From dc20129195574d002ace30e38da9d524815c8e2e Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Wed, 14 May 2025 21:48:06 +0200 Subject: [PATCH] rust: bindgen SCDetectHelperBufferMpmRegister Ticket: 7667 --- examples/plugins/altemplate/src/detect.rs | 13 ++++--- examples/plugins/altemplate/src/template.rs | 4 +- rust/src/applayertemplate/detect.rs | 11 +++--- rust/src/detect/mod.rs | 9 ----- rust/src/enip/detect.rs | 16 ++++---- rust/src/ldap/detect.rs | 10 ++--- rust/src/mqtt/detect.rs | 38 +++++++++---------- rust/src/rfb/detect.rs | 12 +++--- rust/src/sdp/detect.rs | 41 ++++++++++----------- rust/src/sip/detect.rs | 25 ++++++------- rust/src/snmp/detect.rs | 16 ++++---- rust/src/websocket/detect.rs | 12 +++--- rust/sys/src/sys.rs | 14 +++++++ src/detect-email.c | 14 +++---- src/detect-engine-helper.c | 2 +- src/detect-engine-helper.h | 2 +- src/detect-ftp-command-data.c | 2 +- src/detect-ftp-command.c | 2 +- src/detect-smtp.c | 2 +- 19 files changed, 124 insertions(+), 121 deletions(-) diff --git a/examples/plugins/altemplate/src/detect.rs b/examples/plugins/altemplate/src/detect.rs index 7ae3d1e596..7627fd7abf 100644 --- a/examples/plugins/altemplate/src/detect.rs +++ b/examples/plugins/altemplate/src/detect.rs @@ -23,13 +23,14 @@ use super::template::{TemplateTransaction, ALPROTO_TEMPLATE}; use std::os::raw::{c_int, c_void}; use suricata::cast_pointer; +use suricata::core::{STREAM_TOCLIENT, STREAM_TOSERVER}; use suricata::detect::{ - helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, - DetectSignatureSetAppProto, SigTableElmtStickyBuffer, + helper_keyword_register_sticky_buffer, DetectSignatureSetAppProto, SigTableElmtStickyBuffer, }; -use suricata::core::{STREAM_TOCLIENT, STREAM_TOSERVER}; use suricata::direction::Direction; -use suricata_sys::sys::{DetectEngineCtx, SCDetectBufferSetActiveList, Signature}; +use suricata_sys::sys::{ + DetectEngineCtx, SCDetectBufferSetActiveList, SCDetectHelperBufferMpmRegister, Signature, +}; static mut G_TEMPLATE_BUFFER_BUFFER_ID: c_int = 0; @@ -75,11 +76,11 @@ pub(super) unsafe extern "C" fn detect_template_register() { setup: template_buffer_setup, }; let _g_template_buffer_kw_id = helper_keyword_register_sticky_buffer(&kw); - G_TEMPLATE_BUFFER_BUFFER_ID = DetectHelperBufferMpmRegister( + G_TEMPLATE_BUFFER_BUFFER_ID = SCDetectHelperBufferMpmRegister( b"altemplate.buffer\0".as_ptr() as *const libc::c_char, b"template.buffer intern description\0".as_ptr() as *const libc::c_char, ALPROTO_TEMPLATE, STREAM_TOSERVER | STREAM_TOCLIENT, - template_buffer_get, + Some(template_buffer_get), ); } diff --git a/examples/plugins/altemplate/src/template.rs b/examples/plugins/altemplate/src/template.rs index fd210e773e..dd183021a7 100644 --- a/examples/plugins/altemplate/src/template.rs +++ b/examples/plugins/altemplate/src/template.rs @@ -282,9 +282,7 @@ unsafe extern "C" fn template_probing_parser( return ALPROTO_UNKNOWN; } -extern "C" fn template_state_new( - _orig_state: *mut c_void, _orig_proto: AppProto, -) -> *mut c_void { +extern "C" fn template_state_new(_orig_state: *mut c_void, _orig_proto: AppProto) -> *mut c_void { let state = TemplateState::new(); let boxed = Box::new(state); return Box::into_raw(boxed) as *mut c_void; diff --git a/rust/src/applayertemplate/detect.rs b/rust/src/applayertemplate/detect.rs index 9f1222e866..35fb2d2d4e 100644 --- a/rust/src/applayertemplate/detect.rs +++ b/rust/src/applayertemplate/detect.rs @@ -21,12 +21,13 @@ use crate::conf::conf_get_node; /* TEMPLATE_END_REMOVE */ use crate::core::{STREAM_TOCLIENT, STREAM_TOSERVER}; use crate::detect::{ - helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, - DetectSignatureSetAppProto, SigTableElmtStickyBuffer, + helper_keyword_register_sticky_buffer, DetectSignatureSetAppProto, SigTableElmtStickyBuffer, }; use crate::direction::Direction; use std::os::raw::{c_int, c_void}; -use suricata_sys::sys::{DetectEngineCtx, SCDetectBufferSetActiveList, Signature}; +use suricata_sys::sys::{ + DetectEngineCtx, SCDetectBufferSetActiveList, SCDetectHelperBufferMpmRegister, Signature, +}; static mut G_TEMPLATE_BUFFER_BUFFER_ID: c_int = 0; @@ -78,11 +79,11 @@ pub unsafe extern "C" fn SCDetectTemplateRegister() { setup: template_buffer_setup, }; let _g_template_buffer_kw_id = helper_keyword_register_sticky_buffer(&kw); - G_TEMPLATE_BUFFER_BUFFER_ID = DetectHelperBufferMpmRegister( + G_TEMPLATE_BUFFER_BUFFER_ID = SCDetectHelperBufferMpmRegister( b"template.buffer\0".as_ptr() as *const libc::c_char, b"template.buffer intern description\0".as_ptr() as *const libc::c_char, ALPROTO_TEMPLATE, STREAM_TOSERVER | STREAM_TOCLIENT, - template_buffer_get, + Some(template_buffer_get), ); } diff --git a/rust/src/detect/mod.rs b/rust/src/detect/mod.rs index f466bc14bf..614f624c09 100644 --- a/rust/src/detect/mod.rs +++ b/rust/src/detect/mod.rs @@ -120,15 +120,6 @@ pub const SIGMATCH_INFO_STICKY_BUFFER: u16 = 0x200; // BIT_U16(9) /// cbindgen:ignore extern "C" { - pub fn DetectHelperBufferMpmRegister( - name: *const libc::c_char, desc: *const libc::c_char, alproto: AppProto, dir: u8, - get_data: unsafe extern "C" fn( - *const c_void, - u8, - *mut *const u8, - *mut u32, - ) -> bool, - ) -> c_int; // from detect-parse.h pub fn DetectSignatureSetAppProto(s: *mut Signature, alproto: AppProto) -> c_int; pub fn SigMatchAppendSMToList( diff --git a/rust/src/enip/detect.rs b/rust/src/enip/detect.rs index e0a0fb90fc..8e72156158 100644 --- a/rust/src/enip/detect.rs +++ b/rust/src/enip/detect.rs @@ -36,13 +36,13 @@ use crate::detect::uint::{ SCDetectU8Match, SCDetectU8Parse, }; use crate::detect::{ - helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, - DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer, + helper_keyword_register_sticky_buffer, DetectSignatureSetAppProto, SigMatchAppendSMToList, + SigTableElmtStickyBuffer, }; use suricata_sys::sys::{ DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList, - SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister, SCSigTableAppLiteElmt, - SigMatchCtx, Signature, + SCDetectHelperBufferMpmRegister, SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister, + SCSigTableAppLiteElmt, SigMatchCtx, Signature, }; use crate::direction::Direction; @@ -1571,12 +1571,12 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { setup: product_name_setup, }; let _g_enip_product_name_kw_id = helper_keyword_register_sticky_buffer(&kw); - G_ENIP_PRODUCT_NAME_BUFFER_ID = DetectHelperBufferMpmRegister( + G_ENIP_PRODUCT_NAME_BUFFER_ID = SCDetectHelperBufferMpmRegister( b"enip.product_name\0".as_ptr() as *const libc::c_char, b"ENIP product name\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, STREAM_TOSERVER | STREAM_TOCLIENT, - product_name_get_data, + Some(product_name_get_data), ); let kw = SigTableElmtStickyBuffer { name: String::from("enip.service_name"), @@ -1585,12 +1585,12 @@ pub unsafe extern "C" fn SCDetectEnipRegister() { setup: service_name_setup, }; let _g_enip_service_name_kw_id = helper_keyword_register_sticky_buffer(&kw); - G_ENIP_SERVICE_NAME_BUFFER_ID = DetectHelperBufferMpmRegister( + G_ENIP_SERVICE_NAME_BUFFER_ID = SCDetectHelperBufferMpmRegister( b"enip.service_name\0".as_ptr() as *const libc::c_char, b"ENIP service name\0".as_ptr() as *const libc::c_char, ALPROTO_ENIP, STREAM_TOSERVER | STREAM_TOCLIENT, - service_name_get_data, + Some(service_name_get_data), ); } diff --git a/rust/src/ldap/detect.rs b/rust/src/ldap/detect.rs index 4bc281491f..cc399c5fbe 100644 --- a/rust/src/ldap/detect.rs +++ b/rust/src/ldap/detect.rs @@ -22,13 +22,13 @@ use crate::detect::uint::{ SCDetectU8Free, }; use crate::detect::{ - helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, - DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer, + helper_keyword_register_sticky_buffer, DetectSignatureSetAppProto, SigMatchAppendSMToList, + SigTableElmtStickyBuffer, }; use crate::ldap::types::{LdapMessage, LdapResultCode, ProtocolOp, ProtocolOpCode}; use suricata_sys::sys::{ DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList, - SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister, + SCDetectHelperBufferMpmRegister, SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister, SCDetectHelperMultiBufferMpmRegister, SCSigTableAppLiteElmt, SigMatchCtx, Signature, }; @@ -675,12 +675,12 @@ pub unsafe extern "C" fn SCDetectLdapRegister() { setup: ldap_detect_request_dn_setup, }; let _g_ldap_request_dn_kw_id = helper_keyword_register_sticky_buffer(&kw); - G_LDAP_REQUEST_DN_BUFFER_ID = DetectHelperBufferMpmRegister( + G_LDAP_REQUEST_DN_BUFFER_ID = SCDetectHelperBufferMpmRegister( b"ldap.request.dn\0".as_ptr() as *const libc::c_char, b"LDAP REQUEST DISTINGUISHED_NAME\0".as_ptr() as *const libc::c_char, ALPROTO_LDAP, STREAM_TOSERVER, - ldap_detect_request_dn_get_data, + Some(ldap_detect_request_dn_get_data), ); let kw = SigTableElmtStickyBuffer { name: String::from("ldap.responses.dn"), diff --git a/rust/src/mqtt/detect.rs b/rust/src/mqtt/detect.rs index 138b488a70..d0a53b8620 100644 --- a/rust/src/mqtt/detect.rs +++ b/rust/src/mqtt/detect.rs @@ -23,12 +23,12 @@ use crate::detect::uint::{ SCDetectU8Free, SCDetectU8Parse, }; use crate::detect::{ - helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, - DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer, + helper_keyword_register_sticky_buffer, DetectSignatureSetAppProto, SigMatchAppendSMToList, + SigTableElmtStickyBuffer, }; use