From: Philippe Antoine Date: Tue, 22 Apr 2025 07:28:32 +0000 (+0200) Subject: detect/multi-buf: harmonize wrapper X-Git-Tag: suricata-8.0.0-rc1~424 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8ecc3efdc81e1fa0ab44b6e1d2fa1c3954c15f39;p=thirdparty%2Fsuricata.git detect/multi-buf: harmonize wrapper Introduce DetectGetMultiData which does the generic wrapping, including the transforms. And let each keyword do just the getter. --- diff --git a/rust/cbindgen.toml b/rust/cbindgen.toml index 7e02d1cbb6..7636ef2ca4 100644 --- a/rust/cbindgen.toml +++ b/rust/cbindgen.toml @@ -98,6 +98,7 @@ exclude = [ "AppLayerParserState", "CLuaState", "DetectEngineState", + "DetectEngineThreadCtx", "GenericVar", "Flow", "StreamingBufferConfig", diff --git a/rust/src/core.rs b/rust/src/core.rs index 60978771c0..73a67d22a6 100644 --- a/rust/src/core.rs +++ b/rust/src/core.rs @@ -28,6 +28,10 @@ use crate::flow::Flow; pub enum DetectEngineState {} pub enum AppLayerDecoderEvents {} pub enum GenericVar {} +#[repr(C)] +pub struct DetectEngineThreadCtx { + _unused: [u8; 0], +} #[repr(C)] #[derive(Debug, PartialEq, Eq, Clone, Copy)] diff --git a/rust/src/detect/mod.rs b/rust/src/detect/mod.rs index 78c6ecb7e9..a79aee9b75 100644 --- a/rust/src/detect/mod.rs +++ b/rust/src/detect/mod.rs @@ -38,6 +38,7 @@ pub mod datasets; use std::os::raw::{c_char, c_int, c_void}; use std::ffi::CString; +use crate::core::DetectEngineThreadCtx; use suricata_sys::sys::AppProto; /// EnumString trait that will be implemented on enums that @@ -180,41 +181,29 @@ extern "C" { de: *mut c_void, s: *mut c_void, kwid: c_int, ctx: *const c_void, bufid: c_int, ) -> *mut c_void; // in detect-engine-helper.h - pub fn DetectHelperGetMultiData( - de: *mut c_void, - transforms: *const c_void, - flow: *const c_void, - flow_flags: u8, - tx: *const c_void, - list_id: c_int, - local_id: u32, - get_buf: unsafe extern "C" fn(*const c_void, u8, u32, *mut *const u8, *mut u32) -> bool, - ) -> *mut c_void; pub fn DetectHelperMultiBufferMpmRegister( name: *const libc::c_char, desc: *const libc::c_char, alproto: AppProto, toclient: bool, toserver: bool, get_multi_data: unsafe extern "C" fn( - *mut c_void, - *const c_void, + *mut DetectEngineThreadCtx, *const c_void, u8, - *const c_void, - i32, u32, - ) -> *mut c_void, + *mut *const u8, + *mut u32, + ) -> bool, ) -> c_int; pub fn DetectHelperMultiBufferProgressMpmRegister( name: *const libc::c_char, desc: *const libc::c_char, alproto: AppProto, toclient: bool, toserver: bool, get_multi_data: unsafe extern "C" fn( - *mut c_void, - *const c_void, + *mut DetectEngineThreadCtx, *const c_void, u8, - *const c_void, - i32, u32, - ) -> *mut c_void, + *mut *const u8, + *mut u32, + ) -> bool, progress: c_int, ) -> c_int; } diff --git a/rust/src/dns/detect.rs b/rust/src/dns/detect.rs index 7236704be3..c750b85599 100644 --- a/rust/src/dns/detect.rs +++ b/rust/src/dns/detect.rs @@ -16,13 +16,14 @@ */ use super::dns::{DNSRcode, DNSRecordType, DNSTransaction, ALPROTO_DNS}; +use crate::core::DetectEngineThreadCtx; use crate::detect::uint::{ detect_match_uint, detect_parse_uint_enum, DetectUintData, SCDetectU16Free, SCDetectU8Free, SCDetectU8Parse, }; use crate::detect::{ helper_keyword_register_sticky_buffer, DetectBufferSetActiveList, DetectHelperBufferRegister, - DetectHelperGetMultiData, DetectHelperKeywordAliasRegister, DetectHelperKeywordRegister, + DetectHelperKeywordAliasRegister, DetectHelperKeywordRegister, DetectHelperMultiBufferProgressMpmRegister, DetectSignatureSetAppProto, SCSigTableAppLiteElmt, SigMatchAppendSMToList, SigTableElmtStickyBuffer, }; @@ -238,7 +239,8 @@ unsafe extern "C" fn dns_detect_answer_name_setup( /// Get the DNS response answer name and index i. unsafe extern "C" fn dns_tx_get_answer_name( - tx: *const c_void, flags: u8, i: u32, buf: *mut *const u8, len: *mut u32, + _de: *mut DetectEngineThreadCtx, tx: *const c_void, flags: u8, i: u32, buf: *mut *const u8, + len: *mut u32, ) -> bool { let tx = cast_pointer!(tx, DNSTransaction); let answers = if flags & Direction::ToClient as u8 != 0 { @@ -261,22 +263,6 @@ unsafe extern "C" fn dns_tx_get_answer_name( false } -unsafe extern "C" fn dns_answer_name_get_data_wrapper( - de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8, - tx: *const c_void, list_id: c_int, local_id: u32, -) -> *mut c_void { - return DetectHelperGetMultiData( - de, - transforms, - flow, - flow_flags, - tx, - list_id, - local_id, - dns_tx_get_answer_name, - ); -} - unsafe extern "C" fn dns_detect_query_name_setup( de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char, ) -> c_int { @@ -291,7 +277,8 @@ unsafe extern "C" fn dns_detect_query_name_setup( /// Get the DNS response answer name and index i. unsafe extern "C" fn dns_tx_get_query_name( - tx: *const c_void, flags: u8, i: u32, buf: *mut *const u8, len: *mut u32, + _de: *mut DetectEngineThreadCtx, tx: *const c_void, flags: u8, i: u32, buf: *mut *const u8, + len: *mut u32, ) -> bool { let tx = cast_pointer!(tx, DNSTransaction); let queries = if flags & Direction::ToClient as u8 != 0 { @@ -315,9 +302,10 @@ unsafe extern "C" fn dns_tx_get_query_name( } unsafe extern "C" fn dns_tx_get_query( - tx: *const c_void, _flags: u8, i: u32, buf: *mut *const u8, len: *mut u32, + _de: *mut DetectEngineThreadCtx, tx: *const c_void, _flags: u8, i: u32, buf: *mut *const u8, + len: *mut u32, ) -> bool { - return dns_tx_get_query_name(tx, Direction::ToServer as u8, i, buf, len); + return dns_tx_get_query_name(_de, tx, Direction::ToServer as u8, i, buf, len); } unsafe extern "C" fn dns_detect_query_setup( @@ -332,38 +320,6 @@ unsafe extern "C" fn dns_detect_query_setup( return 0; } -unsafe extern "C" fn dns_query_name_get_data_wrapper( - de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8, - tx: *const c_void, list_id: c_int, local_id: u32, -) -> *mut c_void { - return DetectHelperGetMultiData( - de, - transforms, - flow, - flow_flags, - tx, - list_id, - local_id, - dns_tx_get_query_name, - ); -} - -unsafe extern "C" fn dns_query_get_data_wrapper( - de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8, - tx: *const c_void, list_id: c_int, local_id: u32, -) -> *mut c_void { - return DetectHelperGetMultiData( - de, - transforms, - flow, - flow_flags, - tx, - list_id, - local_id, - dns_tx_get_query, - ); -} - #[no_mangle] pub unsafe extern "C" fn SCDetectDNSRegister() { let kw = SigTableElmtStickyBuffer { @@ -381,7 +337,7 @@ pub unsafe extern "C" fn SCDetectDNSRegister() { /* Register also in the TO_SERVER direction, even though this is not normal, it could be provided as part of a request. */ true, - dns_answer_name_get_data_wrapper, + dns_tx_get_answer_name, 1, // response complete ); let kw = SCSigTableAppLiteElmt { @@ -415,7 +371,7 @@ pub unsafe extern "C" fn SCDetectDNSRegister() { /* Register in both directions as the query is usually echoed back in the response. */ true, - dns_query_name_get_data_wrapper, + dns_tx_get_query_name, 1, // request or response complete ); let kw = SCSigTableAppLiteElmt { @@ -467,8 +423,8 @@ pub unsafe extern "C" fn SCDetectDNSRegister() { ALPROTO_DNS, false, // only toserver true, - dns_query_get_data_wrapper, // reuse, will be called only toserver - 1, // request complete + dns_tx_get_query, // reuse, will be called only toserver + 1, // request complete ); } diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs index 1b2acaca6a..2f55fd2231 100644 --- a/rust/src/dns/dns.rs +++ b/rust/src/dns/dns.rs @@ -19,6 +19,7 @@ use std; use std::collections::HashMap; use std::collections::VecDeque; use std::ffi::CString; +use std::os::raw::c_void; use crate::applayer::*; use crate::core::{self, *}; @@ -983,9 +984,11 @@ export_state_data_get!(rs_dns_get_state_data, DNSState); /// Get the DNS query name at index i. #[no_mangle] pub unsafe extern "C" fn SCDnsTxGetQueryName( - tx: &mut DNSTransaction, to_client: bool, i: u32, buf: *mut *const u8, len: *mut u32, + _de: *mut DetectEngineThreadCtx, tx: *const c_void, flow_flags: u8, i: u32, + buf: *mut *const u8, len: *mut u32, ) -> bool { - let queries = if to_client { + let tx = cast_pointer!(tx, DNSTransaction); + let queries = if (flow_flags & STREAM_TOSERVER) == 0 { tx.response.as_ref().map(|response| &response.queries) } else { tx.request.as_ref().map(|request| &request.queries) @@ -1008,9 +1011,11 @@ pub unsafe extern "C" fn SCDnsTxGetQueryName( /// Get the DNS response answer name and index i. #[no_mangle] pub unsafe extern "C" fn SCDnsTxGetAnswerName( - tx: &mut DNSTransaction, to_client: bool, i: u32, buf: *mut *const u8, len: *mut u32, + _de: *mut DetectEngineThreadCtx, tx: *const c_void, flow_flags: u8, i: u32, + buf: *mut *const u8, len: *mut u32, ) -> bool { - let answers = if to_client { + let tx = cast_pointer!(tx, DNSTransaction); + let answers = if (flow_flags & STREAM_TOSERVER) == 0 { tx.response.as_ref().map(|response| &response.answers) } else { tx.request.as_ref().map(|request| &request.answers) @@ -1033,8 +1038,10 @@ pub unsafe extern "C" fn SCDnsTxGetAnswerName( /// Get the DNS response authority name at index i. #[no_mangle] pub unsafe extern "C" fn SCDnsTxGetAuthorityName( - tx: &mut DNSTransaction, i: u32, buf: *mut *const u8, len: *mut u32, -) -> bool { + _de: *mut DetectEngineThreadCtx, tx: *const c_void, _flow_flags: u8, i: u32, + buf: *mut *const u8, len: *mut u32, +) -> bool { + let tx = cast_pointer!(tx, DNSTransaction); let index = i as usize; if let Some(response) = &tx.response { @@ -1053,8 +1060,10 @@ pub unsafe extern "C" fn SCDnsTxGetAuthorityName( /// Get the DNS response additional name at index i. #[no_mangle] pub unsafe extern "C" fn SCDnsTxGetAdditionalName( - tx: &mut DNSTransaction, i: u32, buf: *mut *const u8, len: *mut u32, -) -> bool { + _de: *mut DetectEngineThreadCtx, tx: *const c_void, _flow_flags: u8, i: u32, + buf: *mut *const u8, len: *mut u32, +) -> bool { + let tx = cast_pointer!