From 0d120f97569bd0e058ed3d982c38023485461899 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Mon, 23 Oct 2023 15:05:43 -0600 Subject: [PATCH 01/12] detect: rename DetectAppLayerMpmRegister2 to DetectAppLayerMpmRegister The old DetectAppLayerMpmRegister has not been around since 4.1.x. Rename the v2 of this function to a versionless function as there is no documentation referring to what the 2 means. --- .../extending/app-layer/transactions.rst | 6 +++--- src/detect-dce-stub-data.c | 20 ++++++++----------- src/detect-dnp3.c | 10 ++++------ src/detect-dns-query.c | 5 ++--- src/detect-engine-mpm.c | 2 +- src/detect-engine-mpm.h | 2 +- src/detect-http-client-body.c | 4 ++-- src/detect-http-cookie.c | 8 ++++---- src/detect-http-header-names.c | 8 ++++---- src/detect-http-header.c | 16 +++++++-------- src/detect-http-headers-stub.h | 8 ++++---- src/detect-http-host.c | 8 ++++---- src/detect-http-method.c | 4 ++-- src/detect-http-protocol.c | 8 ++++---- src/detect-http-raw-header.c | 8 ++++---- src/detect-http-request-line.c | 4 ++-- src/detect-http-response-line.c | 4 ++-- src/detect-http-start.c | 4 ++-- src/detect-http-stat-code.c | 4 ++-- src/detect-http-stat-msg.c | 4 ++-- src/detect-http-ua.c | 4 ++-- src/detect-http-uri.c | 8 ++++---- src/detect-http2.c | 10 ++++------ src/detect-ike-key-exchange-payload.c | 4 ++-- src/detect-ike-nonce-payload.c | 4 ++-- src/detect-ike-spi.c | 4 ++-- src/detect-ike-vendor.c | 2 +- src/detect-krb5-cname.c | 5 ++--- src/detect-krb5-sname.c | 5 ++--- src/detect-mqtt-connect-clientid.c | 5 ++--- src/detect-mqtt-connect-password.c | 5 ++--- src/detect-mqtt-connect-username.c | 5 ++--- src/detect-mqtt-connect-willmessage.c | 5 ++--- src/detect-mqtt-connect-willtopic.c | 5 ++--- src/detect-mqtt-publish-message.c | 5 ++--- src/detect-mqtt-publish-topic.c | 5 ++--- src/detect-mqtt-subscribe-topic.c | 5 ++--- src/detect-mqtt-unsubscribe-topic.c | 5 ++--- src/detect-parse.c | 10 ++++------ src/detect-quic-cyu-hash.c | 2 +- src/detect-quic-cyu-string.c | 2 +- src/detect-quic-sni.c | 2 +- src/detect-quic-ua.c | 2 +- src/detect-quic-version.c | 4 ++-- src/detect-rfb-name.c | 5 ++--- src/detect-sip-method.c | 5 ++--- src/detect-sip-protocol.c | 10 ++++------ src/detect-sip-request-line.c | 5 ++--- src/detect-sip-response-line.c | 5 ++--- src/detect-sip-stat-code.c | 5 ++--- src/detect-sip-stat-msg.c | 5 ++--- src/detect-sip-uri.c | 5 ++--- src/detect-smb-ntlmssp.c | 4 ++-- src/detect-smb-share.c | 10 ++++------ src/detect-snmp-community.c | 8 ++++---- src/detect-snmp-usm.c | 4 ++-- src/detect-ssh-hassh-server-string.c | 6 ++---- src/detect-ssh-hassh-server.c | 5 ++--- src/detect-ssh-hassh-string.c | 6 ++---- src/detect-ssh-hassh.c | 11 ++++------ src/detect-ssh-proto.c | 16 ++++++--------- src/detect-ssh-software.c | 15 ++++++-------- src/detect-tls-cert-fingerprint.c | 7 +++---- src/detect-tls-cert-issuer.c | 7 +++---- src/detect-tls-cert-serial.c | 7 +++---- src/detect-tls-cert-subject.c | 9 ++++----- src/detect-tls-certs.c | 9 ++++----- src/detect-tls-ja3-hash.c | 6 +++--- src/detect-tls-ja3-string.c | 6 +++--- src/detect-tls-ja3s-hash.c | 6 +++--- src/detect-tls-ja3s-string.c | 6 +++--- src/detect-tls-random.c | 16 +++++++-------- src/detect-tls-sni.c | 4 ++-- 73 files changed, 205 insertions(+), 258 deletions(-) diff --git a/doc/userguide/devguide/extending/app-layer/transactions.rst b/doc/userguide/devguide/extending/app-layer/transactions.rst index 357bdcd76d73..1a7e4ca46443 100644 --- a/doc/userguide/devguide/extending/app-layer/transactions.rst +++ b/doc/userguide/devguide/extending/app-layer/transactions.rst @@ -68,7 +68,7 @@ Rule Matching Transaction progress is also used for certain keywords to know what is the minimum state before we can expect a match: until that, Suricata won't even try to look for the patterns. -As seen in ``DetectAppLayerMpmRegister2`` that has ``int progress`` as parameter, and ``DetectAppLayerInspectEngineRegister2``, which expects ``int tx_min_progress``, for instance. In the code snippet, +As seen in ``DetectAppLayerMpmRegister`` that has ``int progress`` as parameter, and ``DetectAppLayerInspectEngineRegister2``, which expects ``int tx_min_progress``, for instance. In the code snippet, ``HTTP2StateDataClient``, ``HTTP2StateDataServer`` and ``0`` are the values passed to the functions - in the last example, for ``FTPDATA``, the existence of a transaction implies that a file is being transferred. Hence the ``0`` value. @@ -80,10 +80,10 @@ the existence of a transaction implies that a file is being transferred. Hence t { . . - DetectAppLayerMpmRegister2("file_data", SIG_FLAG_TOSERVER, 2, + DetectAppLayerMpmRegister("file_data", SIG_FLAG_TOSERVER, 2, PrefilterMpmFiledataRegister, NULL, ALPROTO_HTTP2, HTTP2StateDataClient); - DetectAppLayerMpmRegister2("file_data", SIG_FLAG_TOCLIENT, 2, + DetectAppLayerMpmRegister("file_data", SIG_FLAG_TOCLIENT, 2, PrefilterMpmFiledataRegister, NULL, ALPROTO_HTTP2, HTTP2StateDataServer); . diff --git a/src/detect-dce-stub-data.c b/src/detect-dce-stub-data.c index 50d0387b0758..ec7f0f620f37 100644 --- a/src/detect-dce-stub-data.c +++ b/src/detect-dce-stub-data.c @@ -129,31 +129,27 @@ void DetectDceStubDataRegister(void) ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetSMBData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetSMBData, - ALPROTO_SMB, 0); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetSMBData, ALPROTO_SMB, 0); DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SMB, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetSMBData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetSMBData, - ALPROTO_SMB, 0); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetSMBData, ALPROTO_SMB, 0); DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_DCERPC, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetDCEData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetDCEData, - ALPROTO_DCERPC, 0); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetDCEData, ALPROTO_DCERPC, 0); DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_DCERPC, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetDCEData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetDCEData, - ALPROTO_DCERPC, 0); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetDCEData, ALPROTO_DCERPC, 0); g_dce_stub_data_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME); } diff --git a/src/detect-dnp3.c b/src/detect-dnp3.c index 208dec7c3a29..7e7de259f3f4 100644 --- a/src/detect-dnp3.c +++ b/src/detect-dnp3.c @@ -555,17 +555,15 @@ static void DetectDNP3DataRegister(void) ALPROTO_DNP3, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetDNP3Data); - DetectAppLayerMpmRegister2("dnp3_data", SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetDNP3Data, - ALPROTO_DNP3, 0); + DetectAppLayerMpmRegister("dnp3_data", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetDNP3Data, ALPROTO_DNP3, 0); DetectAppLayerInspectEngineRegister2("dnp3_data", ALPROTO_DNP3, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetDNP3Data); - DetectAppLayerMpmRegister2("dnp3_data", SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetDNP3Data, - ALPROTO_DNP3, 0); + DetectAppLayerMpmRegister("dnp3_data", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetDNP3Data, ALPROTO_DNP3, 0); g_dnp3_data_buffer_id = DetectBufferTypeGetByName("dnp3_data"); SCReturn; diff --git a/src/detect-dns-query.c b/src/detect-dns-query.c index 354c4f834411..f5453ef6fc4e 100644 --- a/src/detect-dns-query.c +++ b/src/detect-dns-query.c @@ -211,9 +211,8 @@ void DetectDnsQueryRegister (void) sigmatch_table[DETECT_AL_DNS_QUERY].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_DNS_QUERY].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerMpmRegister2("dns_query", SIG_FLAG_TOSERVER, 2, - PrefilterMpmDnsQueryRegister, NULL, - ALPROTO_DNS, 1); + DetectAppLayerMpmRegister( + "dns_query", SIG_FLAG_TOSERVER, 2, PrefilterMpmDnsQueryRegister, NULL, ALPROTO_DNS, 1); DetectAppLayerInspectEngineRegister2("dns_query", ALPROTO_DNS, SIG_FLAG_TOSERVER, 1, diff --git a/src/detect-engine-mpm.c b/src/detect-engine-mpm.c index f091a3dadaa0..0d26ba9ab3ee 100644 --- a/src/detect-engine-mpm.c +++ b/src/detect-engine-mpm.c @@ -86,7 +86,7 @@ static int g_mpm_list_cnt[DETECT_BUFFER_MPM_TYPE_SIZE] = { 0, 0, 0 }; * * \note to be used at start up / registration only. Errors are fatal. */ -void DetectAppLayerMpmRegister2(const char *name, int direction, int priority, +void DetectAppLayerMpmRegister(const char *name, int direction, int priority, PrefilterRegisterFunc PrefilterRegister, InspectionBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress) { diff --git a/src/detect-engine-mpm.h b/src/detect-engine-mpm.h index adb40297190f..b05f86e43eb1 100644 --- a/src/detect-engine-mpm.h +++ b/src/detect-engine-mpm.h @@ -90,7 +90,7 @@ typedef int (*PrefilterRegisterFunc)(DetectEngineCtx *de_ctx, SigGroupHead *sgh, * \note direction must be set to either toserver or toclient. * If both are needed, register the keyword twice. */ -void DetectAppLayerMpmRegister2(const char *name, int direction, int priority, +void DetectAppLayerMpmRegister(const char *name, int direction, int priority, PrefilterRegisterFunc PrefilterRegister, InspectionBufferGetDataPtr GetData, AppProto alproto, int tx_min_progress); void DetectAppLayerMpmRegisterByParentId( diff --git a/src/detect-http-client-body.c b/src/detect-http-client-body.c index 41b2552e9b99..0976e291a031 100644 --- a/src/detect-http-client-body.c +++ b/src/detect-http-client-body.c @@ -106,12 +106,12 @@ void DetectHttpClientBodyRegister(void) DetectAppLayerInspectEngineRegister2("http_client_body", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_BODY, DetectEngineInspectBufferHttpBody, NULL); - DetectAppLayerMpmRegister2("http_client_body", SIG_FLAG_TOSERVER, 2, + DetectAppLayerMpmRegister("http_client_body", SIG_FLAG_TOSERVER, 2, PrefilterMpmHttpRequestBodyRegister, NULL, ALPROTO_HTTP1, HTP_REQUEST_BODY); DetectAppLayerInspectEngineRegister2("http_client_body", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectFiledata, NULL); - DetectAppLayerMpmRegister2("http_client_body", SIG_FLAG_TOSERVER, 2, + DetectAppLayerMpmRegister("http_client_body", SIG_FLAG_TOSERVER, 2, PrefilterMpmFiledataRegister, NULL, ALPROTO_HTTP2, HTTP2StateDataClient); DetectBufferTypeSetDescriptionByName("http_client_body", diff --git a/src/detect-http-cookie.c b/src/detect-http-cookie.c index e2754138fd44..eb6e8e01eb55 100644 --- a/src/detect-http-cookie.c +++ b/src/detect-http-cookie.c @@ -111,9 +111,9 @@ void DetectHttpCookieRegister(void) DetectAppLayerInspectEngineRegister2("http_cookie", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetResponseData); - DetectAppLayerMpmRegister2("http_cookie", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_cookie", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRequestData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); - DetectAppLayerMpmRegister2("http_cookie", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_cookie", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetResponseData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); DetectAppLayerInspectEngineRegister2("http_cookie", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, @@ -121,9 +121,9 @@ void DetectHttpCookieRegister(void) DetectAppLayerInspectEngineRegister2("http_cookie", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetResponseData2); - DetectAppLayerMpmRegister2("http_cookie", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_cookie", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRequestData2, ALPROTO_HTTP2, HTTP2StateDataClient); - DetectAppLayerMpmRegister2("http_cookie", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_cookie", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetResponseData2, ALPROTO_HTTP2, HTTP2StateDataServer); DetectBufferTypeSetDescriptionByName("http_cookie", diff --git a/src/detect-http-header-names.c b/src/detect-http-header-names.c index 58989a1825df..8f65726e4eef 100644 --- a/src/detect-http-header-names.c +++ b/src/detect-http-header-names.c @@ -219,9 +219,9 @@ void DetectHttpHeaderNamesRegister(void) sigmatch_table[DETECT_AL_HTTP_HEADER_NAMES].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; /* http1 */ - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetBuffer1ForTX, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetBuffer1ForTX, ALPROTO_HTTP1, HTP_RESPONSE_HEADERS); DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER, @@ -230,9 +230,9 @@ void DetectHttpHeaderNamesRegister(void) HTP_RESPONSE_HEADERS, DetectEngineInspectBufferGeneric, GetBuffer1ForTX); /* http2 */ - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetBuffer2ForTX, ALPROTO_HTTP2, HTTP2StateDataClient); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetBuffer2ForTX, ALPROTO_HTTP2, HTTP2StateDataServer); DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOSERVER, diff --git a/src/detect-http-header.c b/src/detect-http-header.c index e5101f9276b0..07684d28b5d3 100644 --- a/src/detect-http-header.c +++ b/src/detect-http-header.c @@ -436,24 +436,24 @@ void DetectHttpHeaderRegister(void) DetectAppLayerInspectEngineRegister2("http_header", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectBufferHttpHeader, NULL); - DetectAppLayerMpmRegister2("http_header", SIG_FLAG_TOSERVER, 2, + DetectAppLayerMpmRegister("http_header", SIG_FLAG_TOSERVER, 2, PrefilterMpmHttpHeaderRequestRegister, NULL, ALPROTO_HTTP1, 0); /* not used, registered twice: HEADERS/TRAILER */ DetectAppLayerInspectEngineRegister2("http_header", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS, DetectEngineInspectBufferHttpHeader, NULL); - DetectAppLayerMpmRegister2("http_header", SIG_FLAG_TOCLIENT, 2, + DetectAppLayerMpmRegister("http_header", SIG_FLAG_TOCLIENT, 2, PrefilterMpmHttpHeaderResponseRegister, NULL, ALPROTO_HTTP1, 0); /* not used, registered twice: HEADERS/TRAILER */ DetectAppLayerInspectEngineRegister2("http_header", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetBuffer2ForTX); - DetectAppLayerMpmRegister2("http_header", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_header", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetBuffer2ForTX, ALPROTO_HTTP2, HTTP2StateDataClient); DetectAppLayerInspectEngineRegister2("http_header", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetBuffer2ForTX); - DetectAppLayerMpmRegister2("http_header", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_header", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetBuffer2ForTX, ALPROTO_HTTP2, HTTP2StateDataServer); DetectBufferTypeSetDescriptionByName("http_header", @@ -739,11 +739,11 @@ void DetectHttpRequestHeaderRegister(void) sigmatch_table[DETECT_HTTP_REQUEST_HEADER].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerMpmRegister2("http_request_header", SIG_FLAG_TOSERVER, 2, + DetectAppLayerMpmRegister("http_request_header", SIG_FLAG_TOSERVER, 2, PrefilterMpmHttp2HeaderRegister, NULL, ALPROTO_HTTP2, HTTP2StateOpen); DetectAppLayerInspectEngineRegister2("http_request_header", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateOpen, DetectEngineInspectHttp2Header, NULL); - DetectAppLayerMpmRegister2("http_request_header", SIG_FLAG_TOSERVER, 2, + DetectAppLayerMpmRegister("http_request_header", SIG_FLAG_TOSERVER, 2, PrefilterMpmHttp1HeaderRegister, NULL, ALPROTO_HTTP1, 0); DetectAppLayerInspectEngineRegister2("http_request_header", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectHttp1Header, NULL); @@ -774,11 +774,11 @@ void DetectHttpResponseHeaderRegister(void) sigmatch_table[DETECT_HTTP_RESPONSE_HEADER].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerMpmRegister2("http_response_header", SIG_FLAG_TOCLIENT, 2, + DetectAppLayerMpmRegister("http_response_header", SIG_FLAG_TOCLIENT, 2, PrefilterMpmHttp2HeaderRegister, NULL, ALPROTO_HTTP2, HTTP2StateOpen); DetectAppLayerInspectEngineRegister2("http_response_header", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateOpen, DetectEngineInspectHttp2Header, NULL); - DetectAppLayerMpmRegister2("http_response_header", SIG_FLAG_TOCLIENT, 2, + DetectAppLayerMpmRegister("http_response_header", SIG_FLAG_TOCLIENT, 2, PrefilterMpmHttp1HeaderRegister, NULL, ALPROTO_HTTP1, 0); DetectAppLayerInspectEngineRegister2("http_response_header", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS, DetectEngineInspectHttp1Header, NULL); diff --git a/src/detect-http-headers-stub.h b/src/detect-http-headers-stub.h index 3a036d62209e..1f5d166063c2 100644 --- a/src/detect-http-headers-stub.h +++ b/src/detect-http-headers-stub.h @@ -186,15 +186,15 @@ static void DetectHttpHeadersRegisterStub(void) sigmatch_table[KEYWORD_ID].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; #ifdef KEYWORD_TOSERVER - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRequestData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRequestData2, ALPROTO_HTTP2, HTTP2StateDataClient); #endif #ifdef KEYWORD_TOCLIENT - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetResponseData, ALPROTO_HTTP1, HTP_RESPONSE_HEADERS); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetResponseData2, ALPROTO_HTTP2, HTTP2StateDataServer); #endif #ifdef KEYWORD_TOSERVER diff --git a/src/detect-http-host.c b/src/detect-http-host.c index 6f32044a112c..df9c594d31c2 100644 --- a/src/detect-http-host.c +++ b/src/detect-http-host.c @@ -108,13 +108,13 @@ void DetectHttpHHRegister(void) DetectAppLayerInspectEngineRegister2("http_host", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("http_host", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_host", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); DetectAppLayerInspectEngineRegister2("http_host", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2("http_host", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_host", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataClient); DetectBufferTypeRegisterValidateCallback("http_host", @@ -143,13 +143,13 @@ void DetectHttpHHRegister(void) DetectAppLayerInspectEngineRegister2("http_raw_host", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetRawData); - DetectAppLayerMpmRegister2("http_raw_host", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_raw_host", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRawData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); DetectAppLayerInspectEngineRegister2("http_raw_host", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetRawData2); - DetectAppLayerMpmRegister2("http_raw_host", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_raw_host", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRawData2, ALPROTO_HTTP2, HTTP2StateDataClient); DetectBufferTypeSetDescriptionByName("http_raw_host", diff --git a/src/detect-http-method.c b/src/detect-http-method.c index 0ce246359ce9..ab2982238c97 100644 --- a/src/detect-http-method.c +++ b/src/detect-http-method.c @@ -100,13 +100,13 @@ void DetectHttpMethodRegister(void) DetectAppLayerInspectEngineRegister2("http_method", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("http_method", SIG_FLAG_TOSERVER, 4, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_method", SIG_FLAG_TOSERVER, 4, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_REQUEST_LINE); DetectAppLayerInspectEngineRegister2("http_method", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2("http_method", SIG_FLAG_TOSERVER, 4, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_method", SIG_FLAG_TOSERVER, 4, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataClient); DetectBufferTypeSetDescriptionByName("http_method", diff --git a/src/detect-http-protocol.c b/src/detect-http-protocol.c index 9dc3455d2149..f771735c6e69 100644 --- a/src/detect-http-protocol.c +++ b/src/detect-http-protocol.c @@ -140,9 +140,9 @@ void DetectHttpProtocolRegister(void) sigmatch_table[DETECT_AL_HTTP_PROTOCOL].Setup = DetectHttpProtocolSetup; sigmatch_table[DETECT_AL_HTTP_PROTOCOL].flags |= SIGMATCH_INFO_STICKY_BUFFER | SIGMATCH_NOOPT; - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_REQUEST_LINE); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_RESPONSE_LINE); DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetData); @@ -151,11 +151,11 @@ void DetectHttpProtocolRegister(void) DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataClient); DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataServer); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, diff --git a/src/detect-http-raw-header.c b/src/detect-http-raw-header.c index 946c2233e5c2..05d2167c7bc0 100644 --- a/src/detect-http-raw-header.c +++ b/src/detect-http-raw-header.c @@ -100,10 +100,10 @@ void DetectHttpRawHeaderRegister(void) DetectAppLayerInspectEngineRegister2("http_raw_header", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS + 1, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("http_raw_header", SIG_FLAG_TOSERVER, 2, + DetectAppLayerMpmRegister("http_raw_header", SIG_FLAG_TOSERVER, 2, PrefilterMpmHttpHeaderRawRequestRegister, NULL, ALPROTO_HTTP1, 0); /* progress handled in register */ - DetectAppLayerMpmRegister2("http_raw_header", SIG_FLAG_TOCLIENT, 2, + DetectAppLayerMpmRegister("http_raw_header", SIG_FLAG_TOCLIENT, 2, PrefilterMpmHttpHeaderRawResponseRegister, NULL, ALPROTO_HTTP1, 0); /* progress handled in register */ @@ -112,9 +112,9 @@ void DetectHttpRawHeaderRegister(void) DetectAppLayerInspectEngineRegister2("http_raw_header", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2("http_raw_header", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_raw_header", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataClient); - DetectAppLayerMpmRegister2("http_raw_header", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_raw_header", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataServer); DetectBufferTypeSetDescriptionByName("http_raw_header", diff --git a/src/detect-http-request-line.c b/src/detect-http-request-line.c index 89d38cbd0a8a..2c56c72003e6 100644 --- a/src/detect-http-request-line.c +++ b/src/detect-http-request-line.c @@ -112,12 +112,12 @@ void DetectHttpRequestLineRegister(void) DetectAppLayerInspectEngineRegister2("http_request_line", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("http_request_line", SIG_FLAG_TOSERVER, 2, + DetectAppLayerMpmRegister("http_request_line", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_REQUEST_LINE); DetectAppLayerInspectEngineRegister2("http_request_line", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2("http_request_line", SIG_FLAG_TOSERVER, 2, + DetectAppLayerMpmRegister("http_request_line", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataClient); DetectBufferTypeSetDescriptionByName("http_request_line", diff --git a/src/detect-http-response-line.c b/src/detect-http-response-line.c index 8758644681c7..9b1b9ed23adc 100644 --- a/src/detect-http-response-line.c +++ b/src/detect-http-response-line.c @@ -111,12 +111,12 @@ void DetectHttpResponseLineRegister(void) DetectAppLayerInspectEngineRegister2("http_response_line", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_LINE, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("http_response_line", SIG_FLAG_TOCLIENT, 2, + DetectAppLayerMpmRegister("http_response_line", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_RESPONSE_LINE); DetectAppLayerInspectEngineRegister2("http_response_line", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2("http_response_line", SIG_FLAG_TOCLIENT, 2, + DetectAppLayerMpmRegister("http_response_line", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataServer); DetectBufferTypeSetDescriptionByName("http_response_line", diff --git a/src/detect-http-start.c b/src/detect-http-start.c index fed1abc96256..7433c6e4cde2 100644 --- a/src/detect-http-start.c +++ b/src/detect-http-start.c @@ -188,9 +188,9 @@ void DetectHttpStartRegister(void) sigmatch_table[DETECT_AL_HTTP_START].Setup = DetectHttpStartSetup; sigmatch_table[DETECT_AL_HTTP_START].