use std::os::raw::{c_int, c_void};
use suricata::cast_pointer;
use suricata::detect::{
- helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, DetectHelperGetData,
+ helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister,
DetectSignatureSetAppProto, SigTableElmtStickyBuffer,
};
use suricata::core::{STREAM_TOCLIENT, STREAM_TOSERVER};
}
/// Get the request/response buffer for a transaction from C.
-unsafe extern "C" fn template_buffer_get_data(
+unsafe extern "C" fn template_buffer_get(
tx: *const c_void, flags: u8, buf: *mut *const u8, len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, TemplateTransaction);
return false;
}
-unsafe extern "C" fn template_buffer_get(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int,
-) -> *mut c_void {
- return DetectHelperGetData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- template_buffer_get_data,
- );
-}
-
pub(super) unsafe extern "C" fn detect_template_register() {
// TODO create a suricata-verify test
// Setup a keyword structure and register it
/* TEMPLATE_END_REMOVE */
use crate::core::{STREAM_TOCLIENT, STREAM_TOSERVER};
use crate::detect::{
- helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, DetectHelperGetData,
+ helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister,
DetectSignatureSetAppProto, SigTableElmtStickyBuffer,
};
use crate::direction::Direction;
}
/// Get the request/response buffer for a transaction from C.
-unsafe extern "C" fn template_buffer_get_data(
+unsafe extern "C" fn template_buffer_get(
tx: *const c_void, flags: u8, buf: *mut *const u8, len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, TemplateTransaction);
return false;
}
-unsafe extern "C" fn template_buffer_get(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int,
-) -> *mut c_void {
- return DetectHelperGetData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- template_buffer_get_data,
- );
-}
-
#[no_mangle]
pub unsafe extern "C" fn SCDetectTemplateRegister() {
/* TEMPLATE_START_REMOVE */
/// cbindgen:ignore
extern "C" {
- pub fn DetectHelperGetData(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int,
- get_buf: unsafe extern "C" fn(*const c_void, u8, *mut *const u8, *mut u32) -> bool,
- ) -> *mut c_void;
pub fn DetectHelperBufferMpmRegister(
name: *const libc::c_char, desc: *const libc::c_char, alproto: AppProto, dir: u8,
get_data: unsafe extern "C" fn(
- *mut c_void,
- *const c_void,
*const c_void,
u8,
- *const c_void,
- i32,
- ) -> *mut c_void,
+ *mut *const u8,
+ *mut u32,
+ ) -> bool,
) -> c_int;
// from detect-parse.h
pub fn DetectSignatureSetAppProto(s: *mut Signature, alproto: AppProto) -> c_int;
SCDetectU8Match, SCDetectU8Parse,
};
use crate::detect::{
- helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, DetectHelperGetData,
+ helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister,
DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer,
};
use suricata_sys::sys::{
return 0;
}
-unsafe extern "C" fn product_name_get(
+unsafe extern "C" fn product_name_get_data(
tx: *const c_void, _flow_flags: u8, buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, EnipTransaction);
return false;
}
-unsafe extern "C" fn product_name_get_data(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int,
-) -> *mut c_void {
- return DetectHelperGetData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- product_name_get,
- );
-}
-
pub unsafe extern "C" fn service_name_setup(
de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char,
) -> c_int {
return 0;
}
-unsafe extern "C" fn service_name_get(
+unsafe extern "C" fn service_name_get_data(
tx: *const c_void, _flow_flags: u8, buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, EnipTransaction);
return false;
}
-unsafe extern "C" fn service_name_get_data(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int,
-) -> *mut c_void {
- return DetectHelperGetData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- service_name_get,
- );
-}
#[no_mangle]
pub unsafe extern "C" fn SCDetectEnipRegister() {
let kw = SCSigTableAppLiteElmt {
SCDetectU8Free,
};
use crate::detect::{
- helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, DetectHelperGetData,
+ helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister,
DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer,
};
use crate::ldap::types::{LdapMessage, LdapResultCode, ProtocolOp, ProtocolOpCode};
}
unsafe extern "C" fn ldap_detect_request_dn_get_data(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int,
-) -> *mut c_void {
- return DetectHelperGetData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- ldap_tx_get_request_dn,
- );
-}
-
-unsafe extern "C" fn ldap_tx_get_request_dn(
tx: *const c_void, _flags: u8, buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, LdapTransaction);
SCDetectU8Free, SCDetectU8Parse,
};
use crate::detect::{
- helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, DetectHelperGetData,
+ helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister,
DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer,
};
use suricata_sys::sys::{
return 0;
}
-unsafe extern "C" fn mqtt_tx_get_connect_clientid(
+unsafe extern "C" fn mqtt_conn_clientid_get_data(
tx: *const c_void, _flags: u8, buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, MQTTTransaction);
return false;
}
-unsafe extern "C" fn mqtt_tx_get_connect_username(
+unsafe extern "C" fn mqtt_conn_username_get_data(
tx: *const c_void, _flags: u8, buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, MQTTTransaction);
return false;
}
-unsafe extern "C" fn mqtt_tx_get_connect_password(
+unsafe extern "C" fn mqtt_conn_password_get_data(
tx: *const c_void, _flags: u8, buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, MQTTTransaction);
return false;
}
-unsafe extern "C" fn mqtt_tx_get_connect_willtopic(
+unsafe extern "C" fn mqtt_conn_willtopic_get_data(
tx: *const c_void, _flags: u8, buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, MQTTTransaction);
return false;
}
-unsafe extern "C" fn mqtt_tx_get_connect_willmessage(
+unsafe extern "C" fn mqtt_conn_willmsg_get_data(
tx: *const c_void, _flags: u8, buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, MQTTTransaction);
