From: Victor Julien <victor@inliniac.net>
Date: Thu, 22 Dec 2016 19:31:38 +0000 (+0100)
Subject: detect: remove the AMATCH list
X-Git-Tag: suricata-4.0.0-beta1~342
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ad238121e34f78c0a8c6a5eced5edcb4ecb75715;p=thirdparty%2Fsuricata.git

detect: remove the AMATCH list
---

diff --git a/src/detect-app-layer-protocol.c b/src/detect-app-layer-protocol.c
index 7e4560ffac..5761d2b87d 100644
--- a/src/detect-app-layer-protocol.c
+++ b/src/detect-app-layer-protocol.c
@@ -355,7 +355,6 @@ static int DetectAppLayerProtocolTest04(void)
     FAIL_IF(s->alproto != ALPROTO_UNKNOWN);
     FAIL_IF(s->flags & SIG_FLAG_APPLAYER);
 
-    FAIL_IF_NOT(s->sm_lists[DETECT_SM_LIST_AMATCH] == NULL);
     FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_MATCH]);
     FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_MATCH]->ctx);
 
@@ -382,7 +381,6 @@ static int DetectAppLayerProtocolTest05(void)
     FAIL_IF(s->alproto != ALPROTO_UNKNOWN);
     FAIL_IF(s->flags & SIG_FLAG_APPLAYER);
 
-    FAIL_IF_NOT(s->sm_lists[DETECT_SM_LIST_AMATCH] == NULL);
     FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_MATCH]);
     FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_MATCH]->ctx);
 
diff --git a/src/detect-dce-stub-data.c b/src/detect-dce-stub-data.c
index 418ab8fcaf..bc4831ebb3 100644
--- a/src/detect-dce-stub-data.c
+++ b/src/detect-dce-stub-data.c
@@ -110,7 +110,6 @@ static int DetectDceStubDataTestParse01(void)
     Signature *s = DetectEngineAppendSig(de_ctx,
             "alert tcp any any -> any any (dce_stub_data; content:\"1\"; sid:1;)");
     FAIL_IF_NULL(s);
-    FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_AMATCH]);
     FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_DMATCH]);
     DetectEngineCtxFree(de_ctx);
     PASS;
diff --git a/src/detect-engine.c b/src/detect-engine.c
index 24da420906..b8ed696058 100644
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@@ -2906,8 +2906,6 @@ const char *DetectSigmatchListEnumToString(enum DetectSigmatchListEnum type)
         case DETECT_SM_LIST_PMATCH:
             return "packet/stream payload";
 
-        case DETECT_SM_LIST_AMATCH:
-            return "generic app layer";
         case DETECT_SM_LIST_DMATCH:
             return "dcerpc";
         case DETECT_SM_LIST_TMATCH:
diff --git a/src/detect-parse.c b/src/detect-parse.c
index 64aaff96e5..7bce331188 100644
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@@ -141,7 +141,6 @@ const char *DetectListToHumanString(int list)
     switch (list) {
         CASE_CODE_STRING(DETECT_SM_LIST_MATCH, "packet");
         CASE_CODE_STRING(DETECT_SM_LIST_PMATCH, "payload");
-        CASE_CODE_STRING(DETECT_SM_LIST_AMATCH, "app-layer");
         CASE_CODE_STRING(DETECT_SM_LIST_DMATCH, "dcerpc");
         CASE_CODE_STRING(DETECT_SM_LIST_TMATCH, "tag");
         CASE_CODE_STRING(DETECT_SM_LIST_POSTMATCH, "postmatch");
@@ -159,7 +158,6 @@ const char *DetectListToString(int list)
     switch (list) {
         CASE_CODE(DETECT_SM_LIST_MATCH);
         CASE_CODE(DETECT_SM_LIST_PMATCH);
-        CASE_CODE(DETECT_SM_LIST_AMATCH);
         CASE_CODE(DETECT_SM_LIST_DMATCH);
         CASE_CODE(DETECT_SM_LIST_TMATCH);
         CASE_CODE(DETECT_SM_LIST_POSTMATCH);
@@ -1461,19 +1459,6 @@ int SigValidate(DetectEngineCtx *de_ctx, Signature *s)
         }
     }
 