(tx, DNSTransaction); let index = i as usize; if let Some(response) = &tx.response { @@ -1072,18 +1081,11 @@ pub unsafe extern "C" fn SCDnsTxGetAdditionalName( fn get_rdata_name(data: &DNSRData) -> Option<&DNSName> { match data { - DNSRData::CNAME(name) - | DNSRData::PTR(name) - | DNSRData::MX(name) - | DNSRData::NS(name) => { + DNSRData::CNAME(name) | DNSRData::PTR(name) | DNSRData::MX(name) | DNSRData::NS(name) => { Some(name) } - DNSRData::SOA(soa) => { - Some(&soa.mname) - } - _ => { - None - } + DNSRData::SOA(soa) => Some(&soa.mname), + _ => None, } } @@ -1091,7 +1093,7 @@ fn get_rdata_name(data: &DNSRData) -> Option<&DNSName> { #[no_mangle] pub unsafe extern "C" fn SCDnsTxGetAnswerRdata( tx: &mut DNSTransaction, i: u32, buf: *mut *const u8, len: *mut u32, -) -> bool { +) -> bool { let index = i as usize; if let Some(response) = &tx.response { @@ -1113,7 +1115,7 @@ pub unsafe extern "C" fn SCDnsTxGetAnswerRdata( #[no_mangle] pub unsafe extern "C" fn SCDnsTxGetAuthorityRdata( tx: &mut DNSTransaction, i: u32, buf: *mut *const u8, len: *mut u32, -) -> bool { +) -> bool { let index = i as usize; if let Some(response) = &tx.response { @@ -1135,7 +1137,7 @@ pub unsafe extern "C" fn SCDnsTxGetAuthorityRdata( #[no_mangle] pub unsafe extern "C" fn SCDnsTxGetAdditionalRdata( tx: &mut DNSTransaction, i: u32, buf: *mut *const u8, len: *mut u32, -) -> bool { +) -> bool { let index = i as usize; if let Some(response) = &tx.response { diff --git a/rust/src/http2/detect.rs b/rust/src/http2/detect.rs index 6039647dba..b54a821a73 100644 --- a/rust/src/http2/detect.rs +++ b/rust/src/http2/detect.rs @@ -19,12 +19,14 @@ use super::http2::{ HTTP2Event, HTTP2Frame, HTTP2FrameTypeData, HTTP2State, HTTP2Transaction, HTTP2TransactionState, }; use super::parser; -use crate::direction::Direction; +use crate::core::DetectEngineThreadCtx; use crate::detect::uint::{detect_match_uint, DetectUintData}; +use crate::direction::Direction; +use base64::{engine::general_purpose::STANDARD, Engine}; use std::ffi::CStr; -use std::str::FromStr; +use std::os::raw::c_void; use std::rc::Rc; -use base64::{Engine, engine::general_purpose::STANDARD}; +use std::str::FromStr; fn http2_tx_has_frametype( tx: &HTTP2Transaction, direction: Direction, value: u8, @@ -359,8 +361,10 @@ pub unsafe extern "C" fn rs_http2_detect_sizeupdatectx_match( // and rs_http2_detect_sizeupdatectx_match explicitly casting #[no_mangle] pub unsafe extern "C" fn rs_http2_tx_get_header_name( - tx: &HTTP2Transaction, direction: u8, nb: u32, buffer: *mut *const u8, buffer_len: *mut u32, + _de: *mut DetectEngineThreadCtx, tx: *const c_void, direction: u8, nb: u32, + buffer: *mut *const u8, buffer_len: *mut u32, ) -> bool { + let tx = cast_pointer!(tx, HTTP2Transaction); let mut pos = 0_u32; match direction.into() { Direction::ToServer => { @@ -869,8 +873,10 @@ pub unsafe extern "C" fn rs_http2_tx_get_headers_raw( #[no_mangle] pub unsafe extern "C" fn rs_http2_tx_get_header( - tx: &mut HTTP2Transaction, direction: u8, nb: u32, buffer: *mut *const u8, buffer_len: *mut u32, -) -> u8 { + _de: *mut DetectEngineThreadCtx, tx: *const c_void, direction: u8, nb: u32, + buffer: *mut *const u8, buffer_len: *mut u32, +) -> bool { + let tx = cast_pointer!(tx, HTTP2Transaction); let mut pos = 0_u32; match direction.into() { Direction::ToServer => { @@ -883,7 +889,7 @@ pub unsafe extern "C" fn rs_http2_tx_get_header( let value = &tx.escaped[idx]; *buffer = value.as_ptr(); //unsafe *buffer_len = value.len() as u32; - return 1; + return true; } else { pos += blocks.len() as u32; } @@ -900,7 +906,7 @@ pub unsafe extern "C" fn rs_http2_tx_get_header( let value = &tx.escaped[idx]; *buffer = value.as_ptr(); //unsafe *buffer_len = value.len() as u32; - return 1; + return true; } else { pos += blocks.len() as u32; } @@ -908,7 +914,7 @@ pub unsafe extern "C" fn rs_http2_tx_get_header( } } } - return 0; + return false; } fn http2_tx_set_header(state: &mut HTTP2State, name: &[u8], input: &[u8]) { @@ -933,7 +939,9 @@ fn http2_tx_set_header(state: &mut HTTP2State, name: &[u8], input: &[u8]) { blocks, }; let txdata = HTTP2FrameTypeData::HEADERS(hs); - let tx = state.find_or_create_tx(&head, &txdata, Direction::ToServer).unwrap(); + let tx = state + .find_or_create_tx(&head, &txdata, Direction::ToServer) + .unwrap(); tx.frames_ts.push(HTTP2Frame { header: head, data: txdata, @@ -976,7 +984,9 @@ fn http2_tx_set_settings(state: &mut HTTP2State, input: &[u8]) { match parser::http2_parse_frame_settings(&dec) { Ok((_, set)) => { let txdata = HTTP2FrameTypeData::SETTINGS(set); - let tx = state.find_or_create_tx(&head, &txdata, Direction::ToServer).unwrap(); + let tx = state + .find_or_create_tx(&head, &txdata, Direction::ToServer) + .unwrap(); tx.frames_ts.push(HTTP2Frame { header: head, data: txdata, diff --git a/rust/src/ike/detect.rs b/rust/src/ike/detect.rs index 0cc151fb64..6e07c15454 100644 --- a/rust/src/ike/detect.rs +++ b/rust/src/ike/detect.rs @@ -18,8 +18,10 @@ // Author: Frank Honza use super::ipsec_parser::IkeV2Transform; +use crate::core::DetectEngineThreadCtx; use crate::ike::ike::*; use std::ffi::CStr; +use std::os::raw::c_void; use std::ptr; #[no_mangle] @@ -116,23 +118,21 @@ pub extern "C" fn rs_ike_state_get_key_exchange( } #[no_mangle] -pub extern "C" fn rs_ike_tx_get_vendor( - tx: &IKETransaction, i: u32, buf: *mut *const u8, len: *mut u32, -) -> u8 { +pub unsafe extern "C" fn rs_ike_tx_get_vendor( + _de: *mut DetectEngineThreadCtx, tx: *const c_void, _flags: u8, i: u32, buf: *mut *const u8, + len: *mut u32, +) -> bool { + let tx = cast_pointer!(tx, IKETransaction); if tx.ike_version == 1 && i < tx.hdr.ikev1_header.vendor_ids.len() as u32 { - unsafe { - *len = tx.hdr.ikev1_header.vendor_ids[i as usize].len() as u32; - *buf = tx.hdr.ikev1_header.vendor_ids[i as usize].as_ptr(); - } - return 1; + *len = tx.hdr.ikev1_header.vendor_ids[i as usize].len() as u32; + *buf = tx.hdr.ikev1_header.vendor_ids[i as usize].as_ptr(); + return true; } - unsafe { - *buf = ptr::null(); - *len = 0; - } + *buf = ptr::null(); + *len = 0; - return 0; + return false; } #[no_mangle] diff --git a/rust/src/krb/detect.rs b/rust/src/krb/detect.rs index 7cc7d8120c..72287aeb43 100644 --- a/rust/src/krb/detect.rs +++ b/rust/src/krb/detect.rs @@ -17,6 +17,7 @@ // written by Pierre Chifflier +use crate::core::DetectEngineThreadCtx; use crate::krb::krb5::{test_weak_encryption, KRB5Transaction}; use kerberos_parser::krb5::EncryptionType; @@ -29,6 +30,7 @@ use nom7::multi::many1; use nom7::IResult; use std::ffi::CStr; +use std::os::raw::c_void; #[no_mangle] pub unsafe extern "C" fn rs_krb5_tx_get_msgtype(tx: &KRB5Transaction, ptr: *mut u32) { @@ -50,32 +52,36 @@ pub unsafe extern "C" fn rs_krb5_tx_get_errcode(tx: &KRB5Transaction, ptr: *mut #[no_mangle] pub unsafe extern "C" fn rs_krb5_tx_get_cname( - tx: &KRB5Transaction, i: u32, buffer: *mut *const u8, buffer_len: *mut u32, -) -> u8 { + _de: *mut DetectEngineThreadCtx, tx: *const c_void, _flags: u8, i: u32, buffer: *mut *const u8, + buffer_len: *mut u32, +) -> bool { + let tx = cast_pointer!(tx, KRB5Transaction); if let Some(ref s) = tx.cname { if (i as usize) < s.name_string.len() { let value = &s.name_string[i as usize]; *buffer = value.as_ptr(); *buffer_len = value.len() as u32; - return 1; + return true; } } - 0 + false } #[no_mangle] pub unsafe extern "C" fn rs_krb5_tx_get_sname( - tx: &KRB5Transaction, i: u32, buffer: *mut *const u8, buffer_len: *mut u32, -) -> u8 { + _de: *mut DetectEngineThreadCtx, tx: *const c_void, _flags: u8, i: u32, buffer: *mut *const u8, + buffer_len: *mut u32, +) -> bool { + let tx = cast_pointer!(tx, KRB5Transaction); if let Some(ref s) = tx.sname { if (i as usize) < s.name_string.len() { let value = &s.name_string[i as usize]; *buffer = value.as_ptr(); *buffer_len = value.len() as u32; - return 1; + return true; } } - 0 + false } const KRB_TICKET_FASTARRAY_SIZE: usize = 256; diff --git a/rust/src/ldap/detect.rs b/rust/src/ldap/detect.rs index 3457c56ba4..a5fdb03009 100644 --- a/rust/src/ldap/detect.rs +++ b/rust/src/ldap/detect.rs @@ -16,6 +16,7 @@ */ use super::ldap::{LdapTransaction, ALPROTO_LDAP}; +use crate::core::DetectEngineThreadCtx; use crate::detect::uint::{ detect_match_uint, detect_parse_uint_enum, DetectUintData, SCDetectU32Free, SCDetectU32Parse, SCDetectU8Free, @@ -23,9 +24,8 @@ use crate::detect::uint::{ use crate::detect::{ helper_keyword_register_sticky_buffer, DetectBufferSetActiveList, DetectHelperBufferMpmRegister, DetectHelperBufferRegister, DetectHelperGetData, - DetectHelperGetMultiData, DetectHelperKeywordRegister, DetectHelperMultiBufferMpmRegister, - DetectSignatureSetAppProto, SCSigTableAppLiteElmt, SigMatchAppendSMToList, - SigTableElmtStickyBuffer, + DetectHelperKeywordRegister, DetectHelperMultiBufferMpmRegister, DetectSignatureSetAppProto, + SCSigTableAppLiteElmt, SigMatchAppendSMToList, SigTableElmtStickyBuffer, }; use crate::ldap::types::{LdapMessage, LdapResultCode, ProtocolOp, ProtocolOpCode}; @@ -368,24 +368,9 @@ unsafe extern "C" fn ldap_detect_responses_dn_setup( return 0; } -unsafe extern "C" fn ldap_detect_responses_dn_get_data( - de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8, - tx: *const c_void, list_id: c_int, local_id: u32, -) -> *mut c_void { - return DetectHelperGetMultiData( - de, - transforms, - flow, - flow_flags, - tx, - list_id, - local_id, - ldap_tx_get_responses_dn, - ); -} - unsafe extern "C" fn ldap_tx_get_responses_dn( - tx: *const c_void, _flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32, + _de: *mut DetectEngineThreadCtx, tx: *const c_void, _flags: u8, local_id: u32, + buffer: *mut *const u8, buffer_len: *mut u32, ) -> bool { let tx = cast_pointer!(tx, LdapTransaction); @@ -515,24 +500,9 @@ unsafe extern "C" fn ldap_detect_responses_msg_setup( return 0; } -unsafe extern "C" fn ldap_detect_responses_msg_get_data( - de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8, - tx: *const c_void, list_id: c_int, local_id: u32, -) -> *mut c_void { - return DetectHelperGetMultiData( - de, - transforms, - flow, - flow_flags, - tx, - list_id, - local_id, - ldap_tx_get_responses_msg, - ); -} - unsafe extern "C" fn ldap_tx_get_responses_msg( - tx: *const c_void, _flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32, + _de: *mut DetectEngineThreadCtx, tx: *const c_void, _flags: u8, local_id: u32, + buffer: *mut *const u8, buffer_len: *mut u32, ) -> bool { let tx = cast_pointer!