return false;
}
-unsafe extern "C" fn mqtt_tx_get_connect_protocol_string(
+unsafe extern "C" fn mqtt_conn_protocolstring_get_data(
tx: *const c_void, _flags: u8, buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, MQTTTransaction);
return false;
}
-unsafe extern "C" fn mqtt_tx_get_publish_topic(
+unsafe extern "C" fn mqtt_pub_topic_get_data(
tx: *const c_void, _flags: u8, buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, MQTTTransaction);
return false;
}
-unsafe extern "C" fn mqtt_tx_get_publish_message(
+unsafe extern "C" fn mqtt_pub_msg_get_data(
tx: *const c_void, _flags: u8, buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, MQTTTransaction);
return 0;
}
-unsafe extern "C" fn mqtt_pub_topic_get_data(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int,
-) -> *mut c_void {
- return DetectHelperGetData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- mqtt_tx_get_publish_topic,
- );
-}
-
unsafe extern "C" fn mqtt_pub_msg_setup(
de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char,
) -> c_int {
return 0;
}
-unsafe extern "C" fn mqtt_pub_msg_get_data(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int,
-) -> *mut c_void {
- return DetectHelperGetData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- mqtt_tx_get_publish_message,
- );
-}
-
unsafe extern "C" fn mqtt_protocol_version_setup(
de: *mut DetectEngineCtx, s: *mut Signature, raw: *const libc::c_char,
) -> c_int {
return 0;
}
-unsafe extern "C" fn mqtt_conn_willtopic_get_data(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int,
-) -> *mut c_void {
- return DetectHelperGetData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- mqtt_tx_get_connect_willtopic,
- );
-}
-
unsafe extern "C" fn mqtt_conn_willmsg_setup(
de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char,
) -> c_int {
return 0;
}
-unsafe extern "C" fn mqtt_conn_willmsg_get_data(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int,
-) -> *mut c_void {
- return DetectHelperGetData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- mqtt_tx_get_connect_willmessage,
- );
-}
-
unsafe extern "C" fn mqtt_conn_username_setup(
de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char,
) -> c_int {
return 0;
}
-unsafe extern "C" fn mqtt_conn_username_get_data(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int,
-) -> *mut c_void {
- return DetectHelperGetData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- mqtt_tx_get_connect_username,
- );
-}
-
unsafe extern "C" fn mqtt_conn_protocolstring_setup(
de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char,
) -> c_int {
return 0;
}
-unsafe extern "C" fn mqtt_conn_protocolstring_get_data(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int,
-) -> *mut c_void {
- return DetectHelperGetData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- mqtt_tx_get_connect_protocol_string,
- );
-}
-
unsafe extern "C" fn mqtt_conn_password_setup(
de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char,
) -> c_int {
return 0;
}
-unsafe extern "C" fn mqtt_conn_password_get_data(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int,
-) -> *mut c_void {
- return DetectHelperGetData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- mqtt_tx_get_connect_password,
- );
-}
-
unsafe extern "C" fn mqtt_conn_clientid_setup(
de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char,
) -> c_int {
return 0;
}
-unsafe extern "C" fn mqtt_conn_clientid_get_data(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int,
-) -> *mut c_void {
- return DetectHelperGetData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- mqtt_tx_get_connect_clientid,
- );
-}
-
#[no_mangle]
pub unsafe extern "C" fn SCDetectMqttRegister() {
let keyword_name = b"mqtt.unsubscribe.topic\0".as_ptr() as *const libc::c_char;
detect_match_uint, detect_parse_uint_enum, DetectUintData, SCDetectU32Free, SCDetectU32Parse,
};
use crate::detect::{
- helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, DetectHelperGetData,
+ helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister,
DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer,
};
use std::ffi::CStr;
SigMatchCtx, Signature,
};
-unsafe extern "C" fn rfb_name_get_data(
+unsafe extern "C" fn rfb_name_get(
tx: *const c_void, _flags: u8, buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, RFBTransaction);
return false;
}
-unsafe extern "C" fn rfb_name_get(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int,
-) -> *mut c_void {
- return DetectHelperGetData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- rfb_name_get_data,
- );
-}
-
static mut G_RFB_NAME_BUFFER_ID: c_int = 0;
static mut G_RFB_SEC_TYPE_KW_ID: c_int = 0;
static mut G_RFB_SEC_TYPE_BUFFER_ID: c_int = 0;
use crate::core::{STREAM_TOCLIENT, STREAM_TOSERVER};
use crate::detect::{
- helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, DetectHelperGetData,
+ helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister,
DetectSignatureSetAppProto, SigTableElmtStickyBuffer,
};
use crate::direction::Direction;
}
unsafe extern "C" fn sdp_session_name_get(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int,
-) -> *mut c_void {
- return DetectHelperGetData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- sdp_session_name_get_data,
- );
-}
-
-unsafe extern "C" fn sdp_session_name_get_data(
tx: *const c_void, direction: u8, buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, SIPTransaction);
}
unsafe extern "C" fn sdp_session_info_get(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int,
-) -> *mut c_void {
- return DetectHelperGetData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- sdp_session_info_get_data,
- );
-}
-
-unsafe extern "C" fn sdp_session_info_get_data(
tx: *const c_void, direction: u8, buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, SIPTransaction);
}
unsafe extern "C" fn sdp_origin_get(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int,
-) -> *mut c_void {
- return DetectHelperGetData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- sdp_origin_get_data,
- );
-}
-
-unsafe extern "C" fn sdp_origin_get_data(
