diff --git a/doc/userguide/devguide/extending/app-layer/transactions.rst b/doc/userguide/devguide/extending/app-layer/transactions.rst index 357bdcd76d73..1105aad97128 100644 --- a/doc/userguide/devguide/extending/app-layer/transactions.rst +++ b/doc/userguide/devguide/extending/app-layer/transactions.rst @@ -68,7 +68,7 @@ Rule Matching Transaction progress is also used for certain keywords to know what is the minimum state before we can expect a match: until that, Suricata won't even try to look for the patterns. -As seen in ``DetectAppLayerMpmRegister2`` that has ``int progress`` as parameter, and ``DetectAppLayerInspectEngineRegister2``, which expects ``int tx_min_progress``, for instance. In the code snippet, +As seen in ``DetectAppLayerMpmRegister`` that has ``int progress`` as parameter, and ``DetectAppLayerInspectEngineRegister``, which expects ``int tx_min_progress``, for instance. In the code snippet, ``HTTP2StateDataClient``, ``HTTP2StateDataServer`` and ``0`` are the values passed to the functions - in the last example, for ``FTPDATA``, the existence of a transaction implies that a file is being transferred. Hence the ``0`` value. @@ -80,18 +80,18 @@ the existence of a transaction implies that a file is being transferred. Hence t { . . - DetectAppLayerMpmRegister2("file_data", SIG_FLAG_TOSERVER, 2, + DetectAppLayerMpmRegister("file_data", SIG_FLAG_TOSERVER, 2, PrefilterMpmFiledataRegister, NULL, ALPROTO_HTTP2, HTTP2StateDataClient); - DetectAppLayerMpmRegister2("file_data", SIG_FLAG_TOCLIENT, 2, + DetectAppLayerMpmRegister("file_data", SIG_FLAG_TOCLIENT, 2, PrefilterMpmFiledataRegister, NULL, ALPROTO_HTTP2, HTTP2StateDataServer); . . - DetectAppLayerInspectEngineRegister2("file_data", + DetectAppLayerInspectEngineRegister("file_data", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectFiledata, NULL); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "file_data", ALPROTO_FTPDATA, SIG_FLAG_TOSERVER, 0, DetectEngineInspectFiledata, NULL); . . diff --git a/doc/userguide/rules/dns-keywords.rst b/doc/userguide/rules/dns-keywords.rst index e62a25d40bed..a514ae25195b 100644 --- a/doc/userguide/rules/dns-keywords.rst +++ b/doc/userguide/rules/dns-keywords.rst @@ -1,10 +1,27 @@ DNS Keywords ============ -There are some more content modifiers (If you are unfamiliar with -content modifiers, please visit the page :doc:`payload-keywords` These -ones make sure the signature checks a specific part of the -network-traffic. +Suricata supports sticky buffers as well as keywords for efficiently +matching on specific fields in DNS messages. + +Note that sticky buffers are expected to be followed by one or more +:doc:`payload-keywords`. + +dns.answer.name +--------------- + +``dns.answer.name`` is a sticky buffer that is used to look at the +name field in DNS answer resource records. + +``dns.answer.name`` will look at both requests and responses, so +``flow`` is recommended to confine to a specific direction. + +The buffer being matched on contains the complete re-assembled +resource name, for example "www.suricata.io". + +``dns.answer.name`` supports :doc:`multi-buffer-matching`. + +``dns.answer.name`` was introduced in Suricata 8.0.0. dns.opcode ---------- @@ -32,20 +49,26 @@ Match on DNS requests where the **opcode** is NOT 0:: dns.query --------- -With **dns.query** the DNS request queries are inspected. The dns.query -keyword works a bit different from the normal content modifiers. When -used in a rule all contents following it are affected by it. Example: +``dns.query`` is a sticky buffer that is used to inspect DNS query +names in DNS request messages. Example:: - alert dns any any -> any any (msg:"Test dns.query option"; - dns.query; content:"google"; nocase; sid:1;) + alert dns any any -> any any (msg:"Test dns.query option"; dns.query; content:"google"; nocase; sid:1;) + +Being a sticky buffer, payload keywords such as content are to be used after ``dns.query``: .. image:: dns-keywords/dns_query.png -The **dns.query** keyword affects all following contents, until pkt_data -is used or it reaches the end of the rule. +The ``dns.query`` keyword affects all following contents, until +pkt_data is used or it reaches the end of the rule. .. note:: **dns.query** is equivalent to the older **dns_query**. +.. note:: **dns.query** will only match on DNS request messages, to + also match on DNS response message, see + `dns.query.name`_. + +``dns.query.name`` supports :doc:`multi-buffer-matching`. + Normalized Buffer ~~~~~~~~~~~~~~~~~ @@ -68,7 +91,19 @@ DNS query on the wire (snippet):: mail.google.com -Multiple Buffer Matching -~~~~~~~~~~~~~~~~~~~~~~~~ +dns.query.name +--------------- + +``dns.query.name`` is a sticky buffer that is used to look at the name +field in DNS query (question) resource records. It is nearly identical +to ``dns.query`` but supports both DNS requests and responses. + +``dns.query.name`` will look at both requests and responses, so +``flow`` is recommended to confine to a specific direction. + +The buffer being matched on contains the complete re-assembled +resource name, for example "www.suricata.io". + +``dns.query.name`` supports :doc:`multi-buffer-matching`. -``dns.query`` supports multiple buffer matching, see :doc:`multi-buffer-matching`. \ No newline at end of file +``dns.query.name`` was introduced in Suricata 8.0.0. diff --git a/rust/rustfmt.toml b/rust/rustfmt.toml index 848158b48e0f..064b795a873b 100644 --- a/rust/rustfmt.toml +++ b/rust/rustfmt.toml @@ -1,4 +1,4 @@ # Rust format configuration file. If empty, then this is a message that # we expect the default formatting rules to be used. -fn_args_layout = "compressed" +fn_params_layout = "compressed" diff --git a/rust/src/dns/detect.rs b/rust/src/dns/detect.rs index 268a409eac8d..5d9d945be0ce 100644 --- a/rust/src/dns/detect.rs +++ b/rust/src/dns/detect.rs @@ -156,44 +156,36 @@ mod test { #[test] fn test_match_opcode() { - assert!( - match_opcode( - &DetectDnsOpcode { - negate: false, - opcode: 0, - }, - 0b0000_0000_0000_0000, - ) - ); + assert!(match_opcode( + &DetectDnsOpcode { + negate: false, + opcode: 0, + }, + 0b0000_0000_0000_0000, + )); - assert!( - !match_opcode( - &DetectDnsOpcode { - negate: true, - opcode: 0, - }, - 0b0000_0000_0000_0000, - ) - ); + assert!(!match_opcode( + &DetectDnsOpcode { + negate: true, + opcode: 0, + }, + 0b0000_0000_0000_0000, + )); - assert!( - match_opcode( - &DetectDnsOpcode { - negate: false, - opcode: 4, - }, - 0b0010_0000_0000_0000, - ) - ); + assert!(match_opcode( + &DetectDnsOpcode { + negate: false, + opcode: 4, + }, + 0b0010_0000_0000_0000, + )); - assert!( - !match_opcode( - &DetectDnsOpcode { - negate: true, - opcode: 4, - }, - 0b0010_0000_0000_0000, - ) - ); + assert!(!match_opcode( + &DetectDnsOpcode { + negate: true, + opcode: 4, + }, + 0b0010_0000_0000_0000, + )); } } diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs index 382c76ae59b5..57f66c0f73df 100644 --- a/rust/src/dns/dns.rs +++ b/rust/src/dns/dns.rs @@ -221,13 +221,7 @@ pub struct DNSAnswerEntry { } #[derive(Debug)] -pub struct DNSRequest { - pub header: DNSHeader, - pub queries: Vec, -} - -#[derive(Debug)] -pub struct DNSResponse { +pub struct DNSMessage { pub header: DNSHeader, pub queries: Vec, pub answers: Vec, @@ -237,8 +231,8 @@ pub struct DNSResponse { #[derive(Debug, Default)] pub struct DNSTransaction { pub id: u64, - pub request: Option, - pub response: Option, + pub request: Option, + pub response: Option, pub tx_data: AppLayerTxData, } @@ -250,10 +244,10 @@ impl Transaction for DNSTransaction { impl DNSTransaction { pub fn new(direction: Direction) -> Self { - Self { - tx_data: AppLayerTxData::for_direction(direction), + Self { + tx_data: AppLayerTxData::for_direction(direction), ..Default::default() - } + } } /// Get the DNS transactions ID (not the internal tracking ID). @@ -402,7 +396,7 @@ impl DNSState { return !is_tcp; }; - match parser::dns_parse_request_body(body, input, header) { + match parser::dns_parse_body(body, input, header) { Ok((_, request)) => { if request.header.flags & 0x8000 != 0 { SCLogDebug!("DNS message is not a request"); @@ -474,7 +468,7 @@ impl DNSState { return !is_tcp; }; - match parser::dns_parse_response_body(body, input, header) { + match parser::dns_parse_body(body, input, header) { Ok((_, response)) => { SCLogDebug!("Response header flags: {}", response.header.flags); @@ -702,14 +696,9 @@ fn probe(input: &[u8], dlen: usize) -> (bool, bool, bool) { } } - match parser::dns_parse_request(input) { - Ok((_, request)) => { - return probe_header_validity(&request.header, dlen); - } - Err(Err::Incomplete(_)) => match parser::dns_parse_header(input) { - Ok((_, header)) => { - return probe_header_validity(&header, dlen); - } + match parser::dns_parse_header(input) { + Ok((body, header)) => match parser::dns_parse_body(body, input, header) { + Ok((_, request)) => probe_header_validity(&request.header, dlen), Err(Err::Incomplete(_)) => (false, false, true), Err(_) => (false, false, false), }, @@ -864,21 +853,54 @@ pub unsafe extern "C" fn rs_dns_state_get_tx_data( export_state_data_get!(rs_dns_get_state_data, DNSState); +/// Get the DNS query name at index i. #[no_mangle] -pub unsafe extern "C" fn rs_dns_tx_get_query_name( - tx: &mut DNSTransaction, i: u32, buf: *mut *const u8, len: *mut u32, -) -> u8 { - if let Some(request) = &tx.request { - if (i as usize) < request.queries.len() { - let query = &request.queries[i as usize]; +pub unsafe extern "C" fn SCDnsTxGetQueryName( + tx: &mut DNSTransaction, to_client: bool, i: u32, buf: *mut *const u8, len: *mut u32, +) -> bool { + let queries = if to_client { + tx.response.as_ref().map(|response| &response.queries) + } else { + tx.request.as_ref().map(|request| &request.queries) + }; + let index = i as usize; + + if let Some(queries) = queries { + if let Some(query) = queries.get(index) { if !query.name.is_empty() { - *len = query.name.len() as u32; *buf = query.name.as_ptr(); - return 1; + *len = query.name.len() as u32; + return true; } } } - return 0; + + false +} + +/// Get the DNS response answer name and index i. +#[no_mangle] +pub unsafe extern "C" fn SCDnsTxGetAnswerName( + tx: &mut DNSTransaction, to_client: bool, i: u32, buf: *mut *const u8, len: *mut u32, +) -> bool { + let answers = if to_client { + tx.response.as_ref().map(|response| &response.answers) + } else { + tx.request.as_ref().map(|request| &request.answers) + }; + let index = i as usize; + + if let Some(answers) = answers { + if let Some(answer) = answers.get(index) { + if !answer.name.is_empty() { + *buf = answer.name.as_ptr(); + *len = answer.name.len() as u32; + return true; + } + } + } + + false } /// Get the DNS transaction ID of a transaction. diff --git a/rust/src/dns/log.rs b/rust/src/dns/log.rs index 5212b1a0da7c..4c0d4fc065b4 100644 --- a/rust/src/dns/log.rs +++ b/rust/src/dns/log.rs @@ -476,7 +476,7 @@ fn dns_log_json_answer_detail(answer: &DNSAnswerEntry) -> Result Result<(), JsonError> { let header = &response.header; @@ -524,7 +524,8 @@ fn dns_log_json_answer( match &answer.data { DNSRData::A(addr) | DNSRData::AAAA(addr) => { if !answer_types.contains_key(&type_string) { - answer_types.insert(type_string.to_string(), JsonBuilder::try_new_array()?); + answer_types + .insert(type_string.to_string(), JsonBuilder::try_new_array()?); } if let Some(a) = answer_types.get_mut(&type_string) { a.append_string(&dns_print_addr(addr))?; @@ -537,7 +538,8 @@ fn dns_log_json_answer( | DNSRData::NULL(bytes) | DNSRData::PTR(bytes) => { if !answer_types.contains_key(&type_string) { - answer_types.insert(type_string.to_string(), JsonBuilder::try_new_array()?); + answer_types + .insert(type_string.to_string(), JsonBuilder::try_new_array()?); } if let Some(a) = answer_types.get_mut(&type_string) { a.append_string_from_bytes(bytes)?; @@ -545,7 +547,8 @@ fn dns_log_json_answer( } DNSRData::SOA(soa) => { if !answer_types.contains_key(&type_string) { - answer_types.insert(type_string.to_string(), JsonBuilder::try_new_array()?); + answer_types + .insert(type_string.to_string(), JsonBuilder::try_new_array()?); } if let Some(a) = answer_types.get_mut(&type_string) { a.append_object(&dns_log_soa(soa)?)?; @@ -553,7 +556,8 @@ fn dns_log_json_answer( } DNSRData::SSHFP(sshfp) => { if !answer_types.contains_key(&type_string) { - answer_types.insert(type_string.to_string(), JsonBuilder::try_new_array()?); + answer_types + .insert(type_string.to_string(), JsonBuilder::try_new_array()?); } if let Some(a) = answer_types.get_mut(&type_string) { a.append_object(&dns_log_sshfp(sshfp)?)?; @@ -561,7 +565,8 @@ fn dns_log_json_answer( } DNSRData::SRV(srv) => { if !answer_types.contains_key(&type_string) { - answer_types.insert(type_string.to_string(), JsonBuilder::try_new_array()?); + answer_types + .insert(type_string.to_string(), JsonBuilder::try_new_array()?); } if let Some(a) = answer_types.get_mut(&type_string) { a.append_object(&dns_log_srv(srv)?)?; diff --git a/rust/src/dns/parser.rs b/rust/src/dns/parser.rs index a1d97a53fd02..f7f9fd0d6e8c 100644 --- a/rust/src/dns/parser.rs +++ b/rust/src/dns/parser.rs @@ -24,27 +24,6 @@ use nom7::multi::{count, length_data, many_m_n}; use nom7::number::streaming::{be_u16, be_u32, be_u8}; use nom7::{error_position, Err, IResult}; -// Parse a DNS header. -pub fn dns_parse_header(i: &[u8]) -> IResult<&[u8], DNSHeader> { - let (i, tx_id) = be_u16(i)?; - let (i, flags) = be_u16(i)?; - let (i, questions) = be_u16(i)?; - let (i, answer_rr) = be_u16(i)?; - let (i, authority_rr) = be_u16(i)?; - let (i, additional_rr) = be_u16(i)?; - Ok(( - i, - DNSHeader { - tx_id, - flags, - questions, - answer_rr, - authority_rr, - additional_rr, - }, - )) -} - /// Parse a DNS name. /// /// Parameters: @@ -191,23 +170,6 @@ fn dns_parse_answer<'a>( return Ok((input, answers)); } -pub fn dns_parse_response_body<'a>( - i: &'a [u8], message: &'a [u8], header: DNSHeader, -) -> IResult<&'a [u8], DNSResponse> { - let (i, queries) = count(|b| dns_parse_query(b, message), header.questions as usize)(i)?; - let (i, answers) = dns_parse_answer(i, message, header.answer_rr as usize)?; - let (i, authorities) = dns_parse_answer(i, message, header.authority_rr as usize)?; - Ok(( - i, - DNSResponse { - header, - queries, - answers, - authorities, - }, - )) -} - /// Parse a single DNS query. /// /// Arguments are suitable for using with call!: @@ -343,19 +305,42 @@ pub fn dns_parse_rdata<'a>( } } -/// Parse a DNS request. -pub fn dns_parse_request(input: &[u8]) -> IResult<&[u8], DNSRequest> { - let i = input; - let (i, header) = dns_parse_header(i)?; - dns_parse_request_body(i, input, header) +// Parse a DNS header. +pub fn dns_parse_header(i: &[u8]) -> IResult<&[u8], DNSHeader> { + let (i, tx_id) = be_u16(i)?; + let (i, flags) = be_u16(i)?; + let (i, questions) = be_u16(i)?; + let (i, answer_rr) = be_u16(i)?; + let (i, authority_rr) = be_u16(i)?; + let (i, additional_rr) = be_u16(i)?; + Ok(( + i, + DNSHeader { + tx_id, + flags, + questions, + answer_rr, + authority_rr, + additional_rr, + }, + )) } -pub fn dns_parse_request_body<'a>( - input: &'a [u8], message: &'a [u8], header: DNSHeader, -) -> IResult<&'a [u8], DNSRequest> { - let i = input; +pub fn dns_parse_body<'a>( + i: &'a [u8], message: &'a [u8], header: DNSHeader, +) -> IResult<&'a [u8], DNSMessage> { let (i, queries) = count(|b| dns_parse_query(b, message), header.questions as usize)(i)?; - Ok((i, DNSRequest { header, queries })) + let (i, answers) = dns_parse_answer(i, message, header.answer_rr as usize)?; + let (i, authorities) = dns_parse_answer(i, message, header.authority_rr as usize)?; + Ok(( + i, + DNSMessage { + header, + queries, + answers, + authorities, + }, + )) } #[cfg(test)] @@ -490,7 +475,8 @@ mod tests { 0x00, 0x00, 0x00, /* ... */ ]; - let res = dns_parse_request(pkt); + let (body, header) = dns_parse_header(pkt).unwrap(); + let res = dns_parse_body(body, pkt, header); match res { Ok((rem, request)) => { // For now we have some remainder data as there is an @@ -523,10 +509,10 @@ mod tests { } /// Parse a DNS response. - fn dns_parse_response(message: &[u8]) -> IResult<&[u8], DNSResponse> { + fn dns_parse_response(message: &[u8]) -> IResult<&[u8], DNSMessage> { let i = message; let (i, header) = dns_parse_header(i)?; - dns_parse_response_body(i, message, header) + dns_parse_body(i, message, header) } #[test] diff --git a/src/Makefile.am b/src/Makefile.am index 48a5ce850ce2..5edcab784958 100755 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -121,8 +121,10 @@ noinst_HEADERS = \ detect-detection-filter.h \ detect-distance.h \ detect-dnp3.h \ + detect-dns-answer-name.h \ detect-dns-opcode.h \ detect-dns-query.h \ + detect-dns-query-name.h \ detect-dsize.h \ detect-engine-address.h \ detect-engine-address-ipv4.h \ @@ -732,8 +734,10 @@ libsuricata_c_a_SOURCES = \ detect-detection-filter.c \ detect-distance.c \ detect-dnp3.c \ + detect-dns-answer-name.c \ detect-dns-opcode.c \ detect-dns-query.c \ + detect-dns-query-name.c \ detect-dsize.c \ detect-engine-address.c \ detect-engine-address-ipv4.c \ diff --git a/src/detect-app-layer-event.c b/src/detect-app-layer-event.c index bf306d363d39..aa65e368a77b 100644 --- a/src/detect-app-layer-event.c +++ b/src/detect-app-layer-event.c @@ -78,9 +78,9 @@ void DetectAppLayerEventRegister(void) sigmatch_table[DETECT_AL_APP_LAYER_EVENT].Setup = DetectAppLayerEventSetup; sigmatch_table[DETECT_AL_APP_LAYER_EVENT].Free = DetectAppLayerEventFree; - DetectAppLayerInspectEngineRegister2("app-layer-events", ALPROTO_UNKNOWN, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("app-layer-events", ALPROTO_UNKNOWN, SIG_FLAG_TOSERVER, 0, DetectEngineAptEventInspect, NULL); - DetectAppLayerInspectEngineRegister2("app-layer-events", ALPROTO_UNKNOWN, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("app-layer-events", ALPROTO_UNKNOWN, SIG_FLAG_TOCLIENT, 0, DetectEngineAptEventInspect, NULL); g_applayer_events_list_id = DetectBufferTypeGetByName("app-layer-events"); diff --git a/src/detect-cipservice.c b/src/detect-cipservice.c index 00b9a75ca099..280475df17ac 100644 --- a/src/detect-cipservice.c +++ b/src/detect-cipservice.c @@ -63,9 +63,9 @@ void DetectCipServiceRegister(void) sigmatch_table[DETECT_CIPSERVICE].RegisterTests = DetectCipServiceRegisterTests; #endif - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "cip", ALPROTO_ENIP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectCIP, NULL); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "cip", ALPROTO_ENIP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectCIP, NULL); g_cip_buffer_id = DetectBufferTypeGetByName("cip"); @@ -316,9 +316,9 @@ void DetectEnipCommandRegister(void) sigmatch_table[DETECT_ENIPCOMMAND].RegisterTests = DetectEnipCommandRegisterTests; #endif - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "enip", ALPROTO_ENIP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectENIP, NULL); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "enip", ALPROTO_ENIP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectENIP, NULL); g_enip_buffer_id = DetectBufferTypeGetByName("enip"); diff --git a/src/detect-dce-iface.c b/src/detect-dce-iface.c index 844e7bc1499a..d832f4ca91b3 100644 --- a/src/detect-dce-iface.c +++ b/src/detect-dce-iface.c @@ -80,14 +80,14 @@ void DetectDceIfaceRegister(void) g_dce_generic_list_id = DetectBufferTypeRegister("dce_generic"); - DetectAppLayerInspectEngineRegister2("dce_generic", ALPROTO_DCERPC, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("dce_generic", ALPROTO_DCERPC, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "dce_generic", ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("dce_generic", ALPROTO_DCERPC, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("dce_generic", ALPROTO_DCERPC, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "dce_generic", ALPROTO_SMB, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); } diff --git a/src/detect-dce-stub-data.c b/src/detect-dce-stub-data.c index 50d0387b0758..5d919e084e64 100644 --- a/src/detect-dce-stub-data.c +++ b/src/detect-dce-stub-data.c @@ -125,35 +125,23 @@ void DetectDceStubDataRegister(void) #endif sigmatch_table[DETECT_DCE_STUB_DATA].