From: Jason Ish Date: Thu, 27 Feb 2025 21:09:12 +0000 (-0600) Subject: dcerpc: visibility and naming cleanups X-Git-Tag: suricata-8.0.0-beta1~341 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c726d67bb0c2209a561a020e723590d0f47d3667;p=thirdparty%2Fsuricata.git dcerpc: visibility and naming cleanups - replace rs_ prefixed names with SC - remove no_mangle and pub where not needed - remove some unused functions Related to ticket: #7498 --- diff --git a/rust/src/dcerpc/dcerpc.rs b/rust/src/dcerpc/dcerpc.rs index bcef4761bc..60e0d7e10e 100644 --- a/rust/src/dcerpc/dcerpc.rs +++ b/rust/src/dcerpc/dcerpc.rs @@ -324,10 +324,10 @@ pub struct DCERPCState { pub pad: u8, pub padleft: u16, pub tx_id: u64, - pub ts_gap: bool, - pub tc_gap: bool, - pub ts_ssn_gap: bool, - pub tc_ssn_gap: bool, + ts_gap: bool, + tc_gap: bool, + ts_ssn_gap: bool, + tc_ssn_gap: bool, pub flow: Option<*const Flow>, state_data: AppLayerStateData, } @@ -516,21 +516,7 @@ impl DCERPCState { None } - pub fn parse_data_gap(&mut self, direction: Direction) -> AppLayerResult { - match direction { - Direction::ToServer => { - self.ts_gap = true; - self.ts_ssn_gap = true; - }, - Direction::ToClient => { - self.tc_gap = true; - self.tc_ssn_gap = true; - }, - } - AppLayerResult::ok() - } - - pub fn post_gap_housekeeping(&mut self, dir: Direction) { + fn post_gap_housekeeping(&mut self, dir: Direction) { SCLogDebug!("ts ssn gap: {:?}, tc ssn gap: {:?}, dir: {:?}", self.ts_ssn_gap, self.tc_ssn_gap, dir); if self.ts_ssn_gap && dir == Direction::ToServer { for tx in &mut self.transactions { @@ -1047,24 +1033,7 @@ fn evaluate_stub_params( stub_len } -#[no_mangle] -pub extern "C" fn rs_parse_dcerpc_request_gap( - state: &mut DCERPCState, - _input_len: u32, -) -> AppLayerResult { - state.parse_data_gap(Direction::ToServer) -} - -#[no_mangle] -pub extern "C" fn rs_parse_dcerpc_response_gap( - state: &mut DCERPCState, - _input_len: u32, -) -> AppLayerResult { - state.parse_data_gap(Direction::ToClient) -} - -#[no_mangle] -pub unsafe extern "C" fn rs_dcerpc_parse_request( +unsafe extern "C" fn parse_request( flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, stream_slice: StreamSlice, _data: *const std::os::raw::c_void, @@ -1088,8 +1057,7 @@ pub unsafe extern "C" fn rs_dcerpc_parse_request( AppLayerResult::err() } -#[no_mangle] -pub unsafe extern "C" fn rs_dcerpc_parse_response( +unsafe extern "C" fn parse_response( flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, stream_slice: StreamSlice, _data: *const std::os::raw::c_void, @@ -1111,27 +1079,23 @@ pub unsafe extern "C" fn rs_dcerpc_parse_response( AppLayerResult::err() } -#[no_mangle] -pub extern "C" fn rs_dcerpc_state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: AppProto) -> *mut std::os::raw::c_void { +extern "C" fn state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: