From: Victor Julien Date: Thu, 22 Dec 2016 19:17:49 +0000 (+0100) Subject: detect: remove AppLayerMatch API call X-Git-Tag: suricata-4.0.0-beta1~343 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=775e182531e7e744e1bad63916e87400a8a7867b;p=thirdparty%2Fsuricata.git detect: remove AppLayerMatch API call --- diff --git a/src/detect-bypass.c b/src/detect-bypass.c index a92e282279..6d77fbefa4 100644 --- a/src/detect-bypass.c +++ b/src/detect-bypass.c @@ -63,7 +63,6 @@ void DetectBypassRegister(void) sigmatch_table[DETECT_BYPASS].desc = "call the bypass callback when the match of a sig is complete"; sigmatch_table[DETECT_BYPASS].url = ""; sigmatch_table[DETECT_BYPASS].Match = DetectBypassMatch; - sigmatch_table[DETECT_BYPASS].AppLayerMatch = NULL; sigmatch_table[DETECT_BYPASS].Setup = DetectBypassSetup; sigmatch_table[DETECT_BYPASS].Free = NULL; sigmatch_table[DETECT_BYPASS].RegisterTests = DetectBypassRegisterTests; diff --git a/src/detect-byte-extract.c b/src/detect-byte-extract.c index 1a7a0268cd..a6ab72a016 100644 --- a/src/detect-byte-extract.c +++ b/src/detect-byte-extract.c @@ -100,7 +100,6 @@ void DetectByteExtractRegister(void) { sigmatch_table[DETECT_BYTE_EXTRACT].name = "byte_extract"; sigmatch_table[DETECT_BYTE_EXTRACT].Match = NULL; - sigmatch_table[DETECT_BYTE_EXTRACT].AppLayerMatch = NULL; sigmatch_table[DETECT_BYTE_EXTRACT].Setup = DetectByteExtractSetup; sigmatch_table[DETECT_BYTE_EXTRACT].Free = DetectByteExtractFree; sigmatch_table[DETECT_BYTE_EXTRACT].RegisterTests = DetectByteExtractRegisterTests; diff --git a/src/detect-cipservice.c b/src/detect-cipservice.c index 1074241d5a..6452ffaff6 100644 --- a/src/detect-cipservice.c +++ b/src/detect-cipservice.c @@ -53,7 +53,6 @@ void DetectCipServiceRegister(void) sigmatch_table[DETECT_CIPSERVICE].name = "cip_service"; //rule keyword sigmatch_table[DETECT_CIPSERVICE].desc = "Rules for detecting CIP Service "; sigmatch_table[DETECT_CIPSERVICE].Match = NULL; - sigmatch_table[DETECT_CIPSERVICE].AppLayerMatch = NULL; sigmatch_table[DETECT_CIPSERVICE].Setup = DetectCipServiceSetup; sigmatch_table[DETECT_CIPSERVICE].Free = DetectCipServiceFree; sigmatch_table[DETECT_CIPSERVICE].RegisterTests @@ -315,7 +314,6 @@ void DetectEnipCommandRegister(void) sigmatch_table[DETECT_ENIPCOMMAND].desc = "Rules for detecting EtherNet/IP command"; sigmatch_table[DETECT_ENIPCOMMAND].Match = NULL; - sigmatch_table[DETECT_ENIPCOMMAND].AppLayerMatch = NULL; sigmatch_table[DETECT_ENIPCOMMAND].Setup = DetectEnipCommandSetup; sigmatch_table[DETECT_ENIPCOMMAND].Free = DetectEnipCommandFree; sigmatch_table[DETECT_ENIPCOMMAND].RegisterTests diff --git a/src/detect-dce-stub-data.c b/src/detect-dce-stub-data.c index 68d944748a..418ab8fcaf 100644 --- a/src/detect-dce-stub-data.c +++ b/src/detect-dce-stub-data.c @@ -59,7 +59,6 @@ void DetectDceStubDataRegister(void) { sigmatch_table[DETECT_DCE_STUB_DATA].name = "dce_stub_data"; sigmatch_table[DETECT_DCE_STUB_DATA].Match = NULL; - sigmatch_table[DETECT_DCE_STUB_DATA].AppLayerMatch = NULL; sigmatch_table[DETECT_DCE_STUB_DATA].Setup = DetectDceStubDataSetup; sigmatch_table[DETECT_DCE_STUB_DATA].Free = NULL; sigmatch_table[DETECT_DCE_STUB_DATA].RegisterTests = DetectDceStubDataRegisterTests; diff --git a/src/detect-dnp3.c b/src/detect-dnp3.c index 438c38cb3a..4fe63ecd22 100644 --- a/src/detect-dnp3.c +++ b/src/detect-dnp3.c @@ -482,7 +482,6 @@ static void DetectDNP3FuncRegister(void) sigmatch_table[DETECT_AL_DNP3FUNC].name = "dnp3_func"; sigmatch_table[DETECT_AL_DNP3FUNC].alias = "dnp3.func"; sigmatch_table[DETECT_AL_DNP3FUNC].Match = NULL; - sigmatch_table[DETECT_AL_DNP3FUNC].AppLayerMatch = NULL; sigmatch_table[DETECT_AL_DNP3FUNC].AppLayerTxMatch = DetectDNP3FuncMatch; sigmatch_table[DETECT_AL_DNP3FUNC].Setup = DetectDNP3FuncSetup; sigmatch_table[DETECT_AL_DNP3FUNC].Free = DetectDNP3Free; @@ -499,7 +498,6 @@ static void DetectDNP3IndRegister(void) sigmatch_table[DETECT_AL_DNP3IND].name = "dnp3_ind"; sigmatch_table[DETECT_AL_DNP3IND].alias = "dnp3.ind"; sigmatch_table[DETECT_AL_DNP3IND].Match = NULL; - sigmatch_table[DETECT_AL_DNP3IND].AppLayerMatch = NULL; sigmatch_table[DETECT_AL_DNP3IND].AppLayerTxMatch = DetectDNP3IndMatch; sigmatch_table[DETECT_AL_DNP3IND].Setup = DetectDNP3IndSetup; sigmatch_table[DETECT_AL_DNP3IND].Free = DetectDNP3Free; @@ -516,7 +514,6 @@ static void DetectDNP3ObjRegister(void) sigmatch_table[DETECT_AL_DNP3OBJ].name = "dnp3_obj"; sigmatch_table[DETECT_AL_DNP3OBJ].alias = "dnp3.obj"; sigmatch_table[DETECT_AL_DNP3OBJ].Match = NULL; - sigmatch_table[DETECT_AL_DNP3OBJ].AppLayerMatch = NULL; sigmatch_table[DETECT_AL_DNP3OBJ].AppLayerTxMatch = DetectDNP3ObjMatch; sigmatch_table[DETECT_AL_DNP3OBJ].Setup = DetectDNP3ObjSetup; sigmatch_table[DETECT_AL_DNP3OBJ].Free = DetectDNP3Free; @@ -540,7 +537,6 @@ static void DetectDNP3DataRegister(void) sigmatch_table[DETECT_AL_DNP3DATA].name = "dnp3_data"; sigmatch_table[DETECT_AL_DNP3DATA].Match = NULL; - sigmatch_table[DETECT_AL_DNP3DATA].AppLayerMatch = NULL; sigmatch_table[DETECT_AL_DNP3DATA].Setup = DetectDNP3DataSetup; sigmatch_table[DETECT_AL_DNP3DATA].Free = NULL; sigmatch_table[DETECT_AL_DNP3DATA].RegisterTests = diff --git a/src/detect-dns-query.c b/src/detect-dns-query.c index c8f9690b47..815d005922 100644 --- a/src/detect-dns-query.c +++ b/src/detect-dns-query.c @@ -70,7 +70,6 @@ void DetectDnsQueryRegister (void) sigmatch_table[DETECT_AL_DNS_QUERY].name = "dns_query"; sigmatch_table[DETECT_AL_DNS_QUERY].desc = "content modifier to match specifically and only on the DNS query-buffer"; sigmatch_table[DETECT_AL_DNS_QUERY].Match = NULL; - sigmatch_table[DETECT_AL_DNS_QUERY].AppLayerMatch = NULL; sigmatch_table[DETECT_AL_DNS_QUERY].Setup = DetectDnsQuerySetup; sigmatch_table[DETECT_AL_DNS_QUERY].Free = NULL; sigmatch_table[DETECT_AL_DNS_QUERY].RegisterTests = DetectDnsQueryRegisterTests; diff --git a/src/detect-engine-state.c b/src/detect-engine-state.c index 18d97d08a8..c182abde01 100644 --- a/src/detect-engine-state.c +++ b/src/detect-engine-state.c @@ -635,57 +635,18 @@ int DeStateDetectStartDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, } } - int amatch = 0; - /* flow based matches */ - KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_AMATCH); - smd = s->sm_arrays[DETECT_SM_LIST_AMATCH]; - if (smd != NULL) { - void *alstate = FlowGetAppState(f); - if (alstate == NULL) { - goto end; - } - - while (1) { - if (sigmatch_table[smd->type].AppLayerMatch != NULL) { - int match = 0; - KEYWORD_PROFILING_START; - match = sigmatch_table[smd->type]. - AppLayerMatch(tv, det_ctx, f, flags, alstate, s, smd); - KEYWORD_PROFILING_END(det_ctx, smd->type, (match == 1)); - - if (match == 0) { - break; - } else if (match == 2) { - inspect_flags |= DE_STATE_FLAG_SIG_CANT_MATCH; - break; - } else if (match == 1 && smd->is_last) { - amatch = 1; - } - } - if (smd->is_last) - break; - smd++; - } - } - /* if AMATCH and/or DMATCH are in use, see if we need to * alert and store the state */ - if ((s->sm_arrays[DETECT_SM_LIST_AMATCH] != NULL || - s->sm_arrays[DETECT_SM_LIST_DMATCH] != NULL)) + if (s->sm_arrays[DETECT_SM_LIST_DMATCH] != NULL) { - /* if dmatch in use and match + amatch in use and match - or - if dmatch in use and match + amatch not in use - or - if dmatch not in use + amatch in use and match + /* if dmatch in use and match or sig can't match */ if (inspect_flags & DE_STATE_FLAG_SIG_CANT_MATCH) { inspect_flags |= DE_STATE_FLAG_FULL_INSPECT; } else { - if ((amatch || s->sm_arrays[DETECT_SM_LIST_AMATCH] == NULL) && - (dmatch || s->sm_arrays[DETECT_SM_LIST_DMATCH] == NULL)) + if (dmatch || s->sm_arrays[DETECT_SM_LIST_DMATCH] == NULL) { if (!