if (cd->flags & DETECT_CONTENT_NEGATED) {
if (cd->flags & DETECT_CONTENT_FAST_PATTERN) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't have a relative "
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative "
"negated keyword set along with a fast_pattern");
goto error;
}
} else {
if (cd->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't have a relative "
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative "
"keyword set along with a fast_pattern:only;");
goto error;
}
}
if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't use a relative keyword "
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use a relative keyword "
"with a non-relative keyword for the same content." );
goto error;
}
if (cd->flags & DETECT_CONTENT_DEPTH) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't use multiple depths for the same content.");
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use multiple depths for the same content.");
goto error;
}
DetectByteExtractRetrieveSMVar(str, s,
SigMatchListSMBelongsTo(s, pm));
if (bed_sm == NULL) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown byte_extract var "
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "unknown byte_extract var "
"seen in depth - %s\n", str);
goto error;
}
if (cd->flags & DETECT_CONTENT_NEGATED) {
if (cd->flags & DETECT_CONTENT_FAST_PATTERN) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't have a relative "
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative "
"negated keyword set along with a fast_pattern");
goto error;
}
} else {
if (cd->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't have a relative "
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative "
"keyword set along with a fast_pattern:only;");
goto error;
}
}
if (cd->flags & DETECT_CONTENT_DEPTH || cd->flags & DETECT_CONTENT_OFFSET) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't use a relative keyword "
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use a relative keyword "
"with a non-relative keyword for the same content." );
goto error;
}
if (cd->flags & DETECT_CONTENT_DISTANCE) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't use multiple distances with the same content. ");
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use multiple distances with the same content. ");
goto error;
}
DetectByteExtractRetrieveSMVar(str, s,
SigMatchListSMBelongsTo(s, pm));
if (bed_sm == NULL) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown byte_extract var "
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "unknown byte_extract var "
"seen in distance - %s\n", str);
goto error;
}
/* Set the relative next flag on the prev sigmatch */
cd = (DetectContentData *)pm->ctx;
if (cd == NULL) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-"
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "unknown previous-"
"previous keyword!");
goto error;
}
cd->flags |= DETECT_CONTENT_RELATIVE_NEXT;
if (cd->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "Previous keyword "
- "has a fast_pattern:only; set. You can't "
- "have relative keywords around a fast_pattern "
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "previous keyword "
+ "has a fast_pattern:only; set. Can't have "
+ "relative keywords around a fast_pattern "
"only content");
goto error;
}
case DETECT_PCRE:
pe = (DetectPcreData *) pm->ctx;
if (pe == NULL) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-"
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "unknown previous-"
"previous keyword!");
goto error;
}
break;
case DETECT_BYTEJUMP:
- SCLogDebug("No setting relative_next for bytejump. We "
+ SCLogDebug("no setting relative_next for bytejump. We "
"have no use for it");
break;
default:
/* this will never hit */
- SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-"
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "unknown previous-"
"previous keyword!");
break;
}
} else if (strcmp(sgh_mpm_context, "full") == 0) {
de_ctx->sgh_mpm_context = ENGINE_SGH_MPM_FACTORY_CONTEXT_FULL;
} else {
- SCLogWarning(SC_ERR_INVALID_YAML_CONF_ENTRY, "You have supplied an "
- "invalid conf value for detect-engine.sgh-mpm-context-"
- "%s", sgh_mpm_context);
+ SCLogWarning(SC_ERR_INVALID_YAML_CONF_ENTRY, "invalid conf value "
+ "for detect-engine.sgh-mpm-context -- %s", sgh_mpm_context);
}
}
/* we can't have any of these if we are having "only" */
SCLogError(SC_ERR_INVALID_SIGNATURE, "fast_pattern; cannot be "
- "used with negated content, along with relative modifiers.");
+ "used with negated content, along with relative modifiers");
goto error;
}
if (arg == NULL|| strcmp(arg, "") == 0) {
if (cd->flags & DETECT_CONTENT_FAST_PATTERN) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't use multiple fast_pattern options for the same content. ");
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use multiple fast_pattern "
+ "options for the same content");
goto error;
}
cd->flags |= DETECT_CONTENT_FAST_PATTERN;
switch (data->op) {
case DETECT_IPPROTO_OP_EQ:
if (eq_set || gt_set || lt_set || not_set) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "We can't use a eq "
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use a eq "
"ipproto without any operators attached to "
"them in the same sig");
goto error;
case DETECT_IPPROTO_OP_GT:
if (eq_set || gt_set) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "We can't use a eq or gt "
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use a eq or gt "
"ipproto along with a greater than ipproto in the "
"same sig ");
goto error;
if (temp_sm != NULL) {
DetectIPProtoData *data_temp = temp_sm->ctx;
if (data_temp->proto <= data->proto) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "We can't use a have "
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have "
"both gt and lt ipprotos, with the lt being "
"lower than gt value");
goto error;
/* Updated by AS. Please do not remove this unused code.
