diff --git a/doc/userguide/devguide/extending/app-layer/transactions.rst b/doc/userguide/devguide/extending/app-layer/transactions.rst index 357bdcd76d73..1105aad97128 100644 --- a/doc/userguide/devguide/extending/app-layer/transactions.rst +++ b/doc/userguide/devguide/extending/app-layer/transactions.rst @@ -68,7 +68,7 @@ Rule Matching Transaction progress is also used for certain keywords to know what is the minimum state before we can expect a match: until that, Suricata won't even try to look for the patterns. -As seen in ``DetectAppLayerMpmRegister2`` that has ``int progress`` as parameter, and ``DetectAppLayerInspectEngineRegister2``, which expects ``int tx_min_progress``, for instance. In the code snippet, +As seen in ``DetectAppLayerMpmRegister`` that has ``int progress`` as parameter, and ``DetectAppLayerInspectEngineRegister``, which expects ``int tx_min_progress``, for instance. In the code snippet, ``HTTP2StateDataClient``, ``HTTP2StateDataServer`` and ``0`` are the values passed to the functions - in the last example, for ``FTPDATA``, the existence of a transaction implies that a file is being transferred. Hence the ``0`` value. @@ -80,18 +80,18 @@ the existence of a transaction implies that a file is being transferred. Hence t { . . - DetectAppLayerMpmRegister2("file_data", SIG_FLAG_TOSERVER, 2, + DetectAppLayerMpmRegister("file_data", SIG_FLAG_TOSERVER, 2, PrefilterMpmFiledataRegister, NULL, ALPROTO_HTTP2, HTTP2StateDataClient); - DetectAppLayerMpmRegister2("file_data", SIG_FLAG_TOCLIENT, 2, + DetectAppLayerMpmRegister("file_data", SIG_FLAG_TOCLIENT, 2, PrefilterMpmFiledataRegister, NULL, ALPROTO_HTTP2, HTTP2StateDataServer); . . - DetectAppLayerInspectEngineRegister2("file_data", + DetectAppLayerInspectEngineRegister("file_data", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectFiledata, NULL); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "file_data", ALPROTO_FTPDATA, SIG_FLAG_TOSERVER, 0, DetectEngineInspectFiledata, NULL); . . diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs index 382c76ae59b5..0fb702b1de93 100644 --- a/rust/src/dns/dns.rs +++ b/rust/src/dns/dns.rs @@ -881,6 +881,24 @@ pub unsafe extern "C" fn rs_dns_tx_get_query_name( return 0; } +/// Get the DNS response answer name and index i. +#[no_mangle] +pub unsafe extern "C" fn SCDnsTxGetAnswerName( + tx: &mut DNSTransaction, i: u32, buf: *mut *const u8, len: *mut u32, +) -> bool { + let index = i as usize; + if let Some(response) = &tx.response { + if let Some(name) = response.answers.get(index).map(|answer| &answer.name) { + if !name.is_empty() { + *buf = name.as_ptr(); + *len = name.len() as u32; + return true; + } + } + } + false +} + /// Get the DNS transaction ID of a transaction. // /// extern uint16_t rs_dns_tx_get_tx_id(RSDNSTransaction *); diff --git a/src/Makefile.am b/src/Makefile.am index 48a5ce850ce2..0114389a2062 100755 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -121,6 +121,7 @@ noinst_HEADERS = \ detect-detection-filter.h \ detect-distance.h \ detect-dnp3.h \ + detect-dns-answer-name.h \ detect-dns-opcode.h \ detect-dns-query.h \ detect-dsize.h \ @@ -732,6 +733,7 @@ libsuricata_c_a_SOURCES = \ detect-detection-filter.c \ detect-distance.c \ detect-dnp3.c \ + detect-dns-answer-name.c \ detect-dns-opcode.c \ detect-dns-query.c \ detect-dsize.c \ diff --git a/src/detect-app-layer-event.c b/src/detect-app-layer-event.c index bf306d363d39..aa65e368a77b 100644 --- a/src/detect-app-layer-event.c +++ b/src/detect-app-layer-event.c @@ -78,9 +78,9 @@ void DetectAppLayerEventRegister(void) sigmatch_table[DETECT_AL_APP_LAYER_EVENT].Setup = DetectAppLayerEventSetup; sigmatch_table[DETECT_AL_APP_LAYER_EVENT].Free = DetectAppLayerEventFree; - DetectAppLayerInspectEngineRegister2("app-layer-events", ALPROTO_UNKNOWN, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("app-layer-events", ALPROTO_UNKNOWN, SIG_FLAG_TOSERVER, 0, DetectEngineAptEventInspect, NULL); - DetectAppLayerInspectEngineRegister2("app-layer-events", ALPROTO_UNKNOWN, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("app-layer-events", ALPROTO_UNKNOWN, SIG_FLAG_TOCLIENT, 0, DetectEngineAptEventInspect, NULL); g_applayer_events_list_id = DetectBufferTypeGetByName("app-layer-events"); diff --git a/src/detect-cipservice.c b/src/detect-cipservice.c index 00b9a75ca099..280475df17ac 100644 --- a/src/detect-cipservice.c +++ b/src/detect-cipservice.c @@ -63,9 +63,9 @@ void DetectCipServiceRegister(void) sigmatch_table[DETECT_CIPSERVICE].RegisterTests = DetectCipServiceRegisterTests; #endif - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "cip", ALPROTO_ENIP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectCIP, NULL); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "cip", ALPROTO_ENIP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectCIP, NULL); g_cip_buffer_id = DetectBufferTypeGetByName("cip"); @@ -316,9 +316,9 @@ void DetectEnipCommandRegister(void) sigmatch_table[DETECT_ENIPCOMMAND].RegisterTests = DetectEnipCommandRegisterTests; #endif - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "enip", ALPROTO_ENIP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectENIP, NULL); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "enip", ALPROTO_ENIP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectENIP, NULL); g_enip_buffer_id = DetectBufferTypeGetByName("enip"); diff --git a/src/detect-dce-iface.c b/src/detect-dce-iface.c index 844e7bc1499a..d832f4ca91b3 100644 --- a/src/detect-dce-iface.c +++ b/src/detect-dce-iface.c @@ -80,14 +80,14 @@ void DetectDceIfaceRegister(void) g_dce_generic_list_id = DetectBufferTypeRegister("dce_generic"); - DetectAppLayerInspectEngineRegister2("dce_generic", ALPROTO_DCERPC, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("dce_generic", ALPROTO_DCERPC, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "dce_generic", ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("dce_generic", ALPROTO_DCERPC, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("dce_generic", ALPROTO_DCERPC, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "dce_generic", ALPROTO_SMB, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); } diff --git a/src/detect-dce-stub-data.c b/src/detect-dce-stub-data.c index 50d0387b0758..5d919e084e64 100644 --- a/src/detect-dce-stub-data.c +++ b/src/detect-dce-stub-data.c @@ -125,35 +125,23 @@ void DetectDceStubDataRegister(void) #endif sigmatch_table[DETECT_DCE_STUB_DATA].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, - DetectEngineInspectBufferGeneric, - GetSMBData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetSMBData, - ALPROTO_SMB, 0); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_SMB, SIG_FLAG_TOCLIENT, 0, - DetectEngineInspectBufferGeneric, - GetSMBData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetSMBData, - ALPROTO_SMB, 0); - - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_DCERPC, SIG_FLAG_TOSERVER, 0, - DetectEngineInspectBufferGeneric, - GetDCEData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetDCEData, - ALPROTO_DCERPC, 0); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_DCERPC, SIG_FLAG_TOCLIENT, 0, - DetectEngineInspectBufferGeneric, - GetDCEData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetDCEData, - ALPROTO_DCERPC, 0); + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, + DetectEngineInspectBufferGeneric, GetSMBData); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetSMBData, ALPROTO_SMB, 0); + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SMB, SIG_FLAG_TOCLIENT, 0, + DetectEngineInspectBufferGeneric, GetSMBData); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetSMBData, ALPROTO_SMB, 0); + + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_DCERPC, SIG_FLAG_TOSERVER, 0, + DetectEngineInspectBufferGeneric, GetDCEData); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetDCEData, ALPROTO_DCERPC, 0); + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_DCERPC, SIG_FLAG_TOCLIENT, 0, + DetectEngineInspectBufferGeneric, GetDCEData); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetDCEData, ALPROTO_DCERPC, 0); g_dce_stub_data_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME); } diff --git a/src/detect-dhcp-leasetime.c b/src/detect-dhcp-leasetime.c index dfa2c193302f..a238680d7574 100644 --- a/src/detect-dhcp-leasetime.c +++ b/src/detect-dhcp-leasetime.c @@ -120,10 +120,10 @@ void DetectDHCPLeaseTimeRegister(void) sigmatch_table[DETECT_AL_DHCP_LEASETIME].Setup = DetectDHCPLeaseTimeSetup; sigmatch_table[DETECT_AL_DHCP_LEASETIME].Free = DetectDHCPLeaseTimeFree; - DetectAppLayerInspectEngineRegister2("dhcp.leasetime", ALPROTO_DHCP, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("dhcp.leasetime", ALPROTO_DHCP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("dhcp.leasetime", ALPROTO_DHCP, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("dhcp.leasetime", ALPROTO_DHCP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); g_buffer_id = DetectBufferTypeGetByName("dhcp.leasetime"); diff --git a/src/detect-dhcp-rebinding-time.c b/src/detect-dhcp-rebinding-time.c index 3d63427eacb1..f1ff16da739d 100644 --- a/src/detect-dhcp-rebinding-time.c +++ b/src/detect-dhcp-rebinding-time.c @@ -121,10 +121,10 @@ void DetectDHCPRebindingTimeRegister(void) sigmatch_table[DETECT_AL_DHCP_REBINDING_TIME].Setup = DetectDHCPRebindingTimeSetup; sigmatch_table[DETECT_AL_DHCP_REBINDING_TIME].Free = DetectDHCPRebindingTimeFree; - DetectAppLayerInspectEngineRegister2("dhcp.rebinding-time", ALPROTO_DHCP, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("dhcp.rebinding-time", ALPROTO_DHCP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("dhcp.rebinding-time", ALPROTO_DHCP, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("dhcp.rebinding-time", ALPROTO_DHCP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); g_buffer_id = DetectBufferTypeGetByName("dhcp.rebinding-time"); diff --git a/src/detect-dhcp-renewal-time.c b/src/detect-dhcp-renewal-time.c index 9a38555a0d28..766b56815782 100644 --- a/src/detect-dhcp-renewal-time.c +++ b/src/detect-dhcp-renewal-time.c @@ -120,10 +120,10 @@ void DetectDHCPRenewalTimeRegister(void) sigmatch_table[DETECT_AL_DHCP_RENEWAL_TIME].Setup = DetectDHCPRenewalTimeSetup; sigmatch_table[DETECT_AL_DHCP_RENEWAL_TIME].Free = DetectDHCPRenewalTimeFree; - DetectAppLayerInspectEngineRegister2("dhcp.renewal-time", ALPROTO_DHCP, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("dhcp.renewal-time", ALPROTO_DHCP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("dhcp.renewal-time", ALPROTO_DHCP, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("dhcp.renewal-time", ALPROTO_DHCP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); g_buffer_id = DetectBufferTypeGetByName("dhcp.renewal-time"); diff --git a/src/detect-dnp3.c b/src/detect-dnp3.c index 208dec7c3a29..4e4db82d44a5 100644 --- a/src/detect-dnp3.c +++ b/src/detect-dnp3.c @@ -551,21 +551,15 @@ static void DetectDNP3DataRegister(void) sigmatch_table[DETECT_AL_DNP3DATA].Setup = DetectDNP3DataSetup; sigmatch_table[DETECT_AL_DNP3DATA].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("dnp3_data", - ALPROTO_DNP3, SIG_FLAG_TOSERVER, 0, - DetectEngineInspectBufferGeneric, - GetDNP3Data); - DetectAppLayerMpmRegister2("dnp3_data", SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetDNP3Data, - ALPROTO_DNP3, 0); - - DetectAppLayerInspectEngineRegister2("dnp3_data", - ALPROTO_DNP3, SIG_FLAG_TOCLIENT, 0, - DetectEngineInspectBufferGeneric, - GetDNP3Data); - DetectAppLayerMpmRegister2("dnp3_data", SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetDNP3Data, - ALPROTO_DNP3, 0); + DetectAppLayerInspectEngineRegister("dnp3_data", ALPROTO_DNP3, SIG_FLAG_TOSERVER, 0, + DetectEngineInspectBufferGeneric, GetDNP3Data); + DetectAppLayerMpmRegister("dnp3_data", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetDNP3Data, ALPROTO_DNP3, 0); + + DetectAppLayerInspectEngineRegister("dnp3_data", ALPROTO_DNP3, SIG_FLAG_TOCLIENT, 0, + DetectEngineInspectBufferGeneric, GetDNP3Data); + DetectAppLayerMpmRegister("dnp3_data", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetDNP3Data, ALPROTO_DNP3, 0); g_dnp3_data_buffer_id = DetectBufferTypeGetByName("dnp3_data"); SCReturn; @@ -580,9 +574,9 @@ void DetectDNP3Register(void) DetectDNP3ObjRegister(); /* Register the list of func, ind and obj. */ - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "dnp3", ALPROTO_DNP3, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "dnp3", ALPROTO_DNP3, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); g_dnp3_match_buffer_id = DetectBufferTypeRegister("dnp3"); diff --git a/src/detect-dns-answer-name.c b/src/detect-dns-answer-name.c new file mode 100644 index 000000000000..cb013ec2ec7a --- /dev/null +++ b/src/detect-dns-answer-name.c @@ -0,0 +1,173 @@ +/* Copyright (C) 2023 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * Detect keyword for DNS answer rdata: dns.response.answer.rdata + */ + +#include "detect.h" +#include "detect-parse.h" +#include "detect-engine.h" +#include "detect-engine-prefilter.h" +#include "detect-engine-content-inspection.h" +#include "detect-dns-answer-name.h" +#include "util-profiling.h" +#include "rust.h" + +static int DetectSetup(DetectEngineCtx *, Signature *, const char *); +static uint8_t DetectEngineInspectCb(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, + const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, + uint8_t flags, void *alstate, void *txv, uint64_t tx_id); +static int PrefilterMpmRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, + const DetectBufferMpmRegistry *mpm_reg, int list_id); + +static int dns_response_answer_name_id = 0; + +void DetectDnsResponseAnswerNameRegister(void) +{ + static const char *keyword = "dns.response.answer.name"; + sigmatch_table[DETECT_AL_DNS_RESPONSE_ANSWER_NAME].name = keyword; + sigmatch_table[DETECT_AL_DNS_RESPONSE_ANSWER_NAME].desc = "DNS answer name sticky buffer"; + sigmatch_table[DETECT_AL_DNS_RESPONSE_ANSWER_NAME].Setup = DetectSetup; + sigmatch_table[DETECT_AL_DNS_RESPONSE_ANSWER_NAME].flags |= SIGMATCH_NOOPT; + sigmatch_table[DETECT_AL_DNS_RESPONSE_ANSWER_NAME].flags |= SIGMATCH_INFO_STICKY_BUFFER; + + DetectAppLayerMpmRegister( + keyword, SIG_FLAG_TOCLIENT, 2, PrefilterMpmRegister, NULL, ALPROTO_DNS, 1); + + /* register inspect engines */ + DetectAppLayerInspectEngineRegister( + keyword, ALPROTO_DNS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectCb, NULL); + + DetectBufferTypeSetDescriptionByName(keyword, "dns response answer name"); + DetectBufferTypeSupportsMultiInstance(keyword); + + dns_response_answer_name_id = DetectBufferTypeGetByName(keyword); +} + +static int DetectSetup(DetectEngineCtx *de_ctx, Signature *s, const char *str) +{ + s->init_data->list = dns_response_answer_name_id; + + if (DetectSignatureSetAppProto(s, ALPROTO_DNS) != 0) + return -1; + + return 0; +} + +static InspectionBuffer *GetBuffer(DetectEngineThreadCtx *det_ctx, + const DetectEngineTransforms *transforms, void *txv, uint32_t