static void NdpInitRiskKeyword(void)
{
- /* SCSigTableAppLiteElmt and DetectHelperKeywordRegister don't yet
+ /* SCSigTableAppLiteElmt and SCDetectHelperKeywordRegister don't yet
* support all the fields required to register the nDPI keywords,
* missing the (packet) Match callback,
* so we'll just register with an empty keyword specifier to get
use std::os::raw::{c_int, c_void};
use std::ffi::CString;
-use suricata_sys::sys::{AppProto, DetectEngineCtx, Signature};
+use suricata_sys::sys::{AppProto, DetectEngineCtx, Signature, SCDetectHelperKeywordRegister, SCSigTableAppLiteElmt};
/// EnumString trait that will be implemented on enums that
/// derive StringEnum.
name,
desc,
url,
- Setup: kw.setup,
+ Setup: Some(kw.setup),
flags: SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER,
AppLayerTxMatch: None,
Free: None,
};
unsafe {
- let r = DetectHelperKeywordRegister(&st);
+ let r = SCDetectHelperKeywordRegister(&st);
DetectHelperKeywordSetCleanCString(r);
return r;
}
let _ = CString::from_raw(kw.url);
}
-#[repr(C)]
-#[allow(non_snake_case)]
-/// App-layer light version of SigTableElmt
-pub struct SCSigTableAppLiteElmt {
- /// keyword name
- pub name: *const libc::c_char,
- /// keyword description
- pub desc: *const libc::c_char,
- /// keyword documentation url
- pub url: *const libc::c_char,
- /// flags SIGMATCH_*
- pub flags: u16,
- /// function callback to parse and setup keyword in rule
- pub Setup: unsafe extern "C" fn(
- de: *mut DetectEngineCtx,
- s: *mut Signature,
- raw: *const std::os::raw::c_char,
- ) -> c_int,
- /// function callback to free structure allocated by setup if any
- pub Free: Option<unsafe extern "C" fn(de: *mut c_void, ptr: *mut c_void)>,
- /// function callback to match on an app-layer transaction
- pub AppLayerTxMatch: Option<
- unsafe extern "C" fn(
- de: *mut c_void,
- f: *mut c_void,
- flags: u8,
- state: *mut c_void,
- tx: *mut c_void,
- sig: *const c_void,
- ctx: *const c_void,
- ) -> c_int,
- >,
-}
-
pub const SIGMATCH_NOOPT: u16 = 1; // BIT_U16(0) in detect.h
pub(crate) const SIGMATCH_QUOTES_MANDATORY: u16 = 0x40; // BIT_U16(6) in detect.h
pub const SIGMATCH_INFO_STICKY_BUFFER: u16 = 0x200; // BIT_U16(9)
i32,
) -> *mut c_void,
) -> c_int;
- pub fn DetectHelperKeywordRegister(kw: *const SCSigTableAppLiteElmt) -> c_int;
+ // from detect-parse.h
pub fn DetectSignatureSetAppProto(s: *mut Signature, alproto: AppProto) -> c_int;
pub fn SigMatchAppendSMToList(
de: *mut DetectEngineCtx, s: *mut Signature, kwid: c_int, ctx: *const c_void, bufid: c_int,
use super::parser::DHCPOptionWrapper;
use crate::core::{STREAM_TOCLIENT, STREAM_TOSERVER};
use crate::detect::uint::{DetectUintData, SCDetectU64Free, SCDetectU64Match, SCDetectU64Parse};
-use crate::detect::{
- DetectHelperKeywordRegister, DetectSignatureSetAppProto, SCSigTableAppLiteElmt,
- SigMatchAppendSMToList,
-};
+use crate::detect::{DetectSignatureSetAppProto, SigMatchAppendSMToList};
use std::os::raw::{c_int, c_void};
-use suricata_sys::sys::{DetectEngineCtx, SCDetectHelperBufferRegister, Signature};
+use suricata_sys::sys::{
+ DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectHelperBufferRegister,
+ SCDetectHelperKeywordRegister, SCSigTableAppLiteElmt, SigMatchCtx, Signature,
+};
fn dhcp_tx_get_time(tx: &DHCPTransaction, code: u8) -> Option<u64> {
for option in &tx.message.options {
}
unsafe extern "C" fn dhcp_detect_leasetime_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, DHCPTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u64>);
return 0;
}
-unsafe extern "C" fn dhcp_detect_time_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn dhcp_detect_time_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u64>);
SCDetectU64Free(ctx);
}
unsafe extern "C" fn dhcp_detect_rebindingtime_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, DHCPTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u64>);
}
unsafe extern "C" fn dhcp_detect_renewaltime_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, DHCPTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u64>);
desc: b"match DHCP leasetime\0".as_ptr() as *const libc::c_char,
url: b"/rules/dhcp-keywords.html#dhcp-leasetime\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(dhcp_detect_leasetime_match),
- Setup: dhcp_detect_leasetime_setup,
+ Setup: Some(dhcp_detect_leasetime_setup),
Free: Some(dhcp_detect_time_free),
flags: 0,
};
- G_DHCP_LEASE_TIME_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_DHCP_LEASE_TIME_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_DHCP_LEASE_TIME_BUFFER_ID = SCDetectHelperBufferRegister(
b"dhcp.leasetime\0".as_ptr() as *const libc::c_char,
ALPROTO_DHCP,
desc: b"match DHCP rebinding time\0".as_ptr() as *const libc::c_char,
url: b"/rules/dhcp-keywords.html#dhcp-rebinding-time\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(dhcp_detect_rebindingtime_match),
- Setup: dhcp_detect_rebindingtime_setup,
+ Setup: Some(dhcp_detect_rebindingtime_setup),
Free: Some(dhcp_detect_time_free),
flags: 0,
};
- G_DHCP_REBINDING_TIME_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_DHCP_REBINDING_TIME_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_DHCP_REBINDING_TIME_BUFFER_ID = SCDetectHelperBufferRegister(
b"dhcp.rebinding-time\0".as_ptr() as *const libc::c_char,
ALPROTO_DHCP,
desc: b"match DHCP renewal time\0".as_ptr() as *const libc::c_char,
url: b"/rules/dhcp-keywords.html#dhcp-renewal-time\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(dhcp_detect_renewaltime_match),
- Setup: dhcp_detect_renewaltime_setup,
+ Setup: Some(dhcp_detect_renewaltime_setup),
Free: Some(dhcp_detect_time_free),
flags: 0,
};
- G_DHCP_RENEWAL_TIME_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_DHCP_RENEWAL_TIME_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_DHCP_RENEWAL_TIME_BUFFER_ID = SCDetectHelperBufferRegister(
b"dhcp.renewal-time\0".as_ptr() as *const libc::c_char,
ALPROTO_DHCP,
SCDetectU8Parse,
};
use crate::detect::{
- helper_keyword_register_sticky_buffer, DetectHelperKeywordRegister, DetectSignatureSetAppProto,
- SCSigTableAppLiteElmt, SigMatchAppendSMToList, SigTableElmtStickyBuffer,
+ helper_keyword_register_sticky_buffer, DetectSignatureSetAppProto, SigMatchAppendSMToList,
+ SigTableElmtStickyBuffer,
};
use crate::direction::Direction;
use std::ffi::CStr;
use std::os::raw::{c_int, c_void};
use suricata_sys::sys::{
- DetectEngineCtx, DetectEngineThreadCtx, SCDetectBufferSetActiveList,
+ DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList,
SCDetectHelperBufferRegister, SCDetectHelperKeywordAliasRegister,
- SCDetectHelperMultiBufferProgressMpmRegister, Signature,
+ SCDetectHelperKeywordRegister, SCDetectHelperMultiBufferProgressMpmRegister,
+ SCSigTableAppLiteElmt, SigMatchCtx, Signature,
};
/// Perform the DNS opcode match.
