return 0;
}
-static DetectPcreData *DetectPcreParse (DetectEngineCtx *de_ctx, const char *regexstr, int *sm_list,
- char *capture_names, size_t capture_names_size, bool negate)
+static DetectPcreData *DetectPcreParse (DetectEngineCtx *de_ctx,
+ const char *regexstr, int *sm_list, char *capture_names,
+ size_t capture_names_size, bool negate, AppProto *alproto)
{
int ec;
const char *eb;
}
int list = DetectBufferTypeGetByName("http_uri");
*sm_list = DetectPcreSetList(*sm_list, list);
+ *alproto = ALPROTO_HTTP;
break;
}
case 'V': {
}
int list = DetectBufferTypeGetByName("http_user_agent");
*sm_list = DetectPcreSetList(*sm_list, list);
+ *alproto = ALPROTO_HTTP;
break;
}
case 'W': {
}
int list = DetectBufferTypeGetByName("http_host");
*sm_list = DetectPcreSetList(*sm_list, list);
+ *alproto = ALPROTO_HTTP;
check_host_header = 1;
break;
}
}
int list = DetectBufferTypeGetByName("http_raw_host");
*sm_list = DetectPcreSetList(*sm_list, list);
+ *alproto = ALPROTO_HTTP;
break;
}
case 'H': { /* snort's option */
}
int list = DetectBufferTypeGetByName("http_header");
*sm_list = DetectPcreSetList(*sm_list, list);
+ *alproto = ALPROTO_HTTP;
break;
} case 'I': { /* snort's option */
if (pd->flags & DETECT_PCRE_RAWBYTES) {
}
int list = DetectBufferTypeGetByName("http_raw_uri");
*sm_list = DetectPcreSetList(*sm_list, list);
+ *alproto = ALPROTO_HTTP;
break;
}
case 'D': { /* snort's option */
int list = DetectBufferTypeGetByName("http_raw_header");
*sm_list = DetectPcreSetList(*sm_list, list);
+ *alproto = ALPROTO_HTTP;
break;
}
case 'M': { /* snort's option */
}
int list = DetectBufferTypeGetByName("http_method");
*sm_list = DetectPcreSetList(*sm_list, list);
+ *alproto = ALPROTO_HTTP;
break;
}
case 'C': { /* snort's option */
}
int list = DetectBufferTypeGetByName("http_cookie");
*sm_list = DetectPcreSetList(*sm_list, list);
+ *alproto = ALPROTO_HTTP;
break;
}
case 'P': {
/* snort's option (http request body inspection) */
int list = DetectBufferTypeGetByName("http_client_body");
*sm_list = DetectPcreSetList(*sm_list, list);
+ *alproto = ALPROTO_HTTP;
break;
}
case 'Q': {
int list = DetectBufferTypeGetByName("file_data");
/* suricata extension (http response body inspection) */
*sm_list = DetectPcreSetList(*sm_list, list);
+ *alproto = ALPROTO_HTTP;
break;
}
case 'Y': {
/* snort's option */
int list = DetectBufferTypeGetByName("http_stat_msg");
*sm_list = DetectPcreSetList(*sm_list, list);
+ *alproto = ALPROTO_HTTP;
break;
}
case 'S': {
/* snort's option */
int list = DetectBufferTypeGetByName("http_stat_code");
*sm_list = DetectPcreSetList(*sm_list, list);
+ *alproto = ALPROTO_HTTP;
break;
}
default:
} else {
goto error;
}
-
return pd;
error:
int ret = -1;
int parsed_sm_list = DETECT_SM_LIST_NOTSET;
char capture_names[1024] = "";
+ AppProto alproto = ALPROTO_UNKNOWN;
pd = DetectPcreParse(de_ctx, regexstr, &parsed_sm_list,
- capture_names, sizeof(capture_names), s->init_data->negated);
+ capture_names, sizeof(capture_names), s->init_data->negated,
+ &alproto);
if (pd == NULL)
goto error;
if (DetectPcreParseCapture(regexstr, de_ctx, pd, capture_names) < 0)
case DETECT_SM_LIST_NOTSET:
sm_list = DETECT_SM_LIST_PMATCH;
break;
- default:
+ default: {
+ if (alproto != ALPROTO_UNKNOWN) {
+ /* see if the proto doesn't conflict
+ * with what we already have. */
+ if (s->alproto != ALPROTO_UNKNOWN &&
+ alproto != s->alproto) {
+ goto error;
+ }
+ DetectSignatureSetAppProto(s, alproto);
+ }
sm_list = parsed_sm_list;
break;
+ }
}
}
if (sm_list == -1)
int list = DETECT_SM_LIST_NOTSET;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
+ AppProto alproto = ALPROTO_UNKNOWN;
- pd = DetectPcreParse(de_ctx, teststring, &list, NULL, 0, false);
+ pd = DetectPcreParse(de_ctx, teststring, &list, NULL, 0, false, &alproto);
FAIL_IF_NOT_NULL(pd);
DetectEngineCtxFree(de_ctx);
int list = DETECT_SM_LIST_NOTSET;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
+ AppProto alproto = ALPROTO_UNKNOWN;
- pd = DetectPcreParse(de_ctx, teststring, &list, NULL, 0, false);