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, - DetectEngineInspectBufferGeneric, - GetSMBData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetSMBData, - ALPROTO_SMB, 0); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_SMB, SIG_FLAG_TOCLIENT, 0, - DetectEngineInspectBufferGeneric, - GetSMBData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetSMBData, - ALPROTO_SMB, 0); - - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_DCERPC, SIG_FLAG_TOSERVER, 0, - DetectEngineInspectBufferGeneric, - GetDCEData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetDCEData, - ALPROTO_DCERPC, 0); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_DCERPC, SIG_FLAG_TOCLIENT, 0, - DetectEngineInspectBufferGeneric, - GetDCEData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetDCEData, - ALPROTO_DCERPC, 0); + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, + DetectEngineInspectBufferGeneric, GetSMBData); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetSMBData, ALPROTO_SMB, 0); + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SMB, SIG_FLAG_TOCLIENT, 0, + DetectEngineInspectBufferGeneric, GetSMBData); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetSMBData, ALPROTO_SMB, 0); + + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_DCERPC, SIG_FLAG_TOSERVER, 0, + DetectEngineInspectBufferGeneric, GetDCEData); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetDCEData, ALPROTO_DCERPC, 0); + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_DCERPC, SIG_FLAG_TOCLIENT, 0, + DetectEngineInspectBufferGeneric, GetDCEData); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetDCEData, ALPROTO_DCERPC, 0); g_dce_stub_data_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME); } diff --git a/src/detect-dhcp-leasetime.c b/src/detect-dhcp-leasetime.c index dfa2c193302f..a238680d7574 100644 --- a/src/detect-dhcp-leasetime.c +++ b/src/detect-dhcp-leasetime.c @@ -120,10 +120,10 @@ void DetectDHCPLeaseTimeRegister(void) sigmatch_table[DETECT_AL_DHCP_LEASETIME].Setup = DetectDHCPLeaseTimeSetup; sigmatch_table[DETECT_AL_DHCP_LEASETIME].Free = DetectDHCPLeaseTimeFree; - DetectAppLayerInspectEngineRegister2("dhcp.leasetime", ALPROTO_DHCP, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("dhcp.leasetime", ALPROTO_DHCP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("dhcp.leasetime", ALPROTO_DHCP, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("dhcp.leasetime", ALPROTO_DHCP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); g_buffer_id = DetectBufferTypeGetByName("dhcp.leasetime"); diff --git a/src/detect-dhcp-rebinding-time.c b/src/detect-dhcp-rebinding-time.c index 3d63427eacb1..f1ff16da739d 100644 --- a/src/detect-dhcp-rebinding-time.c +++ b/src/detect-dhcp-rebinding-time.c @@ -121,10 +121,10 @@ void DetectDHCPRebindingTimeRegister(void) sigmatch_table[DETECT_AL_DHCP_REBINDING_TIME].Setup = DetectDHCPRebindingTimeSetup; sigmatch_table[DETECT_AL_DHCP_REBINDING_TIME].Free = DetectDHCPRebindingTimeFree; - DetectAppLayerInspectEngineRegister2("dhcp.rebinding-time", ALPROTO_DHCP, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("dhcp.rebinding-time", ALPROTO_DHCP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("dhcp.rebinding-time", ALPROTO_DHCP, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("dhcp.rebinding-time", ALPROTO_DHCP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); g_buffer_id = DetectBufferTypeGetByName("dhcp.rebinding-time"); diff --git a/src/detect-dhcp-renewal-time.c b/src/detect-dhcp-renewal-time.c index 9a38555a0d28..766b56815782 100644 --- a/src/detect-dhcp-renewal-time.c +++ b/src/detect-dhcp-renewal-time.c @@ -120,10 +120,10 @@ void DetectDHCPRenewalTimeRegister(void) sigmatch_table[DETECT_AL_DHCP_RENEWAL_TIME].Setup = DetectDHCPRenewalTimeSetup; sigmatch_table[DETECT_AL_DHCP_RENEWAL_TIME].Free = DetectDHCPRenewalTimeFree; - DetectAppLayerInspectEngineRegister2("dhcp.renewal-time", ALPROTO_DHCP, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("dhcp.renewal-time", ALPROTO_DHCP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("dhcp.renewal-time", ALPROTO_DHCP, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("dhcp.renewal-time", ALPROTO_DHCP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); g_buffer_id = DetectBufferTypeGetByName("dhcp.renewal-time"); diff --git a/src/detect-dnp3.c b/src/detect-dnp3.c index 208dec7c3a29..4e4db82d44a5 100644 --- a/src/detect-dnp3.c +++ b/src/detect-dnp3.c @@ -551,21 +551,15 @@ static void DetectDNP3DataRegister(void) sigmatch_table[DETECT_AL_DNP3DATA].Setup = DetectDNP3DataSetup; sigmatch_table[DETECT_AL_DNP3DATA].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("dnp3_data", - ALPROTO_DNP3, SIG_FLAG_TOSERVER, 0, - DetectEngineInspectBufferGeneric, - GetDNP3Data); - DetectAppLayerMpmRegister2("dnp3_data", SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetDNP3Data, - ALPROTO_DNP3, 0); - - DetectAppLayerInspectEngineRegister2("dnp3_data", - ALPROTO_DNP3, SIG_FLAG_TOCLIENT, 0, - DetectEngineInspectBufferGeneric, - GetDNP3Data); - DetectAppLayerMpmRegister2("dnp3_data", SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetDNP3Data, - ALPROTO_DNP3, 0); + DetectAppLayerInspectEngineRegister("dnp3_data", ALPROTO_DNP3, SIG_FLAG_TOSERVER, 0, + DetectEngineInspectBufferGeneric, GetDNP3Data); + DetectAppLayerMpmRegister("dnp3_data", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetDNP3Data, ALPROTO_DNP3, 0); + + DetectAppLayerInspectEngineRegister("dnp3_data", ALPROTO_DNP3, SIG_FLAG_TOCLIENT, 0, + DetectEngineInspectBufferGeneric, GetDNP3Data); + DetectAppLayerMpmRegister("dnp3_data", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetDNP3Data, ALPROTO_DNP3, 0); g_dnp3_data_buffer_id = DetectBufferTypeGetByName("dnp3_data"); SCReturn; @@ -580,9 +574,9 @@ void DetectDNP3Register(void) DetectDNP3ObjRegister(); /* Register the list of func, ind and obj. */ - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "dnp3", ALPROTO_DNP3, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "dnp3", ALPROTO_DNP3, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); g_dnp3_match_buffer_id = DetectBufferTypeRegister("dnp3"); diff --git a/src/detect-dns-answer-name.c b/src/detect-dns-answer-name.c new file mode 100644 index 000000000000..5c573b1e2c36 --- /dev/null +++ b/src/detect-dns-answer-name.c @@ -0,0 +1,183 @@ +/* Copyright (C) 2023 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * Detect keyword for DNS answer name: dns.answer.name + */ + +#include "detect.h" +#include "detect-parse.h" +#include "detect-engine.h" +#include "detect-engine-prefilter.h" +#include "detect-engine-content-inspection.h" +#include "detect-dns-answer-name.h" +#include "util-profiling.h" +#include "rust.h" + +static int DetectSetup(DetectEngineCtx *, Signature *, const char *); +static uint8_t DetectEngineInspectCb(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, + const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, + uint8_t flags, void *alstate, void *txv, uint64_t tx_id); +static int PrefilterMpmRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, + const DetectBufferMpmRegistry *mpm_reg, int list_id); + +static int detect_buffer_id = 0; + +void DetectDnsAnswerNameRegister(void) +{ + static const char *keyword = "dns.answer.name"; + sigmatch_table[DETECT_AL_DNS_ANSWER_NAME].name = keyword; + sigmatch_table[DETECT_AL_DNS_ANSWER_NAME].desc = "DNS answer name sticky buffer"; + sigmatch_table[DETECT_AL_DNS_ANSWER_NAME].url = "/rules/dns-keywords.html#dns-answer-name"; + sigmatch_table[DETECT_AL_DNS_ANSWER_NAME].Setup = DetectSetup; + sigmatch_table[DETECT_AL_DNS_ANSWER_NAME].flags |= SIGMATCH_NOOPT; + sigmatch_table[DETECT_AL_DNS_ANSWER_NAME].flags |= SIGMATCH_INFO_STICKY_BUFFER; + + /* Register in the TO_SERVER direction, even though this is not + normal, it could be provided as part of a request. */ + DetectAppLayerInspectEngineRegister( + keyword, ALPROTO_DNS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectCb, NULL); + DetectAppLayerMpmRegister( + keyword, SIG_FLAG_TOSERVER, 2, PrefilterMpmRegister, NULL, ALPROTO_DNS, 1); + + /* Register in the TO_CLIENT direction. */ + DetectAppLayerInspectEngineRegister( + keyword, ALPROTO_DNS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectCb, NULL); + DetectAppLayerMpmRegister( + keyword, SIG_FLAG_TOCLIENT, 2, PrefilterMpmRegister, NULL, ALPROTO_DNS, 1); + + DetectBufferTypeSetDescriptionByName(keyword, "dns answer name"); + DetectBufferTypeSupportsMultiInstance(keyword); + + detect_buffer_id = DetectBufferTypeGetByName(keyword); +} + +static int DetectSetup(DetectEngineCtx *de_ctx, Signature *s, const char *str) +{ + if (DetectBufferSetActiveList(de_ctx, s, detect_buffer_id) < 0) { + return -1; + } + if (DetectSignatureSetAppProto(s, ALPROTO_DNS) < 0) { + return -1; + } + + return 0; +} + +static InspectionBuffer *GetBuffer(DetectEngineThreadCtx *det_ctx, uint8_t flags, + const DetectEngineTransforms *transforms, void *txv, uint32_t index, int list_id) +{ + InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, index); + if (buffer == NULL) { + return NULL; + } + if (buffer->initialized) { + return buffer; + } + + bool to_client = (flags & STREAM_TOSERVER) == 0; + const uint8_t *data = NULL; + uint32_t data_len = 0; + + if (!SCDnsTxGetAnswerName(txv, to_client, index, &data, &data_len)) { + InspectionBufferSetupMultiEmpty(buffer); + return NULL; + } + InspectionBufferSetupMulti(buffer, transforms, data, data_len); + return buffer; +} + +static uint8_t DetectEngineInspectCb(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, + const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, + uint8_t flags, void *alstate, void *txv, uint64_t tx_id) +{ + const DetectEngineTransforms *transforms = NULL; + if (!engine->mpm) { + transforms = engine->v2.transforms; + } + + for (uint32_t i = 0;; i++) { + InspectionBuffer *buffer = GetBuffer(det_ctx, flags, transforms, txv, i, engine->sm_list); + if (buffer == NULL || buffer->inspect == NULL) { + break; + } + + det_ctx->buffer_offset = 0; + det_ctx->discontinue_matching = 0; + det_ctx->inspection_recursion_counter = 0; + + const int match = DetectEngineContentInspection(de_ctx, det_ctx, s, engine->smd, NULL, f, + (uint8_t *)buffer->inspect, buffer->inspect_len, buffer->inspect_offset, + DETECT_CI_FLAGS_SINGLE, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE); + if (match == 1) { + return DETECT_ENGINE_INSPECT_SIG_MATCH; + } + } + + return DETECT_ENGINE_INSPECT_SIG_NO_MATCH; +} + +typedef struct PrefilterMpm { + int list_id; + const MpmCtx *mpm_ctx; + const DetectEngineTransforms *transforms; +} PrefilterMpm; + +static void PrefilterTx(DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p, Flow *f, + void *txv, const uint64_t idx, const AppLayerTxData *_txd, const uint8_t flags) +{ + SCEnter(); + + const PrefilterMpm *ctx = (const PrefilterMpm *)pectx; + const MpmCtx *mpm_ctx = ctx->mpm_ctx; + const int list_id = ctx->list_id; + + for (uint32_t i = 0;; i++) { + InspectionBuffer *buffer = GetBuffer(det_ctx, flags, ctx->transforms, txv, i, list_id); + if (buffer == NULL) { + break; + } + + if (buffer->inspect_len >= mpm_ctx->minlen) { + (void)mpm_table[mpm_ctx->mpm_type].Search( + mpm_ctx, &det_ctx->mtcu, &det_ctx->pmq, buffer->inspect, buffer->inspect_len); + PREFILTER_PROFILING_ADD_BYTES(det_ctx, buffer->inspect_len); + } + } +} + +static void PrefilterMpmFree(void *ptr) +{ + SCFree(ptr); +} + +static int PrefilterMpmRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, + const DetectBufferMpmRegistry *mpm_reg, int list_id) +{ + PrefilterMpm *pectx = SCCalloc(1, sizeof(*pectx)); + if (pectx == NULL) { + return -1; + } + pectx->list_id = list_id; + pectx->mpm_ctx = mpm_ctx; + pectx->transforms = &mpm_reg->transforms; + + return PrefilterAppendTxEngine(de_ctx, sgh, PrefilterTx, mpm_reg->app_v2.alproto, + mpm_reg->app_v2.tx_min_progress, pectx, PrefilterMpmFree, mpm_reg->pname); +} diff --git a/src/detect-dns-answer-name.h b/src/detect-dns-answer-name.h new file mode 100644 index 000000000000..4f84b4894c16 --- /dev/null +++ b/src/detect-dns-answer-name.h @@ -0,0 +1,23 @@ +/* Copyright (C) 2023 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +#ifndef __DETECT_DNS_ANSWER_NAME_H__ +#define __DETECT_DNS_ANSWER_NAME_H__ + +void DetectDnsAnswerNameRegister(void); + +#endif /* __DETECT_DNS_ANSWER_NAME_H__ */ diff --git a/src/detect-dns-opcode.c b/src/detect-dns-opcode.c index 4c69753a83e0..ab9c21ec3d68 100644 --- a/src/detect-dns-opcode.c +++ b/src/detect-dns-opcode.c @@ -83,10 +83,10 @@ void DetectDnsOpcodeRegister(void) sigmatch_table[DETECT_AL_DNS_OPCODE].AppLayerTxMatch = DetectDnsOpcodeMatch; - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "dns.opcode", ALPROTO_DNS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "dns.opcode", ALPROTO_DNS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); dns_opcode_list_id = DetectBufferTypeGetByName("dns.opcode"); diff --git a/src/detect-dns-query-name.c b/src/detect-dns-query-name.c new file mode 100644 index 000000000000..d3d091e028f8 --- /dev/null +++ b/src/detect-dns-query-name.c @@ -0,0 +1,182 @@ +/* Copyright (C) 2023 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * Detect keyword for DNS query names: dns.query.name + */ + +#include "detect.h" +#include "detect-parse.h" +#include "detect-engine.h" +#include "detect-engine-prefilter.h" +#include "detect-engine-content-inspection.h" +#include "detect-dns-query-name.h" +#include "util-profiling.h" +#include "rust.h" + +static int DetectSetup(DetectEngineCtx *, Signature *, const char *); +static uint8_t DetectEngineInspectCb(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, + const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, + uint8_t flags, void *alstate, void *txv, uint64_t tx_id); +static int PrefilterMpmRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, + const DetectBufferMpmRegistry *mpm_reg, int list_id); + +static int detect_buffer_id = 0; + +void DetectDnsQueryNameRegister(void) +{ + static const char *keyword = "dns.query.name"; + sigmatch_table[DETECT_AL_DNS_QUERY_NAME].name = keyword; + sigmatch_table[DETECT_AL_DNS_QUERY_NAME].desc = "DNS query name sticky buffer"; + sigmatch_table[DETECT_AL_DNS_QUERY_NAME].url = "/rules/dns-keywords.html#dns-query-name"; + sigmatch_table[DETECT_AL_DNS_QUERY_NAME].Setup = DetectSetup; + sigmatch_table[DETECT_AL_DNS_QUERY_NAME].flags |= SIGMATCH_NOOPT; + sigmatch_table[DETECT_AL_DNS_QUERY_NAME].flags |= SIGMATCH_INFO_STICKY_BUFFER; + + /* Register in both directions as the query is usually echoed back + in the response. */ + DetectAppLayerInspectEngineRegister( + keyword, ALPROTO_DNS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectCb, NULL); + DetectAppLayerMpmRegister( + keyword, SIG_FLAG_TOSERVER, 2, PrefilterMpmRegister, NULL, ALPROTO_DNS, 1); + + DetectAppLayerInspectEngineRegister( + keyword, ALPROTO_DNS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectCb, NULL); + DetectAppLayerMpmRegister( + keyword, SIG_FLAG_TOCLIENT, 2, PrefilterMpmRegister, NULL, ALPROTO_DNS, 1); + + DetectBufferTypeSetDescriptionByName(keyword, "dns query name"); + DetectBufferTypeSupportsMultiInstance(keyword); + + detect_buffer_id = DetectBufferTypeGetByName(keyword); +} + +static int DetectSetup(DetectEngineCtx *de_ctx, Signature *s, const char *str) +{ + if (DetectBufferSetActiveList(de_ctx, s, detect_buffer_id) < 0) { + return -1; + } + if (DetectSignatureSetAppProto(s, ALPROTO_DNS) < 0) { + return -1; + } + + return 0; +} + +static InspectionBuffer *GetBuffer(DetectEngineThreadCtx *det_ctx, const uint8_t flags, + const DetectEngineTransforms *transforms, void *txv, uint32_t index, int list_id) +{ + InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, index); + if (buffer == NULL) { + return NULL; + } + if (buffer->initialized) { + return buffer; + } + + bool to_client = (flags & STREAM_TOSERVER) == 0; + const uint8_t *data = NULL; + uint32_t data_len = 0; + + if (!SCDnsTxGetQueryName(txv, to_client, index, &data, &data_len)) { + InspectionBufferSetupMultiEmpty(buffer); + return NULL; + } + InspectionBufferSetupMulti(buffer, transforms, data, data_len); + return buffer; +} + +static uint8_t