"FtpStateValues",
"FtpDataStateValues",
"HTTP2TransactionState",
- "SCSigTableAppLiteElmt",
- "SCTransformTableElmt",
"DataRepType",
]
*/
use super::{
- DetectHelperTransformRegister, DetectSignatureAddTransform, InspectionBufferCheckAndExpand,
- InspectionBufferLength, InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt,
+ DetectSignatureAddTransform, InspectionBufferCheckAndExpand, InspectionBufferLength,
+ InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt,
};
use crate::detect::SIGMATCH_NOOPT;
+use suricata_sys::sys::{
+ DetectEngineCtx, DetectEngineThreadCtx, InspectionBuffer, SCDetectHelperTransformRegister,
+ Signature,
+};
use std::os::raw::{c_int, c_void};
use std::ptr;
static mut G_TRANSFORM_TOUPPER_ID: c_int = 0;
unsafe extern "C" fn tolower_setup(
- _de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char,
+ _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char,
) -> c_int {
return DetectSignatureAddTransform(s, G_TRANSFORM_TOLOWER_ID, ptr::null_mut());
}
}
}
-unsafe extern "C" fn tolower_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) {
+unsafe extern "C" fn tolower_transform(
+ _det: *mut DetectEngineThreadCtx, buffer: *mut InspectionBuffer, _ctx: *mut c_void,
+) {
let input = InspectionBufferPtr(buffer);
let input_len = InspectionBufferLength(buffer);
if input.is_null() || input_len == 0 {
name: b"to_lowercase\0".as_ptr() as *const libc::c_char,
desc: b"convert buffer to lowercase\0".as_ptr() as *const libc::c_char,
url: b"/rules/transforms.html#to_lowercase\0".as_ptr() as *const libc::c_char,
- Setup: tolower_setup,
+ Setup: Some(tolower_setup),
flags: SIGMATCH_NOOPT,
- Transform: tolower_transform,
+ Transform: Some(tolower_transform),
Free: None,
TransformValidate: Some(tolower_validate),
};
- G_TRANSFORM_TOLOWER_ID = DetectHelperTransformRegister(&kw);
+ G_TRANSFORM_TOLOWER_ID = SCDetectHelperTransformRegister(&kw);
if G_TRANSFORM_TOLOWER_ID < 0 {
SCLogWarning!("Failed registering transform tolower");
}
}
unsafe extern "C" fn toupper_setup(
- _de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char,
+ _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char,
) -> c_int {
return DetectSignatureAddTransform(s, G_TRANSFORM_TOUPPER_ID, ptr::null_mut());
}
}
}
-unsafe extern "C" fn toupper_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) {
+unsafe extern "C" fn toupper_transform(
+ _det: *mut DetectEngineThreadCtx, buffer: *mut InspectionBuffer, _ctx: *mut c_void,
+) {
let input = InspectionBufferPtr(buffer);
let input_len = InspectionBufferLength(buffer);
if input.is_null() || input_len == 0 {
name: b"to_uppercase\0".as_ptr() as *const libc::c_char,
desc: b"convert buffer to uppercase\0".as_ptr() as *const libc::c_char,
url: b"/rules/transforms.html#to_uppercase\0".as_ptr() as *const libc::c_char,
- Setup: toupper_setup,
+ Setup: Some(toupper_setup),
flags: SIGMATCH_NOOPT,
- Transform: toupper_transform,
+ Transform: Some(toupper_transform),
Free: None,
TransformValidate: Some(toupper_validate),
};
- G_TRANSFORM_TOUPPER_ID = DetectHelperTransformRegister(&kw);
+ G_TRANSFORM_TOUPPER_ID = SCDetectHelperTransformRegister(&kw);
if G_TRANSFORM_TOUPPER_ID < 0 {
SCLogWarning!("Failed registering transform toupper");
}
*/
use super::{
- DetectHelperTransformRegister, DetectSignatureAddTransform, InspectionBufferCheckAndExpand,
- InspectionBufferLength, InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt,
+ DetectSignatureAddTransform, InspectionBufferCheckAndExpand, InspectionBufferLength,
+ InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt,
};
use crate::detect::SIGMATCH_NOOPT;
+use suricata_sys::sys::{
+ DetectEngineCtx, DetectEngineThreadCtx, InspectionBuffer, SCDetectHelperTransformRegister,
+ Signature,
+};
use std::os::raw::{c_int, c_void};
use std::ptr;
static mut G_TRANSFORM_COMPRESS_WHITESPACE_ID: c_int = 0;
unsafe extern "C" fn compress_whitespace_setup(
- _de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char,
+ _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char,
) -> c_int {
return DetectSignatureAddTransform(s, G_TRANSFORM_COMPRESS_WHITESPACE_ID, ptr::null_mut());
