detect: remove AppLayerMatch API call

diff --git a/src/detect-bypass.c b/src/detect-bypass.c
index a92e2822796abde6610df39b9e3f1eed7329b5dc..6d77fbefa451a4f9287a4161f3a2d112adc15ac2 100644 (file)
--- a/src/detect-bypass.c
+++ b/src/detect-bypass.c
@@ -63,7 +63,6 @@ void DetectBypassRegister(void)
     sigmatch_table[DETECT_BYPASS].desc = "call the bypass callback when the match of a sig is complete";
     sigmatch_table[DETECT_BYPASS].url = "";
     sigmatch_table[DETECT_BYPASS].Match = DetectBypassMatch;
-    sigmatch_table[DETECT_BYPASS].AppLayerMatch = NULL;
     sigmatch_table[DETECT_BYPASS].Setup = DetectBypassSetup;
     sigmatch_table[DETECT_BYPASS].Free  = NULL;
     sigmatch_table[DETECT_BYPASS].RegisterTests = DetectBypassRegisterTests;

diff --git a/src/detect-byte-extract.c b/src/detect-byte-extract.c
index 1a7a0268cd2c50e5e1e1163948dfb5c58a8eed79..a6ab72a0169444a1d113674ed42c0caa18524bee 100644 (file)
--- a/src/detect-byte-extract.c
+++ b/src/detect-byte-extract.c
@@ -100,7 +100,6 @@ void DetectByteExtractRegister(void)
 {
     sigmatch_table[DETECT_BYTE_EXTRACT].name = "byte_extract";
     sigmatch_table[DETECT_BYTE_EXTRACT].Match = NULL;
-    sigmatch_table[DETECT_BYTE_EXTRACT].AppLayerMatch = NULL;
     sigmatch_table[DETECT_BYTE_EXTRACT].Setup = DetectByteExtractSetup;
     sigmatch_table[DETECT_BYTE_EXTRACT].Free = DetectByteExtractFree;
     sigmatch_table[DETECT_BYTE_EXTRACT].RegisterTests = DetectByteExtractRegisterTests;

diff --git a/src/detect-cipservice.c b/src/detect-cipservice.c
index 1074241d5a1c08e6b8a28b7542f0da7591cf94d8..6452ffaff622cf04e4a1cfee062c888c4d79d77d 100644 (file)
--- a/src/detect-cipservice.c
+++ b/src/detect-cipservice.c
@@ -53,7 +53,6 @@ void DetectCipServiceRegister(void)
     sigmatch_table[DETECT_CIPSERVICE].name = "cip_service"; //rule keyword
     sigmatch_table[DETECT_CIPSERVICE].desc = "Rules for detecting CIP Service ";
     sigmatch_table[DETECT_CIPSERVICE].Match = NULL;
-    sigmatch_table[DETECT_CIPSERVICE].AppLayerMatch = NULL;
     sigmatch_table[DETECT_CIPSERVICE].Setup = DetectCipServiceSetup;
     sigmatch_table[DETECT_CIPSERVICE].Free = DetectCipServiceFree;
     sigmatch_table[DETECT_CIPSERVICE].RegisterTests
@@ -315,7 +314,6 @@ void DetectEnipCommandRegister(void)
     sigmatch_table[DETECT_ENIPCOMMAND].desc
             = "Rules for detecting EtherNet/IP command";
     sigmatch_table[DETECT_ENIPCOMMAND].Match = NULL;
-    sigmatch_table[DETECT_ENIPCOMMAND].AppLayerMatch = NULL;
     sigmatch_table[DETECT_ENIPCOMMAND].Setup = DetectEnipCommandSetup;
     sigmatch_table[DETECT_ENIPCOMMAND].Free = DetectEnipCommandFree;
     sigmatch_table[DETECT_ENIPCOMMAND].RegisterTests

diff --git a/src/detect-dce-stub-data.c b/src/detect-dce-stub-data.c
index 68d944748a69d70351ed1a23c98a2cb91ad0887f..418ab8fcafe9a4fc4336b193281a76c1b1a8dd54 100644 (file)
--- a/src/detect-dce-stub-data.c
+++ b/src/detect-dce-stub-data.c
@@ -59,7 +59,6 @@ void DetectDceStubDataRegister(void)
 {
     sigmatch_table[DETECT_DCE_STUB_DATA].name = "dce_stub_data";
     sigmatch_table[DETECT_DCE_STUB_DATA].Match = NULL;
-    sigmatch_table[DETECT_DCE_STUB_DATA].AppLayerMatch = NULL;
     sigmatch_table[DETECT_DCE_STUB_DATA].Setup = DetectDceStubDataSetup;
     sigmatch_table[DETECT_DCE_STUB_DATA].Free  = NULL;
     sigmatch_table[DETECT_DCE_STUB_DATA].RegisterTests = DetectDceStubDataRegisterTests;