DetectEngineInspectCb(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, + const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, + uint8_t flags, void *alstate, void *txv, uint64_t tx_id) +{ + const DetectEngineTransforms *transforms = NULL; + if (!engine->mpm) { + transforms = engine->v2.transforms; + } + + for (uint32_t i = 0;; i++) { + InspectionBuffer *buffer = GetBuffer(det_ctx, flags, transforms, txv, i, engine->sm_list); + if (buffer == NULL || buffer->inspect == NULL) { + break; + } + + det_ctx->buffer_offset = 0; + det_ctx->discontinue_matching = 0; + det_ctx->inspection_recursion_counter = 0; + + const int match = DetectEngineContentInspection(de_ctx, det_ctx, s, engine->smd, NULL, f, + (uint8_t *)buffer->inspect, buffer->inspect_len, buffer->inspect_offset, + DETECT_CI_FLAGS_SINGLE, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE); + if (match == 1) { + return DETECT_ENGINE_INSPECT_SIG_MATCH; + } + } + + return DETECT_ENGINE_INSPECT_SIG_NO_MATCH; +} + +typedef struct PrefilterMpm { + int list_id; + const MpmCtx *mpm_ctx; + const DetectEngineTransforms *transforms; +} PrefilterMpm; + +static void PrefilterTx(DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p, Flow *f, + void *txv, const uint64_t idx, const AppLayerTxData *_txd, const uint8_t flags) +{ + SCEnter(); + + const PrefilterMpm *ctx = (const PrefilterMpm *)pectx; + const MpmCtx *mpm_ctx = ctx->mpm_ctx; + const int list_id = ctx->list_id; + + for (uint32_t i = 0;; i++) { + InspectionBuffer *buffer = GetBuffer(det_ctx, flags, ctx->transforms, txv, i, list_id); + if (buffer == NULL) { + break; + } + + if (buffer->inspect_len >= mpm_ctx->minlen) { + (void)mpm_table[mpm_ctx->mpm_type].Search( + mpm_ctx, &det_ctx->mtcu, &det_ctx->pmq, buffer->inspect, buffer->inspect_len); + PREFILTER_PROFILING_ADD_BYTES(det_ctx, buffer->inspect_len); + } + } +} + +static void PrefilterMpmFree(void *ptr) +{ + SCFree(ptr); +} + +static int PrefilterMpmRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, + const DetectBufferMpmRegistry *mpm_reg, int list_id) +{ + PrefilterMpm *pectx = SCCalloc(1, sizeof(*pectx)); + if (pectx == NULL) { + return -1; + } + pectx->list_id = list_id; + pectx->mpm_ctx = mpm_ctx; + pectx->transforms = &mpm_reg->transforms; + + return PrefilterAppendTxEngine(de_ctx, sgh, PrefilterTx, mpm_reg->app_v2.alproto, + mpm_reg->app_v2.tx_min_progress, pectx, PrefilterMpmFree, mpm_reg->pname); +} diff --git a/src/detect-dns-query-name.h b/src/detect-dns-query-name.h new file mode 100644 index 000000000000..b1d7db99e8c5 --- /dev/null +++ b/src/detect-dns-query-name.h @@ -0,0 +1,23 @@ +/* Copyright (C) 2023 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +#ifndef __DETECT_DNS_QUERY_NAME_H__ +#define __DETECT_DNS_QUERY_NAME_H__ + +void DetectDnsQueryNameRegister(void); + +#endif /* __DETECT_DNS_QUERY_NAME_H__ */ diff --git a/src/detect-dns-query.c b/src/detect-dns-query.c index 354c4f834411..10075e562b40 100644 --- a/src/detect-dns-query.c +++ b/src/detect-dns-query.c @@ -87,7 +87,7 @@ static InspectionBuffer *DnsQueryGetData(DetectEngineThreadCtx *det_ctx, const uint8_t *data; uint32_t data_len; - if (rs_dns_tx_get_query_name(cbdata->txv, cbdata->local_id, &data, &data_len) == 0) { + if (SCDnsTxGetQueryName(cbdata->txv, false, cbdata->local_id, &data, &data_len) == 0) { InspectionBufferSetupMultiEmpty(buffer); return NULL; } @@ -211,13 +211,11 @@ void DetectDnsQueryRegister (void) sigmatch_table[DETECT_AL_DNS_QUERY].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_DNS_QUERY].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerMpmRegister2("dns_query", SIG_FLAG_TOSERVER, 2, - PrefilterMpmDnsQueryRegister, NULL, - ALPROTO_DNS, 1); + DetectAppLayerMpmRegister( + "dns_query", SIG_FLAG_TOSERVER, 2, PrefilterMpmDnsQueryRegister, NULL, ALPROTO_DNS, 1); - DetectAppLayerInspectEngineRegister2("dns_query", - ALPROTO_DNS, SIG_FLAG_TOSERVER, 1, - DetectEngineInspectDnsQuery, NULL); + DetectAppLayerInspectEngineRegister( + "dns_query", ALPROTO_DNS, SIG_FLAG_TOSERVER, 1, DetectEngineInspectDnsQuery, NULL); DetectBufferTypeSetDescriptionByName("dns_query", "dns request query"); @@ -227,9 +225,9 @@ void DetectDnsQueryRegister (void) #ifdef HAVE_LUA /* register these generic engines from here for now */ - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "dns_request", ALPROTO_DNS, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("dns_response", ALPROTO_DNS, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister("dns_response", ALPROTO_DNS, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectGenericList, NULL); DetectBufferTypeSetDescriptionByName("dns_request", diff --git a/src/detect-engine-mpm.c b/src/detect-engine-mpm.c index f091a3dadaa0..0d26ba9ab3ee 100644 --- a/src/detect-engine-mpm.c +++ b/src/detect-engine-mpm.c @@ -86,7 +86,7 @@ static int g_mpm_list_cnt[DETECT_BUFFER_MPM_TYPE_SIZE] = { 0, 0, 0 }; * * \note to be used at start up / registration only. Errors are fatal. */ -void DetectAppLayerMpmRegister2(const char *name, int direction, int priority, +void DetectAppLayerMpmRegister(const char *name, int direction, int priority, PrefilterRegisterFunc PrefilterRegister, InspectionBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress) { diff --git a/src/detect-engine-mpm.h b/src/detect-engine-mpm.h index adb40297190f..b05f86e43eb1 100644 --- a/src/detect-engine-mpm.h +++ b/src/detect-engine-mpm.h @@ -90,7 +90,7 @@ typedef int (*PrefilterRegisterFunc)(DetectEngineCtx *de_ctx, SigGroupHead *sgh, * \note direction must be set to either toserver or toclient. * If both are needed, register the keyword twice. */ -void DetectAppLayerMpmRegister2(const char *name, int direction, int priority, +void DetectAppLayerMpmRegister(const char *name, int direction, int priority, PrefilterRegisterFunc PrefilterRegister, InspectionBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress); void DetectAppLayerMpmRegisterByParentId( diff --git a/src/detect-engine-register.c b/src/detect-engine-register.c index df6e4a738ffc..1077800902b7 100644 --- a/src/detect-engine-register.c +++ b/src/detect-engine-register.c @@ -47,6 +47,8 @@ #include "detect-engine-dcepayload.h" #include "detect-dns-opcode.h" #include "detect-dns-query.h" +#include "detect-dns-answer-name.h" +#include "detect-dns-query-name.h" #include "detect-tls-sni.h" #include "detect-tls-certs.h" #include "detect-tls-cert-fingerprint.h" @@ -511,6 +513,8 @@ void SigTableSetup(void) DetectDnsQueryRegister(); DetectDnsOpcodeRegister(); + DetectDnsAnswerNameRegister(); + DetectDnsQueryNameRegister(); DetectModbusRegister(); DetectCipServiceRegister(); DetectEnipCommandRegister(); diff --git a/src/detect-engine-register.h b/src/detect-engine-register.h index 7d6c457ef9b0..854cf760d588 100644 --- a/src/detect-engine-register.h +++ b/src/detect-engine-register.h @@ -223,6 +223,8 @@ enum DetectKeywordId { DETECT_AL_DNS_QUERY, DETECT_AL_DNS_OPCODE, + DETECT_AL_DNS_ANSWER_NAME, + DETECT_AL_DNS_QUERY_NAME, DETECT_AL_TLS_SNI, DETECT_AL_TLS_CERTS, DETECT_AL_TLS_CERT_ISSUER, diff --git a/src/detect-engine.c b/src/detect-engine.c index d8f9f1880e56..3068446556ab 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -213,10 +213,8 @@ void DetectFrameInspectEngineRegister(const char *name, int dir, /** \brief register inspect engine at start up time * * \note errors are fatal */ -void DetectAppLayerInspectEngineRegister2(const char *name, - AppProto alproto, uint32_t dir, int progress, - InspectEngineFuncPtr2 Callback2, - InspectionBufferGetDataPtr GetData) +void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, + int progress, InspectEngineFuncPtr Callback, InspectionBufferGetDataPtr GetData) { BUG_ON(progress >= 48); @@ -227,15 +225,12 @@ void DetectAppLayerInspectEngineRegister2(const char *name, } SCLogDebug("name %s id %d", name, sm_list); - if ((alproto >= ALPROTO_FAILED) || - (!(dir == SIG_FLAG_TOSERVER || dir == SIG_FLAG_TOCLIENT)) || - (sm_list < DETECT_SM_LIST_MATCH) || (sm_list >= SHRT_MAX) || - (progress < 0 || progress >= SHRT_MAX) || - (Callback2 == NULL)) - { + if ((alproto >= ALPROTO_FAILED) || (!(dir == SIG_FLAG_TOSERVER || dir == SIG_FLAG_TOCLIENT)) || + (sm_list < DETECT_SM_LIST_MATCH) || (sm_list >= SHRT_MAX) || + (progress < 0 || progress >= SHRT_MAX) || (Callback == NULL)) { SCLogError("Invalid arguments"); BUG_ON(1); - } else if (Callback2 == DetectEngineInspectBufferGeneric && GetData == NULL) { + } else if (Callback == DetectEngineInspectBufferGeneric && GetData == NULL) { SCLogError("Invalid arguments: must register " "GetData with DetectEngineInspectBufferGeneric"); BUG_ON(1); @@ -258,7 +253,7 @@ void DetectAppLayerInspectEngineRegister2(const char *name, new_engine->sm_list = (uint16_t)sm_list; new_engine->sm_list_base = (uint16_t)sm_list; new_engine->progress = (int16_t)progress; - new_engine->v2.Callback = Callback2; + new_engine->v2.Callback = Callback; new_engine->v2.GetData = GetData; if (g_app_inspect_engines == NULL) { diff --git a/src/detect-engine.h b/src/detect-engine.h index a1732b16a993..71b06aeff7b5 100644 --- a/src/detect-engine.h +++ b/src/detect-engine.h @@ -161,10 +161,8 @@ int DetectEngineInspectPktBufferGeneric( * \param progress Minimal progress value for inspect engine to run * \param Callback The engine callback. */ -void DetectAppLayerInspectEngineRegister2(const char *name, - AppProto alproto, uint32_t dir, int progress, - InspectEngineFuncPtr2 Callback2, - InspectionBufferGetDataPtr GetData); +void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, + int progress, InspectEngineFuncPtr Callback2, InspectionBufferGetDataPtr GetData); void DetectPktInspectEngineRegister(const char *name, InspectionBufferGetPktDataPtr GetPktData, diff --git a/src/detect-ftpbounce.c b/src/detect-ftpbounce.c index 318f72cf3b58..afac0197b23f 100644 --- a/src/detect-ftpbounce.c +++ b/src/detect-ftpbounce.c @@ -69,7 +69,7 @@ void DetectFtpbounceRegister(void) g_ftp_request_list_id = DetectBufferTypeRegister("ftp_request"); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "ftp_request", ALPROTO_FTP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); } diff --git a/src/detect-ftpdata.c b/src/detect-ftpdata.c index c07847dff3f8..c05bcd7443cc 100644 --- a/src/detect-ftpdata.c +++ b/src/detect-ftpdata.c @@ -73,10 +73,10 @@ void DetectFtpdataRegister(void) { #ifdef UNITTESTS sigmatch_table[DETECT_FTPDATA].RegisterTests = DetectFtpdataRegisterTests; #endif - DetectAppLayerInspectEngineRegister2("ftpdata_command", ALPROTO_FTPDATA, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("ftpdata_command", ALPROTO_FTPDATA, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("ftpdata_command", ALPROTO_FTPDATA, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("ftpdata_command", ALPROTO_FTPDATA, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); g_ftpdata_buffer_id = DetectBufferTypeGetByName("ftpdata_command"); diff --git a/src/detect-http-client-body.c b/src/detect-http-client-body.c index 41b2552e9b99..266a4697fcab 100644 --- a/src/detect-http-client-body.c +++ b/src/detect-http-client-body.c @@ -103,15 +103,15 @@ void DetectHttpClientBodyRegister(void) sigmatch_table[DETECT_HTTP_REQUEST_BODY].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_HTTP_REQUEST_BODY].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_client_body", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_client_body", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_BODY, DetectEngineInspectBufferHttpBody, NULL); - DetectAppLayerMpmRegister2("http_client_body", SIG_FLAG_TOSERVER, 2, + DetectAppLayerMpmRegister("http_client_body", SIG_FLAG_TOSERVER, 2, PrefilterMpmHttpRequestBodyRegister, NULL, ALPROTO_HTTP1, HTP_REQUEST_BODY); - DetectAppLayerInspectEngineRegister2("http_client_body", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_client_body", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectFiledata, NULL); - DetectAppLayerMpmRegister2("http_client_body", SIG_FLAG_TOSERVER, 2, + DetectAppLayerMpmRegister("http_client_body", SIG_FLAG_TOSERVER, 2, PrefilterMpmFiledataRegister, NULL, ALPROTO_HTTP2, HTTP2StateDataClient); DetectBufferTypeSetDescriptionByName("http_client_body", diff --git a/src/detect-http-cookie.c b/src/detect-http-cookie.c index e2754138fd44..b10b8fa81e4d 100644 --- a/src/detect-http-cookie.c +++ b/src/detect-http-cookie.c @@ -106,24 +106,24 @@ void DetectHttpCookieRegister(void) sigmatch_table[DETECT_HTTP_COOKIE].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_HTTP_COOKIE].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_cookie", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_cookie", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetRequestData); - DetectAppLayerInspectEngineRegister2("http_cookie", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_cookie", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetResponseData); - DetectAppLayerMpmRegister2("http_cookie", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_cookie", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRequestData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); - DetectAppLayerMpmRegister2("http_cookie", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_cookie", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetResponseData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); - DetectAppLayerInspectEngineRegister2("http_cookie", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_cookie", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetRequestData2); - DetectAppLayerInspectEngineRegister2("http_cookie", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_cookie", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetResponseData2); - DetectAppLayerMpmRegister2("http_cookie", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_cookie", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRequestData2, ALPROTO_HTTP2, HTTP2StateDataClient); - DetectAppLayerMpmRegister2("http_cookie", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_cookie", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetResponseData2, ALPROTO_HTTP2, HTTP2StateDataServer); DetectBufferTypeSetDescriptionByName("http_cookie", diff --git a/src/detect-http-header-names.c b/src/detect-http-header-names.c index 58989a1825df..66bc73d44c80 100644 --- a/src/detect-http-header-names.c +++ b/src/detect-http-header-names.c @@ -219,25 +219,25 @@ void DetectHttpHeaderNamesRegister(void) sigmatch_table[DETECT_AL_HTTP_HEADER_NAMES].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; /* http1 */ - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetBuffer1ForTX, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetBuffer1ForTX, ALPROTO_HTTP1, HTP_RESPONSE_HEADERS); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetBuffer1ForTX); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS, DetectEngineInspectBufferGeneric, GetBuffer1ForTX); /* http2 */ - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetBuffer2ForTX, ALPROTO_HTTP2, HTTP2StateDataClient); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetBuffer2ForTX, ALPROTO_HTTP2, HTTP2StateDataServer); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetBuffer2ForTX); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetBuffer2ForTX); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, diff --git a/src/detect-http-header.c b/src/detect-http-header.c index e5101f9276b0..16ccc56f73e0 100644 --- a/src/detect-http-header.c +++ b/src/detect-http-header.c @@ -434,26 +434,26 @@ void DetectHttpHeaderRegister(void) sigmatch_table[DETECT_HTTP_HEADER].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_HTTP_HEADER].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_header", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_header", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectBufferHttpHeader, NULL); - DetectAppLayerMpmRegister2("http_header", SIG_FLAG_TOSERVER, 2, + DetectAppLayerMpmRegister("http_header", SIG_FLAG_TOSERVER, 2, PrefilterMpmHttpHeaderRequestRegister, NULL, ALPROTO_HTTP1, 0); /* not used, registered twice: HEADERS/TRAILER */ - DetectAppLayerInspectEngineRegister2("http_header", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_header", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS, DetectEngineInspectBufferHttpHeader, NULL); - DetectAppLayerMpmRegister2("http_header", SIG_FLAG_TOCLIENT, 2, + DetectAppLayerMpmRegister("http_header", SIG_FLAG_TOCLIENT, 2, PrefilterMpmHttpHeaderResponseRegister, NULL, ALPROTO_HTTP1, 0); /* not used, registered twice: HEADERS/TRAILER */ - DetectAppLayerInspectEngineRegister2("http_header", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_header", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetBuffer2ForTX); - DetectAppLayerMpmRegister2("http_header", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_header", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetBuffer2ForTX, ALPROTO_HTTP2, HTTP2StateDataClient); - DetectAppLayerInspectEngineRegister2("http_header", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_header", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetBuffer2ForTX); - DetectAppLayerMpmRegister2("http_header", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_header", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetBuffer2ForTX, ALPROTO_HTTP2, HTTP2StateDataServer); DetectBufferTypeSetDescriptionByName("http_header", @@ -739,13 +739,13 @@ void DetectHttpRequestHeaderRegister(void) sigmatch_table[DETECT_HTTP_REQUEST_HEADER].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerMpmRegister2("http_request_header", SIG_FLAG_TOSERVER, 2, + DetectAppLayerMpmRegister("http_request_header", SIG_FLAG_TOSERVER, 2, PrefilterMpmHttp2HeaderRegister, NULL, ALPROTO_HTTP2, HTTP2StateOpen); - DetectAppLayerInspectEngineRegister2("http_request_header", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_request_header", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateOpen, DetectEngineInspectHttp2Header, NULL); - DetectAppLayerMpmRegister2("http_request_header", SIG_FLAG_TOSERVER, 2, + DetectAppLayerMpmRegister("http_request_header", SIG_FLAG_TOSERVER, 2, PrefilterMpmHttp1HeaderRegister, NULL, ALPROTO_HTTP1, 0); - DetectAppLayerInspectEngineRegister2("http_request_header", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_request_header", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectHttp1Header, NULL); DetectBufferTypeSetDescriptionByName("http_request_header", "HTTP header name and value"); @@ -774,13 +774,13 @@ void DetectHttpResponseHeaderRegister(void) sigmatch_table[DETECT_HTTP_RESPONSE_HEADER].