From c67a53773bdd6e3ae3ffa5e9c5fe2a0abf032fa6 Mon Sep 17 00:00:00 2001 From: Pierre Chifflier Date: Mon, 13 May 2019 14:14:48 +0200 Subject: [PATCH] detect/snmp: rename keywords to snmp., and make rust mandatory --- src/detect-snmp-community.c | 37 +++++++++++++------------------------ src/detect-snmp-pdu_type.c | 31 ++++++++++--------------------- src/detect-snmp-version.c | 34 +++++++++++----------------------- 3 files changed, 34 insertions(+), 68 deletions(-) diff --git a/src/detect-snmp-community.c b/src/detect-snmp-community.c index aba8c593bd..a8373227a2 100644 --- a/src/detect-snmp-community.c +++ b/src/detect-snmp-community.c @@ -20,7 +20,7 @@ * * \author Pierre Chifflier * - * Set up of the "snmp_community" keyword to allow content + * Set up of the "snmp.community" keyword to allow content * inspections on the decoded snmp community. */ @@ -33,14 +33,6 @@ #include "detect-snmp-community.h" #include "app-layer-parser.h" -#ifndef HAVE_RUST - -void DetectSNMPCommunityRegister(void) -{ -} - -#else - #include "rust-snmp-snmp-gen.h" #include "rust-snmp-detect-gen.h" @@ -55,34 +47,33 @@ static int g_snmp_rust_id = 0; void DetectSNMPCommunityRegister(void) { - sigmatch_table[DETECT_AL_SNMP_COMMUNITY].name = "snmp_community"; + sigmatch_table[DETECT_AL_SNMP_COMMUNITY].name = "snmp.community"; sigmatch_table[DETECT_AL_SNMP_COMMUNITY].desc = "SNMP content modififier to match on the snmp community"; sigmatch_table[DETECT_AL_SNMP_COMMUNITY].Setup = DetectSNMPCommunitySetup; sigmatch_table[DETECT_AL_SNMP_COMMUNITY].RegisterTests = DetectSNMPCommunityRegisterTests; - sigmatch_table[DETECT_AL_SNMP_COMMUNITY].url = DOC_URL DOC_VERSION "/rules/snmp-keywords.html#snmp_community"; + sigmatch_table[DETECT_AL_SNMP_COMMUNITY].url = DOC_URL DOC_VERSION "/rules/snmp-keywords.html#snmp.community"; - sigmatch_table[DETECT_AL_SNMP_COMMUNITY].flags |= SIGMATCH_NOOPT; + sigmatch_table[DETECT_AL_SNMP_COMMUNITY].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; /* register inspect engines */ - DetectAppLayerInspectEngineRegister("snmp_community", + DetectAppLayerInspectEngineRegister("snmp.community", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectSNMPCommunity); - DetectAppLayerInspectEngineRegister("snmp_community", + DetectAppLayerInspectEngineRegister("snmp.community", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectSNMPCommunity); - g_snmp_rust_id = DetectBufferTypeGetByName("snmp_community"); - - SCLogDebug("SNMP community detect registered."); + g_snmp_rust_id = DetectBufferTypeGetByName("snmp.community"); } static int DetectSNMPCommunitySetup(DetectEngineCtx *de_ctx, Signature *s, const char *str) { - s->init_data->list = g_snmp_rust_id; + if (DetectBufferSetActiveList(s, g_snmp_rust_id) < 0) + return -1; if (DetectSignatureSetAppProto(s, ALPROTO_SNMP) != 0) return -1; @@ -107,8 +98,8 @@ static int DetectEngineInspectSNMPCommunity(ThreadVars *tv, if (data != NULL) { ret = DetectEngineContentInspection(de_ctx, det_ctx, s, smd, - f, (uint8_t *)data, data_len, 0, DETECT_CI_FLAGS_SINGLE, - DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL); + NULL, f, (uint8_t *)data, data_len, 0, DETECT_CI_FLAGS_SINGLE, + DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE); } return ret; @@ -170,7 +161,7 @@ static int DetectSNMPCommunityTest(void) s = DetectEngineAppendSig(de_ctx, "alert snmp any any -> any any (" "msg:\"SNMP Test Rule\"; " - "snmp_community; content:\"[R0_C@cti!]\"; " + "snmp.community; content:\"[R0_C@cti!]