fprintf(fp_engine_analysis_FD, "http raw header content\n");
else if (list_type == DETECT_SM_LIST_HCBDMATCH)
fprintf(fp_engine_analysis_FD, "http client body content\n");
- else if (list_type == DETECT_SM_LIST_HSMDMATCH)
- fprintf(fp_engine_analysis_FD, "http stat msg content\n");
else {
const char *desc = DetectBufferTypeGetDescriptionById(list_type);
const char *name = DetectBufferTypeGetNameById(list_type);
fprintf(rule_engine_analysis_FD, "http raw header content");
else if (list_type == DETECT_SM_LIST_HCBDMATCH)
fprintf(rule_engine_analysis_FD, "http client body content");
- else if (list_type == DETECT_SM_LIST_HSMDMATCH)
- fprintf(rule_engine_analysis_FD, "http stat msg content");
else if (list_type == DETECT_SM_LIST_DNSQUERYNAME_MATCH)
fprintf(rule_engine_analysis_FD, "dns query name content");
else if (list_type == DETECT_SM_LIST_TLSSNI_MATCH)
const int httpuseragent_id = DetectBufferTypeGetByName("http_user_agent");
const int httpcookie_id = DetectBufferTypeGetByName("http_cookie");
const int httpstatcode_id = DetectBufferTypeGetByName("http_stat_code");
+ const int httpstatmsg_id = DetectBufferTypeGetByName("http_stat_msg");
if (s->init_data->init_flags & SIG_FLAG_INIT_BIDIREC) {
rule_bidirectional = 1;
raw_http_buf += 1;
http_raw_uri_buf += 1;
}
- else if (list_id == DETECT_SM_LIST_HSMDMATCH) {
+ else if (list_id == httpstatmsg_id) {
rule_pcre_http += 1;
raw_http_buf += 1;
http_stat_msg_buf += 1;
raw_http_buf += 1;
http_raw_uri_buf += 1;
}
- else if (list_id == DETECT_SM_LIST_HSMDMATCH) {
+ else if (list_id == httpstatmsg_id) {
rule_content_http += 1;
raw_http_buf += 1;
http_stat_msg_buf += 1;
return "http headers";
case DETECT_SM_LIST_HRHDMATCH:
return "http raw headers";
- case DETECT_SM_LIST_HSMDMATCH:
- return "http stat msg";
case DETECT_SM_LIST_APP_EVENT:
return "app layer events";
static int g_http_host_buffer_id = 0;
static int g_http_raw_host_buffer_id = 0;
static int g_http_stat_code_buffer_id = 0;
+static int g_http_stat_msg_buffer_id = 0;
/**
* \test Checks if a fast_pattern is registered in a Signature
"content:\"three\"; http_stat_msg; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_stat_msg_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
ud->flags & DETECT_CONTENT_NEGATED &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
goto end;
result = 0;
- sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_HSMDMATCH];
+ sm = de_ctx->sig_list->sm_lists[g_http_stat_msg_buffer_id];
if (sm != NULL) {
if ( ((DetectContentData *)sm->ctx)->flags &
DETECT_CONTENT_FAST_PATTERN) {
goto end;
result = 0;
- sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_HSMDMATCH];
+ sm = de_ctx->sig_list->sm_lists[g_http_stat_msg_buffer_id];
if (sm != NULL) {
if ( ((DetectContentData *)sm->ctx)->flags &
DETECT_CONTENT_FAST_PATTERN) {
if (de_ctx->sig_list == NULL)
goto end;
- sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_HSMDMATCH];
+ sm = de_ctx->sig_list->sm_lists[g_http_stat_msg_buffer_id];
if (sm == NULL) {
goto end;
}
if (de_ctx->sig_list == NULL)
goto end;
- sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_HSMDMATCH];
+ sm = de_ctx->sig_list->sm_lists[g_http_stat_msg_buffer_id];
if (sm == NULL) {
goto end;
}
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH]->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_stat_msg_buffer_id]->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP) &&
"content:\"two\"; fast_pattern:only; http_stat_msg; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH]->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_stat_msg_buffer_id]->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP) &&
"content:\"two\"; fast_pattern:only; http_stat_msg; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH]->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_stat_msg_buffer_id]->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP) &&
"content:\"two\"; fast_pattern:only; http_stat_msg; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH]->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_stat_msg_buffer_id]->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP) &&
"content:\"two\"; http_stat_msg; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_stat_msg_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
ud->flags & DETECT_CONTENT_NEGATED &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