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerMpmRegister2("http_response_header", SIG_FLAG_TOCLIENT, 2, + DetectAppLayerMpmRegister("http_response_header", SIG_FLAG_TOCLIENT, 2, PrefilterMpmHttp2HeaderRegister, NULL, ALPROTO_HTTP2, HTTP2StateOpen); - DetectAppLayerInspectEngineRegister2("http_response_header", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_response_header", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateOpen, DetectEngineInspectHttp2Header, NULL); - DetectAppLayerMpmRegister2("http_response_header", SIG_FLAG_TOCLIENT, 2, + DetectAppLayerMpmRegister("http_response_header", SIG_FLAG_TOCLIENT, 2, PrefilterMpmHttp1HeaderRegister, NULL, ALPROTO_HTTP1, 0); - DetectAppLayerInspectEngineRegister2("http_response_header", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_response_header", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS, DetectEngineInspectHttp1Header, NULL); DetectBufferTypeSetDescriptionByName("http_response_header", "HTTP header name and value"); diff --git a/src/detect-http-headers-stub.h b/src/detect-http-headers-stub.h index 3a036d62209e..82d5f543d7a9 100644 --- a/src/detect-http-headers-stub.h +++ b/src/detect-http-headers-stub.h @@ -186,27 +186,27 @@ static void DetectHttpHeadersRegisterStub(void) sigmatch_table[KEYWORD_ID].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; #ifdef KEYWORD_TOSERVER - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRequestData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRequestData2, ALPROTO_HTTP2, HTTP2StateDataClient); #endif #ifdef KEYWORD_TOCLIENT - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetResponseData, ALPROTO_HTTP1, HTP_RESPONSE_HEADERS); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetResponseData2, ALPROTO_HTTP2, HTTP2StateDataServer); #endif #ifdef KEYWORD_TOSERVER - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetRequestData); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetRequestData2); #endif #ifdef KEYWORD_TOCLIENT - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS, DetectEngineInspectBufferGeneric, GetResponseData); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetResponseData2); #endif diff --git a/src/detect-http-host.c b/src/detect-http-host.c index 6f32044a112c..fe36a261e6cc 100644 --- a/src/detect-http-host.c +++ b/src/detect-http-host.c @@ -105,16 +105,16 @@ void DetectHttpHHRegister(void) sigmatch_table[DETECT_HTTP_HOST].Setup = DetectHttpHostSetup; sigmatch_table[DETECT_HTTP_HOST].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_host", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_host", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("http_host", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_host", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); - DetectAppLayerInspectEngineRegister2("http_host", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_host", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2("http_host", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_host", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataClient); DetectBufferTypeRegisterValidateCallback("http_host", @@ -140,16 +140,16 @@ void DetectHttpHHRegister(void) sigmatch_table[DETECT_HTTP_HOST_RAW].Setup = DetectHttpHostRawSetupSticky; sigmatch_table[DETECT_HTTP_HOST_RAW].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_raw_host", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_raw_host", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetRawData); - DetectAppLayerMpmRegister2("http_raw_host", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_raw_host", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRawData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); - DetectAppLayerInspectEngineRegister2("http_raw_host", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_raw_host", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetRawData2); - DetectAppLayerMpmRegister2("http_raw_host", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_raw_host", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRawData2, ALPROTO_HTTP2, HTTP2StateDataClient); DetectBufferTypeSetDescriptionByName("http_raw_host", diff --git a/src/detect-http-method.c b/src/detect-http-method.c index 0ce246359ce9..8d08f0369e90 100644 --- a/src/detect-http-method.c +++ b/src/detect-http-method.c @@ -97,16 +97,16 @@ void DetectHttpMethodRegister(void) sigmatch_table[DETECT_HTTP_METHOD].Setup = DetectHttpMethodSetupSticky; sigmatch_table[DETECT_HTTP_METHOD].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_method", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_method", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("http_method", SIG_FLAG_TOSERVER, 4, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_method", SIG_FLAG_TOSERVER, 4, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_REQUEST_LINE); - DetectAppLayerInspectEngineRegister2("http_method", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_method", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2("http_method", SIG_FLAG_TOSERVER, 4, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_method", SIG_FLAG_TOSERVER, 4, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataClient); DetectBufferTypeSetDescriptionByName("http_method", diff --git a/src/detect-http-protocol.c b/src/detect-http-protocol.c index 9dc3455d2149..ce81c5eb9804 100644 --- a/src/detect-http-protocol.c +++ b/src/detect-http-protocol.c @@ -140,22 +140,22 @@ void DetectHttpProtocolRegister(void) sigmatch_table[DETECT_AL_HTTP_PROTOCOL].Setup = DetectHttpProtocolSetup; sigmatch_table[DETECT_AL_HTTP_PROTOCOL].flags |= SIGMATCH_INFO_STICKY_BUFFER | SIGMATCH_NOOPT; - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_REQUEST_LINE); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_RESPONSE_LINE); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_LINE, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataClient); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataServer); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, diff --git a/src/detect-http-raw-header.c b/src/detect-http-raw-header.c index 946c2233e5c2..efda9b73f888 100644 --- a/src/detect-http-raw-header.c +++ b/src/detect-http-raw-header.c @@ -95,26 +95,26 @@ void DetectHttpRawHeaderRegister(void) sigmatch_table[DETECT_HTTP_RAW_HEADER].Setup = DetectHttpRawHeaderSetupSticky; sigmatch_table[DETECT_HTTP_RAW_HEADER].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_raw_header", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_raw_header", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS + 1, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerInspectEngineRegister2("http_raw_header", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_raw_header", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS + 1, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("http_raw_header", SIG_FLAG_TOSERVER, 2, + DetectAppLayerMpmRegister("http_raw_header", SIG_FLAG_TOSERVER, 2, PrefilterMpmHttpHeaderRawRequestRegister, NULL, ALPROTO_HTTP1, 0); /* progress handled in register */ - DetectAppLayerMpmRegister2("http_raw_header", SIG_FLAG_TOCLIENT, 2, + DetectAppLayerMpmRegister("http_raw_header", SIG_FLAG_TOCLIENT, 2, PrefilterMpmHttpHeaderRawResponseRegister, NULL, ALPROTO_HTTP1, 0); /* progress handled in register */ - DetectAppLayerInspectEngineRegister2("http_raw_header", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_raw_header", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerInspectEngineRegister2("http_raw_header", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_raw_header", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2("http_raw_header", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_raw_header", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataClient); - DetectAppLayerMpmRegister2("http_raw_header", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_raw_header", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataServer); DetectBufferTypeSetDescriptionByName("http_raw_header", diff --git a/src/detect-http-request-line.c b/src/detect-http-request-line.c index 89d38cbd0a8a..886e643a3eda 100644 --- a/src/detect-http-request-line.c +++ b/src/detect-http-request-line.c @@ -109,15 +109,15 @@ void DetectHttpRequestLineRegister(void) #endif sigmatch_table[DETECT_AL_HTTP_REQUEST_LINE].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_request_line", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_request_line", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("http_request_line", SIG_FLAG_TOSERVER, 2, + DetectAppLayerMpmRegister("http_request_line", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_REQUEST_LINE); - DetectAppLayerInspectEngineRegister2("http_request_line", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_request_line", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2("http_request_line", SIG_FLAG_TOSERVER, 2, + DetectAppLayerMpmRegister("http_request_line", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataClient); DetectBufferTypeSetDescriptionByName("http_request_line", diff --git a/src/detect-http-response-line.c b/src/detect-http-response-line.c index 8758644681c7..69ee8c2709ab 100644 --- a/src/detect-http-response-line.c +++ b/src/detect-http-response-line.c @@ -108,15 +108,15 @@ void DetectHttpResponseLineRegister(void) #endif sigmatch_table[DETECT_AL_HTTP_RESPONSE_LINE].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_response_line", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_response_line", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_LINE, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("http_response_line", SIG_FLAG_TOCLIENT, 2, + DetectAppLayerMpmRegister("http_response_line", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_RESPONSE_LINE); - DetectAppLayerInspectEngineRegister2("http_response_line", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_response_line", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2("http_response_line", SIG_FLAG_TOCLIENT, 2, + DetectAppLayerMpmRegister("http_response_line", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataServer); DetectBufferTypeSetDescriptionByName("http_response_line", diff --git a/src/detect-http-start.c b/src/detect-http-start.c index fed1abc96256..e88ac3cdf68f 100644 --- a/src/detect-http-start.c +++ b/src/detect-http-start.c @@ -188,14 +188,14 @@ void DetectHttpStartRegister(void) sigmatch_table[DETECT_AL_HTTP_START].Setup = DetectHttpStartSetup; sigmatch_table[DETECT_AL_HTTP_START].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetBuffer1ForTX, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetBuffer1ForTX, ALPROTO_HTTP1, HTP_RESPONSE_HEADERS); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetBuffer1ForTX); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS, DetectEngineInspectBufferGeneric, GetBuffer1ForTX); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, diff --git a/src/detect-http-stat-code.c b/src/detect-http-stat-code.c index 1e7087a318b3..37dfb2efbdcc 100644 --- a/src/detect-http-stat-code.c +++ b/src/detect-http-stat-code.c @@ -98,16 +98,16 @@ void DetectHttpStatCodeRegister (void) sigmatch_table[DETECT_HTTP_STAT_CODE].Setup = DetectHttpStatCodeSetupSticky; sigmatch_table[DETECT_HTTP_STAT_CODE].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_stat_code", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_stat_code", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_LINE, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("http_stat_code", SIG_FLAG_TOCLIENT, 4, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_stat_code", SIG_FLAG_TOCLIENT, 4, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_RESPONSE_LINE); - DetectAppLayerInspectEngineRegister2("http_stat_code", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_stat_code", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2("http_stat_code", SIG_FLAG_TOCLIENT, 4, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_stat_code", SIG_FLAG_TOCLIENT, 4, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataServer); DetectBufferTypeSetDescriptionByName("http_stat_code", diff --git a/src/detect-http-stat-msg.c b/src/detect-http-stat-msg.c index 6be7de64f756..b1a485d7a933 100644 --- a/src/detect-http-stat-msg.c +++ b/src/detect-http-stat-msg.c @@ -108,15 +108,15 @@ void DetectHttpStatMsgRegister (void) sigmatch_table[DETECT_HTTP_STAT_MSG].Setup = DetectHttpStatMsgSetupSticky; sigmatch_table[DETECT_HTTP_STAT_MSG].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_stat_msg", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_stat_msg", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_LINE, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("http_stat_msg", SIG_FLAG_TOCLIENT, 3, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_stat_msg", SIG_FLAG_TOCLIENT, 3, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_RESPONSE_LINE); - DetectAppLayerInspectEngineRegister2("http_stat_msg", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_stat_msg", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2("http_stat_msg", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_stat_msg", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataServer); DetectBufferTypeSetDescriptionByName("http_stat_msg", diff --git a/src/detect-http-ua.c b/src/detect-http-ua.c index 7138cf93fea4..8babd9adcb50 100644 --- a/src/detect-http-ua.c +++ b/src/detect-http-ua.c @@ -98,16 +98,16 @@ void DetectHttpUARegister(void) sigmatch_table[DETECT_HTTP_UA].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_HTTP_UA].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_user_agent", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_user_agent", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("http_user_agent", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_user_agent", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); - DetectAppLayerInspectEngineRegister2("http_user_agent", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_user_agent", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2("http_user_agent", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_user_agent", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataClient); DetectBufferTypeSetDescriptionByName("http_user_agent", diff --git a/src/detect-http-uri.c b/src/detect-http-uri.c index cc43023a783a..12c6f8788549 100644 --- a/src/detect-http-uri.c +++ b/src/detect-http-uri.c @@ -107,16 +107,16 @@ void DetectHttpUriRegister (void) sigmatch_table[DETECT_HTTP_URI].Setup = DetectHttpUriSetupSticky; sigmatch_table[DETECT_HTTP_URI].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_uri", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_uri", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("http_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_REQUEST_LINE); - DetectAppLayerInspectEngineRegister2("http_uri", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_uri", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2("http_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataClient); DetectBufferTypeSetDescriptionByName("http_uri", @@ -145,17 +145,17 @@ void DetectHttpUriRegister (void) sigmatch_table[DETECT_HTTP_URI_RAW].Setup = DetectHttpRawUriSetupSticky; sigmatch_table[DETECT_HTTP_URI_RAW].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_raw_uri", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_raw_uri", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetRawData); - DetectAppLayerMpmRegister2("http_raw_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_raw_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRawData, ALPROTO_HTTP1, HTP_REQUEST_LINE); // no difference between raw and decoded uri for HTTP2 - DetectAppLayerInspectEngineRegister2("http_raw_uri", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_raw_uri", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2("http_raw_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_raw_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataClient); DetectBufferTypeSetDescriptionByName("http_raw_uri", diff --git a/src/detect-http2.c b/src/detect-http2.c index 40cbe3e3a78e..560cb941cc2c 100644 --- a/src/detect-http2.c +++ b/src/detect-http2.c @@ -177,26 +177,22 @@ void DetectHttp2Register(void) sigmatch_table[DETECT_HTTP2_HEADERNAME].Setup = DetectHTTP2headerNameSetup; sigmatch_table[DETECT_HTTP2_HEADERNAME].