files: use dynamic list

diff --git a/src/detect-engine-file.c b/src/detect-engine-file.c
index 7ffb355740a8c498a3d278326c400005f2f3f531..7db290d3e502950aeb8dad7e971ea6a281695d3e 100644 (file)
--- a/src/detect-engine-file.c
+++ b/src/detect-engine-file.c
@@ -81,7 +81,6 @@ static int DetectFileInspect(ThreadVars *tv, DetectEngineThreadCtx *det_ctx,
     int match = 0;
     int store_r = 0;
 
-    KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_FILEMATCH);
     SCLogDebug("file inspection... %p", ffc);
 
     if (ffc != NULL) {

diff --git a/src/detect-engine.c b/src/detect-engine.c
index a577af12a93162b4df7a10b47549ffe5252b7e5a..34d338158149274de4d3c97471f481b58fc0242b 100644 (file)
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@@ -2808,9 +2808,6 @@ const char *DetectSigmatchListEnumToString(enum DetectSigmatchListEnum type)
         case DETECT_SM_LIST_TMATCH:
             return "tag";
 
-        case DETECT_SM_LIST_FILEMATCH:
-            return "file";
-
         case DETECT_SM_LIST_BASE64_DATA:
             return "base64_data";
 

diff --git a/src/detect-fileext.c b/src/detect-fileext.c
index f9a08dacf3748a96cb568e47110f325bb169c542..eecc63ffe5d1cd16bc849f8100245f7ff1dae909 100644 (file)
--- a/src/detect-fileext.c
+++ b/src/detect-fileext.c
@@ -56,6 +56,7 @@ static int DetectFileextMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *,
 static int DetectFileextSetup (DetectEngineCtx *, Signature *, char *);
 static void DetectFileextRegisterTests(void);
 static void DetectFileextFree(void *);
+static int g_file_match_list_id = 0;
 
 /**
  * \brief Registration function for keyword: fileext
@@ -70,6 +71,8 @@ void DetectFileextRegister(void)
     sigmatch_table[DETECT_FILEEXT].Free  = DetectFileextFree;
     sigmatch_table[DETECT_FILEEXT].RegisterTests = DetectFileextRegisterTests;
 
+    g_file_match_list_id = DetectBufferTypeRegister("files");
+
        SCLogDebug("registering fileext rule option");
     return;
 }
@@ -208,7 +211,7 @@ static int DetectFileextSetup (DetectEngineCtx *de_ctx, Signature *s, char *str)
     sm->type = DETECT_FILEEXT;
     sm->ctx = (void *)fileext;
 
-    SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH);
+    SigMatchAppendSMToList(s, sm, g_file_match_list_id);
 
     s->file_flags |= (FILE_SIG_NEED_FILE|FILE_SIG_NEED_FILENAME);
     return 0;

diff --git a/src/detect-filemagic.c b/src/detect-filemagic.c
index b70e4c820d713bdf046a84d7fefa7d5766ba6a83..dbf1dd767e4962a0402d38db98464748f60e401f 100644 (file)
--- a/src/detect-filemagic.c
+++ b/src/detect-filemagic.c
@@ -80,6 +80,7 @@ static int DetectFilemagicMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *,
 static int DetectFilemagicSetup (DetectEngineCtx *, Signature *, char *);
 static void DetectFilemagicRegisterTests(void);
 static void DetectFilemagicFree(void *);
+static int g_file_match_list_id = 0;
 
 /**
  * \brief Registration function for keyword: filemagic
@@ -94,6 +95,8 @@ void DetectFilemagicRegister(void)
     sigmatch_table[DETECT_FILEMAGIC].Free  = DetectFilemagicFree;
     sigmatch_table[DETECT_FILEMAGIC].RegisterTests = DetectFilemagicRegisterTests;
 
