From: Philippe Antoine Date: Thu, 8 Feb 2024 13:31:20 +0000 (+0100) Subject: detect/template: make template use DetectEngineInspectBufferGeneric X-Git-Tag: suricata-8.0.0-beta1~1275 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=55bc5f2290cebf0989582aa25b4ccda5d041fcb2;p=thirdparty%2Fsuricata.git detect/template: make template use DetectEngineInspectBufferGeneric --- diff --git a/src/detect-template-rust-buffer.c b/src/detect-template-rust-buffer.c index 6f9ef9b8dd..16dcbf0c6d 100644 --- a/src/detect-template-rust-buffer.c +++ b/src/detect-template-rust-buffer.c @@ -41,15 +41,40 @@ #include "detect-engine-build.h" #include "rust.h" -static int DetectTemplateRustBufferSetup(DetectEngineCtx *, Signature *, const char *); -static uint8_t DetectEngineInspectTemplateRustBuffer(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); #ifdef UNITTESTS static void DetectTemplateRustBufferRegisterTests(void); #endif static int g_template_rust_id = 0; +static int DetectTemplateRustBufferSetup(DetectEngineCtx *de_ctx, Signature *s, const char *str) +{ + s->init_data->list = g_template_rust_id; + + if (DetectSignatureSetAppProto(s, ALPROTO_TEMPLATE) != 0) + return -1; + + return 0; +} + +static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, + const DetectEngineTransforms *transforms, Flow *_f, const uint8_t flags, void *txv, + const int list_id) +{ + InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id); + if (!buffer->initialized) { + uint32_t data_len = 0; + const uint8_t *data = NULL; + if (flags & STREAM_TOSERVER) { + rs_template_get_request_buffer(txv, &data, &data_len); + } else { + rs_template_get_response_buffer(txv, &data, &data_len); + } + InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); + InspectionBufferApplyTransforms(buffer, transforms); + } + return buffer; +} + void DetectTemplateRustBufferRegister(void) { /* TEMPLATE_START_REMOVE */ @@ -68,52 +93,15 @@ void DetectTemplateRustBufferRegister(void) /* register inspect engines */ DetectAppLayerInspectEngineRegister("template_buffer", ALPROTO_TEMPLATE, SIG_FLAG_TOSERVER, 0, - DetectEngineInspectTemplateRustBuffer, NULL); + DetectEngineInspectBufferGeneric, GetData); DetectAppLayerInspectEngineRegister("template_buffer", ALPROTO_TEMPLATE, SIG_FLAG_TOCLIENT, 0, - DetectEngineInspectTemplateRustBuffer, NULL); + DetectEngineInspectBufferGeneric, GetData); g_template_rust_id = DetectBufferTypeGetByName("template_buffer"); SCLogNotice("Template application layer detect registered."); } -static int DetectTemplateRustBufferSetup(DetectEngineCtx *de_ctx, Signature *s, const char *str) -{ - s->init_data->list = g_template_rust_id; - - if (DetectSignatureSetAppProto(s, ALPROTO_TEMPLATE) != 0) - return -1; - - return 0; -} - -static uint8_t DetectEngineInspectTemplateRustBuffer(DetectEngineCtx *de_ctx, - DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, - const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) -{ - uint8_t ret = DETECT_ENGINE_INSPECT_SIG_NO_MATCH; - const uint8_t *data = NULL; - uint32_t data_len = 0; - - if (flags & STREAM_TOSERVER) { - rs_template_get_request_buffer(txv, &data, &data_len); - } else if (flags & STREAM_TOCLIENT) { - rs_template_get_response_buffer(txv, &data, &data_len); - } - - if (data != NULL) { - const bool match = DetectEngineContentInspection(de_ctx, det_ctx, s, engine->smd, NULL, f, - data, data_len, 0, DETECT_CI_FLAGS_SINGLE, - DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE); - if (match) { - ret = DETECT_ENGINE_INSPECT_SIG_MATCH; - } - } - - SCLogNotice("Returning %u.", ret); - return ret; -} - #ifdef UNITTESTS #include "util-unittest.h"