#include "detect-engine.h"
+static int g_file_data_buffer_id = 0;
+
static int DetectBase64DataSetupTest01(void)
{
DetectEngineCtx *de_ctx = NULL;
goto end;
}
- sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA];
+ sm = de_ctx->sig_list->sm_lists[g_file_data_buffer_id];
if (sm == NULL) {
printf("DETECT_SM_LIST_FILEDATA is NULL: ");
goto end;
static void DetectBase64DataRegisterTests(void)
{
#ifdef UNITTESTS
+ g_file_data_buffer_id = DetectBufferTypeGetByName("file_data");
+
UtRegisterTest("DetectBase64DataSetupTest01", DetectBase64DataSetupTest01);
UtRegisterTest("DetectBase64DataSetupTest02", DetectBase64DataSetupTest02);
UtRegisterTest("DetectBase64DataSetupTest03", DetectBase64DataSetupTest03);
int sm_list;
if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
- if (s->init_data->list == DETECT_SM_LIST_FILEDATA) {
- if (data->endian == DETECT_BYTE_EXTRACT_ENDIAN_DCE) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "dce byte_extract specified "
- "with file_data option set.");
- goto error;
- }
- AppLayerHtpEnableResponseBodyCallback();
- }
sm_list = s->init_data->list;
- s->flags |= SIG_FLAG_APPLAYER;
+
if (data->flags & DETECT_BYTE_EXTRACT_FLAG_RELATIVE) {
prev_pm = DetectGetLastSMFromLists(s, DETECT_CONTENT, DETECT_PCRE, -1);
}
#ifdef UNITTESTS
+static int g_file_data_buffer_id = 0;
+
static int DetectByteExtractTest01(void)
{
int result = 0;
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_FILEDATA] == NULL) {
+ if (s->sm_lists_tail[g_file_data_buffer_id] == NULL) {
goto end;
}
- sm = s->sm_lists[DETECT_SM_LIST_FILEDATA];
+ sm = s->sm_lists[g_file_data_buffer_id];
if (sm->type != DETECT_BYTE_EXTRACT) {
result = 0;
goto end;
static void DetectByteExtractRegisterTests(void)
{
#ifdef UNITTESTS
+ g_file_data_buffer_id = DetectBufferTypeGetByName("file_data");
+
UtRegisterTest("DetectByteExtractTest01", DetectByteExtractTest01);
UtRegisterTest("DetectByteExtractTest02", DetectByteExtractTest02);
UtRegisterTest("DetectByteExtractTest03", DetectByteExtractTest03);
int sm_list;
if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
- if (s->init_data->list == DETECT_SM_LIST_FILEDATA) {
- if (data->flags & DETECT_BYTEJUMP_DCE) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "dce bytejump specified "
- "with file_data option set.");
- goto error;
- }
- AppLayerHtpEnableResponseBodyCallback();
- }
sm_list = s->init_data->list;
- s->flags |= SIG_FLAG_APPLAYER;
+
if (data->flags & DETECT_BYTEJUMP_RELATIVE) {
prev_pm = DetectGetLastSMFromLists(s, DETECT_CONTENT, DETECT_PCRE, -1);
}
/* UNITTESTS */
#ifdef UNITTESTS
#include "util-unittest-helper.h"
+static int g_file_data_buffer_id = 0;
+
/**
* \test DetectBytejumpTestParse01 is a test to make sure that we return
* "something" when given valid bytejump opt
}
s = de_ctx->sig_list;
- if (s->sm_lists_tail[DETECT_SM_LIST_FILEDATA] == NULL) {
+ if (s->sm_lists_tail[g_file_data_buffer_id] == NULL) {
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->type != DETECT_BYTEJUMP) {
+ if (s->sm_lists_tail[g_file_data_buffer_id]->type != DETECT_BYTEJUMP) {
goto end;
}
- bd = (DetectBytejumpData *)s->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
+ bd = (DetectBytejumpData *)s->sm_lists_tail[g_file_data_buffer_id]->ctx;
if ((bd->flags & DETECT_BYTEJUMP_DCE) &&
(bd->flags & DETECT_BYTEJUMP_RELATIVE) &&
(bd->flags & DETECT_BYTEJUMP_STRING) &&
static void DetectBytejumpRegisterTests(void)
{
#ifdef UNITTESTS
+ g_file_data_buffer_id = DetectBufferTypeGetByName("file_data");
+
UtRegisterTest("DetectBytejumpTestParse01", DetectBytejumpTestParse01);
UtRegisterTest("DetectBytejumpTestParse02", DetectBytejumpTestParse02);
UtRegisterTest("DetectBytejumpTestParse03", DetectBytejumpTestParse03);
int sm_list;
if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
- if (s->init_data->list == DETECT_SM_LIST_FILEDATA) {
- if (data->flags & DETECT_BYTETEST_DCE) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "dce bytetest specified "
- "with file_data option set.");
- goto error;
- }
- AppLayerHtpEnableResponseBodyCallback();
- }
sm_list = s->init_data->list;
- s->flags |= SIG_FLAG_APPLAYER;
+
if (data->flags & DETECT_BYTETEST_RELATIVE) {
prev_pm = DetectGetLastSMFromLists(s, DETECT_CONTENT, DETECT_PCRE, -1);
}
/* UNITTESTS */
#ifdef UNITTESTS
#include "util-unittest-helper.h"
+static int g_file_data_buffer_id = 0;
+
/**
* \test DetectBytetestTestParse01 is a test to make sure that we return "something"
* when given valid bytetest opt
}
s = de_ctx->sig_list;
- if (s->sm_lists_tail[DETECT_SM_LIST_FILEDATA] == NULL) {
