detect/snmp: rename keywords to snmp.<name>, and make rust mandatory

diff --git a/src/detect-snmp-community.c b/src/detect-snmp-community.c
index aba8c593bdc228c45341ea5189a4eedc1a71bb63..a8373227a226de1a9a4dc3bfaca546a91d4fb99a 100644 (file)
--- a/src/detect-snmp-community.c
+++ b/src/detect-snmp-community.c
@@ -20,7 +20,7 @@
  *
  * \author Pierre Chifflier <chifflier@wzdftpd.net>
  *
- * Set up of the "snmp_community" keyword to allow content
+ * Set up of the "snmp.community" keyword to allow content
  * inspections on the decoded snmp community.
  */
 
@@ -33,14 +33,6 @@
 #include "detect-snmp-community.h"
 #include "app-layer-parser.h"
 
-#ifndef HAVE_RUST
-
-void DetectSNMPCommunityRegister(void)
-{
-}
-
-#else
-
 #include "rust-snmp-snmp-gen.h"
 #include "rust-snmp-detect-gen.h"
 
@@ -55,34 +47,33 @@ static int g_snmp_rust_id = 0;
 
 void DetectSNMPCommunityRegister(void)
 {
-    sigmatch_table[DETECT_AL_SNMP_COMMUNITY].name = "snmp_community";
+    sigmatch_table[DETECT_AL_SNMP_COMMUNITY].name = "snmp.community";
     sigmatch_table[DETECT_AL_SNMP_COMMUNITY].desc =
         "SNMP content modififier to match on the snmp community";
     sigmatch_table[DETECT_AL_SNMP_COMMUNITY].Setup =
         DetectSNMPCommunitySetup;
     sigmatch_table[DETECT_AL_SNMP_COMMUNITY].RegisterTests =
         DetectSNMPCommunityRegisterTests;
-    sigmatch_table[DETECT_AL_SNMP_COMMUNITY].url = DOC_URL DOC_VERSION "/rules/snmp-keywords.html#snmp_community";
+    sigmatch_table[DETECT_AL_SNMP_COMMUNITY].url = DOC_URL DOC_VERSION "/rules/snmp-keywords.html#snmp.community";
 
-    sigmatch_table[DETECT_AL_SNMP_COMMUNITY].flags |= SIGMATCH_NOOPT;
+    sigmatch_table[DETECT_AL_SNMP_COMMUNITY].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER;
 
     /* register inspect engines */
-    DetectAppLayerInspectEngineRegister("snmp_community",
+    DetectAppLayerInspectEngineRegister("snmp.community",
             ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0,
             DetectEngineInspectSNMPCommunity);
-    DetectAppLayerInspectEngineRegister("snmp_community",
+    DetectAppLayerInspectEngineRegister("snmp.community",
             ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0,
             DetectEngineInspectSNMPCommunity);
 
-    g_snmp_rust_id = DetectBufferTypeGetByName("snmp_community");
-
-    SCLogDebug("SNMP community detect registered.");
+    g_snmp_rust_id = DetectBufferTypeGetByName("snmp.community");
 }
 
 static int DetectSNMPCommunitySetup(DetectEngineCtx *de_ctx, Signature *s,
     const char *str)
 {
-    s->init_data->list = g_snmp_rust_id;
+    if (DetectBufferSetActiveList(s, g_snmp_rust_id) < 0)
+        return -1;
 
     if (DetectSignatureSetAppProto(s, ALPROTO_SNMP) != 0)
         return -1;
@@ -107,8 +98,8 @@ static int DetectEngineInspectSNMPCommunity(ThreadVars *tv,
 
     if (data != NULL) {
         ret = DetectEngineContentInspection(de_ctx, det_ctx, s, smd,
-            f, (uint8_t *)data, data_len, 0, DETECT_CI_FLAGS_SINGLE,
-            DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL);
+            NULL, f, (uint8_t *)data, data_len, 0, DETECT_CI_FLAGS_SINGLE,
+            DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE);
     }
 
     return ret;
@@ -170,7 +161,7 @@ static int DetectSNMPCommunityTest(void)
     s = DetectEngineAppendSig(de_ctx,
         "alert snmp any any -> any any ("
         "msg:\"SNMP Test Rule\"; "
-        "snmp_community; content:\"[R0_C@cti!]\"; "
+        "snmp.community; content:\"[R0_C@cti!]\"; "
         "sid:1; rev:1;)");
     FAIL_IF_NULL(s);
 
@@ -178,7 +169,7 @@ static int DetectSNMPCommunityTest(void)
     s = DetectEngineAppendSig(de_ctx,
         "alert snmp any any -> any any ("
         "msg:\"SNMP Test Rule\"; "
-        "snmp_community; content:\"private\"; "
+        "snmp.community; content:\"private\"; "
         "sid:2; rev:1;)");
     FAIL_IF_NULL(s);
 