AppProto) -> *mut std::os::raw::c_void { let state = DCERPCState::new(); let boxed = Box::new(state); return Box::into_raw(boxed) as *mut _; } -#[no_mangle] -pub extern "C" fn rs_dcerpc_state_free(state: *mut std::os::raw::c_void) { +extern "C" fn state_free(state: *mut std::os::raw::c_void) { std::mem::drop(unsafe { Box::from_raw(state as *mut DCERPCState)} ); } -#[no_mangle] -pub unsafe extern "C" fn rs_dcerpc_state_transaction_free(state: *mut std::os::raw::c_void, tx_id: u64) { +unsafe extern "C" fn state_transaction_free(state: *mut std::os::raw::c_void, tx_id: u64) { let dce_state = cast_pointer!(state, DCERPCState); SCLogDebug!("freeing tx {}", tx_id); dce_state.free_tx(tx_id); } -#[no_mangle] -pub unsafe extern "C" fn rs_dcerpc_get_tx( + unsafe extern "C" fn get_tx( vtx: *mut std::os::raw::c_void, tx_id: u64, ) -> *mut std::os::raw::c_void { let dce_state = cast_pointer!(vtx, DCERPCState); @@ -1141,14 +1105,12 @@ pub unsafe extern "C" fn rs_dcerpc_get_tx( } } -#[no_mangle] -pub unsafe extern "C" fn rs_dcerpc_get_tx_cnt(vtx: *mut std::os::raw::c_void) -> u64 { +unsafe extern "C" fn get_tx_cnt(vtx: *mut std::os::raw::c_void) -> u64 { let dce_state = cast_pointer!(vtx, DCERPCState); dce_state.tx_id } -#[no_mangle] -pub unsafe extern "C" fn rs_dcerpc_get_alstate_progress(tx: *mut std::os::raw::c_void, direction: u8 +pub(super) unsafe extern "C" fn get_alstate_progress(tx: *mut std::os::raw::c_void, direction: u8 )-> std::os::raw::c_int { let tx = cast_pointer!(tx, DCERPCTransaction); if direction == Direction::ToServer.into() && tx.req_done { @@ -1162,8 +1124,7 @@ pub unsafe extern "C" fn rs_dcerpc_get_alstate_progress(tx: *mut std::os::raw::c return 0; } -#[no_mangle] -pub unsafe extern "C" fn rs_dcerpc_get_tx_data( +unsafe extern "C" fn get_tx_data( tx: *mut std::os::raw::c_void) -> *mut AppLayerTxData { @@ -1172,7 +1133,7 @@ pub unsafe extern "C" fn rs_dcerpc_get_tx_data( } #[no_mangle] -pub unsafe extern "C" fn rs_dcerpc_get_stub_data( +pub unsafe extern "C" fn SCDcerpcGetStubData( tx: &mut DCERPCTransaction, buf: *mut *const u8, len: *mut u32, endianness: *mut u8, dir: u8, ) { match dir.into() { @@ -1205,7 +1166,7 @@ fn probe(input: &[u8]) -> (bool, bool) { } } -pub unsafe extern "C" fn rs_dcerpc_probe_tcp(_f: *const Flow, direction: u8, input: *const u8, +unsafe extern "C" fn probe_tcp(_f: *const Flow, direction: u8, input: *const u8, len: u32, rdir: *mut u8) -> AppProto { SCLogDebug!("Probing packet for DCERPC"); @@ -1233,13 +1194,13 @@ fn register_pattern_probe() -> i8 { unsafe { if AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_DCERPC, b"|05 00|\0".as_ptr() as *const std::os::raw::c_char, 2, 0, - Direction::ToServer.into(), rs_dcerpc_probe_tcp, 0, 0) < 0 { + Direction::ToServer.into(), probe_tcp, 0, 0) < 0 { SCLogDebug!