From: Philippe Antoine Date: Tue, 29 Apr 2025 19:32:48 +0000 (+0200) Subject: rust: bindgen detect-engine-helper.h X-Git-Tag: suricata-8.0.0-rc1~323 X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=cf336396c3acb17793c0ef83d99b808a462cda47;p=thirdparty%2Fsuricata.git rust: bindgen detect-engine-helper.h Ticket: 7667 Begin by focusing on transforms --- diff --git a/rust/cbindgen.toml b/rust/cbindgen.toml index 6741c25d7f..354f052ac7 100644 --- a/rust/cbindgen.toml +++ b/rust/cbindgen.toml @@ -89,8 +89,6 @@ include = [ "FtpStateValues", "FtpDataStateValues", "HTTP2TransactionState", - "SCSigTableAppLiteElmt", - "SCTransformTableElmt", "DataRepType", ] diff --git a/rust/src/detect/transforms/casechange.rs b/rust/src/detect/transforms/casechange.rs index aa7470ccaa..1413ad2c3f 100644 --- a/rust/src/detect/transforms/casechange.rs +++ b/rust/src/detect/transforms/casechange.rs @@ -16,10 +16,14 @@ */ use super::{ - DetectHelperTransformRegister, DetectSignatureAddTransform, InspectionBufferCheckAndExpand, - InspectionBufferLength, InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt, + DetectSignatureAddTransform, InspectionBufferCheckAndExpand, InspectionBufferLength, + InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt, }; use crate::detect::SIGMATCH_NOOPT; +use suricata_sys::sys::{ + DetectEngineCtx, DetectEngineThreadCtx, InspectionBuffer, SCDetectHelperTransformRegister, + Signature, +}; use std::os::raw::{c_int, c_void}; use std::ptr; @@ -28,7 +32,7 @@ static mut G_TRANSFORM_TOLOWER_ID: c_int = 0; static mut G_TRANSFORM_TOUPPER_ID: c_int = 0; unsafe extern "C" fn tolower_setup( - _de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char, + _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char, ) -> c_int { return DetectSignatureAddTransform(s, G_TRANSFORM_TOLOWER_ID, ptr::null_mut()); } @@ -39,7 +43,9 @@ fn tolower_transform_do(input: &[u8], output: &mut [u8]) { } } -unsafe extern "C" fn tolower_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) { +unsafe extern "C" fn tolower_transform( + _det: *mut DetectEngineThreadCtx, buffer: *mut InspectionBuffer, _ctx: *mut c_void, +) { let input = InspectionBufferPtr(buffer); let input_len = InspectionBufferLength(buffer); if input.is_null() || input_len == 0 { @@ -75,20 +81,20 @@ pub unsafe extern "C" fn DetectTransformToLowerRegister() { name: b"to_lowercase\0".as_ptr() as *const libc::c_char, desc: b"convert buffer to lowercase\0".as_ptr() as *const libc::c_char, url: b"/rules/transforms.html#to_lowercase\0".as_ptr() as *const libc::c_char, - Setup: tolower_setup, + Setup: Some(tolower_setup), flags: SIGMATCH_NOOPT, - Transform: tolower_transform, + Transform: Some(tolower_transform), Free: None, TransformValidate: Some(tolower_validate), }; - G_TRANSFORM_TOLOWER_ID = DetectHelperTransformRegister(&kw); + G_TRANSFORM_TOLOWER_ID = SCDetectHelperTransformRegister(&kw); if G_TRANSFORM_TOLOWER_ID < 0 { SCLogWarning!("Failed registering transform tolower"); } } unsafe extern "C" fn toupper_setup( - _de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char, + _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char, ) -> c_int { return DetectSignatureAddTransform(s, G_TRANSFORM_TOUPPER_ID, ptr::null_mut()); } @@ -99,7 +105,9 @@ fn toupper_transform_do(input: &[u8], output: &mut [u8]) { } } -unsafe extern "C" fn toupper_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) { +unsafe extern "C" fn toupper_transform( + _det: *mut DetectEngineThreadCtx, buffer: *mut InspectionBuffer, _ctx: *mut c_void, +) { let input = InspectionBufferPtr(buffer); let input_len = InspectionBufferLength(buffer); if input.is_null() || input_len == 0 { @@ -135,13 +143,13 @@ pub unsafe extern "C" fn DetectTransformToUpperRegister() { name: b"to_uppercase\0".as_ptr() as *const libc::c_char, desc: b"convert buffer to uppercase\0".as_ptr() as *const libc::c_char, url: b"/rules/transforms.html#to_uppercase\0".as_ptr() as *const libc::c_char, - Setup: toupper_setup, + Setup: Some(toupper_setup), flags: SIGMATCH_NOOPT, - Transform: toupper_transform, + Transform: Some(toupper_transform), Free: None, TransformValidate: Some(toupper_validate), }; - G_TRANSFORM_TOUPPER_ID = DetectHelperTransformRegister(&kw); + G_TRANSFORM_TOUPPER_ID = SCDetectHelperTransformRegister(&kw); if G_TRANSFORM_TOUPPER_ID < 0 { SCLogWarning!