index, int list_id) +{ + InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, index); + if (buffer == NULL) { + return NULL; + } + if (buffer->initialized) { + return buffer; + } + + const uint8_t *data = NULL; + uint32_t data_len = 0; + + if (!SCDnsTxGetAnswerName(txv, index, &data, &data_len)) { + InspectionBufferSetupMultiEmpty(buffer); + return NULL; + } else { + InspectionBufferSetupMulti(buffer, transforms, data, data_len); + return buffer; + } +} + +static uint8_t DetectEngineInspectCb(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, + const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, + uint8_t flags, void *alstate, void *txv, uint64_t tx_id) +{ + const DetectEngineTransforms *transforms = NULL; + if (!engine->mpm) { + transforms = engine->v2.transforms; + } + + for (uint32_t i = 0;; i++) { + InspectionBuffer *buffer = GetBuffer(det_ctx, transforms, txv, i, engine->sm_list); + if (buffer == NULL || buffer->inspect == NULL) { + break; + } + + det_ctx->buffer_offset = 0; + det_ctx->discontinue_matching = 0; + det_ctx->inspection_recursion_counter = 0; + + const int match = DetectEngineContentInspection(de_ctx, det_ctx, s, engine->smd, NULL, f, + (uint8_t *)buffer->inspect, buffer->inspect_len, buffer->inspect_offset, + DETECT_CI_FLAGS_SINGLE, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE); + if (match == 1) { + return DETECT_ENGINE_INSPECT_SIG_MATCH; + } + } + + return DETECT_ENGINE_INSPECT_SIG_NO_MATCH; +} + +typedef struct PrefilterMpm { + int list_id; + const MpmCtx *mpm_ctx; + const DetectEngineTransforms *transforms; +} PrefilterMpm; + +static void PrefilterTx(DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p, Flow *f, + void *txv, const uint64_t idx, const AppLayerTxData *_txd, const uint8_t flags) +{ + SCEnter(); + + const PrefilterMpm *ctx = (const PrefilterMpm *)pectx; + const MpmCtx *mpm_ctx = ctx->mpm_ctx; + const int list_id = ctx->list_id; + + for (uint32_t i = 0;; i++) { + InspectionBuffer *buffer = GetBuffer(det_ctx, ctx->transforms, txv, i, list_id); + if (buffer == NULL) { + break; + } + + if (buffer->inspect_len >= mpm_ctx->minlen) { + (void)mpm_table[mpm_ctx->mpm_type].Search( + mpm_ctx, &det_ctx->mtcu, &det_ctx->pmq, buffer->inspect, buffer->inspect_len); + PREFILTER_PROFILING_ADD_BYTES(det_ctx, buffer->inspect_len); + } + } +} + +static void PrefilterMpmFree(void *ptr) +{ + SCFree(ptr); +} + +static int PrefilterMpmRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, + const DetectBufferMpmRegistry *mpm_reg, int list_id) +{ + PrefilterMpm *pectx = SCCalloc(1, sizeof(*pectx)); + if (pectx == NULL) + return -1; + pectx->list_id = list_id; + pectx->mpm_ctx = mpm_ctx; + pectx->transforms = &mpm_reg->transforms; + + return PrefilterAppendTxEngine(de_ctx, sgh, PrefilterTx, mpm_reg->app_v2.alproto, + mpm_reg->app_v2.tx_min_progress, pectx, PrefilterMpmFree, mpm_reg->pname); +} diff --git a/src/detect-dns-answer-name.h b/src/detect-dns-answer-name.h new file mode 100644 index 000000000000..bd26b82eb75e --- /dev/null +++ b/src/detect-dns-answer-name.h @@ -0,0 +1,29 @@ +/* Copyright (C) 2023 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * \author FirstName LastName + */ + +#ifndef __DETECT_DNS_ANSWER_RDATA_H__ +#define __DETECT_DNS_ANSWER_RDATA_H__ + +void DetectDnsResponseAnswerNameRegister(void); + +#endif /* __DETECT_DNS_ANSWER_RDATA_H__ */ diff --git a/src/detect-dns-opcode.c b/src/detect-dns-opcode.c index 4c69753a83e0..ab9c21ec3d68 100644 --- a/src/detect-dns-opcode.c +++ b/src/detect-dns-opcode.c @@ -83,10 +83,10 @@ void DetectDnsOpcodeRegister(void) sigmatch_table[DETECT_AL_DNS_OPCODE].AppLayerTxMatch = DetectDnsOpcodeMatch; - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "dns.opcode", ALPROTO_DNS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "dns.opcode", ALPROTO_DNS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); dns_opcode_list_id = DetectBufferTypeGetByName("dns.opcode"); diff --git a/src/detect-dns-query.c b/src/detect-dns-query.c index 354c4f834411..af0bc750ed56 100644 --- a/src/detect-dns-query.c +++ b/src/detect-dns-query.c @@ -211,13 +211,11 @@ void DetectDnsQueryRegister (void) sigmatch_table[DETECT_AL_DNS_QUERY].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_DNS_QUERY].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerMpmRegister2("dns_query", SIG_FLAG_TOSERVER, 2, - PrefilterMpmDnsQueryRegister, NULL, - ALPROTO_DNS, 1); + DetectAppLayerMpmRegister( + "dns_query", SIG_FLAG_TOSERVER, 2, PrefilterMpmDnsQueryRegister, NULL, ALPROTO_DNS, 1); - DetectAppLayerInspectEngineRegister2("dns_query", - ALPROTO_DNS, SIG_FLAG_TOSERVER, 1, - DetectEngineInspectDnsQuery, NULL); + DetectAppLayerInspectEngineRegister( + "dns_query", ALPROTO_DNS, SIG_FLAG_TOSERVER, 1, DetectEngineInspectDnsQuery, NULL); DetectBufferTypeSetDescriptionByName("dns_query", "dns request query"); @@ -227,9 +225,9 @@ void DetectDnsQueryRegister (void) #ifdef HAVE_LUA /* register these generic engines from here for now */ - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "dns_request", ALPROTO_DNS, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("dns_response", ALPROTO_DNS, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister("dns_response", ALPROTO_DNS, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectGenericList, NULL); DetectBufferTypeSetDescriptionByName("dns_request", diff --git a/src/detect-engine-mpm.c b/src/detect-engine-mpm.c index f091a3dadaa0..0d26ba9ab3ee 100644 --- a/src/detect-engine-mpm.c +++ b/src/detect-engine-mpm.c @@ -86,7 +86,7 @@ static int g_mpm_list_cnt[DETECT_BUFFER_MPM_TYPE_SIZE] = { 0, 0, 0 }; * * \note to be used at start up / registration only. Errors are fatal. */ -void DetectAppLayerMpmRegister2(const char *name, int direction, int priority, +void DetectAppLayerMpmRegister(const char *name, int direction, int priority, PrefilterRegisterFunc PrefilterRegister, InspectionBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress) { diff --git a/src/detect-engine-mpm.h b/src/detect-engine-mpm.h index adb40297190f..b05f86e43eb1 100644 --- a/src/detect-engine-mpm.h +++ b/src/detect-engine-mpm.h @@ -90,7 +90,7 @@ typedef int (*PrefilterRegisterFunc)(DetectEngineCtx *de_ctx, SigGroupHead *sgh, * \note direction must be set to either toserver or toclient. * If both are needed, register the keyword twice. */ -void DetectAppLayerMpmRegister2(const char *name, int direction, int priority, +void DetectAppLayerMpmRegister(const char *name, int direction, int priority, PrefilterRegisterFunc PrefilterRegister, InspectionBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress); void DetectAppLayerMpmRegisterByParentId( diff --git a/src/detect-engine-register.c b/src/detect-engine-register.c index df6e4a738ffc..6f9c43614a38 100644 --- a/src/detect-engine-register.c +++ b/src/detect-engine-register.c @@ -47,6 +47,7 @@ #include "detect-engine-dcepayload.h" #include "detect-dns-opcode.h" #include "detect-dns-query.h" +#include "detect-dns-answer-name.h" #include "detect-tls-sni.h" #include "detect-tls-certs.h" #include "detect-tls-cert-fingerprint.h" @@ -511,6 +512,7 @@ void SigTableSetup(void) DetectDnsQueryRegister(); DetectDnsOpcodeRegister(); + DetectDnsResponseAnswerNameRegister(); DetectModbusRegister(); DetectCipServiceRegister(); DetectEnipCommandRegister(); diff --git a/src/detect-engine-register.h b/src/detect-engine-register.h index 7d6c457ef9b0..1ee5f948ce8e 100644 --- a/src/detect-engine-register.h +++ b/src/detect-engine-register.h @@ -223,6 +223,7 @@ enum DetectKeywordId { DETECT_AL_DNS_QUERY, DETECT_AL_DNS_OPCODE, + DETECT_AL_DNS_RESPONSE_ANSWER_NAME, DETECT_AL_TLS_SNI, DETECT_AL_TLS_CERTS, DETECT_AL_TLS_CERT_ISSUER, diff --git a/src/detect-engine.c b/src/detect-engine.c index d8f9f1880e56..9355315ce500 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -213,10 +213,8 @@ void DetectFrameInspectEngineRegister(const char *name, int dir, /** \brief register inspect engine at start up time * * \note errors are fatal */ -void DetectAppLayerInspectEngineRegister2(const char *name, - AppProto alproto, uint32_t dir, int progress, - InspectEngineFuncPtr2 Callback2, - InspectionBufferGetDataPtr GetData) +void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, + int progress, InspectEngineFuncPtr2 Callback2, InspectionBufferGetDataPtr GetData) { BUG_ON(progress >= 48); diff --git a/src/detect-engine.h b/src/detect-engine.h index a1732b16a993..997d3c061883 100644 --- a/src/detect-engine.h +++ b/src/detect-engine.h @@ -161,10 +161,8 @@ int DetectEngineInspectPktBufferGeneric( * \param progress Minimal progress value for inspect engine to run * \param Callback The engine callback. */ -void DetectAppLayerInspectEngineRegister2(const char *name, - AppProto alproto, uint32_t dir, int progress, - InspectEngineFuncPtr2 Callback2, - InspectionBufferGetDataPtr GetData); +void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, + int progress, InspectEngineFuncPtr2 Callback2, InspectionBufferGetDataPtr GetData); void DetectPktInspectEngineRegister(const char *name, InspectionBufferGetPktDataPtr GetPktData, diff --git a/src/detect-ftpbounce.c b/src/detect-ftpbounce.c index 318f72cf3b58..afac0197b23f 100644 --- a/src/detect-ftpbounce.c +++ b/src/detect-ftpbounce.c @@ -69,7 +69,7 @@ void DetectFtpbounceRegister(void) g_ftp_request_list_id = DetectBufferTypeRegister("ftp_request"); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "ftp_request", ALPROTO_FTP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); } diff --git a/src/detect-ftpdata.c b/src/detect-ftpdata.c index c07847dff3f8..c05bcd7443cc 100644 --- a/src/detect-ftpdata.c +++ b/src/detect-ftpdata.c @@ -73,10 +73,10 @@ void DetectFtpdataRegister(void) { #ifdef UNITTESTS sigmatch_table[DETECT_FTPDATA].RegisterTests = DetectFtpdataRegisterTests; #endif - DetectAppLayerInspectEngineRegister2("ftpdata_command", ALPROTO_FTPDATA, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("ftpdata_command", ALPROTO_FTPDATA, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("ftpdata_command", ALPROTO_FTPDATA, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("ftpdata_command", ALPROTO_FTPDATA, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); g_ftpdata_buffer_id = DetectBufferTypeGetByName("ftpdata_command"); diff --git a/src/detect-http-client-body.c b/src/detect-http-client-body.c index 41b2552e9b99..266a4697fcab 100644 --- a/src/detect-http-client-body.c +++ b/src/detect-http-client-body.c @@ -103,15 +103,15 @@ void DetectHttpClientBodyRegister(void) sigmatch_table[DETECT_HTTP_REQUEST_BODY].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_HTTP_REQUEST_BODY].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_client_body", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_client_body", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_BODY, DetectEngineInspectBufferHttpBody, NULL); - DetectAppLayerMpmRegister2("http_client_body", SIG_FLAG_TOSERVER, 2, + DetectAppLayerMpmRegister("http_client_body", SIG_FLAG_TOSERVER, 2, PrefilterMpmHttpRequestBodyRegister, NULL, ALPROTO_HTTP1, HTP_REQUEST_BODY); - DetectAppLayerInspectEngineRegister2("http_client_body", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_client_body", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectFiledata, NULL); - DetectAppLayerMpmRegister2("http_client_body", SIG_FLAG_TOSERVER, 2, + DetectAppLayerMpmRegister("http_client_body", SIG_FLAG_TOSERVER, 2, PrefilterMpmFiledataRegister, NULL, ALPROTO_HTTP2, HTTP2StateDataClient); DetectBufferTypeSetDescriptionByName("http_client_body", diff --git a/src/detect-http-cookie.c b/src/detect-http-cookie.c index e2754138fd44..b10b8fa81e4d 100644 --- a/src/detect-http-cookie.c +++ b/src/detect-http-cookie.c @@ -106,24 +106,24 @@ void DetectHttpCookieRegister(void) sigmatch_table[DETECT_HTTP_COOKIE].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_HTTP_COOKIE].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_cookie", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_cookie", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetRequestData); - DetectAppLayerInspectEngineRegister2("http_cookie", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_cookie", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetResponseData); - DetectAppLayerMpmRegister2("http_cookie", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_cookie", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRequestData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); - DetectAppLayerMpmRegister2("http_cookie", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_cookie", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetResponseData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); - DetectAppLayerInspectEngineRegister2("http_cookie", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_cookie", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetRequestData2); - DetectAppLayerInspectEngineRegister2("http_cookie", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_cookie", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetResponseData2); - DetectAppLayerMpmRegister2("http_cookie", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_cookie", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRequestData2, ALPROTO_HTTP2, HTTP2StateDataClient); - DetectAppLayerMpmRegister2("http_cookie", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_cookie", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetResponseData2, ALPROTO_HTTP2, HTTP2StateDataServer); DetectBufferTypeSetDescriptionByName("http_cookie", diff --git a/src/detect-http-header-names.c b/src/detect-http-header-names.c index 58989a1825df..66bc73d44c80 100644 --- a/src/detect-http-header-names.c +++ b/src/detect-http-header-names.c @@ -219,25 +219,25 @@ void DetectHttpHeaderNamesRegister(void) sigmatch_table[DETECT_AL_HTTP_HEADER_NAMES].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; /* http1 */ - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetBuffer1ForTX, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetBuffer1ForTX, ALPROTO_HTTP1, HTP_RESPONSE_HEADERS); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetBuffer1ForTX); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS, DetectEngineInspectBufferGeneric, GetBuffer1ForTX); /* http2 */ - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetBuffer2ForTX, ALPROTO_HTTP2, HTTP2StateDataClient); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetBuffer2ForTX, ALPROTO_HTTP2, HTTP2StateDataServer); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetBuffer2ForTX); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetBuffer2ForTX); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, diff --git a/src/detect-http-header.c b/src/detect-http-header.c index e5101f9276b0..16ccc56f73e0 100644 --- a/src/detect-http-header.c +++ b/src/detect-http-header.c @@ -434,26 +434,26 @@ void DetectHttpHeaderRegister(void) sigmatch_table[DETECT_HTTP_HEADER].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_HTTP_HEADER].