("TOSERVER => AppLayerProtoDetectPMRegisterPatternCSwPP FAILED"); return -1; } if AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_DCERPC, b"|05 00|\0".as_ptr() as *const std::os::raw::c_char, 2, 0, - Direction::ToClient.into(), rs_dcerpc_probe_tcp, 0, 0) < 0 { + Direction::ToClient.into(), probe_tcp, 0, 0) < 0 { SCLogDebug!("TOCLIENT => AppLayerProtoDetectPMRegisterPatternCSwPP FAILED"); return -1; } @@ -1248,13 +1209,13 @@ fn register_pattern_probe() -> i8 { 0 } -export_state_data_get!(rs_dcerpc_get_state_data, DCERPCState); +export_state_data_get!(get_state_data, DCERPCState); // Parser name as a C style string. pub const PARSER_NAME: &[u8] = b"dcerpc\0"; #[no_mangle] -pub unsafe extern "C" fn rs_dcerpc_register_parser() { +pub unsafe extern "C" fn SCRegisterDcerpcParser() { let parser = RustParser { name: PARSER_NAME.as_ptr() as *const std::os::raw::c_char, default_port: std::ptr::null(), @@ -1263,24 +1224,24 @@ pub unsafe extern "C" fn rs_dcerpc_register_parser() { probe_tc: None, min_depth: 0, max_depth: 16, - state_new: rs_dcerpc_state_new, - state_free: rs_dcerpc_state_free, - tx_free: rs_dcerpc_state_transaction_free, - parse_ts: rs_dcerpc_parse_request, - parse_tc: rs_dcerpc_parse_response, - get_tx_count: rs_dcerpc_get_tx_cnt, - get_tx: rs_dcerpc_get_tx, + state_new, + state_free, + tx_free: state_transaction_free, + parse_ts: parse_request, + parse_tc: parse_response, + get_tx_count: get_tx_cnt, + get_tx, tx_comp_st_ts: 1, tx_comp_st_tc: 1, - tx_get_progress: rs_dcerpc_get_alstate_progress, + tx_get_progress: get_alstate_progress, get_eventinfo: None, get_eventinfo_byid : None, localstorage_new: None, localstorage_free: None, get_tx_files: None, get_tx_iterator: Some(applayer::state_get_tx_iterator::), - get_tx_data: rs_dcerpc_get_tx_data, - get_state_data: rs_dcerpc_get_state_data, + get_tx_data, + get_state_data, apply_tx_config: None, flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS, get_frame_id_by_name: Some(DCERPCFrameType::ffi_id_from_name), diff --git a/rust/src/dcerpc/dcerpc_udp.rs b/rust/src/dcerpc/dcerpc_udp.rs index 700ba3adbb..98c1db883a 100644 --- a/rust/src/dcerpc/dcerpc_udp.rs +++ b/rust/src/dcerpc/dcerpc_udp.rs @@ -19,7 +19,7 @@ use crate::core; use crate::applayer::{self, *}; use crate::dcerpc::dcerpc::{ DCERPCTransaction, DCERPC_MAX_TX, DCERPC_TYPE_REQUEST, DCERPC_TYPE_RESPONSE, PFCL1_FRAG, PFCL1_LASTFRAG, - rs_dcerpc_get_alstate_progress, ALPROTO_DCERPC, PARSER_NAME, + get_alstate_progress, ALPROTO_DCERPC, PARSER_NAME, }; use crate::direction::{Direction, DIR_BOTH}; use crate::flow::Flow; @@ -234,8 +234,7 @@ impl DCERPCUDPState { } } -#[no_mangle] -pub unsafe extern "C" fn rs_dcerpc_udp_parse( +unsafe extern "C" fn parse( _flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, stream_slice: StreamSlice, _data: *const std::os::raw::c_void, @@ -247,20 +246,17 @@ pub unsafe extern "C" fn