tx: *const c_void, direction: u8, buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, SIPTransaction);
}
unsafe extern "C" fn sdp_uri_get(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int,
-) -> *mut c_void {
- return DetectHelperGetData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- sdp_uri_get_data,
- );
-}
-
-unsafe extern "C" fn sdp_uri_get_data(
tx: *const c_void, direction: u8, buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, SIPTransaction);
}
unsafe extern "C" fn sdp_email_get(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int,
-) -> *mut c_void {
- return DetectHelperGetData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- sdp_email_get_data,
- );
-}
-
-unsafe extern "C" fn sdp_email_get_data(
tx: *const c_void, direction: u8, buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, SIPTransaction);
}
unsafe extern "C" fn sdp_phone_number_get(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int,
-) -> *mut c_void {
- return DetectHelperGetData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- sdp_phone_number_get_data,
- );
-}
-
-unsafe extern "C" fn sdp_phone_number_get_data(
tx: *const c_void, direction: u8, buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, SIPTransaction);
}
unsafe extern "C" fn sdp_conn_data_get(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int,
-) -> *mut c_void {
- return DetectHelperGetData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- sdp_conn_data_get_data,
- );
-}
-
-unsafe extern "C" fn sdp_conn_data_get_data(
tx: *const c_void, direction: u8, buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, SIPTransaction);
}
unsafe extern "C" fn sdp_timezone_get(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int,
-) -> *mut c_void {
- return DetectHelperGetData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- sdp_timezone_get_data,
- );
-}
-
-unsafe extern "C" fn sdp_timezone_get_data(
tx: *const c_void, direction: u8, buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, SIPTransaction);
}
unsafe extern "C" fn sdp_encryption_key_get(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int,
-) -> *mut c_void {
- return DetectHelperGetData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- sdp_encryption_key_get_data,
- );
-}
-
-unsafe extern "C" fn sdp_encryption_key_get_data(
tx: *const c_void, direction: u8, buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, SIPTransaction);
use crate::core::{STREAM_TOCLIENT, STREAM_TOSERVER};
use crate::detect::{
- helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, DetectHelperGetData,
+ helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister,
DetectSignatureSetAppProto, SigTableElmtStickyBuffer,
};
use crate::direction::Direction;
use crate::sip::sip::{SIPTransaction, ALPROTO_SIP};
use std::os::raw::{c_int, c_void};
use std::ptr;
-use suricata_sys::sys::{DetectEngineCtx, SCDetectBufferSetActiveList, Signature, SCDetectHelperMultiBufferMpmRegister, DetectEngineThreadCtx};
+use suricata_sys::sys::{
+ DetectEngineCtx, DetectEngineThreadCtx, SCDetectBufferSetActiveList,
+ SCDetectHelperMultiBufferMpmRegister, Signature,
+};
static mut G_SIP_PROTOCOL_BUFFER_ID: c_int = 0;
static mut G_SIP_STAT_CODE_BUFFER_ID: c_int = 0;
}
unsafe extern "C" fn sip_protocol_get(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int,
-) -> *mut c_void {
- return DetectHelperGetData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- sip_protocol_get_data,
- );
-}
-
-unsafe extern "C" fn sip_protocol_get_data(
tx: *const c_void, direction: u8, buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, SIPTransaction);
}
unsafe extern "C" fn sip_stat_code_get(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int,
-) -> *mut c_void {
- return DetectHelperGetData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- sip_stat_code_get_data,
- );
-}
-
-unsafe extern "C" fn sip_stat_code_get_data(
tx: *const c_void, _flags: u8, buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, SIPTransaction);
}
unsafe extern "C" fn sip_stat_msg_get(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int,
-) -> *mut c_void {
- return DetectHelperGetData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- sip_stat_msg_get_data,
- );
-}
-unsafe extern "C" fn sip_stat_msg_get_data(
tx: *const c_void, _flags: u8, buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, SIPTransaction);
}
unsafe extern "C" fn sip_request_line_get(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int,
-) -> *mut c_void {
- return DetectHelperGetData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- sip_request_line_get_data,
- );
-}
-
-unsafe extern "C" fn sip_request_line_get_data(
tx: *const c_void, _flags: u8, buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, SIPTransaction);
}
unsafe extern "C" fn sip_response_line_get(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int,
-) -> *mut c_void {
- return DetectHelperGetData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- sip_response_line_get_data,
- );
-}
-
-unsafe extern "C" fn sip_response_line_get_data(
tx: *const c_void, _flags: u8, buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, SIPTransaction);
use crate::core::{STREAM_TOCLIENT, STREAM_TOSERVER};
use crate::detect::uint::{DetectUintData, SCDetectU32Free, SCDetectU32Match, SCDetectU32Parse};
use crate::detect::{
- helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, DetectHelperGetData,
+ helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister,
DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer,
};
use std::os::raw::{c_int, c_void};
return 0;
}
-unsafe extern "C" fn snmp_detect_usm_get(
+unsafe extern "C" fn snmp_detect_usm_get_data(
tx: *const c_void, _flow_flags: u8, buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, SNMPTransaction);
return false;
}
-unsafe extern "C" fn snmp_detect_usm_get_data(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int,
-) -> *mut c_void {
- return DetectHelperGetData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- snmp_detect_usm_get,
- );
-}
-
unsafe extern "C" fn snmp_detect_community_setup(
de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char,
) -> c_int {
return 0;
