From: Philippe Antoine Date: Tue, 12 Jul 2022 12:30:05 +0000 (+0200) Subject: detect: remove wrappers around DetectEngineInspectGenericList X-Git-Tag: suricata-7.0.0-beta1~345 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=83a8cd80b2938bc2312668967bf58b54b8a33d05;p=thirdparty%2Fsuricata.git detect: remove wrappers around DetectEngineInspectGenericList --- diff --git a/src/detect-dce-iface.c b/src/detect-dce-iface.c index 431c1925f5..066f3806e6 100644 --- a/src/detect-dce-iface.c +++ b/src/detect-dce-iface.c @@ -63,10 +63,6 @@ static void DetectDceIfaceRegisterTests(void); #endif static int g_dce_generic_list_id = 0; -static uint8_t InspectDceGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, - uint8_t flags, void *alstate, void *txv, uint64_t tx_id); - /** * \brief Registers the keyword handlers for the "dce_iface" keyword. */ @@ -84,23 +80,15 @@ void DetectDceIfaceRegister(void) g_dce_generic_list_id = DetectBufferTypeRegister("dce_generic"); + DetectAppLayerInspectEngineRegister2("dce_generic", ALPROTO_DCERPC, SIG_FLAG_TOSERVER, 0, + DetectEngineInspectGenericList, NULL); DetectAppLayerInspectEngineRegister2( - "dce_generic", ALPROTO_DCERPC, SIG_FLAG_TOSERVER, 0, InspectDceGeneric, NULL); - DetectAppLayerInspectEngineRegister2( - "dce_generic", ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, InspectDceGeneric, NULL); + "dce_generic", ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); + DetectAppLayerInspectEngineRegister2("dce_generic", ALPROTO_DCERPC, SIG_FLAG_TOCLIENT, 0, + DetectEngineInspectGenericList, NULL); DetectAppLayerInspectEngineRegister2( - "dce_generic", ALPROTO_DCERPC, SIG_FLAG_TOCLIENT, 0, InspectDceGeneric, NULL); - DetectAppLayerInspectEngineRegister2( - "dce_generic", ALPROTO_SMB, SIG_FLAG_TOCLIENT, 0, InspectDceGeneric, NULL); -} - -static uint8_t InspectDceGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, - uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); + "dce_generic", ALPROTO_SMB, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); } /** diff --git a/src/detect-dnp3.c b/src/detect-dnp3.c index 042dc058eb..f3d64c3b32 100644 --- a/src/detect-dnp3.c +++ b/src/detect-dnp3.c @@ -176,14 +176,6 @@ static InspectionBuffer *GetDNP3Data(DetectEngineThreadCtx *det_ctx, return buffer; } -static uint8_t DetectEngineInspectDNP3(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, - uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); -} - /** * \brief Parse the provided function name or code to its integer * value. @@ -598,9 +590,9 @@ void DetectDNP3Register(void) /* Register the list of func, ind and obj. */ DetectAppLayerInspectEngineRegister2( - "dnp3", ALPROTO_DNP3, SIG_FLAG_TOSERVER, 0, DetectEngineInspectDNP3, NULL); + "dnp3", ALPROTO_DNP3, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); DetectAppLayerInspectEngineRegister2( - "dnp3", ALPROTO_DNP3, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectDNP3, NULL); + "dnp3", ALPROTO_DNP3, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); g_dnp3_match_buffer_id = DetectBufferTypeRegister("dnp3"); diff --git a/src/detect-dns-opcode.c b/src/detect-dns-opcode.c index 8e71ab6f0c..c3e03627d8 100644 --- a/src/detect-dns-opcode.c +++ b/src/detect-dns-opcode.c @@ -74,14 +74,6 @@ static int DetectDnsOpcodeMatch(DetectEngineThreadCtx *det_ctx, return rs_dns_opcode_match(txv, (void *)ctx, flags); } -static uint8_t DetectEngineInspectRequestGenericDnsOpcode(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); -} - void DetectDnsOpcodeRegister(void) { sigmatch_table[DETECT_AL_DNS_OPCODE].name = "dns.opcode"; @@ -92,11 +84,11 @@ void DetectDnsOpcodeRegister(void) sigmatch_table[DETECT_AL_DNS_OPCODE].AppLayerTxMatch = DetectDnsOpcodeMatch; - DetectAppLayerInspectEngineRegister2("dns.opcode", ALPROTO_DNS, SIG_FLAG_TOSERVER, 0, - DetectEngineInspectRequestGenericDnsOpcode, NULL); + DetectAppLayerInspectEngineRegister2( + "dns.opcode", ALPROTO_DNS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("dns.opcode", ALPROTO_DNS, SIG_FLAG_TOCLIENT, 0, - DetectEngineInspectRequestGenericDnsOpcode, NULL); + DetectAppLayerInspectEngineRegister2( + "dns.opcode", ALPROTO_DNS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); dns_opcode_list_id = DetectBufferTypeGetByName("dns.opcode"); } diff --git a/src/detect-dns-query.c b/src/detect-dns-query.c index 10cd19b008..559d6f735f 100644 --- a/src/detect-dns-query.c +++ b/src/detect-dns-query.c @@ -197,24 +197,6 @@ static int PrefilterMpmDnsQueryRegister(DetectEngineCtx *de_ctx, pectx, PrefilterMpmDnsQueryFree, mpm_reg->pname); } -#ifdef HAVE_LUA -static uint8_t DetectEngineInspectDnsRequest(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); -} - -static uint8_t DetectEngineInspectDnsResponse(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); -} -#endif - /** * \brief Registration function for keyword: dns_query */ @@ -247,9 +229,9 @@ void DetectDnsQueryRegister (void) #ifdef HAVE_LUA /* register these generic engines from here for now */ DetectAppLayerInspectEngineRegister2( - "dns_request", ALPROTO_DNS, SIG_FLAG_TOSERVER, 1, DetectEngineInspectDnsRequest, NULL); + "dns_request", ALPROTO_DNS, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); DetectAppLayerInspectEngineRegister2("dns_response", ALPROTO_DNS, SIG_FLAG_TOCLIENT, 