From: Victor Julien Date: Sun, 5 Apr 2020 15:51:52 +0000 (+0200) Subject: detect/files: inspect api v2 X-Git-Tag: suricata-7.0.0-beta1~1975 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e0e4454db71719cfdff75278e626899b701eba1e;p=thirdparty%2Fsuricata.git detect/files: inspect api v2 --- diff --git a/src/detect-engine-file.c b/src/detect-engine-file.c index 7f1dcd53c9..d9e31e0847 100644 --- a/src/detect-engine-file.c +++ b/src/detect-engine-file.c @@ -201,7 +201,6 @@ static int DetectFileInspect(DetectEngineThreadCtx *det_ctx, Flow *f, const Sign /** * \brief Inspect the file inspecting keywords against the state * - * \param tv thread vars * \param det_ctx detection engine thread ctx * \param f flow * \param s signature to inspect @@ -215,8 +214,8 @@ static int DetectFileInspect(DetectEngineThreadCtx *det_ctx, Flow *f, const Sign * * \note flow is not locked at this time */ -int DetectFileInspectGeneric(ThreadVars *_tv, DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Flow *f, +int DetectFileInspectGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, + const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, uint8_t flags, void *_alstate, void *tx, uint64_t tx_id) { SCEnter(); @@ -229,7 +228,7 @@ int DetectFileInspectGeneric(ThreadVars *_tv, DetectEngineCtx *de_ctx, } int r = DETECT_ENGINE_INSPECT_SIG_NO_MATCH; - int match = DetectFileInspect(det_ctx, f, s, smd, flags, ffc); + int match = DetectFileInspect(det_ctx, f, s, engine->smd, flags, ffc); if (match == DETECT_ENGINE_INSPECT_SIG_MATCH) { r = DETECT_ENGINE_INSPECT_SIG_MATCH; } else if (match == DETECT_ENGINE_INSPECT_SIG_CANT_MATCH) { diff --git a/src/detect-engine-file.h b/src/detect-engine-file.h index 839f202d56..2f7a0fc8b8 100644 --- a/src/detect-engine-file.h +++ b/src/detect-engine-file.h @@ -34,9 +34,8 @@ int DetectFileInspectSmtp(ThreadVars *tv, const Signature *s, const SigMatchData *smd, Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id); -int DetectFileInspectGeneric(ThreadVars *tv, - DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatchData *smd, - Flow *f, uint8_t flags, void *alstate, void *tx, uint64_t tx_id); +int DetectFileInspectGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, + const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, + uint8_t flags, void *_alstate, void *tx, uint64_t tx_id); #endif /* __DETECT_ENGINE_FILE_H__ */ diff --git a/src/detect-filename.c b/src/detect-filename.c index 963794fb0f..b8eecfed19 100644 --- a/src/detect-filename.c +++ b/src/detect-filename.c @@ -97,45 +97,34 @@ void DetectFilenameRegister(void) sigmatch_table[DETECT_FILE_NAME].Setup = DetectFilenameSetupSticky; sigmatch_table[DETECT_FILE_NAME].flags = SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister("files", - ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_BODY, - DetectFileInspectGeneric); - DetectAppLayerInspectEngineRegister("files", - ALPROTO_HTTP, SIG_FLAG_TOCLIENT, HTP_RESPONSE_BODY, - DetectFileInspectGeneric); - - DetectAppLayerInspectEngineRegister("files", - ALPROTO_SMTP, SIG_FLAG_TOSERVER, 0, - DetectFileInspectGeneric); - - DetectAppLayerInspectEngineRegister("files", - ALPROTO_NFS, SIG_FLAG_TOSERVER, 0, - DetectFileInspectGeneric); - DetectAppLayerInspectEngineRegister("files", - ALPROTO_NFS, SIG_FLAG_TOCLIENT, 0, - DetectFileInspectGeneric); - - DetectAppLayerInspectEngineRegister("files", - ALPROTO_FTPDATA, SIG_FLAG_TOSERVER, 0, - DetectFileInspectGeneric); - DetectAppLayerInspectEngineRegister("files", - ALPROTO_FTPDATA, SIG_FLAG_TOCLIENT, 0, - DetectFileInspectGeneric); - - DetectAppLayerInspectEngineRegister("files", - ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, - DetectFileInspectGeneric); - DetectAppLayerInspectEngineRegister("files", - ALPROTO_SMB, SIG_FLAG_TOCLIENT, 0, - DetectFileInspectGeneric); + DetectAppLayerInspectEngineRegister2("files", ALPROTO_HTTP, SIG_FLAG_TOSERVER, HTP_REQUEST_BODY, + DetectFileInspectGeneric, NULL); + DetectAppLayerInspectEngineRegister2("files", ALPROTO_HTTP, SIG_FLAG_TOCLIENT, + HTP_RESPONSE_BODY, DetectFileInspectGeneric, NULL); + + DetectAppLayerInspectEngineRegister2( + "files", ALPROTO_SMTP, SIG_FLAG_TOSERVER, 0, DetectFileInspectGeneric, NULL); + + DetectAppLayerInspectEngineRegister2( + "files", ALPROTO_NFS, SIG_FLAG_TOSERVER, 0, DetectFileInspectGeneric, NULL); + DetectAppLayerInspectEngineRegister2( + "files", ALPROTO_NFS, SIG_FLAG_TOCLIENT, 0, DetectFileInspectGeneric, NULL); + + DetectAppLayerInspectEngineRegister2( + "files", ALPROTO_FTPDATA, SIG_FLAG_TOSERVER, 0, DetectFileInspectGeneric, NULL); + DetectAppLayerInspectEngineRegister2( + "files", ALPROTO_FTPDATA, SIG_FLAG_TOCLIENT, 0, DetectFileInspectGeneric, NULL); + + DetectAppLayerInspectEngineRegister2( + "files", ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, DetectFileInspectGeneric, NULL); + DetectAppLayerInspectEngineRegister2( + "files", ALPROTO_SMB, SIG_FLAG_TOCLIENT, 0, DetectFileInspectGeneric, NULL); //this is used by filestore - DetectAppLayerInspectEngineRegister("files", - ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, - DetectFileInspectGeneric); - DetectAppLayerInspectEngineRegister("files", - ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, - DetectFileInspectGeneric); + DetectAppLayerInspectEngineRegister2("files", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + HTTP2StateDataClient, DetectFileInspectGeneric, NULL); + DetectAppLayerInspectEngineRegister2("files", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + HTTP2StateDataServer, DetectFileInspectGeneric, NULL); g_file_match_list_id = DetectBufferTypeGetByName("files");