}
return nb as u32;
}
-unsafe extern "C" fn compress_whitespace_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) {
+unsafe extern "C" fn compress_whitespace_transform(
+ _det: *mut DetectEngineThreadCtx, buffer: *mut InspectionBuffer, _ctx: *mut c_void,
+) {
let input = InspectionBufferPtr(buffer);
let input_len = InspectionBufferLength(buffer);
if input.is_null() || input_len == 0 {
desc: b"modify buffer to compress consecutive whitespace characters into a single one before inspection\0".as_ptr()
as *const libc::c_char,
url: b"/rules/transforms.html#compress-whitespace\0".as_ptr() as *const libc::c_char,
- Setup: compress_whitespace_setup,
+ Setup: Some(compress_whitespace_setup),
flags: SIGMATCH_NOOPT,
- Transform: compress_whitespace_transform,
+ Transform: Some(compress_whitespace_transform),
Free: None,
TransformValidate: Some(compress_whitespace_validate),
};
- G_TRANSFORM_COMPRESS_WHITESPACE_ID = DetectHelperTransformRegister(&kw);
+ G_TRANSFORM_COMPRESS_WHITESPACE_ID = SCDetectHelperTransformRegister(&kw);
if G_TRANSFORM_COMPRESS_WHITESPACE_ID < 0 {
SCLogWarning!("Failed registering transform compress_whitespace");
}
*/
use super::{
- DetectHelperTransformRegister, DetectSignatureAddTransform, InspectionBufferCheckAndExpand,
- InspectionBufferLength, InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt,
+ DetectSignatureAddTransform, InspectionBufferCheckAndExpand, InspectionBufferLength,
+ InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt,
};
use crate::detect::SIGMATCH_NOOPT;
+use suricata_sys::sys::{
+ DetectEngineCtx, DetectEngineThreadCtx, InspectionBuffer, SCDetectHelperTransformRegister,
+ Signature,
+};
+
use std::os::raw::{c_int, c_void};
use std::ptr;
static mut G_TRANSFORM_TLD_ID: c_int = 0;
unsafe extern "C" fn domain_setup(
- _de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char,
+ _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char,
) -> c_int {
return DetectSignatureAddTransform(s, G_TRANSFORM_DOMAIN_ID, ptr::null_mut());
}
0
}
-unsafe extern "C" fn domain_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) {
+unsafe extern "C" fn domain_transform(
+ _det: *mut DetectEngineThreadCtx, buffer: *mut InspectionBuffer, _ctx: *mut c_void,
+) {
let input = InspectionBufferPtr(buffer);
let input_len = InspectionBufferLength(buffer);
if input.is_null() || input_len == 0 {
}
unsafe extern "C" fn tld_setup(
- _de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char,
+ _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char,
) -> c_int {
return DetectSignatureAddTransform(s, G_TRANSFORM_TLD_ID, ptr::null_mut());
}
0
}
-unsafe extern "C" fn tld_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) {
+unsafe extern "C" fn tld_transform(
+ _det: *mut DetectEngineThreadCtx, buffer: *mut InspectionBuffer, _ctx: *mut c_void,
+) {
let input = InspectionBufferPtr(buffer);
let input_len = InspectionBufferLength(buffer);
if input.is_null() || input_len == 0 {
name: b"domain\0".as_ptr() as *const libc::c_char,
desc: b"modify buffer to extract the domain\0".as_ptr() as *const libc::c_char,
url: b"/rules/transforms.html#domain\0".as_ptr() as *const libc::c_char,
- Setup: domain_setup,
+ Setup: Some(domain_setup),
flags: SIGMATCH_NOOPT,
- Transform: domain_transform,
+ Transform: Some(domain_transform),
Free: None,
TransformValidate: None,
};
unsafe {
- G_TRANSFORM_DOMAIN_ID = DetectHelperTransformRegister(&kw);
+ G_TRANSFORM_DOMAIN_ID = SCDetectHelperTransformRegister(&kw);
if G_TRANSFORM_DOMAIN_ID < 0 {
SCLogWarning!("Failed registering transform domain");
}
name: b"tld\0".as_ptr() as *const libc::c_char,
desc: b"modify buffer to extract the tld\0".as_ptr() as *const libc::c_char,
url: b"/rules/transforms.html#tld\0".as_ptr() as *const libc::c_char,
- Setup: tld_setup,
+ Setup: Some(tld_setup),
flags: SIGMATCH_NOOPT,
- Transform: tld_transform,
+ Transform: Some(tld_transform),
Free: None,
TransformValidate: None,
};
unsafe {
- G_TRANSFORM_TLD_ID = DetectHelperTransformRegister(&kw);
+ G_TRANSFORM_TLD_ID = SCDetectHelperTransformRegister(&kw);
