From: Victor Julien Date: Tue, 20 Oct 2020 08:42:59 +0000 (+0200) Subject: detect/mqtt: convert to v2 inspect API X-Git-Tag: suricata-7.0.0-beta1~1968 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2320d62872d81a6ab423b8adc92d2a9a35243b61;p=thirdparty%2Fsuricata.git detect/mqtt: convert to v2 inspect API --- diff --git a/src/detect-mqtt-connack-sessionpresent.c b/src/detect-mqtt-connack-sessionpresent.c index 8382e5e300..4e195e150b 100644 --- a/src/detect-mqtt-connack-sessionpresent.c +++ b/src/detect-mqtt-connack-sessionpresent.c @@ -45,11 +45,9 @@ static int DetectMQTTConnackSessionPresentSetup (DetectEngineCtx *, Signature *, void MQTTConnackSessionPresentRegisterTests(void); void DetectMQTTConnackSessionPresentFree(DetectEngineCtx *de_ctx, void *); -static int DetectEngineInspectMQTTConnackSessionPresentGeneric(ThreadVars *tv, - DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatchData *smd, - Flow *f, uint8_t flags, void *alstate, - void *txv, uint64_t tx_id); +static int DetectEngineInspectMQTTConnackSessionPresentGeneric(DetectEngineCtx *de_ctx, + DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, + const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); /** * \brief Registration function for mqtt.connack.session_present: keyword @@ -68,21 +66,18 @@ void DetectMQTTConnackSessionPresentRegister (void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); - DetectAppLayerInspectEngineRegister("mqtt.connack.session_present", - ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, - DetectEngineInspectMQTTConnackSessionPresentGeneric); + DetectAppLayerInspectEngineRegister2("mqtt.connack.session_present", ALPROTO_MQTT, + SIG_FLAG_TOSERVER, 1, DetectEngineInspectMQTTConnackSessionPresentGeneric, NULL); mqtt_connack_session_present_id = DetectBufferTypeGetByName("mqtt.connack.session_present"); } -static int DetectEngineInspectMQTTConnackSessionPresentGeneric(ThreadVars *tv, - DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatchData *smd, - Flow *f, uint8_t flags, void *alstate, - void *txv, uint64_t tx_id) +static int DetectEngineInspectMQTTConnackSessionPresentGeneric(DetectEngineCtx *de_ctx, + DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, + const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { - return DetectEngineInspectGenericList(tv, de_ctx, det_ctx, s, smd, - f, flags, alstate, txv, tx_id); + return DetectEngineInspectGenericList( + NULL, de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); } /** @@ -315,4 +310,4 @@ void MQTTConnackSessionPresentRegisterTests(void) UtRegisterTest("MQTTConnackSessionPresentTestParse03", MQTTConnackSessionPresentTestParse03); UtRegisterTest("MQTTConnackSessionPresentTestParse04", MQTTConnackSessionPresentTestParse04); #endif /* UNITTESTS */ -} \ No newline at end of file +} diff --git a/src/detect-mqtt-connect-flags.c b/src/detect-mqtt-connect-flags.c index 9d80860b14..8447d31a2b 100644 --- a/src/detect-mqtt-connect-flags.c +++ b/src/detect-mqtt-connect-flags.c @@ -45,11 +45,9 @@ static int DetectMQTTConnectFlagsSetup (DetectEngineCtx *, Signature *, const ch void MQTTConnectFlagsRegisterTests(void); void DetectMQTTConnectFlagsFree(DetectEngineCtx *de_ctx, void *); -static int DetectEngineInspectMQTTConnectFlagsGeneric(ThreadVars *tv, - DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatchData *smd, - Flow *f, uint8_t flags, void *alstate, - void *txv, uint64_t tx_id); +static int DetectEngineInspectMQTTConnectFlagsGeneric(DetectEngineCtx *de_ctx, + DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, + const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); typedef struct DetectMQTTConnectFlagsData_ { MQTTFlagState username, @@ -76,21 +74,18 @@ void DetectMQTTConnectFlagsRegister (void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); - DetectAppLayerInspectEngineRegister("mqtt.connect.flags", - ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, - DetectEngineInspectMQTTConnectFlagsGeneric); + DetectAppLayerInspectEngineRegister2("mqtt.connect.flags", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, + DetectEngineInspectMQTTConnectFlagsGeneric, NULL); mqtt_connect_flags_id = DetectBufferTypeGetByName("mqtt.connect.flags"); } -static int DetectEngineInspectMQTTConnectFlagsGeneric(ThreadVars *tv, - DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatchData *smd, - Flow *f, uint8_t flags, void *alstate, - void *txv, uint64_t tx_id) +static int DetectEngineInspectMQTTConnectFlagsGeneric(DetectEngineCtx *de_ctx, + DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, + const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { - return DetectEngineInspectGenericList(tv, de_ctx, det_ctx, s, smd, - f, flags, alstate, txv, tx_id); + return DetectEngineInspectGenericList( + NULL, de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); } /** @@ -403,4 +398,4 @@ void MQTTConnectFlagsRegisterTests(void) UtRegisterTest("MQTTConnectFlagsTestParse04", MQTTConnectFlagsTestParse04); UtRegisterTest("MQTTConnectFlagsTestParse05", MQTTConnectFlagsTestParse05); #endif /* UNITTESTS */ -} \ No newline at end of file +} diff --git a/src/detect-mqtt-flags.c b/src/detect-mqtt-flags.c index 8e63487d5d..59c8fd7303 100644 --- a/src/detect-mqtt-flags.c +++ b/src/detect-mqtt-flags.c @@ -45,11 +45,9 @@ static int DetectMQTTFlagsSetup (DetectEngineCtx *, Signature *, const char *); void MQTTFlagsRegisterTests(void); void DetectMQTTFlagsFree(DetectEngineCtx *de_ctx, void *); -static int DetectEngineInspectMQTTFlagsGeneric(ThreadVars *tv, - DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatchData *smd, - Flow *f, uint8_t flags, void *alstate, - void *txv, uint64_t tx_id); +static int DetectEngineInspectMQTTFlagsGeneric(DetectEngineCtx *de_ctx, + DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, + const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); typedef struct DetectMQTTFlagsData_ { MQTTFlagState retain, dup; @@ -72,21 +70,18 @@ void DetectMQTTFlagsRegister (void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); - DetectAppLayerInspectEngineRegister("mqtt.flags", - ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, - DetectEngineInspectMQTTFlagsGeneric); + DetectAppLayerInspectEngineRegister2("mqtt.flags", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, + DetectEngineInspectMQTTFlagsGeneric, NULL); mqtt_flags_id = DetectBufferTypeGetByName("mqtt.flags"); } -static int DetectEngineInspectMQTTFlagsGeneric(ThreadVars *tv, - DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatchData *smd, - Flow *f, uint8_t flags, void *alstate, - void *txv, uint64_t tx_id) +static int DetectEngineInspectMQTTFlagsGeneric(DetectEngineCtx *de_ctx, + DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, + const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { - return DetectEngineInspectGenericList(tv, de_ctx, det_ctx, s, smd, - f, flags, alstate, txv, tx_id); + return DetectEngineInspectGenericList( + NULL, de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); } /** @@ -373,4 +368,4 @@ void MQTTFlagsRegisterTests(void) UtRegisterTest("MQTTFlagsTestParse04", MQTTFlagsTestParse04); UtRegisterTest("MQTTFlagsTestParse05", MQTTFlagsTestParse05); #endif /* UNITTESTS */ -} \ No newline at end of file +} diff --git a/src/detect-mqtt-protocol-version.c b/src/detect-mqtt-protocol-version.c index 6f1a15675e..bc0f9e05ac 100644 --- a/src/detect-mqtt-protocol-version.c +++ b/src/detect-mqtt-protocol-version.c @@ -44,11 +44,9 @@ static int DetectMQTTProtocolVersionSetup (DetectEngineCtx *, Signature *, const void MQTTProtocolVersionRegisterTests(void); void DetectMQTTProtocolVersionFree(DetectEngineCtx *de_ctx, void *); -static int DetectEngineInspectMQTTProtocolVersionGeneric(ThreadVars *tv, - DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatchData *smd, - Flow *f, uint8_t flags, void *alstate, - void *txv, uint64_t tx_id); +static int DetectEngineInspectMQTTProtocolVersionGeneric(DetectEngineCtx *de_ctx, + DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, + const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); /** * \brief