(s->flags & SIG_FLAG_NOALERT)) { PacketAlertAppend(det_ctx, s, p, 0, @@ -936,45 +897,6 @@ static int DoInspectFlowRule(ThreadVars *tv, RULE_PROFILING_START(p); - KEYWORD_PROFILING_SET_LIST(det_ctx, DETECT_SM_LIST_AMATCH); - if (item->nm != NULL) { - void *alstate = FlowGetAppState(f); - if (alstate == NULL) { - RULE_PROFILING_END(det_ctx, s, 0 /* no match */, p); - return -1; - } - - smd = item->nm; - while(1) { - if (sigmatch_table[smd->type].AppLayerMatch != NULL) { - int match = 0; - KEYWORD_PROFILING_START; - match = sigmatch_table[smd->type]. - AppLayerMatch(tv, det_ctx, f, flags, alstate, s, smd); - KEYWORD_PROFILING_END(det_ctx, smd->type, (match == 1)); - - if (match == 0) - break; - else if (match == 2) { - inspect_flags |= DE_STATE_FLAG_SIG_CANT_MATCH; - break; - } - else if (match == 1) { - total_matches++; - - if (smd->is_last) - full_match = 1; - } - } - if (smd->is_last) - break; - smd++; - } - } else { - /* AMATCH isn't there */ - full_match = 1; - } - /* DCERPC matches */ if (s->sm_arrays[DETECT_SM_LIST_DMATCH] != NULL && (alproto == ALPROTO_DCERPC || alproto == ALPROTO_SMB || @@ -993,7 +915,7 @@ static int DoInspectFlowRule(ThreadVars *tv, } } /* update full_match with DMATCH result */ - if (full_match && s->sm_arrays[DETECT_SM_LIST_DMATCH] != NULL) { + if (s->sm_arrays[DETECT_SM_LIST_DMATCH] != NULL) { full_match = ((inspect_flags & DE_STATE_FLAG_DCE_PAYLOAD_INSPECT) != 0); } diff --git a/src/detect-file-data.c b/src/detect-file-data.c index ef245f9152..da9a011bc7 100644 --- a/src/detect-file-data.c +++ b/src/detect-file-data.c @@ -60,7 +60,6 @@ void DetectFiledataRegister(void) sigmatch_table[DETECT_FILE_DATA].desc = "make content keywords match on HTTP response body"; sigmatch_table[DETECT_FILE_DATA].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#file-data"; sigmatch_table[DETECT_FILE_DATA].Match = NULL; - sigmatch_table[DETECT_FILE_DATA].AppLayerMatch = NULL; sigmatch_table[DETECT_FILE_DATA].Setup = DetectFiledataSetup; sigmatch_table[DETECT_FILE_DATA].Free = NULL; sigmatch_table[DETECT_FILE_DATA].RegisterTests = DetectFiledataRegisterTests; diff --git a/src/detect-http-client-body.c b/src/detect-http-client-body.c index 2273aefbae..a158e137b7 100644 --- a/src/detect-http-client-body.c +++ b/src/detect-http-client-body.c @@ -73,7 +73,6 @@ void DetectHttpClientBodyRegister(void) sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].desc = "content modifier to match only on HTTP request-body"; sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http_client-body"; sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].Match = NULL; - sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].AppLayerMatch = NULL; sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].Setup = DetectHttpClientBodySetup; sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].Free = DetectHttpClientBodyFree; sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].RegisterTests = DetectHttpClientBodyRegisterTests; diff --git a/src/detect-http-cookie.c b/src/detect-http-cookie.c index 2b0baeaa21..3b9eff786c 100644 --- a/src/detect-http-cookie.c +++ b/src/detect-http-cookie.c @@ -76,7 +76,6 @@ void DetectHttpCookieRegister(void) sigmatch_table[DETECT_AL_HTTP_COOKIE].desc = "content modifier to match only on the HTTP cookie-buffer"; sigmatch_table[DETECT_AL_HTTP_COOKIE].