"AppLayerParserState",
"CLuaState",
"DetectEngineState",
+ "DetectEngineThreadCtx",
"GenericVar",
"Flow",
"StreamingBufferConfig",
pub enum DetectEngineState {}
pub enum AppLayerDecoderEvents {}
pub enum GenericVar {}
+#[repr(C)]
+pub struct DetectEngineThreadCtx {
+ _unused: [u8; 0],
+}
#[repr(C)]
#[derive(Debug, PartialEq, Eq, Clone, Copy)]
use std::os::raw::{c_char, c_int, c_void};
use std::ffi::CString;
+use crate::core::DetectEngineThreadCtx;
use suricata_sys::sys::AppProto;
/// EnumString trait that will be implemented on enums that
de: *mut c_void, s: *mut c_void, kwid: c_int, ctx: *const c_void, bufid: c_int,
) -> *mut c_void;
// in detect-engine-helper.h
- pub fn DetectHelperGetMultiData(
- de: *mut c_void,
- transforms: *const c_void,
- flow: *const c_void,
- flow_flags: u8,
- tx: *const c_void,
- list_id: c_int,
- local_id: u32,
- get_buf: unsafe extern "C" fn(*const c_void, u8, u32, *mut *const u8, *mut u32) -> bool,
- ) -> *mut c_void;
pub fn DetectHelperMultiBufferMpmRegister(
name: *const libc::c_char, desc: *const libc::c_char, alproto: AppProto, toclient: bool,
toserver: bool,
get_multi_data: unsafe extern "C" fn(
- *mut c_void,
- *const c_void,
+ *mut DetectEngineThreadCtx,
*const c_void,
u8,
- *const c_void,
- i32,
u32,
- ) -> *mut c_void,
+ *mut *const u8,
+ *mut u32,
+ ) -> bool,
) -> c_int;
pub fn DetectHelperMultiBufferProgressMpmRegister(
name: *const libc::c_char, desc: *const libc::c_char, alproto: AppProto, toclient: bool,
toserver: bool,
get_multi_data: unsafe extern "C" fn(
- *mut c_void,
- *const c_void,
+ *mut DetectEngineThreadCtx,
*const c_void,
u8,
- *const c_void,
- i32,
u32,
- ) -> *mut c_void,
+ *mut *const u8,
+ *mut u32,
+ ) -> bool,
progress: c_int,
) -> c_int;
}
*/
use super::dns::{DNSRcode, DNSRecordType, DNSTransaction, ALPROTO_DNS};
+use crate::core::DetectEngineThreadCtx;
use crate::detect::uint::{
detect_match_uint, detect_parse_uint_enum, DetectUintData, SCDetectU16Free, SCDetectU8Free,
SCDetectU8Parse,
};
use crate::detect::{
helper_keyword_register_sticky_buffer, DetectBufferSetActiveList, DetectHelperBufferRegister,
- DetectHelperGetMultiData, DetectHelperKeywordAliasRegister, DetectHelperKeywordRegister,
+ DetectHelperKeywordAliasRegister, DetectHelperKeywordRegister,
DetectHelperMultiBufferProgressMpmRegister, DetectSignatureSetAppProto, SCSigTableAppLiteElmt,
SigMatchAppendSMToList, SigTableElmtStickyBuffer,
};
/// Get the DNS response answer name and index i.
unsafe extern "C" fn dns_tx_get_answer_name(
- tx: *const c_void, flags: u8, i: u32, buf: *mut *const u8, len: *mut u32,
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, flags: u8, i: u32, buf: *mut *const u8,
+ len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, DNSTransaction);
let answers = if flags & Direction::ToClient as u8 != 0 {
false
}
-unsafe extern "C" fn dns_answer_name_get_data_wrapper(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int, local_id: u32,
-) -> *mut c_void {
- return DetectHelperGetMultiData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- local_id,
- dns_tx_get_answer_name,
- );
-}
-
unsafe extern "C" fn dns_detect_query_name_setup(
de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char,
) -> c_int {
/// Get the DNS response answer name and index i.
unsafe extern "C" fn dns_tx_get_query_name(
- tx: *const c_void, flags: u8, i: u32, buf: *mut *const u8, len: *mut u32,
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, flags: u8, i: u32, buf: *mut *const u8,
+ len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, DNSTransaction);
let queries = if flags & Direction::ToClient as u8 != 0 {
}
unsafe extern "C" fn dns_tx_get_query(
- tx: *const c_void, _flags: u8, i: u32, buf: *mut *const u8, len: *mut u32,
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, _flags: u8, i: u32, buf: *mut *const u8,
+ len: *mut u32,
) -> bool {
- return dns_tx_get_query_name(tx, Direction::ToServer as u8, i, buf, len);
+ return dns_tx_get_query_name(_de, tx, Direction::ToServer as u8, i, buf, len);
}
unsafe extern "C" fn dns_detect_query_setup(
return 0;
}
-unsafe extern "C" fn dns_query_name_get_data_wrapper(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int, local_id: u32,
-) -> *mut c_void {
- return DetectHelperGetMultiData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- local_id,
- dns_tx_get_query_name,
- );
-}
-
-unsafe extern "C" fn dns_query_get_data_wrapper(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int, local_id: u32,
-) -> *mut c_void {
- return DetectHelperGetMultiData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- local_id,
- dns_tx_get_query,
- );
-}
-
#[no_mangle]
pub unsafe extern "C" fn SCDetectDNSRegister() {
let kw = SigTableElmtStickyBuffer {
/* Register also in the TO_SERVER direction, even though this is not
normal, it could be provided as part of a request. */
true,
- dns_answer_name_get_data_wrapper,
+ dns_tx_get_answer_name,
1, // response complete
);
let kw = SCSigTableAppLiteElmt {
/* Register in both directions as the query is usually echoed back
in the response. */
true,
- dns_query_name_get_data_wrapper,
+ dns_tx_get_query_name,
1, // request or response complete
);
let kw = SCSigTableAppLiteElmt {
ALPROTO_DNS,
false, // only toserver
true,
- dns_query_get_data_wrapper, // reuse, will be called only toserver
- 1, // request complete
+ dns_tx_get_query, // reuse, will be called only toserver
+ 1, // request complete
);
}
use std::collections::HashMap;
use std::collections::VecDeque;
use std::ffi::CString;
+use std::os::raw::c_void;
use crate::applayer::*;
use crate::core::{self, *};
/// Get the DNS query name at index i.
#[no_mangle]
pub unsafe extern "C" fn SCDnsTxGetQueryName(
- tx: &mut DNSTransaction, to_client: bool, i: u32, buf: *mut *const u8, len: *mut u32,
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, flow_flags: u8, i: u32,
+ buf: *mut *const u8, len: *mut u32,
) -> bool {
- let queries = if to_client {
+ let tx = cast_pointer!(tx, DNSTransaction);
+ let queries = if (flow_flags & STREAM_TOSERVER) == 0 {
tx.response.as_ref().map(|response| &response.queries)
} else {
tx.request.as_ref().map(|request| &request.queries)
/// Get the DNS response answer name and index i.
#[no_mangle]
pub unsafe extern "C" fn SCDnsTxGetAnswerName(
- tx: &mut DNSTransaction, to_client: bool, i: u32, buf: *mut *const u8, len: *mut u32,
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, flow_flags: u8, i: u32,
+ buf: *mut *const u8, len: *mut u32,
) -> bool {
- let answers = if to_client {
+ let tx = cast_pointer!(tx, DNSTransaction);
+ let answers = if (flow_flags & STREAM_TOSERVER) == 0 {
tx.response.as_ref().map(|response| &response.answers)
} else {
tx.request.as_ref().map(|request| &request.answers)
/// Get the DNS response authority name at index i.
#[no_mangle]
pub unsafe extern "C" fn SCDnsTxGetAuthorityName(
- tx: &mut DNSTransaction, i: u32, buf: *mut *const u8, len: *mut u32,
-) -> bool {
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, _flow_flags: u8, i: u32,
+ buf: *mut *const u8, len: *mut u32,
+) -> bool {
+ let tx = cast_pointer!(tx, DNSTransaction);
let index = i as usize;
if let Some(response) = &tx.response {
/// Get the DNS response additional name at index i.