}
-unsafe extern "C" fn snmp_detect_community_get(
+unsafe extern "C" fn snmp_detect_community_get_data(
tx: *const c_void, _flow_flags: u8, buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, SNMPTransaction);
return false;
}
-unsafe extern "C" fn snmp_detect_community_get_data(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int,
-) -> *mut c_void {
- return DetectHelperGetData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- snmp_detect_community_get,
- );
-}
-
pub(super) unsafe extern "C" fn detect_snmp_register() {
let kw = SCSigTableAppLiteElmt {
name: b"snmp.version\0".as_ptr() as *const libc::c_char,
SCDetectU32Match, SCDetectU32Parse, SCDetectU8Free, SCDetectU8Match,
};
use crate::detect::{
- helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, DetectHelperGetData,
+ helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister,
DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer,
};
use crate::websocket::parser::WebSocketOpcode;
return 0;
}
-pub unsafe extern "C" fn websocket_detect_payload_get(
+pub unsafe extern "C" fn websocket_detect_payload_get_data(
tx: *const c_void, _flow_flags: u8, buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
let tx = cast_pointer!(tx, WebSocketTransaction);
return true;
}
-pub unsafe extern "C" fn websocket_detect_payload_get_data(
- de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8,
- tx: *const c_void, list_id: c_int,
-) -> *mut c_void {
- return DetectHelperGetData(
- de,
- transforms,
- flow,
- flow_flags,
- tx,
- list_id,
- websocket_detect_payload_get,
- );
-}
-
#[no_mangle]
pub unsafe extern "C" fn SCDetectWebsocketRegister() {
let kw = SCSigTableAppLiteElmt {
return 0;
}
-static InspectionBuffer *GetMimeEmailFromData(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, const uint8_t _flow_flags, void *txv,
- const int list_id)
+static bool GetMimeEmailFromData(
+ const void *txv, const uint8_t _flow_flags, const uint8_t **data, uint32_t *data_len)
{
- InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
- if (buffer->inspect == NULL) {
- SMTPTransaction *tx = (SMTPTransaction *)txv;
-
- const uint8_t *b_email_from = NULL;
- uint32_t b_email_from_len = 0;
-
- if (tx->mime_state == NULL)
- return NULL;
-
- if (SCDetectMimeEmailGetData(tx->mime_state, &b_email_from, &b_email_from_len, "from") != 1)
- return NULL;
-
- InspectionBufferSetup(det_ctx, list_id, buffer, b_email_from, b_email_from_len);
- InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
- }
- return buffer;
+ SMTPTransaction *tx = (SMTPTransaction *)txv;
+ if (tx->mime_state == NULL)
+ return false;
+ return (SCDetectMimeEmailGetData(tx->mime_state, data, data_len, "from") == 1);
}
static int DetectMimeEmailSubjectSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
return 0;
}
-static InspectionBuffer *GetMimeEmailSubjectData(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, const uint8_t _flow_flags, void *txv,
- const int list_id)
+static bool GetMimeEmailSubjectData(
+ const void *txv, const uint8_t _flow_flags, const uint8_t **data, uint32_t *data_len)
{
- InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
- if (buffer->inspect == NULL) {
- SMTPTransaction *tx = (SMTPTransaction *)txv;
-
- const uint8_t *b_email_sub = NULL;
- uint32_t b_email_sub_len = 0;
-
- if (tx->mime_state == NULL)
- return NULL;
-
- if (SCDetectMimeEmailGetData(tx->mime_state, &b_email_sub, &b_email_sub_len, "subject") !=
- 1)
- return NULL;
-
- InspectionBufferSetup(det_ctx, list_id, buffer, b_email_sub, b_email_sub_len);
- InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
- }
- return buffer;
+ SMTPTransaction *tx = (SMTPTransaction *)txv;
+ if (tx->mime_state == NULL)
+ return false;
+ return (SCDetectMimeEmailGetData(tx->mime_state, data, data_len, "subject") == 1);
}
static int DetectMimeEmailToSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
return 0;
}
-static InspectionBuffer *GetMimeEmailToData(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, const uint8_t _flow_flags, void *txv,
- const int list_id)
+static bool GetMimeEmailToData(
+ const void *txv, const uint8_t _flow_flags, const uint8_t **data, uint32_t *data_len)
{
- InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
- if (buffer->inspect == NULL) {
- SMTPTransaction *tx = (SMTPTransaction *)txv;
-
- const uint8_t *b_email_to = NULL;
- uint32_t b_email_to_len = 0;
-
- if ((tx->mime_state != NULL)) {
- if (SCDetectMimeEmailGetData(tx->mime_state, &b_email_to, &b_email_to_len, "to") != 1)
- return NULL;
- }
-
- if (b_email_to == NULL || b_email_to_len == 0)
- return NULL;
-
- InspectionBufferSetup(det_ctx, list_id, buffer, b_email_to, b_email_to_len);
- InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
- }
- return buffer;
+ SMTPTransaction *tx = (SMTPTransaction *)txv;
+ if (tx->mime_state == NULL)
+ return false;
+ return (SCDetectMimeEmailGetData(tx->mime_state, data, data_len, "to") == 1);
}
static int DetectMimeEmailCcSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
return 0;
}
-static InspectionBuffer *GetMimeEmailCcData(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, const uint8_t _flow_flags, void *txv,
- const int list_id)
+static bool GetMimeEmailCcData(
+ const void *txv, const uint8_t _flow_flags, const uint8_t **data, uint32_t *data_len)
{
- InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
- if (buffer->inspect == NULL) {
- SMTPTransaction *tx = (SMTPTransaction *)txv;
-
- const uint8_t *b_email_cc = NULL;
- uint32_t b_email_cc_len = 0;
-
- if (tx->mime_state == NULL)
- return NULL;
-
- if (SCDetectMimeEmailGetData(tx->mime_state, &b_email_cc, &b_email_cc_len, "cc") != 1)
- return NULL;
-
- InspectionBufferSetup(det_ctx, list_id, buffer, b_email_cc, b_email_cc_len);
- InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
- }
- return buffer;
+ SMTPTransaction *tx = (SMTPTransaction *)txv;
+ if (tx->mime_state == NULL)
+ return false;
+ return (SCDetectMimeEmailGetData(tx->mime_state, data, data_len, "cc") == 1);
}
static int DetectMimeEmailDateSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
return 0;
}
-static InspectionBuffer *GetMimeEmailDateData(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, const uint8_t _flow_flags, void *txv,