suricata_sys::sys::{ DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList, - SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister, + SCDetectHelperBufferMpmRegister, SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister, SCDetectHelperMultiBufferMpmRegister, SCSigTableAppLiteElmt, SigMatchCtx, Signature, }; @@ -1071,12 +1071,12 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { setup: mqtt_pub_topic_setup, }; let _g_mqtt_pub_topic_kw_id = helper_keyword_register_sticky_buffer(&kw); - G_MQTT_PUB_TOPIC_BUFFER_ID = DetectHelperBufferMpmRegister( + G_MQTT_PUB_TOPIC_BUFFER_ID = SCDetectHelperBufferMpmRegister( b"mqtt.publish.topic\0".as_ptr() as *const libc::c_char, b"MQTT PUBLISH topic\0".as_ptr() as *const libc::c_char, ALPROTO_MQTT, STREAM_TOSERVER | STREAM_TOCLIENT, - mqtt_pub_topic_get_data, + Some(mqtt_pub_topic_get_data), ); let kw = SigTableElmtStickyBuffer { name: String::from("mqtt.publish.message"), @@ -1085,12 +1085,12 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { setup: mqtt_pub_msg_setup, }; let _g_mqtt_pub_msg_kw_id = helper_keyword_register_sticky_buffer(&kw); - G_MQTT_PUB_MSG_BUFFER_ID = DetectHelperBufferMpmRegister( + G_MQTT_PUB_MSG_BUFFER_ID = SCDetectHelperBufferMpmRegister( b"mqtt.publish.message\0".as_ptr() as *const libc::c_char, b"MQTT PUBLISH message\0".as_ptr() as *const libc::c_char, ALPROTO_MQTT, STREAM_TOSERVER | STREAM_TOCLIENT, - mqtt_pub_msg_get_data, + Some(mqtt_pub_msg_get_data), ); let kw = SCSigTableAppLiteElmt { name: b"mqtt.protocol_version\0".as_ptr() as *const libc::c_char, @@ -1144,12 +1144,12 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { setup: mqtt_conn_willtopic_setup, }; let _g_mqtt_conn_willtopic_kw_id = helper_keyword_register_sticky_buffer(&kw); - G_MQTT_CONN_WILLTOPIC_BUFFER_ID = DetectHelperBufferMpmRegister( + G_MQTT_CONN_WILLTOPIC_BUFFER_ID = SCDetectHelperBufferMpmRegister( b"mqtt.connect.willtopic\0".as_ptr() as *const libc::c_char, b"MQTT CONNECT will topic\0".as_ptr() as *const libc::c_char, ALPROTO_MQTT, STREAM_TOSERVER, - mqtt_conn_willtopic_get_data, + Some(mqtt_conn_willtopic_get_data), ); let kw = SigTableElmtStickyBuffer { name: String::from("mqtt.connect.willmessage"), @@ -1158,12 +1158,12 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { setup: mqtt_conn_willmsg_setup, }; let _g_mqtt_conn_willmsg_kw_id = helper_keyword_register_sticky_buffer(&kw); - G_MQTT_CONN_WILLMSG_BUFFER_ID = DetectHelperBufferMpmRegister( + G_MQTT_CONN_WILLMSG_BUFFER_ID = SCDetectHelperBufferMpmRegister( b"mqtt.connect.willmessage\0".as_ptr() as *const libc::c_char, b"MQTT CONNECT will message\0".as_ptr() as *const libc::c_char, ALPROTO_MQTT, STREAM_TOSERVER, - mqtt_conn_willmsg_get_data, + Some(mqtt_conn_willmsg_get_data), ); let kw = SigTableElmtStickyBuffer { name: String::from("mqtt.connect.username"), @@ -1172,12 +1172,12 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { setup: mqtt_conn_username_setup, }; let _g_mqtt_conn_username_kw_id = helper_keyword_register_sticky_buffer(&kw); - G_MQTT_CONN_USERNAME_BUFFER_ID = DetectHelperBufferMpmRegister( + G_MQTT_CONN_USERNAME_BUFFER_ID = SCDetectHelperBufferMpmRegister( b"mqtt.connect.username\0".as_ptr() as *const libc::c_char, b"MQTT CONNECT username\0".as_ptr() as *const libc::c_char, ALPROTO_MQTT, STREAM_TOSERVER, - mqtt_conn_username_get_data, + Some(mqtt_conn_username_get_data), ); let kw = SigTableElmtStickyBuffer { name: String::from("mqtt.connect.protocol_string"), @@ -1186,12 +1186,12 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { setup: mqtt_conn_protocolstring_setup, }; let _g_mqtt_conn_protostr_kw_id = helper_keyword_register_sticky_buffer(&kw); - G_MQTT_CONN_PROTOCOLSTRING_BUFFER_ID = DetectHelperBufferMpmRegister( + G_MQTT_CONN_PROTOCOLSTRING_BUFFER_ID = SCDetectHelperBufferMpmRegister( b"mqtt.connect.protocol_string\0".as_ptr() as *const libc::c_char, b"MQTT CONNECT protocol string\0".as_ptr() as *const libc::c_char, ALPROTO_MQTT, STREAM_TOSERVER, - mqtt_conn_protocolstring_get_data, + Some(mqtt_conn_protocolstring_get_data), ); let kw = SigTableElmtStickyBuffer { name: String::from("mqtt.connect.password"), @@ -1200,12 +1200,12 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { setup: mqtt_conn_password_setup, }; let _g_mqtt_conn_password_kw_id = helper_keyword_register_sticky_buffer(&kw); - G_MQTT_CONN_PASSWORD_BUFFER_ID = DetectHelperBufferMpmRegister( + G_MQTT_CONN_PASSWORD_BUFFER_ID = SCDetectHelperBufferMpmRegister( b"mqtt.connect.password\0".as_ptr() as *const libc::c_char, b"MQTT