1, - DetectEngineInspectDnsResponse, NULL); + DetectEngineInspectGenericList, NULL); DetectBufferTypeSetDescriptionByName("dns_request", "dns requests"); diff --git a/src/detect-engine.c b/src/detect-engine.c index 81250cc758..5696d3587d 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -1949,10 +1949,11 @@ int DetectEngineReloadIsIdle(void) * \retval 0 no match * \retval 1 match */ -uint8_t DetectEngineInspectGenericList(const DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Flow *f, - const uint8_t flags, void *alstate, void *txv, uint64_t tx_id) +uint8_t DetectEngineInspectGenericList(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, + const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, + uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { + SigMatchData *smd = engine->smd; SCLogDebug("running match functions, sm %p", smd); if (smd != NULL) { while (1) { diff --git a/src/detect-engine.h b/src/detect-engine.h index ab1e05ce95..755d4ac1df 100644 --- a/src/detect-engine.h +++ b/src/detect-engine.h @@ -131,8 +131,9 @@ int DetectEngineTentantUnregisterVlanId(uint32_t tenant_id, uint16_t vlan_id); int DetectEngineTentantRegisterPcapFile(uint32_t tenant_id); int DetectEngineTentantUnregisterPcapFile(uint32_t tenant_id); -uint8_t DetectEngineInspectGenericList(const DetectEngineCtx *, DetectEngineThreadCtx *, - const Signature *, const SigMatchData *, Flow *, const uint8_t, void *, void *, uint64_t); +uint8_t DetectEngineInspectGenericList(DetectEngineCtx *, DetectEngineThreadCtx *, + const struct DetectEngineAppInspectionEngine_ *, const Signature *, Flow *, uint8_t, void *, + void *, uint64_t); uint8_t DetectEngineInspectBufferGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags, diff --git a/src/detect-ftpbounce.c b/src/detect-ftpbounce.c index cf74dd59f5..427e1f6800 100644 --- a/src/detect-ftpbounce.c +++ b/src/detect-ftpbounce.c @@ -58,10 +58,6 @@ static void DetectFtpbounceRegisterTests(void); #endif static int g_ftp_request_list_id = 0; -static uint8_t InspectFtpRequest(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, - uint8_t flags, void *alstate, void *txv, uint64_t tx_id); - /** * \brief Registration function for ftpbounce: keyword * \todo add support for no_stream and stream_only @@ -81,15 +77,7 @@ void DetectFtpbounceRegister(void) g_ftp_request_list_id = DetectBufferTypeRegister("ftp_request"); DetectAppLayerInspectEngineRegister2( - "ftp_request", ALPROTO_FTP, SIG_FLAG_TOSERVER, 0, InspectFtpRequest, NULL); -} - -static uint8_t InspectFtpRequest(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, - uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); + "ftp_request", ALPROTO_FTP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); } /** diff --git a/src/detect-ftpdata.c b/src/detect-ftpdata.c index f058264dc1..d914071ca1 100644 --- a/src/detect-ftpdata.c +++ b/src/detect-ftpdata.c @@ -49,9 +49,6 @@ static void DetectFtpdataFree (DetectEngineCtx *, void *); #ifdef UNITTESTS static void DetectFtpdataRegisterTests (void); #endif -static uint8_t DetectEngineInspectFtpdataGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); static int g_ftpdata_buffer_id = 0; /** @@ -77,24 +74,16 @@ void DetectFtpdataRegister(void) { sigmatch_table[DETECT_FTPDATA].RegisterTests = DetectFtpdataRegisterTests; #endif DetectAppLayerInspectEngineRegister2("ftpdata_command", ALPROTO_FTPDATA, SIG_FLAG_TOSERVER, 0, - DetectEngineInspectFtpdataGeneric, NULL); + DetectEngineInspectGenericList, NULL); DetectAppLayerInspectEngineRegister2("ftpdata_command", ALPROTO_FTPDATA, SIG_FLAG_TOCLIENT, 0, - DetectEngineInspectFtpdataGeneric, NULL); + DetectEngineInspectGenericList, NULL); g_ftpdata_buffer_id = DetectBufferTypeGetByName("ftpdata_command"); /* set up the PCRE for keyword parsing */ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); } -static uint8_t DetectEngineInspectFtpdataGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); -} - /** * \brief This function is used to check matches from the FTP App Layer Parser * diff --git a/src/detect-http2.c b/src/detect-http2.c index bcc23a3988..09657fa461 100644 --- a/src/detect-http2.c +++ b/src/detect-http2.c @@ -109,13 +109,6 @@ static int g_http2_match_buffer_id = 0; static int g_http2_header_name_buffer_id = 0; static int g_http2_header_buffer_id = 0; -static uint8_t DetectEngineInspectHTTP2(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, - uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); -} /** * \brief Registration function for HTTP2 keywords @@ -237,9 +230,9 @@ void DetectHttp2Register(void) g_http2_header_buffer_id = DetectBufferTypeGetByName("http2_header"); DetectAppLayerInspectEngineRegister2( - "http2", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, 0, DetectEngineInspectHTTP2, NULL); + "http2", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); DetectAppLayerInspectEngineRegister2( - "http2", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectHTTP2, NULL); + "http2", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); g_http2_match_buffer_id = DetectBufferTypeRegister("http2"); return; diff --git a/src/detect-ike-chosen-sa.c b/src/detect-ike-chosen-sa.c index 3b2932e17f..3b7e224e4e 100644 --- a/src/detect-ike-chosen-sa.c +++ b/src/detect-ike-chosen-sa.c @@ -56,10 +56,6 @@ static int DetectIkeChosenSaSetup(DetectEngineCtx *, Signature *s, const char *s static void DetectIkeChosenSaFree(DetectEngineCtx *, void *); static int g_ike_chosen_sa_buffer_id = 0; -static uint8_t DetectEngineInspectIkeChosenSaGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); - static int DetectIkeChosenSaMatch(DetectEngineThreadCtx *, Flow *, uint8_t, void *, void *, const Signature *, const SigMatchCtx *); void IKEChosenSaRegisterTests(void); @@ -82,19 +78,11 @@ void DetectIkeChosenSaRegister(void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); DetectAppLayerInspectEngineRegister2("ike.chosen_sa_attribute", ALPROTO_IKE, SIG_FLAG_TOCLIENT, - 1, DetectEngineInspectIkeChosenSaGeneric, NULL); + 1, DetectEngineInspectGenericList, NULL); g_ike_chosen_sa_buffer_id = DetectBufferTypeGetByName("ike.chosen_sa_attribute"); } -static uint8_t DetectEngineInspectIkeChosenSaGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); -} - /** * \internal * \brief Function to match SA attributes of a IKE state diff --git a/src/detect-ike-exch-type.c b/src/detect-ike-exch-type.c index 13cb7e6282..3beb2c3a25 100644 --- a/src/detect-ike-exch-type.c +++ b/src/detect-ike-exch-type.c @@ -41,10 +41,6 @@ static int DetectIkeExchTypeSetup(DetectEngineCtx *, Signature *s, const char *s static void DetectIkeExchTypeFree(DetectEngineCtx *, void *); static int g_ike_exch_type_buffer_id = 0; -static uint8_t DetectEngineInspectIkeExchTypeGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); - static int DetectIkeExchTypeMatch(DetectEngineThreadCtx *, Flow *, uint8_t, void *, void *, const Signature *, const SigMatchCtx *); @@ -62,22 +58,14 @@ void DetectIkeExchTypeRegister(void) sigmatch_table[DETECT_AL_IKE_EXCH_TYPE].Free = DetectIkeExchTypeFree; DetectAppLayerInspectEngineRegister2("ike.exchtype", ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, - DetectEngineInspectIkeExchTypeGeneric, NULL); + DetectEngineInspectGenericList, NULL); DetectAppLayerInspectEngineRegister2("ike.exchtype", ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, - DetectEngineInspectIkeExchTypeGeneric, NULL); + DetectEngineInspectGenericList, NULL); g_ike_exch_type_buffer_id = DetectBufferTypeGetByName("ike.exchtype"); } -static uint8_t DetectEngineInspectIkeExchTypeGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); -} - /** * \internal * \brief Function to match exchange type of a IKE state diff --git a/src/detect-ike-key-exchange-payload-length.c b/src/detect-ike-key-exchange-payload-length.c index 84961bf8e3..998948f482 100644 --- a/src/detect-ike-key-exchange-payload-length.c +++ b/src/detect-ike-key-exchange-payload-length.c @@ -40,10 +40,6 @@ static int DetectIkeKeyExchangePayloadLengthSetup(DetectEngineCtx *, Signature * static void DetectIkeKeyExchangePayloadLengthFree(DetectEngineCtx *, void *); static int g_ike_key_exch_payload_length_buffer_id = 0; -static uint8_t DetectEngineInspectIkeKeyExchangePayloadLengthGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); - static int DetectIkeKeyExchangePayloadLengthMatch(DetectEngineThreadCtx *, Flow *, uint8_t, void *, void *, const Signature *, const SigMatchCtx *); @@ -66,23 +62,15 @@ void DetectIkeKeyExchangePayloadLengthRegister(void) DetectIkeKeyExchangePayloadLengthFree; DetectAppLayerInspectEngineRegister2("ike.key_exchange_payload_length", ALPROTO_IKE, - SIG_FLAG_TOSERVER, 1, DetectEngineInspectIkeKeyExchangePayloadLengthGeneric, NULL); + SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); DetectAppLayerInspectEngineRegister2("ike.key_exchange_payload_length", ALPROTO_IKE, - SIG_FLAG_TOCLIENT, 1, DetectEngineInspectIkeKeyExchangePayloadLengthGeneric, NULL); + SIG_FLAG_TOCLIENT, 1, DetectEngineInspectGenericList, NULL); g_ike_key_exch_payload_length_buffer_id = DetectBufferTypeGetByName("ike.key_exchange_payload_length"); } -static uint8_t DetectEngineInspectIkeKeyExchangePayloadLengthGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); -} - /** * \internal * \brief Function to match key exchange payload length of a IKE state diff --git a/src/detect-ike-nonce-payload-length.c b/src/detect-ike-nonce-payload-length.c index b29a8d2ef7..91bc6c200c 100644 --- a/src/detect-ike-nonce-payload-length.c +++ b/src/detect-ike-nonce-payload-length.c @@ -40,10 +40,6 @@ static int DetectIkeNoncePayloadLengthSetup(DetectEngineCtx *, Signature *s, con static void DetectIkeNoncePayloadLengthFree(DetectEngineCtx *, void *); static int g_ike_nonce_payload_length_buffer_id = 0; -static uint8_t DetectEngineInspectIkeNoncePayloadLengthGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); - static int DetectIkeNoncePayloadLengthMatch(DetectEngineThreadCtx *, Flow *, uint8_t, void *, void *, const Signature *, const SigMatchCtx *); @@ -62,22 +58,14 @@ void DetectIkeNoncePayloadLengthRegister(void) sigmatch_table[DETECT_AL_IKE_NONCE_PAYLOAD_LENGTH].Free = DetectIkeNoncePayloadLengthFree; DetectAppLayerInspectEngineRegister2("ike.nonce_payload_length", ALPROTO_IKE, SIG_FLAG_TOSERVER, - 