rs_dcerpc_udp_parse( AppLayerResult::err() } -#[no_mangle] -pub extern "C" fn rs_dcerpc_udp_state_free(state: *mut std::os::raw::c_void) { +extern "C" fn state_free(state: *mut std::os::raw::c_void) { std::mem::drop(unsafe { Box::from_raw(state as *mut DCERPCUDPState) }); } -#[no_mangle] -pub extern "C" fn rs_dcerpc_udp_state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: AppProto) -> *mut std::os::raw::c_void { +extern "C" fn state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: AppProto) -> *mut std::os::raw::c_void { let state = DCERPCUDPState::new(); let boxed = Box::new(state); return Box::into_raw(boxed) as *mut _; } -#[no_mangle] -pub unsafe extern "C" fn rs_dcerpc_udp_state_transaction_free( +unsafe extern "C" fn state_transaction_free( state: *mut std::os::raw::c_void, tx_id: u64, ) { let dce_state = cast_pointer!(state, DCERPCUDPState); @@ -268,8 +264,7 @@ pub unsafe extern "C" fn rs_dcerpc_udp_state_transaction_free( dce_state.free_tx(tx_id); } -#[no_mangle] -pub unsafe extern "C" fn rs_dcerpc_udp_get_tx_data( +unsafe extern "C" fn get_tx_data( tx: *mut std::os::raw::c_void) -> *mut AppLayerTxData { @@ -277,8 +272,7 @@ pub unsafe extern "C" fn rs_dcerpc_udp_get_tx_data( return &mut tx.tx_data; } -#[no_mangle] -pub unsafe extern "C" fn rs_dcerpc_udp_get_tx( +unsafe extern "C" fn get_tx( state: *mut std::os::raw::c_void, tx_id: u64, ) -> *mut std::os::raw::c_void { let dce_state = cast_pointer!(state, DCERPCUDPState); @@ -292,8 +286,7 @@ pub unsafe extern "C" fn rs_dcerpc_udp_get_tx( } } -#[no_mangle] -pub unsafe extern "C" fn rs_dcerpc_udp_get_tx_cnt(vtx: *mut std::os::raw::c_void) -> u64 { +unsafe extern "C" fn get_tx_cnt(vtx: *mut std::os::raw::c_void) -> u64 { let dce_state = cast_pointer!(vtx, DCERPCUDPState); dce_state.tx_id } @@ -315,7 +308,7 @@ fn probe(input: &[u8]) -> (bool, bool) { } } -pub unsafe extern "C" fn rs_dcerpc_probe_udp(_f: *const Flow, direction: u8, input: *const u8, +unsafe extern "C" fn probe_udp(_f: *const Flow, direction: u8, input: *const u8, len: u32, rdir: *mut u8) -> AppProto { SCLogDebug!("Probing the packet for DCERPC/UDP"); @@ -343,7 +336,7 @@ fn register_pattern_probe() -> i8 { unsafe { if AppLayerProtoDetectPMRegisterPatternCSwPP(core::IPPROTO_UDP, ALPROTO_DCERPC, b"|04 00|\0".as_ptr() as *const std::os::raw::c_char, 2, 0, - Direction::ToServer.into(), rs_dcerpc_probe_udp, 0, 0) < 0 { + Direction::ToServer.into(), probe_udp, 0, 0) < 0 { SCLogDebug!("TOSERVER => AppLayerProtoDetectPMRegisterPatternCSwPP FAILED"); return -1; } @@ -351,10 +344,10 @@ fn register_pattern_probe() -> i8 { 0 } -export_state_data_get!(rs_dcerpc_udp_get_state_data, DCERPCUDPState); +export_state_data_get!