Detection does not change transactions, it reads only.
}
fn match_backuuid(
- tx: &mut DCERPCTransaction, state: &mut DCERPCState, if_data: &mut DCEIfaceData,
+ tx: &DCERPCTransaction, state: &mut DCERPCState, if_data: &mut DCEIfaceData,
) -> u8 {
let mut ret = 0;
if let Some(ref bindack) = state.bindack {
#[no_mangle]
pub extern "C" fn rs_dcerpc_iface_match(
- tx: &mut DCERPCTransaction, state: &mut DCERPCState, if_data: &mut DCEIfaceData,
+ tx: &DCERPCTransaction, state: &mut DCERPCState, if_data: &mut DCEIfaceData,
) -> u8 {
let first_req_seen = tx.get_first_req_seen();
if first_req_seen == 0 {
}
match state.get_hdr_type() {
- Some(DCERPC_TYPE_REQUEST | DCERPC_TYPE_RESPONSE) => {},
+ Some(DCERPC_TYPE_REQUEST | DCERPC_TYPE_RESPONSE) => {}
_ => {
return 0;
}
#[no_mangle]
pub unsafe extern "C" fn rs_dcerpc_opnum_match(
- tx: &mut DCERPCTransaction, opnum_data: &mut DCEOpnumData,
+ tx: &DCERPCTransaction, opnum_data: &mut DCEOpnumData,
) -> u8 {
let first_req_seen = tx.get_first_req_seen();
if first_req_seen == 0 {
}
fn enip_tx_has_cip_service(
- tx: &mut EnipTransaction, direction: Direction, ctx: &DetectCipServiceData,
+ tx: &EnipTransaction, direction: Direction, ctx: &DetectCipServiceData,
) -> std::os::raw::c_int {
let pduo = if direction == Direction::ToServer {
&tx.request
return 0;
}
-fn enip_tx_has_cip_status(
- tx: &mut EnipTransaction, ctx: &DetectUintData<u8>,
-) -> std::os::raw::c_int {
+fn enip_tx_has_cip_status(tx: &EnipTransaction, ctx: &DetectUintData<u8>) -> std::os::raw::c_int {
if let Some(pdu) = &tx.response {
if let EnipPayload::Cip(c) = &pdu.payload {
for item in c.items.iter() {
}
fn enip_tx_has_cip_extendedstatus(
- tx: &mut EnipTransaction, ctx: &DetectUintData<u16>,
+ tx: &EnipTransaction, ctx: &DetectUintData<u16>,
) -> std::os::raw::c_int {
if let Some(pdu) = &tx.response {
if let EnipPayload::Cip(c) = &pdu.payload {
return 0;
}
-fn enip_get_status(tx: &mut EnipTransaction, direction: Direction) -> Option<u32> {
+fn enip_get_status(tx: &EnipTransaction, direction: Direction) -> Option<u32> {
if direction == Direction::ToServer {
if let Some(req) = &tx.request {
return Some(req.header.status);
}
fn enip_tx_has_cip_segment(
- tx: &mut EnipTransaction, ctx: &DetectUintData<u32>, segment_type: u8,
+ tx: &EnipTransaction, ctx: &DetectUintData<u32>, segment_type: u8,
) -> std::os::raw::c_int {
if let Some(pdu) = &tx.request {
if let EnipPayload::Cip(c) = &pdu.payload {
}
fn enip_tx_has_cip_attribute(
- tx: &mut EnipTransaction, ctx: &DetectUintData<u32>,
+ tx: &EnipTransaction, ctx: &DetectUintData<u32>,
) -> std::os::raw::c_int {
if let Some(pdu) = &tx.request {
if let EnipPayload::Cip(c) = &pdu.payload {
return 0;
}
-fn tx_get_protocol_version(tx: &mut EnipTransaction, direction: Direction) -> Option<u16> {
+fn tx_get_protocol_version(tx: &EnipTransaction, direction: Direction) -> Option<u16> {
if direction == Direction::ToServer {
if let Some(req) = &tx.request {
if let EnipPayload::RegisterSession(rs) = &req.payload {