if G_TRANSFORM_TLD_ID < 0 {
SCLogWarning!("Failed registering transform tld");
}
*/
use super::{
- DetectHelperTransformRegister, DetectSignatureAddTransform, InspectionBufferCheckAndExpand,
- InspectionBufferLength, InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt,
+ DetectSignatureAddTransform, InspectionBufferCheckAndExpand, InspectionBufferLength,
+ InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt,
};
use crate::detect::SIGMATCH_NOOPT;
+use suricata_sys::sys::{
+ DetectEngineCtx, DetectEngineThreadCtx, InspectionBuffer, SCDetectHelperTransformRegister,
+ Signature,
+};
use std::os::raw::{c_int, c_void};
use std::ptr;
static mut G_TRANSFORM_DOT_PREFIX_ID: c_int = 0;
unsafe extern "C" fn dot_prefix_setup(
- _de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char,
+ _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char,
) -> c_int {
return DetectSignatureAddTransform(s, G_TRANSFORM_DOT_PREFIX_ID, ptr::null_mut());
}
output[0] = b'.';
}
-unsafe extern "C" fn dot_prefix_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) {
+unsafe extern "C" fn dot_prefix_transform(
+ _det: *mut DetectEngineThreadCtx, buffer: *mut InspectionBuffer, _ctx: *mut c_void,
+) {
let input_len = InspectionBufferLength(buffer);
if input_len == 0 {
return;
name: b"dotprefix\0".as_ptr() as *const libc::c_char,
desc: b"modify buffer to extract the dotprefix\0".as_ptr() as *const libc::c_char,
url: b"/rules/transforms.html#dotprefix\0".as_ptr() as *const libc::c_char,
- Setup: dot_prefix_setup,
+ Setup: Some(dot_prefix_setup),
flags: SIGMATCH_NOOPT,
- Transform: dot_prefix_transform,
+ Transform: Some(dot_prefix_transform),
Free: None,
TransformValidate: None,
};
unsafe {
- G_TRANSFORM_DOT_PREFIX_ID = DetectHelperTransformRegister(&kw);
+ G_TRANSFORM_DOT_PREFIX_ID = SCDetectHelperTransformRegister(&kw);
if G_TRANSFORM_DOT_PREFIX_ID < 0 {
SCLogWarning!("Failed registering transform dot_prefix");
}
*/
use super::{
- DetectHelperTransformRegister, DetectSignatureAddTransform, InspectionBufferCheckAndExpand,
- InspectionBufferLength, InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt,
+ DetectSignatureAddTransform, InspectionBufferCheckAndExpand, InspectionBufferLength,
+ InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt,
};
use crate::detect::SIGMATCH_NOOPT;
+use suricata_sys::sys::{
+ DetectEngineCtx, DetectEngineThreadCtx, InspectionBuffer, SCDetectHelperTransformRegister,
+ Signature,
+};
+
use crate::ffi::hashing::{G_DISABLE_HASHING, SC_SHA1_LEN, SC_SHA256_LEN};
use digest::{Digest, Update};
use md5::Md5;
const SC_MD5_LEN: usize = 16;
unsafe extern "C" fn md5_setup(
- _de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char,
+ _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char,
) -> c_int {
if G_DISABLE_HASHING {
SCLogError!("MD5 hashing has been disabled, needed for to_md5 keyword");
Md5::new().chain(input).finalize_into(output.into());
}
-unsafe extern "C" fn md5_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) {
+unsafe extern "C" fn md5_transform(
+ _det: *mut DetectEngineThreadCtx, buffer: *mut InspectionBuffer, _ctx: *mut c_void,
+) {
let input = InspectionBufferPtr(buffer);
let input_len = InspectionBufferLength(buffer);
if input.is_null() || input_len == 0 {
name: b"to_md5\0".as_ptr() as *const libc::c_char,
desc: b"convert to md5 hash of the buffer\0".as_ptr() as *const libc::c_char,
url: b"/rules/transforms.html#to-md5\0".as_ptr() as *const libc::c_char,
- Setup: md5_setup,
+ Setup: Some(md5_setup),
flags: SIGMATCH_NOOPT,
- Transform: md5_transform,
+ Transform: Some(md5_transform),
Free: None,
TransformValidate: None,
};
- G_TRANSFORM_MD5_ID = DetectHelperTransformRegister(&kw);
+ G_TRANSFORM_MD5_ID = SCDetectHelperTransformRegister(&kw);
if G_TRANSFORM_MD5_ID < 0 {
SCLogWarning!("Failed registering transform md5");
}
}
unsafe extern "C" fn sha1_setup(
- _de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char,
+ _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char,
) -> c_int {
if G_DISABLE_HASHING {
SCLogError!("SHA1 hashing has been disabled, needed for to_sha1 keyword");
