From 990ed204eb57a7aade912df9ad134fbbacf521f6 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Tue, 22 Apr 2025 14:21:05 +0200 Subject: [PATCH] detect/multi-buf: use only one progress for both inspect engine and app-layer mpm --- src/detect-dns-name.c | 4 ++-- src/detect-engine-helper.c | 6 ++---- src/detect-engine.c | 6 +++--- src/detect-engine.h | 2 +- src/detect-ftp-reply.c | 2 +- src/detect-http-header.c | 8 ++++---- src/detect-http2.c | 4 ++-- src/detect-ike-vendor.c | 2 +- src/detect-krb5-cname.c | 2 +- src/detect-krb5-sname.c | 2 +- src/detect-quic-cyu-hash.c | 2 +- src/detect-quic-cyu-string.c | 2 +- src/detect-tls-alpn.c | 6 +++--- src/detect-tls-certs.c | 4 ++-- src/detect-tls-subjectaltname.c | 4 ++-- 15 files changed, 27 insertions(+), 29 deletions(-) diff --git a/src/detect-dns-name.c b/src/detect-dns-name.c index 5a2b75aa25..24c30ee513 100644 --- a/src/detect-dns-name.c +++ b/src/detect-dns-name.c @@ -89,8 +89,8 @@ static int Register(const char *keyword, const char *desc, const char *doc, sigmatch_table[keyword_id].flags |= SIGMATCH_NOOPT; sigmatch_table[keyword_id].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerMultiRegister(keyword, ALPROTO_DNS, SIG_FLAG_TOSERVER, 0, GetBufferFn, 2, 1); - DetectAppLayerMultiRegister(keyword, ALPROTO_DNS, SIG_FLAG_TOCLIENT, 0, GetBufferFn, 2, 1); + DetectAppLayerMultiRegister(keyword, ALPROTO_DNS, SIG_FLAG_TOSERVER, 1, GetBufferFn, 2); + DetectAppLayerMultiRegister(keyword, ALPROTO_DNS, SIG_FLAG_TOCLIENT, 1, GetBufferFn, 2); DetectBufferTypeSetDescriptionByName(keyword, keyword); DetectBufferTypeSupportsMultiInstance(keyword); diff --git a/src/detect-engine-helper.c b/src/detect-engine-helper.c index 410c8b9200..58f64dca40 100644 --- a/src/detect-engine-helper.c +++ b/src/detect-engine-helper.c @@ -84,12 +84,10 @@ int DetectHelperMultiBufferProgressMpmRegister(const char *name, const char *des bool toclient, bool toserver, InspectionMultiBufferGetDataPtr GetData, int progress) { if (toserver) { - DetectAppLayerMultiRegister( - name, alproto, SIG_FLAG_TOSERVER, progress, GetData, 2, progress); + DetectAppLayerMultiRegister(name, alproto, SIG_FLAG_TOSERVER, progress, GetData, 2); } if (toclient) { - DetectAppLayerMultiRegister( - name, alproto, SIG_FLAG_TOCLIENT, progress, GetData, 2, progress); + DetectAppLayerMultiRegister(name, alproto, SIG_FLAG_TOCLIENT, progress, GetData, 2); } DetectBufferTypeSupportsMultiInstance(name); DetectBufferTypeSetDescriptionByName(name, desc); diff --git a/src/detect-engine.c b/src/detect-engine.c index 061b7c08f7..f6fed8a495 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -2300,12 +2300,12 @@ uint8_t DetectEngineInspectBufferGeneric(DetectEngineCtx *de_ctx, DetectEngineTh // wrapper for both DetectAppLayerInspectEngineRegister and DetectAppLayerMpmRegister // with cast of callback function void DetectAppLayerMultiRegister(const char *name, AppProto alproto, uint32_t dir, int progress, - InspectionMultiBufferGetDataPtr GetData, int priority, int tx_min_progress) + InspectionMultiBufferGetDataPtr GetData, int priority) { AppLayerInspectEngineRegisterInternal( name, alproto, dir, progress, DetectEngineInspectMultiBufferGeneric, NULL, GetData); - DetectAppLayerMpmMultiRegister(name, dir, priority, PrefilterMultiGenericMpmRegister, GetData, - alproto, tx_min_progress); + DetectAppLayerMpmMultiRegister( + name, dir, priority, PrefilterMultiGenericMpmRegister, GetData, alproto, progress); } InspectionBuffer *DetectGetMultiData(struct DetectEngineThreadCtx_ *det_ctx, diff --git a/src/detect-engine.h b/src/detect-engine.h index 6ee7b183dd..cc6e55b526 100644 --- a/src/detect-engine.h +++ b/src/detect-engine.h @@ -177,7 +177,7 @@ void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uin int progress, InspectEngineFuncPtr Callback2, InspectionBufferGetDataPtr GetData); void DetectAppLayerMultiRegister(const char *name, AppProto alproto, uint32_t dir, int progress, - InspectionMultiBufferGetDataPtr GetData, int priority, int tx_min_progress); + InspectionMultiBufferGetDataPtr GetData, int priority); void DetectPktInspectEngineRegister(const