diff --git a/src/detect-dnp3.c b/src/detect-dnp3.c
index 438c38cb3a0a8df1fdb481ea6d164f2e1189f647..4fe63ecd226d53f3612b0db91667b5d49e2f91c2 100644 (file)
--- a/src/detect-dnp3.c
+++ b/src/detect-dnp3.c
@@ -482,7 +482,6 @@ static void DetectDNP3FuncRegister(void)
     sigmatch_table[DETECT_AL_DNP3FUNC].name          = "dnp3_func";
     sigmatch_table[DETECT_AL_DNP3FUNC].alias         = "dnp3.func";
     sigmatch_table[DETECT_AL_DNP3FUNC].Match         = NULL;
-    sigmatch_table[DETECT_AL_DNP3FUNC].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_DNP3FUNC].AppLayerTxMatch = DetectDNP3FuncMatch;
     sigmatch_table[DETECT_AL_DNP3FUNC].Setup         = DetectDNP3FuncSetup;
     sigmatch_table[DETECT_AL_DNP3FUNC].Free          = DetectDNP3Free;
@@ -499,7 +498,6 @@ static void DetectDNP3IndRegister(void)
     sigmatch_table[DETECT_AL_DNP3IND].name          = "dnp3_ind";
     sigmatch_table[DETECT_AL_DNP3IND].alias         = "dnp3.ind";
     sigmatch_table[DETECT_AL_DNP3IND].Match         = NULL;
-    sigmatch_table[DETECT_AL_DNP3IND].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_DNP3IND].AppLayerTxMatch = DetectDNP3IndMatch;
     sigmatch_table[DETECT_AL_DNP3IND].Setup         = DetectDNP3IndSetup;
     sigmatch_table[DETECT_AL_DNP3IND].Free          = DetectDNP3Free;
@@ -516,7 +514,6 @@ static void DetectDNP3ObjRegister(void)
     sigmatch_table[DETECT_AL_DNP3OBJ].name          = "dnp3_obj";
     sigmatch_table[DETECT_AL_DNP3OBJ].alias         = "dnp3.obj";
     sigmatch_table[DETECT_AL_DNP3OBJ].Match         = NULL;
-    sigmatch_table[DETECT_AL_DNP3OBJ].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_DNP3OBJ].AppLayerTxMatch = DetectDNP3ObjMatch;
     sigmatch_table[DETECT_AL_DNP3OBJ].Setup         = DetectDNP3ObjSetup;
     sigmatch_table[DETECT_AL_DNP3OBJ].Free          = DetectDNP3Free;
@@ -540,7 +537,6 @@ static void DetectDNP3DataRegister(void)
 
     sigmatch_table[DETECT_AL_DNP3DATA].name          = "dnp3_data";
     sigmatch_table[DETECT_AL_DNP3DATA].Match         = NULL;
-    sigmatch_table[DETECT_AL_DNP3DATA].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_DNP3DATA].Setup         = DetectDNP3DataSetup;
     sigmatch_table[DETECT_AL_DNP3DATA].Free          = NULL;
     sigmatch_table[DETECT_AL_DNP3DATA].RegisterTests =

diff --git a/src/detect-dns-query.c b/src/detect-dns-query.c
index c8f9690b47b1971119e2172fad5a7352b8d4934e..815d0059226df259aa662de78db684abdb26d834 100644 (file)
--- a/src/detect-dns-query.c
+++ b/src/detect-dns-query.c
@@ -70,7 +70,6 @@ void DetectDnsQueryRegister (void)
     sigmatch_table[DETECT_AL_DNS_QUERY].name = "dns_query";
     sigmatch_table[DETECT_AL_DNS_QUERY].desc = "content modifier to match specifically and only on the DNS query-buffer";
     sigmatch_table[DETECT_AL_DNS_QUERY].Match = NULL;
-    sigmatch_table[DETECT_AL_DNS_QUERY].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_DNS_QUERY].Setup = DetectDnsQuerySetup;
     sigmatch_table[DETECT_AL_DNS_QUERY].Free  = NULL;
     sigmatch_table[DETECT_AL_DNS_QUERY].RegisterTests = DetectDnsQueryRegisterTests;

diff --git a/src/detect-engine-state.c b/src/detect-engine-state.c
index 18d97d08a889c7c37b6d8e33422d205ec202f87c..c182abde01b167b362dd3b6290da6b6f8c47e0bb 100644 (file)
--- a/src/detect-engine-state.c
+++ b/src/detect-engine-state.c
@@ -635,57 +635,18 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
         }
     }
 
