From: Mats Klepsland <mats.klepsland@gmail.com>
Date: Fri, 16 Mar 2018 21:08:03 +0000 (+0100)
Subject: detect-tls-cert-subject: use *_Register2 API functions
X-Git-Tag: suricata-4.1.0-beta1~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5c96e1df95166a890d0383e35557a24104c70559;p=thirdparty%2Fsuricata.git

detect-tls-cert-subject: use *_Register2 API functions

Use *_Register2 API functions when registering 'tls_cert_subject'
detection keyword.
---

diff --git a/src/detect-engine-tls.c b/src/detect-engine-tls.c
index a72925e811..155f7faf6e 100644
--- a/src/detect-engine-tls.c
+++ b/src/detect-engine-tls.c
@@ -123,82 +123,6 @@ int DetectEngineInspectTlsSni(ThreadVars *tv,
     return cnt;
 }
 
-/** \brief TLS Subject Mpm prefilter callback
- *
- *  \param det_ctx detection engine thread ctx
- *  \param p packet to inspect
- *  \param f flow to inspect
- *  \param txv tx to inspect
- *  \param pectx inspection context
- */
-static void PrefilterTxTlsSubject(DetectEngineThreadCtx *det_ctx, const void *pectx,
-        Packet *p, Flow *f, void *txv,
-        const uint64_t idx, const uint8_t flags)
-{
-    SCEnter();
-
-    const MpmCtx *mpm_ctx = (MpmCtx *)pectx;
-    SSLState *ssl_state = f->alstate;
-
-    if (ssl_state->server_connp.cert0_subject == NULL)
-        return;
-
-    const uint8_t *buffer = (const uint8_t *)ssl_state->server_connp.cert0_subject;
-    const uint32_t buffer_len = strlen(ssl_state->server_connp.cert0_subject);
-
-    if (buffer_len >= mpm_ctx->minlen) {
-        (void)mpm_table[mpm_ctx->mpm_type].Search(mpm_ctx,
-                &det_ctx->mtcu, &det_ctx->pmq, buffer, buffer_len);
-    }
-}
-
-int PrefilterTxTlsSubjectRegister(DetectEngineCtx *de_ctx,
-        SigGroupHead *sgh, MpmCtx *mpm_ctx)
-{
-    SCEnter();
-
-    return PrefilterAppendTxEngine(de_ctx, sgh, PrefilterTxTlsSubject,
-        ALPROTO_TLS, TLS_STATE_CERT_READY,
-        mpm_ctx, NULL, "tls_cert_subject");
-}
-
-/** \brief Do the content inspection and validation for a signature
- *
- *  \param de_ctx   Detection engine context
- *  \param det_ctx  Detection engine thread context
- *  \param s        Signature to inspect
- *  \param sm       SigMatch to inspect
- *  \param f        Flow
- *  \param flags    App layer flags
- *  \param state    App layer state
- *
- *  \retval 0       No match
- *  \retval 1       Match
- */
-int DetectEngineInspectTlsSubject(ThreadVars *tv,
-        DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
-        const Signature *s, const SigMatchData *smd,
-        Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
-{
-    uint8_t *buffer;
-    uint32_t buffer_len;
-    int cnt = 0;
-
-    SSLState *ssl_state = (SSLState *)alstate;
-
-    if (ssl_state->server_connp.cert0_subject == NULL)
-        return 0;
-
-    buffer = (uint8_t *)ssl_state->server_connp.cert0_subject;
-    buffer_len = strlen(ssl_state->server_connp.cert0_subject);
-
-    cnt = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
-            f, buffer, buffer_len, 0, DETECT_CI_FLAGS_SINGLE,
-            DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL);
-
-    return cnt;
-}
-
 /** \brief TLS Serial Mpm prefilter callback
  *
  *  \param det_ctx detection engine thread ctx
diff --git a/src/detect-engine-tls.h b/src/detect-engine-tls.h
index 7f6004ba2a..d79fa43f08 100644
--- a/src/detect-engine-tls.h
+++ b/src/detect-engine-tls.h
@@ -25,8 +25,6 @@
 
 int PrefilterTxTlsSniRegister(DetectEngineCtx *de_ctx,
         SigGroupHead *sgh, MpmCtx *mpm_ctx);
-int PrefilterTxTlsSubjectRegister(DetectEngineCtx *de_ctx,
-        SigGroupHead *sgh, MpmCtx *mpm_ctx);
 int PrefilterTxTlsSerialRegister(DetectEngineCtx *de_ctx,
         SigGroupHead *sgh, MpmCtx *mpm_ctx);
 