("Failed registering transform toupper"); } diff --git a/rust/src/detect/transforms/compress_whitespace.rs b/rust/src/detect/transforms/compress_whitespace.rs index a8bd0eaca5..a7d0dab8e2 100644 --- a/rust/src/detect/transforms/compress_whitespace.rs +++ b/rust/src/detect/transforms/compress_whitespace.rs @@ -16,10 +16,14 @@ */ use super::{ - DetectHelperTransformRegister, DetectSignatureAddTransform, InspectionBufferCheckAndExpand, - InspectionBufferLength, InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt, + DetectSignatureAddTransform, InspectionBufferCheckAndExpand, InspectionBufferLength, + InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt, }; use crate::detect::SIGMATCH_NOOPT; +use suricata_sys::sys::{ + DetectEngineCtx, DetectEngineThreadCtx, InspectionBuffer, SCDetectHelperTransformRegister, + Signature, +}; use std::os::raw::{c_int, c_void}; use std::ptr; @@ -27,7 +31,7 @@ use std::ptr; static mut G_TRANSFORM_COMPRESS_WHITESPACE_ID: c_int = 0; unsafe extern "C" fn compress_whitespace_setup( - _de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char, + _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char, ) -> c_int { return DetectSignatureAddTransform(s, G_TRANSFORM_COMPRESS_WHITESPACE_ID, ptr::null_mut()); } @@ -49,7 +53,9 @@ fn compress_whitespace_transform_do(input: &[u8], output: &mut [u8]) -> u32 { return nb as u32; } -unsafe extern "C" fn compress_whitespace_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) { +unsafe extern "C" fn compress_whitespace_transform( + _det: *mut DetectEngineThreadCtx, buffer: *mut InspectionBuffer, _ctx: *mut c_void, +) { let input = InspectionBufferPtr(buffer); let input_len = InspectionBufferLength(buffer); if input.is_null() || input_len == 0 { @@ -98,13 +104,13 @@ pub unsafe extern "C" fn DetectTransformCompressWhitespaceRegister() { desc: b"modify buffer to compress consecutive whitespace characters into a single one before inspection\0".as_ptr() as *const libc::c_char, url: b"/rules/transforms.html#compress-whitespace\0".as_ptr() as *const libc::c_char, - Setup: compress_whitespace_setup, + Setup: Some(compress_whitespace_setup), flags: SIGMATCH_NOOPT, - Transform: compress_whitespace_transform, + Transform: Some(compress_whitespace_transform), Free: None, TransformValidate: Some(compress_whitespace_validate), }; - G_TRANSFORM_COMPRESS_WHITESPACE_ID = DetectHelperTransformRegister(&kw); + G_TRANSFORM_COMPRESS_WHITESPACE_ID = SCDetectHelperTransformRegister(&kw); if G_TRANSFORM_COMPRESS_WHITESPACE_ID < 0 { SCLogWarning!("Failed registering transform compress_whitespace"); } diff --git a/rust/src/detect/transforms/domain.rs b/rust/src/detect/transforms/domain.rs index 347366754c..59a12ca362 100644 --- a/rust/src/detect/transforms/domain.rs +++ b/rust/src/detect/transforms/domain.rs @@ -16,10 +16,15 @@ */ use super::{ - DetectHelperTransformRegister, DetectSignatureAddTransform, InspectionBufferCheckAndExpand, - InspectionBufferLength, InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt, + DetectSignatureAddTransform, InspectionBufferCheckAndExpand, InspectionBufferLength, + InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt, }; use crate::detect::SIGMATCH_NOOPT; +use suricata_sys::sys::{ + DetectEngineCtx, DetectEngineThreadCtx, InspectionBuffer, SCDetectHelperTransformRegister, + Signature, +}; + use std::os::raw::{c_int, c_void}; use std::ptr; @@ -27,7 +32,7 @@ static mut G_TRANSFORM_DOMAIN_ID: c_int = 0; static mut G_TRANSFORM_TLD_ID: c_int = 0; unsafe extern "C" fn domain_setup( - _de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char, + _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char, ) -> c_int { return DetectSignatureAddTransform(s, G_TRANSFORM_DOMAIN_ID, ptr::null_mut()); } @@ -42,7 +47,9 @@ fn get_domain(input: &[u8], output: &mut [u8]) -> u32 { 0 } -unsafe extern "C" fn domain_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) { +unsafe extern "C" fn domain_transform( + _det: *mut DetectEngineThreadCtx, buffer: *mut InspectionBuffer, _ctx: *mut c_void, +) { let input = InspectionBufferPtr(buffer); let input_len = InspectionBufferLength(buffer); if input.is_null() || input_len == 0 { @@ -63,7 +70,7 @@ unsafe extern "C" fn domain_transform(_det: *mut c_void, buffer: *mut c_void, _c } unsafe extern "C" fn tld_setup( - _de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char, + _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char, ) -> c_int { return DetectSignatureAddTransform(s, G_TRANSFORM_TLD_ID, ptr::null_mut()); } @@ -79,7 +86,9 @@ fn get_tld(input: &[u8], output: &mut [u8]) -> u32 { 0 } -unsafe extern "C" fn tld_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) { +unsafe extern "C" fn tld_transform( + _det: *mut DetectEngineThreadCtx, buffer: *mut InspectionBuffer, _ctx: *mut c_void, +) { let input = InspectionBufferPtr(buffer); let input_len = InspectionBufferLength(buffer); if input.is_null() || input_len == 0 { @@ -105,14 +114,14 @@ pub unsafe extern "C" fn SCDetectTransformDomainRegister() { name: b"domain\0".as_ptr() as *const libc::c_char, desc: b"modify buffer to extract the domain\0".as_ptr() as *const libc::c_char, url: b"/rules/transforms.html#domain\0".as_ptr() as *const libc::c_char, - Setup: domain_setup, + Setup: Some(domain_setup), flags: SIGMATCH_NOOPT, - Transform: domain_transform, + Transform: Some(domain_transform), Free: None, TransformValidate: None, }; unsafe { - G_TRANSFORM_DOMAIN_ID = DetectHelperTransformRegister(&kw); + G_TRANSFORM_DOMAIN_ID = SCDetectHelperTransformRegister(&kw); if G_TRANSFORM_DOMAIN_ID < 0 { SCLogWarning!