From: Victor Julien Date: Mon, 17 Apr 2017 08:59:32 +0000 (+0200) Subject: detect: register progress in inspect engines X-Git-Tag: suricata-4.0.0-beta1~127 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d304be5bc3fff43ef27eddec56569ab6b512689a;p=thirdparty%2Fsuricata.git detect: register progress in inspect engines Register required progress so we can stop inspecting as soon as the progress isn't far enough yet. --- diff --git a/src/detect-app-layer-event.c b/src/detect-app-layer-event.c index 8658d3955e..b69ace9d8e 100644 --- a/src/detect-app-layer-event.c +++ b/src/detect-app-layer-event.c @@ -75,10 +75,10 @@ void DetectAppLayerEventRegister(void) DetectAppLayerEventRegisterTests; DetectAppLayerInspectEngineRegister("app-layer-events", - ALPROTO_UNKNOWN, SIG_FLAG_TOSERVER, + ALPROTO_UNKNOWN, SIG_FLAG_TOSERVER, 0, DetectEngineAptEventInspect); DetectAppLayerInspectEngineRegister("app-layer-events", - ALPROTO_UNKNOWN, SIG_FLAG_TOCLIENT, + ALPROTO_UNKNOWN, SIG_FLAG_TOCLIENT, 0, DetectEngineAptEventInspect); DetectBufferTypeRegisterSetupCallback("app-layer-events", diff --git a/src/detect-cipservice.c b/src/detect-cipservice.c index de9aa04c40..b142d8d558 100644 --- a/src/detect-cipservice.c +++ b/src/detect-cipservice.c @@ -59,10 +59,10 @@ void DetectCipServiceRegister(void) = DetectCipServiceRegisterTests; DetectAppLayerInspectEngineRegister("cip", - ALPROTO_ENIP, SIG_FLAG_TOSERVER, + ALPROTO_ENIP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectCIP); DetectAppLayerInspectEngineRegister("cip", - ALPROTO_ENIP, SIG_FLAG_TOCLIENT, + ALPROTO_ENIP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectCIP); g_cip_buffer_id = DetectBufferTypeGetByName("cip"); @@ -313,10 +313,10 @@ void DetectEnipCommandRegister(void) = DetectEnipCommandRegisterTests; DetectAppLayerInspectEngineRegister("enip", - ALPROTO_ENIP, SIG_FLAG_TOSERVER, + ALPROTO_ENIP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectENIP); DetectAppLayerInspectEngineRegister("enip", - ALPROTO_ENIP, SIG_FLAG_TOCLIENT, + ALPROTO_ENIP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectENIP); g_enip_buffer_id = DetectBufferTypeGetByName("enip"); diff --git a/src/detect-dce-iface.c b/src/detect-dce-iface.c index e1bf69d4df..dd37326e1f 100644 --- a/src/detect-dce-iface.c +++ b/src/detect-dce-iface.c @@ -83,14 +83,14 @@ void DetectDceIfaceRegister(void) g_dce_generic_list_id = DetectBufferTypeRegister("dce_generic"); DetectAppLayerInspectEngineRegister("dce_generic", - ALPROTO_DCERPC, SIG_FLAG_TOSERVER, InspectDceGeneric); + ALPROTO_DCERPC, SIG_FLAG_TOSERVER, 0, InspectDceGeneric); DetectAppLayerInspectEngineRegister("dce_generic", - ALPROTO_SMB, SIG_FLAG_TOSERVER, InspectDceGeneric); + ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, InspectDceGeneric); DetectAppLayerInspectEngineRegister("dce_generic", - ALPROTO_DCERPC, SIG_FLAG_TOCLIENT, InspectDceGeneric); + ALPROTO_DCERPC, SIG_FLAG_TOCLIENT, 0, InspectDceGeneric); DetectAppLayerInspectEngineRegister("dce_generic", - ALPROTO_SMB, SIG_FLAG_TOCLIENT, InspectDceGeneric); + ALPROTO_SMB, SIG_FLAG_TOCLIENT, 0, InspectDceGeneric); } static int InspectDceGeneric(ThreadVars *tv, diff --git a/src/detect-dce-stub-data.c b/src/detect-dce-stub-data.c index ee7275dede..ea3d37624b 100644 --- a/src/detect-dce-stub-data.c +++ b/src/detect-dce-stub-data.c @@ -207,17 +207,17 @@ void DetectDceStubDataRegister(void) PrefilterTxDceStubDataResponseRegister); DetectAppLayerInspectEngineRegister(BUFFER_NAME, - ALPROTO_DCERPC, SIG_FLAG_TOSERVER, + ALPROTO_DCERPC, SIG_FLAG_TOSERVER, 