@@ -35,12 +33,6 @@ int DetectEngineInspectTlsSni(ThreadVars *tv,
         const Signature *s, const SigMatchData *smd,
         Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
 
-int DetectEngineInspectTlsSubject(ThreadVars *tv,
-        DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
-        const Signature *s, const SigMatchData *smd,
-        Flow *f, uint8_t flags,
-        void *alstate, void *txv, uint64_t tx_id);
-
 int DetectEngineInspectTlsSerial(ThreadVars *tv,
         DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
         const Signature *s, const SigMatchData *smd,
diff --git a/src/detect-tls-cert-subject.c b/src/detect-tls-cert-subject.c
index 806f080870..b6e0d1e89d 100644
--- a/src/detect-tls-cert-subject.c
+++ b/src/detect-tls-cert-subject.c
@@ -32,7 +32,7 @@
 #include "detect-parse.h"
 #include "detect-engine.h"
 #include "detect-engine-mpm.h"
-#include "detect-engine-tls.h"
+#include "detect-engine-prefilter.h"
 #include "detect-content.h"
 #include "detect-pcre.h"
 #include "detect-tls-cert-subject.h"
@@ -56,6 +56,10 @@
 
 static int DetectTlsSubjectSetup(DetectEngineCtx *, Signature *, const char *);
 static void DetectTlsSubjectRegisterTests(void);
+static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx,
+        const DetectEngineTransforms *transforms,
+        Flow *_f, const uint8_t _flow_flags,
+        void *txv, const int list_id);
 static int g_tls_cert_subject_buffer_id = 0;
 
 /**
@@ -73,12 +77,16 @@ void DetectTlsSubjectRegister(void)
 
     sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].flags |= SIGMATCH_NOOPT;
 
-    DetectAppLayerMpmRegister("tls_cert_subject", SIG_FLAG_TOCLIENT, 2,
-            PrefilterTxTlsSubjectRegister);
+   DetectAppLayerInspectEngineRegister2("tls_cert_subject", ALPROTO_TLS,
+            SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY,
+            DetectEngineInspectBufferGeneric, GetData);
 
-    DetectAppLayerInspectEngineRegister("tls_cert_subject",
-            ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY,
-            DetectEngineInspectTlsSubject);
+    DetectAppLayerMpmRegister2("tls_cert_subject", SIG_FLAG_TOCLIENT, 2,
+            PrefilterGenericMpmRegister, GetData, ALPROTO_TLS,
+            TLS_STATE_CERT_READY);
+
+    DetectBufferTypeSetDescriptionByName("tls_cert_subject",
+            "TLS certificate subject");
 
     g_tls_cert_subject_buffer_id = DetectBufferTypeGetByName("tls_cert_subject");
 }
@@ -94,11 +102,35 @@ void DetectTlsSubjectRegister(void)
  */
 static int DetectTlsSubjectSetup(DetectEngineCtx *de_ctx, Signature *s, const char *str)
 {
-    s->init_data->list = g_tls_cert_subject_buffer_id;
+    DetectBufferSetActiveList(s, g_tls_cert_subject_buffer_id);
     s->alproto = ALPROTO_TLS;
     return 0;
 }
 
+static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx,
+        const DetectEngineTransforms *transforms, Flow *_f,
+        const uint8_t _flow_flags, void *txv, const int list_id)
+{
+    BUG_ON(det_ctx->inspect_buffers == NULL);
+    InspectionBuffer *buffer = &det_ctx->inspect_buffers[list_id];
+
+    if (buffer->inspect == NULL) {
+        SSLState *ssl_state = (SSLState *)_f->alstate;
+
+        if (ssl_state->server_connp.cert0_subject == NULL) {
+            return NULL;
+        }
+
+        const uint32_t data_len = strlen(ssl_state->server_connp.cert0_subject);
+        const uint8_t *data = (uint8_t *)ssl_state->server_connp.cert0_subject;
+
+        InspectionBufferSetup(buffer, data, data_len);
+        InspectionBufferApplyTransforms(buffer, transforms);
+    }
+
+    return buffer;
+}
+
 #ifdef UNITTESTS
 
 /**