From cfdd934aba2ccda93afa95345b97a9aeb0dd29f2 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Sat, 10 Dec 2016 14:04:50 +0100 Subject: [PATCH] dnp3: dynamic buffers/lists --- src/detect-dnp3.c | 47 ++++++++++++++++++++++-------------- src/detect-engine-analyzer.c | 2 -- src/detect-engine.c | 4 --- src/detect-lua.c | 3 ++- src/detect.h | 3 --- 5 files changed, 31 insertions(+), 28 deletions(-) diff --git a/src/detect-dnp3.c b/src/detect-dnp3.c index 9f47c4ff65..6c868a5f21 100644 --- a/src/detect-dnp3.c +++ b/src/detect-dnp3.c @@ -27,6 +27,9 @@ #include "app-layer-dnp3.h" +static int g_dnp3_match_buffer_id = 0; +static int g_dnp3_data_buffer_id = 0; + /** * The detection struct. */ @@ -227,7 +230,7 @@ static int DetectDNP3FuncSetup(DetectEngineCtx *de_ctx, Signature *s, char *str) s->alproto = ALPROTO_DNP3; s->flags |= SIG_FLAG_STATE_MATCH; - SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_DNP3_MATCH); + SigMatchAppendSMToList(s, sm, g_dnp3_match_buffer_id); SCReturnInt(0); error: @@ -314,7 +317,7 @@ static int DetectDNP3IndSetup(DetectEngineCtx *de_ctx, Signature *s, char *str) s->alproto = ALPROTO_DNP3; s->flags |= SIG_FLAG_STATE_MATCH; - SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_DNP3_MATCH); + SigMatchAppendSMToList(s, sm, g_dnp3_match_buffer_id); SCReturnInt(0); error: @@ -387,7 +390,7 @@ static int DetectDNP3ObjSetup(DetectEngineCtx *de_ctx, Signature *s, char *str) sm->ctx = (void *)detect; s->alproto = ALPROTO_DNP3; s->flags |= SIG_FLAG_STATE_MATCH; - SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_DNP3_MATCH); + SigMatchAppendSMToList(s, sm, g_dnp3_match_buffer_id); SCReturnInt(1); fail: @@ -526,7 +529,7 @@ static void DetectDNP3ObjRegister(void) static int DetectDNP3DataSetup(DetectEngineCtx *de_ctx, Signature *s, char *str) { SCEnter(); - s->init_data->list = DETECT_SM_LIST_DNP3_DATA_MATCH; + s->init_data->list = g_dnp3_data_buffer_id; s->alproto = ALPROTO_DNP3; SCReturnInt(0); } @@ -546,11 +549,14 @@ static void DetectDNP3DataRegister(void) sigmatch_table[DETECT_AL_DNP3DATA].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_DNP3DATA].flags |= SIGMATCH_PAYLOAD; - DetectAppLayerInspectEngineRegister(ALPROTO_DNP3, SIG_FLAG_TOSERVER, - DETECT_SM_LIST_DNP3_DATA_MATCH, DetectEngineInspectDNP3Data); - DetectAppLayerInspectEngineRegister(ALPROTO_DNP3, SIG_FLAG_TOCLIENT, - DETECT_SM_LIST_DNP3_DATA_MATCH, DetectEngineInspectDNP3Data); + DetectAppLayerInspectEngineRegister2("dnp3_data", + ALPROTO_DNP3, SIG_FLAG_TOSERVER, + DetectEngineInspectDNP3Data); + DetectAppLayerInspectEngineRegister2("dnp3_data", + ALPROTO_DNP3, SIG_FLAG_TOCLIENT, + DetectEngineInspectDNP3Data); + g_dnp3_data_buffer_id = DetectBufferTypeGetByName("dnp3_data"); SCReturn; } @@ -563,10 +569,15 @@ void DetectDNP3Register(void) DetectDNP3ObjRegister(); /* Register the list of func, ind and obj. */ - DetectAppLayerInspectEngineRegister(ALPROTO_DNP3, SIG_FLAG_TOSERVER, - DETECT_SM_LIST_DNP3_MATCH, DetectEngineInspectDNP3); - DetectAppLayerInspectEngineRegister(ALPROTO_DNP3, SIG_FLAG_TOCLIENT, - DETECT_SM_LIST_DNP3_MATCH, DetectEngineInspectDNP3); + DetectAppLayerInspectEngineRegister2("dnp3", + ALPROTO_DNP3, SIG_FLAG_TOSERVER, + DetectEngineInspectDNP3); + DetectAppLayerInspectEngineRegister2("dnp3", + ALPROTO_DNP3, SIG_FLAG_TOCLIENT, + DetectEngineInspectDNP3); + + g_dnp3_match_buffer_id = DetectBufferTypeRegister("dnp3"); + } #ifdef UNITTESTS @@ -625,10 +636,10 @@ static int