///
/// 1 will be returned on match, otherwise 0 will be returned.
unsafe extern "C" fn dns_opcode_match(
- _de: *mut c_void, _f: *mut c_void, flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, DNSTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
///
/// 1 will be returned on match, otherwise 0 will be returned.
unsafe extern "C" fn dns_rcode_match(
- _de: *mut c_void, _f: *mut c_void, flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, DNSTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
/// Perform the DNS rrtype match.
/// 1 will be returned on match, otherwise 0 will be returned.
unsafe extern "C" fn dns_rrtype_match(
- _de: *mut c_void, _f: *mut c_void, flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, DNSTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
return 0;
}
-unsafe extern "C" fn dns_opcode_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn dns_opcode_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
SCDetectU8Free(ctx);
return 0;
}
-unsafe extern "C" fn dns_rcode_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn dns_rcode_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
SCDetectU16Free(ctx);
return 0;
}
-unsafe extern "C" fn dns_rrtype_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn dns_rrtype_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
SCDetectU16Free(ctx);
desc: b"Match the DNS header opcode flag.\0".as_ptr() as *const libc::c_char,
url: b"rules/dns-keywords.html#dns-opcode\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(dns_opcode_match),
- Setup: dns_opcode_setup,
+ Setup: Some(dns_opcode_setup),
Free: Some(dns_opcode_free),
flags: 0,
};
- G_DNS_OPCODE_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_DNS_OPCODE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_DNS_OPCODE_BUFFER_ID = SCDetectHelperBufferRegister(
b"dns.opcode\0".as_ptr() as *const libc::c_char,
ALPROTO_DNS,
desc: b"Match the DNS header rcode flag.\0".as_ptr() as *const libc::c_char,
url: b"rules/dns-keywords.html#dns-rcode\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(dns_rcode_match),
- Setup: dns_rcode_setup,
+ Setup: Some(dns_rcode_setup),
Free: Some(dns_rcode_free),
flags: 0,
};
- G_DNS_RCODE_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_DNS_RCODE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_DNS_RCODE_BUFFER_ID = SCDetectHelperBufferRegister(
b"dns.rcode\0".as_ptr() as *const libc::c_char,
ALPROTO_DNS,
desc: b"Match the DNS rrtype in message body.\0".as_ptr() as *const libc::c_char,
url: b"rules/dns-keywords.html#dns-rrtype\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(dns_rrtype_match),
- Setup: dns_rrtype_setup,
+ Setup: Some(dns_rrtype_setup),
Free: Some(dns_rrtype_free),
flags: 0,
};
- G_DNS_RRTYPE_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_DNS_RRTYPE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_DNS_RRTYPE_BUFFER_ID = SCDetectHelperBufferRegister(
b"dns.rrtype\0".as_ptr() as *const libc::c_char,
ALPROTO_DNS,
};
use crate::detect::{
helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, DetectHelperGetData,
- DetectHelperKeywordRegister, DetectSignatureSetAppProto, SCSigTableAppLiteElmt,
- SigMatchAppendSMToList, SigTableElmtStickyBuffer,
+ DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer,
};
use suricata_sys::sys::{
- DetectEngineCtx, SCDetectBufferSetActiveList, SCDetectHelperBufferRegister, Signature,
+ DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList,
+ SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister, SCSigTableAppLiteElmt,
+ SigMatchCtx, Signature,
};
use crate::direction::Direction;
return 0;
}
-unsafe extern "C" fn cipservice_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn cipservice_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
std::mem::drop(Box::from_raw(ctx as *mut DetectCipServiceData));
}
unsafe extern "C" fn cipservice_match(
- _de: *mut c_void, _f: *mut c_void, flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectCipServiceData);
}
unsafe extern "C" fn capabilities_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
return 0;
}
-unsafe extern "C" fn capabilities_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn capabilities_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
SCDetectU16Free(ctx);
}
unsafe extern "C" fn cip_attribute_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
return enip_tx_has_cip_attribute(tx, ctx);
}
-unsafe extern "C" fn cip_attribute_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn cip_attribute_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
SCDetectU32Free(ctx);
}
unsafe extern "C" fn cip_class_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
return enip_tx_has_cip_segment(tx, ctx, 8);
}
-unsafe extern "C" fn cip_class_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn cip_class_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
SCDetectU32Free(ctx);
}
unsafe extern "C" fn vendor_id_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
return 0;
}
-unsafe extern "C" fn vendor_id_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn vendor_id_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
SCDetectU16Free(ctx);
}
unsafe extern "C" fn status_match(
- _de: *mut c_void, _f: *mut c_void, flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
return 0;
}
-unsafe extern "C" fn status_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn status_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
SCDetectU32Free(ctx);
}
unsafe extern "C" fn state_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
return 0;
}
-unsafe extern "C" fn state_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn state_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
SCDetectU8Free(ctx);
}
unsafe extern "C" fn serial_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
return 0;
}
-unsafe extern "C" fn serial_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn serial_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
SCDetectU32Free(ctx);
}
unsafe extern "C" fn revision_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
return 0;
}
-unsafe extern "C" fn revision_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn revision_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
SCDetectU16Free(ctx);
}
unsafe extern "C" fn protocol_version_match(
- _de: *mut c_void, _f: *mut c_void, flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
return 0;
}
-unsafe extern "C" fn protocol_version_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn protocol_version_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