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetBuffer1ForTX, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetBuffer1ForTX, ALPROTO_HTTP1, HTP_RESPONSE_HEADERS); DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER, diff --git a/src/detect-http-stat-code.c b/src/detect-http-stat-code.c index 1e7087a318b3..15d8b25af611 100644 --- a/src/detect-http-stat-code.c +++ b/src/detect-http-stat-code.c @@ -101,13 +101,13 @@ void DetectHttpStatCodeRegister (void) DetectAppLayerInspectEngineRegister2("http_stat_code", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_LINE, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("http_stat_code", SIG_FLAG_TOCLIENT, 4, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_stat_code", SIG_FLAG_TOCLIENT, 4, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_RESPONSE_LINE); DetectAppLayerInspectEngineRegister2("http_stat_code", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2("http_stat_code", SIG_FLAG_TOCLIENT, 4, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_stat_code", SIG_FLAG_TOCLIENT, 4, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataServer); DetectBufferTypeSetDescriptionByName("http_stat_code", diff --git a/src/detect-http-stat-msg.c b/src/detect-http-stat-msg.c index 6be7de64f756..403b87a97025 100644 --- a/src/detect-http-stat-msg.c +++ b/src/detect-http-stat-msg.c @@ -111,12 +111,12 @@ void DetectHttpStatMsgRegister (void) DetectAppLayerInspectEngineRegister2("http_stat_msg", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_LINE, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("http_stat_msg", SIG_FLAG_TOCLIENT, 3, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_stat_msg", SIG_FLAG_TOCLIENT, 3, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_RESPONSE_LINE); DetectAppLayerInspectEngineRegister2("http_stat_msg", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2("http_stat_msg", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_stat_msg", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataServer); DetectBufferTypeSetDescriptionByName("http_stat_msg", diff --git a/src/detect-http-ua.c b/src/detect-http-ua.c index 7138cf93fea4..7840478d602f 100644 --- a/src/detect-http-ua.c +++ b/src/detect-http-ua.c @@ -101,13 +101,13 @@ void DetectHttpUARegister(void) DetectAppLayerInspectEngineRegister2("http_user_agent", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("http_user_agent", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_user_agent", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); DetectAppLayerInspectEngineRegister2("http_user_agent", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2("http_user_agent", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_user_agent", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataClient); DetectBufferTypeSetDescriptionByName("http_user_agent", diff --git a/src/detect-http-uri.c b/src/detect-http-uri.c index cc43023a783a..f7aa2a58205a 100644 --- a/src/detect-http-uri.c +++ b/src/detect-http-uri.c @@ -110,13 +110,13 @@ void DetectHttpUriRegister (void) DetectAppLayerInspectEngineRegister2("http_uri", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("http_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_REQUEST_LINE); DetectAppLayerInspectEngineRegister2("http_uri", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2("http_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataClient); DetectBufferTypeSetDescriptionByName("http_uri", @@ -148,14 +148,14 @@ void DetectHttpUriRegister (void) DetectAppLayerInspectEngineRegister2("http_raw_uri", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetRawData); - DetectAppLayerMpmRegister2("http_raw_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_raw_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRawData, ALPROTO_HTTP1, HTP_REQUEST_LINE); // no difference between raw and decoded uri for HTTP2 DetectAppLayerInspectEngineRegister2("http_raw_uri", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerMpmRegister2("http_raw_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("http_raw_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataClient); DetectBufferTypeSetDescriptionByName("http_raw_uri", diff --git a/src/detect-http2.c b/src/detect-http2.c index 40cbe3e3a78e..58a0c344628d 100644 --- a/src/detect-http2.c +++ b/src/detect-http2.c @@ -177,15 +177,13 @@ void DetectHttp2Register(void) sigmatch_table[DETECT_HTTP2_HEADERNAME].Setup = DetectHTTP2headerNameSetup; sigmatch_table[DETECT_HTTP2_HEADERNAME].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerMpmRegister2("http2_header_name", SIG_FLAG_TOCLIENT, 2, - PrefilterMpmHttp2HeaderNameRegister, NULL, - ALPROTO_HTTP2, HTTP2StateOpen); + DetectAppLayerMpmRegister("http2_header_name", SIG_FLAG_TOCLIENT, 2, + PrefilterMpmHttp2HeaderNameRegister, NULL, ALPROTO_HTTP2, HTTP2StateOpen); DetectAppLayerInspectEngineRegister2("http2_header_name", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateOpen, DetectEngineInspectHttp2HeaderName, NULL); - DetectAppLayerMpmRegister2("http2_header_name", SIG_FLAG_TOSERVER, 2, - PrefilterMpmHttp2HeaderNameRegister, NULL, - ALPROTO_HTTP2, HTTP2StateOpen); + DetectAppLayerMpmRegister("http2_header_name", SIG_FLAG_TOSERVER, 2, + PrefilterMpmHttp2HeaderNameRegister, NULL, ALPROTO_HTTP2, HTTP2StateOpen); DetectAppLayerInspectEngineRegister2("http2_header_name", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateOpen, DetectEngineInspectHttp2HeaderName, NULL); diff --git a/src/detect-ike-key-exchange-payload.c b/src/detect-ike-key-exchange-payload.c index 813e5bf080cd..03121e8d1a47 100644 --- a/src/detect-ike-key-exchange-payload.c +++ b/src/detect-ike-key-exchange-payload.c @@ -103,13 +103,13 @@ void DetectIkeKeyExchangeRegister(void) DetectAppLayerInspectEngineRegister2(BUFFER_NAME_KEY_EXCHANGE, ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, DetectEngineInspectBufferGeneric, GetKeyExchangeData); - DetectAppLayerMpmRegister2(BUFFER_NAME_KEY_EXCHANGE, SIG_FLAG_TOSERVER, 1, + DetectAppLayerMpmRegister(BUFFER_NAME_KEY_EXCHANGE, SIG_FLAG_TOSERVER, 1, PrefilterGenericMpmRegister, GetKeyExchangeData, ALPROTO_IKE, 1); DetectAppLayerInspectEngineRegister2(BUFFER_NAME_KEY_EXCHANGE, ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, GetKeyExchangeData); - DetectAppLayerMpmRegister2(BUFFER_NAME_KEY_EXCHANGE, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerMpmRegister(BUFFER_NAME_KEY_EXCHANGE, SIG_FLAG_TOCLIENT, 1, PrefilterGenericMpmRegister, GetKeyExchangeData, ALPROTO_IKE, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME_KEY_EXCHANGE, BUFFER_DESC_KEY_EXCHANGE); diff --git a/src/detect-ike-nonce-payload.c b/src/detect-ike-nonce-payload.c index a6b73cdf8487..6ee5ab7e72b9 100644 --- a/src/detect-ike-nonce-payload.c +++ b/src/detect-ike-nonce-payload.c @@ -102,13 +102,13 @@ void DetectIkeNonceRegister(void) DetectAppLayerInspectEngineRegister2(BUFFER_NAME_NONCE, ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, DetectEngineInspectBufferGeneric, GetNonceData); - DetectAppLayerMpmRegister2(BUFFER_NAME_NONCE, SIG_FLAG_TOSERVER, 1, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME_NONCE, SIG_FLAG_TOSERVER, 1, PrefilterGenericMpmRegister, GetNonceData, ALPROTO_IKE, 1); DetectAppLayerInspectEngineRegister2(BUFFER_NAME_NONCE, ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, GetNonceData); - DetectAppLayerMpmRegister2(BUFFER_NAME_NONCE, SIG_FLAG_TOCLIENT, 1, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME_NONCE, SIG_FLAG_TOCLIENT, 1, PrefilterGenericMpmRegister, GetNonceData, ALPROTO_IKE, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME_NONCE, BUFFER_DESC_NONCE); diff --git a/src/detect-ike-spi.c b/src/detect-ike-spi.c index 5514d0202cb5..94009a4e72d6 100644 --- a/src/detect-ike-spi.c +++ b/src/detect-ike-spi.c @@ -141,7 +141,7 @@ void DetectIkeSpiRegister(void) DetectAppLayerInspectEngineRegister2(BUFFER_NAME_INITIATOR, ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, DetectEngineInspectBufferGeneric, GetInitiatorData); - DetectAppLayerMpmRegister2(BUFFER_NAME_INITIATOR, SIG_FLAG_TOSERVER, 1, + DetectAppLayerMpmRegister(BUFFER_NAME_INITIATOR, SIG_FLAG_TOSERVER, 1, PrefilterGenericMpmRegister, GetInitiatorData, ALPROTO_IKE, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME_INITIATOR, BUFFER_DESC_INITIATOR); @@ -161,7 +161,7 @@ void DetectIkeSpiRegister(void) DetectAppLayerInspectEngineRegister2(BUFFER_NAME_RESPONDER, ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, GetResponderData); - DetectAppLayerMpmRegister2(BUFFER_NAME_RESPONDER, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerMpmRegister(BUFFER_NAME_RESPONDER, SIG_FLAG_TOCLIENT, 1, PrefilterGenericMpmRegister, GetResponderData, ALPROTO_IKE, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME_RESPONDER, BUFFER_DESC_RESPONDER); diff --git a/src/detect-ike-vendor.c b/src/detect-ike-vendor.c index 54418e0fe01a..c3ef33e6f00d 100644 --- a/src/detect-ike-vendor.c +++ b/src/detect-ike-vendor.c @@ -182,7 +182,7 @@ void DetectIkeVendorRegister(void) sigmatch_table[DETECT_AL_IKE_VENDOR].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_IKE_VENDOR].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerMpmRegister2("ike.vendor", SIG_FLAG_TOSERVER, 1, PrefilterMpmIkeVendorRegister, + DetectAppLayerMpmRegister("ike.vendor", SIG_FLAG_TOSERVER, 1, PrefilterMpmIkeVendorRegister, NULL, ALPROTO_IKE, 1); DetectAppLayerInspectEngineRegister2( diff --git a/src/detect-krb5-cname.c b/src/detect-krb5-cname.c index d6f653beed18..e56fd9828a72 100644 --- a/src/detect-krb5-cname.c +++ b/src/detect-krb5-cname.c @@ -196,9 +196,8 @@ void DetectKrb5CNameRegister(void) sigmatch_table[DETECT_AL_KRB5_CNAME].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; sigmatch_table[DETECT_AL_KRB5_CNAME].desc = "sticky buffer to match on Kerberos 5 client name"; - DetectAppLayerMpmRegister2("krb5_cname", SIG_FLAG_TOCLIENT, 2, - PrefilterMpmKrb5CNameRegister, NULL, - ALPROTO_KRB5, 1); + DetectAppLayerMpmRegister("krb5_cname", SIG_FLAG_TOCLIENT, 2, PrefilterMpmKrb5CNameRegister, + NULL, ALPROTO_KRB5, 1); DetectAppLayerInspectEngineRegister2("krb5_cname", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, diff --git a/src/detect-krb5-sname.c b/src/detect-krb5-sname.c index e4ccc6c2432e..84d51fd61cc1 100644 --- a/src/detect-krb5-sname.c +++ b/src/detect-krb5-sname.c @@ -196,9 +196,8 @@ void DetectKrb5SNameRegister(void) sigmatch_table[DETECT_AL_KRB5_SNAME].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; sigmatch_table[DETECT_AL_KRB5_SNAME].desc = "sticky buffer to match on Kerberos 5 server name"; - DetectAppLayerMpmRegister2("krb5_sname", SIG_FLAG_TOCLIENT, 2, - PrefilterMpmKrb5SNameRegister, NULL, - ALPROTO_KRB5, 1); + DetectAppLayerMpmRegister("krb5_sname", SIG_FLAG_TOCLIENT, 2, PrefilterMpmKrb5SNameRegister, + NULL, ALPROTO_KRB5, 1); DetectAppLayerInspectEngineRegister2("krb5_sname", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, diff --git a/src/detect-mqtt-connect-clientid.c b/src/detect-mqtt-connect-clientid.c index 1acebf9943bc..10788441bff5 100644 --- a/src/detect-mqtt-connect-clientid.c +++ b/src/detect-mqtt-connect-clientid.c @@ -82,9 +82,8 @@ void DetectMQTTConnectClientIDRegister(void) SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_MQTT, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_MQTT, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-mqtt-connect-password.c b/src/detect-mqtt-connect-password.c index c08390748fe0..e337e449007f 100644 --- a/src/detect-mqtt-connect-password.c +++ b/src/detect-mqtt-connect-password.c @@ -82,9 +82,8 @@ void DetectMQTTConnectPasswordRegister(void) SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_MQTT, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_MQTT, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-mqtt-connect-username.c b/src/detect-mqtt-connect-username.c index dbc772d22058..c3b2093da45e 100644 --- a/src/detect-mqtt-connect-username.c +++ b/src/detect-mqtt-connect-username.c @@ -82,9 +82,8 @@ void DetectMQTTConnectUsernameRegister(void) SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_MQTT, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_MQTT, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-mqtt-connect-willmessage.c b/src/detect-mqtt-connect-willmessage.c index 48d851d3209e..2ee26c1feffd 100644 --- a/src/detect-mqtt-connect-willmessage.c +++ b/src/detect-mqtt-connect-willmessage.c @@ -82,9 +82,8 @@ void DetectMQTTConnectWillMessageRegister(void) SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_MQTT, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_MQTT, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-mqtt-connect-willtopic.c b/src/detect-mqtt-connect-willtopic.c index da3d2640dd96..0dee68a9a686 100644 --- a/src/detect-mqtt-connect-willtopic.c +++ b/src/detect-mqtt-connect-willtopic.c @@ -82,9 +82,8 @@ void DetectMQTTConnectWillTopicRegister(void) SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_MQTT, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_MQTT, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-mqtt-publish-message.c b/src/detect-mqtt-publish-message.c index 32f3bd6460ad..6ab85667c3b4 100644 --- a/src/detect-mqtt-publish-message.c +++ b/src/detect-mqtt-publish-message.c @@ -82,9 +82,8 @@ void DetectMQTTPublishMessageRegister(void) SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_MQTT, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_MQTT, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-mqtt-publish-topic.c b/src/detect-mqtt-publish-topic.c index c03a47b5eda7..c25d277e3c29 100644 --- a/src/detect-mqtt-publish-topic.c +++ b/src/detect-mqtt-publish-topic.c @@ -82,9 +82,8 @@ void DetectMQTTPublishTopicRegister(void) SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_MQTT, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_MQTT, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-mqtt-subscribe-topic.c b/src/detect-mqtt-subscribe-topic.c index c2793bb13a80..489108b57114 100644 --- a/src/detect-mqtt-subscribe-topic.c +++ b/src/detect-mqtt-subscribe-topic.c @@ -211,9 +211,8 @@ void DetectMQTTSubscribeTopicRegister (void) subscribe_topic_match_limit); } - DetectAppLayerMpmRegister2("mqtt.subscribe.topic", SIG_FLAG_TOSERVER, 1, - PrefilterMpmMQTTSubscribeTopicRegister, NULL, - ALPROTO_MQTT, 1); + DetectAppLayerMpmRegister("mqtt.subscribe.topic", SIG_FLAG_TOSERVER, 1, + PrefilterMpmMQTTSubscribeTopicRegister, NULL, ALPROTO_MQTT, 1); DetectAppLayerInspectEngineRegister2("mqtt.subscribe.topic", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, diff --git a/src/detect-mqtt-unsubscribe-topic.c b/src/detect-mqtt-unsubscribe-topic.c index 0ff49ea6d0d3..340371f9264f 100644 --- a/src/detect-mqtt-unsubscribe-topic.c +++ b/src/detect-mqtt-unsubscribe-topic.c @@ -211,9 +211,8 @@ void DetectMQTTUnsubscribeTopicRegister (void) unsubscribe_topic_match_limit); } - DetectAppLayerMpmRegister2("mqtt.unsubscribe.topic", SIG_FLAG_TOSERVER, 1, - PrefilterMpmMQTTUnsubscribeTopicRegister, NULL, - ALPROTO_MQTT, 1); + DetectAppLayerMpmRegister("mqtt.unsubscribe.topic", SIG_FLAG_TOSERVER, 1, + PrefilterMpmMQTTUnsubscribeTopicRegister, NULL, ALPROTO_MQTT, 1); DetectAppLayerInspectEngineRegister2("mqtt.unsubscribe.topic", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, diff --git a/src/detect-parse.c b/src/detect-parse.c index d9800f0a2f34..2b749797102e 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -107,17 +107,15 @@ void DetectFileRegisterFileProtocols(DetectFileHandlerTableElmt *reg) : al_protocols[i].direction; if (direction & SIG_FLAG_TOCLIENT) { - DetectAppLayerMpmRegister2(reg->name, SIG_FLAG_TOCLIENT, reg->priority, - reg->PrefilterFn, reg->GetData, al_protocols[i].al_proto, - al_protocols[i].to_client_progress); + DetectAppLayerMpmRegister(reg->name, SIG_FLAG_TOCLIENT, reg->priority, reg->PrefilterFn, + reg->GetData, al_protocols[i].al_proto, al_protocols[i].to_client_progress); DetectAppLayerInspectEngineRegister2(reg->name, al_protocols[i].al_proto, SIG_FLAG_TOCLIENT, al_protocols[i].to_client_progress, reg->Callback, reg->GetData); } if (direction & SIG_FLAG_TOSERVER) { - DetectAppLayerMpmRegister2(reg->name, SIG_FLAG_TOSERVER, reg->priority, - reg->PrefilterFn, reg->GetData, al_protocols[i].al_proto, - al_protocols[i].to_server_progress); + DetectAppLayerMpmRegister(reg->name, SIG_FLAG_TOSERVER, reg->priority, reg->PrefilterFn, + reg->GetData, al_protocols[i].al_proto, al_protocols[i].to_server_progress); DetectAppLayerInspectEngineRegister2(reg->name, al_protocols[i].al_proto, SIG_FLAG_TOSERVER, al_protocols[i].to_server_progress, reg->Callback, reg->GetData); diff --git a/src/detect-quic-cyu-hash.c b/src/detect-quic-cyu-hash.c index 8b094aaa1d61..dbed3cb37ae4 100644 --- a/src/detect-quic-cyu-hash.c +++ b/src/detect-quic-cyu-hash.c @@ -234,7 +234,7 @@ void DetectQuicCyuHashRegister(void) sigmatch_table[DETECT_AL_QUIC_CYU_HASH].RegisterTests = DetectQuicCyuHashRegisterTests; #endif - DetectAppLayerMpmRegister2( + DetectAppLayerMpmRegister( BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterMpmQuicHashRegister, NULL, ALPROTO_QUIC, 1); DetectAppLayerInspectEngineRegister2( diff --git a/src/detect-quic-cyu-string.c b/src/detect-quic-cyu-string.c index cf1164c40fde..da807991fc27 100644 --- a/src/detect-quic-cyu-string.c +++ b/src/detect-quic-cyu-string.c @@ -187,7 +187,7 @@ void DetectQuicCyuStringRegister(void) sigmatch_table[DETECT_AL_QUIC_CYU_STRING].RegisterTests = DetectQuicCyuStringRegisterTests; #endif - DetectAppLayerMpmRegister2( + DetectAppLayerMpmRegister( BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterMpmListIdRegister, NULL, ALPROTO_QUIC, 1); DetectAppLayerInspectEngineRegister2( diff --git a/src/detect-quic-sni.c b/src/detect-quic-sni.c index 722f50d04697..647308084087 100644 --- a/src/detect-quic-sni.c +++ b/src/detect-quic-sni.c @@ -80,7 +80,7 @@ void DetectQuicSniRegister(void) sigmatch_table[DETECT_AL_QUIC_SNI].RegisterTests = DetectQuicSniRegisterTests; #endif - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetSniData, ALPROTO_QUIC, 1); DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, diff --git a/src/detect-quic-ua.c b/src/detect-quic-ua.c index c491d05b06a2..f101ec9577a6 100644 --- a/src/detect-quic-ua.c +++ b/src/detect-quic-ua.c @@ -80,7 +80,7 @@ void DetectQuicUaRegister(void) sigmatch_table[DETECT_AL_QUIC_UA].RegisterTests = DetectQuicUaRegisterTests; #endif - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetUaData, ALPROTO_QUIC, 1); DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, diff --git a/src/detect-quic-version.c b/src/detect-quic-version.c index fcd99545aad5..ef4d3a602711 100644 --- a/src/detect-quic-version.c +++ b/src/detect-quic-version.c @@ -80,9 +80,9 @@ void DetectQuicVersionRegister(void) sigmatch_table[DETECT_AL_QUIC_VERSION].RegisterTests = DetectQuicVersionRegisterTests; #endif - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetVersionData, ALPROTO_QUIC, 1); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetVersionData, ALPROTO_QUIC, 1); DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, diff --git a/src/detect-rfb-name.c b/src/detect-rfb-name.c index 5e8251d51a5a..965532952bfb 100644 --- a/src/detect-rfb-name.c +++ b/src/detect-rfb-name.c @@ -100,9 +100,8 @@ void DetectRfbNameRegister(void) SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 1, - PrefilterGenericMpmRegister, GetData, ALPROTO_RFB, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 1, PrefilterGenericMpmRegister, + GetData, ALPROTO_RFB, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-sip-method.c b/src/detect-sip-method.c index fccc8a73f9fc..60160616f0da 100644 --- a/src/detect-sip-method.c +++ b/src/detect-sip-method.c @@ -138,9 +138,8 @@ void DetectSipMethodRegister(void) SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_SIP, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_SIP, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-sip-protocol.c b/src/detect-sip-protocol.c index 41fdcac538b3..3feb6f6e24ad 100644 --- a/src/detect-sip-protocol.c +++ b/src/detect-sip-protocol.c @@ -100,12 +100,10 @@ void DetectSipProtocolRegister(void) sigmatch_table[DETECT_AL_SIP_PROTOCOL].Setup = DetectSipProtocolSetup; sigmatch_table[DETECT_AL_SIP_PROTOCOL].flags |= SIGMATCH_NOOPT; - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_SIP, - 1); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_SIP, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_SIP, 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_SIP, 1); DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SIP, SIG_FLAG_TOSERVER, 1, DetectEngineInspectBufferGeneric, GetData); diff --git a/src/detect-sip-request-line.c b/src/detect-sip-request-line.c index 9d9f4c9c5fe5..ac5e9276ef6d 100644 --- a/src/detect-sip-request-line.c +++ b/src/detect-sip-request-line.c @@ -104,9 +104,8 @@ void DetectSipRequestLineRegister(void) SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_SIP, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_SIP, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-sip-response-line.c b/src/detect-sip-response-line.c index 99061f951d5a..9929eb3644ac 100644 --- a/src/detect-sip-response-line.c +++ b/src/detect-sip-response-line.c @@ -104,9 +104,8 @@ void DetectSipResponseLineRegister(void) SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_SIP, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_SIP, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-sip-stat-code.c b/src/detect-sip-stat-code.c index 9b663c971e8e..eeb427dd1326 100644 --- a/src/detect-sip-stat-code.c +++ b/src/detect-sip-stat-code.c @@ -107,9 +107,8 @@ void DetectSipStatCodeRegister (void) SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 4, - PrefilterGenericMpmRegister, GetData, ALPROTO_SIP, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 4, PrefilterGenericMpmRegister, + GetData, ALPROTO_SIP, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-sip-stat-msg.c b/src/detect-sip-stat-msg.c index a9b9247a5d70..583654803c3d 100644 --- a/src/detect-sip-stat-msg.c +++ b/src/detect-sip-stat-msg.c @@ -107,9 +107,8 @@ void DetectSipStatMsgRegister (void) SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 3, - PrefilterGenericMpmRegister, GetData, ALPROTO_SIP, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 3, PrefilterGenericMpmRegister, + GetData, ALPROTO_SIP, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-sip-uri.c b/src/detect-sip-uri.c index 1a000fdb543a..5c568e8c04a8 100644 --- a/src/detect-sip-uri.c +++ b/src/detect-sip-uri.c @@ -116,9 +116,8 @@ void DetectSipUriRegister(void) SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_SIP, - 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_SIP, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-smb-ntlmssp.c b/src/detect-smb-ntlmssp.c index a88b89c6f473..558488b5069a 100644 --- a/src/detect-smb-ntlmssp.c +++ b/src/detect-smb-ntlmssp.c @@ -81,7 +81,7 @@ void DetectSmbNtlmsspUserRegister(void) sigmatch_table[KEYWORD_ID].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; sigmatch_table[KEYWORD_ID].desc = "sticky buffer to match on SMB ntlmssp user in session setup"; - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetNtlmsspUserData, ALPROTO_SMB, 1); DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, @@ -139,7 +139,7 @@ void DetectSmbNtlmsspDomainRegister(void) sigmatch_table[KEYWORD_ID].desc = "sticky buffer to match on SMB ntlmssp domain in session setup"; - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetNtlmsspDomainData, ALPROTO_SMB, 1); DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, diff --git a/src/detect-smb-share.c b/src/detect-smb-share.c index 8d4d145fad8c..7d90e5622d1c 100644 --- a/src/detect-smb-share.c +++ b/src/detect-smb-share.c @@ -83,9 +83,8 @@ void DetectSmbNamedPipeRegister(void) sigmatch_table[KEYWORD_ID].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; sigmatch_table[KEYWORD_ID].desc = "sticky buffer to match on SMB named pipe in tree connect"; - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetNamedPipeData, - ALPROTO_SMB, 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetNamedPipeData, ALPROTO_SMB, 1); DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, @@ -146,9 +145,8 @@ void DetectSmbShareRegister(void) sigmatch_table[KEYWORD_ID].