detect-engine-sigorder.c detect-engine-sigorder.h \
detect-engine-state.c detect-engine-state.h \
detect-engine-tag.c detect-engine-tag.h \
-detect-engine-template.c detect-engine-template.h \
detect-engine-threshold.c detect-engine-threshold.h \
detect-engine-uri.c detect-engine-uri.h \
detect-fast-pattern.c detect-fast-pattern.h \
+++ /dev/null
-/* Copyright (C) 2015 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/*
- * TODO: Update your name below and in detect-engine-template.h.
- * TODO: Update description in the \file section below.
- * TODO: Remove SCLogNotice statements or convert to debug.
- */
-
-/**
- * \file
- *
- * \author FirstName LastName <yourname@domain>
- *
- * Implement buffer inspection on the decoded application layer
- * content buffers.
- */
-
-#include "suricata-common.h"
-#include "stream.h"
-#include "detect-engine-content-inspection.h"
-#include "detect-engine-template.h"
-#include "app-layer-template.h"
-
-int DetectEngineInspectTemplateBuffer(ThreadVars *tv,
- DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
- const Signature *s, const SigMatchData *smd,
- Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
- TemplateTransaction *tx = (TemplateTransaction *)txv;
- int ret = 0;
-
- if (flags & STREAM_TOSERVER && tx->request_buffer != NULL) {
- ret = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
- f, tx->request_buffer, tx->request_buffer_len, 0,
- DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL);
- }
- else if (flags & STREAM_TOCLIENT && tx->response_buffer != NULL) {
- ret = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
- f, tx->response_buffer, tx->response_buffer_len, 0,
- DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL);
- }
-
- SCLogNotice("Returning %d.", ret);
- return ret;
-}
+++ /dev/null
-/* Copyright (C) 2015 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * \author FirstName LastName <yourname@domain>
- */
-
-#ifndef __DETECT_TEMPLATE_ENGINE_H__
-#define __DETECT_TEMPLATE_ENGINE_H__
-
-int DetectEngineInspectTemplateBuffer(ThreadVars *,
- DetectEngineCtx *, DetectEngineThreadCtx *,
- const Signature *, const SigMatchData *,
- Flow *, uint8_t, void *, void *tx, uint64_t tx_id);
-
-#endif /* __DETECT_TEMPLATE_ENGINE_H__ */
-/* Copyright (C) 2015 Open Information Security Foundation
+/* Copyright (C) 2015-2017 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#include "suricata-common.h"
#include "conf.h"
#include "detect.h"
+#include "detect-parse.h"
#include "detect-engine.h"
+#include "detect-engine-content-inspection.h"
#include "app-layer-template.h"
-#include "detect-engine-template.h"
#include "detect-template-buffer.h"
static int DetectTemplateBufferSetup(DetectEngineCtx *, Signature *, const char *);
+static int DetectEngineInspectTemplateBuffer(ThreadVars *tv,
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatchData *smd,
+ Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
static void DetectTemplateBufferRegisterTests(void);
static int g_template_buffer_id = 0;
const char *str)
{
s->init_data->list = g_template_buffer_id;
- s->alproto = ALPROTO_TEMPLATE;
+
+ if (DetectSignatureSetAppProto(s, ALPROTO_TEMPLATE) != 0)
+ return -1;
+
return 0;
}
+static int DetectEngineInspectTemplateBuffer(ThreadVars *tv,
+ DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const Signature *s, const SigMatchData *smd,
+ Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
+{
+ TemplateTransaction *tx = (TemplateTransaction *)txv;
+ int ret = 0;
+
+ if (flags & STREAM_TOSERVER && tx->request_buffer != NULL) {
+ ret = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
+ f, tx->request_buffer, tx->request_buffer_len, 0,
+ DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL);
+ }
+ else if (flags & STREAM_TOCLIENT && tx->response_buffer != NULL) {
+ ret = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
+ f, tx->response_buffer, tx->response_buffer_len, 0,
+ DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL);
+ }
+
+ SCLogNotice("Returning %d.", ret);
+ return ret;
+}
+
#ifdef UNITTESTS
#include "util-unittest.h"
-/* Copyright (C) 2015 Open Information Security Foundation
+/* Copyright (C) 2015-2017 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
-/* Copyright (C) 2015-2016 Open Information Security Foundation
+/* Copyright (C) 2015-2017 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
-/* Copyright (C) 2015-2016 Open Information Security Foundation
+/* Copyright (C) 2015-2017 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
projects / thirdparty / suricata.git / commitdiff