("Failed registering transform domain"); } @@ -122,14 +131,14 @@ pub unsafe extern "C" fn SCDetectTransformDomainRegister() { name: b"tld\0".as_ptr() as *const libc::c_char, desc: b"modify buffer to extract the tld\0".as_ptr() as *const libc::c_char, url: b"/rules/transforms.html#tld\0".as_ptr() as *const libc::c_char, - Setup: tld_setup, + Setup: Some(tld_setup), flags: SIGMATCH_NOOPT, - Transform: tld_transform, + Transform: Some(tld_transform), Free: None, TransformValidate: None, }; unsafe { - G_TRANSFORM_TLD_ID = DetectHelperTransformRegister(&kw); + G_TRANSFORM_TLD_ID = SCDetectHelperTransformRegister(&kw); if G_TRANSFORM_TLD_ID < 0 { SCLogWarning!("Failed registering transform tld"); } diff --git a/rust/src/detect/transforms/dotprefix.rs b/rust/src/detect/transforms/dotprefix.rs index 043ff79456..a492e8b2ec 100644 --- a/rust/src/detect/transforms/dotprefix.rs +++ b/rust/src/detect/transforms/dotprefix.rs @@ -16,10 +16,14 @@ */ use super::{ - DetectHelperTransformRegister, DetectSignatureAddTransform, InspectionBufferCheckAndExpand, - InspectionBufferLength, InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt, + DetectSignatureAddTransform, InspectionBufferCheckAndExpand, InspectionBufferLength, + InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt, }; use crate::detect::SIGMATCH_NOOPT; +use suricata_sys::sys::{ + DetectEngineCtx, DetectEngineThreadCtx, InspectionBuffer, SCDetectHelperTransformRegister, + Signature, +}; use std::os::raw::{c_int, c_void}; use std::ptr; @@ -27,7 +31,7 @@ use std::ptr; static mut G_TRANSFORM_DOT_PREFIX_ID: c_int = 0; unsafe extern "C" fn dot_prefix_setup( - _de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char, + _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char, ) -> c_int { return DetectSignatureAddTransform(s, G_TRANSFORM_DOT_PREFIX_ID, ptr::null_mut()); } @@ -41,7 +45,9 @@ fn dot_prefix_transform_do(input: &[u8], output: &mut [u8]) { output[0] = b'.'; } -unsafe extern "C" fn dot_prefix_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) { +unsafe extern "C" fn dot_prefix_transform( + _det: *mut DetectEngineThreadCtx, buffer: *mut InspectionBuffer, _ctx: *mut c_void, +) { let input_len = InspectionBufferLength(buffer); if input_len == 0 { return; @@ -71,14 +77,14 @@ pub unsafe extern "C" fn DetectTransformDotPrefixRegister() { name: b"dotprefix\0".as_ptr() as *const libc::c_char, desc: b"modify buffer to extract the dotprefix\0".as_ptr() as *const libc::c_char, url: b"/rules/transforms.html#dotprefix\0".as_ptr() as *const libc::c_char, - Setup: dot_prefix_setup, + Setup: Some(dot_prefix_setup), flags: SIGMATCH_NOOPT, - Transform: dot_prefix_transform, + Transform: Some(dot_prefix_transform), Free: None, TransformValidate: None, }; unsafe { - G_TRANSFORM_DOT_PREFIX_ID = DetectHelperTransformRegister(&kw); + G_TRANSFORM_DOT_PREFIX_ID = SCDetectHelperTransformRegister(&kw); if G_TRANSFORM_DOT_PREFIX_ID < 0 { SCLogWarning!("Failed registering transform dot_prefix"); } diff --git a/rust/src/detect/transforms/hash.rs b/rust/src/detect/transforms/hash.rs index c6b793c081..a4482dd9af 100644 --- a/rust/src/detect/transforms/hash.rs +++ b/rust/src/detect/transforms/hash.rs @@ -16,10 +16,15 @@ */ use super::{ - DetectHelperTransformRegister, DetectSignatureAddTransform, InspectionBufferCheckAndExpand, - InspectionBufferLength, InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt, + DetectSignatureAddTransform, InspectionBufferCheckAndExpand, InspectionBufferLength, + InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt, }; use crate::detect::SIGMATCH_NOOPT; +use suricata_sys::sys::{ + DetectEngineCtx, DetectEngineThreadCtx, InspectionBuffer, SCDetectHelperTransformRegister, + Signature, +}; + use crate::ffi::hashing::{G_DISABLE_HASHING, SC_SHA1_LEN, SC_SHA256_LEN}; use digest::{Digest, Update}; use md5::Md5; @@ -36,7 +41,7 @@ static mut G_TRANSFORM_SHA256_ID: c_int = 0; const SC_MD5_LEN: usize = 16; unsafe extern "C" fn md5_setup( - _de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char, + _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char, ) -> c_int { if G_DISABLE_HASHING { SCLogError!