- const int list_id)
+static bool GetMimeEmailDateData(
+ const void *txv, const uint8_t _flow_flags, const uint8_t **data, uint32_t *data_len)
{
- InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
- if (buffer->inspect == NULL) {
- SMTPTransaction *tx = (SMTPTransaction *)txv;
-
- const uint8_t *b_email_date = NULL;
- uint32_t b_email_date_len = 0;
-
- if (tx->mime_state == NULL)
- return NULL;
-
- if (SCDetectMimeEmailGetData(tx->mime_state, &b_email_date, &b_email_date_len, "date") != 1)
- return NULL;
-
- InspectionBufferSetup(det_ctx, list_id, buffer, b_email_date, b_email_date_len);
- InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
- }
- return buffer;
+ SMTPTransaction *tx = (SMTPTransaction *)txv;
+ if (tx->mime_state == NULL)
+ return false;
+ return (SCDetectMimeEmailGetData(tx->mime_state, data, data_len, "date") == 1);
}
static int DetectMimeEmailMessageIdSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
return 0;
}
-static InspectionBuffer *GetMimeEmailMessageIdData(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, const uint8_t _flow_flags, void *txv,
- const int list_id)
+static bool GetMimeEmailMessageIdData(
+ const void *txv, const uint8_t _flow_flags, const uint8_t **data, uint32_t *data_len)
{
- InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
- if (buffer->inspect == NULL) {
- SMTPTransaction *tx = (SMTPTransaction *)txv;
-
- const uint8_t *b_email_msg_id = NULL;
- uint32_t b_email_msg_id_len = 0;
-
- if (tx->mime_state == NULL)
- return NULL;
-
- if (SCDetectMimeEmailGetData(
- tx->mime_state, &b_email_msg_id, &b_email_msg_id_len, "message-id") != 1)
- return NULL;
-
- InspectionBufferSetup(det_ctx, list_id, buffer, b_email_msg_id, b_email_msg_id_len);
- InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
- }
- return buffer;
+ SMTPTransaction *tx = (SMTPTransaction *)txv;
+ if (tx->mime_state == NULL)
+ return false;
+ return (SCDetectMimeEmailGetData(tx->mime_state, data, data_len, "message-id") == 1);
}
static int DetectMimeEmailXMailerSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
return 0;
}
-static InspectionBuffer *GetMimeEmailXMailerData(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, const uint8_t _flow_flags, void *txv,
- const int list_id)
+static bool GetMimeEmailXMailerData(
+ const void *txv, const uint8_t _flow_flags, const uint8_t **data, uint32_t *data_len)
{
- InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
- if (buffer->inspect == NULL) {
- SMTPTransaction *tx = (SMTPTransaction *)txv;
-
- const uint8_t *b_email_x_mailer = NULL;
- uint32_t b_email_x_mailer_len = 0;
-
- if (tx->mime_state == NULL)
- return NULL;
-
- if (SCDetectMimeEmailGetData(
- tx->mime_state, &b_email_x_mailer, &b_email_x_mailer_len, "x-mailer") != 1)
- return NULL;
-
- InspectionBufferSetup(det_ctx, list_id, buffer, b_email_x_mailer, b_email_x_mailer_len);
- InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
- }
- return buffer;
+ SMTPTransaction *tx = (SMTPTransaction *)txv;
+ if (tx->mime_state == NULL)
+ return false;
+ return (SCDetectMimeEmailGetData(tx->mime_state, data, data_len, "x-mailer") == 1);
}
static int DetectMimeEmailUrlSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
return DetectBufferTypeRegister(name);
}
-InspectionBuffer *DetectHelperGetData(struct DetectEngineThreadCtx_ *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv,
- const int list_id,
- bool (*GetBuf)(void *txv, const uint8_t flow_flags, const uint8_t **buf, uint32_t *buf_len))
-{
- InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
- if (buffer->inspect == NULL) {
- const uint8_t *b = NULL;
- uint32_t b_len = 0;
-
- if (!GetBuf(txv, flow_flags, &b, &b_len))
- return NULL;
-
- InspectionBufferSetupAndApplyTransforms(det_ctx, list_id, buffer, b, b_len, transforms);
- }
- return buffer;
-}
-
int DetectHelperBufferMpmRegister(const char *name, const char *desc, AppProto alproto,
- uint8_t direction, InspectionBufferGetDataPtr GetData)
+ uint8_t direction, InspectionSingleBufferGetDataPtr GetData)
{
if (direction & STREAM_TOSERVER) {
- DetectAppLayerInspectEngineRegister(
- name, alproto, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData);
- DetectAppLayerMpmRegister(
- name, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, alproto, 0);
+ DetectAppLayerInspectEngineRegisterSingle(
+ name, alproto, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferSingle, GetData);
+ DetectAppLayerMpmRegisterSingle(
+ name, SIG_FLAG_TOSERVER, 2, PrefilterSingleMpmRegister, GetData, alproto, 0);
}
if (direction & STREAM_TOCLIENT) {
- DetectAppLayerInspectEngineRegister(
- name, alproto, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferGeneric, GetData);
- DetectAppLayerMpmRegister(
- name, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, GetData, alproto, 0);
+ DetectAppLayerInspectEngineRegisterSingle(
+ name, alproto, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectBufferSingle, GetData);
+ DetectAppLayerMpmRegisterSingle(
+ name, SIG_FLAG_TOCLIENT, 2, PrefilterSingleMpmRegister, GetData, alproto, 0);
}
DetectBufferTypeSetDescriptionByName(name, desc);
return DetectBufferTypeGetByName(name);
typedef bool (*InspectionMultiBufferGetDataPtr)(struct DetectEngineThreadCtx_ *det_ctx,
const void *txv, const uint8_t flow_flags, uint32_t local_id, const uint8_t **buf,
uint32_t *buf_len);
+typedef bool (*InspectionSingleBufferGetDataPtr)(
+ const void *txv, const uint8_t flow_flags, const uint8_t **buf, uint32_t *buf_len);
/// App-layer light version of SigTableElmt
typedef struct SCSigTableAppLiteElmt {
void SCDetectHelperKeywordAliasRegister(int kwid, const char *alias);
int SCDetectHelperBufferRegister(const char *name, AppProto alproto, uint8_t direction);
-typedef bool (*SimpleGetTxBuffer)(void *, uint8_t, const uint8_t **, uint32_t *);
-
-InspectionBuffer *DetectHelperGetData(struct DetectEngineThreadCtx_ *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv,
- const int list_id, SimpleGetTxBuffer GetBuf);
int DetectHelperBufferMpmRegister(const char *name, const char *desc, AppProto alproto,