0, InspectEngineDceStubData); DetectAppLayerInspectEngineRegister(BUFFER_NAME, - ALPROTO_DCERPC, SIG_FLAG_TOCLIENT, + ALPROTO_DCERPC, SIG_FLAG_TOCLIENT, 0, InspectEngineDceStubData); DetectAppLayerInspectEngineRegister(BUFFER_NAME, - ALPROTO_SMB, SIG_FLAG_TOSERVER, + ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, InspectEngineDceStubData); DetectAppLayerInspectEngineRegister(BUFFER_NAME, - ALPROTO_SMB, SIG_FLAG_TOCLIENT, + ALPROTO_SMB, SIG_FLAG_TOCLIENT, 0, InspectEngineDceStubData); g_dce_stub_data_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME); diff --git a/src/detect-dnp3.c b/src/detect-dnp3.c index 153e151f8e..e152ad92e0 100644 --- a/src/detect-dnp3.c +++ b/src/detect-dnp3.c @@ -545,10 +545,10 @@ static void DetectDNP3DataRegister(void) sigmatch_table[DETECT_AL_DNP3DATA].flags |= SIGMATCH_NOOPT; DetectAppLayerInspectEngineRegister("dnp3_data", - ALPROTO_DNP3, SIG_FLAG_TOSERVER, + ALPROTO_DNP3, SIG_FLAG_TOSERVER, 0, DetectEngineInspectDNP3Data); DetectAppLayerInspectEngineRegister("dnp3_data", - ALPROTO_DNP3, SIG_FLAG_TOCLIENT, + ALPROTO_DNP3, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectDNP3Data); g_dnp3_data_buffer_id = DetectBufferTypeGetByName("dnp3_data"); @@ -565,10 +565,10 @@ void DetectDNP3Register(void) /* Register the list of func, ind and obj. */ DetectAppLayerInspectEngineRegister("dnp3", - ALPROTO_DNP3, SIG_FLAG_TOSERVER, + ALPROTO_DNP3, SIG_FLAG_TOSERVER, 0, DetectEngineInspectDNP3); DetectAppLayerInspectEngineRegister("dnp3", - ALPROTO_DNP3, SIG_FLAG_TOCLIENT, + ALPROTO_DNP3, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectDNP3); g_dnp3_match_buffer_id = DetectBufferTypeRegister("dnp3"); diff --git a/src/detect-dns-query.c b/src/detect-dns-query.c index 7269df5fcc..e50fc03d3b 100644 --- a/src/detect-dns-query.c +++ b/src/detect-dns-query.c @@ -80,7 +80,7 @@ void DetectDnsQueryRegister (void) PrefilterTxDnsQueryRegister); DetectAppLayerInspectEngineRegister("dns_query", - ALPROTO_DNS, SIG_FLAG_TOSERVER, + ALPROTO_DNS, SIG_FLAG_TOSERVER, 1, DetectEngineInspectDnsQueryName); DetectBufferTypeSetDescriptionByName("dns_query", @@ -90,10 +90,10 @@ void DetectDnsQueryRegister (void) /* register these generic engines from here for now */ DetectAppLayerInspectEngineRegister("dns_request", - ALPROTO_DNS, SIG_FLAG_TOSERVER, + ALPROTO_DNS, SIG_FLAG_TOSERVER, 1, DetectEngineInspectDnsRequest); DetectAppLayerInspectEngineRegister("dns_response", - ALPROTO_DNS, SIG_FLAG_TOCLIENT, + ALPROTO_DNS, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectDnsResponse); DetectBufferTypeSetDescriptionByName("dns_request", diff --git a/src/detect-engine.c b/src/detect-engine.c index c1fc09800a..d0be271119 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -101,7 +101,8 @@ static uint32_t DetectEngineTentantGetIdFromPcap(const void *ctx, const Packet * static DetectEngineAppInspectionEngine *g_app_inspect_engines = NULL; void DetectAppLayerInspectEngineRegister(const char *name, - AppProto alproto, uint32_t dir, InspectEngineFuncPtr Callback) + AppProto alproto, uint32_t dir, + int progress, InspectEngineFuncPtr Callback) { DetectBufferTypeRegister(name); int sm_list = DetectBufferTypeGetByName(name); @@ -113,7 +114,7 @@ void DetectAppLayerInspectEngineRegister(const char *name, (Callback == NULL)) { SCLogError(SC_ERR_INVALID_ARGUMENTS, "Invalid arguments"); - exit(EXIT_FAILURE); + BUG_ON(1); } int direction; @@ -131,6 +132,7 @@ void