SCDetectU16Free(ctx);
}
unsafe extern "C" fn product_code_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
return 0;
}
-unsafe extern "C" fn product_code_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn product_code_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
SCDetectU16Free(ctx);
}
unsafe extern "C" fn identity_status_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
return 0;
}
-unsafe extern "C" fn identity_status_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn identity_status_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
SCDetectU16Free(ctx);
}
unsafe extern "C" fn device_type_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
return 0;
}
-unsafe extern "C" fn device_type_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn device_type_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
SCDetectU16Free(ctx);
}
unsafe extern "C" fn command_match(
- _de: *mut c_void, _f: *mut c_void, flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
return 0;
}
-unsafe extern "C" fn command_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn command_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
SCDetectU16Free(ctx);
}
unsafe extern "C" fn cip_status_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
return enip_tx_has_cip_status(tx, ctx);
}
-unsafe extern "C" fn cip_status_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn cip_status_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
SCDetectU8Free(ctx);
}
unsafe extern "C" fn cip_instance_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
return enip_tx_has_cip_segment(tx, ctx, 9);
}
-unsafe extern "C" fn cip_instance_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn cip_instance_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
SCDetectU32Free(ctx);
}
unsafe extern "C" fn cip_extendedstatus_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, EnipTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
return enip_tx_has_cip_extendedstatus(tx, ctx);
}
-unsafe extern "C" fn cip_extendedstatus_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn cip_extendedstatus_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u16>);
SCDetectU16Free(ctx);
as *const libc::c_char,
url: b"/rules/enip-keyword.html#cip_service\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(cipservice_match),
- Setup: cipservice_setup,
+ Setup: Some(cipservice_setup),
Free: Some(cipservice_free),
flags: 0,
};
- G_ENIP_CIPSERVICE_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_ENIP_CIPSERVICE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_CIPSERVICE_BUFFER_ID = SCDetectHelperBufferRegister(
b"cip\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
desc: b"rules for detecting EtherNet/IP capabilities\0".as_ptr() as *const libc::c_char,
url: b"/rules/enip-keyword.html#enip-capabilities\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(capabilities_match),
- Setup: capabilities_setup,
+ Setup: Some(capabilities_setup),
Free: Some(capabilities_free),
flags: 0,
};
- G_ENIP_CAPABILITIES_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_ENIP_CAPABILITIES_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_CAPABILITIES_BUFFER_ID = SCDetectHelperBufferRegister(
b"enip.capabilities\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
desc: b"rules for detecting EtherNet/IP cip_attribute\0".as_ptr() as *const libc::c_char,
url: b"/rules/enip-keyword.html#enip-cip-attribute\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(cip_attribute_match),
- Setup: cip_attribute_setup,
+ Setup: Some(cip_attribute_setup),
Free: Some(cip_attribute_free),
flags: 0,
};
- G_ENIP_CIP_ATTRIBUTE_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_ENIP_CIP_ATTRIBUTE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_CIP_ATTRIBUTE_BUFFER_ID = SCDetectHelperBufferRegister(
b"enip.cip_attribute\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
desc: b"rules for detecting EtherNet/IP cip_class\0".as_ptr() as *const libc::c_char,
url: b"/rules/enip-keyword.html#enip-cip-class\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(cip_class_match),
- Setup: cip_class_setup,
+ Setup: Some(cip_class_setup),
Free: Some(cip_class_free),
flags: 0,
};
- G_ENIP_CIP_CLASS_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_ENIP_CIP_CLASS_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_CIP_CLASS_BUFFER_ID = SCDetectHelperBufferRegister(
b"enip.cip_class\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
desc: b"rules for detecting EtherNet/IP vendor_id\0".as_ptr() as *const libc::c_char,
url: b"/rules/enip-keyword.html#enip-vendor-id\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(vendor_id_match),
- Setup: vendor_id_setup,
+ Setup: Some(vendor_id_setup),
Free: Some(vendor_id_free),
flags: 0,
};
- G_ENIP_VENDOR_ID_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_ENIP_VENDOR_ID_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_VENDOR_ID_BUFFER_ID = SCDetectHelperBufferRegister(
b"enip.vendor_id\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
desc: b"rules for detecting EtherNet/IP status\0".as_ptr() as *const libc::c_char,
url: b"/rules/enip-keyword.html#enip-status\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(status_match),
- Setup: status_setup,
+ Setup: Some(status_setup),
Free: Some(status_free),
flags: 0,
};
- G_ENIP_STATUS_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_ENIP_STATUS_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_STATUS_BUFFER_ID = SCDetectHelperBufferRegister(
b"enip.status\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
desc: b"rules for detecting EtherNet/IP state\0".as_ptr() as *const libc::c_char,
url: b"/rules/enip-keyword.html#enip-state\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(state_match),
- Setup: state_setup,
+ Setup: Some(state_setup),
Free: Some(state_free),
flags: 0,
};
- G_ENIP_STATE_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_ENIP_STATE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_STATE_BUFFER_ID = SCDetectHelperBufferRegister(
b"enip.state\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
desc: b"rules for detecting EtherNet/IP serial\0".as_ptr() as *const libc::c_char,
url: b"/rules/enip-keyword.html#enip-serial\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(serial_match),
- Setup: serial_setup,
+ Setup: Some(serial_setup),
Free: Some(serial_free),
flags: 0,
};
- G_ENIP_SERIAL_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_ENIP_SERIAL_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_SERIAL_BUFFER_ID = SCDetectHelperBufferRegister(
