fprintf(fp_engine_analysis_FD, "content\n");
else if (list_type == DETECT_SM_LIST_HRUDMATCH)
fprintf(fp_engine_analysis_FD, "http raw uri content\n");
- else if (list_type == DETECT_SM_LIST_HCBDMATCH)
- fprintf(fp_engine_analysis_FD, "http client body content\n");
else {
const char *desc = DetectBufferTypeGetDescriptionById(list_type);
const char *name = DetectBufferTypeGetNameById(list_type);
}
else if (list_type == DETECT_SM_LIST_HRUDMATCH)
fprintf(rule_engine_analysis_FD, "http raw uri content");
- else if (list_type == DETECT_SM_LIST_HCBDMATCH)
- fprintf(rule_engine_analysis_FD, "http client body content");
else if (list_type == DETECT_SM_LIST_DNSQUERYNAME_MATCH)
fprintf(rule_engine_analysis_FD, "dns query name content");
else if (list_type == DETECT_SM_LIST_TLSSNI_MATCH)
const int httpstatmsg_id = DetectBufferTypeGetByName("http_stat_msg");
const int httpheader_id = DetectBufferTypeGetByName("http_header");
const int httprawheader_id = DetectBufferTypeGetByName("http_raw_header");
+ const int httpclientbody_id = DetectBufferTypeGetByName("http_client_body");
if (s->init_data->init_flags & SIG_FLAG_INIT_BIDIREC) {
rule_bidirectional = 1;
SigMatch *sm = NULL;
for (sm = s->init_data->smlists[list_id]; sm != NULL; sm = sm->next) {
if (sm->type == DETECT_PCRE) {
- if (list_id == DETECT_SM_LIST_HCBDMATCH) {
+ if (list_id == httpclientbody_id) {
rule_pcre_http += 1;
http_client_body_buf += 1;
raw_http_buf += 1;
http_cookie_buf += 1;
}
}
- else if (list_id == DETECT_SM_LIST_HCBDMATCH) {
+ else if (list_id == httpclientbody_id) {
rule_content_http += 1;
raw_http_buf += 1;
http_client_body_buf += 1;
case DETECT_SM_LIST_HRUDMATCH:
return "http raw uri";
- case DETECT_SM_LIST_HCBDMATCH:
- return "http client body";
case DETECT_SM_LIST_APP_EVENT:
return "app layer events";
static int g_http_stat_msg_buffer_id = 0;
static int g_http_raw_header_buffer_id = 0;
static int g_http_header_buffer_id = 0;
+static int g_http_client_body_buffer_id = 0;
/**
* \test Checks if a fast_pattern is registered in a Signature
"(content:\"one\"; http_client_body; content:!\"oneonetwo\"; fast_pattern:3,4; http_client_body; content:\"three\"; http_client_body; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
ud->flags & DETECT_CONTENT_NEGATED &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
goto end;
result = 0;
- sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_HCBDMATCH];
+ sm = de_ctx->sig_list->sm_lists[g_http_client_body_buffer_id];
if (sm != NULL) {
if ( ((DetectContentData *)sm->ctx)->flags &
DETECT_CONTENT_FAST_PATTERN) {
goto end;
result = 0;
- sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_HCBDMATCH];
+ sm = de_ctx->sig_list->sm_lists[g_http_client_body_buffer_id];
if (sm != NULL) {
if ( ((DetectContentData *)sm->ctx)->flags &
DETECT_CONTENT_FAST_PATTERN) {
goto end;
result = 0;
- sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_HCBDMATCH];
+ sm = de_ctx->sig_list->sm_lists[g_http_client_body_buffer_id];
DetectContentData *ud = (DetectContentData *)sm->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY &&
goto end;
result = 0;
- sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_HCBDMATCH];
+ sm = de_ctx->sig_list->sm_lists[g_http_client_body_buffer_id];
DetectContentData *ud = (DetectContentData *)sm->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP) &&
"(content:\"one\"; http_client_body; content:\"two\"; http_client_body; within:30; content:\"two\"; fast_pattern:only; http_client_body; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP) &&
"(content:\"one\"; http_client_body; content:\"two\"; http_client_body; offset:30; content:\"two\"; fast_pattern:only; http_client_body; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP) &&
"(content:\"one\"; http_client_body; content:\"two\"; http_client_body; depth:30; content:\"two\"; fast_pattern:only; http_client_body; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP) &&