return 0;
}
-fn tx_get_capabilities(tx: &mut EnipTransaction) -> Option<u16> {
+fn tx_get_capabilities(tx: &EnipTransaction) -> Option<u16> {
if let Some(ref response) = tx.response {
if let EnipPayload::ListServices(lsp) = &response.payload {
if !lsp.is_empty() {
return 0;
}
-fn tx_get_vendor_id(tx: &mut EnipTransaction) -> Option<u16> {
+fn tx_get_vendor_id(tx: &EnipTransaction) -> Option<u16> {
if let Some(ref response) = tx.response {
if let EnipPayload::ListIdentity(lip) = &response.payload {
if !lip.is_empty() {
return 0;
}
-fn tx_get_state(tx: &mut EnipTransaction) -> Option<u8> {
+fn tx_get_state(tx: &EnipTransaction) -> Option<u8> {
if let Some(ref response) = tx.response {
if let EnipPayload::ListIdentity(lip) = &response.payload {
if !lip.is_empty() {
return 0;
}
-fn tx_get_serial(tx: &mut EnipTransaction) -> Option<u32> {
+fn tx_get_serial(tx: &EnipTransaction) -> Option<u32> {
if let Some(ref response) = tx.response {
if let EnipPayload::ListIdentity(lip) = &response.payload {
if !lip.is_empty() {
return 0;
}
-fn tx_get_revision(tx: &mut EnipTransaction) -> Option<u16> {
+fn tx_get_revision(tx: &EnipTransaction) -> Option<u16> {
if let Some(ref response) = tx.response {
if let EnipPayload::ListIdentity(lip) = &response.payload {
if !lip.is_empty() {
return 0;
}
-fn tx_get_product_code(tx: &mut EnipTransaction) -> Option<u16> {
+fn tx_get_product_code(tx: &EnipTransaction) -> Option<u16> {
if let Some(ref response) = tx.response {
if let EnipPayload::ListIdentity(lip) = &response.payload {
if !lip.is_empty() {
return 0;
}
-fn tx_get_identity_status(tx: &mut EnipTransaction) -> Option<u16> {
+fn tx_get_identity_status(tx: &EnipTransaction) -> Option<u16> {
if let Some(ref response) = tx.response {
if let EnipPayload::ListIdentity(lip) = &response.payload {
if !lip.is_empty() {
return 0;
}
-fn tx_get_device_type(tx: &mut EnipTransaction) -> Option<u16> {
+fn tx_get_device_type(tx: &EnipTransaction) -> Option<u16> {
if let Some(ref response) = tx.response {
if let EnipPayload::ListIdentity(lip) = &response.payload {
if !lip.is_empty() {
return 0;
}
-fn tx_get_command(tx: &mut EnipTransaction, direction: u8) -> Option<u16> {
+fn tx_get_command(tx: &EnipTransaction, direction: u8) -> Option<u16> {
let direction: Direction = direction.into();
if direction == Direction::ToServer {
if let Some(req) = &tx.request {
use base64::{Engine, engine::general_purpose::STANDARD};
fn http2_tx_has_frametype(
- tx: &mut HTTP2Transaction, direction: Direction, value: u8,
+ tx: &HTTP2Transaction, direction: Direction, value: u8,
) -> std::os::raw::c_int {
if direction == Direction::ToServer {
for i in 0..tx.frames_ts.len() {
}
fn http2_tx_has_errorcode(
- tx: &mut HTTP2Transaction, direction: Direction, code: u32,
+ tx: &HTTP2Transaction, direction: Direction, code: u32,
) -> std::os::raw::c_int {
if direction == Direction::ToServer {
for i in 0..tx.frames_ts.len() {
}
fn http2_tx_get_next_priority(