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_header", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_header", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectBufferHttpHeader, NULL); - DetectAppLayerMpmRegister2("http_header", SIG_FLAG_TOSERVER, 2, + DetectAppLayerMpmRegister("http_header", SIG_FLAG_TOSERVER, 2, PrefilterMpmHttpHeaderRequestRegister, NULL, ALPROTO_HTTP1, 0); /* not used, registered twice: HEADERS/TRAILER */ - DetectAppLayerInspectEngineRegister2("http_header", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_header", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS, DetectEngineInspectBufferHttpHeader, NULL); - DetectAppLayerMpmRegister2("http_header", SIG_FLAG_TOCLIENT, 2, + DetectAppLayerMpmRegister("http_header", SIG_FLAG_TOCLIENT, 2, PrefilterMpmHttpHeaderResponseRegister, NULL, ALPROTO_HTTP1, 0); /* not used, registered twice: HEADERS/TRAILER */ - DetectAppLayerInspectEngineRegister2("http_header", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_header", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetBuffer2ForTX); - DetectAppLayerMpmRegister2("http_header", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_header", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetBuffer2ForTX, ALPROTO_HTTP2, HTTP2StateDataClient); - DetectAppLayerInspectEngineRegister2("http_header", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_header", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetBuffer2ForTX); - DetectAppLayerMpmRegister2("http_header", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_header", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetBuffer2ForTX, ALPROTO_HTTP2, HTTP2StateDataServer); DetectBufferTypeSetDescriptionByName("http_header", @@ -739,13 +739,13 @@ void DetectHttpRequestHeaderRegister(void) sigmatch_table[DETECT_HTTP_REQUEST_HEADER].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerMpmRegister2("http_request_header", SIG_FLAG_TOSERVER, 2, + DetectAppLayerMpmRegister("http_request_header", SIG_FLAG_TOSERVER, 2, PrefilterMpmHttp2HeaderRegister, NULL, ALPROTO_HTTP2, HTTP2StateOpen); - DetectAppLayerInspectEngineRegister2("http_request_header", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_request_header", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateOpen, DetectEngineInspectHttp2Header, NULL); - DetectAppLayerMpmRegister2("http_request_header", SIG_FLAG_TOSERVER, 2, + DetectAppLayerMpmRegister("http_request_header", SIG_FLAG_TOSERVER, 2, PrefilterMpmHttp1HeaderRegister, NULL, ALPROTO_HTTP1, 0); - DetectAppLayerInspectEngineRegister2("http_request_header", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_request_header", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectHttp1Header, NULL); DetectBufferTypeSetDescriptionByName("http_request_header", "HTTP header name and value"); @@ -774,13 +774,13 @@ void DetectHttpResponseHeaderRegister(void) sigmatch_table[DETECT_HTTP_RESPONSE_HEADER].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerMpmRegister2("http_response_header", SIG_FLAG_TOCLIENT, 2, + DetectAppLayerMpmRegister("http_response_header", SIG_FLAG_TOCLIENT, 2, PrefilterMpmHttp2HeaderRegister, NULL, ALPROTO_HTTP2, HTTP2StateOpen); - DetectAppLayerInspectEngineRegister2("http_response_header", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_response_header", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateOpen, DetectEngineInspectHttp2Header, NULL); - DetectAppLayerMpmRegister2("http_response_header", SIG_FLAG_TOCLIENT, 2, + DetectAppLayerMpmRegister("http_response_header", SIG_FLAG_TOCLIENT, 2, PrefilterMpmHttp1HeaderRegister, NULL, ALPROTO_HTTP1, 0); - DetectAppLayerInspectEngineRegister2("http_response_header", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_response_header", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS, DetectEngineInspectHttp1Header, NULL); DetectBufferTypeSetDescriptionByName("http_response_header", "HTTP header name and value"); diff --git a/src/detect-http-headers-stub.h b/src/detect-http-headers-stub.h index 3a036d62209e..82d5f543d7a9 100644 --- a/src/detect-http-headers-stub.h +++ b/src/detect-http-headers-stub.h @@ -186,27 +186,27 @@ static void DetectHttpHeadersRegisterStub(void) sigmatch_table[KEYWORD_ID].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; #ifdef KEYWORD_TOSERVER - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRequestData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRequestData2, ALPROTO_HTTP2, HTTP2StateDataClient); #endif #ifdef KEYWORD_TOCLIENT - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetResponseData, ALPROTO_HTTP1, HTP_RESPONSE_HEADERS); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetResponseData2, ALPROTO_HTTP2, HTTP2StateDataServer); #endif #ifdef KEYWORD_TOSERVER - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetRequestData); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetRequestData2); #endif #ifdef KEYWORD_TOCLIENT - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS, DetectEngineInspectBufferGeneric, GetResponseData); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetResponseData2); #endif diff --git a/src/detect-http-host.c b/src/detect-http-host.c index 6f32044a112c..fe36a261e6cc 100644 --- a/src/detect-http-host.c +++ b/src/detect-http-host.c @@ -105,16 +105,16 @@ void DetectHttpHHRegister(void) sigmatch_table[DETECT_HTTP_HOST].Setup = DetectHttpHostSetup; sigmatch_table[DETECT_HTTP_HOST].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_host", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_host", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("http_host", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_host", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); - DetectAppLayerInspectEngineRegister2("http_host", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_host", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2("http_host", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_host", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataClient); DetectBufferTypeRegisterValidateCallback("http_host", @@ -140,16 +140,16 @@ void DetectHttpHHRegister(void) sigmatch_table[DETECT_HTTP_HOST_RAW].Setup = DetectHttpHostRawSetupSticky; sigmatch_table[DETECT_HTTP_HOST_RAW].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_raw_host", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_raw_host", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetRawData); - DetectAppLayerMpmRegister2("http_raw_host", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_raw_host", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRawData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); - DetectAppLayerInspectEngineRegister2("http_raw_host", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_raw_host", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetRawData2); - DetectAppLayerMpmRegister2("http_raw_host", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_raw_host", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRawData2, ALPROTO_HTTP2, HTTP2StateDataClient); DetectBufferTypeSetDescriptionByName("http_raw_host", diff --git a/src/detect-http-method.c b/src/detect-http-method.c index 0ce246359ce9..8d08f0369e90 100644 --- a/src/detect-http-method.c +++ b/src/detect-http-method.c @@ -97,16 +97,16 @@ void DetectHttpMethodRegister(void) sigmatch_table[DETECT_HTTP_METHOD].Setup = DetectHttpMethodSetupSticky; sigmatch_table[DETECT_HTTP_METHOD].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_method", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_method", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("http_method", SIG_FLAG_TOSERVER, 4, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_method", SIG_FLAG_TOSERVER, 4, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_REQUEST_LINE); - DetectAppLayerInspectEngineRegister2("http_method", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_method", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2("http_method", SIG_FLAG_TOSERVER, 4, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_method", SIG_FLAG_TOSERVER, 4, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataClient); DetectBufferTypeSetDescriptionByName("http_method", diff --git a/src/detect-http-protocol.c b/src/detect-http-protocol.c index 9dc3455d2149..ce81c5eb9804 100644 --- a/src/detect-http-protocol.c +++ b/src/detect-http-protocol.c @@ -140,22 +140,22 @@ void DetectHttpProtocolRegister(void) sigmatch_table[DETECT_AL_HTTP_PROTOCOL].Setup = DetectHttpProtocolSetup; sigmatch_table[DETECT_AL_HTTP_PROTOCOL].flags |= SIGMATCH_INFO_STICKY_BUFFER | SIGMATCH_NOOPT; - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_REQUEST_LINE); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_RESPONSE_LINE); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_LINE, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataClient); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataServer); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, diff --git a/src/detect-http-raw-header.c b/src/detect-http-raw-header.c index 946c2233e5c2..efda9b73f888 100644 --- a/src/detect-http-raw-header.c +++ b/src/detect-http-raw-header.c @@ -95,26 +95,26 @@ void DetectHttpRawHeaderRegister(void) sigmatch_table[DETECT_HTTP_RAW_HEADER].Setup = DetectHttpRawHeaderSetupSticky; sigmatch_table[DETECT_HTTP_RAW_HEADER].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_raw_header", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_raw_header", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS + 1, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerInspectEngineRegister2("http_raw_header", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_raw_header", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS + 1, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("http_raw_header", SIG_FLAG_TOSERVER, 2, + DetectAppLayerMpmRegister("http_raw_header", SIG_FLAG_TOSERVER, 2, PrefilterMpmHttpHeaderRawRequestRegister, NULL, ALPROTO_HTTP1, 0); /* progress handled in register */ - DetectAppLayerMpmRegister2("http_raw_header", SIG_FLAG_TOCLIENT, 2, + DetectAppLayerMpmRegister("http_raw_header", SIG_FLAG_TOCLIENT, 2, PrefilterMpmHttpHeaderRawResponseRegister, NULL, ALPROTO_HTTP1, 0); /* progress handled in register */ - DetectAppLayerInspectEngineRegister2("http_raw_header", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_raw_header", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerInspectEngineRegister2("http_raw_header", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_raw_header", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2("http_raw_header", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_raw_header", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataClient); - DetectAppLayerMpmRegister2("http_raw_header", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_raw_header", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataServer); DetectBufferTypeSetDescriptionByName("http_raw_header", diff --git a/src/detect-http-request-line.c b/src/detect-http-request-line.c index 89d38cbd0a8a..886e643a3eda 100644 --- a/src/detect-http-request-line.c +++ b/src/detect-http-request-line.c @@ -109,15 +109,15 @@ void DetectHttpRequestLineRegister(void) #endif sigmatch_table[DETECT_AL_HTTP_REQUEST_LINE].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_request_line", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_request_line", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("http_request_line", SIG_FLAG_TOSERVER, 2, + DetectAppLayerMpmRegister("http_request_line", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_REQUEST_LINE); - DetectAppLayerInspectEngineRegister2("http_request_line", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_request_line", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2("http_request_line", SIG_FLAG_TOSERVER, 2, + DetectAppLayerMpmRegister("http_request_line", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataClient); DetectBufferTypeSetDescriptionByName("http_request_line", diff --git a/src/detect-http-response-line.c b/src/detect-http-response-line.c index 8758644681c7..69ee8c2709ab 100644 --- a/src/detect-http-response-line.c +++ b/src/detect-http-response-line.c @@ -108,15 +108,15 @@ void DetectHttpResponseLineRegister(void) #endif sigmatch_table[DETECT_AL_HTTP_RESPONSE_LINE].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_response_line", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_response_line", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_LINE, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("http_response_line", SIG_FLAG_TOCLIENT, 2, + DetectAppLayerMpmRegister("http_response_line", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_RESPONSE_LINE); - DetectAppLayerInspectEngineRegister2("http_response_line", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_response_line", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2("http_response_line", SIG_FLAG_TOCLIENT, 2, + DetectAppLayerMpmRegister("http_response_line", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataServer); DetectBufferTypeSetDescriptionByName("http_response_line", diff --git a/src/detect-http-start.c b/src/detect-http-start.c index fed1abc96256..e88ac3cdf68f 100644 --- a/src/detect-http-start.c +++ b/src/detect-http-start.c @@ -188,14 +188,14 @@ void DetectHttpStartRegister(void) sigmatch_table[DETECT_AL_HTTP_START].Setup = DetectHttpStartSetup; sigmatch_table[DETECT_AL_HTTP_START].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetBuffer1ForTX, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetBuffer1ForTX, ALPROTO_HTTP1, HTP_RESPONSE_HEADERS); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetBuffer1ForTX); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS, DetectEngineInspectBufferGeneric, GetBuffer1ForTX); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, diff --git a/src/detect-http-stat-code.c b/src/detect-http-stat-code.c index 1e7087a318b3..37dfb2efbdcc 100644 --- a/src/detect-http-stat-code.c +++ b/src/detect-http-stat-code.c @@ -98,16 +98,16 @@ void DetectHttpStatCodeRegister (void) sigmatch_table[DETECT_HTTP_STAT_CODE].Setup = DetectHttpStatCodeSetupSticky; sigmatch_table[DETECT_HTTP_STAT_CODE].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_stat_code", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_stat_code", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_LINE, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("http_stat_code", SIG_FLAG_TOCLIENT, 4, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_stat_code", SIG_FLAG_TOCLIENT, 4, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_RESPONSE_LINE); - DetectAppLayerInspectEngineRegister2("http_stat_code", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_stat_code", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2("http_stat_code", SIG_FLAG_TOCLIENT, 4, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_stat_code", SIG_FLAG_TOCLIENT, 4, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataServer); DetectBufferTypeSetDescriptionByName("http_stat_code", diff --git a/src/detect-http-stat-msg.c b/src/detect-http-stat-msg.c index 6be7de64f756..b1a485d7a933 100644 --- a/src/detect-http-stat-msg.c +++ b/src/detect-http-stat-msg.c @@ -108,15 +108,15 @@ void DetectHttpStatMsgRegister (void) sigmatch_table[DETECT_HTTP_STAT_MSG].Setup = DetectHttpStatMsgSetupSticky; sigmatch_table[DETECT_HTTP_STAT_MSG].