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerMpmRegister2("http2_header_name", SIG_FLAG_TOCLIENT, 2, - PrefilterMpmHttp2HeaderNameRegister, NULL, - ALPROTO_HTTP2, HTTP2StateOpen); - DetectAppLayerInspectEngineRegister2("http2_header_name", - ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateOpen, - DetectEngineInspectHttp2HeaderName, NULL); - DetectAppLayerMpmRegister2("http2_header_name", SIG_FLAG_TOSERVER, 2, - PrefilterMpmHttp2HeaderNameRegister, NULL, - ALPROTO_HTTP2, HTTP2StateOpen); - DetectAppLayerInspectEngineRegister2("http2_header_name", - ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateOpen, - DetectEngineInspectHttp2HeaderName, NULL); + DetectAppLayerMpmRegister("http2_header_name", SIG_FLAG_TOCLIENT, 2, + PrefilterMpmHttp2HeaderNameRegister, NULL, ALPROTO_HTTP2, HTTP2StateOpen); + DetectAppLayerInspectEngineRegister("http2_header_name", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + HTTP2StateOpen, DetectEngineInspectHttp2HeaderName, NULL); + DetectAppLayerMpmRegister("http2_header_name", SIG_FLAG_TOSERVER, 2, + PrefilterMpmHttp2HeaderNameRegister, NULL, ALPROTO_HTTP2, HTTP2StateOpen); + DetectAppLayerInspectEngineRegister("http2_header_name", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + HTTP2StateOpen, DetectEngineInspectHttp2HeaderName, NULL); DetectBufferTypeSupportsMultiInstance("http2_header_name"); DetectBufferTypeSetDescriptionByName("http2_header_name", "HTTP2 header name"); g_http2_header_name_buffer_id = DetectBufferTypeGetByName("http2_header_name"); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "http2", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "http2", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); g_http2_match_buffer_id = DetectBufferTypeRegister("http2"); diff --git a/src/detect-ike-chosen-sa.c b/src/detect-ike-chosen-sa.c index 59d245de7611..083a9a6ad5b1 100644 --- a/src/detect-ike-chosen-sa.c +++ b/src/detect-ike-chosen-sa.c @@ -77,7 +77,7 @@ void DetectIkeChosenSaRegister(void) #endif DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); - DetectAppLayerInspectEngineRegister2("ike.chosen_sa_attribute", ALPROTO_IKE, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("ike.chosen_sa_attribute", ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectGenericList, NULL); g_ike_chosen_sa_buffer_id = DetectBufferTypeGetByName("ike.chosen_sa_attribute"); diff --git a/src/detect-ike-exch-type.c b/src/detect-ike-exch-type.c index 3beb2c3a2519..12751d2a4fbb 100644 --- a/src/detect-ike-exch-type.c +++ b/src/detect-ike-exch-type.c @@ -57,10 +57,10 @@ void DetectIkeExchTypeRegister(void) sigmatch_table[DETECT_AL_IKE_EXCH_TYPE].Setup = DetectIkeExchTypeSetup; sigmatch_table[DETECT_AL_IKE_EXCH_TYPE].Free = DetectIkeExchTypeFree; - DetectAppLayerInspectEngineRegister2("ike.exchtype", ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister("ike.exchtype", ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("ike.exchtype", ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister("ike.exchtype", ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectGenericList, NULL); g_ike_exch_type_buffer_id = DetectBufferTypeGetByName("ike.exchtype"); diff --git a/src/detect-ike-key-exchange-payload-length.c b/src/detect-ike-key-exchange-payload-length.c index 998948f4827c..2691c4ce89e0 100644 --- a/src/detect-ike-key-exchange-payload-length.c +++ b/src/detect-ike-key-exchange-payload-length.c @@ -61,10 +61,10 @@ void DetectIkeKeyExchangePayloadLengthRegister(void) sigmatch_table[DETECT_AL_IKE_KEY_EXCHANGE_PAYLOAD_LENGTH].Free = DetectIkeKeyExchangePayloadLengthFree; - DetectAppLayerInspectEngineRegister2("ike.key_exchange_payload_length", ALPROTO_IKE, + DetectAppLayerInspectEngineRegister("ike.key_exchange_payload_length", ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("ike.key_exchange_payload_length", ALPROTO_IKE, + DetectAppLayerInspectEngineRegister("ike.key_exchange_payload_length", ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectGenericList, NULL); g_ike_key_exch_payload_length_buffer_id = diff --git a/src/detect-ike-key-exchange-payload.c b/src/detect-ike-key-exchange-payload.c index 813e5bf080cd..9d83fba33dec 100644 --- a/src/detect-ike-key-exchange-payload.c +++ b/src/detect-ike-key-exchange-payload.c @@ -100,16 +100,16 @@ void DetectIkeKeyExchangeRegister(void) sigmatch_table[DETECT_AL_IKE_KEY_EXCHANGE].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME_KEY_EXCHANGE, ALPROTO_IKE, SIG_FLAG_TOSERVER, - 1, DetectEngineInspectBufferGeneric, GetKeyExchangeData); + DetectAppLayerInspectEngineRegister(BUFFER_NAME_KEY_EXCHANGE, ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, + DetectEngineInspectBufferGeneric, GetKeyExchangeData); - DetectAppLayerMpmRegister2(BUFFER_NAME_KEY_EXCHANGE, SIG_FLAG_TOSERVER, 1, + DetectAppLayerMpmRegister(BUFFER_NAME_KEY_EXCHANGE, SIG_FLAG_TOSERVER, 1, PrefilterGenericMpmRegister, GetKeyExchangeData, ALPROTO_IKE, 1); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME_KEY_EXCHANGE, ALPROTO_IKE, SIG_FLAG_TOCLIENT, - 1, DetectEngineInspectBufferGeneric, GetKeyExchangeData); + DetectAppLayerInspectEngineRegister(BUFFER_NAME_KEY_EXCHANGE, ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, + DetectEngineInspectBufferGeneric, GetKeyExchangeData); - DetectAppLayerMpmRegister2(BUFFER_NAME_KEY_EXCHANGE, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerMpmRegister(BUFFER_NAME_KEY_EXCHANGE, SIG_FLAG_TOCLIENT, 1, PrefilterGenericMpmRegister, GetKeyExchangeData, ALPROTO_IKE, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME_KEY_EXCHANGE, BUFFER_DESC_KEY_EXCHANGE); diff --git a/src/detect-ike-nonce-payload-length.c b/src/detect-ike-nonce-payload-length.c index 91bc6c200cac..033f8aa6e865 100644 --- a/src/detect-ike-nonce-payload-length.c +++ b/src/detect-ike-nonce-payload-length.c @@ -57,10 +57,10 @@ void DetectIkeNoncePayloadLengthRegister(void) sigmatch_table[DETECT_AL_IKE_NONCE_PAYLOAD_LENGTH].Setup = DetectIkeNoncePayloadLengthSetup; sigmatch_table[DETECT_AL_IKE_NONCE_PAYLOAD_LENGTH].Free = DetectIkeNoncePayloadLengthFree; - DetectAppLayerInspectEngineRegister2("ike.nonce_payload_length", ALPROTO_IKE, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("ike.nonce_payload_length", ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("ike.nonce_payload_length", ALPROTO_IKE, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("ike.nonce_payload_length", ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectGenericList, NULL); g_ike_nonce_payload_length_buffer_id = DetectBufferTypeGetByName("ike.nonce_payload_length"); diff --git a/src/detect-ike-nonce-payload.c b/src/detect-ike-nonce-payload.c index a6b73cdf8487..a2c4ac6f9a2a 100644 --- a/src/detect-ike-nonce-payload.c +++ b/src/detect-ike-nonce-payload.c @@ -99,16 +99,16 @@ void DetectIkeNonceRegister(void) sigmatch_table[DETECT_AL_IKE_NONCE].Setup = DetectNonceSetup; sigmatch_table[DETECT_AL_IKE_NONCE].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME_NONCE, ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME_NONCE, ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, DetectEngineInspectBufferGeneric, GetNonceData); - DetectAppLayerMpmRegister2(BUFFER_NAME_NONCE, SIG_FLAG_TOSERVER, 1, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME_NONCE, SIG_FLAG_TOSERVER, 1, PrefilterGenericMpmRegister, GetNonceData, ALPROTO_IKE, 1); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME_NONCE, ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME_NONCE, ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, GetNonceData); - DetectAppLayerMpmRegister2(BUFFER_NAME_NONCE, SIG_FLAG_TOCLIENT, 1, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME_NONCE, SIG_FLAG_TOCLIENT, 1, PrefilterGenericMpmRegister, GetNonceData, ALPROTO_IKE, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME_NONCE, BUFFER_DESC_NONCE); diff --git a/src/detect-ike-spi.c b/src/detect-ike-spi.c index 5514d0202cb5..9f310b8f580a 100644 --- a/src/detect-ike-spi.c +++ b/src/detect-ike-spi.c @@ -138,10 +138,10 @@ void DetectIkeSpiRegister(void) sigmatch_table[DETECT_AL_IKE_SPI_INITIATOR].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME_INITIATOR, ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME_INITIATOR, ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, DetectEngineInspectBufferGeneric, GetInitiatorData); - DetectAppLayerMpmRegister2(BUFFER_NAME_INITIATOR, SIG_FLAG_TOSERVER, 1, + DetectAppLayerMpmRegister(BUFFER_NAME_INITIATOR, SIG_FLAG_TOSERVER, 1, PrefilterGenericMpmRegister, GetInitiatorData, ALPROTO_IKE, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME_INITIATOR, BUFFER_DESC_INITIATOR); @@ -158,10 +158,10 @@ void DetectIkeSpiRegister(void) sigmatch_table[DETECT_AL_IKE_SPI_RESPONDER].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME_RESPONDER, ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME_RESPONDER, ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, GetResponderData); - DetectAppLayerMpmRegister2(BUFFER_NAME_RESPONDER, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerMpmRegister(BUFFER_NAME_RESPONDER, SIG_FLAG_TOCLIENT, 1, PrefilterGenericMpmRegister, GetResponderData, ALPROTO_IKE, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME_RESPONDER, BUFFER_DESC_RESPONDER); diff --git a/src/detect-ike-vendor.c b/src/detect-ike-vendor.c index 54418e0fe01a..004da45eaafe 100644 --- a/src/detect-ike-vendor.c +++ b/src/detect-ike-vendor.c @@ -182,10 +182,10 @@ void DetectIkeVendorRegister(void) sigmatch_table[DETECT_AL_IKE_VENDOR].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_IKE_VENDOR].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerMpmRegister2("ike.vendor", SIG_FLAG_TOSERVER, 1, PrefilterMpmIkeVendorRegister, + DetectAppLayerMpmRegister("ike.vendor", SIG_FLAG_TOSERVER, 1, PrefilterMpmIkeVendorRegister, NULL, ALPROTO_IKE, 1); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "ike.vendor", ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, DetectEngineInspectIkeVendor, NULL); g_ike_vendor_buffer_id = DetectBufferTypeGetByName("ike.vendor"); diff --git a/src/detect-krb5-cname.c b/src/detect-krb5-cname.c index d6f653beed18..f677b868d61f 100644 --- a/src/detect-krb5-cname.c +++ b/src/detect-krb5-cname.c @@ -196,13 +196,11 @@ void DetectKrb5CNameRegister(void) sigmatch_table[DETECT_AL_KRB5_CNAME].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; sigmatch_table[DETECT_AL_KRB5_CNAME].desc = "sticky buffer to match on Kerberos 5 client name"; - DetectAppLayerMpmRegister2("krb5_cname", SIG_FLAG_TOCLIENT, 2, - PrefilterMpmKrb5CNameRegister, NULL, - ALPROTO_KRB5, 1); + DetectAppLayerMpmRegister("krb5_cname", SIG_FLAG_TOCLIENT, 2, PrefilterMpmKrb5CNameRegister, + NULL, ALPROTO_KRB5, 1); - DetectAppLayerInspectEngineRegister2("krb5_cname", - ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, - DetectEngineInspectKrb5CName, NULL); + DetectAppLayerInspectEngineRegister( + "krb5_cname", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectKrb5CName, NULL); DetectBufferTypeSetDescriptionByName("krb5_cname", "Kerberos 5 ticket client name"); diff --git a/src/detect-krb5-errcode.c b/src/detect-krb5-errcode.c index 30c516f8d273..6fd4a0232ca7 100644 --- a/src/detect-krb5-errcode.c +++ b/src/detect-krb5-errcode.c @@ -69,10 +69,10 @@ void DetectKrb5ErrCodeRegister(void) sigmatch_table[DETECT_AL_KRB5_ERRCODE].RegisterTests = DetectKrb5ErrCodeRegisterTests; #endif - DetectAppLayerInspectEngineRegister2("krb5_err_code", ALPROTO_KRB5, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("krb5_err_code", ALPROTO_KRB5, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("krb5_err_code", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("krb5_err_code", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); /* set up the PCRE for keyword parsing */ diff --git a/src/detect-krb5-msgtype.c b/src/detect-krb5-msgtype.c index 0dd800d6be58..2afd48bcd43c 100644 --- a/src/detect-krb5-msgtype.c +++ b/src/detect-krb5-msgtype.c @@ -69,10 +69,10 @@ void DetectKrb5MsgTypeRegister(void) sigmatch_table[DETECT_AL_KRB5_MSGTYPE].RegisterTests = DetectKrb5MsgTypeRegisterTests; #endif - DetectAppLayerInspectEngineRegister2("krb5_msg_type", ALPROTO_KRB5, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("krb5_msg_type", ALPROTO_KRB5, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("krb5_msg_type", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("krb5_msg_type", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); /* set up the PCRE for keyword parsing */ diff --git a/src/detect-krb5-sname.c b/src/detect-krb5-sname.c index e4ccc6c2432e..1848ff35e117 100644 --- a/src/detect-krb5-sname.c +++ b/src/detect-krb5-sname.c @@ -196,13 +196,11 @@ void DetectKrb5SNameRegister(void) sigmatch_table[DETECT_AL_KRB5_SNAME].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; sigmatch_table[DETECT_AL_KRB5_SNAME].desc = "sticky buffer to match on Kerberos 5 server name"; - DetectAppLayerMpmRegister2("krb5_sname", SIG_FLAG_TOCLIENT, 2, - PrefilterMpmKrb5SNameRegister, NULL, - ALPROTO_KRB5, 1); + DetectAppLayerMpmRegister("krb5_sname", SIG_FLAG_TOCLIENT, 2, PrefilterMpmKrb5SNameRegister, + NULL, ALPROTO_KRB5, 1); - DetectAppLayerInspectEngineRegister2("krb5_sname", - ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, - DetectEngineInspectKrb5SName, NULL); + DetectAppLayerInspectEngineRegister( + "krb5_sname", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectKrb5SName, NULL); DetectBufferTypeSetDescriptionByName("krb5_sname", "Kerberos 5 ticket server name"); diff --git a/src/detect-krb5-ticket-encryption.c b/src/detect-krb5-ticket-encryption.c index ea1444e30d36..4c4582f1b4b6 100644 --- a/src/detect-krb5-ticket-encryption.c +++ b/src/detect-krb5-ticket-encryption.c @@ -85,7 +85,7 @@ void DetectKrb5TicketEncryptionRegister(void) sigmatch_table[DETECT_AL_KRB5_TICKET_ENCRYPTION].Free = DetectKrb5TicketEncryptionFree; // Tickets are only from server to client - DetectAppLayerInspectEngineRegister2("krb5_ticket_encryption", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("krb5_ticket_encryption", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); g_krb5_ticket_encryption_list_id = DetectBufferTypeRegister("krb5_ticket_encryption"); diff --git a/src/detect-lua.c b/src/detect-lua.c index dfb26dcbe698..203faf388496 100644 --- a/src/detect-lua.c +++ b/src/detect-lua.c @@ -123,9 +123,9 @@ void DetectLuaRegister(void) #endif g_smtp_generic_list_id = DetectBufferTypeRegister("smtp_generic"); - DetectAppLayerInspectEngineRegister2("smtp_generic", ALPROTO_SMTP, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("smtp_generic", ALPROTO_SMTP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("smtp_generic", ALPROTO_SMTP, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("smtp_generic", ALPROTO_SMTP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); SCLogDebug("registering lua rule option"); diff --git a/src/detect-modbus.c b/src/detect-modbus.c index b010500a143c..b41dc8e6afd3 100644 --- a/src/detect-modbus.c +++ b/src/detect-modbus.c @@ -134,7 +134,7 @@ void DetectModbusRegister(void) sigmatch_table[DETECT_AL_MODBUS].Free = DetectModbusFree; sigmatch_table[DETECT_AL_MODBUS].AppLayerTxMatch = DetectModbusMatch; - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "modbus", ALPROTO_MODBUS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); g_modbus_buffer_id = DetectBufferTypeGetByName("modbus"); diff --git a/src/detect-mqtt-connack-sessionpresent.c b/src/detect-mqtt-connack-sessionpresent.c index 7ec902f1172c..cb0ebaecfd01 100644 --- a/src/detect-mqtt-connack-sessionpresent.c +++ b/src/detect-mqtt-connack-sessionpresent.c @@ -62,7 +62,7 @@ void DetectMQTTConnackSessionPresentRegister (void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); - DetectAppLayerInspectEngineRegister2("mqtt.connack.session_present", ALPROTO_MQTT, + DetectAppLayerInspectEngineRegister("mqtt.connack.session_present", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); mqtt_connack_session_present_id = DetectBufferTypeGetByName("mqtt.connack.session_present"); diff --git a/src/detect-mqtt-connect-clientid.c b/src/detect-mqtt-connect-clientid.c index 1acebf9943bc..c3bc31474342 100644 --- a/src/detect-mqtt-connect-clientid.c +++ b/src/detect-mqtt-connect-clientid.c @@ -78,13 +78,11 @@ void DetectMQTTConnectClientIDRegister(void) sigmatch_table[DETECT_AL_MQTT_CONNECT_CLIENTID].Setup = DetectMQTTConnectClientIDSetup; sigmatch_table[DETECT_AL_MQTT_CONNECT_CLIENTID].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_MQTT, - SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_MQTT, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_MQTT, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_MQTT, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-mqtt-connect-flags.c b/src/detect-mqtt-connect-flags.c index 49bfae6f4b52..30fece2780f9 100644 --- a/src/detect-mqtt-connect-flags.c +++ b/src/detect-mqtt-connect-flags.c @@ -70,7 +70,7 @@ void DetectMQTTConnectFlagsRegister (void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); - DetectAppLayerInspectEngineRegister2("mqtt.connect.flags", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister("mqtt.connect.flags", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); mqtt_connect_flags_id = DetectBufferTypeGetByName("mqtt.connect.flags"); diff --git a/src/detect-mqtt-connect-password.c b/src/detect-mqtt-connect-password.c index c08390748fe0..57ec1ba24ff9 100644 --- a/src/detect-mqtt-connect-password.c +++ b/src/detect-mqtt-connect-password.c @@ -78,13 +78,11 @@ void DetectMQTTConnectPasswordRegister(void) sigmatch_table[DETECT_AL_MQTT_CONNECT_PASSWORD].Setup = DetectMQTTConnectPasswordSetup; sigmatch_table[DETECT_AL_MQTT_CONNECT_PASSWORD].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_MQTT, - SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_MQTT, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_MQTT, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_MQTT, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-mqtt-connect-username.c b/src/detect-mqtt-connect-username.c index dbc772d22058..607a35685493 100644 --- a/src/detect-mqtt-connect-username.c +++ b/src/detect-mqtt-connect-username.c @@ -78,13 +78,11 @@ void DetectMQTTConnectUsernameRegister(void) sigmatch_table[DETECT_AL_MQTT_CONNECT_USERNAME].Setup = DetectMQTTConnectUsernameSetup; sigmatch_table[DETECT_AL_MQTT_CONNECT_USERNAME].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_MQTT, - SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_MQTT, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_MQTT, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_MQTT, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-mqtt-connect-willmessage.c b/src/detect-mqtt-connect-willmessage.c index 48d851d3209e..8ff68a6594e3 100644 --- a/src/detect-mqtt-connect-willmessage.c +++ b/src/detect-mqtt-connect-willmessage.c @@ -78,13 +78,11 @@ void DetectMQTTConnectWillMessageRegister(void) sigmatch_table[DETECT_AL_MQTT_CONNECT_WILLMESSAGE].Setup = DetectMQTTConnectWillMessageSetup; sigmatch_table[DETECT_AL_MQTT_CONNECT_WILLMESSAGE].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_MQTT, - SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_MQTT, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_MQTT, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_MQTT, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-mqtt-connect-willtopic.c b/src/detect-mqtt-connect-willtopic.c index da3d2640dd96..55efe93122eb 100644 --- a/src/detect-mqtt-connect-willtopic.c +++ b/src/detect-mqtt-connect-willtopic.c @@ -78,13 +78,11 @@ void DetectMQTTConnectWillTopicRegister(void) sigmatch_table[DETECT_AL_MQTT_CONNECT_WILLTOPIC].Setup = DetectMQTTConnectWillTopicSetup; sigmatch_table[DETECT_AL_MQTT_CONNECT_WILLTOPIC].