-    for (sm = s->init_data->smlists[DETECT_SM_LIST_AMATCH]; sm != NULL; sm = sm->next) {
-        if (sm->type != DETECT_AL_APP_LAYER_PROTOCOL)
-            continue;
-        if (((DetectAppLayerProtocolData *)sm->ctx)->negated)
-            break;
-    }
-    if (sm != NULL && s->alproto != ALPROTO_UNKNOWN) {
-        SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "We can't have "
-                   "the rule match on a fixed alproto and at the same time"
-                   "have an app-layer-protocol keyword set.");
-        SCReturnInt(0);
-    }
-
     /* TCP: pkt vs stream vs depth/offset */
     if (s->proto.proto[IPPROTO_TCP / 8] & (1 << (IPPROTO_TCP % 8))) {
         if (!(s->flags & (SIG_FLAG_REQUIRE_PACKET | SIG_FLAG_REQUIRE_STREAM))) {
@@ -1613,13 +1598,8 @@ static Signature *SigInitHelper(DetectEngineCtx *de_ctx, char *sigstr,
         }
     }
 
-    if (sig->init_data->smlists[DETECT_SM_LIST_AMATCH] != NULL)
-        sig->flags |= SIG_FLAG_APPLAYER;
-
     if (sig->init_data->smlists[DETECT_SM_LIST_DMATCH])
         sig->flags |= SIG_FLAG_STATE_MATCH;
-    if (sig->init_data->smlists[DETECT_SM_LIST_AMATCH])
-        sig->flags |= SIG_FLAG_STATE_MATCH;
     /* for other lists this flag is set when the inspect engines
      * are registered */
 
diff --git a/src/detect.c b/src/detect.c
index 8f34641d8a..bd58de6567 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -1914,9 +1914,6 @@ int SignatureIsIPOnly(DetectEngineCtx *de_ctx, const Signature *s)
     if (s->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL)
         return 0;
 
-    if (s->init_data->smlists[DETECT_SM_LIST_AMATCH] != NULL)
-        return 0;
-
     /* for now assume that all registered buffer types are incompatible */
     const int nlists = DetectBufferTypeMaxId();
     for (int i = 0; i < nlists; i++) {
@@ -1986,9 +1983,6 @@ static int SignatureIsPDOnly(const Signature *s)
     if (s->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL)
         return 0;
 
-    if (s->init_data->smlists[DETECT_SM_LIST_AMATCH] != NULL)
-        return 0;
-
     /* for now assume that all registered buffer types are incompatible */
     const int nlists = DetectBufferTypeMaxId();
     for (int i = 0; i < nlists; i++) {
@@ -2084,8 +2078,7 @@ static int SignatureIsDEOnly(DetectEngineCtx *de_ctx, const Signature *s)
         SCReturnInt(0);
     }
 
-    if (s->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL ||
-        s->init_data->smlists[DETECT_SM_LIST_AMATCH] != NULL)
+    if (s->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL)
     {
         SCReturnInt(0);
     }
@@ -2239,19 +2232,6 @@ static int SignatureCreateMask(Signature *s)
     }
 
     SigMatch *sm;
-    for (sm = s->init_data->smlists[DETECT_SM_LIST_AMATCH] ; sm != NULL; sm = sm->next) {
-        switch(sm->type) {
-            case DETECT_AL_URILEN:
-            case DETECT_AL_HTTP_URI:
-                s->mask |= SIG_MASK_REQUIRE_HTTP_STATE;
-                SCLogDebug("sig requires dce http state");
-                break;
-            case DETECT_AL_APP_LAYER_EVENT:
-                s->mask |= SIG_MASK_REQUIRE_ENGINE_EVENT;
-                break;
-        }
-    }
-
     for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
         switch(sm->type) {
             case DETECT_FLOWBITS:
@@ -2390,11 +2370,6 @@ static int SignatureCreateMask(Signature *s)
         SCLogDebug("sig requires flow");
     }
 
-    if (s->init_data->smlists[DETECT_SM_LIST_AMATCH] != NULL) {
-        s->mask |= SIG_MASK_REQUIRE_FLOW;
-        SCLogDebug("sig requires flow");
-    }
-
     if (s->flags & SIG_FLAG_APPLAYER) {
         s->mask |= SIG_MASK_REQUIRE_FLOW;
         SCLogDebug("sig requires flow");
diff --git a/src/detect.h b/src/detect.h
index f448f7163a..0580fa779a 100644
--- a/src/detect.h
+++ b/src/detect.h
@@ -88,9 +88,6 @@ enum DetectSigmatchListEnum {
     DETECT_SM_LIST_MATCH = 0,
     DETECT_SM_LIST_PMATCH,
 
-    /* list for per flow matches. Deprecated. */
-    DETECT_SM_LIST_AMATCH,
-
     /* list for DCE matches */
     DETECT_SM_LIST_DMATCH,