("MD5 hashing has been disabled, needed for to_md5 keyword"); @@ -49,7 +54,9 @@ fn md5_transform_do(input: &[u8], output: &mut [u8]) { Md5::new().chain(input).finalize_into(output.into()); } -unsafe extern "C" fn md5_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) { +unsafe extern "C" fn md5_transform( + _det: *mut DetectEngineThreadCtx, buffer: *mut InspectionBuffer, _ctx: *mut c_void, +) { let input = InspectionBufferPtr(buffer); let input_len = InspectionBufferLength(buffer); if input.is_null() || input_len == 0 { @@ -75,20 +82,20 @@ pub unsafe extern "C" fn DetectTransformMd5Register() { name: b"to_md5\0".as_ptr() as *const libc::c_char, desc: b"convert to md5 hash of the buffer\0".as_ptr() as *const libc::c_char, url: b"/rules/transforms.html#to-md5\0".as_ptr() as *const libc::c_char, - Setup: md5_setup, + Setup: Some(md5_setup), flags: SIGMATCH_NOOPT, - Transform: md5_transform, + Transform: Some(md5_transform), Free: None, TransformValidate: None, }; - G_TRANSFORM_MD5_ID = DetectHelperTransformRegister(&kw); + G_TRANSFORM_MD5_ID = SCDetectHelperTransformRegister(&kw); if G_TRANSFORM_MD5_ID < 0 { SCLogWarning!("Failed registering transform md5"); } } unsafe extern "C" fn sha1_setup( - _de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char, + _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char, ) -> c_int { if G_DISABLE_HASHING { SCLogError!("SHA1 hashing has been disabled, needed for to_sha1 keyword"); @@ -101,7 +108,9 @@ fn sha1_transform_do(input: &[u8], output: &mut [u8]) { Sha1::new().chain(input).finalize_into(output.into()); } -unsafe extern "C" fn sha1_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) { +unsafe extern "C" fn sha1_transform( + _det: *mut DetectEngineThreadCtx, buffer: *mut InspectionBuffer, _ctx: *mut c_void, +) { let input = InspectionBufferPtr(buffer); let input_len = InspectionBufferLength(buffer); if input.is_null() || input_len == 0 { @@ -127,20 +136,20 @@ pub unsafe extern "C" fn DetectTransformSha1Register() { name: b"to_sha1\0".as_ptr() as *const libc::c_char, desc: b"convert to sha1 hash of the buffer\0".as_ptr() as *const libc::c_char, url: b"/rules/transforms.html#to-sha1\0".as_ptr() as *const libc::c_char, - Setup: sha1_setup, + Setup: Some(sha1_setup), flags: SIGMATCH_NOOPT, - Transform: sha1_transform, + Transform: Some(sha1_transform), Free: None, TransformValidate: None, }; - G_TRANSFORM_SHA1_ID = DetectHelperTransformRegister(&kw); + G_TRANSFORM_SHA1_ID = SCDetectHelperTransformRegister(&kw); if G_TRANSFORM_SHA1_ID < 0 { SCLogWarning!("Failed registering transform sha1"); } } unsafe extern "C" fn sha256_setup( - _de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char, + _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char, ) -> c_int { if G_DISABLE_HASHING { SCLogError!("SHA256 hashing has been disabled, needed for to_sha256 keyword"); @@ -153,7 +162,9 @@ fn sha256_transform_do(input: &[u8], output: &mut [u8]) { Sha256::new().chain(input).finalize_into(output.into()); } -unsafe extern "C" fn sha256_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) { +unsafe extern "C" fn sha256_transform( + _det: *mut DetectEngineThreadCtx, buffer: *mut InspectionBuffer, _ctx: *mut c_void, +) { let input = InspectionBufferPtr(buffer); let input_len = InspectionBufferLength(buffer); if input.is_null() || input_len == 0 { @@ -179,13 +190,13 @@ pub unsafe extern "C" fn DetectTransformSha256Register() { name: b"to_sha256\0".as_ptr() as *const libc::c_char, desc: b"convert to sha256 hash of the buffer\0".as_ptr() as *const libc::c_char, url: b"/rules/transforms.html#to-sha256\0".as_ptr() as *const libc::c_char, - Setup: sha256_setup, + Setup: Some(sha256_setup), flags: SIGMATCH_NOOPT, - Transform: sha256_transform, + Transform: Some(sha256_transform), Free: None, TransformValidate: None, }; - G_TRANSFORM_SHA256_ID = DetectHelperTransformRegister(&kw); + G_TRANSFORM_SHA256_ID = SCDetectHelperTransformRegister(&kw); if G_TRANSFORM_SHA256_ID < 0 { SCLogWarning!("Failed registering transform sha256"); } diff --git a/rust/src/detect/transforms/http_headers.rs b/rust/src/detect/transforms/http_headers.rs index 8cd9093620..d268ebb7be 100644 --- a/rust/src/detect/transforms/http_headers.rs +++ b/rust/src/detect/transforms/http_headers.rs @@ -16,10 +16,14 @@ */ use super::{ - DetectHelperTransformRegister, DetectSignatureAddTransform, InspectionBufferCheckAndExpand, - InspectionBufferLength, InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt, + DetectSignatureAddTransform, InspectionBufferCheckAndExpand, InspectionBufferLength, + InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt, }; use crate::detect::SIGMATCH_NOOPT; +use suricata_sys::sys::{ + DetectEngineCtx, DetectEngineThreadCtx, InspectionBuffer, SCDetectHelperTransformRegister, + Signature, +}; use std::os::raw::{c_int, c_void}; use std::ptr; @@ -28,7 +32,7 @@ static mut G_TRANSFORM_HEADER_LOWER_ID: c_int = 0; static mut G_TRANSFORM_STRIP_PSEUDO_ID: c_int = 0; unsafe extern "C" fn header_lowersetup( - _de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char, + _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char, ) -> c_int { return DetectSignatureAddTransform(s, G_TRANSFORM_HEADER_LOWER_ID, ptr::null_mut()); } @@ -52,7 +56,9 @@ fn