From: Philippe Antoine Date: Tue, 10 Jun 2025 08:01:15 +0000 (+0200) Subject: rust: bindgen SCAppLayerParserRegisterLogger X-Git-Tag: suricata-8.0.0-rc1~93 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=49b2a2be5ddd6aa5ffee93e4e232e13b3cf47996;p=thirdparty%2Fsuricata.git rust: bindgen SCAppLayerParserRegisterLogger Ticket: 7667 --- diff --git a/examples/plugins/altemplate/src/template.rs b/examples/plugins/altemplate/src/template.rs index 48dc4c48f1..da05a5057b 100644 --- a/examples/plugins/altemplate/src/template.rs +++ b/examples/plugins/altemplate/src/template.rs @@ -27,10 +27,10 @@ use std::collections::VecDeque; use std::ffi::CString; use std::os::raw::{c_char, c_int, c_void}; use suricata::applayer::{ - state_get_tx_iterator, AppLayerEvent, AppLayerParserConfParserEnabled, - AppLayerParserRegisterLogger, AppLayerRegisterParser, AppLayerRegisterProtocolDetection, - AppLayerResult, AppLayerStateData, AppLayerTxData, RustParser, State, StreamSlice, Transaction, - APP_LAYER_PARSER_EOF_TC, APP_LAYER_PARSER_EOF_TS, APP_LAYER_PARSER_OPT_ACCEPT_GAPS, + state_get_tx_iterator, AppLayerEvent, AppLayerParserConfParserEnabled, AppLayerRegisterParser, + AppLayerRegisterProtocolDetection, AppLayerResult, AppLayerStateData, AppLayerTxData, + RustParser, State, StreamSlice, Transaction, APP_LAYER_PARSER_EOF_TC, APP_LAYER_PARSER_EOF_TS, + APP_LAYER_PARSER_OPT_ACCEPT_GAPS, }; use suricata::conf::conf_get; use suricata::core::{ALPROTO_UNKNOWN, IPPROTO_TCP}; @@ -38,8 +38,8 @@ use suricata::{ build_slice, cast_pointer, export_state_data_get, export_tx_data_get, SCLogError, SCLogNotice, }; use suricata_sys::sys::{ - AppLayerParserState, AppProto, Flow, SCAppLayerParserStateIssetFlag, - SCAppLayerProtoDetectConfProtoDetectionEnabled, + AppLayerParserState, AppProto, Flow, SCAppLayerParserRegisterLogger, + SCAppLayerParserStateIssetFlag, SCAppLayerProtoDetectConfProtoDetectionEnabled, }; static mut TEMPLATE_MAX_TX: usize = 256; @@ -423,7 +423,7 @@ pub(super) unsafe extern "C" fn template_register_parser() { SCLogError!("Invalid value for template.max-tx"); } } - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TEMPLATE); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TEMPLATE); SCLogNotice!("Rust template parser registered."); } else { SCLogNotice!("Protocol detector and parser disabled for TEMPLATE."); diff --git a/rust/src/applayer.rs b/rust/src/applayer.rs index 6e94c7e44d..1841376306 100644 --- a/rust/src/applayer.rs +++ b/rust/src/applayer.rs @@ -538,7 +538,6 @@ pub const APP_LAYER_TX_ACCEPT: u8 = BIT_U8!(4); /// cbindgen:ignore extern "C" { pub fn AppLayerParserConfParserEnabled(ipproto: *const c_char, proto: *const c_char) -> c_int; - pub fn AppLayerParserRegisterLogger(pproto: u8, alproto: AppProto); } #[repr(C)] diff --git a/rust/src/applayertemplate/template.rs b/rust/src/applayertemplate/template.rs index 05c0ba60da..f30f4bae0d 100644 --- a/rust/src/applayertemplate/template.rs +++ b/rust/src/applayertemplate/template.rs @@ -26,7 +26,7 @@ use std::collections::VecDeque; use std::ffi::CString; use std::os::raw::{c_char, c_int, c_void}; use suricata_sys::sys::{ - AppLayerParserState, AppProto, SCAppLayerParserStateIssetFlag, + AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger, SCAppLayerParserStateIssetFlag, SCAppLayerProtoDetectConfProtoDetectionEnabled, }; @@ -418,7 +418,7 @@ pub unsafe extern "C" fn SCRegisterTemplateParser() { SCLogError!("Invalid value for template.max-tx"); } } - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TEMPLATE); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TEMPLATE); SCLogNotice!("Rust template parser registered."); } else { SCLogNotice!("Protocol detector and parser disabled for TEMPLATE."); diff --git a/rust/src/bittorrent_dht/bittorrent_dht.rs b/rust/src/bittorrent_dht/bittorrent_dht.rs index 8ebf232687..963fe099d8 100644 --- a/rust/src/bittorrent_dht/bittorrent_dht.rs +++ b/rust/src/bittorrent_dht/bittorrent_dht.rs @@ -16,8 +16,8 @@ */ use suricata_sys::sys::{ - AppLayerParserState, AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled, - SCAppLayerProtoDetectPMRegisterPatternCS, + AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger, + SCAppLayerProtoDetectConfProtoDetectionEnabled, SCAppLayerProtoDetectPMRegisterPatternCS, }; use crate::applayer::{self, *}; @@ -321,7 +321,7 @@ pub unsafe extern "C" fn SCRegisterBittorrentDhtUdpParser() { { SCLogDebug!