* Need it as we redo this code once we solve ipproto
* multiple uses */
- SCLogError(SC_ERR_INVALID_SIGNATURE, "We can't use a have "
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have "
"both gt and lt ipprotos, with the lt being "
"lower than gt value");
goto error;
case DETECT_IPPROTO_OP_LT:
if (eq_set || lt_set) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "We can't use a eq or lt "
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use a eq or lt "
"ipproto along with a less than ipproto in the "
"same sig ");
goto error;
/* Updated by AS. Please do not remove this unused code.
* Need it as we redo this code once we solve ipproto
* multiple uses */
- SCLogError(SC_ERR_INVALID_SIGNATURE, "We can't use a have "
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use a have "
"both gt and lt ipprotos, with the lt being "
"lower than gt value");
goto error;
/* Updated by AS. Please do not remove this unused code.
* Need it as we redo this code once we solve ipproto
* multiple uses */
- SCLogError(SC_ERR_INVALID_SIGNATURE, "We can't use a have "
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have "
"both gt and lt ipprotos, with the lt being "
"lower than gt value");
goto error;
case DETECT_IPPROTO_OP_NOT:
if (eq_set) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "We can't use a eq "
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use a eq "
"ipproto along with a not ipproto in the "
"same sig ");
goto error;
SCReturnInt(-1);
}
if (cd->flags & DETECT_CONTENT_NOCASE) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't use multiple nocase modifiers with the same content; ignoring this option. ");
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use multiple nocase modifiers with the same content");
SCReturnInt(-1);
}
cd->flags |= DETECT_CONTENT_NOCASE;
if (cd->flags & DETECT_CONTENT_NEGATED) {
if (cd->flags & DETECT_CONTENT_FAST_PATTERN) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't have a relative "
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative "
"negated keyword set along with a fast_pattern");
goto error;
}
} else {
if (cd->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't have a relative "
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative "
"keyword set along with a fast_pattern:only;");
goto error;
}
}
if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't use a relative keyword "
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use a relative keyword "
"with a non-relative keyword for the same content." );
goto error;
}
if (cd->flags & DETECT_CONTENT_OFFSET) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't use multiple offsets for the same content. ");
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use multiple offsets for the same content. ");
goto error;
}
DetectByteExtractRetrieveSMVar(str, s,
SigMatchListSMBelongsTo(s, pm));
if (bed_sm == NULL) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown byte_extract var "
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "unknown byte_extract var "
"seen in offset - %s\n", str);
goto error;
}
default:
SCLogError(SC_ERR_OFFSET_MISSING_CONTENT, "offset needs a preceeding"
- " content or uricontent option");
+ " content keyword");
goto error;
}
"(non zero as well) to this function, since we need a "
"SigMatch list for every SigMatch type(send a map of sm_type "
"and sm_list) sent");
- return NULL;
+ /* as this is a bug we should abort to ease debugging */
+ BUG_ON(1);
}
SigMatch *sm_list[args / 2];
{
DetectContentData *cd = (DetectContentData *)pm->ctx;
if (cd->flags & DETECT_CONTENT_RAWBYTES) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't use multiple rawbytes modifiers for the same content. ");
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use multiple rawbytes modifiers for the same content. ");
SCReturnInt(-1);
}
cd->flags |= DETECT_CONTENT_RAWBYTES;
return -1;
}
if (ud->flags & DETECT_CONTENT_NEGATED) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't have a relative "
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative "
"negated keyword set along with a replacement");