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_stat_msg", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_stat_msg", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_LINE, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("http_stat_msg", SIG_FLAG_TOCLIENT, 3, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_stat_msg", SIG_FLAG_TOCLIENT, 3, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_RESPONSE_LINE); - DetectAppLayerInspectEngineRegister2("http_stat_msg", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_stat_msg", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2("http_stat_msg", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_stat_msg", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataServer); DetectBufferTypeSetDescriptionByName("http_stat_msg", diff --git a/src/detect-http-ua.c b/src/detect-http-ua.c index 7138cf93fea4..8babd9adcb50 100644 --- a/src/detect-http-ua.c +++ b/src/detect-http-ua.c @@ -98,16 +98,16 @@ void DetectHttpUARegister(void) sigmatch_table[DETECT_HTTP_UA].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_HTTP_UA].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_user_agent", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_user_agent", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("http_user_agent", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_user_agent", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); - DetectAppLayerInspectEngineRegister2("http_user_agent", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_user_agent", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2("http_user_agent", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_user_agent", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataClient); DetectBufferTypeSetDescriptionByName("http_user_agent", diff --git a/src/detect-http-uri.c b/src/detect-http-uri.c index cc43023a783a..12c6f8788549 100644 --- a/src/detect-http-uri.c +++ b/src/detect-http-uri.c @@ -107,16 +107,16 @@ void DetectHttpUriRegister (void) sigmatch_table[DETECT_HTTP_URI].Setup = DetectHttpUriSetupSticky; sigmatch_table[DETECT_HTTP_URI].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_uri", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_uri", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("http_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_REQUEST_LINE); - DetectAppLayerInspectEngineRegister2("http_uri", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_uri", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2("http_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataClient); DetectBufferTypeSetDescriptionByName("http_uri", @@ -145,17 +145,17 @@ void DetectHttpUriRegister (void) sigmatch_table[DETECT_HTTP_URI_RAW].Setup = DetectHttpRawUriSetupSticky; sigmatch_table[DETECT_HTTP_URI_RAW].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_raw_uri", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_raw_uri", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetRawData); - DetectAppLayerMpmRegister2("http_raw_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_raw_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRawData, ALPROTO_HTTP1, HTP_REQUEST_LINE); // no difference between raw and decoded uri for HTTP2 - DetectAppLayerInspectEngineRegister2("http_raw_uri", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_raw_uri", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2("http_raw_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_raw_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataClient); DetectBufferTypeSetDescriptionByName("http_raw_uri", diff --git a/src/detect-http2.c b/src/detect-http2.c index 40cbe3e3a78e..560cb941cc2c 100644 --- a/src/detect-http2.c +++ b/src/detect-http2.c @@ -177,26 +177,22 @@ void DetectHttp2Register(void) sigmatch_table[DETECT_HTTP2_HEADERNAME].Setup = DetectHTTP2headerNameSetup; sigmatch_table[DETECT_HTTP2_HEADERNAME].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerMpmRegister2("http2_header_name", SIG_FLAG_TOCLIENT, 2, - PrefilterMpmHttp2HeaderNameRegister, NULL, - ALPROTO_HTTP2, HTTP2StateOpen); - DetectAppLayerInspectEngineRegister2("http2_header_name", - ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateOpen, - DetectEngineInspectHttp2HeaderName, NULL); - DetectAppLayerMpmRegister2("http2_header_name", SIG_FLAG_TOSERVER, 2, - PrefilterMpmHttp2HeaderNameRegister, NULL, - ALPROTO_HTTP2, HTTP2StateOpen); - DetectAppLayerInspectEngineRegister2("http2_header_name", - ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateOpen, - DetectEngineInspectHttp2HeaderName, NULL); + DetectAppLayerMpmRegister("http2_header_name", SIG_FLAG_TOCLIENT, 2, + PrefilterMpmHttp2HeaderNameRegister, NULL, ALPROTO_HTTP2, HTTP2StateOpen); + DetectAppLayerInspectEngineRegister("http2_header_name", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + HTTP2StateOpen, DetectEngineInspectHttp2HeaderName, NULL); + DetectAppLayerMpmRegister("http2_header_name", SIG_FLAG_TOSERVER, 2, + PrefilterMpmHttp2HeaderNameRegister, NULL, ALPROTO_HTTP2, HTTP2StateOpen); + DetectAppLayerInspectEngineRegister("http2_header_name", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + HTTP2StateOpen, DetectEngineInspectHttp2HeaderName, NULL); DetectBufferTypeSupportsMultiInstance("http2_header_name"); DetectBufferTypeSetDescriptionByName("http2_header_name", "HTTP2 header name"); g_http2_header_name_buffer_id = DetectBufferTypeGetByName("http2_header_name"); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "http2", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "http2", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); g_http2_match_buffer_id = DetectBufferTypeRegister("http2"); diff --git a/src/detect-ike-chosen-sa.c b/src/detect-ike-chosen-sa.c index 59d245de7611..083a9a6ad5b1 100644 --- a/src/detect-ike-chosen-sa.c +++ b/src/detect-ike-chosen-sa.c @@ -77,7 +77,7 @@ void DetectIkeChosenSaRegister(void) #endif DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); - DetectAppLayerInspectEngineRegister2("ike.chosen_sa_attribute", ALPROTO_IKE, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("ike.chosen_sa_attribute", ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectGenericList, NULL); g_ike_chosen_sa_buffer_id = DetectBufferTypeGetByName("ike.chosen_sa_attribute"); diff --git a/src/detect-ike-exch-type.c b/src/detect-ike-exch-type.c index 3beb2c3a2519..12751d2a4fbb 100644 --- a/src/detect-ike-exch-type.c +++ b/src/detect-ike-exch-type.c @@ -57,10 +57,10 @@ void DetectIkeExchTypeRegister(void) sigmatch_table[DETECT_AL_IKE_EXCH_TYPE].Setup = DetectIkeExchTypeSetup; sigmatch_table[DETECT_AL_IKE_EXCH_TYPE].Free = DetectIkeExchTypeFree; - DetectAppLayerInspectEngineRegister2("ike.exchtype", ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister("ike.exchtype", ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("ike.exchtype", ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister("ike.exchtype", ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectGenericList, NULL); g_ike_exch_type_buffer_id = DetectBufferTypeGetByName("ike.exchtype"); diff --git a/src/detect-ike-key-exchange-payload-length.c b/src/detect-ike-key-exchange-payload-length.c index 998948f4827c..2691c4ce89e0 100644 --- a/src/detect-ike-key-exchange-payload-length.c +++ b/src/detect-ike-key-exchange-payload-length.c @@ -61,10 +61,10 @@ void DetectIkeKeyExchangePayloadLengthRegister(void) sigmatch_table[DETECT_AL_IKE_KEY_EXCHANGE_PAYLOAD_LENGTH].Free = DetectIkeKeyExchangePayloadLengthFree; - DetectAppLayerInspectEngineRegister2("ike.key_exchange_payload_length", ALPROTO_IKE, + DetectAppLayerInspectEngineRegister("ike.key_exchange_payload_length", ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("ike.key_exchange_payload_length", ALPROTO_IKE, + DetectAppLayerInspectEngineRegister("ike.key_exchange_payload_length", ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectGenericList, NULL); g_ike_key_exch_payload_length_buffer_id = diff --git a/src/detect-ike-key-exchange-payload.c b/src/detect-ike-key-exchange-payload.c index 813e5bf080cd..9d83fba33dec 100644 --- a/src/detect-ike-key-exchange-payload.c +++ b/src/detect-ike-key-exchange-payload.c @@ -100,16 +100,16 @@ void DetectIkeKeyExchangeRegister(void) sigmatch_table[DETECT_AL_IKE_KEY_EXCHANGE].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME_KEY_EXCHANGE, ALPROTO_IKE, SIG_FLAG_TOSERVER, - 1, DetectEngineInspectBufferGeneric, GetKeyExchangeData); + DetectAppLayerInspectEngineRegister(BUFFER_NAME_KEY_EXCHANGE, ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, + DetectEngineInspectBufferGeneric, GetKeyExchangeData); - DetectAppLayerMpmRegister2(BUFFER_NAME_KEY_EXCHANGE, SIG_FLAG_TOSERVER, 1, + DetectAppLayerMpmRegister(BUFFER_NAME_KEY_EXCHANGE, SIG_FLAG_TOSERVER, 1, PrefilterGenericMpmRegister, GetKeyExchangeData, ALPROTO_IKE, 1); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME_KEY_EXCHANGE, ALPROTO_IKE, SIG_FLAG_TOCLIENT, - 1, DetectEngineInspectBufferGeneric, GetKeyExchangeData); + DetectAppLayerInspectEngineRegister(BUFFER_NAME_KEY_EXCHANGE, ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, + DetectEngineInspectBufferGeneric, GetKeyExchangeData); - DetectAppLayerMpmRegister2(BUFFER_NAME_KEY_EXCHANGE, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerMpmRegister(BUFFER_NAME_KEY_EXCHANGE, SIG_FLAG_TOCLIENT, 1, PrefilterGenericMpmRegister, GetKeyExchangeData, ALPROTO_IKE, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME_KEY_EXCHANGE, BUFFER_DESC_KEY_EXCHANGE); diff --git a/src/detect-ike-nonce-payload-length.c b/src/detect-ike-nonce-payload-length.c index 91bc6c200cac..033f8aa6e865 100644 --- a/src/detect-ike-nonce-payload-length.c +++ b/src/detect-ike-nonce-payload-length.c @@ -57,10 +57,10 @@ void DetectIkeNoncePayloadLengthRegister(void) sigmatch_table[DETECT_AL_IKE_NONCE_PAYLOAD_LENGTH].Setup = DetectIkeNoncePayloadLengthSetup; sigmatch_table[DETECT_AL_IKE_NONCE_PAYLOAD_LENGTH].Free = DetectIkeNoncePayloadLengthFree; - DetectAppLayerInspectEngineRegister2("ike.nonce_payload_length", ALPROTO_IKE, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("ike.nonce_payload_length", ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("ike.nonce_payload_length", ALPROTO_IKE, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("ike.nonce_payload_length", ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectGenericList, NULL); g_ike_nonce_payload_length_buffer_id = DetectBufferTypeGetByName("ike.nonce_payload_length"); diff --git a/src/detect-ike-nonce-payload.c b/src/detect-ike-nonce-payload.c index a6b73cdf8487..a2c4ac6f9a2a 100644 --- a/src/detect-ike-nonce-payload.c +++ b/src/detect-ike-nonce-payload.c @@ -99,16 +99,16 @@ void DetectIkeNonceRegister(void) sigmatch_table[DETECT_AL_IKE_NONCE].Setup = DetectNonceSetup; sigmatch_table[DETECT_AL_IKE_NONCE].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME_NONCE, ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME_NONCE, ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, DetectEngineInspectBufferGeneric, GetNonceData); - DetectAppLayerMpmRegister2(BUFFER_NAME_NONCE, SIG_FLAG_TOSERVER, 1, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME_NONCE, SIG_FLAG_TOSERVER, 1, PrefilterGenericMpmRegister, GetNonceData, ALPROTO_IKE, 1); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME_NONCE, ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME_NONCE, ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, GetNonceData); - DetectAppLayerMpmRegister2(BUFFER_NAME_NONCE, SIG_FLAG_TOCLIENT, 1, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME_NONCE, SIG_FLAG_TOCLIENT, 1, PrefilterGenericMpmRegister, GetNonceData, ALPROTO_IKE, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME_NONCE, BUFFER_DESC_NONCE); diff --git a/src/detect-ike-spi.c b/src/detect-ike-spi.c index 5514d0202cb5..9f310b8f580a 100644 --- a/src/detect-ike-spi.c +++ b/src/detect-ike-spi.c @@ -138,10 +138,10 @@ void DetectIkeSpiRegister(void) sigmatch_table[DETECT_AL_IKE_SPI_INITIATOR].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME_INITIATOR, ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME_INITIATOR, ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, DetectEngineInspectBufferGeneric, GetInitiatorData); - DetectAppLayerMpmRegister2(BUFFER_NAME_INITIATOR, SIG_FLAG_TOSERVER, 1, + DetectAppLayerMpmRegister(BUFFER_NAME_INITIATOR, SIG_FLAG_TOSERVER, 1, PrefilterGenericMpmRegister, GetInitiatorData, ALPROTO_IKE, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME_INITIATOR, BUFFER_DESC_INITIATOR); @@ -158,10 +158,10 @@ void DetectIkeSpiRegister(void) sigmatch_table[DETECT_AL_IKE_SPI_RESPONDER].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME_RESPONDER, ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME_RESPONDER, ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, GetResponderData); - DetectAppLayerMpmRegister2(BUFFER_NAME_RESPONDER, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerMpmRegister(BUFFER_NAME_RESPONDER, SIG_FLAG_TOCLIENT, 1, PrefilterGenericMpmRegister, GetResponderData, ALPROTO_IKE, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME_RESPONDER, BUFFER_DESC_RESPONDER); diff --git a/src/detect-ike-vendor.c b/src/detect-ike-vendor.c index 54418e0fe01a..004da45eaafe 100644 --- a/src/detect-ike-vendor.c +++ b/src/detect-ike-vendor.c @@ -182,10 +182,10 @@ void DetectIkeVendorRegister(void) sigmatch_table[DETECT_AL_IKE_VENDOR].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_IKE_VENDOR].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerMpmRegister2("ike.vendor", SIG_FLAG_TOSERVER, 1, PrefilterMpmIkeVendorRegister, + DetectAppLayerMpmRegister("ike.vendor", SIG_FLAG_TOSERVER, 1, PrefilterMpmIkeVendorRegister, NULL, ALPROTO_IKE, 1); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "ike.vendor", ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, DetectEngineInspectIkeVendor, NULL); g_ike_vendor_buffer_id = DetectBufferTypeGetByName("ike.vendor"); diff --git a/src/detect-krb5-cname.c b/src/detect-krb5-cname.c index d6f653beed18..f677b868d61f 100644 --- a/src/detect-krb5-cname.c +++ b/src/detect-krb5-cname.c @@ -196,13 +196,11 @@ void DetectKrb5CNameRegister(void) sigmatch_table[DETECT_AL_KRB5_CNAME].