("Failed to register protocol detection pattern for direction TOCLIENT"); } - AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_BITTORRENT_DHT); + SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_BITTORRENT_DHT); SCLogDebug!("Parser registered for bittorrent-dht."); } else { diff --git a/rust/src/enip/enip.rs b/rust/src/enip/enip.rs index 43425882c4..70a3d97044 100644 --- a/rust/src/enip/enip.rs +++ b/rust/src/enip/enip.rs @@ -30,8 +30,9 @@ use std::collections::VecDeque; use std::ffi::CString; use std::os::raw::{c_char, c_int, c_void}; use suricata_sys::sys::{ - AppLayerParserState, AppProto, SCAppLayerParserRegisterParserAcceptableDataDirection, - SCAppLayerParserStateIssetFlag, SCAppLayerProtoDetectConfProtoDetectionEnabled, + AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger, + SCAppLayerParserRegisterParserAcceptableDataDirection, SCAppLayerParserStateIssetFlag, + SCAppLayerProtoDetectConfProtoDetectionEnabled, }; pub(super) static mut ALPROTO_ENIP: AppProto = ALPROTO_UNKNOWN; @@ -658,7 +659,7 @@ pub unsafe extern "C" fn SCEnipRegisterParsers() { ALPROTO_ENIP, STREAM_TOSERVER | STREAM_TOCLIENT, ); - AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_ENIP); + SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_ENIP); } else { SCLogDebug!("Protocol detector and parser disabled for ENIP on UDP."); } @@ -683,7 +684,7 @@ pub unsafe extern "C" fn SCEnipRegisterParsers() { ALPROTO_ENIP, STREAM_TOSERVER | STREAM_TOCLIENT, ); - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_ENIP); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_ENIP); } else { SCLogDebug!("Protocol detector and parser disabled for ENIP on TCP."); } diff --git a/rust/src/http2/http2.rs b/rust/src/http2/http2.rs index 4502180809..bb35a8d1db 100644 --- a/rust/src/http2/http2.rs +++ b/rust/src/http2/http2.rs @@ -39,7 +39,7 @@ use std::ffi::CString; use std::fmt; use std::io; use suricata_sys::sys::{ - AppLayerParserState, AppProto, SCAppLayerForceProtocolChange, + AppLayerParserState, AppProto, SCAppLayerForceProtocolChange, SCAppLayerParserRegisterLogger, SCAppLayerProtoDetectConfProtoDetectionEnabled, }; @@ -1598,7 +1598,7 @@ pub unsafe extern "C" fn SCRegisterHttp2Parser() { SCLogError!("Invalid value for http2.max-reassembly-size"); } } - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP2); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP2); SCLogDebug!("Rust http2 parser registered."); } else { SCLogNotice!("Protocol detector and parser disabled for HTTP2."); @@ -1616,7 +1616,7 @@ pub unsafe extern "C" fn SCRegisterHttp2Parser() { } else { SCLogWarning!("DOH2 is not meant to be detection-only."); } - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DOH2); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DOH2); SCLogDebug!("Rust doh2 parser registered."); } else { SCLogNotice!("Protocol detector and parser disabled for DOH2."); diff --git a/rust/src/krb/krb5.rs b/rust/src/krb/krb5.rs index ffd5978d10..a778c80353 100644 --- a/rust/src/krb/krb5.rs +++ b/rust/src/krb/krb5.rs @@ -33,7 +33,8 @@ use nom7::{Err, IResult}; use std; use std::ffi::CString; use suricata_sys::sys::{ - AppLayerParserState, AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled, + AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger, + SCAppLayerProtoDetectConfProtoDetectionEnabled, }; #[derive(AppLayerEvent)] @@ -640,7 +641,7 @@ pub unsafe extern "C" fn SCRegisterKrb5Parser() { if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 { let _ = AppLayerRegisterParser(&parser, alproto); } - AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_KRB5); + SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_KRB5); } else { SCLogDebug!("Protocol detector and parser disabled for KRB5/UDP."); } @@ -658,7 +659,7 @@ pub unsafe extern "C" fn SCRegisterKrb5Parser() { if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 { let _ = AppLayerRegisterParser(&parser, alproto); } - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_KRB5); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_KRB5); } else { SCLogDebug!("Protocol detector and parser disabled for KRB5/TCP."); } diff --git a/rust/src/ldap/ldap.rs b/rust/src/ldap/ldap.rs index 53df6b49c5..b81afa8bca 100644 --- a/rust/src/ldap/ldap.rs +++ b/rust/src/ldap/ldap.rs @@ -29,7 +29,7 @@ use std::collections::VecDeque; use std::ffi::CString; use std::os::raw::{c_char, c_int, c_void}; use suricata_sys::sys::{ - AppLayerParserState, AppProto, SCAppLayerParserStateIssetFlag, + AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger, SCAppLayerParserStateIssetFlag, SCAppLayerProtoDetectConfProtoDetectionEnabled, SCAppLayerRequestProtocolTLSUpgrade, }; @@ -718,7 +718,7 @@ pub unsafe extern "C" fn SCRegisterLdapTcpParser() { SCLogError!