detect: Improve rule keyword alproto registration

1. Set WARN_UNUSED macro on DetectSignatureSetAppProto.
2. Replace all direct 'sets' of Signature::alproto from keyword registration.

Closes redmine ticket #3006.

diff --git a/src/detect-byte-extract.c b/src/detect-byte-extract.c
index 157f26aaaa495f6982a99a4b46c8ff5c358f5667..2936170c370c32dbd83691d39eb637b544af7f3d 100644 (file)
--- a/src/detect-byte-extract.c
+++ b/src/detect-byte-extract.c
@@ -538,7 +538,8 @@ static int DetectByteExtractSetup(DetectEngineCtx *de_ctx, Signature *s, const c
             sm_list = DETECT_SM_LIST_PMATCH;
         }
 
-        s->alproto = ALPROTO_DCERPC;
+        if (DetectSignatureSetAppProto(s, ALPROTO_DCERPC) < 0)
+            goto error;
         s->flags |= SIG_FLAG_APPLAYER;
 
     } else if (data->flags & DETECT_BYTE_EXTRACT_FLAG_RELATIVE) {

diff --git a/src/detect-bytejump.c b/src/detect-bytejump.c
index a64b8f81f1cc63280562cbef6c99be784e3db0fb..bd9dbe182aab2a075694d8d27d750803433e12e5 100644 (file)
--- a/src/detect-bytejump.c
+++ b/src/detect-bytejump.c
@@ -817,7 +817,10 @@ static int DetectBytejumpTestParse09(void)
 
     int result = 1;
 
-    s->alproto = ALPROTO_DCERPC;
+    if (DetectSignatureSetAppProto(s, ALPROTO_DCERPC) < 0) {
+        SigFree(s);
+        return 0;
+    }
 
     result &= (DetectBytejumpSetup(NULL, s, "4,0, align, multiplier 2, "
                                    "post_offset -16,dce") == 0);

diff --git a/src/detect-bytetest.c b/src/detect-bytetest.c
index e205a9f3fc0b3c282ea2dc44b74a9ebf6de620c9..d536c06896f8d5e04a8ba16500536892823129df 100644 (file)
--- a/src/detect-bytetest.c
+++ b/src/detect-bytetest.c
@@ -982,7 +982,10 @@ static int DetectBytetestTestParse19(void)
 
     int result = 1;
 
-    s->alproto = ALPROTO_DCERPC;
+    if (DetectSignatureSetAppProto(s, ALPROTO_DCERPC) < 0) {
+        SigFree(s);
+        return 0;
+    }
 
     result &= (DetectBytetestSetup(NULL, s, "1,=,1,6,dce") == 0);
     result &= (DetectBytetestSetup(NULL, s, "1,=,1,6,string,dce") == -1);

diff --git a/src/detect-content.c b/src/detect-content.c
index a480fd0f7abfeecee633d1893f3e288d42d206cb..79cff1dfa95fa66e6417f7db90ea9c332b1ed80d 100644 (file)
--- a/src/detect-content.c
+++ b/src/detect-content.c
@@ -1286,7 +1286,8 @@ static int DetectContentParseTest18(void)
         goto end;
     }
 
-    s->alproto = ALPROTO_DCERPC;
+    if (DetectSignatureSetAppProto(s, ALPROTO_DCERPC) < 0)
+        goto end;
 
     result &= (DetectContentSetup(de_ctx, s, "one") == 0);
     result &= (s->sm_lists[g_dce_stub_data_buffer_id] == NULL && s->sm_lists[DETECT_SM_LIST_PMATCH] != NULL);

diff --git a/src/detect-http-cookie.c b/src/detect-http-cookie.c
index d9443b0e69d1ebb255473adddb1aad888f5a226c..2256f2e6fec4cbfde80c8b293dee87c068acdfc3 100644 (file)
--- a/src/detect-http-cookie.c
+++ b/src/detect-http-cookie.c
@@ -155,7 +155,9 @@ static int DetectHttpCookieSetupSticky(DetectEngineCtx *de_ctx, Signature *s, co
     if (DetectBufferSetActiveList(s, g_http_cookie_buffer_id) < 0)
         return -1;
 
-    s->alproto = ALPROTO_HTTP;
+    if (DetectSignatureSetAppProto(s, ALPROTO_HTTP) < 0)
+        return -1;
+
     return 0;
 }
 

diff --git a/src/detect-http-stat-code.c b/src/detect-http-stat-code.c
index 7a5cdf6b14cda892c796387381a3c7eb434b445f..f47a92a86d767ae66ef9665a0a16d098e899d0fb 100644 (file)
--- a/src/detect-http-stat-code.c
+++ b/src/detect-http-stat-code.c
@@ -142,7 +142,8 @@ static int DetectHttpStatCodeSetupSticky(DetectEngineCtx *de_ctx, Signature *s,
 {
     if (DetectBufferSetActiveList(s, g_http_stat_code_buffer_id) < 0)
         return -1;
-    s->alproto = ALPROTO_HTTP;
+    if (DetectSignatureSetAppProto(s, ALPROTO_HTTP) < 0)
+        return -1;
     return 0;
 }
 

