From: Victor Julien Date: Fri, 16 Sep 2016 13:13:33 +0000 (+0200) Subject: detect file: enable HTTP inspection from validate func X-Git-Tag: suricata-3.2beta1~392 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c957c62824bff022f4633fcf24345828c02b04ad;p=thirdparty%2Fsuricata.git detect file: enable HTTP inspection from validate func --- diff --git a/src/detect-fileext.c b/src/detect-fileext.c index 973d508211..73ce1d346e 100644 --- a/src/detect-fileext.c +++ b/src/detect-fileext.c @@ -211,10 +211,6 @@ static int DetectFileextSetup (DetectEngineCtx *de_ctx, Signature *s, char *str) SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH); - if (s->alproto == ALPROTO_HTTP) { - AppLayerHtpNeedFileInspection(); - } - s->file_flags |= (FILE_SIG_NEED_FILE|FILE_SIG_NEED_FILENAME); return 0; diff --git a/src/detect-filemagic.c b/src/detect-filemagic.c index 950b0290f0..26a3b969ab 100644 --- a/src/detect-filemagic.c +++ b/src/detect-filemagic.c @@ -359,10 +359,6 @@ static int DetectFilemagicSetup (DetectEngineCtx *de_ctx, Signature *s, char *st SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH); - if (s->alproto == ALPROTO_HTTP) { - AppLayerHtpNeedFileInspection(); - } - s->file_flags |= (FILE_SIG_NEED_FILE|FILE_SIG_NEED_MAGIC); return 0; diff --git a/src/detect-filemd5.c b/src/detect-filemd5.c index d8a1871226..2e1988a630 100644 --- a/src/detect-filemd5.c +++ b/src/detect-filemd5.c @@ -324,10 +324,6 @@ static int DetectFileMd5Setup (DetectEngineCtx *de_ctx, Signature *s, char *str) SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH); - if (s->alproto == ALPROTO_HTTP) { - AppLayerHtpNeedFileInspection(); - } - s->file_flags |= (FILE_SIG_NEED_FILE|FILE_SIG_NEED_MD5); return 0; diff --git a/src/detect-filename.c b/src/detect-filename.c index 0fd55392ef..956d7340c7 100644 --- a/src/detect-filename.c +++ b/src/detect-filename.c @@ -216,10 +216,6 @@ static int DetectFilenameSetup (DetectEngineCtx *de_ctx, Signature *s, char *str SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH); - if (s->alproto == ALPROTO_HTTP) { - AppLayerHtpNeedFileInspection(); - } - s->file_flags |= (FILE_SIG_NEED_FILE|FILE_SIG_NEED_FILENAME); return 0; diff --git a/src/detect-filesize.c b/src/detect-filesize.c index 9aeae0c6f4..3f21745a32 100644 --- a/src/detect-filesize.c +++ b/src/detect-filesize.c @@ -289,10 +289,6 @@ static int DetectFilesizeSetup (DetectEngineCtx *de_ctx, Signature *s, char *str SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH); - if (s->alproto == ALPROTO_HTTP) { - AppLayerHtpNeedFileInspection(); - } - s->file_flags |= (FILE_SIG_NEED_FILE|FILE_SIG_NEED_SIZE); SCReturnInt(0); diff --git a/src/detect-parse.c b/src/detect-parse.c index 3f6a7a6a8a..f78b6033c7 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -1421,13 +1421,18 @@ int SigValidate(DetectEngineCtx *de_ctx, Signature *s) } #endif - if (((s->flags & SIG_FLAG_FILESTORE) || s->file_flags != 0) && - s->alproto != ALPROTO_UNKNOWN && - !AppLayerParserSupportsFiles(IPPROTO_TCP, s->alproto)) - { - SCLogError(SC_ERR_NO_FILES_FOR_PROTOCOL, "protocol %s doesn't " - "support file matching", AppProtoToString(s->alproto)); - SCReturnInt(0); + if ((s->flags & SIG_FLAG_FILESTORE) || s->file_flags != 0) { + if (s->alproto != ALPROTO_UNKNOWN && + !AppLayerParserSupportsFiles(IPPROTO_TCP, s->alproto)) + { + SCLogError(SC_ERR_NO_FILES_FOR_PROTOCOL, "protocol %s doesn't " + "support file matching", AppProtoToString(s->alproto)); + SCReturnInt(0); + } + + if (s->alproto == ALPROTO_HTTP) { + AppLayerHtpNeedFileInspection(); + } } SCReturnInt(1);