header_lowertransform_do(input: &[u8], output: &mut [u8]) { } } -unsafe extern "C" fn header_lowertransform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) { +unsafe extern "C" fn header_lowertransform( + _det: *mut DetectEngineThreadCtx, buffer: *mut InspectionBuffer, _ctx: *mut c_void, +) { let input = InspectionBufferPtr(buffer); let input_len = InspectionBufferLength(buffer); if input.is_null() || input_len == 0 { @@ -78,20 +84,20 @@ pub unsafe extern "C" fn DetectTransformHeaderLowercaseRegister() { name: b"header_lowercase\0".as_ptr() as *const libc::c_char, desc: b"modify buffer via lowercaseing header names\0".as_ptr() as *const libc::c_char, url: b"/rules/transforms.html#header_lowercase\0".as_ptr() as *const libc::c_char, - Setup: header_lowersetup, + Setup: Some(header_lowersetup), flags: SIGMATCH_NOOPT, - Transform: header_lowertransform, + Transform: Some(header_lowertransform), Free: None, TransformValidate: None, }; - G_TRANSFORM_HEADER_LOWER_ID = DetectHelperTransformRegister(&kw); + G_TRANSFORM_HEADER_LOWER_ID = SCDetectHelperTransformRegister(&kw); if G_TRANSFORM_HEADER_LOWER_ID < 0 { SCLogWarning!("Failed registering transform tolower"); } } unsafe extern "C" fn strip_pseudo_setup( - _de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char, + _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char, ) -> c_int { return DetectSignatureAddTransform(s, G_TRANSFORM_STRIP_PSEUDO_ID, ptr::null_mut()); } @@ -114,7 +120,9 @@ fn strip_pseudo_transform_do(input: &[u8], output: &mut [u8]) -> u32 { return nb as u32; } -unsafe extern "C" fn strip_pseudo_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) { +unsafe extern "C" fn strip_pseudo_transform( + _det: *mut DetectEngineThreadCtx, buffer: *mut InspectionBuffer, _ctx: *mut c_void, +) { let input = InspectionBufferPtr(buffer); let input_len = InspectionBufferLength(buffer); if input.is_null() || input_len == 0 { @@ -140,13 +148,13 @@ pub unsafe extern "C" fn DetectTransformStripPseudoHeadersRegister() { name: b"strip_pseudo_headers\0".as_ptr() as *const libc::c_char, desc: b"modify buffer via stripping pseudo headers\0".as_ptr() as *const libc::c_char, url: b"/rules/transforms.html#strip_pseudo_headers\0".as_ptr() as *const libc::c_char, - Setup: strip_pseudo_setup, + Setup: Some(strip_pseudo_setup), flags: SIGMATCH_NOOPT, - Transform: strip_pseudo_transform, + Transform: Some(strip_pseudo_transform), Free: None, TransformValidate: None, }; - G_TRANSFORM_STRIP_PSEUDO_ID = DetectHelperTransformRegister(&kw); + G_TRANSFORM_STRIP_PSEUDO_ID = SCDetectHelperTransformRegister(&kw); if G_TRANSFORM_STRIP_PSEUDO_ID < 0 { SCLogWarning!("Failed registering transform toupper"); } diff --git a/rust/src/detect/transforms/mod.rs b/rust/src/detect/transforms/mod.rs index 56f8494489..48a946f23e 100644 --- a/rust/src/detect/transforms/mod.rs +++ b/rust/src/detect/transforms/mod.rs @@ -17,7 +17,9 @@ //! Module for transforms -use std::os::raw::{c_char, c_int, c_void}; +use std::os::raw::{c_int, c_void}; + +use suricata_sys::sys::{InspectionBuffer, SCTransformTableElmt, Signature}; pub mod casechange; pub mod compress_whitespace; @@ -29,29 +31,14 @@ pub mod strip_whitespace; pub mod urldecode; pub mod xor; -#[repr(C)] -#[allow(non_snake_case)] -pub struct SCTransformTableElmt { - pub name: *const c_char, - pub desc: *const c_char, - pub url: *const c_char, - pub flags: u16, - pub Setup: unsafe extern "C" fn(de: *mut c_void, s: *mut c_void, raw: *const c_char) -> c_int, - pub Free: Option, - pub Transform: unsafe extern "C" fn(_det: *mut c_void, inspect_buf: *mut c_void, options: *mut c_void), - pub TransformValidate: - Option bool>, -} - /// cbindgen:ignore extern "C" { pub fn DetectSignatureAddTransform( - s: *mut c_void, transform_id: c_int, ctx: *mut c_void, + s: *mut Signature, transform_id: c_int, ctx: *mut c_void, ) -> c_int; - pub fn InspectionBufferPtr(buf: *const c_void) -> *const u8; - pub fn InspectionBufferLength(buf: *const c_void) -> u32; - pub fn InspectionBufferCopy(ibuf: *const c_void, buf: *const u8, buf_len: u32); - pub fn DetectHelperTransformRegister(kw: *const SCTransformTableElmt) -> c_int; - pub fn InspectionBufferCheckAndExpand(ibuf: *const c_void, buf_len: u32) -> *mut u8; - pub fn InspectionBufferTruncate(ibuf: *const c_void, buf_len: u32); + pub fn InspectionBufferPtr(buf: *const InspectionBuffer) -> *const u8; + pub fn InspectionBufferLength(buf: *const InspectionBuffer) -> u32; + pub fn InspectionBufferCopy(ibuf: *const InspectionBuffer, buf: *const u8, buf_len: u32); + pub fn InspectionBufferCheckAndExpand(ibuf: *const InspectionBuffer, buf_len: u32) -> *mut u8; + pub fn InspectionBufferTruncate(ibuf: *const InspectionBuffer, buf_len: u32); } diff --git a/rust/src/detect/transforms/strip_whitespace.rs b/rust/src/detect/transforms/strip_whitespace.rs index