Sha1::new().chain(input).finalize_into(output.into());
}
-unsafe extern "C" fn sha1_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) {
+unsafe extern "C" fn sha1_transform(
+ _det: *mut DetectEngineThreadCtx, buffer: *mut InspectionBuffer, _ctx: *mut c_void,
+) {
let input = InspectionBufferPtr(buffer);
let input_len = InspectionBufferLength(buffer);
if input.is_null() || input_len == 0 {
name: b"to_sha1\0".as_ptr() as *const libc::c_char,
desc: b"convert to sha1 hash of the buffer\0".as_ptr() as *const libc::c_char,
url: b"/rules/transforms.html#to-sha1\0".as_ptr() as *const libc::c_char,
- Setup: sha1_setup,
+ Setup: Some(sha1_setup),
flags: SIGMATCH_NOOPT,
- Transform: sha1_transform,
+ Transform: Some(sha1_transform),
Free: None,
TransformValidate: None,
};
- G_TRANSFORM_SHA1_ID = DetectHelperTransformRegister(&kw);
+ G_TRANSFORM_SHA1_ID = SCDetectHelperTransformRegister(&kw);
if G_TRANSFORM_SHA1_ID < 0 {
SCLogWarning!("Failed registering transform sha1");
}
}
unsafe extern "C" fn sha256_setup(
- _de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char,
+ _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char,
) -> c_int {
if G_DISABLE_HASHING {
SCLogError!("SHA256 hashing has been disabled, needed for to_sha256 keyword");
Sha256::new().chain(input).finalize_into(output.into());
}
-unsafe extern "C" fn sha256_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) {
+unsafe extern "C" fn sha256_transform(
+ _det: *mut DetectEngineThreadCtx, buffer: *mut InspectionBuffer, _ctx: *mut c_void,
+) {
let input = InspectionBufferPtr(buffer);
let input_len = InspectionBufferLength(buffer);
if input.is_null() || input_len == 0 {
name: b"to_sha256\0".as_ptr() as *const libc::c_char,
desc: b"convert to sha256 hash of the buffer\0".as_ptr() as *const libc::c_char,
url: b"/rules/transforms.html#to-sha256\0".as_ptr() as *const libc::c_char,
- Setup: sha256_setup,
+ Setup: Some(sha256_setup),
flags: SIGMATCH_NOOPT,
- Transform: sha256_transform,
+ Transform: Some(sha256_transform),
Free: None,
TransformValidate: None,
};
- G_TRANSFORM_SHA256_ID = DetectHelperTransformRegister(&kw);
+ G_TRANSFORM_SHA256_ID = SCDetectHelperTransformRegister(&kw);
if G_TRANSFORM_SHA256_ID < 0 {
SCLogWarning!("Failed registering transform sha256");
}
*/
use super::{
- DetectHelperTransformRegister, DetectSignatureAddTransform, InspectionBufferCheckAndExpand,
- InspectionBufferLength, InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt,
+ DetectSignatureAddTransform, InspectionBufferCheckAndExpand, InspectionBufferLength,
+ InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt,
};
use crate::detect::SIGMATCH_NOOPT;
+use suricata_sys::sys::{
+ DetectEngineCtx, DetectEngineThreadCtx, InspectionBuffer, SCDetectHelperTransformRegister,
+ Signature,
+};
use std::os::raw::{c_int, c_void};
use std::ptr;
static mut G_TRANSFORM_STRIP_PSEUDO_ID: c_int = 0;
unsafe extern "C" fn header_lowersetup(
- _de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char,
+ _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char,
) -> c_int {
return DetectSignatureAddTransform(s, G_TRANSFORM_HEADER_LOWER_ID, ptr::null_mut());
}
}
}
-unsafe extern "C" fn header_lowertransform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) {
+unsafe extern "C" fn header_lowertransform(
+ _det: *mut DetectEngineThreadCtx, buffer: *mut InspectionBuffer, _ctx: *mut c_void,
+) {
let input = InspectionBufferPtr(buffer);
let input_len = InspectionBufferLength(buffer);
if input.is_null() || input_len == 0 {
name: b"header_lowercase\0".as_ptr() as *const libc::c_char,
desc: b"modify buffer via lowercaseing header names\0".as_ptr() as *const libc::c_char,
url: b"/rules/transforms.html#header_lowercase\0".as_ptr() as *const libc::c_char,
- Setup: header_lowersetup,
+ Setup: Some(header_lowersetup),
flags: SIGMATCH_NOOPT,
- Transform: header_lowertransform,
+ Transform: Some(header_lowertransform),
Free: None,
TransformValidate: None,
};
- G_TRANSFORM_HEADER_LOWER_ID = DetectHelperTransformRegister(&kw);
+ G_TRANSFORM_HEADER_LOWER_ID = SCDetectHelperTransformRegister(&kw);