(get_state_data, DCERPCUDPState); #[no_mangle] -pub unsafe extern "C" fn rs_dcerpc_udp_register_parser() { +pub unsafe extern "C" fn SCRegisterDcerpcUdpParser() { let parser = RustParser { name: PARSER_NAME.as_ptr() as *const std::os::raw::c_char, default_port: std::ptr::null(), @@ -363,24 +356,24 @@ pub unsafe extern "C" fn rs_dcerpc_udp_register_parser() { probe_tc: None, min_depth: 0, max_depth: 16, - state_new: rs_dcerpc_udp_state_new, - state_free: rs_dcerpc_udp_state_free, - tx_free: rs_dcerpc_udp_state_transaction_free, - parse_ts: rs_dcerpc_udp_parse, - parse_tc: rs_dcerpc_udp_parse, - get_tx_count: rs_dcerpc_udp_get_tx_cnt, - get_tx: rs_dcerpc_udp_get_tx, + state_new, + state_free, + tx_free: state_transaction_free, + parse_ts: parse, + parse_tc: parse, + get_tx_count: get_tx_cnt, + get_tx, tx_comp_st_ts: 1, tx_comp_st_tc: 1, - tx_get_progress: rs_dcerpc_get_alstate_progress, + tx_get_progress: get_alstate_progress, get_eventinfo: None, get_eventinfo_byid: None, localstorage_new: None, localstorage_free: None, get_tx_files: None, get_tx_iterator: Some(applayer::state_get_tx_iterator::), - get_tx_data: rs_dcerpc_udp_get_tx_data, - get_state_data: rs_dcerpc_udp_get_state_data, + get_tx_data, + get_state_data, apply_tx_config: None, flags: 0, get_frame_id_by_name: None, diff --git a/rust/src/dcerpc/detect.rs b/rust/src/dcerpc/detect.rs index 2a30490588..29fe4b9255 100644 --- a/rust/src/dcerpc/detect.rs +++ b/rust/src/dcerpc/detect.rs @@ -203,7 +203,7 @@ fn parse_opnum_data(arg: &str) -> Result { } #[no_mangle] -pub extern "C" fn rs_dcerpc_iface_match( +pub extern "C" fn SCDcerpcIfaceMatch( tx: &DCERPCTransaction, state: &mut DCERPCState, if_data: &mut DCEIfaceData, ) -> u8 { let first_req_seen = tx.get_first_req_seen(); @@ -219,7 +219,7 @@ pub extern "C" fn rs_dcerpc_iface_match( } #[no_mangle] -pub unsafe extern "C" fn rs_dcerpc_iface_parse(carg: *const c_char) -> *mut c_void { +pub unsafe extern "C" fn SCDcerpcIfaceParse(carg: *const c_char) -> *mut c_void { if carg.is_null() { return std::ptr::null_mut(); } @@ -237,14 +237,14 @@ pub unsafe extern "C" fn rs_dcerpc_iface_parse(carg: *const c_char) -> *mut c_vo } #[no_mangle] -pub unsafe extern "C" fn rs_dcerpc_iface_free(ptr: *mut c_void) { +pub unsafe extern "C" fn SCDcerpcIfaceFree(ptr: *mut c_void) { if !ptr.is_null() { std::mem::drop(Box::from_raw(ptr as *mut DCEIfaceData)); } } #[no_mangle] -pub unsafe extern "C" fn rs_dcerpc_opnum_match( +pub unsafe extern "C" fn SCDcerpcOpnumMatch( tx: &DCERPCTransaction, opnum_data: &mut DCEOpnumData, ) -> u8 { let first_req_seen = tx.get_first_req_seen(); @@ -266,7 +266,7 @@ pub unsafe extern "C" fn rs_dcerpc_opnum_match( } #[no_mangle] -pub unsafe extern "C" fn rs_dcerpc_opnum_parse(carg: *const c_char) -> *mut c_void { +pub unsafe extern "C" fn SCDcerpcOpnumParse(carg: *const c_char) -> *mut c_void { if carg.is_null() { return std::ptr::null_mut(); } @@ -284,7 +284,7 @@ pub unsafe extern "C" fn rs_dcerpc_opnum_parse(carg: *const c_char) -> *mut