pub type GetFrameIdByName = unsafe extern "C" fn(*const c_char) -> c_int;
pub type GetFrameNameById = unsafe extern "C" fn(u8) -> *const c_char;
+// Defined in detect-engine-register.h
+/// cbindgen:ignore
+extern "C" {
+ pub fn SigTablePreRegister(cb: unsafe extern "C" fn ());
+}
// Defined in app-layer-register.h
/// cbindgen:ignore
use crate::snmp::snmp_parser::*;
use crate::core::{self, *};
use crate::applayer::{self, *};
+use super::log::SCSnmpLogJsonResponse;
+use super::detect::SCDetectSNMPRegister;
use std;
use std::ffi::CString;
use der_parser::der::parse_der_sequence;
use nom7::{Err, IResult};
use nom7::error::{ErrorKind, make_error};
-use suricata_sys::sys::AppProto;
+use suricata_sys::sys::{
+ AppProto, AppProtoNewProtoFromString, EveJsonTxLoggerRegistrationData,
+ SCOutputJsonLogDirection, SCOutputEvePreRegisterLogger,
+};
#[derive(AppLayerEvent)]
pub enum SNMPEvent {
get_frame_name_by_id: None,
};
let ip_proto_str = CString::new("udp").unwrap();
+ ALPROTO_SNMP = AppProtoNewProtoFromString(PARSER_NAME.as_ptr() as *const std::os::raw::c_char);
+ let reg_data = EveJsonTxLoggerRegistrationData {
+ confname: b"eve-log.snmp\0".as_ptr() as *const std::os::raw::c_char,
+ logname: b"JsonSNMPLog\0".as_ptr() as *const std::os::raw::c_char,
+ alproto: ALPROTO_SNMP,
+ dir: SCOutputJsonLogDirection::LOG_DIR_PACKET as u8,
+ LogTx: Some(SCSnmpLogJsonResponse),
+ };
+ SCOutputEvePreRegisterLogger(reg_data);
+ SigTablePreRegister(SCDetectSNMPRegister);
if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
// port 161
- let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
- // store the allocated ID for the probe function
- ALPROTO_SNMP = alproto;
+ _ = AppLayerRegisterProtocolDetection(&parser, 1);
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
- let _ = AppLayerRegisterParser(&parser, alproto);
+ let _ = AppLayerRegisterParser(&parser, ALPROTO_SNMP);
}
// port 162
let default_port_traps = CString::new("162").unwrap();
parser.default_port = default_port_traps.as_ptr();
let _ = AppLayerRegisterProtocolDetection(&parser, 1);
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
- let _ = AppLayerRegisterParser(&parser, alproto);
+ let _ = AppLayerRegisterParser(&parser, ALPROTO_SNMP);
}
AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_SNMP);
} else {
ALPROTO_KRB5 = 21,
ALPROTO_QUIC = 22,
ALPROTO_DHCP = 23,
- ALPROTO_SNMP = 24,
- ALPROTO_SIP = 25,
- ALPROTO_RFB = 26,
- ALPROTO_MQTT = 27,
- ALPROTO_PGSQL = 28,
- ALPROTO_TELNET = 29,
- ALPROTO_WEBSOCKET = 30,
- ALPROTO_LDAP = 31,
- ALPROTO_DOH2 = 32,
- ALPROTO_TEMPLATE = 33,
- ALPROTO_RDP = 34,
- ALPROTO_HTTP2 = 35,
- ALPROTO_BITTORRENT_DHT = 36,
- ALPROTO_POP3 = 37,
- ALPROTO_HTTP = 38,
- ALPROTO_MAX_STATIC = 39,
+ ALPROTO_SIP = 24,
+ ALPROTO_RFB = 25,
+ ALPROTO_MQTT = 26,
+ ALPROTO_PGSQL = 27,
+ ALPROTO_TELNET = 28,
+ ALPROTO_WEBSOCKET = 29,
+ ALPROTO_LDAP = 30,
+ ALPROTO_DOH2 = 31,
+ ALPROTO_TEMPLATE = 32,
+ ALPROTO_RDP = 33,
+ ALPROTO_HTTP2 = 34,
+ ALPROTO_BITTORRENT_DHT = 35,
+ ALPROTO_POP3 = 36,
+ ALPROTO_HTTP = 37,
+ ALPROTO_MAX_STATIC = 38,
}
pub type AppProto = u16;
extern "C" {
ALPROTO_KRB5,
ALPROTO_QUIC,
ALPROTO_DHCP,
- ALPROTO_SNMP,
ALPROTO_SIP,
ALPROTO_RFB,
ALPROTO_MQTT,
/* keep last */
ALPROTO_MAX_STATIC,
// After this ALPROTO_MAX_STATIC can come dynamic alproto ids
+ // For example, ALPROTO_SNMP is now dynamic
};
// NOTE: if ALPROTO's get >= 256, update SignatureNonPrefilterStore
AppProtoRegisterProtoString(ALPROTO_KRB5, "krb5");
AppProtoRegisterProtoString(ALPROTO_QUIC, "quic");
AppProtoRegisterProtoString(ALPROTO_DHCP, "dhcp");
- AppProtoRegisterProtoString(ALPROTO_SNMP, "snmp");
AppProtoRegisterProtoString(ALPROTO_SIP, "sip");
AppProtoRegisterProtoString(ALPROTO_RFB, "rfb");
AppProtoRegisterProtoString(ALPROTO_MQTT, "mqtt");
DetectEmailRegister();
SCDetectSMTPRegister();
- SCDetectSNMPRegister();
SCDetectDHCPRegister();
SCDetectWebsocketRegister();
SCDetectEnipRegister();
ALPROTO_KRB5, (EveJsonSimpleTxLogFunc)rs_krb5_log_json_response, NULL);
RegisterSimpleJsonApplayerLogger(ALPROTO_QUIC, (EveJsonSimpleTxLogFunc)rs_quic_to_json, NULL);
// ALPROTO_DHCP TODO missing
- RegisterSimpleJsonApplayerLogger(
- ALPROTO_SNMP, (EveJsonSimpleTxLogFunc)SCSnmpLogJsonResponse, NULL);
RegisterSimpleJsonApplayerLogger(ALPROTO_SIP, (EveJsonSimpleTxLogFunc)rs_sip_log_json, NULL);
RegisterSimpleJsonApplayerLogger(ALPROTO_RFB, (EveJsonSimpleTxLogFunc)rs_rfb_logger_log, NULL);
RegisterSimpleJsonApplayerLogger(
SCLogDebug("quic json logger registered.");
/* DHCP JSON logger. */
JsonDHCPLogRegister();
- /* SNMP JSON logger. */
- OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", "JsonSNMPLog", "eve-log.snmp",
- OutputJsonLogInitSub, ALPROTO_SNMP, JsonGenericDirPacketLogger, JsonLogThreadInit,
- JsonLogThreadDeinit);
- SCLogDebug("SNMP JSON logger registered.");
/* SIP JSON logger. */
OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", "JsonSIPLog", "eve-log.sip",
OutputJsonLogInitSub, ALPROTO_SIP, JsonGenericDirPacketLogger, JsonLogThreadInit,
projects / thirdparty / suricata.git / commitdiff