#[no_mangle]
pub unsafe extern "C" fn SCDnsTxGetAdditionalName(
- tx: &mut DNSTransaction, i: u32, buf: *mut *const u8, len: *mut u32,
-) -> bool {
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, _flow_flags: u8, i: u32,
+ buf: *mut *const u8, len: *mut u32,
+) -> bool {
+ let tx = cast_pointer!(tx, DNSTransaction);
let index = i as usize;
if let Some(response) = &tx.response {
fn get_rdata_name(data: &DNSRData) -> Option<&DNSName> {
match data {
- DNSRData::CNAME(name)
- | DNSRData::PTR(name)
- | DNSRData::MX(name)
- | DNSRData::NS(name) => {
+ DNSRData::CNAME(name) | DNSRData::PTR(name) | DNSRData::MX(name) | DNSRData::NS(name) => {
Some(name)
}
- DNSRData::SOA(soa) => {
- Some(&soa.mname)
- }
- _ => {
- None
- }
+ DNSRData::SOA(soa) => Some(&soa.mname),
+ _ => None,
}
}
#[no_mangle]
pub unsafe extern "C" fn SCDnsTxGetAnswerRdata(
tx: &mut DNSTransaction, i: u32, buf: *mut *const u8, len: *mut u32,
-) -> bool {
+) -> bool {
let index = i as usize;
if let Some(response) = &tx.response {
#[no_mangle]
pub unsafe extern "C" fn SCDnsTxGetAuthorityRdata(
tx: &mut DNSTransaction, i: u32, buf: *mut *const u8, len: *mut u32,
-) -> bool {
+) -> bool {
let index = i as usize;
if let Some(response) = &tx.response {
#[no_mangle]
pub unsafe extern "C" fn SCDnsTxGetAdditionalRdata(
tx: &mut DNSTransaction, i: u32, buf: *mut *const u8, len: *mut u32,
-) -> bool {
+) -> bool {
let index = i as usize;
if let Some(response) = &tx.response {
HTTP2Event, HTTP2Frame, HTTP2FrameTypeData, HTTP2State, HTTP2Transaction, HTTP2TransactionState,
};
use super::parser;
-use crate::direction::Direction;
+use crate::core::DetectEngineThreadCtx;
use crate::detect::uint::{detect_match_uint, DetectUintData};
+use crate::direction::Direction;
+use base64::{engine::general_purpose::STANDARD, Engine};
use std::ffi::CStr;
-use std::str::FromStr;
+use std::os::raw::c_void;
use std::rc::Rc;
-use base64::{Engine, engine::general_purpose::STANDARD};
+use std::str::FromStr;
fn http2_tx_has_frametype(
tx: &HTTP2Transaction, direction: Direction, value: u8,
// and rs_http2_detect_sizeupdatectx_match explicitly casting
#[no_mangle]
pub unsafe extern "C" fn rs_http2_tx_get_header_name(
- tx: &HTTP2Transaction, direction: u8, nb: u32, buffer: *mut *const u8, buffer_len: *mut u32,
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, direction: u8, nb: u32,
+ buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
+ let tx = cast_pointer!(tx, HTTP2Transaction);
let mut pos = 0_u32;
match direction.into() {
Direction::ToServer => {
#[no_mangle]
pub unsafe extern "C" fn rs_http2_tx_get_header(
- tx: &mut HTTP2Transaction, direction: u8, nb: u32, buffer: *mut *const u8, buffer_len: *mut u32,
-) -> u8 {
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, direction: u8, nb: u32,
+ buffer: *mut *const u8, buffer_len: *mut u32,
+) -> bool {
+ let tx = cast_pointer!(tx, HTTP2Transaction);
let mut pos = 0_u32;
match direction.into() {
Direction::ToServer => {
let value = &tx.escaped[idx];
*buffer = value.as_ptr(); //unsafe
*buffer_len = value.len() as u32;
- return 1;
+ return true;
} else {
pos += blocks.len() as u32;
}
let value = &tx.escaped[idx];
*buffer = value.as_ptr(); //unsafe
*buffer_len = value.len() as u32;
- return 1;
+ return true;
} else {
pos += blocks.len() as u32;
}
}
}
}
- return 0;
+ return false;
}
fn http2_tx_set_header(state: &mut HTTP2State, name: &[u8], input: &[u8]) {
blocks,
};
let txdata = HTTP2FrameTypeData::HEADERS(hs);
- let tx = state.find_or_create_tx(&head, &txdata, Direction::ToServer).unwrap();
+ let tx = state
+ .find_or_create_tx(&head, &txdata, Direction::ToServer)
+ .unwrap();
tx.frames_ts.push(HTTP2Frame {
header: head,
data: txdata,
match parser::http2_parse_frame_settings(&dec) {
Ok((_, set)) => {
let txdata = HTTP2FrameTypeData::SETTINGS(set);
- let tx = state.find_or_create_tx(&head, &txdata, Direction::ToServer).unwrap();
+ let tx = state
+ .find_or_create_tx(&head, &txdata, Direction::ToServer)
+ .unwrap();
tx.frames_ts.push(HTTP2Frame {
header: head,
data: txdata,
// Author: Frank Honza <frank.honza@dcso.de>
use super::ipsec_parser::IkeV2Transform;
+use crate::core::DetectEngineThreadCtx;
use crate::ike::ike::*;
use std::ffi::CStr;
+use std::os::raw::c_void;
use std::ptr;
#[no_mangle]
}
#[no_mangle]
-pub extern "C" fn rs_ike_tx_get_vendor(
- tx: &IKETransaction, i: u32, buf: *mut *const u8, len: *mut u32,
-) -> u8 {
+pub unsafe extern "C" fn rs_ike_tx_get_vendor(
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, _flags: u8, i: u32, buf: *mut *const u8,
+ len: *mut u32,
+) -> bool {
+ let tx = cast_pointer!(tx, IKETransaction);
if tx.ike_version == 1 && i < tx.hdr.ikev1_header.vendor_ids.len() as u32 {
- unsafe {
- *len = tx.hdr.ikev1_header.vendor_ids[i as usize].len() as u32;
- *buf = tx.hdr.ikev1_header.vendor_ids[i as usize].as_ptr();
- }
- return 1;
+ *len = tx.hdr.ikev1_header.vendor_ids[i as usize].len() as u32;
+ *buf = tx.hdr.ikev1_header.vendor_ids[i as usize].as_ptr();
+ return true;
}
- unsafe {
- *buf = ptr::null();
- *len = 0;
- }
+ *buf = ptr::null();
+ *len = 0;
- return 0;
+ return false;
}
#[no_mangle]
// written by Pierre Chifflier <chifflier@wzdftpd.net>
+use crate::core::DetectEngineThreadCtx;
use crate::krb::krb5::{test_weak_encryption, KRB5Transaction};
use kerberos_parser::krb5::EncryptionType;
use nom7::IResult;
use std::ffi::CStr;
+use std::os::raw::c_void;
#[no_mangle]
pub unsafe extern "C" fn rs_krb5_tx_get_msgtype(tx: &KRB5Transaction, ptr: *mut u32) {
#[no_mangle]
pub unsafe extern "C" fn rs_krb5_tx_get_cname(
- tx: &KRB5Transaction, i: u32, buffer: *mut *const u8, buffer_len: *mut u32,
-) -> u8 {
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, _flags: u8, i: u32, buffer: *mut *const u8,
+ buffer_len: *mut u32,
+) -> bool {
+ let tx = cast_pointer!(tx, KRB5Transaction);
if let Some(ref s) = tx.cname {
if (i as usize) < s.name_string.len() {
let value = &s.name_string[i as usize];
*buffer = value.as_ptr();
*buffer_len = value.len() as u32;
- return 1;
+ return true;
}
}
- 0
+ false
}
#[no_mangle]
pub unsafe extern "C" fn rs_krb5_tx_get_sname(
- tx: &KRB5Transaction, i: u32, buffer: *mut *const u8, buffer_len: *mut u32,
-) -> u8 {
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, _flags: u8, i: u32, buffer: *mut *const u8,
+ buffer_len: *mut u32,
+) -> bool {
+ let tx = cast_pointer!(tx, KRB5Transaction);
if let Some(ref s) = tx.sname {
if (i as usize) < s.name_string.len() {
let value = &s.name_string[i as usize];
*buffer = value.as_ptr();
*buffer_len = value.len() as u32;
- return 1;
+ return true;
}
}
- 0
+ false
}
const KRB_TICKET_FASTARRAY_SIZE: usize = 256;
*/
use super::ldap::{LdapTransaction, ALPROTO_LDAP};
+use crate::core::DetectEngineThreadCtx;
use crate::detect::uint::{
detect_match_uint, detect_parse_uint_enum, DetectUintData, SCDetectU32Free, SCDetectU32Parse,
SCDetectU8Free,
use crate::detect::{
helper_keyword_register_sticky_buffer, DetectBufferSetActiveList,
DetectHelperBufferMpmRegister, DetectHelperBufferRegister, DetectHelperGetData,
- DetectHelperGetMultiData, DetectHelperKeywordRegister, DetectHelperMultiBufferMpmRegister,
- DetectSignatureSetAppProto, SCSigTableAppLiteElmt, SigMatchAppendSMToList,
- SigTableElmtStickyBuffer,
+ DetectHelperKeywordRegister, DetectHelperMultiBufferMpmRegister, DetectSignatureSetAppProto,
+ SCSigTableAppLiteElmt, SigMatchAppendSMToList, SigTableElmtStickyBuffer,
};
use crate::ldap::types::{LdapMessage, LdapResultCode, ProtocolOp, ProtocolOpCode};
return 0;
}
-unsafe extern "C" fn ldap_detect_responses_dn_get_data(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int, local_id: u32,
-) -> *mut c_void {
- return DetectHelperGetMultiData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- local_id,
- ldap_tx_get_responses_dn,
- );
-}
-
unsafe extern "C" fn ldap_tx_get_responses_dn(
- tx: *const c_void, _flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32,
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, _flags: u8, local_id: u32,
+ buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, LdapTransaction);
