DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
DETECT_AL_HTTP_RAW_URI, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_AL_HTTP_CLIENT_BODY, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
DETECT_AL_HTTP_SERVER_BODY, s->sm_lists_tail[DETECT_SM_LIST_HSBDMATCH],
DETECT_AL_HTTP_HEADER, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
DETECT_AL_HTTP_RAW_HEADER, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
break;
- case DETECT_AL_HTTP_CLIENT_BODY:
- cd = (DetectContentData *)pm->ctx;
- if (cd->flags & DETECT_CONTENT_NEGATED) {
- if (cd->flags & DETECT_CONTENT_FAST_PATTERN) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't have a relative "
- "negated keyword set along with a fast_pattern");
- goto error;
- }
- } else {
- if (cd->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't have a relative "
- "keyword set along with a fast_pattern:only;");
- goto error;
- }
- }
-
- if (str[0] != '-' && isalpha(str[0])) {
- SigMatch *bed_sm =
- DetectByteExtractRetrieveSMVar(str, s,
- SigMatchListSMBelongsTo(s, pm));
- if (bed_sm == NULL) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown byte_extract var "
- "seen in depth - %s\n", str);
- goto error;
- }
- cd->depth = ((DetectByteExtractData *)bed_sm->ctx)->local_id;
- cd->flags |= DETECT_CONTENT_DEPTH_BE;
- } else {
- cd->depth = (uint32_t)atoi(str);
- if (cd->depth < cd->content_len) {
- cd->depth = cd->content_len;
- SCLogDebug("depth increased to %"PRIu32" to match pattern len ",
- cd->depth);
- }
- /* Now update the real limit, as depth is relative to the offset */
- cd->depth += cd->offset;
- }
-
- cd->flags |= DETECT_CONTENT_DEPTH;
-
- break;
-
case DETECT_AL_HTTP_SERVER_BODY:
cd = (DetectContentData *)pm->ctx;
if (cd->flags & DETECT_CONTENT_NEGATED) {
DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
DETECT_AL_HTTP_RAW_URI, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH],
- DETECT_AL_HTTP_CLIENT_BODY, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
DETECT_AL_HTTP_SERVER_BODY, s->sm_lists_tail[DETECT_SM_LIST_HSBDMATCH],
DETECT_AL_HTTP_HEADER, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
DETECT_AL_HTTP_RAW_HEADER, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
break;
- case DETECT_AL_HTTP_CLIENT_BODY:
- cd = (DetectContentData *)pm->ctx;
-
- if (str[0] != '-' && isalpha(str[0])) {
- SigMatch *bed_sm =
- DetectByteExtractRetrieveSMVar(str, s,
- SigMatchListSMBelongsTo(s, pm));
- if (bed_sm == NULL) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown byte_extract var "
- "seen in distance - %s\n", str);
- goto error;
- }
- cd->distance = ((DetectByteExtractData *)bed_sm->ctx)->local_id;
- cd->flags |= DETECT_CONTENT_DISTANCE_BE;
- } else {
- cd->distance = strtol(str, NULL, 10);
- }
-
- if (cd->flags & DETECT_CONTENT_NEGATED) {
- if (cd->flags & DETECT_CONTENT_FAST_PATTERN) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't have a relative "
- "negated keyword set along with a fast_pattern");
- goto error;
- }
- } else {
- if (cd->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't have a relative "
- "keyword set along with a fast_pattern:only;");
- goto error;
- }
- }
-
- cd->flags |= DETECT_CONTENT_DISTANCE;
-
- /* reassigning pm */
- pm = SigMatchGetLastSMFromLists(s, 4,
- DETECT_AL_HTTP_CLIENT_BODY, pm->prev,
- DETECT_PCRE, pm->prev);
- if (pm == NULL) {
- SCLogError(SC_ERR_DISTANCE_MISSING_CONTENT, "distance for http_client_body "
- "needs preceeding http_client_body content");
- goto error;
- }
-
- if (pm->type == DETECT_PCRE) {
- DetectPcreData *tmp_pd = (DetectPcreData *)pm->ctx;
- tmp_pd->flags |= DETECT_PCRE_RELATIVE_NEXT;
- } else {
- /* reassigning cd */
- cd = (DetectContentData *)pm->ctx;
- if (cd->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "Previous keyword "
- "has a fast_pattern:only; set. You can't "
- "have relative keywords around a fast_pattern "
- "only content");
- goto error;
- }
- cd->flags |= DETECT_CONTENT_RELATIVE_NEXT;
- }
-
- break;
-