("Invalid value for ldap.max-tx"); } } - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_LDAP); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_LDAP); } else { SCLogDebug!("Protocol detection and parser disabled for LDAP/TCP."); } @@ -777,7 +777,7 @@ pub unsafe extern "C" fn SCRegisterLdapUdpParser() { SCLogError!("Invalid value for ldap.max-tx"); } } - AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_LDAP); + SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_LDAP); } else { SCLogDebug!("Protocol detection and parser disabled for LDAP/UDP."); } diff --git a/rust/src/modbus/modbus.rs b/rust/src/modbus/modbus.rs index 49e39ce46f..39bc8638dd 100644 --- a/rust/src/modbus/modbus.rs +++ b/rust/src/modbus/modbus.rs @@ -26,7 +26,7 @@ use sawp::parser::{Direction, Parse}; use sawp::probe::{Probe, Status}; use sawp_modbus::{self, AccessType, ErrorFlags, Flags, Message}; use suricata_sys::sys::{ - AppLayerParserState, AppProto, SCAppLayerParserStateIssetFlag, + AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger, SCAppLayerParserStateIssetFlag, SCAppLayerProtoDetectConfProtoDetectionEnabledDefault, }; @@ -453,7 +453,7 @@ pub unsafe extern "C" fn SCRegisterModbusParser() { if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 { let _ = AppLayerRegisterParser(&parser, alproto); } - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_MODBUS); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_MODBUS); } } diff --git a/rust/src/pop3/pop3.rs b/rust/src/pop3/pop3.rs index 33d36203e5..4ce9d83aad 100644 --- a/rust/src/pop3/pop3.rs +++ b/rust/src/pop3/pop3.rs @@ -29,8 +29,9 @@ use std::collections::VecDeque; use std::ffi::CString; use std::os::raw::{c_char, c_int, c_void}; use suricata_sys::sys::{ - AppLayerParserState, AppProto, SCAppLayerParserSetStreamDepth, SCAppLayerParserStateIssetFlag, - SCAppLayerProtoDetectConfProtoDetectionEnabled, SCAppLayerRequestProtocolTLSUpgrade, + AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger, SCAppLayerParserSetStreamDepth, + SCAppLayerParserStateIssetFlag, SCAppLayerProtoDetectConfProtoDetectionEnabled, + SCAppLayerRequestProtocolTLSUpgrade, }; use sawp::error::Error as SawpError; @@ -539,7 +540,7 @@ pub unsafe extern "C" fn SCRegisterPop3Parser() { SCLogError!("Invalid value for pop3.max-tx"); } } - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_POP3); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_POP3); SCLogDebug!("Rust pop3 parser registered."); } else { SCLogDebug!("Protocol detector and parser disabled for POP3."); diff --git a/rust/src/quic/quic.rs b/rust/src/quic/quic.rs index aa3e40587c..3a2fdf185f 100644 --- a/rust/src/quic/quic.rs +++ b/rust/src/quic/quic.rs @@ -34,7 +34,8 @@ use crate::{ use std::collections::VecDeque; use std::ffi::CString; use suricata_sys::sys::{ - AppLayerParserState, AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled, + AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger, + SCAppLayerProtoDetectConfProtoDetectionEnabled, }; use tls_parser::TlsExtensionType; @@ -588,7 +589,7 @@ pub unsafe extern "C" fn SCRegisterQuicParser() { let _ = AppLayerRegisterParser(&parser, alproto); } SCLogDebug!("Rust quic parser registered."); - AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_QUIC); + SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_QUIC); } else { SCLogDebug!("Protocol detector and parser disabled for quic."); } diff --git a/rust/src/rdp/rdp.rs b/rust/src/rdp/rdp.rs index 2048481d4e..bae570a032 100644 --- a/rust/src/rdp/rdp.rs +++ b/rust/src/rdp/rdp.rs @@ -20,16 +20,19 @@ //! RDP application layer use crate::applayer::{self, *}; -use crate::core::{ALPROTO_UNKNOWN, IPPROTO_TCP, sc_app_layer_parser_trigger_raw_stream_inspection}; +use crate::core::{ + sc_app_layer_parser_trigger_raw_stream_inspection, ALPROTO_UNKNOWN, IPPROTO_TCP, +}; +use crate::direction::Direction; use crate::flow::Flow; use crate::rdp::parser::*; -use crate::direction::Direction; use nom7::Err; -use suricata_sys::sys::{ - AppLayerParserState, AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled, -}; use std; use std::collections::VecDeque; +use suricata_sys::sys::{ + AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger, + SCAppLayerProtoDetectConfProtoDetectionEnabled, +}; use