b"enip.serial\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
desc: b"rules for detecting EtherNet/IP revision\0".as_ptr() as *const libc::c_char,
url: b"/rules/enip-keyword.html#enip-revision\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(revision_match),
- Setup: revision_setup,
+ Setup: Some(revision_setup),
Free: Some(revision_free),
flags: 0,
};
- G_ENIP_REVISION_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_ENIP_REVISION_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_REVISION_BUFFER_ID = SCDetectHelperBufferRegister(
b"enip.revision\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
desc: b"rules for detecting EtherNet/IP protocol_version\0".as_ptr() as *const libc::c_char,
url: b"/rules/enip-keyword.html#enip-protocol-version\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(protocol_version_match),
- Setup: protocol_version_setup,
+ Setup: Some(protocol_version_setup),
Free: Some(protocol_version_free),
flags: 0,
};
- G_ENIP_PROTOCOL_VERSION_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_ENIP_PROTOCOL_VERSION_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_PROTOCOL_VERSION_BUFFER_ID = SCDetectHelperBufferRegister(
b"enip.protocol_version\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
desc: b"rules for detecting EtherNet/IP product_code\0".as_ptr() as *const libc::c_char,
url: b"/rules/enip-keyword.html#enip-product-code\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(product_code_match),
- Setup: product_code_setup,
+ Setup: Some(product_code_setup),
Free: Some(product_code_free),
flags: 0,
};
- G_ENIP_PRODUCT_CODE_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_ENIP_PRODUCT_CODE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_PRODUCT_CODE_BUFFER_ID = SCDetectHelperBufferRegister(
b"enip.product_code\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
desc: b"rules for detecting EtherNet/IP command\0".as_ptr() as *const libc::c_char,
url: b"/rules/enip-keyword.html#enip_command\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(command_match),
- Setup: command_setup,
+ Setup: Some(command_setup),
Free: Some(command_free),
flags: 0,
};
- G_ENIP_COMMAND_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_ENIP_COMMAND_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_COMMAND_BUFFER_ID = SCDetectHelperBufferRegister(
b"enip.command\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
desc: b"rules for detecting EtherNet/IP identity_status\0".as_ptr() as *const libc::c_char,
url: b"/rules/enip-keyword.html#enip-identity-status\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(identity_status_match),
- Setup: identity_status_setup,
+ Setup: Some(identity_status_setup),
Free: Some(identity_status_free),
flags: 0,
};
- G_ENIP_IDENTITY_STATUS_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_ENIP_IDENTITY_STATUS_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_IDENTITY_STATUS_BUFFER_ID = SCDetectHelperBufferRegister(
b"enip.identity_status\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
desc: b"rules for detecting EtherNet/IP device_type\0".as_ptr() as *const libc::c_char,
url: b"/rules/enip-keyword.html#enip-device-type\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(device_type_match),
- Setup: device_type_setup,
+ Setup: Some(device_type_setup),
Free: Some(device_type_free),
flags: 0,
};
- G_ENIP_DEVICE_TYPE_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_ENIP_DEVICE_TYPE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_DEVICE_TYPE_BUFFER_ID = SCDetectHelperBufferRegister(
b"enip.device_type\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
desc: b"rules for detecting EtherNet/IP cip_status\0".as_ptr() as *const libc::c_char,
url: b"/rules/enip-keyword.html#enip-cip-status\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(cip_status_match),
- Setup: cip_status_setup,
+ Setup: Some(cip_status_setup),
Free: Some(cip_status_free),
flags: 0,
};
- G_ENIP_CIP_STATUS_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_ENIP_CIP_STATUS_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_CIP_STATUS_BUFFER_ID = SCDetectHelperBufferRegister(
b"enip.cip_status\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
desc: b"rules for detecting EtherNet/IP cip_instance\0".as_ptr() as *const libc::c_char,
url: b"/rules/enip-keyword.html#enip-cip-instance\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(cip_instance_match),
- Setup: cip_instance_setup,
+ Setup: Some(cip_instance_setup),
Free: Some(cip_instance_free),
flags: 0,
};
- G_ENIP_CIP_INSTANCE_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_ENIP_CIP_INSTANCE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_CIP_INSTANCE_BUFFER_ID = SCDetectHelperBufferRegister(
b"enip.cip_instance\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
as *const libc::c_char,
url: b"/rules/enip-keyword.html#enip-cip-extendedstatus\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(cip_extendedstatus_match),
- Setup: cip_extendedstatus_setup,
+ Setup: Some(cip_extendedstatus_setup),
Free: Some(cip_extendedstatus_free),
flags: 0,
};
- G_ENIP_CIP_EXTENDEDSTATUS_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_ENIP_CIP_EXTENDEDSTATUS_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_ENIP_CIP_EXTENDEDSTATUS_BUFFER_ID = SCDetectHelperBufferRegister(
b"enip.cip_extendedstatus\0".as_ptr() as *const libc::c_char,
ALPROTO_ENIP,
};
use crate::detect::{
helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, DetectHelperGetData,
- DetectHelperKeywordRegister, DetectSignatureSetAppProto, SCSigTableAppLiteElmt,
- SigMatchAppendSMToList, SigTableElmtStickyBuffer,
+ DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer,
};
use crate::ldap::types::{LdapMessage, LdapResultCode, ProtocolOp, ProtocolOpCode};
use suricata_sys::sys::{
- DetectEngineCtx, DetectEngineThreadCtx, SCDetectBufferSetActiveList,
- SCDetectHelperBufferRegister, SCDetectHelperMultiBufferMpmRegister, Signature,
+ DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList,
+ SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister,
+ SCDetectHelperMultiBufferMpmRegister, SCSigTableAppLiteElmt, SigMatchCtx, Signature,
};
use std::collections::VecDeque;
}
unsafe extern "C" fn ldap_detect_request_operation_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, LdapTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
return 0;
}
-unsafe extern "C" fn ldap_detect_request_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn ldap_detect_request_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