+ pd = DetectPcreParse(de_ctx, teststring, &list, NULL, 0, false, &alproto);
FAIL_IF_NOT_NULL(pd);
+ FAIL_IF_NOT(alproto == ALPROTO_HTTP);
DetectEngineCtxFree(de_ctx);
return result;
int list = DETECT_SM_LIST_NOTSET;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
+ AppProto alproto = ALPROTO_UNKNOWN;
- pd = DetectPcreParse(de_ctx, teststring, &list, NULL, 0, false);
+ pd = DetectPcreParse(de_ctx, teststring, &list, NULL, 0, false, &alproto);
FAIL_IF_NOT_NULL(pd);
DetectEngineCtxFree(de_ctx);
int list = DETECT_SM_LIST_NOTSET;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
+ AppProto alproto = ALPROTO_UNKNOWN;
- pd = DetectPcreParse(de_ctx, teststring, &list, NULL, 0, false);
+ pd = DetectPcreParse(de_ctx, teststring, &list, NULL, 0, false, &alproto);
FAIL_IF_NULL(pd);
+ FAIL_IF_NOT(alproto == ALPROTO_UNKNOWN);
DetectPcreFree(pd);
DetectEngineCtxFree(de_ctx);
int list = DETECT_SM_LIST_NOTSET;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
+ AppProto alproto = ALPROTO_UNKNOWN;
- pd = DetectPcreParse(de_ctx, teststring, &list, NULL, 0, false);
+ pd = DetectPcreParse(de_ctx, teststring, &list, NULL, 0, false, &alproto);
FAIL_IF_NULL(pd);
+ FAIL_IF_NOT(alproto == ALPROTO_UNKNOWN);
DetectPcreFree(pd);
DetectEngineCtxFree(de_ctx);
int list = DETECT_SM_LIST_NOTSET;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
+ AppProto alproto = ALPROTO_UNKNOWN;
- pd = DetectPcreParse(de_ctx, teststring, &list, NULL, 0, false);
+ pd = DetectPcreParse(de_ctx, teststring, &list, NULL, 0, false, &alproto);
FAIL_IF_NULL(pd);
+ FAIL_IF_NOT(alproto == ALPROTO_UNKNOWN);
DetectPcreFree(pd);
DetectEngineCtxFree(de_ctx);
int list = DETECT_SM_LIST_NOTSET;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
+ AppProto alproto = ALPROTO_UNKNOWN;
- pd = DetectPcreParse(de_ctx, teststring, &list, NULL, 0, false);
+ pd = DetectPcreParse(de_ctx, teststring, &list, NULL, 0, false, &alproto);
FAIL_IF_NULL(pd);
+ FAIL_IF_NOT(alproto == ALPROTO_HTTP);
DetectPcreFree(pd);
DetectEngineCtxFree(de_ctx);
int list = DETECT_SM_LIST_NOTSET;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
+ AppProto alproto = ALPROTO_UNKNOWN;
- pd = DetectPcreParse(de_ctx, teststring, &list, NULL, 0, false);
+ pd = DetectPcreParse(de_ctx, teststring, &list, NULL, 0, false, &alproto);
FAIL_IF_NULL(pd);
+ FAIL_IF_NOT(alproto == ALPROTO_UNKNOWN);
DetectPcreFree(pd);
DetectEngineCtxFree(de_ctx);
int list = DETECT_SM_LIST_NOTSET;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
+ AppProto alproto = ALPROTO_UNKNOWN;
- pd = DetectPcreParse(de_ctx, teststring, &list, NULL, 0, false);
+ pd = DetectPcreParse(de_ctx, teststring, &list, NULL, 0, false, &alproto);
FAIL_IF_NULL(pd);
DetectPcreFree(pd);
*/
static int DetectPcreParseHttpHost(void)
{
- DetectPcreData *pd = NULL;
+ AppProto alproto = ALPROTO_UNKNOWN;
int list = DETECT_SM_LIST_NOTSET;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF(de_ctx == NULL);
- pd = DetectPcreParse(de_ctx, "/domain\\.com/W", &list, NULL, 0, false);
+ DetectPcreData *pd = DetectPcreParse(de_ctx, "/domain\\.com/W", &list, NULL, 0, false, &alproto);
FAIL_IF(pd == NULL);
DetectPcreFree(pd);
list = DETECT_SM_LIST_NOTSET;
- pd = DetectPcreParse(de_ctx, "/dOmain\\.com/W", &list, NULL, 0, false);
+ pd = DetectPcreParse(de_ctx, "/dOmain\\.com/W", &list, NULL, 0, false, &alproto);
FAIL_IF(pd != NULL);
/* Uppercase meta characters are valid. */
list = DETECT_SM_LIST_NOTSET;
- pd = DetectPcreParse(de_ctx, "/domain\\D+\\.com/W", &list, NULL, 0, false);
+ pd = DetectPcreParse(de_ctx, "/domain\\D+\\.com/W", &list, NULL, 0, false, &alproto);
FAIL_IF(pd == NULL);
DetectPcreFree(pd);
/* This should not parse as the first \ escapes the second \, then
* we have a D. */
list = DETECT_SM_LIST_NOTSET;
- pd = DetectPcreParse(de_ctx, "/\\\\Ddomain\\.com/W", &list, NULL, 0, false);
+ pd = DetectPcreParse(de_ctx, "/\\\\Ddomain\\.com/W", &list, NULL, 0, false, &alproto);
FAIL_IF(pd != NULL);
DetectEngineCtxFree(de_ctx);
projects / thirdparty / suricata.git / commitdiff