- tx: &mut HTTP2Transaction, direction: Direction, nb: u32,
+ tx: &HTTP2Transaction, direction: Direction, nb: u32,
) -> std::os::raw::c_int {
let mut pos = 0_u32;
if direction == Direction::ToServer {
}
fn http2_tx_get_next_window(
- tx: &mut HTTP2Transaction, direction: Direction, nb: u32,
+ tx: &HTTP2Transaction, direction: Direction, nb: u32,
) -> std::os::raw::c_int {
let mut pos = 0_u32;
if direction == Direction::ToServer {
}
fn http2_detect_settingsctx_match(
- ctx: &mut parser::DetectHTTP2settingsSigCtx, tx: &mut HTTP2Transaction, direction: Direction,
+ ctx: &parser::DetectHTTP2settingsSigCtx, tx: &HTTP2Transaction, direction: Direction,
) -> std::os::raw::c_int {
if direction == Direction::ToServer {
for i in 0..tx.frames_ts.len() {
}
fn http2_detect_sizeupdatectx_match(
- ctx: &mut DetectUintData<u64>, tx: &mut HTTP2Transaction, direction: Direction,
+ ctx: &DetectUintData<u64>, tx: &HTTP2Transaction, direction: Direction,
) -> std::os::raw::c_int {
if direction == Direction::ToServer {
for i in 0..tx.frames_ts.len() {
// and rs_http2_detect_sizeupdatectx_match explicitly casting
#[no_mangle]
pub unsafe extern "C" fn rs_http2_tx_get_header_name(
- tx: &mut HTTP2Transaction, direction: u8, nb: u32, buffer: *mut *const u8, buffer_len: *mut u32,
+ tx: &HTTP2Transaction, direction: u8, nb: u32, buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let mut pos = 0_u32;
match direction.into() {
}
}
+// we mutate the tx to cache req_line
fn http2_tx_get_req_line(tx: &mut HTTP2Transaction) {
if !tx.req_line.is_empty() {
return;
use std::ptr;
#[no_mangle]
-pub extern "C" fn rs_ike_state_get_exch_type(tx: &mut IKETransaction, exch_type: *mut u8) -> u8 {
+pub extern "C" fn rs_ike_state_get_exch_type(tx: &IKETransaction, exch_type: *mut u8) -> u8 {
debug_validate_bug_on!(exch_type.is_null());
if tx.ike_version == 1 {
#[no_mangle]
pub extern "C" fn rs_ike_state_get_spi_initiator(
- tx: &mut IKETransaction, buffer: *mut *const u8, buffer_len: *mut u32,
+ tx: &IKETransaction, buffer: *mut *const u8, buffer_len: *mut u32,
) -> u8 {
debug_validate_bug_on!(buffer.is_null() || buffer_len.is_null());
#[no_mangle]
pub extern "C" fn rs_ike_state_get_spi_responder(
- tx: &mut IKETransaction, buffer: *mut *const u8, buffer_len: *mut u32,
+ tx: &IKETransaction, buffer: *mut *const u8, buffer_len: *mut u32,
) -> u8 {
debug_validate_bug_on!(buffer.is_null() || buffer_len.is_null());
#[no_mangle]
pub extern "C" fn rs_ike_state_get_nonce(
- tx: &mut IKETransaction, buffer: *mut *const u8, buffer_len: *mut u32,
+ tx: &IKETransaction, buffer: *mut *const u8, buffer_len: *mut u32,
) -> u8 {
debug_validate_bug_on!(buffer.is_null() || buffer_len.is_null());
#[no_mangle]
pub extern "C" fn rs_ike_state_get_key_exchange(
- tx: &mut IKETransaction, buffer: *mut *const u8, buffer_len: *mut u32,
+ tx: &IKETransaction, buffer: *mut *const u8, buffer_len: *mut u32,
) -> u8 {
debug_validate_bug_on!(buffer.is_null() || buffer_len.is_null());
#[no_mangle]