+    g_file_match_list_id = DetectBufferTypeRegister("files");
+
        SCLogDebug("registering filemagic rule option");
     return;
 }
@@ -377,7 +380,7 @@ static int DetectFilemagicSetup (DetectEngineCtx *de_ctx, Signature *s, char *st
     sm->type = DETECT_FILEMAGIC;
     sm->ctx = (void *)filemagic;
 
-    SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH);
+    SigMatchAppendSMToList(s, sm, g_file_match_list_id);
 
     s->file_flags |= (FILE_SIG_NEED_FILE|FILE_SIG_NEED_MAGIC);
     return 0;

diff --git a/src/detect-filemd5.c b/src/detect-filemd5.c
index 8f1b43d1975e8e39fcc2c7eeca1ef9b45f6b3192..a4f3f56dfe7c3d7f4736f6c4c5d9cb84ec49ba7e 100644 (file)
--- a/src/detect-filemd5.c
+++ b/src/detect-filemd5.c
@@ -24,6 +24,7 @@
 
 #include "suricata-common.h"
 
+#include "detect-engine.h"
 #include "util-detect-file-hash.h"
 #include "util-unittest.h"
 #include "util-unittest-helper.h"
@@ -56,6 +57,8 @@ void DetectFileMd5Register(void)
 
 #else /* HAVE_NSS */
 
+static int g_file_match_list_id = 0;
+
 static int DetectFileMd5Setup (DetectEngineCtx *, Signature *, char *);
 static void DetectFileMd5RegisterTests(void);
 
@@ -72,6 +75,8 @@ void DetectFileMd5Register(void)
     sigmatch_table[DETECT_FILEMD5].Free  = DetectFileHashFree;
     sigmatch_table[DETECT_FILEMD5].RegisterTests = DetectFileMd5RegisterTests;
 
+    g_file_match_list_id = DetectBufferTypeRegister("files");
+
     SCLogDebug("registering filemd5 rule option");
     return;
 }
@@ -89,7 +94,7 @@ void DetectFileMd5Register(void)
  */
 static int DetectFileMd5Setup (DetectEngineCtx *de_ctx, Signature *s, char *str)
 {
-    return DetectFileHashSetup(de_ctx, s, str, DETECT_FILEMD5);
+    return DetectFileHashSetup(de_ctx, s, str, DETECT_FILEMD5, g_file_match_list_id);
 }
 
 #ifdef UNITTESTS

diff --git a/src/detect-filename.c b/src/detect-filename.c
index e751d2b4faed04f4c4fc66bf8ef26fdd07e8e2cc..1b59519fb9e4f3e2dc1a683248c0d283f53e29de 100644 (file)
--- a/src/detect-filename.c
+++ b/src/detect-filename.c
@@ -57,6 +57,7 @@ static int DetectFilenameMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *,
 static int DetectFilenameSetup (DetectEngineCtx *, Signature *, char *);
 static void DetectFilenameRegisterTests(void);
 static void DetectFilenameFree(void *);
+static int g_file_match_list_id = 0;
 
 /**
  * \brief Registration function for keyword: filename
@@ -71,17 +72,19 @@ void DetectFilenameRegister(void)
     sigmatch_table[DETECT_FILENAME].Free  = DetectFilenameFree;
     sigmatch_table[DETECT_FILENAME].RegisterTests = DetectFilenameRegisterTests;
 
-    DetectAppLayerInspectEngineRegister(ALPROTO_HTTP, SIG_FLAG_TOSERVER,
-            DETECT_SM_LIST_FILEMATCH,
+    DetectAppLayerInspectEngineRegister2("files",
+            ALPROTO_HTTP, SIG_FLAG_TOSERVER,
             DetectFileInspectHttp);
-    DetectAppLayerInspectEngineRegister(ALPROTO_HTTP, SIG_FLAG_TOCLIENT,
-            DETECT_SM_LIST_FILEMATCH,
+    DetectAppLayerInspectEngineRegister2("files",
+            ALPROTO_HTTP, SIG_FLAG_TOCLIENT,
             DetectFileInspectHttp);
 
