From: Victor Julien Date: Mon, 17 Oct 2016 22:50:26 +0000 (+0200) Subject: http_request_line: dynamic buffer X-Git-Tag: suricata-4.0.0-beta1~396 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7052f9b9338e80956dd0043117796e6473b5168f;p=thirdparty%2Fsuricata.git http_request_line: dynamic buffer --- diff --git a/src/detect-engine.c b/src/detect-engine.c index f899e029db..460d37502a 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -2824,8 +2824,6 @@ const char *DetectSigmatchListEnumToString(enum DetectSigmatchListEnum type) return "http cookie"; case DETECT_SM_LIST_HUADMATCH: return "http user-agent"; - case DETECT_SM_LIST_HTTP_REQLINEMATCH: - return "http request line"; case DETECT_SM_LIST_HTTP_RESLINEMATCH: return "http response line"; case DETECT_SM_LIST_APP_EVENT: diff --git a/src/detect-http-request-line.c b/src/detect-http-request-line.c index 8f4b9fd932..15516f37be 100644 --- a/src/detect-http-request-line.c +++ b/src/detect-http-request-line.c @@ -60,14 +60,15 @@ #include "stream-tcp.h" #include "detect-http-request-line.h" -int DetectHttpRequestLineSetup(DetectEngineCtx *, Signature *, char *); -void DetectHttpRequestLineRegisterTests(void); -void DetectHttpRequestLineFree(void *); +static int DetectHttpRequestLineSetup(DetectEngineCtx *, Signature *, char *); +static void DetectHttpRequestLineRegisterTests(void); static int PrefilterTxHttpRequestLineRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx); static int DetectEngineInspectHttpRequestLine(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); +static void DetectHttpRequestLineSetupCallback(Signature *s); +static int g_http_request_line_buffer_id = 0; /** * \brief Registers the keyword handlers for the "http_request_line" keyword. @@ -85,15 +86,20 @@ void DetectHttpRequestLineRegister(void) sigmatch_table[DETECT_AL_HTTP_REQUEST_LINE].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_HTTP_REQUEST_LINE].flags |= SIGMATCH_PAYLOAD ; - DetectMpmAppLayerRegister("http_request_line", SIG_FLAG_TOSERVER, - DETECT_SM_LIST_HTTP_REQLINEMATCH, 2, + DetectAppLayerMpmRegister("http_request_line", SIG_FLAG_TOSERVER, 2, PrefilterTxHttpRequestLineRegister); - DetectAppLayerInspectEngineRegister(ALPROTO_HTTP, SIG_FLAG_TOSERVER, - DETECT_SM_LIST_HTTP_REQLINEMATCH, + DetectAppLayerInspectEngineRegister2("http_request_line", + ALPROTO_HTTP, SIG_FLAG_TOSERVER, DetectEngineInspectHttpRequestLine); - return; + DetectBufferTypeSetDescriptionByName("http_request_line", + "http request line"); + + DetectBufferTypeRegisterSetupCallback("http_request_line", + DetectHttpRequestLineSetupCallback); + + g_http_request_line_buffer_id = DetectBufferTypeGetByName("http_request_line"); } /** @@ -109,13 +115,19 @@ void DetectHttpRequestLineRegister(void) * \retval 0 On success * \retval -1 On failure */ -int DetectHttpRequestLineSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg) +static int DetectHttpRequestLineSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg) { - s->init_data->list = DETECT_SM_LIST_HTTP_REQLINEMATCH; + s->init_data->list = g_http_request_line_buffer_id; s->alproto = ALPROTO_HTTP; return 0; } +static void DetectHttpRequestLineSetupCallback(Signature *s) +{ + SCLogDebug("callback invoked by %u", s->id); + s->mask |= SIG_MASK_REQUIRE_HTTP_STATE; +} + /** \brief HTTP request line Mpm prefilter callback * * \param det_ctx detection engine thread ctx @@ -308,7 +320,7 @@ static int DetectHttpRequestLineTest02(void) #endif /* UNITTESTS */ -void DetectHttpRequestLineRegisterTests(void) +static void DetectHttpRequestLineRegisterTests(void) { #ifdef UNITTESTS UtRegisterTest("DetectHttpRequestLineTest01", DetectHttpRequestLineTest01); diff --git a/src/detect-lua.c b/src/detect-lua.c index cda8f94647..06a0315207 100644 --- a/src/detect-lua.c +++ b/src/detect-lua.c @@ -1009,8 +1009,10 @@ static int DetectLuaSetup (DetectEngineCtx *de_ctx, Signature *s, char *str) SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_HRHDMATCH); else if (lua->flags & DATATYPE_HTTP_RESPONSE_COOKIE) SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_HCDMATCH); - else - SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_HTTP_REQLINEMATCH); + else { + int list = DetectBufferTypeGetByName("http_request_line"); + SigMatchAppendSMToList(s, sm, list); + } } else if (lua->alproto == ALPROTO_DNS) { if (lua->flags & DATATYPE_DNS_RRNAME) { SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_DNSQUERYNAME_MATCH); diff --git a/src/detect-parse.c b/src/detect-parse.c index cec9022deb..18fbb9d51a 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -154,7 +154,6 @@ const char *DetectListToHumanString(int list) CASE_CODE_STRING(DETECT_SM_LIST_HMDMATCH, "http_method"); CASE_CODE_STRING(DETECT_SM_LIST_HCDMATCH, "http_cookie"); CASE_CODE_STRING(DETECT_SM_LIST_HUADMATCH, "http_user_agent"); - CASE_CODE_STRING(DETECT_SM_LIST_HTTP_REQLINEMATCH, "http_request_line"); CASE_CODE_STRING(DETECT_SM_LIST_HTTP_RESLINEMATCH, "http_response_line"); CASE_CODE_STRING(DETECT_SM_LIST_APP_EVENT, "app-layer-event"); CASE_CODE_STRING(DETECT_SM_LIST_AMATCH, "app-layer"); @@ -199,7 +198,6 @@ const char *DetectListToString(int list) CASE_CODE(DETECT_SM_LIST_HMDMATCH); CASE_CODE(DETECT_SM_LIST_HCDMATCH); CASE_CODE(DETECT_SM_LIST_HUADMATCH); - CASE_CODE(DETECT_SM_LIST_HTTP_REQLINEMATCH); CASE_CODE(DETECT_SM_LIST_HTTP_RESLINEMATCH); CASE_CODE(DETECT_SM_LIST_APP_EVENT); CASE_CODE(DETECT_SM_LIST_AMATCH); diff --git a/src/detect.h b/src/detect.h index e90f9fdee3..c238bcb39f 100644 --- a/src/detect.h +++ b/src/detect.h @@ -141,8 +141,6 @@ enum DetectSigmatchListEnum { DETECT_SM_LIST_HCDMATCH, /* list for http_user_agent keyword and the ones relative to it */ DETECT_SM_LIST_HUADMATCH, - /* list for http_request_line keyword and the ones relative to it */ - DETECT_SM_LIST_HTTP_REQLINEMATCH, /* list for http_response_line keyword and the ones relative to it */ DETECT_SM_LIST_HTTP_RESLINEMATCH, /* app event engine sm list */