if G_TRANSFORM_HEADER_LOWER_ID < 0 {
SCLogWarning!("Failed registering transform tolower");
}
}
unsafe extern "C" fn strip_pseudo_setup(
- _de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char,
+ _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char,
) -> c_int {
return DetectSignatureAddTransform(s, G_TRANSFORM_STRIP_PSEUDO_ID, ptr::null_mut());
}
return nb as u32;
}
-unsafe extern "C" fn strip_pseudo_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) {
+unsafe extern "C" fn strip_pseudo_transform(
+ _det: *mut DetectEngineThreadCtx, buffer: *mut InspectionBuffer, _ctx: *mut c_void,
+) {
let input = InspectionBufferPtr(buffer);
let input_len = InspectionBufferLength(buffer);
if input.is_null() || input_len == 0 {
name: b"strip_pseudo_headers\0".as_ptr() as *const libc::c_char,
desc: b"modify buffer via stripping pseudo headers\0".as_ptr() as *const libc::c_char,
url: b"/rules/transforms.html#strip_pseudo_headers\0".as_ptr() as *const libc::c_char,
- Setup: strip_pseudo_setup,
+ Setup: Some(strip_pseudo_setup),
flags: SIGMATCH_NOOPT,
- Transform: strip_pseudo_transform,
+ Transform: Some(strip_pseudo_transform),
Free: None,
TransformValidate: None,
};
- G_TRANSFORM_STRIP_PSEUDO_ID = DetectHelperTransformRegister(&kw);
+ G_TRANSFORM_STRIP_PSEUDO_ID = SCDetectHelperTransformRegister(&kw);
if G_TRANSFORM_STRIP_PSEUDO_ID < 0 {
SCLogWarning!("Failed registering transform toupper");
}
//! Module for transforms
-use std::os::raw::{c_char, c_int, c_void};
+use std::os::raw::{c_int, c_void};
+
+use suricata_sys::sys::{InspectionBuffer, SCTransformTableElmt, Signature};
pub mod casechange;
pub mod compress_whitespace;
pub mod urldecode;
pub mod xor;
-#[repr(C)]
-#[allow(non_snake_case)]
-pub struct SCTransformTableElmt {
- pub name: *const c_char,
- pub desc: *const c_char,
- pub url: *const c_char,
- pub flags: u16,
- pub Setup: unsafe extern "C" fn(de: *mut c_void, s: *mut c_void, raw: *const c_char) -> c_int,
- pub Free: Option<unsafe extern "C" fn(de: *mut c_void, ptr: *mut c_void)>,
- pub Transform: unsafe extern "C" fn(_det: *mut c_void, inspect_buf: *mut c_void, options: *mut c_void),
- pub TransformValidate:
- Option<unsafe extern "C" fn(content: *const u8, len: u16, context: *mut c_void) -> bool>,
-}
-
/// cbindgen:ignore
extern "C" {
pub fn DetectSignatureAddTransform(
- s: *mut c_void, transform_id: c_int, ctx: *mut c_void,
+ s: *mut Signature, transform_id: c_int, ctx: *mut c_void,
) -> c_int;
- pub fn InspectionBufferPtr(buf: *const c_void) -> *const u8;
- pub fn InspectionBufferLength(buf: *const c_void) -> u32;
- pub fn InspectionBufferCopy(ibuf: *const c_void, buf: *const u8, buf_len: u32);
- pub fn DetectHelperTransformRegister(kw: *const SCTransformTableElmt) -> c_int;
- pub fn InspectionBufferCheckAndExpand(ibuf: *const c_void, buf_len: u32) -> *mut u8;
- pub fn InspectionBufferTruncate(ibuf: *const c_void, buf_len: u32);
+ pub fn InspectionBufferPtr(buf: *const InspectionBuffer) -> *const u8;
+ pub fn InspectionBufferLength(buf: *const InspectionBuffer) -> u32;
+ pub fn InspectionBufferCopy(ibuf: *const InspectionBuffer, buf: *const u8, buf_len: u32);
+ pub fn InspectionBufferCheckAndExpand(ibuf: *const InspectionBuffer, buf_len: u32) -> *mut u8;
+ pub fn InspectionBufferTruncate(ibuf: *const InspectionBuffer, buf_len: u32);
}
*/
use super::{
- DetectHelperTransformRegister, DetectSignatureAddTransform, InspectionBufferCheckAndExpand,
- InspectionBufferLength, InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt,
+ DetectSignatureAddTransform, InspectionBufferCheckAndExpand, InspectionBufferLength,
+ InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt,
};
use crate::detect::SIGMATCH_NOOPT;
+use suricata_sys::sys::{
+ DetectEngineCtx, DetectEngineThreadCtx, InspectionBuffer, SCDetectHelperTransformRegister,
+ Signature,
+};
use std::os::raw::{c_int, c_void};
use std::ptr;
static mut G_TRANSFORM_STRIP_WHITESPACE_ID: c_int = 0;
unsafe extern "C" fn strip_whitespace_setup(
- _de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char,