-    DetectAppLayerInspectEngineRegister(ALPROTO_SMTP, SIG_FLAG_TOSERVER,
-            DETECT_SM_LIST_FILEMATCH,
+    DetectAppLayerInspectEngineRegister2("files",
+            ALPROTO_SMTP, SIG_FLAG_TOSERVER,
             DetectFileInspectSmtp);
 
+    g_file_match_list_id = DetectBufferTypeGetByName("files");
+
        SCLogDebug("registering filename rule option");
     return;
 }
@@ -225,7 +228,7 @@ static int DetectFilenameSetup (DetectEngineCtx *de_ctx, Signature *s, char *str
     sm->type = DETECT_FILENAME;
     sm->ctx = (void *)filename;
 
-    SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH);
+    SigMatchAppendSMToList(s, sm, g_file_match_list_id);
 
     s->file_flags |= (FILE_SIG_NEED_FILE|FILE_SIG_NEED_FILENAME);
     return 0;

diff --git a/src/detect-filesha1.c b/src/detect-filesha1.c
index 22196bda9336dade8e211fe2509e8a07c1c1d48e..3bb26b5746a1da910bcde5c414b0e5374c144940 100644 (file)
--- a/src/detect-filesha1.c
+++ b/src/detect-filesha1.c
@@ -25,6 +25,7 @@
 
 #include "suricata-common.h"
 
+#include "detect-engine.h"
 #include "util-detect-file-hash.h"
 #include "util-unittest.h"
 #include "util-unittest-helper.h"
@@ -59,6 +60,7 @@ void DetectFileSha1Register(void)
 
 static int DetectFileSha1Setup (DetectEngineCtx *, Signature *, char *);
 static void DetectFileSha1RegisterTests(void);
+static int g_file_match_list_id = 0;
 
 /**
  * \brief Registration function for keyword: filesha1
@@ -73,6 +75,8 @@ void DetectFileSha1Register(void)
     sigmatch_table[DETECT_FILESHA1].Free  = DetectFileHashFree;
     sigmatch_table[DETECT_FILESHA1].RegisterTests = DetectFileSha1RegisterTests;
 
+    g_file_match_list_id = DetectBufferTypeRegister("files");
+
     SCLogDebug("registering filesha1 rule option");
     return;
 }
@@ -90,7 +94,7 @@ void DetectFileSha1Register(void)
  */
 static int DetectFileSha1Setup (DetectEngineCtx *de_ctx, Signature *s, char *str)
 {
-    return DetectFileHashSetup(de_ctx, s, str, DETECT_FILESHA1);
+    return DetectFileHashSetup(de_ctx, s, str, DETECT_FILESHA1, g_file_match_list_id);
 }
 
 #ifdef UNITTESTS

diff --git a/src/detect-filesha256.c b/src/detect-filesha256.c
index 0a58e33a3091aad9b5209d3aa3fdd4f7ee910b4e..b95831e7da20dc4af1e090cafd7617987bb6c3a3 100644 (file)
--- a/src/detect-filesha256.c
+++ b/src/detect-filesha256.c
@@ -25,6 +25,7 @@
 
 #include "suricata-common.h"
 
+#include "detect-engine.h"
 #include "util-detect-file-hash.h"
 #include "util-unittest.h"
 #include "util-unittest-helper.h"
@@ -59,6 +60,7 @@ void DetectFileSha256Register(void)
 
 static int DetectFileSha256Setup (DetectEngineCtx *, Signature *, char *);
 static void DetectFileSha256RegisterTests(void);
+static int g_file_match_list_id = 0;
 
 /**
  * \brief Registration function for keyword: filesha256
@@ -73,6 +75,8 @@ void DetectFileSha256Register(void)
     sigmatch_table[DETECT_FILESHA256].Free  = DetectFileHashFree;
     sigmatch_table[DETECT_FILESHA256].RegisterTests = DetectFileSha256RegisterTests;
 