+ if (s->sm_lists_tail[g_file_data_buffer_id] == NULL) {
printf("empty server body list: ");
goto end;
}
- if (s->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->type != DETECT_BYTETEST) {
+ if (s->sm_lists_tail[g_file_data_buffer_id]->type != DETECT_BYTETEST) {
printf("bytetest not last sm in server body list: ");
goto end;
}
- bd = (DetectBytetestData *)s->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
+ bd = (DetectBytetestData *)s->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (bd->flags & DETECT_BYTETEST_DCE &&
bd->flags & DETECT_BYTETEST_RELATIVE &&
(bd->flags & DETECT_BYTETEST_STRING) &&
static void DetectBytetestRegisterTests(void)
{
#ifdef UNITTESTS
+ g_file_data_buffer_id = DetectBufferTypeGetByName("file_data");
+
UtRegisterTest("DetectBytetestTestParse01", DetectBytetestTestParse01);
UtRegisterTest("DetectBytetestTestParse02", DetectBytetestTestParse02);
UtRegisterTest("DetectBytetestTestParse03", DetectBytetestTestParse03);
goto error;
DetectContentPrint(cd);
- int sm_list;
- if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
- if (s->init_data->list == DETECT_SM_LIST_FILEDATA && s->alproto == ALPROTO_HTTP) {
- AppLayerHtpEnableResponseBodyCallback();
- s->alproto = ALPROTO_HTTP;
- }
-
- s->flags |= SIG_FLAG_APPLAYER;
- sm_list = s->init_data->list;
- } else {
+ int sm_list = s->init_data->list;
+ if (sm_list == DETECT_SM_LIST_NOTSET) {
sm_list = DETECT_SM_LIST_PMATCH;
}
}
#ifdef UNITTESTS /* UNITTESTS */
+static int g_file_data_buffer_id = 0;
/**
* \test DetectCotentParseTest01 this is a test to make sure we can deal with escaped colons
goto end;
}
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA] == NULL) {
+ if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
printf("content not in FILEDATA list: ");
goto end;
}
goto end;
}
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA] == NULL) {
+ if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
printf("content not in FILEDATA list: ");
goto end;
}
goto end;
}
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA] == NULL) {
+ if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
printf("content not in FILEDATA list: ");
goto end;
}
goto end;
}
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA] == NULL) {
+ if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
printf("content not in FILEDATA list: ");
goto end;
}
goto end;
}
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA] == NULL) {
+ if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
printf("content not in FILEDATA list: ");
goto end;
}
static void DetectContentRegisterTests(void)
{
#ifdef UNITTESTS /* UNITTESTS */
+ g_file_data_buffer_id = DetectBufferTypeGetByName("file_data");
+
UtRegisterTest("DetectContentParseTest01", DetectContentParseTest01);
UtRegisterTest("DetectContentParseTest02", DetectContentParseTest02);
UtRegisterTest("DetectContentParseTest03", DetectContentParseTest03);
fprintf(fp_engine_analysis_FD, "http cookie content\n");
else if (list_type == DETECT_SM_LIST_HCBDMATCH)
fprintf(fp_engine_analysis_FD, "http client body content\n");
- else if (list_type == DETECT_SM_LIST_FILEDATA)
- fprintf(fp_engine_analysis_FD, "http server body content\n");
else if (list_type == DETECT_SM_LIST_HSCDMATCH)
fprintf(fp_engine_analysis_FD, "http stat code content\n");
else if (list_type == DETECT_SM_LIST_HSMDMATCH)
fprintf(rule_engine_analysis_FD, "http cookie content");
else if (list_type == DETECT_SM_LIST_HCBDMATCH)
fprintf(rule_engine_analysis_FD, "http client body content");
- else if (list_type == DETECT_SM_LIST_FILEDATA)
- fprintf(rule_engine_analysis_FD, "http server body content");
else if (list_type == DETECT_SM_LIST_HSCDMATCH)
fprintf(rule_engine_analysis_FD, "http stat code content");
else if (list_type == DETECT_SM_LIST_HSMDMATCH)
uint32_t warn_no_direction = 0;
uint32_t warn_both_direction = 0;
+ const int nlists = DetectBufferTypeMaxId();
+ const int filedata_id = DetectBufferTypeGetByName("file_data");
+
if (s->init_data->init_flags & SIG_FLAG_INIT_BIDIREC) {
rule_bidirectional = 1;
}
rule_ipv6_only += 1;
}
- for (list_id = 0; list_id < DETECT_SM_LIST_MAX; list_id++) {
-
+ for (list_id = 0; list_id < nlists; list_id++) {
SigMatch *sm = NULL;
for (sm = s->init_data->smlists[list_id]; sm != NULL; sm = sm->next) {
if (sm->type == DETECT_PCRE) {
norm_http_buf += 1;
http_cookie_buf += 1;
}
- else if (list_id == DETECT_SM_LIST_FILEDATA) {
+ else if (list_id == filedata_id) {
rule_pcre_http += 1;
http_server_body_buf += 1;
raw_http_buf += 1;
raw_http_buf += 1;