+ _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char,
) -> c_int {
return DetectSignatureAddTransform(s, G_TRANSFORM_STRIP_WHITESPACE_ID, ptr::null_mut());
}
return nb as u32;
}
-unsafe extern "C" fn strip_whitespace_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) {
+unsafe extern "C" fn strip_whitespace_transform(
+ _det: *mut DetectEngineThreadCtx, buffer: *mut InspectionBuffer, _ctx: *mut c_void,
+) {
let input = InspectionBufferPtr(buffer);
let input_len = InspectionBufferLength(buffer);
if input.is_null() || input_len == 0 {
desc: b"modify buffer to strip whitespace before inspection\0".as_ptr()
as *const libc::c_char,
url: b"/rules/transforms.html#strip-whitespace\0".as_ptr() as *const libc::c_char,
- Setup: strip_whitespace_setup,
+ Setup: Some(strip_whitespace_setup),
flags: SIGMATCH_NOOPT,
- Transform: strip_whitespace_transform,
+ Transform: Some(strip_whitespace_transform),
Free: None,
TransformValidate: Some(strip_whitespace_validate),
};
unsafe {
- G_TRANSFORM_STRIP_WHITESPACE_ID = DetectHelperTransformRegister(&kw);
+ G_TRANSFORM_STRIP_WHITESPACE_ID = SCDetectHelperTransformRegister(&kw);
if G_TRANSFORM_STRIP_WHITESPACE_ID < 0 {
SCLogWarning!("Failed registering transform strip_whitespace");
}
*/
use super::{
- DetectHelperTransformRegister, DetectSignatureAddTransform, InspectionBufferCheckAndExpand,
- InspectionBufferLength, InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt,
+ DetectSignatureAddTransform, InspectionBufferCheckAndExpand, InspectionBufferLength,
+ InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt,
};
use crate::detect::SIGMATCH_NOOPT;
+use suricata_sys::sys::{
+ DetectEngineCtx, DetectEngineThreadCtx, InspectionBuffer, SCDetectHelperTransformRegister,
+ Signature,
+};
use std::os::raw::{c_int, c_void};
use std::ptr;
static mut G_TRANSFORM_URL_DECODE_ID: c_int = 0;
unsafe extern "C" fn url_decode_setup(
- _de: *mut c_void, s: *mut c_void, _opt: *const std::os::raw::c_char,
+ _de: *mut DetectEngineCtx, s: *mut Signature, _opt: *const std::os::raw::c_char,
) -> c_int {
return DetectSignatureAddTransform(s, G_TRANSFORM_URL_DECODE_ID, ptr::null_mut());
}
return nb as u32;
}
-unsafe extern "C" fn url_decode_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) {
+unsafe extern "C" fn url_decode_transform(
+ _det: *mut DetectEngineThreadCtx, buffer: *mut InspectionBuffer, _ctx: *mut c_void,
+) {
let input = InspectionBufferPtr(buffer);
let input_len = InspectionBufferLength(buffer);
if input.is_null() || input_len == 0 {
desc: b"modify buffer to decode urlencoded data before inspection\0".as_ptr()
as *const libc::c_char,
url: b"/rules/transforms.html#url-decode\0".as_ptr() as *const libc::c_char,
- Setup: url_decode_setup,
+ Setup: Some(url_decode_setup),
flags: SIGMATCH_NOOPT,
- Transform: url_decode_transform,
+ Transform: Some(url_decode_transform),
Free: None,
TransformValidate: None,
};
- G_TRANSFORM_URL_DECODE_ID = DetectHelperTransformRegister(&kw);
+ G_TRANSFORM_URL_DECODE_ID = SCDetectHelperTransformRegister(&kw);
if G_TRANSFORM_URL_DECODE_ID < 0 {
SCLogWarning!("Failed registering transform dot_prefix");
}
*/
use super::{
- DetectHelperTransformRegister, DetectSignatureAddTransform, InspectionBufferCheckAndExpand,
- InspectionBufferLength, InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt,
+ DetectSignatureAddTransform, InspectionBufferCheckAndExpand, InspectionBufferLength,
+ InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt,
};
use crate::detect::SIGMATCH_QUOTES_MANDATORY;
+use suricata_sys::sys::{
+ DetectEngineCtx, DetectEngineThreadCtx, InspectionBuffer, SCDetectHelperTransformRegister,
+ Signature,
+};
use std::ffi::CStr;
use std::os::raw::{c_int, c_void};
}
unsafe extern "C" fn xor_setup(
- de: *mut c_void, s: *mut c_void, opt_str: *const std::os::raw::c_char,
+ de: *mut DetectEngineCtx, s: *mut Signature, opt_str: *const std::os::raw::c_char,
) -> c_int {
let ctx = xor_parse(opt_str);
if ctx.is_null() {
}
}
-unsafe extern "C" fn xor_transform(_det: *mut c_void, buffer: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn xor_transform(
