static int DetectDnsQuerySetup(DetectEngineCtx *de_ctx, Signature *s, char *str)
{
- s->list = DETECT_SM_LIST_DNSQUERY_MATCH;
+ s->list = DETECT_SM_LIST_DNSQUERYNAME_MATCH;
s->alproto = ALPROTO_DNS;
return 0;
}
fprintf(rule_engine_analysis_FD, "http stat msg content");
else if (list_type == DETECT_SM_LIST_HUADMATCH)
fprintf(rule_engine_analysis_FD, "http user agent content");
- else if (list_type == DETECT_SM_LIST_DNSQUERY_MATCH)
+ else if (list_type == DETECT_SM_LIST_DNSQUERYNAME_MATCH)
fprintf(rule_engine_analysis_FD, "dns query name content");
fprintf(rule_engine_analysis_FD, "\" buffer.\n");
//PrintRawDataFp(stdout, buffer, buffer_len);
r = DetectEngineContentInspection(de_ctx, det_ctx,
- s, s->sm_lists[DETECT_SM_LIST_DNSQUERY_MATCH],
+ s, s->sm_lists[DETECT_SM_LIST_DNSQUERYNAME_MATCH],
f, buffer, buffer_len, 0,
DETECT_ENGINE_CONTENT_INSPECTION_MODE_DNSQUERY, NULL);
if (r == 1)
case DETECT_SM_LIST_HUADMATCH:
case DETECT_SM_LIST_HHHDMATCH:
case DETECT_SM_LIST_HRHHDMATCH:
- case DETECT_SM_LIST_DNSQUERY_MATCH:
+ case DETECT_SM_LIST_DNSQUERYNAME_MATCH:
{
MpmCtx *mpm_ctx_ts = NULL;
MpmCtx *mpm_ctx_tc = NULL;
s->flags |= SIG_FLAG_MPM_APPLAYER;
if (cd->flags & DETECT_CONTENT_NEGATED)
s->flags |= SIG_FLAG_MPM_APPLAYER_NEG;
- } else if (sm_list == DETECT_SM_LIST_DNSQUERY_MATCH) {
+ } else if (sm_list == DETECT_SM_LIST_DNSQUERYNAME_MATCH) {
if (s->flags & SIG_FLAG_TOSERVER)
mpm_ctx_ts = sgh->mpm_dnsquery_ctx_ts;
if (s->flags & SIG_FLAG_TOCLIENT)
has_co_hrhhd = 1;
}
- if (s->sm_lists[DETECT_SM_LIST_DNSQUERY_MATCH] != NULL) {
+ if (s->sm_lists[DETECT_SM_LIST_DNSQUERYNAME_MATCH] != NULL) {
has_co_dnsquery = 1;
}
}
#define DE_STATE_FLAG_FILE_TS_INSPECT (1 << 14)
#define DE_STATE_FLAG_FULL_INSPECT (1 << 15)
#define DE_STATE_FLAG_SIG_CANT_MATCH (1 << 16)
-#define DE_STATE_FLAG_DNSQUERY_INSPECT (1 << 17)
+#define DE_STATE_FLAG_DNSQUERYNAME_INSPECT (1 << 17)
#define DE_STATE_FLAG_APP_EVENT_INSPECT (1 << 18)
#define DE_STATE_FLAG_MODBUS_INSPECT (1 << 19)
#define DE_STATE_FLAG_HRL_INSPECT (1 << 20)
/* DNS */
{ IPPROTO_TCP,
ALPROTO_DNS,
- DETECT_SM_LIST_DNSQUERY_MATCH,
- DE_STATE_FLAG_DNSQUERY_INSPECT,
+ DETECT_SM_LIST_DNSQUERYNAME_MATCH,
+ DE_STATE_FLAG_DNSQUERYNAME_INSPECT,
0,
DetectEngineInspectDnsQueryName },
/* specifically for UDP, register again
* in the detection engine */
{ IPPROTO_UDP,
ALPROTO_DNS,
- DETECT_SM_LIST_DNSQUERY_MATCH,
- DE_STATE_FLAG_DNSQUERY_INSPECT,
+ DETECT_SM_LIST_DNSQUERYNAME_MATCH,
+ DE_STATE_FLAG_DNSQUERYNAME_INSPECT,
0,
DetectEngineInspectDnsQueryName },
{ IPPROTO_TCP,
case DETECT_SM_LIST_FILEMATCH:
return "file";
- case DETECT_SM_LIST_DNSQUERY_MATCH:
- return "dns query";
+ case DETECT_SM_LIST_DNSQUERYNAME_MATCH:
+ return "dns query name";
case DETECT_SM_LIST_MODBUS_MATCH:
return "modbus";
SupportFastPatternForSigMatchList(DETECT_SM_LIST_HSCDMATCH, 3);
SupportFastPatternForSigMatchList(DETECT_SM_LIST_HSMDMATCH, 3);
- SupportFastPatternForSigMatchList(DETECT_SM_LIST_DNSQUERY_MATCH, 2);
+ SupportFastPatternForSigMatchList(DETECT_SM_LIST_DNSQUERYNAME_MATCH, 2);
#if 0
SCFPSupportSMList *tmp = sm_fp_support_smlist_list;
s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH] == NULL &&