c_vo } #[no_mangle] -pub unsafe extern "C" fn rs_dcerpc_opnum_free(ptr: *mut c_void) { +pub unsafe extern "C" fn SCDcerpcOpnumFree(ptr: *mut c_void) { if !ptr.is_null() { std::mem::drop(Box::from_raw(ptr as *mut DCEOpnumData)); } diff --git a/rust/src/dcerpc/log.rs b/rust/src/dcerpc/log.rs index 5f82c709ac..9c94944d12 100644 --- a/rust/src/dcerpc/log.rs +++ b/rust/src/dcerpc/log.rs @@ -126,14 +126,14 @@ fn log_dcerpc_header_udp( } #[no_mangle] -pub extern "C" fn rs_dcerpc_log_json_record_tcp( +pub extern "C" fn SCDcerpcLogJsonRecordTcp( state: &DCERPCState, tx: &DCERPCTransaction, jsb: &mut JsonBuilder, ) -> bool { log_dcerpc_header_tcp(jsb, state, tx).is_ok() } #[no_mangle] -pub extern "C" fn rs_dcerpc_log_json_record_udp( +pub extern "C" fn SCDcerpcLogJsonRecordUdp( state: &DCERPCUDPState, tx: &DCERPCTransaction, jsb: &mut JsonBuilder, ) -> bool { log_dcerpc_header_udp(jsb, state, tx).is_ok() diff --git a/rust/src/dcerpc/parser.rs b/rust/src/dcerpc/parser.rs index 256259843f..2e442daffb 100644 --- a/rust/src/dcerpc/parser.rs +++ b/rust/src/dcerpc/parser.rs @@ -53,7 +53,7 @@ fn assemble_uuid(uuid: Uuid) -> Vec { vect } -pub fn parse_uuid(i: &[u8]) -> IResult<&[u8], Uuid> { +fn parse_uuid(i: &[u8]) -> IResult<&[u8], Uuid> { let (i, time_low) = take(4_usize)(i)?; let (i, time_mid) = take(2_usize)(i)?; let (i, time_hi_and_version) = take(2_usize)(i)?; @@ -71,7 +71,7 @@ pub fn parse_uuid(i: &[u8]) -> IResult<&[u8], Uuid> { Ok((i, uuid)) } -pub fn parse_dcerpc_udp_header(i: &[u8]) -> IResult<&[u8], DCERPCHdrUdp> { +pub(super) fn parse_dcerpc_udp_header(i: &[u8]) -> IResult<&[u8], DCERPCHdrUdp> { let (i, rpc_vers) = le_u8(i)?; let (i, pkt_type) = le_u8(i)?; let (i, flags1) = le_u8(i)?; @@ -134,7 +134,7 @@ pub fn parse_dcerpc_udp_header(i: &[u8]) -> IResult<&[u8], DCERPCHdrUdp> { Ok((i, header)) } -pub fn parse_dcerpc_bindack_result(i: &[u8]) -> IResult<&[u8], DCERPCBindAckResult> { +pub(super) fn parse_dcerpc_bindack_result(i: &[u8]) -> IResult<&[u8], DCERPCBindAckResult> { let (i, ack_result) = le_u16(i)?; let (i, ack_reason) = le_u16(i)?; let (i, transfer_syntax) = take(16_usize)(i)?; @@ -148,7 +148,7 @@ pub fn parse_dcerpc_bindack_result(i: &[u8]) -> IResult<&[u8], DCERPCBindAckResu Ok((i, result)) } -pub fn parse_dcerpc_bindack(i: &[u8]) -> IResult<&[u8], DCERPCBindAck> { +pub(super) fn parse_dcerpc_bindack(i: &[u8]) -> IResult<&[u8], DCERPCBindAck> { let (i, _max_xmit_frag) = le_u16(i)?; let (i, _max_recv_frag) = le_u16(i)?; let (i, _assoc_group) = take(4_usize)(i)?; @@ -167,7 +167,7 @@ pub fn parse_dcerpc_bindack(i: &[u8]) -> IResult<&[u8], DCERPCBindAck> { Ok((i, result)) } -pub fn parse_bindctx_item(i: &[u8], endianness: Endianness) -> IResult<&[u8], BindCtxItem> { +pub(super) fn parse_bindctx_item(i: &[u8], endianness: Endianness) -> IResult<&[u8], BindCtxItem> { let (i, ctxid) = u16(endianness)(i)?; let (i, _num_trans_items) = le_u8(i)?; let (i, _) = take(1_usize)(i)?; // Reserved bit @@ -192,7 +192,7 @@ pub fn parse_bindctx_item(i: &[u8], endianness: Endianness) -> IResult<&[u8], Bi Ok((i, result)) } -pub fn parse_dcerpc_bind(i: &[u8]) -> IResult<&[u8], DCERPCBind> { +pub(super) fn parse_dcerpc_bind(i: &[u8]) -> IResult<&[u8], DCERPCBind> { let (i, _max_xmit_frag) = le_u16(i)?; let (i, _max_recv_frag) = le_u16(i)?; let (i, _assoc_group_id) = le_u32(i)?; @@ -205,7 +205,7 @@ pub fn parse_dcerpc_bind(i: &[u8]) -> IResult<&[u8], DCERPCBind> { Ok((i, result)) } -pub fn parse_dcerpc_header(i: &[u8]) -> IResult<&[u8], DCERPCHdr> { +pub(super) fn parse_dcerpc_header(i: &[u8]) -> IResult<&[u8], DCERPCHdr> { let (i, rpc_vers) = le_u8(i)?; let (i, rpc_vers_minor) = le_u8(i)?; let (i, hdrtype) = le_u8(i)?; @@ -228,7 +228,7 @@ pub fn parse_dcerpc_header(i: &[u8]) -> IResult<&[u8], DCERPCHdr> { Ok((i, header)) } -pub fn parse_dcerpc_request(i: &[u8], endianness: Endianness) -> IResult<&[u8], DCERPCRequest> { +pub(super) fn parse_dcerpc_request(i: &[u8], endianness: Endianness) -> IResult<&[u8], DCERPCRequest> { let (i, _pad) = take(4_usize)(i)?; let (i, ctxid) = u16(endianness)(i)?; let (i, opnum) = u16(endianness)(i)?; diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c index 606a0cd83e..c4d742f8b3 100644 --- a/src/app-layer-parser.c +++ b/src/app-layer-parser.c @@ -1730,8 +1730,8 @@ void AppLayerParserRegisterProtocolParsers(void) RegisterHTPParsers(); RegisterSSLParsers(); - rs_dcerpc_register_parser(); - rs_dcerpc_udp_register_parser(); + SCRegisterDcerpcParser(); + SCRegisterDcerpcUdpParser(); RegisterSMBParsers(); RegisterFTPParsers(); RegisterSSHParsers(); diff --git a/src/detect-dce-iface.c b/src/detect-dce-iface.c index 178d3e3f92..987d0a48c9 100644 --- a/src/detect-dce-iface.c +++ b/src/detect-dce-iface.c @@ -113,7 +113,7 @@ static int DetectDceIfaceMatchRust(DetectEngineThreadCtx *det_ctx, if (f->alproto == ALPROTO_DCERPC) { // TODO check if state is NULL - return rs_dcerpc_iface_match(txv, state, (void *)m); + return SCDcerpcIfaceMatch(txv, state, (void *)m); } int ret = 0; @@ -147,7 +147,7 @@ static int DetectDceIfaceSetup(DetectEngineCtx *de_ctx, Signature *s, const char if (DetectSignatureSetAppProto(s, ALPROTO_DCERPC) < 0) return -1; - void *did = rs_dcerpc_iface_parse(arg); + void *did = SCDcerpcIfaceParse(arg); if (did == NULL) { SCLogError("Error parsing dce_iface option in " "signature"); @@ -165,7 +165,7 @@ static void DetectDceIfaceFree(DetectEngineCtx *de_ctx, void *ptr) { SCEnter(); if (ptr != NULL) { - rs_dcerpc_iface_free(ptr); + SCDcerpcIfaceFree(ptr); } SCReturn; } diff --git a/src/detect-dce-opnum.c b/src/detect-dce-opnum.c index 782d336666..6463bafeb6 100644 --- a/src/detect-dce-opnum.c +++ b/src/detect-dce-opnum.c @@ -103,7 +103,7 @@ static int