- uint8_t direction, InspectionBufferGetDataPtr GetData);
+ uint8_t direction, InspectionSingleBufferGetDataPtr GetData);
int SCDetectHelperMultiBufferMpmRegister(const char *name, const char *desc, AppProto alproto,
uint8_t direction, InspectionMultiBufferGetDataPtr GetData);
int SCDetectHelperMultiBufferProgressMpmRegister(const char *name, const char *desc,
*/
static void RegisterInternal(const char *name, int direction, int priority,
PrefilterRegisterFunc PrefilterRegister, InspectionBufferGetDataPtr GetData,
+ InspectionSingleBufferGetDataPtr GetDataSingle,
InspectionMultiBufferGetDataPtr GetMultiData, AppProto alproto, int tx_min_progress)
{
SCLogDebug("registering %s/%d/%d/%p/%p/%u/%d", name, direction, priority,
// every HTTP2 can be accessed from DOH2
if (alproto == ALPROTO_HTTP2 || alproto == ALPROTO_DNS) {
- RegisterInternal(name, direction, priority, PrefilterRegister, GetData, GetMultiData,
- ALPROTO_DOH2, tx_min_progress);
+ RegisterInternal(name, direction, priority, PrefilterRegister, GetData, GetDataSingle,
+ GetMultiData, ALPROTO_DOH2, tx_min_progress);
}
DetectBufferMpmRegistry *am = SCCalloc(1, sizeof(*am));
BUG_ON(am == NULL);
am->PrefilterRegisterWithListId = PrefilterRegister;
if (GetData != NULL) {
am->app_v2.GetData = GetData;
+ } else if (GetDataSingle != NULL) {
+ am->app_v2.GetDataSingle = GetDataSingle;
} else if (GetMultiData != NULL) {
am->app_v2.GetMultiData = GetMultiData;
}
PrefilterRegisterFunc PrefilterRegister, InspectionBufferGetDataPtr GetData,
AppProto alproto, int tx_min_progress)
{
- RegisterInternal(
- name, direction, priority, PrefilterRegister, GetData, NULL, alproto, tx_min_progress);
+ RegisterInternal(name, direction, priority, PrefilterRegister, GetData, NULL, NULL, alproto,
+ tx_min_progress);
+}
+
+void DetectAppLayerMpmRegisterSingle(const char *name, int direction, int priority,
+ PrefilterRegisterFunc PrefilterRegister, InspectionSingleBufferGetDataPtr GetData,
+ AppProto alproto, int tx_min_progress)
+{
+ RegisterInternal(name, direction, priority, PrefilterRegister, NULL, GetData, NULL, alproto,
+ tx_min_progress);
}
void DetectAppLayerMpmMultiRegister(const char *name, int direction, int priority,
PrefilterRegisterFunc PrefilterRegister, InspectionMultiBufferGetDataPtr GetData,
AppProto alproto, int tx_min_progress)
{
- RegisterInternal(
- name, direction, priority, PrefilterRegister, NULL, GetData, alproto, tx_min_progress);
+ RegisterInternal(name, direction, priority, PrefilterRegister, NULL, NULL, GetData, alproto,
+ tx_min_progress);
}
/** \brief copy a mpm engine from parent_id, add in transforms */
void DetectAppLayerMpmRegister(const char *name, int direction, int priority,
PrefilterRegisterFunc PrefilterRegister, InspectionBufferGetDataPtr GetData,
AppProto alproto, int tx_min_progress);
+void DetectAppLayerMpmRegisterSingle(const char *name, int direction, int priority,
+ PrefilterRegisterFunc PrefilterRegister, InspectionSingleBufferGetDataPtr GetData,
+ AppProto alproto, int tx_min_progress);
void DetectAppLayerMpmMultiRegister(const char *name, int direction, int priority,
PrefilterRegisterFunc PrefilterRegister, InspectionMultiBufferGetDataPtr GetData,
AppProto alproto, int tx_min_progress);
typedef struct PrefilterMpmCtx {
int list_id;
- InspectionBufferGetDataPtr GetData;
+ union {
+ InspectionBufferGetDataPtr GetData;
+ InspectionSingleBufferGetDataPtr GetDataSingle;
+ };
const MpmCtx *mpm_ctx;
const DetectEngineTransforms *transforms;
} PrefilterMpmCtx;
+/** \brief Generic Mpm prefilter callback for simple InspectionSingleBufferGetDataPtr
+ *
+ * \param det_ctx detection engine thread ctx
+ * \param p packet to inspect
+ * \param f flow to inspect
+ * \param txv tx to inspect
+ * \param pectx inspection context
+ */
+static void PrefilterMpmTxSingle(DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p,
+ Flow *f, void *txv, const uint64_t idx, const AppLayerTxData *_txd, const uint8_t flags)
+{
+ SCEnter();
+
+ const PrefilterMpmCtx *ctx = (const PrefilterMpmCtx *)pectx;
+ const MpmCtx *mpm_ctx = ctx->mpm_ctx;
+ SCLogDebug("running on list %d", ctx->list_id);
+
+ InspectionBuffer *buffer = DetectGetSingleData(
+ det_ctx, ctx->transforms, f, flags, txv, ctx->list_id, ctx->GetDataSingle);
+ if (buffer == NULL)
+ return;
+
+ const uint32_t data_len = buffer->inspect_len;
+ const uint8_t *data = buffer->inspect;
+
+ SCLogDebug("mpm'ing buffer:");
+ // PrintRawDataFp(stdout, data, data_len);
+
+ if (data != NULL && data_len >= mpm_ctx->minlen) {
+ (void)mpm_table[mpm_ctx->mpm_type].Search(
+ mpm_ctx, &det_ctx->mtc, &det_ctx->pmq, data, data_len);
+ PREFILTER_PROFILING_ADD_BYTES(det_ctx, data_len);
+ }
+}
+
/** \brief Generic Mpm prefilter callback
*
* \param det_ctx detection engine thread ctx
const MpmCtx *mpm_ctx = ctx->mpm_ctx;
SCLogDebug("running on list %d", ctx->list_id);
- InspectionBuffer *buffer = ctx->GetData(det_ctx, ctx->transforms,
- f, flags, txv, ctx->list_id);
+ InspectionBuffer *buffer = ctx->GetData(det_ctx, ctx->transforms, f, flags, txv, ctx->list_id);
if (buffer == NULL)
return;
return r;
}
+int PrefilterSingleMpmRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx,
+ const DetectBufferMpmRegistry *mpm_reg, int list_id)
+{
+ SCEnter();
+ PrefilterMpmCtx *pectx = SCCalloc(1, sizeof(*pectx));
+ if (pectx == NULL)
+ return -1;
+ pectx->list_id = list_id;
+ pectx->GetDataSingle = mpm_reg->app_v2.GetDataSingle;
+ pectx->mpm_ctx = mpm_ctx;
+ pectx->transforms = &mpm_reg->transforms;
+
+ int r = PrefilterAppendTxEngine(de_ctx, sgh, PrefilterMpmTxSingle, mpm_reg->app_v2.alproto,
+ mpm_reg->app_v2.tx_min_progress, pectx, PrefilterGenericMpmFree, mpm_reg->pname);
+ if (r != 0) {
+ SCFree(pectx);
+ }
+ return r;
+}
+
static void PrefilterMultiGenericMpmFree(void *ptr)
{
// PrefilterMpmListId
int PrefilterGenericMpmRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx,
const DetectBufferMpmRegistry *mpm_reg, int list_id);
+int PrefilterSingleMpmRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx,
+ const DetectBufferMpmRegistry *mpm_reg, int list_id);
+
int PrefilterMultiGenericMpmRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, MpmCtx *mpm_ctx,