pub extern "C" fn rs_ike_state_get_sa_attribute(
- tx: &mut IKETransaction, sa_type: *const std::os::raw::c_char, value: *mut u32,
+ tx: &IKETransaction, sa_type: *const std::os::raw::c_char, value: *mut u32,
) -> u8 {
debug_validate_bug_on!(value.is_null());
let mut ret_val = 0;
#[no_mangle]
pub unsafe extern "C" fn rs_ike_state_get_key_exchange_payload_length(
- tx: &mut IKETransaction, value: *mut u32,
+ tx: &IKETransaction, value: *mut u32,
) -> u8 {
debug_validate_bug_on!(value.is_null());
#[no_mangle]
pub unsafe extern "C" fn rs_ike_state_get_nonce_payload_length(
- tx: &mut IKETransaction, value: *mut u32,
+ tx: &IKETransaction, value: *mut u32,
) -> u8 {
debug_validate_bug_on!(value.is_null());
use std::ffi::CStr;
#[no_mangle]
-pub unsafe extern "C" fn rs_krb5_tx_get_msgtype(tx: &mut KRB5Transaction, ptr: *mut u32) {
+pub unsafe extern "C" fn rs_krb5_tx_get_msgtype(tx: &KRB5Transaction, ptr: *mut u32) {
*ptr = tx.msg_type.0;
}
/// Get error code, if present in transaction
/// Return 0 if error code was filled, else 1
#[no_mangle]
-pub unsafe extern "C" fn rs_krb5_tx_get_errcode(tx: &mut KRB5Transaction, ptr: *mut i32) -> u32 {
+pub unsafe extern "C" fn rs_krb5_tx_get_errcode(tx: &KRB5Transaction, ptr: *mut i32) -> u32 {
match tx.error_code {
Some(ref e) => {
*ptr = e.0;
#[no_mangle]
pub unsafe extern "C" fn rs_krb5_tx_get_cname(
- tx: &mut KRB5Transaction, i: u32, buffer: *mut *const u8, buffer_len: *mut u32,
+ tx: &KRB5Transaction, i: u32, buffer: *mut *const u8, buffer_len: *mut u32,
) -> u8 {
if let Some(ref s) = tx.cname {
if (i as usize) < s.name_string.len() {
#[no_mangle]
pub unsafe extern "C" fn rs_krb5_tx_get_sname(
- tx: &mut KRB5Transaction, i: u32, buffer: *mut *const u8, buffer_len: *mut u32,
+ tx: &KRB5Transaction, i: u32, buffer: *mut *const u8, buffer_len: *mut u32,
) -> u8 {
if let Some(ref s) = tx.sname {
if (i as usize) < s.name_string.len() {
}
}
-
// Suppress large enum variant lint as the LIST is very large compared
// to the boolean variant.
#[derive(Debug)]
#[no_mangle]
pub unsafe extern "C" fn rs_krb5_detect_encryption_match(
- tx: &mut KRB5Transaction, ctx: &DetectKrb5TicketEncryptionData,
+ tx: &KRB5Transaction, ctx: &DetectKrb5TicketEncryptionData,
) -> std::os::raw::c_int {
if let Some(x) = tx.ticket_etype {
match ctx {
return 0;
}
-fn rfb_sec_type_match_aux(tx: &mut RFBTransaction, ctx: &DetectUintData<u32>) -> c_int {
+fn rfb_sec_type_match_aux(tx: &RFBTransaction, ctx: &DetectUintData<u32>) -> c_int {
if let Some(r) = tx.chosen_security_type {
if detect_match_uint(ctx, r) {
return 1;
#[no_mangle]
pub unsafe extern "C" fn rs_sip_tx_get_method(
- tx: &mut SIPTransaction, buffer: *mut *const u8, buffer_len: *mut u32,
+ tx: &SIPTransaction, buffer: *mut *const u8, buffer_len: *mut u32,
) -> u8 {
if let Some(ref r) = tx.request {
let m = &r.method;
#[no_mangle]
pub unsafe extern "C" fn rs_sip_tx_get_uri(
- tx: &mut SIPTransaction, buffer: *mut *const u8, buffer_len: *mut u32,