@@ -222,5 +213,3 @@ static void DetectSNMPCommunityRegisterTests(void)
         DetectSNMPCommunityTest);
 #endif /* UNITTESTS */
 }
-
-#endif

diff --git a/src/detect-snmp-pdu_type.c b/src/detect-snmp-pdu_type.c
index e8a025472774bbdfb25f7a494a81ef7d794d3ac7..a62b6e60f0b967ff19e2a641a7c29980c59d2d33 100644 (file)
--- a/src/detect-snmp-pdu_type.c
+++ b/src/detect-snmp-pdu_type.c
@@ -30,19 +30,11 @@
 #include "detect-snmp-pdu_type.h"
 #include "app-layer-parser.h"
 
-#ifndef HAVE_RUST
-
-void DetectSNMPPduTypeRegister(void)
-{
-}
-
-#else
-
 #include "rust-snmp-snmp-gen.h"
 #include "rust-snmp-detect-gen.h"
 
 /**
- *   [snmp_pdu_type]:<type>;
+ *   [snmp.pdu_type]:<type>;
  */
 #define PARSE_REGEX "^\\s*([0-9]+)\\s*$"
 static pcre *parse_regex;
@@ -70,28 +62,27 @@ static int DetectSNMPPduTypeMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *
 
 void DetectSNMPPduTypeRegister(void)
 {
-    sigmatch_table[DETECT_AL_SNMP_PDU_TYPE].name = "snmp_pdu_type";
+    sigmatch_table[DETECT_AL_SNMP_PDU_TYPE].name = "snmp.pdu_type";
     sigmatch_table[DETECT_AL_SNMP_PDU_TYPE].desc = "match SNMP Pdu type";
-    sigmatch_table[DETECT_AL_SNMP_PDU_TYPE].url = DOC_URL DOC_VERSION "/rules/snmp-keywords.html#snmp_pdu_type";
+    sigmatch_table[DETECT_AL_SNMP_PDU_TYPE].url = DOC_URL DOC_VERSION "/rules/snmp-keywords.html#snmp.pdu_type";
     sigmatch_table[DETECT_AL_SNMP_PDU_TYPE].Match = NULL;
     sigmatch_table[DETECT_AL_SNMP_PDU_TYPE].AppLayerTxMatch = DetectSNMPPduTypeMatch;
     sigmatch_table[DETECT_AL_SNMP_PDU_TYPE].Setup = DetectSNMPPduTypeSetup;
     sigmatch_table[DETECT_AL_SNMP_PDU_TYPE].Free = DetectSNMPPduTypeFree;
     sigmatch_table[DETECT_AL_SNMP_PDU_TYPE].RegisterTests = DetectSNMPPduTypeRegisterTests;
+    sigmatch_table[DETECT_AL_SNMP_PDU_TYPE].flags |= SIGMATCH_NOOPT;
 
     DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
 
-    DetectAppLayerInspectEngineRegister("snmp_pdu_type",
+    DetectAppLayerInspectEngineRegister("snmp.pdu_type",
             ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0,
             DetectEngineInspectSNMPRequestGeneric);
 
-    DetectAppLayerInspectEngineRegister("snmp_pdu_type",
+    DetectAppLayerInspectEngineRegister("snmp.pdu_type",
             ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0,
             DetectEngineInspectSNMPRequestGeneric);
 
-    g_snmp_pdu_type_buffer_id = DetectBufferTypeGetByName("snmp_pdu_type");
-
-    SCLogDebug("g_snmp_pdu_type_buffer_id %d", g_snmp_pdu_type_buffer_id);
+    g_snmp_pdu_type_buffer_id = DetectBufferTypeGetByName("snmp.pdu_type");
 }
 
 static int DetectEngineInspectSNMPRequestGeneric(ThreadVars *tv,
@@ -139,7 +130,7 @@ static int DetectSNMPPduTypeMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx
 
 /**
  * \internal
- * \brief Function to parse options passed via snmp_pdu_type keywords.
+ * \brief Function to parse options passed via snmp.pdu_type keywords.
  *
  * \param rawstr Pointer to the user provided options.
  *
@@ -177,7 +168,7 @@ static DetectSNMPPduTypeData *DetectSNMPPduTypeParse (const char *rawstr)
     dd->pdu_type = strtoul(value1, &endptr, 10);
     if (endptr == NULL || *endptr != '\0') {
         SCLogError(SC_ERR_INVALID_SIGNATURE, "invalid character as arg "
-                   "to snmp_pdu_type keyword");
+                   "to snmp.pdu_type keyword");
         goto error;
     }
 
@@ -224,7 +215,7 @@ static int DetectSNMPPduTypeSetup (DetectEngineCtx *de_ctx, Signature *s,
     sm->type = DETECT_AL_SNMP_PDU_TYPE;
     sm->ctx = (void *)dd;
 
-    SCLogDebug("snmp_pdu_type %d", dd->pdu_type);
+    SCLogDebug("snmp.pdu_type %d", dd->pdu_type);
     SigMatchAppendSMToList(s, sm, g_snmp_pdu_type_buffer_id);
     return 0;
 