(tx, LdapTransaction); @@ -575,24 +545,9 @@ unsafe extern "C" fn ldap_detect_request_attibute_type_setup( return 0; } -unsafe extern "C" fn ldap_detect_request_attribute_type_get_data( - de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8, - tx: *const c_void, list_id: c_int, local_id: u32, -) -> *mut c_void { - return DetectHelperGetMultiData( - de, - transforms, - flow, - flow_flags, - tx, - list_id, - local_id, - ldap_tx_get_req_attribute_type, - ); -} - unsafe extern "C" fn ldap_tx_get_req_attribute_type( - tx: *const c_void, _flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32, + _de: *mut DetectEngineThreadCtx, tx: *const c_void, _flags: u8, local_id: u32, + buffer: *mut *const u8, buffer_len: *mut u32, ) -> bool { let tx = cast_pointer!(tx, LdapTransaction); @@ -649,24 +604,9 @@ unsafe extern "C" fn ldap_detect_responses_attibute_type_setup( return 0; } -unsafe extern "C" fn ldap_detect_responses_attribute_type_get_data( - de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8, - tx: *const c_void, list_id: c_int, local_id: u32, -) -> *mut c_void { - return DetectHelperGetMultiData( - de, - transforms, - flow, - flow_flags, - tx, - list_id, - local_id, - ldap_tx_get_resp_attribute_type, - ); -} - unsafe extern "C" fn ldap_tx_get_resp_attribute_type( - tx: *const c_void, _flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32, + _de: *mut DetectEngineThreadCtx, tx: *const c_void, _flags: u8, local_id: u32, + buffer: *mut *const u8, buffer_len: *mut u32, ) -> bool { let tx = cast_pointer!(tx, LdapTransaction); @@ -769,7 +709,7 @@ pub unsafe extern "C" fn SCDetectLdapRegister() { ALPROTO_LDAP, true, //to client false, //to server - ldap_detect_responses_dn_get_data, + ldap_tx_get_responses_dn, ); let kw = SCSigTableAppLiteElmt { name: b"ldap.responses.result_code\0".as_ptr() as *const libc::c_char, @@ -801,7 +741,7 @@ pub unsafe extern "C" fn SCDetectLdapRegister() { ALPROTO_LDAP, true, //to client false, //to server - ldap_detect_responses_msg_get_data, + ldap_tx_get_responses_msg, ); let kw = SigTableElmtStickyBuffer { name: String::from("ldap.request.attribute_type"), @@ -816,7 +756,7 @@ pub unsafe extern "C" fn SCDetectLdapRegister() { ALPROTO_LDAP, false, //to client true, //to server - ldap_detect_request_attribute_type_get_data, + ldap_tx_get_req_attribute_type, ); let kw = SigTableElmtStickyBuffer { name: String::from("ldap.responses.attribute_type"), @@ -831,6 +771,6 @@ pub unsafe extern "C" fn SCDetectLdapRegister() { ALPROTO_LDAP, true, //to client false, //to server - ldap_detect_responses_attribute_type_get_data, + ldap_tx_get_resp_attribute_type, ); } diff --git a/rust/src/mqtt/detect.rs b/rust/src/mqtt/detect.rs index 3b4e0a6978..7b05042235 100644 --- a/rust/src/mqtt/detect.rs +++ b/rust/src/mqtt/detect.rs @@ -17,6 +17,7 @@ // written by Sascha Steinbiss +use crate::core::DetectEngineThreadCtx; use crate::detect::uint::{ detect_match_uint, detect_parse_uint, detect_parse_uint_enum, DetectUintData, DetectUintMode, SCDetectU8Free, SCDetectU8Parse, @@ -24,9 +25,8 @@ use crate::detect::uint::{ use crate::detect::{ helper_keyword_register_sticky_buffer, DetectBufferSetActiveList, DetectHelperBufferMpmRegister, DetectHelperBufferRegister, DetectHelperGetData, - DetectHelperGetMultiData, DetectHelperKeywordRegister, DetectHelperMultiBufferMpmRegister, - DetectSignatureSetAppProto, SCSigTableAppLiteElmt, SigMatchAppendSMToList, - SigTableElmtStickyBuffer, + DetectHelperKeywordRegister, DetectHelperMultiBufferMpmRegister, DetectSignatureSetAppProto, + SCSigTableAppLiteElmt, SigMatchAppendSMToList, SigTableElmtStickyBuffer, }; use nom7::branch::alt; @@ -300,7 +300,8 @@ static mut G_MQTT_CONN_FLAGS_KW_ID: c_int = 0; static mut G_MQTT_CONN_FLAGS_BUFFER_ID: c_int = 0; unsafe extern "C" fn unsub_topic_get_data( - tx: *const c_void, _flow_flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32, + _de: *mut DetectEngineThreadCtx, tx: *const c_void, _flow_flags: u8, local_id: u32, + buffer: *mut *const u8, buffer_len: *mut u32, ) -> bool { let ml = UNSUB_TOPIC_MATCH_LIMIT; if ml > 0 && local_id >= ml as u32 { @@ -326,22 +327,6 @@ unsafe extern "C" fn unsub_topic_get_data( return false; } -unsafe extern "C" fn unsub_topic_get_data_wrapper( - de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8, - tx: *const c_void, list_id: c_int, local_id: u32, -) -> *mut c_void { - return DetectHelperGetMultiData( - de, - transforms, - flow, - flow_flags, - tx, - list_id, - local_id, - unsub_topic_get_data, - ); -} - unsafe extern "C" fn unsub_topic_setup( de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char, ) -> c_int { @@ -356,7 +341,8 @@ unsafe extern "C" fn unsub_topic_setup( } unsafe extern "C" fn sub_topic_get_data( - tx: *const c_void, _flow_flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32, + _de: *mut DetectEngineThreadCtx, tx: *const c_void, _flow_flags: u8, local_id: u32, + buffer: *mut *const u8, buffer_len: *mut u32, ) -> bool { let ml = SUB_TOPIC_MATCH_LIMIT; if ml > 0 && local_id >= ml as u32 { @@ -382,22 +368,6 @@ unsafe extern "C" fn sub_topic_get_data( return false; } -unsafe extern "C" fn sub_topic_get_data_wrapper( - de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8, - tx: *const c_void, list_id: c_int, local_id: u32, -) -> *mut c_void { - return DetectHelperGetMultiData( - de, - transforms, - flow, - flow_flags, - tx, - list_id, - local_id, - sub_topic_get_data, - ); -} - unsafe extern "C" fn sub_topic_setup( de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char, ) -> c_int { @@ -1122,7 +1092,7 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { ALPROTO_MQTT, false, // only to server true, - unsub_topic_get_data_wrapper, + unsub_topic_get_data, ); let kw = SCSigTableAppLiteElmt { @@ -1163,7 +1133,7 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { ALPROTO_MQTT, false, // only to server true, - sub_topic_get_data_wrapper, + sub_topic_get_data, ); let kw = SCSigTableAppLiteElmt { @@ -1517,23 +1487,24 @@ mod test { let mut s: *const u8 = std::ptr::null_mut(); let mut slen: u32 = 0; let tx = &t as *const _ as *mut _; - let mut r = unsafe { unsub_topic_get_data(tx, 0, 0, &mut s, &mut slen) }; + let mut r = + unsafe { unsub_topic_get_data(std::ptr::null_mut(), tx, 0, 0, &mut s, &mut slen) }; assert!(r); let mut topic = String::from_utf8_lossy(unsafe { build_slice!(s, slen as usize) }); assert_eq!(topic, "foo"); - r = unsafe { unsub_topic_get_data(tx, 0, 1, &mut s, &mut slen) }; + r = unsafe { unsub_topic_get_data(std::ptr::null_mut(), tx, 0, 1, &mut s, &mut slen) }; assert!(r); topic = String::from_utf8_lossy(unsafe { build_slice!(s, slen as usize) }); assert_eq!(topic, "baar"); - r = unsafe { unsub_topic_get_data(tx, 0, 2, &mut s, &mut slen) }; + r = unsafe { unsub_topic_get_data(std::ptr::null_mut(), tx, 0, 2, &mut s, &mut slen) }; assert!(r); topic = String::from_utf8_lossy(unsafe { build_slice!(s, slen as usize) }); assert_eq!(topic, "fieee"); - r = unsafe { unsub_topic_get_data(tx, 0, 3, &mut s, &mut slen) }; + r = unsafe { unsub_topic_get_data(std::ptr::null_mut(), tx, 0, 3, &mut s, &mut slen) }; assert!(r); topic = String::from_utf8_lossy(unsafe { build_slice!(s, slen as usize) }); assert_eq!(topic, "baaaaz"); - r = unsafe { unsub_topic_get_data(tx, 0, 4, &mut s, &mut slen) }; + r = unsafe { unsub_topic_get_data(std::ptr::null_mut(), tx, 0, 4, &mut s, &mut slen) }; assert!(!r); } @@ -1591,23 +1562,24 @@ mod test { let mut s: *const u8 = std::ptr::null_mut(); let mut slen: u32 = 0; let tx = &t as *const _ as *mut _; - let mut r = unsafe { sub_topic_get_data(tx, 0, 0, &mut s, &mut slen) }; + let mut r = + unsafe { sub_topic_get_data(std::ptr::null_mut(), tx, 0, 0, &mut s, &mut slen) }; assert!(r); let mut topic = String::from_utf8_lossy(unsafe { build_slice!(s, slen as usize) }); assert_eq!(topic, "foo"); - r = unsafe { sub_topic_get_data(tx, 0, 1, &mut s, &mut slen) }; + r = unsafe { sub_topic_get_data(std::ptr::null_mut(), tx, 0, 1, &mut s, &mut slen) }; assert!(r); topic = String::from_utf8_lossy(unsafe { build_slice!(s, slen as usize) }); assert_eq!(topic, "baar"); - r = unsafe { sub_topic_get_data(tx, 0, 2, &mut s, &mut slen) }; + r = unsafe { sub_topic_get_data(std::ptr::null_mut(), tx, 0, 2, &mut s, &mut slen) }; assert!(r); topic = String::from_utf8_lossy(unsafe { build_slice!(s, slen as usize) }); assert_eq!(topic, "fieee"); - r = unsafe { sub_topic_get_data(tx, 0, 3, &mut s, &mut slen) }; + r = unsafe { sub_topic_get_data(std::ptr::null_mut(), tx, 0, 3, &mut s, &mut slen) }; assert!(r); topic = String::from_utf8_lossy(unsafe { build_slice!(s, slen as usize) }); assert_eq!(topic, "baaaaz"); - r = unsafe { sub_topic_get_data(tx, 0, 4, &mut s, &mut slen) }; + r = unsafe { sub_topic_get_data(std::ptr::null_mut(), tx, 0, 4, &mut s, &mut slen) }; assert!(!r); } } diff --git a/rust/src/quic/detect.rs b/rust/src/quic/detect.rs index cd88120646..df1ab0ddd5 100644 --- a/rust/src/quic/detect.rs +++ b/rust/src/quic/detect.rs @@ -15,7 +15,9 @@ * 02110-1301, USA. */ +use crate::core::DetectEngineThreadCtx; use crate::quic::quic::QuicTransaction; +use std::os::raw::c_void; use std::ptr; #[no_mangle] @@ -96,8 +98,10 @@ pub unsafe extern "C" fn rs_quic_tx_get_version( #[no_mangle] pub unsafe extern "C" fn rs_quic_tx_get_cyu_hash( - tx: &QuicTransaction, i: u32, buffer: *mut *const u8, buffer_len: *mut u32, -) -> u8 { + _de: *mut DetectEngineThreadCtx, tx: *const c_void, _flags: u8, i: u32, buffer: *mut *const u8, + buffer_len: *mut u32, +) -> bool { + let tx = cast_pointer!(tx, QuicTransaction); if (i as usize) < tx.cyu.len() { let cyu = &tx.cyu[i as usize]; @@ -106,19 +110,21 @@ pub unsafe extern "C" fn rs_quic_tx_get_cyu_hash( *buffer = p.as_ptr(); *buffer_len = p.len() as u32; - 1 + true } else { *buffer = ptr::null(); *buffer_len = 0; - 0 + false } } #[no_mangle] pub unsafe extern "C" fn rs_quic_tx_get_cyu_string( - tx: &QuicTransaction, i: u32, buffer: *mut *const u8, buffer_len: *mut u32, -) -> u8 { + _de: *mut DetectEngineThreadCtx, tx: *const c_void, _flags: u8, i: u32, buffer: *mut *const u8, + buffer_len: *mut u32, +) -> bool { + let tx = cast_pointer!