From: Victor Julien <victor@inliniac.net>
Date: Mon, 19 Oct 2020 12:10:16 +0000 (+0200)
Subject: detect/app-layer-event: convert to v2 inspect API
X-Git-Tag: suricata-7.0.0-beta1~1980
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8c7423fcb87d6d74858b3a54ff3b2573fc39c996;p=thirdparty%2Fsuricata.git

detect/app-layer-event: convert to v2 inspect API
---

diff --git a/src/detect-app-layer-event.c b/src/detect-app-layer-event.c
index e6b4499ad4..2a2bf28296 100644
--- a/src/detect-app-layer-event.c
+++ b/src/detect-app-layer-event.c
@@ -55,11 +55,9 @@ static int DetectAppLayerEventSetupP1(DetectEngineCtx *, Signature *, const char
 static void DetectAppLayerEventRegisterTests(void);
 #endif
 static void DetectAppLayerEventFree(DetectEngineCtx *, void *);
-static int DetectEngineAptEventInspect(ThreadVars *tv,
-        DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
-        const Signature *s, const SigMatchData *smd,
-        Flow *f, uint8_t flags, void *alstate,
-        void *tx, uint64_t tx_id);
+static int DetectEngineAptEventInspect(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+        const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
+        uint8_t flags, void *alstate, void *tx, uint64_t tx_id);
 static int g_applayer_events_list_id = 0;
 
 /**
@@ -78,21 +76,18 @@ void DetectAppLayerEventRegister(void)
     sigmatch_table[DETECT_AL_APP_LAYER_EVENT].RegisterTests =
         DetectAppLayerEventRegisterTests;
 #endif
-    DetectAppLayerInspectEngineRegister("app-layer-events",
-            ALPROTO_UNKNOWN, SIG_FLAG_TOSERVER, 0,
-            DetectEngineAptEventInspect);
-    DetectAppLayerInspectEngineRegister("app-layer-events",
-            ALPROTO_UNKNOWN, SIG_FLAG_TOCLIENT, 0,
-            DetectEngineAptEventInspect);
+
+    DetectAppLayerInspectEngineRegister2("app-layer-events", ALPROTO_UNKNOWN, SIG_FLAG_TOSERVER, 0,
+            DetectEngineAptEventInspect, NULL);
+    DetectAppLayerInspectEngineRegister2("app-layer-events", ALPROTO_UNKNOWN, SIG_FLAG_TOCLIENT, 0,
+            DetectEngineAptEventInspect, NULL);
 
     g_applayer_events_list_id = DetectBufferTypeGetByName("app-layer-events");
 }
 
-static int DetectEngineAptEventInspect(ThreadVars *tv,
-        DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
-        const Signature *s, const SigMatchData *smd,
-        Flow *f, uint8_t flags, void *alstate,
-        void *tx, uint64_t tx_id)
+static int DetectEngineAptEventInspect(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+        const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f,
+        uint8_t flags, void *alstate, void *tx, uint64_t tx_id)
 {
     int r = 0;
     const AppProto alproto = f->alproto;
@@ -101,6 +96,7 @@ static int DetectEngineAptEventInspect(ThreadVars *tv,
     if (decoder_events == NULL)
         goto end;
 
+    SigMatchData *smd = engine->smd;
     while (1) {
         DetectAppLayerEventData *aled = (DetectAppLayerEventData *)smd->ctx;
         KEYWORD_PROFILING_START;