+ _det: *mut DetectEngineThreadCtx, buffer: *mut InspectionBuffer, ctx: *mut c_void,
+) {
let input = InspectionBufferPtr(buffer);
let input_len = InspectionBufferLength(buffer);
if input.is_null() || input_len == 0 {
InspectionBufferTruncate(buffer, input_len);
}
-unsafe extern "C" fn xor_free(_de: *mut c_void, ctx: *mut c_void) {
+unsafe extern "C" fn xor_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) {
std::mem::drop(Box::from_raw(ctx as *mut DetectTransformXorData));
}
name: b"xor\0".as_ptr() as *const libc::c_char,
desc: b"modify buffer via XOR decoding before inspection\0".as_ptr() as *const libc::c_char,
url: b"/rules/transforms.html#xor\0".as_ptr() as *const libc::c_char,
- Setup: xor_setup,
+ Setup: Some(xor_setup),
flags: SIGMATCH_QUOTES_MANDATORY,
- Transform: xor_transform,
+ Transform: Some(xor_transform),
Free: Some(xor_free),
TransformValidate: None,
};
unsafe {
- G_TRANSFORM_XOR_ID = DetectHelperTransformRegister(&kw);
+ G_TRANSFORM_XOR_ID = SCDetectHelperTransformRegister(&kw);
if G_TRANSFORM_XOR_ID < 0 {
SCLogWarning!("Failed registering transform dot_prefix");
}
de_ctx: *mut DetectEngineCtx, s: *mut Signature, list: ::std::os::raw::c_int,
) -> ::std::os::raw::c_int;
}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct Flow_ {
+ _unused: [u8; 0],
+}
+pub type Flow = Flow_;
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct SigMatchCtx_ {
+ _unused: [u8; 0],
+}
+pub type SigMatchCtx = SigMatchCtx_;
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct DetectEngineThreadCtx_ {
+ _unused: [u8; 0],
+}
+pub type DetectEngineThreadCtx = DetectEngineThreadCtx_;
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct InspectionBuffer {
+ _unused: [u8; 0],
+}
+#[doc = " App-layer light version of SigTableElmt"]
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct SCSigTableAppLiteElmt {
+ #[doc = " keyword name"]
+ pub name: *const ::std::os::raw::c_char,
+ #[doc = " keyword description"]
+ pub desc: *const ::std::os::raw::c_char,
+ #[doc = " keyword documentation url"]
+ pub url: *const ::std::os::raw::c_char,
+ #[doc = " flags SIGMATCH_*"]
+ pub flags: u16,
+ #[doc = " function callback to parse and setup keyword in rule"]
+ pub Setup: ::std::option::Option<
+ unsafe extern "C" fn(
+ arg1: *mut DetectEngineCtx,
+ arg2: *mut Signature,
+ arg3: *const ::std::os::raw::c_char,
+ ) -> ::std::os::raw::c_int,
+ >,
+ #[doc = " function callback to free structure allocated by setup if any"]
+ pub Free: ::std::option::Option<
+ unsafe extern "C" fn(arg1: *mut DetectEngineCtx, arg2: *mut ::std::os::raw::c_void),
+ >,
+ #[doc = " function callback to match on an app-layer transaction"]
+ pub AppLayerTxMatch: ::std::option::Option<
+ unsafe extern "C" fn(
+ arg1: *mut DetectEngineThreadCtx,
+ arg2: *mut Flow,
+ flags: u8,
+ alstate: *mut ::std::os::raw::c_void,
+ txv: *mut ::std::os::raw::c_void,
+ arg3: *const Signature,
+ arg4: *const SigMatchCtx,
+ ) -> ::std::os::raw::c_int,
+ >,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct SCTransformTableElmt {
+ pub name: *const ::std::os::raw::c_char,
+ pub desc: *const ::std::os::raw::c_char,
+ pub url: *const ::std::os::raw::c_char,
+ pub flags: u16,
+ pub Setup: ::std::option::Option<
+ unsafe extern "C" fn(
+ arg1: *mut DetectEngineCtx,
+ arg2: *mut Signature,
+ arg3: *const ::std::os::raw::c_char,
+ ) -> ::std::os::raw::c_int,
+ >,
+ pub Free: ::std::option::Option<
+ unsafe extern "C" fn(arg1: *mut DetectEngineCtx, arg2: *mut ::std::os::raw::c_void),
+ >,
+ pub Transform: ::std::option::Option<
+ unsafe extern "C" fn(
+ arg1: *mut DetectEngineThreadCtx,
+ arg2: *mut InspectionBuffer,
+ context: *mut ::std::os::raw::c_void,
+ ),
+ >,
+ pub TransformValidate: ::std::option::Option<
+ unsafe extern "C" fn(
+ content: *const u8,
+ content_len: u16,
+ context: *mut ::std::os::raw::c_void,
+ ) -> bool,
+ >,
+}
+extern "C" {
+ pub fn SCDetectHelperNewKeywordId() -> ::std::os::raw::c_int;
+}
+extern "C" {
+ pub fn SCDetectHelperTransformRegister(
+ kw: *const SCTransformTableElmt,
+ ) -> ::std::os::raw::c_int;
+}
#[doc = " Structure of a configuration parameter."]