+ tx: &SIPTransaction, buffer: *mut *const u8, buffer_len: *mut u32,
) -> u8 {
if let Some(ref r) = tx.request {
let p = &r.path;
#[no_mangle]
pub unsafe extern "C" fn rs_smb_tx_get_share(
- tx: &mut SMBTransaction, buffer: *mut *const u8, buffer_len: *mut u32,
+ tx: &SMBTransaction, buffer: *mut *const u8, buffer_len: *mut u32,
) -> u8 {
if let Some(SMBTransactionTypeData::TREECONNECT(ref x)) = tx.type_data {
SCLogDebug!("is_pipe {}", x.is_pipe);
#[no_mangle]
pub unsafe extern "C" fn rs_smb_tx_get_named_pipe(
- tx: &mut SMBTransaction, buffer: *mut *const u8, buffer_len: *mut u32,
+ tx: &SMBTransaction, buffer: *mut *const u8, buffer_len: *mut u32,
) -> u8 {
if let Some(SMBTransactionTypeData::TREECONNECT(ref x)) = tx.type_data {
SCLogDebug!("is_pipe {}", x.is_pipe);
#[no_mangle]
pub unsafe extern "C" fn rs_smb_tx_get_stub_data(
- tx: &mut SMBTransaction, direction: u8, buffer: *mut *const u8, buffer_len: *mut u32,
+ tx: &SMBTransaction, direction: u8, buffer: *mut *const u8, buffer_len: *mut u32,
) -> u8 {
if let Some(SMBTransactionTypeData::DCERPC(ref x)) = tx.type_data {
let vref = if direction == Direction::ToServer as u8 {
#[no_mangle]
pub extern "C" fn rs_smb_tx_match_dce_opnum(
- tx: &mut SMBTransaction, dce_data: &mut DCEOpnumData,
+ tx: &SMBTransaction, dce_data: &mut DCEOpnumData,
) -> u8 {
SCLogDebug!("rs_smb_tx_get_dce_opnum: start");
if let Some(SMBTransactionTypeData::DCERPC(ref x)) = tx.type_data {
* - only match on approved ifaces (so ack_result == 0) */
#[no_mangle]
pub extern "C" fn rs_smb_tx_get_dce_iface(
- state: &mut SMBState, tx: &mut SMBTransaction, dce_data: &mut DCEIfaceData,
+ state: &mut SMBState, tx: &SMBTransaction, dce_data: &mut DCEIfaceData,
) -> u8 {
let if_uuid = dce_data.if_uuid.as_slice();
let is_dcerpc_request = match tx.type_data {
#[no_mangle]
pub unsafe extern "C" fn rs_smb_tx_get_ntlmssp_user(
- tx: &mut SMBTransaction, buffer: *mut *const u8, buffer_len: *mut u32,
+ tx: &SMBTransaction, buffer: *mut *const u8, buffer_len: *mut u32,
) -> u8 {
if let Some(SMBTransactionTypeData::SESSIONSETUP(ref x)) = tx.type_data {
if let Some(ref ntlmssp) = x.ntlmssp {
#[no_mangle]
pub unsafe extern "C" fn rs_smb_tx_get_ntlmssp_domain(
- tx: &mut SMBTransaction, buffer: *mut *const u8, buffer_len: *mut u32,
+ tx: &SMBTransaction, buffer: *mut *const u8, buffer_len: *mut u32,
) -> u8 {
if let Some(SMBTransactionTypeData::SESSIONSETUP(ref x)) = tx.type_data {
if let Some(ref ntlmssp) = x.ntlmssp {
}
#[no_mangle]
-pub unsafe extern "C" fn rs_smb_version_match(
- tx: &mut SMBTransaction, version_data: &mut u8,
-) -> u8 {
+pub unsafe extern "C" fn rs_smb_version_match(tx: &SMBTransaction, version_data: &mut u8) -> u8 {
let version = tx.vercmd.get_version();
SCLogDebug!("smb_version: version returned: {}", version);
if version == *version_data {
assert_eq!(1u8, parse_version_data(" 1").unwrap());
assert_eq!(2u8, parse_version_data(" 2 ").unwrap());
}
-}
\ No newline at end of file
+}
projects / thirdparty / suricata.git / commitdiff