"content:\"three\"; http_stat_msg; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_stat_msg_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
"content:\"three\"; http_stat_msg; distance:30; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_stat_msg_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
"content:\"three\"; http_stat_msg; within:30; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_stat_msg_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
"content:\"three\"; http_stat_msg; offset:30; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_stat_msg_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
"content:\"three\"; http_stat_msg; depth:30; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_stat_msg_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
"content:\"oneonethree\"; fast_pattern:3,4; http_stat_msg; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH]->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_stat_msg_buffer_id]->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
"content:\"oneonethree\"; fast_pattern:3,4; http_stat_msg; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH]->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_stat_msg_buffer_id]->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
"content:\"oneonethree\"; fast_pattern:3,4; http_stat_msg; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH]->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_stat_msg_buffer_id]->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
"content:\"oneonethree\"; fast_pattern:3,4; http_stat_msg; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH]->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_stat_msg_buffer_id]->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
"content:\"three\"; http_stat_msg; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_stat_msg_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
ud->flags & DETECT_CONTENT_NEGATED &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
"content:\"three\"; http_stat_msg; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HSMDMATCH]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_stat_msg_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
ud->flags & DETECT_CONTENT_NEGATED &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
g_http_host_buffer_id = DetectBufferTypeGetByName("http_host");
g_http_raw_host_buffer_id = DetectBufferTypeGetByName("http_raw_host");
g_http_stat_code_buffer_id = DetectBufferTypeGetByName("http_stat_code");
+ g_http_stat_msg_buffer_id = DetectBufferTypeGetByName("http_stat_msg");
UtRegisterTest("DetectFastPatternTest01", DetectFastPatternTest01);
UtRegisterTest("DetectFastPatternTest02", DetectFastPatternTest02);
#include "stream-tcp-private.h"
#include "stream-tcp.h"
-int DetectHttpStatMsgMatch (ThreadVars *, DetectEngineThreadCtx *,
- Flow *, uint8_t , void *, Signature *,
- SigMatch *);
static int DetectHttpStatMsgSetup(DetectEngineCtx *, Signature *, char *);
-void DetectHttpStatMsgRegisterTests(void);
-void DetectHttpStatMsgFree(void *);
+static void DetectHttpStatMsgRegisterTests(void);
+static void DetectHttpStatMsgSetupCallback(Signature *s);
+static int g_http_stat_msg_buffer_id = 0;
/**
* \brief Registration function for keyword: http_stat_msg
sigmatch_table[DETECT_AL_HTTP_STAT_MSG].flags |= SIGMATCH_NOOPT;
sigmatch_table[DETECT_AL_HTTP_STAT_MSG].flags |= SIGMATCH_PAYLOAD;
- DetectMpmAppLayerRegister("http_stat_msg", SIG_FLAG_TOCLIENT,
- DETECT_SM_LIST_HSMDMATCH, 3,
+ DetectAppLayerMpmRegister("http_stat_msg", SIG_FLAG_TOCLIENT, 3,
PrefilterTxHttpStatMsgRegister);
- DetectAppLayerInspectEngineRegister(ALPROTO_HTTP, SIG_FLAG_TOCLIENT,
- DETECT_SM_LIST_HSMDMATCH,
+ DetectAppLayerInspectEngineRegister2("http_stat_msg",
+ ALPROTO_HTTP, SIG_FLAG_TOCLIENT,
DetectEngineInspectHttpStatMsg);
+
+ DetectBufferTypeSetDescriptionByName("http_stat_msg",
+ "http response status message");
+
+ DetectBufferTypeRegisterSetupCallback("http_stat_msg",
+ DetectHttpStatMsgSetupCallback);
+
+ g_http_stat_msg_buffer_id = DetectBufferTypeGetByName("http_stat_msg");
}
/**
{
return DetectEngineContentModifierBufferSetup(de_ctx, s, arg,
DETECT_AL_HTTP_STAT_MSG,
- DETECT_SM_LIST_HSMDMATCH,
+ g_http_stat_msg_buffer_id,
ALPROTO_HTTP,
NULL);
}
+static void DetectHttpStatMsgSetupCallback(Signature *s)
+{
+ SCLogDebug("callback invoked by %u", s->id);
+ s->mask |= SIG_MASK_REQUIRE_HTTP_STATE;
+}
+
#ifdef UNITTESTS
/**