tls_parser::{parse_tls_plaintext, TlsMessage, TlsMessageHandshake, TlsRecordType}; static mut ALPROTO_RDP: AppProto = ALPROTO_UNKNOWN; @@ -210,7 +213,10 @@ impl RdpState { self.new_tx(RdpTransactionItem::X224ConnectionRequest(x224)); self.transactions.push_back(tx); if !flow.is_null() { - sc_app_layer_parser_trigger_raw_stream_inspection(flow, Direction::ToServer as i32); + sc_app_layer_parser_trigger_raw_stream_inspection( + flow, + Direction::ToServer as i32, + ); } } @@ -223,7 +229,10 @@ impl RdpState { self.new_tx(RdpTransactionItem::McsConnectRequest(mcs)); self.transactions.push_back(tx); if !flow.is_null() { - sc_app_layer_parser_trigger_raw_stream_inspection(flow, Direction::ToServer as i32); + sc_app_layer_parser_trigger_raw_stream_inspection( + flow, + Direction::ToServer as i32, + ); } } // unknown message in X.223, skip @@ -297,7 +306,10 @@ impl RdpState { self.new_tx(RdpTransactionItem::TlsCertificateChain(chain)); self.transactions.push_back(tx); if !flow.is_null() { - sc_app_layer_parser_trigger_raw_stream_inspection(flow, Direction::ToClient as i32); + sc_app_layer_parser_trigger_raw_stream_inspection( + flow, + Direction::ToClient as i32, + ); } self.bypass_parsing = true; } @@ -333,7 +345,10 @@ impl RdpState { self.new_tx(RdpTransactionItem::X224ConnectionConfirm(x224)); self.transactions.push_back(tx); if !flow.is_null() { - sc_app_layer_parser_trigger_raw_stream_inspection(flow, Direction::ToClient as i32); + sc_app_layer_parser_trigger_raw_stream_inspection( + flow, + Direction::ToClient as i32, + ); } } @@ -346,7 +361,10 @@ impl RdpState { .new_tx(RdpTransactionItem::McsConnectResponse(mcs)); self.transactions.push_back(tx); if !flow.is_null() { - sc_app_layer_parser_trigger_raw_stream_inspection(flow, Direction::ToClient as i32); + sc_app_layer_parser_trigger_raw_stream_inspection( + flow, + Direction::ToClient as i32, + ); } self.bypass_parsing = true; return AppLayerResult::ok(); @@ -391,7 +409,9 @@ impl RdpState { } } -extern "C" fn rdp_state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: AppProto) -> *mut std::os::raw::c_void { +extern "C" fn rdp_state_new( + _orig_state: *mut std::os::raw::c_void, _orig_proto: AppProto, +) -> *mut std::os::raw::c_void { let state = RdpState::new(); let boxed = Box::new(state); return Box::into_raw(boxed) as *mut _; @@ -444,8 +464,7 @@ fn probe_tls_handshake(input: &[u8]) -> bool { unsafe extern "C" fn rdp_parse_ts( flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState, - stream_slice: StreamSlice, - _data: *const std::os::raw::c_void + stream_slice: StreamSlice, _data: *const std::os::raw::c_void, ) -> AppLayerResult { let state = cast_pointer!(state, RdpState); let buf = stream_slice.as_slice(); @@ -455,8 +474,7 @@ unsafe extern "C" fn rdp_parse_ts( unsafe extern "C" fn rdp_parse_tc( flow: *mut Flow, state: *mut std::os::raw::c_void, _pstate: *mut AppLayerParserState, - stream_slice: StreamSlice, - _data: *const std::os::raw::c_void + stream_slice: StreamSlice, _data: *const std::os::raw::c_void, ) -> AppLayerResult { let state = cast_pointer!(state, RdpState); let buf = stream_slice.as_slice(); @@ -518,7 +536,7 @@ pub unsafe extern "C" fn SCRegisterRdpParser() { if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 { let _ = AppLayerRegisterParser(&parser, alproto); } - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_RDP); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_RDP); } } @@ -561,10 +579,16 @@ mod tests { ]; let mut state = RdpState::new(); // will consume 0, request length + 1 - assert_eq!(AppLayerResult::incomplete(0, 9), state.parse_ts(std::ptr::null(), buf_1)); + assert_eq!( + AppLayerResult::incomplete(0, 9), + state.parse_ts(std::ptr::null(), buf_1) + ); assert_eq!(0, state.transactions.len()); // exactly aligns with transaction - assert_eq!(AppLayerResult::ok(), state.parse_ts(std::ptr::null(), buf_2)); + assert_eq!( + AppLayerResult::ok(), + state.parse_ts(std::ptr::null(), buf_2) + ); assert_eq!(1, state.transactions.len()); let item = RdpTransactionItem::X224ConnectionRequest(X224ConnectionRequest { cdt: 0, @@ -594,10 +618,16 @@ mod tests { let buf_2: &[u8] = &[0x03, 0x00, 0x00, 0x09, 0x02, 0xf0, 0x80, 0x7f, 0x66]; let mut state = RdpState::new(); // will consume 0, request length + 1 - assert_eq!(AppLayerResult::incomplete(0, 6), state.parse_tc(std::ptr::null(), buf_1)); + assert_eq!( + AppLayerResult::incomplete(0, 6), + state.parse_tc(std::ptr::null(), buf_1) + ); assert_eq!