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; sigmatch_table[KEYWORD_ID].desc = "sticky buffer to match on SMB share name in tree connect"; - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetShareData, - ALPROTO_SMB, 1); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetShareData, ALPROTO_SMB, 1); DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, diff --git a/src/detect-snmp-community.c b/src/detect-snmp-community.c index 93e7d21671ab..1205f2e1a3dc 100644 --- a/src/detect-snmp-community.c +++ b/src/detect-snmp-community.c @@ -65,13 +65,13 @@ void DetectSNMPCommunityRegister(void) DetectAppLayerInspectEngineRegister2("snmp.community", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("snmp.community", SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_SNMP, 0); + DetectAppLayerMpmRegister("snmp.community", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_SNMP, 0); DetectAppLayerInspectEngineRegister2("snmp.community", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("snmp.community", SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_SNMP, 0); + DetectAppLayerMpmRegister("snmp.community", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_SNMP, 0); DetectBufferTypeSetDescriptionByName("snmp.community", "SNMP Community identifier"); diff --git a/src/detect-snmp-usm.c b/src/detect-snmp-usm.c index 2e03fca16b94..153ba94d8519 100644 --- a/src/detect-snmp-usm.c +++ b/src/detect-snmp-usm.c @@ -68,11 +68,11 @@ void DetectSNMPUsmRegister(void) /* register inspect engines */ DetectAppLayerInspectEngineRegister2("snmp.usm", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("snmp.usm", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("snmp.usm", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_SNMP, 0); DetectAppLayerInspectEngineRegister2("snmp.usm", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("snmp.usm", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("snmp.usm", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_SNMP, 0); DetectBufferTypeSetDescriptionByName("snmp.usm", "SNMP USM"); diff --git a/src/detect-ssh-hassh-server-string.c b/src/detect-ssh-hassh-server-string.c index 27b0e0cb7595..c38301de0d28 100644 --- a/src/detect-ssh-hassh-server-string.c +++ b/src/detect-ssh-hassh-server-string.c @@ -129,10 +129,8 @@ void DetectSshHasshServerStringRegister(void) sigmatch_table[DETECT_AL_SSH_HASSH_SERVER_STRING].Setup = DetectSshHasshServerStringSetup; sigmatch_table[DETECT_AL_SSH_HASSH_SERVER_STRING].flags |= SIGMATCH_INFO_STICKY_BUFFER | SIGMATCH_NOOPT; - - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetSshData, - ALPROTO_SSH, SshStateBannerDone); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetSshData, ALPROTO_SSH, SshStateBannerDone); DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOCLIENT, SshStateBannerDone, DetectEngineInspectBufferGeneric, GetSshData); diff --git a/src/detect-ssh-hassh-server.c b/src/detect-ssh-hassh-server.c index 295284108f10..fe225bd2fcef 100644 --- a/src/detect-ssh-hassh-server.c +++ b/src/detect-ssh-hassh-server.c @@ -197,9 +197,8 @@ void DetectSshHasshServerRegister(void) sigmatch_table[DETECT_AL_SSH_HASSH_SERVER].Setup = DetectSshHasshServerSetup; sigmatch_table[DETECT_AL_SSH_HASSH_SERVER].flags |= SIGMATCH_INFO_STICKY_BUFFER | SIGMATCH_NOOPT; - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetSshData, - ALPROTO_SSH, SshStateBannerDone); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetSshData, ALPROTO_SSH, SshStateBannerDone); DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOCLIENT, SshStateBannerDone, DetectEngineInspectBufferGeneric, GetSshData); diff --git a/src/detect-ssh-hassh-string.c b/src/detect-ssh-hassh-string.c index e639e64b134f..af98c21bf291 100644 --- a/src/detect-ssh-hassh-string.c +++ b/src/detect-ssh-hassh-string.c @@ -129,10 +129,8 @@ void DetectSshHasshStringRegister(void) sigmatch_table[DETECT_AL_SSH_HASSH_STRING].Setup = DetectSshHasshStringSetup; sigmatch_table[DETECT_AL_SSH_HASSH_STRING].flags |= SIGMATCH_INFO_STICKY_BUFFER | SIGMATCH_NOOPT; - - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetSshData, - ALPROTO_SSH, SshStateBannerDone); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetSshData, ALPROTO_SSH, SshStateBannerDone); DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOSERVER, SshStateBannerDone, DetectEngineInspectBufferGeneric, GetSshData); diff --git a/src/detect-ssh-hassh.c b/src/detect-ssh-hassh.c index b410a5ffee84..4704b95a658e 100644 --- a/src/detect-ssh-hassh.c +++ b/src/detect-ssh-hassh.c @@ -199,13 +199,10 @@ void DetectSshHasshRegister(void) sigmatch_table[DETECT_AL_SSH_HASSH].Setup = DetectSshHasshSetup; sigmatch_table[DETECT_AL_SSH_HASSH].flags |= SIGMATCH_INFO_STICKY_BUFFER | SIGMATCH_NOOPT; - - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetSshData, - ALPROTO_SSH, SshStateBannerDone), - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SSH, - SIG_FLAG_TOSERVER, SshStateBannerDone, - DetectEngineInspectBufferGeneric, GetSshData); + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetSshData, ALPROTO_SSH, SshStateBannerDone), + DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOSERVER, + SshStateBannerDone, DetectEngineInspectBufferGeneric, GetSshData); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); g_ssh_hassh_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME); diff --git a/src/detect-ssh-proto.c b/src/detect-ssh-proto.c index a979190de1a9..e56f846c8416 100644 --- a/src/detect-ssh-proto.c +++ b/src/detect-ssh-proto.c @@ -101,17 +101,13 @@ void DetectSshProtocolRegister(void) sigmatch_table[DETECT_AL_SSH_PROTOCOL].Setup = DetectSshProtocolSetup; sigmatch_table[DETECT_AL_SSH_PROTOCOL].flags |= SIGMATCH_INFO_STICKY_BUFFER | SIGMATCH_NOOPT; + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetSshData, ALPROTO_SSH, SshStateBannerDone), + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, + PrefilterGenericMpmRegister, GetSshData, ALPROTO_SSH, SshStateBannerDone), - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetSshData, - ALPROTO_SSH, SshStateBannerDone), - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetSshData, - ALPROTO_SSH, SshStateBannerDone), - - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_SSH, SIG_FLAG_TOSERVER, SshStateBannerDone, - DetectEngineInspectBufferGeneric, GetSshData); + DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOSERVER, + SshStateBannerDone, DetectEngineInspectBufferGeneric, GetSshData); DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOCLIENT, SshStateBannerDone, DetectEngineInspectBufferGeneric, GetSshData); diff --git a/src/detect-ssh-software.c b/src/detect-ssh-software.c index cd11c5c20904..2b0e3d47d1cc 100644 --- a/src/detect-ssh-software.c +++ b/src/detect-ssh-software.c @@ -102,16 +102,13 @@ void DetectSshSoftwareRegister(void) sigmatch_table[DETECT_AL_SSH_SOFTWARE].Setup = DetectSshSoftwareSetup; sigmatch_table[DETECT_AL_SSH_SOFTWARE].flags |= SIGMATCH_INFO_STICKY_BUFFER | SIGMATCH_NOOPT; - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetSshData, - ALPROTO_SSH, SshStateBannerDone), - DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetSshData, - ALPROTO_SSH, SshStateBannerDone), + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetSshData, ALPROTO_SSH, SshStateBannerDone), + DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, + PrefilterGenericMpmRegister, GetSshData, ALPROTO_SSH, SshStateBannerDone), - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_SSH, SIG_FLAG_TOSERVER, SshStateBannerDone, - DetectEngineInspectBufferGeneric, GetSshData); + DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOSERVER, + SshStateBannerDone, DetectEngineInspectBufferGeneric, GetSshData); DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOCLIENT, SshStateBannerDone, DetectEngineInspectBufferGeneric, GetSshData); diff --git a/src/detect-tls-cert-fingerprint.c b/src/detect-tls-cert-fingerprint.c index 98ba46143db4..354171113f04 100644 --- a/src/detect-tls-cert-fingerprint.c +++ b/src/detect-tls-cert-fingerprint.c @@ -87,14 +87,13 @@ void DetectTlsFingerprintRegister(void) SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("tls.cert_fingerprint", SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, - TLS_STATE_CERT_READY); + DetectAppLayerMpmRegister("tls.cert_fingerprint", SIG_FLAG_TOCLIENT, 2, + PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, TLS_STATE_CERT_READY); DetectAppLayerInspectEngineRegister2("tls.cert_fingerprint", ALPROTO_TLS, SIG_FLAG_TOSERVER, TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("tls.cert_fingerprint", SIG_FLAG_TOSERVER, 2, + DetectAppLayerMpmRegister("tls.cert_fingerprint", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, TLS_STATE_CERT_READY); DetectBufferTypeSetDescriptionByName("tls.cert_fingerprint", diff --git a/src/detect-tls-cert-issuer.c b/src/detect-tls-cert-issuer.c index 9146f8d0f40b..fd8f1bcbc0ed 100644 --- a/src/detect-tls-cert-issuer.c +++ b/src/detect-tls-cert-issuer.c @@ -82,16 +82,15 @@ void DetectTlsIssuerRegister(void) DetectAppLayerInspectEngineRegister2("tls.cert_issuer", ALPROTO_TLS, SIG_FLAG_TOSERVER, TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("tls.cert_issuer", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("tls.cert_issuer", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, TLS_STATE_CERT_READY); DetectAppLayerInspectEngineRegister2("tls.cert_issuer", ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("tls.cert_issuer", SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, - TLS_STATE_CERT_READY); + DetectAppLayerMpmRegister("tls.cert_issuer", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_TLS, TLS_STATE_CERT_READY); DetectBufferTypeSetDescriptionByName("tls.cert_issuer", "TLS certificate issuer"); diff --git a/src/detect-tls-cert-serial.c b/src/detect-tls-cert-serial.c index 19c86be80e24..b1fd15d537e2 100644 --- a/src/detect-tls-cert-serial.c +++ b/src/detect-tls-cert-serial.c @@ -87,14 +87,13 @@ void DetectTlsSerialRegister(void) SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("tls.cert_serial", SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, - TLS_STATE_CERT_READY); + DetectAppLayerMpmRegister("tls.cert_serial", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_TLS, TLS_STATE_CERT_READY); DetectAppLayerInspectEngineRegister2("tls.cert_serial", ALPROTO_TLS, SIG_FLAG_TOSERVER, TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("tls.cert_serial", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("tls.cert_serial", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, TLS_STATE_CERT_READY); DetectBufferTypeSetDescriptionByName("tls.cert_serial", diff --git a/src/detect-tls-cert-subject.c b/src/detect-tls-cert-subject.c index 9ec7fb96fb1f..d4ceacfb1a95 100644 --- a/src/detect-tls-cert-subject.c +++ b/src/detect-tls-cert-subject.c @@ -82,15 +82,14 @@ void DetectTlsSubjectRegister(void) DetectAppLayerInspectEngineRegister2("tls.cert_subject", ALPROTO_TLS, SIG_FLAG_TOSERVER, TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("tls.cert_subject", SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, TLS_STATE_CERT_READY); + DetectAppLayerMpmRegister("tls.cert_subject", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_TLS, TLS_STATE_CERT_READY); DetectAppLayerInspectEngineRegister2("tls.cert_subject", ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("tls.cert_subject", SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, - TLS_STATE_CERT_READY); + DetectAppLayerMpmRegister("tls.cert_subject", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_TLS, TLS_STATE_CERT_READY); DetectBufferTypeSupportsMultiInstance("tls.cert_subject"); diff --git a/src/detect-tls-certs.c b/src/detect-tls-certs.c index a0204377373e..461df422e449 100644 --- a/src/detect-tls-certs.c +++ b/src/detect-tls-certs.c @@ -97,15 +97,14 @@ void DetectTlsCertsRegister(void) SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, DetectEngineInspectTlsCerts, NULL); - DetectAppLayerMpmRegister2("tls.certs", SIG_FLAG_TOCLIENT, 2, - PrefilterMpmTlsCertsRegister, NULL, ALPROTO_TLS, - TLS_STATE_CERT_READY); + DetectAppLayerMpmRegister("tls.certs", SIG_FLAG_TOCLIENT, 2, PrefilterMpmTlsCertsRegister, NULL, + ALPROTO_TLS, TLS_STATE_CERT_READY); DetectAppLayerInspectEngineRegister2("tls.certs", ALPROTO_TLS, SIG_FLAG_TOSERVER, TLS_STATE_CERT_READY, DetectEngineInspectTlsCerts, NULL); - DetectAppLayerMpmRegister2("tls.certs", SIG_FLAG_TOSERVER, 2, PrefilterMpmTlsCertsRegister, - NULL, ALPROTO_TLS, TLS_STATE_CERT_READY); + DetectAppLayerMpmRegister("tls.certs", SIG_FLAG_TOSERVER, 2, PrefilterMpmTlsCertsRegister, NULL, + ALPROTO_TLS, TLS_STATE_CERT_READY); DetectBufferTypeSetDescriptionByName("tls.certs", "TLS certificate"); diff --git a/src/detect-tls-ja3-hash.c b/src/detect-tls-ja3-hash.c index 7660fde4c2a0..2b8b5ff8912b 100644 --- a/src/detect-tls-ja3-hash.c +++ b/src/detect-tls-ja3-hash.c @@ -83,10 +83,10 @@ void DetectTlsJa3HashRegister(void) DetectAppLayerInspectEngineRegister2("ja3.hash", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("ja3.hash", SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, 0); + DetectAppLayerMpmRegister( + "ja3.hash", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, 0); - DetectAppLayerMpmRegister2("ja3.hash", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("ja3.hash", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, Ja3DetectGetHash, ALPROTO_QUIC, 1); DetectAppLayerInspectEngineRegister2("ja3.hash", ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, diff --git a/src/detect-tls-ja3-string.c b/src/detect-tls-ja3-string.c index 87a61bfd8738..920e6f4a163c 100644 --- a/src/detect-tls-ja3-string.c +++ b/src/detect-tls-ja3-string.c @@ -79,10 +79,10 @@ void DetectTlsJa3StringRegister(void) DetectAppLayerInspectEngineRegister2("ja3.string", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("ja3.string", SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, 0); + DetectAppLayerMpmRegister("ja3.string", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_TLS, 0); - DetectAppLayerMpmRegister2("ja3.string", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("ja3.string", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, Ja3DetectGetString, ALPROTO_QUIC, 1); DetectAppLayerInspectEngineRegister2("ja3.string", ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, diff --git a/src/detect-tls-ja3s-hash.c b/src/detect-tls-ja3s-hash.c index 583566012d08..9d7429b202f7 100644 --- a/src/detect-tls-ja3s-hash.c +++ b/src/detect-tls-ja3s-hash.c @@ -82,10 +82,10 @@ void DetectTlsJa3SHashRegister(void) DetectAppLayerInspectEngineRegister2("ja3s.hash", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("ja3s.hash", SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, 0); + DetectAppLayerMpmRegister("ja3s.hash", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_TLS, 0); - DetectAppLayerMpmRegister2("ja3s.hash", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("ja3s.hash", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, Ja3DetectGetHash, ALPROTO_QUIC, 1); DetectAppLayerInspectEngineRegister2("ja3s.hash", ALPROTO_QUIC, SIG_FLAG_TOCLIENT, 1, diff --git a/src/detect-tls-ja3s-string.c b/src/detect-tls-ja3s-string.c index 0f7f7d61d067..0c4f1ba262fc 100644 --- a/src/detect-tls-ja3s-string.c +++ b/src/detect-tls-ja3s-string.c @@ -79,10 +79,10 @@ void DetectTlsJa3SStringRegister(void) DetectAppLayerInspectEngineRegister2("ja3s.string", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("ja3s.string", SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, 0); + DetectAppLayerMpmRegister("ja3s.string", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_TLS, 0); - DetectAppLayerMpmRegister2("ja3s.string", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("ja3s.string", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, Ja3DetectGetString, ALPROTO_QUIC, 1); DetectAppLayerInspectEngineRegister2("ja3s.string", ALPROTO_QUIC, SIG_FLAG_TOCLIENT, 1, diff --git a/src/detect-tls-random.c b/src/detect-tls-random.c index fc4369ab1861..6bce53a732f4 100644 --- a/src/detect-tls-random.c +++ b/src/detect-tls-random.c @@ -64,13 +64,13 @@ void DetectTlsRandomTimeRegister(void) /* Register engine for Server random */ DetectAppLayerInspectEngineRegister2("tls.random_time", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetRandomTimeData); - DetectAppLayerMpmRegister2("tls.random_time", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("tls.random_time", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRandomTimeData, ALPROTO_TLS, 0); /* Register engine for Client random */ DetectAppLayerInspectEngineRegister2("tls.random_time", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetRandomTimeData); - DetectAppLayerMpmRegister2("tls.random_time", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("tls.random_time", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetRandomTimeData, ALPROTO_TLS, 0); DetectBufferTypeSetDescriptionByName("tls.random_time", "TLS Random Time"); @@ -92,14 +92,14 @@ void DetectTlsRandomBytesRegister(void) /* Register engine for Server random */ DetectAppLayerInspectEngineRegister2("tls.random_bytes", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetRandomBytesData); - DetectAppLayerMpmRegister2("tls.random_bytes", SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetRandomBytesData, ALPROTO_TLS, 0); + DetectAppLayerMpmRegister("tls.random_bytes", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + GetRandomBytesData, ALPROTO_TLS, 0); /* Register engine for Client random */ DetectAppLayerInspectEngineRegister2("tls.random_bytes", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetRandomBytesData); - DetectAppLayerMpmRegister2("tls.random_bytes", SIG_FLAG_TOCLIENT, 2, - PrefilterGenericMpmRegister, GetRandomBytesData, ALPROTO_TLS, 0); + DetectAppLayerMpmRegister("tls.random_bytes", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetRandomBytesData, ALPROTO_TLS, 0); DetectBufferTypeSetDescriptionByName("tls.random_bytes", "TLS Random Bytes"); @@ -124,13 +124,13 @@ void DetectTlsRandomRegister(void) /* Register engine for Server random */ DetectAppLayerInspectEngineRegister2("tls.random", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetRandomData); - DetectAppLayerMpmRegister2("tls.random", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("tls.random", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRandomData, ALPROTO_TLS, 0); /* Register engine for Client random */ DetectAppLayerInspectEngineRegister2("tls.random", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetRandomData); - DetectAppLayerMpmRegister2("tls.random", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + DetectAppLayerMpmRegister("tls.random", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetRandomData, ALPROTO_TLS, 0); DetectBufferTypeSetDescriptionByName("tls.random", "TLS Random"); diff --git a/src/detect-tls-sni.c b/src/detect-tls-sni.c index 69b066e8e979..0279710b0280 100644 --- a/src/detect-tls-sni.c +++ b/src/detect-tls-sni.c @@ -76,8 +76,8 @@ void DetectTlsSniRegister(void) DetectAppLayerInspectEngineRegister2("tls.sni", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerMpmRegister2("tls.sni", SIG_FLAG_TOSERVER, 2, - PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, 0); + DetectAppLayerMpmRegister( + "tls.sni", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, 0); DetectBufferTypeSetDescriptionByName("tls.sni", "TLS Server Name Indication (SNI) extension"); From a65394d1484e8bc72a3792d6202cd7b3c1a7ac88 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Mon, 23 Oct 2023 16:24:23 -0600 Subject: [PATCH 02/12] detect: rename DetectAppLayerInspectEngine2 to DetectAppLayerInspectEngine Rename DetectAppLayerInspectEngine2 to DetectAppLayerInspectEngine as there is no other variant of this function, and the versioning with lack of supporting documentation can lead to confusion. --- .../extending/app-layer/transactions.rst | 6 ++--- src/detect-app-layer-event.c | 4 ++-- src/detect-cipservice.c | 8 +++---- src/detect-dce-iface.c | 8 +++---- src/detect-dce-stub-data.c | 24 +++++++------------ src/detect-dhcp-leasetime.c | 4 ++-- src/detect-dhcp-rebinding-time.c | 4 ++-- src/detect-dhcp-renewal-time.c | 4 ++-- src/detect-dnp3.c | 16 +++++-------- src/detect-dns-opcode.c | 4 ++-- src/detect-dns-query.c | 9 ++++--- src/detect-engine.c | 6 ++--- src/detect-engine.h | 6 ++--- src/detect-ftpbounce.c | 2 +- src/detect-ftpdata.c | 4 ++-- src/detect-http-client-body.c | 4 ++-- src/detect-http-cookie.c | 8 +++---- src/detect-http-header-names.c | 8 +++---- src/detect-http-header.c | 16 ++++++------- src/detect-http-headers-stub.h | 8 +++---- src/detect-http-host.c | 8 +++---- src/detect-http-method.c | 4 ++-- src/detect-http-protocol.c | 8 +++---- src/detect-http-raw-header.c | 8 +++---- src/detect-http-request-line.c | 4 ++-- src/detect-http-response-line.c | 4 ++-- src/detect-http-start.c | 4 ++-- src/detect-http-stat-code.c | 4 ++-- src/detect-http-stat-msg.c | 4 ++-- src/detect-http-ua.c | 4 ++-- src/detect-http-uri.c | 8 +++---- src/detect-http2.c | 14 +++++------ src/detect-ike-chosen-sa.c | 2 +- src/detect-ike-exch-type.c | 4 ++-- src/detect-ike-key-exchange-payload-length.c | 4 ++-- src/detect-ike-key-exchange-payload.c | 8 +++---- src/detect-ike-nonce-payload-length.c | 4 ++-- src/detect-ike-nonce-payload.c | 4 ++-- src/detect-ike-spi.c | 4 ++-- src/detect-ike-vendor.c | 2 +- src/detect-krb5-cname.c | 5 ++-- src/detect-krb5-errcode.c | 4 ++-- src/detect-krb5-msgtype.c | 4 ++-- src/detect-krb5-sname.c | 5 ++-- src/detect-krb5-ticket-encryption.c | 2 +- src/detect-lua.c | 4 ++-- src/detect-modbus.c | 2 +- src/detect-mqtt-connack-sessionpresent.c | 2 +- src/detect-mqtt-connect-clientid.c | 3 +-- src/detect-mqtt-connect-flags.c | 2 +- src/detect-mqtt-connect-password.c | 3 +-- src/detect-mqtt-connect-username.c | 3 +-- src/detect-mqtt-connect-willmessage.c | 3 +-- src/detect-mqtt-connect-willtopic.c | 3 +-- src/detect-mqtt-flags.c | 2 +- src/detect-mqtt-protocol-version.c | 4 ++-- src/detect-mqtt-publish-message.c | 3 +-- src/detect-mqtt-publish-topic.c | 3 +-- src/detect-mqtt-qos.c | 2 +- src/detect-mqtt-reason-code.c | 2 +- src/detect-mqtt-subscribe-topic.c | 3 +-- src/detect-mqtt-type.c | 2 +- src/detect-mqtt-unsubscribe-topic.c | 5 ++-- src/detect-nfs-procedure.c | 2 +- src/detect-nfs-version.c | 2 +- src/detect-parse.c | 4 ++-- src/detect-quic-cyu-hash.c | 2 +- src/detect-quic-cyu-string.c | 2 +- src/detect-quic-sni.c | 2 +- src/detect-quic-ua.c | 2 +- src/detect-quic-version.c | 4 ++-- src/detect-rfb-name.c | 3 +-- src/detect-rfb-secresult.c | 2 +- src/detect-rfb-sectype.c | 2 +- src/detect-sip-method.c | 3 +-- src/detect-sip-protocol.c | 6 ++--- src/detect-sip-request-line.c | 3 +-- src/detect-sip-response-line.c | 3 +-- src/detect-sip-stat-code.c | 3 +-- src/detect-sip-stat-msg.c | 3 +-- src/detect-sip-uri.c | 3 +-- src/detect-smb-ntlmssp.c | 4 ++-- src/detect-smb-share.c | 6 ++--- src/detect-snmp-community.c | 6 ++--- src/detect-snmp-pdu_type.c | 4 ++-- src/detect-snmp-usm.c | 4 ++-- src/detect-snmp-version.c | 4 ++-- src/detect-ssh-hassh-server-string.c | 5 ++-- src/detect-ssh-hassh-server.c | 5 ++-- src/detect-ssh-hassh-string.c | 5 ++-- src/detect-ssh-hassh.c | 2 +- src/detect-ssh-proto.c | 7 +++--- src/detect-ssh-software-version.c | 4 ++-- src/detect-ssh-software.c | 7 +++--- src/detect-ssl-state.c | 4 ++-- src/detect-template-rust-buffer.c | 4 ++-- src/detect-tls-cert-fingerprint.c | 7 +++--- src/detect-tls-cert-issuer.c | 7 +++--- src/detect-tls-cert-serial.c | 7 +++--- src/detect-tls-cert-subject.c | 4 ++-- src/detect-tls-cert-validity.c | 2 +- src/detect-tls-certs.c | 9 ++++--- src/detect-tls-ja3-hash.c | 4 ++-- src/detect-tls-ja3-string.c | 4 ++-- src/detect-tls-ja3s-hash.c | 4 ++-- src/detect-tls-ja3s-string.c | 4 ++-- src/detect-tls-random.c | 12 +++++----- src/detect-tls-sni.c | 2 +- src/detect-tls.c | 4 ++-- 109 files changed, 235 insertions(+), 287 deletions(-) diff --git a/doc/userguide/devguide/extending/app-layer/transactions.rst b/doc/userguide/devguide/extending/app-layer/transactions.rst index 1a7e4ca46443..1105aad97128 100644 --- a/doc/userguide/devguide/extending/app-layer/transactions.rst +++ b/doc/userguide/devguide/extending/app-layer/transactions.rst @@ -68,7 +68,7 @@ Rule Matching Transaction progress is also used for certain keywords to know what is the minimum state before we can expect a match: until that, Suricata won't even try to look for the patterns. -As seen in ``DetectAppLayerMpmRegister`` that has ``int progress`` as parameter, and ``DetectAppLayerInspectEngineRegister2``, which expects ``int tx_min_progress``, for instance. In the code snippet, +As seen in ``DetectAppLayerMpmRegister`` that has ``int progress`` as parameter, and ``DetectAppLayerInspectEngineRegister``, which expects ``int tx_min_progress``, for instance. In the code snippet, ``HTTP2StateDataClient``, ``HTTP2StateDataServer`` and ``0`` are the values passed to the functions - in the last example, for ``FTPDATA``, the existence of a transaction implies that a file is being transferred. Hence the ``0`` value. @@ -88,10 +88,10 @@ the existence of a transaction implies that a file is being transferred. Hence t ALPROTO_HTTP2, HTTP2StateDataServer); . . - DetectAppLayerInspectEngineRegister2("file_data", + DetectAppLayerInspectEngineRegister("file_data", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectFiledata, NULL); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "file_data", ALPROTO_FTPDATA, SIG_FLAG_TOSERVER, 0, DetectEngineInspectFiledata, NULL); . . diff --git a/src/detect-app-layer-event.c b/src/detect-app-layer-event.c index bf306d363d39..aa65e368a77b 100644 --- a/src/detect-app-layer-event.c +++ b/src/detect-app-layer-event.c @@ -78,9 +78,9 @@ void DetectAppLayerEventRegister(void) sigmatch_table[DETECT_AL_APP_LAYER_EVENT].Setup = DetectAppLayerEventSetup; sigmatch_table[DETECT_AL_APP_LAYER_EVENT].Free = DetectAppLayerEventFree; - DetectAppLayerInspectEngineRegister2("app-layer-events", ALPROTO_UNKNOWN, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("app-layer-events", ALPROTO_UNKNOWN, SIG_FLAG_TOSERVER, 0, DetectEngineAptEventInspect, NULL); - DetectAppLayerInspectEngineRegister2("app-layer-events", ALPROTO_UNKNOWN, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("app-layer-events", ALPROTO_UNKNOWN, SIG_FLAG_TOCLIENT, 0, DetectEngineAptEventInspect, NULL); g_applayer_events_list_id = DetectBufferTypeGetByName("app-layer-events"); diff --git a/src/detect-cipservice.c b/src/detect-cipservice.c index 00b9a75ca099..280475df17ac 100644 --- a/src/detect-cipservice.c +++ b/src/detect-cipservice.c @@ -63,9 +63,9 @@ void DetectCipServiceRegister(void) sigmatch_table[DETECT_CIPSERVICE].RegisterTests = DetectCipServiceRegisterTests; #endif - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "cip", ALPROTO_ENIP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectCIP, NULL); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "cip", ALPROTO_ENIP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectCIP, NULL); g_cip_buffer_id = DetectBufferTypeGetByName("cip"); @@ -316,9 +316,9 @@ void DetectEnipCommandRegister(void) sigmatch_table[DETECT_ENIPCOMMAND].RegisterTests = DetectEnipCommandRegisterTests; #endif - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "enip", ALPROTO_ENIP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectENIP, NULL); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "enip", ALPROTO_ENIP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectENIP, NULL); g_enip_buffer_id = DetectBufferTypeGetByName("enip"); diff --git a/src/detect-dce-iface.c b/src/detect-dce-iface.c index 844e7bc1499a..d832f4ca91b3 100644 --- a/src/detect-dce-iface.c +++ b/src/detect-dce-iface.c @@ -80,14 +80,14 @@ void DetectDceIfaceRegister(void) g_dce_generic_list_id = DetectBufferTypeRegister("dce_generic"); - DetectAppLayerInspectEngineRegister2("dce_generic", ALPROTO_DCERPC, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("dce_generic", ALPROTO_DCERPC, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "dce_generic", ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("dce_generic", ALPROTO_DCERPC, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("dce_generic", ALPROTO_DCERPC, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "dce_generic", ALPROTO_SMB, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); } diff --git a/src/detect-dce-stub-data.c b/src/detect-dce-stub-data.c index ec7f0f620f37..5d919e084e64 100644 --- a/src/detect-dce-stub-data.c +++ b/src/detect-dce-stub-data.c @@ -125,29 +125,21 @@ void DetectDceStubDataRegister(void) #endif sigmatch_table[DETECT_DCE_STUB_DATA].