"fast_pattern; http_stat_msg; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- if (!(((DetectContentData *)de_ctx->sig_list->sm_lists[DETECT_SM_LIST_HSMDMATCH]->ctx)->flags &
+ if (!(((DetectContentData *)de_ctx->sig_list->sm_lists[g_http_stat_msg_buffer_id]->ctx)->flags &
DETECT_CONTENT_FAST_PATTERN))
{
goto end;
}
result = 0;
- sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_HSMDMATCH];
+ sm = de_ctx->sig_list->sm_lists[g_http_stat_msg_buffer_id];
if (sm == NULL) {
printf("no sigmatch(es): ");
goto end;
CASE_CODE_STRING(DETECT_SM_LIST_HCBDMATCH, "http_client_body");
CASE_CODE_STRING(DETECT_SM_LIST_HHDMATCH, "http_header");
CASE_CODE_STRING(DETECT_SM_LIST_HRHDMATCH, "http_raw_header");
- CASE_CODE_STRING(DETECT_SM_LIST_HSMDMATCH, "http_stat_msg");
CASE_CODE_STRING(DETECT_SM_LIST_APP_EVENT, "app-layer-event");
CASE_CODE_STRING(DETECT_SM_LIST_AMATCH, "app-layer");
CASE_CODE_STRING(DETECT_SM_LIST_DMATCH, "dcerpc");
CASE_CODE(DETECT_SM_LIST_HCBDMATCH);
CASE_CODE(DETECT_SM_LIST_HHDMATCH);
CASE_CODE(DETECT_SM_LIST_HRHDMATCH);
- CASE_CODE(DETECT_SM_LIST_HSMDMATCH);
CASE_CODE(DETECT_SM_LIST_APP_EVENT);
CASE_CODE(DETECT_SM_LIST_AMATCH);
CASE_CODE(DETECT_SM_LIST_DMATCH);
"with flow:to_client or flow:from_server");
SCReturnInt(0);
}
- } else if (fd->flags & FLOW_PKT_TOSERVER) {
- /* check for uricontent + from_server/to_client */
- if (s->init_data->smlists[DETECT_SM_LIST_HSMDMATCH] != NULL) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use http_"
- "server_body, http_stat_msg, http_stat_code "
- "with flow:to_server or flow:from_client");
- SCReturnInt(0);
- }
}
}
}
if (s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH] ||
s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH] ||
s->init_data->smlists_tail[DETECT_SM_LIST_HHDMATCH] ||
- s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH] ||
- s->init_data->smlists_tail[DETECT_SM_LIST_HSMDMATCH])
+ s->init_data->smlists_tail[DETECT_SM_LIST_HRHDMATCH])
{
SCLogError(SC_ERR_INVALID_SIGNATURE, "Signature combines packet "
"specific matches (like dsize, flags, ttl) with stream / "
*sm_list = DetectPcreSetList(*sm_list, list);
break;
}
- case 'Y':
+ case 'Y': {
/* snort's option */
- *sm_list = DetectPcreSetList(*sm_list, DETECT_SM_LIST_HSMDMATCH);
+ int list = DetectBufferTypeGetByName("http_stat_msg");
+ *sm_list = DetectPcreSetList(*sm_list, list);
break;
+ }
case 'S': {
/* snort's option */
int list = DetectBufferTypeGetByName("http_stat_code");
if (parsed_sm_list == DETECT_SM_LIST_HRUDMATCH ||
parsed_sm_list == DETECT_SM_LIST_HCBDMATCH ||
parsed_sm_list == DETECT_SM_LIST_HHDMATCH ||
- parsed_sm_list == DETECT_SM_LIST_HRHDMATCH ||
- parsed_sm_list == DETECT_SM_LIST_HSMDMATCH)
+ parsed_sm_list == DETECT_SM_LIST_HRHDMATCH)
{
if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "Invalid option. "
case DETECT_SM_LIST_HRUDMATCH:
case DETECT_SM_LIST_HHDMATCH:
case DETECT_SM_LIST_HRHDMATCH:
- case DETECT_SM_LIST_HSMDMATCH:
s->flags |= SIG_FLAG_APPLAYER;
s->alproto = ALPROTO_HTTP;
sm_list = parsed_sm_list;
if (s->init_data->smlists[DETECT_SM_LIST_HRUDMATCH] != NULL)
return 0;
- if (s->init_data->smlists[DETECT_SM_LIST_HSMDMATCH] != NULL)
- return 0;
-
if (s->init_data->smlists[DETECT_SM_LIST_AMATCH] != NULL)
return 0;
if (s->init_data->smlists[DETECT_SM_LIST_HRUDMATCH] != NULL)
return 0;
- if (s->init_data->smlists[DETECT_SM_LIST_HSMDMATCH] != NULL)
- return 0;
-
if (s->init_data->smlists[DETECT_SM_LIST_AMATCH] != NULL)
return 0;
s->init_data->smlists[DETECT_SM_LIST_HCBDMATCH] != NULL ||
s->init_data->smlists[DETECT_SM_LIST_HHDMATCH] != NULL ||
s->init_data->smlists[DETECT_SM_LIST_HRHDMATCH] != NULL ||
- s->init_data->smlists[DETECT_SM_LIST_HSMDMATCH] != NULL ||
s->init_data->smlists[DETECT_SM_LIST_HRUDMATCH] != NULL)
{
SCReturnInt(0);
SCLogDebug("sig requires http app state");
}
- if (s->init_data->smlists[DETECT_SM_LIST_HSMDMATCH] != NULL) {
- s->mask |= SIG_MASK_REQUIRE_HTTP_STATE;
- SCLogDebug("sig requires http app state");
- }
-
SigMatch *sm;
for (sm = s->init_data->smlists[DETECT_SM_LIST_AMATCH] ; sm != NULL; sm = sm->next) {
switch(sm->type) {
DETECT_SM_LIST_HHDMATCH,
/* list for http_raw_header keyword and the ones relative to it */
DETECT_SM_LIST_HRHDMATCH,
- /* list for http_stat_msg keyword and the ones relative to it */
- DETECT_SM_LIST_HSMDMATCH,
/* app event engine sm list */
DETECT_SM_LIST_APP_EVENT,
projects / thirdparty / suricata.git / commitdiff