SCDetectU8Free(ctx);
}
unsafe extern "C" fn ldap_detect_responses_operation_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, LdapTransaction);
let ctx = cast_pointer!(ctx, DetectLdapRespOpData);
);
}
-unsafe extern "C" fn ldap_detect_responses_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn ldap_detect_responses_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectLdapRespOpData);
std::mem::drop(Box::from_raw(ctx));
}
unsafe extern "C" fn ldap_detect_responses_count_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, LdapTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
return detect_match_uint(ctx, len) as c_int;
}
-unsafe extern "C" fn ldap_detect_responses_count_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn ldap_detect_responses_count_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
SCDetectU32Free(ctx);
}
unsafe extern "C" fn ldap_detect_responses_result_code_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, LdapTransaction);
let ctx = cast_pointer!(ctx, DetectLdapRespResultData);
);
}
-unsafe extern "C" fn ldap_detect_responses_result_code_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn ldap_detect_responses_result_code_free(
+ _de: *mut DetectEngineCtx, ctx: *mut c_void,
+) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectLdapRespResultData);
std::mem::drop(Box::from_raw(ctx));
desc: b"match LDAP request operation\0".as_ptr() as *const libc::c_char,
url: b"/rules/ldap-keywords.html#ldap.request.operation\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(ldap_detect_request_operation_match),
- Setup: ldap_detect_request_operation_setup,
+ Setup: Some(ldap_detect_request_operation_setup),
Free: Some(ldap_detect_request_free),
flags: 0,
};
- G_LDAP_REQUEST_OPERATION_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_LDAP_REQUEST_OPERATION_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_LDAP_REQUEST_OPERATION_BUFFER_ID = SCDetectHelperBufferRegister(
b"ldap.request.operation\0".as_ptr() as *const libc::c_char,
ALPROTO_LDAP,
url: b"/rules/ldap-keywords.html#ldap.responses.operation\0".as_ptr()
as *const libc::c_char,
AppLayerTxMatch: Some(ldap_detect_responses_operation_match),
- Setup: ldap_detect_responses_operation_setup,
+ Setup: Some(ldap_detect_responses_operation_setup),
Free: Some(ldap_detect_responses_free),
flags: 0,
};
- G_LDAP_RESPONSES_OPERATION_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_LDAP_RESPONSES_OPERATION_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_LDAP_RESPONSES_OPERATION_BUFFER_ID = SCDetectHelperBufferRegister(
b"ldap.responses.operation\0".as_ptr() as *const libc::c_char,
ALPROTO_LDAP,
desc: b"match number of LDAP responses\0".as_ptr() as *const libc::c_char,
url: b"/rules/ldap-keywords.html#ldap.responses.count\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(ldap_detect_responses_count_match),
- Setup: ldap_detect_responses_count_setup,
+ Setup: Some(ldap_detect_responses_count_setup),
Free: Some(ldap_detect_responses_count_free),
flags: 0,
};
- G_LDAP_RESPONSES_COUNT_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_LDAP_RESPONSES_COUNT_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_LDAP_RESPONSES_COUNT_BUFFER_ID = SCDetectHelperBufferRegister(
b"ldap.responses.count\0".as_ptr() as *const libc::c_char,
ALPROTO_LDAP,
url: b"/rules/ldap-keywords.html#ldap.responses.result_code\0".as_ptr()
as *const libc::c_char,
AppLayerTxMatch: Some(ldap_detect_responses_result_code_match),
- Setup: ldap_detect_responses_result_code_setup,
+ Setup: Some(ldap_detect_responses_result_code_setup),
Free: Some(ldap_detect_responses_result_code_free),
flags: 0,
};
- G_LDAP_RESPONSES_RESULT_CODE_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_LDAP_RESPONSES_RESULT_CODE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_LDAP_RESPONSES_RESULT_CODE_BUFFER_ID = SCDetectHelperBufferRegister(
b"ldap.responses.result_code\0".as_ptr() as *const libc::c_char,
ALPROTO_LDAP,
};
use crate::detect::{
helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, DetectHelperGetData,
- DetectHelperKeywordRegister, DetectSignatureSetAppProto, SCSigTableAppLiteElmt,
- SigMatchAppendSMToList, SigTableElmtStickyBuffer,
+ DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer,
};
use suricata_sys::sys::{
- DetectEngineCtx, DetectEngineThreadCtx, SCDetectBufferSetActiveList,
- SCDetectHelperBufferRegister, SCDetectHelperMultiBufferMpmRegister, Signature,
+ DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList,
+ SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister,
+ SCDetectHelperMultiBufferMpmRegister, SCSigTableAppLiteElmt, SigMatchCtx, Signature,
};
use nom7::branch::alt;
}
unsafe extern "C" fn mqtt_type_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, MQTTTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
return mqtt_tx_has_type(tx, ctx);
}
-unsafe extern "C" fn mqtt_type_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn mqtt_type_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
SCDetectU8Free(ctx);
}
unsafe extern "C" fn mqtt_reason_code_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, MQTTTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
return mqtt_tx_suback_unsuback_has_reason_code(tx, ctx);
}
-unsafe extern "C" fn mqtt_reason_code_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn mqtt_reason_code_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
SCDetectU8Free(ctx);
}
unsafe extern "C" fn mqtt_qos_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, MQTTTransaction);
let ctx = cast_pointer!(ctx, u8);
return mqtt_tx_has_qos(tx, *ctx);
}
-unsafe extern "C" fn mqtt_qos_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn mqtt_qos_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
std::mem::drop(Box::from_raw(ctx as *mut u8));
}
}
unsafe extern "C" fn mqtt_connack_sessionpresent_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, MQTTTransaction);
let ctx = cast_pointer!(ctx, bool);
return mqtt_tx_get_connack_sessionpresent(tx, *ctx);
}
-unsafe extern "C" fn mqtt_connack_sessionpresent_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn mqtt_connack_sessionpresent_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
std::mem::drop(Box::from_raw(ctx as *mut bool));
}
}
unsafe extern "C" fn mqtt_protocol_version_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, state: *mut c_void, _tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, state: *mut c_void,
+ _tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let state = cast_pointer!(state, MQTTState);