#[repr(C)]
#[derive(Debug, Copy, Clone)]
#include "output-eve-bindgen.h"
#include "detect-engine-register.h"
#include "detect-engine-buffer.h"
+#include "detect-engine-helper.h"
#include "conf.h"
#include "detect-engine-prefilter.h"
#include "detect-parse.h"
#include "detect-engine-content-inspection.h"
+#include "rust.h"
int DetectHelperBufferRegister(const char *name, AppProto alproto, uint8_t direction)
{
sigmatch_table[kwid].alias = alias;
}
-int DetectHelperTransformRegister(const SCTransformTableElmt *kw)
+int SCDetectHelperTransformRegister(const SCTransformTableElmt *kw)
{
int transform_id = SCDetectHelperNewKeywordId();
if (transform_id < 0) {
#define SURICATA_DETECT_ENGINE_HELPER_H
#include "app-layer-protos.h"
-#include "detect.h"
-#include "rust.h"
+
+// type from flow.h with only forward declarations for bindgen
+typedef struct Flow_ Flow;
+// types from detect.h with only forward declarations for bindgen
+// could be #ifndef SURICATA_BINDGEN_H #include "detect.h" #endif
+typedef struct DetectEngineCtx_ DetectEngineCtx;
+typedef struct Signature_ Signature;
+typedef struct SigMatchCtx_ SigMatchCtx;
+typedef struct DetectEngineThreadCtx_ DetectEngineThreadCtx;
+typedef struct InspectionBuffer InspectionBuffer;
+typedef struct DetectEngineTransforms DetectEngineTransforms;
+typedef InspectionBuffer *(*InspectionBufferGetDataPtr)(struct DetectEngineThreadCtx_ *det_ctx,
+ const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv,
+ const int list_id);
+typedef bool (*InspectionMultiBufferGetDataPtr)(struct DetectEngineThreadCtx_ *det_ctx,
+ const void *txv, const uint8_t flow_flags, uint32_t local_id, const uint8_t **buf,
+ uint32_t *buf_len);
+
+/// App-layer light version of SigTableElmt
+typedef struct SCSigTableAppLiteElmt {
+ /// keyword name
+ const char *name;
+ /// keyword description
+ const char *desc;
+ /// keyword documentation url
+ const char *url;
+ /// flags SIGMATCH_*
+ uint16_t flags;
+ /// function callback to parse and setup keyword in rule
+ int (*Setup)(DetectEngineCtx *, Signature *, const char *);
+ /// function callback to free structure allocated by setup if any
+ void (*Free)(DetectEngineCtx *, void *);
+ /// function callback to match on an app-layer transaction
+ int (*AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv,
+ const Signature *, const SigMatchCtx *);
+} SCSigTableAppLiteElmt;
+
+typedef struct SCTransformTableElmt {
+ const char *name;
+ const char *desc;
+ const char *url;
+ uint16_t flags;
+ int (*Setup)(DetectEngineCtx *, Signature *, const char *);
+ void (*Free)(DetectEngineCtx *, void *);
+ void (*Transform)(DetectEngineThreadCtx *, InspectionBuffer *, void *context);
+ bool (*TransformValidate)(const uint8_t *content, uint16_t content_len, void *context);
+} SCTransformTableElmt;
int SCDetectHelperNewKeywordId(void);
int DetectHelperMultiBufferProgressMpmRegister(const char *name, const char *desc, AppProto alproto,
uint8_t direction, InspectionMultiBufferGetDataPtr GetData, int progress);
-int DetectHelperTransformRegister(const SCTransformTableElmt *kw);
+int SCDetectHelperTransformRegister(const SCTransformTableElmt *kw);
const uint8_t *InspectionBufferPtr(InspectionBuffer *buf);
uint32_t InspectionBufferLength(InspectionBuffer *buf);
projects / thirdparty / suricata.git / commitdiff