"(content:!\"one\"; fast_pattern; http_client_body; content:\"two\"; http_client_body; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
ud->flags & DETECT_CONTENT_NEGATED &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
"(content:\"one\"; http_client_body; content:\"oneonetwo\"; fast_pattern:3,4; http_client_body; content:\"three\"; http_client_body; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
"(content:\"one\"; http_client_body; content:\"oneonetwo\"; fast_pattern:3,4; http_client_body; content:\"three\"; http_client_body; distance:30; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
"(content:\"one\"; http_client_body; content:\"oneonetwo\"; fast_pattern:3,4; http_client_body; content:\"three\"; http_client_body; within:30; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
"(content:\"one\"; http_client_body; content:\"oneonetwo\"; fast_pattern:3,4; http_client_body; content:\"three\"; http_client_body; offset:30; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
"(content:\"one\"; http_client_body; content:\"oneonetwo\"; fast_pattern:3,4; http_client_body; content:\"three\"; http_client_body; depth:30; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
"(content:\"one\"; http_client_body; content:\"two\"; http_client_body; distance:10; content:\"oneonethree\"; fast_pattern:3,4; http_client_body; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
"(content:\"one\"; http_client_body; content:\"two\"; http_client_body; within:10; content:\"oneonethree\"; fast_pattern:3,4; http_client_body; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
"(content:\"one\"; http_client_body; content:\"two\"; http_client_body; offset:10; content:\"oneonethree\"; fast_pattern:3,4; http_client_body; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
"(content:\"one\"; http_client_body; content:\"two\"; http_client_body; depth:10; content:\"oneonethree\"; fast_pattern:3,4; http_client_body; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
ud->flags & DETECT_CONTENT_FAST_PATTERN_CHOP &&
"(content:\"one\"; http_client_body; content:!\"oneonetwo\"; fast_pattern:3,4; http_client_body; content:\"three\"; http_client_body; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
ud->flags & DETECT_CONTENT_NEGATED &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
"(content:\"one\"; http_client_body; content:!\"oneonetwo\"; fast_pattern:3,4; http_client_body; content:\"three\"; http_client_body; sid:1;)");
if (de_ctx->sig_list == NULL)
goto end;
- DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev->ctx;
+ DetectContentData *ud = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev->ctx;
if (ud->flags & DETECT_CONTENT_FAST_PATTERN &&
ud->flags & DETECT_CONTENT_NEGATED &&
!(ud->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) &&
g_http_stat_msg_buffer_id = DetectBufferTypeGetByName("http_stat_msg");
g_http_header_buffer_id = DetectBufferTypeGetByName("http_header");
g_http_raw_header_buffer_id = DetectBufferTypeGetByName("http_raw_header");
+ g_http_client_body_buffer_id = DetectBufferTypeGetByName("http_client_body");
UtRegisterTest("DetectFastPatternTest01", DetectFastPatternTest01);
UtRegisterTest("DetectFastPatternTest02", DetectFastPatternTest02);
#include "detect-engine-hcbd.h"
#include "stream-tcp.h"
-int DetectHttpClientBodySetup(DetectEngineCtx *, Signature *, char *);
-void DetectHttpClientBodyRegisterTests(void);
-void DetectHttpClientBodyFree(void *);
+static int DetectHttpClientBodySetup(DetectEngineCtx *, Signature *, char *);
+static void DetectHttpClientBodyRegisterTests(void);
+static void DetectHttpClientBodyFree(void *);
+static void DetectHttpClientBodySetupCallback(Signature *s);
+static int g_http_client_body_buffer_id = 0;
/**
* \brief Registers the keyword handlers for the "http_client_body" keyword.
sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].flags |= SIGMATCH_NOOPT ;
sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].flags |= SIGMATCH_PAYLOAD ;
- DetectMpmAppLayerRegister("http_client_body", SIG_FLAG_TOSERVER,
- DETECT_SM_LIST_HCBDMATCH, 2,
+ DetectAppLayerMpmRegister("http_client_body", SIG_FLAG_TOSERVER, 2,
PrefilterTxHttpRequestBodyRegister);
- DetectAppLayerInspectEngineRegister(ALPROTO_HTTP, SIG_FLAG_TOSERVER,
- DETECT_SM_LIST_HCBDMATCH,
+ DetectAppLayerInspectEngineRegister2("http_client_body",
+ ALPROTO_HTTP, SIG_FLAG_TOSERVER,
DetectEngineInspectHttpClientBody);
+
+ DetectBufferTypeSetDescriptionByName("http_client_body",
+ "http request body");
+
+ DetectBufferTypeRegisterSetupCallback("http_client_body",
+ DetectHttpClientBodySetupCallback);
+
+ g_http_client_body_buffer_id = DetectBufferTypeGetByName("http_client_body");
}
static void DetectHttpClientBodySetupCallback(Signature *s)
{
+ SCLogDebug("callback invoked by %u", s->id);
AppLayerHtpEnableRequestBodyCallback();
- return;
+ s->mask |= SIG_MASK_REQUIRE_HTTP_STATE;
}
/**
{
return DetectEngineContentModifierBufferSetup(de_ctx, s, arg,
DETECT_AL_HTTP_CLIENT_BODY,
- DETECT_SM_LIST_HCBDMATCH,
+ g_http_client_body_buffer_id,
ALPROTO_HTTP,
- DetectHttpClientBodySetupCallback);
+ NULL);
}
/**
#ifdef UNITTESTS
+#include "detect-isdataat.h"
#include "stream-tcp-reassemble.h"
/**
goto end;
}
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_HCBDMATCH] == NULL) {
- printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_HCBDMATCH] == NULL\n");
+ if (de_ctx->sig_list->sm_lists[g_http_client_body_buffer_id] == NULL) {
+ printf("de_ctx->sig_list->sm_lists[g_http_client_body_buffer_id] == NULL\n");
goto end;
}
DetectContentData *cd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->prev->ctx;
DetectContentData *cd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
- DetectContentData *hcbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev->ctx;
- DetectContentData *hcbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->ctx;
+ DetectContentData *hcbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev->ctx;
+ DetectContentData *hcbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->ctx;
if (cd1->flags != 0 || memcmp(cd1->content, "one", cd1->content_len) != 0 ||
cd2->flags != 0 || memcmp(cd2->content, "four", cd2->content_len) != 0 ||
hcbd1->flags != DETECT_CONTENT_RELATIVE_NEXT ||
goto end;
}
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_HCBDMATCH] == NULL) {
- printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_HCBDMATCH] == NULL\n");
+ if (de_ctx->sig_list->sm_lists[g_http_client_body_buffer_id] == NULL) {
+ printf("de_ctx->sig_list->sm_lists[g_http_client_body_buffer_id] == NULL\n");
goto end;
}
DetectPcreData *pd1 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->prev->ctx;
DetectContentData *cd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
- DetectContentData *hcbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev->ctx;
- DetectContentData *hcbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->ctx;
+ DetectContentData *hcbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev->ctx;
+ DetectContentData *hcbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->ctx;
if (pd1->flags != 0 ||
cd2->flags != 0 || memcmp(cd2->content, "four", cd2->content_len) != 0 ||
hcbd1->flags != DETECT_CONTENT_RELATIVE_NEXT ||
goto end;
}
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_HCBDMATCH] == NULL) {
- printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_HCBDMATCH] == NULL\n");
+ if (de_ctx->sig_list->sm_lists[g_http_client_body_buffer_id] == NULL) {
+ printf("de_ctx->sig_list->sm_lists[g_http_client_body_buffer_id] == NULL\n");
goto end;
}
DetectPcreData *pd1 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->prev->ctx;
DetectContentData *cd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
- DetectContentData *hcbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev->ctx;
- DetectContentData *hcbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->ctx;
+ DetectContentData *hcbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev->ctx;