(tx, QuicTransaction); if (i as usize) < tx.cyu.len() { let cyu = &tx.cyu[i as usize]; @@ -126,11 +132,11 @@ pub unsafe extern "C" fn rs_quic_tx_get_cyu_string( *buffer = p.as_ptr(); *buffer_len = p.len() as u32; - 1 + true } else { *buffer = ptr::null(); *buffer_len = 0; - 0 + false } } diff --git a/rust/src/sdp/detect.rs b/rust/src/sdp/detect.rs index b276dddf4d..b505b68625 100644 --- a/rust/src/sdp/detect.rs +++ b/rust/src/sdp/detect.rs @@ -17,10 +17,11 @@ // written by Giuseppe Longo +use crate::core::DetectEngineThreadCtx; use crate::detect::{ helper_keyword_register_sticky_buffer, DetectBufferSetActiveList, - DetectHelperBufferMpmRegister, DetectHelperGetData, DetectHelperGetMultiData, - DetectHelperMultiBufferMpmRegister, DetectSignatureSetAppProto, SigTableElmtStickyBuffer, + DetectHelperBufferMpmRegister, DetectHelperGetData, DetectHelperMultiBufferMpmRegister, + DetectSignatureSetAppProto, SigTableElmtStickyBuffer, }; use crate::direction::Direction; use crate::sip::sip::{SIPTransaction, ALPROTO_SIP}; @@ -388,24 +389,9 @@ unsafe extern "C" fn sdp_bandwidth_setup( return 0; } -unsafe extern "C" fn sdp_bandwidth_get( - de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8, - tx: *const c_void, list_id: c_int, local_id: u32, -) -> *mut c_void { - return DetectHelperGetMultiData( - de, - transforms, - flow, - flow_flags, - tx, - list_id, - local_id, - sip_bandwidth_get_data, - ); -} - unsafe extern "C" fn sip_bandwidth_get_data( - tx: *const c_void, flow_flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32, + _de: *mut DetectEngineThreadCtx, tx: *const c_void, flow_flags: u8, local_id: u32, + buffer: *mut *const u8, buffer_len: *mut u32, ) -> bool { let tx = cast_pointer!(tx, SIPTransaction); let direction = flow_flags.into(); @@ -440,24 +426,9 @@ unsafe extern "C" fn sdp_time_setup( return 0; } -unsafe extern "C" fn sdp_time_get( - de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8, - tx: *const c_void, list_id: c_int, local_id: u32, -) -> *mut c_void { - return DetectHelperGetMultiData( - de, - transforms, - flow, - flow_flags, - tx, - list_id, - local_id, - sdp_time_get_data, - ); -} - unsafe extern "C" fn sdp_time_get_data( - tx: *const c_void, flow_flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32, + _de: *mut DetectEngineThreadCtx, tx: *const c_void, flow_flags: u8, local_id: u32, + buffer: *mut *const u8, buffer_len: *mut u32, ) -> bool { let tx = cast_pointer!(tx, SIPTransaction); let direction = flow_flags.into(); @@ -490,24 +461,9 @@ unsafe extern "C" fn sdp_repeat_time_setup( return 0; } -unsafe extern "C" fn sdp_repeat_time_get( - de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8, - tx: *const c_void, list_id: c_int, local_id: u32, -) -> *mut c_void { - return DetectHelperGetMultiData( - de, - transforms, - flow, - flow_flags, - tx, - list_id, - local_id, - sdp_repeat_time_get_data, - ); -} - unsafe extern "C" fn sdp_repeat_time_get_data( - tx: *const c_void, flow_flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32, + _de: *mut DetectEngineThreadCtx, tx: *const c_void, flow_flags: u8, local_id: u32, + buffer: *mut *const u8, buffer_len: *mut u32, ) -> bool { let tx = cast_pointer!(tx, SIPTransaction); let direction = flow_flags.into(); @@ -636,24 +592,9 @@ unsafe extern "C" fn sdp_attribute_setup( return 0; } -unsafe extern "C" fn sdp_attribute_get( - de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8, - tx: *const c_void, list_id: c_int, local_id: u32, -) -> *mut c_void { - return DetectHelperGetMultiData( - de, - transforms, - flow, - flow_flags, - tx, - list_id, - local_id, - sip_attribute_get_data, - ); -} - unsafe extern "C" fn sip_attribute_get_data( - tx: *const c_void, flow_flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32, + _de: *mut DetectEngineThreadCtx, tx: *const c_void, flow_flags: u8, local_id: u32, + buffer: *mut *const u8, buffer_len: *mut u32, ) -> bool { let tx = cast_pointer!(tx, SIPTransaction); let direction = flow_flags.into(); @@ -688,24 +629,9 @@ unsafe extern "C" fn sdp_media_desc_media_setup( return 0; } -unsafe extern "C" fn sdp_media_desc_media_get( - de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8, - tx: *const c_void, list_id: c_int, local_id: u32, -) -> *mut c_void { - return DetectHelperGetMultiData( - de, - transforms, - flow, - flow_flags, - tx, - list_id, - local_id, - sip_media_desc_media_get_data, - ); -} - unsafe extern "C" fn sip_media_desc_media_get_data( - tx: *const c_void, flow_flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32, + _de: *mut DetectEngineThreadCtx, tx: *const c_void, flow_flags: u8, local_id: u32, + buffer: *mut *const u8, buffer_len: *mut u32, ) -> bool { let tx = cast_pointer!(tx, SIPTransaction); let direction = flow_flags.into(); @@ -740,24 +666,9 @@ unsafe extern "C" fn sdp_media_desc_session_info_setup( return 0; } -unsafe extern "C" fn sdp_media_desc_session_info_get( - de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8, - tx: *const c_void, list_id: c_int, local_id: u32, -) -> *mut c_void { - return DetectHelperGetMultiData( - de, - transforms, - flow, - flow_flags, - tx, - list_id, - local_id, - sip_media_desc_session_info_get_data, - ); -} - unsafe extern "C" fn sip_media_desc_session_info_get_data( - tx: *const c_void, flow_flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32, + _de: *mut DetectEngineThreadCtx, tx: *const c_void, flow_flags: u8, local_id: u32, + buffer: *mut *const u8, buffer_len: *mut u32, ) -> bool { let tx = cast_pointer!(tx, SIPTransaction); let direction = flow_flags.into(); @@ -793,24 +704,9 @@ unsafe extern "C" fn sdp_media_desc_connection_data_setup( return 0; } -unsafe extern "C" fn sdp_media_desc_connection_data_get( - de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8, - tx: *const c_void, list_id: c_int, local_id: u32, -) -> *mut c_void { - return DetectHelperGetMultiData( - de, - transforms, - flow, - flow_flags, - tx, - list_id, - local_id, - sip_media_desc_connection_data_get_data, - ); -} - unsafe extern "C" fn sip_media_desc_connection_data_get_data( - tx: *const c_void, flow_flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32, + _de: *mut DetectEngineThreadCtx, tx: *const c_void, flow_flags: u8, local_id: u32, + buffer: *mut *const u8, buffer_len: *mut u32, ) -> bool { let tx = cast_pointer!(tx, SIPTransaction); let direction = flow_flags.into(); @@ -846,24 +742,9 @@ unsafe extern "C" fn sdp_media_desc_encryption_key_setup( return 0; } -unsafe extern "C" fn sdp_media_desc_encryption_key_get( - de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8, - tx: *const c_void, list_id: c_int, local_id: u32, -) -> *mut c_void { - return DetectHelperGetMultiData( - de, - transforms, - flow, - flow_flags, - tx, - list_id, - local_id, - sip_media_desc_encryption_key_get_data, - ); -} - unsafe extern "C" fn sip_media_desc_encryption_key_get_data( - tx: *const c_void, flow_flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32, + _de: *mut DetectEngineThreadCtx, tx: *const c_void, flow_flags: u8, local_id: u32, + buffer: *mut *const u8, buffer_len: *mut u32, ) -> bool { let tx = cast_pointer!(tx, SIPTransaction); let direction = flow_flags.into(); @@ -1007,7 +888,7 @@ pub unsafe extern "C" fn SCDetectSdpRegister() { ALPROTO_SIP, true, true, - sdp_bandwidth_get, + sip_bandwidth_get_data, ); let kw = SigTableElmtStickyBuffer { name: String::from("sdp.time"), @@ -1022,7 +903,7 @@ pub unsafe extern "C" fn SCDetectSdpRegister() { ALPROTO_SIP, true, true, - sdp_time_get, + sdp_time_get_data, ); let kw = SigTableElmtStickyBuffer { name: String::from("sdp.repeat_time"), @@ -1037,7 +918,7 @@ pub unsafe extern "C" fn SCDetectSdpRegister() { ALPROTO_SIP, true, true, - sdp_repeat_time_get, + sdp_repeat_time_get_data, ); let kw = SigTableElmtStickyBuffer { name: String::from("sdp.timezone"), @@ -1082,7 +963,7 @@ pub unsafe extern "C" fn SCDetectSdpRegister() { ALPROTO_SIP, true, true, - sdp_attribute_get, + sip_attribute_get_data, ); let kw = SigTableElmtStickyBuffer { name: String::from("sdp.media.media"), @@ -1099,7 +980,7 @@ pub unsafe extern "C" fn SCDetectSdpRegister() { ALPROTO_SIP, true, true, - sdp_media_desc_media_get, + sip_media_desc_media_get_data, ); let kw = SigTableElmtStickyBuffer { name: String::from("sdp.media.media_info"), @@ -1114,7 +995,7 @@ pub unsafe extern "C" fn SCDetectSdpRegister() { ALPROTO_SIP, true, true, - sdp_media_desc_session_info_get, + sip_media_desc_session_info_get_data, ); let kw = SigTableElmtStickyBuffer { name: String::from("sdp.media.connection_data"), @@ -1129,7 +1010,7 @@ pub unsafe extern "C" fn SCDetectSdpRegister() { ALPROTO_SIP, true, true, - sdp_media_desc_connection_data_get, + sip_media_desc_connection_data_get_data, ); let kw = SigTableElmtStickyBuffer { name: String::from("sdp.media.encryption_key"), @@ -1144,6 +1025,6 @@ pub unsafe extern "C" fn SCDetectSdpRegister() { ALPROTO_SIP, true, true, - sdp_media_desc_encryption_key_get, + sip_media_desc_encryption_key_get_data, ); } diff --git a/rust/src/sip/detect.rs b/rust/src/sip/detect.rs index 1478fa92b3..c1b6e7b56f 100644 --- a/rust/src/sip/detect.rs +++ b/rust/src/sip/detect.rs @@ -17,10 +17,11 @@ // written by Giuseppe Longo +use crate::core::DetectEngineThreadCtx; use crate::detect::{ helper_keyword_register_sticky_buffer, DetectBufferSetActiveList, - DetectHelperBufferMpmRegister, DetectHelperGetData, DetectHelperGetMultiData, - DetectHelperMultiBufferMpmRegister, DetectSignatureSetAppProto, SigTableElmtStickyBuffer, + DetectHelperBufferMpmRegister, DetectHelperGetData, DetectHelperMultiBufferMpmRegister, + DetectSignatureSetAppProto, SigTableElmtStickyBuffer, }; use crate::direction::Direction; use crate::sip::sip::{SIPTransaction, ALPROTO_SIP}; @@ -338,24 +339,9 @@ unsafe extern "C" fn sip_from_hdr_setup( return 0; } -unsafe extern "C" fn sip_from_hdr_get( - de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8, - tx: *const c_void, list_id: c_int, local_id: u32, -) -> *mut c_void { - return DetectHelperGetMultiData( - de, - transforms, - flow, - flow_flags, - tx, - list_id, - local_id, - sip_from_hdr_get_data, - ); -} - unsafe extern "C" fn sip_from_hdr_get_data( - tx: *const c_void, flow_flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32, + _de: *mut DetectEngineThreadCtx, tx: *const c_void, flow_flags: u8, local_id: u32, + buffer: *mut *const u8, buffer_len: *mut u32, ) -> bool { let tx = cast_pointer!