signature: adds file flag for file_data keyword

author pantoine <pantoine@oisf.net>

Fri, 1 May 2020 08:54:51 +0000 (10:54 +0200)

committer Jeff Lucovsky <jeff@lucovsky.org>

Sun, 5 Jul 2020 15:40:54 +0000 (11:40 -0400)
author pantoine <pantoine@oisf.net>
Fri, 1 May 2020 08:54:51 +0000 (10:54 +0200)
committer Jeff Lucovsky <jeff@lucovsky.org>
Sun, 5 Jul 2020 15:40:54 +0000 (11:40 -0400)
diff --git a/src/detect-file-data.c b/src/detect-file-data.c

index e8881817e2cb14df3baa7d4b89b9067d4ae82270..a72fb56cca3652263bfd97244ff6438e6ea72072 100644 (file)
--- a/src/detect-file-data.c
+++ b/src/detect-file-data.c
@@ -189,6 +189,7 @@ static int DetectFiledataSetup (DetectEngineCtx *de_ctx, Signature *s, const cha
      if (DetectBufferSetActiveList(s, DetectBufferTypeGetByName("file_data")) < 0)
          return -1;
  
+    s->init_data->init_flags |= SIG_FLAG_INIT_FILEDATA;
      SetupDetectEngineConfig(de_ctx);
      return 0;
  }
diff --git a/src/detect-parse.c b/src/detect-parse.c

index 3c185588ad43ec792f84d3f2b0f809681d893b69..3ea024ad36a016ab449bf69ce2d3d53c6c9b2613 100644 (file)
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@@ -1828,7 +1828,8 @@ static int SigValidate(DetectEngineCtx *de_ctx, Signature *s)
      }
  #endif
  
-    if ((s->flags & SIG_FLAG_FILESTORE) || s->file_flags != 0) {
+    if ((s->flags & SIG_FLAG_FILESTORE) || s->file_flags != 0 ||
+        (s->init_data->init_flags & SIG_FLAG_INIT_FILEDATA)) {
          if (s->alproto != ALPROTO_UNKNOWN &&
                  !AppLayerParserSupportsFiles(IPPROTO_TCP, s->alproto))
          {
diff --git a/src/detect.h b/src/detect.h

index bef72d2e80096f75da99947fbc4b7c1675464b37..c79c8bd91dafd1edbc959b973bc564fb95321aa5 100644 (file)
--- a/src/detect.h
+++ b/src/detect.h
@@ -262,6 +262,7 @@ typedef struct DetectPort_ {
  #define SIG_FLAG_INIT_STATE_MATCH           BIT_U32(6)  /**< signature has matches that require stateful inspection */
  #define SIG_FLAG_INIT_NEED_FLUSH            BIT_U32(7)
  #define SIG_FLAG_INIT_PRIO_EXPLICT          BIT_U32(8)  /**< priority is explicitly set by the priority keyword */
+#define SIG_FLAG_INIT_FILEDATA              BIT_U32(9)  /**< signature has filedata keyword */
  
  /* signature mask flags */
  /** \note: additions should be added to the rule analyzer as well */
author	pantoine <pantoine@oisf.net>
	Fri, 1 May 2020 08:54:51 +0000 (10:54 +0200)
committer	Jeff Lucovsky <jeff@lucovsky.org>
	Sun, 5 Jul 2020 15:40:54 +0000 (11:40 -0400)
src/detect-file-data.c		patch \| blob \| blame \| history
src/detect-parse.c		patch \| blob \| blame \| history
src/detect.h		patch \| blob \| blame \| history