diff --git a/src/detect-http-stat-msg.c b/src/detect-http-stat-msg.c
index a5d08ba72dbb85939fc2ada154fac1e77e60a2d6..a81b1e7c79f4441a2d98c14c5f1571f57cf4db0b 100644 (file)
--- a/src/detect-http-stat-msg.c
+++ b/src/detect-http-stat-msg.c
@@ -142,7 +142,8 @@ static int DetectHttpStatMsgSetupSticky(DetectEngineCtx *de_ctx, Signature *s, c
 {
     if (DetectBufferSetActiveList(s, g_http_stat_msg_buffer_id) < 0)
         return -1;
-    s->alproto = ALPROTO_HTTP;
+    if (DetectSignatureSetAppProto(s, ALPROTO_HTTP) < 0)
+        return -1;
     return 0;
 }
 

diff --git a/src/detect-http-uri.c b/src/detect-http-uri.c
index 8df0ed562fdc91dc6c411d2b95f22676b353e57d..a10ffb6d7c68a7212e23099772bc814b5eb9810b 100644 (file)
--- a/src/detect-http-uri.c
+++ b/src/detect-http-uri.c
@@ -204,7 +204,8 @@ static int DetectHttpUriSetupSticky(DetectEngineCtx *de_ctx, Signature *s, const
 {
     if (DetectBufferSetActiveList(s, g_http_uri_buffer_id) < 0)
         return -1;
-    s->alproto = ALPROTO_HTTP;
+    if (DetectSignatureSetAppProto(s, ALPROTO_HTTP) < 0)
+        return -1;
     return 0;
 }
 
@@ -277,7 +278,8 @@ static int DetectHttpRawUriSetupSticky(DetectEngineCtx *de_ctx, Signature *s, co
 {
     if (DetectBufferSetActiveList(s, g_http_raw_uri_buffer_id) < 0)
         return -1;
-    s->alproto = ALPROTO_HTTP;
+    if (DetectSignatureSetAppProto(s, ALPROTO_HTTP) < 0)
+        return -1;
     return 0;
 }
 

diff --git a/src/detect-isdataat.c b/src/detect-isdataat.c
index a2ff76a1d60d8ef4e83b9a0570a0df92a8d43f4d..761949fc1850752f065cabc89dfba9c9c40b77a0 100644 (file)
--- a/src/detect-isdataat.c
+++ b/src/detect-isdataat.c
@@ -397,14 +397,20 @@ static int DetectIsdataatTestParse04(void)
     Signature *s = SigAlloc();
     int result = 1;
 
-    s->alproto = ALPROTO_DCERPC;
+    if (DetectSignatureSetAppProto(s, ALPROTO_DCERPC) < 0) {
+        SigFree(s);
+        return 0;
+    }
 
     result &= (DetectIsdataatSetup(NULL, s, "30") == 0);
     result &= (s->sm_lists[g_dce_stub_data_buffer_id] == NULL && s->sm_lists[DETECT_SM_LIST_PMATCH] != NULL);
     SigFree(s);
 
     s = SigAlloc();
-    s->alproto = ALPROTO_DCERPC;
+    if (DetectSignatureSetAppProto(s, ALPROTO_DCERPC) < 0) {
+        SigFree(s);
+        return 0;
+    }
     /* failure since we have no preceding content/pcre/bytejump */
     result &= (DetectIsdataatSetup(NULL, s, "30,relative") == 0);
     result &= (s->sm_lists[g_dce_stub_data_buffer_id] == NULL && s->sm_lists[DETECT_SM_LIST_PMATCH] != NULL);

diff --git a/src/detect-parse.h b/src/detect-parse.h
index 58d2d649d860853af0588b2a4dc98753e9ed2fc0..c50c1792dba0a279dd90bb0a5aa5b727bb027ace 100644 (file)
--- a/src/detect-parse.h
+++ b/src/detect-parse.h
@@ -69,7 +69,7 @@ SigMatch *DetectGetLastSMByListPtr(const Signature *s, SigMatch *sm_list, ...);
 SigMatch *DetectGetLastSMByListId(const Signature *s, int list_id, ...);
 
 int DetectSignatureAddTransform(Signature *s, int transform);
-int DetectSignatureSetAppProto(Signature *s, AppProto alproto);
+int WARN_UNUSED DetectSignatureSetAppProto(Signature *s, AppProto alproto);
 
 /* parse regex setup and free util funcs */
 

diff --git a/src/detect-pcre.c b/src/detect-pcre.c
index 64589e71cd161900a3a3a3ba1778cc52b1969750..dac52b389acfe2953a0aebe558fe53d66340856a 100644 (file)
--- a/src/detect-pcre.c
+++ b/src/detect-pcre.c
@@ -1136,7 +1136,7 @@ static int DetectPcreParseTest10(void)
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     FAIL_IF_NULL(de_ctx);
 
-    s->alproto = ALPROTO_DCERPC;
+    FAIL_IF(DetectSignatureSetAppProto(s, ALPROTO_DCERPC) < 0);
 
     FAIL_IF_NOT(DetectPcreSetup(de_ctx, s, "/bamboo/") == 0);
     FAIL_IF_NOT(s->sm_lists[g_dce_stub_data_buffer_id] == NULL && s->sm_lists[DETECT_SM_LIST_PMATCH] != NULL);
@@ -1654,7 +1654,6 @@ static int DetectPcreTestSig01(void)
     p->flowflags |= FLOW_PKT_ESTABLISHED;
     p->flags |= PKT_HAS_FLOW|PKT_STREAM_EST;
     f->alproto = ALPROTO_HTTP;
-
     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
     FAIL_IF(de_ctx == NULL);