http_client_body_buf += 1;
}
- else if (list_id == DETECT_SM_LIST_FILEDATA) {
+ else if (list_id == filedata_id) {
rule_content_http += 1;
raw_http_buf += 1;
http_server_body_buf += 1;
return "http raw uri";
case DETECT_SM_LIST_HCBDMATCH:
return "http client body";
- case DETECT_SM_LIST_FILEDATA:
- return "http server body";
case DETECT_SM_LIST_HHDMATCH:
return "http headers";
case DETECT_SM_LIST_HRHDMATCH:
/*----------------------------------Unittests---------------------------------*/
#ifdef UNITTESTS
+static int g_file_data_buffer_id = 0;
/**
* \test Checks if a fast_pattern is registered in a Signature
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
ud->flags & DETECT_CONTENT_NEGATED &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
goto end;
result = 0;
- sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA];
+ sm = de_ctx->sig_list->sm_lists[g_file_data_buffer_id];
if (sm != NULL) {
if ( ((DetectContentData *)sm->ctx)->flags &
DETECT_CONTENT_FAST_PATTERN) {
goto end;
result = 0;
- sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA];
+ sm = de_ctx->sig_list->sm_lists[g_file_data_buffer_id];
if (sm != NULL) {
if ( ((DetectContentData *)sm->ctx)->flags &
DETECT_CONTENT_FAST_PATTERN) {
if (de_ctx->sig_list == NULL)
goto end;
- sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA];
+ sm = de_ctx->sig_list->sm_lists[g_file_data_buffer_id];
if (sm == NULL) {
goto end;
}
if (de_ctx->sig_list == NULL)
goto end;
- sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA];
+ sm = de_ctx->sig_list->sm_lists[g_file_data_buffer_id];
if (sm == NULL) {
goto end;
}
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP) &&
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP) &&
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP) &&
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP) &&
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
ud->flags & DETECT_CONTENT_NEGATED &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
ud->flags & DETECT_CONTENT_NEGATED &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
ud->flags & DETECT_CONTENT_NEGATED &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
goto end;
result = 0;
- sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA];
+ sm = de_ctx->sig_list->sm_lists[g_file_data_buffer_id];
if (sm != NULL) {
if ( ((DetectContentData *)sm->ctx)->flags &
DETECT_CONTENT_FAST_PATTERN) {
goto end;
result = 0;
- sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA];
+ sm = de_ctx->sig_list->sm_lists[g_file_data_buffer_id];
if (sm != NULL) {
if ( ((DetectContentData *)sm->ctx)->flags &
DETECT_CONTENT_FAST_PATTERN) {
if (de_ctx->sig_list == NULL)
goto end;
- sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA];
+ sm = de_ctx->sig_list->sm_lists[g_file_data_buffer_id];
if (sm == NULL) {
goto end;
}
if (de_ctx->sig_list == NULL)
goto end;
- sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA];
+ sm = de_ctx->sig_list->sm_lists[g_file_data_buffer_id];
if (sm == NULL) {
goto end;
}
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP) &&
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP) &&
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP) &&
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP) &&
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
ud->flags & DETECT_CONTENT_NEGATED &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
ud->flags & DETECT_CONTENT_NEGATED &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
ud->flags & DETECT_CONTENT_NEGATED &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
void DetectFastPatternRegisterTests(void)
{
-
#ifdef UNITTESTS
+ g_file_data_buffer_id = DetectBufferTypeGetByName("file_data");
+
UtRegisterTest("DetectFastPatternTest01", DetectFastPatternTest01);
UtRegisterTest("DetectFastPatternTest02", DetectFastPatternTest02);
UtRegisterTest("DetectFastPatternTest03", DetectFastPatternTest03);
static int DetectFiledataSetup (DetectEngineCtx *, Signature *, char *);
static void DetectFiledataRegisterTests(void);
+static void DetectFiledataSetupCallback(Signature *s);
+static int g_file_data_buffer_id = 0;
+
/**
* \brief Registration function for keyword: file_data
*/
sigmatch_table[DETECT_FILE_DATA].RegisterTests = DetectFiledataRegisterTests;
sigmatch_table[DETECT_FILE_DATA].flags = SIGMATCH_NOOPT;
- DetectMpmAppLayerRegister("file_data", SIG_FLAG_TOSERVER,
- DETECT_SM_LIST_FILEDATA, 2,
+ DetectAppLayerMpmRegister("file_data", SIG_FLAG_TOSERVER, 2,
PrefilterTxSmtpFiledataRegister);
- DetectMpmAppLayerRegister("file_data", SIG_FLAG_TOCLIENT,