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, - DetectEngineInspectBufferGeneric, - GetSMBData); + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, + DetectEngineInspectBufferGeneric, GetSMBData); DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetSMBData, ALPROTO_SMB, 0); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_SMB, SIG_FLAG_TOCLIENT, 0, - DetectEngineInspectBufferGeneric, - GetSMBData); + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SMB, SIG_FLAG_TOCLIENT, 0, + DetectEngineInspectBufferGeneric, GetSMBData); DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetSMBData, ALPROTO_SMB, 0); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_DCERPC, SIG_FLAG_TOSERVER, 0, - DetectEngineInspectBufferGeneric, - GetDCEData); + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_DCERPC, SIG_FLAG_TOSERVER, 0, + DetectEngineInspectBufferGeneric, GetDCEData); DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetDCEData, ALPROTO_DCERPC, 0); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_DCERPC, SIG_FLAG_TOCLIENT, 0, - DetectEngineInspectBufferGeneric, - GetDCEData); + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_DCERPC, SIG_FLAG_TOCLIENT, 0, + DetectEngineInspectBufferGeneric, GetDCEData); DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetDCEData, ALPROTO_DCERPC, 0); diff --git a/src/detect-dhcp-leasetime.c b/src/detect-dhcp-leasetime.c index dfa2c193302f..a238680d7574 100644 --- a/src/detect-dhcp-leasetime.c +++ b/src/detect-dhcp-leasetime.c @@ -120,10 +120,10 @@ void DetectDHCPLeaseTimeRegister(void) sigmatch_table[DETECT_AL_DHCP_LEASETIME].Setup = DetectDHCPLeaseTimeSetup; sigmatch_table[DETECT_AL_DHCP_LEASETIME].Free = DetectDHCPLeaseTimeFree; - DetectAppLayerInspectEngineRegister2("dhcp.leasetime", ALPROTO_DHCP, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("dhcp.leasetime", ALPROTO_DHCP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("dhcp.leasetime", ALPROTO_DHCP, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("dhcp.leasetime", ALPROTO_DHCP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); g_buffer_id = DetectBufferTypeGetByName("dhcp.leasetime"); diff --git a/src/detect-dhcp-rebinding-time.c b/src/detect-dhcp-rebinding-time.c index 3d63427eacb1..f1ff16da739d 100644 --- a/src/detect-dhcp-rebinding-time.c +++ b/src/detect-dhcp-rebinding-time.c @@ -121,10 +121,10 @@ void DetectDHCPRebindingTimeRegister(void) sigmatch_table[DETECT_AL_DHCP_REBINDING_TIME].Setup = DetectDHCPRebindingTimeSetup; sigmatch_table[DETECT_AL_DHCP_REBINDING_TIME].Free = DetectDHCPRebindingTimeFree; - DetectAppLayerInspectEngineRegister2("dhcp.rebinding-time", ALPROTO_DHCP, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("dhcp.rebinding-time", ALPROTO_DHCP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("dhcp.rebinding-time", ALPROTO_DHCP, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("dhcp.rebinding-time", ALPROTO_DHCP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); g_buffer_id = DetectBufferTypeGetByName("dhcp.rebinding-time"); diff --git a/src/detect-dhcp-renewal-time.c b/src/detect-dhcp-renewal-time.c index 9a38555a0d28..766b56815782 100644 --- a/src/detect-dhcp-renewal-time.c +++ b/src/detect-dhcp-renewal-time.c @@ -120,10 +120,10 @@ void DetectDHCPRenewalTimeRegister(void) sigmatch_table[DETECT_AL_DHCP_RENEWAL_TIME].Setup = DetectDHCPRenewalTimeSetup; sigmatch_table[DETECT_AL_DHCP_RENEWAL_TIME].Free = DetectDHCPRenewalTimeFree; - DetectAppLayerInspectEngineRegister2("dhcp.renewal-time", ALPROTO_DHCP, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("dhcp.renewal-time", ALPROTO_DHCP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("dhcp.renewal-time", ALPROTO_DHCP, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("dhcp.renewal-time", ALPROTO_DHCP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); g_buffer_id = DetectBufferTypeGetByName("dhcp.renewal-time"); diff --git a/src/detect-dnp3.c b/src/detect-dnp3.c index 7e7de259f3f4..4e4db82d44a5 100644 --- a/src/detect-dnp3.c +++ b/src/detect-dnp3.c @@ -551,17 +551,13 @@ static void DetectDNP3DataRegister(void) sigmatch_table[DETECT_AL_DNP3DATA].Setup = DetectDNP3DataSetup; sigmatch_table[DETECT_AL_DNP3DATA].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("dnp3_data", - ALPROTO_DNP3, SIG_FLAG_TOSERVER, 0, - DetectEngineInspectBufferGeneric, - GetDNP3Data); + DetectAppLayerInspectEngineRegister("dnp3_data", ALPROTO_DNP3, SIG_FLAG_TOSERVER, 0, + DetectEngineInspectBufferGeneric, GetDNP3Data); DetectAppLayerMpmRegister("dnp3_data", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetDNP3Data, ALPROTO_DNP3, 0); - DetectAppLayerInspectEngineRegister2("dnp3_data", - ALPROTO_DNP3, SIG_FLAG_TOCLIENT, 0, - DetectEngineInspectBufferGeneric, - GetDNP3Data); + DetectAppLayerInspectEngineRegister("dnp3_data", ALPROTO_DNP3, SIG_FLAG_TOCLIENT, 0, + DetectEngineInspectBufferGeneric, GetDNP3Data); DetectAppLayerMpmRegister("dnp3_data", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetDNP3Data, ALPROTO_DNP3, 0); @@ -578,9 +574,9 @@ void DetectDNP3Register(void) DetectDNP3ObjRegister(); /* Register the list of func, ind and obj. */ - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "dnp3", ALPROTO_DNP3, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "dnp3", ALPROTO_DNP3, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); g_dnp3_match_buffer_id = DetectBufferTypeRegister("dnp3"); diff --git a/src/detect-dns-opcode.c b/src/detect-dns-opcode.c index 4c69753a83e0..ab9c21ec3d68 100644 --- a/src/detect-dns-opcode.c +++ b/src/detect-dns-opcode.c @@ -83,10 +83,10 @@ void DetectDnsOpcodeRegister(void) sigmatch_table[DETECT_AL_DNS_OPCODE].AppLayerTxMatch = DetectDnsOpcodeMatch; - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "dns.opcode", ALPROTO_DNS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "dns.opcode", ALPROTO_DNS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); dns_opcode_list_id = DetectBufferTypeGetByName("dns.opcode"); diff --git a/src/detect-dns-query.c b/src/detect-dns-query.c index f5453ef6fc4e..af0bc750ed56 100644 --- a/src/detect-dns-query.c +++ b/src/detect-dns-query.c @@ -214,9 +214,8 @@ void DetectDnsQueryRegister (void) DetectAppLayerMpmRegister( "dns_query", SIG_FLAG_TOSERVER, 2, PrefilterMpmDnsQueryRegister, NULL, ALPROTO_DNS, 1); - DetectAppLayerInspectEngineRegister2("dns_query", - ALPROTO_DNS, SIG_FLAG_TOSERVER, 1, - DetectEngineInspectDnsQuery, NULL); + DetectAppLayerInspectEngineRegister( + "dns_query", ALPROTO_DNS, SIG_FLAG_TOSERVER, 1, DetectEngineInspectDnsQuery, NULL); DetectBufferTypeSetDescriptionByName("dns_query", "dns request query"); @@ -226,9 +225,9 @@ void DetectDnsQueryRegister (void) #ifdef HAVE_LUA /* register these generic engines from here for now */ - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "dns_request", ALPROTO_DNS, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("dns_response", ALPROTO_DNS, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister("dns_response", ALPROTO_DNS, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectGenericList, NULL); DetectBufferTypeSetDescriptionByName("dns_request", diff --git a/src/detect-engine.c b/src/detect-engine.c index d8f9f1880e56..9355315ce500 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -213,10 +213,8 @@ void DetectFrameInspectEngineRegister(const char *name, int dir, /** \brief register inspect engine at start up time * * \note errors are fatal */ -void DetectAppLayerInspectEngineRegister2(const char *name, - AppProto alproto, uint32_t dir, int progress, - InspectEngineFuncPtr2 Callback2, - InspectionBufferGetDataPtr GetData) +void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, + int progress, InspectEngineFuncPtr2 Callback2, InspectionBufferGetDataPtr GetData) { BUG_ON(progress >= 48); diff --git a/src/detect-engine.h b/src/detect-engine.h index a1732b16a993..997d3c061883 100644 --- a/src/detect-engine.h +++ b/src/detect-engine.h @@ -161,10 +161,8 @@ int DetectEngineInspectPktBufferGeneric( * \param progress Minimal progress value for inspect engine to run * \param Callback The engine callback. */ -void DetectAppLayerInspectEngineRegister2(const char *name, - AppProto alproto, uint32_t dir, int progress, - InspectEngineFuncPtr2 Callback2, - InspectionBufferGetDataPtr GetData); +void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, + int progress, InspectEngineFuncPtr2 Callback2, InspectionBufferGetDataPtr GetData); void DetectPktInspectEngineRegister(const char *name, InspectionBufferGetPktDataPtr GetPktData, diff --git a/src/detect-ftpbounce.c b/src/detect-ftpbounce.c index 318f72cf3b58..afac0197b23f 100644 --- a/src/detect-ftpbounce.c +++ b/src/detect-ftpbounce.c @@ -69,7 +69,7 @@ void DetectFtpbounceRegister(void) g_ftp_request_list_id = DetectBufferTypeRegister("ftp_request"); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "ftp_request", ALPROTO_FTP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); } diff --git a/src/detect-ftpdata.c b/src/detect-ftpdata.c index c07847dff3f8..c05bcd7443cc 100644 --- a/src/detect-ftpdata.c +++ b/src/detect-ftpdata.c @@ -73,10 +73,10 @@ void DetectFtpdataRegister(void) { #ifdef UNITTESTS sigmatch_table[DETECT_FTPDATA].RegisterTests = DetectFtpdataRegisterTests; #endif - DetectAppLayerInspectEngineRegister2("ftpdata_command", ALPROTO_FTPDATA, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("ftpdata_command", ALPROTO_FTPDATA, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("ftpdata_command", ALPROTO_FTPDATA, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("ftpdata_command", ALPROTO_FTPDATA, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); g_ftpdata_buffer_id = DetectBufferTypeGetByName("ftpdata_command"); diff --git a/src/detect-http-client-body.c b/src/detect-http-client-body.c index 0976e291a031..266a4697fcab 100644 --- a/src/detect-http-client-body.c +++ b/src/detect-http-client-body.c @@ -103,13 +103,13 @@ void DetectHttpClientBodyRegister(void) sigmatch_table[DETECT_HTTP_REQUEST_BODY].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_HTTP_REQUEST_BODY].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_client_body", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_client_body", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_BODY, DetectEngineInspectBufferHttpBody, NULL); DetectAppLayerMpmRegister("http_client_body", SIG_FLAG_TOSERVER, 2, PrefilterMpmHttpRequestBodyRegister, NULL, ALPROTO_HTTP1, HTP_REQUEST_BODY); - DetectAppLayerInspectEngineRegister2("http_client_body", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_client_body", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectFiledata, NULL); DetectAppLayerMpmRegister("http_client_body", SIG_FLAG_TOSERVER, 2, PrefilterMpmFiledataRegister, NULL, ALPROTO_HTTP2, HTTP2StateDataClient); diff --git a/src/detect-http-cookie.c b/src/detect-http-cookie.c index eb6e8e01eb55..b10b8fa81e4d 100644 --- a/src/detect-http-cookie.c +++ b/src/detect-http-cookie.c @@ -106,9 +106,9 @@ void DetectHttpCookieRegister(void) sigmatch_table[DETECT_HTTP_COOKIE].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_HTTP_COOKIE].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_cookie", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_cookie", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetRequestData); - DetectAppLayerInspectEngineRegister2("http_cookie", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_cookie", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetResponseData); DetectAppLayerMpmRegister("http_cookie", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, @@ -116,9 +116,9 @@ void DetectHttpCookieRegister(void) DetectAppLayerMpmRegister("http_cookie", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetResponseData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); - DetectAppLayerInspectEngineRegister2("http_cookie", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_cookie", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetRequestData2); - DetectAppLayerInspectEngineRegister2("http_cookie", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_cookie", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetResponseData2); DetectAppLayerMpmRegister("http_cookie", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, diff --git a/src/detect-http-header-names.c b/src/detect-http-header-names.c index 8f65726e4eef..66bc73d44c80 100644 --- a/src/detect-http-header-names.c +++ b/src/detect-http-header-names.c @@ -224,9 +224,9 @@ void DetectHttpHeaderNamesRegister(void) DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetBuffer1ForTX, ALPROTO_HTTP1, HTP_RESPONSE_HEADERS); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetBuffer1ForTX); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS, DetectEngineInspectBufferGeneric, GetBuffer1ForTX); /* http2 */ @@ -235,9 +235,9 @@ void DetectHttpHeaderNamesRegister(void) DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetBuffer2ForTX, ALPROTO_HTTP2, HTTP2StateDataServer); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetBuffer2ForTX); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetBuffer2ForTX); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, diff --git a/src/detect-http-header.c b/src/detect-http-header.c index 07684d28b5d3..16ccc56f73e0 100644 --- a/src/detect-http-header.c +++ b/src/detect-http-header.c @@ -434,24 +434,24 @@ void DetectHttpHeaderRegister(void) sigmatch_table[DETECT_HTTP_HEADER].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_HTTP_HEADER].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_header", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_header", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectBufferHttpHeader, NULL); DetectAppLayerMpmRegister("http_header", SIG_FLAG_TOSERVER, 2, PrefilterMpmHttpHeaderRequestRegister, NULL, ALPROTO_HTTP1, 0); /* not used, registered twice: HEADERS/TRAILER */ - DetectAppLayerInspectEngineRegister2("http_header", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_header", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS, DetectEngineInspectBufferHttpHeader, NULL); DetectAppLayerMpmRegister("http_header", SIG_FLAG_TOCLIENT, 2, PrefilterMpmHttpHeaderResponseRegister, NULL, ALPROTO_HTTP1, 0); /* not used, registered twice: HEADERS/TRAILER */ - DetectAppLayerInspectEngineRegister2("http_header", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_header", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetBuffer2ForTX); DetectAppLayerMpmRegister("http_header", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetBuffer2ForTX, ALPROTO_HTTP2, HTTP2StateDataClient); - DetectAppLayerInspectEngineRegister2("http_header", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_header", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetBuffer2ForTX); DetectAppLayerMpmRegister("http_header", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetBuffer2ForTX, ALPROTO_HTTP2, HTTP2StateDataServer); @@ -741,11 +741,11 @@ void DetectHttpRequestHeaderRegister(void) DetectAppLayerMpmRegister("http_request_header", SIG_FLAG_TOSERVER, 2, PrefilterMpmHttp2HeaderRegister, NULL, ALPROTO_HTTP2, HTTP2StateOpen); - DetectAppLayerInspectEngineRegister2("http_request_header", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_request_header", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateOpen, DetectEngineInspectHttp2Header, NULL); DetectAppLayerMpmRegister("http_request_header", SIG_FLAG_TOSERVER, 2, PrefilterMpmHttp1HeaderRegister, NULL, ALPROTO_HTTP1, 0); - DetectAppLayerInspectEngineRegister2("http_request_header", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_request_header", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectHttp1Header, NULL); DetectBufferTypeSetDescriptionByName("http_request_header", "HTTP header name and value"); @@ -776,11 +776,11 @@ void DetectHttpResponseHeaderRegister(void) DetectAppLayerMpmRegister("http_response_header", SIG_FLAG_TOCLIENT, 2, PrefilterMpmHttp2HeaderRegister, NULL, ALPROTO_HTTP2, HTTP2StateOpen); - DetectAppLayerInspectEngineRegister2("http_response_header", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_response_header", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateOpen, DetectEngineInspectHttp2Header, NULL); DetectAppLayerMpmRegister("http_response_header", SIG_FLAG_TOCLIENT, 2, PrefilterMpmHttp1HeaderRegister, NULL, ALPROTO_HTTP1, 0); - DetectAppLayerInspectEngineRegister2("http_response_header", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_response_header", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS, DetectEngineInspectHttp1Header, NULL); DetectBufferTypeSetDescriptionByName("http_response_header", "HTTP header name and value"); diff --git a/src/detect-http-headers-stub.h b/src/detect-http-headers-stub.h index 1f5d166063c2..82d5f543d7a9 100644 --- a/src/detect-http-headers-stub.h +++ b/src/detect-http-headers-stub.h @@ -198,15 +198,15 @@ static void DetectHttpHeadersRegisterStub(void) GetResponseData2, ALPROTO_HTTP2, HTTP2StateDataServer); #endif #ifdef KEYWORD_TOSERVER - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetRequestData); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetRequestData2); #endif #ifdef KEYWORD_TOCLIENT - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS, DetectEngineInspectBufferGeneric, GetResponseData); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetResponseData2); #endif diff --git a/src/detect-http-host.c b/src/detect-http-host.c index df9c594d31c2..fe36a261e6cc 100644 --- a/src/detect-http-host.c +++ b/src/detect-http-host.c @@ -105,13 +105,13 @@ void DetectHttpHHRegister(void) sigmatch_table[DETECT_HTTP_HOST].Setup = DetectHttpHostSetup; sigmatch_table[DETECT_HTTP_HOST].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_host", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_host", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("http_host", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); - DetectAppLayerInspectEngineRegister2("http_host", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_host", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); DetectAppLayerMpmRegister("http_host", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, @@ -140,13 +140,13 @@ void DetectHttpHHRegister(void) sigmatch_table[DETECT_HTTP_HOST_RAW].Setup = DetectHttpHostRawSetupSticky; sigmatch_table[DETECT_HTTP_HOST_RAW].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_raw_host", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_raw_host", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetRawData); DetectAppLayerMpmRegister("http_raw_host", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRawData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); - DetectAppLayerInspectEngineRegister2("http_raw_host", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_raw_host", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetRawData2); DetectAppLayerMpmRegister("http_raw_host", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, diff --git a/src/detect-http-method.c b/src/detect-http-method.c index ab2982238c97..8d08f0369e90 100644 --- a/src/detect-http-method.c +++ b/src/detect-http-method.c @@ -97,13 +97,13 @@ void DetectHttpMethodRegister(void) sigmatch_table[DETECT_HTTP_METHOD].Setup = DetectHttpMethodSetupSticky; sigmatch_table[DETECT_HTTP_METHOD].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_method", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_method", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("http_method", SIG_FLAG_TOSERVER, 4, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_REQUEST_LINE); - DetectAppLayerInspectEngineRegister2("http_method", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_method", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); DetectAppLayerMpmRegister("http_method", SIG_FLAG_TOSERVER, 4, PrefilterGenericMpmRegister, diff --git a/src/detect-http-protocol.c b/src/detect-http-protocol.c index f771735c6e69..ce81c5eb9804 100644 --- a/src/detect-http-protocol.c +++ b/src/detect-http-protocol.c @@ -144,16 +144,16 @@ void DetectHttpProtocolRegister(void) GetData, ALPROTO_HTTP1, HTP_REQUEST_LINE); DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_RESPONSE_LINE); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_LINE, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataClient); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2); DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataServer); diff --git a/src/detect-http-raw-header.c b/src/detect-http-raw-header.c index 05d2167c7bc0..efda9b73f888 100644 --- a/src/detect-http-raw-header.c +++ b/src/detect-http-raw-header.c @@ -95,9 +95,9 @@ void DetectHttpRawHeaderRegister(void) sigmatch_table[DETECT_HTTP_RAW_HEADER].Setup = DetectHttpRawHeaderSetupSticky; sigmatch_table[DETECT_HTTP_RAW_HEADER].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_raw_header", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_raw_header", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS + 1, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerInspectEngineRegister2("http_raw_header", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_raw_header", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS + 1, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("http_raw_header", SIG_FLAG_TOSERVER, 2, @@ -107,9 +107,9 @@ void DetectHttpRawHeaderRegister(void) PrefilterMpmHttpHeaderRawResponseRegister, NULL, ALPROTO_HTTP1, 0); /* progress handled in register */ - DetectAppLayerInspectEngineRegister2("http_raw_header", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_raw_header", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); - DetectAppLayerInspectEngineRegister2("http_raw_header", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_raw_header", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2); DetectAppLayerMpmRegister("http_raw_header", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, diff --git a/src/detect-http-request-line.c b/src/detect-http-request-line.c index 2c56c72003e6..886e643a3eda 100644 --- a/src/detect-http-request-line.c +++ b/src/detect-http-request-line.c @@ -109,13 +109,13 @@ void DetectHttpRequestLineRegister(void) #endif sigmatch_table[DETECT_AL_HTTP_REQUEST_LINE].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_request_line", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_request_line", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("http_request_line", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_REQUEST_LINE); - DetectAppLayerInspectEngineRegister2("http_request_line", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_request_line", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); DetectAppLayerMpmRegister("http_request_line", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataClient); diff --git a/src/detect-http-response-line.c b/src/detect-http-response-line.c index 9b1b9ed23adc..69ee8c2709ab 100644 --- a/src/detect-http-response-line.c +++ b/src/detect-http-response-line.c @@ -108,13 +108,13 @@ void DetectHttpResponseLineRegister(void) #endif sigmatch_table[DETECT_AL_HTTP_RESPONSE_LINE].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_response_line", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_response_line", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_LINE, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("http_response_line", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_RESPONSE_LINE); - DetectAppLayerInspectEngineRegister2("http_response_line", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_response_line", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2); DetectAppLayerMpmRegister("http_response_line", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataServer); diff --git a/src/detect-http-start.c b/src/detect-http-start.c index 7433c6e4cde2..e88ac3cdf68f 100644 --- a/src/detect-http-start.c +++ b/src/detect-http-start.c @@ -193,9 +193,9 @@ void DetectHttpStartRegister(void) DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetBuffer1ForTX, ALPROTO_HTTP1, HTP_RESPONSE_HEADERS); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetBuffer1ForTX); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_HEADERS, DetectEngineInspectBufferGeneric, GetBuffer1ForTX); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, diff --git a/src/detect-http-stat-code.c b/src/detect-http-stat-code.c index 15d8b25af611..37dfb2efbdcc 100644 --- a/src/detect-http-stat-code.c +++ b/src/detect-http-stat-code.c @@ -98,13 +98,13 @@ void DetectHttpStatCodeRegister (void) sigmatch_table[DETECT_HTTP_STAT_CODE].Setup = DetectHttpStatCodeSetupSticky; sigmatch_table[DETECT_HTTP_STAT_CODE].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_stat_code", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_stat_code", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_LINE, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("http_stat_code", SIG_FLAG_TOCLIENT, 4, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_RESPONSE_LINE); - DetectAppLayerInspectEngineRegister2("http_stat_code", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_stat_code", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2); DetectAppLayerMpmRegister("http_stat_code", SIG_FLAG_TOCLIENT, 4, PrefilterGenericMpmRegister, diff --git a/src/detect-http-stat-msg.c b/src/detect-http-stat-msg.c index 403b87a97025..b1a485d7a933 100644 --- a/src/detect-http-stat-msg.c +++ b/src/detect-http-stat-msg.c @@ -108,13 +108,13 @@ void DetectHttpStatMsgRegister (void) sigmatch_table[DETECT_HTTP_STAT_MSG].Setup = DetectHttpStatMsgSetupSticky; sigmatch_table[DETECT_HTTP_STAT_MSG].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_stat_msg", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_stat_msg", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_LINE, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("http_stat_msg", SIG_FLAG_TOCLIENT, 3, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_RESPONSE_LINE); - DetectAppLayerInspectEngineRegister2("http_stat_msg", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("http_stat_msg", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2); DetectAppLayerMpmRegister("http_stat_msg", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData2, ALPROTO_HTTP2, HTTP2StateDataServer); diff --git a/src/detect-http-ua.c b/src/detect-http-ua.c index 7840478d602f..8babd9adcb50 100644 --- a/src/detect-http-ua.c +++ b/src/detect-http-ua.c @@ -98,13 +98,13 @@ void DetectHttpUARegister(void) sigmatch_table[DETECT_HTTP_UA].