FILEMAGIC].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_FILEMAGIC].Setup = DetectFilemagicSetup;
sigmatch_table[DETECT_FILEMAGIC].Free = DetectFilemagicFree;
/**
* \brief match the specified filemagic
*
- * \param t pointer to thread vars
- * \param det_ctx pointer to the pattern matcher thread
- * \param p pointer to the current packet
- * \param m pointer to the sigmatch that we will cast into DetectFilemagicData
+ * \param t thread local vars
+ * \param det_ctx pattern matcher thread local data
+ * \param f *LOCKED* flow
+ * \param flags direction flags
+ * \param file file being inspected
+ * \param s signature being inspected
+ * \param m sigmatch that we will cast into DetectFilemagicData
*
* \retval 0 no match
* \retval 1 match
*/
-int DetectFilemagicMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f, uint8_t flags, void *state, Signature *s, SigMatch *m)
+static int DetectFilemagicMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
+ Flow *f, uint8_t flags, File *file, Signature *s, SigMatch *m)
{
SCEnter();
int ret = 0;
DetectFilemagicData *filemagic = (DetectFilemagicData *)m->ctx;
- File *file = (File *)state;
-
if (file->txid < det_ctx->tx_id)
SCReturnInt(0);
* \retval filemagic pointer to DetectFilemagicData on success
* \retval NULL on failure
*/
-DetectFilemagicData *DetectFilemagicParse (char *str)
+static DetectFilemagicData *DetectFilemagicParse (char *str)
{
DetectFilemagicData *filemagic = NULL;
*
* \param filemagic pointer to DetectFilemagicData
*/
-void DetectFilemagicFree(void *ptr) {
+static void DetectFilemagicFree(void *ptr) {
if (ptr != NULL) {
DetectFilemagicData *filemagic = (DetectFilemagicData *)ptr;
if (filemagic->bm_ctx != NULL) {
*/
void DetectFileMd5Register(void) {
sigmatch_table[DETECT_FILEMD5].name = "filemd5";
- sigmatch_table[DETECT_FILEMD5].Match = NULL;
- sigmatch_table[DETECT_FILEMD5].AppLayerMatch = NULL;
+ sigmatch_table[DETECT_FILEMD5].FileMatch = NULL;
sigmatch_table[DETECT_FILEMD5].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_FILEMD5].Setup = DetectFileMd5SetupNoSupport;
sigmatch_table[DETECT_FILEMD5].Free = NULL;
#else /* HAVE_NSS */
-int DetectFileMd5Match (ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t, void *, Signature *, SigMatch *);
+static int DetectFileMd5Match (ThreadVars *, DetectEngineThreadCtx *,
+ Flow *, uint8_t, File *, Signature *, SigMatch *);
static int DetectFileMd5Setup (DetectEngineCtx *, Signature *, char *);
-void DetectFileMd5RegisterTests(void);
-void DetectFileMd5Free(void *);
+static void DetectFileMd5RegisterTests(void);
+static void DetectFileMd5Free(void *);
/**
* \brief Registration function for keyword: filemd5
*/
void DetectFileMd5Register(void) {
sigmatch_table[DETECT_FILEMD5].name = "filemd5";
- sigmatch_table[DETECT_FILEMD5].Match = NULL;
- sigmatch_table[DETECT_FILEMD5].AppLayerMatch = DetectFileMd5Match;
+ sigmatch_table[DETECT_FILEMD5].FileMatch = DetectFileMd5Match;
sigmatch_table[DETECT_FILEMD5].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_FILEMD5].Setup = DetectFileMd5Setup;
sigmatch_table[DETECT_FILEMD5].Free = DetectFileMd5Free;
/**
* \brief match the specified filemd5
*
- * \param t pointer to thread vars
- * \param det_ctx pointer to the pattern matcher thread
- * \param p pointer to the current packet
- * \param m pointer to the sigmatch that we will cast into DetectFileMd5Data
+ * \param t thread local vars
+ * \param det_ctx pattern matcher thread local data
+ * \param f *LOCKED* flow
+ * \param flags direction flags
+ * \param file file being inspected
+ * \param s signature being inspected
+ * \param m sigmatch that we will cast into DetectFileMd5Data