const DetectBufferMpmRegistry *mpm_reg, int list_id);
* \note errors are fatal */
static void AppLayerInspectEngineRegisterInternal(const char *name, AppProto alproto, uint32_t dir,
int progress, InspectEngineFuncPtr Callback, InspectionBufferGetDataPtr GetData,
+ InspectionSingleBufferGetDataPtr GetDataSingle,
InspectionMultiBufferGetDataPtr GetMultiData)
{
BUG_ON(progress >= 48);
SCLogError("Invalid arguments: must register "
"GetData with DetectEngineInspectBufferGeneric");
BUG_ON(1);
+ } else if (Callback == DetectEngineInspectBufferSingle && GetDataSingle == NULL) {
+ SCLogError("Invalid arguments: must register "
+ "GetData with DetectEngineInspectBufferGeneric");
+ BUG_ON(1);
} else if (Callback == DetectEngineInspectMultiBufferGeneric && GetMultiData == NULL) {
SCLogError("Invalid arguments: must register "
"GetData with DetectEngineInspectMultiBufferGeneric");
// every DNS or HTTP2 can be accessed from DOH2
if (alproto == ALPROTO_HTTP2 || alproto == ALPROTO_DNS) {
AppLayerInspectEngineRegisterInternal(
- name, ALPROTO_DOH2, dir, progress, Callback, GetData, GetMultiData);
+ name, ALPROTO_DOH2, dir, progress, Callback, GetData, GetDataSingle, GetMultiData);
}
DetectEngineAppInspectionEngine *new_engine =
new_engine->v2.Callback = Callback;
if (Callback == DetectEngineInspectBufferGeneric) {
new_engine->v2.GetData = GetData;
+ } else if (Callback == DetectEngineInspectBufferSingle) {
+ new_engine->v2.GetDataSingle = GetDataSingle;
} else if (Callback == DetectEngineInspectMultiBufferGeneric) {
new_engine->v2.GetMultiData = GetMultiData;
}
t = t->next;
}
- AppLayerInspectEngineRegisterInternal(name, alproto, dir, progress, Callback, GetData, NULL);
+ AppLayerInspectEngineRegisterInternal(
+ name, alproto, dir, progress, Callback, GetData, NULL, NULL);
+}
+
+void DetectAppLayerInspectEngineRegisterSingle(const char *name, AppProto alproto, uint32_t dir,
+ int progress, InspectEngineFuncPtr Callback, InspectionSingleBufferGetDataPtr GetData)
+{
+ /* before adding, check that we don't add a duplicate entry, which will
+ * propegate all the way into the packet runtime if allowed. */
+ DetectEngineAppInspectionEngine *t = g_app_inspect_engines;
+ while (t != NULL) {
+ const uint32_t t_direction = t->dir == 0 ? SIG_FLAG_TOSERVER : SIG_FLAG_TOCLIENT;
+ const int sm_list = DetectBufferTypeGetByName(name);
+
+ if (t->sm_list == sm_list && t->alproto == alproto && t_direction == dir &&
+ t->progress == progress && t->v2.Callback == Callback &&
+ t->v2.GetDataSingle == GetData) {
+ DEBUG_VALIDATE_BUG_ON(1);
+ return;
+ }
+ t = t->next;
+ }
+
+ AppLayerInspectEngineRegisterInternal(
+ name, alproto, dir, progress, Callback, NULL, GetData, NULL);
}
/* copy an inspect engine with transforms to a new list id. */
return DETECT_ENGINE_INSPECT_SIG_MATCH;
}
+/**
+ * \brief Do the content inspection & validation for a signature
+ *
+ * \param de_ctx Detection engine context
+ * \param det_ctx Detection engine thread context
+ * \param s Signature to inspect
+ * \param f Flow
+ * \param flags app layer flags
+ * \param state App layer state
+ *
+ * \retval 0 no match.
+ * \retval 1 match.
+ * \retval 2 Sig can't match.
+ */
+uint8_t DetectEngineInspectBufferSingle(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,
+ void *alstate, void *txv, uint64_t tx_id)
+{
+ const int list_id = engine->sm_list;
+ SCLogDebug("running inspect on %d", list_id);
+
+ const bool eof =
+ (AppLayerParserGetStateProgress(f->proto, f->alproto, txv, flags) > engine->progress);
+
+ SCLogDebug("list %d mpm? %s transforms %p", engine->sm_list, engine->mpm ? "true" : "false",
+ engine->v2.transforms);
+
+ /* if prefilter didn't already run, we need to consider transformations */
+ const DetectEngineTransforms *transforms = NULL;
+ if (!engine->mpm) {
+ transforms = engine->v2.transforms;
+ }
+
+ const InspectionBuffer *buffer = DetectGetSingleData(
+ det_ctx, transforms, f, flags, txv, list_id, engine->v2.GetDataSingle);
+ if (unlikely(buffer == NULL)) {
+ if (eof && engine->match_on_null) {
+ return DETECT_ENGINE_INSPECT_SIG_MATCH;
+ }
+ return eof ? DETECT_ENGINE_INSPECT_SIG_CANT_MATCH : DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
+ }
+
+ const uint32_t data_len = buffer->inspect_len;
+ const uint8_t *data = buffer->inspect;
+ const uint64_t offset = buffer->inspect_offset;
+
+ uint8_t ci_flags = eof ? DETECT_CI_FLAGS_END : 0;
+ ci_flags |= (offset == 0 ? DETECT_CI_FLAGS_START : 0);
+ ci_flags |= buffer->flags;
+
+ /* Inspect all the uricontents fetched on each
+ * transaction at the app layer */
+ const bool match = DetectEngineContentInspection(de_ctx, det_ctx, s, engine->smd, NULL, f, data,
+ data_len, offset, ci_flags, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE);
+ if (match) {
+ return DETECT_ENGINE_INSPECT_SIG_MATCH;
+ } else {
+ return eof ? DETECT_ENGINE_INSPECT_SIG_CANT_MATCH : DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
+ }
+}
/**
* \brief Do the content inspection & validation for a signature
void DetectAppLayerMultiRegister(const char *name, AppProto alproto, uint32_t dir, int progress,
InspectionMultiBufferGetDataPtr GetData, int priority)
{
- AppLayerInspectEngineRegisterInternal(
- name, alproto, dir, progress, DetectEngineInspectMultiBufferGeneric, NULL, GetData);
+ AppLayerInspectEngineRegisterInternal(name, alproto, dir, progress,
+ DetectEngineInspectMultiBufferGeneric, NULL, NULL, GetData);
DetectAppLayerMpmMultiRegister(
name, dir, priority, PrefilterMultiGenericMpmRegister, GetData, alproto, progress);
}
+InspectionBuffer *DetectGetSingleData(struct DetectEngineThreadCtx_ *det_ctx,
+ const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv,
+ const int list_id, InspectionSingleBufferGetDataPtr GetBuf)
+{
+ InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
+ if (buffer->inspect == NULL) {
+ const uint8_t *b = NULL;
+ uint32_t b_len = 0;
+
+ if (!GetBuf(txv, flow_flags, &b, &b_len))
+ return NULL;
+
+ InspectionBufferSetupAndApplyTransforms(det_ctx, list_id, buffer, b, b_len, transforms);
+ }
+ return buffer;
+}
+
InspectionBuffer *DetectGetMultiData(struct DetectEngineThreadCtx_ *det_ctx,
const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv,
