From: Jeff Lucovsky Date: Fri, 4 Apr 2025 14:54:20 +0000 (-0400) Subject: detect/transforms: Add engine detect thread ctx to signature X-Git-Tag: suricata-8.0.0-beta1~68 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=22ea5ddbb7cfc20b5bd72eed586e47b0f2259b6c;p=thirdparty%2Fsuricata.git detect/transforms: Add engine detect thread ctx to signature Modify the transform function signature to include the detect engine thread ctx. --- diff --git a/rust/src/detect/transforms/casechange.rs b/rust/src/detect/transforms/casechange.rs index f081aa2d9a..aa7470ccaa 100644 --- a/rust/src/detect/transforms/casechange.rs +++ b/rust/src/detect/transforms/casechange.rs @@ -39,7 +39,7 @@ fn tolower_transform_do(input: &[u8], output: &mut [u8]) { } } -unsafe extern "C" fn tolower_transform(buffer: *mut c_void, _ctx: *mut c_void) { +unsafe extern "C" fn tolower_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) { let input = InspectionBufferPtr(buffer); let input_len = InspectionBufferLength(buffer); if input.is_null() || input_len == 0 { @@ -99,7 +99,7 @@ fn toupper_transform_do(input: &[u8], output: &mut [u8]) { } } -unsafe extern "C" fn toupper_transform(buffer: *mut c_void, _ctx: *mut c_void) { +unsafe extern "C" fn toupper_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) { let input = InspectionBufferPtr(buffer); let input_len = InspectionBufferLength(buffer); if input.is_null() || input_len == 0 { diff --git a/rust/src/detect/transforms/compress_whitespace.rs b/rust/src/detect/transforms/compress_whitespace.rs index d985fa4319..a8bd0eaca5 100644 --- a/rust/src/detect/transforms/compress_whitespace.rs +++ b/rust/src/detect/transforms/compress_whitespace.rs @@ -49,7 +49,7 @@ fn compress_whitespace_transform_do(input: &[u8], output: &mut [u8]) -> u32 { return nb as u32; } -unsafe extern "C" fn compress_whitespace_transform(buffer: *mut c_void, _ctx: *mut c_void) { +unsafe extern "C" fn compress_whitespace_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) { let input = InspectionBufferPtr(buffer); let input_len = InspectionBufferLength(buffer); if input.is_null() || input_len == 0 { diff --git a/rust/src/detect/transforms/dotprefix.rs b/rust/src/detect/transforms/dotprefix.rs index 60cbf8859d..043ff79456 100644 --- a/rust/src/detect/transforms/dotprefix.rs +++ b/rust/src/detect/transforms/dotprefix.rs @@ -41,7 +41,7 @@ fn dot_prefix_transform_do(input: &[u8], output: &mut [u8]) { output[0] = b'.'; } -unsafe extern "C" fn dot_prefix_transform(buffer: *mut c_void, _ctx: *mut c_void) { +unsafe extern "C" fn dot_prefix_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) { let input_len = InspectionBufferLength(buffer); if input_len == 0 { return; diff --git a/rust/src/detect/transforms/hash.rs b/rust/src/detect/transforms/hash.rs index d040258a65..c6b793c081 100644 --- a/rust/src/detect/transforms/hash.rs +++ b/rust/src/detect/transforms/hash.rs @@ -49,7 +49,7 @@ fn md5_transform_do(input: &[u8], output: &mut [u8]) { Md5::new().chain(input).finalize_into(output.into()); } -unsafe extern "C" fn md5_transform(buffer: *mut c_void, _ctx: *mut c_void) { +unsafe extern "C" fn md5_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) { let input = InspectionBufferPtr(buffer); let input_len = InspectionBufferLength(buffer); if input.is_null() || input_len == 0 { @@ -101,7 +101,7 @@ fn sha1_transform_do(input: &[u8], output: &mut [u8]) { Sha1::new().chain(input).finalize_into(output.into()); } -unsafe extern "C" fn sha1_transform(buffer: *mut c_void, _ctx: *mut c_void) { +unsafe extern "C" fn sha1_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) { let input = InspectionBufferPtr(buffer); let input_len = InspectionBufferLength(buffer); if input.is_null() || input_len == 0 { @@ -153,7 +153,7 @@ fn sha256_transform_do(input: &[u8], output: &mut [u8]) { Sha256::new().chain(input).finalize_into(output.into()); } -unsafe extern "C" fn sha256_transform(buffer: *mut c_void, _ctx: *mut c_void) { +unsafe extern "C" fn sha256_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) { let input = InspectionBufferPtr(buffer); let input_len = InspectionBufferLength(buffer); if input.is_null() || input_len == 0 { diff --git a/rust/src/detect/transforms/http_headers.rs b/rust/src/detect/transforms/http_headers.rs index 77fa17a0d4..8cd9093620 100644 --- a/rust/src/detect/transforms/http_headers.rs +++ b/rust/src/detect/transforms/http_headers.rs @@ -52,7 +52,7 @@ fn header_lowertransform_do(input: &[u8], output: &mut [u8]) { } } -unsafe extern "C" fn header_lowertransform(buffer: *mut c_void, _ctx: *mut c_void) { +unsafe extern "C" fn header_lowertransform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) { let input = InspectionBufferPtr(buffer); let input_len = InspectionBufferLength(buffer); if input.is_null() || input_len == 0 { @@ -114,7 +114,7 @@ fn strip_pseudo_transform_do(input: &[u8], output: &mut [u8]) -> u32 { return nb as u32; } -unsafe extern "C" fn strip_pseudo_transform(buffer: *mut c_void, _ctx: *mut c_void) { +unsafe extern "C" fn strip_pseudo_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) { let input = InspectionBufferPtr(buffer); let input_len = InspectionBufferLength(buffer); if input.is_null() || input_len == 0 { diff --git a/rust/src/detect/transforms/mod.rs b/rust/src/detect/transforms/mod.rs index 01603cabc1..bb542f485d 100644 --- a/rust/src/detect/transforms/mod.rs +++ b/rust/src/detect/transforms/mod.rs @@ -37,7 +37,7 @@ pub struct SCTransformTableElmt { pub flags: u16, pub Setup: unsafe extern "C" fn(de: *mut c_void, s: *mut c_void, raw: *const c_char) -> c_int, pub Free: Option, - pub Transform: unsafe extern "C" fn(inspect_buf: *mut c_void, options: *mut c_void), + pub Transform: unsafe extern "C" fn(_det: *mut c_void, inspect_buf: *mut c_void, options: *mut c_void), pub TransformValidate: Option bool>, } diff --git a/rust/src/detect/transforms/strip_whitespace.rs b/rust/src/detect/transforms/strip_whitespace.rs index 79d9373b7f..c12929d7b8 100644 --- a/rust/src/detect/transforms/strip_whitespace.rs +++ b/rust/src/detect/transforms/strip_whitespace.rs @@ -46,7 +46,7 @@ fn strip_whitespace_transform_do(input: &[u8], output: &mut [u8]) -> u32 { return nb as u32; } -unsafe extern "C" fn strip_whitespace_transform(buffer: *mut c_void, _ctx: *mut c_void) { +unsafe extern "C" fn strip_whitespace_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) { let input = InspectionBufferPtr(buffer); let input_len = InspectionBufferLength(buffer); if input.is_null() || input_len == 0 { diff --git a/rust/src/detect/transforms/urldecode.rs b/rust/src/detect/transforms/urldecode.rs index 82c1a307bd..1067cd4dfe 100644 --- a/rust/src/detect/transforms/urldecode.rs +++ b/rust/src/detect/transforms/urldecode.rs @@ -86,7 +86,7 @@ fn url_decode_transform_do(input: &[u8], output: &mut [u8]) -> u32 { return nb as u32; } -unsafe extern "C" fn url_decode_transform(buffer: *mut c_void, _ctx: *mut c_void) { +unsafe extern "C" fn url_decode_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) { let input = InspectionBufferPtr(buffer); let input_len = InspectionBufferLength(buffer); if input.is_null() || input_len == 0 { diff --git a/rust/src/detect/transforms/xor.rs b/rust/src/detect/transforms/xor.rs index 65e0d93eae..9c47e1be3d 100644 --- a/rust/src/detect/transforms/xor.rs +++ b/rust/src/detect/transforms/xor.rs @@ -80,7 +80,7 @@ fn xor_transform_do(input: &[u8], output: &mut [u8], ctx: &DetectTransformXorDat } } -unsafe extern "C" fn xor_transform(buffer: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn xor_transform(_det: *mut c_void, buffer: *mut c_void, ctx: *mut c_void) { let input = InspectionBufferPtr(buffer); let input_len = InspectionBufferLength(buffer); if input.is_null() || input_len == 0 { diff --git a/src/detect-dns-name.c b/src/detect-dns-name.c index 9a4b6caa6e..d8c729d854 100644 --- a/src/detect-dns-name.c +++ b/src/detect-dns-name.c @@ -114,7 +114,7 @@ static InspectionBuffer *GetBuffer(DetectEngineThreadCtx *det_ctx, } if (ok) { - InspectionBufferSetupMulti(buffer, transforms, data, data_len); + InspectionBufferSetupMulti(det_ctx, buffer, transforms, data, data_len); buffer->flags = DETECT_CI_FLAGS_SINGLE; return buffer; } diff --git a/src/detect-dns-query.c b/src/detect-dns-query.c index 5d3d274589..5d3a7a5c4c 100644 --- a/src/detect-dns-query.c +++ b/src/detect-dns-query.c @@ -80,7 +80,7 @@ static InspectionBuffer *DnsQueryGetData(DetectEngineThreadCtx *det_ctx, InspectionBufferSetupMultiEmpty(buffer); return NULL; } - InspectionBufferSetupMulti(buffer, transforms, data, data_len); + InspectionBufferSetupMulti(det_ctx, buffer, transforms, data, data_len); buffer->flags = DETECT_CI_FLAGS_SINGLE; SCReturnPtr(buffer, "InspectionBuffer"); diff --git a/src/detect-dns-response.c b/src/detect-dns-response.c index 5a9da051df..f616877264 100644 --- a/src/detect-dns-response.c +++ b/src/detect-dns-response.c @@ -139,7 +139,7 @@ static InspectionBuffer *GetBuffer(DetectEngineThreadCtx *det_ctx, uint8_t flags } } - InspectionBufferSetupMulti(buffer, transforms, data, data_len); + InspectionBufferSetupMulti(det_ctx, buffer, transforms, data, data_len); buffer->flags = DETECT_CI_FLAGS_SINGLE; return buffer; } diff --git a/src/detect-email.c b/src/detect-email.c index 9640df309b..8ec76d5eb6 100644 --- a/src/detect-email.c +++ b/src/detect-email.c @@ -59,7 +59,7 @@ static InspectionBuffer *GetMimeEmailFromData(DetectEngineThreadCtx *det_ctx, return NULL; InspectionBufferSetup(det_ctx, list_id, buffer, b_email_from, b_email_from_len); - InspectionBufferApplyTransforms(buffer, transforms); + InspectionBufferApplyTransforms(det_ctx, buffer, transforms); } return