*
* \retval 0 no match
* \retval 1 match
*/
-int DetectFileMd5Match (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f, uint8_t flags, void *state, Signature *s, SigMatch *m)
+static int DetectFileMd5Match (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
+ Flow *f, uint8_t flags, File *file, Signature *s, SigMatch *m)
{
SCEnter();
int ret = 0;
DetectFileMd5Data *filemd5 = (DetectFileMd5Data *)m->ctx;
- File *file = (File *)state;
-
if (file->txid < det_ctx->tx_id) {
SCReturnInt(0);
}
* \retval filemd5 pointer to DetectFileMd5Data on success
* \retval NULL on failure
*/
-DetectFileMd5Data *DetectFileMd5Parse (char *str)
+static DetectFileMd5Data *DetectFileMd5Parse (char *str)
{
DetectFileMd5Data *filemd5 = NULL;
*
* \param filemd5 pointer to DetectFileMd5Data
*/
-void DetectFileMd5Free(void *ptr) {
+static void DetectFileMd5Free(void *ptr) {
if (ptr != NULL) {
DetectFileMd5Data *filemd5 = (DetectFileMd5Data *)ptr;
if (filemd5->hash != NULL)
-/* Copyright (C) 2007-2011 Open Information Security Foundation
+/* Copyright (C) 2007-2012 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#include "detect-filename.h"
-int DetectFilenameMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t, void *, Signature *, SigMatch *);
+static int DetectFilenameMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *,
+ uint8_t, File *, Signature *, SigMatch *);
static int DetectFilenameSetup (DetectEngineCtx *, Signature *, char *);
-void DetectFilenameRegisterTests(void);
-void DetectFilenameFree(void *);
+static void DetectFilenameRegisterTests(void);
+static void DetectFilenameFree(void *);
/**
* \brief Registration function for keyword: filename
*/
void DetectFilenameRegister(void) {
sigmatch_table[DETECT_FILENAME].name = "filename";
- sigmatch_table[DETECT_FILENAME].Match = NULL;
- sigmatch_table[DETECT_FILENAME].AppLayerMatch = DetectFilenameMatch;
+ sigmatch_table[DETECT_FILENAME].FileMatch = DetectFilenameMatch;
sigmatch_table[DETECT_FILENAME].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_FILENAME].Setup = DetectFilenameSetup;
sigmatch_table[DETECT_FILENAME].Free = DetectFilenameFree;
/**
* \brief match the specified filename
*
- * \param t pointer to thread vars
- * \param det_ctx pointer to the pattern matcher thread
- * \param p pointer to the current packet
- * \param m pointer to the sigmatch that we will cast into DetectFilenameData
+ * \param t thread local vars
+ * \param det_ctx pattern matcher thread local data
+ * \param f *LOCKED* flow
+ * \param flags direction flags
+ * \param file file being inspected
+ * \param s signature being inspected
+ * \param m sigmatch that we will cast into DetectFilenameData
*
* \retval 0 no match
* \retval 1 match
*/
-int DetectFilenameMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f, uint8_t flags, void *state, Signature *s, SigMatch *m)
+static int DetectFilenameMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
+ Flow *f, uint8_t flags, File *file, Signature *s, SigMatch *m)
{
SCEnter();
int ret = 0;
DetectFilenameData *filename = m->ctx;
- File *file = (File *)state;
if (file->name == NULL)
SCReturnInt(0);
* \retval filename pointer to DetectFilenameData on success
* \retval NULL on failure
*/
-DetectFilenameData *DetectFilenameParse (char *str)
+static DetectFilenameData *DetectFilenameParse (char *str)
{
DetectFilenameData *filename = NULL;
*
* \param filename pointer to DetectFilenameData
*/
-void DetectFilenameFree(void *ptr) {
+static void DetectFilenameFree(void *ptr) {
if (ptr != NULL) {
DetectFilenameData *filename = (DetectFilenameData *)ptr;
if (filename->bm_ctx != NULL) {