- DETECT_SM_LIST_FILEDATA, 2,
+ DetectAppLayerMpmRegister("file_data", SIG_FLAG_TOCLIENT, 2,
PrefilterTxHttpResponseBodyRegister);
- DetectAppLayerInspectEngineRegister(ALPROTO_HTTP, SIG_FLAG_TOCLIENT,
- DETECT_SM_LIST_FILEDATA,
+ DetectAppLayerInspectEngineRegister2("file_data",
+ ALPROTO_HTTP, SIG_FLAG_TOCLIENT,
DetectEngineInspectHttpServerBody);
- DetectAppLayerInspectEngineRegister(ALPROTO_SMTP, SIG_FLAG_TOSERVER,
- DETECT_SM_LIST_FILEDATA,
+ DetectAppLayerInspectEngineRegister2("file_data",
+ ALPROTO_SMTP, SIG_FLAG_TOSERVER,
DetectEngineInspectSMTPFiledata);
+
+ DetectBufferTypeRegisterSetupCallback("file_data",
+ DetectFiledataSetupCallback);
+
+ DetectBufferTypeSetDescriptionByName("file_data",
+ "http response body or smtp attachments data");
+
+ g_file_data_buffer_id = DetectBufferTypeGetByName("file_data");
}
/**
return -1;
}
- s->init_data->list = DETECT_SM_LIST_FILEDATA;
-
+ s->init_data->list = DetectBufferTypeGetByName("file_data");
return 0;
}
+static void DetectFiledataSetupCallback(Signature *s)
+{
+ if (s->alproto == ALPROTO_HTTP || s->alproto == ALPROTO_UNKNOWN) {
+ AppLayerHtpEnableRequestBodyCallback();
+ }
+ if (s->alproto == ALPROTO_HTTP) {
+ s->mask |= SIG_MASK_REQUIRE_HTTP_STATE;
+ } else if (s->alproto == ALPROTO_SMTP) {
+ s->mask |= SIG_MASK_REQUIRE_SMTP_STATE;
+ }
+
+ SCLogDebug("callback invoked by %u", s->id);
+}
+
#ifdef UNITTESTS
+#include "detect-isdataat.h"
+
static int DetectFiledataParseTest01(void)
{
DetectEngineCtx *de_ctx = NULL;
goto end;
}
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA] == NULL) {
+ if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
printf("content not in FILEDATA list: ");
goto end;
}
goto end;
}
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA] == NULL) {
+ if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
printf("content not in FILEDATA list: ");
goto end;
}
goto end;
}
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA] == NULL) {
+ if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
printf("content not in FILEDATA list: ");
goto end;
}
return result;
}
+
+static int DetectFiledataIsdataatParseTest1(void)
+{
+ DetectEngineCtx *de_ctx = DetectEngineCtxInit();
+ FAIL_IF_NULL(de_ctx);
+ de_ctx->flags |= DE_QUIET;
+
+ Signature *s = DetectEngineAppendSig(de_ctx,
+ "alert tcp any any -> any any ("
+ "file_data; content:\"one\"; "
+ "isdataat:!4,relative; sid:1;)");
+ FAIL_IF_NULL(s);
+
+ SigMatch *sm = s->init_data->smlists[g_file_data_buffer_id];
+ FAIL_IF_NULL(sm);
+ FAIL_IF_NOT(sm->type == DETECT_CONTENT);
+ sm = sm->next;
+ FAIL_IF_NULL(sm);
+ FAIL_IF_NOT(sm->type == DETECT_ISDATAAT);
+
+ DetectIsdataatData *data = (DetectIsdataatData *)sm->ctx;
+ FAIL_IF_NOT(data->flags & ISDATAAT_RELATIVE);
+ FAIL_IF_NOT(data->flags & ISDATAAT_NEGATED);
+ FAIL_IF(data->flags & ISDATAAT_RAWBYTES);
+
+ DetectEngineCtxFree(de_ctx);
+ PASS;
+}
+
+static int DetectFiledataIsdataatParseTest2(void)
+{
+ DetectEngineCtx *de_ctx = DetectEngineCtxInit();
+ FAIL_IF_NULL(de_ctx);
+ de_ctx->flags |= DE_QUIET;
+
+ Signature *s = DetectEngineAppendSig(de_ctx,
+ "alert tcp any any -> any any ("
+ "file_data; "
+ "isdataat:!4,relative; sid:1;)");
+ FAIL_IF_NULL(s);
+
+ SigMatch *sm = s->init_data->smlists_tail[g_file_data_buffer_id];
+ FAIL_IF_NULL(sm);
+ FAIL_IF_NOT(sm->type == DETECT_ISDATAAT);
+
+ DetectIsdataatData *data = (DetectIsdataatData *)sm->ctx;
+ FAIL_IF_NOT(data->flags & ISDATAAT_RELATIVE);
+ FAIL_IF_NOT(data->flags & ISDATAAT_NEGATED);
+ FAIL_IF(data->flags & ISDATAAT_RAWBYTES);
+
+ DetectEngineCtxFree(de_ctx);
+ PASS;
+}
+
#endif
void DetectFiledataRegisterTests(void)
UtRegisterTest("DetectFiledataParseTest03", DetectFiledataParseTest03);
UtRegisterTest("DetectFiledataParseTest04", DetectFiledataParseTest04);
UtRegisterTest("DetectFiledataParseTest05", DetectFiledataParseTest05);
+
+ UtRegisterTest("DetectFiledataIsdataatParseTest1",
+ DetectFiledataIsdataatParseTest1);
+ UtRegisterTest("DetectFiledataIsdataatParseTest2",
+ DetectFiledataIsdataatParseTest2);
#endif
}
#include "detect-http-server-body.h"
#include "stream-tcp.h"
-int DetectHttpServerBodySetup(DetectEngineCtx *, Signature *, char *);
-void DetectHttpServerBodyRegisterTests(void);
-void DetectHttpServerBodyFree(void *);
+static int DetectHttpServerBodySetup(DetectEngineCtx *, Signature *, char *);
+static void DetectHttpServerBodyRegisterTests(void);
+static void DetectHttpServerBodyFree(void *);
+
+static int g_file_data_buffer_id = 0;
/**
* \brief Registers the keyword handlers for the "http_server_body" keyword.
sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].RegisterTests = DetectHttpServerBodyRegisterTests;
sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].flags |= SIGMATCH_NOOPT;
- sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].flags |= SIGMATCH_PAYLOAD ;
-}
+ sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].flags |= SIGMATCH_PAYLOAD;
-static void DetectHttpServerBodySetupCallback(Signature *s)
-{
- s->flags |= SIG_FLAG_APPLAYER;
- AppLayerHtpEnableResponseBodyCallback();
-
- return;
+ g_file_data_buffer_id = DetectBufferTypeRegister("file_data");
}
/**
{
return DetectEngineContentModifierBufferSetup(de_ctx, s, arg,
DETECT_AL_HTTP_SERVER_BODY,
- DETECT_SM_LIST_FILEDATA,
- ALPROTO_HTTP,
- DetectHttpServerBodySetupCallback);
+ g_file_data_buffer_id,
+ ALPROTO_HTTP, NULL);
}
/**
goto end;
}
- sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA];
+ sm = de_ctx->sig_list->sm_lists[g_file_data_buffer_id];
if (sm == NULL) {
goto end;
}
goto end;
}
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA] == NULL) {
- printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA] == NULL\n");
+ if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
+ printf("de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL\n");
goto end;
}
DetectContentData *cd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->prev->ctx;
DetectContentData *cd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
- DetectContentData *hsbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev->ctx;
- DetectContentData *hsbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
+ DetectContentData *hsbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
+ DetectContentData *hsbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (cd1->flags != 0 || memcmp(cd1->content, "one", cd1->content_len) != 0 ||
cd2->flags != 0 || memcmp(cd2->content, "four", cd2->content_len) != 0 ||
hsbd1->flags != DETECT_CONTENT_RELATIVE_NEXT ||
goto end;
}
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA] == NULL) {
- printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA] == NULL\n");
+ if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
+ printf("de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL\n");
goto end;
}
DetectPcreData *pd1 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->prev->ctx;
DetectContentData *cd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
- DetectContentData *hsbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev->ctx;
- DetectContentData *hsbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
+ DetectContentData *hsbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
+ DetectContentData *hsbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (pd1->flags != 0 ||
cd2->flags != 0 || memcmp(cd2->content, "four", cd2->content_len) != 0 ||
hsbd1->flags != DETECT_CONTENT_RELATIVE_NEXT ||
goto end;
}
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA] == NULL) {
- printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA] == NULL\n");
+ if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
+ printf("de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL\n");
goto end;
}
DetectPcreData *pd1 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->prev->ctx;
DetectContentData *cd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
- DetectContentData *hsbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev->ctx;
- DetectContentData *hsbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
+ DetectContentData *hsbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
+ DetectContentData *hsbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (pd1->flags != 0 ||
cd2->flags != 0 || memcmp(cd2->content, "four", cd2->content_len) != 0 ||
hsbd1->flags != DETECT_CONTENT_RELATIVE_NEXT ||
goto end;
}
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA] == NULL) {
- printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA] == NULL\n");
+ if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
+ printf("de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL\n");
goto end;
}
DetectPcreData *pd1 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->prev->ctx;
DetectContentData *cd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
- DetectContentData *hsbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev->ctx;
- DetectContentData *hsbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
+ DetectContentData *hsbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
+ DetectContentData *hsbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (pd1->flags != DETECT_PCRE_RELATIVE_NEXT ||
cd2->flags != DETECT_CONTENT_DISTANCE ||
memcmp(cd2->content, "four", cd2->content_len) != 0 ||
goto end;
}
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA] == NULL) {
- printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA] == NULL\n");
+ if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
+ printf("de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL\n");
goto end;
}
DetectPcreData *pd1 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->prev->ctx;
DetectContentData *cd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
- DetectContentData *hsbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev->ctx;
- DetectContentData *hsbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
+ DetectContentData *hsbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
+ DetectContentData *hsbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (pd1->flags != (DETECT_PCRE_RELATIVE_NEXT) ||
cd2->flags != DETECT_CONTENT_DISTANCE ||
memcmp(cd2->content, "four", cd2->content_len) != 0 ||
goto end;
}
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA] == NULL) {
- printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA] == NULL\n");
+ if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
+ printf("de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL\n");
goto end;
}
DetectPcreData *pd1 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->prev->ctx;
DetectContentData *cd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
- DetectContentData *hsbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev->ctx;
- DetectContentData *hsbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
+ DetectContentData *hsbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
+ DetectContentData *hsbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (pd1->flags != (DETECT_PCRE_RELATIVE_NEXT) ||
cd2->flags != DETECT_CONTENT_DISTANCE ||
memcmp(cd2->content, "four", cd2->content_len) != 0 ||
goto end;
}
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA] == NULL) {
- printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA] == NULL\n");
+ if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
+ printf("de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL\n");
goto end;
}
- DetectContentData *hsbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev->ctx;
- DetectContentData *hsbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
+ DetectContentData *hsbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
+ DetectContentData *hsbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (hsbd1->flags != DETECT_CONTENT_RELATIVE_NEXT ||
memcmp(hsbd1->content, "one", hsbd1->content_len) != 0 ||
hsbd2->flags != DETECT_CONTENT_DISTANCE ||
goto end;
}
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA] == NULL) {
- printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA] == NULL\n");
+ if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
+ printf("de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL\n");
goto end;
}
- DetectContentData *hsbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev->ctx;
- DetectContentData *hsbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
+ DetectContentData *hsbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
+ DetectContentData *hsbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (hsbd1->flags != DETECT_CONTENT_RELATIVE_NEXT ||
memcmp(hsbd1->content, "one", hsbd1->content_len) != 0 ||
hsbd2->flags != DETECT_CONTENT_WITHIN ||
DetectEngineCtx *de_ctx = NULL;
int result = 0;
- if ( (de_ctx = DetectEngineCtxInit()) == NULL)
- goto end;
+ de_ctx = DetectEngineCtxInit();
+ FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
"(pcre:/one/Q; "
"content:\"two\"; within:5; http_server_body; sid:1;)");
- if (de_ctx->sig_list == NULL) {
- printf("de_ctx->sig_list == NULL\n");
- goto end;
- }
+ FAIL_IF_NULL(de_ctx->sig_list);
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) {
- printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL\n");
- goto end;
- }
+ FAIL_IF_NOT_NULL(de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH]);
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA] == NULL) {
- printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA] == NULL\n");
+ if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
+ printf("de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL\n");
goto end;
}
- if (de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA] == NULL ||
- de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->type != DETECT_CONTENT ||
- de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev == NULL ||
- de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev->type != DETECT_PCRE) {
+ if (de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id] == NULL ||
+ de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->type != DETECT_CONTENT ||
+ de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev == NULL ||
+ de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->type != DETECT_PCRE) {
goto end;
}
- DetectPcreData *pd1 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev->ctx;
- DetectContentData *hsbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
+ DetectPcreData *pd1 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
+ DetectContentData *hsbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (pd1->flags != (DETECT_PCRE_RELATIVE_NEXT) ||
hsbd2->flags != DETECT_CONTENT_WITHIN ||
memcmp(hsbd2->content, "two", hsbd2->content_len) != 0) {
goto end;
}
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA] == NULL) {
- printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA] == NULL\n");
+ if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
+ printf("de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL\n");
goto end;
}
- if (de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA] == NULL ||
- de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->type != DETECT_PCRE ||
- de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev == NULL ||
- de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev->type != DETECT_CONTENT) {
+ if (de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id] == NULL ||
+ de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->type != DETECT_PCRE ||
+ de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev == NULL ||
+ de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->type != DETECT_CONTENT) {
goto end;
}
- DetectContentData *hsbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev->ctx;
- DetectPcreData *pd2 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
+ DetectContentData *hsbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
+ DetectPcreData *pd2 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (pd2->flags != (DETECT_PCRE_RELATIVE) ||
hsbd1->flags != DETECT_CONTENT_RELATIVE_NEXT ||
memcmp(hsbd1->content, "two", hsbd1->content_len) != 0) {
goto end;
}
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA] == NULL) {
- printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA] == NULL\n");
+ if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
+ printf("de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL\n");
goto end;
}
- if (de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA] == NULL ||
- de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->type != DETECT_CONTENT ||
- de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev == NULL ||
- de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev->type != DETECT_PCRE) {
+ if (de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id] == NULL ||
+ de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->type != DETECT_CONTENT ||
+ de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev == NULL ||
+ de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->type != DETECT_PCRE) {
goto end;
}
- DetectPcreData *pd1 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->prev->ctx;
- DetectContentData *hsbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
+ DetectPcreData *pd1 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
+ DetectContentData *hsbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (pd1->flags != (DETECT_PCRE_RELATIVE_NEXT) ||
hsbd2->flags != DETECT_CONTENT_DISTANCE ||
memcmp(hsbd2->content, "two", hsbd2->content_len) != 0) {
int sm_list;
if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
- if (s->init_data->list == DETECT_SM_LIST_FILEDATA) {
- AppLayerHtpEnableResponseBodyCallback();
- s->alproto = ALPROTO_HTTP;
- }
sm_list = s->init_data->list;
- s->flags |= SIG_FLAG_APPLAYER;
+
if (idad->flags & ISDATAAT_RELATIVE) {
prev_pm = DetectGetLastSMFromLists(s, DETECT_CONTENT, DETECT_PCRE, -1);
}