s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH] == NULL &&
s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH] == NULL &&
- s->sm_lists_tail[DETECT_SM_LIST_DNSQUERY_MATCH] == NULL) {
+ s->sm_lists_tail[DETECT_SM_LIST_DNSQUERYNAME_MATCH] == NULL) {
SCLogWarning(SC_WARN_COMPATIBILITY, "fast_pattern found inside the "
"rule, without a preceding content based keyword. "
"Currently we provide fast_pattern support for content, "
DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HUADMATCH],
DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HHHDMATCH],
DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRHHDMATCH],
- DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_DNSQUERY_MATCH]);
+ DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_DNSQUERYNAME_MATCH]);
if (pm == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "fast_pattern found inside "
"the rule, without a content context. Please use a "
}
s = de_ctx->sig_list;
- if (s->sm_lists_tail[DETECT_SM_LIST_DNSQUERY_MATCH] == NULL) {
+ if (s->sm_lists_tail[DETECT_SM_LIST_DNSQUERYNAME_MATCH] == NULL) {
printf("dns_query list empty: ");
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_DNSQUERY_MATCH]->type != DETECT_ISDATAAT) {
+ if (s->sm_lists_tail[DETECT_SM_LIST_DNSQUERYNAME_MATCH]->type != DETECT_ISDATAAT) {
printf("last dns_query body sm not isdataat: ");
goto end;
}
- data = (DetectIsdataatData *)s->sm_lists_tail[DETECT_SM_LIST_DNSQUERY_MATCH]->ctx;
+ data = (DetectIsdataatData *)s->sm_lists_tail[DETECT_SM_LIST_DNSQUERYNAME_MATCH]->ctx;
if ( !(data->flags & ISDATAAT_RELATIVE) ||
(data->flags & ISDATAAT_RAWBYTES) ||
!(data->flags & ISDATAAT_NEGATED) ) {
else
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_HRLMATCH);
} else if (luajit->alproto == ALPROTO_DNS) {
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_DNSQUERY_MATCH);
+ SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_DNSQUERYNAME_MATCH);
} else {
SCLogError(SC_ERR_LUA_ERROR, "luajit can't be used with protocol %s",
AppLayerGetProtoName(luajit->alproto));
sig->flags |= SIG_FLAG_STATE_MATCH;
if (sig->sm_lists[DETECT_SM_LIST_HRHHDMATCH])
sig->flags |= SIG_FLAG_STATE_MATCH;
- if (sig->sm_lists[DETECT_SM_LIST_DNSQUERY_MATCH])
+ if (sig->sm_lists[DETECT_SM_LIST_DNSQUERYNAME_MATCH])
sig->flags |= SIG_FLAG_STATE_MATCH;
if (sig->sm_lists[DETECT_SM_LIST_MODBUS_MATCH])
sig->flags |= SIG_FLAG_STATE_MATCH;
AppLayerHtpEnableResponseBodyCallback();
} else if (s->list == DETECT_SM_LIST_DMATCH) {
SCLogDebug("adding to dmatch list because of dce_stub_data");
- } else if (s->list == DETECT_SM_LIST_DNSQUERY_MATCH) {
- SCLogDebug("adding to DETECT_SM_LIST_DNSQUERY_MATCH list because of dns_query");
+ } else if (s->list == DETECT_SM_LIST_DNSQUERYNAME_MATCH) {
+ SCLogDebug("adding to DETECT_SM_LIST_DNSQUERYNAME_MATCH list because of dns_query");
}
s->flags |= SIG_FLAG_APPLAYER;
sm_list = s->list;
DETECT_SM_LIST_FILEMATCH,
- DETECT_SM_LIST_DNSQUERY_MATCH,
+ DETECT_SM_LIST_DNSQUERYNAME_MATCH,
DETECT_SM_LIST_MODBUS_MATCH,
/* list for post match actions: flowbit set, flowint increment, etc */
projects / thirdparty / suricata.git / commitdiff