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_MQTT, - SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_MQTT, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_MQTT, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_MQTT, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-mqtt-flags.c b/src/detect-mqtt-flags.c index 799e1668e404..4774818066f9 100644 --- a/src/detect-mqtt-flags.c +++ b/src/detect-mqtt-flags.c @@ -66,7 +66,7 @@ void DetectMQTTFlagsRegister (void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "mqtt.flags", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); mqtt_flags_id = DetectBufferTypeGetByName("mqtt.flags"); diff --git a/src/detect-mqtt-protocol-version.c b/src/detect-mqtt-protocol-version.c index 39a9ce67d6f9..f696b1e27fb6 100644 --- a/src/detect-mqtt-protocol-version.c +++ b/src/detect-mqtt-protocol-version.c @@ -59,8 +59,8 @@ void DetectMQTTProtocolVersionRegister (void) sigmatch_table[DETECT_AL_MQTT_PROTOCOL_VERSION].RegisterTests = MQTTProtocolVersionRegisterTests; #endif - DetectAppLayerInspectEngineRegister2("mqtt.protocol_version", ALPROTO_MQTT, SIG_FLAG_TOSERVER, - 1, DetectEngineInspectGenericList, NULL); + DetectAppLayerInspectEngineRegister("mqtt.protocol_version", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, + DetectEngineInspectGenericList, NULL); mqtt_protocol_version_id = DetectBufferTypeGetByName("mqtt.protocol_version"); } diff --git a/src/detect-mqtt-publish-message.c b/src/detect-mqtt-publish-message.c index 32f3bd6460ad..02595737271c 100644 --- a/src/detect-mqtt-publish-message.c +++ b/src/detect-mqtt-publish-message.c @@ -78,13 +78,11 @@ void DetectMQTTPublishMessageRegister(void) sigmatch_table[DETECT_AL_MQTT_PUBLISH_MESSAGE].Setup = DetectMQTTPublishMessageSetup; sigmatch_table[DETECT_AL_MQTT_PUBLISH_MESSAGE].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_MQTT, - SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_MQTT, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_MQTT, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_MQTT, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-mqtt-publish-topic.c b/src/detect-mqtt-publish-topic.c index c03a47b5eda7..6538857e8c2b 100644 --- a/src/detect-mqtt-publish-topic.c +++ b/src/detect-mqtt-publish-topic.c @@ -78,13 +78,11 @@ void DetectMQTTPublishTopicRegister(void) sigmatch_table[DETECT_AL_MQTT_PUBLISH_TOPIC].Setup = DetectMQTTPublishTopicSetup; sigmatch_table[DETECT_AL_MQTT_PUBLISH_TOPIC].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_MQTT, - SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_MQTT, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_MQTT, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_MQTT, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-mqtt-qos.c b/src/detect-mqtt-qos.c index 07aa834dc20d..6349150ade5d 100644 --- a/src/detect-mqtt-qos.c +++ b/src/detect-mqtt-qos.c @@ -58,7 +58,7 @@ void DetectMQTTQosRegister (void) sigmatch_table[DETECT_AL_MQTT_QOS].RegisterTests = MQTTQosRegisterTests; #endif - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "mqtt.qos", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); mqtt_qos_id = DetectBufferTypeGetByName("mqtt.qos"); diff --git a/src/detect-mqtt-reason-code.c b/src/detect-mqtt-reason-code.c index 085c9c047c9f..56f85f64f667 100644 --- a/src/detect-mqtt-reason-code.c +++ b/src/detect-mqtt-reason-code.c @@ -64,7 +64,7 @@ void DetectMQTTReasonCodeRegister (void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); - DetectAppLayerInspectEngineRegister2("mqtt.reason_code", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister("mqtt.reason_code", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); mqtt_reason_code_id = DetectBufferTypeGetByName("mqtt.reason_code"); diff --git a/src/detect-mqtt-subscribe-topic.c b/src/detect-mqtt-subscribe-topic.c index c2793bb13a80..18ebc04a6236 100644 --- a/src/detect-mqtt-subscribe-topic.c +++ b/src/detect-mqtt-subscribe-topic.c @@ -211,12 +211,10 @@ void DetectMQTTSubscribeTopicRegister (void) subscribe_topic_match_limit); } - DetectAppLayerMpmRegister2("mqtt.subscribe.topic", SIG_FLAG_TOSERVER, 1, - PrefilterMpmMQTTSubscribeTopicRegister, NULL, - ALPROTO_MQTT, 1); + DetectAppLayerMpmRegister("mqtt.subscribe.topic", SIG_FLAG_TOSERVER, 1, + PrefilterMpmMQTTSubscribeTopicRegister, NULL, ALPROTO_MQTT, 1); - DetectAppLayerInspectEngineRegister2("mqtt.subscribe.topic", - ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister("mqtt.subscribe.topic", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectMQTTSubscribeTopic, NULL); DetectBufferTypeSetDescriptionByName("mqtt.subscribe.topic", diff --git a/src/detect-mqtt-type.c b/src/detect-mqtt-type.c index 3bc7f1e4f593..8a228f1b9835 100644 --- a/src/detect-mqtt-type.c +++ b/src/detect-mqtt-type.c @@ -57,7 +57,7 @@ void DetectMQTTTypeRegister (void) sigmatch_table[DETECT_AL_MQTT_TYPE].RegisterTests = MQTTTypeRegisterTests; #endif - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "mqtt.type", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); mqtt_type_id = DetectBufferTypeGetByName("mqtt.type"); diff --git a/src/detect-mqtt-unsubscribe-topic.c b/src/detect-mqtt-unsubscribe-topic.c index 0ff49ea6d0d3..3feae907f17c 100644 --- a/src/detect-mqtt-unsubscribe-topic.c +++ b/src/detect-mqtt-unsubscribe-topic.c @@ -211,13 +211,11 @@ void DetectMQTTUnsubscribeTopicRegister (void) unsubscribe_topic_match_limit); } - DetectAppLayerMpmRegister2("mqtt.unsubscribe.topic", SIG_FLAG_TOSERVER, 1, - PrefilterMpmMQTTUnsubscribeTopicRegister, NULL, - ALPROTO_MQTT, 1); + DetectAppLayerMpmRegister("mqtt.unsubscribe.topic", SIG_FLAG_TOSERVER, 1, + PrefilterMpmMQTTUnsubscribeTopicRegister, NULL, ALPROTO_MQTT, 1); - DetectAppLayerInspectEngineRegister2("mqtt.unsubscribe.topic", - ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, - DetectEngineInspectMQTTUnsubscribeTopic, NULL); + DetectAppLayerInspectEngineRegister("mqtt.unsubscribe.topic", ALPROTO_MQTT, SIG_FLAG_TOSERVER, + 1, DetectEngineInspectMQTTUnsubscribeTopic, NULL); DetectBufferTypeSetDescriptionByName("mqtt.unsubscribe.topic", "unsubscribe topic query"); diff --git a/src/detect-nfs-procedure.c b/src/detect-nfs-procedure.c index 08d69f7d6371..74ea8e917de2 100644 --- a/src/detect-nfs-procedure.c +++ b/src/detect-nfs-procedure.c @@ -74,7 +74,7 @@ void DetectNfsProcedureRegister (void) sigmatch_table[DETECT_AL_NFS_PROCEDURE].RegisterTests = DetectNfsProcedureRegisterTests; #endif - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "nfs_request", ALPROTO_NFS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); g_nfs_request_buffer_id = DetectBufferTypeGetByName("nfs_request"); diff --git a/src/detect-nfs-version.c b/src/detect-nfs-version.c index 5b4f3b82def8..a8c6ef8914d4 100644 --- a/src/detect-nfs-version.c +++ b/src/detect-nfs-version.c @@ -69,7 +69,7 @@ void DetectNfsVersionRegister (void) sigmatch_table[DETECT_AL_NFS_VERSION].Setup = DetectNfsVersionSetup; sigmatch_table[DETECT_AL_NFS_VERSION].Free = DetectNfsVersionFree; // unit tests were the same as DetectNfsProcedureRegisterTests - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "nfs_request", ALPROTO_NFS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); g_nfs_request_buffer_id = DetectBufferTypeGetByName("nfs_request"); diff --git a/src/detect-parse.c b/src/detect-parse.c index d9800f0a2f34..802ba2b05123 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -107,18 +107,16 @@ void DetectFileRegisterFileProtocols(DetectFileHandlerTableElmt *reg) : al_protocols[i].direction; if (direction & SIG_FLAG_TOCLIENT) { - DetectAppLayerMpmRegister2(reg->name, SIG_FLAG_TOCLIENT, reg->priority, - reg->PrefilterFn, reg->GetData, al_protocols[i].al_proto, - al_protocols[i].to_client_progress); - DetectAppLayerInspectEngineRegister2(reg->name, al_protocols[i].al_proto, + DetectAppLayerMpmRegister(reg->name, SIG_FLAG_TOCLIENT, reg->priority, reg->PrefilterFn, + reg->GetData, al_protocols[i].al_proto, al_protocols[i].to_client_progress); + DetectAppLayerInspectEngineRegister(reg->name, al_protocols[i].al_proto, SIG_FLAG_TOCLIENT, al_protocols[i].to_client_progress, reg->Callback, reg->GetData); } if (direction & SIG_FLAG_TOSERVER) { - DetectAppLayerMpmRegister2(reg->name, SIG_FLAG_TOSERVER, reg->priority, - reg->PrefilterFn, reg->GetData, al_protocols[i].al_proto, - al_protocols[i].to_server_progress); - DetectAppLayerInspectEngineRegister2(reg->name, al_protocols[i].al_proto, + DetectAppLayerMpmRegister(reg->name, SIG_FLAG_TOSERVER, reg->priority, reg->PrefilterFn, + reg->GetData, al_protocols[i].al_proto, al_protocols[i].to_server_progress); + DetectAppLayerInspectEngineRegister(reg->name, al_protocols[i].al_proto, SIG_FLAG_TOSERVER, al_protocols[i].to_server_progress, reg->Callback, reg->GetData); } diff --git a/src/detect-parse.h b/src/detect-parse.h index a7f2c4d17df7..0110ebac653b 100644 --- a/src/detect-parse.h +++ b/src/detect-parse.h @@ -33,7 +33,7 @@ typedef struct DetectFileHandlerTableElmt_ { const char *name; int priority; PrefilterRegisterFunc PrefilterFn; - InspectEngineFuncPtr2 Callback; + InspectEngineFuncPtr Callback; InspectionBufferGetDataPtr GetData; int al_protocols[MAX_DETECT_ALPROTO_CNT]; int tx_progress; diff --git a/src/detect-quic-cyu-hash.c b/src/detect-quic-cyu-hash.c index 8b094aaa1d61..421d9dc30791 100644 --- a/src/detect-quic-cyu-hash.c +++ b/src/detect-quic-cyu-hash.c @@ -234,10 +234,10 @@ void DetectQuicCyuHashRegister(void) sigmatch_table[DETECT_AL_QUIC_CYU_HASH].RegisterTests = DetectQuicCyuHashRegisterTests; #endif - DetectAppLayerMpmRegister2( + DetectAppLayerMpmRegister( BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterMpmQuicHashRegister, NULL, ALPROTO_QUIC, 1); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 0, DetectEngineInspectQuicHash, NULL); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-quic-cyu-string.c b/src/detect-quic-cyu-string.c index cf1164c40fde..55863ca7bfe5 100644 --- a/src/detect-quic-cyu-string.c +++ b/src/detect-quic-cyu-string.c @@ -187,10 +187,10 @@ void DetectQuicCyuStringRegister(void) sigmatch_table[DETECT_AL_QUIC_CYU_STRING].RegisterTests = DetectQuicCyuStringRegisterTests; #endif - DetectAppLayerMpmRegister2( + DetectAppLayerMpmRegister( BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterMpmListIdRegister, NULL, ALPROTO_QUIC, 1); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 0, DetectEngineInspectQuicString, NULL); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-quic-sni.c b/src/detect-quic-sni.c index 722f50d04697..4515baa6a7ec 100644 --- a/src/detect-quic-sni.c +++ b/src/detect-quic-sni.c @@ -80,10 +80,10 @@ void DetectQuicSniRegister(void) sigmatch_table[DETECT_AL_QUIC_SNI].RegisterTests = DetectQuicSniRegisterTests; #endif - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetSniData, ALPROTO_QUIC, 1); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, DetectEngineInspectBufferGeneric, GetSniData); quic_sni_id = DetectBufferTypeGetByName(BUFFER_NAME); diff --git a/src/detect-quic-ua.c b/src/detect-quic-ua.c index c491d05b06a2..4f4e9fd7d2e7 100644 --- a/src/detect-quic-ua.c +++ b/src/detect-quic-ua.c @@ -80,10 +80,10 @@ void DetectQuicUaRegister(void) sigmatch_table[DETECT_AL_QUIC_UA].RegisterTests = DetectQuicUaRegisterTests; #endif - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetUaData, ALPROTO_QUIC, 1); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, DetectEngineInspectBufferGeneric, GetUaData); quic_ua_id = DetectBufferTypeGetByName(BUFFER_NAME); diff --git a/src/detect-quic-version.c b/src/detect-quic-version.c index fcd99545aad5..58257d143ba4 100644 --- a/src/detect-quic-version.c +++ b/src/detect-quic-version.c @@ -80,14 +80,14 @@ void DetectQuicVersionRegister(void) sigmatch_table[DETECT_AL_QUIC_VERSION].RegisterTests = DetectQuicVersionRegisterTests; #endif - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetVersionData, ALPROTO_QUIC, 1); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetVersionData, ALPROTO_QUIC, 1); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, DetectEngineInspectBufferGeneric, GetVersionData); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, GetVersionData); quic_version_id = DetectBufferTypeGetByName(BUFFER_NAME); diff --git a/src/detect-rfb-name.c b/src/detect-rfb-name.c index 5e8251d51a5a..222223a44999 100644 --- a/src/detect-rfb-name.c +++ b/src/detect-rfb-name.c @@ -96,13 +96,11 @@ void DetectRfbNameRegister(void) sigmatch_table[DETECT_AL_RFB_NAME].Setup = DetectRfbNameSetup; sigmatch_table[DETECT_AL_RFB_NAME].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_RFB, - SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_RFB, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 1, - PrefilterGenericMpmRegister, GetData, ALPROTO_RFB, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 1, PrefilterGenericMpmRegister, + GetData, ALPROTO_RFB, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-rfb-secresult.c b/src/detect-rfb-secresult.c index ff82d98fa690..a5cc353b4b1c 100644 --- a/src/detect-rfb-secresult.c +++ b/src/detect-rfb-secresult.c @@ -67,7 +67,7 @@ void DetectRfbSecresultRegister (void) #endif DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); - DetectAppLayerInspectEngineRegister2("rfb.secresult", ALPROTO_RFB, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister("rfb.secresult", ALPROTO_RFB, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectGenericList, NULL); rfb_secresult_id = DetectBufferTypeGetByName("rfb.secresult"); diff --git a/src/detect-rfb-sectype.c b/src/detect-rfb-sectype.c index 400ee5cb087c..0cfd59d56d71 100644 --- a/src/detect-rfb-sectype.c +++ b/src/detect-rfb-sectype.c @@ -54,7 +54,7 @@ void DetectRfbSectypeRegister (void) sigmatch_table[DETECT_AL_RFB_SECTYPE].Setup = DetectRfbSectypeSetup; sigmatch_table[DETECT_AL_RFB_SECTYPE].Free = DetectRfbSectypeFree; - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "rfb.sectype", ALPROTO_RFB, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); g_rfb_sectype_buffer_id = DetectBufferTypeGetByName("rfb.sectype"); diff --git a/src/detect-sip-method.c b/src/detect-sip-method.c index fccc8a73f9fc..d4ee89ad193b 100644 --- a/src/detect-sip-method.c +++ b/src/detect-sip-method.c @@ -134,13 +134,11 @@ void DetectSipMethodRegister(void) sigmatch_table[DETECT_AL_SIP_METHOD].Setup = DetectSipMethodSetup; sigmatch_table[DETECT_AL_SIP_METHOD].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SIP, - SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SIP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_SIP, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_SIP, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-sip-protocol.c b/src/detect-sip-protocol.c index 41fdcac538b3..6adf74452988 100644 --- a/src/detect-sip-protocol.c +++ b/src/detect-sip-protocol.c @@ -100,17 +100,13 @@ void DetectSipProtocolRegister(void) sigmatch_table[DETECT_AL_SIP_PROTOCOL].Setup = DetectSipProtocolSetup; sigmatch_table[DETECT_AL_SIP_PROTOCOL].flags |= SIGMATCH_NOOPT; - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_SIP, - 1); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_SIP, - 1); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_SIP, SIG_FLAG_TOSERVER, 1, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_SIP, 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_SIP, 1); + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SIP, SIG_FLAG_TOSERVER, 1, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_SIP, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SIP, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, GetData); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-sip-request-line.c b/src/detect-sip-request-line.c index 9d9f4c9c5fe5..5852f7fbe843 100644 --- a/src/detect-sip-request-line.c +++ b/src/detect-sip-request-line.c @@ -100,13 +100,11 @@ void DetectSipRequestLineRegister(void) sigmatch_table[DETECT_AL_SIP_REQUEST_LINE].Setup = DetectSipRequestLineSetup; sigmatch_table[DETECT_AL_SIP_REQUEST_LINE].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SIP, - SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SIP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_SIP, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_SIP, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-sip-response-line.c b/src/detect-sip-response-line.c index 99061f951d5a..12be766dfeb3 100644 --- a/src/detect-sip-response-line.c +++ b/src/detect-sip-response-line.c @@ -100,13 +100,11 @@ void DetectSipResponseLineRegister(void) sigmatch_table[DETECT_AL_SIP_RESPONSE_LINE].Setup = DetectSipResponseLineSetup; sigmatch_table[DETECT_AL_SIP_RESPONSE_LINE].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SIP, - SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SIP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_SIP, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_SIP, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-sip-stat-code.c b/src/detect-sip-stat-code.c index 9b663c971e8e..883872b169f3 100644 --- a/src/detect-sip-stat-code.c +++ b/src/detect-sip-stat-code.c @@ -103,13 +103,11 @@ void DetectSipStatCodeRegister (void) sigmatch_table[DETECT_AL_SIP_STAT_CODE].Setup = DetectSipStatCodeSetup; sigmatch_table[DETECT_AL_SIP_STAT_CODE].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SIP, - SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SIP, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 4, - PrefilterGenericMpmRegister, GetData, ALPROTO_SIP, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 4, PrefilterGenericMpmRegister, + GetData, ALPROTO_SIP, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-sip-stat-msg.c b/src/detect-sip-stat-msg.c index a9b9247a5d70..bda224b3e169 100644 --- a/src/detect-sip-stat-msg.c +++ b/src/detect-sip-stat-msg.c @@ -103,13 +103,11 @@ void DetectSipStatMsgRegister (void) sigmatch_table[DETECT_AL_SIP_STAT_MSG].Setup = DetectSipStatMsgSetup; sigmatch_table[DETECT_AL_SIP_STAT_MSG].