const int list_id, uint32_t index, InspectionMultiBufferGetDataPtr GetBuf)
const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,
void *alstate, void *txv, uint64_t tx_id);
+uint8_t DetectEngineInspectBufferSingle(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
+ const DetectEngineAppInspectionEngine *engine, const Signature *s, Flow *f, uint8_t flags,
+ void *alstate, void *txv, uint64_t tx_id);
+
+InspectionBuffer *DetectGetSingleData(struct DetectEngineThreadCtx_ *det_ctx,
+ const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv,
+ const int list_id, InspectionSingleBufferGetDataPtr GetBuf);
InspectionBuffer *DetectGetMultiData(struct DetectEngineThreadCtx_ *det_ctx,
const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv,
const int list_id, uint32_t index, InspectionMultiBufferGetDataPtr GetBuf);
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir,
int progress, InspectEngineFuncPtr Callback2, InspectionBufferGetDataPtr GetData);
+void DetectAppLayerInspectEngineRegisterSingle(const char *name, AppProto alproto, uint32_t dir,
+ int progress, InspectEngineFuncPtr Callback2, InspectionSingleBufferGetDataPtr GetData);
+
void DetectAppLayerMultiRegister(const char *name, AppProto alproto, uint32_t dir, int progress,
InspectionMultiBufferGetDataPtr GetData, int priority);
}
static bool DetectFTPCommandDataGetData(
- void *txv, const uint8_t _flow_flags, const uint8_t **buffer, uint32_t *buffer_len)
+ const void *txv, const uint8_t _flow_flags, const uint8_t **buffer, uint32_t *buffer_len)
{
FTPTransaction *tx = (FTPTransaction *)txv;
return false;
}
-static InspectionBuffer *GetDataWrapper(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *_f, const uint8_t _flow_flags, void *txv,
- const int list_id)
-{
- return DetectHelperGetData(
- det_ctx, transforms, _f, _flow_flags, txv, list_id, DetectFTPCommandDataGetData);
-}
-
void DetectFtpCommandDataRegister(void)
{
/* ftp.command sticky buffer */
sigmatch_table[DETECT_FTP_COMMAND_DATA].flags |= SIGMATCH_NOOPT;
DetectHelperBufferMpmRegister(
- BUFFER_NAME, BUFFER_NAME, ALPROTO_FTP, STREAM_TOSERVER, GetDataWrapper);
+ BUFFER_NAME, BUFFER_DESC, ALPROTO_FTP, STREAM_TOSERVER, DetectFTPCommandDataGetData);
DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC);
return 0;
}
-static InspectionBuffer *DetectFTPCommandGetData(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, const uint8_t _flow_flags, void *txv,
- const int list_id)
+static bool DetectFTPCommandGetData(
+ const void *txv, const uint8_t _flow_flags, const uint8_t **buffer, uint32_t *buffer_len)
{
- InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
- if (buffer->inspect == NULL) {
- FTPTransaction *tx = (FTPTransaction *)txv;
-
- if (tx->command_descriptor.command_code == FTP_COMMAND_UNKNOWN)
- return NULL;
-
- const char *b = NULL;
- uint8_t b_len = 0;
- if (SCGetFtpCommandInfo(tx->command_descriptor.command_index, &b, NULL, &b_len)) {
- InspectionBufferSetupAndApplyTransforms(
- det_ctx, list_id, buffer, (const uint8_t *)b, b_len, transforms);
- } else {
- return NULL;
- }
+ FTPTransaction *tx = (FTPTransaction *)txv;
+
+ if (tx->command_descriptor.command_code == FTP_COMMAND_UNKNOWN)
+ return false;
+
+ uint8_t b_len = 0;
+ if (SCGetFtpCommandInfo(
+ tx->command_descriptor.command_index, (const char **)buffer, NULL, &b_len)) {
+ *buffer_len = b_len;
+ return true;
+ } else {
+ return false;
}
- return buffer;
}
void DetectFtpCommandRegister(void)
#include "detect-engine-buffer.h"
#include "detect-engine-content-inspection.h"
#include "detect-engine-helper.h"
+#include "detect-engine-prefilter.h"
#include "detect-parse.h"
#include "app-layer-smtp.h"
#include "rust.h"
return 0;
}
-static InspectionBuffer *GetSmtpMailFromData(DetectEngineThreadCtx *det_ctx,
- const DetectEngineTransforms *transforms, Flow *f, const uint8_t _flow_flags, void *txv,
- const int list_id)
+static bool GetSmtpMailFromData(
+ const void *txv, const uint8_t _flow_flags, const uint8_t **data, uint32_t *data_len)
{
- InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
- if (buffer->inspect == NULL) {
- SMTPTransaction *tx = (SMTPTransaction *)txv;
- if (tx->mail_from == NULL || tx->mail_from_len == 0)
- return NULL;
- InspectionBufferSetup(det_ctx, list_id, buffer, tx->mail_from, tx->mail_from_len);
- InspectionBufferApplyTransforms(det_ctx, buffer, transforms);
- }
- return buffer;
+ SMTPTransaction *tx = (SMTPTransaction *)txv;
+ if (tx->mail_from == NULL)
+ return false;
+ *data = tx->mail_from;
+ *data_len = tx->mail_from_len;
+ return true;
}
static int DetectSmtpRcptToSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
kw.Setup = DetectSmtpHeloSetup;
kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;
SCDetectHelperKeywordRegister(&kw);
- g_smtp_helo_buffer_id = DetectHelperBufferMpmRegister(
- "smtp.helo", "SMTP helo", ALPROTO_SMTP, STREAM_TOSERVER, GetSmtpHeloData);
+ DetectAppLayerInspectEngineRegister("smtp.helo", ALPROTO_SMTP, SIG_FLAG_TOSERVER, 0,
+ DetectEngineInspectBufferGeneric, GetSmtpHeloData);
+ DetectAppLayerMpmRegister("smtp.helo", SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister,
+ GetSmtpHeloData, ALPROTO_SMTP, 0);
+ DetectBufferTypeSetDescriptionByName("smtp.helo", "SMTP helo");
+ g_smtp_helo_buffer_id = DetectBufferTypeGetByName("smtp.helo");
kw.name = "smtp.mail_from";
kw.desc = "SMTP mail from buffer";
Flow *f, const uint8_t flow_flags,
void *txv, const int list_id);
+typedef bool (*InspectionSingleBufferGetDataPtr)(
+ const void *txv, const uint8_t flow_flags, const uint8_t **buf, uint32_t *buf_len);
+
typedef bool (*InspectionMultiBufferGetDataPtr)(struct DetectEngineThreadCtx_ *det_ctx,
const void *txv, const uint8_t flow_flags, uint32_t local_id, const uint8_t **buf,
uint32_t *buf_len);
struct {
union {
InspectionBufferGetDataPtr GetData;
+ InspectionSingleBufferGetDataPtr GetDataSingle;
InspectionMultiBufferGetDataPtr GetMultiData;
};
InspectEngineFuncPtr Callback;
struct {
union {
InspectionBufferGetDataPtr GetData;
+ InspectionSingleBufferGetDataPtr GetDataSingle;
InspectionMultiBufferGetDataPtr GetMultiData;
};
AppProto alproto;
projects / thirdparty / suricata.git / commitdiff