goto error;
}
if (ud->content_len != len) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't have a content "
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a content "
"length different from replace length");
goto error;
}
pm1 = SigMatchGetLastSMFromLists(s, 2, DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH]);
if (dm == NULL && pm1 == NULL) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid signature. within "
- "needs a preceding content keyword");
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "\"within\" requires a "
+ "preceding content keyword");
goto error;
}
DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSCDMATCH],
DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HRUDMATCH]);
if (pm == NULL) {
- SCLogError(SC_ERR_WITHIN_MISSING_CONTENT, "within needs"
+ SCLogError(SC_ERR_WITHIN_MISSING_CONTENT, "\"within\" requires "
"preceeding content, uricontent, http_client_body, "
"http_server_body, http_header, http_raw_header, "
"http_method, http_cookie, http_raw_uri, "
case DETECT_CONTENT:
cd = (DetectContentData *)pm->ctx;
if (cd == NULL) {
- SCLogError(SC_ERR_RULE_KEYWORD_UNKNOWN, "Unknown previous keyword!\n");
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "content error");
goto error;
}
if (cd->flags & DETECT_CONTENT_NEGATED) {
if (cd->flags & DETECT_CONTENT_FAST_PATTERN) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't have a relative "
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative "
"negated keyword set along with a fast_pattern");
goto error;
}
} else {
if (cd->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't have a relative "
- "keyword set along with a fast_pattern:only;");
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative "
+ "keyword set along with a fast_pattern:only");
goto error;
}
}
if (cd->flags & DETECT_CONTENT_DEPTH || cd->flags & DETECT_CONTENT_OFFSET) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "You can't use a relative keyword "
- "with a non-relative keyword for the same content." );
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use a relative keyword "
+ "with a non-relative keyword for the same content" );
goto error;
}
DetectByteExtractRetrieveSMVar(str, s,
SigMatchListSMBelongsTo(s, pm));
if (bed_sm == NULL) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown byte_extract var "
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "unknown byte_extract var "
"seen in within - %s\n", str);
goto error;
}
if (pm == NULL) {
if (s->alproto == ALPROTO_DCERPC) {
SCLogDebug("content relative without a previous content based "
- "keyword. Holds good only in the case of DCERPC "
+ "keyword. Holds good only in the case of DCERPC "
"alproto like now.");
} else {
//SCLogError(SC_ERR_INVALID_SIGNATURE, "No related "
/* Set the relative next flag on the prev sigmatch */
cd = (DetectContentData *)pm->ctx;
if (cd == NULL) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-"
- "previous keyword!");
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "content error");
goto error;
}
cd->flags |= DETECT_CONTENT_RELATIVE_NEXT;
if (cd->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "Previous keyword "
- "has a fast_pattern:only; set. You can't "
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "previous keyword "
+ "has a fast_pattern:only; set. Can't "
"have relative keywords around a fast_pattern "
"only content");
goto error;
case DETECT_PCRE:
pe = (DetectPcreData *) pm->ctx;
if (pe == NULL) {
- SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-"
- "previous keyword!");
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "pcre error");
goto error;
}
pe->flags |= DETECT_PCRE_RELATIVE_NEXT;
break;
case DETECT_BYTEJUMP:
- SCLogDebug("No setting relative_next for bytejump. We "
+ SCLogDebug("no setting relative_next for bytejump. We "
"have no use for it");
break;
default:
/* this will never hit */
- SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-"
- "previous keyword!");
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "unsupported type %d", pm->type);
break;
}
}
projects / thirdparty / suricata.git / commitdiff