-/* Copyright (C) 2007-2011 Open Information Security Foundation
+/* Copyright (C) 2007-2012 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
*
* \author Victor Julien <victor@inliniac.net>
*
+ * Implements the filestore keyword
*/
#include "suricata-common.h"
static pcre *parse_regex;
static pcre_extra *parse_regex_study;
-int DetectFilestoreMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t, void *, Signature *, SigMatch *);
+static int DetectFilestoreMatch (ThreadVars *, DetectEngineThreadCtx *,
+ Flow *, uint8_t, File *, Signature *, SigMatch *);
static int DetectFilestoreSetup (DetectEngineCtx *, Signature *, char *);
static void DetectFilestoreFree(void *);
*/
void DetectFilestoreRegister(void) {
sigmatch_table[DETECT_FILESTORE].name = "filestore";
- sigmatch_table[DETECT_FILESTORE].Match = NULL;
- sigmatch_table[DETECT_FILESTORE].AppLayerMatch = DetectFilestoreMatch;
+ sigmatch_table[DETECT_FILESTORE].FileMatch = DetectFilestoreMatch;
sigmatch_table[DETECT_FILESTORE].alproto = ALPROTO_HTTP;
sigmatch_table[DETECT_FILESTORE].Setup = DetectFilestoreSetup;
sigmatch_table[DETECT_FILESTORE].Free = DetectFilestoreFree;
/**
* \brief post-match function for filestore
*
+ * \param t thread local vars
+ * \param det_ctx pattern matcher thread local data
+ * \param p packet
+ *
* The match function for filestore records store candidates in the det_ctx.
* When we are sure all parts of the signature matched, we run this function
* to finalize the filestore.
/**
* \brief match the specified filestore
*
- * \param t pointer to thread vars
- * \param det_ctx pointer to the pattern matcher thread
- * \param p pointer to the current packet
- * \param m pointer to the sigmatch that we will cast into DetectFilestoreData
+ * \param t thread local vars
+ * \param det_ctx pattern matcher thread local data
+ * \param f *LOCKED* flow
+ * \param flags direction flags
+ * \param file file being inspected
+ * \param s signature being inspected
+ * \param m sigmatch that we will cast into DetectFilestoreData
*
* \retval 0 no match
* \retval 1 match
* \todo when we start supporting more protocols, the logic in this function
* needs to be put behind a api.
*/
-int DetectFilestoreMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f,
- uint8_t flags, void *state, Signature *s, SigMatch *m)
+static int DetectFilestoreMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f,
+ uint8_t flags, File *file, Signature *s, SigMatch *m)
{
uint16_t file_id = 0;
/* file can be NULL when a rule with filestore scope > file
* matches. */
- File *file = (File *)state;
if (file != NULL) {
file_id = file->file_id;
}
#include "util-debug.h"
#include "util-error.h"
#include "util-radix-tree.h"
+#include "util-file.h"
#include "detect-mark.h"
#endif
} DetectEngineThreadCtx;
-/** \brief element in sigmatch type table. */
+/** \brief element in sigmatch type table.
+ * \note FileMatch pointer below takes a locked flow, AppLayerMatch an unlocked flow
+ */
typedef struct SigTableElmt_ {
/** Packet match function pointer */
int (*Match)(ThreadVars *, DetectEngineThreadCtx *, Packet *, Signature *, SigMatch *);
/** AppLayer match function pointer */
int (*AppLayerMatch)(ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, Signature *, SigMatch *);
+
+ /** File match function pointer */
+ int (*FileMatch)(ThreadVars *, /**< thread local vars */
+ DetectEngineThreadCtx *,
+ Flow *, /**< *LOCKED* flow */
+ uint8_t flags, File *, Signature *, SigMatch *);
+
/** app layer proto from app-layer-protos.h this match applies to */
uint16_t alproto;
projects / thirdparty / suricata.git / commitdiff