char *name, InspectionBufferGetPktDataPtr GetPktData, diff --git a/src/detect-ftp-reply.c b/src/detect-ftp-reply.c index f025ccbfe0..2c51e3b5f8 100644 --- a/src/detect-ftp-reply.c +++ b/src/detect-ftp-reply.c @@ -96,7 +96,7 @@ void DetectFtpReplyRegister(void) sigmatch_table[DETECT_FTP_REPLY].flags |= SIGMATCH_NOOPT; DetectAppLayerMultiRegister( - BUFFER_NAME, ALPROTO_FTP, SIG_FLAG_TOCLIENT, 0, DetectFTPReplyGetData, 2, 1); + BUFFER_NAME, ALPROTO_FTP, SIG_FLAG_TOCLIENT, 1, DetectFTPReplyGetData, 2); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-http-header.c b/src/detect-http-header.c index 746a3b42d0..938a9049d7 100644 --- a/src/detect-http-header.c +++ b/src/detect-http-header.c @@ -591,9 +591,9 @@ void DetectHttpRequestHeaderRegister(void) SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; DetectAppLayerMultiRegister("http_request_header", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, - HTTP2StateOpen, rs_http2_tx_get_header, 2, HTTP2StateOpen); + HTTP2StateOpen, rs_http2_tx_get_header, 2); DetectAppLayerMultiRegister("http_request_header", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, - HTP_REQUEST_PROGRESS_HEADERS, GetHttp1HeaderData, 2, HTP_REQUEST_PROGRESS_HEADERS); + HTP_REQUEST_PROGRESS_HEADERS, GetHttp1HeaderData, 2); DetectBufferTypeSetDescriptionByName("http_request_header", "HTTP header name and value"); g_http_request_header_buffer_id = DetectBufferTypeGetByName("http_request_header"); @@ -624,9 +624,9 @@ void DetectHttpResponseHeaderRegister(void) SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; DetectAppLayerMultiRegister("http_response_header", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, - HTTP2StateOpen, rs_http2_tx_get_header, 2, HTTP2StateOpen); + HTTP2StateOpen, rs_http2_tx_get_header, 2); DetectAppLayerMultiRegister("http_response_header", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, - HTP_RESPONSE_PROGRESS_HEADERS, GetHttp1HeaderData, 2, HTP_RESPONSE_PROGRESS_HEADERS); + HTP_RESPONSE_PROGRESS_HEADERS, GetHttp1HeaderData, 2); DetectBufferTypeSetDescriptionByName("http_response_header", "HTTP header name and value"); g_http_response_header_buffer_id = DetectBufferTypeGetByName("http_response_header"); diff --git a/src/detect-http2.c b/src/detect-http2.c index f0bc0daa81..aea75be824 100644 --- a/src/detect-http2.c +++ b/src/detect-http2.c @@ -174,9 +174,9 @@ void DetectHttp2Register(void) sigmatch_table[DETECT_HTTP2_HEADERNAME].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; DetectAppLayerMultiRegister("http2_header_name", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, - HTTP2StateOpen, rs_http2_tx_get_header_name, 2, HTTP2StateOpen); + HTTP2StateOpen, rs_http2_tx_get_header_name, 2); DetectAppLayerMultiRegister("http2_header_name", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, - HTTP2StateOpen, rs_http2_tx_get_header_name, 2, HTTP2StateOpen); + HTTP2StateOpen, rs_http2_tx_get_header_name, 2); DetectBufferTypeSupportsMultiInstance("http2_header_name"); DetectBufferTypeSetDescriptionByName("http2_header_name", diff --git a/src/detect-ike-vendor.c b/src/detect-ike-vendor.c index dad081dd11..6042461dd3 100644 --- a/src/detect-ike-vendor.c +++ b/src/detect-ike-vendor.c @@ -52,7 +52,7 @@ void DetectIkeVendorRegister(void) sigmatch_table[DETECT_IKE_VENDOR].flags |= SIGMATCH_INFO_STICKY_BUFFER; DetectAppLayerMultiRegister( - "ike.vendor", ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, rs_ike_tx_get_vendor, 1, 1); + "ike.vendor", ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, rs_ike_tx_get_vendor, 1); g_ike_vendor_buffer_id = DetectBufferTypeGetByName("ike.vendor"); diff --git a/src/detect-krb5-cname.c b/src/detect-krb5-cname.c index b46997a16e..dbd828669b 100644 --- a/src/detect-krb5-cname.c +++ b/src/detect-krb5-cname.c @@ -59,7 +59,7 @@ void DetectKrb5CNameRegister(void) sigmatch_table[DETECT_KRB5_CNAME].desc = "sticky buffer to match on Kerberos 5 client name"; DetectAppLayerMultiRegister( - "krb5_cname", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, rs_krb5_tx_get_cname, 2, 