-    int amatch = 0;
-    /* flow based matches */
-    KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_AMATCH);
-    smd = s->sm_arrays[DETECT_SM_LIST_AMATCH];
-    if (smd != NULL) {
-        void *alstate = FlowGetAppState(f);
-        if (alstate == NULL) {
-            goto end;
-        }
-
-        while (1) {
-            if (sigmatch_table[smd->type].AppLayerMatch != NULL) {
-                int match = 0;
-                KEYWORD_PROFILING_START;
-                match = sigmatch_table[smd->type].
-                    AppLayerMatch(tv, det_ctx, f, flags, alstate, s, smd);
-                KEYWORD_PROFILING_END(det_ctx, smd->type, (match == 1));
-
-                if (match == 0) {
-                    break;
-                } else if (match == 2) {
-                    inspect_flags |= DE_STATE_FLAG_SIG_CANT_MATCH;
-                    break;
-                } else if (match == 1 && smd->is_last) {
-                    amatch = 1;
-                }
-            }
-            if (smd->is_last)
-                break;
-            smd++;
-        }
-    }
-
     /* if AMATCH and/or DMATCH are in use, see if we need to
      * alert and store the state */
-    if ((s->sm_arrays[DETECT_SM_LIST_AMATCH] != NULL ||
-         s->sm_arrays[DETECT_SM_LIST_DMATCH] != NULL))
+    if (s->sm_arrays[DETECT_SM_LIST_DMATCH] != NULL)
     {
-        /* if dmatch in use and match + amatch in use and match
-           or
-           if dmatch in use and match + amatch not in use
-           or
-           if dmatch not in use + amatch in use and match
+        /* if dmatch in use and match
            or
            sig can't match
          */
         if (inspect_flags & DE_STATE_FLAG_SIG_CANT_MATCH) {
             inspect_flags |= DE_STATE_FLAG_FULL_INSPECT;
         } else {
-            if ((amatch || s->sm_arrays[DETECT_SM_LIST_AMATCH] == NULL) &&
-                (dmatch || s->sm_arrays[DETECT_SM_LIST_DMATCH] == NULL))
+            if (dmatch || s->sm_arrays[DETECT_SM_LIST_DMATCH] == NULL)
             {
                 if (!(s->flags & SIG_FLAG_NOALERT)) {
                     PacketAlertAppend(det_ctx, s, p, 0,
@@ -936,45 +897,6 @@ static int DoInspectFlowRule(ThreadVars *tv,
 
     RULE_PROFILING_START(p);
 
-    KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_AMATCH);
-    if (item->nm != NULL) {
-        void *alstate = FlowGetAppState(f);
-        if (alstate == NULL) {
-            RULE_PROFILING_END(det_ctx, s, 0 /* no match */, p);
-            return -1;
-        }
-
-        smd = item->nm;
-        while(1) {
-            if (sigmatch_table[smd->type].AppLayerMatch != NULL) {
-                int match = 0;
-                KEYWORD_PROFILING_START;
-                match = sigmatch_table[smd->type].
-                    AppLayerMatch(tv, det_ctx, f, flags, alstate, s, smd);
-                KEYWORD_PROFILING_END(det_ctx, smd->type, (match == 1));
-
-                if (match == 0)
-                    break;
-                else if (match == 2) {
-                    inspect_flags |= DE_STATE_FLAG_SIG_CANT_MATCH;
-                    break;
-                }
-                else if (match == 1) {
-                    total_matches++;
-
-                    if (smd->is_last)
-                        full_match = 1;
-                }
-            }
-            if (smd->is_last)
-                break;
-            smd++;
-        }
-    } else {
-        /* AMATCH isn't there */
-        full_match = 1;
-    }
-
     /* DCERPC matches */
     if (s->sm_arrays[DETECT_SM_LIST_DMATCH] != NULL &&
             (alproto == ALPROTO_DCERPC || alproto == ALPROTO_SMB ||
@@ -993,7 +915,7 @@ static int DoInspectFlowRule(ThreadVars *tv,
         }
     }
     /* update full_match with DMATCH result */
-    if (full_match && s->sm_arrays[DETECT_SM_LIST_DMATCH] != NULL) {
+    if (s->sm_arrays[DETECT_SM_LIST_DMATCH] != NULL) {
         full_match = ((inspect_flags & DE_STATE_FLAG_DCE_PAYLOAD_INSPECT) != 0);
     }
 

diff --git a/src/detect-file-data.c b/src/detect-file-data.c
index ef245f91520ab220a7d0a249569b8f49b87981e9..da9a011bc7ed3cb795aa0b5990c39b8c82f3a7a1 100644 (file)
--- a/src/detect-file-data.c
+++ b/src/detect-file-data.c
@@ -60,7 +60,6 @@ void DetectFiledataRegister(void)
     sigmatch_table[DETECT_FILE_DATA].desc = "make content keywords match on HTTP response body";
     sigmatch_table[DETECT_FILE_DATA].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#file-data";
     sigmatch_table[DETECT_FILE_DATA].Match = NULL;
-    sigmatch_table[DETECT_FILE_DATA].AppLayerMatch = NULL;
     sigmatch_table[DETECT_FILE_DATA].Setup = DetectFiledataSetup;
     sigmatch_table[DETECT_FILE_DATA].Free  = NULL;
     sigmatch_table[DETECT_FILE_DATA].RegisterTests = DetectFiledataRegisterTests;