1, DetectEngineInspectIkeNoncePayloadLengthGeneric, NULL); + 1, DetectEngineInspectGenericList, NULL); DetectAppLayerInspectEngineRegister2("ike.nonce_payload_length", ALPROTO_IKE, SIG_FLAG_TOCLIENT, - 1, DetectEngineInspectIkeNoncePayloadLengthGeneric, NULL); + 1, DetectEngineInspectGenericList, NULL); g_ike_nonce_payload_length_buffer_id = DetectBufferTypeGetByName("ike.nonce_payload_length"); } -static uint8_t DetectEngineInspectIkeNoncePayloadLengthGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); -} - /** * \internal * \brief Function to match nonce length of a IKE state diff --git a/src/detect-krb5-errcode.c b/src/detect-krb5-errcode.c index c39f18c543..62d498bf1b 100644 --- a/src/detect-krb5-errcode.c +++ b/src/detect-krb5-errcode.c @@ -49,10 +49,6 @@ static void DetectKrb5ErrCodeFree (DetectEngineCtx *, void *); static void DetectKrb5ErrCodeRegisterTests (void); #endif -static uint8_t DetectEngineInspectKRB5Generic(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); - static int g_krb5_err_code_list_id = 0; /** @@ -74,10 +70,10 @@ void DetectKrb5ErrCodeRegister(void) #endif DetectAppLayerInspectEngineRegister2("krb5_err_code", ALPROTO_KRB5, SIG_FLAG_TOSERVER, 0, - DetectEngineInspectKRB5Generic, NULL); + DetectEngineInspectGenericList, NULL); DetectAppLayerInspectEngineRegister2("krb5_err_code", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, - DetectEngineInspectKRB5Generic, NULL); + DetectEngineInspectGenericList, NULL); /* set up the PCRE for keyword parsing */ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); @@ -86,14 +82,6 @@ void DetectKrb5ErrCodeRegister(void) SCLogDebug("g_krb5_err_code_list_id %d", g_krb5_err_code_list_id); } -static uint8_t DetectEngineInspectKRB5Generic(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); -} - /** * \brief This function is used to match KRB5 rule option on a packet * diff --git a/src/detect-krb5-msgtype.c b/src/detect-krb5-msgtype.c index ee5d7f0618..7850d344a3 100644 --- a/src/detect-krb5-msgtype.c +++ b/src/detect-krb5-msgtype.c @@ -49,10 +49,6 @@ static void DetectKrb5MsgTypeFree (DetectEngineCtx *, void *); static void DetectKrb5MsgTypeRegisterTests (void); #endif -static uint8_t DetectEngineInspectKRB5Generic(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); - static int g_krb5_msg_type_list_id = 0; /** @@ -74,10 +70,10 @@ void DetectKrb5MsgTypeRegister(void) #endif DetectAppLayerInspectEngineRegister2("krb5_msg_type", ALPROTO_KRB5, SIG_FLAG_TOSERVER, 0, - DetectEngineInspectKRB5Generic, NULL); + DetectEngineInspectGenericList, NULL); DetectAppLayerInspectEngineRegister2("krb5_msg_type", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, - DetectEngineInspectKRB5Generic, NULL); + DetectEngineInspectGenericList, NULL); /* set up the PCRE for keyword parsing */ DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); @@ -86,14 +82,6 @@ void DetectKrb5MsgTypeRegister(void) SCLogDebug("g_krb5_msg_type_list_id %d", g_krb5_msg_type_list_id); } -static uint8_t DetectEngineInspectKRB5Generic(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); -} - /** * \brief This function is used to match KRB5 rule option on a packet * diff --git a/src/detect-lua.c b/src/detect-lua.c index e3c2722840..e4765d0a5f 100644 --- a/src/detect-lua.c +++ b/src/detect-lua.c @@ -104,10 +104,6 @@ static void DetectLuaRegisterTests(void); static void DetectLuaFree(DetectEngineCtx *, void *); static int g_smtp_generic_list_id = 0; -static uint8_t InspectSmtpGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, - uint8_t flags, void *alstate, void *txv, uint64_t tx_id); - /** * \brief Registration function for keyword: lua */ @@ -126,23 +122,15 @@ void DetectLuaRegister(void) #endif g_smtp_generic_list_id = DetectBufferTypeRegister("smtp_generic"); - DetectAppLayerInspectEngineRegister2( - "smtp_generic", ALPROTO_SMTP, SIG_FLAG_TOSERVER, 0, InspectSmtpGeneric, NULL); - DetectAppLayerInspectEngineRegister2( - "smtp_generic", ALPROTO_SMTP, SIG_FLAG_TOCLIENT, 0, InspectSmtpGeneric, NULL); + DetectAppLayerInspectEngineRegister2("smtp_generic", ALPROTO_SMTP, SIG_FLAG_TOSERVER, 0, + DetectEngineInspectGenericList, NULL); + DetectAppLayerInspectEngineRegister2("smtp_generic", ALPROTO_SMTP, SIG_FLAG_TOCLIENT, 0, + DetectEngineInspectGenericList, NULL); SCLogDebug("registering lua rule option"); return; } -static uint8_t InspectSmtpGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, - uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); -} - #define DATATYPE_PACKET BIT_U32(0) #define DATATYPE_PAYLOAD BIT_U32(1) #define DATATYPE_STREAM BIT_U32(2) diff --git a/src/detect-modbus.c b/src/detect-modbus.c index 1c542ce391..964defd6dc 100644 --- a/src/detect-modbus.c +++ b/src/detect-modbus.c @@ -121,26 +121,6 @@ static int DetectModbusMatch(DetectEngineThreadCtx *det_ctx, Flow *f, uint8_t fl return rs_modbus_inspect(txv, (void *)ctx); } -/** \brief Do the content inspection & validation for a signature - * - * \param de_ctx Detection engine context - * \param det_ctx Detection engine thread context - * \param s Signature to inspect ( and sm: SigMatch to inspect) - * \param f Flow - * \param flags App layer flags - * \param alstate App layer state - * \param txv Pointer to Modbus Transaction structure - * - * \retval 0 no match or 1 match - */ -static uint8_t DetectEngineInspectModbus(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, - uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); -} - /** * \brief Registration function for Modbus keyword */ @@ -155,7 +135,7 @@ void DetectModbusRegister(void) sigmatch_table[DETECT_AL_MODBUS].AppLayerTxMatch = DetectModbusMatch; DetectAppLayerInspectEngineRegister2( - "modbus", ALPROTO_MODBUS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectModbus, NULL); + "modbus", ALPROTO_MODBUS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); g_modbus_buffer_id = DetectBufferTypeGetByName("modbus"); } diff --git a/src/detect-mqtt-connack-sessionpresent.c b/src/detect-mqtt-connack-sessionpresent.c index b27ce2b99a..271d2a9ac4 100644 --- a/src/detect-mqtt-connack-sessionpresent.c +++ b/src/detect-mqtt-connack-sessionpresent.c @@ -45,10 +45,6 @@ static int DetectMQTTConnackSessionPresentSetup (DetectEngineCtx *, Signature *, void MQTTConnackSessionPresentRegisterTests(void); void DetectMQTTConnackSessionPresentFree(DetectEngineCtx *de_ctx, void *); -static uint8_t DetectEngineInspectMQTTConnackSessionPresentGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); - /** * \brief Registration function for mqtt.connack.session_present: keyword */ @@ -67,19 +63,11 @@ void DetectMQTTConnackSessionPresentRegister (void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); DetectAppLayerInspectEngineRegister2("mqtt.connack.session_present", ALPROTO_MQTT, - SIG_FLAG_TOSERVER, 1, DetectEngineInspectMQTTConnackSessionPresentGeneric, NULL); + SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); mqtt_connack_session_present_id = DetectBufferTypeGetByName("mqtt.connack.session_present"); } -static uint8_t DetectEngineInspectMQTTConnackSessionPresentGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); -} - /** * \internal * \brief Function to match session_present flag of an MQTT CONNACK message diff --git a/src/detect-mqtt-connect-flags.c b/src/detect-mqtt-connect-flags.c index 476d8756e9..c5ff4261f3 100644 --- a/src/detect-mqtt-connect-flags.c +++ b/src/detect-mqtt-connect-flags.c @@ -45,10 +45,6 @@ static int DetectMQTTConnectFlagsSetup (DetectEngineCtx *, Signature *, const ch void MQTTConnectFlagsRegisterTests(void); void DetectMQTTConnectFlagsFree(DetectEngineCtx *de_ctx, void *); -static uint8_t DetectEngineInspectMQTTConnectFlagsGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); - typedef struct DetectMQTTConnectFlagsData_ { MQTTFlagState username, password, @@ -75,19 +71,11 @@ void DetectMQTTConnectFlagsRegister (void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); DetectAppLayerInspectEngineRegister2("mqtt.connect.flags", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, - DetectEngineInspectMQTTConnectFlagsGeneric, NULL); + DetectEngineInspectGenericList, NULL); mqtt_connect_flags_id = DetectBufferTypeGetByName("mqtt.connect.flags"); } -static uint8_t DetectEngineInspectMQTTConnectFlagsGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); -} - /** * \internal * \brief Function to match variable header flags of an MQTT CONNECT Tx diff --git a/src/detect-mqtt-flags.c b/src/detect-mqtt-flags.c index 0a6560da37..bbde89e9a2 100644 --- a/src/detect-mqtt-flags.c +++ b/src/detect-mqtt-flags.c @@ -45,10 +45,6 @@ static int DetectMQTTFlagsSetup (DetectEngineCtx *, Signature *, const char *); void MQTTFlagsRegisterTests(void); void DetectMQTTFlagsFree(DetectEngineCtx *de_ctx, void *); -static uint8_t DetectEngineInspectMQTTFlagsGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); - typedef struct DetectMQTTFlagsData_ { MQTTFlagState retain, dup; } DetectMQTTFlagsData; @@ -70,20 +66,12 @@ void DetectMQTTFlagsRegister (void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); - DetectAppLayerInspectEngineRegister2("mqtt.flags", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, - DetectEngineInspectMQTTFlagsGeneric, NULL); + DetectAppLayerInspectEngineRegister2( + "mqtt.flags", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); mqtt_flags_id = DetectBufferTypeGetByName("mqtt.flags"); } -static uint8_t DetectEngineInspectMQTTFlagsGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); -} - /** * \internal * \brief Function to match fixed header flags of an MQTT Tx diff --git a/src/detect-mqtt-protocol-version.c b/src/detect-mqtt-protocol-version.c index 7e5d26bc40..39a9ce67d6 100644 --- a/src/detect-mqtt-protocol-version.c +++ b/src/detect-mqtt-protocol-version.c @@ -44,10 +44,6 @@ static int DetectMQTTProtocolVersionSetup (DetectEngineCtx *, Signature *, const void MQTTProtocolVersionRegisterTests(void); void DetectMQTTProtocolVersionFree(DetectEngineCtx *de_ctx, void *); -static uint8_t DetectEngineInspectMQTTProtocolVersionGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); - /** * \brief Registration function for mqtt.protocol_version: keyword */ @@ -64,19 +60,11 @@ void DetectMQTTProtocolVersionRegister (void) #endif DetectAppLayerInspectEngineRegister2("mqtt.protocol_version", ALPROTO_MQTT, SIG_FLAG_TOSERVER, - 