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SIP, - SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SIP, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 3, - PrefilterGenericMpmRegister, GetData, ALPROTO_SIP, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 3, PrefilterGenericMpmRegister, + GetData, ALPROTO_SIP, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-sip-uri.c b/src/detect-sip-uri.c index 1a000fdb543a..f71627e035e1 100644 --- a/src/detect-sip-uri.c +++ b/src/detect-sip-uri.c @@ -112,13 +112,11 @@ void DetectSipUriRegister(void) sigmatch_table[DETECT_AL_SIP_URI].Setup = DetectSipUriSetup; sigmatch_table[DETECT_AL_SIP_URI].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SIP, - SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SIP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_SIP, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_SIP, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-smb-ntlmssp.c b/src/detect-smb-ntlmssp.c index a88b89c6f473..aa53269309cf 100644 --- a/src/detect-smb-ntlmssp.c +++ b/src/detect-smb-ntlmssp.c @@ -81,10 +81,10 @@ void DetectSmbNtlmsspUserRegister(void) sigmatch_table[KEYWORD_ID].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; sigmatch_table[KEYWORD_ID].desc = "sticky buffer to match on SMB ntlmssp user in session setup"; - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetNtlmsspUserData, ALPROTO_SMB, 1); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetNtlmsspUserData); g_smb_nltmssp_user_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME); @@ -139,10 +139,10 @@ void DetectSmbNtlmsspDomainRegister(void) sigmatch_table[KEYWORD_ID].desc = "sticky buffer to match on SMB ntlmssp domain in session setup"; - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetNtlmsspDomainData, ALPROTO_SMB, 1); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetNtlmsspDomainData); g_smb_nltmssp_domain_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME); diff --git a/src/detect-smb-share.c b/src/detect-smb-share.c index 8d4d145fad8c..018d8ceefd79 100644 --- a/src/detect-smb-share.c +++ b/src/detect-smb-share.c @@ -83,12 +83,10 @@ void DetectSmbNamedPipeRegister(void) sigmatch_table[KEYWORD_ID].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; sigmatch_table[KEYWORD_ID].desc = "sticky buffer to match on SMB named pipe in tree connect"; - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetNamedPipeData, - ALPROTO_SMB, 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetNamedPipeData, ALPROTO_SMB, 1); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetNamedPipeData); g_smb_named_pipe_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME); @@ -146,12 +144,10 @@ void DetectSmbShareRegister(void) sigmatch_table[KEYWORD_ID].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; sigmatch_table[KEYWORD_ID].desc = "sticky buffer to match on SMB share name in tree connect"; - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetShareData, - ALPROTO_SMB, 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetShareData, ALPROTO_SMB, 1); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetShareData); g_smb_share_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME); diff --git a/src/detect-snmp-community.c b/src/detect-snmp-community.c index 93e7d21671ab..f1dd740e3d53 100644 --- a/src/detect-snmp-community.c +++ b/src/detect-snmp-community.c @@ -62,16 +62,14 @@ void DetectSNMPCommunityRegister(void) sigmatch_table[DETECT_AL_SNMP_COMMUNITY].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; /* register inspect engines */ - DetectAppLayerInspectEngineRegister2("snmp.community", - ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("snmp.community", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("snmp.community", SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_SNMP, 0); - DetectAppLayerInspectEngineRegister2("snmp.community", - ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerMpmRegister("snmp.community", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_SNMP, 0); + DetectAppLayerInspectEngineRegister("snmp.community", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("snmp.community", SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_SNMP, 0); + DetectAppLayerMpmRegister("snmp.community", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_SNMP, 0); DetectBufferTypeSetDescriptionByName("snmp.community", "SNMP Community identifier"); diff --git a/src/detect-snmp-pdu_type.c b/src/detect-snmp-pdu_type.c index d053c29a792d..097fac1e959a 100644 --- a/src/detect-snmp-pdu_type.c +++ b/src/detect-snmp-pdu_type.c @@ -68,10 +68,10 @@ void DetectSNMPPduTypeRegister(void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); - DetectAppLayerInspectEngineRegister2("snmp.pdu_type", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("snmp.pdu_type", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("snmp.pdu_type", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("snmp.pdu_type", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); g_snmp_pdu_type_buffer_id = DetectBufferTypeGetByName("snmp.pdu_type"); diff --git a/src/detect-snmp-usm.c b/src/detect-snmp-usm.c index 2e03fca16b94..fd1a814d164d 100644 --- a/src/detect-snmp-usm.c +++ b/src/detect-snmp-usm.c @@ -66,13 +66,13 @@ void DetectSNMPUsmRegister(void) sigmatch_table[DETECT_AL_SNMP_USM].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; /* register inspect engines */ - DetectAppLayerInspectEngineRegister2("snmp.usm", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("snmp.usm", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("snmp.usm", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("snmp.usm", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_SNMP, 0); - DetectAppLayerInspectEngineRegister2("snmp.usm", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("snmp.usm", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("snmp.usm", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("snmp.usm", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_SNMP, 0); DetectBufferTypeSetDescriptionByName("snmp.usm", "SNMP USM"); diff --git a/src/detect-snmp-version.c b/src/detect-snmp-version.c index 57359c091bd6..f9bc728b8ad2 100644 --- a/src/detect-snmp-version.c +++ b/src/detect-snmp-version.c @@ -60,10 +60,10 @@ void DetectSNMPVersionRegister (void) sigmatch_table[DETECT_AL_SNMP_VERSION].RegisterTests = DetectSNMPVersionRegisterTests; #endif - DetectAppLayerInspectEngineRegister2("snmp.version", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("snmp.version", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("snmp.version", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("snmp.version", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); g_snmp_version_buffer_id = DetectBufferTypeGetByName("snmp.version"); diff --git a/src/detect-ssh-hassh-server-string.c b/src/detect-ssh-hassh-server-string.c index 27b0e0cb7595..f62c72e79c79 100644 --- a/src/detect-ssh-hassh-server-string.c +++ b/src/detect-ssh-hassh-server-string.c @@ -129,13 +129,10 @@ void DetectSshHasshServerStringRegister(void) sigmatch_table[DETECT_AL_SSH_HASSH_SERVER_STRING].Setup = DetectSshHasshServerStringSetup; sigmatch_table[DETECT_AL_SSH_HASSH_SERVER_STRING].flags |= SIGMATCH_INFO_STICKY_BUFFER | SIGMATCH_NOOPT; - - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetSshData, - ALPROTO_SSH, SshStateBannerDone); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SSH, - SIG_FLAG_TOCLIENT, SshStateBannerDone, - DetectEngineInspectBufferGeneric, GetSshData); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetSshData, ALPROTO_SSH, SshStateBannerDone); + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOCLIENT, + SshStateBannerDone, DetectEngineInspectBufferGeneric, GetSshData); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-ssh-hassh-server.c b/src/detect-ssh-hassh-server.c index 295284108f10..98f7d3dc2e2f 100644 --- a/src/detect-ssh-hassh-server.c +++ b/src/detect-ssh-hassh-server.c @@ -197,12 +197,10 @@ void DetectSshHasshServerRegister(void) sigmatch_table[DETECT_AL_SSH_HASSH_SERVER].Setup = DetectSshHasshServerSetup; sigmatch_table[DETECT_AL_SSH_HASSH_SERVER].flags |= SIGMATCH_INFO_STICKY_BUFFER | SIGMATCH_NOOPT; - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetSshData, - ALPROTO_SSH, SshStateBannerDone); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SSH, - SIG_FLAG_TOCLIENT, SshStateBannerDone, - DetectEngineInspectBufferGeneric, GetSshData); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetSshData, ALPROTO_SSH, SshStateBannerDone); + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOCLIENT, + SshStateBannerDone, DetectEngineInspectBufferGeneric, GetSshData); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); g_ssh_hassh_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME); diff --git a/src/detect-ssh-hassh-string.c b/src/detect-ssh-hassh-string.c index e639e64b134f..ad29b90ee764 100644 --- a/src/detect-ssh-hassh-string.c +++ b/src/detect-ssh-hassh-string.c @@ -129,13 +129,10 @@ void DetectSshHasshStringRegister(void) sigmatch_table[DETECT_AL_SSH_HASSH_STRING].Setup = DetectSshHasshStringSetup; sigmatch_table[DETECT_AL_SSH_HASSH_STRING].flags |= SIGMATCH_INFO_STICKY_BUFFER | SIGMATCH_NOOPT; - - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetSshData, - ALPROTO_SSH, SshStateBannerDone); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SSH, - SIG_FLAG_TOSERVER, SshStateBannerDone, - DetectEngineInspectBufferGeneric, GetSshData); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetSshData, ALPROTO_SSH, SshStateBannerDone); + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOSERVER, + SshStateBannerDone, DetectEngineInspectBufferGeneric, GetSshData); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-ssh-hassh.c b/src/detect-ssh-hassh.c index b410a5ffee84..377aa9d2c433 100644 --- a/src/detect-ssh-hassh.c +++ b/src/detect-ssh-hassh.c @@ -199,13 +199,10 @@ void DetectSshHasshRegister(void) sigmatch_table[DETECT_AL_SSH_HASSH].Setup = DetectSshHasshSetup; sigmatch_table[DETECT_AL_SSH_HASSH].flags |= SIGMATCH_INFO_STICKY_BUFFER | SIGMATCH_NOOPT; - - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetSshData, - ALPROTO_SSH, SshStateBannerDone), - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SSH, - SIG_FLAG_TOSERVER, SshStateBannerDone, - DetectEngineInspectBufferGeneric, GetSshData); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetSshData, ALPROTO_SSH, SshStateBannerDone), + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOSERVER, + SshStateBannerDone, DetectEngineInspectBufferGeneric, GetSshData); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); g_ssh_hassh_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME); diff --git a/src/detect-ssh-proto.c b/src/detect-ssh-proto.c index a979190de1a9..19807511e757 100644 --- a/src/detect-ssh-proto.c +++ b/src/detect-ssh-proto.c @@ -101,20 +101,15 @@ void DetectSshProtocolRegister(void) sigmatch_table[DETECT_AL_SSH_PROTOCOL].Setup = DetectSshProtocolSetup; sigmatch_table[DETECT_AL_SSH_PROTOCOL].flags |= SIGMATCH_INFO_STICKY_BUFFER | SIGMATCH_NOOPT; - - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetSshData, - ALPROTO_SSH, SshStateBannerDone), - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetSshData, - ALPROTO_SSH, SshStateBannerDone), - - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_SSH, SIG_FLAG_TOSERVER, SshStateBannerDone, - DetectEngineInspectBufferGeneric, GetSshData); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_SSH, SIG_FLAG_TOCLIENT, SshStateBannerDone, - DetectEngineInspectBufferGeneric, GetSshData); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetSshData, ALPROTO_SSH, SshStateBannerDone), + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, + PrefilterGenericMpmRegister, GetSshData, ALPROTO_SSH, SshStateBannerDone), + + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOSERVER, + SshStateBannerDone, DetectEngineInspectBufferGeneric, GetSshData); + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOCLIENT, + SshStateBannerDone, DetectEngineInspectBufferGeneric, GetSshData); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-ssh-software-version.c b/src/detect-ssh-software-version.c index 5fec33ac0eef..a9b0af343207 100644 --- a/src/detect-ssh-software-version.c +++ b/src/detect-ssh-software-version.c @@ -98,9 +98,9 @@ void DetectSshSoftwareVersionRegister(void) g_ssh_banner_list_id = DetectBufferTypeRegister("ssh_banner"); - DetectAppLayerInspectEngineRegister2("ssh_banner", ALPROTO_SSH, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("ssh_banner", ALPROTO_SSH, SIG_FLAG_TOSERVER, SshStateBannerDone, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("ssh_banner", ALPROTO_SSH, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("ssh_banner", ALPROTO_SSH, SIG_FLAG_TOCLIENT, SshStateBannerDone, DetectEngineInspectGenericList, NULL); } diff --git a/src/detect-ssh-software.c b/src/detect-ssh-software.c index cd11c5c20904..0a8d5aab0d97 100644 --- a/src/detect-ssh-software.c +++ b/src/detect-ssh-software.c @@ -102,19 +102,15 @@ void DetectSshSoftwareRegister(void) sigmatch_table[DETECT_AL_SSH_SOFTWARE].Setup = DetectSshSoftwareSetup; sigmatch_table[DETECT_AL_SSH_SOFTWARE].flags |= SIGMATCH_INFO_STICKY_BUFFER | SIGMATCH_NOOPT; - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetSshData, - ALPROTO_SSH, SshStateBannerDone), - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetSshData, - ALPROTO_SSH, SshStateBannerDone), - - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_SSH, SIG_FLAG_TOSERVER, SshStateBannerDone, - DetectEngineInspectBufferGeneric, GetSshData); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_SSH, SIG_FLAG_TOCLIENT, SshStateBannerDone, - DetectEngineInspectBufferGeneric, GetSshData); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetSshData, ALPROTO_SSH, SshStateBannerDone), + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, + PrefilterGenericMpmRegister, GetSshData, ALPROTO_SSH, SshStateBannerDone), + + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOSERVER, + SshStateBannerDone, DetectEngineInspectBufferGeneric, GetSshData); + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOCLIENT, + SshStateBannerDone, DetectEngineInspectBufferGeneric, GetSshData); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-ssl-state.c b/src/detect-ssl-state.c index 3f2df48db7aa..385bf8c11502 100644 --- a/src/detect-ssl-state.c +++ b/src/detect-ssl-state.c @@ -89,9 +89,9 @@ void DetectSslStateRegister(void) DetectBufferTypeSetDescriptionByName("tls_generic", "generic ssl/tls inspection"); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "tls_generic", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "tls_generic", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); } diff --git a/src/detect-template-rust-buffer.c b/src/detect-template-rust-buffer.c index 86fc282712ba..95f8ff6d12ce 100644 --- a/src/detect-template-rust-buffer.c +++ b/src/detect-template-rust-buffer.c @@ -67,9 +67,9 @@ void DetectTemplateRustBufferRegister(void) sigmatch_table[DETECT_AL_TEMPLATE_BUFFER].flags |= SIGMATCH_NOOPT; /* register inspect engines */ - DetectAppLayerInspectEngineRegister2("template_buffer", ALPROTO_TEMPLATE, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("template_buffer", ALPROTO_TEMPLATE, SIG_FLAG_TOSERVER, 0, DetectEngineInspectTemplateRustBuffer, NULL); - DetectAppLayerInspectEngineRegister2("template_buffer", ALPROTO_TEMPLATE, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("template_buffer", ALPROTO_TEMPLATE, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectTemplateRustBuffer, NULL); g_template_rust_id = DetectBufferTypeGetByName("template_buffer"); diff --git a/src/detect-tls-cert-fingerprint.c b/src/detect-tls-cert-fingerprint.c index 98ba46143db4..9fec32151dd6 100644 --- a/src/detect-tls-cert-fingerprint.c +++ b/src/detect-tls-cert-fingerprint.c @@ -83,18 +83,16 @@ void DetectTlsFingerprintRegister(void) sigmatch_table[DETECT_AL_TLS_CERT_FINGERPRINT].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_CERT_FINGERPRINT].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("tls.cert_fingerprint", ALPROTO_TLS, - SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, - DetectEngineInspectBufferGeneric, GetData); + DetectAppLayerInspectEngineRegister("tls.cert_fingerprint", ALPROTO_TLS, SIG_FLAG_TOCLIENT, + TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("tls.cert_fingerprint", SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, - TLS_STATE_CERT_READY); + DetectAppLayerMpmRegister("tls.cert_fingerprint", SIG_FLAG_TOCLIENT, 2, + PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, TLS_STATE_CERT_READY); - DetectAppLayerInspectEngineRegister2("tls.cert_fingerprint", ALPROTO_TLS, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("tls.cert_fingerprint", ALPROTO_TLS, SIG_FLAG_TOSERVER, TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("tls.cert_fingerprint", SIG_FLAG_TOSERVER, 2, + DetectAppLayerMpmRegister("tls.cert_fingerprint", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, TLS_STATE_CERT_READY); DetectBufferTypeSetDescriptionByName("tls.cert_fingerprint", diff --git a/src/detect-tls-cert-issuer.c b/src/detect-tls-cert-issuer.c index 9146f8d0f40b..49bada4cdf6d 100644 --- a/src/detect-tls-cert-issuer.c +++ b/src/detect-tls-cert-issuer.c @@ -79,19 +79,17 @@ void DetectTlsIssuerRegister(void) sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("tls.cert_issuer", ALPROTO_TLS, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("tls.cert_issuer", ALPROTO_TLS, SIG_FLAG_TOSERVER, TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("tls.cert_issuer", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("tls.cert_issuer", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, TLS_STATE_CERT_READY); - DetectAppLayerInspectEngineRegister2("tls.cert_issuer", ALPROTO_TLS, - SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, - DetectEngineInspectBufferGeneric, GetData); + DetectAppLayerInspectEngineRegister("tls.cert_issuer", ALPROTO_TLS, SIG_FLAG_TOCLIENT, + TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("tls.cert_issuer", SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, - TLS_STATE_CERT_READY); + DetectAppLayerMpmRegister("tls.cert_issuer", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_TLS, TLS_STATE_CERT_READY); DetectBufferTypeSetDescriptionByName("tls.cert_issuer", "TLS certificate issuer"); diff --git a/src/detect-tls-cert-serial.c b/src/detect-tls-cert-serial.c index 19c86be80e24..0ac7bfdd20cc 100644 --- a/src/detect-tls-cert-serial.c +++ b/src/detect-tls-cert-serial.c @@ -83,18 +83,16 @@ void DetectTlsSerialRegister(void) sigmatch_table[DETECT_AL_TLS_CERT_SERIAL].