\"; " "sid:1; rev:1;)"); FAIL_IF_NULL(s); @@ -178,7 +169,7 @@ static int DetectSNMPCommunityTest(void) s = DetectEngineAppendSig(de_ctx, "alert snmp any any -> any any (" "msg:\"SNMP Test Rule\"; " - "snmp_community; content:\"private\"; " + "snmp.community; content:\"private\"; " "sid:2; rev:1;)"); FAIL_IF_NULL(s); @@ -222,5 +213,3 @@ static void DetectSNMPCommunityRegisterTests(void) DetectSNMPCommunityTest); #endif /* UNITTESTS */ } - -#endif diff --git a/src/detect-snmp-pdu_type.c b/src/detect-snmp-pdu_type.c index e8a0254727..a62b6e60f0 100644 --- a/src/detect-snmp-pdu_type.c +++ b/src/detect-snmp-pdu_type.c @@ -30,19 +30,11 @@ #include "detect-snmp-pdu_type.h" #include "app-layer-parser.h" -#ifndef HAVE_RUST - -void DetectSNMPPduTypeRegister(void) -{ -} - -#else - #include "rust-snmp-snmp-gen.h" #include "rust-snmp-detect-gen.h" /** - * [snmp_pdu_type]:; + * [snmp.pdu_type]:; */ #define PARSE_REGEX "^\\s*([0-9]+)\\s*$" static pcre *parse_regex; @@ -70,28 +62,27 @@ static int DetectSNMPPduTypeMatch (ThreadVars *, DetectEngineThreadCtx *, Flow * void DetectSNMPPduTypeRegister(void) { - sigmatch_table[DETECT_AL_SNMP_PDU_TYPE].name = "snmp_pdu_type"; + sigmatch_table[DETECT_AL_SNMP_PDU_TYPE].name = "snmp.pdu_type"; sigmatch_table[DETECT_AL_SNMP_PDU_TYPE].desc = "match SNMP Pdu type"; - sigmatch_table[DETECT_AL_SNMP_PDU_TYPE].url = DOC_URL DOC_VERSION "/rules/snmp-keywords.html#snmp_pdu_type"; + sigmatch_table[DETECT_AL_SNMP_PDU_TYPE].url = DOC_URL DOC_VERSION "/rules/snmp-keywords.html#snmp.pdu_type"; sigmatch_table[DETECT_AL_SNMP_PDU_TYPE].Match = NULL; sigmatch_table[DETECT_AL_SNMP_PDU_TYPE].AppLayerTxMatch = DetectSNMPPduTypeMatch; sigmatch_table[DETECT_AL_SNMP_PDU_TYPE].Setup = DetectSNMPPduTypeSetup; sigmatch_table[DETECT_AL_SNMP_PDU_TYPE].Free = DetectSNMPPduTypeFree; sigmatch_table[DETECT_AL_SNMP_PDU_TYPE].RegisterTests = DetectSNMPPduTypeRegisterTests; + sigmatch_table[DETECT_AL_SNMP_PDU_TYPE].flags |= SIGMATCH_NOOPT; DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); - DetectAppLayerInspectEngineRegister("snmp_pdu_type", + DetectAppLayerInspectEngineRegister("snmp.pdu_type", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectSNMPRequestGeneric); - DetectAppLayerInspectEngineRegister("snmp_pdu_type", + DetectAppLayerInspectEngineRegister("snmp.pdu_type", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectSNMPRequestGeneric); - g_snmp_pdu_type_buffer_id = DetectBufferTypeGetByName("snmp_pdu_type"); - - SCLogDebug("g_snmp_pdu_type_buffer_id %d", g_snmp_pdu_type_buffer_id); + g_snmp_pdu_type_buffer_id = DetectBufferTypeGetByName("snmp.pdu_type"); } static int DetectEngineInspectSNMPRequestGeneric(ThreadVars *tv, @@ -139,7 +130,7 @@ static int DetectSNMPPduTypeMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx /** * \internal - * \brief Function to parse options passed via snmp_pdu_type keywords. + * \brief Function to parse options passed via snmp.pdu_type keywords. * * \param rawstr Pointer to the user provided options. * @@ -177,7 +168,7 @@ static DetectSNMPPduTypeData *DetectSNMPPduTypeParse (const char *rawstr) dd->pdu_type = strtoul(value1, &endptr, 10); if (endptr == NULL || *endptr != '\0') { SCLogError(SC_ERR_INVALID_SIGNATURE, "invalid character as arg " - "to snmp_pdu_type keyword"); + "to snmp.pdu_type keyword"); goto error; } @@ -224,7 +215,7 @@ static int DetectSNMPPduTypeSetup (DetectEngineCtx *de_ctx, Signature *s, sm->type = DETECT_AL_SNMP_PDU_TYPE; sm->ctx = (void *)dd; - SCLogDebug("snmp_pdu_type %d", dd->pdu_type); + SCLogDebug("snmp.pdu_type %d", dd->pdu_type); SigMatchAppendSMToList(s, sm, g_snmp_pdu_type_buffer_id); return 0; @@ -274,5 +265,3 @@ static void DetectSNMPPduTypeRegisterTests(void) UtRegisterTest("SNMPValidityTestParse01", SNMPValidityTestParse01); #endif /* UNITTESTS */ } - -#endif diff --git a/src/detect-snmp-version.c b/src/detect-snmp-version.c index 6972ca8582..71d2108f7d 100644 --- a/src/detect-snmp-version.c +++ b/src/detect-snmp-version.c @@ -30,19 +30,11 @@ #include "detect-snmp-version.h" #include "app-layer-parser.h" -#ifndef HAVE_RUST - -void DetectSNMPVersionRegister(void) -{ -} - -#else - #include "rust-snmp-snmp-gen.h" #include "rust-snmp-detect-gen.h" /** - * [snmp_version]:[<|>|<=|>=]; + * [snmp.version]:[<|>|<=|>=]; */ #define PARSE_REGEX "^\\s*(<=|>=|<|>)?\\s*([0-9]+)\\s*$" static pcre *parse_regex; @@ -78,33 +70,31 @@ static int DetectSNMPVersionMatch (ThreadVars *, DetectEngineThreadCtx *, Flow * const SigMatchCtx *); /** - * \brief Registration function for snmp_procedure keyword. + * \brief Registration function for snmp.procedure keyword. */ void DetectSNMPVersionRegister (void) { - sigmatch_table[DETECT_AL_SNMP_VERSION].name = "snmp_version"; + sigmatch_table[DETECT_AL_SNMP_VERSION].name = "snmp.version"; sigmatch_table[DETECT_AL_SNMP_VERSION].desc = "match SNMP version"; - sigmatch_table[DETECT_AL_SNMP_VERSION].url = DOC_URL DOC_VERSION "/rules/snmp-keywords.html#snmp_version"; + sigmatch_table[DETECT_AL_SNMP_VERSION].url = DOC_URL DOC_VERSION "/rules/snmp-keywords.html#snmp.version"; sigmatch_table[DETECT_AL_SNMP_VERSION].Match = NULL; sigmatch_table[DETECT_AL_SNMP_VERSION].AppLayerTxMatch = DetectSNMPVersionMatch; sigmatch_table[DETECT_AL_SNMP_VERSION].Setup = DetectSNMPVersionSetup; sigmatch_table[DETECT_AL_SNMP_VERSION].Free = DetectSNMPVersionFree; sigmatch_table[DETECT_AL_SNMP_VERSION].RegisterTests = DetectSNMPVersionRegisterTests; - + sigmatch_table[DETECT_AL_SNMP_VERSION].flags |= SIGMATCH_NOOPT; DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); - DetectAppLayerInspectEngineRegister("snmp_version", + DetectAppLayerInspectEngineRegister("snmp.version", ALPROTO_SNMP, SIG_FLAG_TOSERVER, 0, DetectEngineInspectSNMPRequestGeneric); - DetectAppLayerInspectEngineRegister("snmp_version", + DetectAppLayerInspectEngineRegister("snmp.version", ALPROTO_SNMP, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectSNMPRequestGeneric); - g_snmp_version_buffer_id = DetectBufferTypeGetByName("snmp_version"); - - SCLogDebug("g_snmp_version_buffer_id %d", g_snmp_version_buffer_id); + g_snmp_version_buffer_id = DetectBufferTypeGetByName("snmp.version"); } static int DetectEngineInspectSNMPRequestGeneric(ThreadVars *tv, @@ -181,7 +171,7 @@ static int DetectSNMPVersionMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx /** * \internal - * \brief Function to parse options passed via snmp_version keywords. + * \brief Function to parse options passed via snmp.version keywords. * * \param rawstr Pointer to the user provided options. * @@ -243,7 +233,7 @@ static DetectSNMPVersionData *DetectSNMPVersionParse (const char *rawstr) dd->version = strtoul(value1, &endptr, 10); if (endptr == NULL || *endptr != '\0') { SCLogError(SC_ERR_INVALID_SIGNATURE, "invalid character as arg " - "to snmp_version keyword"); + "to snmp.version keyword"); goto error; } @@ -292,7 +282,7 @@ static int DetectSNMPVersionSetup (DetectEngineCtx *de_ctx, Signature *s, sm->type = DETECT_AL_SNMP_VERSION; sm->ctx = (void *)dd; - SCLogDebug("snmp_version %d", dd->version); + SCLogDebug("snmp.version %d", dd->version); SigMatchAppendSMToList(s, sm, g_snmp_version_buffer_id); return 0; @@ -360,5 +350,3 @@ static void DetectSNMPVersionRegisterTests(void) UtRegisterTest("SNMPValidityTestParse02", SNMPValidityTestParse02); #endif /* UNITTESTS */ } - -#endif -- 2.47.2