(0, state.transactions.len()); // exactly aligns with transaction - assert_eq!(AppLayerResult::ok(), state.parse_tc(std::ptr::null(), buf_2)); + assert_eq!( + AppLayerResult::ok(), + state.parse_tc(std::ptr::null(), buf_2) + ); assert_eq!(1, state.transactions.len()); let item = RdpTransactionItem::McsConnectResponse(McsConnectResponse {}); assert_eq!(item, state.transactions[0].item); diff --git a/rust/src/rfb/rfb.rs b/rust/src/rfb/rfb.rs index ceb58f404f..80da7f1c29 100644 --- a/rust/src/rfb/rfb.rs +++ b/rust/src/rfb/rfb.rs @@ -32,8 +32,8 @@ use std; use std::ffi::CString; use std::os::raw::c_char; use suricata_sys::sys::{ - AppLayerParserState, AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled, - SCAppLayerProtoDetectPMRegisterPatternCI, + AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger, + SCAppLayerProtoDetectConfProtoDetectionEnabled, SCAppLayerProtoDetectPMRegisterPatternCI, }; pub(super) static mut ALPROTO_RFB: AppProto = ALPROTO_UNKNOWN; @@ -926,7 +926,7 @@ pub unsafe extern "C" fn SCRfbRegisterParser() { let _ = AppLayerRegisterParser(&parser, alproto); } SCLogDebug!("Rust rfb parser registered."); - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_RFB); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_RFB); if SCAppLayerProtoDetectPMRegisterPatternCI( IPPROTO_TCP, ALPROTO_RFB, diff --git a/rust/src/sip/sip.rs b/rust/src/sip/sip.rs index d77ed07d9a..77c0f46aa2 100755 --- a/rust/src/sip/sip.rs +++ b/rust/src/sip/sip.rs @@ -31,7 +31,7 @@ use std; use std::collections::VecDeque; use std::ffi::CString; use suricata_sys::sys::{ - AppLayerParserState, AppProto, SCAppLayerParserStateIssetFlag, + AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger, SCAppLayerParserStateIssetFlag, SCAppLayerProtoDetectConfProtoDetectionEnabled, SCAppLayerProtoDetectPMRegisterPatternCS, }; @@ -601,7 +601,7 @@ pub unsafe extern "C" fn SCRegisterSipParser() { if register_pattern_probe(core::IPPROTO_UDP) < 0 { return; } - AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_SIP); + SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_SIP); } else { SCLogDebug!("Protocol detection and parsing disabled for UDP SIP."); } @@ -623,7 +623,7 @@ pub unsafe extern "C" fn SCRegisterSipParser() { if register_pattern_probe(core::IPPROTO_TCP) < 0 { return; } - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SIP); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SIP); } else { SCLogDebug!("Protocol detection and parsing disabled for TCP SIP."); } diff --git a/rust/src/snmp/snmp.rs b/rust/src/snmp/snmp.rs index 01462042e6..5e164d9584 100644 --- a/rust/src/snmp/snmp.rs +++ b/rust/src/snmp/snmp.rs @@ -34,8 +34,8 @@ use nom7::{Err, IResult}; use nom7::error::{ErrorKind, make_error}; use suricata_sys::sys::{ AppLayerParserState, AppProto, AppProtoNewProtoFromString, EveJsonTxLoggerRegistrationData, - SCAppLayerProtoDetectConfProtoDetectionEnabled, SCOutputEvePreRegisterLogger, - SCOutputJsonLogDirection, SCSigTablePreRegister, + SCAppLayerParserRegisterLogger, SCAppLayerProtoDetectConfProtoDetectionEnabled, + SCOutputEvePreRegisterLogger, SCOutputJsonLogDirection, SCSigTablePreRegister, }; #[derive(AppLayerEvent)] @@ -435,7 +435,7 @@ pub unsafe extern "C" fn SCRegisterSnmpParser() { if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 { let _ = AppLayerRegisterParser(&parser, ALPROTO_SNMP); } - AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_SNMP); + SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_SNMP); } else { SCLogDebug!("Protocol detector and parser disabled for SNMP."); } diff --git a/rust/src/ssh/ssh.rs b/rust/src/ssh/ssh.rs index 7d0063a7ef..9c25fe5a19 100644 --- a/rust/src/ssh/ssh.rs +++ b/rust/src/ssh/ssh.rs @@ -25,7 +25,7 @@ use nom7::Err; use std::ffi::CString; use std::sync::atomic::{AtomicBool, Ordering}; use suricata_sys::sys::{ - AppLayerParserState, AppProto, SCAppLayerParserStateSetFlag, + AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger, SCAppLayerParserStateSetFlag, SCAppLayerProtoDetectConfProtoDetectionEnabled, }; @@ -581,7 +581,7 @@ pub unsafe extern "C" fn SCRegisterSshParser() { if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 { let _ = AppLayerRegisterParser(&parser, alproto); } - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SSH); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SSH); SCLogDebug!("Rust ssh parser registered."); } else { SCLogNotice!