CONNECT password\0".as_ptr() as *const libc::c_char, ALPROTO_MQTT, STREAM_TOSERVER, - mqtt_conn_password_get_data, + Some(mqtt_conn_password_get_data), ); let kw = SigTableElmtStickyBuffer { name: String::from("mqtt.connect.clientid"), @@ -1214,12 +1214,12 @@ pub unsafe extern "C" fn SCDetectMqttRegister() { setup: mqtt_conn_clientid_setup, }; let _g_mqtt_conn_password_kw_id = helper_keyword_register_sticky_buffer(&kw); - G_MQTT_CONN_CLIENTID_BUFFER_ID = DetectHelperBufferMpmRegister( + G_MQTT_CONN_CLIENTID_BUFFER_ID = SCDetectHelperBufferMpmRegister( b"mqtt.connect.clientid\0".as_ptr() as *const libc::c_char, b"MQTT CONNECT clientid\0".as_ptr() as *const libc::c_char, ALPROTO_MQTT, STREAM_TOSERVER, - mqtt_conn_clientid_get_data, + Some(mqtt_conn_clientid_get_data), ); } diff --git a/rust/src/rfb/detect.rs b/rust/src/rfb/detect.rs index 696df7f9d6..cf131c77e1 100644 --- a/rust/src/rfb/detect.rs +++ b/rust/src/rfb/detect.rs @@ -24,16 +24,16 @@ use crate::detect::uint::{ detect_match_uint, detect_parse_uint_enum, DetectUintData, SCDetectU32Free, SCDetectU32Parse, }; use crate::detect::{ - helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, - DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer, + helper_keyword_register_sticky_buffer, DetectSignatureSetAppProto, SigMatchAppendSMToList, + SigTableElmtStickyBuffer, }; use std::ffi::CStr; use std::os::raw::{c_int, c_void}; use std::ptr; use suricata_sys::sys::{ DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList, - SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister, SCSigTableAppLiteElmt, - SigMatchCtx, Signature, + SCDetectHelperBufferMpmRegister, SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister, + SCSigTableAppLiteElmt, SigMatchCtx, Signature, }; unsafe extern "C" fn rfb_name_get( @@ -184,12 +184,12 @@ pub unsafe extern "C" fn SCDetectRfbRegister() { setup: rfb_name_setup, }; let _g_rfb_name_kw_id = helper_keyword_register_sticky_buffer(&kw); - G_RFB_NAME_BUFFER_ID = DetectHelperBufferMpmRegister( + G_RFB_NAME_BUFFER_ID = SCDetectHelperBufferMpmRegister( b"rfb.name\0".as_ptr() as *const libc::c_char, b"rfb name\0".as_ptr() as *const libc::c_char, ALPROTO_RFB, STREAM_TOCLIENT, - rfb_name_get, + Some(rfb_name_get), ); let kw = SCSigTableAppLiteElmt { name: b"rfb.sectype\0".as_ptr() as *const libc::c_char, diff --git a/rust/src/sdp/detect.rs b/rust/src/sdp/detect.rs index a6103dd248..540ef623e0 100644 --- a/rust/src/sdp/detect.rs +++ b/rust/src/sdp/detect.rs @@ -19,8 +19,7 @@ use crate::core::{STREAM_TOCLIENT, STREAM_TOSERVER}; use crate::detect::{ - helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, - DetectSignatureSetAppProto, SigTableElmtStickyBuffer, + helper_keyword_register_sticky_buffer, DetectSignatureSetAppProto, SigTableElmtStickyBuffer, }; use crate::direction::Direction; use crate::sip::sip::{SIPTransaction, ALPROTO_SIP}; @@ -28,7 +27,7 @@ use std::os::raw::{c_int, c_void}; use std::ptr; use suricata_sys::sys::{ DetectEngineCtx, DetectEngineThreadCtx, SCDetectBufferSetActiveList, - SCDetectHelperMultiBufferMpmRegister, Signature, + SCDetectHelperBufferMpmRegister, SCDetectHelperMultiBufferMpmRegister, Signature, }; static mut G_SDP_ORIGIN_BUFFER_ID: c_int = 0; @@ -645,12 +644,12 @@ pub unsafe extern "C" fn SCDetectSdpRegister() { setup: sdp_session_name_setup, }; let _ = helper_keyword_register_sticky_buffer(&kw); - G_SDP_SESSION_NAME_BUFFER_ID = DetectHelperBufferMpmRegister( + G_SDP_SESSION_NAME_BUFFER_ID = SCDetectHelperBufferMpmRegister( b"sdp.session_name\0".as_ptr() as *const libc::c_char, b"sdp.session_name\0".as_ptr() as *const libc::c_char, ALPROTO_SIP, STREAM_TOSERVER | STREAM_TOCLIENT, - sdp_session_name_get, + Some(sdp_session_name_get), ); let kw = SigTableElmtStickyBuffer { name: String::from("sdp.session_info"), @@ -659,12 +658,12 @@ pub unsafe extern "C" fn SCDetectSdpRegister() { setup: sdp_session_info_setup, }; let _ = helper_keyword_register_sticky_buffer(&kw); - G_SDP_SESSION_INFO_BUFFER_ID = DetectHelperBufferMpmRegister( + G_SDP_SESSION_INFO_BUFFER_ID = SCDetectHelperBufferMpmRegister( b"sdp.session_info\0".as_ptr() as *const libc::c_char, b"sdp.session_info\0".as_ptr() as *const libc::c_char, ALPROTO_SIP, STREAM_TOSERVER | STREAM_TOCLIENT, - sdp_session_info_get, + Some(sdp_session_info_get), ); let kw = SigTableElmtStickyBuffer { name: String::from("sdp.origin"), @@ -673,12 +672,12 @@ pub unsafe extern "C" fn SCDetectSdpRegister() { setup: sdp_origin_setup, }; let _ = helper_keyword_register_sticky_buffer(&kw); - G_SDP_ORIGIN_BUFFER_ID = DetectHelperBufferMpmRegister( + G_SDP_ORIGIN_BUFFER_ID = SCDetectHelperBufferMpmRegister( b"sdp.origin\0".as_ptr() as *const libc::c_char, b"sdp.origin\0".as_ptr() as *const libc::c_char, ALPROTO_SIP, STREAM_TOSERVER | STREAM_TOCLIENT, - sdp_origin_get, + Some(sdp_origin_get), ); let kw = SigTableElmtStickyBuffer { name: String::from("sdp.uri"), @@ -687,12 +686,12 @@ pub unsafe extern "C" fn SCDetectSdpRegister() { setup: sdp_uri_setup, }; let _ = helper_keyword_register_sticky_buffer(&kw); - G_SDP_URI_BUFFER_ID = DetectHelperBufferMpmRegister( + G_SDP_URI_BUFFER_ID = SCDetectHelperBufferMpmRegister( b"sdp.uri\0".as_ptr() as *const libc::c_char, b"sdp.uri\0".as_ptr() as *const libc::c_char, ALPROTO_SIP, STREAM_TOSERVER | STREAM_TOCLIENT, - sdp_uri_get, + Some(sdp_uri_get), ); let kw = SigTableElmtStickyBuffer { name: String::from("sdp.email"), @@ -701,12 +700,12 @@ pub unsafe extern "C" fn SCDetectSdpRegister() { setup: sdp_email_setup, }; let _ = helper_keyword_register_sticky_buffer(&kw); - G_SDP_EMAIL_BUFFER_ID = DetectHelperBufferMpmRegister( + G_SDP_EMAIL_BUFFER_ID = SCDetectHelperBufferMpmRegister( b"sdp.email\0".as_ptr() as *const libc::c_char, b"sdp.email\0".as_ptr() as *const libc::c_char, ALPROTO_SIP, STREAM_TOSERVER | STREAM_TOCLIENT, - sdp_email_get, + Some(sdp_email_get), ); let kw = SigTableElmtStickyBuffer { name: String::from("sdp.phone_number"), @@ -715,12 +714,12 @@ pub unsafe extern "C" fn SCDetectSdpRegister() { setup: sdp_phone_number_setup, }; let _ = helper_keyword_register_sticky_buffer(&kw); - G_SDP_PHONE_NUMBER_BUFFER_ID = DetectHelperBufferMpmRegister( + G_SDP_PHONE_NUMBER_BUFFER_ID = SCDetectHelperBufferMpmRegister( b"sdp.phone_number\0".as_ptr() as *const libc::c_char, b"sdp.phone_number\0".as_ptr() as *const libc::c_char, ALPROTO_SIP, STREAM_TOSERVER | STREAM_TOCLIENT, - sdp_phone_number_get, + Some(sdp_phone_number_get), ); let kw = SigTableElmtStickyBuffer { name: String::from("sdp.connection_data"), @@ -729,12 +728,12 @@ pub unsafe extern "C" fn SCDetectSdpRegister() { setup: sdp_conn_data_setup, }; let _ = helper_keyword_register_sticky_buffer(&kw); - G_SDP_CONNECTION_DATA_BUFFER_ID = DetectHelperBufferMpmRegister( + G_SDP_CONNECTION_DATA_BUFFER_ID = SCDetectHelperBufferMpmRegister( b"sdp.connection_data\0".as_ptr() as *const libc::c_char, b"sdp.connection_data\0".as_ptr() as *const libc::c_char, ALPROTO_SIP, STREAM_TOSERVER | STREAM_TOCLIENT, - sdp_conn_data_get, + Some(sdp_conn_data_get), ); let kw = SigTableElmtStickyBuffer { name: String::from("sdp.bandwidth"), @@ -785,12 +784,12 @@ pub unsafe extern "C" fn SCDetectSdpRegister() { setup: sdp_timezone_setup, }; let _ = helper_keyword_register_sticky_buffer(&kw); - G_SDP_TIMEZONE_BUFFER_ID = DetectHelperBufferMpmRegister( + G_SDP_TIMEZONE_BUFFER_ID = SCDetectHelperBufferMpmRegister( b"sdp.timezone\0".as_ptr() as *const libc::c_char, b"sdp.timezone\0".as_ptr() as *const libc::c_char, ALPROTO_SIP, STREAM_TOSERVER | STREAM_TOCLIENT, - sdp_timezone_get, + Some(sdp_timezone_get), ); let kw = SigTableElmtStickyBuffer { name: String::from("sdp.encryption_key"), @@ -799,12 +798,12 @@ pub unsafe extern "C" fn SCDetectSdpRegister() { setup: sdp_encryption_key_setup, }; let _ = helper_keyword_register_sticky_buffer(&kw); - G_SDP_ENCRYPTION_KEY_BUFFER_ID = DetectHelperBufferMpmRegister( + G_SDP_ENCRYPTION_KEY_BUFFER_ID = SCDetectHelperBufferMpmRegister( b"sdp.encryption_key\0".as_ptr() as *const libc::c_char, b"sdp.encription_key\0".as_ptr() as *const libc::c_char, ALPROTO_SIP, STREAM_TOSERVER | STREAM_TOCLIENT, - sdp_encryption_key_get, + Some(sdp_encryption_key_get), ); let kw = SigTableElmtStickyBuffer { name: String::from("sdp.attribute"), diff --git a/rust/src/sip/detect.rs b/rust/src/sip/detect.rs index 173cf83c21..bf9edce541 100644 --- a/rust/src/sip/detect.rs +++ b/rust/src/sip/detect.rs @@ -19,8 +19,7 @@ use crate::core::{STREAM_TOCLIENT, STREAM_TOSERVER}; use crate::detect::{ - helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, - DetectSignatureSetAppProto, SigTableElmtStickyBuffer, + helper_keyword_register_sticky_buffer, DetectSignatureSetAppProto, SigTableElmtStickyBuffer, }; use crate::direction::Direction; use crate::sip::sip::{SIPTransaction, ALPROTO_SIP}; @@ -28,7 +27,7 @@ use std::os::raw::{c_int, c_void}; use std::ptr; use suricata_sys::sys::{ DetectEngineCtx, DetectEngineThreadCtx, SCDetectBufferSetActiveList, - SCDetectHelperMultiBufferMpmRegister, Signature, + SCDetectHelperBufferMpmRegister, SCDetectHelperMultiBufferMpmRegister, Signature, }; static mut G_SIP_PROTOCOL_BUFFER_ID: c_int = 0; @@ -426,12 +425,12 @@ pub unsafe extern "C" fn SCDetectSipRegister() { setup: sip_protocol_setup, }; let _g_sip_protocol_kw_id = helper_keyword_register_sticky_buffer(&kw); - G_SIP_PROTOCOL_BUFFER_ID = DetectHelperBufferMpmRegister( + G_SIP_PROTOCOL_BUFFER_ID = SCDetectHelperBufferMpmRegister( b"sip.protocol\0".as_ptr() as *const libc::c_char, b"sip.protocol\0".as_ptr() as *const libc::c_char, ALPROTO_SIP, STREAM_TOSERVER | STREAM_TOCLIENT, - sip_protocol_get, + Some(sip_protocol_get), ); let kw = SigTableElmtStickyBuffer { name: String::from("sip.stat_code"), @@ -440,12 +439,12 @@ pub unsafe extern "C" fn SCDetectSipRegister() { setup: sip_stat_code_setup, }; let _g_sip_stat_code_kw_id = helper_keyword_register_sticky_buffer(&kw); - G_SIP_STAT_CODE_BUFFER_ID = DetectHelperBufferMpmRegister( + G_SIP_STAT_CODE_BUFFER_ID = SCDetectHelperBufferMpmRegister( b"sip.stat_code\0".as_ptr() as *const libc::c_char, b"sip.stat_code\0".as_ptr() as *const libc::c_char, ALPROTO_SIP, STREAM_TOCLIENT, - sip_stat_code_get, + Some(sip_stat_code_get), ); let kw = SigTableElmtStickyBuffer { name: String::from("sip.stat_msg"), @@ -454,12 +453,12 @@ pub unsafe extern "C" fn SCDetectSipRegister() { setup: sip_stat_msg_setup, }; let _g_sip_stat_msg_kw_id = helper_keyword_register_sticky_buffer(&kw); - G_SIP_STAT_MSG_BUFFER_ID = DetectHelperBufferMpmRegister( + G_SIP_STAT_MSG_BUFFER_ID = SCDetectHelperBufferMpmRegister( b"sip.stat_msg\0".as_ptr() as *const libc::c_char, b"sip.stat_msg\0".as_ptr() as *const libc::c_char, ALPROTO_SIP, STREAM_TOCLIENT, - sip_stat_msg_get, + Some(sip_stat_msg_get), ); let kw = SigTableElmtStickyBuffer { name: String::from("sip.request_line"), @@ -468,12 +467,12 @@ pub unsafe extern "C" fn SCDetectSipRegister() { setup: sip_request_line_setup, }; let _g_sip_request_line_kw_id = helper_keyword_register_sticky_buffer(&kw); - G_SIP_REQUEST_LINE_BUFFER_ID = DetectHelperBufferMpmRegister( + G_SIP_REQUEST_LINE_BUFFER_ID = SCDetectHelperBufferMpmRegister( b"sip.request_line\0".as_ptr() as *const libc::c_char, b"sip.request_line\0".as_ptr() as *const libc::c_char, ALPROTO_SIP, STREAM_TOSERVER, - sip_request_line_get, + Some(sip_request_line_get), ); let kw = SigTableElmtStickyBuffer { name: String::from("sip.response_line"), @@ -482,12 +481,12 @@ pub unsafe extern "C" fn SCDetectSipRegister() { setup: sip_response_line_setup, }; let _g_sip_response_line_kw_id = helper_keyword_register_sticky_buffer(&kw); - G_SIP_RESPONSE_LINE_BUFFER_ID = DetectHelperBufferMpmRegister( + G_SIP_RESPONSE_LINE_BUFFER_ID = SCDetectHelperBufferMpmRegister( b"sip.response_line\0".as_ptr() as *const libc::c_char, b"sip.response_line\0".as_ptr() as *const libc::c_char, ALPROTO_SIP, STREAM_TOCLIENT, - sip_response_line_get, + Some(sip_response_line_get), ); let kw = SigTableElmtStickyBuffer { name: String::from("sip.from"), diff --git a/rust/src/snmp/detect.rs b/rust/src/snmp/detect.rs index 4e0a66da2e..c300213cbe 100644 --- a/rust/src/snmp/detect.rs +++ b/rust/src/snmp/detect.rs @@ -21,14 +21,14 @@ use super::snmp::{SNMPTransaction, ALPROTO_SNMP}; use crate::core::{STREAM_TOCLIENT, STREAM_TOSERVER}; use crate::detect::uint::{DetectUintData, SCDetectU32Free, SCDetectU32Match, SCDetectU32Parse}; use crate::detect::{ - helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, - DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer, + helper_keyword_register_sticky_buffer, DetectSignatureSetAppProto, SigMatchAppendSMToList, + SigTableElmtStickyBuffer, }; use std::os::raw::{c_int, c_void}; use suricata_sys::sys::{ DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList, - SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister, SCSigTableAppLiteElmt, - SigMatchCtx, Signature, + SCDetectHelperBufferMpmRegister, SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister, + SCSigTableAppLiteElmt, SigMatchCtx, Signature, }; static mut G_SNMP_VERSION_KW_ID: c_int = 0; @@ -196,12 +196,12 @@ pub(super) unsafe extern "C" fn detect_snmp_register() { setup: snmp_detect_usm_setup, }; let _g_snmp_usm_kw_id = helper_keyword_register_sticky_buffer(&kw); - G_SNMP_USM_BUFFER_ID = DetectHelperBufferMpmRegister( + G_SNMP_USM_BUFFER_ID = SCDetectHelperBufferMpmRegister( b"snmp.usm\0".as_ptr() as *const libc::c_char, b"SNMP USM\0".as_ptr() as *const libc::c_char, ALPROTO_SNMP, STREAM_TOSERVER | STREAM_TOCLIENT, - snmp_detect_usm_get_data, + Some(snmp_detect_usm_get_data), ); let kw = SigTableElmtStickyBuffer { @@ -211,11 +211,11 @@ pub(super) unsafe extern "C" fn detect_snmp_register() { setup: snmp_detect_community_setup, }; let _g_snmp_community_kw_id = helper_keyword_register_sticky_buffer(&kw); - G_SNMP_COMMUNITY_BUFFER_ID = DetectHelperBufferMpmRegister( + G_SNMP_COMMUNITY_BUFFER_ID = SCDetectHelperBufferMpmRegister( b"snmp.community\0".as_ptr() as *const libc::c_char, b"SNMP Community identifier\0".as_ptr() as *const libc::c_char, ALPROTO_SNMP, STREAM_TOSERVER | STREAM_TOCLIENT, - snmp_detect_community_get_data, + Some(snmp_detect_community_get_data), ); } diff --git a/rust/src/websocket/detect.rs b/rust/src/websocket/detect.rs index c2cd320ceb..5d6289f072 100644 --- a/rust/src/websocket/detect.rs +++ b/rust/src/websocket/detect.rs @@ -22,14 +22,14 @@ use crate::detect::uint::{ SCDetectU32Match, SCDetectU32Parse, SCDetectU8Free, SCDetectU8Match, }; use crate::detect::{ - helper_keyword_register_sticky_buffer, DetectHelperBufferMpmRegister, - DetectSignatureSetAppProto, SigMatchAppendSMToList, SigTableElmtStickyBuffer, + helper_keyword_register_sticky_buffer, DetectSignatureSetAppProto, SigMatchAppendSMToList, + SigTableElmtStickyBuffer, }; use crate::websocket::parser::WebSocketOpcode; use suricata_sys::sys::{ DetectEngineCtx, DetectEngineThreadCtx, Flow, SCDetectBufferSetActiveList, - SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister, SCSigTableAppLiteElmt, - SigMatchCtx, Signature, + SCDetectHelperBufferMpmRegister, SCDetectHelperBufferRegister, SCDetectHelperKeywordRegister, + SCSigTableAppLiteElmt, SigMatchCtx, Signature, }; use nom7::branch::alt; @@ -320,11 +320,11 @@ pub unsafe extern "C" fn SCDetectWebsocketRegister() { setup: websocket_detect_payload_setup, }; let _g_ws_payload_kw_id = helper_keyword_register_sticky_buffer(&kw); - G_WEBSOCKET_PAYLOAD_BUFFER_ID = DetectHelperBufferMpmRegister( + G_WEBSOCKET_PAYLOAD_BUFFER_ID = SCDetectHelperBufferMpmRegister( b"websocket.payload\0".as_ptr() as *const libc::c_char, b"WebSocket payload\0".as_ptr() as *const libc::c_char, ALPROTO_WEBSOCKET, STREAM_TOSERVER | STREAM_TOCLIENT, - websocket_detect_payload_get_data, + Some(websocket_detect_payload_get_data), ); } diff --git a/rust/sys/src/sys.rs b/rust/sys/src/sys.rs index b4b30d3c0d..027fef4e7c 100644 --- a/rust/sys/src/sys.rs +++ b/rust/sys/src/sys.rs @@ -257,6 +257,14 @@ pub type InspectionMultiBufferGetDataPtr = ::std::option::Option< buf_len: *mut u32, ) -> bool, >; +pub type InspectionSingleBufferGetDataPtr = ::std::option::Option< + unsafe extern "C" fn( + txv: *const ::std::os::raw::c_void, + flow_flags: u8, + buf: *mut *const u8, + buf_len: *mut u32, + ) -> bool, +>; #[doc = " App-layer light version of SigTableElmt"] #[repr(C)] #[derive(Debug, Copy, Clone)] @@ -350,6 +358,12 @@ extern "C" { name: *const ::std::os::raw::c_char, alproto: AppProto, direction: u8, ) -> ::std::os::raw::c_int; } +extern "C" { + pub fn SCDetectHelperBufferMpmRegister( + name: *const ::std::os::raw::c_char, desc: *const ::std::os::raw::c_char, + alproto: AppProto, direction: u8, GetData: InspectionSingleBufferGetDataPtr, + ) -> ::std::os::raw::c_int; +} extern "C" { pub fn SCDetectHelperMultiBufferMpmRegister( name: *const ::std::os::raw::c_char, desc: *const ::std::os::raw::c_char, diff --git a/src/detect-email.c b/src/detect-email.c index cee39793da..7a16bb3006 100644 --- a/src/detect-email.c +++ b/src/detect-email.c @@ -235,7 +235,7 @@ void DetectEmailRegister(void) kw.Setup = DetectMimeEmailFromSetup; kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; SCDetectHelperKeywordRegister(&kw); - g_mime_email_from_buffer_id = DetectHelperBufferMpmRegister( + g_mime_email_from_buffer_id = SCDetectHelperBufferMpmRegister( "email.from", "MIME EMAIL FROM", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailFromData); kw.name = "email.subject"; @@ -244,7 +244,7 @@ void DetectEmailRegister(void) kw.Setup = DetectMimeEmailSubjectSetup; kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; SCDetectHelperKeywordRegister(&kw); - g_mime_email_subject_buffer_id = DetectHelperBufferMpmRegister("email.subject", + g_mime_email_subject_buffer_id = SCDetectHelperBufferMpmRegister("email.subject", "MIME EMAIL SUBJECT", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailSubjectData); kw.name = "email.to"; @@ -253,7 +253,7 @@ void DetectEmailRegister(void) kw.Setup = DetectMimeEmailToSetup; kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; SCDetectHelperKeywordRegister(&kw); - g_mime_email_to_buffer_id = DetectHelperBufferMpmRegister( + g_mime_email_to_buffer_id = SCDetectHelperBufferMpmRegister( "email.to", "MIME EMAIL TO", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailToData); kw.name = "email.cc"; @@ -262,7 +262,7 @@ void DetectEmailRegister(void) kw.Setup = DetectMimeEmailCcSetup; kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; SCDetectHelperKeywordRegister(&kw); - g_mime_email_cc_buffer_id = DetectHelperBufferMpmRegister( + g_mime_email_cc_buffer_id = SCDetectHelperBufferMpmRegister( "email.cc", "MIME EMAIL CC", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailCcData); kw.name = "email.date"; @@ -271,7 +271,7 @@ void DetectEmailRegister(void) kw.Setup = DetectMimeEmailDateSetup; kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; SCDetectHelperKeywordRegister(&kw); - g_mime_email_date_buffer_id = DetectHelperBufferMpmRegister( + g_mime_email_date_buffer_id = SCDetectHelperBufferMpmRegister( "email.date", "MIME EMAIL DATE", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailDateData); kw.name = "email.message_id"; @@ -280,7 +280,7 @@ void DetectEmailRegister(void) kw.Setup = DetectMimeEmailMessageIdSetup; kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; SCDetectHelperKeywordRegister(&kw); - g_mime_email_message_id_buffer_id = DetectHelperBufferMpmRegister("email.message_id", + g_mime_email_message_id_buffer_id = SCDetectHelperBufferMpmRegister("email.message_id", "MIME EMAIL Message-Id", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailMessageIdData); kw.name = "email.x_mailer"; @@ -289,7 +289,7 @@ void DetectEmailRegister(void) kw.Setup = DetectMimeEmailXMailerSetup; kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; SCDetectHelperKeywordRegister(&kw); - g_mime_email_x_mailer_buffer_id = DetectHelperBufferMpmRegister("email.x_mailer", + g_mime_email_x_mailer_buffer_id = SCDetectHelperBufferMpmRegister("email.x_mailer", "MIME EMAIL X-Mailer", ALPROTO_SMTP, STREAM_TOSERVER, GetMimeEmailXMailerData); kw.name = "email.url"; diff --git a/src/detect-engine-helper.c b/src/detect-engine-helper.c index 6a74ab7aed..025aeba04f 100644 --- a/src/detect-engine-helper.c +++ b/src/detect-engine-helper.c @@ -44,7 +44,7 @@ int SCDetectHelperBufferRegister(const char *name, AppProto alproto, uint8_t dir return DetectBufferTypeRegister(name); } -int DetectHelperBufferMpmRegister(const char *name, const char *desc, AppProto alproto, +int SCDetectHelperBufferMpmRegister(const char *name, const char *desc, AppProto alproto, uint8_t direction, InspectionSingleBufferGetDataPtr GetData) { if (direction & STREAM_TOSERVER) { diff --git a/src/detect-engine-helper.h b/src/detect-engine-helper.h index ece83be3b5..30abe6e22c 100644 --- a/src/detect-engine-helper.h +++ b/src/detect-engine-helper.h @@ -82,7 +82,7 @@ int SCDetectHelperKeywordRegister(const SCSigTableAppLiteElmt *kw); void SCDetectHelperKeywordAliasRegister(int kwid, const char *alias); int SCDetectHelperBufferRegister(const char *name, AppProto alproto, uint8_t direction); -int DetectHelperBufferMpmRegister(const char *name, const char *desc, AppProto alproto, +int SCDetectHelperBufferMpmRegister(const char *name, const char *desc, AppProto alproto, uint8_t direction, InspectionSingleBufferGetDataPtr GetData); int SCDetectHelperMultiBufferMpmRegister(const char *name, const char *desc, AppProto alproto, uint8_t direction, InspectionMultiBufferGetDataPtr GetData); diff --git a/src/detect-ftp-command-data.c b/src/detect-ftp-command-data.c index 63b0fd21d7..0c67900c00 100644 --- a/src/detect-ftp-command-data.c +++ b/src/detect-ftp-command-data.c @@ -96,7 +96,7 @@ void DetectFtpCommandDataRegister(void) sigmatch_table[DETECT_FTP_COMMAND_DATA].Setup = DetectFtpCommandDataSetup; sigmatch_table[DETECT_FTP_COMMAND_DATA].flags |= SIGMATCH_NOOPT; - DetectHelperBufferMpmRegister( + SCDetectHelperBufferMpmRegister( BUFFER_NAME, BUFFER_DESC, ALPROTO_FTP, STREAM_TOSERVER, DetectFTPCommandDataGetData); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-ftp-command.c b/src/detect-ftp-command.c index 80940ae0d8..43b7f036af 100644 --- a/src/detect-ftp-command.c +++ b/src/detect-ftp-command.c @@ -83,7 +83,7 @@ void DetectFtpCommandRegister(void) sigmatch_table[DETECT_FTP_COMMAND].Setup = DetectFtpCommandSetup; sigmatch_table[DETECT_FTP_COMMAND].flags |= SIGMATCH_NOOPT; - g_ftp_cmd_buffer_id = DetectHelperBufferMpmRegister( + g_ftp_cmd_buffer_id = SCDetectHelperBufferMpmRegister( BUFFER_NAME, BUFFER_DESC, ALPROTO_FTP, STREAM_TOSERVER, DetectFTPCommandGetData); SCLogDebug("registering " BUFFER_NAME " rule option"); diff --git a/src/detect-smtp.c b/src/detect-smtp.c index 890d616236..c3ba5e68f9 100644 --- a/src/detect-smtp.c +++ b/src/detect-smtp.c @@ -147,7 +147,7 @@ void SCDetectSMTPRegister(void) kw.Setup = DetectSmtpMailFromSetup; kw.flags = SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; SCDetectHelperKeywordRegister(&kw); - g_smtp_mail_from_buffer_id = DetectHelperBufferMpmRegister( + g_smtp_mail_from_buffer_id = SCDetectHelperBufferMpmRegister( "smtp.mail_from", "SMTP MAIL FROM", ALPROTO_SMTP, STREAM_TOSERVER, GetSmtpMailFromData); kw.name = "smtp.rcpt_to"; -- 2.47.2