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_HTTP_UA].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_user_agent", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_user_agent", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_HEADERS, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("http_user_agent", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_REQUEST_HEADERS); - DetectAppLayerInspectEngineRegister2("http_user_agent", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_user_agent", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); DetectAppLayerMpmRegister("http_user_agent", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, diff --git a/src/detect-http-uri.c b/src/detect-http-uri.c index f7aa2a58205a..12c6f8788549 100644 --- a/src/detect-http-uri.c +++ b/src/detect-http-uri.c @@ -107,13 +107,13 @@ void DetectHttpUriRegister (void) sigmatch_table[DETECT_HTTP_URI].Setup = DetectHttpUriSetupSticky; sigmatch_table[DETECT_HTTP_URI].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_uri", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_uri", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("http_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_HTTP1, HTP_REQUEST_LINE); - DetectAppLayerInspectEngineRegister2("http_uri", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_uri", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); DetectAppLayerMpmRegister("http_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, @@ -145,14 +145,14 @@ void DetectHttpUriRegister (void) sigmatch_table[DETECT_HTTP_URI_RAW].Setup = DetectHttpRawUriSetupSticky; sigmatch_table[DETECT_HTTP_URI_RAW].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("http_raw_uri", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_raw_uri", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_LINE, DetectEngineInspectBufferGeneric, GetRawData); DetectAppLayerMpmRegister("http_raw_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRawData, ALPROTO_HTTP1, HTP_REQUEST_LINE); // no difference between raw and decoded uri for HTTP2 - DetectAppLayerInspectEngineRegister2("http_raw_uri", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("http_raw_uri", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateDataClient, DetectEngineInspectBufferGeneric, GetData2); DetectAppLayerMpmRegister("http_raw_uri", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, diff --git a/src/detect-http2.c b/src/detect-http2.c index 58a0c344628d..560cb941cc2c 100644 --- a/src/detect-http2.c +++ b/src/detect-http2.c @@ -179,22 +179,20 @@ void DetectHttp2Register(void) DetectAppLayerMpmRegister("http2_header_name", SIG_FLAG_TOCLIENT, 2, PrefilterMpmHttp2HeaderNameRegister, NULL, ALPROTO_HTTP2, HTTP2StateOpen); - DetectAppLayerInspectEngineRegister2("http2_header_name", - ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, HTTP2StateOpen, - DetectEngineInspectHttp2HeaderName, NULL); + DetectAppLayerInspectEngineRegister("http2_header_name", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, + HTTP2StateOpen, DetectEngineInspectHttp2HeaderName, NULL); DetectAppLayerMpmRegister("http2_header_name", SIG_FLAG_TOSERVER, 2, PrefilterMpmHttp2HeaderNameRegister, NULL, ALPROTO_HTTP2, HTTP2StateOpen); - DetectAppLayerInspectEngineRegister2("http2_header_name", - ALPROTO_HTTP2, SIG_FLAG_TOSERVER, HTTP2StateOpen, - DetectEngineInspectHttp2HeaderName, NULL); + DetectAppLayerInspectEngineRegister("http2_header_name", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, + HTTP2StateOpen, DetectEngineInspectHttp2HeaderName, NULL); DetectBufferTypeSupportsMultiInstance("http2_header_name"); DetectBufferTypeSetDescriptionByName("http2_header_name", "HTTP2 header name"); g_http2_header_name_buffer_id = DetectBufferTypeGetByName("http2_header_name"); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "http2", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "http2", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); g_http2_match_buffer_id = DetectBufferTypeRegister("http2"); diff --git a/src/detect-ike-chosen-sa.c b/src/detect-ike-chosen-sa.c index 59d245de7611..083a9a6ad5b1 100644 --- a/src/detect-ike-chosen-sa.c +++ b/src/detect-ike-chosen-sa.c @@ -77,7 +77,7 @@ void DetectIkeChosenSaRegister(void) #endif DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); - DetectAppLayerInspectEngineRegister2("ike.chosen_sa_attribute", ALPROTO_IKE, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("ike.chosen_sa_attribute", ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectGenericList, NULL); g_ike_chosen_sa_buffer_id = DetectBufferTypeGetByName("ike.chosen_sa_attribute"); diff --git a/src/detect-ike-exch-type.c b/src/detect-ike-exch-type.c index 3beb2c3a2519..12751d2a4fbb 100644 --- a/src/detect-ike-exch-type.c +++ b/src/detect-ike-exch-type.c @@ -57,10 +57,10 @@ void DetectIkeExchTypeRegister(void) sigmatch_table[DETECT_AL_IKE_EXCH_TYPE].Setup = DetectIkeExchTypeSetup; sigmatch_table[DETECT_AL_IKE_EXCH_TYPE].Free = DetectIkeExchTypeFree; - DetectAppLayerInspectEngineRegister2("ike.exchtype", ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister("ike.exchtype", ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("ike.exchtype", ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister("ike.exchtype", ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectGenericList, NULL); g_ike_exch_type_buffer_id = DetectBufferTypeGetByName("ike.exchtype"); diff --git a/src/detect-ike-key-exchange-payload-length.c b/src/detect-ike-key-exchange-payload-length.c index 998948f4827c..2691c4ce89e0 100644 --- a/src/detect-ike-key-exchange-payload-length.c +++ b/src/detect-ike-key-exchange-payload-length.c @@ -61,10 +61,10 @@ void DetectIkeKeyExchangePayloadLengthRegister(void) sigmatch_table[DETECT_AL_IKE_KEY_EXCHANGE_PAYLOAD_LENGTH].Free = DetectIkeKeyExchangePayloadLengthFree; - DetectAppLayerInspectEngineRegister2("ike.key_exchange_payload_length", ALPROTO_IKE, + DetectAppLayerInspectEngineRegister("ike.key_exchange_payload_length", ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("ike.key_exchange_payload_length", ALPROTO_IKE, + DetectAppLayerInspectEngineRegister("ike.key_exchange_payload_length", ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectGenericList, NULL); g_ike_key_exch_payload_length_buffer_id = diff --git a/src/detect-ike-key-exchange-payload.c b/src/detect-ike-key-exchange-payload.c index 03121e8d1a47..9d83fba33dec 100644 --- a/src/detect-ike-key-exchange-payload.c +++ b/src/detect-ike-key-exchange-payload.c @@ -100,14 +100,14 @@ void DetectIkeKeyExchangeRegister(void) sigmatch_table[DETECT_AL_IKE_KEY_EXCHANGE].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME_KEY_EXCHANGE, ALPROTO_IKE, SIG_FLAG_TOSERVER, - 1, DetectEngineInspectBufferGeneric, GetKeyExchangeData); + DetectAppLayerInspectEngineRegister(BUFFER_NAME_KEY_EXCHANGE, ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, + DetectEngineInspectBufferGeneric, GetKeyExchangeData); DetectAppLayerMpmRegister(BUFFER_NAME_KEY_EXCHANGE, SIG_FLAG_TOSERVER, 1, PrefilterGenericMpmRegister, GetKeyExchangeData, ALPROTO_IKE, 1); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME_KEY_EXCHANGE, ALPROTO_IKE, SIG_FLAG_TOCLIENT, - 1, DetectEngineInspectBufferGeneric, GetKeyExchangeData); + DetectAppLayerInspectEngineRegister(BUFFER_NAME_KEY_EXCHANGE, ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, + DetectEngineInspectBufferGeneric, GetKeyExchangeData); DetectAppLayerMpmRegister(BUFFER_NAME_KEY_EXCHANGE, SIG_FLAG_TOCLIENT, 1, PrefilterGenericMpmRegister, GetKeyExchangeData, ALPROTO_IKE, 1); diff --git a/src/detect-ike-nonce-payload-length.c b/src/detect-ike-nonce-payload-length.c index 91bc6c200cac..033f8aa6e865 100644 --- a/src/detect-ike-nonce-payload-length.c +++ b/src/detect-ike-nonce-payload-length.c @@ -57,10 +57,10 @@ void DetectIkeNoncePayloadLengthRegister(void) sigmatch_table[DETECT_AL_IKE_NONCE_PAYLOAD_LENGTH].Setup = DetectIkeNoncePayloadLengthSetup; sigmatch_table[DETECT_AL_IKE_NONCE_PAYLOAD_LENGTH].Free = DetectIkeNoncePayloadLengthFree; - DetectAppLayerInspectEngineRegister2("ike.nonce_payload_length", ALPROTO_IKE, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("ike.nonce_payload_length", ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("ike.nonce_payload_length", ALPROTO_IKE, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("ike.nonce_payload_length", ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectGenericList, NULL); g_ike_nonce_payload_length_buffer_id = DetectBufferTypeGetByName("ike.nonce_payload_length"); diff --git a/src/detect-ike-nonce-payload.c b/src/detect-ike-nonce-payload.c index 6ee5ab7e72b9..a2c4ac6f9a2a 100644 --- a/src/detect-ike-nonce-payload.c +++ b/src/detect-ike-nonce-payload.c @@ -99,13 +99,13 @@ void DetectIkeNonceRegister(void) sigmatch_table[DETECT_AL_IKE_NONCE].Setup = DetectNonceSetup; sigmatch_table[DETECT_AL_IKE_NONCE].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME_NONCE, ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME_NONCE, ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, DetectEngineInspectBufferGeneric, GetNonceData); DetectAppLayerMpmRegister(BUFFER_NAME_NONCE, SIG_FLAG_TOSERVER, 1, PrefilterGenericMpmRegister, GetNonceData, ALPROTO_IKE, 1); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME_NONCE, ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME_NONCE, ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, GetNonceData); DetectAppLayerMpmRegister(BUFFER_NAME_NONCE, SIG_FLAG_TOCLIENT, 1, PrefilterGenericMpmRegister, diff --git a/src/detect-ike-spi.c b/src/detect-ike-spi.c index 94009a4e72d6..9f310b8f580a 100644 --- a/src/detect-ike-spi.c +++ b/src/detect-ike-spi.c @@ -138,7 +138,7 @@ void DetectIkeSpiRegister(void) sigmatch_table[DETECT_AL_IKE_SPI_INITIATOR].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME_INITIATOR, ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME_INITIATOR, ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, DetectEngineInspectBufferGeneric, GetInitiatorData); DetectAppLayerMpmRegister(BUFFER_NAME_INITIATOR, SIG_FLAG_TOSERVER, 1, @@ -158,7 +158,7 @@ void DetectIkeSpiRegister(void) sigmatch_table[DETECT_AL_IKE_SPI_RESPONDER].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME_RESPONDER, ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME_RESPONDER, ALPROTO_IKE, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, GetResponderData); DetectAppLayerMpmRegister(BUFFER_NAME_RESPONDER, SIG_FLAG_TOCLIENT, 1, diff --git a/src/detect-ike-vendor.c b/src/detect-ike-vendor.c index c3ef33e6f00d..004da45eaafe 100644 --- a/src/detect-ike-vendor.c +++ b/src/detect-ike-vendor.c @@ -185,7 +185,7 @@ void DetectIkeVendorRegister(void) DetectAppLayerMpmRegister("ike.vendor", SIG_FLAG_TOSERVER, 1, PrefilterMpmIkeVendorRegister, NULL, ALPROTO_IKE, 1); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "ike.vendor", ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, DetectEngineInspectIkeVendor, NULL); g_ike_vendor_buffer_id = DetectBufferTypeGetByName("ike.vendor"); diff --git a/src/detect-krb5-cname.c b/src/detect-krb5-cname.c index e56fd9828a72..f677b868d61f 100644 --- a/src/detect-krb5-cname.c +++ b/src/detect-krb5-cname.c @@ -199,9 +199,8 @@ void DetectKrb5CNameRegister(void) DetectAppLayerMpmRegister("krb5_cname", SIG_FLAG_TOCLIENT, 2, PrefilterMpmKrb5CNameRegister, NULL, ALPROTO_KRB5, 1); - DetectAppLayerInspectEngineRegister2("krb5_cname", - ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, - DetectEngineInspectKrb5CName, NULL); + DetectAppLayerInspectEngineRegister( + "krb5_cname", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectKrb5CName, NULL); DetectBufferTypeSetDescriptionByName("krb5_cname", "Kerberos 5 ticket client name"); diff --git a/src/detect-krb5-errcode.c b/src/detect-krb5-errcode.c index 30c516f8d273..6fd4a0232ca7 100644 --- a/src/detect-krb5-errcode.c +++ b/src/detect-krb5-errcode.c @@ -69,10 +69,10 @@ void DetectKrb5ErrCodeRegister(void) sigmatch_table[DETECT_AL_KRB5_ERRCODE].RegisterTests = DetectKrb5ErrCodeRegisterTests; #endif - DetectAppLayerInspectEngineRegister2("krb5_err_code", ALPROTO_KRB5, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("krb5_err_code", ALPROTO_KRB5, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("krb5_err_code", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("krb5_err_code", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); /* set up the PCRE for keyword parsing */ diff --git a/src/detect-krb5-msgtype.c b/src/detect-krb5-msgtype.c index 0dd800d6be58..2afd48bcd43c 100644 --- a/src/detect-krb5-msgtype.c +++ b/src/detect-krb5-msgtype.c @@ -69,10 +69,10 @@ void DetectKrb5MsgTypeRegister(void) sigmatch_table[DETECT_AL_KRB5_MSGTYPE].RegisterTests = DetectKrb5MsgTypeRegisterTests; #endif - DetectAppLayerInspectEngineRegister2("krb5_msg_type", ALPROTO_KRB5, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("krb5_msg_type", ALPROTO_KRB5, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("krb5_msg_type", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("krb5_msg_type", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); /* set up the PCRE for keyword parsing */ diff --git a/src/detect-krb5-sname.c b/src/detect-krb5-sname.c index 84d51fd61cc1..1848ff35e117 100644 --- a/src/detect-krb5-sname.c +++ b/src/detect-krb5-sname.c @@ -199,9 +199,8 @@ void DetectKrb5SNameRegister(void) DetectAppLayerMpmRegister("krb5_sname", SIG_FLAG_TOCLIENT, 2, PrefilterMpmKrb5SNameRegister, NULL, ALPROTO_KRB5, 1); - DetectAppLayerInspectEngineRegister2("krb5_sname", - ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, - DetectEngineInspectKrb5SName, NULL); + DetectAppLayerInspectEngineRegister( + "krb5_sname", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectKrb5SName, NULL); DetectBufferTypeSetDescriptionByName("krb5_sname", "Kerberos 5 ticket server name"); diff --git a/src/detect-krb5-ticket-encryption.c b/src/detect-krb5-ticket-encryption.c index ea1444e30d36..4c4582f1b4b6 100644 --- a/src/detect-krb5-ticket-encryption.c +++ b/src/detect-krb5-ticket-encryption.c @@ -85,7 +85,7 @@ void DetectKrb5TicketEncryptionRegister(void) sigmatch_table[DETECT_AL_KRB5_TICKET_ENCRYPTION].Free = DetectKrb5TicketEncryptionFree; // Tickets are only from server to client - DetectAppLayerInspectEngineRegister2("krb5_ticket_encryption", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("krb5_ticket_encryption", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); g_krb5_ticket_encryption_list_id = DetectBufferTypeRegister("krb5_ticket_encryption"); diff --git a/src/detect-lua.c b/src/detect-lua.c index dfb26dcbe698..203faf388496 100644 --- a/src/detect-lua.c +++ b/src/detect-lua.c @@ -123,9 +123,9 @@ void DetectLuaRegister(void) #endif g_smtp_generic_list_id = DetectBufferTypeRegister("smtp_generic"); - DetectAppLayerInspectEngineRegister2("smtp_generic", ALPROTO_SMTP, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("smtp_generic", ALPROTO_SMTP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("smtp_generic", ALPROTO_SMTP, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("smtp_generic", ALPROTO_SMTP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); SCLogDebug("registering lua rule option"); diff --git a/src/detect-modbus.c b/src/detect-modbus.c index b010500a143c..b41dc8e6afd3 100644 --- a/src/detect-modbus.c +++ b/src/detect-modbus.c @@ -134,7 +134,7 @@ void DetectModbusRegister(void) sigmatch_table[DETECT_AL_MODBUS].Free = DetectModbusFree; sigmatch_table[DETECT_AL_MODBUS].AppLayerTxMatch = DetectModbusMatch; - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "modbus", ALPROTO_MODBUS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); g_modbus_buffer_id = DetectBufferTypeGetByName("modbus"); diff --git a/src/detect-mqtt-connack-sessionpresent.c b/src/detect-mqtt-connack-sessionpresent.c index 7ec902f1172c..cb0ebaecfd01 100644 --- a/src/detect-mqtt-connack-sessionpresent.c +++ b/src/detect-mqtt-connack-sessionpresent.c @@ -62,7 +62,7 @@ void DetectMQTTConnackSessionPresentRegister (void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); - DetectAppLayerInspectEngineRegister2("mqtt.connack.session_present", ALPROTO_MQTT, + DetectAppLayerInspectEngineRegister("mqtt.connack.session_present", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); mqtt_connack_session_present_id = DetectBufferTypeGetByName("mqtt.connack.session_present"); diff --git a/src/detect-mqtt-connect-clientid.c b/src/detect-mqtt-connect-clientid.c index 10788441bff5..c3bc31474342 100644 --- a/src/detect-mqtt-connect-clientid.c +++ b/src/detect-mqtt-connect-clientid.c @@ -78,8 +78,7 @@ void DetectMQTTConnectClientIDRegister(void) sigmatch_table[DETECT_AL_MQTT_CONNECT_CLIENTID].Setup = DetectMQTTConnectClientIDSetup; sigmatch_table[DETECT_AL_MQTT_CONNECT_CLIENTID].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_MQTT, - SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_MQTT, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, diff --git a/src/detect-mqtt-connect-flags.c b/src/detect-mqtt-connect-flags.c index 49bfae6f4b52..30fece2780f9 100644 --- a/src/detect-mqtt-connect-flags.c +++ b/src/detect-mqtt-connect-flags.c @@ -70,7 +70,7 @@ void DetectMQTTConnectFlagsRegister (void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); - DetectAppLayerInspectEngineRegister2("mqtt.connect.flags", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister("mqtt.connect.flags", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); mqtt_connect_flags_id = DetectBufferTypeGetByName("mqtt.connect.flags"); diff --git a/src/detect-mqtt-connect-password.c b/src/detect-mqtt-connect-password.c index e337e449007f..57ec1ba24ff9 100644 --- a/src/detect-mqtt-connect-password.c +++ b/src/detect-mqtt-connect-password.c @@ -78,8 +78,7 @@ void DetectMQTTConnectPasswordRegister(void) sigmatch_table[DETECT_AL_MQTT_CONNECT_PASSWORD].Setup = DetectMQTTConnectPasswordSetup; sigmatch_table[DETECT_AL_MQTT_CONNECT_PASSWORD].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_MQTT, - SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_MQTT, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, diff --git a/src/detect-mqtt-connect-username.c b/src/detect-mqtt-connect-username.c index c3b2093da45e..607a35685493 100644 --- a/src/detect-mqtt-connect-username.c +++ b/src/detect-mqtt-connect-username.c @@ -78,8 +78,7 @@ void DetectMQTTConnectUsernameRegister(void) sigmatch_table[DETECT_AL_MQTT_CONNECT_USERNAME].Setup = DetectMQTTConnectUsernameSetup; sigmatch_table[DETECT_AL_MQTT_CONNECT_USERNAME].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_MQTT, - SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_MQTT, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, diff --git a/src/detect-mqtt-connect-willmessage.c b/src/detect-mqtt-connect-willmessage.c index 2ee26c1feffd..8ff68a6594e3 100644 --- a/src/detect-mqtt-connect-willmessage.c +++ b/src/detect-mqtt-connect-willmessage.c @@ -78,8 +78,7 @@ void DetectMQTTConnectWillMessageRegister(void) sigmatch_table[DETECT_AL_MQTT_CONNECT_WILLMESSAGE].Setup = DetectMQTTConnectWillMessageSetup; sigmatch_table[DETECT_AL_MQTT_CONNECT_WILLMESSAGE].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_MQTT, - SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_MQTT, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, diff --git a/src/detect-mqtt-connect-willtopic.c b/src/detect-mqtt-connect-willtopic.c index 0dee68a9a686..55efe93122eb 100644 --- a/src/detect-mqtt-connect-willtopic.c +++ b/src/detect-mqtt-connect-willtopic.c @@ -78,8 +78,7 @@ void DetectMQTTConnectWillTopicRegister(void) sigmatch_table[DETECT_AL_MQTT_CONNECT_WILLTOPIC].Setup = DetectMQTTConnectWillTopicSetup; sigmatch_table[DETECT_AL_MQTT_CONNECT_WILLTOPIC].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_MQTT, - SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_MQTT, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, diff --git a/src/detect-mqtt-flags.c b/src/detect-mqtt-flags.c index 799e1668e404..4774818066f9 100644 --- a/src/detect-mqtt-flags.c +++ b/src/detect-mqtt-flags.c @@ -66,7 +66,7 @@ void DetectMQTTFlagsRegister (void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "mqtt.flags", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); mqtt_flags_id = DetectBufferTypeGetByName("mqtt.flags"); diff --git a/src/detect-mqtt-protocol-version.c b/src/detect-mqtt-protocol-version.c index 39a9ce67d6f9..f696b1e27fb6 100644 --- a/src/detect-mqtt-protocol-version.c +++ b/src/detect-mqtt-protocol-version.c @@ -59,8 +59,8 @@ void DetectMQTTProtocolVersionRegister (void) sigmatch_table[DETECT_AL_MQTT_PROTOCOL_VERSION].RegisterTests = MQTTProtocolVersionRegisterTests; #endif - DetectAppLayerInspectEngineRegister2("mqtt.protocol_version", ALPROTO_MQTT, SIG_FLAG_TOSERVER, - 1, DetectEngineInspectGenericList, NULL); + DetectAppLayerInspectEngineRegister("mqtt.protocol_version", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, + DetectEngineInspectGenericList, NULL); mqtt_protocol_version_id = DetectBufferTypeGetByName("mqtt.protocol_version"); } diff --git a/src/detect-mqtt-publish-message.c b/src/detect-mqtt-publish-message.c index 6ab85667c3b4..02595737271c 100644 --- a/src/detect-mqtt-publish-message.c +++ b/src/detect-mqtt-publish-message.c @@ -78,8 +78,7 @@ void DetectMQTTPublishMessageRegister(void) sigmatch_table[DETECT_AL_MQTT_PUBLISH_MESSAGE].Setup = DetectMQTTPublishMessageSetup; sigmatch_table[DETECT_AL_MQTT_PUBLISH_MESSAGE].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_MQTT, - SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_MQTT, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, diff --git a/src/detect-mqtt-publish-topic.c b/src/detect-mqtt-publish-topic.c index c25d277e3c29..6538857e8c2b 100644 --- a/src/detect-mqtt-publish-topic.c +++ b/src/detect-mqtt-publish-topic.c @@ -78,8 +78,7 @@ void DetectMQTTPublishTopicRegister(void) sigmatch_table[DETECT_AL_MQTT_PUBLISH_TOPIC].Setup = DetectMQTTPublishTopicSetup; sigmatch_table[DETECT_AL_MQTT_PUBLISH_TOPIC].