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_CERT_SERIAL].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("tls.cert_serial", ALPROTO_TLS, - SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, - DetectEngineInspectBufferGeneric, GetData); + DetectAppLayerInspectEngineRegister("tls.cert_serial", ALPROTO_TLS, SIG_FLAG_TOCLIENT, + TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("tls.cert_serial", SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, - TLS_STATE_CERT_READY); + DetectAppLayerMpmRegister("tls.cert_serial", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_TLS, TLS_STATE_CERT_READY); - DetectAppLayerInspectEngineRegister2("tls.cert_serial", ALPROTO_TLS, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("tls.cert_serial", ALPROTO_TLS, SIG_FLAG_TOSERVER, TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("tls.cert_serial", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("tls.cert_serial", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, TLS_STATE_CERT_READY); DetectBufferTypeSetDescriptionByName("tls.cert_serial", diff --git a/src/detect-tls-cert-subject.c b/src/detect-tls-cert-subject.c index 9ec7fb96fb1f..e0dcde30a830 100644 --- a/src/detect-tls-cert-subject.c +++ b/src/detect-tls-cert-subject.c @@ -79,18 +79,17 @@ void DetectTlsSubjectRegister(void) sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("tls.cert_subject", ALPROTO_TLS, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("tls.cert_subject", ALPROTO_TLS, SIG_FLAG_TOSERVER, TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("tls.cert_subject", SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, TLS_STATE_CERT_READY); + DetectAppLayerMpmRegister("tls.cert_subject", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_TLS, TLS_STATE_CERT_READY); - DetectAppLayerInspectEngineRegister2("tls.cert_subject", ALPROTO_TLS, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("tls.cert_subject", ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("tls.cert_subject", SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, - TLS_STATE_CERT_READY); + DetectAppLayerMpmRegister("tls.cert_subject", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_TLS, TLS_STATE_CERT_READY); DetectBufferTypeSupportsMultiInstance("tls.cert_subject"); diff --git a/src/detect-tls-cert-validity.c b/src/detect-tls-cert-validity.c index 63939b849286..0afd11e72e88 100644 --- a/src/detect-tls-cert-validity.c +++ b/src/detect-tls-cert-validity.c @@ -123,7 +123,7 @@ void DetectTlsValidityRegister (void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); - DetectAppLayerInspectEngineRegister2("tls_validity", ALPROTO_TLS, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("tls_validity", ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, DetectEngineInspectGenericList, NULL); g_tls_validity_buffer_id = DetectBufferTypeGetByName("tls_validity"); diff --git a/src/detect-tls-certs.c b/src/detect-tls-certs.c index a0204377373e..38042e3ef411 100644 --- a/src/detect-tls-certs.c +++ b/src/detect-tls-certs.c @@ -93,19 +93,17 @@ void DetectTlsCertsRegister(void) sigmatch_table[DETECT_AL_TLS_CERTS].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_CERTS].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("tls.certs", ALPROTO_TLS, - SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, - DetectEngineInspectTlsCerts, NULL); + DetectAppLayerInspectEngineRegister("tls.certs", ALPROTO_TLS, SIG_FLAG_TOCLIENT, + TLS_STATE_CERT_READY, DetectEngineInspectTlsCerts, NULL); - DetectAppLayerMpmRegister2("tls.certs", SIG_FLAG_TOCLIENT, 2, - PrefilterMpmTlsCertsRegister, NULL, ALPROTO_TLS, - TLS_STATE_CERT_READY); + DetectAppLayerMpmRegister("tls.certs", SIG_FLAG_TOCLIENT, 2, PrefilterMpmTlsCertsRegister, NULL, + ALPROTO_TLS, TLS_STATE_CERT_READY); - DetectAppLayerInspectEngineRegister2("tls.certs", ALPROTO_TLS, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("tls.certs", ALPROTO_TLS, SIG_FLAG_TOSERVER, TLS_STATE_CERT_READY, DetectEngineInspectTlsCerts, NULL); - DetectAppLayerMpmRegister2("tls.certs", SIG_FLAG_TOSERVER, 2, PrefilterMpmTlsCertsRegister, - NULL, ALPROTO_TLS, TLS_STATE_CERT_READY); + DetectAppLayerMpmRegister("tls.certs", SIG_FLAG_TOSERVER, 2, PrefilterMpmTlsCertsRegister, NULL, + ALPROTO_TLS, TLS_STATE_CERT_READY); DetectBufferTypeSetDescriptionByName("tls.certs", "TLS certificate"); @@ -363,7 +361,7 @@ void DetectTlsCertChainLenRegister(void) sigmatch_table[KEYWORD_ID].Setup = DetectTLSCertChainLenSetup; sigmatch_table[KEYWORD_ID].Free = DetectTLSCertChainLenFree; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_TLS, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, DetectEngineInspectGenericList, NULL); g_tls_cert_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME); diff --git a/src/detect-tls-ja3-hash.c b/src/detect-tls-ja3-hash.c index 7660fde4c2a0..0cfe18d66e65 100644 --- a/src/detect-tls-ja3-hash.c +++ b/src/detect-tls-ja3-hash.c @@ -80,16 +80,16 @@ void DetectTlsJa3HashRegister(void) sigmatch_table[DETECT_AL_TLS_JA3_HASH].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_JA3_HASH].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("ja3.hash", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("ja3.hash", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("ja3.hash", SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, 0); + DetectAppLayerMpmRegister( + "ja3.hash", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, 0); - DetectAppLayerMpmRegister2("ja3.hash", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("ja3.hash", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, Ja3DetectGetHash, ALPROTO_QUIC, 1); - DetectAppLayerInspectEngineRegister2("ja3.hash", ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister("ja3.hash", ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, DetectEngineInspectBufferGeneric, Ja3DetectGetHash); DetectBufferTypeSetDescriptionByName("ja3.hash", "TLS JA3 hash"); diff --git a/src/detect-tls-ja3-string.c b/src/detect-tls-ja3-string.c index 87a61bfd8738..6c2fbc6ad975 100644 --- a/src/detect-tls-ja3-string.c +++ b/src/detect-tls-ja3-string.c @@ -76,16 +76,16 @@ void DetectTlsJa3StringRegister(void) sigmatch_table[DETECT_AL_TLS_JA3_STRING].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_JA3_STRING].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("ja3.string", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("ja3.string", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("ja3.string", SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, 0); + DetectAppLayerMpmRegister("ja3.string", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_TLS, 0); - DetectAppLayerMpmRegister2("ja3.string", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("ja3.string", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, Ja3DetectGetString, ALPROTO_QUIC, 1); - DetectAppLayerInspectEngineRegister2("ja3.string", ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister("ja3.string", ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, DetectEngineInspectBufferGeneric, Ja3DetectGetString); DetectBufferTypeSetDescriptionByName("ja3.string", "TLS JA3 string"); diff --git a/src/detect-tls-ja3s-hash.c b/src/detect-tls-ja3s-hash.c index 583566012d08..a1a334a4f16b 100644 --- a/src/detect-tls-ja3s-hash.c +++ b/src/detect-tls-ja3s-hash.c @@ -79,16 +79,16 @@ void DetectTlsJa3SHashRegister(void) sigmatch_table[DETECT_AL_TLS_JA3S_HASH].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_JA3S_HASH].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("ja3s.hash", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("ja3s.hash", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("ja3s.hash", SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, 0); + DetectAppLayerMpmRegister("ja3s.hash", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_TLS, 0); - DetectAppLayerMpmRegister2("ja3s.hash", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("ja3s.hash", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, Ja3DetectGetHash, ALPROTO_QUIC, 1); - DetectAppLayerInspectEngineRegister2("ja3s.hash", ALPROTO_QUIC, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister("ja3s.hash", ALPROTO_QUIC, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, Ja3DetectGetHash); DetectBufferTypeSetDescriptionByName("ja3s.hash", "TLS JA3S hash"); diff --git a/src/detect-tls-ja3s-string.c b/src/detect-tls-ja3s-string.c index 0f7f7d61d067..32117df68442 100644 --- a/src/detect-tls-ja3s-string.c +++ b/src/detect-tls-ja3s-string.c @@ -76,16 +76,16 @@ void DetectTlsJa3SStringRegister(void) sigmatch_table[DETECT_AL_TLS_JA3S_STRING].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_JA3S_STRING].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("ja3s.string", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("ja3s.string", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("ja3s.string", SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, 0); + DetectAppLayerMpmRegister("ja3s.string", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_TLS, 0); - DetectAppLayerMpmRegister2("ja3s.string", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("ja3s.string", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, Ja3DetectGetString, ALPROTO_QUIC, 1); - DetectAppLayerInspectEngineRegister2("ja3s.string", ALPROTO_QUIC, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister("ja3s.string", ALPROTO_QUIC, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, Ja3DetectGetString); DetectBufferTypeSetDescriptionByName("ja3s.string", "TLS JA3S string"); diff --git a/src/detect-tls-random.c b/src/detect-tls-random.c index fc4369ab1861..b8af73490a32 100644 --- a/src/detect-tls-random.c +++ b/src/detect-tls-random.c @@ -62,15 +62,15 @@ void DetectTlsRandomTimeRegister(void) sigmatch_table[DETECT_AL_TLS_RANDOM_TIME].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; /* Register engine for Server random */ - DetectAppLayerInspectEngineRegister2("tls.random_time", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("tls.random_time", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetRandomTimeData); - DetectAppLayerMpmRegister2("tls.random_time", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("tls.random_time", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRandomTimeData, ALPROTO_TLS, 0); /* Register engine for Client random */ - DetectAppLayerInspectEngineRegister2("tls.random_time", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("tls.random_time", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetRandomTimeData); - DetectAppLayerMpmRegister2("tls.random_time", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("tls.random_time", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetRandomTimeData, ALPROTO_TLS, 0); DetectBufferTypeSetDescriptionByName("tls.random_time", "TLS Random Time"); @@ -90,16 +90,16 @@ void DetectTlsRandomBytesRegister(void) SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; /* Register engine for Server random */ - DetectAppLayerInspectEngineRegister2("tls.random_bytes", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("tls.random_bytes", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetRandomBytesData); - DetectAppLayerMpmRegister2("tls.random_bytes", SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetRandomBytesData, ALPROTO_TLS, 0); + DetectAppLayerMpmRegister("tls.random_bytes", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetRandomBytesData, ALPROTO_TLS, 0); /* Register engine for Client random */ - DetectAppLayerInspectEngineRegister2("tls.random_bytes", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("tls.random_bytes", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetRandomBytesData); - DetectAppLayerMpmRegister2("tls.random_bytes", SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetRandomBytesData, ALPROTO_TLS, 0); + DetectAppLayerMpmRegister("tls.random_bytes", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetRandomBytesData, ALPROTO_TLS, 0); DetectBufferTypeSetDescriptionByName("tls.random_bytes", "TLS Random Bytes"); @@ -122,15 +122,15 @@ void DetectTlsRandomRegister(void) sigmatch_table[DETECT_AL_TLS_RANDOM].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; /* Register engine for Server random */ - DetectAppLayerInspectEngineRegister2("tls.random", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("tls.random", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetRandomData); - DetectAppLayerMpmRegister2("tls.random", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("tls.random", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRandomData, ALPROTO_TLS, 0); /* Register engine for Client random */ - DetectAppLayerInspectEngineRegister2("tls.random", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("tls.random", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetRandomData); - DetectAppLayerMpmRegister2("tls.random", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("tls.random", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetRandomData, ALPROTO_TLS, 0); DetectBufferTypeSetDescriptionByName("tls.random", "TLS Random"); diff --git a/src/detect-tls-sni.c b/src/detect-tls-sni.c index 69b066e8e979..10b6d08dafd3 100644 --- a/src/detect-tls-sni.c +++ b/src/detect-tls-sni.c @@ -73,11 +73,11 @@ void DetectTlsSniRegister(void) sigmatch_table[DETECT_AL_TLS_SNI].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_SNI].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("tls.sni", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("tls.sni", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("tls.sni", SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, 0); + DetectAppLayerMpmRegister( + "tls.sni", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, 0); DetectBufferTypeSetDescriptionByName("tls.sni", "TLS Server Name Indication (SNI) extension"); diff --git a/src/detect-tls.c b/src/detect-tls.c index 71e45696cd9c..e94a9b2a600c 100644 --- a/src/detect-tls.c +++ b/src/detect-tls.c @@ -141,10 +141,10 @@ void DetectTlsRegister (void) g_tls_cert_list_id = DetectBufferTypeRegister("tls_cert"); g_tls_cert_fingerprint_list_id = DetectBufferTypeRegister("tls.cert_fingerprint"); - DetectAppLayerInspectEngineRegister2("tls_cert", ALPROTO_TLS, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("tls_cert", ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("tls_cert", ALPROTO_TLS, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("tls_cert", ALPROTO_TLS, SIG_FLAG_TOSERVER, TLS_STATE_CERT_READY, DetectEngineInspectGenericList, NULL); } diff --git a/src/detect.h b/src/detect.h index 04dd49a65a75..ec67198da2a3 100644 --- a/src/detect.h +++ b/src/detect.h @@ -410,7 +410,7 @@ typedef InspectionBuffer *(*InspectionBufferGetDataPtr)( void *txv, const int list_id); struct DetectEngineAppInspectionEngine_; -typedef uint8_t (*InspectEngineFuncPtr2)(struct DetectEngineCtx_ *de_ctx, +typedef uint8_t (*InspectEngineFuncPtr)(struct DetectEngineCtx_ *de_ctx, struct DetectEngineThreadCtx_ *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const struct Signature_ *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); @@ -427,7 +427,7 @@ typedef struct DetectEngineAppInspectionEngine_ { struct { InspectionBufferGetDataPtr GetData; - InspectEngineFuncPtr2 Callback; + InspectEngineFuncPtr Callback; /** pointer to the transforms in the 'DetectBuffer entry for this list */ const DetectEngineTransforms *transforms; } v2; diff --git a/src/output-json-alert.c b/src/output-json-alert.c index a7df1065509e..f512e13ba122 100644 --- a/src/output-json-alert.c +++ b/src/output-json-alert.c @@ -31,30 +31,20 @@ #include "conf.h" #include "stream.h" -#include "threads.h" -#include "tm-threads.h" #include "threadvars.h" #include "util-debug.h" #include "util-logopenfile.h" #include "util-misc.h" #include "util-time.h" -#include "util-unittest.h" -#include "util-unittest-helper.h" -#include "detect-parse.h" #include "detect-engine.h" -#include "detect-engine-mpm.h" -#include "detect-reference.h" #include "detect-metadata.h" #include "app-layer-parser.h" #include "app-layer-dnp3.h" -#include "app-layer-htp.h" #include "app-layer-htp-xff.h" #include "app-layer-ftp.h" #include "app-layer-frames.h" -#include "util-classification-config.h" -#include "util-syslog.h" #include "log-pcap.h" #include "output.h" @@ -64,7 +54,6 @@ #include "output-json-dns.h" #include "output-json-http.h" #include "output-json-tls.h" -#include "output-json-ssh.h" #include "rust.h" #include "output-json-smtp.h" #include "output-json-email-common.h" @@ -79,10 +68,7 @@ #include "output-json-frame.h" #include "output-json-quic.h" -#include "util-byte.h" -#include "util-privs.h" #include "util-print.h" -#include "util-proto-name.h" #include "util-optimize.h" #include "util-buffer.h" #include "util-validate.h" diff --git a/src/output-json-dns.c b/src/output-json-dns.c index 020e27853a9e..9e10c3ea14b5 100644 --- a/src/output-json-dns.c +++ b/src/output-json-dns.c @@ -24,31 +24,17 @@ */ #include "suricata-common.h" -#include "detect.h" -#include "pkt-var.h" #include "conf.h" -#include "threads.h" #include "threadvars.h" -#include "tm-threads.h" - -#include "util-print.h" -#include "util-unittest.h" #include "util-debug.h" #include "util-mem.h" #include "app-layer-parser.h" #include "output.h" -#include "app-layer.h" -#include "util-privs.h" -#include "util-buffer.h" -#include "util-proto-name.h" -#include "util-logopenfile.h" -#include "util-time.h" #include "output-json.h" #include "output-json-dns.h" -#include "rust.h" /* we can do query logging as well, but it's disabled for now as the * TX id handling doesn't expect it */