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; sigmatch_table[DETECT_AL_KRB5_CNAME].desc = "sticky buffer to match on Kerberos 5 client name"; - DetectAppLayerMpmRegister2("krb5_cname", SIG_FLAG_TOCLIENT, 2, - PrefilterMpmKrb5CNameRegister, NULL, - ALPROTO_KRB5, 1); + DetectAppLayerMpmRegister("krb5_cname", SIG_FLAG_TOCLIENT, 2, PrefilterMpmKrb5CNameRegister, + NULL, ALPROTO_KRB5, 1); - DetectAppLayerInspectEngineRegister2("krb5_cname", - ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, - DetectEngineInspectKrb5CName, NULL); + DetectAppLayerInspectEngineRegister( + "krb5_cname", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectKrb5CName, NULL); DetectBufferTypeSetDescriptionByName("krb5_cname", "Kerberos 5 ticket client name"); diff --git a/src/detect-krb5-errcode.c b/src/detect-krb5-errcode.c index 30c516f8d273..6fd4a0232ca7 100644 --- a/src/detect-krb5-errcode.c +++ b/src/detect-krb5-errcode.c @@ -69,10 +69,10 @@ void DetectKrb5ErrCodeRegister(void) sigmatch_table[DETECT_AL_KRB5_ERRCODE].RegisterTests = DetectKrb5ErrCodeRegisterTests; #endif - DetectAppLayerInspectEngineRegister2("krb5_err_code", ALPROTO_KRB5, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("krb5_err_code", ALPROTO_KRB5, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("krb5_err_code", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("krb5_err_code", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); /* set up the PCRE for keyword parsing */ diff --git a/src/detect-krb5-msgtype.c b/src/detect-krb5-msgtype.c index 0dd800d6be58..2afd48bcd43c 100644 --- a/src/detect-krb5-msgtype.c +++ b/src/detect-krb5-msgtype.c @@ -69,10 +69,10 @@ void DetectKrb5MsgTypeRegister(void) sigmatch_table[DETECT_AL_KRB5_MSGTYPE].RegisterTests = DetectKrb5MsgTypeRegisterTests; #endif - DetectAppLayerInspectEngineRegister2("krb5_msg_type", ALPROTO_KRB5, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("krb5_msg_type", ALPROTO_KRB5, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("krb5_msg_type", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("krb5_msg_type", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); /* set up the PCRE for keyword parsing */ diff --git a/src/detect-krb5-sname.c b/src/detect-krb5-sname.c index e4ccc6c2432e..1848ff35e117 100644 --- a/src/detect-krb5-sname.c +++ b/src/detect-krb5-sname.c @@ -196,13 +196,11 @@ void DetectKrb5SNameRegister(void) sigmatch_table[DETECT_AL_KRB5_SNAME].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; sigmatch_table[DETECT_AL_KRB5_SNAME].desc = "sticky buffer to match on Kerberos 5 server name"; - DetectAppLayerMpmRegister2("krb5_sname", SIG_FLAG_TOCLIENT, 2, - PrefilterMpmKrb5SNameRegister, NULL, - ALPROTO_KRB5, 1); + DetectAppLayerMpmRegister("krb5_sname", SIG_FLAG_TOCLIENT, 2, PrefilterMpmKrb5SNameRegister, + NULL, ALPROTO_KRB5, 1); - DetectAppLayerInspectEngineRegister2("krb5_sname", - ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, - DetectEngineInspectKrb5SName, NULL); + DetectAppLayerInspectEngineRegister( + "krb5_sname", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectKrb5SName, NULL); DetectBufferTypeSetDescriptionByName("krb5_sname", "Kerberos 5 ticket server name"); diff --git a/src/detect-krb5-ticket-encryption.c b/src/detect-krb5-ticket-encryption.c index ea1444e30d36..4c4582f1b4b6 100644 --- a/src/detect-krb5-ticket-encryption.c +++ b/src/detect-krb5-ticket-encryption.c @@ -85,7 +85,7 @@ void DetectKrb5TicketEncryptionRegister(void) sigmatch_table[DETECT_AL_KRB5_TICKET_ENCRYPTION].Free = DetectKrb5TicketEncryptionFree; // Tickets are only from server to client - DetectAppLayerInspectEngineRegister2("krb5_ticket_encryption", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("krb5_ticket_encryption", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); g_krb5_ticket_encryption_list_id = DetectBufferTypeRegister("krb5_ticket_encryption"); diff --git a/src/detect-lua.c b/src/detect-lua.c index dfb26dcbe698..203faf388496 100644 --- a/src/detect-lua.c +++ b/src/detect-lua.c @@ -123,9 +123,9 @@ void DetectLuaRegister(void) #endif g_smtp_generic_list_id = DetectBufferTypeRegister("smtp_generic"); - DetectAppLayerInspectEngineRegister2("smtp_generic", ALPROTO_SMTP, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("smtp_generic", ALPROTO_SMTP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("smtp_generic", ALPROTO_SMTP, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("smtp_generic", ALPROTO_SMTP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); SCLogDebug("registering lua rule option"); diff --git a/src/detect-modbus.c b/src/detect-modbus.c index b010500a143c..b41dc8e6afd3 100644 --- a/src/detect-modbus.c +++ b/src/detect-modbus.c @@ -134,7 +134,7 @@ void DetectModbusRegister(void) sigmatch_table[DETECT_AL_MODBUS].Free = DetectModbusFree; sigmatch_table[DETECT_AL_MODBUS].AppLayerTxMatch = DetectModbusMatch; - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "modbus", ALPROTO_MODBUS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); g_modbus_buffer_id = DetectBufferTypeGetByName("modbus"); diff --git a/src/detect-mqtt-connack-sessionpresent.c b/src/detect-mqtt-connack-sessionpresent.c index 7ec902f1172c..cb0ebaecfd01 100644 --- a/src/detect-mqtt-connack-sessionpresent.c +++ b/src/detect-mqtt-connack-sessionpresent.c @@ -62,7 +62,7 @@ void DetectMQTTConnackSessionPresentRegister (void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); - DetectAppLayerInspectEngineRegister2("mqtt.connack.session_present", ALPROTO_MQTT, + DetectAppLayerInspectEngineRegister("mqtt.connack.session_present", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); mqtt_connack_session_present_id = DetectBufferTypeGetByName("mqtt.connack.session_present"); diff --git a/src/detect-mqtt-connect-clientid.c b/src/detect-mqtt-connect-clientid.c index 1acebf9943bc..c3bc31474342 100644 --- a/src/detect-mqtt-connect-clientid.c +++ b/src/detect-mqtt-connect-clientid.c @@ -78,13 +78,11 @@ void DetectMQTTConnectClientIDRegister(void) sigmatch_table[DETECT_AL_MQTT_CONNECT_CLIENTID].Setup = DetectMQTTConnectClientIDSetup; sigmatch_table[DETECT_AL_MQTT_CONNECT_CLIENTID].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_MQTT, - SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_MQTT, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_MQTT, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_MQTT, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-mqtt-connect-flags.c b/src/detect-mqtt-connect-flags.c index 49bfae6f4b52..30fece2780f9 100644 --- a/src/detect-mqtt-connect-flags.c +++ b/src/detect-mqtt-connect-flags.c @@ -70,7 +70,7 @@ void DetectMQTTConnectFlagsRegister (void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); - DetectAppLayerInspectEngineRegister2("mqtt.connect.flags", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister("mqtt.connect.flags", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); mqtt_connect_flags_id = DetectBufferTypeGetByName("mqtt.connect.flags"); diff --git a/src/detect-mqtt-connect-password.c b/src/detect-mqtt-connect-password.c index c08390748fe0..57ec1ba24ff9 100644 --- a/src/detect-mqtt-connect-password.c +++ b/src/detect-mqtt-connect-password.c @@ -78,13 +78,11 @@ void DetectMQTTConnectPasswordRegister(void) sigmatch_table[DETECT_AL_MQTT_CONNECT_PASSWORD].Setup = DetectMQTTConnectPasswordSetup; sigmatch_table[DETECT_AL_MQTT_CONNECT_PASSWORD].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_MQTT, - SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_MQTT, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_MQTT, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_MQTT, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-mqtt-connect-username.c b/src/detect-mqtt-connect-username.c index dbc772d22058..607a35685493 100644 --- a/src/detect-mqtt-connect-username.c +++ b/src/detect-mqtt-connect-username.c @@ -78,13 +78,11 @@ void DetectMQTTConnectUsernameRegister(void) sigmatch_table[DETECT_AL_MQTT_CONNECT_USERNAME].Setup = DetectMQTTConnectUsernameSetup; sigmatch_table[DETECT_AL_MQTT_CONNECT_USERNAME].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_MQTT, - SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_MQTT, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_MQTT, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_MQTT, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-mqtt-connect-willmessage.c b/src/detect-mqtt-connect-willmessage.c index 48d851d3209e..8ff68a6594e3 100644 --- a/src/detect-mqtt-connect-willmessage.c +++ b/src/detect-mqtt-connect-willmessage.c @@ -78,13 +78,11 @@ void DetectMQTTConnectWillMessageRegister(void) sigmatch_table[DETECT_AL_MQTT_CONNECT_WILLMESSAGE].Setup = DetectMQTTConnectWillMessageSetup; sigmatch_table[DETECT_AL_MQTT_CONNECT_WILLMESSAGE].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_MQTT, - SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_MQTT, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_MQTT, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_MQTT, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-mqtt-connect-willtopic.c b/src/detect-mqtt-connect-willtopic.c index da3d2640dd96..55efe93122eb 100644 --- a/src/detect-mqtt-connect-willtopic.c +++ b/src/detect-mqtt-connect-willtopic.c @@ -78,13 +78,11 @@ void DetectMQTTConnectWillTopicRegister(void) sigmatch_table[DETECT_AL_MQTT_CONNECT_WILLTOPIC].Setup = DetectMQTTConnectWillTopicSetup; sigmatch_table[DETECT_AL_MQTT_CONNECT_WILLTOPIC].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_MQTT, - SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_MQTT, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_MQTT, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_MQTT, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-mqtt-flags.c b/src/detect-mqtt-flags.c index 799e1668e404..4774818066f9 100644 --- a/src/detect-mqtt-flags.c +++ b/src/detect-mqtt-flags.c @@ -66,7 +66,7 @@ void DetectMQTTFlagsRegister (void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "mqtt.flags", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); mqtt_flags_id = DetectBufferTypeGetByName("mqtt.flags"); diff --git a/src/detect-mqtt-protocol-version.c b/src/detect-mqtt-protocol-version.c index 39a9ce67d6f9..f696b1e27fb6 100644 --- a/src/detect-mqtt-protocol-version.c +++ b/src/detect-mqtt-protocol-version.c @@ -59,8 +59,8 @@ void DetectMQTTProtocolVersionRegister (void) sigmatch_table[DETECT_AL_MQTT_PROTOCOL_VERSION].RegisterTests = MQTTProtocolVersionRegisterTests; #endif - DetectAppLayerInspectEngineRegister2("mqtt.protocol_version", ALPROTO_MQTT, SIG_FLAG_TOSERVER, - 1, DetectEngineInspectGenericList, NULL); + DetectAppLayerInspectEngineRegister("mqtt.protocol_version", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, + DetectEngineInspectGenericList, NULL); mqtt_protocol_version_id = DetectBufferTypeGetByName("mqtt.protocol_version"); } diff --git a/src/detect-mqtt-publish-message.c b/src/detect-mqtt-publish-message.c index 32f3bd6460ad..02595737271c 100644 --- a/src/detect-mqtt-publish-message.c +++ b/src/detect-mqtt-publish-message.c @@ -78,13 +78,11 @@ void DetectMQTTPublishMessageRegister(void) sigmatch_table[DETECT_AL_MQTT_PUBLISH_MESSAGE].Setup = DetectMQTTPublishMessageSetup; sigmatch_table[DETECT_AL_MQTT_PUBLISH_MESSAGE].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_MQTT, - SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_MQTT, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_MQTT, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_MQTT, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-mqtt-publish-topic.c b/src/detect-mqtt-publish-topic.c index c03a47b5eda7..6538857e8c2b 100644 --- a/src/detect-mqtt-publish-topic.c +++ b/src/detect-mqtt-publish-topic.c @@ -78,13 +78,11 @@ void DetectMQTTPublishTopicRegister(void) sigmatch_table[DETECT_AL_MQTT_PUBLISH_TOPIC].Setup = DetectMQTTPublishTopicSetup; sigmatch_table[DETECT_AL_MQTT_PUBLISH_TOPIC].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_MQTT, - SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_MQTT, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_MQTT, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_MQTT, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-mqtt-qos.c b/src/detect-mqtt-qos.c index 07aa834dc20d..6349150ade5d 100644 --- a/src/detect-mqtt-qos.c +++ b/src/detect-mqtt-qos.c @@ -58,7 +58,7 @@ void DetectMQTTQosRegister (void) sigmatch_table[DETECT_AL_MQTT_QOS].RegisterTests = MQTTQosRegisterTests; #endif - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "mqtt.qos", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); mqtt_qos_id = DetectBufferTypeGetByName("mqtt.qos"); diff --git a/src/detect-mqtt-reason-code.c b/src/detect-mqtt-reason-code.c index 085c9c047c9f..56f85f64f667 100644 --- a/src/detect-mqtt-reason-code.c +++ b/src/detect-mqtt-reason-code.c @@ -64,7 +64,7 @@ void DetectMQTTReasonCodeRegister (void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); - DetectAppLayerInspectEngineRegister2("mqtt.reason_code", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister("mqtt.reason_code", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); mqtt_reason_code_id = DetectBufferTypeGetByName("mqtt.reason_code"); diff --git a/src/detect-mqtt-subscribe-topic.c b/src/detect-mqtt-subscribe-topic.c index c2793bb13a80..18ebc04a6236 100644 --- a/src/detect-mqtt-subscribe-topic.c +++ b/src/detect-mqtt-subscribe-topic.c @@ -211,12 +211,10 @@ void DetectMQTTSubscribeTopicRegister (void) subscribe_topic_match_limit); } - DetectAppLayerMpmRegister2("mqtt.subscribe.topic", SIG_FLAG_TOSERVER, 1, - PrefilterMpmMQTTSubscribeTopicRegister, NULL, - ALPROTO_MQTT, 1); + DetectAppLayerMpmRegister("mqtt.subscribe.topic", SIG_FLAG_TOSERVER, 1, + PrefilterMpmMQTTSubscribeTopicRegister, NULL, ALPROTO_MQTT, 1); - DetectAppLayerInspectEngineRegister2("mqtt.subscribe.topic", - ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister("mqtt.subscribe.topic", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectMQTTSubscribeTopic, NULL); DetectBufferTypeSetDescriptionByName("mqtt.subscribe.topic", diff --git a/src/detect-mqtt-type.c b/src/detect-mqtt-type.c index 3bc7f1e4f593..8a228f1b9835 100644 --- a/src/detect-mqtt-type.c +++ b/src/detect-mqtt-type.c @@ -57,7 +57,7 @@ void DetectMQTTTypeRegister (void) sigmatch_table[DETECT_AL_MQTT_TYPE].RegisterTests = MQTTTypeRegisterTests; #endif - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "mqtt.type", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); mqtt_type_id = DetectBufferTypeGetByName("mqtt.type"); diff --git a/src/detect-mqtt-unsubscribe-topic.c b/src/detect-mqtt-unsubscribe-topic.c index 0ff49ea6d0d3..3feae907f17c 100644 --- a/src/detect-mqtt-unsubscribe-topic.c +++ b/src/detect-mqtt-unsubscribe-topic.c @@ -211,13 +211,11 @@ void DetectMQTTUnsubscribeTopicRegister (void) unsubscribe_topic_match_limit); } - DetectAppLayerMpmRegister2("mqtt.unsubscribe.topic", SIG_FLAG_TOSERVER, 1, - PrefilterMpmMQTTUnsubscribeTopicRegister, NULL, - ALPROTO_MQTT, 1); + DetectAppLayerMpmRegister("mqtt.unsubscribe.topic", SIG_FLAG_TOSERVER, 1, + PrefilterMpmMQTTUnsubscribeTopicRegister, NULL, ALPROTO_MQTT, 1); - DetectAppLayerInspectEngineRegister2("mqtt.unsubscribe.topic", - ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, - DetectEngineInspectMQTTUnsubscribeTopic, NULL); + DetectAppLayerInspectEngineRegister("mqtt.unsubscribe.topic", ALPROTO_MQTT, SIG_FLAG_TOSERVER, + 1, DetectEngineInspectMQTTUnsubscribeTopic, NULL); DetectBufferTypeSetDescriptionByName("mqtt.unsubscribe.topic", "unsubscribe topic query"); diff --git a/src/detect-nfs-procedure.c b/src/detect-nfs-procedure.c index 08d69f7d6371..74ea8e917de2 100644 --- a/src/detect-nfs-procedure.c +++ b/src/detect-nfs-procedure.c @@ -74,7 +74,7 @@ void DetectNfsProcedureRegister (void) sigmatch_table[DETECT_AL_NFS_PROCEDURE].RegisterTests = DetectNfsProcedureRegisterTests; #endif - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "nfs_request", ALPROTO_NFS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); g_nfs_request_buffer_id = DetectBufferTypeGetByName("nfs_request"); diff --git a/src/detect-nfs-version.c b/src/detect-nfs-version.c index 5b4f3b82def8..a8c6ef8914d4 100644 --- a/src/detect-nfs-version.c +++ b/src/detect-nfs-version.c @@ -69,7 +69,7 @@ void DetectNfsVersionRegister (void) sigmatch_table[DETECT_AL_NFS_VERSION].Setup = DetectNfsVersionSetup; sigmatch_table[DETECT_AL_NFS_VERSION].Free = DetectNfsVersionFree; // unit tests were the same as DetectNfsProcedureRegisterTests - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "nfs_request", ALPROTO_NFS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); g_nfs_request_buffer_id = DetectBufferTypeGetByName("nfs_request"); diff --git a/src/detect-parse.c b/src/detect-parse.c index d9800f0a2f34..802ba2b05123 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -107,18 +107,16 @@ void DetectFileRegisterFileProtocols(DetectFileHandlerTableElmt *reg) : al_protocols[i].direction; if (direction & SIG_FLAG_TOCLIENT) { - DetectAppLayerMpmRegister2(reg->name, SIG_FLAG_TOCLIENT, reg->priority, - reg->PrefilterFn, reg->GetData, al_protocols[i].al_proto, - al_protocols[i].to_client_progress); - DetectAppLayerInspectEngineRegister2(reg->name, al_protocols[i].al_proto, + DetectAppLayerMpmRegister(reg->name, SIG_FLAG_TOCLIENT, reg->priority, reg->PrefilterFn, + reg->GetData, al_protocols[i].al_proto, al_protocols[i].to_client_progress); + DetectAppLayerInspectEngineRegister(reg->name, al_protocols[i].al_proto, SIG_FLAG_TOCLIENT, al_protocols[i].to_client_progress, reg->Callback, reg->GetData); } if (direction & SIG_FLAG_TOSERVER) { - DetectAppLayerMpmRegister2(reg->name, SIG_FLAG_TOSERVER, reg->priority, - reg->PrefilterFn, reg->GetData, al_protocols[i].al_proto, - al_protocols[i].to_server_progress); - DetectAppLayerInspectEngineRegister2(reg->name, al_protocols[i].al_proto, + DetectAppLayerMpmRegister(reg->name, SIG_FLAG_TOSERVER, reg->priority, reg->PrefilterFn, + reg->GetData, al_protocols[i].al_proto, al_protocols[i].to_server_progress); + DetectAppLayerInspectEngineRegister(reg->name, al_protocols[i].al_proto, SIG_FLAG_TOSERVER, al_protocols[i].to_server_progress, reg->Callback, reg->GetData); } diff --git a/src/detect-quic-cyu-hash.c b/src/detect-quic-cyu-hash.c index 8b094aaa1d61..421d9dc30791 100644 --- a/src/detect-quic-cyu-hash.c +++ b/src/detect-quic-cyu-hash.c @@ -234,10 +234,10 @@ void DetectQuicCyuHashRegister(void) sigmatch_table[DETECT_AL_QUIC_CYU_HASH].RegisterTests = DetectQuicCyuHashRegisterTests; #endif - DetectAppLayerMpmRegister2( + DetectAppLayerMpmRegister( BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterMpmQuicHashRegister, NULL, ALPROTO_QUIC, 1); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 0, DetectEngineInspectQuicHash, NULL); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-quic-cyu-string.c b/src/detect-quic-cyu-string.c index cf1164c40fde..55863ca7bfe5 100644 --- a/src/detect-quic-cyu-string.c +++ b/src/detect-quic-cyu-string.c @@ -187,10 +187,10 @@ void DetectQuicCyuStringRegister(void) sigmatch_table[DETECT_AL_QUIC_CYU_STRING].RegisterTests = DetectQuicCyuStringRegisterTests; #endif - DetectAppLayerMpmRegister2( + DetectAppLayerMpmRegister( BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterMpmListIdRegister, NULL, ALPROTO_QUIC, 1); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 0, DetectEngineInspectQuicString, NULL); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-quic-sni.c b/src/detect-quic-sni.c index 722f50d04697..4515baa6a7ec 100644 --- a/src/detect-quic-sni.c +++ b/src/detect-quic-sni.c @@ -80,10 +80,10 @@ void DetectQuicSniRegister(void) sigmatch_table[DETECT_AL_QUIC_SNI].RegisterTests = DetectQuicSniRegisterTests; #endif - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetSniData, ALPROTO_QUIC, 1); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, DetectEngineInspectBufferGeneric, GetSniData); quic_sni_id = DetectBufferTypeGetByName(BUFFER_NAME); diff --git a/src/detect-quic-ua.c b/src/detect-quic-ua.c index c491d05b06a2..4f4e9fd7d2e7 100644 --- a/src/detect-quic-ua.c +++ b/src/detect-quic-ua.c @@ -80,10 +80,10 @@ void DetectQuicUaRegister(void) sigmatch_table[DETECT_AL_QUIC_UA].RegisterTests = DetectQuicUaRegisterTests; #endif - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetUaData, ALPROTO_QUIC, 1); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, DetectEngineInspectBufferGeneric, GetUaData); quic_ua_id = DetectBufferTypeGetByName(BUFFER_NAME); diff --git a/src/detect-quic-version.c b/src/detect-quic-version.c index fcd99545aad5..58257d143ba4 100644 --- a/src/detect-quic-version.c +++ b/src/detect-quic-version.c @@ -80,14 +80,14 @@ void DetectQuicVersionRegister(void) sigmatch_table[DETECT_AL_QUIC_VERSION].RegisterTests = DetectQuicVersionRegisterTests; #endif - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetVersionData, ALPROTO_QUIC, 1); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetVersionData, ALPROTO_QUIC, 1); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, DetectEngineInspectBufferGeneric, GetVersionData); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, GetVersionData); quic_version_id = DetectBufferTypeGetByName(BUFFER_NAME); diff --git a/src/detect-rfb-name.c b/src/detect-rfb-name.c index 5e8251d51a5a..222223a44999 100644 --- a/src/detect-rfb-name.c +++ b/src/detect-rfb-name.c @@ -96,13 +96,11 @@ void DetectRfbNameRegister(void) sigmatch_table[DETECT_AL_RFB_NAME].Setup = DetectRfbNameSetup; sigmatch_table[DETECT_AL_RFB_NAME].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_RFB, - SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_RFB, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 1, - PrefilterGenericMpmRegister, GetData, ALPROTO_RFB, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 1, PrefilterGenericMpmRegister, + GetData, ALPROTO_RFB, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-rfb-secresult.c b/src/detect-rfb-secresult.c index ff82d98fa690..a5cc353b4b1c 100644 --- a/src/detect-rfb-secresult.c +++ b/src/detect-rfb-secresult.c @@ -67,7 +67,7 @@ void DetectRfbSecresultRegister (void) #endif DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); - DetectAppLayerInspectEngineRegister2("rfb.secresult", ALPROTO_RFB, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister("rfb.secresult", ALPROTO_RFB, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectGenericList, NULL); rfb_secresult_id = DetectBufferTypeGetByName("rfb.secresult"); diff --git a/src/detect-rfb-sectype.c b/src/detect-rfb-sectype.c index 400ee5cb087c..0cfd59d56d71 100644 --- a/src/detect-rfb-sectype.c +++ b/src/detect-rfb-sectype.c @@ -54,7 +54,7 @@ void DetectRfbSectypeRegister (void) sigmatch_table[DETECT_AL_RFB_SECTYPE].Setup = DetectRfbSectypeSetup; sigmatch_table[DETECT_AL_RFB_SECTYPE].Free = DetectRfbSectypeFree; - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "rfb.sectype", ALPROTO_RFB, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); g_rfb_sectype_buffer_id = DetectBufferTypeGetByName("rfb.sectype"); diff --git a/src/detect-sip-method.c b/src/detect-sip-method.c index fccc8a73f9fc..d4ee89ad193b 100644 --- a/src/detect-sip-method.c +++ b/src/detect-sip-method.c @@ -134,13 +134,11 @@ void DetectSipMethodRegister(void) sigmatch_table[DETECT_AL_SIP_METHOD].Setup = DetectSipMethodSetup; sigmatch_table[DETECT_AL_SIP_METHOD].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SIP, - SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SIP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_SIP, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_SIP, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-sip-protocol.c b/src/detect-sip-protocol.c index 41fdcac538b3..6adf74452988 100644 --- a/src/detect-sip-protocol.c +++ b/src/detect-sip-protocol.c @@ -100,17 +100,13 @@ void DetectSipProtocolRegister(void) sigmatch_table[DETECT_AL_SIP_PROTOCOL].Setup = DetectSipProtocolSetup; sigmatch_table[DETECT_AL_SIP_PROTOCOL].flags |= SIGMATCH_NOOPT; - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_SIP, - 1); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_SIP, - 1); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_SIP, SIG_FLAG_TOSERVER, 1, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_SIP, 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_SIP, 1); + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SIP, SIG_FLAG_TOSERVER, 1, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_SIP, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SIP, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, GetData); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-sip-request-line.c b/src/detect-sip-request-line.c index 9d9f4c9c5fe5..5852f7fbe843 100644 --- a/src/detect-sip-request-line.c +++ b/src/detect-sip-request-line.c @@ -100,13 +100,11 @@ void DetectSipRequestLineRegister(void) sigmatch_table[DETECT_AL_SIP_REQUEST_LINE].Setup = DetectSipRequestLineSetup; sigmatch_table[DETECT_AL_SIP_REQUEST_LINE].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SIP, - SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SIP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_SIP, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_SIP, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-sip-response-line.c b/src/detect-sip-response-line.c index 99061f951d5a..12be766dfeb3 100644 --- a/src/detect-sip-response-line.c +++ b/src/detect-sip-response-line.c @@ -100,13 +100,11 @@ void DetectSipResponseLineRegister(void) sigmatch_table[DETECT_AL_SIP_RESPONSE_LINE].Setup = DetectSipResponseLineSetup; sigmatch_table[DETECT_AL_SIP_RESPONSE_LINE].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SIP, - SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SIP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_SIP, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_SIP, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-sip-stat-code.c b/src/detect-sip-stat-code.c index 9b663c971e8e..883872b169f3 100644 --- a/src/detect-sip-stat-code.c +++ b/src/detect-sip-stat-code.c @@ -103,13 +103,11 @@ void DetectSipStatCodeRegister (void) sigmatch_table[DETECT_AL_SIP_STAT_CODE].Setup = DetectSipStatCodeSetup; sigmatch_table[DETECT_AL_SIP_STAT_CODE].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SIP, - SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SIP, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 4, - PrefilterGenericMpmRegister, GetData, ALPROTO_SIP, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 4, PrefilterGenericMpmRegister, + GetData, ALPROTO_SIP, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-sip-stat-msg.c b/src/detect-sip-stat-msg.c index a9b9247a5d70..bda224b3e169 100644 --- a/src/detect-sip-stat-msg.c +++ b/src/detect-sip-stat-msg.c @@ -103,13 +103,11 @@ void DetectSipStatMsgRegister (void) sigmatch_table[DETECT_AL_SIP_STAT_MSG].Setup = DetectSipStatMsgSetup; sigmatch_table[DETECT_AL_SIP_STAT_MSG].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SIP, - SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SIP, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 3, - PrefilterGenericMpmRegister, GetData, ALPROTO_SIP, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 3, PrefilterGenericMpmRegister, + GetData, ALPROTO_SIP, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-sip-uri.c b/src/detect-sip-uri.c index 1a000fdb543a..f71627e035e1 100644 --- a/src/detect-sip-uri.c +++ b/src/detect-sip-uri.c @@ -112,13 +112,11 @@ void DetectSipUriRegister(void) sigmatch_table[DETECT_AL_SIP_URI].Setup = DetectSipUriSetup; sigmatch_table[DETECT_AL_SIP_URI].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SIP, - SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SIP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_SIP, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_SIP, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-smb-ntlmssp.c b/src/detect-smb-ntlmssp.c index a88b89c6f473..aa53269309cf 100644 --- a/src/detect-smb-ntlmssp.c +++ b/src/detect-smb-ntlmssp.c @@ -81,10 +81,10 @@ void DetectSmbNtlmsspUserRegister(void) sigmatch_table[KEYWORD_ID].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; sigmatch_table[KEYWORD_ID].desc = "sticky buffer to match on SMB ntlmssp user in session setup"; - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetNtlmsspUserData, ALPROTO_SMB, 1); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetNtlmsspUserData); g_smb_nltmssp_user_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME); @@ -139,10 +139,10 @@ void DetectSmbNtlmsspDomainRegister(void) sigmatch_table[KEYWORD_ID].desc = "sticky buffer to match on SMB ntlmssp domain in session setup"; - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetNtlmsspDomainData, ALPROTO_SMB, 1); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetNtlmsspDomainData); g_smb_nltmssp_domain_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME); diff --git a/src/detect-smb-share.c b/src/detect-smb-share.c index 8d4d145fad8c..018d8ceefd79 100644 --- a/src/detect-smb-share.c +++ b/src/detect-smb-share.c @@ -83,12 +83,10 @@ void DetectSmbNamedPipeRegister(void) sigmatch_table[KEYWORD_ID].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; sigmatch_table[KEYWORD_ID].desc = "sticky buffer to match on SMB named pipe in tree connect"; - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetNamedPipeData, - ALPROTO_SMB, 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetNamedPipeData, ALPROTO_SMB, 1); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetNamedPipeData); g_smb_named_pipe_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME); @@ -146,12 +144,10 @@ void DetectSmbShareRegister(void) sigmatch_table[KEYWORD_ID].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; sigmatch_table[KEYWORD_ID].desc = "sticky buffer to match on SMB share name in tree connect"; - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetShareData, - ALPROTO_SMB, 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetShareData, ALPROTO_SMB, 1); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetShareData); g_smb_share_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME); diff --git a/src/detect-snmp-community.c b/src/detect-snmp-community.c index 93e7d21671ab..f1dd740e3d53 100644 --- a/src/detect-snmp-community.c +++ b/src/detect-snmp-community.c @@ -62,16 +62,14 @@ void DetectSNMPCommunityRegister(void) sigmatch_table[DETECT_AL_SNMP_COMMUNITY].