DetectDceOpnumMatchRust(DetectEngineThreadCtx *det_ctx, SCEnter(); if (f->alproto == ALPROTO_DCERPC) { - return rs_dcerpc_opnum_match(txv, (void *)m); + return SCDcerpcOpnumMatch(txv, (void *)m); } if (rs_smb_tx_match_dce_opnum(txv, (void *)m) != 1) @@ -114,7 +114,7 @@ static int DetectDceOpnumMatchRust(DetectEngineThreadCtx *det_ctx, /** * \brief Creates a SigMatch for the "dce_opnum" keyword being sent as argument, - * and appends it to the rs_dcerpc_opnum_matchSignature(s). + * and appends it to the SCDcerpcOpnumMatchSignature(s). * * \param de_ctx Pointer to the detection engine context. * \param s Pointer to signature for the current Signature being parsed @@ -135,7 +135,7 @@ static int DetectDceOpnumSetup(DetectEngineCtx *de_ctx, Signature *s, const char if (DetectSignatureSetAppProto(s, ALPROTO_DCERPC) < 0) return -1; - void *dod = rs_dcerpc_opnum_parse(arg); + void *dod = SCDcerpcOpnumParse(arg); if (dod == NULL) { SCLogError("Error parsing dce_opnum option in " "signature"); @@ -154,7 +154,7 @@ static void DetectDceOpnumFree(DetectEngineCtx *de_ctx, void *ptr) { SCEnter(); if (ptr != NULL) { - rs_dcerpc_opnum_free(ptr); + SCDcerpcOpnumFree(ptr); } SCReturn; } diff --git a/src/detect-dce-stub-data.c b/src/detect-dce-stub-data.c index e23cfb6a4e..98e9bd4219 100644 --- a/src/detect-dce-stub-data.c +++ b/src/detect-dce-stub-data.c @@ -96,7 +96,7 @@ static InspectionBuffer *GetDCEData(DetectEngineThreadCtx *det_ctx, const uint8_t *data = NULL; uint8_t endianness; - rs_dcerpc_get_stub_data(txv, &data, &data_len, &endianness, flow_flags); + SCDcerpcGetStubData(txv, &data, &data_len, &endianness, flow_flags); if (data == NULL || data_len == 0) return NULL; diff --git a/src/output-json-alert.c b/src/output-json-alert.c index ed6066be08..9e03128270 100644 --- a/src/output-json-alert.c +++ b/src/output-json-alert.c @@ -416,11 +416,11 @@ static void AlertAddAppLayer(const Packet *p, JsonBuilder *jb, jb_get_mark(jb, &mark); jb_open_object(jb, "dcerpc"); if (p->proto == IPPROTO_TCP) { - if (!rs_dcerpc_log_json_record_tcp(state, tx, jb)) { + if (!SCDcerpcLogJsonRecordTcp(state, tx, jb)) { jb_restore_mark(jb, &mark); } } else { - if (!rs_dcerpc_log_json_record_udp(state, tx, jb)) { + if (!SCDcerpcLogJsonRecordUdp(state, tx, jb)) { jb_restore_mark(jb, &mark); } } diff --git a/src/output-json-dcerpc.c b/src/output-json-dcerpc.c index 3b3bff90fe..7011bd7931 100644 --- a/src/output-json-dcerpc.c +++ b/src/output-json-dcerpc.c @@ -36,11 +36,11 @@ static int JsonDCERPCLogger(ThreadVars *tv, void *thread_data, jb_open_object(jb, "dcerpc"); if (p->proto == IPPROTO_TCP) { - if (!rs_dcerpc_log_json_record_tcp(state, tx, jb)) { + if (!SCDcerpcLogJsonRecordTcp(state, tx, jb)) { goto error; } } else { - if (!rs_dcerpc_log_json_record_udp(state, tx, jb)) { + if (!SCDcerpcLogJsonRecordUdp(state, tx, jb)) { goto error; } }