detect file: enforce protocol in single place

Instead of trying to enforce the app layer protocol in each file
function, enforce it in the generic validation function.

diff --git a/src/detect-fileext.c b/src/detect-fileext.c
index 484e6b8ab78aec7f117ec2b19c725fdf31aa10f5..973d5082117cc6dd4125f93bdfe300228e8f1ac8 100644 (file)
--- a/src/detect-fileext.c
+++ b/src/detect-fileext.c
@@ -209,11 +209,6 @@ static int DetectFileextSetup (DetectEngineCtx *de_ctx, Signature *s, char *str)
     sm->type = DETECT_FILEEXT;
     sm->ctx = (void *)fileext;
 
-    if (s->alproto != ALPROTO_HTTP && s->alproto != ALPROTO_SMTP) {
-        SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords.");
-        goto error;
-    }
-
     SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH);
 
     if (s->alproto == ALPROTO_HTTP) {

diff --git a/src/detect-filemagic.c b/src/detect-filemagic.c
index 26fcd44390b6adf40bec70babe55fc8c200ff812..950b0290f06df939eda30f5e17d45ecac1b63584 100644 (file)
--- a/src/detect-filemagic.c
+++ b/src/detect-filemagic.c
@@ -338,11 +338,6 @@ static int DetectFilemagicSetup (DetectEngineCtx *de_ctx, Signature *s, char *st
     DetectFilemagicData *filemagic = NULL;
     SigMatch *sm = NULL;
 
-    if (s->alproto != ALPROTO_HTTP && s->alproto != ALPROTO_SMTP) {
-        SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rules with filemagic need to have protocol set to http or smtp.");
-        goto error;
-    }
-
     filemagic = DetectFilemagicParse(str);
     if (filemagic == NULL)
         goto error;

diff --git a/src/detect-filemd5.c b/src/detect-filemd5.c
index af149b4147d3efcc53e3cfab8a04c30743168652..d8a18712260949e74888f4948a3839a52565873d 100644 (file)
--- a/src/detect-filemd5.c
+++ b/src/detect-filemd5.c
@@ -322,11 +322,6 @@ static int DetectFileMd5Setup (DetectEngineCtx *de_ctx, Signature *s, char *str)
     sm->type = DETECT_FILEMD5;
     sm->ctx = (void *)filemd5;
 
-    if (s->alproto != ALPROTO_HTTP && s->alproto != ALPROTO_SMTP) {
-        SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords.");
-        goto error;
-    }
-
     SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH);
 
     if (s->alproto == ALPROTO_HTTP) {

diff --git a/src/detect-filename.c b/src/detect-filename.c
index 780f073f952410d487f5648559f77ebafe69cdeb..0fd55392ef5f2984f6abbac9c7b1ed698c687656 100644 (file)
--- a/src/detect-filename.c
+++ b/src/detect-filename.c
@@ -49,6 +49,7 @@
 #include "stream-tcp.h"
 
 #include "detect-filename.h"
+#include "app-layer-parser.h"
 
 static int DetectFilenameMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *,
         uint8_t, File *, Signature *, SigMatch *);
@@ -213,11 +214,6 @@ static int DetectFilenameSetup (DetectEngineCtx *de_ctx, Signature *s, char *str
     sm->type = DETECT_FILENAME;
     sm->ctx = (void *)filename;
 
-    if (s->alproto != ALPROTO_HTTP && s->alproto != ALPROTO_SMTP) {
-        SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords.");
-        goto error;
-    }
-
     SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH);
 
     if (s->alproto == ALPROTO_HTTP) {

diff --git a/src/detect-filesize.c b/src/detect-filesize.c
index 6e9fe5fbb3449e488d268ef81b8143218ffb6c3f..9aeae0c6f499dabaed3b671e217dbb45ab9290b5 100644 (file)
--- a/src/detect-filesize.c
+++ b/src/detect-filesize.c
@@ -287,11 +287,6 @@ static int DetectFilesizeSetup (DetectEngineCtx *de_ctx, Signature *s, char *str
     sm->type = DETECT_FILESIZE;
     sm->ctx = (SigMatchCtx *)fsd;
 
-    if (s->alproto != ALPROTO_HTTP && s->alproto != ALPROTO_SMTP) {
-        SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords.");
-        goto error;
-    }
-
     SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH);
 
     if (s->alproto == ALPROTO_HTTP) {

diff --git a/src/detect-filestore.c b/src/detect-filestore.c
index 8927ff5d1beb7d3003ee5a8dd6a0b1a28cfc1862..38c7ce2bfecc8042df10cb8d8f41b8137256ca9b 100644 (file)
--- a/src/detect-filestore.c
+++ b/src/detect-filestore.c
@@ -387,11 +387,6 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, char *st
         sm->ctx = (SigMatchCtx*)NULL;
     }
 
-    if (s->alproto != ALPROTO_HTTP && s->alproto != ALPROTO_SMTP) {
-        SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords.");
-        goto error;
-    }
-
     if (s->alproto == ALPROTO_HTTP) {
         AppLayerHtpNeedFileInspection();
     }

diff --git a/src/detect-parse.c b/src/detect-parse.c
index 01bf5fef30eb3402783a553a35f89bb4e1ae68c6..3f6a7a6a8a4c62b324ddd0d4927d7ba66aa7b80f 100644 (file)
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@@ -1421,6 +1421,15 @@ int SigValidate(DetectEngineCtx *de_ctx, Signature *s)
     }
 #endif
 
+    if (((s->flags & SIG_FLAG_FILESTORE) || s->file_flags != 0) &&
+        s->alproto != ALPROTO_UNKNOWN &&
+        !AppLayerParserSupportsFiles(IPPROTO_TCP, s->alproto))
+    {
+        SCLogError(SC_ERR_NO_FILES_FOR_PROTOCOL, "protocol %s doesn't "
+                "support file matching", AppProtoToString(s->alproto));
+        SCReturnInt(0);
+    }
+
     SCReturnInt(1);
 }
 

diff --git a/src/util-error.c b/src/util-error.c
index 672430adcaecf2e33b22dc9b101364577451e32f..50d013c58c35b4076e5007324341d0047ac30f0e 100644 (file)
--- a/src/util-error.c
+++ b/src/util-error.c
@@ -325,6 +325,7 @@ const char * SCErrorToString(SCError err)
         CASE_CODE (SC_ERR_SMTP_LOG_GENERIC);
         CASE_CODE (SC_ERR_SSH_LOG_GENERIC);
         CASE_CODE (SC_ERR_NIC_OFFLOADING);
+        CASE_CODE (SC_ERR_NO_FILES_FOR_PROTOCOL);
     }
 
     return "UNKNOWN_ERROR";

diff --git a/src/util-error.h b/src/util-error.h
index 99c8f1375d0fa5957bd13250cda3c57ff566d55e..28a50cff4edbc848020c24496bc39a4ac427fbf2 100644 (file)
--- a/src/util-error.h
+++ b/src/util-error.h
@@ -315,6 +315,7 @@ typedef enum {
     SC_ERR_SMTP_LOG_GENERIC,
     SC_ERR_SSH_LOG_GENERIC,
     SC_ERR_NIC_OFFLOADING,
+    SC_ERR_NO_FILES_FOR_PROTOCOL,
 } SCError;
 
 const char *SCErrorToString(SCError);