@@ -274,5 +265,3 @@ static void DetectSNMPPduTypeRegisterTests(void)
     UtRegisterTest("SNMPValidityTestParse01", SNMPValidityTestParse01);
 #endif /* UNITTESTS */
 }
-
-#endif

diff --git a/src/detect-snmp-version.c b/src/detect-snmp-version.c
index 6972ca8582aa97a0c3a201973044a105a62fa91e..71d2108f7d00bdeac56a2c32ac73ddaaca52444d 100644 (file)
--- a/src/detect-snmp-version.c
+++ b/src/detect-snmp-version.c
@@ -30,19 +30,11 @@
 #include "detect-snmp-version.h"
 #include "app-layer-parser.h"
 
-#ifndef HAVE_RUST
-
-void DetectSNMPVersionRegister(void)
-{
-}
-
-#else
-
 #include "rust-snmp-snmp-gen.h"
 #include "rust-snmp-detect-gen.h"
 
 /**
- *   [snmp_version]:[<|>|<=|>=]<version>;
+ *   [snmp.version]:[<|>|<=|>=]<version>;
  */
 #define PARSE_REGEX "^\\s*(<=|>=|<|>)?\\s*([0-9]+)\\s*$"
 static pcre *parse_regex;
@@ -78,33 +70,31 @@ static int DetectSNMPVersionMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *
                                    const SigMatchCtx *);
 
 /**
- * \brief Registration function for snmp_procedure keyword.
+ * \brief Registration function for snmp.procedure keyword.
  */
 void DetectSNMPVersionRegister (void)
 {
-    sigmatch_table[DETECT_AL_SNMP_VERSION].name = "snmp_version";
+    sigmatch_table[DETECT_AL_SNMP_VERSION].name = "snmp.version";
     sigmatch_table[DETECT_AL_SNMP_VERSION].desc = "match SNMP version";
-    sigmatch_table[DETECT_AL_SNMP_VERSION].url = DOC_URL DOC_VERSION "/rules/snmp-keywords.html#snmp_version";
+    sigmatch_table[DETECT_AL_SNMP_VERSION].url = DOC_URL DOC_VERSION "/rules/snmp-keywords.html#snmp.version";
     sigmatch_table[DETECT_AL_SNMP_VERSION].Match = NULL;
     sigmatch_table[DETECT_AL_SNMP_VERSION].AppLayerTxMatch = DetectSNMPVersionMatch;
     sigmatch_table[DETECT_AL_SNMP_VERSION].Setup = DetectSNMPVersionSetup;
     sigmatch_table[DETECT_AL_SNMP_VERSION].Free = DetectSNMPVersionFree;
     sigmatch_table[DETECT_AL_SNMP_VERSION].RegisterTests = DetectSNMPVersionRegisterTests;
-
+    sigmatch_table[DETECT_AL_SNMP_VERSION].flags |= SIGMATCH_NOOPT;
 
     DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
 
-    DetectAppLayerInspectEngineRegister("snmp_version",
+    DetectAppLayerInspectEngineRegister("snmp.version",
             ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0,
             DetectEngineInspectSNMPRequestGeneric);
 
-    DetectAppLayerInspectEngineRegister("snmp_version",
+    DetectAppLayerInspectEngineRegister("snmp.version",
             ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0,
             DetectEngineInspectSNMPRequestGeneric);
 
-    g_snmp_version_buffer_id = DetectBufferTypeGetByName("snmp_version");
-
-    SCLogDebug("g_snmp_version_buffer_id %d", g_snmp_version_buffer_id);
+    g_snmp_version_buffer_id = DetectBufferTypeGetByName("snmp.version");
 }
 
 static int DetectEngineInspectSNMPRequestGeneric(ThreadVars *tv,
@@ -181,7 +171,7 @@ static int DetectSNMPVersionMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx
 
 /**
  * \internal
- * \brief Function to parse options passed via snmp_version keywords.
+ * \brief Function to parse options passed via snmp.version keywords.
  *
  * \param rawstr Pointer to the user provided options.
  *
@@ -243,7 +233,7 @@ static DetectSNMPVersionData *DetectSNMPVersionParse (const char *rawstr)
     dd->version = strtoul(value1, &endptr, 10);
     if (endptr == NULL || *endptr != '\0') {
         SCLogError(SC_ERR_INVALID_SIGNATURE, "invalid character as arg "
-                   "to snmp_version keyword");
+                   "to snmp.version keyword");
         goto error;
     }
 
@@ -292,7 +282,7 @@ static int DetectSNMPVersionSetup (DetectEngineCtx *de_ctx, Signature *s,
     sm->type = DETECT_AL_SNMP_VERSION;
     sm->ctx = (void *)dd;
 
-    SCLogDebug("snmp_version %d", dd->version);
+    SCLogDebug("snmp.version %d", dd->version);
     SigMatchAppendSMToList(s, sm, g_snmp_version_buffer_id);
     return 0;
 
@@ -360,5 +350,3 @@ static void DetectSNMPVersionRegisterTests(void)
     UtRegisterTest("SNMPValidityTestParse02", SNMPValidityTestParse02);
 #endif /* UNITTESTS */
 }
-
-#endif