diff --git a/src/detect-http-client-body.c b/src/detect-http-client-body.c
index 2273aefbaefd13bbce2e14467a5e48d147b325e1..a158e137b76b7d20bd9da7142adc380a41f1b25b 100644 (file)
--- a/src/detect-http-client-body.c
+++ b/src/detect-http-client-body.c
@@ -73,7 +73,6 @@ void DetectHttpClientBodyRegister(void)
     sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].desc = "content modifier to match only on HTTP request-body";
     sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http_client-body";
     sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].Match = NULL;
-    sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].Setup = DetectHttpClientBodySetup;
     sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].Free  = DetectHttpClientBodyFree;
     sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].RegisterTests = DetectHttpClientBodyRegisterTests;

diff --git a/src/detect-http-cookie.c b/src/detect-http-cookie.c
index 2b0baeaa21b972cf0b3124b703bf02cb7150fb79..3b9eff786cde92e952d08688997d77fbeb9c61a6 100644 (file)
--- a/src/detect-http-cookie.c
+++ b/src/detect-http-cookie.c
@@ -76,7 +76,6 @@ void DetectHttpCookieRegister(void)
     sigmatch_table[DETECT_AL_HTTP_COOKIE].desc = "content modifier to match only on the HTTP cookie-buffer";
     sigmatch_table[DETECT_AL_HTTP_COOKIE].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http-cookie";
     sigmatch_table[DETECT_AL_HTTP_COOKIE].Match = NULL;
-    sigmatch_table[DETECT_AL_HTTP_COOKIE].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_HTTP_COOKIE].Setup = DetectHttpCookieSetup;
     sigmatch_table[DETECT_AL_HTTP_COOKIE].Free  = DetectHttpCookieFree;
     sigmatch_table[DETECT_AL_HTTP_COOKIE].RegisterTests = DetectHttpCookieRegisterTests;

diff --git a/src/detect-http-hh.c b/src/detect-http-hh.c
index 7c943d07d64c4fdffacb9a010e6abc5c983d2ac6..758b978a6fb6704e09b75ae7a1d5095986ba56a5 100644 (file)
--- a/src/detect-http-hh.c
+++ b/src/detect-http-hh.c
@@ -74,7 +74,6 @@ void DetectHttpHHRegister(void)
     sigmatch_table[DETECT_AL_HTTP_HOST].name = "http_host";
     sigmatch_table[DETECT_AL_HTTP_HOST].desc = "content modifier to match only on the HTTP hostname";
     sigmatch_table[DETECT_AL_HTTP_HOST].Match = NULL;
-    sigmatch_table[DETECT_AL_HTTP_HOST].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_HTTP_HOST].Setup = DetectHttpHHSetup;
     sigmatch_table[DETECT_AL_HTTP_HOST].Free  = DetectHttpHHFree;
     sigmatch_table[DETECT_AL_HTTP_HOST].RegisterTests = DetectHttpHHRegisterTests;

diff --git a/src/detect-http-hrh.c b/src/detect-http-hrh.c
index 92f504e5667678093ae0a0f04c430780b0926218..8b3620a48be2f7aad33508c631313c3b79ab7fc1 100644 (file)
--- a/src/detect-http-hrh.c
+++ b/src/detect-http-hrh.c
@@ -73,7 +73,6 @@ void DetectHttpHRHRegister(void)
     sigmatch_table[DETECT_AL_HTTP_RAW_HOST].name = "http_raw_host";
     sigmatch_table[DETECT_AL_HTTP_RAW_HOST].desc = "content modifier to match only on the HTTP host header or the raw hostname from the HTTP uri";
     sigmatch_table[DETECT_AL_HTTP_RAW_HOST].Match = NULL;
-    sigmatch_table[DETECT_AL_HTTP_RAW_HOST].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_HTTP_RAW_HOST].Setup = DetectHttpHRHSetup;
     sigmatch_table[DETECT_AL_HTTP_RAW_HOST].Free  = DetectHttpHRHFree;
     sigmatch_table[DETECT_AL_HTTP_RAW_HOST].RegisterTests = DetectHttpHRHRegisterTests;

diff --git a/src/detect-http-method.c b/src/detect-http-method.c
index 0cf00f9bcdc479e66ab4efab2d72b50a82796b2a..a4b0feb749d05b454d0aae2691f04d2cd5029155 100644 (file)
--- a/src/detect-http-method.c
+++ b/src/detect-http-method.c
@@ -76,7 +76,6 @@ void DetectHttpMethodRegister(void)
     sigmatch_table[DETECT_AL_HTTP_METHOD].desc = "content modifier to match only on the HTTP method-buffer";
     sigmatch_table[DETECT_AL_HTTP_METHOD].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http-method";
     sigmatch_table[DETECT_AL_HTTP_METHOD].Match = NULL;
-    sigmatch_table[DETECT_AL_HTTP_METHOD].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_HTTP_METHOD].Setup = DetectHttpMethodSetup;
     sigmatch_table[DETECT_AL_HTTP_METHOD].Free  = DetectHttpMethodFree;
     sigmatch_table[DETECT_AL_HTTP_METHOD].RegisterTests = DetectHttpMethodRegisterTests;