case DETECT_AL_HTTP_SERVER_BODY:
cd = (DetectContentData *)pm->ctx;
sm->type == DETECT_AL_HTTP_RAW_URI ||
sm->type == DETECT_AL_HTTP_HEADER ||
sm->type == DETECT_AL_HTTP_RAW_HEADER ||
- sm->type == DETECT_AL_HTTP_CLIENT_BODY ||
sm->type == DETECT_AL_HTTP_SERVER_BODY ||
sm->type == DETECT_AL_HTTP_COOKIE ||
sm->type == DETECT_AL_HTTP_METHOD ||
SupportFastPatternForSigMatchType(DETECT_CONTENT);
SupportFastPatternForSigMatchList(DETECT_SM_LIST_UMATCH);
- SupportFastPatternForSigMatchType(DETECT_AL_HTTP_CLIENT_BODY);
+ SupportFastPatternForSigMatchType(DETECT_CONTENT);
SupportFastPatternForSigMatchList(DETECT_SM_LIST_HCBDMATCH);
SupportFastPatternForSigMatchType(DETECT_AL_HTTP_SERVER_BODY);
SigMatch *pm = SigMatchGetLastSMFromLists(s, 22,
DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_AL_HTTP_CLIENT_BODY, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
DETECT_AL_HTTP_SERVER_BODY, s->sm_lists_tail[DETECT_SM_LIST_HSBDMATCH],
DETECT_AL_HTTP_HEADER, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
DETECT_AL_HTTP_RAW_HEADER, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
/* reassigning pm */
pm = SigMatchGetLastSMFromLists(s, 4,
- DETECT_AL_HTTP_CLIENT_BODY, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]);
if (pm == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "http_client_body seen with a "
}
}
cd->id = DetectPatternGetId(de_ctx->mpm_pattern_id_store, cd, DETECT_SM_LIST_HCBDMATCH);
- sm->type = DETECT_AL_HTTP_CLIENT_BODY;
+ sm->type = DETECT_CONTENT;
/* transfer the sm from the pmatch list to hcbdmatch list */
SigMatchTransferSigMatchAcrossLists(sm,
sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_MATCH];
if (sm != NULL) {
- result &= (sm->type == DETECT_AL_HTTP_CLIENT_BODY);
+ result &= (sm->type == DETECT_CONTENT);
result &= (sm->next == NULL);
}
"(content:\"one\"; offset:10; http_client_body; pcre:/two/; distance:10; "
"content:\"three\"; distance:10; http_client_body; depth:10; "
"content:\"four\"; distance:10; sid:1;)");
- if (de_ctx->sig_list != NULL) {
- printf("de_ctx->sig_list != NULL\n");
+ if (de_ctx->sig_list == NULL) {
+ printf("de_ctx->sig_list == NULL\n");
goto end;
}
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert icmp any any -> any any "
"(content:\"one\"; http_client_body; within:5; sid:1;)");
- if (de_ctx->sig_list != NULL) {
+ if (de_ctx->sig_list == NULL) {
printf("de_ctx->sig_list != NULL\n");
goto end;
}
}
if (de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH] == NULL ||
- de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->type != DETECT_AL_HTTP_CLIENT_BODY ||
+ de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->type != DETECT_CONTENT ||
de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev == NULL ||
de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev->type != DETECT_PCRE) {
if (de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH] == NULL ||
de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->type != DETECT_PCRE ||
de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev == NULL ||
- de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev->type != DETECT_AL_HTTP_CLIENT_BODY) {
+ de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev->type != DETECT_CONTENT) {
goto end;
}
}
if (de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH] == NULL ||
- de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->type != DETECT_AL_HTTP_CLIENT_BODY ||
+ de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->type != DETECT_CONTENT ||
de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev == NULL ||
de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev->type != DETECT_PCRE) {
pm = SigMatchGetLastSMFromLists(s, 54,
DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], /* 1 */
DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_AL_HTTP_CLIENT_BODY, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
DETECT_AL_HTTP_SERVER_BODY, s->sm_lists_tail[DETECT_SM_LIST_HSBDMATCH],