return 0;
}
-unsafe extern "C" fn ldap_detect_responses_msg_get_data(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int, local_id: u32,
-) -> *mut c_void {
- return DetectHelperGetMultiData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- local_id,
- ldap_tx_get_responses_msg,
- );
-}
-
unsafe extern "C" fn ldap_tx_get_responses_msg(
- tx: *const c_void, _flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32,
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, _flags: u8, local_id: u32,
+ buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, LdapTransaction);
return 0;
}
-unsafe extern "C" fn ldap_detect_request_attribute_type_get_data(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int, local_id: u32,
-) -> *mut c_void {
- return DetectHelperGetMultiData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- local_id,
- ldap_tx_get_req_attribute_type,
- );
-}
-
unsafe extern "C" fn ldap_tx_get_req_attribute_type(
- tx: *const c_void, _flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32,
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, _flags: u8, local_id: u32,
+ buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, LdapTransaction);
return 0;
}
-unsafe extern "C" fn ldap_detect_responses_attribute_type_get_data(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int, local_id: u32,
-) -> *mut c_void {
- return DetectHelperGetMultiData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- local_id,
- ldap_tx_get_resp_attribute_type,
- );
-}
-
unsafe extern "C" fn ldap_tx_get_resp_attribute_type(
- tx: *const c_void, _flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32,
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, _flags: u8, local_id: u32,
+ buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, LdapTransaction);
ALPROTO_LDAP,
true, //to client
false, //to server
- ldap_detect_responses_dn_get_data,
+ ldap_tx_get_responses_dn,
);
let kw = SCSigTableAppLiteElmt {
name: b"ldap.responses.result_code\0".as_ptr() as *const libc::c_char,
ALPROTO_LDAP,
true, //to client
false, //to server
- ldap_detect_responses_msg_get_data,
+ ldap_tx_get_responses_msg,
);
let kw = SigTableElmtStickyBuffer {
name: String::from("ldap.request.attribute_type"),
ALPROTO_LDAP,
false, //to client
true, //to server
- ldap_detect_request_attribute_type_get_data,
+ ldap_tx_get_req_attribute_type,
);
let kw = SigTableElmtStickyBuffer {
name: String::from("ldap.responses.attribute_type"),
ALPROTO_LDAP,
true, //to client
false, //to server
- ldap_detect_responses_attribute_type_get_data,
+ ldap_tx_get_resp_attribute_type,
);
}
// written by Sascha Steinbiss <sascha@steinbiss.name>
+use crate::core::DetectEngineThreadCtx;
use crate::detect::uint::{
detect_match_uint, detect_parse_uint, detect_parse_uint_enum, DetectUintData, DetectUintMode,
SCDetectU8Free, SCDetectU8Parse,
use crate::detect::{
helper_keyword_register_sticky_buffer, DetectBufferSetActiveList,
DetectHelperBufferMpmRegister, DetectHelperBufferRegister, DetectHelperGetData,
- DetectHelperGetMultiData, DetectHelperKeywordRegister, DetectHelperMultiBufferMpmRegister,
- DetectSignatureSetAppProto, SCSigTableAppLiteElmt, SigMatchAppendSMToList,
- SigTableElmtStickyBuffer,
+ DetectHelperKeywordRegister, DetectHelperMultiBufferMpmRegister, DetectSignatureSetAppProto,
+ SCSigTableAppLiteElmt, SigMatchAppendSMToList, SigTableElmtStickyBuffer,
};
use nom7::branch::alt;
static mut G_MQTT_CONN_FLAGS_BUFFER_ID: c_int = 0;
unsafe extern "C" fn unsub_topic_get_data(
- tx: *const c_void, _flow_flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32,
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, _flow_flags: u8, local_id: u32,
+ buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let ml = UNSUB_TOPIC_MATCH_LIMIT;
if ml > 0 && local_id >= ml as u32 {
return false;
}
-unsafe extern "C" fn unsub_topic_get_data_wrapper(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int, local_id: u32,
-) -> *mut c_void {
- return DetectHelperGetMultiData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- local_id,
- unsub_topic_get_data,
- );
-}
-
unsafe extern "C" fn unsub_topic_setup(
de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char,
) -> c_int {
}
unsafe extern "C" fn sub_topic_get_data(
- tx: *const c_void, _flow_flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32,
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, _flow_flags: u8, local_id: u32,
+ buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let ml = SUB_TOPIC_MATCH_LIMIT;
if ml > 0 && local_id >= ml as u32 {
return false;
}
-unsafe extern "C" fn sub_topic_get_data_wrapper(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int, local_id: u32,
-) -> *mut c_void {
- return DetectHelperGetMultiData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- local_id,
- sub_topic_get_data,
- );
-}
-
unsafe extern "C" fn sub_topic_setup(
de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char,
) -> c_int {
ALPROTO_MQTT,
false, // only to server
true,
- unsub_topic_get_data_wrapper,
+ unsub_topic_get_data,
);
let kw = SCSigTableAppLiteElmt {
ALPROTO_MQTT,
false, // only to server
true,
- sub_topic_get_data_wrapper,
+ sub_topic_get_data,
);
let kw = SCSigTableAppLiteElmt {
let mut s: *const u8 = std::ptr::null_mut();
let mut slen: u32 = 0;
let tx = &t as *const _ as *mut _;
- let mut r = unsafe { unsub_topic_get_data(tx, 0, 0, &mut s, &mut slen) };
+ let mut r =
+ unsafe { unsub_topic_get_data(std::ptr::null_mut(), tx, 0, 0, &mut s, &mut slen) };
assert!(r);
let mut topic = String::from_utf8_lossy(unsafe { build_slice!(s, slen as usize) });
assert_eq!(topic, "foo");
- r = unsafe { unsub_topic_get_data(tx, 0, 1, &mut s, &mut slen) };
+ r = unsafe { unsub_topic_get_data(std::ptr::null_mut(), tx, 0, 1, &mut s, &mut slen) };
assert!(r);
topic = String::from_utf8_lossy(unsafe { build_slice!(s, slen as usize) });
assert_eq!(topic, "baar");
- r = unsafe { unsub_topic_get_data(tx, 0, 2, &mut s, &mut slen) };
+ r = unsafe { unsub_topic_get_data(std::ptr::null_mut(), tx, 0, 2, &mut s, &mut slen) };
assert!(r);
topic = String::from_utf8_lossy(unsafe { build_slice!(s, slen as usize) });
assert_eq!(topic, "fieee");
- r = unsafe { unsub_topic_get_data(tx, 0, 3, &mut s, &mut slen) };
+ r = unsafe { unsub_topic_get_data(std::ptr::null_mut(), tx, 0, 3, &mut s, &mut slen) };
assert!(r);
topic = String::from_utf8_lossy(unsafe { build_slice!(s, slen as usize) });
assert_eq!(topic, "baaaaz");
- r = unsafe { unsub_topic_get_data(tx, 0, 4, &mut s, &mut slen) };
+ r = unsafe { unsub_topic_get_data(std::ptr::null_mut(), tx, 0, 4, &mut s, &mut slen) };
assert!(!r);
}
let mut s: *const u8 = std::ptr::null_mut();
let mut slen: u32 = 0;
let tx = &t as *const _ as *mut _;
- let mut r = unsafe { sub_topic_get_data(tx, 0, 0, &mut s, &mut slen) };
+ let mut r =
+ unsafe { sub_topic_get_data(std::ptr::null_mut(), tx, 0, 0, &mut s, &mut slen) };
assert!(r);
let mut topic = String::from_utf8_lossy(unsafe { build_slice!(s, slen as usize) });
assert_eq!(topic, "foo");
- r = unsafe { sub_topic_get_data(tx, 0, 1, &mut s, &mut slen) };
+ r = unsafe { sub_topic_get_data(std::ptr::null_mut(), tx, 0, 1, &mut s, &mut slen) };
assert!(r);
topic = String::from_utf8_lossy(unsafe { build_slice!(s, slen as usize) });
assert_eq!(topic, "baar");
- r = unsafe { sub_topic_get_data(tx, 0, 2, &mut s, &mut slen) };
+ r = unsafe { sub_topic_get_data(std::ptr::null_mut(), tx, 0, 2, &mut s, &mut slen) };
assert!(r);
topic = String::from_utf8_lossy(unsafe { build_slice!(s, slen as usize) });
assert_eq!(topic, "fieee");
- r = unsafe { sub_topic_get_data(tx, 0, 3, &mut s, &mut slen) };
+ r = unsafe { sub_topic_get_data(std::ptr::null_mut(), tx, 0, 3, &mut s, &mut slen) };
assert!(r);
topic = String::from_utf8_lossy(unsafe { build_slice!(s, slen as usize) });
assert_eq!(topic, "baaaaz");
- r = unsafe { sub_topic_get_data(tx, 0, 4, &mut s, &mut slen) };
+ r = unsafe { sub_topic_get_data(std::ptr::null_mut(), tx, 0, 4, &mut s, &mut slen) };
assert!(!r);
}
}
* 02110-1301, USA.