return result;
}
-static int DetectIsdataatTestParse14(void)
-{
- DetectEngineCtx *de_ctx = NULL;
- int result = 0;
- Signature *s = NULL;
- DetectIsdataatData *data = NULL;
-
- de_ctx = DetectEngineCtxInit();
- if (de_ctx == NULL)
- goto end;
-
- de_ctx->flags |= DE_QUIET;
- de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
- "(msg:\"Testing file_data and isdataat\"; "
- "file_data; content:\"one\"; "
- "isdataat:!4,relative; sid:1;)");
- if (de_ctx->sig_list == NULL) {
- goto end;
- }
-
- s = de_ctx->sig_list;
- if (s->sm_lists_tail[DETECT_SM_LIST_FILEDATA] == NULL) {
- printf("server body list empty: ");
- goto end;
- }
-
- if (s->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->type != DETECT_ISDATAAT) {
- printf("last server body sm not isdataat: ");
- goto end;
- }
-
- data = (DetectIsdataatData *)s->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
- if ( !(data->flags & ISDATAAT_RELATIVE) ||
- (data->flags & ISDATAAT_RAWBYTES) ||
- !(data->flags & ISDATAAT_NEGATED) ) {
- goto end;
- }
-
- result = 1;
- end:
- SigGroupCleanup(de_ctx);
- SigCleanSignatures(de_ctx);
- DetectEngineCtxFree(de_ctx);
-
- return result;
-}
-
-/**
- * \test file_data with isdataat relative to it
- */
-static int DetectIsdataatTestParse15(void)
-{
- DetectEngineCtx *de_ctx = NULL;
- int result = 0;
- Signature *s = NULL;
- DetectIsdataatData *data = NULL;
-
- de_ctx = DetectEngineCtxInit();
- if (de_ctx == NULL)
- goto end;
-
- de_ctx->flags |= DE_QUIET;
- de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
- "(msg:\"Testing file_data and isdataat\"; "
- "file_data; isdataat:!4,relative; sid:1;)");
- if (de_ctx->sig_list == NULL) {
- printf("sig parse: ");
- goto end;
- }
-
- s = de_ctx->sig_list;
- if (s->sm_lists_tail[DETECT_SM_LIST_FILEDATA] == NULL) {
- printf("server body list empty: ");
- goto end;
- }
-
- if (s->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->type != DETECT_ISDATAAT) {
- printf("last server body sm not isdataat: ");
- goto end;
- }
-
- data = (DetectIsdataatData *)s->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
- if ( !(data->flags & ISDATAAT_RELATIVE) ||
- (data->flags & ISDATAAT_RAWBYTES) ||
- !(data->flags & ISDATAAT_NEGATED) ) {
- goto end;
- }
-
- result = 1;
- end:
- SigGroupCleanup(de_ctx);
- SigCleanSignatures(de_ctx);
- DetectEngineCtxFree(de_ctx);
-
- return result;
-}
-
/**
* \test dns_query with isdataat relative to it
*/
UtRegisterTest("DetectIsdataatTestParse11", DetectIsdataatTestParse11);
UtRegisterTest("DetectIsdataatTestParse12", DetectIsdataatTestParse12);
UtRegisterTest("DetectIsdataatTestParse13", DetectIsdataatTestParse13);
- UtRegisterTest("DetectIsdataatTestParse14", DetectIsdataatTestParse14);
- UtRegisterTest("DetectIsdataatTestParse15", DetectIsdataatTestParse15);
UtRegisterTest("DetectIsdataatTestParse16", DetectIsdataatTestParse16);
UtRegisterTest("DetectIsdataatTestPacket01", DetectIsdataatTestPacket01);
else
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
} else if (lua->alproto == ALPROTO_HTTP) {
- if (lua->flags & DATATYPE_HTTP_RESPONSE_BODY)
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEDATA);
- else if (lua->flags & DATATYPE_HTTP_REQUEST_BODY)
+ if (lua->flags & DATATYPE_HTTP_RESPONSE_BODY) {
+ int list = DetectBufferTypeGetByName("file_data");
+ SigMatchAppendSMToList(s, sm, list);
+ } else if (lua->flags & DATATYPE_HTTP_REQUEST_BODY)
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_HCBDMATCH);
else if (lua->flags & DATATYPE_HTTP_URI)
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_UMATCH);
CASE_CODE_STRING(DETECT_SM_LIST_UMATCH, "http_uri");
CASE_CODE_STRING(DETECT_SM_LIST_HRUDMATCH, "http_raw_uri");
CASE_CODE_STRING(DETECT_SM_LIST_HCBDMATCH, "http_client_body");
- CASE_CODE_STRING(DETECT_SM_LIST_FILEDATA, "file_data");
CASE_CODE_STRING(DETECT_SM_LIST_HHDMATCH, "http_header");
CASE_CODE_STRING(DETECT_SM_LIST_HRHDMATCH, "http_raw_header");
CASE_CODE_STRING(DETECT_SM_LIST_HSMDMATCH, "http_stat_msg");
CASE_CODE(DETECT_SM_LIST_UMATCH);
CASE_CODE(DETECT_SM_LIST_HRUDMATCH);
CASE_CODE(DETECT_SM_LIST_HCBDMATCH);
- CASE_CODE(DETECT_SM_LIST_FILEDATA);
CASE_CODE(DETECT_SM_LIST_HHDMATCH);
CASE_CODE(DETECT_SM_LIST_HRHDMATCH);
CASE_CODE(DETECT_SM_LIST_HSMDMATCH);
if (s->init_data->smlists_tail[DETECT_SM_LIST_UMATCH] ||
s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH] ||
s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH] ||
- s->init_data->smlists_tail[DETECT_SM_LIST_FILEDATA] ||
s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH] ||
s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH] ||
s->init_data->smlists_tail[DETECT_SM_LIST_HMDMATCH] ||
/* snort's option (http request body inspection) */
*sm_list = DetectPcreSetList(*sm_list, DETECT_SM_LIST_HCBDMATCH);
break;
- case 'Q':
+ case 'Q': {
+ int list = DetectBufferTypeGetByName("file_data");
/* suricata extension (http response body inspection) */
- *sm_list = DetectPcreSetList(*sm_list, DETECT_SM_LIST_FILEDATA);
+ *sm_list = DetectPcreSetList(*sm_list, list);
break;
+ }
case 'Y':
/* snort's option */
*sm_list = DetectPcreSetList(*sm_list, DETECT_SM_LIST_HSMDMATCH);
if (parsed_sm_list == DETECT_SM_LIST_UMATCH ||
parsed_sm_list == DETECT_SM_LIST_HRUDMATCH ||
parsed_sm_list == DETECT_SM_LIST_HCBDMATCH ||
- parsed_sm_list == DETECT_SM_LIST_FILEDATA ||
parsed_sm_list == DETECT_SM_LIST_HHDMATCH ||
parsed_sm_list == DETECT_SM_LIST_HRHDMATCH ||
parsed_sm_list == DETECT_SM_LIST_HSMDMATCH ||
int sm_list = -1;
if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
- if (s->init_data->list == DETECT_SM_LIST_FILEDATA) {
- SCLogDebug("adding to http server body list because of file data");
- AppLayerHtpEnableResponseBodyCallback();
- } else if (s->init_data->list == DETECT_SM_LIST_DMATCH) {
- SCLogDebug("adding to dmatch list because of dce_stub_data");
- } else if (s->init_data->list == DETECT_SM_LIST_DNSQUERYNAME_MATCH) {
- SCLogDebug("adding to DETECT_SM_LIST_DNSQUERYNAME_MATCH list because of dns_query");
- }
s->flags |= SIG_FLAG_APPLAYER;
sm_list = s->init_data->list;
} else {
sm_list = parsed_sm_list;
break;
- case DETECT_SM_LIST_FILEDATA:
- AppLayerHtpEnableResponseBodyCallback();
- s->flags |= SIG_FLAG_APPLAYER;
- s->alproto = ALPROTO_HTTP;
- sm_list = parsed_sm_list;
- break;
-
case DETECT_SM_LIST_UMATCH:
case DETECT_SM_LIST_HRUDMATCH:
case DETECT_SM_LIST_HHDMATCH:
case DETECT_SM_LIST_NOTSET:
sm_list = DETECT_SM_LIST_PMATCH;
break;
+ default:
+ sm_list = parsed_sm_list;
+ break;
}
}
if (sm_list == -1)
}
#ifdef UNITTESTS /* UNITTESTS */
+static int g_file_data_buffer_id = 0;
/**
* \test DetectPcreParseTest01 make sure we don't allow invalid opts 7.