(tx, SIPTransaction); if let Some(value) = sip_get_header_value(tx, local_id, flow_flags.into(), "From") { @@ -380,24 +366,9 @@ unsafe extern "C" fn sip_to_hdr_setup( return 0; } -unsafe extern "C" fn sip_to_hdr_get( - de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8, - tx: *const c_void, list_id: c_int, local_id: u32, -) -> *mut c_void { - return DetectHelperGetMultiData( - de, - transforms, - flow, - flow_flags, - tx, - list_id, - local_id, - sip_to_hdr_get_data, - ); -} - unsafe extern "C" fn sip_to_hdr_get_data( - tx: *const c_void, flow_flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32, + _de: *mut DetectEngineThreadCtx, tx: *const c_void, flow_flags: u8, local_id: u32, + buffer: *mut *const u8, buffer_len: *mut u32, ) -> bool { let tx = cast_pointer!(tx, SIPTransaction); if let Some(value) = sip_get_header_value(tx, local_id, flow_flags.into(), "To") { @@ -422,24 +393,9 @@ unsafe extern "C" fn sip_via_hdr_setup( return 0; } -unsafe extern "C" fn sip_via_hdr_get( - de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8, - tx: *const c_void, list_id: c_int, local_id: u32, -) -> *mut c_void { - return DetectHelperGetMultiData( - de, - transforms, - flow, - flow_flags, - tx, - list_id, - local_id, - sip_via_hdr_get_data, - ); -} - unsafe extern "C" fn sip_via_hdr_get_data( - tx: *const c_void, flow_flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32, + _de: *mut DetectEngineThreadCtx, tx: *const c_void, flow_flags: u8, local_id: u32, + buffer: *mut *const u8, buffer_len: *mut u32, ) -> bool { let tx = cast_pointer!(tx, SIPTransaction); if let Some(value) = sip_get_header_value(tx, local_id, flow_flags.into(), "Via") { @@ -464,24 +420,9 @@ unsafe extern "C" fn sip_ua_hdr_setup( return 0; } -unsafe extern "C" fn sip_ua_hdr_get( - de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8, - tx: *const c_void, list_id: c_int, local_id: u32, -) -> *mut c_void { - return DetectHelperGetMultiData( - de, - transforms, - flow, - flow_flags, - tx, - list_id, - local_id, - sip_ua_hdr_get_data, - ); -} - unsafe extern "C" fn sip_ua_hdr_get_data( - tx: *const c_void, flow_flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32, + _de: *mut DetectEngineThreadCtx, tx: *const c_void, flow_flags: u8, local_id: u32, + buffer: *mut *const u8, buffer_len: *mut u32, ) -> bool { let tx = cast_pointer!(tx, SIPTransaction); if let Some(value) = sip_get_header_value(tx, local_id, flow_flags.into(), "User-Agent") { @@ -506,24 +447,9 @@ unsafe extern "C" fn sip_content_type_hdr_setup( return 0; } -unsafe extern "C" fn sip_content_type_hdr_get( - de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8, - tx: *const c_void, list_id: c_int, local_id: u32, -) -> *mut c_void { - return DetectHelperGetMultiData( - de, - transforms, - flow, - flow_flags, - tx, - list_id, - local_id, - sip_content_type_hdr_get_data, - ); -} - unsafe extern "C" fn sip_content_type_hdr_get_data( - tx: *const c_void, flow_flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32, + _de: *mut DetectEngineThreadCtx, tx: *const c_void, flow_flags: u8, local_id: u32, + buffer: *mut *const u8, buffer_len: *mut u32, ) -> bool { let tx = cast_pointer!(tx, SIPTransaction); if let Some(value) = sip_get_header_value(tx, local_id, flow_flags.into(), "Content-Type") { @@ -548,24 +474,9 @@ unsafe extern "C" fn sip_content_length_hdr_setup( return 0; } -unsafe extern "C" fn sip_content_length_hdr_get( - de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8, - tx: *const c_void, list_id: c_int, local_id: u32, -) -> *mut c_void { - return DetectHelperGetMultiData( - de, - transforms, - flow, - flow_flags, - tx, - list_id, - local_id, - sip_content_length_hdr_get_data, - ); -} - unsafe extern "C" fn sip_content_length_hdr_get_data( - tx: *const c_void, flow_flags: u8, local_id: u32, buffer: *mut *const u8, buffer_len: *mut u32, + _de: *mut DetectEngineThreadCtx, tx: *const c_void, flow_flags: u8, local_id: u32, + buffer: *mut *const u8, buffer_len: *mut u32, ) -> bool { let tx = cast_pointer!(tx, SIPTransaction); if let Some(value) = sip_get_header_value(tx, local_id, flow_flags.into(), "Content-Length") { @@ -667,7 +578,7 @@ pub unsafe extern "C" fn SCDetectSipRegister() { ALPROTO_SIP, true, true, - sip_from_hdr_get, + sip_from_hdr_get_data, ); let kw = SigTableElmtStickyBuffer { name: String::from("sip.to"), @@ -682,7 +593,7 @@ pub unsafe extern "C" fn SCDetectSipRegister() { ALPROTO_SIP, true, true, - sip_to_hdr_get, + sip_to_hdr_get_data, ); let kw = SigTableElmtStickyBuffer { name: String::from("sip.via"), @@ -697,7 +608,7 @@ pub unsafe extern "C" fn SCDetectSipRegister() { ALPROTO_SIP, true, true, - sip_via_hdr_get, + sip_via_hdr_get_data, ); let kw = SigTableElmtStickyBuffer { name: String::from("sip.user_agent"), @@ -712,7 +623,7 @@ pub unsafe extern "C" fn SCDetectSipRegister() { ALPROTO_SIP, true, true, - sip_ua_hdr_get, + sip_ua_hdr_get_data, ); let kw = SigTableElmtStickyBuffer { name: String::from("sip.content_type"), @@ -727,7 +638,7 @@ pub unsafe extern "C" fn SCDetectSipRegister() { ALPROTO_SIP, true, true, - sip_content_type_hdr_get, + sip_content_type_hdr_get_data, ); let kw = SigTableElmtStickyBuffer { name: String::from("sip.content_length"), @@ -742,6 +653,6 @@ pub unsafe extern "C" fn SCDetectSipRegister() { ALPROTO_SIP, true, true, - sip_content_length_hdr_get, + sip_content_length_hdr_get_data, ); } diff --git a/src/detect-dns-name.c b/src/detect-dns-name.c index d8c729d854..5a2b75aa25 100644 --- a/src/detect-dns-name.c +++ b/src/detect-dns-name.c @@ -77,80 +77,6 @@ static int SetupAuthoritiesBuffer(DetectEngineCtx *de_ctx, Signature *s, const c return DetectSetup(de_ctx, s, str, authority_buffer_id); } -static InspectionBuffer *GetBuffer(DetectEngineThreadCtx *det_ctx, - const DetectEngineTransforms *transforms, Flow *f, uint8_t flags, void *txv, int list_id, - uint32_t index, enum DnsSection what) -{ - InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, index); - if (buffer == NULL) { - return NULL; - } - if (buffer->initialized) { - return buffer; - } - - bool to_client = (flags & STREAM_TOSERVER) == 0; - const uint8_t *data = NULL; - uint32_t data_len = 0; - - bool ok = false; - switch (what) { - case DNS_QUERY: - ok = SCDnsTxGetQueryName(txv, to_client, index, &data, &data_len); - break; - case DNS_ANSWER: - ok = SCDnsTxGetAnswerName(txv, to_client, index, &data, &data_len); - break; - case DNS_AUTHORITY: - ok = SCDnsTxGetAuthorityName(txv, index, &data, &data_len); - break; - case DNS_ADDITIONAL: - ok = SCDnsTxGetAdditionalName(txv, index, &data, &data_len); - break; - default: - DEBUG_VALIDATE_BUG_ON("unhandled dns rrname type"); - InspectionBufferSetupMultiEmpty(buffer); - return NULL; - } - - if (ok) { - InspectionBufferSetupMulti(det_ctx, buffer, transforms, data, data_len); - buffer->flags = DETECT_CI_FLAGS_SINGLE; - return buffer; - } - - InspectionBufferSetupMultiEmpty(buffer); - return NULL; -} - -static InspectionBuffer *GetQueryBuffer(DetectEngineThreadCtx *det_ctx, - const DetectEngineTransforms *transforms, Flow *f, uint8_t flags, void *txv, int list_id, - uint32_t index) -{ - return GetBuffer(det_ctx, transforms, f, flags, txv, list_id, index, DNS_QUERY); -} - -static InspectionBuffer *GetAnswerBuffer(DetectEngineThreadCtx *det_ctx, - const DetectEngineTransforms *transforms, Flow *f, uint8_t flags, void *txv, int list_id, - uint32_t index) -{ - return GetBuffer(det_ctx, transforms, f, flags, txv, list_id, index, DNS_ANSWER); -} - -static InspectionBuffer *GetAuthorityBuffer(DetectEngineThreadCtx *det_ctx, - const DetectEngineTransforms *transforms, Flow *f, uint8_t flags, void *txv, int list_id, - uint32_t index) -{ - return GetBuffer(det_ctx, transforms, f, flags, txv, list_id, index, DNS_AUTHORITY); -} - -static InspectionBuffer *GetAdditionalBuffer(DetectEngineThreadCtx *det_ctx, - const DetectEngineTransforms *transforms, Flow *f, uint8_t flags, void *txv, int list_id, - uint32_t index) -{ - return GetBuffer(det_ctx, transforms, f, flags, txv, list_id, index, DNS_ADDITIONAL); -} - static int Register(const char *keyword, const char *desc, const char *doc, int (*Setup)(DetectEngineCtx *, Signature *, const char *), InspectionMultiBufferGetDataPtr GetBufferFn) @@ -175,14 +101,14 @@ static int Register(const char *keyword, const char *desc, const char *doc, void DetectDnsNameRegister(void) { query_buffer_id = Register("dns.queries.rrname", "DNS query rrname sticky buffer", - "/rules/dns-keywords.html#dns.queries.rrname", SetupQueryBuffer, GetQueryBuffer); + "/rules/dns-keywords.html#dns.queries.rrname", SetupQueryBuffer, SCDnsTxGetQueryName); answer_buffer_id = Register("dns.answers.rrname", "DNS answer rrname sticky buffer", - "/rules/dns-keywords.html#dns.answers.rrname", SetupAnswerBuffer, GetAnswerBuffer); + "/rules/dns-keywords.html#dns.answers.rrname", SetupAnswerBuffer, SCDnsTxGetAnswerName); additional_buffer_id = Register("dns.additionals.rrname", "DNS additionals rrname sticky buffer", "/rules/dns-keywords.html#dns-additionals-rrname", SetupAdditionalsBuffer, - GetAdditionalBuffer); + SCDnsTxGetAdditionalName); authority_buffer_id = Register("dns.authorities.rrname", "DNS authorities rrname sticky buffer", "/rules/dns-keywords.html#dns-authorities-rrname", SetupAuthoritiesBuffer, - GetAuthorityBuffer); + SCDnsTxGetAuthorityName); } diff --git a/src/detect-dns-response.c b/src/detect-dns-response.c index f616877264..9df17e4937 100644 --- a/src/detect-dns-response.c +++ b/src/detect-dns-response.c @@ -110,25 +110,29 @@ static InspectionBuffer *GetBuffer(DetectEngineThreadCtx *det_ctx, uint8_t flags /* Get name values. */ switch (cbdata->response_section) { case DNS_RESPONSE_QUERY: - if (!SCDnsTxGetQueryName(txv, true, cbdata->response_id, &data, &data_len)) { + if (!SCDnsTxGetQueryName( + det_ctx, txv, STREAM_TOCLIENT, cbdata->response_id, &data, &data_len)) { InspectionBufferSetupMultiEmpty(buffer); return NULL; } break; case DNS_RESPONSE_ANSWER: - if (!SCDnsTxGetAnswerName(txv, true, cbdata->response_id, &data, &data_len)) { + if (!SCDnsTxGetAnswerName( + det_ctx, txv, STREAM_TOCLIENT, cbdata->response_id, &data, &data_len)) { InspectionBufferSetupMultiEmpty(buffer); return NULL; } break; case DNS_RESPONSE_AUTHORITY: - if (!SCDnsTxGetAuthorityName(txv, cbdata->response_id, &data, &data_len)) { + if (!SCDnsTxGetAuthorityName( + det_ctx, txv, 0, cbdata->response_id, &data, &data_len)) { InspectionBufferSetupMultiEmpty(buffer); return NULL; } break; case DNS_RESPONSE_ADDITIONAL: - if (!SCDnsTxGetAdditionalName(txv, cbdata->response_id, &data, &data_len)) { + if (!SCDnsTxGetAdditionalName( + det_ctx, txv, 0, cbdata->response_id, &data, &data_len)) { InspectionBufferSetupMultiEmpty(buffer); return NULL; } diff --git a/src/detect-email.c b/src/detect-email.c index 87310f28c8..09a721a99a 100644 --- a/src/detect-email.c +++ b/src/detect-email.c @@ -287,32 +287,18 @@ static int DetectMimeEmailUrlSetup(DetectEngineCtx *de_ctx, Signature *s, const return 0; } -static InspectionBuffer *GetMimeEmailUrlData(DetectEngineThreadCtx *det_ctx, - const DetectEngineTransforms *transforms, Flow *f, const uint8_t _flow_flags, void *txv, - const int list_id, uint32_t idx) +static bool GetMimeEmailUrlData(DetectEngineThreadCtx *det_ctx, const void *txv, + const uint8_t flags, uint32_t idx, const uint8_t **buf, uint32_t *buf_len) { - InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, idx); - if (buffer == NULL || buffer->initialized) - return buffer; - SMTPTransaction *tx = (SMTPTransaction *)txv; - - const uint8_t *b_email_url = NULL; - uint32_t b_email_url_len = 0; - if (tx->mime_state == NULL) { - InspectionBufferSetupMultiEmpty(buffer); - return NULL; + return false; } - if (SCDetectMimeEmailGetUrl(tx->mime_state, &b_email_url, &b_email_url_len, idx) != 1) { - InspectionBufferSetupMultiEmpty(buffer); - return NULL; + if (SCDetectMimeEmailGetUrl(tx->mime_state, buf, buf_len, idx) != 1) { + return false; } - - InspectionBufferSetupMulti(det_ctx, buffer, transforms, b_email_url, b_email_url_len); - buffer->flags = DETECT_CI_FLAGS_SINGLE; - return buffer; + return true; } static int DetectMimeEmailReceivedSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg) @@ -326,33 +312,19 @@ static int DetectMimeEmailReceivedSetup(DetectEngineCtx *de_ctx, Signature *s, c return 0; } -static InspectionBuffer *GetMimeEmailReceivedData(DetectEngineThreadCtx *det_ctx, - const DetectEngineTransforms *transforms, Flow *f, const uint8_t _flow_flags, void *txv, - const int list_id, uint32_t idx) +static bool GetMimeEmailReceivedData(DetectEngineThreadCtx *det_ctx, const void *txv, + const uint8_t flags, uint32_t idx, const uint8_t **buf, uint32_t *buf_len) { - InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, idx); - if (buffer == NULL || buffer->initialized) - return buffer; - SMTPTransaction *tx = (SMTPTransaction *)txv; - const uint8_t *b_email_received = NULL; - uint32_t b_email_received_len = 0; - if (tx->mime_state == NULL) { - InspectionBufferSetupMultiEmpty(buffer); - return NULL; + return false; } - if (SCDetectMimeEmailGetDataArray( - tx->mime_state, &b_email_received, &b_email_received_len, "received", idx) != 1) { - InspectionBufferSetupMultiEmpty(buffer); - return NULL; + if (SCDetectMimeEmailGetDataArray(tx->mime_state, buf, buf_len, "received", idx) != 1) { + return false; } - - InspectionBufferSetupMulti(det_ctx, buffer, transforms, b_email_received, b_email_received_len); - buffer->flags = DETECT_CI_FLAGS_SINGLE; - return buffer; + return true; } void DetectEmailRegister(void) diff --git a/src/detect-engine-helper.c b/src/detect-engine-helper.c index 921981f365..410c8b9200 100644 --- a/src/detect-engine-helper.c +++ b/src/detect-engine-helper.c @@ -169,30 +169,6 @@ int DetectHelperTransformRegister(const SCTransformTableElmt *kw) return transform_id; } -InspectionBuffer *DetectHelperGetMultiData(struct DetectEngineThreadCtx_ *det_ctx, - const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv, - const int list_id, uint32_t index, MultiGetTxBuffer GetBuf) -{ - InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, index); - if (buffer == NULL) { - return NULL; - } - if (buffer->initialized) { - return buffer; - } - - const uint8_t *data = NULL; - uint32_t data_len = 0; - - if (!GetBuf(txv, flow_flags, index, &data, &data_len)) { - InspectionBufferSetupMultiEmpty(buffer); - return NULL; - } - InspectionBufferSetupMulti(det_ctx, buffer, transforms, data, data_len); - buffer->flags = DETECT_CI_FLAGS_SINGLE; - return buffer; -} - const uint8_t *InspectionBufferPtr(InspectionBuffer *buf) { return buf->inspect; diff --git a/src/detect-engine-helper.h b/src/detect-engine-helper.h index 5524cc0018..36b1c43694 100644 --- a/src/detect-engine-helper.h +++ b/src/detect-engine-helper.h @@ -35,7 +35,6 @@ void DetectHelperKeywordAliasRegister(int kwid, const char *alias); int DetectHelperBufferRegister(const char *name, AppProto alproto, bool toclient, bool toserver); typedef bool (*SimpleGetTxBuffer)(void *, uint8_t, const uint8_t **, uint32_t *); -typedef bool (*MultiGetTxBuffer)(void *, uint8_t, uint32_t, const uint8_t **, uint32_t *); InspectionBuffer *DetectHelperGetData(struct DetectEngineThreadCtx_ *det_ctx, const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv, @@ -47,10 +46,6 @@ int DetectHelperMultiBufferMpmRegister(const char *name, const char *desc, AppPr int DetectHelperMultiBufferProgressMpmRegister(const char *name, const char *desc, AppProto alproto, bool toclient, bool toserver, InspectionMultiBufferGetDataPtr GetData, int progress); -InspectionBuffer *DetectHelperGetMultiData(struct DetectEngineThreadCtx_ *det_ctx, - const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv, - const int list_id, uint32_t index, MultiGetTxBuffer GetBuf); - int DetectHelperTransformRegister(const SCTransformTableElmt *kw); const uint8_t *InspectionBufferPtr(InspectionBuffer *buf); uint32_t InspectionBufferLength(InspectionBuffer *buf); diff --git a/src/detect-engine-prefilter.c b/src/detect-engine-prefilter.c index 37e7167575..4062280cba 100644 --- a/src/detect-engine-prefilter.c +++ b/src/detect-engine-prefilter.c @@ -1583,8 +1583,8 @@ static void PrefilterMultiMpm(DetectEngineThreadCtx *det_ctx, const void *pectx, do { // loop until we get a NULL - InspectionBuffer *buffer = - ctx->GetData(det_ctx, ctx->transforms, f, flags, txv, ctx->list_id, local_id); + InspectionBuffer *buffer = DetectGetMultiData( + det_ctx, ctx->transforms, f, flags, txv, ctx->list_id, local_id, ctx->GetData); if (buffer == NULL) break; diff --git a/src/detect-engine.c b/src/detect-engine.c index 6a71984201..061b7c08f7 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -2308,6 +2308,30 @@ void DetectAppLayerMultiRegister(const char *name, AppProto alproto, uint32_t di alproto, tx_min_progress); } +InspectionBuffer *DetectGetMultiData(struct DetectEngineThreadCtx_ *det_ctx, + const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv, + const int list_id, uint32_t index, InspectionMultiBufferGetDataPtr GetBuf) +{ + InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, index); + if (buffer == NULL) { + return NULL; + } + if (buffer->initialized) { + return buffer; + } + + const uint8_t *data = NULL; + uint32_t data_len = 0; + + if (!GetBuf(det_ctx, txv, flow_flags, index, &data, &data_len)) { + InspectionBufferSetupMultiEmpty(buffer); + return NULL; + } + InspectionBufferSetupMulti(det_ctx, buffer, transforms, data, data_len); + buffer->flags = DETECT_CI_FLAGS_SINGLE; + return buffer; +} + uint8_t DetectEngineInspectMultiBufferGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) @@ -2319,8 +2343,8 @@ uint8_t DetectEngineInspectMultiBufferGeneric(DetectEngineCtx *de_ctx, } do { - InspectionBuffer *buffer = engine->v2.GetMultiData( - det_ctx, transforms, f, flags, txv, engine->sm_list, local_id); + InspectionBuffer *buffer = DetectGetMultiData(det_ctx, transforms, f, flags, txv, + engine->sm_list, local_id, engine->v2.GetMultiData); if (buffer == NULL || buffer->inspect == NULL) break; diff --git a/src/detect-engine.h b/src/detect-engine.h index d40be2e062..6ee7b183dd 100644 --- a/src/detect-engine.h +++ b/src/detect-engine.h @@ -151,6 +151,9 @@ uint8_t DetectEngineInspectBufferGeneric(DetectEngineCtx *de_ctx, DetectEngineTh const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); +InspectionBuffer *DetectGetMultiData(struct DetectEngineThreadCtx_ *det_ctx, + const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv, + const int list_id, uint32_t index, InspectionMultiBufferGetDataPtr GetBuf); uint8_t DetectEngineInspectMultiBufferGeneric(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id); diff --git a/src/detect-ftp-reply.c b/src/detect-ftp-reply.c index f90e7d5328..f025ccbfe0 100644 --- a/src/detect-ftp-reply.c +++ b/src/detect-ftp-reply.c @@ -59,8 +59,8 @@ static int DetectFtpReplySetup(DetectEngineCtx *de_ctx, Signature *s, const char return 0; } -static bool DetectFTPReplyGetData(void *txv, uint8_t _flow_flags, uint32_t index, - const uint8_t **buffer, uint32_t *buffer_len) +static bool DetectFTPReplyGetData(DetectEngineThreadCtx *_det_ctx, const void *txv, + uint8_t _flow_flags, uint32_t index, const uint8_t **buffer, uint32_t *buffer_len) { FTPTransaction *tx = (FTPTransaction *)txv; @@ -86,14 +86,6 @@ static bool DetectFTPReplyGetData(void *txv, uint8_t _flow_flags, uint32_t index return false; } -static InspectionBuffer *GetDataWrapper(DetectEngineThreadCtx *det_ctx, - const DetectEngineTransforms *transforms, Flow *_f, const uint8_t _flow_flags, void *txv, - const int list_id, uint32_t index) -{ - return DetectHelperGetMultiData( - det_ctx, transforms, _f, _flow_flags, txv, list_id, index, DetectFTPReplyGetData); -} - void DetectFtpReplyRegister(void) { /* ftp.reply sticky buffer */ @@ -104,7 +96,7 @@ void DetectFtpReplyRegister(void) sigmatch_table[DETECT_FTP_REPLY].flags |= SIGMATCH_NOOPT; DetectAppLayerMultiRegister( - BUFFER_NAME, ALPROTO_FTP, SIG_FLAG_TOCLIENT, 0, GetDataWrapper, 2, 1); + BUFFER_NAME, ALPROTO_FTP, SIG_FLAG_TOCLIENT, 0, DetectFTPReplyGetData, 2, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-http-header.c b/src/detect-http-header.c index 094375f42e..746a3b42d0 100644 --- a/src/detect-http-header.c +++ b/src/detect-http-header.c @@ -496,47 +496,11 @@ static void HttpMultiBufHeaderThreadDataFree(void *data) SCFree(td); } -static InspectionBuffer *GetHttp2HeaderData(DetectEngineThreadCtx *det_ctx, - const DetectEngineTransforms *transforms, Flow *f, const uint8_t