From: Victor Julien Date: Tue, 23 Apr 2013 14:35:13 +0000 (+0200) Subject: Merge SIG_FLAG_MPM_HTTP and SIG_FLAG_MPM_DNS into SIG_FLAG_MPM_APPLAYER, do the same... X-Git-Tag: suricata-2.0beta1~71 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6645620c03634081886885d0be34577a75c71bda;p=thirdparty%2Fsuricata.git Merge SIG_FLAG_MPM_HTTP and SIG_FLAG_MPM_DNS into SIG_FLAG_MPM_APPLAYER, do the same for the _NEG variant. --- diff --git a/src/detect-engine-mpm.c b/src/detect-engine-mpm.c index bc125ffadf..c441e0f7e5 100644 --- a/src/detect-engine-mpm.c +++ b/src/detect-engine-mpm.c @@ -1564,126 +1564,126 @@ static void PopulateMpmAddPatternToMpm(DetectEngineCtx *de_ctx, if (s->flags & SIG_FLAG_TOCLIENT) mpm_ctx_tc = sgh->mpm_uri_ctx_tc; sgh_flags = SIG_GROUP_HEAD_MPM_URI; - sig_flags |= SIG_FLAG_MPM_HTTP; + sig_flags |= SIG_FLAG_MPM_APPLAYER; if (cd->flags & DETECT_CONTENT_NEGATED) - sig_flags |= SIG_FLAG_MPM_HTTP_NEG; + sig_flags |= SIG_FLAG_MPM_APPLAYER_NEG; } else if (sm_list == DETECT_SM_LIST_HCBDMATCH) { if (s->flags & SIG_FLAG_TOSERVER) mpm_ctx_ts = sgh->mpm_hcbd_ctx_ts; if (s->flags & SIG_FLAG_TOCLIENT) mpm_ctx_tc = sgh->mpm_hcbd_ctx_tc; sgh_flags = SIG_GROUP_HEAD_MPM_HCBD; - sig_flags |= SIG_FLAG_MPM_HTTP; + sig_flags |= SIG_FLAG_MPM_APPLAYER; if (cd->flags & DETECT_CONTENT_NEGATED) - sig_flags |= SIG_FLAG_MPM_HTTP_NEG; + sig_flags |= SIG_FLAG_MPM_APPLAYER_NEG; } else if (sm_list == DETECT_SM_LIST_HSBDMATCH) { if (s->flags & SIG_FLAG_TOSERVER) mpm_ctx_ts = sgh->mpm_hsbd_ctx_ts; if (s->flags & SIG_FLAG_TOCLIENT) mpm_ctx_tc = sgh->mpm_hsbd_ctx_tc; sgh_flags = SIG_GROUP_HEAD_MPM_HSBD; - sig_flags |= SIG_FLAG_MPM_HTTP; + sig_flags |= SIG_FLAG_MPM_APPLAYER; if (cd->flags & DETECT_CONTENT_NEGATED) - sig_flags |= SIG_FLAG_MPM_HTTP_NEG; + sig_flags |= SIG_FLAG_MPM_APPLAYER_NEG; } else if (sm_list == DETECT_SM_LIST_HHDMATCH) { if (s->flags & SIG_FLAG_TOSERVER) mpm_ctx_ts = sgh->mpm_hhd_ctx_ts; if (s->flags & SIG_FLAG_TOCLIENT) mpm_ctx_tc = sgh->mpm_hhd_ctx_tc; sgh_flags = SIG_GROUP_HEAD_MPM_HHD; - sig_flags |= SIG_FLAG_MPM_HTTP; + sig_flags |= SIG_FLAG_MPM_APPLAYER; if (cd->flags & DETECT_CONTENT_NEGATED) - sig_flags |= SIG_FLAG_MPM_HTTP_NEG; + sig_flags |= SIG_FLAG_MPM_APPLAYER_NEG; } else if (sm_list == DETECT_SM_LIST_HRHDMATCH) { if (s->flags & SIG_FLAG_TOSERVER) mpm_ctx_ts = sgh->mpm_hrhd_ctx_ts; if (s->flags & SIG_FLAG_TOCLIENT) mpm_ctx_tc = sgh->mpm_hrhd_ctx_tc; sgh_flags = SIG_GROUP_HEAD_MPM_HRHD; - sig_flags |= SIG_FLAG_MPM_HTTP; + sig_flags |= SIG_FLAG_MPM_APPLAYER; if (cd->flags & DETECT_CONTENT_NEGATED) - sig_flags |= SIG_FLAG_MPM_HTTP_NEG; + sig_flags |= SIG_FLAG_MPM_APPLAYER_NEG; } else if (sm_list == DETECT_SM_LIST_HMDMATCH) { if (s->flags & SIG_FLAG_TOSERVER) mpm_ctx_ts = sgh->mpm_hmd_ctx_ts; if (s->flags & SIG_FLAG_TOCLIENT) mpm_ctx_tc = sgh->mpm_hmd_ctx_tc; sgh_flags = SIG_GROUP_HEAD_MPM_HMD; - sig_flags |= SIG_FLAG_MPM_HTTP; + sig_flags |= SIG_FLAG_MPM_APPLAYER; if (cd->flags & DETECT_CONTENT_NEGATED) - sig_flags |= SIG_FLAG_MPM_HTTP_NEG; + sig_flags |= SIG_FLAG_MPM_APPLAYER_NEG; } else if (sm_list == DETECT_SM_LIST_HCDMATCH) { if (s->flags & SIG_FLAG_TOSERVER) mpm_ctx_ts = sgh->mpm_hcd_ctx_ts; if (s->flags & SIG_FLAG_TOCLIENT) mpm_ctx_tc = sgh->mpm_hcd_ctx_tc; sgh_flags = SIG_GROUP_HEAD_MPM_HCD; - sig_flags |= SIG_FLAG_MPM_HTTP; + sig_flags |= SIG_FLAG_MPM_APPLAYER; if (cd->flags & DETECT_CONTENT_NEGATED) - sig_flags |= SIG_FLAG_MPM_HTTP_NEG; + sig_flags |= SIG_FLAG_MPM_APPLAYER_NEG; } else if (sm_list == DETECT_SM_LIST_HRUDMATCH) { if (s->flags & SIG_FLAG_TOSERVER) mpm_ctx_ts = sgh->mpm_hrud_ctx_ts; if (s->flags & SIG_FLAG_TOCLIENT) mpm_ctx_tc = sgh->mpm_hrud_ctx_tc; sgh_flags = SIG_GROUP_HEAD_MPM_HRUD; - sig_flags |= SIG_FLAG_MPM_HTTP; + sig_flags |= SIG_FLAG_MPM_APPLAYER; if (cd->flags & DETECT_CONTENT_NEGATED) - sig_flags |= SIG_FLAG_MPM_HTTP_NEG; + sig_flags |= SIG_FLAG_MPM_APPLAYER_NEG; } else if (sm_list == DETECT_SM_LIST_HSMDMATCH) { if (s->flags & SIG_FLAG_TOSERVER) mpm_ctx_ts = sgh->mpm_hsmd_ctx_ts; if (s->flags & SIG_FLAG_TOCLIENT) mpm_ctx_tc = sgh->mpm_hsmd_ctx_tc; sgh_flags = SIG_GROUP_HEAD_MPM_HSMD; - sig_flags |= SIG_FLAG_MPM_HTTP; + sig_flags |= SIG_FLAG_MPM_APPLAYER; if (cd->flags & DETECT_CONTENT_NEGATED) - sig_flags |= SIG_FLAG_MPM_HTTP_NEG; + sig_flags |= SIG_FLAG_MPM_APPLAYER_NEG; } else if (sm_list == DETECT_SM_LIST_HSCDMATCH) { if (s->flags & SIG_FLAG_TOSERVER) mpm_ctx_ts = sgh->mpm_hscd_ctx_ts; if (s->flags & SIG_FLAG_TOCLIENT) mpm_ctx_tc = sgh->mpm_hscd_ctx_tc; sgh_flags = SIG_GROUP_HEAD_MPM_HSCD; - sig_flags |= SIG_FLAG_MPM_HTTP; + sig_flags |= SIG_FLAG_MPM_APPLAYER; if (cd->flags & DETECT_CONTENT_NEGATED) - sig_flags |= SIG_FLAG_MPM_HTTP_NEG; + sig_flags |= SIG_FLAG_MPM_APPLAYER_NEG; } else if (sm_list == DETECT_SM_LIST_HUADMATCH) { if (s->flags & SIG_FLAG_TOSERVER) mpm_ctx_ts = sgh->mpm_huad_ctx_ts; if (s->flags & SIG_FLAG_TOCLIENT) mpm_ctx_tc = sgh->mpm_huad_ctx_tc; sgh_flags = SIG_GROUP_HEAD_MPM_HUAD; - sig_flags |= SIG_FLAG_MPM_HTTP; + sig_flags |= SIG_FLAG_MPM_APPLAYER; if (cd->flags & DETECT_CONTENT_NEGATED) - sig_flags |= SIG_FLAG_MPM_HTTP_NEG; + sig_flags |= SIG_FLAG_MPM_APPLAYER_NEG; } else if (sm_list == DETECT_SM_LIST_HHHDMATCH) { if (s->flags & SIG_FLAG_TOSERVER) mpm_ctx_ts = sgh->mpm_hhhd_ctx_ts; if (s->flags & SIG_FLAG_TOCLIENT) mpm_ctx_tc = sgh->mpm_hhhd_ctx_tc; sgh_flags = SIG_GROUP_HEAD_MPM_HHHD; - sig_flags |= SIG_FLAG_MPM_HTTP; + sig_flags |= SIG_FLAG_MPM_APPLAYER; if (cd->flags & DETECT_CONTENT_NEGATED) - sig_flags |= SIG_FLAG_MPM_HTTP_NEG; + sig_flags |= SIG_FLAG_MPM_APPLAYER_NEG; } else if (sm_list == DETECT_SM_LIST_HRHHDMATCH) { if (s->flags & SIG_FLAG_TOSERVER) mpm_ctx_ts = sgh->mpm_hrhhd_ctx_ts; if (s->flags & SIG_FLAG_TOCLIENT) mpm_ctx_tc = sgh->mpm_hrhhd_ctx_tc; sgh_flags = SIG_GROUP_HEAD_MPM_HRHHD; - sig_flags |= SIG_FLAG_MPM_HTTP; + sig_flags |= SIG_FLAG_MPM_APPLAYER; if (cd->flags & DETECT_CONTENT_NEGATED) - sig_flags |= SIG_FLAG_MPM_HTTP_NEG; + sig_flags |= SIG_FLAG_MPM_APPLAYER_NEG; } else if (sm_list == DETECT_SM_LIST_DNSQUERY_MATCH) { if (s->flags & SIG_FLAG_TOSERVER) mpm_ctx_ts = sgh->mpm_dnsquery_ctx_ts; if (s->flags & SIG_FLAG_TOCLIENT) mpm_ctx_tc = NULL; sgh_flags = SIG_GROUP_HEAD_MPM_DNSQUERY; - sig_flags |= SIG_FLAG_MPM_DNS; + sig_flags |= SIG_FLAG_MPM_APPLAYER; if (cd->flags & DETECT_CONTENT_NEGATED) - sig_flags |= SIG_FLAG_MPM_DNS_NEG; + sig_flags |= SIG_FLAG_MPM_APPLAYER_NEG; } if (cd->flags & DETECT_CONTENT_FAST_PATTERN_CHOP) { diff --git a/src/detect.c b/src/detect.c index a54698f742..cd1e23d8e3 100644 --- a/src/detect.c +++ b/src/detect.c @@ -528,7 +528,7 @@ static inline int SigMatchSignaturesBuildMatchArrayAddSignature(DetectEngineThre } /* check for a pattern match of the one pattern in this sig. */ - if (likely(s->flags & (SIG_FLAG_MPM_PACKET|SIG_FLAG_MPM_STREAM|SIG_FLAG_MPM_HTTP|SIG_FLAG_MPM_DNS))) + if (likely(s->flags & (SIG_FLAG_MPM_PACKET|SIG_FLAG_MPM_STREAM|SIG_FLAG_MPM_APPLAYER))) { /* filter out sigs that want pattern matches, but * have no matches */ @@ -543,12 +543,8 @@ static inline int SigMatchSignaturesBuildMatchArrayAddSignature(DetectEngineThre if (!(s->flags & SIG_FLAG_MPM_STREAM_NEG)) { return 0; } - } else if (s->flags & SIG_FLAG_MPM_HTTP) { - if (!(s->flags & SIG_FLAG_MPM_HTTP_NEG)) { - return 0; - } - } else if (s->flags & SIG_FLAG_MPM_DNS) { - if (!(s->flags & SIG_FLAG_MPM_DNS_NEG)) { + } else if (s->flags & SIG_FLAG_MPM_APPLAYER) { + if (!(s->flags & SIG_FLAG_MPM_APPLAYER_NEG)) { return 0; } } diff --git a/src/detect.h b/src/detect.h index f7263318b1..3a7750a408 100644 --- a/src/detect.h +++ b/src/detect.h @@ -259,8 +259,8 @@ typedef struct DetectPort_ { #define SIG_FLAG_MPM_PACKET_NEG (1<<12) #define SIG_FLAG_MPM_STREAM (1<<13) #define SIG_FLAG_MPM_STREAM_NEG (1<<14) -#define SIG_FLAG_MPM_HTTP (1<<15) -#define SIG_FLAG_MPM_HTTP_NEG (1<<16) +#define SIG_FLAG_MPM_APPLAYER (1<<15) +#define SIG_FLAG_MPM_APPLAYER_NEG (1<<16) #define SIG_FLAG_REQUIRE_FLOWVAR (1<<17) /**< signature can only match if a flowbit, flowvar or flowint is available. */ @@ -271,9 +271,6 @@ typedef struct DetectPort_ { #define SIG_FLAG_TLSSTORE (1<<21) -#define SIG_FLAG_MPM_DNS (1<<22) -#define SIG_FLAG_MPM_DNS_NEG (1<<23) - /* signature init flags */ #define SIG_FLAG_INIT_DEONLY 1 /**< decode event only signature */ #define SIG_FLAG_INIT_PACKET (1<<1) /**< signature has matches against a packet (as opposed to app layer) */