*/
+use crate::core::DetectEngineThreadCtx;
use crate::quic::quic::QuicTransaction;
+use std::os::raw::c_void;
use std::ptr;
#[no_mangle]
#[no_mangle]
pub unsafe extern "C" fn rs_quic_tx_get_cyu_hash(
- tx: &QuicTransaction, i: u32, buffer: *mut *const u8, buffer_len: *mut u32,
-) -> u8 {
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, _flags: u8, i: u32, buffer: *mut *const u8,
+ buffer_len: *mut u32,
+) -> bool {
+ let tx = cast_pointer!(tx, QuicTransaction);
if (i as usize) < tx.cyu.len() {
let cyu = &tx.cyu[i as usize];
*buffer = p.as_ptr();
*buffer_len = p.len() as u32;
- 1
+ true
} else {
*buffer = ptr::null();
*buffer_len = 0;
- 0
+ false
}
}
#[no_mangle]
pub unsafe extern "C" fn rs_quic_tx_get_cyu_string(
- tx: &QuicTransaction, i: u32, buffer: *mut *const u8, buffer_len: *mut u32,
-) -> u8 {
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, _flags: u8, i: u32, buffer: *mut *const u8,
+ buffer_len: *mut u32,
+) -> bool {
+ let tx = cast_pointer!(tx, QuicTransaction);
if (i as usize) < tx.cyu.len() {
let cyu = &tx.cyu[i as usize];
*buffer = p.as_ptr();
*buffer_len = p.len() as u32;
- 1
+ true
} else {
*buffer = ptr::null();
*buffer_len = 0;
- 0
+ false
}
}
// written by Giuseppe Longo <giuseppe@glongo.it>
+use crate::core::DetectEngineThreadCtx;
use crate::detect::{
helper_keyword_register_sticky_buffer, DetectBufferSetActiveList,
- DetectHelperBufferMpmRegister, DetectHelperGetData, DetectHelperGetMultiData,
- DetectHelperMultiBufferMpmRegister, DetectSignatureSetAppProto, SigTableElmtStickyBuffer,
+ DetectHelperBufferMpmRegister, DetectHelperGetData, DetectHelperMultiBufferMpmRegister,
+ DetectSignatureSetAppProto, SigTableElmtStickyBuffer,
};
use crate::direction::Direction;
use crate::sip::sip::{SIPTransaction, ALPROTO_SIP};
return 0;
}
-unsafe extern "C" fn sdp_bandwidth_get(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int, local_id: u32,
-) -> *mut c_void {
- return DetectHelperGetMultiData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- local_id,
- sip_bandwidth_get_data,
- );
-}
-
unsafe extern "C" fn sip_bandwidth_get_data(
- tx: *const c_void, flow_flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32,
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, flow_flags: u8, local_id: u32,
+ buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, SIPTransaction);
let direction = flow_flags.into();
return 0;
}
-unsafe extern "C" fn sdp_time_get(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int, local_id: u32,
-) -> *mut c_void {
- return DetectHelperGetMultiData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- local_id,
- sdp_time_get_data,
- );
-}
-
unsafe extern "C" fn sdp_time_get_data(
- tx: *const c_void, flow_flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32,
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, flow_flags: u8, local_id: u32,
+ buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, SIPTransaction);
let direction = flow_flags.into();
return 0;
}
-unsafe extern "C" fn sdp_repeat_time_get(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int, local_id: u32,
-) -> *mut c_void {
- return DetectHelperGetMultiData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- local_id,
- sdp_repeat_time_get_data,
- );
-}
-
unsafe extern "C" fn sdp_repeat_time_get_data(
- tx: *const c_void, flow_flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32,
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, flow_flags: u8, local_id: u32,
+ buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, SIPTransaction);
let direction = flow_flags.into();
return 0;
}
-unsafe extern "C" fn sdp_attribute_get(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int, local_id: u32,
-) -> *mut c_void {
- return DetectHelperGetMultiData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- local_id,
- sip_attribute_get_data,
- );
-}
-
unsafe extern "C" fn sip_attribute_get_data(
- tx: *const c_void, flow_flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32,
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, flow_flags: u8, local_id: u32,
+ buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, SIPTransaction);
let direction = flow_flags.into();
return 0;
}
-unsafe extern "C" fn sdp_media_desc_media_get(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int, local_id: u32,
-) -> *mut c_void {
- return DetectHelperGetMultiData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- local_id,
- sip_media_desc_media_get_data,
- );
-}
-
unsafe extern "C" fn sip_media_desc_media_get_data(
- tx: *const c_void, flow_flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32,
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, flow_flags: u8, local_id: u32,
+ buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, SIPTransaction);
let direction = flow_flags.into();
return 0;
}
-unsafe extern "C" fn sdp_media_desc_session_info_get(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int, local_id: u32,
-) -> *mut c_void {
- return DetectHelperGetMultiData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- local_id,
- sip_media_desc_session_info_get_data,
- );
-}
-
unsafe extern "C" fn sip_media_desc_session_info_get_data(
- tx: *const c_void, flow_flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32,
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, flow_flags: u8, local_id: u32,
+ buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, SIPTransaction);
let direction = flow_flags.into();
return 0;
}
-unsafe extern "C" fn sdp_media_desc_connection_data_get(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int, local_id: u32,
-) -> *mut c_void {
- return DetectHelperGetMultiData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- local_id,
- sip_media_desc_connection_data_get_data,
- );
-}
-
unsafe extern "C" fn sip_media_desc_connection_data_get_data(
- tx: *const c_void, flow_flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32,
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, flow_flags: u8, local_id: u32,
+ buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, SIPTransaction);
let direction = flow_flags.into();
return 0;
}
-unsafe extern "C" fn sdp_media_desc_encryption_key_get(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int, local_id: u32,
-) -> *mut c_void {
- return DetectHelperGetMultiData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- local_id,
- sip_media_desc_encryption_key_get_data,
- );
-}
-
unsafe extern "C" fn sip_media_desc_encryption_key_get_data(
- tx: *const c_void, flow_flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32,
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, flow_flags: u8, local_id: u32,
+ buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, SIPTransaction);
let direction = flow_flags.into();
ALPROTO_SIP,
true,
true,
- sdp_bandwidth_get,
+ sip_bandwidth_get_data,
);
let kw = SigTableElmtStickyBuffer {
name: String::from("sdp.time"),
ALPROTO_SIP,
true,
true,
- sdp_time_get,
+ sdp_time_get_data,
);
let kw = SigTableElmtStickyBuffer {
name: String::from("sdp.repeat_time"),
ALPROTO_SIP,
true,
true,
- sdp_repeat_time_get,
+ sdp_repeat_time_get_data,
);
let kw = SigTableElmtStickyBuffer {
name: String::from("sdp.timezone"),
ALPROTO_SIP,
true,
true,
- sdp_attribute_get,
+ sip_attribute_get_data,
);
let kw = SigTableElmtStickyBuffer {
name: String::from("sdp.media.media"),
ALPROTO_SIP,
true,
true,
- sdp_media_desc_media_get,
+ sip_media_desc_media_get_data,
);
let kw = SigTableElmtStickyBuffer {
name: String::from("sdp.media.media_info"),
ALPROTO_SIP,
true,
true,
- sdp_media_desc_session_info_get,
+ sip_media_desc_session_info_get_data,
);
let kw = SigTableElmtStickyBuffer {
name: String::from("sdp.media.connection_data"),
ALPROTO_SIP,
true,
true,
- sdp_media_desc_connection_data_get,
+ sip_media_desc_connection_data_get_data,
);
let kw = SigTableElmtStickyBuffer {
name: String::from("sdp.media.encryption_key"),
ALPROTO_SIP,
true,
true,
- sdp_media_desc_encryption_key_get,
+ sip_media_desc_encryption_key_get_data,
);
}
// written by Giuseppe Longo <giuseppe@glongo.it>
+use crate::core::DetectEngineThreadCtx;
use crate::detect::{
helper_keyword_register_sticky_buffer, DetectBufferSetActiveList,
- DetectHelperBufferMpmRegister, DetectHelperGetData, DetectHelperGetMultiData,
- DetectHelperMultiBufferMpmRegister, DetectSignatureSetAppProto, SigTableElmtStickyBuffer,