diff --git a/src/detect-http-raw-header.c b/src/detect-http-raw-header.c
index 35b9d3ad62863640ffd238111daaf26f00bb5a9f..8b2b394cab02b49f202497e6eccd4a9279cfdac0 100644 (file)
--- a/src/detect-http-raw-header.c
+++ b/src/detect-http-raw-header.c
@@ -74,7 +74,6 @@ void DetectHttpRawHeaderRegister(void)
 {
     sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].name = "http_raw_header";
     sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].Match = NULL;
-    sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].Setup = DetectHttpRawHeaderSetup;
     sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].Free  = DetectHttpRawHeaderFree;
     sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].RegisterTests = DetectHttpRawHeaderRegisterTests;

diff --git a/src/detect-http-raw-uri.c b/src/detect-http-raw-uri.c
index 080586e428b7102d26b44cb524903822c532a70e..367be1d595adec47a258e564a93012cd237acb8d 100644 (file)
--- a/src/detect-http-raw-uri.c
+++ b/src/detect-http-raw-uri.c
@@ -69,7 +69,6 @@ void DetectHttpRawUriRegister(void)
     sigmatch_table[DETECT_AL_HTTP_RAW_URI].desc = "content modifier to match on HTTP uri";
     sigmatch_table[DETECT_AL_HTTP_RAW_URI].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http_uri-and-http_raw-uri";
     sigmatch_table[DETECT_AL_HTTP_RAW_URI].Match = NULL;
-    sigmatch_table[DETECT_AL_HTTP_RAW_URI].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_HTTP_RAW_URI].Setup = DetectHttpRawUriSetup;
     sigmatch_table[DETECT_AL_HTTP_RAW_URI].Free = NULL;
     sigmatch_table[DETECT_AL_HTTP_RAW_URI].RegisterTests = DetectHttpRawUriRegisterTests;

diff --git a/src/detect-http-request-line.c b/src/detect-http-request-line.c
index 7c8cd3082e7e38bfe9cf700bb7541938e1215ca5..4fb495f3efecfbe0da2a9bae6f380f7ae128d57c 100644 (file)
--- a/src/detect-http-request-line.c
+++ b/src/detect-http-request-line.c
@@ -79,7 +79,6 @@ void DetectHttpRequestLineRegister(void)
     sigmatch_table[DETECT_AL_HTTP_REQUEST_LINE].desc = "content modifier to match only on the HTTP request line";
     sigmatch_table[DETECT_AL_HTTP_REQUEST_LINE].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http_request-line";
     sigmatch_table[DETECT_AL_HTTP_REQUEST_LINE].Match = NULL;
-    sigmatch_table[DETECT_AL_HTTP_REQUEST_LINE].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_HTTP_REQUEST_LINE].Setup = DetectHttpRequestLineSetup;
     sigmatch_table[DETECT_AL_HTTP_REQUEST_LINE].RegisterTests = DetectHttpRequestLineRegisterTests;
 

diff --git a/src/detect-http-response-line.c b/src/detect-http-response-line.c
index f7dd062faae75b7a7b0347449dbeb2c1c660928b..e9b573b07c30a46565a13202153444bc4df37cb9 100644 (file)
--- a/src/detect-http-response-line.c
+++ b/src/detect-http-response-line.c
@@ -79,7 +79,6 @@ void DetectHttpResponseLineRegister(void)
     sigmatch_table[DETECT_AL_HTTP_RESPONSE_LINE].desc = "content modifier to match only on the HTTP response line";
     sigmatch_table[DETECT_AL_HTTP_RESPONSE_LINE].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http_response-line";
     sigmatch_table[DETECT_AL_HTTP_RESPONSE_LINE].Match = NULL;
-    sigmatch_table[DETECT_AL_HTTP_RESPONSE_LINE].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_HTTP_RESPONSE_LINE].Setup = DetectHttpResponseLineSetup;
     sigmatch_table[DETECT_AL_HTTP_RESPONSE_LINE].RegisterTests = DetectHttpResponseLineRegisterTests;
 

diff --git a/src/detect-http-server-body.c b/src/detect-http-server-body.c
index b2157d8fefc1d73a212e57ddaf35cb699a53ff30..eb6f02d31eebabdd6a4cf86c257a44a1759e160c 100644 (file)
--- a/src/detect-http-server-body.c
+++ b/src/detect-http-server-body.c
@@ -74,7 +74,6 @@ void DetectHttpServerBodyRegister(void)
     sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].desc = "content modifier to match only on the HTTP response-body";
     sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http_server-body";
     sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].Match = NULL;
-    sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].Setup = DetectHttpServerBodySetup;
     sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].Free  = DetectHttpServerBodyFree;
     sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].RegisterTests = DetectHttpServerBodyRegisterTests;