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
return 0;
}
-unsafe extern "C" fn mqtt_protocol_version_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn mqtt_protocol_version_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
SCDetectU8Free(ctx);
}
}
unsafe extern "C" fn mqtt_flags_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, MQTTTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
return mqtt_tx_has_flags(tx, ctx);
}
-unsafe extern "C" fn mqtt_flags_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn mqtt_flags_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
SCDetectU8Free(ctx);
}
}
unsafe extern "C" fn mqtt_conn_flags_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, MQTTTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
return mqtt_tx_has_conn_flags(tx, ctx);
}
-unsafe extern "C" fn mqtt_conn_flags_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn mqtt_conn_flags_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
SCDetectU8Free(ctx);
}
desc: b"match MQTT control packet type\0".as_ptr() as *const libc::c_char,
url: b"/rules/mqtt-keywords.html#mqtt-type\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(mqtt_type_match),
- Setup: mqtt_type_setup,
+ Setup: Some(mqtt_type_setup),
Free: Some(mqtt_type_free),
flags: 0,
};
- G_MQTT_TYPE_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_MQTT_TYPE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_MQTT_TYPE_BUFFER_ID = SCDetectHelperBufferRegister(
b"mqtt.type\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
//TODO alias "mqtt.connack.return_code"
url: b"/rules/mqtt-keywords.html#mqtt-reason-code\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(mqtt_reason_code_match),
- Setup: mqtt_reason_code_setup,
+ Setup: Some(mqtt_reason_code_setup),
Free: Some(mqtt_reason_code_free),
flags: 0,
};
- G_MQTT_REASON_CODE_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_MQTT_REASON_CODE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_MQTT_REASON_CODE_BUFFER_ID = SCDetectHelperBufferRegister(
b"mqtt.reason_code\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
url: b"/rules/mqtt-keywords.html#mqtt-connack-session-present\0".as_ptr()
as *const libc::c_char,
AppLayerTxMatch: Some(mqtt_connack_sessionpresent_match),
- Setup: mqtt_connack_sessionpresent_setup,
+ Setup: Some(mqtt_connack_sessionpresent_setup),
Free: Some(mqtt_connack_sessionpresent_free),
flags: 0,
};
- G_MQTT_CONNACK_SESSIONPRESENT_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_MQTT_CONNACK_SESSIONPRESENT_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_MQTT_CONNACK_SESSIONPRESENT_BUFFER_ID = SCDetectHelperBufferRegister(
b"mqtt.connack.session_present\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
//TODO alias "mqtt.connack.return_code"
url: b"/rules/mqtt-keywords.html#mqtt-qos\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(mqtt_qos_match),
- Setup: mqtt_qos_setup,
+ Setup: Some(mqtt_qos_setup),
Free: Some(mqtt_qos_free),
flags: 0,
};
- G_MQTT_QOS_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_MQTT_QOS_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_MQTT_QOS_BUFFER_ID = SCDetectHelperBufferRegister(
b"mqtt.qos\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
desc: b"match MQTT protocol version\0".as_ptr() as *const libc::c_char,
url: b"/rules/mqtt-keywords.html#mqtt-protocol-version\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(mqtt_protocol_version_match),
- Setup: mqtt_protocol_version_setup,
+ Setup: Some(mqtt_protocol_version_setup),
Free: Some(mqtt_protocol_version_free),
flags: 0,
};
- G_MQTT_PROTOCOL_VERSION_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_MQTT_PROTOCOL_VERSION_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_MQTT_PROTOCOL_VERSION_BUFFER_ID = SCDetectHelperBufferRegister(
b"mqtt.protocol_version\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
desc: b"match MQTT fixed header flags\0".as_ptr() as *const libc::c_char,
url: b"/rules/mqtt-keywords.html#mqtt-flags\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(mqtt_flags_match),
- Setup: mqtt_flags_setup,
+ Setup: Some(mqtt_flags_setup),
Free: Some(mqtt_flags_free),
flags: 0,
};
- G_MQTT_FLAGS_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_MQTT_FLAGS_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_MQTT_FLAGS_BUFFER_ID = SCDetectHelperBufferRegister(
b"mqtt.flags\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
desc: b"match MQTT CONNECT variable header flags\0".as_ptr() as *const libc::c_char,
url: b"/rules/mqtt-keywords.html#mqtt-connect-flags\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(mqtt_conn_flags_match),
- Setup: mqtt_conn_flags_setup,
+ Setup: Some(mqtt_conn_flags_setup),
Free: Some(mqtt_conn_flags_free),
flags: 0,
};
- G_MQTT_CONN_FLAGS_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_MQTT_CONN_FLAGS_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_MQTT_CONN_FLAGS_BUFFER_ID = SCDetectHelperBufferRegister(
b"mqtt.connect.flags\0".as_ptr() as *const libc::c_char,
ALPROTO_MQTT,
};
use crate::detect::{
helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, DetectHelperGetData,
- DetectHelperKeywordRegister, DetectSignatureSetAppProto, SCSigTableAppLiteElmt,
- SigMatchAppendSMToList, SigTableElmtStickyBuffer,
+ DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer,
};
use std::ffi::CStr;
use std::os::raw::{c_int, c_void};
use std::ptr;
use suricata_sys::sys::{
- DetectEngineCtx, SCDetectBufferSetActiveList, SCDetectHelperBufferRegister, Signature,
+ DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList,
+ SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister, SCSigTableAppLiteElmt,
+ SigMatchCtx, Signature,
};
unsafe extern "C" fn rfb_name_get_data(
}
unsafe extern "C" fn rfb_sec_type_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
let tx = cast_pointer!(tx, RFBTransaction);
return rfb_sec_type_match_aux(tx, ctx);
}
-unsafe extern "C" fn rfb_sec_type_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn rfb_sec_type_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
SCDetectU32Free(ctx);
}
}
unsafe extern "C" fn rfb_sec_result_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, RFBTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
return rfb_sec_result_match_aux(tx, ctx);
}
-unsafe extern "C" fn rfb_sec_result_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn rfb_sec_result_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
SCDetectU32Free(ctx);
desc: b"match RFB security type\0".as_ptr() as *const libc::c_char,