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_MQTT, - SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_MQTT, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, diff --git a/src/detect-mqtt-qos.c b/src/detect-mqtt-qos.c index 07aa834dc20d..6349150ade5d 100644 --- a/src/detect-mqtt-qos.c +++ b/src/detect-mqtt-qos.c @@ -58,7 +58,7 @@ void DetectMQTTQosRegister (void) sigmatch_table[DETECT_AL_MQTT_QOS].RegisterTests = MQTTQosRegisterTests; #endif - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "mqtt.qos", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); mqtt_qos_id = DetectBufferTypeGetByName("mqtt.qos"); diff --git a/src/detect-mqtt-reason-code.c b/src/detect-mqtt-reason-code.c index 085c9c047c9f..56f85f64f667 100644 --- a/src/detect-mqtt-reason-code.c +++ b/src/detect-mqtt-reason-code.c @@ -64,7 +64,7 @@ void DetectMQTTReasonCodeRegister (void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); - DetectAppLayerInspectEngineRegister2("mqtt.reason_code", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister("mqtt.reason_code", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); mqtt_reason_code_id = DetectBufferTypeGetByName("mqtt.reason_code"); diff --git a/src/detect-mqtt-subscribe-topic.c b/src/detect-mqtt-subscribe-topic.c index 489108b57114..18ebc04a6236 100644 --- a/src/detect-mqtt-subscribe-topic.c +++ b/src/detect-mqtt-subscribe-topic.c @@ -214,8 +214,7 @@ void DetectMQTTSubscribeTopicRegister (void) DetectAppLayerMpmRegister("mqtt.subscribe.topic", SIG_FLAG_TOSERVER, 1, PrefilterMpmMQTTSubscribeTopicRegister, NULL, ALPROTO_MQTT, 1); - DetectAppLayerInspectEngineRegister2("mqtt.subscribe.topic", - ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister("mqtt.subscribe.topic", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectMQTTSubscribeTopic, NULL); DetectBufferTypeSetDescriptionByName("mqtt.subscribe.topic", diff --git a/src/detect-mqtt-type.c b/src/detect-mqtt-type.c index 3bc7f1e4f593..8a228f1b9835 100644 --- a/src/detect-mqtt-type.c +++ b/src/detect-mqtt-type.c @@ -57,7 +57,7 @@ void DetectMQTTTypeRegister (void) sigmatch_table[DETECT_AL_MQTT_TYPE].RegisterTests = MQTTTypeRegisterTests; #endif - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "mqtt.type", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); mqtt_type_id = DetectBufferTypeGetByName("mqtt.type"); diff --git a/src/detect-mqtt-unsubscribe-topic.c b/src/detect-mqtt-unsubscribe-topic.c index 340371f9264f..3feae907f17c 100644 --- a/src/detect-mqtt-unsubscribe-topic.c +++ b/src/detect-mqtt-unsubscribe-topic.c @@ -214,9 +214,8 @@ void DetectMQTTUnsubscribeTopicRegister (void) DetectAppLayerMpmRegister("mqtt.unsubscribe.topic", SIG_FLAG_TOSERVER, 1, PrefilterMpmMQTTUnsubscribeTopicRegister, NULL, ALPROTO_MQTT, 1); - DetectAppLayerInspectEngineRegister2("mqtt.unsubscribe.topic", - ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, - DetectEngineInspectMQTTUnsubscribeTopic, NULL); + DetectAppLayerInspectEngineRegister("mqtt.unsubscribe.topic", ALPROTO_MQTT, SIG_FLAG_TOSERVER, + 1, DetectEngineInspectMQTTUnsubscribeTopic, NULL); DetectBufferTypeSetDescriptionByName("mqtt.unsubscribe.topic", "unsubscribe topic query"); diff --git a/src/detect-nfs-procedure.c b/src/detect-nfs-procedure.c index 08d69f7d6371..74ea8e917de2 100644 --- a/src/detect-nfs-procedure.c +++ b/src/detect-nfs-procedure.c @@ -74,7 +74,7 @@ void DetectNfsProcedureRegister (void) sigmatch_table[DETECT_AL_NFS_PROCEDURE].RegisterTests = DetectNfsProcedureRegisterTests; #endif - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "nfs_request", ALPROTO_NFS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); g_nfs_request_buffer_id = DetectBufferTypeGetByName("nfs_request"); diff --git a/src/detect-nfs-version.c b/src/detect-nfs-version.c index 5b4f3b82def8..a8c6ef8914d4 100644 --- a/src/detect-nfs-version.c +++ b/src/detect-nfs-version.c @@ -69,7 +69,7 @@ void DetectNfsVersionRegister (void) sigmatch_table[DETECT_AL_NFS_VERSION].Setup = DetectNfsVersionSetup; sigmatch_table[DETECT_AL_NFS_VERSION].Free = DetectNfsVersionFree; // unit tests were the same as DetectNfsProcedureRegisterTests - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "nfs_request", ALPROTO_NFS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); g_nfs_request_buffer_id = DetectBufferTypeGetByName("nfs_request"); diff --git a/src/detect-parse.c b/src/detect-parse.c index 2b749797102e..802ba2b05123 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -109,14 +109,14 @@ void DetectFileRegisterFileProtocols(DetectFileHandlerTableElmt *reg) if (direction & SIG_FLAG_TOCLIENT) { DetectAppLayerMpmRegister(reg->name, SIG_FLAG_TOCLIENT, reg->priority, reg->PrefilterFn, reg->GetData, al_protocols[i].al_proto, al_protocols[i].to_client_progress); - DetectAppLayerInspectEngineRegister2(reg->name, al_protocols[i].al_proto, + DetectAppLayerInspectEngineRegister(reg->name, al_protocols[i].al_proto, SIG_FLAG_TOCLIENT, al_protocols[i].to_client_progress, reg->Callback, reg->GetData); } if (direction & SIG_FLAG_TOSERVER) { DetectAppLayerMpmRegister(reg->name, SIG_FLAG_TOSERVER, reg->priority, reg->PrefilterFn, reg->GetData, al_protocols[i].al_proto, al_protocols[i].to_server_progress); - DetectAppLayerInspectEngineRegister2(reg->name, al_protocols[i].al_proto, + DetectAppLayerInspectEngineRegister(reg->name, al_protocols[i].al_proto, SIG_FLAG_TOSERVER, al_protocols[i].to_server_progress, reg->Callback, reg->GetData); } diff --git a/src/detect-quic-cyu-hash.c b/src/detect-quic-cyu-hash.c index dbed3cb37ae4..421d9dc30791 100644 --- a/src/detect-quic-cyu-hash.c +++ b/src/detect-quic-cyu-hash.c @@ -237,7 +237,7 @@ void DetectQuicCyuHashRegister(void) DetectAppLayerMpmRegister( BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterMpmQuicHashRegister, NULL, ALPROTO_QUIC, 1); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 0, DetectEngineInspectQuicHash, NULL); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-quic-cyu-string.c b/src/detect-quic-cyu-string.c index da807991fc27..55863ca7bfe5 100644 --- a/src/detect-quic-cyu-string.c +++ b/src/detect-quic-cyu-string.c @@ -190,7 +190,7 @@ void DetectQuicCyuStringRegister(void) DetectAppLayerMpmRegister( BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterMpmListIdRegister, NULL, ALPROTO_QUIC, 1); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 0, DetectEngineInspectQuicString, NULL); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-quic-sni.c b/src/detect-quic-sni.c index 647308084087..4515baa6a7ec 100644 --- a/src/detect-quic-sni.c +++ b/src/detect-quic-sni.c @@ -83,7 +83,7 @@ void DetectQuicSniRegister(void) DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetSniData, ALPROTO_QUIC, 1); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, DetectEngineInspectBufferGeneric, GetSniData); quic_sni_id = DetectBufferTypeGetByName(BUFFER_NAME); diff --git a/src/detect-quic-ua.c b/src/detect-quic-ua.c index f101ec9577a6..4f4e9fd7d2e7 100644 --- a/src/detect-quic-ua.c +++ b/src/detect-quic-ua.c @@ -83,7 +83,7 @@ void DetectQuicUaRegister(void) DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetUaData, ALPROTO_QUIC, 1); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, DetectEngineInspectBufferGeneric, GetUaData); quic_ua_id = DetectBufferTypeGetByName(BUFFER_NAME); diff --git a/src/detect-quic-version.c b/src/detect-quic-version.c index ef4d3a602711..58257d143ba4 100644 --- a/src/detect-quic-version.c +++ b/src/detect-quic-version.c @@ -85,9 +85,9 @@ void DetectQuicVersionRegister(void) DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetVersionData, ALPROTO_QUIC, 1); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, DetectEngineInspectBufferGeneric, GetVersionData); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, GetVersionData); quic_version_id = DetectBufferTypeGetByName(BUFFER_NAME); diff --git a/src/detect-rfb-name.c b/src/detect-rfb-name.c index 965532952bfb..222223a44999 100644 --- a/src/detect-rfb-name.c +++ b/src/detect-rfb-name.c @@ -96,8 +96,7 @@ void DetectRfbNameRegister(void) sigmatch_table[DETECT_AL_RFB_NAME].Setup = DetectRfbNameSetup; sigmatch_table[DETECT_AL_RFB_NAME].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_RFB, - SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_RFB, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 1, PrefilterGenericMpmRegister, diff --git a/src/detect-rfb-secresult.c b/src/detect-rfb-secresult.c index ff82d98fa690..a5cc353b4b1c 100644 --- a/src/detect-rfb-secresult.c +++ b/src/detect-rfb-secresult.c @@ -67,7 +67,7 @@ void DetectRfbSecresultRegister (void) #endif DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); - DetectAppLayerInspectEngineRegister2("rfb.secresult", ALPROTO_RFB, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister("rfb.secresult", ALPROTO_RFB, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectGenericList, NULL); rfb_secresult_id = DetectBufferTypeGetByName("rfb.secresult"); diff --git a/src/detect-rfb-sectype.c b/src/detect-rfb-sectype.c index 400ee5cb087c..0cfd59d56d71 100644 --- a/src/detect-rfb-sectype.c +++ b/src/detect-rfb-sectype.c @@ -54,7 +54,7 @@ void DetectRfbSectypeRegister (void) sigmatch_table[DETECT_AL_RFB_SECTYPE].Setup = DetectRfbSectypeSetup; sigmatch_table[DETECT_AL_RFB_SECTYPE].Free = DetectRfbSectypeFree; - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "rfb.sectype", ALPROTO_RFB, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); g_rfb_sectype_buffer_id = DetectBufferTypeGetByName("rfb.sectype"); diff --git a/src/detect-sip-method.c b/src/detect-sip-method.c index 60160616f0da..d4ee89ad193b 100644 --- a/src/detect-sip-method.c +++ b/src/detect-sip-method.c @@ -134,8 +134,7 @@ void DetectSipMethodRegister(void) sigmatch_table[DETECT_AL_SIP_METHOD].Setup = DetectSipMethodSetup; sigmatch_table[DETECT_AL_SIP_METHOD].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SIP, - SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SIP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, diff --git a/src/detect-sip-protocol.c b/src/detect-sip-protocol.c index 3feb6f6e24ad..6adf74452988 100644 --- a/src/detect-sip-protocol.c +++ b/src/detect-sip-protocol.c @@ -104,11 +104,9 @@ void DetectSipProtocolRegister(void) GetData, ALPROTO_SIP, 1); DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_SIP, 1); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_SIP, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SIP, SIG_FLAG_TOSERVER, 1, DetectEngineInspectBufferGeneric, GetData); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_SIP, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SIP, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, GetData); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-sip-request-line.c b/src/detect-sip-request-line.c index ac5e9276ef6d..5852f7fbe843 100644 --- a/src/detect-sip-request-line.c +++ b/src/detect-sip-request-line.c @@ -100,8 +100,7 @@ void DetectSipRequestLineRegister(void) sigmatch_table[DETECT_AL_SIP_REQUEST_LINE].Setup = DetectSipRequestLineSetup; sigmatch_table[DETECT_AL_SIP_REQUEST_LINE].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SIP, - SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SIP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, diff --git a/src/detect-sip-response-line.c b/src/detect-sip-response-line.c index 9929eb3644ac..12be766dfeb3 100644 --- a/src/detect-sip-response-line.c +++ b/src/detect-sip-response-line.c @@ -100,8 +100,7 @@ void DetectSipResponseLineRegister(void) sigmatch_table[DETECT_AL_SIP_RESPONSE_LINE].Setup = DetectSipResponseLineSetup; sigmatch_table[DETECT_AL_SIP_RESPONSE_LINE].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SIP, - SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SIP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, diff --git a/src/detect-sip-stat-code.c b/src/detect-sip-stat-code.c index eeb427dd1326..883872b169f3 100644 --- a/src/detect-sip-stat-code.c +++ b/src/detect-sip-stat-code.c @@ -103,8 +103,7 @@ void DetectSipStatCodeRegister (void) sigmatch_table[DETECT_AL_SIP_STAT_CODE].Setup = DetectSipStatCodeSetup; sigmatch_table[DETECT_AL_SIP_STAT_CODE].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SIP, - SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SIP, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 4, PrefilterGenericMpmRegister, diff --git a/src/detect-sip-stat-msg.c b/src/detect-sip-stat-msg.c index 583654803c3d..bda224b3e169 100644 --- a/src/detect-sip-stat-msg.c +++ b/src/detect-sip-stat-msg.c @@ -103,8 +103,7 @@ void DetectSipStatMsgRegister (void) sigmatch_table[DETECT_AL_SIP_STAT_MSG].Setup = DetectSipStatMsgSetup; sigmatch_table[DETECT_AL_SIP_STAT_MSG].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SIP, - SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SIP, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 3, PrefilterGenericMpmRegister, diff --git a/src/detect-sip-uri.c b/src/detect-sip-uri.c index 5c568e8c04a8..f71627e035e1 100644 --- a/src/detect-sip-uri.c +++ b/src/detect-sip-uri.c @@ -112,8 +112,7 @@ void DetectSipUriRegister(void) sigmatch_table[DETECT_AL_SIP_URI].Setup = DetectSipUriSetup; sigmatch_table[DETECT_AL_SIP_URI].flags |= SIGMATCH_NOOPT; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SIP, - SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SIP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, diff --git a/src/detect-smb-ntlmssp.c b/src/detect-smb-ntlmssp.c index 558488b5069a..aa53269309cf 100644 --- a/src/detect-smb-ntlmssp.c +++ b/src/detect-smb-ntlmssp.c @@ -84,7 +84,7 @@ void DetectSmbNtlmsspUserRegister(void) DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetNtlmsspUserData, ALPROTO_SMB, 1); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetNtlmsspUserData); g_smb_nltmssp_user_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME); @@ -142,7 +142,7 @@ void DetectSmbNtlmsspDomainRegister(void) DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetNtlmsspDomainData, ALPROTO_SMB, 1); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetNtlmsspDomainData); g_smb_nltmssp_domain_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME); diff --git a/src/detect-smb-share.c b/src/detect-smb-share.c index 7d90e5622d1c..018d8ceefd79 100644 --- a/src/detect-smb-share.c +++ b/src/detect-smb-share.c @@ -86,8 +86,7 @@ void DetectSmbNamedPipeRegister(void) DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetNamedPipeData, ALPROTO_SMB, 1); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetNamedPipeData); g_smb_named_pipe_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME); @@ -148,8 +147,7 @@ void DetectSmbShareRegister(void) DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetShareData, ALPROTO_SMB, 1); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SMB, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetShareData); g_smb_share_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME); diff --git a/src/detect-snmp-community.c b/src/detect-snmp-community.c index 1205f2e1a3dc..f1dd740e3d53 100644 --- a/src/detect-snmp-community.c +++ b/src/detect-snmp-community.c @@ -62,13 +62,11 @@ void DetectSNMPCommunityRegister(void) sigmatch_table[DETECT_AL_SNMP_COMMUNITY].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; /* register inspect engines */ - DetectAppLayerInspectEngineRegister2("snmp.community", - ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("snmp.community", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("snmp.community", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_SNMP, 0); - DetectAppLayerInspectEngineRegister2("snmp.community", - ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("snmp.community", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("snmp.community", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_SNMP, 0); diff --git a/src/detect-snmp-pdu_type.c b/src/detect-snmp-pdu_type.c index d053c29a792d..097fac1e959a 100644 --- a/src/detect-snmp-pdu_type.c +++ b/src/detect-snmp-pdu_type.c @@ -68,10 +68,10 @@ void DetectSNMPPduTypeRegister(void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); - DetectAppLayerInspectEngineRegister2("snmp.pdu_type", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("snmp.pdu_type", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("snmp.pdu_type", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("snmp.pdu_type", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); g_snmp_pdu_type_buffer_id = DetectBufferTypeGetByName("snmp.pdu_type"); diff --git a/src/detect-snmp-usm.c b/src/detect-snmp-usm.c index 153ba94d8519..fd1a814d164d 100644 --- a/src/detect-snmp-usm.c +++ b/src/detect-snmp-usm.c @@ -66,11 +66,11 @@ void DetectSNMPUsmRegister(void) sigmatch_table[DETECT_AL_SNMP_USM].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; /* register inspect engines */ - DetectAppLayerInspectEngineRegister2("snmp.usm", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("snmp.usm", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("snmp.usm", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_SNMP, 0); - DetectAppLayerInspectEngineRegister2("snmp.usm", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("snmp.usm", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("snmp.usm", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_SNMP, 0); diff --git a/src/detect-snmp-version.c b/src/detect-snmp-version.c index 57359c091bd6..f9bc728b8ad2 100644 --- a/src/detect-snmp-version.c +++ b/src/detect-snmp-version.c @@ -60,10 +60,10 @@ void DetectSNMPVersionRegister (void) sigmatch_table[DETECT_AL_SNMP_VERSION].RegisterTests = DetectSNMPVersionRegisterTests; #endif - DetectAppLayerInspectEngineRegister2("snmp.version", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("snmp.version", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("snmp.version", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("snmp.version", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); g_snmp_version_buffer_id = DetectBufferTypeGetByName("snmp.version"); diff --git a/src/detect-ssh-hassh-server-string.c b/src/detect-ssh-hassh-server-string.c index c38301de0d28..f62c72e79c79 100644 --- a/src/detect-ssh-hassh-server-string.c +++ b/src/detect-ssh-hassh-server-string.c @@ -131,9 +131,8 @@ void DetectSshHasshServerStringRegister(void) DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetSshData, ALPROTO_SSH, SshStateBannerDone); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SSH, - SIG_FLAG_TOCLIENT, SshStateBannerDone, - DetectEngineInspectBufferGeneric, GetSshData); + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOCLIENT, + SshStateBannerDone, DetectEngineInspectBufferGeneric, GetSshData); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-ssh-hassh-server.c b/src/detect-ssh-hassh-server.c index fe225bd2fcef..98f7d3dc2e2f 100644 --- a/src/detect-ssh-hassh-server.c +++ b/src/detect-ssh-hassh-server.c @@ -199,9 +199,8 @@ void DetectSshHasshServerRegister(void) DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetSshData, ALPROTO_SSH, SshStateBannerDone); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SSH, - SIG_FLAG_TOCLIENT, SshStateBannerDone, - DetectEngineInspectBufferGeneric, GetSshData); + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOCLIENT, + SshStateBannerDone, DetectEngineInspectBufferGeneric, GetSshData); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); g_ssh_hassh_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME); diff --git a/src/detect-ssh-hassh-string.c b/src/detect-ssh-hassh-string.c index af98c21bf291..ad29b90ee764 100644 --- a/src/detect-ssh-hassh-string.c +++ b/src/detect-ssh-hassh-string.c @@ -131,9 +131,8 @@ void DetectSshHasshStringRegister(void) DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetSshData, ALPROTO_SSH, SshStateBannerDone); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SSH, - SIG_FLAG_TOSERVER, SshStateBannerDone, - DetectEngineInspectBufferGeneric, GetSshData); + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOSERVER, + SshStateBannerDone, DetectEngineInspectBufferGeneric, GetSshData); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-ssh-hassh.c b/src/detect-ssh-hassh.c index 4704b95a658e..377aa9d2c433 100644 --- a/src/detect-ssh-hassh.c +++ b/src/detect-ssh-hassh.c @@ -201,7 +201,7 @@ void DetectSshHasshRegister(void) DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetSshData, ALPROTO_SSH, SshStateBannerDone), - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOSERVER, SshStateBannerDone, DetectEngineInspectBufferGeneric, GetSshData); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-ssh-proto.c b/src/detect-ssh-proto.c index e56f846c8416..19807511e757 100644 --- a/src/detect-ssh-proto.c +++ b/src/detect-ssh-proto.c @@ -106,11 +106,10 @@ void DetectSshProtocolRegister(void) DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetSshData, ALPROTO_SSH, SshStateBannerDone), - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOSERVER, SshStateBannerDone, DetectEngineInspectBufferGeneric, GetSshData); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_SSH, SIG_FLAG_TOCLIENT, SshStateBannerDone, - DetectEngineInspectBufferGeneric, GetSshData); + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOCLIENT, + SshStateBannerDone, DetectEngineInspectBufferGeneric, GetSshData); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-ssh-software-version.c b/src/detect-ssh-software-version.c index 5fec33ac0eef..a9b0af343207 100644 --- a/src/detect-ssh-software-version.c +++ b/src/detect-ssh-software-version.c @@ -98,9 +98,9 @@ void DetectSshSoftwareVersionRegister(void) g_ssh_banner_list_id = DetectBufferTypeRegister("ssh_banner"); - DetectAppLayerInspectEngineRegister2("ssh_banner", ALPROTO_SSH, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("ssh_banner", ALPROTO_SSH, SIG_FLAG_TOSERVER, SshStateBannerDone, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("ssh_banner", ALPROTO_SSH, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("ssh_banner", ALPROTO_SSH, SIG_FLAG_TOCLIENT, SshStateBannerDone, DetectEngineInspectGenericList, NULL); } diff --git a/src/detect-ssh-software.c b/src/detect-ssh-software.c index 2b0e3d47d1cc..0a8d5aab0d97 100644 --- a/src/detect-ssh-software.c +++ b/src/detect-ssh-software.c @@ -107,11 +107,10 @@ void DetectSshSoftwareRegister(void) DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetSshData, ALPROTO_SSH, SshStateBannerDone), - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOSERVER, SshStateBannerDone, DetectEngineInspectBufferGeneric, GetSshData); - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, - ALPROTO_SSH, SIG_FLAG_TOCLIENT, SshStateBannerDone, - DetectEngineInspectBufferGeneric, GetSshData); + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_SSH, SIG_FLAG_TOCLIENT, + SshStateBannerDone, DetectEngineInspectBufferGeneric, GetSshData); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-ssl-state.c b/src/detect-ssl-state.c index 3f2df48db7aa..385bf8c11502 100644 --- a/src/detect-ssl-state.c +++ b/src/detect-ssl-state.c @@ -89,9 +89,9 @@ void DetectSslStateRegister(void) DetectBufferTypeSetDescriptionByName("tls_generic", "generic ssl/tls inspection"); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "tls_generic", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2( + DetectAppLayerInspectEngineRegister( "tls_generic", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL); } diff --git a/src/detect-template-rust-buffer.c b/src/detect-template-rust-buffer.c index 86fc282712ba..95f8ff6d12ce 100644 --- a/src/detect-template-rust-buffer.c +++ b/src/detect-template-rust-buffer.c @@ -67,9 +67,9 @@ void DetectTemplateRustBufferRegister(void) sigmatch_table[DETECT_AL_TEMPLATE_BUFFER].flags |= SIGMATCH_NOOPT; /* register inspect engines */ - DetectAppLayerInspectEngineRegister2("template_buffer", ALPROTO_TEMPLATE, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("template_buffer", ALPROTO_TEMPLATE, SIG_FLAG_TOSERVER, 0, DetectEngineInspectTemplateRustBuffer, NULL); - DetectAppLayerInspectEngineRegister2("template_buffer", ALPROTO_TEMPLATE, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("template_buffer", ALPROTO_TEMPLATE, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectTemplateRustBuffer, NULL); g_template_rust_id = DetectBufferTypeGetByName("template_buffer"); diff --git a/src/detect-tls-cert-fingerprint.c b/src/detect-tls-cert-fingerprint.c index 354171113f04..9fec32151dd6 100644 --- a/src/detect-tls-cert-fingerprint.c +++ b/src/detect-tls-cert-fingerprint.c @@ -83,14 +83,13 @@ void DetectTlsFingerprintRegister(void) sigmatch_table[DETECT_AL_TLS_CERT_FINGERPRINT].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_CERT_FINGERPRINT].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("tls.cert_fingerprint", ALPROTO_TLS, - SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, - DetectEngineInspectBufferGeneric, GetData); + DetectAppLayerInspectEngineRegister("tls.cert_fingerprint", ALPROTO_TLS, SIG_FLAG_TOCLIENT, + TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("tls.cert_fingerprint", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, TLS_STATE_CERT_READY); - DetectAppLayerInspectEngineRegister2("tls.cert_fingerprint", ALPROTO_TLS, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("tls.cert_fingerprint", ALPROTO_TLS, SIG_FLAG_TOSERVER, TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("tls.cert_fingerprint", SIG_FLAG_TOSERVER, 2, diff --git a/src/detect-tls-cert-issuer.c b/src/detect-tls-cert-issuer.c index fd8f1bcbc0ed..49bada4cdf6d 100644 --- a/src/detect-tls-cert-issuer.c +++ b/src/detect-tls-cert-issuer.c @@ -79,15 +79,14 @@ void DetectTlsIssuerRegister(void) sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_CERT_ISSUER].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("tls.cert_issuer", ALPROTO_TLS, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("tls.cert_issuer", ALPROTO_TLS, SIG_FLAG_TOSERVER, TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("tls.cert_issuer", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, TLS_STATE_CERT_READY); - DetectAppLayerInspectEngineRegister2("tls.cert_issuer", ALPROTO_TLS, - SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, - DetectEngineInspectBufferGeneric, GetData); + DetectAppLayerInspectEngineRegister("tls.cert_issuer", ALPROTO_TLS, SIG_FLAG_TOCLIENT, + TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("tls.cert_issuer", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, TLS_STATE_CERT_READY); diff --git a/src/detect-tls-cert-serial.c b/src/detect-tls-cert-serial.c index b1fd15d537e2..0ac7bfdd20cc 100644 --- a/src/detect-tls-cert-serial.c +++ b/src/detect-tls-cert-serial.c @@ -83,14 +83,13 @@ void DetectTlsSerialRegister(void) sigmatch_table[DETECT_AL_TLS_CERT_SERIAL].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_CERT_SERIAL].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("tls.cert_serial", ALPROTO_TLS, - SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, - DetectEngineInspectBufferGeneric, GetData); + DetectAppLayerInspectEngineRegister("tls.cert_serial", ALPROTO_TLS, SIG_FLAG_TOCLIENT, + TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("tls.cert_serial", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, TLS_STATE_CERT_READY); - DetectAppLayerInspectEngineRegister2("tls.cert_serial", ALPROTO_TLS, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("tls.cert_serial", ALPROTO_TLS, SIG_FLAG_TOSERVER, TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("tls.cert_serial", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, diff --git a/src/detect-tls-cert-subject.c b/src/detect-tls-cert-subject.c index d4ceacfb1a95..e0dcde30a830 100644 --- a/src/detect-tls-cert-subject.c +++ b/src/detect-tls-cert-subject.c @@ -79,13 +79,13 @@ void DetectTlsSubjectRegister(void) sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_CERT_SUBJECT].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("tls.cert_subject", ALPROTO_TLS, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("tls.cert_subject", ALPROTO_TLS, SIG_FLAG_TOSERVER, TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("tls.cert_subject", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_TLS, TLS_STATE_CERT_READY); - DetectAppLayerInspectEngineRegister2("tls.cert_subject", ALPROTO_TLS, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("tls.cert_subject", ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("tls.cert_subject", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, diff --git a/src/detect-tls-cert-validity.c b/src/detect-tls-cert-validity.c index 63939b849286..0afd11e72e88 100644 --- a/src/detect-tls-cert-validity.c +++ b/src/detect-tls-cert-validity.c @@ -123,7 +123,7 @@ void DetectTlsValidityRegister (void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); - DetectAppLayerInspectEngineRegister2("tls_validity", ALPROTO_TLS, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("tls_validity", ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, DetectEngineInspectGenericList, NULL); g_tls_validity_buffer_id = DetectBufferTypeGetByName("tls_validity"); diff --git a/src/detect-tls-certs.c b/src/detect-tls-certs.c index 461df422e449..38042e3ef411 100644 --- a/src/detect-tls-certs.c +++ b/src/detect-tls-certs.c @@ -93,14 +93,13 @@ void DetectTlsCertsRegister(void) sigmatch_table[DETECT_AL_TLS_CERTS].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_CERTS].