DETECT_AL_HTTP_HEADER, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH], /* 5 */
DETECT_AL_HTTP_RAW_HEADER, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
switch (prev_pm->type) {
case DETECT_CONTENT:
- case DETECT_AL_HTTP_CLIENT_BODY:
case DETECT_AL_HTTP_SERVER_BODY:
case DETECT_AL_HTTP_HEADER:
case DETECT_AL_HTTP_RAW_HEADER:
SigMatch *pm = SigMatchGetLastSMFromLists(s, 22,
DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_AL_HTTP_CLIENT_BODY, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
DETECT_AL_HTTP_SERVER_BODY, s->sm_lists_tail[DETECT_SM_LIST_HSBDMATCH],
DETECT_AL_HTTP_HEADER, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
DETECT_AL_HTTP_RAW_HEADER, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
switch (pm->type) {
case DETECT_CONTENT:
- case DETECT_AL_HTTP_CLIENT_BODY:
case DETECT_AL_HTTP_SERVER_BODY:
case DETECT_AL_HTTP_HEADER:
case DETECT_AL_HTTP_RAW_HEADER:
pm = SigMatchGetLastSMFromLists(s, 22,
DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_AL_HTTP_CLIENT_BODY, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
DETECT_AL_HTTP_SERVER_BODY, s->sm_lists_tail[DETECT_SM_LIST_HSBDMATCH],
DETECT_AL_HTTP_HEADER, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
DETECT_AL_HTTP_RAW_HEADER, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
break;
- case DETECT_AL_HTTP_CLIENT_BODY:
- cd = (DetectContentData *)pm->ctx;
- if (cd->flags & DETECT_CONTENT_NEGATED) {
- if (cd->flags & DETECT_CONTENT_FAST_PATTERN) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't have a relative "
- "negated keyword set along with a fast_pattern");
- goto error;
- }
- } else {
- if (cd->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't have a relative "
- "keyword set along with a fast_pattern:only;");
- goto error;
- }
- }
-
- if (str[0] != '-' && isalpha(str[0])) {
- SigMatch *bed_sm =
- DetectByteExtractRetrieveSMVar(str, s,
- SigMatchListSMBelongsTo(s, pm));
- if (bed_sm == NULL) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown byte_extract var "
- "seen in offset - %s\n", str);
- goto error;
- }
- cd->offset = ((DetectByteExtractData *)bed_sm->ctx)->local_id;
- cd->flags |= DETECT_CONTENT_OFFSET_BE;
- } else {
- cd->offset = (uint32_t)atoi(str);
- if (cd->depth != 0) {
- if (cd->depth < cd->content_len) {
- SCLogDebug("depth increased to %"PRIu32" to match pattern len",
- cd->content_len);
- cd->depth = cd->content_len;
- }
- /* Updating the depth as is relative to the offset */
- cd->depth += cd->offset;
- }
- }
-
- cd->flags |= DETECT_CONTENT_OFFSET;
-
- break;
-
case DETECT_AL_HTTP_SERVER_BODY:
cd = (DetectContentData *)pm->ctx;
if (cd->flags & DETECT_CONTENT_NEGATED) {
SCReturnInt(0);
}
- prev_sm = SigMatchGetLastSMFromLists(s, 24,
+ prev_sm = SigMatchGetLastSMFromLists(s, 20,
DETECT_CONTENT, sm->prev,
- DETECT_CONTENT, sm->prev,
- DETECT_AL_HTTP_CLIENT_BODY, sm->prev,
DETECT_AL_HTTP_SERVER_BODY, sm->prev,
DETECT_AL_HTTP_HEADER, sm->prev,
DETECT_AL_HTTP_RAW_HEADER, sm->prev,
switch (prev_sm->type) {
case DETECT_CONTENT:
- case DETECT_AL_HTTP_CLIENT_BODY:
case DETECT_AL_HTTP_SERVER_BODY:
case DETECT_AL_HTTP_HEADER:
case DETECT_AL_HTTP_RAW_HEADER:
pm = SigMatchGetLastSMFromLists(s, 22,
DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_UMATCH],
- DETECT_AL_HTTP_CLIENT_BODY, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
+ DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH],
DETECT_AL_HTTP_SERVER_BODY, s->sm_lists_tail[DETECT_SM_LIST_HSBDMATCH],
DETECT_AL_HTTP_HEADER, s->sm_lists_tail[DETECT_SM_LIST_HHDMATCH],
DETECT_AL_HTTP_RAW_HEADER, s->sm_lists_tail[DETECT_SM_LIST_HRHDMATCH],
break;
- case DETECT_AL_HTTP_CLIENT_BODY:
- cd = (DetectContentData *)pm->ctx;
-
- if (str[0] != '-' && isalpha(str[0])) {
- SigMatch *bed_sm =
- DetectByteExtractRetrieveSMVar(str, s,
- SigMatchListSMBelongsTo(s, pm));
- if (bed_sm == NULL) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown byte_extract var "
- "seen in within - %s\n", str);
- goto error;
- }