+ DetectContentData *hcbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->ctx;
if (pd1->flags != 0 ||
cd2->flags != 0 || memcmp(cd2->content, "four", cd2->content_len) != 0 ||
hcbd1->flags != DETECT_CONTENT_RELATIVE_NEXT ||
goto end;
}
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_HCBDMATCH] == NULL) {
- printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_HCBDMATCH] == NULL\n");
+ if (de_ctx->sig_list->sm_lists[g_http_client_body_buffer_id] == NULL) {
+ printf("de_ctx->sig_list->sm_lists[g_http_client_body_buffer_id] == NULL\n");
goto end;
}
DetectPcreData *pd1 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->prev->ctx;
DetectContentData *cd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
- DetectContentData *hcbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev->ctx;
- DetectContentData *hcbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->ctx;
+ DetectContentData *hcbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev->ctx;
+ DetectContentData *hcbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->ctx;
if (pd1->flags != DETECT_PCRE_RELATIVE_NEXT ||
cd2->flags != DETECT_CONTENT_DISTANCE ||
memcmp(cd2->content, "four", cd2->content_len) != 0 ||
goto end;
}
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_HCBDMATCH] == NULL) {
- printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_HCBDMATCH] == NULL\n");
+ if (de_ctx->sig_list->sm_lists[g_http_client_body_buffer_id] == NULL) {
+ printf("de_ctx->sig_list->sm_lists[g_http_client_body_buffer_id] == NULL\n");
goto end;
}
DetectPcreData *pd1 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->prev->ctx;
DetectContentData *cd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
- DetectContentData *hcbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev->ctx;
- DetectContentData *hcbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->ctx;
+ DetectContentData *hcbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev->ctx;
+ DetectContentData *hcbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->ctx;
if (pd1->flags != (DETECT_PCRE_RELATIVE_NEXT) ||
cd2->flags != DETECT_CONTENT_DISTANCE ||
memcmp(cd2->content, "four", cd2->content_len) != 0 ||
goto end;
}
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_HCBDMATCH] == NULL) {
- printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_HCBDMATCH] == NULL\n");
+ if (de_ctx->sig_list->sm_lists[g_http_client_body_buffer_id] == NULL) {
+ printf("de_ctx->sig_list->sm_lists[g_http_client_body_buffer_id] == NULL\n");
goto end;
}
DetectPcreData *pd1 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->prev->ctx;
DetectContentData *cd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
- DetectContentData *hcbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev->ctx;
- DetectContentData *hcbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->ctx;
+ DetectContentData *hcbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev->ctx;
+ DetectContentData *hcbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->ctx;
if (pd1->flags != (DETECT_PCRE_RELATIVE_NEXT) ||
cd2->flags != DETECT_CONTENT_DISTANCE ||
memcmp(cd2->content, "four", cd2->content_len) != 0 ||
goto end;
}
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_HCBDMATCH] == NULL) {
- printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_HCBDMATCH] == NULL\n");
+ if (de_ctx->sig_list->sm_lists[g_http_client_body_buffer_id] == NULL) {
+ printf("de_ctx->sig_list->sm_lists[g_http_client_body_buffer_id] == NULL\n");
goto end;
}
- DetectContentData *hcbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev->ctx;
- DetectContentData *hcbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->ctx;
+ DetectContentData *hcbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev->ctx;
+ DetectContentData *hcbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->ctx;
if (hcbd1->flags != DETECT_CONTENT_RELATIVE_NEXT ||
memcmp(hcbd1->content, "one", hcbd1->content_len) != 0 ||
hcbd2->flags != DETECT_CONTENT_DISTANCE ||
goto end;
}
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_HCBDMATCH] == NULL) {
- printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_HCBDMATCH] == NULL\n");
+ if (de_ctx->sig_list->sm_lists[g_http_client_body_buffer_id] == NULL) {
+ printf("de_ctx->sig_list->sm_lists[g_http_client_body_buffer_id] == NULL\n");
goto end;
}
- DetectContentData *hcbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev->ctx;
- DetectContentData *hcbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->ctx;
+ DetectContentData *hcbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev->ctx;
+ DetectContentData *hcbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->ctx;
if (hcbd1->flags != DETECT_CONTENT_RELATIVE_NEXT ||
memcmp(hcbd1->content, "one", hcbd1->content_len) != 0 ||
hcbd2->flags != DETECT_CONTENT_WITHIN ||
goto end;
}
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_HCBDMATCH] == NULL) {
- printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_HCBDMATCH] == NULL\n");
+ if (de_ctx->sig_list->sm_lists[g_http_client_body_buffer_id] == NULL) {
+ printf("de_ctx->sig_list->sm_lists[g_http_client_body_buffer_id] == NULL\n");
goto end;
}
- if (de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH] == NULL ||
- de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->type != DETECT_CONTENT ||
- de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev == NULL ||
- de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev->type != DETECT_PCRE) {
+ if (de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id] == NULL ||
+ de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->type != DETECT_CONTENT ||
+ de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev == NULL ||
+ de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev->type != DETECT_PCRE) {
goto end;
}
- DetectPcreData *pd1 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev->ctx;
- DetectContentData *hcbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->ctx;
+ DetectPcreData *pd1 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev->ctx;
+ DetectContentData *hcbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->ctx;
if (pd1->flags != (DETECT_PCRE_RELATIVE_NEXT) ||
hcbd2->flags != DETECT_CONTENT_WITHIN ||
memcmp(hcbd2->content, "two", hcbd2->content_len) != 0) {
goto end;
}
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_HCBDMATCH] == NULL) {
- printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_HCBDMATCH] == NULL\n");
+ if (de_ctx->sig_list->sm_lists[g_http_client_body_buffer_id] == NULL) {
+ printf("de_ctx->sig_list->sm_lists[g_http_client_body_buffer_id] == NULL\n");
goto end;
}
- if (de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH] == NULL ||
- de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->type != DETECT_PCRE ||
- de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev == NULL ||
- de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev->type != DETECT_CONTENT) {
+ if (de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id] == NULL ||
+ de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->type != DETECT_PCRE ||
+ de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev == NULL ||
+ de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev->type != DETECT_CONTENT) {
goto end;
}
- DetectContentData *hcbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev->ctx;
- DetectPcreData *pd2 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->ctx;
+ DetectContentData *hcbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev->ctx;
+ DetectPcreData *pd2 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->ctx;
if (pd2->flags != (DETECT_PCRE_RELATIVE) ||
hcbd1->flags != DETECT_CONTENT_RELATIVE_NEXT ||
memcmp(hcbd1->content, "two", hcbd1->content_len) != 0) {
goto end;
}
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_HCBDMATCH] == NULL) {
- printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_HCBDMATCH] == NULL\n");
+ if (de_ctx->sig_list->sm_lists[g_http_client_body_buffer_id] == NULL) {
+ printf("de_ctx->sig_list->sm_lists[g_http_client_body_buffer_id] == NULL\n");
goto end;
}
- if (de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH] == NULL ||