buffer; } @@ -94,7 +94,7 @@ static InspectionBuffer *GetMimeEmailSubjectData(DetectEngineThreadCtx *det_ctx, return NULL; InspectionBufferSetup(det_ctx, list_id, buffer, b_email_sub, b_email_sub_len); - InspectionBufferApplyTransforms(buffer, transforms); + InspectionBufferApplyTransforms(det_ctx, buffer, transforms); } return buffer; } @@ -130,7 +130,7 @@ static InspectionBuffer *GetMimeEmailToData(DetectEngineThreadCtx *det_ctx, return NULL; InspectionBufferSetup(det_ctx, list_id, buffer, b_email_to, b_email_to_len); - InspectionBufferApplyTransforms(buffer, transforms); + InspectionBufferApplyTransforms(det_ctx, buffer, transforms); } return buffer; } @@ -164,7 +164,7 @@ static InspectionBuffer *GetMimeEmailCcData(DetectEngineThreadCtx *det_ctx, return NULL; InspectionBufferSetup(det_ctx, list_id, buffer, b_email_cc, b_email_cc_len); - InspectionBufferApplyTransforms(buffer, transforms); + InspectionBufferApplyTransforms(det_ctx, buffer, transforms); } return buffer; } @@ -198,7 +198,7 @@ static InspectionBuffer *GetMimeEmailDateData(DetectEngineThreadCtx *det_ctx, return NULL; InspectionBufferSetup(det_ctx, list_id, buffer, b_email_date, b_email_date_len); - InspectionBufferApplyTransforms(buffer, transforms); + InspectionBufferApplyTransforms(det_ctx, buffer, transforms); } return buffer; } @@ -233,7 +233,7 @@ static InspectionBuffer *GetMimeEmailMessageIdData(DetectEngineThreadCtx *det_ct return NULL; InspectionBufferSetup(det_ctx, list_id, buffer, b_email_msg_id, b_email_msg_id_len); - InspectionBufferApplyTransforms(buffer, transforms); + InspectionBufferApplyTransforms(det_ctx, buffer, transforms); } return buffer; } @@ -268,7 +268,7 @@ static InspectionBuffer *GetMimeEmailXMailerData(DetectEngineThreadCtx *det_ctx, return NULL; InspectionBufferSetup(det_ctx, list_id, buffer, b_email_x_mailer, b_email_x_mailer_len); - InspectionBufferApplyTransforms(buffer, transforms); + InspectionBufferApplyTransforms(det_ctx, buffer, transforms); } return buffer; } diff --git a/src/detect-engine-frame.c b/src/detect-engine-frame.c index 0b46a35228..ca49555840 100644 --- a/src/detect-engine-frame.c +++ b/src/detect-engine-frame.c @@ -67,8 +67,8 @@ static bool SetupStreamCallbackData(struct FrameStreamData *dst, const TcpSessio static bool BufferSetup(struct FrameStreamData *fsd, InspectionBuffer *buffer, const uint8_t *input, const uint32_t input_len, const uint64_t input_offset); -static void BufferSetupUdp(InspectionBuffer *buffer, const Frame *frame, const Packet *p, - const DetectEngineTransforms *transforms); +static void BufferSetupUdp(DetectEngineThreadCtx *det_ctx, InspectionBuffer *buffer, + const Frame *frame, const Packet *p, const DetectEngineTransforms *transforms); void DetectRunPrefilterFrame(DetectEngineThreadCtx *det_ctx, const SigGroupHead *sgh, Packet *p, const Frames *frames, const Frame *frame, const AppProto alproto) @@ -159,7 +159,7 @@ static void PrefilterMpmFrame(DetectEngineThreadCtx *det_ctx, const void *pectx, if (frame->offset >= p->payload_len) return; - BufferSetupUdp(buffer, frame, p, ctx->transforms); + BufferSetupUdp(det_ctx, buffer, frame, p, ctx->transforms); const uint32_t data_len = buffer->inspect_len; const uint8_t *data = buffer->inspect; @@ -251,8 +251,8 @@ bool DetectRunFrameInspectRule(ThreadVars *tv, DetectEngineThreadCtx *det_ctx, c return false; } -static void BufferSetupUdp(InspectionBuffer *buffer, const Frame *frame, const Packet *p, - const DetectEngineTransforms *transforms) +static void BufferSetupUdp(DetectEngineThreadCtx *det_ctx, InspectionBuffer *buffer, + const Frame *frame, const Packet *p, const DetectEngineTransforms *transforms) { uint8_t ci_flags = DETECT_CI_FLAGS_START; uint32_t frame_len; @@ -275,7 +275,7 @@ static void BufferSetupUdp(InspectionBuffer *buffer, const Frame *frame, const P AppLayerParserGetFrameNameById(p->flow->proto, p->flow->alproto, frame->type), frame->offset, frame->type, frame->len); - InspectionBufferSetupMulti(buffer, transforms, data, data_len); + InspectionBufferSetupMulti(det_ctx, buffer, transforms, data, data_len); buffer->inspect_offset = 0; buffer->flags = ci_flags; } @@ -301,7 +301,7 @@ static int DetectFrameInspectUdp(DetectEngineThreadCtx *det_ctx, return DETECT_ENGINE_INSPECT_SIG_NO_MATCH; if (!buffer->initialized) - BufferSetupUdp(buffer, frame, p, transforms); + BufferSetupUdp(det_ctx, buffer, frame, p, transforms); DEBUG_VALIDATE_BUG_ON(!buffer->initialized); if (buffer->inspect == NULL) return DETECT_ENGINE_INSPECT_SIG_NO_MATCH; @@ -387,7 +387,7 @@ static bool BufferSetup(struct FrameStreamData *fsd, InspectionBuffer *buffer, c } // PrintRawDataFp(stdout, data, data_len); SCLogDebug("fsd->transforms %p", fsd->transforms); - InspectionBufferSetupMulti(buffer, fsd->transforms, data, data_len); + InspectionBufferSetupMulti(fsd->det_ctx, buffer, fsd->transforms, data, data_len); SCLogDebug("inspect_offset %" PRIu64, fo_inspect_offset); buffer->inspect_offset = fo_inspect_offset; buffer->flags = ci_flags; diff --git a/src/detect-engine-helper.c b/src/detect-engine-helper.c index 8c9cce7a04..fd24bfb2c2 100644 --- a/src/detect-engine-helper.c +++ b/src/detect-engine-helper.c @@ -144,7 +144,8 @@ int DetectHelperTransformRegister(const SCTransformTableElmt *kw) sigmatch_table[transform_id].url = kw->url; sigmatch_table[transform_id].flags = kw->flags; sigmatch_table[transform_id].Transform = - (void (*)(InspectionBuffer * buffer, void *options)) kw->Transform; + (void (*)(DetectEngineThreadCtx * det_ctx, InspectionBuffer * buffer, void *options)) + kw->Transform; sigmatch_table[transform_id].TransformValidate = (bool (*)( const uint8_t *content, uint16_t content_len, void *context))kw->TransformValidate; sigmatch_table[transform_id].Setup = @@ -173,7 +174,7 @@ InspectionBuffer *DetectHelperGetMultiData(struct DetectEngineThreadCtx_ *det_ct InspectionBufferSetupMultiEmpty(buffer); return NULL; } - InspectionBufferSetupMulti(buffer, transforms, data, data_len); + InspectionBufferSetupMulti(det_ctx, buffer, transforms, data, data_len); buffer->flags = DETECT_CI_FLAGS_SINGLE; return buffer; } diff --git a/src/detect-engine.c b/src/detect-engine.c index 5a61890779..ca45420cdf 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -106,7 +106,7 @@ static uint32_t DetectEngineTenantGetIdFromVlanId(const void *ctx, const Packet static uint32_t DetectEngineTenantGetIdFromPcap(const void *ctx, const Packet *p); static inline void InspectionBufferApplyTransformsInternal( - InspectionBuffer *, const DetectEngineTransforms *); + DetectEngineThreadCtx *det_ctx, InspectionBuffer *, const DetectEngineTransforms *); static DetectEngineAppInspectionEngine *g_app_inspect_engines = NULL; static DetectEnginePktInspectionEngine *g_pkt_inspect_engines = NULL; @@ -1598,7 +1598,7 @@ InspectionBuffer *InspectionBufferMultipleForListGet( return buffer; } -static inline void InspectionBufferApplyTransformsInternal( +static inline void InspectionBufferApplyTransformsInternal(DetectEngineThreadCtx *det_ctx, InspectionBuffer *buffer, const DetectEngineTransforms *transforms) { if (transforms) { @@ -1607,16 +1607,16 @@ static inline void InspectionBufferApplyTransformsInternal( if (id == 0) break; BUG_ON(sigmatch_table[id].Transform == NULL); - sigmatch_table[id].Transform(buffer, transforms->transforms[i].options); + sigmatch_table[id].Transform(det_ctx, buffer, transforms->transforms[i].options); SCLogDebug("applied transform %s", sigmatch_table[id].name); } } } -void InspectionBufferApplyTransforms( - InspectionBuffer *buffer, const DetectEngineTransforms *transforms) +void InspectionBufferApplyTransforms(DetectEngineThreadCtx *det_ctx, InspectionBuffer *buffer, + const DetectEngineTransforms *transforms) { - InspectionBufferApplyTransformsInternal(buffer, transforms); + InspectionBufferApplyTransformsInternal(det_ctx, buffer, transforms); } void InspectionBufferInit(InspectionBuffer *buffer, uint32_t initial_size) @@ -1642,8 +1642,8 @@ void InspectionBufferSetupMultiEmpty(InspectionBuffer *buffer) } /** \brief setup the buffer with our initial data */ -void InspectionBufferSetupMulti(InspectionBuffer *buffer, const DetectEngineTransforms *transforms, - const uint8_t *data, const uint32_t data_len) +void InspectionBufferSetupMulti(DetectEngineThreadCtx *det_ctx, InspectionBuffer *buffer, + const DetectEngineTransforms *transforms, const uint8_t *data, const uint32_t data_len) { #ifdef DEBUG_VALIDATION DEBUG_VALIDATE_BUG_ON(!buffer->multi); @@ -1653,7 +1653,7 @@ void InspectionBufferSetupMulti(InspectionBuffer *buffer, const DetectEngineTran buffer->len = 0; buffer->initialized = true; - InspectionBufferApplyTransformsInternal(buffer, transforms); + InspectionBufferApplyTransformsInternal(det_ctx, buffer, transforms); } static inline void InspectionBufferSetupInternal(DetectEngineThreadCtx *det_ctx, const int list_id, @@ -1687,7 +1687,7 @@ void InspectionBufferSetupAndApplyTransforms(DetectEngineThreadCtx *det_ctx, con const DetectEngineTransforms *transforms) { InspectionBufferSetupInternal(det_ctx, list_id, buffer, data, data_len); - InspectionBufferApplyTransformsInternal(buffer, transforms); + InspectionBufferApplyTransformsInternal(det_ctx, buffer, transforms); } void InspectionBufferFree(InspectionBuffer *buffer) diff --git a/src/detect-engine.h b/src/detect-engine.h index bba132e27f..d40be2e062 100644 --- a/src/detect-engine.h +++ b/src/detect-engine.h @@ -37,13 +37,13 @@ void InspectionBufferFree(InspectionBuffer *buffer); void *InspectionBufferCheckAndExpand(InspectionBuffer *buffer, uint32_t min_size); void InspectionBufferTruncate(InspectionBuffer *buffer, uint32_t buf_len); void InspectionBufferCopy(InspectionBuffer *buffer, uint8_t *buf, uint32_t buf_len); -void InspectionBufferApplyTransforms(InspectionBuffer *buffer, +void InspectionBufferApplyTransforms(DetectEngineThreadCtx *det_ctx, InspectionBuffer *buffer, const DetectEngineTransforms *transforms); void InspectionBufferClean(DetectEngineThreadCtx *det_ctx); InspectionBuffer *InspectionBufferGet(DetectEngineThreadCtx *det_ctx, const int list_id); void InspectionBufferSetupMultiEmpty(InspectionBuffer *buffer); -void InspectionBufferSetupMulti(InspectionBuffer *buffer, const DetectEngineTransforms *transforms, - const uint8_t *data, const uint32_t data_len); +void InspectionBufferSetupMulti(DetectEngineThreadCtx *det_ctx, InspectionBuffer *buffer, + const DetectEngineTransforms *transforms, const uint8_t *data, const uint32_t data_len); InspectionBuffer *InspectionBufferMultipleForListGet( DetectEngineThreadCtx *det_ctx, const int list_id, uint32_t local_id); diff --git a/src/detect-file-data.c b/src/detect-file-data.c index 202ec2d57b..f1e17c8535 100644 --- a/src/detect-file-data.c +++ b/src/detect-file-data.c @@ -210,7 +210,8 @@ static inline InspectionBuffer *FiledataWithXformsGetDataCallback(DetectEngineTh return buffer; } - InspectionBufferSetupMulti(buffer, transforms, base_buffer->inspect, base_buffer->inspect_len); + InspectionBufferSetupMulti( + det_ctx, buffer, transforms, base_buffer->inspect, base_buffer->inspect_len); buffer->inspect_offset = base_buffer->inspect_offset; SCLogDebug("xformed buffer %p size %u", buffer, buffer->inspect_len); SCReturnPtr(buffer, "InspectionBuffer"); @@ -369,7 +370,7 @@ static InspectionBuffer *FiledataGetDataCallback(DetectEngineThreadCtx *det_ctx, SCLogDebug("content inspected: %" PRIu64, cur_file->content_inspected); } - InspectionBufferSetupMulti(buffer, NULL, data, data_len); + InspectionBufferSetupMulti(det_ctx, buffer, NULL, data, data_len); SCLogDebug("[list %d] [before] buffer offset %" PRIu64 "; buffer len %" PRIu32 "; data_len %" PRIu32 "; file_size %" PRIu64, list_id, buffer->inspect_offset, buffer->inspect_len, data_len, file_size); diff --git a/src/detect-filemagic.c b/src/detect-filemagic.c index 365aa997ae..77966ebd99 100644 --- a/src/detect-filemagic.c +++ b/src/detect-filemagic.c @@ -295,7 +295,7 @@ static InspectionBuffer *FilemagicGetDataCallback(DetectEngineThreadCtx *det_ctx const uint8_t *data = (const uint8_t *)cur_file->magic; uint32_t data_len = (uint32_t)strlen(cur_file->magic); - InspectionBufferSetupMulti(buffer, transforms, data, data_len); + InspectionBufferSetupMulti(det_ctx, buffer, transforms, data, data_len); SCReturnPtr(buffer, "InspectionBuffer"); } diff --git a/src/detect-filename.c b/src/detect-filename.c index 7d75b5dcb4..65e0151e8b 100644 --- a/src/detect-filename.c +++ b/src/detect-filename.c @@ -232,7 +232,7 @@ static InspectionBuffer *FilenameGetDataCallback(DetectEngineThreadCtx *det_ctx, const uint8_t *data = cur_file->name; uint32_t data_len = cur_file->name_len; - InspectionBufferSetupMulti(buffer, transforms, data, data_len); + InspectionBufferSetupMulti(det_ctx, buffer, transforms, data, data_len); SCReturnPtr(buffer, "InspectionBuffer"); } diff --git a/src/detect-http-client-body.c b/src/detect-http-client-body.c index f0f0538a89..2504f67fd8 100644 --- a/src/detect-http-client-body.c +++ b/src/detect-http-client-body.c @@ -211,7 +211,7 @@ static inline InspectionBuffer *HttpRequestBodyXformsGetDataCallback(DetectEngin InspectionBufferSetup(det_ctx, list_id, buffer, base_buffer->inspect, base_buffer->inspect_len); buffer->inspect_offset = base_buffer->inspect_offset; - InspectionBufferApplyTransforms(buffer, transforms); + InspectionBufferApplyTransforms(det_ctx, buffer, transforms); SCLogDebug("xformed buffer %p size %u", buffer, buffer->inspect_len); SCReturnPtr(buffer, "InspectionBuffer"); } diff --git a/src/detect-http-header.c b/src/detect-http-header.c index 7e3dd68779..5a7536f819 100644 --- a/src/detect-http-header.c +++ b/src/detect-http-header.c @@ -521,7 +521,7 @@ static InspectionBuffer *GetHttp2HeaderData(DetectEngineThreadCtx *det_ctx, return NULL; } - InspectionBufferSetupMulti(buffer, transforms, b, b_len); + InspectionBufferSetupMulti(det_ctx, buffer, transforms, b, b_len); buffer->flags = DETECT_CI_FLAGS_SINGLE; SCReturnPtr(buffer, "InspectionBuffer"); @@ -599,8 +599,8 @@ static InspectionBuffer *GetHttp1HeaderData(DetectEngineThreadCtx *det_ctx, // hdr_td->len is the number of header buffers if (local_id < hdr_td->len) { // we have one valid header buffer - InspectionBufferSetupMulti( - buffer, transforms, hdr_td->items[local_id].buffer, hdr_td->items[local_id].len); + InspectionBufferSetupMulti(det_ctx, buffer, transforms, hdr_td->items[local_id].buffer, + hdr_td->items[local_id].len); buffer->flags = DETECT_CI_FLAGS_SINGLE; SCReturnPtr(buffer, "InspectionBuffer"); } // else there are no more header buffer to get diff --git a/src/detect-ike-vendor.c b/src/detect-ike-vendor.c index ea56605087..f7b5d546b2 100644 --- a/src/detect-ike-vendor.c +++ b/src/detect-ike-vendor.c @@ -58,7 +58,7 @@ static InspectionBuffer *IkeVendorGetData(DetectEngineThreadCtx *det_ctx, return NULL; } - InspectionBufferSetupMulti(buffer, transforms, data, data_len); + InspectionBufferSetupMulti(det_ctx, buffer, transforms, data, data_len); buffer->flags = DETECT_CI_FLAGS_SINGLE; SCReturnPtr(buffer, "InspectionBuffer"); diff --git a/src/detect-ipaddr.c b/src/detect-ipaddr.c index aeac80f71d..a3d2c6b4c8 100644 --- a/src/detect-ipaddr.c +++ b/src/detect-ipaddr.c @@ -128,7 +128,7 @@ static InspectionBuffer *GetDataSrc(DetectEngineThreadCtx *det_ctx, } else { return NULL; } - InspectionBufferApplyTransforms(buffer, transforms); + InspectionBufferApplyTransforms(det_ctx, buffer, transforms); } return buffer; @@ -152,7 +152,7 @@ static InspectionBuffer *GetDataDst(DetectEngineThreadCtx *det_ctx, } else { return NULL; } - InspectionBufferApplyTransforms(buffer, transforms); + InspectionBufferApplyTransforms(det_ctx, buffer, transforms); } return buffer; diff --git a/src/detect-ja4-hash.c b/src/detect-ja4-hash.c index 8dabe34f89..3a835b2e3a 100644 --- a/src/detect-ja4-hash.c +++ b/src/detect-ja4-hash.c @@ -154,7 +154,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, InspectionBufferSetup(det_ctx, list_id, buffer, data, 0); InspectionBufferCopy(buffer, data, JA4_HEX_LEN); - InspectionBufferApplyTransforms(buffer, transforms); + InspectionBufferApplyTransforms(det_ctx, buffer, transforms); } return buffer; @@ -176,7 +176,7 @@ static InspectionBuffer *Ja4DetectGetHash(DetectEngineThreadCtx *det_ctx, InspectionBufferSetup(det_ctx, list_id, buffer, NULL, 0); InspectionBufferCopy(buffer, (uint8_t *)b, JA4_HEX_LEN); - InspectionBufferApplyTransforms(buffer, transforms); + InspectionBufferApplyTransforms(det_ctx, buffer, transforms); } return buffer; } diff --git a/src/detect-krb5-cname.c b/src/detect-krb5-cname.c index 7e76551172..3966c2daeb 100644 --- a/src/detect-krb5-cname.c +++ b/src/detect-krb5-cname.c @@ -73,7 +73,7 @@ static InspectionBuffer *GetKrb5CNameData(DetectEngineThreadCtx *det_ctx, return NULL; } - InspectionBufferSetupMulti(buffer, transforms, b, b_len); + InspectionBufferSetupMulti(det_ctx, buffer, transforms, b, b_len); buffer->flags = DETECT_CI_FLAGS_SINGLE; SCReturnPtr(buffer, "InspectionBuffer"); diff --git a/src/detect-krb5-sname.c b/src/detect-krb5-sname.c index c8dd5acbe3..5c6c426c4f 100644 --- a/src/detect-krb5-sname.c +++ b/src/detect-krb5-sname.c @@ -73,7 +73,7 @@ static InspectionBuffer *GetKrb5SNameData(DetectEngineThreadCtx *det_ctx, return NULL; } - InspectionBufferSetupMulti(buffer, transforms, b, b_len); + InspectionBufferSetupMulti(det_ctx, buffer, transforms, b, b_len); buffer->flags = DETECT_CI_FLAGS_SINGLE; SCReturnPtr(buffer, "InspectionBuffer"); diff --git a/src/detect-quic-cyu-hash.c b/src/detect-quic-cyu-hash.c index 47cb112ed6..b51f0443ac 100644 --- a/src/detect-quic-cyu-hash.c +++ b/src/detect-quic-cyu-hash.c @@ -76,7 +76,7 @@ static InspectionBuffer *QuicHashGetData(DetectEngineThreadCtx *det_ctx, return NULL; } - InspectionBufferSetupMulti(buffer, transforms, data, data_len); + InspectionBufferSetupMulti(det_ctx, buffer, transforms, data, data_len); buffer->flags = DETECT_CI_FLAGS_SINGLE; SCReturnPtr(buffer, "InspectionBuffer"); diff --git a/src/detect-quic-cyu-string.c b/src/detect-quic-cyu-string.c index 574f0fd89c..e4ca367322 100644 --- a/src/detect-quic-cyu-string.c +++ b/src/detect-quic-cyu-string.c @@ -72,7 +72,7 @@ static InspectionBuffer *QuicStringGetData(DetectEngineThreadCtx *det_ctx, return NULL; } - InspectionBufferSetupMulti(buffer, transforms, data, data_len); + InspectionBufferSetupMulti(det_ctx, buffer, transforms, data, data_len); buffer->flags = DETECT_CI_FLAGS_SINGLE; SCReturnPtr(buffer, "InspectionBuffer"); diff --git a/src/detect-smtp.c b/src/detect-smtp.c index 0c3e46150d..332a766d34 100644 --- a/src/detect-smtp.c +++ b/src/detect-smtp.c @@ -57,7 +57,7 @@ static InspectionBuffer *GetSmtpHeloData(DetectEngineThreadCtx *det_ctx, if (smtp_state->helo == NULL || smtp_state->helo_len == 0) return NULL; InspectionBufferSetup(det_ctx, list_id, buffer, smtp_state->helo, smtp_state->helo_len); - InspectionBufferApplyTransforms(buffer, transforms); + InspectionBufferApplyTransforms(det_ctx, buffer, transforms); } } return buffer; @@ -84,7 +84,7 @@ static InspectionBuffer *GetSmtpMailFromData(DetectEngineThreadCtx *det_ctx, if (tx->mail_from == NULL || tx->mail_from_len == 0) return