detect-location: Add scaffolding for a new geoip module

This currently only adds empty functions that do not do anything useful,
yet.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/Makefile.am b/src/Makefile.am
index 0f648db56d415bcb4464afaa2f925f22e6fcce53..4f7fe445068a1a8b879491a5e57e489639573d43 100755 (executable)
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -234,6 +234,7 @@ noinst_HEADERS = \
        detect-krb5-msgtype.h \
        detect-krb5-sname.h \
        detect-l3proto.h \
+       detect-location.h \
        detect-lua-extensions.h \
        detect-lua.h \
        detect-mark.h \
@@ -810,6 +811,7 @@ libsuricata_c_a_SOURCES = \
        detect-krb5-msgtype.c \
        detect-krb5-sname.c \
        detect-l3proto.c \
+       detect-location.c \
        detect-lua.c \
        detect-lua-extensions.c \
        detect-mark.c \

diff --git a/src/detect-engine-register.c b/src/detect-engine-register.c
index d5ae96de74c11d676da8d0ec08335c8d5fdabe06..fc24b02ee1981fa32056f039b0bba188dc17f3fd 100644 (file)
--- a/src/detect-engine-register.c
+++ b/src/detect-engine-register.c
@@ -217,6 +217,7 @@
 #include "detect-mqtt-publish-message.h"
 #include "detect-mqtt-subscribe-topic.h"
 #include "detect-mqtt-unsubscribe-topic.h"
+#include "detect-location.h"
 
 #include "detect-template-buffer.h"
 #include "detect-bypass.h"
@@ -643,6 +644,7 @@ void SigTableSetup(void)
     DetectMQTTPublishMessageRegister();
     DetectMQTTSubscribeTopicRegister();
     DetectMQTTUnsubscribeTopicRegister();
+    DetectLocationRegister();
 
     DetectTemplateBufferRegister();
     DetectBypassRegister();

diff --git a/src/detect-location.c b/src/detect-location.c
new file mode 100644 (file)
index 0000000..6d5843a
--- /dev/null
+++ b/src/detect-location.c
@@ -0,0 +1,111 @@
+/* Copyright (C) 2021 IPFire Development Team
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * \author Michael Tremer <michael.tremer@ipfire.org>
+ *
+ * Implements IPFire Location support (geoip keyword)
+ */
+
+#include "suricata-common.h"
+#include "detect-engine.h"
+
+#include "detect-location.h"
+
+#ifdef HAVE_LIBLOC
+
+#include <libloc/libloc.h>
+
+/**
+ * \internal
+ * \brief this function is used to add the geoip option into the signature
+ *
+ * \param de_ctx pointer to the Detection Engine Context
+ * \param s pointer to the Current Signature
+ * \param optstr pointer to the user provided options
+ *
+ * \retval 0 on Success
+ * \retval -1 on Failure
+ */
+static int DetectLocationSetup(DetectEngineCtx* ctx, Signature* signature, const char* optstring) {
+    struct DetectLocationData* data = NULL;
+
+       return -1;
+}
+
+/**
+ * \brief This function will free all resources used by the location module
+ *
+ * \param Pointer to DetectLocationData
+ */
+static void DetectLocationFree(DetectEngineCtx* ctx, void* ptr) {
+       if (!ptr)
+               return;
+
+       // Cast to DetectLocationData
+       struct DetectLocationData* data = (struct DetectLocationData*)ptr;
+
+       // Free database
+       if (data->ctx)
+               loc_unref(data->ctx);
+
+       SCFree(data);
+}
+
+/**
+ * \internal
+ * \brief This function determines the location of the sender/recipient IP address
+ *
+ * \param ctx points to the pattern matcher thread
+ * \param packet points to the current packet
+ * \param ptr points to DetectLocationData
+ *
+ * \retval 0 no match
+ * \retval 1 match
+ */
+static int DetectLocationMatch(DetectEngineThreadCtx* ctx, Packet* packet,
+        const Signature* signature, const SigMatchCtx* ptr) {
+       struct DetectLocationData* data = (struct DetectLocationData*)ptr;
+
+    return 1;
+}
+
+#else /* HAVE_LIBLOC */
+
+static int DetectLocationSetup(DetectEngineCtx* ctx, Signature* signature, const char* optstring) {
+    SCLogError(SC_ERR_NO_LOCATION_SUPPORT,
+        "Support for IPFire Location is not built in (needed for geoip keyword)");
+    return -1;
+}
+
+#endif /* HAVE_LIBLOC */
+
+/**
+ * \brief Registers support for IPFire Location (geoip keyword)
+ */
+void DetectLocationRegister(void) {
+    sigmatch_table[DETECT_GEOIP].name = "geoip";
+    sigmatch_table[DETECT_GEOIP].desc = "match on the source, destination or source and destination IP addresses of network traffic, and to see to which country it belongs";
+    sigmatch_table[DETECT_GEOIP].url = "/rules/header-keywords.html#geoip";
+    sigmatch_table[DETECT_GEOIP].Setup = DetectLocationSetup;
+#ifdef HAVE_LIBLOC
+    sigmatch_table[DETECT_GEOIP].Match = DetectLocationMatch;
+    sigmatch_table[DETECT_GEOIP].Free = DetectLocationFree;
+#endif /* HAVE_LIBLOC */
+}

diff --git a/src/detect-location.h b/src/detect-location.h
new file mode 100644 (file)
index 0000000..32edc47
--- /dev/null
+++ b/src/detect-location.h
@@ -0,0 +1,41 @@
+/* Copyright (C) 2021 IPFire Development Team
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * \author Michael Tremer <michael.tremer@ipfire.org>
+ *
+ * Implements IPFire Location support (geoip keyword)
+ */
+
+#ifndef __DETECT_LOCATION_H__
+#define __DETECT_LOCATION_H__
+
+#ifdef HAVE_LIBLOC
+
+#include <libloc/libloc.h>
+
+struct DetectLocationData {
+    struct loc_ctx* ctx;
+};
+
+#endif /* HAVE_LIBLOC */
+
+void DetectLocationRegister(void);
+
+#endif /* __DETECT_LOCATION_H__ */