FAIL_IF (de_ctx->sig_list == NULL);
s = de_ctx->sig_list;
- FAIL_IF(s->sm_lists_tail[DETECT_SM_LIST_FILEDATA] == NULL);
+ FAIL_IF(s->sm_lists_tail[g_file_data_buffer_id] == NULL);
- FAIL_IF(s->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->type != DETECT_PCRE);
+ FAIL_IF(s->sm_lists_tail[g_file_data_buffer_id]->type != DETECT_PCRE);
- data = (DetectPcreData *)s->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
+ data = (DetectPcreData *)s->sm_lists_tail[g_file_data_buffer_id]->ctx;
FAIL_IF(data->flags & DETECT_PCRE_RAWBYTES ||
!(data->flags & DETECT_PCRE_RELATIVE));
FAIL_IF(de_ctx->sig_list == NULL);
s = de_ctx->sig_list;
- FAIL_IF(s->sm_lists_tail[DETECT_SM_LIST_FILEDATA] == NULL);
+ FAIL_IF(s->sm_lists_tail[g_file_data_buffer_id] == NULL);
- FAIL_IF(s->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->type != DETECT_PCRE);
+ FAIL_IF(s->sm_lists_tail[g_file_data_buffer_id]->type != DETECT_PCRE);
- data = (DetectPcreData *)s->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
+ data = (DetectPcreData *)s->sm_lists_tail[g_file_data_buffer_id]->ctx;
FAIL_IF(data->flags & DETECT_PCRE_RAWBYTES ||
!(data->flags & DETECT_PCRE_RELATIVE));
FAIL_IF(de_ctx->sig_list == NULL);
s = de_ctx->sig_list;
- FAIL_IF(s->sm_lists_tail[DETECT_SM_LIST_FILEDATA] == NULL);
+ FAIL_IF(s->sm_lists_tail[g_file_data_buffer_id] == NULL);
- FAIL_IF(s->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->type != DETECT_PCRE);
+ FAIL_IF(s->sm_lists_tail[g_file_data_buffer_id]->type != DETECT_PCRE);
- data = (DetectPcreData *)s->sm_lists_tail[DETECT_SM_LIST_FILEDATA]->ctx;
+ data = (DetectPcreData *)s->sm_lists_tail[g_file_data_buffer_id]->ctx;
FAIL_IF(data->flags & DETECT_PCRE_RAWBYTES ||
data->flags & DETECT_PCRE_RELATIVE);
void DetectPcreRegisterTests(void)
{
#ifdef UNITTESTS /* UNITTESTS */
+ g_file_data_buffer_id = DetectBufferTypeGetByName("file_data");
+
UtRegisterTest("DetectPcreParseTest01", DetectPcreParseTest01);
UtRegisterTest("DetectPcreParseTest02", DetectPcreParseTest02);
UtRegisterTest("DetectPcreParseTest03", DetectPcreParseTest03);
#ifdef UNITTESTS
/************************************Unittests*********************************/
+static int g_file_data_buffer_id = 0;
static int DetectPktDataTest01(void)
{
}
/* sm should be in the MATCH list */
- sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_FILEDATA];
+ sm = de_ctx->sig_list->sm_lists[g_file_data_buffer_id];
if (sm == NULL) {
- printf("sm not in DETECT_SM_LIST_FILEDATA: ");
+ printf("sm not in g_file_data_buffer_id: ");
goto end;
}
static void DetectPktDataTestRegister(void)
{
#ifdef UNITTESTS
+ g_file_data_buffer_id = DetectBufferTypeGetByName("file_data");
+
UtRegisterTest("DetectPktDataTest01", DetectPktDataTest01);
#endif
}
if (s->init_data->smlists[DETECT_SM_LIST_HCBDMATCH] != NULL)
return 0;
- if (s->init_data->smlists[DETECT_SM_LIST_FILEDATA] != NULL)
- return 0;
-
if (s->init_data->smlists[DETECT_SM_LIST_HHDMATCH] != NULL)
return 0;
if (s->init_data->smlists[DETECT_SM_LIST_HCBDMATCH] != NULL)
return 0;
- if (s->init_data->smlists[DETECT_SM_LIST_FILEDATA] != NULL)
- return 0;
-
if (s->init_data->smlists[DETECT_SM_LIST_HHDMATCH] != NULL)
return 0;
s->init_data->smlists[DETECT_SM_LIST_UMATCH] != NULL ||
s->init_data->smlists[DETECT_SM_LIST_AMATCH] != NULL ||
s->init_data->smlists[DETECT_SM_LIST_HCBDMATCH] != NULL ||
- s->init_data->smlists[DETECT_SM_LIST_FILEDATA] != NULL ||
s->init_data->smlists[DETECT_SM_LIST_HHDMATCH] != NULL ||
s->init_data->smlists[DETECT_SM_LIST_HRHDMATCH] != NULL ||
s->init_data->smlists[DETECT_SM_LIST_HMDMATCH] != NULL ||
SCLogDebug("sig requires http app state");
}
- if (s->init_data->smlists[DETECT_SM_LIST_FILEDATA] != NULL) {
- /* set the state depending from the protocol */
- if (s->alproto == ALPROTO_HTTP)
- s->mask |= SIG_MASK_REQUIRE_HTTP_STATE;
- else if (s->alproto == ALPROTO_SMTP)
- s->mask |= SIG_MASK_REQUIRE_SMTP_STATE;
-
- SCLogDebug("sig requires http or smtp app state");
- }
-
if (s->init_data->smlists[DETECT_SM_LIST_HHDMATCH] != NULL) {
s->mask |= SIG_MASK_REQUIRE_HTTP_STATE;
SCLogDebug("sig requires http app state");
DETECT_SM_LIST_HRUDMATCH,
/* list for http_client_body keyword and the ones relative to it */
DETECT_SM_LIST_HCBDMATCH,
- /* list for http_server_body keyword and the ones relative to it */
- DETECT_SM_LIST_FILEDATA,
/* list for http_header keyword and the ones relative to it */
DETECT_SM_LIST_HHDMATCH,
/* list for http_raw_header keyword and the ones relative to it */
projects / thirdparty / suricata.git / commitdiff