+ DetectHelperBufferMpmRegister, DetectHelperGetData, DetectHelperMultiBufferMpmRegister,
+ DetectSignatureSetAppProto, SigTableElmtStickyBuffer,
};
use crate::direction::Direction;
use crate::sip::sip::{SIPTransaction, ALPROTO_SIP};
return 0;
}
-unsafe extern "C" fn sip_from_hdr_get(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int, local_id: u32,
-) -> *mut c_void {
- return DetectHelperGetMultiData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- local_id,
- sip_from_hdr_get_data,
- );
-}
-
unsafe extern "C" fn sip_from_hdr_get_data(
- tx: *const c_void, flow_flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32,
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, flow_flags: u8, local_id: u32,
+ buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, SIPTransaction);
if let Some(value) = sip_get_header_value(tx, local_id, flow_flags.into(), "From") {
return 0;
}
-unsafe extern "C" fn sip_to_hdr_get(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int, local_id: u32,
-) -> *mut c_void {
- return DetectHelperGetMultiData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- local_id,
- sip_to_hdr_get_data,
- );
-}
-
unsafe extern "C" fn sip_to_hdr_get_data(
- tx: *const c_void, flow_flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32,
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, flow_flags: u8, local_id: u32,
+ buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, SIPTransaction);
if let Some(value) = sip_get_header_value(tx, local_id, flow_flags.into(), "To") {
return 0;
}
-unsafe extern "C" fn sip_via_hdr_get(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int, local_id: u32,
-) -> *mut c_void {
- return DetectHelperGetMultiData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- local_id,
- sip_via_hdr_get_data,
- );
-}
-
unsafe extern "C" fn sip_via_hdr_get_data(
- tx: *const c_void, flow_flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32,
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, flow_flags: u8, local_id: u32,
+ buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, SIPTransaction);
if let Some(value) = sip_get_header_value(tx, local_id, flow_flags.into(), "Via") {
return 0;
}
-unsafe extern "C" fn sip_ua_hdr_get(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int, local_id: u32,
-) -> *mut c_void {
- return DetectHelperGetMultiData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- local_id,
- sip_ua_hdr_get_data,
- );
-}
-
unsafe extern "C" fn sip_ua_hdr_get_data(
- tx: *const c_void, flow_flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32,
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, flow_flags: u8, local_id: u32,
+ buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, SIPTransaction);
if let Some(value) = sip_get_header_value(tx, local_id, flow_flags.into(), "User-Agent") {
return 0;
}
-unsafe extern "C" fn sip_content_type_hdr_get(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int, local_id: u32,
-) -> *mut c_void {
- return DetectHelperGetMultiData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- local_id,
- sip_content_type_hdr_get_data,
- );
-}
-
unsafe extern "C" fn sip_content_type_hdr_get_data(
- tx: *const c_void, flow_flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32,
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, flow_flags: u8, local_id: u32,
+ buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, SIPTransaction);
if let Some(value) = sip_get_header_value(tx, local_id, flow_flags.into(), "Content-Type") {
return 0;
}
-unsafe extern "C" fn sip_content_length_hdr_get(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int, local_id: u32,
-) -> *mut c_void {
- return DetectHelperGetMultiData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- local_id,
- sip_content_length_hdr_get_data,
- );
-}
-
unsafe extern "C" fn sip_content_length_hdr_get_data(
- tx: *const c_void, flow_flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32,
+ _de: *mut DetectEngineThreadCtx, tx: *const c_void, flow_flags: u8, local_id: u32,
+ buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, SIPTransaction);
if let Some(value) = sip_get_header_value(tx, local_id, flow_flags.into(), "Content-Length") {
ALPROTO_SIP,
true,
true,
- sip_from_hdr_get,
+ sip_from_hdr_get_data,
);
let kw = SigTableElmtStickyBuffer {
name: String::from("sip.to"),
ALPROTO_SIP,
true,
true,
- sip_to_hdr_get,
+ sip_to_hdr_get_data,
);
let kw = SigTableElmtStickyBuffer {
name: String::from("sip.via"),
ALPROTO_SIP,
true,
true,
- sip_via_hdr_get,
+ sip_via_hdr_get_data,
);
let kw = SigTableElmtStickyBuffer {
name: String::from("sip.user_agent"),
ALPROTO_SIP,
true,
true,
- sip_ua_hdr_get,
+ sip_ua_hdr_get_data,
);
let kw = SigTableElmtStickyBuffer {
name: String::from("sip.content_type"),
ALPROTO_SIP,
true,
true,
- sip_content_type_hdr_get,
+ sip_content_type_hdr_get_data,
);
let kw = SigTableElmtStickyBuffer {
name: String::from("sip.content_length"),
ALPROTO_SIP,
true,
true,
- sip_content_length_hdr_get,
+ sip_content_length_hdr_get_data,
);
}
return DetectSetup(de_ctx, s, str, authority_buffer_id);
}
-static InspectionBuffer *GetBuffer(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, uint8_t flags, void *txv, int list_id,
- uint32_t index, enum DnsSection what)
-{
- InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, index);
- if (buffer == NULL) {
- return NULL;
- }
- if (buffer->initialized) {
- return buffer;
- }
-
- bool to_client = (flags & STREAM_TOSERVER) == 0;
- const uint8_t *data = NULL;
- uint32_t data_len = 0;
-
- bool ok = false;
- switch (what) {
- case DNS_QUERY:
- ok = SCDnsTxGetQueryName(txv, to_client, index, &data, &data_len);
- break;
- case DNS_ANSWER:
- ok = SCDnsTxGetAnswerName(txv, to_client, index, &data, &data_len);
- break;
- case DNS_AUTHORITY:
- ok = SCDnsTxGetAuthorityName(txv, index, &data, &data_len);
- break;
- case DNS_ADDITIONAL:
- ok = SCDnsTxGetAdditionalName(txv, index, &data, &data_len);
- break;
- default:
- DEBUG_VALIDATE_BUG_ON("unhandled dns rrname type");
- InspectionBufferSetupMultiEmpty(buffer);
- return NULL;
- }
-
- if (ok) {
- InspectionBufferSetupMulti(det_ctx, buffer, transforms, data, data_len);
- buffer->flags = DETECT_CI_FLAGS_SINGLE;
- return buffer;
- }
-
- InspectionBufferSetupMultiEmpty(buffer);
- return NULL;
-}
-
-static InspectionBuffer *GetQueryBuffer(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, uint8_t flags, void *txv, int list_id,
- uint32_t index)
-{
- return GetBuffer(det_ctx, transforms, f, flags, txv, list_id, index, DNS_QUERY);
-}
-
-static InspectionBuffer *GetAnswerBuffer(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, uint8_t flags, void *txv, int list_id,
- uint32_t index)
-{
- return GetBuffer(det_ctx, transforms, f, flags, txv, list_id, index, DNS_ANSWER);
-}
-
-static InspectionBuffer *GetAuthorityBuffer(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, uint8_t flags, void *txv, int list_id,
- uint32_t index)
-{
- return GetBuffer(det_ctx, transforms, f, flags, txv, list_id, index, DNS_AUTHORITY);
-}
-
-static InspectionBuffer *GetAdditionalBuffer(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, uint8_t flags, void *txv, int list_id,
- uint32_t index)
-{
- return GetBuffer(det_ctx, transforms, f, flags, txv, list_id, index, DNS_ADDITIONAL);
-}
-
static int Register(const char *keyword, const char *desc, const char *doc,
int (*Setup)(DetectEngineCtx *, Signature *, const char *),
InspectionMultiBufferGetDataPtr GetBufferFn)
void DetectDnsNameRegister(void)
{
query_buffer_id = Register("dns.queries.rrname", "DNS query rrname sticky buffer",
- "/rules/dns-keywords.html#dns.queries.rrname", SetupQueryBuffer, GetQueryBuffer);
+ "/rules/dns-keywords.html#dns.queries.rrname", SetupQueryBuffer, SCDnsTxGetQueryName);
answer_buffer_id = Register("dns.answers.rrname", "DNS answer rrname sticky buffer",
- "/rules/dns-keywords.html#dns.answers.rrname", SetupAnswerBuffer, GetAnswerBuffer);
+ "/rules/dns-keywords.html#dns.answers.rrname", SetupAnswerBuffer, SCDnsTxGetAnswerName);
additional_buffer_id =
Register("dns.additionals.rrname", "DNS additionals rrname sticky buffer",
"/rules/dns-keywords.html#dns-additionals-rrname", SetupAdditionalsBuffer,
- GetAdditionalBuffer);
+ SCDnsTxGetAdditionalName);