diff --git a/src/detect-http-stat-code.c b/src/detect-http-stat-code.c
index 938ce6e5f98ebfdf9afbb13f784997ba5681bd94..308ef9a46fb8ccb3f29082830576ebb0bfba00b8 100644 (file)
--- a/src/detect-http-stat-code.c
+++ b/src/detect-http-stat-code.c
@@ -77,7 +77,6 @@ void DetectHttpStatCodeRegister (void)
     sigmatch_table[DETECT_AL_HTTP_STAT_CODE].desc = "content modifier to match only on HTTP stat-code-buffer";
     sigmatch_table[DETECT_AL_HTTP_STAT_CODE].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http_stat-code";
     sigmatch_table[DETECT_AL_HTTP_STAT_CODE].Match = NULL;
-    sigmatch_table[DETECT_AL_HTTP_STAT_CODE].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_HTTP_STAT_CODE].Setup = DetectHttpStatCodeSetup;
     sigmatch_table[DETECT_AL_HTTP_STAT_CODE].Free  = NULL;
     sigmatch_table[DETECT_AL_HTTP_STAT_CODE].RegisterTests = DetectHttpStatCodeRegisterTests;

diff --git a/src/detect-http-stat-msg.c b/src/detect-http-stat-msg.c
index 57dffbf8072163c485274a8ce7fa0f8457e0b4c9..631fb46ab19ec1e346a83ed7cc7fb9117f37402b 100644 (file)
--- a/src/detect-http-stat-msg.c
+++ b/src/detect-http-stat-msg.c
@@ -77,7 +77,6 @@ void DetectHttpStatMsgRegister (void)
     sigmatch_table[DETECT_AL_HTTP_STAT_MSG].desc = "content modifier to match on HTTP stat-msg-buffer";
     sigmatch_table[DETECT_AL_HTTP_STAT_MSG].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http_stat-msg";
     sigmatch_table[DETECT_AL_HTTP_STAT_MSG].Match = NULL;
-    sigmatch_table[DETECT_AL_HTTP_STAT_MSG].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_HTTP_STAT_MSG].Setup = DetectHttpStatMsgSetup;
     sigmatch_table[DETECT_AL_HTTP_STAT_MSG].Free  = NULL;
     sigmatch_table[DETECT_AL_HTTP_STAT_MSG].RegisterTests = DetectHttpStatMsgRegisterTests;

diff --git a/src/detect-http-ua.c b/src/detect-http-ua.c
index b154806f39ef82ab2dd67caf3943c349ac44a10e..9a6df63ae1e7837cdcfc2c29f9e03afa3cb50ddc 100644 (file)
--- a/src/detect-http-ua.c
+++ b/src/detect-http-ua.c
@@ -74,7 +74,6 @@ void DetectHttpUARegister(void)
     sigmatch_table[DETECT_AL_HTTP_USER_AGENT].desc = "content modifier to match only on the HTTP User-Agent header";
     sigmatch_table[DETECT_AL_HTTP_USER_AGENT].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http_user-agent";
     sigmatch_table[DETECT_AL_HTTP_USER_AGENT].Match = NULL;
-    sigmatch_table[DETECT_AL_HTTP_USER_AGENT].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_HTTP_USER_AGENT].Setup = DetectHttpUASetup;
     sigmatch_table[DETECT_AL_HTTP_USER_AGENT].Free  = DetectHttpUAFree;
     sigmatch_table[DETECT_AL_HTTP_USER_AGENT].RegisterTests = DetectHttpUARegisterTests;

diff --git a/src/detect-http-uri.c b/src/detect-http-uri.c
index 3ae8f866eb5048579ea00266bfe7e3209c791c76..67714f884825de8a8549d843dd95ea3b5858ebc8 100644 (file)
--- a/src/detect-http-uri.c
+++ b/src/detect-http-uri.c
@@ -70,7 +70,6 @@ void DetectHttpUriRegister (void)
     sigmatch_table[DETECT_AL_HTTP_URI].desc = "content modifier to match specifically and only on the HTTP uri-buffer";
     sigmatch_table[DETECT_AL_HTTP_URI].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http_uri-and-http_raw-uri";
     sigmatch_table[DETECT_AL_HTTP_URI].Match = NULL;
-    sigmatch_table[DETECT_AL_HTTP_URI].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_HTTP_URI].Setup = DetectHttpUriSetup;
     sigmatch_table[DETECT_AL_HTTP_URI].Free  = NULL;
     sigmatch_table[DETECT_AL_HTTP_URI].RegisterTests = DetectHttpUriRegisterTests;

diff --git a/src/detect-lua.c b/src/detect-lua.c
index 8c9a4070ff2d769b00828c7e10d5b9a824a6b0cd..87d3e55f9b9a66d43873aa02770e225fe37cbb4a 100644 (file)
--- a/src/detect-lua.c
+++ b/src/detect-lua.c
@@ -89,8 +89,6 @@ void DetectLuaRegister(void)
 