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http-cookie"; sigmatch_table[DETECT_AL_HTTP_COOKIE].Match = NULL; - sigmatch_table[DETECT_AL_HTTP_COOKIE].AppLayerMatch = NULL; sigmatch_table[DETECT_AL_HTTP_COOKIE].Setup = DetectHttpCookieSetup; sigmatch_table[DETECT_AL_HTTP_COOKIE].Free = DetectHttpCookieFree; sigmatch_table[DETECT_AL_HTTP_COOKIE].RegisterTests = DetectHttpCookieRegisterTests; diff --git a/src/detect-http-hh.c b/src/detect-http-hh.c index 7c943d07d6..758b978a6f 100644 --- a/src/detect-http-hh.c +++ b/src/detect-http-hh.c @@ -74,7 +74,6 @@ void DetectHttpHHRegister(void) sigmatch_table[DETECT_AL_HTTP_HOST].name = "http_host"; sigmatch_table[DETECT_AL_HTTP_HOST].desc = "content modifier to match only on the HTTP hostname"; sigmatch_table[DETECT_AL_HTTP_HOST].Match = NULL; - sigmatch_table[DETECT_AL_HTTP_HOST].AppLayerMatch = NULL; sigmatch_table[DETECT_AL_HTTP_HOST].Setup = DetectHttpHHSetup; sigmatch_table[DETECT_AL_HTTP_HOST].Free = DetectHttpHHFree; sigmatch_table[DETECT_AL_HTTP_HOST].RegisterTests = DetectHttpHHRegisterTests; diff --git a/src/detect-http-hrh.c b/src/detect-http-hrh.c index 92f504e566..8b3620a48b 100644 --- a/src/detect-http-hrh.c +++ b/src/detect-http-hrh.c @@ -73,7 +73,6 @@ void DetectHttpHRHRegister(void) sigmatch_table[DETECT_AL_HTTP_RAW_HOST].name = "http_raw_host"; sigmatch_table[DETECT_AL_HTTP_RAW_HOST].desc = "content modifier to match only on the HTTP host header or the raw hostname from the HTTP uri"; sigmatch_table[DETECT_AL_HTTP_RAW_HOST].Match = NULL; - sigmatch_table[DETECT_AL_HTTP_RAW_HOST].AppLayerMatch = NULL; sigmatch_table[DETECT_AL_HTTP_RAW_HOST].Setup = DetectHttpHRHSetup; sigmatch_table[DETECT_AL_HTTP_RAW_HOST].Free = DetectHttpHRHFree; sigmatch_table[DETECT_AL_HTTP_RAW_HOST].RegisterTests = DetectHttpHRHRegisterTests; diff --git a/src/detect-http-method.c b/src/detect-http-method.c index 0cf00f9bcd..a4b0feb749 100644 --- a/src/detect-http-method.c +++ b/src/detect-http-method.c @@ -76,7 +76,6 @@ void DetectHttpMethodRegister(void) sigmatch_table[DETECT_AL_HTTP_METHOD].desc = "content modifier to match only on the HTTP method-buffer"; sigmatch_table[DETECT_AL_HTTP_METHOD].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http-method"; sigmatch_table[DETECT_AL_HTTP_METHOD].Match = NULL; - sigmatch_table[DETECT_AL_HTTP_METHOD].AppLayerMatch = NULL; sigmatch_table[DETECT_AL_HTTP_METHOD].Setup = DetectHttpMethodSetup; sigmatch_table[DETECT_AL_HTTP_METHOD].Free = DetectHttpMethodFree; sigmatch_table[DETECT_AL_HTTP_METHOD].RegisterTests = DetectHttpMethodRegisterTests; diff --git a/src/detect-http-raw-header.c b/src/detect-http-raw-header.c index 35b9d3ad62..8b2b394cab 100644 --- a/src/detect-http-raw-header.c +++ b/src/detect-http-raw-header.c @@ -74,7 +74,6 @@ void DetectHttpRawHeaderRegister(void) { sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].name = "http_raw_header"; sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].Match = NULL; - sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].AppLayerMatch = NULL; sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].Setup = DetectHttpRawHeaderSetup; sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].Free = DetectHttpRawHeaderFree; sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].RegisterTests = DetectHttpRawHeaderRegisterTests; diff --git a/src/detect-http-raw-uri.c b/src/detect-http-raw-uri.c index 080586e428..367be1d595 100644 --- a/src/detect-http-raw-uri.c +++ b/src/detect-http-raw-uri.c @@ -69,7 +69,6 @@ void DetectHttpRawUriRegister(void) sigmatch_table[DETECT_AL_HTTP_RAW_URI].desc = "content modifier to match on HTTP uri"; sigmatch_table[DETECT_AL_HTTP_RAW_URI].