1); + "krb5_cname", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 1, rs_krb5_tx_get_cname, 2); DetectBufferTypeSetDescriptionByName("krb5_cname", "Kerberos 5 ticket client name"); diff --git a/src/detect-krb5-sname.c b/src/detect-krb5-sname.c index e3eb8ca39b..a806803fb3 100644 --- a/src/detect-krb5-sname.c +++ b/src/detect-krb5-sname.c @@ -59,7 +59,7 @@ void DetectKrb5SNameRegister(void) sigmatch_table[DETECT_KRB5_SNAME].desc = "sticky buffer to match on Kerberos 5 server name"; DetectAppLayerMultiRegister( - "krb5_sname", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, rs_krb5_tx_get_sname, 2, 1); + "krb5_sname", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 1, rs_krb5_tx_get_sname, 2); DetectBufferTypeSetDescriptionByName("krb5_sname", "Kerberos 5 ticket server name"); diff --git a/src/detect-quic-cyu-hash.c b/src/detect-quic-cyu-hash.c index 587a804e5d..2cb9a31740 100644 --- a/src/detect-quic-cyu-hash.c +++ b/src/detect-quic-cyu-hash.c @@ -68,7 +68,7 @@ void DetectQuicCyuHashRegister(void) #endif DetectAppLayerMultiRegister( - BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 0, rs_quic_tx_get_cyu_hash, 2, 1); + BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, rs_quic_tx_get_cyu_hash, 2); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-quic-cyu-string.c b/src/detect-quic-cyu-string.c index 1681212d3b..6dbb45684f 100644 --- a/src/detect-quic-cyu-string.c +++ b/src/detect-quic-cyu-string.c @@ -66,7 +66,7 @@ void DetectQuicCyuStringRegister(void) #endif DetectAppLayerMultiRegister( - BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 0, rs_quic_tx_get_cyu_string, 2, 1); + BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, rs_quic_tx_get_cyu_string, 2); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-tls-alpn.c b/src/detect-tls-alpn.c index ca447d2e2f..dfa6fb4408 100644 --- a/src/detect-tls-alpn.c +++ b/src/detect-tls-alpn.c @@ -104,9 +104,9 @@ void DetectTlsAlpnRegister(void) sigmatch_table[DETECT_TLS_ALPN].flags |= SIGMATCH_INFO_STICKY_BUFFER; DetectAppLayerMultiRegister("tls.alpn", ALPROTO_TLS, SIG_FLAG_TOSERVER, - TLS_STATE_CLIENT_HELLO_DONE, TlsAlpnGetData, 2, TLS_STATE_CLIENT_HELLO_DONE); - DetectAppLayerMultiRegister("tls.alpn", ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_SERVER_HELLO, - TlsAlpnGetData, 2, TLS_STATE_SERVER_HELLO); + TLS_STATE_CLIENT_HELLO_DONE, TlsAlpnGetData, 2); + DetectAppLayerMultiRegister( + "tls.alpn", ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_SERVER_HELLO, TlsAlpnGetData, 2); DetectBufferTypeSetDescriptionByName("tls.alpn", "TLS APLN"); diff --git a/src/detect-tls-certs.c b/src/detect-tls-certs.c index 86e2164eb6..197ce42bdf 100644 --- a/src/detect-tls-certs.c +++ b/src/detect-tls-certs.c @@ -113,9 +113,9 @@ void DetectTlsCertsRegister(void) sigmatch_table[DETECT_TLS_CERTS].flags |= SIGMATCH_INFO_STICKY_BUFFER; DetectAppLayerMultiRegister("tls.certs", ALPROTO_TLS, SIG_FLAG_TOCLIENT, - TLS_STATE_SERVER_CERT_DONE, TlsCertsGetData, 2, 1); + TLS_STATE_SERVER_CERT_DONE, TlsCertsGetData, 2); DetectAppLayerMultiRegister("tls.certs", ALPROTO_TLS, SIG_FLAG_TOSERVER, - TLS_STATE_CLIENT_CERT_DONE, TlsCertsGetData, 2, 1); + TLS_STATE_CLIENT_CERT_DONE, TlsCertsGetData, 2); DetectBufferTypeSetDescriptionByName("tls.certs", "TLS certificate"); diff --git a/src/detect-tls-subjectaltname.c b/src/detect-tls-subjectaltname.c index 9c0915434c..ef0aafc3aa 100644 --- a/src/detect-tls-subjectaltname.c +++ b/src/detect-tls-subjectaltname.c @@ -84,8 +84,8 @@ void DetectTlsSubjectAltNameRegister(void) sigmatch_table[DETECT_TLS_SUBJECTALTNAME].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_TLS_SUBJECTALTNAME].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerMultiRegister("tls.subjectaltname", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, - TlsSubjectAltNameGetData, 2, TLS_STATE_SERVER_CERT_DONE); + DetectAppLayerMultiRegister("tls.subjectaltname", ALPROTO_TLS, SIG_FLAG_TOCLIENT, + TLS_STATE_SERVER_CERT_DONE, TlsSubjectAltNameGetData, 2); DetectBufferTypeSetDescriptionByName("tls.subjectaltname", "TLS Subject Alternative Name"); -- 2.47.2