 static int DetectLuaMatch (ThreadVars *, DetectEngineThreadCtx *,
         Packet *, const Signature *, const SigMatchCtx *);
-static int DetectLuaAppMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
-        Flow *f, uint8_t flags, void *state, const Signature *s, const SigMatchData *m);
 static int DetectLuaAppTxMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
                                 Flow *f, uint8_t flags,
                                 void *state, void *txv, const Signature *s,
@@ -116,7 +114,6 @@ void DetectLuaRegister(void)
     sigmatch_table[DETECT_LUA].desc = "match via a lua script";
     sigmatch_table[DETECT_LUA].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Lua_scripting";
     sigmatch_table[DETECT_LUA].Match = DetectLuaMatch;
-    sigmatch_table[DETECT_LUA].AppLayerMatch = DetectLuaAppMatch;
     sigmatch_table[DETECT_LUA].AppLayerTxMatch = DetectLuaAppTxMatch;
     sigmatch_table[DETECT_LUA].Setup = DetectLuaSetup;
     sigmatch_table[DETECT_LUA].Free  = DetectLuaFree;
@@ -551,24 +548,6 @@ static int DetectLuaAppMatchCommon (ThreadVars *t, DetectEngineThreadCtx *det_ct
     SCReturnInt(ret);
 }
 
-/**
- * \brief match the specified lua script in AMATCH
- *
- * \param t thread local vars
- * \param det_ctx pattern matcher thread local data
- * \param s signature being inspected
- * \param m sigmatch that we will cast into DetectLuaData
- *
- * \retval 0 no match
- * \retval 1 match
- */
-static int DetectLuaAppMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
-        Flow *f, uint8_t flags, void *state,
-        const Signature *s, const SigMatchData *m)
-{
-    return DetectLuaAppMatchCommon(t, det_ctx, f, flags, state, s, m->ctx);
-}
-
 /**
  * \brief match the specified lua script in a list with a tx
  *

diff --git a/src/detect-modbus.c b/src/detect-modbus.c
index 56717c475cda8bb90d701dba15a679a938c2d82f..19518e28261c5c680b536f6a4398329ffe2a37df 100644 (file)
--- a/src/detect-modbus.c
+++ b/src/detect-modbus.c
@@ -407,7 +407,6 @@ void DetectModbusRegister(void)
     SCEnter();
     sigmatch_table[DETECT_AL_MODBUS].name          = "modbus";
     sigmatch_table[DETECT_AL_MODBUS].Match         = NULL;
-    sigmatch_table[DETECT_AL_MODBUS].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_MODBUS].Setup         = DetectModbusSetup;
     sigmatch_table[DETECT_AL_MODBUS].Free          = DetectModbusFree;
     sigmatch_table[DETECT_AL_MODBUS].RegisterTests = DetectModbusRegisterTests;

diff --git a/src/detect-pcre.c b/src/detect-pcre.c
index 29106304cc7c09bc93bde83dca2cc402f6f6e218..e531d6a2cbffa20cabb30ca5f55f7d069aa75d32 100644 (file)
--- a/src/detect-pcre.c
+++ b/src/detect-pcre.c
@@ -90,7 +90,6 @@ void DetectPcreRegister (void)
     sigmatch_table[DETECT_PCRE].desc = "match on regular expression";
     sigmatch_table[DETECT_PCRE].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#pcre-perl-compatible-regular-expressions";
     sigmatch_table[DETECT_PCRE].Match = NULL;
-    sigmatch_table[DETECT_PCRE].AppLayerMatch = NULL;
     sigmatch_table[DETECT_PCRE].Setup = DetectPcreSetup;
     sigmatch_table[DETECT_PCRE].Free  = DetectPcreFree;
     sigmatch_table[DETECT_PCRE].RegisterTests  = DetectPcreRegisterTests;

diff --git a/src/detect-pkt-data.c b/src/detect-pkt-data.c
index 8f740636bc96f62e26b4e4cb7fdf22facb6d0e7e..4bdc3b3315413f14aaff18424b44f57527cd1546 100644 (file)
--- a/src/detect-pkt-data.c
+++ b/src/detect-pkt-data.c
@@ -53,7 +53,6 @@ void DetectPktDataRegister(void)
 {
     sigmatch_table[DETECT_PKT_DATA].name = "pkt_data";
     sigmatch_table[DETECT_PKT_DATA].Match = NULL;
-    sigmatch_table[DETECT_PKT_DATA].AppLayerMatch = NULL;
     sigmatch_table[DETECT_PKT_DATA].Setup = DetectPktDataSetup;
     sigmatch_table[DETECT_PKT_DATA].Free  = NULL;
     sigmatch_table[DETECT_PKT_DATA].RegisterTests = DetectPktDataTestRegister;

diff --git a/src/detect-tls-cert-issuer.c b/src/detect-tls-cert-issuer.c
index 5928e442c05725af7e8c39f77c78de8b36dfbd13..f918b301dbbd5103ee3e1e681f00680f95af1481 100644 (file)
--- a/src/detect-tls-cert-issuer.c
+++ b/src/detect-tls-cert-issuer.c
@@ -66,7 +66,6 @@ void DetectTlsIssuerRegister(void)
     sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].desc = "content modifier to match specifically and only on the TLS cert issuer buffer";
     sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].url = DOC_URL DOC_VERSION "/rules/tls-keywords.html#tls-cert-issuer";
     sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].Match = NULL;
-    sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].Setup = DetectTlsIssuerSetup;
     sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].Free  = NULL;
     sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].RegisterTests = DetectTlsIssuerRegisterTests;