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http_uri-and-http_raw-uri"; sigmatch_table[DETECT_AL_HTTP_RAW_URI].Match = NULL; - sigmatch_table[DETECT_AL_HTTP_RAW_URI].AppLayerMatch = NULL; sigmatch_table[DETECT_AL_HTTP_RAW_URI].Setup = DetectHttpRawUriSetup; sigmatch_table[DETECT_AL_HTTP_RAW_URI].Free = NULL; sigmatch_table[DETECT_AL_HTTP_RAW_URI].RegisterTests = DetectHttpRawUriRegisterTests; diff --git a/src/detect-http-request-line.c b/src/detect-http-request-line.c index 7c8cd3082e..4fb495f3ef 100644 --- a/src/detect-http-request-line.c +++ b/src/detect-http-request-line.c @@ -79,7 +79,6 @@ void DetectHttpRequestLineRegister(void) sigmatch_table[DETECT_AL_HTTP_REQUEST_LINE].desc = "content modifier to match only on the HTTP request line"; sigmatch_table[DETECT_AL_HTTP_REQUEST_LINE].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http_request-line"; sigmatch_table[DETECT_AL_HTTP_REQUEST_LINE].Match = NULL; - sigmatch_table[DETECT_AL_HTTP_REQUEST_LINE].AppLayerMatch = NULL; sigmatch_table[DETECT_AL_HTTP_REQUEST_LINE].Setup = DetectHttpRequestLineSetup; sigmatch_table[DETECT_AL_HTTP_REQUEST_LINE].RegisterTests = DetectHttpRequestLineRegisterTests; diff --git a/src/detect-http-response-line.c b/src/detect-http-response-line.c index f7dd062faa..e9b573b07c 100644 --- a/src/detect-http-response-line.c +++ b/src/detect-http-response-line.c @@ -79,7 +79,6 @@ void DetectHttpResponseLineRegister(void) sigmatch_table[DETECT_AL_HTTP_RESPONSE_LINE].desc = "content modifier to match only on the HTTP response line"; sigmatch_table[DETECT_AL_HTTP_RESPONSE_LINE].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http_response-line"; sigmatch_table[DETECT_AL_HTTP_RESPONSE_LINE].Match = NULL; - sigmatch_table[DETECT_AL_HTTP_RESPONSE_LINE].AppLayerMatch = NULL; sigmatch_table[DETECT_AL_HTTP_RESPONSE_LINE].Setup = DetectHttpResponseLineSetup; sigmatch_table[DETECT_AL_HTTP_RESPONSE_LINE].RegisterTests = DetectHttpResponseLineRegisterTests; diff --git a/src/detect-http-server-body.c b/src/detect-http-server-body.c index b2157d8fef..eb6f02d31e 100644 --- a/src/detect-http-server-body.c +++ b/src/detect-http-server-body.c @@ -74,7 +74,6 @@ void DetectHttpServerBodyRegister(void) sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].desc = "content modifier to match only on the HTTP response-body"; sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http_server-body"; sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].Match = NULL; - sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].AppLayerMatch = NULL; sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].Setup = DetectHttpServerBodySetup; sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].Free = DetectHttpServerBodyFree; sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].RegisterTests = DetectHttpServerBodyRegisterTests; diff --git a/src/detect-http-stat-code.c b/src/detect-http-stat-code.c index 938ce6e5f9..308ef9a46f 100644 --- a/src/detect-http-stat-code.c +++ b/src/detect-http-stat-code.c @@ -77,7 +77,6 @@ void DetectHttpStatCodeRegister (void) sigmatch_table[DETECT_AL_HTTP_STAT_CODE].desc = "content modifier to match only on HTTP stat-code-buffer"; sigmatch_table[DETECT_AL_HTTP_STAT_CODE].