From bb9b8d246033217eb2b7a50780414397da8a8390 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Tue, 15 Apr 2025 21:08:01 +0200 Subject: [PATCH] detect: new helper to register multi-buffer with progress This allows to use these engines for hook rules needing exact progress (checked in SigValidate) --- rust/src/detect/mod.rs | 14 ++++++++++++++ src/detect-engine-helper.c | 17 +++++++++++++---- src/detect-engine-helper.h | 2 ++ 3 files changed, 29 insertions(+), 4 deletions(-) diff --git a/rust/src/detect/mod.rs b/rust/src/detect/mod.rs index 19a5e34818..dc79f61393 100644 --- a/rust/src/detect/mod.rs +++ b/rust/src/detect/mod.rs @@ -137,6 +137,20 @@ extern "C" { u32, ) -> *mut c_void, ) -> c_int; + pub fn DetectHelperMultiBufferProgressMpmRegister( + name: *const libc::c_char, desc: *const libc::c_char, alproto: AppProto, toclient: bool, + toserver: bool, + get_multi_data: unsafe extern "C" fn( + *mut c_void, + *const c_void, + *const c_void, + u8, + *const c_void, + i32, + u32, + ) -> *mut c_void, + progress: c_int, + ) -> c_int; } #[repr(u8)] #[derive(Copy, Clone, Debug, PartialEq, Eq)] diff --git a/src/detect-engine-helper.c b/src/detect-engine-helper.c index fd24bfb2c2..79d2128f11 100644 --- a/src/detect-engine-helper.c +++ b/src/detect-engine-helper.c @@ -80,20 +80,29 @@ int DetectHelperBufferMpmRegister(const char *name, const char *desc, AppProto a return DetectBufferTypeGetByName(name); } -int DetectHelperMultiBufferMpmRegister(const char *name, const char *desc, AppProto alproto, - bool toclient, bool toserver, InspectionMultiBufferGetDataPtr GetData) +int DetectHelperMultiBufferProgressMpmRegister(const char *name, const char *desc, AppProto alproto, + bool toclient, bool toserver, InspectionMultiBufferGetDataPtr GetData, int progress) { if (toserver) { - DetectAppLayerMultiRegister(name, alproto, SIG_FLAG_TOSERVER, 0, GetData, 2, 0); + DetectAppLayerMultiRegister( + name, alproto, SIG_FLAG_TOSERVER, progress, GetData, 2, progress); } if (toclient) { - DetectAppLayerMultiRegister(name, alproto, SIG_FLAG_TOCLIENT, 0, GetData, 2, 0); + DetectAppLayerMultiRegister( + name, alproto, SIG_FLAG_TOCLIENT, progress, GetData, 2, progress); } DetectBufferTypeSupportsMultiInstance(name); DetectBufferTypeSetDescriptionByName(name, desc); return DetectBufferTypeGetByName(name); } +int DetectHelperMultiBufferMpmRegister(const char *name, const char *desc, AppProto alproto, + bool toclient, bool toserver, InspectionMultiBufferGetDataPtr GetData) +{ + return DetectHelperMultiBufferProgressMpmRegister( + name, desc, alproto, toclient, toserver, GetData, 0); +} + int SCDetectHelperNewKeywordId(void) { if (DETECT_TBLSIZE_IDX >= DETECT_TBLSIZE) { diff --git a/src/detect-engine-helper.h b/src/detect-engine-helper.h index 7c80444308..ed4de944d2 100644 --- a/src/detect-engine-helper.h +++ b/src/detect-engine-helper.h @@ -43,6 +43,8 @@ int DetectHelperBufferMpmRegister(const char *name, const char *desc, AppProto a bool toclient, bool toserver, InspectionBufferGetDataPtr GetData); int DetectHelperMultiBufferMpmRegister(const char *name, const char *desc, AppProto alproto, bool toclient, bool toserver, InspectionMultiBufferGetDataPtr GetData); +int DetectHelperMultiBufferProgressMpmRegister(const char *name, const char *desc, AppProto alproto, + bool toclient, bool toserver, InspectionMultiBufferGetDataPtr GetData, int progress); InspectionBuffer *DetectHelperGetMultiData(struct DetectEngineThreadCtx_ *det_ctx, const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv, -- 2.47.2