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; /* register inspect engines */ - DetectAppLayerInspectEngineRegister2("snmp.community", - ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("snmp.community", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("snmp.community", SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_SNMP, 0); - DetectAppLayerInspectEngineRegister2("snmp.community", - ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerMpmRegister("snmp.community", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_SNMP, 0); + DetectAppLayerInspectEngineRegister("snmp.community", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("snmp.community", SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_SNMP, 0); + DetectAppLayerMpmRegister("snmp.community", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_SNMP, 0); DetectBufferTypeSetDescriptionByName("snmp.community", "SNMP Community identifier"); diff --git a/src/detect-snmp-pdu_type.c b/src/detect-snmp-pdu_type.c index d053c29a792d..097fac1e959a 100644 --- a/src/detect-snmp-pdu_type.c +++ b/src/detect-snmp-pdu_type.c @@ -68,10 +68,10 @@ void DetectSNMPPduTypeRegister(void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); - DetectAppLayerInspectEngineRegister2("snmp.pdu_type", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("snmp.pdu_type", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("snmp.pdu_type", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("snmp.pdu_type", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); g_snmp_pdu_type_buffer_id = DetectBufferTypeGetByName("snmp.pdu_type"); diff --git a/src/detect-snmp-usm.c b/src/detect-snmp-usm.c index 2e03fca16b94..fd1a814d164d 100644 --- a/src/detect-snmp-usm.c +++ b/src/detect-snmp-usm.c @@ -66,13 +66,13 @@ void DetectSNMPUsmRegister(void) sigmatch_table[DETECT_AL_SNMP_USM].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; /* register inspect engines */ - DetectAppLayerInspectEngineRegister2("snmp.usm", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("snmp.usm", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("snmp.usm", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("snmp.usm", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_SNMP, 0); - DetectAppLayerInspectEngineRegister2("snmp.usm", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("snmp.usm", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("snmp.usm", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("snmp.usm", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_SNMP, 0); DetectBufferTypeSetDescriptionByName("snmp.usm", "SNMP USM"); diff --git a/src/detect-snmp-version.c b/src/detect-snmp-version.c index 57359c091bd6..f9bc728b8ad2 100644 --- a/src/detect-snmp-version.c +++ b/src/detect-snmp-version.c @@ -60,10 +60,10 @@ void DetectSNMPVersionRegister (void) sigmatch_table[DETECT_AL_SNMP_VERSION].RegisterTests = DetectSNMPVersionRegisterTests; #endif - DetectAppLayerInspectEngineRegister2("snmp.version", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("snmp.version", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("snmp.version", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("snmp.version", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); g_snmp_version_buffer_id = DetectBufferTypeGetByName("snmp.version"); diff --git a/src/detect-ssh-hassh-server-string.c b/src/detect-ssh-hassh-server-string.c index 27b0e0cb7595..f62c72e79c79 100644 --- a/src/detect-ssh-hassh-server-string.c +++ b/src/detect-ssh-hassh-server-string.c @@ -129,13 +129,10 @@ void DetectSshHasshServerStringRegister(void) sigmatch_table[DETECT_AL_SSH_HASSH_SERVER_STRING].Setup = DetectSshHasshServerStringSetup; sigmatch_table[DETECT_AL_SSH_HASSH_SERVER_STRING].flags |= SIGMATCH_INFO_STICKY_BUFFER | SIGMATCH_NOOPT; - - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetSshData, - ALPROTO_SSH, SshStateBannerDone); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SSH, - SIG_FLAG_TOCLIENT, SshStateBannerDone, - DetectEngineInspectBufferGeneric, GetSshData); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetSshData, ALPROTO_SSH, SshStateBannerDone); + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOCLIENT, + SshStateBannerDone, DetectEngineInspectBufferGeneric, GetSshData); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-ssh-hassh-server.c b/src/detect-ssh-hassh-server.c index 295284108f10..98f7d3dc2e2f 100644 --- a/src/detect-ssh-hassh-server.c +++ b/src/detect-ssh-hassh-server.c @@ -197,12 +197,10 @@ void DetectSshHasshServerRegister(void) sigmatch_table[DETECT_AL_SSH_HASSH_SERVER].Setup = DetectSshHasshServerSetup; sigmatch_table[DETECT_AL_SSH_HASSH_SERVER].flags |= SIGMATCH_INFO_STICKY_BUFFER | SIGMATCH_NOOPT; - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetSshData, - ALPROTO_SSH, SshStateBannerDone); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SSH, - SIG_FLAG_TOCLIENT, SshStateBannerDone, - DetectEngineInspectBufferGeneric, GetSshData); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetSshData, ALPROTO_SSH, SshStateBannerDone); + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOCLIENT, + SshStateBannerDone, DetectEngineInspectBufferGeneric, GetSshData); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); g_ssh_hassh_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME); diff --git a/src/detect-ssh-hassh-string.c b/src/detect-ssh-hassh-string.c index e639e64b134f..ad29b90ee764 100644 --- a/src/detect-ssh-hassh-string.c +++ b/src/detect-ssh-hassh-string.c @@ -129,13 +129,10 @@ void DetectSshHasshStringRegister(void) sigmatch_table[DETECT_AL_SSH_HASSH_STRING].Setup = DetectSshHasshStringSetup; sigmatch_table[DETECT_AL_SSH_HASSH_STRING].flags |= SIGMATCH_INFO_STICKY_BUFFER | SIGMATCH_NOOPT; - - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetSshData, - ALPROTO_SSH, SshStateBannerDone); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SSH, - SIG_FLAG_TOSERVER, SshStateBannerDone, - DetectEngineInspectBufferGeneric, GetSshData); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetSshData, ALPROTO_SSH, SshStateBannerDone); + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOSERVER, + SshStateBannerDone, DetectEngineInspectBufferGeneric, GetSshData); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-ssh-hassh.c b/src/detect-ssh-hassh.c index b410a5ffee84..377aa9d2c433 100644 --- a/src/detect-ssh-hassh.c +++ b/src/detect-ssh-hassh.c @@ -199,13 +199,10 @@ void DetectSshHasshRegister(void) sigmatch_table[DETECT_AL_SSH_HASSH].Setup = DetectSshHasshSetup; sigmatch_table[DETECT_AL_SSH_HASSH].flags |= SIGMATCH_INFO_STICKY_BUFFER | SIGMATCH_NOOPT; - - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetSshData, - ALPROTO_SSH, SshStateBannerDone), - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SSH, - SIG_FLAG_TOSERVER, SshStateBannerDone, - DetectEngineInspectBufferGeneric, GetSshData); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetSshData, ALPROTO_SSH, SshStateBannerDone), + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOSERVER, + SshStateBannerDone, DetectEngineInspectBufferGeneric, GetSshData); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); g_ssh_hassh_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME); diff --git a/src/detect-ssh-proto.c b/src/detect-ssh-proto.c index a979190de1a9..19807511e757 100644 --- a/src/detect-ssh-proto.c +++ b/src/detect-ssh-proto.c @@ -101,20 +101,15 @@ void DetectSshProtocolRegister(void) sigmatch_table[DETECT_AL_SSH_PROTOCOL].Setup = DetectSshProtocolSetup; sigmatch_table[DETECT_AL_SSH_PROTOCOL].flags |= SIGMATCH_INFO_STICKY_BUFFER | SIGMATCH_NOOPT; - - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetSshData, - ALPROTO_SSH, SshStateBannerDone), - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetSshData, - ALPROTO_SSH, SshStateBannerDone), - - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_SSH, SIG_FLAG_TOSERVER, SshStateBannerDone, - DetectEngineInspectBufferGeneric, GetSshData); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_SSH, SIG_FLAG_TOCLIENT, SshStateBannerDone, - DetectEngineInspectBufferGeneric, GetSshData); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetSshData, ALPROTO_SSH, SshStateBannerDone), + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, + PrefilterGenericMpmRegister, GetSshData, ALPROTO_SSH, SshStateBannerDone), + + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOSERVER, + SshStateBannerDone, DetectEngineInspectBufferGeneric, GetSshData); + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOCLIENT, + SshStateBannerDone, DetectEngineInspectBufferGeneric, GetSshData); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-ssh-software-version.c b/src/detect-ssh-software-version.c index 5fec33ac0eef..a9b0af343207 100644 --- a/src/detect-ssh-software-version.c +++ b/src/detect-ssh-software-version.c @@ -98,9 +98,9 @@ void DetectSshSoftwareVersionRegister(void) g_ssh_banner_list_id = DetectBufferTypeRegister("ssh_banner"); - DetectAppLayerInspectEngineRegister2("ssh_banner", ALPROTO_SSH, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("ssh_banner", ALPROTO_SSH, SIG_FLAG_TOSERVER, SshStateBannerDone, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("ssh_banner", ALPROTO_SSH, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("ssh_banner", ALPROTO_SSH, SIG_FLAG_TOCLIENT, SshStateBannerDone, DetectEngineInspectGenericList, NULL); } diff --git a/src/detect-ssh-software.c b/src/detect-ssh-software.c index cd11c5c20904..0a8d5aab0d97 100644 --- a/src/detect-ssh-software.c +++ b/src/detect-ssh-software.c @@ -102,19 +102,15 @@ void DetectSshSoftwareRegister(void) sigmatch_table[DETECT_AL_SSH_SOFTWARE].Setup = DetectSshSoftwareSetup; sigmatch_table[DETECT_AL_SSH_SOFTWARE].flags |= SIGMATCH_INFO_STICKY_BUFFER | SIGMATCH_NOOPT; - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetSshData, - ALPROTO_SSH, SshStateBannerDone), - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetSshData, - ALPROTO_SSH, SshStateBannerDone), - - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_SSH, SIG_FLAG_TOSERVER, SshStateBannerDone, - DetectEngineInspectBufferGeneric, GetSshData); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_SSH, SIG_FLAG_TOCLIENT, SshStateBannerDone, - DetectEngineInspectBufferGeneric, GetSshData); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetSshData, ALPROTO_SSH, SshStateBannerDone), + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, + PrefilterGenericMpmRegister, GetSshData, ALPROTO_SSH, SshStateBannerDone), + + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOSERVER, + SshStateBannerDone, DetectEngineInspectBufferGeneric, GetSshData); + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOCLIENT, + SshStateBannerDone, DetectEngineInspectBufferGeneric, GetSshData); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-ssl-state.c b/src/detect-ssl-state.c index 3f2df48db7aa..385bf8c11502 100644 --- a/src/detect-ssl-state.c +++ b/src/detect-ssl-state.c @@ -89,9 +89,9 @@ void DetectSslStateRegister(void) DetectBufferTypeSetDescriptionByName("tls_generic", "generic ssl/tls inspection"); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "tls_generic", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "tls_generic", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); } diff --git a/src/detect-template-rust-buffer.c b/src/detect-template-rust-buffer.c index 86fc282712ba..95f8ff6d12ce 100644 --- a/src/detect-template-rust-buffer.c +++ b/src/detect-template-rust-buffer.c @@ -67,9 +67,9 @@ void DetectTemplateRustBufferRegister(void) sigmatch_table[DETECT_AL_TEMPLATE_BUFFER].flags |= SIGMATCH_NOOPT; /* register inspect engines */ - DetectAppLayerInspectEngineRegister2("template_buffer", ALPROTO_TEMPLATE, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("template_buffer", ALPROTO_TEMPLATE, SIG_FLAG_TOSERVER, 0, DetectEngineInspectTemplateRustBuffer, NULL); - DetectAppLayerInspectEngineRegister2("template_buffer", ALPROTO_TEMPLATE, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("template_buffer", ALPROTO_TEMPLATE, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectTemplateRustBuffer, NULL); g_template_rust_id = DetectBufferTypeGetByName("template_buffer"); diff --git a/src/detect-tls-cert-fingerprint.c b/src/detect-tls-cert-fingerprint.c index 98ba46143db4..9fec32151dd6 100644 --- a/src/detect-tls-cert-fingerprint.c +++ b/src/detect-tls-cert-fingerprint.c @@ -83,18 +83,16 @@ void DetectTlsFingerprintRegister(void) sigmatch_table[DETECT_AL_TLS_CERT_FINGERPRINT].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_CERT_FINGERPRINT].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("tls.cert_fingerprint", ALPROTO_TLS, - SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, - DetectEngineInspectBufferGeneric, GetData); + DetectAppLayerInspectEngineRegister("tls.cert_fingerprint", ALPROTO_TLS, SIG_FLAG_TOCLIENT, + TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("tls.cert_fingerprint", SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, - TLS_STATE_CERT_READY); + DetectAppLayerMpmRegister("tls.cert_fingerprint", SIG_FLAG_TOCLIENT, 2, + PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, TLS_STATE_CERT_READY); - DetectAppLayerInspectEngineRegister2("tls.cert_fingerprint", ALPROTO_TLS, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("tls.cert_fingerprint", ALPROTO_TLS, SIG_FLAG_TOSERVER, TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("tls.cert_fingerprint", SIG_FLAG_TOSERVER, 2, + DetectAppLayerMpmRegister("tls.cert_fingerprint", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, TLS_STATE_CERT_READY); DetectBufferTypeSetDescriptionByName("tls.cert_fingerprint", diff --git a/src/detect-tls-cert-issuer.c b/src/detect-tls-cert-issuer.c index 9146f8d0f40b..49bada4cdf6d 100644 --- a/src/detect-tls-cert-issuer.c +++ b/src/detect-tls-cert-issuer.c @@ -79,19 +79,17 @@ void DetectTlsIssuerRegister(void) sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("tls.cert_issuer", ALPROTO_TLS, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("tls.cert_issuer", ALPROTO_TLS, SIG_FLAG_TOSERVER, TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("tls.cert_issuer", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("tls.cert_issuer", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, TLS_STATE_CERT_READY); - DetectAppLayerInspectEngineRegister2("tls.cert_issuer", ALPROTO_TLS, - SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, - DetectEngineInspectBufferGeneric, GetData); + DetectAppLayerInspectEngineRegister("tls.cert_issuer", ALPROTO_TLS, SIG_FLAG_TOCLIENT, + TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("tls.cert_issuer", SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, - TLS_STATE_CERT_READY); + DetectAppLayerMpmRegister("tls.cert_issuer", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_TLS, TLS_STATE_CERT_READY); DetectBufferTypeSetDescriptionByName("tls.cert_issuer", "TLS certificate issuer"); diff --git a/src/detect-tls-cert-serial.c b/src/detect-tls-cert-serial.c index 19c86be80e24..0ac7bfdd20cc 100644 --- a/src/detect-tls-cert-serial.c +++ b/src/detect-tls-cert-serial.c @@ -83,18 +83,16 @@ void DetectTlsSerialRegister(void) sigmatch_table[DETECT_AL_TLS_CERT_SERIAL].