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http_stat-code"; sigmatch_table[DETECT_AL_HTTP_STAT_CODE].Match = NULL; - sigmatch_table[DETECT_AL_HTTP_STAT_CODE].AppLayerMatch = NULL; sigmatch_table[DETECT_AL_HTTP_STAT_CODE].Setup = DetectHttpStatCodeSetup; sigmatch_table[DETECT_AL_HTTP_STAT_CODE].Free = NULL; sigmatch_table[DETECT_AL_HTTP_STAT_CODE].RegisterTests = DetectHttpStatCodeRegisterTests; diff --git a/src/detect-http-stat-msg.c b/src/detect-http-stat-msg.c index 57dffbf807..631fb46ab1 100644 --- a/src/detect-http-stat-msg.c +++ b/src/detect-http-stat-msg.c @@ -77,7 +77,6 @@ void DetectHttpStatMsgRegister (void) sigmatch_table[DETECT_AL_HTTP_STAT_MSG].desc = "content modifier to match on HTTP stat-msg-buffer"; sigmatch_table[DETECT_AL_HTTP_STAT_MSG].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http_stat-msg"; sigmatch_table[DETECT_AL_HTTP_STAT_MSG].Match = NULL; - sigmatch_table[DETECT_AL_HTTP_STAT_MSG].AppLayerMatch = NULL; sigmatch_table[DETECT_AL_HTTP_STAT_MSG].Setup = DetectHttpStatMsgSetup; sigmatch_table[DETECT_AL_HTTP_STAT_MSG].Free = NULL; sigmatch_table[DETECT_AL_HTTP_STAT_MSG].RegisterTests = DetectHttpStatMsgRegisterTests; diff --git a/src/detect-http-ua.c b/src/detect-http-ua.c index b154806f39..9a6df63ae1 100644 --- a/src/detect-http-ua.c +++ b/src/detect-http-ua.c @@ -74,7 +74,6 @@ void DetectHttpUARegister(void) sigmatch_table[DETECT_AL_HTTP_USER_AGENT].desc = "content modifier to match only on the HTTP User-Agent header"; sigmatch_table[DETECT_AL_HTTP_USER_AGENT].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http_user-agent"; sigmatch_table[DETECT_AL_HTTP_USER_AGENT].Match = NULL; - sigmatch_table[DETECT_AL_HTTP_USER_AGENT].AppLayerMatch = NULL; sigmatch_table[DETECT_AL_HTTP_USER_AGENT].Setup = DetectHttpUASetup; sigmatch_table[DETECT_AL_HTTP_USER_AGENT].Free = DetectHttpUAFree; sigmatch_table[DETECT_AL_HTTP_USER_AGENT].RegisterTests = DetectHttpUARegisterTests; diff --git a/src/detect-http-uri.c b/src/detect-http-uri.c index 3ae8f866eb..67714f8848 100644 --- a/src/detect-http-uri.c +++ b/src/detect-http-uri.c @@ -70,7 +70,6 @@ void DetectHttpUriRegister (void) sigmatch_table[DETECT_AL_HTTP_URI].desc = "content modifier to match specifically and only on the HTTP uri-buffer"; sigmatch_table[DETECT_AL_HTTP_URI].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http_uri-and-http_raw-uri"; sigmatch_table[DETECT_AL_HTTP_URI].Match = NULL; - sigmatch_table[DETECT_AL_HTTP_URI].AppLayerMatch = NULL; sigmatch_table[DETECT_AL_HTTP_URI].Setup = DetectHttpUriSetup; sigmatch_table[DETECT_AL_HTTP_URI].Free = NULL; sigmatch_table[DETECT_AL_HTTP_URI].RegisterTests = DetectHttpUriRegisterTests; diff --git a/src/detect-lua.c b/src/detect-lua.c index 8c9a4070ff..87d3e55f9b 100644 --- a/src/detect-lua.c +++ b/src/detect-lua.c @@ -89,8 +89,6 @@ void DetectLuaRegister(void) static int DetectLuaMatch (ThreadVars *, DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *); -static int DetectLuaAppMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, - Flow *f, uint8_t flags, void *state, const Signature *s, const SigMatchData *m); static int DetectLuaAppTxMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f, uint8_t flags, void *state, void *txv, const Signature *s, @@ -116,7 +114,6 @@ void DetectLuaRegister(void) sigmatch_table[DETECT_LUA].desc = "match via a lua script"; sigmatch_table[DETECT_LUA].