https://redmine.openinfosecfoundation.org/
https://redmine.openinfosecfoundation.org/favicon.ico?1701117002
2019-07-28T16:22:28Z
Open Information Security Foundation
Suricata - Bug #3006: improve rule keyword alproto registration
https://redmine.openinfosecfoundation.org/issues/3006?journal_id=13165
2019-07-28T16:22:28Z
Shivani Bhardwaj
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Assigned</i></li><li><strong>Assignee</strong> changed from <i>OISF Dev</i> to <i>Shivani Bhardwaj</i></li></ul>
Suricata - Bug #3006: improve rule keyword alproto registration
https://redmine.openinfosecfoundation.org/issues/3006?journal_id=13289
2019-08-20T06:33:31Z
Shivani Bhardwaj
<ul></ul><p>I'm unable to understand the statement, "direct 'sets' of Signature::alproto from keyword registration", could you please make it clearer?</p>
Suricata - Bug #3006: improve rule keyword alproto registration
https://redmine.openinfosecfoundation.org/issues/3006?journal_id=13290
2019-08-20T08:05:37Z
Victor Julien
victor@inliniac.net
<ul></ul><p>With direct 'sets' I mean code like:</p>
<pre><code class="c syntaxhl" data-language="c"><span class="k">static</span> <span class="kt">int</span> <span class="nf">DetectHttpUriSetupSticky</span><span class="p">(</span><span class="n">DetectEngineCtx</span> <span class="o">*</span><span class="n">de_ctx</span><span class="p">,</span> <span class="n">Signature</span> <span class="o">*</span><span class="n">s</span><span class="p">,</span> <span class="k">const</span> <span class="kt">char</span> <span class="o">*</span><span class="n">str</span><span class="p">)</span>
<span class="p">{</span>
<span class="n">DetectBufferSetActiveList</span><span class="p">(</span><span class="n">s</span><span class="p">,</span> <span class="n">g_http_uri_buffer_id</span><span class="p">);</span>
<span class="n">s</span><span class="o">-></span><span class="n">alproto</span> <span class="o">=</span> <span class="n">ALPROTO_HTTP</span><span class="p">;</span>
<span class="k">return</span> <span class="mi">0</span><span class="p">;</span>
<span class="p">}</span>
</code></pre>
<p>Where Signature::alproto is set explicitly.</p>
<p>These cases should be replaced by calls to DetectSignatureSetAppProto. E.g.:</p>
<pre><code class="c syntaxhl" data-language="c"><span class="k">static</span> <span class="kt">int</span> <span class="nf">DetectHttpMethodSetupSticky</span><span class="p">(</span><span class="n">DetectEngineCtx</span> <span class="o">*</span><span class="n">de_ctx</span><span class="p">,</span> <span class="n">Signature</span> <span class="o">*</span><span class="n">s</span><span class="p">,</span> <span class="k">const</span> <span class="kt">char</span> <span class="o">*</span><span class="n">str</span><span class="p">)</span>
<span class="p">{</span>
<span class="k">if</span> <span class="p">(</span><span class="n">DetectBufferSetActiveList</span><span class="p">(</span><span class="n">s</span><span class="p">,</span> <span class="n">g_http_method_buffer_id</span><span class="p">)</span> <span class="o"><</span> <span class="mi">0</span><span class="p">)</span>
<span class="k">return</span> <span class="o">-</span><span class="mi">1</span><span class="p">;</span>
<span class="k">if</span> <span class="p">(</span><span class="n">DetectSignatureSetAppProto</span><span class="p">(</span><span class="n">s</span><span class="p">,</span> <span class="n">ALPROTO_HTTP</span><span class="p">)</span> <span class="o"><</span> <span class="mi">0</span><span class="p">)</span>
<span class="k">return</span> <span class="o">-</span><span class="mi">1</span><span class="p">;</span>
<span class="k">return</span> <span class="mi">0</span><span class="p">;</span>
<span class="p">}</span>
</code></pre>
Suricata - Bug #3006: improve rule keyword alproto registration
https://redmine.openinfosecfoundation.org/issues/3006?journal_id=13409
2019-08-29T05:39:41Z
Shivani Bhardwaj
<ul><li><strong>Status</strong> changed from <i>Assigned</i> to <i>Feedback</i></li></ul>
Suricata - Bug #3006: improve rule keyword alproto registration
https://redmine.openinfosecfoundation.org/issues/3006?journal_id=13439
2019-08-30T16:25:10Z
Shivani Bhardwaj
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Closed</i></li></ul><p>Fixed with <a class="external" href="https://github.com/OISF/suricata/commit/85b56b633eb28ddcd994d3eddb606a232588a8a9">https://github.com/OISF/suricata/commit/85b56b633eb28ddcd994d3eddb606a232588a8a9</a></p>