+    g_file_match_list_id = DetectBufferTypeRegister("files");
+
     SCLogDebug("registering filesha256 rule option");
     return;
 }
@@ -90,7 +94,7 @@ void DetectFileSha256Register(void)
  */
 static int DetectFileSha256Setup (DetectEngineCtx *de_ctx, Signature *s, char *str)
 {
-    return DetectFileHashSetup(de_ctx, s, str, DETECT_FILESHA256);
+    return DetectFileHashSetup(de_ctx, s, str, DETECT_FILESHA256, g_file_match_list_id);
 }
 
 #ifdef UNITTESTS

diff --git a/src/detect-filesize.c b/src/detect-filesize.c
index 1b12221b84411e636a4574680da3a7618d6392ea..547ea38963e9804cd4f53f53c219d763ee1f3454 100644 (file)
--- a/src/detect-filesize.c
+++ b/src/detect-filesize.c
@@ -31,6 +31,7 @@
 
 #include "detect.h"
 #include "detect-parse.h"
+#include "detect-engine.h"
 #include "detect-engine-state.h"
 
 #include "detect-filesize.h"
@@ -53,6 +54,7 @@ static int DetectFilesizeMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, F
 static int DetectFilesizeSetup (DetectEngineCtx *, Signature *, char *);
 static void DetectFilesizeFree (void *);
 static void DetectFilesizeRegisterTests (void);
+static int g_file_match_list_id = 0;
 
 /**
  * \brief Registration function for filesize: keyword
@@ -70,6 +72,8 @@ void DetectFilesizeRegister(void)
     sigmatch_table[DETECT_FILESIZE].flags |= SIGMATCH_PAYLOAD; /** XXX necessary? */
 
     DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+
+    g_file_match_list_id = DetectBufferTypeRegister("files");
 }
 
 /**
@@ -286,7 +290,7 @@ static int DetectFilesizeSetup (DetectEngineCtx *de_ctx, Signature *s, char *str
     sm->type = DETECT_FILESIZE;
     sm->ctx = (SigMatchCtx *)fsd;
 
-    SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH);
+    SigMatchAppendSMToList(s, sm, g_file_match_list_id);
 
     s->file_flags |= (FILE_SIG_NEED_FILE|FILE_SIG_NEED_SIZE);
     SCReturnInt(0);

diff --git a/src/detect-filestore.c b/src/detect-filestore.c
index 328b2118034a5d6aa6344455cbb94c89b0479316..6801e8cbf0ac20070f74093c147bc5c7d01d8ca4 100644 (file)
--- a/src/detect-filestore.c
+++ b/src/detect-filestore.c
@@ -64,6 +64,7 @@ static int DetectFilestoreMatch (ThreadVars *, DetectEngineThreadCtx *,
 static int DetectFilestoreSetup (DetectEngineCtx *, Signature *, char *);
 static void DetectFilestoreFree(void *);
 static void DetectFilestoreRegisterTests(void);
+static int g_file_match_list_id = 0;
 
 /**
  * \brief Registration function for keyword: filestore
@@ -80,6 +81,8 @@ void DetectFilestoreRegister(void)
     sigmatch_table[DETECT_FILESTORE].flags = SIGMATCH_OPTIONAL_OPT;
 
     DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
+
+    g_file_match_list_id = DetectBufferTypeRegister("files");
 }
 
 /**
@@ -401,7 +404,7 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, char *st
         AppLayerHtpNeedFileInspection();
     }
 