authority_buffer_id = Register("dns.authorities.rrname", "DNS authorities rrname sticky buffer",
"/rules/dns-keywords.html#dns-authorities-rrname", SetupAuthoritiesBuffer,
- GetAuthorityBuffer);
+ SCDnsTxGetAuthorityName);
}
/* Get name values. */
switch (cbdata->response_section) {
case DNS_RESPONSE_QUERY:
- if (!SCDnsTxGetQueryName(txv, true, cbdata->response_id, &data, &data_len)) {
+ if (!SCDnsTxGetQueryName(
+ det_ctx, txv, STREAM_TOCLIENT, cbdata->response_id, &data, &data_len)) {
InspectionBufferSetupMultiEmpty(buffer);
return NULL;
}
break;
case DNS_RESPONSE_ANSWER:
- if (!SCDnsTxGetAnswerName(txv, true, cbdata->response_id, &data, &data_len)) {
+ if (!SCDnsTxGetAnswerName(
+ det_ctx, txv, STREAM_TOCLIENT, cbdata->response_id, &data, &data_len)) {
InspectionBufferSetupMultiEmpty(buffer);
return NULL;
}
break;
case DNS_RESPONSE_AUTHORITY:
- if (!SCDnsTxGetAuthorityName(txv, cbdata->response_id, &data, &data_len)) {
+ if (!SCDnsTxGetAuthorityName(
+ det_ctx, txv, 0, cbdata->response_id, &data, &data_len)) {
InspectionBufferSetupMultiEmpty(buffer);
return NULL;
}
break;
case DNS_RESPONSE_ADDITIONAL:
- if (!SCDnsTxGetAdditionalName(txv, cbdata->response_id, &data, &data_len)) {
+ if (!SCDnsTxGetAdditionalName(
+ det_ctx, txv, 0, cbdata->response_id, &data, &data_len)) {
InspectionBufferSetupMultiEmpty(buffer);
return NULL;
}
return 0;
}
-static InspectionBuffer *GetMimeEmailUrlData(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, const uint8_t _flow_flags, void *txv,
- const int list_id, uint32_t idx)
+static bool GetMimeEmailUrlData(DetectEngineThreadCtx *det_ctx, const void *txv,
+ const uint8_t flags, uint32_t idx, const uint8_t **buf, uint32_t *buf_len)
{
- InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, idx);
- if (buffer == NULL || buffer->initialized)
- return buffer;
-
SMTPTransaction *tx = (SMTPTransaction *)txv;
-
- const uint8_t *b_email_url = NULL;
- uint32_t b_email_url_len = 0;
-
if (tx->mime_state == NULL) {
- InspectionBufferSetupMultiEmpty(buffer);
- return NULL;
+ return false;
}
- if (SCDetectMimeEmailGetUrl(tx->mime_state, &b_email_url, &b_email_url_len, idx) != 1) {
- InspectionBufferSetupMultiEmpty(buffer);
- return NULL;
+ if (SCDetectMimeEmailGetUrl(tx->mime_state, buf, buf_len, idx) != 1) {
+ return false;
}
-
- InspectionBufferSetupMulti(det_ctx, buffer, transforms, b_email_url, b_email_url_len);
- buffer->flags = DETECT_CI_FLAGS_SINGLE;
- return buffer;
+ return true;
}
static int DetectMimeEmailReceivedSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
return 0;
}
-static InspectionBuffer *GetMimeEmailReceivedData(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, const uint8_t _flow_flags, void *txv,
- const int list_id, uint32_t idx)
+static bool GetMimeEmailReceivedData(DetectEngineThreadCtx *det_ctx, const void *txv,
+ const uint8_t flags, uint32_t idx, const uint8_t **buf, uint32_t *buf_len)
{
- InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, idx);
- if (buffer == NULL || buffer->initialized)
- return buffer;
-
SMTPTransaction *tx = (SMTPTransaction *)txv;
- const uint8_t *b_email_received = NULL;
- uint32_t b_email_received_len = 0;
-
if (tx->mime_state == NULL) {
- InspectionBufferSetupMultiEmpty(buffer);
- return NULL;
+ return false;
}
- if (SCDetectMimeEmailGetDataArray(
- tx->mime_state, &b_email_received, &b_email_received_len, "received", idx) != 1) {
- InspectionBufferSetupMultiEmpty(buffer);
- return NULL;
+ if (SCDetectMimeEmailGetDataArray(tx->mime_state, buf, buf_len, "received", idx) != 1) {
+ return false;
}
-
- InspectionBufferSetupMulti(det_ctx, buffer, transforms, b_email_received, b_email_received_len);
- buffer->flags = DETECT_CI_FLAGS_SINGLE;
- return buffer;
+ return true;
}
void DetectEmailRegister(void)
return transform_id;
}
-InspectionBuffer *DetectHelperGetMultiData(struct DetectEngineThreadCtx_ *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv,
- const int list_id, uint32_t index, MultiGetTxBuffer GetBuf)
-{
- InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, index);
- if (buffer == NULL) {
- return NULL;
- }
- if (buffer->initialized) {
- return buffer;
- }
-
- const uint8_t *data = NULL;
- uint32_t data_len = 0;
-
- if (!GetBuf(txv, flow_flags, index, &data, &data_len)) {
- InspectionBufferSetupMultiEmpty(buffer);
- return NULL;
- }
- InspectionBufferSetupMulti(det_ctx, buffer, transforms, data, data_len);
- buffer->flags = DETECT_CI_FLAGS_SINGLE;
- return buffer;
-}
-
const uint8_t *InspectionBufferPtr(InspectionBuffer *buf)
{
return buf->inspect;
int DetectHelperBufferRegister(const char *name, AppProto alproto, bool toclient, bool toserver);
typedef bool (*SimpleGetTxBuffer)(void *, uint8_t, const uint8_t **, uint32_t *);
-typedef bool (*MultiGetTxBuffer)(void *, uint8_t, uint32_t, const uint8_t **, uint32_t *);
InspectionBuffer *DetectHelperGetData(struct DetectEngineThreadCtx_ *det_ctx,
const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv,
int DetectHelperMultiBufferProgressMpmRegister(const char *name, const char *desc, AppProto alproto,
bool toclient, bool toserver, InspectionMultiBufferGetDataPtr GetData, int progress);
-InspectionBuffer *DetectHelperGetMultiData(struct DetectEngineThreadCtx_ *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv,
- const int list_id, uint32_t index, MultiGetTxBuffer GetBuf);
-
int DetectHelperTransformRegister(const SCTransformTableElmt *kw);
const uint8_t *InspectionBufferPtr(InspectionBuffer *buf);
uint32_t InspectionBufferLength(InspectionBuffer *buf);
do {
// loop until we get a NULL
- InspectionBuffer *buffer =
- ctx->GetData(det_ctx, ctx->transforms, f, flags, txv, ctx->list_id, local_id);
+ InspectionBuffer *buffer = DetectGetMultiData(
+ det_ctx, ctx->transforms, f, flags, txv, ctx->list_id, local_id, ctx->GetData);
if (buffer == NULL)
break;
alproto, tx_min_progress);
}
+InspectionBuffer *DetectGetMultiData(struct DetectEngineThreadCtx_ *det_ctx,
+ const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv,
+ const int list_id, uint32_t index, InspectionMultiBufferGetDataPtr GetBuf)
+{
+ InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, index);
+ if (buffer == NULL) {
+ return NULL;
+ }
+ if (buffer->initialized) {
+ return buffer;
+ }
+
+ const uint8_t *data = NULL;
+ uint32_t data_len = 0;
+
+ if (!GetBuf(det_ctx, txv, flow_flags, index, &data, &data_len)) {
+ InspectionBufferSetupMultiEmpty(buffer);
+ return NULL;
+ }
+ InspectionBufferSetupMulti(det_ctx, buffer, transforms, data, data_len);
+ buffer->flags = DETECT_CI_FLAGS_SINGLE;
+ return buffer;
+}
+
uint8_t DetectEngineInspectMultiBufferGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
}
do {
- InspectionBuffer *buffer = engine->v2.GetMultiData(
- det_ctx, transforms, f, flags, txv, engine->sm_list, local_id);
+ InspectionBuffer *buffer = DetectGetMultiData(det_ctx, transforms, f, flags, txv,
+ engine->sm_list, local_id, engine->v2.GetMultiData);
if (buffer == NULL || buffer->inspect == NULL)
break;
const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,
void *alstate, void *txv, uint64_t tx_id);
+InspectionBuffer *DetectGetMultiData(struct DetectEngineThreadCtx_ *det_ctx,
+ const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv,
+ const int list_id, uint32_t index, InspectionMultiBufferGetDataPtr GetBuf);
uint8_t DetectEngineInspectMultiBufferGeneric(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id);
return 0;
}
-static bool DetectFTPReplyGetData(void *txv, uint8_t _flow_flags, uint32_t index,
- const uint8_t **buffer, uint32_t *buffer_len)
+static bool DetectFTPReplyGetData(DetectEngineThreadCtx *_det_ctx, const void *txv,
+ uint8_t _flow_flags, uint32_t index, const uint8_t **buffer, uint32_t *buffer_len)
{
FTPTransaction *tx = (FTPTransaction *)txv;
return false;
}
-static InspectionBuffer *GetDataWrapper(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *_f, const uint8_t _flow_flags, void *txv,
- const int list_id, uint32_t index)
-{
- return DetectHelperGetMultiData(
- det_ctx, transforms, _f, _flow_flags, txv, list_id, index, DetectFTPReplyGetData);
-}
-
void DetectFtpReplyRegister(void)
{
/* ftp.reply sticky buffer */
sigmatch_table[DETECT_FTP_REPLY].flags |= SIGMATCH_NOOPT;
DetectAppLayerMultiRegister(
- BUFFER_NAME, ALPROTO_FTP, SIG_FLAG_TOCLIENT, 0, GetDataWrapper, 2, 1);
+ BUFFER_NAME, ALPROTO_FTP, SIG_FLAG_TOCLIENT, 0, DetectFTPReplyGetData, 2, 1);
DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC);
SCFree(td);
}
-static InspectionBuffer *GetHttp2HeaderData(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, const uint8_t flags, void *txv,
- int list_id, uint32_t local_id)
+static bool GetHttp1HeaderData(DetectEngineThreadCtx *det_ctx, const void *txv, const uint8_t flags,
+ uint32_t local_id, const uint8_t **buf, uint32_t *buf_len)
{
SCEnter();
- InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, local_id);
- if (buffer == NULL)
- return NULL;
- if (buffer->initialized)
- return buffer;
-
- uint32_t b_len = 0;
- const uint8_t *b = NULL;
-
- if (rs_http2_tx_get_header(txv, flags, local_id, &b, &b_len) != 1) {
- InspectionBufferSetupMultiEmpty(buffer);
- return NULL;
- }
- if (b == NULL || b_len == 0) {
- InspectionBufferSetupMultiEmpty(buffer);
- return NULL;
- }
-
- InspectionBufferSetupMulti(det_ctx, buffer, transforms, b, b_len);
- buffer->flags = DETECT_CI_FLAGS_SINGLE;
-
- SCReturnPtr(buffer, "InspectionBuffer");
-}
-
-static InspectionBuffer *GetHttp1HeaderData(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, const uint8_t flags, void *txv,
- int list_id, uint32_t local_id)
-{
- SCEnter();
- InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, local_id);
- if (buffer == NULL)
- return NULL;
- if (buffer->initialized)
- return buffer;
-
int kw_thread_id;
if (flags & STREAM_TOSERVER) {
kw_thread_id = g_request_header_thread_id;
HttpMultiBufHeaderThreadData *hdr_td =
DetectThreadCtxGetGlobalKeywordThreadCtx(det_ctx, kw_thread_id);
if (unlikely(hdr_td == NULL)) {
- return NULL;
+ return false;
}
htp_tx_t *tx = (htp_tx_t *)txv;
// hdr_td->len is the number of header buffers
if (local_id < hdr_td->len) {
// we have one valid header buffer
- InspectionBufferSetupMulti(det_ctx, buffer, transforms, hdr_td->items[local_id].buffer,
- hdr_td->items[local_id].len);
- buffer->flags = DETECT_CI_FLAGS_SINGLE;
- SCReturnPtr(buffer, "InspectionBuffer");
+ *buf = hdr_td->items[local_id].buffer;
+ *buf_len = hdr_td->items[local_id].len;
+ return true;
} // else there are no more header buffer to get
- InspectionBufferSetupMultiEmpty(buffer);
- return NULL;
+ return false;
}
static int DetectHTTPRequestHeaderSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
DetectAppLayerMultiRegister("http_request_header", ALPROTO_HTTP2, SIG_FLAG_TOSERVER,
- HTTP2StateOpen, GetHttp2HeaderData, 2, HTTP2StateOpen);
+ HTTP2StateOpen, rs_http2_tx_get_header, 2, HTTP2StateOpen);
DetectAppLayerMultiRegister("http_request_header", ALPROTO_HTTP1, SIG_FLAG_TOSERVER,
HTP_REQUEST_PROGRESS_HEADERS, GetHttp1HeaderData, 2, HTP_REQUEST_PROGRESS_HEADERS);
SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
DetectAppLayerMultiRegister("http_response_header", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT,
- HTTP2StateOpen, GetHttp2HeaderData, 2, HTTP2StateOpen);
+ HTTP2StateOpen, rs_http2_tx_get_header, 2, HTTP2StateOpen);
DetectAppLayerMultiRegister("http_response_header", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT,
HTP_RESPONSE_PROGRESS_HEADERS, GetHttp1HeaderData, 2, HTP_RESPONSE_PROGRESS_HEADERS);
* \brief Registration function for HTTP2 keywords
*/
-static InspectionBuffer *GetHttp2HNameData(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *_f, const uint8_t flags, void *txv,
- int list_id, uint32_t local_id)
-{
- return DetectHelperGetMultiData(det_ctx, transforms, _f, flags, txv, list_id, local_id,
- (MultiGetTxBuffer)rs_http2_tx_get_header_name);
-}
-
void DetectHttp2Register(void)
{
sigmatch_table[DETECT_HTTP2_FRAMETYPE].name = "http2.frametype";
sigmatch_table[DETECT_HTTP2_HEADERNAME].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
DetectAppLayerMultiRegister("http2_header_name", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT,
- HTTP2StateOpen, GetHttp2HNameData, 2, HTTP2StateOpen);
+ HTTP2StateOpen, rs_http2_tx_get_header_name, 2, HTTP2StateOpen);
DetectAppLayerMultiRegister("http2_header_name", ALPROTO_HTTP2, SIG_FLAG_TOSERVER,
- HTTP2StateOpen, GetHttp2HNameData, 2, HTTP2StateOpen);
+ HTTP2StateOpen, rs_http2_tx_get_header_name, 2, HTTP2StateOpen);
+
DetectBufferTypeSupportsMultiInstance("http2_header_name");
DetectBufferTypeSetDescriptionByName("http2_header_name",
"HTTP2 header name");
static int g_ike_vendor_buffer_id = 0;
-static InspectionBuffer *IkeVendorGetData(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, const uint8_t flags, void *txv,
- int list_id, uint32_t local_id)
-{
- SCEnter();
-
- InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, local_id);
- if (buffer == NULL)
- return NULL;
- if (buffer->initialized)
- return buffer;
-
- const uint8_t *data;
- uint32_t data_len;
- if (rs_ike_tx_get_vendor(txv, local_id, &data, &data_len) == 0) {
- InspectionBufferSetupMultiEmpty(buffer);
- return NULL;
- }
-
- InspectionBufferSetupMulti(det_ctx, buffer, transforms, data, data_len);
- buffer->flags = DETECT_CI_FLAGS_SINGLE;
-
- SCReturnPtr(buffer, "InspectionBuffer");
-}
-
/**
* \brief Registration function for ike.vendor keyword.
*/
sigmatch_table[DETECT_IKE_VENDOR].flags |= SIGMATCH_INFO_STICKY_BUFFER;
DetectAppLayerMultiRegister(
- "ike.vendor", ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, IkeVendorGetData, 1, 1);
+ "ike.vendor", ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, rs_ike_tx_get_vendor, 1, 1);
g_ike_vendor_buffer_id = DetectBufferTypeGetByName("ike.vendor");
return 0;
}
-static InspectionBuffer *GetKrb5CNameData(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, const uint8_t flags, void *txv,
- int list_id, uint32_t local_id)
-{
- SCEnter();
-
- InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, local_id);
- if (buffer == NULL)
- return NULL;
- if (buffer->initialized)
- return buffer;
-
- uint32_t b_len = 0;
- const uint8_t *b = NULL;
-
- if (rs_krb5_tx_get_cname(txv, local_id, &b, &b_len) != 1) {
- InspectionBufferSetupMultiEmpty(buffer);
- return NULL;
- }
- if (b == NULL || b_len == 0) {
- InspectionBufferSetupMultiEmpty(buffer);
- return NULL;
- }
-
- InspectionBufferSetupMulti(det_ctx, buffer, transforms, b, b_len);
- buffer->flags = DETECT_CI_FLAGS_SINGLE;
-
- SCReturnPtr(buffer, "InspectionBuffer");
-}
-
void DetectKrb5CNameRegister(void)
{
sigmatch_table[DETECT_KRB5_CNAME].name = "krb5.cname";
sigmatch_table[DETECT_KRB5_CNAME].desc = "sticky buffer to match on Kerberos 5 client name";
DetectAppLayerMultiRegister(
- "krb5_cname", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, GetKrb5CNameData, 2, 1);
+ "krb5_cname", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, rs_krb5_tx_get_cname, 2, 1);
DetectBufferTypeSetDescriptionByName("krb5_cname",
"Kerberos 5 ticket client name");
return 0;
}
-static InspectionBuffer *GetKrb5SNameData(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, const uint8_t flags, void *txv,
- int list_id, uint32_t local_id)
-{
- SCEnter();
-
- InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, local_id);
- if (buffer == NULL)
- return NULL;
- if (buffer->initialized)
- return buffer;
-
- uint32_t b_len = 0;
- const uint8_t *b = NULL;
-
- if (rs_krb5_tx_get_sname(txv, local_id, &b, &b_len) != 1) {
- InspectionBufferSetupMultiEmpty(buffer);
- return NULL;
- }
- if (b == NULL || b_len == 0) {
- InspectionBufferSetupMultiEmpty(buffer);
- return NULL;
- }
-
- InspectionBufferSetupMulti(det_ctx, buffer, transforms, b, b_len);
- buffer->flags = DETECT_CI_FLAGS_SINGLE;
-
- SCReturnPtr(buffer, "InspectionBuffer");
-}
-
void DetectKrb5SNameRegister(void)
{
sigmatch_table[DETECT_KRB5_SNAME].name = "krb5.sname";
sigmatch_table[DETECT_KRB5_SNAME].desc = "sticky buffer to match on Kerberos 5 server name";
DetectAppLayerMultiRegister(
- "krb5_sname", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, GetKrb5SNameData, 2, 1);
+ "krb5_sname", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, rs_krb5_tx_get_sname, 2, 1);
DetectBufferTypeSetDescriptionByName("krb5_sname",
"Kerberos 5 ticket server name");
return 0;
}
-static InspectionBuffer *QuicHashGetData(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, const uint8_t flags, void *txv,
- int list_id, uint32_t local_id)
-{
- SCEnter();
-
- if (local_id > UINT16_MAX)
- return NULL;
- InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, local_id);
- if (buffer == NULL)
- return NULL;
- if (buffer->initialized)