c12929d7b8..b03443abf0 100644 --- a/rust/src/detect/transforms/strip_whitespace.rs +++ b/rust/src/detect/transforms/strip_whitespace.rs @@ -16,10 +16,14 @@ */ use super::{ - DetectHelperTransformRegister, DetectSignatureAddTransform, InspectionBufferCheckAndExpand, - InspectionBufferLength, InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt, + DetectSignatureAddTransform, InspectionBufferCheckAndExpand, InspectionBufferLength, + InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt, }; use crate::detect::SIGMATCH_NOOPT; +use suricata_sys::sys::{ + DetectEngineCtx, DetectEngineThreadCtx, InspectionBuffer, SCDetectHelperTransformRegister, + Signature, +}; use std::os::raw::{c_int, c_void}; use std::ptr; @@ -27,7 +31,7 @@ use std::ptr; static mut G_TRANSFORM_STRIP_WHITESPACE_ID: c_int = 0; unsafe extern "C" fn strip_whitespace_setup( - _de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char, + _de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char, ) -> c_int { return DetectSignatureAddTransform(s, G_TRANSFORM_STRIP_WHITESPACE_ID, ptr::null_mut()); } @@ -46,7 +50,9 @@ fn strip_whitespace_transform_do(input: &[u8], output: &mut [u8]) -> u32 { return nb as u32; } -unsafe extern "C" fn strip_whitespace_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) { +unsafe extern "C" fn strip_whitespace_transform( + _det: *mut DetectEngineThreadCtx, buffer: *mut InspectionBuffer, _ctx: *mut c_void, +) { let input = InspectionBufferPtr(buffer); let input_len = InspectionBufferLength(buffer); if input.is_null() || input_len == 0 { @@ -85,14 +91,14 @@ pub unsafe extern "C" fn DetectTransformStripWhitespaceRegister() { desc: b"modify buffer to strip whitespace before inspection\0".as_ptr() as *const libc::c_char, url: b"/rules/transforms.html#strip-whitespace\0".as_ptr() as *const libc::c_char, - Setup: strip_whitespace_setup, + Setup: Some(strip_whitespace_setup), flags: SIGMATCH_NOOPT, - Transform: strip_whitespace_transform, + Transform: Some(strip_whitespace_transform), Free: None, TransformValidate: Some(strip_whitespace_validate), }; unsafe { - G_TRANSFORM_STRIP_WHITESPACE_ID = DetectHelperTransformRegister(&kw); + G_TRANSFORM_STRIP_WHITESPACE_ID = SCDetectHelperTransformRegister(&kw); if G_TRANSFORM_STRIP_WHITESPACE_ID < 0 { SCLogWarning!("Failed registering transform strip_whitespace"); } diff --git a/rust/src/detect/transforms/urldecode.rs b/rust/src/detect/transforms/urldecode.rs index 1067cd4dfe..e267b44985 100644 --- a/rust/src/detect/transforms/urldecode.rs +++ b/rust/src/detect/transforms/urldecode.rs @@ -16,10 +16,14 @@ */ use super::{ - DetectHelperTransformRegister, DetectSignatureAddTransform, InspectionBufferCheckAndExpand, - InspectionBufferLength, InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt, + DetectSignatureAddTransform, InspectionBufferCheckAndExpand, InspectionBufferLength, + InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt, }; use crate::detect::SIGMATCH_NOOPT; +use suricata_sys::sys::{ + DetectEngineCtx, DetectEngineThreadCtx, InspectionBuffer, SCDetectHelperTransformRegister, + Signature, +}; use std::os::raw::{c_int, c_void}; use std::ptr; @@ -27,7 +31,7 @@ use std::ptr; static mut G_TRANSFORM_URL_DECODE_ID: c_int = 0; unsafe extern "C" fn url_decode_setup( - _de: *mut c_void, s: *mut c_void, _opt: *const std::os::raw::c_char, + _de: *mut DetectEngineCtx, s: *mut Signature, _opt: *const std::os::raw::c_char, ) -> c_int { return DetectSignatureAddTransform(s, G_TRANSFORM_URL_DECODE_ID, ptr::null_mut()); } @@ -86,7 +90,9 @@ fn url_decode_transform_do(input: &[u8], output: &mut [u8]) -> u32 { return nb as u32; } -unsafe extern "C" fn url_decode_transform(_det: *mut c_void, buffer: *mut c_void, _ctx: *mut c_void) { +unsafe extern "C" fn url_decode_transform( + _det: *mut DetectEngineThreadCtx, buffer: *mut InspectionBuffer, _ctx: *mut c_void, +) { let input = InspectionBufferPtr(buffer); let input_len = InspectionBufferLength(buffer); if input.is_null() || input_len == 0 { @@ -113,13 +119,13 @@ pub unsafe extern "C" fn DetectTransformUrlDecodeRegister() { desc: b"modify buffer to decode urlencoded data before inspection\0".as_ptr() as *const libc::c_char, url: b"/rules/transforms.html#url-decode\0".as_ptr() as *const libc::c_char, - Setup: url_decode_setup, + Setup: Some(url_decode_setup), flags: SIGMATCH_NOOPT, - Transform: url_decode_transform, + Transform: Some(url_decode_transform), Free: None, TransformValidate: None, }; - G_TRANSFORM_URL_DECODE_ID = DetectHelperTransformRegister(&kw); + G_TRANSFORM_URL_DECODE_ID = SCDetectHelperTransformRegister(&kw); if G_TRANSFORM_URL_DECODE_ID < 0 { SCLogWarning!