-    SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH);
+    SigMatchAppendSMToList(s, sm, g_file_match_list_id);
     s->filestore_ctx = (const DetectFilestoreData *)sm->ctx;
 
     s->flags |= SIG_FLAG_FILESTORE;

diff --git a/src/detect-parse.c b/src/detect-parse.c
index d8a9928dc80e8c7f897cd414b2ab7757dd8c9761..3b24f5fa3702f0d6ead9dd48370930073a8d90d6 100644 (file)
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@@ -145,7 +145,6 @@ const char *DetectListToHumanString(int list)
         CASE_CODE_STRING(DETECT_SM_LIST_AMATCH, "app-layer");
         CASE_CODE_STRING(DETECT_SM_LIST_DMATCH, "dcerpc");
         CASE_CODE_STRING(DETECT_SM_LIST_TMATCH, "tag");
-        CASE_CODE_STRING(DETECT_SM_LIST_FILEMATCH, "file");
         CASE_CODE_STRING(DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH, "template");
         CASE_CODE_STRING(DETECT_SM_LIST_POSTMATCH, "postmatch");
         CASE_CODE_STRING(DETECT_SM_LIST_SUPPRESS, "suppress");
@@ -167,7 +166,6 @@ const char *DetectListToString(int list)
         CASE_CODE(DETECT_SM_LIST_AMATCH);
         CASE_CODE(DETECT_SM_LIST_DMATCH);
         CASE_CODE(DETECT_SM_LIST_TMATCH);
-        CASE_CODE(DETECT_SM_LIST_FILEMATCH);
         CASE_CODE(DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH);
         CASE_CODE(DETECT_SM_LIST_POSTMATCH);
         CASE_CODE(DETECT_SM_LIST_SUPPRESS);

diff --git a/src/detect.h b/src/detect.h
index 7895ec683f6fbb550404e9b3a3f2caef40a9eb16..70c76dfadadfd4c1f475592787f080b0a1e21971 100644 (file)
--- a/src/detect.h
+++ b/src/detect.h
@@ -118,8 +118,6 @@ enum DetectSigmatchListEnum {
     /* app event engine sm list */
     DETECT_SM_LIST_APP_EVENT = DETECT_SM_LIST_BUILTIN_MAX,
 
-    DETECT_SM_LIST_FILEMATCH,
-
     DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH,
 
     DETECT_SM_LIST_MAX,

diff --git a/src/util-detect-file-hash.c b/src/util-detect-file-hash.c
index aff4302f41bee5d17755523915c71092533b8aa5..e7e157bd9eef1a45a00042c0364825f977a98fce 100644 (file)
--- a/src/util-detect-file-hash.c
+++ b/src/util-detect-file-hash.c
@@ -303,7 +303,7 @@ error:
  * \retval -1 on Failure
  */
 int DetectFileHashSetup (DetectEngineCtx *de_ctx, Signature *s, char *str,
-        uint32_t type)
+        uint32_t type, int list)
 {
     DetectFileHashData *filehash = NULL;
     SigMatch *sm = NULL;
@@ -321,7 +321,7 @@ int DetectFileHashSetup (DetectEngineCtx *de_ctx, Signature *s, char *str,
     sm->type = type;
     sm->ctx = (void *)filehash;
 
-    SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH);
+    SigMatchAppendSMToList(s, sm, list);
 
     s->file_flags |= FILE_SIG_NEED_FILE;
 

diff --git a/src/util-detect-file-hash.h b/src/util-detect-file-hash.h
index ee0b37de61cf7e70b79e4df618adffd28de4abfe..b8d50789344e5ebcb45d045736536e08b51ba20b 100644 (file)
--- a/src/util-detect-file-hash.h
+++ b/src/util-detect-file-hash.h
@@ -39,7 +39,7 @@ int LoadHashTable(ROHashTable *, char *, char *, int, uint32_t);
 
 int DetectFileHashMatch(ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t,
         File *, const Signature *, const SigMatchData *);
-int DetectFileHashSetup(DetectEngineCtx *, Signature *, char *, uint32_t);
+int DetectFileHashSetup(DetectEngineCtx *, Signature *, char *, uint32_t, int);
 void DetectFileHashFree(void *);
 
 #endif /* __UTIL_DETECT_FILE_HASH_H__ */