("Protocol detector and parser disabled for SSH."); diff --git a/rust/src/websocket/websocket.rs b/rust/src/websocket/websocket.rs index f2ed6fd87f..6d4e617568 100644 --- a/rust/src/websocket/websocket.rs +++ b/rust/src/websocket/websocket.rs @@ -31,7 +31,8 @@ use nom7::Needed; use flate2::Decompress; use flate2::FlushDecompress; use suricata_sys::sys::{ - AppLayerParserState, AppProto, SCAppLayerProtoDetectConfProtoDetectionEnabled, + AppLayerParserState, AppProto, SCAppLayerParserRegisterLogger, + SCAppLayerProtoDetectConfProtoDetectionEnabled, }; use std; @@ -442,7 +443,7 @@ pub unsafe extern "C" fn SCRegisterWebSocketParser() { SCLogError!("Invalid value for websocket.max-payload-size"); } } - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_WEBSOCKET); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_WEBSOCKET); } else { SCLogDebug!("Protocol detector and parser disabled for WEBSOCKET."); } diff --git a/rust/sys/src/sys.rs b/rust/sys/src/sys.rs index d828f71ef7..5e555a4d4c 100644 --- a/rust/sys/src/sys.rs +++ b/rust/sys/src/sys.rs @@ -700,6 +700,9 @@ extern "C" { ipproto: u8, alproto: AppProto, direction: u8, ); } +extern "C" { + pub fn SCAppLayerParserRegisterLogger(ipproto: u8, alproto: AppProto); +} extern "C" { pub fn SCAppLayerParserSetStreamDepth(ipproto: u8, alproto: AppProto, stream_depth: u32); } diff --git a/src/app-layer-ftp.c b/src/app-layer-ftp.c index 64ea722409..6ca2b3fc0e 100644 --- a/src/app-layer-ftp.c +++ b/src/app-layer-ftp.c @@ -1332,8 +1332,8 @@ void RegisterFTPParsers(void) AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_FTP, ftp_get_event_info); AppLayerParserRegisterGetEventInfoById(IPPROTO_TCP, ALPROTO_FTP, ftp_get_event_info_by_id); - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_FTP); - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_FTPDATA); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_FTP); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_FTPDATA); sbcfg.buf_size = 4096; sbcfg.Calloc = FTPCalloc; diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c index 56e018f747..43ba87242c 100644 --- a/src/app-layer-parser.c +++ b/src/app-layer-parser.c @@ -489,7 +489,7 @@ void AppLayerParserRegisterLoggerBits(uint8_t ipproto, AppProto alproto, LoggerI SCReturn; } -void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto) +void SCAppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto) { SCEnter(); diff --git a/src/app-layer-parser.h b/src/app-layer-parser.h index f38ffc809a..80b59a715a 100644 --- a/src/app-layer-parser.h +++ b/src/app-layer-parser.h @@ -183,7 +183,7 @@ void AppLayerParserRegisterLocalStorageFunc(uint8_t ipproto, AppProto proto, // AppLayerDecoderEvents *(*StateGetEvents)(void *) __attribute__((nonnull))); void AppLayerParserRegisterGetTxFilesFunc( uint8_t ipproto, AppProto alproto, AppLayerGetFileState (*GetTxFiles)(void *, uint8_t)); -void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto); +void SCAppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto); void AppLayerParserRegisterLoggerBits(uint8_t ipproto, AppProto alproto, LoggerId bits); void AppLayerParserRegisterGetStateProgressFunc(uint8_t ipproto, AppProto alproto, int (*StateGetStateProgress)(void *alstate, uint8_t direction)); diff --git a/src/app-layer-tftp.c b/src/app-layer-tftp.c index 9f65a32912..618c44cd13 100644 --- a/src/app-layer-tftp.c +++ b/src/app-layer-tftp.c @@ -178,7 +178,7 @@ void RegisterTFTPParsers(void) TFTP_MIN_FRAME_LEN, STREAM_TOSERVER, TFTPProbingParser, TFTPProbingParser); } } - AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_TFTP); + SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_TFTP); } else { SCLogDebug("Protocol detector and parser disabled for TFTP."); return; diff --git a/src/log-httplog.c b/src/log-httplog.c index b7dabe1f73..c776520cc1 100644 --- a/src/log-httplog.c +++ b/src/log-httplog.c @@ -594,7 +594,7 @@ OutputInitResult LogHttpLogInitCtx(SCConfNode *conf) SCLogDebug("HTTP log output initialized"); /* enable the logger for the app layer */ - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP1); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP1); result.ctx = output_ctx; result.ok = true; diff --git a/src/log-tlslog.c b/src/log-tlslog.c index ae3797878d..1c3f693fa4 100644 --- a/src/log-tlslog.c +++ b/src/log-tlslog.c @@ -240,7 +240,7 @@ static OutputInitResult LogTlsLogInitCtx(SCConfNode *conf) SCLogDebug("TLS log output initialized"); /* Enable the logger for the app layer */ - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS); result.ctx = output_ctx; result.ok = true; diff --git a/src/log-tlsstore.c b/src/log-tlsstore.c index d0c48a5c56..e26f50a725 100644 --- a/src/log-tlsstore.c +++ b/src/log-tlsstore.c @@ -427,7 +427,7 @@ static OutputInitResult LogTlsStoreLogInitCtx(SCConfNode *conf) SCLogInfo("storing certs in %s", tls_logfile_base_dir); /* enable the logger for the app layer */ - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS); result.ctx = output_ctx; result.ok = true; diff --git a/src/output-json-dcerpc.c b/src/output-json-dcerpc.c index 2bae5f7e1b..b758b7fcaf 100644 --- a/src/output-json-dcerpc.c +++ b/src/output-json-dcerpc.c @@ -59,8 +59,8 @@ error: static OutputInitResult DCERPCLogInitSub(SCConfNode *conf, OutputCtx *parent_ctx) { - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DCERPC); - AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_DCERPC); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DCERPC); + SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_DCERPC); return OutputJsonLogInitSub(conf, parent_ctx); } diff --git a/src/output-json-dhcp.c b/src/output-json-dhcp.c index 208f2e3162..9012044175 100644 --- a/src/output-json-dhcp.c +++ b/src/output-json-dhcp.c @@ -106,7 +106,7 @@ static OutputInitResult OutputDHCPLogInitSub(SCConfNode *conf, OutputCtx *parent dhcplog_ctx->rs_logger = SCDhcpLoggerNew(conf); - AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_DHCP); + SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_DHCP); result.ctx = output_ctx; result.ok = true; diff --git a/src/output-json-dnp3.c b/src/output-json-dnp3.c index 05659d5bf9..59835dbb1a 100644 --- a/src/output-json-dnp3.c +++ b/src/output-json-dnp3.c @@ -317,7 +317,7 @@ static OutputInitResult OutputDNP3LogInitSub(SCConfNode *conf, OutputCtx *parent SCLogInfo("DNP3 log sub-module initialized."); - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DNP3); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DNP3); result.ctx = output_ctx; result.ok = true; diff --git a/src/output-json-dns.c b/src/output-json-dns.c index 1da90a51c7..161268823d 100644 --- a/src/output-json-dns.c +++ b/src/output-json-dns.c @@ -673,8 +673,8 @@ static OutputInitResult JsonDnsLogInitCtxSub(SCConfNode *conf, OutputCtx *parent SCLogDebug("DNS log sub-module initialized"); - AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_DNS); - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DNS); + SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_DNS); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DNS); result.ctx = output_ctx; result.ok = true; diff --git a/src/output-json-http.c b/src/output-json-http.c index 95ca0cbdec..97f2e6496b 100644 --- a/src/output-json-http.c +++ b/src/output-json-http.c @@ -590,7 +590,7 @@ static OutputInitResult OutputHttpLogInitSub(SCConfNode *conf, OutputCtx *parent output_ctx->DeInit = OutputHttpLogDeinitSub; /* enable the logger for the app layer */ - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP1); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP1); result.ctx = output_ctx; result.ok = true; diff --git a/src/output-json-ike.c b/src/output-json-ike.c index 241767a479..a990e72aa0 100644 --- a/src/output-json-ike.c +++ b/src/output-json-ike.c @@ -135,7 +135,7 @@ static OutputInitResult OutputIKELogInitSub(SCConfNode *conf, OutputCtx *parent_ output_ctx->data = ikelog_ctx; output_ctx->DeInit = OutputIKELogDeInitCtxSub; - AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_IKE); + SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_IKE); result.ctx = output_ctx; result.ok = true; diff --git a/src/output-json-mdns.c b/src/output-json-mdns.c index be45b434a1..bb1d45aba9 100644 --- a/src/output-json-mdns.c +++ b/src/output-json-mdns.c @@ -145,7 +145,7 @@ static OutputInitResult DnsLogInitCtxSub(SCConfNode *conf, OutputCtx *parent_ctx output_ctx->data = dnslog_ctx; output_ctx->DeInit = DnsLogDeInitCtxSub; - AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_MDNS); + SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_MDNS); result.ctx = output_ctx; result.ok = true; diff --git a/src/output-json-mqtt.c b/src/output-json-mqtt.c index 2342f6323c..29e2639b01 100644 --- a/src/output-json-mqtt.c +++ b/src/output-json-mqtt.c @@ -146,7 +146,7 @@ static OutputInitResult OutputMQTTLogInitSub(SCConfNode *conf, OutputCtx *parent JsonMQTTLogParseConfig(conf, mqttlog_ctx); - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_MQTT); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_MQTT); result.ctx = output_ctx; result.ok = true; diff --git a/src/output-json-nfs.c b/src/output-json-nfs.c index 0dececa8fd..1d77b8e989 100644 --- a/src/output-json-nfs.c +++ b/src/output-json-nfs.c @@ -101,8 +101,8 @@ static int JsonNFSLogger(ThreadVars *tv, void *thread_data, static OutputInitResult NFSLogInitSub(SCConfNode *conf, OutputCtx *parent_ctx) { - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_NFS); - AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_NFS); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_NFS); + SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_NFS); return OutputJsonLogInitSub(conf, parent_ctx); } diff --git a/src/output-json-pgsql.c b/src/output-json-pgsql.c index 8d864f169d..d66dbebbf0 100644 --- a/src/output-json-pgsql.c +++ b/src/output-json-pgsql.c @@ -135,7 +135,7 @@ static OutputInitResult OutputPgsqlLogInitSub(SCConfNode *conf, OutputCtx *paren JsonPgsqlLogParseConfig(conf, pgsql_ctx); - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_PGSQL); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_PGSQL); SCLogDebug("PostgreSQL log sub-module initialized."); diff --git a/src/output-json-smb.c b/src/output-json-smb.c index a2fe47a71b..f5c1e53ed7 100644 --- a/src/output-json-smb.c +++ b/src/output-json-smb.c @@ -95,8 +95,8 @@ static void LogSmbLogDeInitCtxSub(OutputCtx *output_ctx) static OutputInitResult SMBLogInitSub(SCConfNode *conf, OutputCtx *parent_ctx) { - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SMB); - AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_SMB); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SMB); + SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_SMB); OutputInitResult r = OutputJsonLogInitSub(conf, parent_ctx); if (r.ok) { // generic init is ok, try smb-specific one diff --git a/src/output-json-smtp.c b/src/output-json-smtp.c index 0201721f01..e4a706ce25 100644 --- a/src/output-json-smtp.c +++ b/src/output-json-smtp.c @@ -140,7 +140,7 @@ static OutputInitResult OutputSmtpLogInitSub(SCConfNode *conf, OutputCtx *parent output_ctx->DeInit = OutputSmtpLogDeInitCtxSub; /* enable the logger for the app layer */ - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SMTP); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SMTP); result.ctx = output_ctx; result.ok = true; diff --git a/src/output-json-tls.c b/src/output-json-tls.c index 7c68f7864e..0f23b5247d 100644 --- a/src/output-json-tls.c +++ b/src/output-json-tls.c @@ -697,7 +697,7 @@ static OutputInitResult OutputTlsLogInitSub(SCConfNode *conf, OutputCtx *parent_ output_ctx->data = tls_ctx; output_ctx->DeInit = OutputTlsLogDeinitSub; - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS); result.ctx = output_ctx; result.ok = true; diff --git a/src/output-lua.c b/src/output-lua.c index 6f63fb1a70..fb2fe87034 100644 --- a/src/output-lua.c +++ b/src/output-lua.c @@ -783,31 +783,31 @@ static OutputInitResult OutputLuaLogInit(SCConfNode *conf) om->alproto = ALPROTO_HTTP1; om->ts_log_progress = -1; om->tc_log_progress = -1; - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP1); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP1); } else if (opts.alproto == ALPROTO_TLS) { om->TxLogFunc = LuaTxLogger; om->alproto = ALPROTO_TLS; om->tc_log_progress = TLS_STATE_SERVER_HANDSHAKE_DONE; om->ts_log_progress = TLS_STATE_CLIENT_HANDSHAKE_DONE; - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS); } else if (opts.alproto == ALPROTO_DNS) { om->TxLogFunc = LuaTxLogger; om->alproto = ALPROTO_DNS; om->ts_log_progress = -1; om->tc_log_progress = -1; - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DNS); - AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_DNS); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DNS); + SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_DNS); } else if (opts.alproto == ALPROTO_SSH) { om->TxLogFunc = LuaTxLogger; om->alproto = ALPROTO_SSH; om->TxLogCondition = SSHTxLogCondition; - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SSH); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SSH); } else if (opts.alproto == ALPROTO_SMTP) { om->TxLogFunc = LuaTxLogger; om->alproto = ALPROTO_SMTP; om->ts_log_progress = -1; om->tc_log_progress = -1; - AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SMTP); + SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SMTP); } else if (opts.packet && opts.alerts) { om->PacketLogFunc = LuaPacketLoggerAlerts; om->PacketConditionFunc = LuaPacketConditionAlerts;