NULL; InspectionBufferSetup(det_ctx, list_id, buffer, tx->mail_from, tx->mail_from_len); - InspectionBufferApplyTransforms(buffer, transforms); + InspectionBufferApplyTransforms(det_ctx, buffer, transforms); } return buffer; } @@ -129,7 +129,7 @@ static InspectionBuffer *GetSmtpRcptToData(DetectEngineThreadCtx *det_ctx, return NULL; } - InspectionBufferSetupMulti(buffer, transforms, s->str, s->len); + InspectionBufferSetupMulti(det_ctx, buffer, transforms, s->str, s->len); buffer->flags = DETECT_CI_FLAGS_SINGLE; return buffer; } diff --git a/src/detect-tls-alpn.c b/src/detect-tls-alpn.c index b4aa82f9c5..ccee33b14b 100644 --- a/src/detect-tls-alpn.c +++ b/src/detect-tls-alpn.c @@ -141,7 +141,7 @@ static InspectionBuffer *TlsAlpnGetData(DetectEngineThreadCtx *det_ctx, return NULL; } - InspectionBufferSetupMulti(buffer, transforms, a->alpn, a->size); + InspectionBufferSetupMulti(det_ctx, buffer, transforms, a->alpn, a->size); buffer->flags = DETECT_CI_FLAGS_SINGLE; SCReturnPtr(buffer, "InspectionBuffer"); diff --git a/src/detect-tls-certs.c b/src/detect-tls-certs.c index a45bb775d9..4bdd52d529 100644 --- a/src/detect-tls-certs.c +++ b/src/detect-tls-certs.c @@ -101,7 +101,7 @@ static InspectionBuffer *TlsCertsGetData(DetectEngineThreadCtx *det_ctx, return NULL; } - InspectionBufferSetupMulti(buffer, transforms, cert->cert_data, cert->cert_len); + InspectionBufferSetupMulti(det_ctx, buffer, transforms, cert->cert_data, cert->cert_len); buffer->flags = DETECT_CI_FLAGS_SINGLE; SCReturnPtr(buffer, "InspectionBuffer"); diff --git a/src/detect-tls-subjectaltname.c b/src/detect-tls-subjectaltname.c index f07b54dc3c..80455d6d23 100644 --- a/src/detect-tls-subjectaltname.c +++ b/src/detect-tls-subjectaltname.c @@ -120,7 +120,7 @@ static InspectionBuffer *TlsSubjectAltNameGetData(DetectEngineThreadCtx *det_ctx return NULL; } - InspectionBufferSetupMulti(buffer, transforms, (const uint8_t *)connp->cert0_sans[idx], + InspectionBufferSetupMulti(det_ctx, buffer, transforms, (const uint8_t *)connp->cert0_sans[idx], strlen(connp->cert0_sans[idx])); buffer->flags = DETECT_CI_FLAGS_SINGLE; diff --git a/src/detect-transform-base64.c b/src/detect-transform-base64.c index 18a36be10e..80f344a680 100644 --- a/src/detect-transform-base64.c +++ b/src/detect-transform-base64.c @@ -43,7 +43,8 @@ static void DetectTransformFromBase64DecodeFree(DetectEngineCtx *, void *); #define DETECT_TRANSFORM_FROM_BASE64_MODE_DEFAULT (uint8_t) SCBase64ModeRFC4648 static void DetectTransformFromBase64DecodeRegisterTests(void); #endif -static void TransformFromBase64Decode(InspectionBuffer *buffer, void *options); +static void TransformFromBase64Decode( + DetectEngineThreadCtx *det_ctx, InspectionBuffer *buffer, void *options); void DetectTransformFromBase64DecodeRegister(void) { @@ -112,7 +113,8 @@ exit_path: SCReturnInt(r); } -static void TransformFromBase64Decode(InspectionBuffer *buffer, void *options) +static void TransformFromBase64Decode( + DetectEngineThreadCtx *det_ctx, InspectionBuffer *buffer, void *options) { SCDetectTransformFromBase64Data *b64d = options; const uint8_t *input = buffer->inspect; @@ -170,7 +172,7 @@ static int DetectTransformFromBase64DecodeTest01(void) InspectionBufferInit(&buffer, input_len); InspectionBufferSetup(NULL, -1, &buffer, input, input_len); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); - TransformFromBase64Decode(&buffer, &b64d); + TransformFromBase64Decode(NULL, &buffer, &b64d); FAIL_IF_NOT(buffer.inspect_len == result_len); FAIL_IF_NOT(strncmp(result, (const char *)buffer.inspect, result_len) == 0); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); @@ -191,7 +193,7 @@ static int DetectTransformFromBase64DecodeTest01a(void) InspectionBufferInit(&buffer, input_len); InspectionBufferSetup(NULL, -1, &buffer, input, input_len); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); - TransformFromBase64Decode(&buffer, &b64d); + TransformFromBase64Decode(NULL, &buffer, &b64d); FAIL_IF_NOT(buffer.inspect_len == result_len); FAIL_IF_NOT(strncmp(result, (const char *)buffer.inspect, result_len) == 0); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); @@ -211,7 +213,7 @@ static int DetectTransformFromBase64DecodeTest02(void) InspectionBufferSetup(NULL, -1, &buffer, input, input_len); buffer_orig = buffer; PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); - TransformFromBase64Decode(&buffer, &b64d); + TransformFromBase64Decode(NULL, &buffer, &b64d); FAIL_IF_NOT(buffer.inspect_offset == buffer_orig.inspect_offset); FAIL_IF_NOT(buffer.inspect_len == buffer_orig.inspect_len); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); @@ -233,7 +235,7 @@ static int DetectTransformFromBase64DecodeTest03(void) InspectionBufferInit(&buffer, input_len); InspectionBufferSetup(NULL, -1, &buffer, input, input_len); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); - TransformFromBase64Decode(&buffer, &b64d); + TransformFromBase64Decode(NULL, &buffer, &b64d); FAIL_IF_NOT(strncmp((const