url: b"/rules/rfb-keywords.html#rfb-sectype\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(rfb_sec_type_match),
- Setup: rfb_sec_type_setup,
+ Setup: Some(rfb_sec_type_setup),
Free: Some(rfb_sec_type_free),
flags: 0,
};
- G_RFB_SEC_TYPE_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_RFB_SEC_TYPE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_RFB_SEC_TYPE_BUFFER_ID = SCDetectHelperBufferRegister(
b"rfb.sectype\0".as_ptr() as *const libc::c_char,
ALPROTO_RFB,
desc: b"match RFB security result\0".as_ptr() as *const libc::c_char,
url: b"/rules/rfb-keywords.html#rfb-secresult\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(rfb_sec_result_match),
- Setup: rfb_sec_result_setup,
+ Setup: Some(rfb_sec_result_setup),
Free: Some(rfb_sec_result_free),
flags: 0,
};
- G_RFB_SEC_RESULT_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_RFB_SEC_RESULT_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_RFB_SEC_RESULT_BUFFER_ID = SCDetectHelperBufferRegister(
b"rfb.secresult\0".as_ptr() as *const libc::c_char,
ALPROTO_RFB,
use crate::detect::uint::{DetectUintData, SCDetectU32Free, SCDetectU32Match, SCDetectU32Parse};
use crate::detect::{
helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, DetectHelperGetData,
- DetectHelperKeywordRegister, DetectSignatureSetAppProto, SCSigTableAppLiteElmt,
- SigMatchAppendSMToList, SigTableElmtStickyBuffer,
+ DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer,
};
use std::os::raw::{c_int, c_void};
use suricata_sys::sys::{
- DetectEngineCtx, SCDetectBufferSetActiveList, SCDetectHelperBufferRegister, Signature,
+ DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList,
+ SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister, SCSigTableAppLiteElmt,
+ SigMatchCtx, Signature,
};
static mut G_SNMP_VERSION_KW_ID: c_int = 0;
}
unsafe extern "C" fn snmp_detect_version_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, SNMPTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
return SCDetectU32Match(tx.version, ctx);
}
-unsafe extern "C" fn snmp_detect_version_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn snmp_detect_version_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
SCDetectU32Free(ctx);
}
unsafe extern "C" fn snmp_detect_pdutype_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, SNMPTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
return 0;
}
-unsafe extern "C" fn snmp_detect_pdutype_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn snmp_detect_pdutype_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
SCDetectU32Free(ctx);
desc: b"match SNMP version\0".as_ptr() as *const libc::c_char,
url: b"/rules/snmp-keywords.html#snmp-version\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(snmp_detect_version_match),
- Setup: snmp_detect_version_setup,
+ Setup: Some(snmp_detect_version_setup),
Free: Some(snmp_detect_version_free),
flags: 0,
};
- G_SNMP_VERSION_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_SNMP_VERSION_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_SNMP_VERSION_BUFFER_ID = SCDetectHelperBufferRegister(
b"snmp.version\0".as_ptr() as *const libc::c_char,
ALPROTO_SNMP,
desc: b"match SNMP PDU type\0".as_ptr() as *const libc::c_char,
url: b"/rules/snmp-keywords.html#snmp-pdu-type\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(snmp_detect_pdutype_match),
- Setup: snmp_detect_pdutype_setup,
+ Setup: Some(snmp_detect_pdutype_setup),
Free: Some(snmp_detect_pdutype_free),
flags: 0,
};
- G_SNMP_PDUTYPE_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_SNMP_PDUTYPE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_SNMP_PDUTYPE_BUFFER_ID = SCDetectHelperBufferRegister(
b"snmp.pdu_type\0".as_ptr() as *const libc::c_char,
ALPROTO_SNMP,
};
use crate::detect::{
helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, DetectHelperGetData,
- DetectHelperKeywordRegister, DetectSignatureSetAppProto, SCSigTableAppLiteElmt,
- SigMatchAppendSMToList, SigTableElmtStickyBuffer,
+ DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer,
};
use crate::websocket::parser::WebSocketOpcode;
use suricata_sys::sys::{
- DetectEngineCtx, SCDetectBufferSetActiveList, SCDetectHelperBufferRegister, Signature,
+ DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList,
+ SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister, SCSigTableAppLiteElmt,
+ SigMatchCtx, Signature,
};
use nom7::branch::alt;
}
unsafe extern "C" fn websocket_detect_opcode_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, WebSocketTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
return SCDetectU8Match(tx.pdu.opcode, ctx);
}
-unsafe extern "C" fn websocket_detect_opcode_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn websocket_detect_opcode_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
SCDetectU8Free(ctx);
}
unsafe extern "C" fn websocket_detect_mask_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, WebSocketTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
return 0;
}
-unsafe extern "C" fn websocket_detect_mask_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn websocket_detect_mask_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u32>);
SCDetectU32Free(ctx);
}
unsafe extern "C" fn websocket_detect_flags_match(
- _de: *mut c_void, _f: *mut c_void, _flags: u8, _state: *mut c_void, tx: *mut c_void,
- _sig: *const c_void, ctx: *const c_void,
+ _de: *mut DetectEngineThreadCtx, _f: *mut Flow, _flags: u8, _state: *mut c_void,
+ tx: *mut c_void, _sig: *const Signature, ctx: *const SigMatchCtx,
) -> c_int {
let tx = cast_pointer!(tx, WebSocketTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
return SCDetectU8Match(tx.pdu.flags, ctx);
}
-unsafe extern "C" fn websocket_detect_flags_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn websocket_detect_flags_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
// Just unbox...
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
SCDetectU8Free(ctx);
desc: b"match WebSocket opcode\0".as_ptr() as *const libc::c_char,
url: b"/rules/websocket-keywords.html#websocket-opcode\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(websocket_detect_opcode_match),
- Setup: websocket_detect_opcode_setup,
+ Setup: Some(websocket_detect_opcode_setup),
Free: Some(websocket_detect_opcode_free),
flags: 0,
};
- G_WEBSOCKET_OPCODE_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_WEBSOCKET_OPCODE_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_WEBSOCKET_OPCODE_BUFFER_ID = SCDetectHelperBufferRegister(
b"websocket.opcode\0".as_ptr() as *const libc::c_char,
ALPROTO_WEBSOCKET,
desc: b"match WebSocket mask\0".as_ptr() as *const libc::c_char,
