#include "stream-tcp.h"
#include "detect-http-request-line.h"
-int DetectHttpRequestLineSetup(DetectEngineCtx *, Signature *, char *);
-void DetectHttpRequestLineRegisterTests(void);
-void DetectHttpRequestLineFree(void *);
+static int DetectHttpRequestLineSetup(DetectEngineCtx *, Signature *, char *);
+static void DetectHttpRequestLineRegisterTests(void);
static int PrefilterTxHttpRequestLineRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx);
static int DetectEngineInspectHttpRequestLine(ThreadVars *tv,
DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
const Signature *s, const SigMatchData *smd,
Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
+static void DetectHttpRequestLineSetupCallback(Signature *s);
+static int g_http_request_line_buffer_id = 0;
/**
* \brief Registers the keyword handlers for the "http_request_line" keyword.
sigmatch_table[DETECT_AL_HTTP_REQUEST_LINE].flags |= SIGMATCH_NOOPT;
sigmatch_table[DETECT_AL_HTTP_REQUEST_LINE].flags |= SIGMATCH_PAYLOAD ;
- DetectMpmAppLayerRegister("http_request_line", SIG_FLAG_TOSERVER,
- DETECT_SM_LIST_HTTP_REQLINEMATCH, 2,
+ DetectAppLayerMpmRegister("http_request_line", SIG_FLAG_TOSERVER, 2,
PrefilterTxHttpRequestLineRegister);
- DetectAppLayerInspectEngineRegister(ALPROTO_HTTP, SIG_FLAG_TOSERVER,
- DETECT_SM_LIST_HTTP_REQLINEMATCH,
+ DetectAppLayerInspectEngineRegister2("http_request_line",
+ ALPROTO_HTTP, SIG_FLAG_TOSERVER,
DetectEngineInspectHttpRequestLine);
- return;
+ DetectBufferTypeSetDescriptionByName("http_request_line",
+ "http request line");
+
+ DetectBufferTypeRegisterSetupCallback("http_request_line",
+ DetectHttpRequestLineSetupCallback);
+
+ g_http_request_line_buffer_id = DetectBufferTypeGetByName("http_request_line");
}
/**
* \retval 0 On success
* \retval -1 On failure
*/
-int DetectHttpRequestLineSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg)
+static int DetectHttpRequestLineSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg)
{
- s->init_data->list = DETECT_SM_LIST_HTTP_REQLINEMATCH;
+ s->init_data->list = g_http_request_line_buffer_id;
s->alproto = ALPROTO_HTTP;
return 0;
}
+static void DetectHttpRequestLineSetupCallback(Signature *s)
+{
+ SCLogDebug("callback invoked by %u", s->id);
+ s->mask |= SIG_MASK_REQUIRE_HTTP_STATE;
+}
+
/** \brief HTTP request line Mpm prefilter callback
*
* \param det_ctx detection engine thread ctx
#endif /* UNITTESTS */
-void DetectHttpRequestLineRegisterTests(void)
+static void DetectHttpRequestLineRegisterTests(void)
{
#ifdef UNITTESTS
UtRegisterTest("DetectHttpRequestLineTest01", DetectHttpRequestLineTest01);
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_HRHDMATCH);
else if (lua->flags & DATATYPE_HTTP_RESPONSE_COOKIE)
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_HCDMATCH);
- else
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_HTTP_REQLINEMATCH);
+ else {
+ int list = DetectBufferTypeGetByName("http_request_line");
+ SigMatchAppendSMToList(s, sm, list);
+ }
} else if (lua->alproto == ALPROTO_DNS) {
if (lua->flags & DATATYPE_DNS_RRNAME) {
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_DNSQUERYNAME_MATCH);
CASE_CODE_STRING(DETECT_SM_LIST_HMDMATCH, "http_method");
CASE_CODE_STRING(DETECT_SM_LIST_HCDMATCH, "http_cookie");
CASE_CODE_STRING(DETECT_SM_LIST_HUADMATCH, "http_user_agent");
- CASE_CODE_STRING(DETECT_SM_LIST_HTTP_REQLINEMATCH, "http_request_line");
CASE_CODE_STRING(DETECT_SM_LIST_HTTP_RESLINEMATCH, "http_response_line");
CASE_CODE_STRING(DETECT_SM_LIST_APP_EVENT, "app-layer-event");
CASE_CODE_STRING(DETECT_SM_LIST_AMATCH, "app-layer");
CASE_CODE(DETECT_SM_LIST_HMDMATCH);
CASE_CODE(DETECT_SM_LIST_HCDMATCH);
CASE_CODE(DETECT_SM_LIST_HUADMATCH);
- CASE_CODE(DETECT_SM_LIST_HTTP_REQLINEMATCH);
CASE_CODE(DETECT_SM_LIST_HTTP_RESLINEMATCH);
CASE_CODE(DETECT_SM_LIST_APP_EVENT);
CASE_CODE(DETECT_SM_LIST_AMATCH);
projects / thirdparty / suricata.git / commitdiff