1, DetectEngineInspectMQTTProtocolVersionGeneric, NULL); + 1, DetectEngineInspectGenericList, NULL); mqtt_protocol_version_id = DetectBufferTypeGetByName("mqtt.protocol_version"); } -static uint8_t DetectEngineInspectMQTTProtocolVersionGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); -} - /** * \internal * \brief Function to match protocol version of an MQTT Tx diff --git a/src/detect-mqtt-qos.c b/src/detect-mqtt-qos.c index 2b28d04048..c6fed65892 100644 --- a/src/detect-mqtt-qos.c +++ b/src/detect-mqtt-qos.c @@ -43,10 +43,6 @@ static int DetectMQTTQosSetup (DetectEngineCtx *, Signature *, const char *); void MQTTQosRegisterTests(void); void DetectMQTTQosFree(DetectEngineCtx *de_ctx, void *); -static uint8_t DetectEngineInspectMQTTQosGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); - /** * \brief Registration function for mqtt.qos: keyword */ @@ -62,20 +58,12 @@ void DetectMQTTQosRegister (void) sigmatch_table[DETECT_AL_MQTT_QOS].RegisterTests = MQTTQosRegisterTests; #endif - DetectAppLayerInspectEngineRegister2("mqtt.qos", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, - DetectEngineInspectMQTTQosGeneric, NULL); + DetectAppLayerInspectEngineRegister2( + "mqtt.qos", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); mqtt_qos_id = DetectBufferTypeGetByName("mqtt.qos"); } -static uint8_t DetectEngineInspectMQTTQosGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); -} - /** * \internal * \brief Function to match fixed header QOS field of an MQTT Tx diff --git a/src/detect-mqtt-reason-code.c b/src/detect-mqtt-reason-code.c index ec6c7e7255..50553aa63d 100644 --- a/src/detect-mqtt-reason-code.c +++ b/src/detect-mqtt-reason-code.c @@ -46,10 +46,6 @@ static int DetectMQTTReasonCodeSetup (DetectEngineCtx *, Signature *, const char void MQTTReasonCodeRegisterTests(void); void DetectMQTTReasonCodeFree(DetectEngineCtx *de_ctx, void *); -static uint8_t DetectEngineInspectMQTTReasonCodeGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); - /** * \brief Registration function for mqtt.reason_code: keyword */ @@ -69,19 +65,11 @@ void DetectMQTTReasonCodeRegister (void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); DetectAppLayerInspectEngineRegister2("mqtt.reason_code", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, - DetectEngineInspectMQTTReasonCodeGeneric, NULL); + DetectEngineInspectGenericList, NULL); mqtt_reason_code_id = DetectBufferTypeGetByName("mqtt.reason_code"); } -static uint8_t DetectEngineInspectMQTTReasonCodeGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); -} - /** * \internal * \brief Function to match reason code of an MQTT 5.0 Tx diff --git a/src/detect-mqtt-type.c b/src/detect-mqtt-type.c index af01e21463..5d5a32ed58 100644 --- a/src/detect-mqtt-type.c +++ b/src/detect-mqtt-type.c @@ -42,10 +42,6 @@ static int DetectMQTTTypeSetup (DetectEngineCtx *, Signature *, const char *); void MQTTTypeRegisterTests(void); void DetectMQTTTypeFree(DetectEngineCtx *de_ctx, void *); -static uint8_t DetectEngineInspectMQTTTypeGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); - /** * \brief Registration function for ipopts: keyword */ @@ -61,20 +57,12 @@ void DetectMQTTTypeRegister (void) sigmatch_table[DETECT_AL_MQTT_TYPE].RegisterTests = MQTTTypeRegisterTests; #endif - DetectAppLayerInspectEngineRegister2("mqtt.type", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, - DetectEngineInspectMQTTTypeGeneric, NULL); + DetectAppLayerInspectEngineRegister2( + "mqtt.type", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); mqtt_type_id = DetectBufferTypeGetByName("mqtt.type"); } -static uint8_t DetectEngineInspectMQTTTypeGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); -} - /** * \internal * \brief Function to match control packet type of an MQTT Tx diff --git a/src/detect-nfs-procedure.c b/src/detect-nfs-procedure.c index 2eba1794cf..0aa8333fc8 100644 --- a/src/detect-nfs-procedure.c +++ b/src/detect-nfs-procedure.c @@ -55,10 +55,6 @@ static void DetectNfsProcedureRegisterTests(void); #endif static int g_nfs_request_buffer_id = 0; -static uint8_t DetectEngineInspectNfsRequestGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); - static int DetectNfsProcedureMatch (DetectEngineThreadCtx *, Flow *, uint8_t, void *, void *, const Signature *, const SigMatchCtx *); @@ -79,22 +75,14 @@ void DetectNfsProcedureRegister (void) sigmatch_table[DETECT_AL_NFS_PROCEDURE].RegisterTests = DetectNfsProcedureRegisterTests; #endif - DetectAppLayerInspectEngineRegister2("nfs_request", ALPROTO_NFS, SIG_FLAG_TOSERVER, 0, - DetectEngineInspectNfsRequestGeneric, NULL); + DetectAppLayerInspectEngineRegister2( + "nfs_request", ALPROTO_NFS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); g_nfs_request_buffer_id = DetectBufferTypeGetByName("nfs_request"); SCLogDebug("g_nfs_request_buffer_id %d", g_nfs_request_buffer_id); } -static uint8_t DetectEngineInspectNfsRequestGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); -} - /** * \internal * \brief Function to match procedure of a TX diff --git a/src/detect-nfs-version.c b/src/detect-nfs-version.c index d90fd3e17c..ee6feeddc0 100644 --- a/src/detect-nfs-version.c +++ b/src/detect-nfs-version.c @@ -53,10 +53,6 @@ static int DetectNfsVersionSetup (DetectEngineCtx *, Signature *s, const char *s static void DetectNfsVersionFree(DetectEngineCtx *de_ctx, void *); static int g_nfs_request_buffer_id = 0; -static uint8_t DetectEngineInspectNfsRequestGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); - static int DetectNfsVersionMatch (DetectEngineThreadCtx *, Flow *, uint8_t, void *, void *, const Signature *, const SigMatchCtx *); @@ -74,22 +70,14 @@ void DetectNfsVersionRegister (void) sigmatch_table[DETECT_AL_NFS_VERSION].Setup = DetectNfsVersionSetup; sigmatch_table[DETECT_AL_NFS_VERSION].Free = DetectNfsVersionFree; // unit tests were the same as DetectNfsProcedureRegisterTests - DetectAppLayerInspectEngineRegister2("nfs_request", ALPROTO_NFS, SIG_FLAG_TOSERVER, 0, - DetectEngineInspectNfsRequestGeneric, NULL); + DetectAppLayerInspectEngineRegister2( + "nfs_request", ALPROTO_NFS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); g_nfs_request_buffer_id = DetectBufferTypeGetByName("nfs_request"); SCLogDebug("g_nfs_request_buffer_id %d", g_nfs_request_buffer_id); } -static uint8_t DetectEngineInspectNfsRequestGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); -} - /** * \internal * \brief Function to match version of a TX diff --git a/src/detect-rfb-secresult.c b/src/detect-rfb-secresult.c index bb5f53e771..1e5236811c 100644 --- a/src/detect-rfb-secresult.c +++ b/src/detect-rfb-secresult.c @@ -47,10 +47,6 @@ static void RfbSecresultRegisterTests(void); #endif void DetectRfbSecresultFree(DetectEngineCtx *, void *); -static uint8_t DetectEngineInspectRfbSecresultGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); - typedef struct DetectRfbSecresultData_ { uint32_t result; /** result code */ } DetectRfbSecresultData; @@ -72,19 +68,11 @@ void DetectRfbSecresultRegister (void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); DetectAppLayerInspectEngineRegister2("rfb.secresult", ALPROTO_RFB, SIG_FLAG_TOCLIENT, 1, - DetectEngineInspectRfbSecresultGeneric, NULL); + DetectEngineInspectGenericList, NULL); rfb_secresult_id = DetectBufferTypeGetByName("rfb.secresult"); } -static uint8_t DetectEngineInspectRfbSecresultGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); -} - enum { RFB_SECRESULT_OK = 0, RFB_SECRESULT_FAIL, diff --git a/src/detect-rfb-sectype.c b/src/detect-rfb-sectype.c index 263e2a66f9..5b53287b49 100644 --- a/src/detect-rfb-sectype.c +++ b/src/detect-rfb-sectype.c @@ -38,10 +38,6 @@ static int DetectRfbSectypeSetup (DetectEngineCtx *, Signature *s, const char *s static void DetectRfbSectypeFree(DetectEngineCtx *, void *); static int g_rfb_sectype_buffer_id = 0; -static uint8_t DetectEngineInspectRfbSectypeGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); - static int DetectRfbSectypeMatch (DetectEngineThreadCtx *, Flow *, uint8_t, void *, void *, const Signature *, const SigMatchCtx *); @@ -58,20 +54,12 @@ void DetectRfbSectypeRegister (void) sigmatch_table[DETECT_AL_RFB_SECTYPE].Setup = DetectRfbSectypeSetup; sigmatch_table[DETECT_AL_RFB_SECTYPE].Free = DetectRfbSectypeFree; - DetectAppLayerInspectEngineRegister2("rfb.sectype", ALPROTO_RFB, SIG_FLAG_TOSERVER, 1, - DetectEngineInspectRfbSectypeGeneric, NULL); + DetectAppLayerInspectEngineRegister2( + "rfb.sectype", ALPROTO_RFB, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); g_rfb_sectype_buffer_id = DetectBufferTypeGetByName("rfb.sectype"); } -static uint8_t DetectEngineInspectRfbSectypeGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); -} - /** * \internal * \brief Function to match security type of a RFB TX diff --git a/src/detect-snmp-pdu_type.c b/src/detect-snmp-pdu_type.c index 8284ad09cf..f5169448fe 100644 --- a/src/detect-snmp-pdu_type.c +++ b/src/detect-snmp-pdu_type.c @@ -49,10 +49,6 @@ static void DetectSNMPPduTypeRegisterTests(void); #endif static int g_snmp_pdu_type_buffer_id = 0; -static uint8_t DetectEngineInspectSNMPRequestGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); - static int DetectSNMPPduTypeMatch (DetectEngineThreadCtx *, Flow *, uint8_t, void *, void *, const Signature *, const SigMatchCtx *); @@ -73,22 +69,14 @@ void DetectSNMPPduTypeRegister(void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); DetectAppLayerInspectEngineRegister2("snmp.pdu_type", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, - DetectEngineInspectSNMPRequestGeneric, NULL); + DetectEngineInspectGenericList, NULL); DetectAppLayerInspectEngineRegister2("snmp.pdu_type", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0, - DetectEngineInspectSNMPRequestGeneric, NULL); + DetectEngineInspectGenericList, NULL); g_snmp_pdu_type_buffer_id = DetectBufferTypeGetByName("snmp.pdu_type"); } -static uint8_t DetectEngineInspectSNMPRequestGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); -} - /** * \internal * \brief Function to match pdu_type of a TX diff --git a/src/detect-snmp-version.c b/src/detect-snmp-version.c index 56c7ca398f..f7ff2b6dd2 100644 --- a/src/detect-snmp-version.c +++ b/src/detect-snmp-version.c @@ -40,10 +40,6 @@ static void DetectSNMPVersionRegisterTests(void); #endif static int g_snmp_version_buffer_id = 0; -static uint8_t DetectEngineInspectSNMPRequestGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); - static int DetectSNMPVersionMatch (DetectEngineThreadCtx *, Flow *, uint8_t, void *, void *, const Signature *, const SigMatchCtx *); @@ -65,22 +61,14 @@ void DetectSNMPVersionRegister (void) #endif DetectAppLayerInspectEngineRegister2("snmp.version", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, - DetectEngineInspectSNMPRequestGeneric, NULL); + DetectEngineInspectGenericList, NULL); DetectAppLayerInspectEngineRegister2("snmp.version", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0, - DetectEngineInspectSNMPRequestGeneric, NULL); + DetectEngineInspectGenericList, NULL); g_snmp_version_buffer_id = DetectBufferTypeGetByName("snmp.version"); } -static uint8_t DetectEngineInspectSNMPRequestGeneric(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); -} - /** * \internal * \brief Function to match version of a TX diff --git a/src/detect-ssh-software-version.c b/src/detect-ssh-software-version.c index b85ad7203a..c0ef98e331 100644 --- a/src/detect-ssh-software-version.c +++ b/src/detect-ssh-software-version.c @@ -77,13 +77,6 @@ static void DetectSshSoftwareVersionRegisterTests(void); static void DetectSshSoftwareVersionFree(DetectEngineCtx *de_ctx, void *); static int g_ssh_banner_list_id = 0; -static uint8_t InspectSshBanner(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, - uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); -} /** * \brief Registration function for keyword: ssh.softwareversion @@ -107,9 +100,9 @@ void DetectSshSoftwareVersionRegister(void) g_ssh_banner_list_id = DetectBufferTypeRegister("ssh_banner"); DetectAppLayerInspectEngineRegister2("ssh_banner", ALPROTO_SSH, SIG_FLAG_TOSERVER, - SshStateBannerDone, InspectSshBanner, NULL); + SshStateBannerDone, DetectEngineInspectGenericList, NULL); DetectAppLayerInspectEngineRegister2("ssh_banner", ALPROTO_SSH, SIG_FLAG_TOCLIENT, - SshStateBannerDone, InspectSshBanner, NULL); + SshStateBannerDone, DetectEngineInspectGenericList, NULL); } /** diff --git a/src/detect-ssl-state.c b/src/detect-ssl-state.c index 61674ad494..548689dba6 100644 --- a/src/detect-ssl-state.c +++ b/src/detect-ssl-state.c @@ -66,10 +66,6 @@ static void DetectSslStateRegisterTests(void); #endif static void DetectSslStateFree(DetectEngineCtx *, void *); -static uint8_t InspectTlsGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, - uint8_t flags, void *alstate, void *txv, uint64_t tx_id); - static int g_tls_generic_list_id = 0; /** @@ -95,17 +91,9 @@ void DetectSslStateRegister(void) "generic ssl/tls inspection"); DetectAppLayerInspectEngineRegister2( - "tls_generic", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, InspectTlsGeneric, NULL); + "tls_generic", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); DetectAppLayerInspectEngineRegister2( - "tls_generic", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, InspectTlsGeneric, NULL); -} - -static uint8_t InspectTlsGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, - uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); + "tls_generic", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); } /** diff --git a/src/detect-tls-cert-validity.c b/src/detect-tls-cert-validity.c index a15e0b94c4..7b9225c3fc 100644 --- a/src/detect-tls-cert-validity.c +++ b/src/detect-tls-cert-validity.c @@ -75,10 +75,6 @@ static void TlsValidRegisterTests(void); static void DetectTlsValidityFree(DetectEngineCtx *, void *); static int g_tls_validity_buffer_id = 0; -static uint8_t DetectEngineInspectTlsValidity(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); - /** * \brief Registration function for tls validity keywords. */ @@ -129,19 +125,11 @@ void DetectTlsValidityRegister (void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); DetectAppLayerInspectEngineRegister2("tls_validity", ALPROTO_TLS, SIG_FLAG_TOCLIENT, - TLS_STATE_CERT_READY, DetectEngineInspectTlsValidity, NULL); + TLS_STATE_CERT_READY, DetectEngineInspectGenericList, NULL); g_tls_validity_buffer_id = DetectBufferTypeGetByName("tls_validity"); } -static uint8_t DetectEngineInspectTlsValidity(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); -} - /** * \internal * \brief Function to match validity field in a tls certificate. diff --git a/src/detect-tls.c b/src/detect-tls.c index 74f076236b..b8973b1fdd 100644 --- a/src/detect-tls.c +++ b/src/detect-tls.c @@ -96,13 +96,6 @@ static int DetectTlsStorePostMatch (DetectEngineThreadCtx *det_ctx, static int g_tls_cert_list_id = 0; -static uint8_t InspectTlsCert(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, - uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - return DetectEngineInspectGenericList( - de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); -} /** * \brief Registration function for keyword: tls.version @@ -150,8 +143,8 @@ void DetectTlsRegister (void) g_tls_cert_list_id = DetectBufferTypeRegister("tls_cert"); - DetectAppLayerInspectEngineRegister2( - "tls_cert", ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, InspectTlsCert, NULL); + DetectAppLayerInspectEngineRegister2("tls_cert", ALPROTO_TLS, SIG_FLAG_TOCLIENT, + TLS_STATE_CERT_READY, DetectEngineInspectGenericList, NULL); } /**