url: b"/rules/websocket-keywords.html#websocket-mask\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(websocket_detect_mask_match),
- Setup: websocket_detect_mask_setup,
+ Setup: Some(websocket_detect_mask_setup),
Free: Some(websocket_detect_mask_free),
flags: 0,
};
- G_WEBSOCKET_MASK_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_WEBSOCKET_MASK_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_WEBSOCKET_MASK_BUFFER_ID = SCDetectHelperBufferRegister(
b"websocket.mask\0".as_ptr() as *const libc::c_char,
ALPROTO_WEBSOCKET,
desc: b"match WebSocket flags\0".as_ptr() as *const libc::c_char,
url: b"/rules/websocket-keywords.html#websocket-flags\0".as_ptr() as *const libc::c_char,
AppLayerTxMatch: Some(websocket_detect_flags_match),
- Setup: websocket_detect_flags_setup,
+ Setup: Some(websocket_detect_flags_setup),
Free: Some(websocket_detect_flags_free),
flags: 0,
};
- G_WEBSOCKET_FLAGS_KW_ID = DetectHelperKeywordRegister(&kw);
+ G_WEBSOCKET_FLAGS_KW_ID = SCDetectHelperKeywordRegister(&kw);
G_WEBSOCKET_FLAGS_BUFFER_ID = SCDetectHelperBufferRegister(
b"websocket.flags\0".as_ptr() as *const libc::c_char,
ALPROTO_WEBSOCKET,
extern "C" {
pub fn SCDetectHelperNewKeywordId() -> ::std::os::raw::c_int;
}
+extern "C" {
+ pub fn SCDetectHelperKeywordRegister(kw: *const SCSigTableAppLiteElmt)
+ -> ::std::os::raw::c_int;
+}
extern "C" {
pub fn SCDetectHelperKeywordAliasRegister(
kwid: ::std::os::raw::c_int, alias: *const ::std::os::raw::c_char,
kw.url = "/rules/email-keywords.html#email.from";
kw.Setup = DetectMimeEmailFromSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
- DetectHelperKeywordRegister(&kw);
+ SCDetectHelperKeywordRegister(&kw);
g_mime_email_from_buffer_id = DetectHelperBufferMpmRegister(
"email.from", "MIME EMAIL FROM", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailFromData);
kw.url = "/rules/email-keywords.html#email.subject";
kw.Setup = DetectMimeEmailSubjectSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
- DetectHelperKeywordRegister(&kw);
+ SCDetectHelperKeywordRegister(&kw);
g_mime_email_subject_buffer_id = DetectHelperBufferMpmRegister("email.subject",
"MIME EMAIL SUBJECT", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailSubjectData);
kw.url = "/rules/email-keywords.html#email.to";
kw.Setup = DetectMimeEmailToSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
- DetectHelperKeywordRegister(&kw);
+ SCDetectHelperKeywordRegister(&kw);
g_mime_email_to_buffer_id = DetectHelperBufferMpmRegister(
"email.to", "MIME EMAIL TO", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailToData);
kw.url = "/rules/email-keywords.html#email.cc";
kw.Setup = DetectMimeEmailCcSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
- DetectHelperKeywordRegister(&kw);
+ SCDetectHelperKeywordRegister(&kw);
g_mime_email_cc_buffer_id = DetectHelperBufferMpmRegister(
"email.cc", "MIME EMAIL CC", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailCcData);
kw.url = "/rules/email-keywords.html#email.date";
kw.Setup = DetectMimeEmailDateSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
- DetectHelperKeywordRegister(&kw);
+ SCDetectHelperKeywordRegister(&kw);
g_mime_email_date_buffer_id = DetectHelperBufferMpmRegister(
"email.date", "MIME EMAIL DATE", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailDateData);
kw.url = "/rules/email-keywords.html#email.message_id";
kw.Setup = DetectMimeEmailMessageIdSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
- DetectHelperKeywordRegister(&kw);
+ SCDetectHelperKeywordRegister(&kw);
g_mime_email_message_id_buffer_id = DetectHelperBufferMpmRegister("email.message_id",
"MIME EMAIL Message-Id", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailMessageIdData);
kw.url = "/rules/email-keywords.html#email.x_mailer";
kw.Setup = DetectMimeEmailXMailerSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
- DetectHelperKeywordRegister(&kw);
+ SCDetectHelperKeywordRegister(&kw);
g_mime_email_x_mailer_buffer_id = DetectHelperBufferMpmRegister("email.x_mailer",
"MIME EMAIL X-Mailer", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailXMailerData);
kw.url = "/rules/email-keywords.html#email.url";
kw.Setup = DetectMimeEmailUrlSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
- DetectHelperKeywordRegister(&kw);
+ SCDetectHelperKeywordRegister(&kw);
g_mime_email_url_buffer_id = SCDetectHelperMultiBufferMpmRegister(
"email.url", "MIME EMAIL URL", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailUrlData);
kw.url = "/rules/email-keywords.html#email.received";
kw.Setup = DetectMimeEmailReceivedSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
- DetectHelperKeywordRegister(&kw);
+ SCDetectHelperKeywordRegister(&kw);
g_mime_email_received_buffer_id = SCDetectHelperMultiBufferMpmRegister("email.received",
"MIME EMAIL RECEIVED", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailReceivedData);
}
return DETECT_TBLSIZE_IDX - 1;
}
-int DetectHelperKeywordRegister(const SCSigTableAppLiteElmt *kw)
+int SCDetectHelperKeywordRegister(const SCSigTableAppLiteElmt *kw)
{
int keyword_id = SCDetectHelperNewKeywordId();
if (keyword_id < 0) {
int SCDetectHelperNewKeywordId(void);
-int DetectHelperKeywordRegister(const SCSigTableAppLiteElmt *kw);
+int SCDetectHelperKeywordRegister(const SCSigTableAppLiteElmt *kw);
void SCDetectHelperKeywordAliasRegister(int kwid, const char *alias);
int SCDetectHelperBufferRegister(const char *name, AppProto alproto, uint8_t direction);
kw.url = "/rules/smtp-keywords.html#smtp-helo";
kw.Setup = DetectSmtpHeloSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
- DetectHelperKeywordRegister(&kw);
+ SCDetectHelperKeywordRegister(&kw);
g_smtp_helo_buffer_id = DetectHelperBufferMpmRegister(
"smtp.helo", "SMTP helo", ALPROTO_SMTP, STREAM_TOSERVER, GetSmtpHeloData);
kw.url = "/rules/smtp-keywords.html#smtp-mail-from";
kw.Setup = DetectSmtpMailFromSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
- DetectHelperKeywordRegister(&kw);
+ SCDetectHelperKeywordRegister(&kw);
g_smtp_mail_from_buffer_id = DetectHelperBufferMpmRegister(
"smtp.mail_from", "SMTP MAIL FROM", ALPROTO_SMTP, STREAM_TOSERVER, GetSmtpMailFromData);
kw.url = "/rules/smtp-keywords.html#smtp-rcpt-to";
kw.Setup = DetectSmtpRcptToSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
- DetectHelperKeywordRegister(&kw);
+ SCDetectHelperKeywordRegister(&kw);
g_smtp_rcpt_to_buffer_id = SCDetectHelperMultiBufferMpmRegister(
"smtp.rcpt_to", "SMTP RCPT TO", ALPROTO_SMTP, STREAM_TOSERVER, GetSmtpRcptToData);
}
projects / thirdparty / suricata.git / commitdiff