("Failed registering transform dot_prefix"); } diff --git a/rust/src/detect/transforms/xor.rs b/rust/src/detect/transforms/xor.rs index 9c47e1be3d..7bcfd36cc4 100644 --- a/rust/src/detect/transforms/xor.rs +++ b/rust/src/detect/transforms/xor.rs @@ -16,10 +16,14 @@ */ use super::{ - DetectHelperTransformRegister, DetectSignatureAddTransform, InspectionBufferCheckAndExpand, - InspectionBufferLength, InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt, + DetectSignatureAddTransform, InspectionBufferCheckAndExpand, InspectionBufferLength, + InspectionBufferPtr, InspectionBufferTruncate, SCTransformTableElmt, }; use crate::detect::SIGMATCH_QUOTES_MANDATORY; +use suricata_sys::sys::{ + DetectEngineCtx, DetectEngineThreadCtx, InspectionBuffer, SCDetectHelperTransformRegister, + Signature, +}; use std::ffi::CStr; use std::os::raw::{c_int, c_void}; @@ -59,7 +63,7 @@ unsafe fn xor_parse(raw: *const std::os::raw::c_char) -> *mut c_void { } unsafe extern "C" fn xor_setup( - de: *mut c_void, s: *mut c_void, opt_str: *const std::os::raw::c_char, + de: *mut DetectEngineCtx, s: *mut Signature, opt_str: *const std::os::raw::c_char, ) -> c_int { let ctx = xor_parse(opt_str); if ctx.is_null() { @@ -80,7 +84,9 @@ fn xor_transform_do(input: &[u8], output: &mut [u8], ctx: &DetectTransformXorDat } } -unsafe extern "C" fn xor_transform(_det: *mut c_void, buffer: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn xor_transform( + _det: *mut DetectEngineThreadCtx, buffer: *mut InspectionBuffer, ctx: *mut c_void, +) { let input = InspectionBufferPtr(buffer); let input_len = InspectionBufferLength(buffer); if input.is_null() || input_len == 0 { @@ -101,7 +107,7 @@ unsafe extern "C" fn xor_transform(_det: *mut c_void, buffer: *mut c_void, ctx: InspectionBufferTruncate(buffer, input_len); } -unsafe extern "C" fn xor_free(_de: *mut c_void, ctx: *mut c_void) { +unsafe extern "C" fn xor_free(_de: *mut DetectEngineCtx, ctx: *mut c_void) { std::mem::drop(Box::from_raw(ctx as *mut DetectTransformXorData)); } @@ -111,14 +117,14 @@ pub unsafe extern "C" fn DetectTransformXorRegister() { name: b"xor\0".as_ptr() as *const libc::c_char, desc: b"modify buffer via XOR decoding before inspection\0".as_ptr() as *const libc::c_char, url: b"/rules/transforms.html#xor\0".as_ptr() as *const libc::c_char, - Setup: xor_setup, + Setup: Some(xor_setup), flags: SIGMATCH_QUOTES_MANDATORY, - Transform: xor_transform, + Transform: Some(xor_transform), Free: Some(xor_free), TransformValidate: None, }; unsafe { - G_TRANSFORM_XOR_ID = DetectHelperTransformRegister(&kw); + G_TRANSFORM_XOR_ID = SCDetectHelperTransformRegister(&kw); if G_TRANSFORM_XOR_ID < 0 { SCLogWarning!("Failed registering transform dot_prefix"); } diff --git a/rust/sys/src/sys.rs b/rust/sys/src/sys.rs index d8d120d6db..7bd89a1fd1 100644 --- a/rust/sys/src/sys.rs +++ b/rust/sys/src/sys.rs @@ -193,6 +193,106 @@ extern "C" { de_ctx: *mut DetectEngineCtx, s: *mut Signature, list: ::std::os::raw::c_int, ) -> ::std::os::raw::c_int; } +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct Flow_ { + _unused: [u8; 0], +} +pub type Flow = Flow_; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct SigMatchCtx_ { + _unused: [u8; 0], +} +pub type SigMatchCtx = SigMatchCtx_; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct DetectEngineThreadCtx_ { + _unused: [u8; 0], +} +pub type DetectEngineThreadCtx = DetectEngineThreadCtx_; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct InspectionBuffer { + _unused: [u8; 0], +} +#[doc = " App-layer light version of SigTableElmt"] +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct SCSigTableAppLiteElmt { + #[doc = " keyword name"] + pub name: *const ::std::os::raw::c_char, + #[doc = " keyword description"] + pub desc: *const ::std::os::raw::c_char, + #[doc = " keyword documentation url"] + pub url: *const ::std::os::raw::c_char, + #[doc = " flags SIGMATCH_*"] + pub flags: u16, + #[doc = " function callback to parse and setup keyword in rule"] + pub Setup: ::std::option::Option< + unsafe extern "C" fn( + arg1: *mut DetectEngineCtx, + arg2: *mut Signature, + arg3: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int, + >, + #[doc = " function callback to free structure allocated by setup if any"] + pub Free: ::std::option::Option< + unsafe extern "C" fn(arg1: *mut DetectEngineCtx, arg2: *mut ::std::os::raw::c_void), + >, + #[doc = " function callback to match on an app-layer transaction"] + pub AppLayerTxMatch: ::std::option::Option< + unsafe extern "C" fn( + arg1: *mut DetectEngineThreadCtx, + arg2: *mut Flow, + flags: u8, + alstate: *mut ::std::os::raw::c_void, + txv: *mut ::std::os::raw::c_void, + arg3: *const Signature, + arg4: *const SigMatchCtx, + ) -> ::std::os::raw::c_int, + >, +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct SCTransformTableElmt { + pub name: *const ::std::os::raw::c_char, + pub desc: *const ::std::os::raw::c_char, + pub url: *const ::std::os::raw::c_char, + pub flags: u16, + pub Setup: ::std::option::Option< + unsafe extern "C" fn( + arg1: *mut