DetectAppLayerInspectEngineRegister(const char *name, new_engine->alproto = alproto; new_engine->dir = direction; new_engine->sm_list = sm_list; + new_engine->progress = progress; new_engine->Callback = Callback; if (g_app_inspect_engines == NULL) { diff --git a/src/detect-engine.h b/src/detect-engine.h index 590d4db6bf..4470421014 100644 --- a/src/detect-engine.h +++ b/src/detect-engine.h @@ -107,10 +107,12 @@ int DetectEngineInspectGenericList(ThreadVars *, const DetectEngineCtx *, * \param alproto App layer protocol for which we will register the engine. * \param direction The direction for the engine: SIG_FLAG_TOSERVER or * SIG_FLAG_TOCLIENT + * \param progress Minimal progress value for inspect engine to run * \param Callback The engine callback. */ void DetectAppLayerInspectEngineRegister(const char *name, - AppProto alproto, uint32_t dir, InspectEngineFuncPtr Callback); + AppProto alproto, uint32_t dir, + int progress, InspectEngineFuncPtr Callback); int DetectEngineAppInspectionEngine2Signature(Signature *s); void DetectEngineAppInspectionEngineSignatureFree(Signature *s); diff --git a/src/detect-file-data.c b/src/detect-file-data.c index da9a011bc7..3c5e5b5d41 100644 --- a/src/detect-file-data.c +++ b/src/detect-file-data.c @@ -71,10 +71,10 @@ void DetectFiledataRegister(void) PrefilterTxHttpResponseBodyRegister); DetectAppLayerInspectEngineRegister("file_data", - ALPROTO_HTTP, SIG_FLAG_TOCLIENT, + ALPROTO_HTTP, SIG_FLAG_TOCLIENT, HTP_RESPONSE_BODY, DetectEngineInspectHttpServerBody); DetectAppLayerInspectEngineRegister("file_data", - ALPROTO_SMTP, SIG_FLAG_TOSERVER, + ALPROTO_SMTP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectSMTPFiledata); DetectBufferTypeRegisterSetupCallback("file_data", diff --git a/src/detect-filename.c b/src/detect-filename.c index fcfff9b399..d7ccde6201 100644 --- a/src/detect-filename.c +++ b/src/detect-filename.c @@ -73,14 +73,14 @@ void DetectFilenameRegister(void) sigmatch_table[DETECT_FILENAME].RegisterTests = DetectFilenameRegisterTests; DetectAppLayerInspectEngineRegister("files", - ALPROTO_HTTP, SIG_FLAG_TOSERVER, + ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_BODY, DetectFileInspectHttp); DetectAppLayerInspectEngineRegister("files", - ALPROTO_HTTP, SIG_FLAG_TOCLIENT, + ALPROTO_HTTP, SIG_FLAG_TOCLIENT, HTP_RESPONSE_BODY, DetectFileInspectHttp); DetectAppLayerInspectEngineRegister("files", - ALPROTO_SMTP, SIG_FLAG_TOSERVER, + ALPROTO_SMTP, SIG_FLAG_TOSERVER, 0, DetectFileInspectSmtp); g_file_match_list_id = DetectBufferTypeGetByName("files"); diff --git a/src/detect-ftpbounce.c b/src/detect-ftpbounce.c index 8e33aaf9d0..0e595e582d 100644 --- a/src/detect-ftpbounce.c +++ b/src/detect-ftpbounce.c @@ -76,7 +76,8 @@ void DetectFtpbounceRegister(void) g_ftp_request_list_id = DetectBufferTypeRegister("ftp_request"); DetectAppLayerInspectEngineRegister("ftp_request", - ALPROTO_FTP, SIG_FLAG_TOSERVER, InspectFtpRequest); + ALPROTO_FTP, SIG_FLAG_TOSERVER, 0, + InspectFtpRequest); } static int InspectFtpRequest(ThreadVars *tv, diff --git a/src/detect-http-client-body.c b/src/detect-http-client-body.c index d227890e21..c9da5d0247 100644 --- a/src/detect-http-client-body.c +++ b/src/detect-http-client-body.c @@ -83,7 +83,7 @@ void DetectHttpClientBodyRegister(void) PrefilterTxHttpRequestBodyRegister); DetectAppLayerInspectEngineRegister("http_client_body", - ALPROTO_HTTP, SIG_FLAG_TOSERVER, + ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_BODY, DetectEngineInspectHttpClientBody); DetectBufferTypeSetDescriptionByName("http_client_body", diff --git a/src/detect-http-cookie.c b/src/detect-http-cookie.c index 391dce187d..4a6fde1901 100644 --- a/src/detect-http-cookie.c +++ b/src/detect-http-cookie.c @@ -88,10 +88,10 @@ void DetectHttpCookieRegister(void) PrefilterTxResponseCookieRegister); DetectAppLayerInspectEngineRegister("http_cookie", - ALPROTO_HTTP, SIG_FLAG_TOSERVER, + ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectHttpCookie); DetectAppLayerInspectEngineRegister("http_cookie", - ALPROTO_HTTP, SIG_FLAG_TOCLIENT, + ALPROTO_HTTP, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS, DetectEngineInspectHttpCookie); DetectBufferTypeSetDescriptionByName("http_cookie", diff --git a/src/detect-http-header-names.c b/src/detect-http-header-names.c index 1fc8f3546a..177ab6ae31 100644 --- a/src/detect-http-header-names.c +++ b/src/detect-http-header-names.c @@ -387,10 +387,10 @@ void DetectHttpHeaderNamesRegister(void) PrefilterTxHttpResponseHeaderNamesRegister); DetectAppLayerInspectEngineRegister(BUFFER_NAME, - ALPROTO_HTTP, SIG_FLAG_TOSERVER, + ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, InspectEngineHttpHeaderNames); DetectAppLayerInspectEngineRegister(BUFFER_NAME, - ALPROTO_HTTP, SIG_FLAG_TOCLIENT, + ALPROTO_HTTP, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS, InspectEngineHttpHeaderNames); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, diff --git a/src/detect-http-header.c b/src/detect-http-header.c index 21fb0746bb..6609075ef1 100644 --- a/src/detect-http-header.c +++ b/src/detect-http-header.c @@ -400,10 +400,10 @@ void DetectHttpHeaderRegister(void) PrefilterTxHttpResponseHeadersRegister); DetectAppLayerInspectEngineRegister("http_header", - ALPROTO_HTTP, SIG_FLAG_TOSERVER, + ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectHttpHeader); DetectAppLayerInspectEngineRegister("http_header", - ALPROTO_HTTP, SIG_FLAG_TOCLIENT, + ALPROTO_HTTP, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS, DetectEngineInspectHttpHeader); DetectBufferTypeSetDescriptionByName("http_header", diff --git a/src/detect-http-headers-stub.h b/src/detect-http-headers-stub.h index b6f7331205..2267671311 100644 --- a/src/detect-http-headers-stub.h +++ b/src/detect-http-headers-stub.h @@ -345,12 +345,12 @@ static void DetectHttpHeadersRegisterStub(void) #endif #ifdef KEYWORD_TOSERVER DetectAppLayerInspectEngineRegister(BUFFER_NAME, - ALPROTO_HTTP, SIG_FLAG_TOSERVER, + ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, InspectEngineHttpRequestHeader); #endif #ifdef KEYWORD_TOCLIENT DetectAppLayerInspectEngineRegister(BUFFER_NAME, - ALPROTO_HTTP, SIG_FLAG_TOCLIENT, + ALPROTO_HTTP, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS, InspectEngineHttpResponseHeader); #endif diff --git a/src/detect-http-hh.c b/src/detect-http-hh.c index 182a49e685..4f0c45ead5 100644 --- a/src/detect-http-hh.c +++ b/src/detect-http-hh.c @@ -84,7 +84,7 @@ void DetectHttpHHRegister(void) PrefilterTxHostnameRegister); DetectAppLayerInspectEngineRegister("http_host", - ALPROTO_HTTP, SIG_FLAG_TOSERVER, + ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectHttpHH); DetectBufferTypeSetDescriptionByName("http_host", diff --git a/src/detect-http-hrh.c b/src/detect-http-hrh.c index a477a51570..620cacaa25 100644 --- a/src/detect-http-hrh.c +++ b/src/detect-http-hrh.c @@ -83,7 +83,7 @@ void DetectHttpHRHRegister(void) PrefilterTxHostnameRawRegister); DetectAppLayerInspectEngineRegister("http_raw_host", - ALPROTO_HTTP, SIG_FLAG_TOSERVER, + ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectHttpHRH); DetectBufferTypeSetDescriptionByName("http_raw_host", diff --git a/src/detect-http-method.c b/src/detect-http-method.c index 433c343291..1559ff5928 100644 --- a/src/detect-http-method.c +++ b/src/detect-http-method.c @@ -85,7 +85,7 @@ void DetectHttpMethodRegister(void) PrefilterTxMethodRegister); DetectAppLayerInspectEngineRegister("http_method", - ALPROTO_HTTP, SIG_FLAG_TOSERVER, + ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE, DetectEngineInspectHttpMethod); DetectBufferTypeSetDescriptionByName("http_method", diff --git a/src/detect-http-protocol.c b/src/detect-http-protocol.c index e87b034b50..65f064c3cd 100644 --- a/src/detect-http-protocol.c +++ b/src/detect-http-protocol.c @@ -223,10 +223,10 @@ void DetectHttpProtocolRegister(void) PrefilterTxHttpResponseProtocolRegister); DetectAppLayerInspectEngineRegister(BUFFER_NAME, - ALPROTO_HTTP, SIG_FLAG_TOSERVER, + ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE, InspectEngineHttpProtocol); DetectAppLayerInspectEngineRegister(BUFFER_NAME, - ALPROTO_HTTP, SIG_FLAG_TOCLIENT, + ALPROTO_HTTP, SIG_FLAG_TOCLIENT, HTP_RESPONSE_LINE, InspectEngineHttpProtocol); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, diff --git a/src/detect-http-raw-header.c b/src/detect-http-raw-header.c index 18872b7b44..96ea83cc42 100644 --- a/src/detect-http-raw-header.c +++ b/src/detect-http-raw-header.c @@ -86,10 +86,10 @@ void DetectHttpRawHeaderRegister(void) PrefilterTxResponseHeadersRawRegister); DetectAppLayerInspectEngineRegister("http_raw_header", - ALPROTO_HTTP, SIG_FLAG_TOSERVER, + ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectHttpRawHeader); DetectAppLayerInspectEngineRegister("http_raw_header", - ALPROTO_HTTP, SIG_FLAG_TOCLIENT, + ALPROTO_HTTP, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS, DetectEngineInspectHttpRawHeader); DetectBufferTypeSetDescriptionByName("http_raw_header", diff --git a/src/detect-http-raw-uri.c b/src/detect-http-raw-uri.c index 51df60d1b9..801e2aac20 100644 --- a/src/detect-http-raw-uri.c +++ b/src/detect-http-raw-uri.c @@ -78,7 +78,7 @@ void DetectHttpRawUriRegister(void) PrefilterTxRawUriRegister); DetectAppLayerInspectEngineRegister("http_raw_uri", - ALPROTO_HTTP, SIG_FLAG_TOSERVER, + ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE, DetectEngineInspectHttpRawUri); DetectBufferTypeSetDescriptionByName("http_raw_uri", diff --git a/src/detect-http-request-line.c b/src/detect-http-request-line.c index 3d4d69b058..d8bfc0872d 100644 --- a/src/detect-http-request-line.c +++ b/src/detect-http-request-line.c @@ -88,7 +88,7 @@ void DetectHttpRequestLineRegister(void) PrefilterTxHttpRequestLineRegister); DetectAppLayerInspectEngineRegister("http_request_line", - ALPROTO_HTTP, SIG_FLAG_TOSERVER, + ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE, DetectEngineInspectHttpRequestLine); DetectBufferTypeSetDescriptionByName("http_request_line", diff --git a/src/detect-http-response-line.c b/src/detect-http-response-line.c index cb28358c92..f35e393a35 100644 --- a/src/detect-http-response-line.c +++ b/src/detect-http-response-line.c @@ -88,7 +88,7 @@ void DetectHttpResponseLineRegister(void) PrefilterTxHttpResponseLineRegister); DetectAppLayerInspectEngineRegister("http_response_line", - ALPROTO_HTTP, SIG_FLAG_TOCLIENT, + ALPROTO_HTTP, SIG_FLAG_TOCLIENT, HTP_RESPONSE_LINE, DetectEngineInspectHttpResponseLine); DetectBufferTypeSetDescriptionByName("http_response_line", diff --git a/src/detect-http-start.c b/src/detect-http-start.c index 1e5836b77b..1937da1a5d 100644 --- a/src/detect-http-start.c +++ b/src/detect-http-start.c @@ -312,10 +312,10 @@ void DetectHttpStartRegister(void) PrefilterTxHttpResponseStartRegister); DetectAppLayerInspectEngineRegister(BUFFER_NAME, - ALPROTO_HTTP, SIG_FLAG_TOSERVER, + ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, InspectEngineHttpStart); DetectAppLayerInspectEngineRegister(BUFFER_NAME, - ALPROTO_HTTP, SIG_FLAG_TOCLIENT, + ALPROTO_HTTP, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS, InspectEngineHttpStart); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, diff --git a/src/detect-http-stat-code.c b/src/detect-http-stat-code.c index 80743c92ba..4821ad10db 100644 --- a/src/detect-http-stat-code.c +++ b/src/detect-http-stat-code.c @@ -87,7 +87,7 @@ void DetectHttpStatCodeRegister (void) PrefilterTxHttpStatCodeRegister); DetectAppLayerInspectEngineRegister("http_stat_code", - ALPROTO_HTTP, SIG_FLAG_TOCLIENT, + ALPROTO_HTTP, SIG_FLAG_TOCLIENT, HTP_RESPONSE_LINE, DetectEngineInspectHttpStatCode); DetectBufferTypeSetDescriptionByName("http_stat_code", diff --git a/src/detect-http-stat-msg.c b/src/detect-http-stat-msg.c index 5ae19559ec..e12b8d1ba6 100644 --- a/src/detect-http-stat-msg.c +++ b/src/detect-http-stat-msg.c @@ -87,7 +87,7 @@ void DetectHttpStatMsgRegister (void) PrefilterTxHttpStatMsgRegister); DetectAppLayerInspectEngineRegister("http_stat_msg", - ALPROTO_HTTP, SIG_FLAG_TOCLIENT, + ALPROTO_HTTP, SIG_FLAG_TOCLIENT, HTP_RESPONSE_LINE, DetectEngineInspectHttpStatMsg); DetectBufferTypeSetDescriptionByName("http_stat_msg", diff --git a/src/detect-http-ua.c b/src/detect-http-ua.c index 654e72f05b..4291bc276f 100644 --- a/src/detect-http-ua.c +++ b/src/detect-http-ua.c @@ -84,7 +84,7 @@ void DetectHttpUARegister(void) PrefilterTxUARegister); DetectAppLayerInspectEngineRegister("http_user_agent", - ALPROTO_HTTP, SIG_FLAG_TOSERVER, + ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectHttpUA); DetectBufferTypeSetDescriptionByName("http_user_agent", diff --git a/src/detect-http-uri.c b/src/detect-http-uri.c index 64e2c03dd8..f42548f590 100644 --- a/src/detect-http-uri.c +++ b/src/detect-http-uri.c @@ -79,7 +79,8 @@ void DetectHttpUriRegister (void) DetectAppLayerMpmRegister("http_uri", SIG_FLAG_TOSERVER, 2, PrefilterTxUriRegister); - DetectAppLayerInspectEngineRegister("http_uri", ALPROTO_HTTP, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_uri", + ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE, DetectEngineInspectHttpUri); DetectBufferTypeSetDescriptionByName("http_uri", diff --git a/src/detect-lua.c b/src/detect-lua.c index 0c00edc8bf..5eb9f0eca9 100644 --- a/src/detect-lua.c +++ b/src/detect-lua.c @@ -122,10 +122,10 @@ void DetectLuaRegister(void) g_smtp_generic_list_id = DetectBufferTypeRegister("smtp_generic"); DetectAppLayerInspectEngineRegister("smtp_generic", - ALPROTO_SMTP, SIG_FLAG_TOSERVER, + ALPROTO_SMTP, SIG_FLAG_TOSERVER, 0, InspectSmtpGeneric); DetectAppLayerInspectEngineRegister("smtp_generic", - ALPROTO_SMTP, SIG_FLAG_TOCLIENT, + ALPROTO_SMTP, SIG_FLAG_TOCLIENT, 0, InspectSmtpGeneric); SCLogDebug("registering lua rule option"); diff --git a/src/detect-modbus.c b/src/detect-modbus.c index 1c84f5778e..e0ab9c88c3 100644 --- a/src/detect-modbus.c +++ b/src/detect-modbus.c @@ -414,10 +414,10 @@ void