DetectDNP3FuncTest01(void) "dnp3_func:2; sid:5000009; rev:1;)"); FAIL_IF_NULL(de_ctx->sig_list); - FAIL_IF_NULL(de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_DNP3_MATCH]); - FAIL_IF_NULL(de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_DNP3_MATCH]->ctx); + FAIL_IF_NULL(de_ctx->sig_list->sm_lists_tail[g_dnp3_match_buffer_id]); + FAIL_IF_NULL(de_ctx->sig_list->sm_lists_tail[g_dnp3_match_buffer_id]->ctx); - dnp3func = (DetectDNP3 *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_DNP3_MATCH]->ctx; + dnp3func = (DetectDNP3 *)de_ctx->sig_list->sm_lists_tail[g_dnp3_match_buffer_id]->ctx; FAIL_IF(dnp3func->function_code != 2); if (de_ctx != NULL) { @@ -691,10 +702,10 @@ static int DetectDNP3ObjSetupTest(void) "dnp3_obj:99,99; sid:1; rev:1;)"); FAIL_IF(de_ctx->sig_list == NULL); - FAIL_IF(de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_DNP3_MATCH] == NULL); - FAIL_IF(de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_DNP3_MATCH]->ctx == NULL); + FAIL_IF(de_ctx->sig_list->sm_lists_tail[g_dnp3_match_buffer_id] == NULL); + FAIL_IF(de_ctx->sig_list->sm_lists_tail[g_dnp3_match_buffer_id]->ctx == NULL); - detect = (DetectDNP3 *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_DNP3_MATCH]->ctx; + detect = (DetectDNP3 *)de_ctx->sig_list->sm_lists_tail[g_dnp3_match_buffer_id]->ctx; FAIL_IF(detect->obj_group != 99); FAIL_IF(detect->obj_variation != 99); diff --git a/src/detect-engine-analyzer.c b/src/detect-engine-analyzer.c index 5eb47f8af4..51ac3930aa 100644 --- a/src/detect-engine-analyzer.c +++ b/src/detect-engine-analyzer.c @@ -446,8 +446,6 @@ static void EngineAnalysisRulesPrintFP(const Signature *s) fprintf(rule_engine_analysis_FD, "%s", payload ? (stream ? "payload and reassembled stream" : "payload") : "reassembled stream"); } - else if (list_type == DETECT_SM_LIST_DNP3_DATA_MATCH) - fprintf(rule_engine_analysis_FD, "dnp3 data content"); else { const char *desc = DetectBufferTypeGetDescriptionById(list_type); const char *name = DetectBufferTypeGetNameById(list_type); diff --git a/src/detect-engine.c b/src/detect-engine.c index 32b94f4ab4..c58672ebc8 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -2813,10 +2813,6 @@ const char *DetectSigmatchListEnumToString(enum DetectSigmatchListEnum type) case DETECT_SM_LIST_MODBUS_MATCH: return "modbus"; - case DETECT_SM_LIST_DNP3_DATA_MATCH: - return "dnp3_data"; - case DETECT_SM_LIST_DNP3_MATCH: - return "dnp3"; case DETECT_SM_LIST_CIP_MATCH: return "cip"; diff --git a/src/detect-lua.c b/src/detect-lua.c index 9b5484407a..a585589433 100644 --- a/src/detect-lua.c +++ b/src/detect-lua.c @@ -1039,7 +1039,8 @@ static int DetectLuaSetup (DetectEngineCtx *de_ctx, Signature *s, char *str) } else if (lua->alproto == ALPROTO_SMTP) { SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH); } else if (lua->alproto == ALPROTO_DNP3) { - SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_DNP3_MATCH); + int list = DetectBufferTypeGetByName("dnp3"); + SigMatchAppendSMToList(s, sm, list); } else { SCLogError(SC_ERR_LUA_ERROR, "lua can't be used with protocol %s", AppLayerGetProtoName(lua->alproto)); diff --git a/src/detect.h b/src/detect.h index eb577b2e24..bd901e3735 100644 --- a/src/detect.h +++ b/src/detect.h @@ -125,9 +125,6 @@ enum DetectSigmatchListEnum { DETECT_SM_LIST_CIP_MATCH, DETECT_SM_LIST_ENIP_MATCH, - DETECT_SM_LIST_DNP3_DATA_MATCH, - DETECT_SM_LIST_DNP3_MATCH, - DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH, DETECT_SM_LIST_MAX, -- 2.47.2