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_CERT_SERIAL].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("tls.cert_serial", ALPROTO_TLS, - SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, - DetectEngineInspectBufferGeneric, GetData); + DetectAppLayerInspectEngineRegister("tls.cert_serial", ALPROTO_TLS, SIG_FLAG_TOCLIENT, + TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("tls.cert_serial", SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, - TLS_STATE_CERT_READY); + DetectAppLayerMpmRegister("tls.cert_serial", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_TLS, TLS_STATE_CERT_READY); - DetectAppLayerInspectEngineRegister2("tls.cert_serial", ALPROTO_TLS, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("tls.cert_serial", ALPROTO_TLS, SIG_FLAG_TOSERVER, TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("tls.cert_serial", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("tls.cert_serial", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, TLS_STATE_CERT_READY); DetectBufferTypeSetDescriptionByName("tls.cert_serial", diff --git a/src/detect-tls-cert-subject.c b/src/detect-tls-cert-subject.c index 9ec7fb96fb1f..e0dcde30a830 100644 --- a/src/detect-tls-cert-subject.c +++ b/src/detect-tls-cert-subject.c @@ -79,18 +79,17 @@ void DetectTlsSubjectRegister(void) sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("tls.cert_subject", ALPROTO_TLS, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("tls.cert_subject", ALPROTO_TLS, SIG_FLAG_TOSERVER, TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("tls.cert_subject", SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, TLS_STATE_CERT_READY); + DetectAppLayerMpmRegister("tls.cert_subject", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_TLS, TLS_STATE_CERT_READY); - DetectAppLayerInspectEngineRegister2("tls.cert_subject", ALPROTO_TLS, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("tls.cert_subject", ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("tls.cert_subject", SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, - TLS_STATE_CERT_READY); + DetectAppLayerMpmRegister("tls.cert_subject", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_TLS, TLS_STATE_CERT_READY); DetectBufferTypeSupportsMultiInstance("tls.cert_subject"); diff --git a/src/detect-tls-cert-validity.c b/src/detect-tls-cert-validity.c index 63939b849286..0afd11e72e88 100644 --- a/src/detect-tls-cert-validity.c +++ b/src/detect-tls-cert-validity.c @@ -123,7 +123,7 @@ void DetectTlsValidityRegister (void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); - DetectAppLayerInspectEngineRegister2("tls_validity", ALPROTO_TLS, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("tls_validity", ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, DetectEngineInspectGenericList, NULL); g_tls_validity_buffer_id = DetectBufferTypeGetByName("tls_validity"); diff --git a/src/detect-tls-certs.c b/src/detect-tls-certs.c index a0204377373e..38042e3ef411 100644 --- a/src/detect-tls-certs.c +++ b/src/detect-tls-certs.c @@ -93,19 +93,17 @@ void DetectTlsCertsRegister(void) sigmatch_table[DETECT_AL_TLS_CERTS].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_CERTS].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("tls.certs", ALPROTO_TLS, - SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, - DetectEngineInspectTlsCerts, NULL); + DetectAppLayerInspectEngineRegister("tls.certs", ALPROTO_TLS, SIG_FLAG_TOCLIENT, + TLS_STATE_CERT_READY, DetectEngineInspectTlsCerts, NULL); - DetectAppLayerMpmRegister2("tls.certs", SIG_FLAG_TOCLIENT, 2, - PrefilterMpmTlsCertsRegister, NULL, ALPROTO_TLS, - TLS_STATE_CERT_READY); + DetectAppLayerMpmRegister("tls.certs", SIG_FLAG_TOCLIENT, 2, PrefilterMpmTlsCertsRegister, NULL, + ALPROTO_TLS, TLS_STATE_CERT_READY); - DetectAppLayerInspectEngineRegister2("tls.certs", ALPROTO_TLS, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("tls.certs", ALPROTO_TLS, SIG_FLAG_TOSERVER, TLS_STATE_CERT_READY, DetectEngineInspectTlsCerts, NULL); - DetectAppLayerMpmRegister2("tls.certs", SIG_FLAG_TOSERVER, 2, PrefilterMpmTlsCertsRegister, - NULL, ALPROTO_TLS, TLS_STATE_CERT_READY); + DetectAppLayerMpmRegister("tls.certs", SIG_FLAG_TOSERVER, 2, PrefilterMpmTlsCertsRegister, NULL, + ALPROTO_TLS, TLS_STATE_CERT_READY); DetectBufferTypeSetDescriptionByName("tls.certs", "TLS certificate"); @@ -363,7 +361,7 @@ void DetectTlsCertChainLenRegister(void) sigmatch_table[KEYWORD_ID].Setup = DetectTLSCertChainLenSetup; sigmatch_table[KEYWORD_ID].Free = DetectTLSCertChainLenFree; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_TLS, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, DetectEngineInspectGenericList, NULL); g_tls_cert_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME); diff --git a/src/detect-tls-ja3-hash.c b/src/detect-tls-ja3-hash.c index 7660fde4c2a0..0cfe18d66e65 100644 --- a/src/detect-tls-ja3-hash.c +++ b/src/detect-tls-ja3-hash.c @@ -80,16 +80,16 @@ void DetectTlsJa3HashRegister(void) sigmatch_table[DETECT_AL_TLS_JA3_HASH].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_JA3_HASH].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("ja3.hash", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("ja3.hash", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("ja3.hash", SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, 0); + DetectAppLayerMpmRegister( + "ja3.hash", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, 0); - DetectAppLayerMpmRegister2("ja3.hash", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("ja3.hash", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, Ja3DetectGetHash, ALPROTO_QUIC, 1); - DetectAppLayerInspectEngineRegister2("ja3.hash", ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister("ja3.hash", ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, DetectEngineInspectBufferGeneric, Ja3DetectGetHash); DetectBufferTypeSetDescriptionByName("ja3.hash", "TLS JA3 hash"); diff --git a/src/detect-tls-ja3-string.c b/src/detect-tls-ja3-string.c index 87a61bfd8738..6c2fbc6ad975 100644 --- a/src/detect-tls-ja3-string.c +++ b/src/detect-tls-ja3-string.c @@ -76,16 +76,16 @@ void DetectTlsJa3StringRegister(void) sigmatch_table[DETECT_AL_TLS_JA3_STRING].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_JA3_STRING].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("ja3.string", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("ja3.string", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("ja3.string", SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, 0); + DetectAppLayerMpmRegister("ja3.string", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_TLS, 0); - DetectAppLayerMpmRegister2("ja3.string", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("ja3.string", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, Ja3DetectGetString, ALPROTO_QUIC, 1); - DetectAppLayerInspectEngineRegister2("ja3.string", ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister("ja3.string", ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, DetectEngineInspectBufferGeneric, Ja3DetectGetString); DetectBufferTypeSetDescriptionByName("ja3.string", "TLS JA3 string"); diff --git a/src/detect-tls-ja3s-hash.c b/src/detect-tls-ja3s-hash.c index 583566012d08..a1a334a4f16b 100644 --- a/src/detect-tls-ja3s-hash.c +++ b/src/detect-tls-ja3s-hash.c @@ -79,16 +79,16 @@ void DetectTlsJa3SHashRegister(void) sigmatch_table[DETECT_AL_TLS_JA3S_HASH].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_JA3S_HASH].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("ja3s.hash", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("ja3s.hash", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("ja3s.hash", SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, 0); + DetectAppLayerMpmRegister("ja3s.hash", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_TLS, 0); - DetectAppLayerMpmRegister2("ja3s.hash", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("ja3s.hash", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, Ja3DetectGetHash, ALPROTO_QUIC, 1); - DetectAppLayerInspectEngineRegister2("ja3s.hash", ALPROTO_QUIC, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister("ja3s.hash", ALPROTO_QUIC, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, Ja3DetectGetHash); DetectBufferTypeSetDescriptionByName("ja3s.hash", "TLS JA3S hash"); diff --git a/src/detect-tls-ja3s-string.c b/src/detect-tls-ja3s-string.c index 0f7f7d61d067..32117df68442 100644 --- a/src/detect-tls-ja3s-string.c +++ b/src/detect-tls-ja3s-string.c @@ -76,16 +76,16 @@ void DetectTlsJa3SStringRegister(void) sigmatch_table[DETECT_AL_TLS_JA3S_STRING].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_JA3S_STRING].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("ja3s.string", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("ja3s.string", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("ja3s.string", SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, 0); + DetectAppLayerMpmRegister("ja3s.string", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_TLS, 0); - DetectAppLayerMpmRegister2("ja3s.string", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("ja3s.string", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, Ja3DetectGetString, ALPROTO_QUIC, 1); - DetectAppLayerInspectEngineRegister2("ja3s.string", ALPROTO_QUIC, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister("ja3s.string", ALPROTO_QUIC, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, Ja3DetectGetString); DetectBufferTypeSetDescriptionByName("ja3s.string", "TLS JA3S string"); diff --git a/src/detect-tls-random.c b/src/detect-tls-random.c index fc4369ab1861..b8af73490a32 100644 --- a/src/detect-tls-random.c +++ b/src/detect-tls-random.c @@ -62,15 +62,15 @@ void DetectTlsRandomTimeRegister(void) sigmatch_table[DETECT_AL_TLS_RANDOM_TIME].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; /* Register engine for Server random */ - DetectAppLayerInspectEngineRegister2("tls.random_time", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("tls.random_time", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetRandomTimeData); - DetectAppLayerMpmRegister2("tls.random_time", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("tls.random_time", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRandomTimeData, ALPROTO_TLS, 0); /* Register engine for Client random */ - DetectAppLayerInspectEngineRegister2("tls.random_time", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("tls.random_time", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetRandomTimeData); - DetectAppLayerMpmRegister2("tls.random_time", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("tls.random_time", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetRandomTimeData, ALPROTO_TLS, 0); DetectBufferTypeSetDescriptionByName("tls.random_time", "TLS Random Time"); @@ -90,16 +90,16 @@ void DetectTlsRandomBytesRegister(void) SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; /* Register engine for Server random */ - DetectAppLayerInspectEngineRegister2("tls.random_bytes", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("tls.random_bytes", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetRandomBytesData); - DetectAppLayerMpmRegister2("tls.random_bytes", SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetRandomBytesData, ALPROTO_TLS, 0); + DetectAppLayerMpmRegister("tls.random_bytes", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetRandomBytesData, ALPROTO_TLS, 0); /* Register engine for Client random */ - DetectAppLayerInspectEngineRegister2("tls.random_bytes", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("tls.random_bytes", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetRandomBytesData); - DetectAppLayerMpmRegister2("tls.random_bytes", SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetRandomBytesData, ALPROTO_TLS, 0); + DetectAppLayerMpmRegister("tls.random_bytes", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetRandomBytesData, ALPROTO_TLS, 0); DetectBufferTypeSetDescriptionByName("tls.random_bytes", "TLS Random Bytes"); @@ -122,15 +122,15 @@ void DetectTlsRandomRegister(void) sigmatch_table[DETECT_AL_TLS_RANDOM].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; /* Register engine for Server random */ - DetectAppLayerInspectEngineRegister2("tls.random", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("tls.random", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetRandomData); - DetectAppLayerMpmRegister2("tls.random", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("tls.random", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRandomData, ALPROTO_TLS, 0); /* Register engine for Client random */ - DetectAppLayerInspectEngineRegister2("tls.random", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("tls.random", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetRandomData); - DetectAppLayerMpmRegister2("tls.random", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("tls.random", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetRandomData, ALPROTO_TLS, 0); DetectBufferTypeSetDescriptionByName("tls.random", "TLS Random"); diff --git a/src/detect-tls-sni.c b/src/detect-tls-sni.c index 69b066e8e979..10b6d08dafd3 100644 --- a/src/detect-tls-sni.c +++ b/src/detect-tls-sni.c @@ -73,11 +73,11 @@ void DetectTlsSniRegister(void) sigmatch_table[DETECT_AL_TLS_SNI].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_SNI].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("tls.sni", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("tls.sni", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("tls.sni", SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, 0); + DetectAppLayerMpmRegister( + "tls.sni", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, 0); DetectBufferTypeSetDescriptionByName("tls.sni", "TLS Server Name Indication (SNI) extension"); diff --git a/src/detect-tls.c b/src/detect-tls.c index 71e45696cd9c..e94a9b2a600c 100644 --- a/src/detect-tls.c +++ b/src/detect-tls.c @@ -141,10 +141,10 @@ void DetectTlsRegister (void) g_tls_cert_list_id = DetectBufferTypeRegister("tls_cert"); g_tls_cert_fingerprint_list_id = DetectBufferTypeRegister("tls.cert_fingerprint"); - DetectAppLayerInspectEngineRegister2("tls_cert", ALPROTO_TLS, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("tls_cert", ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("tls_cert", ALPROTO_TLS, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("tls_cert", ALPROTO_TLS, SIG_FLAG_TOSERVER, TLS_STATE_CERT_READY, DetectEngineInspectGenericList, NULL); }