- de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->type != DETECT_CONTENT ||
- de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev == NULL ||
- de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev->type != DETECT_PCRE) {
+ if (de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id] == NULL ||
+ de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->type != DETECT_CONTENT ||
+ de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev == NULL ||
+ de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev->type != DETECT_PCRE) {
goto end;
}
- DetectPcreData *pd1 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->prev->ctx;
- DetectContentData *hcbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->ctx;
+ DetectPcreData *pd1 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->prev->ctx;
+ DetectContentData *hcbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_client_body_buffer_id]->ctx;
if (pd1->flags != (DETECT_PCRE_RELATIVE_NEXT) ||
hcbd2->flags != DETECT_CONTENT_DISTANCE ||
memcmp(hcbd2->content, "two", hcbd2->content_len) != 0) {
return result;
}
+static int DetectHttpClientBodyIsdataatParseTest(void)
+{
+ DetectEngineCtx *de_ctx = DetectEngineCtxInit();
+ FAIL_IF_NULL(de_ctx);
+ de_ctx->flags |= DE_QUIET;
+
+ Signature *s = DetectEngineAppendSig(de_ctx,
+ "alert tcp any any -> any any ("
+ "content:\"one\"; http_client_body; "
+ "isdataat:!4,relative; sid:1;)");
+ FAIL_IF_NULL(s);
+
+ SigMatch *sm = s->init_data->smlists_tail[g_http_client_body_buffer_id];
+ FAIL_IF_NULL(sm);
+ FAIL_IF_NOT(sm->type == DETECT_ISDATAAT);
+
+ DetectIsdataatData *data = (DetectIsdataatData *)sm->ctx;
+ FAIL_IF_NOT(data->flags & ISDATAAT_RELATIVE);
+ FAIL_IF_NOT(data->flags & ISDATAAT_NEGATED);
+ FAIL_IF(data->flags & ISDATAAT_RAWBYTES);
+
+ DetectEngineCtxFree(de_ctx);
+ PASS;
+}
+
#endif /* UNITTESTS */
void DetectHttpClientBodyRegisterTests(void)
UtRegisterTest("DetectHttpClientBodyTest34", DetectHttpClientBodyTest34);
UtRegisterTest("DetectHttpClientBodyTest35", DetectHttpClientBodyTest35);
UtRegisterTest("DetectHttpClientBodyTest36", DetectHttpClientBodyTest36);
+
+ UtRegisterTest("DetectHttpClientBodyIsdataatParseTest",
+ DetectHttpClientBodyIsdataatParseTest);
+
#endif /* UNITTESTS */
return;
return result;
}
-int DetectIsdataatTestParse09(void)
-{
- DetectEngineCtx *de_ctx = NULL;
- int result = 0;
- Signature *s = NULL;
- DetectIsdataatData *data = NULL;
-
- de_ctx = DetectEngineCtxInit();
- if (de_ctx == NULL)
- goto end;
-
- de_ctx->flags |= DE_QUIET;
- de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
- "(msg:\"Testing bytejump_body\"; "
- "content:\"one\"; http_client_body; "
- "isdataat:!4,relative; sid:1;)");
- if (de_ctx->sig_list == NULL) {
- goto end;
- }
-
- s = de_ctx->sig_list;
- if (s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH] == NULL) {
- goto end;
- }
-
- result = 1;
-
- result &= (s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->type == DETECT_ISDATAAT);
- data = (DetectIsdataatData *)s->sm_lists_tail[DETECT_SM_LIST_HCBDMATCH]->ctx;
- if ( !(data->flags & ISDATAAT_RELATIVE) ||
- (data->flags & ISDATAAT_RAWBYTES) ||
- !(data->flags & ISDATAAT_NEGATED) ) {
- result = 0;
- goto end;
- }
-
- end:
- SigGroupCleanup(de_ctx);
- SigCleanSignatures(de_ctx);
- DetectEngineCtxFree(de_ctx);
-
- return result;
-}
-
/**
* \test dns_query with isdataat relative to it
*/
UtRegisterTest("DetectIsdataatTestParse04", DetectIsdataatTestParse04);
UtRegisterTest("DetectIsdataatTestParse05", DetectIsdataatTestParse05);
UtRegisterTest("DetectIsdataatTestParse06", DetectIsdataatTestParse06);
- UtRegisterTest("DetectIsdataatTestParse09", DetectIsdataatTestParse09);
UtRegisterTest("DetectIsdataatTestParse16", DetectIsdataatTestParse16);
UtRegisterTest("DetectIsdataatTestPacket01", DetectIsdataatTestPacket01);
if (lua->flags & DATATYPE_HTTP_RESPONSE_BODY) {
int list = DetectBufferTypeGetByName("file_data");
SigMatchAppendSMToList(s, sm, list);
- } else if (lua->flags & DATATYPE_HTTP_REQUEST_BODY)
- SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_HCBDMATCH);
- else if (lua->flags & DATATYPE_HTTP_URI) {