Registration function for mqtt.protocol_version: keyword @@ -65,21 +63,18 @@ void DetectMQTTProtocolVersionRegister (void) sigmatch_table[DETECT_AL_MQTT_PROTOCOL_VERSION].RegisterTests = MQTTProtocolVersionRegisterTests; #endif - DetectAppLayerInspectEngineRegister("mqtt.protocol_version", - ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, - DetectEngineInspectMQTTProtocolVersionGeneric); + DetectAppLayerInspectEngineRegister2("mqtt.protocol_version", ALPROTO_MQTT, SIG_FLAG_TOSERVER, + 1, DetectEngineInspectMQTTProtocolVersionGeneric, NULL); mqtt_protocol_version_id = DetectBufferTypeGetByName("mqtt.protocol_version"); } -static int DetectEngineInspectMQTTProtocolVersionGeneric(ThreadVars *tv, - DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatchData *smd, - Flow *f, uint8_t flags, void *alstate, - void *txv, uint64_t tx_id) +static int DetectEngineInspectMQTTProtocolVersionGeneric(DetectEngineCtx *de_ctx, + DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, + const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { - return DetectEngineInspectGenericList(tv, de_ctx, det_ctx, s, smd, - f, flags, alstate, txv, tx_id); + return DetectEngineInspectGenericList( + NULL, de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); } /** @@ -270,4 +265,4 @@ void MQTTProtocolVersionRegisterTests(void) UtRegisterTest("MQTTProtocolVersionTestParse03", MQTTProtocolVersionTestParse03); UtRegisterTest("MQTTProtocolVersionTestParse04", MQTTProtocolVersionTestParse04); #endif /* UNITTESTS */ -} \ No newline at end of file +} diff --git a/src/detect-mqtt-qos.c b/src/detect-mqtt-qos.c index c3e5d2ffe6..588f5d504a 100644 --- a/src/detect-mqtt-qos.c +++ b/src/detect-mqtt-qos.c @@ -43,11 +43,9 @@ static int DetectMQTTQosSetup (DetectEngineCtx *, Signature *, const char *); void MQTTQosRegisterTests(void); void DetectMQTTQosFree(DetectEngineCtx *de_ctx, void *); -static int DetectEngineInspectMQTTQosGeneric(ThreadVars *tv, - DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatchData *smd, - Flow *f, uint8_t flags, void *alstate, - void *txv, uint64_t tx_id); +static int DetectEngineInspectMQTTQosGeneric(DetectEngineCtx *de_ctx, + DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, + const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); /** * \brief Registration function for mqtt.qos: keyword @@ -64,21 +62,18 @@ void DetectMQTTQosRegister (void) sigmatch_table[DETECT_AL_MQTT_QOS].RegisterTests = MQTTQosRegisterTests; #endif - DetectAppLayerInspectEngineRegister("mqtt.qos", - ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, - DetectEngineInspectMQTTQosGeneric); + DetectAppLayerInspectEngineRegister2("mqtt.qos", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, + DetectEngineInspectMQTTQosGeneric, NULL); mqtt_qos_id = DetectBufferTypeGetByName("mqtt.qos"); } -static int DetectEngineInspectMQTTQosGeneric(ThreadVars *tv, - DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatchData *smd, - Flow *f, uint8_t flags, void *alstate, - void *txv, uint64_t tx_id) +static int DetectEngineInspectMQTTQosGeneric(DetectEngineCtx *de_ctx, + DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, + const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { - return DetectEngineInspectGenericList(tv, de_ctx, det_ctx, s, smd, - f, flags, alstate, txv, tx_id); + return DetectEngineInspectGenericList( + NULL, de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); } /** @@ -279,4 +274,4 @@ void MQTTQosRegisterTests(void) UtRegisterTest("MQTTQosTestParse02", MQTTQosTestParse02); UtRegisterTest("MQTTQosTestParse03", MQTTQosTestParse03); #endif /* UNITTESTS */ -} \ No newline at end of file +} diff --git a/src/detect-mqtt-reason-code.c b/src/detect-mqtt-reason-code.c index 47d577bd8e..8a1adba954 100644 --- a/src/detect-mqtt-reason-code.c +++ b/src/detect-mqtt-reason-code.c @@ -46,11 +46,9 @@ static int DetectMQTTReasonCodeSetup (DetectEngineCtx *, Signature *, const char void MQTTReasonCodeRegisterTests(void); void DetectMQTTReasonCodeFree(DetectEngineCtx *de_ctx, void *); -static int DetectEngineInspectMQTTReasonCodeGeneric(ThreadVars *tv, - DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatchData *smd, - Flow *f, uint8_t flags, void *alstate, - void *txv, uint64_t tx_id); +static int DetectEngineInspectMQTTReasonCodeGeneric(DetectEngineCtx *de_ctx, + DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, + const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); /** * \brief Registration function for mqtt.reason_code: keyword @@ -70,21 +68,18 @@ void DetectMQTTReasonCodeRegister (void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); - DetectAppLayerInspectEngineRegister("mqtt.reason_code", - ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, - DetectEngineInspectMQTTReasonCodeGeneric); + DetectAppLayerInspectEngineRegister2("mqtt.reason_code", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, + DetectEngineInspectMQTTReasonCodeGeneric, NULL); mqtt_reason_code_id = DetectBufferTypeGetByName("mqtt.reason_code"); } -static int DetectEngineInspectMQTTReasonCodeGeneric(ThreadVars *tv, - DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatchData *smd, - Flow *f, uint8_t flags, void *alstate, - void *txv, uint64_t tx_id) +static int DetectEngineInspectMQTTReasonCodeGeneric(DetectEngineCtx *de_ctx, + DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, + const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { - return DetectEngineInspectGenericList(tv, de_ctx, det_ctx, s, smd, - f, flags, alstate, txv, tx_id); + return DetectEngineInspectGenericList( + NULL, de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); } /** @@ -315,4 +310,4 @@ void MQTTReasonCodeRegisterTests(void) UtRegisterTest("MQTTReasonCodeTestParse03", MQTTReasonCodeTestParse03); UtRegisterTest("MQTTReasonCodeTestParse04", MQTTReasonCodeTestParse04); #endif /* UNITTESTS */ -} \ No newline at end of file +} diff --git a/src/detect-mqtt-type.c b/src/detect-mqtt-type.c index 2dead935c4..c75c84d833 100644 --- a/src/detect-mqtt-type.c +++ b/src/detect-mqtt-type.c @@ -42,11 +42,9 @@ static int DetectMQTTTypeSetup (DetectEngineCtx *, Signature *, const char *); void MQTTTypeRegisterTests(void); void DetectMQTTTypeFree(DetectEngineCtx *de_ctx, void *); -static int DetectEngineInspectMQTTTypeGeneric(ThreadVars *tv, - DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatchData *smd, - Flow *f, uint8_t flags, void *alstate, - void *txv, uint64_t tx_id); +static int DetectEngineInspectMQTTTypeGeneric(DetectEngineCtx *de_ctx, + DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, + const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); /** * \brief Registration function for ipopts: keyword @@ -63,21 +61,18 @@ void DetectMQTTTypeRegister (void) sigmatch_table[DETECT_AL_MQTT_TYPE].RegisterTests = MQTTTypeRegisterTests; #endif - DetectAppLayerInspectEngineRegister("mqtt.type", - ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, - DetectEngineInspectMQTTTypeGeneric); + DetectAppLayerInspectEngineRegister2("mqtt.type", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, + DetectEngineInspectMQTTTypeGeneric, NULL); mqtt_type_id = DetectBufferTypeGetByName("mqtt.type"); } -static int DetectEngineInspectMQTTTypeGeneric(ThreadVars *tv, - DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, - const Signature *s, const SigMatchData *smd, - Flow *f, uint8_t flags, void *alstate, - void *txv, uint64_t tx_id) +static int DetectEngineInspectMQTTTypeGeneric(DetectEngineCtx *de_ctx, + DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, + const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { - return DetectEngineInspectGenericList(tv, de_ctx, det_ctx, s, smd, - f, flags, alstate, txv, tx_id); + return DetectEngineInspectGenericList( + NULL, de_ctx, det_ctx, s, engine->smd, f, flags, alstate, txv, tx_id); } /** @@ -277,4 +272,4 @@ void MQTTTypeRegisterTests(void) UtRegisterTest("MQTTTypeTestParse02", MQTTTypeTestParse02); UtRegisterTest("MQTTTypeTestParse03", MQTTTypeTestParse03); #endif /* UNITTESTS */ -} \ No newline at end of file +}