DetectModbusRegister(void) &access_parse_regex, &access_parse_regex_study); DetectAppLayerInspectEngineRegister("modbus", - ALPROTO_MODBUS, SIG_FLAG_TOSERVER, + ALPROTO_MODBUS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectModbus); DetectAppLayerInspectEngineRegister("modbus", - ALPROTO_MODBUS, SIG_FLAG_TOCLIENT, + ALPROTO_MODBUS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectModbus); g_modbus_buffer_id = DetectBufferTypeGetByName("modbus"); diff --git a/src/detect-ssh-proto.c b/src/detect-ssh-proto.c index ac1757388c..794290b7a2 100644 --- a/src/detect-ssh-proto.c +++ b/src/detect-ssh-proto.c @@ -195,10 +195,10 @@ void DetectSshProtocolRegister(void) PrefilterTxSshResponseProtocolRegister); DetectAppLayerInspectEngineRegister(BUFFER_NAME, - ALPROTO_SSH, SIG_FLAG_TOSERVER, + ALPROTO_SSH, SIG_FLAG_TOSERVER, SSH_STATE_BANNER_DONE, InspectEngineSshProtocol); DetectAppLayerInspectEngineRegister(BUFFER_NAME, - ALPROTO_SSH, SIG_FLAG_TOCLIENT, + ALPROTO_SSH, SIG_FLAG_TOCLIENT, SSH_STATE_BANNER_DONE, InspectEngineSshProtocol); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, diff --git a/src/detect-ssh-software-version.c b/src/detect-ssh-software-version.c index da5cc5190b..85d5769271 100644 --- a/src/detect-ssh-software-version.c +++ b/src/detect-ssh-software-version.c @@ -100,9 +100,11 @@ void DetectSshSoftwareVersionRegister(void) g_ssh_banner_list_id = DetectBufferTypeRegister("ssh_banner"); DetectAppLayerInspectEngineRegister("ssh_banner", - ALPROTO_SSH, SIG_FLAG_TOSERVER, InspectSshBanner); + ALPROTO_SSH, SIG_FLAG_TOSERVER, SSH_STATE_BANNER_DONE, + InspectSshBanner); DetectAppLayerInspectEngineRegister("ssh_banner", - ALPROTO_SSH, SIG_FLAG_TOCLIENT, InspectSshBanner); + ALPROTO_SSH, SIG_FLAG_TOCLIENT, SSH_STATE_BANNER_DONE, + InspectSshBanner); } /** diff --git a/src/detect-ssh-software.c b/src/detect-ssh-software.c index bf2a7e1876..c93579f69e 100644 --- a/src/detect-ssh-software.c +++ b/src/detect-ssh-software.c @@ -195,10 +195,10 @@ void DetectSshSoftwareRegister(void) PrefilterTxSshResponseSoftwareRegister); DetectAppLayerInspectEngineRegister(BUFFER_NAME, - ALPROTO_SSH, SIG_FLAG_TOSERVER, + ALPROTO_SSH, SIG_FLAG_TOSERVER, SSH_STATE_BANNER_DONE, InspectEngineSshSoftware); DetectAppLayerInspectEngineRegister(BUFFER_NAME, - ALPROTO_SSH, SIG_FLAG_TOCLIENT, + ALPROTO_SSH, SIG_FLAG_TOCLIENT, SSH_STATE_BANNER_DONE, InspectEngineSshSoftware); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, diff --git a/src/detect-ssl-state.c b/src/detect-ssl-state.c index 8415588188..3e7dda0213 100644 --- a/src/detect-ssl-state.c +++ b/src/detect-ssl-state.c @@ -94,10 +94,10 @@ void DetectSslStateRegister(void) "generic ssl/tls inspection"); DetectAppLayerInspectEngineRegister("tls_generic", - ALPROTO_TLS, SIG_FLAG_TOSERVER, + ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, InspectTlsGeneric); DetectAppLayerInspectEngineRegister("tls_generic", - ALPROTO_TLS, SIG_FLAG_TOCLIENT, + ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, InspectTlsGeneric); } diff --git a/src/detect-template-buffer.c b/src/detect-template-buffer.c index aba807cbe2..1e7fcceea2 100644 --- a/src/detect-template-buffer.c +++ b/src/detect-template-buffer.c @@ -59,10 +59,10 @@ void DetectTemplateBufferRegister(void) /* register inspect engines */ DetectAppLayerInspectEngineRegister("template_buffer", - ALPROTO_TEMPLATE, SIG_FLAG_TOSERVER, + ALPROTO_TEMPLATE, SIG_FLAG_TOSERVER, 0, DetectEngineInspectTemplateBuffer); DetectAppLayerInspectEngineRegister("template_buffer", - ALPROTO_TEMPLATE, SIG_FLAG_TOCLIENT, + ALPROTO_TEMPLATE, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectTemplateBuffer); g_template_buffer_id = DetectBufferTypeGetByName("template_buffer"); diff --git a/src/detect-tls-cert-issuer.c b/src/detect-tls-cert-issuer.c index dc4c8b621e..c88a533439 100644 --- a/src/detect-tls-cert-issuer.c +++ b/src/detect-tls-cert-issuer.c @@ -76,7 +76,7 @@ void DetectTlsIssuerRegister(void) PrefilterTxTlsIssuerRegister); DetectAppLayerInspectEngineRegister("tls_cert_issuer", - ALPROTO_TLS, SIG_FLAG_TOCLIENT, + ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, DetectEngineInspectTlsIssuer); g_tls_cert_issuer_buffer_id = DetectBufferTypeGetByName("tls_cert_issuer"); diff --git a/src/detect-tls-cert-serial.c b/src/detect-tls-cert-serial.c index 4d0a8e4da8..5463fccaca 100644 --- a/src/detect-tls-cert-serial.c +++ b/src/detect-tls-cert-serial.c @@ -76,7 +76,8 @@ void DetectTlsSerialRegister(void) PrefilterTxTlsSerialRegister); DetectAppLayerInspectEngineRegister("tls_cert_serial", ALPROTO_TLS, - SIG_FLAG_TOCLIENT, DetectEngineInspectTlsSerial); + SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, + DetectEngineInspectTlsSerial); g_tls_cert_serial_buffer_id = DetectBufferTypeGetByName("tls_cert_serial"); } diff --git a/src/detect-tls-cert-subject.c b/src/detect-tls-cert-subject.c index d6581fca4c..271e8f2230 100644 --- a/src/detect-tls-cert-subject.c +++ b/src/detect-tls-cert-subject.c @@ -76,7 +76,7 @@ void DetectTlsSubjectRegister(void) PrefilterTxTlsSubjectRegister); DetectAppLayerInspectEngineRegister("tls_cert_subject", - ALPROTO_TLS, SIG_FLAG_TOCLIENT, + ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, DetectEngineInspectTlsSubject); g_tls_cert_subject_buffer_id = DetectBufferTypeGetByName("tls_cert_subject"); diff --git a/src/detect-tls-cert-validity.c b/src/detect-tls-cert-validity.c index 17e4b32df7..99a12b6b7e 100644 --- a/src/detect-tls-cert-validity.c +++ b/src/detect-tls-cert-validity.c @@ -121,7 +121,7 @@ void DetectTlsValidityRegister (void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); DetectAppLayerInspectEngineRegister("tls_validity", - ALPROTO_TLS, SIG_FLAG_TOCLIENT, + ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, DetectEngineInspectTlsValidity); g_tls_validity_buffer_id = DetectBufferTypeGetByName("tls_validity"); diff --git a/src/detect-tls-sni.c b/src/detect-tls-sni.c index 195175a70f..5b5350c643 100644 --- a/src/detect-tls-sni.c +++ b/src/detect-tls-sni.c @@ -76,7 +76,7 @@ void DetectTlsSniRegister(void) PrefilterTxTlsSniRegister); DetectAppLayerInspectEngineRegister("tls_sni", - ALPROTO_TLS, SIG_FLAG_TOSERVER, + ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectTlsSni); g_tls_sni_buffer_id = DetectBufferTypeGetByName("tls_sni"); diff --git a/src/detect-tls.c b/src/detect-tls.c index 585eabe3c9..222e4f9335 100644 --- a/src/detect-tls.c +++ b/src/detect-tls.c @@ -159,7 +159,7 @@ void DetectTlsRegister (void) g_tls_cert_list_id = DetectBufferTypeRegister("tls_cert"); DetectAppLayerInspectEngineRegister("tls_cert", - ALPROTO_TLS, SIG_FLAG_TOCLIENT, + ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, InspectTlsCert); } diff --git a/src/detect.h b/src/detect.h index 85f5f241bb..acb2cc694d 100644 --- a/src/detect.h +++ b/src/detect.h @@ -334,7 +334,8 @@ typedef struct DetectEngineAppInspectionEngine_ { AppProto alproto; uint8_t dir; uint8_t id; /**< per sig id used in state keeping */ - int sm_list; + int16_t sm_list; + int16_t progress; /* \retval 0 No match. Don't discontinue matching yet. We need more data. * 1 Match.