+ } else if (lua->flags & DATATYPE_HTTP_REQUEST_BODY) {
+ int list = DetectBufferTypeGetByName("http_client_body");
+ SigMatchAppendSMToList(s, sm, list);
+ } else if (lua->flags & DATATYPE_HTTP_URI) {
int list = DetectBufferTypeGetByName("http_uri");
SigMatchAppendSMToList(s, sm, list);
} else if (lua->flags & DATATYPE_HTTP_URI_RAW)
CASE_CODE_STRING(DETECT_SM_LIST_MATCH, "packet");
CASE_CODE_STRING(DETECT_SM_LIST_PMATCH, "payload");
CASE_CODE_STRING(DETECT_SM_LIST_HRUDMATCH, "http_raw_uri");
- CASE_CODE_STRING(DETECT_SM_LIST_HCBDMATCH, "http_client_body");
CASE_CODE_STRING(DETECT_SM_LIST_APP_EVENT, "app-layer-event");
CASE_CODE_STRING(DETECT_SM_LIST_AMATCH, "app-layer");
CASE_CODE_STRING(DETECT_SM_LIST_DMATCH, "dcerpc");
CASE_CODE(DETECT_SM_LIST_MATCH);
CASE_CODE(DETECT_SM_LIST_PMATCH);
CASE_CODE(DETECT_SM_LIST_HRUDMATCH);
- CASE_CODE(DETECT_SM_LIST_HCBDMATCH);
CASE_CODE(DETECT_SM_LIST_APP_EVENT);
CASE_CODE(DETECT_SM_LIST_AMATCH);
CASE_CODE(DETECT_SM_LIST_DMATCH);
if (fd->flags & FLOW_PKT_TOCLIENT) {
/* check for request + from_server/to_client */
- if (s->init_data->smlists[DETECT_SM_LIST_HRUDMATCH] != NULL ||
- s->init_data->smlists[DETECT_SM_LIST_HCBDMATCH] != NULL) {
+ if (s->init_data->smlists[DETECT_SM_LIST_HRUDMATCH] != NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use uricontent "
"/http_uri , raw_uri, http_client_body, "
"http_method, http_user_agent keywords "
}
}
- if (s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH] ||
- s->init_data->smlists_tail[DETECT_SM_LIST_HCBDMATCH])
+ if (s->init_data->smlists_tail[DETECT_SM_LIST_HRUDMATCH])
{
SCLogError(SC_ERR_INVALID_SIGNATURE, "Signature combines packet "
"specific matches (like dsize, flags, ttl) with stream / "
*sm_list = DetectPcreSetList(*sm_list, list);
break;
}
- case 'P':
+ case 'P': {
/* snort's option (http request body inspection) */
- *sm_list = DetectPcreSetList(*sm_list, DETECT_SM_LIST_HCBDMATCH);
+ int list = DetectBufferTypeGetByName("http_client_body");
+ *sm_list = DetectPcreSetList(*sm_list, list);
break;
+ }
case 'Q': {
int list = DetectBufferTypeGetByName("file_data");
/* suricata extension (http response body inspection) */
if (DetectPcreParseCapture(regexstr, de_ctx, pd) < 0)
goto error;
- if (parsed_sm_list == DETECT_SM_LIST_HRUDMATCH ||
- parsed_sm_list == DETECT_SM_LIST_HCBDMATCH)
+ if (parsed_sm_list == DETECT_SM_LIST_HRUDMATCH)
{
if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "Invalid option. "
sm_list = s->init_data->list;
} else {
switch(parsed_sm_list) {
- case DETECT_SM_LIST_HCBDMATCH:
- AppLayerHtpEnableRequestBodyCallback();
- s->flags |= SIG_FLAG_APPLAYER;
- s->alproto = ALPROTO_HTTP;
- sm_list = parsed_sm_list;
- break;
-
case DETECT_SM_LIST_HRUDMATCH:
s->flags |= SIG_FLAG_APPLAYER;
s->alproto = ALPROTO_HTTP;
if (s->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL)
return 0;
- if (s->init_data->smlists[DETECT_SM_LIST_HCBDMATCH] != NULL)
- return 0;
-
if (s->init_data->smlists[DETECT_SM_LIST_HRUDMATCH] != NULL)
return 0;
if (s->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL)
return 0;
- if (s->init_data->smlists[DETECT_SM_LIST_HCBDMATCH] != NULL)
- return 0;
-
if (s->init_data->smlists[DETECT_SM_LIST_HRUDMATCH] != NULL)
return 0;
if (s->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL ||
s->init_data->smlists[DETECT_SM_LIST_AMATCH] != NULL ||
- s->init_data->smlists[DETECT_SM_LIST_HCBDMATCH] != NULL ||
s->init_data->smlists[DETECT_SM_LIST_HRUDMATCH] != NULL)
{
SCReturnInt(0);
SCLogDebug("sig requires dce state");
}
- if (s->init_data->smlists[DETECT_SM_LIST_HCBDMATCH] != NULL) {
- s->mask |= SIG_MASK_REQUIRE_HTTP_STATE;
- SCLogDebug("sig requires http app state");
- }
-
if (s->init_data->smlists[DETECT_SM_LIST_HRUDMATCH] != NULL) {
s->mask |= SIG_MASK_REQUIRE_HTTP_STATE;
SCLogDebug("sig requires http app state");
/* list for http_raw_uri keyword and the ones relative to it */
DETECT_SM_LIST_HRUDMATCH = DETECT_SM_LIST_BUILTIN_MAX,
- /* list for http_client_body keyword and the ones relative to it */
- DETECT_SM_LIST_HCBDMATCH,
/* app event engine sm list */
DETECT_SM_LIST_APP_EVENT,
projects / thirdparty / suricata.git / commitdiff