flags, void *txv, - int list_id, uint32_t local_id) +static bool GetHttp1HeaderData(DetectEngineThreadCtx *det_ctx, const void *txv, const uint8_t flags, + uint32_t local_id, const uint8_t **buf, uint32_t *buf_len) { SCEnter(); - InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, local_id); - if (buffer == NULL) - return NULL; - if (buffer->initialized) - return buffer; - - uint32_t b_len = 0; - const uint8_t *b = NULL; - - if (rs_http2_tx_get_header(txv, flags, local_id, &b, &b_len) != 1) { - InspectionBufferSetupMultiEmpty(buffer); - return NULL; - } - if (b == NULL || b_len == 0) { - InspectionBufferSetupMultiEmpty(buffer); - return NULL; - } - - InspectionBufferSetupMulti(det_ctx, buffer, transforms, b, b_len); - buffer->flags = DETECT_CI_FLAGS_SINGLE; - - SCReturnPtr(buffer, "InspectionBuffer"); -} - -static InspectionBuffer *GetHttp1HeaderData(DetectEngineThreadCtx *det_ctx, - const DetectEngineTransforms *transforms, Flow *f, const uint8_t flags, void *txv, - int list_id, uint32_t local_id) -{ - SCEnter(); - InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, local_id); - if (buffer == NULL) - return NULL; - if (buffer->initialized) - return buffer; - int kw_thread_id; if (flags & STREAM_TOSERVER) { kw_thread_id = g_request_header_thread_id; @@ -546,7 +510,7 @@ static InspectionBuffer *GetHttp1HeaderData(DetectEngineThreadCtx *det_ctx, HttpMultiBufHeaderThreadData *hdr_td = DetectThreadCtxGetGlobalKeywordThreadCtx(det_ctx, kw_thread_id); if (unlikely(hdr_td == NULL)) { - return NULL; + return false; } htp_tx_t *tx = (htp_tx_t *)txv; @@ -598,13 +562,11 @@ static InspectionBuffer *GetHttp1HeaderData(DetectEngineThreadCtx *det_ctx, // hdr_td->len is the number of header buffers if (local_id < hdr_td->len) { // we have one valid header buffer - InspectionBufferSetupMulti(det_ctx, buffer, transforms, hdr_td->items[local_id].buffer, - hdr_td->items[local_id].len); - buffer->flags = DETECT_CI_FLAGS_SINGLE; - SCReturnPtr(buffer, "InspectionBuffer"); + *buf = hdr_td->items[local_id].buffer; + *buf_len = hdr_td->items[local_id].len; + return true; } // else there are no more header buffer to get - InspectionBufferSetupMultiEmpty(buffer); - return NULL; + return false; } static int DetectHTTPRequestHeaderSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg) @@ -629,7 +591,7 @@ void DetectHttpRequestHeaderRegister(void) SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; DetectAppLayerMultiRegister("http_request_header", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, - HTTP2StateOpen, GetHttp2HeaderData, 2, HTTP2StateOpen); + HTTP2StateOpen, rs_http2_tx_get_header, 2, HTTP2StateOpen); DetectAppLayerMultiRegister("http_request_header", ALPROTO_HTTP1, SIG_FLAG_TOSERVER, HTP_REQUEST_PROGRESS_HEADERS, GetHttp1HeaderData, 2, HTP_REQUEST_PROGRESS_HEADERS); @@ -662,7 +624,7 @@ void DetectHttpResponseHeaderRegister(void) SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; DetectAppLayerMultiRegister("http_response_header", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, - HTTP2StateOpen, GetHttp2HeaderData, 2, HTTP2StateOpen); + HTTP2StateOpen, rs_http2_tx_get_header, 2, HTTP2StateOpen); DetectAppLayerMultiRegister("http_response_header", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT, HTP_RESPONSE_PROGRESS_HEADERS, GetHttp1HeaderData, 2, HTP_RESPONSE_PROGRESS_HEADERS); diff --git a/src/detect-http2.c b/src/detect-http2.c index ab64e5e5f4..f0bc0daa81 100644 --- a/src/detect-http2.c +++ b/src/detect-http2.c @@ -99,14 +99,6 @@ static int g_http2_header_name_buffer_id = 0; * \brief Registration function for HTTP2 keywords */ -static InspectionBuffer *GetHttp2HNameData(DetectEngineThreadCtx *det_ctx, - const DetectEngineTransforms *transforms, Flow *_f, const uint8_t flags, void *txv, - int list_id, uint32_t local_id) -{ - return DetectHelperGetMultiData(det_ctx, transforms, _f, flags, txv, list_id, local_id, - (MultiGetTxBuffer)rs_http2_tx_get_header_name); -} - void DetectHttp2Register(void) { sigmatch_table[DETECT_HTTP2_FRAMETYPE].name = "http2.frametype"; @@ -182,9 +174,10 @@ void DetectHttp2Register(void) sigmatch_table[DETECT_HTTP2_HEADERNAME].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; DetectAppLayerMultiRegister("http2_header_name", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT, - HTTP2StateOpen, GetHttp2HNameData, 2, HTTP2StateOpen); + HTTP2StateOpen, rs_http2_tx_get_header_name, 2, HTTP2StateOpen); DetectAppLayerMultiRegister("http2_header_name", ALPROTO_HTTP2, SIG_FLAG_TOSERVER, - HTTP2StateOpen, GetHttp2HNameData, 2, HTTP2StateOpen); + HTTP2StateOpen, rs_http2_tx_get_header_name, 2, HTTP2StateOpen); + DetectBufferTypeSupportsMultiInstance("http2_header_name"); DetectBufferTypeSetDescriptionByName("http2_header_name", "HTTP2 header name"); diff --git a/src/detect-ike-vendor.c b/src/detect-ike-vendor.c index f7b5d546b2..dad081dd11 100644 --- a/src/detect-ike-vendor.c +++ b/src/detect-ike-vendor.c @@ -39,31 +39,6 @@ static int DetectIkeVendorSetup(DetectEngineCtx *, Signature *, const char *); static int g_ike_vendor_buffer_id = 0; -static InspectionBuffer *IkeVendorGetData(DetectEngineThreadCtx *det_ctx, - const DetectEngineTransforms *transforms, Flow *f, const uint8_t flags, void *txv, - int list_id, uint32_t local_id) -{ - SCEnter(); - - InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, local_id); - if (buffer == NULL) - return NULL; - if (buffer->initialized) - return buffer; - - const uint8_t *data; - uint32_t data_len; - if (rs_ike_tx_get_vendor(txv, local_id, &data, &data_len) == 0) { - InspectionBufferSetupMultiEmpty(buffer); - return NULL; - } - - InspectionBufferSetupMulti(det_ctx, buffer, transforms, data, data_len); - buffer->flags = DETECT_CI_FLAGS_SINGLE; - - SCReturnPtr(buffer, "InspectionBuffer"); -} - /** * \brief Registration function for ike.vendor keyword. */ @@ -77,7 +52,7 @@ void DetectIkeVendorRegister(void) sigmatch_table[DETECT_IKE_VENDOR].flags |= SIGMATCH_INFO_STICKY_BUFFER; DetectAppLayerMultiRegister( - "ike.vendor", ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, IkeVendorGetData, 1, 1); + "ike.vendor", ALPROTO_IKE, SIG_FLAG_TOSERVER, 1, rs_ike_tx_get_vendor, 1, 1); g_ike_vendor_buffer_id = DetectBufferTypeGetByName("ike.vendor"); diff --git a/src/detect-krb5-cname.c b/src/detect-krb5-cname.c index 3966c2daeb..b46997a16e 100644 --- a/src/detect-krb5-cname.c +++ b/src/detect-krb5-cname.c @@ -49,36 +49,6 @@ static int DetectKrb5CNameSetup(DetectEngineCtx *de_ctx, Signature *s, const cha return 0; } -static InspectionBuffer *GetKrb5CNameData(DetectEngineThreadCtx *det_ctx, - const DetectEngineTransforms *transforms, Flow *f, const uint8_t flags, void *txv, - int list_id, uint32_t local_id) -{ - SCEnter(); - - InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, local_id); - if (buffer == NULL) - return NULL; - if (buffer->initialized) - return buffer; - - uint32_t b_len = 0; - const uint8_t *b = NULL; - - if (rs_krb5_tx_get_cname(txv, local_id, &b, &b_len) != 1) { - InspectionBufferSetupMultiEmpty(buffer); - return NULL; - } - if (b == NULL || b_len == 0) { - InspectionBufferSetupMultiEmpty(buffer); - return NULL; - } - - InspectionBufferSetupMulti(det_ctx, buffer, transforms, b, b_len); - buffer->flags = DETECT_CI_FLAGS_SINGLE; - - SCReturnPtr(buffer, "InspectionBuffer"); -} - void DetectKrb5CNameRegister(void) { sigmatch_table[DETECT_KRB5_CNAME].name = "krb5.cname"; @@ -89,7 +59,7 @@ void DetectKrb5CNameRegister(void) sigmatch_table[DETECT_KRB5_CNAME].desc = "sticky buffer to match on Kerberos 5 client name"; DetectAppLayerMultiRegister( - "krb5_cname", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, GetKrb5CNameData, 2, 1); + "krb5_cname", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, rs_krb5_tx_get_cname, 2, 1); DetectBufferTypeSetDescriptionByName("krb5_cname", "Kerberos 5 ticket client name"); diff --git a/src/detect-krb5-sname.c b/src/detect-krb5-sname.c index 5c6c426c4f..e3eb8ca39b 100644 --- a/src/detect-krb5-sname.c +++ b/src/detect-krb5-sname.c @@ -49,36 +49,6 @@ static int DetectKrb5SNameSetup(DetectEngineCtx *de_ctx, Signature *s, const cha return 0; } -static InspectionBuffer *GetKrb5SNameData(DetectEngineThreadCtx *det_ctx, - const DetectEngineTransforms *transforms, Flow *f, const uint8_t flags, void *txv, - int list_id, uint32_t local_id) -{ - SCEnter(); - - InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, local_id); - if (buffer == NULL) - return NULL; - if (buffer->initialized) - return buffer; - - uint32_t b_len = 0; - const uint8_t *b = NULL; - - if (rs_krb5_tx_get_sname(txv, local_id, &b, &b_len) != 1) { - InspectionBufferSetupMultiEmpty(buffer); - return NULL; - } - if (b == NULL || b_len == 0) { - InspectionBufferSetupMultiEmpty(buffer); - return NULL; - } - - InspectionBufferSetupMulti(det_ctx, buffer, transforms, b, b_len); - buffer->flags = DETECT_CI_FLAGS_SINGLE; - - SCReturnPtr(buffer, "InspectionBuffer"); -} - void DetectKrb5SNameRegister(void) { sigmatch_table[DETECT_KRB5_SNAME].name = "krb5.sname"; @@ -89,7 +59,7 @@ void DetectKrb5SNameRegister(void) sigmatch_table[DETECT_KRB5_SNAME].desc = "sticky buffer to match on Kerberos 5 server name"; DetectAppLayerMultiRegister( - "krb5_sname", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, GetKrb5SNameData, 2, 1); + "krb5_sname", ALPROTO_KRB5, SIG_FLAG_TOCLIENT, 0, rs_krb5_tx_get_sname, 2, 1); DetectBufferTypeSetDescriptionByName("krb5_sname", "Kerberos 5 ticket server name"); diff --git a/src/detect-quic-cyu-hash.c b/src/detect-quic-cyu-hash.c index b51f0443ac..587a804e5d 100644 --- a/src/detect-quic-cyu-hash.c +++ b/src/detect-quic-cyu-hash.c @@ -55,33 +55,6 @@ static int DetectQuicCyuHashSetup(DetectEngineCtx *de_ctx, Signature *s, const c return 0; } -static InspectionBuffer *QuicHashGetData(DetectEngineThreadCtx *det_ctx, - const DetectEngineTransforms *transforms, Flow *f, const uint8_t flags, void *txv, - int list_id, uint32_t local_id) -{ - SCEnter(); - - if (local_id > UINT16_MAX) - return NULL; - InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, local_id); - if (buffer == NULL) - return NULL; - if (buffer->initialized) - return buffer; - - const uint8_t *data; - uint32_t data_len; - if (rs_quic_tx_get_cyu_hash(txv, local_id, &data, &data_len) == 0) { - InspectionBufferSetupMultiEmpty(buffer); - return NULL; - } - - InspectionBufferSetupMulti(det_ctx, buffer, transforms, data, data_len); - buffer->flags = DETECT_CI_FLAGS_SINGLE; - - SCReturnPtr(buffer, "InspectionBuffer"); -} - void DetectQuicCyuHashRegister(void) { /* quic.cyu.hash sticky buffer */ @@ -95,7 +68,7 @@ void DetectQuicCyuHashRegister(void) #endif DetectAppLayerMultiRegister( - BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 0, QuicHashGetData, 2, 1); + BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 0, rs_quic_tx_get_cyu_hash, 2, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-quic-cyu-string.c b/src/detect-quic-cyu-string.c index e4ca367322..1681212d3b 100644 --- a/src/detect-quic-cyu-string.c +++ b/src/detect-quic-cyu-string.c @@ -53,31 +53,6 @@ static int DetectQuicCyuStringSetup(DetectEngineCtx *de_ctx, Signature *s, const return 0; } -static InspectionBuffer *QuicStringGetData(DetectEngineThreadCtx *det_ctx, - const DetectEngineTransforms *transforms, Flow *f, const uint8_t flags, void *txv, - int list_id, uint32_t local_id) -{ - SCEnter(); - - InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, local_id); - if (buffer == NULL) - return NULL; - if (buffer->initialized) - return buffer; - - const uint8_t *data; - uint32_t data_len; - if (rs_quic_tx_get_cyu_string(txv, local_id, &data, &data_len) == 0) { - InspectionBufferSetupMultiEmpty(buffer); - return NULL; - } - - InspectionBufferSetupMulti(det_ctx, buffer, transforms, data, data_len); - buffer->flags = DETECT_CI_FLAGS_SINGLE; - - SCReturnPtr(buffer, "InspectionBuffer"); -} - void DetectQuicCyuStringRegister(void) { /* quic.cyu.string sticky buffer */ @@ -91,7 +66,7 @@ void DetectQuicCyuStringRegister(void) #endif DetectAppLayerMultiRegister( - BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 0, QuicStringGetData, 2, 1); + BUFFER_NAME, ALPROTO_QUIC, SIG_FLAG_TOSERVER, 0, rs_quic_tx_get_cyu_string, 2, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-smtp.c b/src/detect-smtp.c index 23b6c4635f..af07e706ed 100644 --- a/src/detect-smtp.c +++ b/src/detect-smtp.c @@ -100,18 +100,12 @@ static int DetectSmtpRcptToSetup(DetectEngineCtx *de_ctx, Signature *s, const ch return 0; } -static InspectionBuffer *GetSmtpRcptToData(DetectEngineThreadCtx *det_ctx, - const DetectEngineTransforms *transforms, Flow *f, const uint8_t _flow_flags, void *txv, - const int list_id, uint32_t idx) +static bool GetSmtpRcptToData(DetectEngineThreadCtx *_det_ctx, const void *txv, uint8_t _flow_flags, + uint32_t idx, const uint8_t **buffer, uint32_t *buffer_len) { - InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, idx); - if (buffer == NULL || buffer->initialized) - return buffer; - SMTPTransaction *tx = (SMTPTransaction *)txv; if (TAILQ_EMPTY(&tx->rcpt_to_list)) { - InspectionBufferSetupMultiEmpty(buffer); - return NULL; + return false; } SMTPString *s; @@ -125,13 +119,12 @@ static InspectionBuffer *GetSmtpRcptToData(DetectEngineThreadCtx *det_ctx, } } if (s == NULL) { - InspectionBufferSetupMultiEmpty(buffer); - return NULL; + return false; } - InspectionBufferSetupMulti(det_ctx, buffer, transforms, s->str, s->len); - buffer->flags = DETECT_CI_FLAGS_SINGLE; - return buffer; + *buffer = s->str; + *buffer_len = s->len; + return true; } void SCDetectSMTPRegister(void) diff --git a/src/detect-tls-alpn.c b/src/detect-tls-alpn.c index f7907ec713..ca447d2e2f 100644 --- a/src/detect-tls-alpn.c +++ b/src/detect-tls-alpn.c @@ -52,12 +52,45 @@ #include "util-profiling.h" static int DetectTlsAlpnSetup(DetectEngineCtx *, Signature *, const char *); -static InspectionBuffer *TlsAlpnGetData(DetectEngineThreadCtx *det_ctx, - const DetectEngineTransforms *transforms, Flow *f, uint8_t flags, void *txv, int list_id, - uint32_t index); - static int g_tls_alpn_buffer_id = 0; +static bool TlsAlpnGetData(DetectEngineThreadCtx *det_ctx, const void *txv, const uint8_t flags, + uint32_t idx, const uint8_t **buf, uint32_t *buf_len) +{ + SCEnter(); + + const SSLState *ssl_state = (SSLState *)txv; + const SSLStateConnp *connp; + + if (flags & STREAM_TOSERVER) { + connp = &ssl_state->client_connp; + } else { + connp = &ssl_state->server_connp; + } + + if (TAILQ_EMPTY(&connp->alpns)) { + return false; + } + + SSLAlpns *a; + if (idx == 0) { + a = TAILQ_FIRST(&connp->alpns); + } else { + // TODO optimize ? + a = TAILQ_FIRST(&connp->alpns); + for (uint32_t i = 0; i < idx; i++) { + a = TAILQ_NEXT(a, next); + } + } + if (a == NULL) { + return false; + } + + *buf = a->alpn; + *buf_len = a->size; + return true; +} + /** * \brief Registration function for keyword: tls.alpn */ @@ -102,47 +135,3 @@ static int DetectTlsAlpnSetup(DetectEngineCtx *de_ctx, Signature *s, const char return 0; } - -static InspectionBuffer *TlsAlpnGetData(DetectEngineThreadCtx *det_ctx, - const DetectEngineTransforms *transforms, Flow *f, uint8_t flags, void *txv, int list_id, - uint32_t idx) -{ - SCEnter(); - InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, idx); - if (buffer == NULL || buffer->initialized) - return buffer; - - const SSLState *ssl_state = (SSLState *)f->alstate; - const SSLStateConnp *connp; - - if (flags & STREAM_TOSERVER) { - connp = &ssl_state->client_connp; - } else { - connp = &ssl_state->server_connp; - } - - if (TAILQ_EMPTY(&connp->alpns)) { - InspectionBufferSetupMultiEmpty(buffer); - return NULL; - } - - SSLAlpns *a; - if (idx == 0) { - a = TAILQ_FIRST(&connp->alpns); - } else { - // TODO optimize ? - a = TAILQ_FIRST(&connp->alpns); - for (uint32_t i = 0; i < idx; i++) { - a = TAILQ_NEXT(a, next); - } - } - if (a == NULL) { - InspectionBufferSetupMultiEmpty(buffer); - return NULL; - } - - InspectionBufferSetupMulti(det_ctx, buffer, transforms, a->alpn, a->size); - buffer->flags = DETECT_CI_FLAGS_SINGLE; - - SCReturnPtr(buffer, "InspectionBuffer"); -} diff --git a/src/detect-tls-certs.c b/src/detect-tls-certs.c index fdf2f5a90f..86e2164eb6 100644 --- a/src/detect-tls-certs.c +++ b/src/detect-tls-certs.c @@ -62,17 +62,10 @@ static void DetectTlsCertsRegisterTests(void); static int g_tls_certs_buffer_id = 0; -static InspectionBuffer *TlsCertsGetData(DetectEngineThreadCtx *det_ctx, - const DetectEngineTransforms *transforms, Flow *f, const uint8_t flags, void *txv, - int list_id, uint32_t local_id) +static bool TlsCertsGetData(DetectEngineThreadCtx *det_ctx, const void *txv, const uint8_t flags, + uint32_t local_id, const uint8_t **buf, uint32_t *buf_len) { - SCEnter(); - - InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, local_id); - if (buffer == NULL || buffer->initialized) - return buffer; - - const SSLState *ssl_state = (SSLState *)f->alstate; + const SSLState *ssl_state = (SSLState *)txv; const SSLStateConnp *connp; if (flags & STREAM_TOSERVER) { @@ -82,8 +75,7 @@ static InspectionBuffer *TlsCertsGetData(DetectEngineThreadCtx *det_ctx, } if (TAILQ_EMPTY(&connp->certs)) { - InspectionBufferSetupMultiEmpty(buffer); - return NULL; + return false; } SSLCertsChain *cert; @@ -97,14 +89,12 @@ static InspectionBuffer *TlsCertsGetData(DetectEngineThreadCtx *det_ctx, } } if (cert == NULL) { - InspectionBufferSetupMultiEmpty(buffer); - return NULL; + return false; } - InspectionBufferSetupMulti(det_ctx, buffer, transforms, cert->cert_data, cert->cert_len); - buffer->flags = DETECT_CI_FLAGS_SINGLE; - - SCReturnPtr(buffer, "InspectionBuffer"); + *buf = cert->cert_data; + *buf_len = cert->cert_len; + return true; } /** diff --git a/src/detect-tls-subjectaltname.c b/src/detect-tls-subjectaltname.c index 2bc1b3e411..9c0915434c 100644 --- a/src/detect-tls-subjectaltname.c +++ b/src/detect-tls-subjectaltname.c @@ -52,12 +52,25 @@ #include "util-profiling.h" static int DetectTlsSubjectAltNameSetup(DetectEngineCtx *, Signature *, const char *); -static InspectionBuffer *TlsSubjectAltNameGetData(DetectEngineThreadCtx *det_ctx, - const DetectEngineTransforms *transforms, Flow *f, uint8_t flags, void *txv, int list_id, - uint32_t index); - static int g_tls_subjectaltname_buffer_id = 0; +static bool TlsSubjectAltNameGetData(DetectEngineThreadCtx *det_ctx, const void *txv, + const uint8_t flags, uint32_t idx, const uint8_t **buf, uint32_t *buf_len) +{ + const SSLState *ssl_state = (SSLState *)txv; + const SSLStateConnp *connp; + + connp = &ssl_state->server_connp; + + if (idx >= connp->cert0_sans_len) { + return false; + } + + *buf = (const uint8_t *)connp->cert0_sans[idx]; + *buf_len = strlen(connp->cert0_sans[idx]); + return true; +} + /** * \brief Registration function for keyword: tls.subjectaltname */ @@ -101,28 +114,3 @@ static int DetectTlsSubjectAltNameSetup(DetectEngineCtx *de_ctx, Signature *s, c return 0; } - -static InspectionBuffer *TlsSubjectAltNameGetData(DetectEngineThreadCtx *det_ctx, - const DetectEngineTransforms *transforms, Flow *f, uint8_t flags, void *txv, int list_id, - uint32_t idx) -{ - SCEnter(); - InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, idx); - if (buffer == NULL || buffer->initialized) - return buffer; - - const SSLState *ssl_state = (SSLState *)f->alstate; - const SSLStateConnp *connp; - - connp = &ssl_state->server_connp; - - if (idx >= connp->cert0_sans_len) { - return NULL; - } - - InspectionBufferSetupMulti(det_ctx, buffer, transforms, (const uint8_t *)connp->cert0_sans[idx], - strlen(connp->cert0_sans[idx])); - buffer->flags = DETECT_CI_FLAGS_SINGLE; - - SCReturnPtr(buffer, "InspectionBuffer"); -} diff --git a/src/detect.h b/src/detect.h index d927744354..37de9b9f58 100644 --- a/src/detect.h +++ b/src/detect.h @@ -423,9 +423,10 @@ typedef InspectionBuffer *(*InspectionBufferGetDataPtr)( const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv, const int list_id); -typedef InspectionBuffer *(*InspectionMultiBufferGetDataPtr)(struct DetectEngineThreadCtx_ *det_ctx, - const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv, - const int list_id, const uint32_t local_id); + +typedef bool (*InspectionMultiBufferGetDataPtr)(struct DetectEngineThreadCtx_ *det_ctx, + const void *txv, const uint8_t flow_flags, uint32_t local_id, const uint8_t **buf, + uint32_t *buf_len); struct DetectEngineAppInspectionEngine_; typedef uint8_t (*InspectEngineFuncPtr)(struct DetectEngineCtx_ *de_ctx,