diff --git a/src/detect-tls-cert-subject.c b/src/detect-tls-cert-subject.c
index 8c4936bbd381e237c09670a37511dd84964198f4..affea07ea7b6d3c152bb33a1adab5fd3cdc85a3e 100644 (file)
--- a/src/detect-tls-cert-subject.c
+++ b/src/detect-tls-cert-subject.c
@@ -66,7 +66,6 @@ void DetectTlsSubjectRegister(void)
     sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].desc = "content modifier to match specifically and only on the TLS cert subject buffer";
     sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].url = DOC_URL DOC_VERSION "/rules/tls-keywords.html#tls-cert-subject";
     sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].Match = NULL;
-    sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].Setup = DetectTlsSubjectSetup;
     sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].Free  = NULL;
     sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].RegisterTests = DetectTlsSubjectRegisterTests;

diff --git a/src/detect-tls-sni.c b/src/detect-tls-sni.c
index 8d3f8333f2a13577e168b36a6036f8f9b0b4860b..a87f0a6e7ef1ad1f05eafb02f89e007c7442550f 100644 (file)
--- a/src/detect-tls-sni.c
+++ b/src/detect-tls-sni.c
@@ -66,7 +66,6 @@ void DetectTlsSniRegister(void)
     sigmatch_table[DETECT_AL_TLS_SNI].desc = "content modifier to match specifically and only on the TLS SNI buffer";
     sigmatch_table[DETECT_AL_TLS_SNI].url = DOC_URL DOC_VERSION "/rules/tls-keywords.html#tls-sni";
     sigmatch_table[DETECT_AL_TLS_SNI].Match = NULL;
-    sigmatch_table[DETECT_AL_TLS_SNI].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_TLS_SNI].Setup = DetectTlsSniSetup;
     sigmatch_table[DETECT_AL_TLS_SNI].Free  = NULL;
     sigmatch_table[DETECT_AL_TLS_SNI].RegisterTests = DetectTlsSniRegisterTests;

diff --git a/src/detect-uricontent.c b/src/detect-uricontent.c
index 719340e753873ca8e2dca0ffbf3e3482ff510954..dc77cc9e694ce14f8111229faa45db7f8af6522f 100644 (file)
--- a/src/detect-uricontent.c
+++ b/src/detect-uricontent.c
@@ -69,7 +69,6 @@ static int g_http_uri_buffer_id = 0;
 void DetectUricontentRegister (void)
 {
     sigmatch_table[DETECT_URICONTENT].name = "uricontent";
-    sigmatch_table[DETECT_URICONTENT].AppLayerMatch = NULL;
     sigmatch_table[DETECT_URICONTENT].Match = NULL;
     sigmatch_table[DETECT_URICONTENT].Setup = DetectUricontentSetup;
     sigmatch_table[DETECT_URICONTENT].Free  = DetectUricontentFree;

diff --git a/src/detect-urilen.c b/src/detect-urilen.c
index 02e29395ba93ac12d4dc314a31a578a237082e2a..4e65d0b8313beb94b31123b33397d71e372d5ab1 100644 (file)
--- a/src/detect-urilen.c
+++ b/src/detect-urilen.c
@@ -67,7 +67,6 @@ void DetectUrilenRegister(void)
     sigmatch_table[DETECT_AL_URILEN].desc = "match on the length of the HTTP uri";
     sigmatch_table[DETECT_AL_URILEN].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#urilen";
     sigmatch_table[DETECT_AL_URILEN].Match = NULL;
-    sigmatch_table[DETECT_AL_URILEN].AppLayerMatch = NULL /**< We handle this at detect-engine-uri.c now */;
     sigmatch_table[DETECT_AL_URILEN].Setup = DetectUrilenSetup;
     sigmatch_table[DETECT_AL_URILEN].Free = DetectUrilenFree;
     sigmatch_table[DETECT_AL_URILEN].RegisterTests = DetectUrilenRegisterTests;

diff --git a/src/detect.h b/src/detect.h
index 3800e75296d2fd4cf750384b0f33a0effa93c195..f448f7163a10602c2a650b8921d05765209f9f85 100644 (file)
--- a/src/detect.h
+++ b/src/detect.h
@@ -924,11 +924,6 @@ typedef struct SigTableElmt_ {
     /** Packet match function pointer */
     int (*Match)(ThreadVars *, DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *);
 
-    /** AppLayer match function  pointer */
-    int (*AppLayerMatch)(ThreadVars *, DetectEngineThreadCtx *,
-            Flow *, uint8_t flags, void *alstate,
-            const Signature *, const SigMatchData *);
-
     /** AppLayer TX match function pointer */
     int (*AppLayerTxMatch)(ThreadVars *, DetectEngineThreadCtx *, Flow *,
             uint8_t flags, void *alstate, void *txv,