- cd->within = ((DetectByteExtractData *)bed_sm->ctx)->local_id;
- cd->flags |= DETECT_CONTENT_WITHIN_BE;
- } else {
- cd->within = strtol(str, NULL, 10);
- if (cd->within < (int32_t)cd->content_len) {
- SCLogError(SC_ERR_WITHIN_INVALID, "within argument \"%"PRIi32"\" is "
- "less than the content length \"%"PRIu32"\" which is invalid, since "
- "this will never match. Invalidating signature", cd->within,
- cd->content_len);
- goto error;
- }
- }
-
- if (cd->flags & DETECT_CONTENT_NEGATED) {
- if (cd->flags & DETECT_CONTENT_FAST_PATTERN) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't have a relative "
- "negated keyword set along with a fast_pattern");
- goto error;
- }
- } else {
- if (cd->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't have a relative "
- "keyword set along with a fast_pattern:only;");
- goto error;
- }
- }
-
- cd->flags |= DETECT_CONTENT_WITHIN;
-
- /* reassigning pm */
- pm = SigMatchGetLastSMFromLists(s, 4,
- DETECT_AL_HTTP_CLIENT_BODY, pm->prev,
- DETECT_PCRE, pm->prev);
- if (pm == NULL) {
- SCLogError(SC_ERR_DISTANCE_MISSING_CONTENT, "distance for http_client_body "
- "needs preceeding http_client_body content");
- goto error;
- }
-
- if (pm->type == DETECT_PCRE) {
- DetectPcreData *tmp_pd = (DetectPcreData *)pm->ctx;
- tmp_pd->flags |= DETECT_PCRE_RELATIVE_NEXT;
- } else {
- /* reassigning cd */
- cd = (DetectContentData *)pm->ctx;
- if (cd->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "Previous keyword "
- "has a fast_pattern:only; set. You can't "
- "have relative keywords around a fast_pattern "
- "only content");
- goto error;
- }
- cd->flags |= DETECT_CONTENT_RELATIVE_NEXT;
- }
-
- break;
-
case DETECT_AL_HTTP_SERVER_BODY:
cd = (DetectContentData *)pm->ctx;
fprintf(fp_engine_analysis_FD, "== Sid: %u ==\n", s->id);
fprintf(fp_engine_analysis_FD, " Fast pattern matcher: ");
- if (mpm_sm->type == DETECT_CONTENT)
+ int list_type = SigMatchListSMBelongsTo(s, mpm_sm);
+ if (list_type == DETECT_SM_LIST_PMATCH)
fprintf(fp_engine_analysis_FD, "content\n");
- else if (mpm_sm->type == DETECT_CONTENT)
- fprintf(fp_engine_analysis_FD, "uricontent\n");
- else if (mpm_sm->type == DETECT_AL_HTTP_CLIENT_BODY)
- fprintf(fp_engine_analysis_FD, "http_client_body\n");
- else if (mpm_sm->type == DETECT_AL_HTTP_HEADER)
- fprintf(fp_engine_analysis_FD, "http_header\n");
- else if (mpm_sm->type == DETECT_AL_HTTP_RAW_HEADER)
- fprintf(fp_engine_analysis_FD, "http_raw_header\n");
+ else if (list_type == DETECT_SM_LIST_UMATCH)
+ fprintf(fp_engine_analysis_FD, "http uri content\n");
+ else if (list_type == DETECT_SM_LIST_HRUDMATCH)
+ fprintf(fp_engine_analysis_FD, "http raw uri content\n");
+ else if (list_type == DETECT_SM_LIST_HHDMATCH)
+ fprintf(fp_engine_analysis_FD, "http header content\n");
+ else if (list_type == DETECT_SM_LIST_HRHDMATCH)
+ fprintf(fp_engine_analysis_FD, "http raw header content\n");
+ else if (list_type == DETECT_SM_LIST_HMDMATCH)
+ fprintf(fp_engine_analysis_FD, "http method content\n");
+ else if (list_type == DETECT_SM_LIST_HCDMATCH)
+ fprintf(fp_engine_analysis_FD, "http cookie content\n");
+ else if (list_type == DETECT_SM_LIST_HCBDMATCH)
+ fprintf(fp_engine_analysis_FD, "http client body content\n");
+ else if (list_type == DETECT_SM_LIST_HSBDMATCH)
+ fprintf(fp_engine_analysis_FD, "http server body content\n");
+ else if (list_type == DETECT_SM_LIST_HSCDMATCH)
+ fprintf(fp_engine_analysis_FD, "http stat code content\n");
+ else if (list_type == DETECT_SM_LIST_HSMDMATCH)
+ fprintf(fp_engine_analysis_FD, "http stat msg content\n");
+
fprintf(fp_engine_analysis_FD, " Fast pattern set: %s\n", fast_pattern_set ? "yes" : "no");
fprintf(fp_engine_analysis_FD, " Fast pattern only set: %s\n",
fast_pattern_only_set ? "yes" : "no");
case DETECT_AL_HTTP_COOKIE:
case DETECT_AL_HTTP_METHOD:
case DETECT_AL_URILEN:
- case DETECT_AL_HTTP_CLIENT_BODY:
case DETECT_AL_HTTP_HEADER:
case DETECT_AL_HTTP_RAW_HEADER:
case DETECT_AL_HTTP_URI:
projects / thirdparty / suricata.git / commitdiff