DetectEngineCtx, + arg2: *mut Signature, + arg3: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int, + >, + pub Free: ::std::option::Option< + unsafe extern "C" fn(arg1: *mut DetectEngineCtx, arg2: *mut ::std::os::raw::c_void), + >, + pub Transform: ::std::option::Option< + unsafe extern "C" fn( + arg1: *mut DetectEngineThreadCtx, + arg2: *mut InspectionBuffer, + context: *mut ::std::os::raw::c_void, + ), + >, + pub TransformValidate: ::std::option::Option< + unsafe extern "C" fn( + content: *const u8, + content_len: u16, + context: *mut ::std::os::raw::c_void, + ) -> bool, + >, +} +extern "C" { + pub fn SCDetectHelperNewKeywordId() -> ::std::os::raw::c_int; +} +extern "C" { + pub fn SCDetectHelperTransformRegister( + kw: *const SCTransformTableElmt, + ) -> ::std::os::raw::c_int; +} #[doc = " Structure of a configuration parameter."] #[repr(C)] #[derive(Debug, Copy, Clone)] diff --git a/src/bindgen.h b/src/bindgen.h index eabb72e9c1..4fea8ee2b8 100644 --- a/src/bindgen.h +++ b/src/bindgen.h @@ -36,6 +36,7 @@ #include "output-eve-bindgen.h" #include "detect-engine-register.h" #include "detect-engine-buffer.h" +#include "detect-engine-helper.h" #include "conf.h" diff --git a/src/detect-engine-helper.c b/src/detect-engine-helper.c index 8634e8ac22..0b4325488f 100644 --- a/src/detect-engine-helper.c +++ b/src/detect-engine-helper.c @@ -29,6 +29,7 @@ #include "detect-engine-prefilter.h" #include "detect-parse.h" #include "detect-engine-content-inspection.h" +#include "rust.h" int DetectHelperBufferRegister(const char *name, AppProto alproto, uint8_t direction) { @@ -143,7 +144,7 @@ void DetectHelperKeywordAliasRegister(int kwid, const char *alias) sigmatch_table[kwid].alias = alias; } -int DetectHelperTransformRegister(const SCTransformTableElmt *kw) +int SCDetectHelperTransformRegister(const SCTransformTableElmt *kw) { int transform_id = SCDetectHelperNewKeywordId(); if (transform_id < 0) { diff --git a/src/detect-engine-helper.h b/src/detect-engine-helper.h index 6a03b263ef..714bd19a57 100644 --- a/src/detect-engine-helper.h +++ b/src/detect-engine-helper.h @@ -25,8 +25,53 @@ #define SURICATA_DETECT_ENGINE_HELPER_H #include "app-layer-protos.h" -#include "detect.h" -#include "rust.h" + +// type from flow.h with only forward declarations for bindgen +typedef struct Flow_ Flow; +// types from detect.h with only forward declarations for bindgen +// could be #ifndef SURICATA_BINDGEN_H #include "detect.h" #endif +typedef struct DetectEngineCtx_ DetectEngineCtx; +typedef struct Signature_ Signature; +typedef struct SigMatchCtx_ SigMatchCtx; +typedef struct DetectEngineThreadCtx_ DetectEngineThreadCtx; +typedef struct InspectionBuffer InspectionBuffer; +typedef struct DetectEngineTransforms DetectEngineTransforms; +typedef InspectionBuffer *(*InspectionBufferGetDataPtr)(struct DetectEngineThreadCtx_ *det_ctx, + const DetectEngineTransforms *transforms, Flow *f, const uint8_t flow_flags, void *txv, + const int list_id); +typedef bool (*InspectionMultiBufferGetDataPtr)(struct DetectEngineThreadCtx_ *det_ctx, + const void *txv, const uint8_t flow_flags, uint32_t local_id, const uint8_t **buf, + uint32_t *buf_len); + +/// App-layer light version of SigTableElmt +typedef struct SCSigTableAppLiteElmt { + /// keyword name + const char *name; + /// keyword description + const char *desc; + /// keyword documentation url + const char *url; + /// flags SIGMATCH_* + uint16_t flags; + /// function callback to parse and setup keyword in rule + int (*Setup)(DetectEngineCtx *, Signature *, const char *); + /// function callback to free structure allocated by setup if any + void (*Free)(DetectEngineCtx *, void *); + /// function callback to match on an app-layer transaction + int (*AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, + const Signature *, const SigMatchCtx *); +} SCSigTableAppLiteElmt; + +typedef struct SCTransformTableElmt { + const char *name; + const char *desc; + const char *url; + uint16_t flags; + int (*Setup)(DetectEngineCtx *, Signature *, const char *); + void (*Free)(DetectEngineCtx *, void *); + void (*Transform)(DetectEngineThreadCtx *, InspectionBuffer *, void *context); + bool (*TransformValidate)(const uint8_t *content, uint16_t content_len, void *context); +} SCTransformTableElmt; int SCDetectHelperNewKeywordId(void); @@ -46,7 +91,7 @@ int DetectHelperMultiBufferMpmRegister(const char *name, const char *desc, AppPr int DetectHelperMultiBufferProgressMpmRegister(const char *name, const char *desc, AppProto alproto, uint8_t direction, InspectionMultiBufferGetDataPtr GetData, int progress); -int DetectHelperTransformRegister(const SCTransformTableElmt *kw); +int SCDetectHelperTransformRegister(const SCTransformTableElmt *kw); const uint8_t *InspectionBufferPtr(InspectionBuffer *buf); uint32_t InspectionBufferLength(InspectionBuffer *buf);