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("tls.certs", ALPROTO_TLS, - SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, - DetectEngineInspectTlsCerts, NULL); + DetectAppLayerInspectEngineRegister("tls.certs", ALPROTO_TLS, SIG_FLAG_TOCLIENT, + TLS_STATE_CERT_READY, DetectEngineInspectTlsCerts, NULL); DetectAppLayerMpmRegister("tls.certs", SIG_FLAG_TOCLIENT, 2, PrefilterMpmTlsCertsRegister, NULL, ALPROTO_TLS, TLS_STATE_CERT_READY); - DetectAppLayerInspectEngineRegister2("tls.certs", ALPROTO_TLS, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("tls.certs", ALPROTO_TLS, SIG_FLAG_TOSERVER, TLS_STATE_CERT_READY, DetectEngineInspectTlsCerts, NULL); DetectAppLayerMpmRegister("tls.certs", SIG_FLAG_TOSERVER, 2, PrefilterMpmTlsCertsRegister, NULL, @@ -362,7 +361,7 @@ void DetectTlsCertChainLenRegister(void) sigmatch_table[KEYWORD_ID].Setup = DetectTLSCertChainLenSetup; sigmatch_table[KEYWORD_ID].Free = DetectTLSCertChainLenFree; - DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_TLS, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, DetectEngineInspectGenericList, NULL); g_tls_cert_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME); diff --git a/src/detect-tls-ja3-hash.c b/src/detect-tls-ja3-hash.c index 2b8b5ff8912b..0cfe18d66e65 100644 --- a/src/detect-tls-ja3-hash.c +++ b/src/detect-tls-ja3-hash.c @@ -80,7 +80,7 @@ void DetectTlsJa3HashRegister(void) sigmatch_table[DETECT_AL_TLS_JA3_HASH].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_JA3_HASH].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("ja3.hash", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("ja3.hash", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister( @@ -89,7 +89,7 @@ void DetectTlsJa3HashRegister(void) DetectAppLayerMpmRegister("ja3.hash", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, Ja3DetectGetHash, ALPROTO_QUIC, 1); - DetectAppLayerInspectEngineRegister2("ja3.hash", ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister("ja3.hash", ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, DetectEngineInspectBufferGeneric, Ja3DetectGetHash); DetectBufferTypeSetDescriptionByName("ja3.hash", "TLS JA3 hash"); diff --git a/src/detect-tls-ja3-string.c b/src/detect-tls-ja3-string.c index 920e6f4a163c..6c2fbc6ad975 100644 --- a/src/detect-tls-ja3-string.c +++ b/src/detect-tls-ja3-string.c @@ -76,7 +76,7 @@ void DetectTlsJa3StringRegister(void) sigmatch_table[DETECT_AL_TLS_JA3_STRING].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_JA3_STRING].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("ja3.string", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("ja3.string", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("ja3.string", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, @@ -85,7 +85,7 @@ void DetectTlsJa3StringRegister(void) DetectAppLayerMpmRegister("ja3.string", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, Ja3DetectGetString, ALPROTO_QUIC, 1); - DetectAppLayerInspectEngineRegister2("ja3.string", ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, + DetectAppLayerInspectEngineRegister("ja3.string", ALPROTO_QUIC, SIG_FLAG_TOSERVER, 1, DetectEngineInspectBufferGeneric, Ja3DetectGetString); DetectBufferTypeSetDescriptionByName("ja3.string", "TLS JA3 string"); diff --git a/src/detect-tls-ja3s-hash.c b/src/detect-tls-ja3s-hash.c index 9d7429b202f7..a1a334a4f16b 100644 --- a/src/detect-tls-ja3s-hash.c +++ b/src/detect-tls-ja3s-hash.c @@ -79,7 +79,7 @@ void DetectTlsJa3SHashRegister(void) sigmatch_table[DETECT_AL_TLS_JA3S_HASH].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_JA3S_HASH].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("ja3s.hash", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("ja3s.hash", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("ja3s.hash", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, @@ -88,7 +88,7 @@ void DetectTlsJa3SHashRegister(void) DetectAppLayerMpmRegister("ja3s.hash", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, Ja3DetectGetHash, ALPROTO_QUIC, 1); - DetectAppLayerInspectEngineRegister2("ja3s.hash", ALPROTO_QUIC, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister("ja3s.hash", ALPROTO_QUIC, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, Ja3DetectGetHash); DetectBufferTypeSetDescriptionByName("ja3s.hash", "TLS JA3S hash"); diff --git a/src/detect-tls-ja3s-string.c b/src/detect-tls-ja3s-string.c index 0c4f1ba262fc..32117df68442 100644 --- a/src/detect-tls-ja3s-string.c +++ b/src/detect-tls-ja3s-string.c @@ -76,7 +76,7 @@ void DetectTlsJa3SStringRegister(void) sigmatch_table[DETECT_AL_TLS_JA3S_STRING].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_JA3S_STRING].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("ja3s.string", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("ja3s.string", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister("ja3s.string", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, @@ -85,7 +85,7 @@ void DetectTlsJa3SStringRegister(void) DetectAppLayerMpmRegister("ja3s.string", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, Ja3DetectGetString, ALPROTO_QUIC, 1); - DetectAppLayerInspectEngineRegister2("ja3s.string", ALPROTO_QUIC, SIG_FLAG_TOCLIENT, 1, + DetectAppLayerInspectEngineRegister("ja3s.string", ALPROTO_QUIC, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectBufferGeneric, Ja3DetectGetString); DetectBufferTypeSetDescriptionByName("ja3s.string", "TLS JA3S string"); diff --git a/src/detect-tls-random.c b/src/detect-tls-random.c index 6bce53a732f4..b8af73490a32 100644 --- a/src/detect-tls-random.c +++ b/src/detect-tls-random.c @@ -62,13 +62,13 @@ void DetectTlsRandomTimeRegister(void) sigmatch_table[DETECT_AL_TLS_RANDOM_TIME].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; /* Register engine for Server random */ - DetectAppLayerInspectEngineRegister2("tls.random_time", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("tls.random_time", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetRandomTimeData); DetectAppLayerMpmRegister("tls.random_time", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRandomTimeData, ALPROTO_TLS, 0); /* Register engine for Client random */ - DetectAppLayerInspectEngineRegister2("tls.random_time", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("tls.random_time", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetRandomTimeData); DetectAppLayerMpmRegister("tls.random_time", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetRandomTimeData, ALPROTO_TLS, 0); @@ -90,13 +90,13 @@ void DetectTlsRandomBytesRegister(void) SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; /* Register engine for Server random */ - DetectAppLayerInspectEngineRegister2("tls.random_bytes", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("tls.random_bytes", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetRandomBytesData); DetectAppLayerMpmRegister("tls.random_bytes", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRandomBytesData, ALPROTO_TLS, 0); /* Register engine for Client random */ - DetectAppLayerInspectEngineRegister2("tls.random_bytes", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("tls.random_bytes", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetRandomBytesData); DetectAppLayerMpmRegister("tls.random_bytes", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetRandomBytesData, ALPROTO_TLS, 0); @@ -122,13 +122,13 @@ void DetectTlsRandomRegister(void) sigmatch_table[DETECT_AL_TLS_RANDOM].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; /* Register engine for Server random */ - DetectAppLayerInspectEngineRegister2("tls.random", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("tls.random", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetRandomData); DetectAppLayerMpmRegister("tls.random", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetRandomData, ALPROTO_TLS, 0); /* Register engine for Client random */ - DetectAppLayerInspectEngineRegister2("tls.random", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, + DetectAppLayerInspectEngineRegister("tls.random", ALPROTO_TLS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetRandomData); DetectAppLayerMpmRegister("tls.random", SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetRandomData, ALPROTO_TLS, 0); diff --git a/src/detect-tls-sni.c b/src/detect-tls-sni.c index 0279710b0280..10b6d08dafd3 100644 --- a/src/detect-tls-sni.c +++ b/src/detect-tls-sni.c @@ -73,7 +73,7 @@ void DetectTlsSniRegister(void) sigmatch_table[DETECT_AL_TLS_SNI].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_AL_TLS_SNI].flags |= SIGMATCH_INFO_STICKY_BUFFER; - DetectAppLayerInspectEngineRegister2("tls.sni", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, + DetectAppLayerInspectEngineRegister("tls.sni", ALPROTO_TLS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister( diff --git a/src/detect-tls.c b/src/detect-tls.c index 71e45696cd9c..e94a9b2a600c 100644 --- a/src/detect-tls.c +++ b/src/detect-tls.c @@ -141,10 +141,10 @@ void DetectTlsRegister (void) g_tls_cert_list_id = DetectBufferTypeRegister("tls_cert"); g_tls_cert_fingerprint_list_id = DetectBufferTypeRegister("tls.cert_fingerprint"); - DetectAppLayerInspectEngineRegister2("tls_cert", ALPROTO_TLS, SIG_FLAG_TOCLIENT, + DetectAppLayerInspectEngineRegister("tls_cert", ALPROTO_TLS, SIG_FLAG_TOCLIENT, TLS_STATE_CERT_READY, DetectEngineInspectGenericList, NULL); - DetectAppLayerInspectEngineRegister2("tls_cert", ALPROTO_TLS, SIG_FLAG_TOSERVER, + DetectAppLayerInspectEngineRegister("tls_cert", ALPROTO_TLS, SIG_FLAG_TOSERVER, TLS_STATE_CERT_READY, DetectEngineInspectGenericList, NULL); } From 5780a9a1491ff68da41553d0d14d5fe32e9d54e5 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Sun, 12 Nov 2023 14:15:11 +0100 Subject: [PATCH 03/12] detect: rename InspectEngineFuncPtr2 to InspectEngineFuncPtr Version 1 of the API no longer exists. --- src/detect-engine.c | 15 ++++++--------- src/detect-engine.h | 2 +- src/detect-parse.h | 2 +- src/detect.h | 4 ++-- 4 files changed, 10 insertions(+), 13 deletions(-) diff --git a/src/detect-engine.c b/src/detect-engine.c index 9355315ce500..3068446556ab 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -214,7 +214,7 @@ void DetectFrameInspectEngineRegister(const char *name, int dir, * * \note errors are fatal */ void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, - int progress, InspectEngineFuncPtr2 Callback2, InspectionBufferGetDataPtr GetData) + int progress, InspectEngineFuncPtr Callback, InspectionBufferGetDataPtr GetData) { BUG_ON(progress >= 48); @@ -225,15 +225,12 @@ void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uin } SCLogDebug("name %s id %d", name, sm_list); - if ((alproto >= ALPROTO_FAILED) || - (!(dir == SIG_FLAG_TOSERVER || dir == SIG_FLAG_TOCLIENT)) || - (sm_list < DETECT_SM_LIST_MATCH) || (sm_list >= SHRT_MAX) || - (progress < 0 || progress >= SHRT_MAX) || - (Callback2 == NULL)) - { + if ((alproto >= ALPROTO_FAILED) || (!(dir == SIG_FLAG_TOSERVER || dir == SIG_FLAG_TOCLIENT)) || + (sm_list < DETECT_SM_LIST_MATCH) || (sm_list >= SHRT_MAX) || + (progress < 0 || progress >= SHRT_MAX) || (Callback == NULL)) { SCLogError("Invalid arguments"); BUG_ON(1); - } else if (Callback2 == DetectEngineInspectBufferGeneric && GetData == NULL) { + } else if (Callback == DetectEngineInspectBufferGeneric && GetData == NULL) { SCLogError("Invalid arguments: must register " "GetData with DetectEngineInspectBufferGeneric"); BUG_ON(1); @@ -256,7 +253,7 @@ void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uin new_engine->sm_list = (uint16_t)sm_list; new_engine->sm_list_base = (uint16_t)sm_list; new_engine->progress = (int16_t)progress; - new_engine->v2.Callback = Callback2; + new_engine->v2.Callback = Callback; new_engine->v2.GetData = GetData; if (g_app_inspect_engines == NULL) { diff --git a/src/detect-engine.h b/src/detect-engine.h index 997d3c061883..71b06aeff7b5 100644 --- a/src/detect-engine.h +++ b/src/detect-engine.h @@ -162,7 +162,7 @@ int DetectEngineInspectPktBufferGeneric( * \param Callback The engine callback. */ void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, - int progress, InspectEngineFuncPtr2 Callback2, InspectionBufferGetDataPtr GetData); + int progress, InspectEngineFuncPtr Callback2, InspectionBufferGetDataPtr GetData); void DetectPktInspectEngineRegister(const char *name, InspectionBufferGetPktDataPtr GetPktData, diff --git a/src/detect-parse.h b/src/detect-parse.h index a7f2c4d17df7..0110ebac653b 100644 --- a/src/detect-parse.h +++ b/src/detect-parse.h @@ -33,7 +33,7 @@ typedef struct DetectFileHandlerTableElmt_ { const char *name; int priority; PrefilterRegisterFunc PrefilterFn; - InspectEngineFuncPtr2 Callback; + InspectEngineFuncPtr Callback; InspectionBufferGetDataPtr GetData; int al_protocols[MAX_DETECT_ALPROTO_CNT]; int tx_progress; diff --git a/src/detect.h b/src/detect.h index 04dd49a65a75..ec67198da2a3 100644 --- a/src/detect.h +++ b/src/detect.h @@ -410,7 +410,7 @@ typedef InspectionBuffer *(*InspectionBufferGetDataPtr)( void *txv, const int list_id); struct DetectEngineAppInspectionEngine_; -typedef uint8_t (*InspectEngineFuncPtr2)(struct DetectEngineCtx_ *de_ctx, +typedef uint8_t (*InspectEngineFuncPtr)(struct DetectEngineCtx_ *de_ctx, struct DetectEngineThreadCtx_ *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const struct Signature_ *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); @@ -427,7 +427,7 @@ typedef struct DetectEngineAppInspectionEngine_ { struct { InspectionBufferGetDataPtr GetData; - InspectEngineFuncPtr2 Callback; + InspectEngineFuncPtr Callback; /** pointer to the transforms in the 'DetectBuffer entry for this list */ const DetectEngineTransforms *transforms; } v2; From b58744dccb2d12a7f4e3b79d0955c16dab77f200 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Thu, 16 Nov 2023 09:43:33 -0600 Subject: [PATCH 04/12] rustfmt: replace deprecated fn_args_layout with fn_params_layout --- rust/rustfmt.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/rustfmt.toml b/rust/rustfmt.toml index 848158b48e0f..064b795a873b 100644 --- a/rust/rustfmt.toml +++ b/rust/rustfmt.toml @@ -1,4 +1,4 @@ # Rust format configuration file. If empty, then this is a message that # we expect the default formatting rules to be used. -fn_args_layout = "compressed" +fn_params_layout = "compressed" From 9ce80a7012bbc90e7f68fdaa056e4a4a5ae3a672 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Thu, 16 Nov 2023 09:44:07 -0600 Subject: [PATCH 05/12] dns: rustfmt with latest stable --- rust/src/dns/detect.rs | 64 ++++++++++++++++++------------------------ rust/src/dns/dns.rs | 6 ++-- rust/src/dns/log.rs | 15 ++++++---- 3 files changed, 41 insertions(+), 44 deletions(-) diff --git a/rust/src/dns/detect.rs b/rust/src/dns/detect.rs index 268a409eac8d..5d9d945be0ce 100644 --- a/rust/src/dns/detect.rs +++ b/rust/src/dns/detect.rs @@ -156,44 +156,36 @@ mod test { #[test] fn test_match_opcode() { - assert!( - match_opcode( - &DetectDnsOpcode { - negate: false, - opcode: 0, - }, - 0b0000_0000_0000_0000, - ) - ); + assert!(match_opcode( + &DetectDnsOpcode { + negate: false, + opcode: 0, + }, + 0b0000_0000_0000_0000, + )); - assert!( - !match_opcode( - &DetectDnsOpcode { - negate: true, - opcode: 0, - }, - 0b0000_0000_0000_0000, - ) - ); + assert!(!match_opcode( + &DetectDnsOpcode { + negate: true, + opcode: 0, + }, + 0b0000_0000_0000_0000, + )); - assert!( - match_opcode( - &DetectDnsOpcode { - negate: false, - opcode: 4, - }, - 0b0010_0000_0000_0000, - ) - ); + assert!(match_opcode( + &DetectDnsOpcode { + negate: false, + opcode: 4, + }, + 0b0010_0000_0000_0000, + )); - assert!( - !match_opcode( - &DetectDnsOpcode { - negate: true, - opcode: 4, - }, - 0b0010_0000_0000_0000, - ) - ); + assert!(!match_opcode( + &DetectDnsOpcode { + negate: true, + opcode: 4, + }, + 0b0010_0000_0000_0000, + )); } } diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs index 382c76ae59b5..c93547c15126 100644 --- a/rust/src/dns/dns.rs +++ b/rust/src/dns/dns.rs @@ -250,10 +250,10 @@ impl Transaction for DNSTransaction { impl DNSTransaction { pub fn new(direction: Direction) -> Self { - Self { - tx_data: AppLayerTxData::for_direction(direction), + Self { + tx_data: AppLayerTxData::for_direction(direction), ..Default::default() - } + } } /// Get the DNS transactions ID (not the internal tracking ID). diff --git a/rust/src/dns/log.rs b/rust/src/dns/log.rs index 5212b1a0da7c..1bece89a5ae6 100644 --- a/rust/src/dns/log.rs +++ b/rust/src/dns/log.rs @@ -524,7 +524,8 @@ fn dns_log_json_answer( match &answer.data { DNSRData::A(addr) | DNSRData::AAAA(addr) => { if !answer_types.contains_key(&type_string) { - answer_types.insert(type_string.to_string(), JsonBuilder::try_new_array()?); + answer_types + .insert(type_string.to_string(), JsonBuilder::try_new_array()?); } if let Some(a) = answer_types.get_mut(&type_string) { a.append_string(&dns_print_addr(addr))?; @@ -537,7 +538,8 @@ fn dns_log_json_answer( | DNSRData::NULL(bytes) | DNSRData::PTR(bytes) => { if !answer_types.contains_key(&type_string) { - answer_types.insert(type_string.to_string(), JsonBuilder::try_new_array()?); + answer_types + .insert(type_string.to_string(), JsonBuilder::try_new_array()?); } if let Some(a) = answer_types.get_mut(&type_string) { a.append_string_from_bytes(bytes)?; @@ -545,7 +547,8 @@ fn dns_log_json_answer( } DNSRData::SOA(soa) => { if !answer_types.contains_key(&type_string) { - answer_types.insert(type_string.to_string(), JsonBuilder::try_new_array()?); + answer_types + .insert(type_string.to_string(), JsonBuilder::try_new_array()?); } if let Some(a) = answer_types.get_mut(&type_string) { a.append_object(&dns_log_soa(soa)?)?; @@ -553,7 +556,8 @@ fn dns_log_json_answer( } DNSRData::SSHFP(sshfp) => { if !answer_types.contains_key(&type_string) { - answer_types.insert(type_string.to_string(), JsonBuilder::try_new_array()?); + answer_types + .insert(type_string.to_string(), JsonBuilder::try_new_array()?); } if let Some(a) = answer_types.get_mut(&type_string) { a.append_object(&dns_log_sshfp(sshfp)?)?; @@ -561,7 +565,8 @@ fn dns_log_json_answer( } DNSRData::SRV(srv) => { if !answer_types.contains_key(&type_string) { - answer_types.insert(type_string.to_string(), JsonBuilder::try_new_array()?); + answer_types + .insert(type_string.to_string(), JsonBuilder::try_new_array()?); } if let Some(a) = answer_types.get_mut(&type_string) { a.append_object(&dns_log_srv(srv)?)?; From 0f570e250993be8589c7193af6bd72722f1aecf4 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Wed, 15 Nov 2023 15:58:36 -0600 Subject: [PATCH 06/12] dns: consolidate DNSRequest and DNSResponse to DNSMessage DNS request and response messages follow the same format so there is no reason not to use the same data structure for each. While its unlikely to see fields like answers in a request, the message format does not disallow them, so it might be interesting data to have the ability to log. --- rust/src/dns/dns.rs | 27 ++++--------- rust/src/dns/log.rs | 2 +- rust/src/dns/parser.rs | 88 ++++++++++++++++++------------------------ 3 files changed, 46 insertions(+), 71 deletions(-) diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs index c93547c15126..aa0042f0b259 100644 --- a/rust/src/dns/dns.rs +++ b/rust/src/dns/dns.rs @@ -221,13 +221,7 @@ pub struct DNSAnswerEntry { } #[derive(Debug)] -pub struct DNSRequest { - pub header: DNSHeader, - pub queries: Vec, -} - -#[derive(Debug)] -pub struct DNSResponse { +pub struct DNSMessage { pub header: DNSHeader, pub queries: Vec, pub answers: Vec, @@ -237,8 +231,8 @@ pub struct DNSResponse { #[derive(Debug, Default)] pub struct DNSTransaction { pub id: u64, - pub request: Option, - pub response: Option, + pub request: Option, + pub response: Option, pub tx_data: AppLayerTxData, } @@ -402,7 +396,7 @@ impl DNSState { return !is_tcp; }; - match parser::dns_parse_request_body(body, input, header) { + match parser::dns_parse_body(body, input, header) { Ok((_, request)) => { if request.header.flags & 0x8000 != 0 { SCLogDebug!("DNS message is not a request"); @@ -474,7 +468,7 @@ impl DNSState { return !is_tcp; }; - match parser::dns_parse_response_body(body, input, header) { + match parser::dns_parse_body(body, input, header) { Ok((_, response)) => { SCLogDebug!("Response header flags: {}", response.header.flags); @@ -702,14 +696,9 @@ fn probe(input: &[u8], dlen: usize) -> (bool, bool, bool) { } } - match parser::dns_parse_request(input) { - Ok((_, request)) => { - return probe_header_validity(&request.header, dlen); - } - Err(Err::Incomplete(_)) => match parser::dns_parse_header(input) { - Ok((_, header)) => { - return probe_header_validity(&header, dlen); - } + match parser::dns_parse_header(input) { + Ok((body, header)) => match parser::dns_parse_body(body, input, header) { + Ok((_, request)) => probe_header_validity(&request.header, dlen), Err(Err::Incomplete(_)) => (false, false, true), Err(_) => (false, false, false), }, diff --git a/rust/src/dns/log.rs b/rust/src/dns/log.rs index 1bece89a5ae6..4c0d4fc065b4 100644 --- a/rust/src/dns/log.rs +++ b/rust/src/dns/log.rs @@ -476,7 +476,7 @@ fn dns_log_json_answer_detail(answer: &DNSAnswerEntry) -> Result Result<(), JsonError> { let header = &response.header; diff --git a/rust/src/dns/parser.rs b/rust/src/dns/parser.rs index a1d97a53fd02..f7f9fd0d6e8c 100644 --- a/rust/src/dns/parser.rs +++ b/rust/src/dns/parser.rs @@ -24,27 +24,6 @@ use nom7::multi::{count, length_data, many_m_n}; use nom7::number::streaming::{be_u16, be_u32, be_u8}; use nom7::{error_position, Err, IResult}; -// Parse a DNS header. -pub fn dns_parse_header(i: &[u8]) -> IResult<&[u8], DNSHeader> { - let (i, tx_id) = be_u16(i)?; - let (i, flags) = be_u16(i)?; - let (i, questions) = be_u16(i)?; - let (i, answer_rr) = be_u16(i)?; - let (i, authority_rr) = be_u16(i)?; - let (i, additional_rr) = be_u16(i)?; - Ok(( - i, - DNSHeader { - tx_id, - flags, - questions, - answer_rr, - authority_rr, - additional_rr, - }, - )) -} - /// Parse a DNS name. /// /// Parameters: @@ -191,23 +170,6 @@ fn dns_parse_answer<'a>( return Ok((input, answers)); } -pub fn dns_parse_response_body<'a>( - i: &'a [u8], message: &'a [u8], header: DNSHeader, -) -> IResult<&'a [u8], DNSResponse> { - let (i, queries) = count(|b| dns_parse_query(b, message), header.questions as usize)(i)?; - let (i, answers) = dns_parse_answer(i, message, header.answer_rr as usize)?; - let (i, authorities) = dns_parse_answer(i, message, header.authority_rr as usize)?; - Ok(( - i, - DNSResponse { - header, - queries, - answers, - authorities, - }, - )) -} - /// Parse a single DNS query. /// /// Arguments are suitable for using with call!: @@ -343,19 +305,42 @@ pub fn dns_parse_rdata<'a>( } } -/// Parse a DNS request. -pub fn dns_parse_request(input: &[u8]) -> IResult<&[u8], DNSRequest> { - let i = input; - let (i, header) = dns_parse_header(i)?; - dns_parse_request_body(i, input, header) +// Parse a DNS header. +pub fn dns_parse_header(i: &[u8]) -> IResult<&[u8], DNSHeader> { + let (i, tx_id) = be_u16(i)?; + let (i, flags) = be_u16(i)?; + let (i, questions) = be_u16(i)?; + let (i, answer_rr) = be_u16(i)?; + let (i, authority_rr) = be_u16(i)?; + let (i, additional_rr) = be_u16(i)?; + Ok(( + i, + DNSHeader { + tx_id, + flags, + questions, + answer_rr, + authority_rr, + additional_rr, + }, + )) } -pub fn dns_parse_request_body<'a>( - input: &'a [u8], message: &'a [u8], header: DNSHeader, -) -> IResult<&'a [u8], DNSRequest> { - let i = input; +pub fn dns_parse_body<'a>( + i: &'a [u8], message: &'a [u8], header: DNSHeader, +) -> IResult<&'a [u8], DNSMessage> { let (i, queries) = count(|b| dns_parse_query(b, message), header.questions as usize)(i)?; - Ok((i, DNSRequest { header, queries })) + let (i, answers) = dns_parse_answer(i, message, header.answer_rr as usize)?; + let (i, authorities) = dns_parse_answer(i, message, header.authority_rr as usize)?; + Ok(( + i, + DNSMessage { + header, + queries, + answers, + authorities, + }, + )) } #[cfg(test)] @@ -490,7 +475,8 @@ mod tests { 0x00, 0x00, 0x00, /* ... */ ]; - let res = dns_parse_request(pkt); + let (body, header) = dns_parse_header(pkt).unwrap(); + let res = dns_parse_body(body, pkt, header); match res { Ok((rem, request)) => { // For now we have some remainder data as there is an @@ -523,10 +509,10 @@ mod tests { } /// Parse a DNS response. - fn dns_parse_response(message: &[u8]) -> IResult<&[u8], DNSResponse> { + fn dns_parse_response(message: &[u8]) -> IResult<&[u8], DNSMessage> { let i = message; let (i, header) = dns_parse_header(i)?; - dns_parse_response_body(i, message, header) + dns_parse_body(i, message, header) } #[test] From 1e52f392dd1cb302ab0b5a8b2237af424e06a879 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Mon, 23 Oct 2023 15:28:40 -0600 Subject: [PATCH 07/12] dns: add dns.answer.name keyword This sticky buffer will allow content matching on the answer names. While ansers typically only occur in DNS responses, we allow the buffer to be used in request context as well as the request message format allows it. Feature: #6496 --- rust/src/dns/dns.rs | 25 +++++ src/Makefile.am | 2 + src/detect-dns-answer-name.c | 183 +++++++++++++++++++++++++++++++++++ src/detect-dns-answer-name.h | 23 +++++ src/detect-engine-register.c | 2 + src/detect-engine-register.h | 1 + 6 files changed, 236 insertions(+) create mode 100644 src/detect-dns-answer-name.c create mode 100644 src/detect-dns-answer-name.h diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs index aa0042f0b259..8933c680db56 100644 --- a/rust/src/dns/dns.rs +++ b/rust/src/dns/dns.rs @@ -870,6 +870,31 @@ pub unsafe extern "C" fn rs_dns_tx_get_query_name( return 0; } +/// Get the DNS response answer name and index i. +#[no_mangle] +pub unsafe extern "C" fn SCDnsTxGetAnswerName( + tx: &mut DNSTransaction, to_client: bool, i: u32, buf: *mut *const u8, len: *mut u32, +) -> bool { + let answers = if to_client { + tx.response.as_ref().map(|response| &response.answers) + } else { + tx.request.as_ref().map(|request| &request.answers) + }; + let index = i as usize; + + if let Some(answers) = answers { + if let Some(answer) = answers.get(index) { + if !answer.name.is_empty() { + *buf = answer.name.as_ptr(); + *len = answer.name.len() as u32; + return true; + } + } + } + + false +} + /// Get the DNS transaction ID of a transaction. // /// extern uint16_t rs_dns_tx_get_tx_id(RSDNSTransaction *); diff --git a/src/Makefile.am b/src/Makefile.am index 48a5ce850ce2..0114389a2062 100755 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -121,6 +121,7 @@ noinst_HEADERS = \ detect-detection-filter.h \ detect-distance.h \ detect-dnp3.h \ + detect-dns-answer-name.h \ detect-dns-opcode.h \ detect-dns-query.h \ detect-dsize.h \ @@ -732,6 +733,7 @@ libsuricata_c_a_SOURCES = \ detect-detection-filter.c \ detect-distance.c \ detect-dnp3.c \ + detect-dns-answer-name.c \ detect-dns-opcode.c \ detect-dns-query.c \ detect-dsize.c \ diff --git a/src/detect-dns-answer-name.c b/src/detect-dns-answer-name.c new file mode 100644 index 000000000000..5c573b1e2c36 --- /dev/null +++ b/src/detect-dns-answer-name.c @@ -0,0 +1,183 @@ +/* Copyright (C) 2023 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * Detect keyword for DNS answer name: dns.answer.name + */ + +#include "detect.h" +#include "detect-parse.h" +#include "detect-engine.h" +#include "detect-engine-prefilter.h" +#include "detect-engine-content-inspection.h" +#include "detect-dns-answer-name.h" +#include "util-profiling.h" +#include "rust.h" + +static int DetectSetup(DetectEngineCtx *, Signature *, const char *); +static uint8_t DetectEngineInspectCb(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, + const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, + uint8_t flags, void *alstate, void *txv, uint64_t tx_id); +static int PrefilterMpmRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, + const DetectBufferMpmRegistry *mpm_reg, int list_id); + +static int detect_buffer_id = 0; + +void DetectDnsAnswerNameRegister(void) +{ + static const char *keyword = "dns.answer.name"; + sigmatch_table[DETECT_AL_DNS_ANSWER_NAME].name = keyword; + sigmatch_table[DETECT_AL_DNS_ANSWER_NAME].desc = "DNS answer name sticky buffer"; + sigmatch_table[DETECT_AL_DNS_ANSWER_NAME].url = "/rules/dns-keywords.html#dns-answer-name"; + sigmatch_table[DETECT_AL_DNS_ANSWER_NAME].Setup = DetectSetup; + sigmatch_table[DETECT_AL_DNS_ANSWER_NAME].flags |= SIGMATCH_NOOPT; + sigmatch_table[DETECT_AL_DNS_ANSWER_NAME].flags |= SIGMATCH_INFO_STICKY_BUFFER; + + /* Register in the TO_SERVER direction, even though this is not + normal, it could be provided as part of a request. */ + DetectAppLayerInspectEngineRegister( + keyword, ALPROTO_DNS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectCb, NULL); + DetectAppLayerMpmRegister( + keyword, SIG_FLAG_TOSERVER, 2, PrefilterMpmRegister, NULL, ALPROTO_DNS, 1); + + /* Register in the TO_CLIENT direction. */ + DetectAppLayerInspectEngineRegister( + keyword, ALPROTO_DNS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectCb, NULL); + DetectAppLayerMpmRegister( + keyword, SIG_FLAG_TOCLIENT, 2, PrefilterMpmRegister, NULL, ALPROTO_DNS, 1); + + DetectBufferTypeSetDescriptionByName(keyword, "dns answer name"); + DetectBufferTypeSupportsMultiInstance(keyword); + + detect_buffer_id = DetectBufferTypeGetByName(keyword); +} + +static int DetectSetup(DetectEngineCtx *de_ctx, Signature *s, const char *str) +{ + if (DetectBufferSetActiveList(de_ctx, s, detect_buffer_id) < 0) { + return -1; + } + if (DetectSignatureSetAppProto(s, ALPROTO_DNS) < 0) { + return -1; + } + + return 0; +} + +static InspectionBuffer *GetBuffer(DetectEngineThreadCtx *det_ctx, uint8_t flags, + const DetectEngineTransforms *transforms, void *txv, uint32_t index, int list_id) +{ + InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, index); + if (buffer == NULL) { + return NULL; + } + if (buffer->initialized) { + return buffer; + } + + bool to_client = (flags & STREAM_TOSERVER) == 0; + const uint8_t *data = NULL; + uint32_t data_len = 0; + + if (!SCDnsTxGetAnswerName(txv, to_client, index, &data, &data_len)) { + InspectionBufferSetupMultiEmpty(buffer); + return NULL; + } + InspectionBufferSetupMulti(buffer, transforms, data, data_len); + return buffer; +} + +static uint8_t DetectEngineInspectCb(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, + const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, + uint8_t flags, void *alstate, void *txv, uint64_t tx_id) +{ + const DetectEngineTransforms *transforms = NULL; + if (!engine->mpm) { + transforms = engine->v2.transforms; + } + + for (uint32_t i = 0;; i++) { + InspectionBuffer *buffer = GetBuffer(det_ctx, flags, transforms, txv, i, engine->sm_list); + if (buffer == NULL || buffer->inspect == NULL) { + break; + } + + det_ctx->buffer_offset = 0; + det_ctx->discontinue_matching = 0; + det_ctx->inspection_recursion_counter = 0; + + const int match = DetectEngineContentInspection(de_ctx, det_ctx, s, engine->smd, NULL, f, + (uint8_t *)buffer->inspect, buffer->inspect_len, buffer->inspect_offset, + DETECT_CI_FLAGS_SINGLE, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE); + if (match == 1) { + return DETECT_ENGINE_INSPECT_SIG_MATCH; + } + } + + return DETECT_ENGINE_INSPECT_SIG_NO_MATCH; +} + +typedef struct PrefilterMpm { + int list_id; + const MpmCtx *mpm_ctx; + const DetectEngineTransforms *transforms; +} PrefilterMpm; + +static void PrefilterTx(DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p, Flow *f, + void *txv, const uint64_t idx, const AppLayerTxData *_txd, const uint8_t flags) +{ + SCEnter(); + + const PrefilterMpm *ctx = (const PrefilterMpm *)pectx; + const MpmCtx *mpm_ctx = ctx->mpm_ctx; + const int list_id = ctx->list_id; + + for (uint32_t i = 0;; i++) { + InspectionBuffer *buffer = GetBuffer(det_ctx, flags, ctx->transforms, txv, i, list_id); + if (buffer == NULL) { + break; + } + + if (buffer->inspect_len >= mpm_ctx->minlen) { + (void)mpm_table[mpm_ctx->mpm_type].Search( + mpm_ctx, &det_ctx->mtcu, &det_ctx->pmq, buffer->inspect, buffer->inspect_len); + PREFILTER_PROFILING_ADD_BYTES(det_ctx, buffer->inspect_len); + } + } +} + +static void PrefilterMpmFree(void *ptr) +{ + SCFree(ptr); +} + +static int PrefilterMpmRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, + const DetectBufferMpmRegistry *mpm_reg, int list_id) +{ + PrefilterMpm *pectx = SCCalloc(1, sizeof(*pectx)); + if (pectx == NULL) { + return -1; + } + pectx->list_id = list_id; + pectx->mpm_ctx = mpm_ctx; + pectx->transforms = &mpm_reg->transforms; + + return PrefilterAppendTxEngine(de_ctx, sgh, PrefilterTx, mpm_reg->app_v2.alproto, + mpm_reg->app_v2.tx_min_progress, pectx, PrefilterMpmFree, mpm_reg->pname); +} diff --git a/src/detect-dns-answer-name.h b/src/detect-dns-answer-name.h new file mode 100644 index 000000000000..4f84b4894c16 --- /dev/null +++ b/src/detect-dns-answer-name.h @@ -0,0 +1,23 @@ +/* Copyright (C) 2023 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +#ifndef __DETECT_DNS_ANSWER_NAME_H__ +#define __DETECT_DNS_ANSWER_NAME_H__ + +void DetectDnsAnswerNameRegister(void); + +#endif /* __DETECT_DNS_ANSWER_NAME_H__ */ diff --git a/src/detect-engine-register.c b/src/detect-engine-register.c index df6e4a738ffc..12cb3c44ef8b 100644 --- a/src/detect-engine-register.c +++ b/src/detect-engine-register.c @@ -47,6 +47,7 @@ #include "detect-engine-dcepayload.h" #include "detect-dns-opcode.h" #include "detect-dns-query.h" +#include "detect-dns-answer-name.h" #include "detect-tls-sni.h" #include "detect-tls-certs.h" #include "detect-tls-cert-fingerprint.h" @@ -511,6 +512,7 @@ void SigTableSetup(void) DetectDnsQueryRegister(); DetectDnsOpcodeRegister(); + DetectDnsAnswerNameRegister(); DetectModbusRegister(); DetectCipServiceRegister(); DetectEnipCommandRegister(); diff --git a/src/detect-engine-register.h b/src/detect-engine-register.h index 7d6c457ef9b0..781695c44a87 100644 --- a/src/detect-engine-register.h +++ b/src/detect-engine-register.h @@ -223,6 +223,7 @@ enum DetectKeywordId { DETECT_AL_DNS_QUERY, DETECT_AL_DNS_OPCODE, + DETECT_AL_DNS_ANSWER_NAME, DETECT_AL_TLS_SNI, DETECT_AL_TLS_CERTS, DETECT_AL_TLS_CERT_ISSUER, From 614f633f4dd5ef45ac0884622c5ffd73ec12a344 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Tue, 14 Nov 2023 17:01:49 -0600 Subject: [PATCH 08/12] dns: add dns.query.name sticky buffer This buffer is much like dns.query_name but allows for detection in both directions. Feature: #6497 --- rust/src/dns/dns.rs | 25 +++++ src/Makefile.am | 2 + src/detect-dns-query-name.c | 182 +++++++++++++++++++++++++++++++++++ src/detect-dns-query-name.h | 23 +++++ src/detect-engine-register.c | 2 + src/detect-engine-register.h | 1 + 6 files changed, 235 insertions(+) create mode 100644 src/detect-dns-query-name.c create mode 100644 src/detect-dns-query-name.h diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs index 8933c680db56..e8558828d5d0 100644 --- a/rust/src/dns/dns.rs +++ b/rust/src/dns/dns.rs @@ -870,6 +870,31 @@ pub unsafe extern "C" fn rs_dns_tx_get_query_name( return 0; } +/// Get the DNS query name at index i. +#[no_mangle] +pub unsafe extern "C" fn SCDnsTxGetQueryName( + tx: &mut DNSTransaction, to_client: bool, i: u32, buf: *mut *const u8, len: *mut u32, +) -> bool { + let queries = if to_client { + tx.response.as_ref().map(|response| &response.queries) + } else { + tx.request.as_ref().map(|request| &request.queries) + }; + let index = i as usize; + + if let Some(queries) = queries { + if let Some(query) = queries.get(index) { + if !query.name.is_empty() { + *buf = query.name.as_ptr(); + *len = query.name.len() as u32; + return true; + } + } + } + + false +} + /// Get the DNS response answer name and index i. #[no_mangle] pub unsafe extern "C" fn SCDnsTxGetAnswerName( diff --git a/src/Makefile.am b/src/Makefile.am index 0114389a2062..5edcab784958 100755 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -124,6 +124,7 @@ noinst_HEADERS = \ detect-dns-answer-name.h \ detect-dns-opcode.h \ detect-dns-query.h \ + detect-dns-query-name.h \ detect-dsize.h \ detect-engine-address.h \ detect-engine-address-ipv4.h \ @@ -736,6 +737,7 @@ libsuricata_c_a_SOURCES = \ detect-dns-answer-name.c \ detect-dns-opcode.c \ detect-dns-query.c \ + detect-dns-query-name.c \ detect-dsize.c \ detect-engine-address.c \ detect-engine-address-ipv4.c \ diff --git a/src/detect-dns-query-name.c b/src/detect-dns-query-name.c new file mode 100644 index 000000000000..d3d091e028f8 --- /dev/null +++ b/src/detect-dns-query-name.c @@ -0,0 +1,182 @@ +/* Copyright (C) 2023 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * Detect keyword for DNS query names: dns.query.name + */ + +#include "detect.h" +#include "detect-parse.h" +#include "detect-engine.h" +#include "detect-engine-prefilter.h" +#include "detect-engine-content-inspection.h" +#include "detect-dns-query-name.h" +#include "util-profiling.h" +#include "rust.h" + +static int DetectSetup(DetectEngineCtx *, Signature *, const char *); +static uint8_t DetectEngineInspectCb(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, + const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, + uint8_t flags, void *alstate, void *txv, uint64_t tx_id); +static int PrefilterMpmRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, + const DetectBufferMpmRegistry *mpm_reg, int list_id); + +static int detect_buffer_id = 0; + +void DetectDnsQueryNameRegister(void) +{ + static const char *keyword = "dns.query.name"; + sigmatch_table[DETECT_AL_DNS_QUERY_NAME].name = keyword; + sigmatch_table[DETECT_AL_DNS_QUERY_NAME].desc = "DNS query name sticky buffer"; + sigmatch_table[DETECT_AL_DNS_QUERY_NAME].url = "/rules/dns-keywords.html#dns-query-name"; + sigmatch_table[DETECT_AL_DNS_QUERY_NAME].Setup = DetectSetup; + sigmatch_table[DETECT_AL_DNS_QUERY_NAME].flags |= SIGMATCH_NOOPT; + sigmatch_table[DETECT_AL_DNS_QUERY_NAME].flags |= SIGMATCH_INFO_STICKY_BUFFER; + + /* Register in both directions as the query is usually echoed back + in the response. */ + DetectAppLayerInspectEngineRegister( + keyword, ALPROTO_DNS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectCb, NULL); + DetectAppLayerMpmRegister( + keyword, SIG_FLAG_TOSERVER, 2, PrefilterMpmRegister, NULL, ALPROTO_DNS, 1); + + DetectAppLayerInspectEngineRegister( + keyword, ALPROTO_DNS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectCb, NULL); + DetectAppLayerMpmRegister( + keyword, SIG_FLAG_TOCLIENT, 2, PrefilterMpmRegister, NULL, ALPROTO_DNS, 1); + + DetectBufferTypeSetDescriptionByName(keyword, "dns query name"); + DetectBufferTypeSupportsMultiInstance(keyword); + + detect_buffer_id = DetectBufferTypeGetByName(keyword); +} + +static int DetectSetup(DetectEngineCtx *de_ctx, Signature *s, const char *str) +{ + if (DetectBufferSetActiveList(de_ctx, s, detect_buffer_id) < 0) { + return -1; + } + if (DetectSignatureSetAppProto(s, ALPROTO_DNS) < 0) { + return -1; + } + + return 0; +} + +static InspectionBuffer *GetBuffer(DetectEngineThreadCtx *det_ctx, const uint8_t flags, + const DetectEngineTransforms *transforms, void *txv, uint32_t index, int list_id) +{ + InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, index); + if (buffer == NULL) { + return NULL; + } + if (buffer->initialized) { + return buffer; + } + + bool to_client = (flags & STREAM_TOSERVER) == 0; + const uint8_t *data = NULL; + uint32_t data_len = 0; + + if (!SCDnsTxGetQueryName(txv, to_client, index, &data, &data_len)) { + InspectionBufferSetupMultiEmpty(buffer); + return NULL; + } + InspectionBufferSetupMulti(buffer, transforms, data, data_len); + return buffer; +} + +static uint8_t DetectEngineInspectCb(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, + const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, + uint8_t flags, void *alstate, void *txv, uint64_t tx_id) +{ + const DetectEngineTransforms *transforms = NULL; + if (!engine->mpm) { + transforms = engine->v2.transforms; + } + + for (uint32_t i = 0;; i++) { + InspectionBuffer *buffer = GetBuffer(det_ctx, flags, transforms, txv, i, engine->sm_list); + if (buffer == NULL || buffer->inspect == NULL) { + break; + } + + det_ctx->buffer_offset = 0; + det_ctx->discontinue_matching = 0; + det_ctx->inspection_recursion_counter = 0; + + const int match = DetectEngineContentInspection(de_ctx, det_ctx, s, engine->smd, NULL, f, + (uint8_t *)buffer->inspect, buffer->inspect_len, buffer->inspect_offset, + DETECT_CI_FLAGS_SINGLE, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE); + if (match == 1) { + return DETECT_ENGINE_INSPECT_SIG_MATCH; + } + } + + return DETECT_ENGINE_INSPECT_SIG_NO_MATCH; +} + +typedef struct PrefilterMpm { + int list_id; + const MpmCtx *mpm_ctx; + const DetectEngineTransforms *transforms; +} PrefilterMpm; + +static void PrefilterTx(DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p, Flow *f, + void *txv, const uint64_t idx, const AppLayerTxData *_txd, const uint8_t flags) +{ + SCEnter(); + + const PrefilterMpm *ctx = (const PrefilterMpm *)pectx; + const MpmCtx *mpm_ctx = ctx->mpm_ctx; + const int list_id = ctx->list_id; + + for (uint32_t i = 0;; i++) { + InspectionBuffer *buffer = GetBuffer(det_ctx, flags, ctx->transforms, txv, i, list_id); + if (buffer == NULL) { + break; + } + + if (buffer->inspect_len >= mpm_ctx->minlen) { + (void)mpm_table[mpm_ctx->mpm_type].Search( + mpm_ctx, &det_ctx->mtcu, &det_ctx->pmq, buffer->inspect, buffer->inspect_len); + PREFILTER_PROFILING_ADD_BYTES(det_ctx, buffer->inspect_len); + } + } +} + +static void PrefilterMpmFree(void *ptr) +{ + SCFree(ptr); +} + +static int PrefilterMpmRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx, + const DetectBufferMpmRegistry *mpm_reg, int list_id) +{ + PrefilterMpm *pectx = SCCalloc(1, sizeof(*pectx)); + if (pectx == NULL) { + return -1; + } + pectx->list_id = list_id; + pectx->mpm_ctx = mpm_ctx; + pectx->transforms = &mpm_reg->transforms; + + return PrefilterAppendTxEngine(de_ctx, sgh, PrefilterTx, mpm_reg->app_v2.alproto, + mpm_reg->app_v2.tx_min_progress, pectx, PrefilterMpmFree, mpm_reg->pname); +} diff --git a/src/detect-dns-query-name.h b/src/detect-dns-query-name.h new file mode 100644 index 000000000000..b1d7db99e8c5 --- /dev/null +++ b/src/detect-dns-query-name.h @@ -0,0 +1,23 @@ +/* Copyright (C) 2023 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +#ifndef __DETECT_DNS_QUERY_NAME_H__ +#define __DETECT_DNS_QUERY_NAME_H__ + +void DetectDnsQueryNameRegister(void); + +#endif /* __DETECT_DNS_QUERY_NAME_H__ */ diff --git a/src/detect-engine-register.c b/src/detect-engine-register.c index 12cb3c44ef8b..1077800902b7 100644 --- a/src/detect-engine-register.c +++ b/src/detect-engine-register.c @@ -48,6 +48,7 @@ #include "detect-dns-opcode.h" #include "detect-dns-query.h" #include "detect-dns-answer-name.h" +#include "detect-dns-query-name.h" #include "detect-tls-sni.h" #include "detect-tls-certs.h" #include "detect-tls-cert-fingerprint.h" @@ -513,6 +514,7 @@ void SigTableSetup(void) DetectDnsQueryRegister(); DetectDnsOpcodeRegister(); DetectDnsAnswerNameRegister(); + DetectDnsQueryNameRegister(); DetectModbusRegister(); DetectCipServiceRegister(); DetectEnipCommandRegister(); diff --git a/src/detect-engine-register.h b/src/detect-engine-register.h index 781695c44a87..854cf760d588 100644 --- a/src/detect-engine-register.h +++ b/src/detect-engine-register.h @@ -224,6 +224,7 @@ enum DetectKeywordId { DETECT_AL_DNS_QUERY, DETECT_AL_DNS_OPCODE, DETECT_AL_DNS_ANSWER_NAME, + DETECT_AL_DNS_QUERY_NAME, DETECT_AL_TLS_SNI, DETECT_AL_TLS_CERTS, DETECT_AL_TLS_CERT_ISSUER, From f8f9b2aa0c5e5475d896ea952df92a9dbcdfe970 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Wed, 15 Nov 2023 12:31:12 -0600 Subject: [PATCH 09/12] dns: replace usage of rs_dns_tx_get_query_name with SCDnsTxGetQueryName SCDnsTxGetQueryName was introduced to allow for getting the query name in responses as well as requests, so covers the functionality of rs_dns_tx_get_query_name. --- rust/src/dns/dns.rs | 17 ----------------- src/detect-dns-query.c | 2 +- 2 files changed, 1 insertion(+), 18 deletions(-) diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs index e8558828d5d0..57f66c0f73df 100644 --- a/rust/src/dns/dns.rs +++ b/rust/src/dns/dns.rs @@ -853,23 +853,6 @@ pub unsafe extern "C" fn rs_dns_state_get_tx_data( export_state_data_get!(rs_dns_get_state_data, DNSState); -#[no_mangle] -pub unsafe extern "C" fn rs_dns_tx_get_query_name( - tx: &mut DNSTransaction, i: u32, buf: *mut *const u8, len: *mut u32, -) -> u8 { - if let Some(request) = &tx.request { - if (i as usize) < request.queries.len() { - let query = &request.queries[i as usize]; - if !query.name.is_empty() { - *len = query.name.len() as u32; - *buf = query.name.as_ptr(); - return 1; - } - } - } - return 0; -} - /// Get the DNS query name at index i. #[no_mangle] pub unsafe extern "C" fn SCDnsTxGetQueryName( diff --git a/src/detect-dns-query.c b/src/detect-dns-query.c index af0bc750ed56..10075e562b40 100644 --- a/src/detect-dns-query.c +++ b/src/detect-dns-query.c @@ -87,7 +87,7 @@ static InspectionBuffer *DnsQueryGetData(DetectEngineThreadCtx *det_ctx, const uint8_t *data; uint32_t data_len; - if (rs_dns_tx_get_query_name(cbdata->txv, cbdata->local_id, &data, &data_len) == 0) { + if (SCDnsTxGetQueryName(cbdata->txv, false, cbdata->local_id, &data, &data_len) == 0) { InspectionBufferSetupMultiEmpty(buffer); return NULL; } From 7a8a10faf2456e8f85ab118bb168f18251fe6ed7 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Wed, 15 Nov 2023 12:11:51 -0600 Subject: [PATCH 10/12] doc/userguide: document dns.query.name, dns.answer.name With some other minor cleanups in the DNS keyword section. --- doc/userguide/rules/dns-keywords.rst | 63 +++++++++++++++++++++------- 1 file changed, 49 insertions(+), 14 deletions(-) diff --git a/doc/userguide/rules/dns-keywords.rst b/doc/userguide/rules/dns-keywords.rst index e62a25d40bed..a514ae25195b 100644 --- a/doc/userguide/rules/dns-keywords.rst +++ b/doc/userguide/rules/dns-keywords.rst @@ -1,10 +1,27 @@ DNS Keywords ============ -There are some more content modifiers (If you are unfamiliar with -content modifiers, please visit the page :doc:`payload-keywords` These -ones make sure the signature checks a specific part of the -network-traffic. +Suricata supports sticky buffers as well as keywords for efficiently +matching on specific fields in DNS messages. + +Note that sticky buffers are expected to be followed by one or more +:doc:`payload-keywords`. + +dns.answer.name +--------------- + +``dns.answer.name`` is a sticky buffer that is used to look at the +name field in DNS answer resource records. + +``dns.answer.name`` will look at both requests and responses, so +``flow`` is recommended to confine to a specific direction. + +The buffer being matched on contains the complete re-assembled +resource name, for example "www.suricata.io". + +``dns.answer.name`` supports :doc:`multi-buffer-matching`. + +``dns.answer.name`` was introduced in Suricata 8.0.0. dns.opcode ---------- @@ -32,20 +49,26 @@ Match on DNS requests where the **opcode** is NOT 0:: dns.query --------- -With **dns.query** the DNS request queries are inspected. The dns.query -keyword works a bit different from the normal content modifiers. When -used in a rule all contents following it are affected by it. Example: +``dns.query`` is a sticky buffer that is used to inspect DNS query +names in DNS request messages. Example:: - alert dns any any -> any any (msg:"Test dns.query option"; - dns.query; content:"google"; nocase; sid:1;) + alert dns any any -> any any (msg:"Test dns.query option"; dns.query; content:"google"; nocase; sid:1;) + +Being a sticky buffer, payload keywords such as content are to be used after ``dns.query``: .. image:: dns-keywords/dns_query.png -The **dns.query** keyword affects all following contents, until pkt_data -is used or it reaches the end of the rule. +The ``dns.query`` keyword affects all following contents, until +pkt_data is used or it reaches the end of the rule. .. note:: **dns.query** is equivalent to the older **dns_query**. +.. note:: **dns.query** will only match on DNS request messages, to + also match on DNS response message, see + `dns.query.name`_. + +``dns.query.name`` supports :doc:`multi-buffer-matching`. + Normalized Buffer ~~~~~~~~~~~~~~~~~ @@ -68,7 +91,19 @@ DNS query on the wire (snippet):: mail.google.com -Multiple Buffer Matching -~~~~~~~~~~~~~~~~~~~~~~~~ +dns.query.name +--------------- + +``dns.query.name`` is a sticky buffer that is used to look at the name +field in DNS query (question) resource records. It is nearly identical +to ``dns.query`` but supports both DNS requests and responses. + +``dns.query.name`` will look at both requests and responses, so +``flow`` is recommended to confine to a specific direction. + +The buffer being matched on contains the complete re-assembled +resource name, for example "www.suricata.io". + +``dns.query.name`` supports :doc:`multi-buffer-matching`. -``dns.query`` supports multiple buffer matching, see :doc:`multi-buffer-matching`. \ No newline at end of file +``dns.query.name`` was introduced in Suricata 8.0.0. From 7d18b02a563fd1c16c5f705599bc02c27e2e8fb1 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Sun, 12 Nov 2023 14:03:25 +0100 Subject: [PATCH 11/12] output-json-alert: remove un-needed includes --- src/output-json-alert.c | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/src/output-json-alert.c b/src/output-json-alert.c index a7df1065509e..f512e13ba122 100644 --- a/src/output-json-alert.c +++ b/src/output-json-alert.c @@ -31,30 +31,20 @@ #include "conf.h" #include "stream.h" -#include "threads.h" -#include "tm-threads.h" #include "threadvars.h" #include "util-debug.h" #include "util-logopenfile.h" #include "util-misc.h" #include "util-time.h" -#include "util-unittest.h" -#include "util-unittest-helper.h" -#include "detect-parse.h" #include "detect-engine.h" -#include "detect-engine-mpm.h" -#include "detect-reference.h" #include "detect-metadata.h" #include "app-layer-parser.h" #include "app-layer-dnp3.h" -#include "app-layer-htp.h" #include "app-layer-htp-xff.h" #include "app-layer-ftp.h" #include "app-layer-frames.h" -#include "util-classification-config.h" -#include "util-syslog.h" #include "log-pcap.h" #include "output.h" @@ -64,7 +54,6 @@ #include "output-json-dns.h" #include "output-json-http.h" #include "output-json-tls.h" -#include "output-json-ssh.h" #include "rust.h" #include "output-json-smtp.h" #include "output-json-email-common.h" @@ -79,10 +68,7 @@ #include "output-json-frame.h" #include "output-json-quic.h" -#include "util-byte.h" -#include "util-privs.h" #include "util-print.h" -#include "util-proto-name.h" #include "util-optimize.h" #include "util-buffer.h" #include "util-validate.h" From 7093d63d224cdeae1bd7f4a9f84620c1e776ca01 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Sun, 12 Nov 2023 08:46:07 -0500 Subject: [PATCH 12/12] output-json-dns: remove un-needed includes --- src/output-json-dns.c | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/src/output-json-dns.c b/src/output-json-dns.c index 020e27853a9e..9e10c3ea14b5 100644 --- a/src/output-json-dns.c +++ b/src/output-json-dns.c @@ -24,31 +24,17 @@ */ #include "suricata-common.h" -#include "detect.h" -#include "pkt-var.h" #include "conf.h" -#include "threads.h" #include "threadvars.h" -#include "tm-threads.h" - -#include "util-print.h" -#include "util-unittest.h" #include "util-debug.h" #include "util-mem.h" #include "app-layer-parser.h" #include "output.h" -#include "app-layer.h" -#include "util-privs.h" -#include "util-buffer.h" -#include "util-proto-name.h" -#include "util-logopenfile.h" -#include "util-time.h" #include "output-json.h" #include "output-json-dns.h" -#include "rust.h" /* we can do query logging as well, but it's disabled for now as the * TX id handling doesn't expect it */