char *)input, (const char *)buffer.inspect, input_len) == 0); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); InspectionBufferFree(&buffer); @@ -254,7 +256,7 @@ static int DetectTransformFromBase64DecodeTest04(void) InspectionBufferInit(&buffer, input_len); InspectionBufferSetup(NULL, -1, &buffer, input, input_len); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); - TransformFromBase64Decode(&buffer, &b64d); + TransformFromBase64Decode(NULL, &buffer, &b64d); FAIL_IF_NOT(strncmp((const char *)input, (const char *)buffer.inspect, input_len) == 0); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); InspectionBufferFree(&buffer); @@ -278,7 +280,7 @@ static int DetectTransformFromBase64DecodeTest05(void) InspectionBufferInit(&buffer, input_len); InspectionBufferSetup(NULL, -1, &buffer, input, input_len); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); - TransformFromBase64Decode(&buffer, &b64d); + TransformFromBase64Decode(NULL, &buffer, &b64d); FAIL_IF_NOT(buffer.inspect_len == result_len); FAIL_IF_NOT(strncmp(result, (const char *)buffer.inspect, result_len) == 0); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); @@ -303,7 +305,7 @@ static int DetectTransformFromBase64DecodeTest06(void) InspectionBufferInit(&buffer, input_len); InspectionBufferSetup(NULL, -1, &buffer, input, input_len); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); - TransformFromBase64Decode(&buffer, &b64d); + TransformFromBase64Decode(NULL, &buffer, &b64d); FAIL_IF_NOT(buffer.inspect_len == result_len); FAIL_IF_NOT(strncmp(result, (const char *)buffer.inspect, result_len) == 0); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); @@ -327,7 +329,7 @@ static int DetectTransformFromBase64DecodeTest07(void) InspectionBufferInit(&buffer, input_len); InspectionBufferSetup(NULL, -1, &buffer, input, input_len); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); - TransformFromBase64Decode(&buffer, &b64d); + TransformFromBase64Decode(NULL, &buffer, &b64d); FAIL_IF_NOT(buffer.inspect_len == result_len); FAIL_IF_NOT(strncmp(result, (const char *)buffer.inspect, result_len) == 0); PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); @@ -348,7 +350,7 @@ static int DetectTransformFromBase64DecodeTest08(void) InspectionBufferInit(&buffer, input_len); InspectionBufferSetup(NULL, -1, &buffer, input, input_len); // PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); - TransformFromBase64Decode(&buffer, &b64d); + TransformFromBase64Decode(NULL, &buffer, &b64d); FAIL_IF_NOT(buffer.inspect_len == 15); // PrintRawDataFp(stdout, buffer.inspect, buffer.inspect_len); InspectionBufferFree(&buffer); diff --git a/src/detect-transform-pcrexform.c b/src/detect-transform-pcrexform.c index c517175b87..b24ad64f80 100644 --- a/src/detect-transform-pcrexform.c +++ b/src/detect-transform-pcrexform.c @@ -38,7 +38,8 @@ typedef struct DetectTransformPcrexformData { static int DetectTransformPcrexformSetup (DetectEngineCtx *, Signature *, const char *); static void DetectTransformPcrexformFree(DetectEngineCtx *, void *); -static void DetectTransformPcrexform(InspectionBuffer *buffer, void *options); +static void DetectTransformPcrexform( + DetectEngineThreadCtx *det_ctx, InspectionBuffer *buffer, void *options); #ifdef UNITTESTS void DetectTransformPcrexformRegisterTests (void); #endif @@ -132,7 +133,8 @@ static int DetectTransformPcrexformSetup (DetectEngineCtx *de_ctx, Signature *s, SCReturnInt(r); } -static void DetectTransformPcrexform(InspectionBuffer *buffer, void *options) +static void DetectTransformPcrexform( + DetectEngineThreadCtx *det_ctx, InspectionBuffer *buffer, void *options) { const char *input = (const char *)buffer->inspect; const uint32_t input_len = buffer->inspect_len; diff --git a/src/detect.h b/src/detect.h index 639ba0ea34..c7b077963f 100644 --- a/src/detect.h +++ b/src/detect.h @@ -1337,7 +1337,7 @@ typedef struct SigTableElmt_ { uint8_t flags, File *, const Signature *, const SigMatchCtx *); /** InspectionBuffer transformation callback */ - void (*Transform)(InspectionBuffer *, void *context); + void (*Transform)(DetectEngineThreadCtx *, InspectionBuffer *, void *context); bool (*TransformValidate)(const uint8_t *content, uint16_t content_len, void *context); /** keyword setup function pointer */ diff --git a/src/util-ja3.c b/src/util-ja3.c index 0ebd1557c5..af2cbbb2b3 100644 --- a/src/util-ja3.c +++ b/src/util-ja3.c @@ -278,7 +278,7 @@ InspectionBuffer *Ja3DetectGetHash(DetectEngineThreadCtx *det_ctx, InspectionBufferSetup(det_ctx, list_id, buffer, NULL, 0); InspectionBufferCopy(buffer, ja3_hash, SC_MD5_HEX_LEN); - InspectionBufferApplyTransforms(buffer, transforms); + InspectionBufferApplyTransforms(det_ctx, buffer, transforms); } return buffer; }