- return buffer;
-
- const uint8_t *data;
- uint32_t data_len;
- if (rs_quic_tx_get_cyu_hash(txv, local_id, &data, &data_len) == 0) {
- InspectionBufferSetupMultiEmpty(buffer);
- return NULL;
- }
-
- InspectionBufferSetupMulti(det_ctx, buffer, transforms, data, data_len);
- buffer->flags = DETECT_CI_FLAGS_SINGLE;
-
- SCReturnPtr(buffer, "InspectionBuffer");
-}
-
void DetectQuicCyuHashRegister(void)
{
/* quic.cyu.hash sticky buffer */
#endif
DetectAppLayerMultiRegister(
- BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 0, QuicHashGetData, 2, 1);
+ BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 0, rs_quic_tx_get_cyu_hash, 2, 1);
DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC);
return 0;
}
-static InspectionBuffer *QuicStringGetData(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, const uint8_t flags, void *txv,
- int list_id, uint32_t local_id)
-{
- SCEnter();
-
- InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, local_id);
- if (buffer == NULL)
- return NULL;
- if (buffer->initialized)
- return buffer;
-
- const uint8_t *data;
- uint32_t data_len;
- if (rs_quic_tx_get_cyu_string(txv, local_id, &data, &data_len) == 0) {
- InspectionBufferSetupMultiEmpty(buffer);
- return NULL;
- }
-
- InspectionBufferSetupMulti(det_ctx, buffer, transforms, data, data_len);
- buffer->flags = DETECT_CI_FLAGS_SINGLE;
-
- SCReturnPtr(buffer, "InspectionBuffer");
-}
-
void DetectQuicCyuStringRegister(void)
{
/* quic.cyu.string sticky buffer */
#endif
DetectAppLayerMultiRegister(
- BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 0, QuicStringGetData, 2, 1);
+ BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 0, rs_quic_tx_get_cyu_string, 2, 1);
DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC);
return 0;
}
-static InspectionBuffer *GetSmtpRcptToData(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, const uint8_t _flow_flags, void *txv,
- const int list_id, uint32_t idx)
+static bool GetSmtpRcptToData(DetectEngineThreadCtx *_det_ctx, const void *txv, uint8_t _flow_flags,
+ uint32_t idx, const uint8_t **buffer, uint32_t *buffer_len)
{
- InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, idx);
- if (buffer == NULL || buffer->initialized)
- return buffer;
-
SMTPTransaction *tx = (SMTPTransaction *)txv;
if (TAILQ_EMPTY(&tx->rcpt_to_list)) {
- InspectionBufferSetupMultiEmpty(buffer);
- return NULL;
+ return false;
}
SMTPString *s;
}
}
if (s == NULL) {
- InspectionBufferSetupMultiEmpty(buffer);
- return NULL;
+ return false;
}
- InspectionBufferSetupMulti(det_ctx, buffer, transforms, s->str, s->len);
- buffer->flags = DETECT_CI_FLAGS_SINGLE;
- return buffer;
+ *buffer = s->str;
+ *buffer_len = s->len;
+ return true;
}
void SCDetectSMTPRegister(void)
#include "util-profiling.h"
static int DetectTlsAlpnSetup(DetectEngineCtx *, Signature *, const char *);
-static InspectionBuffer *TlsAlpnGetData(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, uint8_t flags, void *txv, int list_id,
- uint32_t index);
-
static int g_tls_alpn_buffer_id = 0;
+static bool TlsAlpnGetData(DetectEngineThreadCtx *det_ctx, const void *txv, const uint8_t flags,
+ uint32_t idx, const uint8_t **buf, uint32_t *buf_len)
+{
+ SCEnter();
+
+ const SSLState *ssl_state = (SSLState *)txv;
+ const SSLStateConnp *connp;
+
+ if (flags & STREAM_TOSERVER) {
+ connp = &ssl_state->client_connp;
+ } else {
+ connp = &ssl_state->server_connp;
+ }
+
+ if (TAILQ_EMPTY(&connp->alpns)) {
+ return false;
+ }
+
+ SSLAlpns *a;
+ if (idx == 0) {
+ a = TAILQ_FIRST(&connp->alpns);
+ } else {
+ // TODO optimize ?
+ a = TAILQ_FIRST(&connp->alpns);
+ for (uint32_t i = 0; i < idx; i++) {
+ a = TAILQ_NEXT(a, next);
+ }
+ }
+ if (a == NULL) {
+ return false;
+ }
+
+ *buf = a->alpn;
+ *buf_len = a->size;
+ return true;
+}
+
/**
* \brief Registration function for keyword: tls.alpn
*/
return 0;
}
-
-static InspectionBuffer *TlsAlpnGetData(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, uint8_t flags, void *txv, int list_id,
- uint32_t idx)
-{
- SCEnter();
- InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, idx);
- if (buffer == NULL || buffer->initialized)
- return buffer;
-
- const SSLState *ssl_state = (SSLState *)f->alstate;
- const SSLStateConnp *connp;
-
- if (flags & STREAM_TOSERVER) {
- connp = &ssl_state->client_connp;
- } else {
- connp = &ssl_state->server_connp;
- }
-
- if (TAILQ_EMPTY(&connp->alpns)) {
- InspectionBufferSetupMultiEmpty(buffer);
- return NULL;
- }
-
- SSLAlpns *a;
- if (idx == 0) {
- a = TAILQ_FIRST(&connp->alpns);
- } else {
- // TODO optimize ?
- a = TAILQ_FIRST(&connp->alpns);
- for (uint32_t i = 0; i < idx; i++) {
- a = TAILQ_NEXT(a, next);
- }
- }
- if (a == NULL) {
- InspectionBufferSetupMultiEmpty(buffer);
- return NULL;
- }
-
- InspectionBufferSetupMulti(det_ctx, buffer, transforms, a->alpn, a->size);
- buffer->flags = DETECT_CI_FLAGS_SINGLE;
-
- SCReturnPtr(buffer, "InspectionBuffer");
-}
static int g_tls_certs_buffer_id = 0;
-static InspectionBuffer *TlsCertsGetData(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, const uint8_t flags, void *txv,
- int list_id, uint32_t local_id)
+static bool TlsCertsGetData(DetectEngineThreadCtx *det_ctx, const void *txv, const uint8_t flags,
+ uint32_t local_id, const uint8_t **buf, uint32_t *buf_len)
{
- SCEnter();
-
- InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, local_id);
- if (buffer == NULL || buffer->initialized)
- return buffer;
-
- const SSLState *ssl_state = (SSLState *)f->alstate;
+ const SSLState *ssl_state = (SSLState *)txv;
const SSLStateConnp *connp;
if (flags & STREAM_TOSERVER) {
}
if (TAILQ_EMPTY(&connp->certs)) {
- InspectionBufferSetupMultiEmpty(buffer);
- return NULL;
+ return false;
}
SSLCertsChain *cert;
}
}
if (cert == NULL) {
- InspectionBufferSetupMultiEmpty(buffer);
- return NULL;
+ return false;
}
- InspectionBufferSetupMulti(det_ctx, buffer, transforms, cert->cert_data, cert->cert_len);
- buffer->flags = DETECT_CI_FLAGS_SINGLE;
-
- SCReturnPtr(buffer, "InspectionBuffer");
+ *buf = cert->cert_data;
+ *buf_len = cert->cert_len;
+ return true;
}
/**
#include "util-profiling.h"
static int DetectTlsSubjectAltNameSetup(DetectEngineCtx *, Signature *, const char *);
-static InspectionBuffer *TlsSubjectAltNameGetData(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, uint8_t flags, void *txv, int list_id,
- uint32_t index);
-
static int g_tls_subjectaltname_buffer_id = 0;
+static bool TlsSubjectAltNameGetData(DetectEngineThreadCtx *det_ctx, const void *txv,
+ const uint8_t flags, uint32_t idx, const uint8_t **buf, uint32_t *buf_len)
+{
+ const SSLState *ssl_state = (SSLState *)txv;
+ const SSLStateConnp *connp;
+
+ connp = &ssl_state->server_connp;
+
+ if (idx >= connp->cert0_sans_len) {
+ return false;
+ }
+
+ *buf = (const uint8_t *)connp->cert0_sans[idx];
+ *buf_len = strlen(connp->cert0_sans[idx]);
+ return true;
+}
+
/**
* \brief Registration function for keyword: tls.subjectaltname
*/
return 0;
}
-
-static InspectionBuffer *TlsSubjectAltNameGetData(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, uint8_t flags, void *txv, int list_id,
- uint32_t idx)
-{
- SCEnter();
- InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, idx);
- if (buffer == NULL || buffer->initialized)
- return buffer;
-
- const SSLState *ssl_state = (SSLState *)f->alstate;
- const SSLStateConnp *connp;
-
- connp = &ssl_state->server_connp;
-
- if (idx >= connp->cert0_sans_len) {
- return NULL;
- }
-
- InspectionBufferSetupMulti(det_ctx, buffer, transforms, (const uint8_t *)connp->cert0_sans[idx],
- strlen(connp->cert0_sans[idx]));
- buffer->flags = DETECT_CI_FLAGS_SINGLE;
-
- SCReturnPtr(buffer, "InspectionBuffer");
-}
const DetectEngineTransforms *transforms,
Flow *f, const uint8_t flow_flags,
void *txv, const int list_id);
-typedef InspectionBuffer *(*InspectionMultiBufferGetDataPtr)(struct DetectEngineThreadCtx_ *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv,
- const int list_id, const uint32_t local_id);
+
+typedef bool (*InspectionMultiBufferGetDataPtr)(struct DetectEngineThreadCtx_ *det_ctx,
+ const void *txv, const uint8_t flow_flags, uint32_t local_id, const uint8_t **buf,
+ uint32_t *buf_len);
struct DetectEngineAppInspectionEngine_;
typedef uint8_t (*InspectEngineFuncPtr)(struct DetectEngineCtx_ *de_ctx,
projects / thirdparty / suricata.git / commitdiff