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Lua_scripting"; sigmatch_table[DETECT_LUA].Match = DetectLuaMatch; - sigmatch_table[DETECT_LUA].AppLayerMatch = DetectLuaAppMatch; sigmatch_table[DETECT_LUA].AppLayerTxMatch = DetectLuaAppTxMatch; sigmatch_table[DETECT_LUA].Setup = DetectLuaSetup; sigmatch_table[DETECT_LUA].Free = DetectLuaFree; @@ -551,24 +548,6 @@ static int DetectLuaAppMatchCommon (ThreadVars *t, DetectEngineThreadCtx *det_ct SCReturnInt(ret); } -/** - * \brief match the specified lua script in AMATCH - * - * \param t thread local vars - * \param det_ctx pattern matcher thread local data - * \param s signature being inspected - * \param m sigmatch that we will cast into DetectLuaData - * - * \retval 0 no match - * \retval 1 match - */ -static int DetectLuaAppMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, - Flow *f, uint8_t flags, void *state, - const Signature *s, const SigMatchData *m) -{ - return DetectLuaAppMatchCommon(t, det_ctx, f, flags, state, s, m->ctx); -} - /** * \brief match the specified lua script in a list with a tx * diff --git a/src/detect-modbus.c b/src/detect-modbus.c index 56717c475c..19518e2826 100644 --- a/src/detect-modbus.c +++ b/src/detect-modbus.c @@ -407,7 +407,6 @@ void DetectModbusRegister(void) SCEnter(); sigmatch_table[DETECT_AL_MODBUS].name = "modbus"; sigmatch_table[DETECT_AL_MODBUS].Match = NULL; - sigmatch_table[DETECT_AL_MODBUS].AppLayerMatch = NULL; sigmatch_table[DETECT_AL_MODBUS].Setup = DetectModbusSetup; sigmatch_table[DETECT_AL_MODBUS].Free = DetectModbusFree; sigmatch_table[DETECT_AL_MODBUS].RegisterTests = DetectModbusRegisterTests; diff --git a/src/detect-pcre.c b/src/detect-pcre.c index 29106304cc..e531d6a2cb 100644 --- a/src/detect-pcre.c +++ b/src/detect-pcre.c @@ -90,7 +90,6 @@ void DetectPcreRegister (void) sigmatch_table[DETECT_PCRE].desc = "match on regular expression"; sigmatch_table[DETECT_PCRE].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#pcre-perl-compatible-regular-expressions"; sigmatch_table[DETECT_PCRE].Match = NULL; - sigmatch_table[DETECT_PCRE].AppLayerMatch = NULL; sigmatch_table[DETECT_PCRE].Setup = DetectPcreSetup; sigmatch_table[DETECT_PCRE].Free = DetectPcreFree; sigmatch_table[DETECT_PCRE].RegisterTests = DetectPcreRegisterTests; diff --git a/src/detect-pkt-data.c b/src/detect-pkt-data.c index 8f740636bc..4bdc3b3315 100644 --- a/src/detect-pkt-data.c +++ b/src/detect-pkt-data.c @@ -53,7 +53,6 @@ void DetectPktDataRegister(void) { sigmatch_table[DETECT_PKT_DATA].name = "pkt_data"; sigmatch_table[DETECT_PKT_DATA].Match = NULL; - sigmatch_table[DETECT_PKT_DATA].AppLayerMatch = NULL; sigmatch_table[DETECT_PKT_DATA].Setup = DetectPktDataSetup; sigmatch_table[DETECT_PKT_DATA].Free = NULL; sigmatch_table[DETECT_PKT_DATA].RegisterTests = DetectPktDataTestRegister; diff --git a/src/detect-tls-cert-issuer.c b/src/detect-tls-cert-issuer.c index 5928e442c0..f918b301db 100644 --- a/src/detect-tls-cert-issuer.c +++ b/src/detect-tls-cert-issuer.c @@ -66,7 +66,6 @@ void DetectTlsIssuerRegister(void) sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].desc = "content modifier to match specifically and only on the TLS cert issuer buffer"; sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].url = DOC_URL DOC_VERSION "/rules/tls-keywords.html#tls-cert-issuer"; sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].Match = NULL; - sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].AppLayerMatch = NULL; sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].Setup = DetectTlsIssuerSetup; sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].Free = NULL; sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].RegisterTests = DetectTlsIssuerRegisterTests; diff --git a/src/detect-tls-cert-subject.c b/src/detect-tls-cert-subject.c index 8c4936bbd3..affea07ea7 100644 --- a/src/detect-tls-cert-subject.c +++ b/src/detect-tls-cert-subject.c @@ -66,7 +66,6 @@ void DetectTlsSubjectRegister(void) sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].desc = "content modifier to match specifically and only on the TLS cert subject buffer"; sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].url = DOC_URL DOC_VERSION "/rules/tls-keywords.html#tls-cert-subject"; sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].Match = NULL; - sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].AppLayerMatch = NULL; sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].Setup = DetectTlsSubjectSetup; sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].Free = NULL; sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].RegisterTests = DetectTlsSubjectRegisterTests; diff --git a/src/detect-tls-sni.c b/src/detect-tls-sni.c index 8d3f8333f2..a87f0a6e7e 100644 --- a/src/detect-tls-sni.c +++ b/src/detect-tls-sni.c @@ -66,7 +66,6 @@ void DetectTlsSniRegister(void) sigmatch_table[DETECT_AL_TLS_SNI].desc = "content modifier to match specifically and only on the TLS SNI buffer"; sigmatch_table[DETECT_AL_TLS_SNI].url = DOC_URL DOC_VERSION "/rules/tls-keywords.html#tls-sni"; sigmatch_table[DETECT_AL_TLS_SNI].Match = NULL; - sigmatch_table[DETECT_AL_TLS_SNI].AppLayerMatch = NULL; sigmatch_table[DETECT_AL_TLS_SNI].Setup = DetectTlsSniSetup; sigmatch_table[DETECT_AL_TLS_SNI].Free = NULL; sigmatch_table[DETECT_AL_TLS_SNI].RegisterTests = DetectTlsSniRegisterTests; diff --git a/src/detect-uricontent.c b/src/detect-uricontent.c index 719340e753..dc77cc9e69 100644 --- a/src/detect-uricontent.c +++ b/src/detect-uricontent.c @@ -69,7 +69,6 @@ static int g_http_uri_buffer_id = 0; void DetectUricontentRegister (void) { sigmatch_table[DETECT_URICONTENT].name = "uricontent"; - sigmatch_table[DETECT_URICONTENT].AppLayerMatch = NULL; sigmatch_table[DETECT_URICONTENT].Match = NULL; sigmatch_table[DETECT_URICONTENT].Setup = DetectUricontentSetup; sigmatch_table[DETECT_URICONTENT].Free = DetectUricontentFree; diff --git a/src/detect-urilen.c b/src/detect-urilen.c index 02e29395ba..4e65d0b831 100644 --- a/src/detect-urilen.c +++ b/src/detect-urilen.c @@ -67,7 +67,6 @@ void DetectUrilenRegister(void) sigmatch_table[DETECT_AL_URILEN].desc = "match on the length of the HTTP uri"; sigmatch_table[DETECT_AL_URILEN].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#urilen"; sigmatch_table[DETECT_AL_URILEN].Match = NULL; - sigmatch_table[DETECT_AL_URILEN].AppLayerMatch = NULL /**< We handle this at detect-engine-uri.c now */; sigmatch_table[DETECT_AL_URILEN].Setup = DetectUrilenSetup; sigmatch_table[DETECT_AL_URILEN].Free = DetectUrilenFree; sigmatch_table[DETECT_AL_URILEN].RegisterTests = DetectUrilenRegisterTests; diff --git a/src/detect.h b/src/detect.h index 3800e75296..f448f7163a 100644 --- a/src/detect.h +++ b/src/detect.h @@ -924,11 +924,6 @@ typedef struct SigTableElmt_ { /** Packet match function pointer */ int (*Match)(ThreadVars *, DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *); - /** AppLayer match function pointer */ - int (*AppLayerMatch)(ThreadVars *, DetectEngineThreadCtx *, - Flow *, uint8_t flags, void *alstate, - const Signature *, const SigMatchData *); - /** AppLayer TX match function pointer */ int (*AppLayerTxMatch)(ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv,